Interesting Stuff
Talks
DerbyCon 3.0 2013 – Hacking Back Active Defense And Internet Tough Guys
Raphael Mudge
Bsides Las Vegas 2012 – Force Multipliers for Red Team Operations
DEFCON 20 2012 – Cortana: Rise of the Automated Red Team
Derbycon 3.0 2013 – Browser Pivoting (FU2FA)
ShowMeCon 2014 – Hacking To Get Caught: A Concept For Adversary Replication And Penetration Testing
Tom Steele and Dan Kottmann
Defcon 21 – Collaborative Penetration Testing With Lair
DerbyCon 3.0 2013 – Collaborative Penetration Testing With Lair
Tom Steele
ShmooCon 2013 Firetalks – ShellSquid Distributed Shells With Node
Solomon Sonya, Nick Kulesza
Chris Gates and Joe McCray
Shmoocon Epilogue 2013 – The Evolution of Pentesting High Security Environments
DerbyCon 1.0 2011 – The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
DerbyCon 2.0 2012 – Dirty Little Secrets Part 2
DerbyCon 3.0 2013 – Windows Attacks: AT is the new black
Rick Redman
DerbyCon 3.0 2013 – Cracking Corporate Passwords – Exploiting Password Policy Weaknesses
Andrew MacPherson and Roelof Temmingh
Black Hat 2013 – Maltego Tungsten As a Collaborative Attack Platform
Shane Macdougall
DerbyCon 3.0 2013 – Practical Osint
Bell Communications Research Colloquium Seminar 1995 – You and Your Research
Haroon Meer
Moxie Marlinspike
Articles and Slides
Stefan Viehböck – Brute forcing Wi-Fi Protected Setup
H. D. Moore – Exploiting tomorrow’s internet today: penetration testing with IPv6
Atik Pilihanto – A Complete Guide on IPv6 Attack and Defense
Michael Messner – Pen testing on IPv6 networks: In Through the Back Door
Rick Redman – Supercharged John the Ripper Techniques
Rick Redman – Cracking Corporate Users’ Passwords Made Easy
Chris Gates and Joe McCray: Big Bang Theory… The Evolution of Pentesting High Security Environments
Jonathan Brossard – Sandboxing is (the) shit!
Dr. Richard Hamming: Bell Communications Research Colloquium Seminar 1986 – You and Your Research
Defense
Active Defense Harbinger Distribution (ADHD) – http://sourceforge.net/projects/adhd/
Project Artillery – https://www.trustedsec.com/downloads/artillery/
HoneyDocs – https://www.honeydocs.com/
Honeywords Project – http://people.csail.mit.edu/rivest/honeywords/
Honeytokens – http://www.symantec.com/connect/articles/honeytokens-other-honeypot
Honeytokens – https://www.auto.tuwien.ac.at/Workshops/dimva05/papers/cenys.pdf
Honeyports – http://pauldotcom.com/2013/08/honeyports-tech-segment-with-p.html
Whitetrash – http://whitetrash.sourceforge.net/
Penetration testing
Armitage – http://www.fastandeasyhacking.com/
Cobalt Strike – http://www.advancedpentest.com/
Immunity STRATEGIC (CANVAS) – http://www.immunityinc.com/products-strategic.shtml
Splinter – https://github.com/splinterbotnet
Dradis – http://dradisframework.org/
Lair – https://github.com/fishnetsecurity/Lair
White Chapel – http://www.room362.com/blog/2013/01/18/intro-to-white-chapel/
Magic Tree – http://www.gremwell.com/what_is_magictree
osintstalker – https://github.com/milo2012/osintstalker
rapportive.py – http://jordan-wright.github.io/blog/2013/10/14/automated-social-engineering-recon-using-rapportive/
Alexa – http://www.alexa.com/
Alexa 1 Million Top-Sites CSV – http://s3.amazonaws.com/alexa-static/top-1m.csv.zip
SMBEXEC – https://github.com/pentestgeek/smbexec
Powershell Portscanner – http://webstersprodigy.net/2013/07/01/powershell-portscanner/
Post Exploitation Wiki – https://github.com/mubix/post-exploitation-wiki
Poor man’s VPN pivoting – http://www.phillips321.co.uk/2013/10/29/poor-mans-vpn-pivot-at-last/
“Crack Me If You Can” – DEFCON 2010, Korelogic Rules – http://contest-2010.korelogic.com/rules.html
John The Ripper rockyou.chr README – https://www.korelogic.com/Resources/Tools/README-rockyou.txt
John The Ripper rockyou.chr – https://www.korelogic.com/Resources/Tools/rockyou.chr
John The Ripper rockyou-lanman.chr – https://www.korelogic.com/Resources/Tools/rockyou-lanman.chr
Wordlist mode rulesets for use with John the Ripper – http://openwall.info/wiki/john/rules
Free Rainbow Tables – https://www.freerainbowtables.com/
ophcrack – http://ophcrack.sourceforge.net/
Phishing Frenzy – http://www.pentestgeek.com/2013/11/04/introducing-phishing-frenzy/
Phish5 – https://phish5.com/
Threat Agent – https://www.threatagent.com/
Phishing Simulator – https://secure.tracesecurity.com/index.cfm
Binwalk – https://code.google.com/p/binwalk/
Netzob: Reverse Engineering Communication Protocols – http://www.netzob.org/
Malware
VirusTotal – https://www.virustotal.com
Malwr – https://malwr.com/
Cuckoo Sandbox – http://www.cuckoosandbox.org/
HOWTOs
Windows 7 / Kali Dualboot with Full Disk Encryption (FDE) – http://0x776b7364.wordpress.com/2013/06/19/windows-7-kali-dualboot-with-full-disk-encryption-fde/
Reset Local Administrator Password Using A Different Random String On Each Computer And Recover The Passwords Securely – http://www.sans.org/windows-security/2013/08/01/reset-local-administrator-password-automatically-with-a-different-password-across-the-enterprise
IT security / Pentest job interview questions/stuff
Daniel Miessler’s blog post – http://www.danielmiessler.com/study/infosec_interview_questions/
Jamie Rougvie’s blog – http://jamierougive.co.uk/jobs/interviewing/
Craig Freyman’s blog post – http://www.pwnag3.com/2013/12/penetration-testing-interviews-minimum.html
My Information Security Job – http://www.myinfosecjob.com/2010/03/itinformation-security-interview-questions/
Websites
Whispersystems (RedPhone, TextSecure) – https://whispersystems.org/
Abine (DoNotTrachMe, MaskMe) – https://www.abine.com/
HoneyMap – http://map.honeynet.org/
CIRCL map – http://map.circl.lu/
Sicherheitstacho (T-Systems) – http://www.sicherheitstacho.eu/
Other
Thinkts.com – http://thinkst.com/index.shtml
ConCollector – http://cc.thinkst.com/