Created
July 6, 2020 07:22
Revisions
-
bigyank created this gist
Jul 6, 2020 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,147 @@ # Practical-Ethical-Hacking-Resources Compilation of Resources from TCM's Udemy Course ### General Links Link to Website: https://www.thecybermentor.com/ Link to course: https://www.udemy.com/course/practical-ethical-hacking/ Link to discord server: https://discord.gg/RHZ7UF7 FAQ: https://github.com/hmaverickadams/Practical-Ethical-Hacking-FAQ ### Note Keeping KeepNote: http://keepnote.org/ CheryTree: https://www.giuspen.com/cherrytree/ GreenShot: https://getgreenshot.org/downloads/ FlameShot: https://github.com/lupoDharkael/flameshot OneNote: https://products.office.com/en-us/onenote/digital-note-taking-app?rtc=1 Joplin: https://github.com/laurent22/joplin ### Networking Refresher Seven Second Subnetting: https://www.youtube.com/watch?v=ZxAwQB8TZsM Subnet Guide: https://drive.google.com/file/d/1ETKH31-E7G-7ntEOlWGZcDZWuukmeHFe/view ### Setting up our Lab VMware: https://www.vmware.com/products/workstation-player/workstation-player-evaluation.html VirtualBox: https://www.virtualbox.org/wiki/Downloads Kali Download: https://www.offensive-security.com/kali-linux-vm-vmware-virtualbox-image-download/ Shared Drive: https://drive.google.com/open?id=1pIh9t_e6CyjaaZgtA_K1okZkcHhrXncX Official Offensive Security kali 2019.3 release: https://cdimage.kali.org/kali-2019.3/ Other Offical kali 2019 Releases: https://cdimage.kali.org/ ### Mid-Course Capstone Cracking Hashes with Hashcat: https://youtu.be/eq097dEB8Sw ### Introduction to Exploit Development (Buffer Overflows) Immunity Debugger: https://www.immunityinc.com/products/debugger/ Vulnserver: http://www.thegreycorner.com/p/vulnserver.html ### Attacking Active Directory: Initial Attack Vectors mitm6: https://blog.fox-it.com/2018/01/11/mitm6-compromising-ipv4-networks-via-ipv6/ Combining NTLM Relays and Kerberos Delegation: https://dirkjanm.io/worst-of-both-worlds-ntlm-relaying-and-kerberos-delegation/ ### Attacking Active Directory: Post-Compromise Enumeration PowerView Cheat Sheet: https://gist.github.com/HarmJ0y/184f9822b195c52dd50c379ed3117993 ### Attacking Active Directory: Post-Compromise Attacks Group Policy Pwnage: https://blog.rapid7.com/2016/07/27/pentesting-in-the-real-world-group-policy-pwnage/ Mimikatz: https://github.com/gentilkiwi/mimikatz Active Directory Security Blog: https://adsecurity.org/ Harmj0y Blog: http://blog.harmj0y.net/ Pentester Academy Active Directory: https://www.pentesteracademy.com/activedirectorylab Pentester Academy Red Team Labs: https://www.pentesteracademy.com/redteamlab eLS PTX: https://www.elearnsecurity.com/course/penetration_testing_extreme/ ### Web Application Enumeration, Revisited sumrecon: https://github.com/thatonetester/sumrecon ### Testing the Top 10 Web Application Vulnerabilities OWASP Top 10: https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf OWASP Testing Checklist: https://github.com/tanprathan/OWASP-Testing-Checklist OWASP Testing Guide: https://www.owasp.org/images/1/19/OTGv4.pdf Installing Docker on Kali: https://medium.com/@airman604/installing-docker-in-kali-linux-2017-1-fbaa4d1447fe OWASP Juice Shop: https://github.com/bkimminich/juice-shop OWASP A1-Injection: https://www.owasp.org/index.php/Top_10-2017_A1-Injection OWASP A2-Broken Authentication: https://www.owasp.org/index.php/Top_10-2017_A2-Broken_Authentication OWASP A3-Sensetive Data Exposure: https://www.owasp.org/index.php/Top_10-2017_A3-Sensitive_Data_Exposure OWASP A4-XML External Entities: https://www.owasp.org/index.php/Top_10-2017_A4-XML_External_Entities_(XXE) OWASP A5-Broken Access Control: https://www.owasp.org/index.php/Top_10-2017_A5-Broken_Access_Control OWASP A6-Security Misconfigurations: https://www.owasp.org/index.php/Top_10-2017_A6-Security_Misconfiguration OWASP A7-Cross Site Scripting: https://www.owasp.org/index.php/Top_10-2017_A7-Cross-Site_Scripting_(XSS) DOM Based XSS: https://www.scip.ch/en/?labs.20171214 XSS Game: https://xss-game.appspot.com/ OWASP A8-Insecure Deserialization: https://www.owasp.org/index.php/Top_10-2017_A8-Insecure_Deserialization OWASP A9-Using Components with Known Vulnerabilities: https://www.owasp.org/index.php/Top_10-2017_A9-Using_Components_with_Known_Vulnerabilities OWASP A10-Insufficient Logging & Monitoring: https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A10-Insufficient_Logging%252526Monitoring.html ### Legal Documents and Report Writing Sample Pentest Report: https://github.com/hmaverickadams/TCM-Security-Sample-Pentest-Report ## Tools #### Hunter.io * Site: https://hunter.io/ #### theHarvester * Github: https://github.com/laramies/theHarvester #### breach-parse * Github: https://github.com/hmaverickadams/breach-parse #### Hashcat: * Github: https://github.com/hashcat/hashcat * Installing on Windows: https://www.erobber.in/2017/04/hashcat-for-windows.html #### mitm6: * Github: https://github.com/fox-it/mitm6 #### mimikatz: * Github: https://github.com/gentilkiwi/mimikatz #### sumrecon * Github: https://github.com/thatonetester/sumrecon ### Setting up Your AD Lab Using Azure Building Free AD lab: https://medium.com/@kamran.bilgrami/ethical-hacking-lessons-building-free-active-directory-lab-in-azure-6c67a7eddd7f ### Course Notes, Courtesy of Enigma Course Notes: https://onedrive.live.com/view.aspx?resid=42005F2B73E92A16!16546&authkey=!ACt7HgbJMllFQ8o