ejpt-references.md

🌐 eJPT References

Introduction

• The Conscience of a Hacker
• Wireshark
  • Learn Wireshark
• Binary Hex Converters

Networking

• IP Header
• TCP/IP Model Stack - Layers & Protocols
  • TCP/IP Model
• ISO/OSI Model
  • TCP/IP vs OSI Model
  • Windows Network Architecture and the OSI Model
• IPv4 vs IPv6
  • Online IP Subnet Calculator
• IPv6 address
  • IPv6 Explained for Beginners
  • How to find IPv6 Prefix
  • IPv6 Subnet Calculator
• Basic Computer Networking
• IP Routing
  • Router vs Switch
  • Layer 2-3 Switching
  • ARP
• TCP vs UDP
  • guru99 - TCP 3-Way Handshake
  • mlytics - TCP 3-Way Handshake
• Firewall
  • Top free Firewall Software
  • The 5 types of Firewalls
  • Network design: Firewall - IDS - IPS
  • IDS vs IPS vs Firewall
  • Firewall vs WAF
  • LinuxSecurity HOWTOs
  • What is NAT
• DNS
  • What is DNS - by Cloudflare
  • DNS Explained
  • DNS Resolution
  • Root name servers
• Wireshark Tool
  • Wireshark Docs
  • Wireshark User's Guide
  • Display filter reference

Web Applications

• WebApp vs WebSite
• HTTP/1.x
  • HTTP Messages
  • HTTP Headers
  • HTTP Request methods
  • HTTP Response status codes
  • RFC 7231
• HTTP vs HTTPS
• High Performance Browser Networking - Book
• What is HTTPS
  • TLS - Transport Layer Security
• netcat Tool
  • netcat Cheat Sheet
  • Burp Suite - Documentation
  • OpenSSL Cookbook
• HTTP Cookies
  • RFC 6265.
  • Set-Cookie header
  • Web Authentication - Cookies vs Tokens
  • Session ID
  • Session Cookies
  • Cookies and Session Management
  • HTTP Cookies & Sessions - video by HackerSploit
• SOP
  • Same Origin Policy - PortSwigger
• Burp Suite by PortSwigger
  • Burp Suite Tools
• ZAP by OWASP Foundation
• What is a Proxy Server

Assessment Methodologies

Information Gathering

• Passive Information Gathering
  • Wappalyzer
  • whois.domaintools.com
  • netcraft
  • dnslytics.com
  • dnsrecon tool
  • dnsdumpster.com
  • wafw00f tool
  • sublist3r tool
  • google.com
  • Google Dorks Cheat Sheet
  • Google Hacking Database
  • theHarvester tool
  • haveibeenpwned.com
• Active Information Gathering
  • Ethical Standards
  • The Pentester's Code of Conduct
  • DNS Records - by Cloudflare
  • ZoneTransfer.me
  • DNS zone transfer and zone file
  • dig
  • dig Command Examples - by Vivek Gite
  • fierce
  • nmap
    • Nmap Command Examples - by Vivek Gite
    • NMap CheatSheet
• Ethical Hacking Footprinting
  • fping
  • zenmap
  • nmap automator
  • Rustscan
  • Autorecon

Enumeration

• Enumeration

  • SMB Enum

    • nmap Scripts
    • smbmap
    • smbclient
    • Metasploit
    • msfconsole
    • rpcclient
    • enum4linux
    • SMB named pipes
    • smtp-user-enum

  • hydra

  • Passwords word lists

  • FTP Enum

    • FTP Windows Enum
    • ftp command

  • SSH Enum

    • nc/netcat
    • ssh

  • What is HTTP?

    • httpie
    • dirb
    • browsh
    • curl
    • whatweb

  • What is MySQL?

    • MySQL Enum
    • mysql

Vulnerability Assessment & Auditing

• Vulnerability

• NIST - NVD

• CVEs & NVD Process

• Zero-Day

• Vulnerability Assessment

• exploit-db.com

  • searchsploit

• What is Cybersecurity? - IBM

  • PII
  • CIA Triad
  • Defense in Depth
  • Risk Management

• Compliance

  • Cybersec Frameworks

• Auditing

  • SCAP
  • OpenSCAP
  • What is a SCAP Scan

• Nessus

  • Nessus Essentials

Host & Network PenTesting

Windows System Attacks

• Host and Network Based Attacks by Tim DeWeese
• Microsoft Learn - IIS
  • davtest
  • cadaver
  • msfvenom
• Microsoft Learn - SMB
  • PsExec
  • impacket-scripts
  • PsExec.py Linux
  • CVE-2017-0143 - EternalBlue
    • AutoBlue-MS17-010
• Microsoft Learn - RDP
  • How to Exploit the BlueKeep Vulnerability with Metasploit - Pentest-Tools
  • Bluekeep CVE-2019–0708 Metasploit Module on Windows 7
• Microsoft Learn - WinRM
• CrackMapExec
• evil-winrm
• Privilege Escalation - Windows Kernel Exploits
  • windows-kernel-exploits
  • Windows-Exploit-Suggester
  • Windows Privilege Escalation - Resources - S1REN
• Microsoft Learn - UAC
  • UACMe
• Microsoft Learn - Access Tokens
  • Access Tokens - HackTricks
  • Abusing Tokens - HackTricks
  • Understanding Impersonation via Access Tokens
• ADS Alternate Data Streams
• SAM Database
  • LSA
  • LSA protection by default in Windows Canary build - 2023
• Windows authentication attacks - part 1 - RedForge
  • LM, NTLM, Net-NTLMv2, oh my!
  • mimikatz
  • Pass-the-hash
  • Alternative ways to Pass the Hash

Linux System Attacks

• Linux and GNU
• Apache Web Server
• CVE-2014-6271 - ShellShock
  • Shellshock exploit + vulnerable environment
• Linux Privilege Escalation: Linux kernel / distribution exploits
  • linux-kernel-exploitation links
  • linux-exploit-suggester
  • Basic Linux Privilege Escalation
  • Linux Privilege Escalation - Resources - S1REN
• Cron Jobs
  • Crontab Editor
• SUID
  • euid-ruid-suid - HackTricks
• Understanding /etc/shadow file format on Linux
  • Creating yescrypt, MD5, SHA-256, and SHA-512 Password Hashes
  • yescrypt

Network Attacks

• Man in the Middle (MITM) Attacks
  • What is MITM
• tshark
• arpspoof
• WiFi - 802.11 Frame Types and Formats

Metasploit

• Metasploit Framework
  • Metasploit Documentation
  • Architecture
  • Modules
  • Payloads
  • MSFConsole
  • Workspaces
  • Database Usage
  • Port Scanning
  • Nessus - Import
  • WMAP
  • Client-Side Attacks
    • Types of client side attacks
  • Msfvenom
    • Python HTTP Server
    • How to use MSFvenom
  • Writing Resource Scripts
  • Exploits
  • Post Exploitation
    • Meterpreter
    • Privilege Escalation
    • Incognito
    • PSExec Pass-the-hash
    • Enabling RDP
    • Pivoting
    • Keylogging
• Metasploit in Kali Linux
• Metasploit Unleashed – Free Ethical Hacking Course by OffSec
• Armitage GUI
  • Armitage
• PTES
  • Guide to Modern Penetration Testing - Infopulse
• MSF Installer
• How to Use Metasploit in Kali Linux + Metasploitable3
• Metasploitable3 - rapid7 Github
• Shikata Ga Nai Encoder Still Going Strong - Mandiant
• Haraka
• Methods Used by Linux for Hashing Passwords

Exploitation

• Exploitation PTES
• Banner Grabbing
• Nmap Scripting Engine
• exploit-db.com
  • Dorks - Google Hacking Database
• Rapid7 db
• Searchsploit
• Cross Compile to Win from Linux
  • MinGW-w64
  • ExploitDB bin-sploits

Shells

• Shells - HackTricks

  • Bind & Reverse Shells - Hacking with Netcat
  • PayloadsAllTheThings - Reverse Shell Cheatsheet
  • Reverse Shell Generator

• Reverse Shells - 0xffsec

  • Reverse-shell via Windows one-liner

• PowerShell-Empire

Defense Evasion

• Metasploitable2
• Metasploitable3
• What is Defense Evasion - Huntress
  • Defense Evasion - MITRE ATT&CK
  • Antivirus Detection Methods
  • Shellter
  • Invoke-Obfuscation

Post Exploitation

• Post-Exploitation
  • Ignitetechnologies/Privilege-Escalation
  • PayloadsAllTheThings - Windows - Privilege Escalation
  • PayloadsAllTheThings - Linux - Privilege Escalation
  • PEASS-ng
    • winPEAS
    • linPEAS
  • JAWS - Just Another Windows (Enum) Script
  • LinEnum - rebootuser
• Python3 - http.server
• tmux

TTY Shells

• Full TTY Shells - HackTricks
• Fully Interactive TTYs - 0xffsec
  • stty

Privilege Escalation

• PrivescCheck
• Linux Privilege Escalation Guide(Updated For 2023 - by Rashid-Feroze
• Linux Privilege Escalation using SUID Binaries
  • FallOfSudo
  • GTFOBins

Persistence

• Persistence - MITRE ATT&CK
• Enabling Remote Desktop - OffSec
• SSH Penetration Testing
• Scheduled Task/Job - MITRE ATT&CK

Cracking Hashes

• John The Ripper
• Hashcat

Pivoting

• Pivoting

Social Engineering

• What is Social Engineering?
• FBI IC3 Releases 2022 Internet Crime Report
• Trendmicro Security 101: Business Email Compromise (BEC) Schemes
• CEO Fraud Attacks - KnowBe4
• NIST SP 800-115 - Technical Guide to Information Security Testing and Assessment
• Social Engineering Penetration Testing: Attacks, Methods, & Steps - Purplesec.us
• Gophish
  • Creating the Gophish Demo

Web App PenTesting

• OWASP TOP 10
  • SQL Injection - OWASP
    • What is a SQLi? - PortSwigger
    • SQLi CheatSheet - PortSwigger
  • XSS - OWASP
    • How does XSS Work? - PortSwigger
    • XSS Cheatsheet - PortSwigger
• PortSwigger Web Security Academy
• HTTP Protocol
  • RFC 9110 - HTTP Semantics

Vulnerable Web Apps

• bWAPP

  • Setting Up OWASP bWAPP With Docker - HackerSploit

• OWASP Juice Shop

• Damn Vulnerable Web Application (DVWA)

• Mutillidae II

Tools

• Gobuster
• ffuf
• Burp Suite by PortSwigger
• ZAProxy
• Nikto
• SQLMap
  • SQLMap Cheatsheet
• XSSer
• WPScan

---