Penetrating Testing/Assessment Workflow

Penetrating Testing/Assessment Workflow & other fun infosec stuff

https://github.com/jivoi/pentest

My feeble attempt to organize (in a somewhat logical fashion) the vast amount of information, tools, resources, tip and tricks surrounding penetration testing, vulnerability assessment, and information security as a whole*

Reconnaissance
- Passive/Semi-Passive
  - Tools
    - Discover - https://github.com/leebaird/discover
  - Third Party Resources
    - Locate Target Range
      - ARIN - https://www.arin.net/
    - Fingerprint Domain/Website
      - Extended Network Information
        
        Central Ops - https://centralops.net/co/DomainDossier.aspx
        
        Robtex - https://www.robtex.net/
      - Metasploit Scanning
        
        auxiliary/scanner/*
        
        portscan/tcp
        
        http/http_version
        
        http/tomcat_enum
        
        http/trace_axd
        
        Google - site: filetype:axd OR inurl:trace.axd
      - Shodan - https://www.shodan.io/
        
        https://pen-testing.sans.org/blog/2015/12/08/effective-shodan-searches/
      - Censys - https://www.censys.io/
      - Zoomeye - https://www.zoomeye.org
      - Netcraft - https://www.netcraft.com/
      - DNS Enumeration/Information
        
        DNSdumpster - https://dnsdumpster.com/
        
        Subli3ster - https://github.com/aboul3la/Sublist3r
    - Social Media
      - https://socialbearing.com/search/
  - Command Line Recon
    - Network Information
      - nslookup
      - dig
    - Security Mechanisms
      - Halberd - Identify HTTP load balancers
        
        https://github.com//jmbr/halberd
    - Metadata
      - exiftool
      - strings
        
        strings -e b (big endian) OR -e l (little endian)
      - Just-Metadata
        
        https://github.com/ChrisTruncer/Just-Metadata
  - People Search
    - Yahoo People Search - http://itools.com/tool/yahoo-people-search
    - Switchboard - http://www.switchboard.com/person
    - Google Finance - https://www.google.com/finance
    - Zaba - http://www.zabasearch.com/
- Active
  - Command Line Recon Tools
    - General Recon
      - Recon-NG - https://bitbucket.org/LaNMaSteR53/recon-ng
        
        Automated with https://github.com/jhaddix/domain
      - Domain/Subdomain Enumeration/Information
        
        Fierce - https://github.com/mschwager/fierce
        
        Subli3ster - https://github.com/aboul3la/Sublist3r
        
        EyeWitness - https://github.com/ChrisTruncer/EyeWitness
        
        Altdns - https://github.com/infosec-au/altdns
        
        Brute force subdomain list - https://github.com/danielmiessler/SecLists/blob/master/Discovery/DNS/sorted_knock_dnsrecon_fierce_recon-ng.txt
    - Nmap
      - nmap -Pn -sSU -sV --top-ports 20
    - Create Custom Worldlist
      - cewl - https://digi.ninja/projects/cewl.php
      - wget - http://wiki.securityweekly.com/wiki/index.php/Episode129
    - Tools
      - WPS (Wi-Fi) Information Gathering
        
        https://www.coresecurity.com/corelabs-research/open-source-tools/wpsig
      - Viper - Automating Various Pentesting Tasks
        
        https://github.com/chrismaddalena/viper
      - pyFOCA - Python version of FOCA
        
        https://github.com/altjx/ipwn#user-content-pyfoca
      - truffleHog - https://github.com/dxa4481/truffleHog
      - Discover - https://github.com/leebaird/discover
  - GUI
    - FOCA - https://www.elevenpaths.com/labstools/foca/index.html
      - EvilFOCA - https://github.com/ElevenPaths/EvilFOCA
    - Maltego - http://sectools.org/tool/maltego/
    - Dirbuster - http://sectools.org/tool/dirbuster/
- Google Searching
  - site:"target name" jobs,careers,openings,etc
  - intitle:"index of "
    - Keyword
      - .bash_history
      - etc/shadow
      - finances.xls(x)
      - htpasswd
      - inurl:maillog
  - site:.edu filetype:.bak OR
    - Keyword
      - *.conf
      - *.backup
- Phishing
  - Important: Immediately pivot from initial host
  - Frameworks
    - Gophish - https://github.com/gophish/gophish
    - Phishing Frenzy - https://www.phishingfrenzy.com/
    - King Phisher - https://github.com/securestate/king-phisher
    - FiercePhish - https://github.com/Raikia/FiercePhish
    - Empire - https://enigma0x3.net/2016/03/15/phishing-with-empire/
  - Initial Access Techniques
    - Malicious Office XLS macros
      - https://www.shellntel.com/blog/2016/9/13/luckystrike-a-database-backed-evil-macro-generator
  - Tools for Internal Use
    - Basic AUTH credential harvesting - https://github.com/ryhanson/phishery
Enumeration
- Internal
  - Scanning
    - Map Internal Network
      - Command Line Tools
        
        arp -a
        
        ip neigh show
        
        smbtree -NS 2>/dev/null
        
        nbtscan -r <current_IPrange>
        
        netdiscover -r <current_IPrange>
        
        nmap -n -Pn -T5 -sS <current_IPrange>
        
        nmap NSE scripts
        
        NFS
        
        SMB
      - SMB
        
        SMBSpider - https://github.com/altjx/ipwn#user-content-smbspider
        
        More - https://pen-testing.sans.org/blog/2013/07/24/plundering-windows-account-info-via-authenticated-smb-sessions
      - Find Routers - https://github.com/pentestmonkey/gateway-finder
  - Pivoting
    - SSH Proxy Tunneling with Proxychain
      - http://magikh0e.ihtb.org/pubPapers/ssh_gymnastics_tunneling.html
- External
  - Scanning
    - Nmap
    - Masscan - https://github.com/robertdavidgraham/masscan
    - Unicornscan - http://sectools.org/tool/unicornscan/
    - OneTwoPunch
      - Combines nmap and unicorn scan https://github.com/superkojiman/onetwopunch/blob/master/onetwopunch.sh
Exploitation
- External
  - Attack Windows
    - Full Guides
      - http://resources.infosecinstitute.com/wp-content/uploads/Network-Fingerprinting-and-Exploitation1.pdf
  - Attack Linux
    - Full Guides
      - http://resources.infosecinstitute.com/wp-content/uploads/Network-Fingerprinting-and-Exploitation1.pdf
  - Attack Web Applications
    - Full Attack Frameworks
      - Offensive Web Testing Framework - https://owtf.github.io/
      - Web2attack - https://github.com/santatic/web2attack
      - EaST - Exploits And Security Tool Framework
        
        https://github.com/C0reL0ader/EaST
      - Attack WAF
        
        WAFNinja - https://github.com/khalilbijjou/WAFNinja
        
        My Guide: http://pastebin.com/bUrGCYxE
    - Steal HTTP/S Session Cookies
      - https://github.com/EnableSecurity/surfjack
    - XSS Scanner
      - xsscrapy - https://github.com/DanMcInerney/xsscrapy
    - XSS/Bypass Techniques
      - Beat XSS Filters
        
        http://brutelogic.com.br/blog/the-easiest-way-to-bypass-xss-mitigations/
      - XSS Cheatsheet
        
        http://brutelogic.com.br/blog/cheat-sheet/
    - WAF Bypass
      - http://securityidiots.com/Web-Pentest/WAF-Bypass/waf-bypass-guide-part-1.html
    - Attack BASIC Auth
      - Burp - http://www.smeegesec.com/2012/02/attacking-basic-authentication-with.html
      - Ncrack (supports multiple protocols) - https://nmap.org/ncrack/
    - Methodologies - https://blog.zsec.uk/ltr101-methodologies/
  - Attack OWA/Exchange
    - Malicious Outlook Rules - https://silentbreaksecurity.com/malicious-outlook-rules/
    - Ruler - Abuse Exchange services - https://github.com/sensepost/ruler
    - MailSniper - Search users mailbox - http://www.blackhillsinfosec.com/?p=5296
  - Web Vulnerability Scanners
    - Burp - https://portswigger.net/burp/
      - Author's Guide: http://pastebin.com/nNHYP9Jd
    - Wapiti http://wapiti.sourceforge.net/
    - w3af - http://w3af.org/
    - Nikto -https://cirt.net/Nikto2
  - Command Line Tools
    - CMSmap
      - https://github.com/Dionach/CMSmap
    - WPscan
      - https://wpscan.org/
    - Joomscan
      - https://www.owasp.org/index.php/Category:OWASP_Joomla_Vulnerability_Scanner_Project
  - Wireless Exploitation
    - AirVentriloquest - Aircrack patch for WPA/2 packet injection
      - https://github.com/Caesurus/airventriloquist
    - Fluxion - MiTM WPA/2 Networks
      - https://github.com/deltaxflux/fluxion
- Internal
  - LAN Attacks
    - Attack Windows
      - Attack Active Directory
        
        Blood Hound - https://github.com/adaptivethreat/BloodHound
        
        CrackMapExec - https://github.com/byt3bl33d3r/CrackMapExec
        
        EmPyre - http://www.rvrsh3ll.net/blog/empyre/empyre-engaging-active-directory/
        
        Red Teaming AD (PDF)
        
        https://adsecurity.org/wp-content/uploads/2016/08/DEFCON24-2016-Metcalf-BeyondTheMCSE-RedTeamingActiveDirectory.pdf
      - Attack SQL Server
        
        PowerUpSQL - https://github.com/NetSPI/PowerUpSQL
      - Python
        
        Command Line (Python Interpreter)
        
        Scapy advanced network attacks
        
        https://packetstormsecurity.com/files/36839/blackmagic.txt.html
        
        Local Python Server
        
        Serve Shells/Exploits
        
        Python -M SimpleHTTPServer
        
        Python TTY Reverse Shell IPv6
        
        https://eelsivart.blogspot.com/2015/02/python-tty-reverse-shell-over-ipv6-one.html
        
        Metasploit In-Memory Python Interpreter
        
        https://github.com/rapid7/metasploit-framework/wiki/Python-Extension
      - Attack Tools
        
        Responder - https://github.com/SpiderLabs/Responder
        
        Impacket - https://github.com/CoreSecurity/impacket
        
        SMBExec - https://github.com/pentestgeek/smbexec
        
        SMBSpider - https://github.com/altjx/ipwn#user-content-smbspider
        
        Basic AUTH credential harvesting - https://github.com/ryhanson/phishery
        
        WCE - http://www.ampliasecurity.com/research/windows-credentials-editor/
        
        Metasploit In-Memory Python Interpreter
        
        https://github.com/rapid7/metasploit-framework/wiki/Python-Extension
        
        Packet Crafting
        
        Scapy
        
        https://thesprawl.org/research/scapy/
        
        Impacket
        
        https://www.coresecurity.com/corelabs-research/open-source-tools/impacket
      - Powershell
        
        PowerSploit - https://github.com/PowerShellMafia/PowerSploit
        
        More - https://www.hackingloops.com/powersploit-quick-shell-for-penetration-testing/
        
        EmPyre - http://www.rvrsh3ll.net/blog/empyre/empyre-engaging-active-directory/
        
        Bypass UAC - https://github.com/FuzzySecurity/PowerShell-Suite/tree/master/Bypass-UAC
      - PsExec
        
        http://techgenix.com/PsExec-Nasty-Things-It-Can-Do/
    - Privilege Escalation
      - Windows
        
        NTLM Relay/NBNS Spoofing - https://foxglovesecurity.com/2016/01/16/hot-potato/
      - Linux/Unix
        
        Various exploits - https://github.com/FuzzySecurity/Unix-PrivEsc
        
        LinEnum- https://github.com/rebootuser/LinEnum
        
        Unix-privesc-check - http://pentestmonkey.net/tools/audit/unix-privesc-check
        
        Priv Esc/Enumeration - https://www.rebootuser.com/?p=1623
        
        Linux_Exploit_Suggester - https://github.com/PenturaLabs/Linux_Exploit_Suggester
  - Bypass AV/IDS/App Whitelisting/UAC
    - Egressing Bluecoat with CobaltStrike
      - https://cybersyndicates.com/2016/12/egressing-bluecoat-with-cobaltstike-letsencrypt/
    - Beaconpire
      - https://bluescreenofjeff.com/2016-11-29-beaconpire-cobalt-strike-and-empire-interoperability-with-aggressor-script/
    - Bypass App Whitelisting
      - https://enigma0x3.net/2016/11/21/bypassing-application-whitelisting-by-using-rcsi-exe/
    - "Fileless" UAC Bypass
      - https://enigma0x3.net/2016/08/15/fileless-uac-bypass-using-eventvwr-exe-and-registry-hijacking/
    - Download/Execute Code via Command Line
      - https://www.greyhathacker.net/?p=500
  - Reverse Shells
  - Attack Routers
    - Router Exploitation Framework - https://github.com/reverse-shell/routersploit
    - Using Burp - https://www.cybrary.it/0p3n/pentesting-routers-1-dictionary-attack-burp-suite/
- Find Exploits
  - Web
    - Exploit-db - https://www.exploit-db.com/
      - From command line: https://www.exploit-db.com/searchsploit/
    - Packet Storm - https://packetstormsecurity.com/files/tags/exploit
    - SecurityFocus - http://www.securityfocus.com/bid
    - EaST Framework Exploits - http://eastexploits.com/
    - SecList - http://seclist.us/category/exploits
  - NMap
    - Scan systems with NMap, parse output to: CVE's, CWE's and DPE's
      - https://github.com/NorthernSec/CVE-Scan
    - Import, manage, and search with a local MongoDB instance
      - https://github.com/cve-search/cve-search
Post-Exploitation
- Attack Linux
  - Command Line Password Sniffing
    - Tcpdump
      - https://neverendingsecurity.wordpress.com/2015/03/14/tcpdump-tutorial-sniffing-and-analysing-packets-from-the-commandline/
      - tcpdump -i eth0 port http or port ftp or port smtp or port imap or port pop3 -l -A | egrep –i 'pass=|pwd=|log=|login=|user=|username=|pw=|passw=|passwd=|password=||name=|name:|pass:|user:|username:|password:|login:|pass |user ' --color=auto --line-
    - Ngrep
      - ngrep -q -W byline "GET|POST HTTP"
    - Dsniff - https://github.com/tecknicaltom/dsniff
    - Netsh Trace (Windows only) - https://isc.sans.edu/diary/19409
    - Network Authentication Cracking Tool - https://nmap.org/ncrack/
- Attack Windows
  - Stealing/Cracking Passwords/Hashes
    - Steal
      - WCE -http://www.ampliasecurity.com/research/windows-credentials-editor/
      - Extract Hashes from AD - https://blog.didierstevens.com/2016/07/13/
      - Network Authentication Cracking Tool - https://nmap.org/ncrack/
      - pysecdump - https://github.com/pentestmonkey/pysecdump
      - Windows Creds - https://www.securusglobal.com/community/2013/12/20/dumping-windows-credentials/
      - Network Password Recovery - http://www.nirsoft.net/utils/network_password_recovery.html
    - Crack
      - Windows Password Audit - https://blog.joelj.org/windows-password-audit-with-kali-linux/
      - pysecdump - https://blog.didierstevens.com/2016/07/30/video-ntds-dit-extract-hashes-with-secretsdump-py/
      - Hashcat - https://samsclass.info/123/proj10/px16-hashcat-win.htm
      - Network Authentication Cracking Tool - https://nmap.org/ncrack/
- Attack Mac
  - Empyre
    - http://www.harmj0y.net/blog/empyre/building-an-empyre-with-python/
- Attack Specific Software/Tools
  - Privilege Escalation
    - Splunk
      - http://threat.tevora.com/penetration-testing-with-splunk-leveraging-splunk-admin-credentials-to-own-the-enterprise/
- Password/Hash Cracking
  - Wordlists
  - Password/Hash Cracking
    - Guides
      - Build Cracking Rig
        
        http://www.netmux.com/blog/how-to-build-a-password-cracking-rig
      - Cracking 12 Character Passwords
        
        http://www.netmux.com/blog/cracking-12-character-above-passwords
    - Tools
      - PACK (crack/obtain stats/) - https://thesprawl.org/projects/pack/
      - Hashcat - https://hashcat.net/hashcat/
        
        https://samsclass.info/123/proj10/px16-hashcat-win.htm
      - Windows Password Audit - https://blog.joelj.org/windows-password-audit-with-kali-linux/
      - pysecdump - https://blog.didierstevens.com/2016/07/30/video-ntds-dit-extract-hashes-with-secretsdump-py/
      - GPU Cracking
        
        https://www.trustedsec.com/june-2016/introduction-gpu-password-cracking-owning-linkedin-password-dump/
    - Web Services
      - CrackStation - https://crackstation.net/
      - HashKiller - https://forum.hashkiller.co.uk/default.aspx
- Attack Frameworks/Tools
  - PowerSploit - https://github.com/PowerShellMafia/PowerSploit
  - Empire - http://www.powershellempire.com/
  - Armitage - http://www.fastandeasyhacking.com/manual
    - http://blog.cobaltstrike.com/2016/05/25/raffis-abridged-guide-to-cobalt-strike/
  - Pwnd(dot)sh - https://github.com/SafeBreach-Labs/pwndsh
  - CrackMapExec
    - https://github.com/byt3bl33d3r/CrackMapExec/wiki
- Privilege Escalation - Excellent Wiki - http://pwnwiki.io/#!index.md
  - Windows
    - Wiki - http://pwnwiki.io/#!privesc/windows/index.md
    - SMB
      - Relay Attacks/Spoofing
        
        Hot Potato - https://foxglovesecurity.com/2016/01/16/hot-potato/
        
        Chuckle
        
        https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2015/november/introducing-chuckle-and-the-importance-of-smb-signing/
        
        More - https://pen-testing.sans.org/blog/2013/04/25/smb-relay-demystified-and-ntlmv2-pwnage-with-python
    - RDP
      - https://onedrive.live.com/view.aspx?resid=F32A9F4F1477E49!109&ithint=file%2cdocx&app=Word&authkey=!ANzQTrmsTXSK9FM
    - Various techniques/commands
      - http://resources.infosecinstitute.com/wp-content/uploads/Post-Exploitation-without-Automated-Tools1.pdf
      - http://www.slideshare.net/riyazwalikar/windows-privilege-escalation
  - Linux/Unix
    - Various exploits - https://github.com/FuzzySecurity/Unix-PrivEsc
    - Wiki - http://pwnwiki.io/#!privesc/linux/index.md
    - LinEnum- https://github.com/rebootuser/LinEnum
    - Unix-privesc-check - http://pentestmonkey.net/tools/audit/unix-privesc-check
    - Priv Esc/Enumeration - https://www.rebootuser.com/?p=1623
    - Basic Linux Privilege Escalation
      - https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/
    - Linux_Exploit_Suggester
      - https://github.com/PenturaLabs/Linux_Exploit_Suggester
    - Various techniques/commands
      - https://room362.com/post/2011/2011-09-06-post-exploitation-command-lists/
Exfiltration
- Detection Capabilities
  - Egress-Assess
    - https://github.com/ChrisTruncer/Egress-Assess
  - Outbound Port Detection (find unfiltered outbound connections)
    - http://www.floyd.ch/?p=352
- Network Exfiltration
  - DNS
    - dnsteal - https://github.com/m57/dnsteal
Learning Resources
- Blogs
  - Mubix - https://room362.com/
  - OJ's Perspective - http://buffered.io/
  - Carnal0wnage - http://carnal0wnage.attackresearch.com/
  - Corelan - https://www.corelan.be/
  - Daniel Miessler https://danielmiessler.com/information-security/
  - NetSec Addict - http://netsec.ws/
  - SecList - http://seclist.us/
  - Notepad - https://bobloblaw.gitbooks.io/security/content/
- Getting Started
  - Security
  - Networking
    - http://networkingprogramming.com/1024x768/index.html
- OSCP Info
- Video Series/Channels
  - LiveOverflow - https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w
  - Pentestit - https://www.youtube.com/user/PentestITLab/videos
- Hacking Labs/VMs
  - Vulnerable Windows Environment - http://www.crowdfunder.co.uk/rastalabs
  - Web Apps
    - Web Security Labs - http://www.cis.syr.edu/~wedu/seed/web_security.html
    - 40 Vulnerable Sites
      - https://www.bonkersabouttech.com/security/40-plus-list-of-intentionally-vulnerable-websites-to-practice-your-hacking-skills/392
    - DVWS - https://github.com/interference-security/DVWS
    - oxfat - https://0xf.at/
  - Find more here
- Specific Topic Learning
  - Web Application Security
    - Solid Methodology - http://blog.zsec.uk/ltr101-method-to-madness/
    - Introduction (left hand side) - http://securityidiots.com/index.html
    - XSS
      - Start here - http://brutelogic.com.br/blog/xss101/
      - Practice XSS - https://xss-game.appspot.com/level1
        
        VM - https://www.vulnhub.com/entry/pentester-lab-web-for-pentester,71/
    - SQLi (SQL Injection)
      - http://attack.samsclass.info/sqlol-raw/search-raw.htm
    - Various Web Exploits - https://google-gruyere.appspot.com/part1
  - Scripting/Coding
    - Python
      - Scapy - http://thesprawl.org/research/scapy/
        
        https://bt3gl.github.io/black-hat-python-infinite-possibilities-with-the-scapy-module.html
      - Full Python Course - https://www.codecademy.com/learn/python
    - Exploit Development/Exploitation
      - Modern Binary Exploitation - https://github.com/RPISEC/MBE
      - https://www.peerlyst.com/posts/the-best-resources-for-learning-exploit-development
    - Crypto
      - https://littlemaninmyhead.wordpress.com/2015/09/28/so-you-want-to-learn-to-break-ciphers/
  - Malware Analysis/Reversing
    - Start Here - https://github.com/tylerph3/awesome-reversing
    - University Course - https://github.com/RPISEC/Malware
    - Ray's World - http://rayseyfarth.com/
    - Amanda - http://amanda.secured.org/how-to-start-reverse-engineering-malware/
  - Practice Phishing
    - Morning Catch - http://blog.cobaltstrike.com/2014/08/06/introducing-morning-catch-a-phishing-paradise/
- Free University Courses
  - https://www.cs.fsu.edu/~redwood/OffensiveComputerSecurity/lectures.html
- Challenges
  - SANS Holiday Hack Challenge - https://holidayhackchallenge.com/2016/
    - Before 2014 - https://pen-testing.sans.org/holiday-challenge/2014
  - PCAP Challenges
    - https://github.com/aeibrahim/wireshark_challenge
    - https://www.honeynet.org/challenges
- Fun Reading List
  - http://www.moserware.com/2009/06/first-few-milliseconds-of-https.html
Repos/Collection of Tools
- Large Toolset - https://awesomehacking.org/
- Large repo (many topics)
  - https://github.com/nixawk/pentest-wiki
  - https://github.com/Hack-with-Github/Awesome-Hacking
- Penetration Testing Tools
  - Tons - https://github.com/enaqx/awesome-pentest
  - Tons - https://github.com/Aptive/penetration-testing-tools
- Python
  - Intro - https://github.com/PacktPublishing/Python-Journey-from-Novice-to-Expert
  - Penetration Testing Tools - https://github.com/dloss/python-pentest-tools
  - Python Forensics - https://github.com/PacktPublishing/Learning-Python-for-Forensics
- Reverse Engineering - https://github.com/tylerph3/awesome-reversing
Complete Courses/Videos/Guides/Books
- Existing Full Guides (fantastic!)
  - Pentest Wiki - https://github.com/nixawk/pentest-wiki
  - Awesome Pentest - https://github.com/enaqx/awesome-pentest
- CTF
  - Field Guide - https://trailofbits.github.io/ctf/
  - Author's Guide - http://pastebin.com/DrsetKc8
  - Resources
    - http://resources.infosecinstitute.com/tools-of-trade-and-resources-to-prepare-in-a-hacker-ctf-competition-or-challenge/
- Attack
  - IPv6
    - http://haxpo.nl/materials/haxpo2015ams/D3%20-%20R.%20Schaefer%20and%20J.%20Salazar%20-%20Pentesting%20in%20the%20Age%20of%20IPv6.pdf
  - Windows
    - Zero to Domain
      - http://www.computerworld.com/article/2843632/security0/scenario-based-pen-testing-from-zero-to-domain-admin-with-no-missing-patches-required.html
    - Network Fingerprinting and Exploitation -
      - http://resources.infosecinstitute.com/wp-content/uploads/Network-Fingerprinting-and-Exploitation1.pdf
  - Linux
    - Network Fingerprinting and Exploitation -
      - http://resources.infosecinstitute.com/wp-content/uploads/Network-Fingerprinting-and-Exploitation1.pdf
- Courses
  - Metasploit Unleashed - https://www.offensive-security.com/metasploit-unleashed/
  - Pen Testing - https://www.cybrary.it/course/advanced-penetration-testing/
- Videos
  - Advanced Threat Tactics
    - http://blog.cobaltstrike.com/2015/09/30/advanced-threat-tactics-course-and-notes/
- Books
  - Advanced Penetration Testing for Highly Secured Environments
    - LARGE (!) PDF - https://news.asis.io/sites/default/files/%E2%80%8Cbook.pdf
  - Multiple pentesting books - http://www.arthur-training.com/Downloads/ITT/
- How-To
  - Evil Access Point - https://www.sensepost.com/blog/2013/rogue-access-points-a-how-to/
  - DNS Phishing in Public Hotspots - https://www.exploit-db.com/docs/20875.pdf
  - Various topics - https://bobloblaw.gitbooks.io/security/content/
- Misc. Resources
  - Lectures/VMs/Videos (tons) - http://www.arthur-training.com/Downloads/
Cheatsheets
Detection/Remediation/Defending
- Detecting Meterpreter
  - https://www.sans.org/reading-room/whitepapers/forensics/analysis-meterpreter-post-exploitation-35537
- Detecting Backdoors
  - https://www.rawhex.com/2016/03/a-guide-to-recognising-backdoors-using-metasploitable-2/
- Detecting Malicious VBA Macros
  - https://github.com/decalage2/oletools/wiki/mraptor

trietptm/offsec.md