THP3 Updates page: https://github.com/cheetz/THP3_Updates
Full list of THP3 links w/o any info from audibleblink: https://gist.github.com/audibleblink/4fac43157d791774ff28237b2a8c9b35
Setting up iptables: https://www.howtogeek.com/177621/the-beginners-guide-to-iptables-the-linux-firewall/
The PenTesters Framework: https://github.com/trustedsec/ptf
Run Metasploit in Docker on AWS: https://medium.com/@s.on/running-metasploit-on-kali-linux-docker-aws-ec2-instance-a2f7d7310b2b
Metasploit: https://github.com/rapid7/metasploit-framework/commits/master
Setting up NameCheap with AWS: https://medium.com/@JoshuaTheMiller/creating-a-simple-website-with-a-custom-domain-on-amazon-lightsail-docker-86600f19273
Install cert to AWS: https://www.blackhillsinfosec.com/using-powershell-empire-with-a-trusted-certificate/
Setting up DNS servers on NameCheap: https://www.namecheap.com/support/knowledgebase/article.aspx/768/10/how-do-i-register-personal-nameservers-for-my-domain
dnscat2 setup from iagox86: https://github.com/iagox86/dnscat2/blob/master/doc/authoritative_dns_setup.md
dnscat2 setup from The Subtlety: https://www.thesubtlety.com/post/persistent-dnscat2/
Vext ch 1 notes: https://vext.info/2018/11/08/brakesec-book-club-hacker-playbook-3-chapter-1-notes.html
Black Hills dnscat2 w/PowerShell: https://www.blackhillsinfosec.com/powershell-dns-command-control-with-dnscat2-powershell/
Masscan: https://github.com/robertdavidgraham/masscan
GRASSMARLIN: https://github.com/nsacyber/GRASSMARLIN
Intel Techniques (Michael Bazzell's website): https://inteltechniques.com/menu.html
HTTPScreenshot: https://github.com/breenmachine/httpscreenshot
EyeWitness (note link has changed from what is in book): https://github.com/FortyNorthSecurity/EyeWitness
Amazon IP ranges: https://ip-ranges.amazonaws.com/ip-ranges.json
Azure IP ranges: https://www.microsoft.com/en-us/download/details.aspx?id=41653
Google Cloud IP ranges: https://cloud.google.com/compute/docs/faq#ipranges
Shodan: https://www.shodan.io
Censys.io: https://censys.io/
Censys subdomain finder: https://github.com/christophetd/censys-subdomain-finder
sslScrape: https://github.com/cheetz/sslScrape
Discover Scripts: https://github.com/leebaird/discover
Geeky.Space Discover walkthrough: http://www.thegeeky.space/2015/04/how-to-save-time-doing-passive-discovery-in-Kali-Linux-using-discover-or-backtrack-script-framework.html
Knock: https://github.com/guelfoweb/knock
J Haddix word list: https://gist.github.com/jhaddix/86a06c5dc309d08580a018c66354a056
SecLists: https://github.com/danielmiessler/SecLists
Sending output refresher from makeuseof: https://www.makeuseof.com/tag/save-command-line-output-file-windows-mac-linux/)
Sublist3r: https://github.com/aboul3la/Sublist3r
Fix for urllib3 and chardet error on Sublis3r: https://medium.com/@gloriapalmagonzalez/urllib3-1-22-or-chardet-2-2-1-doesnt-match-a-supported-version-requestsdependencywarning-97c36e0cb561
Subbrute: https://github.com/TheRook/subbrute
Shpend Kutishaj discovering subdomains: https://www.bugcrowd.com/discovering-subdomains/
J Haddix subdomain script: https://github.com/jhaddix/domain/
MassDNS: https://github.com/blechschmidt/massdns
Truffle Hog: https://github.com/dxa4481/truffleHog
git-all-secrets: https://github.com/anshumanbh/git-all-secrets
Docker commands: https://docs.docker.com/engine/reference/commandline/run/#parent-command
SweetRollBandit Slurp blog: https://medium.com/@SweetRollBandit/aws-slurp-github-takeover-f8c80b13e7b5
nuncan Slurp: https://github.com/nuncan/slurp
Bucket Finder: https://digi.ninja/projects/bucket_finder.php
tko-subs: https://github.com/anshumanbh/tko-subs
HostileSubBruteforcer: https://github.com/nahamsec/HostileSubBruteforcer
autoSubTakeover: https://github.com/JordyZomer/autoSubTakeover
flAWS Challenge (AWS CTF): http://flaws.cloud
SimplyEmail: https://github.com/SimplySecurity/SimplyEmail
haveibeenpwned: https://haveibeenpwned.com/
OSINT Team Links: https://github.com/IVMachiavelli/OSINT_Team_Links
OSINT Framework: https://osintframework.com/
Intell Techniques (Michael Bazzell) OSINT tools: https://inteltechniques.com/menu.html
OWASP Testing Guide: https://www.owasp.org/index.php/OWASP_Testing_Project
The Web Application Hacker's Handbook 2nd ed: http://mdsec.net/wahh/
Intro to web hacking 101 webinar (PAHackers/Brandon Keath): https://www.youtube.com/watch?v=ujCGUerEWsY
PentesterLab: https://pentesterlab.com/
OWASP Juice Shop (vulnerable app to attack): https://github.com/bkimminich/juice-shop
Natas (basics of serverside web-security) on OverTheWire: http://overthewire.org/wargames/natas/
Bug Crowd: https://www.bugcrowd.com
HackerOne: https://www.hackerone.com
SynAck: https://www.synack.com/red-team/
Cybrary Web Application Penetration Testing course: https://www.cybrary.it/course/web-application-pen-testing
Bug Crowd University: https://www.bugcrowd.com/university/
Typora: https://typora.io/
StackEdit: https://stackedit.io/
Dillinger: https://dillinger.io/
Report generation form from buer.haus: https://buer.haus/breport/index.php
Vim: https://www.vim.org/
Vim reference from Christopher Kielty: https://eastmanreference.com/a-quick-start-guide-for-beginners-to-the-vim-text-editor
Testing checklist by tanprathan: https://github.com/tanprathan/OWASP-Testing-Checklist
Node.js: https://nodejs.org/en/
Wappalyzer: https://wappalyzer.com
BuiltWith: https://builtwith.com
Retire.JS Github: https://github.com/retirejs/retire.js/
Foxy Proxy: https://getfoxyproxy.org/downloads/
OWASP Juice Shop (insecure web app): https://github.com/bkimminich/juice-shop
BurpSuite: https://portswigger.net/burp
OWASP ZAP: https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
DirBuster: https://www.owasp.org/index.php/Category:OWASP_DirBuster_Project
GoBuster: https://github.com/OJ/gobuster
Hacksplaining: https://www.hacksplaining.com/
Web for Pentester: https://pentesterlab.com/exercises/web_for_pentester
Obfuscate XSS payloads - Foospidy: https://github.com/foospidy/payloads/tree/master/other/xss
Obfuscate XSS payloads - OWASP: https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet
HTML Event Attributes: https://www.w3schools.com/tags/ref_eventattributes.asp
XSS Mind Map from Jack Masa: https://raw.githubusercontent.com/cyberspacekittens/XSS/master/XSS2.png
HTML 5 Security Cheatsheet: https://html5sec.org/
0xSobky - Unleashing an Ultimate XSS Polyglot: https://github.com/0xsobky/HackVault/wiki/Unleashing-an-Ultimate-XSS-Polyglot
URL Encoding Reference from w3schools: https://www.w3schools.com/tags/ref_urlencode.asp
BeEF: https://beefproject.com
BeEF & Metasploit: https://github.com/beefproject/beef/wiki/Metasploit
XSSHunter: https://xsshunter.com
JSF*ck (esoteric Javascript): http://www.jsfuck.com/
XSSER example and walkthrough from Hans-Michael Varbaek: https://github.com/Varbaek/xsser
OWASP testing guide: https://www.owasp.org/index.php/Testing_for_NoSQL_injection
PayloadsAllTheThings NoSQL injection info: https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/NoSQL%20injection
QS NodeJS Module (can convert HTTP requeist into JSON objects): https://www.npmjs.com/package/qs
Websecurify blog on hacking NodeJS and MongoDB: https://blog.websecurify.com/2014/08/hacking-nodejs-and-mongodb.html
Websecurify project to practice NodeJS hacking: https://github.com/websecurify
OWASP Deserialization Cheat Sheet: https://www.owasp.org/index.php/Deserialization_Cheat_Sheet
serialize.js: https://github.com/luin/serialize
CVE info for serialize.js: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5941
Opsex's blog on the serialize.js vulnerability: https://opsecx.com/index.php/2017/02/08/exploiting-node-js-deserialization-bug-for-remote-code-execution/
Make Burp ignore detectportal.firefox.com:80: https://security.stackexchange.com/questions/187069/burpsuite-just-passthrough-firefox-detect-portal/187075
Turn off captive portal detection in Firefox: https://support.mozilla.org/en-US/questions/1157121
MSFVenom cheat sheet: https://nitesculucian.github.io/2018/07/24/msfvenom-cheat-sheet/
Wiremask blog on getting a reverse shell on a NodeJS application: https://wiremask.eu/writeups/reverse-shell-on-a-nodejs-application/
Hacking Tutorials Netcat bind and reverse shells: https://www.hackingtutorials.org/networking/hacking-netcat-part-2-bind-reverse-shells/
pentestmonkey Post-Exploitation Without A TTY: http://pentestmonkey.net/blog/post-exploitation-without-a-tty
Server-Side Template Injection by James Kettle: https://www.blackhat.com/docs/us-15/materials/us-15-Kettle-Server-Side-Template-Injection-RCE-For-The-Modern-Web-App-wp.pdf
Tplmap (test for template injections): https://github.com/epinna/tplmap
Github webshells by tennc: https://github.com/tennc/webshell
OWAS SSRF info: https://www.owasp.org/index.php/Server_Side_Request_Forgery
Blog from Acunetix on SSRF: https://www.acunetix.com/blog/articles/server-side-request-forgery-vulnerability/
Agarri Presentation on SSRF: http://www.agarri.fr/docs/AppSecEU15-Server_side_browsing_considered_harmful.pdf
OWASP XXE info: [info](OWASP](https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing) (sorry, had to obfuscate to keep the link intact)
OWASP XXE prevention cheat sheet: cheat sheet (ditto)
Infosec Institute: https://resources.infosecinstitute.com/identify-mitigate-xxe-vulnerabilities/#gref
XXE-OOB walkthrough by ZeroSec: https://blog.zsec.uk/out-of-band-xxe-2/
Python server w/directory specified using pushd: https://stackoverflow.com/questions/2469256/set-the-current-directory-when-running-a-simplehttpserver
Spray password spraying: https://github.com/SpiderLabs/Spray
Ruler bruteforce, cred finder: https://github.com/sensepost/ruler
Microsoft Windows VMs: https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/
Microsoft Server ISOs: https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server
Windows Server 2016 Coubase VM walkthrough: https://blog.couchbase.com/windows-server-2016-using-virtualbox-getting-ready-docker/
MS Technet Wiki on lab setup: https://social.technet.microsoft.com/wiki/contents/articles/36438.windows-server-2016-build-a-windows-domain-lab-at-home-for-free.aspx
MS Technet on AD setup: https://blogs.technet.microsoft.com/canitpro/2017/02/22/step-by-step-setting-up-active-directory-in-windows-server-2016/
Adding AD users through Active Domain Administrative Center: https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/get-started/adac/introduction-to-active-directory-administrative-center-enhancements--level-100-#bkmk_create_test_env
Adding AD users with PowerShell: https://blog.netwrix.com/2018/06/07/how-to-create-new-active-directory-users-with-powershell/
Joining the domain by Help Desk Geek: https://helpdeskgeek.com/how-to/windows-join-domain/
GPO disable firewall: https://www.youtube.com/watch?v=vxXLJSbx1SI
GPO disable AV: https://www.windowscentral.com/how-permanently-disable-windows-defender-antivirus-windows-10
GPO configure/manage Windows Defender: https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/use-group-policy-windows-defender-antivirus
GPO disable updates: https://docs.microsoft.com/en-us/windows-server/administration/windows-server-update-services/deploy/4-configure-group-policy-settings-for-automatic-updates
Add group to local admin group in AD: https://www.mowasay.com/2017/06/adding-a-security-group-to-the-local-administrator-group-in-ad/
Allowing local login: https://serverfault.com/questions/356123/how-to-allow-just-one-user-to-login-in-special-computer-in-server-2003
SMB1 registry item in GPO: https://blogs.technet.microsoft.com/staysafe/2017/05/17/disable-smb-v1-in-managed-environments-with-ad-group-policy/
Configuring SMB signing via group policy: https://www.rootusers.com/configure-smb-signing-via-group-policy/
Link GPO to domain: https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-firewall/link-the-gpo-to-the-domain
Install IIS in Windows Server 2016: https://www.rootusers.com/how-to-install-iis-in-windows-server-2016/
Configure SPN: https://support.microsoft.com/en-us/help/929650/how-to-use-spns-when-you-configure-web-applications-that-are-hosted-on
Set up file share: https://www.businessnewsdaily.com/11020-create-file-share-windows-server-2016.html
Responder (catch traffic, hashes): https://github.com/lgandx/Responder-Windows
Hcxtools: https://github.com/ZerBea/hcxtools
Hcsdumptool: https://github.com/ZerBea/hcxdumptool
Hashcat wiki: https://hashcat.net/wiki/doku.php?id=hashcat
Create wordlists with Crunch: https://null-byte.wonderhowto.com/how-to/tutorial-create-wordlists-with-crunch-0165931/
Crunch on Sourceforge: https://sourceforge.net/projects/crunch-wordlist/
Add another domain controller: https://www.dtonias.com/add-another-domain-controller-active-directory/
Why messing with SMB1 can be bad: https://www.pdq.com/blog/disable-smbv1-considerations-execution/
Using Multirelay: https://threat.tevora.com/quick-tip-skip-cracking-responder-hashes-and-replay-them/
Using Responder: https://www.notsosecure.com/pwning-with-responder-a-pentesters-guide/
Responder cheat sheet: https://www.ivoidwarranties.tech/posts/pentesting-tuts/responder/cheatsheet/
Nmap script to enumerate users: https://nmap.org/nsedoc/scripts/krb5-enum-users.html
CrackMapExec: https://github.com/byt3bl33d3r/CrackMapExec
CrackMapExec tutorial: https://www.securenetworkinc.com/news/2017/8/22/crackmapexec-the-greatest-tool-youve-never-heard-of
Fix CME launcher error: byt3bl33d3r/CrackMapExec#192
CME getting shells 101: https://github.com/byt3bl33d3r/CrackMapExec/wiki/Getting-Shells-101
Impacket: https://github.com/SecureAuthCorp/impacket
Impacket beginner's guide: https://www.hackingarticles.in/beginners-guide-to-impacket-tool-kit-part-1/
Metasploit Minute on Impacket: https://www.youtube.com/watch?v=xUk9aSJz12U
Using creds to own Windows: https://blog.ropnop.com/using-credentials-to-own-windows-boxes/#makeitrainshells
Get Meterpreter using SMB creds: https://www.redspin.com/it-security-blog/2011/03/get-a-meterpreter-shell-using-smb-credentials-2/
Metasploit smb relay: https://www.rapid7.com/db/modules/exploit/windows/smb/smb_relay
Pentestlab SMB share write up: https://pentestlab.blog/tag/smb-relay/
Ethical pentest llmnr and nbt ns poisoning with Metasploit: http://www.ethicalpentest.com/2018/04/llmnr-and-nbt-ns-poisoning-attack-using-metasploit.html
SMB relay attack: https://cqureacademy.com/blog/penetration-testing/smb-relay-attack
RTFM scripts: https://github.com/leostat/rtfm
RTFM inspired cheat sheets: https://github.com/droberson/rtfm
Metasploitable3: https://github.com/rapid7/metasploitable3
Rapid7 Metasploitable3 setup info: https://blog.rapid7.com/2016/11/15/test-your-might-with-the-shiny-new-metasploitable3/
Windows search from cmd line: https://www.howtogeek.com/fyi/this-command-prompt-trick-searches-way-faster-than-windows-explorer/
Windows type cmd: https://ss64.com/nt/type.html
Apache Tomcat CL info: https://crunchify.com/how-to-start-stop-apache-tomcat-server-via-command-line-setup-as-windows-service/
Mimikatz: https://github.com/gentilkiwi/mimikatz
Mimikittenz: https://github.com/putterpanda/mimikittenz
Migrate Meterpreter to 64 bit process: http://hardsec.net/mimikatz-meterpreter-extension/?lang=en
Kiwi: https://rapid7.github.io/metasploit-framework/api/Rex/Post/Meterpreter/Extensions/Kiwi/Kiwi.html
Nishang Get-WebCredentials: https://github.com/samratashok/nishang/blob/master/Gather/Get-WebCredentials.ps1
Gathering Windows creds: (https://github.com/peewpw/Invoke-WCMDump/blob/master/Invoke-WCMDump.ps1
Extract cookies: https://github.com/sekirkity/BrowserGather
Session Gopher (get info from file sharing utilities): https://github.com/Arvanaghi/SessionGopher
Microsoft wiki on setspn: https://social.technet.microsoft.com/wiki/contents/articles/717.service-principal-names-spns-setspn-syntax-setspn-exe.aspx
Bloodhound wiki: https://github.com/BloodHoundAD/Bloodhound/wiki
More Bloodhound resources:
- https://blog.cptjesus.com/posts/introtocypher.
- https://porterhau5.com/blog/extending-bloodhound-track-and-visualize-your-compromise/
- https://github.com/porterhau5/BloodHound-Owned/blob/master/customqueries.json
- https://wald0.com/?p=112
- https://posts.specterops.io/introducing-the-adversary-resilience-methodology-part-one-e38e06ffd604
- https://posts.specterops.io/introducing-the-adversary-resilience-methodology-part-two-279a1ed7863d
Lateral movement with DCOM resources:
- https://enigma0x3.net/2017/01/23/lateral-movement-via-dcom-round-2/
- https://enigma0x3.net/2017/01/05/lateral-movement-using-the-mmc20-application-com-object/
- https://enigma0x3.net/2017/09/11/lateral-movement-using-excel-application-and-dcom/
- https://www.cybereason.com/blog/dcom-lateral-movement-techniques
LinEnum: https://github.com/rebootuser/LinEnum
Linux Exploit Suggester: https://github.com/mzet-/linux-exploit-suggester
Chandel Linux escalation blog: https://www.hackingarticles.in/linux-privilege-escalation-via-automated-script/
DirtyCow: https://dirtycow.ninja/
Security through Education: https://www.social-engineer.org/
Social Engineering: Science of Human Hacking: https://www.wiley.com/en-us/Social+Engineering%3A+The+Science+of+Human+Hacking%2C+2nd+Edition-p-9781119433385
Defcon SE CTF info: https://www.social-engineer.org/event-updates/defcon-updates/2017-sectf-report/
Social Engineering Toolkit (SET): https://github.com/trustedsec/social-engineer-toolkit
Packt video on using SET: https://www.youtube.com/watch?v=BOxKOV9_4EA
StackExchange Windows host file troubleshooting: https://serverfault.com/questions/452268/hosts-file-ignored-how-to-troubleshoot
ReelPhish: https://github.com/fireeye/ReelPhish
FireEye blog on ReelPhish: https://www.fireeye.com/blog/threat-research/2018/02/reelphish-real-time-two-factor-phishing-tool.html
evilginx: https://github.com/kgretzky/evilginx2
CredSniper: https://github.com/ustayready/CredSniper
GoPhish: https://getgophish.com/
PhishingFrenzy: https://github.com/pentestgeek/phishing-frenzy
King Phisher: https://github.com/securestate/king-phisher
LuckyStrike: https://github.com/curi0usJack/luckystrike
VBad: https://github.com/Pepitoh/VBad
Sensepost DDE exploit write-up: https://sensepost.com/blog/2017/macro-less-code-exec-in-msword/
Toolkit to look for RCE in MS Office: https://github.com/bhdresh/CVE-2017-0199
Subdoc attacks: https://rhinosecuritylabs.com/research/abusing-microsoft-word-features-phishing-subdoc/
Subdoc tool: https://github.com/RhinoSecurityLabs/Security-Research/tree/master/tools/ms-office/subdoc-injector
Hidden Encrypted Payloads
EmbedInHTML: https://github.com/Arno0x/EmbedInHTML
Demiguise: https://github.com/nccgroup/demiguise
Kim's tool: https://github.com/cheetz/generateJenkinsExploit
Privacy, Security, & OSINT Show episode on testing online security: https://inteltechniques.com/blog/2019/02/01/the-privacy-security-osint-show-episode-110/
Kevin Chung blog on RFID hacking: https://blog.kchung.co/rfid-hacking-with-the-proxmark-3/
Southord Lockpicks: https://www.southord.com/
Gate bypass devices: https://www.lockpickshop.com/GATE-BYPASS.html
Shove-It: https://www.lockpickshop.com/SJ-50.html
Under the Door 2.0: https://shop.riftrecon.com/products/under-the-door-tool
Using air canisters to unlock doors with motion sensors: https://www.youtube.com/watch?v=xcA7iXSNmZE
LAN Turtle: https://shop.hak5.org/products/lan-turtle
Braking Down Security Episode w/systemd discussion: http://brakeingsecurity.com/2019-005-security-researcher-attack-disabling-specter-and-systemd-discussion
Packet Squirrel: https://shop.hak5.org/collections/network-implants/products/packet-squirrel
SWORD dropbox write-up: https://medium.com/@tomac/a-15-openwrt-based-diy-pen-test-dropbox-26a98a5fa5e5
Accessing internal networks with reverse VPN connections: https://www.youtube.com/watch?v=b7qr0laM8kA
Installing a OpenVPN access server on Ubuntu 15.10: http://www.ubuntuboss.com/how-to-install-openvpn-access-server-on-ubuntu-15-10/
Setting up a transparent VPN internet gateway: https://trick77.com/how-to-set-up-transparent-vpn-internet-gateway-tunnel-openvpn/
Rubber Ducky: https://shop.hak5.org/collections/physical-access/products/usb-rubber-ducky-deluxe
Bash Bunny: https://shop.hak5.org/collections/physical-access/products/bash-bunny
KonBoot: https://www.piotrbania.com/all/kon-boot/
QuickCreds: https://github.com/hak5/bashbunny-payloads/tree/master/payloads/library/credentials/QuickCreds
BunnyTap: https://github.com/hak5/bashbunny-payloads/tree/master/payloads/library/credentials/BunnyTap
PoisonTap: https://www.youtube.com/watch?v=Aatp5gCskvk
Other Bash Bunny payloads: https://github.com/hak5/bashbunny-payloads
Wifite2: https://github.com/derv82/wifite2
Wifi Pineapple Nano: https://www.wifipineapple.com/pages/nano
eaphammer: https://www.wifipineapple.com/pages/nano
MSDN: https://msdn.microsoft.com/en-us/
How to open the developer command prompt: https://docs.microsoft.com/en-us/dotnet/framework/tools/developer-command-prompt-for-vs
SetWindowsHookEx function: https://docs.microsoft.com/en-us/windows/desktop/api/winuser/nf-winuser-setwindowshookexa
LowLevelKeyboardProc function: https://msdn.microsoft.com/en-us/library/windows/desktop/ms644985(v=vs.85).aspx
Kim's basic keylogger: https://github.com/cheetz/ceylogger
No links
Black Hills Security post on AV evasion: https://www.blackhillsinfosec.com/modifying-metasploit-x64-template-for-av-evasion/
SharpShooter: https://www.mdsec.co.uk/2018/03/payload-generation-using-sharpshooter/
SharpShooter Github: https://github.com/mdsecactivebreach/SharpShooter
GreatSCT: https://github.com/GreatSCT/GreatSCT
Backdoor Factory: https://github.com/secretsquirrel/the-backdoor-factory
Hiderm backdoor info: https://haiderm.com/fully-undetectable-backdooring-pe-file/pe-file-backdooring-using-codecaves/ (was down when I tried it)
Abatchy backdoor info: https://www.abatchy.com/2017/05/introduction-to-manual-backdooring_24.html (wasn't accessible when I tried it)
Abathy's blog (because lots of good stuff): https://www.abatchy.com/
Invoke-Obfuscation: https://github.com/danielbohannon/Invoke-Obfuscation
Invoke-CradleCrafter: https://github.com/danielbohannon/Invoke-CradleCrafter
NoPowerShell: https://github.com/trustedsec/nps_payload
SharpPick: https://github.com/PowerShellEmpire/PowerTools/tree/master/PowerPick/SharpPick
HidMyPS tool from Kim: https://github.com/cheetz/hidemyps
Nyxs writeup on automating Metasploit: http://nyxshacks.com/automate-meterpreter-commands/
Black Hills Info Sec post on scripting startup of Empire listeners: https://www.blackhillsinfosec.com/how-to-script-startup-of-empire-listeners/
Black Hills Info Sec post on creating unattended deployment and teardown of Empire: https://www.blackhillsinfosec.com/empire-bootstrapping-v2-pre-automate-things/
byt3bl33d3r GitHub on getting domain admin with DeathStar: https://byt3bl33d3r.github.io/automating-the-empire-with-the-death-star-getting-domain-admin-with-a-push-of-a-button.html
Overview of huge credential dump: https://medium.com/4iqdelvedeep/1-4-billion-clear-text-credentials-discovered-in-a-single-database-3131d0a1ae14
Kim's list of just the passwords from the credential dump: http://thehackerplaybook/get.php?type=THP-password
Have I Been Pwned: https://haveibeenpwned.com/
Write-up on using Crunch to create custom wordlists: https://null-byte.wonderhowto.com/how-to/hack-like-pro-crack-passwords-part-4-creating-custom-wordlist-with-crunch-0156817/
Hashcat rule based attacks: https://hashcat.net/wiki/doku.php?id=rule_based_attack
Korelogic contest rules with info on rules for password cracking: http://contest-2010.korelogic.com/rules.html
Hashcat Rules: https://github.com/hashcat/hashcat/tree/master/rules
NSAKEY Rules forked to his GitHub: https://github.com/cyberspacekittens/nsa-rules
Praetorian-inc Hob0Rules forked to his GitHub: https://github.com/cyberspacekittens/Hob0Rules
NotSoSecure also forked: https://github.com/cyberspacekittens/password_cracking_rules
Hashcat wiki on hashes: https://hashcat.net/wiki/doku.php?id=example_hashes
Hashcat utils: https://github.com/hashcat/hashcat-utils/releases
Brutescrape: https://github.com/cheetz/brutescrape
Burp Word List Extractor: https://portswigger.net/bappstore/21df56baa03d499c8439018fe075d3d7
Creating masks using PACK: https://tools.kali.org/password-attacks/pack
PACK: https://github.com/iphelix/pack
Pipal to analyze cracked passwords: https://github.com/digininja/pipal
A Deep Learning Approach for Password Guessing: https://github.com/brannondorsey/PassGAN
Fast, Lean, and Accurate: Modeling Password Guessability Using Neural Networks: https://www.usenix.org/conference/atc17/technical-sessions/presentation/melicher
Lee Christensen method for disabling PS logging: https://github.com/leechristensen/Random/blob/master/CSharp/DisablePSLogging.cs
arno0x0x blog on Windows one liners: https://arno0x0x.wordpress.com/2017/11/20/windows-oneliners-to-download-remote-payload-and-execute-arbitrary-code/
PSgetsystem by Decoder-It: https://github.com/decoder-it/psgetsystem
Internal Monologue Attack: https://github.com/eladshamir/Internal-Monologue
Detection Lab (automate lab setup): https://github.com/clong/DetectionLab
Chris Long's post on his Detection Lab tool: https://medium.com/@clong/introducing-detection-lab-61db34bed6ae
No links in this chapter
No links in this chapter
Subscribe to THP updates: http://thehackerplaybook.com/subscribe/
THP training: http://thehackerplaybook.com/training/
My Podcast list: https://apageinsec.wordpress.com/2018/06/13/the-podcast-list/
My THP notes: https://apageinsec.wordpress.com/thp3-notes/