# Junior Pentester References ## Introduction * [The Conscience of a Hacker](http://phrack.org/issues/7/3.html) * [Wireshark](https://www.wireshark.org) * [Learn Wireshark](https://www.wireshark.org/#learnWS) * [Binary Hex Converters](https://www.binaryhexconverter.com) ## Networking * [IP Header](https://www.guru99.com/ip-header.html) * [TCP/IP Model Stack - Layers & Protocols](https://www.guru99.com/tcp-ip-model.html) * [TCP/IP Model](https://learning.mlytics.com/the-internet/what-is-the-tcp-ip-model/) * [ISO/OSI Model](https://www.guru99.com/layers-of-osi-model.html) * [TCP/IP vs OSI Model](https://www.guru99.com/difference-tcp-ip-vs-osi-model.html) * [Windows Network Architecture and the OSI Model](https://docs.microsoft.com/en-US/windows-hardware/drivers/network/windows-network-architecture-and-the-osi-model) * [IPv4 vs IPv6](https://www.guru99.com/difference-ipv4-vs-ipv6.html) * [Online IP Subnet Calculator](https://www.calculator.net/ip-subnet-calculator.html) * [IPv6 address](https://internetofthingsagenda.techtarget.com/definition/IPv6-address) * [IPv6 Explained for Beginners](http://www.steves-internet-guide.com/ipv6-guide/) * [How to find IPv6 Prefix](https://networklessons.com/ipv6/how-to-find-ipv6-prefix/) * [IPv6 Subnet Calculator](https://www.vultr.com/resources/subnet-calculator-ipv6/) * [Basic Computer Networking](https://www.guru99.com/basic-computer-network.html) * [IP Routing](https://www.guru99.com/ip-routing.html) * [Router vs Switch](https://www.guru99.com/router-vs-switch-difference.html) * [Layer 2-3 Switching](https://www.guru99.com/layer-3-layer-2-switch.html) * [ARP](https://www.guru99.com/address-resolution-protocol.html) * [TCP vs UDP](https://www.guru99.com/tcp-vs-udp-understanding-the-difference.html) * [guru99 - TCP 3-Way Handshake](https://www.guru99.com/tcp-3-way-handshake.html) * [mlytics - TCP 3-Way Handshake](https://learning.mlytics.com/the-internet/tcp-3-way-handshake/) * [Firewall](https://usa.kaspersky.com/resource-center/definitions/firewall) * [Top free Firewall Software](https://www.guru99.com/best-free-firewall.html) * [The 5 types of Firewalls](https://www.techtarget.com/searchsecurity/feature/The-five-different-types-of-firewalls) * [Network design: Firewall - IDS - IPS](https://resources.infosecinstitute.com/topic/network-design-firewall-idsips/) * [IDS vs IPS vs Firewall](https://ipwithease.com/firewall-vs-ips-vs-ids/) * [Firewall vs WAF](https://learning.mlytics.com/cybersecurity/firewall-vs-waf/) * [LinuxSecurity HOWTOs](https://linuxsecurity.com/howtos) * [What is NAT](https://whatismyipaddress.com/nat) * [DNS](https://www.interserver.net/tips/kb/dns-dns-hierarchy/) * [What is DNS - by Cloudflare](https://www.cloudflare.com/learning/dns/what-is-dns/) * [DNS Explained](https://dev.to/blake/dns-explained-hierarchy-and-architecture-18pj) * [DNS Resolution](https://dev.to/blake/dns-explained-resolution-a2i) * [Root name servers](https://www.netnod.se/i-root/what-are-root-name-servers) * [Wireshark Tool](https://www.wireshark.org/) * [Wireshark Docs](https://www.wireshark.org/docs/) * [Wireshark User's Guide](https://www.wireshark.org/docs/wsug_html_chunked/) * [Display filter reference](https://www.wireshark.org/docs/dfref/) ## Web Applications * [WebApp vs WebSite](https://www.guru99.com/difference-web-application-website.html) * [HTTP/1.x](https://hpbn.co/http1x/) * [HTTP Messages](https://developer.mozilla.org/en-US/docs/Web/HTTP/Messages) * [HTTP Headers](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Accept) * [HTTP Request methods](https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/GET) * [HTTP Response status codes](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/200) * [RFC 7231](https://httpwg.org/specs/rfc7231.html) * [HTTP vs HTTPS](https://www.guru99.com/difference-http-vs-https.html) * [High Performance Browser Networking - Book](https://hpbn.co/) * [What is HTTPS](https://www.cloudflare.com/it-it/learning/ssl/what-is-https/) * [TLS - Transport Layer Security](https://hpbn.co/transport-layer-security-tls/) * [netcat Tool](https://linuxize.com/post/netcat-nc-command-with-examples/) * [netcat Cheat Sheet](https://steflan-security.com/netcat-cheat-sheet/) * [Burp Suite - Documentation](https://portswigger.net/burp/documentation/desktop) * [OpenSSL Cookbook](https://www.feistyduck.com/library/openssl-cookbook/online/) * [HTTP Cookies](https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies) * [RFC 6265](https://datatracker.ietf.org/doc/html/rfc6265). * [Set-Cookie header](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie) * [Web Authentication - Cookies vs Tokens](https://blog.bitsrc.io/web-authentication-cookies-vs-tokens-8e47d5a96d34) * [Session ID](https://www.seobility.net/en/wiki/Session_ID) * [Session Cookies](https://securiti.ai/blog/session-cookies/) * [Cookies and Session Management](https://www.hackingarticles.in/beginner-guide-understand-cookies-session-management/) * [HTTP Cookies & Sessions - video by HackerSploit](https://www.youtube.com/watch?v=zHBpJA5XfDk) * [SOP](https://developer.mozilla.org/en-US/docs/Web/Security/Same-origin_policy) * [Same Origin Policy - PortSwigger](https://portswigger.net/web-security/cors/same-origin-policy) * [Burp Suite by PortSwigger](https://portswigger.net/burp) * [Burp Suite Tools](https://portswigger.net/burp/documentation/desktop/tools) * [ZAP by OWASP Foundation](https://owasp.org/www-project-zap/) * [What is a Proxy Server](https://www.varonis.com/blog/what-is-a-proxy-server) ## Assessment Methodologies ### Information Gathering * [Passive Information Gathering](https://www.dummies.com/article/academics-the-arts/study-skills-test-prep/comptia-pentestplus/passive-information-gathering-for-pentesting-275726/) * [Wappalyzer](https://www.wappalyzer.com/) * [whois.domaintools.com](https://whois.domaintools.com/) * [netcraft](https://sitereport.netcraft.com/) * [dnslytics.com](https://dnslytics.com/) * [dnsrecon tool](https://github.com/darkoperator/dnsrecon) * [dnsdumpster.com](https://dnsdumpster.com/) * [wafw00f tool](https://github.com/EnableSecurity/wafw00f) * [sublist3r tool](https://github.com/aboul3la/Sublist3r) * [google.com](https://www.google.com/) * [Google Dorks Cheat Sheet](https://hackr.io/blog/google-dorks-cheat-sheet) * [Google Hacking Database](https://www.exploit-db.com/google-hacking-database) * [theHarvester tool](https://github.com/laramies/theHarvester) * [haveibeenpwned.com](https://haveibeenpwned.com/) * [Active Information Gathering](https://www.dummies.com/article/academics-the-arts/study-skills-test-prep/comptia-pentestplus/active-information-gathering-for-pentesting-275736/) * [Ethical Standards](https://pentestlab.blog/2013/01/08/professional-and-ethical-standards/) * [The Pentester's Code of Conduct](https://www.lmgsecurity.com/the-pentesters-code-of-conduct-rules-that-keep-everyone-safe/) * [DNS Records - by Cloudflare](https://www.cloudflare.com/learning/dns/dns-records/) * [ZoneTransfer.me](https://digi.ninja/projects/zonetransferme.php) * [DNS zone transfer and zone file](https://www.cloudns.net/blog/zone-transfer-zone-file-domain-namespace/) * [dig](https://linuxize.com/post/how-to-use-dig-command-to-query-dns-in-linux/) * [dig Command Examples - by Vivek Gite](https://www.cyberciti.biz/faq/linux-unix-dig-command-examples-usage-syntax/) * [fierce](https://github.com/mschwager/fierce) * [nmap](https://nmap.org/) * [Nmap Command Examples - by Vivek Gite](https://www.cyberciti.biz/networking/nmap-command-examples-tutorials/) * [NMap CheatSheet](https://www.stationx.net/nmap-cheat-sheet/) * [Ethical Hacking Footprinting](https://www.geeksforgeeks.org/ethical-hacking-footprinting/) * [fping](https://fping.org/) * [zenmap](https://nmap.org/zenmap/) * [nmap automator](https://github.com/21y4d/nmapAutomator) * [Rustscan](https://github.com/RustScan/RustScan) * [Autorecon](https://github.com/Tib3rius/AutoRecon) ### Enumeration * [Enumeration](https://resources.infosecinstitute.com/topic/what-is-enumeration/) * [SMB Enum](https://www.hackingarticles.in/a-little-guide-to-smb-enumeration/) * [nmap Scripts](https://nmap.org/nsedoc/scripts/) * [smbmap](https://github.com/ShawnDEvans/smbmap) * [smbclient](https://www.samba.org/samba/docs/current/man-html/smbclient.1.html) * [Metasploit](https://www.metasploit.com/) * [msfconsole](https://www.offensive-security.com/metasploit-unleashed/msfconsole/) * [rpcclient](https://www.samba.org/samba/docs/current/man-html/rpcclient.1.html) * [enum4linux](https://github.com/CiscoCXSecurity/enum4linux) * [SMB named pipes](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-wpo/4de75e21-36fd-440a-859b-75accc74487c) * [smtp-user-enum](https://pentestmonkey.net/tools/user-enumeration/smtp-user-enum) * [hydra](https://github.com/vanhauser-thc/thc-hydra) * [Passwords word lists](https://www.kali.org/tools/wordlists/) * [FTP Enum](https://www.hackingarticles.in/ftp-penetration-testing-on-ubuntu-port-21/) * [FTP Windows Enum](https://www.hackingarticles.in/ftp-penetration-testing-windows/) * [ftp command](https://linux.die.net/man/1/ftp) * [SSH Enum](https://www.hackingarticles.in/ssh-penetration-testing-port-22/) * [nc/netcat](https://docs.oracle.com/cd/E36784_01/html/E36870/netcat-1.html) * [ssh](https://www.geeksforgeeks.org/ssh-command-in-linux-with-examples/) * [What is HTTP?](https://www.cloudflare.com/learning/ddos/glossary/hypertext-transfer-protocol-http/) * [httpie](https://httpie.io/) * [dirb](https://www.kali.org/tools/dirb/) * [browsh](https://github.com/browsh-org/browsh) * [curl](https://curl.se/) * [whatweb](https://github.com/urbanadventurer/WhatWeb) * [What is MySQL?](https://dev.mysql.com/doc/refman/8.0/en/what-is-mysql.html) * [MySQL Enum](https://www.hackingarticles.in/mysql-penetration-testing-nmap/) * [mysql](https://dev.mysql.com/doc/refman/8.0/en/mysql.html) ### Vulnerability Assessment & Auditing * [Vulnerability](https://csrc.nist.gov/glossary/term/vulnerability) * [NIST - NVD](https://nvd.nist.gov/general) * [CVEs & NVD Process](https://nvd.nist.gov/general/cve-process) * [Zero-Day](https://www.crowdstrike.com/cybersecurity-101/zero-day-exploit/) * [Vulnerability Assessment](https://csrc.nist.gov/glossary/term/vulnerability_assessment) * [exploit-db.com](https://www.exploit-db.com/) * [searchsploit](https://www.exploit-db.com/searchsploit) * [What is Cybersecurity? - IBM](https://www.ibm.com/topics/cybersecurity) * [PII](https://www.investopedia.com/terms/p/personally-identifiable-information-pii.asp) * [CIA Triad](https://www.fortinet.com/resources/cyberglossary/cia-triad) * [Defense in Depth](https://www.cyberark.com/what-is/defense-in-depth/) * [Risk Management](https://www.ibm.com/topics/risk-management) * [Compliance](https://www.celerium.com/cyber-security-compliance-a-comprehensive-guide) * [Cybersec Frameworks](https://www.celerium.com/cybersecurity-frameworks-a-comprehensive-guide) * [Auditing](https://www.auditboard.com/blog/what-is-security-audit/) * [SCAP](https://public.cyber.mil/stigs/scap/) * [OpenSCAP](https://www.open-scap.org/) * [What is a SCAP Scan](https://cingulara.github.io/openrmf-docs/scapscans.html) * [Nessus](https://www.tenable.com/products/nessus) * [Nessus Essentials](https://www.tenable.com/products/nessus/nessus-essentials) ## Host & Network PenTesting ### Windows System Attacks * [Host and Network Based Attacks by Tim DeWeese](https://prezi.com/ytdm9nv2hxya/host-and-network-based-attacks/) * [Microsoft Learn - IIS](https://learn.microsoft.com/en-us/iis/get-started/introduction-to-iis/iis-web-server-overview) * [davtest](https://github.com/cldrn/davtest) * [cadaver](https://github.com/notroj/cadaver) * [msfvenom](https://docs.metasploit.com/docs/using-metasploit/basics/how-to-use-msfvenom.html) * [Microsoft Learn - SMB](https://learn.microsoft.com/en-us/windows-server/storage/file-server/file-server-smb-overview) * [PsExec](https://learn.microsoft.com/en-us/sysinternals/downloads/psexec) * [impacket-scripts](https://www.kali.org/tools/impacket-scripts/) * [PsExec.py Linux](https://github.com/fortra/impacket/blob/master/examples/psexec.py) * [CVE-2017-0143 - EternalBlue](https://nvd.nist.gov/vuln/detail/CVE-2017-0143) * [AutoBlue-MS17-010](https://github.com/3ndG4me/AutoBlue-MS17-010) * [Microsoft Learn - RDP](https://learn.microsoft.com/en-us/troubleshoot/windows-server/remote/understanding-remote-desktop-protocol) * [How to Exploit the BlueKeep Vulnerability with Metasploit - Pentest-Tools](https://pentest-tools.com/blog/bluekeep-exploit-metasploit) * [Bluekeep CVE-2019–0708 Metasploit Module on Windows 7](https://alexandrevvo.medium.com/testing-bluekeep-cve-2019-0708-metasploit-module-on-windows-7-ef3f28217b7b) * [Microsoft Learn - WinRM](https://learn.microsoft.com/en-us/windows/win32/winrm/portal) * [CrackMapExec](https://github.com/Porchetta-Industries/CrackMapExec) * [evil-winrm](https://github.com/Hackplayers/evil-winrm) * [Privilege Escalation - Windows Kernel Exploits](https://pentestlab.blog/2017/04/24/windows-kernel-exploits/) * [windows-kernel-exploits](https://github.com/SecWiki/windows-kernel-exploits) * [Windows-Exploit-Suggester](https://github.com/AonCyberLabs/Windows-Exploit-Suggester) * [Windows Privilege Escalation - Resources - S1REN](https://sirensecurity.io/blog/windows-privilege-escalation-resources/) * [Microsoft Learn - UAC](https://learn.microsoft.com/en-us/windows/security/identity-protection/user-account-control/user-account-control-overview) * [UACMe](https://github.com/hfiref0x/UACME) * [Microsoft Learn - Access Tokens](https://learn.microsoft.com/en-us/windows/win32/secauthz/access-tokens) * [Access Tokens - HackTricks](https://book.hacktricks.xyz/windows-hardening/windows-local-privilege-escalation/access-tokens) * [Abusing Tokens - HackTricks](https://book.hacktricks.xyz/windows-hardening/windows-local-privilege-escalation/privilege-escalation-abusing-tokens) * [Understanding Impersonation via Access Tokens](https://medium.com/securebit/understanding-impersonation-via-access-tokens-5e3e5946adb9) * [ADS Alternate Data Streams](https://www.malwarebytes.com/blog/news/2015/07/introduction-to-alternate-data-streams) * [SAM Database](https://www.windows-active-directory.com/windows-security-account-manager.html) * [LSA](https://learn.microsoft.com/en-us/windows/win32/secauthn/lsa-authentication) * [LSA protection by default in Windows Canary build - 2023](https://www.bleepingcomputer.com/news/microsoft/microsoft-enables-lsa-protection-by-default-in-windows-canary-build/) * [Windows authentication attacks - part 1 - RedForge](https://blog.redforce.io/windows-authentication-and-attacks-part-1-ntlm/) * [LM, NTLM, Net-NTLMv2, oh my!](https://medium.com/@petergombos/lm-ntlm-net-ntlmv2-oh-my-a9b235c58ed4) * [mimikatz](https://github.com/gentilkiwi/mimikatz) * [Pass-the-hash](https://www.crowdstrike.com/cybersecurity-101/pass-the-hash/) * [Alternative ways to Pass the Hash](https://www.n00py.io/2020/12/alternative-ways-to-pass-the-hash-pth/) ### Linux System Attacks * [Linux and GNU](https://www.gnu.org/gnu/linux-and-gnu.en.html) * [Apache Web Server](https://httpd.apache.org/) * [CVE-2014-6271 - ShellShock](https://nvd.nist.gov/vuln/detail/CVE-2014-6271) * [Shellshock exploit + vulnerable environment](https://github.com/opsxcq/exploit-CVE-2014-6271) * [Linux Privilege Escalation: Linux kernel / distribution exploits](https://infosecwriteups.com/linux-privilege-escalation-linux-kernel-distribution-exploits-you-should-now-about-1c46152d133d) * [linux-kernel-exploitation links](https://github.com/xairy/linux-kernel-exploitation) * [linux-exploit-suggester](https://github.com/The-Z-Labs/linux-exploit-suggester) * [Basic Linux Privilege Escalation](https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/) * [Linux Privilege Escalation - Resources - S1REN](https://sirensecurity.io/blog/linux-privilege-escalation-resources/) * [Cron Jobs](https://www.hostinger.com/tutorials/cron-job) * [Crontab Editor](https://crontab.guru/) * [SUID](https://www.redhat.com/sysadmin/suid-sgid-sticky-bit) * [euid-ruid-suid - HackTricks](https://book.hacktricks.xyz/linux-hardening/privilege-escalation/euid-ruid-suid) * [Understanding /etc/shadow file format on Linux](https://www.cyberciti.biz/faq/understanding-etcshadow-file/) * [Creating yescrypt, MD5, SHA-256, and SHA-512 Password Hashes](https://www.baeldung.com/linux/shadow-passwords) * [yescrypt](https://www.openwall.com/yescrypt/) ### Network Attacks * [Man in the Middle (MITM) Attacks](https://www.rapid7.com/fundamentals/man-in-the-middle-attacks/) * [What is MITM](https://www.crowdstrike.com/cybersecurity-101/man-in-the-middle-mitm-attacks/) * [tshark](https://tshark.dev/) * [arpspoof](https://www.kali.org/tools/dsniff/#arpspoof) * [WiFi - 802.11 Frame Types and Formats](https://howiwifi.com/2020/07/13/802-11-frame-types-and-formats/) ### Metasploit * [Metasploit Framework](https://www.metasploit.com/) * [Metasploit Documentation](https://docs.metasploit.com/) * [Architecture](https://www.offsec.com/metasploit-unleashed/metasploit-architecture/) * [Modules](https://www.offsec.com/metasploit-unleashed/modules-and-locations/) * [Payloads](https://www.offsec.com/metasploit-unleashed/payloads/) * [MSFConsole](https://www.offsec.com/metasploit-unleashed/msfconsole/) * [Workspaces](https://docs.rapid7.com/metasploit/managing-workspaces/) * [Database Usage](https://www.offsec.com/metasploit-unleashed/using-databases/) * [Port Scanning](https://www.offsec.com/metasploit-unleashed/port-scanning/) * [Nessus - Import](https://www.offsec.com/metasploit-unleashed/working-with-nessus/) * [WMAP](https://www.offsec.com/metasploit-unleashed/wmap-web-scanner/) * [Client-Side Attacks](https://www.offsec.com/metasploit-unleashed/client-side-attacks/) * [Types of client side attacks](https://www.geeksforgeeks.org/types-of-client-side-attacks/) * [Msfvenom](https://www.offsec.com/metasploit-unleashed/msfvenom/) * [Python HTTP Server](https://www.digitalocean.com/community/tutorials/python-simplehttpserver-http-server) * [How to use MSFvenom](https://docs.metasploit.com/docs/using-metasploit/basics/how-to-use-msfvenom.html) * [Writing Resource Scripts](https://www.offsec.com/metasploit-unleashed/writing-meterpreter-scripts/) * [Exploits](https://www.offsec.com/metasploit-unleashed/exploits/) * [Post Exploitation](https://www.offsec.com/metasploit-unleashed/msf-post-exploitation/) * [Meterpreter](https://www.offsec.com/metasploit-unleashed/about-meterpreter/) * [Privilege Escalation](https://www.offsec.com/metasploit-unleashed/privilege-escalation/) * [Incognito](https://www.offsec.com/metasploit-unleashed/fun-incognito/) * [PSExec Pass-the-hash](https://www.offsec.com/metasploit-unleashed/psexec-pass-hash/) * [Enabling RDP](https://www.offsec.com/metasploit-unleashed/enabling-remote-desktop/) * [Pivoting](https://www.offsec.com/metasploit-unleashed/pivoting/) * [Keylogging](https://www.offsec.com/metasploit-unleashed/keylogging/) * [Metasploit in Kali Linux](https://www.kali.org/docs/tools/starting-metasploit-framework-in-kali/) * [Metasploit Unleashed – Free Ethical Hacking Course by OffSec](https://www.offsec.com/metasploit-unleashed/) * [Armitage GUI](https://github.com/r00t0v3rr1d3/armitage) * [Armitage](https://www.offsec.com/metasploit-unleashed/armitage/) * [PTES](http://www.pentest-standard.org/index.php/Main_Page) * [Guide to Modern Penetration Testing - Infopulse](https://www.infopulse.com/blog/guide-to-modern-penetration-testing-part-2-fifty-shades-of-grey-box) * [MSF Installer](https://docs.metasploit.com/docs/using-metasploit/getting-started/nightly-installers.html) * [How to Use Metasploit in Kali Linux + Metasploitable3](https://www.stationx.net/how-to-use-metasploit-in-kali-linux/) * [Metasploitable3 - rapid7 Github](https://github.com/rapid7/metasploitable3) * [Shikata Ga Nai Encoder Still Going Strong - Mandiant](https://www.mandiant.com/resources/blog/shikata-ga-nai-encoder-still-going-strong) * [Haraka](https://haraka.github.io/) * [Methods Used by Linux for Hashing Passwords](https://www.baeldung.com/linux/hashing-methods-password) ## Exploitation * [Exploitation PTES](http://www.pentest-standard.org/index.php/Exploitation) * [Banner Grabbing](https://cyberexperts.com/encyclopedia/banner-grabbing/) * [Nmap Scripting Engine](https://nmap.org/book/nse) * [exploit-db.com](https://www.exploit-db.com/) * [Dorks - Google Hacking Database](https://www.exploit-db.com/google-hacking-database) * [Rapid7 db](https://www.rapid7.com/db/) * [Searchsploit](https://www.exploit-db.com/searchsploit) * [Cross Compile to Win from Linux](https://www.crossmeta.io/mingw32-cross-compile-to-windows-from-linux/) * [MinGW-w64](https://www.mingw-w64.org/) * [ExploitDB bin-sploits](https://github.com/offensive-security/exploitdb-bin-sploits) ### Shells * [Shells - HackTricks](https://book.hacktricks.xyz/generic-methodologies-and-resources/shells) * [Bind & Reverse Shells - Hacking with Netcat](https://www.hackingtutorials.org/networking/hacking-netcat-part-2-bind-reverse-shells/) * [PayloadsAllTheThings - Reverse Shell Cheatsheet](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md) * [Reverse Shell Generator](https://www.revshells.com/) * [Reverse Shells - 0xffsec](https://0xffsec.com/handbook/shells/reverse-shells/) * [Reverse-shell via Windows one-liner](https://www.hackingarticles.in/get-reverse-shell-via-windows-one-liner/) * [PowerShell-Empire](https://github.com/BC-SECURITY/Empire) ### Defense Evasion * [Metasploitable2](https://docs.rapid7.com/metasploit/metasploitable-2/) * [Metasploitable3](https://github.com/rapid7/metasploitable3) * [What is Defense Evasion - Huntress](https://www.huntress.com/blog/what-is-defense-evasion) * [Defense Evasion - MITRE ATT\&CK](https://attack.mitre.org/tactics/TA0005/) * [Antivirus Detection Methods](https://zeltser.com/how-antivirus-software-works/) * [Shellter](https://www.shellterproject.com/introducing-shellter/) * [Invoke-Obfuscation](https://github.com/danielbohannon/Invoke-Obfuscation) ## Post Exploitation * [Post-Exploitation](http://www.pentest-standard.org/index.php/Post_Exploitation) * [Ignitetechnologies/Privilege-Escalation](https://github.com/Ignitetechnologies/Privilege-Escalation) * [PayloadsAllTheThings - Windows - Privilege Escalation](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Windows%20-%20Privilege%20Escalation.md) * [PayloadsAllTheThings - Linux - Privilege Escalation](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Linux%20-%20Privilege%20Escalation.md) * [PEASS-ng](https://github.com/carlospolop/PEASS-ng) * [winPEAS](https://github.com/carlospolop/PEASS-ng/tree/master/winPEAS) * [linPEAS](https://github.com/carlospolop/PEASS-ng/tree/master/linPEAS) * [JAWS - Just Another Windows (Enum) Script](https://github.com/411Hall/JAWS) * [LinEnum - rebootuser](https://github.com/rebootuser/LinEnum) * [Python3 - http.server](https://docs.python.org/3/library/http.server.html) * [tmux](https://github.com/tmux/tmux/) ### TTY Shells * [Full TTY Shells - HackTricks](https://book.hacktricks.xyz/generic-methodologies-and-resources/shells/full-ttys) * [Fully Interactive TTYs - 0xffsec](https://0xffsec.com/handbook/shells/full-tty/) * [stty](https://man7.org/linux/man-pages/man1/stty.1.html) ### Privilege Escalation * [PrivescCheck](https://github.com/itm4n/PrivescCheck) * [Linux Privilege Escalation Guide(Updated For 2023 - by Rashid-Feroze](https://payatu.com/blog/a-guide-to-linux-privilege-escalation/) * [Linux Privilege Escalation using SUID Binaries](https://www.hackingarticles.in/linux-privilege-escalation-using-suid-binaries/) * [FallOfSudo](https://github.com/CyberOne-TeamARES/FallOfSudo) * [GTFOBins](https://gtfobins.github.io/) ### Persistence * [Persistence - MITRE ATT\&CK](https://attack.mitre.org/tactics/TA0003/) * [Enabling Remote Desktop - OffSec](https://www.offsec.com/metasploit-unleashed/enabling-remote-desktop/) * [SSH Penetration Testing](https://www.hackingarticles.in/ssh-penetration-testing-port-22/) * [Scheduled Task/Job - MITRE ATT\&CK](https://attack.mitre.org/techniques/T1053/) ### Cracking Hashes * [John The Ripper](https://github.com/openwall/john) * [Hashcat](https://hashcat.net/hashcat/) ### Pivoting * [Pivoting](https://www.offsec.com/metasploit-unleashed/pivoting/) ## Social Engineering * [What is Social Engineering?](https://www.kaspersky.com/resource-center/definitions/what-is-social-engineering) * [FBI IC3 Releases 2022 Internet Crime Report](https://octillolaw.com/insights/fbi-ic3-releases-2022-internet-crime-report) * [Trendmicro Security 101: Business Email Compromise (BEC) Schemes](https://www.trendmicro.com/vinfo/fr/security/news/cybercrime-and-digital-threats/business-email-compromise-bec-schemes) * [CEO Fraud Attacks - KnowBe4](https://www.knowbe4.com/ceo-fraud) * [NIST SP 800-115 - Technical Guide to Information Security Testing and Assessment](https://csrc.nist.gov/publications/detail/sp/800-115/final) * [Social Engineering Penetration Testing: Attacks, Methods, & Steps - Purplesec.us](https://purplesec.us/social-engineering-penetration-testing/) * [Gophish](https://getgophish.com/) * [Creating the Gophish Demo](https://getgophish.com/blog/post/2019-01-04-creating-the-gophish-demo-part-one/) ## Web App PenTesting * [OWASP TOP 10](https://owasp.org/www-project-top-ten/) * [SQL Injection - OWASP](https://owasp.org/www-community/attacks/SQL_Injection) * [What is a SQLi? - PortSwigger](https://portswigger.net/web-security/sql-injection) * [SQLi CheatSheet - PortSwigger](https://portswigger.net/web-security/sql-injection/cheat-sheet) * [XSS - OWASP](https://owasp.org/www-community/attacks/xss/#) * [How does XSS Work? - PortSwigger](https://portswigger.net/web-security/cross-site-scripting) * [XSS Cheatsheet - PortSwigger](https://portswigger.net/web-security/cross-site-scripting/cheat-sheet) * [PortSwigger Web Security Academy](https://portswigger.net/web-security/learning-path) * [HTTP Protocol](https://developer.mozilla.org/en-US/docs/Web/HTTP) * [RFC 9110 - HTTP Semantics](https://httpwg.org/specs/rfc9110.html) ### Vulnerable Web Apps * [bWAPP](http://www.itsecgames.com/) * [Setting Up OWASP bWAPP With Docker - HackerSploit](https://www.youtube.com/watch?v=XMJuNRgPo-0) * [OWASP Juice Shop](https://github.com/juice-shop/juice-shop) * [Damn Vulnerable Web Application (DVWA)](https://github.com/digininja/DVWA) * [Mutillidae II](https://github.com/webpwnized/mutillidae) ### Tools * [Gobuster](https://github.com/OJ/gobuster) * [ffuf](https://github.com/ffuf/ffuf) * [Burp Suite by PortSwigger](https://portswigger.net/burp) * [ZAProxy](https://www.zaproxy.org/) * [Nikto](https://github.com/sullo/nikto) * [SQLMap](https://sqlmap.org/) * [SQLMap Cheatsheet](https://book.hacktricks.xyz/pentesting-web/sql-injection/sqlmap) * [XSSer](https://github.com/epsylon/xsser) * [WPScan](https://github.com/wpscanteam/wpscan) *** --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://blog.syselement.com/home/cyber-everything/generic/juniorpt-references.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.