Here is a list of tools, papers and sites that I've used or I'm actually using to get the job done :)
|
| |
Tools |
 |
nmap |
THE network scanner |
| |
14/03/2005 |
The best port network scanner available on the net |
|
Retina  |
One of the best commercial vulnerability scanner |
| |
14/03/2005 |
Highly valuable tool too automate scans for common vulnerabilities. Can aid a lot while doing penetration tests to speed up the entire pentest |
|
Nessus |
The best open source vulnerability scanner |
| |
14/03/2005 |
One of the most effective tool too automate scans for common vulnerabilities. Can aid a lot while doing penetration tests to speed up the entire pentest |
|
Nikto |
The most effective tool to do web scans |
| |
14/03/2005 |
It can make hundred of common tests on HTTP and HTTPS sites to hunt for well known misconfigurations or interesting files. This can be very useful to steal some good information to use against your target |
|
John the ripper |
The best offline password brute forcer tool ever made |
| |
14/03/2005 |
Once you have the hash it can crack almost any password thas has a easy/medium complexity. For me it discovered literally hundred of passwords |
| |
|
| |
Exploits and evil things |
|
addict3d |
One of the fastest underground sitez I ever seen |
| |
14/03/2005 |
Here you can find the latest exploits and news about security in general. Very interesting even for other topics treated |
|
k-otik |
Good source for exploits |
| |
15/03/2005 |
Fresh working exploits |
|
securiteam |
Another good source for exploits |
| |
15/03/2005 |
Fresh working exploits |
|
megasecurity |
Ultimate resource for trojans and security related stuff |
| |
15/03/2005 |
Many tools, organized |
|
astalavista |
Everything about security |
| |
15/03/2005 |
One of the "always been there" sites about security related materials |
| |
|
| |
Books and readings |
|
Buffer overflows
Shellcode tutorials |
 Easy tutorials to understand the basics of exploting buffer overflows and shellcode coding |
| |
22/04/2005 |
Mostly based on Windows exploting, it covers basic techniques for exploitation, buffer overflows, shellcode, etc. A good reading for a beginner. |
|
setuid |
A comprehensive listing of suid and guid binaries on major *nix systems |
| |
22/04/2005 |
Useful reference to avoid useless and offshowing find |
|
Buffer overflows
Shellcode tutorials |
Easy tutorials to understand the basics of exploting buffer overflows and shellcode coding |
| |
22/04/2005 |
Mostly based on Windows exploting, it covers basic techniques for exploitation, buffer overflows, shellcode, etc. A good reading for a beginner. |
|
Hacking Exposed |
The most omnicomprensive collection of hacking related books for the primer. |
| |
22/04/2005 |
For the "not so expert" people these are a MUST reading. General techniques, tons of examples, many hints, step-by-step instructions, it covers a lot of operating systems, languages and applications. Click on the link to buy one or more. |
|
Incident Response |
A pratical approach on techniques and tools to make a proper forensic analisys |
| |
22/04/2005 |
In depth reading of the most effective techniques to get the job *well done* about ICT incidents and the relative forensic analisys activities. Suggested for who starts this type of job or who want to acquire the skills to properly analyze his damages after an attack. |
|
Exploiting Software |
The first public available book on the argument. |
| |
22/04/2005 |
Mostly based on Windows exploting, it covers basic techniques for exploitation, buffer overflows, shellcode, etc. A good reading for a beginner. |
1999-2012 by Mind Creations