Vulnerable OS/daemons
damn vulnerable linux: http://www.damnvulnerablelinux.org/
damn vulnerable web application: http://www.dvwa.co.uk/
damn vulnerable web services: http://dvws.secureideas.net/
metasploitable: http://blog.metasploit.com/2010/05/introducing-metasploitable.html
ultimate LAMP: http://www.vmware.com/appliances/directory/189
Recon phase
Secrets of Network Cartography: http://www.networkuptime.com/nmap/index.shtml
Exploits
http://www.exploit-db.com/
http://1337day.com/
http://www.vulnerability-lab.com/
http://www.securityaegis.com/the-big-fat-metasploit-post/
Vasto: Virtualization ASsesment TOolkit - http://vasto.nibblesec.org/
http://www.darkoperator.com/tools-and-scripts/
Breaking FDE: http://theinvisiblethings.blogspot.com/2009/10/evil-maid-goes-after-truecrypt.html
Framework
http://www.felipemartins.info/2011/05/pentesting-vulnerable-study-frameworks-complete-list/
http://sourceforge.net/projects/virtualhacking/
http://bailey.st/blog/2010/09/14/pentest-lab-vulnerable-servers-applications-list/
Post-exploitation
http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet
http://www.room362.com/blog/2011/9/6/post-exploitation-command-lists.html
Physical Security
Lockpicking course by Schuyler Towne http://www.youtube.com/watch?v=VVSL0liiWoc&list=PL66CD42F86F3A1F85&feature=plpp
Information Gathering
Maltego
Shodan
Google Dorks
Metadata
http://sourceforge.net/projects/virtualhacking/
Web app testing
http://michaelhendrickx.com/lilith
http://www.kenahack.com/2011/07/hth-sql-injection.html
Rainbow table
http://www.freerainbowtables.com
Password Lists
http://www.securityaegis.com/a-whole-lotta-passwords/
damn vulnerable linux: http://www.damnvulnerablelinux.org/
damn vulnerable web application: http://www.dvwa.co.uk/
damn vulnerable web services: http://dvws.secureideas.net/
metasploitable: http://blog.metasploit.com/2010/05/introducing-metasploitable.html
ultimate LAMP: http://www.vmware.com/appliances/directory/189
Recon phase
Secrets of Network Cartography: http://www.networkuptime.com/nmap/index.shtml
Exploits
http://www.exploit-db.com/
http://1337day.com/
http://www.vulnerability-lab.com/
http://www.securityaegis.com/the-big-fat-metasploit-post/
Vasto: Virtualization ASsesment TOolkit - http://vasto.nibblesec.org/
http://www.darkoperator.com/tools-and-scripts/
Breaking FDE: http://theinvisiblethings.blogspot.com/2009/10/evil-maid-goes-after-truecrypt.html
Framework
http://www.felipemartins.info/2011/05/pentesting-vulnerable-study-frameworks-complete-list/
http://sourceforge.net/projects/virtualhacking/
http://bailey.st/blog/2010/09/14/pentest-lab-vulnerable-servers-applications-list/
Post-exploitation
http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet
http://www.room362.com/blog/2011/9/6/post-exploitation-command-lists.html
Physical Security
Lockpicking course by Schuyler Towne http://www.youtube.com/watch?v=VVSL0liiWoc&list=PL66CD42F86F3A1F85&feature=plpp
Information Gathering
Maltego
Shodan
Google Dorks
Metadata
http://sourceforge.net/projects/virtualhacking/
Web app testing
http://michaelhendrickx.com/lilith
http://www.kenahack.com/2011/07/hth-sql-injection.html
Rainbow table
http://www.freerainbowtables.com
Password Lists
http://www.securityaegis.com/a-whole-lotta-passwords/
No comments:
Post a Comment