Hello! These are some websites I have bookmarked while studying. They are definitely not pro hacking tools but should be useful for open-source intelligence (OSINT) and for cybersecurity certifications.
Contents
- Weak Site 1
- Weak Site 2
- Computer Laws in Singapore
- CVE
- OSSA Notes
- Whois
- NMAP cheatsheet 1
- NMAP cheatsheet 2
- TCP Port Numbers
- Tripwire Reports
- Wireshark Filters
- Wireshark Filters 2
- Snort Rules
- Virus Total
- Fileless Malware
- IP Logger
- File Analysis
- Explain Shell Code
- Check Process
- Security Policy Templates
- Microsoft Keys
- OWASP Risk Rating
- Download Windows 10
- OSSTMM
- Change Windows Password
- ARP Poisoning
- DROP vs REJECT
- NodeJS Hacks
- LockHeed Killchain
- DirBuster
- CyberChef
- NIST
- Payloads
- OWASP Zap
- DDE Auto Exploit
- EKANS Ransomware
- Maze Ransomware
- Syntax Highlighter
Weak Site 1
Vulnerable website to perform pen testing
http://www.vulnweb.com/
Weak Site 2
Another Vulnerable website to perform pen testing
https://demo.testfire.net/
Computer Laws in Singapore
Computer laws in Singapore are defined in the Computer Misuse Act
https://sso.agc.gov.sg/Act/CMA1993
CVE
Discover more about reported vulnerabilities and exploits
https://www.cvedetails.com/
OSSA Notes
Notes for a cybersecurity certification, Organisational Systems Security Analyst
https://github.com/exetr/OSSA-Notes#osi-model
Whois
Discover more about a website's domain with this online Whois tool
http://whois.domaintools.com/
NMAP cheatsheet 1
NMAP is a very popular hacking tool. This is one cheatsheet I used to operate NMAP
https://hackertarget.com/nmap-cheatsheet-a-quick-reference-guide/
NMAP cheatsheet 2
NMAP is a very popular hacking tool. This is one cheatsheet I used to operate NMAP
https://highon.coffee/blog/nmap-cheat-sheet/
TCP Port Numbers
Good for both blue and red teaming or for exams
http://www.meridianoutpost.com/resources/articles/well-known-tcpip-ports.php
Tripwire Reports
Tripwire is a network intrusion detection system (NIDS). Usually used in schools and beginner courses as proof of concept. I doubt it's used in production now. I believe SIEMs such as Splunk and IBM QRadar are more popular.
However if you do use the tripwire application, this might help
https://www-uxsup.csx.cam.ac.uk/pub/doc/redhat/redhat8/rhl-rg-en-8.0/s1-tripwire-twprint.html
Wireshark Filters
Wireshark needs no introduction. This is one cheatsheet I used
https://www.thegeekstuff.com/2012/07/wireshark-filter/
Wireshark Filters 2
Wireshark needs no introduction. This is one cheatsheet I used
https://wiki.wireshark.org/DisplayFilters
Snort Rules
Similar to tripwire, Snort is an intrusion detection system (IDS) that's very outdated and surpassed by modern holistic SIEMs
However it is still used in schools and exams. This might help
https://blog.rapid7.com/2016/12/09/understanding-and-configuring-snort-rules/
VirusTotal
Check any file or link for malware. Not completely foolproof, do your own testing.
Usually used in schools and exams too
https://www.virustotal.com/gui/home
Fileless Malware
Pretty cool stuff
https://github.com/chenerlich/FCL/blob/master/Malwares/Locky.md
IP Logger
Good for phishing attacks. Not really that malicious since any time you connect to a website or server your IP address is shown. This can be mitigated through many ways such as Tor, VPN, dynamic IP address, these are to name of but a few
https://iplogger.org/
File Analysis
Similar to VirusTotal
https://www.joesandbox.com/
Explain Shell Code
Pretty cool
https://explainshell.com/explain?cmd=netstat+-a#
Check Process
Unknown process running on your PC? Check here
https://www.processlibrary.com/en/
Security Policy Templates
Boring stuff
https://www.sans.org/information-security-policy/
Microsoft Keys
I didn't know I had access to this with my school email account lol. Useful for setting up VMs for testing
https://azureforeducation.microsoft.com/devtools
OWASP Risk Rating
Needs no introduction
https://owasp.org/www-community/OWASP_Risk_Rating_Methodology
Download Windows 10
Windows 10 .iso literally on their website free to download
https://www.microsoft.com/en-au/software-download/windows10
OSSTMM
Similar to OWASP Top 10
https://kirkpatrickprice.com/blog/what-you-need-to-know-about-osstmm/
Change Windows Password
Old hack that works on old PCs
https://en.wikipedia.org/wiki/Chntpw
ARP Poisoning
I always forget what's the difference between ARP and DNS poisoning. This website has notes for CEH as well
https://ktflash.gitbooks.io/ceh_v9/content/74_arp_poisoning.html
DROP vs REJECT
I always forget the difference
http://www.chiark.greenend.org.uk/~peterb/network/drop-vs-reject
NodeJS Hacks
Cool stuff for NodeJS
https://github.com/aadityapurani/NodeJS-Red-Team-Cheat-Sheet
LockHeed Killchain
LockHeed Martin Cyber Kill Chain. Useful for organisational security I suppose
https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html
DirBuster
Useful for intrusive penetration testing. I believe this tool is included with Kali
https://tools.kali.org/web-applications/dirbuster
CyberChef
Decrypt (not really) anything
https://gchq.github.io/CyberChef/
NIST
Another cybersecurity framework. Similar to OWASP
https://www.k2io.com/understanding-the-new-nist-sp800-53-guidelines-for-application-security/
Payloads
Probably the most dangerous link here
https://github.com/swisskyrepo/PayloadsAllTheThings
OWASP Zap
I have never tried this. Always wanted to
https://www.google.com/search?q=owasp+xap
DDE Auto Exploit
Cool exploit good with phishing
https://pentestlab.blog/2018/01/16/microsoft-office-dde-attacks/
EKANS Ransomware
Something I've always wanted to read up
https://www.google.com/search?q=ekans+hack
Maze Ransomware
Something I've always wanted to read up
https://www.google.com/search?q=maze+hackers
Syntax Highlighter
Useful for writing reports
https://pinetools.com/syntax-highlighter
Top comments (0)