Results 1 to 9 of 9

Thread: Thread to share Pentest related links in.

  1. #1
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default Thread to share Pentest related links in.

    Ok we had one of these before, and there have been a few various posts here and there with a few links in them. This one will be stickied here in the experts section.
    We can all add and refer to it.



    I will add more links into this section in the future. For the time being feel free to start adding your own.

    I will try to gather some of the various and sundry posts from the forums and put them here.


    Please note that any links that do not fit within the standards of the rules will probably get your account banned. This means warez, and links that have nothing to do with penetration testing.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  2. #2
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default Re: Thread to share Pentest related links in.

    Thorin's Suggested Links for Reading, Research, and Newbies

    Some blogs worth checking (IMHO):
    Jeremiah Grossman
    The Spanner - A tool for designers dealing with programmers dealing with designers…
    ThreatExpert Blog
    BT Blog
    Metasploit

    Papers or document collections worth checking:
    NIST.gov - Computer Security Division - Computer Security Resource Center
    Analyzing 20,000 MySpace Passwords - CyberKnowledge Blog
    (The following are Canadian, I'm sure there are equivalent docs for the US and other countries that are available)
    CSEC: Government of Canada Publications
    RCMP - Technical Security Branch - Publications

    Other Info Sites/Resources:
    Irongeek.com
    VulnerabilityAssessment.co.uk
    Anti-Cross Site Scripting
    .:[ packet storm ]:. - http://packetstormsecurity.org/
    Internet Storm Center Diary
    The Ethical Hacker Network - Anti-Hacker Tool Kit: Reverse Engineering Binaries
    ha.ckers.org web application security lab
    Upside-Down-Ternet
    Google code search info

    I-Hacked.com Taking Advantage Of Technology - Cracking Wifi with Back|Track
    TAZ Security Forum: Pen Testing, Tutorials, Videos, Backtrack, Aircrack, Intrusion, Detection, Rainbow Tables, Wireless, TAZCast Sessions, and more...
    Wireless Security 802.11 Security Wirelessdefence.org Index
    PerryGeo » Wardriving with Ubuntu Linux and Google Earth

    Packetlife Cheat Sheets

    Books:
    Amazon.com: Silence on the Wire: A Field Guide to Passive Reconnaissance and Indirect Attacks (0689145704617): Michal Zalewski: Books
    Security Engineering - A Guide to Building Dependable Distributed Systems (Online Book)
    Open Source Security Testing Methodology Manual (OSSTMM)

    Online Tools/Lookups:
    Hash Generator
    XSSed - XSS (cross-site scripting) information and vulnerable websites archive
    Manufacturer to Network Card Cross-Reference
    http://www.iana.org/assignments/port-numbers
    List of TCP and UDP port numbers - Wikipedia, the free encyclopedia
    URLVoid (Check Websites for Malware)
    Website Security Check - Unmask Parasites
    Is my site safe? Check your SSL certificate!
    DNSsy - DNS Test and Check - Free DNS Tools and Report
    Down for everyone or just me
    Check Username Availability at Multiple Social Networking Sites
    Microsoft Security Bulletin Search

    Law:
    State Hacking Laws (US)
    10 ways you might be breaking the law with your computer: UPDATED (US)
    C-46, Section 326 (Canada/Federal)
    C-46, Section 430 (Canada/Federal)

    Testing Environments & Apps:
    Hacking Without All the Jailtime
    Damn Vulnerable Linux
    WebGoat
    Metasploitable
    Deliberately Insecure Web Applications For Learning Web App Security
    Web Security Dojo & Web Security Dojo v1.0 Announcement
    MOTH (Collection of vulnerable web apps)
    De-ICE
    OWASP Broken Web Apps Project
    Google-Gruyere

    Groups you may want to attend meetings with or consider membership in:
    OWASP
    ISSA
    ISACA
    HTCIA
    ISECOM

    Misc:
    How to Break Into Security, Schneier Edition
    Last edited by thorin; 07-03-2012 at 01:44 PM.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  3. #3
    Junior Member tek911's Avatar
    Join Date
    Jan 2010
    Posts
    59

    Default Re: Thread to share Pentest related links in.

    My blogs which i have rss feeds from:
    /dev/random blog - /dev/random
    Carnal0wnage (chris gates and crew) - carnal0wnage.attackresearch.com
    Command Line Kun Fu (Ed Skoudis, Hal Pommeranz and crew) - Command Line Kung Fu
    Contagio (good 0day and exploit info) - contagio
    Exotic Liability (Got to love Security Podcasts that aren't paul asadorian [no offense to that guy]) - Exotic Liability
    Exploit-db (follow this rss feed if you're in any role where new exploits matter. not an option) - Exploits Database by Offensive Security
    Skull Security - SkullSecurity
    Google Online Security Blog (mainstream yes, but still surprisingly not followed as much as one would think) - Google Online Security Blog
    ha.ckers.org (got to love rsnake's web app posting, sadly this blog is close to ending) - ha.ckers.org web application security lab
    holisticinfosec (they have a good monthly toolsmith write up where they showcase new security tools) - HolisticInfoSec.org
    infoseccynic - J4vv4D | Mild-mannered Security Consultant & Cynical Superhero
    jeremiah grossman's blog (already posted up by you so i wont link but awesome none the still)
    krebs on security (go to for new mainstream threats, mass exploits, government cyberwar, fraud, etc) - Krebs on Security
    mubix blog (rob fuller == Awesome) - Room362.com - Mubix Links
    Practical Exploitation (mubix related, but not the mubix blog) - Practical Exploitation:
    pseudo-flaw (greg fleischer awesome web app stuff, he got busy but still some good content up there) pseudo-flaw.net - ~= Gregory Fleischer =~
    rational survivability blog - Rational Survivability - THE Cloud & Virtualization Security Blog
    security musings - Security Musings
    Tao Security (Richard Bejtlich, heavy on the government cyberwar but awesome) - TaoSecurity
    not so secure blog - www.notsosecure.com


    I'll save the rehashing of linking to metasploit blog, dark reading, full disclosure, securityfocus, etc. If its main stream i'm assuming you already have it.

    Carnal0wnage is my favorite. Some blogs when a new post is up, it immediately turns you into a kid at chrismas. Everything on carnal 0wnage has been good stuff. cg keep it up man, find some time when you're not busy and throw some more up!


    I've got to run but when i get a free moment ill put up some links. That being said, if you're into web app assessment scope this out (nothing earth shattering but comes in handy):
    https://www.squarefree.com/bookmarklets/

  4. #4
    Very good friend of the forum hhmatt's Avatar
    Join Date
    Jan 2010
    Posts
    660

    Default Re: Thread to share Pentest related links in.

    Adding a few useful links here off the top of my head. (In no particular order)

    Blogs:
    Archangel-Amael's blog http://archangelamael.blogspot.com/ has a good coverage of BT tools and some nice detailed nmap tutorials
    Lupin's blog http://grey-corner.blogspot.com/ - Home of ssltest and some very good exploit tutorials and extras.
    Purehate's blog http://pur3h4t3.blogspot.com/ - See the cool WPA cracking machine and other tutorials.
    Question Defense blog http://www.question-defense.com/ - Purehate also posts here from time to time but it has a lot of good information all IT related. (not all Infosec related)
    Streakers blog http://members.netjunkies.net/streaker/blog/ - Home of the amish network admin.
    h-online http://www.h-online.com/ - Has a security section you will see it on the right hand side about halfway down. Not updated often but the content is usually good.
    Bruce Schneier blog - http://www.schneier.com/ - Wrote most of the current encryption schemes we use today. He also wrote a few books on encryption I suggest checking them out. Applied Cryptography is one of my Schneier favorites http://www.schneier.com/book-applied.html


    Misc:
    Fleeman anderson & bird - http://www.fab-corp.com/ - Good prices and great quality for all kinds of wifi components. I've purchased a few antennas from them before and I was very pleased. They also have a Cantenna kit that you may want to check out.
    Security Focus - http://www.securityfocus.com/ - Lots of current vulnerability information.
    Security tube - http://securitytube.net/ - If you like video's this site has some good one's to learn from.
    Secunia - http://secunia.com/ - Great site to get Infosec news and vulnerability information.
    Church of wifi - http://www.churchofwifi.org/default....lay.asp?PID=90 - Wireless rainbow tables and almost everything wifi.
    archive.org http://www.archive.org/ Web archive that has almost everything!
    Hackaday http://hackaday.com/ This site is really fun if you like DIY or just tearing things apart. Not all of it is hacker related but it does contain some security tools.
    Hak5 - http://www.hak5.org/ - Trust your technolust!
    Hacker Quarterly - http://www.2600.com/
    Phrack - http://www.phrack.org/

    Books: (All are amazon links, if you don't like them use something else this is just easier for me. Also I don't personally own each and every book listed and this is not an exhaustive list. But I do own and have read quite a few of the ones listed.)
    http://www.amazon.com/Gray-Hat-Hacki.../dp/0072257091
    http://www.amazon.com/Hacking-Art-Ex...4884070&sr=1-1 (Version 1 too I'm just being lazy.)
    http://www.amazon.com/Professional-P...4884177&sr=1-8
    http://www.amazon.com/Social-Enginee...884177&sr=1-13
    http://www.amazon.com/Google-Hacking...884274&sr=1-23
    http://www.amazon.com/Nmap-Network-S...884509&sr=1-76
    http://www.amazon.com/Penetration-Te...884571&sr=1-91
    http://www.amazon.com/Art-Intrusion-...884571&sr=1-98 (I believe this is more of a novel)
    http://www.amazon.com/Fuzzing-Brute-...4884786&sr=1-1
    http://www.amazon.com/WarDriving-Det...4884888&sr=1-1 (Our very own Thorn and Mother co-authored this one)
    http://www.amazon.com/WarDriving-Wir...4884995&sr=1-9

    Don't forget to pickup some of the many great books on programming. You will want to know one or more languages.

    I apologize in advance if I've added duplicates. I made an attempt to filter out the sites I regularly go to that were already posted.

    Edit:
    Forgot to thank Thorin and Tek911 for all the great links already posted. Many thanks!
    Last edited by hhmatt; 01-29-2011 at 05:25 AM. Reason: added phrack

  5. #5
    Member
    Join Date
    Feb 2009
    Location
    0,0
    Posts
    90

    Default Re: Thread to share Pentest related links in.

    Last edited by cseven; 02-26-2011 at 02:16 PM.
    don't worry about me I am msfconsole retarded

  6. #6
    Just burned his ISO
    Join Date
    May 2011
    Posts
    5

    Default Re: Thread to share Pentest related links in.

    One that I am interested in is http://pentest-standard.org

    A lot of the guys that we all know from the great podcasts and well known security companies(think EL, Eurotrash, spiderlabs, social-engineer.org, rapid7 etc etc) are working on this and it sounds like something that will benefit the industry immensely.

  7. #7
    Junior Member
    Join Date
    Oct 2010
    Posts
    45

    Default Re: Thread to share Pentest related links in.

    hmm... pauldotcom.com, tenable.com, www.offensive-security.com/resources/, hak5.org, sans.org and http://www2.opensourceforensics.org/tools to name a few.

  8. #8
    Just burned his ISO
    Join Date
    Aug 2010
    Posts
    15

    Default Re: Thread to share Pentest related links in.

    Ed Skoudis' Counter Hack Reloaded (http://www.amazon.com/Counter-Hack-R.../dp/0131481045)
    Shon Harris' CISSP All In One http://www.amazon.com/CISSP-All-One-.../dp/0072193530
    The Best Damn Cybercrime and Digital Forensics Book Period(Cyberlaw fundamentals section is a must read)http://www.amazon.com/Best-Cybercrim.../dp/1597492280
    The Art Of Human Hackinghttp://www.amazon.com/Social-Enginee.../dp/0470639539
    R3l1k's Metasploit:The Penetration Testers's Guidehttp://www.amazon.com/Metasploit-Pen...dp/159327288X/
    SANS InfoSec reading room has some great whitepapers.
    Fyodor's http://insecure.org

  9. #9
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default Re: Thread to share Pentest related links in.

    Any chance this thread could be copied/migrated to the new Kali site?
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

Similar Threads

  1. Several Backtrack Related Queries
    By hitmen in forum Beginners Forum
    Replies: 0
    Last Post: 08-02-2010, 01:17 AM
  2. -=Xploitz=- Thread To Share Wordlist
    By -=Xploitz=- in forum OLD Pentesting
    Replies: 116
    Last Post: 04-04-2010, 07:08 AM
  3. Is Encrpytion Hardware Related?
    By radioraiders in forum OLD Wireless
    Replies: 6
    Last Post: 06-29-2008, 03:06 PM
  4. is this a security related bug?
    By imported_aliosity in forum OLD BackTrack v2.0 Final
    Replies: 0
    Last Post: 03-16-2007, 05:20 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •