Links

Hacker Media

    Blogs Worth It:

    What the title says. There are a LOT of pentesting blogs, these are the ones i monitor constantly and value in the actual day to day testing work.

    http://carnal0wnage.blogspot.com/
    http://www.mcgrewsecurity.com/
    http://www.gnucitizen.org/blog/
    http://www.darknet.org.uk/
    http://spylogic.net/
    http://taosecurity.blogspot.com/
    http://www.room362.com/
    http://blog.sipvicious.org/
    http://blog.portswigger.net/
    http://pentestmonkey.net/blog/
    http://jeremiahgrossman.blogspot.com/
    http://i8jesus.com/
    http://blog.c22.cc/
    http://www.skullsecurity.org/blog/
    http://blog.metasploit.com/
    http://www.darkoperator.com/
    http://blog.skeptikal.org/
    http://preachsecurity.blogspot.com/
    http://www.tssci-security.com/
    http://www.gdssecurity.com/l/b/
    http://websec.wordpress.com/
    http://bernardodamele.blogspot.com/
    http://laramies.blogspot.com/
    http://www.spylogic.net/
    http://blog.andlabs.org/
    http://xs-sniper.com/blog/
    http://www.commonexploits.com/
    http://www.sensepost.com/blog/
    http://wepma.blogspot.com/
    http://exploit.co.il/
    http://securityreliks.wordpress.com/
    http://www.madirish.net/index.html
    http://sirdarckcat.blogspot.com/
    http://reusablesec.blogspot.com/
    http://myne-us.blogspot.com/
    http://www.notsosecure.com/
    http://blog.spiderlabs.com/
    http://www.corelan.be/
    http://www.digininja.org/
    http://www.pauldotcom.com/
    http://www.attackvector.org/
    http://deviating.net/
    http://www.alphaonelabs.com/
    http://www.smashingpasswords.com/
    http://wirewatcher.wordpress.com/
    http://gynvael.coldwind.pl/
    http://www.nullthreat.net/
    http://www.question-defense.com/
    http://archangelamael.blogspot.com/
    http://memset.wordpress.com/
    http://sickness.tor.hu/
    http://punter-infosec.com/
    http://www.securityninja.co.uk/
    http://securityandrisk.blogspot.com/
    http://esploit.blogspot.com/
    http://www.pentestit.com/

    Forums:

    Created for forums that will help in both tool usage, syntax, attack techniques, and collection of scripts and tools. Needs some help. I don't really frequent too many underground forums but i actually find nice one-off scripts and info i can roll into my own code in these places. Would like to add more.

    http://sla.ckers.org/forum/index.php
    http://www.ethicalhacker.net/
    http://www.backtrack-linux.org/forums/
    http://www.elitehackers.info/forums/
    http://www.hackthissite.org/forums/index.php
    http://securityoverride.com/forum/index.php
    http://www.iexploit.org/
    http://bright-shadows.net/
    http://www.governmentsecurity.org/forum/
    http://forum.intern0t.net/

    Magazines:

    http://www.net-security.org/insecuremag.php
    http://hakin9.org/

    Video:

    http://www.hackernews.com/
    http://www.securitytube.net/
    http://www.irongeek.com/i.php?page=videos/aide-winter-2011
    http://avondale.good.net/dl/bd/
    http://achtbaan.nikhef.nl/27c3-stream/releases/mkv/
    http://www.youtube.com/user/ChRiStIaAn008
    http://www.youtube.com/user/HackingCons

Methodologies:

    http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html
    http://www.pentest-standard.org/index.php/Main_Page
    http://projects.webappsec.org/w/page/13246978/Threat-Classification
    http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
    http://www.social-engineer.org/

OSINT

    Presentations:

    http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-part-1-social-networks/
    http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-%E2%80%93-part-2-blogs-message-boards-and-metadata/
    http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-part-3-monitoring/
    http://www.slideshare.net/Laramies/tactical-information-gathering
    http://www.sans.org/reading_room/whitepapers/privacy/document_metadata_the_silent_killer__32974
    http://infond.blogspot.com/2010/05/toturial-footprinting.html

    People and Organizational:

    http://www.spokeo.com/
    http://www.123people.com/
    http://www.xing.com/
    http://www.zoominfo.com/search
    http://pipl.com/
    http://www.zabasearch.com/
    http://www.searchbug.com/default.aspx
    http://theultimates.com/
    http://skipease.com/
    http://addictomatic.com/
    http://socialmention.com/
    http://entitycube.research.microsoft.com/
    http://www.yasni.com/
    http://tweepz.com/
    http://tweepsearch.com/
    http://www.glassdoor.com/index.htm
    http://www.jigsaw.com/
    http://searchwww.sec.gov/EDGARFSClient/jsp/EDGAR_MainAccess.jsp
    http://www.tineye.com/
    http://www.peekyou.com/
    http://picfog.com/
    http://twapperkeeper.com/index.php

    Infrastructure:

    http://uptime.netcraft.com/
    http://www.serversniff.net/
    http://www.domaintools.com/
    http://centralops.net/co/
    http://hackerfantastic.com/
    http://whois.webhosting.info/
    https://www.ssllabs.com/ssldb/analyze.html
    http://www.clez.net/
    http://www.my-ip-neighbors.com/
    http://www.shodanhq.com/
    http://www.exploit-db.com/google-dorks/
    http://www.hackersforcharity.org/ghdb/

Exploits and Advisories:

    http://www.exploit-db.com/
    http://www.cvedetails.com/
    http://www.milw0rm.com/ (Down permanently)
    http://www.packetstormsecurity.org/
    http://www.securityforest.com/wiki/index.php/Main_Page
    http://www.securityfocus.com/bid
    http://nvd.nist.gov/
    http://osvdb.org/
    http://www.nullbyte.org.il/Index.html
    http://secdocs.lonerunners.net/
    http://www.phenoelit-us.org/whatSAP/index.html
    http://secunia.com/
    http://cve.mitre.org/

Cheatsheets and Syntax:

    http://cirt.net/ports_dl.php?export=services
    http://www.cheat-sheets.org/
    http://blog.securitymonks.com/2009/08/15/whats-in-your-folder-security-cheat-sheets/

    Agile Hacking:

    http://www.gnucitizen.org/blog/agile-hacking-a-homegrown-telnet-based-portscanner/
    http://blog.commandlinekungfu.com/
    http://www.securityaegis.com/simple-yet-effective-directory-bruteforcing/
    http://isc.sans.edu/diary.html?storyid=2376
    http://isc.sans.edu/diary.html?storyid=1229
    http://ss64.com/nt/
    http://pauldotcom.com/2010/02/running-a-command-on-every-mac.html
    http://synjunkie.blogspot.com/2008/03/command-line-ninjitsu.html
    http://www.zonbi.org/2010/06/09/wmic-the-other-other-white-meat/
    http://rstcenter.com/forum/22324-hacking-without-tools-windows.rst
    http://www.coresecurity.com/files/attachments/Core_Define_and_Win_Cmd_Line.pdf
    http://www.scribd.com/Penetration-Testing-Ninjitsu2-Infrastructure-and-Netcat-without-Netcat/d/3064507
    http://www.pentesterscripting.com/
    http://www.sans.org/reading_room/whitepapers/hackers/windows-script-host-hack-windows_33583
    http://www.blackhat.com/presentations/bh-dc-10/Bannedit/BlackHat-DC-2010-Bannedit-Advanced-Command-Injection-Exploitation-1-wp.pdf

    OS and Scripts:

    http://en.wikipedia.org/wiki/IPv4_subnetting_reference
    http://www.nixtutor.com/linux/all-the-best-linux-cheat-sheets/
    http://shelldorado.com/shelltips/beginner.html
    http://www.linuxsurvival.com/
    http://mywiki.wooledge.org/BashPitfalls
    http://rubular.com/
    http://www.iana.org/assignments/port-numbers
    http://www.robvanderwoude.com/ntadmincommands.php
    http://www.nixtutor.com/linux/all-the-best-linux-cheat-sheets/

    Tools:

    http://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf
    http://www.secguru.com/files/cheatsheet/nessusNMAPcheatSheet.pdf
    http://sbdtools.googlecode.com/files/hping3_cheatsheet_v1.0-ENG.pdf
    http://sbdtools.googlecode.com/files/Nmap5%20cheatsheet%20eng%20v1.pdf
    http://www.sans.org/security-resources/sec560/misc_tools_sheet_v1.pdf
    http://rmccurdy.com/scripts/Metasploit%20meterpreter%20cheat%20sheet%20reference.html
    http://h.ackack.net/cheat-sheets/netcat

Distros:

    http://www.backtrack-linux.org/
    http://www.matriux.com/
    http://samurai.inguardians.com/
    http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
    https://pentoo.ch/
    http://www.hackfromacave.com/articles_and_adventures/katana_v2_release.html
    http://www.piotrbania.com/all/kon-boot/
    http://www.linuxfromscratch.org/
    http://sumolinux.suntzudata.com/
    http://blog.0x0e.org/2009/11/20/pentesting-with-an-ubuntu-box/#comments
    http://www.backbox.org/

Labs:

    ISOs and VMs:

    http://sourceforge.net/projects/websecuritydojo/
    http://code.google.com/p/owaspbwa/wiki/ProjectSummary
    http://heorot.net/livecds/
    http://informatica.uv.es/~carlos/docencia/netinvm/
    http://www.bonsai-sec.com/en/research/moth.php
    http://blog.metasploit.com/2010/05/introducing-metasploitable.html
    http://pynstrom.net/holynix.php
    http://gnacktrack.co.uk/download.php
    http://sourceforge.net/projects/lampsecurity/files/
    https://www.hacking-lab.com/news/newspage/livecd-v4.3-available.html
    http://sourceforge.net/projects/virtualhacking/files/
    http://www.badstore.net/
    http://www.irongeek.com/i.php?page=security/mutillidae-deliberately-vulnerable-php-owasp-top-10
    http://www.dvwa.co.uk/
    http://sourceforge.net/projects/thebutterflytmp/

    Vulnerable Software:

    http://www.oldapps.com/
    http://www.oldversion.com/
    http://www.exploit-db.com/webapps/
    http://code.google.com/p/wavsep/downloads/list
    http://www.owasp.org/index.php/Owasp_SiteGenerator
    http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx
    http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx
    http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx
    http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx

    Test Sites:

    http://www.webscantest.com/
    http://crackme.cenzic.com/Kelev/view/home.php
    http://zero.webappsecurity.com/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com
    http://testaspnet.vulnweb.com/
    http://testasp.vulnweb.com/
    http://testphp.vulnweb.com/
    http://demo.testfire.net/
    http://hackme.ntobjectives.com/

Exploitation Intro:

If you'd like to get into exploit dev, these are really the guides and docs that will start you off in the right direction. Since Exploit dev is not my primary occupation this section could always use help.

    http://myne-us.blogspot.com/2010/08/from-0x90-to-0x4c454554-journey-into.html
    http://www.mgraziano.info/docs/stsi2010.pdf
    http://www.abysssec.com/blog/2010/05/past-present-future-of-windows-exploitation/
    http://www.ethicalhacker.net/content/view/122/2/
    http://code.google.com/p/it-sec-catalog/wiki/Exploitation
    http://x9090.blogspot.com/2010/03/tutorial-exploit-writting-tutorial-from.html
    http://ref.x86asm.net/index.html

Reverse Engineering & Malware:

    http://www.woodmann.com/TiGa/idaseries.html
    http://www.binary-auditing.com/
    http://visi.kenshoto.com/
    http://www.radare.org/y/
    http://www.offensivecomputing.net/

Passwords and Hashes:

    http://www.irongeek.com/i.php?page=videos/password-exploitation-class
    http://cirt.net/passwords
    http://sinbadsecurity.blogspot.com/2008/10/ms-sql-server-password-recovery.html
    http://www.foofus.net/~jmk/medusa/medusa-smbnt.html
    http://www.foofus.net/?page_id=63
    http://hashcrack.blogspot.com/
    http://www.nirsoft.net/articles/saved_password_location.html
    http://www.onlinehashcrack.com/
    http://www.md5this.com/list.php?
    http://www.virus.org/default-password
    http://www.phenoelit-us.org/dpl/dpl.html
    http://news.electricalchemy.net/2009/10/cracking-passwords-in-cloud.html

    Wordlists:

    * http://contest.korelogic.com/wordlists.html
    * http://packetstormsecurity.org/Crackers/wordlists/
    * http://www.skullsecurity.org/wiki/index.php/Passwords
    * http://www.ericheitzman.com/passwd/passwords/

    Pass the Hash:

    * http://www.sans.org/reading_room/whitepapers/testing/pass-the-hash-attacks-tools-mitigation_33283
    * http://www.sans.org/reading_room/whitepapers/testing/crack-pass-hash_33219
    * http://carnal0wnage.blogspot.com/2008/03/using-pash-hash-toolkit.html

MiTM:

    http://www.giac.org/certified_professionals/practicals/gsec/0810.php
    http://www.linuxsecurity.com/docs/PDF/dsniff-n-mirror.pdf
    http://www.cs.uiuc.edu/class/sp08/cs498sh/slides/dsniff.pdf
    http://www.techvibes.com/blog/a-hackers-story-let-me-tell-you-just-how-easily-i-can-steal-your-personal-data
    http://www.mindcenter.net/uploads/ECCE101.pdf
    http://toorcon.org/pres12/3.pdf
    http://media.techtarget.com/searchUnifiedCommunications/downloads/Seven_Deadliest_UC_Attacks_Ch3.pdf
    http://packetstormsecurity.org/papers/wireless/cracking-air.pdf
    http://www.blackhat.com/presentations/bh-europe-03/bh-europe-03-valleri.pdf
    http://www.oact.inaf.it/ws-ssri/Costa.pdf
    http://www.defcon.org/images/defcon-17/dc-17-presentations/defcon-17-sam_bowne-hijacking_web_2.0.pdf
    http://mcafeeseminar.com/focus/downloads/Live_Hacking.pdf
    http://www.seanobriain.com/docs/PasstheParcel-MITMGuide.pdf
    http://www.more.net/sites/default/files/2010JohnStrandKeynote.pdf
    http://www.leetupload.com/database/Misc/Papers/Asta%20la%20Vista/18.Ettercap_Spoof.pdf
    http://bandwidthco.com/whitepapers/netforensics/arp/EtterCap%20ARP%20Spoofing%20&%20Beyond.pdf
    http://bandwidthco.com/whitepapers/netforensics/arp/Fun%20With%20EtterCap%20Filters.pdf
    http://www.iac.iastate.edu/iasg/libarchive/0910/The_Magic_of_Ettercap/The_Magic_of_Ettercap.pdf
    http://articles.manugarg.com/arp_spoofing.pdf
    http://academy.delmar.edu/Courses/ITSY2430/eBooks/Ettercap(ManInTheMiddleAttack-tool).pdf
    http://www.ucci.it/docs/ICTSecurity-2004-26.pdf
    http://web.mac.com/opticrealm/iWeb/asurobot/My%20Cyber%20Attack%20Papers/My%20Cyber%20Attack%20Papers_files/ettercap_Nov_6_2005-1.pdf
    http://blog.spiderlabs.com/2010/12/thicknet.html
    http://www.hackyeah.com/2010/10/ettercap-filters-with-metasploit-browser_autopwn/
    http://www.go4expert.com/forums/showthread.php?t=11842
    http://www.irongeek.com/i.php?page=security/ettercapfilter
    http://openmaniak.com/ettercap_filter.php
    http://www.irongeek.com/i.php?page=videos/dns-spoofing-with-ettercap-pharming
    http://www.irongeek.com/i.php?page=videos/ettercap-plugins-find-ip-gw-discover-isolate
    http://www.irongeek.com/i.php?page=videos/ettercapfiltervid1
    http://spareclockcycles.org/2010/06/10/sergio-proxy-released/

Tools:

    OSINT:

    * http://www.edge-security.com/theHarvester.php
    * http://www.mavetju.org/unix/dnstracer-man.php
    * http://www.paterva.com/web5/

        Metadata:

          * http://www.sans.org/reading_room/whitepapers/privacy/document-metadata-silent-killer_32974
          * http://lcamtuf.coredump.cx/strikeout/
          * http://www.sno.phy.queensu.ca/~phil/exiftool/
          * http://www.edge-security.com/metagoofil.php
          * http://www.darkoperator.com/blog/2009/4/24/metadata-enumeration-with-foca.html

    Google Hacking:

    * http://www.stachliu.com/index.php/resources/tools/google-hacking-diggity-project/
    * http://midnightresearch.com/projects/search-engine-assessment-tool/#downloads
    * http://sqid.rubyforge.org/#next
    * http://voidnetwork.org/5ynL0rd/darkc0de/python_script/dorkScan.html

    Web:

    * http://www.bindshell.net/tools/beef
    * http://blindelephant.sourceforge.net/
    * http://xsser.sourceforge.net/
    * http://sourceforge.net/projects/rips-scanner/
    * http://www.divineinvasion.net/authforce/
    * http://andlabs.org/tools.html#sotf
    * http://www.taddong.com/docs/Browser_Exploitation_for_Fun&Profit_Taddong-RaulSiles_Nov2010_v1.1.pdf
    * http://carnal0wnage.blogspot.com/2007/07/using-sqid-sql-injection-digger-to-look.html
    * http://code.google.com/p/pinata-csrf-tool/
    * http://xsser.sourceforge.net/#intro
    * http://www.contextis.co.uk/resources/tools/clickjacking-tool/
    * http://packetstormsecurity.org/files/view/69896/unicode-fun.txt
    * http://sourceforge.net/projects/ws-attacker/files/
    * https://github.com/koto/squid-imposter

        Attack Strings:

          * http://code.google.com/p/fuzzdb/
          * http://www.owasp.org/index.php/Category:OWASP_Fuzzing_Code_Database#tab=Statements

        Shells:

          * http://sourceforge.net/projects/yokoso/
          * http://sourceforge.net/projects/ajaxshell/

        Scanners:

          * http://w3af.sourceforge.net/
          * http://code.google.com/p/skipfish/
          * http://sqlmap.sourceforge.net/
          * http://sqid.rubyforge.org/#next
          * http://packetstormsecurity.org/UNIX/scanners/XSSscan.py.txt
          * http://code.google.com/p/fimap/wiki/WindowsAttack
          * http://code.google.com/p/fm-fsf/

        Proxies:

            Burp:

                * http://www.sans.org/reading_room/whitepapers/testing/fuzzing-approach-credentials-discovery-burp-intruder_33214
                * http://www.gdssecurity.com/l/b/2010/08/10/constricting-the-web-the-gds-burp-api/
                * http://sourceforge.net/projects/belch/files/
                * http://www.securityninja.co.uk/application-security/burp-suite-tutorial-repeater-and-comparer-tools
                * http://blog.ombrepixel.com/
                * http://andlabs.org/tools.html#dser
                * http://feoh.tistory.com/22
              * http://www.sensepost.com/labs/tools/pentest/reduh
              * http://www.owasp.org/index.php/OWASP_WebScarab_NG_Project
              * http://intrepidusgroup.com/insight/mallory/
              * http://www.fiddler2.com/fiddler2/
              * http://websecuritytool.codeplex.com/documentation?referringTitle=Home
              * http://translate.google.com/translate?hl=en&sl=es&u=http://xss.codeplex.com/releases/view/43170&prev=/search%3Fq%3Dhttp://www.hackingeek.com/2010/08/x5s-encuentra-fallos-xss-lfi-rfi-en-tus.html%26hl%3Den&rurl=translate.google.com&twu=1

    Social Engineering:

    * http://www.secmaniac.com/

    Password:

    * http://nmap.org/ncrack/
    * http://www.foofus.net/~jmk/medusa/medusa.html
    * http://www.openwall.com/john/
    * http://ophcrack.sourceforge.net/
    * http://blog.0x3f.net/tool/keimpx-in-action/
    * http://code.google.com/p/keimpx/
    * http://sourceforge.net/projects/hashkill/

    Metasploit:

    http://www.indepthdefense.com/2009/02/reverse-pivots-with-metasploit-how-not.html
    http://code.google.com/p/msf-hack/wiki/WmapNikto
    http://www.indepthdefense.com/2009/01/metasploit-visual-basic-payloads-in.html
    http://seclists.org/metasploit/
    http://pauldotcom.com/2010/03/nessus-scanning-through-a-meta.html
    http://meterpreter.illegalguy.hostzi.com/
    http://blog.metasploit.com/2010/03/automating-metasploit-console.html
    http://www.workrobot.com/sansfire2009/561.html
    http://www.securitytube.net/video/711
    http://en.wikibooks.org/wiki/Metasploit/MeterpreterClient#download
    http://vimeo.com/16852783
    http://milo2012.wordpress.com/2009/09/27/xlsinjector/
    http://www.fastandeasyhacking.com/
    http://trac.happypacket.net/
    http://www.blackhat.com/presentations/bh-dc-10/Ames_Colin/BlackHat-DC-2010-colin-david-neurosurgery-with-meterpreter-wp.pdf
    http://www.blackhat.com/presentations/bh-dc-10/Egypt/BlackHat-DC-2010-Egypt-UAV-slides.pdf

    MSF Exploits or Easy:

    http://www.nessus.org/plugins/index.php?view=single&id=12204
    http://www.nessus.org/plugins/index.php?view=single&id=11413
    http://www.nessus.org/plugins/index.php?view=single&id=18021
    http://www.nessus.org/plugins/index.php?view=single&id=26918
    http://www.nessus.org/plugins/index.php?view=single&id=34821
    http://www.nessus.org/plugins/index.php?view=single&id=22194
    http://www.nessus.org/plugins/index.php?view=single&id=34476
    http://www.nessus.org/plugins/index.php?view=single&id=25168
    http://www.nessus.org/plugins/index.php?view=single&id=19408
    http://www.nessus.org/plugins/index.php?view=single&id=21564
    http://www.nessus.org/plugins/index.php?view=single&id=10862
    http://www.nessus.org/plugins/index.php?view=single&id=26925
    http://www.nessus.org/plugins/index.php?view=single&id=29314
    http://www.nessus.org/plugins/index.php?view=single&id=23643
    http://www.nessus.org/plugins/index.php?view=single&id=12052
    http://www.nessus.org/plugins/index.php?view=single&id=12052
    http://www.nessus.org/plugins/index.php?view=single&id=34477
    http://www.nessus.org/plugins/index.php?view=single&id=15962
    http://www.nessus.org/plugins/index.php?view=single&id=42106
    http://www.nessus.org/plugins/index.php?view=single&id=15456
    http://www.nessus.org/plugins/index.php?view=single&id=21689
    http://www.nessus.org/plugins/index.php?view=single&id=12205
    http://www.nessus.org/plugins/index.php?view=single&id=22182
    http://www.nessus.org/plugins/index.php?view=single&id=26919
    http://www.nessus.org/plugins/index.php?view=single&id=26921
    http://www.nessus.org/plugins/index.php?view=single&id=21696
    http://www.nessus.org/plugins/index.php?view=single&id=40887
    http://www.nessus.org/plugins/index.php?view=single&id=10404
    http://www.nessus.org/plugins/index.php?view=single&id=18027
    http://www.nessus.org/plugins/index.php?view=single&id=19402
    http://www.nessus.org/plugins/index.php?view=single&id=11790
    http://www.nessus.org/plugins/index.php?view=single&id=12209
    http://www.nessus.org/plugins/index.php?view=single&id=10673

    NSE:

    http://www.securitytube.net/video/931
    http://nmap.org/nsedoc/

    Net Scanners and Scripts:

    http://nmap.org/
    http://asturio.gmxhome.de/software/sambascan2/i.html
    http://www.softperfect.com/products/networkscanner/
    http://www.openvas.org/
    http://tenable.com/products/nessus
    http://www.rapid7.com/vulnerability-scanner.jsp
    http://www.eeye.com/products/retina/community

    Post Exploitation:

    http://www.awarenetwork.org/home/rattle/source/python/exe2bat.py
    http://www.phx2600.org/archive/2008/08/29/metacab/
    http://www.room362.com/blog/2011/9/6/post-exploitation-command-lists.html

    Netcat:

    http://readlist.com/lists/insecure.org/nmap-dev/1/7779.html
    http://www.radarhack.com/tutorial/ads.pdf
    http://www.infosecwriters.com/text_resources/pdf/Netcat_for_the_Masses_DDebeer.pdf
    http://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf
    http://www.dest-unreach.org/socat/
    http://www.antionline.com/archive/index.php/t-230603.html
    http://technotales.wordpress.com/2009/06/14/netcat-tricks/
    http://seclists.org/nmap-dev/2009/q1/581
    http://www.terminally-incoherent.com/blog/2007/08/07/few-useful-netcat-tricks/
    http://www.inguardians.com/research/docs/Skoudis_pentestsecrets.pdf
    http://gse-compliance.blogspot.com/2008/07/netcat.html

    Source Inspection:

    http://www.justanotherhacker.com/projects/graudit.html
    http://code.google.com/p/javasnoop/

    Firefox Addons:

    https://addons.mozilla.org/id/firefox/collections/byrned/pentesting/?page=8
    https://addons.mozilla.org/en-US/firefox/addon/osvdb/
    https://addons.mozilla.org/en-US/firefox/addon/packet-storm-search-plugin/
    https://addons.mozilla.org/en-US/firefox/addon/default-passwords-cirtne-58786/
    https://addons.mozilla.org/en-US/firefox/addon/offsec-exploit-db-search/
    https://addons.mozilla.org/en-US/firefox/addon/oval-repository-search-plugin/
    https://addons.mozilla.org/en-US/firefox/addon/cve-dictionary-search-plugin/
    https://addons.mozilla.org/en-US/firefox/addon/hackbar/

    Tool Listings:

    http://packetstormsecurity.org/files/tags/tool
    http://tools.securitytube.net/index.php?title=Main_Page

Training/Classes:

    Sec/Hacking:

    http://pentest.cryptocity.net/
    http://www.irongeek.com/i.php?page=videos/network-sniffers-class
    http://samsclass.info/124/124_Sum09.shtml
    http://www.cs.ucsb.edu/~vigna/courses/cs279/
    http://crypto.stanford.edu/cs142/
    http://crypto.stanford.edu/cs155/
    http://cseweb.ucsd.edu/classes/wi09/cse227/
    http://www-inst.eecs.berkeley.edu/~cs161/sp11/
    http://security.ucla.edu/pages/Security_Talks
    http://www.cs.rpi.edu/academics/courses/spring10/csci4971/
    http://cr.yp.to/2004-494.html
    http://www.ece.cmu.edu/~dbrumley/courses/18732-f09/
    https://noppa.tkk.fi/noppa/kurssi/t-110.6220/luennot
    http://stuff.mit.edu/iap/2009/#websecurity

    Metasploit:

    http://www.offensive-security.com/metasploit-unleashed/Metasploit_Unleashed_Information_Security_Training
    http://www.irongeek.com/i.php?page=videos/metasploit-class
    http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,6158.0/
    http://vimeo.com/16925188
    http://www.ustream.tv/recorded/13396511
    http://www.ustream.tv/recorded/13397426
    http://www.ustream.tv/recorded/13398740

    Programming:

        Python:

    http://code.google.com/edu/languages/google-python-class/index.html
    http://www.swaroopch.com/notes/Python_en:Table_of_Contents
    http://www.thenewboston.com/?cat=40&pOpen=tutorial
    http://showmedo.com/videotutorials/python
    http://www.catonmat.net/blog/learning-python-programming-language-through-video-lectures/

    Ruby:

    http://www.tekniqal.com/

        Other Misc:

    http://www.cs.sjtu.edu.cn/~kzhu/cs490/
    https://noppa.tkk.fi/noppa/kurssi/t-110.6220/luennot/
    http://i-web.i.u-tokyo.ac.jp/edu/training/ss/lecture/new-documents/Lectures/
    http://resources.infosecinstitute.com/
    http://vimeo.com/user2720399

Web Vectors

    SQLi:

    http://pentestmonkey.net/blog/mssql-sql-injection-cheat-sheet/
    http://isc.sans.edu/diary.html?storyid=9397
    http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/
    http://www.evilsql.com/main/index.php
    http://xd-blog.com.ar/descargas/manuales/bugs/full-mssql-injection-pwnage.html
    http://securityoverride.com/articles.php?article_id=1&article=The_Complete_Guide_to_SQL_Injections
    http://websec.wordpress.com/2010/03/19/exploiting-hard-filtered-sql-injections/
    http://sqlzoo.net/hack/
    http://www.sqlteam.com/article/sql-server-versions
    http://www.krazl.com/blog/?p=3
    http://www.owasp.org/index.php/Testing_for_MS_Access
    http://web.archive.org/web/20101112061524/http://seclists.org/pen-test/2003/May/0074.html
    http://web.archive.org/web/20080822123152/http://www.webapptest.org/ms-access-sql-injection-cheat-sheet-EN.html
    http://www.youtube.com/watch?v=WkHkryIoLD0
    http://layerone.info/archives/2009/Joe%20McCray%20-%20Advanced%20SQL%20Injection%20-%20L1%202009.pdf
    http://vimeo.com/3418947
    http://sla.ckers.org/forum/read.php?24,33903
    http://websec.files.wordpress.com/2010/11/sqli2.pdf
    http://old.justinshattuck.com/2007/01/18/mysql-injection-cheat-sheet/
    http://ha.ckers.org/sqlinjection/
    http://lab.mediaservice.net/notes_more.php?id=MSSQL

    Upload Tricks:

    http://www.google.com/#hl=en&q=bypassing+upload+file+type&start=40&sa=N&fp=a2bb30ecf4f91972
    http://blog.skeptikal.org/2009/11/adobe-responds-sort-of.html
    http://blog.insicdesigns.com/2009/01/secure-file-upload-in-php-web-applications/
    http://perishablepress.com/press/2006/01/10/stupid-htaccess-tricks/
    http://ex.ploit.net/f20/tricks-tips-bypassing-image-uploaders-t3hmadhatt3r-38/
    http://www.ravenphpscripts.com/article2974.html
    http://www.acunetix.com/cross-site-scripting/scanner.htm
    http://www.vupen.com/english/advisories/2009/3634
    http://msdn.microsoft.com/en-us/library/aa478971.aspx
    http://dev.tangocms.org/issues/237
    http://seclists.org/fulldisclosure/2006/Jun/508
    http://www.gnucitizen.org/blog/cross-site-file-upload-attacks/
    http://www.ipolicynetworks.com/technology/files/TikiWiki_jhot.php_Script_File_Upload_Security_Bypass_Vulnerability.html
    http://shsc.info/FileUploadSecurity

    LFI/RFI:

    http://pastie.org/840199
    http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/
    http://www.notsosecure.com/folder2/2010/08/20/lfi-code-exec-remote-root/?utm_source=twitterfeed&utm_medium=twitter
    http://labs.neohapsis.com/2008/07/21/local-file-inclusion-%E2%80%93-tricks-of-the-trade/
    http://www.digininja.org/blog/when_all_you_can_do_is_read.php

    XSS:

    http://www.infosecwriters.com/hhworld/hh8/csstut.htm
    http://www.technicalinfo.net/papers/CSS.html
    http://msmvps.com/blogs/alunj/archive/2010/07/07/1773441.aspx
    http://forum.intern0t.net/web-hacking-war-games/112-cross-site-scripting-attack-defense-guide.html
    https://media.blackhat.com/bh-eu-10/presentations/Lindsay_Nava/BlackHat-EU-2010-Lindsay-Nava-IE8-XSS-Filters-slides.pdf
    http://sirdarckcat.blogspot.com/2009/08/our-favorite-xss-filters-and-how-to.html
    http://www.securityaegis.com/filter-evasion-houdini-on-the-wire/
    http://heideri.ch/jso/#javascript
    http://www.reddit.com/r/xss/
    http://sla.ckers.org/forum/list.php?2

    Coldfusion:

    http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/
    http://zastita.com/02114/Attacking_ColdFusion..html
    http://www.nosec.org/2010/0809/629.html
    http://h30507.www3.hp.com/t5/Following-the-White-Rabbit-A/Adobe-ColdFusion-s-Directory-Traversal-Disaster/ba-p/81964
    http://cfunited.com/2009/files/presentations/254_ShlomyGantz_August2009_HackProofingColdFusion.pdf

    Sharepoint:

    http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,6131.msg32678/#msg32678

    Lotus:

    http://blog.ombrepixel.com/post/2009/05/06/Lotus-Notes/Domino-Security
    http://seclists.org/pen-test/2002/Nov/43
    http://www.sectechno.com/2010/07/12/hacking-lotus-domino/?

    JBoss:

    http://www.nruns.com/_downloads/Whitepaper-Hacking-jBoss-using-a-Browser.pdf
    http://blog.mindedsecurity.com/2010/04/good-bye-critical-jboss-0day.html

    VMWare Web:

    http://www.metasploit.com/modules/auxiliary/scanner/http/vmware_server_dir_trav

    Oracle App Servers:

    http://www.hideaway.net/2007/07/hacking-oracle-application-servers.html
    http://www.owasp.org/index.php/Testing_for_Oracle
    http://www.ngssoftware.com/services/software-products/internet-security/orascan.aspx
    http://www.ngssoftware.com/services/software-products/Database-Security/NGSSQuirreLOracle.aspx
    http://www.ngssoftware.com/papers/hpoas.pdf

    SAP:

    http://www.onapsis.com/research.html#bizploit
    http://marc.info/?l=john-users&m=121444075820309&w=2
    http://www.phenoelit-us.org/whatSAP/index.html

Wireless:

    http://code.google.com/p/pyrit/

Capture the Flag/Wargames:

    http://intruded.net/
    http://smashthestack.org/
    http://flack.hkpco.kr/
    http://ctf.hcesperer.org/
    http://ictf.cs.ucsb.edu/
    http://capture.thefl.ag/calendar/

Conferences:

    https://www.google.com/calendar/embed?src=pe2ikdbe6b841od6e26ato0asc@group.calendar.google.com&gsessionid=OK

Misc/Unsorted:

    http://www.ikkisoft.com/stuff/SMH_XSS.txt
    http://securestate.blogspot.com/2010/08/xfs-101-cross-frame-scripting-explained.html?utm_source=twitterfeed&utm_medium=twitter
    http://whatthefuckismyinformationsecuritystrategy.com/
    http://video.google.com/videoplay?docid=4379894308228900017&q=owasp#
    http://video.google.com/videoplay?docid=4994651985041179755&ei=_1k4TKj-PI-cqAPioJnKDA&q=deepsec#
    http://www.sensepost.com/blog/4552.html
    http://blog.zenone.org/2009/03/pci-compliance-disable-sslv2-and-weak.html
    http://threatpost.com/en_us/blogs/hd-moore-metasploit-exploitation-and-art-pen-testing-040210
    http://carnal0wnage.attackresearch.com/node/410
    http://www.cs.ucsb.edu/~adoupe/static/black-box-scanners-dimva2010.pdf
    http://www.spy-hunter.com/Database_Pen_Testing_ISSA_March_25_V2.pdf
    http://perishablepress.com/press/2006/01/10/stupid-htaccess-tricks/