sec-pentesting-toolkit/README.md

🏴‍☠️🛠 pentesting toolkit

👾 hi, anon. i am bt3gl, and this repository contains resources I used when I was a ctf player in 2014-2015.

👾 some context of those good old days:

• 👉🏽 my two teams in ctf times: snatch the root and hacking for soju
• 👉🏽 my former blog, "chmod a+x singularity.sh", with several ctf writeups
• 👉🏽 my 2014's coderwall page with several writeups on linux, security, python
• 👉🏽 some entertaining: my DEF CON 23 talk on hacking quantum computing
• 👉🏽 a proof that this repo used to have 1.2k stars and 500 forks before I had to make it private
• 👉🏽 threat-intel, i project i led while working at the security team at yelp

---

directories

• CTFs and Wargames
• Cloud and K8s Hacking
• Cryptography
• Forensics
• Linux Hacking
• Mobile Hacking
• Network and 802.11
• Other Hackings
• Pentesting Scripts
• Reverse Engineering
• Steganography
• Vulnerabilities and Exploits
• Web Hacking

---

external resources

general hacking

• The Art of Intrusion
• Krebs Series on how to be in InfoSec: Thomas Ptacek, Bruce Schneier, Charlie Miller
• How to be a InfoSec Geek
• Continuous security
• How to not get hacked
• Awesome Privilege Escalation

post-exploitation

• Metasploit Post Exploitation Command List
• Obscure Systems (AIX, Embedded, etc) Post-Exploit Command List
• OSX Post-Exploitation
• Windows Post-Exploitation Command List
• Linux/Unix/BSD Post-Exploitation Command List

books

• Bulletproof SSL and TLS
• Reversing: Secrets of Reverse Engineering
• The Art of Memory Forensics
• The C Programming Language
• The Unix Programming Environment
• UNIX Network Programming
• Threat Modeling: Designing for Security
• The Tangled Web
• The Art of Exploitation
• The Art of Software Security Assessment
• Practical Packet Analysis
• Gray Hat Python
• Black Hat Python
• Violent Python
• Shellcoders Handbook
• Practice Malware Analysis
• This Machine Kills Secrets