http://patorjk.com/software/taag/#p=display&f=Graffiti&t=Type%20Something
http://www.thehackinguniverse.com
http://www.pentestgeek.com/
http://jameslovecomputers.wordpress.com
http://www.commonexploits.com
http://network-pentest.com/
http://www.hackingarticles.in
http://packetstormsecurity.org/
http://g0tmi1k.blogspot.com/
http://www.irongeek.com/
http://www.n1tr0g3n.com/
http://www.isdpodcast.com
http://geekblog.tv
http://pentestmag.com/
http://vishnuvalentino.com/
http://www.backtrack-linux.org/
http://www.instructables.com/
http://pcsci3nce.info/

http://www.coresec.org/
http://rajhackingarticles.blogspot.com
http://www.hackingarticles.in
http://comax.fr/
http://translate.google.it/translate?hl=it&sl=it&tl=en&u=http%3A%2F%2Fsicurezza.html.it%2Fguide%2Fleggi%2F220%2Fguida-sql-injection-con-sqlmap%2F
http://torpedo48.it/
https://www.phillips321.co.uk/pentest-sh/
http://www.securitytube.net/
http://www.aftershell.com/
http://theunl33t.blogspot.com/
http://sixthevicious.wordpress.com
http://securityoverride.com/
http://www.hacker10.com
http://smashthestack.org/
http://linuxpurist.com/
http://sectools.org/
http://www.comptechdoc.org/
http://www.maxi-pedia.com/
http://dookie.dkearns.ca/
http://www.simplewifi.com
http://www.touchpadplus.com/
http://www.cybercode.rs/
http://www.backbox.org
http://zer0byte.com/
http://www.shadowrx.com/forums
http://mile2.com/
http://www.webupd8.org/2011/10/official-gnome-shell-extensions.html
http://www.janoweb.net/
http://www.freerainbowtables.com/
https://greyhat-security.com/
http://www.milw0rm.com/
http://easylinuxwifi.org/
http://hackertarget.com/
http://www.southernspeakers.net/
http://j2neon.blogspot.com/
http://www.webupd8.org/2011/10/official-gnome-shell-extensions.html
http://www.coresec.org/2011/10/08/online-penetration-testing-tools/
http://www.n1tr0g3n.com/
http://dangertux.wordpress.com/2011/11/16/metasploitable-guide-part-1-rooting-metasploitable/
http://www.ehacking.net/
http://unconciousmind.blogspot.com
http://bl4ck5w4n.tk/
http://41j.com/blog/
http://www.deluxe-stylez.de/
http://adaywithtape.blogspot.com
http://avondale.good.net/dl/bd/

http://securityreliks.securegossip.com/
http://top-hat-sec.com/
http://r00tsec.blogspot.com
http://www.offensive-security.com/metasploit-unleashed/
http://exploit.co.il
http://www.wsec.be
http://www.exploit-db.com/papers/
http://kat.ph/packet-level-com-laura-chappell-s-master-library-full-t3825062.html
http://securityowned.blogspot.com
http://www.theprojectxblog.net
http://redmine.backtrack-linux.org:8080/projects/backtrack
http://www.aircrack-ng.org/doku.php#tutorials
http://www.aircrack-ng.org/doku.php
http://www.aircrack-ng.org/doku.php?id=tutorial
http://www.2epub.com/

Pentesting Must have Links for setting up an attacker machine
http://www.amanhardikar.com/mindmaps/PracticewithURLs.html
http://r00tsec.blogspot.com/2011/02/pentest-lab-vulnerable-servers.html
http://bailey.st/blog/2010/09/14/pentest-lab-vulnerable-servers-applications-list/
http://blog.taddong.com/2011/10/hacking-vulnerable-web-applications.html

Bookmarks Menu
Recently Bookmarked
Recent Tags

Blogs worth it

Carnal0wnage
McGrew Security
Blog | GNUCITIZEN
Darknet
spylogic.net
TaoSecurity
Room362.com
SIPVicious
PortSwigger.net
Blog – pentestmonkey.net
Jeremiah Grossman
omg.wtf.bbq.
Cатсн²² (in)sесuяitу
SkullSecurity
Metasploit
Security and Networking
Skeptikal.org
Digital Soapbox
tssci security
Blog – Gotham Digital Science
Reiners’ Weblog
Bernardo Damele A. G.
Laramies Corner
Attack and Defense Labs
Billy (BK) Rios
Common Exploits
extern blog SensePost;
Weapons of Mass Analysis
Exploit KB
Security Reliks
MadIrish.net
sirdarckcat
Reusable Security
Myne-us
http://www.notsosecure.com/folder2/
SpiderLabs Anterior
Corelan Team | Peter Van Eeckhoutte (corelanc0d3r)
DigiNinja
Home Of PaulDotCom Security Podcast
Attack Vector
deviating.net
Alpha One Labs
SmashingPasswords.com
wirewatcher
gynvael.coldwind//vx.log
Nullthreat Security
Archangel Amael’s BT Tutorials
memset’s blog
ihasomgsecurityskills
punter-infosec
Security Ninja
Security and risk
GRM n00bs
Kioptrix
::eSploit::
PenTestIT — Your source for Information Security Related information!
Your source for Information Security related information!
Forums


BackTrack Forums
EliteHackers.info
InterN0T forum
Government Security
Hack This Site Forum
iExploit Hacking Forum
Security Override
bright-shadows.net
ethicalhacker.net
sla.ckers.org
Magazines


(IN)SECURE Magazine
http://hakin9.org/
Video
http://www.youtube.com/user/monsoonami?feature=watch
The Hacker News Network
Security Tube
Irongeek -Hacking Illustrated
SecCon Archive
27c3-stream/releases/mkv
YouTube – ChRiStIaAn008′s Channel
YouTube – HackingCons’s Channel
Methodologies
Penetration Testing Framework

The Penetration Testing Execution Standard
Web Application Security Consortium (WASC)
OWASP top 10
social-engineer.org
Presentations



Enterprise Open Source Intelligence Gathering – Part 1 Social Networks — spylogic.net
Enterprise Open Source Intelligence Gathering – Part 2 Blogs, Message Boards and Metadata — spylogic.net
Enterprise Open Source Intelligence Gathering – Part 3 Monitoring and Social Media Policies — spylogic.net
Tactical Information Gathering
document_metadata_the_silent_killer__32974 (application/pdf Object)
footprinting – passive information gathering before a pentest
People and Orginizational


spokeo.com – People Search
123people.com
Spoke.com – Business Directory
Business Network – Social Network for Business Professionals
ZoomInfo
Pipl – People Search
Free People Search by ZabaSearch!
Free People Finder and Company Search | SearchBug
Free People Search
Addictomatic: Inhale the Web
Real Time Search – Social Mention
EntityCube
yasni.com | No. 1 free people search – Find anyone on the web
Tweepz.com – search, find and discover interesting people on twitter
TweepSearch :: Twitter Profile and Bio Search
Glassdoor.com – Company Salaries and Reviews
Jigsaw Business Contact Directory
Full Text Search
TinEye Reverse Image Search
PeekYou
PicFog – Quick Image Search
Twapper Keeper – “We save tweets” – Archive Tweets
White Pages | Email Lookup | People Find Tools at The Ultimates
Infastructure


Netcraft Uptime Survey
SHODAN – Computer Search Engine
Domain Tools: Whois Lookup and Domain Suggestions
Free online network utilities – traceroute, nslookup, automatic whois lookup, ping, finger
http://hackerfantastic.com/
WHOIS and Reverse IP Service
MSN IP Search
SSL Labs – Projects / Public SSL Server Database – SSL Server Test
MyIPNeighbors Reverse IP Lookup
Google Hacking Database, GHDB, Google Dorks
Domain – reports and all about ips, networks and dns
net toolkit::index
IHS |  GHDB
Exploits and Advisories
The Exploit Database

.:[ packet storm ]:.
SecurityFocus
SecurityForest
NIST
OSVDB: The Open Source Vulnerability Database
SecDocs IT Security and Hacking knowledge base
Nullbyte.Org.IL
CVE security vulnerability database
Secunia.com
CVE – Common Vulnerabilities and Exposures (CVE)
Cheat Sheets and Syntax
Big Port DB | Cirt

Cheat Sheet : All Cheat Sheets in one page
Security Advancements at the Monastery » Blog Archive » What’s in Your Folder: Security Cheat Sheets
Information about developments at the Monastery

Agile Hacking

Agile Hacking: A Homegrown Telnet-based Portscanner | GNUCITIZEN
Command Line Kung Fu
Simple yet effective: Directory Bruteforcing
The Grammar of WMIC
Windows Command-Line Kung Fu with WMIC
Windows CMD Commands
running a command on every mac
Syn: Command-Line Ninjitsu
WMIC, the other OTHER white meat.
Hacking Without Tools: Windows – RST
Pentesting Ninjitsu 1
Pentesting Ninjitsu 2 Infrastructure and Netcat without Netcat
[PenTester Scripting]
windows-scripting-COM-tricks
Advanced-Command-Exploitation
OS & Scripts


IPv4 subnetting reference – Wikipedia, the free encyclopedia
All the Best Linux Cheat Sheets
SHELLdorado – Shell Tips & Tricks (Beginner)
Linux Survival :: Where learning Linux is easy
BashPitfalls – Greg’s Wiki
Rubular: a Ruby regular expression editor and tester
http://www.iana.org/assignments/port-numbers
Useful commands for Windows administrators
All the Best Linux Cheat Sheets
Rubular: a Ruby regular expression editor
Tools


netcat cheat sheet (ed skoudis)
nessus/nmap (older)
hping3 cheatsheet
Nmap 5 (new)
MSF, Fgdump, Hping
Metasploit meterpreter cheat sheet reference
Netcat cheat sheet
Distros
BackTrack Linux

Matriux
nUbuntu
Samurai Web Testing Framework
OWASP Live CD Project
Pentoo
Katana
KON-BOOT
Welcome to Linux From Scratch!
SUMO Linux
pentesting packages for ubuntu
BackBox Linux | Flexible Penetration Testing Distribution
Labs


ISO’s / VMs

Web Security Dojo
OWASP Broken Web applications Project
Pentest Live CDs
NETinVM
:: moth – Bonsai Information Security ::
Metasploit: Introducing Metasploitable
Holynix pen-test distribution
WackoPico
LAMPSecurity
Hacking-Lab.com LiveCD
Virtual Hacking Lab
Badstore.net
Mutillidae: A Deliberately Vulnerable Set Of PHP Scripts
Damn Vulnerable Web App – DVWA
pWnOS
The ButterFly – Security Project
Vulnerable Software


Old Version Downloads – OldApps.com
OldVersion.com
Web Application exploits, php exploits, asp exploits
wavsep – Web Application Vulnerability Scanner Evaluation Project
OWASP SiteGenerator – OWASP
Hacme Books | McAfee Free Tools
Hacme Casino v1.0 | McAfee Free Tools
Hacme Shipping | McAfee Free Tools
Hacme Travel | McAfee Free Tools
Test Sites

Test Site
CrackMeBank Investments
http://zero.webappsecurity.com/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com
acublog news
acuforum forums
Home of Acunetix Art
Altoro Mutual
NT OBJECTives
Exploitation Intro
Exploitation – it-sec-catalog – References to vulnerability exploitation stuff. – Project Hosting on Google Code

Myne-us: From 0×90 to 0x4c454554, a journey into exploitation.
Past, Present, Future of Windows Exploitation | Abysssec Security Research
Smash the Stack 2010
The Ethical Hacker Network – Smashing The Modern Stack For Fun And Profit
x9090′s Blog: [TUTORIAL] Exploit Writting Tutorial From Basic To Intermediate
X86 Opcode and Instruction Reference
This reference is intended to be precise opcode and instruction set reference (including x86-64). Its principal aim is exact definition of instruction parameters and attributes.
Reverse Engineering & Malware

TiGa’s IDA Video Tutorial Site
Binary Auditing
http://visi.kenshoto.com/
radare
Offensive Computing | Community Malicious code research and analysis
Passwords and Hashes

Password Exploitation Class
Default Passwords Database
Sinbad Security Blog: MS SQL Server Password Recovery
Foofus Networking Services – Medusa::SMBNT
LM/NTLM Challenge / Response Authentication – Foofus.Net Security Stuff
MD5 Crackers | Password Recovery | Wordlist Downloads
Password Storage Locations For Popular Windows Applications
Online Hash Crack MD5 / LM / NTLM / SHA1 / MySQL – Passwords recovery – Reverse hash lookup Online – Hash Calculator
Requested MD5 Hash queue
Virus.Org
Default Password List
Electric Alchemy: Cracking Passwords in the Cloud: Breaking PGP on EC2 with EDPR

Wordlists

“Crack Me If You Can” – DEFCON 2011
Packet Storm Word Lists
Passwords – SkullSecurity
Index of /passwd/passwords
Pass the Hash

pass-the-hash-attacks-tools-mitigation_33283 (application/pdf Object)
crack-pass-hash_33219 (application/pdf Object)

MitM
Introduction to dsniff – GIAC Certified Student Practical

dsniff-n-mirror.pdf (application/pdf Object)
dsniff.pdf (application/pdf Object)
A Hacker’s Story: Let me tell you just how easily I can steal your personal data – Techvibes.com
ECCE101.pdf (application/pdf Object)
3.pdf (application/pdf Object)
Seven_Deadliest_UC_Attacks_Ch3.pdf (application/pdf Object)
cracking-air.pdf (application/pdf Object)
bh-europe-03-valleri.pdf (application/pdf Object)
Costa.pdf (application/pdf Object)
defcon-17-sam_bowne-hijacking_web_2.0.pdf (application/pdf Object)
Live_Hacking.pdf (application/pdf Object)
PasstheParcel-MITMGuide.pdf (application/pdf Object)
2010JohnStrandKeynote.pdf (application/pdf Object)
18.Ettercap_Spoof.pdf (application/pdf Object)
EtterCap ARP Spoofing & Beyond.pdf (application/pdf Object)
Fun With EtterCap Filters.pdf (application/pdf Object)
The_Magic_of_Ettercap.pdf (application/pdf Object)
arp_spoofing.pdf (application/pdf Object)
Ettercap(ManInTheMiddleAttack-tool).pdf (application/pdf Object)
ICTSecurity-2004-26.pdf (application/pdf Object)
ettercap_Nov_6_2005-1.pdf (application/pdf Object)
MadIrish.net Mallory is More than a Proxy
Thicknet: It does more than Oracle, Steve Ocepek securityjustice on USTREAM. Computers
OSINT



Edge-Security – theHarvester- Information Gathering
DNSTRACER man-page
Maltego 3

Metadata

document-metadata-silent-killer_32974 (application/pdf Object)
[strike out]
ExifTool by Phil Harvey
Edge-Security – Metagoofil – Metadata analyzer – Information Gathering
Security and Networking – Blog – Metadata Enumeration with FOCA
Google Hacking
Midnight Research Labs – SEAT

Google Hacking Diggity Project « Stach & Liu
dorkScan.py
Web


BeEF
BlindElephant Web Application Fingerprinter
XSSer: automatic tool for pentesting XSS attacks against different applications
RIPS | Download RIPS software for free at SourceForge.net
http://www.divineinvasion.net/authforce/
Attack and Defense Labs – Tools
Browser_Exploitation_for_Fun&Profit
Using sqid (SQL Injection Digger) to look for SQL Injection
pinata-CSRF-tool
XSSer: automatic tool for pentesting XSS attacks against different applications
Clickjacker
unicode-fun.txt ≈ Packet Storm
WebService-Attacker

Attack Strings

fuzzdb – Project Hosting on Google Code
OWASP Fuzzing Code Database – OWASP
Shells
SourceForge.net: Yokoso!

AJAX/PHP Command Shell
Scanners


w3af – Web Application Attack and Audit Framework
skipfish – Project Hosting on Google Code
sqlmap: automatic SQL injection tool
SQID – SQL Injection digger
http://www.packetstormsecurity.org/UNIX/scanners/XSSscan.py.txt
WindowsAttack – fimap – Windows Attacking Example – Project Hosting on Google Code
fm-fsf – Project Hosting on Google Code
Websecurify
News :: Arachni – Web Application Security Scanner Framework
rfiscan ≈ Packet Storm
lfi-rfi2 scanner ≈ Packet Storm
inspathx – Tool For Finding Path Disclosure Vulnerabilities
DotDotPwn – The Directory Traversal Fuzzer 2.1 ≈ Packet Storm
Proxies


fuzzing-approach-credentials-discovery-burp-intruder_33214 (application/pdf Object)

Constricting the Web: The GDS Burp API – Gotham Digital Science
Browse Belch – Burp External Channel v1.0 Files on SourceForge.net
Burp Suite Tutorial – Repeater and Comparer Tools « Security Ninja
w3af in burp
Attack and Defense Labs – Tools
burp suite tutorial – English
SensePost – reDuh – HTTP Tunneling Proxy
Social Engineering

Social Engineering Toolkit


Password
Ncrack

Medusa
JTR
Ophcrack
keimpx in action | 0x3f
keimpx – Project Hosting on Google Code
hashkill
Metasploit


markremark: Reverse Pivots with Metasploit – How NOT to make the lightbulb
WmapNikto – msf-hack – One-sentence summary of this page. – Project Hosting on Google Code
markremark: Metasploit Visual Basic Payloads in action
Metasploit Mailing List
PaulDotCom: Archives
OpenSSH-Script for meterpreter available !
Metasploit: Automating the Metasploit Console
561
Deploying Metasploit as a Payload on a Rooted Box Tutorial
Metasploit/MeterpreterClient – Wikibooks, collection of open-content textbooks
SecTor 2010 – HD Moore – Beyond Exploits on Vimeo
XLSinjector « Milo2012′s Security Blog
Armitage – Cyber Attack Management for Metasploit
Nsploit
neurosurgery-with-meterpreter
(automating msf) UAV-slides.pdf

MSF Exploits or Easy

Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
Tenable Network Security
NSE
Nmap Scripting Engine Primer Tutorial

NSEDoc Reference Portal
Net Scanners & Scripts


Nmap
sambascan2 – SMB scanner
SoftPerfect Network Scanner
OpenVAS
Nessus Community | Tenable Network Security
Nexpose Community | Rapid7
Retina Community
Post Exploitation


http://www.awarenetwork.org/home/rattle/source/python/exe2bat.py
Metacab | PHX2600
Netcat


Re: Your favorite Ncat/nc/Netcat trick? – ReadList.com
ads.pdf (application/pdf Object)
Netcat_for_the_Masses_DDebeer.pdf (application/pdf Object)
netcat_cheat_sheet_v1.pdf (application/pdf Object)
socat
NetCat tutorial: Day1 [Archive] – Antionline Forums – Maximum Security for a Connected World
Netcat tricks « Jonathan’s Techno-tales
Nmap Development: Re: Your favorite Ncat/nc/Netcat trick?
Few Useful Netcat Tricks « Terminally Incoherent
Skoudis_pentestsecrets.pdf (application/pdf Object)
Cracked, inSecure and Generally Broken: Netcat
Ncat for Netcat Users
Source Inspection


Graudit – Just Another Hacker
javasnoop – Project Hosting on Google Code
Firefox Addons


David’s Pen Testing (Security) Collection :: Collections :: Pengaya untuk Firefox
OSVDB :: Add-ons for Firefox
Packet Storm search plugin. :: Add-ons for Firefox
Default Passwords – CIRT.net :: Add-ons for Firefox
Offsec Exploit-db Search :: Add-ons for Firefox
OVAL repository search plugin :: Add-ons for Firefox
CVE ® dictionary search plugin :: Add-ons for Firefox
HackBar :: Add-ons for Firefox
Tool Listings


.:[ packet storm ]:. – tools
Security and Hacking Tools
Training/Classes
Sec / Hacking



Penetration Testing and Vulnerability Analysis – Home
Network Sniffers Class for the Kentuckiana ISSA 2011 (Hacking Illustrated Series InfoSec Tutorial Videos)
CNIT 124: Advanced Ethical Hacking — Sam Bowne
CS 279 – Advanced Topics in Security
CS142 Web Programming and Security – Stanford
CS155 Computer and Network Security – Stanford
CSE 227: Computer Security – UCSD
CS 161: Computer Security – UC Berkley
Security Talks – UCLA
CSCI 4971 Secure Software Principles – RPI
MCS 494 UNIX Security Holes
Software Security – CMU
T-110.6220 Special Topics in Ifocsec -TKK
Sec and Infosec Related – MIT
Metasploit

Metasploit Unleashed
Metasploit Class Videos  (Hacking Illustrated Series InfoSec Tutorial Videos)
Metasploit Megaprimer 300+ mins of video
Metasploit Tips and Tricks – Ryan Linn
OffSecOhioChapter, Metasploit Class2 – Part1
OffSecOhioChapter, Metasploit Class2 – Part2
OffSecOhioChapter, Metasploit Class2 – Part3
Programming


Python

Google’s Python Class – Google’s Python Class – Google Code
Python en:Table of Contents – Notes
TheNewBoston – Free Educational Video Tutorials on Computer Programming and More! » Python
Python Videos, Tutorials and Screencasts
Learning Python Programming Language Through Video Lectures – good coders code, great reuse
Ruby


Video Tutorials – Technology Demonstrations – tekniqal

Other/Misc
CS490 Windows Internals

T-110.6220 Lectures – Noppa – TKK
Index of /edu/training/ss/lecture/new-documents/Lectures
 InfoSec Resources
Robert Hansen on Vimeo
Web Vectors
SQLi



MSSQL Injection Cheat Sheet – pentestmonkey.net
SQL Injection Cheat Sheet
EvilSQL Cheatsheet
RSnake SQL Injection Cheatsheet
Mediaservice.net SQLi Cheatsheet
MySQL Injection Cheat Sheet
Full MSSQL Injection PWNage
MS Access SQL Injection Cheat Sheet » krazl – â„¢ ķЯαž£ â„¢ – bloggerholic
MS Access SQL Injection Cheat Sheet
Penetration Testing: Access SQL Injection
Testing for MS Access – OWASP
Security Override – Articles: The Complete Guide to SQL Injections
Obfuscated SQL Injection attacks
Exploiting hard filtered SQL Injections « Reiners’ Weblog
SQL Injection Attack
YouTube – Joe McCray – Advanced SQL Injection – LayerOne 2009
Joe McCray – Advanced SQL Injection – L1 2009.pdf (application/pdf Object)
Joseph McCray SQL Injection
sla.ckers.org web application security forum :: Obfuscation :: SQL filter evasion
sqli2.pdf (application/pdf Object)
SQL Server Version – SQLTeam.com
Overlooked SQL Injection 20071021.pdf (application/pdf Object)
SQLInjectionCommentary20071021.pdf (application/pdf Object)
uploadtricks


bypassing upload file type – Google Search
Skeptikal.org: Adobe Responds… Sort Of
Secure File Upload in PHP Web Applications | INSIC DESIGNS
Stupid htaccess Tricks • Perishable Press
Tricks and Tips: Bypassing Image Uploaders. – By: t3hmadhatt3r
Security FCKeditor ADS File Upload Vulnerability – Windows Only
Cross Site Scripting scanner – Free XSS Security Scanner
VUPEN – Microsoft IIS File Extension Processing Security Bypass Vulnerability / Exploit (Security Advisories – VUPEN/ADV-2009-3634)
Uploading Files Using the File Field Control
TangoCMS – Security #237: File Upload Filter Bypass in TangoCMS <=2.5.0 – TangoCMS Project
Full Disclosure: Zeroboard File Upload & extension bypass Vulnerability
Cross-site File Upload Attacks | GNUCITIZEN
TikiWiki jhot.php Script File Upload Security Bypass Vulnerability
FileUploadSecurity – SH/SC Wiki
LFI/RFI

Exploiting PHP File Inclusion – Overview « Reiners’ Weblog
LFI..Code Exec..Remote Root!
Local File Inclusion – Tricks of the Trade « Neohapsis Labs
Blog, When All You Can Do Is Read – DigiNinja
XSS


The Anatomy of Cross Site Scripting
Whitepapers – www.technicalinfo.net
Cross-Site Scripting (XSS) – no script required – Tales from the Crypto
Guide Cross Site Scripting – Attack and Defense guide – InterN0T – Underground Security Training
BlackHat-EU-2010-Lindsay-Nava-IE8-XSS-Filters-slides.pdf (application/pdf Object)
sirdarckcat: Our Favorite XSS Filters and how to Attack them
Filter Evasion – Houdini on the Wire « Security Aegis
HTML5 Security Cheatsheet
XSS – Cross Site Scripting
sla.ckers.org web application security forum :: XSS Info
[DOM Based Cross Site Scripting or XSS of the Third Kind] Web Security Articles – Web Application Security Consortium
What’s Possible with XSS?
Coldfusion


ColdFusion directory traversal FAQ (CVE-2010-2861) | GNUCITIZEN
Attacking ColdFusion. | Sigurnost i zastita informacija
Attacking ColdFusion
HP Blogs – Adobe ColdFusion’s Directory Traversal Disaster – The HP Blog Hub
254_ShlomyGantz_August2009_HackProofingColdFusion.pdf (application/pdf Object)
Adobe XML Injection Metasploit Module | carnal0wnage.attackresearch.com
Computer Security Blog: PR10-08 Various XSS and information disclosure flaws within Adobe ColdFusion administration console
SharePoint


The Ethical Hacker Network – Pen Testing Sharepoint
Lotus

Lotus Notes/Domino Security – David Robert’s -castlebbs- Blog
Penetration Testing: Re: Lotus Notes
Hacking Lotus Domino | SecTechno
jboss


Whitepaper-Hacking-jBoss-using-a-Browser.pdf (application/pdf Object)
Minded Security Blog: Good Bye Critical Jboss 0day
vmware web


Metasploit Penetration Testing Framework – Module Browser
Oracle appserver


hideaway [dot] net: Hacking Oracle Application Servers
Testing for Oracle – OWASP
OraScan
NGSSQuirreL for Oracle
hpoas.pdf (application/pdf Object)
SAP

Onapsis | Research Labs
‘[john-users] patch for SAP-passwords (BCODE & PASSCODE)’ – MARC
Phenoelit SAP exploits
Wireless
pyrit – WPA/WPA2-PSK and a world of affordable many-core platforms – Google Project Hosting
Capture the Flag/Wargames


http://intruded.net/
SmashTheStack Wargaming Network
flack & hkpco.kr
HC’s Capture the Flag site
The UCSB iCTF
CTF Calendar
Conferences


Information Security Conferences Calnedar
misc/unsorted


http://www.ikkisoft.com/stuff/SMH_XSS.txt
XFS 101: Cross-Frame Scripting Explained | SecureState Information Security Blog
What The Fuck Is My Information Security Strategy?
OWASP_DanielCutbert_Evolution_WebAppPenTest.mp4
DeepSec 2007 – Aaron Portnoy Cody Pierce – RPC Auditing Tools and Techniques
extern blog SensePost;
Zen One: PCI Compliance – Disable SSLv2 and Weak Ciphers
HD Moore on Metasploit, Exploitation and the Art of Pen Testing | threatpost
Network Time Protocol (NTP) Fun | carnal0wnage.attackresearch.com
black-box-scanners-dimva2010.pdf (application/pdf Object)
Database_Pen_Testing_ISSA_March_25_V2.pdf (application/pdf Object)
Stupid htaccess Tricks • Perishable Press
Bookmarks Toolbar
Add bookmarks to this folder to see them displayed on the Bookmarks Toolbar

Most Visited
Getting Started
Latest Headlines


Programming/Coding
[Bash] Advanced Bash-Scripting Guide - http://tldp.org/LDP/abs/html/
[Bash] Bash shell scripting tutorial - http://steve-parker.org/sh/sh.shtml
[Bash] Bourne Shell Reference - http://linuxreviews.org/beginner/bash_GNU_Bourne-Again_SHell_Reference/Again_SHell_Reference/
[CheatSheet] Scripting Languages: PHP, Perl, Python, Ruby - http://hyperpolyglot.org/scripting
http://bashshell.net/shell-scripts/forcing-scripts-to-run-as-root/
http://markdotto.com/playground/3d-text/
http://bernardodamele.blogspot.com/2011/09/reverse-shells-one-liners.html
https://www.owasp.org/index.php/HTML5_Security_Cheat_Sheet
Offensive Security’s Pentesting With BackTrack (PWB)Course
[Pre-course] Corelan Team - http://www.corelan.be/
[Pre-course] The Penetration Testing Execution Standard - http://www.pentest-standard.org/index.php/Main_Page
[Hash] NTLM Decrypter - http://www.md5decrypter.co.uk/ntlm-decrypt.aspx
[Hash] reverse hash search and calculator - http://goog.li/
http://security.crudtastic.com/?p=213
Tunnelling / Pivoting
[Linux] SSH gymnastics with proxychains - http://pauldotcom.com/2010/03/ssh-gymnastics-with-proxychain.html
[Windows] Nessus Through SOCKS Through Meterpreter -http://www.digininja.org/blog/nessus_over_sock4a_over_msf.php
WarGames / Online Challenges
[WarGames] Title - http://securityoverride.com/
[WarGames] Title - http://intruded.net/
[Challenge] The Ksplice Pointer Challenge - http://blogs.oracle.com/ksplice/
[WarGames] Title - http://spotthevuln.com
[WarGames] Title - http://cvo-lab.blogspot.com/2011/05/iawacs-2011-forensics-challenge.html
[WarGames] Title - http://ftp.hackerdom.ru/ctf-images/
http://r00tsec.blogspot.com/2011/02/pentest-lab-vulnerable-servers.html
http://jhyx4life.blogspot.com/2007/02/practicas-para-un-hacker-wargames.html
https://www.owasp.org/index.php/OWASP_iGoat_Project
Exploit Development (Programs)
[Download] Title - http://www.oldapps.com/
[Download] Title - http://www.oldversion.com/
[Download] Title - http://www.exploit-db.com/webapps/
Misc
[RSS] Open Penetration Testing Bookmarks Collection - https://code.google.com/p/pentest-bookmarks/downloads/list
[ExploitDev] Data mining Backtrack 4 for buffer overflow return addresses  -http://insidetrust.blogspot.com/2010/12/data-mining-backtrack-4-for-buffer.html
[DIY] Repair a Broken Ethernet Plug - http://www.instructables.com/id/Repair-a-Broken-Ethernet-Plug/step5/Make-its-Head-Thin/
[Desktop] Ubuntu Security - http://ubuntuforums.org/showthread.php?t=510812
[TechHumor] Title - https://www.xkcd.com
[TechHumor] Title - http://www.blackhat.com/presentations/bh-europe-05/BH_EU_05-Long.pdf
http://www.packetstan.com/2011/03/nbns-spoofing-on-your-way-to-world.html
http://dsecrg.blogspot.com/search/label/SMBRelay%20bible
http://www.ivizsecurity.com/blog/web-application-security/testing-flash-applications-pen-tester-guide/
http://sghctoma.extra.hu/index.php?p=entry&id=18
http://www.anti-forensics.com/beat-encase-file-signature-analysis-on-a-windows-system
https://blogs.msdn.com/themes/blogs/generic/post.aspx?WeblogApp=oldnewthing&y=2011&m=09&d=21&WeblogPostID=10214405&GroupKeys=
http://tuts4you.com/download.php?view.3216
http://tuts4you.com/download.php?list.17
http://portal.b-at-s.net/download.php
http://journeyintoir.blogspot.com/2011/09/building-timelines-tools-usage.html
http://quequero.org/uicwiki/index.php?diff=12753&oldid=prev&title=Carberp_Reverse_Engineering
https://code.google.com/p/findmyhash/downloads/list
http://www.contextis.com/research/blog/reverseproxybypass/
Malware
https://code.google.com/p/yara-project/
http://malwares.pl/index.php?dir=
http://contagiodump.blogspot.com/2010/03/collection-of-web-backdoors-shells-from.html
Programs/Scripts
https://github.com/liftoff/GateOne
Embedded Devies
http://www.routerpwn.com
https://code.google.com/p/littleblackbox/
http://samy.pl/androidmap/
http://dogber1.blogspot.com/2009/05/table-of-reverse-engineered-bios.html
Exploit Development
[Guides] Corelan Team - http://www.corelan.be/
[Guide] From 0×90 to 0x4c454554, a journey into exploitation.  - http://myne-us.blogspot.com/2010/08/from-0×90-to-0x4c454554-journey-into.html
[Guide] An Introduction to Fuzzing: Using fuzzers (SPIKE) to find vulnerabilities -http://resources.infosecinstitute.com/intro-to-fuzzing/
[Video] TiGa’s Video Tutorial Series on IDA Pro - http://www.woodmann.com/TiGa/idaseries.html
[Guide] Advanced Windows Buffer Overflows - http://labs.snort.org/awbo/
[Guide] Stack Based Windows Buffer Overflow Tutorial - http://grey-corner.blogspot.com/2010/01/beginning-stack-based-buffer-overflow.html
[Guide] SEH Stack Based Windows Buffer Overflow Tutorial - http://grey-corner.blogspot.com/2010/01/seh-stack-based-windows-buffer-overflow.html
[Guide] Windows Buffer Overflow Tutorial: Dealing with Character Translation - http://grey-corner.blogspot.com/2010/01/windows-buffer-overflow-tutorial.html
[Guide] Heap Spray Exploit Tutorial: Internet Explorer Use After Free Aurora Vulnerability< - http://grey-corner.blogspot.com/2010/01/heap-spray-exploit-tutorial-internet.html
[Guide] Windows Buffer Overflow Tutorial: An Egghunter and a Conditional Jump - http://grey-corner.blogspot.com/2010/02/windows-buffer-overflow-tutorial.html
[Linux] Linux exploit development part 1 – Stack overflow. - http://sickness.tor.hu/?p=363
[Linux] Linux Exploit Writing Tutorial Pt 2 – Stack Overflow ASLR bypass Using ret2reg - http://sickness.tor.hu/?p=365
[Linux] Linux exploit development part 3 – ret2libc - http://sickness.tor.hu/?p=368
[Linux] Linux exploit development part 4 – ASCII armor bypass + return-to-plt - http://sickness.tor.hu/?p=378
[TechHumor] Title - https://www.youtube.com/watch?v=klXFqtYR5Mg
[TechHumor] Title - http://amolnaik4.blogspot.com/2011/06/exploit-development-with-monapy.html
http://eli.thegreenplace.net/2011/09/06/stack-frame-layout-on-x86-64/
Exploit Development (Case Studies/Walkthroughs)
[Web] Finding 0days in Web Applications - http://www.exploit-db.com/finding-0days-in-web-applications/
[Windows] Offensive Security Exploit Weekend - http://www.corelan.be/index.php/2010/11/13/offensive-security-exploit-weekend/
[Windows] From vulnerability to exploit under 5 min  - http://0entropy.blogspot.com/2011/02/from-vulnerability-to-exploit-under-5.html
Exploit Development (Patch Analysis)
[Windows] A deeper look at ms11-058 - http://www.skullsecurity.org/blog/2011/a-deeper-look-at-ms11-058
[Windows] Patch Analysis for MS11-058 - https://community.qualys.com/blogs/securitylabs/2011/08/23/patch-analysis-for-ms11-058
[Windows] CVE-2011-1281: A story of a Windows CSRSS Privilege Escalation vulnerability -http://j00ru.vexillium.org/?p=893
[Mobile] Analyzing and dissecting Android applications for security defects and vulnerabilities - https://www.net-security.org/article.php?id=1613
Exploit Development (Metasploit Wishlist)
[ExplotDev] Metasploit Exploits Wishlist !  - http://esploit.blogspot.com/2011/03/metasploit-exploits-wishlist.html
[Guide] Porting Exploits To Metasploit Part 1 - http://www.securitytube.net/video/2118
Passwords & Rainbow Tables (WPA)
[RSS] Title - http://ob-security.info/?p=475
[RSS] Title - http://nakedsecurity.sophos.com/2011/06/14/the-top-10-passcodes-you-should-never-use-on-your-iphone/
[RSS] Title - http://www.troyhunt.com/2011/06/brief-sony-password-analysis.html
[WPA] Offensive Security: WPA Rainbow Tables - http://www.offensive-security.com/wpa-tables/
[Tool] Ultra High Security Password Generator - https://www.grc.com/passwords.htm
[Guide] Creating effective dictionaries for password attacks  - http://insidetrust.blogspot.com/2010/07/creating-effective-dictionaries-for.html
[Leaked] Diccionarios con Passwords de Sitios Expuestos - http://www.dragonjar.org/diccionarios-con-passwords-de-sitios-expuestos.xhtml
[Download] Index of / - http://svn.isdpodcast.com/wordlists/
[Guide] Using Wikipedia as brute forcing dictionary - http://lab.lonerunners.net/blog/using-wikipedia-as-brute-forcing-dictionary
[Tool] CeWL – Custom Word List generator - http://www.digininja.org/projects/cewl.php
[Download] Title - http://www.aircrack-ng.org/doku.php?id=faq#where_can_i_find_good_wordlists
[Leaked] Passwords - http://www.skullsecurity.org/wiki/index.php/Passwords
Cheat-Sheets
[OS] A Sysadmin’s Unixersal Translator  - http://bhami.com/rosetta.html
[WiFi] WirelessDefence.org’s Wireless Penetration Testing Framework -http://www.wirelessdefence.org/Contents/Wireless%20Pen%20Test%20Framework.html
Anti-Virus
[Metasploit] Facts and myths about antivirus evasion with Metasploit -http://schierlm.users.sourceforge.net/avevasion.html
[Terms] Methods of bypassing Anti-Virus (AV) Detection – NetCat - http://compsec.org/security/index.php/anti-virus/283-anti-virus-central-methods-of-bypassing-anti-virus-av-detection.html
Privilege Escalation
[Linux] Hacking Linux Part I: Privilege Escalation - http://www.dankalia.com/tutor/01005/0100501004.htm
[Windows] Windows 7 UAC whitelist - http://www.pretentiousname.com/misc/win7_uac_whitelist2.html
[Windows] Windows Privilege Escalation Part 1: Local Administrator Privileges -http://www.netspi.com/blog/2009/10/05/windows-privilege-escalation-part-1-local-administrator-privileges/
Metasploit
[Guide] fxsst.dll persistence: the evil fax machine - http://www.room362.com/blog/2011/6/27/fxsstdll-persistence-the-evil-fax-machine.html
[Guide] Bypassing DEP/ASLR in browser exploits with McAfee and Symantec -http://www.scriptjunkie.us/2011/08/custom-payloads-in-metasploit-4/
[Guides] Metasploit Unleashed - http://www.offensive-security.com/metasploit-unleashed/Metasploit_Unleashed_Information_Security_Training
[Guides] Metasploit Megaprimer (Exploitation Basics And Need For Metasploit) Part 1 -http://www.securitytube.net/video/1175
http://securityxploded.com/metasploit-password-modules.php
Default Generators
[WEP] mac2wepkey – Huawei default WEP generator - http://websec.ca/blog/view/mac2wepkey_huawei
[WEP] Generator: Attacking SKY default router password -http://sec.jetlib.com/BackTrack_Linux_Forums/2011/01/12/Generator:_Attacking_SKY_default_router_password
Statistics
[Defacements] Zone-H - http://www.zone-h.org/
[ExploitKits] CVE Exploit Kit list - http://exploitkit.ex.ohost.de/CVE%20Exploit%20Kit%20List.htm
http://www.ccssforum.org/malware-certificates.php?&pag=1f
Cross Site Scripting (XSS)
[Guide] vbSEO – From XSS to Reverse PHP Shell - http://www.exploit-db.com/vbseo-from-xss-to-reverse-php-shell/
[RSS] Title - http://www.thespanner.co.uk/2009/03/25/xss-rays/
http://jon.oberheide.org/blog/2011/03/07/how-i-almost-won-pwn2own-via-xss/
http://skeletonscribe.blogspot.com/2011/05/js-less-xss.html
http://unconciousmind.blogspot.com/2011/09/xss-illustrated.html
Podcasts
[Weekly] PaulDotCom - http://pauldotcom.com/podcast/psw.xml
[Monthly] Social-Engineer - http://socialengineer.podbean.com/feed/
Blogs & RSS
[RSS] SecManiac - http://www.secmaniac.com/
[Guides] Carnal0wnage & Attack Research - http://carnal0wnage.attackresearch.com/
[RSS] Contagio - http://contagiodump.blogspot.com/
[News] THN : The Hacker News - http://thehackernews.com/
[News] Packet Storm: Full Disclosure Information Security - http://packetstormsecurity.org/
[Guides] pentestmonkey | Taking the monkey work out of pentesting - http://pentestmonkey.net/
[RSS] Darknet – The Darkside | Ethical Hacking, Penetration Testing & Computer Security -http://www.darknet.org.uk/
[RSS] Irongeek - http://www.irongeek.com/
[Metasploit] Room 363 - http://www.room362.com/
[Guides] Question Defense: Technology Answers For Technology Questions - http://www.question-defense.com/
[Guides] stratmofo’s blog  - http://securityjuggernaut.blogspot.com/
[Guides] TheInterW3bs - http://theinterw3bs.com/
[Guides] consolecowboys - http://console-cowboys.blogspot.com/
[Guides] A day with Tape - http://adaywithtape.blogspot.com/
[Guides] Cybexin’s Blog – Network Security Blog - http://cybexin.blogspot.com/
[RSS] BackTrack Linux – Penetration Testing Distribution - http://www.backtrack-linux.org/feed/
[RSS] Offensive Security - http://www.offensive-security.com/blog/feed/
[RSS] Title - http://www.pentestit.com
[RSS] Title - http://michael-coates.blogspot.com
[RSS] Title - http://blog.0x0e.org
[RSS] Title - http://0×80.org/blog
[RSS] Title - http://archangelamael.shell.tor.hu
[RSS] Title - http://archangelamael.blogspot.com
[RSS] Title - http://www.coresec.org
[RSS] Title - http://noobys-journey.blogspot.com
[RSS] Title - http://www.get-root.com
[RSS] Title - http://www.kislaybhardwaj.com
[RSS] Title - https://community.rapid7.com/community/metasploit/blog
[RSS] Title - http://mimetus.blogspot.com
[RSS] Title - http://hashcrack.blogspot.com
[RSS] Title - https://rephraseit.wordpress.com
[RSS] Title - http://www.exploit-db.com
[RSS] Title - http:/skidspot.blogspot.com
[RSS] Title - http://grey-corner.blogspot.com
[RSS] Title - http://vishnuvalentino.com
[RSS] Title - http://ob-security.infohttp://twitter.com/n1tr0g3n_hack3r

Windows 7 Download Links;
32-Bit Windows 7 Home Premium
64-Bit Windows 7 Home Premium
32-Bit Windows 7 Professional
64-Bit Windows 7 Professional