Information Research and Content Categorization-- Part 1

• By The Rapture
• 
  

• http://www.Cybrary.IT – There can be only one!
• Offensive Security – https://www.offensive-security.com
• FSU Offensive Computer Security Course –https://www.cs.fsu.edu/~redwood/OffensiveComputerSecurity/lectures.html
• http://www.Skillset.com – This place has free practice tests.  You can subscribe for money, but I would say its not really worth it.  It was better when it was all free.
• https://open.hpi.de/news#post_42a41551-8ed6-47ea-bec6-ce7d3a030fff
• https://pentesterlab.com/ – Great place to lean Web Penetration testing.
• http://www.cicentre.com/ – The Center for Counterintelligence and Security Studies
• Strategic Security videos http://strategicsec.com/services/training-services/videos/
• OCW Electrical Engineering & CompSci Courses –  http://ocw.mit.edu/courses/electrical-engineering-and-computer-science/
• http://www.hackernews.com/
• http://www.youtube.com/user/ChRiStIaAn008
• Codeacademy (Teaches how to code in many languages!)- https://www.codecademy.com/
• W3schools (Another great site to learn programming languages)  http://www.w3schools.com/
• RubyMonk (A gentle, interactive introduction to programming in Ruby) http://rubymonk.com/
• Code.org (Great resource for children wanting to learn computer science!) – https://code.org/

Conferences/archives

===========================================================

• Conference calendar: https://www.google.com/calendar/embed?src=pe2ikdbe6b841od6e26ato0asc@group.calendar.google.com&gsessionid=OK
• https://www.defcon.org/ – The one and only crazy convention.
• http://www.securitybsides.com/
• https://www.blackhat.com/
• https://conference.hitb.org/
• http://www.infosecurityeurope.com/
• http://infosecworld.misti.com/
• https://www.sans.org/
• http://shmoocon.org/
• http://www.messefrankfurt.com/
• https://deepsec.net/
• Then there are all of the City Cons (Which I cannot even begin to list all of them):

Archives:

• http://www.Derbycon.com – Although this is technically a City Con, this is the place all of the major InfoSec guys go to after DefCon to hang out in a family atmosphere. I have had such a great time at Derby talking to some of the most influential people in the Security industry. Everyone is so friendly, and you don’t really have to worry about getting popped because there is an unspoken agreement to not do that kind of thing (family do not hack family).
• https://circlecitycon.com/
• http://skydogcon.blogspot.com/
• http://www.archc0n.org/
• http://showmecon.com/
• http://www.irongeek.com/ – IronGeek the biggest and baddest archive of convention talks
• http://www.securitytube.net/
• https://infocon.org/ –  InfoCon is a community supported, non-commercial archive of all the past hacking related convention material that can be found.
• YouTube Channels of Conferences:
• DEFCONConference – https://www.youtube.com/user/DEFCONConference/playlists
• Shmoocon 2016 – https://www.youtube.com/playlist?list=PLJgHiyD1pZg70X3X3zjmdmZg3u0eqDFJ4
• RSA Conference – https://www.youtube.com/channel/UCYzwGkfOqrevO-4TuTjPLwQ
• Black Hat – https://www.youtube.com/user/BlackHatOfficialYT/playlists
• Derbycon 5 – https://www.youtube.com/playlist?list=PLNhlcxQZJSm8cr3iBN27VZ4Rm11Erbae–
• http://www.youtube.com/user/HackingCons
• 
  

Various electronics/shops to buy tools/gadgets

===========================================================

• http://hakshop.myshopify.com/ – Hak5 is pretty well known for the Wifi Pineapple and USB Rubber ducky.
• http://hackerwarehouse.com/ – They sell tons of good stuff
• While it’s not specific to hacking per se, this site has a list of daily deals that often have really cool things for sale – http://deals.kinja.com/
• Some Cool Tech – http://theawesomer.com/category/tech/
• Spy Shop – http://www.spyshop.co.uk/
• Spy Gadgets – https://www.spygadgets.com/
• Gadgets+gear – https://gadgetsandgear.com/security-and-spy/
• Spy Emporium – http://www.spyemporium.com/audio-spying-surveillance-equipment.html
• Information Unlimited (Crazy Stuff to Buy) http://www.amazing1.com/
• Wall of Sheep (All Kinds of Good Stuff) – http://www.wallofsheep.com/
• Micro drone with camera – http://www.micro-drone.co.uk/shop/
• 1BitSquared (super tiny drones) – http://1bitsquared.com/
• “Camping” tents (RF Shielded Tents) – http://www.ramayes.com/rf_shielded_tents.htm
• KillerUSB (Destroys USB Ports On Computers) – http://kukuruku.co/hub/diy/usb-killer

Blogs & Resource Sites of Individuals

===========================================================

• G0tmi1k – https://blog.g0tmi1k.com/
• Lesley Carhart Blog – http://tisiphone.net/
• Samy Kamkar Blog – http://samy.pl/
• Raphael Mudge – http://blog.cobaltstrike.com/
• Fernando Magro Blog – http://fernandomagro.com/category/security/
• Bruce Schneier Blog (IT Security “guru”) – https://www.schneier.com
• Nicolas Seriot resource site – http://seriot.ch/
• Jonathan Salwan (shell-storm) blog – http://shell-storm.org/
• Carlos Perez (DarkOperator) – http://www.darkoperator.com/
• Brian Krebs – http://krebsonsecurity.com/
• H legacy blog – http://www.h-online.com/
• Zdziarski’s Blog – http://www.zdziarski.com/blog/?cat=8
• IceRocket (allows users to search Blogs, Tweets, news, images etc. all from one page) – http://www.icerocket.com/
• Daniel Blog Miessler – https://danielmiessler.com/information-security/
• Rootshell Blog – http://www.rootsh3ll.com/
• Sjoerd Langkemper Blog – http://www.sjoerdlangkemper.nl/
• Malware Jake Blog – http://malwarejake.blogspot.com
• Rich Perkins/Mike Tassey – https://rabbit-hole.org/
• Social Engineer Blog – http://www.social-engineer.org/blog/
• Didier Stevens – http://blog.didierstevens.com/
• Room362.com – Blog –  http://www.room362.com/
• Blogs | The Honeynet Project – https://www.honeynet.org/
• n0security –  http://n0security.blogspot.com/
• http://www.n0where.net
• http://carnal0wnage.blogspot.com/
• http://www.mcgrewsecurity.com/
• http://www.gnucitizen.org/blog/
• http://www.darknet.org.uk/
• http://spylogic.net/
• http://taosecurity.blogspot.com/
• http://www.room362.com/
• http://blog.sipvicious.org/
• http://blog.portswigger.net/
• http://pentestmonkey.net/blog/
• http://jeremiahgrossman.blogspot.com/
• http://i8jesus.com/
• http://blog.c22.cc/
• http://www.skullsecurity.org/blog/
• http://blog.metasploit.com/
• http://www.darkoperator.com/
• http://blog.skeptikal.org/
• http://preachsecurity.blogspot.com/
• http://www.tssci-security.com/
• http://www.gdssecurity.com/l/b/
• http://websec.wordpress.com/
• http://bernardodamele.blogspot.com/
• http://laramies.blogspot.com/
• http://www.spylogic.net/
• http://blog.andlabs.org/
• http://xs-sniper.com/blog/
• http://www.commonexploits.com/
• http://www.sensepost.com/blog/
• http://wepma.blogspot.com/
• http://exploit.co.il/
• http://securityreliks.wordpress.com/
• http://www.madirish.net/index.html
• http://sirdarckcat.blogspot.com/
• http://reusablesec.blogspot.com/
• http://myne-us.blogspot.com/
• http://www.notsosecure.com/
• http://blog.spiderlabs.com/
• http://www.corelan.be/
• http://www.digininja.org/
• http://www.pauldotcom.com/
• http://www.attackvector.org/
• http://deviating.net/
• http://www.alphaonelabs.com/
• http://www.smashingpasswords.com/
• http://wirewatcher.wordpress.com/
• http://gynvael.coldwind.pl/
• http://www.nullthreat.net/
• http://www.question-defense.com/
• http://archangelamael.blogspot.com/
• http://memset.wordpress.com/
• http://sickness.tor.hu/
• http://punter-infosec.com/
• http://www.securityninja.co.uk/
• http://securityandrisk.blogspot.com/
• http://esploit.blogspot.com/
• http://www.pentestit.com/

Forums

===========================================================

• https://www.cybrary.it/forums/
• http://sla.ckers.org/forum/index.php
• http://www.ethicalhacker.net/
• http://www.backtrack-linux.org/forums/
• http://www.elitehackers.info/forums/
• http://www.hackthissite.org/forums/index.php
• http://securityoverride.com/forum/index.php
• http://www.iexploit.org/
• http://bright-shadows.net/
• http://www.governmentsecurity.org/forum/
• http://forum.intern0t.net/
• https://www.reddit.com/r/netsec/

Intrusion Detection/Intrusion Prevention Information

===========================================================

• https://security-onion-solutions.github.io/security-onion/ – Security Onion is a Linux distro for intrusion detection, network security monitoring, and log management. It’s based on Ubuntu and contains Snort, Suricata, Bro, OSSEC, Sguil, Squert, ELSA, Xplico, NetworkMiner, and many other security tools. The easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes!

Penetration Testing

===========================================================

• Tools:
  • Armitage – http://www.fastandeasyhacking.com/
  • Cobalt Strike – https://www.cobaltstrike.com/
  • Charles HTTP proxy/monitor https://www.charlesproxy.com/
  • Sec tool market http://www.sectoolmarket.com/price-and-feature-comparison-of-web-application-scanners-unified-list.html
  • Firefox 68 Add-ons for Web Application Security Penetration Testing https://addons.mozilla.org/en-US/firefox/collections/adammuntner/webappsec/
  • OWASP Mantra tools https://www.getmantra.com/tools.html
  • OWASP Zed Attack Proxy (ZAP) https://github.com/zaproxy/zaproxy
  • Top 125 Network Security Tools http://sectools.org/tag/vuln-scanners/
  • BeEF framework http://beefproject.com/
  • Moocherhunter http://securitystartshere.org/page-training-oswa-assistant.htm#moocherhunter
  • Kali Linux Tools Listing http://tools.kali.org/tools-listing
  • Vega https://subgraph.com/vega/
  • Wifite – https://github.com/derv82/wifite
  • http://www.edge-security.com/theHarvester.php
  • http://www.mavetju.org/unix/dnstracer-man.php
  • http://www.paterva.com/web5/

• References:
  • Common Vulnerabilities and Exposures List https://cve.mitre.org/
  • http://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf
  • http://www.secguru.com/files/cheatsheet/nessusNMAPcheatSheet.pdf
  • http://sbdtools.googlecode.com/files/hping3_cheatsheet_v1.0-ENG.pdf
  • http://sbdtools.googlecode.com/files/Nmap5%20cheatsheet%20eng%20v1.pdf
  • http://www.sans.org/security-resources/sec560/misc_tools_sheet_v1.pdf
  • http://rmccurdy.com/scripts/Metasploit%20meterpreter%20cheat%20sheet%20reference.html
  • http://h.ackack.net/cheat-sheets/netcat

• Methodologies:
  • http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html
  • http://www.pentest-standard.org/index.php/Main_Page
  • http://projects.webappsec.org/w/page/13246978/Threat-Classification
  • http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
  • http://www.social-engineer.org/

• Exploits and Advisories:
  • http://www.exploit-db.com/
  • http://www.cvedetails.com/
  • http://www.packetstormsecurity.org/
  • http://www.securityforest.com/wiki/index.php/Main_Page
  • http://www.securityfocus.com/bid
  • http://nvd.nist.gov/
  • http://osvdb.org/
  • http://www.nullbyte.org.il/Index.html
  • http://secdocs.lonerunners.net/
  • http://www.phenoelit-us.org/whatSAP/index.html
  • http://secunia.com/
  • http://cve.mitre.org/

• Cheatsheets and Syntax:
  • http://cirt.net/ports_dl.php?export=services
  • http://www.cheat-sheets.org/
  • http://blog.securitymonks.com/2009/08/15/whats-in-your-folder-security-cheat-sheets/

• Agile Hacking:
  • http://www.gnucitizen.org/blog/agile-hacking-a-homegrown-telnet-based-portscanner/
  • http://blog.commandlinekungfu.com/
  • http://www.securityaegis.com/simple-yet-effective-directory-bruteforcing/
  • http://isc.sans.edu/diary.html?storyid=2376
  • http://isc.sans.edu/diary.html?storyid=1229
  • http://ss64.com/nt/
  • http://pauldotcom.com/2010/02/running-a-command-on-every-mac.html
  • http://synjunkie.blogspot.com/2008/03/command-line-ninjitsu.html
  • http://www.zonbi.org/2010/06/09/wmic-the-other-other-white-meat/
  • http://rstcenter.com/forum/22324-hacking-without-tools-windows.rst
  • http://www.coresecurity.com/files/attachments/Core_Define_and_Win_Cmd_Line.pdf
  • http://www.scribd.com/Penetration-Testing-Ninjitsu2-Infrastructure-and-Netcat-without-Netcat/d/3064507
  • http://www.pentesterscripting.com/
  • http://www.sans.org/reading_room/whitepapers/hackers/windows-script-host-hack-windows_33583
  • http://www.blackhat.com/presentations/bh-dc-10/Bannedit/BlackHat-DC-2010-Bannedit-Advanced-Command-Injection-Exploitation-1-wp.pdf

• OS and Scripts:
  • http://en.wikipedia.org/wiki/IPv4_subnetting_reference
  • http://www.nixtutor.com/linux/all-the-best-linux-cheat-sheets/
  • http://shelldorado.com/shelltips/beginner.html
  • http://www.linuxsurvival.com/
  • http://mywiki.wooledge.org/BashPitfalls
  • http://rubular.com/
  • http://www.iana.org/assignments/port-numbers
  • http://www.robvanderwoude.com/ntadmincommands.php
  • http://www.nixtutor.com/linux/all-the-best-linux-cheat-sheets/

• Distros:
  • http://www.backtrack-linux.org/
  • http://www.matriux.com/
  • http://samurai.inguardians.com/
  • http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
  • https://pentoo.ch/
  • http://www.hackfromacave.com/articles_and_adventures/katana_v2_release.html
  • http://www.piotrbania.com/all/kon-boot/
  • http://www.linuxfromscratch.org/
  • http://sumolinux.suntzudata.com/
  • http://blog.0x0e.org/2009/11/20/pentesting-with-an-ubuntu-box/#comments
  • http://www.backbox.org/

• Test Sites:
  • http://www.webscantest.com/
  • http://crackme.cenzic.com/Kelev/view/home.php
  • http://zero.webappsecurity.com/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prod_sel.forte&source=Freebank&AD_REFERRING_URL=http://www.Freebank.com
  • http://testaspnet.vulnweb.com/
  • http://testasp.vulnweb.com/
  • http://testphp.vulnweb.com/
  • http://demo.testfire.net/
  • http://hackme.ntobjectives.com/

• Exploitation Intro:
  • http://myne-us.blogspot.com/2010/08/from-0x90-to-0x4c454554-journey-into.html
  • http://www.mgraziano.info/docs/stsi2010.pdf
  • http://www.abysssec.com/blog/2010/05/past-present-future-of-windows-exploitation/
  • http://www.ethicalhacker.net/content/view/122/2/
  • http://code.google.com/p/it-sec-catalog/wiki/Exploitation
  • http://x9090.blogspot.com/2010/03/tutorial-exploit-writting-tutorial-from.html
  • http://ref.x86asm.net/index.html

• Powershell Based Exploitation
  • https://github.com/PowerShellMafia/PowerSploit
  • https://github.com/samratashok/nishang
  • http://www.powershellempire.com/
  • http://blog.harmj0y.net/

• Passwords and Hashes:
  • http://www.irongeek.com/i.php?page=videos/password-exploitation-class
  • http://cirt.net/passwords
  • http://sinbadsecurity.blogspot.com/2008/10/ms-sql-server-password-recovery.html
  • http://www.foofus.net/~jmk/medusa/medusa-smbnt.html
  • http://www.foofus.net/?page_id=63
  • http://hashcrack.blogspot.com/
  • http://www.nirsoft.net/articles/saved_password_location.html
  • http://www.onlinehashcrack.com/
  • http://www.md5this.com/list.php?
  • http://www.virus.org/default-password
  • http://www.phenoelit-us.org/dpl/dpl.html
  • http://news.electricalchemy.net/2009/10/cracking-passwords-in-cloud.html

• Wordlists:
  • http://contest.korelogic.com/wordlists.html
  • http://packetstormsecurity.org/Crackers/wordlists/
  • http://www.skullsecurity.org/wiki/index.php/Passwords
  • http://www.ericheitzman.com/passwd/passwords/

• Pass the Hash:
  • http://www.sans.org/reading_room/whitepapers/testing/pass-the-hash-attacks-tools-mitigation_33283
  • http://www.sans.org/reading_room/whitepapers/testing/crack-pass-hash_33219
  • http://carnal0wnage.blogspot.com/2008/03/using-pash-hash-toolkit.html

• MiTM:
  • http://www.giac.org/certified_professionals/practicals/gsec/0810.php
  • http://www.linuxsecurity.com/docs/PDF/dsniff-n-mirror.pdf
  • http://www.cs.uiuc.edu/class/sp08/cs498sh/slides/dsniff.pdf
  • http://www.techvibes.com/blog/a-hackers-story-let-me-tell-you-just-how-easily-i-can-steal-your-personal-data
  • http://www.mindcenter.net/uploads/ECCE101.pdf
  • http://toorcon.org/pres12/3.pdf
  • http://media.techtarget.com/searchUnifiedCommunications/downloads/Seven_Deadliest_UC_Attacks_Ch3.pdf
  • http://packetstormsecurity.org/papers/wireless/cracking-air.pdf
  • http://www.blackhat.com/presentations/bh-europe-03/bh-europe-03-valleri.pdf
  • http://www.oact.inaf.it/ws-ssri/Costa.pdf
  • http://www.defcon.org/images/defcon-17/dc-17-presentations/defcon-17-sam_bowne-hijacking_web_2.0.pdf
  • http://mcafeeseminar.com/focus/downloads/Live_Hacking.pdf
  • http://www.seanobriain.com/docs/PasstheParcel-MITMGuide.pdf
  • http://www.more.net/sites/default/files/2010JohnStrandKeynote.pdf
  • http://www.leetupload.com/database/Misc/Papers/Asta%20la%20Vista/18.Ettercap_Spoof.pdf
  • http://bandwidthco.com/whitepapers/netforensics/arp/EtterCap%20ARP%20Spoofing%20&%20Beyond.pdf
  • http://bandwidthco.com/whitepapers/netforensics/arp/Fun%20With%20EtterCap%20Filters.pdf
  • http://www.iac.iastate.edu/iasg/libarchive/0910/The_Magic_of_Ettercap/The_Magic_of_Ettercap.pdf
  • http://articles.manugarg.com/arp_spoofing.pdf
  • http://academy.delmar.edu/Courses/ITSY2430/eBooks/Ettercap(ManInTheMiddleAttack-tool).pdf
  • http://www.ucci.it/docs/ICTSecurity-2004-26.pdf
  • http://web.mac.com/opticrealm/iWeb/asurobot/My%20Cyber%20Attack%20Papers/My%20Cyber%20Attack%20Papers_files/ettercap_Nov_6_2005-1.pdf
  • http://blog.spiderlabs.com/2010/12/thicknet.html
  • http://www.hackyeah.com/2010/10/ettercap-filters-with-metasploit-browser_autopwn/
  • http://www.go4expert.com/forums/showthread.php?t=11842
  • http://www.irongeek.com/i.php?page=security/ettercapfilter
  • http://openmaniak.com/ettercap_filter.php
  • http://www.irongeek.com/i.php?page=videos/dns-spoofing-with-ettercap-pharming
  • http://www.irongeek.com/i.php?page=videos/ettercap-plugins-find-ip-gw-discover-isolate
  • http://www.irongeek.com/i.php?page=videos/ettercapfiltervid1
  • http://spareclockcycles.org/2010/06/10/sergio-proxy-released/

• Metadata:
  • http://www.sans.org/reading_room/whitepapers/privacy/document-metadata-silent-killer_32974
  • http://lcamtuf.coredump.cx/strikeout/
  • http://www.sno.phy.queensu.ca/~phil/exiftool/
  • http://www.edge-security.com/metagoofil.php
  • http://www.darkoperator.com/blog/2009/4/24/metadata-enumeration-with-foca.html

• Google Hacking:
  • http://www.stachliu.com/index.php/resources/tools/google-hacking-diggity-project/
  • http://midnightresearch.com/projects/search-engine-assessment-tool/#downloads
  • http://sqid.rubyforge.org/#next
  • http://voidnetwork.org/5ynL0rd/darkc0de/python_script/dorkScan.html

• Web:
  • http://www.bindshell.net/tools/beef
  • http://blindelephant.sourceforge.net/
  • http://xsser.sourceforge.net/
  • http://sourceforge.net/projects/rips-scanner/
  • http://www.divineinvasion.net/authforce/
  • http://andlabs.org/tools.html#sotf
  • http://www.taddong.com/docs/Browser_Exploitation_for_Fun&Profit_Taddong-RaulSiles_Nov2010_v1.1.pdf
  • http://carnal0wnage.blogspot.com/2007/07/using-sqid-sql-injection-digger-to-look.html
  • http://code.google.com/p/pinata-csrf-tool/
  • http://xsser.sourceforge.net/#intro
  • http://www.contextis.co.uk/resources/tools/clickjacking-tool/
  • http://packetstormsecurity.org/files/view/69896/unicode-fun.txt
  • http://sourceforge.net/projects/ws-attacker/files/
  • https://github.com/koto/squid-imposter

• Attack Strings:
  • http://code.google.com/p/fuzzdb/
  • http://www.owasp.org/index.php/Category:OWASP_Fuzzing_Code_Database#tab=Statements

• Shells:
  • http://sourceforge.net/projects/yokoso/
  • http://sourceforge.net/projects/ajaxshell/

• Scanners:
  • http://w3af.sourceforge.net/
  • http://code.google.com/p/skipfish/
  • http://sqlmap.sourceforge.net/
  • http://sqid.rubyforge.org/#next
  • http://packetstormsecurity.org/UNIX/scanners/XSSscan.py.txt
  • http://code.google.com/p/fimap/wiki/WindowsAttack
  • http://code.google.com/p/fm-fsf/

• Proxies:
  • http://www.sans.org/reading_room/whitepapers/testing/fuzzing-approach-credentials-discovery-burp-intruder_33214
  • http://www.gdssecurity.com/l/b/2010/08/10/constricting-the-web-the-gds-burp-api/
  • http://sourceforge.net/projects/belch/files/
  • http://www.securityninja.co.uk/application-security/burp-suite-tutorial-repeater-and-comparer-tools
  • http://blog.ombrepixel.com/
  • http://andlabs.org/tools.html#dser
  • http://feoh.tistory.com/22
  • http://www.sensepost.com/labs/tools/pentest/reduh
  • http://www.owasp.org/index.php/OWASP_WebScarab_NG_Project
  • http://intrepidusgroup.com/insight/mallory/
  • http://www.fiddler2.com/fiddler2/
  • http://websecuritytool.codeplex.com/documentation?referringTitle=Home
  • http://translate.google.com/translate?hl=en&sl=es&u=http://xss.codeplex.com/releases/view/43170&prev=/search%3Fq%3Dhttp://www.hackingeek.com/2010/08/x5s-encuentra-fallos-xss-lfi-rfi-en-tus.html%26hl%3Den&rurl=translate.google.com&twu=1

• Social Engineering: (I will be adding to this quite a bit in the near future)
  • https://www.youtube.com/watch?v=LMu_md_5PQ4 – Pretty good lecture on Charisma
  • http://modernmachiavelli.com/psychological-manipulation-techniques/ – Large list of techniques.
  • https://www.helpnetsecurity.com/2016/05/19/social-engineer/ – Great Article on Jayson E. Street
  • http://www.secmaniac.com/
  • https://www.phishingfrenzy.com/
    • SatoriPrime Podcast three part breakdown of Joe Navarro’s book “What every body is saying.”
      • Part 1: – https://www.youtube.com/watch?v=cGZTa8fZbuU
      • Part 2: – https://www.youtube.com/watch?v=hCUKNiHDHhQ
      • Part 3: – https://www.youtube.com/watch?v=tOVPqgKnbw8
    • Quick reference sheet on the subject of body language:
      • http://www.ohiotesolmoodle.org/2010/handouts/f/f60_What%20every%20Body%20is%20saying.pdf

• Password:
  • http://nmap.org/ncrack/
  • http://www.foofus.net/~jmk/medusa/medusa.html
  • http://www.openwall.com/john/
  • http://ophcrack.sourceforge.net/
  • http://blog.0x3f.net/tool/keimpx-in-action/
  • http://code.google.com/p/keimpx/
  • http://sourceforge.net/projects/hashkill/

• Metasploit:
  • http://www.indepthdefense.com/2009/02/reverse-pivots-with-metasploit-how-not.html
  • http://code.google.com/p/msf-hack/wiki/WmapNikto
  • http://www.indepthdefense.com/2009/01/metasploit-visual-basic-payloads-in.html
  • http://seclists.org/metasploit/
  • http://pauldotcom.com/2010/03/nessus-scanning-through-a-meta.html
  • http://meterpreter.illegalguy.hostzi.com/
  • http://blog.metasploit.com/2010/03/automating-metasploit-console.html
  • http://www.workrobot.com/sansfire2009/561.html
  • http://www.securitytube.net/video/711
  • http://en.wikibooks.org/wiki/Metasploit/MeterpreterClient#download
  • http://milo2012.wordpress.com/2009/09/27/xlsinjector/
  • http://www.fastandeasyhacking.com/
  • http://trac.happypacket.net/
  • http://www.blackhat.com/presentations/bh-dc-10/Ames_Colin/BlackHat-DC-2010-colin-david-neurosurgery-with-meterpreter-wp.pdf
  • http://www.blackhat.com/presentations/bh-dc-10/Egypt/BlackHat-DC-2010-Egypt-UAV-slides.pdf

• MSF Exploits or Easy:
  • http://www.nessus.org/plugins/index.php?view=single&id=12204
  • http://www.nessus.org/plugins/index.php?view=single&id=11413
  • http://www.nessus.org/plugins/index.php?view=single&id=18021
  • http://www.nessus.org/plugins/index.php?view=single&id=26918
  • http://www.nessus.org/plugins/index.php?view=single&id=34821
  • http://www.nessus.org/plugins/index.php?view=single&id=22194
  • http://www.nessus.org/plugins/index.php?view=single&id=34476
  • http://www.nessus.org/plugins/index.php?view=single&id=25168
  • http://www.nessus.org/plugins/index.php?view=single&id=19408
  • http://www.nessus.org/plugins/index.php?view=single&id=21564
  • http://www.nessus.org/plugins/index.php?view=single&id=10862
  • http://www.nessus.org/plugins/index.php?view=single&id=26925
  • http://www.nessus.org/plugins/index.php?view=single&id=29314
  • http://www.nessus.org/plugins/index.php?view=single&id=23643
  • http://www.nessus.org/plugins/index.php?view=single&id=12052
  • http://www.nessus.org/plugins/index.php?view=single&id=12052
  • http://www.nessus.org/plugins/index.php?view=single&id=34477
  • http://www.nessus.org/plugins/index.php?view=single&id=15962
  • http://www.nessus.org/plugins/index.php?view=single&id=42106
  • http://www.nessus.org/plugins/index.php?view=single&id=15456
  • http://www.nessus.org/plugins/index.php?view=single&id=21689
  • http://www.nessus.org/plugins/index.php?view=single&id=12205
  • http://www.nessus.org/plugins/index.php?view=single&id=22182
  • http://www.nessus.org/plugins/index.php?view=single&id=26919
  • http://www.nessus.org/plugins/index.php?view=single&id=26921
  • http://www.nessus.org/plugins/index.php?view=single&id=21696
  • http://www.nessus.org/plugins/index.php?view=single&id=40887
  • http://www.nessus.org/plugins/index.php?view=single&id=10404
  • http://www.nessus.org/plugins/index.php?view=single&id=18027
  • http://www.nessus.org/plugins/index.php?view=single&id=19402
  • http://www.nessus.org/plugins/index.php?view=single&id=11790
  • http://www.nessus.org/plugins/index.php?view=single&id=12209
  • http://www.nessus.org/plugins/index.php?view=single&id=10673

• NSE:
  • http://www.securitytube.net/video/931
  • http://nmap.org/nsedoc/

• Net Scanners and Scripts:
  • http://nmap.org/
  • http://asturio.gmxhome.de/software/sambascan2/i.html
  • http://www.softperfect.com/products/networkscanner/
  • http://www.openvas.org/
  • http://tenable.com/products/nessus
  • http://www.rapid7.com/vulnerability-scanner.jsp
  • http://www.eeye.com/products/retina/community

• Post Exploitation:
  • http://www.awarenetwork.org/home/rattle/source/python/exe2bat.py
  • http://www.phx2600.org/archive/2008/08/29/metacab/
  • http://www.room362.com/blog/2011/9/6/post-exploitation-command-lists.html

• Netcat:
  • http://readlist.com/lists/insecure.org/nmap-dev/1/7779.html
  • http://www.radarhack.com/tutorial/ads.pdf
  • http://www.infosecwriters.com/text_resources/pdf/Netcat_for_the_Masses_DDebeer.pdf
  • http://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf
  • http://www.dest-unreach.org/socat/
  • http://www.antionline.com/archive/index.php/t-230603.html
  • http://technotales.wordpress.com/2009/06/14/netcat-tricks/
  • http://seclists.org/nmap-dev/2009/q1/581
  • http://www.terminally-incoherent.com/blog/2007/08/07/few-useful-netcat-tricks/
  • http://www.inguardians.com/research/docs/Skoudis_pentestsecrets.pdf
  • http://gse-compliance.blogspot.com/2008/07/netcat.html

• Source Inspection:
  • http://www.justanotherhacker.com/projects/graudit.html
  • http://code.google.com/p/javasnoop/

• Firefox Addons:
  • https://addons.mozilla.org/id/firefox/collections/byrned/pentesting/?page=8
  • https://addons.mozilla.org/en-US/firefox/addon/osvdb/
  • https://addons.mozilla.org/en-US/firefox/addon/packet-storm-search-plugin/
  • https://addons.mozilla.org/en-US/firefox/addon/default-passwords-cirtne-58786/
  • https://addons.mozilla.org/en-US/firefox/addon/offsec-exploit-db-search/
  • https://addons.mozilla.org/en-US/firefox/addon/oval-repository-search-plugin/
  • https://addons.mozilla.org/en-US/firefox/addon/cve-dictionary-search-plugin/
  • https://addons.mozilla.org/en-US/firefox/addon/hackbar/

• Tool Listings:
  • http://packetstormsecurity.org/files/tags/tool
  • http://tools.securitytube.net/index.php?title=Main_Page

• Training/Tutorials/Classes:
  • http://fuzzysecurity.com/tutorials.html
  • http://pentest.cryptocity.net/
  • http://www.irongeek.com/i.php?page=videos/network-sniffers-class
  • http://samsclass.info/124/124_Sum09.shtml
  • http://www.cs.ucsb.edu/~vigna/courses/cs279/
  • http://crypto.stanford.edu/cs142/
  • http://crypto.stanford.edu/cs155/
  • http://cseweb.ucsd.edu/classes/wi09/cse227/
  • http://www-inst.eecs.berkeley.edu/~cs161/sp11/
  • http://security.ucla.edu/pages/Security_Talks
  • http://www.cs.rpi.edu/academics/courses/spring10/csci4971/
  • http://cr.yp.to/2004-494.html
  • http://www.ece.cmu.edu/~dbrumley/courses/18732-f09/
  • https://noppa.tkk.fi/noppa/kurssi/t-110.6220/luennot
  • http://stuff.mit.edu/iap/2009/#websecurity

• Metasploit:
  • http://www.offensive-security.com/metasploit-unleashed/Metasploit_Unleashed_Information_Security_Training
  • http://www.irongeek.com/i.php?page=videos/metasploit-class
  • http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,6158.0/
  • http://www.ustream.tv/recorded/13396511
  • http://www.ustream.tv/recorded/13397426
  • http://www.ustream.tv/recorded/13398740
• Programming:
• Python:
• http://code.google.com/edu/languages/google-python-class/index.html
• http://www.swaroopch.com/notes/Python_en:Table_of_Contents
• http://www.thenewboston.com/?cat=40&pOpen=tutorial
• http://showmedo.com/videotutorials/python
• http://www.catonmat.net/blog/learning-python-programming-language-through-video-lectures/

• Ruby:
  • http://www.tekniqal.com/

• Other Misc:
  • http://www.cs.sjtu.edu.cn/~kzhu/cs490/
  • https://noppa.tkk.fi/noppa/kurssi/t-110.6220/luennot/
  • http://i-web.i.u-tokyo.ac.jp/edu/training/ss/lecture/new-documents/Lectures/
  • http://resources.infosecinstitute.com/
  • http://vimeo.com/user2720399

• Web Vectors
• SQLi:
  • http://pentestmonkey.net/blog/mssql-sql-injection-cheat-sheet/
  • http://isc.sans.edu/diary.html?storyid=9397
  • http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/
  • http://www.evilsql.com/main/index.php
  • http://xd-blog.com.ar/descargas/manuales/bugs/full-mssql-injection-pwnage.html
  • http://securityoverride.com/articles.php?article_id=1&article=The_Complete_Guide_to_SQL_Injections
  • http://websec.wordpress.com/2010/03/19/exploiting-hard-filtered-sql-injections/
  • http://sqlzoo.net/hack/
  • http://www.sqlteam.com/article/sql-server-versions
  • http://www.krazl.com/blog/?p=3
  • http://www.owasp.org/index.php/Testing_for_MS_Access
  • http://web.archive.org/web/20101112061524/http://seclists.org/pen-test/2003/May/0074.html
  • http://web.archive.org/web/20080822123152/http://www.webapptest.org/ms-access-sql-injection-cheat-sheet-EN.html

• Joe McCray – Advanced SQL Injection – LayerOne 2009
  • http://layerone.info/archives/2009/Joe%20McCray%20-%20Advanced%20SQL%20Injection%20-%20L1%202009.pdf
  • http://sla.ckers.org/forum/read.php?24,33903
  • http://websec.files.wordpress.com/2010/11/sqli2.pdf
  • http://old.justinshattuck.com/2007/01/18/mysql-injection-cheat-sheet/
  • http://ha.ckers.org/sqlinjection/
  • http://lab.mediaservice.net/notes_more.php?id=MSSQL

• Upload Tricks:
  • http://www.google.com/#hl=en&q=bypassing+upload+file+type&start=40&sa=N&fp=a2bb30ecf4f91972
  • http://blog.skeptikal.org/2009/11/adobe-responds-sort-of.html
  • http://blog.insicdesigns.com/2009/01/secure-file-upload-in-php-web-applications/
  • http://perishablepress.com/press/2006/01/10/stupid-htaccess-tricks/
  • http://ex.ploit.net/f20/tricks-tips-bypassing-image-uploaders-t3hmadhatt3r-38/
  • http://www.ravenphpscripts.com/article2974.html
  • http://www.acunetix.com/cross-site-scripting/scanner.htm
  • http://www.vupen.com/english/advisories/2009/3634
  • http://msdn.microsoft.com/en-us/library/aa478971.aspx
  • http://dev.tangocms.org/issues/237
  • http://seclists.org/fulldisclosure/2006/Jun/508
  • http://www.gnucitizen.org/blog/cross-site-file-upload-attacks/
  • http://www.ipolicynetworks.com/technology/files/TikiWiki_jhot.php_Script_File_Upload_Security_Bypass_Vulnerability.html
  • http://shsc.info/FileUploadSecurity

• LFI/RFI:
  • http://pastie.org/840199
  • http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/
  • http://www.notsosecure.com/folder2/2010/08/20/lfi-code-exec-remote-root/?utm_source=twitterfeed&utm_medium=twitter
  • http://labs.neohapsis.com/2008/07/21/local-file-inclusion-%E2%80%93-tricks-of-the-trade/
  • http://www.digininja.org/blog/when_all_you_can_do_is_read.php

• XSS:
  • http://www.infosecwriters.com/hhworld/hh8/csstut.htm
  • http://www.technicalinfo.net/papers/CSS.html
  • http://msmvps.com/blogs/alunj/archive/2010/07/07/1773441.aspx
  • http://forum.intern0t.net/web-hacking-war-games/112-cross-site-scripting-attack-defense-guide.html
  • https://media.blackhat.com/bh-eu-10/presentations/Lindsay_Nava/BlackHat-EU-2010-Lindsay-Nava-IE8-XSS-Filters-slides.pdf
  • http://sirdarckcat.blogspot.com/2009/08/our-favorite-xss-filters-and-how-to.html
  • http://www.securityaegis.com/filter-evasion-houdini-on-the-wire/
  • http://heideri.ch/jso/#javascript
  • http://www.reddit.com/r/xss/
  • http://sla.ckers.org/forum/list.php?2

• Coldfusion:
  • http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/
  • http://zastita.com/02114/Attacking_ColdFusion..html
  • http://www.nosec.org/2010/0809/629.html
  • http://h30507.www3.hp.com/t5/Following-the-White-Rabbit-A/Adobe-ColdFusion-s-Directory-Traversal-Disaster/ba-p/81964
  • http://cfunited.com/2009/files/presentations/254_ShlomyGantz_August2009_HackProofingColdFusion.pdf

• Sharepoint:
  • http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,6131.msg32678/#msg32678

• Lotus:
  • http://blog.ombrepixel.com/post/2009/05/06/Lotus-Notes/Domino-Security
  • http://seclists.org/pen-test/2002/Nov/43
  • http://www.sectechno.com/2010/07/12/hacking-lotus-domino/?
• JBoss:
  • http://www.nruns.com/_downloads/Whitepaper-Hacking-jBoss-using-a-Browser.pdf
  • http://blog.mindedsecurity.com/2010/04/good-bye-critical-jboss-0day.html

• VMWare Web:
  • http://www.metasploit.com/modules/auxiliary/scanner/http/vmware_server_dir_trav

• Oracle App Servers:
  • http://www.hideaway.net/2007/07/hacking-oracle-application-servers.html
  • http://www.owasp.org/index.php/Testing_for_Oracle
  • http://www.ngssoftware.com/services/software-products/internet-security/orascan.aspx
  • http://www.ngssoftware.com/services/software-products/Database-Security/NGSSQuirreLOracle.aspx
  • http://www.ngssoftware.com/papers/hpoas.pdf

• SAP:
  • http://www.onapsis.com/research.html#bizploit
  • http://marc.info/?l=john-users&m=121444075820309&w=2
  • http://www.phenoelit-us.org/whatSAP/index.html

• Wireless:
  • http://code.google.com/p/pyrit/

Vulnerable Web Applications

===========================================================

• OWASP BWA http://code.google.com/p/owaspbwa/
• OWASP Hackademic    http://hackademic1.teilar.gr/
• OWASP SiteGenerator  https://www.owasp.org/index.php/Owasp_SiteGenerator
• OWASP Bricks http://sourceforge.net/projects/owaspbricks/
• OWASP Security Shepherd       https://www.owasp.org/index.php/OWASP_Security_Shepherd
• Damn Vulnerable Web App (DVWA)    http://www.dvwa.co.uk/
• Damn Vulnerable Web Services (DVWS)            http://dvws.professionallyevil.com/
• WebGoat.NET   https://github.com/jerryhoff/WebGoat.NET/
• PentesterLab https://pentesterlab.com/
• Butterfly Security Project          http://thebutterflytmp.sourceforge.net/
• Foundstone Hackme Bank        http://www.mcafee.com/us/downloads/free-tools/hacme-bank.aspx
• Foundstone Hackme Books      http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx
• Foundstone Hackme Casino     http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx
• Foundstone Hackme Shipping http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx
• Foundstone Hackme Travel      http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx
• LAMPSecurity http://sourceforge.net/projects/lampsecurity/
• Moth http://www.bonsai-sec.com/en/research/moth.php
• WackoPicko     https://github.com/adamdoupe/WackoPicko
• BadStore          http://www.badstore.net/
• WebSecurity Dojo        http://www.mavensecurity.com/web_security_dojo/
• BodgeIt Store http://code.google.com/p/bodgeit/
• hackxor             http://hackxor.sourceforge.net/cgi-bin/index.pl
• SecuriBench    http://suif.stanford.edu/~livshits/securibench/
• SQLol https://github.com/SpiderLabs/SQLol
• CryptOMG       https://github.com/SpiderLabs/CryptOMG
• XMLmao           https://github.com/SpiderLabs/XMLmao
• Exploit KB Vulnerable Web App http://exploit.co.il/projects/vuln-web-app/
• PHDays iBank CTF         http://blog.phdays.com/2012/05/once-again-about-remote-banking.html
• GameOver       http://sourceforge.net/projects/null-gameover/
• Zap WAVE        http://code.google.com/p/zaproxy/downloads/detail?name=zap-wave-0.1.zip
• PuzzleMall       http://code.google.com/p/puzzlemall/
• VulnApp           http://www.nth-dimension.org.uk/blog.php?id=88
• sqli-labs             https://github.com/Audi-1/sqli-labs
• Drunk Admin Web Hacking Challenge https://bechtsoudis.com/work-stuff/challenges/drunk-admin-web-hacking-challenge/
• bWAPP http://www.mmeit.be/bwapp/
• http://sourceforge.net/projects/bwapp/files/bee-box/
• NOWASP / Mutillidae 2 http://sourceforge.net/projects/mutillidae/
• SocketToMe   http://digi.ninja/projects/sockettome.php
• WAVSEP https://github.com/sectooladdict/wavsep
• http://www.oldapps.com/
• http://www.oldversion.com/
• http://www.exploit-db.com/webapps/
• http://code.google.com/p/wavsep/downloads/list
• http://www.owasp.org/index.php/Owasp_SiteGenerator
• http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx
• http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx
• http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx
• http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx

Vulnerable Operating System Installations

===========================================================

• https://exploit-exercises.com –  A great VM/Tutorial site.
• http://www.vulnhub.com – good place to find vulnerable VMs to load up and practice hacking (a must have for lab building)
• Damn Vulnerable Linux http://sourceforge.net/projects/virtualhacking/files/os/dvl/
• Metasploitable http://sourceforge.net/projects/virtualhacking/files/os/metasploitable/
• LAMPSecurity http://sourceforge.net/projects/lampsecurity/
• UltimateLAMP  http://www.amanhardikar.com/mindmaps/practice-links.html
• heorot: DE-ICE, hackerdemia   http://hackingdojo.com/downloads/iso/De-ICE_S1.100.iso
• http://hackingdojo.com/downloads/iso/De-ICE_S1.110.iso
• http://hackingdojo.com/downloads/iso/De-ICE_S1.120.iso
• http://hackingdojo.com/downloads/iso/De-ICE_S2.100.iso
• hackerdemia – http://hackingdojo.com/downloads/iso/De-ICE_S1.123.iso
• pWnOS http://www.pwnos.com/
• Holynix http://sourceforge.net/projects/holynix/files/
• Kioptrix http://www.kioptrix.com/blog/
• exploit-exercises – nebula, protostar, fusion   http://exploit-exercises.com/download
• PenTest Laboratory     http://pentestlab.org/lab-in-a-box/
• RebootUser Vulnix       http://www.rebootuser.com/?page_id=1041
• neutronstar     http://neutronstar.org/goatselinux.html
• scriptjunkie.us  http://www.scriptjunkie.us/2012/04/the-hacker-games/
• 21LTR http://21ltr.com/scenes/
• SecGame # 1: Sauron http://sg6-labs.blogspot.co.uk/2007/12/secgame-1-sauron.html
• Pentester Lab https://www.pentesterlab.com/exercises
• Vulnserver       http://www.thegreycorner.com/2010/12/introducing-vulnserver.html
• TurnKey Linux   http://www.turnkeylinux.org/
• Bitnami https://bitnami.com/stacks
• Elastic Server http://elasticserver.com
• CentOS http://www.centos.org/
• http://sourceforge.net/projects/websecuritydojo/
• http://code.google.com/p/owaspbwa/wiki/ProjectSummary
• http://heorot.net/livecds/
• http://informatica.uv.es/~carlos/docencia/netinvm/
• http://www.bonsai-sec.com/en/research/moth.php
• http://blog.metasploit.com/2010/05/introducing-metasploitable.html
• http://pynstrom.net/holynix.php
• http://gnacktrack.co.uk/download.php
• http://sourceforge.net/projects/lampsecurity/files/
• https://www.hacking-lab.com/news/newspage/livecd-v4.3-available.html
• http://sourceforge.net/projects/virtualhacking/files/
• http://www.badstore.net/
• http://www.irongeek.com/i.php?page=security/mutillidae-deliberately-vulnerable-php-owasp-top-10
• http://www.dvwa.co.uk/
• http://sourceforge.net/projects/thebutterflytmp/

Sites for Downloading Older Versions of Various Software

===========================================================

• Exploit-DB        http://www.exploit-db.com/
• Old Version     http://www.oldversion.com/
• Old Apps           http://www.oldapps.com/
• VirtualHacking Repo    http://www.sourceforge.net/projects/virtualhacking/files/apps%40realworld/

Sites by Vendors of Security Testing Software

===========================================================

• Acunetix acuforum      http://testasp.vulnweb.com/
• Acunetix acublog          http://testaspnet.vulnweb.com/
• Acunetix acuart http://testphp.vulnweb.com/
• Cenzic crackmebank    http://crackme.cenzic.com
• HP freebank    http://zero.webappsecurity.com
• IBM altoromutual         http://demo.testfire.net/
• Mavituna testsparker http://aspnet.testsparker.com
• Mavituna testsparker http://php.testsparker.com
• NTOSpider Test Site     http://www.webscantest.com/
• Subgraph open source security company https://subgraph.com/

Sites for Improving Your Hacking Skills

===========================================================

• EnigmaGroup http://www.enigmagroup.org/
• Exploit Exercises            http://exploit-exercises.com/
• Google Gruyere            http://google-gruyere.appspot.com/
• Gh0st Lab         http://www.gh0st.net/
• Hack This Site http://www.hackthissite.org/
• HackThis           http://www.hackthis.co.uk/
• HackQuest       http://www.hackquest.com/
• Hack.me           https://hack.me
• Hacking-Lab     https://www.hacking-lab.com
• Hacker Challenge          http://www.dareyourmind.net/
• Hacker Test     http://www.hackertest.net/
• hACME Game http://www.hacmegame.org/
• Hax.Tor http://hax.tor.hu/
• OverTheWire http://www.overthewire.org/wargames/
• PentestIT         http://www.pentestit.ru/en/
• pwn0 https://pwn0.com/home.php
• RootContest   http://rootcontest.com/
• Root Me           http://www.root-me.org/?lang=en
• Security Treasure Hunt  http://www.securitytreasurehunt.com/
• Smash The Stack           http://www.smashthestack.org/
• TheBlackSheep and Erik             http://www.bright-shadows.net/
• ThisIsLegal       http://thisislegal.com/
• Try2Hack           http://www.try2hack.nl/
• WabLab             http://www.wablab.com/hackme
• XSS: Can You XSS This?  http://canyouxssthis.com/HTMLSanitizer/
• XSS: ProgPHP http://xss.progphp.com/

CTF Sites / Archives

===========================================================

• CTFtime (Details of CTF Challenges)      http://ctftime.org/ctfs/
• shell-storm Repo – http://shell-storm.org/repo/CTF/
• CAPTF Repo – http://captf.com/
• Organizing CTF Events:
• https://github.com/pwning/docs/blob/master/suggestions-for-running-a-ctf.markdown
• https://trailofbits.github.io/ctf/
• http://captf.com/
• https://www.wechall.net/
• https://ctftime.org/
• http://intruded.net/
• http://smashthestack.org/
• http://flack.hkpco.kr/
• http://ctf.hcesperer.org/
• http://ictf.cs.ucsb.edu/
• http://capture.thefl.ag/calendar/
• https://github.com/facebook/fbctf

Mobile Apps

===========================================================

• ExploitMe Mobile Android Labs http://securitycompass.github.io/AndroidLabs/
• ExploitMe Mobile iPhone Labs   http://securitycompass.github.io/iPhoneLabs/
• OWASP iGoat http://code.google.com/p/owasp-igoat/
• OWASP Goatdroid        https://github.com/jackMannino/OWASP-GoatDroid-Project
• Damn Vulnerable iOS App (DVIA)          http://damnvulnerableiosapp.com/
• Damn Vulnerable Android App (DVAA)  https://code.google.com/p/dvaa/
• Damn Vulnerable FirefoxOS Application (DVFA) https://github.com/pwnetrationguru/dvfa/
• NcN Wargame   http://noconname.org/evento/wargame/
• Hacme Bank Android   http://www.mcafee.com/us/downloads/free-tools/hacme-bank-android.aspx
• InsecureBank http://www.paladion.net/downloadapp.html
• Mobile forensic hardware shop http://shop.cellebrite.com/accessories.html

Interesting Apps/Scripts/Programs

===========================================================

• List of network sec apps –https://wiki.archlinux.org/index.php/List_of_applications#Network_security
• Lynis app (Security auditing tool and assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening.)- https://cisofy.com/lynis/ or https://github.com/CISOfy/Lynis
• iptraf-ng – ip traffic monitor – https://fedorahosted.org/iptraf-ng/
• ngrep – network grep – http://ngrep.sourceforge.net/
• Veil framework – https://www.veil-framework.com/
• Check sums of downloaded files on different OSs – https://superuser.com/questions/699014/how-to-make-sure-a-downloaded-iso-matches-a-hash-value
• AFICK (Another File Integrity ChecKer) – http://afick.sourceforge.net/
• Hashcat – Worlds fastest password cracker – https://hashcat.net/oclhashcat/
• Pantomjs – PhantomJS is a headless WebKit scriptable with a JavaScript API. It has fast and native support for various web standards: DOM handling, CSS selector, JSON, Canvas, and SVG.-http://phantomjs.org/
• CUPP source – Common User Passwords Profiler – https://github.com/Mebus/cupp
• Js kill switch (A solution to proventing website code thievery) – http://menacingcloud.com/?c=ajaxKillSwitch2
• IDA (Interactive Disassembler & Debugger) – https://www.hex-rays.com/products/ida/

Products/Appliances

===========================================================

• pfsense – https://www.pfsense.org/
• FireEye – https://www2.fireeye.com

Part two in click here