├── README.md └── webapplication_security ├── hydra_demo.md └── xxe_demo.md /README.md: -------------------------------------------------------------------------------- 1 | # Security Resources 📖 2 | 3 | Links to online resources & tools we use during our web application / network 4 | security [courses](https://compass-security.com/en/trainings). 5 | 6 | You can create a PR or open an issue if you think we missed a useful resource. 7 | 8 | Short URL: https://git.io/secres 9 | 10 | ## Compass Security 🧭 11 | 12 | - Compass Security: https://compass-security.com/de/ 13 | - Compass Security Blog: https://blog.compass-security.com/ 14 | - Hacking Lab 1.0: https://www.hacking-lab.com/ 15 | - Hacking Lab 2.0: https://compass.hacking-lab.com/ 16 | - Hacking Lab Live CD: https://livecd.hacking-lab.com/ 17 | 18 | ## General 🌳 19 | 20 | ### Link Lists 21 | 22 | - Awesome Security: https://github.com/sbilly/awesome-security 23 | - InfoSec Reference That Doesn't Suck!(Much): https://rmusser.net/docs/index.html 24 | - Awesome Penetration Testing: https://github.com/enaqx/awesome-pentest 25 | - Security Checklists from pentestlab.blog: https://github.com/netbiosX/Checklists 26 | - Security Tools Collection: https://tools.tldr.run/ 27 | - Public Pentest Reports: https://github.com/juliocesarfort/public-pentesting-reports 28 | - Security Zines: https://securityzines.com/ 29 | 30 | ### Hacking-Notebooks 31 | 32 | - Payload All The Things: https://github.com/swisskyrepo/PayloadsAllTheThings 33 | - HackTricks: https://book.hacktricks.xyz/ 34 | - Red Teaming Experiments: https://www.ired.team/ 35 | - Pentester's promiscuous Notebook: https://ppn.snovvcrash.rocks/ (by snovvcrash https://snovvcrash.rocks/) 36 | 37 | ### Tutorials 38 | 39 | - Various Security Tutorials by Prof. Andreas Steffen, strongSec GmbH: https://github.com/strongX509/cyber/ 40 | 41 | ### Online Tools 42 | 43 | - CyberChef: https://gchq.github.io/CyberChef/ 44 | - Useful Web Tools by @h43z: https://h.43z.one/ 45 | - Explain Shell Commands: https://explainshell.com/ 46 | - Online Regex Tester & Debugger: https://regex101.com/ 47 | 48 | ### Reading 49 | 50 | - Phrack: http://phrack.org/ 51 | - PoC||GTFO: https://www.alchemistowl.org/pocorgtfo/ 52 | 53 | ### Talks & Videos 54 | 55 | - media.ccc.de: https://media.ccc.de/ 56 | - LiveOverflow: https://www.youtube.com/c/LiveOverflowCTF/ 57 | - Stacksmashing: https://www.youtube.com/channel/UC3S8vxwRfqLBdIhgRlDRVzw 58 | - IppSec (Hack The Box Walkthroughs): https://www.youtube.com/channel/UCa6eh7gCkpPo5XXUDfygQQA 59 | - /dev/null: https://www.youtube.com/channel/UCGISJ8ZHkmIv1CaoHovK-Xw 60 | - DEFCON Switzerland / Area41: https://www.youtube.com/user/defconswitzerland/ 61 | - Swiss Cyber Storm: https://www.youtube.com/channel/UCY-Wb3JuBv_xpa8s6ZrpUxg/ 62 | - Cooper Recordings: https://administraitor.video/ 63 | - DEFCON: https://www.youtube.com/user/DEFCONConference/ 64 | - Black Hat: https://www.youtube.com/user/BlackHatOfficialYT 65 | 66 | ## Web Application Security 🐝 67 | 68 | ### References 69 | 70 | - HTML Standard: https://html.spec.whatwg.org/ 71 | - W3Schools: https://www.w3schools.com/ 72 | - Mozilla Developer Network (MDN): https://developer.mozilla.org/ 73 | 74 | ### General 75 | 76 | - Compass Demo: https://www.compass-demo.com/ 77 | - PortSwigger Online Seminar: https://portswigger.net/web-security 78 | - OWASP: https://owasp.org/ 79 | - OWASP Top 10 80 | - Project Page: https://owasp.org/www-project-top-ten/ 81 | - New Project Page: https://www.owasptopten.org/ 82 | - GitHub: https://github.com/OWASP/Top10 83 | - OWASP Application Security Verification Standard (ASVS) 84 | - Project Page: https://owasp.org/www-project-application-security-verification-standard/ 85 | - GitHub: https://github.com/OWASP/ASVS 86 | - API Security: https://www2.owasp.org/www-project-api-security/ 87 | - Cheat Sheet Series: https://cheatsheetseries.owasp.org/ 88 | - Juice Shop 89 | - Project Page: https://owasp-juice.shop/, https://owasp.org/www-project-juice-shop/ 90 | - GitHub: https://github.com/bkimminich/juice-shop 91 | - Companion Guide: https://pwning.owasp-juice.shop/ 92 | - Demo: https://juice-shop.herokuapp.com/ 93 | - OWASP Switzerland 94 | - Chapter Page: https://owasp.org/www-chapter-switzerland/ 95 | - Mailing List: https://groups.google.com/a/owasp.org/forum/#!forum/switzerland-chapter 96 | - Twitter: https://twitter.com/owasp_ch 97 | - YouTube: https://www.youtube.com/channel/UCut4rjo2pUSdtnX3hUbi9_Q 98 | - Presentation Slides Repo:https://github.com/OWASP/www-chapter-switzerland/tree/master/assets/slides 99 | - Stanford Web Security Class: https://web.stanford.edu/class/cs253/ 100 | 101 | ### HTTP & Web Basics 102 | 103 | - HTTP Status Codes: https://httpstatuses.com/ 104 | - Can I Use (Browser Support Matrix): https://caniuse.com/ 105 | - Mozilla Developer Network: https://developer.mozilla.org/ 106 | 107 | ### Web Standards 108 | 109 | - W3C Overview: https://www.w3.org/TR/ 110 | - CORS: https://www.w3.org/TR/2020/SPSD-cors-20200602/ 111 | - HTTP/2 Explained: https://http2-explained.haxx.se/ 112 | - HTTP/3 Explained: https://http3-explained.haxx.se/ 113 | - HTTP/2 Speed Demo: https://http2.akamai.com/demo 114 | 115 | ### Reverse Proxies 116 | 117 | - Weird Proxies: https://github.com/GrrrDog/weird_proxies 118 | 119 | ### Authentication & Login 120 | 121 | - Have I Been Pwned (Password Leaks): https://haveibeenpwned.com/ 122 | - Pwned Passwords: https://haveibeenpwned.com/Passwords 123 | - Dehashed Leaked Passwords Database: https://www.dehashed.com/ 124 | - Hashes.org (Password Hash Database): https://hashes.org/ 125 | 126 | ### OAuth 2.0 / OpenID Connect (OIDC) 127 | 128 | - OAuth.net: https://oauth.net/2/ 129 | - OAuth 2.0 Simplified: https://www.oauth.com/ 130 | - The OAuth 2.0 Authorization Framework, RFC 6749: https://tools.ietf.org/html/rfc6749 131 | - OAuth 2.0 Security Best Current Practice: https://tools.ietf.org/html/draft-ietf-oauth-security-topics-16 132 | - OpenID Connect & OAuth 2.0 - Security Best Practices, Dominick Baier, 2020: https://www.youtube.com/watch?v=AUgZffkurK0 133 | - OAuth 2.0 for Browser-Based Apps: https://tools.ietf.org/html/draft-ietf-oauth-browser-based-apps-07 134 | - OIDC Discovery: https://auth0.com/docs/protocols/configure-applications-with-oidc-discovery) 135 | - Real-life OIDC Security: https://security.lauritz-holtmann.de/post/sso-security-overview/ 136 | 137 | ### Cross-Site Scripting (XSS) 138 | 139 | - PortSwigger XSS Cheat Sheet: https://portswigger.net/web-security/cross-site-scripting/cheat-sheet 140 | - XSS Payloads: https://html5sec.org/ 141 | - XSS Hunter: https://xsshunter.com/ 142 | - XSS Polyglot: https://github.com/0xsobky/HackVault/wiki/Unleashing-an-Ultimate-XSS-Polyglot 143 | - Script Gadgets: https://github.com/google/security-research-pocs (bypass overview: https://github.com/google/security-research-pocs/blob/master/script-gadgets/bypasses.md) 144 | - Browser Exploitation Framework (BeEF): https://beefproject.com/ 145 | - Attack Examples 146 | - XSS in Electron App leads to RCE: https://blog.doyensec.com/2017/08/03/electron-framework-security.html 147 | - XSS in Google Search Field: https://www.youtube.com/watch?v=lG7U3fuNw3A 148 | - XSS in Tweetdeck Twitter Client: https://twitter.com/dergeruhn/status/476764918763749376?lang=en 149 | 150 | ### Cross-Site Request Forgery (CSRF) 151 | 152 | - Same-Site Cookie Flag: https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-06 153 | - Public Suffix List (https://publicsuffix.org): https://publicsuffix.org/list/public_suffix_list.dat 154 | 155 | ### Security Headers 156 | 157 | - Security Headers: https://securityheaders.com/ 158 | - Content Security Policy (CSP) Evaluator: https://csp-evaluator.withgoogle.com/ (Code: https://github.com/google/csp-evaluator) 159 | - HSTS Preloading: https://hstspreload.org 160 | 161 | ### JSON Web Tokens (JWT) 162 | 163 | - JWT Decoder/Encoder: https://jwt.io/ 164 | - PentesterLab JWT Cheat Sheet: https://assets.pentesterlab.com/jwt_security_cheatsheet/jwt_security_cheatsheet.pdf 165 | - JWT Tool for testing: https://github.com/ticarpi/jwt_tool 166 | - Convert JWK to PEM: 167 | - Crypto Playground: https://8gwifi.org/jwkconvertfunctions.jsp 168 | - Keytool: https://keytool.online/ 169 | - Attack Examples 170 | - Algorithm Confusion 171 | - Auth0 Info: https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/ 172 | - pyjwt CVE-2017-11424: https://www.cvedetails.com/cve/CVE-2017-11424/ 173 | - pyjwt fix: https://github.com/jpadilla/pyjwt/commit/88a9fc56bdc6c870aa6af93bda401414a217db2a, https://github.com/jpadilla/pyjwt/commit/37926ea0dd207db070b45473438853447e4c1392 174 | 175 | ### SQL Injection (SQLi) 176 | 177 | - PortSwigger SQL Injection Cheat Sheet: https://portswigger.net/web-security/sql-injection/cheat-sheet 178 | 179 | ### XML External Entities (XXE) 180 | 181 | - Attack Examples 182 | - Sending mails via SMTP using XXE: https://shiftordie.de/blog/2017/02/18/smtp-over-xxe/ 183 | 184 | ### Tools 185 | 186 | - Burp Suite: https://portswigger.net/burp/communitydownload 187 | - SQLMap: https://sqlmap.org/ 188 | - SQLMap cheat sheet: https://www.comparitech.com/net-admin/sqlmap-cheat-sheet/ 189 | - Burp Suite Extensions 190 | - Burp Suite Extensions Overview: https://apps.burpsuite.guide/ 191 | - SAML Raider: https://portswigger.net/bappstore/c61cfa893bb14db4b01775554f7b802e, https://github.com/CompassSecurity/SAMLRaider 192 | - JSON Web Tokens: https://portswigger.net/bappstore/f923cbf91698420890354c1d8958fee6, https://github.com/portswigger/json-web-tokens 193 | - Talk "Automated security testing for Software Developers who dont know security!" (shows how to use OWASP ZAP in a CI/CD pipeline): https://media.ccc.de/v/Camp2019-10181-automated_security_testing_for_software_developers_who_dont_know_security 194 | 195 | ### Hacking Environments 196 | 197 | - OWASP Web Goat: https://owasp.org/www-project-webgoat/ 198 | - Damn Vulnerable Web Application: https://www.dvwa.co.uk/ 199 | - OWASP JuiceShop: https://owasp.org/www-project-juice-shop/ 200 | 201 | ## Transport Layer Security (TLS) 🔐 202 | 203 | ### TLS Information 204 | 205 | - SSL/TLS and PKI History: https://www.feistyduck.com/ssl-tls-and-pki-history/ 206 | - Every Byte of a TLS Connection: https://tls12.xargs.org/ 207 | - Every Byte of a TLS Connection for TLS 1.3: https://tls13.xargs.org/ 208 | - Cipher Suite Ratings: https://ciphersuite.info/ 209 | 210 | ### Online Services 211 | 212 | - SSL Labs (TLS Server Test): https://ssllabs.com 213 | - Hardenize: https://hardenize.com/ 214 | - BadSSL: Weak TLS Configuration Test Page: https://badssl.com 215 | - Certificate Transparency Search: https://crt.sh/ 216 | 217 | ### Tools 218 | 219 | - SSLyze TLS Server Test Tool: https://github.com/nabla-c0d3/sslyze 220 | 221 | ## Cryptography 🔏 222 | 223 | - Key Lengths: https://keylength.com 224 | - Cryptopals Crypto Challenges: https://cryptopals.com/ 225 | - CryptoHack: https://cryptohack.org/ 226 | - Key generation / conversion: https://keytool.online/ 227 | 228 | ## Container Security 🐳 229 | 230 | - contained.af (separation examples): https://contained.af/ 231 | 232 | ## Network Pentesting 💻 233 | 234 | ### General 235 | 236 | - Hacking Tools Cheat Sheet: https://github.com/CompassSecurity/Hacking_Tools_Cheat_Sheet 237 | - Porchetta Industries OpenSource Tools Support: https://porchetta.industries/ 238 | - Security Best Practices for On-Premise Environments: https://github.com/CompassSecurity/OnPremSecurityBestPractices 239 | 240 | ### Information Gathering & Wordlists 241 | 242 | - Amass: https://github.com/OWASP/Amass 243 | - Sublist3r: https://github.com/aboul3la/Sublist3r 244 | - Shodan: https://www.shodan.io/ 245 | - Censys: https://censys.io/ 246 | - Payload All The Things: https://github.com/swisskyrepo/PayloadsAllTheThings 247 | - VirusTotal: https://www.virustotal.com/ 248 | - FuzzDB: https://github.com/fuzzdb-project/fuzzdb 249 | - SecLists: https://github.com/danielmiessler/SecLists 250 | - Rapid7 Open Data: https://opendata.rapid7.com/ 251 | - CeWL: https://github.com/digininja/CeWL 252 | 253 | ### Online Services 254 | 255 | - PortQuiz: http://portquiz.net/ 256 | - nip.io (wildcard DNS): https://nip.io/ 257 | - RequestBin.NET: https://requestbin.net/ 258 | - ngrok: https://ngrok.com/ 259 | - Various useful tools: https://h.43z.one/ 260 | - Request Logger: https://log.43z.one/ 261 | - IP Address Convertor (useful for SSRF): https://h.43z.one/ipconverter/ 262 | 263 | ### Scanning 264 | 265 | - Nmap: https://nmap.org/ 266 | - Nmap-parse-output: https://github.com/ernw/nmap-parse-output 267 | - Aquatone: https://github.com/michenriksen/aquatone 268 | - SMBMap: https://github.com/ShawnDEvans/smbmap 269 | - Snaffler: https://github.com/SnaffCon/Snaffler 270 | - Subjack: https://github.com/haccer/subjack 271 | 272 | ### Sniffing 273 | 274 | - Sniffing Tools 275 | - tcpdump: https://www.tcpdump.org/ 276 | - Wireshark / Tshark: https://www.wireshark.org/ 277 | - PCAP Collection 278 | - Wireshark Samle Captures: https://wiki.wireshark.org/SampleCaptures 279 | - Sniffing Analysis 280 | - PacketTotal: https://packettotal.com/ 281 | - A-Packets: https://apackets.com/ 282 | - Extract credentials from network interfaces / PCAP files 283 | - net-creds: https://github.com/DanMcInerney/net-creds 284 | - PCredz: https://github.com/lgandx/PCredz 285 | 286 | ## Protocol Hacking 287 | 288 | - Network Programming in Python: https://0xbharath.github.io/python-network-programming/ 289 | - Python Foundations: https://0xbharath.github.io/python-foundations/ 290 | - Scapy: https://scapy.net/ 291 | - Workshop: The Art of Packet Crafting with Scapy by @0xbharath 292 | - GitHub: https://github.com/0xbharath/art-of-packet-crafting-with-scapy 293 | - Online Notes: https://scapy.disruptivelabs.in/ 294 | 295 | ### Protocols 296 | 297 | - DNS 298 | - DNSViz (show DNSSEC chain): https://dnsviz.net/ 299 | - Public .ch DNS Zone: https://www.switch.ch/open-data/#tab-c5442a19-67cf-11e8-9cf6-5254009dc73c-3 300 | - Search Tool: https://search-ch-domains.idocker.hacking-lab.com/ 301 | - Mailing 302 | - Email Infrastructure: https://www.hardenize.com/labs/policy?s=09 303 | - Email Spoofing Mitigations 304 | - Google: Help prevent spoofing and spam with DMARC: https://support.google.com/a/answer/2466580 305 | - Actually, DMARC works fine with mailing lists: https://begriffs.com/posts/2018-09-18-dmarc-mailing-list.html 306 | - Learn and Test DMARC: https://www.learndmarc.com/ 307 | 308 | ### Exploiting 309 | 310 | - Vulnerability Database: https://cvedetails.com/ 311 | - Exploit Database: https://www.exploit-db.com/ 312 | - Metasploit: https://www.metasploit.com/ 313 | - Reverse Shell Generator: https://www.revshells.com/ 314 | - Hak5 Gadget Shop: https://shop.hak5.org/ 315 | - Covenant: https://github.com/cobbr/Covenant 316 | 317 | ### Cracking 318 | 319 | - General Information 320 | - Talk "G1234! - Password Cracking 201: Beyond the Basics - Royce Williams": https://www.youtube.com/watch?v=cSOjQI0qbuU 321 | - Online Brute Force Tools 322 | - Ncrack: https://nmap.org/ncrack/ 323 | - Hydra: https://github.com/vanhauser-thc/thc-hydra 324 | - Offline Brute Force Tools 325 | - Name-That-Hash: https://github.com/HashPals/Name-That-Hash 326 | - Hashcat: https://hashcat.net/hashcat/ 327 | - John The Ripper: https://www.openwall.com/john/ 328 | - Offline Burte Force Services 329 | - CrackStation: https://crackstation.net/ 330 | - Crack.sh (DES Cracker): https://crack.sh/ 331 | - Wordlists 332 | - Password Lists from SecLists: https://github.com/danielmiessler/SecLists/tree/master/Passwords 333 | - CrackStation Dictionary: https://crackstation.net/crackstation-wordlist-password-cracking-dictionary.htm 334 | - PWDB - New generation of Password Mass-Analysis: https://github.com/ignis-sec/Pwdb-Public 335 | - Rules 336 | - NSA Rules: https://github.com/NSAKEY/nsa-rules 337 | - Hob0Rules: https://github.com/praetorian-inc/Hob0Rules 338 | - Corporate Rule: https://github.com/sparcflow/StratJumbo/blob/master/chap3/corporate.rule 339 | - OneRuleToRuleThemAll: https://github.com/NotSoSecure/password_cracking_rules 340 | - Hashcat Rules: https://github.com/hashcat/hashcat/tree/master/rules (e.g. best64 rule) 341 | 342 | ### Linux Privilege Escalation 343 | 344 | - Enumeration 345 | - LinEnum: https://github.com/rebootuser/LinEnum 346 | - linPEAS: https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/linPEAS 347 | - pspy (unprivileged Linux process snooping): https://github.com/DominicBreuker/pspy 348 | - Glyptodon (search for suspicious files): https://blog.sevagas.com/?-Glyptodon 349 | - Lynis: https://cisofy.com/lynis/ 350 | - Privilege Escalation Methods 351 | - Sudo privesc on Compass Blog: https://blog.compass-security.com/tag/sudo/ 352 | - HackTricks Linux Privilege Escalation: https://book.hacktricks.xyz/linux-unix/linux-privilege-escalation-checklist and https://book.hacktricks.xyz/linux-unix/privilege-escalation 353 | - PayloadsAllTheThings Linux Privilege Escalation: https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Linux%20-%20Privilege%20Escalation.md 354 | - Back To The Future: Unix Wildcards Gone Wild (Wildcard Injection): https://www.exploit-db.com/papers/33930 355 | - Exploitation Tools 356 | - LES (Linux Exploit Suggester): https://github.com/mzet-/linux-exploit-suggester 357 | - GTFOBins: https://gtfobins.github.io/ 358 | - GTFOBLookup: https://github.com/nccgroup/GTFOBLookup 359 | - Hardening 360 | - Distribution Independent Linux CIS Benchmark: https://www.cisecurity.org/benchmark/distribution_independent_linux/ 361 | 362 | ### Windows & Active Directory (AD) 363 | 364 | - Attacks / Methodologies 365 | - Active Directory Security: https://adsecurity.org/ 366 | - AD Exploitation Cheat Sheet: https://github.com/S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet 367 | - Orange Cyberdefense Active Directory Pentest Mindmap: https://orange-cyberdefense.github.io/ocd-mindmaps/ 368 | - The Dog Whisperer's Handbook: https://www.ernw.de/download/BloodHoundWorkshop/ERNW_DogWhispererHandbook.pdf 369 | - Not A Security Boundary: Breaking Forest Trusts: https://posts.specterops.io/not-a-security-boundary-breaking-forest-trusts-cd125829518d 370 | - Attacking Active Directory: 0 to 0.9: https://zer1t0.gitlab.io/posts/attacking_ad/?s=09 371 | - Windows & Active Directory Exploitation Cheat Sheet and Command Reference: https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference/ 372 | - Kerberos 373 | - Introduction Videos by ATTL4S (https://twitter.com/DaniLJ94) 374 | - You Do (Not) Understand Kerberos: Introduction: https://www.youtube.com/watch?v=4LDpb1R3Ghg 375 | - You Do (Not) Understand Kerberos Delegation - Introduction: https://www.youtube.com/watch?v=p9QFdITuvgU 376 | - You Do (Not) Understand Kerberos Delegation - Unconstrained Delegation: https://www.youtube.com/watch?v=xDFRUYv1-eU&t=580s 377 | - You Do (Not) Understand Kerberos Delegation - Constrained Delegation: https://www.youtube.com/watch?v=gzqq2r6cZjc&t=2288s 378 | - You Do (Not) Understand Kerberos Delegation - RBCD: https://www.youtube.com/watch?v=vlKwCTvp5_w&t=1185s 379 | - CVE-2020-17049: Kerberos Bronze Bit Attack Theory: https://www.netspi.com/blog/technical/network-penetration-testing/cve-2020-17049-kerberos-bronze-bit-theory/ 380 | - Wagging the Dog: Abusing Resource-Based Constrained Delegation to Attack Active Directory: https://shenaniganslabs.io/2019/01/28/Wagging-the-Dog.html 381 | - Active Directory Security Risk #101: Kerberos Unconstrained Delegation (or How Compromise of a Single Server Can Compromise the Domain): https://adsecurity.org/?p=1667 382 | - Kerberos Attack Cheat Sheet: https://gist.github.com/TarlogicSecurity/2f221924fef8c14a1d8e29f3cb5c5c4a 383 | - Active Directory Certificate Services 384 | - Abusing Active Directory Certificate Services Whitepaper: https://specterops.io/assets/resources/Certified_Pre-Owned.pdf 385 | - Abusing Active Directory Certificate Services Blogpost: https://posts.specterops.io/certified-pre-owned-d95910965cd2 386 | - Best Practices 387 | - Domain-Join Computers the Proper Way: https://blog.compass-security.com/2020/03/domain-join-computers-the-proper-way/ 388 | - Administrative Tier Model (Archived Article): https://web.archive.org/web/20201210154206/https://docs.microsoft.com/en-us/windows-[…]ivileged-access/securing-privileged-access-reference-material 389 | - Tools 390 | - Sysinternals: https://docs.microsoft.com/en-us/sysinternals/#sysinternals-live 391 | - Sysinternals Direct Download: https://live.sysinternals.com/ 392 | - PowerSploit: https://github.com/PowerShellMafia/PowerSploit 393 | - PowerUpSQL: https://github.com/NetSPI/PowerUpSQL 394 | - Mimikatz: https://github.com/gentilkiwi/mimikatz 395 | - Impacket: https://github.com/SecureAuthCorp/impacket 396 | - Responder: https://github.com/lgandx/Responder 397 | - CrackMapExec: https://github.com/byt3bl33d3r/CrackMapExec 398 | - CredNinja: https://github.com/Raikia/CredNinja 399 | - BloodHound 400 | - Project Page: https://github.com/BloodHoundAD/BloodHound 401 | - Compass Custom BloodHound Queries: https://github.com/CompassSecurity/BloodHoundQueries 402 | - PingCastle 403 | - Project Page: https://www.pingcastle.com/ 404 | - Healthcheck Rules: https://www.pingcastle.com/PingCastleFiles/ad_hc_rules_list.html 405 | - Kerbrute: https://github.com/ropnop/kerbrute 406 | 407 | ### Cloud 408 | 409 | - A Cloud Guru Online Trainings: https://acloudguru.com/ 410 | 411 | ### Container 412 | 413 | - Docker Security 414 | - How Containers Work!, Julia Evans, https://jvns.ca/blog/2020/04/27/new-zine-how-containers-work/ 415 | - Practical Docker Security: https://docs.google.com/presentation/d/1jZkq-osQYOCcpR6gU2V1M7JvM4MsazcgVpvGqOUIh-s/edit#slide=id.g4405d38279_0_218 416 | - Docker.com: Docker Security Concepts: https://docs.docker.com/engine/security/security/ 417 | - Docker Security Blogpost: https://blog.sqreen.com/docker-security/ 418 | - 7 Docker Security Vulnerabilities: https://sysdig.com/blog/7-docker-security-vulnerabilities/ 419 | - Docker.com: Docker Breakout in 2014: https://blog.docker.com/2014/06/docker-container-breakout-proof-of-concept-exploit/ 420 | - Understanding Docker Container Escapes: https://blog.trailofbits.com/2019/07/19/understanding-docker-container-escapes/ 421 | - Docker & Capabilities by RedHat: https://www.redhat.com/en/blog/secure-your-containers-one-weird-trick 422 | - Docker.com: Seccomp: https://docs.docker.com/engine/security/seccomp/ 423 | - Docker Capabilities and no-new-privileges: https://raesene.github.io/blog/2019/06/01/docker-capabilities-and-no-new-privs/ 424 | - Dockerfile Best Practices: https://docs.docker.com/develop/develop-images/dockerfile_best-practices/ 425 | - Dockerfile Security Best Practices: https://cloudberry.engineering/article/dockerfile-security-best-practices/ 426 | - Docker Images 10 Tips: https://snyk.io/blog/10-docker-image-security-best-practices/ 427 | - How to Keep Docker Secrets Secure: Complete Guide: https://spacelift.io/blog/docker-secrets 428 | - Kubernetes 429 | - Bad Pods: Kubernetes Pod Privilege Escalation: https://labs.bishopfox.com/tech-blog/bad-pods-kubernetes-pod-privilege-escalation#pod8 430 | - Talk "Kubernetes from an Attacker's Perspective" by Abhisek Datta: https://www.youtube.com/watch?v=aloi74MH4zk 431 | - Talk "Advanced Persistence Threats: The Future of Kubernetes Attacks" by Ian Coldwater and Ian Coldwater: https://www.youtube.com/watch?v=CH7S5rE3j8w 432 | - Kubernetes Security Jupyter Notebooks: https://github.com/thomasfricke/training-kubernetes-security 433 | 434 | ### Hacking Environments 435 | 436 | - Hack the Box: https://www.hackthebox.eu/ 437 | - Hack the Box Academy: https://academy.hackthebox.eu/ 438 | - PentesterLab: https://pentesterlab.com/ 439 | - Metasploitable: https://sourceforge.net/projects/metasploitable/ 440 | - Root Me: https://www.root-me.org 441 | - VulnHub: https://www.vulnhub.com/ 442 | 443 | ## Social Engineering 🎅 444 | 445 | - Homograph Attacks: https://dev.to/logan/homographs-attack--5a1p 446 | - Tool: https://github.com/evilsocket/ditto 447 | - Example: https://раураӏ.com/ 448 | 449 | ## Mobile Application Security 📱 450 | 451 | ### General 452 | 453 | - Frida Hooking Framework: https://frida.re/ 454 | - Frida Hooks Collection: https://codeshare.frida.re/ 455 | - objection - Runtime Mobile Exploration: https://github.com/sensepost/objection 456 | 457 | ### Android 458 | 459 | - Frida 460 | - Frida Hook Examples: https://github.com/antojoseph/frida-android-hooks 461 | - Frida Code Share: https://codeshare.frida.re/browse 462 | - Frida Code Snippets for Android: https://erev0s.com/blog/frida-code-snippets-for-android/ 463 | - F-Secure Android Keystore Audit 464 | - Blogpost: https://labs.f-secure.com/blog/how-secure-is-your-android-keystore-authentication/ 465 | - GitHub Project: https://github.com/FSecureLABS/android-keystore-audit 466 | 467 | ## Security for Small and medium-sized enterprises (SMEs) 🖖 468 | 469 | - Merkblatt Informationssicherheit für KMUs vom Nationales Zentrum für Cybersicherheit NCSC: https://www.ncsc.admin.ch/dam/ncsc/de/dokumente/infos-unternehmen/ncsc-merkblatt-kmu-sicherheit.pdf.download.pdf/ncsc-merkblatt-kmu-sicherheit_de.pdf 470 | - Generelle Informationen zu Cyber Security für Unternehmen: https://www.ibarry.ch/de/ 471 | - Resourcen von der Polizei Bern: https://www.cyber.police.be.ch/de/start/informationen-fuer-kmu.html insbesondere interessant für euch: 472 | - Cyberdelikte verhindern - Wegleitung für KMU: https://www.cyber.police.be.ch/content/dam/police/dokumente/cyber/d/broschuere-cyberdelikte-verhindern-de.pdf 473 | - Zehn Tipps, um Cyberangriffe zu verhindern: https://www.cyber.police.be.ch/content/dam/police/dokumente/cyber/d/cybercrime-zehn-tipps-de.pdf 474 | - Selbstassessment für die Unternehmensleitung: https://www.cyber.police.be.ch/content/dam/police/dokumente/cyber/d/selbstassessment-de.pdf 475 | - Cyberattacke - wie sich schützen. Checkliste für Unternehmensleitung: https://www.cyber.police.be.ch/content/dam/police/dokumente/cyber/d/checkliste-cyberattacke-unternehmensleitung-de.pdf 476 | - Cyber Security für Kleine und Mittlere Unternehmen: https://www.enisa.europa.eu/publications/enisa-report-cybersecurity-for-smes/@@download/fullReport 477 | -------------------------------------------------------------------------------- /webapplication_security/hydra_demo.md: -------------------------------------------------------------------------------- 1 | # Hydra Demo 2 | 3 | Username enumeration: 4 | ~~~ 5 | # hydra -I -L /usr/share/commix/src/txt/usernames.txt -p test glocken.vm.vuln.land http-get-form "/12001/cookie_case0/auth_cookie0/login:username=^USER^&password=^PASS^:Wrong username" 6 | ~~~ 7 | 8 | Decompress password list: 9 | ~~~ 10 | # gunzip /usr/share/wordlists/rockyou.txt.gz 11 | ~~~ 12 | 13 | Brute force password of user `hacker10`: 14 | ~~~ 15 | # hydra -I -l hacker10 -P /usr/share/wordlists/rockyou.txt glocken.vm.vuln.land http-get-form "/12001/cookie_case0/auth_cookie0/login:username=^USER^&password=^PASS^:Forgot password" 16 | ~~~ 17 | -------------------------------------------------------------------------------- /webapplication_security/xxe_demo.md: -------------------------------------------------------------------------------- 1 | # XXE Demos 2 | 3 | ~~~ 4 | ]> 5 | 6 | ]> 7 | 8 | ]> 9 | 10 | ]> 11 | 12 | ]> 13 | 14 | ]> 15 | 16 | ]> 17 | 18 | ]> 19 | 20 | ]> 21 | 22 | ]> 23 | 24 | ]> 25 | 26 | ]> 27 | 28 | ]> 29 | 30 | ]> 31 | 32 | ]> 33 | 34 | ]> 35 | 36 | ]> 37 | 38 | 39 | ~~~ 40 | --------------------------------------------------------------------------------