🌐PEH References

• Practical Ethical Hacking - The Complete Course

• TCM Course Resources - Github

  • Practical-Ethical-Hacking-Resources

• PNPT Certification

• Course and FAQs - Discord

Introduction

• Why You Shouldn't Be an Ethical Hacker

Note Keeping

• Notetaking Apps Ranked (Alex Olsen)

• Notion

• Joplin

• GitBook

• Obsidian

• FlameShot - Screenshot tool

• ShareX - Screenshot tool

• GreenShot - Screenshot tool

Networking

• Professor Messer - Seven Second Subnetting - Youtube

• Subnet Guide - TCM

• Networking Fundalmentals - Practical Networking Youtube

• Subnetting Mastery - Practical Networking Youtube

• Network Fundamentals - Network Direction Youtube

• SMB University - Cisco Networking Fundamentals

• guru99 - TCP 3-Way Handshake

• guru99 - OSI Model Layers

• OSI Cyber Attacks - byos.io

• Subnet Calculator - mxtoolbox.com

• CIDR to IPv4 Conversion

Lab Set Up

• VMware Workstation Player

• VMWare Workstation Pro (Free)

• VirtualBox + VirtualBox Extension Pack

• Kali Linux

  • Kali VM Installation - VMware - syselement

  • pimpmykali

• ParrotOS

• TCM Linux-101 - syselement

  • chmod Calculator

  • explainshell.com

• What is a ping sweep (ICMP sweep)?

Python

• Python Documentation

• LearnPython.org

• Python Tutorial - W3Schools

• Python Cheatsheet

  • Automate the Boring Stuff with Python - Book

• Socket Programming in Python (Guide) - RealPython

The Ethical Hacker Methodology

• Phases of Ethical Hacking - InfosecTrain

• Bugcrowd

Information Gathering

• Hunter.io

• Phonebook.cz

• Clearbit Connect

• EmailHippo Email address verifiy

• Email-checker

• HaveIBeenPwned

• breach-parse

• DeHashed.com

• Hashes.com

• Sublist3r

• crt.sh

• amass

• httprobe

• assetfinder

• gowitness

• subjack

• waybackurls

• BuiltWith.com

• Wappalyzer.com

• WhatWeb

• Burp Suite

• Google Search Syntax

• Google Search Operators: The Complete List (44 Advanced Operators)

• Open-Source Intelligence Fundamentals - TCM Security

• sumrecon script - Gr1mmie

• The Bug Hunter's Methodology Full 2-hour Training by Jason Haddix

• Nahamsec Recon Playlist

Scanning & Enumeration

• PEH Course VMs - TCM Security

  • PEH Course Capstone VMs (updated) - TCM Security

• VulnHub

• nmap

  • nikto

  • dirbuster

  • dirb

  • ffuf

• HTTP response codes

• Metasploit

  • Vulnerability & Exploit Database - Rapid7

• How to Enumerate SMB with Enum4linux & Smbclient - Null Byte

• smbclient

• exploit-db

  • searchsploit

Vulnerability Scanning with Nessus

• Nessus

• Nessus Essentials - syselement

Exploitation Basics

• Hacking with Netcat part 2: Bind and reverse shells

• netcat

• Metasploit Unleashed - OffSec

  • Apache mod_ssl < 2.8.7 OpenSSL - Remote Buffer Overflow

• Top 13 Vulnerable Web Applications and Websites for Ethical Hacking Practice | by ByteBusterX | Medium

• Damn Vulnerable Web Application (DVWA)

• Credential stuffing

• Password spraying

• CVE-2017-0144 - MS17-010

• CrackStation - Online Password Hash Cracking

  • hashcat

• GitHub - pentestmonkey/php-reverse-shell

• LinPEAS

• WinPEAS

• pspy

• Reverse Shell Cheat Sheet | pentestmonkey

• fcrackzip

• GTFO Bins

• Pure Groovy/Java Reverse Shell

• Unquoted Service Paths | Red Team Notes

• dnsrecon

• Spawning a TTY Shell | SecWiki

• Linux Privilege Escalation - SUDO and SUID | HackTricks

• Linux Privilege Escalation | TCM Security

• Windows Privilege Escalation for Beginners | TCM Security

Active Directory

• Active Directory Domain Services

• Introduction to Active Directory - HTB Academy

• Compromising Active Directory module - TryHackMe

• PimpmyADLab

• Building a Windows AD lab

• GrouppVM

• How To Setup Red Team And Blue Team Lab 2024 - Part 2 - InfoSec Pat

• LLMNR Poisoning and How to Prevent It - TCM Security

  • LLMNR | Pentest Everything - viperone.gitbook.io

  • Responder

• SMB Relay Attacks and How to Prevent Them - TCM Security

  • ntlmrelayx.py

• mitm6 - compromising IPv4 networks via IPv6 - Fox-IT

  • mitm6

• How to Hack Through a Pass-Back Attack: MFP Hacking Guide+

  • PRET

  • Printer Security Testing Cheat Sheet - Hacking Printers

  • Praeda

• ldapdomaindump

• BloodHound

  • PlumHound

• PingCastle

• Forest Druid

• Purple Knight

• crackmapexec

  • CrackMapExec Cheat Sheet 2024 (Commands & Examples) - Stationx

• netexec

• secretsdump.py

• HTB: Cicada | 0xdf hacks stuff

• Kerberoasting - CrowdStrike

  • Kerberoast | HackTricks

  • Kerberoasting | Red Team Notes

  • GetUserSPNs.py

• Token Impersonation | Pentest Everything

  • Fun with Incognito - Metasploit Unleashed

• Forced Authentication | Red Team Notes

• Finding Passwords in SYSVOL & Exploiting Group Policy Preferences – Active Directory Security

  • MS14-025: Vulnerability in Group Policy Preferences could allow elevation of privilege: May 13, 2014 - Microsoft Support

  • Exploiting-GPP-AKA-MS14_025-vulnerability

  • GPP attacks | Internal Pentest

• mimikatz

• Kerberos Golden Ticket Attack Explained - StationX

  • Golden Ticket Attack Explained | Semperis Identity Attack Catalog

  • Golden Ticket Attack Explained - MITRE ATT&CK T1558.001

  • rycon.hu - mimikatz's Golden Ticket

• Zerologon

  • ZeroLogon testing script

  • dirkjanm/CVE-2020-1472: PoC for Zerologon

  • What Is Zerologon? | Trend Micro (US)

• PrintNightmare Exposes Windows Servers to RCE | Huntress

  • Playing with PrintNightmare | 0xdf hacks stuff

  • cube0x0/CVE-2021-1675: C# and Impacket implementation of PrintNightmare CVE-2021-1675/CVE-2021-34527

  • calebstewart/CVE-2021-1675: Pure PowerShell implementation of CVE-2021-1675 Print Spooler Local Privilege Escalation (PrintNightmare)

• AD Case Study #1 - You Spent How Much on Security? - TCM Security

• AD Case Study #2 - #Pentest Tales #002: Digging Deep - TCM Security

Post Exploitation

• proxychains

• sshuttle

• chisel

Web Application

• Alex Olsen - AppSecExplained

  • AppSecExplained

• Burp Suite documentation - PortSwigger

• Web Security Academy - PortSwigger

• OWASP Top Ten

• Webhook.site - Test, transform and automate Web requests and emails

• SQL injection cheat sheet | Web Security Academy

  • SQL Injection | OWASP Foundation

• Cross-Site Scripting (XSS) Cheat Sheet - 2024 Edition | Web Security Academy

  • What is cross-site scripting (XSS) and how to prevent it? | Web Security Academy

  • Cross Site Scripting (XSS) | OWASP Foundation

  • alert() is dead, long live print() | PortSwigger Research

  • The Modern JavaScript Tutorial

• PayloadsAllTheThings - Command Injection

  • What is OS command injection, and how to prevent it? | Web Security Academy

  • Command Injection | OWASP Foundation

  • Command injection | AppSecExplained

  • Reverse Shell Cheat Sheet - Internal All The Things

• PayloadsAllTheThings - Upload Insecure Files

  • File uploads | Web Security Academy

  • Insecure file upload | AppSecExplained

  • List of file signatures (Magic bytes) - Wikipedia

• Authentication | AppSecExplained

  • Authentication vulnerabilities | Web Security Academy

• PayloadsAllTheThings - XXE Injection

  • What is XXE (XML external entity) injection? | Web Security Academy

  • XXE (XML external entity) injection | AppSecExplained

• PayloadsAllTheThings - Insecure Direct Object References

  • Insecure direct object references (IDOR) | Web Security Academy

Wireless Penetration Testing

• Pentesting Wifi - HackTricks

• ricardojoserf/wifi-pentesting-guide

• Offensive Security Tool: WEF (WiFi Exploitation Framework) | Black Hat Ethical Hacking

• D3Ext/WEF: Wi-Fi Exploitation Framework

  • Curso Gratis de Hacking Wifi | D3Ext

• Best Kali Linux Compatible USB Adapters 2024 – WirelesSHack

• OpenWrt & WiFi Exploitation | syselement's Blog

• aircrack-ng Usage

• airmon-ng

• airodump-ng

Legal Documents and Report Writing

• Sample pentest report provided by TCM Security

  • Writing a Pentest Report - TCM video