Learn Pentesting/Hacking - The Red Team

Created a Github page with useful materials for those who want to start to learn pentesting/hacking. GitHub - creotiv/start-learn-pentesting-red-team !!! Always do all work from VM or dedicated machine for that, remember that all tools that you install may have some malware(mostly not but the risk exists). So you should prevent access to your real machine. Also dont forget to use VPN, even when using training VM from hackthebox (because you will be sharing same network with many people) BOOKS & ARTICLES — Course for beginners https://www.youtube.com/watch?v=WnN6dbos5u8&ab_channel=TheCyberMentor Staring Point course from https://www.hackthebox.com/ — How to pawn Juice Shop guide https://pwning.owasp-juice.shop/ — many tutorials and howtos https://book.hacktricks.xyz/ — exsploits & reverse engineering course https://guyinatuxedo.github.io/index.html — buffer overflow for beginers https://medium.com/purple-team/buffer-overflow-c36dd9f2be6f — buffer overflow, how to pass ASLR & PIE & NO-STACK-EXECUTION protection https://medium.com/cyber-unbound/buffer-overflows-ret2libc-ret2plt-and-rop-e2695c103c4c — OWASP testing checklist. Help to not forget something https://github.com/tanprathan/OWASP-Testing-Checklist — OWASP testing guide for checklist above ^ https://owasp.org/www-project-web-security-testing-guide/v41/ TOOLS — VM player to run Kali https://www.vmware.com/products/workstation-player.html — Kali linux for pentesters. Base Tool https://www.kali.org/ — web site vulnerability scanner. https://github.com/sullo/nikto — wordpress vulnrability scanner. https://wpscan.com/wordpress-security-scanner — NMAP port, script, vulnerability scanner. Base tool https://www.kali.org/tools/nmap/ — Login cracker for different protocols https://www.kali.org/tools/hydra/ — Dir,Subdomains enumerator for websites https://www.kali.org/tools/gobuster/ — Pentesting framework. Base Tool https://www.metasploit.com/ — Privilege escalation for Win. Base Tool https://github.com/carlospolop/PEASS-ng/tree/master/winPEAS — Privilege escalation for Linux. Base Tool https://github.com/carlospolop/PEASS-ng/tree/master/linPEAS — console debugger https://www.kali.org/tools/gdb/ — edb debugger with ui https://www.kali.org/tools/edb-debugger/ SERVICES Data arvesting — find emails on domain https://hunter.io/ — find if email was leaked https://haveibeenpwned.com/ — subdomain search https://crt.sh/ — technology stack info https://builtwith.com/ — servers search engine https://search.censys.io/ — servers search engine https://www.shodan.io/ DATA LEAKS — how passwords changes with time + 1.4B email:pass https://github.com/philipperemy/tensorflow-1.4-billion-password-analysis TRAINING — Platform with VMs that you can try to hack https://www.hackthebox.com/ — training site https://tryhackme.com/ — Training app for web pentesters https://github.com/juice-shop/juice-shop — excercices for hackers (not free) https://pentesterlab.com/ EXPLOIT DBs https://exploit-db.com https://www.seebug.org/ WORDLISTS — many different https://github.com/danielmiessler/SecLists/ — SQL inj payloads https://github.com/payloadbox/sql-injection-payload-list — web payloads https://github.com/foospidy/payloads