Links+ - readloud.org

Exploits Database 💥

Vulnerabilities Database 🎯

Hacking Tutorials 💻

Virus Scan 🦠

Not distribute to AV

Tools Download 🛠

Network Online Tools 🌐

IP Lookup 🔎

Encrypt / Decrypt ⛓

Online Hash Crackers 🧱

File Upload 📁

Anonymous Test 🕵️

Torcheck 🧅

5deqglhxcoy3gbx6.onion - Xenobite
tmkloc6vhxos3nde.onion

SMS 📩

Fake Identity 🙃

Blogs and Articles

0x00-0x00
Amossys - Security Blog (French)
Adepts of 0xCC: A brotherhood of owls praying to the debugger God.
Back Engineering
Bugcrowd Blogs
COUNT UPON SECURITY
Dissecting Malware
El Soctano (Spanish) - Discontinued
Ero Carrera's blog - Discontinued
Ferib's Blog
Flu Project (Spanish)
Follow The White Rabbit
Follow The White Rabbit – Blog de Seguridad Informática (Spanish)
Google Project Zero
Google Security Blog
Hacking Articles
Hack Puntes (Spanish)
HackTricks
InQuest Blog
Intigriti Blogs
lucasg
MalwareAnalysis.co Forums and Blogs
McAfee blogs
Microsoft Security Response Center blog
Objective-See's Blog
Portswigger Blogs
Security By Default (Spanish) - Discontinued
Security Garage (Spanish)
Underc0de (Spanish)
Unit42
UN INFORMÁTICO EN EL LADO DEL MAL (Spanish)
UN TAL 4N0NYM0US EN EL PC (Spanish) - Discontinued
Vickie Lo Blogs
welivesecurity by eset (Spanish)

News

Communities

Axial: Is a community of like minded nerds who focus on reverse engineering, malware analysis and general nerdery regarding to malware, at axial we also focus on various web attack vectors and techniques to leverage our OSINT skills which is accomplished by release of various blogs which range from extremely beginner to an intermediate level which also makes sure to demonstrate the techniques in a broader range, Axial also focuses on various open source based projects dedicated towards the afore mentioned domain, definitely aligning with the offensive, and defensive side of the information security domain.

Forums

Bugcrowd Discord
Indetectables.net (Spanish): Malware and undetectabilization techniques forum.
Hack Forums
MalwareAnalysis.co Forums and Blogs
netsec - Reddit
reddit: Bug Bounty
reddit: Hacking_Tutorials: A forum for the security professionals and white hat hackers.
reddit: OSCP: Resource for people preparing for Offensive Security Certified Professional Certification.
websecurity-Reddit

Books

Writeups

Official Websites

Bug Bounty Platforms

Individual Programs

Meta
Google

Crowdsourcing

Bugcrowd
Bugcrowd - youtube
CyberTalents - youtube
Firebounty
Hackersploit
Hackerone
Hak5 - youtube
Intigriti - Switzerland, Germany.
Live Overflow - youtube
OpenBugBounty
PortSwigger - youtube
thenewboston - youtube
SANS Institute - youtube
Yes We Hack: Crowdsourced security & Vulnerability Disclosure France, Singapore,
Yogosha
Zerocopter

Bug Bounty Beginner's Roadmap

Technical

Computer Fundamentals

comptia
[*] https://www.youtube.com/watch?v=tIfRDPekybU
tutorialspoint
swayam2
udemy
coursera

Computer Networking

[*] https://www.youtube.com/watch?v=0AcpUwnc12E&list=PLkW9FMxqUvyZaSQNQslneeODER3bJCb2K
[*] https://www.youtube.com/watch?v=qiQR5rTSshw
[*] https://www.youtube.com/watch?v=L3ZzkOTDins
udacity
google-it-support
introduction-to-computer-networks

Operating Systems

[*] https://www.youtube.com/watch?v=z2r-p7xc7c4
[*] https://www.youtube.com/watch?v=_tCY-c-sPZc
os-power-user
[*] https://www.udacity.com/course/introduction-to-operating-systems--ud923)
linux-command-line-volume1
[*] https://www.youtube.com/watch?v=v_1zB2WNN14

Command Line

Windows:

[*] https://www.youtube.com/watch?v=TBBbQKp9cKw&list=PLRu7mEBdW7fDTarQ0F2k2tpwCJg_hKhJQ
[*] https://www.youtube.com/watch?v=fid6nfvCz1I&list=PLRu7mEBdW7fDlf80vMmEJ4Vw9uf2Gbyc_
[*] https://www.youtube.com/watch?v=UVUd9_k9C6A

Linux:

[*] https://www.youtube.com/watch?v=fid6nfvCz1I&list=PLRu7mEBdW7fDlf80vMmEJ4Vw9uf2Gbyc_
[*] https://www.youtube.com/watch?v=UVUd9_k9C6A
[*] https://www.youtube.com/watch?v=GtovwKDemnI
[*] https://www.youtube.com/watch?v=2PGnYjbYuUo
[*] https://www.youtube.com/watch?v=e7BufAVwDiM&t=418s
[*] https://www.youtube.com/watch?v=bYRfRGbqDIw&list=PLkPmSWtWNIyTQ1NX6MarpjHPkLUs3u1wG&index=4

Programming

[*] https://www.youtube.com/watch?v=irqbmMNs2Bo
[*] https://www.youtube.com/watch?v=ZSPZob_1TOk
[*] https://www.programiz.com/c-programming

Python

[*] https://www.youtube.com/watch?v=ZLga4doUdjY&t=30352s
[*] https://www.youtube.com/watch?v=gfDE2a7MKjA
[*] https://www.youtube.com/watch?v=eTyI-M50Hu4

JavaScript

[*] https://www.youtube.com/watch?v=-lCF2t6iuUc
[*] https://www.youtube.com/watch?v=hKB-YGF14SY&t=1486s
[*] https://www.youtube.com/watch?v=jS4aFq5-91M

PHP

[*] https://www.youtube.com/watch?v=1SnPKhCdlsU
[*] https://www.youtube.com/watch?v=OK_JCtrrv-c0
[*] https://www.youtube.com/watch?v=T8SEGXzdbYg&t=1329s

Challenges

Podcasts

Cyberwire daily podcast
Daily Information Security Podcast ("StormCast"): Stormcasts are daily 5-10 minute information security threat updates. The podcast is produced each work day, and typically released late in the day to be ready for your morning commute.
Risky Business

Services

Cock.li: Anonymous email.
ProntonMail: Secure email.

Telegram channels

crackslatinos (Spanish): Telegram channel about reverse engineering, created by Ricardo Narvaja.
Cyber Security News
Derecho en la red (Spanish)
Information Security
Bug Bounty ES (Spanish): Telegram channel about bug bounty, created by DragonJar.

YouTube Channels

Other directories

Cyberthreats, viruses, and malware - Microsoft Security Intelligence: Part of the Z-Library project. The world's largest e-book library.
es1lib: Part of the Z-Library project. The world's largest e-book library.
Hacking Tools: Tools for penetration testing and security audit.
simplycyber.io - Free cyber resources: An awesome list of resources for training, conferences, speaking, labs, reading, etc that are free all the time that cybersecurity professionals with downtime can take advantage of to improve their skills and marketability to come out on the other side ready to rock.

PRACTICE!

CTF

Online Labs

Offline Labs

Hack The Box
Attack Defense 1000+ Labs!
VulnHub
Root.me
Penetration Testing Practice Lab / Vulnerable Apps/Systems
Vulhub
Vulapps
Vulnspy
Upload-Labs
TryHackMe

BLOGS

[ * ] https://scriptkidd1e.wordpress.com/oscp-journey/
[ * ] http://www.securitysift.com/offsec-pwb-oscp/
[ * ] http://ch3rn0byl.com/down-with-oscp-yea-you-know-me/
[ * ] http://www.techexams.net/forums/security-certifications/110760-oscp-jollyfrogs-tale.html
[ * ] http://hackingandsecurity.blogspot.com
[ * ] http://carnal0wnage.blogspot.com/
[ * ] http://www.mcgrewsecurity.com/
[ * ] http://www.gnucitizen.org/blog/
[ * ] http://www.darknet.org.uk/
[ * ] http://spylogic.net/
[ * ] http://taosecurity.blogspot.com/
[ * ] http://www.room362.com/
[ * ] http://blog.sipvicious.org/
[ * ] http://blog.portswigger.net/
[ * ] http://pentestmonkey.net/blog/
[ * ] http://jeremiahgrossman.blogspot.com/
[ * ] http://i8jesus.com/
[ * ] http://blog.c22.cc/
[ * ] http://www.skullsecurity.org/blog/
[ * ] http://blog.metasploit.com/
[ * ] http://www.darkoperator.com/
[ * ] http://blog.skeptikal.org/
[ * ] http://preachsecurity.blogspot.com/
[ * ] http://www.tssci-security.com/
[ * ] http://www.gdssecurity.com/l/b/
[ * ] http://websec.wordpress.com/
[ * ] http://bernardodamele.blogspot.com/
[ * ] http://laramies.blogspot.com/
[ * ] http://www.spylogic.net/
[ * ] http://blog.andlabs.org/
[ * ] http://xs-sniper.com/blog/
[ * ] http://www.commonexploits.com/
[ * ] http://www.sensepost.com/blog/
[ * ] http://wepma.blogspot.com/
[ * ] http://exploit.co.il/
[ * ] http://securityreliks.wordpress.com/
[ * ] http://www.madirish.net/index.html
[ * ] http://sirdarckcat.blogspot.com/
[ * ] http://reusablesec.blogspot.com/
[ * ] http://myne-us.blogspot.com/
[ * ] http://www.notsosecure.com/
[ * ] http://blog.spiderlabs.com/
[ * ] http://www.corelan.be/
[ * ] http://www.digininja.org/
[ * ] http://www.pauldotcom.com/
[ * ] http://www.attackvector.org/
[ * ] http://deviating.net/
[ * ] http://www.alphaonelabs.com/
[ * ] http://www.smashingpasswords.com/
[ * ] http://wirewatcher.wordpress.com/
[ * ] http://gynvael.coldwind.pl/
[ * ] http://www.nullthreat.net/
[ * ] http://www.question-defense.com/
[ * ] http://archangelamael.blogspot.com/
[ * ] http://memset.wordpress.com/
[ * ] http://sickness.tor.hu/
[ * ] http://punter-infosec.com/
[ * ] http://www.securityninja.co.uk/
[ * ] http://securityandrisk.blogspot.com/
[ * ] http://esploit.blogspot.com/
[ * ] http://www.pentestit.com/

FORUMS

[ * ] http://sla.ckers.org/forum/index.php
[ * ] http://www.ethicalhacker.net/
[ * ] http://www.backtrack-linux.org/forums/
[ * ] http://www.elitehackers.info/forums/
[ * ] http://www.hackthissite.org/forums/index.php
[ * ] http://securityoverride.com/forum/index.php
[ * ] http://www.iexploit.org/
[ * ] http://bright-shadows.net/
[ * ] http://www.governmentsecurity.org/forum/
[ * ] http://forum.intern0t.net/

MAGAZINES

[ * ] http://www.net-security.org/insecuremag.php
[ * ] http://hakin9.org/

VIDEO

[ * ] http://www.hackernews.com/
[ * ] http://www.securitytube.net/
[ * ] http://www.irongeek.com/i.php?page=videos/aide-winter-2011
[ * ] http://avondale.good.net/dl/bd/
[ * ] http://achtbaan.nikhef.nl/27c3-stream/releases/mkv/
[ * ] http://www.youtube.com/user/ChRiStIaAn008
[ * ] http://www.youtube.com/user/HackingCons
[ * ] https://www.youtube.com/channel/UCa6eh7gCkpPo5XXUDfygQQA
[ * ] https://www.youtube.com/channel/UCCkVMojdBWS-JtH7TliWkVg
[ * ] https://www.youtube.com/channel/UCW6MNdOsqv2E9AjQkv9we7A
[ * ] https://www.youtube.com/channel/UCFmjA6dnjv-phqrFACyI8tw
[ * ] https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w
[ * ] https://www.youtube.com/user/RootOfTheNull
[ * ] https://www.youtube.com/channel/UCMACXuWd2w6_IEGog744UaA

METHODOLOGIES

[ * ] http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html
[ * ] http://www.pentest-standard.org/index.php/Main_Page
[ * ] http://projects.webappsec.org/w/page/13246978/Threat-Classification
[ * ] http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
[ * ] http://www.social-engineer.org/

PRESENTATIONS

[ * ] http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-part-1-social-networks/
[ * ] http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-%E2%80%93-part-2-blogs-message-boards-and-metadata/
[ * ] http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-part-3-monitoring/
[ * ] http://www.slideshare.net/Laramies/tactical-information-gathering
[ * ] http://www.sans.org/reading_room/whitepapers/privacy/document_metadata_the_silent_killer__32974
[ * ] http://infond.blogspot.com/2010/05/toturial-footprinting.html

PEOPLE AND ORGANIZATIONAL

[ * ] http://www.spokeo.com/
[ * ] http://www.123people.com/
[ * ] http://www.xing.com/
[ * ] http://www.zoominfo.com/search
[ * ] http://pipl.com/
[ * ] http://www.zabasearch.com/
[ * ] http://www.searchbug.com/default.aspx
[ * ] http://theultimates.com/
[ * ] http://skipease.com/
[ * ] http://addictomatic.com/
[ * ] http://socialmention.com/
[ * ] http://entitycube.research.microsoft.com/
[ * ] http://www.yasni.com/
[ * ] http://tweepz.com/
[ * ] http://tweepsearch.com/
[ * ] http://www.glassdoor.com/index.htm
[ * ] http://www.jigsaw.com/
[ * ] http://searchwww.sec.gov/EDGARFSClient/jsp/EDGAR_MainAccess.jsp
[ * ] http://www.tineye.com/
[ * ] http://www.peekyou.com/
[ * ] http://picfog.com/
[ * ] http://twapperkeeper.com/index.php

INFRASTRUCTURE

[ * ] http://uptime.netcraft.com/
[ * ] http://www.serversniff.net/
[ * ] http://www.domaintools.com/
[ * ] http://centralops.net/co/
[ * ] http://hackerfantastic.com/
[ * ] http://whois.webhosting.info/
[ * ] https://www.ssllabs.com/ssldb/analyze.html
[ * ] http://www.clez.net/
[ * ] http://www.my-ip-neighbors.com/
[ * ] http://www.shodanhq.com/
[ * ] http://www.exploit-db.com/google-dorks/
[ * ] http://www.hackersforcharity.org/ghdb/
EXPLOITS AND ADVISORIES
[ * ] http://www.exploit-db.com/
[ * ] http://www.cvedetails.com/
[ * ] http://www.packetstormsecurity.org/
[ * ] http://www.securityforest.com/wiki/index.php/Main_Page
[ * ] http://www.securityfocus.com/bid
[ * ] http://nvd.nist.gov/
[ * ] http://osvdb.org/
[ * ] http://www.nullbyte.org.il/Index.html
[ * ] http://secdocs.lonerunners.net/
[ * ] http://www.phenoelit-us.org/whatSAP/index.html
[ * ] http://secunia.com/
[ * ] http://cve.mitre.org/
CHEATSHEETS AND SYNTAX
[ * ] http://www.cheat-sheets.org/
[ * ] http://blog.securitymonks.com/2009/08/15/whats-in-your-folder-security-cheat-sheets/

AGILE HACKING

[ * ] http://www.gnucitizen.org/blog/agile-hacking-a-homegrown-telnet-based-portscanner/
[ * ] http://blog.commandlinekungfu.com/
[ * ] http://www.securityaegis.com/simple-yet-effective-directory-bruteforcing/
[ * ] http://isc.sans.edu/diary.html?storyid=2376
[ * ] http://isc.sans.edu/diary.html?storyid=1229
[ * ] http://ss64.com/nt/
[ * ] http://pauldotcom.com/2010/02/running-a-command-on-every-mac.html
[ * ] http://synjunkie.blogspot.com/2008/03/command-line-ninjitsu.html
[ * ] http://www.zonbi.org/2010/06/09/wmic-the-other-other-white-meat/
[ * ] http://rstcenter.com/forum/22324-hacking-without-tools-windows.rst
[ * ] http://www.coresecurity.com/files/attachments/Core_Define_and_Win_Cmd_Line.pdf
[ * ] http://www.scribd.com/Penetration-Testing-Ninjitsu2-Infrastructure-and-Netcat-without-Netcat/d/3064507
[ * ] http://www.pentesterscripting.com/
[ * ] http://www.sans.org/reading_room/whitepapers/hackers/windows-script-host-hack-windows_33583
[ * ] http://www.blackhat.com/presentations/bh-dc-10/Bannedit/BlackHat-DC-2010-Bannedit-Advanced-Command-Injection-Exploitation-1-wp.pdf

OS AND SCRIPTS

[ * ] http://en.wikipedia.org/wiki/IPv4_subnetting_reference
[ * ] http://www.nixtutor.com/linux/all-the-best-linux-cheat-sheets/
[ * ] http://shelldorado.com/shelltips/beginner.html
[ * ] http://www.linuxsurvival.com/
[ * ] http://mywiki.wooledge.org/BashPitfalls
[ * ] http://rubular.com/
[ * ] http://www.iana.org/assignments/port-numbers
[ * ] http://www.robvanderwoude.com/ntadmincommands.php
[ * ] http://www.nixtutor.com/linux/all-the-best-linux-cheat-sheets/

TOOLS

[ * ] http://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf
[ * ] http://www.secguru.com/files/cheatsheet/nessusNMAPcheatSheet.pdf
[ * ] http://sbdtools.googlecode.com/files/hping3_cheatsheet_v1.0-ENG.pdf
[ * ] http://sbdtools.googlecode.com/files/Nmap5%20cheatsheet%20eng%20v1.pdf
[ * ] http://www.sans.org/security-resources/sec560/misc_tools_sheet_v1.pdf
[ * ] http://rmccurdy.com/scripts/Metasploit%20meterpreter%20cheat%20sheet%20reference.html
[ * ] http://h.ackack.net/cheat-sheets/netcat

DISTROS

[ * ] http://www.backtrack-linux.org/
[ * ] http://www.matriux.com/
[ * ] http://samurai.inguardians.com/
[ * ] http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
[ * ] https://pentoo.ch/
[ * ] http://www.hackfromacave.com/articles_and_adventures/katana_v2_release.html
[ * ] http://www.piotrbania.com/all/kon-boot/
[ * ] http://www.linuxfromscratch.org/
[ * ] http://sumolinux.suntzudata.com/
[ * ] http://blog.0x0e.org/2009/11/20/pentesting-with-an-ubuntu-box/#comments
[ * ] http://www.backbox.org/

LABS ISOS AND VMS

[ * ] http://sourceforge.net/projects/websecuritydojo/
[ * ] http://code.google.com/p/owaspbwa/wiki/ProjectSummary
[ * ] http://heorot.net/livecds/
[ * ] http://informatica.uv.es/~carlos/docencia/netinvm/
[ * ] http://www.bonsai-sec.com/en/research/moth.php
[ * ] http://blog.metasploit.com/2010/05/introducing-metasploitable.html
[ * ] http://pynstrom.net/holynix.php
[ * ] http://gnacktrack.co.uk/download.php
[ * ] http://sourceforge.net/projects/lampsecurity/files/
[ * ] https://www.hacking-lab.com/news/newspage/livecd-v4.3-available.html
[ * ] http://sourceforge.net/projects/virtualhacking/files/
[ * ] http://www.badstore.net/
[ * ] http://www.irongeek.com/i.php?page=security/mutillidae-deliberately-vulnerable-php-owasp-top-10
[ * ] http://www.dvwa.co.uk/
[ * ] http://sourceforge.net/projects/thebutterflytmp/

VULNERABLE SOFTWARE

[ * ] http://www.oldapps.com/
[ * ] http://www.oldversion.com/
[ * ] http://www.exploit-db.com/webapps/
[ * ] http://code.google.com/p/wavsep/downloads/list
[ * ] http://www.owasp.org/index.php/Owasp_SiteGenerator
[ * ] http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx
[ * ] http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx
[ * ] http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx
[ * ] http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx

TEST SITES

[ * ] http://www.webscantest.com/
[ * ] http://crackme.cenzic.com/Kelev/view/home.php
[ * ] http://zero.webappsecurity.com/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=[ * ] http://www.Freebank.com
[ * ] http://testaspnet.vulnweb.com/
[ * ] http://testasp.vulnweb.com/
[ * ] http://testphp.vulnweb.com/
[ * ] http://demo.testfire.net/
[ * ] http://hackme.ntobjectives.com/

EXPLOITATION INTRO

[ * ] http://myne-us.blogspot.com/2010/08/from-0x90-to-0x4c454554-journey-into.html
[ * ] http://www.mgraziano.info/docs/stsi2010.pdf
[ * ] http://www.abysssec.com/blog/2010/05/past-present-future-of-windows-exploitation/
[ * ] http://www.ethicalhacker.net/content/view/122/2/
[ * ] http://code.google.com/p/it-sec-catalog/wiki/Exploitation
[ * ] http://x9090.blogspot.com/2010/03/tutorial-exploit-writting-tutorial-from.html
[ * ] http://ref.x86asm.net/index.html

REVERSE ENGINEERING & MALWARE

[ * ] http://www.woodmann.com/TiGa/idaseries.html
[ * ] http://www.binary-auditing.com/
[ * ] http://visi.kenshoto.com/
[ * ] http://www.radare.org/y/
[ * ] http://www.offensivecomputing.net/

PASSWORDS AND HASHES

[ * ] http://www.irongeek.com/i.php?page=videos/password-exploitation-class
[ * ] http://cirt.net/passwords
[ * ] http://sinbadsecurity.blogspot.com/2008/10/ms-sql-server-password-recovery.html
[ * ] http://www.foofus.net/~jmk/medusa/medusa-smbnt.html
[ * ] http://www.foofus.net/?page_id=63
[ * ] http://hashcrack.blogspot.com/
[ * ] http://www.nirsoft.net/articles/saved_password_location.html
[ * ] http://www.onlinehashcrack.com/
[ * ] http://www.md5this.com/list.php?
[ * ] http://www.virus.org/default-password
[ * ] http://www.phenoelit-us.org/dpl/dpl.html
[ * ] http://news.electricalchemy.net/2009/10/cracking-passwords-in-cloud.html

WORDLISTS

[ * ] http://contest.korelogic.com/wordlists.html
[ * ] http://packetstormsecurity.org/Crackers/wordlists/
[ * ] http://www.skullsecurity.org/wiki/index.php/Passwords
[ * ] http://www.ericheitzman.com/passwd/passwords/

PASS THE HASH

[ * ] http://www.sans.org/reading_room/whitepapers/testing/pass-the-hash-attacks-tools-mitigation_33283
[ * ] http://www.sans.org/reading_room/whitepapers/testing/crack-pass-hash_33219
[ * ] http://carnal0wnage.blogspot.com/2008/03/using-pash-hash-toolkit.html

MITM

[ * ] http://www.giac.org/certified_professionals/practicals/gsec/0810.php
[ * ] http://www.linuxsecurity.com/docs/PDF/dsniff-n-mirror.pdf
[ * ] http://www.cs.uiuc.edu/class/sp08/cs498sh/slides/dsniff.pdf
[ * ] http://www.techvibes.com/blog/a-hackers-story-let-me-tell-you-just-how-easily-i-can-steal-your-personal-data
[ * ] http://www.mindcenter.net/uploads/ECCE101.pdf
[ * ] http://toorcon.org/pres12/3.pdf
[ * ] http://media.techtarget.com/searchUnifiedCommunications/downloads/Seven_Deadliest_UC_Attacks_Ch3.pdf
[ * ] http://packetstormsecurity.org/papers/wireless/cracking-air.pdf
[ * ] http://www.blackhat.com/presentations/bh-europe-03/bh-europe-03-valleri.pdf
[ * ] http://www.oact.inaf.it/ws-ssri/Costa.pdf
[ * ] http://www.defcon.org/images/defcon-17/dc-17-presentations/defcon-17-sam_bowne-hijacking_web_2.0.pdf
[ * ] http://mcafeeseminar.com/focus/downloads/Live_Hacking.pdf
[ * ] http://www.seanobriain.com/docs/PasstheParcel-MITMGuide.pdf
[ * ] http://www.more.net/sites/default/files/2010JohnStrandKeynote.pdf
[ * ] http://www.leetupload.com/database/Misc/Papers/Asta%20la%20Vista/18.Ettercap_Spoof.pdf
[ * ] http://bandwidthco.com/whitepapers/netforensics/arp/EtterCap%20ARP%20Spoofing%20&%20Beyond.pdf
[ * ] http://bandwidthco.com/whitepapers/netforensics/arp/Fun%20With%20EtterCap%20Filters.pdf
[ * ] http://www.iac.iastate.edu/iasg/libarchive/0910/The_Magic_of_Ettercap/The_Magic_of_Ettercap.pdf
[ * ] http://articles.manugarg.com/arp_spoofing.pdf
[ * ] http://academy.delmar.edu/Courses/ITSY2430/eBooks/Ettercap(ManInTheMiddleAttack-tool).pdf
[ * ] http://www.ucci.it/docs/ICTSecurity-2004-26.pdf
[ * ] http://web.mac.com/opticrealm/iWeb/asurobot/My%20Cyber%20Attack%20Papers/My%20Cyber%20Attack%20Papers_files/ettercap_Nov_6_2005-1.pdf
[ * ] http://blog.spiderlabs.com/2010/12/thicknet.html
[ * ] http://www.hackyeah.com/2010/10/ettercap-filters-with-metasploit-browser_autopwn/
[ * ] http://www.go4expert.com/forums/showthread.php?t=11842
[ * ] http://www.irongeek.com/i.php?page=security/ettercapfilter
[ * ] http://openmaniak.com/ettercap_filter.php
[ * ] http://www.irongeek.com/i.php?page=videos/dns-spoofing-with-ettercap-pharming
[ * ] http://www.irongeek.com/i.php?page=videos/ettercap-plugins-find-ip-gw-discover-isolate
[ * ] http://www.irongeek.com/i.php?page=videos/ettercapfiltervid1
[ * ] http://spareclockcycles.org/2010/06/10/sergio-proxy-released/

TOOLS OSINT

[ * ] http://www.edge-security.com/theHarvester.php
[ * ] http://www.mavetju.org/unix/dnstracer-man.php
[ * ] http://www.paterva.com/web5/

Metadata

[ * ] http://www.sans.org/reading_room/whitepapers/privacy/document-metadata-silent-killer_32974
[ * ] http://lcamtuf.coredump.cx/strikeout/
[ * ] http://www.sno.phy.queensu.ca/~phil/exiftool/
[ * ] http://www.edge-security.com/metagoofil.php
[ * ] http://www.darkoperator.com/blog/2009/4/24/metadata-enumeration-with-foca.html

GOOGLE HACKING

[ * ] http://www.stachliu.com/index.php/resources/tools/google-hacking-diggity-project/
[ * ] http://midnightresearch.com/projects/search-engine-assessment-tool/#downloads
[ * ] http://sqid.rubyforge.org/#next
[ * ] http://voidnetwork.org/5ynL0rd/darkc0de/python_script/dorkScan.html

WEB

[ * ] http://www.bindshell.net/tools/beef
[ * ] http://blindelephant.sourceforge.net/
[ * ] http://xsser.sourceforge.net/
[ * ] http://sourceforge.net/projects/rips-scanner/
[ * ] http://www.divineinvasion.net/authforce/
[ * ] http://andlabs.org/tools.html#sotf
[ * ] http://www.taddong.com/docs/Browser_Exploitation_for_Fun&Profit_Taddong-RaulSiles_Nov2010_v1.1.pdf
[ * ] http://carnal0wnage.blogspot.com/2007/07/using-sqid-sql-injection-digger-to-look.html
[ * ] http://code.google.com/p/pinata-csrf-tool/
[ * ] http://xsser.sourceforge.net/#intro
[ * ] http://www.contextis.co.uk/resources/tools/clickjacking-tool/
[ * ] http://packetstormsecurity.org/files/view/69896/unicode-fun.txt
[ * ] http://sourceforge.net/projects/ws-attacker/files/
[ * ] https://github.com/koto/squid-imposter

ATTACK STRINGS

[ * ] http://code.google.com/p/fuzzdb/
[ * ] http://www.owasp.org/index.php/Category:OWASP_Fuzzing_Code_Database#tab=Statements

SHELLS

[ * ] http://sourceforge.net/projects/yokoso/
[ * ] http://sourceforge.net/projects/ajaxshell/

SCANNERS

[ * ] http://w3af.sourceforge.net/
[ * ] http://code.google.com/p/skipfish/
[ * ] http://sqlmap.sourceforge.net/
[ * ] http://sqid.rubyforge.org/#next
[ * ] http://packetstormsecurity.org/UNIX/scanners/XSSscan.py.txt
[ * ] http://code.google.com/p/fimap/wiki/WindowsAttack
[ * ] http://code.google.com/p/fm-fsf/

PROXIES Burp

[ * ] http://www.sans.org/reading_room/whitepapers/testing/fuzzing-approach-credentials-discovery-burp-intruder_33214
[ * ] http://www.gdssecurity.com/l/b/2010/08/10/constricting-the-web-the-gds-burp-api/
[ * ] http://sourceforge.net/projects/belch/files/
[ * ] http://www.securityninja.co.uk/application-security/burp-suite-tutorial-repeater-and-comparer-tools
[ * ] http://blog.ombrepixel.com/
[ * ] http://andlabs.org/tools.html#dser
[ * ] http://feoh.tistory.com/22
[ * ] http://www.sensepost.com/labs/tools/pentest/reduh
[ * ] http://www.owasp.org/index.php/OWASP_WebScarab_NG_Project
[ * ] http://intrepidusgroup.com/insight/mallory/
[ * ] http://www.fiddler2.com/fiddler2/
[ * ] http://websecuritytool.codeplex.com/documentation?referringTitle=Home
[ * ] http://translate.google.com/translate?hl=en&sl=es&u=[ * ] http://xss.codeplex.com/releases/view/43170&prev=/search%3Fq%3D[ * ] http://www.hackingeek.com/2010/08/x5s-encuentra-fallos-xss-lfi-rfi-en-tus.html%26hl%3Den&rurl=translate.google.com&twu=1

[ * ] http://www.secmaniac.com/

PASSWORD

[ * ] http://nmap.org/ncrack/
[ * ] http://www.foofus.net/~jmk/medusa/medusa.html
[ * ] http://www.openwall.com/john/
[ * ] http://ophcrack.sourceforge.net/
[ * ] http://blog.0x3f.net/tool/keimpx-in-action/
[ * ] http://code.google.com/p/keimpx/
[ * ] http://sourceforge.net/projects/hashkill/

METASPLOIT

[ * ] http://www.indepthdefense.com/2009/02/reverse-pivots-with-metasploit-how-not.html
[ * ] http://code.google.com/p/msf-hack/wiki/WmapNikto
[ * ] http://www.indepthdefense.com/2009/01/metasploit-visual-basic-payloads-in.html
[ * ] http://seclists.org/metasploit/
[ * ] http://pauldotcom.com/2010/03/nessus-scanning-through-a-meta.html
[ * ] http://meterpreter.illegalguy.hostzi.com/
[ * ] http://blog.metasploit.com/2010/03/automating-metasploit-console.html
[ * ] http://www.workrobot.com/sansfire2009/561.html
[ * ] http://www.securitytube.net/video/711
[ * ] http://en.wikibooks.org/wiki/Metasploit/MeterpreterClient#download
[ * ] http://vimeo.com/16852783
[ * ] http://milo2012.wordpress.com/2009/09/27/xlsinjector/
[ * ] http://www.fastandeasyhacking.com/
[ * ] http://trac.happypacket.net/
[ * ] http://www.blackhat.com/presentations/bh-dc-10/Ames_Colin/BlackHat-DC-2010-colin-david-neurosurgery-with-meterpreter-wp.pdf
[ * ] http://www.blackhat.com/presentations/bh-dc-10/Egypt/BlackHat-DC-2010-Egypt-UAV-slides.pdf
[ * ] http://www.offensive-security.com/metasploit-unleashed/Metasploit_Unleashed_Information_Security_Training
[ * ] http://www.irongeek.com/i.php?page=videos/metasploit-class
[ * ] http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,6158.0/
[ * ] http://vimeo.com/16925188
[ * ] http://www.ustream.tv/recorded/13396511
[ * ] http://www.ustream.tv/recorded/13397426
[ * ] http://www.ustream.tv/recorded/13398740

MSF Exploits or Easy

[ * ] http://www.nessus.org/plugins/index.php?view=single&id=12204 [ * ] http://www.nessus.org/plugins/index.php?view=single&id=11413 [ * ] http://www.nessus.org/plugins/index.php?view=single&id=18021 [ * ] http://www.nessus.org/plugins/index.php?view=single&id=26918 [ * ] http://www.nessus.org/plugins/index.php?view=single&id=34821 [ * ] http://www.nessus.org/plugins/index.php?view=single&id=22194 [ * ] http://www.nessus.org/plugins/index.php?view=single&id=34476 [ * ] http://www.nessus.org/plugins/index.php?view=single&id=25168 [ * ] http://www.nessus.org/plugins/index.php?view=single&id=19408 [ * ] http://www.nessus.org/plugins/index.php?view=single&id=21564 [ * ] http://www.nessus.org/plugins/index.php?view=single&id=10862 [ * ] http://www.nessus.org/plugins/index.php?view=single&id=26925 [ * ] http://www.nessus.org/plugins/index.php?view=single&id=29314 [ * ] http://www.nessus.org/plugins/index.php?view=single&id=23643 [ * ] http://www.nessus.org/plugins/index.php?view=single&id=12052 [ * ] http://www.nessus.org/plugins/index.php?view=single&id=12052 [ * ] http://www.nessus.org/plugins/index.php?view=single&id=34477 [ * ] http://www.nessus.org/plugins/index.php?view=single&id=15962 [ * ] http://www.nessus.org/plugins/index.php?view=single&id=42106 [ * ] http://www.nessus.org/plugins/index.php?view=single&id=15456 [ * ] http://www.nessus.org/plugins/index.php?view=single&id=21689 [ * ] http://www.nessus.org/plugins/index.php?view=single&id=12205 [ * ] http://www.nessus.org/plugins/index.php?view=single&id=22182 [ * ] http://www.nessus.org/plugins/index.php?view=single&id=26919 [ * ] http://www.nessus.org/plugins/index.php?view=single&id=26921 [ * ] http://www.nessus.org/plugins/index.php?view=single&id=21696 [ * ] http://www.nessus.org/plugins/index.php?view=single&id=40887 [ * ] http://www.nessus.org/plugins/index.php?view=single&id=10404 [ * ] http://www.nessus.org/plugins/index.php?view=single&id=18027 [ * ] http://www.nessus.org/plugins/index.php?view=single&id=19402 [ * ] http://www.nessus.org/plugins/index.php?view=single&id=11790 [ * ] http://www.nessus.org/plugins/index.php?view=single&id=12209 [ * ] http://www.nessus.org/plugins/index.php?view=single&id=10673

NSE

[ * ] http://www.securitytube.net/video/931
[ * ] http://nmap.org/nsedoc/

NET SCANNERS AND SCRIPTS

[ * ] http://nmap.org/
[ * ] http://asturio.gmxhome.de/software/sambascan2/i.html
[ * ] http://www.softperfect.com/products/networkscanner/
[ * ] http://www.openvas.org/
[ * ] http://tenable.com/products/nessus
[ * ] http://www.rapid7.com/vulnerability-scanner.jsp
[ * ] http://www.eeye.com/products/retina/community

POST EXPLOITATION

[ * ] http://www.awarenetwork.org/home/rattle/source/python/exe2bat.py
[ * ] http://www.phx2600.org/archive/2008/08/29/metacab/
[ * ] http://www.room362.com/blog/2011/9/6/post-exploitation-command-lists.html

NETCAT

[ * ] http://readlist.com/lists/insecure.org/nmap-dev/1/7779.html
[ * ] http://www.radarhack.com/tutorial/ads.pdf
[ * ] http://www.infosecwriters.com/text_resources/pdf/Netcat_for_the_Masses_DDebeer.pdf
[ * ] http://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf
[ * ] http://www.dest-unreach.org/socat/
[ * ] http://www.antionline.com/archive/index.php/t-230603.html
[ * ] http://technotales.wordpress.com/2009/06/14/netcat-tricks/
[ * ] http://seclists.org/nmap-dev/2009/q1/581
[ * ] http://www.terminally-incoherent.com/blog/2007/08/07/few-useful-netcat-tricks/
[ * ] http://www.inguardians.com/research/docs/Skoudis_pentestsecrets.pdf
[ * ] http://gse-compliance.blogspot.com/2008/07/netcat.html

SOURCE INSPECTION

[ * ] http://www.justanotherhacker.com/projects/graudit.html
[ * ] http://code.google.com/p/javasnoop/

FIREFOX ADDONS

[ * ] https://addons.mozilla.org/en-US/firefox/addon/wappalyzer/?src=collection [ * ] https://addons.mozilla.org/en-US/firefox/addon/web-developer/?src=collection [ * ] https://addons.mozilla.org/en-CA/firefox/addon/cookie-quick-manager/ [ * ] https://addons.mozilla.org/en-CA/firefox/addon/hackbartool/

TOOL LISTINGS

[ * ] http://packetstormsecurity.org/files/tags/tool
[ * ] http://tools.securitytube.net/index.php?title=Main_Page

TRAINING/CLASSES SEC/HACKING

[ * ] http://pentest.cryptocity.net/
[ * ] http://www.irongeek.com/i.php?page=videos/network-sniffers-class
[ * ] http://samsclass.info/124/124_Sum09.shtml
[ * ] http://www.cs.ucsb.edu/~vigna/courses/cs279/
[ * ] http://crypto.stanford.edu/cs142/
[ * ] http://crypto.stanford.edu/cs155/
[ * ] http://cseweb.ucsd.edu/classes/wi09/cse227/
[ * ] http://www-inst.eecs.berkeley.edu/~cs161/sp11/
[ * ] http://security.ucla.edu/pages/Security_Talks
[ * ] http://www.cs.rpi.edu/academics/courses/spring10/csci4971/
[ * ] http://cr.yp.to/2004-494.html
[ * ] http://www.ece.cmu.edu/~dbrumley/courses/18732-f09/
[ * ] https://noppa.tkk.fi/noppa/kurssi/t-110.6220/luennot
[ * ] http://stuff.mit.edu/iap/2009/#websecurity

PROGRAMMING Python

[ * ] http://code.google.com/edu/languages/google-python-class/index.html
[ * ] http://www.swaroopch.com/notes/Python_en: Table_of_Contents
[ * ] http://www.thenewboston.com/?cat=40&pOpen=tutorial
[ * ] http://showmedo.com/videotutorials/python
[ * ] http://www.catonmat.net/blog/learning-python-programming-language-through-video-lectures/

PROGRAMMING Ruby

[ * ] http://www.tekniqal.com/

OTHER MISC

[ * ] http://www.cs.sjtu.edu.cn/~kzhu/cs490/
[ * ] https://noppa.tkk.fi/noppa/kurssi/t-110.6220/luennot/
[ * ] http://i-web.iu-tokyo.ac.jp/edu/training/ss/lecture/new-documents/Lectures/
[ * ] http://resources.infosecinstitute.com/
[ * ] http://vimeo.com/user2720399

WEB VECTORS SQLI

[ * ] http://pentestmonkey.net/blog/mssql-sql-injection-cheat-sheet/
[ * ] http://isc.sans.edu/diary.html?storyid=9397
[ * ] http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/
[ * ] http://www.evilsql.com/main/index.php
[ * ] http://xd-blog.com.ar/descargas/manuales/bugs/full-mssql-injection-pwnage.html
[ * ] http://securityoverride.com/articles.php?article_id=1&article=The_Complete_Guide_to_SQL_Injections
[ * ] http://websec.wordpress.com/2010/03/19/exploiting-hard-filtered-sql-injections/
[ * ] http://sqlzoo.net/hack/
[ * ] http://www.sqlteam.com/article/sql-server-versions
[ * ] http://www.krazl.com/blog/?p=3
[ * ] http://www.owasp.org/index.php/Testing_for_MS_Access
[ * ] http://web.archive.org/web/20101112061524/[ * ] http://seclists.org/pen-test/2003/May/0074.html
[ * ] http://web.archive.org/web/20080822123152/[ * ] http://www.webapptest.org/ms-access-sql-injection-cheat-sheet-EN.html
[ * ] http://www.youtube.com/watch?v=WkHkryIoLD0
[ * ] http://layerone.info/archives/2009/Joe%20McCray%20-%20Advanced%20SQL%20Injection%20-%20L1%202009.pdf
[ * ] http://vimeo.com/3418947
[ * ] http://sla.ckers.org/forum/read.php?24,33903
[ * ] http://websec.files.wordpress.com/2010/11/sqli2.pdf
[ * ] http://old.justinshattuck.com/2007/01/18/mysql-injection-cheat-sheet/
[ * ] http://ha.ckers.org/sqlinjection/
[ * ] http://lab.mediaservice.net/notes_more.php?id=MSSQL

WEB VECTORS UPLOAD TRICKS

[ * ] http://www.google.com/#hl=en&q=bypassing+upload+file+type&start=40&sa=N&fp=a2bb30ecf4f91972
[ * ] http://blog.skeptikal.org/2009/11/adobe-responds-sort-of.html
[ * ] http://blog.insicdesigns.com/2009/01/secure-file-upload-in-php-web-applications/
[ * ] http://perishablepress.com/press/2006/01/10/stupid-htaccess-tricks/
[ * ] http://ex.ploit.net/f20/tricks-tips-bypassing-image-uploaders-t3hmadhatt3r-38/
[ * ] http://www.ravenphpscripts.com/article2974.html
[ * ] http://www.acunetix.com/cross-site-scripting/scanner.htm
[ * ] http://www.vupen.com/english/advisories/2009/3634
[ * ] http://msdn.microsoft.com/en-us/library/aa478971.aspx
[ * ] http://dev.tangocms.org/issues/237
[ * ] http://seclists.org/fulldisclosure/2006/Jun/508
[ * ] http://www.gnucitizen.org/blog/cross-site-file-upload-attacks/
[ * ] http://www.ipolicynetworks.com/technology/files/TikiWiki_jhot.php_Script_File_Upload_Security_Bypass_Vulnerability.html
[ * ] http://shsc.info/FileUploadSecurity

WEB VECTORS LFI/RFI

[ * ] http://pastie.org/840199
[ * ] http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/
[ * ] http://www.notsosecure.com/folder2/2010/08/20/lfi-code-exec-remote-root/?utm_source=twitterfeed&utm_medium=twitter
[ * ] http://labs.neohapsis.com/2008/07/21/local-file-inclusion-%E2%80%93-tricks-of-the-trade/
[ * ] http://www.digininja.org/blog/when_all_you_can_do_is_read.php

WEB VECTORS XSS

[ * ] http://www.infosecwriters.com/hhworld/hh8/csstut.htm
[ * ] http://www.technicalinfo.net/papers/CSS.html
[ * ] http://msmvps.com/blogs/alunj/archive/2010/07/07/1773441.aspx
[ * ] http://forum.intern0t.net/web-hacking-war-games/112-cross-site-scripting-attack-defense-guide.html
[ * ] https://media.blackhat.com/bh-eu-10/presentations/Lindsay_Nava/BlackHat-EU-2010-Lindsay-Nava-IE8-XSS-Filters-slides.pdf
[ * ] http://sirdarckcat.blogspot.com/2009/08/our-favorite-xss-filters-and-how-to.html
[ * ] http://www.securityaegis.com/filter-evasion-houdini-on-the-wire/
[ * ] http://heideri.ch/jso/#javascript
[ * ] http://www.reddit.com/r/xss/
[ * ] http://sla.ckers.org/forum/list.php?2

COLDFUSION

[ * ] http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/
[ * ] http://zastita.com/02114/Attacking_ColdFusion..html
[ * ] http://www.nosec.org/2010/0809/629.html
[ * ] http://h30507.www3.hp.com/t5/Following-the-White-Rabbit-A/Adobe-ColdFusion-s-Directory-Traversal-Disaster/ba-p/81964
[ * ] http://cfunited.com/2009/files/presentations/254_ShlomyGantz_August2009_HackProofingColdFusion.pdf

SHAREPOINT

[ * ] http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,6131.msg32678/#msg32678

LOTUS

[ * ] http://blog.ombrepixel.com/post/2009/05/06/Lotus-Notes/Domino-Security
[ * ] http://seclists.org/pen-test/2002/Nov/43
[ * ] http://www.sectechno.com/2010/07/12/hacking-lotus-domino/?

JBOSS

[ * ] http://www.nruns.com/_downloads/Whitepaper-Hacking-jBoss-using-a-Browser.pdf
[ * ] http://blog.mindedsecurity.com/2010/04/good-bye-critical-jboss-0day.html

VMWARE WEB

[ * ] http://www.metasploit.com/modules/auxiliary/scanner/[ * ] http/vmware_server_dir_trav

ORACLE APP SERVERS

[ * ] http://www.hideaway.net/2007/07/hacking-oracle-application-servers.html
[ * ] http://www.owasp.org/index.php/Testing_for_Oracle
[ * ] http://www.ngssoftware.com/services/software-products/internet-security/orascan.aspx
[ * ] http://www.ngssoftware.com/services/software-products/Database-Security/NGSSQuirreLOracle.aspx
[ * ] http://www.ngssoftware.com/papers/hpoas.pdf

SAP

[ * ] http://www.onapsis.com/research.html#bizploit
[ * ] http://marc.info/?l=john-users&m=121444075820309&w=2
[ * ] http://www.phenoelit-us.org/whatSAP/index.html

WIRELESS

[ * ] http://code.google.com/p/pyrit/

CAPTURE THE FLAG/WARGAMES

[ * ] http://intruded.net/
[ * ] http://smashthestack.org/
[ * ] http://flack.hkpco.kr/
[ * ] http://ctf.hcesperer.org/
[ * ] http://ictf.cs.ucsb.edu/
[ * ] http://capture.thefl.ag/calendar/

MISC/UNSORTED

[ * ] http://www.ikkisoft.com/stuff/SMH_XSS.txt
[ * ] http://securestate.blogspot.com/2010/08/xfs-101-cross-frame-scripting-explained.html?utm_source=twitterfeed&utm_medium=twitter [ * ] http://whatthefuckismyinformationsecuritystrategy.com/
[ * ] http://video.google.com/videoplay?docid=4379894308228900017&q=owasp#
[ * ] http://video.google.com/videoplay?docid=4994651985041179755&ei=_1k4TKj-PI-cqAPioJnKDA&q=deepsec#
[ * ] http://www.sensepost.com/blog/4552.html
[ * ] http://blog.zenone.org/2009/03/pci-compliance-disable-sslv2-and-weak.html
[ * ] http://threatpost.com/en_us/blogs/hd-moore-metasploit-exploitation-and-art-pen-testing-040210
[ * ] http://carnal0wnage.attackresearch.com/node/410
[ * ] http://www.cs.ucsb.edu/~adoupe/static/black-box-scanners-dimva2010.pdf
[ * ] http://www.spy-hunter.com/Database_Pen_Testing_ISSA_March_25_V2.pdf
[ * ] http://perishablepress.com/press/2006/01/10/stupid-htaccess-tricks/

====== BLOGS ====== http://carnal0wnage.attackresearch.com/2012/01/psexec-fail-upload-and-exec-instead.html http://overthewire.org/wargames/narnia/ https://github.com/StevenVanAcker/OverTheWire-website https://github.com/StevenVanAcker/OverTheWire-draco-website

===== TOOLS ===== https://github.com/Gallopsled/pwntools http://mh-nexus.de/en/downloads.php?product=HxD https://www.securepla.net/antivirus-now-you-see-me-now-you-dont https://www.securepla.net/password-cracking-for-fun-and-profit/ http://www.nullsecurity.net/tools/binary.html http://www.irongeek.com/i.php?page=videos/hack3rcon5/h01-intro-to-powershell-scripting-for-security

Metasploitable 2 Exploitability Guide -https://community.rapid7.com/docs/DOC-1875

The Art of Writing Penetration Test Reports -http://resources.infosecinstitute.com/writing-penetration-testing-reports/

http://www.serverhardening.com/

About the archive bit and backup methods -https://support.symantec.com/en_US/article.HOWTO22710.html

Introductory Intel x86: Architecture, Assembly, Applications, & Alliteration - http://opensecuritytraining.info/IntroX86.html

[Exploit tutorial: Buffer Overflow] - https://www.reddit.com/r/hacking/comments/1wy610/exploit_tutorial_buffer_overflow/

Exploit writing tutorial part 1 : Stack Based Overflows - https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/

Introduction To Software Exploits - http://opensecuritytraining.info/Exploits1.html

Protostar Exploits Exercises - https://exploit-exercises.com/protostar/

Wargames - http://overthewire.org/wargames/narnia/

http://archive.cert.uni-stuttgart.de/vuln-dev/2006/05/msg00004.html http://www.infigo.hr/files/INFIGO-TD-2006-04-01-Fuzzing-eng.pdf http://challenges.re/ http://shell-storm.org/ https://samsclass.info/

-> Much thanks to MrTsRex for Cheatsheet_Windows.txt enumerating Windows version vulnerabilities

-> Much thanks to susmithaaa for his contribution to Cheatsheet_PenTesting.txt password attacks section

-> Much thanks to akshaycbor for his contribution to Cheatsheet_MobileAppTesting.txt regarding apk repackaging instructions

+ UPDATE: Added my huge link of bookmarks / references ❤️

A_Can_Of_Tuna

Webp net-resizeimage