Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- URL References:
- - https://www.windowscentral.com/how-permanently-disable-windows-defender-antivirus-windows-10
- - https://github.com/cyberspacekittens/Probable-Wordlists/blob/master/Real-Passwords/WPA-Length/Real-Password-WPA-MegaLinks.md
- - http://webserver/payload
- - https://github.com/EmpireProject/Empire/blob/master/data/module_source/collection/Invoke-NinjaCopy.ps1
- - laurent.blogspot.com/2016/10/introducing-responder-multirelay-10.html
- - https://github.com/trustedsec/nps_payload
- - vpn.loca1host.com
- - https://www.fireeye.com/blog/threat-
- - 2Fcyberspacekittens.com
- - https://www.w3schools.com/tags/ref_eventattributes.asp
- - https://github.com/mitre/caldera
- - https://lightsail.aws.amazon.com/
- - http://blog.portswigger.net/2015/08/server-side-template-injection.html
- - https://support.microsoft.com/en-us/help/929650/how-to-use-spns-when-you-
- - http://www.fuzzysecurity.com/tutorials/16.html
- - https://github.com/trustedsec/social-engineer-toolkit
- - https://github.com/BloodHoundAD/BloodHound/tree/master/Ingestors
- - https://github.com/breenmachine/httpscreenshot
- - lethalsecurity.com
- - https://www.vulnerability-
- - https://github.com/cyberspacekittens/metasploit-framework/commit/cdef390344930b308d48907030ec2b87cdb07029#diff-025d24bfdd78aa27353572d067da50b3L260
- - https://imagetragick.com/
- - https://shop.riftrecon.com/products/under-the-door-tool
- - a0.awsstatic.com
- - https://mail.cyberspacekittens.com/owa/auth/logon.aspx
- - https://buer.haus/breport/index.php
- - https://blog.kchung.co/rfid-
- - http://thehackerplaybook.com/training/
- - https://github.com/lukebaggett/dnscat2-powershell
- - http://chat:3000/ssrf
- - https://github.com/luin/serialize/search?utf8=%E2%9C%93&q=eval&type=
- - https://blog.christophetd.fr/abusing-aws-metadata-service-using-ssrf-vulnerabilities/
- - https://github.com/cyberspacekittens/password_cracking_rules
- - https://docs.google.com/spreadsheets/d/1H9_xaxQHpWaa4O_Son4Gx0YOIzlcBWMsdvePFX68EKU/edit#gid=361554658
- - https://github.com/FuzzySecurity/PSKernel-Primitives/tree/master/Sample-
- - https://github.com/anshumanbh/git-all-secrets
- - https://www.social-engineer.org/wp-content/uploads/2017/11/SECTF-2017.pdf
- - http://hackerwarehouse.com/product/proxmark3-rdv2-kit/
- - https://gist.githubusercontent.com/cheetz/4d6a26bb122a942592ab9ac21894e57b/raw/f58e82c9abfa46a932eb92edbe6b18214141439b/all.txt
- - https://github.com/thealpiste/C_ReverseHTTPS_Shellcode
- - https://www.owasp.org/images/3/3c/OWASP_Top_10_-_2017_Release_Candidate1_English.pdf
- - http://mirrors.jenkins.io/war-stable/1.651.2/
- - https://github.com/Coalfire-Research/Red-Baron
- - https://github.com/cheetz/sslScrape
- - https://www.us-cert.gov/ncas/alerts/TA13-088A
- - https://sensepost.com/blog/2017/macro-less-code-exec-in-msword/
- - https://github.com/robertdavidgraham/masscan
- - https://www.rootusers.com/how-to-install-iis-in-windows-server-2016/
- - https://bugs.chromium.org/p/project-zero/issues/detail?id=1428
- - https://github.com/0xsobky/HackVault/wiki/Unleashing-an-Ultimate-XSS-Polyglot
- - https://github.com/tennc/webshell
- - https://github.com/cheetz/dnscat2/tree/master/server/controller
- - http://www.harmj0y.net/blog/empire/empire-1-5/
- - https://msdn.microsoft.com/en-
- - https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
- - pipl.com
- - mail.google.com
- - https://technet.microsoft.com/en-
- - Censys.io
- - https://serverfault.com/questions/356123/how-to-allow-just-one-user-to-login-in-special-computer-in-server-2003
- - testlab.company.com
- - https://github.com/cheetz/THP-ChatSupportSystem/blog/master/lab.txt
- - https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/smb/ms17_010_eternalblue.rb
- - https://www.youtube.com/watch
- - https://www.n00py.io/2017/01/compromising-jenkins-and-extracting-credentials/
- - https://github.com/rsmudge/Malleable-C2-Profiles/blob/master/normal/amazon.profile
- - https://www.eff.org/pages/legal-assistance
- - https://gist.githubusercontent.com/scumjr/17d91f20f73157c722ba2aea702985d2/raw/a37178567ca7b816a5c6f891080770feca5c74d7/dirtycow-mem.c
- - https://www.us-cert.gov/ncas/alerts/TA18-086A
- - https://blog.cobaltstrike.com/2017/02/06/high-reputation-redirectors-and-domain-fronting/
- - https://github.com/rapid7/metasploit-framework/wiki/Setting-Up-a-
- - https://www.mdsec.co.uk/2018/03/payload-generation-using-
- - https://github.com/FuzzySecurity/PowerShell-Suite/blob/master/Invoke-MS16-032.ps1
- - https://github.com/hashcat/hashcat-utils/releases
- - https://medium.com/@Ne0nd0g/introducing-merlin-645da3c635a#df21
- - https://www.virustotal.com/#/file/e13d0e84fa8320e310537c7fdc4619170bfdb20214baaee13daad90a175c13c0/detection
- - http://chat:3000/xss
- - thehackerplaybook.com/updates
- - https://en.wikipedia.org/wiki/Immediately-invoked_function_expression
- - https://enigma0x3.net/2017/09/11/lateral-movement-using-excel-application-
- - https://github.com/danielmiessler/SecLists/tree/master/Discovery/Web-Content
- - https://github.com/cheetz/hidemyps
- - https://blogs.technet.microsoft.com/canitpro/2017/02/22/step-by-step-setting-up-active-directory-in-windows-server-2016/
- - https://github.com/danielbohannon/Invoke-Obfuscation
- - https://www.cyberark.com/threat-research-blog/red-team-insights-https-domain-fronting-google-hosts-using-cobalt-strike/
- - https://www.arin.net/
- - https://www.trustwave.com/Resources/SpiderLabs-Blog/Simplifying-Password-Spraying/
- - https://github.com/EmpireProject/Empire
- - https://github.com/rebootuser/LinEnum
- - http://sqlmap.org/
- - https://rileykidd.com/2017/08/03/application-whitelist-bypass-
- - https://wiki.skullsecurity.org/Passwords
- - https://github.com/ChrisTruncer/EyeWitness
- - https://github.com/samratashok/nishang/blob/master/Shells/Invoke-PowerShellIcmp.ps1
- - https://thehackernews.com/2017/12/data-
- - https://github.com/blechschmidt/massdns
- - https://medium.com/@mirkatson/running-metasploit-on-kali-linux-docker-aws-ec2-instance-a2f7d7310b2b
- - https://github.com/bluscreenofjeff/AggressorScripts/blob/master/mimikatz-every-30m.cna
- - https://github.com/leechristensen/Random/blob/master/CSharp/DisablePSLogging.cs
- - http://getgophish.com/documentation/
- - https://github.com/mdsecactivebreach/SharpShooter
- - https://enigma0x3.net/2017/01/23/lateral-movement-via-dcom-round-2/
- - https://nakedsecurity.sophos.com/2013/11/04/anatomy-of-a-password-
- - n.name
- - https://bugs.chromium.org/p/project-zero/issues/list
- - https://snyk.io/test/npm/node-serialize
- - http://chat:3000/ti
- - https://github.com/Ne0nd0g/merlin
- - https://github.com/hashcat/hashcat/tree/master/rules
- - https://github.com/harleyQu1nn/AggressorScripts
- - https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Exfiltration/Invoke-Mimikatz.ps1
- - https://www.esecurityplanet.com/network-security/unpatched-open-source-software-flaw-blamed-for-massive-equifax-breach.html
- - https://powersploit.readthedocs.io/en/latest/Recon/Invoke-
- - https://github.com/GreatSCT/GreatSCT/tree/develop
- - https://inteltechniques.com/OSINT/pastebins.html
- - https://i.imgur.com/FdtLoFI.jpg
- - https://github.com/nccgroup/demiguise
- - https://www.rootusers.com/how-to-install-iis-in-windows-server-2016/
- - http://security.debian.org/debian-
- - https://github.com/christophetd/censys-subdomain-finder
- - msg.name
- - https://github.com/lgandx/Responder.git
- - https://github.com/frohoff/ysoserial
- - SkullSecurity.org
- - https://www.offensive-security.com/metasploit-unleashed/fun-incognito/
- - https://nakedsecurity.sophos.com/2012/02/20/jail-facebook-ethical-hacker/
- - https://github.com/cheetz/thpDropper.git
- - http://thehackerplaybook.com/get.php?type=XXE-vm
- - https://msdn.microsoft.com/en-us/library/windows/desktop/dd375731(v=vs.85).aspx
- - http://thehackerplaybook.com/get.php?type=csk-web
- - https://enigma0x3.net/2017/01/23/lateral-movement-via-
- - https://room362.com/post/2017/dump-laps-passwords-with-
- - http://www.pentest-standard.org
- - http://cyberspacekittens.com
- - https://github.com/rapid7/metasploit-
- - https://opsecx.com/index.php/2017/02/08/exploiting-node-js-deserialization-
- - https://centralops.net/co/domaindossier.aspx
- - https://www.blackhillsinfosec.com/evade-application-whitelisting-
- - http://ubm.io/2GI5EAq
- - https://github.com/leebaird/discover
- - http://www.ubuntuboss.com/how-to-install-openvpn-access-server-on-ubuntu-
- - https://crackstation.net/files/crackstation.txt.gz
- - https://enigma0x3.net/2017/01/05/lateral-movement-using-the-mmc20-application-com-object/
- - https://www.youtube.com/watch?v=vxXLJSbx1SI
- - https://github.com/bluscreenofjeff/Malleable-C2-Randomizer
- - https://www.shellntel.com/blog/2016/9/13/luckystrike-a-database-backed-evil-macro-generator
- - https://github.com/cyberspacekittens/nsa-rules
- - https://en.wikipedia.org/wiki/String_interpolation
- - https://github.com/rapid7/metasploit-framework/blob/master/modules/post/windows/gather/local_admin_search_enum.rb
- - http://thehackerplaybook.com/get.php?type=csk-lab
- - https://msdn.microsoft.com/en-us/library/windows/desktop/ms741563(v=vs.85).aspx
- - https://github.com/rsmudge/Malleable-C2-Profiles
- - https://github.com/api0cradle/UltimateAppLockerByPassList
- - https://github.com/tanprathan/OWASP-Testing-Checklist
- - https://github.com/EmpireProject/Empire/blob/master/data/module_source/credentials/Invoke-Mimikatz.ps1
- - https://github.com/nahamsec/HostileSubBruteforcer
- - https://support.microsoft.com/en-us/help/324737/how-to-turn-on-automatic-
- - 2fmail.cyberspacekittens.com
- - https://github.com/epinna/tplmap
- - http://chat:3000/serverStatus?text=1
- - http://www.piotrbania.com/all/kon-
- - https://www.microsoft.com/en-us/download/details.aspx?id=41653
- - http://ubm.io/2ECTYSi
- - docs.google.com
- - https://github.com/danielmiessler/SecLists/blob/master/Fuzzing/XXE-
- - https://github.com/cheetz/ceylogger/blob/master/callback
- - https://support.microsoft.com/en-us/help/929650/how-to-use-spns-when-you-configure-web-applications-that-are-hosted-on
- - https://hackerone.com/reports/128088
- - https://github.com/cheetz/ceylogger/blob/master/version3/version_3.c#L197-L241
- - https://www.southord.com/
- - mailcyberspacekittens.com
- - http://releases.llvm.org/download.html
- - www.amazon.com
- - https://www.virustotal.com/#/file/e13d0e84fa8320e310537c7fdc4619170bfdb20214baaee13daad90a175c13c0/detection
- - https://github.com/hak5/bashbunny-payloads.git
- - https://censys.io/
- - https://github.com/0xsobky/HackVault/wiki/Unleashing-an-Ultimate-XSS-Polyglot
- - https://html5sec.org/
- - http://chat:3000/chatchannel/1
- - https://buer.haus/2017/03/09/airbnb-chaining-third-party-open-redirect-into-server-side-request-forgery-ssrf-via-liveperson-chat/
- - https://amzn.to/2ItaySR
- - https://github.com/Cn33liz/p0wnedShell
- - https://support.microsoft.com/en-us/help/324737/how-to-turn-on-automatic-logon-in-windows
- - https://github.com/s0lst1c3/eaphammer
- - https://bitrot.sh/post/30-11-2017-
- - company.com
- - https://www.virustotal.com/#/file/4f7e3e32f50171fa527cd1e53d33cc08ab85e7a945cf0c0fcc978ea62a44a62d/detection
- - https://blog.cobaltstrike.com/2016/09/28/cobalt-strike-rce-active-exploitation-reported/
- - https://www.synack.com/red-
- - https://bluescreenofjeff.com/2018-04-12-https-payload-and-c2-redirectors/
- - https://www.bleepingcomputer.com/news/security/52-percent-of-all-javascript-npm-
- - meetup.com
- - https://hashcat.net/wiki/doku.php
- - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5941
- - https://xsshunter.com
- - https://www.lockpickshop.com/GATE-BYPASS.html
- - https://github.com/cyberspacekittens/metasploit-framework/commit/cdef390344930b308d48907030ec2b87cdb07029
- - https://hashes.org/left.php
- - https://github.com/foospidy/payloads/tree/master/other/xss
- - https://github.com/gentilkiwi/mimikatz
- - https://medium.com/@vysec.private/alibaba-cdn-domain-fronting-1c0754fa0142
- - https://github.com/Pepitoh/VBad
- - https://gist.github.com/enigma0x3/8d0cabdb8d49084cdcf03ad89454798b
- - https://trick77.com/how-to-set-up-transparent-vpn-internet-gateway-tunnel-
- - mechanicus.com/codex/hashpass/hashpass.php
- - https://medium.com/@iraklis/running-hashcat-
- - https://github.com/porterhau5/BloodHound-Owned
- - https://medium.com/@tomac/a-15-openwrt-based-diy-pen-test-dropbox-
- - https://www.virustotal.com/#/file/8032c4fe2a59571daa83b6e2db09ff2eba66fd299633b173b6e372fe762255b7/detection
- - http://webserver/payload.hta
- - http://the.earth.li/~sgtatham/putty/latest/x86/putty.exe
- - https://github.com/digininja/pipal
- - https://www.digitalocean.com/products/compute
- - https://wald0.com/?p=112
- - https://github.com/sensepost/ruler
- - https://www.hak5.org/gear/packet-squirrel/docs
- - https://samy.pl/poisontap/
- - http://www.rapid7.com/db/modules/post/windows/manage/priv_migrate
- - https://nodejs.org/en/
- - https://github.com/cyberspacekittens/Hob0Rules
- - http://php.net/manual/en/wrappers.php.php
- - https://www.fireeye.com/blog/threat-research/2017/03/apt29_domain_frontin.html
- - http://contest-
- - https://github.com/EmpireProject/Empire/blob/master/data/module_source/situational_awareness/network/powerview.ps1
- - https://blog.websecurify.com/2014/08/hacking-nodejs-and-
- - Bit.ly
- - http://swupdate.openvpn.org/as/openvpn-as-
- - mail.cyberspacekittens.com
- - https://github.com/rapid7/metasploit-payloads/tree/master/c/meterpreter
- - www.owasp.org/index.php/Testing_for_NoSQL_injection
- - https://www.youtube.com/watch?v=dQw4w9WgXcQ
- - https://bneg.io/2017/07/26/empire-without-powershell-exe/
- - https://gist.github.com/jgamblin/7d64a284e5291a444e12c16daebc81e0
- - https://github.com/EmpireProject/Empire/blob/master/data/module_source/credentials/Invoke-Kerberoast.ps1
- - https://github.com/cheetz/ceylogger/blob/master/skeleton
- - http://chat:3000/hacked.txt
- - https://github.com/PowerShell/PowerShell/releases/download/v6.0.2/powershell_6.0.2-
- - https://github.com/trustedsec/ptf
- - https://github.com/OJ/gobuster
- - cnn.com
- - https://gist.github.com/staaldraad/01415b990939494879b4
- - https://github.com/pentestgeek/phishing-frenzy
- - lab.com/list-of-bug-bounty-programs.php
- - https://nmap.org/nsedoc/scripts/smb-security-mode.html
- - http://beefproject.com/
- - www.google.com
- - http://ubr.to/2hIO2tZ
- - cyberspacekittens.com
- - https://helpdeskgeek.com/how-to/windows-join-domain/
- - http://www.nvidia.com/object/tesla-servers.html
- - https://www.hackerone.com
- - https://aws.amazon.com/service-terms/
- - www.msdn.microsoft.com
- - https://raw.githubusercontent.com/cyberspacekittens/XSS/master/XSS2.png
- - https://github.com/rapid7/metasploit-framework/blob/master/modules/post/windows/gather/smart_hashdump.rb
- - socket.io
- - https://ip-ranges.amazonaws.com/ip-ranges.json
- - https://github.com/PowerShellMafia/PowerSploit/tree/master/Recon
- - https://msdn.microsoft.com/en-us/library/windows/desktop/ms644990(v=vs.85).aspx
- - https://stackoverflow.com/questions/3871729/transmitting-newline-character-n
- - https://github.com/cyberspacekittens/bloodhound
- - http://chat:3000/directmessage
- - https://github.com/GreatSCT/GreatSCT
- - https://github.com/DhavalKapil/icmptunnel
- - https://portswigger.net/burp
- - https://github.com/bbb31/slurp
- - https://pugjs.org/language/interpolation.html
- - https://expressjs.com/
- - https://room362.com/post/2016/snagging-creds-from-locked-machines/
- - https://www.forbes.com/sites/thomasbrewster/2015/12/17/facebook-
- - https://github.com/ustayready/CredSniper
- - CTFTime.org
- - http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu55_55.1-
- - https://github.com/cyberspacekittens/metasploit-payloads/tree/master/c/x64_defender_bypass
- - http://g-
- - https://hashcat.net/wiki/doku.php?id=example_hashes
- - https://github.com/Kevin-
- - http://thehackerplaybook.com/subscribe/
- - https://wappalyzer.com/
- - Hashes.org
- - https://github.com/cyberspacekittens/metasploit-framework
- - shell-storm.org
- - http://thehackerplaybook.com/get.php?type=THP-vm
- - http://chat:3000/accounts.txt
- - https://dirtycow.ninja/
- - https://artkond.com/2017/03/23/pivoting-guide/#vpn-over-ssh
- - https://github.com/rapid7/metasploitable3
- - https://blog.websecurify.com/2017/02/hacking-node-serialize.html
- - https://www.esecurityplanet.com/network-security/almost-a-third-of-all-u.s.-businesses-
- - https://github.com/porterhau5/BloodHound-
- - https://msdn.microsoft.com/en-us/library/windows/desktop/ms648774(v=vs.85).aspx
- - https://github.com/cheetz/ceylogger/blob/master/version3/version_3.c#L197-L241
- - https://pugjs.org/
- - https://openvpn.net/index.php/access-server/download-openvpn-
- - https://en.wikipedia.org/wiki/Sony_Pictures_hack
- - https://bohops.com/2018/03/10/leveraging-inf-sct-fetch-execute-
- - https://github.com/cyberspacekittens/metasploit-payloads
- - https://www.virustotal.com/#/file/4f7e3e32f50171fa527cd1e53d33cc08ab85e7a945cf0c0fcc978ea62a44a62d/detection
- - http://thehackerplaybook.com/get.php?type=THP-password
- - https://github.com/hak5/bashbunny-
- - https://github.com/Plazmaz/Sublist3r
- - 2010.korelogic.com/rules.html
- - https://github.com/GreatSCT/GreatSCT.git
- - https://github.com/EmpireProject/Empire/blob/master/data/module_source/trollsploit/Get-
- - http://threat.tevora.com/quick-tip-skip-cracking-responder-hashes-and-replay-
- - https://github.com/samratashok/nishang
- - https://github.com/putterpanda/mimikittenz
- - https://builtwith.com/
- - http://test.cyberspacekittens.com
- - https://github.com/harleyQu1nn/AggressorScripts
- - https://github.com/secretsquirrel/the-backdoor-factory
- - https://www.lockpickshop.com/SJ-50.html
- - http://psbdmp.ws/
- - https://thesprawl.org/projects/pack/
- - http://www.sixdub.net/?p=555
- - https://bashbunny.com/downloads
- - https://arno0x0x.wordpress.com/2017/11/20/windows-oneliners-to-download-
- - cyberspacekittens.s3.amazonaws.com
- - https://github.com/danielmiessler/SecLists/tree/master/Discovery/DNS
- - https://github.com/danielbohannon/Invoke-CradleCrafter
- - https://www.powershellempire.com/?page_id=273
- - https://labs.detectify.com/2017/07/13/a-deep-dive-into-aws-s3-access-
- - http://flaws.cloud/
- - https://support.microsoft.com/en-us/help/2871997/microsoft-security-advisory-update-to-improve-credentials-protection-a
- - http://www.agarri.fr/docs/AppSecEU15-
- - https://github.com/EmpireProject/Empire/blob/master/data/module_source/privesc/PowerUp.ps1
- - https://posts.specterops.io/introducing-the-adversary-resilience-methodology-part-two-279a1ed7863d
- - https://github.com/cheetz/jenkins-decrypt
- - https://github.com/cyberspacekittens/SecLists
- - https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents
- - http://chat:3000/nosql2
- - SMBExec.ps
- - https://github.com/luin/serialize
- - http://192.168.10.2-254
- - https://bugcrowd.com/programs
- - https://labs.detectify.com/2017/07/13/a-deep-dive-into-aws-s3-access-controls-taking-full-control-over-your-assets/
- - https://raw.githubusercontent.com/cheetz/dirtycow/master/THP-Lab
- - https://gist.github.com/rain-
- - https://www.virustotal.com/#/file/8032c4fe2a59571daa83b6e2db09ff2eba66fd299633b173b6e372fe762255b7/detection
- - https://github.com/securestate/king-phisher
- - https://github.com/redcanaryco/atomic-red-team/blob/master/Windows/README.md
- - https://amzn.to/2I6lSry
- - https://github.com/s0lst1c3/eaphammer#iv–indirect-wireless-
- - http://chat:3000/ti?user=*&comment=asdfasdf&link=
- - https://github.com/cheetz/generateJenkinsExploit
- - https://github.com/cheetz/generateJenkinsExploit
- - https://github.com/iagox86/dnscat2
- - lanturtle.com
- - https://medium.com/@clong/introducing-detection-lab-61db34bed6ae
- - https://github.com/BloodHoundAD/BloodHound
- - https://cloud.google.com/compute/docs/faq#ipranges
- - https://github.com/cyberspacekittens/Probable-Wordlists/tree/master/Dictionary-Style
- - meetup.com/lethal
- - https://github.com/bluscreenofjeff/AggressorScripts
- - http://chat:3000
- - http://webserver/payload.b64
- - https://github.com/iagox86/dnscat2.git
- - https://github.com/s0lst1c3/eaphammer#iii–stealing-ad-credentials-using-hostile-portal-
- - https://github.com/CoreSecurity/impacket.git
- - https://blog.cptjesus.com/posts/introtocypher
- - https://aws.amazon.com/s/dm/optimization/server-side-
- - loca1host.com
- - https://www.abatchy.com/2017/05/introduction-to-manual-
- - https://github.com/eladshamir/Internal-Monologue
- - http://10.100.100.9/malware.payload
- - https://github.com/brannondorsey/PassGAN
- - https://github.com/JordyZomer/autoSubTakeover
- - github.com
- - http://gnuwin32.sourceforge.net/packages/make.htm
- - https://github.com/jamesbarlow/icmptunnel
- - https://github.com/clong/DetectionLab
- - https://www.cybereason.com/blog/dcom-lateral-movement-techniques
- - Microsoft.NET
- - http://chat:3000/
- - http://www.adeptus-
- - https://www.cyberscoop.com/dji-bug-bounty-drone-technology-sean-melia-
- - https://sensepost.com/blog/2017/outlook-forms-and-shells/
- - https://github.com/cheetz/brutescrape
- - http://hashcat.net/wiki/doku.php?id=example_hashes
- - https://github.com/bhdresh/CVE-2017-0199
- - https://github.com/PowerShellEmpire/PowerTools/tree/master/PowerPick
- - https://github.com/cheetz/THP-ChatSupportSystem/blob/master/lab.txt
- - http://pages.ebay.com/securitycenter/Researchers.html
- - https://github.com/mzet-/linux-exploit-
- - http://contest-2010.korelogic.com/rules-hashcat.html
- - https://github.com/SpiderLabs/portia
- - https://github.com/decoder-it/psgetsystem
- - https://www.mdsec.co.uk/2018/03/payload-generation-using-sharpshooter/
- - https://downloads.pwnedpasswords.com/passwords/pwned-passwords-
- - testlab.s3.amazonaws.com
- - https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/NoSQL%20injection
- - https://weakpass.com/wordlist
- - https://github.com/RhinoSecurityLabs/Security-Research/blob/master/tools/ms-office/subdoc-injector/subdoc_injector.py
- - attacker.com
- - git-scm.com
- - http://code.gerade.org/hans/
- - https://www.youtube.com/watch?v=Aatp5gCskvk
- - https://krebsonsecurity.com/2018/04/panerabread-com-leaks-millions-of-customer-records/
- - http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-
- - meetup.com/LETHAL
- - https://www.wifipineapple.com/pages/nano
- - https://msdn.microsoft.com/en-us/library/windows/desktop/ms644974(v=vs.85).aspx
- - https://chrome.google.com/webstore/detail/retirejs/moibopkbhjceeedibkbkbchbjnkadmom
- - http://www.jsfuck.com/
- - https://github.com/IVMachiavelli/OSINT_Team_Links
- - https://github.com/cheetz/THP-
- - https://github.com/TheRook/subbrute
- - https://github.com/cyberspacekittens/dnscat2
- - https://github.com/curi0usJack/luckystrike
- - https://www.npmjs.com/package/qs
- - http://www.xss-payloads.com/payloads-list.html
- - https://github.com/peewpw/Invoke-
- - https://github.com/lgandx/Responder
- - https://www.cobaltstrike.com/aggressor-script/index.html
- - https://raw.githubusercontent.com/nidem/kerberoast/master/GetUserSPNs.ps1
- - Exploit.In
- - http://osintframework.com/
- - https://lightsail.aws.amazon.com
- - https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet
- - http://insecure.org/search.html?q=privilege%20escalation
- - https://www.hak5.org/episodes/hak5-1921-access-internal-networks-with-
- - https://github.com/derv82/wifite2
- - http://webserver/payload.sct
- - https://github.com/samratashok/nishang/blob/master/Gather/Get-
- - https://github.com/Varbaek/xsser
- - https://github.com/Narcolapser/python-o365#email
- - https://github.com/cheetz/ceylogger/tree/master/version1
- - https://github.com/cheetz/ceylogger/tree/master/version2
- - https://github.com/cheetz/ceylogger/tree/master/version3
- - https://pugjs.org/language/code.html
- - http://chat:3000/nosql
- - https://xsshunter.com/app
- - https://hackerone.com/reports/121461
- - https://github.com/leostat/rtfm
- - https://www.shodan.io
- - https://www.cobaltstrike.com/help-smb-beacon
- - https://www.cobaltstrike.com/help-smb-
- - https://www.usenix.org/conference/usenixsecurity16/technical-
- - https://github.com/mdsecactivebreach/CACTUSTORCH
- - https://github.com/guelfoweb/knock/blob/4.1/knockpy/wordlist/wordlist.txt
- - https://github.com/cyberspacekittens/ReflectiveDLLInjection/commit/33d1e515124966661a754b02a15c1469621637ae
- - https://pugjs.org/language/code.html#unescaped-buffered-code
- - https://github.com/kgretzky/evilginx
- - https://github.com/hak5/bashbunny-payloads/tree/master/payloads/library
- - https://rhinosecuritylabs.com/research/abusing-microsoft-word-features-phishing-
- - https://github.com/trustedsec/unicorn
- - https://hakshop.com/collections/usb-rubber-ducky
- - testlab.s3.amazon.com
- - https://www2.fireeye.com/rs/848-DID-
- - https://github.com/nettitude/PoshC2
- - https://github.com/Arno0x/EmbedInHTML
- - https://github.com/sekirkity/BrowserGather
- - https://haiderm.com/fully-undetectable-backdooring-pe-file/#Code_Caves
- - https://hawkinsecurity.com/2017/12/13/rce-via-spring-engine-ssti/
- - www.SecurePla.net
- - https://porterhau5.com/blog/extending-bloodhound-track-and-visualize-
- - Lightsail.aws.amazon.com
- - https://msdn.microsoft.com/en-us/library/windows/desktop/ms644985(v=vs.85).aspx
- - https://www.youtube.com/watch?v=b7qr0laM8kA
- - https://github.com/huntergregal/mimipenguin
- - https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1
- - ns1.loca1host.com
- - https://portswigger.net/bappstore/21df56baa03d499c8439018fe075d3d7
- - https://github.com/fireeye/SessionGopher
- - www.meetup.com/LETHAL
- - https://github.com/cyberspacekittens/metasploit-payloads/commit/227832554737f7c3ffd675571fede449ac714137
- - https://digi.ninja/files/bucket_finder_1.1.tar.bz2
- - https://blog.cobaltstrike.com/2014/01/14/cloud-based-redirectors-for-distributed-hacking/
- - https://blogs.technet.microsoft.com/canitpro/2017/02/22/step-by-
- - ns2.loca1host.com
- - https://pentestlab.blog/2017/05/11/applocker-bypass-regsvr32/
- PDF References:
- - https://www.owasp.org/images/1/19/OTGv4.pdf
Add Comment
Please, Sign In to add comment