mirror of
https://github.com/autistic-symposium/sec-pentesting-toolkit.git
synced 2025-05-18 06:30:35 -04:00
👾 a decade of resources for security researchers: pentesting, CTF, wargames, cryptography, forensics, reverse engineering, IoCs, botnets, cloud hacking, linux hacking, steganography, vulnerabilities, etc.
botnetscryptographyctfforensicsgray-hacker-resourceshackinginfoseciocslinuxmalwaresnetworkpenetration-testingpentestingpost-exploitationreverse-engineeringrubber-duckysteganographyvulnerabilitieswargameweb-security
| .github | ||
| Botnets | ||
| Cryptography | ||
| CTFs_and_WarGames | ||
| Ddos | ||
| Dockerfiles | ||
| Forensics | ||
| IOCs | ||
| Linux_Hacking | ||
| Memory_Exploits | ||
| Mobile | ||
| Mobile_Hacking | ||
| Network_and_802.11 | ||
| Other_guides | ||
| Other_Hackings | ||
| Pen_Testing_Scripts | ||
| Reverse_Engineering | ||
| Rubber_Duck | ||
| Steganography | ||
| Vulnerabilities_and_Exploits | ||
| Web_Security | ||
| README.md | ||
| requirements.txt | ||
Pentesting Resources
All information and software available on this site are for educational purposes only. Use these at your own discretion, the site owners cannot be held responsible for any damages caused. The views expressed on this site are our own and do not necessarily reflect those of our employers.
Usage of all tools on this site for attacking targets without prior mutual consent is illegal. It is the end user’s responsibility to obey all applicable local, state and federal laws. We assume no liability and are not responsible for any misuse or damage caused by this site.
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
- CTFs and WARGAMES
- CRYPTOGRAPHY
- FORENSICS
- LINUX HACKING
- MEMORY EXPLOITS
- VULNERABILITIES AND EXPLOITS
- NETWORK and 802.11
- REVERSE ENGINEERING
- RUBBER DUCK
- STEGANOGRAPHY
- WEB EXPLOITS
- OTHER HACKINGS
- PEN TESTING
- MOBILE
- BOTNETS
- DDOS
Articles
General Hacking
- The Art of Intrusion.
- Krebs Series on how to be in InfoSec: Thomas Ptacek, Bruce Schneier, Charlie Miller.
- How to be a InfoSec Geek.
- Continuous security.
- How to not get hacked.
Post-Exploitation
- Metasploit Post Exploitation Command List.
- Obscure Systems (AIX, Embeded, etc) Post-Exploit Command List.
- OSX Post-Exploitation.
- Windows Post-Exploitation Command List.
- Linux/Unix/BSD Post-Exploitation Command List.
CI/CD pipelines
- Static code security analyzers: SonarQube (Javascript scanner), NodeJsScan.
- Package dependency security analyzers: Snyk.
- Docker image security analyzers: Hadolint, Clair, Anchore.
- AWS IAM permission analyzers: IAM access advisor APIs.
- PMapper.
- AWS S3 permission analyzers: s3audit.
- Docker runtime anomaly detection: Falco.
- Kubernetes policy security analyzers: RBAC.
- Policy auditing tools: Rakkess.
Books
- Bulletproof SSL and TLS.
- Reversing: Secrets of Reverse Engineering.
- The Art of Memory Forensics.
- The C Programming Language
- The Unix Programming Environment.
- UNIX Network Programming.
- Threat Modeling: Designing for Security.
- The Tangled Web.
- The Art of Exploitation.
- The Art of Software Security Assessment.
- Practical Packet Analysis.
- Gray Hat Python.
- Black Hat Python.
- Violent Python.
- Shellcoders Handbook.
- Practice Malware Analysis.
- This Machine Kills Secrets.