Penetration testing Process, Methods and Real world Attacks Collections
- OWASP - Open Web Applicaiton Security Project
- PTES- Penetration Testing Execution Standard
- PCI DSS PCI Penetration Testing Guide
- PTF - Penetration Testing Framework
- OSSTMM - Open Source Security Testing Methodology Manual
- vmplayer
- vmware workstation
- vmware esxi
- windows 7/8/10
- kali
- Debian
- ubuntu
- Arch
- Gentoo
- Maltego - Maltego is an interactive data mining tool that renders directed graphs for link analysis.
- Metasploit Framework - collection of remote exploits and post exploitation tools for all platforms
- SET toolkit - designed to perform advanced attacks against the human element.
- theHarvester - gathering e-mail accounts, user names and hostnames/subdomains from different public sources
- mimikat - extract plain or hash of password.
- dig - bind-utils
- THC Hydra - for brute force
- Powersploit - a collection of Microsoft PowerShell modules
- CrackmapExec - post exploitation tools for Active Directory.
- Burpsuite - can use as proxy as well as active scanner
- Empire - powershell framework for remote and post exploitation.
- Nmap - port scanner
- knockpy - subdomain scanner
- netcat - network utility
- nishang - post exploitation powershell Framework
- Determination of the type of pentest (Blackbox, Whitebox)
- Key objectives behind this penetration test
- Location address and contact (if it is an onsite job)
- Validation that the Authorization Letter has been signed
- URL of the web application that is in scope and validation that isaccessible
- 2 sets of credentials (normal and admin or a privilege user) and validation that are working
- Determination of the environment (Production or UAT)
- Number of static and dynamic pages
- Testing Boundaries (DoS, Brute force attacks etc.)
- Technologies (PHP, ASP, .NET, IIS, Apache, Operating system etc.)
- Any VPN or port numbers are needed and verify those ahead of time
- Any web services that the site may use.
- Any pages that the client does not want to be tested.
- Any pages that submit emails
- IP address of the tester
- Escalation contact
- 3rd parties that needs to be contacted in advance of the pentest
- Web application firewalls and other IDS in place
- Timeframe of the assessment (dates and hours)
- Diagrams and any kind of documentation
- Validation that a backup has been performed recently on theapplication
- Other client requirements
- OSINT Primer 1
- https://github.com/rmusser01/Infosec_Reference/blob/master/Draft/Open%20Source%20Intelligence.md
- https://sites.google.com/site/greynetwork2/home/osint-resources
- http://archive.is/sYzcP#selection-62.0-62.1
- https://blog.rapid7.com/2015/02/23/osint-through-sender-policy-framework-spf-records/
- https://www.i-intelligence.eu/open-source-intelligence-tools-and-resources-handbook/
- https://krypt3ia.wordpress.com/2012/01/11/the-subtle-art-of-osint/
- https://www.slideshare.net/SudhanshuChauhan/tools-for-open-source-intelligence-osint-61284325
- Dnsrecon
- Recon-ng
- Shodan
- theHarvester
- maltego
- google dork
- http://osint.link/
- http://osintframework.com/
- https://www.owasp.org/index.php/Application_Threat_Modeling
- https://resources.infosecinstitute.com/category/certifications-training/cissp/domains/security-and-risk-management/threat-modeling/#gref
- Accunetix
- OpenVas
- Vega
- Nikto
- Wikto
- w3af
- Xenotix XSS Framework
- Wapiti
- nmap
- Metaploit Framework
- nmap scanning
- Nmap Network Scanning The Official Nmap Project Guide to Network Discovery and Security Scanning
- NSE
- nmap cheat sheet
- Metaploit vulnerable scanning
- hack metasploitable 2
- PowerShell DNS Delivery
- SharpShooter Payload Generation Framework
- Pwning with Responder
- Low Privilege Active Directory Enumeration
- Setting Content MS
- HTA payload encryptor
- Microsoft office Payload in Document Properties
- DDE Payload
- Phishing with GoPhish
- Spear Phishing with SET toolkit
- ms017-010
- CVE-2017-5638
- CVE-2016-6662
- Exploit Database
- Exploit Database
- PhpMyAdmin LFI
- LIF to RCE
- Java Deserailization Exploit
- Brute forcing JSON Web token
- Exploitation CORS
- TBAL DPAIP Backdoor for local user
- Dumping Domain Password
- Dumping ClearText Creds
- Empire Tips and Trick
- Extract Remote Hash
- Capturing NetNTML
- The worst of both worlds
- pass-the-hash-is-dead-long-live-localaccounttokenfilterpolicy
- Beyond LLMNR/NBNS Spoofing
- Gathering AD Data with Powershell
- kerberosting without mimikatz
- Kerberost
- Golden Ticket
- pass-the-ticket
- Gaining Domain Admin Rights
- Attacking Kerberos : kicking the guard dog of hades
- Token Impersonation
- Windows Privilege Escalation Fundamentals by FuzzySecurity
- DLL Hijacking
- Potato
- RottenPotatoNG
- Privilege Escalation Guide
- RDP tunneling
- SQL Server Link Crawling
- Lateral Movement WinRM
- CrackeMapExec
- RDP Inception
- RDP Lateral Movement
- Powerview and crackmapExec
- Persistent payload
- port forwarding with netsh
- The Trustpocalypse
- DcShadow Explained
- Domain Trust: Why You Should Care
- A Guide to Attacking Domain Trusts
- Javascript C2
- evading autorun
- mimikatz obfuscation
- Putting data in Alternate data streams and how to execute it
- Putting data in Alternate data streams and how to execute it 2
- Leveraging INF-SCT Fetch
- Empire without powershell
- Powershell without powershell
- Exploitation Code Injection Powershell to bypass Constraint mode
- Bypass Constraint Mode with runscripthelper
- InternetExplorer.Application for C2
- We Don't Need Powershell.exe Part 2
- WSH Injection
- Basic Linux Privilge escalation by g0tmi1k
- Exploit Database
- Attack and Defend : Linux Privilege Escalation
- SUID executable
- Guide to Linux Privilege Escaltion
- Labs write up
All the Tools mentioned here are Open Source or free.
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent