Added a number of security guides - xss, injections, gpg

gpg.md

@@ -0,0 +1,4 @@
+# gpg
+
+- http://ryanlue.com/posts/2017-06-29-gpg-for-ssh-auth
+- https://gist.github.com/grugq/03167bed45e774551155

security-injections.md

@@ -0,0 +1,31 @@
+# Security - Injections
+
+### MySql
+- https://www.pythian.com/blog/mysql-injection-sleep/
+- https://github.com/xmendez/wfuzz/blob/master/wordlist/Injections/SQL.txt
+- https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet/
+- https://www.owasp.org/index.php/Blind_SQL_Injection
+- https://nvisium.com/blog/2015/06/17/advanced-sql-injection/
+- https://www.slideshare.net/nuno.loureiro/advanced-sql-injection-attacks
+- http://seclists.org/bugtraq/2005/Feb/att-288/zk-blind.txt
+- http://www.unixwiz.net/techtips/sql-injection.html
+- http://www.sqlinjection.net/
+- http://sqlmap.org/
+
+#### Inputs
+Try out these inputs for form and query parameters
+
+```
+' OR 1=1 -- 
+') OR '' IN ('
+') OR login LIKE 'a%' AND SLEEP('5
+') UNION SELECT 'a', ('b
+```
+
+#### Comments
+You can use comments to terminate the rest of a query for an injection 
+```
+-- commented
+# commented
+/* commented */
+```

security-red-team.md

@@ -7,4 +7,6 @@
 - https://redteamjournal.com/2017/02/the-2017-red-teamers-bookshelf/
 - https://andreafortuna.org/reverse-shells-with-netcat-some-use-cases-cc3aba835656
 - http://seclist.us/pyjenkinstoolkit-is-a-jenkins-penetration-test-toolkit.html
-- https://pen-testing.sans.org/blog/2017/02/02/pen-test-poster-white-board-bash-bashs-built-in-netcat-client
+- https://pen-testing.sans.org/blog/2017/02/02/pen-test-poster-white-board-bash-bashs-built-in-netcat-client
+- https://www.pentesterlab.com/exercises/play_xxe/course
+- https://www.hackthissite.org/

security-scapy.md

@@ -0,0 +1,18 @@
+# Security - Scapy
+
+- http://bt3gl.github.io/black-hat-python-infinite-possibilities-with-the-scapy-module.html
+- https://thepacketgeek.com/series/building-network-tools-with-scapy/
+- https://0x00sec.org/t/quick-n-dirty-arp-spoofing-in-python/487
+- https://theitgeekchronicles.files.wordpress.com/2012/05/scapyguide1.pdf
+- http://www.secdev.org/projects/scapy/demo.html
+- https://null-byte.wonderhowto.com/how-to/hack-like-pro-using-powerful-versatile-scapy-for-scanning-dosing-0159231/
+- https://null-byte.wonderhowto.com/how-to/build-man-middle-tool-with-scapy-and-python-0163525/
+- https://pacsec.jp/psj05/psj05-biondi-en.pdf
+- http://www.cs.dartmouth.edu/~sergey/netreads/local/reliable-dns-spoofing-with-python-scapy-nfqueue.html
+- https://ripe70.ripe.net/presentations/142-Scapy.pdf
+- http://www.scs.ryerson.ca/~zereneh/cn8001/CN8001-PacketCraftingUsingScapy-WilliamZereneh.pdf
+- http://homepage.smc.edu/morgan_david/cs75/packet-wizardry-scapy-python.txt
+- http://homepage.smc.edu/morgan_david/cs75/cs75.htm
+- https://github.com/averagesecurityguy/scapy
+- http://www.secdev.org/projects/scapy/
+- https://byt3bl33d3r.github.io/mad-max-scapy-improving-scapys-packet-sending-performance.html

security-xss.md

@@ -0,0 +1,8 @@
+# Security - XSS
+
+- https://xss-game.appspot.com/
+- http://www.ascii.cl/htmlcodes.htm
+- https://excess-xss.com/
+- https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet
+- http://phpsecurity.readthedocs.io/en/latest/Cross-Site-Scripting-(XSS).html
+- https://gist.github.com/sseffa/11031135

ssh.md

@@ -0,0 +1,3 @@
+# ssh
+- https://ma.ttias.be/socks-proxy-linux-ssh-bypass-content-filters/
+- http://blog.trackets.com/2014/05/17/ssh-tunnel-local-and-remote-port-forwarding-explained-with-examples.html