## sec-pentesting toolkit 

<br>

### some of bt3gl's work from the last decade+

<br>

- **⬛️ her two teams in ctf times: [snatch the root](https://ctftime.org/team/7016) and [hacking for soju](https://ctftime.org/team/3208)**
- **⬛️ [former blog, "chmod a+x singularity.sh", with ctf writeups](https://singularity-sh.vercel.app/)**
- **⬛️ [2014's coderwall page with several writeups on linux, security, python](https://coderwall.com/bt3gl)**
- **⬛️ [def con 23 talk on hacking quantum computing](https://www.youtube.com/watch?v=1Fp6ibfOQ4Y)**
- **⬛️ [threat-intel, project she led while at the security team at yelp](https://github.com/Yelp/threat_intel)**

<br>

-------

### chapters

<br>

* **[ctfs and wargames](CTFs_and_WarGames)**
* **[cloud and k8s hacking](Cloud_and_K8s_Hacking)**
* **[cryptography](Cryptography)**
* **[forensics](Forensics)**
* **[linux hacking](Linux_Hacking)**
* **[mobile hacking](Mobile_Hacking)**
* **[network and 802.11](Network_and_802.11)**
* **[other hackings](Other_Hackings)**
* **[pentesting scripts](Pentesting_Scripts)**
* **[reverse engineering](Reverse_Engineering)**
* **[steganography](Steganography)**
* **[vulnerabilities and exploits](Vulnerabilities_and_Exploits)**
* **[web hacking](Web_Hacking)**


<br>

------

### cool resources

<br>

##### general hacking

* **[the art of intrusion](http://www.amazon.com/The-Art-Intrusion-Intruders-Deceivers/dp/0471782661http://www.amazon.com/The-Art-Intrusion-Intruders-Deceivers/dp/0471782661)**
* **krebs series on how to be in infosec: [t. ptacek](http://krebsonsecurity.com/2012/06/how-to-break-into-security-ptacek-edition/#more-15594), [b. schneier](http://krebsonsecurity.com/2012/07/how-to-break-into-security-schneier-edition/#more-15592), [c. ,iller](http://krebsonsecurity.com/category/how-to-break-into-security/)**
* **[how to be a infosec geek](http://www.primalsecurity.net/how-to-be-an-infosec-geek/)**
* **[continuous security](https://www.infoq.com/news/2019/08/continuous-security/)**
* **[how to not get hacked](https://kubernetes.io/blog/2018/07/18/11-ways-not-to-get-hacked/)**
* **[awesome privilege escalation](https://github.com/m0nad/awesome-privilege-escalation)**

<br>

##### hardening

* **[awesome security hardening](https://github.com/decalage2/awesome-security-hardening)**
* **[mac-monitor](https://github.com/redcanaryco/mac-monitor)** (and **[objective-see's tools](https://objective-see.org/tools.html)**)

<br>

##### post-exploitation

* **[metasploit command List](https://docs.google.com/document/d/1ZrDJMQkrp_YbU_9Ni9wMNF2m3nIPEA_kekqqqA2Ywto/edit)**
* **[obscure systems post-exploit command list](https://docs.google.com/document/d/1CIs6O1kMR-bXAT80U6Jficsqm0yR5dKUfUQgwiIKzgc/edit)**
* **[osx post-exploitation](https://docs.google.com/document/d/10AUm_zUdAQGgoHNo_eS0SO1K-24VVYnulUD2x3rJD3k/edit?hl=en_US)**
* **[windows post-exploitation command list](https://docs.google.com/document/d/1U10isynOpQtrIK6ChuReu-K1WHTJm4fgG3joiuz43rw/edit?hl=en_US)**
* **[linux/unix/bsd post-exploitation command List](https://docs.google.com/document/d/1ObQB6hmVvRPCgPTRZM5NMH034VDM-1N-EWPRz2770K4/edit?hl=en_US)**

<br>

##### books

* **[bulletproof SSL and TLS](http://www.amazon.com/gp/product/1907117040?psc=1&redirect=true&ref_=oh_aui_detailpage_o06_s00)**
* **[reversing: secrets of reverse engineering](http://www.amazon.com/Reversing-Secrets-Engineering-Eldad-Eilam/dp/0764574817)**
* **[the art of memory forensics](http://www.amazon.com/gp/product/1118825098?psc=1&redirect=true&ref_=oh_aui_search_detailpage)**
* **[the C programming language](http://www.amazon.com/gp/product/0131103628?psc=1&redirect=true&ref_=oh_aui_search_detailpage)**
* **[the unix programming environment](http://www.amazon.com/gp/product/013937681X?psc=1&redirect=true&ref_=oh_aui_search_detailpage)**
* **[unix network programming](http://www.amazon.com/gp/product/0139498761?psc=1&redirect=true&ref_=oh_aui_search_detailpage)**
* **[threat modeling: designing for security](http://www.amazon.com/Threat-Modeling-Designing-Adam-Shostack/dp/1118809998)**
* **[the tangled web](http://www.amazon.com/The-Tangled-Web-Securing-Applications/dp/1593273886)**
* **[the art of exploitation](http://www.amazon.com/Hacking-The-Art-Exploitation-Edition/dp/1593271441)**
* **[the art of software security assessment](http://www.amazon.com/The-Software-Security-Assessment-Vulnerabilities/dp/0321444426)**
* **[practical packet analysis](http://www.nostarch.com/packet2.htm)**
* **[gray hat python](http://www.amazon.com/Gray-Hat-Python-Programming-Engineers/dp/1593271921)**
* **[black hat python](http://www.nostarch.com/blackhatpython)**
* **[violent python](http://www.amazon.com/Violent-Python-Cookbook-Penetration-Engineers/dp/1597499579)**
* **[shellcoders handbook](http://www.amazon.com/The-Shellcoders-Handbook-Discovering-Exploiting/dp/047008023X)**
* **[practice malware analysis](https://www.nostarch.com/malware)**
* **[this machine kills secrets](http://www.amazon.com/This-Machine-Kills-Secrets-Whistleblowers/dp/0142180491/ref=sr_1_1?s=books&ie=UTF8&qid=1436039456&sr=1-1&keywords=this+Machine+Kills+Secrets)**