Ethical Hacking

Resources for learning more about ethical hacking.

• Awesome-Hacking: A Massive Repo With Hundreds of Resources

BlackHat Slides and Presentations:

BlackHat 2022

Attack Your Own Vulnerable Machine with Metasploitable 2:

Metasploitable 2

📚 Resources for Learning More

• NIST SP 800-53 (Security and Privacy Controls for Information Systems and Organizations)
• NIST SP 800-115 (Techinical Guide to Information Security Testing and Assessment)
• NIST Computer Security Resource Center
• Security Certification Roadmap
• NMAP Network Scanning Guide
• CIDR to IPv4 Conversion
• MITRE ATT&CK
• Lockheed Martin's Cyber Kill Chain
• TryHackMe - Excellent Learning Paths and CTFs
• PortSwigger Academy - Learn all about BurpSuite and Web Attacks
• PentesterLab- Exercises
• Crackmes - Practice Reverse Engineering
• OWASP Top Ten Web App Security Risks
• Crunch - Make Custom Wordlists (w/Examples)
• WebSploit Labs - WebSploit includes several intentionally vulnerable applications running in Docker containers on top of Kali Linux or Parrot Security OS (w/Examples)

🤖 Solve The Challenges

• OverTheWire: Wargames
• picoCTF Challenges
• Hack The Box: Hacking Training
• Hack This Site - Free and Legal Hacking Training Ground
• HackerOne
• HackerRank

✏️ Handy Online Tools

• Ultimate List of Meterpreter Commands
• ByPass Antivirus Using Veil Framework
• Crackstation - Online Password Cracking
• Cipher Identifier
• Multiple Cipher Tools & Crackers
• CyberChef
• Base64Decode - Base64 Decoder/Encoder
• Online Steganography Tool
• MD5 Online Encrypt/Decrypt Tool

🤥 Social Engineering is The Way To Go

• This Person Does Not Exist - AI Generated Portraits
• FakeNameGenerator - Create a Fake Identity
• This Resume Does Not Exist - AI Generated Resume
• 10 Minute Mail - Email Address That Lasts 10 Minutes
• SSN Generator
• This X Does Not Exist

🔎 OSINT All Day Everyday

• PimEyes - Powerful Reverse Image Search
• WiGLE - Wireless Network Mapping
• Shodan - Search Engine for Network Connected Devices
• WhoIs Lookup
• Hunter - Find Email Addresses and Their Spelling Format
• PhoneBook.cz - Search Domains, Email Addresses, URLs in Leaks
• IntelX - Search Leaks
• SnapMap - Geographic Map of SnapChat Activity
• GeoCreepy - Geolocation OSINT Tool
• Search Public Buckets - GrayHatWarfare

📌Helpful Hints

Create Great Looking HTML Reports of Your Nmap Scans

Output your nmap scans as nice looking reports by outputting the scan results as xml, and then converting it to html.

Run your scan, and make sure you use the "Output to XML" flag "-oX" followed by the filename:

nmap -vv -sS -A -T3 -oX scanResults 172.16.1.4

Next, make sure you are in the same directory as the xml file, and use "xsltproc" to make to conversion to html:

xsltproc scanResults -o scanResults.html

If you open up the folder where the file is located you can see the xml and html files there:

Double-click the html file, and it will open your report in your browser: