--[ links ]

DIY Web Pentesting Tools on Ubuntu
Arachni on Ubuntu 14.04 LTS
BeEF on Ubuntu 14.04 LTS
Burp Suite on Ubuntu 14.04 LTS
CMSMap on Ubuntu 14.04 LTS
Commix on Ubuntu 14.04 LTS
HconSTF on Ubuntu 14.04 LTS
John on Ubuntu 14.04 LTS
Masscan on Ubuntu 14.04 LTS
Metasploit Framework on Ubuntu 14.04 LTS
NMap on Ubuntu 14.04 LTS
NetCat on Ubuntu 14.04 LTS
NoSQLMap on Ubuntu 14.04 LTS
Recon-ng on Ubuntu 14.04 LTS
SET on Ubuntu 14.04 LTS
SQLMap on Ubuntu 14.04 LTS

Spiderfoot on Ubuntu 14.04 LTS
THC-Hydra on Ubuntu 14.04 LTS
Weevely on Ubuntu 14.04 LTS
ZAP on Ubuntu 14.04 LTS

Online Free InfoSec Course
Exploit Development Course
Modern Binary Exploitation - CSCI 4968

Kivy
kivy
Kivy Crash Course (Video)

Course Review
Offensive Security Infosec Certifications in the Job Market
Cracking the Perimeter (CTP)
Penetration Testing with BackTrack (PWB)
Am I ready for taking Penetration Testing with BackTrack (PWB)
Offensive Security Wireless Attacks (WiFu)

Vulnerable Test Websites
Acunetix Web Vulnerable Test Websites
Demo site for Web Vulnerability Scanner
ModSecurity Demonstration Projects

AirPwn-NG
AirPwn-NG GitHub
LANs.py GitHub
Youtube

Webshell
Quasibot - Complex Webshell Manager

CAPTCHA & reCAPTCHA
I’m not a human: Breaking the Google reCAPTCHA
Attacking Audio "reCaptcha" using Google's Web Speech API
Bypass Captcha using Python and Tesseract OCR engine
Bypassing CAPTCHAs by Impersonating CAPTCHA Providers (White Paper)
Captcha Intruder
Extending Burp Suite to solve reCAPTCHA
No CAPTCHA reCAPTCHA
clipcaptcha
hack_audio_captcha

OWASP Video
OWASP AppSec California 2014
OWASP AppSecUSA 2014
OWASP Global Webinars
OWASP Appsec Tutorial Series

YouTube PlayLists
Adrian Crenshaw Collections
Advanced Threat Tactics (2015)
BSides DC 2014
Black Hat USA 2015
BlackHat USA 2014
BlackHat USA 2015
Burp Suite for Web Application Security
Def Con 22
Metasploitable 2 Series - by Japtron
SQLi-Lab - by Audi-1
Security Tube - Hack of the Day
SoureFire
Tradecraft - Red Team Operation

All about Shellshock
Shellshock: A Collection of Exploits seen in the wild
CGI Shellshock
CGI Shellshock 2
Pure-FTPd Metasploit Exploit Module
SIPShock Scanner
BashCheck
Bash漏洞再次演进:缓冲区溢出导致远程任意命令执行
Online Testing Tool
Everything you need to know about CVE-2014-6271
Shellshock proof of concept – Reverse shell
威胁远胜“心脏出血”?国外新爆Bash高危安全漏洞

Hackers' Arsenal
CIDR IP Address Guide
CMSmap
CipherShed | Secure Encryption Software
DDoS Amplification Tool
Framework for Man-In-The-Middle Attacks
J3rge's Blog
LFI Freak
RIPS - A static source code analyser for vulnerabilities in PHP scripts
The Backdoor Factory
Using Windows Screensaver as a Backdoor with PowerShell

Free E-Book (Please Donate!!!)
Reverse Engineering for Beginners

香港佔中事件
香港佔中事件分析與美國佔領一個國家的12個步驟 (Video)

ACLU
The NSA Archive

Exploit & Vulnerability Database
Exploit Database
Full Disclosure
National Vulnerability Database
Packet Storm
Secunia Advisory and Vulnerability Database
SecurityFocus Bugtraq
SecurityFocus Vulnerabilities Database
Vulnerability Notes Database

Reddit
Reddit - AskNetsec
Reddit - ComputerForensics
Reddit - HackBloc
Reddit - Infosec
Reddit - LockPicking
Reddit - Malware
Reddit - NightHawkTOR
Reddit - RELounge
Reddit - REMath
Reddit - ReverseEngineering
Reddit - Sysadmin
Reddit - TOR
Reddit - XSS
Reddit - antiforensics
Reddit - blackhat
Reddit - crypto
Reddit - cyberlaws
Reddit - hackers
Reddit - hacking
Reddit - lowlevel
Reddit - memoryforensics
Reddit - netsec
Reddit - netsecstudents
Reddit - onions
Reddit - psychology
Reddit - pwned
Reddit - rootkit
Reddit - securityCTF
Reddit - snowden
Reddit - socialengineering
Reddit - vrd
Reddit - wikileaks

Papers & Slides
Blind Return Oriented Programming (BROP)
DEP, ASLR bypass without ROP & JIT
Detecting Hidden Files - inodeyou
Emergency Self-Destruction of LUKS in Kali Linux
Faster Domain Escalation Using LDAP
Hardcoded Pointers for bypassing ASLR
Hashcrack
Heartbleed Mass Test
How I Got Root With Sudo
Javascript for Hackers
Just In Time Code Resue
KASLR Bypass Mitigations in Windows 8.1
Kali Tool
Linux Local Privilege Escalation via SUID /proc/pid/mem Write
Local Linux Enumeration & Privilege Escalation Basics
Metasploit Meterpreter and NAT
OptiROP: the art of hunting ROP gadgets
PWNStaller for Veil Framework
Phrack Magazine
Shell Is Coming
Shellcode building
Using Heartbleed PoC for Hijacking User Sessions En Masse
Windows Privilege Escalation Fundamentals
elsherei.com



My Favourites
Anonymity First - Tor & Metasploit
Anonymous Post-Compromise via Tor Hidden Services
Attacking Drupal
Automated SQL Injection Detection
Bug fix for Mutillidae on Metasploitable 2
Bugtraq Team
Clickjacking
Cloudflare Watch
Cracking WPA2 Passpharse Made Easy
Exploiting XPath injection with Xcat
Free Proxy List Online
HOWTO : TP-Link TL-MR3020 as WiFi Pineapple Made Easy
HOWTO : TP-Link TL-WR1043ND as WiFi Pineapple Made Easy
Hacking Tutorial
Hash Identifier
HashData
ITSEC Games
Insecurety Research
Legal Music For Videos
Lockpicking - by Deviant Ollam
Matthew H Knight
Metasploit : Meterpreter HTTP/HTTPS Communication
Metasploit : reverse_https_proxy
Offensive Security Course Reviews
Offensive Security Spring 2013
Online Hash Crack
Open Cyber Challenge Platform
Penetration Testing Practice Lab
Practical Exploitation Using A Malicious Service Set Identifier (SSID)
Quick Blind TCP Connection Spoofing with SYN Cookies
Reiners' Weblog
Reverse SSL Backdoor with Socat
SQLi Dorks
SQLi Lab Series
SSH Port Forwarding
SSH Tunnelling
Security Idiots
SmoothSec IDS/IPS
The Backdoor Factory
The Corrs - What Can I Do?
To Linux and beyond - Suricata
VulnHUB
WAF Bypass - PDF
Web Security Testing Toolbox
Why you need to learn hacking skills (2013 Edition)?
bwapp

Ruby on Rails
Learn Ruby The Hard Way
Ruby On Rails - YouTube
Ruby on Rails Video Tutorials

Linux Rootkits Series
Azazel
Writing Linux Rootkits 101
Writing Linux Rootkits 201
Writing Linux Rootkits 301
Suterusu

Linux Exploit Writing
Advance ROP attacks (Slides)
An Introduction to Returned-Oriented Programming on Linux
Having fun with ROP - NX / ASLR Bypass (Linux)
Linux Interactive Exploit Development with GDB and PEDA (Slides)
Payload already inside - data reuse for ROP exploits
ROPME - ROP Exploit Made Easy
ROPgadget - Gadgets finder and auto-roper
Return-Oriented Programming on 64-bit Linux
Smashing the Stack, an example from 2013
elsherei.com Papers and Tutorials

Virus?
VX Heaven
Valhalla - VX Heaven
Valhalla 4 - VX Heaven

Debugger
DuxDebugger (for Windows x86_64)

IDS/IPS Series
Bypassing IDS/IPS Signatures
Pissing on Snort with Metasploit (Video)

Web Service Attack (SOAP)
Defcon 13 - Attacking Web Services
Defcon 19 - Don’t Drop the SOAP
OWASP - Testing for Web Services
OWASP - Web Service Security Cheat Sheet
OWASP Web Service Attack Community Project
OWASP Web Services Security Project
SOAP Web Service Attack (PDF)
SQL Injection in SOAP Service using SQLMap (Youtube)
sqlmap and SOAP based web services

HTML5 Security
HTML5 Security Cheatsheet
OWASP Guide on Secure HTML5

Burp Suite
Bypass WAF: Burp Plugin to Bypass Some WAF Devices
ActiveScan++
Articles about Burp Suite Plugins
Automate WAF Bypass with Burp
Blind SQLi (Video)
Brute Force
Burp Suite Plugin Development for Java Noob
Burp Suite Pro Tips and Tricks (Video)
Burp Suite sqlmap plugin on Windows
Burp Suite with Tor
BypassWAF (Plugin)
CSRF (Video)
Comprehensive (Video)
HanLee - CSRF PoC Burp Suite's Plugin Project
LFI to Shell (Video)
Repeater (Video)
Spider
Sqlmap plugin (gason) for Burp Suite (Video)
gason - BurpSuite Plugin's Project (Sqlmap plugin)
nVisium

Cross Site Scripting
BlackHat USA 2012 - BeEF Injection with MiTM
Cross Site Scripting (XSS) Attacks: Methodology and Prevention
HTML DOM Access
Inter-Protocol Exploitation with BeEF (Video)
OWASP Testing Guide V4
OWASP XSS Prevention Cheat Sheet
Tools - BeEF - The Browser Exploit Framework
Tools - XSS Proxy
Tools - Xenotix - XSS Exploit Framework (Windows)
Tutorials - BeEF and Metasploit
XSS Encoding Calculator
XSS Filter Evasion Cheat Sheet
XSS Payload Generator
XSSYA - Cross Site Scripting Scanner & Vulnerability Confirmation
XSScrapy
mXSS Attack (Video)

SQL Injection
Blackhat Library
MSSQL Injection Cheat Sheet
MySQL Injection Cheat Sheet
New Techniques in SQLi Obfuscation
OWASP SQL Injection Prevention Cheat Sheet
OWASP Testing Guide V4
SQL Injection Cheat Sheet
SQL Zoo
SQLMap for Cloudflare
SQLi via Ajax (Video)
Tools - BSQL Hacker (Windows)
Tools - NoSQL Exploitation Framework
Tools - Pangolin (Windows)
Tools - SQLi Hunter (Windows)
Tools - The Mole
Tools - sqlmap
Tutorials - SQL
sqlinjection.net

Cross-Site Request Forgery
OWASP Cross-Site Request Forgery
OWASP Testing Guide V4
Tools - Pinata CRSF Tool
Tutorials - CRSF (Video)
nVisium

DIY Penetration Testing on Ubuntu
HOWTO : Aircrack-ng on Ubuntu Desktop 12.04 LTS
HOWTO : BeEF and Metasploit Integration on Ubuntu 12.04 LTS
HOWTO : BeEF on Ubuntu Desktop 12.04 LTS
HOWTO : Burp Suite on Ubuntu Desktop 12.04 LTS
HOWTO : CERT Basic Fuzzing Framework (BFF) on Ubuntu Desktop 12.04 LTS
HOWTO : Crunch on Ubuntu Desktop 12.04 LTS
HOWTO : Cryptohaze on Ubuntu Desktop 12.04 LTS
HOWTO : CUDA on Ubuntu Desktop 12.04 LTS
HOWTO : DirBuster on Ubuntu Desktop 12.04 LTS
HOWTO : edb-debugger on Ubuntu Desktop 12.04 LTS
HOWTO : Fierce on Ubuntu Desktop 12.04 LTS
HOWTO : Freemind on Ubuntu Desktop 12.04 LTS
HOWTO : Hashcat on Ubuntu Desktop 12.04 LTS
HOWTO : Hiawatha on Ubuntu Desktop 12.04 LTS
HOWTO : Hydra on Ubuntu Desktop 12.04 LTS
HOWTO : John the Ripper on Ubuntu Desktop 12.04 LTS
HOWTO : Joomscan on Ubuntu Desktop 12.04 LTS
HOWTO : Mac Changer on Ubuntu Desktop 12.04 LTS
HOWTO : Make-PDF tools on Ubuntu Desktop 12.04 LTS
HOWTO : Metagoofil on Ubuntu Desktop 12.04 LTS
HOWTO : Metasploit on Ubuntu Desktop 12.04 LTS
HOWTO : Nessus on Ubuntu Desktop 12.04 LTS
HOWTO : Netcat on Ubuntu Desktop 12.04 LTS
HOWTO : Nmap on Ubuntu Desktop 12.04 LTS
HOWTO : OpenVAS on Ubuntu Desktop 12.04 LTS
HOWTO : OWASP Zaproxy on Ubuntu Desktop 12.04 LTS
HOWTO : Reaver on Ubuntu Desktop 12.04 LTS
HOWTO : SET on Ubuntu Desktop 12.04 LTS
HOWTO : SlowHTTPTest on Ubuntu Desktop 12.04 LTS
HOWTO : Sqlmap on Ubuntu Desktop 12.04 LTS
HOWTO : T50 on Ubuntu Desktop 12.04 LTS
HOWTO : theharvester on Ubuntu Desktop 12.04 LTS
HOWTO : Tor and Proxychains on Ubuntu Desktop 12.04 LTS
HOWTO : W3af on Ubuntu Desktop 12.04 LTS
HOWTO : Weevely on Ubuntu Desktop 12.04 LTS
HOWTO : Wireshark on Ubuntu Desktop 12.04 LTS
HOWTO : WPScan on Ubuntu Desktop 12.04 LTS


Pentester' Blogs



ethicalhacker1337


Seattle VM Machine Exploitation


1 day ago






Blog of Osanda Malith | Security Researching and Informaton Security


IP Obfuscator


1 week ago






Samiux's Blog


[RESEARCH] Banks In Hong Kong Running With What Services


3 weeks ago






Vag Mour


[Facebook | Aol] Internal ip disclosure that really hurts.


4 weeks ago






Lab of a Penetration Tester


Getting Domain Admin with Kerberos Unconstrained Delegation


2 months ago






hacker for hire


Installing Metasploit Framework on OS X El Capitan


4 months ago






khax blog | Infosec, Ethical Hacking, Digital Forensics


Beginning Powershell Part 1


4 months ago






Ole Aass


Changing platforms


8 months ago






Ramblings


InfoSec Topics


1 year ago






g0tmi1k


[Review] Offensive Security Wireless Attacks (WiFu) & Offensive Security Wireless (OSWP)


2 years ago






From Dummy to Dummies


Copying SAM and SYSTEM hives (Or locked files) from a running system by directly dumping sectors.


2 years ago






this is dearmo.


On Hiatus


3 years ago







5x5 security
Absinthe SQLi Tool
Adobe SWF Investigator
Advanced Linux Programming
AnonEmail
Anonymously using The Onion Router
Anti-Forensics
Arachni - Web Application Security Scanner Framework
Audi-1's SQLi Tutorials
BBQ SQL
Base64 Decoder
Bernardo Damele A. G.
Binary to Decimal Conversion
Binary to Text (ASCII) Conversion
Blocking scanners to website
C Programming Tutorials
CodeAcademy
Computer Security Student
Convert Shellcode to EXE
Default Password Database
Didier Stevens Labs
Exploit writing tutorials
File Signature Table
Free Proxy List Online
GBD Tutorials
Gentoo Wiki Archives
Google Code University
Government Security - Wordlists
HTML URL Encoding Reference
HTML Upload tutorial
Hackvertor
Highest Secured Hiawatha Web Server
IP Address Converter
IT Sec Catalog
Intel® 64 and IA-32 Architectures Software Developer Manuals
JSP Tutorials
JavaScript Upload tutorial
Javascript Tutorials
Kaotic Creations
MEGA
Metasploit Framework WiKi
Monasploit
MySQL Tutorials
OWASP Bricks
Official SQLMap Video Series
Open Security Training
Open Security Training Info - CISSP
OverTheWire - Wargames
PHP Charset Encoder / String Encrypter
PHP Tutorials
PHP Uplad tutorial
Pentest Bookmarks
Pentester Lab
Python InlineEgg
Python Tutorials
Security Engineering (2nd Edition)
Security is just an illusion
Shells
Smash The Stack Wargaming Network
Storytelling | Xtranormal
TRANSLATOR, BINARY
The Beginners Guide to Codecaves
The Grey Corner
The METASM assembly manipulation suite
The Open Web Application Security Project
Tuts 4 You
UDF Repository for MySQL Explain
UDF Repository for MySQL Site
UDF Repository for MySQL Source
Undetectable backdoor
Using Metasm To Avoid Antivirus Detection
Web Application Attack
Web2PDF Convert
Win32 Exploitation with mona.py
WordPress CSRF Vulnerability Exploit Tool
Xenotix - XSS Exploit Framework
YEHG Security Lab! - Web Security Division
ceriksen.com
exploit exercises
g0tmi1k's Video Series
mattandreko.com
mimikatz blog
pentestmonkey
wpbf - WordPress Brute Force (Explain)
wpbf - WordPress Brute Force (Source Code)