Intresting Stuff

We have a lots of things in our browser bookmarks, but we realized that sharing those would be wiser since these things might be interesting for other people as well, so we decided to collect, categorize and maintain them here.

We will try to do regular checks using the W3C Link checker, but if you find a broken link, please report it ASAP so we can fix it! KTHXBYE!

Talks

Paul Asadoorian and John Strand

DerbyCon 2.0 2012 - Offensive Countermeasures: Still trying to bring sexy back
DerbyCon 3.0 2013 - Hacking Back Active Defense And Internet Tough Guys

Raphael Mudge

Bsides Las Vegas 2012 - Force Multipliers for Red Team Operations
DEFCON 20 2012 - Cortana: Rise of the Automated Red Team
Derbycon 3.0 2013 - Browser Pivoting (FU2FA)
ShowMeCon 2014 - Hacking To Get Caught: A Concept For Adversary Replication And Penetration Testing

Tom Steele and Dan Kottmann

Defcon 21 - Collaborative Penetration Testing With Lair
DerbyCon 3.0 2013 - Collaborative Penetration Testing With Lair

Tom Steele

ShmooCon 2013 Firetalks - ShellSquid Distributed Shells With Node

Solomon Sonya, Nick Kulesza

Derbycon 3.0 2013 - Exploiting_the_Zeroth_Hour(); Developing your Advanced Persistent Threat to Pwn the Network

Chris Gates and Joe McCray

Shmoocon Epilogue 2013 - The Evolution of Pentesting High Security Environments

Chris Gates and Mubix “Rob” Fuller

DerbyCon 1.0 2011 - The Dirty Little Secrets They Didn't Teach You In Pentesting Class
DerbyCon 2.0 2012 - Dirty Little Secrets Part 2
DerbyCon 3.0 2013 - Windows Attacks: AT is the new black

Rick Redman

DerbyCon 3.0 2013 - Cracking Corporate Passwords – Exploiting Password Policy Weaknesses

Andrew MacPherson and Roelof Temmingh

Black Hat 2013 - Maltego Tungsten As a Collaborative Attack Platform

Shane Macdougall

DerbyCon 3.0 2013 - Practical Osint



Moxie Marlinspike

Blackhat 2010 - New threats to privacy

Articles and Slides


Defense

Active defense

Active Defense Harbinger Distribution (ADHD) - http://sourceforge.net/projects/adhd/

Project Artillery - https://www.trustedsec.com/downloads/artillery/

HoneyDocs - https://www.honeydocs.com/

Honeywords Project - http://people.csail.mit.edu/rivest/honeywords/

Honeytokens - http://www.symantec.com/connect/articles/honeytokens-other-honeypot
Honeytokens - https://www.auto.tuwien.ac.at/Workshops/dimva05/papers/cenys.pdf

Honeyports - http://pauldotcom.com/2013/08/honeyports-tech-segment-with-p.html

Whitelisting

Whitetrash - http://whitetrash.sourceforge.net/

Penetration testing

Team collaboration tools

Armitage - http://www.fastandeasyhacking.com/

Cobalt Strike - http://www.advancedpentest.com/

Immunity STRATEGIC (CANVAS) - http://www.immunityinc.com/products-strategic.shtml

Splinter - https://github.com/splinterbotnet

Information sharing tools

Dradis - http://dradisframework.org/

Lair - https://github.com/fishnetsecurity/Lair

White Chapel - http://www.room362.com/blog/2013/01/18/intro-to-white-chapel/

Magic Tree - http://www.gremwell.com/what_is_magictree

Information Gathering and Reconnaissance

osintstalker - https://github.com/milo2012/osintstalker

rapportive.py - http://jordan-wright.github.io/blog/2013/10/14/automated-social-engineering-recon-using-rapportive/

Alexa - http://www.alexa.com/
Alexa 1 Million Top-Sites CSV - http://s3.amazonaws.com/alexa-static/top-1m.csv.zip

Scanning and Exploitation

SMBEXEC - https://github.com/pentestgeek/smbexec

Powershell Portscanner - http://webstersprodigy.net/2013/07/01/powershell-portscanner/

Post Exploitation

Post Exploitation Wiki - https://github.com/mubix/post-exploitation-wiki

Poor man's VPN pivoting - http://www.phillips321.co.uk/2013/10/29/poor-mans-vpn-pivot-at-last/

Password Cracking

"Crack Me If You Can" - DEFCON 2010, Korelogic Rules - http://contest-2010.korelogic.com/rules.html

John The Ripper rockyou.chr README - https://www.korelogic.com/Resources/Tools/README-rockyou.txt
John The Ripper rockyou.chr - https://www.korelogic.com/Resources/Tools/rockyou.chr
John The Ripper rockyou-lanman.chr - https://www.korelogic.com/Resources/Tools/rockyou-lanman.chr

Wordlist mode rulesets for use with John the Ripper - http://openwall.info/wiki/john/rules

Free Rainbow Tables - https://www.freerainbowtables.com/

ophcrack - http://ophcrack.sourceforge.net/

Phising

Phishing Frenzy - http://www.pentestgeek.com/2013/11/04/introducing-phishing-frenzy/

Phish5 - https://phish5.com/

Threat Agent - https://www.threatagent.com/

Phishing Simulator - https://secure.tracesecurity.com/index.cfm

Other

Binwalk - https://code.google.com/p/binwalk/

Netzob: Reverse Engineering Communication Protocols - http://www.netzob.org/

Malware


Online checks / sandboxes

VirusTotal - https://www.virustotal.com

Malwr - https://malwr.com/

Cuckoo Sandbox - http://www.cuckoosandbox.org/

HOWTOs

Windows 7 / Kali Dualboot with Full Disk Encryption (FDE) - http://0x776b7364.wordpress.com/2013/06/19/windows-7-kali-dualboot-with-full-disk-encryption-fde/

Reset Local Administrator Password Using A Different Random String On Each Computer And Recover The Passwords Securely - http://www.sans.org/windows-security/2013/08/01/reset-local-administrator-password-automatically-with-a-different-password-across-the-enterprise

IT security / Pentest job interview questions/stuff

Daniel Miessler's blog post - http://www.danielmiessler.com/study/infosec_interview_questions/

Jamie Rougvie's blog - http://jamierougive.co.uk/jobs/interviewing/

Craig Freyman's blog post - http://www.pwnag3.com/2013/12/penetration-testing-interviews-minimum.html

My Information Security Job - http://www.myinfosecjob.com/2010/03/itinformation-security-interview-questions/

Websites

Podcasts

Risky Business - http://risky.biz/

Secure GSM communication

Whispersystems (RedPhone, TextSecure) - https://whispersystems.org/
Abine (DoNotTrachMe, MaskMe) - https://www.abine.com/

Real time honeymaps

HoneyMap - http://map.honeynet.org/
CIRCL map - http://map.circl.lu/
Sicherheitstacho (T-Systems) - http://www.sicherheitstacho.eu/

Blogs/websites of friends/colleges

woFF - http://woff.hu/
NTDSXtract - http://www.ntdsxtract.com/
Soonerorlater - http://www.soonerorlater.hu/
Marcell Major's homepage - http://marcellmajor.com/
Andras Kabai's homepage - http://www.kabaiandras.hu/

Other

Thinkts.com - http://thinkst.com/index.shtml
ConCollector - http://cc.thinkst.com/
Hacker suli - http://hackersuli.appsec.xyz