Páginas útiles

General Pentesting

Ethical Hacking Cheatsheet | Cheatsheetafsh4ck.gitbook.io

Page not found - HackTricksbook.hacktricks.xyz

Pentesting Web checklist | Pentest Bookpentestbook.six2dez.com

GitHub - swisskyrepo/PayloadsAllTheThings: A list of useful payloads and bypass for Web Application Security and Pentest/CTFGitHub

Cloud

Page not found - HackTricks Cloudcloud.hacktricks.xyz

https://awscheck.netlify.app/awscheck.netlify.app

Red Team

What is ired.team notes? | Red Team Noteswww.ired.team

Red Team Notes

sliver-opsec-notestishina.in

AD

Attacking Active Directory: 0 to 0.9 | zer1t0zer1t0.gitlab.io

Active Directory | HideAndSechideandsec.sh

https://wiki.porchetta.industries/wiki.porchetta.industries

Active Directory Enumeration: RPCClientHacking Articles

GitHub - PowerShellMafia/PowerSploit: PowerSploit - A PowerShell Post-Exploitation FrameworkGitHub

BloodHound: Six Degrees of Domain Admin — BloodHound 4.3.1 documentationbloodhound.readthedocs.io

CrackMapExec Module Library - InfosecMatterInfosecMatter

Plataformas de aprendizaje

Try Hackme:

o Web Básico https://tryhackme.com/path/outline/web

o Metodología Pentesting: https://tryhackme.com/room/hackermethodology

o basic pentesting https://tryhackme.com/room/basicpentestingjt

o Reversing: https://tryhackme.com/room/reverselfiles

o Máquina tipo CTF: https://tryhackme.com/room/source

o DNS in detail: https://tryhackme.com/room/dnsindetail

o HTTP in detail: https://tryhackme.com/room/httpindetail

o Walking an application: https://tryhackme.com/room/walkinganapplication

o Content Discovery: https://tryhackme.com/room/contentdiscovery

o BurpSuite Basics: https://tryhackme.com/room/burpsuitebasics

o Owasp top 10: https://tryhackme.com/room/owasptop10

o Nmap: https://tryhackme.com/room/rpnmap

o A crash course on various topics in penetration testing: https://tryhackme.com/room/ccpentesting

o máquina sencilla con pasos a seguir: https://tryhackme.com/room/vulnversity

o eternal blue con escalada de privilegios y password cracking: https://tryhackme.com/room/blue

Port Swigger Academy (Academia de solo vulnerabilidades Web)

All Web Security Academy topics | Web Security Academy - PortSwiggerWebSecAcademy

Overthewire

OverTheWire: Level Goaloverthewire.org

ATENEA

https://atenea.ccn-cert.cni.es/escuela/homeatenea.ccn-cert.cni.es

Videos de Pentesting

· Curso completo de pentesting básico Parte 1 (7 Horas en inglés): https://www.youtube.com/watch?v=3FNYvj2U0HM

· Curso completo de pentesting básico Parte 2 (7 Horas en inglés): https://www.youtube.com/watch?v=sH4JCwjybGs

· Curso de pentesting Web básico (3 Horas en español): https://www.youtube.com/watch?v=roG3r5tNWOU

· Resolución máquina tipo CTF (18 minutos español): https://www.youtube.com/watch?v=pNRsgXzGn9M

· Resolviendo #CTF #MrRobot de #tryhackme (1 Hora y media, español): https://www.youtube.com/watch?v=8qsH2THpQf8

Lecturas Recomendadas:

· https://www.cbtnuggets.com/blog/training/exam-prep/how-to-prepare-for-a-capture-the-flag-hacking-competition

· https://www.hackplayers.com/2015/09/herramientas-y-recursos-para-preparar-en-CTF.html

Noticias a Informativo

Credential Dumping – Active Directory Reversible EncryptionHacking Articles

CTFtime.org / All about CTF (Capture The Flag)CTFtime

Utilidades

CyberChefgchq.github.io

Crypto things

NVD - CVSS v3 Calculatornvd.nist.gov

CVSS Generator

GTFOBinsgtfobins.github.io

Post Explotation

Online - Reverse Shell Generatorwww.revshells.com

OffSec’s Exploit Database Archivewww.exploit-db.com

Exploit Data Base

Metodologías

Owasp

OWASP Web Security Testing Guide | OWASP Foundationowasp.org

OSSTMM

Mitre ATT&CK

MITRE ATT&CK®attack.mitre.org

DeTT&CT

DeTT&CT : Mapping detection to MITRE ATT&CKNVISO Labs

CWE - Common Weakness Enumerationcwe.mitre.org

https://cve.mitre.org/cve.mitre.org