Resources

Here’s a list of links that I have found useful during my course of work. This is a work in progress (and will most likely stay so), as I will be updating it regularly. If you have any good resource links, please send them across so we can share it others.

Mail them to wasimhalani [at] gmail [dot] com

VA-PT

Penetration Test
VulnerabilityAssessement.co.uk
Steve Shead Dot Com – Penetration Testing Checklist
ISAAF-Penetration Testing Framework
Introduction to ARP Poison Routing – Oxid.it(SWF)
TCP Tutorial/Primer

DarkOperator’s Meterpreter and Misc. Scripts
ZeroCold’s Meterpreter and Bash Scripts

OWASP-Testing Guide v3
OWASP-Phoenix Tools
PHPCharset Encoder / String Encrypter
Businessinfo – Web Security Applications & Experiments
Advance XSS Knowledge

Password/Hash/Rainbow-tables Cracking

Downloadable Rainbow Tables and Password lists (torrents)
Password List collection – SkullSecurity
Online WPA/Hash/RAR/SHA1 Crackers service (commercial)
Online Hash Crackers

Reverse Engineering

Reddit-ReverseEngineering
IDA Pro-Video Tutorials
Resources by Mubix
Convert Shellcode to x86 Assembly

Exploit Development

Buffer Overflows for Kids
Buffer Overflows for Kids – 2
Writing exploits for Metasploit 3.0
pvefindaddr.py ImmDbg Plugin
Shellcode to JavaScript encoder
Debugging an SEH 0-day – mr_me
Metasploit Exploit Creation: Step-by-step
Windows Stack Based Overflows – Winamp
Overwriting the SEH
The Amazing King – Exploit Development Tutorials
Memory Exploitation Techniques Timeline

Malware Analysis

Lenny Zeltser – Reverse Engineering – Malware Analysis Cheat Sheet
Lenny Zeltser – Reverse Engineering Malware Paper
Resources by Mubix
XORSearch
JSUNPACK – Generic JavaScript Unpacker
Tools for Malicious PDF Analysis

Audit

Active Directory Security Checklist
Windows 2000 Auditing
SQL Server Security Audit Report

Forensics

Online Photo EXIF MetaData Reader
Jeffery’s EXIF Viewer

Advertisements