Skip to content

CyberSec Resources: FRAMEWORKS & STANDARDS; Pentesting Audits & Hacking; PURPLE TEAMING, AD, API, web, clouds, CTF, OSINT, Pentest tools, Network Security, Privilege escalation, Exploiting, Reversing, Secure Code, Bug Bounty, ...

Notifications You must be signed in to change notification settings

txuswashere/pentesting

Folders and files

NameName
Last commit message
Last commit date

Latest commit

ย 

History

16 Commits
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 
ย 

Repository files navigation

pentesting

This image owns Daniel Miessler https://danielmiessler.com/

CyberSec Resources: Pentesting, OSINT, Pentest tools, Network Security, Privilege escalation, Exploiting, Reversing, Secure Code, Bug Bounty, Mobile Apps pentesting, FRAMEWORKS & STANDARDS, Pentest Audits & Hacking; PURPLE TEAMING, AD, API, web, clouds & CTF, ...

PHASES OF A PENTEST

This image owns Gabrielle B https://github.com/CSbyGB

๐Ÿ‘‰ ๐—ช๐—ต๐—ฎ๐˜ ๐—ฎ๐—ฟ๐—ฒ ๐˜๐—ต๐—ฒ ๐—ฝ๐—ต๐—ฎ๐˜€๐—ฒ๐˜€ ๐—ผ๐—ณ ๐—ฃ๐—ฒ๐—ป๐˜๐—ฒ๐˜€๐˜

๐ŸŒŸ Basis of penetration testing execution by the PTES http://www.pentest-standard.org/index.php/Main_Page

๐ŸŒŸ Penetration Testing Phases & Steps Explained by Ray Fernandez on Esecurityplanet: https://www.esecurityplanet.com/networks/penetration-testing-phases/

๐Ÿ‘‰ ๐—ฃ๐—ฟ๐—ฒ-๐—˜๐—ป๐—ด๐—ฎ๐—ด๐—ฒ๐—บ๐—ฒ๐—ป๐˜

๐ŸŒŸ Pre-engagement by the PTES http://www.pentest-standard.org/index.php/Pre-engagement

๐ŸŒŸ Scoping a pentest on PentesterLab https://blog.pentesterlab.com/scoping-f3547525f9df

๐ŸŒŸ Pentest Scope Worksheet by SANS https://www.sans.org/posters/pen-test-scope-worksheet/

๐ŸŒŸ API Pentesting 101: The rules of Engagement by Dana Epp https://danaepp.com/api-pentesting-101-the-rules-of-engagement

๐ŸŒŸ Pentest Rules of Engagement Worksheet by SANS https://www.sans.org/posters/pen-test-rules-of-engagement-worksheet/

๐Ÿ‘‰ ๐—œ๐—ป๐˜๐—ฒ๐—น๐—น๐—ถ๐—ด๐—ฒ๐—ป๐—ฐ๐—ฒ ๐—š๐—ฎ๐˜๐—ต๐—ฒ๐—ฟ๐—ถ๐—ป๐—ด

๐ŸŒŸ Intelligence Gathering by the PTES http://www.pentest-standard.org/index.php/Intelligence_Gathering

๐ŸŒŸ Gabrielle B's post of resources about OSINT This image owns Gabrielle B https://github.com/CSbyGB

OSINT is often part of a pentest.

If you want to learn more about it or specialize in it. Here are some resources!

๐Ÿ‘‰ Check out The Ultimate OSINT collection by Hatless1der: https://start.me/p/DPYPMz/the-ultimate-osint-collection

๐Ÿ‘‰ Have a look at this 5 hours free course by TCM Security https://youtu.be/qwA6MmbeGNo https://www.linkedin.com/company/tcm-security-inc/

๐Ÿ‘‰ Check out this article by Giancarlo Fiorella on Bellingcat: https://www.bellingcat.com/resources/2021/11/09/first-steps-to-getting-started-in-open-source-research/

๐Ÿ‘‰ Check out this amazing list of Tools and Resources by onlineosint: https://osint.link/

๐ŸŒŸ The OSINT Framework by jnordine https://osintframework.com/

๐ŸŒŸ Gabrielle B's pentips about Information Gathering https://csbygb.gitbook.io/pentips/ethical-hacking-general-methodology/information-gathering

๐ŸŒŸ Understanding the Steps of Footprinting on Cybersecurity Exchange https://www.eccouncil.org/cybersecurity-exchange/penetration-testing/footprinting-steps-penetration-testing/

๐ŸŒŸ Passive Information Gathering for pentesting https://www.dummies.com/article/academics-the-arts/study-skills-test-prep/comptia-pentestplus/passive-information-gathering-for-pentesting-275726/

๐ŸŒŸ Active information Gathering for pentesting https://www.dummies.com/article/academics-the-arts/study-skills-test-prep/comptia-pentestplus/active-information-gathering-for-pentesting-275736/

๐Ÿ‘‰ ๐—ง๐—ต๐—ฟ๐—ฒ๐—ฎ๐˜ ๐— ๐—ผ๐—ฑ๐—ฒ๐—น๐—ถ๐—ป๐—ด

๐ŸŒŸ Threat Modeling by the PTES http://www.pentest-standard.org/index.php/Threat_Modeling

๐ŸŒŸ Threat modeling 101 Infosec resources https://resources.infosecinstitute.com/topic/applications-threat-modeling/

๐Ÿ‘‰ ๐—ฉ๐˜‚๐—น๐—ป๐—ฒ๐—ฟ๐—ฎ๐—ฏ๐—ถ๐—น๐—ถ๐˜๐˜† ๐—”๐—ป๐—ฎ๐—น๐˜†๐˜€๐—ถ๐˜€

๐ŸŒŸ Vulnerability Analysis by the PTES http://www.pentest-standard.org/index.php/Vulnerability_Analysis

๐ŸŒŸ Gabrielle B's pentips about Scanning & Enumeration https://csbygb.gitbook.io/pentips/ethical-hacking-general-methodology/scanenum

๐ŸŒŸ What is Vulnerability Analysis and How Does It work on Cybersecurity Exchange https://www.eccouncil.org/cybersecurity-exchange/ethical-hacking/conduct-a-vulnerability-analysis/

๐ŸŒŸ NCSC Guide for vulnerability management https://www.ncsc.gov.uk/guidance/vulnerability-management

๐Ÿ‘‰ ๐—˜๐˜…๐—ฝ๐—น๐—ผ๐—ถ๐˜๐—ฎ๐˜๐—ถ๐—ผ๐—ป

๐ŸŒŸ Exploitation by the PTES http://www.pentest-standard.org/index.php/Exploitation

๐ŸŒŸ Gabrielle B's pentips about Exploitation https://csbygb.gitbook.io/pentips/ethical-hacking-general-methodology/exploitation

๐ŸŒŸ The Exploitation Phase in Penetration Testing by Gaurav Tiwari https://gauravtiwari.org/exploitation-phase-in-penetration-testing/

๐Ÿ‘‰ ๐—ฃ๐—ผ๐˜€๐˜ ๐—˜๐˜…๐—ฝ๐—น๐—ผ๐—ถ๐˜๐—ฎ๐˜๐—ถ๐—ผ๐—ป

๐ŸŒŸ Post Exploitation by the PTES http://www.pentest-standard.org/index.php/Post_Exploitation

๐ŸŒŸ Introduction to Post-Exploitation Phase on geeksforgeeks https://www.geeksforgeeks.org/introduction-to-post-exploitation-phase/

๐ŸŒŸ 9 Post Exploitation Tools for Your next Penetration Test https://bishopfox.com/blog/post-exploitation-tools-for-pen-test

๐Ÿ‘‰ ๐—ฅ๐—ฒ๐—ฝ๐—ผ๐—ฟ๐˜๐—ถ๐—ป๐—ด

๐ŸŒŸ Reporting by the PTES http://www.pentest-standard.org/index.php/Reporting

๐ŸŒŸ Gabrielle B's pentips on reporting https://csbygb.gitbook.io/pentips/reporting/pentest-report

REPORTING

This image owns Gabrielle B https://github.com/CSbyGB

๐Ÿ‘‰ ๐—ฆ๐˜๐—ฟ๐˜‚๐—ฐ๐˜๐˜‚๐—ฟ๐—ฒ ๐—ผ๐—ณ ๐—ฎ ๐—ฝ๐—ฒ๐—ป๐˜๐—ฒ๐˜€๐˜ ๐—ฟ๐—ฒ๐—ฝ๐—ผ๐—ฟ๐˜

๐ŸŒŸ Gabrielle B's article on how to write a pentest report: https://csbygb.gitbook.io/pentips/reporting/pentest-report

๐Ÿ‘‰ ๐—›๐—ผ๐˜„ ๐˜๐—ผ ๐˜๐—ฎ๐—ธ๐—ฒ ๐—ป๐—ผ๐˜๐—ฒ๐˜€

๐ŸŒŸ Cherry Tree https://www.giuspen.com/cherrytree/

๐ŸŒŸ Joplin https://joplinapp.org/

๐ŸŒŸ Keepnote http://keepnote.org/

๐Ÿ‘‰ ๐—ง๐—ถ๐—ฝ๐˜€ ๐—ณ๐—ฟ๐—ผ๐—บ ๐—˜๐˜…๐—ฝ๐—ฒ๐—ฟ๐˜๐˜€

๐ŸŒŸ Writing Tips for IT Professionals by Lenny Zeltser https://zeltser.com/writing-tips-for-it-professionals/

๐ŸŒŸ How to write a Penetration Testing Report by HackerSploit https://www.youtube.com/watch?v=J34DnrX7dTo

๐Ÿ‘‰ ๐—”๐˜‚๐˜๐—ผ๐—บ๐—ฎ๐˜๐—ถ๐—ผ๐—ป

๐ŸŒŸ Blackstone project by micro-joan https://github.com/micro-joan/BlackStone

๐ŸŒŸ Pentext by Radically Open Security https://github.com/radicallyopensecurity/pentext

๐Ÿ‘‰ ๐—˜๐˜…๐—ฎ๐—บ๐—ฝ๐—น๐—ฒ๐˜€ ๐—ผ๐—ณ ๐—ฟ๐—ฒ๐—ฝ๐—ผ๐—ฟ๐˜๐˜€

๐ŸŒŸ A list of public pentest reports by juliocesarfort https://github.com/juliocesarfort/public-pentesting-reports

๐ŸŒŸ A list of bug bounty writeup on Pentester Land https://pentester.land/writeups/

PENTEST TOOLS

This image owns Gabrielle B https://github.com/CSbyGB

๐Ÿ‘‰ See Rajneesh Guptaโ€™s post about some of the Practical web Pentesting tools. He even share them according to the pentest steps: https://www.linkedin.com/posts/rajneeshgupta01_web-pentesting-practical-tools-activity-6946808678402375680-CJjt/

Some of the practical Web Pentesting Tools!

๐Ÿ‘‰ Reconnaisaance

โœ” Nmap - Web Service detection

โœ” Nessus - Automated Scan

โœ” Skipfish - Web App Active Scanning for vulnerabilities

๐Ÿ‘‰ Mapping/Discovery

โœ” Burp-Suite- Web Proxy

โœ” OWASP ZAP - Web Proxy

๐Ÿ‘‰ Exploitation

โœ” Metasploit Framework: Exploitation tool with payloads, exploits

โœ” Burp-Suite- Web Proxy

โœ” Exploit-db - To search for exploits

โœ” Netcat

๐Ÿšจ Follow Rajneesh he offers amazing content ๐Ÿšจ

๐Ÿ‘‰ You know the Nmap project? Well they have a list of the top 125 Network Security Tools: https://sectools.org/

๐Ÿ‘‰ You want Open Source?

โœด๏ธJulien Maury shared a Top 10 on eSecurity Planet: https://www.esecurityplanet.com/applications/open-source-penetration-testing-tools/

โœด๏ธAnd SANS has a list of tools including plenty of pentest tools: https://www.sans.org/img/free-faculty-tools.pdf

๐Ÿ‘‰ Finally arch3rPro has an amazing amount of tools listed on github: https://github.com/arch3rPro/PentestTools

NETWORK SECURITY, Networking

This image owns Gabrielle B https://github.com/CSbyGB

๐Ÿ‘‰ ๐—ช๐—ต๐—ฎ๐˜ ๐—ถ๐˜€ ๐—ก๐—ฒ๐˜๐˜„๐—ผ๐—ฟ๐—ธ๐—ถ๐—ป๐—ด?

๐ŸŒŸ Cover your digital basics with netacad: https://www.netacad.com/courses/os-it/get-connected

๐ŸŒŸ Professor Messerโ€™s CompTIA Network+ Course https://www.professormesser.com/network-plus/n10-008/n10-008-video/n10-008-training-course/

๐ŸŒŸ OSI Model https://en.wikipedia.org/wiki/OSI_model

๐Ÿ‘‰ ๐—ช๐—ต๐—ฎ๐˜ ๐—ถ๐˜€ ๐—ก๐—ฒ๐˜๐˜„๐—ผ๐—ฟ๐—ธ ๐—ฆ๐—ฒ๐—ฐ๐˜‚๐—ฟ๐—ถ๐˜๐˜†?

๐ŸŒŸ What is Network Security on Hackthebox blog by Kim Crawley: https://www.hackthebox.com/blog/what-is-network-security

๐ŸŒŸ Network Security Course on OpenLearn by The Open University https://www.open.edu/openlearn/digital-computing/network-security

๐ŸŒŸ OSI Layers and related Attack types by Harun Seker

This image owns Gabrielle B https://github.com/CSbyGB

๐Ÿ‘‰ ๐—›๐—ผ๐˜„ ๐˜๐—ผ P๐—ฒ๐—ป๐˜๐—ฒ๐˜€๐˜ ๐—ก๐—ฒ๐˜๐˜„๐—ผ๐—ฟ๐—ธ๐˜€?

๐ŸŒŸ Full Ethical Hacking Course - Beginner Network Penetration Testing by TCM Security https://youtu.be/WnN6dbos5u8

๐ŸŒŸ Infrastructure Pentesting Checklist by Purab Parihar: https://github.com/purabparihar/Infrastructure-Pentesting-Checklist

PRIVILEGE ESCALATION, Windows and Linux

This image owns Gabrielle B https://github.com/CSbyGB

๐Ÿ‘‰ ๐—ช๐—ต๐—ฎ๐˜ ๐—ถ๐˜€ ๐—ฃ๐—ฟ๐—ถ๐˜ƒ๐—ถ๐—น๐—ฒ๐—ด๐—ฒ ๐—˜๐˜€๐—ฐ๐—ฎ๐—น๐—ฎ๐˜๐—ถ๐—ผ๐—ป?

๐ŸŒŸ Cybersecurity 101 - What is Privilege escalation on CrowdStrike https://www.crowdstrike.com/cybersecurity-101/privilege-escalation/ https://www.linkedin.com/company/crowdstrike/

๐ŸŒŸ Privilege Escalation Attack and defend explained on BeyondTrust https://www.beyondtrust.com/blog/entry/privilege-escalation-attack-defense-explained https://www.linkedin.com/company/beyondtrust/

๐Ÿ‘‰ ๐—ช๐—ถ๐—ป๐—ฑ๐—ผ๐˜„๐˜€ ๐—ฃ๐—ฟ๐—ถ๐˜ƒ๐—ถ๐—น๐—ฒ๐—ด๐—ฒ ๐—˜๐˜€๐—ฐ๐—ฎ๐—น๐—ฎ๐˜๐—ถ๐—ผ๐—ป

๐ŸŒŸ Gabrielle B ๐Ÿ”‘'s Pentips on Windows Privilege escalation on CSbyGB - Pentips https://csbygb.gitbook.io/pentips/windows/privesc

๐ŸŒŸ Windows Privilege Escalation on PayloadsAllTheThings https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Windows%20-%20Privilege%20Escalation.md

๐ŸŒŸ Windows Privesc guide on absolombโ€™s security blog https://www.absolomb.com/2018-01-26-Windows-Privilege-Escalation-Guide/

๐ŸŒŸ Privilege Escalation Windows on sushant747โ€™s gitbook https://sushant747.gitbooks.io/total-oscp-guide/content/privilege_escalation_windows.html

๐ŸŒŸ Windows Local Privilege Escalation checklist on HackTricks https://book.hacktricks.xyz/windows-hardening/checklist-windows-privilege-escalation

๐Ÿ‘‰ ๐—Ÿ๐—ถ๐—ป๐˜‚๐˜… ๐—ฃ๐—ฟ๐—ถ๐˜ƒ๐—ถ๐—น๐—ฒ๐—ด๐—ฒ ๐—˜๐˜€๐—ฐ๐—ฎ๐—น๐—ฎ๐˜๐—ถ๐—ผ๐—ป

๐ŸŒŸ Gabrielle B ๐Ÿ”‘'s Pentips on Linux Privilege Escalation on CSbyGB - Pentips https://csbygb.gitbook.io/pentips/linux/privesc

๐ŸŒŸ Linux Privilege Escalation on PayloadsAllTheThings https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Linux%20-%20Privilege%20Escalation.md

๐ŸŒŸ Basic Linux Privilege Escalation on g0tm1lkโ€™s blog https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/

๐ŸŒŸ Guide Linux Privilege Escalation on Payatu https://payatu.com/blog/a-guide-to-linux-privilege-escalation/ https://www.linkedin.com/company/payatu/

๐ŸŒŸ A curated list of Unix Binaries to bypass local security restrictions by GTFOBins https://gtfobins.github.io/

๐ŸŒŸ Linux Privilege Escalation Checklist on HackTricks https://book.hacktricks.xyz/linux-hardening/linux-privilege-escalation-checklist

EXPLOITING

This image owns Gabrielle B https://github.com/CSbyGB

๐Ÿ‘‰ ๐—ช๐—ต๐—ฎ๐˜ ๐—ถ๐˜€ ๐—ฒ๐˜…๐—ฝ๐—น๐—ผ๐—ถ๐˜ ๐—ฑ๐—ฒ๐˜ƒ๐—ฒ๐—น๐—ผ๐—ฝ๐—บ๐—ฒ๐—ป๐˜?

๐ŸŒŸ Exploit Development Introduction on Hack the Box Academy https://academy.hackthebox.com/course/preview/stack-based-buffer-overflows-on-linux-x86/exploit-development-introduction

๐ŸŒŸ Exploit Development - Everything you need to know by null-bytes https://null-byte.wonderhowto.com/how-to/exploit-development-everything-you-need-know-0167801/

๐Ÿ‘‰ ๐—Ÿ๐—ฒ๐˜โ€™๐˜€ ๐˜€๐˜๐—ฎ๐—ฟ๐˜ ๐—น๐—ฒ๐—ฎ๐—ฟ๐—ป๐—ถ๐—ป๐—ด ๐—ฎ๐—ฏ๐—ผ๐˜‚๐˜ ๐—ถ๐˜ ๐—ฎ๐—ป๐—ฑ ๐—ฃ๐—ฟ๐—ฎ๐—ฐ๐˜๐—ถ๐—ฐ๐—ฒ

๐ŸŒŸ Getting Started with Exploit Development by Specter and zi https://dayzerosec.com/blog/2021/02/02/getting-started.html

๐ŸŒŸ Exploit Courses by Dobin Rutishauser https://exploit.courses/#/index

๐ŸŒŸ Pwn College https://pwn.college/ https://www.twitch.tv/pwncollege/videos https://www.youtube.com/pwncollege

๐ŸŒŸ A curated list of resources for learning about Exploit Development by wtsxDev https://github.com/wtsxDev/Exploit-Development/blob/master/README.md

๐ŸŒŸ Practice with exploit education https://exploit.education/

๐ŸŒŸ Fundamentals of Software Exploitation https://wargames.ret2.systems/course

๐ŸŒŸ Shellcode Devlopment by Joas Antonio https://drive.google.com/file/d/1R3ZTFerBaBSfnS0rP_r2d8xH2p-n3kdt/view

๐ŸŒŸ Shellcode Development by Aayush Malla https://aayushmalla56.medium.com/shellcode-development-4590117a26bf

๐ŸŒŸ Joas Antonio OSEP guide with plenty of resources https://github.com/CyberSecurityUP/OSCE-Complete-Guide#osep

๐ŸŒŸ Awesome Exploit Development by Joas Antonio https://github.com/CyberSecurityUP/Awesome-Exploit-Development#readme

๐Ÿ‘‰ ๐—•๐—ข๐—ก๐—จ๐—ฆ: ๐—ช๐—ฎ๐—ป๐˜ ๐˜๐—ผ ๐˜‚๐—ป๐—ฑ๐—ฒ๐—ฟ๐˜€๐˜๐—ฎ๐—ป๐—ฑ ๐—ต๐—ผ๐˜„ ๐—ฎ ๐—บ๐—ฎ๐—น๐˜„๐—ฎ๐—ฟ๐—ฒ ๐˜„๐—ผ๐—ฟ๐—ธ๐˜€?

๐ŸŒŸ Beginnerโ€™s Blue Team Guide to creating Malware in Python by David Elgut https://www.linkedin.com/pulse/beginners-blue-team-guide-creating-malware-python-david-elgut/

REVERSING

This image owns Gabrielle B https://github.com/CSbyGB

๐Ÿ‘‰ ๐—ฅ๐—ฒ๐˜ƒ๐—ฒ๐—ฟ๐˜€๐—ฒ ๐—˜๐—ป๐—ด๐—ถ๐—ป๐—ฒ๐—ฒ๐—ฟ๐—ถ๐—ป๐—ด

๐ŸŒŸ Reverse Engineering for Beginners by Ophir Harpaz https://www.begin.re/

๐ŸŒŸ Reverse Engineering for Everyone by Kevin Thomas My Technotalent https://0xinfection.github.io/reversing/

๐ŸŒŸ Reverse Engineering for beginners by Dennis Yurichev (available in many languages) https://beginners.re/main.html

๐ŸŒŸ Reverse Engineering 101 by 0x00 (with exercises) https://0x00sec.org/t/reverse-engineering-101/1233

๐Ÿ‘‰ ๐— ๐—ฎ๐—น๐˜„๐—ฎ๐—ฟ๐—ฒ ๐—”๐—ป๐—ฎ๐—น๐˜†๐˜€๐—ถ๐˜€

๐ŸŒŸ Malware Analysis In 5+ Hours - Full Course - Learn Practical Malware Analysis! by HuskyHacks https://youtu.be/qA0YcYMRWyI

๐ŸŒŸ Malware Analysis โ€“ Mind Map by Thatintel https://thatintel.blog/2016/05/30/malware-analysis-mind-map/

๐ŸŒŸ Malware Analysis Tutorials: a Reverse Engineering Approach by Dr Xiang Fu https://fumalwareanalysis.blogspot.com/p/malware-analysis-tutorials-reverse.html

๐Ÿ‘‰ ๐—”๐—บ๐—ฎ๐˜‡๐—ถ๐—ป๐—ด ๐—•๐—ผ๐—ป๐˜‚๐˜€

Malware Analysis and Reverse Engineering courses by DFIR Diva https://training.dfirdiva.com/listing-category/malware-analysis-and-re

SECURE CODE

This image owns Gabrielle B https://github.com/CSbyGB

๐Ÿ‘‰ ๐—ช๐—ต๐—ฎ๐˜ ๐—ถ๐˜€ ๐˜€๐—ฒ๐—ฐ๐˜‚๐—ฟ๐—ฒ ๐—ฐ๐—ผ๐—ฑ๐—ฒ ๐—ฟ๐—ฒ๐˜ƒ๐—ถ๐—ฒ๐˜„?

๐ŸŒŸ How to Identify Vulnerabilities in code โ€“ Manual Code Review on Hackingloops https://www.hackingloops.com/how-to-identify-vulnerabilities-in-code-manual-code-review/

๐ŸŒŸ Security Code Review 101 by Paul Ionescu: https://medium.com/@paul_io/security-code-review-101-a3c593dc6854

๐ŸŒŸ OWASPยฎ Foundation Secure Coding Practice https://owasp.org/www-pdf-archive/OWASP_SCP_Quick_Reference_Guide_v2.pdf https://www.linkedin.com/company/owasp/

๐Ÿ‘‰ ๐—œ๐—ป๐˜๐—ฟ๐—ผ๐—ฑ๐˜‚๐—ฐ๐˜๐—ถ๐—ผ๐—ป ๐˜๐—ผ ๐˜€๐—ฒ๐—ฐ๐˜‚๐—ฟ๐—ฒ ๐—ฐ๐—ผ๐—ฑ๐—ฒ ๐—ฟ๐—ฒ๐˜ƒ๐—ถ๐—ฒ๐˜„

๐ŸŒŸ Farah Hawaโ€™s post about the subject: A few weeks ago, I took up a challenge to learn Secure Code Reviews in 20 days. I chose PHP as the language to focus on and here are the resources I used to learn:

  1. PentesterLab videos about different strategies to use while reviewing code https://www.linkedin.com/company/pentesterlab/

  2. Sonar Rules for code review rules/hacks to find vulnerabilities in PHP. This had great examples of compliant vs non-compliant code snippets. https://www.linkedin.com/company/sonarsource/ https://rules.sonarsource.com/php/type/Vulnerability

  3. Looking for bugs in vulnerable apps like DVWA after finding their code on GitHub: https://github.com/digininja/DVWA/tree/master/vulnerabilities

  4. Watching videos by Vickie Li, and Shubham Shah on the OWASP DevSlop YouTube channel: https://www.youtube.com/c/OWASPDevSlop https://www.linkedin.com/company/owasp-devslop/

  5. Solving challenges posted by YesWeHack โ ตand Intigriti on Twitter but they can also be found on their websites: https://www.yeswehack.com/ https://www.linkedin.com/company/yes-we-hack/ https://blog.yeswehack.com/yeswerhackers/dojoweb-application-bypass-v2-0/ https://www.linkedin.com/company/intigriti/

  6. OWASPยฎ Foundation has a great book Code Review Guide which has good theoretical knowledge about different bug classes https://owasp.org/www-pdf-archive/OWASP_Code_Review_Guide_v2.pdf https://www.linkedin.com/company/owasp/

You can also watch the video I made about this: https://youtu.be/ajcxjnTFo6A

๐ŸŒŸ Introduction to Secure Code Review on PentesterLab: https://www.linkedin.com/company/pentesterlab/ https://pentesterlab.com/exercises/codereview/course

๐ŸŒŸ Freddy Machoโ€™s PDF Code review checklist

๐ŸŒŸ Check out the dedicated section on Secure Code Review on my pentips https://csbygb.gitbook.io/pentips/secure-code-review/code-review

๐Ÿ‘‰ ๐—ฃ๐—ฟ๐—ฎ๐—ฐ๐˜๐—ถ๐—ฐ๐—ฒ ๐—ฎ๐—ป๐—ฑ ๐˜€๐—ต๐—ฎ๐—ฟ๐—ฝ๐—ฒ๐—ป ๐˜†๐—ผ๐˜‚๐—ฟ ๐—ฟ๐—ฒ๐˜ƒ๐—ถ๐—ฒ๐˜„๐—ฒ๐—ฟ ๐˜€๐—ธ๐—ถ๐—น๐—น๐˜€

๐ŸŒŸ Security training platform for devs Hacksplaining: https://www.hacksplaining.com/

๐ŸŒŸ Make a vulnerable PHP App with this video by Wesley (The XSS Rat) Thijs https://www.youtube.com/live/e_dLSVpQy40?feature=share

๐ŸŒŸ Join the WeHackPurple Community to talk about secure code practice and more https://community.wehackpurple.com/

๐Ÿ‘‰ ๐—ง๐—ผ๐—ผ๐—น๐˜€

๐ŸŒŸ Manual code review versus using a SAST Tool on We Hack Purple https://wehackpurple.com/pushing-left-like-a-boss-part-7-code-review-and-static-code-analysis/ https://www.linkedin.com/company/wehackpurple/

๐ŸŒŸ Code Review tools on HackTricks https://book.hacktricks.xyz/network-services-pentesting/pentesting-web/code-review-tools

๐ŸŒŸ Awesome DevSecOps by TaptuIT https://github.com/TaptuIT/awesome-devsecops

BUG BOUNTY

This image owns Gabrielle B https://github.com/CSbyGB

๐Ÿ‘‰ A great introduction on how to get into bug bounty by Wesley Thijs xssrat https://thexssrat.medium.com/bug-bounty-methodology-v3-0-hunt-like-a-rat-9e030fc54363

๐Ÿ‘‰ A list of bug bounty platforms by Bughacking https://bughacking.com/best-bug-bounty-platforms/

๐Ÿ‘‰ A list of bug bounty programs by vpnmentor: https://www.vpnmentor.com/blog/the-complete-list-of-bug-bounty-programs/

๐Ÿ‘‰ Want to apply to the Synack Red Team Artemis program? https://www.linkedin.com/company/synack-red-team/

An exclusive community open to security professionals who identify as women, trans and nonbinary people, and others who identify as a gender minority. See this link: https://www.synack.com/artemis/

๐Ÿ‘‰ Farah Hawa has a great video about bug bounty resources: https://youtu.be/ig5DuM6M2CQ

๐Ÿ‘‰ The Bug Hunter Handbook by Gowthams https://gowthams.gitbook.io/bughunter-handbook/

๐Ÿ‘‰ A repo โ€œAllAboutBugBountyโ€ by daffainfo https://github.com/daffainfo/AllAboutBugBounty#readme

Mobile App pentest

This image owns Gabrielle B https://github.com/CSbyGB

๐Ÿ‘‰ Android Bug Bounty Hunting: Hunt Like a Rat by Wesley Thijs https://codered.eccouncil.org/course/android-bug-bounty-hunting-hunt-like-a-rat

๐Ÿ‘‰ Set up your lab, learn about the methodology and get more resources on my Pentips

๐ŸŒŸ Gabrielle B's talk and resources for TDI 2022: https://csbygb.gitbook.io/pentips/talks/android-app

๐ŸŒŸ The dedicate Android App hacking page: https://csbygb.gitbook.io/pentips/mobile-app-pentest/android

๐Ÿ‘‰ Mobile App Penetration Testing Cheat Sheet by tanprathan https://github.com/tanprathan/MobileApp-Pentest-Cheatsheet

๐Ÿ‘‰ Donโ€™t forget the standards. Read OWASP MASVS and OWASP MASTG here https://mas.owasp.org/#our-mission

API Pentesting

This image owns Gabrielle B https://github.com/CSbyGB

๐ŸŒŸ I highly recommend taking the API Penetration Testing course by Corey J. Ball on APIsec University https://university.apisec.ai/ https://www.linkedin.com/company/apisec-university/

๐Ÿ‘‰ I had a blast working on this course. You will have the opportunity to learn and apply the concepts right after with a hands-on lab that you can install and deploy yourself.

๐Ÿ‘‰ You will learn about the following topics

  • Set Up an API Hacking lab
  • API Reconnaissance
  • Endpoint Analysis
  • Scanning APIs
  • API Authentication Attacks
  • Exploiting API Authorization
  • Testing for Improper Assets Management
  • Mass Assignment
  • Injection Attacks
  • Rate Limit Testing
  • Combining Tools and Techniques

๐Ÿ™ I can not thank enough the team of APIsec University special mention to Corey J. Ball and Dan Barahona for all that you do for the community. ๐Ÿ™

๐ŸŒŸ Learn more about the course:

๐Ÿ‘‰ Corey's Book: https://nostarch.com/hacking-apis

๐Ÿ‘‰ Corey talks about API Hacking with David Bombal: https://youtu.be/CkVvB5woQRM

๐Ÿ‘‰ Check out my notes about API Hacking here: https://csbygb.gitbook.io/pentips/web-pentesting/api

Threat Modeling

This image owns Gabrielle B https://github.com/CSbyGB

๐Ÿ‘‰ ๐—ช๐—ต๐—ฎ๐˜ ๐—ถ๐˜€ ๐˜๐—ต๐—ฟ๐—ฒ๐—ฎ๐˜ ๐—บ๐—ผ๐—ฑ๐—ฒ๐—น๐—ถ๐—ป๐—ด?

๐ŸŒŸ Threat Modeling on OWASP by Victoria Drake https://owasp.org/www-community/Threat_Modeling

๐Ÿ‘‰ ๐—›๐—ผ๐˜„ ๐—ฑ๐—ผ๐—ฒ๐˜€ ๐—ถ๐˜ ๐˜„๐—ผ๐—ฟ๐—ธ?

๐ŸŒŸ Threat Modeling the Right way for builders Workshop on AWS Skill builder https://explore.skillbuilder.aws/learn/course/external/view/elearning/13274/threat-modeling-the-right-way-for-builders-workshop

๐ŸŒŸ Even my dad is a threat modeler by Sarthak Taneja https://youtu.be/Y587UFgjqhQ

๐Ÿ‘‰ ๐—˜๐˜…๐—ฎ๐—บ๐—ฝ๐—น๐—ฒ๐˜€ ๐—ฎ๐—ป๐—ฑ ๐—ฅ๐—ฒ๐˜€๐—ผ๐˜‚๐—ฟ๐—ฐ๐—ฒ๐˜€

๐ŸŒŸ Threat Model Examples by Tal Eliyahu https://github.com/TalEliyahu/Threat_Model_Examples#readme

๐ŸŒŸ Julien Provenzano made multiple posts on the subject

โœ… GUIDE TO CYBER THREAT MODELLING by Cyber Security Agency of Singapore (CSA) This document aims to provide a practical and systematic way to identify threat events that can be used in a cybersecurity risk assessment.

It will introduce various approaches and methods of threat modelling, and provide a suggested framework, coupled with practical examples, for individuals and groups to adopt to derive a robust system threat model and relevant threat events.

System owners can then incorporate these threat events into their cybersecurity risk assessment to develop and prioritise effective controls.

target audience:

  • Internal stakeholders e.g. system owners, business unit heads, Chief Information Security Officers, and personnel involved in IT risk assessment and management within any organisation, including Critical Information Infrastructure Owners;
  • External consultants or service providers engaged to conduct threat modelling on behalf of system owners; and
  • Red team members, blue team defenders, and purple team members.

2 APPROACH

2.1 System Level Approach

2.2 Common Missteps in Threat Modelling

2.3 Integrating Threat Modelling into Risk Assessment Process

3 METHODOLOGY

3.1 Overview of Method

3.2 Step 1: Preliminaries and Scope Definition

3.3 Step 2: System Decomposition

3.4 Step 3: Threat Identification

3.5 Step 4: Attack Modelling

3.6 Step 5: Bringing Everything Together

โœ… Threat Modeling course by British Columbia Provincial Government

This training course is just one part of the Office of the Chief Information Officer (OCIO) Information Security Branch (ISB) education series.

The goal of this course is to inform staff of what threat modelling is, why it is important, and how it fits into the Security Threat Risk Assessment, and Statement of Acceptable Risk, processes.

Threat Modelling Frameworks

A threat modelling practice flows from a methodology or framework. There are many threat modelling frameworks available for use. Some of these are specialised models designed for a specific task, for example, some focus specifically on risk or on privacy concerns.

They can be optionally combined to create a more robust and well-rounded view of potential threats.

Threat modelling should be performed early in the development cycle because if potential issues arise, they can be caught early and remedied. This can prevent a much costlier fix down the line. Using threat modelling to think about security requirements can lead to proactive architectural decisions that help reduce threats right from the start.

Threat Modeling frameworks

  • Microsoft STRIDE Threat Modelling Tool (Developer Focused)
  • OWASP Application Threat modelling (Software Focused)
  • OCTAVE (Practice Focused)
  • Trike Threat modelling (Acceptable Risk Focused)
  • P.A.S.T.A. Threat modelling (Attacker Focused)
  • VAST Threat modelling (Enterprise Focused)

Threat Modelling Tools

  • IriusRisk
  • PyTM
  • SecuriCAD
  • ThreatModeler
  • SD Elements
  • Tutamantic
  • OWASP Threat Dragon Project
  • Mozilla SeaSponge
  • OVVL

โœ… Threat Modeling Architecting & Designing with Security in Mind by OWASPยฎ Foundation - Venkatesh Jagannathan

Why do we create application threat models in the Software Development Life Cycle ?

SDLC refers to a methodology with clearly defined processes for creating high-quality software.

To identify potential flaws that have been there since the applications were created, threat modeling identifies risks and flaws affecting an application, no matter how old or new that application is.

Threat modeling should take place as soon as the architecture is in place as the cost of resolving issues generally increases further along in the SDLC.

  • Introduction to Threat Modeling
  • Precursors to Threat Modeling
  • Threat Modeling โ€“ How-To
  • Test Focused Threat Modeling
  • Alternate Threat Models
  • Estimating Threat Modeling for Applications
  • CVSS vs OCTAVE

๐ŸŒŸ The threat Model playbook by Toreon https://github.com/Toreon/threat-model-playbook

๐ŸŒŸ OWASP Threat Modeling Cheat Sheet https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Threat_Modeling_Cheat_Sheet.md

SEARCH ENGINES FOR PENTESTERS

This image owns Gabrielle B https://github.com/CSbyGB

๐Ÿ‘‰ TryHackMe room Introductory Researching: https://tryhackme.com/room/introtoresearch https://www.linkedin.com/company/tryhackme/

๐Ÿ‘‰ Rajnessh Gupta - How to use Google for hacking https://youtu.be/lLnDrv696u4

๐Ÿ‘‰ Have you heard about dorking? It is also very helpful.

โœด๏ธ Hack The Box What is Google Dorking: https://www.hackthebox.com/blog/What-Is-Google-Dorking https://www.linkedin.com/company/hackthebox/

โœด๏ธ Tryhackme Google Dorking: https://tryhackme.com/room/googledorking

๐Ÿ’ญ TIP: Lots of Engine use dorking, see DuckDuckGo Search Syntax: https://help.duckduckgo.com/duckduckgo-help-pages/results/syntax/

๐Ÿ’ญ TIP2: Automate Google dorking with Katana by TebbaaX: https://github.com/TebbaaX/Katana

๐Ÿ‘‰ Bruce Clay, Inc. - Advanced Search Operators for Bing and Google (Guide and Cheat Sheet) https://www.bruceclay.com/blog/bing-google-advanced-search-operators/ https://www.linkedin.com/company/bruce-clay-inc-/

๐Ÿ‘‰ Daniel Kelley 30 cybersecurity search engines

Here are 30 cybersecurity search engines:

  1. Dehashedโ€”View leaked credentials.
  2. SecurityTrailsโ€”Extensive DNS data.
  3. DorkSearchโ€”Really fast Google dorking.
  4. ExploitDBโ€”Archive of various exploits.
  5. ZoomEyeโ€”Gather information about targets.
  6. Pulsediveโ€”Search for threat intelligence.
  7. GrayHatWarfareโ€”Search public S3 buckets.
  8. PolySwarmโ€”Scan files and URLs for threats.
  9. Fofaโ€”Search for various threat intelligence.
  10. LeakIXโ€”Search publicly indexed information.
  11. DNSDumpsterโ€”Search for DNS records quickly.
  12. FullHuntโ€”Search and discovery attack surfaces.
  13. AlienVaultโ€”Extensive threat intelligence feed.
  14. ONYPHEโ€”Collects cyber-threat intelligence data.
  15. Grep Appโ€”Search across a half million git repos.
  16. URL Scanโ€”Free service to scan and analyse websites.
  17. Vulnersโ€”Search vulnerabilities in a large database.
  18. WayBackMachineโ€”View content from deleted websites.
  19. Shodanโ€”Search for devices connected to the internet.
  20. Netlasโ€”Search and monitor internet connected assets.
  21. CRT shโ€”Search for certs that have been logged by CT.
  22. Wigleโ€”Database of wireless networks, with statistics.
  23. PublicWWWโ€”Marketing and affiliate marketing research.
  24. Binary Edgeโ€”Scans the internet for threat intelligence.
  25. GreyNoiseโ€”Search for devices connected to the internet.
  26. Hunterโ€”Search for email addresses belonging to a website.
  27. Censysโ€”Assessing attack surface for internet connected devices.
  28. IntelligenceXโ€”Search Tor, I2P, data leaks, domains, and emails.
  29. Packet Storm Securityโ€”Browse latest vulnerabilities and exploits.
  30. SearchCodeโ€”Search 75 billion lines of code from 40 million projects.

Cybersec FRAMEWORKS & STANDARDS:

This image owns Gabrielle B ๐Ÿ”‘ https://github.com/CSbyGB

PENTESTING STANDARDS:

(PTES) The Penetration Testing Execution Standard http://www.pentest-standard.org/

(OSSTMM) The Open Source Security Testing Methodology https://www.isecom.org/ https://www.isecom.org/OSSTMM.3.pdf

MITRE ATT&CK

MITRE ATT&CK framework by MITRE ATT&CK https://youtu.be/Yxv1suJYMI8

Putting MITRE ATT&CK into Action with What You Have, Where You Are (By Katie Nickels) https://youtu.be/bkfwMADar0M

MITRE room on TryHackMe https://tryhackme.com/room/mitre

Cyber Kill Chainย Framework:

The Cyber Kill Chainยฎย framework, developed by Lockheed Martin, is part of theย Intelligence Driven Defenseยฎย model for identification and prevention of cyber intrusions activity. The model identifies what the adversaries must complete in order to achieve their objective. https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html

NIST:

NIST Cybersecurity Framework Explained - Kelly Hood, Thomas Conkle - RSA Conference https://youtu.be/nFUyCrSnR68

PCI Security Standards:

PCI Security Standards Council https://www.pcisecuritystandards.org/

ISO STANDARDS:

ISO 27000 Family of Standards by Aron Lange https://youtu.be/7PscOoWtR7g

A youtube playlist about ISO27001 by risk3sixty https://www.youtube.com/c/risk3sixty https://www.youtube.com/playlist?list=PLboNZ8lgLkUjg353Am3x4SytHme-XDL2N

Frameworks compared:

NIST Cybersecurity Framework vs ISO 27001/27002 vs NIST 800-53 vs Secure Controls Framework on Compliance Forge https://www.complianceforge.com/faq/nist-800-53-vs-iso-27002-vs-nist-csf-vs-scf

Mitre Attack vs Cyber Kill chain on blackberry.com https://www.blackberry.com/us/en/solutions/endpoint-security/mitre-attack/mitre-attack-vs-cyber-kill-chain

PENTEST reporting:

This image owns Gabrielle B ๐Ÿ”‘ https://github.com/CSbyGB

How to take NOTES:

CherryTree, a hierarchical note taking application. https://www.giuspen.com/cherrytree/

Joplin, an Open Source note-taking app. https://joplinapp.org/

KeepNote, a note taking application http://keepnote.org/

How to report your findings:

https://csbygb.gitbook.io/pentips/reporting/pentest-report

Writing Tips for IT Professionals (By Lenny Zeltser) https://zeltser.com/writing-tips-for-it-professionals/

How To Write A Penetration Testing Report by HackerSploit https://www.youtube.com/c/HackerSploit/ https://youtu.be/J34DnrX7dTo

REPORTING:

A list of public penetration test reports published by several consulting firms and academic security groups.

https://github.com/juliocesarfort/public-pentesting-reports

A Directory of ethical hacking writeups including bug bounty, responsible disclosure and pentest writeups.

https://pentester.land/writeups/

PENTEST AUTOMATION:

BlackStone Project by MicroJoan https://microjoan.com/ https://github.com/micro-joan/BlackStone

Pentext by https://www.radicallyopensecurity.com/ https://github.com/radicallyopensecurity/pentext

Web PENTEST:

This image owns Gabrielle B ๐Ÿ”‘ https://github.com/CSbyGB

Web Security Academy by PortSwigger:

https://portswigger.net/web-security/learning-path

Rana Khalil Youtube channel

https://www.youtube.com/c/RanaKhalil101

Wesley Thijs XSSratโ€™s Youtube channel

https://www.youtube.com/c/TheXSSrat

The Pentesting Web Checklist on Pentest Book by six2dez

https://pentestbook.six2dez.com/others/web-checklist

OWASPยฎ Foundation Top 10:

https://owasp.org/www-project-top-ten/

Vulnerable Web Applications to practice:

https://owasp.org/www-project-vulnerable-web-applications-directory/

API PENTEST

This image owns Gabrielle B ๐Ÿ”‘ https://github.com/CSbyGB

API Hacking beginners guide by Dana Epp https://danaepp.com/beginners-guide-to-api-hacking

Corey J. Ball API workshop https://sway.office.com/HVrL2AXUlWGNDHqy https://github.com/hAPI-hacker/Hacking-APIs

API PENTEST ORGANIZING:

MalAPI by mrd0x https://malapi.io/

MindAPI by David Sopas https://dsopas.github.io/MindAPI/play/

API PENTESTING PRACTICE:

Hackxpert - OWASP top 10 API training https://hackxpert.com/API-testing.php

VAmPI by erev0s: https://hakin9.org/vampi-vulnerable-rest-api-with-owasp-top-10-vulnerabilities-for-security-testing/ https://github.com/erev0s/VAmPI

API Pentest videos and conferences:

APISecure Conference all their 2022 videos are available on their website https://www.apisecure.co/

Hacking mHealth Apps and APIs on KnightTV with Alissa Valentina Knight https://youtu.be/GLnhkf3JcL8

CLOUD PENTEST

This image owns Gabrielle B ๐Ÿ”‘ https://github.com/CSbyGB

Get familiar with Cloud Security fundamentals with Learn to cloud by Gwyneth Peรฑa-Siguenza and Dayspring Johnson https://learntocloud.guide/#/phase5/README

Hacking the cloud by Nick Frichette an encyclopedia of the techniques that offensive security professionals can use against cloud environments. https://hackingthe.cloud/

Cloud Security - Attacks by CyberSecurityUP

https://github.com/CyberSecurityUP/Cloud-Security-Attacks

Practice with this free lab from Pentester Academy

https://attackdefense.pentesteracademy.com/challengedetailsnoauth?cid=2074 https://attackdefense.pentesteracademy.com/

ACTIVE DIRECTORY Pentest

This image owns Gabrielle B ๐Ÿ”‘ https://github.com/CSbyGB

AD Practice

Building an Active Directory Lab by spookysec: https://blog.spookysec.net/ad-lab-1/

A script to set up a Vulnerable AD Lab by WazeHell https://github.com/WazeHell/vulnerable-AD

Collection of various common attack scenarios on Azure Active Directory by Cloud-Architekt:

https://github.com/Cloud-Architekt/AzureAD-Attack-Defense

A great document full of resources by Julien Provenzano:

https://www.ralfkairos.com/ https://github.com/infosecn1nja/AD-Attack-Defense

An Active Directory Exploitation Cheat Sheet by Integration-IT

https://github.com/Integration-IT/Active-Directory-Exploitation-Cheat-Sheet

CTF

This image owns Gabrielle B ๐Ÿ”‘ https://github.com/CSbyGB

HACKTHEBOX, A Massive Hacking Playground; CTF challenges: Fullpwn (based on vulnerable machines), Cryptographic, Forensic, Pwn (based on binary exploitation and memory corruption), Web, Reversing, Cloud cybersecurity (AWS, GCP, and Azure misconfigurations) and Hardware. https://www.hackthebox.com/

What is CTF in hacking? Tips & CTFs for beginners by HTB. https://www.hackthebox.com/blog/what-is-ctf

Learn to Hack with Hack The Box: The Beginner's Bible. https://www.hackthebox.com/blog/learn-to-hack-beginners-bible

Getting Into CTFs As a Web Developer. https://erichogue.ca/2022/03/GettingIntoCTFsAsADev

CTFs (Write-Ups and Resources)

https://github.com/ctfs

Rootย Me https://www.root-me.org

TryHackMe https://tryhackme.com/

RingZer0 Team Online CTF https://ringzer0ctf.com/challenges

Cryptopals https://cryptopals.com/

CTF Time https://ctftime.org/

Marcelle Leeโ€™s website reference sheet

https://info.marcellelee.com/ https://drive.google.com/drive/folders/1cfwjm_VqXwAFpFdBnUXkUi0-qT4_cpiJ https://docs.google.com/spreadsheets/d/1AkczyGQbtabSMbxq1P-c7u3NSXlmXqqv3cDoVpTlSoM/edit#gid=0

PURPLE TEAM

This image owns Gabrielle B ๐Ÿ”‘ https://github.com/CSbyGB

The Difference Between Red, Blue, and Purple Teams (By Daniel Miessler) https://danielmiessler.com/study/red-blue-purple-teams/

Purple Teaming for Dummies https://www.attackiq.com/lp/purple-teaming-for-dummies/

Purple Team Resources for Enterprise Purple Teaming: An Exploratory Qualitative Study by Xena Olsen. https://github.com/ch33r10/EnterprisePurpleTeaming

PURPLE TEAMING: Practice & Tips

Purple Team Exercise Framework https://github.com/scythe-io/purple-team-exercise-framework/blob/master/PTEFv2.md

Actionable Purple Teaming: Why and How You Can (and Should) Go Purple https://www.scythe.io/library/actionable-purple-teaming-why-and-how-you-can-and-should-go-purple https://www.scythe.io/ptef

TOOLS:

Bloodhound for Blue and Purple Teams. https://github.com/PlumHound/PlumHound

PurpleSharp is a C# adversary simulation tool that executes adversary techniques with the purpose of generating attack telemetry in monitored Windows environments. https://github.com/mvelazc0/PurpleSharp

CYBER FUN

This image owns Gabrielle B https://github.com/CSbyGB

๐Ÿ‘‰ ๐— ๐—ผ๐˜ƒ๐—ถ๐—ฒ๐˜€

๐ŸŒŸ A list of movies on Movies for Hackers by hackermovie club https://hackermovie.club/

๐ŸŒŸ The Complete List of Hacker And Cybersecurity Movies by Cybercrime Magazine https://cybersecurityventures.com/movies-about-cybersecurity-and-hacking/ https://www.linkedin.com/company/cybercrime-magazine/

๐ŸŒŸ Knight TV+ https://www.youtube.com/@knighttvplus

๐Ÿ‘‰ ๐—™๐—ถ๐—ฐ๐˜๐—ถ๐—ผ๐—ป

๐ŸŒŸ Hacker stories on Wattpad by various authors https://www.wattpad.com/stories/hacker

๐Ÿ‘‰ ๐— ๐˜‚๐˜€๐—ถ๐—ฐ

๐ŸŒŸ The SOC Analyst playlist by LetsDefend https://open.spotify.com/playlist/0G35948whLbeCBjHjIAIES https://www.linkedin.com/company/letsdefend/

๐ŸŒŸ INE Study room RnB playlist https://open.spotify.com/playlist/571cQb5ZfmV5eHzCmCSHNG

๐ŸŒŸ API Security playlist by 12135211372 https://open.spotify.com/playlist/7A6TsA3cKxxY253dPHlkcO

๐ŸŒŸ INE Study Room Classical playlist https://open.spotify.com/playlist/6Q5UNkiJLFQcBS8FnLE41A

๐ŸŒŸ Cyber Apocalypse 2021 by Kamil Gierach-Pacanek https://open.spotify.com/playlist/3LfUN18cfrleZN5SlNWY6S

๐ŸŒŸ ./Hacking by fi3nds2 https://open.spotify.com/playlist/66sn9JCqts84k196NAhNS3

๐ŸŒŸ Coding / Hacking Music by Mark Tey https://open.spotify.com/playlist/7KnyNJbKMJawssU93kUhLE

๐ŸŒŸ Coding Programming Hacking Slashing by Techno Tim https://open.spotify.com/playlist/5SgJR30RfzR5hO21TsQhBp

๐ŸŒŸ Hacking by Edwin Finch https://open.spotify.com/playlist/5R8erMpe2s3IcbxEGhBih4

๐Ÿ‘‰ ๐—–๐—ผ๐—บ๐—ถ๐—ฐ๐˜€

๐ŸŒŸ Best Female Super Genius / Computer Hacker / Vigilante https://comicvine.gamespot.com/profile/megawubba/lists/best-female-super-geniuscomputer-hackervigilante/58810/

๐ŸŒŸ The Ella Project - The Big Hack https://www.theellaproject.com/thebighack

๐ŸŒŸ Planet Heidi http://www.planetheidi.com/

๐ŸŒŸ Hackers Super heroes of the digital Age by vrncomics. Get your copy of issue #1 for free here: https://www.vrncomics.com/

๐Ÿšจ๐Ÿšจ ๐’๐‡๐€๐‘๐„!๐Ÿšจ๐Ÿšจ Do you know other resources?

About

CyberSec Resources: FRAMEWORKS & STANDARDS; Pentesting Audits & Hacking; PURPLE TEAMING, AD, API, web, clouds, CTF, OSINT, Pentest tools, Network Security, Privilege escalation, Exploiting, Reversing, Secure Code, Bug Bounty, ...

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published