Skip to content

Home

Cheatsheets

  • http://cheat.sh/

Day-to-day Tools

Other Collections

  • ComputerSecurityStudent - Metasploitable Project >> Exploits: https://www.computersecuritystudent.com/cgi-bin/CSS/process_request_v3.pl?HID=f213c73c216e2231c8f0d65f3d93ac18&TYPE=SUB
  • Exploit collection - https://github.com/jivoi/pentest

  • Hacking Methodology: https://www.greycampus.com/opencampus/ethical-hacking/hacking-methodology

  • https://twitter.com/Alra3ees/status/1075569238474141697
  • Red Team Tips: https://vincentyiu.co.uk/red-team-tips/
  • Red Teaming/Adversary Simulation Toolkit: https://github.com/infosecn1nja/Red-Teaming-Toolkit/blob/master/README.md
  • Red Team Techniques: Gaining access on an external engagement through spear-phishing: https://blog.sublimesecurity.com/red-team-techniques-gaining-access-on-an-external-engagement-through-spear-phishing/
  • Red Team Tips: https://vincentyiu.co.uk/red-team-tips/
  • http://ired.team/
  • Pasties: https://github.com/threatexpress/pasties/blob/master/pasties.md
  • Red Team Scripts: https://github.com/threatexpress/red-team-scripts
  • 101 Bash Commands and Tips for Beginners to Experts: https://dev.to/awwsmm/101-bash-commands-and-tips-for-beginners-to-experts-30je
  • The Book of Secret Knowledge: https://github.com/trimstray/the-book-of-secret-knowledge
  • Offensive Security Bookmarks: https://jivoi.github.io/2015/07/03/offensive-security-bookmarks/
  • List of Awesome Red Teaming Resources: https://github.com/yeyintminthuhtut/Awesome-Red-Teaming
  • http://ired.team/offensive-security-experiments/offensive-security-cheetsheets
  • Playbook for system hardening maintained by the #! security research team.: https://github.com/hashbang/hardening

Blogs

  • https://blog.0patch.com

POC Repos

  • https://github.com/qazbnm456/awesome-cve-poc

Important files

  • A binary that is a valid JAR, PE, ZIP, HTML: https://github.com/indrora/corkami/blob/master/src/mix/corkamix.asm / https://github.com/indrora/corkami/tree/master/src/mix
  • Zip and Hach Collisions: https://github.com/corkami/collisions
  • Crfting files in pure ASM: https://twitter.com/angealbertini/status/1088866350095835136

Podcasts

  • https://darknetdiaries.com/

Graphs

  • https://www.graphistry.com/

Pending Analysis CVEs

  • Cisco
  • CVE-2019-1653 - Allows a remote attacker to get sensitive device configuration details without a password.
  • CVE-2019-1652 - Allows a remote attacker to inject and run admin commands on the device without a password.
  • EternalRomance (MS17-010)
  • Stuxnet CVEs

Pending Analysis Tweets

  • https://twitter.com/trimstray-

Pending Analysis Tools

  • sh00t - A Testing Environment for Manual Security Testers: https://github.com/pavanw3b/sh00t
  • http://rumkin.com/tools

Discord Channels

  • https://discordapp.com/invite/VPFWfdt
  • https://discordapp.com/invite/2AG6TCm
  • https://discordapp.com/invite/4gHhxS8
  • https://discordapp.com/invite/7Z2PmWP

VMS

  • Malware Analysis (windows): https://github.com/GoSecure/malboxes

ATT&CK

  • ATT&CKing the Singapore Health Data Breach: https://bitofhex.com/2019/01/13/attack-and-singapore-breach/
  • HELK Dashboard: https://github.com/Cyb3rWard0g/ATTACK-Python-Client/tree/master/integrations/helk_cti

Buy

  • Giant Board: https://groboards.com/
  • NFC Payments: Relay Attacks with LoRa: https://salmg.net/2019/01/12/nfc-payment-relay-attacks-with-lora/
  • https://www.aliexpress.com/item/SX1278-ESP32-LoRa-0-96-Inch-Blue-OLED-Display-Bluetooth-WIFI-Lora-Kit-32-Module-IOT/32825749403.html
  • https://www.aliexpress.com/item/13-56mHz-PN532-compatible-raspberry-pie-NFC-card-reader-module/2055119495.html?spm=2114.search0104.3.29.166f4b4fElzuKj&ws_ab_test=searchweb0_0,searchweb201602_5_10065_10068_10130_10890_10547_319_10546_317_10548_10545_10696_453_10084_454_10083_10618_431_10307_537_536_10059_10884_10887_100031_321_322_10103-10890,searchweb201603_53,ppcSwitch_0&algo_expid=8b42d885-fff2-4797-a3ea-3cfd99a32ed3-4&algo_pvid=8b42d885-fff2-4797-a3ea-3cfd99a32ed3&transAbTest=ae803_5
  • Bundle Raspberry Pi 7" Touchscreen Display & Case : https://www.amazon.it/gp/product/B01M0AT5O5

Pending DIY Projects

  • RPi Handheld: https://twitter.com/CrankyLinuxUser/status/1095111251510915075
  • Privacy: https://www.privacynow.net/privacy-devices
  • Network Gears: https://twitter.com/fouroctets/status/1092121490579906560
  • Tools for capturing and analysing keyboard input paired with microphone capture: https://github.com/ggerganov/kbd-audio

Web

  • NES-style CSS Framework: https://nostalgic-css.github.io/NES.css/
  • itty.bitty.site: https://itty.bitty.site/#How_it_Works/XQAAAAK4CgAAAAAAAAAeHMqHyTY4PyKmqfkwr6ooCXSIMxPQ7ojYR153HqZD3W+keVdvwyoyd+luwncAksxo8PWJs+831jtAVty8rDpGXmyebtxMTP3PSa4g8/593sWue8MDcpOgi1bQyEtfa0JNQZ6T1I/xyNULg1rpwWgE2Y9BnqDq8fDN1N+nd58bizHxZrkeBhdg8inSQ/xKDX7JxpEnuwOAh4FOfn3+EHSxzhJsdQjZfh3lk4tTCDexgFND30Ea3NmmJGK84pdMtEVlcmKC5lrnUNmgoJa3QFsHJkr5595tk03idElTDVhmcQI3jSvPrkTVFTnSLeARVZXV/EUiF0y7+cR3bVkLoTkamZWDMiCTY2Xhv0LdNqWlb/xxyk6takRLrNnS8DkifXEbevTbJOUamuK7uy55kL61btF+/lYNHLWGbh1ckCYglReWWMlM0k4uuqM24okcS74tHtOW3Y5HZYBmPvRR+ItSrZPvbj3kbztOrWapUp7nAzgfIjYoBV/4xOXpFbbaHRft5GICE5Mr1PQhmW/nB63nTpnR+7UdHag8WIMa7nf+NvTPKC5MmQnKzhaMuqEnwGgcM5vkWbekimBclkGJwTGeyhxL7N6hivY+KS3H7vcOSFHXGr7K3PBIQZbywqQiimQ6B6zu4RvH7ZZ3ZN++ii00HKM0FPMcNHuOnL99vAxEl6TEFnx4J4+fwzJwNbuut30TFMBgcrE4iKAGncFIHmvOstFWxE+VlvTLC+uy6XArTO8BdfmbByGiyFv8Al7HqLAzGShdGWNzJ6cPpRwMAmWl5GNRA4qwjQAlfF1dtTwfIXSWOL7AyRwxPs27uY2cvVHCdmVVTNDYiTzHeKX6D9e2ApDRFD6pgcA9VMVP6UeOdVdmwRJ+iLTwQuCdLbVWzQ5T2i/chlihD+RawylXJQ8bKvxW9egXGcrgR5dyKaZCr8nBrArAgtRLR7PdqBQQbr5VodBvPc2FP3fZ6UuQVI1Kg4KcY44GIU5vnlM029TU+ibO2iSX3FhusTFhyOxl4TjjkuXBqA1V7Ha/Op2m8QZaP68p7AAZPOcTHAwP5PxENqIf8qS2aaG2Fiwp5rNED3LhPMjtN54klBYylr5hSAr0TD8J+XwFds8Gq9LToLE8Cq7XNJnE9RqNudIozaMWkfc6PRFjp/aH87x97nPDelKKHGyUEnGJyobw45BOhJMKzZST0VA5v+uQQo0djDXc0UXwzNRIWeBLuUJQpaXZY2gZMuLiSERgyDHg2MBI6trWsyb3ZWbFS4rm8Gq2dxfih3Kj6MdNapUo/jltQ31nx2LepJCQe9DNNF6JEMecls6dHTAM2RfHxEODSSKkF17FfjRLRAfxCK927UvizAxxggP5S/HrX6mGc5xonBy3StLd16thiAG860IdvFyBKfE6+CIhe2jzIwIofNiBILYlKA61vKkjlfZjqsUGDLi426U/Y8bdpxfg7FX1gqNEHeVM17dlBTO7pNOnKyeM2xmLoE7lr92/VIrxJ2OqNfcHu9XjrD6l71vU083VwwAq8Vencm9xLAlDyy3/6BB0kRBiJbjayYrLUbQyMGTFfEvOPmc/zJjfdnqHmg5O/0kuzf2+w5CHD426iPngjmiTo5Snlf+qW8emK/ltnQQIv2ufykH+Px3XZM+zsOclAyHI5MbCKBKeT6j5geCiz3uqci1w5ZlpRjtJWUT6zCj8Fx1eg4F4ov51gaODKV+QQWeFJSyuVTm3Nu2i7AbhKikNzb3RBeQinEh9KrhHc+o4JGezOU55h1UZtonB0+J5dfBRqHnc+6HaXfTmcLrMZjWErq15cBmC0Kx6BNyqP3uGhMUSF+OuIzffEX9fGUNDpUtCjKdbml8uF43e4fN8o10TxYkbggTcyYKI+xWHMyKM2tjOideyDwt33minfEy/JgSLsihBnBua9sfXCg32/+i2okk=

Tools

  • Invisible Watermarks with Space Characters in ASCII Files: https://github.com/Neo23x0/space-id
  • universal command-line interface for SQL databases: https://github.com/xo/usql
  • Video editing: https://twitter.com/digininja/status/1007936435129847808
  • Multitail - Look at multiple log files in the same time

Pending Reads

Analysis of following malware: * Badrabbit * NotPetya * Lazarus * https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07180244/Lazarus_Under_The_Hood_PDF_final.pdf

VPN Services: * NordVPN * MonoVM

  • https://www.rebootuser.com/

Local Security Experts

  • https://www.linkedin.com/in/kushantha
  • https://www.linkedin.com/in/chanakaseekkuge/