CyberSec Resources: Pentesting, OSINT, Pentest tools, Network Security, Privilege escalation, Exploiting, Reversing, Secure Code, Bug Bounty, Mobile Apps pentesting, FRAMEWORKS & STANDARDS, Pentest Audits & Hacking; PURPLE TEAMING, AD, API, web, clouds & CTF, ...
๐ ๐ช๐ต๐ฎ๐ ๐ฎ๐ฟ๐ฒ ๐๐ต๐ฒ ๐ฝ๐ต๐ฎ๐๐ฒ๐ ๐ผ๐ณ ๐ฃ๐ฒ๐ป๐๐ฒ๐๐
๐ Basis of penetration testing execution by the PTES http://www.pentest-standard.org/index.php/Main_Page
๐ Penetration Testing Phases & Steps Explained by Ray Fernandez on Esecurityplanet: https://www.esecurityplanet.com/networks/penetration-testing-phases/
๐ ๐ฃ๐ฟ๐ฒ-๐๐ป๐ด๐ฎ๐ด๐ฒ๐บ๐ฒ๐ป๐
๐ Pre-engagement by the PTES http://www.pentest-standard.org/index.php/Pre-engagement
๐ Scoping a pentest on PentesterLab https://blog.pentesterlab.com/scoping-f3547525f9df
๐ Pentest Scope Worksheet by SANS https://www.sans.org/posters/pen-test-scope-worksheet/
๐ API Pentesting 101: The rules of Engagement by Dana Epp https://danaepp.com/api-pentesting-101-the-rules-of-engagement
๐ Pentest Rules of Engagement Worksheet by SANS https://www.sans.org/posters/pen-test-rules-of-engagement-worksheet/
๐ ๐๐ป๐๐ฒ๐น๐น๐ถ๐ด๐ฒ๐ป๐ฐ๐ฒ ๐๐ฎ๐๐ต๐ฒ๐ฟ๐ถ๐ป๐ด
๐ Intelligence Gathering by the PTES http://www.pentest-standard.org/index.php/Intelligence_Gathering
๐ Gabrielle B's post of resources about OSINT
OSINT is often part of a pentest.
If you want to learn more about it or specialize in it. Here are some resources!
๐ Check out The Ultimate OSINT collection by Hatless1der: https://start.me/p/DPYPMz/the-ultimate-osint-collection
๐ Have a look at this 5 hours free course by TCM Security https://youtu.be/qwA6MmbeGNo https://www.linkedin.com/company/tcm-security-inc/
๐ Check out this article by Giancarlo Fiorella on Bellingcat: https://www.bellingcat.com/resources/2021/11/09/first-steps-to-getting-started-in-open-source-research/
๐ Check out this amazing list of Tools and Resources by onlineosint: https://osint.link/
๐ The OSINT Framework by jnordine https://osintframework.com/
๐ Gabrielle B's pentips about Information Gathering https://csbygb.gitbook.io/pentips/ethical-hacking-general-methodology/information-gathering
๐ Understanding the Steps of Footprinting on Cybersecurity Exchange https://www.eccouncil.org/cybersecurity-exchange/penetration-testing/footprinting-steps-penetration-testing/
๐ Passive Information Gathering for pentesting https://www.dummies.com/article/academics-the-arts/study-skills-test-prep/comptia-pentestplus/passive-information-gathering-for-pentesting-275726/
๐ Active information Gathering for pentesting https://www.dummies.com/article/academics-the-arts/study-skills-test-prep/comptia-pentestplus/active-information-gathering-for-pentesting-275736/
๐ ๐ง๐ต๐ฟ๐ฒ๐ฎ๐ ๐ ๐ผ๐ฑ๐ฒ๐น๐ถ๐ป๐ด
๐ Threat Modeling by the PTES http://www.pentest-standard.org/index.php/Threat_Modeling
๐ Threat modeling 101 Infosec resources https://resources.infosecinstitute.com/topic/applications-threat-modeling/
๐ ๐ฉ๐๐น๐ป๐ฒ๐ฟ๐ฎ๐ฏ๐ถ๐น๐ถ๐๐ ๐๐ป๐ฎ๐น๐๐๐ถ๐
๐ Vulnerability Analysis by the PTES http://www.pentest-standard.org/index.php/Vulnerability_Analysis
๐ Gabrielle B's pentips about Scanning & Enumeration https://csbygb.gitbook.io/pentips/ethical-hacking-general-methodology/scanenum
๐ What is Vulnerability Analysis and How Does It work on Cybersecurity Exchange https://www.eccouncil.org/cybersecurity-exchange/ethical-hacking/conduct-a-vulnerability-analysis/
๐ NCSC Guide for vulnerability management https://www.ncsc.gov.uk/guidance/vulnerability-management
๐ ๐๐ ๐ฝ๐น๐ผ๐ถ๐๐ฎ๐๐ถ๐ผ๐ป
๐ Exploitation by the PTES http://www.pentest-standard.org/index.php/Exploitation
๐ Gabrielle B's pentips about Exploitation https://csbygb.gitbook.io/pentips/ethical-hacking-general-methodology/exploitation
๐ The Exploitation Phase in Penetration Testing by Gaurav Tiwari https://gauravtiwari.org/exploitation-phase-in-penetration-testing/
๐ ๐ฃ๐ผ๐๐ ๐๐ ๐ฝ๐น๐ผ๐ถ๐๐ฎ๐๐ถ๐ผ๐ป
๐ Post Exploitation by the PTES http://www.pentest-standard.org/index.php/Post_Exploitation
๐ Introduction to Post-Exploitation Phase on geeksforgeeks https://www.geeksforgeeks.org/introduction-to-post-exploitation-phase/
๐ 9 Post Exploitation Tools for Your next Penetration Test https://bishopfox.com/blog/post-exploitation-tools-for-pen-test
๐ ๐ฅ๐ฒ๐ฝ๐ผ๐ฟ๐๐ถ๐ป๐ด
๐ Reporting by the PTES http://www.pentest-standard.org/index.php/Reporting
๐ Gabrielle B's pentips on reporting https://csbygb.gitbook.io/pentips/reporting/pentest-report
๐ ๐ฆ๐๐ฟ๐๐ฐ๐๐๐ฟ๐ฒ ๐ผ๐ณ ๐ฎ ๐ฝ๐ฒ๐ป๐๐ฒ๐๐ ๐ฟ๐ฒ๐ฝ๐ผ๐ฟ๐
๐ Gabrielle B's article on how to write a pentest report: https://csbygb.gitbook.io/pentips/reporting/pentest-report
๐ ๐๐ผ๐ ๐๐ผ ๐๐ฎ๐ธ๐ฒ ๐ป๐ผ๐๐ฒ๐
๐ Cherry Tree https://www.giuspen.com/cherrytree/
๐ Joplin https://joplinapp.org/
๐ Keepnote http://keepnote.org/
๐ ๐ง๐ถ๐ฝ๐ ๐ณ๐ฟ๐ผ๐บ ๐๐ ๐ฝ๐ฒ๐ฟ๐๐
๐ Writing Tips for IT Professionals by Lenny Zeltser https://zeltser.com/writing-tips-for-it-professionals/
๐ How to write a Penetration Testing Report by HackerSploit https://www.youtube.com/watch?v=J34DnrX7dTo
๐ ๐๐๐๐ผ๐บ๐ฎ๐๐ถ๐ผ๐ป
๐ Blackstone project by micro-joan https://github.com/micro-joan/BlackStone
๐ Pentext by Radically Open Security https://github.com/radicallyopensecurity/pentext
๐ ๐๐ ๐ฎ๐บ๐ฝ๐น๐ฒ๐ ๐ผ๐ณ ๐ฟ๐ฒ๐ฝ๐ผ๐ฟ๐๐
๐ A list of public pentest reports by juliocesarfort https://github.com/juliocesarfort/public-pentesting-reports
๐ A list of bug bounty writeup on Pentester Land https://pentester.land/writeups/
๐ See Rajneesh Guptaโs post about some of the Practical web Pentesting tools. He even share them according to the pentest steps: https://www.linkedin.com/posts/rajneeshgupta01_web-pentesting-practical-tools-activity-6946808678402375680-CJjt/
Some of the practical Web Pentesting Tools!
๐ Reconnaisaance
โ Nmap - Web Service detection
โ Nessus - Automated Scan
โ Skipfish - Web App Active Scanning for vulnerabilities
๐ Mapping/Discovery
โ Burp-Suite- Web Proxy
โ OWASP ZAP - Web Proxy
๐ Exploitation
โ Metasploit Framework: Exploitation tool with payloads, exploits
โ Burp-Suite- Web Proxy
โ Exploit-db - To search for exploits
โ Netcat
๐จ Follow Rajneesh he offers amazing content ๐จ
๐ You know the Nmap project? Well they have a list of the top 125 Network Security Tools: https://sectools.org/
๐ You want Open Source?
โด๏ธJulien Maury shared a Top 10 on eSecurity Planet: https://www.esecurityplanet.com/applications/open-source-penetration-testing-tools/
โด๏ธAnd SANS has a list of tools including plenty of pentest tools: https://www.sans.org/img/free-faculty-tools.pdf
๐ Finally arch3rPro has an amazing amount of tools listed on github: https://github.com/arch3rPro/PentestTools
๐ ๐ช๐ต๐ฎ๐ ๐ถ๐ ๐ก๐ฒ๐๐๐ผ๐ฟ๐ธ๐ถ๐ป๐ด?
๐ Cover your digital basics with netacad: https://www.netacad.com/courses/os-it/get-connected
๐ Professor Messerโs CompTIA Network Course https://www.professormesser.com/network-plus/n10-008/n10-008-video/n10-008-training-course/
๐ OSI Model https://en.wikipedia.org/wiki/OSI_model
๐ ๐ช๐ต๐ฎ๐ ๐ถ๐ ๐ก๐ฒ๐๐๐ผ๐ฟ๐ธ ๐ฆ๐ฒ๐ฐ๐๐ฟ๐ถ๐๐?
๐ What is Network Security on Hackthebox blog by Kim Crawley: https://www.hackthebox.com/blog/what-is-network-security
๐ Network Security Course on OpenLearn by The Open University https://www.open.edu/openlearn/digital-computing/network-security
๐ OSI Layers and related Attack types by Harun Seker
๐ ๐๐ผ๐ ๐๐ผ P๐ฒ๐ป๐๐ฒ๐๐ ๐ก๐ฒ๐๐๐ผ๐ฟ๐ธ๐?
๐ Full Ethical Hacking Course - Beginner Network Penetration Testing by TCM Security https://youtu.be/WnN6dbos5u8
๐ Infrastructure Pentesting Checklist by Purab Parihar: https://github.com/purabparihar/Infrastructure-Pentesting-Checklist
๐ ๐ช๐ต๐ฎ๐ ๐ถ๐ ๐ฃ๐ฟ๐ถ๐๐ถ๐น๐ฒ๐ด๐ฒ ๐๐๐ฐ๐ฎ๐น๐ฎ๐๐ถ๐ผ๐ป?
๐ Cybersecurity 101 - What is Privilege escalation on CrowdStrike https://www.crowdstrike.com/cybersecurity-101/privilege-escalation/ https://www.linkedin.com/company/crowdstrike/
๐ Privilege Escalation Attack and defend explained on BeyondTrust https://www.beyondtrust.com/blog/entry/privilege-escalation-attack-defense-explained https://www.linkedin.com/company/beyondtrust/
๐ ๐ช๐ถ๐ป๐ฑ๐ผ๐๐ ๐ฃ๐ฟ๐ถ๐๐ถ๐น๐ฒ๐ด๐ฒ ๐๐๐ฐ๐ฎ๐น๐ฎ๐๐ถ๐ผ๐ป
๐ Gabrielle B ๐'s Pentips on Windows Privilege escalation on CSbyGB - Pentips https://csbygb.gitbook.io/pentips/windows/privesc
๐ Windows Privilege Escalation on PayloadsAllTheThings https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology and Resources/Windows - Privilege Escalation.md
๐ Windows Privesc guide on absolombโs security blog https://www.absolomb.com/2018-01-26-Windows-Privilege-Escalation-Guide/
๐ Privilege Escalation Windows on sushant747โs gitbook https://sushant747.gitbooks.io/total-oscp-guide/content/privilege_escalation_windows.html
๐ Windows Local Privilege Escalation checklist on HackTricks https://book.hacktricks.xyz/windows-hardening/checklist-windows-privilege-escalation
๐ ๐๐ถ๐ป๐๐ ๐ฃ๐ฟ๐ถ๐๐ถ๐น๐ฒ๐ด๐ฒ ๐๐๐ฐ๐ฎ๐น๐ฎ๐๐ถ๐ผ๐ป
๐ Gabrielle B ๐'s Pentips on Linux Privilege Escalation on CSbyGB - Pentips https://csbygb.gitbook.io/pentips/linux/privesc
๐ Linux Privilege Escalation on PayloadsAllTheThings https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology and Resources/Linux - Privilege Escalation.md
๐ Basic Linux Privilege Escalation on g0tm1lkโs blog https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/
๐ Guide Linux Privilege Escalation on Payatu https://payatu.com/blog/a-guide-to-linux-privilege-escalation/ https://www.linkedin.com/company/payatu/
๐ A curated list of Unix Binaries to bypass local security restrictions by GTFOBins https://gtfobins.github.io/
๐ Linux Privilege Escalation Checklist on HackTricks https://book.hacktricks.xyz/linux-hardening/linux-privilege-escalation-checklist
๐ ๐ช๐ต๐ฎ๐ ๐ถ๐ ๐ฒ๐ ๐ฝ๐น๐ผ๐ถ๐ ๐ฑ๐ฒ๐๐ฒ๐น๐ผ๐ฝ๐บ๐ฒ๐ป๐?
๐ Exploit Development Introduction on Hack the Box Academy https://academy.hackthebox.com/course/preview/stack-based-buffer-overflows-on-linux-x86/exploit-development-introduction
๐ Exploit Development - Everything you need to know by null-bytes https://null-byte.wonderhowto.com/how-to/exploit-development-everything-you-need-know-0167801/
๐ ๐๐ฒ๐โ๐ ๐๐๐ฎ๐ฟ๐ ๐น๐ฒ๐ฎ๐ฟ๐ป๐ถ๐ป๐ด ๐ฎ๐ฏ๐ผ๐๐ ๐ถ๐ ๐ฎ๐ป๐ฑ ๐ฃ๐ฟ๐ฎ๐ฐ๐๐ถ๐ฐ๐ฒ
๐ Getting Started with Exploit Development by Specter and zi https://dayzerosec.com/blog/2021/02/02/getting-started.html
๐ Exploit Courses by Dobin Rutishauser https://exploit.courses/#/index
๐ Pwn College https://pwn.college/ https://www.twitch.tv/pwncollege/videos https://www.youtube.com/pwncollege
๐ A curated list of resources for learning about Exploit Development by wtsxDev https://github.com/wtsxDev/Exploit-Development/blob/master/README.md
๐ Practice with exploit education https://exploit.education/
๐ Fundamentals of Software Exploitation https://wargames.ret2.systems/course
๐ Shellcode Devlopment by Joas Antonio https://drive.google.com/file/d/1R3ZTFerBaBSfnS0rP_r2d8xH2p-n3kdt/view
๐ Shellcode Development by Aayush Malla https://aayushmalla56.medium.com/shellcode-development-4590117a26bf
๐ Joas Antonio OSEP guide with plenty of resources https://github.com/CyberSecurityUP/OSCE-Complete-Guide#osep
๐ Awesome Exploit Development by Joas Antonio https://github.com/CyberSecurityUP/Awesome-Exploit-Development#readme
๐ ๐๐ข๐ก๐จ๐ฆ: ๐ช๐ฎ๐ป๐ ๐๐ผ ๐๐ป๐ฑ๐ฒ๐ฟ๐๐๐ฎ๐ป๐ฑ ๐ต๐ผ๐ ๐ฎ ๐บ๐ฎ๐น๐๐ฎ๐ฟ๐ฒ ๐๐ผ๐ฟ๐ธ๐?
๐ Beginnerโs Blue Team Guide to creating Malware in Python by David Elgut https://www.linkedin.com/pulse/beginners-blue-team-guide-creating-malware-python-david-elgut/
๐ ๐ฅ๐ฒ๐๐ฒ๐ฟ๐๐ฒ ๐๐ป๐ด๐ถ๐ป๐ฒ๐ฒ๐ฟ๐ถ๐ป๐ด
๐ Reverse Engineering for Beginners by Ophir Harpaz https://www.begin.re/
๐ Reverse Engineering for Everyone by Kevin Thomas My Technotalent https://0xinfection.github.io/reversing/
๐ Reverse Engineering for beginners by Dennis Yurichev (available in many languages) https://beginners.re/main.html
๐ Reverse Engineering 101 by 0x00 (with exercises) https://0x00sec.org/t/reverse-engineering-101/1233
๐ ๐ ๐ฎ๐น๐๐ฎ๐ฟ๐ฒ ๐๐ป๐ฎ๐น๐๐๐ถ๐
๐ Malware Analysis In 5 Hours - Full Course - Learn Practical Malware Analysis! by HuskyHacks https://youtu.be/qA0YcYMRWyI
๐ Malware Analysis โ Mind Map by Thatintel https://thatintel.blog/2016/05/30/malware-analysis-mind-map/
๐ Malware Analysis Tutorials: a Reverse Engineering Approach by Dr Xiang Fu https://fumalwareanalysis.blogspot.com/p/malware-analysis-tutorials-reverse.html
๐ ๐๐บ๐ฎ๐๐ถ๐ป๐ด ๐๐ผ๐ป๐๐
Malware Analysis and Reverse Engineering courses by DFIR Diva https://training.dfirdiva.com/listing-category/malware-analysis-and-re
๐ ๐ช๐ต๐ฎ๐ ๐ถ๐ ๐๐ฒ๐ฐ๐๐ฟ๐ฒ ๐ฐ๐ผ๐ฑ๐ฒ ๐ฟ๐ฒ๐๐ถ๐ฒ๐?
๐ How to Identify Vulnerabilities in code โ Manual Code Review on Hackingloops https://www.hackingloops.com/how-to-identify-vulnerabilities-in-code-manual-code-review/
๐ Security Code Review 101 by Paul Ionescu: https://medium.com/@paul_io/security-code-review-101-a3c593dc6854
๐ OWASPยฎ Foundation Secure Coding Practice https://owasp.org/www-pdf-archive/OWASP_SCP_Quick_Reference_Guide_v2.pdf https://www.linkedin.com/company/owasp/
๐ ๐๐ป๐๐ฟ๐ผ๐ฑ๐๐ฐ๐๐ถ๐ผ๐ป ๐๐ผ ๐๐ฒ๐ฐ๐๐ฟ๐ฒ ๐ฐ๐ผ๐ฑ๐ฒ ๐ฟ๐ฒ๐๐ถ๐ฒ๐
๐ Farah Hawaโs post about the subject: A few weeks ago, I took up a challenge to learn Secure Code Reviews in 20 days. I chose PHP as the language to focus on and here are the resources I used to learn:
-
PentesterLab videos about different strategies to use while reviewing code https://www.linkedin.com/company/pentesterlab/
-
Sonar Rules for code review rules/hacks to find vulnerabilities in PHP. This had great examples of compliant vs non-compliant code snippets. https://www.linkedin.com/company/sonarsource/ https://rules.sonarsource.com/php/type/Vulnerability
-
Looking for bugs in vulnerable apps like DVWA after finding their code on GitHub: https://github.com/digininja/DVWA/tree/master/vulnerabilities
-
Watching videos by Vickie Li, and Shubham Shah on the OWASP DevSlop YouTube channel: https://www.youtube.com/c/OWASPDevSlop https://www.linkedin.com/company/owasp-devslop/
-
Solving challenges posted by YesWeHack โ ตand Intigriti on Twitter but they can also be found on their websites: https://www.yeswehack.com/ https://www.linkedin.com/company/yes-we-hack/ https://blog.yeswehack.com/yeswerhackers/dojoweb-application-bypass-v2-0/ https://www.linkedin.com/company/intigriti/
-
OWASPยฎ Foundation has a great book Code Review Guide which has good theoretical knowledge about different bug classes https://owasp.org/www-pdf-archive/OWASP_Code_Review_Guide_v2.pdf https://www.linkedin.com/company/owasp/
You can also watch the video I made about this: https://youtu.be/ajcxjnTFo6A
๐ Introduction to Secure Code Review on PentesterLab: https://www.linkedin.com/company/pentesterlab/ https://pentesterlab.com/exercises/codereview/course
๐ Freddy Machoโs PDF Code review checklist
๐ Check out the dedicated section on Secure Code Review on my pentips https://csbygb.gitbook.io/pentips/secure-code-review/code-review
๐ ๐ฃ๐ฟ๐ฎ๐ฐ๐๐ถ๐ฐ๐ฒ ๐ฎ๐ป๐ฑ ๐๐ต๐ฎ๐ฟ๐ฝ๐ฒ๐ป ๐๐ผ๐๐ฟ ๐ฟ๐ฒ๐๐ถ๐ฒ๐๐ฒ๐ฟ ๐๐ธ๐ถ๐น๐น๐
๐ Security training platform for devs Hacksplaining: https://www.hacksplaining.com/
๐ Make a vulnerable PHP App with this video by Wesley (The XSS Rat) Thijs https://www.youtube.com/live/e_dLSVpQy40?feature=share
๐ Join the WeHackPurple Community to talk about secure code practice and more https://community.wehackpurple.com/
๐ ๐ง๐ผ๐ผ๐น๐
๐ Manual code review versus using a SAST Tool on We Hack Purple https://wehackpurple.com/pushing-left-like-a-boss-part-7-code-review-and-static-code-analysis/ https://www.linkedin.com/company/wehackpurple/
๐ Code Review tools on HackTricks https://book.hacktricks.xyz/network-services-pentesting/pentesting-web/code-review-tools
๐ Awesome DevSecOps by TaptuIT https://github.com/TaptuIT/awesome-devsecops
๐ A great introduction on how to get into bug bounty by Wesley Thijs xssrat https://thexssrat.medium.com/bug-bounty-methodology-v3-0-hunt-like-a-rat-9e030fc54363
๐ A list of bug bounty platforms by Bughacking https://bughacking.com/best-bug-bounty-platforms/
๐ A list of bug bounty programs by vpnmentor: https://www.vpnmentor.com/blog/the-complete-list-of-bug-bounty-programs/
๐ Want to apply to the Synack Red Team Artemis program? https://www.linkedin.com/company/synack-red-team/
An exclusive community open to security professionals who identify as women, trans and nonbinary people, and others who identify as a gender minority. See this link: https://www.synack.com/artemis/
๐ Farah Hawa has a great video about bug bounty resources: https://youtu.be/ig5DuM6M2CQ
๐ The Bug Hunter Handbook by Gowthams https://gowthams.gitbook.io/bughunter-handbook/
๐ A repo โAllAboutBugBountyโ by daffainfo https://github.com/daffainfo/AllAboutBugBounty#readme
๐ Android Bug Bounty Hunting: Hunt Like a Rat by Wesley Thijs https://codered.eccouncil.org/course/android-bug-bounty-hunting-hunt-like-a-rat
๐ Set up your lab, learn about the methodology and get more resources on my Pentips
๐ Gabrielle B's talk and resources for TDI 2022: https://csbygb.gitbook.io/pentips/talks/android-app
๐ The dedicate Android App hacking page: https://csbygb.gitbook.io/pentips/mobile-app-pentest/android
๐ Mobile App Penetration Testing Cheat Sheet by tanprathan https://github.com/tanprathan/MobileApp-Pentest-Cheatsheet
๐ Donโt forget the standards. Read OWASP MASVS and OWASP MASTG here https://mas.owasp.org/#our-mission
๐ I highly recommend taking the API Penetration Testing course by Corey J. Ball on APIsec University https://university.apisec.ai/ https://www.linkedin.com/company/apisec-university/
๐ I had a blast working on this course. You will have the opportunity to learn and apply the concepts right after with a hands-on lab that you can install and deploy yourself.
๐ You will learn about the following topics
- Set Up an API Hacking lab
- API Reconnaissance
- Endpoint Analysis
- Scanning APIs
- API Authentication Attacks
- Exploiting API Authorization
- Testing for Improper Assets Management
- Mass Assignment
- Injection Attacks
- Rate Limit Testing
- Combining Tools and Techniques
๐ I can not thank enough the team of APIsec University special mention to Corey J. Ball and Dan Barahona for all that you do for the community. ๐
๐ Learn more about the course:
๐ Corey's Book: https://nostarch.com/hacking-apis
๐ Corey talks about API Hacking with David Bombal: https://youtu.be/CkVvB5woQRM
๐ Check out my notes about API Hacking here: https://csbygb.gitbook.io/pentips/web-pentesting/api
๐ ๐ช๐ต๐ฎ๐ ๐ถ๐ ๐๐ต๐ฟ๐ฒ๐ฎ๐ ๐บ๐ผ๐ฑ๐ฒ๐น๐ถ๐ป๐ด?
๐ Threat Modeling on OWASP by Victoria Drake https://owasp.org/www-community/Threat_Modeling
๐ ๐๐ผ๐ ๐ฑ๐ผ๐ฒ๐ ๐ถ๐ ๐๐ผ๐ฟ๐ธ?
๐ Threat Modeling the Right way for builders Workshop on AWS Skill builder https://explore.skillbuilder.aws/learn/course/external/view/elearning/13274/threat-modeling-the-right-way-for-builders-workshop
๐ Even my dad is a threat modeler by Sarthak Taneja https://youtu.be/Y587UFgjqhQ
๐ ๐๐ ๐ฎ๐บ๐ฝ๐น๐ฒ๐ ๐ฎ๐ป๐ฑ ๐ฅ๐ฒ๐๐ผ๐๐ฟ๐ฐ๐ฒ๐
๐ Threat Model Examples by Tal Eliyahu https://github.com/TalEliyahu/Threat_Model_Examples#readme
๐ Julien Provenzano made multiple posts on the subject
โ GUIDE TO CYBER THREAT MODELLING by Cyber Security Agency of Singapore (CSA) This document aims to provide a practical and systematic way to identify threat events that can be used in a cybersecurity risk assessment.
It will introduce various approaches and methods of threat modelling, and provide a suggested framework, coupled with practical examples, for individuals and groups to adopt to derive a robust system threat model and relevant threat events.
System owners can then incorporate these threat events into their cybersecurity risk assessment to develop and prioritise effective controls.
target audience:
- Internal stakeholders e.g. system owners, business unit heads, Chief Information Security Officers, and personnel involved in IT risk assessment and management within any organisation, including Critical Information Infrastructure Owners;
- External consultants or service providers engaged to conduct threat modelling on behalf of system owners; and
- Red team members, blue team defenders, and purple team members.
2 APPROACH
2.1 System Level Approach
2.2 Common Missteps in Threat Modelling
2.3 Integrating Threat Modelling into Risk Assessment Process
3 METHODOLOGY
3.1 Overview of Method
3.2 Step 1: Preliminaries and Scope Definition
3.3 Step 2: System Decomposition
3.4 Step 3: Threat Identification
3.5 Step 4: Attack Modelling
3.6 Step 5: Bringing Everything Together
โ Threat Modeling course by British Columbia Provincial Government
This training course is just one part of the Office of the Chief Information Officer (OCIO) Information Security Branch (ISB) education series.
The goal of this course is to inform staff of what threat modelling is, why it is important, and how it fits into the Security Threat Risk Assessment, and Statement of Acceptable Risk, processes.
Threat Modelling Frameworks
A threat modelling practice flows from a methodology or framework. There are many threat modelling frameworks available for use. Some of these are specialised models designed for a specific task, for example, some focus specifically on risk or on privacy concerns.
They can be optionally combined to create a more robust and well-rounded view of potential threats.
Threat modelling should be performed early in the development cycle because if potential issues arise, they can be caught early and remedied. This can prevent a much costlier fix down the line. Using threat modelling to think about security requirements can lead to proactive architectural decisions that help reduce threats right from the start.
Threat Modeling frameworks
- Microsoft STRIDE Threat Modelling Tool (Developer Focused)
- OWASP Application Threat modelling (Software Focused)
- OCTAVE (Practice Focused)
- Trike Threat modelling (Acceptable Risk Focused)
- P.A.S.T.A. Threat modelling (Attacker Focused)
- VAST Threat modelling (Enterprise Focused)
Threat Modelling Tools
- IriusRisk
- PyTM
- SecuriCAD
- ThreatModeler
- SD Elements
- Tutamantic
- OWASP Threat Dragon Project
- Mozilla SeaSponge
- OVVL
โ Threat Modeling Architecting & Designing with Security in Mind by OWASPยฎ Foundation - Venkatesh Jagannathan
Why do we create application threat models in the Software Development Life Cycle ?
SDLC refers to a methodology with clearly defined processes for creating high-quality software.
To identify potential flaws that have been there since the applications were created, threat modeling identifies risks and flaws affecting an application, no matter how old or new that application is.
Threat modeling should take place as soon as the architecture is in place as the cost of resolving issues generally increases further along in the SDLC.
- Introduction to Threat Modeling
- Precursors to Threat Modeling
- Threat Modeling โ How-To
- Test Focused Threat Modeling
- Alternate Threat Models
- Estimating Threat Modeling for Applications
- CVSS vs OCTAVE
๐ The threat Model playbook by Toreon https://github.com/Toreon/threat-model-playbook
๐ OWASP Threat Modeling Cheat Sheet https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Threat_Modeling_Cheat_Sheet.md
๐ TryHackMe room Introductory Researching: https://tryhackme.com/room/introtoresearch https://www.linkedin.com/company/tryhackme/
๐ Rajnessh Gupta - How to use Google for hacking https://youtu.be/lLnDrv696u4
๐ Have you heard about dorking? It is also very helpful.
โด๏ธ Hack The Box What is Google Dorking: https://www.hackthebox.com/blog/What-Is-Google-Dorking https://www.linkedin.com/company/hackthebox/
โด๏ธ Tryhackme Google Dorking: https://tryhackme.com/room/googledorking
๐ญ TIP: Lots of Engine use dorking, see DuckDuckGo Search Syntax: https://help.duckduckgo.com/duckduckgo-help-pages/results/syntax/
๐ญ TIP2: Automate Google dorking with Katana by TebbaaX: https://github.com/TebbaaX/Katana
๐ Bruce Clay, Inc. - Advanced Search Operators for Bing and Google (Guide and Cheat Sheet) https://www.bruceclay.com/blog/bing-google-advanced-search-operators/ https://www.linkedin.com/company/bruce-clay-inc-/
๐ Daniel Kelley 30 cybersecurity search engines
Here are 30 cybersecurity search engines:
- DehashedโView leaked credentials.
- SecurityTrailsโExtensive DNS data.
- DorkSearchโReally fast Google dorking.
- ExploitDBโArchive of various exploits.
- ZoomEyeโGather information about targets.
- PulsediveโSearch for threat intelligence.
- GrayHatWarfareโSearch public S3 buckets.
- PolySwarmโScan files and URLs for threats.
- FofaโSearch for various threat intelligence.
- LeakIXโSearch publicly indexed information.
- DNSDumpsterโSearch for DNS records quickly.
- FullHuntโSearch and discovery attack surfaces.
- AlienVaultโExtensive threat intelligence feed.
- ONYPHEโCollects cyber-threat intelligence data.
- Grep AppโSearch across a half million git repos.
- URL ScanโFree service to scan and analyse websites.
- VulnersโSearch vulnerabilities in a large database.
- WayBackMachineโView content from deleted websites.
- ShodanโSearch for devices connected to the internet.
- NetlasโSearch and monitor internet connected assets.
- CRT shโSearch for certs that have been logged by CT.
- WigleโDatabase of wireless networks, with statistics.
- PublicWWWโMarketing and affiliate marketing research.
- Binary EdgeโScans the internet for threat intelligence.
- GreyNoiseโSearch for devices connected to the internet.
- HunterโSearch for email addresses belonging to a website.
- CensysโAssessing attack surface for internet connected devices.
- IntelligenceXโSearch Tor, I2P, data leaks, domains, and emails.
- Packet Storm SecurityโBrowse latest vulnerabilities and exploits.
- SearchCodeโSearch 75 billion lines of code from 40 million projects.
(PTES) The Penetration Testing Execution Standard http://www.pentest-standard.org/
(OSSTMM) The Open Source Security Testing Methodology https://www.isecom.org/ https://www.isecom.org/OSSTMM.3.pdf
MITRE ATT&CK framework by MITRE ATT&CK https://youtu.be/Yxv1suJYMI8
Putting MITRE ATT&CK into Action with What You Have, Where You Are (By Katie Nickels) https://youtu.be/bkfwMADar0M
MITRE room on TryHackMe https://tryhackme.com/room/mitre
The Cyber Kill Chainยฎย framework, developed by Lockheed Martin, is part of theย Intelligence Driven Defenseยฎย model for identification and prevention of cyber intrusions activity. The model identifies what the adversaries must complete in order to achieve their objective. https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html
NIST Cybersecurity Framework Explained - Kelly Hood, Thomas Conkle - RSA Conference https://youtu.be/nFUyCrSnR68
PCI Security Standards Council https://www.pcisecuritystandards.org/
ISO 27000 Family of Standards by Aron Lange https://youtu.be/7PscOoWtR7g
A youtube playlist about ISO27001 by risk3sixty https://www.youtube.com/c/risk3sixty https://www.youtube.com/playlist?list=PLboNZ8lgLkUjg353Am3x4SytHme-XDL2N
NIST Cybersecurity Framework vs ISO 27001/27002 vs NIST 800-53 vs Secure Controls Framework on Compliance Forge https://www.complianceforge.com/faq/nist-800-53-vs-iso-27002-vs-nist-csf-vs-scf
Mitre Attack vs Cyber Kill chain on blackberry.com https://www.blackberry.com/us/en/solutions/endpoint-security/mitre-attack/mitre-attack-vs-cyber-kill-chain
CherryTree, a hierarchical note taking application. https://www.giuspen.com/cherrytree/
Joplin, an Open Source note-taking app. https://joplinapp.org/
KeepNote, a note taking application http://keepnote.org/
https://csbygb.gitbook.io/pentips/reporting/pentest-report
Writing Tips for IT Professionals (By Lenny Zeltser) https://zeltser.com/writing-tips-for-it-professionals/
How To Write A Penetration Testing Report by HackerSploit https://www.youtube.com/c/HackerSploit/ https://youtu.be/J34DnrX7dTo
A list of public penetration test reports published by several consulting firms and academic security groups.
https://github.com/juliocesarfort/public-pentesting-reports
A Directory of ethical hacking writeups including bug bounty, responsible disclosure and pentest writeups.
https://pentester.land/writeups/
BlackStone Project by MicroJoan https://microjoan.com/ https://github.com/micro-joan/BlackStone
Pentext by https://www.radicallyopensecurity.com/ https://github.com/radicallyopensecurity/pentext
https://portswigger.net/web-security/learning-path
https://www.youtube.com/c/RanaKhalil101
https://www.youtube.com/c/TheXSSrat
https://pentestbook.six2dez.com/others/web-checklist
https://owasp.org/www-project-top-ten/
https://owasp.org/www-project-vulnerable-web-applications-directory/
API Hacking beginners guide by Dana Epp https://danaepp.com/beginners-guide-to-api-hacking
Corey J. Ball API workshop https://sway.office.com/HVrL2AXUlWGNDHqy https://github.com/hAPI-hacker/Hacking-APIs
MalAPI by mrd0x https://malapi.io/
MindAPI by David Sopas https://dsopas.github.io/MindAPI/play/
Hackxpert - OWASP top 10 API training https://hackxpert.com/API-testing.php
VAmPI by erev0s: https://hakin9.org/vampi-vulnerable-rest-api-with-owasp-top-10-vulnerabilities-for-security-testing/ https://github.com/erev0s/VAmPI
APISecure Conference all their 2022 videos are available on their website https://www.apisecure.co/
Hacking mHealth Apps and APIs on KnightTV with Alissa Valentina Knight https://youtu.be/GLnhkf3JcL8
Get familiar with Cloud Security fundamentals with Learn to cloud by Gwyneth Peรฑa-Siguenza and Dayspring Johnson https://learntocloud.guide/#/phase5/README
Hacking the cloud by Nick Frichette an encyclopedia of the techniques that offensive security professionals can use against cloud environments. https://hackingthe.cloud/
https://github.com/CyberSecurityUP/Cloud-Security-Attacks
https://attackdefense.pentesteracademy.com/challengedetailsnoauth?cid=2074 https://attackdefense.pentesteracademy.com/
Building an Active Directory Lab by spookysec: https://blog.spookysec.net/ad-lab-1/
A script to set up a Vulnerable AD Lab by WazeHell https://github.com/WazeHell/vulnerable-AD
https://github.com/Cloud-Architekt/AzureAD-Attack-Defense
https://www.ralfkairos.com/ https://github.com/infosecn1nja/AD-Attack-Defense
https://github.com/Integration-IT/Active-Directory-Exploitation-Cheat-Sheet
HACKTHEBOX, A Massive Hacking Playground; CTF challenges: Fullpwn (based on vulnerable machines), Cryptographic, Forensic, Pwn (based on binary exploitation and memory corruption), Web, Reversing, Cloud cybersecurity (AWS, GCP, and Azure misconfigurations) and Hardware. https://www.hackthebox.com/
What is CTF in hacking? Tips & CTFs for beginners by HTB. https://www.hackthebox.com/blog/what-is-ctf
Learn to Hack with Hack The Box: The Beginner's Bible. https://www.hackthebox.com/blog/learn-to-hack-beginners-bible
Getting Into CTFs As a Web Developer. https://erichogue.ca/2022/03/GettingIntoCTFsAsADev
Rootย Me https://www.root-me.org
TryHackMe https://tryhackme.com/
RingZer0 Team Online CTF https://ringzer0ctf.com/challenges
Cryptopals https://cryptopals.com/
CTF Time https://ctftime.org/
https://info.marcellelee.com/ https://drive.google.com/drive/folders/1cfwjm_VqXwAFpFdBnUXkUi0-qT4_cpiJ https://docs.google.com/spreadsheets/d/1AkczyGQbtabSMbxq1P-c7u3NSXlmXqqv3cDoVpTlSoM/edit#gid=0
The Difference Between Red, Blue, and Purple Teams (By Daniel Miessler) https://danielmiessler.com/study/red-blue-purple-teams/
Purple Teaming for Dummies https://www.attackiq.com/lp/purple-teaming-for-dummies/
Purple Team Resources for Enterprise Purple Teaming: An Exploratory Qualitative Study by Xena Olsen. https://github.com/ch33r10/EnterprisePurpleTeaming
Purple Team Exercise Framework https://github.com/scythe-io/purple-team-exercise-framework/blob/master/PTEFv2.md
Actionable Purple Teaming: Why and How You Can (and Should) Go Purple https://www.scythe.io/library/actionable-purple-teaming-why-and-how-you-can-and-should-go-purple https://www.scythe.io/ptef
Bloodhound for Blue and Purple Teams. https://github.com/PlumHound/PlumHound
PurpleSharp is a C# adversary simulation tool that executes adversary techniques with the purpose of generating attack telemetry in monitored Windows environments. https://github.com/mvelazc0/PurpleSharp
๐ ๐ ๐ผ๐๐ถ๐ฒ๐
๐ A list of movies on Movies for Hackers by hackermovie club https://hackermovie.club/
๐ The Complete List of Hacker And Cybersecurity Movies by Cybercrime Magazine https://cybersecurityventures.com/movies-about-cybersecurity-and-hacking/ https://www.linkedin.com/company/cybercrime-magazine/
๐ Knight TV https://www.youtube.com/@knighttvplus
๐ ๐๐ถ๐ฐ๐๐ถ๐ผ๐ป
๐ Hacker stories on Wattpad by various authors https://www.wattpad.com/stories/hacker
๐ ๐ ๐๐๐ถ๐ฐ
๐ The SOC Analyst playlist by LetsDefend https://open.spotify.com/playlist/0G38638whLbeCBjHjIAIES https://www.linkedin.com/company/letsdefend/
๐ INE Study room RnB playlist https://open.spotify.com/playlist/571cQb5ZfmV5eHzCmCSHNG
๐ API Security playlist by 12135211372 https://open.spotify.com/playlist/7A6TsA3cKxxY253dPHlkcO
๐ INE Study Room Classical playlist https://open.spotify.com/playlist/6Q5UNkiJLFQcBS8FnLE41A
๐ Cyber Apocalypse 2021 by Kamil Gierach-Pacanek https://open.spotify.com/playlist/3LfUN18cfrleZN5SlNWY6S
๐ ./Hacking by fi3nds2 https://open.spotify.com/playlist/66sn9JCqts84k196NAhNS3
๐ Coding / Hacking Music by Mark Tey https://open.spotify.com/playlist/7KnyNJbKMJawssU93kUhLE
๐ Coding Programming Hacking Slashing by Techno Tim https://open.spotify.com/playlist/5SgJR30RfzR5hO21TsQhBp
๐ Hacking by Edwin Finch https://open.spotify.com/playlist/5R8erMpe2s3IcbxEGhBih4
๐ ๐๐ผ๐บ๐ถ๐ฐ๐
๐ Best Female Super Genius / Computer Hacker / Vigilante https://comicvine.gamespot.com/profile/megawubba/lists/best-female-super-geniuscomputer-hackervigilante/58810/
๐ The Ella Project - The Big Hack https://www.theellaproject.com/thebighack
๐ Planet Heidi http://www.planetheidi.com/
๐ Hackers Super heroes of the digital Age by vrncomics. Get your copy of issue #1 for free here: https://www.vrncomics.com/
๐จ๐จ ๐๐๐๐๐!๐จ๐จ Do you know other resources?
- Compiled from the differents latest posts from Gabrielle B ๐ https://github.com/CSbyGB