Hacker Media list

If you'd like to get into exploit dev, these are really the guides and docs that will start you off in the right direction. Since Exploit dev is not my primary occupation this section could always use help.

myne-us.blogspot.com/2010/08/from-0x90-to-0x4c454554-journey-into.html
www.mgraziano.info/docs/stsi2010.pdf
www.abysssec.com/blog/2010/05/past-present-future-of-windows-exploitation/
www.ethicalhacker.net/content/view/122/2/
code.google.com/p/it-sec-catalog/wiki/Exploitation
x9090.blogspot.com/2010/03/tutorial-exploit-writting-tutorial-from.html
ref.x86asm.net/index.html
Reverse Engineering & Malware:

www.woodmann.com/TiGa/idaseries.html
www.binary-auditing.com/
visi.kenshoto.com/
www.radare.org/y/
www.offensivecomputing.net/
Passwords and Hashes:

www.irongeek.com/i.php?page=videos/password-exploitation-class
cirt.net/passwords
sinbadsecurity.blogspot.com/2008/10/ms-sql-server-password-recovery.html
www.foofus.net/~jmk/medusa/medusa-smbnt.html
www.foofus.net/?page_id=63
hashcrack.blogspot.com/
www.nirsoft.net/articles/savedpasswordlocation.html
www.onlinehashcrack.com/
www.md5this.com/list.php?
www.virus.org/default-password
www.phenoelit-us.org/dpl/dpl.html
news.electricalchemy.net/2009/10/cracking-passwords-in-cloud.html
Wordlists:

contest.korelogic.com/wordlists.html
packetstormsecurity.org/Crackers/wordlists/
www.skullsecurity.org/wiki/index.php/Passwords
www.ericheitzman.com/passwd/passwords/
Pass the Hash:

www.sans.org/readingroom/whitepapers/testing/pass-the-hash-attacks-tools-mitigation33283
www.sans.org/readingroom/whitepapers/testing/crack-pass-hash33219
carnal0wnage.blogspot.com/2008/03/using-pash-hash-toolkit.html
MiTM:

www.giac.org/certified_professionals/practicals/gsec/0810.php
www.linuxsecurity.com/docs/PDF/dsniff-n-mirror.pdf
www.cs.uiuc.edu/class/sp08/cs498sh/slides/dsniff.pdf
www.techvibes.com/blog/a-hackers-story-let-me-tell-you-just-how-easily-i-can-steal-your-personal-data
www.mindcenter.net/uploads/ECCE101.pdf
toorcon.org/pres12/3.pdf
media.techtarget.com/searchUnifiedCommunications/downloads/SevenDeadliestUCAttacksCh3.pdf
packetstormsecurity.org/papers/wireless/cracking-air.pdf
www.blackhat.com/presentations/bh-europe-03/bh-europe-03-valleri.pdf
www.oact.inaf.it/ws-ssri/Costa.pdf
www.defcon.org/images/defcon-17/dc-17-presentations/defcon-17-sambowne-hijackingweb_2.0.pdf
mcafeeseminar.com/focus/downloads/Live_Hacking.pdf
www.seanobriain.com/docs/PasstheParcel-MITMGuide.pdf
www.more.net/sites/default/files/2010JohnStrandKeynote.pdf
www.leetupload.com/database/Misc/Papers/Asta%20la%20Vista/18.Ettercap_Spoof.pdf
bandwidthco.com/whitepapers/netforensics/arp/EtterCap%20ARP%20Spoofing%20&%20Beyond.pdf
bandwidthco.com/whitepapers/netforensics/arp/Fun%20With%20EtterCap%20Filters.pdf
www.iac.iastate.edu/iasg/libarchive/0910/TheMagicofEttercap/TheMagicofEttercap.pdf
articles.manugarg.com/arp_spoofing.pdf
academy.delmar.edu/Courses/ITSY2430/eBooks/Ettercap(ManInTheMiddleAttack-tool).pdf
www.ucci.it/docs/ICTSecurity-2004-26.pdf
web.mac.com/opticrealm/iWeb/asurobot/My%20Cyber%20Attack%20Papers/My%20Cyber%20Attack%20Papersfiles/ettercapNov62005-1.pdf
blog.spiderlabs.com/2010/12/thicknet.html
www.hackyeah.com/2010/10/ettercap-filters-with-metasploit-browser_autopwn/
www.go4expert.com/forums/showthread.php?t=11842
www.irongeek.com/i.php?page=security/ettercapfilter
openmaniak.com/ettercap_filter.php
www.irongeek.com/i.php?page=videos/dns-spoofing-with-ettercap-pharming
www.irongeek.com/i.php?page=videos/ettercap-plugins-find-ip-gw-discover-isolate
www.irongeek.com/i.php?page=videos/ettercapfiltervid1
spareclockcycles.org/2010/06/10/sergio-proxy-released/
Tools:

OSINT:

www.edge-security.com/theHarvester.php
www.mavetju.org/unix/dnstracer-man.php
www.paterva.com/web5/
Metadata:

www.sans.org/readingroom/whitepapers/privacy/document-metadata-silent-killer32974
lcamtuf.coredump.cx/strikeout/
www.sno.phy.queensu.ca/~phil/exiftool/
www.edge-security.com/metagoofil.php
www.darkoperator.com/blog/2009/4/24/metadata-enumeration-with-foca.html
Google Hacking:

www.stachliu.com/index.php/resources/tools/google-hacking-diggity-project/
midnightresearch.com/projects/search-engine-assessment-tool/#downloads
sqid.rubyforge.org/#next
voidnetwork.org/5ynL0rd/darkc0de/python_script/dorkScan.html
Web:

www.bindshell.net/tools/beef
blindelephant.sourceforge.net/
xsser.sourceforge.net/
sourceforge.net/projects/rips-scanner/
www.divineinvasion.net/authforce/
andlabs.org/tools.html#sotf
www.taddong.com/docs/BrowserExploitationforFun&ProfitTaddong-RaulSilesNov2010v1.1.pdf
carnal0wnage.blogspot.com/2007/07/using-sqid-sql-injection-digger-to-look.html
code.google.com/p/pinata-csrf-tool/
xsser.sourceforge.net/#intro
www.contextis.co.uk/resources/tools/clickjacking-tool/
packetstormsecurity.org/files/view/69896/unicode-fun.txt
sourceforge.net/projects/ws-attacker/files/
github.com/koto/squid-imposter
Attack Strings:

code.google.com/p/fuzzdb/
www.owasp.org/index.php/Category:OWASPFuzzingCode_Database#tab=Statements
Shells:

sourceforge.net/projects/yokoso/
sourceforge.net/projects/ajaxshell/
Scanners:

w3af.sourceforge.net/
code.google.com/p/skipfish/
sqlmap.sourceforge.net/
sqid.rubyforge.org/#next
packetstormsecurity.org/UNIX/scanners/XSSscan.py.txt
code.google.com/p/fimap/wiki/WindowsAttack
code.google.com/p/fm-fsf/
Proxies:

Burp:

www.sans.org/readingroom/whitepapers/testing/fuzzing-approach-credentials-discovery-burp-intruder33214
www.gdssecurity.com/l/b/2010/08/10/constricting-the-web-the-gds-burp-api/
sourceforge.net/projects/belch/files/
www.securityninja.co.uk/application-security/burp-suite-tutorial-repeater-and-comparer-tools
blog.ombrepixel.com/
andlabs.org/tools.html#dser
feoh.tistory.com/22
www.sensepost.com/labs/tools/pentest/reduh
www.owasp.org/index.php/OWASPWebScarabNG_Project
intrepidusgroup.com/insight/mallory/
www.fiddler2.com/fiddler2/
websecuritytool.codeplex.com/documentation?referringTitle=Home
translate.google.com/translate?hl=en&sl=es&u=http://xss.codeplex.com/releases/view/43170&prev=/search%3Fq%3Dhttp://www.hackingeek.com/2010/08/x5s-encuentra-fallos-xss-lfi-rfi-en-tus.html%26hl%3Den&rurl=translate.google.com&twu=1
Social Engineering:

www.secmaniac.com/
Password:

nmap.org/ncrack/
www.foofus.net/~jmk/medusa/medusa.html
www.openwall.com/john/
ophcrack.sourceforge.net/
blog.0x3f.net/tool/keimpx-in-action/
code.google.com/p/keimpx/
sourceforge.net/projects/hashkill/
Metasploit:

www.indepthdefense.com/2009/02/reverse-pivots-with-metasploit-how-not.html
code.google.com/p/msf-hack/wiki/WmapNikto
www.indepthdefense.com/2009/01/metasploit-visual-basic-payloads-in.html
seclists.org/metasploit/
pauldotcom.com/2010/03/nessus-scanning-through-a-meta.html
meterpreter.illegalguy.hostzi.com/
blog.metasploit.com/2010/03/automating-metasploit-console.html
www.workrobot.com/sansfire2009/561.html
www.securitytube.net/video/711
en.wikibooks.org/wiki/Metasploit/MeterpreterClient#download
vimeo.com/16852783
milo2012.wordpress.com/2009/09/27/xlsinjector/
www.fastandeasyhacking.com/
trac.happypacket.net/
www.blackhat.com/presentations/bh-dc-10/Ames_Colin/BlackHat-DC-2010-colin-david-neurosurgery-with-meterpreter-wp.pdf
www.blackhat.com/presentations/bh-dc-10/Egypt/BlackHat-DC-2010-Egypt-UAV-slides.pdf
MSF Exploits or Easy:

www.securitytube.net/video/931
nmap.org/nsedoc/
Net Scanners and Scripts:

nmap.org/
asturio.gmxhome.de/software/sambascan2/i.html
www.softperfect.com/products/networkscanner/
www.openvas.org/
tenable.com/products/nessus
www.rapid7.com/vulnerability-scanner.jsp
www.eeye.com/products/retina/community
Post Exploitation:

www.awarenetwork.org/home/rattle/source/python/exe2bat.py
www.phx2600.org/archive/2008/08/29/metacab/
www.room362.com/blog/2011/9/6/post-exploitation-command-lists.html
Netcat:

readlist.com/lists/insecure.org/nmap-dev/1/7779.html
www.radarhack.com/tutorial/ads.pdf
www.infosecwriters.com/textresources/pdf/NetcatfortheMasses_DDebeer.pdf
www.sans.org/security-resources/sec560/netcatcheatsheet_v1.pdf
www.dest-unreach.org/socat/
www.antionline.com/archive/index.php/t-230603.html
technotales.wordpress.com/2009/06/14/netcat-tricks/
seclists.org/nmap-dev/2009/q1/581
www.terminally-incoherent.com/blog/2007/08/07/few-useful-netcat-tricks/
www.inguardians.com/research/docs/Skoudis_pentestsecrets.pdf
gse-compliance.blogspot.com/2008/07/netcat.html
Source Inspection:

www.justanotherhacker.com/projects/graudit.html
code.google.com/p/javasnoop/
Firefox Addons:

addons.mozilla.org/id/firefox/collections/byrned/pentesting/?page=8
addons.mozilla.org/en-US/firefox/addon/osvdb/
addons.mozilla.org/en-US/firefox/addon/packet-storm-search-plugin/
addons.mozilla.org/en-US/firefox/addon/default-passwords-cirtne-58786/
addons.mozilla.org/en-US/firefox/addon/offsec-exploit-db-search/
addons.mozilla.org/en-US/firefox/addon/oval-repository-search-plugin/
addons.mozilla.org/en-US/firefox/addon/cve-dictionary-search-plugin/
addons.mozilla.org/en-US/firefox/addon/hackbar/
Tool Listings:

packetstormsecurity.org/files/tags/tool
tools.securitytube.net/index.php?title=Main_Page
Training/Classes:

Sec/Hacking:

pentest.cryptocity.net/
www.irongeek.com/i.php?page=videos/network-sniffers-class
samsclass.info/124/124_Sum09.shtml
www.cs.ucsb.edu/~vigna/courses/cs279/
crypto.stanford.edu/cs142/
crypto.stanford.edu/cs155/
cseweb.ucsd.edu/classes/wi09/cse227/
www-inst.eecs.berkeley.edu/~cs161/sp11/
security.ucla.edu/pages/Security_Talks
www.cs.rpi.edu/academics/courses/spring10/csci4971/
cr.yp.to/2004-494.html
www.ece.cmu.edu/~dbrumley/courses/18732-f09/
noppa.tkk.fi/noppa/kurssi/t-110.6220/luennot
stuff.mit.edu/iap/2009/#websecurity
Metasploit:

www.offensive-security.com/metasploit-unleashed/MetasploitUnleashedInformationSecurityTraining
www.irongeek.com/i.php?page=videos/metasploit-class
www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,6158.0/
vimeo.com/16925188
www.ustream.tv/recorded/13396511
www.ustream.tv/recorded/13397426
www.ustream.tv/recorded/13398740
Programming:

Python:

code.google.com/edu/languages/google-python-class/index.html
www.swaroopch.com/notes/Pythonen:Tableof_Contents
www.thenewboston.com/?cat=40&pOpen=tutorial
showmedo.com/videotutorials/python
www.catonmat.net/blog/learning-python-programming-language-through-video-lectures/
Ruby:

www.tekniqal.com/
Other Misc:

www.cs.sjtu.edu.cn/~kzhu/cs490/
noppa.tkk.fi/noppa/kurssi/t-110.6220/luennot/
i-web.i.u-tokyo.ac.jp/edu/training/ss/lecture/new-documents/Lectures/
resources.infosecinstitute.com/
vimeo.com/user2720399
Web Vectors

SQLi:

pentestmonkey.net/blog/mssql-sql-injection-cheat-sheet/
isc.sans.edu/diary.html?storyid=9397
ferruh.mavituna.com/sql-injection-cheatsheet-oku/
www.evilsql.com/main/index.php
xd-blog.com.ar/descargas/manuales/bugs/full-mssql-injection-pwnage.html
securityoverride.com/articles.php?articleid=1&article=TheCompleteGuidetoSQLInjections
websec.wordpress.com/2010/03/19/exploiting-hard-filtered-sql-injections/
sqlzoo.net/hack/
www.sqlteam.com/article/sql-server-versions
www.krazl.com/blog/?p=3
www.owasp.org/index.php/TestingforMS_Access
web.archive.org/web/20101112061524/http://seclists.org/pen-test/2003/May/0074.html
web.archive.org/web/20080822123152/http://www.webapptest.org/ms-access-sql-injection-cheat-sheet-EN.html
www.youtube.com/watch?v=WkHkryIoLD0
layerone.info/archives/2009/Joe%20McCray%20-%20Advanced%20SQL%20Injection%20-%20L1%202009.pdf
vimeo.com/3418947
sla.ckers.org/forum/read.php?24,33903
websec.files.wordpress.com/2010/11/sqli2.pdf
old.justinshattuck.com/2007/01/18/mysql-injection-cheat-sheet/
ha.ckers.org/sqlinjection/
lab.mediaservice.net/notes_more.php?id=MSSQL
Upload Tricks:

www.google.com/#hl=en&q=bypassing+upload+file+type&start=40&sa=N&fp=a2bb30ecf4f91972
blog.skeptikal.org/2009/11/adobe-responds-sort-of.html
blog.insicdesigns.com/2009/01/secure-file-upload-in-php-web-applications/
perishablepress.com/press/2006/01/10/stupid-htaccess-tricks/
ex.ploit.net/f20/tricks-tips-bypassing-image-uploaders-t3hmadhatt3r-38/
www.ravenphpscripts.com/article2974.html
www.acunetix.com/cross-site-scripting/scanner.htm
www.vupen.com/english/advisories/2009/3634
msdn.microsoft.com/en-us/library/aa478971.aspx
dev.tangocms.org/issues/237
seclists.org/fulldisclosure/2006/Jun/508
www.gnucitizen.org/blog/cross-site-file-upload-attacks/
www.ipolicynetworks.com/technology/files/TikiWikijhot.phpScriptFileUploadSecurityBypass_Vulnerability.html
shsc.info/FileUploadSecurity
LFI/RFI:

pastie.org/840199
websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/
www.notsosecure.com/folder2/2010/08/20/lfi-code-exec-remote-root/?utmsource=twitterfeed&utmmedium=twitter
labs.neohapsis.com/2008/07/21/local-file-inclusion-%E2%80%93-tricks-of-the-trade/
www.digininja.org/blog/whenallyoucandoisread.php
XSS:

www.infosecwriters.com/hhworld/hh8/csstut.htm
www.technicalinfo.net/papers/CSS.html
msmvps.com/blogs/alunj/archive/2010/07/07/1773441.aspx
forum.intern0t.net/web-hacking-war-games/112-cross-site-scripting-attack-defense-guide.html
media.blackhat.com/bh-eu-10/presentations/Lindsay_Nava/BlackHat-EU-2010-Lindsay-Nava-IE8-XSS-Filters-slides.pdf
sirdarckcat.blogspot.com/2009/08/our-favorite-xss-filters-and-how-to.html
www.securityaegis.com/filter-evasion-houdini-on-the-wire/
heideri.ch/jso/#javascript
www.reddit.com/r/xss/
sla.ckers.org/forum/list.php?2
Coldfusion:

www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/
zastita.com/02114/Attacking_ColdFusion..html
www.nosec.org/2010/0809/629.html
h30507.www3.hp.com/t5/Following-the-White-Rabbit-A/Adobe-ColdFusion-s-Directory-Traversal-Disaster/ba-p/81964
cfunited.com/2009/files/presentations/254ShlomyGantzAugust2009_HackProofingColdFusion.pdf
Sharepoint:

www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,6131.msg32678/#msg32678
Lotus:

blog.ombrepixel.com/post/2009/05/06/Lotus-Notes/Domino-Security
seclists.org/pen-test/2002/Nov/43
www.sectechno.com/2010/07/12/hacking-lotus-domino/?
JBoss:

www.nruns.com/_downloads/Whitepaper-Hacking-jBoss-using-a-Browser.pdf
blog.mindedsecurity.com/2010/04/good-bye-critical-jboss-0day.html
VMWare Web:

www.metasploit.com/modules/auxiliary/scanner/http/vmwareserverdir_trav
Oracle App Servers:

www.hideaway.net/2007/07/hacking-oracle-application-servers.html
www.owasp.org/index.php/TestingforOracle
www.ngssoftware.com/services/software-products/internet-security/orascan.aspx
www.ngssoftware.com/services/software-products/Database-Security/NGSSQuirreLOracle.aspx
www.ngssoftware.com/papers/hpoas.pdf
SAP:

www.onapsis.com/research.html#bizploit
marc.info/?l=john-users&m=121444075820309&w=2
www.phenoelit-us.org/whatSAP/index.html
Wireless:

code.google.com/p/pyrit/
Capture the Flag/Wargames:

intruded.net/
smashthestack.org/
flack.hkpco.kr/
ctf.hcesperer.org/
ictf.cs.ucsb.edu/
capture.thefl.ag/calendar/
Conferences:

www.google.com/calendar/embed?src=pe2ikdbe6b841od6e26ato0asc@group.calendar.google.com&gsessionid=OK
Misc/Unsorted:

www.ikkisoft.com/stuff/SMH_XSS.txt
securestate.blogspot.com/2010/08/xfs-101-cross-frame-scripting-explained.html?utmsource=twitterfeed&utmmedium=twitter
whatthefuckismyinformationsecuritystrategy.com/
video.google.com/videoplay?docid=4379894308228900017&q=owasp#
video.google.com/videoplay?docid=4994651985041179755&ei=_1k4TKj-PI-cqAPioJnKDA&q=deepsec#
www.sensepost.com/blog/4552.html
blog.zenone.org/2009/03/pci-compliance-disable-sslv2-and-weak.html
threatpost.com/en_us/blogs/hd-moore-metasploit-exploitation-and-art-pen-testing-040210
carnal0wnage.attackresearch.com/node/410
www.cs.ucsb.edu/~adoupe/static/black-box-scanners-dimva2010.pdf
www.spy-hunter.com/DatabasePenTestingISSAMarch25V2.pdf
perishablepress.com/press/2006/01/10/stupid-htaccess-tricks/kjll

05 Aug 2014