Penetration Testing Bookmarks Collection

Now if another day new entry, in the blog this time with a collection of Pentesting Bookmarks that I found in code.google which has been running since 2011 the last update that is version 1.5 as you see it has a moderate amount of resources to the which we can access and be able to know, most of the blogs presented by simple access that I did not know them or by joke: (you can tell that I do not know anything about the network, obviously you have more than one that maybe is broken of the links but if we go to what is the idea of ​​sharing knowledge because we do not put to work and put together new bookmarks referring to this world that strikes us all, we do not know who is involved in this process to be able to work and be able to gather, among all those who are encouraged to notice in this post to do so and coordinate Here  you have access to the Google Code project and can download the bookmarks the list of them we have here: Blogs worth it Carnal0wnage McGrew Security Blog | GNUCITIZEN Darknet spylogic.net TaoSecurity Room362.com SIPVicious PortSwigger.net Blog - pentestmonkey.net Jeremiah Grossman omg.wtf.bbq. CÐ ° Ñ,Ñ ?? н²² (in) sÐμÑ ?? uÑ ?? itу SkullSecurity Metasploit Security and Networking Skeptikal.org Digital Soapbox tssci security Blog - Gotham Digital Science Reinersâ € ™ Weblog Bernardo Damele AG Laramies Corner Attack and Defense Labs Billy (BK) Rios Common Exploits extern blog SensePost; Weapons of Mass Analysis Exploit KB Security Reliks MadIrish.net sirdarckcat Reusable Security Myne-us www.notsosecure.com SpiderLabs Previous Corelan Team | Peter Van Eeckhoutte (corelanc0d3r) DigiNinja Home Of PaulDotCom Security Podcast Attack Vector deviating.net Alpha One Labs SmashingPasswords.com wirewatcher gynvael.coldwind // vx.log Nullthreat Security Archangel Amael's BT Tutorials memset's blog ihasomgsecurityskills punter-infosec Security Ninja Security and risk GRM n00bs Kioptrix :: eSploit :: PenTestIT - Your source for Information Security Related information! Forums BackTrack Forums EliteHackers.info InterN0T forum Government Security Hack This Site Forum iExploit Hacking Forum Security Override bright-shadows.net ethicalhacker.net sla.ckers.org Magazines (IN)SECURE Magazine http://hakin9.org/ Video The Hacker News Network Security Tube Irongeek -Hacking Illustrated SecCon Archive 27c3-stream/releases/mkv YouTube - ChRiStIaAn008's Channel YouTube - HackingCons's Channel  Methodologies Penetration Testing Framework The Penetration Testing Execution Standard Web Application Security Consortium (WASC) OWASP top 10 social-engineer.org OSINT Presentations Enterprise Open Source Intelligence Gathering – Part 1 Social Networks — spylogic.net Enterprise Open Source Intelligence Gathering – Part 2 Blogs, Message Boards and Metadata — spylogic.net Enterprise Open Source Intelligence Gathering – Part 3 Monitoring and Social Media Policies — spylogic.net Tactical Information Gathering document_metadata_the_silent_killer__32974 (application/pdf Object) footprinting - passive information gathering before a pentest People and Orginizational spokeo.com - People Search 123people.com Spoke.com - Business Directory Business Network - Social Network for Business Professionals ZoomInfo Pipl - People Search Free People Search by ZabaSearch! Free People Finder and Company Search | SearchBug Free People Search Addictomatic: Inhale the Web Real Time Search - Social Mention EntityCube yasni.com | No. 1 free people search - Find anyone on the web Tweepz.com - search, find and discover interesting people on twitter TweepSearch :: Twitter Profile and Bio Search Glassdoor.com - Company Salaries and Reviews Jigsaw Business Contact Directory Full Text Search TinEye Reverse Image Search PeekYou PicFog - Quick Image Search Twapper Keeper - "We save tweets" - Archive Tweets White Pages | Email Lookup | People Find Tools at The Ultimates Infastructure Netcraft Uptime Survey SHODAN - Computer Search Engine Domain Tools: Whois Lookup and Domain Suggestions Free online network utilities - traceroute, nslookup, automatic whois lookup, ping, finger http://hackerfantastic.com/ WHOIS and Reverse IP Service MSN IP Search SSL Labs - Projects / Public SSL Server Database - SSL Server Test MyIPNeighbors Reverse IP Lookup Google Hacking Database, GHDB, Google Dorks Domain - reports and all about ips, networks and dns net toolkit::index IHS |  GHDB Exploits and Advisories The Exploit Database .:[ packet storm ]:. SecurityFocus SecurityForest NIST OSVDB: The Open Source Vulnerability Database SecDocs IT Security and Hacking knowledge base Nullbyte.Org.IL CVE security vulnerability database Secunia.com CVE - Common Vulnerabilities and Exposures (CVE) Cheat Sheets and Syntax Big Port DB | Cirt Cheat Sheet : All Cheat Sheets in one page Security Advancements at the Monastery » Blog Archive » What’s in Your Folder: Security Cheat Sheets Information about developments at the Monastery Agile Hacking Agile Hacking: A Homegrown Telnet-based Portscanner | GNUCITIZEN Command Line Kung Fu Simple yet effective: Directory Bruteforcing The Grammar of WMIC Windows Command-Line Kung Fu with WMIC Windows CMD Commands running a command on every mac Syn: Command-Line Ninjitsu WMIC, the other OTHER white meat. Hacking Without Tools: Windows - RST Pentesting Ninjitsu 1 Pentesting Ninjitsu 2 Infrastructure and Netcat without Netcat [PenTester Scripting] windows-scripting-COM-tricks Advanced-Command-Exploitation OS & Scripts IPv4 subnetting reference - Wikipedia, the free encyclopedia All the Best Linux Cheat Sheets SHELLdorado - Shell Tips & Tricks (Beginner) Linux Survival :: Where learning Linux is easy BashPitfalls - Greg's Wiki Rubular: a Ruby regular expression editor and tester http://www.iana.org/assignments/port-numbers Useful commands for Windows administrators All the Best Linux Cheat Sheets Rubular: a Ruby regular expression editor Tools netcat cheat sheet (ed skoudis) nessus/nmap (older) hping3 cheatsheet Nmap 5 (new) MSF, Fgdump, Hping Metasploit meterpreter cheat sheet reference Netcat cheat sheet Distros BackTrack Linux Matriux nUbuntu Samurai Web Testing Framework OWASP Live CD Project Pentoo Katana KON-BOOT Welcome to Linux From Scratch! SUMO Linux pentesting packages for ubuntu BackBox Linux | Flexible Penetration Testing Distribution Labs ISO's / VMs Web Security Dojo OWASP Broken Web applications Project Pentest Live CDs NETinVM :: moth - Bonsai Information Security :: Metasploit: Introducing Metasploitable Holynix pen-test distribution WackoPico LAMPSecurity Hacking-Lab.com LiveCD Virtual Hacking Lab Badstore.net Mutillidae: A Deliberately Vulnerable Set Of PHP Scripts Damn Vulnerable Web App - DVWA pWnOS The ButterFly - Security Project Vulnerable Software Old Version Downloads - OldApps.com OldVersion.com Web Application exploits, php exploits, asp exploits wavsep - Web Application Vulnerability Scanner Evaluation Project OWASP SiteGenerator - OWASP Hacme Books | McAfee Free Tools Hacme Casino v1.0 | McAfee Free Tools Hacme Shipping | McAfee Free Tools Hacme Travel | McAfee Free Tools Test Sites Test Site CrackMeBank Investments http://zero.webappsecurity.com acublog news acuforum forums Home of Acunetix Art Altoro Mutual NT OBJECTives Exploitation Intro Exploitation - it-sec-catalog - References to vulnerability exploitation stuff. - Project Hosting on Google Code Myne-us: From 0x90 to 0x4c454554, a journey into exploitation. Past, Present, Future of Windows Exploitation | Abysssec Security Research Smash the Stack 2010 The Ethical Hacker Network - Smashing The Modern Stack For Fun And Profit x9090's Blog: [TUTORIAL] Exploit Writting Tutorial From Basic To Intermediate X86 Opcode and Instruction Reference This reference is intended to be precise opcode and instruction set reference (including x86-64). Its principal aim is exact definition of instruction parameters and attributes. Reverse Engineering & Malware TiGa's IDA Video Tutorial Site Binary Auditing http://visi.kenshoto.com/ radare Offensive Computing | Community Malicious code research and analysis Passwords and Hashes Password Exploitation Class Default Passwords Database Sinbad Security Blog: MS SQL Server Password Recovery Foofus Networking Services - Medusa::SMBNT LM/NTLM Challenge / Response Authentication - Foofus.Net Security Stuff MD5 Crackers | Password Recovery | Wordlist Downloads Password Storage Locations For Popular Windows Applications Online Hash Crack MD5 / LM / NTLM / SHA1 / MySQL - Passwords recovery - Reverse hash lookup Online - Hash Calculator Requested MD5 Hash queue Virus.Org Default Password List Electric Alchemy: Cracking Passwords in the Cloud: Breaking PGP on EC2 with EDPR Wordlists "Crack Me If You Can" - DEFCON 2011 Packet Storm Word Lists Passwords - SkullSecurity Index of /passwd/passwords Pass the Hash pass-the-hash-attacks-tools-mitigation_33283 (application/pdf Object) crack-pass-hash_33219 (application/pdf Object) MitM Introduction to dsniff - GIAC Certified Student Practical dsniff-n-mirror.pdf (application/pdf Object) dsniff.pdf (application/pdf Object) A Hacker's Story: Let me tell you just how easily I can steal your personal data - Techvibes.com ECCE101.pdf (application/pdf Object) 3.pdf (application/pdf Object) Seven_Deadliest_UC_Attacks_Ch3.pdf (application/pdf Object) cracking-air.pdf (application/pdf Object) bh-europe-03-valleri.pdf (application/pdf Object) Costa.pdf (application/pdf Object) defcon-17-sam_bowne-hijacking_web_2.0.pdf (application/pdf Object) Live_Hacking.pdf (application/pdf Object) PasstheParcel-MITMGuide.pdf (application/pdf Object) 2010JohnStrandKeynote.pdf (application/pdf Object) 18.Ettercap_Spoof.pdf (application/pdf Object) EtterCap ARP Spoofing & Beyond.pdf (application/pdf Object) Fun With EtterCap Filters.pdf (application/pdf Object) The_Magic_of_Ettercap.pdf (application/pdf Object) arp_spoofing.pdf (application/pdf Object) Ettercap(ManInTheMiddleAttack-tool).pdf (application/pdf Object) ICTSecurity-2004-26.pdf (application/pdf Object) ettercap_Nov_6_2005-1.pdf (application/pdf Object) MadIrish.net Mallory is More than a Proxy Thicknet: It does more than Oracle, Steve Ocepek securityjustice on USTREAM. Computers Tools OSINT Edge-Security - theHarvester- Information Gathering DNSTRACER man-page Maltego 3 Metadata document-metadata-silent-killer_32974 (application/pdf Object) [strike out] ExifTool by Phil Harvey Edge-Security - Metagoofil - Metadata analyzer - Information Gathering Security and Networking - Blog - Metadata Enumeration with FOCA Google Hacking Midnight Research Labs - SEAT Google Hacking Diggity Project « Stach & Liu dorkScan.py Web BeEF BlindElephant Web Application Fingerprinter XSSer: automatic tool for pentesting XSS attacks against different applications RIPS | Download RIPS software for free at SourceForge.net http://www.divineinvasion.net/authforce/ Attack and Defense Labs - Tools Browser_Exploitation_for_Fun&Profit Using sqid (SQL Injection Digger) to look for SQL Injection pinata-CSRF-tool XSSer: automatic tool for pentesting XSS attacks against different applications Clickjacker unicode-fun.txt ≈ Packet Storm WebService-Attacker Attack Strings fuzzdb - Project Hosting on Google Code OWASP Fuzzing Code Database - OWASP Shells SourceForge.net: Yokoso! AJAX/PHP Command Shell Scanners w3af - Web Application Attack and Audit Framework skipfish - Project Hosting on Google Code sqlmap: automatic SQL injection tool SQID - SQL Injection digger http://www.packetstormsecurity.org/UNIX/scanners/XSSscan.py.txt WindowsAttack - fimap - Windows Attacking Example - Project Hosting on Google Code fm-fsf - Project Hosting on Google Code Websecurify News :: Arachni - Web Application Security Scanner Framework rfiscan ≈ Packet Storm lfi-rfi2 scanner ≈ Packet Storm inspathx – Tool For Finding Path Disclosure Vulnerabilities DotDotPwn - The Directory Traversal Fuzzer 2.1 ≈ Packet Storm Proxies Burp fuzzing-approach-credentials-discovery-burp-intruder_33214 (application/pdf Object) Constricting the Web: The GDS Burp API - Gotham Digital Science Browse Belch - Burp External Channel v1.0 Files on SourceForge.net Burp Suite Tutorial – Repeater and Comparer Tools « Security Ninja w3af in burp Attack and Defense Labs - Tools burp suite tutorial - English SensePost - reDuh - HTTP Tunneling Proxy OWASP WebScarab NG Project - OWASP Mallory: Transparent TCP and UDP Proxy – Intrepidus Group - Insight Fiddler Web Debugger - A free web debugging tool Watcher: Web security testing tool and passive vulnerability scanner X5S koto/squid-imposter - GitHub squid-imposter - Phishing attack w/HTML5 offline cache framework based on Squid proxy Social Engineering Social Engineering Toolkit Password Ncrack Medusa JTR Ophcrack keimpx in action | 0x3f keimpx - Project Hosting on Google Code hashkill Metasploit markremark: Reverse Pivots with Metasploit - How NOT to make the lightbulb WmapNikto - msf-hack - One-sentence summary of this page. - Project Hosting on Google Code markremark: Metasploit Visual Basic Payloads in action Metasploit Mailing List PaulDotCom: Archives OpenSSH-Script for meterpreter available ! Metasploit: Automating the Metasploit Console 561 Deploying Metasploit as a Payload on a Rooted Box Tutorial Metasploit/MeterpreterClient - Wikibooks, collection of open-content textbooks SecTor 2010 - HD Moore - Beyond Exploits on Vimeo XLSinjector « Milo2012's Security Blog Armitage - Cyber Attack Management for Metasploit Nsploit neurosurgery-with-meterpreter (automating msf) UAV-slides.pdf MSF Exploits or Easy Tenable Network Security Tenable Network Security Tenable Network Security Tenable Network Security Tenable Network Security Tenable Network Security Tenable Network Security Tenable Network Security Tenable Network Security Tenable Network Security Tenable Network Security Tenable Network Security Tenable Network Security Tenable Network Security Tenable Network Security Tenable Network Security Tenable Network Security Tenable Network Security Tenable Network Security Tenable Network Security Tenable Network Security Tenable Network Security Tenable Network Security Tenable Network Security Tenable Network Security Tenable Network Security Tenable Network Security Tenable Network Security Tenable Network Security Tenable Network Security Tenable Network Security Tenable Network Security NSE Nmap Scripting Engine Primer Tutorial NSEDoc Reference Portal Net Scanners & Scripts Nmap sambascan2 - SMB scanner SoftPerfect Network Scanner OpenVAS Nessus Community | Tenable Network Security Nexpose Community | Rapid7 Retina Community Post Exploitation http://www.awarenetwork.org/home/rattle/source/python/exe2bat.py Metacab | PHX2600 Netcat Re: Your favorite Ncat/nc/Netcat trick? - ReadList.com ads.pdf (application/pdf Object) Netcat_for_the_Masses_DDebeer.pdf (application/pdf Object) netcat_cheat_sheet_v1.pdf (application/pdf Object) socat NetCat tutorial: Day1 [Archive] - Antionline Forums - Maximum Security for a Connected World Netcat tricks « Jonathan’s Techno-tales Nmap Development: Re: Your favorite Ncat/nc/Netcat trick? Few Useful Netcat Tricks « Terminally Incoherent Skoudis_pentestsecrets.pdf (application/pdf Object) Cracked, inSecure and Generally Broken: Netcat Ncat for Netcat Users Source Inspection Graudit - Just Another Hacker javasnoop - Project Hosting on Google Code Firefox Addons David's Pen Testing (Security) Collection :: Collections :: Pengaya untuk Firefox OSVDB :: Add-ons for Firefox Packet Storm search plugin. :: Add-ons for Firefox Default Passwords - CIRT.net :: Add-ons for Firefox Offsec Exploit-db Search :: Add-ons for Firefox OVAL repository search plugin :: Add-ons for Firefox CVE ® dictionary search plugin :: Add-ons for Firefox HackBar :: Add-ons for Firefox Tool Listings .:[ packet storm ]:. - tools Security and Hacking Tools Training/Classes Sec / Hacking Penetration Testing and Vulnerability Analysis - Home Network Sniffers Class for the Kentuckiana ISSA 2011 (Hacking Illustrated Series InfoSec Tutorial Videos) CNIT 124: Advanced Ethical Hacking -- Sam Bowne CS 279 - Advanced Topics in Security CS142 Web Programming and Security - Stanford CS155 Computer and Network Security - Stanford CSE 227: Computer Security - UCSD CS 161: Computer Security - UC Berkley Security Talks - UCLA CSCI 4971 Secure Software Principles - RPI MCS 494 UNIX Security Holes Software Security - CMU T-110.6220 Special Topics in Ifocsec -TKK Sec and Infosec Related - MIT Metasploit Metasploit Unleashed Metasploit Class Videos  (Hacking Illustrated Series InfoSec Tutorial Videos) Metasploit Megaprimer 300+ mins of video Metasploit Tips and Tricks - Ryan Linn OffSecOhioChapter, Metasploit Class2 - Part1 OffSecOhioChapter, Metasploit Class2 - Part2 OffSecOhioChapter, Metasploit Class2 - Part3 Programming Python Google's Python Class - Google's Python Class - Google Code Python en:Table of Contents - Notes TheNewBoston – Free Educational Video Tutorials on Computer Programming and More! » Python Python Videos, Tutorials and Screencasts Learning Python Programming Language Through Video Lectures - good coders code, great reuse Ruby Video Tutorials - Technology Demonstrations - tekniqal.com Other/Misc CS490 Windows Internals T-110.6220 Lectures - Noppa - TKK Index of /edu/training/ss/lecture/new-documents/Lectures  InfoSec Resources Robert Hansen on Vimeo Web Vectors SQLi MSSQL Injection Cheat Sheet - pentestmonkey.net SQL Injection Cheat Sheet EvilSQL Cheatsheet RSnake SQL Injection Cheatsheet Mediaservice.net SQLi Cheatsheet MySQL Injection Cheat Sheet Full MSSQL Injection PWNage MS Access SQL Injection Cheat Sheet » krazl - â„¢ ķЯαž£ â„¢ - bloggerholic MS Access SQL Injection Cheat Sheet Penetration Testing: Access SQL Injection Testing for MS Access - OWASP Security Override - Articles: The Complete Guide to SQL Injections Obfuscated SQL Injection attacks Exploiting hard filtered SQL Injections « Reiners’ Weblog SQL Injection Attack YouTube - Joe McCray - Advanced SQL Injection - LayerOne 2009 Joe McCray - Advanced SQL Injection - L1 2009.pdf (application/pdf Object) Joseph McCray SQL Injection sla.ckers.org web application security forum :: Obfuscation :: SQL filter evasion sqli2.pdf (application/pdf Object) SQL Server Version - SQLTeam.com Overlooked SQL Injection 20071021.pdf (application/pdf Object) SQLInjectionCommentary20071021.pdf (application/pdf Object) uploadtricks bypassing upload file type - Google Search Skeptikal.org: Adobe Responds... Sort Of Secure File Upload in PHP Web Applications | INSIC DESIGNS Stupid htaccess Tricks • Perishable Press Tricks and Tips: Bypassing Image Uploaders. - By: t3hmadhatt3r Security FCKeditor ADS File Upload Vulnerability - Windows Only Cross Site Scripting scanner – Free XSS Security Scanner VUPEN - Microsoft IIS File Extension Processing Security Bypass Vulnerability / Exploit (Security Advisories - VUPEN/ADV-2009-3634) Uploading Files Using the File Field Control TangoCMS - Security #237: File Upload Filter Bypass in TangoCMS <=2.5.0 - TangoCMS Project Full Disclosure: Zeroboard File Upload & extension bypass Vulnerability Cross-site File Upload Attacks | GNUCITIZEN TikiWiki jhot.php Script File Upload Security Bypass Vulnerability FileUploadSecurity - SH/SC Wiki LFI/RFI http://pastie.org/840199 Exploiting PHP File Inclusion – Overview « Reiners’ Weblog LFI..Code Exec..Remote Root! Local File Inclusion – Tricks of the Trade « Neohapsis Labs Blog, When All You Can Do Is Read - DigiNinja XSS The Anatomy of Cross Site Scripting Whitepapers - www.technicalinfo.net Cross-Site Scripting (XSS) – no script required - Tales from the Crypto Guide Cross Site Scripting - Attack and Defense guide - InterN0T - Underground Security Training BlackHat-EU-2010-Lindsay-Nava-IE8-XSS-Filters-slides.pdf (application/pdf Object) sirdarckcat: Our Favorite XSS Filters and how to Attack them Filter Evasion – Houdini on the Wire « Security Aegis HTML5 Security Cheatsheet XSS - Cross Site Scripting sla.ckers.org web application security forum :: XSS Info [DOM Based Cross Site Scripting or XSS of the Third Kind] Web Security Articles - Web Application Security Consortium What's Possible with XSS? Coldfusion ColdFusion directory traversal FAQ (CVE-2010-2861) | GNUCITIZEN Attacking ColdFusion. | Sigurnost i zastita informacija Attacking ColdFusion HP Blogs - Adobe ColdFusion's Directory Traversal Disaster - The HP Blog Hub 254_ShlomyGantz_August2009_HackProofingColdFusion.pdf (application/pdf Object) Adobe XML Injection Metasploit Module | carnal0wnage.attackresearch.com Computer Security Blog: PR10-08 Various XSS and information disclosure flaws within Adobe ColdFusion administration console SharePoint The Ethical Hacker Network - Pen Testing Sharepoint Lotus Lotus Notes/Domino Security - David Robert's -castlebbs- Blog Penetration Testing: Re: Lotus Notes Hacking Lotus Domino | SecTechno jboss Whitepaper-Hacking-jBoss-using-a-Browser.pdf (application/pdf Object) Minded Security Blog: Good Bye Critical Jboss 0day vmware web Metasploit Penetration Testing Framework - Module Browser Oracle appserver hideaway [dot] net: Hacking Oracle Application Servers Testing for Oracle - OWASP OraScan NGSSQuirreL for Oracle hpoas.pdf (application/pdf Object) SAP Onapsis | Research Labs '[john-users] patch for SAP-passwords (BCODE & PASSCODE)' - MARC Phenoelit SAP exploits Wireless pyrit - WPA/WPA2-PSK and a world of affordable many-core platforms - Google Project Hosting Capture the Flag/Wargames http://intruded.net/ SmashTheStack Wargaming Network flack & hkpco.kr HC's Capture the Flag site The UCSB iCTF CTF Calendar Conferences Information Security Conferences Calendar