Red Team

 Red Team Resources: 

OSINT:

OSINT Framework - https://osintframework.com/
OSINT Cheatsheet - https://www.cheatsheet.wtf/osint/
FullContact API - https://platform.fullcontact.com/developers/api-keys
Intelius - https://www.intelius.com/
GoodHire - https://www.goodhire.com/
Webmii - https://webmii.com
GrayHat Warfare - https://buckets.grayhatwarfare.com/
ICANN Lookup - https://lookup.icann.org/en
cqcounter Whois - http://www.cqcounter.biz/whois/
Subdomain Finder - https://subdomainfinder.c99.nl/
Asint Collection - https://start.me/p/b5Aow7/asint_collection
DNSdumpster - https://dnsdumpster.com/
DNSTwister - https://dnstwister.report/
Blackbird - https://blackbird-osint.herokuapp.com/
Search 0t Rocks - https://search.0t.rocks/
PimEyes - https://pimeyes.com/pt
TinEye - https://tineye.com/

Cheatsheets:

Hacking Articles - https://www.hackingarticles.in/
Hack Tricks - https://book.hacktricks.xyz/
Cloud Hack Tricks - https://cloud.hacktricks.xyz/
OWASP Cheat Sheets - https://cheatsheetseries.owasp.org/index.html
Pentest Book - https://chryzsh.gitbooks.io/pentestbook/content/
Total OSCP Guide - https://sushant747.gitbooks.io/total-oscp-guide/content/
Hack The Box OSCP Preparation - https://rana-khalil.gitbook.io/hack-the-box-oscp-preparation/
Steflan Security - https://steflan-security.com
SecWiki - https://wiki.zacheller.dev/
Hausec - https://hausec.com/
HighOnCoffee - https://highon.coffee/blog/
/home/six2dez/.pentest-book - https://pentestbook.six2dez.com/
0xffsec Handbook - https://0xffsec.com/handbook/
haax's Cheatsheet - https://cheatsheet.haax.fr/
golinuxcloud - https://www.golinuxcloud.com/kali-linux-bootable-usb/
Pentest Monkey - http://pentestmonkey.net/
Web App Testing Guide - https://owasp.org/www-project-web-security-testing-guide/stable/
XSS CheatSheet -https://cheatsheetseries.owasp.org/cheatsheets/XSS_Filter_Evasion_Cheat_Sheet.html
Payload Box - https://github.com/payloadbox
Steganography Tools - https://0xrick.github.io/lists/stego/
Metasploit Unleashed - https://www.offensive-security.com/metasploit-unleashed
Mobile Security Testing Guide - https://mobile-security.gitbook.io/mobile-security-testing-guide/overview/0x03-overview
WADComs - https://wadcoms.github.io/
explainshell - https://explainshell.com/
Citadel Scripts - https://github.com/redcode-labs/Citadel
Linux PrivEsc w/SUID Binaries - https://www.hackingarticles.in/linux-privilege-escalation-using-suid-binaries/

Hacking Guides:

HackBack Phineas Fisher - https://gist.github.com/jaredsburrows/9e121d2e5f1147ab12a696cf548b90b0

Comments

Post a Comment

Popular posts from this blog

TryHackMe CTF Walkthrough - "Simple CTF"

Image
Note: This is a reupload of a CTF walkthrough from my original website which no longer exists. Tonight I'll be providing a writeup on the TryHackMe box "Simple CTF" similar to my writeup on Blue. TryHackMe is another great and incredibly educational site dedicated to teaching learners about offensive and defensive cybersecurity. As always, it's typical to start with a basic Nmap scan.  This is one of the typical Nmap scans that I like to run on TryHackMe and HacktheBox machines. It will take longer than most scans due to the enumeration being performed by the vulnerability script. Another I will typically run is - nmap -sC -sV -A x.x.x.x This is an aggressive service scan with default scripts enabled. Here we have quite a bit of output, the bulk of it being a list of CVE's for the specific version of Apache web server running on the target machine. As we can see, Port 21 (FTP), Port 80 (HTTP), and Port 2222 (SSH) are currently open on the target machine. We can al...
Read more

Malware Overview - ZeuS

Image
 Note: This is a reupload of my writeup of the history of the ZeuS malware from my original website. INTRODUCTION:  Image Source:  https://www.bankinfosecurity.com/zeus-banking-trojan-spawn-alive-kicking-a-10471 When discussing the history of malware, you are more than likely going to hear the same few names over and over again. Conficker, Welchia, ILOVEYOU, Stuxnet, Flame, CryptoLocker, Dridex, and even newer malware like WannaCrypt0r, Emotet, and Maze.  What is left behind but stands atop the lesser remembered malware of the last fifteen years in particular is the ZeuS or Zbot Trojan and its successor, the Gameover ZeuS Trojan. This will be a historical summary of the ZeuS and Gameover ZeuS Trojans, beginning from its initial discovery and ending in the current year.  I will be using a variety of sources for my analysis. This is NOT a technical analysis of the malware, simply a historical account. I plan on writing a full technical analysis of the ZeuS and Gam...
Read more

Group Overview - Evil Corp

Image
This will be my first post in a series of posts summarizing various cyber actors, including APTs, Cybercrime outfits, and Hacktivist groups. I will be mainly discussing the history of the group and their known and documented activities throughout their existence. I plan on making additional summaries of each group that will delve further into their TTPs and other technical information to compliment this summary. The first group I will be discussing is the Evil Corp cybercrime outfit. The group is also known to many by the name INDRIK SPIDER, which was coined by the Cybersecurity company CrowdStrike. I decided to write about the Evil Corp group first due to the fact that they are still very relevant in 2020, as just a few days ago, Symantec published a report discussing a widespread attempted ransomware attack against various U.S. companies carried out by the Evil Corp group earlier this month. Evil Corp is an extremely sophisticated threat actor. They are capable of developing their ow...
Read more