PNPT-Preparation-Guide (Unofficial)

PNPT Exam Preparation - TCM Security

OSINT/Information Gathering

https://academy.tcm-sec.com/p/osint-fundamentals

https://osintframework.com/

https://github.com/jivoi/awesome-osint

https://github.com/tracelabs/awesome-osint

https://github.com/lockfale/OSINT-Framework

https://github.com/topics/information-gathering

https://www.kyylee.com/oscp-notes/active-information-gathering

https://github.com/s0wr0b1ndef/Offsec-Exam-Cheatsheet/blob/master/Info%20Gathering.md

https://highon.coffee/blog/penetration-testing-tools-cheat-sheet/

https://www.securitymadesimple.org/cybersecurity-blog/active-vs-passive-cyber-reconnaissance-in-information-security

https://www.youtube.com/watch?v=eIdVtCQSa3s

https://www.youtube.com/watch?v=jg33HUfgTaI

https://www.dummies.com/test-prep/passive-information-gathering-for-pentesting/

https://www.dummies.com/test-prep/active-information-gathering-for-pentesting/

https://academy.osintcombine.com/p/tracelabstraining

https://literacybasics.ca/strategic-planning/strategic-planning-assesssment/overview-and-information-gathering-tools/

https://linuxhint.com/best-information-gathering-tools-in-kali-linux/

https://www.udemy.com/course/information-hacking/

https://www.udemy.com/course/the-art-of-reconnaissance-information-gathering-techniques/

https://www.udemy.com/course/information-gathering-phase-1-of-cyber-security/

https://github.com/BullsEye0/dorks-eye

https://www.exploit-db.com/google-hacking-database

https://securitytrails.com/blog/google-hacking-techniques

https://github.com/leonjza/awesome-nmap-grep

https://github.com/paralax/awesome-internet-scanning

https://nmap.org/

Exam Report Writer

https://www.youtube.com/watch?v=OKN5pUgQKIM

https://www.youtube.com/watch?v=EOoBAq6z4Zk

https://www.youtube.com/watch?v=NEz4SfjjwvU

https://cobalt.io/blog/how-to-write-an-effective-pentest-report-vulnerability-reports

https://www.tutorialspoint.com/penetration_testing/penetration_testing_report_writing.htm

https://www.sans.org/white-papers/33343/

https://www.hebergementwebs.com/penetration-test-tutorial/penetration-testing-report-writing

https://searchsecurity.techtarget.com/tip/3-tips-for-writing-a-quality-penetration-testing-report

My Social Medias

https://www.linkedin.com/in/joas-antonio-dos-santos

https://twitter.com/C0d3Cr4zy

Web Application PenTest

https://github.com/PacktPublishing/Mastering-Modern-Web-Penetration-Testing

https://github.com/infoslack/awesome-web-hacking

https://github.com/qazbnm456/awesome-web-security

https://github.com/wtsxDev/List-of-web-application-security/blob/master/README.md

https://github.com/kaiiyer/web-app-pentesting

https://portswigger.net/web-security

https://github.com/CyberSecurityUP/eWPTX-Preparation

https://github.com/hahwul/WebHackersWeapons

https://github.com/thehackingsage/hacktronian

https://www.mindmeister.com/pt/1746180947/web-vulnerability-by-joas-antonio

Vulnerability Scanning and Exploitation

https://github.com/enaqx/awesome-pentest

https://github.com/Muhammd/Awesome-Pentest

https://githubmemory.com/repo/vip2ip/awesome-pentester

https://github.com/S3cur3Th1sSh1t/Pentest-Tools

https://github.com/We5ter/Scanners-Box

https://github.com/skavngr/rapidscan

https://www.openvas.org/

https://www.zaproxy.org/

Pivoting - Windows/Linux

https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Network%20Pivoting%20Techniques.md

https://github.com/RedTeamOperations/PivotSuite

https://github.com/0x36/VPNPivot

https://github.com/zxlim/pivot-tunnel

https://github.com/sshuttle/sshuttle

https://github.com/rsmudge/Layer2-Pivoting-Client

https://github.com/pha5matis/Pentesting-Guide/blob/master/port_forwarding_and_tunneling.md

https://github.com/quantumcore/maalik

https://github.com/mis-team/rsockspipe

https://github.com/740i/pentest-notes/blob/master/pivoting.md

https://github.com/jpillora/chisel

Exam Details

Practical exam, no multiple choice

Use any tool you want, seriously

5 days for testing, 2 days report writing

$299 standalone exam

$399 exam with training

Veteran and student discounts available

https://certifications.tcm-sec.com/

https://mattschmidt.net/2021/05/04/tcm-cpeh-exam-certification-review/

https://www.youtube.com/watch?v=2jhyPg-yzzs

Buffer Overflow

https://github.com/gh0x0st/Buffer_Overflow

https://github.com/johnjhacking/Buffer-Overflow-Guide

https://github.com/Tib3rius/Pentest-Cheatsheets/blob/master/exploits/buffer-overflows.rst

https://github.com/justinsteven/dostackbufferoverflowgood

https://github.com/V1n1v131r4/OSCP-Buffer-Overflow

https://github.com/joshua17sc/Buffer-Overflows

https://github.com/CyberSecurityUP/AWESOME-EXPLOIT-DEVELOPMENT

Windows PenTest

https://hausec.com/2019/03/05/penetration-testing-active-directory-part-i/

https://www.pentesteracademy.com/activedirectorylab

https://www.udemy.com/course/active-directory-red-team-hacking/

https://www.youtube.com/watch?v=BjKcBwkSupY

https://book.hacktricks.xyz/windows/active-directory-methodology

https://github.com/S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet

https://github.com/balaasif6789/AD-Pentesting

https://drive.google.com/file/d/1pb_8i_kc68P_RksLPUFEi9TJwAH_wqvI/view?usp=sharing

https://drive.google.com/file/d/1Hjq_Hc8dQEF_ZhNFtGMrl2GELoryboyW/view?usp=sharing

https://drive.google.com/file/d/1znezUNtghkcFhwfKMZmeyNrtdbwBXRsz/view?usp=sharing

https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Windows%20-%20Privilege%20Escalation.md

https://0xsp.com/offensive/privilege-escalation-cheatsheet

https://pentest.tonyng.net/windows-privilege-escalation-a-cheatsheet/

https://sushant747.gitbooks.io/total-oscp-guide/content/privilege_escalation_windows.html

https://www.fuzzysecurity.com/tutorials/16.html

https://www.hackingdream.net/2020/03/windows-privilege-escalation-cheatsheet-for-oscp.html

https://book.hacktricks.xyz/windows/windows-local-privilege-escalation

https://joshruppe.com/basic-windows-enumeration/

https://www.noobsec.net/privesc-windows/

https://www.bytefellow.com/windows-privilege-escalation-cheatsheet-for-oscp/

https://github.com/frizb/Windows-Privilege-Escalation

https://github.com/netbiosX/Checklists/blob/master/Windows-Privilege-Escalation.md

https://github.com/carlospolop/winPE

https://lolbas-project.github.io/

Linux PenTest

https://github.com/ankh2054/linux-pentest

https://github.com/MrPineMan/Awesome-Reverse-Shell

https://github.com/lukechilds/reverse-shell

https://github.com/WangYihang/Reverse-Shell-Manager

https://github.com/nodauf/Girsh

https://github.com/mzfr/rsh

https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite

https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/

https://johnjhacking.com/blog/linux-privilege-escalation-quick-and-dirty/

https://0xsp.com/offensive/privilege-escalation-cheatsheet

https://sushant747.gitbooks.io/total-oscp-guide/content/privilege_escalation_-_linux.html

https://www.hackingarticles.in/privilege-escalation-cheatsheet-vulnhub/

https://blog.thehackingnomad.com/cheat-sheet-series/privesc-linux

https://gtfobins.github.io/

Lateral Movement - Windows/Linux

https://riccardoancarani.github.io/2019-10-04-lateral-movement-megaprimer/

https://posts.specterops.io/offensive-lateral-movement-1744ae62b14f

https://www.ired.team/offensive-security/lateral-movement

https://pentestlab.blog/2020/07/21/lateral-movement-services/

https://www.varonis.com/blog/penetration-testing-explained-part-iv-making-the-lateral-move/

https://logrhythm.com/blog/what-is-lateral-movement-and-how-to-detect-it/

https://github.com/MicrosoftDocs/ATADocs/blob/master/ATPDocs/playbook-lateral-movement.md

https://github.com/rmusser01/Infosec_Reference/blob/master/Draft/ATT%26CK-Stuff/ATT%26CK/Lateral%20Movement.md

https://redcanary.com/blog/lateral-movement-with-secure-shell/

https://mrw0r57.github.io/2020-05-31-linux-post-exploitation-10-4/

https://ivanitlearning.wordpress.com/2019/02/10/linux-exploitation-lateral-movement/

https://azeria-labs.com/lateral-movement/

Courses TCM

https://academy.tcm-sec.com/p/osint-fundamentals

https://academy.tcm-sec.com/p/practical-ethical-hacking-the-complete-course

https://academy.tcm-sec.com/p/linux-privilege-escalation

https://academy.tcm-sec.com/p/windows-privilege-escalation-for-beginners

Laboratory

https://tryhackme.com/

https://www.hackthebox.eu/

vulnhub.com

vulnmachines.com

https://www.mindmeister.com/pt/1781013629/the-best-labs-and-ctf-red-team-and-pentest