Resources

Although there is a huge amount of useful resources out there easily accessed with just a Google Search, I believe that keeping a short personal favorite list is always handy.
So here is a list of my favorite holy-bible-grade resources that could be useful during an investigation, engagement or a CTF.
Useful repositories, cheatsheets, CTF stuff and much more!

Useful git repos:

[HUGE] A collection of various awesome lists for hackers, pentesters and security researchers
[HUGE] A collection of awesome penetration testing resources, tools and other shiny things

Various ways to do a reverse shell

SecLists – The security tester’s companion

Useful Online tools:

CyberChef
Tio.Run – family of online interpreters
morewords – Find dictionary words for crossword puzzles and word games
Textmechanic – Text manipulation tools
asciitohex – plain/binary/hex/base/decimal/rot13 all together

Linux Privilege Escalation Checklist:

PEASS – Privilege Escalation Awesome Scripts SUITE
Linux Privilege Escalation Checklist
A guide to Linux Privilege Escalation
CTF Privilege Escalation Checklist
Pentestmonkey unix privesc check
Linux Exploit Suggester
Linux Soft Exploit Suggester
Linux Smart Enumeration
Curated list of Unix binaries that can be exploited for LPE
SecWiki/linux-kernel-exploits

Windows Privilege Escalation:

PEASS – Privilege Escalation Awesome Scripts SUITE
Windows Privilege Escalation Fundamentals
PayloadsAllTheThings / Methodology and Resources / Windows – Privilege Escalation
Windows Privilege Escalation Guide
OSCP Privilege Escalation Windows
https://lolbas-project.github.io/
https://github.com/egre55/windows-kernel-exploits
https://github.com/SecWiki/windows-kernel-exploits
Windows Basic Priv Esc Notes
Windows Exploit Suggester
Windows Privilege Escalation Scripts and Techniques
JakobRPennington Windows Priv Esc
Living Off The Land Binaries and Scripts (and also Libraries)

CTF Stuff:

JohnHammond’s CTF KATANA
CTF Series : Vulnerable Machines
A curated list of Capture The Flag (CTF) frameworks, libraries, resources and softwares
A curated list of CTF frameworks, libraries, resources and softwares

Cryptography – Cryptanalysis resources

https://www.dcode.fr/tools-list
https://cryptii.com/
http://rumkin.com/tools/cipher/
http://practicalcryptography.com/

Stego resources

0xRick Steganography – A list of useful tools and resources

SQLi resources

Full SQL Injection Tutorial (MySQL)
SQL Injection Cheat Sheet
Beyond SQLi: Obfuscate and Bypass
Tutorial on SQLi labs
noobsec.net sqli

Cheatsheets

[HUGE] https://github.com/detailyang/awesome-cheatsheet
Kali Linux Cheatsheet
ExploitedBunker Pentesting Cheatsheet
Security Cheatsheets
HighOnCoffee Cheat-sheets
PentestMonkey Cheat-sheets
List of file signatures

Prepare for OSCP:

OSCP cheatsheet
Cybrary OSCP Course
INE OSCP Security Technology Course
OSCP-Survival-Guide
TJnullā€™s Preparation Guide for PWK/OSCP
Github OSCP Prep
OSCP survival guide
Github OSCP Prep 2
Total OSCP guide
OSCP Basic notes
OSCP Fun Guide
Guide for OSCP with chapters
Newbie to OSCP
How to Pass OSCP Like Boss.
Passing OSCP – scund00r
OSCP useful resources and tools
OSCP Human Guide
How to pass the OSCP
A curated list of awesome OSCP resources
A reconnaissance tool made for the OSCP labs
HackTheBox OSCP-like Machines
noobsec.net OSCP

Book recommendations:

  • Secrets and Lies – Digital Security in a Networked World
  • Ghost in the Wires – My Adventures as the World’s Most Wanted Hacker
  • Social Engineering – The Art of Human Hacking
  • The Art of Intrusion
  • The Hacker Playbook series
  • Hacking The Art of Exploitation
  • Serious Cryptography A Practical Introduction to Modern Encryption
  • Kali Linux Revealed Book
  • Kali Linux Web Penetration Testing Cookbook
  • Mastering Kali Linux for Advanced Penetration Testing
  • Metasploit – The Penetration Testers Guide
  • Mastering Metasploit
  • Mastering Modern Web Penetration Testing
  • The Web Application Hacker’s Handbook
  • Ethical Hacking and Penetration Testing Guide
  • The Hacker Playbook Practical Guide To Penetration Testing
  • Penetration Testing – A hands-on introduction to Hacking
  • RTFM – Red Team Field Manual
  • Blue Team Field Manual
  • Professional Red Teaming
  • Practical Malware Analysis
  • Security Operations Best Practices [Brown, Christopher J]
  • Blue Team Handbook – SOC, SIEM & Threats Hunting Use Cases Notes from Fields (v1.02)
  • Practical Threat Intelligence and Data-Driven Threat Hunting: A hands-on guide to threat hunting with the ATT&CK™ Framework and open source tools