DEV Community

boiledsteak
boiledsteak

Posted on

My "hacking" bookmarks / tools

Hello! These are some websites I have bookmarked while studying. They are definitely not pro hacking tools but should be useful for open-source intelligence (OSINT) and for cybersecurity certifications.

Contents

Weak Site 1

Vulnerable website to perform pen testing
http://www.vulnweb.com/

🚀 back to contents

Weak Site 2

Another Vulnerable website to perform pen testing
https://demo.testfire.net/

🚀 back to contents

Computer Laws in Singapore

Computer laws in Singapore are defined in the Computer Misuse Act
https://sso.agc.gov.sg/Act/CMA1993

🚀 back to contents

CVE

Discover more about reported vulnerabilities and exploits
https://www.cvedetails.com/

🚀 back to contents

OSSA Notes

Notes for a cybersecurity certification, Organisational Systems Security Analyst
https://github.com/exetr/OSSA-Notes#osi-model

🚀 back to contents

Whois

Discover more about a website's domain with this online Whois tool
http://whois.domaintools.com/

🚀 back to contents

NMAP cheatsheet 1

NMAP is a very popular hacking tool. This is one cheatsheet I used to operate NMAP
https://hackertarget.com/nmap-cheatsheet-a-quick-reference-guide/

🚀 back to contents

NMAP cheatsheet 2

NMAP is a very popular hacking tool. This is one cheatsheet I used to operate NMAP
https://highon.coffee/blog/nmap-cheat-sheet/

🚀 back to contents

TCP Port Numbers

Good for both blue and red teaming or for exams

http://www.meridianoutpost.com/resources/articles/well-known-tcpip-ports.php

🚀 back to contents

Tripwire Reports

Tripwire is a network intrusion detection system (NIDS). Usually used in schools and beginner courses as proof of concept. I doubt it's used in production now. I believe SIEMs such as Splunk and IBM QRadar are more popular.

However if you do use the tripwire application, this might help
https://www-uxsup.csx.cam.ac.uk/pub/doc/redhat/redhat8/rhl-rg-en-8.0/s1-tripwire-twprint.html

🚀 back to contents

Wireshark Filters

Wireshark needs no introduction. This is one cheatsheet I used
https://www.thegeekstuff.com/2012/07/wireshark-filter/

🚀 back to contents

Wireshark Filters 2

Wireshark needs no introduction. This is one cheatsheet I used
https://wiki.wireshark.org/DisplayFilters

🚀 back to contents

Snort Rules

Similar to tripwire, Snort is an intrusion detection system (IDS) that's very outdated and surpassed by modern holistic SIEMs

However it is still used in schools and exams. This might help
https://blog.rapid7.com/2016/12/09/understanding-and-configuring-snort-rules/

🚀 back to contents

VirusTotal

Check any file or link for malware. Not completely foolproof, do your own testing.
Usually used in schools and exams too
https://www.virustotal.com/gui/home

🚀 back to contents

Fileless Malware

Pretty cool stuff
https://github.com/chenerlich/FCL/blob/master/Malwares/Locky.md

🚀 back to contents

IP Logger

Good for phishing attacks. Not really that malicious since any time you connect to a website or server your IP address is shown. This can be mitigated through many ways such as Tor, VPN, dynamic IP address, these are to name of but a few
https://iplogger.org/

🚀 back to contents

File Analysis

Similar to VirusTotal
https://www.joesandbox.com/

🚀 back to contents

Explain Shell Code

Pretty cool
https://explainshell.com/explain?cmd=netstat+-a#

🚀 back to contents

Check Process

Unknown process running on your PC? Check here
https://www.processlibrary.com/en/

🚀 back to contents

Security Policy Templates

Boring stuff
https://www.sans.org/information-security-policy/

🚀 back to contents

Microsoft Keys

I didn't know I had access to this with my school email account lol. Useful for setting up VMs for testing
https://azureforeducation.microsoft.com/devtools

🚀 back to contents

OWASP Risk Rating

Needs no introduction
https://owasp.org/www-community/OWASP_Risk_Rating_Methodology

🚀 back to contents

Download Windows 10

Windows 10 .iso literally on their website free to download
https://www.microsoft.com/en-au/software-download/windows10

🚀 back to contents

OSSTMM

Similar to OWASP Top 10
https://kirkpatrickprice.com/blog/what-you-need-to-know-about-osstmm/

🚀 back to contents

Change Windows Password

Old hack that works on old PCs
https://en.wikipedia.org/wiki/Chntpw

🚀 back to contents

ARP Poisoning

I always forget what's the difference between ARP and DNS poisoning. This website has notes for CEH as well
https://ktflash.gitbooks.io/ceh_v9/content/74_arp_poisoning.html

🚀 back to contents

DROP vs REJECT

I always forget the difference
http://www.chiark.greenend.org.uk/~peterb/network/drop-vs-reject

🚀 back to contents

NodeJS Hacks

Cool stuff for NodeJS
https://github.com/aadityapurani/NodeJS-Red-Team-Cheat-Sheet

🚀 back to contents

LockHeed Killchain

LockHeed Martin Cyber Kill Chain. Useful for organisational security I suppose
https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html

🚀 back to contents

DirBuster

Useful for intrusive penetration testing. I believe this tool is included with Kali
https://tools.kali.org/web-applications/dirbuster

🚀 back to contents

CyberChef

Decrypt (not really) anything
https://gchq.github.io/CyberChef/

🚀 back to contents

NIST

Another cybersecurity framework. Similar to OWASP
https://www.k2io.com/understanding-the-new-nist-sp800-53-guidelines-for-application-security/

🚀 back to contents

Payloads

Probably the most dangerous link here
https://github.com/swisskyrepo/PayloadsAllTheThings

🚀 back to contents

OWASP Zap

I have never tried this. Always wanted to
https://www.google.com/search?q=owasp+xap

🚀 back to contents

DDE Auto Exploit

Cool exploit good with phishing
https://pentestlab.blog/2018/01/16/microsoft-office-dde-attacks/

🚀 back to contents

EKANS Ransomware

Something I've always wanted to read up
https://www.google.com/search?q=ekans+hack

🚀 back to contents

Maze Ransomware

Something I've always wanted to read up
https://www.google.com/search?q=maze+hackers

🚀 back to contents

Syntax Highlighter

Useful for writing reports
https://pinetools.com/syntax-highlighter

🚀 back to contents

Top comments (0)