The Ultimate TOP 50 FREE Cyber Labs Resources in 2022
by RALFKAIROS
Alert to win - https://alf.nu/alert1
Attack-Defense - https://attackdefense.com
Bancocn - https://bancocn.com
Certified Secure - https://lnkd.in/gBKK-i-s
CMD Challenge - https://cmdchallenge.com
CryptoHack - https://cryptohack.org/
CTF Komodo Security - https://ctf.komodosec.com
Ctftime - https://ctftime.org/
Cyberdefenders - https://lnkd.in/gCf8v4Ju
CyberSecLabs - https://lnkd.in/gmyzMXju
EchoCTF - https://echoctf.red/
Explotation Education - https://exploit.education
Google CTF - https://lnkd.in/e46drbz8
Hack The Box - https://lnkd.in/ggfAMdQ8
Hackaflag BR - https://hackaflag.com.br/
Hacker Security - https://lnkd.in/gJbSaY3f
Hacker101 - https://ctf.hacker101.com
Hacking-Lab - https://hacking-lab.com/
Hacksplaining - https://lnkd.in/gVd9dNkK
HackTheBox - https://www.hackthebox.com
Hackthis - https://www.hackthis.co.uk
HackXpert - https://hackxpert.com/
HSTRIKE - https://hstrike.com
ImmersiveLabs - https://immersivelabs.com
LetsDefend- https://letsdefend.io/
NewbieContest - https://lnkd.in/gZ4UjDhy
OSBOXES - http://www.osboxes.org/
OverTheWire - http://overthewire.org
Penetration Testing Practice Labs - https://lnkd.in/grQev9Kk
Pentestlab - https://pentesterlab.com
PicoCTF - https://picoctf.com
PortSwigger Web Security Academy - https://lnkd.in/gAPq2ezr
Practical Pentest Labs - https://lnkd.in/gUSqv6xS
Pwn college - https://dojo.pwn.college/
PWNABLE - https://lnkd.in/gNcyqG64
RangeForce - https://lnkd.in/gGy3feqt
Root in Jail - http://rootinjail.com
Root-Me - https://www.root-me.org
SANS Challenger - https://lnkd.in/gG-5_ZPF
SmashTheStack - https://lnkd.in/gMFNTURc
TCM Security - https://lnkd.in/gbQinqvf
The Cryptopals Crypto Challenges - https://cryptopals.com
Try Hack Me - https://tryhackme.com
Vulnhub - https://www.vulnhub.com
Vulnmachines https://vulnmachines.com/
W3Challs - https://w3challs.com
WeChall - http://www.wechall.net
Zenk-Security - https://lnkd.in/g_y_p5ha
Webgoat - https://lnkd.in/gjsgegYw
if you recommand websites we missed, please share them in the comments by
by RALFKAIROS
Alert to win - https://alf.nu/alert1
Attack-Defense - https://attackdefense.com
Bancocn - https://bancocn.com
Certified Secure - https://lnkd.in/gBKK-i-s
CMD Challenge - https://cmdchallenge.com
CryptoHack - https://cryptohack.org/
CTF Komodo Security - https://ctf.komodosec.com
Ctftime - https://ctftime.org/
Cyberdefenders - https://lnkd.in/gCf8v4Ju
CyberSecLabs - https://lnkd.in/gmyzMXju
EchoCTF - https://echoctf.red/
Explotation Education - https://exploit.education
Google CTF - https://lnkd.in/e46drbz8
Hack The Box - https://lnkd.in/ggfAMdQ8
Hackaflag BR - https://hackaflag.com.br/
Hacker Security - https://lnkd.in/gJbSaY3f
Hacker101 - https://ctf.hacker101.com
Hacking-Lab - https://hacking-lab.com/
Hacksplaining - https://lnkd.in/gVd9dNkK
HackTheBox - https://www.hackthebox.com
Hackthis - https://www.hackthis.co.uk
HackXpert - https://hackxpert.com/
HSTRIKE - https://hstrike.com
ImmersiveLabs - https://immersivelabs.com
LetsDefend- https://letsdefend.io/
NewbieContest - https://lnkd.in/gZ4UjDhy
OSBOXES - http://www.osboxes.org/
OverTheWire - http://overthewire.org
Penetration Testing Practice Labs - https://lnkd.in/grQev9Kk
Pentestlab - https://pentesterlab.com
PicoCTF - https://picoctf.com
PortSwigger Web Security Academy - https://lnkd.in/gAPq2ezr
Practical Pentest Labs - https://lnkd.in/gUSqv6xS
Pwn college - https://dojo.pwn.college/
PWNABLE - https://lnkd.in/gNcyqG64
RangeForce - https://lnkd.in/gGy3feqt
Root in Jail - http://rootinjail.com
Root-Me - https://www.root-me.org
SANS Challenger - https://lnkd.in/gG-5_ZPF
SmashTheStack - https://lnkd.in/gMFNTURc
TCM Security - https://lnkd.in/gbQinqvf
The Cryptopals Crypto Challenges - https://cryptopals.com
Try Hack Me - https://tryhackme.com
Vulnhub - https://www.vulnhub.com
Vulnmachines https://vulnmachines.com/
W3Challs - https://w3challs.com
WeChall - http://www.wechall.net
Zenk-Security - https://lnkd.in/g_y_p5ha
Webgoat - https://lnkd.in/gjsgegYw
if you recommand websites we missed, please share them in the comments by
CryptoHack
CryptoHack – Home
A free, fun platform to learn about cryptography through solving challenges and cracking insecure code. Can you reach the top of the leaderboard?
Top Location API Services:
♾ whoapi.com
♾ ipinfo.io
♾ ip2location.com
♾ ipgeolocation.io
♾ maxmind.com
♾ ipstack.com
♾ ipapi.com
♾ ipwhois.io
♾ db-ip.com
♾ ipdata.com
♾ whoapi.com
♾ ipinfo.io
♾ ip2location.com
♾ ipgeolocation.io
♾ maxmind.com
♾ ipstack.com
♾ ipapi.com
♾ ipwhois.io
♾ db-ip.com
♾ ipdata.com
#Offensive_security
Using eBPF-TC to securely mangle packets in the kernel, and pass them to secure networking application
https://openziti.io/using-ebpf-tc-to-securely-mangle-packets-in-the-kernel-and-pass-them-to-my-secure-networking-application
Using eBPF-TC to securely mangle packets in the kernel, and pass them to secure networking application
https://openziti.io/using-ebpf-tc-to-securely-mangle-packets-in-the-kernel-and-pass-them-to-my-secure-networking-application
netfoundry.io
NetFoundry Documentation
Find product and open-source docs fast
#reversing
#Malware_analysis
IDApython Scripts for Analyzing Golang Binaries
https://github.com/SentineLabs/AlphaGolang
#Malware_analysis
IDApython Scripts for Analyzing Golang Binaries
https://github.com/SentineLabs/AlphaGolang
GitHub
GitHub - SentineLabs/AlphaGolang: IDApython Scripts for Analyzing Golang Binaries
IDApython Scripts for Analyzing Golang Binaries. Contribute to SentineLabs/AlphaGolang development by creating an account on GitHub.
#Red_Team_Tactics
1. Design and setup of C2 traffic redirectors
https://ditrizna.medium.com/design-and-setup-of-c2-traffic-redirectors-ec3c11bd227d
2. Account Takeovers
https://www.synack.com/blog/account-takeovers-believe-the-unbelievable
1. Design and setup of C2 traffic redirectors
https://ditrizna.medium.com/design-and-setup-of-c2-traffic-redirectors-ec3c11bd227d
2. Account Takeovers
https://www.synack.com/blog/account-takeovers-believe-the-unbelievable
Medium
Red Team Tutorial: Design and setup of C2 traffic redirectors
This article describes the Command & Control (C2) infrastructure design and provides a step-by-step setup of the C2 redirector.
#Offensive_security
1. Shell script to cover your tracks on UNIX systems before exiting the infected server
https://github.com/sundowndev/covermyass
2. A simple PoC to invoke an encrypted shellcode by using an hidden call
https://github.com/enkomio/BrokenFlow
1. Shell script to cover your tracks on UNIX systems before exiting the infected server
https://github.com/sundowndev/covermyass
2. A simple PoC to invoke an encrypted shellcode by using an hidden call
https://github.com/enkomio/BrokenFlow
GitHub
GitHub - sundowndev/covermyass: Post-exploitation tool to cover your tracks on a compromised machine (beta)
Post-exploitation tool to cover your tracks on a compromised machine (beta) - sundowndev/covermyass
#hardening
#Blue_Team_Techniques
1. Custom ADMX template focused on hardening Windows 10 systems
https://github.com/Harvester57/Security-ADMX
2. No Logs? No Problem! Incident Response without Windows Event Logs
https://labs.jumpsec.com/no-logs-no-problem-incident-response-without-windows-event-logs
#Blue_Team_Techniques
1. Custom ADMX template focused on hardening Windows 10 systems
https://github.com/Harvester57/Security-ADMX
2. No Logs? No Problem! Incident Response without Windows Event Logs
https://labs.jumpsec.com/no-logs-no-problem-incident-response-without-windows-event-logs
GitHub
GitHub - Harvester57/Security-ADMX: Custom ADMX template focused on hardening Windows 10 & Windows 11 systems
Custom ADMX template focused on hardening Windows 10 & Windows 11 systems - Harvester57/Security-ADMX
#Threat_Research
1. Decentralized Identity Attack Surface
https://www.cyberark.com/resources/threat-research-blog/decentralized-identity-attack-surface-part-1
2. Open Cyber Threat Intelligence Platform
https://github.com/OpenCTI-Platform/opencti
1. Decentralized Identity Attack Surface
https://www.cyberark.com/resources/threat-research-blog/decentralized-identity-attack-surface-part-1
2. Open Cyber Threat Intelligence Platform
https://github.com/OpenCTI-Platform/opencti
Cyberark
Decentralized Identity Attack Surface – Part 1
Introduction Who are you? That’s a hard question to answer. Many philosophers have been fascinated with this question for years. Who are you in cyberspace? Your digital identity is comprised of...
👍2
#Malware_analysis
1. Malicious Packer pkr_ce1a
https://malwarology.substack.com/p/malicious-packer-pkr_ce1a
2. Venus Ransomware
https://www.sentinelone.com/blog/venus-ransomware-zeoticus-spin-off-shows-sophistication-isnt-necessary-for-success
3. Brute Ratel C4 Badger analysis and detection
https://ift.tt/MUVtyem
1. Malicious Packer pkr_ce1a
https://malwarology.substack.com/p/malicious-packer-pkr_ce1a
2. Venus Ransomware
https://www.sentinelone.com/blog/venus-ransomware-zeoticus-spin-off-shows-sophistication-isnt-necessary-for-success
3. Brute Ratel C4 Badger analysis and detection
https://ift.tt/MUVtyem
Substack
Malicious Packer pkr_ce1a
First Stage
👍2
Looking_Beyond_IoCs.pdf
1 MB
#Research
"Looking Beyond IoCs: Automatically Extracting Attack Patterns from External CTI", 2022.
]-> Repo: https://github.com/aiforsec22/IEEEEuroSP23
"Looking Beyond IoCs: Automatically Extracting Attack Patterns from External CTI", 2022.
]-> Repo: https://github.com/aiforsec22/IEEEEuroSP23
Fingerprinting_Browser_Ext.pdf
996.9 KB
#Threat_Research
"The Dangers of Human Touch: Fingerprinting Browser Extensions through User Actions", 2022.
]-> Tool/Repo: https://github.com/kostassolo/dangers-of-human-touch
"The Dangers of Human Touch: Fingerprinting Browser Extensions through User Actions", 2022.
]-> Tool/Repo: https://github.com/kostassolo/dangers-of-human-touch
OpenVPN_fp.pdf
11.6 MB
#Research
"OpenVPN is Open to VPN Fingerprinting", 2022.
]-> Network traffic classification library:
https://github.com/LibtraceTeam/libprotoident
"OpenVPN is Open to VPN Fingerprinting", 2022.
]-> Network traffic classification library:
https://github.com/LibtraceTeam/libprotoident
Python3.pdf
17.1 MB
#Tech_book
"Python 3: The Comprehensive Guide", 2022.
"Python 3: The Comprehensive Guide", 2022.
Рекламные идентификаторы (ID) прячутся в коде вебсайта (в Chrome комбинацией клавиш - CTRL+U):
AdSense: Pub- или ca-pub
Analytics: UA-
Amazon: &tag=
AddThis: #pubid / pubid
Metrika: mc.yandex / ym
Rambler: top100
Mail.ru: Top.Mail.Ru
Сервисы поиска рекламных идентификаторов:
├blacklight (Search AD)
├urlscan (Search AD)
└spiderfoot (Search AD)
Поиск совпадений рекламных идентификаторов:
├spyonweb (Reverse AD)
├shodan (Reverse AD)
├osint.sh (Reverse AD)
├analyzeid (Reverse AD)
├dnslytics (Reverse AD)
└intelx (Reverse AD)
Доступ к чужой статистике:
https://metrika.yandex.ru/dashboard?id=ID
https://top100.rambler.ru/search?query=ID
https://top.mail.ru/visits?id=ID
Translation: ru-en
Advertising identifiers (ID) are hidden in the website code (in Chrome, the key combination is CTRL + U):
AdSense: Pub- or ca-pub
Analytics: UA-
Amazon: &tag=
AddThis: #pubid / pubid
Metrika: mc.yandex / ym
Rambler: top100
Mail.ru: Top.Mail.Ru
Search services for advertising identifiers:
├blacklight (Search AD)
├urlscan (Search AD)
└spiderfoot (Search AD)
Searching for Advertising ID Matches:
├spyonweb (Reverse AD)
├shodan (Reverse AD)
├osint.sh (Reverse AD)
├analyzeid (Reverse AD)
├dnslytics (Reverse AD)
└intelx (Reverse AD)
Access to someone else's statistics:
https://metrika.yandex.ru/dashboard?id=ID
https://top100.rambler.ru/search?query=ID
https://top.mail.ru/visits?id=ID
AdSense: Pub- или ca-pub
Analytics: UA-
Amazon: &tag=
AddThis: #pubid / pubid
Metrika: mc.yandex / ym
Rambler: top100
Mail.ru: Top.Mail.Ru
Сервисы поиска рекламных идентификаторов:
├blacklight (Search AD)
├urlscan (Search AD)
└spiderfoot (Search AD)
Поиск совпадений рекламных идентификаторов:
├spyonweb (Reverse AD)
├shodan (Reverse AD)
├osint.sh (Reverse AD)
├analyzeid (Reverse AD)
├dnslytics (Reverse AD)
└intelx (Reverse AD)
Доступ к чужой статистике:
https://metrika.yandex.ru/dashboard?id=ID
https://top100.rambler.ru/search?query=ID
https://top.mail.ru/visits?id=ID
Translation: ru-en
Advertising identifiers (ID) are hidden in the website code (in Chrome, the key combination is CTRL + U):
AdSense: Pub- or ca-pub
Analytics: UA-
Amazon: &tag=
AddThis: #pubid / pubid
Metrika: mc.yandex / ym
Rambler: top100
Mail.ru: Top.Mail.Ru
Search services for advertising identifiers:
├blacklight (Search AD)
├urlscan (Search AD)
└spiderfoot (Search AD)
Searching for Advertising ID Matches:
├spyonweb (Reverse AD)
├shodan (Reverse AD)
├osint.sh (Reverse AD)
├analyzeid (Reverse AD)
├dnslytics (Reverse AD)
└intelx (Reverse AD)
Access to someone else's statistics:
https://metrika.yandex.ru/dashboard?id=ID
https://top100.rambler.ru/search?query=ID
https://top.mail.ru/visits?id=ID
themarkup.org
Blacklight – The Markup
A Real-Time Website Privacy Inspector
👍3
This media is not supported in your browser
VIEW IN TELEGRAM
Free travel with contactless payment
A SMALL vulnerability in the fare scheme in the subway and social transport. 100% works with Apple Pay (I can't test Android Pay). The essence of the scheme is simple to impossibility.
Would need:
1. Apple smartphone with Apple Pay support
2. Debit card with zero balance (less than the fare in your area (I have 28r))
Progress of work (on the example of the subway):
1. We go down to the subway
2. We pay through a turnstile with a contactless payment terminal
3. There is no money, but you der ... "ahem" for the first time they will let you through, the card will be sent to an emergency
4. But because payment went through Apple Pay, card emulation, it is this emulation code that gets into the emergency situation (it is different for each card)
5. We bind the card to the AP again, the code changes
6. Next time start from point 1
A SMALL vulnerability in the fare scheme in the subway and social transport. 100% works with Apple Pay (I can't test Android Pay). The essence of the scheme is simple to impossibility.
Would need:
1. Apple smartphone with Apple Pay support
2. Debit card with zero balance (less than the fare in your area (I have 28r))
Progress of work (on the example of the subway):
1. We go down to the subway
2. We pay through a turnstile with a contactless payment terminal
3. There is no money, but you der ... "ahem" for the first time they will let you through, the card will be sent to an emergency
4. But because payment went through Apple Pay, card emulation, it is this emulation code that gets into the emergency situation (it is different for each card)
5. We bind the card to the AP again, the code changes
6. Next time start from point 1
👍3
Кто работает по Китаю вот полный рессурс по проверки и пробиву всех данных.
Translation: ru-en
Who works in China, here is a complete resource for checking and breaking through all the data.
( Profile @hayper007 tools lab profile https://start.me/u/kxEL4L millions tools available Here)
Open this link create account and enjoy ☺️🥲
Translation: ru-en
Who works in China, here is a complete resource for checking and breaking through all the data.
( Profile @hayper007 tools lab profile https://start.me/u/kxEL4L millions tools available Here)
Open this link create account and enjoy ☺️🥲
Start.me
OSINT CHINE - Start.me
A startpage with online resources about OSINT CHINE, created by Pangar-ban.
👍2
https://www.udemy.com/share/102NqC3@worFLMt_BaYvfirSuLDExi9GHOnah9VcbEX9G4v16LxIC_5sTMoeer2rs-KLwzQv4Q==/
https://www.udemy.com/share/101IJY3@Yq-dbJnffkpQLbqThmYQ7XlewODhTJJGZXagbMa82mQPtWJ2mQb3HkjzVAuNJHNQAA==/
https://www.udemy.com/share/103ZZc3@h1k6PibAvLT7PPS1dQ22dbkufr3VGaKw2I_LFx2qNWT6_Qoj6klVCbRyrn5PIBavCg==/
Good Free udemy courses for OSINT
https://www.udemy.com/share/101IJY3@Yq-dbJnffkpQLbqThmYQ7XlewODhTJJGZXagbMa82mQPtWJ2mQb3HkjzVAuNJHNQAA==/
https://www.udemy.com/share/103ZZc3@h1k6PibAvLT7PPS1dQ22dbkufr3VGaKw2I_LFx2qNWT6_Qoj6klVCbRyrn5PIBavCg==/
Good Free udemy courses for OSINT
Udemy
Online Courses - Learn Anything, On Your Schedule | Udemy
Udemy is an online learning and teaching marketplace with over 250,000 courses and 80 million students. Learn programming, marketing, data science and more.