Created a Github page with useful materials for those who want to start to learn pentesting/hacking.
GitHub - creotiv/start-learn-pentesting-red-team
!!! Always do all work from VM or dedicated machine for that, remember that all tools that you install may have some malware(mostly not but the risk exists).
So you should prevent access to your real machine. Also dont forget to use VPN, even when using training VM from hackthebox (because you will be sharing same network with many people)
BOOKS & ARTICLES
https://www.youtube.com/watch?v=WnN6dbos5u8&ab_channel=TheCyberMentor — Course for beginners- Staring Point course from
https://www.hackthebox.com/ https://pwning.owasp-juice.shop/ — How to pawn Juice Shop guidehttps://book.hacktricks.xyz/ — many tutorials and howtoshttps://guyinatuxedo.github.io/index.html — exsploits & reverse engineering coursehttps://medium.com/purple-team/buffer-overflow-c36dd9f2be6f — buffer overflow for beginershttps://medium.com/cyber-unbound/buffer-overflows-ret2libc-ret2plt-and-rop-e2695c103c4c — buffer overflow, how to pass ASLR & PIE & NO-STACK-EXECUTION protectionhttps://github.com/tanprathan/OWASP-Testing-Checklist — OWASP testing checklist. Help to not forget somethinghttps://owasp.org/www-project-web-security-testing-guide/v41/ — OWASP testing guide for checklist above ^
TOOLS
https://www.vmware.com/products/workstation-player.html — VM player to run Kalihttps://www.kali.org/ — Kali linux for pentesters. Base Toolhttps://github.com/sullo/nikto — web site vulnerability scanner.https://wpscan.com/wordpress-security-scanner — wordpress vulnrability scanner.https://www.kali.org/tools/nmap/ — NMAP port, script, vulnerability scanner. Base toolhttps://www.kali.org/tools/hydra/ — Login cracker for different protocolshttps://www.kali.org/tools/gobuster/ — Dir,Subdomains enumerator for websiteshttps://www.metasploit.com/ — Pentesting framework. Base Toolhttps://github.com/carlospolop/PEASS-ng/tree/master/winPEAS — Privilege escalation for Win. Base Toolhttps://github.com/carlospolop/PEASS-ng/tree/master/linPEAS — Privilege escalation for Linux. Base Toolhttps://www.kali.org/tools/gdb/ — console debuggerhttps://www.kali.org/tools/edb-debugger/ — edb debugger with ui
SERVICES
Data arvesting
https://hunter.io/ — find emails on domainhttps://haveibeenpwned.com/ — find if email was leakedhttps://crt.sh/ — subdomain searchhttps://builtwith.com/ — technology stack infohttps://search.censys.io/ — servers search enginehttps://www.shodan.io/ — servers search engine
DATA LEAKS
https://github.com/philipperemy/tensorflow-1.4-billion-password-analysis — how passwords changes with time + 1.4B email:pass
TRAINING
https://www.hackthebox.com/ — Platform with VMs that you can try to hackhttps://tryhackme.com/ — training sitehttps://github.com/juice-shop/juice-shop — Training app for web pentestershttps://pentesterlab.com/ — excercices for hackers (not free)
EXPLOIT DBs
WORDLISTS
https://github.com/danielmiessler/SecLists/ — many differenthttps://github.com/payloadbox/sql-injection-payload-list — SQL inj payloadshttps://github.com/foospidy/payloads — web payloads