Offensive Security Bookmarks
My security bookmarks collection.
All that things I need to pass OSCP, i think =)
Security Blogs
My Security OPML
Security Forums
http://securityoverride.org/forum/index.php
https://www.hackthissite.org/forums/index.php
https://www.ethicalhacker.net/forums/index.php
https://evilzone.org/
http://forum.antichat.ru/
https://forum.xeksec.com/
https://rdot.org/forum/
https://forum.zloy.bz/
https://forum.reverse4you.org/
https://rstforums.com/forum/
http://www.truehackers.ru/forum/index.php
http://garage4hackers.com/forum.php
https://www.hellboundhackers.org/
http://www.lockpicking101.com/
https://www.xploitworld.com/index.php

👉Join: @hacker_habesha🇪🇹
👉Join: @hacker_habesha🇪🇹

🐧Linux Privileges Escalation Techniques (Basic to Advanced) Series

🔹Part 1: http://hacklido.com/blog/158
🔹Part 2: http://hacklido.com/blog/162
🔹Part 3: http://hacklido.com/blog/210
🔹Part 4: http://hacklido.com/blog/224
🔹Part 5: https://hacklido.com/blog/286


Join 👉@hacker_habesha

**🚀 Exciting News! PicoCTF-Africa Online Training Series**

Hey everyone! 🌟

Hope you're all doing well! 🚀 I've got some exciting news - the PicoCTF-Africa online training series is kicking off on Jan 27! 🖥️ It's a fantastic opportunity for university undergrads & high schoolers interested in diving into the world of cybersecurity.

🔗 Register here: https://forms.gle/JhgPHzCVPWEx4uPNA

📅 Training starts: Jan 27

🌐 About:
🖥️Introduction to the cyber-Security concepts focusing on practical skills using a Capture The Flag (CTF) approach.
🖥️ Familiarizing with PicoCTF platform and getting ready for PicoCTF2024 competition.

📌 Poster Attached: Check out the poster and feel free to share this amazing opportunity with your friends and peers!

📢 Kindly share with your undergrad and high school colleagues! Let's make sure everyone gets a chance to join this cybersecurity adventure.


Got questions or need more info? Drop them here, and let's get ready for an awesome learning experience together! 🛡️✨

41% attacks bypass network security.

Defense-in-Depth isn't enough. Use AI-powered Cyber Threat Intelligence (CTI) and Breach & Attack Simulation (BAS) to test defenses against real-world attacks, uncover vulnerabilities.

Read to find the key: https://thehackernews.com/2024/01/perfecting-defense-in-depth-strategy.html

📋Cyber Security Periodic Table

🔖#infosec #cybersecurity #hacking #pentesting #security

👉Join: @hacker_habesha

🗝Plaintext vs Encoding vs Hashing vs Encryption

🔖#infosec #cybersecurity #hacking #pentesting #security

👉Join: @hacker_habesha
👉Join: @hacker_habesha🇪🇹

🧬Popular HTTP Request Methods for Log Analysis

🔖#infosec #cybersecurity #hacking #pentesting #security

👉Join: @hacker_habesha
👉Join: @hacker_habesha🇪🇹

🎣Social Engineering Attacks

🔖#infosec #cybersecurity #hacking #pentesting #security

👉Join: @hacker_habesha
👉Join: @hacker_habesha🇪🇹

🖥 100 Web Vulnerabilities, categorized into various types : 😀

⚡️ Injection Vulnerabilities:

1. SQL Injection (SQLi)
2. Cross-Site Scripting (XSS)
3. Cross-Site Request Forgery (CSRF)
4. Remote Code Execution (RCE)
5. Command Injection
6. XML Injection
7. LDAP Injection
8. XPath Injection
9. HTML Injection
10. Server-Side Includes (SSI) Injection
11. OS Command Injection
12. Blind SQL Injection
13. Server-Side Template Injection (SSTI)

⚡️ Broken Authentication and Session Management:

14. Session Fixation
15. Brute Force Attack
16. Session Hijacking
17. Password Cracking
18. Weak Password Storage
19. Insecure Authentication
20. Cookie Theft
21. Credential Reuse

⚡️ Sensitive Data Exposure:

22. Inadequate Encryption
23. Insecure Direct Object References (IDOR)
24. Data Leakage
25. Unencrypted Data Storage
26. Missing Security Headers
27. Insecure File Handling

⚡️ Security Misconfiguration:

28. Default Passwords
29. Directory Listing
30. Unprotected API Endpoints
31. Open Ports and Services
32. Improper Access Controls
33. Information Disclosure
34. Unpatched Software
35. Misconfigured CORS
36. HTTP Security Headers Misconfiguration

⚡️ XML-Related Vulnerabilities:

37. XML External Entity (XXE) Injection
38. XML Entity Expansion (XEE)
39. XML Bomb

⚡️ Broken Access Control:

40. Inadequate Authorization
41. Privilege Escalation
42. Insecure Direct Object References
43. Forceful Browsing
44. Missing Function-Level Access Control

⚡️ Insecure Deserialization:

45. Remote Code Execution via Deserialization
46. Data Tampering
47. Object Injection

⚡️ API Security Issues:

48. Insecure API Endpoints
49. API Key Exposure
50. Lack of Rate Limiting
51. Inadequate Input Validation

⚡️ Insecure Communication:

52. Man-in-the-Middle (MITM) Attack
53. Insufficient Transport Layer Security
54. Insecure SSL/TLS Configuration
55. Insecure Communication Protocols

⚡️ Client-Side Vulnerabilities:

56. DOM-based XSS
57. Insecure Cross-Origin Communication
58. Browser Cache Poisoning
59. Clickjacking
60. HTML5 Security Issues

⚡️ Denial of Service (DoS):

61. Distributed Denial of Service (DDoS)
62. Application Layer DoS
63. Resource Exhaustion
64. Slowloris Attack
65. XML Denial of Service

⚡️ Other Web Vulnerabilities:

66. Server-Side Request Forgery (SSRF)
67. HTTP Parameter Pollution (HPP)
68. Insecure Redirects and Forwards
69. File Inclusion Vulnerabilities
70. Security Header Bypass
71. Clickjacking
72. Inadequate Session Timeout
73. Insufficient Logging and Monitoring
74. Business Logic Vulnerabilities
75. API Abuse

⚡️ Mobile Web Vulnerabilities:

76. Insecure Data Storage on Mobile Devices
77. Insecure Data Transmission on Mobile Devices
78. Insecure Mobile API Endpoints
79. Mobile App Reverse Engineering

⚡️ IoT Web Vulnerabilities:

80. Insecure IoT Device Management
81. Weak Authentication on IoT Devices
82. IoT Device Vulnerabilities

⚡️ Web of Things (WoT) Vulnerabilities:

83. Unauthorized Access to Smart Homes
84. IoT Data Privacy Issues

⚡️ Authentication Bypass:

85. Insecure "Remember Me" Functionality
86. CAPTCHA Bypass

⚡️ Server-Side Request Forgery (SSRF):

87. Blind SSR
88. Time-Based Blind SSRF

⚡️ Content Spoofing:

89. MIME Sniffing
90. X-Content-Type-Options Bypass
91. Content Security Policy (CSP) Bypass

⚡️ Business Logic Flaws:

92. Inconsistent Validation
93. Race Conditions
94. Order Processing Vulnerabilities
95. Price Manipulation
96. Account Enumeration
97. User-Based Flaws

⚡️ Zero-Day Vulnerabilities:

98. Unknown Vulnerabilities
99. Unpatched Vulnerabilities
100. Day-Zero Exploits

👉Join: @hacker_habesha🇪🇹
👉Join: @hacker_habesha🇪🇹

📚Top 9 eBooks for Hackers and Pentesters📚

Hacking Web Applications - Hacking Exposed
https://mega.nz/file/LCYWWRYI#QQ8O9k6lp7vmYWzrbxbs8ItSVbYpSluYfktCxWURZGs

Hacking for Dummies
https://mega.nz/file/iKQ2jZSQ#ur1W05ChW7_ipTYtEK6QKpIlyoqLyS82RGsEUEzFQDQ

Network Security Bible
https://mega.nz/file/mLAUEbDQ#PXzqsNN2PPc-PUVyAwbfknTHEA-QBvjwvpjjQgZnYMo

Ethical Hacking and Countermeasures
https://mega.nz/file/2fAyRb4C#tpFivx91Ips2rR3UnVdtlgvx1oOmi-qEtCu29DlO9uQ

The Little Black Book of Computer Viruses
https://mega.nz/file/SDICALSJ#3r2oy2AsGXR3P7f8K7xvL2kEVjR6ccze83cAmz9VIBc

XSS Attacks - Cross Site Scripting Exploits and Defense
https://mega.nz/file/3XJCyD5C#qAda14pWUjd5u4wjOYmzCI52UMa1rUFulh7V0kBGZk8

The Shellcoder's Handbook
https://mega.nz/file/3OZgwT6Z#8yNyiuSHVQ3gOib4rKJYtwsCwSfqAfoFj2lQtwUyI8o

Wireshark for Security Professionals
https://mega.nz/file/7TRUCZCZ#ZPFmeFnccvR4ltf_2lwTdi8PqHIArRx_bkqRP9wwq4

👉Join: @hacker_habesha🇪🇹
👉Join: @hacker_habesha🇪🇹

🤤 How to Become an Ethical Hacker in 8 Months 🇪🇹


1.   Start from the Basics (Month 1)

-Basic Computer Skills
-Intro to Cybersecurity
-CIA Triads
-Intro to Ethical Hacking
-PenTesting
-Phases of Ethical Hacking.

2.  Learn Networking Concepts (Month 2)

-Network Basics
-IP and MAC Address
-Ports
-Topology
-OSI Model
-TCP and UDP

3.   Learn some Programming Languages (Month 3 & 4)

-Python
-JavaScript
-HTML
-Shell Scripting

4. Database Skills (Month 5)

-SQL

5.  Get Hands-on Experience (Month 6 &7)

-Get well versed on Kali Linux
-Practice on Platforms like TryHackMe and HackTheBox e.t.c.

6.  Explore other Cybersecurity Techniques (Month 8)

-Password Cracking
-WI-FI Hacking
-Steganography
-Web Hacking
-Social Engineering
-Dark Web
-Google Dorking

😎 Note- The Learning Process Never Ends.... It Keeps Going Like that

🤘Join 👉@hacker_habesha🇪🇹

🔥 Give 20+ Reactions it really Motivates us ⬆️

🧅Tor Tools

🔹Nipe - Script to redirect all traffic from the machine to the Tor network.
🔗https://github.com/GouveaHeitor/nipe

🔹OnionScan - Tool for investigating the Dark Web by finding operational security issues introduced by Tor hidden service operators.
🔗https://onionscan.org/

🔹Tails - Live operating system aiming to preserve your privacy and anonymity.
🔗https://tails.boum.org/

🔹Tor - Free software and onion routed overlay network that helps you defend against traffic analysis.
🔗https://www.torproject.org/

🔹dos-over-tor - Proof of concept denial of service over Tor stress test tool.
🔗https://github.com/skizap/dos-over-tor

🔹kalitorify - Transparent proxy through Tor for Kali Linux OS.
🔗https://github.com/brainfuckSec/kalitorify

✌️👉Join:@hacker_habesha🇪🇹
Join:@hacker_habesha🇪🇹

🟢If you want to learn CYBERSECURITY for FREE, this THREAD is for you.

🟢Here are Loads of FREE RESOURCES (Courses, Certifications, Communities, Internship opportunities) to get you STARTED.

1. Cisco CCNA Cyber Ops Associate 200-201 - MEGA
🔗https://mega.nz/folder/B4A0WDZA#zAFQcBE8Fx_Nk5UXW89olg

2. Cybersecurity FULLY LOADED by Simplilearn
🔗https://consent.youtube.com/m?continue=https%3A%2F%2Fm.youtube.com%2Fplaylist%3Flist%3DPLEiEAq2VkUUJfPOj5nRounXvf3n17PCft%26cbrd%3D1&gl=GR&m=1&pc=yt&cm=2&hl=el&src=1

3. Cybersecurity FULL course by EDUREKA
🔗https://consent.youtube.com/m?continue=https%3A%2F%2Fm.youtube.com%2Fplaylist%3Flist%3DPL9ooVrP1hQOGPQVeapGsJCktzIO4DtI4_%26cbrd%3D1&gl=GR&m=1&pc=yt&cm=2&hl=el&src=1

4. Awesome Cybersecurity University
🔗https://docs.google.com/document/u/0/d/1zKkLwgfUCESexAQrhcvsCM1XDYU50mbMz12OfivTZnE/mobilebasic?pli=1

5. Cybersecurity books for beginners
🔗https://drive.google.com/drive/mobile/folders/1DqvFPxC3ROZgRndVYsfpX7C7Nqx1CnmL?usp=sharing

6. Cybersecurity Documents
🔗https://drive.google.com/drive/mobile/folders/179D_slEOLXWOTeFdmRrMkdV8C4DSLdYT?s=08

🟢@hacker_habesha🇪🇹
👉Join: @hacker_habesha🇪🇹
👉Join: @hacker_habesha🇪🇹
👉Join: @hacker_habesha🇪🇹

Facebook Hacking Tool

Includes Phishing, Accounts Checking, Spamming, Email Clone, GPS attack, Cookie Hijacking etc.

INSTALL WITH TERMUX

• termux-setup-storage

• apt update

• apt upgrade

• pkg install git

• git clone https://github.com/LOoLzeC/ASU

• cd ASU

• bash install.sh

👉Join:@hacker_habesha🇪🇹
👉Join:@hacker_habesha🇪🇹

🟢Awesome Azure Security 🛡️

📝A curated list of awesome Microsoft Azure Security tools, guides, blogs, and other resources.

🔗https://github.com/kmcquade/awesome-azure-security

👉Join:@hacker_habesha🇪🇹
👉Join:@hacker_habesha🇪🇹

💣 Bomber Tool Links 💣:

SMS Bomber
🔗 Link: https://github.com/TheSpeedX/TBomb.git

SMS bomber tool-2
🔗 Link: https://github.com/Bhai4You/SmS-BomB

Spam call bomber
🔗 Link: https://github.com/404rgr/spamerCALL

Mail Bomber
🔗 Link: https://github.com/KomolSaha/mail-bomber

Spam Phone, SMS - spammer grab
🔗 Link: https://github.com/p4kl0nc4t/Spammer-Grab

👉Join:@hacker_habesha🇪🇹
👉Join:@hacker_habesha🇪🇹

🟢🔓Crack WPA/WPA2-PSK using Aircrack-ng and Hashcat

🟢📝This is a brief walk-through tutorial that illustrates how to crack Wi-Fi networks that are secured using weak passwords. It is not exhaustive, but it should be enough information for you to test your own network’s security or break into one nearby.

The attack outlined below is entirely passive and it is impossible to detect provided that you don’t actually use the password that you crack. An optional active deauthentication attack can be used to speed up the reconnaissance process and to get the handshake value.

🔗https://en.hacks.gr/2023/11/13/crack-wpa-wpa2-psk-using-aircrack-ng-and-hashcat/

Join:🟢@hacker_habesha🇪🇹

🔓Password Cracking Tools

🔹Hashcat
🔹Aircrack
🔹Ophcrack
🔹The Hydra
🔹Medusa

👉Join:@hacker_habesha🇪🇹
👉Join:@hacker_habesha🇪🇹