Hacker Media list
Hacker Media list
Hacker Media
Blogs Worth It:
What the title says. There are a LOT of pentesting blogs, these are the ones i monitor constantly and value in the actual day to day testing work.
carnal0wnage.blogspot.com/
www.mcgrewsecurity.com/
www.gnucitizen.org/blog/
www.darknet.org.uk/
spylogic.net/
taosecurity.blogspot.com/
www.room362.com/
blog.sipvicious.org/
blog.portswigger.net/
pentestmonkey.net/blog/
jeremiahgrossman.blogspot.com/
i8jesus.com/
blog.c22.cc/
www.skullsecurity.org/blog/
blog.metasploit.com/
www.darkoperator.com/
blog.skeptikal.org/
preachsecurity.blogspot.com/
www.tssci-security.com/
www.gdssecurity.com/l/b/
websec.wordpress.com/
bernardodamele.blogspot.com/
laramies.blogspot.com/
www.spylogic.net/
blog.andlabs.org/
xs-sniper.com/blog/
www.commonexploits.com/
www.sensepost.com/blog/
wepma.blogspot.com/
exploit.co.il/
securityreliks.wordpress.com/
www.madirish.net/index.html
sirdarckcat.blogspot.com/
reusablesec.blogspot.com/
myne-us.blogspot.com/
www.notsosecure.com/
blog.spiderlabs.com/
www.corelan.be/
www.digininja.org/
www.pauldotcom.com/
www.attackvector.org/
deviating.net/
www.alphaonelabs.com/
www.smashingpasswords.com/
wirewatcher.wordpress.com/
gynvael.coldwind.pl/
www.nullthreat.net/
www.question-defense.com/
archangelamael.blogspot.com/
memset.wordpress.com/
sickness.tor.hu/
punter-infosec.com/
www.securityninja.co.uk/
securityandrisk.blogspot.com/
esploit.blogspot.com/
www.pentestit.com/
Forums:
Created for forums that will help in both tool usage, syntax, attack techniques, and collection of scripts and tools. Needs some help. I don't really frequent too many underground forums but i actually find nice one-off scripts and info i can roll into my own code in these places. Would like to add more.
sla.ckers.org/forum/index.php
www.ethicalhacker.net/
www.backtrack-linux.org/forums/
www.elitehackers.info/forums/
www.hackthissite.org/forums/index.php
securityoverride.com/forum/index.php
www.iexploit.org/
bright-shadows.net/
www.governmentsecurity.org/forum/
forum.intern0t.net/
Magazines:
www.net-security.org/insecuremag.php
hakin9.org/
Video:
www.hackernews.com/
www.securitytube.net/
www.irongeek.com/i.php?page=videos/aide-winter-2011
avondale.good.net/dl/bd/
achtbaan.nikhef.nl/27c3-stream/releases/mkv/
www.youtube.com/user/ChRiStIaAn008
www.youtube.com/user/HackingCons
Methodologies:
www.vulnerabilityassessment.co.uk/Penetration%20Test.html
www.pentest-standard.org/index.php/Main_Page
projects.webappsec.org/w/page/13246978/Threat-Classification
www.owasp.org/index.php/Category:OWASPTopTen_Project
www.social-engineer.org/
OSINT
Presentations:
www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-part-1-social-networks/
www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-%E2%80%93-part-2-blogs-message-boards-and-metadata/
www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-part-3-monitoring/
www.slideshare.net/Laramies/tactical-information-gathering
www.sans.org/readingroom/whitepapers/privacy/documentmetadatathesilentkiller_32974
infond.blogspot.com/2010/05/toturial-footprinting.html
People and Organizational:
www.spokeo.com/
www.123people.com/
www.xing.com/
www.zoominfo.com/search
pipl.com/
www.zabasearch.com/
www.searchbug.com/default.aspx
theultimates.com/
skipease.com/
addictomatic.com/
socialmention.com/
entitycube.research.microsoft.com/
www.yasni.com/
tweepz.com/
tweepsearch.com/
www.glassdoor.com/index.htm
www.jigsaw.com/
searchwww.sec.gov/EDGARFSClient/jsp/EDGAR_MainAccess.jsp
www.tineye.com/
www.peekyou.com/
picfog.com/
twapperkeeper.com/index.php
Infrastructure:
uptime.netcraft.com/
www.serversniff.net/
www.domaintools.com/
centralops.net/co/
hackerfantastic.com/
whois.webhosting.info/
www.ssllabs.com/ssldb/analyze.html
www.clez.net/
www.my-ip-neighbors.com/
www.shodanhq.com/
www.exploit-db.com/google-dorks/
www.hackersforcharity.org/ghdb/
Exploits and Advisories:
www.exploit-db.com/
www.cvedetails.com/
www.milw0rm.com/ (Down permanently)
www.packetstormsecurity.org/
www.securityforest.com/wiki/index.php/Main_Page
www.securityfocus.com/bid
nvd.nist.gov/
osvdb.org/
www.nullbyte.org.il/Index.html
secdocs.lonerunners.net/
www.phenoelit-us.org/whatSAP/index.html
secunia.com/
cve.mitre.org/
Cheatsheets and Syntax:
cirt.net/ports_dl.php?export=services
www.cheat-sheets.org/
blog.securitymonks.com/2009/08/15/whats-in-your-folder-security-cheat-sheets/
Agile Hacking:
www.gnucitizen.org/blog/agile-hacking-a-homegrown-telnet-based-portscanner/
blog.commandlinekungfu.com/
www.securityaegis.com/simple-yet-effective-directory-bruteforcing/
isc.sans.edu/diary.html?storyid=2376
isc.sans.edu/diary.html?storyid=1229
ss64.com/nt/
pauldotcom.com/2010/02/running-a-command-on-every-mac.html
synjunkie.blogspot.com/2008/03/command-line-ninjitsu.html
www.zonbi.org/2010/06/09/wmic-the-other-other-white-meat/
rstcenter.com/forum/22324-hacking-without-tools-windows.rst
www.coresecurity.com/files/attachments/CoreDefineandWinCmd_Line.pdf
www.scribd.com/Penetration-Testing-Ninjitsu2-Infrastructure-and-Netcat-without-Netcat/d/3064507
www.pentesterscripting.com/
www.sans.org/readingroom/whitepapers/hackers/windows-script-host-hack-windows33583
www.blackhat.com/presentations/bh-dc-10/Bannedit/BlackHat-DC-2010-Bannedit-Advanced-Command-Injection-Exploitation-1-wp.pdf
OS and Scripts:
en.wikipedia.org/wiki/IPv4subnettingreference
www.nixtutor.com/linux/all-the-best-linux-cheat-sheets/
shelldorado.com/shelltips/beginner.html
www.linuxsurvival.com/
mywiki.wooledge.org/BashPitfalls
rubular.com/
www.iana.org/assignments/port-numbers
www.robvanderwoude.com/ntadmincommands.php
www.nixtutor.com/linux/all-the-best-linux-cheat-sheets/
Tools:
www.sans.org/security-resources/sec560/netcatcheatsheet_v1.pdf
www.secguru.com/files/cheatsheet/nessusNMAPcheatSheet.pdf
sbdtools.googlecode.com/files/hping3cheatsheetv1.0-ENG.pdf
sbdtools.googlecode.com/files/Nmap5%20cheatsheet%20eng%20v1.pdf
www.sans.org/security-resources/sec560/misctoolssheet_v1.pdf
rmccurdy.com/scripts/Metasploit%20meterpreter%20cheat%20sheet%20reference.html
h.ackack.net/cheat-sheets/netcat
Distros:
www.backtrack-linux.org/
www.matriux.com/
samurai.inguardians.com/
www.owasp.org/index.php/Category:OWASPLiveCD_Project
pentoo.ch/
www.hackfromacave.com/articlesandadventures/katanav2release.html
www.piotrbania.com/all/kon-boot/
www.linuxfromscratch.org/
sumolinux.suntzudata.com/
blog.0x0e.org/2009/11/20/pentesting-with-an-ubuntu-box/#comments
www.backbox.org/
Labs:
ISOs and VMs:
sourceforge.net/projects/websecuritydojo/
code.google.com/p/owaspbwa/wiki/ProjectSummary
heorot.net/livecds/
informatica.uv.es/~carlos/docencia/netinvm/
www.bonsai-sec.com/en/research/moth.php
blog.metasploit.com/2010/05/introducing-metasploitable.html
pynstrom.net/holynix.php
gnacktrack.co.uk/download.php
sourceforge.net/projects/lampsecurity/files/
www.hacking-lab.com/news/newspage/livecd-v4.3-available.html
sourceforge.net/projects/virtualhacking/files/
www.badstore.net/
www.irongeek.com/i.php?page=security/mutillidae-deliberately-vulnerable-php-owasp-top-10
www.dvwa.co.uk/
sourceforge.net/projects/thebutterflytmp/
Vulnerable Software:
www.oldapps.com/
www.oldversion.com/
www.exploit-db.com/webapps/
code.google.com/p/wavsep/downloads/list
www.owasp.org/index.php/Owasp_SiteGenerator
www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx
www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx
www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx
www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx
Test Sites:
www.webscantest.com/
crackme.cenzic.com/Kelev/view/home.php
zero.webappsecurity.com/banklogin.asp?serviceName=FreebankCaastAccess&templateName=prodsel.forte&source=Freebank&ADREFERRING_URL=http://www.Freebank.com
testaspnet.vulnweb.com/
testasp.vulnweb.com/
testphp.vulnweb.com/
demo.testfire.net/
hackme.ntobjectives.com/
Exploitation Intro:
If you'd like to get into exploit dev, these are really the guides and docs that will start you off in the right direction. Since Exploit dev is not my primary occupation this section could always use help.
myne-us.blogspot.com/2010/08/from-0x90-to-0x4c454554-journey-into.html
www.mgraziano.info/docs/stsi2010.pdf
www.abysssec.com/blog/2010/05/past-present-future-of-windows-exploitation/
www.ethicalhacker.net/content/view/122/2/
code.google.com/p/it-sec-catalog/wiki/Exploitation
x9090.blogspot.com/2010/03/tutorial-exploit-writting-tutorial-from.html
ref.x86asm.net/index.html
Reverse Engineering & Malware:
www.woodmann.com/TiGa/idaseries.html
www.binary-auditing.com/
visi.kenshoto.com/
www.radare.org/y/
www.offensivecomputing.net/
Passwords and Hashes:
www.irongeek.com/i.php?page=videos/password-exploitation-class
cirt.net/passwords
sinbadsecurity.blogspot.com/2008/10/ms-sql-server-password-recovery.html
www.foofus.net/~jmk/medusa/medusa-smbnt.html
www.foofus.net/?page_id=63
hashcrack.blogspot.com/
www.nirsoft.net/articles/savedpasswordlocation.html
www.onlinehashcrack.com/
www.md5this.com/list.php?
www.virus.org/default-password
www.phenoelit-us.org/dpl/dpl.html
news.electricalchemy.net/2009/10/cracking-passwords-in-cloud.html
Wordlists:
contest.korelogic.com/wordlists.html
packetstormsecurity.org/Crackers/wordlists/
www.skullsecurity.org/wiki/index.php/Passwords
www.ericheitzman.com/passwd/passwords/
Pass the Hash:
www.sans.org/readingroom/whitepapers/testing/pass-the-hash-attacks-tools-mitigation33283
www.sans.org/readingroom/whitepapers/testing/crack-pass-hash33219
carnal0wnage.blogspot.com/2008/03/using-pash-hash-toolkit.html
MiTM:
www.giac.org/certified_professionals/practicals/gsec/0810.php
www.linuxsecurity.com/docs/PDF/dsniff-n-mirror.pdf
www.cs.uiuc.edu/class/sp08/cs498sh/slides/dsniff.pdf
www.techvibes.com/blog/a-hackers-story-let-me-tell-you-just-how-easily-i-can-steal-your-personal-data
www.mindcenter.net/uploads/ECCE101.pdf
toorcon.org/pres12/3.pdf
media.techtarget.com/searchUnifiedCommunications/downloads/SevenDeadliestUCAttacksCh3.pdf
packetstormsecurity.org/papers/wireless/cracking-air.pdf
www.blackhat.com/presentations/bh-europe-03/bh-europe-03-valleri.pdf
www.oact.inaf.it/ws-ssri/Costa.pdf
www.defcon.org/images/defcon-17/dc-17-presentations/defcon-17-sambowne-hijackingweb_2.0.pdf
mcafeeseminar.com/focus/downloads/Live_Hacking.pdf
www.seanobriain.com/docs/PasstheParcel-MITMGuide.pdf
www.more.net/sites/default/files/2010JohnStrandKeynote.pdf
www.leetupload.com/database/Misc/Papers/Asta%20la%20Vista/18.Ettercap_Spoof.pdf
bandwidthco.com/whitepapers/netforensics/arp/EtterCap%20ARP%20Spoofing%20&%20Beyond.pdf
bandwidthco.com/whitepapers/netforensics/arp/Fun%20With%20EtterCap%20Filters.pdf
www.iac.iastate.edu/iasg/libarchive/0910/TheMagicofEttercap/TheMagicofEttercap.pdf
articles.manugarg.com/arp_spoofing.pdf
academy.delmar.edu/Courses/ITSY2430/eBooks/Ettercap(ManInTheMiddleAttack-tool).pdf
www.ucci.it/docs/ICTSecurity-2004-26.pdf
web.mac.com/opticrealm/iWeb/asurobot/My%20Cyber%20Attack%20Papers/My%20Cyber%20Attack%20Papersfiles/ettercapNov62005-1.pdf
blog.spiderlabs.com/2010/12/thicknet.html
www.hackyeah.com/2010/10/ettercap-filters-with-metasploit-browser_autopwn/
www.go4expert.com/forums/showthread.php?t=11842
www.irongeek.com/i.php?page=security/ettercapfilter
openmaniak.com/ettercap_filter.php
www.irongeek.com/i.php?page=videos/dns-spoofing-with-ettercap-pharming
www.irongeek.com/i.php?page=videos/ettercap-plugins-find-ip-gw-discover-isolate
www.irongeek.com/i.php?page=videos/ettercapfiltervid1
spareclockcycles.org/2010/06/10/sergio-proxy-released/
Tools:
OSINT:
www.edge-security.com/theHarvester.php
www.mavetju.org/unix/dnstracer-man.php
www.paterva.com/web5/
Metadata:
www.sans.org/readingroom/whitepapers/privacy/document-metadata-silent-killer32974
lcamtuf.coredump.cx/strikeout/
www.sno.phy.queensu.ca/~phil/exiftool/
www.edge-security.com/metagoofil.php
www.darkoperator.com/blog/2009/4/24/metadata-enumeration-with-foca.html
Google Hacking:
www.stachliu.com/index.php/resources/tools/google-hacking-diggity-project/
midnightresearch.com/projects/search-engine-assessment-tool/#downloads
sqid.rubyforge.org/#next
voidnetwork.org/5ynL0rd/darkc0de/python_script/dorkScan.html
Web:
www.bindshell.net/tools/beef
blindelephant.sourceforge.net/
xsser.sourceforge.net/
sourceforge.net/projects/rips-scanner/
www.divineinvasion.net/authforce/
andlabs.org/tools.html#sotf
www.taddong.com/docs/BrowserExploitationforFun&ProfitTaddong-RaulSilesNov2010v1.1.pdf
carnal0wnage.blogspot.com/2007/07/using-sqid-sql-injection-digger-to-look.html
code.google.com/p/pinata-csrf-tool/
xsser.sourceforge.net/#intro
www.contextis.co.uk/resources/tools/clickjacking-tool/
packetstormsecurity.org/files/view/69896/unicode-fun.txt
sourceforge.net/projects/ws-attacker/files/
github.com/koto/squid-imposter
Attack Strings:
code.google.com/p/fuzzdb/
www.owasp.org/index.php/Category:OWASPFuzzingCode_Database#tab=Statements
Shells:
sourceforge.net/projects/yokoso/
sourceforge.net/projects/ajaxshell/
Scanners:
w3af.sourceforge.net/
code.google.com/p/skipfish/
sqlmap.sourceforge.net/
sqid.rubyforge.org/#next
packetstormsecurity.org/UNIX/scanners/XSSscan.py.txt
code.google.com/p/fimap/wiki/WindowsAttack
code.google.com/p/fm-fsf/
Proxies:
Burp:
www.sans.org/readingroom/whitepapers/testing/fuzzing-approach-credentials-discovery-burp-intruder33214
www.gdssecurity.com/l/b/2010/08/10/constricting-the-web-the-gds-burp-api/
sourceforge.net/projects/belch/files/
www.securityninja.co.uk/application-security/burp-suite-tutorial-repeater-and-comparer-tools
blog.ombrepixel.com/
andlabs.org/tools.html#dser
feoh.tistory.com/22
www.sensepost.com/labs/tools/pentest/reduh
www.owasp.org/index.php/OWASPWebScarabNG_Project
intrepidusgroup.com/insight/mallory/
www.fiddler2.com/fiddler2/
websecuritytool.codeplex.com/documentation?referringTitle=Home
translate.google.com/translate?hl=en&sl=es&u=http://xss.codeplex.com/releases/view/43170&prev=/search%3Fq%3Dhttp://www.hackingeek.com/2010/08/x5s-encuentra-fallos-xss-lfi-rfi-en-tus.html%26hl%3Den&rurl=translate.google.com&twu=1
Social Engineering:
www.secmaniac.com/
Password:
nmap.org/ncrack/
www.foofus.net/~jmk/medusa/medusa.html
www.openwall.com/john/
ophcrack.sourceforge.net/
blog.0x3f.net/tool/keimpx-in-action/
code.google.com/p/keimpx/
sourceforge.net/projects/hashkill/
Metasploit:
www.indepthdefense.com/2009/02/reverse-pivots-with-metasploit-how-not.html
code.google.com/p/msf-hack/wiki/WmapNikto
www.indepthdefense.com/2009/01/metasploit-visual-basic-payloads-in.html
seclists.org/metasploit/
pauldotcom.com/2010/03/nessus-scanning-through-a-meta.html
meterpreter.illegalguy.hostzi.com/
blog.metasploit.com/2010/03/automating-metasploit-console.html
www.workrobot.com/sansfire2009/561.html
www.securitytube.net/video/711
en.wikibooks.org/wiki/Metasploit/MeterpreterClient#download
vimeo.com/16852783
milo2012.wordpress.com/2009/09/27/xlsinjector/
www.fastandeasyhacking.com/
trac.happypacket.net/
www.blackhat.com/presentations/bh-dc-10/Ames_Colin/BlackHat-DC-2010-colin-david-neurosurgery-with-meterpreter-wp.pdf
www.blackhat.com/presentations/bh-dc-10/Egypt/BlackHat-DC-2010-Egypt-UAV-slides.pdf
MSF Exploits or Easy:
www.nessus.org/plugins/index.php?view=single&id=12204
www.nessus.org/plugins/index.php?view=single&id=11413
www.nessus.org/plugins/index.php?view=single&id=18021
www.nessus.org/plugins/index.php?view=single&id=26918
www.nessus.org/plugins/index.php?view=single&id=34821
www.nessus.org/plugins/index.php?view=single&id=22194
www.nessus.org/plugins/index.php?view=single&id=34476
www.nessus.org/plugins/index.php?view=single&id=25168
www.nessus.org/plugins/index.php?view=single&id=19408
www.nessus.org/plugins/index.php?view=single&id=21564
www.nessus.org/plugins/index.php?view=single&id=10862
www.nessus.org/plugins/index.php?view=single&id=26925
www.nessus.org/plugins/index.php?view=single&id=29314
www.nessus.org/plugins/index.php?view=single&id=23643
www.nessus.org/plugins/index.php?view=single&id=12052
www.nessus.org/plugins/index.php?view=single&id=12052
www.nessus.org/plugins/index.php?view=single&id=34477
www.nessus.org/plugins/index.php?view=single&id=15962
www.nessus.org/plugins/index.php?view=single&id=42106
www.nessus.org/plugins/index.php?view=single&id=15456
www.nessus.org/plugins/index.php?view=single&id=21689
www.nessus.org/plugins/index.php?view=single&id=12205
www.nessus.org/plugins/index.php?view=single&id=22182
www.nessus.org/plugins/index.php?view=single&id=26919
www.nessus.org/plugins/index.php?view=single&id=26921
www.nessus.org/plugins/index.php?view=single&id=21696
www.nessus.org/plugins/index.php?view=single&id=40887
www.nessus.org/plugins/index.php?view=single&id=10404
www.nessus.org/plugins/index.php?view=single&id=18027
www.nessus.org/plugins/index.php?view=single&id=19402
www.nessus.org/plugins/index.php?view=single&id=11790
www.nessus.org/plugins/index.php?view=single&id=12209
www.nessus.org/plugins/index.php?view=single&id=10673
NSE:
www.securitytube.net/video/931
nmap.org/nsedoc/
Net Scanners and Scripts:
nmap.org/
asturio.gmxhome.de/software/sambascan2/i.html
www.softperfect.com/products/networkscanner/
www.openvas.org/
tenable.com/products/nessus
www.rapid7.com/vulnerability-scanner.jsp
www.eeye.com/products/retina/community
Post Exploitation:
www.awarenetwork.org/home/rattle/source/python/exe2bat.py
www.phx2600.org/archive/2008/08/29/metacab/
www.room362.com/blog/2011/9/6/post-exploitation-command-lists.html
Netcat:
readlist.com/lists/insecure.org/nmap-dev/1/7779.html
www.radarhack.com/tutorial/ads.pdf
www.infosecwriters.com/textresources/pdf/NetcatfortheMasses_DDebeer.pdf
www.sans.org/security-resources/sec560/netcatcheatsheet_v1.pdf
www.dest-unreach.org/socat/
www.antionline.com/archive/index.php/t-230603.html
technotales.wordpress.com/2009/06/14/netcat-tricks/
seclists.org/nmap-dev/2009/q1/581
www.terminally-incoherent.com/blog/2007/08/07/few-useful-netcat-tricks/
www.inguardians.com/research/docs/Skoudis_pentestsecrets.pdf
gse-compliance.blogspot.com/2008/07/netcat.html
Source Inspection:
www.justanotherhacker.com/projects/graudit.html
code.google.com/p/javasnoop/
Firefox Addons:
addons.mozilla.org/id/firefox/collections/byrned/pentesting/?page=8
addons.mozilla.org/en-US/firefox/addon/osvdb/
addons.mozilla.org/en-US/firefox/addon/packet-storm-search-plugin/
addons.mozilla.org/en-US/firefox/addon/default-passwords-cirtne-58786/
addons.mozilla.org/en-US/firefox/addon/offsec-exploit-db-search/
addons.mozilla.org/en-US/firefox/addon/oval-repository-search-plugin/
addons.mozilla.org/en-US/firefox/addon/cve-dictionary-search-plugin/
addons.mozilla.org/en-US/firefox/addon/hackbar/
Tool Listings:
packetstormsecurity.org/files/tags/tool
tools.securitytube.net/index.php?title=Main_Page
Training/Classes:
Sec/Hacking:
pentest.cryptocity.net/
www.irongeek.com/i.php?page=videos/network-sniffers-class
samsclass.info/124/124_Sum09.shtml
www.cs.ucsb.edu/~vigna/courses/cs279/
crypto.stanford.edu/cs142/
crypto.stanford.edu/cs155/
cseweb.ucsd.edu/classes/wi09/cse227/
www-inst.eecs.berkeley.edu/~cs161/sp11/
security.ucla.edu/pages/Security_Talks
www.cs.rpi.edu/academics/courses/spring10/csci4971/
cr.yp.to/2004-494.html
www.ece.cmu.edu/~dbrumley/courses/18732-f09/
noppa.tkk.fi/noppa/kurssi/t-110.6220/luennot
stuff.mit.edu/iap/2009/#websecurity
Metasploit:
www.offensive-security.com/metasploit-unleashed/MetasploitUnleashedInformationSecurityTraining
www.irongeek.com/i.php?page=videos/metasploit-class
www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,6158.0/
vimeo.com/16925188
www.ustream.tv/recorded/13396511
www.ustream.tv/recorded/13397426
www.ustream.tv/recorded/13398740
Programming:
Python:
code.google.com/edu/languages/google-python-class/index.html
www.swaroopch.com/notes/Pythonen:Tableof_Contents
www.thenewboston.com/?cat=40&pOpen=tutorial
showmedo.com/videotutorials/python
www.catonmat.net/blog/learning-python-programming-language-through-video-lectures/
Ruby:
www.tekniqal.com/
Other Misc:
www.cs.sjtu.edu.cn/~kzhu/cs490/
noppa.tkk.fi/noppa/kurssi/t-110.6220/luennot/
i-web.i.u-tokyo.ac.jp/edu/training/ss/lecture/new-documents/Lectures/
resources.infosecinstitute.com/
vimeo.com/user2720399
Web Vectors
SQLi:
pentestmonkey.net/blog/mssql-sql-injection-cheat-sheet/
isc.sans.edu/diary.html?storyid=9397
ferruh.mavituna.com/sql-injection-cheatsheet-oku/
www.evilsql.com/main/index.php
xd-blog.com.ar/descargas/manuales/bugs/full-mssql-injection-pwnage.html
securityoverride.com/articles.php?articleid=1&article=TheCompleteGuidetoSQLInjections
websec.wordpress.com/2010/03/19/exploiting-hard-filtered-sql-injections/
sqlzoo.net/hack/
www.sqlteam.com/article/sql-server-versions
www.krazl.com/blog/?p=3
www.owasp.org/index.php/TestingforMS_Access
web.archive.org/web/20101112061524/http://seclists.org/pen-test/2003/May/0074.html
web.archive.org/web/20080822123152/http://www.webapptest.org/ms-access-sql-injection-cheat-sheet-EN.html
www.youtube.com/watch?v=WkHkryIoLD0
layerone.info/archives/2009/Joe%20McCray%20-%20Advanced%20SQL%20Injection%20-%20L1%202009.pdf
vimeo.com/3418947
sla.ckers.org/forum/read.php?24,33903
websec.files.wordpress.com/2010/11/sqli2.pdf
old.justinshattuck.com/2007/01/18/mysql-injection-cheat-sheet/
ha.ckers.org/sqlinjection/
lab.mediaservice.net/notes_more.php?id=MSSQL
Upload Tricks:
www.google.com/#hl=en&q=bypassing+upload+file+type&start=40&sa=N&fp=a2bb30ecf4f91972
blog.skeptikal.org/2009/11/adobe-responds-sort-of.html
blog.insicdesigns.com/2009/01/secure-file-upload-in-php-web-applications/
perishablepress.com/press/2006/01/10/stupid-htaccess-tricks/
ex.ploit.net/f20/tricks-tips-bypassing-image-uploaders-t3hmadhatt3r-38/
www.ravenphpscripts.com/article2974.html
www.acunetix.com/cross-site-scripting/scanner.htm
www.vupen.com/english/advisories/2009/3634
msdn.microsoft.com/en-us/library/aa478971.aspx
dev.tangocms.org/issues/237
seclists.org/fulldisclosure/2006/Jun/508
www.gnucitizen.org/blog/cross-site-file-upload-attacks/
www.ipolicynetworks.com/technology/files/TikiWikijhot.phpScriptFileUploadSecurityBypass_Vulnerability.html
shsc.info/FileUploadSecurity
LFI/RFI:
pastie.org/840199
websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/
www.notsosecure.com/folder2/2010/08/20/lfi-code-exec-remote-root/?utmsource=twitterfeed&utmmedium=twitter
labs.neohapsis.com/2008/07/21/local-file-inclusion-%E2%80%93-tricks-of-the-trade/
www.digininja.org/blog/whenallyoucandoisread.php
XSS:
www.infosecwriters.com/hhworld/hh8/csstut.htm
www.technicalinfo.net/papers/CSS.html
msmvps.com/blogs/alunj/archive/2010/07/07/1773441.aspx
forum.intern0t.net/web-hacking-war-games/112-cross-site-scripting-attack-defense-guide.html
media.blackhat.com/bh-eu-10/presentations/Lindsay_Nava/BlackHat-EU-2010-Lindsay-Nava-IE8-XSS-Filters-slides.pdf
sirdarckcat.blogspot.com/2009/08/our-favorite-xss-filters-and-how-to.html
www.securityaegis.com/filter-evasion-houdini-on-the-wire/
heideri.ch/jso/#javascript
www.reddit.com/r/xss/
sla.ckers.org/forum/list.php?2
Coldfusion:
www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/
zastita.com/02114/Attacking_ColdFusion..html
www.nosec.org/2010/0809/629.html
h30507.www3.hp.com/t5/Following-the-White-Rabbit-A/Adobe-ColdFusion-s-Directory-Traversal-Disaster/ba-p/81964
cfunited.com/2009/files/presentations/254ShlomyGantzAugust2009_HackProofingColdFusion.pdf
Sharepoint:
www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,6131.msg32678/#msg32678
Lotus:
blog.ombrepixel.com/post/2009/05/06/Lotus-Notes/Domino-Security
seclists.org/pen-test/2002/Nov/43
www.sectechno.com/2010/07/12/hacking-lotus-domino/?
JBoss:
www.nruns.com/_downloads/Whitepaper-Hacking-jBoss-using-a-Browser.pdf
blog.mindedsecurity.com/2010/04/good-bye-critical-jboss-0day.html
VMWare Web:
www.metasploit.com/modules/auxiliary/scanner/http/vmwareserverdir_trav
Oracle App Servers:
www.hideaway.net/2007/07/hacking-oracle-application-servers.html
www.owasp.org/index.php/TestingforOracle
www.ngssoftware.com/services/software-products/internet-security/orascan.aspx
www.ngssoftware.com/services/software-products/Database-Security/NGSSQuirreLOracle.aspx
www.ngssoftware.com/papers/hpoas.pdf
SAP:
www.onapsis.com/research.html#bizploit
marc.info/?l=john-users&m=121444075820309&w=2
www.phenoelit-us.org/whatSAP/index.html
Wireless:
code.google.com/p/pyrit/
Capture the Flag/Wargames:
intruded.net/
smashthestack.org/
flack.hkpco.kr/
ctf.hcesperer.org/
ictf.cs.ucsb.edu/
capture.thefl.ag/calendar/
Conferences:
www.google.com/calendar/embed?src=pe2ikdbe6b841od6e26ato0asc@group.calendar.google.com&gsessionid=OK
Misc/Unsorted:
www.ikkisoft.com/stuff/SMH_XSS.txt
securestate.blogspot.com/2010/08/xfs-101-cross-frame-scripting-explained.html?utmsource=twitterfeed&utmmedium=twitter
whatthefuckismyinformationsecuritystrategy.com/
video.google.com/videoplay?docid=4379894308228900017&q=owasp#
video.google.com/videoplay?docid=4994651985041179755&ei=_1k4TKj-PI-cqAPioJnKDA&q=deepsec#
www.sensepost.com/blog/4552.html
blog.zenone.org/2009/03/pci-compliance-disable-sslv2-and-weak.html
threatpost.com/en_us/blogs/hd-moore-metasploit-exploitation-and-art-pen-testing-040210
carnal0wnage.attackresearch.com/node/410
www.cs.ucsb.edu/~adoupe/static/black-box-scanners-dimva2010.pdf
www.spy-hunter.com/DatabasePenTestingISSAMarch25V2.pdf
perishablepress.com/press/2006/01/10/stupid-htaccess-tricks/kjll
05 Aug 2014