Learn to hack: Difference between revisions
Jump to navigation
Jump to search
imported>Mediawiki user (Created page with "This page aims to compile high quality resources for hackers. All books listed on this page can be found on [https://libgen.fun/ Library Genesis] and [https://z-lib.org/ Z-Lib...") |
imported>Mediawiki user No edit summary |
||
Line 33: | Line 33: | ||
* https://m0chan.github.io/2019/07/30/Windows-Notes-and-Cheatsheet.html | * https://m0chan.github.io/2019/07/30/Windows-Notes-and-Cheatsheet.html | ||
* https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference/ | * https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference/ | ||
* https://github.com/S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet | |||
* https://wadcoms.github.io/ | * https://wadcoms.github.io/ | ||
* https://www.blackhillsinfosec.com/webcast-attack-tactics-5-zero-to-hero-attack/ | * https://www.blackhillsinfosec.com/webcast-attack-tactics-5-zero-to-hero-attack/ | ||
Line 46: | Line 47: | ||
* Powerview/Sharpview | * Powerview/Sharpview | ||
* Bloodhound/Sharphound | * Bloodhound/Sharphound | ||
== Office 365 & Azure == | |||
* Extremely in-depth technical info on everything https://o365blog.com/ | |||
* https://www.synacktiv.com/en/publications/azure-ad-introduction-for-red-teamers.html | |||
* https://blog.xpnsec.com/azuread-connect-for-redteam/ | |||
* https://www.blackhillsinfosec.com/webcast-getting-started-in-pentesting-the-cloud-azure/ | |||
* https://github.com/dafthack/CloudPentestCheatsheets/blob/master/cheatsheets/Azure.md | |||
=== Tools === | |||
* https://github.com/nyxgeek/o365recon | |||
* https://github.com/dirkjanm/ROADtools | |||
* https://github.com/fox-it/adconnectdump | |||
* https://github.com/LMGsec/o365creeper | |||
* https://bloodhound.readthedocs.io/en/latest/data-collection/azurehound.html | |||
* https://github.com/rvrsh3ll/TokenTactics | |||
* https://github.com/nyxgeek/onedrive_user_enum | |||
* https://github.com/dafthack/MSOLSpray | |||
* https://github.com/dafthack/MFASweep | |||
== Antivirus & EDR Evasion == | |||
== Initial Access == | |||
=== Phishing === | |||
* https://0xboku.com/2021/07/12/ArtOfDeviceCodePhish.html | |||
=== Password spraying === |
Revision as of 21:52, 6 December 2021
This page aims to compile high quality resources for hackers. All books listed on this page can be found on Library Genesis and Z-Library
General Resources
Resources that assume little to no background knowledge:
Resources that assume minimal tech background:
- (book) Penetration Testing: A Hands-On Introduction to Hacking
Resources that assume a tech or hacking background:
- (book) The Hacker Playbook 3
- books by Sparc Flow
- Hack Back! A DIY Guide
- https://github.com/ForbiddenProgrammer/conti-pentester-guide-leak
Practice labs:
General references:
- https://www.ired.team/
- http://pwnwiki.io/
- https://dmcxblue.gitbook.io/red-team-notes-2-0/
- https://github.com/swisskyrepo/PayloadsAllTheThings
Active Directory
- An excellent practical reference
- A practical reference focused on powershell
- https://gist.github.com/TarlogicSecurity/2f221924fef8c14a1d8e29f3cb5c5c4a
- https://m0chan.github.io/2019/07/30/Windows-Notes-and-Cheatsheet.html
- https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference/
- https://github.com/S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet
- https://wadcoms.github.io/
- https://www.blackhillsinfosec.com/webcast-attack-tactics-5-zero-to-hero-attack/
- https://byt3bl33d3r.github.io/practical-guide-to-ntlm-relaying-in-2017-aka-getting-a-foothold-in-under-5-minutes.html
- A very thorough technical background: https://zer1t0.gitlab.io/posts/attacking_ad/
Tools
- https://mpgn.gitbook.io/crackmapexec/
- https://www.secureauth.com/labs/open-source-tools/impacket/
- https://github.com/lgandx/Responder
- https://github.com/FuzzySecurity/StandIn
- https://www.joeware.net/freetools/tools/adfind/
- Powerview/Sharpview
- Bloodhound/Sharphound
Office 365 & Azure
- Extremely in-depth technical info on everything https://o365blog.com/
- https://www.synacktiv.com/en/publications/azure-ad-introduction-for-red-teamers.html
- https://blog.xpnsec.com/azuread-connect-for-redteam/
- https://www.blackhillsinfosec.com/webcast-getting-started-in-pentesting-the-cloud-azure/
- https://github.com/dafthack/CloudPentestCheatsheets/blob/master/cheatsheets/Azure.md
Tools
- https://github.com/nyxgeek/o365recon
- https://github.com/dirkjanm/ROADtools
- https://github.com/fox-it/adconnectdump
- https://github.com/LMGsec/o365creeper
- https://bloodhound.readthedocs.io/en/latest/data-collection/azurehound.html
- https://github.com/rvrsh3ll/TokenTactics
- https://github.com/nyxgeek/onedrive_user_enum
- https://github.com/dafthack/MSOLSpray
- https://github.com/dafthack/MFASweep