Resources icon indicating copy to clipboard operation
Resources copied to clipboard

Published 20 hours ago verified publisher icon birdbee44

Metadata

  • PHISHING TOOLS
  • OSINT
  • Awesome List
  • APTS
  • SSRF
  • Reverse Engineering
  • MALWARE
  • Machine Learning
  • MALWARE SAMPLES
  • CHEATSHEETS
  • Machine learning & hacking
  • SCANNERS
  • Kali Linux
  • Linux Guide
  • Fuzzing
  • PowerShell
  • Vulnerable VMs
  • Bug Bounty
  • WEB
  • NEWS SITES
  • BLUE-TEAM
  • XSS
  • SQL Injection
  • CSRF
  • Google Hacking
  • Python
  • Ruby
  • Honey Pots
  • CTF
  • CTF Tools
  • Cryptocurrency
  • Tor
  • Deep Learning
  • Threat Maps
  • Encryption
  • Red Team
  • Networking
  • random-reports
  • Interview-cheatsheets
  • Search Engines
  • Bash
  • Html-Smuggling
  • Core
  • FTP
  • ravencoin
  • ssrf
  • Bash
  • Mysql
  • VMs

VMs

  • https://manjaro.site/how-to-enable-full-screen-mode-on-ubuntu-19-10-on-vmware-workstation-15-5/

Mysql

  • https://www.digitalocean.com/community/tutorials/how-to-install-mysql-on-ubuntu-20-04
  • https://codingsight.com/top-5-mysql-create-table-syntax-for-t-sql-developers
  • https://www.digitalocean.com/community/tutorials/how-to-create-a-new-user-and-grant-permissions-in-mysql

Bash

  • https://stackoverflow.com/questions/18568706/check-number-of-arguments-passed-to-a-bash-script
  • https://linuxize.com/post/bash-functions
  • https://devhints.io/bash
  • https://www.cyberciti.biz/faq/unix-howto-read-line-by-line-from-file
  • https://stackoverflow.com/questions/918886/how-do-i-split-a-string-on-a-delimiter-in-bash
  • https://www.journaldev.com/41511/execute-command-shell-script
  • https://kapeli.com/cheat_sheets/Bash_Test_Operators.docset/Contents/Resources/Documents/index
  • https://www.shellcheck.net

SSRF

  • https://www.vaadata.com/blog/exploiting-the-ssrf-vulnerability

ravencoin

  • https://tronblack.medium.com/ravencoin-tags-and-restricted-assets-84fe3070a226
  • https://tronblack.medium.com/ravencoin-a-securities-token-roadmap-47ae1d9dac26
  • https://github.com/RavenProject/Ravencoin/tree/master/roadmap/rewards

FTP

  • https://serverfault.com/questions/450651/500-illegal-port-command-using-command-line-ftp
  • https://tecadmin.net/download-upload-files-using-ftp-command-line/
  • https://docs.microsoft.com/en-us/iis/configuration/system.applicationhost/sites/site/ftpserver/security/authentication/anonymousauthentication
  • https://kb.iu.edu/d/aenq
  • https://book.hacktricks.xyz/pentesting/pentesting-ftp
  • https://steflan-security.com/ftp-enumeration-guide

random-reports

  • https://labs.sentinelone.com/thundercats-hack-the-fsb-your-taxes-didnt-pay-for-this-op
  • https://www.guardicore.com/labs/the-nansh0u-campaign-hackers-arsenal-grows-stronger
  • https://graphika.com/reports/posing-as-patriots
  • https://blogs.jpcert.or.jp/en/2021/06/php_malware.html
  • https://www.vice.com/en/article/epnv8z/nypds-sprawling-facial-recognition-system-now-has-more-than-15000-cameras
  • https://blog.heckel.io/2013/07/01/how-to-use-mitmproxy-to-read-and-modify-https-traffic-of-your-phone
  • https://cluster25.io/2021/06/03/a-not-so-fancy-game-apt28-skinnyboy
  • https://www.proofpoint.com/us/blog/threat-insight/badblood-ta453-targets-us-and-israeli-medical-research-personnel-credential
  • https://threatpost.com/tools-used-by-lamberts-apt-found-in-vault-7-dumps/124900
  • https://www.proofpoint.com/us/blog/threat-insight/new-variant-buer-loader-written-rust
  • https://hackaday.com/2017/04/26/hack-your-own-samsung-tv-with-the-cias-weeping-angel-exploit
  • https://www.uptycs.com/blog/discovery-of-simps-botnet-leads-ties-to-keksec-group
  • https://www.pentestpartners.com/security-blog/getting-a-persistent-shell-on-a-747-ife
  • https://news.sophos.com/en-us/2021/06/11/relentless-revil-revealed
  • https://www.vice.com/en/article/7kvkqb/how-ea-games-was-hacked-slack
  • https://www.rtcsec.com/post/2021/06/abusing-sip-for-cross-site-scripting-most-definitely
  • https://labs.sentinelone.com/thundercats-hack-the-fsb-your-taxes-didnt-pay-for-this-op

core

  • https://github.com/nickcapurso/CORE-Worm-Keylogger-CSCI-6531
  • https://www.nrl.navy.mil/Our-Work/Areas-of-Research/Information-Technology/NCS/CORE
  • https://github.com/coreemu/core
  • https://github.com/peppelinux/Common-Open-Research-Emulator-CORE-Tutorials
  • http://coreemu.github.io/core

html-smuggling

  • https://blog.assetnote.io/2021/03/18/h2c-smuggling
  • https://github.com/BishopFox/h2csmuggler
  • https://infosecwriteups.com/behind-the-scene-http-parameter-pollution-534b4fa2449c

Red-teaming

  • https://chaah.awankloud.my/redteaming-tips-creating-a-hidden-user

machine-learning-and-hacking

  • https://github.com/delvelabs/batea
  • https://github.com/PacktPublishing/Hands-On-Artificial-Intelligence-for-Cybersecurity
  • https://apps.dtic.mil/dtic/tr/fulltext/u2/a618584.pdf - Automated Cyber Red Teaming - Cyber and Electronic Warfare Division - defence Science and Technology Organisation
  • https://github.com/gyoisamurai/GyoiThon
  • https://github.com/Kayzaks/HackingNeuralNetworks
  • http://taochen.github.io/publications/papers/issta20.pdf

ssrf

  • https://www.mcafee.com/blogs/other-blogs/mcafee-labs/server-side-request-forgery-takes-advantage-vulnerable-app-servers

Networking

  • https://opensource.com/article/17/4/build-your-own-name-server
  • https://www.digitalocean.com/community/tutorials/how-to-configure-bind-as-a-private-network-dns-server-on-ubuntu-18-04
  • https://ubuntu.com/server/docs/service-domain-name-service-dns

Fedora

  • https://www.digitalocean.com/community/tutorials/initial-setup-of-a-fedora-21-server
  • https://manjaro.site/linux-ultimate-guide/fedora-tutorial
  • https://www.tecmint.com/things-to-do-after-fedora-26-installation
  • https://fedora.fandom.com/wiki/Basic_Commands

Awesome List

  • https://github.com/igorbarinov/awesome-bitcoin
  • https://apsdehal.in/awesome-ctf
  • https://www.github.com/josephmisiti/awesome-machine-learning
  • https://www.github.com/alebcay/awesome-shell
  • https://www.github.com/k4m4/movies-for-hackers
  • https://www.github.com/keon/awesome-nlp
  • https://www.github.com/kjw0612/awesome-rnn
  • https://www.github.com/tayllan/awesome-algorithms
  • https://www.github.com/carpedm20/awesome-hacking
  • https://www.github.com/thibmaek/awesome-raspberry-pi
  • https://www.github.com/coinpride/CryptoList
  • https://www.github.com/ritchieng/the-incredible-pytorch
  • https://www.github.com/meirwah/awesome-incident-response
  • https://www.github.com/onlurking/awesome-infosec
  • https://www.github.com/secfigo/Awesome-Fuzzing
  • https://github.com/jklepatch/awesome-monero
  • https://github.com/decalage2/awesome-security-hardening
  • https://github.com/fabacab/awesome-lockpicking
  • https://github.com/DopplerHQ/awesome-interview-questions
  • https://github.com/fffaraz/awesome-cpp
  • https://github.com/luong-komorebi/Awesome-Linux-Software
  • https://github.com/enaqx/awesome-pentest
  • https://github.com/keon/awesome-nlp
  • https://github.com/n1trux/awesome-sysadmin
  • https://github.com/qazbnm456/awesome-web-security
  • https://github.com/jivoi/awesome-ml-for-cybersecurity
  • https://github.com/pluja/awesome-privacy
  • https://github.com/0xInfection/Awesome-WAF
  • https://github.com/sobolevn/awesome-cryptography
  • https://github.com/fcambus/nginx-resources
  • https://github.com/janikvonrotz/awesome-powershell
  • https://github.com/Xel/Blockchain-stuff
  • https://github.com/inputsh/awesome-c

search-engines

  • https://buckets.grayhatwarfare.com
  • https://www.shodan.io
  • https://censys.io
  • https://ivre.rocks

interview-cheatsheets

  • https://www.guru99.com/linux-interview-questions-answers.html
  • https://github.com/DopplerHQ/awesome-interview-questions
  • https://github.com/pbnj/infosec-interview-questions

red-Team

  • https://www.ired.team
  • https://artkond.com/2017/03/23/pivoting-guide

blue team

  • https://securethelogs.com/hacking-with-powershell-blue-team
  • https://web.mit.edu/kerberos/
  • https://wiki.sans.blue
  • https://github.com/maldevel/blue-team
  • https://www.sneakymonkey.net/2018/06/25/blue-team-tips
  • https://devblogs.microsoft.com/powershell/powershell-the-blue-team
  • https://github.com/tobor88/PowerShell-Blue-Team
  • https://securethelogs.com/hacking-with-powershell-blue-team
  • https://www.blackhillsinfosec.com/powershell-logging-blue-team/

PowerShell

  • https://channel9.msdn.com/Series/Getting-Started-with-Microsoft-PowerShell
  • https://docs.microsoft.com/en-us/powershell/scripting/overview?view=powershell-7
  • https://www.comparitech.com/net-admin/powershell-cheat-sheet
  • https://docs.microsoft.com/en-us/power-platform/admin/wp-task-automation-powershell
  • https://www.guru99.com/powershell-tutorial.html
  • https://securethelogs.com/hacking-with-powershell-blue-team

Vulnerable VMs

  • https://github.com/cliffe/SecGen

Linux Guide

  • https://github.com/UticaCollegeCyberSecurityClub/LinuxGuide

Kali Linux

  • https://ourcodeworld.com/articles/read/961/how-to-solve-kali-linux-apt-get-install-e-unable-to-locate-package-checkinstall

Fuzzing

  • https://rhinosecuritylabs.com/research/fuzzing-left4dead-2-with-fuzzing-framework

SSH

  • https://ma.ttias.be/socks-proxy-linux-ssh-bypass-content-filters
  • https://unix.stackexchange.com/questions/46235/how-does-reverse-ssh-tunneling-work
  • https://www.digitalocean.com/community/tutorials/how-to-set-up-ssh-keys--2
  • https://www.debian.org/devel/passwordlessssh
  • https://linuxhandbook.com/add-ssh-public-key-to-server/
  • https://serverpilot.io/docs/how-to-use-ssh-public-key-authentication/

Deep Learning

  • https://deej-ai.online/
  • https://deepdreamgenerator.com/
  • https://github.com/arunponnusamy/object-detection-opencv
  • https://github.com/curiousily/Deep-Learning-For-Hackers
  • http://news.mit.edu/2017/explained-neural-networks-deep-learning-0414
  • https://playground.tensorflow.org/
  • https://towardsdatascience.com/understanding-neural-networks-19020b758230
  • http://deeplearning.net/tutorial/gettingstarted.html
  • https://github.com/ChristosChristofidis/awesome-deep-learning
  • https://hackernoon.com/deep-learning-chatbot-everything-you-need-to-know-r11jm30bc
  • https://medium.com/@ageitgey/deepfaking-the-news-with-nlp-and-transformer-models-5e057ebd697d
  • https://towardsdatascience.com/cryptocurrency-price-prediction-using-deep-learning-70cfca50dd3a
  • https://towardsdatascience.com/deep-learning-and-momentum-investing-2273e8db5b86
  • https://towardsdatascience.com/machine-learning-for-sports-betting-not-a-basic-classification-problem-b42ae4900782
  • https://towardsdatascience.com/creating-bitcoin-trading-bots-that-dont-lose-money-2e7165fb0b29
  • https://towardsdatascience.com/detailed-tutorial-build-your-custom-real-time-object-detector-5ade1017fd2d
  • https://medium.com/data-folks-indonesia/build-your-own-quotes-generator-3a23e9cbcff3
  • https://hackernoon.com/dont-be-fooled-deceptive-cryptocurrency-price-predictions-using-deep-learning-bf27e4837151
  • https://github.com/firmai/awesome-google-colab
  • https://github.com/alpv95/MemeProject
  • https://ai-mrkogao.github.io/reinforcement%20learning/pygta5/
  • https://pytorch.org/tutorials/beginner/deep_learning_60min_blitz.html

Reverse_Engineering

  • https://www.refirmlabs.com/reverse-engineering-my-routers-firmware-with-binwalk
  • https://www.geeksforgeeks.org/working-with-magic-numbers-in-linux
  • https://medium.com/@vignesh4303/reverse-engineering-resources-beginners-to-intermediate-guide-links-f64c207505ed
  • https://hackaday.io/project/172292-introduction-to-reverse-engineering-with-ghidra
  • https://towardsdatascience.com/building-a-quotebot-with-machine-learning-eca39272e3b7
  • https://www.kitploit.com/2017/01/repy2exe-reverse-engineering-tool-for.html
  • https://malwareunicorn.org/workshops/re101.html
  • https://malwareanalysis.tools/
  • https://medium.com/@vignesh4303/reverse-engineering-resources-beginners-to-intermediate-guide-links-f64c207505ed
  • https://medium.com/free-code-camp/how-i-solved-a-simple-crackme-challenge-with-the-nsas-ghidra-d7e793c5acd2

Machine-Learning

  • https://towardsdatascience.com/how-to-build-a-simple-song-recommender-296fcbc8c85
  • https://github.com/PierreGe/RL-movie-recommender
  • https://medium.com/analytics-vidhya/create-a-rapping-ai-using-deep-learning-part-1-collecting-the-data-634bbfa51ff5
  • https://becominghuman.ai/how-netflix-uses-ai-and-machine-learning-a087614630fe
  • https://github.com/josephmisiti/awesome-machine-learning
  • https://aryamccarthy.github.io/malmi2016dopelearning
  • https://towardsdatascience.com/introduction-to-neural-networks-advantages-and-applications-96851bd1a207
  • https://genius.com/posts/63-Introducing-rapmetricstm-the-birth-of-statistical-analysis-of-rap-lyrics
  • https://medium.com/swlh/build-spotify-playlist-using-machine-learning-45352975d2ee
  • https://towardsdatascience.com/trolls-and-bots-are-disrupting-social-media-heres-how-ai-can-stop-them-d9b969336a06
  • http://sitn.hms.harvard.edu/flash/2016/how-tay-machine-learned-her-way-to-become-a-twitter-troll/
  • https://medium.com/@ageitgey/how-to-break-a-captcha-system-in-15-minutes-with-machine-learning-dbebb035a710
  • https://medium.com/@ageitgey/machine-learning-is-fun-part-4-modern-face-recognition-with-deep-learning-c3cffc121d78
  • https://medium.com/@ageitgey/abusing-generative-adversarial-nehttps://realpython.com/k-means-clustering-python rks-to-make-8-bit-pixel-art-e45d9b96cee7
  • https://towardsdatascience.com/using-reinforcement-learning-to-trade-bitcoin-for-massive-profit-b69d0e8f583b
  • https://towardsdatascience.com/naive-bayes-explained-108c095241eb
  • https://towardsdatascience.com/basic-nlp-on-the-texts-of-harry-potter-sentiment-analysis-1b474b13651d
  • https://machinelearningmastery.com/what-are-generative-adversarial-networks-gans
  • https://realpython.com/k-means-clustering-python
  • https://medium.com/dataseries/k-means-clustering-explained-visually-in-5-minutes-b900cc69d175
  • https://joshualoong.com/2018/07/03/Topic-Modelling-Song-Lyrics-An-Exploration-in-Unsupervised-Text-Analytics/
  • https://opencv-python-tutroals.readthedocs.io/en/latest/py_tutorials/py_tutorials.html
  • https://towardsdatascience.com/using-nlp-to-identify-redditors-who-control-multiple-accounts-837483c8b782

Cheatsheets

  • https://cheatography.com/albertx/cheat-sheets/openssl/
  • https://devhints.io/curl
  • http://cs.lewisu.edu/~klumpra/camssem2015/nmapcheatsheet1.pdf
  • https://highon.coffee/blog/nmap-cheat-sheet/
  • https://www.cyberciti.biz/howto/question/general/compress-file-unix-linux-cheat-sheet.php
  • https://tmuxcheatsheet.com/
  • http://web.mit.edu/hackl/www/lab/turkshop/slides/regex-cheatsheet.pdf
  • http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet
  • https://www.aelius.com/njh/subnet_sheet.html
  • https://medium.com/hacker-toolbelt/wireshark-filters-cheat-sheet-eacdc438969c
  • https://packetlife.net/media/library/13/Wireshark_Display_Filters.pdf
  • https://pequalsnp-team.github.io/cheatsheet/steganography-101
  • https://codeyarns.com/2016/01/22/wget-cheatsheet/
  • https://cheatsheet.dennyzhang.com/cheatsheet-ssh-a4
  • https://gto76.github.io/linux-cheatsheet/
  • https://digital-forensics.sans.org/media/reverse-engineering-malicious-code-tips.pdf
  • https://cheatsheetseries.owasp.org/assets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet_SSRF_Bible.pdf

Encryption & Cryptography

  • https://www.openpgp.org/
  • https://digitalguardian.com/blog/what-pgp-encryption-defining-and-outlining-uses-pgp-encryption
  • https://cs.nju.edu.cn/daihp/ns_course/04HaipengDai_SymmetricCrypto_2.pdf
  • https://www.educause.edu/focus-areas-and-initiatives/policy-and-security/cybersecurity-program/resources/information-security-guide/toolkits/encryption-101
  • https://idafchev.github.io/crypto/2017/04/13/crypto_part1.html
  • https://simpleaswater.com/cryptography/
  • http://pi.math.cornell.edu/~morris/135/Bacon.pdf
  • http://practicalcryptography.com/ciphers/caesar-cipher
  • https://www.boxentriq.com/code-breaking/caesar-cipher
  • https://www.boxentriq.com/code-breaking/vigenere-cipher
  • https://pages.mtu.edu/~shene/NSF-4/Tutorial/VIG/Vig-Base.html
  • http://practicalcryptography.com/ciphers/simple-substitution-cipher
  • https://blog.finjan.com/substitution-ciphers-a-look-at-the-origins-and-applications-of-cryptography
  • https://blog.logsign.com/how-does-xor-cipher-work
  • https://stackoverflow.com/questions/2029426/what-is-xor-encryption
  • https://ctf101.org/cryptography/what-is-xor
  • https://idafchev.github.io/crypto/2017/04/13/crypto_part1.html
  • https://math.stackexchange.com/questions/28955/how-to-break-xor-cipher-with-repeating-key
  • https://carterbancroft.com/breaking-repeating-key-xor-programmatically/
  • https://stackoverflow.com/questions/4078902/cracking-short-rsa-keys
  • https://gist.github.com/Neo23x0/6af876ee72b51676c82a2db8d2cd3639
  • https://www.techrepublic.com/article/how-to-sign-a-file-on-linux-with-gpg
  • https://web.mit.edu/kerberos
  • https://asecuritysite.com/encryption/rsa12_2

Apts

  • https://resources.malwarebytes.com/files/2020/04/200407-MWB-COVID-White-Paper_Final.pdf
  • https://threatconnect.com/blog/using-fancy-bear-ssl-certificate-information-to-identify-their-infrastructure
  • https://www.crowdstrike.com/blog/who-is-fancy-bear
  • https://content.fireeye.com/apt-41/rpt-apt41
  • https://threatpost.com/equation-apt-group-attack-platform-a-study-in-stealth/111550
  • https://securelist.com/equation-the-death-star-of-malware-galaxy/68750
  • https://us-cert.cisa.gov/sites/default/files/publications/JAR_16-20296A_GRIZZLY%20STEPPE-2016-1229.pdf
  • http://www.robertmlee.org/critiques-of-the-dhsfbis-grizzly-steppe-report
  • https://unit42.paloaltonetworks.com/ironnetinjector
  • https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/solarwinds-sunburst-sending-data
  • https://research.nccgroup.com/2020/11/18/ta505-a-brief-history-of-their-time

PHISHING TOOLS

  • Modlishka. Reverse Proxy - https://github.com/drk1wi/Modlishka
  • Evilginx2 MITM phishing - https://github.com/kgretzky/evilginx2
  • HiddenEye - https://github.com/DarkSecDevelopers/HiddenEye

OSINT

  • Mitaka A Browser Extension For OSINT Search - https://github.com/ninoseki/mitaka
  • DarkScrape OSINT Tool For Scraping Dark Websites - https://github.com/itsmehacker/DarkScrape
  • Sherlock Find Usernames Across Social Networks - https://github.com/sherlock-project/sherlock
  • OSINT-SPY Search using OSINT - https://github.com/SharadKumar97/OSINT-SPY
  • SpiderFoot OSINT Tool - https://github.com/smicallef/spiderfoot
  • KillShot A Penetration Framework - https://github.com/bahaabdelwahed/killshot
  • Ethereum recon and exploitation tool - https://github.com/cleanunicorn/theo
  • Find breached emails, databases, pastes - https://github.com/Ekultek/WhatBreach
  • Xray - A Tool For Recon, Mapping And OSINT Gathering - https://github.com/evilsocket/xray
  • OSINT framework - https://osintframework.com/
  • Discover - https://github.com/leebaird/discover
  • ReconCobra - https://github.com/haroonawanofficial/ReconCobra
  • plot a Twitter user’s activity onto a map - http://geosocialfootprint.com/
  • View DNS - https://viewdns.info/
  • Twitter trend map - https://www.trendsmap.com/

Windows SubSystem

  • https://docs.microsoft.com/en-us/windows/wsl/install-win10
  • https://docs.microsoft.com/en-us/windows/wsl/faq
  • https://blogs.windows.com/windowsdeveloper/2016/07/22/fun-with-the-windows-subsystem-for-linux/
  • https://wiki.ubuntu.com/WSL
  • https://github.com/sirredbeard/Awesome-WSL

MALWARE

  • fireELF - Fileless Linux Malware Framework - https://github.com/rek7/fireELF
  • Ustealer - Ubuntu Stealer, Steal Ubuntu Information - https://github.com/atmoner/Ustealer
  • BYOB (Build Your Own Botnet) - https://github.com/malwaredllc/byob
  • UBoat - HTTP Botnet Project - https://github.com/Souhardya/Uboat

Hardware

  • Posion tap - https://samy.pl/poisontap/
  • Rubber ducky on steroids - https://github.com/whid-injector/WHID
  • PI hole - https://github.com/pi-hole/pi-hole
  • Homemade LAN turtle - https://github.com/CuPcakeN1njA/Int3rcept0r
  • Rasp pi AI Security camera - https://medium.com/berrynet/diy-your-ai-home-security-camera-with-raspberry-pi-and-open-source-software-10d4364df20f
  • https://hakin9.org/pi-sniffer-is-a-wi-fi-sniffer-built-on-the-raspberry-pi-zero-w

Cryptocurrency & Blockchains & Tokens

  • Bitcoin - https://www.bitcoin.com/
  • Monero - https://www.getmonero.org/
  • Zcash - https://z.cash/
  • Ethereum - https://ethereum.org
  • RavenCoin - https://ravencoin.org
  • DogeCoin - https://dogecoin.com
  • TurtleCoin - https://turtlecoin.lol
  • LiteCoin - https://litecoin.org
  • BitcoinCash - https://bitcoincash.org
  • Dash - https://www.dash.org
  • Stellar - https://www.stellar.org
  • Mining - https://www.investopedia.com/tech/how-does-bitcoin-mining-work/
  • 51% attack - https://github.com/cburchert/shitcoin\
  • Play with blockchain - https://github.com/DutchGraa/crackcoin
  • Monero Info - https://www.monero.how/monero-infographic
  • Simulated Blockchains for Machine Learning Traceability and Transaction Values in the Monero - https://arxiv.org/abs/2001.03937
  • How Blockchain works - http://blockchain.mit.edu/how-blockchain-works
  • http://list.zju.edu.cn/kaibu/netsec/lec04-blockchain.ppt
  • https://www.exablue.de/en/blog/2020-06-11-malware-on-the-blockchain.html
  • https://cryptofacilities.zendesk.com/hc/en-us/articles/115002807834-Calculation-of-profit-and-loss
  • https://github.com/citp/BlockSci
  • https://bitcointalk.org/index.php?topic=5141594.0
  • https://medium.com/@philipshen13/monero-part-1-key-concepts-3671186016c6
  • https://blockchain.unica.it/projects/blockchain-analytics
  • https://youtu.be/cjbHqvr4ffo - How Does Monero Work?
  • https://bitcoin.stackexchange.com/questions/59955/how-do-i-calculate-the-profit-of-the-value-of-my-bitcoin
  • https://reserve.org
  • https://foam.space
  • https://dad.one
  • https://getravencoin.org/ravencoin-asset-token
  • https://hackernoon.com/what-are-stellar-assets-79b3145b5c7f
  • https://tronblack.medium.com/ravencoin-proof-of-authenticity-4a0d325d5347

Offline wallet

  • https://moneroaddress.org
  • https://bitcoinpaperwallet.com
  • https://turtlecoin.lol/wallet
  • https://stellarpaperwallet.com
  • https://walletgenerator.net

Govt

  • https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-115.pdf
  • https://csrc.nist.gov/publications/detail/sp/800-82/rev-2/final
  • https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final
  • https://csrc.nist.gov/publications/detail/sp/800-94/final
  • https://www.nist.gov/risk-management

Tor

  • Tor's web site - https://www.torproject.org
  • Dark web sites - https://dark.fail/#Philosophy
  • How tor works - https://jordan-wright.com/blog/2015/02/28/how-tor-works-part-one

BlockChain Analysis

  • Wallet Explorer - https://www.walletexplorer.com
  • C-Hound - https://www.c-hound.ai
  • BlockChain - https://www.blockchain.com
  • BlockChair - https://blockchair.com
  • Blockchain Analysis - https://Blockstream.info
  • https://oxt.me
  • https://matbea.net
  • https://sochain.com

Centos

  • https://www.tecmint.com/things-to-do-after-minimal-rhel-centos-7-installation
  • https://doc.lagout.org/operating%20system%20/linux/Foundations%20of%20CentOS%20Linux.pdf

Malware Samples

NOTE: The ones with * after the links are ones that are vetted. If you use your uc email and tell them your a cyber student, they wil mostly likely give you access.

  • Hybrid analysis - https://www.hybrid-analysis.com
  • VirusShare - https://virusshare.com*
  • VirusTotal - https://www.virustotal.com

Threat Maps

  • https://threatmap.checkpoint.com
  • https://cybermap.kaspersky.com
  • https://www.fireeye.com/cyber-map/threat-map.html
  • https://threatmap.fortiguard.com
  • https://map.lookingglasscyber.com

SCANNERS

  • shuffleDNS is a wrapper around massdns - https://github.com/projectdiscovery/shuffledns
  • Fast web fuzzer written in Go - https://github.com/ffuf/ffuf
  • bruteforce for AWS s3 buckets - https://github.com/nahamsec/lazys3
  • MassDNS subdomain enumeration - https://github.com/blechschmidt/massdns
  • Fenrir Simple Bash IOC Scanner - https://github.com/Neo23x0/Fenrir
  • Slurp S3 Bucket Enumerator - https://github.com/hehnope/slurp
  • RapidScan Web Scanner - https://github.com/skavngr/rapidscan
  • black box WordPress security - https://github.com/wpscanteam/wpscan
  • ALT DNS - DNS recon - https://github.com/infosec-au/altdns
  • Sn1per automated scanner - https://github.com/1N3/Sn1per
  • Httpgrep - Scans HTTP Servers To Find Given Strings In URIs - https://github.com/noptrix/httpgrep
  • https://github.com/aboul3la/Sublist3r
  • https://github.com/maurosoria/dirsearch
  • https://github.com/guelfoweb/knock
  • https://github.com/nahamsec/lazyrecon
  • https://cirt.net/Nikto2
  • https://github.com/yanxiu0614/subdomain3
  • https://github.com/swisskyrepo/SSRFmap

WEB

  • Trasxss automated XSS - https://github.com/M4cs/traxss
  • XSpear Powerfull XSS Scanning And Parameter Analysis Tool - https://github.com/hahwul/XSpear
  • XSSCon: Simple XSS Scanner tool - https://github.com/menkrep1337/XSSCon
  • Corsy - CORS Misconfiguration Scanner - https://github.com/s0md3v/Corsy
  • https://fsec404.github.io/blog/HTTP-parameter-pollution/
  • https://telekomsecurity.github.io/2020/05/smuggling-http-headers-through-reverse-proxies.html
  • https://portswigger.net/research/http-desync-attacks-request-smuggling-reborn
  • https://www.rapid7.com/fundamentals/web-application-vulnerabilities

Bug Bounty

  • https://shkspr.mobi/blog/2018/12/twitter-bug-bounty
  • https://www.reddit.com/r/bugbounty/comments/983odf/how_to_become_a_bug_bounty_hunter
  • https://portswigger.net/daily-swig/bug-bounty-radar-the-latest-bug-bounty-programs-for-march-2020
  • https://medium.com/@muff1n/how-to-become-a-bug-bounty-hunter-dffce2bb333c
  • https://samcurry.net/abusing-http-path-normalization-and-cache-poisoning-to-steal-rocket-league-accounts
  • https://0xsha.gitbook.io/bug-bounties-five-weeks-to-your-first-bug
  • https://medium.com/@secureITmania/how-i-exploit-the-json-csrf-with-method-override-technique-71c0a9a7f3b0
  • https://bugs.xdavidhu.me/google/2020/03/08/the-unexpected-google-wide-domain-check-bypass
  • https://blog.intigriti.com/2020/02/24/twitter-recap-1-bug-bounty-tips-by-the-intigriti-community/#tools_5
  • https://bugbountyguide.com/
  • https://www.hackerone.com/blog/100-hacking-tools-and-resources
  • https://hackerone.com/reports/867952
  • https://keenlab.tencent.com/en/2020/01/02/exploiting-wifi-stack-on-tesla-model-s
  • https://research.securitum.com/xss-in-amp4email-dom-clobbering
  • https://medium.com/@vignesh4303/collection-of-bug-bounty-tip-will-be-updated-daily-605911cfa248
  • https://medium.com/bugbountywriteup/bug-bounty-hunting-methodology-toolkit-tips-tricks-blogs-ef6542301c65
  • https://pentester.land/list-of-bug-bounty-writeups.html
  • https://github.com/devanshbatham/Awesome-Bugbounty-Writeups
  • https://www.bugcrowd.com/blog/how-to-find-idor-insecure-direct-object-reference-vulnerabilities-for-large-bounty-rewards
  • https://medium.com/@win3zz/how-i-made-31500-by-submitting-a-bug-to-facebook-d31bb046e204
  • https://bhavukjain.com/blog/2020/05/30/zeroday-signin-with-apple
  • https://medium.com/@zonduu/idor-in-session-cookie-leading-to-mass-account-takeover-d815ff3732d5
  • https://www.bad5ect0r.sh/index.php/2020/05/17/stored-xss-password-disclosure
  • https://github.com/pry0cc/axiom
  • https://challenge.intigriti.io/
  • https://opnsec.com/2020/05/dom-xss-in-gmail-with-a-little-help-from-chrome
  • https://hethical.io/stealing-the-trello-token-by-abusing-a-cross-iframe-xss-on-the-butler-plugin
  • https://samcurry.net/abusing-http-path-normalization-and-cache-poisoning-to-steal-rocket-league-accounts
  • http://blog.oath.ninja/basic-bug-bounty-faq
  • https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters
  • https://0xsha.gitbook.io/bug-bounties-five-weeks-to-your-first-bug
  • https://portswigger.net/research/bypassing-csp-with-policy-injection
  • https://www.bugcrowd.com/resources/webinars/api-security-testing-for-hackers
  • https://samcurry.net/hacking-starbucks
  • https://exploitway.com/github-dorks-for-penetration-testing
  • https://medium.com/@sainttobs/csrf-token-bypasss-a-tale-of-my-2k-bug-ff7f51166ea1
  • https://shahmeeramir.com/methods-to-bypass-csrf-protection-on-a-web-application-3198093f6599
  • https://research.securitum.com/what-is-the-csrf-cross-site-request-forgery-vulnerability
  • https://www.errno.fr/Attacking_source_repositories
  • https://www.hackerone.com/blog-How-To-Server-Side-Request-Forgery-SSRF
  • https://secapps.com/tutorials/security-testing-beyond-the-edge
  • https://medium.com/bugbountywriteup/the-1-000-worth-cookie-6cf48af08e08
  • https://www.bugcrowd.com/blog/how-to-find-idor-insecure-direct-object-reference-vulnerabilities-for-large-bounty-rewards
  • https://medium.com/@the.bilal.rizwan/graphql-common-vulnerabilities-how-to-exploit-them-464f9fdce696
  • https://medium.com/@nyomanpradipta120/ssti-in-flask-jinja2-20b068fdaeee
  • https://hackernoon.com/how-to-find-internal-subdomains-yql-yahoo-and-bug-bounty-d7730b374d77

NEWS SITES

  • BleepingComputer - https://bleepingcomputers.com
  • The Hacker News - https://thehackernews.com
  • ThreatPost - https://threatpost.com
  • SecureList - https://securelist.com
  • DarkReading - https://www.darkreading.com
  • Krebs On Security - https://krebsonsecurity.com
  • Sucuri - https://blog.sucuri.net
  • Unit42 - https://unit42.paloaltonetworks.com
  • Zdnet - https://www.zdnet.com
  • HackRead - https://www.hackread.com
  • CSO - https://www.csoonline.com
  • BitDefender - https://labs.bitdefender.com
  • Malwarebytes - https://blog.malwarebytes.com
  • Netsec - https://reddit.com/r/netsec
  • CheckPoint - https://research.checkpoint.com

XSS

  • https://www.google.com/about/appsecurity/learning/xss
  • https://portswigger.net/web-security/cross-site-scripting/cheat-sheet
  • https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet
  • https://xsses.rocks/sample-page
  • https://github.com/wish-i-was/femida

SQL Injection Tools

  • SQLMap - https://github.com/sqlmapproject/sqlmap
  • jSQL Injection is a Java application - https://github.com/ron190/jsql-injection
  • Blisqy - Exploit Time-based blind-SQL - https://github.com/JohnTroony/Blisqy

SQL Injection

  • https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet
  • http://pentestmonkey.net/cheat-sheet/sql-injection/mysql-sql-injection-cheat-sheet
  • https://www.exploit-db.com/papers/13650
  • https://trustfoundry.net/bypassing-wafs-with-json-unicode-escape-sequences
  • https://realpython.com/prevent-python-sql-injection
  • https://bobby-tables.com
  • http://www.securityidiots.com/Web-Pentest/SQL-Injection/bypass-login-using-sql-injection.html
  • https://portswigger.net/web-security/sql-injection
  • https://www.rapid7.com/fundamentals/sql-injection-attacks/

CSRF

  • https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html
  • https://trustfoundry.net/cross-site-request-forgery-cheat-sheet

Google Hacking

  • https://www.exploit-db.com/google-hacking-database
  • https://securitytrails.com/blog/google-hacking-techniques
  • https://medium.com/infosec-adventures/google-hacking-39599373be7d

Python

  • https://codecademy.com/learn/learn-python
  • https://docs.python-guide.org/intro/learning
  • https://medium.com/swlh/5-free-python-courses-for-beginners-to-learn-online-e1ca90687caf
  • https://docs.microsoft.com/en-us/learn/modules/intro-to-python
  • https://refactoring.guru/design-patterns
  • https://alysivji.github.io/simple-plugin-system.html
  • https://eli.thegreenplace.net/2012/08/07/fundamental-concepts-of-plugin-infrastructures
  • https://www.abhishekshukla.com/python/adventures-in-cryptography-with-python-xor-cipher
  • https://docs.python.org/3/tutorial/datastructures.html
  • https://docs.python.org/2/tutorial/classes.html
  • https://en.ogunal.com/data-collection-with-python-on-linux-system
  • https://wiki.python.org/moin/ForLoop
  • https://www.digitalocean.com/community/tutorials/how-to-construct-for-loops-in-python-3
  • https://www.digitalocean.com/community/tutorials/understanding-lists-in-python-3
  • https://www.pitt.edu/~naraehan/python3/split_join.html
  • https://medium.com/swlh/list-comprehensions-in-python-3-for-beginners-8c2b18966d93
  • https://www.guidodiepen.nl/2019/02/implementing-a-simple-plugin-framework-in-python
  • https://python-reference.readthedocs.io/en/latest/docs/functions/import.html
  • https://dev.to/serhatteker/how-to-upgrade-to-python-3-7-on-ubuntu-18-04-18-10-5hab
  • https://archive.org/details/comp3321 ( requested from NSA by Freedom of Information Act- python courses)
  • https://www.digitalocean.com/community/tutorials/understanding-dictionaries-in-python-3
  • https://www.digitalocean.com/community/tutorials/how-to-index-and-slice-strings-in-python-3
  • https://realpython.com/python-data-classes
  • https://realpython.com/python-f-strings
  • https://deepsource.io/blog/python-walrus-operator
  • https://dabeaz-course.github.io/practical-python/Notes/Contents.html

Ruby

  • http://rubylearning.com
  • https://www.ruby-lang.org/en/documentation/quickstart
  • https://ruby-doc.com/docs/ProgrammingRuby
  • https://www.codecademy.com/learn/learn-ruby
  • https://refactoring.guru/design-patterns
  • https://github.com/arbox/machine-learning-with-ruby
  • https://ruby.github.io/rake/doc/rakefile_rdoc.html
  • https://medium.com/@jaeger.rob/a-simple-ruby-rakefile-for-tests-149a7b783c52
  • http://sinatrarb.com
  • https://thoughtbot.com/blog/lets-build-a-sinatra
  • https://linuxize.com/post/how-to-install-ruby-on-ubuntu-18-04
  • https://ankane.org/more-ml-gems
  • https://dev.to/daviducolo/machinelearning-with-ruby-3m75

C++

  • https://www.cplusplus.com
  • https://docs.microsoft.com/en-us/cpp/cpp/for-statement-cpp?view=vs-2019
  • https://www.cs.bu.edu/teaching/cpp/writing-makefiles
  • https://www.cs.fsu.edu/~myers/howto/g++compiling.txt
  • https://en.cppreference.com/w/cpp/language/main_function
  • https://www.cplusplus.com/doc/tutorial/program_structure
  • https://www.guru99.com/cpp-file-read-write-open.html
  • https://www.programiz.com/cpp-programming/inheritance
  • https://docs.microsoft.com/en-us/cpp/cpp/main-function-command-line-args?view=msvc-160
  • https://www.geeksforgeeks.org/command-line-arguments-in-c-cpp

Honey Pots

  • https://github.com/wish-i-was/femida
  • https://github.com/cowrie/cowrie
  • https://github.com/foospidy/HoneyPy
  • https://github.com/magisterquis/sshhipot
  • https://github.com/desaster/kippo
  • https://github.com/andrewmichaelsmith/bluepot
  • https://github.com/mushorg/conpot
  • https://lwn.net/Articles/240120
  • https://github.com/mhils/HoneyProxy
  • https://github.com/amv42/sshd-honeypot

CTF

  • https://github.com/gabemarshall/microctfs
  • FaceBook CTF - https://github.com/facebook/fbctf
  • https://laconicwolf.com/2018/06/11/cryptopals-challenge-5-repeating-key-xor-encryption
  • https://truedigitalsecurity.com/blog/csaw-2015-crypto-500-bricks-of-gold-writeup
  • https://www.tunnelsup.com/helpful-linux-commands-for-ctfs
  • https://www.tildeho.me/ritsec-ctf-writeup-recover-aes-cbc-iv
  • https://mikehacksthings.com/2019/11/07/my-favorite-challenge-of-the-fall-2019-hackathon
  • https://mikehacksthings.com/2018/11/19/cny-hackathon-ctf-walkthrough-fall-2018-edition
  • https://medium.com/@thereallulz/write-up-some-random-ctf-challenges-stego-part-1-be6e0c17fd4e
  • https://underthewire.tech/
  • https://gist.github.com/Neo23x0/6af876ee72b51676c82a2db8d2cd3639
  • https://blog.sqreen.com/local-file-inclusions-explained/
  • https://ctftime.org/writeup/19017

CTF Tools

  • https://github.com/lockedbyte/cryptovenom
  • https://github.com/hellman/xortool
  • https://github.com/DominicBreuker/stego-toolkit
  • https://github.com/Acceis/crypto_identifier

Metadata

52
Stars
10
Forks
Watchers

Owner

verified publisher icon birdbee44

Metadata

Back