# resources

## Foundations

Nothing hacking related in this section, just links covering what are considered the foundations of InfoSec

#### General Links

* [5pillars](https://github.com/ED-209-MK7/5pillars)
* <https://github.com/gerryguy311/Free_CyberSecurity_Professional_Development_Resources>
* <https://github.com/zardus/wargame-nexus>
* <https://github.com/Hack-with-Github/Awesome-Hacking>
* <https://github.com/trimstray/the-book-of-secret-knowledge>
* <https://github.com/rmusser01/Infosec_Reference/blob/master/Draft/RT.md>

### Networking

#### General Links

* [Prof. Messers Net+](https://www.professormesser.com/network-plus/n10-007/n10-007-training-course/)
* [TheNewBoston Networking Playlist](https://youtube.com/playlist?list=PL6gx4Cwl9DGBpuvPW0aHa7mKdn_k9SPKO)
* <https://www.redsiege.com/blog/2021/02/networkfunpart1/>

#### Assigning IP Addresses

* <https://ipwithease.com/understanding-dora-process-in-dhcp/>

### Protocols

#### DHCP

* <https://wiki.wireshark.org/DHCP>

#### Network Analysis Tools

* <https://wiki.wireshark.org/SampleCaptures>
* [https://www.tcpdump.org/manpages/tcpdump.1.html](https://www.tcpdump.org/manpages/tcpdump.1.html%E2%80%A8)
* [Packet Decoder](https://hpd.gasmi.net/)
* [https://www.splunk.com/en\_us/download/previous-releases.html](https://www.splunk.com/en_us/download/previous-releases.html%E2%80%A8)
* [https://www.elastic.co/what-is/elk-stack](https://www.elastic.co/what-is/elk-stack%E2%80%A8)
* <https://thehelk.com/intro.html>

IPTABLES

* <https://youtu.be/XKfhOQWrUVw>

Packet Filter

* [https://www.usenix.org/legacy/publications/library/proceedings/sd93/mccanne.pdf](https://www.usenix.org/legacy/publications/library/proceedings/sd93/mccanne.pdf%E2%80%A8)
* <http://www.infosecwriters.com/text_resources/pdf/JStebelton_BPF.pdf>

### Programming

#### General Links

* [Codecademy](https://www.codecademy.com/)
* [CoursesOnline: Programming Courses](https://www.coursesonline.co.uk/courses/programming/)
* [Learning People: Online IT Courses](https://www.learningpeople.com/uk/courses/it-courses/)
* [W3Schools](https://www.w3schools.com/)

#### Python

* [LearnPython](https://www.learnpython.org/)
* [RealPythom](https://realpython.com/)
* [Python3 Docs](https://docs.python.org/3/)

#### PowerShell

* [UnderTheWire](https://underthewire.tech/)
* [PoSH-Hunter](https://posh-hunter.com/)

#### CSharp

* <https://github.com/fozavci/WeaponisingCSharp-Fundamentals>

### Windows

#### General Links

* [SysInternals](https://docs.microsoft.com/en-us/sysinternals/)
* <https://medium.com/ax1al/a-brief-introduction-to-pe-format-6052914cc8dd>
* <https://nasbench.medium.com/windows-system-processes-an-overview-for-blue-teams-42fa7a617920>

#### Registry Stuffs

* <https://github.com/msuhanov/regf/blob/master/Windows%20registry%20file%20format%20specification.md>

#### Win Internals

* [Win Internals for .Net Devs](https://youtu.be/h6BXMcRqYhA)
* <https://scorpiosoftware.net/2021/07/03/processes-threads-and-windows/>

### \*nix

#### General Links

* [Linux Journey](https://linuxjourney.com/)
* [OverTheWire](https://overthewire.org/wargames/bandit/)
* <https://offlinemark.com/2021/05/12/an-obscure-quirk-of-proc/>

### Vulnerable labs & practice apps

* [OWASP Juice Shop](https://owasp.org/www-project-juice-shop/) — vulnerable web app (Node/Express/Angular), OWASP Top 10 and more.
* [Metasploitable 2](https://docs.rapid7.com/metasploit/metasploitable-2-exploitability-guide/) — purpose-built vulnerable Ubuntu VM for enumeration/exploitation practice.
* [Metasploitable 3](https://github.com/rapid7/metasploitable3) — template for building vulnerable Windows VMs.
* [DVWA](https://github.com/digininja/DVWA) — PHP/MySQL vulnerable web app with multiple difficulty levels.

### Walkthroughs & video

* [IppSec](https://www.youtube.com/channel/UCa6eh7gCkpPo5XXUDfygQQA) — HTB box walkthroughs and technique videos.
* [0xdf hacks stuff](https://0xdf.gitlab.io/) — HTB writeups with “Beyond root” sections.
* [VbScrub](https://www.youtube.com/channel/UCpoyhjwNIWZmsiKNKpsMAQQ) — HTB and AD-focused videos.
* [STÖK](https://www.youtube.com/channel/UCQN2DsjnYH60SFBIA6IkNwg) — bug bounty and web app testing.
* [LiveOverflow](https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w) — wide range of technical infosec topics.

### Web App

#### HTTP/2

* <https://http2-explained.haxx.se/en/part6>
* <https://developers.google.com/web/fundamentals/performance/http2>
* <https://tools.ietf.org/html/rfc7540>

## GitHub Repos

* [https://github.com/killswitch-GUI/Persistence-Survivability](https://github.com/killswitch-GUI/Persistence-Survivability%E2%80%A8)
* [https://github.com/Mr-Un1k0d3r/ThunderShell](https://github.com/Mr-Un1k0d3r/ThunderShell%E2%80%A8)
* <https://github.com/xforcered/StandIn>
* <https://github.com/ustayready/geacon>
* <https://github.com/S3cur3Th1sSh1t/PowerSharpPack>
* <https://github.com/Flangvik/SharpCollection>
* <https://github.com/xorrior/RemoteRecon>
* <https://github.com/AXI4L/Community-Papers>

## GitHub Profiles

* <https://github.com/mdsecactivebreach>
* <https://github.com/specterops>
* <https://github.com/S3cur3Th1sSh1t>
* <https://github.com/r3nhat>
* <https://github.com/RomanRII>

## Blogs

* <https://silentbreaksecurity.com/blog/>
* <https://www.huntress.com/blog>
* <https://www.trustedsec.com/blog/>
* <https://posts.specterops.io/>
* <https://blog.xpnsec.com/>
* <https://www.cyberark.com/resources/threat-research-blog>

## Tools

## Pentesting vs. Red Teaming

## Pentesting

### General Links

* <https://jhalon.github.io/becoming-a-pentester/>
* <https://www.reddit.com/r/redteamsec/>
* <https://github.com/Voorivex/pentest-guide>

### Web App Stuffs

* <https://application.security/free/owasp-top-10>
* <https://application.security/free/owasp-top-10-API>
* <https://portswigger.net/web-security>

### Active Directory

* <https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference/>
* <https://github.com/cfalta/adsec>
* <https://github.com/S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet>
* <https://posts.specterops.io/the-attack-path-management-manifesto-3a3b117f5e5>
* <https://github.com/Integration-IT/Active-Directory-Exploitation-Cheat-Sheet>
* <https://zer1t0.gitlab.io/posts/attacking_ad/>
* <https://posts.specterops.io/shadow-credentials-abusing-key-trust-account-mapping-for-takeover-8ee1a53566ab>
* [Compromising a Network in 20 minutes via AD](https://youtu.be/MIt-tIjMr08)
* <https://www.exploit-db.com/docs/english/46990-active-directory-enumeration-with-powershell.pdf>
* <https://posts.specterops.io/hunting-in-active-directory-unconstrained-delegation-forests-trusts-71f2b33688e1>
* <https://github.com/Mr-Un1k0d3r/ADHuntTool>
* <https://rootdse.org/posts/active-directory-basics-1/>
* <https://github.com/infosecn1nja/AD-Attack-Defense>

#### AD CS

* <https://posts.specterops.io/certified-pre-owned-d95910965cd2>
* <https://www.exandroid.dev/2021/06/23/ad-cs-relay-attack-practical-guide/>
* <https://dirkjanm.io/ntlm-relaying-to-ad-certificate-services/>
* <https://github.com/dirkjanm/PKINITtools>

#### Kerberoasting

* <https://blog.xpnsec.com/kerberos-attacks-part-1/#more>
* <https://blog.perf3ct.tech/csl-machine-writeup-roast-kerberoasting/#Kerberoasting_overview>
* <https://www.harmj0y.net/blog/powershell/kerberoasting-without-mimikatz/>
* <https://www.youtube.com/watch?v=Jaa2LmZaNeU>
* <https://en.hackndo.com/kerberos/>
* <https://youtu.be/SStP2RjVq0I>
* <https://nored0x.github.io/red-teaming/Kerberos-Attacks-Silver-Ticket/>

### PowerShell For Pentesters

* [SANS Webcast: PowerShell for PenTesting](https://youtu.be/a8_DqEVFwO8)
* [SANS Webcast: Pen Testing with PowerShell -- Data Exfiltration Techniques](https://youtu.be/mIqVvx943Fw)
* [SANS Webcast: Pen Testing with PowerShell -- Local Privilege Escalation Techniques](https://youtu.be/bAnohAiAQ7U)

### Miscellaneous

* <https://malicious.link/post/2020/run-as-system-using-evil-winrm/>
* <https://www.netspi.com/resources/netspi-open-source-tools/>
* <https://attack.mitre.org/>
* <https://www.alteredsecurity.com/post/introduction-to-365-stealer>
* [How PsExec Works](https://www.youtube.com/watch?v=bcw2b3OMRHI)

### GTFOBins

* <https://gtfobins.github.io/>

## Red Teaming

### General Links

* <https://redteamer.tips/red-team-tips/>
* <https://github.com/CyberSecurityUP/Awesome-Red-Team-Operations>

#### Github Repos

* <https://github.com/xbl3/Red-Teaming-Toolkit_infosecn1nja>
* <https://github.com/threatexpress/red-team-scripts>
* <https://github.com/marcosValle/awesome-windows-red-team>
* <https://github.com/yeyintminthuhtut/Awesome-Red-Teaming>
* <https://github.com/yeyintminthuhtut/Awesome-Advanced-Windows-Exploitation-References>
* [https://github.com/bluscreenofjeff/Red-Team-Infrastructure-Wiki](https://github.com/bluscreenofjeff/Red-Team-Infrastructure-Wiki%E2%80%A8)
* <https://github.com/andrewchiles/PowerLessShell>
* <https://github.com/Mr-Un1k0d3r/RedTeamPowershellScripts>
* <https://github.com/Mr-Un1k0d3r/RedTeamScripts>
* <https://github.com/redcode-labs>
* <https://github.com/optiv/Dent>
* <https://github.com/jhackz/RTO-Implant>
* <https://github.com/S3cur3Th1sSh1t/Creds>
* <https://github.com/N7WEra/SharpAllTheThings>
* <https://github.com/cfalta/PowerShellArmoury>
* <https://github.com/gtworek/PSBits>
* <https://github.com/malware-unicorn/GoPEInjection>

#### Blogs

* <https://offensivedefence.co.uk/posts/>
* <https://rastamouse.me/>
* [https://blog.romanrii.com/](https://blog.romanrii.com/using-icmp-to-deliver-shellcode)
* <https://www.vincentyiu.com/>
* [https://vysecurity.rocks/#](https://vysecurity.rocks)
* <https://www.redteam.cafe/>
* <https://blog.redteam-pentesting.de/>
* <https://blog.dylan.codes/>
* <https://blog.xpnsec.com/>
* <https://blog.harmj0y.net/>
* <https://dirkjanm.io/>
* <https://stealthbits.com/blog/>
* <https://blog.sektor7.net/#!index.md>
* <https://outflank.nl/blog/>
* <http://jackson-t.ca/>
* <http://redsiege.com/blog>
* [https://s3cur3th1ssh1t.github.io](https://s3cur3th1ssh1t.github.io/)
* <http://www.harmj0y.net/blog/blog/>
* <https://riccardoancarani.github.io/>
* <https://kwcsec.gitbook.io/the-red-team-handbook/>

#### Tools

* [https://github.com/itm4n/PPLdump](https://github.com/itm4n/PPLdump%E2%80%A8)

### DevOps for RT

* <https://workshop.hackerops.dev/>

### Pivoting

#### SSH Tunneling

* [SSH Tunneling in Depth](https://posts.specterops.io/offensive-security-guide-to-ssh-tunnels-and-proxies-b525cbd4d4c6)

### Persistence

* <https://www.trustedsec.com/blog/bits-persistence-for-script-kiddies/>

### Evasion Techniques

* <https://github.com/ion-storm/sysmon-edr>
* <https://www.ired.team/offensive-security/defense-evasion/bypassing-cylance-and-other-avs-edrs-by-unhooking-windows-apis>
* <https://ethicalchaos.dev/2020/05/27/lets-create-an-edr-and-bypass-it-part-1/>
* <https://blog.redbluepurple.io/offensive-research/bypassing-injection-detection>
* <https://github.com/sinfulz/JustEvadeBro>
* <https://youtu.be/UO3PjJIiBIE>
* <https://www.xanthus.io/building-an-obfuscator-to-evade-windows-defender/>
* <https://klezvirus.github.io/RedTeaming/AV_Evasion/CodeExeNewDotNet/>
* <https://blog.scrt.ch/2020/06/19/engineering-antivirus-evasion/>
* <https://synzack.github.io/Blinding-EDR-On-Windows/>

#### Obfuscation

* <https://github.com/BC-SECURITY/Beginners-Guide-to-Obfuscation>

#### Bypassin' UAC

* <https://hausec.com/2020/10/30/using-a-c-shellcode-runner-and-confuserex-to-bypass-uac-while-evading-av/>

#### Breakin' AMSI

* <https://amsi.fail/>
* <https://github.com/S3cur3Th1sSh1t/Amsi-Bypass-Powershell>
* [https://www.cyberark.com/resources/threat-research-blog/amsi-bypass-patching-technique](https://www.cyberark.com/resources/threat-research-blog/amsi-bypass-patching-technique%E2%80%A8)
* <https://www.cyberark.com/resources/threat-research-blog/amsi-bypass-redux>
* <https://s3cur3th1ssh1t.github.io/Powershell-and-the-.NET-AMSI-Interface/>
* <https://rastamouse.me/memory-patching-amsi-bypass/>

#### Messing W/ WinAPI

* <https://blog.xpnsec.com/weird-ways-to-execute-dotnet/>

#### D/Invoke

* <https://thewover.github.io/Dynamic-Invoke/>
* <https://github.com/rasta-mouse/DInvoke>
* <https://blog.nviso.eu/2020/11/20/dynamic-invocation-in-net-to-bypass-hooks/>
* <https://klezvirus.github.io/RedTeaming/Development/From-PInvoke-To-DInvoke/>

#### P/Invoke

* [P/Invoke](https://pinvoke.net/)

#### AV/EDR? What's that?

* <https://www.mdsec.co.uk/2019/03/silencing-cylance-a-case-study-in-modern-edrs/>
* <https://s3cur3th1ssh1t.github.io/A-tale-of-EDR-bypass-methods/>
* <https://sol-secure.blogspot.com/2021/03/bypassing-edr-primer-sophos.html>
* <https://github.com/CCob/SharpBlock>
* <https://arty-hlr.com/blog/2021/05/06/how-to-bypass-defender/>
* <https://outflank.nl/blog/2019/06/19/red-team-tactics-combining-direct-system-calls-and-srdi-to-bypass-av-edr/>
* <https://blog.sevagas.com/IMG/pdf/BypassAVDynamics.pdf>
* <https://github.com/GetRektBoy724/SharpUnhooker>
* <https://abdelrahmanessaam.blogspot.com/2021/06/how-malwares-use-dynamic-api-loading-to.html>
* <https://bruteratel.com/research/feature-update/2021/06/01/PE-Reflection-Long-Live-The-King/?s=09>
* <https://blog.redbluepurple.io/offensive-research/bypassing-injection-detection>
* <https://s3cur3th1ssh1t.github.io/A-tale-of-EDR-bypass-methods/>
* <https://www.youtube.com/watch?v=6OF6lA0kCuY&t=3s>

### Process Injection

* <https://github.com/3xpl01tc0d3r/ProcessInjection>
* <https://3xpl01tc0d3r.blogspot.com/2019/08/process-injection-part-i.html>
* <https://github.com/enkomio/ManagedInjector>
* <https://blog.xenoscr.net/2021/07/26/Process-Injection-with-Assembly.html>

### Messing w/ Syscalls

* <https://jhalon.github.io/utilizing-syscalls-in-csharp-1/>
* <https://offensivedefence.co.uk/posts/dinvoke-syscalls/>
* <https://github.com/j00ru/windows-syscalls>
* <https://dronesec.pw/blog/2021/05/12/on-the-fanciful-allure-of-raw-syscalls/>
* <https://www.mdsec.co.uk/2020/12/bypassing-user-mode-hooks-and-direct-invocation-of-system-calls-for-red-teams/>

### Lateral Movement

* <https://eaneatfruit.github.io/2019/08/18/Offensive-Lateral-Movement/>
* <https://mergene.medium.com/hunting-for-lateral-movement-local-accounts-bc08742f3d83>

### Exfiltration

* <https://github.com/RomanRII/DNS-Exfiltration>

### Domain Fronting/Borrowing

#### Domain Borrowing

* <https://github.com/Dliv3/DomainBorrowing>
* <https://i.blackhat.com/asia-21/Thursday-Handouts/as-21-Ding-Domain-Borrowing-Catch-My-C2-Traffic-If-You-Can.pdf>

#### Domain Fronting

### Command and Control

* <https://www.thec2matrix.com/>
* <https://shogunlab.gitbook.io/building-c2-implants-in-cpp-a-primer/>
* [Covenant 101](https://youtu.be/oN_0pPI6TYU)
* <https://nasbench.medium.com/understanding-detecting-c2-frameworks-darkfinger-c2-539c79282a1c>

### Detecting Attacks

* <https://www.reddit.com/r/blueteamsec/comments/n31ot3/attack_detection_fundamentals_2021_windows_macos/>

### Building out a AdSim Lab

* <https://blog.xpnsec.com/designing-the-adversary-simulation-lab/#more>

### Mudge Youtube Playlists

* [Tradecraft](https://www.youtube.com/playlist?list=PL9HO6M_MU2nesxSmhJjEvwLhUoHPHmXvz)
* [Advanced Threat Tactics](https://youtube.com/playlist?list=PL9HO6M_MU2nf8Fa5bVefBW-9bg5Rx94_c)
* [Red Team Ops w/ Cobalt Strike](https://youtube.com/playlist?list=PL9HO6M_MU2nfQ4kHSCzAQMqxQxH47d1no)
* [In-Memory Evasion](https://youtube.com/playlist?list=PL9HO6M_MU2nc5Q31qd2CwpZ8J4KFMhgnK)

### LOLBAS

* <https://lolbas-project.github.io/>

### Malware Analysis/Dev

* <https://youtu.be/SIem8ZIe1xk>
* <https://0xpat.github.io/Malware_development_part_1/>
* <https://gist.github.com/muff-in/ff678b1fda17e6188aa0462a99626121>
* <https://github.com/CyberSecurityUP/Awesome-Malware-Analysis-Reverse-Engineering>
* <https://hackerspot.net/2021/06/21/building-your-own-dynamic-malware-analysis-lab/>
* [.NET Advanced Malware Dev](https://youtu.be/8lk6VhmlhoI)

### Macro Magic

* <https://github.com/michaelweber/Macrome>

### Miscellaneous

* <https://blog.romanrii.com/using-icmp-to-deliver-shellcode>
* <https://blog.joeminicucci.com/2021/who-let-the-arps-out-from-arp-spoof-to-domain-compromise>
* <https://www.mdsec.co.uk/2021/02/farming-for-red-teams-harvesting-netntlm/>
* <https://blog.huntresslabs.com/tried-and-true-hacker-technique-dos-obfuscation-400b57cd7dd>
* <https://github.com/mdsecactivebreach/WMIPersistence>
* <https://posts.specterops.io/what-is-it-that-makes-a-microsoft-executable-a-microsoft-executable-b43ac612195e>
* <https://jhalon.github.io/reverse-engineering-protocols/>
* <https://pentestlab.blog/2020/05/20/persistence-com-hijacking/>
* <https://github.com/fozavci/ta505plus>
* <https://blog.focal-point.com/how-to-build-obfuscated-macros-for-your-next-social-engineering-campaign>
* <https://www.mdsec.co.uk/2021/06/bypassing-image-load-kernel-callbacks/>
* <https://thedfirreport.com/2021/06/20/from-word-to-lateral-movement-in-1-hour/>
* <https://www.elastic.co/blog/process-ghosting-a-new-executable-image-tampering-attack>
* <https://adepts.of0x.cc/netsh-portproxy-code/>
* <https://bruteratel.com/research/feature-update/2021/01/30/OBJEXEC/>
* <https://gist.github.com/gabe31415/fe2a7bd7213739b2bc407ecf0e100f9a>
* <https://www.blackhillsinfosec.com/how-to-phish-for-user-passwords-with-powershell/>
* <https://aticleworld.com/reading-and-writing-windows-registry/>
* <https://connormcgarr.github.io/swimming-in-the-kernel-pool-part-2/>
* [COM Stuffs](https://www.youtube.com/watch?v=8tjrFm2K30Q)
* <https://blog.sevagas.com/?Hide-HTA-window-for-RedTeam>
* <https://s3cur3th1ssh1t.github.io/Playing-with-OffensiveNim/>

## DFIR n stuff

### General Links

* <https://www.reddit.com/r/blueteamsec/>
* <https://github.com/DFIRmadness/infosec-fortress>

### DotNet

* [.Net Internals and Reversing](http://www.blackstormsecurity.com/docs/ALEXANDREBORGES_DEFCON_2019.pdf)

### Forensics

* <https://github.com/cugu/awesome-forensics>
* <https://stuxnet999.github.io/volatility/2020/08/18/Basics-of-Memory-Forensics.html>
* <https://twitter.com/BlackMatter23/status/1401523637019189258?s=20>

### SOC Stuffs

* <https://academy.picussecurity.com/course/log-management-proactive-soc>

### Attack Detection Series

* <https://labs.f-secure.com/blog/attack-detection-fundamentals-2021-windows-lab-1/>
* <https://labs.f-secure.com/blog/attack-detection-fundamentals-2021-windows-lab-2/>
* <https://labs.f-secure.com/blog/attack-detection-fundamentals-2021-windows-lab-3/>
* <https://labs.f-secure.com/blog/attack-detection-fundamentals-2021-windows-lab-4/>

### Github Repos

* <https://github.com/olafhartong/sysmon-modular>
* <https://github.com/trustedsec/SysmonCommunityGuide/blob/master/sysmon-events.md#create-remote-thread>
* <https://github.com/cado-security/DFIR_Resources_REvil_Kaseya/>

## Twitter Stuffs

* <https://twitter.com/PythonResponder/status/1385064506049630211?s=20>
* <https://twitter.com/inversecos/status/1385456029400387584?s=20>

## Labs

* [HackTheBox](https://www.hackthebox.eu/)
* [TryHackMe](https://tryhackme.com/)
* [CyberSecLabs](https://www.cyberseclabs.co.uk/)
* [VirtualHackingLabs](https://www.virtualhackinglabs.com/)

## Cons

* <http://www.irongeek.com/i.php?page=videos%2Fderbycon7%2Fmainlist>
* <https://adversaryvillage.org/adversary-events/DEFCON-29/>

## Training

* <https://academy.tcm-sec.com/>
* <https://silentbreaksecurity.com/training/>
* <https://www.chironcommercial.com/train/courses/>
* <https://www.pentesteracademy.com/>
* <https://specterops.io/how-we-help/training-offerings>
* <https://github.com/specterops/at-ps>
* <https://academy.tcm-sec.com/>
* <https://silentbreaksecurity.com/training/>
* <https://www.chironcommercial.com/train/courses/>
* <https://www.pentesteracademy.com/>
* <https://specterops.io/how-we-help/training-offerings>
* <https://github.com/specterops/at-ps> (FREE SpecOps Course)
* <https://institute.sektor7.net/>
* <https://academy.picussecurity.com/course/log-management-proactive-soc>

## CheatSheets

* WebApp Pentesting (find)
* AD Pentesting (find)

### ROP

* <https://ropemporium.com/challenge/ret2win.html>

## The Best Resource Out There

{% embed url="<https://www.google.com/>" %}