# 🏴‍☠️🛠 pentesting toolkit 

<br>

#### 👋🏻 hi, anon. i am bt3gl, and this repository contains resouces I used when I was a ctf player in 2014-2015.

#### 🌚 some context of those *good old days*:
  - **👾 my two teams in ctf times: [snatch the root](https://ctftime.org/team/7016) and [hacking for soju](https://ctftime.org/team/3208).**
  - **[👾 my former blog, "chmod a+x singularity.sh", with several ctf writeups](https://singularity-sh.vercel.app/).**
  - **[👾 my coderwall page with several writeups on linux, security, python](https://coderwall.com/bt3gl)
  - **[👾 some entertaining: my DEF CON 23 talk on hacking quantum computing](https://www.youtube.com/watch?v=1Fp6ibfOQ4Y).**
  - **[👾 a proof that this repo used to have 1.2k stars and 500 forks before 💩 happened](FML.png).**
  - **[👾 threat-intel, i project i led while working at the security team at yelp](https://github.com/Yelp/threat_intel)**

<br>


-------

## directories

<br>

* [CTFs and Wargames](https://github.com/bt3gl/Pentesting-Toolkit/tree/master/CTFs_and_WarGames)
* [Cloud and K8s Hacking](https://github.com/bt3gl/Pentesting-Toolkit/tree/master/Cloud_and_K8s_Hacking)
* [Cryptography](https://github.com/bt3gl/Gray_Hacking_Toolkit/tree/master/Cryptography)
* [Forensics](https://github.com/bt3gl/Gray_Hacking_Toolkit/tree/master/Forensics)
* [Linux Hacking](https://github.com/bt3gl/Gray_Hacking_Toolkit/tree/master/Linux_Hacking)
* [Mobile Hacking](https://github.com/bt3gl/Pentesting-Toolkit/tree/master/Mobile_Hacking)
* [Network and 802.11](https://github.com/bt3gl/Pentesting-Toolkit/tree/master/Network_and_802.11)
* [Other Hackings](https://github.com/bt3gl/Pentesting-Toolkit/tree/master/Other_Hackings)
* [Pentesting Scripts](https://github.com/bt3gl/Pentesting-Toolkit/tree/master/Pentesting_Scripts)
* [Reverse Engineering](https://github.com/bt3gl/Pentesting-Toolkit/tree/master/Reverse_Engineering)
* [Steganography](https://github.com/bt3gl/Pentesting-Toolkit/tree/master/Steganography)
* [Vulnerabilities and Exploits](https://github.com/bt3gl/Pentesting-Toolkit/tree/master/Vulnerabilities_and_Exploits)
* [Web Hacking](https://github.com/bt3gl/Pentesting-Toolkit/tree/master/Web_Hacking)


<br>

------

## external resources

<br>

### general hacking


- [The Art of Intrusion](http://www.amazon.com/The-Art-Intrusion-Intruders-Deceivers/dp/0471782661http://www.amazon.com/The-Art-Intrusion-Intruders-Deceivers/dp/0471782661).
- Krebs Series on how to be in InfoSec: [Thomas Ptacek](http://krebsonsecurity.com/2012/06/how-to-break-into-security-ptacek-edition/#more-15594), [Bruce Schneier](http://krebsonsecurity.com/2012/07/how-to-break-into-security-schneier-edition/#more-15592), [Charlie Miller](http://krebsonsecurity.com/category/how-to-break-into-security/).
- [How to be a InfoSec Geek](http://www.primalsecurity.net/how-to-be-an-infosec-geek/).
- [Continuous security](https://www.infoq.com/news/2019/08/continuous-security/).
- [How to not get hacked](https://kubernetes.io/blog/2018/07/18/11-ways-not-to-get-hacked/).
- [Awesome Privilege Escalation](https://github.com/m0nad/awesome-privilege-escalation).


<br>

### post-exploitation

* [Metasploit Post Exploitation Command List](https://docs.google.com/document/d/1ZrDJMQkrp_YbU_9Ni9wMNF2m3nIPEA_kekqqqA2Ywto/edit).
* [Obscure Systems (AIX, Embeded, etc) Post-Exploit Command List](https://docs.google.com/document/d/1CIs6O1kMR-bXAT80U6Jficsqm0yR5dKUfUQgwiIKzgc/edit).
* [OSX Post-Exploitation](https://docs.google.com/document/d/10AUm_zUdAQGgoHNo_eS0SO1K-24VVYnulUD2x3rJD3k/edit?hl=en_US).
* [Windows Post-Exploitation Command List](https://docs.google.com/document/d/1U10isynOpQtrIK6ChuReu-K1WHTJm4fgG3joiuz43rw/edit?hl=en_US).
* [Linux/Unix/BSD Post-Exploitation Command List](https://docs.google.com/document/d/1ObQB6hmVvRPCgPTRZM5NMH034VDM-1N-EWPRz2770K4/edit?hl=en_US).

<br>

### books

- [Bulletproof SSL and TLS](http://www.amazon.com/gp/product/1907117040?psc=1&redirect=true&ref_=oh_aui_detailpage_o06_s00).
- [Reversing: Secrets of Reverse Engineering](http://www.amazon.com/Reversing-Secrets-Engineering-Eldad-Eilam/dp/0764574817).
- [The Art of Memory Forensics](http://www.amazon.com/gp/product/1118825098?psc=1&redirect=true&ref_=oh_aui_search_detailpage).
- [The C Programming Language](http://www.amazon.com/gp/product/0131103628?psc=1&redirect=true&ref_=oh_aui_search_detailpage)
- [The Unix Programming Environment](http://www.amazon.com/gp/product/013937681X?psc=1&redirect=true&ref_=oh_aui_search_detailpage).
- [UNIX Network Programming](http://www.amazon.com/gp/product/0139498761?psc=1&redirect=true&ref_=oh_aui_search_detailpage).
- [Threat Modeling: Designing for Security](http://www.amazon.com/Threat-Modeling-Designing-Adam-Shostack/dp/1118809998).
- [The Tangled Web](http://www.amazon.com/The-Tangled-Web-Securing-Applications/dp/1593273886).
- [The Art of Exploitation](http://www.amazon.com/Hacking-The-Art-Exploitation-Edition/dp/1593271441).
- [The Art of Software Security Assessment](http://www.amazon.com/The-Software-Security-Assessment-Vulnerabilities/dp/0321444426).
- [Practical Packet Analysis](http://www.nostarch.com/packet2.htm).
- [Gray Hat Python](http://www.amazon.com/Gray-Hat-Python-Programming-Engineers/dp/1593271921).
- [Black Hat Python](http://www.nostarch.com/blackhatpython).
- [Violent Python](http://www.amazon.com/Violent-Python-Cookbook-Penetration-Engineers/dp/1597499579).
- [Shellcoders Handbook](http://www.amazon.com/The-Shellcoders-Handbook-Discovering-Exploiting/dp/047008023X).
- [Practice Malware Analysis](https://www.nostarch.com/malware).
- [This Machine Kills Secrets](http://www.amazon.com/This-Machine-Kills-Secrets-Whistleblowers/dp/0142180491/ref=sr_1_1?s=books&ie=UTF8&qid=1436039456&sr=1-1&keywords=this+Machine+Kills+Secrets).