Ironically my first post will consist of me sending you to a hundred other sites...
Let me explain. I am one for giving credit where it is due, so in effect thats what i intend to do with my first post here. Im gonna suggest places that have helped me along the way. I will try to keep them somewhat organized, but some of them may end up not having a perfect spot.
I want to take this opportunity to thank all those who helped me along the way, thanks to those who have dealt with my maniac addiction to Network Security, and the like. I may have annoyed you, and i may still be annoying you, with questions followed by more and more questions...but know this, it does not go unappreciated.
Network scanning and enumeration:
http://nmap.org/
Nmap Cheat Sheet
That says it all, very useful.
http://www.unicornscan.org/
Another great tool for network enumeration.
Buffer Overflows:
This has recently become my favorite topic of research/conversation.
http://en.wikipedia.org/wiki/Buffer_overflow
So you can get an idea of what a buffer overflow really is.
http://en.wikipedia.org/wiki/Assembly_language
Your definately gonna need atleast a minor grasp of assembly.
http://grey-corner.blogspot.com/2010/01/beginning-stack-based-buffer-overflow.html
And this is where the fun starts. This guy Lupin, has put out some good guides and has even created a "Vulnerable Server" especially for people to use for training. Give his blog a nice spot on you BookMarks tab. Youll be pleased you did.
http://www.tenouk.com/Bufferoverflowc/stackbasedbufferoverflow.html
Another great spot to learn a few things.
http://www.hackerscenter.com/index.php?/Downloads/Library/Application-Security/View-category.html
Another amazing resource.
Things your gonna need and how to use them.
http://www.immunityinc.com/products-immdbg.shtml
Immunity Debugger, this is my personal favorite. But try to play around with a few and find which you like the best.
http://www.corelan.be/index.php/2010/01/26/starting-to-write-immunity-debugger-pycommands-my-cheatsheet/
Good place to learn some of the usage and options that come along with Immunity
http://www.ollydbg.de/
Another option instead of Immuntiy.
https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/
Corelan has a whole series of tutorials devoted to Exploit writing. I suggest you nestle this into your bookmarks. I personally am constantly going back to find something else useful that i had missed before.
And i could not go on without mentioning SecurityTube.net not only does Vivek have an entire video series devoted to Buffer Overflows, but also many other things. I will link to his site several times.
http://www.securitytube.net/groups?operation=view&groupId=7
ShellCode
Your gonna need some shell code around to get your exploit on. So load up, here is some places to start. Also dont forget, you can generate shell code through msfpayload / msfencode.
http://www.shell-storm.org/shellcode/
http://www.corelan.be/index.php/2010/02/25/exploit-writing-tutorial-part-9-introduction-to-win32-shellcoding/
Another great tutorial from Corelan
http://projectshellcode.com/?q=node/12
An entire Database for dedicated to shell code.
Metasploit
I believe it was HD Moore who said that Metasploit is the fastest way to go from boot to remote root. That statement is so true. This is a great framework. So useful with its Auxiliary modules, exploitation modules, and post exploitation. Tis amazing! I would suggest getting to know the framework very well.
http://metasploit.com/
Metasploit is available for Windows and Linux variations. I suggest spending a bit of time here.
http://www.securitytube.net/groups?operation=view&groupId=8
Again i link to Securitytube.net, this is another entire series that Vivek has put together on Metasploit, from basic commands and scanning to post exploitation and cleanup.
http://www.offensive-security.com/metasploit-unleashed/Metasploit_Unleashed_Information_Security_Training
Offensive-security has put out a great and free resource for getting your feet wet with Metasploit. Check it out. While your there, browse over to the training courses that Muts offers there.
http://www.irongeek.com/i.php?page=videos/metasploit-class
This is Adrian Crenshaws website, he and Relik, pureh@te and some others put on a free training session. And now there also giving out the videos from it. This link will take you to the options for download or streaming. I recommend checking it out. He has some great guides and tutorials.
ReverseEngineering
Vivek makes another appearance on my list of places to visit.
http://www.securitytube.net/video/572
http://www.woodmann.com/crackz/
Everything Reverse Engineering
http://pentest.cryptocity.net/reverse-engineering/
For those of us who like videos.
http://tuts4you.com/download.php?list.17
An entire database of Reverse Engineering tuts. Also, i need to mention if you download the reversing with Lena pack. There are several "CrackMe" programs along with the interactive tutorials to test you new found skills on.
Exploit Databases
Your going to need a friend to call on when you need to know if a particular service or piece of software is vulnerable...heres a list of friends to put in for all your phone-a-friend needs.
http://www.exploit-db.com/
Great place to start looking for your vulnerable software. Also sometimes there is an option to download the exploitable software or the like to aid in the exploit development process.
http://packetstormsecurity.org/files/tags/exploit/
Another place to look...
http://www.cvedetails.com/
For the more professional hacker in you.
http://itunes.apple.com/app/iassurance/id351884692?mt=8
An iphone app for searching down vulnerabilities even while on the move.
Fuzzing
http://www.fuzzware.net/tutorial-1-basic-fuzzing
To start you off with your fuzzing needs.
http://www.thetazzone.com/tutorial-application-fuzzing/
Some more fuzzing resources.
http://peachfuzzer.com/TutorialNetworkServer
For learning to fuzz with Peach. Although not yet officially supported this is useable on Backtrack by using Wine.
https://www.owasp.org/index.php/Fuzzing_with_WebScarab
OWASP put out a great resource for using WebScarab to fuzz. Check it out.
http://www.youtube.com/watch?v=6sooEScW07Y
A good little video explaining usage of the Sulley fuzzing framework.
Vulnerable By Design
After you have learned all these nasty skills, you need a place to put it into action. You need to train for war without going to jail. Here is how. Vulnerable by design, these are VMs that you can run inside VMWare or VirtualBox, or even boot as live CD...then attack attack attack, without harming your system. These are great.
http://g0tmi1k.blogspot.com/2011/03/vulnerable-by-design.html
This is g0tmi1ks blog, this link will take you directly to the his vulnerable by design post. I have yet to find anything as extensive a collection as his. Please stick around on his site for his videos on exploiting the VMs and many other things.
http://samhacked.blogspot.com/2011/07/pentest-lab-vulnerable-servers.html
Another quick selection of vulnerable by design live CDs and VMs.
http://www.thoughtpolice.co.uk/
This is a HUGE selection of VMs in case you want to make your own vulnerable by design or just need a virtual machine to fool with.
Places i visit often and or find interesting.
http://www.irongeek.com/i.php?page=videos/msfpayload-msfencoder-metasploit-3-3
Want to avoid anti-virus. irongeek has an amazing tutorial for this. Forget buying crypters or paying for the service. Learn it yourself.
http://www.secmaniac.com/
I havent mentioned the social engineering toolkit as of yet. But here is the blog from the man who designed it. Certainly worth checking out. Also quick side not, he is co-sponsoring DerbyCon in lousiville late this year. Here is a link to the details.
http://www.derbycon.com/
Make sure that you glance at the presenters. Its a star lineup and sure to be a great event.
http://www.offensive-security.com/
This is a great place to continue your education into pentesting, make sure you check out the online and live training options.
http://www.backtrack-linux.org/forums/
Backtrack linux forums is a wealth of knowledge. Make sure to get yourself an account and add to the community.
http://www.backtrack-linux.org/downloads/
For download backtrack 5. Great pentesting OS, so much so it has replaced my main operating system.
http://www.backtrack-linux.org/wiki/index.php/Main_Page
Think Wikapedia except for all things Backtrack. Woot
Python
http://en.wikibooks.org/wiki/Subject:Python_programming_language
Im knee deep in Python on a daily basis. Heres where i go for all things Python.
http://learnpythonthehardway.org/book/
And
http://www.onlinecomputerbooks.com/free-python-books.php
And I strongly recommend this book.
http://oreilly.com/catalog/9781593271923
A great post for privilege escalation in Linux.
http://g0tmi1k.blogspot.com/2011/08/basic-linux-privilege-escalation.html
A video showing how to use Metasploit as a payload for your post exploitation exploitations.
http://www.securitytube.net/video/711
Several good YouTube videos on different aspects of penetration testing.
http://www.youtube.com/user/xsploitedsecurity
A ton of videos of Defcon, Schmoocon, BlackHat, etc etc presentations. A very extensive list. I would bookmark this as its not only educational, but very entertaining.
http://www.youtube.com/user/ChRiStIaAn008
A few more books i can recommend:
http://www.amazon.com/Kingpin-Hacker-Billion-Dollar-Cybercrime-Underground/dp/0307588688
If you want an exciting book to read, thats also teaching you a few things along the way. Then this book is for you. Written by Kevin Poulsen who is a reformed hacker himself and currently runs a blog over at Wired.com Its always a good read. Check it out at:
http://www.wired.com/threatlevel/
Recently Relik, Muts, Jim Gorman, and Devon Kearns released this book, its very informative. Get it here:
http://nostarch.com/metasploit.htm
Download a sample chapter here:
http://www.nostarch.com/download/metasploit_ch8.pdf
Download the vulnerable examples discussed in the book here:
http://www.secmaniac.com/files/nostarch1.zip
Now this is not a complete or perfect list. Although I will be editing and adding to as things progress, it will never fit perfectly for all your needs. I encourage you to research research research. You will learn so much on the quest to find that one small nugget of info your looking for. And for that i give you this final link,
http://www.google.com
Myself and my cohort Padraignix will be adding content, and there will certainly be our own tutorials and guides. But we will not be providing a step-by-script-kiddie-step tutorial. With copy and paste remote exploit potential. We will be doing our best to keep this informational and professional. Saying that, I would like to invite anyone to comment, correct me in any place i was wrong. If you would like to see your site and or tutorial on here, just let us know and we will make it happen. Also if anyone has any great resources of web-app testing, please let me know. As i have not dealt with this much. Thanks for reading...
pop
pop
ret g11tch
No comments:
Post a Comment