Recent Trend

fastbook
Draft of the fastai book
Hierarchical-Localization
Visual localization made easy
TypeScript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
Penetration_Testing_POC
渗透测试有关的POC、EXP、脚本、提权、小工具等,欢迎补充、完善---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc p
God-Of-BigData
大数据面试题,大数据成神之路开启...Flink/Spark/Hadoop/Hbase/Hive...
OSCPRepo
A list of commands, scripts, resources, and more that I have gathered and attempted to consolidate for use as OSCP (and more) study material. Commands in 'Usefulcommands' Keepnote. Bookmarks and readi
drogon
Drogon: A C++14/17 based HTTP web application framework running on Linux/macOS/Unix/Windows
papercups
Open-source live customer chat
jupyter-book
Build interactive, publication-quality documents from Jupyter Notebooks
awesome-java
Collection of awesome Java project on Github(Github 上非常棒的 Java 开源项目集合).
espflix
A free video streaming service that runs on a ESP32
servo
The Servo Browser Engine
halfmoon
Front-end framework with a built-in dark mode, designed for rapidly building beautiful dashboards and product pages.
eventnative
EventNative is an open-source data collection framework
go-github
Go library for accessing the GitHub API
yam-protocol
A stablizing reserve currency protocol
mmdetection3d
OpenMMLab's next-generation platform for general 3D object detection.
sherlock
? Hunt down social media accounts by username across social networks
computervision-recipes
Best Practices, code samples, and documentation for Computer Vision.
clean-code-javascript
? Clean Code concepts adapted for JavaScript
laravel-admin
Build a full-featured administrative interface in ten minutes
OpenJailbreak
GeoSn0w's OpenJailbreak Project, an open-source iOS 11 to iOS 13 Jailbreak project & vault.
azure-quickstart-templates
Azure Quickstart Templates
nodejs.dev
A new Node.js resource built using Gatsby.js with React.js, TypeScript, Emotion, and Remark.
KOOM
KOOM is an OOM killer on mobile platform by Kwai.
bevy
A refreshingly simple data-driven game engine built in Rust
eat_pytorch_in_20_days
Pytorch?? is delicious, just eat it! ??
datasets
? 2,000,000+ Unsplash images made available for research and machine learning
malwoverview
Malwoverview is a first response tool to perform an initial and quick triage in a directory containing malware samples, specific malware sample, suspect URL and domains. Additionally, it allows to dow
streisand
Streisand sets up a new server running your choice of WireGuard, OpenConnect, OpenSSH, OpenVPN, Shadowsocks, sslh, Stunnel, or a Tor bridge. It also generates custom instructions for all of these serv
LeetCode
LeetCode刷题记录
IntelOwl
Intel Owl: analyze files, domains, IPs in multiple ways from a single API at scale
archive-program
The GitHub Archive Program & Arctic Code Vault
rancher
Complete container management platform
Noctilucent
Using TLS 1.3 to evade censors, bypass network defenses, and blend in with the noise
data-science
? Path to a free self-taught education in Data Science!
FigmaToCode
Generate responsive pages and apps on Tailwind, Flutter and SwiftUI.
twitter-clone

my-arsenal-of-aws-security-tools
List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
InvoiceNet
Deep neural network to extract intelligent information from invoice documents.
macOS_Big_Sur_icons_replacements
Replacement icons for popular apps in the style of macOS Big Sur
AnimeGANv2
[Open Source]. The improved version of AnimeGAN.
bluezone-app
Bluezone - Bảo vệ mình, bảo vệ cộng đồng
awesome-sysadmin
A curated list of amazingly awesome open source sysadmin resources inspired by Awesome PHP.
facebook-scripts-dom-manipulation
An open-source project includes many scripts with no Access Token needed for Facebook users by directly manipulating the DOM.
MCinaBox
MCinaBox - A Minecraft Java Edition Launcher on Android
ai-economist
Foundation is a flexible, modular, and composable framework to model socio-economic behaviors and dynamics with both agents and governments. This framework can be used in conjunction with reinforcemen
TikTok-Shares-Botter
Adds TikTok Shares for you.
prefect
The easiest way to automate your data
tuya-convert
A collection of scripts to flash Tuya IoT devices to alternative firmwares
crush
Crush is an attempt to make a command line shell that is also a powerful modern programming language.
pyre-check
Performant type-checking for python.
polkadot
Polkadot Node Implementation
incyber

mesh
Cloud native service mesh for the rest of us.
V2rayU
V2rayU,基于v2ray核心的mac版客户端,用于科学上网,使用swift编写,支持vmess,shadowsocks,socks5等服务协议,支持订阅, 支持二维码,剪贴板导入,手动配置,二维码分享等
TLS-poison

heroicons
A set of free MIT-licensed high-quality SVG icons for UI development.
react-native
A framework for building native apps with React.
gui.cs
Console-based user interface toolkit for .NET applications.
Atlas
Atlas: End-to-End 3D Scene Reconstruction from Posed Images
aws-sdk-go
AWS SDK for the Go programming language.
charts
Curated applications for Kubernetes
pybind11
Seamless operability between C++11 and Python
mediapipe
MediaPipe is the simplest way for researchers and developers to build world-class ML solutions and applications for mobile, edge, cloud and the web.
proffy-discovery
A proposta do projeto é uma aplicação que possa ligar quem deseja aprender, com quer ensinar. É possível encontrar alunos para o que você leciona, ou encontrar o professor para aquela matéria que você
mixer
Add-on for real-time collaboration in Blender.
iOS-DeviceSupport
This repository holds the device support files for the iOS, and I will update it regularly.
simdjson
Parsing gigabytes of JSON per second
amplify-js
A declarative JavaScript library for application development using cloud services.
lottie-ios
An iOS library to natively render After Effects vector animations
Faze4-Robotic-arm
All files for 6 axis robot arm with cycloidal gearboxes .
xiaobaiyang

Javascript
A repository for All algorithms implemented in Javascript (for educational purposes only)
blog-post-workflow
Show your latest blog posts from any sources or StackOverflow activity on your GitHub profile/project readme automatically using the RSS feed
reverse-interview
Questions to ask the company during your interview
expo
An open-source platform for making universal native apps with React. Expo runs on Android, iOS, and the web.
955.WLB
955 不加班的公司名单 - 工作 955,work–life balance (工作与生活的平衡)
A-to-Z-Resources-for-Students
✅ Curated list of resources for college students
TDengine
An open-source big data platform designed and optimized for the Internet of Things (IoT).
django-jazzmin
Jazzy theme for Django
full-stack-fastapi-postgresql
Full stack, modern web application generator. Using FastAPI, PostgreSQL as database, Docker, automatic HTTPS and more.
Reflection_Summary
算法理论基础知识应知应会
Best-websites-a-programmer-should-visit
? Some useful websites for programmers.
bpytop
Linux/OSX/FreeBSD resource monitor
TelemetrySourcerer
Enumerate and disable common sources of telemetry used by AV/EDR.
instagrabber
InstaGrabber, the open-source Instagram client for Android. Originally by @AwaisKing.
pe_tree

Powershell-Scripts
Helpful list of powershell scripts I have found/created
drawio
Source to app.diagrams.net
analytics
Simple and privacy-friendly alternative to Google Analytics
pycaret
An open source, low-code machine learning library in Python
Ciphey
Automated decryption tool
Data-Science-Interview-Resources
A repository listing out the potential sources which will help you in preparing for a Data Science/Machine Learning interview. New resources added frequently.
ps4-ipv6-uaf

UNSAM_2020c2_Python
Curso de programación en Python - 2do cuatrimestre 2020 - UNSAM
gpu.js
GPU Accelerated JavaScript
how-to-secure-anything
How to systematically secure anything: a repository about security engineering
paperview
A high performance X11 animated wallpaper setter
core
? JAVClub - 让你的大姐姐不再走丢
home-cloud
The "cloud" at home
haoel.github.io

InstaPy
? Instagram Bot - Tool for automated Instagram interactions
bat
A cat(1) clone with wings.
DeOldify
A Deep Learning based project for colorizing and restoring old images (and video!)
educative.io_courses
this is downloadings of all educative.io free student subscription courses as pdf from GitHub student pack
rustlings
? Small exercises to get you used to reading and writing Rust code!
trackerslist
Updated list of public BitTorrent trackers
Statistical-Learning-Method_Code
手写实现李航《统计学习方法》书中全部算法
mobile
React Native client application for COVID Shield on iOS and Android
binary_search
A collection of improved binary search algorithms.
mirai

TapTap
Port of the double tap on back of device feature from Android 11 to any armv8 Android device
complete-javascript-course
Starter files, final projects and FAQ for my Complete JavaScript course
icons
Official open source SVG icon library for Bootstrap.
oneflow
OneFlow is a performance-centered and open-source deep learning framework.
ml-engineer-roadmap
WIP: Roadmap to becoming a machine learning engineer in 2020
hvmi
Hypervisor Memory Introspection Core Library
fhe-toolkit-linux
IBM Fully Homomorphic Encryption Toolkit For Linux
teenyicons
Tiny minimal 1px icons designed to fit in the smallest places.
project-citadel
An open source project management tool with Kanban boards
covid-alert-app
Exposure notification client application / Application client de notification d'exposition
ChromeAppHeroes
?谷粒-Chrome插件英雄榜, 为优秀的Chrome插件写一本中文说明书, 让Chrome插件英雄们造福人类~ ChromePluginHeroes, Write a Chinese manual for the excellent Chrome plugin, let the Chrome plugin heroes benefit the human~ 公众号「0加1」同步更新
SSPanel-Uim
SSPanel V3 魔改再次修改版
UnusualVolumeDetector
Gets the last 5 months of volume history for every ticker, and alerts you when a stock's volume exceeds 10 standard deviations from the mean within the last 3 days
formik
Build forms in React, without the tears ?
learn-cantrill-io-labs
Standard and Advanced Demos for learn.cantrill.io courses
TransCoder
Public release of the TransCoder research project https://arxiv.org/pdf/2006.03511.pdf
bounty-targets-data
This repo contains hourly-updated data dumps of bug bounty platform scopes (like Hackerone/Bugcrowd/Intigriti/etc) that are eligible for reports
CtCI-6th-Edition
Cracking the Coding Interview 6th Ed. Solutions
windows95
?? Windows 95 in Electron. Runs on macOS, Linux, and Windows.
SkyArk
SkyArk helps to discover, assess and secure the most privileged entities in Azure and AWS
interviews
Everything you need to know to get the job.
Android-Analysis
Getting Genymotion & Burpsuite setup for Android Mobile App Analysis
detext
DeText: A Deep Neural Text Understanding Framework for Ranking and Classification Tasks
awesome-java
A curated list of awesome frameworks, libraries and software for the Java programming language.
workflow

tye
Tye is a tool that makes developing, testing, and deploying microservices and distributed applications easier. Project Tye includes a local orchestrator to make developing microservices easier and the
java-design-patterns
Design patterns implemented in Java
java8-tutorial
Modern Java - A Guide to Java 8
generator-jhipster
JHipster is a development platform to quickly generate, develop, & deploy modern web applications & microservice architectures.
stayaway-app
Official repository for the STAYAWAY COVID mobile application
api-guidelines
Microsoft REST API Guidelines
win10script
This is the Ultimate Windows 10 Script from a creation from multiple debloat scripts and gists from github.
tutorials
Just Announced - "Learn Spring Security OAuth":
Otto
Otto makes machine learning an intuitive, natural language experience.? Facebook AI Challenge winner
first-order-model
This repository contains the source code for the paper First Order Motion Model for Image Animation
laravel-best-practices
Laravel best practices
hiring-without-whiteboards
⭐️ Companies that don't have a broken hiring process
PyTorch_YOLOv4
PyTorch implementation of YOLOv4
macintosh.js
A virtual Apple Macintosh with System 8, running in Electron. I'm sorry.
QuickCut
Your most handy video processing software
Super-mario-bros-PPO-pytorch
Proximal Policy Optimization (PPO) algorithm for Super Mario Bros
arrow
Apache Arrow is a cross-language development platform for in-memory data. It specifies a standardized language-independent columnar memory format for flat and hierarchical data, organized for efficien
swift
The Swift Programming Language
flutter
Flutter makes it easy and fast to build beautiful apps for mobile and beyond.
pikvm
Open and cheap DIY IP-KVM based on Raspberry Pi
ILSpy
.NET Decompiler with support for PDB generation, ReadyToRun, Metadata (&more) - cross-platform!
aluraflix
⚛️ Projeto feito durante a Imersão React da Alura
starship
☄?️ The minimal, blazing-fast, and infinitely customizable prompt for any shell!
leonsans
Leon Sans is a geometric sans-serif typeface made with code in 2019 by Jongmin Kim.
MCVmComputers
Order computer parts from a satellite orbiting around your minecraft world and build actual working computers with them!
CleanArchitecture.WebApi
An implementation of Clean Architecture for ASP.NET Core 3.1 WebAPI. Built with loosely coupled architecture and clean-code practices in mind.
NutShell
RISC-V SoC designed by students in UCAS
bartosz-basics-of-haskell
Code and exercises from Bartosz Milewski's Basics of Haskell Tutorial
fullstack-starterkit
GraphQL first full-stack starter kit with Node, React. Powered by TypeScript
movement-tracking
UP - DOWN - LEFT - RIGHT movement tracking.
OSCP-Exam-Report-Template-Markdown
? OSCP Exam Report Template in Markdown
react-native-instagram-clone
A React Native app - Clone Instagram mobile app (In progress)
felicette
Satellite imagery for dummies.
neovim
Vim-fork focused on extensibility and usability
machine-learning-roadmap
A roadmap connecting many of the most important concepts in machine learning, how to learn them and what tools to use to perform them.
python-cheatsheet
Comprehensive Python Cheatsheet
awesome-cold-showers
For when people get too hyped up about things
cutter
Free and Open Source Reverse Engineering Platform powered by radare2
ORB_SLAM3
ORB-SLAM3: An Accurate Open-Source Library for Visual, Visual-Inertial and Multi-Map SLAM
RustScan
Faster Nmap Scanning with Rust
openpilot
openpilot is an open source driver assistance system. openpilot performs the functions of Automated Lane Centering and Adaptive Cruise Control for over 85 supported car makes and models.
retinaface
The remake of the https://github.com/biubug6/Pytorch_Retinaface
awesome-gpt3

GitHub520
?让你“爱”上 GitHub,解决访问时图裂、加载慢的问题。
LeetcodeTop
汇总各大互联网公司容易考察的高频leetcode题?
angular-tetris
Tetris game built with Angular 10 and Akita ?
umi-core
UMI Core Go Library
RustScan
Faster Nmap Scanning with Rust
rpi-power-monitor
Raspberry Pi Power Monitor
umi-core-py
UMI Core Python Library
gpt3-sandbox
The goal of this project is to enable users to create cool web demos using the newly released OpenAI GPT-3 API with just a few lines of Python.
easy_rust
Rust explained using easy English
rengine
reNgine is an automated reconnaissance framework meant for gathering information during penetration testing of web applications. reNgine has customizable scan engines, which can be used to scan the we
industry-machine-learning
A curated list of applied machine learning and data science notebooks and libraries across different industries (by @firmai)
umi-core-js
UMI Core JS Library
bloatbox
☑️? Get rid of bloatware and clean your Windows 10 Start menu
umi-core-php
UMI Core PHP Library
proposal-record-tuple
ECMAScript proposal for the Record and Tuple value types. | Stage 2: it will change!
jetbrains-agent-latest
jetbrains全家桶永久激活破解,不需要修改host。完美破解!共享给各个程序员兄弟使用。适用于2020版本。
applied-ml
Curated papers, articles & videos on data science & machine learning applied in production, with results.
lotus
Implementation of the Filecoin protocol, written in Go
cat
CAT 作为服务端项目基础组件,提供了 Java, C/C++, Node.js, Python, Go 等多语言客户端,已经在美团点评的基础架构中间件框架(MVC框架,RPC框架,数据库框架,缓存框架等,消息队列,配置系统等)深度集成,为美团点评各业务线提供系统丰富的性能指标、健康状况、实时告警等。
fawkes
Fawkes, privacy preserving tool against facial recognition systems. More info at http://sandlab.cs.uchicago.edu/fawkes
terminal
The new Windows Terminal and the original Windows console host, all in the same place!
kibana
Your window into the Elastic Stack
terraform
Terraform enables you to safely and predictably create, change, and improve infrastructure. It is an open source tool that codifies APIs into declarative configuration files that can be shared amongst
gotraining
Go Training Class Material :
JavaFamily
【Java面试+Java学习指南】 一份涵盖大部分Java程序员所需要掌握的核心知识。
storybook
? The UI component workshop. Develop, document, & test for React, Vue, Angular, Ember, Web Components, & more!
awesome-remote-job
A curated list of awesome remote jobs and resources. Inspired by https://github.com/vinta/awesome-python
vueuse
? Collection of Composition API utils for Vue 2 and 3
fe-interview
前端面试每日 3+1,以面试题来驱动学习,提倡每日学习与思考,每天进步一点!每天早上5点纯手工发布面试题(死磕自己,愉悦大家),3000+道前端面试题全面覆盖,HTML/CSS/JavaScript/Vue/React/Nodejs/TypeScript/ECMAScritpt/Webpack/Jquery/小程序/软技能……
stock
stock,股票系统。使用python进行开发。
awesome-ml-courses
Awesome free machine learning and AI courses with video lectures.
laravel-boilerplate
The Laravel Boilerplate Project - https://laravel-boilerplate.com
reactjs-interview-questions
List of top 500 ReactJS Interview Questions & Answers....Coding exercise questions are coming soon!!
lx-music-desktop
一个基于 electron 的音乐软件
number-verifier
Number Verifier is a SMS verification tool that makes it easy to get a disposable SMS number and bypass SMS number verifications on any site.
CyberProfDevelopmentCovidResources
An awesome list of FREE resources for training, conferences, speaking, labs, reading, etc that are free all the time or during COVID-19 that cybersecurity professionals with downtime can take advantag
opentelemetry-specification
Specifications for OpenTelemetry
front-end-interview-handbook
? No bullshit answers to the famous h5bp "Front-end Job Interview Questions"
hello-algorithm
?????? 本项目包括:1、我写的 30w 字图解算法题典 2、100 张编程类超清晰思维导图 3、100 篇大厂面经汇总 4、各语言编程电子书 100 本 5、小浩算法网站源代码 ( ?? 国人项目上榜不容易,右上角助力一波!干就对了,奥利给 !??)
awesome-production-machine-learning
A curated list of awesome open source libraries to deploy, monitor, version and scale your machine learning
bypass-paywalls-chrome
Bypass Paywalls web browser extension for Chrome and Firefox.
awesome-mlops
A curated list of references for MLOps
airlines-to-china-covid-19
疫情期间的回国航班汇总
gpt-3-experiments
Test prompts for OpenAI's GPT-3 API and the resulting AI-generated texts.
NativeAlphaForAndroid

elyra
Elyra extends JupyterLab Notebooks with an AI centric approach.
myvision
Computer vision based ML training data generation tool. ?
computer-science
? Path to a free self-taught education in Computer Science!
abp
Open Source Web Application Framework for ASP.NET Core
Best-Flutter-UI-Templates
completely free for everyone. Its build-in Flutter Dart.
docs-next
Vue 3 core documentation
sodium-fabric
A Minecraft mod designed to improve frame rates and reduce micro-stutter
puppeteer-recorder
Puppeteer recorder is a Chrome extension that records your browser interactions and generates a Puppeteer script.
flutter_twitter_clone
Fully functional Twitter clone built in flutter framework using Firebase realtime database and storage
ailab
Experience, Learn and Code the latest breakthrough innovations with Microsoft AI
forem
For empowering community ?
hedgehog-lab
An open source scientific computing environment for JavaScript TOTALLY in your browser, matrix operations with GPU acceleration, TeX support, data visualization and symbolic computation.
Deep-Learning-Papers-Reading-Roadmap
Deep Learning papers reading roadmap for anyone who are eager to learn this amazing tech!
QA_bible
Библия QA это 163 страницы смеси ответов на вопросы с реальных собеседований на manual QA, перевода интересного контента с зарубежных ресурсов и агрегации материала с отечественных.
CTF_Hacker-Tools
CTF-渗透测试~工具合集
kong
? The Cloud-Native API Gateway
Pokedex
?️ Android Pokedex using Dagger Hilt, Motion, Coroutines, Flow, Jetpack (Room, ViewModel, LiveData) based on MVVM architecture.
ps4jb
PS4 6.72 jailbreak
PowerShell
PowerShell for every system!
capa
The FLARE team's open-source tool to identify capabilities in executable files.
react-use
React Hooks — ?
NewPipe
A libre lightweight streaming front-end for Android.
terraform-cdk
Define infrastructure resources using programming constructs and provision them using HashiCorp Terraform
developer-roadmap
Roadmap to becoming a web developer in 2020
ds-cheatsheets
List of Data Science Cheatsheets to rule the world
AppAuth-Android
Android client SDK for communicating with OAuth 2.0 and OpenID Connect providers.
data-scientist-roadmap
Toturial coming with "data science roadmap" graphe.
QuantumKatas
Tutorials and programming exercises for learning Q# and quantum computing
pwncat
Fancy reverse and bind shell handler
jquery
jQuery JavaScript Library
incubator-brpc
Industrial-grade RPC framework used throughout Baidu, with 1,000,000+ instances and thousands kinds of services, called "baidu-rpc" inside Baidu.
Rocket
A web framework for Rust.
protobuf
Protocol Buffers - Google's data interchange format
PaddleOCR
Awesome OCR toolkits based on PaddlePaddle (8.6M ultra-lightweight pre-trained model, support training and deployment among server, mobile, embeded and IoT devices)
Microsoft-threat-protection-Hunting-Queries
Sample queries for Advanced hunting in Microsoft Threat Protection
RxSwift
Reactive Programming in Swift
funds
自选基金助手是一款Chrome扩展,用来快速获取关注基金的实时数据,查看自选基金的实时估值情况
sherloq
An open-source digital image forensic toolset
phaser
Phaser is a fun, free and fast 2D game framework for making HTML5 games for desktop and mobile web browsers, supporting Canvas and WebGL rendering.
awesome-github-profile-readme
A curated list of awesome Github Profile READMEs
Awesome-Hacking
A collection of various awesome lists for hackers, pentesters and security researchers
papers-we-love
Papers from the computer science community to read and discuss.
ZLMediaKit
A lightweight RTSP/RTMP/HTTP/HLS/HTTP-FLV/WebSocket-FLV/GB28181 server and client framework based on C++11
googleapis
Public interface definitions of Google APIs.
PSBits
Simple (relatively) things allowing you to dig a bit deeper than usual.
CodeGuide
? 本代码库是作者小傅哥多年从事一线互联网 Java 开发的学习历程技术汇总,旨在为大家提供一个清晰详细的学习教程,侧重点更倾向编写Java核心内容。如果本仓库能为您提供帮助,请给予支持(关注、点赞、分享)!
Javascript-Essentials

gradio
Rapidly create UIs for prototyping your machine learning model in 3 minutes
snapchat-clone
? A SnapChat clone built with React, Redux and Typescript. Styled with SASS. Tested with Cypress, Jest and Enzyme. Linted with Eslint and formatted with Prettier!
clean-architecture-manga
? Clean Architecture with .NET Core 3.1, C# 8 and React+Redux. Use cases as central organizing structure, completely testable, decoupled from frameworks
flink
Apache Flink
modular-monolith-with-ddd
Full Modular Monolith application with Domain-Driven Design approach.
pandas_exercises
Practice your pandas skills!
awesomefluttertips
❤️Flutter ❤️ tips and tricks ❤️ Awesome Flutter ❤️ tips and tricks ❤️
voila
Voilà turns Jupyter notebooks into standalone web applications
Flutter-Shopping-UI-Kit
I developed this application just for learning purpose. There are 20+ screen variations.
game_control

the-art-of-command-line
Master the command line, in one page
fastapi
FastAPI framework, high performance, easy to learn, fast to code, ready for production
paper_collection
Academic papers related to fuzzing, binary analysis and exploit dev, that I want to read or have already read
nndl.github.io
《神经网络与深度学习》 邱锡鹏著 Neural Network and Deep Learning
developer-handbook
An opinionated guide on how to become a professional Web/Mobile App Developer.
Tiny-XSS-Payloads
A collection of tiny XSS Payloads that can be used in different contexts.
100-Days-Of-ML-Code
100 Days of ML Coding
youtubeclone-backend
Youtube Clone Backend (Express + Sequelize)
node-react-ecommerce
Build ECommerce Website Like Amazon By React & Node & MongoDB
gin-vue-admin
基于gin+vue搭建的后台管理系统框架,集成jwt鉴权,权限管理,动态路由,分页封装,多点登录拦截,资源权限,上传下载,代码生成器,表单生成器等基础功能,五分钟一套CURD前后端代码包含数据库的快感你不要体验一下吗~,更多功能正在开发中,欢迎issue和pr~
ant-design-blazor
?A set of enterprise-class UI components based on Ant Design and Blazor WebAssembly.
spleeter
Deezer source separation library including pretrained models.
youtubeclone-frontend
Youtube Clone Frontend (React + Redux)
runtime
.NET is a cross-platform runtime for cloud, mobile, desktop, and IoT apps.
pulsar
Apache Pulsar - distributed pub-sub messaging system
AnotherRedisDesktopManager
???A faster, better and more stable redis desktop manager, compatible with Linux, windows, mac. What's more, it won't crash when loading a large number of keys.
realworld
"The mother of all demo apps" — Exemplary fullstack Medium.com clone powered by React, Angular, Node, Django, and many more ?
checklist
Beyond Accuracy: Behavioral Testing of NLP models with CheckList
Complex-YOLOv4-Pytorch
The PyTorch Implementation based on YOLOv4 of the paper: "Complex-YOLO: Real-time 3D Object Detection on Point Clouds"
yandex-ui
Yandex UI Kit build on React and bem-react
prometheus
The Prometheus monitoring system and time series database.
Awesome-Profile-README-templates
A collection of awesome readme templates to display on your profile
RedditOS
A SwiftUI Reddit client for macOS Big Sur
facebook-ios-sdk
Used to integrate the Facebook Platform with your iOS & tvOS apps.
presto
The official home of the Presto distributed SQL query engine for big data
og-aws
? Amazon Web Services — a practical guide
copilot-cli
The AWS Copilot CLI is a tool for developers to build, release and operate production ready containerized applications on Amazon ECS and AWS Fargate.
How-to-create-a-csgo-cheating-program
CSGO游戏透视自瞄辅助实现教程
moby
Moby Project - a collaborative project for the container ecosystem to assemble container-based systems
torchsde
Differentiable SDE solvers with GPU support and efficient sensitivity analysis.
tsunami-security-scanner-plugins
This project aims to provide a central repository for many useful Tsunami Security Scanner plugins.
metersphere
MeterSphere 是一站式的开源企业级持续测试平台,涵盖测试跟踪、接口测试、性能测试、团队协作等功能
flokk
A fresh and modern Google Contacts manager that integrates with GitHub and Twitter.
free-for-dev
A list of SaaS, PaaS and IaaS offerings that have free tiers of interest to devops and infradev
emscripten
Emscripten: An LLVM-to-Web Compiler
grpc-java
The Java gRPC implementation. HTTP/2 based RPC
Team-Ares
Repository for all TeamARES POC code and tools.
cheatsheets
Official Matplotlib cheat sheets
fast
The adaptive interface system
 for modern web experiences.
azure-sdk-for-python
This repository is for active development of the Azure SDK for Python. For consumers of the SDK we recommend visiting our public developer docs at https://docs.microsoft.com/en-us/python/azure/ or our
PowerJob
新一代分布式任务调度与计算框架,支持CRON、API、固定频率、固定延迟等调度策略,提供工作流来编排任务解决依赖关系,使用简单,功能强大,文档齐全,欢迎各位接入使用!
BottlEye
BottlEye is a usermode emulator for the popular anti-cheat BattlEye
cml
CML - Continuous Machine Learning or CI/CD for ML
tauri
Framework agnostic toolchain for building highly secure native apps that have tiny binaries and are very fast.
dlwpt-code
Code for the book Deep Learning with PyTorch by Eli Stevens, Luca Antiga, and Thomas Viehmann.
RevokeMsgPatcher
A hex editor for WeChat/QQ/TIM - PC版微信/QQ/TIM防撤回补丁(我已经看到了,撤回也没用了)
react-native-firebase
? A well-tested feature-rich modular Firebase implementation for React Native. Supports both iOS & Android platforms for all Firebase services.
dragonwell8
Alibaba Dragonwell8 JDK
RADWIMPS
君の then-then-then 世は Promise で Future
Tiktok
高仿抖音APP
TaBERT
This repository contains source code for the TaBERT model, a pre-trained language model for learning joint representations of natural language utterances and (semi-)structured tables for semantic pars
dask-tutorial
Dask tutorial
HelloGitHub
Find pearls on open-source seashore 分享 GitHub 上有趣、入门级的开源项目
covid-tracker-app
COVID Tracker App Repository
digital-gardeners
Resources, links, projects, and ideas for gardeners tending their digital notes on the public interwebs
hackingtool
ALL IN ONE Hacking Tool For Hackers
ounotes
An Application built for students to access Notes , Question Papers , Syllabus and Resources for all Subjects of O.U (Osmania University) ??‍?
docker-cheat-sheet
Docker Cheat Sheet
blog
gamedev blog
CVE-2020-5902
CVE-2020-5902 BIG-IP
course-content
Summer course content for Neuromatch Academy
texthero
Text preprocessing, representation and visualization from zero to hero.
DeepLearning-500-questions
深度学习500问,以问答形式对常用的概率知识、线性代数、机器学习、深度学习、计算机视觉等热点问题进行阐述,以帮助自己及有需要的读者。 全书分为18个章节,50余万字。由于水平有限,书中不妥之处恳请广大读者批评指正。 未完待续............ 如有意合作,联系[email protected] 版权所有,违权必究 Tan 2018.06
edex-ui
A cross-platform, customizable science fiction terminal emulator with advanced monitoring & touchscreen support.
BYTEPATH

discord.js
A powerful JavaScript library for interacting with the Discord API
awesome-machine-learning
A curated list of awesome Machine Learning frameworks, libraries and software.
sweetviz
Visualize and compare datasets, target values and associations, with one line of code.
E-commerce-App-UI-Flutter
Nice and clean Online Shop app UI by using #Flutter.
rich
Rich is a Python library for rich text and beautiful formatting in the terminal.
javascript-algorithms
? Algorithms and data structures implemented in JavaScript with explanations and links to further readings
gitqlite
Query git repositories with SQL. Uses SQLite virtual tables and go-git
NonEuclidean
A Non-Euclidean Rendering Engine for 3D scenes.
org-roam
Rudimentary Roam replica with Org-mode
guietta

learngo
1000+ Hand-Crafted Go Examples, Exercises, and Quizzes
system-design-primer
Learn how to design large-scale systems. Prep for the system design interview. Includes Anki flashcards.
pumpkin-book
《机器学习》(西瓜书)公式推导解析,在线阅读地址:https://datawhalechina.github.io/pumpkin-book
jexcel
jExcel is a lightweight vanilla javascript plugin to create amazing web-based interactive tables and spreadsheets compatible with Excel or any other spreadsheet software.
pure-bash-bible
? A collection of pure bash alternatives to external processes.
google-research
Google Research
Complete-Python-3-Bootcamp
Course Files for Complete Python 3 Bootcamp Course on Udemy
You-Dont-Know-JS
A book series on JavaScript. @YDKJS on twitter.
backstage
Backstage is an open platform for building developer portals
Warde
Simple and minimalistic server dashboard
warp
A super-easy, composable, web server framework for warp speeds.
midway
Midway is a Node.js Serverless Framework for front-end/full-stack developers. Build the application for next decade. Works on AWS, Aliyun, Tencent-Cloud and traditional VM/Container.
EasyOCR
Ready-to-use OCR with 40+ languages supported including Chinese, Japanese, Korean and Thai
awesome-discord-communities
A curated list of awesome Discord communities for programmers
electron
Build cross-platform desktop apps with JavaScript, HTML, and CSS
jsonbase
A database software completely built as JSON files in backend. A powerful, portable and simple database works on top of JSON files. It is like a database software, currently having basic CRUD operatio
Ward
Simple and minimalistic server dashboard
breaking-bad-cast
App to show cast info for breaking bad
EssentialMath

J.A.R.V.I.S
python powered Intelligent System
PracticalSessions2020
Repository for tutorial sessions at EEML2020
flutterfire
? A collection of Firebase plugins for Flutter apps.
fenix
Firefox Preview
go-admin
基于Gin + Vue + Element UI的前后端分离权限管理系统脚手架(包含了:基础用户管理功能,jwt鉴权,代码生成器,RBAC资源控制,表单构建等)文档:http://doc.zhangwj.com/go-admin-site/ Demo: http://www.zhangwj.com/#/login
vitepress
Vite & Vue powered static site generator
zulip
Zulip server - powerful open source team chat
pygooglenews
If Google News had a Python library
UnblockNeteaseMusic
Revive unavailable songs for Netease Cloud Music
yapi
YApi 是一个可本地部署的、打通前后端及QA的、可视化的接口管理平台
telegraf
The plugin-driven server agent for collecting & reporting metrics.
cassandra-workshop-series
All materials for the Cassandra Workshop Series in a single place
just-react
React技术揭秘
rocketredis
A beautiful Redis GUI ?
Summer2021-Internships
Collection of Summer 2021 tech internships!
cubit
Cubit is a lightweight state management solution. It is a subset of the bloc package that does not rely on events and instead uses methods to emit new states.
vite
Native-ESM powered web dev build tool. It's fast.
electron-typescript-react
An Electron boilerplate including TypeScript, React, Jest and ESLint.
responsively-app
A modified browser that helps in responsive web development.
uno
Build Mobile, Desktop and WebAssembly apps with C# and XAML. Today. Open source and professionally supported.
material-ui
React components for faster and easier web development. Build your own design system, or start with Material Design.
BotBuilder-Samples
Welcome to the Bot Framework samples repository. Here you will find task-focused samples in C#, JavaScript and TypeScript to help you get started with the Bot Framework SDK!
OpenPCDet
OpenPCDet Toolbox for LiDAR-based 3D Object Detection.
jira-clone-angular
A simplified Jira clone built with Angular 9 and Akita
snipsnap
The ultimate snippets collection for VS Code
hacker-scripts
Based on a true story
v
Simple, fast, safe, compiled language for developing maintainable software. Compiles itself in <1s with zero library dependencies. https://vlang.io
DataX

react-hook-form
? React Hooks for forms validation (Web + React Native)
nvm
Node Version Manager - POSIX-compliant bash script to manage multiple active node.js versions
datax-web
DataX集成可视化页面,选择数据源即可一键生成数据同步任务,支持批量创建RDBMS数据同步任务,集成开源调度系统,支持分布式、增量同步数据、实时查看运行日志、监控执行器资源、KILL运行进程、数据源信息加密等。
taro
开放式跨端跨框架解决方案,支持使用 React/Vue/Nerv 等框架来开发微信/京东/百度/支付宝/字节跳动/ QQ 小程序/H5 等应用。 https://taro.jd.com/
cadmus
A GUI frontend for @werman's Pulse Audio real-time noise suppression plugin
PENTESTING-BIBLE
Updates to this repository will continue to arrive until the number of links reaches 10000 links & 10000 pdf files .Learn Ethical Hacking and penetration testing .hundreds of ethical hacking & penetra
hexapod
Blazing fast hexapod robot simulator with React and Plotly.
WickedEngine
C++ game engine focusing on modern rendering techniques and performance.
Silice
Silice is an open source language that simplifies writing algorithms fully exploiting FPGA architectures.
python-training
Python training for business analysts and traders
White-box-Cartoonization
Official tensorflow implementation for CVPR2020 paper “Learning to Cartoonize Using White-box Cartoon Representations”
ultimate-go
Ultimate Go study guide
cascadia-code
This is a fun, new monospaced font that includes programming ligatures and is designed to enhance the modern look and feel of the Windows Terminal.
rolling-rhino
Rolling Rhino; convert Ubuntu into a rolling release as seen on YouTube
precourse
A repo for the pre-course work at home exercises
python3-in-one-pic
Learn python3 in one picture.
TensorflowTTS
? TensorflowTTS: Real-Time State-of-the-art Speech Synthesis for Tensorflow 2
deep-learning-drizzle
Drench yourself in Deep Learning, Reinforcement Learning, Machine Learning, Computer Vision, and NLP by learning from these exciting lectures!!
SciencePlots
Matplotlib styles for scientific plotting
Pulse
A pendant to warn you when you touch your face
my-flutter-challenges
A collection of all my Flutter Challenges
super-productivity
To-do list & time tracker for programmers & other digital workers with Jira, Github and Gitlab integration
chat
Instant messaging server; backend in Go; iOS, Android, web, command line clients; chatbots
spektral
Graph Neural Networks with Keras and Tensorflow 2.
snowpack
The near-instant build tool for modern web apps.
Deep-learning-books
Books for machine learning, deep learning, math, NLP, CV, RL, etc
awesome-courses
? List of awesome university courses for learning Computer Science!
shardingsphere-elasticjob-lite
Distributed scheduled job framework
advanced-java
? 互联网 Java 工程师进阶知识完全扫盲:涵盖高并发、分布式、高可用、微服务、海量数据处理等领域知识,后端同学必看,前端同学也可学习
FreeDVDBoot
PlayStation 2 DVD Player Exploit
secretive
Store SSH keys in the Secure Enclave
cnn-explainer
Learning Convolutional Neural Networks with Interactive Visualization.
canal
阿里巴巴 MySQL binlog 增量订阅&消费组件
opencv
Open Source Computer Vision Library
gin
Gin is a HTTP web framework written in Go (Golang). It features a Martini-like API with much better performance -- up to 40 times faster. If you need smashing performance, get yourself some Gin.
leetcode
LeetCode Solutions: A Record of My Problem Solving Journey.( leetcode题解,记录自己的leetcode解题之路。)
lemmy
? Building a federated alternative to reddit in rust
emigui
egui: Immediate mode GUI written in Rust, made for WASM
getx
Open screens/snackbars/dialogs/bottomSheets without context, manage states and inject dependencies easily with Get.
beego
beego is an open-source, high-performance web framework for the Go programming language.
vector
A lightweight and ultra-fast tool for building observability pipelines
Bug-Bounty-Toolz
BBT - Bug Bounty Tools
fullstack-course4
Example code for HTML, CSS, and Javascript for Web Developers Coursera Course
vnpy
基于Python的开源量化交易平台开发框架
honkit
? HonKit is building beautiful books using Markdown - Fork of GitBook
scrcpy
Display and control your Android device
formik
Build forms in React, without the tears ?
Mindustry
A sandbox tower defense game
arcore-depth-lab
ARCore Depth Lab is a set of Depth API samples that provides assets using depth for advanced geometry-aware features in AR interaction and rendering. (UIST 2020)
VTIL-Core
Virtual-machine Translation Intermediate Language
numerical-linear-algebra
Free online textbook of Jupyter notebooks for fast.ai Computational Linear Algebra course
Unlock-netease-cloud-music
解锁网易云音乐客户端变灰歌曲
FastSurfer
PyTorch implementation of FastSurferCNN
corona
Solar2D Game Engine main repository (ex Corona SDK)
OnJava8
《On Java 8》中文版,又名《Java编程思想》 第5版
Pwdb-Public
A collection of all the data i could extract from 1 billion leaked credentials from internet.
aviary.sh
Minimal distributed configuration management in bash
CalCAT
California COVID Assessment Tool
angular-cli
CLI tool for Angular
fgprof
? fgprof is a sampling Go profiler that allows you to analyze On-CPU as well as Off-CPU (e.g. I/O) time together.
terraform-provider-aws
Terraform AWS provider
elevator.js
Finally, a "back to top" button that behaves like a real elevator.
reverse-proxy
A toolkit for developing high-performance HTTP reverse proxy applications.
angular
One framework. Mobile & desktop.
data-science-ipython-notebooks
Data science Python notebooks: Deep learning (TensorFlow, Theano, Caffe, Keras), scikit-learn, Kaggle, big data (Spark, Hadoop MapReduce, HDFS), matplotlib, pandas, NumPy, SciPy, Python essentials, AW
linuxupskillchallenge
Learn the skills required to sysadmin a remote Linux server from the commandline.
PhotoGIMP
A Patch for GIMP 2.10+ for Photoshop Users
toydb
Distributed SQL database in Rust, written as a learning project
Active-Directory-Exploitation-Cheat-Sheet
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
fluentui-system-icons
Fluent System Icons is a set of mobile platform icons from Microsoft
php-src
The PHP Interpreter
awesome-selfhosted
A list of Free Software network services and web applications which can be hosted locally. Selfhosting is the process of hosting and managing applications instead of renting from Software-as-a-Service
rasa
? Open source machine learning framework to automate text- and voice-based conversations: NLU, dialogue management, connect to Slack, Facebook, and more - Create chatbots and voice assistants
jax
Composable transformations of Python+NumPy programs: differentiate, vectorize, JIT to GPU/TPU, and more
awesome-interview-questions
A curated awesome list of lists of interview questions. Feel free to contribute! ?
PowerToys
Windows system utilities to maximize productivity
bookshelf
Build a ReactJS App workshop
Privilege-Escalation
This cheasheet is aimed at the CTF Players and Beginners to help them understand the fundamentals of Privilege Escalation with examples.
Papers-Literature-ML-DL-RL-AI
Highly cited and useful papers related to machine learning, deep learning, AI, game theory, reinforcement learning
ruby
The Ruby Programming Language [mirror]
brew
? The missing package manager for macOS (or Linux)
ALAE
[CVPR2020] Adversarial Latent Autoencoders
ant-design
? A UI Design Language and React UI library
itlwm
IntelWifi
Paper
High performance Spigot fork that aims to fix gameplay and mechanics inconsistencies
learnopencv
Learn OpenCV : C++ and Python Examples
tailwindcss
A utility-first CSS framework for rapid UI development.
esbuild
An extremely fast JavaScript bundler and minifier
react-query
⚛️ Hooks for fetching, caching and updating asynchronous data in React
3d-photo-inpainting
[CVPR 2020] 3D Photography using Context-aware Layered Depth Inpainting
nginx-ui
Nginx UI allows you to access and modify the nginx configurations files without cli.
SpringCloudLearning
《史上最简单的Spring Cloud教程源码》
raspberry-pi-os
Learning operating system development using Linux kernel and Raspberry Pi
abstreet
A traffic simulation game exploring how small changes to roads affect cyclists, transit users, pedestrians, and drivers.
spark
Apache Spark - A unified analytics engine for large-scale data processing
thingsboard
Open-source IoT Platform - Device management, data collection, processing and visualization.

PENTESTING-BIBLE

LINK
Updates to this repository will continue to arrive until the number of links reaches 10000 links & 10000 pdf files .Learn Ethical Hacking and penetration testing .hundreds of ethical hacking & penetra

PENTESTING-BIBLE

hundreds of ethical hacking & penetration testing & red team & cyber security & computer science resources.

ALMOST 2000 LINKS.

ALMOST 2000 PDF FILES ABOUT DIFFERENT FIELDS OF HACKING .

note:most of the pdf files is different than the links which means there is now almost 4000 links & pdf files.

Support.

Donate via Paypal:

Paypal: Donate via Paypal

-1- 3 Ways Extract Password Hashes from NTDS.dit:

https://www.hackingarticles.in/3-ways-extract-password-hashes-from-ntds-dit

-2- 3 ways to Capture HTTP Password in Network PC:

https://www.hackingarticles.in/3-ways-to-capture-http-password-in-network-pc/

-3- 3 Ways to Crack Wifi using Pyrit,oclHashcat and Cowpatty:

www.hackingarticles.in/3-ways-crack-wifi-using-pyrit-oclhashcat-cowpatty/

-4-BugBounty @ Linkedln-How I was able to bypass Open Redirection Protection:

https://medium.com/p/2e143eb36941

-5-BugBounty — “Let me reset your password and login into your account “-How I was able to Compromise any User Account via Reset Password Functionality:

https://medium.com/p/a11bb5f863b3/share/twitter

-6-“Journey from LFI to RCE!!!”-How I was able to get the same in one of the India’s popular property buy/sell company:

https://medium.com/p/a69afe5a0899

-7-BugBounty — “I don’t need your current password to login into your account” - How could I completely takeover any user’s account in an online classi ed ads company:

https://medium.com/p/e51a945b083d

-8-BugBounty — “How I was able to shop for free!”- Payment Price Manipulation:

https://medium.com/p/b29355a8e68e

-9-Recon — my way:

https://medium.com/p/82b7e5f62e21

-10-Reconnaissance: a eulogy in three acts:

https://medium.com/p/7840824b9ef2

-11-Red-Teaming-Toolkit:

https://github.com/infosecn1nja/Red-Teaming-Toolkit

-12-Red Team Tips:

https://vincentyiu.co.uk/

-13-Shellcode: A reverse shell for Linux in C with support for TLS/SSL:

https://modexp.wordpress.com/2019/04/24/glibc-shellcode/

-14-Shellcode: Encrypting traffic:

https://modexp.wordpress.com/2018/08/17/shellcode-encrypting-traffic/

-15-Penetration Testing of an FTP Server:

https://medium.com/p/19afe538be4b

-16-Reverse Engineering of the Anubis Malware — Part 1:

https://medium.com/p/741e12f5a6bd

-17-Privilege Escalation on Linux with Live examples:

https://resources.infosecinstitute.com/privilege-escalation-linux-live-examples/

-18-Pentesting Cheatsheets:

https://ired.team/offensive-security-experiments/offensive-security-cheetsheets

-19-Powershell Payload Delivery via DNS using Invoke-PowerCloud:

https://ired.team/offensive-security-experiments/payload-delivery-via-dns-using-invoke-powercloud

-20-SMART GOOGLE SEARCH QUERIES TO FIND VULNERABLE SITES – LIST OF 4500+ GOOGLE DORKS:

https://sguru.org/ghdb-download-list-4500-google-dorks-free/

-21-SQL Injection Cheat Sheet:

https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet/

-22-SQLmap’s os-shell + Backdooring website with Weevely:

https://medium.com/p/8cb6dcf17fa4

-23-SQLMap Tamper Scripts (SQL Injection and WAF bypass) Tips:

https://medium.com/p/c5a3f5764cb3

-24-Top 10 Essential NMAP Scripts for Web App Hacking:

https://medium.com/p/c7829ff5ab7

-25-BugBounty — How I was able to download the Source Code of India’s Largest Telecom Service Provider including dozens of more popular websites!:

https://medium.com/p/52cf5c5640a1

-26-Re ected XSS Bypass Filter:

https://medium.com/p/de41d35239a3

-27-XSS Payloads, getting past alert(1):

https://medium.com/p/217ab6c6ead7

-28-XS-Searching Google’s bug tracker to find out vulnerable source code Or how side-channel timing attacks aren’t that impractical:

https://medium.com/p/50d8135b7549

-29-Web Application Firewall (WAF) Evasion Techniques:

https://medium.com/@themiddleblue/web-application-firewall-waf-evasion-techniques

-30-OSINT Resources for 2019:

https://medium.com/p/b15d55187c3f

-31-The OSINT Toolkit:

https://medium.com/p/3b9233d1cdf9

-32-OSINT : Chasing Malware + C&C Servers:

https://medium.com/p/3c893dc1e8cb

-33-OSINT tool for visualizing relationships between domains, IPs and email addresses:

https://medium.com/p/94377aa1f20a

-34-From OSINT to Internal – Gaining Access from outside the perimeter:

https://www.n00py.io/.../from-osint-to-internal-gaining-access-from-the-outside-the-perimeter

-35-Week in OSINT #2018–35:

https://medium.com/p/b2ab1765157b

-36-Week in OSINT #2019–14:

https://medium.com/p/df83f5b334b4

-37-Instagram OSINT | What A Nice Picture:

https://medium.com/p/8f4c7edfbcc6

-38-awesome-osint:

https://github.com/jivoi/awesome-osint

-39-OSINT_Team_Links:

https://github.com/IVMachiavelli/OSINT_Team_Links

-40-Open-Source Intelligence (OSINT) Reconnaissance:

https://medium.com/p/75edd7f7dada

-41-Hacking Cryptocurrency Miners with OSINT Techniques:

https://medium.com/p/677bbb3e0157

-42-A penetration tester’s guide to sub- domain enumeration:

https://blog.appsecco.com/a-penetration-testers-guide-to-sub-domain-enumeration-7d842d5570f6?gi=f44ec9d8f4b5

-43-Packages that actively seeks vulnerable exploits in the wild. More of an umbrella group for similar packages:

https://blackarch.org/recon.html

-44-What tools I use for my recon during BugBounty:

https://medium.com/p/ec25f7f12e6d

-45-Command and Control – DNS:

https://pentestlab.blog/2017/09/06/command-and-control-dns/

-46-Command and Control – WebDAV:

https://pentestlab.blog/2017/09/12/command-and-control-webdav/

-47-Command and Control – Twitter:

https://pentestlab.blog/2017/09/26/command-and-control-twitter/

-48-Command and Control – Kernel:

https://pentestlab.blog/2017/10/02/command-and-control-kernel/

-49-Source code disclosure via exposed .git folder:

https://pentester.land/tutorials/.../source-code-disclosure-via-exposed-git-folder.html

-50-Pentesting Cheatsheet:

https://hausec.com/pentesting-cheatsheet/

-51-Windows Userland Persistence Fundamentals:

https://www.fuzzysecurity.com/tutorials/19.html

-52-A technique that a lot of SQL injection beginners don’t know | Atmanand Nagpure write-up:

https://medium.com/p/abdc7c269dd5

-53-awesome-bug-bounty:

https://github.com/djadmin/awesome-bug-bounty

-54-dostoevsky-pentest-notes:

https://github.com/dostoevskylabs/dostoevsky-pentest-notes

-55-awesome-pentest:

https://github.com/enaqx/awesome-pentest

-56-awesome-windows-exploitation:

https://github.com/enddo/awesome-windows-exploitation

-57-awesome-exploit-development:

https://github.com/FabioBaroni/awesome-exploit-development

-58-BurpSuit + SqlMap = One Love:

https://medium.com/p/64451eb7b1e8

-59-Crack WPA/WPA2 Wi-Fi Routers with Aircrack-ng and Hashcat:

https://medium.com/p/a5a5d3ffea46

-60-DLL Injection:

https://pentestlab.blog/2017/04/04/dll-injection

-61-DLL Hijacking:

https://pentestlab.blog/2017/03/27/dll-hijacking

-62-My Recon Process — DNS Enumeration:

https://medium.com/p/d0e288f81a8a

-63-Google Dorks for nding Emails, Admin users etc:

https://d4msec.wordpress.com/2015/09/03/google-dorks-for-finding-emails-admin-users-etc

-64-Google Dorks List 2018:

https://medium.com/p/fb70d0cbc94

-65-Hack your own NMAP with a BASH one-liner:

https://medium.com/p/758352f9aece

-66-UNIX / LINUX CHEAT SHEET:

cheatsheetworld.com/programming/unix-linux-cheat-sheet/

-67-Linux Capabilities Privilege Escalation via OpenSSL with SELinux Enabled and Enforced:

https://medium.com/p/74d2bec02099

-68- information gathering:

https://pentestlab.blog/category/information-gathering/

-69-post exploitation:

https://pentestlab.blog/category/post-exploitation/

-70-privilege escalation:

https://pentestlab.blog/category/privilege-escalation/

-71-red team:

https://pentestlab.blog/category/red-team/

-72-The Ultimate Penetration Testing Command Cheat Sheet for Linux:

https://www.hackingloops.com/command-cheat-sheet-for-linux/

-73-Web Application Penetration Testing Cheat Sheet:

https://jdow.io/blog/2018/03/18/web-application-penetration-testing-methodology/

-74-Windows Kernel Exploits:

https://pentestlab.blog/2017/04/24/windows-kernel-exploits

-75-Windows oneliners to download remote payload and execute arbitrary code:

https://arno0x0x.wordpress.com/2017/11/20/windows-oneliners-to-download-remote-payload-and-execute-arbitrary-code/

-76-Windows-Post-Exploitation:

https://github.com/emilyanncr/Windows-Post-Exploitation

-77-Windows Post Exploitation Shells and File Transfer with Netcat for Windows:

https://medium.com/p/a2ddc3557403

-78-Windows Privilege Escalation Fundamentals:

https://www.fuzzysecurity.com/tutorials/16.html

-79-Windows Privilege Escalation Guide:

www.absolomb.com/2018-01-26-Windows-Privilege-Escalation-Guide/

-80-Windows Active Directory Post Exploitation Cheatsheet:

https://medium.com/p/48c2bd70388

-81-Windows Exploitation Tricks: Abusing the User-Mode Debugger:

https://googleprojectzero.blogspot.com/2019/04/windows-exploitation-tricks-abusing.html

-82-VNC Penetration Testing (Port 5901):

http://www.hackingarticles.in/vnc-penetration-testing

-83- Big List Of Google Dorks Hacking:

https://xspiyr.wordpress.com/2012/09/05/big-list-of-google-dorks-hacking

-84-List of google dorks for sql injection:

https://deadlyhacker.wordpress.com/2013/05/09/list-of-google-dorks-for-sql-injection/

-85-Download Google Dorks List 2019:

https://medium.com/p/323c8067502c

-86-Comprehensive Guide to Sqlmap (Target Options):

http://www.hackingarticles.in/comprehensive-guide-to-sqlmap-target-options15249-2

-87-EMAIL RECONNAISSANCE AND PHISHING TEMPLATE GENERATION MADE SIMPLE:

www.cybersyndicates.com/.../email-reconnaissance-phishing-template-generation-made-simple

-88-Comprehensive Guide on Gobuster Tool:

https://www.hackingarticles.in/comprehensive-guide-on-gobuster-tool/

-89-My Top 5 Web Hacking Tools:

https://medium.com/p/e15b3c1f21e8

-90-[technical] Pen-testing resources:

https://medium.com/p/cd01de9036ad

-91-File System Access on Webserver using Sqlmap:

http://www.hackingarticles.in/file-system-access-on-webserver-using-sqlmap

-92-kali-linux-cheatsheet:

https://github.com/NoorQureshi/kali-linux-cheatsheet

-93-Pentesting Cheatsheet:

https://anhtai.me/pentesting-cheatsheet/

-94-Command Injection Exploitation through Sqlmap in DVWA (OS-cmd):

http://www.hackingarticles.in/command-injection-exploitation-through-sqlmap-in-dvwa

-95-XSS Payload List - Cross Site Scripting Vulnerability Payload List:

https://www.kitploit.com/2018/05/xss-payload-list-cross-site-scripting.html

-96-Analyzing CVE-2018-6376 – Joomla!, Second Order SQL Injection:

https://www.notsosecure.com/analyzing-cve-2018-6376/

-97-Exploiting Sql Injection with Nmap and Sqlmap:

http://www.hackingarticles.in/exploiting-sql-injection-nmap-sqlmap

-98-awesome-malware-analysis:

https://github.com/rshipp/awesome-malware-analysis

-99-Anatomy of UAC Attacks:

https://www.fuzzysecurity.com/tutorials/27.html

-100-awesome-cyber-skills:

https://github.com/joe-shenouda/awesome-cyber-skills

-101-5 ways to Banner Grabbing:

http://www.hackingarticles.in/5-ways-banner-grabbing

-102-6 Ways to Hack PostgresSQL Login:

http://www.hackingarticles.in/6-ways-to-hack-postgressql-login

-103-6 Ways to Hack SSH Login Password:

http://www.hackingarticles.in/6-ways-to-hack-ssh-login-password

-104-10 Free Ways to Find Someone’s Email Address:

https://medium.com/p/e6f37f5fe10a

-105-USING A SCF FILE TO GATHER HASHES:

https://1337red.wordpress.com/using-a-scf-file-to-gather-hashes

-106-Hack Remote Windows PC using DLL Files (SMB Delivery Exploit):

http://www.hackingarticles.in/hack-remote-windows-pc-using-dll-files-smb-delivery-exploit

107-Hack Remote Windows PC using Office OLE Multiple DLL Hijack Vulnerabilities:

http://www.hackingarticles.in/hack-remote-windows-pc-using-office-ole-multiple-dll-hijack-vulnerabilities

-108-BUG BOUNTY HUNTING (METHODOLOGY , TOOLKIT , TIPS & TRICKS , Blogs):

https://medium.com/p/ef6542301c65

-109-How To Perform External Black-box Penetration Testing in Organization with “ZERO” Information:

https://gbhackers.com/external-black-box-penetration-testing

-110-A Complete Penetration Testing & Hacking Tools List for Hackers & Security Professionals:

https://gbhackers.com/hacking-tools-list

-111-Most Important Considerations with Malware Analysis Cheats And Tools list:

https://gbhackers.com/malware-analysis-cheat-sheet-and-tools-list

-112-Awesome-Hacking:

https://github.com/Hack-with-Github/Awesome-Hacking

-113-awesome-threat-intelligence:

https://github.com/hslatman/awesome-threat-intelligence

-114-awesome-yara:

https://github.com/InQuest/awesome-yara

-115-Red-Team-Infrastructure-Wiki:

https://github.com/bluscreenofjeff/Red-Team-Infrastructure-Wiki

-116-awesome-pentest:

https://github.com/enaqx/awesome-pentest

-117-awesome-cyber-skills:

https://github.com/joe-shenouda/awesome-cyber-skills

-118-pentest-wiki:

https://github.com/nixawk/pentest-wiki

-119-awesome-web-security:

https://github.com/qazbnm456/awesome-web-security

-120-Infosec_Reference:

https://github.com/rmusser01/Infosec_Reference

-121-awesome-iocs:

https://github.com/sroberts/awesome-iocs

-122-blackhat-arsenal-tools:

https://github.com/toolswatch/blackhat-arsenal-tools

-123-awesome-social-engineering:

https://github.com/v2-dev/awesome-social-engineering

-124-Penetration Testing Framework 0.59:

www.vulnerabilityassessment.co.uk/Penetration%20Test.html

-125-Penetration Testing Tools Cheat Sheet :

https://highon.coffee/blog/penetration-testing-tools-cheat-sheet/

-126-SN1PER – A Detailed Explanation of Most Advanced Automated Information Gathering & Penetration Testing Tool:

https://gbhackers.com/sn1per-a-detailed-explanation-of-most-advanced-automated-information-gathering-penetration-testing-tool

-127-Spear Phishing 101:

https://blog.inspired-sec.com/archive/2017/05/07/Phishing.html

-128-100 ways to discover (part 1):

https://sylarsec.com/2019/01/11/100-ways-to-discover-part-1/

-129-Comprehensive Guide to SSH Tunnelling:

http://www.hackingarticles.in/comprehensive-guide-to-ssh-tunnelling/

-130-Capture VNC Session of Remote PC using SetToolkit:

http://www.hackingarticles.in/capture-vnc-session-remote-pc-using-settoolkit/

-131-Hack Remote PC using PSEXEC Injection in SET Toolkit:

http://www.hackingarticles.in/hack-remote-pc-using-psexec-injection-set-toolkit/

-132-Denial of Service Attack on Network PC using SET Toolkit:

http://www.hackingarticles.in/denial-of-service-attack-on-network-pc-using-set-toolkit/

-133-Hack Gmail and Facebook of Remote PC using DNS Spoofing and SET Toolkit:

http://www.hackingarticles.in/hack-gmail-and-facebook-of-remote-pc-using-dns-spoofing-and-set-toolkit/

-134-Hack Any Android Phone with DroidJack (Beginner’s Guide):

http://www.hackingarticles.in/hack-android-phone-droidjack-beginners-guide/

-135-HTTP RAT Tutorial for Beginners:

http://www.hackingarticles.in/http-rat-tutorial-beginners/

-136-5 ways to Create Permanent Backdoor in Remote PC:

http://www.hackingarticles.in/5-ways-create-permanent-backdoor-remote-pc/

-137-How to Enable and Monitor Firewall Log in Windows PC:

http://www.hackingarticles.in/enable-monitor-firewall-log-windows-pc/

-138-EMPIRE TIPS AND TRICKS:

https://enigma0x3.net/2015/08/26/empire-tips-and-tricks/

-139-CSRF account takeover Explained Automated/Manual:

https://medium.com/p/447e4b96485b

-140-CSRF Exploitation using XSS:

http://www.hackingarticles.in/csrf-exploitation-using-xss

-141-Dumping Domain Password Hashes:

https://pentestlab.blog/2018/07/04/dumping-domain-password-hashes/

-142-Empire Post Exploitation – Unprivileged Agent to DA Walkthrough:

https://bneg.io/2017/05/24/empire-post-exploitation/

-143-Dropbox for the Empire:

https://bneg.io/2017/05/13/dropbox-for-the-empire/

-144-Empire without PowerShell.exe:

https://bneg.io/2017/07/26/empire-without-powershell-exe/

-145-REVIVING DDE: USING ONENOTE AND EXCEL FOR CODE EXECUTION:

https://enigma0x3.net/2018/01/29/reviving-dde-using-onenote-and-excel-for-code-execution/

-146-PHISHING WITH EMPIRE:

https://enigma0x3.net/2016/03/15/phishing-with-empire/

-146-BYPASSING UAC ON WINDOWS 10 USING DISK CLEANUP:

https://enigma0x3.net/2016/07/22/bypassing-uac-on-windows-10-using-disk-cleanup/

-147-“FILELESS” UAC BYPASS USING EVENTVWR.EXE AND REGISTRY HIJACKING:

https://enigma0x3.net/2016/08/15/fileless-uac-bypass-using-eventvwr-exe-and-registry-hijacking/

-148-“FILELESS” UAC BYPASS USING SDCLT.EXE:

https://enigma0x3.net/2017/03/17/fileless-uac-bypass-using-sdclt-exe/

-149-PHISHING AGAINST PROTECTED VIEW:

https://enigma0x3.net/2017/07/13/phishing-against-protected-view/

-150-LATERAL MOVEMENT USING EXCEL.APPLICATION AND DCOM:

https://enigma0x3.net/2017/09/11/lateral-movement-using-excel-application-and-dcom/

-151-enum4linux Cheat Sheet:

https://highon.coffee/blog/enum4linux-cheat-sheet/

-152-enumeration:

https://technologyredefine.blogspot.com/2017/11/enumeration.html

-153-Command and Control – WebSocket:

https://pentestlab.blog/2017/12/06/command-and-control-websocket

-154-Command and Control – WMI:

https://pentestlab.blog/2017/11/20/command-and-control-wmi

-155-Dangerous Virus For Windows Crashes Everything Hack window Using Virus:

http://thelearninghacking.com/create-virus-hack-windows/

-156-Comprehensive Guide to Nmap Port Status:

http://www.hackingarticles.in/comprehensive-guide-nmap-port-status

-157-Commix – Automated All-in-One OS Command Injection and Exploitation Tool:

https://gbhackers.com/commix-automated-all-in-one-os-command-injection-and-exploitation-tool

-158-Compromising Jenkins and extracting credentials:

https://www.n00py.io/2017/01/compromising-jenkins-and-extracting-credentials/

-159-footprinting:

https://technologyredefine.blogspot.com/2017/09/footprinting_17.html

-160-awesome-industrial-control-system-security:

https://github.com/hslatman/awesome-industrial-control-system-security

-161-xss-payload-list:

https://github.com/ismailtasdelen/xss-payload-list

-162-awesome-vehicle-security:

https://github.com/jaredthecoder/awesome-vehicle-security

-163-awesome-osint:

https://github.com/jivoi/awesome-osint

-164-awesome-python:

https://github.com/vinta/awesome-python

-165-Microsoft Windows - UAC Protection Bypass (Via Slui File Handler Hijack) (Metasploit):

https://www.exploit-db.com/download/44830.rb

-166-nbtscan Cheat Sheet:

https://highon.coffee/blog/nbtscan-cheat-sheet/

-167-neat-tricks-to-bypass-csrfprotection:

www.slideshare.net/0ang3el/neat-tricks-to-bypass-csrfprotection

-168-ACCESSING CLIPBOAR D FROM THE LOC K SC REEN IN WI NDOWS 10 #2:

https://oddvar.moe/2017/01/27/access-clipboard-from-lock-screen-in-windows-10-2/

-169-NMAP CHEAT-SHEET (Nmap Scanning Types, Scanning Commands , NSE Scripts):

https://medium.com/p/868a7bd7f692

-170-Nmap Cheat Sheet:

https://highon.coffee/blog/nmap-cheat-sheet/

-171-Powershell Without Powershell – How To Bypass Application Whitelisting, Environment Restrictions & AV:

https://www.blackhillsinfosec.com/powershell-without-powershell-how-to-bypass-application-whitelisting-environment-restrictions-av/

-172-Phishing with PowerPoint:

https://www.blackhillsinfosec.com/phishing-with-powerpoint/

-173-hide-payload-ms-office-document-properties:

https://www.blackhillsinfosec.com/hide-payload-ms-office-document-properties/

-174-How to Evade Application Whitelisting Using REGSVR32:

https://www.blackhillsinfosec.com/evade-application-whitelisting-using-regsvr32/

-175-How to Build a C2 Infrastructure with Digital Ocean – Part 1:

https://www.blackhillsinfosec.com/build-c2-infrastructure-digital-ocean-part-1/

-176-WordPress Penetration Testing using Symposium Plugin SQL Injection:

http://www.hackingarticles.in/wordpress-penetration-testing-using-symposium-plugin-sql-injection

-177-Manual SQL Injection Exploitation Step by Step:

http://www.hackingarticles.in/manual-sql-injection-exploitation-step-step

-178-MSSQL Penetration Testing with Metasploit:

http://www.hackingarticles.in/mssql-penetration-testing-metasploit

-179-Multiple Ways to Get root through Writable File:

http://www.hackingarticles.in/multiple-ways-to-get-root-through-writable-file

-180-MySQL Penetration Testing with Nmap:

http://www.hackingarticles.in/mysql-penetration-testing-nmap

-181-NetBIOS and SMB Penetration Testing on Windows:

http://www.hackingarticles.in/netbios-and-smb-penetration-testing-on-windows

-182-Network Packet Forensic using Wireshark:

http://www.hackingarticles.in/network-packet-forensic-using-wireshark

-183-Escape and Evasion Egressing Restricted Networks:

https://www.optiv.com/blog/escape-and-evasion-egressing-restricted-networks/

-183-Awesome-Hacking-Resources:

https://github.com/vitalysim/Awesome-Hacking-Resources

-184-Hidden directories and les as a source of sensitive information about web application:

https://medium.com/p/84e5c534e5ad

-185-Hiding Registry keys with PSRe ect:

https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353

-186-awesome-cve-poc:

https://github.com/qazbnm456/awesome-cve-poc

-187-Linux Capabilities Privilege Escalation via OpenSSL with SELinux Enabled and Enforced:

https://medium.com/p/74d2bec02099

-188-Post Exploitation in Windows using dir Command:

http://www.hackingarticles.in/post-exploitation-windows-using-dir-command

189-Web Application Firewall (WAF) Evasion Techniques #2:

https://medium.com/secjuice/web-application-firewall-waf-evasion-techniques-2-125995f3e7b0

-190-Forensics Investigation of Remote PC (Part 1):

http://www.hackingarticles.in/forensics-investigation-of-remote-pc-part-1

-191-CloudFront Hijacking:

https://www.mindpointgroup.com/blog/pen-test/cloudfront-hijacking/

-192-PowerPoint and Custom Actions:

https://cofense.com/powerpoint-and-custom-actions/

-193-Privilege Escalation on Windows 7,8,10, Server 2008, Server 2012 using Potato:

http://www.hackingarticles.in/privilege-escalation-on-windows-7810-server-2008-server-2012-using-potato

-194-How to intercept TOR hidden service requests with Burp:

https://medium.com/p/6214035963a0

-195-How to Make a Captive Portal of Death:

https://medium.com/p/48e82a1d81a/share/twitter

-196-How to find any CEO’s email address in minutes:

https://medium.com/p/70dcb96e02b0

197-Microsoft Windows 10 - Child Process Restriction Mitigation Bypass:

https://www.exploit-db.com/download/44888.txt

-198-Microsoft Windows - Token Process Trust SID Access Check Bypass Privilege Escalation:

https://www.exploit-db.com/download/44630.txt

-199-Microsoft Word upload to Stored XSS:

https://www.n00py.io/2018/03/microsoft-word-upload-to-stored-xss/

-200-MobileApp-Pentest-Cheatsheet:

https://github.com/tanprathan/MobileApp-Pentest-Cheatsheet

-201-awesome:

https://github.com/sindresorhus/awesome

-201-writing arm shellcode:

https://azeria-labs.com/writing-arm-shellcode/

-202-debugging with gdb introduction:

https://azeria-labs.com/debugging-with-gdb-introduction/

-203-emulate raspberrypi with qemu:

https://azeria-labs.com/emulate-raspberry-pi-with-qemu/

-204-Bash One-Liner to Check Your Password(s) via pwnedpasswords.com’s API Using the k-Anonymity Method:

https://medium.com/p/a5807a9a8056

-205-A Red Teamer's guide to pivoting:

https://artkond.com/2017/03/23/pivoting-guide/

-206-Using WebDAV features as a covert channel:

https://arno0x0x.wordpress.com/2017/09/07/using-webdav-features-as-a-covert-channel/

-207-A View of Persistence:

https://rastamouse.me/2018/03/a-view-of-persistence/

-208- pupy websocket transport:

https://bitrot.sh/post/28-11-2017-pupy-websocket-transport/

-209-Subdomains Enumeration Cheat Sheet:

https://pentester.land/cheatsheets/2018/11/.../subdomains-enumeration-cheatsheet.html

-210-DNS Reconnaissance – DNSRecon:

https://pentestlab.blog/2012/11/13/dns-reconnaissance-dnsrecon/

-211-Cheatsheets:

https://bitrot.sh/cheatsheet

-212-Understanding Guide to Nmap Firewall Scan (Part 2):

http://www.hackingarticles.in/understanding-guide-nmap-firewall-scan-part-2

-213-Exploit Office 2016 using CVE-2018-0802:

https://technologyredefine.blogspot.com/2018/01/exploit-office-2016-using-cve-2018-0802.html

-214-windows-exploit-suggester:

https://technologyredefine.blogspot.com/2018/01/windows-exploit-suggester.html

-215-INSTALLING PRESISTENCE BACKDOOR IN WINDOWS:

https://technologyredefine.blogspot.com/2018/01/installing-presistence-backdoor-in.html

-216-IDS, IPS AND FIREWALL EVASION USING NMAP:

https://technologyredefine.blogspot.com/2017/09/ids-ips-and-firewall-evasion-using-nmap.html

-217-Wireless Penetration Testing Checklist – A Detailed Cheat Sheet:

https://gbhackers.com/wireless-penetration-testing-checklist-a-detailed-cheat-sheet

218-Most Important Web Application Security Tools & Resources for Hackers and Security Professionals:

https://gbhackers.com/web-application-security-tools-resources

-219-Web Application Penetration Testing Checklist – A Detailed Cheat Sheet:

https://gbhackers.com/web-application-penetration-testing-checklist-a-detailed-cheat-sheet

-220-Top 500 Most Important XSS Script Cheat Sheet for Web Application Penetration Testing:

https://gbhackers.com/top-500-important-xss-cheat-sheet

-221-USBStealer – Password Hacking Tool For Windows Machine Applications:

https://gbhackers.com/pasword-hacking

-222-Most Important Mobile Application Penetration Testing Cheat sheet with Tools & Resources for Security Professionals:

https://gbhackers.com/mobile-application-penetration-testing

-223-Metasploit Can Be Directly Used For Hardware Penetration Testing Now:

https://gbhackers.com/metasploit-can-be-directly-used-for-hardware-vulnerability-testing-now

-224-How to Perform Manual SQL Injection While Pentesting With Single quote Error Based Parenthesis Method:

https://gbhackers.com/manual-sql-injection-2

-225-Email Spoo ng – Exploiting Open Relay configured Public Mailservers:

https://gbhackers.com/email-spoofing-exploiting-open-relay

-226-Email Header Analysis – Received Email is Genuine or Spoofed:

https://gbhackers.com/email-header-analysis

-227-Most Important Cyber Threat Intelligence Tools List For Hackers and Security Professionals:

https://gbhackers.com/cyber-threat-intelligence-tools

-228-Creating and Analyzing a Malicious PDF File with PDF-Parser Tool:

https://gbhackers.com/creating-and-analyzing-a-malicious-pdf-file-with-pdf-parser-tool

-229-Commix – Automated All-in-One OS Command Injection and Exploitation Tool:

https://gbhackers.com/commix-automated-all-in-one-os-command-injection-and-exploitation-tool

-230-Advanced ATM Penetration Testing Methods:

https://gbhackers.com/advanced-atm-penetration-testing-methods

-231-A8-Cross-Site Request Forgery (CSRF):

https://gbhackers.com/a8-cross-site-request-forgery-csrf

-232-Fully undetectable backdooring PE File:

https://haiderm.com/fully-undetectable-backdooring-pe-file/

-233-backdooring exe files:

https://haiderm.com/tag/backdooring-exe-files/

-234-From PHP (s)HELL to Powershell Heaven:

https://medium.com/p/da40ce840da8

-235-Forensic Investigation of Nmap Scan using Wireshark:

http://www.hackingarticles.in/forensic-investigation-of-nmap-scan-using-wireshark

-236-Unleashing an Ultimate XSS Polyglot:

https://github.com/0xsobky/HackVault/wiki

-237-wifi-arsenal:

https://github.com/0x90/wifi-arsenal

-238-XXE_payloads:

https://gist.github.com/staaldraad/01415b990939494879b4

-239-xss_payloads_2016:

https://github.com/7ioSecurity/XSS-Payloads/raw/master/xss_payloads_2016

-240-A curated list of awesome command-line frameworks, toolkits, guides and gizmos. Inspired by awesome-php.:

https://github.com/alebcay/awesome-shell

-241-The goal of this repository is to document the most common techniques to bypass AppLocker.:

https://github.com/api0cradle/UltimateAppLockerByPassList

-242-A curated list of CTF frameworks, libraries, resources and softwares:

https://github.com/apsdehal/awesome-ctf

-243-A collection of android security related resources:

https://github.com/ashishb/android-security-awesome

-244-OSX and iOS related security tools:

https://github.com/ashishb/osx-and-ios-security-awesome

-245-regexp-security-cheatsheet:

https://github.com/attackercan/regexp-security-cheatsheet

-246-PowerView-2.0 tips and tricks:

https://gist.github.com/HarmJ0y/3328d954607d71362e3c

-247-A curated list of awesome awesomeness:

https://github.com/bayandin/awesome-awesomeness

-248-Android App Security Checklist:

https://github.com/b-mueller/android_app_security_checklist

-249-Crack WPA/WPA2 Wi-Fi Routers with Airodump-ng and Aircrack-ng/Hashcat:

https://github.com/brannondorsey/wifi-cracking

-250-My-Gray-Hacker-Resources:

https://github.com/bt3gl/My-Gray-Hacker-Resources

-251-A collection of tools developed by other researchers in the Computer Science area to process network traces:

https://github.com/caesar0301/awesome-pcaptools

-252-A curated list of awesome Hacking tutorials, tools and resources:

https://github.com/carpedm20/awesome-hacking

-253-RFSec-ToolKit is a collection of Radio Frequency Communication Protocol Hacktools.:

https://github.com/cn0xroot/RFSec-ToolKit

-254-Collection of the cheat sheets useful for pentesting:

https://github.com/coreb1t/awesome-pentest-cheat-sheets

-255-Collection of the cheat sheets useful for pentesting:

https://github.com/coreb1t/awesome-pentest-cheat-sheets

-256-Collection of the cheat sheets useful for pentesting:

https://github.com/coreb1t/awesome-pentest-cheat-sheets

-257-A curated list of awesome forensic analysis tools and resources:

https://github.com/cugu/awesome-forensics

-258-Open-Redirect-Payloads:

https://github.com/cujanovic/Open-Redirect-Payloads

-259-A Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns.:

https://github.com/Cyb3rWard0g/ThreatHunter-Playbook

-260-Windows memory hacking library:

https://github.com/DarthTon/Blackbone

-261-A collective list of public JSON APIs for use in security.:

https://github.com/deralexxx/security-apis

-262-An authoritative list of awesome devsecops tools with the help from community experiments and contributions.:

https://github.com/devsecops/awesome-devsecops

-263-List of Awesome Hacking places, organised by Country and City, listing if it features power and wifi:

https://github.com/diasdavid/awesome-hacking-spots

-264-A comprehensive curated list of available Bug Bounty & Disclosure Programs and Write-ups:

https://github.com/djadmin/awesome-bug-bounty

-265-Notes for taking the OSCP in 2097:

https://github.com/dostoevskylabs/dostoevsky-pentest-notes

-266-A curated list of awesome Windows Exploitation resources, and shiny things. Inspired by awesom:

https://github.com/enddo/awesome-windows-exploitation

-267-A curated list of resources (books, tutorials, courses, tools and vulnerable applications) for learning about Exploit Development:

https://github.com/FabioBaroni/awesome-exploit-development

-268-A curated list of awesome reversing resources:

https://github.com/fdivrp/awesome-reversing

-269-Git All the Payloads! A collection of web attack payloads:

https://github.com/foospidy/payloads

-270-GitHub Project Resource List:

https://github.com/FuzzySecurity/Resource-List

-271-Use your macOS terminal shell to do awesome things.:

https://github.com/herrbischoff/awesome-macos-command-line

-272-Defeating Windows User Account Control:

https://github.com/hfiref0x/UACME

-273-Free Security and Hacking eBooks:

https://github.com/Hack-with-Github/Free-Security-eBooks

-274-Universal Radio Hacker: investigate wireless protocols like a boss:

https://github.com/jopohl/urh

-275-A curated list of movies every hacker & cyberpunk must watch:

https://github.com/k4m4/movies-for-hackers

-276-Various public documents, whitepapers and articles about APT campaigns:

https://github.com/kbandla/APTnotes

-277-A database of common, interesting or useful commands, in one handy referable form:

https://github.com/leostat/rtfm

-278-A curated list of tools for incident response:

https://github.com/meirwah/awesome-incident-response

-279-A curated list of awesome guides, tools, and other resources related to the security and compromise of locks, safes, and keys:

https://github.com/meitar/awesome-lockpicking

-280-A curated list of static analysis tools, linters and code quality checkers for various programming languages:

https://github.com/mre/awesome-static-analysis

-281-A Collection of Hacks in IoT Space so that we can address them (hopefully):

https://github.com/nebgnahz/awesome-iot-hacks

-281-A Course on Intermediate Level Linux Exploitation:

https://github.com/nnamon/linux-exploitation-course

-282-Kali Linux Cheat Sheet for Penetration Testers:

https://github.com/NoorQureshi/kali-linux-cheatsheet

-283-A curated list of awesome infosec courses and training resources.:

https://github.com/onlurking/awesome-infosec

-284-A curated list of resources for learning about application security:

https://github.com/paragonie/awesome-appsec

-285-an awesome list of honeypot resources:

https://github.com/paralax/awesome-honeypots

286-GitHub Enterprise SQL Injection:

https://www.blogger.com/share-post.g?blogID=2987759532072489303&postID=6980097238231152493

-287-A curated list of fuzzing resources ( Books, courses - free and paid, videos, tools, tutorials and vulnerable applications to practice on ) for learning Fuzzing and initial phases of Exploit Development like root cause analysis:

https://github.com/secfigo/Awesome-Fuzzing

-288-PHP htaccess injection cheat sheet:

https://github.com/sektioneins/pcc/wiki

-289-A curated list of the awesome resources about the Vulnerability Research:

https://github.com/sergey-pronin/Awesome-Vulnerability-Research

-290-A list of useful payloads and bypass for Web Application Security and Pentest/CTF:

https://github.com/swisskyrepo/PayloadsAllTheThings

-291-A collection of Red Team focused tools, scripts, and notes:

https://github.com/threatexpress/red-team-scripts

-292-Awesome XSS stuff:

https://github.com/UltimateHackers/AwesomeXSS

-293-A collection of hacking / penetration testing resources to make you better!:

https://github.com/vitalysim/Awesome-Hacking-Resources

-294-Docker Cheat Sheet:

https://github.com/wsargent/docker-cheat-sheet

-295-Decrypted content of eqgrp-auction-file.tar.xz:

https://github.com/x0rz/EQGRP

-296-A bunch of links related to Linux kernel exploitation:

https://github.com/xairy/linux-kernel-exploitation

-297-Penetration Testing 102 - Windows Privilege Escalation Cheatsheet:

www.exumbraops.com/penetration-testing-102-windows-privilege-escalation-cheatsheet

-298-Pentesting Cheatsheet:

https://anhtai.me/pentesting-cheatsheet/

-299-Windows Privilege Escalation Methods for Pentesters:

https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/

-300-Penetration Testing Cheat Sheet For Windows Machine – Intrusion Detection:

-301-Reading Your Way Around UAC (Part 1):

https://tyranidslair.blogspot.co.uk/2017/05/reading-your-way-around-uac-part-1.html

-302--Reading Your Way Around UAC (Part 2):

https://tyranidslair.blogspot.co.uk/2017/05/reading-your-way-around-uac-part-2.html

-303-Executing Metasploit & Empire Payloads from MS Office Document Properties (part 2 of 2):

https://stealingthe.network/executing-metasploit-empire-payloads-from-ms-office-document-properties-part-2-of-2/

-304-SSRF - Server Side Request Forgery (Types and ways to exploit it) Part-1:

https://medium.com/p/29d034c27978

-304-Automating Cobalt Strike,Aggressor Collection Scripts:

https://github.com/bluscreenofjeff/AggressorScripts

https://github.com/harleyQu1nn/AggressorScripts

-305-Vi Cheat Sheet:

https://highon.coffee/blog/vi-cheat-sheet/

-306-Network Recon Cheat Sheet:

https://www.cheatography.com/coffeefueled/cheat-sheets/network-recon/

-307-LFI Cheat Sheet:

https://highon.coffee/blog/lfi-cheat-sheet/

-308-Systemd Cheat Sheet:

https://highon.coffee/blog/systemd-cheat-sheet/

-309-Aircrack-ng Cheatsheet:

https://securityonline.info/aircrack-ng-cheatsheet/

-310-Kali Linux Cheat Sheet for Penetration Testers:

https://www.blackmoreops.com/?p=7212

-311-Wifi Pentesting Command Cheatsheet:

https://randomkeystrokes.com/2016/07/01/wifi-pentesting-cheatsheet/

-312-Android Testing Environment Cheatsheet (Part 1):

https://randomkeystrokes.com/2016/10/17/android-testing-environment-cheatsheet/

-313-cheatsheet:

https://randomkeystrokes.com/category/cheatsheet/

-314-Reverse Shell Cheat Sheet:

https://highon.coffee/blog/reverse-shell-cheat-sheet/

-315-Linux Commands Cheat Sheet:

https://highon.coffee/blog/linux-commands-cheat-sheet/

-316-Linux Privilege Escalation using Sudo Rights:

http://www.hackingarticles.in/linux-privilege-escalation-using-exploiting-sudo-rights

-317-Linux Privilege Escalation using Misconfigured NFS:

http://www.hackingarticles.in/linux-privilege-escalation-using-misconfigured-nfs/

-318-Linux Privilege Escalation by Exploiting Cronjobs:

http://www.hackingarticles.in/linux-privilege-escalation-by-exploiting-cron-jobs/

-319-Web Penetration Testing:

http://www.hackingarticles.in/web-penetration-testing/

-320-Webshell to Meterpreter:

http://www.hackingarticles.in/webshell-to-meterpreter

-321-WordPress Penetration Testing using WPScan & Metasploit:

http://www.hackingarticles.in/wordpress-penetration-testing-using-wpscan-metasploit

-322-XSS Exploitation in DVWA (Bypass All Security):

http://www.hackingarticles.in/xss-exploitation-dvwa-bypass-security

-323-Linux Privilege Escalation Using PATH Variable:

http://www.hackingarticles.in/linux-privilege-escalation-using-path-variable/

-324-VNC tunneling over SSH:

http://www.hackingarticles.in/vnc-tunneling-ssh

-325-VNC Pivoting through Meterpreter:

http://www.hackingarticles.in/vnc-pivoting-meterpreter

-326-Week of Evading Microsoft ATA - Announcement and Day 1:

https://www.labofapenetrationtester.com/2017/08/week-of-evading-microsoft-ata-day1.html

-327-Abusing DNSAdmins privilege for escalation in Active Directory:

https://www.labofapenetrationtester.com/2017/05/abusing-dnsadmins-privilege-for-escalation-in-active-directory.html

-328-Using SQL Server for attacking a Forest Trust:

https://www.labofapenetrationtester.com/2017/03/using-sql-server-for-attacking-forest-trust.html

-329-Empire :

http://www.harmj0y.net/blog/category/empire/

-330-8 Deadly Commands You Should Never Run on Linux:

https://www.howtogeek.com/125157/8-deadly-commands-you-should-never-run-on-linux/

-331-External C2 framework for Cobalt Strike:

https://www.insomniacsecurity.com/2018/01/11/externalc2.html

-332-How to use Public IP on Kali Linux:

http://www.hackingarticles.in/use-public-ip-kali-linux

-333-Bypass Admin access through guest Account in windows 10:

http://www.hackingarticles.in/bypass-admin-access-guest-account-windows-10

-334-Bypass Firewall Restrictions with Metasploit (reverse_tcp_allports):

http://www.hackingarticles.in/bypass-firewall-restrictions-metasploit-reverse_tcp_allports

-335-Bypass SSH Restriction by Port Relay:

http://www.hackingarticles.in/bypass-ssh-restriction-by-port-relay

-336-Bypass UAC Protection of Remote Windows 10 PC (Via FodHelper Registry Key):

http://www.hackingarticles.in/bypass-uac-protection-remote-windows-10-pc-via-fodhelper-registry-key

-337-Bypass UAC in Windows 10 using bypass_comhijack Exploit:

http://www.hackingarticles.in/bypass-uac-windows-10-using-bypass_comhijack-exploit

-338-Bind Payload using SFX archive with Trojanizer:

http://www.hackingarticles.in/bind-payload-using-sfx-archive-trojanizer

-339-Capture NTLM Hashes using PDF (Bad-Pdf):

http://www.hackingarticles.in/capture-ntlm-hashes-using-pdf-bad-pdf

-340-Best of Post Exploitation Exploits & Tricks:

http://www.hackingarticles.in/best-of-post-exploitation-exploits-tricks/

-341-Detect SQL Injection Attack using Snort IDS:

http://www.hackingarticles.in/detect-sql-injection-attack-using-snort-ids/

-342-Beginner Guide to Website Footprinting:

http://www.hackingarticles.in/beginner-guide-website-footprinting/

-343-How to Enable and Monitor Firewall Log in Windows PC:

http://www.hackingarticles.in/enable-monitor-firewall-log-windows-pc/

-344-Wifi Post Exploitation on Remote PC:

http://www.hackingarticles.in/wifi-post-exploitation-remote-pc/

-335-Check Meltdown Vulnerability in CPU:

http://www.hackingarticles.in/check-meltdown-vulnerability-cpu

-336-XXE:

https://phonexicum.github.io/infosec/xxe.html

-337-[XSS] Re ected XSS Bypass Filter:

https://medium.com/p/de41d35239a3

-338-Engagement Tools Tutorial in Burp suite:

http://www.hackingarticles.in/engagement-tools-tutorial-burp-suite

-339-Wiping Out CSRF:

https://medium.com/@jrozner/wiping-out-csrf-ded97ae7e83f

-340-First entry: Welcome and fileless UAC bypass:

https://winscripting.blog/2017/05/12/first-entry-welcome-and-uac-bypass/

-341-Writing a Custom Shellcode Encoder:

https://medium.com/p/31816e767611

-342-Security Harden CentOS 7 :

https://highon.coffee/blog/security-harden-centos-7/

-343-THE BIG BAD WOLF - XSS AND MAINTAINING ACCESS:

https://www.paulosyibelo.com/2018/06/the-big-bad-wolf-xss-and-maintaining.html

-344-MySQL:

https://websec.ca/kb/CHANGELOG.txt

-345-Deobfuscation of VM based software protection:

http://shell-storm.org/talks/SSTIC2017_Deobfuscation_of_VM_based_software_protection.pdf

-346-Online Assembler and Disassembler:

http://shell-storm.org/online/Online-Assembler-and-Disassembler/

-347-Shellcodes database for study cases:

http://shell-storm.org/shellcode/

-348-Dynamic Binary Analysis and Obfuscated Codes:

http://shell-storm.org/talks/sthack2016-rthomas-jsalwan.pdf

-349-How Triton may help to analyse obfuscated binaries:

http://triton.quarkslab.com/files/misc82-triton.pdf

-350-Triton: A Concolic Execution Framework:

http://shell-storm.org/talks/SSTIC2015_English_slide_detailed_version_Triton_Concolic_Execution_FrameWork_FSaudel_JSalwan.pdf

-351-Automatic deobfuscation of the Tigress binary protection using symbolic execution and LLVM:

https://github.com/JonathanSalwan/Tigress_protection

-352-What kind of semantics information Triton can provide?:

http://triton.quarkslab.com/blog/What-kind-of-semantics-information-Triton-can-provide/

-353-Code coverage using a dynamic symbolic execution:

http://triton.quarkslab.com/blog/Code-coverage-using-dynamic-symbolic-execution/

-354-Triton (concolic execution framework) under the hood:

http://triton.quarkslab.com/blog/first-approach-with-the-framework/

-355-- Stack and heap overflow detection at runtime via behavior analysis and Pin:

http://shell-storm.org/blog/Stack-and-heap-overflow-detection-at-runtime-via-behavior-analysis-and-PIN/

-356-Binary analysis: Concolic execution with Pin and z3:

http://shell-storm.org/blog/Binary-analysis-Concolic-execution-with-Pin-and-z3/

-357-In-Memory fuzzing with Pin:

http://shell-storm.org/blog/In-Memory-fuzzing-with-Pin/

-358-Hackover 2015 r150 (outdated solving for Triton use cases):

https://github.com/JonathanSalwan/Triton/blob/master/src/examples/python/ctf-writeups/hackover-ctf-2015-r150/solve.py

-359-Skip sh – Web Application Security Scanner for XSS, SQL Injection, Shell injection:

https://gbhackers.com/skipfish-web-application-security-scanner

-360-Sublist3r – Tool for Penetration testers to Enumerate Sub-domains:

https://gbhackers.com/sublist3r-penetration-testers

-361-bypassing application whitelisting with bginfo:

https://oddvar.moe/2017/05/18/bypassing-application-whitelisting-with-bginfo/

-362-accessing-clipboard-from-the-lock-screen-in-windows-10:

https://oddvar.moe/2017/01/24/accessing-clipboard-from-the-lock-screen-in-windows-10/

-363-bypassing-device-guard-umci-using-chm-cve-2017-8625:

https://oddvar.moe/2017/08/13/bypassing-device-guard-umci-using-chm-cve-2017-8625/

-364-defense-in-depth-writeup:

https://oddvar.moe/2017/09/13/defense-in-depth-writeup/

-365-applocker-case-study-how-insecure-is-it-really-part-1:

https://oddvar.moe/2017/12/13/applocker-case-study-how-insecure-is-it-really-part-1/

-366-empires-cross-platform-office-macro:

https://www.blackhillsinfosec.com/empires-cross-platform-office-macro/

-367-recon tools:

https://blackarch.org/recon.html

-368-Black Hat 2018 tools list:

https://medium.com/p/991fa38901da

-369-Application Introspection & Hooking With Frida:

https://www.fuzzysecurity.com/tutorials/29.html

-370-And I did OSCP!:

https://medium.com/p/589babbfea19

-371-CoffeeMiner: Hacking WiFi to inject cryptocurrency miner to HTML requests:

https://arnaucube.com/blog/coffeeminer-hacking-wifi-cryptocurrency-miner.html

-372-Most Important Endpoint Security & Threat Intelligence Tools List for Hackers and Security Professionals:

https://gbhackers.com/threat-intelligence-tools

-373-Penetration Testing Cheat Sheet For Windows Machine – Intrusion Detection:

https://techincidents.com/penetration-testing-cheat-sheet/

-374-privilege escalation:

https://toshellandback.com/category/privilege-escalation/

-375-The Complete List of Windows Post-Exploitation Commands (No Powershell):

https://medium.com/p/999b5433b61e

-376-The Art of Subdomain Enumeration:

https://blog.sweepatic.com/tag/subdomain-enumeration/

-377-The Principles of a Subdomain Takeover:

https://blog.sweepatic.com/subdomain-takeover-principles/

-378-The journey of Web Cache + Firewall Bypass to SSRF to AWS credentials compromise!:

https://medium.com/p/b250fb40af82

-379-The Solution for Web for Pentester-I:

https://medium.com/p/4c21b3ae9673

-380-The Ultimate Penetration Testing Command Cheat Sheet for Linux:

https://www.hackingloops.com/command-cheat-sheet-for-linux/

-381-: Ethical Hacking, Hack Tools, Hacking Tricks, Information Gathering, Penetration Testing, Recommended:

https://www.hackingloops.com/hacking-tricks/

-383-Introduction to Exploitation, Part 1: Introducing Concepts and Terminology:

https://www.hackingloops.com/exploitation-terminology/

-384-How Hackers Kick Victims Off of Wireless Networks:

https://www.hackingloops.com/kick-victims-off-of-wireless-networks/

-385-Maintaining Access Part 1: Introduction and Metasploit Example:

https://www.hackingloops.com/maintaining-access-metasploit/

-386-How to Steal Windows Credentials with Mimikatz and Metasploit:

https://www.hackingloops.com/mimikatz/

-387-Evading Anti-virus Part 2: Obfuscating Payloads with Msfvenom:

https://www.hackingloops.com/msfvenom/

-388-Evading Anti-virus Part 1: Infecting EXEs with Shellter:

https://www.hackingloops.com/evading-anti-virus-shellter/

-389-Mobile Hacking Part 4: Fetching Payloads via USB Rubber Ducky:

https://www.hackingloops.com/payloads-via-usb-rubber-ducky/

-390-Ethical Hacking Practice Test 6 – Footprinting Fundamentals Level1:

https://www.hackingloops.com/ethical-hacking-practice-test-6-footprinting-fundamentals-level1/

-391-Skip Cracking Responder Hashes and Relay Them:

https://threat.tevora.com/quick-tip-skip-cracking-responder-hashes-and-replay-them/

-392-Cracking NTLMv1 Handshakes with Crack.sh:

http://threat.tevora.com/quick-tip-crack-ntlmv1-handshakes-with-crack-sh/

-393-Top 3 Anti-Forensic OpSec Tips for Linux & A New Dead Man’s Switch:

https://medium.com/p/d5e92843e64a

-394-VNC Penetration Testing (Port 5901):

http://www.hackingarticles.in/vnc-penetration-testing

-395-Windows Privilege Escalation:

http://www.bhafsec.com/wiki/index.php/Windows_Privilege_Escalation

-396-Removing Sender’s IP Address From Email’s Received: From Header:

https://www.devside.net/wamp-server/removing-senders-ip-address-from-emails-received-from-header

-397-Dump Cleartext Password in Linux PC using MimiPenguin:

http://www.hackingarticles.in/dump-cleartext-password-linux-pc-using-mimipenguin

-398-Embedded Backdoor with Image using FakeImageExploiter:

http://www.hackingarticles.in/embedded-backdoor-image-using-fakeimageexploiter

-399-Exploit Command Injection Vulnearbility with Commix and Netcat:

http://www.hackingarticles.in/exploit-command-injection-vulnearbility-commix-netcat

-400-Exploiting Form Based Sql Injection using Sqlmap:

http://www.hackingarticles.in/exploiting-form-based-sql-injection-using-sqlmap

-401-Beginner Guide to impacket Tool kit:

http://www.hackingarticles.in/beginner-guide-to-impacket-tool-kit

-402-Best of Post Exploitation Exploits & Tricks:

http://www.hackingarticles.in/best-of-post-exploitation-exploits-tricks

-403-Command Injection to Meterpreter using Commix:

http://www.hackingarticles.in/command-injection-meterpreter-using-commix

-404-Comprehensive Guide to Crunch Tool:

http://www.hackingarticles.in/comprehensive-guide-to-crunch-tool

-405-Compressive Guide to File Transfer (Post Exploitation):

http://www.hackingarticles.in/compressive-guide-to-file-transfer-post-exploitation

-406-Crack Wifi Password using Aircrack-Ng (Beginner’s Guide):

http://www.hackingarticles.in/crack-wifi-password-using-aircrack-ng

-407-How to Detect Meterpreter in Your PC:

http://www.hackingarticles.in/detect-meterpreter-pc

-408-Easy way to Hack Database using Wizard switch in Sqlmap:

http://www.hackingarticles.in/easy-way-hack-database-using-wizard-switch-sqlmap

-409-Exploiting the Webserver using Sqlmap and Metasploit (OS-Pwn):

http://www.hackingarticles.in/exploiting-webserver-using-sqlmap-metasploit-os-pwn

-410-Create SSL Certified Meterpreter Payload using MPM:

http://www.hackingarticles.in/exploit-remote-pc-ssl-certified-meterpreter-payload-using-mpm

-411-Port forwarding: A practical hands-on guide:

https://www.abatchy.com/2017/01/port-forwarding-practical-hands-on-guide

-412-Exploit Dev 101: Jumping to Shellcode:

https://www.abatchy.com/2017/05/jumping-to-shellcode.html

-413-Introduction to Manual Backdooring:

https://www.abatchy.com/2017/05/introduction-to-manual-backdooring_24.html

-414-Kernel Exploitation:

https://www.abatchy.com/2018/01/kernel-exploitation-1

-415-Exploit Dev 101: Bypassing ASLR on Windows:

https://www.abatchy.com/2017/06/exploit-dev-101-bypassing-aslr-on.html

-416-Shellcode reduction tips (x86):

https://www.abatchy.com/2017/04/shellcode-reduction-tips-x86

-417-OSCE Study Plan:

https://www.abatchy.com/2017/03/osce-study-plan

-418-[DefCamp CTF Qualification 2017] Don't net, kids! (Revexp 400):

https://www.abatchy.com/2017/10/defcamp-dotnot

-419-DRUPAL 7.X SERVICES MODULE UNSERIALIZE() TO RCE:

https://www.ambionics.io/

-420-SQL VULNERABLE WEBSITES LIST 2017 [APPROX 2500 FRESH SQL VULNERABLE SITES]:

https://www.cityofhackerz.com/sql-vulnerable-websites-list-2017

-421-Windows IR Live Forensics Cheat Sheet:

https://www.cheatography.com/tag/forensics/

-422-windows-kernel-logic-bug-class-access:

https://googleprojectzero.blogspot.com/2019/03/windows-kernel-logic-bug-class-access.html

-423-injecting-code-into-windows-protected:

https://googleprojectzero.blogspot.com/2018/11/injecting-code-into-windows-protected.html

-424-USING THE DDE ATTACK WITH POWERSHELL EMPIRE:

https://1337red.wordpress.com/using-the-dde-attack-with-powershell-empire

-425-Automated Derivative Administrator Search:

https://wald0.com/?p=14

-426-A Red Teamer’s Guide to GPOs and OUs:

https://wald0.com/?p=179

-427-Pen Testing and Active Directory, Part VI: The Final Case:

https://blog.varonis.com/pen-testing-active-directory-part-vi-final-case/

-428-Offensive Tools and Techniques:

https://www.sec.uno/2017/03/01/offensive-tools-and-techniques/

-429-Three penetration testing tips to out-hack hackers:

http://infosechotspot.com/three-penetration-testing-tips-to-out-hack-hackers-betanews/

-430-Introducing BloodHound:

https://wald0.com/?p=68

-431-Red + Blue = Purple:

http://www.blackhillsinfosec.com/?p=5368

-432-Active Directory Access Control List – Attacks and Defense – Enterprise Mobility and Security Blog:

https://blogs.technet.microsoft.com/enterprisemobility/2017/09/18/active-directory-access-control-list-attacks-and-defense/

-433-PrivEsc: Unquoted Service Path:

https://www.gracefulsecurity.com/privesc-unquoted-service-path/

-434-PrivEsc: Insecure Service Permissions:

https://www.gracefulsecurity.com/privesc-insecure-service-permissions/

-435-PrivEsc: DLL Hijacking:

https://www.gracefulsecurity.com/privesc-dll-hijacking/

-436-Android Reverse Engineering 101 – Part 1:

http://www.fasteque.com/android-reverse-engineering-101-part-1/

-437-Luckystrike: An Evil Office Document Generator:

https://www.shellntel.com/blog/2016/9/13/luckystrike-a-database-backed-evil-macro-generator

-438-the-number-one-pentesting-tool-youre-not-using:

https://www.shellntel.com/blog/2016/8/3/the-number-one-pentesting-tool-youre-not-using

-439-uac-bypass:

http://www.securitynewspaper.com/tag/uac-bypass/

-440-XSSer – Automated Framework Tool to Detect and Exploit XSS vulnerabilities:

https://gbhackers.com/xsser-automated-framework-detectexploit-report-xss-vulnerabilities

-441-Penetration Testing on X11 Server:

http://www.hackingarticles.in/penetration-testing-on-x11-server

-442-Always Install Elevated:

https://pentestlab.blog/2017/02/28/always-install-elevated

-443-Scanning for Active Directory Privileges & Privileged Accounts:

https://adsecurity.org/?p=3658

-444-Windows Server 2016 Active Directory Features:

https://adsecurity.org/?p=3646

-445-powershell:

https://adsecurity.org/?tag=powershell

-446-PowerShell Security: PowerShell Attack Tools, Mitigation, & Detection:

https://adsecurity.org/?p=2921

-447-DerbyCon 6 (2016) Talk – Attacking EvilCorp: Anatomy of a Corporate Hack:

https://adsecurity.org/?p=3214

-448-Real-World Example of How Active Directory Can Be Compromised (RSA Conference Presentation):

https://adsecurity.org/?p=2085

-449-Advanced ATM Penetration Testing Methods:

https://gbhackers.com/advanced-atm-penetration-testing-methods

-450-Background: Microsoft Ofice Exploitation:

https://rhinosecuritylabs.com/research/abusing-microsoft-word-features-phishing-subdoc/

-451-Automated XSS Finder:

https://medium.com/p/4236ed1c6457

-452-Application whitelist bypass using XLL and embedded shellcode:

https://rileykidd.com/.../application-whitelist-bypass-using-XLL-and-embedded-shellc

-453-AppLocker Bypass – Regsvr32:

https://pentestlab.blog/2017/05/11/applocker-bypass-regsvr32

-454-Nmap Scans using Hex Value of Flags:

http://www.hackingarticles.in/nmap-scans-using-hex-value-flags

-455-Nmap Scan with Timing Parameters:

http://www.hackingarticles.in/nmap-scan-with-timing-parameters

-456-OpenSSH User Enumeration Time- Based Attack with Osueta:

http://www.hackingarticles.in/openssh-user-enumeration-time-based-attack-osueta

-457-Penetration Testing:

http://www.hackingarticles.in/web-penetration-testing/

-458-Penetration Testing on Remote Desktop (Port 3389):

http://www.hackingarticles.in/penetration-testing-remote-desktop-port-3389

-459-Penetration Testing on Telnet (Port 23):

http://www.hackingarticles.in/penetration-testing-telnet-port-23

-460-Penetration Testing in Windows/Active Directory with Crackmapexec:

http://www.hackingarticles.in/penetration-testing-windowsactive-directory-crackmapexec

-461-Penetration Testing in WordPress Website using WordPress Exploit Framework:

http://www.hackingarticles.in/penetration-testing-wordpress-website-using-wordpress-exploit-framework

-462-Port Scanning using Metasploit with IPTables:

http://www.hackingarticles.in/port-scanning-using-metasploit-iptables

-463-Post Exploitation Using WMIC (System Command):

http://www.hackingarticles.in/post-exploitation-using-wmic-system-command

-464-Privilege Escalation in Linux using etc/passwd file:

http://www.hackingarticles.in/privilege-escalation-in-linux-using-etc-passwd-file

-465-RDP Pivoting with Metasploit:

http://www.hackingarticles.in/rdp-pivoting-metasploit

-466-A New Way to Hack Remote PC using Xerosploit and Metasploit:

http://www.hackingarticles.in/new-way-hack-remote-pc-using-xerosploit-metasploit

-467-Shell to Meterpreter using Session Command:

http://www.hackingarticles.in/shell-meterpreter-using-session-command

-468-SMTP Pentest Lab Setup in Ubuntu (Port 25):

http://www.hackingarticles.in/smtp-pentest-lab-setup-ubuntu

-469-SNMP Lab Setup and Penetration Testing:

http://www.hackingarticles.in/snmp-lab-setup-and-penetration-testing

-470-SQL Injection Exploitation in Multiple Targets using Sqlmap:

http://www.hackingarticles.in/sql-injection-exploitation-multiple-targets-using-sqlmap

-471-Sql Injection Exploitation with Sqlmap and Burp Suite (Burp CO2 Plugin):

http://www.hackingarticles.in/sql-injection-exploitation-sqlmap-burp-suite-burp-co2-plugin

-472-SSH Penetration Testing (Port 22):

http://www.hackingarticles.in/ssh-penetration-testing-port-22

-473-Manual Post Exploitation on Windows PC (System Command):

http://www.hackingarticles.in/manual-post-exploitation-windows-pc-system-command

-474-SSH Pivoting using Meterpreter:

http://www.hackingarticles.in/ssh-pivoting-using-meterpreter

-475-Stealing Windows Credentials of Remote PC with MS Office Document:

http://www.hackingarticles.in/stealing-windows-credentials-remote-pc-ms-office-document

-476-Telnet Pivoting through Meterpreter:

http://www.hackingarticles.in/telnet-pivoting-meterpreter

-477-Hack Password using Rogue Wi-Fi Access Point Attack (WiFi-Pumpkin):

http://www.hackingarticles.in/hack-password-using-rogue-wi-fi-access-point-attack-wifi-pumpkin

-478-Hack Remote PC using Fake Updates Scam with Ettercap and Metasploit:

http://www.hackingarticles.in/hack-remote-pc-using-fake-updates-scam-with-ettercap-and-metasploit

-479-Hack Remote Windows 10 Password in Plain Text using Wdigest Credential Caching Exploit:

http://www.hackingarticles.in/hack-remote-windows-10-password-plain-text-using-wdigest-credential-caching-exploit

-480-Hack Remote Windows 10 PC using TheFatRat:

http://www.hackingarticles.in/hack-remote-windows-10-pc-using-thefatrat

-481-2 Ways to Hack Windows 10 Password Easy Way:

http://www.hackingarticles.in/hack-windows-10-password-easy-way

-482-How to Change ALL Files Extension in Remote PC (Confuse File Extensions Attack):

http://www.hackingarticles.in/how-to-change-all-files-extension-in-remote-pc-confuse-file-extensions-attack

-483-How to Delete ALL Files in Remote Windows PC:

http://www.hackingarticles.in/how-to-delete-all-files-in-remote-windows-pc-2

-484-How to Encrypt Drive of Remote Victim PC:

http://www.hackingarticles.in/how-to-encrypt-drive-of-remote-victim-pc

-485-Post Exploitation in Linux With Metasploit:

https://pentestlab.blog/2013/01/04/post-exploitation-in-linux-with-metasploit

-486-Red Team:

https://posts.specterops.io/tagged/red-team?source=post

-487-Code Signing Certi cate Cloning Attacks and Defenses:

https://posts.specterops.io/tagged/code-signing?source=post

-488-Phishing:

https://posts.specterops.io/tagged/phishing?source=post

-489-PowerPick – A ClickOnce Adjunct:

http://www.sixdub.net/?p=555

-490-sql-injection-xss-playground:

https://ired.team/offensive-security-experiments/offensive-security-cheetsheets/sql-injection-xss-playground

-491-Privilege Escalation & Post-Exploitation:

https://github.com/rmusser01/Infosec_Reference/raw/master/Draft/Privilege%20Escalation%20%26%20Post-Exploitation.md

-492-https-payload-and-c2-redirectors:

https://posts.specterops.io/https-payload-and-c2-redirectors-ff8eb6f87742?source=placement_card_footer_grid---------2-41

-493-a-push-toward-transparency:

https://posts.specterops.io/a-push-toward-transparency-c385a0dd1e34?source=placement_card_footer_grid---------0-41

-494-bloodhound:

https://posts.specterops.io/tagged/bloodhound?source=post

-495-active directory:

https://posts.specterops.io/tagged/active-directory?source=post

-496-Load & Execute Bundles with migrationTool:

https://posts.specterops.io/load-execute-bundles-with-migrationtool-f952e276e1a6?source=placement_card_footer_grid---------1-41

-497-Outlook Forms and Shells:

https://sensepost.com/blog/2017/outlook-forms-and-shells/

-498-Tools:

https://sensepost.com/blog/tools/

-499-2018 pentesting resources:

https://sensepost.com/blog/2018/

-500-network pentest:

https://securityonline.info/category/penetration-testing/network-pentest/

-501-[technical] Pen-testing resources:

https://medium.com/p/cd01de9036ad

-502-Stored XSS on Facebook:

https://opnsec.com/2018/03/stored-xss-on-facebook/

-503-vulnerabilities:

https://www.brokenbrowser.com/category/vulnerabilities/

-504-Extending BloodHound: Track and Visualize Your Compromise:

https://porterhau5.com/.../extending-bloodhound-track-and-visualize-your-compromise

-505-so-you-want-to-be-a-web-security-researcher:

https://portswigger.net/blog/so-you-want-to-be-a-web-security-researcher

-506-BugBounty — AWS S3 added to my “Bucket” list!:

https://medium.com/p/f68dd7d0d1ce

-507-BugBounty — API keys leakage, Source code disclosure in India’s largest e-commerce health care company:

https://medium.com/p/c75967392c7e

-508-BugBounty — Exploiting CRLF Injection can lands into a nice bounty:

https://medium.com/p/159525a9cb62

-509-BugBounty — How I was able to bypass rewall to get RCE and then went from server shell to get root user account:

https://medium.com/p/783f71131b94

-510-BugBounty — “I don’t need your current password to login into youraccount” - How could I completely takeover any user’s account in an online classi ed ads company:

https://medium.com/p/e51a945b083d

-511-Ping Power — ICMP Tunnel:

https://medium.com/bugbountywriteup/ping-power-icmp-tunnel-31e2abb2aaea?source=placement_card_footer_grid---------1-41

-512-hacking:

https://www.nextleveltricks.com/hacking/

-513-Top 8 Best YouTube Channels To Learn Ethical Hacking Online !:

https://www.nextleveltricks.com/youtube-channels-to-learn-hacking/

-514-Google Dorks List 2018 | Fresh Google Dorks 2018 for SQLi:

https://www.nextleveltricks.com/latest-google-dorks-list/

-515-Art of Shellcoding: Basic AES Shellcode Crypter:

http://www.nipunjaswal.com/2018/02/shellcode-crypter.html

-516-Big List Of Google Dorks Hacking:

https://xspiyr.wordpress.com/2012/09/05/big-list-of-google-dorks-hacking/

-517-nmap-cheatsheet:

https://bitrot.sh/cheatsheet/09-12-2017-nmap-cheatsheet/

-518-Aws Recon:

https://enciphers.com/tag/aws-recon/

-519-Recon:

https://enciphers.com/tag/recon/

-520-Subdomain Enumeration:

https://enciphers.com/tag/subdomain-enumeration/

-521-Shodan:

https://enciphers.com/tag/shodan/

-522-Dump LAPS passwords with ldapsearch:

https://malicious.link/post/2017/dump-laps-passwords-with-ldapsearch/

-523-peepdf - PDF Analysis Tool:

http://eternal-todo.com/tools/peepdf-pdf-analysis-tool

-524-Evilginx 2 - Next Generation of Phishing 2FA Tokens:

breakdev.org/evilginx-2-next-generation-of-phishing-2fa-tokens/

-526-Evil XML with two encodings:

https://mohemiv.com/all/evil-xml/

-527-create-word-macros-with-powershell:

https://4sysops.com/archives/create-word-macros-with-powershell/

-528-Excess XSS A comprehensive tutorial on cross-site scripting:

https://excess-xss.com/

-529-Executing Commands and Bypassing AppLocker with PowerShell Diagnostic Scripts:

https://bohops.com/2018/01/07/executing-commands-and-bypassing-applocker-with-powershell-diagnostic-scripts/

-530-Abusing DCOM For Yet Another Lateral Movement Technique:

https://bohops.com/2018/04/28/abusing-dcom-for-yet-another-lateral-movement-technique/

-531-Trust Direction: An Enabler for Active Directory Enumeration and Trust Exploitation:

https://bohops.com/2017/12/02/trust-direction-an-enabler-for-active-directory-enumeration-and-trust-exploitation/

-532-Abusing DCOM For Yet Another Lateral Movement Technique:

https://bohops.com/2018/04/28/abusing-dcom-for-yet-another-lateral-movement-technique/

-533-“Practical recon techniques for bug hunters & pen testers”:

https://blog.appsecco.com/practical-recon-techniques-for-bug-hunters-pen-testers-at-levelup-0x02-b72c15641972?source=placement_card_footer_grid---------2-41

-534-Exploiting Node.js deserialization bug for Remote Code Execution:

https://opsecx.com/index.php/2017/02/08/exploiting-node-js-deserialization-bug-for-remote-code-execution/

-535-Exploiting System Shield AntiVirus Arbitrary Write Vulnerability using SeTakeOwnershipPrivilege:

http://www.greyhathacker.net/?p=1006

-536-Running Macros via ActiveX Controls:

http://www.greyhathacker.net/?p=948

-537-all=BUG+MALWARE+EXPLOITS

http://www.greyhathacker.net/?cat=18

-538-“FILELESS” UAC BYPASS USING EVENTVWR.EXE AND:

https://enigma0x3.net/2016/08/15/fileless-uac-bypass-using-eventvwr-exe-and-registry-hijacking

-539-BYPASSING UAC ON WINDOWS 10 USING DISK CLEANUP:

https://enigma0x3.net/2016/07/22/bypassing-uac-on-windows-10-using-disk-cleanup/

-540-A Look at CVE-2017-8715: Bypassing CVE-2017-0218 using PowerShell Module Manifests:

https://enigma0x3.net/2017/11/06/a-look-at-cve-2017-8715-bypassing-cve-2017-0218-using-powershell-module-manifests/

-541-“FILELESS” UAC BYPASS USING SDCLT.EXE:

https://enigma0x3.net/2017/03/17/fileless-uac-bypass-using-sdclt-exe

-542-File Upload XSS:

https://medium.com/p/83ea55bb9a55

-543-Firebase Databases:

https://medium.com/p/f651a7d49045

-544-Safe Red Team Infrastructure:

https://medium.com/@malcomvetter/safe-red-team-infrastructure-c5d6a0f13fac

-545-RED-TEAM:

https://cybersyndicates.com/tags/red-team/

-546-Egressing Bluecoat with Cobaltstike & Let's Encrypt:

https://www.youtube.com/watch?v=cgwfjCmKQwM

-547-Veil-Evasion:

https://cybersyndicates.com/tags/veil-evasion/

-548-Dangerous Virus For Windows Crashes Everything Hack window Using Virus:

http://thelearninghacking.com/create-virus-hack-windows/

-549-Download Google Dorks List 2019:

https://medium.com/p/323c8067502c

-550-Don’t leak sensitive data via security scanning tools:

https://medium.com/p/7d1f715f0486

-551-CRLF Injection Into PHP’s cURL Options:

https://medium.com/@tomnomnom/crlf-injection-into-phps-curl-options-e2e0d7cfe545?source=placement_card_footer_grid---------0-60

-552-Open Redirects & Security Done Right!:

https://medium.com/@AkshaySharmaUS/open-redirects-security-done-right-e524a3185496?source=placement_card_footer_grid---------2-60

-553-DOM XSS – auth.uber.com:

https://stamone-bug-bounty.blogspot.com/2017/10/dom-xss-auth_14.html

-554-PowerPoint and Custom Actions:

https://cofense.com/powerpoint-and-custom-actions/

-555-exploiting-adobe-coldfusion:

https://codewhitesec.blogspot.com/2018/03/exploiting-adobe-coldfusion.html

-556-Command and Control – HTTPS:

https://pentestlab.blog/2017/10/04/command-and-control-https

-557-Command and Control – Images:

https://pentestlab.blog/2018/01/02/command-and-control-images

-558-Command and Control – JavaScript:

https://pentestlab.blog/2018/01/08/command-and-control-javascript

-559-XSS-Payloads:

https://github.com/Pgaijin66/XSS-Payloads

-560-Command and Control – Web Interface:

https://pentestlab.blog/2018/01/03/command-and-control-web-interface

-561-Command and Control – Website:

https://pentestlab.blog/2017/11/14/command-and-control-website

-562-Command and Control – WebSocket:

https://pentestlab.blog/2017/12/06/command-and-control-websocket

-563-atomic-red-team:

https://github.com/redcanaryco/atomic-red-team

-564-PowerView-3.0-tricks.ps1:

https://gist.github.com/HarmJ0y/184f9822b195c52dd50c379ed3117993

-565-awesome-sec-talks:

https://github.com/PaulSec/awesome-sec-talks

-566-Awesome-Red-Teaming:

https://github.com/yeyintminthuhtut/Awesome-Red-Teaming

-567-awesome-php:

https://github.com/ziadoz/awesome-php

-568-latest-hacks:

https://hackercool.com/latest-hacks/

-569-GraphQL NoSQL Injection Through JSON Types:

http://www.east5th.co/blog/2017/06/12/graphql-nosql-injection-through-json-types/

-570-Writing .NET Executables for Pentesters:

https://www.peew.pw/blog/2017/12/4/writing-net-executables-for-penteters-part-2

-571-A curated list of fuzzing resources ( Books, courses - free and paid, videos, tools, tutorials and vulnerable applications to practice on ) for learning Fuzzing and initial phases of Exploit Development like root cause analysis.

https://github.com/secfigo/Awesome-Fuzzing

-572-How to Shutdown, Restart, Logoff, and Hibernate Remote Windows PC:

http://www.hackingarticles.in/how-to-shutdown-restart-logoff-and-hibernate-remote-windows-pc

-572-Injecting Metasploit Payloads into Android Applications – Manually:

https://pentestlab.blog/2017/06/26/injecting-metasploit-payloads-into-android-applications-manually

-573-Google Dorks For Carding [Huge List] - Part 1:

https://hacker-arena.blogspot.com/2014/03/google-dorks-for-carding-huge-list-part.html

-574-Google dorks for growth hackers:

https://medium.com/p/7f83c8107057

-575-Google Dorks For Carding (HUGE LIST):

https://leetpedia.blogspot.com/2013/01/google-dorks-for-carding-huge-list.html

-576-BIGGEST SQL Injection Dorks List ~ 20K+ Dorks:

https://leetpedia.blogspot.com/2013/05/biggest-sql-injection-dorks-list-20k.html

-577-Pastebin Accounts Hacking (Facebook/Paypal/LR/Gmail/Yahoo, etc):

https://leetpedia.blogspot.com/2013/01/pastebin-accounts-hacking.html

-578-How I Chained 4 vulnerabilities on GitHub Enterprise, From SSRF Execution Chain to RCE!:

http://blog.orange.tw/2017/07/how-i-chained-4-vulnerabilities-on.html

-579-Hijacking VNC (Enum, Brute, Access and Crack):

https://medium.com/p/d3d18a4601cc

-580-Linux Post Exploitation Command List:

https://github.com/mubix/post-exploitation/wiki

-581-List of google dorks for sql injection:

https://deadlyhacker.wordpress.com/2013/05/09/list-of-google-dorks-for-sql-injection/

-582-Microsoft Office – NTLM Hashes via Frameset:

https://pentestlab.blog/2017/12/18/microsoft-office-ntlm-hashes-via-frameset

-583-Microsoft Windows 10 - Child Process Restriction Mitigation Bypass:

https://www.exploit-db.com/download/44888.txt

-584-Microsoft Windows CVE-2018-8210 Remote Code Execution Vulnerability:

https://www.securityfocus.com/bid/104407

-585-Microsoft Windows Kernel CVE-2018-0982 Local Privilege Escalation Vulnerability:

https://www.securityfocus.com/bid/104382

-586-miSafes Mi-Cam Device Hijacking:

https://packetstormsecurity.com/files/146504/SA-20180221-0.txt

-587-Low-Level Windows API Access From PowerShell:

https://www.fuzzysecurity.com/tutorials/24.html

-588-Linux Kernel 'mm/hugetlb.c' Local Denial of Service Vulnerability:

https://www.securityfocus.com/bid/103316

-589-Lateral Movement – RDP:

https://pentestlab.blog/2018/04/24/lateral-movement-rdp/

-590-Snagging creds from locked machines:

https://malicious.link/post/2016/snagging-creds-from-locked-machines/

-591-Making a Blind SQL Injection a Little Less Blind:

https://medium.com/p/428dcb614ba8

-592-VulnHub — Kioptrix: Level 5:

https://medium.com/@bondo.mike/vulnhub-kioptrix-level-5-88ab65146d48?source=placement_card_footer_grid---------1-60

-593-Unauthenticated Account Takeover Through HTTP Leak:

https://medium.com/p/33386bb0ba0b

-594-Hakluke’s Ultimate OSCP Guide: Part 1 — Is OSCP for you?:

https://medium.com/@hakluke/haklukes-ultimate-oscp-guide-part-1-is-oscp-for-you-b57cbcce7440?source=placement_card_footer_grid---------2-43

-595-Finding Target-relevant Domain Fronts:

https://medium.com/@vysec.private/finding-target-relevant-domain-fronts-7f4ad216c223?source=placement_card_footer_grid---------0-44

-596-Safe Red Team Infrastructure:

https://medium.com/@malcomvetter/safe-red-team-infrastructure-c5d6a0f13fac?source=placement_card_footer_grid---------1-60

-597-Cobalt Strike Visualizations:

https://medium.com/@001SPARTaN/cobalt-strike-visualizations-e6a6e841e16b?source=placement_card_footer_grid---------2-60

-598-OWASP Top 10 2017 — Web Application Security Risks:

https://medium.com/p/31f356491712

-599-XSS-Auditor — the protector of unprotected:

https://medium.com/bugbountywriteup/xss-auditor-the-protector-of-unprotected-f900a5e15b7b?source=placement_card_footer_grid---------0-60

-600-Netcat vs Cryptcat – Remote Shell to Control Kali Linux from Windows machine:

https://gbhackers.com/netcat-vs-cryptcat

-601-Jenkins Servers Infected With Miner.:

https://medium.com/p/e370a900ab2e

-602-cheat-sheet:

http://pentestmonkey.net/category/cheat-sheet

-603-Command and Control – Website Keyword:

https://pentestlab.blog/2017/09/14/command-and-control-website-keyword/

-604-Command and Control – Twitter:

https://pentestlab.blog/2017/09/26/command-and-control-twitter/

-605-Command and Control – Windows COM:

https://pentestlab.blog/2017/09/01/command-and-control-windows-com/

-606-Microsoft Office – NTLM Hashes via Frameset:

https://pentestlab.blog/2017/12/18/microsoft-office-ntlm-hashes-via-frameset/

-607-PHISHING AGAINST PROTECTED VIEW:

https://enigma0x3.net/2017/07/13/phishing-against-protected-view/

-608-PHISHING WITH EMPIRE:

https://enigma0x3.net/2016/03/15/phishing-with-empire/

-609-Reverse Engineering Android Applications:

https://pentestlab.blog/2017/02/06/reverse-engineering-android-applications/

-610-HTML Injection:

https://pentestlab.blog/2013/06/26/html-injection/

-611-Meterpreter stage AV/IDS evasion with powershell:

https://arno0x0x.wordpress.com/2016/04/13/meterpreter-av-ids-evasion-powershell/

-612-Windows Atomic Tests by ATT&CK Tactic & Technique:

https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/windows-index.md

-613-Windows Active Directory Post Exploitation Cheatsheet:

https://medium.com/p/48c2bd70388

-614-Windows 10 UAC Loophole Can Be Used to Infect Systems with Malware:

http://news.softpedia.com/news/windows-10-uac-loophole-can-be-used-to-infect-systems-with-malware-513996.shtml

-615-How to Bypass Anti-Virus to Run Mimikatz:

https://www.blackhillsinfosec.com/bypass-anti-virus-run-mimikatz/

-616-Userland API Monitoring and Code Injection Detection:

https://0x00sec.org/t/userland-api-monitoring-and-code-injection-detection/5565

-617-USE TOR. USE EMPIRE.:

http://secureallthethings.blogspot.com/2016/11/use-tor-use-empire.html

-617-ADVANCED CROSS SITE SCRIPTING (XSS) CHEAT SHEET:

https://www.muhaddis.info/advanced-cross-site-scripting-xss-cheat-sheet/

-618-Empire without PowerShell.exe:

https://bneg.io/2017/07/26/empire-without-powershell-exe/

-619-RED TEAM:

https://bneg.io/category/red-team/

-620-PDF Tools:

https://blog.didierstevens.com/programs/pdf-tools/

-621-DNS Data ex ltration — What is this and How to use?

https://blog.fosec.vn/dns-data-exfiltration-what-is-this-and-how-to-use-2f6c69998822

-621-Google Dorks:

https://medium.com/p/7cfd432e0cf3

-622-Hacking with JSP Shells:

https://blog.netspi.com/hacking-with-jsp-shells/

-623-Malware Analysis:

https://github.com/RPISEC/Malware/raw/master/README.md

-624-A curated list of Capture The Flag (CTF) frameworks, libraries, resources and softwares.:

https://github.com/SandySekharan/CTF-tool

-625-Group Policy Preferences:

https://pentestlab.blog/2017/03/20/group-policy-preferences

-627-CHECKING FOR MALICIOUSNESS IN AC OFORM OBJECTS ON PDF FILES:

https://furoner.wordpress.com/2017/11/15/checking-for-maliciousness-in-acroform-objects-on-pdf-files

-628-deobfuscation:

https://furoner.wordpress.com/tag/deobfuscation/

-629-POWERSHELL EMPIRE STAGERS 1: PHISHING WITH AN OFFICE MACRO AND EVADING AVS:

https://fzuckerman.wordpress.com/2016/10/06/powershell-empire-stagers-1-phishing-with-an-office-macro-and-evading-avs/

-630-A COMPREHENSIVE TUTORIAL ON CROSS-SITE SCRIPTING:

https://fzuckerman.wordpress.com/2016/10/06/a-comprehensive-tutorial-on-cross-site-scripting/

-631-GCAT – BACKDOOR EM PYTHON:

https://fzuckerman.wordpress.com/2016/10/06/gcat-backdoor-em-python/

-632-Latest Carding Dorks List for Sql njection 2019:

https://latestechnews.com/carding-dorks/

-633-google docs for credit card:

https://latestechnews.com/tag/google-docs-for-credit-card/

-634-How To Scan Multiple Organizations With Shodan and Golang (OSINT):

https://medium.com/p/d994ba6a9587

-635-How to Evade Application Whitelisting Using REGSVR32:

https://www.blackhillsinfosec.com/evade-application-whitelisting-using-regsvr32/

-636-phishing:

https://www.blackhillsinfosec.com/tag/phishing/

-637-Merlin in action: Intro to Merlin:

https://asciinema.org/a/ryljo8qNjHz1JFcFDK7wP6e9I

-638-IP Cams from around the world:

https://medium.com/p/a6f269f56805

-639-Advanced Cross Site Scripting(XSS) Cheat Sheet by Jaydeep Dabhi:

https://jaydeepdabhi.wordpress.com/2016/01/12/advanced-cross-site-scriptingxss-cheat-sheet-by-jaydeep-dabhi/

-640-Just how easy it is to do a domain or subdomain take over!?:

https://medium.com/p/265d635b43d8

-641-How to Create hidden user in Remote PC:

http://www.hackingarticles.in/create-hidden-remote-metaspolit

-642-Process Doppelgänging – a new way to impersonate a process:

https://hshrzd.wordpress.com/2017/12/18/process-doppelganging-a-new-way-to-impersonate-a-process/

-643-How to turn a DLL into astandalone EXE:

https://hshrzd.wordpress.com/2016/07/21/how-to-turn-a-dll-into-a-standalone-exe/

-644-Hijacking extensions handlers as a malware persistence method:

https://hshrzd.wordpress.com/2017/05/25/hijacking-extensions-handlers-as-a-malware-persistence-method/

-645-I'll Get Your Credentials ... Later!:

https://www.fuzzysecurity.com/tutorials/18.html

-646-Game Over: CanYouPwnMe > Kevgir-1:

https://www.fuzzysecurity.com/tutorials/26.html

-647-IKARUS anti.virus and its 9 exploitable kernel vulnerabilities:

http://www.greyhathacker.net/?p=995

-648-Getting started in Bug Bounty:

https://medium.com/p/7052da28445a

-649-Union SQLi Challenges (Zixem Write-up):

https://medium.com/ctf-writeups/union-sqli-challenges-zixem-write-up-4e74ad4e88b4?source=placement_card_footer_grid---------2-60

-650-scanless – A Tool for Perform Anonymous Port Scan on Target Websites:

https://gbhackers.com/scanless-port-scans-websites-behalf

-651-WEBAPP PENTEST:

https://securityonline.info/category/penetration-testing/webapp-pentest/

-652-Cross-Site Scripting (XSS) Payloads:

https://securityonline.info/tag/cross-site-scripting-xss-payloads/

-653-sg1: swiss army knife for data encryption, exfiltration & covert communication:

https://securityonline.info/tag/sg1/

-654-NETWORK PENTEST:

https://securityonline.info/category/penetration-testing/network-pentest/

-655-SQL injection in an UPDATE query - a bug bounty story!:

https://zombiehelp54.blogspot.com/2017/02/sql-injection-in-update-query-bug.html

-656-Cross-site Scripting:

https://www.netsparker.com/blog/web-security/cross-site-scripting-xss/

-657-Local File Inclusion:

https://www.netsparker.com/blog/web-security/local-file-inclusion-vulnerability/

-658-Command Injection:

https://www.netsparker.com/blog/web-security/command-injection-vulnerability/

-659-a categorized list of Windows CMD commands:

https://ss64.com/nt/commands.html

-660-Understanding Guide for Nmap Timing Scan (Firewall Bypass):

http://www.hackingarticles.in/understanding-guide-nmap-timing-scan-firewall-bypass

-661-RFID Hacking with The Proxmark 3:

https://blog.kchung.co/tag/rfid/

-662-A practical guide to RFID badge copying:

https://blog.nviso.be/2017/01/11/a-practical-guide-to-rfid-badge-copying

-663-Denial of Service using Cookie Bombing:

https://medium.com/p/55c2d0ef808c

-664-Vultr Domain Hijacking:

https://vincentyiu.co.uk/red-team/cloud-security/vultr-domain-hijacking

-665-Command and Control:

https://vincentyiu.co.uk/red-team/domain-fronting

-666-Cisco Auditing Tool & Cisco Global Exploiter to Exploit 14 Vulnerabilities in Cisco Switches and Routers:

https://gbhackers.com/cisco-global-exploiter-cge

-667-CHECKING FOR MALICIOUSNESS IN ACROFORM OBJECTS ON PDF FILES:

https://furoner.wordpress.com/2017/11/15/checking-for-maliciousness-in-acroform-objects-on-pdf-files

-668-Situational Awareness:

https://pentestlab.blog/2018/05/28/situational-awareness/

-669-Unquoted Service Path:

https://pentestlab.blog/2017/03/09/unquoted-service-path

-670-NFS:

https://pentestacademy.wordpress.com/2017/09/20/nfs/

-671-List of Tools for Pentest Rookies:

https://pentestacademy.wordpress.com/2016/09/20/list-of-tools-for-pentest-rookies/

-672-Common Windows Commands for Pentesters:

https://pentestacademy.wordpress.com/2016/06/21/common-windows-commands-for-pentesters/

-673-Open-Source Intelligence (OSINT) Reconnaissance:

https://medium.com/p/75edd7f7dada

-674-OSINT x UCCU Workshop on Open Source Intelligence:

https://www.slideshare.net/miaoski/osint-x-uccu-workshop-on-open-source-intelligence

-675-Advanced Attack Techniques:

https://www.cyberark.com/threat-research-category/advanced-attack-techniques/

-676-Credential Theft:

https://www.cyberark.com/threat-research-category/credential-theft/

-678-The Cloud Shadow Admin Threat: 10 Permissions to Protect:

https://www.cyberark.com/threat-research-blog/cloud-shadow-admin-threat-10-permissions-protect/

-679-Online Credit Card Theft: Today’s Browsers Store Sensitive Information Deficiently, Putting User Data at Risk:

https://www.cyberark.com/threat-research-blog/online-credit-card-theft-todays-browsers-store-sensitive-information-deficiently-putting-user-data-risk/

-680-Weakness Within: Kerberos Delegation:

https://www.cyberark.com/threat-research-blog/weakness-within-kerberos-delegation/

-681-Simple Domain Fronting PoC with GAE C2 server:

https://www.securityartwork.es/2017/01/31/simple-domain-fronting-poc-with-gae-c2-server/

-682-Find Critical Information about a Host using DMitry:

https://www.thehackr.com/find-critical-information-host-using-dmitry/

-683-How To Do OS Fingerprinting In Kali Using Xprobe2:

http://disq.us/?url=http%3A%2F%2Fwww.thehackr.com%2Fos-fingerprinting-kali%2F&key=scqgRVMQacpzzrnGSOPySA

-684-Crack SSH, FTP, Telnet Logins Using Hydra:

https://www.thehackr.com/crack-ssh-ftp-telnet-logins-using-hydra/

-685-Reveal Saved Passwords in Browser using JavaScript Injection:

https://www.thehackr.com/reveal-saved-passwords-browser-using-javascript-injection/

-686-Nmap Cheat Sheet:

https://s3-us-west-2.amazonaws.com/stationx-public-download/nmap_cheet_sheet_0.6.pdf

-687-Manual Post Exploitation on Windows PC (Network Command):

http://www.hackingarticles.in/manual-post-exploitation-windows-pc-network-command

-688-Hack Gmail or Facebook Password of Remote PC using NetRipper Exploitation Tool:

http://www.hackingarticles.in/hack-gmail-or-facebook-password-of-remote-pc-using-netripper-exploitation-tool

-689-Hack Locked Workstation Password in Clear Text:

http://www.hackingarticles.in/hack-locked-workstation-password-clear-text

-690-How to Find ALL Excel, Office, PDF, and Images in Remote PC:

http://www.hackingarticles.in/how-to-find-all-excel-office-pdf-images-files-in-remote-pc

-691-red-teaming:

https://www.redteamsecure.com/category/red-teaming/

-692-Create a Fake AP and Sniff Data mitmAP:

http://www.uaeinfosec.com/create-fake-ap-sniff-data-mitmap/

-693-Bruteforcing From Nmap Output BruteSpray:

http://www.uaeinfosec.com/bruteforcing-nmap-output-brutespray/

-694-Reverse Engineering Framework radare2:

http://www.uaeinfosec.com/reverse-engineering-framework-radare2/

-695-Automated ettercap TCP/IP Hijacking Tool Morpheus:

http://www.uaeinfosec.com/automated-ettercap-tcpip-hijacking-tool-morpheus/

-696-List Of Vulnerable SQL Injection Sites:

https://www.blogger.com/share-post.g?blogID=1175829128367570667&postID=4652029420701251199

-697-Command and Control – Gmail:

https://pentestlab.blog/2017/08/03/command-and-control-gmail/

-698-Command and Control – DropBox:

https://pentestlab.blog/2017/08/29/command-and-control-dropbox/

-699-Skeleton Key:

https://pentestlab.blog/2018/04/10/skeleton-key/

-700-Secondary Logon Handle:

https://pentestlab.blog/2017/04/07/secondary-logon-handle

-701-Hot Potato:

https://pentestlab.blog/2017/04/13/hot-potato

-702-Leveraging INF-SCT Fetch & Execute Techniques For Bypass, Evasion, & Persistence (Part 2):

https://bohops.com/2018/03/10/leveraging-inf-sct-fetch-execute-techniques-for-bypass-evasion-persistence-part-2/

-703-Linux-Kernel-exploits:

http://tacxingxing.com/category/exploit/kernel-exploit/

-704-Linux-Kernel-Exploit Stack Smashing:

http://tacxingxing.com/2018/02/26/linuxkernelexploit-stack-smashing/

-705-Linux Kernel Exploit Environment:

http://tacxingxing.com/2018/02/15/linuxkernelexploit-huan-jing-da-jian/

-706-Linux-Kernel-Exploit NULL dereference:

http://tacxingxing.com/2018/02/22/linuxkernelexploit-null-dereference/

-707-Apache mod_python for red teams:

https://labs.nettitude.com/blog/apache-mod_python-for-red-teams/

-708-Bounty Write-up (HTB):

https://medium.com/p/9b01c934dfd2/

709-CTF Writeups:

https://medium.com/ctf-writeups

-710-Detecting Malicious Microsoft Office Macro Documents:

http://www.greyhathacker.net/?p=872

-711-SQL injection in Drupal:

https://hackerone.com/reports/31756

-712-XSS and open redirect on Twitter:

https://hackerone.com/reports/260744

-713-Shopify login open redirect:

https://hackerone.com/reports/55546

-714-HackerOne interstitial redirect:

https://hackerone.com/reports/111968

-715-Ubiquiti sub-domain takeovers:

https://hackerone.com/reports/181665

-716-Scan.me pointing to Zendesk:

https://hackerone.com/reports/114134

-717-Starbucks' sub-domain takeover:

https://hackerone.com/reports/325336

-718-Vine's sub-domain takeover:

https://hackerone.com/reports/32825

-719-Uber's sub-domain takeover:

https://hackerone.com/reports/175070

-720-Read access to Google:

https://blog.detectify.com/2014/04/11/how-we-got-read-access-on-googles-production-servers/

-721-A Facebook XXE with Word:

https://www.bram.us/2014/12/29/how-i-hacked-facebook-with-a-word-document/

-722-The Wikiloc XXE:

https://www.davidsopas.com/wikiloc-xxe-vulnerability/

-723-Uber Jinja2 TTSI:

https://hackerone.com/reports/125980

-724-Uber Angular template injection:

https://hackerone.com/reports/125027

-725-Yahoo Mail stored XSS:

https://klikki.fi/adv/yahoo2.html

-726-Google image search XSS:

https://mahmoudsec.blogspot.com/2015/09/how-i-found-xss-vulnerability-in-google.html

-727-Shopify Giftcard Cart XSS :

https://hackerone.com/reports/95089

-728-Shopify wholesale XSS :

https://hackerone.com/reports/106293

-729-Bypassing the Shopify admin authentication:

https://hackerone.com/reports/270981

-730-Starbucks race conditions:

https://sakurity.com/blog/2015/05/21/starbucks.html

-731-Binary.com vulnerability – stealing a user's money:

https://hackerone.com/reports/98247

-732-HackerOne signal manipulation:

https://hackerone.com/reports/106305

-733-Shopify S buckets open:

https://hackerone.com/reports/98819

-734-HackerOne S buckets open:

https://hackerone.com/reports/209223

-735-Bypassing the GitLab 2F authentication:

https://gitlab.com/gitlab-org/gitlab-ce/issues/14900

-736-Yahoo PHP info disclosure:

https://blog.it-securityguard.com/bugbounty-yahoo-phpinfo-php-disclosure-2/

-737-Shopify for exporting installed users:

https://hackerone.com/reports/96470

-738-Shopify Twitter disconnect:

https://hackerone.com/reports/111216

-739-Badoo full account takeover:

https://hackerone.com/reports/127703

-740-Disabling PS Logging:

https://github.com/leechristensen/Random/blob/master/CSharp/DisablePSLogging.cs

-741-macro-less-code-exec-in-msword:

https://sensepost.com/blog/2017/macro-less-code-exec-in-msword/

-742-5 ways to Exploiting PUT Vulnerability:

http://www.hackingarticles.in/5-ways-to-exploiting-put-vulnerabilit

-743-5 Ways to Exploit Verb Tempering Vulnerability:

http://www.hackingarticles.in/5-ways-to-exploit-verb-tempering-vulnerability

-744-5 Ways to Hack MySQL Login Password:

http://www.hackingarticles.in/5-ways-to-hack-mysql-login-password

-745-5 Ways to Hack SMB Login Password:

http://www.hackingarticles.in/5-ways-to-hack-smb-login-password

-746-6 Ways to Hack FTP Login Password:

http://www.hackingarticles.in/6-ways-to-hack-ftp-login-password

-746-6 Ways to Hack SNMP Password:

http://www.hackingarticles.in/6-ways-to-hack-snmp-password

-747-6 Ways to Hack VNC Login Password:

http://www.hackingarticles.in/6-ways-to-hack-vnc-login-password

-748-Access Sticky keys Backdoor on Remote PC with Sticky Keys Hunter:

http://www.hackingarticles.in/access-sticky-keys-backdoor-remote-pc-sticky-keys-hunter

-749-Beginner Guide to IPtables:

http://www.hackingarticles.in/beginner-guide-iptables

-750-Beginner Guide to impacket Tool kit:

http://www.hackingarticles.in/beginner-guide-to-impacket-tool-kit

-751-Exploit Remote Windows 10 PC using Discover Tool:

http://www.hackingarticles.in/exploit-remote-windows-10-pc-using-discover-tool

-752-Forensics Investigation of Remote PC (Part 2):

http://www.hackingarticles.in/forensics-investigation-of-remote-pc-part-2

-753-5 ways to File upload vulnerability Exploitation:

http://www.hackingarticles.in/5-ways-file-upload-vulnerability-exploitation

-754-FTP Penetration Testing in Ubuntu (Port 21):

http://www.hackingarticles.in/ftp-penetration-testing-in-ubuntu-port-21

-755-FTP Penetration Testing on Windows (Port 21):

http://www.hackingarticles.in/ftp-penetration-testing-windows

-756-FTP Pivoting through RDP:

http://www.hackingarticles.in/ftp-pivoting-rdp

-757-Fun with Metasploit Payloads:

http://www.hackingarticles.in/fun-metasploit-payloads

-758-Gather Cookies and History of Mozilla Firefox in Remote Windows, Linux or MAC PC:

http://www.hackingarticles.in/gather-cookies-and-history-of-mozilla-firefox-in-remote-windows-linux-or-mac-pc

-759-Generating Reverse Shell using Msfvenom (One Liner Payload):

http://www.hackingarticles.in/generating-reverse-shell-using-msfvenom-one-liner-payload

-760-Generating Scan Reports Using Nmap (Output Scan):

http://www.hackingarticles.in/generating-scan-reports-using-nmap-output-scan

-761-Get Meterpreter Session of Locked PC Remotely (Remote Desktop Enabled):

http://www.hackingarticles.in/get-meterpreter-session-locked-pc-remotely-remote-desktop-enabled

-762-Hack ALL Security Features in Remote Windows 7 PC:

http://www.hackingarticles.in/hack-all-security-features-in-remote-windows-7-pc

-763-5 ways to Exploit LFi Vulnerability:

http://www.hackingarticles.in/5-ways-exploit-lfi-vulnerability

-764-5 Ways to Directory Bruteforcing on Web Server:

http://www.hackingarticles.in/5-ways-directory-bruteforcing-web-server

-765-Hack Call Logs, SMS, Camera of Remote Android Phone using Metasploit:

http://www.hackingarticles.in/hack-call-logs-sms-camera-remote-android-phone-using-metasploit

-766-Hack Gmail and Facebook Password in Network using Bettercap:

http://www.hackingarticles.in/hack-gmail-facebook-password-network-using-bettercap

-767-ICMP Penetration Testing:

http://www.hackingarticles.in/icmp-penetration-testing

-768-Understanding Guide to Mimikatz:

http://www.hackingarticles.in/understanding-guide-mimikatz

-769-5 Ways to Create Dictionary for Bruteforcing:

http://www.hackingarticles.in/5-ways-create-dictionary-bruteforcing

-770-Linux Privilege Escalation using LD_Preload:

http://www.hackingarticles.in/linux-privilege-escalation-using-ld_preload/

-771-2 Ways to Hack Remote Desktop Password using kali Linux:

http://www.hackingarticles.in/2-ways-to-hack-remote-desktop-password-using-kali-linux

-772-2 ways to use Msfvenom Payload with Netcat:

http://www.hackingarticles.in/2-ways-use-msfvenom-payload-netcat

-773-4 ways to Connect Remote PC using SMB Port:

http://www.hackingarticles.in/4-ways-connect-remote-pc-using-smb-port

-774-4 Ways to DNS Enumeration:

http://www.hackingarticles.in/4-ways-dns-enumeration

-775-4 Ways to get Linux Privilege Escalation:

http://www.hackingarticles.in/4-ways-get-linux-privilege-escalation

-776-101+ OSINT Resources for Investigators [2019]:

https://i-sight.com/resources/101-osint-resources-for-investigators/

-777-Week in OSINT #2019–02:

https://medium.com/week-in-osint/week-in-osint-2019-02-d4009c27e85f

-778-OSINT Cheat Sheet:

https://hack2interesting.com/osint-cheat-sheet/

-779-OSINT Cheat Sheet:

https://infoskirmish.com/osint-cheat-sheet/

-780-OSINT Links for Investigators:

https://i-sight.com/resources/osint-links-for-investigators/

-781- Metasploit Cheat Sheet :

https://www.kitploit.com/2019/02/metasploit-cheat-sheet.html

-782- Exploit Development Cheat Sheet:

https://github.com/coreb1t/awesome-pentest-cheat-sheets/commit/5b83fa9cfb05f4774eb5e1be2cde8dbb04d011f4

-783-Building Profiles for a Social Engineering Attack:

https://pentestlab.blog/2012/04/19/building-profiles-for-a-social-engineering-attack/

-784-Practical guide to NTLM Relaying in 2017 (A.K.A getting a foothold in under 5 minutes):

https://byt3bl33d3r.github.io/practical-guide-to-ntlm-relaying-in-2017-aka-getting-a-foothold-in-under-5-minutes.html

-785-Getting the goods with CrackMapExec: Part 2:

https://byt3bl33d3r.github.io/tag/crackmapexec.html

-786-Bug Hunting Methodology (part-1):

https://medium.com/p/91295b2d2066

-787-Exploring Cobalt Strike's ExternalC2 framework:

https://blog.xpnsec.com/exploring-cobalt-strikes-externalc2-framework/

-788-Airbnb – When Bypassing JSON Encoding, XSS Filter, WAF, CSP, and Auditor turns into Eight Vulnerabilities:

https://buer.haus/2017/03/08/airbnb-when-bypassing-json-encoding-xss-filter-waf-csp-and-auditor-turns-into-eight-vulnerabilities/

-789-Adversarial Tactics, Techniques & Common Knowledge:

https://attack.mitre.org/wiki/Main_Page

-790-Bug Bounty — Tips / Tricks / JS (JavaScript Files):

https://medium.com/p/bdde412ea49d

-791-Bug Bounty Hunting Tips #2 —Target their mobile apps (Android Edition):

https://medium.com/p/f88a9f383fcc

-792-DiskShadow: The Return of VSS Evasion, Persistence, and Active Directory Database Extraction:

https://bohops.com/2018/03/26/diskshadow-the-return-of-vss-evasion-persistence-and-active-directory-database-extraction/

-793-Executing Commands and Bypassing AppLocker with PowerShell Diagnostic Scripts:

https://bohops.com/2018/01/07/executing-commands-and-bypassing-applocker-with-powershell-diagnostic-scripts/

-794-ClickOnce (Twice or Thrice): A Technique for Social Engineering and (Un)trusted Command Execution:

https://bohops.com/2017/12/02/clickonce-twice-or-thrice-a-technique-for-social-engineering-and-untrusted-command-execution/

-795-Leveraging INF-SCT Fetch & Execute Techniques For Bypass, Evasion, & Persistence (Part 2):

https://bohops.com/2018/03/10/leveraging-inf-sct-fetch-execute-techniques-for-bypass-evasion-persistence-part-2/

-796-DiskShadow: The Return of VSS Evasion, Persistence, and Active Directory Database Extraction:

https://bohops.com/2018/03/26/diskshadow-the-return-of-vss-evasion-persistence-and-active-directory-database-extraction/

-797-Trust Direction: An Enabler for Active Directory Enumeration and Trust Exploitation:

https://bohops.com/2017/12/02/trust-direction-an-enabler-for-active-directory-enumeration-and-trust-exploitation/

-798-DiskShadow: The Return of VSS Evasion, Persistence, and Active Directory Database Extraction:

https://bohops.com/2018/03/26/diskshadow-the-return-of-vss-evasion-persistence-and-active-directory-database-extraction/

-799-Abusing Exported Functions and Exposed DCOM Interfaces for Pass-Thru Command Execution and Lateral Movement:

https://bohops.com/2018/03/17/abusing-exported-functions-and-exposed-dcom-interfaces-for-pass-thru-command-execution-and-lateral-movement/

-800-Capcom Rootkit Proof-Of-Concept:

https://www.fuzzysecurity.com/tutorials/28.html

-801-Linux Privilege Escalation using Misconfigured NFS:

http://www.hackingarticles.in/linux-privilege-escalation-using-misconfigured-nfs/

-802-Beginners Guide for John the Ripper (Part 1):

http://www.hackingarticles.in/beginner-guide-john-the-ripper-part-1/

-803-Working of Traceroute using Wireshark:

http://www.hackingarticles.in/working-of-traceroute-using-wireshark/

-804-Multiple Ways to Get root through Writable File:

http://www.hackingarticles.in/multiple-ways-to-get-root-through-writable-file/

-805-4 ways to SMTP Enumeration:

http://www.hackingarticles.in/4-ways-smtp-enumeration

-806-4 ways to Hack MS SQL Login Password:

http://www.hackingarticles.in/4-ways-to-hack-ms-sql-login-password

-807-4 Ways to Hack Telnet Passsword:

http://www.hackingarticles.in/4-ways-to-hack-telnet-passsword

-808-5 ways to Brute Force Attack on WordPress Website:

http://www.hackingarticles.in/5-ways-brute-force-attack-wordpress-website

-809-5 Ways to Crawl a Website:

http://www.hackingarticles.in/5-ways-crawl-website

-810-Local Linux Enumeration & Privilege Escalation Cheatsheet:

https://www.rebootuser.com/?p=1623

-811-The Drebin Dataset:

https://www.sec.cs.tu-bs.de/~danarp/drebin/download.html

-812-ECMAScript 6 from an Attacker's Perspective - Breaking Frameworks, Sandboxes, and everything else:

https://www.slideshare.net/x00mario/es6-en

-813-IT and Information Security Cheat Sheets:

https://zeltser.com/cheat-sheets/

-814-Cheat Sheets - DFIR Training:

https://www.dfir.training/cheat-sheets

-815-WinDbg Malware Analysis Cheat Sheet:

https://oalabs.openanalysis.net/2019/02/18/windbg-for-malware-analysis/

-819-Cheat Sheet for Analyzing Malicious Software:

https://www.prodefence.org/cheat-sheet-for-analyzing-malicious-software/

-820-Analyzing Malicious Documents Cheat Sheet - Prodefence:

https://www.prodefence.org/analyzing-malicious-documents-cheat-sheet-2/

-821-Cheat Sheets - SANS Digital Forensics:

https://digital-forensics.sans.org/community/cheat-sheets

-822-Linux Command Line Forensics and Intrusion Detection Cheat Sheet:

https://www.sandflysecurity.com/blog/compromised-linux-cheat-sheet/

-823-Windows Registry Auditing Cheat Sheet:

https://www.slideshare.net/Hackerhurricane/windows-registry-auditing-cheat-sheet-ver-jan-2016-malwarearchaeology

-824-Cheat Sheet of Useful Commands Every Kali Linux User Needs To Know:

https://kennyvn.com/cheatsheet-useful-bash-commands-linux/

-825-kali-linux-cheatsheet:

https://github.com/NoorQureshi/kali-linux-cheatsheet

-826-8 Best Kali Linux Terminal Commands used by Hackers (2019 Edition):

https://securedyou.com/best-kali-linux-commands-terminal-hacking/

-827-Kali Linux Commands Cheat Sheet:

https://www.pinterest.com/pin/393431717429496576/

-827-Kali Linux Commands Cheat Sheet A To Z:

https://officialhacker.com/linux-commands-cheat-sheet/

-828-Linux commands CHEATSHEET for HACKERS:

https://www.reddit.com/r/Kalilinux/.../linux_commands_cheatsheet_for_hackers/

-829-100 Linux Commands – A Brief Outline With Cheatsheet:

https://fosslovers.com/100-linux-commands-cheatsheet/

-830-Kali Linux – Penetration Testing Cheat Sheet:

https://uwnthesis.wordpress.com/2016/06/.../kali-linux-penetration-testing-cheat-sheet/

-831-Basic Linux Terminal Shortcuts Cheat Sheet :

https://computingforgeeks.com/basic-linux-terminal-shortcuts-cheat-sheet/

-832-List Of 220+ Kali Linux and Linux Commands Line {Free PDF} :

https://itechhacks.com/kali-linux-and-linux-commands/

-833-Transferring files from Kali to Windows (post exploitation):

https://blog.ropnop.com/transferring-files-from-kali-to-windows/

-834-The Ultimate Penetration Testing Command Cheat Sheet for Kali Linux:

https://www.hostingland.com/.../the-ultimate-penetration-testing-command-cheat-sheet

-835-What is penetration testing? 10 hacking tools the pros use:

https://www.csoonline.com/article/.../17-penetration-testing-tools-the-pros-use.html

-836-Best Hacking Tools List for Hackers & Security Professionals in 2019:

https://gbhackers.com/hacking-tools-list/

-837-ExploitedBunker PenTest Cheatsheet:

https://exploitedbunker.com/articles/pentest-cheatsheet/

-838-How to use Zarp for penetration testing:

https://www.techrepublic.com/article/how-to-use-zarp-for-penetration-testing/

-839-Wireless Penetration Testing Cheat Sheet;

https://uceka.com/2014/05/12/wireless-penetration-testing-cheat-sheet/

-840-Pentest Cheat Sheets:

https://www.cheatography.com/tag/pentest/

-841-40 Best Penetration Testing (Pen Testing) Tools in 2019:

https://www.guru99.com/top-5-penetration-testing-tools.html

-842-Metasploit Cheat Sheet:

https://www.hacking.land/2019/02/metasploit-cheat-sheet.html

-843-OSCP useful resources and tools;

https://acknak.fr/en/articles/oscp-tools/

-844-Pentest + Exploit dev Cheatsheet:

https://ehackings.com/all-posts/pentest-exploit-dev-cheatsheet/

-845-What is Penetration Testing? A Quick Guide for 2019:

https://www.cloudwards.net/penetration-testing/

-846-Recon resource:

https://pentester.land/cheatsheets/2019/04/15/recon-resources.html

-847-Network Recon Cheat Sheet:

https://www.cheatography.com/coffeefueled/cheat-sheets/network-recon/

-848-Recon Cheat Sheets:

https://www.cheatography.com/tag/recon/

-849-Penetration Testing Active Directory, Part II:

https://hausec.com/2019/03/12/penetration-testing-active-directory-part-ii/

-850-Reverse-engineering Cheat Sheets:

https://www.cheatography.com/tag/reverse-engineering/

-851-Reverse Engineering Cheat Sheet:

https://www.scribd.com/doc/38163906/Reverse-Engineering-Cheat-Sheet

-852-ATOMBOMBING: BRAND NEW CODE INJECTION FOR WINDOWS:

https://blog.ensilo.com/atombombing-brand-new-code-injection-for-windows

-853-PROPagate:

http://www.hexacorn.com/blog/2017/10/26/propagate-a-new-code-injection-trick/

-854-Process Doppelgänging, by Tal Liberman and Eugene Kogan::

https://www.blackhat.com/docs/eu-17/materials/eu-17-Liberman-Lost-In-Transaction-Process-Doppelganging.pdf

-855-Gargoyle:

https://jlospinoso.github.io/security/assembly/c/cpp/developing/software/2017/03/04/gargoyle-memory-analysis-evasion.html

-856-GHOSTHOOK:

https://www.cyberark.com/threat-research-blog/ghosthook-bypassing-patchguard-processor-trace-based-hooking/

-857-Learn C:

https://www.programiz.com/c-programming

-858-x86 Assembly Programming Tutorial:

https://www.tutorialspoint.com/assembly_programming/

-859-Dr. Paul Carter's PC Assembly Language:

http://pacman128.github.io/pcasm/

-860-Introductory Intel x86 - Architecture, Assembly, Applications, and Alliteration:

http://opensecuritytraining.info/IntroX86.html

-861-x86 Disassembly:

https://en.wikibooks.org/wiki/X86_Disassembly

-862-use-of-dns-tunneling-for-cc-communications-malware:

https://securelist.com/use-of-dns-tunneling-for-cc-communications/78203/

-863-Using IDAPython to Make Your Life Easier (Series)::

https://researchcenter.paloaltonetworks.com/2015/12/using-idapython-to-make-your-life-easier-part-1/

-864-NET binary analysis:

https://cysinfo.com/cyber-attack-targeting-cbi-and-possibly-indian-army-officials/

-865-detailed analysis of the BlackEnergy3 big dropper:

https://cysinfo.com/blackout-memory-analysis-of-blackenergy-big-dropper/

-866-detailed analysis of Uroburos rootkit:

https://www.gdatasoftware.com/blog/2014/06/23953-analysis-of-uroburos-using-windbg

-867-TCP/IP and tcpdump Pocket Reference Guide:

https://www.sans.org/security-resources/tcpip.pdf

-868-TCPDUMP Cheatsheet:

http://packetlife.net/media/library/12/tcpdump.pdf

-869-Scapy Cheatsheet:

http://packetlife.net/media/library/36/scapy.pdf

-870-WIRESHARK DISPLAY FILTERS:

http://packetlife.net/media/library/13/Wireshark_Display_Filters.pdf

-871-Windows command line sheet:

https://www.sans.org/security-resources/sec560/windows_command_line_sheet_v1.pdf

-872-Metasploit cheat sheet:

https://www.sans.org/security-resources/sec560/misc_tools_sheet_v1.pdf

-873-IPv6 Cheatsheet:

http://packetlife.net/media/library/8/IPv6.pdf

-874-IPv4 Subnetting:

http://packetlife.net/media/library/15/IPv4_Subnetting.pdf

-875-IOS IPV4 ACCESS LISTS:

http://packetlife.net/media/library/14/IOS_IPv4_Access_Lists.pdf

-876-Common Ports List:

http://packetlife.net/media/library/23/common_ports.pdf

-877-WLAN:

http://packetlife.net/media/library/4/IEEE_802.11_WLAN.pdf

-878-VLANs Cheatsheet:

http://packetlife.net/media/library/20/VLANs.pdf

-879-VoIP Basics CheatSheet:

http://packetlife.net/media/library/34/VOIP_Basics.pdf

-880-Google hacking and defense cheat sheet:

https://www.sans.org/security-resources/GoogleCheatSheet.pdf

-881-Nmap CheatSheet:

https://pen-testing.sans.org/blog/2013/10/08/nmap-cheat-sheet-1-0

-882-Netcat cheat sheet:

https://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf

-883-PowerShell cheat sheet:

https://blogs.sans.org/pen-testing/files/2016/05/PowerShellCheatSheet_v41.pdf

-884-Scapy cheat sheet POCKET REFERENCE:

https://blogs.sans.org/pen-testing/files/2016/04/ScapyCheatSheet_v0.2.pdf

-885-SQL injection cheat sheet.:

https://information.rapid7.com/sql-injection-cheat-sheet-download.html

-886-Injection cheat sheet:

https://information.rapid7.com/injection-non-sql-cheat-sheet-download.html

-887-Symmetric Encryption Algorithms cheat sheet:

https://www.cheatography.com/rubberdragonfarts/cheat-sheets/symmetric-encryption-algorithms/

-888-Intrusion Discovery Cheat Sheet v2.0 for Linux:

https://pen-testing.sans.org/retrieve/linux-cheat-sheet.pdf

-889-Intrusion Discovery Cheat Sheet v2.0 for Window:

https://pen-testing.sans.org/retrieve/windows-cheat-sheet.pdf

-890-Memory Forensics Cheat Sheet v1.2:

https://digital-forensics.sans.org/media/memory-forensics-cheat-sheet.pdf

-891-CRITICAL LOG REVIEW CHECKLIST FOR SECURITY INCIDENTS G E N E R AL APPROACH:

https://www.sans.org/brochure/course/log-management-in-depth/6

-892-Evidence collection cheat sheet:

https://digital-forensics.sans.org/media/evidence_collection_cheat_sheet.pdf

-893-Hex file and regex cheat sheet v1.0:

https://digital-forensics.sans.org/media/hex_file_and_regex_cheat_sheet.pdf

-894-Rekall Memory Forensic Framework Cheat Sheet v1.2.:

https://digital-forensics.sans.org/media/rekall-memory-forensics-cheatsheet.pdf

-895-SIFT WORKSTATION Cheat Sheet v3.0.:

https://digital-forensics.sans.org/media/sift_cheat_sheet.pdf

-896-Volatility Memory Forensic Framework Cheat Sheet:

https://digital-forensics.sans.org/media/volatility-memory-forensics-cheat-sheet.pdf

-897-Hands - on Network Forensics.:

https://www.first.org/resources/papers/conf2015/first_2015_-_hjelmvik-_erik_-_hands-on_network_forensics_20150604.pdf

-898-VoIP Security Vulnerabilities.:

https://www.sans.org/reading-room/whitepapers/voip/voip-security-vulnerabilities-2036

-899-Incident Response: How to Fight Back:

https://www.sans.org/reading-room/whitepapers/analyst/incident-response-fight-35342

-900-BI-7_VoIP_Analysis_Fundamentals:

https://sharkfest.wireshark.org/sharkfest.12/presentations/BI-7_VoIP_Analysis_Fundamentals.pdf

-901-Bug Hunting Guide:

cybertheta.blogspot.com/2018/08/bug-hunting-guide.html

-902-Guide 001 |Getting Started in Bug Bounty Hunting:

https://whoami.securitybreached.org/2019/.../guide-getting-started-in-bug-bounty-hun...

-903-SQL injection cheat sheet :

https://portswigger.net › Web Security Academy › SQL injection › Cheat sheet

-904-RSnake's XSS Cheat Sheet:

https://www.in-secure.org/2018/08/22/rsnakes-xss-cheat-sheet/

-905-Bug Bounty Tips (2):

https://ctrsec.io/index.php/2019/03/20/bug-bounty-tips-2/

-906-A Review of my Bug Hunting Journey:

https://kongwenbin.com/a-review-of-my-bug-hunting-journey/

-907-Meet the First Hacker Millionaire on HackerOne:

https://itblogr.com/meet-the-first-hacker-millionaire-on-hackerone/

-908-XSS Cheat Sheet:

https://www.reddit.com/r/programming/comments/4sn54s/xss_cheat_sheet/

-909-Bug Bounty Hunter Methodology:

https://www.slideshare.net/bugcrowd/bug-bounty-hunter-methodology-nullcon-2016

-910-#10 Rules of Bug Bounty:

https://hackernoon.com/10-rules-of-bug-bounty-65082473ab8c

-911-Bugbounty Checklist:

https://www.excis3.be/bugbounty-checklist/21/

-912-FireBounty | The Ultimate Bug Bounty List!:

https://firebounty.com/

-913-Brutelogic xss cheat sheet 2019:

https://brutelogic.com.br/blog/ebook/xss-cheat-sheet/

-914-XSS Cheat Sheet by Rodolfo Assis:

https://leanpub.com/xss

-915-Cross-Site-Scripting (XSS) – Cheat Sheet:

https://ironhackers.es/en/cheatsheet/cross-site-scripting-xss-cheat-sheet/

-916-XSS Cheat Sheet V. 2018 :

https://hackerconnected.wordpress.com/2018/03/15/xss-cheat-sheet-v-2018/

-917-Cross-site Scripting Payloads Cheat Sheet :

https://exploit.linuxsec.org/xss-payloads-list

-918-Xss Cheat Sheet :

https://www.in-secure.org/tag/xss-cheat-sheet/

-919-Open Redirect Cheat Sheet :

https://pentester.land/cheatsheets/2018/11/02/open-redirect-cheatsheet.html

-920-XSS, SQL Injection and Fuzzing Bar Code Cheat Sheet:

https://www.irongeek.com/xss-sql-injection-fuzzing-barcode-generator.php

-921-XSS Cheat Sheet:

https://tools.paco.bg/13/

-922-XSS for ASP.net developers:

https://www.gosecure.net/blog/2016/03/22/xss-for-asp-net-developers

-923-Cross-Site Request Forgery Cheat Sheet:

https://trustfoundry.net/cross-site-request-forgery-cheat-sheet/

-924-CSRF Attacks: Anatomy, Prevention, and XSRF Tokens:

https://www.acunetix.com/websitesecurity/csrf-attacks/

-925-Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet :

https://mamchenkov.net/.../05/.../cross-site-request-forgery-csrf-prevention-cheat-shee...

-926-Guide to CSRF (Cross-Site Request Forgery):

https://www.veracode.com/security/csrf

-927-Cross-site Request Forgery - Exploitation & Prevention:

https://www.netsparker.com/blog/web-security/csrf-cross-site-request-forgery/

-928-SQL Injection Cheat Sheet :

https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet/

-929-MySQL SQL Injection Practical Cheat Sheet:

https://www.perspectiverisk.com/mysql-sql-injection-practical-cheat-sheet/

-930-SQL Injection (SQLi) - Cheat Sheet, Attack Examples & Protection:

https://www.checkmarx.com/knowledge/knowledgebase/SQLi

-931-SQL injection attacks: A cheat sheet for business pros:

https://www.techrepublic.com/.../sql-injection-attacks-a-cheat-sheet-for-business-pros/

-932-The SQL Injection Cheat Sheet:

https://biztechmagazine.com/article/.../guide-combatting-sql-injection-attacks-perfcon

-933-SQL Injection Cheat Sheet:

https://resources.infosecinstitute.com/sql-injection-cheat-sheet/

-934-Comprehensive SQL Injection Cheat Sheet:

https://www.darknet.org.uk/2007/05/comprehensive-sql-injection-cheat-sheet/

-935-MySQL SQL Injection Cheat Sheet:

pentestmonkey.net/cheat-sheet/sql-injection/mysql-sql-injection-cheat-sheet

-936-SQL Injection Cheat Sheet: MySQL:

https://www.gracefulsecurity.com/sql-injection-cheat-sheet-mysql/

-937- MySQL Injection Cheat Sheet:

https://www.asafety.fr/mysql-injection-cheat-sheet/

-938-SQL Injection Cheat Sheet:

https://www.reddit.com/r/netsec/comments/7l449h/sql_injection_cheat_sheet/

-939-Google dorks cheat sheet 2019:

https://sanfrantokyo.com/pph5/yxo7.php?xxx=5&lf338=google...cheat-sheet-2019

-940-Command Injection Cheatsheet :

https://hackersonlineclub.com/command-injection-cheatsheet/

-941-OS Command Injection Vulnerability:

https://www.immuniweb.com/vulnerability/os-command-injection.html

-942-OS Command Injection:

https://www.checkmarx.com/knowledge/knowledgebase/OS-Command_Injection

-943-Command Injection: The Good, the Bad and the Blind:

https://www.gracefulsecurity.com/command-injection-the-good-the-bad-and-the-blind/

-944-OS command injection:

https://portswigger.net › Web Security Academy › OS command injection

-945-How to Test for Command Injection:

https://blog.securityinnovation.com/blog/.../how-to-test-for-command-injection.html

-946-Data Exfiltration via Blind OS Command Injection:

https://www.contextis.com/en/blog/data-exfiltration-via-blind-os-command-injection

-947-XXE Cheatsheet:

https://www.gracefulsecurity.com/xxe-cheatsheet/

-948-bugbounty-cheatsheet/xxe.:

https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/xxe.md

-949-XXE - Information Security:

https://phonexicum.github.io/infosec/xxe.html

-950-XXE Cheat Sheet:

https://www.hahwul.com/p/xxe-cheat-sheet.html

-951-Advice From A Researcher: Hunting XXE For Fun and Profit:

https://www.bugcrowd.com/blog/advice-from-a-bug-hunter-xxe/

-952-Out of Band Exploitation (OOB) CheatSheet :

https://www.notsosecure.com/oob-exploitation-cheatsheet/

-953-Web app penentration testing checklist and cheatsheet:

www.malwrforensics.com/.../web-app-penentration-testing-checklist-and-cheatsheet-with-example

-954-Useful Resources:

https://lsdsecurity.com/useful-resources/

-955-Exploiting XXE Vulnerabilities in IIS/.NET:

https://pen-testing.sans.org/.../entity-inception-exploiting-iis-net-with-xxe-vulnerabiliti...

-956-Top 65 OWASP Cheat Sheet Collections - ALL IN ONE:

https://www.yeahhub.com/top-65-owasp-cheat-sheet-collections-all-in-one/

-957-Hacking Resources:

https://www.torontowebsitedeveloper.com/hacking-resources

-958-Out of Band XML External Entity Injection:

https://www.netsparker.com/web...scanner/.../out-of-band-xml-external-entity-injectio...

-959-XXE - ZeroSec - Adventures In Information Security:

https://blog.zsec.uk/out-of-band-xxe-2/

-960-Blog - Automated Data Exfiltration with XXE:

https://blog.gdssecurity.com/labs/2015/4/.../automated-data-exfiltration-with-xxe.html

-961-My Experience during Infosec Interviews:

https://medium.com/.../my-experience-during-infosec-interviews-ed1f74ce41b8

-962-Top 10 Security Risks on the Web (OWASP):

https://sensedia.com/.../top-10-security-risks-on-the-web-owasp-and-how-to-mitigate-t...

-963-Antivirus Evasion Tools [Updated 2019] :

https://resources.infosecinstitute.com/antivirus-evasion-tools/

-964-Adventures in Anti-Virus Evasion:

https://www.gracefulsecurity.com/anti-virus-evasion/

-965-Antivirus Bypass Phantom Evasion - 2019 :

https://www.reddit.com/r/Kalilinux/.../antivirus_bypass_phantom_evasion_2019/

-966-Antivirus Evasion with Python:

https://medium.com/bugbountywriteup/antivirus-evasion-with-python-49185295caf1

-967-Windows oneliners to get shell:

https://ironhackers.es/en/cheatsheet/comandos-en-windows-para-obtener-shell/

-968-Does Veil Evasion Still Work Against Modern AntiVirus?:

https://www.hackingloops.com/veil-evasion-virustotal/

-969-Google dorks cheat sheet 2019 :

https://sanfrantokyo.com/pph5/yxo7.php?xxx=5&lf338=google...cheat-sheet-2019

-970-Malware Evasion Techniques :

https://www.slideshare.net/ThomasRoccia/malware-evasion-techniques

-971-How to become a cybersecurity pro: A cheat sheet:

https://www.techrepublic.com/article/cheat-sheet-how-to-become-a-cybersecurity-pro/

-972-Bypassing Antivirus With Ten Lines of Code:

https://hackingandsecurity.blogspot.com/.../bypassing-antivirus-with-ten-lines-of.html

-973-Bypassing antivirus detection on a PDF exploit:

https://www.digital.security/en/blog/bypassing-antivirus-detection-pdf-exploit

-974-Generating Payloads & Anti-Virus Bypass Methods:

https://uceka.com/2014/02/19/generating-payloads-anti-virus-bypass-methods/

-975-Apkwash Android Antivirus Evasion For Msfvemon:

https://hackingarise.com/apkwash-android-antivirus-evasion-for-msfvemon/

-976-Penetration Testing with Windows Computer & Bypassing an Antivirus:

https://www.prodefence.org/penetration-testing-with-windows-computer-bypassing-antivirus

-978-Penetration Testing: The Quest For Fully UnDetectable Malware:

https://www.foregenix.com/.../penetration-testing-the-quest-for-fully-undetectable-malware

-979-AVET: An AntiVirus Bypassing tool working with Metasploit Framework :

https://githacktools.blogspot.com

-980-Creating an undetectable payload using Veil-Evasion Toolkit:

https://www.yeahhub.com/creating-undetectable-payload-using-veil-evasion-toolkit/

-981-Evading Antivirus :

https://sathisharthars.com/tag/evading-antivirus/

-982-AVPASS – All things in moderation:

https://hydrasky.com/mobile-security/avpass/

-983-Complete Penetration Testing & Hacking Tools List:

https://cybarrior.com/blog/2019/03/31/hacking-tools-list/

-984-Modern red teaming: 21 resources for your security team:

https://techbeacon.com/security/modern-red-teaming-21-resources-your-security-team

-985-BloodHound and CypherDog Cheatsheet :

https://hausec.com/2019/04/15/bloodhound-and-cypherdog-cheatsheet/

-986-Redteam Archives:

https://ethicalhackingguru.com/category/redteam/

-987-NMAP Commands Cheat Sheet:

https://www.networkstraining.com/nmap-commands-cheat-sheet/

-988-Nmap Cheat Sheet:

https://dhound.io/blog/nmap-cheatsheet

-989-Nmap Cheat Sheet: From Discovery to Exploits:

https://resources.infosecinstitute.com/nmap-cheat-sheet/

-990-Nmap Cheat Sheet and Pro Tips:

https://hackertarget.com/nmap-cheatsheet-a-quick-reference-guide/

-991-Nmap Tutorial: from the Basics to Advanced Tips:

https://hackertarget.com/nmap-tutorial/

-992-How to run a complete network scan with OpenVAS;

https://www.techrepublic.com/.../how-to-run-a-complete-network-scan-with-openvas/

-993-Nmap: my own cheatsheet:

https://www.andreafortuna.org/2018/03/12/nmap-my-own-cheatsheet/

-994-Top 32 Nmap Command Examples For Linux Sys/Network Admins:

https://www.cyberciti.biz/security/nmap-command-examples-tutorials/

-995-35+ Best Free NMap Tutorials and Courses to Become Pro Hacker:

https://www.fromdev.com/2019/01/best-free-nmap-tutorials-courses.html

-996-Scanning Tools:

https://widesecurity.net/kali-linux/kali-linux-tools-scanning/

-997-Nmap - Cheatsheet:

https://www.ivoidwarranties.tech/posts/pentesting-tuts/nmap/cheatsheet/

-998-Linux for Network Engineers:

https://netbeez.net/blog/linux-how-to-use-nmap/

-999-Nmap Cheat Sheet:

https://www.hackingloops.com/nmap-cheat-sheet-port-scanning-basics-ethical-hackers/

-1000-Tactical Nmap for Beginner Network Reconnaissance:

https://null-byte.wonderhowto.com/.../tactical-nmap-for-beginner-network-reconnaiss...

-1001-A Guide For Google Hacking Database:

https://www.hackgentips.com/google-hacking-database/

-1002-2019 Data Breaches - The Worst Breaches, So Far:

https://www.identityforce.com/blog/2019-data-breaches

-1003-15 Vulnerable Sites To (Legally) Practice Your Hacking Skills:

https://www.checkmarx.com/.../15-vulnerable-sites-to-legally-practice-your-hacking-skills

-1004-Google Hacking Master List :

https://it.toolbox.com/blogs/rmorril/google-hacking-master-list-111408

-1005-Smart searching with googleDorking | Exposing the Invisible:

https://exposingtheinvisible.org/guides/google-dorking/

-1006-Google Dorks 2019:

https://korben.info/google-dorks-2019-liste.html

-1007-Google Dorks List and how to use it for Good;

https://edgy.app/google-dorks-list

-1008-How to Use Google to Hack(Googledorks):

https://null-byte.wonderhowto.com/how-to/use-google-hack-googledorks-0163566/

-1009-Using google as hacking tool:

https://cybertechies007.blogspot.com/.../using-google-as-hacking-tool-googledorks.ht...

-1010-#googledorks hashtag on Twitter:

https://twitter.com/hashtag/googledorks

-1011-Top Five Open Source Intelligence (OSINT) Tools:

https://resources.infosecinstitute.com/top-five-open-source-intelligence-osint-tools/

-1012-What is open-source intelligence (OSINT)?:

https://www.microfocus.com/en-us/what-is/open-source-intelligence-osint

-1013-A Guide to Open Source Intelligence Gathering (OSINT):

https://medium.com/bugbountywriteup/a-guide-to-open-source-intelligence-gathering-osint-ca831e13f29c

-1014-OSINT: How to find information on anyone:

https://medium.com/@Peter_UXer/osint-how-to-find-information-on-anyone-5029a3c7fd56

-1015-What is OSINT? How can I make use of it?:

https://securitytrails.com/blog/what-is-osint-how-can-i-make-use-of-it

-1016-OSINT Tools for the Dark Web:

https://jakecreps.com/2019/05/16/osint-tools-for-the-dark-web/

-1017-A Guide to Open Source Intelligence (OSINT):

https://www.cjr.org/tow_center_reports/guide-to-osint-and-hostile-communities.php

-1018-An Introduction To Open Source Intelligence (OSINT):

https://www.secjuice.com/introduction-to-open-source-intelligence-osint/

-1019-SSL & TLS HTTPS Testing [Definitive Guide] - Aptive:

https://www.aptive.co.uk/blog/tls-ssl-security-testing/

-1020-Exploit Title: [Files Containing E-mail and Associated Password Lists]:

https://www.exploit-db.com/ghdb/4262/?source=ghdbid

-1021-cheat_sheets:

http://zachgrace.com/cheat_sheets/

-1022-Intel SYSRET:

https://pentestlab.blog/2017/06/14/intel-sysret

-1023-Windows Preventive Maintenance Best Practices:

http://www.professormesser.com/free-a-plus-training/220-902/windows-preventive-maintenance-best-practices/

-1024-An Overview of Storage Devices:

http://www.professormesser.com/?p=19367

-1025-An Overview of RAID:

http://www.professormesser.com/?p=19373

-1026-How to Troubleshoot:

http://www.professormesser.com/free-a-plus-training/220-902/how-to-troubleshoot/

-1027-Mobile Device Security Troubleshooting:

http://www.professormesser.com/free-a-plus-training/220-902/mobile-device-security-troubleshooting/

-1028-Using Wireshark: Identifying Hosts and Users:

https://unit42.paloaltonetworks.com/using-wireshark-identifying-hosts-and-users/

-1029-Using Wireshark - Display Filter Expressions:

https://unit42.paloaltonetworks.com/using-wireshark-display-filter-expressions/

-1030-Decrypting SSL/TLS traffic with Wireshark:

https://resources.infosecinstitute.com/decrypting-ssl-tls-traffic-with-wireshark/

-1031-A collection of handy Bash One-Liners and terminal tricks for data processing and Linux system maintenance.:

https://onceupon.github.io/Bash-Oneliner/

-1032- Bash One-Liners Explained, Part I: Working with files :

https://catonmat.net/bash-one-liners-explained-part-one

-1033-Bash One-Liners Explained, Part IV: Working with history:

https://catonmat.net/bash-one-liners-explained-part-four

-1034-Useful bash one-liners :

https://github.com/stephenturner/oneliners

-1035-Some Random One-liner Linux Commands [Part 1]:

https://www.ostechnix.com/random-one-liner-linux-commands-part-1/

-1036-The best terminal one-liners from and for smart admins + devs.:

https://www.ssdnodes.com/tools/one-line-wise/

-1037-Shell one-liner:

https://rosettacode.org/wiki/Shell_one-liner#Racket

-1038-SSH Cheat Sheet:

http://pentestmonkey.net/tag/ssh

-1039-7000 Google Dork List:

https://pastebin.com/raw/Tdvi8vgK

-1040-GOOGLE HACKİNG DATABASE – GHDB:

https://pastebin.com/raw/1ndqG7aq

-1041-STEALING PASSWORD WITH GOOGLE HACK:

https://pastebin.com/raw/x6BNZ7NN

-1042-Hack Remote PC with PHP File using PhpSploit Stealth Post-Exploitation Framework:

http://www.hackingarticles.in/hack-remote-pc-with-php-file-using-phpsploit-stealth-post-exploitation-framework

-1043-Open Source database of android malware:

www.code.google.com/archive/p/androguard/wikis/DatabaseAndroidMalwares.wiki

-1044-big-list-of-naughty-strings:

https://github.com/minimaxir/big-list-of-naughty-strings/blob/master/blns.txt

-1045-publicly available cap files:

http://www.netresec.com/?page=PcapFiles

-1046-“Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection”:

http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.119.399&rep=rep1&type=pdf

-1047-Building a malware analysis toolkit:

https://zeltser.com/build-malware-analysis-toolkit/

-1048-Netcat Reverse Shell Cheat Sheet:

http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet

-1049-Packers and crypters:

http://securityblog.gr/2950/detect-packers-cryptors-and-compilers/

-1050-Evading antivirus:

http://www.blackhillsinfosec.com/?p=5094

-1051-cheat sheets and information,The Art of Hacking:

https://github.com/The-Art-of-Hacking

-1052-Error-based SQL injection:

https://www.exploit-db.com/docs/37953.pdf

-1053-XSS cheat sheet:

https://www.veracode.com/security/xss

-1054-Active Directory Enumeration with PowerShell:

https://www.exploit-db.com/docs/46990

-1055-Buffer Overflows, C Programming, NSA GHIDRA and More:

https://www.exploit-db.com/docs/47032

-1056-Analysis of CVE-2019-0708 (BlueKeep):

https://www.exploit-db.com/docs/46947

-1057-Windows Privilege Escalations:

https://www.exploit-db.com/docs/46131

-1058-The Ultimate Guide For Subdomain Takeover with Practical:

https://www.exploit-db.com/docs/46415

-1059-File transfer skills in the red team post penetration test:

https://www.exploit-db.com/docs/46515

-1060-How To Exploit PHP Remotely To Bypass Filters & WAF Rules:

https://www.exploit-db.com/docs/46049

-1061-Flying under the radar:

https://www.exploit-db.com/docs/45898

-1062-what is google hacking? and why it is useful ?and how you can learn how to use it:

https://twitter.com/cry__pto/status/1142497470825545729?s=20

-1063-useful blogs for penetration testers:

https://twitter.com/cry__pto/status/1142497470825545729?s=20

-1064-useful #BugBounty resources & links & tutorials & explanations & writeups ::

https://twitter.com/cry__pto/status/1143965322233483265?s=20

-1065-Union- based SQL injection:

http://securityidiots.com/Web-Pentest/SQL-Injection/Basic-Union-Based-SQL-Injection.html

-1066-Broken access control:

https://www.happybearsoftware.com/quick-check-for-access-control-vulnerabilities-in-rails

-1067-Understanding firewall types and configurations:

http://searchsecurity.techtarget.com/feature/The-five-different-types-of-firewalls

-1068-5 Kali Linux tricks that you may not know:

https://pentester.land/tips-n-tricks/2018/11/09/5-kali-linux-tricks-that-you-may-not-know.html

-1069-5 tips to make the most of Twitter as a pentester or bug bounty hunter:

https://pentester.land/tips-n-tricks/2018/10/23/5-tips-to-make-the-most-of-twitter-as-a-pentester-or-bug-bounty-hunter.html

-1060-A Guide To Subdomain Takeovers:

https://www.hackerone.com/blog/Guide-Subdomain-Takeovers

-1061-Advanced Recon Automation (Subdomains) case 1:

https://medium.com/p/9ffc4baebf70

-1062-Security testing for REST API with w3af:

https://medium.com/quick-code/security-testing-for-rest-api-with-w3af-2c43b452e457?source=post_recirc---------0------------------

-1062-The Lazy Hacker:

https://securit.ie/blog/?p=86

-1063-Practical recon techniques for bug hunters & pen testers:

https://github.com/appsecco/practical-recon-levelup0x02/raw/200c43b58e9bf528a33c9dfa826fda89b229606c/practical_recon.md

-1064-A More Advanced Recon Automation #1 (Subdomains):

https://poc-server.com/blog/2019/01/18/advanced-recon-subdomains/

-1065-Expanding your scope (Recon automation #2):

https://poc-server.com/blog/2019/01/31/expanding-your-scope-recon-automation/

-1066-RCE by uploading a web.config:

https://poc-server.com/blog/2018/05/22/rce-by-uploading-a-web-config/

-1067-Finding and exploiting Blind XSS:

https://enciphers.com/finding-and-exploiting-blind-xss/

-1068-Google dorks list 2018:

http://conzu.de/en/google-dork-liste-2018-conzu

-1096-Out of Band Exploitation (OOB) CheatSheet:

https://www.notsosecure.com/oob-exploitation-cheatsheet/

-1070-Metasploit Cheat Sheet:

https://nitesculucian.github.io/2018/12/01/metasploit-cheat-sheet/

-1071-Linux Post Exploitation Cheat Sheet :

red-orbita.com/?p=8455

-1072-OSCP/Pen Testing Resources :

https://medium.com/@sdgeek/oscp-pen-testing-resources-271e9e570d45

-1073-Out Of Band Exploitation (OOB) CheatSheet :

https://packetstormsecurity.com/files/149290/Out-Of-Band-Exploitation-OOB-CheatSheet.html

-1074-HTML5 Security Cheatsheet:

https://html5sec.org/

-1075-Kali Linux Cheat Sheet for Penetration Testers:

https://www.blackmoreops.com/2016/12/20/kali-linux-cheat-sheet-for-penetration-testers/

-1076-Responder - CheatSheet:

https://www.ivoidwarranties.tech/posts/pentesting-tuts/responder/cheatsheet/

-1076-Windows Post-Exploitation Command List:

pentest.tonyng.net/windows-post-exploitation-command-list/

-1077-Transfer files (Post explotation) - CheatSheet

https://ironhackers.es/en/cheatsheet/transferir-archivos-post-explotacion-cheatsheet/

-1078-SQL Injection Cheat Sheet: MSSQL — GracefulSecurity:

https://www.gracefulsecurity.com/sql-injection-cheat-sheet-mssql/

-1079-OSCP useful resources and tools:

https://acknak.fr/en/articles/oscp-tools/

-1080-Penetration Testing 102 - Windows Privilege Escalation - Cheatsheet:

www.exumbraops.com/penetration-testing-102-windows-privilege-escalation-cheatsheet

-1081-Transferring files from Kali to Windows (post exploitation) :

https://blog.ropnop.com/transferring-files-from-kali-to-windows/

-1082-Hack Like a Pro: The Ultimate Command Cheat Sheet for Metasploit:

https://null-byte.wonderhowto.com/.../hack-like-pro-ultimate-command-cheat-sheet-f...

-1083-OSCP Goldmine (not clickbait):

0xc0ffee.io/blog/OSCP-Goldmine

-1084-Privilege escalation: Linux :

https://vulp3cula.gitbook.io/hackers-grimoire/post-exploitation/privesc-linux

-1085-Exploitation Tools Archives :

https://pentesttools.net/category/exploitationtools/

-1086-From Local File Inclusion to Remote Code Execution - Part 1:

https://outpost24.com/blog/from-local-file-inclusion-to-remote-code-execution-part-1

-1087-Basic Linux Privilege Escalation:

https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/

-1088-Title: Ultimate Directory Traversal & Path Traversal Cheat Sheet:

www.vulnerability-lab.com/resources/documents/587.txt

-1089-Binary Exploitation:

https://pwndevils.com/hacking/howtwohack.html

1090-A guide to Linux Privilege Escalation:

https://payatu.com/guide-linux-privilege-escalation/

-1091-Penetration Testing Tools Cheat Sheet :

https://news.ycombinator.com/item?id=11977304

-1092-List of Metasploit Commands - Cheatsheet:

https://thehacktoday.com/metasploit-commands/

-1093-A journey into Radare 2 – Part 2: Exploitation:

https://www.megabeets.net/a-journey-into-radare-2-part-2/

-1094-Remote Code Evaluation (Execution) Vulnerability:

https://www.netsparker.com/blog/web-security/remote-code-evaluation-execution/

-1095-Exploiting Python Code Injection in Web Applications:

https://www.securitynewspaper.com/.../exploiting-python-code-injection-web-applicat...

-1096-Shells · Total OSCP Guide:

https://sushant747.gitbooks.io/total-oscp-guide/reverse-shell.html

-1097-MongoDB Injection cheat sheet Archives:

https://blog.securelayer7.net/tag/mongodb-injection-cheat-sheet/

-1098-Basic Shellshock Exploitation:

https://blog.knapsy.com/blog/2014/10/07/basic-shellshock-exploitation/

-1099-Wireshark Tutorial and Tactical Cheat Sheet :

https://hackertarget.com/wireshark-tutorial-and-cheat-sheet/

-1100-Windows Command Line cheatsheet (part 2):

https://www.andreafortuna.org/2017/.../windows-command-line-cheatsheet-part-2-wm...

-1101-Detecting WMI exploitation:

www.irongeek.com/i.php?page=videos/derbycon8/track-3-03...exploitation...

1102-Metasploit Cheat Sheet - Hacking Land :

https://www.hacking.land/2019/02/metasploit-cheat-sheet.html

-1103-5 Practical Scenarios for XSS Attacks:

https://pentest-tools.com/blog/xss-attacks-practical-scenarios/

-1104-Ultimate gdb cheat sheet:

http://nadavclaudecohen.com/2017/10/10/ultimate-gdb-cheat-sheet/

-1105-Reverse Engineering Cheat Sheet:

https://www.scribd.com/doc/38163906/Reverse-Engineering-Cheat-Sheet

-1106-Reverse Engineering Cheat Sheet:

https://www.scribd.com/document/94575179/Reverse-Engineering-Cheat-Sheet

-1107-Reverse Engineering For Malware Analysis:

https://eforensicsmag.com/reverse_engi_cheatsheet/

-1108-Reverse-engineering Cheat Sheets :

https://www.cheatography.com/tag/reverse-engineering/

-1109-Shortcuts for Understanding Malicious Scripts:

https://www.linkedin.com/pulse/shortcuts-understanding-malicious-scripts-viviana-ross

-1110-WinDbg Malware Analysis Cheat Sheet :

https://oalabs.openanalysis.net/2019/02/18/windbg-for-malware-analysis/

-1111-Cheat Sheet for Malware Analysis:

https://www.andreafortuna.org/2016/08/16/cheat-sheet-for-malware-analysis/

-1112-Tips for Reverse-Engineering Malicious Code :

https://www.digitalmunition.me/tips-reverse-engineering-malicious-code-new-cheat-sheet

-1113-Cheatsheet for radare2 :

https://leungs.xyz/reversing/2018/04/16/radare2-cheatsheet.html

-1114-Reverse Engineering Cheat Sheets:

https://www.pinterest.com/pin/576390452300827323/

-1115-Reverse Engineering Resources-Beginners to intermediate Guide/Links:

https://medium.com/@vignesh4303/reverse-engineering-resources-beginners-to-intermediate-guide-links-f64c207505ed

-1116-Malware Resources :

https://www.professor.bike/malware-resources

-1117-Zero-day exploits: A cheat sheet for professionals:

https://www.techrepublic.com/article/zero-day-exploits-the-smart-persons-guide/

-1118-Getting cozy with exploit development:

https://0x00sec.org/t/getting-cozy-with-exploit-development/5311

-1119-appsec - Web Security Cheatsheet :

https://security.stackexchange.com/questions/2985/web-security-cheatsheet-todo-list

-1120-PEDA - Python Exploit Development Assistance For GDB:

https://www.pinterest.ru/pin/789044797190775841/

-1121-Exploit Development Introduction (part 1) :

https://www.cybrary.it/video/exploit-development-introduction-part-1/

-1122-Windows Exploit Development: A simple buffer overflow example:

https://medium.com/bugbountywriteup/windows-expliot-dev-101-e5311ac284a

-1123-Exploit Development-Everything You Need to Know:

https://null-byte.wonderhowto.com/how-to/exploit-development-everything-you-need-know-0167801/

-1124-Exploit Development :

https://0x00sec.org/c/exploit-development

-1125-Exploit Development - Infosec Resources:

https://resources.infosecinstitute.com/category/exploit-development/

-1126-Exploit Development :

https://www.reddit.com/r/ExploitDev/

-1127-A Study in Exploit Development - Part 1: Setup and Proof of Concept :

https://www.anitian.com/a-study-in-exploit-development-part-1-setup-and-proof-of-concept

-1128-Exploit Development for Beginners:

https://www.youtube.com/watch?v=tVDuuz60KKc

-1129-Introduction to Exploit Development:

https://www.fuzzysecurity.com/tutorials/expDev/1.html

-1130-Exploit Development And Reverse Engineering:

https://www.immunitysec.com/services/exploit-dev-reverse-engineering.html

-1131-wireless forensics:

https://www.sans.org/reading-room/whitepapers/wireless/80211-network-forensic-analysis-33023

-1132-fake AP Detection:

https://www.sans.org/reading-room/whitepapers/detection/detecting-preventing-rogue-devices-network-1866

-1133-In-Depth analysis of SamSam Ransomware:

https://www.crowdstrike.com/blog/an-in-depth-analysis-of-samsam-ransomware-and-boss-spider/

-1134-WannaCry ransomware:

https://www.endgame.com/blog/technical-blog/wcrywanacry-ransomware-technical-analysis

-1135-malware analysis:

https://www.sans.org/reading-room/whitepapers/malicious/paper/2103

-1136-Metasploit's detailed communication and protocol writeup:

https://www.exploit-db.com/docs/english/27935-metasploit---the-exploit-learning-tree.pdf

-1137-Metasploit's SSL-generation module::

https://github.com/rapid7/metasploit-framework/blob/76954957c740525cff2db5a60bcf936b4ee06c42/lib/rex/post/meterpreter/client.rb

-1139-Empire IOCs::

https://www.sans.org/reading-room/whitepapers/detection/disrupting-empire-identifying-powershell-empire-command-control-activity-38315

-1140-excellent free training on glow analysis:

http://opensecuritytraining.info/Flow.html

-1141-NetFlow using Silk:

https://tools.netsa.cert.org/silk/analysis-handbook.pdf

-1142-Deep Packet Inspection:

https://is.muni.cz/th/ql57c/dp-svoboda.pdf

-1143-Detecting Behavioral Personas with OSINT and Datasploit:

https://www.exploit-db.com/docs/45543

-1144-WordPress Penetration Testing using WPScan and MetaSploit:

https://www.exploit-db.com/docs/45556

-1145-Bulk SQL Injection using Burp-to-SQLMap:

https://www.exploit-db.com/docs/45428

-1146-XML External Entity Injection - Explanation and Exploitation:

https://www.exploit-db.com/docs/45374

-1147- Web Application Firewall (WAF) Evasion Techniques #3 (CloudFlare and ModSecurity OWASP CRS3):

https://www.exploit-db.com/docs/45368

-1148-File Upload Restrictions Bypass:

https://www.exploit-db.com/docs/45074

-1149-VLAN Hopping Attack:

https://www.exploit-db.com/docs/45050

-1150-Jigsaw Ransomware Analysis using Volatility:

https://medium.com/@0xINT3/jigsaw-ransomware-analysis-using-volatility-2047fc3d9be9

-1151-Ransomware early detection by the analysis of file sharing traffic:

https://www.sciencedirect.com/science/article/pii/S108480451830300X

-1152-Do You Think You Can Analyse Ransomware?:

https://medium.com/asecuritysite-when-bob-met-alice/do-you-think-you-can-analyse-ransomware-bbc813b95529

-1153-Analysis of LockerGoga Ransomware :

https://labsblog.f-secure.com/2019/03/27/analysis-of-lockergoga-ransomware/

-1154-Detection and Forensic Analysis of Ransomware Attacks :

https://www.netfort.com/assets/NetFort-Ransomware-White-Paper.pdf

-1155-Bad Rabbit Ransomware Technical Analysis:

https://logrhythm.com/blog/bad-rabbit-ransomware-technical-analysis/

-1156-NotPetya Ransomware analysis :

https://safe-cyberdefense.com/notpetya-ransomware-analysis/

-1157-Identifying WannaCry on Your Server Using Logs:

https://www.loggly.com/blog/identifying-wannacry-server-using-logs/

-1158-The past, present, and future of ransomware:

https://www.itproportal.com/features/the-past-present-and-future-of-ransomware/

-1159-The dynamic analysis of WannaCry ransomware :

https://ieeexplore.ieee.org/iel7/8318543/8323471/08323682.pdf

-1160-Malware Analysis: Ransomware - SlideShare:

https://www.slideshare.net/davidepiccardi/malware-analysis-ransomware

-1161-Article: Anatomy of ransomware malware: detection, analysis :

https://www.inderscience.com/info/inarticle.php?artid=84399

-1162-Tracking desktop ransomware payments :

https://www.blackhat.com/docs/us-17/wednesday/us-17-Invernizzi-Tracking-Ransomware-End-To-End.pdf

-1163-What is Ransomware? Defined, Explained, and Explored:

https://www.forcepoint.com/cyber-edu/ransomware

-1164-Detect and Recover from Ransomware Attacks:

https://www.indexengines.com/ransomware

-1165-Wingbird rootkit analysis:

https://artemonsecurity.blogspot.com/2017/01/wingbird-rootkit-analysis.html

-1166-Windows Kernel Rootkits: Techniques and Analysis:

https://www.offensivecon.org/trainings/2019/windows-kernel-rootkits-techniques-and-analysis.html

-1167-Rootkit: What is a Rootkit and How to Detect It :

https://www.veracode.com/security/rootkit

-1168-Dissecting Turla Rootkit Malware Using Dynamic Analysis:

https://www.lastline.com/.../dissecting-turla-rootkit-malware-using-dynamic-analysis/

-1169-Rootkits and Rootkit Detection (Windows Forensic Analysis) Part 2:

https://what-when-how.com/windows-forensic-analysis/rootkits-and-rootkit-detection-windows-forensic-analysis-part-2/

-1170-ZeroAccess – an advanced kernel mode rootkit :

https://www.botnetlegalnotice.com/ZeroAccess/files/Ex_12_Decl_Anselmi.pdf

-1171-Rootkit Analysis Identification Elimination:

https://acronyms.thefreedictionary.com/Rootkit+Analysis+Identification+Elimination

-1172-TDL3: The Rootkit of All Evil?:

static1.esetstatic.com/us/resources/white-papers/TDL3-Analysis.pdf

-1173-Avatar Rootkit: Dropper Analysis:

https://resources.infosecinstitute.com/avatar-rootkit-dropper-analysis-part-1/

-1174-Sality rootkit analysis:

https://www.prodefence.org/sality-rootkit-analysis/

-1175-RootKit Hook Analyzer:

https://www.resplendence.com/hookanalyzer/

-1176-Behavioral Analysis of Rootkit Malware:

https://isc.sans.edu/forums/diary/Behavioral+Analysis+of+Rootkit+Malware/1487/

-1177-Malware Memory Analysis of the IVYL Linux Rootkit:

https://apps.dtic.mil/docs/citations/AD1004349

-1178-Analysis of the KNARK rootkit :

https://linuxsecurity.com/news/intrusion-detection/analysis-of-the-knark-rootkit

-1179-32 Bit Windows Kernel Mode Rootkit Lab Setup with INetSim :

https://medium.com/@eaugusto/32-bit-windows-kernel-mode-rootkit-lab-setup-with-inetsim-e49c22e9fcd1

-1180-Ten Process Injection Techniques: A Technical Survey of Common and Trending Process Injection Techniques:

https://www.endgame.com/blog/technical-blog/ten-process-injection-techniques-technical-survey-common-and-trending-process

-1181-Code & Process Injection - Red Teaming Experiments:

https://ired.team/offensive-security/code-injection-process-injection

-1182-What Malware Authors Don't want you to know:

https://www.blackhat.com/.../asia-17-KA-What-Malware-Authors-Don't-Want-You-To-Know

-1183-.NET Process Injection:

https://medium.com/@malcomvetter/net-process-injection-1a1af00359bc

-1184-Memory Injection like a Boss :

https://www.countercept.com/blog/memory-injection-like-a-boss/

-1185-Process injection - Malware style:

https://www.slideshare.net/demeester1/process-injection

-1186-Userland API Monitoring and Code Injection Detection:

https://0x00sec.org/t/userland-api-monitoring-and-code-injection-detection/5565

-1187-Unpacking Redaman Malware & Basics of Self-Injection Packers:

https://liveoverflow.com/unpacking-buhtrap-malware-basics-of-self-injection-packers-ft-oalabs-2/

-1188-Code injection on macOS:

https://knight.sc/malware/2019/03/15/code-injection-on-macos.html

-1189-(Shell)Code Injection In Linux Userland :

https://blog.sektor7.net/#!res/2018/pure-in-memory-linux.md

-1190-Code injection on Windows using Python:

https://www.andreafortuna.org/2018/08/06/code-injection-on-windows-using-python-a-simple-example/

-1191-What is Reflective DLL Injection and how can be detected?:

https://www.andreafortuna.org/cybersecurity/what-is-reflective-dll-injection-and-how-can-be-detected/

-1192-Windows Process Injection:

https://modexp.wordpress.com/2018/08/23/process-injection-propagate/

-1193-A+ cheat sheet:

https://www.slideshare.net/abnmi/a-cheat-sheet

-1194-A Bettercap Tutorial — From Installation to Mischief:

https://danielmiessler.com/study/bettercap/

-1195-Debugging Malware with WinDbg:

https://www.ixiacom.com/company/blog/debugging-malware-windbg

-1195-Malware analysis, my own list of tools and resources:

https://www.andreafortuna.org/2016/08/05/malware-analysis-my-own-list-of-tools-and-resources/

-1196-Getting Started with Reverse Engineering:

https://lospi.net/developing/software/.../assembly/2015/03/.../reversing-with-ida.html

-1197-Debugging malicious windows scriptlets with Google chrome:

https://medium.com/@0xamit/debugging-malicious-windows-scriptlets-with-google-chrome-c31ba409975c

-1198-Intro to Radare2 for Malware Analysis:

https://malwology.com/2018/11/30/intro-to-radare2-for-malware-analysis/

-1199-Intro to Malware Analysis and Reverse Engineering:

https://www.cybrary.it/course/malware-analysis/

-1200-Common Malware Persistence Mechanisms:

https://resources.infosecinstitute.com/common-malware-persistence-mechanisms/

-1201-Finding Registry Malware Persistence with RECmd:

https://digital-forensics.sans.org/blog/2019/05/07/malware-persistence-recmd

-1202-Windows Malware Persistence Mechanisms :

https://www.swordshield.com/blog/windows-malware-persistence-mechanisms/

-1203- persistence techniques:

https://www.andreafortuna.org/2017/07/06/malware-persistence-techniques/

-1204- Persistence Mechanism - an overview | ScienceDirect Topics:

https://www.sciencedirect.com/topics/computer-science/persistence-mechanism

-1205-Malware analysis for Linux:

https://www.sothis.tech/en/malware-analysis-for-linux-wirenet/

-1206-Linux Malware Persistence with Cron:

https://www.sandflysecurity.com/blog/linux-malware-persistence-with-cron/

-1207-What is advanced persistent threat (APT)? :

https://searchsecurity.techtarget.com/definition/advanced-persistent-threat-APT

-1208-Malware Analysis, Part 1: Understanding Code Obfuscation :

https://www.vadesecure.com/en/malware-analysis-understanding-code-obfuscation-techniques/

-1209-Top 6 Advanced Obfuscation Techniques:

https://sensorstechforum.com/advanced-obfuscation-techniques-malware/

-1210-Malware Obfuscation Techniques:

https://dl.acm.org/citation.cfm?id=1908903

-1211-How Hackers Hide Their Malware: Advanced Obfuscation:

https://www.darkreading.com/attacks-breaches/how-hackers-hide-their-malware-advanced-obfuscation/a/d-id/1329723

-1212-Malware obfuscation techniques: four simple examples:

https://www.andreafortuna.org/2016/10/13/malware-obfuscation-techniques-four-simple-examples/

-1213-Malware Monday: Obfuscation:

https://medium.com/@bromiley/malware-monday-obfuscation-f65239146db0

-1213-Challenge of Malware Analysis: Malware obfuscation Techniques:

https://www.ijiss.org/ijiss/index.php/ijiss/article/view/327

-1214-Static Malware Analysis - Infosec Resources:

https://resources.infosecinstitute.com/malware-analysis-basics-static-analysis/

-1215-Malware Basic Static Analysis:

https://medium.com/@jain.sm/malware-basic-static-analysis-cf19b4600725

-1216-Difference Between Static Malware Analysis and Dynamic Malware Analysis:

http://www.differencebetween.net/technology/difference-between-static-malware-analysis-and-dynamic-malware-analysis/

-1217-What is Malware Analysis | Different Tools for Malware Analysis:

https://blog.comodo.com/different-techniques-for-malware-analysis/

-1218-Detecting Malware Pre-execution with Static Analysis and Machine Learning:

https://www.sentinelone.com/blog/detecting-malware-pre-execution-static-analysis-machine-learning/

-1219-Limits of Static Analysis for Malware Detection:

https://ieeexplore.ieee.org/document/4413008

-1220-Kernel mode versus user mode:

https://blog.codinghorror.com/understanding-user-and-kernel-mode/

-1221-Understanding the ELF:

https://medium.com/@MrJamesFisher/understanding-the-elf-4bd60daac571

-1222-Windows Privilege Abuse: Auditing, Detection, and Defense:

https://medium.com/palantir/windows-privilege-abuse-auditing-detection-and-defense-3078a403d74e

-1223-First steps to volatile memory analysis:

https://medium.com/@zemelusa/first-steps-to-volatile-memory-analysis-dcbd4d2d56a1

-1224-Maliciously Mobile: A Brief History of Mobile Malware:

https://medium.com/threat-intel/mobile-malware-infosec-history-70f3fcaa61c8

-1225-Modern Binary Exploitation Writeups 0x01:

https://medium.com/bugbountywriteup/binary-exploitation-5fe810db3ed4

-1226-Exploit Development 01 — Terminology:

https://medium.com/@MKahsari/exploit-development-01-terminology-db8c19db80d5

-1227-Zero-day exploits: A cheat sheet for professionals:

https://www.techrepublic.com/article/zero-day-exploits-the-smart-persons-guide/

-1228-Best google hacking list on the net:

https://pastebin.com/x5LVJu9T

-1229-Google Hacking:

https://pastebin.com/6nsVK5Xi

-1230-OSCP links:

https://pastebin.com/AiYV80uQ

-1231-Pentesting 1 Information gathering:

https://pastebin.com/qLitw9eT

-1232-OSCP-Survival-Guide:

https://pastebin.com/kdc6th08

-1233-Googledork:

https://pastebin.com/qKwU37BK

-1234-Exploit DB:

https://pastebin.com/De4DNNKK

-1235-Dorks:

https://pastebin.com/cfVcqknA

-1236-GOOGLE HACKİNG DATABASE:

https://pastebin.com/1ndqG7aq

-1237-Carding Dorks 2019:

https://pastebin.com/Hqsxu6Nn

-1238-17k Carding Dorks 2019:

https://pastebin.com/fgdZxy74

-1239-CARDING DORKS 2019:

https://pastebin.com/Y7KvzZqg

-1240-sqli dork 2019:

https://pastebin.com/8gdeLYvU

-1241-Private Carding Dorks 2018:

https://pastebin.com/F0KxkMMD

-1242-20K dorks list fresh full carding 2018:

https://pastebin.com/LgCh0NRJ

-1243-8k Carding Dorks :):

https://pastebin.com/2bjBPiEm

-1244-8500 SQL DORKS:

https://pastebin.com/yeREBFzp

-1245-REAL CARDING DORKS:

https://pastebin.com/0kMhA0Gb

-1246-15k btc dorks:

https://pastebin.com/zbbBXSfG

-1247-Sqli dorks 2016-2017:

https://pastebin.com/7TQiMj3A

-1248-Here is kind of a tutorial on how to write google dorks.:

https://pastebin.com/hZCXrAFK

-1249-10k Private Fortnite Dorks:

https://pastebin.com/SF9UmG1Y

-1250-find login panel dorks:

https://pastebin.com/9FGUPqZc

-1251-Shell dorks:

https://pastebin.com/iZBFQ5yp

-1252-HQ PAID GAMING DORKS:

https://pastebin.com/vNYnyW09

-1253-10K HQ Shopping DORKS:

https://pastebin.com/HTP6rAt4

-1254-Exploit Dorks for Joomla,FCK and others 2015 Old but gold:

https://pastebin.com/ttxAJbdW

-1255-Gain access to unsecured IP cameras with these Google dorks:

https://pastebin.com/93aPbwwE

-1256-new fresh dorks:

https://pastebin.com/ZjdxBbNB

-1257-SQL DORKS FOR CC:

https://pastebin.com/ZQTHwk2S

-1258-Wordpress uploadify Dorks Priv8:

https://pastebin.com/XAGmHVUr

-1259-650 DORKS CC:

https://pastebin.com/xZHARTyz

-1260-3k Dorks Shopping:

https://pastebin.com/e1XiNa8M

-1261-DORKS 2018 :

https://pastebin.com/YAZkPJ0j

-1262-HQ FORTNITE DORKS LIST:

https://pastebin.com/rzhiNad8

-1263-HQ PAID DORKS MIXED GAMING LOL STEAM ..MUSIC SHOPING:

https://pastebin.com/VwVpAvj2

-1264-Camera dorks:

https://pastebin.com/fsARft2j

-1265-Admin Login Dorks:

https://pastebin.com/HWWNZCph

-1266-sql gov dorks:

https://pastebin.com/C8wqyNW8

-1267-10k hq gaming dorks:

https://pastebin.com/cDLN8edi

-1268-HQ SQLI Google Dorks For Shops/Amazon! Enjoy! :

https://pastebin.com/y59kK2h0

-1269-Dorks:

https://pastebin.com/PKvZYMAa

-1270-10k btc dorks:

https://pastebin.com/vRnxvbCu

-1271-7,000 Dorks for hacking into various sites:

https://pastebin.com/n8JVQv3X

-1272-List of information gathering search engines/tools etc:

https://pastebin.com/GTX9X5tF

-1273-FBOSINT:

https://pastebin.com/5KqnFS0B

-1274-Ultimate Penetration Testing:

https://pastebin.com/4EEeEnXe

-1275-massive list of information gathering search engines/tools :

https://pastebin.com/GZ9TVxzh

-1276-CEH Class:

https://pastebin.com/JZdCHrN4

-1277-CEH/CHFI Bundle Study Group Sessions:

https://pastebin.com/XTwksPK7

-1278-OSINT - Financial:

https://pastebin.com/LtxkUi0Y

-1279-Most Important Security Tools and Resources:

https://pastebin.com/cGE8rG04

-1280-OSINT resources from inteltechniques.com:

https://pastebin.com/Zbdz7wit

-1281-Red Team Tips:

https://pastebin.com/AZDBAr1m

-1282-OSCP Notes by Ash:

https://pastebin.com/wFWx3a7U

-1283-OSCP Prep:

https://pastebin.com/98JG5f2v

-1284-OSCP Review/Cheat Sheet:

https://pastebin.com/JMMM7t4f

-1285-OSCP Prep class:

https://pastebin.com/s59GPJrr

-1286-Complete Anti-Forensics Guide:

https://pastebin.com/6V6wZK0i

-1287-The Linux Command Line Cheat Sheet:

https://pastebin.com/PUtWDKX5

-1288-Command-Line Log Analysis:

https://pastebin.com/WEDwpcz9

-1289-An A-Z Index of the Apple macOS command line (OS X):

https://pastebin.com/RmPLQA5f

-1290-San Diego Exploit Development 2018:

https://pastebin.com/VfwhT8Yd

-1291-Windows Exploit Development Megaprimer:

https://pastebin.com/DvdEW4Az

-1292-Some Free Reverse engineering resources:

https://pastebin.com/si2ThQPP

-1293-Sans:

https://pastebin.com/MKiSnjLm

-1294-Metasploit Next Level:

https://pastebin.com/0jC1BUiv

-1295-Just playing around....:

https://pastebin.com/gHXPzf6B

-1296-Red Team Course:

https://pastebin.com/YUYSXNpG

-1297-New Exploit Development 2018:

https://pastebin.com/xaRxgYqQ

-1298-Good reviews of CTP/OSCE (in no particular order)::

https://pastebin.com/RSPbatip

-1299-Vulnerability Research Engineering Bookmarks Collection v1.0:

https://pastebin.com/8mUhjGSU

-1300-Professional-hacker's Pastebin :

https://pastebin.com/u/Professional-hacker

-1301-Google Cheat Sheet:

http://www.googleguide.com/print/adv_op_ref.pdf

-1302-Shodan for penetration testers:

https://www.defcon.org/images/defcon-18/dc-18-presentations/Schearer/DEFCON-18-Schearer-SHODAN.pdf

-1303-Linux networking tools:

https://gist.github.com/miglen/70765e663c48ae0544da08c07006791f

-1304-DNS spoofing with NetHunter:

https://cyberarms.wordpress.com/category/nethunter-tutorial/

-1305-Tips on writing a penetration testing report:

https://www.sans.org/reading-room/whitepapers/bestprac/writing-penetration-testing-report-33343

-1306-Technical penetration report sample:

https://tbgsecurity.com/wordpress/wp-content/uploads/2016/11/Sample-Penetration-Test-Report.pdf

-1307-Nessus sample reports:

https://www.tenable.com/products/nessus/sample-reports

-1308-Sample penetration testing report:

https://www.offensive-security.com/reports/sample-penetration-testing-report.pdf

-1309-jonh-the-ripper-cheat-sheet:

https://countuponsecurity.com/2015/06/14/jonh-the-ripper-cheat-sheet/

-1310-ultimate guide to cracking foreign character passwords using hashcat:

http://www.netmux.com/blog/ultimate-guide-to-cracking-foreign-character-passwords-using-has

-1311-Building_a_Password_Cracking_Rig_forHashcat-_Part_III:

https://www.unix-ninja.com/p/Building_a_Password_Cracking_Rig_for_Hashcat_-_Part_III

-1312-cracking story how i cracked over 122 million sha1 and md5 hashed passwords:

http://blog.thireus.com/cracking-story-how-i-cracked-over-122-million-sha1-and-md5-hashed-passwords/

-1313-CSA (Cloud Security Alliance) Security White Papers:

https://cloudsecurityalliance.org/download/

-1314-NIST Security Considerations in the System Development Life Cycle:

https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-64r2.pdf

-1315-ISO 29100 information technology security techniques privacy framework:

https://www.iso.org/standard/45123.html

-1316-NIST National Checklist Program:

https://nvd.nist.gov/ncp/repository

-1317-OWASP Guide to Cryptography:

https://www.owasp.org/index.php/Guide_to_Cryptography

-1318-NVD (National Vulnerability Database):

https://nvd.nist.gov/

-1319-CVE details:

https://cvedetails.com/

-1320-CIS Cybersecurity Tools:

https://www.cisecurity.org/cybersecurity-tools/

-1321-Security aspects of virtualization by ENISA:

https://www.enisa.europa.eu/publications/security-aspects-of-virtualization/

-1322-CIS Benchmarks also provides a security guide for VMware, Docker, and Kubernetes:

https://www.cisecurity.org/cis-benchmarks/

-1323-OpenStack's hardening of the virtualization layer provides a secure guide to building the virtualization layer:

https://docs.openstack.org/security-guide/compute/hardening-the-virtualization-layers.html

-1324-Docker security:

https://docs.docker.com/engine/security/security/

-1325-Microsoft Security Development Lifecycle:

http://www.microsoft.com/en-us/SDL/

-1326-OWASP SAMM Project:

https://www.owasp.org/index.php/OWASP_SAMM_Project

-1327-CWE/SANS Top 25 Most Dangerous Software Errors:

https://cwe.mitre.org/top25/

-1329-OWASP Vulnerable Web Applications Directory Project:

https://www.owasp.org/index.php/OWASP_Vulnerable_Web_Applications_Directory_Project

-1330-CERT Secure Coding Standards:

https://wiki.sei.cmu.edu/confluence/display/seccode/SEI+CERT+Coding+Standards

-1331-NIST Special Publication 800-53:

https://nvd.nist.gov/800-53

-1332-SAFECode Security White Papers:

https://safecode.org/publications/

-1333-Microsoft Threat Modeling tool 2016:

https://aka.ms/tmt2016/

-1334-Apache Metron for real-time big data security:

http://metron.apache.org/documentation/

-1335-Introducing OCTAVE Allegro: Improving the Information Security Risk Assessment Process:

https://resources.sei.cmu.edu/asset_files/TechnicalReport/2007_005_001_14885.pdf

-1336-NIST 800-18 Guide for Developing Security Plans for Federal Information Systems:

http://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-18r1.pdf

-1337-ITU-T X.805 (10/2003) Security architecture for systems providing end- to-end communications:

https://www.itu.int/rec/dologin_pub.asp?lang=e&id=T-REC-X.805-200310-I!!PDF-E&type=items

-1338-ETSI TS 102 165-1 V4.2.1 (2006-12) : Method and proforma for Threat, Risk, Vulnerability Analysis:

http://www.etsi.org/deliver/etsi_ts/102100_102199/10216501/04.02.01_60/ts_10216501v040201p.pdf

-1339-SAFECode Fundamental Practices for Secure Software Development:

https://safecode.org/wp-content/uploads/2018/03/SAFECode_Fundamental_Practices_for_Secure_Software_Development_March_2018.pdf

-1340-NIST 800-64 Security Considerations in the System Development Life Cycle:

https://csrc.nist.gov/publications/detail/sp/800-64/rev-2/final

-1341-SANS A Security Checklist for Web Application Design:

https://www.sans.org/reading-room/whitepapers/securecode/security-checklist-web-application-design-1389

-1342-Best Practices for implementing a Security Awareness Program:

https://www.pcisecuritystandards.org/documents/PCI_DSS_V1.0_Best_Practices_for_Implementing_Security_Awareness_Program.pdf

-1343-ETSI TS 102 165-1 V4.2.1 (2006-12): Method and proforma for Threat, Risk, Vulnerability Analysis:

http://www.etsi.org/deliver/etsi_ts/102100_102199/10216501/04.02.03_60/ts_10216501v040203p.pdf

-1344-NIST 800-18 Guide for Developing Security Plans for Federal Information Systems:

https://csrc.nist.gov/publications/detail/sp/800-18/rev-1/final

-1345-SafeCode Tactical Threat Modeling:

https://safecode.org/safecodepublications/tactical-threat-modeling/

-1346-SANS Web Application Security Design Checklist:

https://www.sans.org/reading-room/whitepapers/securecode/security-checklist-web-application-design-1389

-1347-Data Anonymization for production data dumps:

https://github.com/sunitparekh/data-anonymization

-1348-SANS Continuous Monitoring—What It Is, Why It Is Needed, and How to Use It:

https://www.sans.org/reading-room/whitepapers/analyst/continuous-monitoring-is-needed-35030

-1349-Guide to Computer Security Log Management:

https://ws680.nist.gov/publication/get_pdf.cfm?pub_id=50881

-1350-Malware Indicators:

https://github.com/citizenlab/malware-indicators

-1351-OSINT Threat Feeds:

https://www.circl.lu/doc/misp/feed-osint/

-1352-SANS How to Use Threat Intelligence effectively:

https://www.sans.org/reading-room/whitepapers/analyst/threat-intelligence-is-effectively-37282

-1353-NIST 800-150 Guide to Cyber Threat Information Sharing:

https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-150.pdf

-1354-Securing Web Application Technologies Checklist:

https://software-security.sans.org/resources/swat

-1355-Firmware Security Training:

https://github.com/advanced-threat-research/firmware-security-training

-1356-Burp Suite Bootcamp:

https://pastebin.com/5sG7Rpg5

-1357-Web app hacking:

https://pastebin.com/ANsw7WRx

-1358-XSS Payload:

https://pastebin.com/EdxzE4P1

-1359-XSS Filter Evasion Cheat Sheet:

https://pastebin.com/bUutGfSy

-1360-Persistence using RunOnceEx – Hidden from Autoruns.exe:

https://oddvar.moe/2018/03/21/persistence-using-runonceex-hidden-from-autoruns-exe/

-1361-Windows Operating System Archaeology:

https://www.slideshare.net/enigma0x3/windows-operating-system-archaeology

-1362-How to Backdoor Windows 10 Using an Android Phone & USB Rubber Ducky:

https://www.prodefence.org/how-to-backdoor-windows-10-using-an-android-phone-usb-rubber-ducky/

-1363-Malware Analysis using Osquery :

https://hackernoon.com/malware-analysis-using-osquery-part-2-69f08ec2ecec

-1364-Tales of a Blue Teamer: Detecting Powershell Empire shenanigans with Sysinternals :

https://holdmybeersecurity.com/2019/02/27/sysinternals-for-windows-incident-response/

-1365-Userland registry hijacking:

https://3gstudent.github.io/Userland-registry-hijacking/

-1366-Malware Hiding Techniques to Watch for: AlienVault Labs:

https://www.alienvault.com/blogs/labs-research/malware-hiding-techniques-to-watch-for-alienvault-labs

-1367- Full text of "Google hacking for penetration testers" :

https://archive.org/stream/pdfy-TPtNL6_ERVnbod0r/Google+Hacking+-+For+Penetration+Tester_djvu.txt

-1368- Full text of "Long, Johnny Google Hacking For Penetration Testers" :

https://archive.org/stream/LongJohnnyGoogleHackingForPenetrationTesters/Long%2C%20Johnny%20-%20Google%20Hacking%20for%20Penetration%20Testers_djvu.txt

-1369- Full text of "Coding For Penetration Testers" :

https://archive.org/stream/CodingForPenetrationTesters/Coding%20for%20Penetration%20Testers_djvu.txt

-1370- Full text of "Hacking For Dummies" :

https://archive.org/stream/HackingForDummies/Hacking%20For%20Dummies_djvu.txt

-1371-Full text of "Wiley. Hacking. 5th. Edition. Jan. 2016. ISBN. 1119154685. Profescience.blogspot.com" :

https://archive.org/stream/Wiley.Hacking.5th.Edition.Jan.2016.ISBN.1119154685.Profescience.blogspot.com/Wiley.Hacking.5th.Edition.Jan.2016.ISBN.1119154685.Profescience.blogspot.com_djvu.txt

-1372- Full text of "Social Engineering The Art Of Human Hacking" :

https://archive.org/stream/SocialEngineeringTheArtOfHumanHacking/Social%20Engineering%20-%20The%20Art%20of%20Human%20Hacking_djvu.txt

-1373- Full text of "CYBER WARFARE" :

https://archive.org/stream/CYBERWARFARE/CYBER%20WARFARE_djvu.txt

-1374-Full text of "NSA DOCID: 4046925 Untangling The Web: A Guide To Internet Research" :

https://archive.org/stream/Untangling_the_Web/Untangling_the_Web_djvu.txt

-1375- Full text of "sectools" :

https://archive.org/stream/sectools/hack-the-stack-network-security_djvu.txt

-1376- Full text of "Aggressive network self-defense" :

https://archive.org/stream/pdfy-YNtvDJueGZb1DCDA/Aggressive%20Network%20Self-Defense_djvu.txt

-1377-Community Texts:

https://archive.org/details/opensource?and%5B%5D=%28language%3Aeng+OR+language%3A%22English%22%29+AND+subject%3A%22google%22

-1378- Full text of "Cyber Spying - Tracking (sometimes).PDF (PDFy mirror)" :

https://archive.org/stream/pdfy-5-Ln_yPZ22ondBJ8/Cyber%20Spying%20-%20Tracking%20%28sometimes%29_djvu.txt

-1379- Full text of "Enzyclopedia Of Cybercrime" :

https://archive.org/stream/EnzyclopediaOfCybercrime/Enzyclopedia%20Of%20Cybercrime_djvu.txt

-1380- Full text of "Information Security Management Handbook" :

https://archive.org/stream/InformationSecurityManagementHandbook/Information%20Security%20Management%20Handbook_djvu.txt

-1381- Full text of "ARMArchitecture Reference Manual" :

https://archive.org/stream/ARMArchitectureReferenceManual/DetectionOfIntrusionsAndMalwareAndVulnerabilityAssessment2016_djvu.txt

-1382- Full text of "Metasploit The Penetration Tester S Guide" :

https://archive.org/stream/MetasploitThePenetrationTesterSGuide/Metasploit-The+Penetration+Tester+s+Guide_djvu.txt

-1383-Tips & tricks to master Google’s search engine:

https://medium.com/infosec-adventures/google-hacking-39599373be7d

-1384-Ethical Google Hacking - Sensitive Doc Dork (Part 2) :

https://securing-the-stack.teachable.com/courses/ethical-google-hacking-1/lectures/3877866

-1385- Google Hacking Secrets:the Hidden Codes of Google :

https://www.ma-no.org/en/security/google-hacking-secrets-the-hidden-codes-of-google

-1386-google hacking:

https://www.slideshare.net/SamNizam/3-google-hacking

-1387-How Penetration Testers Use Google Hacking:

https://www.cqure.nl/kennisplatform/how-penetration-testers-use-google-hacking

-1388-Free Automated Malware Analysis Sandboxes and Services:

https://zeltser.com/automated-malware-analysis/

-1389-How to get started with Malware Analysis and Reverse Engineering:

https://0ffset.net/miscellaneous/how-to-get-started-with-malware-analysis/

-1390-Handy Tools And Websites For Malware Analysis:

https://www.informationsecuritybuzz.com/articles/handy-tools-and-websites/

-1391-Dynamic Malware Analysis:

https://prasannamundas.com/share/dynamic-malware-analysis/

-1392-Intro to Radare2 for Malware Analysis:

https://malwology.com/2018/11/30/intro-to-radare2-for-malware-analysis/

-1393-Detecting malware through static and dynamic techniques:

https://technical.nttsecurity.com/.../detecting-malware-through-static-and-dynamic-tec...

-1394-Malware Analysis Tutorial : Tricks for Confusing Static Analysis Tools:

https://www.prodefence.org/malware-analysis-tutorial-tricks-confusing-static-analysis-tools

-1395-Malware Analysis Lab At Home In 5 Steps:

https://ethicalhackingguru.com/malware-analysis-lab-at-home-in-5-steps/

-1396-Malware Forensics Guide - Static and Dynamic Approach:

https://www.yeahhub.com/malware-forensics-guide-static-dynamic-approach/

-1397-Top 30 Bug Bounty Programs in 2019:

https://www.guru99.com/bug-bounty-programs.html

-1398-Introduction - Book of BugBounty Tips:

https://gowsundar.gitbook.io/book-of-bugbounty-tips/

-1399-List of bug bounty writeups:

https://pentester.land/list-of-bug-bounty-writeups.html

-1400-Tips From A Bugbounty Hunter:

https://www.secjuice.com/bugbounty-hunter/

-1401-Cross Site Scripting (XSS) - Book of BugBounty Tips:

https://gowsundar.gitbook.io/book-of-bugbounty-tips/cross-site-scripting-xss

-1402-BugBountyTips:

https://null0xp.wordpress.com/tag/bugbountytips/

-1403-Xss Filter Bypass Payloads:

www.oroazteca.net/mq67/xss-filter-bypass-payloads.html

-1404-Bug Bounty Methodology:

https://eforensicsmag.com/bug-bounty-methodology-ttp-tacticstechniques-and-procedures-v-2-0

-1405-GDB cheat-sheet for exploit development:

www.mannulinux.org/2017/01/gdb-cheat-sheet-for-exploit-development.html

-1406-A Study in Exploit Development - Part 1: Setup and Proof of Concept :

https://www.anitian.com/a-study-in-exploit-development-part-1-setup-and-proof-of-concept

-1407-Exploit development tutorial :

https://www.computerweekly.com/tutorial/Exploit-development-tutorial-Part-Deux

-1408-exploit code development:

http://www.phreedom.org/presentations/exploit-code-development/exploit-code-development.pdf

-1409-“Help Defeat Denial of Service Attacks: Step-by-Step”:

http://www.sans.org/dosstep/

-1410-Internet Firewalls: Frequently Asked Questions:

http://www.interhack.net/pubs/fwfaq/

-1411-Service Name and Transport Protocol Port Number:

http://www.iana.org/assignments/port-numbers

-1412-10 Useful Open Source Security Firewalls for Linux Systems:

https://www.tecmint.com/open-source-security-firewalls-for-linux-systems/

-1413-40 Linux Server Hardening Security Tips:

https://www.cyberciti.biz/tips/linux-security.html

-1414-Linux hardening: A 15-step checklist for a secure Linux server :

https://www.computerworld.com/.../linux-hardening-a-15-step-checklist-for-a-secure-linux-server

-1415-25 Hardening Security Tips for Linux Servers:

https://www.tecmint.com/linux-server-hardening-security-tips/

-1416-How to Harden Unix/Linux Systems & Close Security Gaps:

https://www.beyondtrust.com/blog/entry/harden-unix-linux-systems-close-security-gaps

-1417-34 Linux Server Security Tips & Checklists for Sysadmins:

https://www.process.st/server-security/

-1418-Linux Hardening:

https://www.slideshare.net/MichaelBoelen/linux-hardening

-1419-23 Hardening Tips to Secure your Linux Server:

https://www.rootusers.com/23-hardening-tips-to-secure-your-linux-server/

-1420-What is the Windows Registry? :

https://www.computerhope.com/jargon/r/registry.htm

-1421-Windows Registry, Everything You Need To Know:

https://www.gammadyne.com/registry.htm

-1422-Windows Registry Tutorial:

https://www.akadia.com/services/windows_registry_tutorial.html

-1423-5 Tools to Scan a Linux Server for Malware and Rootkits:

https://www.tecmint.com/scan-linux-for-malware-and-rootkits/

-1424-Subdomain takeover dew to missconfigured project settings for Custom domain .:

https://medium.com/bugbountywriteup/subdomain-takeover-dew-to-missconfigured-project-settings-for-custom-domain-46e90e702969

-1425-Massive Subdomains p0wned:

https://medium.com/bugbountywriteup/massive-subdomains-p0wned-80374648336e

-1426-Subdomain Takeover: Basics:

https://0xpatrik.com/subdomain-takeover-basics/

-1427-Subdomain Takeover: Finding Candidates:

https://0xpatrik.com/subdomain-takeover-candidates/

-1428-Bugcrowd's Domain & Subdomain Takeover!:

https://bugbountypoc.com/bugcrowds-domain-takeover/

-1429-What Are Subdomain Takeovers, How to Test and Avoid Them?:

https://dzone.com/articles/what-are-subdomain-takeovers-how-to-test-and-avoid

-1430-Finding Candidates for Subdomain Takeovers:

https://jarv.is/notes/finding-candidates-subdomain-takeovers/

-1431-Subdomain takeover of blog.snapchat.com:

https://hackernoon.com/subdomain-takeover-of-blog-snapchat-com-60860de02fe7

-1432-Hostile Subdomain takeove:

https://labs.detectify.com/tag/hostile-subdomain-takeover/

-1433-Microsoft Account Takeover Vulnerability Affecting 400 Million Users:

https://www.safetydetective.com/blog/microsoft-outlook/

-1434-What is Subdomain Hijack/Takeover Vulnerability? How to Identify? & Exploit It?:

https://blog.securitybreached.org/2017/10/11/what-is-subdomain-takeover-vulnerability/

-1435-Subdomain takeover detection with AQUATONE:

https://michenriksen.com/blog/subdomain-takeover-detection-with-aquatone/

-1436-A hostile subdomain takeover! – Breaking application security:

https://evilenigma.blog/2019/03/12/a-hostile-subdomain-takeover/

-1437-Web Development Reading List:

https://www.smashingmagazine.com/2017/03/web-development-reading-list-172/

-1438-CSRF Attack can lead to Stored XSS:

https://medium.com/bugbountywriteup/csrf-attack-can-lead-to-stored-xss-f40ba91f1e4f

-1439-What is Mimikatz: The Beginner's Guide | Varonis:

https://www.varonis.com/bog/what-is-mimikatz

-1440-Preventing Mimikatz Attacks :

https://medium.com/blue-team/preventing-mimikatz-attacks-ed283e7ebdd5

-1441-Mimikatz tutorial: How it hacks Windows passwords, credentials:

https://searchsecurity.techtarget.com/.../Mimikatz-tutorial-How-it-hacks-Windows-passwords-credentials

-1442-Mimikatz: Walkthrough [Updated 2019]:

https://resources.infosecinstitute.com/mimikatz-walkthrough/

-1443-Mimikatz -Windows Tutorial for Beginner:

https://hacknpentest.com/mimikatz-windows-tutorial-beginners-guide-part-1/

-1444-Mitigations against Mimikatz Style Attacks:

https://isc.sans.edu/forums/diary/Mitigations+against+Mimikatz+Style+Attacks

-1445-Exploring Mimikatz - Part 1 :

https://blog.xpnsec.com/exploring-mimikatz-part-1/

-1446-Powershell AV Evasion. Running Mimikatz with PowerLine:

https://jlajara.gitlab.io/posts/2019/01/27/Mimikatz-AV-Evasion.html

-1447-How to Steal Windows Credentials with Mimikatz and Metasploit:

https://www.hackingloops.com/mimikatz/

-1448-Retrieving NTLM Hashes without touching LSASS:

https://www.andreafortuna.org/2018/03/26/retrieving-ntlm-hashes-without-touching-lsass-the-internal-monologue-attack/

-1449-From Responder to NT Authority\SYSTEM:

https://medium.com/bugbountywriteup/from-responder-to-nt-authority-system-39abd3593319

-1450-Getting Creds via NTLMv2:

https://0xdf.gitlab.io/2019/01/13/getting-net-ntlm-hases-from-windows.html

-1451-Living off the land: stealing NetNTLM hashes:

https://www.securify.nl/blog/SFY20180501/living-off-the-land_-stealing-netntlm-hashes.html

-1452-(How To) Using Responder to capture passwords on a Windows:

www.securityflux.com/?p=303

-1453-Pwning with Responder - A Pentester's Guide:

https://www.notsosecure.com/pwning-with-responder-a-pentesters-guide/

-1454-LLMNR and NBT-NS Poisoning Using Responder:

https://www.4armed.com/blog/llmnr-nbtns-poisoning-using-responder/

-1455-Responder - Ultimate Guide :

https://www.ivoidwarranties.tech/posts/pentesting-tuts/responder/guide/

-1456-Responder - CheatSheet:

https://www.ivoidwarranties.tech/posts/pentesting-tuts/responder/cheatsheet/

-1457-LM, NTLM, Net-NTLMv2, oh my! :

https://medium.com/@petergombos/lm-ntlm-net-ntlmv2-oh-my-a9b235c58ed4

-1458-SMB Relay Attack Tutorial:

https://intrinium.com/smb-relay-attack-tutorial

-1459-Cracking NTLMv2 responses captured using responder:

https://zone13.io/post/cracking-ntlmv2-responses-captured-using-responder/

-1460-Skip Cracking Responder Hashes and Relay Them:

https://threat.tevora.com/quick-tip-skip-cracking-responder-hashes-and-replay-them/

-1461-Metasploit's First Antivirus Evasion Modules:

https://blog.rapid7.com/2018/10/09/introducing-metasploits-first-evasion-module/

-1462-Evading Anti-virus Part 1: Infecting EXEs with Shellter:

https://www.hackingloops.com/evading-anti-virus-shellter/

-1463-Evading AV with Shellter:

https://www.securityartwork.es/2018/11/02/evading-av-with-shellter-i-also-have-sysmon-and-wazuh-i/

-1464-Shellter-A Shellcode Injecting Tool :

https://www.hackingarticles.in/shellter-a-shellcode-injecting-tool/

-1465-Bypassing antivirus programs using SHELLTER:

https://myhackstuff.com/shellter-bypassing-antivirus-programs/

-1466-John the Ripper step-by-step tutorials for end-users :

openwall.info/wiki/john/tutorials

-1467-Beginners Guide for John the Ripper (Part 1):

https://www.hackingarticles.in/beginner-guide-john-the-ripper-part-1/

-1468-John the Ripper Basics Tutorial:

https://ultimatepeter.com/john-the-ripper-basics-tutorial/

-1469-Crack Windows password with john the ripper:

https://www.securitynewspaper.com/2018/11/27/crack-windows-password-with-john-the-ripper/

-1470-Getting Started Cracking Password Hashes with John the Ripper :

https://www.tunnelsup.com/getting-started-cracking-password-hashes/

-1471-Shell code exploit with Buffer overflow:

https://medium.com/@jain.sm/shell-code-exploit-with-buffer-overflow-8d78cc11f89b

-1472-Shellcoding for Linux and Windows Tutorial :

www.vividmachines.com/shellcode/shellcode.html

-1473-Buffer Overflow Practical Examples :

https://0xrick.github.io/binary-exploitation/bof5/

-1474-Msfvenom shellcode analysis:

https://snowscan.io/msfvenom-shellcode-analysis/

-1475-Process Continuation Shellcode:

https://azeria-labs.com/process-continuation-shellcode/

-1476-Dynamic Shellcode Execution:

https://www.countercept.com/blog/dynamic-shellcode-execution/

-1477-Tutorials: Writing shellcode to binary files:

https://www.fuzzysecurity.com/tutorials/7.html

-1478-Creating Shellcode for an Egg Hunter :

https://securitychops.com/2018/05/26/slae-assignment-3-egghunter-shellcode.html

-1479-How to: Shellcode to reverse bind a shell with netcat :

www.hackerfall.com/story/shellcode-to-reverse-bind-a-shell-with-netcat

-1480-Bashing the Bash — Replacing Shell Scripts with Python:

https://medium.com/capital-one-tech/bashing-the-bash-replacing-shell-scripts-with-python-d8d201bc0989

-1481-How to See All Devices on Your Network With nmap on Linux:

https://www.howtogeek.com/.../how-to-see-all-devices-on-your-network-with-nmap-on-linux

-1482-A Complete Guide to Nmap:

https://www.edureka.co/blog/nmap-tutorial/

-1483-Nmap from Beginner to Advanced :

https://resources.infosecinstitute.com/nmap/

-1484-Using Wireshark: Identifying Hosts and Users:

https://unit42.paloaltonetworks.com/using-wireshark-identifying-hosts-and-users/

-1485-tshark tutorial and filter examples:

https://hackertarget.com/tshark-tutorial-and-filter-examples/

-1486-Fuzz Testing(Fuzzing) Tutorial: What is, Types, Tools & Example:

https://www.guru99.com/fuzz-testing.html

-1487-Tutorial: Dumb Fuzzing - Peach Community Edition:

community.peachfuzzer.com/v3/TutorialDumbFuzzing.html

-1488-HowTo: ExploitDev Fuzzing:

https://hansesecure.de/2018/03/howto-exploitdev-fuzzing/

-1489-Fuzzing with Metasploit:

https://www.corelan.be/?s=fuzzing

-1490-Fuzzing – how to find bugs automagically using AFL:

9livesdata.com/fuzzing-how-to-find-bugs-automagically-using-afl/

-1491-Introduction to File Format Fuzzing & Exploitation:

https://medium.com/@DanielC7/introduction-to-file-format-fuzzing-exploitation-922143ab2ab3

-1492-0x3 Python Tutorial: Fuzzer:

https://www.primalsecurity.net/0x3-python-tutorial-fuzzer/

-1493-Hunting For Bugs With AFL:

https://research.aurainfosec.io/hunting-for-bugs-101/

-1494-Fuzzing: The New Unit Testing:

https://www.slideshare.net/DmitryVyukov/fuzzing-the-new-unit-testing

-1495-Fuzzing With Peach Framework:

https://www.terminatio.org/fuzzing-peach-framework-full-tutorial-download/

-1496-How we found a tcpdump vulnerability using cloud fuzzing:

https://www.softscheck.com/en/identifying-security-vulnerabilities-with-cloud-fuzzing/

-1497-Finding a Fuzzer: Peach Fuzzer vs. Sulley:

https://medium.com/@jtpereyda/finding-a-fuzzer-peach-fuzzer-vs-sulley-1fcd6baebfd4

-1498-Android malware analysis:

https://www.slideshare.net/rossja/android-malware-analysis-71109948

-1499-15+ Malware Analysis Tools & Techniques :

https://www.template.net/business/tools/malware-analysis/

-1500-30 Online Malware Analysis Sandboxes / Static Analyzers:

https://medium.com/@su13ym4n/15-online-sandboxes-for-malware-analysis-f8885ecb8a35

-1501-Linux Command Line Forensics and Intrusion Detection Cheat Sheet:

https://www.sandflysecurity.com/blog/compromised-linux-cheat-sheet/

-1502-Cheat Sheets - SANS Digital Forensics:

https://digital-forensics.sans.org/community/cheat-sheets

-1503-Breach detection with Linux filesystem forensics:

https://opensource.com/article/18/4/linux-filesystem-forensics

-1504-Digital Forensics Cheat Sheets Collection :

https://neverendingsecurity.wordpress.com/digital-forensics-cheat-sheets-collection/

-1505-Security Incident Survey Cheat Sheet for Server Administrators:

https://zeltser.com/security-incident-survey-cheat-sheet/

-1506-Digital forensics: A cheat sheet :

https://www.techrepublic.com/article/digital-forensics-the-smart-persons-guide/

-1507-Windows Registry Forensics using 'RegRipper' Command-Line on Linux:

https://www.pinterest.cl/pin/794815034207804059/

-1508-Windows IR Live Forensics Cheat Sheet:

https://www.cheatography.com/koriley/cheat-sheets/windows-ir-live-forensics/

-1509-10 Best Known Forensics Tools That Works on Linux:

https://linoxide.com/linux-how-to/forensics-tools-linux/

-1510-Top 20 Free Digital Forensic Investigation Tools for SysAdmins:

https://techtalk.gfi.com/top-20-free-digital-forensic-investigation-tools-for-sysadmins/

-1511-Windows Volatile Memory Acquisition & Forensics 2018:

https://medium.com/@lucideus/windows-volatile-memory-acquisition-forensics-2018-lucideus-forensics-3f297d0e5bfd

-1512-PowerShell Cheat Sheet :

https://www.digitalforensics.com/blog/powershell-cheat-sheet-2/

-1513-Forensic Artifacts: evidences of program execution on Windows systems:

https://www.andreafortuna.org/forensic-artifacts-evidences-of-program-execution-on-windows-systems

-1514-How to install a CPU?:

https://www.computer-hardware-explained.com/how-to-install-a-cpu.html

-1515-How To Upgrade and Install a New CPU or Motherboard:

https://www.howtogeek.com/.../how-to-upgrade-and-install-a-new-cpu-or-motherboard-or-both

-1516-Installing and Troubleshooting CPUs:

www.pearsonitcertification.com/articles/article.aspx?p=1681054&seqNum=2

-1517-15 FREE Pastebin Alternatives You Can Use Right Away:

https://www.rootreport.com/pastebin-alternatives/

-1518-Basic computer troubleshooting steps:

https://www.computerhope.com/basic.htm

-1519-18 Best Websites to Learn Computer Troubleshooting and Tech support:

http://transcosmos.co.uk/best-websites-to-learn-computer-troubleshooting-and-tech-support

-1520-Post Exploitation with PowerShell Empire 2.3.0 :

https://www.yeahhub.com/post-exploitation-powershell-empire-2-3-0-detailed-tutorial/

-1521-Windows Persistence with PowerShell Empire :

https://www.hackingarticles.in/windows-persistence-with-powershell-empire/

-1522-powershell-empire-tutorials-empire-to-meterpreter-shellcode-injection-ssl-tutorial:

https://www.dudeworks.com/powershell-empire-tutorials-empire-to-meterpreter-shellcode-injection-ssl-tutorial

-1523-Bypassing Anti-Virtus & Hacking Windows 10 Using Empire :

https://zsecurity.org/bypassing-anti-virtus-hacking-windows-10-using-empire/

-1524-Hacking with Empire – PowerShell Post-Exploitation Agent :

https://www.prodefence.org/hacking-with-empire-powershell-post-exploitation-agent/

-1525-Hacking Windows Active Directory Full guide:

www.kalitut.com/hacking-windows-active-directory-full.html

-1526-PowerShell Empire for Post-Exploitation:

https://www.hackingloops.com/powershell-empire/

-1527-Generate A One-Liner – Welcome To LinuxPhilosophy!:

linuxphilosophy.com/rtfm/more/empire/generate-a-one-liner/

-1528-CrackMapExec - Ultimate Guide:

https://www.ivoidwarranties.tech/posts/pentesting-tuts/cme/crackmapexec/

-1529-PowerShell Logging and Security:

https://www.secjuice.com/enterprise-powershell-protection-logging/

-1530-Create your own FUD Backdoors with Empire:

http://blog.extremehacking.org/blog/2016/08/25/create-fud-backdoors-empire/

-1531-PowerShell Empire Complete Tutorial For Beginners:

https://video.hacking.reviews/2019/06/powershell-empire-complete-tutorial-for.html

-1532-Bash Bunny: Windows Remote Shell using Metasploit & PowerShell:

https://cyberarms.wordpress.com/.../bash-bunny-windows-remote-shell-using-metasploit-powershell

-1533-Kerberoasting - Stealing Service Account Credentials:

https://www.scip.ch/en/?labs.20181011

-1534-Automating Mimikatz with Empire and DeathStar :

https://blog.stealthbits.com/automating-mimikatz-with-empire-and-deathstar/

-1535-Windows oneliners to get shell :

https://ironhackers.es/en/cheatsheet/comandos-en-windows-para-obtener-shell/

-1536-ObfuscatedEmpire :

https://cobbr.io/ObfuscatedEmpire.html

-1537-Pentesting with PowerShell in six steps:

https://periciacomputacional.com/pentesting-with-powershell-in-six-steps/

-1538-Using Credentials to Own Windows Boxes - Part 3 (WMI and WinRM):

https://blog.ropnop.com/using-credentials-to-own-windows-boxes-part-3-wmi-and-winrm

-1539-PowerShell Security Best Practices:

https://www.digitalshadows.com/blog-and-research/powershell-security-best-practices/

-1540-You can detect PowerShell attacks:

https://www.slideshare.net/Hackerhurricane/you-can-detect-powershell-attacks

-1541-Detecting and Preventing PowerShell Attacks:

https://www.eventsentry.com/.../powershell-pw3rh311-detecting-preventing-powershell-attacks

-1542-Detecting Offensive PowerShell Attack Tools – Active Directory Security:

https://adsecurity.org/?p=2604

-1543-An Internal Pentest Audit Against Active Directory:

https://www.exploit-db.com/docs/46019

-1544-A complete Active Directory Penetration Testing Checklist :

https://gbhackers.com/active-directory-penetration-testing-checklist/

-1545-Active Directory | Penetration Testing Lab:

https://pentestlab.blog/tag/active-directory/

-1546-Building and Attacking an Active Directory lab with PowerShell :

https://1337red.wordpress.com/building-and-attacking-an-active-directory-lab-with-powershell

-1547-Penetration Testing in Windows Server Active Directory using Metasploit:

https://www.hackingarticles.in/penetration-testing-windows-server-active-directory-using-metasploit-part-1

-1548-Red Team Penetration Testing – Going All the Way (Part 2 of 3) :

https://www.anitian.com/red-team-testing-going-all-the-way-part2/

-1549-Penetration Testing Active Directory, Part II:

https://www.jishuwen.com/d/2Mtq

-1550-Gaining Domain Admin from Outside Active Directory:

https://markitzeroday.com/pass-the-hash/crack-map-exec/2018/03/04/da-from-outside-the-domain.html

-1551-Post Exploitation Cheat Sheet:

https://0xsecurity.com/blog/some-hacking-techniques/post-exploitation-cheat-sheet

-1552-Windows post-exploitation :

https://github.com/emilyanncr/Windows-Post-Exploitation

-1553-OSCP - Windows Post Exploitation :

https://hackingandsecurity.blogspot.com/2017/9/oscp-windows-post-exploitation.html

-1554-Windows Post-Exploitation Command List:

http://pentest.tonyng.net/windows-post-exploitation-command-list/

-1555-Windows Post-Exploitation Command List:

http://tim3warri0r.blogspot.com/2012/09/windows-post-exploitation-command-list.html

-1556-Linux Post-Exploitation · OSCP - Useful Resources:

https://backdoorshell.gitbooks.io/oscp-useful-links/content/linux-post-exploitation.html

-1557-Pentesting Cheatsheet:

https://anhtai.me/pentesting-cheatsheet/

-1558-Pentesting Cheatsheets - Red Teaming Experiments:

https://ired.team/offensive-security-experiments/offensive-security-cheetsheets

-1559-OSCP Goldmine:

http://0xc0ffee.io/blog/OSCP-Goldmine

-1560-Linux Post Exploitation Cheat Sheet:

http://red-orbita.com/?p=8455

-1562-OSCP useful resources and tools:

https://acknak.fr/en/articles/oscp-tools/

-1563-Windows Post-Exploitation Command List :

https://es.scribd.com/document/100182787/Windows-Post-Exploitation-Command-List

-1564-Metasploit Cheat Sheet:

https://pentesttools.net/metasploit-cheat-sheet/

-1565-Windows Privilege Escalation:

https://awansec.com/windows-priv-esc.html

-1566-Linux Unix Bsd Post Exploitation:

https://attackerkb.com/Unix/LinuxUnixBSD_Post_Exploitation

-1567-Privilege Escalation & Post-Exploitation:

https://movaxbx.ru/2018/09/16/privilege-escalation-post-exploitation/

-1568-Metasploit Cheat Sheet:

https://vk-intel.org/2016/12/28/metasploit-cheat-sheet/

-1569-Metasploit Cheat Sheet :

https://nitesculucian.github.io/2018/12/01/metasploit-cheat-sheet/

-1570-Privilege escalation: Linux:

https://vulp3cula.gitbook.io/hackers-grimoire/post-exploitation/privesc-linux

-1571-Cheat Sheets — Amethyst Security:

https://www.ssddcyber.com/cheatsheets

-1572-Responder - CheatSheet:

https://www.ivoidwarranties.tech/posts/pentesting-tuts/responder/cheatsheet/

-1573-Cheatsheets:

https://h4ck.co/wp-content/uploads/2018/06/cheatsheet.txt

-1574-Are you ready for OSCP?:

https://www.hacktoday.io/t/are-you-ready-for-oscp/59

-1575-Windows Privilege Escalation:

https://labs.p64cyber.com/windows-privilege-escalation/

-1576-A guide to Linux Privilege Escalation:

https://payatu.com/guide-linux-privilege-escalation/

-1577-Windows Post-Exploitation-Cheat-Sheet:

http://pentestpanther.com/2019/07/01/windows-post-exploitation-cheat-sheet/

-1578-Windows Privilege Escalation (privesc) Resources:

https://www.willchatham.com/security/windows-privilege-escalation-privesc-resources/

-1579-Dissecting Mobile Malware:

https://slideplayer.com/slide/3434519/

-1580-Android malware analysis with Radare: Dissecting the Triada Trojan:

www.nowsecure.com/blog/2016/11/21/android-malware-analysis-radare-triad/

-1581-Dissecting Mobile Native Code Packers:

https://blog.zimperium.com/dissecting-mobile-native-code-packers-case-study/

-1582-What is Mobile Malware? Defined, Explained, and Explored:

https://www.forcepoint.com/cyber-edu/mobile-malware

-1583-Malware Development — Professionalization of an Ancient Art:

https://medium.com/scip/malware-development-professionalization-of-an-ancient-art-4dfb3f10f34b

-1584-Weaponizing Malware Code Sharing with Cythereal MAGIC:

https://medium.com/@arun_73782/cythereal-magic-e68b0c943b1d

-1585-Web App Pentest Cheat Sheet:

https://medium.com/@muratkaraoz/web-app-pentest-cheat-sheet-c17394af773

-1586-The USB Threat is [Still] Real — Pentest Tools for Sysadmins, Continued:

https://medium.com/@jeremy.trinka/the-usb-threat-is-still-real-pentest-tools-for-sysadmins-continued-88560af447bf

-1587-How to Run An External Pentest:

https://medium.com/@_jayhill/how-to-run-an-external-pentest-dd76ed14bb6a

-1588-Advice for new pentesters:

https://medium.com/@PentesterLab/advice-for-new-pentesters-a5f7d75a3aea

-1589-NodeJS Application Pentest Tips:

https://medium.com/bugbountywriteup/nodejs-application-pentest-tips-improper-uri-handling-in-express-390b3a07cb3e

-1590-How to combine Pentesting with Automation to improve your security:

https://medium.com/how-to-combine-pentest-with-automation-to-improve-your-security

-1591-Day 79: FTP Pentest Guide:

https://medium.com/@int0x33/day-79-ftp-pentest-guide-5106967bd50a

-1592-SigintOS: A Wireless Pentest Distro Review:

https://medium.com/@tomac/sigintos-a-wireless-pentest-distro-review-a7ea93ee8f8b

-1593-Conducting an IoT Pentest :

https://medium.com/p/6fa573ac6668?source=user_profile...

-1594-Efficient way to pentest Android Chat Applications:

https://medium.com/android-tamer/efficient-way-to-pentest-android-chat-applications-46221d8a040f

-1595-APT2 - Automated PenTest Toolkit :

https://medium.com/media/f1cf43d92a17d5c4c6e2e572133bfeed/href

-1596-Pentest Tools and Distros:

https://medium.com/hacker-toolbelt/pentest-tools-and-distros-9d738d83f82d

-1597-Keeping notes during a pentest/security assessment/code review:

https://blog.pentesterlab.com/keeping-notes-during-a-pentest-security-assessment-code-review-7e6db8091a66?gi=4c290731e24b

-1598-An intro to pentesting an Android phone:

https://medium.com/@tnvo/an-intro-to-pentesting-an-android-phone-464ec4860f39

-1599-The Penetration Testing Report:

https://medium.com/@mtrdesign/the-penetration-testing-report-38a0a0b25cf2

-1600-VA vs Pentest:

https://medium.com/@play.threepetsirikul/va-vs-pentest-cybersecurity-2a17250d5e03

-1601-Pentest: Hacking WPA2 WiFi using Aircrack on Kali Linux:

https://medium.com/@digitalmunition/pentest-hacking-wpa2-wifi-using-aircrack-on-kali-linux-99519fee946f

-1602-Pentesting Ethereum dApps:

https://medium.com/@brandonarvanaghi/pentesting-ethereum-dapps-2a84c8dfee19

-1603-Android pentest lab in a nutshell :

https://medium.com/@dortz/android-pentest-lab-in-a-nutshell-ee60be8638d3

-1604-Pentest Magazine: Web Scraping with Python :

https://medium.com/@heavenraiza/web-scraping-with-python-170145fd90d3

-1605-Pentesting iOS apps without jailbreak:

https://medium.com/securing/pentesting-ios-apps-without-jailbreak-91809d23f64e

-1606-OSCP/Pen Testing Resources:

https://medium.com/@sdgeek/oscp-pen-testing-resources-271e9e570d45

-1607-Web Application Security & Bug Bounty (Methodology, Reconnaissance, Vulnerabilities, Reporting):

https://blog.usejournal.com/web-application-security-bug-bounty-methodology-reconnaissance-vulnerabilities-reporting-635073cddcf2?gi=4a578db171dc

-1608-Local File Inclusion (LFI) — Web Application Penetration Testing:

https://medium.com/@Aptive/local-file-inclusion-lfi-web-application-penetration-testing-cc9dc8dd3601

-1609-Local File Inclusion (Basic):

https://medium.com/@kamransaifullah786/local-file-inclusion-basic-242669a7af3

-1610-PHP File Inclusion Vulnerability:

https://www.immuniweb.com/vulnerability/php-file-inclusion.html

-1611-Local File Inclusion:

https://teambi0s.gitlab.io/bi0s-wiki/web/lfi/

-1612-Web Application Penetration Testing: Local File Inclusion:

https://hakin9.org/web-application-penetration-testing-local-file-inclusion-lfi-testing/

-1613-From Local File Inclusion to Code Execution :

https://resources.infosecinstitute.com/local-file-inclusion-code-execution/

-1614-RFI / LFI:

https://security.radware.com/ddos-knowledge-center/DDoSPedia/rfi-lfi/

-1615-From Local File Inclusion to Remote Code Execution - Part 2:

https://outpost24.com/blog/from-local-file-inclusion-to-remote-code-execution-part-2

-1616-Local File Inclusion:

https://xapax.gitbooks.io/security/content/local_file_inclusion.html

-1617-Beginner Guide to File Inclusion Attack (LFI/RFI) :

https://www.hackingarticles.in/beginner-guide-file-inclusion-attack-lfirfi/

-1618-LFI / RFI:

https://secf00tprint.github.io/blog/payload-tester/lfirfi/en

-1619-LFI and RFI Attacks - All You Need to Know:

https://www.getastra.com/blog/your-guide-to-defending-against-lfi-and-rfi-attacks/

-1620-Log Poisoning - LFI to RCE :

http://liberty-shell.com/sec/2018/05/19/poisoning/

-1621-LFI:

https://www.slideshare.net/cyber-punk/lfi-63050678

-1622-Hand Guide To Local File Inclusion(LFI):

www.securityidiots.com/Web-Pentest/LFI/guide-to-lfi.html

-1623-Local File Inclusion (LFI) - Cheat Sheet:

https://ironhackers.es/herramientas/lfi-cheat-sheet/

-1624-Web Application Penetration Testing Local File Inclusion (LFI):

https://www.cnblogs.com/Primzahl/p/6258149.html

-1625-File Inclusion Vulnerability Prevention:

https://www.pivotpointsecurity.com/blog/file-inclusion-vulnerabilities/

-1626-The Most In-depth Hacker's Guide:

https://books.google.com/books?isbn=1329727681

-1627-Hacking Essentials: The Beginner's Guide To Ethical Hacking:

https://books.google.com/books?id=e6CHDwAAQBAJ

-1628-Web App Hacking, Part 11: Local File Inclusion:

https://www.hackers-arise.com/.../Web-App-Hacking-Part-11-Local-File-Inclusion-LFI

-1629-Local and remote file inclusion :

https://vulp3cula.gitbook.io/hackers-grimoire/exploitation/web-application/lfi-rfi

-1630-Upgrade from LFI to RCE via PHP Sessions :

https://www.rcesecurity.com/2017/08/from-lfi-to-rce-via-php-sessions/

-1631-CVV #1: Local File Inclusion:

https://medium.com/bugbountywriteup/cvv-1-local-file-inclusion-ebc48e0e479a

-1632-(PDF) Cross Site Scripting (XSS) in Action:

https://www.researchgate.net/publication/241757130_Cross_Site_Scripting_XSS_in_Action

-1633-XSS exploitation part 1:

www.securityidiots.com/Web-Pentest/XSS/xss-exploitation-series-part-1.html

-1634-Weaponizing self-xss:

https://silentbreaksecurity.com/weaponizing-self-xss/

-1635-Cookie Tracking and Stealing using Cross-Site Scripting:

https://www.geeksforgeeks.org/cookie-tracking-stealing-using-cross-site-scripting/

-1636-Defense against the Black Arts:

https://books.google.com/books?isbn=1439821224

-1637-CSRF Attacks: Anatomy, Prevention, and XSRF Tokens:

https://www.acunetix.com/websitesecurity/csrf-attacks/

-1638-Bypassing CSRF protection:

https://www.bugbountynotes.com/training/tutorial?id=5

-1639-Stealing CSRF tokens with XSS:

https://digi.ninja/blog/xss_steal_csrf_token.php

-1640-Same Origin Policy and ways to Bypass:

https://medium.com/@minosagap/same-origin-policy-and-ways-to-bypass-250effdc4a12

-1641-Bypassing Same Origin Policy :

https://resources.infosecinstitute.com/bypassing-same-origin-policy-sop/

-1642-Client-Side Attack - an overview :

https://www.sciencedirect.com/topics/computer-science/client-side-attack

-1643-Client-Side Injection Attacks:

https://blog.alertlogic.com/blog/client-side-injection-attacks/

-1645-The Client-Side Battle Against JavaScript Attacks Is Already Here:

https://medium.com/swlh/the-client-side-battle-against-javascript-attacks-is-already-here-656f3602c1f2

-1646-Why Let’s Encrypt is a really, really, really bad idea:

https://medium.com/swlh/why-lets-encrypt-is-a-really-really-really-bad-idea-d69308887801

-1647-Huge Guide to Client-Side Attacks:

https://www.notion.so/d382649cfebd4c5da202677b6cad1d40

-1648-OSCP Prep – Episode 11: Client Side Attacks:

https://kentosec.com/2018/09/02/oscp-prep-episode-11-client-side-attacks/

-1649-Client side attack - AV Evasion:

https://rafalharazinski.gitbook.io/security/oscp/untitled-1/client-side-attack

-1650-Client-Side Attack With Metasploit (Part 4):

https://thehiddenwiki.pw/blog/2018/07/23/client-side-attack-metasploit/

-1651-Ransomware: Latest Developments and How to Defend Against Them:

https://www.recordedfuture.com/latest-ransomware-attacks/

-1652-Cookie Tracking and Stealing using Cross-Site Scripting:

https://www.geeksforgeeks.org/cookie-tracking-stealing-using-cross-site-scripting/

-1653-How to Write an XSS Cookie Stealer in JavaScript to Steal Passwords:

https://null-byte.wonderhowto.com/.../write-xss-cookie-stealer-javascript-steal-passwords-0180833

-1654-How I was able to steal cookies via stored XSS in one of the famous e-commerce site:

https://medium.com/@bhavarth33/how-i-was-able-to-steal-cookies-via-stored-xss-in-one-of-the-famous-e-commerce-site-3de8ab94437d

-1655-Steal victim's cookie using Cross Site Scripting (XSS) :

https://securityonline.info/steal-victims-cookie-using-cross-site-scripting-xss/

-1656-Remote Code Execution — Damn Vulnerable Web Application(DVWA) - Medium level security:

https://medium.com/@mikewaals/remote-code-execution-damn-vulnerable-web-application-dvwa-medium-level-security-ca283cda3e86

-1657-Remote Command Execution:

https://hacksland.net/remote-command-execution/

-1658-DevOops — An XML External Entity (XXE) HackTheBox Walkthrough:

https://medium.com/bugbountywriteup/devoops-an-xml-external-entity-xxe-hackthebox-walkthrough-fb5ba03aaaa2

-1659-XML External Entity - Beyond /etc/passwd (For Fun & Profit):

https://www.blackhillsinfosec.com/xml-external-entity-beyond-etcpasswd-fun-profit/

-1660-XXE - ZeroSec - Adventures In Information Security:

https://blog.zsec.uk/out-of-band-xxe-2/

-1661-Exploitation: XML External Entity (XXE) Injection:

https://depthsecurity.com/blog/exploitation-xml-external-entity-xxe-injection

-1662-Hack The Box: DevOops:

https://redteamtutorials.com/2018/11/11/hack-the-box-devoops/

-1663-Web Application Penetration Testing Notes:

https://techvomit.net/web-application-penetration-testing-notes/

-1664-WriteUp – Aragog (HackTheBox) :

https://ironhackers.es/en/writeups/writeup-aragog-hackthebox/

-1665-Linux Privilege Escalation Using PATH Variable:

https://www.hackingarticles.in/linux-privilege-escalation-using-path-variable/

-1666-Linux Privilege Escalation via Automated Script :

https://www.hackingarticles.in/linux-privilege-escalation-via-automated-script/

-1667-Privilege Escalation - Linux :

https://chryzsh.gitbooks.io/pentestbook/privilege_escalation_-_linux.html

-1668-Linux Privilege Escalation:

https://percussiveelbow.github.io/linux-privesc/

-1669-Perform Local Privilege Escalation Using a Linux Kernel Exploit :

https://null-byte.wonderhowto.com/how-to/perform-local-privilege-escalation-using-linux-kernel-exploit-0186317/

-1670-Linux Privilege Escalation With Kernel Exploit:

https://www.yeahhub.com/linux-privilege-escalation-with-kernel-exploit-8572-c/

-1671-Reach the root! How to gain privileges in Linux:

https://hackmag.com/security/reach-the-root/

-1672-Enumeration for Linux Privilege Escalation:

https://0x00sec.org/t/enumeration-for-linux-privilege-escalation/1959

-1673-Linux Privilege Escalation Scripts :

https://netsec.ws/?p=309

-1674-Understanding Privilege Escalation:

www.admin-magazine.com/Articles/Understanding-Privilege-Escalation

-1675-Toppo:1 | Vulnhub Walkthrough:

https://medium.com/egghunter/toppo-1-vulnhub-walkthrough-c5f05358cf7d

-1676-Privilege Escalation resources:

https://forum.hackthebox.eu/discussion/1243/privilege-escalation-resources

-1678-OSCP Notes – Privilege Escalation (Linux):

https://securism.wordpress.com/oscp-notes-privilege-escalation-linux/

-1679-Udev Exploit Allows Local Privilege Escalation :

www.madirish.net/370

-1680-Understanding Linux Privilege Escalation and Defending Against It:

https://linux-audit.com/understanding-linux-privilege-escalation-and-defending-againt-it

-1681-Windows Privilege Escalation Using PowerShell:

https://hacknpentest.com/windows-privilege-escalation-using-powershell/

-1682-Privilege Escalation | Azeria Labs:

https://azeria-labs.com/privilege-escalation/

-1683-Abusing SUDO (Linux Privilege Escalation):

https://touhidshaikh.com/blog/?p=790

-1684-Privilege Escalation - Linux:

https://mysecurityjournal.blogspot.com/p/privilege-escalation-linux.html

-1685-0day Linux Escalation Privilege Exploit Collection :

https://blog.spentera.id/0day-linux-escalation-privilege-exploit-collection/

-1686-Linux for Pentester: cp Privilege Escalation :

https://hackin.co/articles/linux-for-pentester-cp-privilege-escalation.html

-1687-Practical Privilege Escalation Using Meterpreter:

https://ethicalhackingblog.com/practical-privilege-escalation-using-meterpreter/

-1688-dirty_sock: Linux Privilege Escalation (via snapd):

https://www.redpacketsecurity.com/dirty_sock-linux-privilege-escalation-via-snapd/

-1689-Linux privilege escalation:

https://jok3rsecurity.com/linux-privilege-escalation/

-1690-The Complete Meterpreter Guide | Privilege Escalation & Clearing Tracks:

https://hsploit.com/the-complete-meterpreter-guide-privilege-escalation-clearing-tracks/

-1691-How to prepare for PWK/OSCP, a noob-friendly guide:

https://www.abatchy.com/2017/03/how-to-prepare-for-pwkoscp-noob

-1692-Basic Linux privilege escalation by kernel exploits:

https://greysec.net/showthread.php?tid=1355

-1693-Linux mount without root :

epaymentamerica.com/tozkwje/xlvkawj2.php?trjsef=linux-mount-without-root

-1694-Linux Privilege Escalation Oscp:

www.condadorealty.com/2h442/linux-privilege-escalation-oscp.html

-1695-Privilege Escalation Attack Tutorial:

https://alhilalgroup.info/photography/privilege-escalation-attack-tutorial

-1696-Oscp Bethany Privilege Escalation:

https://ilustrado.com.br/i8v7/7ogf.php?veac=oscp-bethany-privilege-escalation

-1697-Hacking a Website and Gaining Root Access using Dirty COW Exploit:

https://ethicalhackers.club/hacking-website-gaining-root-access-using-dirtycow-exploit/

-1698-Privilege Escalation - Linux · Total OSCP Guide:

https://sushant747.gitbooks.io/total-oscp-guide/privilege_escalation_-_linux.html

-1699-Linux advanced privilege escalation:

https://www.slideshare.net/JameelNabbo/linux-advanced-privilege-escalation

-1700-Local Linux privilege escalation overview:

https://myexperiments.io/linux-privilege-escalation.html

-1701-Windows Privilege Escalation Scripts & Techniques :

https://medium.com/@rahmatnurfauzi/windows-privilege-escalation-scripts-techniques-30fa37bd194

-1702-Penetration Testing: Maintaining Access:

https://resources.infosecinstitute.com/penetration-testing-maintaining-access/

-1703-Kali Linux Maintaining Access :

https://www.tutorialspoint.com/kali_linux/kali_linux_maintaining_access.htm

-1704-Best Open Source Tools for Maintaining Access & Tunneling:

https://n0where.net/maintaining-access

-1705-Maintaining Access Part 1: Introduction and Metasploit Example:

https://www.hackingloops.com/maintaining-access-metasploit/

-1706-Maintaining Access - Ethical hacking and penetration testing:

https://miloserdov.org/?cat=143

-1707-Maintaining Access with Web Backdoors [Weevely]:

https://www.yeahhub.com/maintaining-access-web-backdoors-weevely/

-1708-Best Open Source MITM Tools: Sniffing & Spoofing:

https://n0where.net/mitm-tools

-1709-Cain and Abel - Man in the Middle (MITM) Attack Tool Explained:

https://cybersguards.com/cain-and-abel-man-in-the-middle-mitm-attack-tool-explained/

-1710-Man In The Middle Attack (MITM):

https://medium.com/@nancyjohn.../man-in-the-middle-attack-mitm-114b53b2d987

-1711-Real-World Man-in-the-Middle (MITM) Attack :

https://ieeexplore.ieee.org/document/8500082

-1712-The Ultimate Guide to Man in the Middle Attacks :

https://doubleoctopus.com/blog/the-ultimate-guide-to-man-in-the-middle-mitm-attacks-and-how-to-prevent-them/

-1713-How to Conduct ARP Spoofing for MITM Attacks:

https://tutorialedge.net/security/arp-spoofing-for-mitm-attack-tutorial/

-1714-How To Do A Man-in-the-Middle Attack Using ARP Spoofing & Poisoning:

https://medium.com/secjuice/man-in-the-middle-attack-using-arp-spoofing-fa13af4f4633

-1715-Ettercap and middle-attacks tutorial :

https://pentestmag.com/ettercap-tutorial-for-windows/

-1716-How To Setup A Man In The Middle Attack Using ARP Poisoning:

https://online-it.nu/how-to-setup-a-man-in-the-middle-attack-using-arp-poisoning/

-1717-Intro to Wireshark and Man in the Middle Attacks:

https://www.commonlounge.com/discussion/2627e25558924f3fbb6e03f8f912a12d

-1718-MiTM Attack with Ettercap:

https://www.hackers-arise.com/single-post/2017/08/28/MiTM-Attack-with-Ettercap

-1719-Man in the Middle Attack with Websploit Framework:

https://www.yeahhub.com/man-middle-attack-websploit-framework/

-1720-SSH MitM Downgrade :

https://sites.google.com/site/clickdeathsquad/Home/cds-ssh-mitmdowngrade

-1721-How to use Netcat for Listening, Banner Grabbing and Transferring Files:

https://www.yeahhub.com/use-netcat-listening-banner-grabbing-transferring-files/

-1722-Powershell port scanner and banner grabber:

https://www.linkedin.com/pulse/powershell-port-scanner-banner-grabber-jeremy-martin/

-1723-What is banner grabbing attack:

https://rxkjftu.ga/sport/what-is-banner-grabbing-attack.php

-1724-Network penetration testing:

https://guif.re/networkpentest

-1725-NMAP Cheatsheet:

https://redteamtutorials.com/2018/10/14/nmap-cheatsheet/

-1726-How To Scan a Network With Nmap:

https://online-it.nu/how-to-scan-a-network-with-nmap/

-1727-Hacking Metasploitable : Scanning and Banner grabbing:

https://hackercool.com/2015/11/hacking-metasploitable-scanning-banner-grabbing/

-1728-Penetration Testing of an FTP Server:

https://shahmeeramir.com/penetration-testing-of-an-ftp-server-19afe538be4b

-1729-Nmap Usage & Cheet-Sheet:

https://aerroweb.wordpress.com/2018/03/14/namp-cheat-sheet/

-1730-Discovering SSH Host Keys with NMAP:

https://mwhubbard.blogspot.com/2015/03/discovering-ssh-host-keys-with-nmap.html

-1731-Banner Grabbing using Nmap & NetCat - Detailed Explanation:

https://techincidents.com/banner-grabbing-using-nmap-netcat

-1732-Nmap – (Vulnerability Discovery):

https://crazybulletctfwriteups.wordpress.com/2015/09/5/nmap-vulnerability-discovery/

-1733-Penetration Testing on MYSQL (Port 3306):

https://www.hackingarticles.in/penetration-testing-on-mysql-port-3306/

-1774-Password Spraying - Infosec Resources :

https://resources.infosecinstitute.com/password-spraying/

-1775-Password Spraying- Common mistakes and how to avoid them:

https://medium.com/@adam.toscher/password-spraying-common-mistakes-and-how-to-avoid-them-3fd16b1a352b

-1776-Password Spraying Tutorial:

https://attack.stealthbits.com/password-spraying-tutorial-defense

-1777-password spraying Archives:

https://www.blackhillsinfosec.com/tag/password-spraying/

-1778-The 21 Best Email Finding Tools::

https://beamery.com/blog/find-email-addresses

-1779-OSINT Primer: People (Part 2):

https://0xpatrik.com/osint-people/

-1780-Discovering Hidden Email Gateways with OSINT Techniques:

https://blog.ironbastion.com.au/discovering-hidden-email-servers-with-osint-part-2/

-1781-Top 20 Data Reconnaissance and Intel Gathering Tools :

https://securitytrails.com/blog/top-20-intel-tools

-1782-101+ OSINT Resources for Investigators [2019]:

https://i-sight.com/resources/101-osint-resources-for-investigators/

-1783-Digging Through Someones Past Using OSINT:

https://nullsweep.com/digging-through-someones-past-using-osint/

-1784-Gathering Open Source Intelligence:

https://posts.specterops.io/gathering-open-source-intelligence-bee58de48e05

-1785-How to Locate the Person Behind an Email Address:

https://www.sourcecon.com/how-to-locate-the-person-behind-an-email-address/

-1786-Find hacked email addresses and check breach mails:

https://www.securitynewspaper.com/2019/01/16/find-hacked-email-addresses/

-1787-A Pentester's Guide - Part 3 (OSINT, Breach Dumps, & Password :

https://delta.navisec.io/osint-for-pentesters-part-3-password-spraying-methodology/

-1788-Top 10 OSINT Tools/Sources for Security Folks:

www.snoopysecurity.github.io/osint/2018/08/02/10_OSINT_for_security_folks.html

-1789-Top 5 Open Source OSINT Tools for a Penetration Tester:

https://www.breachlock.com/top-5-open-source-osint-tools/

-1790-Open Source Intelligence tools for social media: my own list:

https://www.andreafortuna.org/2017/03/20/open-source-intelligence-tools-for-social-media-my-own-list/

-1791-Red Teaming: I can see you! Insights from an InfoSec expert :

https://www.perspectiverisk.com/i-can-see-you-osint/

-1792-OSINT Playbook for Recruiters:

https://amazinghiring.com/osint-playbook/

-1793- Links for Doxing, Personal OSInt, Profiling, Footprinting, Cyberstalking:

https://www.irongeek.com/i.php?page=security/doxing-footprinting-cyberstalking

-1794-Open Source Intelligence Gathering 201 (Covering 12 additional techniques):

https://blog.appsecco.com/open-source-intelligence-gathering-201-covering-12-additional-techniques-b76417b5a544?gi=2afe435c630a

-1795-Online Investigative Tools for Social Media Discovery and Locating People:

https://4thetruth.info/colorado-private-investigator-online-detective-social-media-and-online-people-search-online-search-tools.html

-1796-Expanding Skype Forensics with OSINT: Email Accounts:

http://www.automatingosint.com/blog/2016/05/expanding-skype-forensics-with-osint-email-accounts/

-1798-2019 OSINT Guide:

https://www.randhome.io/blog/2019/01/05/2019-osint-guide/

-1799-OSINT - Passive Recon and Discovery of Assets:

https://0x00sec.org/t/osint-passive-recon-and-discovery-of-assets/6715

-1800-OSINT With Datasploit:

https://dzone.com/articles/osint-with-datasploit

-1801-Building an OSINT Reconnaissance Tool from Scratch:

https://medium.com/@SundownDEV/phone-number-scanning-osint-recon-tool-6ad8f0cac27b

-1802-Find Identifying Information from a Phone Number Using OSINT Tools:

https://null-byte.wonderhowto.com/how-to/find-identifying-information-from-phone-number-using-osint-tools-0195472/

-1803-Find Details Of any Mobile Number, Email ID, IP Address in the world (Step By Step):

https://www.securitynewspaper.com/2019/05/02/find-details-of-any-mobile-number-email-id-ip-address-in-the-world-step-by-step/

-1804-Investigative tools for finding people online and keeping yourself safe:

https://ijnet.org/en/story/investigative-tools-finding-people-online-and-keeping-yourself-safe

-1805- Full text of "The Hacker Playbook 2 Practical Guide To Penetration Testing By Peter Kim":

https://archive.org/stream/TheHackerPlaybook2PracticalGuideToPenetrationTestingByPeterKim/The%20Hacker%20Playbook%202%20-%20Practical%20Guide%20To%20Penetration%20Testing%20By%20Peter%20Kim_djvu.txt

-1806-The Internet Archive offers over 15,000,000 freely downloadable books and texts. There is also a collection of 550,000 modern eBooks that may be borrowed by anyone with a free archive.org account:

https://archive.org/details/texts?and%5B%5D=hacking&sin=

-1807-Exploiting SSRF like a Boss — Escalation of an SSRF to Local File Read!:

https://medium.com/@zain.sabahat/exploiting-ssrf-like-a-boss-c090dc63d326

-1808-How to Pass OSCP Like Boss:

https://medium.com/@parthdeshani/how-to-pass-oscp-like-boss-b269f2ea99d

-1809-Deploy a private Burp Collaborator Server in Azure:

https://medium.com/bugbountywriteup/deploy-a-private-burp-collaborator-server-in-azure-f0d932ae1d70

-1810-Using Shodan Better Way! :):

https://medium.com/bugbountywriteup/using-shodan-better-way-b40f330e45f6

-1811-How To Do Your Reconnaissance Properly Before Chasing A Bug Bounty:

https://medium.com/bugbountywriteup/guide-to-basic-recon-bug-bounties-recon-728c5242a115

-1812-How we got LFI in apache Drill (Recon like a boss)::

https://medium.com/bugbountywriteup/how-we-got-lfi-in-apache-drill-recon-like-a-boss-6f739a79d87d

-1813-Chaining Self XSS with UI Redressing is Leading to Session Hijacking:

https://medium.com/bugbountywriteup/chaining-self-xss-with-ui-redressing-is-leading-to-session-hijacking-pwn-users-like-a-boss-efb46249cd14

-1814-Week in OSINT #2019–19:

https://medium.com/week-in-osint/week-in-osint-2019-18-1975fb8ea43a4

-1814-Week in OSINT #2019–02:

https://medium.com/week-in-osint/week-in-osint-2019-02-d4009c27e85f

-1815-Week in OSINT #2019–24:

https://medium.com/week-in-osint/week-in-osint-2019-24-4fcd17ca908f

-1816-Page Admin Disclosure | Facebook Bug Bounty 2019:

https://medium.com/bugbountywriteup/page-admin-disclosure-facebook-bug-bounty-2019-ee9920e768eb

-1817-XSS in Edmodo within 5 Minute (My First Bug Bounty):

https://medium.com/@valakeyur/xss-in-edmodo-within-5-minute-my-first-bug-bounty-889e3da6167d

-1818-Collection Of Bug Bounty Tip-Will Be updated daily:

https://medium.com/@vignesh4303/collection-of-bug-bounty-tip-will-be-updated-daily-605911cfa248

-1819-A Unique XSS Scenario in SmartSheet || $1000 bounty.:

https://medium.com/@rohanchavan/a-unique-xss-scenario-1000-bounty-347f8f92fcc6

-1820-How I found a simple bug in Facebook without any Test:

https://medium.com/bugbountywriteup/how-i-found-a-simple-bug-in-facebook-without-any-test-3bc8cf5e2ca2

-1821-Facebook BugBounty — Disclosing page members:

https://medium.com/@tnirmalz/facebook-bugbounty-disclosing-page-members-1178595cc520

-1822-Don’t underestimates the Errors They can provide good $$$ Bounty!:

https://medium.com/@noob.assassin/dont-underestimates-the-errors-they-can-provide-good-bounty-d437ecca6596

-1823-Django and Web Security Headers:

https://medium.com/@ksarthak4ever/django-and-web-security-headers-d72a9e54155e

-1824-Weaponising Staged Cross-Site Scripting (XSS) Payloads:

https://medium.com/redteam/weaponising-staged-cross-site-scripting-xss-payloads-7b917f605800

-1825-How I was able to Bypass XSS Protection on HackerOne’s Private Program:

https://medium.com/@vulnerabilitylabs/how-i-was-able-to-bypass-xss-protection-on-hackerones-private-program-8914a31339a9

-1826-XSS in Microsoft subdomain:

https://blog.usejournal.com/xss-in-microsoft-subdomain-81c4e46d6631

-1827-How Angular Protects Us From XSS Attacks?:

https://medium.com/hackernoon/how-angular-protects-us-from-xss-attacks-3cb7a7d49d95

-1828-[FUN] Bypass XSS Detection WAF:

https://medium.com/soulsecteam/fun-bypass-xss-detection-waf-cabd431e030e

-1829-Bug Hunting Methodology(Part-2):

https://blog.usejournal.com/bug-hunting-methodology-part-2-5579dac06150

-1830-Learn Web Application Penetration Testing:

https://blog.usejournal.com/web-application-penetration-testing-9fbf7533b361

-1831-“Exploiting a Single Parameter”:

https://medium.com/securitywall/exploiting-a-single-parameter-6f4ba2acf523

-1832-CORS To CSRF Attack:

https://blog.usejournal.com/cors-to-csrf-attack-c33a595d441

-1833-Account Takeover Using CSRF(json-based):

https://medium.com/@shub66452/account-takeover-using-csrf-json-based-a0e6efd1bffc

-1834-Bypassing Anti-CSRF with Burp Suite Session Handling:

https://bestestredteam.com/tag/anti-csrf/

-1835-10 Methods to Bypass Cross Site Request Forgery (CSRF):

https://haiderm.com/10-methods-to-bypass-cross-site-request-forgery-csrf/

-1836-Exploiting CSRF on JSON endpoints with Flash and redirects:

https://medium.com/p/681d4ad6b31b

-1837-Finding and exploiting Cross-site request forgery (CSRF):

https://securityonline.info/finding-exploiting-cross-site-request-forgery/

-1838-Hacking Facebook accounts using CSRF in Oculus-Facebook integration:

https://www.josipfranjkovic.com/blog/hacking-facebook-oculus-integration-csrf

-1839-Synchronizer Token Pattern: No more tricks:

https://medium.com/p/d2af836ccf71

-1840-The $12,000 Intersection between Clickjacking, XSS, and Denial of Service:

https://medium.com/@imashishmathur/the-12-000-intersection-between-clickjacking-xss-and-denial-of-service-f8cdb3c5e6d1

-1841-XML External Entity(XXE):

https://medium.com/@ghostlulzhacks/xml-external-entity-xxe-62bcd1555b7b

-1842-XXE Attacks— Part 1: XML Basics:

https://medium.com/@klose7/https-medium-com-klose7-xxe-attacks-part-1-xml-basics-6fa803da9f26

-1843-From XXE to RCE with PHP/expect — The Missing Link:

https://medium.com/@airman604/from-xxe-to-rce-with-php-expect-the-missing-link-a18c265ea4c7

-1844-My first XML External Entity (XXE) attack with .gpx file:

https://medium.com/@valeriyshevchenko/my-first-xml-external-entity-xxe-attack-with-gpx-file-5ca78da9ae98

-1845-Open Redirects & Security Done Right!:

https://medium.com/@AkshaySharmaUS/open-redirects-security-done-right-e524a3185496

-1846-XXE on Windows system …then what ??:

https://medium.com/@canavaroxum/xxe-on-windows-system-then-what-76d571d66745

-1847-Unauthenticated Blind SSRF in Oracle EBS CVE-2018-3167:

https://medium.com/@x41x41x41/unauthenticated-ssrf-in-oracle-ebs-765bd789a145

-1848-SVG XLink SSRF fingerprinting libraries version:

https://medium.com/@arbazhussain/svg-xlink-ssrf-fingerprinting-libraries-version-450ebecc2f3c

-1849-What is XML Injection Attack:

https://medium.com/@dahiya.aj12/what-is-xml-injection-attack-279691bd00b6

-1850-SSRF - Server Side Request Forgery (Types and ways to exploit it) Part-1:

https://medium.com/@madrobot/ssrf-server-side-request-forgery-types-and-ways-to-exploit-it-part-1-29d034c27978

-1851-Penetration Testing Introduction: Scanning & Reconnaissance:

https://medium.com/cyberdefenders/penetration-testing-introduction-scanning-reconnaissance-f865af0761f

-1852-Beginner’s Guide to recon automation.:

https://medium.com/bugbountywriteup/beginners-guide-to-recon-automation-f95b317c6dbb

-1853-Red Teamer’s Guide to Pulse Secure SSL VPN:

https://medium.com/bugbountywriteup/pulse-secure-ssl-vpn-post-auth-rce-to-ssh-shell-2b497d35c35b

-1854-CVE-2019-15092 WordPress Plugin Import Export Users = 1.3.0 - CSV Injection:

https://medium.com/bugbountywriteup/cve-2019-15092-wordpress-plugin-import-export-users-1-3-0-csv-injection-b5cc14535787

-1855-How I harvested Facebook credentials via free wifi?:

https://medium.com/bugbountywriteup/how-i-harvested-facebook-credentials-via-free-wifi-5da6bdcae049

-1856-How to hack any Payment Gateway?:

https://medium.com/bugbountywriteup/how-to-hack-any-payment-gateway-1ae2f0c6cbe5

-1857-How I hacked into my neighbour’s WiFi and harvested login credentials?:

https://medium.com/bugbountywriteup/how-i-hacked-into-my-neighbours-wifi-and-harvested-credentials-487fab106bfc

-1858-What do Netcat, SMTP and self XSS have in common? Stored XSS:

https://medium.com/bugbountywriteup/what-do-netcat-smtp-and-self-xss-have-in-common-stored-xss-a05648b72002

-1859-1-Click Account Takeover in Virgool.io — a Nice Case Study:

https://medium.com/bugbountywriteup/1-click-account-takeover-in-virgool-io-a-nice-case-study-6bfc3cb98ef2

-1860-Digging into Android Applications — Part 1 — Drozer + Burp:

https://medium.com/bugbountywriteup/digging-android-applications-part-1-drozer-burp-4fd4730d1cf2

-1861-Linux for Pentester: APT Privilege Escalation:

https://www.hackingarticles.in/linux-for-pentester-apt-privilege-escalation

-1862-Linux for Pentester : ZIP Privilege Escalation:

https://www.hackingarticles.in/linux-for-pentester-zip-privilege-escalation

-1863-Koadic - COM Command & Control Framework:

https://www.hackingarticles.in/koadic-com-command-control-framework

-1864-Configure Sqlmap for WEB-GUI in Kali Linux :

https://www.hackingarticles.in/configure-sqlmap-for-web-gui-in-kali-linux

-1865-Penetration Testing:

https://www.hackingarticles.in/Penetration-Testing

-1866-Buffer Overflow Examples, Code execution by shellcode :

https://0xrick.github.io/binary-exploitation/bof5

-1867-Dynamic Shellcode Execution:

https://www.countercept.com/blog/dynamic-shellcode-execution

-1868-JSC Exploits:

-https://googleprojectzero.blogspot.com/2019/08/jsc-exploits.html

-1869-Injecting Into The Hunt:

https://jsecurity101.com/2019/Injecting-Into-The-Hunt

-1870-Bypassing Antivirus with Golang:

https://labs.jumpsec.com/2019/06/20/bypassing-antivirus-with-golang-gopher.it

-1871-Windows Process Injection: Print Spooler:

https://modexp.wordpress.com/2019/03/07/process-injection-print-spooler

-1872-Inject Shellcode Into Memory Using Unicorn :

https://ethicalhackingguru.com/inject-shellcode-memory-using-unicorn

-1873-Macros and More with SharpShooter v2.0:

https://www.mdsec.co.uk/2019/02/macros-and-more-with-sharpshooter-v2-0

-1874-Fuzz Testing(Fuzzing) Tutorial: What is, Types, Tools & Example:

https://www.guru99.com/fuzz-testing

-1875-Introduction to File Format Fuzzing & Exploitation:

https://medium.com/@DanielC7/introduction-to-file-format-fuzzing-exploitation-922143ab2ab3

-1876-Hacking a social media account and safeguarding it:

https://medium.com/@ujasdhami79/hacking-a-social-media-account-and-safeguarding-it-e5f69adf62d7

-1877-OTP Bypass on India’s Biggest Video Sharing Site:

https://medium.com/bugbountywriteup/otp-bypass-on-indias-biggest-video-sharing-site-e94587c1aa89

-1879-Getting Root on macOS via 3rd Party Backup Software:

https://medium.com/tenable-techblog/getting-root-on-macos-via-3rd-party-backup-software-b804085f0c9

-1880-How to Enumerate MYSQL Database using Metasploit:

https://ehacking.net/2020/03/how-to-enumerate-mysql-database-using-metasploit-kali-linux-tutorial.html

-1881-Exploiting Insecure Firebase Database!

https://blog.securitybreached.org/2020/02/04/exploiting-insecure-firebase-database-bugbounty

-1882-Penetration Testing - Complete Guide:

https://softwaretestinghelp.com/penetration-testing-guide

-1883-How To Upload A PHP Web Shell On WordPress Site:

https://1337pwn.com/how-to-upload-php-web-shell-on-wordpress-site

-1884-Mimikatz tutorial: How it hacks Windows passwords, credentials:

https://searchsecurity.techtarget.com/tutorial/Mimikatz-tutorial-How-it-hacks-Windows-passwords-credentials

-1885-Ethical hacking: Lateral movement techniques:

https://securityboulevard.com/2019/09/ethical-hacking-lateral-movement-techniques

-1886-A Pivot Cheatsheet for Pentesters:

http://nullsweep.com/pivot-cheatsheet-for-pentesters

-1887-What to Look for When Reverse Engineering Android Apps:

http://nowsecure.com/blog/2020/02/26/what-to-look-for-when-reverse-engineering-android-apps

-1888-Modlishka: Advance Phishing to Bypass 2 Factor Auth:

http://crackitdown.com/2019/02/modlishka-kali-linux.html

-1889-Bettercap Usage Examples (Overview, Custom setup, Caplets ):

www.cyberpunk.rs/bettercap-usage-examples-overview-custom-setup-caplets

-1890-The Complete Hashcat Tutorial:

https://ethicalhackingguru.com/the-complete-hashcat-tutorial

-1891-Wireless Wifi Penetration Testing Hacker Notes:

https://executeatwill.com/2020/01/05/Wireless-Wifi-Penetration-Testing-Hacker-Notes

-1892-#BugBounty writeups:

https://pentester.land/list-of-bug-bounty-writeups.html

-1893-Kerberoasting attack:

https://en.hackndo.com/kerberoasting

-1894-A Pentester's Guide - Part 2 (OSINT - LinkedIn is not just for jobs):

https://delta.navisec.io/osint-for-pentesters-part-2-linkedin-is-not-just-for-jobs

-1895-Radare2 cutter tutorial:

http://cousbox.com/axflw/radare2-cutter-tutorial.html

-1896-Cracking Password Hashes with Hashcat:

http://hackingvision.com/2020/03/22/cracking-password-hashes-hashcat

-1897-From CSRF to RCE and WordPress-site takeover CVE-2020-8417:

http://blog.wpsec.com/csrf-to-rce-wordpress

-1898-Best OSINT Tools:

http://pcwdld.com/osint-tools-and-software

-1899-Metasploit Exploitation Tool 2020:

http://cybervie.com/blog/metasploit-exploitation-tool

-1900-How to exploit CVE-2020-7961:

https://synacktiv.com/posts/pentest/how-to-exploit-liferay-cve-2020-7961-quick-journey-to-poc.html

-1901-PowerShell for Pentesters:

https://varonis.com/blog/powershell-for-pentesters

-1902-Android Pentest Tutorial:

https://packetstormsecurity.com/files/156432/Android-Pentest-Tutorial-Step-By-Step.html

-1903-Burp Suite Tutorial:

https://pentestgeek.com/web-applications/burp-suite-tutorial-1

-1904-Company Email Enumeration + Breached Email Finder:

https://metalkey.github.io/company-email-enumeration--breached-email-finder.html

-1905-Kali Linux Cheat Sheet for Penetration Testers:

https://github.com/NoorQureshi/kali-linux-cheatsheet

-1906-Active Directory Exploitation Cheat Sheet: A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.

https://github.com/buftas/Active-Directory-Exploitation-Cheat-Sheet#using-bloodhound

-1907-Advanced Hacking Tutorials Collection:

https://yeahhub.com/advanced-hacking-tutorials-collection

-1908-Persistence – DLL Hijacking:

https://pentestlab.blog/2020/03/04/persistence-dll-hijacking

-1909-Brute force and dictionary attacks: A cheat sheet:

https://techrepublic.com/article/brute-force-and-dictionary-attacks-a-cheat-sheet

-1910-How to use Facebook for Open Source Investigation:

https://securitynewspaper.com/2020/03/11/how-to-use-facebook-for-open-source-investigation-osint

-1911-tcpdump Cheat Sheet:

https://comparitech.com/net-admin/tcpdump-cheat-sheet

-1912-Windows Post exploitation recon with Metasploit:

https://hackercool.com/2016/10/windows-post-exploitation-recon-with-metasploit

-1913-Bug Hunting Methodology:

https://blog.usejournal.com/bug-hunting-methodology-part-1-91295b2d2066

-1914-Malware traffic analysis tutorial:

https://apuntpsicolegs.com/veke0/malware-traffic-analysis-tutorial.html

-1915-Recon-ng v5 Tutorial:

https://geekwire.eu/recon-ng-v5-tutorial

-1916-Windows and Linux Privilege Escalation Tools:

https://yeahhub.com/windows-linux-privilege-escalation-tools-2019

-1917-Total OSCP Guide:

https://sushant747.gitbooks.io/total-oscp-guide

-1918-Phishing Windows Credentials:

https://pentestlab.blog/2020/03/02/phishing-windows-credentials

-1919-Getting What You're Entitled To: A Journey Into MacOS Stored Credentials:

https://mdsec.co.uk/2020/02/getting-what-youre-entitled-to-a-journey-in-to-macos-stored-credentials

-1920-Recent Papers Related To Fuzzing:

https://wcventure.github.io/FuzzingPaper

-1921-Web Shells 101 Using PHP (Web Shells Part 2):

https://acunetix.com/blog/articles/web-shells-101-using-php-introduction-web-shells-part-2/

-1922-Python3 reverse shell:

https://polisediltrading.it/hai6jzbs/python3-reverse-shell.html

-1923-Reverse Shell between two Linux machines:

https://yeahhub.com/reverse-shell-linux-machines

-1924-Tutorial - Writing Hardcoded Windows Shellcodes (32bit):

https://dsolstad.com/shellcode/2020/02/02/Tutorial-Hardcoded-Writing-Hardcoded-Windows-Shellcodes-32bit.html

-1925-How to Use Wireshark: Comprehensive Tutorial + Tips:

https://varonis.com/blog/how-to-use-wireshark

-1926-How To Use PowerShell for Privilege Escalation with Local Privilege Escalation?

https://varonis.com/blog/how-to-use-powershell-for-privilege-escalation-with-local-computer-accounts

-1927-Ethical hacking:Top privilege escalation techniques in Windows:

https://securityboulevard.com/2020/03/ethical-hacking-top-privilege-escalation-techniques-in-windows

-1928-How to Identify Company's Hacked Email Addresses:

https://ehacking.net/2020/04/how-to-identify-companys-hacked-email-addresses-using-maltego-osint-haveibeenpawned.html

-1929-Android APK Reverse Engineering: What's in an APK:

https://secplicity.org/2019/09/11/android-apk-reverse-engineering-whats-in-an-apk

-1930-Keep Calm and HackTheBox - Beep:

https://freecodecamp.org/news/keep-calm-and-hack-the-box-beep/

-1931-Keep Calm and HackTheBox -Legacy:

https://freecodecamp.org/news/keep-calm-and-hack-the-box-legacy/

-1932-Keep Calm and HackTheBox -Lame:

https://freecodecamp.org/news/keep-calm-and-hack-the-box-lame/

-1933-HacktheBox:Writeup Walkthrough:

https://hackingarticles.in/hack-the-box-writeup-walkthrough

-1934-2020 OSCP Exam Preparation:

https://cybersecurity.att.com/blogs/security-essentials/how-to-prepare-to-take-the-oscp

-1935-My OSCP transformation:

https://kevsec.fr/journey-to-oscp-2019-write-up

-1936-A Detailed Guide on OSCP Preparation:

https://niiconsulting.com/checkmate/2017/06/a-detail-guide-on-oscp-preparation-from-newbie-to-oscp/

-1937-Useful Commands and Tools - #OSCP:

https://yeahhub.com/useful-commands-tools-oscp/

-1938-Comprehensive Guide on Password Spraying Attack

https://hackingarticles.in/comprehensive-guide-on-password-spraying-attack

-1939-Privilege Escalation:

https://pentestlab.blog/category/privilege-escalation/

-1940-Red Team:

https://pentestlab.blog/category/red-team/

-1941-Linux post-exploitation.Advancing from user to super-user in a few clicks

https://hackmag.com/security/linux-killchain/

-1942--#BugBounty Cheatsheet

https://m0chan.github.io/2019/12/17/Bug-Bounty-Cheetsheet.html

-1943--#Windows Notes/Cheatsheet

https://m0chan.github.io/2019/07/30/Windows-Notes-and-Cheatsheet.html

-1944-#Linux Notes/Cheatsheet

https://m0chan.github.io/2018/07/31/Linux-Notes-And-Cheatsheet.html

-1945-Windows Notes

https://mad-coding.cn/tags/Windows/

-1946-#BlueTeam CheatSheet

https://gist.github.com/SwitHak/62fa7f8df378cae3a459670e3a18742d

-1947-Linux Privilege Escalation Cheatsheet for OSCP:

https://hackingdream.net/2020/03/linux-privilege-escalation-cheatsheet-for-oscp.html

-1948-Shodan Pentesting Guide:

https://community.turgensec.com/shodan-pentesting-guide

-1949-Pentesters Guide to PostgreSQL Hacking:

https://medium.com/@netscylla/pentesters-guide-to-postgresql-hacking-59895f4f007

-1950-Hacking-OSCP cheatsheet:

https://ceso.github.io/posts/2020/04/hacking/oscp-cheatsheet/

-1951-A Comprehensive Guide to Breaking SSH:

https://community.turgensec.com/ssh-hacking-guide

-1952-Windows Privilege Escalation Methods for Pentesters:

https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/

-1953-Best #firefox addons for #Hacking:

https://twitter.com/cry__pto/status/1210836734331752449

-1954-S3 Bucket Enumeration Tools:

https://twitter.com/cry__pto/status/1269862357645307904

-1955-Github Recon Tools:

https://twitter.com/cry__pto/status/1269362041044832257

-1956-i created this group for more in depth sharing about hacking and penetration testing /daily posts: you can join:

https://facebook.com/groups/AmmarAmerHacker

-1957-Directory Bruteforcing Tools: && SCREENSHOTTING Tools:

https://twitter.com/cry__pto/status/1270603017256124416

-1958-S3 Bucket Enumeration Tools:

https://twitter.com/cry__pto/status/1269862357645307904

-1959-Github Recon Tools:

https://twitter.com/cry__pto/status/1269362041044832257

-1960-Website Mirroring Tools:

https://twitter.com/cry__pto/status/1248640849812078593

-1961-automated credential discovery tools:

https://twitter.com/cry__pto/status/1253214720372465665

-1962-Antiforensics Techniques:

https://twitter.com/cry__pto/status/1215001674760294400

-1963-#bugbounty tools part (1):

https://twitter.com/cry__pto/status/1212096231301881857

1964-Binary Analysis Frameworks:

https://twitter.com/cry__pto/status/1207966421575184384

-1965-#BugBounty tools part (5):

https://twitter.com/cry__pto/status/1214850754055458819

-1966-#BugBounty tools part (3):

https://twitter.com/cry__pto/status/1212290510922158080

-1967-Kali Linux Commands List (Cheat Sheet):

https://twitter.com/cry__pto/status/1264530546933272576

-1968-#BugBounty tools part (4):

https://twitter.com/cry__pto/status/1212296173412851712

-1969--Automated enumeration tools:

https://twitter.com/cry__pto/status/1214919232389099521

-1970-DNS lookup information Tools:

https://twitter.com/cry__pto/status/1248639962746105863

-1971-OSCP:

https://twitter.com/cry__pto/status/1262089078339756032

-1972-Social Engineering Tools:

https://twitter.com/cry__pto/status/1180731438796333056

-1973-Hydra :

https://twitter.com/cry__pto/status/1247507926807449600

-1974-#OSINT Your Full Guide:

https://twitter.com/cry__pto/status/1244433669936349184

-1975-#BugBounty tools part (2):

https://twitter.com/cry__pto/status/1212289852059860992

-1976-my own ebook library:

https://twitter.com/cry__pto/status/1239308541468516354

-1977-Practice part (2):

https://twitter.com/cry__pto/status/1213165695556567040

-1978-Practice part (3):

https://twitter.com/cry__pto/status/1214220715337097222

-1979-my blog:

https://twitter.com/cry__pto/status/1263457516672954368

-1980-Practice:

https://twitter.com/cry__pto/status/1212341774569504769

-1981-how to search for XSS without proxy tool:

https://twitter.com/cry__pto/status/1252558806837604352

-1982-How to collect email addresses from search engines:

https://twitter.com/cry__pto/status/1058864931792138240

-1983-Hacking Tools Cheat Sheet:

https://twitter.com/cry__pto/status/1255159507891687426

-1984-#OSCP Your Full Guide:

https://twitter.com/cry__pto/status/1240842587927445504

-1985-#HackTheBox Your Full Guide:

https://twitter.com/cry__pto/status/1241481478539816961

-1986-Web Scanners:

https://twitter.com/cry__pto/status/1271826773009928194

-1987-HACKING MAGAZINES:

-1-2600 — The Hacker Quarterly magazine:www.2600.com

-2-Hackin9:http://hakin9.org

-3-(IN)SECURE magazine:https://lnkd.in/grNM2t8

-4-PHRACK:www.phrack.org/archives

-5-Hacker’s Manual 2019

-1988-Web Exploitation Tools:

https://twitter.com/cry__pto/status/1272778056952885249

-1989-Kali Linux Cheat Sheet for Hackers:

https://twitter.com/cry__pto/status/1272792311236263937

-1990-Web Exploitation Tools:

https://twitter.com/cry__pto/status/1272778056952885249

-1991-2020 OSCP Exam Preparation + My OSCP transformation +A Detailed Guide on OSCP Preparation + Useful Commands and Tools - #OSCP:

https://twitter.com/cry__pto/status/1262089078339756032

-1992-100 Best Hacking Tools for Security Professionals in 2020:

https://gbhackers.com/hacking-tools-list/

-1993-SNMP Enumeration:

OpUtils:www.manageengine.com

SNMP Informant:www.snmp-informant.com

SNMP Scanner:www.secure-bytes.com

SNMPUtil:www.wtcs.org

SolarWinds:www.solarwinds.com

-1994-INFO-SEC RELATED CHEAT SHEETS:

https://twitter.com/cry__pto/status/1274768435361337346

-1995-METASPLOIT CHEAT SHEET:

https://twitter.com/cry__pto/status/1274769179548278786

-1996-Nmap Cheat Sheet, plus bonus Nmap + Nessus:

https://twitter.com/cry__pto/status/1275359087304286210

-1997-Wireshark Cheat Sheet - Commands, Captures, Filters, Shortcuts & More:

https://twitter.com/cry__pto/status/1276391703906222080

-1998-learn penetration testing a great series as PDF:

https://twitter.com/cry__pto/status/1277588369426526209