Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/txuswashere/pentesting
CyberSec Resources: FRAMEWORKS & STANDARDS; Pentesting Audits & Hacking; PURPLE TEAMING, AD, API, web, clouds, CTF, OSINT, Pentest tools, Network Security, Privilege escalation, Exploiting, Reversing, Secure Code, Bug Bounty, ...
https://github.com/txuswashere/pentesting
active-directory audit auditing bugbounty cloudsecurity cyber-security cybersecurity exploiting hacking networksecurity osint pentesting pentesting-tools privilegeescalation purple-team purpleteam resources reversing webpentest webpentesting
Last synced: 1 day ago
JSON representation
CyberSec Resources: FRAMEWORKS & STANDARDS; Pentesting Audits & Hacking; PURPLE TEAMING, AD, API, web, clouds, CTF, OSINT, Pentest tools, Network Security, Privilege escalation, Exploiting, Reversing, Secure Code, Bug Bounty, ...
- Host: GitHub
- URL: https://github.com/txuswashere/pentesting
- Owner: txuswashere
- Created: 2022-11-19T09:54:52.000Z (about 2 years ago)
- Default Branch: main
- Last Pushed: 2023-02-22T11:00:42.000Z (almost 2 years ago)
- Last Synced: 2024-12-03T11:07:49.642Z (about 2 months ago)
- Topics: active-directory, audit, auditing, bugbounty, cloudsecurity, cyber-security, cybersecurity, exploiting, hacking, networksecurity, osint, pentesting, pentesting-tools, privilegeescalation, purple-team, purpleteam, resources, reversing, webpentest, webpentesting
- Homepage:
- Size: 36.4 MB
- Stars: 25
- Watchers: 3
- Forks: 3
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# pentesting
# CyberSec Resources: Pentesting, OSINT, Pentest tools, Network Security, Privilege escalation, Exploiting, Reversing, Secure Code, Bug Bounty, Mobile Apps pentesting, FRAMEWORKS & STANDARDS, Pentest Audits & Hacking; PURPLE TEAMING, AD, API, web, clouds & CTF, ...
# PHASES OF A PENTEST
##
๐ ๐ช๐ต๐ฎ๐ ๐ฎ๐ฟ๐ฒ ๐๐ต๐ฒ ๐ฝ๐ต๐ฎ๐๐ฒ๐ ๐ผ๐ณ ๐ฃ๐ฒ๐ป๐๐ฒ๐๐
###
๐ Basis of penetration testing execution by the PTES
http://www.pentest-standard.org/index.php/Main_Page
๐ Penetration Testing Phases & Steps Explained by Ray Fernandez on Esecurityplanet:
https://www.esecurityplanet.com/networks/penetration-testing-phases/
๐ ๐ฃ๐ฟ๐ฒ-๐๐ป๐ด๐ฎ๐ด๐ฒ๐บ๐ฒ๐ป๐
###
๐ Pre-engagement by the PTES
http://www.pentest-standard.org/index.php/Pre-engagement
๐ Scoping a pentest on PentesterLab
https://blog.pentesterlab.com/scoping-f3547525f9df
๐ Pentest Scope Worksheet by SANS
https://www.sans.org/posters/pen-test-scope-worksheet/
๐ API Pentesting 101: The rules of Engagement by Dana Epp
https://danaepp.com/api-pentesting-101-the-rules-of-engagement
๐ Pentest Rules of Engagement Worksheet by SANS
https://www.sans.org/posters/pen-test-rules-of-engagement-worksheet/
๐ ๐๐ป๐๐ฒ๐น๐น๐ถ๐ด๐ฒ๐ป๐ฐ๐ฒ ๐๐ฎ๐๐ต๐ฒ๐ฟ๐ถ๐ป๐ด
###
๐ Intelligence Gathering by the PTES
http://www.pentest-standard.org/index.php/Intelligence_Gathering
๐ Gabrielle B's post of resources about OSINT
##
OSINT is often part of a pentest.
If you want to learn more about it or specialize in it.
Here are some resources!
๐ Check out The Ultimate OSINT collection by Hatless1der:
https://start.me/p/DPYPMz/the-ultimate-osint-collection
๐ Have a look at this 5 hours free course by TCM Security
https://youtu.be/qwA6MmbeGNo
https://www.linkedin.com/company/tcm-security-inc/
๐ Check out this article by Giancarlo Fiorella on Bellingcat:
https://www.bellingcat.com/resources/2021/11/09/first-steps-to-getting-started-in-open-source-research/
๐ Check out this amazing list of Tools and Resources by onlineosint: https://osint.link/
๐ The OSINT Framework by jnordine
https://osintframework.com/
๐ Gabrielle B's pentips about Information Gathering
https://csbygb.gitbook.io/pentips/ethical-hacking-general-methodology/information-gathering
๐ Understanding the Steps of Footprinting on Cybersecurity Exchange
https://www.eccouncil.org/cybersecurity-exchange/penetration-testing/footprinting-steps-penetration-testing/
๐ Passive Information Gathering for pentesting
https://www.dummies.com/article/academics-the-arts/study-skills-test-prep/comptia-pentestplus/passive-information-gathering-for-pentesting-275726/
๐ Active information Gathering for pentesting
https://www.dummies.com/article/academics-the-arts/study-skills-test-prep/comptia-pentestplus/active-information-gathering-for-pentesting-275736/
๐ ๐ง๐ต๐ฟ๐ฒ๐ฎ๐ ๐ ๐ผ๐ฑ๐ฒ๐น๐ถ๐ป๐ด
###
๐ Threat Modeling by the PTES
http://www.pentest-standard.org/index.php/Threat_Modeling
๐ Threat modeling 101 Infosec resources
https://resources.infosecinstitute.com/topic/applications-threat-modeling/
๐ ๐ฉ๐๐น๐ป๐ฒ๐ฟ๐ฎ๐ฏ๐ถ๐น๐ถ๐๐ ๐๐ป๐ฎ๐น๐๐๐ถ๐
###
๐ Vulnerability Analysis by the PTES
http://www.pentest-standard.org/index.php/Vulnerability_Analysis
๐ Gabrielle B's pentips about Scanning & Enumeration
https://csbygb.gitbook.io/pentips/ethical-hacking-general-methodology/scanenum
๐ What is Vulnerability Analysis and How Does It work on Cybersecurity Exchange
https://www.eccouncil.org/cybersecurity-exchange/ethical-hacking/conduct-a-vulnerability-analysis/
๐ NCSC Guide for vulnerability management
https://www.ncsc.gov.uk/guidance/vulnerability-management
๐ ๐๐
๐ฝ๐น๐ผ๐ถ๐๐ฎ๐๐ถ๐ผ๐ป
###
๐ Exploitation by the PTES
http://www.pentest-standard.org/index.php/Exploitation
๐ Gabrielle B's pentips about Exploitation
https://csbygb.gitbook.io/pentips/ethical-hacking-general-methodology/exploitation
๐ The Exploitation Phase in Penetration Testing by Gaurav Tiwari
https://gauravtiwari.org/exploitation-phase-in-penetration-testing/
๐ ๐ฃ๐ผ๐๐ ๐๐
๐ฝ๐น๐ผ๐ถ๐๐ฎ๐๐ถ๐ผ๐ป
###
๐ Post Exploitation by the PTES
http://www.pentest-standard.org/index.php/Post_Exploitation
๐ Introduction to Post-Exploitation Phase on geeksforgeeks
https://www.geeksforgeeks.org/introduction-to-post-exploitation-phase/
๐ 9 Post Exploitation Tools for Your next Penetration Test
https://bishopfox.com/blog/post-exploitation-tools-for-pen-test
๐ ๐ฅ๐ฒ๐ฝ๐ผ๐ฟ๐๐ถ๐ป๐ด
###
๐ Reporting by the PTES
http://www.pentest-standard.org/index.php/Reporting
๐ Gabrielle B's pentips on reporting
https://csbygb.gitbook.io/pentips/reporting/pentest-report
# REPORTING
##
๐ ๐ฆ๐๐ฟ๐๐ฐ๐๐๐ฟ๐ฒ ๐ผ๐ณ ๐ฎ ๐ฝ๐ฒ๐ป๐๐ฒ๐๐ ๐ฟ๐ฒ๐ฝ๐ผ๐ฟ๐
###
๐ Gabrielle B's article on how to write a pentest report:
https://csbygb.gitbook.io/pentips/reporting/pentest-report
๐ ๐๐ผ๐ ๐๐ผ ๐๐ฎ๐ธ๐ฒ ๐ป๐ผ๐๐ฒ๐
###
๐ Cherry Tree
https://www.giuspen.com/cherrytree/
๐ Joplin
https://joplinapp.org/
๐ Keepnote
http://keepnote.org/
๐ ๐ง๐ถ๐ฝ๐ ๐ณ๐ฟ๐ผ๐บ ๐๐
๐ฝ๐ฒ๐ฟ๐๐
###
๐ Writing Tips for IT Professionals by Lenny Zeltser
https://zeltser.com/writing-tips-for-it-professionals/
๐ How to write a Penetration Testing Report by HackerSploit
https://www.youtube.com/watch?v=J34DnrX7dTo
๐ ๐๐๐๐ผ๐บ๐ฎ๐๐ถ๐ผ๐ป
###
๐ Blackstone project by micro-joan
https://github.com/micro-joan/BlackStone
๐ Pentext by Radically Open Security
https://github.com/radicallyopensecurity/pentext
๐ ๐๐
๐ฎ๐บ๐ฝ๐น๐ฒ๐ ๐ผ๐ณ ๐ฟ๐ฒ๐ฝ๐ผ๐ฟ๐๐
###
๐ A list of public pentest reports by juliocesarfort
https://github.com/juliocesarfort/public-pentesting-reports
๐ A list of bug bounty writeup on Pentester Land
https://pentester.land/writeups/
# PENTEST TOOLS
##
๐ See Rajneesh Guptaโs post about some of the Practical web Pentesting tools. He even share them according to the pentest steps:
https://www.linkedin.com/posts/rajneeshgupta01_web-pentesting-practical-tools-activity-6946808678402375680-CJjt/
Some of the practical Web Pentesting Tools!
๐ Reconnaisaance
###
โ Nmap - Web Service detection
โ Nessus - Automated Scan
โ Skipfish - Web App Active Scanning for vulnerabilities
๐ Mapping/Discovery
###
โ Burp-Suite- Web Proxy
โ OWASP ZAP - Web Proxy
๐ Exploitation
###
โ Metasploit Framework: Exploitation tool with payloads, exploits
โ Burp-Suite- Web Proxy
โ Exploit-db - To search for exploits
โ Netcat
๐จ Follow Rajneesh he offers amazing content ๐จ
๐ You know the Nmap project? Well they have a list of the top 125 Network Security Tools:
https://sectools.org/
๐ You want Open Source?
###
โด๏ธJulien Maury shared a Top 10 on eSecurity Planet:
https://www.esecurityplanet.com/applications/open-source-penetration-testing-tools/
โด๏ธAnd SANS has a list of tools including plenty of pentest tools:
https://www.sans.org/img/free-faculty-tools.pdf
๐ Finally arch3rPro has an amazing amount of tools listed on github:
https://github.com/arch3rPro/PentestTools
# NETWORK SECURITY, Networking
##
๐ ๐ช๐ต๐ฎ๐ ๐ถ๐ ๐ก๐ฒ๐๐๐ผ๐ฟ๐ธ๐ถ๐ป๐ด?
###
๐ Cover your digital basics with netacad:
https://www.netacad.com/courses/os-it/get-connected
๐ Professor Messerโs CompTIA Network+ Course
https://www.professormesser.com/network-plus/n10-008/n10-008-video/n10-008-training-course/
๐ OSI Model
https://en.wikipedia.org/wiki/OSI_model
๐ ๐ช๐ต๐ฎ๐ ๐ถ๐ ๐ก๐ฒ๐๐๐ผ๐ฟ๐ธ ๐ฆ๐ฒ๐ฐ๐๐ฟ๐ถ๐๐?
###
๐ What is Network Security on Hackthebox blog by Kim Crawley:
https://www.hackthebox.com/blog/what-is-network-security
๐ Network Security Course on OpenLearn by The Open University
https://www.open.edu/openlearn/digital-computing/network-security
๐ OSI Layers and related Attack types by Harun Seker
๐ ๐๐ผ๐ ๐๐ผ P๐ฒ๐ป๐๐ฒ๐๐ ๐ก๐ฒ๐๐๐ผ๐ฟ๐ธ๐?
###
๐ Full Ethical Hacking Course - Beginner Network Penetration Testing by TCM Security
https://youtu.be/WnN6dbos5u8
๐ Infrastructure Pentesting Checklist by Purab Parihar:
https://github.com/purabparihar/Infrastructure-Pentesting-Checklist
# PRIVILEGE ESCALATION, Windows and Linux
##
๐ ๐ช๐ต๐ฎ๐ ๐ถ๐ ๐ฃ๐ฟ๐ถ๐๐ถ๐น๐ฒ๐ด๐ฒ ๐๐๐ฐ๐ฎ๐น๐ฎ๐๐ถ๐ผ๐ป?
###
๐ Cybersecurity 101 - What is Privilege escalation on CrowdStrike
https://www.crowdstrike.com/cybersecurity-101/privilege-escalation/
https://www.linkedin.com/company/crowdstrike/
๐ Privilege Escalation Attack and defend explained on BeyondTrust
https://www.beyondtrust.com/blog/entry/privilege-escalation-attack-defense-explained
https://www.linkedin.com/company/beyondtrust/
๐ ๐ช๐ถ๐ป๐ฑ๐ผ๐๐ ๐ฃ๐ฟ๐ถ๐๐ถ๐น๐ฒ๐ด๐ฒ ๐๐๐ฐ๐ฎ๐น๐ฎ๐๐ถ๐ผ๐ป
###
๐ Gabrielle B ๐'s Pentips on Windows Privilege escalation on CSbyGB - Pentips
https://csbygb.gitbook.io/pentips/windows/privesc
๐ Windows Privilege Escalation on PayloadsAllTheThings
https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Windows%20-%20Privilege%20Escalation.md
๐ Windows Privesc guide on absolombโs security blog
https://www.absolomb.com/2018-01-26-Windows-Privilege-Escalation-Guide/
๐ Privilege Escalation Windows on sushant747โs gitbook
https://sushant747.gitbooks.io/total-oscp-guide/content/privilege_escalation_windows.html
๐ Windows Local Privilege Escalation checklist on HackTricks
https://book.hacktricks.xyz/windows-hardening/checklist-windows-privilege-escalation
๐ ๐๐ถ๐ป๐๐
๐ฃ๐ฟ๐ถ๐๐ถ๐น๐ฒ๐ด๐ฒ ๐๐๐ฐ๐ฎ๐น๐ฎ๐๐ถ๐ผ๐ป
###
๐ Gabrielle B ๐'s Pentips on Linux Privilege Escalation on CSbyGB - Pentips
https://csbygb.gitbook.io/pentips/linux/privesc
๐ Linux Privilege Escalation on PayloadsAllTheThings
https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Linux%20-%20Privilege%20Escalation.md
๐ Basic Linux Privilege Escalation on g0tm1lkโs blog
https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/
๐ Guide Linux Privilege Escalation on Payatu
https://payatu.com/blog/a-guide-to-linux-privilege-escalation/
https://www.linkedin.com/company/payatu/
๐ A curated list of Unix Binaries to bypass local security restrictions by GTFOBins
https://gtfobins.github.io/
๐ Linux Privilege Escalation Checklist on HackTricks
https://book.hacktricks.xyz/linux-hardening/linux-privilege-escalation-checklist
# EXPLOITING
##
๐ ๐ช๐ต๐ฎ๐ ๐ถ๐ ๐ฒ๐
๐ฝ๐น๐ผ๐ถ๐ ๐ฑ๐ฒ๐๐ฒ๐น๐ผ๐ฝ๐บ๐ฒ๐ป๐?
###
๐ Exploit Development Introduction on Hack the Box Academy
https://academy.hackthebox.com/course/preview/stack-based-buffer-overflows-on-linux-x86/exploit-development-introduction
๐ Exploit Development - Everything you need to know by null-bytes
https://null-byte.wonderhowto.com/how-to/exploit-development-everything-you-need-know-0167801/
๐ ๐๐ฒ๐โ๐ ๐๐๐ฎ๐ฟ๐ ๐น๐ฒ๐ฎ๐ฟ๐ป๐ถ๐ป๐ด ๐ฎ๐ฏ๐ผ๐๐ ๐ถ๐ ๐ฎ๐ป๐ฑ ๐ฃ๐ฟ๐ฎ๐ฐ๐๐ถ๐ฐ๐ฒ
###
๐ Getting Started with Exploit Development by Specter and zi
https://dayzerosec.com/blog/2021/02/02/getting-started.html
๐ Exploit Courses by Dobin Rutishauser
https://exploit.courses/#/index
๐ Pwn College
https://pwn.college/
https://www.twitch.tv/pwncollege/videos
https://www.youtube.com/pwncollege
๐ A curated list of resources for learning about Exploit Development by wtsxDev
https://github.com/wtsxDev/Exploit-Development/blob/master/README.md
๐ Practice with exploit education
https://exploit.education/
๐ Fundamentals of Software Exploitation
https://wargames.ret2.systems/course
๐ Shellcode Devlopment by Joas Antonio
https://drive.google.com/file/d/1R3ZTFerBaBSfnS0rP_r2d8xH2p-n3kdt/view
๐ Shellcode Development by Aayush Malla
https://aayushmalla56.medium.com/shellcode-development-4590117a26bf
๐ Joas Antonio OSEP guide with plenty of resources
https://github.com/CyberSecurityUP/OSCE-Complete-Guide#osep
๐ Awesome Exploit Development by Joas Antonio
https://github.com/CyberSecurityUP/Awesome-Exploit-Development#readme
๐ ๐๐ข๐ก๐จ๐ฆ: ๐ช๐ฎ๐ป๐ ๐๐ผ ๐๐ป๐ฑ๐ฒ๐ฟ๐๐๐ฎ๐ป๐ฑ ๐ต๐ผ๐ ๐ฎ ๐บ๐ฎ๐น๐๐ฎ๐ฟ๐ฒ ๐๐ผ๐ฟ๐ธ๐?
###
๐ Beginnerโs Blue Team Guide to creating Malware in Python by David Elgut
https://www.linkedin.com/pulse/beginners-blue-team-guide-creating-malware-python-david-elgut/
# REVERSING
##
๐ ๐ฅ๐ฒ๐๐ฒ๐ฟ๐๐ฒ ๐๐ป๐ด๐ถ๐ป๐ฒ๐ฒ๐ฟ๐ถ๐ป๐ด
###
๐ Reverse Engineering for Beginners by Ophir Harpaz
https://www.begin.re/
๐ Reverse Engineering for Everyone by Kevin Thomas My Technotalent
https://0xinfection.github.io/reversing/
๐ Reverse Engineering for beginners by Dennis Yurichev (available in many languages)
https://beginners.re/main.html
๐ Reverse Engineering 101 by 0x00 (with exercises)
https://0x00sec.org/t/reverse-engineering-101/1233
๐ ๐ ๐ฎ๐น๐๐ฎ๐ฟ๐ฒ ๐๐ป๐ฎ๐น๐๐๐ถ๐
###
๐ Malware Analysis In 5+ Hours - Full Course - Learn Practical Malware Analysis! by HuskyHacks
https://youtu.be/qA0YcYMRWyI
๐ Malware Analysis โ Mind Map by Thatintel
https://thatintel.blog/2016/05/30/malware-analysis-mind-map/
๐ Malware Analysis Tutorials: a Reverse Engineering Approach by Dr Xiang Fu
https://fumalwareanalysis.blogspot.com/p/malware-analysis-tutorials-reverse.html
๐ ๐๐บ๐ฎ๐๐ถ๐ป๐ด ๐๐ผ๐ป๐๐
###
Malware Analysis and Reverse Engineering courses by DFIR Diva
https://training.dfirdiva.com/listing-category/malware-analysis-and-re
# SECURE CODE
##
๐ ๐ช๐ต๐ฎ๐ ๐ถ๐ ๐๐ฒ๐ฐ๐๐ฟ๐ฒ ๐ฐ๐ผ๐ฑ๐ฒ ๐ฟ๐ฒ๐๐ถ๐ฒ๐?
###
๐ How to Identify Vulnerabilities in code โ Manual Code Review on Hackingloops
https://www.hackingloops.com/how-to-identify-vulnerabilities-in-code-manual-code-review/
๐ Security Code Review 101 by Paul Ionescu:
https://medium.com/@paul_io/security-code-review-101-a3c593dc6854
๐ OWASPยฎ Foundation Secure Coding Practice
https://owasp.org/www-pdf-archive/OWASP_SCP_Quick_Reference_Guide_v2.pdf
https://www.linkedin.com/company/owasp/
๐ ๐๐ป๐๐ฟ๐ผ๐ฑ๐๐ฐ๐๐ถ๐ผ๐ป ๐๐ผ ๐๐ฒ๐ฐ๐๐ฟ๐ฒ ๐ฐ๐ผ๐ฑ๐ฒ ๐ฟ๐ฒ๐๐ถ๐ฒ๐
###
๐ Farah Hawaโs post about the subject:
A few weeks ago, I took up a challenge to learn Secure Code Reviews in 20 days. I chose PHP as the language to focus on and here are the resources I used to learn:
1. PentesterLab videos about different strategies to use while reviewing code
https://www.linkedin.com/company/pentesterlab/
2. Sonar Rules for code review rules/hacks to find vulnerabilities in PHP. This had great examples of compliant vs non-compliant code snippets.
https://www.linkedin.com/company/sonarsource/
https://rules.sonarsource.com/php/type/Vulnerability
3. Looking for bugs in vulnerable apps like DVWA after finding their code on GitHub:
https://github.com/digininja/DVWA/tree/master/vulnerabilities
4. Watching videos by Vickie Li, and Shubham Shah on the OWASP DevSlop YouTube channel:
https://www.youtube.com/c/OWASPDevSlop
https://www.linkedin.com/company/owasp-devslop/
5. Solving challenges posted by YesWeHack โ ตand Intigriti on Twitter but they can also be found on their websites:
https://www.yeswehack.com/
https://www.linkedin.com/company/yes-we-hack/
https://blog.yeswehack.com/yeswerhackers/dojoweb-application-bypass-v2-0/
https://www.linkedin.com/company/intigriti/
6. OWASPยฎ Foundation has a great book Code Review Guide which has good theoretical knowledge about different bug classes
https://owasp.org/www-pdf-archive/OWASP_Code_Review_Guide_v2.pdf
https://www.linkedin.com/company/owasp/
You can also watch the video I made about this:
https://youtu.be/ajcxjnTFo6A
๐ Introduction to Secure Code Review on PentesterLab:
https://www.linkedin.com/company/pentesterlab/
https://pentesterlab.com/exercises/codereview/course
๐ Freddy Machoโs PDF Code review checklist
๐ Check out the dedicated section on Secure Code Review on my pentips
https://csbygb.gitbook.io/pentips/secure-code-review/code-review
๐ ๐ฃ๐ฟ๐ฎ๐ฐ๐๐ถ๐ฐ๐ฒ ๐ฎ๐ป๐ฑ ๐๐ต๐ฎ๐ฟ๐ฝ๐ฒ๐ป ๐๐ผ๐๐ฟ ๐ฟ๐ฒ๐๐ถ๐ฒ๐๐ฒ๐ฟ ๐๐ธ๐ถ๐น๐น๐
###
๐ Security training platform for devs Hacksplaining:
https://www.hacksplaining.com/
๐ Make a vulnerable PHP App with this video by Wesley (The XSS Rat) Thijs
https://www.youtube.com/live/e_dLSVpQy40?feature=share
๐ Join the WeHackPurple Community to talk about secure code practice and more
https://community.wehackpurple.com/
๐ ๐ง๐ผ๐ผ๐น๐
###
๐ Manual code review versus using a SAST Tool on We Hack Purple
https://wehackpurple.com/pushing-left-like-a-boss-part-7-code-review-and-static-code-analysis/
https://www.linkedin.com/company/wehackpurple/
๐ Code Review tools on HackTricks
https://book.hacktricks.xyz/network-services-pentesting/pentesting-web/code-review-tools
๐ Awesome DevSecOps by TaptuIT
https://github.com/TaptuIT/awesome-devsecops
# BUG BOUNTY
##
๐ A great introduction on how to get into bug bounty by Wesley Thijs xssrat
https://thexssrat.medium.com/bug-bounty-methodology-v3-0-hunt-like-a-rat-9e030fc54363
๐ A list of bug bounty platforms by Bughacking
https://bughacking.com/best-bug-bounty-platforms/
๐ A list of bug bounty programs by vpnmentor:
https://www.vpnmentor.com/blog/the-complete-list-of-bug-bounty-programs/
๐ Want to apply to the Synack Red Team Artemis program?
https://www.linkedin.com/company/synack-red-team/
An exclusive community open to security professionals who identify as women, trans and nonbinary people, and others who identify as a gender minority. See this link:
https://www.synack.com/artemis/
๐ Farah Hawa has a great video about bug bounty resources:
https://youtu.be/ig5DuM6M2CQ
๐ The Bug Hunter Handbook by Gowthams
https://gowthams.gitbook.io/bughunter-handbook/
๐ A repo โAllAboutBugBountyโ by daffainfo
https://github.com/daffainfo/AllAboutBugBounty#readme
# Mobile App pentest
##
๐ Android Bug Bounty Hunting: Hunt Like a Rat by Wesley Thijs
https://codered.eccouncil.org/course/android-bug-bounty-hunting-hunt-like-a-rat
๐ Set up your lab, learn about the methodology and get more resources on my Pentips
๐ Gabrielle B's talk and resources for TDI 2022:
https://csbygb.gitbook.io/pentips/talks/android-app
๐ The dedicate Android App hacking page:
https://csbygb.gitbook.io/pentips/mobile-app-pentest/android
๐ Mobile App Penetration Testing Cheat Sheet by tanprathan
https://github.com/tanprathan/MobileApp-Pentest-Cheatsheet
๐ Donโt forget the standards. Read OWASP MASVS and OWASP MASTG here
https://mas.owasp.org/#our-mission
# API Pentesting
##
๐ I highly recommend taking the API Penetration Testing course by Corey J. Ball on APIsec University
https://university.apisec.ai/
https://www.linkedin.com/company/apisec-university/
๐ I had a blast working on this course. You will have the opportunity to learn and apply the concepts right after with a hands-on lab that you can install and deploy yourself.
๐ You will learn about the following topics
* Set Up an API Hacking lab
* API Reconnaissance
* Endpoint Analysis
* Scanning APIs
* API Authentication Attacks
* Exploiting API Authorization
* Testing for Improper Assets Management
* Mass Assignment
* Injection Attacks
* Rate Limit Testing
* Combining Tools and Techniques
๐ I can not thank enough the team of APIsec University special mention to Corey J. Ball and Dan Barahona for all that you do for the community. ๐
๐ Learn more about the course:
๐ Corey's Book:
https://nostarch.com/hacking-apis
๐ Corey talks about API Hacking with David Bombal:
https://youtu.be/CkVvB5woQRM
๐ Check out my notes about API Hacking here:
https://csbygb.gitbook.io/pentips/web-pentesting/api
# Threat Modeling
##
๐ ๐ช๐ต๐ฎ๐ ๐ถ๐ ๐๐ต๐ฟ๐ฒ๐ฎ๐ ๐บ๐ผ๐ฑ๐ฒ๐น๐ถ๐ป๐ด?
###
๐ Threat Modeling on OWASP by Victoria Drake
https://owasp.org/www-community/Threat_Modeling
๐ ๐๐ผ๐ ๐ฑ๐ผ๐ฒ๐ ๐ถ๐ ๐๐ผ๐ฟ๐ธ?
###
๐ Threat Modeling the Right way for builders Workshop on AWS Skill builder
https://explore.skillbuilder.aws/learn/course/external/view/elearning/13274/threat-modeling-the-right-way-for-builders-workshop
๐ Even my dad is a threat modeler by Sarthak Taneja
https://youtu.be/Y587UFgjqhQ
๐ ๐๐
๐ฎ๐บ๐ฝ๐น๐ฒ๐ ๐ฎ๐ป๐ฑ ๐ฅ๐ฒ๐๐ผ๐๐ฟ๐ฐ๐ฒ๐
###
๐ Threat Model Examples by Tal Eliyahu
https://github.com/TalEliyahu/Threat_Model_Examples#readme
๐ Julien Provenzano made multiple posts on the subject
โ
GUIDE TO CYBER THREAT MODELLING by Cyber Security Agency of Singapore (CSA)
This document aims to provide a practical and systematic way to identify threat events that can be used in a cybersecurity risk assessment.
It will introduce various approaches and methods of threat modelling, and provide a suggested framework, coupled with practical examples, for individuals and groups to adopt to derive a robust system threat model and
relevant threat events.
System owners can then incorporate these threat events into their cybersecurity risk assessment to develop and prioritise effective controls.
target audience:
* Internal stakeholders e.g. system owners, business unit heads, Chief Information Security Officers, and personnel involved in IT risk assessment and management within any organisation, including Critical Information Infrastructure Owners;
* External consultants or service providers engaged to conduct threat modelling on behalf of system owners; and
* Red team members, blue team defenders, and purple team members.
2 APPROACH
2.1 System Level Approach
2.2 Common Missteps in Threat Modelling
2.3 Integrating Threat Modelling into Risk Assessment Process
3 METHODOLOGY
3.1 Overview of Method
3.2 Step 1: Preliminaries and Scope Definition
3.3 Step 2: System Decomposition
3.4 Step 3: Threat Identification
3.5 Step 4: Attack Modelling
3.6 Step 5: Bringing Everything Together
โ
Threat Modeling course by British Columbia Provincial Government
This training course is just one part of the Office of the Chief Information Officer (OCIO) Information Security Branch (ISB) education series.
The goal of this course is to inform staff of what threat modelling is, why it is important, and how it fits into the Security Threat Risk Assessment, and Statement of Acceptable Risk, processes.
Threat Modelling Frameworks
A threat modelling practice flows from a methodology or framework. There are many threat modelling frameworks available for use. Some of these are specialised models designed for a specific task, for example, some focus specifically on risk or on privacy concerns.
They can be optionally combined to create a more robust and well-rounded view of potential threats.
Threat modelling should be performed early in the development cycle because if potential issues arise, they can be caught early and remedied.
This can prevent a much costlier fix down the line.
Using threat modelling to think about security requirements can lead to proactive architectural decisions that help reduce threats right from the start.
Threat Modeling frameworks
- Microsoft STRIDE Threat Modelling Tool (Developer Focused)
- OWASP Application Threat modelling (Software Focused)
- OCTAVE (Practice Focused)
- Trike Threat modelling (Acceptable Risk Focused)
- P.A.S.T.A. Threat modelling (Attacker Focused)
- VAST Threat modelling (Enterprise Focused)
Threat Modelling Tools
- IriusRisk
- PyTM
- SecuriCAD
- ThreatModeler
- SD Elements
- Tutamantic
- OWASP Threat Dragon Project
- Mozilla SeaSponge
- OVVL
โ
Threat Modeling Architecting & Designing with Security in Mind by OWASPยฎ Foundation - Venkatesh Jagannathan
Why do we create application threat models in the Software Development Life Cycle ?
SDLC refers to a methodology with clearly defined processes for creating high-quality software.
To identify potential flaws that have been there since the applications were created, threat modeling identifies risks and flaws affecting an application, no matter how old or new that application is.
Threat modeling should take place as soon as the architecture is in place as the cost of resolving issues generally increases further along in the SDLC.
- Introduction to Threat Modeling
- Precursors to Threat Modeling
- Threat Modeling โ How-To
- Test Focused Threat Modeling
- Alternate Threat Models
- Estimating Threat Modeling for Applications
- CVSS vs OCTAVE
๐ The threat Model playbook by Toreon
https://github.com/Toreon/threat-model-playbook
๐ OWASP Threat Modeling Cheat Sheet
https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Threat_Modeling_Cheat_Sheet.md
# SEARCH ENGINES FOR PENTESTERS
##
๐ TryHackMe room Introductory Researching:
https://tryhackme.com/room/introtoresearch
https://www.linkedin.com/company/tryhackme/
๐ Rajnessh Gupta - How to use Google for hacking
https://youtu.be/lLnDrv696u4
๐ Have you heard about dorking? It is also very helpful.
โด๏ธ Hack The Box What is Google Dorking:
https://www.hackthebox.com/blog/What-Is-Google-Dorking
https://www.linkedin.com/company/hackthebox/
โด๏ธ Tryhackme Google Dorking:
https://tryhackme.com/room/googledorking
๐ญ TIP: Lots of Engine use dorking, see DuckDuckGo Search Syntax:
https://help.duckduckgo.com/duckduckgo-help-pages/results/syntax/
๐ญ TIP2: Automate Google dorking with Katana by TebbaaX:
https://github.com/TebbaaX/Katana
๐ Bruce Clay, Inc. - Advanced Search Operators for Bing and Google (Guide and Cheat Sheet)
https://www.bruceclay.com/blog/bing-google-advanced-search-operators/
https://www.linkedin.com/company/bruce-clay-inc-/
๐ Daniel Kelley 30 cybersecurity search engines
Here are 30 cybersecurity search engines:
1. DehashedโView leaked credentials.
2. SecurityTrailsโExtensive DNS data.
3. DorkSearchโReally fast Google dorking.
4. ExploitDBโArchive of various exploits.
5. ZoomEyeโGather information about targets.
6. PulsediveโSearch for threat intelligence.
7. GrayHatWarfareโSearch public S3 buckets.
8. PolySwarmโScan files and URLs for threats.
9. FofaโSearch for various threat intelligence.
10. LeakIXโSearch publicly indexed information.
11. DNSDumpsterโSearch for DNS records quickly.
12. FullHuntโSearch and discovery attack surfaces.
13. AlienVaultโExtensive threat intelligence feed.
14. ONYPHEโCollects cyber-threat intelligence data.
15. Grep AppโSearch across a half million git repos.
16. URL ScanโFree service to scan and analyse websites.
17. VulnersโSearch vulnerabilities in a large database.
18. WayBackMachineโView content from deleted websites.
19. ShodanโSearch for devices connected to the internet.
20. NetlasโSearch and monitor internet connected assets.
21. CRT shโSearch for certs that have been logged by CT.
22. WigleโDatabase of wireless networks, with statistics.
23. PublicWWWโMarketing and affiliate marketing research.
24. Binary EdgeโScans the internet for threat intelligence.
25. GreyNoiseโSearch for devices connected to the internet.
26. HunterโSearch for email addresses belonging to a website.
27. CensysโAssessing attack surface for internet connected devices.
28. IntelligenceXโSearch Tor, I2P, data leaks, domains, and emails.
29. Packet Storm SecurityโBrowse latest vulnerabilities and exploits.
30. SearchCodeโSearch 75 billion lines of code from 40 million projects.
# Cybersec FRAMEWORKS & STANDARDS:
## PENTESTING STANDARDS:
(PTES) The Penetration Testing Execution Standard
http://www.pentest-standard.org/
(OSSTMM) The Open Source Security Testing Methodology https://www.isecom.org/
https://www.isecom.org/OSSTMM.3.pdf
## MITRE ATT&CK
MITRE ATT&CK framework by MITRE ATT&CK
https://youtu.be/Yxv1suJYMI8
Putting MITRE ATT&CK into Action with What You Have, Where You Are (By Katie Nickels)
https://youtu.be/bkfwMADar0M
MITRE room on TryHackMe
https://tryhackme.com/room/mitre
## Cyber Kill Chainย Framework:
The Cyber Kill Chainยฎย framework, developed by Lockheed Martin, is part of theย Intelligence Driven Defenseยฎย model for identification and prevention of cyber intrusions activity. The model identifies what the adversaries must complete in order to achieve their objective.
https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html
## NIST:
NIST Cybersecurity Framework Explained - Kelly Hood, Thomas Conkle - RSA Conference
https://youtu.be/nFUyCrSnR68
## PCI Security Standards:
PCI Security Standards Council
https://www.pcisecuritystandards.org/
## ISO STANDARDS:
ISO 27000 Family of Standards by Aron Lange
https://youtu.be/7PscOoWtR7g
A youtube playlist about ISO27001 by risk3sixty https://www.youtube.com/c/risk3sixty
https://www.youtube.com/playlist?list=PLboNZ8lgLkUjg353Am3x4SytHme-XDL2N
## Frameworks compared:
NIST Cybersecurity Framework vs ISO 27001/27002 vs NIST 800-53 vs Secure Controls Framework on Compliance Forge
https://www.complianceforge.com/faq/nist-800-53-vs-iso-27002-vs-nist-csf-vs-scf
Mitre Attack vs Cyber Kill chain on blackberry.com
https://www.blackberry.com/us/en/solutions/endpoint-security/mitre-attack/mitre-attack-vs-cyber-kill-chain
# PENTEST reporting:
### How to take NOTES:
CherryTree, a hierarchical note taking application.
https://www.giuspen.com/cherrytree/
Joplin, an Open Source note-taking app.
https://joplinapp.org/
KeepNote, a note taking application
http://keepnote.org/
## How to report your findings:
https://csbygb.gitbook.io/pentips/reporting/pentest-report
Writing Tips for IT Professionals (By Lenny Zeltser)
https://zeltser.com/writing-tips-for-it-professionals/
How To Write A Penetration Testing Report by HackerSploit https://www.youtube.com/c/HackerSploit/
https://youtu.be/J34DnrX7dTo
## REPORTING:
### A list of public penetration test reports published by several consulting firms and academic security groups.
https://github.com/juliocesarfort/public-pentesting-reports
### A Directory of ethical hacking writeups including bug bounty, responsible disclosure and pentest writeups.
https://pentester.land/writeups/
## PENTEST AUTOMATION:
BlackStone Project by MicroJoan https://microjoan.com/
https://github.com/micro-joan/BlackStone
Pentext by https://www.radicallyopensecurity.com/
https://github.com/radicallyopensecurity/pentext
# Web PENTEST:
## Web Security Academy by PortSwigger:
https://portswigger.net/web-security/learning-path
### Rana Khalil Youtube channel
https://www.youtube.com/c/RanaKhalil101
### Wesley Thijs XSSratโs Youtube channel
https://www.youtube.com/c/TheXSSrat
## The Pentesting Web Checklist on Pentest Book by six2dez
https://pentestbook.six2dez.com/others/web-checklist
## OWASPยฎ Foundation Top 10:
https://owasp.org/www-project-top-ten/
## Vulnerable Web Applications to practice:
https://owasp.org/www-project-vulnerable-web-applications-directory/
# API PENTEST
API Hacking beginners guide by Dana Epp
https://danaepp.com/beginners-guide-to-api-hacking
Corey J. Ball API workshop
https://sway.office.com/HVrL2AXUlWGNDHqy
https://github.com/hAPI-hacker/Hacking-APIs
## API PENTEST ORGANIZING:
MalAPI by mrd0x
https://malapi.io/
MindAPI by David Sopas
https://dsopas.github.io/MindAPI/play/
## API PENTESTING PRACTICE:
Hackxpert - OWASP top 10 API training
https://hackxpert.com/API-testing.php
VAmPI by erev0s:
https://hakin9.org/vampi-vulnerable-rest-api-with-owasp-top-10-vulnerabilities-for-security-testing/
https://github.com/erev0s/VAmPI
## API Pentest videos and conferences:
APISecure Conference all their 2022 videos are available on their website
https://www.apisecure.co/
Hacking mHealth Apps and APIs on KnightTV with Alissa Valentina Knight
https://youtu.be/GLnhkf3JcL8
# CLOUD PENTEST
Get familiar with Cloud Security fundamentals with Learn to cloud by Gwyneth Peรฑa-Siguenza and Dayspring Johnson
https://learntocloud.guide/#/phase5/README
Hacking the cloud by Nick Frichette an encyclopedia of the techniques that offensive security professionals can use against cloud environments.
https://hackingthe.cloud/
## Cloud Security - Attacks by CyberSecurityUP
https://github.com/CyberSecurityUP/Cloud-Security-Attacks
### Practice with this free lab from Pentester Academy
https://attackdefense.pentesteracademy.com/challengedetailsnoauth?cid=2074
https://attackdefense.pentesteracademy.com/
# ACTIVE DIRECTORY Pentest
## AD Practice
Building an Active Directory Lab by spookysec:
https://blog.spookysec.net/ad-lab-1/
A script to set up a Vulnerable AD Lab by WazeHell
https://github.com/WazeHell/vulnerable-AD
### Collection of various common attack scenarios on Azure Active Directory by Cloud-Architekt:
https://github.com/Cloud-Architekt/AzureAD-Attack-Defense
### A great document full of resources by Julien Provenzano:
https://www.ralfkairos.com/
https://github.com/infosecn1nja/AD-Attack-Defense
### An Active Directory Exploitation Cheat Sheet by Integration-IT
https://github.com/Integration-IT/Active-Directory-Exploitation-Cheat-Sheet
# CTF
HACKTHEBOX, A Massive Hacking Playground; CTF challenges: Fullpwn (based on vulnerable machines), Cryptographic, Forensic, Pwn (based on binary exploitation and memory corruption), Web, Reversing, Cloud cybersecurity (AWS, GCP, and Azure misconfigurations) and Hardware.
https://www.hackthebox.com/
What is CTF in hacking? Tips & CTFs for beginners by HTB.
https://www.hackthebox.com/blog/what-is-ctf
Learn to Hack with Hack The Box: The Beginner's Bible.
https://www.hackthebox.com/blog/learn-to-hack-beginners-bible
Getting Into CTFs As a Web Developer.
https://erichogue.ca/2022/03/GettingIntoCTFsAsADev
## CTFs (Write-Ups and Resources)
https://github.com/ctfs
Rootย Me
https://www.root-me.org
TryHackMe
https://tryhackme.com/
RingZer0 Team Online CTF
https://ringzer0ctf.com/challenges
Cryptopals
https://cryptopals.com/
CTF Time
https://ctftime.org/
### Marcelle Leeโs website reference sheet
https://info.marcellelee.com/
https://drive.google.com/drive/folders/1cfwjm_VqXwAFpFdBnUXkUi0-qT4_cpiJ
https://docs.google.com/spreadsheets/d/1AkczyGQbtabSMbxq1P-c7u3NSXlmXqqv3cDoVpTlSoM/edit#gid=0
# PURPLE TEAM
###
The Difference Between Red, Blue, and Purple Teams (By Daniel Miessler)
https://danielmiessler.com/study/red-blue-purple-teams/
Purple Teaming for Dummies
https://www.attackiq.com/lp/purple-teaming-for-dummies/
Purple Team Resources for Enterprise Purple Teaming: An Exploratory Qualitative Study by Xena Olsen.
https://github.com/ch33r10/EnterprisePurpleTeaming
## PURPLE TEAMING: Practice & Tips
Purple Team Exercise Framework
https://github.com/scythe-io/purple-team-exercise-framework/blob/master/PTEFv2.md
Actionable Purple Teaming: Why and How You Can (and Should) Go Purple
https://www.scythe.io/library/actionable-purple-teaming-why-and-how-you-can-and-should-go-purple
https://www.scythe.io/ptef
## TOOLS:
Bloodhound for Blue and Purple Teams.
https://github.com/PlumHound/PlumHound
PurpleSharp is a C# adversary simulation tool that executes adversary techniques with the purpose of generating attack telemetry in monitored Windows environments.
https://github.com/mvelazc0/PurpleSharp
# CYBER FUN
##
๐ ๐ ๐ผ๐๐ถ๐ฒ๐
###
๐ A list of movies on Movies for Hackers by hackermovie club
https://hackermovie.club/
๐ The Complete List of Hacker And Cybersecurity Movies by Cybercrime Magazine
https://cybersecurityventures.com/movies-about-cybersecurity-and-hacking/
https://www.linkedin.com/company/cybercrime-magazine/
๐ Knight TV+
https://www.youtube.com/@knighttvplus
๐ ๐๐ถ๐ฐ๐๐ถ๐ผ๐ป
###
๐ Hacker stories on Wattpad by various authors
https://www.wattpad.com/stories/hacker
๐ ๐ ๐๐๐ถ๐ฐ
###
๐ The SOC Analyst playlist by LetsDefend
https://open.spotify.com/playlist/0G35948whLbeCBjHjIAIES
https://www.linkedin.com/company/letsdefend/
๐ INE Study room RnB playlist
https://open.spotify.com/playlist/571cQb5ZfmV5eHzCmCSHNG
๐ API Security playlist by 12135211372
https://open.spotify.com/playlist/7A6TsA3cKxxY253dPHlkcO
๐ INE Study Room Classical playlist
https://open.spotify.com/playlist/6Q5UNkiJLFQcBS8FnLE41A
๐ Cyber Apocalypse 2021 by Kamil Gierach-Pacanek
https://open.spotify.com/playlist/3LfUN18cfrleZN5SlNWY6S
๐ ./Hacking by fi3nds2
https://open.spotify.com/playlist/66sn9JCqts84k196NAhNS3
๐ Coding / Hacking Music by Mark Tey
https://open.spotify.com/playlist/7KnyNJbKMJawssU93kUhLE
๐ Coding Programming Hacking Slashing by Techno Tim
https://open.spotify.com/playlist/5SgJR30RfzR5hO21TsQhBp
๐ Hacking by Edwin Finch
https://open.spotify.com/playlist/5R8erMpe2s3IcbxEGhBih4
๐ ๐๐ผ๐บ๐ถ๐ฐ๐
###
๐ Best Female Super Genius / Computer Hacker / Vigilante
https://comicvine.gamespot.com/profile/megawubba/lists/best-female-super-geniuscomputer-hackervigilante/58810/
๐ The Ella Project - The Big Hack
https://www.theellaproject.com/thebighack
๐ Planet Heidi
http://www.planetheidi.com/
๐ Hackers Super heroes of the digital Age by vrncomics. Get your copy of issue #1 for free here:
https://www.vrncomics.com/
###
๐จ๐จ ๐๐๐๐๐!๐จ๐จ
Do you know other resources?
###
* Compiled from the differents latest posts from Gabrielle B ๐
https://github.com/CSbyGB