InfoSec Resources

We get asked all the time about quality InfoSec content. Here is a list of places that our members love

DC801 Downloads

Dumps:
Coinbase Email Dump (3-31-14)
Mt. Gox Leak

News:
The Hacker News
Packetstorm

Cover your Ass
Learning Opsec – http://www.slideshare.net/grugq/opsec-for-hackers
Private Proxies – http://blueshellgroup.wordpress.com/2013/04/14/creating-a-private-database-of-proxies-part-1/

Pentest
Pentest Bookmarks
What you need to know – http://www.pentesticles.com/2014/05/what-you-need-to-know-to-become.html

Sql Injection
Burp – Sql injection authentication bypass with burp/
W3af – http://w3af.org/howtos/find-cross-site-scripting-and-sql-injections

WebApp Attacks
null byte – http://www.ultsec.com/null-byte-attack.php

Privilege Escalation
Basic Linux Privilege Escalation

Man In The Middle
MiM Scapy
ARP/DNS spoofer – https://github.com/DanMcInerney/LANs.py
Ettercap – http://openmaniak.com/ettercap.php
Blackhat MIN Demos – https://www.blackhat.com/presentations/bh-usa-03/bh-us-03-ornaghi-valleri.pdf

Assembly Language
Introduction into Assembly

Exploit Development
Exploit Training – http://exploit-exercises.com/
Stack Over Flow – http://en.wikipedia.org/wiki/Stack_overflow
Heap Corruption – http://www.efnetcpp.org/wiki/Heap_Corruption
Format String Attacks – https://www.owasp.org/index.php/Format_string_attack
Integer Over Flow – http://en.wikipedia.org/wiki/Integer_overflow
Race Conditions – http://en.wikipedia.org/wiki/Race_condition
TCP/IP Manipulations – http://seclab.cs.sunysb.edu/sekar/papers/netattacks.pdf

ShellCode
Into To Shellcode – http://www.vividmachines.com/shellcode/shellcode.html
Check Sec – http://www.trapkit.de/tools/checksec.html
ShellCode Lib – http://blackhatlibrary.net/Shellcode/Appendix
Shell One Liners – http://www.pantz.org/software/shell/shelloneliners.html
Execute Shell Code using Python – http://www.debasish.in/2012/04/execute-shellcode-using-python.html
Shell Code CTF Lib – http://shell-storm.org/repo/CTF/
Make GDB usable with Peda – http://ropshell.com/peda/Linux_Interactive_Exploit_Development_with_GDB_and_PEDA_Slides.pdf

Reverse Engineering
RE Linux Distro – http://zeltser.com/remnux/
PE Runtime – http://uncomputable.blogspot.com/2013/08/pe-runtime-data-structures-v1.html

Proxy
SSH Through a Squid Proxy

Cryptography
GPG Setup
You Are Bad at Cryptography – http://happybearsoftware.com/you-are-dangerously-bad-at-cryptography.html
Common Openssl Commands – http://www.sslshopper.com/article-most-common-openssl-commands.html

Dictionary Files
Packet Storm Word Lists
Leaked Passwords

Metaspoit
Training – http://www.offensive-security.com/metasploit-unleashed/Main_Page
Persistent Backdoor – http://pentestlab.wordpress.com/2012/03/17/metasploit-persistent-backdoor/

Wireless
Mesh Daemon – http://www.olsr.org/
Fake AP – https://github.com/DanMcInerney/fakeAP
De Auth – http://danmcinerney.org/how-to-kick-everyone-around-you-off-wifi-with-python/

Hardware Hacking
Tesla Coil Explained – http://makezine.com/projects/six-pack-tesla-coil/
Nand Gates to Tetris – http://www.nand2tetris.org/

Forensic
forensicfocus.com images-and-challenges

Capture the Flag Games and Training
http://captf.com/practice-ctf/

Webspidering
Curl HTTP Scripting – http://curl.haxx.se/docs/httpscripting.html
Python Captcha By Pass – http://www.debasish.in/2012/01/bypass-captcha-using-python-and.html

Vulnerability Scanning
Nessus vs Openvas vs Nexpose http://hackertarget.com/nessus-openvas-nexpose-vs-metasploitable/

Sniffing
Python Library for Wireshark – https://code.google.com/p/pyreshark/
Sample Wireshark Capture – http://wiki.wireshark.org/SampleCaptures

Interviewing Help
InfoSec Interview Questions – http://it.toolbox.com/blogs/managing-infosec/interview-questions-for-your-next-security-engineer-18472
Code Interview Questions – http://www.restlessprogrammer.com/2013/09/hacking-coding-interview.html
More Info Sec Intrview Questions – http://danielmiessler.com/study/infosec_interview_questions/
Create a Resume you Latex – http://campbellhennessy.com/2013/07/06/making-your-resume-beautiful-and-maintainable-with-latex/

Lock Picking
Pratice Cuffs – http://www.itstactical.com/store/visible-cutaway-practice-handcuff/
Making Bogota Picks – https://docs.google.com/presentation/d/18rJBRNkRmFLPDa0AlUewwUlW0xo6DgJo4-XAW8RiopI/pub?start=false&loop=false&delayms=3000#slide=id.p

Pranks
CSS Upside down page – https://github.com/wesbos/aprilFools.css#readme

Training
http://opensecuritytraining.info/
https://skills.hackeracademy.com/
http://www.enigmagroup.org/

 

Iptables
http://newartisans.com/2007/09/neat-tricks-with-iptables/
http://www.rasyid.net/2007/10/31/101-links-of-tutorials-tips-tricks-and-scripts-for-iptables/

Online Decoders:
crypto.in.ua

Malware Download:
http://www.offensivecomputing.net

Free Programming Books
https://github.com/vhf/free-programming-books/blob/master/free-programming-books.md#c-1

Podcasts:
Paul’s Security Weekly (It will allways be PaulDotCom to us!)
Risky Business

Wikis:
Blackhat Library

Information Gathering:
namechk.com

Linux
dtrace – https://github.com/dtrace4linux/linux

Programmers Stuff
Competency Matrix to Compare Skill Level – http://sijinjoseph.com/programmer-competency-matrix/

History
Defcon Documentary – https://www.youtube.com/watch?v=JPk6V1xqjcg
TTY Demystified – http://www.linusakesson.net/programming/tty/index.php
Phone Freaks – https://www.youtube.com/watch?v=Y47m1cOyKjA

VPS
$5 a year – http://www.minivps.us/
Sweden Dedicated – http://swedendedicated.com/

Subreddits:
/r/netsec
/r/pwned

Twitter Feeds:
@_defcon_
@thedarktangent”
@metasploit
@hdmoore
@egyp7
@41414141
@mubix
@jeremiahg
@RSnake
@EFF
@mikko
@jack_daniel
@moxie
@ThisIsHNN
@Shadowserver
@SecurityBSides
@phat32
@jaysonstreet
@joswr1ght
@HackingDave
@krypt3ia
@Jhaddix
@kalilinux