Offensive Security Content and Information

Recently I started to prepare for offensive security certification and collect information, At least, for now, the amount of data and knowledge database is completely psychotic, and you can get lost among all the information.

So this is only a part of the content that includes links to the blogs, labs, forums, and etceteras.

Security Methodologies

• http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html
• http://www.pentest-standard.org/index.php/Main_Page
• https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
• http://yehg.net/lab/pr0js/misc/wasarg_owasp-tgv4_with_ref.php
• http://projects.webappsec.org/w/page/13246927/FrontPage

Training and Classes Video

• https://www.cybrary.it/cyber-security/
• http://www.irongeek.com/i.php?page=videos/aide-winter-2011
• https://lab.pentestit.ru/pentestlabs/3
• http://smashthestack.org/
• http://ctf.hcesperer.org/
• https://crypto.stanford.edu/cs155/
• https://www.offensive-security.com/metasploit-unleashed/
• http://www.irongeek.com/i.php?page=videos/metasploit-class
• http://www.securitytube.net/
• http://resources.infosecinstitute.com/
• https://www.cs.fsu.edu/~redwood/OffensiveSecurity/lectures.html
• http://www.securitytube.net/video/7640
• https://www.youtube.com/watch?v=y2zrEAwmdws
• http://www.securitytube.net/video/7735

Pentest

• https://github.com/sbilly/awesome-security
• https://github.com/paragonie/awesome-appsec
• https://github.com/enaqx/awesome-pentest
• https://github.com/kahun/awesome-sysadmin#security
• http://beefproject.com/
• https://xsser.03c8.net/
• https://code.google.com/p/fuzzdb/
• https://www.owasp.org/index.php/Category:OWASP_Fuzzing_Code_Database#tab=Statements
• http://w3af.org/
• https://code.google.com/p/skipfish/
• https://www.sans.org/reading-room/whitepapers/testing/fuzzing-approach-credentials-discovery-burp-intruder-33214
• https://www.securityninja.co.uk/hacking/burp-suite-tutorial-the-intruder-tool/
• http://www.justanotherhacker.com/projects/graudit.html
• https://packetstormsecurity.com/files/tags/tool

Pentest Lab

• http://www.amanhardikar.com/mindmaps/PracticeUrls.html
• https://www.kali.org/
• https://www.owasp.org/index.php/OWASP_Web_Testing_Environment_Project
• http://blackarch.org/
• https://code.google.com/p/owaspbwa/
• https://www.mavensecurity.com/web_security_dojo/
• http://www.bonsai-sec.com/en/research/moth.php
• http://sourceforge.net/projects/metasploitable/files/Metasploitable2/
• http://sourceforge.net/projects/lampsecurity/?source=navbar
• https://www.hacking-lab.com/index.html
• http://sourceforge.net/projects/virtualhacking/files/
• http://www.irongeek.com/
• http://www.dvwa.co.uk/
• http://sourceforge.net/projects/thebutterflytmp/
• http://magikh0e.ihtb.org/pubPapers/

Metasploit

• http://resources.metasploit.com/
• http://netsec.ws/?p=262
• http://seclists.org/metasploit/
• https://www.offensive-security.com/metasploit-unleashed/Introduction/
• http://www.offensive-security.com/metasploit-unleashed/Msfvenom

Net Scanners

• https://nmap.org/nsedoc/
• http://www.securitytube.net/video/931
• http://www.openvas.org/
• http://www.tenable.com/products/nessus-vulnerability-scanner
• https://www.rapid7.com/products/nexpose/compare-downloads.jsp
• http://www.inguardians.com/research/docs/Skoudis_pentestsecrets.pdf

MITM Attack

• http://www.linuxsecurity.com/docs/PDF/dsniff-n-mirror.pdf
• http://media.techtarget.com/searchUnifiedCommunications/downloads/Seven_Deadliest_UC_Attacks_Ch3.pdf
• https://packetstormsecurity.com/papers/wireless/cracking-air.pdf
• https://www.blackhat.com/presentations/bh-europe-03/bh-europe-03-valleri.pdf
• https://www.defcon.org/images/defcon-17/dc-17-presentations/defcon-17-sam_bowne-hijacking_web_2.0.pdf
• http://www.leetupload.com/database/Misc/Papers/Asta%20la%20Vista/18.Ettercap_Spoof.pdf
• http://bandwidthco.com/nf.html
• http://articles.manugarg.com/arp_spoofing.pdf
• http://academy.delmar.edu/Courses/ITSY2430/eBooks/Ettercap(ManInTheMiddleAttack-tool).pdf
• http://www.ucci.it/docs/ICTSecurity-2004-26.pdf

Phase 1 – Reconnaissance

• https://en.wikipedia.org/wiki/Open-source_intelligence
• http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-part-1-social-networks/
• http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-%E2%80%93-part-2-blogs-message-boards-and-metadata/
• http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-part-3-monitoring/
• http://www.slideshare.net/Laramies/tactical-information-gathering
• http://www.infond.fr/2010/05/toturial-footprinting.html

Phase 2 – Enumeration

• https://bitvijays.github.io/blog/2015/04/09/learning-from-the-field-intelligence-gathering/
• http://securitysynapse.blogspot.be/2013_08_01_archive.html
• https://hackertarget.com/attacking-wordpress/
• https://code.google.com/p/pentest-bookmarks/wiki/BookmarksList
• http://www.0daysecurity.com/penetration-testing/enumeration.html
• https://github.com/n3ko1/WrapMap
• https://cirt.net/Nikto2
• http://www.unixmen.com/install-nikto-web-scanner-check-vulnerabilities/
• http://seclist.us/autoenum-nmap-enumeration-and-script-scan-automation-script.html
• http://code.stephenmorley.org/articles/xampp-version-history-apache-mysql-php/
• http://carnal0wnage.attackresearch.com/2007/07/over-in-lso-chat-we-were-talking-about.html
• http://www.iodigitalsec.com/windows-null-session-enumeration/
• https://pen-testing.sans.org/blog/2013/07/24/plundering-windows-account-info-via-authenticated-smb-sessions
• http://carnal0wnage.attackresearch.com/2007/07/enumerating-user-accounts-on-linux-and.html
• https://github.com/isaudits/autoenum
• http://www.webpronews.com/snmp-enumeration-and-hacking-2003-09
• http://carnal0wnage.attackresearch.com/2007/07/over-in-lso-chat-we-were-talking-about.html
• http://www.iodigitalsec.com/windows-null-session-enumeration/

Phase 3 – Exploitation

• http://pwnwiki.io
• http://download.vulnhub.com/pentesterlab/php_include_and_post_exploitation.pdf
• http://ru.scribd.com/doc/245679444/hak5-org-OSXPost-Exploitation-copy-20130228-pdf#scribd
• https://cyberwar.nl/d/hak5.org_LinuxUnixBSDPost-ExploitationCommandList_copy-20130228.pdf
• https://www.yumpu.com/en/document/view/14963680/from-sqli-to-shell

Security Forums

• http://securityoverride.org/forum/index.php
• https://www.hackthissite.org/forums/index.php
• https://forum.xeksec.com/
• https://rdot.org/forum/
• https://rstforums.com/forum/
• http://www.truehackers.ru/forum/index.php
• http://garage4hackers.com/forum.php
• https://www.hellboundhackers.org/
• http://www.lockpicking101.com/

More to come and many other update and information later this week.