Getting Started in Programming, IT, Hacking, and Networking Guide
Links and Resources to look at to teach you more about Programming , Hardware ,Hacking , and Networking
- https://github.com/themixedcoder/IT-Resources/blob/main/README.md#hacking Hacking section
- https://github.com/themixedcoder/IT-Resources/blob/main/README.md#programming programming section
- https://github.com/themixedcoder/IT-Resources/blob/main/README.md#linux linux section
- https://github.com/themixedcoder/IT-Resources/blob/main/README.md#networking networking section
- https://github.com/themixedcoder/IT-Resources/blob/main/README.md#certifications certification section
- https://github.com/themixedcoder/IT-Resources/blob/main/README.md#pdfs pdf section
- https://github.com/themixedcoder/IT-Resources/blob/main/README.md#tech-youtubers-and-videos Youtuber and video section
- https://github.com/themixedcoder/IT-Resources/blob/main/README.md#websites-where-you-can-practice-hacking-legally hacking training
- https://github.com/themixedcoder/IT-Resources/blob/main/README.md#capture-the-flagwargames ctf section
- https://github.com/themixedcoder/IT-Resources/blob/main/README.md#vulnerable-software vulnerable software
- https://github.com/themixedcoder/IT-Resources/blob/main/README.md#websites-to-help-you-learn-more-about-vulnerabilities vulnerability learning
- https://github.com/themixedcoder/IT-Resources/blob/main/README.md#operating-systems-isos-vms-virtualization Operating systems/Virtualization
- https://github.com/themixedcoder/IT-Resources/blob/main/README.md#blogs Blogs
- https://github.com/themixedcoder/IT-Resources/blob/main/README.md#methodologies Methodologies
- https://github.com/themixedcoder/IT-Resources/blob/main/README.md#osint-open-source-intelligence--the-practice-of-collecting-information-from-published-or-otherwise-publicly-available-sources OSINT Resources
-
https://www.cybrary.it/video/introduction-8/ free and paid
-
https://www.guru99.com/ site with tutorials on programming machine learning cyber security and much more
-
https://cybercademy.org/resources/ site that links to various cybersecurity resources
-
Helpful sites to learn programming
-
https://www.edx.org/ various courses from universities offered for free
-
https://www.freecodecamp.org/ free site to learn web development and python
-
https://www.udemy.com/ Career training site- some free courses but mostly paid. There are price drops very often so it might be worth it.
-
https://www.khanacademy.org/ Math English and Computer programming courses offered in a fun gamified way -free
-
https://ocw.mit.edu/courses/intro-programming/ free Intro to Programming course released to the public by MIT
-
http://code.google.com/edu/languages/google-python-class/index.html
-
http://www.catonmat.net/blog/learning-python-programming-language-through-video-lectures/
-
https://cs50.harvard.edu/college/2020/fall/ well known free course for introduction to programming
-
https://www.khanacademy.org/ Highly recommended resource with lots of free courses in programning Computer science math english etc
-
https://www.coursera.org/ Career development courses paid and free
-
https://www.w3schools.com/ web development
-
https://github.com/ code sharing site .
- https://www.py4e.com/ or https://www.youtube.com/watch?v=8DvywoWv6fI&t=20s Python for everybody course by Dr.Chuck
- https://www.youtube.com/watch?v=b093aqAZiPU Kevin stratvert python course
- https://practicepython.org programming website using a browser ide . No need for your own compiler or ide.
- https://www.linuxtrainingacademy.com/linux-commands-cheat-sheet/ cheatsheet which shows the commands to many everyday useful command line tools
- https://tryhackme.com/ website for beginners and advanced users to teach about linux plus much more
- https://linuxjourney.com/ website which takes you through a hands on step by step process about how to use linux
- https://computefreely.org/
- https://linuxnewbieguide.org/overview-of-chapters/
- https://www.makeuseof.com/tag/linux-beginners-guide/ just a basic guide about linux
- https://null-byte.wonderhowto.com/how-to/linux-basics/ a series of free linux basic tutorials you dont have to sign up for. Nullbytes website is full of in depth tutorials and explanations of many things in the IT and cybersecurity industries . A must have bookmark.
- https://www.ubuntupit.com/best-linux-commands-to-run-in-the-terminal/ List of 50 very Useful Linux Commands
- https://www.youtube.com/watch?v=U1w4T03B30I linux for ethical hackers
- https://www.youtube.com/watch?v=ROjZy1WbCIA&t=3867s freecodecamp beginner crash course in linux
- https://www.youtube.com/watch?v=WMy3OzvBWc0 Linux Server Course - System Configuration and Operation
- https://www.youtube.com/playlist?list=PLG49S3nxzAnksQpejrRxNZoRSo0pcKXkG Professor Messer's Networking/network + training course -highly recommend
- https://www.youtube.com/watch?v=qiQR5rTSshw&t=7212s Networking course by Freecodecamp and Network + prep
- https://www.youtube.com/playlist?list=PLIhvC56v63IJVXv0GJcl9vO5Z6znCVb1P Network Chuck Networking Course/CCNA training course
- CompTia A+ https://www.comptia.org/certifications/a general hardware cert that has the most job offerings $226 USD
https://www.youtube.com/watch?v=87t6P5ZHTP0&list=PLG49S3nxzAnnOmvg5UGVenB_qQgsh01uC professor messer A+ course - Apple Certified Macintosh Technician apple only $150
- CompTia Network + https://www.comptia.org/certifications/network
- https://www.youtube.com/watch?v=As6g6IXcVa4&list=PLG49S3nxzAnlCJiCrOYuRYb6cne864a7G Professor Messer -free
https://www.udemy.com/course/comptia-network-n10-008/ udemy course - paid - Cisco CCNA
- CompTia Linux +
- CompTia Security +
- CEH
- CISSP
- CompTia Pentest + tends to be a multiple choice tests focusing on methodology around $300-400 to take
- PNPT https://certifications.tcm-sec.com/pnpt/ hands on exam from thecybermentor around $300 to take around 30-100 for training depending if you find deals . Look on linkedin at heath adams channel for deals . Note it isnt well recognized yet by hr but does teach you alot about active directory external penetration testing and privilege escalation Students will have five (5) full days to complete the assessment and an additional two (2) days to write a professional report.
- EJPT 200 practical exam
- OSCP 1000 for the test and an additional 100-1500 dollars depending on the lab time you buy and other course packages you buy . this is considered one of the harder tests to take due to the time restraint of 24 hours to break into 5 machines and 24 hours for reporting. it is alot more recognized by the industry. it covers alot of ground including but not limited to external and internal web penetration testing, deep understanding of linux and windows privilege escalation, various attack techniques and the use of various tools and scripts. note oscp is harder than other exams due to tool restraints . you cant use nessus or metasploit or any automated vulnerability scanners. Think of it as a pentest where most of your work is done manually . it makes sure you can do things in a manual way. There will be no autopwning from metasploit. Look into tj nulls list for oscp like boxes and also check out https://falconspy.medium.com/unofficial-oscp-approved-tools-b2b4e889e707 for a list of allowed and banned tools.
- https://www.hackerhighschool.org/lessons.html#info1-1o
- https://github.com/Hack-with-Github/Free-Security-eBooks
- https://github.com/EbookFoundation/free-programming-books/blob/main/casts/free-podcasts-screencasts-en.md
Pirating will not be supported especially when so many books out there are available for free in a legal way . - https://github.com/getify/You-Dont-Know-JS/blob/1st-ed/README.md Javascript course
- https://academy.hoppersroppers.org/
- https://academy.hackthebox.eu/
- https://portswigger.net/
- https://bittentechsolutions.in/techhacker-quiz/
- https://www.cyberaces.org/courses.html
- https://www.springboard.com/resources/learning-paths/cybersecurity-foundations/
- https://www.cybrary.it/course/introduction-to-it-and-cybersecurity/
- https://www.futurelearn.com/courses/introduction-to-cyber-security
- http://pentest.cryptocity.net/
- http://www.irongeek.com/i.php?page=videos/network-sniffers-class
- http://samsclass.info/124/124_Sum09.shtml
- http://www.cs.ucsb.edu/~vigna/courses/cs279/
- http://crypto.stanford.edu/cs142/
- http://crypto.stanford.edu/cs155/
- http://cseweb.ucsd.edu/classes/wi09/cse227/
- http://www-inst.eecs.berkeley.edu/~cs161/sp11/
- http://security.ucla.edu/pages/Security_Talks
- http://www.cs.rpi.edu/academics/courses/spring10/csci4971/
- http://cr.yp.to/2004-494.html
- http://www.ece.cmu.edu/~dbrumley/courses/18732-f09/
- https://noppa.tkk.fi/noppa/kurssi/t-110.6220/luennot
- http://stuff.mit.edu/iap/2009/#websecurity
- https://training.linuxfoundation.org/resources/?_sft_content_type=free-course
- https://www.edx.org/course/introduction-to-linux
Youtubers
- Hak5 https://www.youtube.com/channel/UC3s0BtrBJpwNDaflRSoiieQ
- The cyber mentor https://www.youtube.com/channel/UC0ArlFuFYMpEewyRBzdLHiw hardware tutorials , tech reviewer
- Jackktutorials https://www.youtube.com/channel/UC64x_rKHxY113KMWmprLBPA hacking tutorials ctfs ,linux
- Webpwnized https://www.youtube.com/channel/UCPeJcqbi8v46Adk59plaaXg hacking tutorials ctfs ,linux
- Sstec https://www.youtube.com/c/SSTecTutorials/playlists hacking tutorials ctfs and projects
- Hackhappy https://www.youtube.com/channel/UCVakgfsqxUDo2uTmv9MV_cA hacking tutorials and ctfs ,linux
- Derek rook https://www.youtube.com/c/DerekRook/videos ctfs (capture the flags)
- John hammond https://www.youtube.com/channel/UCVeW9qkBjo3zosnqUbG7CFw programming, hacking tutorials ,ctfs ,linux
- Nullbyte https://www.youtube.com/channel/UCgTNupxATBfWmfehv21ym-g hacking tutorials
- Computerphile https://www.youtube.com/user/Computerphile/videos
programming, programming concepts ,tech concepts, networking, programming and hacking ,linux - Hackersploit https://www.youtube.com/channel/UC0ZTPkdxlAKf-V33tqXwi3Q
lots of hacking tutorials , linux , malware analysis - Barnacules nerdgasm https://www.youtube.com/channel/UC1MwJy1R0nGQkXxRD9p-zTQ tech reviewer hardware tutorials
- Thenewboston https://www.youtube.com/user/thenewboston
programming tutorials (web development -front end and back end, python , ruby - Linus tech tips https://www.youtube.com/user/LinusTechTips hardware tutorials , tech reviewer , pc building
- Elithecomputerguy https://www.youtube.com/c/Elithecomputerguypage/playlists hardware tutorials , network tutorials , hardware reviewer, hacking tutorials , linux tutorials , website development
- Derek banas https://www.youtube.com/c/derekbanas/playlists tutorials on almost every kind of programming you can imagine
Switched to linux https://www.youtube.com/channel/UCoryWpk4QVYKFCJul9KBdyw linux tutorials and stuff linux related
- Thelinuxgamer https://www.youtube.com/user/TheLinuxgamer linux gaming, linux tutorials , photo editing , music editing, programming , some hacking tutorials
- Liveoverflow https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w lots of hacking tutorials , ctfs , hackthebox, web programming
- The Net Ninja https://www.youtube.com/c/TheNetNinja/playlists
Front end web development tutorials (html,css, javascript, json)
Back end web development (firebase, json server, react ,redux , mongodb) - https://www.youtube.com/c/TraversyMedia/playlists
- https://www.youtube.com/channel/UCSJbGtTlrDami-tDGPUV9-w
- https://www.youtube.com/c/Freecodecamp Extensive web dev Videos
- SecurityTube Security and hacking tutorials
- Network Chuck Networking tutorials
- [Nahamsec] (https://www.youtube.com/c/Nahamsec/featured) bug bounties ctfs and career advice
- Other platforms
- Stok https://www.stokfredrik.com/ bug bountry tutorial
- https://tryhackme.com/ highly recommend for any beginners . they have many good free tutorials . They have detailed walkthrough for many rooms which is handy fro the beginner and even for intermediate and expert students.
- https://www.hackthissite.org/
- https://www.hackthebox.eu/
- Similar to tryhackme in the sense it has alot of boxes . It doesnt hold your hand as much as tryhackme so their boxes can be a bit more chalenging.
- They do have a beginner resources which are the starting point and the academy.
- Hackthebox may have more advanced content however less boxes are available for free and their boxes can be somewhat challenging.
- Note if one is studying for OSCP alot of their boxes are helpful practice for the exam. See TJ null's list to see which boxes you should do. https://docs.google.com/spreadsheets/d/1dwSMIAPIam0PuRBkCiDI88pU3yzrqqHkDtBngUHNCw8/htmlview
- https://juice-shop.herokuapp.com/#/
- https://www.vulnhub.com/ Virtual machines available for download to practice hacking free
- https://www.cyberseclabs.co.uk/
- http://www.webscantest.com/
- http://crackme.cenzic.com/Kelev/view/home.php
- http://zero.webappsecurity.com/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com
- http://testaspnet.vulnweb.com/
- http://testasp.vulnweb.com/
- http://testphp.vulnweb.com/
- http://demo.testfire.net/
- http://hackme.ntobjectives.com/
- https://overthewire.org/wargames/
- http://intruded.net/
- http://smashthestack.org/
- http://flack.hkpco.kr/
- http://ctf.hcesperer.org/
- http://ictf.cs.ucsb.edu/
- https://tryhackme.com/ see above
- https://ctftime.org/
- http://capture.thefl.ag/calendar/
-
https://www.vulnhub.com/ see above
-
http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx
-
http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx
-
http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx
-
http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx
-
https://www.exploit-db.com/google-hacking-database google dorking
-
[Kali linux] https://www.kali.org most commonly used for ethical hacking. made for beginners
Best for all levels has the most tutorials and support and largest community -
Parrot Security OS Similar to kali . easy to use but not as much support as kali
-
BlackArch Linux very customizable version of linux , very steep learning curve but still very powerful
-
For more info on individual Operating Systems see https://distrowatch.com/
ISOS
-
[windows 10 iso image for virtual machines] https://www.microsoft.com/en-us/software-download/windows10
-
[windows 8 iso image ] https://www.microsoft.com/en-us/software-download/windows8ISO
-
[windows 7 iso image] https://www.microsoft.com/en-us/software-download/windows7 Virtual machine software and virtualization
-
[VirtualBox ] https://www.virtualbox.org/ windows mac and linux
-
[Vmware] https://www.vmware.com/ Vmware workstation windows mac and linux
-
[Wine ]https://www.winehq.org/ emulator for running windows applications on Linux, macOS, & BSD (not a virtual machine)
Instead of simulating internal Windows logic like a virtual machine or emulator, Wine translates Windows API calls into POSIX calls on-the-fly,
eliminating the performance and memory penalties of other methods and allowing you to cleanly integrate Windows applications into your desktop.
- http://en.wikipedia.org/wiki/IPv4_subnetting_reference
- http://www.nixtutor.com/linux/all-the-best-linux-cheat-sheets/
- http://shelldorado.com/shelltips/beginner.html
- http://www.linuxsurvival.com/
- http://mywiki.wooledge.org/BashPitfalls
- http://rubular.com/
- http://www.iana.org/assignments/port-numbers
- http://www.robvanderwoude.com/ntadmincommands.php
- http://www.nixtutor.com/linux/all-the-best-linux-cheat-sheets/
- McGrew Security
- GNUCITIZEN
- Darknet - The Darkside - rss
- spylogic - rss
- TaoSecurity - atom
- Room362
- SIPVicious - rss
- portswigger
- pentestmonkeyblog
- jeremiahgrossman
- i8jesus
- c22
- Skull Security - rss
- metasploit
- darkoperator
- skeptikal
- preachsecurity
- tssci-security
- gdssecurityl
- websec
- bernardodamele
- laramies
- andlabs
- xs-sniperblog
- commonexploits
- sensepostblog
- wepma
- Exploit KB - rss
- securityreliks
- Mad Irish - rss
- sirdarckcat
- reusablesec
- myne-us
- notsosecure
- spiderlabs
- corelan
- DigiNinja - rss
- pauldotcom
- attackvector
- deviating
- alphaonelabs
- smashingpasswords
- wirewatcher
- gynvael
- nullthreat
- question-defense
- archangelamael
- memset
- sickness
- punter-infosec
- securityninja
- securityandrisk
- pentestit
- Carnal 0wnage
- atom
- Dfir blog(https://dfir.blog/) Digital forensics, web browsers, visualizations, & open source tools
Created for forums that will help in both tool usage, syntax, attack techniques, and collection of scripts and tools.
- EH-Net Forums
- Hak5 Forums
- Kali Linux Forums
- Hack Forums
- Hackthissite Forums
- Security Override Forums
- Government Security
- Penetration Testing Framework
- The Penetration Testing Execution Standard
- The WASC Threat Classification
- OWASP Top Ten Project
- The Social Engineering Framework
OSINT (Open Source intelligence) -The practice of collecting information from published or otherwise publicly available sources
- http://www.spokeo.com/
- http://www.123people.com/
- http://www.xing.com/
- http://www.zoominfo.com/search
- http://pipl.com/
- http://www.zabasearch.com/
- http://www.searchbug.com/default.aspx
- http://theultimates.com/
- http://skipease.com/
- http://addictomatic.com/
- http://socialmention.com/
- http://entitycube.research.microsoft.com/
- http://www.yasni.com/
- http://tweepz.com/
- http://tweepsearch.com/
- http://www.glassdoor.com/index.htm
- http://www.jigsaw.com/
- http://searchwww.sec.gov/EDGARFSClient/jsp/EDGAR_MainAccess.jsp
- http://www.tineye.com/
- http://www.peekyou.com/
- http://picfog.com/
- http://twapperkeeper.com/index.php
- https://searchdns.netcraft.com/
- https://securityheaders.com/
- http://uptime.netcraft.com/
- http://www.serversniff.net/
- http://www.domaintools.com/
- http://centralops.net/co/
- http://hackerfantastic.com/
- http://whois.webhosting.info/
- https://www.ssllabs.com/ssldb/analyze.html
- http://www.clez.net/
- http://www.my-ip-neighbors.com/
- https://www.shodan.io/
- http://www.exploit-db.com/google-dorks/
- http://www.hackersforcharity.org/ghdb/
- http://cirt.net/ports_dl.php?export=services
- http://www.cheat-sheets.org/
- http://blog.securitymonks.com/2009/08/15/whats-in-your-folder-security-cheat-sheets/
- http://www.gnucitizen.org/blog/agile-hacking-a-homegrown-telnet-based-portscanner/
- http://blog.commandlinekungfu.com/
- http://www.securityaegis.com/simple-yet-effective-directory-bruteforcing/
- http://isc.sans.edu/diary.html?storyid=2376
- http://isc.sans.edu/diary.html?storyid=1229
- http://ss64.com/nt/
- http://pauldotcom.com/2010/02/running-a-command-on-every-mac.html
- http://synjunkie.blogspot.com/2008/03/command-line-ninjitsu.html
- http://www.zonbi.org/2010/06/09/wmic-the-other-other-white-meat/
- http://rstcenter.com/forum/22324-hacking-without-tools-windows.rst
- http://www.coresecurity.com/files/attachments/Core_Define_and_Win_Cmd_Line.pdf
- http://www.scribd.com/Penetration-Testing-Ninjitsu2-Infrastructure-and-Netcat-without-Netcat/d/3064507
- http://www.pentesterscripting.com/
- http://www.sans.org/reading_room/whitepapers/hackers/windows-script-host-hack-windows_33583
- http://www.blackhat.com/presentations/bh-dc-10/Bannedit/BlackHat-DC-2010-Bannedit-Advanced-Command-Injection-Exploitation-1-wp.pdf
- https://www.kali.org/tools/
- http://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf
- http://www.secguru.com/files/cheatsheet/nessusNMAPcheatSheet.pdf
- http://sbdtools.googlecode.com/files/hping3_cheatsheet_v1.0-ENG.pdf
- http://sbdtools.googlecode.com/files/Nmap5%20cheatsheet%20eng%20v1.pdf
- http://www.sans.org/security-resources/sec560/misc_tools_sheet_v1.pdf
- http://rmccurdy.com/scripts/Metasploit%20meterpreter%20cheat%20sheet%20reference.html
- http://h.ackack.net/cheat-sheets/netcat
- http://myne-us.blogspot.com/2010/08/from-0x90-to-0x4c454554-journey-into.html
- http://www.mgraziano.info/docs/stsi2010.pdf
- http://www.abysssec.com/blog/2010/05/past-present-future-of-windows-exploitation/
- http://www.ethicalhacker.net/content/view/122/2/
- http://code.google.com/p/it-sec-catalog/wiki/Exploitation
- http://x9090.blogspot.com/2010/03/tutorial-exploit-writting-tutorial-from.html
- http://ref.x86asm.net/index.html
- http://www.woodmann.com/TiGa/idaseries.html
- http://www.binary-auditing.com/
- http://visi.kenshoto.com/
- http://www.radare.org/y/
- http://www.offensivecomputing.net/
- http://www.irongeek.com/i.php?page=videos/password-exploitation-class
- http://cirt.net/passwords
- http://sinbadsecurity.blogspot.com/2008/10/ms-sql-server-password-recovery.html
- http://www.foofus.net/~jmk/medusa/medusa-smbnt.html
- http://www.foofus.net/?page_id=63
- http://hashcrack.blogspot.com/
- http://www.nirsoft.net/articles/saved_password_location.html
- http://www.md5this.com/list.php?
- http://www.virus.org/default-password
- http://www.phenoelit-us.org/dpl/dpl.html
- http://news.electricalchemy.net/2009/10/cracking-passwords-in-cloud.html
- https://crackstation.net/
- http://www.onlinehashcrack.com/
- https://www.base64encode.org/
- https://www.base64encode.net/
- [Seclists] (https://github.com/danielmiessler/SecLists) one of the most well known set of wordlists. Referenced in many ctfs
- Korelogic
- PacketStorm
- Skullsecurity
- Wordbook
- http://www.sans.org/reading_room/whitepapers/testing/pass-the-hash-attacks-tools-mitigation_33283
- http://www.sans.org/reading_room/whitepapers/testing/crack-pass-hash_33219
- http://carnal0wnage.blogspot.com/2008/03/using-pash-hash-toolkit.html
- http://www.giac.org/certified_professionals/practicals/gsec/0810.php
- http://www.linuxsecurity.com/docs/PDF/dsniff-n-mirror.pdf
- http://www.cs.uiuc.edu/class/sp08/cs498sh/slides/dsniff.pdf
- http://www.techvibes.com/blog/a-hackers-story-let-me-tell-you-just-how-easily-i-can-steal-your-personal-data
- http://www.mindcenter.net/uploads/ECCE101.pdf
- http://toorcon.org/pres12/3.pdf
- http://media.techtarget.com/searchUnifiedCommunications/downloads/Seven_Deadliest_UC_Attacks_Ch3.pdf
- http://packetstormsecurity.org/papers/wireless/cracking-air.pdf
- http://www.blackhat.com/presentations/bh-europe-03/bh-europe-03-valleri.pdf
- http://www.oact.inaf.it/ws-ssri/Costa.pdf
- http://www.defcon.org/images/defcon-17/dc-17-presentations/defcon-17-sam_bowne-hijacking_web_2.0.pdf
- http://mcafeeseminar.com/focus/downloads/Live_Hacking.pdf
- http://www.seanobriain.com/docs/PasstheParcel-MITMGuide.pdf
- http://www.more.net/sites/default/files/2010JohnStrandKeynote.pdf
- http://www.leetupload.com/database/Misc/Papers/Asta%20la%20Vista/18.Ettercap_Spoof.pdf
- http://bandwidthco.com/whitepapers/netforensics/arp/EtterCap%20ARP%20Spoofing%20&%20Beyond.pdf
- http://bandwidthco.com/whitepapers/netforensics/arp/Fun%20With%20EtterCap%20Filters.pdf
- http://www.iac.iastate.edu/iasg/libarchive/0910/The_Magic_of_Ettercap/The_Magic_of_Ettercap.pdf
- http://articles.manugarg.com/arp_spoofing.pdf
- http://academy.delmar.edu/Courses/ITSY2430/eBooks/Ettercap(ManInTheMiddleAttack-tool).pdf
- http://www.ucci.it/docs/ICTSecurity-2004-26.pdf
- http://web.mac.com/opticrealm/iWeb/asurobot/My%20Cyber%20Attack%20Papers/My%20Cyber%20Attack%20Papers_files/ettercap_Nov_6_2005-1.pdf
- http://blog.spiderlabs.com/2010/12/thicknet.html
- http://www.hackyeah.com/2010/10/ettercap-filters-with-metasploit-browser_autopwn/
- http://www.go4expert.com/forums/showthread.php?t=11842
- http://www.irongeek.com/i.php?page=security/ettercapfilter
- http://openmaniak.com/ettercap_filter.php
- http://www.irongeek.com/i.php?page=videos/dns-spoofing-with-ettercap-pharming
- http://www.irongeek.com/i.php?page=videos/ettercap-plugins-find-ip-gw-discover-isolate
- http://www.irongeek.com/i.php?page=videos/ettercapfiltervid1
- http://spareclockcycles.org/2010/06/10/sergio-proxy-released/
- http://www.edge-security.com/theHarvester.php
- http://www.mavetju.org/unix/dnstracer-man.php
- http://www.paterva.com/web5/
- http://www.sans.org/reading_room/whitepapers/privacy/document-metadata-silent-killer_32974
- http://lcamtuf.coredump.cx/strikeout/
- http://www.sno.phy.queensu.ca/~phil/exiftool/
- http://www.edge-security.com/metagoofil.php
- http://www.darkoperator.com/blog/2009/4/24/metadata-enumeration-with-foca.html
- http://www.stachliu.com/index.php/resources/tools/google-hacking-diggity-project/
- http://midnightresearch.com/projects/search-engine-assessment-tool/#downloads
- http://sqid.rubyforge.org/#next
- http://voidnetwork.org/5ynL0rd/darkc0de/python_script/dorkScan.html
- http://www.bindshell.net/tools/beef
- http://blindelephant.sourceforge.net/
- http://xsser.sourceforge.net/
- http://sourceforge.net/projects/rips-scanner/
- http://www.divineinvasion.net/authforce/
- http://andlabs.org/tools.html#sotf
- http://www.taddong.com/docs/Browser_Exploitation_for_Fun&Profit_Taddong-RaulSiles_Nov2010_v1.1.pdf
- http://carnal0wnage.blogspot.com/2007/07/using-sqid-sql-injection-digger-to-look.html
- http://code.google.com/p/pinata-csrf-tool/
- http://xsser.sourceforge.net/#intro
- http://www.contextis.co.uk/resources/tools/clickjacking-tool/
- http://packetstormsecurity.org/files/view/69896/unicode-fun.txt
- http://sourceforge.net/projects/ws-attacker/files/
- https://github.com/koto/squid-imposter
- http://code.google.com/p/fuzzdb/
- http://www.owasp.org/index.php/Category:OWASP_Fuzzing_Code_Database#tab=Statements
- http://w3af.sourceforge.net/
- http://code.google.com/p/skipfish/
- http://sqlmap.sourceforge.net/
- http://sqid.rubyforge.org/#next
- http://packetstormsecurity.org/UNIX/scanners/XSSscan.py.txt
- http://code.google.com/p/fimap/wiki/WindowsAttack
- http://code.google.com/p/fm-fsf/
- http://www.sans.org/reading_room/whitepapers/testing/fuzzing-approach-credentials-discovery-burp-intruder_33214
- http://www.gdssecurity.com/l/b/2010/08/10/constricting-the-web-the-gds-burp-api/
- http://sourceforge.net/projects/belch/files/
- http://www.securityninja.co.uk/application-security/burp-suite-tutorial-repeater-and-comparer-tools
- http://blog.ombrepixel.com/
- http://andlabs.org/tools.html#dser
- http://feoh.tistory.com/22
- http://www.sensepost.com/labs/tools/pentest/reduh
- http://www.owasp.org/index.php/OWASP_WebScarab_NG_Project
- http://intrepidusgroup.com/insight/mallory/
- http://www.fiddler2.com/fiddler2/
- http://websecuritytool.codeplex.com/documentation?referringTitle=Home
- http://translate.google.com/translate?hl=en&sl=es&u=http://xss.codeplex.com/releases/view/43170&prev=/search%3Fq%3Dhttp://www.hackingeek.com/2010/08/x5s-encuentra-fallos-xss-lfi-rfi-en-tus.html%26hl%3Den&rurl=translate.google.com&twu=1
- http://nmap.org/ncrack/
- http://www.foofus.net/~jmk/medusa/medusa.html
- http://www.openwall.com/john/
- http://ophcrack.sourceforge.net/
- http://blog.0x3f.net/tool/keimpx-in-action/
- http://code.google.com/p/keimpx/
- http://sourceforge.net/projects/hashkill/
- http://www.indepthdefense.com/2009/02/reverse-pivots-with-metasploit-how-not.html
- http://code.google.com/p/msf-hack/wiki/WmapNikto
- http://www.indepthdefense.com/2009/01/metasploit-visual-basic-payloads-in.html
- http://seclists.org/metasploit/
- http://pauldotcom.com/2010/03/nessus-scanning-through-a-meta.html
- http://meterpreter.illegalguy.hostzi.com/
- http://blog.metasploit.com/2010/03/automating-metasploit-console.html
- http://www.workrobot.com/sansfire2009/561.html
- http://www.securitytube.net/video/711
- http://en.wikibooks.org/wiki/Metasploit/MeterpreterClient#download
- http://vimeo.com/16852783
- http://milo2012.wordpress.com/2009/09/27/xlsinjector/
- http://www.fastandeasyhacking.com/
- http://trac.happypacket.net/
- http://www.blackhat.com/presentations/bh-dc-10/Ames_Colin/BlackHat-DC-2010-colin-david-neurosurgery-with-meterpreter-wp.pdf
- http://www.blackhat.com/presentations/bh-dc-10/Egypt/BlackHat-DC-2010-Egypt-UAV-slides.pdf
- http://nmap.org/
- http://asturio.gmxhome.de/software/sambascan2/i.html
- http://www.softperfect.com/products/networkscanner/
- http://www.openvas.org/
- http://tenable.com/products/nessus
- http://www.rapid7.com/vulnerability-scanner.jsp
- http://www.eeye.com/products/retina/community
- http://www.awarenetwork.org/home/rattle/source/python/exe2bat.py
- http://www.phx2600.org/archive/2008/08/29/metacab/
- http://www.room362.com/blog/2011/9/6/post-exploitation-command-lists.html
- https://addons.mozilla.org/id/firefox/collections/byrned/pentesting/?page=8
- https://addons.mozilla.org/en-US/firefox/addon/osvdb/
- https://addons.mozilla.org/en-US/firefox/addon/packet-storm-search-plugin/
- https://addons.mozilla.org/en-US/firefox/addon/default-passwords-cirtne-58786/
- https://addons.mozilla.org/en-US/firefox/addon/offsec-exploit-db-search/
- https://addons.mozilla.org/en-US/firefox/addon/oval-repository-search-plugin/
- https://addons.mozilla.org/en-US/firefox/addon/cve-dictionary-search-plugin/
- https://addons.mozilla.org/en-US/firefox/addon/hackbar/
- http://packetstormsecurity.org/files/tags/tool
- http://tools.securitytube.net/index.php?title=Main_Page
- http://www.offensive-security.com/metasploit-unleashed/Metasploit_Unleashed_Information_Security_Training
- http://www.irongeek.com/i.php?page=videos/metasploit-class
- http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,6158.0/
- http://vimeo.com/16925188
- http://www.ustream.tv/recorded/13396511
- http://www.ustream.tv/recorded/13397426
- http://www.ustream.tv/recorded/13398740
- http://www.cs.sjtu.edu.cn/~kzhu/cs490/
- https://noppa.tkk.fi/noppa/kurssi/t-110.6220/luennot/
- http://i-web.i.u-tokyo.ac.jp/edu/training/ss/lecture/new-documents/Lectures/
- http://resources.infosecinstitute.com/
- http://vimeo.com/user2720399
- http://pentestmonkey.net/blog/mssql-sql-injection-cheat-sheet/
- http://isc.sans.edu/diary.html?storyid=9397
- http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/
- http://www.evilsql.com/main/index.php
- http://xd-blog.com.ar/descargas/manuales/bugs/full-mssql-injection-pwnage.html
- http://securityoverride.com/articles.php?article_id=1&article=The_Complete_Guide_to_SQL_Injections
- http://websec.wordpress.com/2010/03/19/exploiting-hard-filtered-sql-injections/
- http://sqlzoo.net/hack/
- http://www.sqlteam.com/article/sql-server-versions
- http://www.krazl.com/blog/?p=3
- http://www.owasp.org/index.php/Testing_for_MS_Access
- http://web.archive.org/web/20101112061524/http://seclists.org/pen-test/2003/May/0074.html
- http://web.archive.org/web/20080822123152/http://www.webapptest.org/ms-access-sql-injection-cheat-sheet-EN.html
- http://www.youtube.com/watch?v=WkHkryIoLD0
- http://layerone.info/archives/2009/Joe%20McCray%20-%20Advanced%20SQL%20Injection%20-%20L1%202009.pdf
- http://vimeo.com/3418947
- http://sla.ckers.org/forum/read.php?24,33903
- http://websec.files.wordpress.com/2010/11/sqli2.pdf
- http://old.justinshattuck.com/2007/01/18/mysql-injection-cheat-sheet/
- http://ha.ckers.org/sqlinjection/
- http://lab.mediaservice.net/notes_more.php?id=MSSQL
- http://www.google.com/#hl=en&q=bypassing+upload+file+type&start=40&sa=N&fp=a2bb30ecf4f91972
- http://blog.skeptikal.org/2009/11/adobe-responds-sort-of.html
- http://blog.insicdesigns.com/2009/01/secure-file-upload-in-php-web-applications/
- http://perishablepress.com/press/2006/01/10/stupid-htaccess-tricks/
- http://ex.ploit.net/f20/tricks-tips-bypassing-image-uploaders-t3hmadhatt3r-38/
- http://www.ravenphpscripts.com/article2974.html
- http://www.acunetix.com/cross-site-scripting/scanner.htm
- http://www.vupen.com/english/advisories/2009/3634
- http://msdn.microsoft.com/en-us/library/aa478971.aspx
- http://dev.tangocms.org/issues/237
- http://seclists.org/fulldisclosure/2006/Jun/508
- http://www.gnucitizen.org/blog/cross-site-file-upload-attacks/
- http://www.ipolicynetworks.com/technology/files/TikiWiki_jhot.php_Script_File_Upload_Security_Bypass_Vulnerability.html
- http://shsc.info/FileUploadSecurity
- http://pastie.org/840199
- http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/
- http://www.notsosecure.com/folder2/2010/08/20/lfi-code-exec-remote-root/?utm_source=twitterfeed&utm_medium=twitter
- http://labs.neohapsis.com/2008/07/21/local-file-inclusion-%E2%80%93-tricks-of-the-trade/
- http://www.digininja.org/blog/when_all_you_can_do_is_read.php
- http://www.infosecwriters.com/hhworld/hh8/csstut.htm
- http://www.technicalinfo.net/papers/CSS.html
- http://msmvps.com/blogs/alunj/archive/2010/07/07/1773441.aspx
- http://forum.intern0t.net/web-hacking-war-games/112-cross-site-scripting-attack-defense-guide.html
- https://media.blackhat.com/bh-eu-10/presentations/Lindsay_Nava/BlackHat-EU-2010-Lindsay-Nava-IE8-XSS-Filters-slides.pdf
- http://sirdarckcat.blogspot.com/2009/08/our-favorite-xss-filters-and-how-to.html
- http://www.securityaegis.com/filter-evasion-houdini-on-the-wire/
- http://heideri.ch/jso/#javascript
- http://www.reddit.com/r/xss/
- http://sla.ckers.org/forum/list.php?2
- http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/
- http://zastita.com/02114/Attacking_ColdFusion..html
- http://www.nosec.org/2010/0809/629.html
- http://h30507.www3.hp.com/t5/Following-the-White-Rabbit-A/Adobe-ColdFusion-s-Directory-Traversal-Disaster/ba-p/81964
- http://cfunited.com/2009/files/presentations/254_ShlomyGantz_August2009_HackProofingColdFusion.pdf
- http://blog.ombrepixel.com/post/2009/05/06/Lotus-Notes/Domino-Security
- http://seclists.org/pen-test/2002/Nov/43
- http://www.sectechno.com/2010/07/12/hacking-lotus-domino/?
- http://www.nruns.com/_downloads/Whitepaper-Hacking-jBoss-using-a-Browser.pdf
- http://blog.mindedsecurity.com/2010/04/good-bye-critical-jboss-0day.html
- http://www.hideaway.net/2007/07/hacking-oracle-application-servers.html
- http://www.owasp.org/index.php/Testing_for_Oracle
- http://www.ngssoftware.com/services/software-products/internet-security/orascan.aspx
- http://www.ngssoftware.com/services/software-products/Database-Security/NGSSQuirreLOracle.aspx
- http://www.ngssoftware.com/papers/hpoas.pdf
- http://www.onapsis.com/research.html#bizploit
- http://marc.info/?l=john-users&m=121444075820309&w=2
- http://www.phenoelit-us.org/whatSAP/index.html
-
[Defcon] https://www.defcon.org/ one of the largest worldwide Hacking conferences in the world
-
[Blackhat] https://blackhat.com/ large worldwide conference all over the globe
-
[ RSA Conference ] https://www.rsaconference.com/ The RSA Conference is an annual event focused on helping improve cybersecurity awareness and cybersecurity culture in companies, and similarly expanding this knowledge in individuals across the globe.
- http://www.ikkisoft.com/stuff/SMH_XSS.txt
- http://securestate.blogspot.com/2010/08/xfs-101-cross-frame-scripting-explained.html?utm_source=twitterfeed&utm_medium=twitter
- http://whatthefuckismyinformationsecuritystrategy.com/
- http://video.google.com/videoplay?docid=4379894308228900017&q=owasp#
- http://video.google.com/videoplay?docid=4994651985041179755&ei=_1k4TKj-PI-cqAPioJnKDA&q=deepsec#
- http://www.sensepost.com/blog/4552.html
- http://blog.zenone.org/2009/03/pci-compliance-disable-sslv2-and-weak.html
- http://threatpost.com/en_us/blogs/hd-moore-metasploit-exploitation-and-art-pen-testing-040210
- http://carnal0wnage.attackresearch.com/node/410
- http://www.cs.ucsb.edu/~adoupe/static/black-box-scanners-dimva2010.pdf
- http://www.spy-hunter.com/Database_Pen_Testing_ISSA_March_25_V2.pdf
- http://perishablepress.com/press/2006/01/10/stupid-htaccess-tricks/
Things to add to sort out and add to project
Editor
https://notepad-plus-plus.org/ https://atom.io/ https://www.sublimetext.com/ https://www.jetbrains.com/ https://wingware.com/ https://www.anaconda.com/ https://visualstudio.microsoft.com/