Thoughts

• https://mjkranch.com/2019/02/why_we_should_teach_offense_first/

Exploit sites

• Exploit­DB
• https://www.seebug.org/
• exploits.shodan
• Sploitus
• Pack­et­Storm

Binary exploitation files

• https://gitlab.com/exploit-database/exploitdb-bin-sploits

General

• https://pentestwiki.org/wiki/Enumeration
• https://book.hacktricks.xyz/
• https://github.com/enaqx/awesome-pentest
• http://www.0daysecurity.com/penetration-testing/enumeration.html
• CyberChef
• https://github.com/H0j3n/EzpzCheatSheet

SUID

• https://gtfobins.github.io/

Active Directory

• https://github.com/infosecn1nja/AD-Attack-Defense/blob/master/README.md

Wordlists

• https://github.com/danielmiessler/SecLists
• https://github.com/insidetrust/statistically-likely-usernames
• http://www.mediafire.com/file/zd3zhzfezl9wd96/Argon_Wordlist_v2.gz

Files

• Many sta­t­ic pre­com­piles files
• Many pre­com­piled Win­dows ker­nel exploits
  • See here also
  • And here
• Lin­ux CVE exploits
• Many win­dows binaries

Books

• Kali Lin­ux Revealed

Reports

Aus dem PCI-Stan­dard-PDF:

1. Kurz­zusam­men­fas­sung
2. Scope (was genau sollte gemacht werden)
3. Method­olo­gie
4. Ein­schränkun­gen / was nicht getestet wer­den kon­nte, usw.
5. Beschrei­bung der Durchführung
6. Ergeb­nisse
7. Bew­er­tung
8. Benutzte Werkzeuge

Trainings

• https://hackthebox.eu/
• https://pentesterlab.com/
• https://www.pentesteracademy.com/
• https://tryhackme.com/

CTFs

• https://ctftime.org/event/list/upcoming

Forensic

• CFReDS Por­tal File sys­tem images for foren­sic training