▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑#Resources for Windows-based Assessments 2020 v

#Tools used for Windows-based Assessments

- PowerShell Empire
- CimSweep
- Responder - A LLMNR, NBT-NS and MDNS poisoner
- BloodHound - Six Degrees of Domain Admin
- AD Control Path - Active Directory Control Paths auditing and graphing tools
- PowerSploit - A PowerShell Post-Exploitation Framework
- PowerView - Situational Awareness PowerShell framework
- PowerSCCM - Functions to facilitate connections to and queries from SCCM databases and WMI interfaces for both offensive and defensive applications.
- Empire - PowerShell and Python post-exploitation agent
- Mimikatz - Utility to extract plaintexts passwords, hash, PIN code and kerberos tickets from memory but also perform pass-the-hash, pass-the-ticket or build Golden tickets
- UACME - Defeating Windows User Account Control
- Windows System Internals - (Including Sysmon etc.)
- Hardentools - Collection of simple utilities designed to disable a number of "features" exposed by Windows
- CrackMapExec - A swiss army knife for pentesting Windows/Active Directory environments

#Additional Resources

- PaulSec Windows Resource Repository
- Tools Cheatsheets - (Beacon, PowerView, PowerUp, Empire, ...)
- SANS PowerShell Cheat Sheet
- The Active Directory module for Windows PowerShell is a PowerShell module that consolidates a group of cmdlets.

>git sources
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑#Resources about Zone-based Firewalls

#Deployment and Configuration Guides :


- Security Configuration Guide: Zone-Based Policy Firewall

- Zone-Based Policy Firewall Design and Application Guide

- Configuring ZBFW from GeeksforGeeks


LEARN BEFORE BREAK

@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Essential malware analysis reading material #resources
#Malware/

[Learning Malware Analysis](https://www.packtpub.com/networking-and-servers/learning-malware-analysis) - Learning Malware Analysis: Explore the concepts, tools, and techniques to analuze and investigate Windows malware

Mastering Malware Analysis - Mastering Malware Analysis: The complete malware analyst's guide to combating malicious software, APT, cybercime, and IoT attacks

[Mastering Reverse Engineering](https://www.packtpub.com/networking-and-servers/mastering-reverse-engineering) - Mastering Reverse Engineering: Re-engineer your ethical hacking skills

Practical Malware Analysis - The Hands-On
Guide to Dissecting Malicious Software.

[Practical Reverse Engineering](https://www.amzn.com/dp/1118787315/) -
Intermediate Reverse Engineering.

Real Digital Forensics - Computer
Security and Incident Response.

[Rootkits and Bootkits](https://www.amazon.com/dp/1593277164) - Rootkits and Bootkits: Reversing Modern Malware and Next Generation Threats

The Art of Memory Forensics - Detecting
Malware and Threats in Windows, Linux, and Mac Memory.

[The IDA Pro Book](https://amzn.com/dp/1593272898) - The Unofficial Guide
to the World's Most Popular Disassembler.

The Rootkit Arsenal - The Rootkit Arsenal:
Escape and Evasion in the Dark Corners of the System




ENJOY ❤️👍🏻
✅2020 GIT SOURCES
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Recommended to start-top-Related free tutorials for exploit
#resources


* [Shellcode Tutorial](http://www.vividmachines.com/shellcode/shellcode.html) - Tutorial on how to write shellcode.

* [Shellcode Examples](http://shell-storm.org/shellcode/) - Shellcodes database.

* [Exploit Writing Tutorials](https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/) - Tutorials on how to develop exploits.

-as long as you learn the better

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Social Engineering #Resources

[Social Engineering Framework](http://www.social-engineer.org/framework/general-discussion/) - Information resource for social engineers.

🦑Lock Picking #Resources

Schuyler Towne channel - Lockpicking videos and security talks.

[bosnianbill](https://www.youtube.com/user/bosnianbill) - More lockpicking videos.

/r/lockpicking - Resources for learning lockpicking, equipment recommendations.

✅topic
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑WEB-Hacking #resources :

Http://www.bindshell.net/tools/beef

Http://blindelephant.sourceforge.net/

Http://xsser.sourceforge.net/

Http://sourceforge.net/projects/rips-scanner/

Http://www.divineinvasion.net/authforce/

Http://andlabs.org/tools.html#sotf

http://www.taddong.com/docs/Browser_Exploitation_for_Fun&Profit_Taddong-RaulSiles_Nov2010_v1.1.pdf

Http://carnal0wnage.blogspot.com/2007/07/using-sqid-sql-injection-digger-to-look.html

Http://code.google.com/p/pinata-csrf-tool/

Http://xsser.sourceforge.net/#intro

Http://www.contextis.co.uk/resources/tools/clickjacking-tool/

Http://packetstormsecurity.org/files/view/69896/unicode-fun.txt

Http://sourceforge.net/projects/ws-attacker/files/

Https://github.com/koto/squid-imposter


enjoy❤️👍🏻
✅git 2020
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑EXPLOITATION INTRO:
#resources

Http://myne-us.blogspot.com/2010/08/from-0x90-to-0x4c454554-journey-into.html

Http://www.mgraziano.info/docs/stsi2010.pdf

Http://www.abysssec.com/blog/2010/05/past-present-future-of-windows-exploitation/

Http://www.ethicalhacker.net/content/view/122/2/

http://code.google.com/p/it-sec-catalog/wiki/Exploitation

Http://x9090.blogspot.com/2010/03/tutorial-exploit-writting-tutorial-from.html

Http://ref.x86asm.net/index.html

ENJOY❤️👍🏻
✅sources git 2020
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑PASSWORDS AND HASHES CRACKING & TUTORIALS
#resources

Http://www.irongeek.com/i.php?page=videos/password-exploitation-class

Http://cirt.net/passwords

Http://sinbadsecurity.blogspot.com/2008/10/ms-sql-server-password-recovery.html

Http://www.foofus.net/~jmk/medusa/medusa-smbnt.html

Http://www.foofus.net/?page_id=63

Http://hashcrack.blogspot.com/

Http://www.nirsoft.net/articles/saved_password_location.html

Http://www.onlinehashcrack.com/

Http://www.md5this.com/list.php?

Http://www.virus.org/default-password

Http://www.phenoelit-us.org/dpl/dpl.html

Http://news.electricalchemy.net/2009/10/cracking-passwords-in-
cloud.html

🦑WORDLISTS :


Http://contest.korelogic.com/wordlists.html

http://packetstormsecurity.org/Crackers/wordlists/

http://www.skullsecurity.org/wiki/index.php/Passwords

Http://www.ericheitzman.com/passwd/passwords/

ENJOY❤️👍🏻
✅sources git 2020
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑A Good collections OS & scripts tutorials for beginers :
#resources

http://en.wikipedia.org/wiki/IPv4_subnetting_reference

Http://www.nixtutor.com/linux/all-the-best-linux-cheat-sheets/

Http://shelldorado.com/shelltips/beginner.html

Http://www.linuxsurvival.com/

http://mywiki.wooledge.org/BashPitfalls

Http://rubular.com/

Http://www.iana.org/assignments/port-numbers

Http://www.robvanderwoude.com/ntadmincommands.php

Http://www.nixtutor.com/linux/all-the-best-linux-cheat-sheets/

ENJOY❤️👍🏻
✅sources git 2020
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑MISC/UNSORTED
#Resources 2020


http://www.ikkisoft.com/stuff/SMH_XSS.txt

Http://securestate.blogspot.com/2010/08/xfs-101-cross-frame-scripting-explained.html?utm_source=twitterfeed&utm_medium=twitter Http://whatthefuckismyinformationsecuritystrategy.com/

Http://video.google.com/videoplay?docid=4379894308228900017&q=owasp#

http://video.google.com/videoplay?docid=4994651985041179755&ei=_1k4TKj-PI-cqAPioJnKDA&q=deepsec#

Http://www.sensepost.com/blog/4552.html

Http://blog.zenone.org/2009/03/pci-compliance-disable-sslv2-and-weak.html

Http://threatpost.com/en_us/blogs/hd-moore-metasploit-exploitation-and-art-pen-testing-040210

Http://carnal0wnage.attackresearch.com/node/410

Http://www.cs.ucsb.edu/~adoupe/static/black-box-scanners-dimva2010.pdf

http://www.spy-hunter.com/Database_Pen_Testing_ISSA_March_25_V2.pdf

Http://perishablepress.com/press/2006/01/10/stupid-htaccess-tricks/

ENJOY❤️👍🏻
✅sources git 2020
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁