Pentesting Massive Bible Resources Version 1

PENTESTING-BIBLE

Hundreds of ethical hacking & Penetration testing & Red team & Cyber security & Computer Science resources.

ALMOST 1000 PDF FILES ABOUT DIFFERENT FIELDS OF HACKING .

-1- 3 Ways Extract Password Hashes from NTDS.dit:

https://www.hackingarticles.in/3-ways-extract-password-hashes-from-ntds-dit

-2- 3 ways to Capture HTTP Password in Network PC:

https://www.hackingarticles.in/3-ways-to-capture-http-password-in-network-pc/

-3- 3 Ways to Crack Wifi using Pyrit,oclHashcat and Cowpatty:

www.hackingarticles.in/3-ways-crack-wifi-using-pyrit-oclhashcat-cowpatty/

-4-BugBounty @ Linkedln-How I was able to bypass Open Redirection Protection:

-5-BugBounty — “Let me reset your password and login into your account “-How I was able to Compromise any User Account via Reset Password Functionality:

https://medium.com/p/a11bb5f863b3/share/twitter

-6-“Journey from LFI to RCE!!!”-How I was able to get the same in one of the India’s popular property buy/sell company:

-7-BugBounty — “I don’t need your current password to login into your account” - How could I completely takeover any user’s account in an online classi ed ads company:

-8-BugBounty — “How I was able to shop for free!”- Payment Price Manipulation:

-9-Recon — my way:

-10-Reconnaissance: a eulogy in three acts:

-11-Red-Teaming-Toolkit:

-12-Red Team Tips:

https://vincentyiu.co.uk/

-13-Shellcode: A reverse shell for Linux in C with support for TLS/SSL:

-14-Shellcode: Encrypting traffic:

-15-Penetration Testing of an FTP Server:

https://medium.com/p/19afe538be4b

-16-Reverse Engineering of the Anubis Malware — Part 1:

-17-Privilege Escalation on Linux with Live examples:

-18-Pentesting Cheatsheets:

-19-Powershell Payload Delivery via DNS using Invoke-PowerCloud:

https://ired.team/offensive-security-experiments/payload-delivery-via-dns-using-invoke-powercloud

-20-SMART GOOGLE SEARCH QUERIES TO FIND VULNERABLE SITES – LIST OF 4500+ GOOGLE DORKS:

-21-SQL Injection Cheat Sheet:

https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet/

-22-SQLmap’s os-shell + Backdooring website with Weevely:

https://medium.com/p/8cb6dcf17fa4

-23-SQLMap Tamper Scripts (SQL Injection and WAF bypass) Tips:

-24-Top 10 Essential NMAP Scripts for Web App Hacking:

-25-BugBounty — How I was able to download the Source Code of India’s Largest Telecom Service Provider including dozens of more popular websites!:

-26-Re ected XSS Bypass Filter:

-27-XSS Payloads, getting past alert(1):

-28-XS-Searching Google’s bug tracker to find out vulnerable source code Or how side-channel timing attacks aren’t that impractical:

-29-Web Application Firewall (WAF) Evasion Techniques:

https://medium.com/@themiddleblue/web-application-firewall-waf-evasion-techniques

-30-OSINT Resources for 2019:

-31-The OSINT Toolkit:

-32-OSINT : Chasing Malware + C&C Servers:

-33-OSINT tool for visualizing relationships between domains, IPs and email addresses:

-34-From OSINT to Internal – Gaining Access from outside the perimeter:

-35-Week in OSINT #2018–35:

-36-Week in OSINT #2019–14:

-37-Instagram OSINT | What A Nice Picture:

-38-awesome-osint:

-39-OSINT_Team_Links:

-40-Open-Source Intelligence (OSINT) Reconnaissance:

-41-Hacking Cryptocurrency Miners with OSINT Techniques:

-42-A penetration tester’s guide to sub- domain enumeration:

-43-Packages that actively seeks vulnerable exploits in the wild. More of an umbrella group for similar packages:

https://blackarch.org/recon.html

-44-What tools I use for my recon during BugBounty:

-45-Command and Control – DNS:

-46-Command and Control – WebDAV:

-47-Command and Control – Twitter:

-48-Command and Control – Kernel:

-49-Source code disclosure via exposed .git folder:

https://pentester.land/tutorials/.../source-code-disclosure-via-exposed-git-folder.html

-50-Pentesting Cheatsheet:

-51-Windows Userland Persistence Fundamentals:

https://www.fuzzysecurity.com/tutorials/19.html

-52-A technique that a lot of SQL injection beginners don’t know | Atmanand Nagpure write-up:

-53-awesome-bug-bounty:

-54-dostoevsky-pentest-notes:

-55-awesome-pentest:

-56-awesome-windows-exploitation:

https://github.com/enddo/awesome-windows-exploitation

-57-awesome-exploit-development:

-58-BurpSuit + SqlMap = One Love:

-59-Crack WPA/WPA2 Wi-Fi Routers with Aircrack-ng and Hashcat:

-60-DLL Injection:

-61-DLL Hijacking:

-62-My Recon Process — DNS Enumeration:

-63-Google Dorks for nding Emails, Admin users etc:

-64-Google Dorks List 2018:

https://medium.com/p/fb70d0cbc94

-65-Hack your own NMAP with a BASH one-liner:

-66-UNIX / LINUX CHEAT SHEET:

cheatsheetworld.com/programming/unix-linux-cheat-sheet/

-67-Linux Capabilities Privilege Escalation via OpenSSL with SELinux Enabled and Enforced:

-68- information gathering:

-69-post exploitation:

https://pentestlab.blog/category/post-exploitation/

-70-privilege escalation:

https://pentestlab.blog/category/privilege-escalation/

-71-red team:

-72-The Ultimate Penetration Testing Command Cheat Sheet for Linux:

https://www.hackingloops.com/command-cheat-sheet-for-linux/

-73-Web Application Penetration Testing Cheat Sheet:

https://jdow.io/blog/2018/03/18/web-application-penetration-testing-methodology/

-74-Windows Kernel Exploits:

-75-Windows oneliners to download remote payload and execute arbitrary code:

-76-Windows-Post-Exploitation:

-77-Windows Post Exploitation Shells and File Transfer with Netcat for Windows:

-78-Windows Privilege Escalation Fundamentals:

https://www.fuzzysecurity.com/tutorials/16.html

-79-Windows Privilege Escalation Guide:

www.absolomb.com/2018-01-26-Windows-Privilege-Escalation-Guide/

-80-Windows Active Directory Post Exploitation Cheatsheet:

-81-Windows Exploitation Tricks: Abusing the User-Mode Debugger:

-82-VNC Penetration Testing (Port 5901):

http://www.hackingarticles.in/vnc-penetration-testing

-83- Big List Of Google Dorks Hacking:

-84-List of google dorks for sql injection:

-85-Download Google Dorks List 2019:

https://medium.com/p/323c8067502c

-86-Comprehensive Guide to Sqlmap (Target Options):

http://www.hackingarticles.in/comprehensive-guide-to-sqlmap-target-options15249-2

-87-EMAIL RECONNAISSANCE AND PHISHING TEMPLATE GENERATION MADE SIMPLE:

www.cybersyndicates.com/…/email-reconnaissance-phishing-template-generation-made-simple

-88-Comprehensive Guide on Gobuster Tool:

https://www.hackingarticles.in/comprehensive-guide-on-gobuster-tool/

-89-My Top 5 Web Hacking Tools:

-90-[technical] Pen-testing resources:

-91-File System Access on Webserver using Sqlmap:

http://www.hackingarticles.in/file-system-access-on-webserver-using-sqlmap

-92-kali-linux-cheatsheet:

-93-Pentesting Cheatsheet:

https://anhtai.me/pentesting-cheatsheet/

-94-Command Injection Exploitation through Sqlmap in DVWA (OS-cmd):

http://www.hackingarticles.in/command-injection-exploitation-through-sqlmap-in-dvwa

-95-XSS Payload List - Cross Site Scripting Vulnerability Payload List:

-96-Analyzing CVE-2018-6376 – Joomla!, Second Order SQL Injection:

-97-Exploiting Sql Injection with Nmap and Sqlmap:

http://www.hackingarticles.in/exploiting-sql-injection-nmap-sqlmap

-98-awesome-malware-analysis:

-99-Anatomy of UAC Attacks:

https://www.fuzzysecurity.com/tutorials/27.html

-100-awesome-cyber-skills:

-101-5 ways to Banner Grabbing:

http://www.hackingarticles.in/5-ways-banner-grabbing

-102-6 Ways to Hack PostgresSQL Login:

http://www.hackingarticles.in/6-ways-to-hack-postgressql-login

-103-6 Ways to Hack SSH Login Password:

http://www.hackingarticles.in/6-ways-to-hack-ssh-login-password

-104-10 Free Ways to Find Someone’s Email Address:

-105-USING A SCF FILE TO GATHER HASHES:

-106-Hack Remote Windows PC using DLL Files (SMB Delivery Exploit):

http://www.hackingarticles.in/hack-remote-windows-pc-using-dll-files-smb-delivery-exploit

107-Hack Remote Windows PC using Office OLE Multiple DLL Hijack Vulnerabilities:

http://www.hackingarticles.in/hack-remote-windows-pc-using-office-ole-multiple-dll-hijack-vulnerabilities

-108-BUG BOUNTY HUNTING (METHODOLOGY , TOOLKIT , TIPS & TRICKS , Blogs):

-109-How To Perform External Black-box Penetration Testing in Organization with “ZERO” Information:

-110-A Complete Penetration Testing & Hacking Tools List for Hackers & Security Professionals:

-111-Most Important Considerations with Malware Analysis Cheats And Tools list:

-112-Awesome-Hacking:

-113-awesome-threat-intelligence:

-114-awesome-yara:

-115-Red-Team-Infrastructure-Wiki:

-116-awesome-pentest:

-117-awesome-cyber-skills:

-118-pentest-wiki:

-119-awesome-web-security:

-120-Infosec_Reference:

-121-awesome-iocs:

-122-blackhat-arsenal-tools:

-123-awesome-social-engineering:

-124-Penetration Testing Framework 0.59:

www.vulnerabilityassessment.co.uk/Penetration%20Test.html

-125-Penetration Testing Tools Cheat Sheet :

https://highon.coffee/blog/penetration-testing-tools-cheat-sheet/

-126-SN1PER – A Detailed Explanation of Most Advanced Automated Information Gathering & Penetration Testing Tool:

-127-Spear Phishing 101:

https://blog.inspired-sec.com/archive/2017/05/07/Phishing.html

-128-100 ways to discover (part 1):

https://sylarsec.com/2019/01/11/100-ways-to-discover-part-1/

-129-Comprehensive Guide to SSH Tunnelling:

http://www.hackingarticles.in/comprehensive-guide-to-ssh-tunnelling/

-130-Capture VNC Session of Remote PC using SetToolkit:

http://www.hackingarticles.in/capture-vnc-session-remote-pc-using-settoolkit/

-131-Hack Remote PC using PSEXEC Injection in SET Toolkit:

http://www.hackingarticles.in/hack-remote-pc-using-psexec-injection-set-toolkit/

-132-Denial of Service Attack on Network PC using SET Toolkit:

http://www.hackingarticles.in/denial-of-service-attack-on-network-pc-using-set-toolkit/

-133-Hack Gmail and Facebook of Remote PC using DNS Spoofing and SET Toolkit:

http://www.hackingarticles.in/hack-gmail-and-facebook-of-remote-pc-using-dns-spoofing-and-set-toolkit/

-134-Hack Any Android Phone with DroidJack (Beginner’s Guide):

http://www.hackingarticles.in/hack-android-phone-droidjack-beginners-guide/

-135-HTTP RAT Tutorial for Beginners:

http://www.hackingarticles.in/http-rat-tutorial-beginners/

-136-5 ways to Create Permanent Backdoor in Remote PC:

http://www.hackingarticles.in/5-ways-create-permanent-backdoor-remote-pc/

-137-How to Enable and Monitor Firewall Log in Windows PC:

http://www.hackingarticles.in/enable-monitor-firewall-log-windows-pc/

-138-EMPIRE TIPS AND TRICKS:

-139-CSRF account takeover Explained Automated/Manual:

https://medium.com/p/447e4b96485b

-140-CSRF Exploitation using XSS:

http://www.hackingarticles.in/csrf-exploitation-using-xss

-141-Dumping Domain Password Hashes:

-142-Empire Post Exploitation – Unprivileged Agent to DA Walkthrough:

-143-Dropbox for the Empire:

-144-Empire without PowerShell.exe:

-145-REVIVING DDE: USING ONENOTE AND EXCEL FOR CODE EXECUTION:

-146-PHISHING WITH EMPIRE:

-146-BYPASSING UAC ON WINDOWS 10 USING DISK CLEANUP:

https://enigma0x3.net/2016/07/22/bypassing-uac-on-windows-10-using-disk-cleanup/

-147-“FILELESS” UAC BYPASS USING EVENTVWR.EXE AND REGISTRY HIJACKING:

https://enigma0x3.net/2016/08/15/fileless-uac-bypass-using-eventvwr-exe-and-registry-hijacking/

-148-“FILELESS” UAC BYPASS USING SDCLT.EXE:

https://enigma0x3.net/2017/03/17/fileless-uac-bypass-using-sdclt-exe/

-149-PHISHING AGAINST PROTECTED VIEW:

https://enigma0x3.net/2017/07/13/phishing-against-protected-view/

-150-LATERAL MOVEMENT USING EXCEL.APPLICATION AND DCOM:

https://enigma0x3.net/2017/09/11/lateral-movement-using-excel-application-and-dcom/

-151-enum4linux Cheat Sheet:

https://highon.coffee/blog/enum4linux-cheat-sheet/

-152-enumeration:

https://technologyredefine.blogspot.com/2017/11/enumeration.html

-153-Command and Control – WebSocket:

https://pentestlab.blog/2017/12/06/command-and-control-websocket

-154-Command and Control – WMI:

https://pentestlab.blog/2017/11/20/command-and-control-wmi

-155-Dangerous Virus For Windows Crashes Everything Hack window Using Virus:

http://thelearninghacking.com/create-virus-hack-windows/

-156-Comprehensive Guide to Nmap Port Status:

http://www.hackingarticles.in/comprehensive-guide-nmap-port-status

-157-Commix – Automated All-in-One OS Command Injection and Exploitation Tool:

https://gbhackers.com/commix-automated-all-in-one-os-command-injection-and-exploitation-tool

-158-Compromising Jenkins and extracting credentials:

https://www.n00py.io/2017/01/compromising-jenkins-and-extracting-credentials/

-159-footprinting:

https://technologyredefine.blogspot.com/2017/09/footprinting_17.html

-160-awesome-industrial-control-system-security:

https://github.com/hslatman/awesome-industrial-control-system-security

-161-xss-payload-list:

https://github.com/ismailtasdelen/xss-payload-list

-162-awesome-vehicle-security:

https://github.com/jaredthecoder/awesome-vehicle-security

-163-awesome-osint:

-164-awesome-python:

https://github.com/vinta/awesome-python

-165-Microsoft Windows - UAC Protection Bypass (Via Slui File Handler Hijack) (Metasploit):

https://www.exploit-db.com/download/44830.rb

-166-nbtscan Cheat Sheet:

https://highon.coffee/blog/nbtscan-cheat-sheet/

-167-neat-tricks-to-bypass-csrfprotection:

www.slideshare.net/0ang3el/neat-tricks-to-bypass-csrfprotection

-168-ACCESSING CLIPBOAR D FROM THE LOC K SC REEN IN WI NDOWS 10 #2:

https://oddvar.moe/2017/01/27/access-clipboard-from-lock-screen-in-windows-10-2/

-169-NMAP CHEAT-SHEET (Nmap Scanning Types, Scanning Commands , NSE Scripts):

https://medium.com/p/868a7bd7f692

-170-Nmap Cheat Sheet:

https://highon.coffee/blog/nmap-cheat-sheet/

-171-Powershell Without Powershell – How To Bypass Application Whitelisting, Environment Restrictions & AV:

https://www.blackhillsinfosec.com/powershell-without-powershell-how-to-bypass-application-whitelisting-environment-restrictions-av/

-172-Phishing with PowerPoint:

https://www.blackhillsinfosec.com/phishing-with-powerpoint/

-173-hide-payload-ms-office-document-properties:

https://www.blackhillsinfosec.com/hide-payload-ms-office-document-properties/

-174-How to Evade Application Whitelisting Using REGSVR32:

https://www.blackhillsinfosec.com/evade-application-whitelisting-using-regsvr32/

-175-How to Build a C2 Infrastructure with Digital Ocean – Part 1:

https://www.blackhillsinfosec.com/build-c2-infrastructure-digital-ocean-part-1/

-176-WordPress Penetration Testing using Symposium Plugin SQL Injection:

http://www.hackingarticles.in/wordpress-penetration-testing-using-symposium-plugin-sql-injection

-177-Manual SQL Injection Exploitation Step by Step:

http://www.hackingarticles.in/manual-sql-injection-exploitation-step-step

-178-MSSQL Penetration Testing with Metasploit:

http://www.hackingarticles.in/mssql-penetration-testing-metasploit

-179-Multiple Ways to Get root through Writable File:

http://www.hackingarticles.in/multiple-ways-to-get-root-through-writable-file

-180-MySQL Penetration Testing with Nmap:

http://www.hackingarticles.in/mysql-penetration-testing-nmap

-181-NetBIOS and SMB Penetration Testing on Windows:

http://www.hackingarticles.in/netbios-and-smb-penetration-testing-on-windows

-182-Network Packet Forensic using Wireshark:

http://www.hackingarticles.in/network-packet-forensic-using-wireshark

-183-Escape and Evasion Egressing Restricted Networks:

https://www.optiv.com/blog/escape-and-evasion-egressing-restricted-networks/

-183-Awesome-Hacking-Resources:

https://github.com/vitalysim/Awesome-Hacking-Resources

-184-Hidden directories and les as a source of sensitive information about web application:

https://medium.com/p/84e5c534e5ad

-185-Hiding Registry keys with PSRe ect:

https://posts.specterops.io/hiding-registry-keys-with-psreflect-b18ec5ac8353

-186-awesome-cve-poc:

https://github.com/qazbnm456/awesome-cve-poc

-187-Linux Capabilities Privilege Escalation via OpenSSL with SELinux Enabled and Enforced:

-188-Post Exploitation in Windows using dir Command:

http://www.hackingarticles.in/post-exploitation-windows-using-dir-command

189-Web Application Firewall (WAF) Evasion Techniques #2:

https://medium.com/secjuice/web-application-firewall-waf-evasion-techniques-2-125995f3e7b0

-190-Forensics Investigation of Remote PC (Part 1):

http://www.hackingarticles.in/forensics-investigation-of-remote-pc-part-1

-191-CloudFront Hijacking:

https://www.mindpointgroup.com/blog/pen-test/cloudfront-hijacking/

-192-PowerPoint and Custom Actions:

https://cofense.com/powerpoint-and-custom-actions/

-193-Privilege Escalation on Windows 7,8,10, Server 2008, Server 2012 using Potato:

http://www.hackingarticles.in/privilege-escalation-on-windows-7810-server-2008-server-2012-using-potato

-194-How to intercept TOR hidden service requests with Burp:

https://medium.com/p/6214035963a0

-195-How to Make a Captive Portal of Death:

https://medium.com/p/48e82a1d81a/share/twitter

-196-How to find any CEO’s email address in minutes:

https://medium.com/p/70dcb96e02b0

197-Microsoft Windows 10 - Child Process Restriction Mitigation Bypass:

https://www.exploit-db.com/download/44888.txt

-198-Microsoft Windows - Token Process Trust SID Access Check Bypass Privilege Escalation:

https://www.exploit-db.com/download/44630.txt

-199-Microsoft Word upload to Stored XSS:

https://www.n00py.io/2018/03/microsoft-word-upload-to-stored-xss/

-200-MobileApp-Pentest-Cheatsheet:

https://github.com/tanprathan/MobileApp-Pentest-Cheatsheet

-201-awesome:

https://github.com/sindresorhus/awesome

-201-writing arm shellcode:

https://azeria-labs.com/writing-arm-shellcode/

-202-debugging with gdb introduction:

https://azeria-labs.com/debugging-with-gdb-introduction/

-203-emulate raspberrypi with qemu:

https://azeria-labs.com/emulate-raspberry-pi-with-qemu/

-204-Bash One-Liner to Check Your Password(s) via pwnedpasswords.com’s API Using the k-Anonymity Method:

https://medium.com/p/a5807a9a8056

-205-A Red Teamer’s guide to pivoting:

https://artkond.com/2017/03/23/pivoting-guide/

-206-Using WebDAV features as a covert channel:

https://arno0x0x.wordpress.com/2017/09/07/using-webdav-features-as-a-covert-channel/

-207-A View of Persistence:

https://rastamouse.me/2018/03/a-view-of-persistence/

-208- pupy websocket transport:

https://bitrot.sh/post/28-11-2017-pupy-websocket-transport/

-209-Subdomains Enumeration Cheat Sheet:

https://pentester.land/cheatsheets/2018/11/.../subdomains-enumeration-cheatsheet.html

-210-DNS Reconnaissance – DNSRecon:

https://pentestlab.blog/2012/11/13/dns-reconnaissance-dnsrecon/

-211-Cheatsheets:

https://bitrot.sh/cheatsheet

-212-Understanding Guide to Nmap Firewall Scan (Part 2):

http://www.hackingarticles.in/understanding-guide-nmap-firewall-scan-part-2

-213-Exploit Office 2016 using CVE-2018-0802:

https://technologyredefine.blogspot.com/2018/01/exploit-office-2016-using-cve-2018-0802.html

-214-windows-exploit-suggester:

https://technologyredefine.blogspot.com/2018/01/windows-exploit-suggester.html

-215-INSTALLING PRESISTENCE BACKDOOR IN WINDOWS:

https://technologyredefine.blogspot.com/2018/01/installing-presistence-backdoor-in.html

-216-IDS, IPS AND FIREWALL EVASION USING NMAP:

https://technologyredefine.blogspot.com/2017/09/ids-ips-and-firewall-evasion-using-nmap.html

-217-Wireless Penetration Testing Checklist – A Detailed Cheat Sheet:

https://gbhackers.com/wireless-penetration-testing-checklist-a-detailed-cheat-sheet

218-Most Important Web Application Security Tools & Resources for Hackers and Security Professionals:

https://gbhackers.com/web-application-security-tools-resources

-219-Web Application Penetration Testing Checklist – A Detailed Cheat Sheet:

https://gbhackers.com/web-application-penetration-testing-checklist-a-detailed-cheat-sheet

-220-Top 500 Most Important XSS Script Cheat Sheet for Web Application Penetration Testing:

https://gbhackers.com/top-500-important-xss-cheat-sheet

-221-USBStealer – Password Hacking Tool For Windows Machine Applications:

https://gbhackers.com/pasword-hacking

-222-Most Important Mobile Application Penetration Testing Cheat sheet with Tools & Resources for Security Professionals:

https://gbhackers.com/mobile-application-penetration-testing

-223-Metasploit Can Be Directly Used For Hardware Penetration Testing Now:

https://gbhackers.com/metasploit-can-be-directly-used-for-hardware-vulnerability-testing-now

-224-How to Perform Manual SQL Injection While Pentesting With Single quote Error Based Parenthesis Method:

https://gbhackers.com/manual-sql-injection-2

-225-Email Spoo ng – Exploiting Open Relay configured Public Mailservers:

https://gbhackers.com/email-spoofing-exploiting-open-relay

-226-Email Header Analysis – Received Email is Genuine or Spoofed:

https://gbhackers.com/email-header-analysis

-227-Most Important Cyber Threat Intelligence Tools List For Hackers and Security Professionals:

https://gbhackers.com/cyber-threat-intelligence-tools

-228-Creating and Analyzing a Malicious PDF File with PDF-Parser Tool:

https://gbhackers.com/creating-and-analyzing-a-malicious-pdf-file-with-pdf-parser-tool

-229-Commix – Automated All-in-One OS Command Injection and Exploitation Tool:

https://gbhackers.com/commix-automated-all-in-one-os-command-injection-and-exploitation-tool

-230-Advanced ATM Penetration Testing Methods:

https://gbhackers.com/advanced-atm-penetration-testing-methods

-231-A8-Cross-Site Request Forgery (CSRF):

https://gbhackers.com/a8-cross-site-request-forgery-csrf

-232-Fully undetectable backdooring PE File:

https://haiderm.com/fully-undetectable-backdooring-pe-file/

-233-backdooring exe files:

https://haiderm.com/tag/backdooring-exe-files/

-234-From PHP (s)HELL to Powershell Heaven:

https://medium.com/p/da40ce840da8

-235-Forensic Investigation of Nmap Scan using Wireshark:

http://www.hackingarticles.in/forensic-investigation-of-nmap-scan-using-wireshark

-236-Unleashing an Ultimate XSS Polyglot:

https://github.com/0xsobky/HackVault/wiki

-237-wifi-arsenal:

https://github.com/0x90/wifi-arsenal

-238-XXE_payloads:

https://gist.github.com/staaldraad/01415b990939494879b4

-239-xss_payloads_2016:

https://github.com/7ioSecurity/XSS-Payloads/raw/master/xss_payloads_2016

-240-A curated list of awesome command-line frameworks, toolkits, guides and gizmos. Inspired by awesome-php.:

https://github.com/alebcay/awesome-shell

-241-The goal of this repository is to document the most common techniques to bypass AppLocker.:

https://github.com/api0cradle/UltimateAppLockerByPassList

-242-A curated list of CTF frameworks, libraries, resources and softwares:

https://github.com/apsdehal/awesome-ctf

-243-A collection of android security related resources:

https://github.com/ashishb/android-security-awesome

-244-OSX and iOS related security tools:

https://github.com/ashishb/osx-and-ios-security-awesome

-245-regexp-security-cheatsheet:

https://github.com/attackercan/regexp-security-cheatsheet

-246-PowerView-2.0 tips and tricks:

https://gist.github.com/HarmJ0y/3328d954607d71362e3c

-247-A curated list of awesome awesomeness:

https://github.com/bayandin/awesome-awesomeness

-248-Android App Security Checklist:

https://github.com/b-mueller/android_app_security_checklist

-249-Crack WPA/WPA2 Wi-Fi Routers with Airodump-ng and Aircrack-ng/Hashcat:

https://github.com/brannondorsey/wifi-cracking

-250-My-Gray-Hacker-Resources:

https://github.com/bt3gl/My-Gray-Hacker-Resources

-251-A collection of tools developed by other researchers in the Computer Science area to process network traces:

https://github.com/caesar0301/awesome-pcaptools

-252-A curated list of awesome Hacking tutorials, tools and resources:

https://github.com/carpedm20/awesome-hacking

-253-RFSec-ToolKit is a collection of Radio Frequency Communication Protocol Hacktools.:

https://github.com/cn0xroot/RFSec-ToolKit

-254-Collection of the cheat sheets useful for pentesting:

https://github.com/coreb1t/awesome-pentest-cheat-sheets

-255-Collection of the cheat sheets useful for pentesting:

https://github.com/coreb1t/awesome-pentest-cheat-sheets

-256-Collection of the cheat sheets useful for pentesting:

https://github.com/coreb1t/awesome-pentest-cheat-sheets

-257-A curated list of awesome forensic analysis tools and resources:

https://github.com/cugu/awesome-forensics

-258-Open-Redirect-Payloads:

https://github.com/cujanovic/Open-Redirect-Payloads

-259-A Threat hunter’s playbook to aid the development of techniques and hypothesis for hunting campaigns.:

https://github.com/Cyb3rWard0g/ThreatHunter-Playbook

-260-Windows memory hacking library:

https://github.com/DarthTon/Blackbone

-261-A collective list of public JSON APIs for use in security.:

https://github.com/deralexxx/security-apis

-262-An authoritative list of awesome devsecops tools with the help from community experiments and contributions.:

https://github.com/devsecops/awesome-devsecops

-263-List of Awesome Hacking places, organised by Country and City, listing if it features power and wifi:

https://github.com/diasdavid/awesome-hacking-spots

-264-A comprehensive curated list of available Bug Bounty & Disclosure Programs and Write-ups:

-265-Notes for taking the OSCP in 2097:

-266-A curated list of awesome Windows Exploitation resources, and shiny things. Inspired by awesom:

https://github.com/enddo/awesome-windows-exploitation

-267-A curated list of resources (books, tutorials, courses, tools and vulnerable applications) for learning about Exploit Development:

-268-A curated list of awesome reversing resources:

https://github.com/fdivrp/awesome-reversing

-269-Git All the Payloads! A collection of web attack payloads:

https://github.com/foospidy/payloads

-270-GitHub Project Resource List:

https://github.com/FuzzySecurity/Resource-List

-271-Use your macOS terminal shell to do awesome things.:

https://github.com/herrbischoff/awesome-macos-command-line

-272-Defeating Windows User Account Control:

https://github.com/hfiref0x/UACME

-273-Free Security and Hacking eBooks:

https://github.com/Hack-with-Github/Free-Security-eBooks

-274-Universal Radio Hacker: investigate wireless protocols like a boss:

https://github.com/jopohl/urh

-275-A curated list of movies every hacker & cyberpunk must watch:

https://github.com/k4m4/movies-for-hackers

-276-Various public documents, whitepapers and articles about APT campaigns:

https://github.com/kbandla/APTnotes

-277-A database of common, interesting or useful commands, in one handy referable form:

https://github.com/leostat/rtfm

-278-A curated list of tools for incident response:

https://github.com/meirwah/awesome-incident-response

-279-A curated list of awesome guides, tools, and other resources related to the security and compromise of locks, safes, and keys:

https://github.com/meitar/awesome-lockpicking

-280-A curated list of static analysis tools, linters and code quality checkers for various programming languages:

https://github.com/mre/awesome-static-analysis

-281-A Collection of Hacks in IoT Space so that we can address them (hopefully):

https://github.com/nebgnahz/awesome-iot-hacks

-281-A Course on Intermediate Level Linux Exploitation:

https://github.com/nnamon/linux-exploitation-course

-282-Kali Linux Cheat Sheet for Penetration Testers:

-283-A curated list of awesome infosec courses and training resources.:

https://github.com/onlurking/awesome-infosec

-284-A curated list of resources for learning about application security:

https://github.com/paragonie/awesome-appsec

-285-an awesome list of honeypot resources:

https://github.com/paralax/awesome-honeypots

286-GitHub Enterprise SQL Injection:

https://www.blogger.com/share-post.g?blogID=2987759532072489303&postID=6980097238231152493

-287-A curated list of fuzzing resources ( Books, courses - free and paid, videos, tools, tutorials and vulnerable applications to practice on ) for learning Fuzzing and initial phases of Exploit Development like root cause analysis:

https://github.com/secfigo/Awesome-Fuzzing

-288-PHP htaccess injection cheat sheet:

https://github.com/sektioneins/pcc/wiki

-289-A curated list of the awesome resources about the Vulnerability Research:

https://github.com/sergey-pronin/Awesome-Vulnerability-Research

-290-A list of useful payloads and bypass for Web Application Security and Pentest/CTF:

https://github.com/swisskyrepo/PayloadsAllTheThings

-291-A collection of Red Team focused tools, scripts, and notes:

https://github.com/threatexpress/red-team-scripts

-292-Awesome XSS stuff:

https://github.com/UltimateHackers/AwesomeXSS

-293-A collection of hacking / penetration testing resources to make you better!:

https://github.com/vitalysim/Awesome-Hacking-Resources

-294-Docker Cheat Sheet:

https://github.com/wsargent/docker-cheat-sheet

-295-Decrypted content of eqgrp-auction-file.tar.xz:

https://github.com/x0rz/EQGRP

-296-A bunch of links related to Linux kernel exploitation:

https://github.com/xairy/linux-kernel-exploitation

-297-Penetration Testing 102 - Windows Privilege Escalation Cheatsheet:

www.exumbraops.com/penetration-testing-102-windows-privilege-escalation-cheatsheet

-298-Pentesting Cheatsheet:

https://anhtai.me/pentesting-cheatsheet/

-299-Windows Privilege Escalation Methods for Pentesters:

https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/

-300-Penetration Testing Cheat Sheet For Windows Machine – Intrusion Detection:

-301-Reading Your Way Around UAC (Part 1):

https://tyranidslair.blogspot.co.uk/2017/05/reading-your-way-around-uac-part-1.html

-302–Reading Your Way Around UAC (Part 2):

https://tyranidslair.blogspot.co.uk/2017/05/reading-your-way-around-uac-part-2.html

-303-Executing Metasploit & Empire Payloads from MS Office Document Properties (part 2 of 2):

https://stealingthe.network/executing-metasploit-empire-payloads-from-ms-office-document-properties-part-2-of-2/

-304-SSRF - Server Side Request Forgery (Types and ways to exploit it) Part-1:

https://medium.com/p/29d034c27978

-304-Automating Cobalt Strike,Aggressor Collection Scripts:

https://github.com/bluscreenofjeff/AggressorScripts

https://github.com/harleyQu1nn/AggressorScripts

-305-Vi Cheat Sheet:

https://highon.coffee/blog/vi-cheat-sheet/

-306-Network Recon Cheat Sheet:

https://www.cheatography.com/coffeefueled/cheat-sheets/network-recon/

-307-LFI Cheat Sheet:

https://highon.coffee/blog/lfi-cheat-sheet/

-308-Systemd Cheat Sheet:

https://highon.coffee/blog/systemd-cheat-sheet/

-309-Aircrack-ng Cheatsheet:

https://securityonline.info/aircrack-ng-cheatsheet/

-310-Kali Linux Cheat Sheet for Penetration Testers:

https://www.blackmoreops.com/?p=7212

-311-Wifi Pentesting Command Cheatsheet:

https://randomkeystrokes.com/2016/07/01/wifi-pentesting-cheatsheet/

-312-Android Testing Environment Cheatsheet (Part 1):

https://randomkeystrokes.com/2016/10/17/android-testing-environment-cheatsheet/

-313-cheatsheet:

https://randomkeystrokes.com/category/cheatsheet/

-314-Reverse Shell Cheat Sheet:

https://highon.coffee/blog/reverse-shell-cheat-sheet/

-315-Linux Commands Cheat Sheet:

https://highon.coffee/blog/linux-commands-cheat-sheet/

-316-Linux Privilege Escalation using Sudo Rights:

http://www.hackingarticles.in/linux-privilege-escalation-using-exploiting-sudo-rights

-317-Linux Privilege Escalation using Misconfigured NFS:

http://www.hackingarticles.in/linux-privilege-escalation-using-misconfigured-nfs/

-318-Linux Privilege Escalation by Exploiting Cronjobs:

http://www.hackingarticles.in/linux-privilege-escalation-by-exploiting-cron-jobs/

-319-Web Penetration Testing:

http://www.hackingarticles.in/web-penetration-testing/

-320-Webshell to Meterpreter:

http://www.hackingarticles.in/webshell-to-meterpreter

-321-WordPress Penetration Testing using WPScan & Metasploit:

http://www.hackingarticles.in/wordpress-penetration-testing-using-wpscan-metasploit

-322-XSS Exploitation in DVWA (Bypass All Security):

http://www.hackingarticles.in/xss-exploitation-dvwa-bypass-security

-323-Linux Privilege Escalation Using PATH Variable:

http://www.hackingarticles.in/linux-privilege-escalation-using-path-variable/

-324-VNC tunneling over SSH:

http://www.hackingarticles.in/vnc-tunneling-ssh

-325-VNC Pivoting through Meterpreter:

http://www.hackingarticles.in/vnc-pivoting-meterpreter

-326-Week of Evading Microsoft ATA - Announcement and Day 1:

https://www.labofapenetrationtester.com/2017/08/week-of-evading-microsoft-ata-day1.html

-327-Abusing DNSAdmins privilege for escalation in Active Directory:

https://www.labofapenetrationtester.com/2017/05/abusing-dnsadmins-privilege-for-escalation-in-active-directory.html

-328-Using SQL Server for attacking a Forest Trust:

https://www.labofapenetrationtester.com/2017/03/using-sql-server-for-attacking-forest-trust.html

-329-Empire :

http://www.harmj0y.net/blog/category/empire/

-330-8 Deadly Commands You Should Never Run on Linux:

https://www.howtogeek.com/125157/8-deadly-commands-you-should-never-run-on-linux/

-331-External C2 framework for Cobalt Strike:

https://www.insomniacsecurity.com/2018/01/11/externalc2.html

-332-How to use Public IP on Kali Linux:

http://www.hackingarticles.in/use-public-ip-kali-linux

-333-Bypass Admin access through guest Account in windows 10:

http://www.hackingarticles.in/bypass-admin-access-guest-account-windows-10

-334-Bypass Firewall Restrictions with Metasploit (reverse_tcp_allports):

http://www.hackingarticles.in/bypass-firewall-restrictions-metasploit-reverse_tcp_allports

-335-Bypass SSH Restriction by Port Relay:

http://www.hackingarticles.in/bypass-ssh-restriction-by-port-relay

-336-Bypass UAC Protection of Remote Windows 10 PC (Via FodHelper Registry Key):

http://www.hackingarticles.in/bypass-uac-protection-remote-windows-10-pc-via-fodhelper-registry-key

-337-Bypass UAC in Windows 10 using bypass_comhijack Exploit:

http://www.hackingarticles.in/bypass-uac-windows-10-using-bypass_comhijack-exploit

-338-Bind Payload using SFX archive with Trojanizer:

http://www.hackingarticles.in/bind-payload-using-sfx-archive-trojanizer

-339-Capture NTLM Hashes using PDF (Bad-Pdf):

http://www.hackingarticles.in/capture-ntlm-hashes-using-pdf-bad-pdf

-340-Best of Post Exploitation Exploits & Tricks:

http://www.hackingarticles.in/best-of-post-exploitation-exploits-tricks/

-341-Detect SQL Injection Attack using Snort IDS:

http://www.hackingarticles.in/detect-sql-injection-attack-using-snort-ids/

-342-Beginner Guide to Website Footprinting:

http://www.hackingarticles.in/beginner-guide-website-footprinting/

-343-How to Enable and Monitor Firewall Log in Windows PC:

http://www.hackingarticles.in/enable-monitor-firewall-log-windows-pc/

-344-Wifi Post Exploitation on Remote PC:

http://www.hackingarticles.in/wifi-post-exploitation-remote-pc/

-335-Check Meltdown Vulnerability in CPU:

http://www.hackingarticles.in/check-meltdown-vulnerability-cpu

-336-XXE:

https://phonexicum.github.io/infosec/xxe.html

-337-[XSS] Re ected XSS Bypass Filter:

-338-Engagement Tools Tutorial in Burp suite:

http://www.hackingarticles.in/engagement-tools-tutorial-burp-suite

-339-Wiping Out CSRF:

https://medium.com/@jrozner/wiping-out-csrf-ded97ae7e83f

-340-First entry: Welcome and fileless UAC bypass:

https://winscripting.blog/2017/05/12/first-entry-welcome-and-uac-bypass/

-341-Writing a Custom Shellcode Encoder:

https://medium.com/p/31816e767611

-342-Security Harden CentOS 7 :

https://highon.coffee/blog/security-harden-centos-7/

-343-THE BIG BAD WOLF - XSS AND MAINTAINING ACCESS:

https://www.paulosyibelo.com/2018/06/the-big-bad-wolf-xss-and-maintaining.html

-344-MySQL:

https://websec.ca/kb/CHANGELOG.txt

-345-Deobfuscation of VM based software protection:

http://shell-storm.org/talks/SSTIC2017_Deobfuscation_of_VM_based_software_protection.pdf

-346-Online Assembler and Disassembler:

http://shell-storm.org/online/Online-Assembler-and-Disassembler/

-347-Shellcodes database for study cases:

http://shell-storm.org/shellcode/

-348-Dynamic Binary Analysis and Obfuscated Codes:

http://shell-storm.org/talks/sthack2016-rthomas-jsalwan.pdf

-349-How Triton may help to analyse obfuscated binaries:

http://triton.quarkslab.com/files/misc82-triton.pdf

-350-Triton: A Concolic Execution Framework:

http://shell-storm.org/talks/SSTIC2015_English_slide_detailed_version_Triton_Concolic_Execution_FrameWork_FSaudel_JSalwan.pdf

-351-Automatic deobfuscation of the Tigress binary protection using symbolic execution and LLVM:

https://github.com/JonathanSalwan/Tigress_protection

-352-What kind of semantics information Triton can provide?:

http://triton.quarkslab.com/blog/What-kind-of-semantics-information-Triton-can-provide/

-353-Code coverage using a dynamic symbolic execution:

http://triton.quarkslab.com/blog/Code-coverage-using-dynamic-symbolic-execution/

-354-Triton (concolic execution framework) under the hood:

http://triton.quarkslab.com/blog/first-approach-with-the-framework/

-355-- Stack and heap overflow detection at runtime via behavior analysis and Pin:

http://shell-storm.org/blog/Stack-and-heap-overflow-detection-at-runtime-via-behavior-analysis-and-PIN/

-356-Binary analysis: Concolic execution with Pin and z3:

http://shell-storm.org/blog/Binary-analysis-Concolic-execution-with-Pin-and-z3/

-357-In-Memory fuzzing with Pin:

http://shell-storm.org/blog/In-Memory-fuzzing-with-Pin/

-358-Hackover 2015 r150 (outdated solving for Triton use cases):

https://github.com/JonathanSalwan/Triton/blob/master/src/examples/python/ctf-writeups/hackover-ctf-2015-r150/solve.py

-359-Skip sh – Web Application Security Scanner for XSS, SQL Injection, Shell injection:

https://gbhackers.com/skipfish-web-application-security-scanner

-360-Sublist3r – Tool for Penetration testers to Enumerate Sub-domains:

https://gbhackers.com/sublist3r-penetration-testers

-361-bypassing application whitelisting with bginfo:

https://oddvar.moe/2017/05/18/bypassing-application-whitelisting-with-bginfo/

-362-accessing-clipboard-from-the-lock-screen-in-windows-10:

https://oddvar.moe/2017/01/24/accessing-clipboard-from-the-lock-screen-in-windows-10/

-363-bypassing-device-guard-umci-using-chm-cve-2017-8625:

https://oddvar.moe/2017/08/13/bypassing-device-guard-umci-using-chm-cve-2017-8625/

-364-defense-in-depth-writeup:

https://oddvar.moe/2017/09/13/defense-in-depth-writeup/

-365-applocker-case-study-how-insecure-is-it-really-part-1:

https://oddvar.moe/2017/12/13/applocker-case-study-how-insecure-is-it-really-part-1/

-366-empires-cross-platform-office-macro:

https://www.blackhillsinfosec.com/empires-cross-platform-office-macro/

-367-recon tools:

https://blackarch.org/recon.html

-368-Black Hat 2018 tools list:

https://medium.com/p/991fa38901da

-369-Application Introspection & Hooking With Frida:

https://www.fuzzysecurity.com/tutorials/29.html

-370-And I did OSCP!:

https://medium.com/p/589babbfea19

-371-CoffeeMiner: Hacking WiFi to inject cryptocurrency miner to HTML requests:

https://arnaucube.com/blog/coffeeminer-hacking-wifi-cryptocurrency-miner.html

-372-Most Important Endpoint Security & Threat Intelligence Tools List for Hackers and Security Professionals:

https://gbhackers.com/threat-intelligence-tools

-373-Penetration Testing Cheat Sheet For Windows Machine – Intrusion Detection:

https://techincidents.com/penetration-testing-cheat-sheet/

-374-privilege escalation:

https://toshellandback.com/category/privilege-escalation/

-375-The Complete List of Windows Post-Exploitation Commands (No Powershell):

https://medium.com/p/999b5433b61e

-376-The Art of Subdomain Enumeration:

https://blog.sweepatic.com/tag/subdomain-enumeration/

-377-The Principles of a Subdomain Takeover:

https://blog.sweepatic.com/subdomain-takeover-principles/

-378-The journey of Web Cache + Firewall Bypass to SSRF to AWS credentials compromise!:

https://medium.com/p/b250fb40af82

-379-The Solution for Web for Pentester-I:

https://medium.com/p/4c21b3ae9673

-380-The Ultimate Penetration Testing Command Cheat Sheet for Linux:

https://www.hackingloops.com/command-cheat-sheet-for-linux/

-381-: Ethical Hacking, Hack Tools, Hacking Tricks, Information Gathering, Penetration Testing, Recommended:

https://www.hackingloops.com/hacking-tricks/

-383-Introduction to Exploitation, Part 1: Introducing Concepts and Terminology:

https://www.hackingloops.com/exploitation-terminology/

-384-How Hackers Kick Victims Off of Wireless Networks:

https://www.hackingloops.com/kick-victims-off-of-wireless-networks/

-385-Maintaining Access Part 1: Introduction and Metasploit Example:

https://www.hackingloops.com/maintaining-access-metasploit/

-386-How to Steal Windows Credentials with Mimikatz and Metasploit:

https://www.hackingloops.com/mimikatz/

-387-Evading Anti-virus Part 2: Obfuscating Payloads with Msfvenom:

https://www.hackingloops.com/msfvenom/

-388-Evading Anti-virus Part 1: Infecting EXEs with Shellter:

https://www.hackingloops.com/evading-anti-virus-shellter/

-389-Mobile Hacking Part 4: Fetching Payloads via USB Rubber Ducky:

https://www.hackingloops.com/payloads-via-usb-rubber-ducky/

-390-Ethical Hacking Practice Test 6 – Footprinting Fundamentals Level1:

https://www.hackingloops.com/ethical-hacking-practice-test-6-footprinting-fundamentals-level1/

-391-Skip Cracking Responder Hashes and Relay Them:

https://threat.tevora.com/quick-tip-skip-cracking-responder-hashes-and-replay-them/

-392-Cracking NTLMv1 Handshakes with Crack.sh:

http://threat.tevora.com/quick-tip-crack-ntlmv1-handshakes-with-crack-sh/

-393-Top 3 Anti-Forensic OpSec Tips for Linux & A New Dead Man’s Switch:

https://medium.com/p/d5e92843e64a

-394-VNC Penetration Testing (Port 5901):

http://www.hackingarticles.in/vnc-penetration-testing

-395-Windows Privilege Escalation:

http://www.bhafsec.com/wiki/index.php/Windows_Privilege_Escalation

-396-Removing Sender’s IP Address From Email’s Received: From Header:

https://www.devside.net/wamp-server/removing-senders-ip-address-from-emails-received-from-header

-397-Dump Cleartext Password in Linux PC using MimiPenguin:

http://www.hackingarticles.in/dump-cleartext-password-linux-pc-using-mimipenguin

-398-Embedded Backdoor with Image using FakeImageExploiter:

http://www.hackingarticles.in/embedded-backdoor-image-using-fakeimageexploiter

-399-Exploit Command Injection Vulnearbility with Commix and Netcat:

http://www.hackingarticles.in/exploit-command-injection-vulnearbility-commix-netcat

-400-Exploiting Form Based Sql Injection using Sqlmap:

http://www.hackingarticles.in/exploiting-form-based-sql-injection-using-sqlmap

-401-Beginner Guide to impacket Tool kit:

http://www.hackingarticles.in/beginner-guide-to-impacket-tool-kit

-402-Best of Post Exploitation Exploits & Tricks:

http://www.hackingarticles.in/best-of-post-exploitation-exploits-tricks

-403-Command Injection to Meterpreter using Commix:

http://www.hackingarticles.in/command-injection-meterpreter-using-commix

-404-Comprehensive Guide to Crunch Tool:

http://www.hackingarticles.in/comprehensive-guide-to-crunch-tool

-405-Compressive Guide to File Transfer (Post Exploitation):

http://www.hackingarticles.in/compressive-guide-to-file-transfer-post-exploitation

-406-Crack Wifi Password using Aircrack-Ng (Beginner’s Guide):

http://www.hackingarticles.in/crack-wifi-password-using-aircrack-ng

-407-How to Detect Meterpreter in Your PC:

http://www.hackingarticles.in/detect-meterpreter-pc

-408-Easy way to Hack Database using Wizard switch in Sqlmap:

http://www.hackingarticles.in/easy-way-hack-database-using-wizard-switch-sqlmap

-409-Exploiting the Webserver using Sqlmap and Metasploit (OS-Pwn):

http://www.hackingarticles.in/exploiting-webserver-using-sqlmap-metasploit-os-pwn

-410-Create SSL Certified Meterpreter Payload using MPM:

http://www.hackingarticles.in/exploit-remote-pc-ssl-certified-meterpreter-payload-using-mpm

-411-Port forwarding: A practical hands-on guide:

https://www.abatchy.com/2017/01/port-forwarding-practical-hands-on-guide

-412-Exploit Dev 101: Jumping to Shellcode:

https://www.abatchy.com/2017/05/jumping-to-shellcode.html

-413-Introduction to Manual Backdooring:

https://www.abatchy.com/2017/05/introduction-to-manual-backdooring_24.html

-414-Kernel Exploitation:

https://www.abatchy.com/2018/01/kernel-exploitation-1

-415-Exploit Dev 101: Bypassing ASLR on Windows:

https://www.abatchy.com/2017/06/exploit-dev-101-bypassing-aslr-on.html

-416-Shellcode reduction tips (x86):

https://www.abatchy.com/2017/04/shellcode-reduction-tips-x86

-417-OSCE Study Plan:

https://www.abatchy.com/2017/03/osce-study-plan

-418-[DefCamp CTF Qualification 2017] Don’t net, kids! (Revexp 400):

https://www.abatchy.com/2017/10/defcamp-dotnot

-419-DRUPAL 7.X SERVICES MODULE UNSERIALIZE() TO RCE:

https://www.ambionics.io/

-420-SQL VULNERABLE WEBSITES LIST 2017 [APPROX 2500 FRESH SQL VULNERABLE SITES]:

https://www.cityofhackerz.com/sql-vulnerable-websites-list-2017

-421-Windows IR Live Forensics Cheat Sheet:

https://www.cheatography.com/tag/forensics/

-422-windows-kernel-logic-bug-class-access:

https://googleprojectzero.blogspot.com/2019/03/windows-kernel-logic-bug-class-access.html

-423-injecting-code-into-windows-protected:

https://googleprojectzero.blogspot.com/2018/11/injecting-code-into-windows-protected.html

-424-USING THE DDE ATTACK WITH POWERSHELL EMPIRE:

https://1337red.wordpress.com/using-the-dde-attack-with-powershell-empire

-425-Automated Derivative Administrator Search:

https://wald0.com/?p=14

-426-A Red Teamer’s Guide to GPOs and OUs:

https://wald0.com/?p=179

-427-Pen Testing and Active Directory, Part VI: The Final Case:

https://blog.varonis.com/pen-testing-active-directory-part-vi-final-case/

-428-Offensive Tools and Techniques:

https://www.sec.uno/2017/03/01/offensive-tools-and-techniques/

-429-Three penetration testing tips to out-hack hackers:

http://infosechotspot.com/three-penetration-testing-tips-to-out-hack-hackers-betanews/

-430-Introducing BloodHound:

https://wald0.com/?p=68

-431-Red + Blue = Purple:

http://www.blackhillsinfosec.com/?p=5368

-432-Active Directory Access Control List – Attacks and Defense – Enterprise Mobility and Security Blog:

https://blogs.technet.microsoft.com/enterprisemobility/2017/09/18/active-directory-access-control-list-attacks-and-defense/

-433-PrivEsc: Unquoted Service Path:

https://www.gracefulsecurity.com/privesc-unquoted-service-path/

-434-PrivEsc: Insecure Service Permissions:

https://www.gracefulsecurity.com/privesc-insecure-service-permissions/

-435-PrivEsc: DLL Hijacking:

https://www.gracefulsecurity.com/privesc-dll-hijacking/

-436-Android Reverse Engineering 101 – Part 1:

http://www.fasteque.com/android-reverse-engineering-101-part-1/

-437-Luckystrike: An Evil Office Document Generator:

https://www.shellntel.com/blog/2016/9/13/luckystrike-a-database-backed-evil-macro-generator

-438-the-number-one-pentesting-tool-youre-not-using:

https://www.shellntel.com/blog/2016/8/3/the-number-one-pentesting-tool-youre-not-using

-439-uac-bypass:

http://www.securitynewspaper.com/tag/uac-bypass/

-440-XSSer – Automated Framework Tool to Detect and Exploit XSS vulnerabilities:

https://gbhackers.com/xsser-automated-framework-detectexploit-report-xss-vulnerabilities

-441-Penetration Testing on X11 Server:

http://www.hackingarticles.in/penetration-testing-on-x11-server

-442-Always Install Elevated:

https://pentestlab.blog/2017/02/28/always-install-elevated

-443-Scanning for Active Directory Privileges & Privileged Accounts:

https://adsecurity.org/?p=3658

-444-Windows Server 2016 Active Directory Features:

https://adsecurity.org/?p=3646

-445-powershell:

https://adsecurity.org/?tag=powershell

-446-PowerShell Security: PowerShell Attack Tools, Mitigation, & Detection:

https://adsecurity.org/?p=2921

-447-DerbyCon 6 (2016) Talk – Attacking EvilCorp: Anatomy of a Corporate Hack:

https://adsecurity.org/?p=3214

-448-Real-World Example of How Active Directory Can Be Compromised (RSA Conference Presentation):

https://adsecurity.org/?p=2085

-449-Advanced ATM Penetration Testing Methods:

https://gbhackers.com/advanced-atm-penetration-testing-methods

-450-Background: Microsoft Ofice Exploitation:

https://rhinosecuritylabs.com/research/abusing-microsoft-word-features-phishing-subdoc/

-451-Automated XSS Finder:

https://medium.com/p/4236ed1c6457

-452-Application whitelist bypass using XLL and embedded shellcode:

https://rileykidd.com/.../application-whitelist-bypass-using-XLL-and-embedded-shellc

-453-AppLocker Bypass – Regsvr32:

https://pentestlab.blog/2017/05/11/applocker-bypass-regsvr32

-454-Nmap Scans using Hex Value of Flags:

http://www.hackingarticles.in/nmap-scans-using-hex-value-flags

-455-Nmap Scan with Timing Parameters:

http://www.hackingarticles.in/nmap-scan-with-timing-parameters

-456-OpenSSH User Enumeration Time- Based Attack with Osueta:

http://www.hackingarticles.in/openssh-user-enumeration-time-based-attack-osueta

-457-Penetration Testing:

http://www.hackingarticles.in/web-penetration-testing/

-458-Penetration Testing on Remote Desktop (Port 3389):

http://www.hackingarticles.in/penetration-testing-remote-desktop-port-3389

-459-Penetration Testing on Telnet (Port 23):

http://www.hackingarticles.in/penetration-testing-telnet-port-23

-460-Penetration Testing in Windows/Active Directory with Crackmapexec:

http://www.hackingarticles.in/penetration-testing-windowsactive-directory-crackmapexec

-461-Penetration Testing in WordPress Website using WordPress Exploit Framework:

http://www.hackingarticles.in/penetration-testing-wordpress-website-using-wordpress-exploit-framework

-462-Port Scanning using Metasploit with IPTables:

http://www.hackingarticles.in/port-scanning-using-metasploit-iptables

-463-Post Exploitation Using WMIC (System Command):

http://www.hackingarticles.in/post-exploitation-using-wmic-system-command

-464-Privilege Escalation in Linux using etc/passwd file:

http://www.hackingarticles.in/privilege-escalation-in-linux-using-etc-passwd-file

-465-RDP Pivoting with Metasploit:

http://www.hackingarticles.in/rdp-pivoting-metasploit

-466-A New Way to Hack Remote PC using Xerosploit and Metasploit:

http://www.hackingarticles.in/new-way-hack-remote-pc-using-xerosploit-metasploit

-467-Shell to Meterpreter using Session Command:

http://www.hackingarticles.in/shell-meterpreter-using-session-command

-468-SMTP Pentest Lab Setup in Ubuntu (Port 25):

http://www.hackingarticles.in/smtp-pentest-lab-setup-ubuntu

-469-SNMP Lab Setup and Penetration Testing:

http://www.hackingarticles.in/snmp-lab-setup-and-penetration-testing

-470-SQL Injection Exploitation in Multiple Targets using Sqlmap:

http://www.hackingarticles.in/sql-injection-exploitation-multiple-targets-using-sqlmap

-471-Sql Injection Exploitation with Sqlmap and Burp Suite (Burp CO2 Plugin):

http://www.hackingarticles.in/sql-injection-exploitation-sqlmap-burp-suite-burp-co2-plugin

-472-SSH Penetration Testing (Port 22):

http://www.hackingarticles.in/ssh-penetration-testing-port-22

-473-Manual Post Exploitation on Windows PC (System Command):

http://www.hackingarticles.in/manual-post-exploitation-windows-pc-system-command

-474-SSH Pivoting using Meterpreter:

http://www.hackingarticles.in/ssh-pivoting-using-meterpreter

-475-Stealing Windows Credentials of Remote PC with MS Office Document:

http://www.hackingarticles.in/stealing-windows-credentials-remote-pc-ms-office-document

-476-Telnet Pivoting through Meterpreter:

http://www.hackingarticles.in/telnet-pivoting-meterpreter

-477-Hack Password using Rogue Wi-Fi Access Point Attack (WiFi-Pumpkin):

http://www.hackingarticles.in/hack-password-using-rogue-wi-fi-access-point-attack-wifi-pumpkin

-478-Hack Remote PC using Fake Updates Scam with Ettercap and Metasploit:

http://www.hackingarticles.in/hack-remote-pc-using-fake-updates-scam-with-ettercap-and-metasploit

-479-Hack Remote Windows 10 Password in Plain Text using Wdigest Credential Caching Exploit:

http://www.hackingarticles.in/hack-remote-windows-10-password-plain-text-using-wdigest-credential-caching-exploit

-480-Hack Remote Windows 10 PC using TheFatRat:

http://www.hackingarticles.in/hack-remote-windows-10-pc-using-thefatrat

-481-2 Ways to Hack Windows 10 Password Easy Way:

http://www.hackingarticles.in/hack-windows-10-password-easy-way

-482-How to Change ALL Files Extension in Remote PC (Confuse File Extensions Attack):

http://www.hackingarticles.in/how-to-change-all-files-extension-in-remote-pc-confuse-file-extensions-attack

-483-How to Delete ALL Files in Remote Windows PC:

http://www.hackingarticles.in/how-to-delete-all-files-in-remote-windows-pc-2

-484-How to Encrypt Drive of Remote Victim PC:

http://www.hackingarticles.in/how-to-encrypt-drive-of-remote-victim-pc

-485-Post Exploitation in Linux With Metasploit:

https://pentestlab.blog/2013/01/04/post-exploitation-in-linux-with-metasploit

-486-Red Team:

https://posts.specterops.io/tagged/red-team?source=post

-487-Code Signing Certi cate Cloning Attacks and Defenses:

https://posts.specterops.io/tagged/code-signing?source=post

-488-Phishing:

https://posts.specterops.io/tagged/phishing?source=post

-489-PowerPick – A ClickOnce Adjunct:

http://www.sixdub.net/?p=555

-490-sql-injection-xss-playground:

https://ired.team/offensive-security-experiments/offensive-security-cheetsheets/sql-injection-xss-playground

-491-Privilege Escalation & Post-Exploitation:

https://github.com/rmusser01/Infosec_Reference/raw/master/Draft/Privilege%20Escalation%20%26%20Post-Exploitation.md

-492-https-payload-and-c2-redirectors:

https://posts.specterops.io/https-payload-and-c2-redirectors-ff8eb6f87742?source=placement_card_footer_grid---------2-41

-493-a-push-toward-transparency:

https://posts.specterops.io/a-push-toward-transparency-c385a0dd1e34?source=placement_card_footer_grid---------0-41

-494-bloodhound:

https://posts.specterops.io/tagged/bloodhound?source=post

-495-active directory:

https://posts.specterops.io/tagged/active-directory?source=post

-496-Load & Execute Bundles with migrationTool:

https://posts.specterops.io/load-execute-bundles-with-migrationtool-f952e276e1a6?source=placement_card_footer_grid---------1-41

-497-Outlook Forms and Shells:

https://sensepost.com/blog/2017/outlook-forms-and-shells/

-498-Tools:

https://sensepost.com/blog/tools/

-499-2018 pentesting resources:

https://sensepost.com/blog/2018/

-500-network pentest:

https://securityonline.info/category/penetration-testing/network-pentest/

-501-[technical] Pen-testing resources:

-502-Stored XSS on Facebook:

https://opnsec.com/2018/03/stored-xss-on-facebook/

-503-vulnerabilities:

https://www.brokenbrowser.com/category/vulnerabilities/

-504-Extending BloodHound: Track and Visualize Your Compromise:

https://porterhau5.com/.../extending-bloodhound-track-and-visualize-your-compromise

-505-so-you-want-to-be-a-web-security-researcher:

https://portswigger.net/blog/so-you-want-to-be-a-web-security-researcher

-506-BugBounty — AWS S3 added to my “Bucket” list!:

https://medium.com/p/f68dd7d0d1ce

-507-BugBounty — API keys leakage, Source code disclosure in India’s largest e-commerce health care company:

https://medium.com/p/c75967392c7e

-508-BugBounty — Exploiting CRLF Injection can lands into a nice bounty:

https://medium.com/p/159525a9cb62

-509-BugBounty — How I was able to bypass rewall to get RCE and then went from server shell to get root user account:

https://medium.com/p/783f71131b94

-510-BugBounty — “I don’t need your current password to login into youraccount” - How could I completely takeover any user’s account in an online classi ed ads company:

-511-Ping Power — ICMP Tunnel:

https://medium.com/bugbountywriteup/ping-power-icmp-tunnel-31e2abb2aaea?source=placement_card_footer_grid---------1-41

-512-hacking:

https://www.nextleveltricks.com/hacking/

-513-Top 8 Best YouTube Channels To Learn Ethical Hacking Online !:

https://www.nextleveltricks.com/youtube-channels-to-learn-hacking/

-514-Google Dorks List 2018 | Fresh Google Dorks 2018 for SQLi:

https://www.nextleveltricks.com/latest-google-dorks-list/

-515-Art of Shellcoding: Basic AES Shellcode Crypter:

http://www.nipunjaswal.com/2018/02/shellcode-crypter.html

-516-Big List Of Google Dorks Hacking:

https://xspiyr.wordpress.com/2012/09/05/big-list-of-google-dorks-hacking/

-517-nmap-cheatsheet:

https://bitrot.sh/cheatsheet/09-12-2017-nmap-cheatsheet/

-518-Aws Recon:

https://enciphers.com/tag/aws-recon/

-519-Recon:

https://enciphers.com/tag/recon/

-520-Subdomain Enumeration:

https://enciphers.com/tag/subdomain-enumeration/

-521-Shodan:

https://enciphers.com/tag/shodan/

-522-Dump LAPS passwords with ldapsearch:

https://malicious.link/post/2017/dump-laps-passwords-with-ldapsearch/

-523-peepdf - PDF Analysis Tool:

http://eternal-todo.com/tools/peepdf-pdf-analysis-tool

-524-Evilginx 2 - Next Generation of Phishing 2FA Tokens:

breakdev.org/evilginx-2-next-generation-of-phishing-2fa-tokens/

-526-Evil XML with two encodings:

https://mohemiv.com/all/evil-xml/

-527-create-word-macros-with-powershell:

https://4sysops.com/archives/create-word-macros-with-powershell/

-528-Excess XSS A comprehensive tutorial on cross-site scripting:

https://excess-xss.com/

-529-Executing Commands and Bypassing AppLocker with PowerShell Diagnostic Scripts:

https://bohops.com/2018/01/07/executing-commands-and-bypassing-applocker-with-powershell-diagnostic-scripts/

-530-Abusing DCOM For Yet Another Lateral Movement Technique:

https://bohops.com/2018/04/28/abusing-dcom-for-yet-another-lateral-movement-technique/

-531-Trust Direction: An Enabler for Active Directory Enumeration and Trust Exploitation:

https://bohops.com/2017/12/02/trust-direction-an-enabler-for-active-directory-enumeration-and-trust-exploitation/

-532-Abusing DCOM For Yet Another Lateral Movement Technique:

https://bohops.com/2018/04/28/abusing-dcom-for-yet-another-lateral-movement-technique/

-533-“Practical recon techniques for bug hunters & pen testers”:

https://blog.appsecco.com/practical-recon-techniques-for-bug-hunters-pen-testers-at-levelup-0x02-b72c15641972?source=placement_card_footer_grid---------2-41

-534-Exploiting Node.js deserialization bug for Remote Code Execution:

https://opsecx.com/index.php/2017/02/08/exploiting-node-js-deserialization-bug-for-remote-code-execution/

-535-Exploiting System Shield AntiVirus Arbitrary Write Vulnerability using SeTakeOwnershipPrivilege:

http://www.greyhathacker.net/?p=1006

-536-Running Macros via ActiveX Controls:

http://www.greyhathacker.net/?p=948

-537-all=BUG+MALWARE+EXPLOITS

http://www.greyhathacker.net/?cat=18

-538-“FILELESS” UAC BYPASS USING EVENTVWR.EXE AND:

https://enigma0x3.net/2016/08/15/fileless-uac-bypass-using-eventvwr-exe-and-registry-hijacking

-539-BYPASSING UAC ON WINDOWS 10 USING DISK CLEANUP:

https://enigma0x3.net/2016/07/22/bypassing-uac-on-windows-10-using-disk-cleanup/

-540-A Look at CVE-2017-8715: Bypassing CVE-2017-0218 using PowerShell Module Manifests:

https://enigma0x3.net/2017/11/06/a-look-at-cve-2017-8715-bypassing-cve-2017-0218-using-powershell-module-manifests/

-541-“FILELESS” UAC BYPASS USING SDCLT.EXE:

https://enigma0x3.net/2017/03/17/fileless-uac-bypass-using-sdclt-exe

-542-File Upload XSS:

https://medium.com/p/83ea55bb9a55

-543-Firebase Databases:

https://medium.com/p/f651a7d49045

-544-Safe Red Team Infrastructure:

https://medium.com/@malcomvetter/safe-red-team-infrastructure-c5d6a0f13fac

-545-RED-TEAM:

https://cybersyndicates.com/tags/red-team/

-546-Egressing Bluecoat with Cobaltstike & Let’s Encrypt:

https://www.youtube.com/watch?v=cgwfjCmKQwM

-547-Veil-Evasion:

https://cybersyndicates.com/tags/veil-evasion/

-548-Dangerous Virus For Windows Crashes Everything Hack window Using Virus:

http://thelearninghacking.com/create-virus-hack-windows/

-549-Download Google Dorks List 2019:

https://medium.com/p/323c8067502c

-550-Don’t leak sensitive data via security scanning tools:

https://medium.com/p/7d1f715f0486

-551-CRLF Injection Into PHP’s cURL Options:

https://medium.com/@tomnomnom/crlf-injection-into-phps-curl-options-e2e0d7cfe545?source=placement_card_footer_grid---------0-60

-552-Open Redirects & Security Done Right!:

https://medium.com/@AkshaySharmaUS/open-redirects-security-done-right-e524a3185496?source=placement_card_footer_grid---------2-60

-553-DOM XSS – auth.uber.com:

https://stamone-bug-bounty.blogspot.com/2017/10/dom-xss-auth_14.html

-554-PowerPoint and Custom Actions:

https://cofense.com/powerpoint-and-custom-actions/

-555-exploiting-adobe-coldfusion:

https://codewhitesec.blogspot.com/2018/03/exploiting-adobe-coldfusion.html

-556-Command and Control – HTTPS:

https://pentestlab.blog/2017/10/04/command-and-control-https

-557-Command and Control – Images:

https://pentestlab.blog/2018/01/02/command-and-control-images

-558-Command and Control – JavaScript:

https://pentestlab.blog/2018/01/08/command-and-control-javascript

-559-XSS-Payloads:

https://github.com/Pgaijin66/XSS-Payloads

-560-Command and Control – Web Interface:

https://pentestlab.blog/2018/01/03/command-and-control-web-interface

-561-Command and Control – Website:

https://pentestlab.blog/2017/11/14/command-and-control-website

-562-Command and Control – WebSocket:

https://pentestlab.blog/2017/12/06/command-and-control-websocket

-563-atomic-red-team:

https://github.com/redcanaryco/atomic-red-team

-564-PowerView-3.0-tricks.ps1:

https://gist.github.com/HarmJ0y/184f9822b195c52dd50c379ed3117993

-565-awesome-sec-talks:

https://github.com/PaulSec/awesome-sec-talks

-566-Awesome-Red-Teaming:

https://github.com/yeyintminthuhtut/Awesome-Red-Teaming

-567-awesome-php:

https://github.com/ziadoz/awesome-php

-568-latest-hacks:

https://hackercool.com/latest-hacks/

-569-GraphQL NoSQL Injection Through JSON Types:

http://www.east5th.co/blog/2017/06/12/graphql-nosql-injection-through-json-types/

-570-Writing .NET Executables for Pentesters:

https://www.peew.pw/blog/2017/12/4/writing-net-executables-for-penteters-part-2

-571-A curated list of fuzzing resources ( Books, courses - free and paid, videos, tools, tutorials and vulnerable applications to practice on ) for learning Fuzzing and initial phases of Exploit Development like root cause analysis.

https://github.com/secfigo/Awesome-Fuzzing

-572-How to Shutdown, Restart, Logoff, and Hibernate Remote Windows PC:

http://www.hackingarticles.in/how-to-shutdown-restart-logoff-and-hibernate-remote-windows-pc

-572-Injecting Metasploit Payloads into Android Applications – Manually:

https://pentestlab.blog/2017/06/26/injecting-metasploit-payloads-into-android-applications-manually

-573-Google Dorks For Carding [Huge List] - Part 1:

https://hacker-arena.blogspot.com/2014/03/google-dorks-for-carding-huge-list-part.html

-574-Google dorks for growth hackers:

https://medium.com/p/7f83c8107057

-575-Google Dorks For Carding (HUGE LIST):

https://leetpedia.blogspot.com/2013/01/google-dorks-for-carding-huge-list.html

-576-BIGGEST SQL Injection Dorks List ~ 20K+ Dorks:

https://leetpedia.blogspot.com/2013/05/biggest-sql-injection-dorks-list-20k.html

-577-Pastebin Accounts Hacking (Facebook/Paypal/LR/Gmail/Yahoo, etc):

https://leetpedia.blogspot.com/2013/01/pastebin-accounts-hacking.html

-578-How I Chained 4 vulnerabilities on GitHub Enterprise, From SSRF Execution Chain to RCE!:

http://blog.orange.tw/2017/07/how-i-chained-4-vulnerabilities-on.html

-579-Hijacking VNC (Enum, Brute, Access and Crack):

https://medium.com/p/d3d18a4601cc

-580-Linux Post Exploitation Command List:

https://github.com/mubix/post-exploitation/wiki

-581-List of google dorks for sql injection:

-582-Microsoft Office – NTLM Hashes via Frameset:

https://pentestlab.blog/2017/12/18/microsoft-office-ntlm-hashes-via-frameset

-583-Microsoft Windows 10 - Child Process Restriction Mitigation Bypass:

https://www.exploit-db.com/download/44888.txt

-584-Microsoft Windows CVE-2018-8210 Remote Code Execution Vulnerability:

https://www.securityfocus.com/bid/104407

-585-Microsoft Windows Kernel CVE-2018-0982 Local Privilege Escalation Vulnerability:

https://www.securityfocus.com/bid/104382

-586-miSafes Mi-Cam Device Hijacking:

https://packetstormsecurity.com/files/146504/SA-20180221-0.txt

-587-Low-Level Windows API Access From PowerShell:

https://www.fuzzysecurity.com/tutorials/24.html

-588-Linux Kernel ‘mm/hugetlb.c’ Local Denial of Service Vulnerability:

https://www.securityfocus.com/bid/103316

-589-Lateral Movement – RDP:

https://pentestlab.blog/2018/04/24/lateral-movement-rdp/

-590-Snagging creds from locked machines:

https://malicious.link/post/2016/snagging-creds-from-locked-machines/

-591-Making a Blind SQL Injection a Little Less Blind:

https://medium.com/p/428dcb614ba8

-592-VulnHub — Kioptrix: Level 5:

https://medium.com/@bondo.mike/vulnhub-kioptrix-level-5-88ab65146d48?source=placement_card_footer_grid---------1-60

-593-Unauthenticated Account Takeover Through HTTP Leak:

https://medium.com/p/33386bb0ba0b

-594-Hakluke’s Ultimate OSCP Guide: Part 1 — Is OSCP for you?:

https://medium.com/@hakluke/haklukes-ultimate-oscp-guide-part-1-is-oscp-for-you-b57cbcce7440?source=placement_card_footer_grid---------2-43

-595-Finding Target-relevant Domain Fronts:

https://medium.com/@vysec.private/finding-target-relevant-domain-fronts-7f4ad216c223?source=placement_card_footer_grid---------0-44

-596-Safe Red Team Infrastructure:

https://medium.com/@malcomvetter/safe-red-team-infrastructure-c5d6a0f13fac?source=placement_card_footer_grid---------1-60

-597-Cobalt Strike Visualizations:

https://medium.com/@001SPARTaN/cobalt-strike-visualizations-e6a6e841e16b?source=placement_card_footer_grid---------2-60

-598-OWASP Top 10 2017 — Web Application Security Risks:

https://medium.com/p/31f356491712

-599-XSS-Auditor — the protector of unprotected:

https://medium.com/bugbountywriteup/xss-auditor-the-protector-of-unprotected-f900a5e15b7b?source=placement_card_footer_grid---------0-60

-600-Netcat vs Cryptcat – Remote Shell to Control Kali Linux from Windows machine:

https://gbhackers.com/netcat-vs-cryptcat

-601-Jenkins Servers Infected With Miner.:

https://medium.com/p/e370a900ab2e

-602-cheat-sheet:

http://pentestmonkey.net/category/cheat-sheet

-603-Command and Control – Website Keyword:

https://pentestlab.blog/2017/09/14/command-and-control-website-keyword/

-604-Command and Control – Twitter:

-605-Command and Control – Windows COM:

https://pentestlab.blog/2017/09/01/command-and-control-windows-com/

-606-Microsoft Office – NTLM Hashes via Frameset:

https://pentestlab.blog/2017/12/18/microsoft-office-ntlm-hashes-via-frameset/

-607-PHISHING AGAINST PROTECTED VIEW:

https://enigma0x3.net/2017/07/13/phishing-against-protected-view/

-608-PHISHING WITH EMPIRE:

-609-Reverse Engineering Android Applications:

https://pentestlab.blog/2017/02/06/reverse-engineering-android-applications/

-610-HTML Injection:

https://pentestlab.blog/2013/06/26/html-injection/

-611-Meterpreter stage AV/IDS evasion with powershell:

https://arno0x0x.wordpress.com/2016/04/13/meterpreter-av-ids-evasion-powershell/

-612-Windows Atomic Tests by ATT&CK Tactic & Technique:

https://github.com/redcanaryco/atomic-red-team/raw/master/atomics/windows-index.md

-613-Windows Active Directory Post Exploitation Cheatsheet:

-614-Windows 10 UAC Loophole Can Be Used to Infect Systems with Malware:

http://news.softpedia.com/news/windows-10-uac-loophole-can-be-used-to-infect-systems-with-malware-513996.shtml

-615-How to Bypass Anti-Virus to Run Mimikatz:

https://www.blackhillsinfosec.com/bypass-anti-virus-run-mimikatz/

-616-Userland API Monitoring and Code Injection Detection:

https://0x00sec.org/t/userland-api-monitoring-and-code-injection-detection/5565

-617-USE TOR. USE EMPIRE.:

http://secureallthethings.blogspot.com/2016/11/use-tor-use-empire.html

-617-ADVANCED CROSS SITE SCRIPTING (XSS) CHEAT SHEET:

https://www.muhaddis.info/advanced-cross-site-scripting-xss-cheat-sheet/

-618-Empire without PowerShell.exe:

-619-RED TEAM:

https://bneg.io/category/red-team/

-620-PDF Tools:

https://blog.didierstevens.com/programs/pdf-tools/

-621-DNS Data ex ltration — What is this and How to use?

https://blog.fosec.vn/dns-data-exfiltration-what-is-this-and-how-to-use-2f6c69998822

-621-Google Dorks:

https://medium.com/p/7cfd432e0cf3

-622-Hacking with JSP Shells:

https://blog.netspi.com/hacking-with-jsp-shells/

-623-Malware Analysis:

https://github.com/RPISEC/Malware/raw/master/README.md

-624-A curated list of Capture The Flag (CTF) frameworks, libraries, resources and softwares.:

https://github.com/SandySekharan/CTF-tool

-625-Group Policy Preferences:

https://pentestlab.blog/2017/03/20/group-policy-preferences

-627-CHECKING FOR MALICIOUSNESS IN AC OFORM OBJECTS ON PDF FILES:

https://furoner.wordpress.com/2017/11/15/checking-for-maliciousness-in-acroform-objects-on-pdf-files

-628-deobfuscation:

https://furoner.wordpress.com/tag/deobfuscation/

-629-POWERSHELL EMPIRE STAGERS 1: PHISHING WITH AN OFFICE MACRO AND EVADING AVS:

https://fzuckerman.wordpress.com/2016/10/06/powershell-empire-stagers-1-phishing-with-an-office-macro-and-evading-avs/

-630-A COMPREHENSIVE TUTORIAL ON CROSS-SITE SCRIPTING:

https://fzuckerman.wordpress.com/2016/10/06/a-comprehensive-tutorial-on-cross-site-scripting/

-631-GCAT – BACKDOOR EM PYTHON:

https://fzuckerman.wordpress.com/2016/10/06/gcat-backdoor-em-python/

-632-Latest Carding Dorks List for Sql njection 2019:

https://latestechnews.com/carding-dorks/

-633-google docs for credit card:

https://latestechnews.com/tag/google-docs-for-credit-card/

-634-How To Scan Multiple Organizations With Shodan and Golang (OSINT):

https://medium.com/p/d994ba6a9587

-635-How to Evade Application Whitelisting Using REGSVR32:

https://www.blackhillsinfosec.com/evade-application-whitelisting-using-regsvr32/

-636-phishing:

https://www.blackhillsinfosec.com/tag/phishing/

-637-Merlin in action: Intro to Merlin:

https://asciinema.org/a/ryljo8qNjHz1JFcFDK7wP6e9I

-638-IP Cams from around the world:

https://medium.com/p/a6f269f56805

-639-Advanced Cross Site Scripting(XSS) Cheat Sheet by Jaydeep Dabhi:

https://jaydeepdabhi.wordpress.com/2016/01/12/advanced-cross-site-scriptingxss-cheat-sheet-by-jaydeep-dabhi/

-640-Just how easy it is to do a domain or subdomain take over!?:

https://medium.com/p/265d635b43d8

-641-How to Create hidden user in Remote PC:

http://www.hackingarticles.in/create-hidden-remote-metaspolit

-642-Process Doppelgänging – a new way to impersonate a process:

https://hshrzd.wordpress.com/2017/12/18/process-doppelganging-a-new-way-to-impersonate-a-process/

-643-How to turn a DLL into astandalone EXE:

https://hshrzd.wordpress.com/2016/07/21/how-to-turn-a-dll-into-a-standalone-exe/

-644-Hijacking extensions handlers as a malware persistence method:

https://hshrzd.wordpress.com/2017/05/25/hijacking-extensions-handlers-as-a-malware-persistence-method/

-645-I’ll Get Your Credentials … Later!:

https://www.fuzzysecurity.com/tutorials/18.html

-646-Game Over: CanYouPwnMe > Kevgir-1:

https://www.fuzzysecurity.com/tutorials/26.html

-647-IKARUS anti.virus and its 9 exploitable kernel vulnerabilities:

http://www.greyhathacker.net/?p=995

-648-Getting started in Bug Bounty:

https://medium.com/p/7052da28445a

-649-Union SQLi Challenges (Zixem Write-up):

https://medium.com/ctf-writeups/union-sqli-challenges-zixem-write-up-4e74ad4e88b4?source=placement_card_footer_grid---------2-60

-650-scanless – A Tool for Perform Anonymous Port Scan on Target Websites:

https://gbhackers.com/scanless-port-scans-websites-behalf

-651-WEBAPP PENTEST:

https://securityonline.info/category/penetration-testing/webapp-pentest/

-652-Cross-Site Scripting (XSS) Payloads:

https://securityonline.info/tag/cross-site-scripting-xss-payloads/

-653-sg1: swiss army knife for data encryption, exfiltration & covert communication:

https://securityonline.info/tag/sg1/

-654-NETWORK PENTEST:

https://securityonline.info/category/penetration-testing/network-pentest/

-655-SQL injection in an UPDATE query - a bug bounty story!:

https://zombiehelp54.blogspot.com/2017/02/sql-injection-in-update-query-bug.html

-656-Cross-site Scripting:

https://www.netsparker.com/blog/web-security/cross-site-scripting-xss/

-657-Local File Inclusion:

https://www.netsparker.com/blog/web-security/local-file-inclusion-vulnerability/

-658-Command Injection:

https://www.netsparker.com/blog/web-security/command-injection-vulnerability/

-659-a categorized list of Windows CMD commands:

https://ss64.com/nt/commands.html

-660-Understanding Guide for Nmap Timing Scan (Firewall Bypass):

http://www.hackingarticles.in/understanding-guide-nmap-timing-scan-firewall-bypass

-661-RFID Hacking with The Proxmark 3:

https://blog.kchung.co/tag/rfid/

-662-A practical guide to RFID badge copying:

https://blog.nviso.be/2017/01/11/a-practical-guide-to-rfid-badge-copying

-663-Denial of Service using Cookie Bombing:

https://medium.com/p/55c2d0ef808c

-664-Vultr Domain Hijacking:

https://vincentyiu.co.uk/red-team/cloud-security/vultr-domain-hijacking

-665-Command and Control:

https://vincentyiu.co.uk/red-team/domain-fronting

-666-Cisco Auditing Tool & Cisco Global Exploiter to Exploit 14 Vulnerabilities in Cisco Switches and Routers:

https://gbhackers.com/cisco-global-exploiter-cge

-667-CHECKING FOR MALICIOUSNESS IN ACROFORM OBJECTS ON PDF FILES:

https://furoner.wordpress.com/2017/11/15/checking-for-maliciousness-in-acroform-objects-on-pdf-files

-668-Situational Awareness:

https://pentestlab.blog/2018/05/28/situational-awareness/

-669-Unquoted Service Path:

https://pentestlab.blog/2017/03/09/unquoted-service-path

-670-NFS:

https://pentestacademy.wordpress.com/2017/09/20/nfs/

-671-List of Tools for Pentest Rookies:

https://pentestacademy.wordpress.com/2016/09/20/list-of-tools-for-pentest-rookies/

-672-Common Windows Commands for Pentesters:

https://pentestacademy.wordpress.com/2016/06/21/common-windows-commands-for-pentesters/

-673-Open-Source Intelligence (OSINT) Reconnaissance:

-674-OSINT x UCCU Workshop on Open Source Intelligence:

https://www.slideshare.net/miaoski/osint-x-uccu-workshop-on-open-source-intelligence

-675-Advanced Attack Techniques:

https://www.cyberark.com/threat-research-category/advanced-attack-techniques/

-676-Credential Theft:

https://www.cyberark.com/threat-research-category/credential-theft/

-678-The Cloud Shadow Admin Threat: 10 Permissions to Protect:

https://www.cyberark.com/threat-research-blog/cloud-shadow-admin-threat-10-permissions-protect/

-679-Online Credit Card Theft: Today’s Browsers Store Sensitive Information Deficiently, Putting User Data at Risk:

https://www.cyberark.com/threat-research-blog/online-credit-card-theft-todays-browsers-store-sensitive-information-deficiently-putting-user-data-risk/

-680-Weakness Within: Kerberos Delegation:

https://www.cyberark.com/threat-research-blog/weakness-within-kerberos-delegation/

-681-Simple Domain Fronting PoC with GAE C2 server:

https://www.securityartwork.es/2017/01/31/simple-domain-fronting-poc-with-gae-c2-server/

-682-Find Critical Information about a Host using DMitry:

https://www.thehackr.com/find-critical-information-host-using-dmitry/

-683-How To Do OS Fingerprinting In Kali Using Xprobe2:

http://disq.us/?url=http%3A%2F%2Fwww.thehackr.com%2Fos-fingerprinting-kali%2F&key=scqgRVMQacpzzrnGSOPySA

-684-Crack SSH, FTP, Telnet Logins Using Hydra:

https://www.thehackr.com/crack-ssh-ftp-telnet-logins-using-hydra/

-685-Reveal Saved Passwords in Browser using JavaScript Injection:

https://www.thehackr.com/reveal-saved-passwords-browser-using-javascript-injection/

-686-Nmap Cheat Sheet:

https://s3-us-west-2.amazonaws.com/stationx-public-download/nmap_cheet_sheet_0.6.pdf

-687-Manual Post Exploitation on Windows PC (Network Command):

http://www.hackingarticles.in/manual-post-exploitation-windows-pc-network-command

-688-Hack Gmail or Facebook Password of Remote PC using NetRipper Exploitation Tool:

http://www.hackingarticles.in/hack-gmail-or-facebook-password-of-remote-pc-using-netripper-exploitation-tool

-689-Hack Locked Workstation Password in Clear Text:

http://www.hackingarticles.in/hack-locked-workstation-password-clear-text

-690-How to Find ALL Excel, Office, PDF, and Images in Remote PC:

http://www.hackingarticles.in/how-to-find-all-excel-office-pdf-images-files-in-remote-pc

-691-red-teaming:

https://www.redteamsecure.com/category/red-teaming/

-692-Create a Fake AP and Sniff Data mitmAP:

http://www.uaeinfosec.com/create-fake-ap-sniff-data-mitmap/

-693-Bruteforcing From Nmap Output BruteSpray:

http://www.uaeinfosec.com/bruteforcing-nmap-output-brutespray/

-694-Reverse Engineering Framework radare2:

http://www.uaeinfosec.com/reverse-engineering-framework-radare2/

-695-Automated ettercap TCP/IP Hijacking Tool Morpheus:

http://www.uaeinfosec.com/automated-ettercap-tcpip-hijacking-tool-morpheus/

-696-List Of Vulnerable SQL Injection Sites:

https://www.blogger.com/share-post.g?blogID=1175829128367570667&postID=4652029420701251199

-697-Command and Control – Gmail:

https://pentestlab.blog/2017/08/03/command-and-control-gmail/

-698-Command and Control – DropBox:

https://pentestlab.blog/2017/08/29/command-and-control-dropbox/

-699-Skeleton Key:

https://pentestlab.blog/2018/04/10/skeleton-key/

-700-Secondary Logon Handle:

https://pentestlab.blog/2017/04/07/secondary-logon-handle

-701-Hot Potato:

https://pentestlab.blog/2017/04/13/hot-potato

-702-Leveraging INF-SCT Fetch & Execute Techniques For Bypass, Evasion, & Persistence (Part 2):

https://bohops.com/2018/03/10/leveraging-inf-sct-fetch-execute-techniques-for-bypass-evasion-persistence-part-2/

-703-Linux-Kernel-exploits:

http://tacxingxing.com/category/exploit/kernel-exploit/

-704-Linux-Kernel-Exploit Stack Smashing:

http://tacxingxing.com/2018/02/26/linuxkernelexploit-stack-smashing/

-705-Linux Kernel Exploit Environment:

http://tacxingxing.com/2018/02/15/linuxkernelexploit-huan-jing-da-jian/

-706-Linux-Kernel-Exploit NULL dereference:

http://tacxingxing.com/2018/02/22/linuxkernelexploit-null-dereference/

-707-Apache mod_python for red teams:

https://labs.nettitude.com/blog/apache-mod_python-for-red-teams/

-708-Bounty Write-up (HTB):

https://medium.com/p/9b01c934dfd2/

709-CTF Writeups:

https://medium.com/ctf-writeups

-710-Detecting Malicious Microsoft Office Macro Documents:

http://www.greyhathacker.net/?p=872

-711-SQL injection in Drupal:

https://hackerone.com/reports/31756

-712-XSS and open redirect on Twitter:

https://hackerone.com/reports/260744

-713-Shopify login open redirect:

https://hackerone.com/reports/55546

-714-HackerOne interstitial redirect:

https://hackerone.com/reports/111968

-715-Ubiquiti sub-domain takeovers:

https://hackerone.com/reports/181665

-716-Scan.me pointing to Zendesk:

https://hackerone.com/reports/114134

-717-Starbucks’ sub-domain takeover:

https://hackerone.com/reports/325336

-718-Vine’s sub-domain takeover:

https://hackerone.com/reports/32825

-719-Uber’s sub-domain takeover:

https://hackerone.com/reports/175070

-720-Read access to Google:

https://blog.detectify.com/2014/04/11/how-we-got-read-access-on-googles-production-servers/

-721-A Facebook XXE with Word:

https://www.bram.us/2014/12/29/how-i-hacked-facebook-with-a-word-document/

-722-The Wikiloc XXE:

https://www.davidsopas.com/wikiloc-xxe-vulnerability/

-723-Uber Jinja2 TTSI:

https://hackerone.com/reports/125980

-724-Uber Angular template injection:

https://hackerone.com/reports/125027

-725-Yahoo Mail stored XSS:

https://klikki.fi/adv/yahoo2.html

-726-Google image search XSS:

https://mahmoudsec.blogspot.com/2015/09/how-i-found-xss-vulnerability-in-google.html

-727-Shopify Giftcard Cart XSS :

https://hackerone.com/reports/95089

-728-Shopify wholesale XSS :

https://hackerone.com/reports/106293

-729-Bypassing the Shopify admin authentication:

https://hackerone.com/reports/270981

-730-Starbucks race conditions:

https://sakurity.com/blog/2015/05/21/starbucks.html

-731-Binary.com vulnerability – stealing a user’s money:

https://hackerone.com/reports/98247

-732-HackerOne signal manipulation:

https://hackerone.com/reports/106305

-733-Shopify S buckets open:

https://hackerone.com/reports/98819

-734-HackerOne S buckets open:

https://hackerone.com/reports/209223

-735-Bypassing the GitLab 2F authentication:

https://gitlab.com/gitlab-org/gitlab-ce/issues/14900

-736-Yahoo PHP info disclosure:

https://blog.it-securityguard.com/bugbounty-yahoo-phpinfo-php-disclosure-2/

-737-Shopify for exporting installed users:

https://hackerone.com/reports/96470

-738-Shopify Twitter disconnect:

https://hackerone.com/reports/111216

-739-Badoo full account takeover:

https://hackerone.com/reports/127703

-740-Disabling PS Logging:

https://github.com/leechristensen/Random/blob/master/CSharp/DisablePSLogging.cs

-741-macro-less-code-exec-in-msword:

https://sensepost.com/blog/2017/macro-less-code-exec-in-msword/

-742-5 ways to Exploiting PUT Vulnerability:

http://www.hackingarticles.in/5-ways-to-exploiting-put-vulnerabilit

-743-5 Ways to Exploit Verb Tempering Vulnerability:

http://www.hackingarticles.in/5-ways-to-exploit-verb-tempering-vulnerability

-744-5 Ways to Hack MySQL Login Password:

http://www.hackingarticles.in/5-ways-to-hack-mysql-login-password

-745-5 Ways to Hack SMB Login Password:

http://www.hackingarticles.in/5-ways-to-hack-smb-login-password

-746-6 Ways to Hack FTP Login Password:

http://www.hackingarticles.in/6-ways-to-hack-ftp-login-password

-746-6 Ways to Hack SNMP Password:

http://www.hackingarticles.in/6-ways-to-hack-snmp-password

-747-6 Ways to Hack VNC Login Password:

http://www.hackingarticles.in/6-ways-to-hack-vnc-login-password

-748-Access Sticky keys Backdoor on Remote PC with Sticky Keys Hunter:

http://www.hackingarticles.in/access-sticky-keys-backdoor-remote-pc-sticky-keys-hunter

-749-Beginner Guide to IPtables:

http://www.hackingarticles.in/beginner-guide-iptables

-750-Beginner Guide to impacket Tool kit:

http://www.hackingarticles.in/beginner-guide-to-impacket-tool-kit

-751-Exploit Remote Windows 10 PC using Discover Tool:

http://www.hackingarticles.in/exploit-remote-windows-10-pc-using-discover-tool

-752-Forensics Investigation of Remote PC (Part 2):

http://www.hackingarticles.in/forensics-investigation-of-remote-pc-part-2

-753-5 ways to File upload vulnerability Exploitation:

http://www.hackingarticles.in/5-ways-file-upload-vulnerability-exploitation

-754-FTP Penetration Testing in Ubuntu (Port 21):

http://www.hackingarticles.in/ftp-penetration-testing-in-ubuntu-port-21

-755-FTP Penetration Testing on Windows (Port 21):

http://www.hackingarticles.in/ftp-penetration-testing-windows

-756-FTP Pivoting through RDP:

http://www.hackingarticles.in/ftp-pivoting-rdp

-757-Fun with Metasploit Payloads:

http://www.hackingarticles.in/fun-metasploit-payloads

-758-Gather Cookies and History of Mozilla Firefox in Remote Windows, Linux or MAC PC:

http://www.hackingarticles.in/gather-cookies-and-history-of-mozilla-firefox-in-remote-windows-linux-or-mac-pc

-759-Generating Reverse Shell using Msfvenom (One Liner Payload):

http://www.hackingarticles.in/generating-reverse-shell-using-msfvenom-one-liner-payload

-760-Generating Scan Reports Using Nmap (Output Scan):

http://www.hackingarticles.in/generating-scan-reports-using-nmap-output-scan

-761-Get Meterpreter Session of Locked PC Remotely (Remote Desktop Enabled):

http://www.hackingarticles.in/get-meterpreter-session-locked-pc-remotely-remote-desktop-enabled

-762-Hack ALL Security Features in Remote Windows 7 PC:

http://www.hackingarticles.in/hack-all-security-features-in-remote-windows-7-pc

-763-5 ways to Exploit LFi Vulnerability:

http://www.hackingarticles.in/5-ways-exploit-lfi-vulnerability

-764-5 Ways to Directory Bruteforcing on Web Server:

http://www.hackingarticles.in/5-ways-directory-bruteforcing-web-server

-765-Hack Call Logs, SMS, Camera of Remote Android Phone using Metasploit:

http://www.hackingarticles.in/hack-call-logs-sms-camera-remote-android-phone-using-metasploit

-766-Hack Gmail and Facebook Password in Network using Bettercap:

http://www.hackingarticles.in/hack-gmail-facebook-password-network-using-bettercap

-767-ICMP Penetration Testing:

http://www.hackingarticles.in/icmp-penetration-testing

-768-Understanding Guide to Mimikatz:

http://www.hackingarticles.in/understanding-guide-mimikatz

-769-5 Ways to Create Dictionary for Bruteforcing:

http://www.hackingarticles.in/5-ways-create-dictionary-bruteforcing

-770-Linux Privilege Escalation using LD_Preload:

http://www.hackingarticles.in/linux-privilege-escalation-using-ld_preload/

-771-2 Ways to Hack Remote Desktop Password using kali Linux:

http://www.hackingarticles.in/2-ways-to-hack-remote-desktop-password-using-kali-linux

-772-2 ways to use Msfvenom Payload with Netcat:

http://www.hackingarticles.in/2-ways-use-msfvenom-payload-netcat

-773-4 ways to Connect Remote PC using SMB Port:

http://www.hackingarticles.in/4-ways-connect-remote-pc-using-smb-port

-774-4 Ways to DNS Enumeration:

http://www.hackingarticles.in/4-ways-dns-enumeration

-775-4 Ways to get Linux Privilege Escalation:

http://www.hackingarticles.in/4-ways-get-linux-privilege-escalation

-776-101+ OSINT Resources for Investigators [2019]:

https://i-sight.com/resources/101-osint-resources-for-investigators/

-777-Week in OSINT #2019–02:

https://medium.com/week-in-osint/week-in-osint-2019-02-d4009c27e85f

-778-OSINT Cheat Sheet:

https://hack2interesting.com/osint-cheat-sheet/

-779-OSINT Cheat Sheet:

https://infoskirmish.com/osint-cheat-sheet/

-780-OSINT Links for Investigators:

https://i-sight.com/resources/osint-links-for-investigators/

-781- Metasploit Cheat Sheet :

https://www.kitploit.com/2019/02/metasploit-cheat-sheet.html

-782- Exploit Development Cheat Sheet:

https://github.com/coreb1t/awesome-pentest-cheat-sheets/commit/5b83fa9cfb05f4774eb5e1be2cde8dbb04d011f4

-783-Building Profiles for a Social Engineering Attack:

https://pentestlab.blog/2012/04/19/building-profiles-for-a-social-engineering-attack/

-784-Practical guide to NTLM Relaying in 2017 (A.K.A getting a foothold in under 5 minutes):

https://byt3bl33d3r.github.io/practical-guide-to-ntlm-relaying-in-2017-aka-getting-a-foothold-in-under-5-minutes.html

-785-Getting the goods with CrackMapExec: Part 2:

https://byt3bl33d3r.github.io/tag/crackmapexec.html

-786-Bug Hunting Methodology (part-1):

https://medium.com/p/91295b2d2066

-787-Exploring Cobalt Strike’s ExternalC2 framework:

https://blog.xpnsec.com/exploring-cobalt-strikes-externalc2-framework/

-788-Airbnb – When Bypassing JSON Encoding, XSS Filter, WAF, CSP, and Auditor turns into Eight Vulnerabilities:

https://buer.haus/2017/03/08/airbnb-when-bypassing-json-encoding-xss-filter-waf-csp-and-auditor-turns-into-eight-vulnerabilities/

-789-Adversarial Tactics, Techniques & Common Knowledge:

https://attack.mitre.org/wiki/Main_Page

-790-Bug Bounty — Tips / Tricks / JS (JavaScript Files):

https://medium.com/p/bdde412ea49d

-791-Bug Bounty Hunting Tips #2 —Target their mobile apps (Android Edition):

https://medium.com/p/f88a9f383fcc

-792-DiskShadow: The Return of VSS Evasion, Persistence, and Active Directory Database Extraction:

https://bohops.com/2018/03/26/diskshadow-the-return-of-vss-evasion-persistence-and-active-directory-database-extraction/

-793-Executing Commands and Bypassing AppLocker with PowerShell Diagnostic Scripts:

https://bohops.com/2018/01/07/executing-commands-and-bypassing-applocker-with-powershell-diagnostic-scripts/

-794-ClickOnce (Twice or Thrice): A Technique for Social Engineering and (Un)trusted Command Execution:

https://bohops.com/2017/12/02/clickonce-twice-or-thrice-a-technique-for-social-engineering-and-untrusted-command-execution/

-795-Leveraging INF-SCT Fetch & Execute Techniques For Bypass, Evasion, & Persistence (Part 2):

https://bohops.com/2018/03/10/leveraging-inf-sct-fetch-execute-techniques-for-bypass-evasion-persistence-part-2/

-796-DiskShadow: The Return of VSS Evasion, Persistence, and Active Directory Database Extraction:

https://bohops.com/2018/03/26/diskshadow-the-return-of-vss-evasion-persistence-and-active-directory-database-extraction/

-797-Trust Direction: An Enabler for Active Directory Enumeration and Trust Exploitation:

https://bohops.com/2017/12/02/trust-direction-an-enabler-for-active-directory-enumeration-and-trust-exploitation/

-798-DiskShadow: The Return of VSS Evasion, Persistence, and Active Directory Database Extraction:

https://bohops.com/2018/03/26/diskshadow-the-return-of-vss-evasion-persistence-and-active-directory-database-extraction/

-799-Abusing Exported Functions and Exposed DCOM Interfaces for Pass-Thru Command Execution and Lateral Movement:

https://bohops.com/2018/03/17/abusing-exported-functions-and-exposed-dcom-interfaces-for-pass-thru-command-execution-and-lateral-movement/

-800-Capcom Rootkit Proof-Of-Concept:

https://www.fuzzysecurity.com/tutorials/28.html

-801-Linux Privilege Escalation using Misconfigured NFS:

http://www.hackingarticles.in/linux-privilege-escalation-using-misconfigured-nfs/

-802-Beginners Guide for John the Ripper (Part 1):

http://www.hackingarticles.in/beginner-guide-john-the-ripper-part-1/

-803-Working of Traceroute using Wireshark:

http://www.hackingarticles.in/working-of-traceroute-using-wireshark/

-804-Multiple Ways to Get root through Writable File:

http://www.hackingarticles.in/multiple-ways-to-get-root-through-writable-file/

-805-4 ways to SMTP Enumeration:

http://www.hackingarticles.in/4-ways-smtp-enumeration

-806-4 ways to Hack MS SQL Login Password:

http://www.hackingarticles.in/4-ways-to-hack-ms-sql-login-password

-807-4 Ways to Hack Telnet Passsword:

http://www.hackingarticles.in/4-ways-to-hack-telnet-passsword

-808-5 ways to Brute Force Attack on WordPress Website:

http://www.hackingarticles.in/5-ways-brute-force-attack-wordpress-website

-809-5 Ways to Crawl a Website:

http://www.hackingarticles.in/5-ways-crawl-website

-810-Local Linux Enumeration & Privilege Escalation Cheatsheet:

https://www.rebootuser.com/?p=1623

-811-The Drebin Dataset:

https://www.sec.cs.tu-bs.de/~danarp/drebin/download.html

-812-ECMAScript 6 from an Attacker’s Perspective - Breaking Frameworks, Sandboxes, and everything else:

https://www.slideshare.net/x00mario/es6-en

-813-IT and Information Security Cheat Sheets:

https://zeltser.com/cheat-sheets/

-814-Cheat Sheets - DFIR Training:

https://www.dfir.training/cheat-sheets

-815-WinDbg Malware Analysis Cheat Sheet:

https://oalabs.openanalysis.net/2019/02/18/windbg-for-malware-analysis/

-819-Cheat Sheet for Analyzing Malicious Software:

https://www.prodefence.org/cheat-sheet-for-analyzing-malicious-software/

-820-Analyzing Malicious Documents Cheat Sheet - Prodefence:

https://www.prodefence.org/analyzing-malicious-documents-cheat-sheet-2/

-821-Cheat Sheets - SANS Digital Forensics:

https://digital-forensics.sans.org/community/cheat-sheets

-822-Linux Command Line Forensics and Intrusion Detection Cheat Sheet:

https://www.sandflysecurity.com/blog/compromised-linux-cheat-sheet/

-823-Windows Registry Auditing Cheat Sheet:

https://www.slideshare.net/Hackerhurricane/windows-registry-auditing-cheat-sheet-ver-jan-2016-malwarearchaeology

-824-Cheat Sheet of Useful Commands Every Kali Linux User Needs To Know:

https://kennyvn.com/cheatsheet-useful-bash-commands-linux/

-825-kali-linux-cheatsheet:

-826-8 Best Kali Linux Terminal Commands used by Hackers (2019 Edition):

https://securedyou.com/best-kali-linux-commands-terminal-hacking/

-827-Kali Linux Commands Cheat Sheet:

https://www.pinterest.com/pin/393431717429496576/

-827-Kali Linux Commands Cheat Sheet A To Z:

https://officialhacker.com/linux-commands-cheat-sheet/

-828-Linux commands CHEATSHEET for HACKERS:

https://www.reddit.com/r/Kalilinux/.../linux_commands_cheatsheet_for_hackers/

-829-100 Linux Commands – A Brief Outline With Cheatsheet:

https://fosslovers.com/100-linux-commands-cheatsheet/

-830-Kali Linux – Penetration Testing Cheat Sheet:

https://uwnthesis.wordpress.com/2016/06/.../kali-linux-penetration-testing-cheat-sheet/

-831-Basic Linux Terminal Shortcuts Cheat Sheet :

https://computingforgeeks.com/basic-linux-terminal-shortcuts-cheat-sheet/

-832-List Of 220+ Kali Linux and Linux Commands Line {Free PDF} :

https://itechhacks.com/kali-linux-and-linux-commands/

-833-Transferring files from Kali to Windows (post exploitation):

https://blog.ropnop.com/transferring-files-from-kali-to-windows/

-834-The Ultimate Penetration Testing Command Cheat Sheet for Kali Linux:

https://www.hostingland.com/.../the-ultimate-penetration-testing-command-cheat-sheet

-835-What is penetration testing? 10 hacking tools the pros use:

https://www.csoonline.com/article/.../17-penetration-testing-tools-the-pros-use.html

-836-Best Hacking Tools List for Hackers & Security Professionals in 2019:

https://gbhackers.com/hacking-tools-list/

-837-ExploitedBunker PenTest Cheatsheet:

https://exploitedbunker.com/articles/pentest-cheatsheet/

-838-How to use Zarp for penetration testing:

https://www.techrepublic.com/article/how-to-use-zarp-for-penetration-testing/

-839-Wireless Penetration Testing Cheat Sheet;

https://uceka.com/2014/05/12/wireless-penetration-testing-cheat-sheet/

-840-Pentest Cheat Sheets:

https://www.cheatography.com/tag/pentest/

-841-40 Best Penetration Testing (Pen Testing) Tools in 2019:

https://www.guru99.com/top-5-penetration-testing-tools.html

-842-Metasploit Cheat Sheet:

https://www.hacking.land/2019/02/metasploit-cheat-sheet.html

-843-OSCP useful resources and tools;

https://acknak.fr/en/articles/oscp-tools/

-844-Pentest + Exploit dev Cheatsheet:

https://ehackings.com/all-posts/pentest-exploit-dev-cheatsheet/

-845-What is Penetration Testing? A Quick Guide for 2019:

https://www.cloudwards.net/penetration-testing/

-846-Recon resource:

https://pentester.land/cheatsheets/2019/04/15/recon-resources.html

-847-Network Recon Cheat Sheet:

https://www.cheatography.com/coffeefueled/cheat-sheets/network-recon/

-848-Recon Cheat Sheets:

https://www.cheatography.com/tag/recon/

-849-Penetration Testing Active Directory, Part II:

https://hausec.com/2019/03/12/penetration-testing-active-directory-part-ii/

-850-Reverse-engineering Cheat Sheets:

https://www.cheatography.com/tag/reverse-engineering/

-851-Reverse Engineering Cheat Sheet:

https://www.scribd.com/doc/38163906/Reverse-Engineering-Cheat-Sheet

-852-ATOMBOMBING: BRAND NEW CODE INJECTION FOR WINDOWS:

https://blog.ensilo.com/atombombing-brand-new-code-injection-for-windows

-853-PROPagate:

http://www.hexacorn.com/blog/2017/10/26/propagate-a-new-code-injection-trick/

-854-Process Doppelgänging, by Tal Liberman and Eugene Kogan::

https://www.blackhat.com/docs/eu-17/materials/eu-17-Liberman-Lost-In-Transaction-Process-Doppelganging.pdf

-855-Gargoyle:

https://jlospinoso.github.io/security/assembly/c/cpp/developing/software/2017/03/04/gargoyle-memory-analysis-evasion.html

-856-GHOSTHOOK:

https://www.cyberark.com/threat-research-blog/ghosthook-bypassing-patchguard-processor-trace-based-hooking/

-857-Learn C:

https://www.programiz.com/c-programming

-858-x86 Assembly Programming Tutorial:

https://www.tutorialspoint.com/assembly_programming/

-859-Dr. Paul Carter’s PC Assembly Language:

http://pacman128.github.io/pcasm/

-860-Introductory Intel x86 - Architecture, Assembly, Applications, and Alliteration:

http://opensecuritytraining.info/IntroX86.html

-861-x86 Disassembly:

https://en.wikibooks.org/wiki/X86_Disassembly

-862-use-of-dns-tunneling-for-cc-communications-malware:

https://securelist.com/use-of-dns-tunneling-for-cc-communications/78203/

-863-Using IDAPython to Make Your Life Easier (Series)::

https://researchcenter.paloaltonetworks.com/2015/12/using-idapython-to-make-your-life-easier-part-1/

-864-NET binary analysis:

https://cysinfo.com/cyber-attack-targeting-cbi-and-possibly-indian-army-officials/

-865-detailed analysis of the BlackEnergy3 big dropper:

https://cysinfo.com/blackout-memory-analysis-of-blackenergy-big-dropper/

-866-detailed analysis of Uroburos rootkit:

https://www.gdatasoftware.com/blog/2014/06/23953-analysis-of-uroburos-using-windbg

-867-TCP/IP and tcpdump Pocket Reference Guide:

https://www.sans.org/security-resources/tcpip.pdf

-868-TCPDUMP Cheatsheet:

http://packetlife.net/media/library/12/tcpdump.pdf

-869-Scapy Cheatsheet:

http://packetlife.net/media/library/36/scapy.pdf

-870-WIRESHARK DISPLAY FILTERS:

http://packetlife.net/media/library/13/Wireshark_Display_Filters.pdf

-871-Windows command line sheet:

https://www.sans.org/security-resources/sec560/windows_command_line_sheet_v1.pdf

-872-Metasploit cheat sheet:

https://www.sans.org/security-resources/sec560/misc_tools_sheet_v1.pdf

-873-IPv6 Cheatsheet:

http://packetlife.net/media/library/8/IPv6.pdf

-874-IPv4 Subnetting:

http://packetlife.net/media/library/15/IPv4_Subnetting.pdf

-875-IOS IPV4 ACCESS LISTS:

http://packetlife.net/media/library/14/IOS_IPv4_Access_Lists.pdf

-876-Common Ports List:

http://packetlife.net/media/library/23/common_ports.pdf

-877-WLAN:

http://packetlife.net/media/library/4/IEEE_802.11_WLAN.pdf

-878-VLANs Cheatsheet:

http://packetlife.net/media/library/20/VLANs.pdf

-879-VoIP Basics CheatSheet:

http://packetlife.net/media/library/34/VOIP_Basics.pdf

-880-Google hacking and defense cheat sheet:

https://www.sans.org/security-resources/GoogleCheatSheet.pdf

-881-Nmap CheatSheet:

https://pen-testing.sans.org/blog/2013/10/08/nmap-cheat-sheet-1-0

-882-Netcat cheat sheet:

https://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf

-883-PowerShell cheat sheet:

https://blogs.sans.org/pen-testing/files/2016/05/PowerShellCheatSheet_v41.pdf

-884-Scapy cheat sheet POCKET REFERENCE:

https://blogs.sans.org/pen-testing/files/2016/04/ScapyCheatSheet_v0.2.pdf

-885-SQL injection cheat sheet.:

https://information.rapid7.com/sql-injection-cheat-sheet-download.html

-886-Injection cheat sheet:

https://information.rapid7.com/injection-non-sql-cheat-sheet-download.html

-887-Symmetric Encryption Algorithms cheat sheet:

https://www.cheatography.com/rubberdragonfarts/cheat-sheets/symmetric-encryption-algorithms/

-888-Intrusion Discovery Cheat Sheet v2.0 for Linux:

https://pen-testing.sans.org/retrieve/linux-cheat-sheet.pdf

-889-Intrusion Discovery Cheat Sheet v2.0 for Window:

https://pen-testing.sans.org/retrieve/windows-cheat-sheet.pdf

-890-Memory Forensics Cheat Sheet v1.2:

https://digital-forensics.sans.org/media/memory-forensics-cheat-sheet.pdf

-891-CRITICAL LOG REVIEW CHECKLIST FOR SECURITY INCIDENTS G E N E R AL APPROACH:

https://www.sans.org/brochure/course/log-management-in-depth/6

-892-Evidence collection cheat sheet:

https://digital-forensics.sans.org/media/evidence_collection_cheat_sheet.pdf

-893-Hex file and regex cheat sheet v1.0:

https://digital-forensics.sans.org/media/hex_file_and_regex_cheat_sheet.pdf

-894-Rekall Memory Forensic Framework Cheat Sheet v1.2.:

https://digital-forensics.sans.org/media/rekall-memory-forensics-cheatsheet.pdf

-895-SIFT WORKSTATION Cheat Sheet v3.0.:

https://digital-forensics.sans.org/media/sift_cheat_sheet.pdf

-896-Volatility Memory Forensic Framework Cheat Sheet:

https://digital-forensics.sans.org/media/volatility-memory-forensics-cheat-sheet.pdf

-897-Hands - on Network Forensics.:

https://www.first.org/resources/papers/conf2015/first_2015_-_hjelmvik-erik-_hands-on_network_forensics_20150604.pdf

-898-VoIP Security Vulnerabilities.:

https://www.sans.org/reading-room/whitepapers/voip/voip-security-vulnerabilities-2036

-899-Incident Response: How to Fight Back:

https://www.sans.org/reading-room/whitepapers/analyst/incident-response-fight-35342

-900-BI-7_VoIP_Analysis_Fundamentals:

https://sharkfest.wireshark.org/sharkfest.12/presentations/BI-7_VoIP_Analysis_Fundamentals.pdf

-901-Bug Hunting Guide:

cybertheta.blogspot.com/2018/08/bug-hunting-guide.html

-902-Guide 001 |Getting Started in Bug Bounty Hunting:

https://whoami.securitybreached.org/2019/.../guide-getting-started-in-bug-bounty-hun

-903-SQL injection cheat sheet :

https://portswigger.net › Web Security Academy › SQL injection › Cheat sheet

-904-RSnake’s XSS Cheat Sheet:

https://www.in-secure.org/2018/08/22/rsnakes-xss-cheat-sheet/

-905-Bug Bounty Tips (2):

https://ctrsec.io/index.php/2019/03/20/bug-bounty-tips-2/

-906-A Review of my Bug Hunting Journey:

https://kongwenbin.com/a-review-of-my-bug-hunting-journey/

-907-Meet the First Hacker Millionaire on HackerOne:

https://itblogr.com/meet-the-first-hacker-millionaire-on-hackerone/

-908-XSS Cheat Sheet:

https://www.reddit.com/r/programming/comments/4sn54s/xss_cheat_sheet/

-909-Bug Bounty Hunter Methodology:

https://www.slideshare.net/bugcrowd/bug-bounty-hunter-methodology-nullcon-2016

-910-#10 Rules of Bug Bounty:

https://hackernoon.com/10-rules-of-bug-bounty-65082473ab8c

-911-Bugbounty Checklist:

https://www.excis3.be/bugbounty-checklist/21/

-912-FireBounty | The Ultimate Bug Bounty List!:

https://firebounty.com/

-913-Brutelogic xss cheat sheet 2019:

https://brutelogic.com.br/blog/ebook/xss-cheat-sheet/

-914-XSS Cheat Sheet by Rodolfo Assis:

https://leanpub.com/xss

-915-Cross-Site-Scripting (XSS) – Cheat Sheet:

https://ironhackers.es/en/cheatsheet/cross-site-scripting-xss-cheat-sheet/

-916-XSS Cheat Sheet V. 2018 :

https://hackerconnected.wordpress.com/2018/03/15/xss-cheat-sheet-v-2018/

-917-Cross-site Scripting Payloads Cheat Sheet :

https://exploit.linuxsec.org/xss-payloads-list

-918-Xss Cheat Sheet :

https://www.in-secure.org/tag/xss-cheat-sheet/

-919-Open Redirect Cheat Sheet :

https://pentester.land/cheatsheets/2018/11/02/open-redirect-cheatsheet.html

-920-XSS, SQL Injection and Fuzzing Bar Code Cheat Sheet:

https://www.irongeek.com/xss-sql-injection-fuzzing-barcode-generator.php

-921-XSS Cheat Sheet:

https://tools.paco.bg/13/

-922-XSS for ASP.net developers:

https://www.gosecure.net/blog/2016/03/22/xss-for-asp-net-developers

-923-Cross-Site Request Forgery Cheat Sheet:

https://trustfoundry.net/cross-site-request-forgery-cheat-sheet/

-924-CSRF Attacks: Anatomy, Prevention, and XSRF Tokens:

https://www.acunetix.com/websitesecurity/csrf-attacks/

-925-Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet :

https://mamchenkov.net/.../05/.../cross-site-request-forgery-csrf-prevention-cheat-shee

-926-Guide to CSRF (Cross-Site Request Forgery):

https://www.veracode.com/security/csrf

-927-Cross-site Request Forgery - Exploitation & Prevention:

https://www.netsparker.com/blog/web-security/csrf-cross-site-request-forgery/

-928-SQL Injection Cheat Sheet :

https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet/

-929-MySQL SQL Injection Practical Cheat Sheet:

https://www.perspectiverisk.com/mysql-sql-injection-practical-cheat-sheet/

-930-SQL Injection (SQLi) - Cheat Sheet, Attack Examples & Protection:

https://www.checkmarx.com/knowledge/knowledgebase/SQLi

-931-SQL injection attacks: A cheat sheet for business pros:

https://www.techrepublic.com/.../sql-injection-attacks-a-cheat-sheet-for-business-pros/

-932-The SQL Injection Cheat Sheet:

https://biztechmagazine.com/article/.../guide-combatting-sql-injection-attacks-perfcon

-933-SQL Injection Cheat Sheet:

https://resources.infosecinstitute.com/sql-injection-cheat-sheet/

-934-Comprehensive SQL Injection Cheat Sheet:

https://www.darknet.org.uk/2007/05/comprehensive-sql-injection-cheat-sheet/

-935-MySQL SQL Injection Cheat Sheet:

pentestmonkey.net/cheat-sheet/sql-injection/mysql-sql-injection-cheat-sheet

-936-SQL Injection Cheat Sheet: MySQL:

https://www.gracefulsecurity.com/sql-injection-cheat-sheet-mysql/

-937- MySQL Injection Cheat Sheet:

https://www.asafety.fr/mysql-injection-cheat-sheet/

-938-SQL Injection Cheat Sheet:

https://www.reddit.com/r/netsec/comments/7l449h/sql_injection_cheat_sheet/

-939-Google dorks cheat sheet 2019:

https://sanfrantokyo.com/pph5/yxo7.php?xxx=5&lf338=google...cheat-sheet-2019

-940-Command Injection Cheatsheet :

https://hackersonlineclub.com/command-injection-cheatsheet/

-941-OS Command Injection Vulnerability:

https://www.immuniweb.com/vulnerability/os-command-injection.html

-942-OS Command Injection:

https://www.checkmarx.com/knowledge/knowledgebase/OS-Command_Injection

-943-Command Injection: The Good, the Bad and the Blind:

https://www.gracefulsecurity.com/command-injection-the-good-the-bad-and-the-blind/

-944-OS command injection:

https://portswigger.net › Web Security Academy › OS command injection

-945-How to Test for Command Injection:

https://blog.securityinnovation.com/blog/.../how-to-test-for-command-injection.html

-946-Data Exfiltration via Blind OS Command Injection:

https://www.contextis.com/en/blog/data-exfiltration-via-blind-os-command-injection

-947-XXE Cheatsheet:

https://www.gracefulsecurity.com/xxe-cheatsheet/

-948-bugbounty-cheatsheet/xxe.:

https://github.com/EdOverflow/bugbounty-cheatsheet/blob/master/cheatsheets/xxe.md

-949-XXE - Information Security:

https://phonexicum.github.io/infosec/xxe.html

-950-XXE Cheat Sheet:

https://www.hahwul.com/p/xxe-cheat-sheet.html

-951-Advice From A Researcher: Hunting XXE For Fun and Profit:

https://www.bugcrowd.com/blog/advice-from-a-bug-hunter-xxe/

-952-Out of Band Exploitation (OOB) CheatSheet :

https://www.notsosecure.com/oob-exploitation-cheatsheet/

-953-Web app penentration testing checklist and cheatsheet:

www.malwrforensics.com/…/web-app-penentration-testing-checklist-and-cheatsheet-with-example

-954-Useful Resources:

https://lsdsecurity.com/useful-resources/

-955-Exploiting XXE Vulnerabilities in IIS/.NET:

https://pen-testing.sans.org/.../entity-inception-exploiting-iis-net-with-xxe-vulnerabiliti

-956-Top 65 OWASP Cheat Sheet Collections - ALL IN ONE:

https://www.yeahhub.com/top-65-owasp-cheat-sheet-collections-all-in-one/

-957-Hacking Resources:

https://www.torontowebsitedeveloper.com/hacking-resources

-958-Out of Band XML External Entity Injection:

https://www.netsparker.com/web...scanner/.../out-of-band-xml-external-entity-injectio

-959-XXE - ZeroSec - Adventures In Information Security:

https://blog.zsec.uk/out-of-band-xxe-2/

-960-Blog - Automated Data Exfiltration with XXE:

https://blog.gdssecurity.com/labs/2015/4/.../automated-data-exfiltration-with-xxe.html

-961-My Experience during Infosec Interviews:

https://medium.com/.../my-experience-during-infosec-interviews-ed1f74ce41b8

-962-Top 10 Security Risks on the Web (OWASP):

https://sensedia.com/.../top-10-security-risks-on-the-web-owasp-and-how-to-mitigate-t

-963-Antivirus Evasion Tools [Updated 2019] :

https://resources.infosecinstitute.com/antivirus-evasion-tools/

-964-Adventures in Anti-Virus Evasion:

https://www.gracefulsecurity.com/anti-virus-evasion/

-965-Antivirus Bypass Phantom Evasion - 2019 :

https://www.reddit.com/r/Kalilinux/.../antivirus_bypass_phantom_evasion_2019/

-966-Antivirus Evasion with Python:

https://medium.com/bugbountywriteup/antivirus-evasion-with-python-49185295caf1

-967-Windows oneliners to get shell:

https://ironhackers.es/en/cheatsheet/comandos-en-windows-para-obtener-shell/

-968-Does Veil Evasion Still Work Against Modern AntiVirus?:

https://www.hackingloops.com/veil-evasion-virustotal/

-969-Google dorks cheat sheet 2019 :

https://sanfrantokyo.com/pph5/yxo7.php?xxx=5&lf338=google...cheat-sheet-2019

-970-Malware Evasion Techniques :

https://www.slideshare.net/ThomasRoccia/malware-evasion-techniques

-971-How to become a cybersecurity pro: A cheat sheet:

https://www.techrepublic.com/article/cheat-sheet-how-to-become-a-cybersecurity-pro/

-972-Bypassing Antivirus With Ten Lines of Code:

https://hackingandsecurity.blogspot.com/.../bypassing-antivirus-with-ten-lines-of.html

-973-Bypassing antivirus detection on a PDF exploit:

https://www.digital.security/en/blog/bypassing-antivirus-detection-pdf-exploit

-974-Generating Payloads & Anti-Virus Bypass Methods:

https://uceka.com/2014/02/19/generating-payloads-anti-virus-bypass-methods/

-975-Apkwash Android Antivirus Evasion For Msfvemon:

https://hackingarise.com/apkwash-android-antivirus-evasion-for-msfvemon/

-976-Penetration Testing with Windows Computer & Bypassing an Antivirus:

https://www.prodefence.org/penetration-testing-with-windows-computer-bypassing-antivirus

-978-Penetration Testing: The Quest For Fully UnDetectable Malware:

https://www.foregenix.com/.../penetration-testing-the-quest-for-fully-undetectable-malware

-979-AVET: An AntiVirus Bypassing tool working with Metasploit Framework :

https://githacktools.blogspot.com

-980-Creating an undetectable payload using Veil-Evasion Toolkit:

https://www.yeahhub.com/creating-undetectable-payload-using-veil-evasion-toolkit/

-981-Evading Antivirus :

https://sathisharthars.com/tag/evading-antivirus/

-982-AVPASS – All things in moderation:

https://hydrasky.com/mobile-security/avpass/

-983-Complete Penetration Testing & Hacking Tools List:

https://cybarrior.com/blog/2019/03/31/hacking-tools-list/

-984-Modern red teaming: 21 resources for your security team:

https://techbeacon.com/security/modern-red-teaming-21-resources-your-security-team

-985-BloodHound and CypherDog Cheatsheet :

https://hausec.com/2019/04/15/bloodhound-and-cypherdog-cheatsheet/

-986-Redteam Archives:

https://ethicalhackingguru.com/category/redteam/

-987-NMAP Commands Cheat Sheet:

https://www.networkstraining.com/nmap-commands-cheat-sheet/

-988-Nmap Cheat Sheet:

https://dhound.io/blog/nmap-cheatsheet

-989-Nmap Cheat Sheet: From Discovery to Exploits:

https://resources.infosecinstitute.com/nmap-cheat-sheet/

-990-Nmap Cheat Sheet and Pro Tips:

https://hackertarget.com/nmap-cheatsheet-a-quick-reference-guide/

-991-Nmap Tutorial: from the Basics to Advanced Tips:

https://hackertarget.com/nmap-tutorial/

-992-How to run a complete network scan with OpenVAS;

https://www.techrepublic.com/.../how-to-run-a-complete-network-scan-with-openvas/

-993-Nmap: my own cheatsheet:

https://www.andreafortuna.org/2018/03/12/nmap-my-own-cheatsheet/

-994-Top 32 Nmap Command Examples For Linux Sys/Network Admins:

https://www.cyberciti.biz/security/nmap-command-examples-tutorials/

-995-35+ Best Free NMap Tutorials and Courses to Become Pro Hacker:

https://www.fromdev.com/2019/01/best-free-nmap-tutorials-courses.html

-996-Scanning Tools:

https://widesecurity.net/kali-linux/kali-linux-tools-scanning/

-997-Nmap - Cheatsheet:

https://www.ivoidwarranties.tech/posts/pentesting-tuts/nmap/cheatsheet/

-998-Linux for Network Engineers:

https://netbeez.net/blog/linux-how-to-use-nmap/

-999-Nmap Cheat Sheet:

https://www.hackingloops.com/nmap-cheat-sheet-port-scanning-basics-ethical-hackers/

-1000-Tactical Nmap for Beginner Network Reconnaissance:

https://null-byte.wonderhowto.com/.../tactical-nmap-for-beginner-network-reconnaiss

Source : Github

HAPPY LEARNING :+1:

For more freebies, Do follow our site : www.freesoff.com
Follow us on Telegram
For any Queries, Reply Below!