# eJPT References ## Introduction * [The Conscience of a Hacker](http://phrack.org/issues/7/3.html) * [Wireshark](https://www.wireshark.org) * [Learn Wireshark](https://www.wireshark.org/#learnWS) * [Binary Hex Converters](https://www.binaryhexconverter.com) ## Networking * [IP Header](https://www.guru99.com/ip-header.html) * [TCP/IP Model Stack - Layers & Protocols](https://www.guru99.com/tcp-ip-model.html) * [TCP/IP Model](https://learning.mlytics.com/the-internet/what-is-the-tcp-ip-model/) * [ISO/OSI Model](https://www.guru99.com/layers-of-osi-model.html) * [TCP/IP vs OSI Model](https://www.guru99.com/difference-tcp-ip-vs-osi-model.html) * [Windows Network Architecture and the OSI Model](https://docs.microsoft.com/en-US/windows-hardware/drivers/network/windows-network-architecture-and-the-osi-model) * [IPv4 vs IPv6](https://www.guru99.com/difference-ipv4-vs-ipv6.html) * [Online IP Subnet Calculator](https://www.calculator.net/ip-subnet-calculator.html) * [IPv6 address](https://internetofthingsagenda.techtarget.com/definition/IPv6-address) * [IPv6 Explained for Beginners](http://www.steves-internet-guide.com/ipv6-guide/) * [How to find IPv6 Prefix](https://networklessons.com/ipv6/how-to-find-ipv6-prefix/) * [IPv6 Subnet Calculator](https://www.vultr.com/resources/subnet-calculator-ipv6/) * [Basic Computer Networking](https://www.guru99.com/basic-computer-network.html) * [IP Routing](https://www.guru99.com/ip-routing.html) * [Router vs Switch](https://www.guru99.com/router-vs-switch-difference.html) * [Layer 2-3 Switching](https://www.guru99.com/layer-3-layer-2-switch.html) * [ARP](https://www.guru99.com/address-resolution-protocol.html) * [TCP vs UDP](https://www.guru99.com/tcp-vs-udp-understanding-the-difference.html) * [guru99 - TCP 3-Way Handshake](https://www.guru99.com/tcp-3-way-handshake.html) * [mlytics - TCP 3-Way Handshake](https://learning.mlytics.com/the-internet/tcp-3-way-handshake/) * [Firewall](https://usa.kaspersky.com/resource-center/definitions/firewall) * [Top free Firewall Software](https://www.guru99.com/best-free-firewall.html) * [The 5 types of Firewalls](https://www.techtarget.com/searchsecurity/feature/The-five-different-types-of-firewalls) * [Network design: Firewall - IDS - IPS](https://resources.infosecinstitute.com/topic/network-design-firewall-idsips/) * [IDS vs IPS vs Firewall](https://ipwithease.com/firewall-vs-ips-vs-ids/) * [Firewall vs WAF](https://learning.mlytics.com/cybersecurity/firewall-vs-waf/) * [LinuxSecurity HOWTOs](https://linuxsecurity.com/howtos) * [What is NAT](https://whatismyipaddress.com/nat) * [DNS](https://www.interserver.net/tips/kb/dns-dns-hierarchy/) * [What is DNS - by Cloudflare](https://www.cloudflare.com/learning/dns/what-is-dns/) * [DNS Explained](https://dev.to/blake/dns-explained-hierarchy-and-architecture-18pj) * [DNS Resolution](https://dev.to/blake/dns-explained-resolution-a2i) * [Root name servers](https://www.netnod.se/i-root/what-are-root-name-servers) * [Wireshark Tool](https://www.wireshark.org/) * [Wireshark Docs](https://www.wireshark.org/docs/) * [Wireshark User's Guide](https://www.wireshark.org/docs/wsug_html_chunked/) * [Display filter reference](https://www.wireshark.org/docs/dfref/) ## Web Applications * [WebApp vs WebSite](https://www.guru99.com/difference-web-application-website.html) * [HTTP/1.x](https://hpbn.co/http1x/) * [HTTP Messages](https://developer.mozilla.org/en-US/docs/Web/HTTP/Messages) * [HTTP Headers](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Accept) * [HTTP Request methods](https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/GET) * [HTTP Response status codes](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/200) * [RFC 7231](https://httpwg.org/specs/rfc7231.html) * [HTTP vs HTTPS](https://www.guru99.com/difference-http-vs-https.html) * [High Performance Browser Networking - Book](https://hpbn.co/) * [What is HTTPS](https://www.cloudflare.com/it-it/learning/ssl/what-is-https/) * [TLS - Transport Layer Security](https://hpbn.co/transport-layer-security-tls/) * [netcat Tool](https://linuxize.com/post/netcat-nc-command-with-examples/) * [netcat Cheat Sheet](https://steflan-security.com/netcat-cheat-sheet/) * [Burp Suite - Documentation](https://portswigger.net/burp/documentation/desktop) * [OpenSSL Cookbook](https://www.feistyduck.com/library/openssl-cookbook/online/) * [HTTP Cookies](https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies) * [RFC 6265](https://datatracker.ietf.org/doc/html/rfc6265). * [Set-Cookie header](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie) * [Web Authentication - Cookies vs Tokens](https://blog.bitsrc.io/web-authentication-cookies-vs-tokens-8e47d5a96d34) * [Session ID](https://www.seobility.net/en/wiki/Session_ID) * [Session Cookies](https://securiti.ai/blog/session-cookies/) * [Cookies and Session Management](https://www.hackingarticles.in/beginner-guide-understand-cookies-session-management/) * [HTTP Cookies & Sessions - video by HackerSploit](https://www.youtube.com/watch?v=zHBpJA5XfDk) * [SOP](https://developer.mozilla.org/en-US/docs/Web/Security/Same-origin_policy) * [Same Origin Policy - PortSwigger](https://portswigger.net/web-security/cors/same-origin-policy) * [Burp Suite by PortSwigger](https://portswigger.net/burp) * [Burp Suite Tools](https://portswigger.net/burp/documentation/desktop/tools) * [ZAP by OWASP Foundation](https://owasp.org/www-project-zap/) * [What is a Proxy Server](https://www.varonis.com/blog/what-is-a-proxy-server) ## Assessment Methodologies ### Information Gathering * [Passive Information Gathering](https://www.dummies.com/article/academics-the-arts/study-skills-test-prep/comptia-pentestplus/passive-information-gathering-for-pentesting-275726/) * [Wappalyzer](https://www.wappalyzer.com/) * [whois.domaintools.com](https://whois.domaintools.com/) * [netcraft](https://sitereport.netcraft.com/) * [dnslytics.com](https://dnslytics.com/) * [dnsrecon tool](https://github.com/darkoperator/dnsrecon) * [dnsdumpster.com](https://dnsdumpster.com/) * [wafw00f tool](https://github.com/EnableSecurity/wafw00f) * [sublist3r tool](https://github.com/aboul3la/Sublist3r) * [google.com](https://www.google.com/) * [Google Dorks Cheat Sheet](https://hackr.io/blog/google-dorks-cheat-sheet) * [Google Hacking Database](https://www.exploit-db.com/google-hacking-database) * [theHarvester tool](https://github.com/laramies/theHarvester) * [haveibeenpwned.com](https://haveibeenpwned.com/) * [Active Information Gathering](https://www.dummies.com/article/academics-the-arts/study-skills-test-prep/comptia-pentestplus/active-information-gathering-for-pentesting-275736/) * [Ethical Standards](https://pentestlab.blog/2013/01/08/professional-and-ethical-standards/) * [The Pentester's Code of Conduct](https://www.lmgsecurity.com/the-pentesters-code-of-conduct-rules-that-keep-everyone-safe/) * [DNS Records - by Cloudflare](https://www.cloudflare.com/learning/dns/dns-records/) * [ZoneTransfer.me](https://digi.ninja/projects/zonetransferme.php) * [DNS zone transfer and zone file](https://www.cloudns.net/blog/zone-transfer-zone-file-domain-namespace/) * [dig](https://linuxize.com/post/how-to-use-dig-command-to-query-dns-in-linux/) * [dig Command Examples - by Vivek Gite](https://www.cyberciti.biz/faq/linux-unix-dig-command-examples-usage-syntax/) * [fierce](https://github.com/mschwager/fierce) * [nmap](https://nmap.org/) * [Nmap Command Examples - by Vivek Gite](https://www.cyberciti.biz/networking/nmap-command-examples-tutorials/) * [NMap CheatSheet](https://www.stationx.net/nmap-cheat-sheet/) * [Ethical Hacking Footprinting](https://www.geeksforgeeks.org/ethical-hacking-footprinting/) * [fping](https://fping.org/) * [zenmap](https://nmap.org/zenmap/) * [nmap automator](https://github.com/21y4d/nmapAutomator) * [Rustscan](https://github.com/RustScan/RustScan) * [Autorecon](https://github.com/Tib3rius/AutoRecon) ### Enumeration * [Enumeration](https://resources.infosecinstitute.com/topic/what-is-enumeration/) * [SMB Enum](https://www.hackingarticles.in/a-little-guide-to-smb-enumeration/) * [nmap Scripts](https://nmap.org/nsedoc/scripts/) * [smbmap](https://github.com/ShawnDEvans/smbmap) * [smbclient](https://www.samba.org/samba/docs/current/man-html/smbclient.1.html) * [Metasploit](https://www.metasploit.com/) * [msfconsole](https://www.offensive-security.com/metasploit-unleashed/msfconsole/) * [rpcclient](https://www.samba.org/samba/docs/current/man-html/rpcclient.1.html) * [enum4linux](https://github.com/CiscoCXSecurity/enum4linux) * [SMB named pipes](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-wpo/4de75e21-36fd-440a-859b-75accc74487c) * [smtp-user-enum](https://pentestmonkey.net/tools/user-enumeration/smtp-user-enum) * [hydra](https://github.com/vanhauser-thc/thc-hydra) * [Passwords word lists](https://www.kali.org/tools/wordlists/) * [FTP Enum](https://www.hackingarticles.in/ftp-penetration-testing-on-ubuntu-port-21/) * [FTP Windows Enum](https://www.hackingarticles.in/ftp-penetration-testing-windows/) * [ftp command](https://linux.die.net/man/1/ftp) * [SSH Enum](https://www.hackingarticles.in/ssh-penetration-testing-port-22/) * [nc/netcat](https://docs.oracle.com/cd/E36784_01/html/E36870/netcat-1.html) * [ssh](https://www.geeksforgeeks.org/ssh-command-in-linux-with-examples/) * [What is HTTP?](https://www.cloudflare.com/learning/ddos/glossary/hypertext-transfer-protocol-http/) * [httpie](https://httpie.io/) * [dirb](https://www.kali.org/tools/dirb/) * [browsh](https://github.com/browsh-org/browsh) * [curl](https://curl.se/) * [whatweb](https://github.com/urbanadventurer/WhatWeb) * [What is MySQL?](https://dev.mysql.com/doc/refman/8.0/en/what-is-mysql.html) * [MySQL Enum](https://www.hackingarticles.in/mysql-penetration-testing-nmap/) * [mysql](https://dev.mysql.com/doc/refman/8.0/en/mysql.html) ### Vulnerability Assessment & Auditing * [Vulnerability](https://csrc.nist.gov/glossary/term/vulnerability) * [NIST - NVD](https://nvd.nist.gov/general) * [CVEs & NVD Process](https://nvd.nist.gov/general/cve-process) * [Zero-Day](https://www.crowdstrike.com/cybersecurity-101/zero-day-exploit/) * [Vulnerability Assessment](https://csrc.nist.gov/glossary/term/vulnerability_assessment) * [exploit-db.com](https://www.exploit-db.com/) * [searchsploit](https://www.exploit-db.com/searchsploit) * [What is Cybersecurity? - IBM](https://www.ibm.com/topics/cybersecurity) * [PII](https://www.investopedia.com/terms/p/personally-identifiable-information-pii.asp) * [CIA Triad](https://www.fortinet.com/resources/cyberglossary/cia-triad) * [Defense in Depth](https://www.cyberark.com/what-is/defense-in-depth/) * [Risk Management](https://www.ibm.com/topics/risk-management) * [Compliance](https://www.celerium.com/cyber-security-compliance-a-comprehensive-guide) * [Cybersec Frameworks](https://www.celerium.com/cybersecurity-frameworks-a-comprehensive-guide) * [Auditing](https://www.auditboard.com/blog/what-is-security-audit/) * [SCAP](https://public.cyber.mil/stigs/scap/) * [OpenSCAP](https://www.open-scap.org/) * [What is a SCAP Scan](https://cingulara.github.io/openrmf-docs/scapscans.html) * [Nessus](https://www.tenable.com/products/nessus) * [Nessus Essentials](https://www.tenable.com/products/nessus/nessus-essentials) ## Host & Network PenTesting ### Windows System Attacks * [Host and Network Based Attacks by Tim DeWeese](https://prezi.com/ytdm9nv2hxya/host-and-network-based-attacks/) * [Microsoft Learn - IIS](https://learn.microsoft.com/en-us/iis/get-started/introduction-to-iis/iis-web-server-overview) * [davtest](https://github.com/cldrn/davtest) * [cadaver](https://github.com/notroj/cadaver) * [msfvenom](https://docs.metasploit.com/docs/using-metasploit/basics/how-to-use-msfvenom.html) * [Microsoft Learn - SMB](https://learn.microsoft.com/en-us/windows-server/storage/file-server/file-server-smb-overview) * [PsExec](https://learn.microsoft.com/en-us/sysinternals/downloads/psexec) * [impacket-scripts](https://www.kali.org/tools/impacket-scripts/) * [PsExec.py Linux](https://github.com/fortra/impacket/blob/master/examples/psexec.py) * [CVE-2017-0143 - EternalBlue](https://nvd.nist.gov/vuln/detail/CVE-2017-0143) * [AutoBlue-MS17-010](https://github.com/3ndG4me/AutoBlue-MS17-010) * [Microsoft Learn - RDP](https://learn.microsoft.com/en-us/troubleshoot/windows-server/remote/understanding-remote-desktop-protocol) * [How to Exploit the BlueKeep Vulnerability with Metasploit - Pentest-Tools](https://pentest-tools.com/blog/bluekeep-exploit-metasploit) * [Bluekeep CVE-2019–0708 Metasploit Module on Windows 7](https://alexandrevvo.medium.com/testing-bluekeep-cve-2019-0708-metasploit-module-on-windows-7-ef3f28217b7b) * [Microsoft Learn - WinRM](https://learn.microsoft.com/en-us/windows/win32/winrm/portal) * [CrackMapExec](https://github.com/Porchetta-Industries/CrackMapExec) * [evil-winrm](https://github.com/Hackplayers/evil-winrm) * [Privilege Escalation - Windows Kernel Exploits](https://pentestlab.blog/2017/04/24/windows-kernel-exploits/) * [windows-kernel-exploits](https://github.com/SecWiki/windows-kernel-exploits) * [Windows-Exploit-Suggester](https://github.com/AonCyberLabs/Windows-Exploit-Suggester) * [Windows Privilege Escalation - Resources - S1REN](https://sirensecurity.io/blog/windows-privilege-escalation-resources/) * [Microsoft Learn - UAC](https://learn.microsoft.com/en-us/windows/security/identity-protection/user-account-control/user-account-control-overview) * [UACMe](https://github.com/hfiref0x/UACME) * [Microsoft Learn - Access Tokens](https://learn.microsoft.com/en-us/windows/win32/secauthz/access-tokens) * [Access Tokens - HackTricks](https://book.hacktricks.xyz/windows-hardening/windows-local-privilege-escalation/access-tokens) * [Abusing Tokens - HackTricks](https://book.hacktricks.xyz/windows-hardening/windows-local-privilege-escalation/privilege-escalation-abusing-tokens) * [Understanding Impersonation via Access Tokens](https://medium.com/securebit/understanding-impersonation-via-access-tokens-5e3e5946adb9) * [ADS Alternate Data Streams](https://www.malwarebytes.com/blog/news/2015/07/introduction-to-alternate-data-streams) * [SAM Database](https://www.windows-active-directory.com/windows-security-account-manager.html) * [LSA](https://learn.microsoft.com/en-us/windows/win32/secauthn/lsa-authentication) * [LSA protection by default in Windows Canary build - 2023](https://www.bleepingcomputer.com/news/microsoft/microsoft-enables-lsa-protection-by-default-in-windows-canary-build/) * [Windows authentication attacks - part 1 - RedForge](https://blog.redforce.io/windows-authentication-and-attacks-part-1-ntlm/) * [LM, NTLM, Net-NTLMv2, oh my!](https://medium.com/@petergombos/lm-ntlm-net-ntlmv2-oh-my-a9b235c58ed4) * [mimikatz](https://github.com/gentilkiwi/mimikatz) * [Pass-the-hash](https://www.crowdstrike.com/cybersecurity-101/pass-the-hash/) * [Alternative ways to Pass the Hash](https://www.n00py.io/2020/12/alternative-ways-to-pass-the-hash-pth/) ### Linux System Attacks * [Linux and GNU](https://www.gnu.org/gnu/linux-and-gnu.en.html) * [Apache Web Server](https://httpd.apache.org/) * [CVE-2014-6271 - ShellShock](https://nvd.nist.gov/vuln/detail/CVE-2014-6271) * [Shellshock exploit + vulnerable environment](https://github.com/opsxcq/exploit-CVE-2014-6271) * [Linux Privilege Escalation: Linux kernel / distribution exploits](https://infosecwriteups.com/linux-privilege-escalation-linux-kernel-distribution-exploits-you-should-now-about-1c46152d133d) * [linux-kernel-exploitation links](https://github.com/xairy/linux-kernel-exploitation) * [linux-exploit-suggester](https://github.com/The-Z-Labs/linux-exploit-suggester) * [Basic Linux Privilege Escalation](https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/) * [Linux Privilege Escalation - Resources - S1REN](https://sirensecurity.io/blog/linux-privilege-escalation-resources/) * [Cron Jobs](https://www.hostinger.com/tutorials/cron-job) * [Crontab Editor](https://crontab.guru/) * [SUID](https://www.redhat.com/sysadmin/suid-sgid-sticky-bit) * [euid-ruid-suid - HackTricks](https://book.hacktricks.xyz/linux-hardening/privilege-escalation/euid-ruid-suid) * [Understanding /etc/shadow file format on Linux](https://www.cyberciti.biz/faq/understanding-etcshadow-file/) * [Creating yescrypt, MD5, SHA-256, and SHA-512 Password Hashes](https://www.baeldung.com/linux/shadow-passwords) * [yescrypt](https://www.openwall.com/yescrypt/) ### Network Attacks * [Man in the Middle (MITM) Attacks](https://www.rapid7.com/fundamentals/man-in-the-middle-attacks/) * [What is MITM](https://www.crowdstrike.com/cybersecurity-101/man-in-the-middle-mitm-attacks/) * [tshark](https://tshark.dev/) * [arpspoof](https://www.kali.org/tools/dsniff/#arpspoof) * [WiFi - 802.11 Frame Types and Formats](https://howiwifi.com/2020/07/13/802-11-frame-types-and-formats/) ### Metasploit * [Metasploit Framework](https://www.metasploit.com/) * [Metasploit Documentation](https://docs.metasploit.com/) * [Architecture](https://www.offsec.com/metasploit-unleashed/metasploit-architecture/) * [Modules](https://www.offsec.com/metasploit-unleashed/modules-and-locations/) * [Payloads](https://www.offsec.com/metasploit-unleashed/payloads/) * [MSFConsole](https://www.offsec.com/metasploit-unleashed/msfconsole/) * [Workspaces](https://docs.rapid7.com/metasploit/managing-workspaces/) * [Database Usage](https://www.offsec.com/metasploit-unleashed/using-databases/) * [Port Scanning](https://www.offsec.com/metasploit-unleashed/port-scanning/) * [Nessus - Import](https://www.offsec.com/metasploit-unleashed/working-with-nessus/) * [WMAP](https://www.offsec.com/metasploit-unleashed/wmap-web-scanner/) * [Client-Side Attacks](https://www.offsec.com/metasploit-unleashed/client-side-attacks/) * [Types of client side attacks](https://www.geeksforgeeks.org/types-of-client-side-attacks/) * [Msfvenom](https://www.offsec.com/metasploit-unleashed/msfvenom/) * [Python HTTP Server](https://www.digitalocean.com/community/tutorials/python-simplehttpserver-http-server) * [How to use MSFvenom](https://docs.metasploit.com/docs/using-metasploit/basics/how-to-use-msfvenom.html) * [Writing Resource Scripts](https://www.offsec.com/metasploit-unleashed/writing-meterpreter-scripts/) * [Exploits](https://www.offsec.com/metasploit-unleashed/exploits/) * [Post Exploitation](https://www.offsec.com/metasploit-unleashed/msf-post-exploitation/) * [Meterpreter](https://www.offsec.com/metasploit-unleashed/about-meterpreter/) * [Privilege Escalation](https://www.offsec.com/metasploit-unleashed/privilege-escalation/) * [Incognito](https://www.offsec.com/metasploit-unleashed/fun-incognito/) * [PSExec Pass-the-hash](https://www.offsec.com/metasploit-unleashed/psexec-pass-hash/) * [Enabling RDP](https://www.offsec.com/metasploit-unleashed/enabling-remote-desktop/) * [Pivoting](https://www.offsec.com/metasploit-unleashed/pivoting/) * [Keylogging](https://www.offsec.com/metasploit-unleashed/keylogging/) * [Metasploit in Kali Linux](https://www.kali.org/docs/tools/starting-metasploit-framework-in-kali/) * [Metasploit Unleashed – Free Ethical Hacking Course by OffSec](https://www.offsec.com/metasploit-unleashed/) * [Armitage GUI](https://github.com/r00t0v3rr1d3/armitage) * [Armitage](https://www.offsec.com/metasploit-unleashed/armitage/) * [PTES](http://www.pentest-standard.org/index.php/Main_Page) * [Guide to Modern Penetration Testing - Infopulse](https://www.infopulse.com/blog/guide-to-modern-penetration-testing-part-2-fifty-shades-of-grey-box) * [MSF Installer](https://docs.metasploit.com/docs/using-metasploit/getting-started/nightly-installers.html) * [How to Use Metasploit in Kali Linux + Metasploitable3](https://www.stationx.net/how-to-use-metasploit-in-kali-linux/) * [Metasploitable3 - rapid7 Github](https://github.com/rapid7/metasploitable3) * [Shikata Ga Nai Encoder Still Going Strong - Mandiant](https://www.mandiant.com/resources/blog/shikata-ga-nai-encoder-still-going-strong) * [Haraka](https://haraka.github.io/) * [Methods Used by Linux for Hashing Passwords](https://www.baeldung.com/linux/hashing-methods-password) ## Exploitation * [Exploitation PTES](http://www.pentest-standard.org/index.php/Exploitation) * [Banner Grabbing](https://cyberexperts.com/encyclopedia/banner-grabbing/) * [Nmap Scripting Engine](https://nmap.org/book/nse) * [exploit-db.com](https://www.exploit-db.com/) * [Dorks - Google Hacking Database](https://www.exploit-db.com/google-hacking-database) * [Rapid7 db](https://www.rapid7.com/db/) * [Searchsploit](https://www.exploit-db.com/searchsploit) * [Cross Compile to Win from Linux](https://www.crossmeta.io/mingw32-cross-compile-to-windows-from-linux/) * [MinGW-w64](https://www.mingw-w64.org/) * [ExploitDB bin-sploits](https://github.com/offensive-security/exploitdb-bin-sploits) ### Shells * [Shells - HackTricks](https://book.hacktricks.xyz/generic-methodologies-and-resources/shells) * [Bind & Reverse Shells - Hacking with Netcat](https://www.hackingtutorials.org/networking/hacking-netcat-part-2-bind-reverse-shells/) * [PayloadsAllTheThings - Reverse Shell Cheatsheet](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md) * [Reverse Shell Generator](https://www.revshells.com/) * [Reverse Shells - 0xffsec](https://0xffsec.com/handbook/shells/reverse-shells/) * [Reverse-shell via Windows one-liner](https://www.hackingarticles.in/get-reverse-shell-via-windows-one-liner/) * [PowerShell-Empire](https://github.com/BC-SECURITY/Empire) ### Defense Evasion * [Metasploitable2](https://docs.rapid7.com/metasploit/metasploitable-2/) * [Metasploitable3](https://github.com/rapid7/metasploitable3) * [What is Defense Evasion - Huntress](https://www.huntress.com/blog/what-is-defense-evasion) * [Defense Evasion - MITRE ATT\&CK](https://attack.mitre.org/tactics/TA0005/) * [Antivirus Detection Methods](https://zeltser.com/how-antivirus-software-works/) * [Shellter](https://www.shellterproject.com/introducing-shellter/) * [Invoke-Obfuscation](https://github.com/danielbohannon/Invoke-Obfuscation) ## Post Exploitation * [Post-Exploitation](http://www.pentest-standard.org/index.php/Post_Exploitation) * [Ignitetechnologies/Privilege-Escalation](https://github.com/Ignitetechnologies/Privilege-Escalation) * [PayloadsAllTheThings - Windows - Privilege Escalation](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Windows%20-%20Privilege%20Escalation.md) * [PayloadsAllTheThings - Linux - Privilege Escalation](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Linux%20-%20Privilege%20Escalation.md) * [PEASS-ng](https://github.com/carlospolop/PEASS-ng) * [winPEAS](https://github.com/carlospolop/PEASS-ng/tree/master/winPEAS) * [linPEAS](https://github.com/carlospolop/PEASS-ng/tree/master/linPEAS) * [JAWS - Just Another Windows (Enum) Script](https://github.com/411Hall/JAWS) * [LinEnum - rebootuser](https://github.com/rebootuser/LinEnum) * [Python3 - http.server](https://docs.python.org/3/library/http.server.html) * [tmux](https://github.com/tmux/tmux/) ### TTY Shells * [Full TTY Shells - HackTricks](https://book.hacktricks.xyz/generic-methodologies-and-resources/shells/full-ttys) * [Fully Interactive TTYs - 0xffsec](https://0xffsec.com/handbook/shells/full-tty/) * [stty](https://man7.org/linux/man-pages/man1/stty.1.html) ### Privilege Escalation * [PrivescCheck](https://github.com/itm4n/PrivescCheck) * [Linux Privilege Escalation Guide(Updated For 2023 - by Rashid-Feroze](https://payatu.com/blog/a-guide-to-linux-privilege-escalation/) * [Linux Privilege Escalation using SUID Binaries](https://www.hackingarticles.in/linux-privilege-escalation-using-suid-binaries/) * [FallOfSudo](https://github.com/CyberOne-TeamARES/FallOfSudo) * [GTFOBins](https://gtfobins.github.io/) ### Persistence * [Persistence - MITRE ATT\&CK](https://attack.mitre.org/tactics/TA0003/) * [Enabling Remote Desktop - OffSec](https://www.offsec.com/metasploit-unleashed/enabling-remote-desktop/) * [SSH Penetration Testing](https://www.hackingarticles.in/ssh-penetration-testing-port-22/) * [Scheduled Task/Job - MITRE ATT\&CK](https://attack.mitre.org/techniques/T1053/) ### Cracking Hashes * [John The Ripper](https://github.com/openwall/john) * [Hashcat](https://hashcat.net/hashcat/) ### Pivoting * [Pivoting](https://www.offsec.com/metasploit-unleashed/pivoting/) ## Social Engineering * [What is Social Engineering?](https://www.kaspersky.com/resource-center/definitions/what-is-social-engineering) * [FBI IC3 Releases 2022 Internet Crime Report](https://octillolaw.com/insights/fbi-ic3-releases-2022-internet-crime-report) * [Trendmicro Security 101: Business Email Compromise (BEC) Schemes](https://www.trendmicro.com/vinfo/fr/security/news/cybercrime-and-digital-threats/business-email-compromise-bec-schemes) * [CEO Fraud Attacks - KnowBe4](https://www.knowbe4.com/ceo-fraud) * [NIST SP 800-115 - Technical Guide to Information Security Testing and Assessment](https://csrc.nist.gov/publications/detail/sp/800-115/final) * [Social Engineering Penetration Testing: Attacks, Methods, & Steps - Purplesec.us](https://purplesec.us/social-engineering-penetration-testing/) * [Gophish](https://getgophish.com/) * [Creating the Gophish Demo](https://getgophish.com/blog/post/2019-01-04-creating-the-gophish-demo-part-one/) ## Web App PenTesting * [OWASP TOP 10](https://owasp.org/www-project-top-ten/) * [SQL Injection - OWASP](https://owasp.org/www-community/attacks/SQL_Injection) * [What is a SQLi? - PortSwigger](https://portswigger.net/web-security/sql-injection) * [SQLi CheatSheet - PortSwigger](https://portswigger.net/web-security/sql-injection/cheat-sheet) * [XSS - OWASP](https://owasp.org/www-community/attacks/xss/) * [How does XSS Work? - PortSwigger](https://portswigger.net/web-security/cross-site-scripting) * [XSS Cheatsheet - PortSwigger](https://portswigger.net/web-security/cross-site-scripting/cheat-sheet) * [PortSwigger Web Security Academy](https://portswigger.net/web-security/learning-path) * [HTTP Protocol](https://developer.mozilla.org/en-US/docs/Web/HTTP) * [RFC 9110 - HTTP Semantics](https://httpwg.org/specs/rfc9110.html) ### Vulnerable Web Apps * [bWAPP](http://www.itsecgames.com/) * [Setting Up OWASP bWAPP With Docker - HackerSploit](https://www.youtube.com/watch?v=XMJuNRgPo-0) * [OWASP Juice Shop](https://github.com/juice-shop/juice-shop) * [Damn Vulnerable Web Application (DVWA)](https://github.com/digininja/DVWA) * [Mutillidae II](https://github.com/webpwnized/mutillidae) ### Tools * [Gobuster](https://github.com/OJ/gobuster) * [ffuf](https://github.com/ffuf/ffuf) * [Burp Suite by PortSwigger](https://portswigger.net/burp) * [ZAProxy](https://www.zaproxy.org/) * [Nikto](https://github.com/sullo/nikto) * [SQLMap](https://sqlmap.org/) * [SQLMap Cheatsheet](https://book.hacktricks.xyz/pentesting-web/sql-injection/sqlmap) * [XSSer](https://github.com/epsylon/xsser) * [WPScan](https://github.com/wpscanteam/wpscan) ***