Páginas útiles

General Pentesting

IntroducciónCheatsheet

HackTricksHackTricks

Pentesting Web checklistPentest Book

GitHub - swisskyrepo/PayloadsAllTheThings: A list of useful payloads and bypass for Web Application Security and Pentest/CTFGitHub

Cloud

HackTricks CloudHackTricks Cloud

AWS Security Checklist

Red Team

What is ired.team?Red Teaming Experiments

Red Team Notes

sliver-opsec-notes - зимняя тишина

AD

Attacking Active Directory: 0 to 0.9 | zer1t0

Active Directory | HideAndSec

IntroductionCrackMapExec ~ CME WIKI

Active Directory Enumeration: RPCClient - Hacking ArticlesHacking Articles

GitHub - PowerShellMafia/PowerSploit: PowerSploit - A PowerShell Post-Exploitation FrameworkGitHub

BloodHound: Six Degrees of Domain Admin — BloodHound 3.0.3 documentation

CrackMapExec Module Library - InfosecMatterInfosecMatter

Plataformas de aprendizaje

Try Hackme:

o Web Básico https://tryhackme.com/path/outline/web

o Metodología Pentesting: https://tryhackme.com/room/hackermethodology

o basic pentesting https://tryhackme.com/room/basicpentestingjt

o Reversing: https://tryhackme.com/room/reverselfiles

o Máquina tipo CTF: https://tryhackme.com/room/source

o DNS in detail: https://tryhackme.com/room/dnsindetail

o HTTP in detail: https://tryhackme.com/room/httpindetail

o Walking an application: https://tryhackme.com/room/walkinganapplication

o Content Discovery: https://tryhackme.com/room/contentdiscovery

o BurpSuite Basics: https://tryhackme.com/room/burpsuitebasics

o Owasp top 10: https://tryhackme.com/room/owasptop10

o Nmap: https://tryhackme.com/room/rpnmap

o A crash course on various topics in penetration testing: https://tryhackme.com/room/ccpentesting

o máquina sencilla con pasos a seguir: https://tryhackme.com/room/vulnversity

o eternal blue con escalada de privilegios y password cracking: https://tryhackme.com/room/blue

Port Swigger Academy (Academia de solo vulnerabilidades Web)

Learning path | Web Security AcademyWebSecAcademy

Overthewire

OverTheWire: Level Goal

ATENEA

https://atenea.ccn-cert.cni.es/escuela/homeatenea.ccn-cert.cni.es

Videos de Pentesting

· Curso completo de pentesting básico Parte 1 (7 Horas en inglés): https://www.youtube.com/watch?v=3FNYvj2U0HM

· Curso completo de pentesting básico Parte 2 (7 Horas en inglés): https://www.youtube.com/watch?v=sH4JCwjybGs

· Curso de pentesting Web básico (3 Horas en español): https://www.youtube.com/watch?v=roG3r5tNWOU

· Resolución máquina tipo CTF (18 minutos español): https://www.youtube.com/watch?v=pNRsgXzGn9M

· Resolviendo #CTF #MrRobot de #tryhackme (1 Hora y media, español): https://www.youtube.com/watch?v=8qsH2THpQf8

Lecturas Recomendadas:

· https://www.cbtnuggets.com/blog/training/exam-prep/how-to-prepare-for-a-capture-the-flag-hacking-competition

· https://www.hackplayers.com/2015/09/herramientas-y-recursos-para-preparar-en-CTF.html

Noticias a Informativo

Credential Dumping – Active Directory Reversible Encryption - Hacking ArticlesHacking Articles

CTFtime.org / All about CTF (Capture The Flag)CTFtime

Utilidades

CyberChef

Crypto things

NVD - CVSS v3 Calculator

CVSS Generator

GTFOBins

Post Explotation

Online - Reverse Shell Generator

Offensive Security’s Exploit Database Archive

Exploit Data Base

Metodologías

Owasp

OWASP Web Security Testing Guide | OWASP Foundation

OSSTMM

https://www.isecom.org/OSSTMM.3.pdf

Mitre ATT&CK

MITRE ATT&CK®

DeTT&CT

DeTT&CT : Mapping detection to MITRE ATT&CKNVISO Labs

CWE - Common Weakness Enumeration

CVE - CVE