Offensive Security Bookmarks Collection
Haluuu, sudah agak usang aku tidak update artikel pada blog ini, ok oke pada kesempatan kali ini aku akan menciptakan artikel ihwal Offensive Security Bookmark Collection.
Disini aku tidak akan menjelaskan terlalu detail dikarenakan isi content hanya berupa semacam link dengan banyak sekali macam kategori.
Yasudah pribadi ke pada dasarnya aja, berikut beberapa kumpulan link berkaitan ihwal security dan lain sebagainya..
Security Blogs
Security Forums
http://securityoverride.org/forum/index.php
https://www.hackthissite.org/forums/index.php
https://www.ethicalhacker.net/forums/index.php
https://evilzone.org/
http://forum.antichat.ru/
https://forum.xeksec.com/
https://rdot.org/forum/
https://forum.zloy.bz/
https://forum.reverse4you.org/
https://rstforums.com/forum/
http://www.truehackers.ru/forum/index.php
http://garage4hackers.com/forum.php
https://www.hellboundhackers.org/
http://www.lockpicking101.com/
https://www.xploitworld.com/index.php
Tor Onion Links
Security Methodologies
http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html
http://www.pentest-standard.org/index.php/Main_Page
https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
http://yehg.net/lab/pr0js/misc/wasarg_owasp-tgv4_with_ref.php
http://www.social-engineer.org/
http://projects.webappsec.org/w/page/13246927/FrontPage
Training/Classes/Video
https://exploit-exercises.com
https://www.cybrary.it/cyber-security/
http://www.irongeek.com/i.php?page=videos/aide-winter-2011
https://lab.pentestit.ru/pentestlabs/3
https://trailofbits.github.io/ctf/
http://ctf.forgottensec.com/wiki/?title=Main_Page
http://smashthestack.org/
http://ctf.hcesperer.org/
https://www.google.com/calendar/feeds/noge7b1rg2dg4a8kcm1k68vbjg@group.calendar.google.com/public/basic
https://www.google.com/calendar/embed?src=pe2ikdbe6b841od6e26ato0asc@group.calendar.google.com&gsessionid=OK
https://crypto.stanford.edu/cs155/
https://www.offensive-security.com/metasploit-unleashed/
http://www.irongeek.com/i.php?page=videos/metasploit-class
http://www.securitytube.net/
http://resources.infosecinstitute.com/
https://www.cs.fsu.edu/ redwood/OffensiveSecurity/lectures.html
https://www.youtube.com/watch?v=ANlROJNWtCs&list=PLM0IiVYClP2vC3A6Uz_ESV86kBVYei5qx
https://www.youtube.com/watch?v=Sye3mu-EoTI
https://www.youtube.com/watch?v=GPjcSxyIIUc
https://www.youtube.com/watch?v=kPxavpgos2I
https://www.youtube.com/watch?v=pnqcHU2qFiA
http://www.securitytube.net/video/7640
https://www.youtube.com/watch?v=y2zrEAwmdws
http://www.securitytube.net/video/7735
Pentest Tools
https://github.com/pwnwiki/pwnwiki.github.io
https://github.com/sbilly/awesome-security
https://github.com/paragonie/awesome-appsec
https://github.com/enaqx/awesome-pentest
https://github.com/kahun/awesome-sysadmin#security
http://beefproject.com/
https://xsser.03c8.net/
https://code.google.com/p/fuzzdb/
https://www.owasp.org/index.php/Category:OWASP_Fuzzing_Code_Database#tab=Statements
http://w3af.org/
https://code.google.com/p/skipfish/
https://www.sans.org/reading-room/whitepapers/testing/fuzzing-approach-credentials-discovery-burp-intruder-33214
https://www.securityninja.co.uk/hacking/burp-suite-tutorial-the-intruder-tool/
http://www.justanotherhacker.com/projects/graudit.html
https://packetstormsecurity.com/files/tags/tool
Pentest Lab ISO-VMs
http://www.amanhardikar.com/mindmaps/PracticeUrls.html
https://www.kali.org/
https://www.owasp.org/index.php/OWASP_Web_Testing_Environment_Project
http://blackarch.org/
https://code.google.com/p/owaspbwa/
https://www.mavensecurity.com/web_security_dojo/
http://hackingdojo.com/dojo-media/
http://informatica.uv.es/ carlos/docencia/netinvm/
http://www.bonsai-sec.com/en/research/moth.php
http://sourceforge.net/projects/metasploitable/files/Metasploitable2/
http://sourceforge.net/projects/lampsecurity/?source=navbar
https://www.hacking-lab.com/index.html
http://sourceforge.net/projects/virtualhacking/files/
http://www.irongeek.com/i.php?page=mutillidae/mutillidae-deliberately-vulnerable-php-owasp-top-10
http://www.dvwa.co.uk/
http://sourceforge.net/projects/thebutterflytmp/
http://magikh0e.ihtb.org/pubPapers/
Metasploit
http://resources.metasploit.com/
http://netsec.ws/?p=262
http://seclists.org/metasploit/
https://www.offensive-security.com/metasploit-unleashed/Introduction/
http://www.offensive-security.com/metasploit-unleashed/Msfvenom
https://community.rapid7.com/community/metasploit/
http://www.securitytube.net/video/711?q=METASPLOIT
https://en.wikibooks.org/wiki/Metasploit
https://www.sans.org/security-resources/sec560/misc_tools_sheet_v1.pdf
http://rmccurdy.com/scripts/Metasploit%20meterpreter%20cheat%20sheet%20reference.html
https://github.com/rapid7/metasploit-framework/wiki/Meterpreter
https://www.blackhat.com/presentations/bh-dc-10/Egypt/BlackHat-DC-2010-Egypt-UAV-slides.pdf
Net Scanners
https://nmap.org/
https://nmap.org/nsedoc/
http://www.securitytube.net/video/931
https://nmap.org/nsedoc/
http://www.openvas.org/
http://www.tenable.com/products/nessus-vulnerability-scanner
https://www.rapid7.com/products/nexpose/compare-downloads.jsp
http://www.inguardians.com/research/docs/Skoudis_pentestsecrets.pdf
Man-in-the-middle attack
http://www.linuxsecurity.com/docs/PDF/dsniff-n-mirror.pdf
http://media.techtarget.com/searchUnifiedCommunications/downloads/Seven_Deadliest_UC_Attacks_Ch3.pdf
https://packetstormsecurity.com/papers/wireless/cracking-air.pdf
https://www.blackhat.com/presentations/bh-europe-03/bh-europe-03-valleri.pdf
https://www.defcon.org/images/defcon-17/dc-17-presentations/defcon-17-sam_bowne-hijacking_web_2.0.pdf
http://www.leetupload.com/database/Misc/Papers/Asta%20la%20Vista/18.Ettercap_Spoof.pdf
http://bandwidthco.com/nf.html
http://articles.manugarg.com/arp_spoofing.pdf
http://academy.delmar.edu/Courses/ITSY2430/eBooks/Ettercap(ManInTheMiddleAttack-tool).pdf
http://www.ucci.it/docs/ICTSecurity-2004-26.pdf
Phase 1 - Reconnaissance: Information Gathering before the Attack
https://en.wikipedia.org/wiki/Open-source_intelligence
Phase 1.1 - People and Orginizational
http://www.spokeo.com/
http://www.spoke.com/
https://www.xing.com/
http://www.zoominfo.com/
https://pipl.com/
http://www.zabasearch.com/
http://www.searchbug.com/
http://skipease.com/
http://addictomatic.com/
http://socialmention.com/
http://entitycube.research.microsoft.com/
http://www.yasni.com/
http://www.glassdoor.com/index.htm
https://connect.data.com/
https://searchwww.sec.gov/EDGARFSClient/jsp/EDGAR_MainAccess.jsp
https://www.tineye.com/
http://www.peekyou.com/
Phase 1.2 - Infastructure
http://uptime.netcraft.com/
http://www.shodanhq.com/
http://www.domaintools.com/
http://centralops.net/co/
http://whois.webhosting.info/
https://www.ssllabs.com/ssltest/analyze.html
https://www.exploit-db.com/google-hacking-database/
http://www.my-ip-neighbors.com/
Phase 1.2 - Tools
Phase 2 - Enumeration: Finding Attack Vectors
http://securitysynapse.blogspot.be/2013_08_01_archive.html
https://hackertarget.com/attacking-wordpress/
https://code.google.com/p/pentest-bookmarks/wiki/BookmarksList
http://www.0daysecurity.com/penetration-testing/enumeration.html
https://github.com/n3ko1/WrapMap
https://cirt.net/Nikto2
http://www.unixmen.com/install-nikto-web-scanner-check-vulnerabilities/
http://seclist.us/autoenum-nmap-enumeration-and-script-scan-automation-script.html
http://code.stephenmorley.org/articles/xampp-version-history-apache-mysql-php/
https://carabagimu.blogspot.com/search?q=over-in-lso-chat-we-were-talking-about
http://www.iodigitalsec.com/windows-null-session-enumeration/
https://carabagimu.blogspot.com/search?q=over-in-lso-chat-we-were-talking-about
https://github.com/isaudits/autoenum
http://www.webpronews.com/snmp-enumeration-and-hacking-2003-09
https://carabagimu.blogspot.com/search?q=over-in-lso-chat-we-were-talking-about
http://www.iodigitalsec.com/windows-null-session-enumeration/
https://carabagimu.blogspot.com/search?q=over-in-lso-chat-we-were-talking-about
http://www.madirish.net/59
http://www.enye-sec.org/en/papers/web_vuln-en.txt
Phase 3 - Exploitation: Verifying Security Weaknesses
http://pwnwiki.io
http://download.vulnhub.com/pentesterlab/php_include_and_post_exploitation.pdf
http://ru.scribd.com/doc/245679444/hak5-org-OSXPost-Exploitation-copy-20130228-pdf#scribd
https://cyberwar.nl/d/hak5.org_LinuxUnixBSDPost-ExploitationCommandList_copy-20130228.pdf
https://www.yumpu.com/en/document/view/14963680/from-sqli-to-shell
Dump Windows Password Hashes
Windows Passhing The Hash
https://www.kali.org/penetration-testing/passing-hash-remote-desktop/
https://www.kali.org/kali-monday/pass-the-hash-toolkit-winexe-updates/
Windows Previlige Escalation
https://carabagimu.blogspot.com/search?q=over-in-lso-chat-we-were-talking-about
http://www.fuzzysecurity.com/tutorials/16.html
http://www.youtube.com/watch?v=kMG8IsCohHA
http://www.youtube.com/watch?v=_8xJaaQlpBo
http://www.greyhathacker.net/?p=738
https://carabagimu.blogspot.com/search?q=over-in-lso-chat-we-were-talking-about
Linux Previlige Escalation
https://carabagimu.blogspot.com/search?q=over-in-lso-chat-we-were-talking-about
http://pentestmonkey.net/tools/audit/unix-privesc-check
http://www.rebootuser.com/?page_id=1721
http://www.rebootuser.com/?p=1758
http://www.rebootuser.com/?p=1623
https://carabagimu.blogspot.com/search?q=over-in-lso-chat-we-were-talking-about
Tunneling & Port Forwarding
https://www.sans.org/reading-room/whitepapers/testing/tunneling-pivoting-web-application-penetration-testing-36117
https://highon.coffee/blog/reverse-shell-cheat-sheet/
https://highon.coffee/blog/ssh-meterpreter-pivoting-techniques/
http://staff.washington.edu/corey/fw/ssh-port-forwarding.html
http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet
http://magikh0e.ihtb.org/pubPapers/ssh_gymnastics_tunneling.html
http://www.debianadmin.com/howto-use-ssh-local-and-remote-port-forwarding.html
http://www.danscourses.com/Network-Penetration-Testing/metasploit-pivoting.html
https://carabagimu.blogspot.com/search?q=over-in-lso-chat-we-were-talking-about
http://www.offensive-security.com/metasploit-unleashed/Portfwd
http://www.offensive-security.com/metasploit-unleashed/Pivoting
http://www.howtoforge.com/reverse-ssh-tunneling
http://ftp.acc.umu.se/pub/putty/putty-0.57/htmldoc/Chapter7.htmla
XSS Cheat Codes
http://www.xenuser.org/xss-cheat-sheet/
https://gist.github.com/sseffa/11031135
https://html5sec.org/
WebShells
SQLi General Resources
http://www.w3schools.com/sql/sql_injection.asp
http://sqlzoo.net/hack/
https://information.rapid7.com/rs/rapid7/images/R7%20SQL_Injection_Cheat_Sheet.v1.pdf
http://websec.ca/kb/sql_injection
http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/
http://www.unixwiz.net/techtips/sql-injection.html
http://www.sqlinjectionwiki.com/
http://sqlmap.org/
https://packetstorm.sigterm.no/papers/cheatsheets/sqlmap-cheatsheet-1.0-SDB.pdf
https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet
http://bobby-tables.com/
MySQLi Resources
http://pentestmonkey.net/cheat-sheet/sql-injection/mysql-sql-injection-cheat-sheet
http://www.savevid.com/video/athcon-hack-in-paris-demo-2.html
http://www.frequency.com/video/athcon-hack-in-paris-demo-3/11306148
https://carabagimu.blogspot.com/search?q=over-in-lso-chat-we-were-talking-about
https://forum.reverse4you.org/showthread.php?t=1371
https://carabagimu.blogspot.com/search?q=over-in-lso-chat-we-were-talking-about
https://carabagimu.blogspot.com/search?q=over-in-lso-chat-we-were-talking-about
https://carabagimu.blogspot.com/search?q=over-in-lso-chat-we-were-talking-about
https://carabagimu.blogspot.com/search?q=over-in-lso-chat-we-were-talking-about
https://carabagimu.blogspot.com/search?q=over-in-lso-chat-we-were-talking-about
https://carabagimu.blogspot.com/search?q=over-in-lso-chat-we-were-talking-about
Exploit Development
https://www.corelan.be/index.php/articles/
http://www.fuzzysecurity.com/tutorials.html
https://code.google.com/p/it-sec-catalog/wiki/Exploitation
https://carabagimu.blogspot.com/search?q=over-in-lso-chat-we-were-talking-about
https://www.ethicalhacker.net/columns/heffner/smashing-the-modern-stack-for-fun-and-profit
https://carabagimu.blogspot.com/search?q=over-in-lso-chat-we-were-talking-about
http://ref.x86asm.net/index.html
http://farlight.org/index.html?type=shellcode
http://shell-storm.org/shellcode/
Reverse Engineering
https://www.cyberguerrilla.org/blog/what-the-blackhats-dont-want-you-to-know-series/
http://fumalwareanalysis.blogspot.ru/p/malware-analysis-tutorials-reverse.html
http://www.woodmann.com/TiGa/idaseries.html
http://visi.kenshoto.com/viki/MainPage
http://www.radare.org/r/
http://www.offensivecomputing.net/
http://www.oldapps.com/
http://www.oldversion.com/
https://www.exploit-db.com/webapps/
http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx
http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx
http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx
http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx
OS Cheat Sheets and Script Syntax
https://www.owasp.org/index.php/Cheat_Sheets
http://www.cheat-sheets.org/
http://ss64.com/nt/
https://rstforums.com/forum/22324-hacking-tools-windows.rst
https://en.wikipedia.org/wiki/IPv4_subnetting_reference
http://www.nixtutor.com/linux/all-the-best-linux-cheat-sheets/
http://shelldorado.com/shelltips/beginner.html
http://mywiki.wooledge.org/BashPitfalls
https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml
http://www.robvanderwoude.com/ntadmincommands.php
https://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf
http://contest-2010.korelogic.com/wordlists.html
https://packetstormsecurity.com/Crackers/wordlists/
http://hqsoftwarecollection.blogspot.in/p/36gn-wordlist.html
https://wiki.skullsecurity.org/Passwords
https://www.sans.org/reading-room/whitepapers/testing/pass-the-hash-attacks-tools-mitigation-33283
https://www.sans.org/reading-room/whitepapers/testing/crack-pass-hash-33219
https://nmap.org/ncrack/
http://www.openwall.com/john/
http://ophcrack.sourceforge.net/
https://inquisb.github.io/keimpx/
http://null-byte.wonderhowto.com/how-to/hack-like-pro-crack-passwords-part-3-using-hashcat-0156543/
InfoSec Hiring
Reddit Thread Q3 2015
Reddit Thread Q2 2015
ShmooCon Hiring List 2015
SANS
Careers Stackoverflow
PenTester Salary
San Francisco InfoSec Jobs
Infosecinstitute.com
Inspiredcareers.org/
IT Certifications
Links Collections
http://in-addr.nl/security-links.php
http://ser-storchak.blogspot.ru/p/blog-page_16.html
Reddit NetsecStudents Wiki
https://www.vulnhub.com/resources/
Books
Cukup sekian artikel kali ini mengenai ihwal hal security dan sebagainya. Semoga apa yang aku bagikan pada artikel kali ini bermanfaat buat teman-teman semua. Have a good day, see u!
Sumber: https://jivoi.github.io/2015/07/03/offensive-security-bookmarks/
Sumber http://maqlo-heker.blogspot.com/
