Home

This repository contains structurally organized, security related quick references, cheat-sheets, and resources maintained by ayomawdb.

Please check different categories for more details.

Home page is reserved mainly to list down pending analysis and pending research items, and also to point to other similar security related knowledge bases.

Training Platforms

• https://www.enisa.europa.eu/topics/trainings-for-cybersecurity-specialists/online-training-material/technical-operational
• https://community.turgensec.com/shodan-pentesting-guide/

Cheatsheets

• Command line reference – Database and OS scripting: https://ss64.com/
• RTFM (Red Team Field Manual) - https://github.com/leostat/rtfm
• http://cheat.sh/

curl https://cht.sh/:cht.sh | sudo tee /usr/local/bin/cht.sh
chmod +x /usr/local/bin/cht.sh

mkdir ~/.bash.d
curl https://cheat.sh/:bash_completion > ~/.bash.d/cht.sh
chmod +x ~/.bash.d/cht.sh
. ~/.bash.d/cht.sh
# and add . ~/.bash.d/cht.sh to ~/.bashrc

mkdir  ~/.zsh.d
curl https://cheat.sh/:zsh > ~/.zsh.d/_cht
echo 'fpath=(~/.zsh.d/ $fpath)' >> ~/.zshrc

• Nmap: https://blogs.sans.org/pen-testing/files/2013/10/NmapCheatSheetv1.1.pdf
• Wireshark: https://packetlife.net/media/library/13/Wireshark_Display_Filters.pdf
• TcpDump: https://packetlife.net/media/library/12/tcpdump.pdf
• Netcat: https://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf
• Ncat: https://medium.com/@pentest_it/ncat-cheatsheet-ddc5f07d8533
• Scapy: https://blogs.sans.org/pen-testing/files/2016/04/ScapyCheatSheet_v0.2.pdf
• Powershell: https://blogs.sans.org/pen-testing/files/2016/05/PowerShellCheatSheet_v41.pdf
• Metasploit: https://blogs.sans.org/pen-testing/files/2017/02/MetasploitCheatsheet2.0.pdf

• Reverse Shell: https://highon.coffee/blog/reverse-shell-cheat-sheet/
• Pentest Tools: https://highon.coffee/blog/penetration-testing-tools-cheat-sheet/
• LFI: https://highon.coffee/blog/lfi-cheat-sheet/
• VI: https://highon.coffee/blog/vi-cheat-sheet/
• Systemd: https://highon.coffee/blog/systemd-cheat-sheet/
• Nbtscan: https://highon.coffee/blog/nbtscan-cheat-sheet/
• Nmap: https://highon.coffee/blog/nmap-cheat-sheet/
• Linux: https://highon.coffee/blog/linux-commands-cheat-sheet/

Day-to-day Tools

• CyberChef: https://gchq.github.io/CyberChef
  • https://www.youtube.com/watch?v=LnhSTZgzKuY
• GoogleToolbox: https://toolbox.googleapps.com/apps/main/
  • Browserinfo, MX, Dig, HAR, Log Analyzer, Mail Headers, Encode/Decode
• https://pentest.ws/
• Defining scope in Burp / ZAP: https://github.com/root4loot/rescope
• https://www.hackingarticles.in/koadic-com-command-control-framework/

Other Collections

• https://tools.tldr.run/
• https://noobsec.net/
• https://github.com/juliocesarfort/public-pentesting-reports
• Rawsec's CyberSecurity Inventory

• https://chryzsh.gitbooks.io/pentestbook/

• ComputerSecurityStudent - Metasploitable Project >> Exploits: https://www.computersecuritystudent.com/cgi-bin/CSS/process_request_v3.pl?HID=f213c73c216e2231c8f0d65f3d93ac18&TYPE=SUB
• Exploit collection - https://github.com/jivoi/pentest
• Hacking Methodology: https://www.greycampus.com/opencampus/ethical-hacking/hacking-methodology
  • https://twitter.com/Alra3ees/status/1075569238474141697
• Red Team Tips: https://vincentyiu.co.uk/red-team-tips/
• Red Teaming/Adversary Simulation Toolkit: https://github.com/infosecn1nja/Red-Teaming-Toolkit/blob/master/README.md
• Red Team Techniques: Gaining access on an external engagement through spear-phishing: https://blog.sublimesecurity.com/red-team-techniques-gaining-access-on-an-external-engagement-through-spear-phishing/
• Red Team Tips: https://vincentyiu.co.uk/red-team-tips/
• http://ired.team/
• Pasties: https://github.com/threatexpress/pasties/blob/master/pasties.md
• Red Team Scripts: https://github.com/threatexpress/red-team-scripts
• 101 Bash Commands and Tips for Beginners to Experts: https://dev.to/awwsmm/101-bash-commands-and-tips-for-beginners-to-experts-30je
• The Book of Secret Knowledge: https://github.com/trimstray/the-book-of-secret-knowledge
• Offensive Security Bookmarks: https://jivoi.github.io/2015/07/03/offensive-security-bookmarks/
• List of Awesome Red Teaming Resources: https://github.com/yeyintminthuhtut/Awesome-Red-Teaming
• http://ired.team/offensive-security-experiments/offensive-security-cheetsheets
• Playbook for system hardening maintained by the #! security research team.: https://github.com/hashbang/hardening

Blogs

• https://medium.com/@int0x33
• https://github.com/sectalks/sectalks
• Practical use of JavaScript and COM Scriptlets for Penetration Testing: http://www.labofapenetrationtester.com/2016/05/
• https://blog.0patch.com
• https://scriptdotsh.com
• https://room362.com/blog
• https://root4loot.com/
• https://medium.com/@notsoshant

POC Repos

• https://github.com/qazbnm456/awesome-cve-poc

Important files

• A binary that is a valid JAR, PE, ZIP, HTML: https://github.com/indrora/corkami/blob/master/src/mix/corkamix.asm / https://github.com/indrora/corkami/tree/master/src/mix
• Zip and Hach Collisions: https://github.com/corkami/collisions
• Crfting files in pure ASM: https://twitter.com/angealbertini/status/1088866350095835136

Podcasts

• https://darknetdiaries.com/

Graphs

• https://www.graphistry.com/

Pending Analysis CVEs

• Cisco
  • CVE-2019-1653 - Allows a remote attacker to get sensitive device configuration details without a password.
  • CVE-2019-1652 - Allows a remote attacker to inject and run admin commands on the device without a password.
• EternalRomance (MS17-010)
• Stuxnet CVEs

Pending Analysis Tweets

• https://twitter.com/trimstray-

Pending Analysis Tools

• sh00t - A Testing Environment for Manual Security Testers: https://github.com/pavanw3b/sh00t
• http://rumkin.com/tools

Discord Channels

• https://discordapp.com/invite/VPFWfdt
• https://discordapp.com/invite/2AG6TCm
• https://discordapp.com/invite/4gHhxS8
• https://discordapp.com/invite/7Z2PmWP
• https://discordapp.com/invite/malwaretech

VMS

• Malware Analysis (windows): https://github.com/GoSecure/malboxes

ATT&CK

• ATT&CKing the Singapore Health Data Breach: https://bitofhex.com/2019/01/13/attack-and-singapore-breach/
• HELK Dashboard: https://github.com/Cyb3rWard0g/ATTACK-Python-Client/tree/master/integrations/helk_cti

Buy

• Giant Board: https://groboards.com/
• NFC Payments: Relay Attacks with LoRa: https://salmg.net/2019/01/12/nfc-payment-relay-attacks-with-lora/
  • https://www.aliexpress.com/item/SX1278-ESP32-LoRa-0-96-Inch-Blue-OLED-Display-Bluetooth-WIFI-Lora-Kit-32-Module-IOT/32825749403.html
  • https://www.aliexpress.com/item/13-56mHz-PN532-compatible-raspberry-pie-NFC-card-reader-module/2055119495.html?spm=2114.search0104.3.29.166f4b4fElzuKj&ws_ab_test=searchweb0_0,searchweb201602_5_10065_10068_10130_10890_10547_319_10546_317_10548_10545_10696_453_10084_454_10083_10618_431_10307_537_536_10059_10884_10887_100031_321_322_10103-10890,searchweb201603_53,ppcSwitch_0&algo_expid=8b42d885-fff2-4797-a3ea-3cfd99a32ed3-4&algo_pvid=8b42d885-fff2-4797-a3ea-3cfd99a32ed3&transAbTest=ae803_5
• Bundle Raspberry Pi 7" Touchscreen Display & Case : https://www.amazon.it/gp/product/B01M0AT5O5

Pending DIY Projects

• RPi Handheld: https://twitter.com/CrankyLinuxUser/status/1095111251510915075
• Privacy: https://www.privacynow.net/privacy-devices
• Network Gears: https://twitter.com/fouroctets/status/1092121490579906560
• Tools for capturing and analysing keyboard input paired with microphone capture: https://github.com/ggerganov/kbd-audio

Web

• NES-style CSS Framework: https://nostalgic-css.github.io/NES.css/
• itty.bitty.site: https://itty.bitty.site/#How_it_Works/XQAAAAK4CgAAAAAAAAAeHMqHyTY4PyKmqfkwr6ooCXSIMxPQ7ojYR153HqZD3W+keVdvwyoyd+luwncAksxo8PWJs+831jtAVty8rDpGXmyebtxMTP3PSa4g8/593sWue8MDcpOgi1bQyEtfa0JNQZ6T1I/xyNULg1rpwWgE2Y9BnqDq8fDN1N+nd58bizHxZrkeBhdg8inSQ/xKDX7JxpEnuwOAh4FOfn3+EHSxzhJsdQjZfh3lk4tTCDexgFND30Ea3NmmJGK84pdMtEVlcmKC5lrnUNmgoJa3QFsHJkr5595tk03idElTDVhmcQI3jSvPrkTVFTnSLeARVZXV/EUiF0y7+cR3bVkLoTkamZWDMiCTY2Xhv0LdNqWlb/xxyk6takRLrNnS8DkifXEbevTbJOUamuK7uy55kL61btF+/lYNHLWGbh1ckCYglReWWMlM0k4uuqM24okcS74tHtOW3Y5HZYBmPvRR+ItSrZPvbj3kbztOrWapUp7nAzgfIjYoBV/4xOXpFbbaHRft5GICE5Mr1PQhmW/nB63nTpnR+7UdHag8WIMa7nf+NvTPKC5MmQnKzhaMuqEnwGgcM5vkWbekimBclkGJwTGeyhxL7N6hivY+KS3H7vcOSFHXGr7K3PBIQZbywqQiimQ6B6zu4RvH7ZZ3ZN++ii00HKM0FPMcNHuOnL99vAxEl6TEFnx4J4+fwzJwNbuut30TFMBgcrE4iKAGncFIHmvOstFWxE+VlvTLC+uy6XArTO8BdfmbByGiyFv8Al7HqLAzGShdGWNzJ6cPpRwMAmWl5GNRA4qwjQAlfF1dtTwfIXSWOL7AyRwxPs27uY2cvVHCdmVVTNDYiTzHeKX6D9e2ApDRFD6pgcA9VMVP6UeOdVdmwRJ+iLTwQuCdLbVWzQ5T2i/chlihD+RawylXJQ8bKvxW9egXGcrgR5dyKaZCr8nBrArAgtRLR7PdqBQQbr5VodBvPc2FP3fZ6UuQVI1Kg4KcY44GIU5vnlM029TU+ibO2iSX3FhusTFhyOxl4TjjkuXBqA1V7Ha/Op2m8QZaP68p7AAZPOcTHAwP5PxENqIf8qS2aaG2Fiwp5rNED3LhPMjtN54klBYylr5hSAr0TD8J+XwFds8Gq9LToLE8Cq7XNJnE9RqNudIozaMWkfc6PRFjp/aH87x97nPDelKKHGyUEnGJyobw45BOhJMKzZST0VA5v+uQQo0djDXc0UXwzNRIWeBLuUJQpaXZY2gZMuLiSERgyDHg2MBI6trWsyb3ZWbFS4rm8Gq2dxfih3Kj6MdNapUo/jltQ31nx2LepJCQe9DNNF6JEMecls6dHTAM2RfHxEODSSKkF17FfjRLRAfxCK927UvizAxxggP5S/HrX6mGc5xonBy3StLd16thiAG860IdvFyBKfE6+CIhe2jzIwIofNiBILYlKA61vKkjlfZjqsUGDLi426U/Y8bdpxfg7FX1gqNEHeVM17dlBTO7pNOnKyeM2xmLoE7lr92/VIrxJ2OqNfcHu9XjrD6l71vU083VwwAq8Vencm9xLAlDyy3/6BB0kRBiJbjayYrLUbQyMGTFfEvOPmc/zJjfdnqHmg5O/0kuzf2+w5CHD426iPngjmiTo5Snlf+qW8emK/ltnQQIv2ufykH+Px3XZM+zsOclAyHI5MbCKBKeT6j5geCiz3uqci1w5ZlpRjtJWUT6zCj8Fx1eg4F4ov51gaODKV+QQWeFJSyuVTm3Nu2i7AbhKikNzb3RBeQinEh9KrhHc+o4JGezOU55h1UZtonB0+J5dfBRqHnc+6HaXfTmcLrMZjWErq15cBmC0Kx6BNyqP3uGhMUSF+OuIzffEX9fGUNDpUtCjKdbml8uF43e4fN8o10TxYkbggTcyYKI+xWHMyKM2tjOideyDwt33minfEy/JgSLsihBnBua9sfXCg32/+i2okk=

Tools

• Invisible Watermarks with Space Characters in ASCII Files: https://github.com/Neo23x0/space-id
• universal command-line interface for SQL databases: https://github.com/xo/usql
• Video editing: https://twitter.com/digininja/status/1007936435129847808
• Multitail - Look at multiple log files in the same time
• A collection of security related toolsets (mostly Windows): https://github.com/GhostPack

Pending Reads

Analysis of following malware: * Badrabbit * NotPetya * Lazarus * https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07180244/Lazarus_Under_The_Hood_PDF_final.pdf

VPN Services: * NordVPN * MonoVM

• https://www.rebootuser.com/

Local Security Experts

• https://www.linkedin.com/in/kushantha

• https://www.linkedin.com/in/chanakaseekkuge/

Scripts

tr -s ' ' | tr '\t' ' ' | sed 's/:/ |/' | sed 's/- /| /' | sed -e 's/$/ |/'

Tools

• Unicode steganography: https://www.irongeek.com/i.php?page=security/unicode-steganography-homoglyph-encoder

Incidence Response

• CIRTKit - Tools For The Computer Incident Response Team: https://github.com/opensourcesec/CIRTKit

Webinars

• Wild West Hackin Casts: https://wildwesthackinfest.com/wild-west-hackin-casts/

Completed Courses

• Pentester Academy
  • Microsoft and/or Windows Related
    • Windows Red Team Lab
    • Attacking and Defending Active Directory