Cyber Security Resources 0x01

All you need, when you need


anonyops communications
anony0ps news
the wiki leaks forum


McGrew Security
Blog -
Jeremiah Grossman
omg wtf bbq
Security and Networking
Digital Soapbox
tssci security
Blog - Gotham Digital Science
Reiners Weblog
Bernardo Damele A. G.
Laramies Corner
Attack and Defense Labs
Billy (BK) Rios
Common Exploits
extern blog SensePost;
Weapons of Mass Analysis
Exploit KB
Security Reliks
Reusable Security
SpiderLabs Anterior
Corelan Team | Peter Van Eeckhoutte (corelanc0d3r)
Home Of PaulDotCom Security Podcast
Attack Vector
Alpha One Labs
Nullthreat Security
Archangel Amael’s BT Tutorials
memset’s blog
it has omg security skills
Security Ninja
Security and risk
GRM n00bs
PenTestIT — Your source for Information Security Related information!
Rupesh hack world
anonymous news
anonops communications
projectX blog
Osmocom BB(track sim cards)
hackerz adda
Avert labs
beenu arora
Debanshish mandals blog
dark coder Sec home
hacker spaces(labs) around the world

SCADA(supervisory control and data acquisition)exploits videos,white papers

SCADA devices on internet
find vulnerable SCADA systems & exploits
SCADA system vulnerablities to cyber attack
SCADA Security and research tools


BackTrack Forums
InterN0T forum
Government Security
Hack This Site Forum
iExploit Hacking Forum
Security Override
anti-online forums


(IN)SECURE Magazine
the hackernews magazine


The Hacker News Network
Security Tube
Irongeek -Hacking Illustrated
SecCon Archive
YouTube - ChRiStIaAn008’s Channel
YouTube - HackingCons’s Channel
SQl injection Via XSS


Penetration Testing Framework
The Penetration Testing Execution Standard
Web Application Security Consortium (WASC)
OWASP top 10
Owasp mantra penetration testing Browser

OSINT(Open-source intelligence)


Enterprise Open Source Intelligence Gathering Part 1 Social Networks
Enterprise Open Source Intelligence Gathering Part 2 Blogs, Message Boards and Metadata
Enterprise Open Source Intelligence Gathering Part 3 Monitoring and Social Media Policies
Tactical Information Gathering
document_metadata_the_silent_killer__32974 (application/pdf Object)
footprinting - passive information gathering before a pentest

People and Organizational - People Search - Business Directory
Business Network - Social Network for Business Professionals
Pipl - People Search
Free People Search by ZabaSearch!
Free People Finder and Company Search | SearchBug
Free People Search
Addictomatic: Inhale the Web
Real Time Search - Social Mention
EntityCube | No. 1 free people search - Find anyone on the web - search, find and discover interesting people on twitter
TweepSearch :: Twitter Profile and Bio Search - Company Salaries and Reviews
Jigsaw Business Contact Directory
Full Text Search
TinEye Reverse Image Search
PicFog - Quick Image Search
Twapper Keeper - “We save tweets” - Archive Tweets
White Pages | Email Lookup | People Find Tools at The Ultimates


Netcraft Uptime Survey
SHODAN - Computer Search Engine
Domain Tools: Whois Lookup and Domain Suggestions
Free online network utilities - traceroute, nslookup, automatic whois lookup, ping, finger
WHOIS and Reverse IP Service
MSN IP Search
SSL Labs - Projects / Public SSL Server Database - SSL Server Test
MyIPNeighbors Reverse IP Lookup
Google Hacking Database, GHDB, Google Dorks
Domain - reports and all about ips, networks and dns
net toolkit::index
Network tools

Exploits and Advisories

The Exploit Database
.:[ packet storm ]:.
OSVDB: The Open Source Vulnerability Database
SecDocs IT Security and Hacking knowledge base
CVE security vulnerability database
CVE - Common Vulnerabilities and Exposures (CVE)
r00t w0rm forums & exploits
exploit packs table
router Pwn

Cheat sheets and Syntax

Big Port DB | Cirt
Cheat Sheet : All Cheat Sheets in one page
Security Advancements at the Monastery » Blog Archive » What’s in Your Folder: Security Cheat Sheets

Agile hacking

Agile Hacking: A Homegrown Telnet-based Portscanner | GNUCITIZEN
Command Line Kung Fu
Simple yet effective: Directory Bruteforcing
The Grammar of WMIC
Windows Command-Line Kung Fu with WMIC
Windows CMD Commands
running a command on every mac
Syn: Command-Line Ninjitsu
WMIC, the other OTHER white meat.
Hacking Without Tools: Windows - RST
Pentesting Ninjitsu 1
Pentesting Ninjitsu 2 Infrastructure and Netcat without Netcat
[PenTester Scripting]

POS and scripts

IPv4 subnetting reference - Wikipedia, the free encyclopedia
All the Best Linux Cheat Sheets
SHELLdorado - Shell Tips & Tricks (Beginner)
Linux Survival :: Where learning Linux is easy
BashPitfalls - Greg’s Wiki
Rubular: a Ruby regular expression editor and tester
Useful commands for Windows administrators
All the Best Linux Cheat Sheets
Basic linux commands - google EDU
My SQL databases basics


Sh3lls Yokoso!
AJAX/PHP Command Shell
php and asp common shells


netcat cheat sheet (ed skoudis)
nessus/nmap (older)
hping3 cheatsheet
Nmap 5 (new)
MSF, Fgdump, Hping
Metasploit meterpreter cheat sheet reference
Netcat cheat sheet


hide my ass
free VPN
hot spot sheild
proxy list


BackTrack Linux
Matriux linux
Samurai Web Testing Framework
OWASP Live CD Project
Welcome to Linux From Scratch!
SUMO Linux
pentesting packages for ubuntu
BackBox Linux | Flexible Penetration Testing Distribution


ISO and vmwares

Web Security Dojo
OWASP Broken Web applications Project
Pentest Live CDs
:: moth - Bonsai Information Security ::
Metasploit: Introducing Metasploitable
Holynix pen-test distribution
LAMPSecurity LiveCD
Virtual Hacking Lab
Mutillidae: A Deliberately Vulnerable Set Of PHP Scripts
The ButterFly - Security Project

Vulnerable software

Old Version Downloads -
Web Application exploits, php exploits, asp exploits
wavsep - Web Application Vulnerability Scanner Evaluation Project
OWASP SiteGenerator - OWASP
Hacme Books | McAfee Free Tools
Hacme Casino v1.0 | McAfee Free Tools
Hacme Shipping | McAfee Free Tools
Hacme Travel | McAfee Free Tools
Damn Vulnerable Web App - DVWA

TEst sites

Test Site
CrackMeBank Investments
acutinex test site
ASP site of acutinex
Home of Acunetix test site(php)
Altoro Mutual

Explotiation intro

Exploitation - it-sec-catalog - References to vulnerability exploitation stuff. - Project Hosting on Google Code
Myne-us: From 0x90 to 0x4c454554, a journey into exploitation.
Past, Present, Future of Windows Exploitation | Abysssec Security Research
Smash the Stack 2010
The Ethical Hacker Network - Smashing The Modern Stack For Fun And Profit
x9090’s Blog: [TUTORIAL] Exploit Writting Tutorial From Basic To Intermediate
X86 Opcode and Instruction Reference

Reverse engineering and malwares

TiGa’s IDA Video Tutorial Site
Binary Auditing
Offensive Computing | Community Malicious code research and analysis

Passwords and HAsh3S

Password Exploitation Class
Default Passwords Database
Sinbad Security Blog: MS SQL Server Password Recovery
Foofus Networking Services - Medusa::SMBNT
LM/NTLM Challenge / Response Authentication - Foofus.Net Security Stuff
MD5 Crackers | Password Recovery | Wordlist Downloads
Password Storage Locations For Popular Windows Applications
Online Hash Crack MD5 / LM / NTLM / SHA1 / MySQL - Passwords recovery - Reverse hash lookup Online - Hash Calculator
Requested MD5 Hash queue
Virus.Org default passwords
Default Password List
Electric Alchemy: Cracking Passwords in the Cloud: Breaking PGP on EC2 with EDPR


“Crack Me If You Can” - DEFCON 2011
Packet Storm Word Lists
Passwords - SkullSecurity
Index of /passwd/passwords

Pass the hash

pass-the-hash-attacks-tools-mitigation_33283 (application/pdf Object)
crack-pass-hash_33219 (application/pdf Object)


Introduction to dsniff - GIAC Certified Student Practical
dsniff-n-mirror.pdf (application/pdf Object)
dsniff.pdf (application/pdf Object)
A Hacker’s Story: Let me tell you just how easily I can steal your personal data -
ECCE101.pdf (application/pdf Object)
3.pdf (application/pdf Object)
Seven_Deadliest_UC_Attacks_Ch3.pdf (application/pdf Object)
cracking-air.pdf (application/pdf Object)
bh-europe-03-valleri.pdf (application/pdf Object)
Costa.pdf (application/pdf Object)
defcon-17-sam_bowne-hijacking_web_2.0.pdf (application/pdf Object)
Live_Hacking.pdf (application/pdf Object)
PasstheParcel-MITMGuide.pdf (application/pdf Object)
2010JohnStrandKeynote.pdf (application/pdf Object)
18.Ettercap_Spoof.pdf (application/pdf Object)
EtterCap ARP Spoofing & Beyond.pdf (application/pdf Object)
Fun With EtterCap Filters.pdf (application/pdf Object)
The_Magic_of_Ettercap.pdf (application/pdf Object)
arp_spoofing.pdf (application/pdf Object)
Ettercap(ManInTheMiddleAttack-tool).pdf (application/pdf Object)
ICTSecurity-2004-26.pdf (application/pdf Object)
ettercap_Nov_6_2005-1.pdf (application/pdf Object) Mallory is More than a Proxy
Thicknet: It does more than Oracle, Steve Ocepek securityjustice on USTREAM. Computers



Edge-Security - theHarvester- Information Gathering
DNSTRACER man-page
Maltego 3


document-metadata-silent-killer_32974 (application/pdf Object)
[strike out]
ExifTool by Phil Harvey
Edge-Security - Metagoofil - Metadata analyzer - Information Gathering
Security and Networking - Blog - Metadata Enumeration with FOCA

Google hacking

Midnight Research Labs - SEAT
Google Hacking Diggity Project Stach & Liu


BlindElephant Web Application Fingerprinter
XSSer: automatic tool for pentesting XSS attacks against different applications
RIPS | Download RIPS software for free at
Attack and Defense Labs - Tools
Using sqid (SQL Injection Digger) to look for SQL Injection
XSSer: automatic tool for pentesting XSS attacks against different applications
unicode-fun.txt Packet Storm
HCON security testing framework

Attack strings

fuzzdb - Project Hosting on Google Code
OWASP Fuzzing Code Database - OWASP


w3af - Web Application Attack and Audit Framework
skipfish - Project Hosting on Google Code
sqlmap: automatic SQL injection & database takeover tool
SQID - SQL Injection digger
XSS scanner in python
WindowsAttack - fimap - Windows Attacking Example - Project Hosting on Google Code
fm-fsf - Project Hosting on Google Code
News :: Arachni - Web Application Security Scanner Framework
rfiscan Packet Storm
lfi-rfi2 scanner Packet Storm
inspathx Tool For Finding Path Disclosure Vulnerabilities
DotDotPwn - The Directory Traversal Fuzzer 2.1 Packet Storm


Burp proxy

fuzzing-approach-credentials-discovery-burp-intruder_33214 (application/pdf Object)
Constricting the Web: The GDS Burp API - Gotham Digital Science
Browse Belch - Burp External Channel v1.0 Files on
Burp Suite Tutorial Repeater and Comparer Tools Security Ninja
w3af in burp
Attack and Defense Labs - Tools
burp suite tutorial - English

SensePost - reDuh - HTTP Tunneling Proxy
OWASP WebScarab NG Project - OWASP
Mallory: Transparent TCP and UDP Proxy Intrepidus Group - Insight
Fiddler Web Debugger - A free web debugging tool
Watcher: Web security testing tool and passive vulnerability scanner
koto/squid-imposter - GitHub

S0cial engineering

Social Engineering Toolkit


Jhon The Ripper
keimpx in action | 0x3f
keimpx - Project Hosting on Google Code
MD5 decrypter/A>


markremark: Reverse Pivots with Metasploit - How NOT to make the lightbulb
WmapNikto - msf-hack - One-sentence summary of this page. - Project Hosting on Google Code
markremark: Metasploit Visual Basic Payloads in action
Metasploit Mailing List
PaulDotCom: Archives
OpenSSH-Script for meterpreter available !
Metasploit: Automating the Metasploit Console
Deploying Metasploit as a Payload on a Rooted Box Tutorial
Metasploit/MeterpreterClient - Wikibooks, collection of open-content textbooks
SecTor 2010 - HD Moore - Beyond Exploits on Vimeo
XLSinjector Milo2012’s Security Blog

(automating msf) UAV-slides.pdf
Metasploit Unleashed
Metasploit Class Videos (Hacking Illustrated Series InfoSec Tutorial Videos)
Metasploit Megaprimer 300+ mins of video
Metasploit Tips and Tricks - Ryan Linn
OffSecOhioChapter, Metasploit Class2 - Part1
OffSecOhioChapter, Metasploit Class2 - Part2
OffSecOhioChapter, Metasploit Class2 - Part3

Nmap scirpting engine

Nmap Scripting Engine Primer Tutorial
NSEDoc Reference Portal

Net Scanners & Scripts

sambascan2 - SMB scanner
SoftPerfect Network Scanner
Nessus Community | Tenable Network Security
Nexpose Community | Rapid7
Retina Community

Post exploitation
Metacab | PHX2600


Re: Your favorite Ncat/nc/Netcat trick? -
ads.pdf (application/pdf Object)
Netcat_for_the_Masses_DDebeer.pdf (application/pdf Object)
netcat_cheat_sheet_v1.pdf (application/pdf Object)
NetCat tutorial: Day1 [Archive] - Antionline Forums - Maximum Security for a Connected World
Netcat tricks Jonathans Techno-tales
Nmap Development: Re: Your favorite Ncat/nc/Netcat trick?
Few Useful Netcat Tricks Terminally Incoherent
Skoudis_pentestsecrets.pdf (application/pdf Object)
Cracked, inSecure and Generally Broken: Netcat
Ncat for Netcat Users

Source inspection

Graudit - Just Another Hacker
javasnoop - Project Hosting on Google Code

Useful firefox addons

David’s Pen Testing (Security) Collection :: Collections :: Pengaya untuk Firefox
OSVDB :: Add-ons for Firefox
Packet Storm search plugin. :: Add-ons for Firefox
Default Passwords - :: Add-ons for Firefox
Offsec Exploit-db Search :: Add-ons for Firefox
OVAL repository search plugin :: Add-ons for Firefox
CVE dictionary search plugin :: Add-ons for Firefox
HackBar :: Add-ons for Firefox

Tool listings

Security and Hacking Tools
Top 125 hacking tools



Penetration Testing and Vulnerability Analysis - Home
Network Sniffers Class for the Kentuckiana ISSA 2011 (Hacking Illustrated Series InfoSec Tutorial Videos)
CNIT 124: Advanced Ethical Hacking – Sam Bowne
CS 279 - Advanced Topics in Security
CS142 Web Programming and Security - Stanford
CS155 Computer and Network Security - Stanford
CSE 227: Computer Security - UCSD
CS 161: Computer Security - UC Berkley
Security Talks - UCLA
CSCI 4971 Secure Software Principles - RPI
MCS 494 UNIX Security Holes
Software Security - CMU
T-110.6220 Special Topics in Ifocsec -TKK
Sec and Infosec Related - MIT



Google’s Python Class - Google’s Python Class - Google Code
Python en:Table of Contents - Notes
TheNewBoston Free Educational Video Tutorials on Computer Programming and More! » Python
Python Videos, Tutorials and Screencasts
Learning Python Programming Language Through Video Lectures - good coders code, great reuse


Video Tutorials - Technology Demonstrations -


CS490 Windows Internals
Lectures - Noppa - TKK
Index of /edu/training/ss/lecture/new-documents/Lectures
InfoSec Resources
Robert Hansen on Vimeo

WEB vectors

SQl injection & tools

MSSQL Injection Cheat Sheet -
SQL Injection Cheat Sheet
EvilSQL Cheatsheet
RSnake SQL Injection Cheatsheet SQLi Cheatsheet
MySQL Injection Cheat Sheet
Full MSSQL Injection PWNage
MS Access SQL Injection Cheat Sheet krazl bloggerholic
MS Access SQL Injection Cheat Sheet
Penetration Testing: Access SQL Injection
Testing for MS Access - OWASP
Security Override - Articles: The Complete Guide to SQL Injections
Obfuscated SQL Injection attacks
Exploiting hard filtered SQL Injections Reiners Weblog
SQL Injection Attack
YouTube - Joe McCray - Advanced SQL Injection - LayerOne 2009
Joe McCray - Advanced SQL Injection - L1 2009.pdf (application/pdf Object)
Joseph McCray SQL Injection web application security forum :: Obfuscation :: SQL filter evasion
sqli2.pdf (application/pdf Object)
SQL Server Version -
Overlooked SQL Injection 20071021.pdf (application/pdf Object)
SQLInjectionCommentary20071021.pdf (application/pdf Object)
SQLi attack and Defence(application/PDF)

Shell and file upload tricks

bypassing upload file type - Google Search Adobe Responds… Sort Of
Secure File Upload in PHP Web Applications |INSIC DESIGNS
Stupid htaccess Tricks Perishable Press
Tricks and Tips: Bypassing Image Uploaders. - By: t3hmadhatt3r
Security FCKeditor ADS File Upload Vulnerability - Windows Only
Cross Site Scripting scanner Free XSS Security Scanner
VUPEN - Microsoft IIS File Extension Processing Security Bypass Vulnerability / Exploit (Security Advisories - VUPEN/ADV-2009-3634)
Uploading Files Using the File Field Control
TangoCMS - Security #237: File Upload Filter Bypass in TangoCMS <=2.5.0 - TangoCMS Project
Full Disclosure: Zeroboard File Upload & extension bypass Vulnerability
Cross-site File Upload Attacks | GNUCITIZEN
TikiWiki jhot.php Script File Upload Security Bypass Vulnerability
FileUploadSecurity - SH/SC Wiki

Exploiting PHP File Inclusion Overview Reiners Weblog
LFI..Code Exec..Remote Root!
Local File Inclusion Tricks of the Trade Neohapsis Labs
Blog, When All You Can Do Is Read - DigiNinja


The Anatomy of Cross Site Scripting
Whitepapers -
Cross-Site Scripting (XSS)no script required - Tales from the Crypto
Guide Cross Site Scripting - Attack and Defense guide - InterN0T - Underground Security Training
BlackHat-EU-2010-Lindsay-Nava-IE8-XSS-Filters-slides.pdf (application/pdf Object)
sirdarckcat: Our Favorite XSS Filters and how to Attack them
Filter Evasion Houdini on the Wire Security Aegis
HTML5 Security Cheatsheet
XSS - Cross Site Scripting web application security forum :: XSS Info
[DOM Based Cross Site Scripting or XSS of the Third Kind] Web Security Articles - Web Application Security Consortium
What’s Possible with XSS?
XSS attacks and Defence


ColdFusion directory traversal FAQ (CVE-2010-2861) | GNUCITIZEN
Attacking ColdFusion. | Sigurnost i zastita informacija
Attacking ColdFusion
HP Blogs - Adobe ColdFusion’s Directory Traversal Disaster - The HP Blog Hub
254_ShlomyGantz_August2009_HackProofingColdFusion.pdf (application/pdf Object)
Adobe XML Injection Metasploit Module |
Computer Security Blog: PR10-08 Various XSS and information disclosure flaws within Adobe ColdFusion administration console


The Ethical Hacker Network - Pen Testing Sharepoint


Lotus Notes/Domino Security - David Robert’s -castlebbs- Blog
Penetration Testing: Re: Lotus Notes
Hacking Lotus Domino | SecTechno


Whitepaper-Hacking-jBoss-using-a-Browser.pdf (application/pdf Object)
Minded Security Blog: Good Bye Critical Jboss 0day


Metasploit Penetration Testing Framework - Module Browser


hideaway [dot] net: Hacking Oracle Application Servers
Testing for Oracle - OWASP
NGSSQuirreL for Oracle
hpoas.pdf (application/pdf Object)


Onapsis | Research Labs
‘[john-users] patch for SAP-passwords (BCODE & PASSCODE)’ - MARC
Phenoelit SAP exploits

Wireless hacks

pyrit - WPA/WPA2-PSK and a world of affordable many-core platforms - Google Project Hosting

CApture flag/WAR games
SmashTheStack Wargaming Network
flack &
HC’s Capture the Flag site
CTF Calendar


Information Security Conferences Calnedar(all in one)


Low orbit ion cannon (mass DDOSer)
IRON browser(hackers browser)
XFS 101: Cross-Frame Scripting Explained | SecureState Information Security Blog
What The Fuck Is My Information Security Strategy?
DeepSec 2007 - Aaron Portnoy Cody Pierce - RPC Auditing Tools and Techniques
extern blog SensePost;
Zen One: PCI Compliance - Disable SSLv2 and Weak Ciphers
HD Moore on Metasploit, Exploitation and the Art of Pen Testing | threatpost
Network Time Protocol (NTP) Fun |
black-box-scanners-dimva2010.pdf (application/pdf Object)
Database_Pen_Testing_ISSA_March_25_V2.pdf (application/pdf Object)
Stupid htaccess Tricks Perishable Press

H4ppy H@ck!ng