API tools faq
paste
Shiva108

THP3 The Hackers Playbook 3 Links

Shiva108
Jun 26th, 2022
182
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Nim 25.15 KB | None | 0 0
raw download clone embed print report
  1. URL References:
  2. - https://www.windowscentral.com/how-permanently-disable-windows-defender-antivirus-windows-10
  3. - https://github.com/cyberspacekittens/Probable-Wordlists/blob/master/Real-Passwords/WPA-Length/Real-Password-WPA-MegaLinks.md
  4. - http://webserver/payload
  5. - https://github.com/EmpireProject/Empire/blob/master/data/module_source/collection/Invoke-NinjaCopy.ps1
  6. - laurent.blogspot.com/2016/10/introducing-responder-multirelay-10.html
  7. - https://github.com/trustedsec/nps_payload
  8. - vpn.loca1host.com
  9. - https://www.fireeye.com/blog/threat-
  10. - 2Fcyberspacekittens.com
  11. - https://www.w3schools.com/tags/ref_eventattributes.asp
  12. - https://github.com/mitre/caldera
  13. - https://lightsail.aws.amazon.com/
  14. - http://blog.portswigger.net/2015/08/server-side-template-injection.html
  15. - https://support.microsoft.com/en-us/help/929650/how-to-use-spns-when-you-
  16. - http://www.fuzzysecurity.com/tutorials/16.html
  17. - https://github.com/trustedsec/social-engineer-toolkit
  18. - https://github.com/BloodHoundAD/BloodHound/tree/master/Ingestors
  19. - https://github.com/breenmachine/httpscreenshot
  20. - lethalsecurity.com
  21. - https://www.vulnerability-
  22. - https://github.com/cyberspacekittens/metasploit-framework/commit/cdef390344930b308d48907030ec2b87cdb07029#diff-025d24bfdd78aa27353572d067da50b3L260
  23. - https://imagetragick.com/
  24. - https://shop.riftrecon.com/products/under-the-door-tool
  25. - a0.awsstatic.com
  26. - https://mail.cyberspacekittens.com/owa/auth/logon.aspx
  27. - https://buer.haus/breport/index.php
  28. - https://blog.kchung.co/rfid-
  29. - http://thehackerplaybook.com/training/
  30. - https://github.com/lukebaggett/dnscat2-powershell
  31. - http://chat:3000/ssrf
  32. - https://github.com/luin/serialize/search?utf8=%E2%9C%93&q=eval&type=
  33. - https://blog.christophetd.fr/abusing-aws-metadata-service-using-ssrf-vulnerabilities/
  34. - https://github.com/cyberspacekittens/password_cracking_rules
  35. - https://docs.google.com/spreadsheets/d/1H9_xaxQHpWaa4O_Son4Gx0YOIzlcBWMsdvePFX68EKU/edit#gid=361554658
  36. - https://github.com/FuzzySecurity/PSKernel-Primitives/tree/master/Sample-
  37. - https://github.com/anshumanbh/git-all-secrets
  38. - https://www.social-engineer.org/wp-content/uploads/2017/11/SECTF-2017.pdf
  39. - http://hackerwarehouse.com/product/proxmark3-rdv2-kit/
  40. - https://gist.githubusercontent.com/cheetz/4d6a26bb122a942592ab9ac21894e57b/raw/f58e82c9abfa46a932eb92edbe6b18214141439b/all.txt
  41. - https://github.com/thealpiste/C_ReverseHTTPS_Shellcode
  42. - https://www.owasp.org/images/3/3c/OWASP_Top_10_-_2017_Release_Candidate1_English.pdf
  43. - http://mirrors.jenkins.io/war-stable/1.651.2/
  44. - https://github.com/Coalfire-Research/Red-Baron
  45. - https://github.com/cheetz/sslScrape
  46. - https://www.us-cert.gov/ncas/alerts/TA13-088A
  47. - https://sensepost.com/blog/2017/macro-less-code-exec-in-msword/
  48. - https://github.com/robertdavidgraham/masscan
  49. - https://www.rootusers.com/how-to-install-iis-in-windows-server-2016/
  50. - https://bugs.chromium.org/p/project-zero/issues/detail?id=1428
  51. - https://github.com/0xsobky/HackVault/wiki/Unleashing-an-Ultimate-XSS-Polyglot
  52. - https://github.com/tennc/webshell
  53. - https://github.com/cheetz/dnscat2/tree/master/server/controller
  54. - http://www.harmj0y.net/blog/empire/empire-1-5/
  55. - https://msdn.microsoft.com/en-
  56. - https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
  57. - pipl.com
  58. - mail.google.com
  59. - https://technet.microsoft.com/en-
  60. - Censys.io
  61. - https://serverfault.com/questions/356123/how-to-allow-just-one-user-to-login-in-special-computer-in-server-2003
  62. - testlab.company.com
  63. - https://github.com/cheetz/THP-ChatSupportSystem/blog/master/lab.txt
  64. - https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/smb/ms17_010_eternalblue.rb
  65. - https://www.youtube.com/watch
  66. - https://www.n00py.io/2017/01/compromising-jenkins-and-extracting-credentials/
  67. - https://github.com/rsmudge/Malleable-C2-Profiles/blob/master/normal/amazon.profile
  68. - https://www.eff.org/pages/legal-assistance
  69. - https://gist.githubusercontent.com/scumjr/17d91f20f73157c722ba2aea702985d2/raw/a37178567ca7b816a5c6f891080770feca5c74d7/dirtycow-mem.c
  70. - https://www.us-cert.gov/ncas/alerts/TA18-086A
  71. - https://blog.cobaltstrike.com/2017/02/06/high-reputation-redirectors-and-domain-fronting/
  72. - https://github.com/rapid7/metasploit-framework/wiki/Setting-Up-a-
  73. - https://www.mdsec.co.uk/2018/03/payload-generation-using-
  74. - https://github.com/FuzzySecurity/PowerShell-Suite/blob/master/Invoke-MS16-032.ps1
  75. - https://github.com/hashcat/hashcat-utils/releases
  76. - https://medium.com/@Ne0nd0g/introducing-merlin-645da3c635a#df21
  77. - https://www.virustotal.com/#/file/e13d0e84fa8320e310537c7fdc4619170bfdb20214baaee13daad90a175c13c0/detection
  78. - http://chat:3000/xss
  79. - thehackerplaybook.com/updates
  80. - https://en.wikipedia.org/wiki/Immediately-invoked_function_expression
  81. - https://enigma0x3.net/2017/09/11/lateral-movement-using-excel-application-
  82. - https://github.com/danielmiessler/SecLists/tree/master/Discovery/Web-Content
  83. - https://github.com/cheetz/hidemyps
  84. - https://blogs.technet.microsoft.com/canitpro/2017/02/22/step-by-step-setting-up-active-directory-in-windows-server-2016/
  85. - https://github.com/danielbohannon/Invoke-Obfuscation
  86. - https://www.cyberark.com/threat-research-blog/red-team-insights-https-domain-fronting-google-hosts-using-cobalt-strike/
  87. - https://www.arin.net/
  88. - https://www.trustwave.com/Resources/SpiderLabs-Blog/Simplifying-Password-Spraying/
  89. - https://github.com/EmpireProject/Empire
  90. - https://github.com/rebootuser/LinEnum
  91. - http://sqlmap.org/
  92. - https://rileykidd.com/2017/08/03/application-whitelist-bypass-
  93. - https://wiki.skullsecurity.org/Passwords
  94. - https://github.com/ChrisTruncer/EyeWitness
  95. - https://github.com/samratashok/nishang/blob/master/Shells/Invoke-PowerShellIcmp.ps1
  96. - https://thehackernews.com/2017/12/data-
  97. - https://github.com/blechschmidt/massdns
  98. - https://medium.com/@mirkatson/running-metasploit-on-kali-linux-docker-aws-ec2-instance-a2f7d7310b2b
  99. - https://github.com/bluscreenofjeff/AggressorScripts/blob/master/mimikatz-every-30m.cna
  100. - https://github.com/leechristensen/Random/blob/master/CSharp/DisablePSLogging.cs
  101. - http://getgophish.com/documentation/
  102. - https://github.com/mdsecactivebreach/SharpShooter
  103. - https://enigma0x3.net/2017/01/23/lateral-movement-via-dcom-round-2/
  104. - https://nakedsecurity.sophos.com/2013/11/04/anatomy-of-a-password-
  105. - n.name
  106. - https://bugs.chromium.org/p/project-zero/issues/list
  107. - https://snyk.io/test/npm/node-serialize
  108. - http://chat:3000/ti
  109. - https://github.com/Ne0nd0g/merlin
  110. - https://github.com/hashcat/hashcat/tree/master/rules
  111. - https://github.com/harleyQu1nn/AggressorScripts
  112. - https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Exfiltration/Invoke-Mimikatz.ps1
  113. - https://www.esecurityplanet.com/network-security/unpatched-open-source-software-flaw-blamed-for-massive-equifax-breach.html
  114. - https://powersploit.readthedocs.io/en/latest/Recon/Invoke-
  115. - https://github.com/GreatSCT/GreatSCT/tree/develop
  116. - https://inteltechniques.com/OSINT/pastebins.html
  117. - https://i.imgur.com/FdtLoFI.jpg
  118. - https://github.com/nccgroup/demiguise
  119. - https://www.rootusers.com/how-to-install-iis-in-windows-server-2016/
  120. - http://security.debian.org/debian-
  121. - https://github.com/christophetd/censys-subdomain-finder
  122. - msg.name
  123. - https://github.com/lgandx/Responder.git
  124. - https://github.com/frohoff/ysoserial
  125. - SkullSecurity.org
  126. - https://www.offensive-security.com/metasploit-unleashed/fun-incognito/
  127. - https://nakedsecurity.sophos.com/2012/02/20/jail-facebook-ethical-hacker/
  128. - https://github.com/cheetz/thpDropper.git
  129. - http://thehackerplaybook.com/get.php?type=XXE-vm
  130. - https://msdn.microsoft.com/en-us/library/windows/desktop/dd375731(v=vs.85).aspx
  131. - http://thehackerplaybook.com/get.php?type=csk-web
  132. - https://enigma0x3.net/2017/01/23/lateral-movement-via-
  133. - https://room362.com/post/2017/dump-laps-passwords-with-
  134. - http://www.pentest-standard.org
  135. - http://cyberspacekittens.com
  136. - https://github.com/rapid7/metasploit-
  137. - https://opsecx.com/index.php/2017/02/08/exploiting-node-js-deserialization-
  138. - https://centralops.net/co/domaindossier.aspx
  139. - https://www.blackhillsinfosec.com/evade-application-whitelisting-
  140. - http://ubm.io/2GI5EAq
  141. - https://github.com/leebaird/discover
  142. - http://www.ubuntuboss.com/how-to-install-openvpn-access-server-on-ubuntu-
  143. - https://crackstation.net/files/crackstation.txt.gz
  144. - https://enigma0x3.net/2017/01/05/lateral-movement-using-the-mmc20-application-com-object/
  145. - https://www.youtube.com/watch?v=vxXLJSbx1SI
  146. - https://github.com/bluscreenofjeff/Malleable-C2-Randomizer
  147. - https://www.shellntel.com/blog/2016/9/13/luckystrike-a-database-backed-evil-macro-generator
  148. - https://github.com/cyberspacekittens/nsa-rules
  149. - https://en.wikipedia.org/wiki/String_interpolation
  150. - https://github.com/rapid7/metasploit-framework/blob/master/modules/post/windows/gather/local_admin_search_enum.rb
  151. - http://thehackerplaybook.com/get.php?type=csk-lab
  152. - https://msdn.microsoft.com/en-us/library/windows/desktop/ms741563(v=vs.85).aspx
  153. - https://github.com/rsmudge/Malleable-C2-Profiles
  154. - https://github.com/api0cradle/UltimateAppLockerByPassList
  155. - https://github.com/tanprathan/OWASP-Testing-Checklist
  156. - https://github.com/EmpireProject/Empire/blob/master/data/module_source/credentials/Invoke-Mimikatz.ps1
  157. - https://github.com/nahamsec/HostileSubBruteforcer
  158. - https://support.microsoft.com/en-us/help/324737/how-to-turn-on-automatic-
  159. - 2fmail.cyberspacekittens.com
  160. - https://github.com/epinna/tplmap
  161. - http://chat:3000/serverStatus?text=1
  162. - http://www.piotrbania.com/all/kon-
  163. - https://www.microsoft.com/en-us/download/details.aspx?id=41653
  164. - http://ubm.io/2ECTYSi
  165. - docs.google.com
  166. - https://github.com/danielmiessler/SecLists/blob/master/Fuzzing/XXE-
  167. - https://github.com/cheetz/ceylogger/blob/master/callback
  168. - https://support.microsoft.com/en-us/help/929650/how-to-use-spns-when-you-configure-web-applications-that-are-hosted-on
  169. - https://hackerone.com/reports/128088
  170. - https://github.com/cheetz/ceylogger/blob/master/version3/version_3.c#L197-L241
  171. - https://www.southord.com/
  172. - mailcyberspacekittens.com
  173. - http://releases.llvm.org/download.html
  174. - www.amazon.com
  175. - https://www.virustotal.com/#/file/e13d0e84fa8320e310537c7fdc4619170bfdb20214baaee13daad90a175c13c0/detection
  176. - https://github.com/hak5/bashbunny-payloads.git
  177. - https://censys.io/
  178. - https://github.com/0xsobky/HackVault/wiki/Unleashing-an-Ultimate-XSS-Polyglot
  179. - https://html5sec.org/
  180. - http://chat:3000/chatchannel/1
  181. - https://buer.haus/2017/03/09/airbnb-chaining-third-party-open-redirect-into-server-side-request-forgery-ssrf-via-liveperson-chat/
  182. - https://amzn.to/2ItaySR
  183. - https://github.com/Cn33liz/p0wnedShell
  184. - https://support.microsoft.com/en-us/help/324737/how-to-turn-on-automatic-logon-in-windows
  185. - https://github.com/s0lst1c3/eaphammer
  186. - https://bitrot.sh/post/30-11-2017-
  187. - company.com
  188. - https://www.virustotal.com/#/file/4f7e3e32f50171fa527cd1e53d33cc08ab85e7a945cf0c0fcc978ea62a44a62d/detection
  189. - https://blog.cobaltstrike.com/2016/09/28/cobalt-strike-rce-active-exploitation-reported/
  190. - https://www.synack.com/red-
  191. - https://bluescreenofjeff.com/2018-04-12-https-payload-and-c2-redirectors/
  192. - https://www.bleepingcomputer.com/news/security/52-percent-of-all-javascript-npm-
  193. - meetup.com
  194. - https://hashcat.net/wiki/doku.php
  195. - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5941
  196. - https://xsshunter.com
  197. - https://www.lockpickshop.com/GATE-BYPASS.html
  198. - https://github.com/cyberspacekittens/metasploit-framework/commit/cdef390344930b308d48907030ec2b87cdb07029
  199. - https://hashes.org/left.php
  200. - https://github.com/foospidy/payloads/tree/master/other/xss
  201. - https://github.com/gentilkiwi/mimikatz
  202. - https://medium.com/@vysec.private/alibaba-cdn-domain-fronting-1c0754fa0142
  203. - https://github.com/Pepitoh/VBad
  204. - https://gist.github.com/enigma0x3/8d0cabdb8d49084cdcf03ad89454798b
  205. - https://trick77.com/how-to-set-up-transparent-vpn-internet-gateway-tunnel-
  206. - mechanicus.com/codex/hashpass/hashpass.php
  207. - https://medium.com/@iraklis/running-hashcat-
  208. - https://github.com/porterhau5/BloodHound-Owned
  209. - https://medium.com/@tomac/a-15-openwrt-based-diy-pen-test-dropbox-
  210. - https://www.virustotal.com/#/file/8032c4fe2a59571daa83b6e2db09ff2eba66fd299633b173b6e372fe762255b7/detection
  211. - http://webserver/payload.hta
  212. - http://the.earth.li/~sgtatham/putty/latest/x86/putty.exe
  213. - https://github.com/digininja/pipal
  214. - https://www.digitalocean.com/products/compute
  215. - https://wald0.com/?p=112
  216. - https://github.com/sensepost/ruler
  217. - https://www.hak5.org/gear/packet-squirrel/docs
  218. - https://samy.pl/poisontap/
  219. - http://www.rapid7.com/db/modules/post/windows/manage/priv_migrate
  220. - https://nodejs.org/en/
  221. - https://github.com/cyberspacekittens/Hob0Rules
  222. - http://php.net/manual/en/wrappers.php.php
  223. - https://www.fireeye.com/blog/threat-research/2017/03/apt29_domain_frontin.html
  224. - http://contest-
  225. - https://github.com/EmpireProject/Empire/blob/master/data/module_source/situational_awareness/network/powerview.ps1
  226. - https://blog.websecurify.com/2014/08/hacking-nodejs-and-
  227. - Bit.ly
  228. - http://swupdate.openvpn.org/as/openvpn-as-
  229. - mail.cyberspacekittens.com
  230. - https://github.com/rapid7/metasploit-payloads/tree/master/c/meterpreter
  231. - www.owasp.org/index.php/Testing_for_NoSQL_injection
  232. - https://www.youtube.com/watch?v=dQw4w9WgXcQ
  233. - https://bneg.io/2017/07/26/empire-without-powershell-exe/
  234. - https://gist.github.com/jgamblin/7d64a284e5291a444e12c16daebc81e0
  235. - https://github.com/EmpireProject/Empire/blob/master/data/module_source/credentials/Invoke-Kerberoast.ps1
  236. - https://github.com/cheetz/ceylogger/blob/master/skeleton
  237. - http://chat:3000/hacked.txt
  238. - https://github.com/PowerShell/PowerShell/releases/download/v6.0.2/powershell_6.0.2-
  239. - https://github.com/trustedsec/ptf
  240. - https://github.com/OJ/gobuster
  241. - cnn.com
  242. - https://gist.github.com/staaldraad/01415b990939494879b4
  243. - https://github.com/pentestgeek/phishing-frenzy
  244. - lab.com/list-of-bug-bounty-programs.php
  245. - https://nmap.org/nsedoc/scripts/smb-security-mode.html
  246. - http://beefproject.com/
  247. - www.google.com
  248. - http://ubr.to/2hIO2tZ
  249. - cyberspacekittens.com
  250. - https://helpdeskgeek.com/how-to/windows-join-domain/
  251. - http://www.nvidia.com/object/tesla-servers.html
  252. - https://www.hackerone.com
  253. - https://aws.amazon.com/service-terms/
  254. - www.msdn.microsoft.com
  255. - https://raw.githubusercontent.com/cyberspacekittens/XSS/master/XSS2.png
  256. - https://github.com/rapid7/metasploit-framework/blob/master/modules/post/windows/gather/smart_hashdump.rb
  257. - socket.io
  258. - https://ip-ranges.amazonaws.com/ip-ranges.json
  259. - https://github.com/PowerShellMafia/PowerSploit/tree/master/Recon
  260. - https://msdn.microsoft.com/en-us/library/windows/desktop/ms644990(v=vs.85).aspx
  261. - https://stackoverflow.com/questions/3871729/transmitting-newline-character-n
  262. - https://github.com/cyberspacekittens/bloodhound
  263. - http://chat:3000/directmessage
  264. - https://github.com/GreatSCT/GreatSCT
  265. - https://github.com/DhavalKapil/icmptunnel
  266. - https://portswigger.net/burp
  267. - https://github.com/bbb31/slurp
  268. - https://pugjs.org/language/interpolation.html
  269. - https://expressjs.com/
  270. - https://room362.com/post/2016/snagging-creds-from-locked-machines/
  271. - https://www.forbes.com/sites/thomasbrewster/2015/12/17/facebook-
  272. - https://github.com/ustayready/CredSniper
  273. - CTFTime.org
  274. - http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu55_55.1-
  275. - https://github.com/cyberspacekittens/metasploit-payloads/tree/master/c/x64_defender_bypass
  276. - http://g-
  277. - https://hashcat.net/wiki/doku.php?id=example_hashes
  278. - https://github.com/Kevin-
  279. - http://thehackerplaybook.com/subscribe/
  280. - https://wappalyzer.com/
  281. - Hashes.org
  282. - https://github.com/cyberspacekittens/metasploit-framework
  283. - shell-storm.org
  284. - http://thehackerplaybook.com/get.php?type=THP-vm
  285. - http://chat:3000/accounts.txt
  286. - https://dirtycow.ninja/
  287. - https://artkond.com/2017/03/23/pivoting-guide/#vpn-over-ssh
  288. - https://github.com/rapid7/metasploitable3
  289. - https://blog.websecurify.com/2017/02/hacking-node-serialize.html
  290. - https://www.esecurityplanet.com/network-security/almost-a-third-of-all-u.s.-businesses-
  291. - https://github.com/porterhau5/BloodHound-
  292. - https://msdn.microsoft.com/en-us/library/windows/desktop/ms648774(v=vs.85).aspx
  293. - https://github.com/cheetz/ceylogger/blob/master/version3/version_3.c#L197-L241
  294. - https://pugjs.org/
  295. - https://openvpn.net/index.php/access-server/download-openvpn-
  296. - https://en.wikipedia.org/wiki/Sony_Pictures_hack
  297. - https://bohops.com/2018/03/10/leveraging-inf-sct-fetch-execute-
  298. - https://github.com/cyberspacekittens/metasploit-payloads
  299. - https://www.virustotal.com/#/file/4f7e3e32f50171fa527cd1e53d33cc08ab85e7a945cf0c0fcc978ea62a44a62d/detection
  300. - http://thehackerplaybook.com/get.php?type=THP-password
  301. - https://github.com/hak5/bashbunny-
  302. - https://github.com/Plazmaz/Sublist3r
  303. - 2010.korelogic.com/rules.html
  304. - https://github.com/GreatSCT/GreatSCT.git
  305. - https://github.com/EmpireProject/Empire/blob/master/data/module_source/trollsploit/Get-
  306. - http://threat.tevora.com/quick-tip-skip-cracking-responder-hashes-and-replay-
  307. - https://github.com/samratashok/nishang
  308. - https://github.com/putterpanda/mimikittenz
  309. - https://builtwith.com/
  310. - http://test.cyberspacekittens.com
  311. - https://github.com/harleyQu1nn/AggressorScripts
  312. - https://github.com/secretsquirrel/the-backdoor-factory
  313. - https://www.lockpickshop.com/SJ-50.html
  314. - http://psbdmp.ws/
  315. - https://thesprawl.org/projects/pack/
  316. - http://www.sixdub.net/?p=555
  317. - https://bashbunny.com/downloads
  318. - https://arno0x0x.wordpress.com/2017/11/20/windows-oneliners-to-download-
  319. - cyberspacekittens.s3.amazonaws.com
  320. - https://github.com/danielmiessler/SecLists/tree/master/Discovery/DNS
  321. - https://github.com/danielbohannon/Invoke-CradleCrafter
  322. - https://www.powershellempire.com/?page_id=273
  323. - https://labs.detectify.com/2017/07/13/a-deep-dive-into-aws-s3-access-
  324. - http://flaws.cloud/
  325. - https://support.microsoft.com/en-us/help/2871997/microsoft-security-advisory-update-to-improve-credentials-protection-a
  326. - http://www.agarri.fr/docs/AppSecEU15-
  327. - https://github.com/EmpireProject/Empire/blob/master/data/module_source/privesc/PowerUp.ps1
  328. - https://posts.specterops.io/introducing-the-adversary-resilience-methodology-part-two-279a1ed7863d
  329. - https://github.com/cheetz/jenkins-decrypt
  330. - https://github.com/cyberspacekittens/SecLists
  331. - https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents
  332. - http://chat:3000/nosql2
  333. - SMBExec.ps
  334. - https://github.com/luin/serialize
  335. - http://192.168.10.2-254
  336. - https://bugcrowd.com/programs
  337. - https://labs.detectify.com/2017/07/13/a-deep-dive-into-aws-s3-access-controls-taking-full-control-over-your-assets/
  338. - https://raw.githubusercontent.com/cheetz/dirtycow/master/THP-Lab
  339. - https://gist.github.com/rain-
  340. - https://www.virustotal.com/#/file/8032c4fe2a59571daa83b6e2db09ff2eba66fd299633b173b6e372fe762255b7/detection
  341. - https://github.com/securestate/king-phisher
  342. - https://github.com/redcanaryco/atomic-red-team/blob/master/Windows/README.md
  343. - https://amzn.to/2I6lSry
  344. - https://github.com/s0lst1c3/eaphammer#iv–indirect-wireless-
  345. - http://chat:3000/ti?user=*&comment=asdfasdf&link=
  346. - https://github.com/cheetz/generateJenkinsExploit
  347. - https://github.com/cheetz/generateJenkinsExploit
  348. - https://github.com/iagox86/dnscat2
  349. - lanturtle.com
  350. - https://medium.com/@clong/introducing-detection-lab-61db34bed6ae
  351. - https://github.com/BloodHoundAD/BloodHound
  352. - https://cloud.google.com/compute/docs/faq#ipranges
  353. - https://github.com/cyberspacekittens/Probable-Wordlists/tree/master/Dictionary-Style
  354. - meetup.com/lethal
  355. - https://github.com/bluscreenofjeff/AggressorScripts
  356. - http://chat:3000
  357. - http://webserver/payload.b64
  358. - https://github.com/iagox86/dnscat2.git
  359. - https://github.com/s0lst1c3/eaphammer#iii–stealing-ad-credentials-using-hostile-portal-
  360. - https://github.com/CoreSecurity/impacket.git
  361. - https://blog.cptjesus.com/posts/introtocypher
  362. - https://aws.amazon.com/s/dm/optimization/server-side-
  363. - loca1host.com
  364. - https://www.abatchy.com/2017/05/introduction-to-manual-
  365. - https://github.com/eladshamir/Internal-Monologue
  366. - http://10.100.100.9/malware.payload
  367. - https://github.com/brannondorsey/PassGAN
  368. - https://github.com/JordyZomer/autoSubTakeover
  369. - github.com
  370. - http://gnuwin32.sourceforge.net/packages/make.htm
  371. - https://github.com/jamesbarlow/icmptunnel
  372. - https://github.com/clong/DetectionLab
  373. - https://www.cybereason.com/blog/dcom-lateral-movement-techniques
  374. - Microsoft.NET
  375. - http://chat:3000/
  376. - http://www.adeptus-
  377. - https://www.cyberscoop.com/dji-bug-bounty-drone-technology-sean-melia-
  378. - https://sensepost.com/blog/2017/outlook-forms-and-shells/
  379. - https://github.com/cheetz/brutescrape
  380. - http://hashcat.net/wiki/doku.php?id=example_hashes
  381. - https://github.com/bhdresh/CVE-2017-0199
  382. - https://github.com/PowerShellEmpire/PowerTools/tree/master/PowerPick
  383. - https://github.com/cheetz/THP-ChatSupportSystem/blob/master/lab.txt
  384. - http://pages.ebay.com/securitycenter/Researchers.html
  385. - https://github.com/mzet-/linux-exploit-
  386. - http://contest-2010.korelogic.com/rules-hashcat.html
  387. - https://github.com/SpiderLabs/portia
  388. - https://github.com/decoder-it/psgetsystem
  389. - https://www.mdsec.co.uk/2018/03/payload-generation-using-sharpshooter/
  390. - https://downloads.pwnedpasswords.com/passwords/pwned-passwords-
  391. - testlab.s3.amazonaws.com
  392. - https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/NoSQL%20injection
  393. - https://weakpass.com/wordlist
  394. - https://github.com/RhinoSecurityLabs/Security-Research/blob/master/tools/ms-office/subdoc-injector/subdoc_injector.py
  395. - attacker.com
  396. - git-scm.com
  397. - http://code.gerade.org/hans/
  398. - https://www.youtube.com/watch?v=Aatp5gCskvk
  399. - https://krebsonsecurity.com/2018/04/panerabread-com-leaks-millions-of-customer-records/
  400. - http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-
  401. - meetup.com/LETHAL
  402. - https://www.wifipineapple.com/pages/nano
  403. - https://msdn.microsoft.com/en-us/library/windows/desktop/ms644974(v=vs.85).aspx
  404. - https://chrome.google.com/webstore/detail/retirejs/moibopkbhjceeedibkbkbchbjnkadmom
  405. - http://www.jsfuck.com/
  406. - https://github.com/IVMachiavelli/OSINT_Team_Links
  407. - https://github.com/cheetz/THP-
  408. - https://github.com/TheRook/subbrute
  409. - https://github.com/cyberspacekittens/dnscat2
  410. - https://github.com/curi0usJack/luckystrike
  411. - https://www.npmjs.com/package/qs
  412. - http://www.xss-payloads.com/payloads-list.html
  413. - https://github.com/peewpw/Invoke-
  414. - https://github.com/lgandx/Responder
  415. - https://www.cobaltstrike.com/aggressor-script/index.html
  416. - https://raw.githubusercontent.com/nidem/kerberoast/master/GetUserSPNs.ps1
  417. - Exploit.In
  418. - http://osintframework.com/
  419. - https://lightsail.aws.amazon.com
  420. - https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet
  421. - http://insecure.org/search.html?q=privilege%20escalation
  422. - https://www.hak5.org/episodes/hak5-1921-access-internal-networks-with-
  423. - https://github.com/derv82/wifite2
  424. - http://webserver/payload.sct
  425. - https://github.com/samratashok/nishang/blob/master/Gather/Get-
  426. - https://github.com/Varbaek/xsser
  427. - https://github.com/Narcolapser/python-o365#email
  428. - https://github.com/cheetz/ceylogger/tree/master/version1
  429. - https://github.com/cheetz/ceylogger/tree/master/version2
  430. - https://github.com/cheetz/ceylogger/tree/master/version3
  431. - https://pugjs.org/language/code.html
  432. - http://chat:3000/nosql
  433. - https://xsshunter.com/app
  434. - https://hackerone.com/reports/121461
  435. - https://github.com/leostat/rtfm
  436. - https://www.shodan.io
  437. - https://www.cobaltstrike.com/help-smb-beacon
  438. - https://www.cobaltstrike.com/help-smb-
  439. - https://www.usenix.org/conference/usenixsecurity16/technical-
  440. - https://github.com/mdsecactivebreach/CACTUSTORCH
  441. - https://github.com/guelfoweb/knock/blob/4.1/knockpy/wordlist/wordlist.txt
  442. - https://github.com/cyberspacekittens/ReflectiveDLLInjection/commit/33d1e515124966661a754b02a15c1469621637ae
  443. - https://pugjs.org/language/code.html#unescaped-buffered-code
  444. - https://github.com/kgretzky/evilginx
  445. - https://github.com/hak5/bashbunny-payloads/tree/master/payloads/library
  446. - https://rhinosecuritylabs.com/research/abusing-microsoft-word-features-phishing-
  447. - https://github.com/trustedsec/unicorn
  448. - https://hakshop.com/collections/usb-rubber-ducky
  449. - testlab.s3.amazon.com
  450. - https://www2.fireeye.com/rs/848-DID-
  451. - https://github.com/nettitude/PoshC2
  452. - https://github.com/Arno0x/EmbedInHTML
  453. - https://github.com/sekirkity/BrowserGather
  454. - https://haiderm.com/fully-undetectable-backdooring-pe-file/#Code_Caves
  455. - https://hawkinsecurity.com/2017/12/13/rce-via-spring-engine-ssti/
  456. - www.SecurePla.net
  457. - https://porterhau5.com/blog/extending-bloodhound-track-and-visualize-
  458. - Lightsail.aws.amazon.com
  459. - https://msdn.microsoft.com/en-us/library/windows/desktop/ms644985(v=vs.85).aspx
  460. - https://www.youtube.com/watch?v=b7qr0laM8kA
  461. - https://github.com/huntergregal/mimipenguin
  462. - https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1
  463. - ns1.loca1host.com
  464. - https://portswigger.net/bappstore/21df56baa03d499c8439018fe075d3d7
  465. - https://github.com/fireeye/SessionGopher
  466. - www.meetup.com/LETHAL
  467. - https://github.com/cyberspacekittens/metasploit-payloads/commit/227832554737f7c3ffd675571fede449ac714137
  468. - https://digi.ninja/files/bucket_finder_1.1.tar.bz2
  469. - https://blog.cobaltstrike.com/2014/01/14/cloud-based-redirectors-for-distributed-hacking/
  470. - https://blogs.technet.microsoft.com/canitpro/2017/02/22/step-by-
  471. - ns2.loca1host.com
  472. - https://pentestlab.blog/2017/05/11/applocker-bypass-regsvr32/
  473.  
  474. PDF References:
  475. - https://www.owasp.org/images/1/19/OTGv4.pdf
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!