BYR Achieve · 镜像论坛

Programming/Coding [Bash] Advanced Bash-Scripting Guide – http://tldp.org/LDP/abs/html/ [Bash] Bash shell scripting tutorial – http://steve-parker.org/sh/sh.shtml [Bash] Bourne Shell Reference – http://linuxreviews.org/beginner/bash_GNU_Bourne-Again_SHell_Reference/ [CheatSheet] Scripting Languages: PHP, Perl, Python, Ruby – http://hyperpolyglot.org/scripting Offensive Security’s Pentesting With BackTrack (PWB) Course [Pre-course] Corelan Team – http://www.corelan.be [Pre-course] The Penetration Testing Execution Standard – http://www.pentest-standard.org/index.php/Main_Page [Hash] NTLM Decrypter – http://www.md5decrypter.co.uk/ntlm-decrypt.aspx [Hash] reverse hash search and calculator – http://goog.li http://security.crudtastic.com/?p=213 Tunnelling / Pivoting [Linux] SSH gymnastics with proxychains – http://pauldotcom.com/2010/03/ssh-gymnastics-with-proxychain.html [Windows] Nessus Through SOCKS Through Meterpreter – http://www.digininja.org/blog/nessus_over_sock4a_over_msf.php WarGames / Online Challenges [WarGames] Title – http://securityoverride.com [WarGames] Title – http://intruded.net [Challenge] The Ksplice Pointer Challenge – http://blogs.oracle.com/ksplice/ [WarGames] Title – http://spotthevuln.com [WarGames] Title – http://cvo-lab.blogspot.com/2011/05/iawacs-2011-forensics-challenge.html [WarGames] Title – http://ftp.hackerdom.ru/ctf-images/ Exploit Development (Programs) [Download] Title – http://www.oldapps.com/ [Download] Title – http://www.oldversion.com/ [Download] Title – http://www.exploit-db.com/webapps/ Misc [RSS] Open Penetration Testing Bookmarks Collection – https://code.google.com/p/pentest-bookmarks/downloads/list [ExploitDev] Data mining Backtrack 4 for buffer overflow return addresses – http://insidetrust.blogspot.com/2010/12/data-mining-backtrack-4-for-buffer.html [DIY] Repair a Broken Ethernet Plug – http://www.instructables.com/id/Repair-a-Broken-Ethernet-Plug/step5/Make-its-Head-Thin/ [Desktop] Ubuntu Security – http://ubuntuforums.org/showthread.php?t=510812 [TechHumor] Title – https://www.xkcd.com [TechHumor] Title – http://www.blackhat.com/presentations/bh-europe-05/BH_EU_05-Long.pdf Exploit Development [Guides] Corelan Team – http://www.corelan.be [Guide] From 0×90 to 0x4c454554, a journey into exploitation. – http://myne-us.blogspot.com/2010/08/from-0×90-to-0x4c454554-journey-into.html [Guide] An Introduction to Fuzzing: Using fuzzers (SPIKE) to find vulnerabilities – http://resources.infosecinstitute.com/intro-to-fuzzing/ [Video] TiGa’s Video Tutorial Series on IDA Pro – http://www.woodmann.com/TiGa/idaseries.html [Guide] Advanced Windows Buffer Overflows – http://labs.snort.org/awbo/ [Guide] Stack Based Windows Buffer Overflow Tutorial – http://grey-corner.blogspot.com/2010/01/beginning-stack-based-buffer-overflow.htmlt [Guide] SEH Stack Based Windows Buffer Overflow Tutorial – http://grey-corner.blogspot.com/2010/01/seh-stack-based-windows-buffer-overflow.html [Guide] Windows Buffer Overflow Tutorial: Dealing with Character Translation – http://grey-corner.blogspot.com/2010/01/windows-buffer-overflow-tutorial.html [Guide] Heap Spray Exploit Tutorial: Internet Explorer Use After Free Aurora Vulnerability< – http://grey-corner.blogspot.com/2010/01/heap-spray-exploit-tutorial-internet.html [Guide] Windows Buffer Overflow Tutorial: An Egghunter and a Conditional Jump – http://grey-corner.blogspot.com/2010/02/windows-buffer-overflow-tutorial.html [Linux] Linux exploit development part 1 – Stack overflow. – http://sickness.tor.hu/?p=363 [Linux] Linux Exploit Writing Tutorial Pt 2 – Stack Overflow ASLR bypass Using ret2reg – http://sickness.tor.hu/?p=365 [Linux] Linux exploit development part 3 – ret2libc – http://sickness.tor.hu/?p=368 [Linux] Linux exploit development part 4 – ASCII armor bypass + return-to-plt – http://sickness.tor.hu/?p=378 [TechHumor] Title – https://www.youtube.com/watch?v=klXFqtYR5Mg [TechHumor] Title – http://amolnaik4.blogspot.com/2011/06/exploit-development-with-monapy.html Exploit Development (Case Studies/Walkthroughs) [Web] Finding 0days in Web Applications – http://www.exploit-db.com/finding-0days-in-web-applications/ [Windows] Offensive Security Exploit Weekend – http://www.corelan.be/index.php/2010/11/13/offensive-security-exploit-weekend/ [Windows] From vulnerability to exploit under 5 min – http://0entropy.blogspot.com/2011/02/from-vulnerability-to-exploit-under-5.html Exploit Development (Patch Analysis) [Windows] A deeper look at ms11-058 – http://www.skullsecurity.org/blog/2011/a-deeper-look-at-ms11-058 [Windows] Patch Analysis for MS11-058 – https://community.qualys.com/blogs/securitylabs/2011/08/23/patch-analysis-for-ms11-058 [Windows] CVE-2011-1281: A story of a Windows CSRSS Privilege Escalation vulnerability – http://j00ru.vexillium.org/?p=893 [Mobile] Analyzing and dissecting Android applications for security defects and vulnerabilities – https://www.net-security.org/article.php?id=1613 Exploit Development (Metasploit Wishlist) [ExplotDev] Metasploit Exploits Wishlist ! – http://esploit.blogspot.com/2011/03/metasploit-exploits-wishlist.html [Guide] Porting Exploits To Metasploit Part 1 – http://www.securitytube.net/video/2118 Passwords & Rainbow Tables (WPA) [RSS] Title – http://ob-security.info/?p=475 [RSS] Title – http://nakedsecurity.sophos.com/2011/06/14/the-top-10-passcodes-you-should-never-use-on-your-iphone/ [RSS] Title – http://www.troyhunt.com/2011/06/brief-sony-password-analysis.html [WPA] Offensive Security: WPA Rainbow Tables – http://www.offensive-security.com/wpa-tables/ [Tool] Ultra High Security Password Generator – https://www.grc.com/passwords.htm [Guide] Creating effective dictionaries for password attacks – http://insidetrust.blogspot.com/2010/07/creating-effective-dictionaries-for.html [Leaked] Diccionarios con Passwords de Sitios Expuestos – http://www.dragonjar.org/diccionarios-con-passwords-de-sitios-expuestos.xhtml [Download] Index of / – http://svn.isdpodcast.com/wordlists/ [Guide] Using Wikipedia as brute forcing dictionary – http://lab.lonerunners.net/blog/using-wikipedia-as-brute-forcing-dictionary [Tool] CeWL – Custom Word List generator – http://www.digininja.org/projects/cewl.php [Download] Title – http://www.aircrack-ng.org/doku.php?id=faq#where_can_i_find_good_wordlists [Leaked] Passwords – http://www.skullsecurity.org/wiki/index.php/Passwords Cheat-Sheets [OS] A Sysadmin’s Unixersal Translator – http://bhami.com/rosetta.html [WiFi] WirelessDefence.org’s Wireless Penetration Testing Framework – http://www.wirelessdefence.org/Contents/Wireless%20Pen%20Test%20Framework.html Anti-Virus [Metasploit] Facts and myths about antivirus evasion with Metasploit – http://schierlm.users.sourceforge.net/avevasion.html [Terms] Methods of bypassing Anti-Virus (AV) Detection – NetCat – http://compsec.org/security/index.php/anti-virus/283-anti-virus-central-methods-of-bypassing-anti-virus-av-detection.html Privilege Escalation [Linux] Hacking Linux Part I: Privilege Escalation – http://www.dankalia.com/tutor/01005/0100501004.htm [Windows] Windows 7 UAC whitelist – http://www.pretentiousname.com/misc/win7_uac_whitelist2.html [Windows] Windows Privilege Escalation Part 1: Local Administrator Privileges – http://www.netspi.com/blog/2009/10/05/windows-privilege-escalation-part-1-local-administrator-privileges/ Metasploit [Guide] fxsst.dll persistence: the evil fax machine – http://www.room362.com/blog/2011/6/27/fxsstdll-persistence-the-evil-fax-machine.html [Guide] Bypassing DEP/ASLR in browser exploits with McAfee and Symantec – http://www.scriptjunkie.us/2011/08/custom-payloads-in-metasploit-4/ [Guides] Metasploit Unleashed – http://www.offensive-security.com/metasploit-unleashed/Metasploit_Unleashed_Information_Security_Training [Guides] Metasploit Megaprimer (Exploitation Basics And Need For Metasploit) Part 1 – http://www.securitytube.net/video/1175 Default Generators [WEP] mac2wepkey – Huawei default WEP generator – http://websec.ca/blog/view/mac2wepkey_huawei [WEP] Generator: Attacking SKY default router password – http://sec.jetlib.com/BackTrack_Linux_Forums/2011/01/12/Generator:_Attacking_SKY_default_router_password Statistics [Defacements] Zone-H – http://www.zone-h.org [ExploitKits] CVE Exploit Kit list – http://exploitkit.ex.ohost.de/CVE%20Exploit%20Kit%20List.htm Cross Site Scripting (XSS) [Guide] vbSEO – From XSS to Reverse PHP Shell – http://www.exploit-db.com/vbseo-from-xss-to-reverse-php-shell/ [RSS] Title – http://www.thespanner.co.uk/2009/03/25/xss-rays/ Podcasts [Weekly] PaulDotCom – http://pauldotcom.com/podcast/psw.xml [Monthly] Social-Engineer – http://socialengineer.podbean.com/feed/ Blogs & RSS [RSS] SecManiac – http://www.secmaniac.com [Guides] Carnal0wnage & Attack Research – http://carnal0wnage.attackresearch.com [RSS] Contagio – http://contagiodump.blogspot.com [News] THN : The Hacker News – http://thehackernews.com [News] Packet Storm: Full Disclosure Information Security – http://packetstormsecurity.org [Guides] pentestmonkey | Taking the monkey work out of pentesting – http://pentestmonkey.net [RSS] Darknet – The Darkside | Ethical Hacking, Penetration Testing & Computer Security – http://www.darknet.org.uk [RSS] Irongeek – http://www.irongeek.com [Metasploit] Room 363 – http://www.room362.com [Guides] Question Defense: Technology Answers For Technology Questions – http://www.question-defense.com/ [Guides] stratmofo’s blog – http://securityjuggernaut.blogspot.com [Guides] TheInterW3bs – http://theinterw3bs.com [Guides] consolecowboys – http://console-cowboys.blogspot.com [Guides] A day with Tape – http://adaywithtape.blogspot.com [Guides] Cybexin’s Blog – Network Security Blog – http://cybexin.blogspot.com [RSS] BackTrack Linux – Penetration Testing Distribution – http://www.backtrack-linux.org/feed/ [RSS] Offensive Security – http://www.offensive-security.com/blog/feed/ [RSS] Title – http://www.pentestit.com [RSS] Title – http://michael-coates.blogspot.com [RSS] Title – http://blog.0x0e.org [RSS] Title – http://0×80.org/blog [RSS] Title – http://archangelamael.shell.tor.hu [RSS] Title – http://archangelamael.blogspot.com [RSS] Title – http://www.coresec.org [RSS] Title – http://noobys-journey.blogspot.com [RSS] Title – http://www.get-root.com [RSS] Title – http://www.kislaybhardwaj.com [RSS] Title – https://community.rapid7.com/community/metasploit/blog [RSS] Title – http://mimetus.blogspot.com [RSS] Title – http://hashcrack.blogspot.com [RSS] Title – https://rephraseit.wordpress.com [RSS] Title – http://www.exploit-db.com [RSS] Title – http:/skidspot.blogspot.com [RSS] Title – http://grey-corner.blogspot.com [RSS] Title – http://vishnuvalentino.com [RSS] Title – http://ob-security.info …. Not enough? Try twitter and/or IRC!

一些信息安全站点