Wednesday, November 9, 2016

Important links


HackerMedia

http://carnal0wnage.blogspot.com/
http://www.mcgrewsecurity.com/
http://www.gnucitizen.org/blog/
http://www.darknet.org.uk/
http://spylogic.net/
http://taosecurity.blogspot.com/
http://www.room362.com/
http://blog.sipvicious.org/
http://blog.portswigger.net/
http://pentestmonkey.net/blog/
http://jeremiahgrossman.blogspot.com/
http://i8jesus.com/
http://blog.c22.cc/
http://www.skullsecurity.org/blog/
http://blog.metasploit.com/
http://www.darkoperator.com/
http://blog.skeptikal.org/
http://preachsecurity.blogspot.com/
http://www.tssci-security.com/
http://www.gdssecurity.com/l/b/
http://websec.wordpress.com/
http://bernardodamele.blogspot.com/
http://laramies.blogspot.com/
http://www.spylogic.net/
http://blog.andlabs.org/
http://xs-sniper.com/blog/
http://www.commonexploits.com/
http://www.sensepost.com/blog/
http://wepma.blogspot.com/
http://exploit.co.il/
http://securityreliks.wordpress.com/
http://www.madirish.net/index.html
http://sirdarckcat.blogspot.com/
http://reusablesec.blogspot.com/
http://myne-us.blogspot.com/
http://www.notsosecure.com/
http://blog.spiderlabs.com/
http://www.corelan.be/
http://www.digininja.org/
http://www.pauldotcom.com/
http://www.attackvector.org/
http://deviating.net/
http://www.alphaonelabs.com/
http://www.smashingpasswords.com/
http://wirewatcher.wordpress.com/
http://gynvael.coldwind.pl/
http://www.nullthreat.net/
http://www.question-defense.com/
http://archangelamael.blogspot.com/
http://memset.wordpress.com/
http://sickness.tor.hu/
http://punter-infosec.com/
http://www.securityninja.co.uk/
http://securityandrisk.blogspot.com/
http://esploit.blogspot.com/
http://www.pentestit.com/

Magazines


    http://www.net-security.org/insecuremag.php
    http://hakin9.org/

Forum


    http://sla.ckers.org/forum/index.php
    http://www.ethicalhacker.net/
    http://www.backtrack-linux.org/forums/
    http://www.elitehackers.info/forums/
    http://www.hackthissite.org/forums/index.php
    http://securityoverride.com/forum/index.php
    http://www.iexploit.org/
    http://bright-shadows.net/
    http://www.governmentsecurity.org/forum/

Methodologies


    http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html
    http://www.pentest-standard.org/index.php/Main_Page
    http://projects.webappsec.org/w/page/13246978/Threat-Classification
    http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
    http://www.social-engineer.org/

OSINT
  
   Presentation :
  
    
    http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-part-1-social-networks/
    http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-%E2%80%93-part-2-blogs-message-boards-and-metadata/
    http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-part-3-monitoring/
    http://www.slideshare.net/Laramies/tactical-information-gathering
    http://www.sans.org/reading_room/whitepapers/privacy/document_metadata_the_silent_killer__32974
    http://infond.blogspot.com/2010/05/toturial-footprinting.html

Infrastructure


    http://uptime.netcraft.com/
    http://www.serversniff.net/
    http://www.domaintools.com/
    http://centralops.net/co/
    http://hackerfantastic.com/
    http://whois.webhosting.info/
    https://www.ssllabs.com/ssldb/analyze.html
    http://www.clez.net/
    http://www.my-ip-neighbors.com/
    http://www.shodanhq.com/
    http://www.exploit-db.com/google-dorks/
    http://www.hackersforcharity.org/ghdb/

Exploits and Advisories


    http://www.exploit-db.com/
    http://www.cvedetails.com/
    http://www.milw0rm.com/ (Down permanently)
    http://www.packetstormsecurity.org/
    http://www.securityforest.com/wiki/index.php/Main_Page
    http://www.securityfocus.com/bid
    http://nvd.nist.gov/
    http://osvdb.org/
    http://www.nullbyte.org.il/Index.html
    http://secdocs.lonerunners.net/
    http://www.phenoelit-us.org/whatSAP/index.html
    http://secunia.com/
    http://cve.mitre.org/

Cheatsheets and Syntax


    http://cirt.net/ports_dl.php?export=services
    http://www.cheat-sheets.org/
    http://blog.securitymonks.com/2009/08/15/whats-in-your-folder-security-cheat-sheets/

Agile Hacking


    http://www.gnucitizen.org/blog/agile-hacking-a-homegrown-telnet-based-portscanner/
    http://blog.commandlinekungfu.com/
    http://www.securityaegis.com/simple-yet-effective-directory-bruteforcing/
    http://isc.sans.edu/diary.html?storyid=2376
    http://isc.sans.edu/diary.html?storyid=1229
    http://ss64.com/nt/
    http://pauldotcom.com/2010/02/running-a-command-on-every-mac.html
    http://synjunkie.blogspot.com/2008/03/command-line-ninjitsu.html
    http://www.zonbi.org/2010/06/09/wmic-the-other-other-white-meat/
    http://rstcenter.com/forum/22324-hacking-without-tools-windows.rst
    http://www.coresecurity.com/files/attachments/Core_Define_and_Win_Cmd_Line.pdf
    http://www.scribd.com/Penetration-Testing-Ninjitsu2-Infrastructure-and-Netcat-without-Netcat/d/3064507
    http://www.pentesterscripting.com/
    http://www.sans.org/reading_room/whitepapers/hackers/windows-script-host-hack-windows_33583
    http://www.blackhat.com/presentations/bh-dc-10/Bannedit/BlackHat-DC-2010-Bannedit-Advanced-Command-Injection-Exploitation-1-wp.pdf

Tools


    http://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf
    http://www.secguru.com/files/cheatsheet/nessusNMAPcheatSheet.pdf
    http://sbdtools.googlecode.com/files/hping3_cheatsheet_v1.0-ENG.pdf
    http://sbdtools.googlecode.com/files/Nmap5%20cheatsheet%20eng%20v1.pdf
    http://www.sans.org/security-resources/sec560/misc_tools_sheet_v1.pdf
    http://rmccurdy.com/scripts/Metasploit%20meterpreter%20cheat%20sheet%20reference.html
    http://h.ackack.net/cheat-sheets/netcat

Distros


    http://www.backtrack-linux.org/
    http://www.matriux.com/
    http://samurai.inguardians.com/
    http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
    https://pentoo.ch/
    http://www.hackfromacave.com/articles_and_adventures/katana_v2_release.html
    http://www.piotrbania.com/all/kon-boot/
    http://www.linuxfromscratch.org/
    http://sumolinux.suntzudata.com/
    http://blog.0x0e.org/2009/11/20/pentesting-with-an-ubuntu-box/#comments
    http://www.backbox.org/

LABS:
 
       ISOs and VMs

    http://sourceforge.net/projects/websecuritydojo/
    http://code.google.com/p/owaspbwa/wiki/ProjectSummary
    http://heorot.net/livecds/
    http://informatica.uv.es/~carlos/docencia/netinvm/
    http://www.bonsai-sec.com/en/research/moth.php
    http://blog.metasploit.com/2010/05/introducing-metasploitable.html
    http://pynstrom.net/holynix.php
    http://gnacktrack.co.uk/download.php
    http://sourceforge.net/projects/lampsecurity/files/
    https://www.hacking-lab.com/news/newspage/livecd-v4.3-available.html
    http://sourceforge.net/projects/virtualhacking/files/
    http://www.badstore.net/
    http://www.irongeek.com/i.php?page=security/mutillidae-deliberately-vulnerable-php-

owasp-top-10
    http://www.dvwa.co.uk/
    http://sourceforge.net/projects/thebutterflytmp/

    Vulnerable Software


    http://www.oldapps.com/
    http://www.oldversion.com/
    http://www.exploit-db.com/webapps/
    http://code.google.com/p/wavsep/downloads/list
    http://www.owasp.org/index.php/Owasp_SiteGenerator
    http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx
    http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx
    http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx
    http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx

    Test Sites
   
   
    http://www.webscantest.com/
    http://crackme.cenzic.com/Kelev/view/home.php
    http://zero.webappsecurity.com/banklogin.asp?

serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com
    http://testaspnet.vulnweb.com/
    http://testasp.vulnweb.com/
    http://testphp.vulnweb.com/
    http://demo.testfire.net/
    http://hackme.ntobjectives.com/
Passwords and Hashes


    http://www.irongeek.com/i.php?page=videos/password-exploitation-class
    http://cirt.net/passwords
    http://sinbadsecurity.blogspot.com/2008/10/ms-sql-server-password-recovery.html
    http://www.foofus.net/~jmk/medusa/medusa-smbnt.html
    http://www.foofus.net/?page_id=63
    http://hashcrack.blogspot.com/
    http://www.nirsoft.net/articles/saved_password_location.html
    http://www.onlinehashcrack.com/
    http://www.md5this.com/list.php?
    http://www.virus.org/default-password
    http://www.phenoelit-us.org/dpl/dpl.html
    http://news.electricalchemy.net/2009/10/cracking-passwords-in-cloud.html

Wordlist

* http://contest.korelogic.com/wordlists.html
* http://packetstormsecurity.org/Crackers/wordlists/
* http://www.skullsecurity.org/wiki/index.php/Passwords
* http://www.ericheitzman.com/passwd/passwords/
http://blog.cobaltstrike.com/category/links/

https://picoctf.com/learn
Tools:

    OSINT:

    * http://www.edge-security.com/theHarvester.php
    * http://www.mavetju.org/unix/dnstracer-man.php
    * http://www.paterva.com/web5/

        Metadata:

          * http://www.sans.org/reading_room/whitepapers/privacy/document-metadata-silent-

killer_32974
          * http://lcamtuf.coredump.cx/strikeout/
          * http://www.sno.phy.queensu.ca/~phil/exiftool/
          * http://www.edge-security.com/metagoofil.php
          * http://www.darkoperator.com/blog/2009/4/24/metadata-enumeration-with-foca.html

    Google Hacking:

    * http://www.stachliu.com/index.php/resources/tools/google-hacking-diggity-project/
    * http://midnightresearch.com/projects/search-engine-assessment-tool/#downloads
    * http://sqid.rubyforge.org/#next
    * http://voidnetwork.org/5ynL0rd/darkc0de/python_script/dorkScan.html

Web:

* http://www.bindshell.net/tools/beef
* http://blindelephant.sourceforge.net/
* http://xsser.sourceforge.net/
* http://sourceforge.net/projects/rips-scanner/
* http://www.divineinvasion.net/authforce/
* http://andlabs.org/tools.html#sotf
* http://www.taddong.com/docs/Browser_Exploitation_for_Fun&Profit_Taddong-

RaulSiles_Nov2010_v1.1.pdf
* http://carnal0wnage.blogspot.com/2007/07/using-sqid-sql-injection-digger-to-look.html
* http://code.google.com/p/pinata-csrf-tool/
* http://xsser.sourceforge.net/#intro
* http://www.contextis.co.uk/resources/tools/clickjacking-tool/
* http://packetstormsecurity.org/files/view/69896/unicode-fun.txt
* http://sourceforge.net/projects/ws-attacker/files/
* https://github.com/koto/squid-imposter

Attack Strings:

  * http://code.google.com/p/fuzzdb/
  * http://www.owasp.org/index.php/Category:OWASP_Fuzzing_Code_Database#tab=Statements

Shells:

  * http://sourceforge.net/projects/yokoso/
  * http://sourceforge.net/projects/ajaxshell/

Scanners:

  * http://w3af.sourceforge.net/
  * http://code.google.com/p/skipfish/
  * http://sqlmap.sourceforge.net/
  * http://sqid.rubyforge.org/#next
  * http://packetstormsecurity.org/UNIX/scanners/XSSscan.py.txt
  * http://code.google.com/p/fimap/wiki/WindowsAttack
  * http://code.google.com/p/fm-fsf/

     Proxies:

        Burp:

            * http://www.sans.org/reading_room/whitepapers/testing/fuzzing-approach-

credentials-discovery-burp-intruder_33214
            * http://www.gdssecurity.com/l/b/2010/08/10/constricting-the-web-the-gds-burp-

api/
            * http://sourceforge.net/projects/belch/files/
            * http://www.securityninja.co.uk/application-security/burp-suite-tutorial-

repeater-and-comparer-tools
            * http://blog.ombrepixel.com/
            * http://andlabs.org/tools.html#dser
            * http://feoh.tistory.com/22
          * http://www.sensepost.com/labs/tools/pentest/reduh
          * http://www.owasp.org/index.php/OWASP_WebScarab_NG_Project
          * http://intrepidusgroup.com/insight/mallory/
          * http://www.fiddler2.com/fiddler2/
          * http://websecuritytool.codeplex.com/documentation?referringTitle=Home
          * http://translate.google.com/translate?

hl=en&sl=es&u=http://xss.codeplex.com/releases/view/43170&prev=/search%3Fq

%3Dhttp://www.hackingeek.com/2010/08/x5s-encuentra-fallos-xss-lfi-rfi-en-tus.html%26hl

%3Den&rurl=translate.google.com&twu=1

Social Engineering:

* http://www.secmaniac.com/

Password:

* http://nmap.org/ncrack/
* http://www.foofus.net/~jmk/medusa/medusa.html
* http://www.openwall.com/john/
* http://ophcrack.sourceforge.net/
* http://blog.0x3f.net/tool/keimpx-in-action/
* http://code.google.com/p/keimpx/
* http://sourceforge.net/projects/hashkill/

Metasploit


    http://www.indepthdefense.com/2009/02/reverse-pivots-with-metasploit-how-not.html
    http://code.google.com/p/msf-hack/wiki/WmapNikto
    http://www.indepthdefense.com/2009/01/metasploit-visual-basic-payloads-in.html
    http://seclists.org/metasploit/
    http://pauldotcom.com/2010/03/nessus-scanning-through-a-meta.html
    http://meterpreter.illegalguy.hostzi.com/
    http://blog.metasploit.com/2010/03/automating-metasploit-console.html
    http://www.workrobot.com/sansfire2009/561.html
    http://www.securitytube.net/video/711
    http://en.wikibooks.org/wiki/Metasploit/MeterpreterClient#download
    http://vimeo.com/16852783
    http://milo2012.wordpress.com/2009/09/27/xlsinjector/
    http://www.fastandeasyhacking.com/
    http://trac.happypacket.net/
    http://www.blackhat.com/presentations/bh-dc-10/Ames_Colin/BlackHat-DC-2010-colin-david-neurosurgery-with-meterpreter-wp.pdf
    http://www.blackhat.com/presentations/bh-dc-10/Egypt/BlackHat-DC-2010-Egypt-UAV-slides.pdf

CTF

https://ctfs.github.io/resources/
http://canyouhack.it/
https://trailofbits.github.io/ctf/vulnerabilities/README.html

resouces

https://www.pelock.com/articles


NSE


    http://www.securitytube.net/video/931
    http://nmap.org/nsedoc/

Net Scanners and Scripts:


    http://nmap.org/
    http://asturio.gmxhome.de/software/sambascan2/i.html
    http://www.softperfect.com/products/networkscanner/
    http://www.openvas.org/
    http://tenable.com/products/nessus
    http://www.rapid7.com/vulnerability-scanner.jsp
    http://www.eeye.com/products/retina/community

Post Exploitation


    http://www.awarenetwork.org/home/rattle/source/python/exe2bat.py
    http://www.phx2600.org/archive/2008/08/29/metacab/
    http://www.room362.com/blog/2011/9/6/post-exploitation-command-lists.html

    Netcat:

    http://readlist.com/lists/insecure.org/nmap-dev/1/7779.html
    http://www.radarhack.com/tutorial/ads.pdf
    http://www.infosecwriters.com/text_resources/pdf/Netcat_for_the_Masses_DDebeer.pdf
    http://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf
    http://www.dest-unreach.org/socat/
    http://www.antionline.com/archive/index.php/t-230603.html
    http://technotales.wordpress.com/2009/06/14/netcat-tricks/
    http://seclists.org/nmap-dev/2009/q1/581
    http://www.terminally-incoherent.com/blog/2007/08/07/few-useful-netcat-tricks/
    http://www.inguardians.com/research/docs/Skoudis_pentestsecrets.pdf
    http://gse-compliance.blogspot.com/2008/07/netcat.html

   
    Firefox Addons:

    https://addons.mozilla.org/id/firefox/collections/byrned/pentesting/?page=8
    https://addons.mozilla.org/en-US/firefox/addon/osvdb/
    https://addons.mozilla.org/en-US/firefox/addon/packet-storm-search-plugin/
    https://addons.mozilla.org/en-US/firefox/addon/default-passwords-cirtne-58786/
    https://addons.mozilla.org/en-US/firefox/addon/offsec-exploit-db-search/
    https://addons.mozilla.org/en-US/firefox/addon/oval-repository-search-plugin/
    https://addons.mozilla.org/en-US/firefox/addon/cve-dictionary-search-plugin/
    https://addons.mozilla.org/en-US/firefox/addon/hackbar/

    Tool Listings:

    http://packetstormsecurity.org/files/tags/tool
    http://tools.securitytube.net/index.php?title=Main_Page

Programming:

        Python:

    http://code.google.com/edu/languages/google-python-class/index.html
    http://www.swaroopch.com/notes/Python_en:Table_of_Contents
    http://www.thenewboston.com/?cat=40&pOpen=tutorial
    http://showmedo.com/videotutorials/python
    http://www.catonmat.net/blog/learning-python-programming-language-through-video-

lectures/
https://learnpythonthehardway.org/book/ex0.html


    Ruby:

    http://www.tekniqal.com/

        Other Misc:

    http://www.cs.sjtu.edu.cn/~kzhu/cs490/
    https://noppa.tkk.fi/noppa/kurssi/t-110.6220/luennot/
    http://i-web.i.u-tokyo.ac.jp/edu/training/ss/lecture/new-documents/Lectures/
    http://resources.infosecinstitute.com/
    http://vimeo.com/user2720399

    Web Vectors
   
    SQLi
   
    tp://pentestmonkey.net/blog/mssql-sql-injection-cheat-sheet/
http://isc.sans.edu/diary.html?storyid=9397
http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/
http://www.evilsql.com/main/index.php
http://xd-blog.com.ar/descargas/manuales/bugs/full-mssql-injection-pwnage.html
http://securityoverride.com/articles.php?

article_id=1&article=The_Complete_Guide_to_SQL_Injections
http://websec.wordpress.com/2010/03/19/exploiting-hard-filtered-sql-injections/
http://sqlzoo.net/hack/
http://www.sqlteam.com/article/sql-server-versions
http://www.krazl.com/blog/?p=3
http://www.owasp.org/index.php/Testing_for_MS_Access
http://web.archive.org/web/20101112061524/http://seclists.org/pen-test/2003/May/0074.html
http://web.archive.org/web/20080822123152/http://www.webapptest.org/ms-access-sql-

injection-cheat-sheet-EN.html
http://www.youtube.com/watch?v=WkHkryIoLD0
http://layerone.info/archives/2009/Joe%20McCray%20-%20Advanced%20SQL%20Injection%20-

%20L1%202009.pdf
http://vimeo.com/3418947
http://sla.ckers.org/forum/read.php?24,33903
http://websec.files.wordpress.com/2010/11/sqli2.pdf
http://old.justinshattuck.com/2007/01/18/mysql-injection-cheat-sheet/
http://ha.ckers.org/sqlinjection/
http://lab.mediaservice.net/notes_more.php?id=MSSQL

Upload Tricks:


    http://www.google.com/#hl=en&q=bypassing+upload+file

+type&start=40&sa=N&fp=a2bb30ecf4f91972
    http://blog.skeptikal.org/2009/11/adobe-responds-sort-of.html
    http://blog.insicdesigns.com/2009/01/secure-file-upload-in-php-web-applications/
    http://perishablepress.com/press/2006/01/10/stupid-htaccess-tricks/
    http://ex.ploit.net/f20/tricks-tips-bypassing-image-uploaders-t3hmadhatt3r-38/
    http://www.ravenphpscripts.com/article2974.html
    http://www.acunetix.com/cross-site-scripting/scanner.htm
    http://www.vupen.com/english/advisories/2009/3634
    http://msdn.microsoft.com/en-us/library/aa478971.aspx
    http://dev.tangocms.org/issues/237
    http://seclists.org/fulldisclosure/2006/Jun/508
    http://www.gnucitizen.org/blog/cross-site-file-upload-attacks/
   

http://www.ipolicynetworks.com/technology/files/TikiWiki_jhot.php_Script_File_Upload_Securi

ty_Bypass_Vulnerability.html
    http://shsc.info/FileUploadSecurity

    LFI/RFI:
   
   
    http://pastie.org/840199
    http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/
    http://www.notsosecure.com/folder2/2010/08/20/lfi-code-exec-remote-root/?

utm_source=twitterfeed&utm_medium=twitter
    http://labs.neohapsis.com/2008/07/21/local-file-inclusion-%E2%80%93-tricks-of-the-

trade/
    http://www.digininja.org/blog/when_all_you_can_do_is_read.php

    XSS:

    http://www.infosecwriters.com/hhworld/hh8/csstut.htm
    http://www.technicalinfo.net/papers/CSS.html
    http://msmvps.com/blogs/alunj/archive/2010/07/07/1773441.aspx
    http://forum.intern0t.net/web-hacking-war-games/112-cross-site-scripting-attack-

defense-guide.html
    https://media.blackhat.com/bh-eu-10/presentations/Lindsay_Nava/BlackHat-EU-2010-

Lindsay-Nava-IE8-XSS-Filters-slides.pdf
    http://sirdarckcat.blogspot.com/2009/08/our-favorite-xss-filters-and-how-to.html
    http://www.securityaegis.com/filter-evasion-houdini-on-the-wire/
    http://heideri.ch/jso/#javascript
    http://www.reddit.com/r/xss/
    http://sla.ckers.org/forum/list.php?2

    Coldfusion:
   
        ttp://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/
    http://zastita.com/02114/Attacking_ColdFusion..html
    http://www.nosec.org/2010/0809/629.html
    http://h30507.www3.hp.com/t5/Following-the-White-Rabbit-A/Adobe-ColdFusion-s-

Directory-Traversal-Disaster/ba-p/81964
   

http://cfunited.com/2009/files/presentations/254_ShlomyGantz_August2009_HackProofingColdFus

ion.pdf

    Sharepoint:  

http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,6131.msg32678/#msg32678

    Lotus:

    http://blog.ombrepixel.com/post/2009/05/06/Lotus-Notes/Domino-Security
    http://seclists.org/pen-test/2002/Nov/43
    http://www.sectechno.com/2010/07/12/hacking-lotus-domino/?

    JBoss:

    http://www.nruns.com/_downloads/Whitepaper-Hacking-jBoss-using-a-Browser.pdf
    http://blog.mindedsecurity.com/2010/04/good-bye-critical-jboss-0day.html

VMWare Web:

    http://www.metasploit.com/modules/auxiliary/scanner/http/vmware_server_dir_trav

    Oracle App Servers:

    http://www.hideaway.net/2007/07/hacking-oracle-application-servers.html
    http://www.owasp.org/index.php/Testing_for_Oracle
    http://www.ngssoftware.com/services/software-products/internet-security/orascan.aspx
    http://www.ngssoftware.com/services/software-products/Database-

Security/NGSSQuirreLOracle.aspx
    http://www.ngssoftware.com/papers/hpoas.pdf

    SAP:

    http://www.onapsis.com/research.html#bizploit
    http://marc.info/?l=john-users&m=121444075820309&w=2
    http://www.phenoelit-us.org/whatSAP/index.html

    Wireless:

    http://code.google.com/p/pyrit/

    Capture the Flag/Wargames:

    http://intruded.net/
    http://smashthestack.org/
    http://flack.hkpco.kr/
    http://ctf.hcesperer.org/
    http://ictf.cs.ucsb.edu/
    http://capture.thefl.ag/calendar/



Thursday, November 3, 2016

Reverse Engineering for Noobs

This is for people who are interested in Reverse Engineering and are bit confused . I am just here to help you. You would find books online saying that you can become a great reverse engineer . So before guys  you jump on the band wagon and ha hoo!! please read the below properly.

  • Operating System Concepts
  • High Level & Low Level Programming (familiarity is fine, working knowledge not required at first)
  • Fundamentals of networking
  • How to use the internet to perform research


Beginner:
  • Introductory Intel x86: Architecture, Assembly, Applications, & Alliteration
  • Introduction to ARM
  • The Life of Binaries
  • Malware Dynamic Analysis
  • Introduction to Trusted Computing

Intermediate:
  • Intermediate Intel x86: Architecture, Assembly, Applications, & Alliteration
  • Introduction to Software Exploits
  • Exploits 2: Exploitation in the Windows Environment

Advanced:
  • Rootkits: What they are, and how to find them
  • Introduction to Reverse Engineering Software
  • Reverse Engineering Malware
  • Advanced x86: Virtualisation with Intel VT-x


So, thats about it .. Now you can search for them on google.

Here goes nothing....

Once you have done the above damage to your self (just kidding) try the following

Udemy


You should also know different reverse engineering tools.
1. Disassemblers – A disassembler is used to convert binary code into assembly code and also used to extract strings, imported and exported functions, libraries etc. The disassemblers convert the machine language into a user-friendly format. There are different dissemblers that specialize in certain things.
2. Debuggers – This tool expands the functionality of a disassembler by supporting the CPU registers, the hex duping of the program, view of stack etc. Using debuggers, the programmers can set breakpoints and edit the assembly code at run time. Debuggers analyse the binary in a similar way as the disassemblers and allow the reverser to step through the code by running one line at a time to investigate the results.
3. Hex Editors – These editors allow the binary to be viewed in the editor and change it as per the requirements of the software. There are different types of hex editors available that are used for different functions.
4. PE and Resource Viewer – The binary code is designed to run on a windows based machine and has a very specific data which tells how to set up and initialize a program. All the programs that run on windows should have a portable executable that supports the DLLs the program needs to borrow from.


Learn how to use the tools

  • Dissasembler – IDA Pro
  • Debugger – OllyDbg, WinDbg
  • System Monitor – Process Monitor, RegShot. Process Explorer
  • Network Monitor – TCP View, Wireshark
  • Packer Identifier – PEID
  • Unpacking Tools – Qunpack. GUNPacker
  • Binary Analysis Tools – PE Explorer, Malcode Analysts Pack
  • Code Analysis Tools  – LordPE, ImpRec

Online Sources:

Books:

Hope you guys read.....

 








Tuesday, October 18, 2016

Cerber 3 Ransomware


Cerber3 ransomware is a hazardous computer virus that is obviously part of Cerber family of malware. Just like old versions, this virus was made to encrypt various files on the computer leaving it inaccessible. Cerber3 uses complex encryption algorithm, which is very hard to decode.

So here goes nothing.. 

Note: I am not responsible if this does not work out for you. Certain cases you may have to format your systems ., Please not share your drives to any one . 

Note: there is not decrypting tool for cerber3 as of now

How to remove Cerber 3 Ransomware 

1. Download the free scanner called ESET Rogue Application Remover. Download Link for ERAR (this will open a new window)

2. Choose appropriate version for your Windows System. Save the file to a convenient location, preferably on Desktop.
3. After downloading the file, Windows will prompt that download has completed. Click Run to start the program. Another option is to browse the location folder and double click on the file ERARemover_.exe.



4. On ESET Rogue Application Remover SOFTWARE LICENSE TERMS, click Accept to continue.
5. The tool will start scanning the computer. It will prompt when it finds Cerber3 Ransomware and other malicious entities. Follow the prompt to proceed with the removal.

Stage 2: Double-check for Cerber3 Ransomware’s leftover with Microsoft’s Malicious Software Removal Tool

1. Download the free scanner called Malicious Software Removal Tool. Malicious Software Removal Tool Download Link (this will open a new window). follow the onscreen instructions

2. The tool automatically checks the operating system and suggest appropriate download version. Click on Download button to begin. Save the file to a convenient location, preferably on Desktop.
3. After downloading the file, Windows will prompt that download has completed. Click Run to start scanning for Cerber3 Ransomware. Another option is to browse the location folder and double click on the file to run.

4. The tool will display Welcome screen, click Next. Please note the message “This tool is not a replacement for an antivirus product.” You must understand that this program is made specifically to find and remove malware, viruses, Trojans, and other harmful elements on the computer. It was not designed to protect the computer.

 5. Next, you will see Scan Type. Please choose Full Scan to ensure that all Cerber3 Ransomware entities and other harmful files left on the computer will be found and removed. For advanced computer user, you can opt for Customized Scan, if there are other drives or folders you wanted to include in this scan.

6. Full scan may take a while, please wait for Malicious Software Removal Tool to complete the tasks. However, you may cancel the scan anytime by clicking on the Cancel button.

7. After scanning, the tool will reveal all identified threats. There may be other threats that our first scan fails to detect. Please remove/delete all detected items.
8. When removal procedure is complete, you may now close Malicious Software Removal Tool. We hope that Cerber3 Ransomware have been completely deleted from the computer. Please restart Windows to proceed with the normal operation.

[Recover .Cerber3 Files Using Decryption Tool - as stated earlier there is no way you can decrypt cerber 3 however you can try the following]


Option 1: Windows Previous Version Tool

Windows Vista and Windows 7 have a feature called Previous Versions. However, this tool is only usable if restore point was made prior to Cerber3 Ransomware infection. To use this tool and recover files affected by the virus, please follow these steps:
1. Open My Computer or Windows Explorer.
2. Right-click on the affected files or folders. From the drop-down list, please click on Restore previous versions.
3. New window will open display all backup copy of files and folders you wanted to recover. Choose the appropriate file and click on Open, Copy, or Restore. Restoring selected files overwrites the current encrypted files on the computer.

Option 2: Use ShadowExplorer to restore files encrypted by Cerber3 Ransomware

Just like Previous Version tool, ShadowExplorer is taking advantage of shadow copy created by Windows. This tool allows you to retrieve older version of files before it was encrypted by Cerber3 Ransomware.
1. Download ShadowExplorer from the official web site.
2. Install the program with the default settings.
3. The program should run automatically after installation. If not, double-click on ShadowExplorer icon.
4. You can see the drop-down list on top of the console. Please select proper drive and the most recent point-in-time shadow copies of files you wish to restore prior to Cerber3 Ransomware infection.

. Right-click on the Drive, Folder, or File you wish to restore and click Export…
6. Lastly, ShadowExplorer will prompt for location where you want to save the copy of recovered files.

points to remember : Cerber3 can destroy external drive. so please be cautious . this article has been taken from various sources and tested.



Tuesday, October 4, 2016

Wifi hacking / cracking

Here is a titbit of wifi hacking and cracking . This is meant of education purpose only . I have taken most of the documentation from couple of sites to make things simpler. I dont own this.

This is a step by step article.

Before you do all these things read about kali linux you can documentation here [click on the below link ]

Kali Linux

So i presume that you have downloaded kali linux on your sytem . If you dont have space on your system you can use an USB drive to boot it up. 

Lets get going... step by step.

Kali Linux and WEP Hacking

WEP is the original widely used encryption standard on routers. WEP is notoriously easy to hack. Even though WEP is rarely seen anymore it still does pop up every now and again.

Also this is a good place to start for someone new to wireless pen testing before moving on to WPA encryption.


Fire up your operating sytem [note it is kali linux i am talking about]

Open your terminal so it will look like this 




Next type in the command “airmon-ng” without the quotes to see if your adapter is seen by Kali Linux. It should show the interface, chipset, and driver. If it doesn’t then some troubleshooting will have to be done as to why the adapter is not seen.

 

Next type in “airmon-ng start wlan0” to set the USB adapter into monitor mode.

 

Now we need to see what routers are out there and find the test router. To do this run the command “airodump-ng mon0”. After this command is run a screen will come up showing the routers in range and there information.

(If a adapter comes up enabled on mon1 or mon2 simply used that instead of mon0) 

 
Once this information is seen don’t close the terminal window press CTRL+C inside the window to stop it from using the USB adapter and leave it to refer back to.

Open another terminal window to run the next command. Also when done this way the BSSID can be simply copied and pasted when needed.

Next the WEP encrypted data packets needs to be captured. To do this the airodump-ng command is used along with some switches and information collected.

For me this would be:
airodump-ng -w dlink -c 6 –bssid 00:26:5A:F2:57:2B mon0

airodump-ng is the command, -w is a switch saying to write a file called dlink to the drive, -c is a switch saying the target is on channel 6, –bssid is another switch saying which bssid to use, and finally mon0 is the command to use the USB adapter enabled on mon0.

Change the file name, channel, and bssid to match your test router. Copy the information from the first terminal window. Copy and pasting the BSSID into the new terminal window is much quicker then typing it for most.
airodump-ng -w (ESSID) -c (channel) –bssid (BSSID) mon0


 
 
After this is done correctly a window will come up and show information about the target router. The main feedback we need to watch is the Beacons and the Data.

 
These numbers will start at zero and grow as traffic is passed between the router and another device. As these numbers grow, they are being captured in the file specified in the previous command for this example it would be a file named “dink”. IV’s need to grow big to crack the password usually at least 20,000 plus, but ideally 100,000 plus. At this point someone can simply wait for the IV’s to grow large enough to crack the password, but there is a way to speed things up.

To speed up the IV’s open a third terminal window letting the second run capturing the data. In the new terminal window the aireplay-ng command will be used in a two part process first use the command “aireplay-ng -1 0 -a (BSSID) mon0”. So for this example it would be aireplay-ng -1 0 -a 00:26:5A:F2:57:2B mon0


 

After this run the command “airplay-ng -3 -b (BSSID) mon0” for this example it would be the following:
aireplay-ng -3 -b 00:26:5A:F2:57:2B mon0


 
This will begin sending out ARP request and the data and the beacons should begin to grow quickly. Again speeding up the capturing of the IV’s is not necessary but handy.

Aircrack-ng will be used on the data file being written to with the information. Aircrack-ng can be run at anytime even when there is not enough data captured it will say on the screen it needs more if there is not enough.

To use aircrack-ng we need the data file being written to the hard drive. In this example it is dlink. Open a new terminal window and type the command “ls” to see the file. The one aircrack-ng needs is the .CAP file here it is called “dlink-01.cap”.