Penetration Testing

These resources are useful for Pentest/Red Team related certification preparation [collection from 2016]

OSCP preparation Writeup https://www.jimwilbur.com/oscp-links/

https://www.willchatham.com/general/oscp-and-pwk-tips-resources-tools/

https://gist.github.com/unfo/5ddc85671dcf39f877aaf5dce105fac3

https://hausec.com/pentesting-cheatsheet/

https://www.fabbricabinaria.it/home/blog/11-news/64-offensive-security-oscp-certification

https://www.securitysift.com/offsec-pwb-oscp/

https://github.com/frizb/OSCP-Survival-Guide/blob/master/OSCP_Helpful_Links.md

https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/

https://netsec.ws/?p=337

https://www.rcesecurity.com/2014/07/slae-shell-reverse-tcp-shellcode-linux-x86/

http://www.fuzzysecurity.com/tutorials.html

https://www.corelan.be/index.php/articles/

http://www.securitytube.net/

http://www.offensive-security.com/blog/

http://blog.g0tmi1k.com/

http://captf.com/practice-chttps://www.jimwilbur.com/2017/07/oscp-review/tf/

http://resources.infosecinstitute.com/tools-of-trade-and-resources-to-prepare-in-a-hacker-ctf-competition-or-challenge/#gref

http://kooksec.blogspot.com/

http://chandel1.rssing.com/chan-10364660/all_p30.html

Linux privilege escalation:

https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/

Windows privilege escalation:

http://www.fuzzysecurity.com/tutorials/16.html

Meterpreter payloads:

http://netsec.ws/?p=331

Reverse shells:

http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet

http://www.thewindowsclub.com/smb-port-what-is-port-445-port-139-used-for

Web Security Resources:

https://www.pentesterlab.com/exercises/web_for_pentester

https://www.pentesterlab.com/exercises/linux_host_review

https://forum.bugcrowd.com/t/researcher-resources-getting-started/115

https://blog.bugcrowd.com/getting-started-bug-bounty-hunter-methodology

https://blog.bugcrowd.com/tips-from-top-hackers-bug-hunting-methodology-and-the-importance-of-writing-quality-submissions

Metasploit :

http://www.securitytube.net/groups?operation=view&groupId=10

https://www.offensive-security.com/metasploit-unleashed/

Buffer overflow :

https://www.youtube.com/watch?v=1S0aBV-Waeo

https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/

http://insecure.org/stf/smashstack.html

https://www.vortex.id.au/2017/05/pwkoscp-stack-buffer-overflow-practice/

http://netsec.ws/?p=180http://www.securitytube.net/groups?operation=view&groupId=4

Exploit writing:

http://www.securitytube.net/groups?operation=view&groupId=7

Assembly language

http://www.securitytube.net/groups?operation=view&groupId=5

Enumeration:

http://www.0daysecurity.com/penetration-testing/enumeration.html

https://nmap.org/nsedoc/

Refer fyodor’s defcon video on “nmap: scanning theinternet” https://www.youtube.com/watch?v=Hk-21p2m8YY

Shell Exploitation

http://www.lanmaster53.com/2011/05/7-linux-shells-using-built-in-tools/

https://netsec.ws/?p=331

Binary

http://www.fuzzysecurity.com/tutorials/expDev/1.html

Privilege escalation:

https://github.com/rebootuser/LinEnum

http://www.securitysift.com/download/linuxprivchecker.py

http://pentestmonkey.net/category/cheat-sheet/shell

http://www.fuzzysecurity.com/tutorials/16.html

https://github.com/GDSSecurity/Windows-Exploit-Suggester

https://www.youtube.com/watch?v=PC_iMqiuIRQ

https://www.adampalmer.me/iodigitalsec/2013/08/13/mysql-root-to-system-root-with-udf-for-windows-and-linux/

http://pwnwiki.io/#!privesc/windows/index.md

https://github.com/PenturaLabs/Linux_Exploit_Suggester

http://www.greyhathacker.net/?p=738

Windows Privilege Escalation

https://www.youtube.com/watch?v=kMG8IsCohHA

https://github.com/GDSSecurity/Windows-Exploit-Suggester

Linux Privilege Escalation

https://www.youtube.com/watch?v=dk2wsyFiosg

https://www.rebootuser.com/?p=1623

Privilege escalation recon scripts:

http://pentestmonkey.net/tools/audit/unix-privesc-check

http://www.abatchy.com/2017/02/oscp-like-vulnhub-vms.html

https://netsecfocus.slack.com

Online games:

http://resources.infosecinstitute.com/hacking-lab/

http://blog.pushebx.com/2011/03/penetration-testing-iso.html

http://captf.com/practice-ctf/

http://overthewire.org/wargames/

http://overthewire.org/wargames/natas/

nebula

https://ctf365.com/

https://www.hackthebox.gr/

Root-me.org

https://www.pentesterlab.com/exercises

Linux

http://linuxcommand.org

https://linuxjourney.com/

http://www.tldp.org/LDP/Bash-Beginners-Guide/html/

https://www.explainshell.com/

https://linux.die.net/man/

exploits:

http://www.kitploit.com/2017/05/reconnoitre-security-tool-for.html

Tools:Tools:Tools:Tools:Tools:Tools:Tools:Tools:Tools:Tools:Tools:Tools:Tools:Tools:Tools:Tools:Tools:Tools:Tools:Tools:

http://osintframework.com/

Netcat:

Ncat: http://www.binarytides.com/netcat-tutorial-for-beginners/

https://null-byte.wonderhowto.com/how-to/hack-like-pro-use-netcat-swiss-army-knife-hacking-tools-0148657/

https://github.com/gabemarshall/Brosec

https://github.com/1N3/Sn1per

TCP/IP

https://support.microsoft.com/en-us/help/172983/explanation-of-the-three-way-handshake-via-tcp-ip

http://techgenix.com/understanding-udp-protocol/

https://www.digitalocean.com/community/tutorials/ssh-essentials-working-with-ssh-servers-clients-and-keys

https://www.digitalocean.com/community/tutorials/how-to-route-web-traffic-securely-without-a-vpn-using-a-socks-tunnel

https://www.redbooks.ibm.com/redbooks/pdfs/gg243376.pdf

Code academy:

https://www.codecademy.com/

https://learnpythonthehardway.org/

https://www.codecademy.com/learn/learn-the-command-line

https://www.ibm.com/developerworks/library/l-lpic1-103-1/

http://www.greenteapress.com/thinkpython/thinkpython.html

Automate the Boring Stuff with Python: Practical Programming for Total Beginners 1st Edition

http://www.primalsecurity.net/tutorials/python-tutorials/

Payloads:

https://rmccurdy.com/scripts/downloaded/www.offensive-security.com/

github

https://github.com/enaqx/awesome-pentest

oscp useful tools:

https://github.com/frizb/OSCP-Survival-Guide/blob/master/README.md

https://github.com/burntmybagel/OSCP-Prep

https://jivoi.github.io/2015/06/19/oscp-prepare/

https://github.com/xapax/oscp/

https://github.com/opendns/Security_Ninjas_AppSec_Training

https://github.com/chrisallenlane/cheat

https://github.com/tldr-pages/tldr

https://github.com/ferreirasc/oscp

https://guif.re/webtestingoscp

http://www.computersecurity.org/computer-cyber-security-certifications-education-college-courses/cheat-sheet-how-to-pass-the-oscp-offensive-security-certified-professional-exam-step-by-step-guide-network-pivoting-part-7/

http://hackingandsecurity.blogspot.com/2016/04/oscp-related-notes.html

https://www.gitbook.com/book/belouve/belouve-infosec/details

https://highon.coffee/blog/penetration-testing-tools-cheat-sheet/

http://mateustymbu.xpg.uol.com.br/Bibliography/Pentest_Checklist.pdf

https://www.mrb3n.com/?page_id=329

http://blackpentesters.blogspot.com/2013/12/pentesting-with-backtrack-pwb-offensive.html

http://www.vishalitacademy.com/oscp

https://blog.propriacausa.de/wp-content/uploads/2016/07/oscp_notes.html

http://infosectalk.com/my-oscp-notes/

https://sushant747.gitbooks.io/total-oscp-guide/content/

http://bytec0de.com/blog/oscp-prepration-time-tutorial-basics-commands-and-understandings/

http://ramunix.blogspot.com/2016/10/oscp-cheat-sheet.html

https://github.com/re-pronin/pwk-cheatsheet

nmap nse:

https://hackertarget.com/7-nmap-nse-scripts-recon/

https://www.timborninkhof.com/oscp-exam-review/

http://www.hackingarticles.in/hack-lord-root-vm-ctf-challenge/

https://www.willchatham.com/security/kioptrix-level-1-3-vm-4-walkthrough/

http://www.security-geek.in/

https://www.vulnhub.com/

http://techorganic1.rssing.com/chan-5366139/all_p2.html

https://ethicalhackers.club/

http://www.securityartist.com/the-hackers-library/

http://justpentest.blogspot.com/

http://www.offensive-security.com/metasploit-unleashed/Main_Page

http://www.hackingtutorials.org

https://www.offensive-security.com/information-security-training/penetration-testing-with-kali-linux/

https://www.offensive-security.com/information-security-certifications/oscp-offensive-security-certified-professional/

https://www.kernel-exploits.com/

https://backdoorshell.gitbooks.io/oscp-useful-links/content/

http://www.primalsecurity.net/0x0-exploit-tutorial-buffer-overflow-vanilla-eip-overwrite-2/

https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation

https://vulnhub.com

www.greyhathacker.net/?p=738/

www.youtube.com/watch?v=kMG8IsCohHA&feature=youtu.be

http://0daysecurity.com/penetration-testing/enumeration.html

https://crackstation.net/

http://www.scoop.it/t/d-n3n

http://it-ovid.blogspot.com/2012/02/windows-privilege-escalation.html

http://pentestmonkey.net/tools/windows-privesc-check

www.youtube.com/watch?v=kMG8IsCohHA

http://pentestmonkey.net/cheat-sheet/john-the-ripper-hash-formats

www.toshellandback.com/2015/11/24/ms-priv-esc/

https://geekviews.tech/kali-linux-commands-complete-list/

http://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/

http://pentestmonkey.net/

https://jivoi.github.io/2015/07/01/pentest-tips-and-tricks/

http://www.toshellandback.com/

https://highon.coffee/

https://pinboard.in/u:unfo/t:oscp

https://github.com/PaulSec/awesome-sec-talks

http://www.rockfishsec.com/

http://batserver.co.uk/Batlab

https://www.offensive-security.com/metasploit-unleashed/portfwd/

http://netsec.ws/?p=278

https://junksecurity.com/taking-the-course-and-exam-preparation/

http://ianthomasfry.blogspot.com/2017/05/oscp-exam-study-guide-i-first-steps.html

https://insekurity.wordpress.com/

https://www.nop.cat/nmapscans/

https://github.com/1N3/PrivEsc

https://github.com/xapax/oscp/blob/master/linux-template.md

https://github.com/xapax/oscp/blob/master/windows-template.md

https://github.com/slyth11907/Cheatsheets

https://github.com/erik1o6/oscp/

https://highon.coffee/blog/lord-of-the-root-walkthrough/

MsfVenom

https://www.offensive-security.com/metasploit-unleashed/msfvenom/

Shell Escape Techniques

https://pen-testing.sans.org/blog/2012/06/06/escaping-restricted-linux-shells

https://airnesstheman.blogspot.ca/2011/05/breaking-out-of-jail-restricted-shell.html

https://speakerdeck.com/knaps/escape-from-shellcatraz-breaking-out-of-restricted-unix-shells

Pivoting

http://www.fuzzysecurity.com/tutorials/13.html

http://exploit.co.il/networking/ssh-tunneling/

https://www.sans.org/reading-room/whitepapers/testing/tunneling-pivoting-web-application-penetration-testing-36117

https://highon.coffee/blog/ssh-meterpreter-pivoting-techniques/

https://0x90909090.blogspot.ie/2015/07/no-one-expect-command-execution.html

https://resources.infosecinstitute.com/privilege-escalation-linux-live-examples/\#gref

https://github.com/mzet-/linux-exploit-suggester

https://github.com/SecWiki/linux-kernel-exploits

https://highon.coffee/blog/linux-commands-cheat-sheet/

https://www.defensecode.com/public/DefenseCode_Unix_WildCards_Gone_Wild.txt

https://github.com/lucyoa/kernel-exploits

https://www.rebootuser.com/?p=1758

https://www.securitysift.com/download/linuxprivchecker.py

https://www.youtube.com/watch?v=1A7yJxh-fyc

https://www.youtube.com/watch?v=2NMB-pfCHT8

https://www.youtube.com/watch?v=MN3FH6Pyc_g

https://www.slideshare.net/nullthreat/fund-linux-priv-esc-wprotections

https://www.exploit-db.com/exploits/39166/

https://www.exploit-db.com/exploits/15274/

https://blog.cobaltstrike.com/2014/03/20/user-account-control-what-penetration-testers-should-know/

https://github.com/foxglovesec/RottenPotato

https://github.com/GDSSecurity/Windows-Exploit-Suggester/blob/master/windows-exploit-suggester.py

https://github.com/pentestmonkey/windows-privesc-check

https://github.com/PowerShellMafia/PowerSploit

https://github.com/rmusser01/Infosec_Reference/blob/master/Draft/ATT%26CK-Stuff/Windows/Windows_Privilege_Escalation.md

https://github.com/SecWiki/windows-kernel-exploits

https://hackmag.com/security/elevating-privileges-to-administrative-and-further/

https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/

https://toshellandback.com/2015/11/24/ms-priv-esc/

https://www.gracefulsecurity.com/privesc-unquoted-service-path/

https://www.commonexploits.com/unquoted-service-paths/

https://www.exploit-db.com/dll-hijacking-vulnerable-applications/

https://www.youtube.com/watch?v=kMG8IsCohHA&feature=youtu.be

https://www.youtube.com/watch?v=vqfC4gU0SnY

https://www.exumbraops.com/penetration-testing-102-windows-privilege-escalation-cheatsheet/X

https://www.fuzzysecurity.com/tutorials/16.html

http://www.labofapenetrationtester.com/2015/09/bypassing-uac-with-powershell.html

Interesting reading:

https://code.google.com/p/pentest-bo.../BookmarksList

http://resources.infosecinstitute.co...door-python-z/

https://blog.netspi.com/netspis-top-...ords-for-2014/

https://github.com/SpiderLabs/Responder

http://windowssecrets.com/top-story/

http://resources.infosecinstitute.co...using-ollydbg/

https://www.corelan.be/index.php/200...t-development/

http://jbremer.org/mona-101-a-global-samsung-dll/

http://sgros-students.blogspot.sg/20...cs-part-1.html

http://sgros-students.blogspot.sg/20...cs-part-2.html

http://blog.cobaltstrike.com/2014/03...s-should-know/

http://www.pretentiousname.com/misc/...hitelist2.html

http://www.pretentiousname.com/misc/...c_details.html

http://withinwindows.com/2009/02/05/...ated-binaries/

https://www.exploit-db.com/bypassing...vista7-mirror/

http://security.stackexchange.com/qu...-for-windows-7

http://www.primalsecurity.net/0x8-ex...ive-egghunter/

http://hackerforhire.com.au/

http://n01g3l.tumblr.com/

http://veneetbhardwaj.blogspot.sg/

http://nethekk.blogspot.sg/2014/01/slmail-exploit.html

https://github.com/samratashok/nishang

http://j3rge.blogspot.sg/

https://twitter.com/ithurricanept

https://github.com/hfiref0x

https://zdresearch.com/internet-expl...rop-genration/

http://www.justanotherhacker.com/201...web-shell.html

http://woshub.com/how-to-extract-win...-hiberfil-sys/

http://rycon.hu/papers/goldenticket.html

http://www.beneaththewaves.net/Proje...lkthrough.html

Exploit and vulnerability databases:

http://www.exploit-db.com

https://code.google.com/p/google-sec...ry&cells=tiles

http://packetstormsecurity.com/files/os/7

https://packetstormsecurity.com/

http://farlight.org/index.html?type=local

Restricted shell escape:

https://blog.netspi.com/breaking-out...ix-and-kiosks/

http://blog.g0tmi1k.com/2011/08/basi...ge-escalation/

https://blog.netspi.com/windows-priv...or-privileges/

https://blog.netspi.com/windows-priv...in-privileges/

http://harmj0y.net

http://www.tarasco.org/

ROP: ASLR and DEP/NX:

https://www.trustwave.com/Resources/...X-ASLR-bypass/

http://security.stackexchange.com/qu...es-aslr-dep-nx

http://en.wikipedia.org/wiki/Return-...ed_programming

http://www.mastropaolo.com/2005/06/0...d-bits-part-1/

https://samsclass.info/127/proj/rop.htm

http://nicholas.carlini.com/papers/2...ropattacks.pdf

https://ctf-team.vulnhub.com/picoctf-2014-hardcore-rop/

Boot to root websites:

https://exploit-exercises.com/

http://0daysecurity.com/pentest.html

http://blog.agupieware.com/2014/10/h...ng-victim.html

Pentesting blogs:

https://idzer0.com

Reconnaissance websites:

http://whois.domaintools.com/nextdc.com

Shell codes:

https://www.exploit-db.com/shellcode/

http://www.secdev.org/projects/shellforge/

https://www.corelan.be/index.php/201...2-shellcoding/

http://www.leidecker.info/downloads/index.shtml#shells

https://github.com/dotcppfile/Serbot

http://shell-storm.org/shellcode/

http://bernardodamele.blogspot.sg/20...ne-liners.html

Tools to hide Shells:

https://www.veil-framework.com/

EggHunters:

Exploit Development:

https://github.com/SaltwaterC/sploit-tools

https://github.com/r41p41/snippets

https://github.com/byt3bl33d3r/MITMf

https://www.qualys.com/research/top10/2014/07/

Password leaks/lists:

http://www.leakedin.com

http://securityxploded.com/passwordsecrets.php

OSCP reviews:

http://popped.io

Hash cracking:

http://forum.insidepro.com/viewforum...72f1dc23055572

http://www.hashkiller.co.uk

Information Gathering:

https://github.com/leebaird/discover

https://bitvijays.github.io/blog/2015/04/09/learning-from-the-field-intelligence-gathering/

http://toshellandback.com/2015/11/24/ms-priv-esc/

https://github.com/azmatt/windowsEnum

Pivoting:

https://www.offensive-security.com/metasploit-unleashed/proxytunnels/

https://github.com/rofl0r/proxychains-ng

Local File Inclusion / Remote File Inclusion:

https://pentesterlab.com/exercises/php_include_and_post_exploitation/course

https://www.exploit-db.com/papers/12992/

http://www.itninja.com/blog/view/mysql-and-apache-profile-log-path-locations

SQLi:

https://www.exploit-db.com/papers/12975/

https://websec.wordpress.com/2010/12/04/sqli-filter-evasion-cheat-sheet-mysql/

https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet/

BruteForce w/ Burp Suite:

https://pentestlab.wordpress.com/2012/12/21/brute-force-attack-with-burp/

Reverse Shell Cheat Sheet/various shells:

http://pentestmonkey.net/tools/web-shells/php-reverse-shell

http://pentestmonkey.net/tools/web-shells/perl-reverse-shell

https://github.com/bartblaze/PHP-backdoors

https://github.com/BlackArch/webshells

Password Cracking:

https://hashkiller.co.uk/ntlm-decrypter.aspx

Intro to Pentest Books:

Git Book - https://backdoorshell.gitbooks.io/oscp-useful-links/content/

Ctf guide bt vijays : https://bitvijays.github.io/LFC-VulnerableMachines.html

https://www.owasp.org/images/1/19/OTGv4.pdf

Penetration Testing Standards:

https://www.crest-approved.org/wp-content/uploads/CREST-Penetration-Testing-Guide.pdf

https://www.owasp.org/index.php/Web_Application_Penetration_Testing

https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents

https://www.owasp.org/index.php/Penetration_testing_methodologies

PreviousCertification PreparationNextGRC and Audit

Last updated