Here’s a list of links that I have found useful during my course of work. This is a work in progress (and will most likely stay so), as I will be updating it regularly. If you have any good resource links, please send them across so we can share it others.

Mail them to wasimhalani [at] gmail [dot] com


Penetration Test
Steve Shead Dot Com – Penetration Testing Checklist
ISAAF-Penetration Testing Framework
Introduction to ARP Poison Routing –
TCP Tutorial/Primer

DarkOperator’s Meterpreter and Misc. Scripts
ZeroCold’s Meterpreter and Bash Scripts

OWASP-Testing Guide v3
OWASP-Phoenix Tools
PHPCharset Encoder / String Encrypter
Businessinfo – Web Security Applications & Experiments
Advance XSS Knowledge

Password/Hash/Rainbow-tables Cracking

Downloadable Rainbow Tables and Password lists (torrents)
Password List collection – SkullSecurity
Online WPA/Hash/RAR/SHA1 Crackers service (commercial)
Online Hash Crackers

Reverse Engineering

IDA Pro-Video Tutorials
Resources by Mubix
Convert Shellcode to x86 Assembly

Exploit Development

Buffer Overflows for Kids
Buffer Overflows for Kids – 2
Writing exploits for Metasploit 3.0 ImmDbg Plugin
Shellcode to JavaScript encoder
Debugging an SEH 0-day – mr_me
Metasploit Exploit Creation: Step-by-step
Windows Stack Based Overflows – Winamp
Overwriting the SEH
The Amazing King – Exploit Development Tutorials
Memory Exploitation Techniques Timeline

Malware Analysis

Lenny Zeltser – Reverse Engineering – Malware Analysis Cheat Sheet
Lenny Zeltser – Reverse Engineering Malware Paper
Resources by Mubix
JSUNPACK – Generic JavaScript Unpacker
Tools for Malicious PDF Analysis


Active Directory Security Checklist
Windows 2000 Auditing
SQL Server Security Audit Report


Online Photo EXIF MetaData Reader
Jeffery’s EXIF Viewer