Home

This repository contains structurally organized, security related quick references, cheat-sheets, and resources maintained by ayomawdb.

Please check different categories for more details.

Home page is reserved mainly to list down pending analysis and pending research items, and also to point to other similar security related knowledge bases.

Cheatsheets

Day-to-day Tools

Other Collections

  • Rawsec's CyberSecurity Inventory
  • https://chryzsh.gitbooks.io/pentestbook/

  • ComputerSecurityStudent - Metasploitable Project >> Exploits: https://www.computersecuritystudent.com/cgi-bin/CSS/process_request_v3.pl?HID=f213c73c216e2231c8f0d65f3d93ac18&TYPE=SUB
  • Exploit collection - https://github.com/jivoi/pentest
  • Hacking Methodology: https://www.greycampus.com/opencampus/ethical-hacking/hacking-methodology
  • https://twitter.com/Alra3ees/status/1075569238474141697
  • Red Team Tips: https://vincentyiu.co.uk/red-team-tips/
  • Red Teaming/Adversary Simulation Toolkit: https://github.com/infosecn1nja/Red-Teaming-Toolkit/blob/master/README.md
  • Red Team Techniques: Gaining access on an external engagement through spear-phishing: https://blog.sublimesecurity.com/red-team-techniques-gaining-access-on-an-external-engagement-through-spear-phishing/
  • Red Team Tips: https://vincentyiu.co.uk/red-team-tips/
  • http://ired.team/
  • Pasties: https://github.com/threatexpress/pasties/blob/master/pasties.md
  • Red Team Scripts: https://github.com/threatexpress/red-team-scripts
  • 101 Bash Commands and Tips for Beginners to Experts: https://dev.to/awwsmm/101-bash-commands-and-tips-for-beginners-to-experts-30je
  • The Book of Secret Knowledge: https://github.com/trimstray/the-book-of-secret-knowledge
  • Offensive Security Bookmarks: https://jivoi.github.io/2015/07/03/offensive-security-bookmarks/
  • List of Awesome Red Teaming Resources: https://github.com/yeyintminthuhtut/Awesome-Red-Teaming
  • http://ired.team/offensive-security-experiments/offensive-security-cheetsheets
  • Playbook for system hardening maintained by the #! security research team.: https://github.com/hashbang/hardening

Blogs

POC Repos

  • https://github.com/qazbnm456/awesome-cve-poc

Important files

  • A binary that is a valid JAR, PE, ZIP, HTML: https://github.com/indrora/corkami/blob/master/src/mix/corkamix.asm / https://github.com/indrora/corkami/tree/master/src/mix
  • Zip and Hach Collisions: https://github.com/corkami/collisions
  • Crfting files in pure ASM: https://twitter.com/angealbertini/status/1088866350095835136

Podcasts

  • https://darknetdiaries.com/

Graphs

  • https://www.graphistry.com/

Pending Analysis CVEs

  • Cisco
  • CVE-2019-1653 - Allows a remote attacker to get sensitive device configuration details without a password.
  • CVE-2019-1652 - Allows a remote attacker to inject and run admin commands on the device without a password.
  • EternalRomance (MS17-010)
  • Stuxnet CVEs

Pending Analysis Tweets

  • https://twitter.com/trimstray-

Pending Analysis Tools

  • sh00t - A Testing Environment for Manual Security Testers: https://github.com/pavanw3b/sh00t
  • http://rumkin.com/tools

Discord Channels

  • https://discordapp.com/invite/VPFWfdt
  • https://discordapp.com/invite/2AG6TCm
  • https://discordapp.com/invite/4gHhxS8
  • https://discordapp.com/invite/7Z2PmWP

VMS

  • Malware Analysis (windows): https://github.com/GoSecure/malboxes

ATT&CK

  • ATT&CKing the Singapore Health Data Breach: https://bitofhex.com/2019/01/13/attack-and-singapore-breach/
  • HELK Dashboard: https://github.com/Cyb3rWard0g/ATTACK-Python-Client/tree/master/integrations/helk_cti

Buy

  • Giant Board: https://groboards.com/
  • NFC Payments: Relay Attacks with LoRa: https://salmg.net/2019/01/12/nfc-payment-relay-attacks-with-lora/
  • https://www.aliexpress.com/item/SX1278-ESP32-LoRa-0-96-Inch-Blue-OLED-Display-Bluetooth-WIFI-Lora-Kit-32-Module-IOT/32825749403.html
  • https://www.aliexpress.com/item/13-56mHz-PN532-compatible-raspberry-pie-NFC-card-reader-module/2055119495.html?spm=2114.search0104.3.29.166f4b4fElzuKj&ws_ab_test=searchweb0_0,searchweb201602_5_10065_10068_10130_10890_10547_319_10546_317_10548_10545_10696_453_10084_454_10083_10618_431_10307_537_536_10059_10884_10887_100031_321_322_10103-10890,searchweb201603_53,ppcSwitch_0&algo_expid=8b42d885-fff2-4797-a3ea-3cfd99a32ed3-4&algo_pvid=8b42d885-fff2-4797-a3ea-3cfd99a32ed3&transAbTest=ae803_5
  • Bundle Raspberry Pi 7" Touchscreen Display & Case : https://www.amazon.it/gp/product/B01M0AT5O5

Pending DIY Projects

  • RPi Handheld: https://twitter.com/CrankyLinuxUser/status/1095111251510915075
  • Privacy: https://www.privacynow.net/privacy-devices
  • Network Gears: https://twitter.com/fouroctets/status/1092121490579906560
  • Tools for capturing and analysing keyboard input paired with microphone capture: https://github.com/ggerganov/kbd-audio

Web

  • NES-style CSS Framework: https://nostalgic-css.github.io/NES.css/
  • itty.bitty.site: https://itty.bitty.site/#How_it_Works/XQAAAAK4CgAAAAAAAAAeHMqHyTY4PyKmqfkwr6ooCXSIMxPQ7ojYR153HqZD3W+keVdvwyoyd+luwncAksxo8PWJs+831jtAVty8rDpGXmyebtxMTP3PSa4g8/593sWue8MDcpOgi1bQyEtfa0JNQZ6T1I/xyNULg1rpwWgE2Y9BnqDq8fDN1N+nd58bizHxZrkeBhdg8inSQ/xKDX7JxpEnuwOAh4FOfn3+EHSxzhJsdQjZfh3lk4tTCDexgFND30Ea3NmmJGK84pdMtEVlcmKC5lrnUNmgoJa3QFsHJkr5595tk03idElTDVhmcQI3jSvPrkTVFTnSLeARVZXV/EUiF0y7+cR3bVkLoTkamZWDMiCTY2Xhv0LdNqWlb/xxyk6takRLrNnS8DkifXEbevTbJOUamuK7uy55kL61btF+/lYNHLWGbh1ckCYglReWWMlM0k4uuqM24okcS74tHtOW3Y5HZYBmPvRR+ItSrZPvbj3kbztOrWapUp7nAzgfIjYoBV/4xOXpFbbaHRft5GICE5Mr1PQhmW/nB63nTpnR+7UdHag8WIMa7nf+NvTPKC5MmQnKzhaMuqEnwGgcM5vkWbekimBclkGJwTGeyhxL7N6hivY+KS3H7vcOSFHXGr7K3PBIQZbywqQiimQ6B6zu4RvH7ZZ3ZN++ii00HKM0FPMcNHuOnL99vAxEl6TEFnx4J4+fwzJwNbuut30TFMBgcrE4iKAGncFIHmvOstFWxE+VlvTLC+uy6XArTO8BdfmbByGiyFv8Al7HqLAzGShdGWNzJ6cPpRwMAmWl5GNRA4qwjQAlfF1dtTwfIXSWOL7AyRwxPs27uY2cvVHCdmVVTNDYiTzHeKX6D9e2ApDRFD6pgcA9VMVP6UeOdVdmwRJ+iLTwQuCdLbVWzQ5T2i/chlihD+RawylXJQ8bKvxW9egXGcrgR5dyKaZCr8nBrArAgtRLR7PdqBQQbr5VodBvPc2FP3fZ6UuQVI1Kg4KcY44GIU5vnlM029TU+ibO2iSX3FhusTFhyOxl4TjjkuXBqA1V7Ha/Op2m8QZaP68p7AAZPOcTHAwP5PxENqIf8qS2aaG2Fiwp5rNED3LhPMjtN54klBYylr5hSAr0TD8J+XwFds8Gq9LToLE8Cq7XNJnE9RqNudIozaMWkfc6PRFjp/aH87x97nPDelKKHGyUEnGJyobw45BOhJMKzZST0VA5v+uQQo0djDXc0UXwzNRIWeBLuUJQpaXZY2gZMuLiSERgyDHg2MBI6trWsyb3ZWbFS4rm8Gq2dxfih3Kj6MdNapUo/jltQ31nx2LepJCQe9DNNF6JEMecls6dHTAM2RfHxEODSSKkF17FfjRLRAfxCK927UvizAxxggP5S/HrX6mGc5xonBy3StLd16thiAG860IdvFyBKfE6+CIhe2jzIwIofNiBILYlKA61vKkjlfZjqsUGDLi426U/Y8bdpxfg7FX1gqNEHeVM17dlBTO7pNOnKyeM2xmLoE7lr92/VIrxJ2OqNfcHu9XjrD6l71vU083VwwAq8Vencm9xLAlDyy3/6BB0kRBiJbjayYrLUbQyMGTFfEvOPmc/zJjfdnqHmg5O/0kuzf2+w5CHD426iPngjmiTo5Snlf+qW8emK/ltnQQIv2ufykH+Px3XZM+zsOclAyHI5MbCKBKeT6j5geCiz3uqci1w5ZlpRjtJWUT6zCj8Fx1eg4F4ov51gaODKV+QQWeFJSyuVTm3Nu2i7AbhKikNzb3RBeQinEh9KrhHc+o4JGezOU55h1UZtonB0+J5dfBRqHnc+6HaXfTmcLrMZjWErq15cBmC0Kx6BNyqP3uGhMUSF+OuIzffEX9fGUNDpUtCjKdbml8uF43e4fN8o10TxYkbggTcyYKI+xWHMyKM2tjOideyDwt33minfEy/JgSLsihBnBua9sfXCg32/+i2okk=

Tools

  • Invisible Watermarks with Space Characters in ASCII Files: https://github.com/Neo23x0/space-id
  • universal command-line interface for SQL databases: https://github.com/xo/usql
  • Video editing: https://twitter.com/digininja/status/1007936435129847808
  • Multitail - Look at multiple log files in the same time
  • A collection of security related toolsets (mostly Windows): https://github.com/GhostPack

Pending Reads

Analysis of following malware: * Badrabbit * NotPetya * Lazarus * https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07180244/Lazarus_Under_The_Hood_PDF_final.pdf

VPN Services: * NordVPN * MonoVM

  • https://www.rebootuser.com/

Local Security Experts

  • https://www.linkedin.com/in/kushantha
  • https://www.linkedin.com/in/chanakaseekkuge/

Scripts

tr -s ' ' | tr '\t' ' ' | sed 's/:/ |/' | sed 's/- /| /' | sed -e 's/$/ |/'