Home¶
This repository contains structurally organized, security related quick references, cheat-sheets, and resources maintained by ayomawdb.
Please check different categories for more details.
Home page is reserved mainly to list down pending analysis
and pending research
items, and also to point to other similar security related knowledge bases.
Training Platforms¶
- https://www.enisa.europa.eu/topics/trainings-for-cybersecurity-specialists/online-training-material/technical-operational
- https://community.turgensec.com/shodan-pentesting-guide/
Cheatsheets¶
- Command line reference – Database and OS scripting: https://ss64.com/
- RTFM (Red Team Field Manual) - https://github.com/leostat/rtfm
- http://cheat.sh/
curl https://cht.sh/:cht.sh | sudo tee /usr/local/bin/cht.sh
chmod +x /usr/local/bin/cht.sh
mkdir ~/.bash.d
curl https://cheat.sh/:bash_completion > ~/.bash.d/cht.sh
chmod +x ~/.bash.d/cht.sh
. ~/.bash.d/cht.sh
# and add . ~/.bash.d/cht.sh to ~/.bashrc
mkdir ~/.zsh.d
curl https://cheat.sh/:zsh > ~/.zsh.d/_cht
echo 'fpath=(~/.zsh.d/ $fpath)' >> ~/.zshrc
- Nmap: https://blogs.sans.org/pen-testing/files/2013/10/NmapCheatSheetv1.1.pdf
- Wireshark: https://packetlife.net/media/library/13/Wireshark_Display_Filters.pdf
- TcpDump: https://packetlife.net/media/library/12/tcpdump.pdf
- Netcat: https://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf
- Ncat: https://medium.com/@pentest_it/ncat-cheatsheet-ddc5f07d8533
- Scapy: https://blogs.sans.org/pen-testing/files/2016/04/ScapyCheatSheet_v0.2.pdf
- Powershell: https://blogs.sans.org/pen-testing/files/2016/05/PowerShellCheatSheet_v41.pdf
- Metasploit: https://blogs.sans.org/pen-testing/files/2017/02/MetasploitCheatsheet2.0.pdf
- Reverse Shell: https://highon.coffee/blog/reverse-shell-cheat-sheet/
- Pentest Tools: https://highon.coffee/blog/penetration-testing-tools-cheat-sheet/
- LFI: https://highon.coffee/blog/lfi-cheat-sheet/
- VI: https://highon.coffee/blog/vi-cheat-sheet/
- Systemd: https://highon.coffee/blog/systemd-cheat-sheet/
- Nbtscan: https://highon.coffee/blog/nbtscan-cheat-sheet/
- Nmap: https://highon.coffee/blog/nmap-cheat-sheet/
- Linux: https://highon.coffee/blog/linux-commands-cheat-sheet/
Day-to-day Tools¶
- CyberChef: https://gchq.github.io/CyberChef
- GoogleToolbox: https://toolbox.googleapps.com/apps/main/
- Browserinfo, MX, Dig, HAR, Log Analyzer, Mail Headers, Encode/Decode
- https://pentest.ws/
- Defining scope in Burp / ZAP: https://github.com/root4loot/rescope
- https://www.hackingarticles.in/koadic-com-command-control-framework/
Other Collections¶
- https://tools.tldr.run/
- https://noobsec.net/
- https://github.com/juliocesarfort/public-pentesting-reports
- Rawsec's CyberSecurity Inventory
-
https://chryzsh.gitbooks.io/pentestbook/¶
- ComputerSecurityStudent - Metasploitable Project >> Exploits: https://www.computersecuritystudent.com/cgi-bin/CSS/process_request_v3.pl?HID=f213c73c216e2231c8f0d65f3d93ac18&TYPE=SUB
- Exploit collection - https://github.com/jivoi/pentest
- Hacking Methodology: https://www.greycampus.com/opencampus/ethical-hacking/hacking-methodology
- Red Team Tips: https://vincentyiu.co.uk/red-team-tips/
- Red Teaming/Adversary Simulation Toolkit: https://github.com/infosecn1nja/Red-Teaming-Toolkit/blob/master/README.md
- Red Team Techniques: Gaining access on an external engagement through spear-phishing: https://blog.sublimesecurity.com/red-team-techniques-gaining-access-on-an-external-engagement-through-spear-phishing/
- Red Team Tips: https://vincentyiu.co.uk/red-team-tips/
- http://ired.team/
- Pasties: https://github.com/threatexpress/pasties/blob/master/pasties.md
- Red Team Scripts: https://github.com/threatexpress/red-team-scripts
- 101 Bash Commands and Tips for Beginners to Experts: https://dev.to/awwsmm/101-bash-commands-and-tips-for-beginners-to-experts-30je
- The Book of Secret Knowledge: https://github.com/trimstray/the-book-of-secret-knowledge
- Offensive Security Bookmarks: https://jivoi.github.io/2015/07/03/offensive-security-bookmarks/
- List of Awesome Red Teaming Resources: https://github.com/yeyintminthuhtut/Awesome-Red-Teaming
- http://ired.team/offensive-security-experiments/offensive-security-cheetsheets
- Playbook for system hardening maintained by the #! security research team.: https://github.com/hashbang/hardening
Blogs¶
- https://medium.com/@int0x33
- https://github.com/sectalks/sectalks
- Practical use of JavaScript and COM Scriptlets for Penetration Testing: http://www.labofapenetrationtester.com/2016/05/
- https://blog.0patch.com
- https://scriptdotsh.com
- https://room362.com/blog
- https://root4loot.com/
- https://medium.com/@notsoshant
POC Repos¶
Important files¶
- A binary that is a valid JAR, PE, ZIP, HTML: https://github.com/indrora/corkami/blob/master/src/mix/corkamix.asm / https://github.com/indrora/corkami/tree/master/src/mix
- Zip and Hach Collisions: https://github.com/corkami/collisions
- Crfting files in pure ASM: https://twitter.com/angealbertini/status/1088866350095835136
Podcasts¶
Graphs¶
Pending Analysis CVEs¶
- Cisco
- CVE-2019-1653 - Allows a remote attacker to get sensitive device configuration details without a password.
- CVE-2019-1652 - Allows a remote attacker to inject and run admin commands on the device without a password.
- EternalRomance (MS17-010)
- Stuxnet CVEs
Pending Analysis Tweets¶
Pending Analysis Tools¶
- sh00t - A Testing Environment for Manual Security Testers: https://github.com/pavanw3b/sh00t
- http://rumkin.com/tools
Discord Channels¶
- https://discordapp.com/invite/VPFWfdt
- https://discordapp.com/invite/2AG6TCm
- https://discordapp.com/invite/4gHhxS8
- https://discordapp.com/invite/7Z2PmWP
- https://discordapp.com/invite/malwaretech
VMS¶
- Malware Analysis (windows): https://github.com/GoSecure/malboxes
ATT&CK¶
- ATT&CKing the Singapore Health Data Breach: https://bitofhex.com/2019/01/13/attack-and-singapore-breach/
- HELK Dashboard: https://github.com/Cyb3rWard0g/ATTACK-Python-Client/tree/master/integrations/helk_cti
Buy¶
- Giant Board: https://groboards.com/
- NFC Payments: Relay Attacks with LoRa: https://salmg.net/2019/01/12/nfc-payment-relay-attacks-with-lora/
- https://www.aliexpress.com/item/SX1278-ESP32-LoRa-0-96-Inch-Blue-OLED-Display-Bluetooth-WIFI-Lora-Kit-32-Module-IOT/32825749403.html
- https://www.aliexpress.com/item/13-56mHz-PN532-compatible-raspberry-pie-NFC-card-reader-module/2055119495.html?spm=2114.search0104.3.29.166f4b4fElzuKj&ws_ab_test=searchweb0_0,searchweb201602_5_10065_10068_10130_10890_10547_319_10546_317_10548_10545_10696_453_10084_454_10083_10618_431_10307_537_536_10059_10884_10887_100031_321_322_10103-10890,searchweb201603_53,ppcSwitch_0&algo_expid=8b42d885-fff2-4797-a3ea-3cfd99a32ed3-4&algo_pvid=8b42d885-fff2-4797-a3ea-3cfd99a32ed3&transAbTest=ae803_5
- Bundle Raspberry Pi 7" Touchscreen Display & Case : https://www.amazon.it/gp/product/B01M0AT5O5
Pending DIY Projects¶
- RPi Handheld: https://twitter.com/CrankyLinuxUser/status/1095111251510915075
- Privacy: https://www.privacynow.net/privacy-devices
- Network Gears: https://twitter.com/fouroctets/status/1092121490579906560
- Tools for capturing and analysing keyboard input paired with microphone capture: https://github.com/ggerganov/kbd-audio
Web¶
- NES-style CSS Framework: https://nostalgic-css.github.io/NES.css/
- itty.bitty.site: https://itty.bitty.site/#How_it_Works/XQAAAAK4CgAAAAAAAAAeHMqHyTY4PyKmqfkwr6ooCXSIMxPQ7ojYR153HqZD3W+keVdvwyoyd+luwncAksxo8PWJs+831jtAVty8rDpGXmyebtxMTP3PSa4g8/593sWue8MDcpOgi1bQyEtfa0JNQZ6T1I/xyNULg1rpwWgE2Y9BnqDq8fDN1N+nd58bizHxZrkeBhdg8inSQ/xKDX7JxpEnuwOAh4FOfn3+EHSxzhJsdQjZfh3lk4tTCDexgFND30Ea3NmmJGK84pdMtEVlcmKC5lrnUNmgoJa3QFsHJkr5595tk03idElTDVhmcQI3jSvPrkTVFTnSLeARVZXV/EUiF0y7+cR3bVkLoTkamZWDMiCTY2Xhv0LdNqWlb/xxyk6takRLrNnS8DkifXEbevTbJOUamuK7uy55kL61btF+/lYNHLWGbh1ckCYglReWWMlM0k4uuqM24okcS74tHtOW3Y5HZYBmPvRR+ItSrZPvbj3kbztOrWapUp7nAzgfIjYoBV/4xOXpFbbaHRft5GICE5Mr1PQhmW/nB63nTpnR+7UdHag8WIMa7nf+NvTPKC5MmQnKzhaMuqEnwGgcM5vkWbekimBclkGJwTGeyhxL7N6hivY+KS3H7vcOSFHXGr7K3PBIQZbywqQiimQ6B6zu4RvH7ZZ3ZN++ii00HKM0FPMcNHuOnL99vAxEl6TEFnx4J4+fwzJwNbuut30TFMBgcrE4iKAGncFIHmvOstFWxE+VlvTLC+uy6XArTO8BdfmbByGiyFv8Al7HqLAzGShdGWNzJ6cPpRwMAmWl5GNRA4qwjQAlfF1dtTwfIXSWOL7AyRwxPs27uY2cvVHCdmVVTNDYiTzHeKX6D9e2ApDRFD6pgcA9VMVP6UeOdVdmwRJ+iLTwQuCdLbVWzQ5T2i/chlihD+RawylXJQ8bKvxW9egXGcrgR5dyKaZCr8nBrArAgtRLR7PdqBQQbr5VodBvPc2FP3fZ6UuQVI1Kg4KcY44GIU5vnlM029TU+ibO2iSX3FhusTFhyOxl4TjjkuXBqA1V7Ha/Op2m8QZaP68p7AAZPOcTHAwP5PxENqIf8qS2aaG2Fiwp5rNED3LhPMjtN54klBYylr5hSAr0TD8J+XwFds8Gq9LToLE8Cq7XNJnE9RqNudIozaMWkfc6PRFjp/aH87x97nPDelKKHGyUEnGJyobw45BOhJMKzZST0VA5v+uQQo0djDXc0UXwzNRIWeBLuUJQpaXZY2gZMuLiSERgyDHg2MBI6trWsyb3ZWbFS4rm8Gq2dxfih3Kj6MdNapUo/jltQ31nx2LepJCQe9DNNF6JEMecls6dHTAM2RfHxEODSSKkF17FfjRLRAfxCK927UvizAxxggP5S/HrX6mGc5xonBy3StLd16thiAG860IdvFyBKfE6+CIhe2jzIwIofNiBILYlKA61vKkjlfZjqsUGDLi426U/Y8bdpxfg7FX1gqNEHeVM17dlBTO7pNOnKyeM2xmLoE7lr92/VIrxJ2OqNfcHu9XjrD6l71vU083VwwAq8Vencm9xLAlDyy3/6BB0kRBiJbjayYrLUbQyMGTFfEvOPmc/zJjfdnqHmg5O/0kuzf2+w5CHD426iPngjmiTo5Snlf+qW8emK/ltnQQIv2ufykH+Px3XZM+zsOclAyHI5MbCKBKeT6j5geCiz3uqci1w5ZlpRjtJWUT6zCj8Fx1eg4F4ov51gaODKV+QQWeFJSyuVTm3Nu2i7AbhKikNzb3RBeQinEh9KrhHc+o4JGezOU55h1UZtonB0+J5dfBRqHnc+6HaXfTmcLrMZjWErq15cBmC0Kx6BNyqP3uGhMUSF+OuIzffEX9fGUNDpUtCjKdbml8uF43e4fN8o10TxYkbggTcyYKI+xWHMyKM2tjOideyDwt33minfEy/JgSLsihBnBua9sfXCg32/+i2okk=
Tools¶
- Invisible Watermarks with Space Characters in ASCII Files: https://github.com/Neo23x0/space-id
- universal command-line interface for SQL databases: https://github.com/xo/usql
- Video editing: https://twitter.com/digininja/status/1007936435129847808
- Multitail - Look at multiple log files in the same time
- A collection of security related toolsets (mostly Windows): https://github.com/GhostPack
Pending Reads¶
Analysis of following malware: * Badrabbit * NotPetya * Lazarus * https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07180244/Lazarus_Under_The_Hood_PDF_final.pdf
VPN Services: * NordVPN * MonoVM
Local Security Experts¶
Scripts¶
tr -s ' ' | tr '\t' ' ' | sed 's/:/ |/' | sed 's/- /| /' | sed -e 's/$/ |/'
Tools¶
- Unicode steganography: https://www.irongeek.com/i.php?page=security/unicode-steganography-homoglyph-encoder
Incidence Response¶
- CIRTKit - Tools For The Computer Incident Response Team: https://github.com/opensourcesec/CIRTKit
Webinars¶
- Wild West Hackin Casts: https://wildwesthackinfest.com/wild-west-hackin-casts/
Completed Courses¶
- Pentester Academy
- Microsoft and/or Windows Related