Подборка ресурсов из курса TCM на Udemy
Сайт: https://www.thecybermentor.com/
Ссылка на курс:
Сервер Discord: https://discord.gg/EM6tqPZ
ЧаВО (FAQ): https://github.com/hmaverickadams/Practical-Ethical-Hacking-FAQ
Trilium: https://github.com/zadam/trilium
KeepNote: http://keepnote.org/
CherryTree: https://www.giuspen.com/cherrytree/
GreenShot: https://getgreenshot.org/downloads/
FlameShot: https://github.com/lupoDharkael/flameshot
OneNote: https://products.office.com/en-us/onenote/digital-note-taking-app?rtc=1
Joplin: https://github.com/laurent22/joplin
Seven Second Subnetting: https://www.youtube.com/watch?v=ZxAwQB8TZsM
Руководство по подсетям: https://drive.google.com/file/d/1ETKH31-E7G-7ntEOlWGZcDZWuukmeHFe/view
VMware: https://www.vmware.com/products/workstation-player/workstation-player-evaluation.html
VirtualBox: https://www.virtualbox.org/wiki/Downloads
Загрузка Kali: https://www.offensive-security.com/kali-linux-vm-vmware-virtualbox-image-download/
Официальный релиз Offensive Security Kali 2019.3: http://old.kali.org/kali-images/kali-2019.3/
Другие официальные релизы Kali 2019: https://cdimage.kali.org/
Новые задания: https://drive.google.com/drive/folders/1VXEuyySgzsSo-MYmyCareTnJ5rAeVKeH
Старые задания: https://youtu.be/JZN3JhoAdWo
Курс по повышению привилегий в Linux: https://academy.tcm-sec.com/p/windows-privilege-escalation-for-beginners
Курс по повышению привилегий в Windows: https://academy.tcm-sec.com/p/linux-privilege-escalation
Immunity Debugger: https://www.immunityinc.com/products/debugger/
Vulnserver: http://www.thegreycorner.com/p/vulnserver.html
Плохие символы (Bad Chars): https://www.ins1gn1a.com/identifying-bad-characters/
Топ-5 способов получения прав Domain Admin до обеда: https://adam-toscher.medium.com/top-five-ways-i-got-domain-admin-on-your-internal-network-before-lunch-2018-edition-82259ab73aaa
mitm6: https://blog.fox-it.com/2018/01/11/mitm6-compromising-ipv4-networks-via-ipv6/
Сочетание ретрансляции NTLM и делегирования Kerberos: https://dirkjanm.io/worst-of-both-worlds-ntlm-relaying-and-kerberos-delegation/
Шпаргалка по PowerView: https://gist.github.com/HarmJ0y/184f9822b195c52dd50c379ed3117993
Взлом групповой политики (Group Policy Pwnage): https://blog.rapid7.com/2016/07/27/pentesting-in-the-real-world-group-policy-pwnage/
Mimikatz: https://github.com/gentilkiwi/mimikatz
Блог по безопасности Active Directory: https://adsecurity.org/
Блог Harmj0y: http://blog.harmj0y.net/
Pentester Academy Active Directory: https://www.pentesteracademy.com/activedirectorylab
Pentester Academy Red Team Labs: https://www.pentesteracademy.com/redteamlab
eLS PTX: https://www.elearnsecurity.com/course/penetration_testing_extreme/
sumrecon: https://github.com/thatonetester/sumrecon
OWASP Top 10: https://owasp.org/www-pdf-archive/OWASP_Top_10-2017_%28en%29.pdf.pdf
OWASP Checklist для тестирования: https://github.com/tanprathan/OWASP-Testing-Checklist
OWASP Testing Guide: https://owasp.org/www-pdf-archive/OTGv4.pdf
Установка Docker в Kali: https://medium.com/@airman604/installing-docker-in-kali-linux-2017-1-fbaa4d1447fe
OWASP Juice Shop: https://github.com/bkimminich/juice-shop
OWASP A1 — Инъекции: https://www.owasp.org/index.php/Top_10-2017_A1-Injection
OWASP A2 — Уязвимости аутентификации: https://www.owasp.org/index.php/Top_10-2017_A2-Broken_Authentication
OWASP A3 — Раскрытие конфиденциальных данных: https://www.owasp.org/index.php/Top_10-2017_A3-Sensitive_Data_Exposure
OWASP A4 — Внешние сущности XML (XXE): https://www.owasp.org/index.php/Top_10-2017_A4-XML_External_Entities_
OWASP A5 — Нарушение контроля доступа: https://www.owasp.org/index.php/Top_10-2017_A5-Broken_Access_Control
OWASP A6 — Неправильная конфигурация безопасности: https://www.owasp.org/index.php/Top_10-2017_A6-Security_Misconfiguration
OWASP A7 — Межсайтовый скриптинг (XSS): https://www.owasp.org/index.php/Top_10-2017_A7-Cross-Site_Scripting_
DOM-Based XSS: https://www.scip.ch/en/?labs.20171214
XSS Game: https://xss-game.appspot.com/
OWASP A8 — Небезопасная десериализация: https://www.owasp.org/index.php/Top_10-2017_A8-Insecure_Deserialization
OWASP A9 — Использование компонентов с известными уязвимостями: https://www.owasp.org/index.php/Top_10-2017_A9-Using_Components_with_Known_Vulnerabilities
OWASP A10 — Недостаточное логирование и мониторинг: https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A10-Insufficient_Logging%252526Monitoring.html
Пример отчёта пентеста: https://github.com/hmaverickadams/TCM-Security-Sample-Pentest-Report
- Сайт: https://hunter.io/
- Github: https://github.com/hashcat/hashcat
- Установка на Windows: https://www.erobber.in/2017/04/hashcat-for-windows.html
- Github: https://github.com/fox-it/mitm6
Создание бесплатной лаборатории AD: https://medium.com/@kamran.bilgrami/ethical-hacking-lessons-building-free-active-directory-lab-in-azure-6c67a7eddd7f