General Infosec

Training/CTF/Challenges Resources

• Resources, cheatsheets etc about EVERYTHING (https://github.com/trimstray/the-book-of-secret-knowledge)

• Burp Suite: In Depth Survival Guide (Udemy course) (https://www.udemy.com/course/burp-suite-in-depth-survival-guide/)

• TheBlackSide, challenges / CTF (https://theblackside.fr/)

• HackTheBox video WU (https://ippsec.rocks/#)

• CyberDefenders (Blueteam challenges) (https://cyberdefenders.org/)

• CyberSoc Wales (OSINT challenges) (https://investigator.cybersoc.wales)

• BTLO (Blue Team Labs Online) (https://blueteamlabs.online/login)

• Hacktoria (Realists and complex OSINT challenges) (https://hacktoria.com/)

Network & Pentest

• Network Pivoting (https://orangecyberdefense.com/fr/insights/blog/ethical_hacking/etat-de-lart-du-pivoting-reseau-en-2019/)
• Remote Access Cheatsheet (https://dolosgroup.io/blog/remote-access-cheat-sheet)
• Many Reverse Shells (https://alamot.github.io/reverse_shells/)
• Shad0w C2 (https://github.com/bats3c/shad0w)

Passcracking, Worlists & Passwords

• Kaonashi worlists and rules (https://github.com/kaonashi-passwords/Kaonashi)
• One rule to rule them all (https://www.notsosecure.com/one-rule-to-rule-them-all/)
• Common French Passwords (https://github.com/tarraschk/richelieu)
• Rockyou (https://github.com/brannondorsey/naive-hashcat/releases/download/data/rockyou.txt)
• Passwords Wordlists (https://weakpass.com/)
• Several Wordlists types (https://github.com/berzerk0/Probable-Wordlists)
• Language Dictionnaries (https://packetstormsecurity.com/Crackers/wordlists/page4/)
• Language Dictionnaries (http://www.gwicks.net/dictionaries.htm)
• SCADA default passwords (http://www.critifence.com/default-password-database/)
• Tons of wordlists (https://wordlists.assetnote.io/)
• Default Creds Cheatsheet (https://github.com/ihebski/DefaultCreds-cheat-sheet)
• Lestat Tool (https://github.com/astar-security/Lestat)

Some Crypto / Cryptocurrencies

• Attacking RSA for fun and CTF points (https://bitsdeep.com/posts/attacking-rsa-for-fun-and-ctf-points-part-1/)
• SanthacklausCTF 2019 - WU (https://adel-allam.fr/linux/2019/12/23/ctf-santhacklaus/)
• Solidity Attack (https://medium.com/@fifiteen82726/solidity-attack-array-underflow-1dc67163948a)
• Solidity Security Blog (https://github.com/sigp/solidity-security-blog)

Lockpicking

• Awesome Lockpicking (https://github.com/meitar/awesome-lockpicking#readme)

Certification Reviews and Advices

• OSCP PWK Random tips and tricks (https://burmat.gitbook.io/security/hacking/oscp-pwk-random-tips-and-tricks)
• OSCP Like Vulnhub’s VM (https://www.abatchy.com/2017/02/oscp-like-vulnhub-vms)

Others cheatsheet

• Operator Up (https://obscuritylabs.github.io/operator-up/)
• The ultimate list of SANS Cheatsheets (https://www.sans.org/blog/the-ultimate-list-of-sans-cheat-sheets/?utm_medium=Social&utm_source=Twitter&utm_content=NA%20Central%20Cheat%20Sheets%20Blog%2005%202020&utm_campaign=SANS%20Blog)
• Blue Team Cheatsheets (Many Resources) (https://itblogr.com/wp-content/uploads/2020/04/The-Concise-Blue-Team-cheat-Sheets.pdf)
• The Hacker Recipes (https://www.thehacker.recipes)

MISC

• 21 Free Forensics Tools (https://www.securitynewspaper.com/2020/06/04/21-best-free-digital-forensic-investigation-tools/)
• The ultimate list of SANS Cheatsheets (https://www.sans.org/blog/the-ultimate-list-of-sans-cheat-sheets/?utm_medium=Social&utm_source=Twitter&utm_content=NA%20Central%20Cheat%20Sheets%20Blog%2005%202020&utm_campaign=SANS%20Blog)
• SlackPirate - Slack Enumeration and Extraction Tool (https://github.com/emtunc/SlackPirate)
• Awesome anti-censorship list (https://github.com/danoctavian/awesome-anti-censorship)
• How to Investigate Phishing Campaigns? (https://letsdefend.io/blog/how-to-investigate-phishing-campaigns/)
• Interactive Malware Analysis (https://app.any.run/)
• Log parsing cheatsheet 1 (https://twitter.com/fr0gger_/status/1343867388660494337?s=20)
• Log parsing cheatsheet 2 (https://twitter.com/fr0gger_/status/1346040749763293189?s=20)
• Steal Credentials & Bypass 2FA Using noVNC (https://mrd0x.com/bypass-2fa-using-novnc/)

Metasploit

• SANS Cheatsheet (https://www.sans.org/security-resources/sec560/misc_tools_sheet_v1.pdf)
• Using Databases(https://www.offensive-security.com/metasploit-unleashed/using-databases/)
• Managing Workspaces(https://docs.rapid7.com/metasploit/managing-workspaces/)