diff --git a/README.md b/README.md index 3e9254f..50bb086 100644 --- a/README.md +++ b/README.md @@ -77,6 +77,7 @@ Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Plea * [Reverse Engineering Books](#reverse-engineering-books) * [Reverse Engineering Tools](#reverse-engineering-tools) * [Security Education Courses](#security-education-courses) +* [Shellcoding Guides and Tutorials](#exploit-development-online-resources) * [Side-channel Tools](#side-channel-tools) * [Social Engineering](#social-engineering) * [Social Engineering Books](#social-engineering-books) @@ -139,7 +140,6 @@ See also [DEF CON Suggested Reading](https://www.defcon.org/html/links/book-list * [The Database Hacker's Handbook, David Litchfield et al., 2005](http://www.wiley.com/WileyCDA/WileyTitle/productCd-0764578014.html) * [The Mac Hacker's Handbook by Charlie Miller & Dino Dai Zovi, 2009](http://www.wiley.com/WileyCDA/WileyTitle/productCd-0470395362.html) * [The Mobile Application Hacker's Handbook by Dominic Chell et al., 2015](http://www.wiley.com/WileyCDA/WileyTitle/productCd-1118958500.html) -* [The Shellcoder's Handbook by Chris Anley et al., 2007](http://www.wiley.com/WileyCDA/WileyTitle/productCd-047008023X.html) * [iOS Hacker's Handbook by Charlie Miller et al., 2012](http://www.wiley.com/WileyCDA/WileyTitle/productCd-1118204123.html) ### Malware Analysis Books @@ -263,6 +263,7 @@ See also [DEF CON Suggested Reading](https://www.defcon.org/html/links/book-list See also *[Reverse Engineering Tools](#reverse-engineering-tools)*. +* [Magic Unicorn](https://github.com/trustedsec/unicorn) - Shellcode generator for numerous attack vectors, including Microsoft Office macros, PowerShell, HTML applications (HTA), or `certutil` (using fake certificates). * [Pwntools](https://github.com/Gallopsled/pwntools) - Rapid exploit development framework built for use in CTFs. * [peda](https://github.com/longld/peda) - Python Exploit Development Assistance for GDB. * [Wordpress Exploit Framework](https://github.com/rastating/wordpress-exploit-framework) - Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems. @@ -495,16 +496,6 @@ See also [awesome-pcaptools](https://github.com/caesar0301/awesome-pcaptools). ## Online Resources -### Online Code Samples and Examples - -* [goHackTools](https://github.com/dreddsa5dies/goHackTools) - Hacker tools on Go (Golang). - -### Online Exploit Development Resources - -* [Exploit Writing Tutorials](https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/) - Tutorials on how to develop exploits. -* [Shellcode Examples](http://shell-storm.org/shellcode/) - Shellcodes database. -* [Shellcode Tutorial](http://www.vividmachines.com/shellcode/shellcode.html) - Tutorial on how to write shellcode. - ### Online Operating Systems Resources * [DistroWatch.com's Security Category](https://distrowatch.com/search.php?category=Security) - Website dedicated to talking about, reviewing, and keeping up to date with open source operating systems. @@ -718,6 +709,13 @@ See also [awesome-reversing](https://github.com/tylerha97/awesome-reversing), [* * [Open Security Training](http://opensecuritytraining.info/) - Training material for computer security classes. * [SANS Security Training](http://www.sans.org/) - Computer Security Training & Certification. +## Shellcoding Guides and Tutorials + +* [Exploit Writing Tutorials](https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/) - Tutorials on how to develop exploits. +* [Shellcode Examples](http://shell-storm.org/shellcode/) - Shellcodes database. +* [Shellcode Tutorial](http://www.vividmachines.com/shellcode/shellcode.html) - Tutorial on how to write shellcode. +* [The Shellcoder's Handbook by Chris Anley et al., 2007](http://www.wiley.com/WileyCDA/WileyTitle/productCd-047008023X.html) + ## Side-channel Tools * [ChipWhisperer](http://chipwhisperer.com) - Complete open-source toolchain for side-channel power analysis and glitching attacks. @@ -848,7 +846,6 @@ See also [awesome-social-engineering](https://github.com/v2-dev/awesome-social-e * [Fibratus](https://github.com/rabbitstack/fibratus) - Tool for exploration and tracing of the Windows kernel. * [Inveigh](https://github.com/Kevin-Robertson/Inveigh) - Windows PowerShell ADIDNS/LLMNR/mDNS/NBNS spoofer/machine-in-the-middle tool. * [LaZagne](https://github.com/AlessandroZ/LaZagne) - Credentials recovery project. -* [Magic Unicorn](https://github.com/trustedsec/unicorn) - Shellcode generator for numerous attack vectors, including Microsoft Office macros, PowerShell, HTML applications (HTA), or `certutil` (using fake certificates). * [MailSniper](https://github.com/dafthack/MailSniper) - Modular tool for searching through email in a Microsoft Exchange environment, gathering the Global Address List from Outlook Web Access (OWA) and Exchange Web Services (EWS), and more. * [PowerSploit](https://github.com/PowerShellMafia/PowerSploit) - PowerShell Post-Exploitation Framework. * [RID_ENUM](https://github.com/trustedsec/ridenum) - Python script that can enumerate all users from a Windows Domain Controller and crack those user's passwords using brute-force.