Collect shellcoding topics.

This commit is contained in:
fabacab 2020-07-07 22:08:34 -04:00
parent 384290ae8a
commit 52a8310da9
No known key found for this signature in database
GPG Key ID: B0303BF6BA36A560

View File

@ -77,6 +77,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea
* [Reverse Engineering Books](#reverse-engineering-books)
* [Reverse Engineering Tools](#reverse-engineering-tools)
* [Security Education Courses](#security-education-courses)
* [Shellcoding Guides and Tutorials](#exploit-development-online-resources)
* [Side-channel Tools](#side-channel-tools)
* [Social Engineering](#social-engineering)
* [Social Engineering Books](#social-engineering-books)
@ -139,7 +140,6 @@ See also [DEF CON Suggested Reading](https://www.defcon.org/html/links/book-list
* [The Database Hacker's Handbook, David Litchfield et al., 2005](http://www.wiley.com/WileyCDA/WileyTitle/productCd-0764578014.html)
* [The Mac Hacker's Handbook by Charlie Miller & Dino Dai Zovi, 2009](http://www.wiley.com/WileyCDA/WileyTitle/productCd-0470395362.html)
* [The Mobile Application Hacker's Handbook by Dominic Chell et al., 2015](http://www.wiley.com/WileyCDA/WileyTitle/productCd-1118958500.html)
* [The Shellcoder's Handbook by Chris Anley et al., 2007](http://www.wiley.com/WileyCDA/WileyTitle/productCd-047008023X.html)
* [iOS Hacker's Handbook by Charlie Miller et al., 2012](http://www.wiley.com/WileyCDA/WileyTitle/productCd-1118204123.html)
### Malware Analysis Books
@ -263,6 +263,7 @@ See also [DEF CON Suggested Reading](https://www.defcon.org/html/links/book-list
See also *[Reverse Engineering Tools](#reverse-engineering-tools)*.
* [Magic Unicorn](https://github.com/trustedsec/unicorn) - Shellcode generator for numerous attack vectors, including Microsoft Office macros, PowerShell, HTML applications (HTA), or `certutil` (using fake certificates).
* [Pwntools](https://github.com/Gallopsled/pwntools) - Rapid exploit development framework built for use in CTFs.
* [peda](https://github.com/longld/peda) - Python Exploit Development Assistance for GDB.
* [Wordpress Exploit Framework](https://github.com/rastating/wordpress-exploit-framework) - Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems.
@ -495,16 +496,6 @@ See also [awesome-pcaptools](https://github.com/caesar0301/awesome-pcaptools).
## Online Resources
### Online Code Samples and Examples
* [goHackTools](https://github.com/dreddsa5dies/goHackTools) - Hacker tools on Go (Golang).
### Online Exploit Development Resources
* [Exploit Writing Tutorials](https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/) - Tutorials on how to develop exploits.
* [Shellcode Examples](http://shell-storm.org/shellcode/) - Shellcodes database.
* [Shellcode Tutorial](http://www.vividmachines.com/shellcode/shellcode.html) - Tutorial on how to write shellcode.
### Online Operating Systems Resources
* [DistroWatch.com's Security Category](https://distrowatch.com/search.php?category=Security) - Website dedicated to talking about, reviewing, and keeping up to date with open source operating systems.
@ -718,6 +709,13 @@ See also [awesome-reversing](https://github.com/tylerha97/awesome-reversing), [*
* [Open Security Training](http://opensecuritytraining.info/) - Training material for computer security classes.
* [SANS Security Training](http://www.sans.org/) - Computer Security Training & Certification.
## Shellcoding Guides and Tutorials
* [Exploit Writing Tutorials](https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/) - Tutorials on how to develop exploits.
* [Shellcode Examples](http://shell-storm.org/shellcode/) - Shellcodes database.
* [Shellcode Tutorial](http://www.vividmachines.com/shellcode/shellcode.html) - Tutorial on how to write shellcode.
* [The Shellcoder's Handbook by Chris Anley et al., 2007](http://www.wiley.com/WileyCDA/WileyTitle/productCd-047008023X.html)
## Side-channel Tools
* [ChipWhisperer](http://chipwhisperer.com) - Complete open-source toolchain for side-channel power analysis and glitching attacks.
@ -848,7 +846,6 @@ See also [awesome-social-engineering](https://github.com/v2-dev/awesome-social-e
* [Fibratus](https://github.com/rabbitstack/fibratus) - Tool for exploration and tracing of the Windows kernel.
* [Inveigh](https://github.com/Kevin-Robertson/Inveigh) - Windows PowerShell ADIDNS/LLMNR/mDNS/NBNS spoofer/machine-in-the-middle tool.
* [LaZagne](https://github.com/AlessandroZ/LaZagne) - Credentials recovery project.
* [Magic Unicorn](https://github.com/trustedsec/unicorn) - Shellcode generator for numerous attack vectors, including Microsoft Office macros, PowerShell, HTML applications (HTA), or `certutil` (using fake certificates).
* [MailSniper](https://github.com/dafthack/MailSniper) - Modular tool for searching through email in a Microsoft Exchange environment, gathering the Global Address List from Outlook Web Access (OWA) and Exchange Web Services (EWS), and more.
* [PowerSploit](https://github.com/PowerShellMafia/PowerSploit) - PowerShell Post-Exploitation Framework.
* [RID_ENUM](https://github.com/trustedsec/ridenum) - Python script that can enumerate all users from a Windows Domain Controller and crack those user's passwords using brute-force.