pentesting

CyberSec Resources: Pentesting, OSINT, Pentest tools, Network Security, Privilege escalation, Exploiting, Reversing, Secure Code, Bug Bounty, Mobile Apps pentesting, FRAMEWORKS & STANDARDS, Pentest Audits & Hacking; PURPLE TEAMING, AD, API, web, clouds & CTF, ...

PHASES OF A PENTEST

👉 𝗪𝗵𝗮𝘁 𝗮𝗿𝗲 𝘁𝗵𝗲 𝗽𝗵𝗮𝘀𝗲𝘀 𝗼𝗳 𝗣𝗲𝗻𝘁𝗲𝘀𝘁

🌟 Basis of penetration testing execution by the PTES http://www.pentest-standard.org/index.php/Main_Page

🌟 Penetration Testing Phases & Steps Explained by Ray Fernandez on Esecurityplanet: https://www.esecurityplanet.com/networks/penetration-testing-phases/

👉 𝗣𝗿𝗲-𝗘𝗻𝗴𝗮𝗴𝗲𝗺𝗲𝗻𝘁

🌟 Pre-engagement by the PTES http://www.pentest-standard.org/index.php/Pre-engagement

🌟 Scoping a pentest on PentesterLab https://blog.pentesterlab.com/scoping-f3547525f9df

🌟 Pentest Scope Worksheet by SANS https://www.sans.org/posters/pen-test-scope-worksheet/

🌟 API Pentesting 101: The rules of Engagement by Dana Epp https://danaepp.com/api-pentesting-101-the-rules-of-engagement

🌟 Pentest Rules of Engagement Worksheet by SANS https://www.sans.org/posters/pen-test-rules-of-engagement-worksheet/

👉 𝗜𝗻𝘁𝗲𝗹𝗹𝗶𝗴𝗲𝗻𝗰𝗲 𝗚𝗮𝘁𝗵𝗲𝗿𝗶𝗻𝗴

🌟 Intelligence Gathering by the PTES http://www.pentest-standard.org/index.php/Intelligence_Gathering

🌟 Gabrielle B's post of resources about OSINT

OSINT is often part of a pentest.

If you want to learn more about it or specialize in it. Here are some resources!

👉 Check out The Ultimate OSINT collection by Hatless1der: https://start.me/p/DPYPMz/the-ultimate-osint-collection

👉 Have a look at this 5 hours free course by TCM Security https://youtu.be/qwA6MmbeGNo https://www.linkedin.com/company/tcm-security-inc/

👉 Check out this article by Giancarlo Fiorella on Bellingcat: https://www.bellingcat.com/resources/2021/11/09/first-steps-to-getting-started-in-open-source-research/

👉 Check out this amazing list of Tools and Resources by onlineosint: https://osint.link/

🌟 The OSINT Framework by jnordine https://osintframework.com/

🌟 Gabrielle B's pentips about Information Gathering https://csbygb.gitbook.io/pentips/ethical-hacking-general-methodology/information-gathering

🌟 Understanding the Steps of Footprinting on Cybersecurity Exchange https://www.eccouncil.org/cybersecurity-exchange/penetration-testing/footprinting-steps-penetration-testing/

🌟 Passive Information Gathering for pentesting https://www.dummies.com/article/academics-the-arts/study-skills-test-prep/comptia-pentestplus/passive-information-gathering-for-pentesting-275726/

🌟 Active information Gathering for pentesting https://www.dummies.com/article/academics-the-arts/study-skills-test-prep/comptia-pentestplus/active-information-gathering-for-pentesting-275736/

👉 𝗧𝗵𝗿𝗲𝗮𝘁 𝗠𝗼𝗱𝗲𝗹𝗶𝗻𝗴

🌟 Threat Modeling by the PTES http://www.pentest-standard.org/index.php/Threat_Modeling

🌟 Threat modeling 101 Infosec resources https://resources.infosecinstitute.com/topic/applications-threat-modeling/

👉 𝗩𝘂𝗹𝗻𝗲𝗿𝗮𝗯𝗶𝗹𝗶𝘁𝘆 𝗔𝗻𝗮𝗹𝘆𝘀𝗶𝘀

🌟 Vulnerability Analysis by the PTES http://www.pentest-standard.org/index.php/Vulnerability_Analysis

🌟 Gabrielle B's pentips about Scanning & Enumeration https://csbygb.gitbook.io/pentips/ethical-hacking-general-methodology/scanenum

🌟 What is Vulnerability Analysis and How Does It work on Cybersecurity Exchange https://www.eccouncil.org/cybersecurity-exchange/ethical-hacking/conduct-a-vulnerability-analysis/

🌟 NCSC Guide for vulnerability management https://www.ncsc.gov.uk/guidance/vulnerability-management

👉 𝗘𝘅𝗽𝗹𝗼𝗶𝘁𝗮𝘁𝗶𝗼𝗻

🌟 Exploitation by the PTES http://www.pentest-standard.org/index.php/Exploitation

🌟 Gabrielle B's pentips about Exploitation https://csbygb.gitbook.io/pentips/ethical-hacking-general-methodology/exploitation

🌟 The Exploitation Phase in Penetration Testing by Gaurav Tiwari https://gauravtiwari.org/exploitation-phase-in-penetration-testing/

👉 𝗣𝗼𝘀𝘁 𝗘𝘅𝗽𝗹𝗼𝗶𝘁𝗮𝘁𝗶𝗼𝗻

🌟 Post Exploitation by the PTES http://www.pentest-standard.org/index.php/Post_Exploitation

🌟 Introduction to Post-Exploitation Phase on geeksforgeeks https://www.geeksforgeeks.org/introduction-to-post-exploitation-phase/

🌟 9 Post Exploitation Tools for Your next Penetration Test https://bishopfox.com/blog/post-exploitation-tools-for-pen-test

👉 𝗥𝗲𝗽𝗼𝗿𝘁𝗶𝗻𝗴

🌟 Reporting by the PTES http://www.pentest-standard.org/index.php/Reporting

🌟 Gabrielle B's pentips on reporting https://csbygb.gitbook.io/pentips/reporting/pentest-report

REPORTING

👉 𝗦𝘁𝗿𝘂𝗰𝘁𝘂𝗿𝗲 𝗼𝗳 𝗮 𝗽𝗲𝗻𝘁𝗲𝘀𝘁 𝗿𝗲𝗽𝗼𝗿𝘁

🌟 Gabrielle B's article on how to write a pentest report: https://csbygb.gitbook.io/pentips/reporting/pentest-report

👉 𝗛𝗼𝘄 𝘁𝗼 𝘁𝗮𝗸𝗲 𝗻𝗼𝘁𝗲𝘀

🌟 Cherry Tree https://www.giuspen.com/cherrytree/

🌟 Joplin https://joplinapp.org/

🌟 Keepnote http://keepnote.org/

👉 𝗧𝗶𝗽𝘀 𝗳𝗿𝗼𝗺 𝗘𝘅𝗽𝗲𝗿𝘁𝘀

🌟 Writing Tips for IT Professionals by Lenny Zeltser https://zeltser.com/writing-tips-for-it-professionals/

🌟 How to write a Penetration Testing Report by HackerSploit https://www.youtube.com/watch?v=J34DnrX7dTo

👉 𝗔𝘂𝘁𝗼𝗺𝗮𝘁𝗶𝗼𝗻

🌟 Blackstone project by micro-joan https://github.com/micro-joan/BlackStone

🌟 Pentext by Radically Open Security https://github.com/radicallyopensecurity/pentext

👉 𝗘𝘅𝗮𝗺𝗽𝗹𝗲𝘀 𝗼𝗳 𝗿𝗲𝗽𝗼𝗿𝘁𝘀

🌟 A list of public pentest reports by juliocesarfort https://github.com/juliocesarfort/public-pentesting-reports

🌟 A list of bug bounty writeup on Pentester Land https://pentester.land/writeups/

PENTEST TOOLS

👉 See Rajneesh Gupta’s post about some of the Practical web Pentesting tools. He even share them according to the pentest steps: https://www.linkedin.com/posts/rajneeshgupta01_web-pentesting-practical-tools-activity-6946808678402375680-CJjt/

Some of the practical Web Pentesting Tools!

👉 Reconnaisaance

✔ Nmap - Web Service detection

✔ Nessus - Automated Scan

✔ Skipfish - Web App Active Scanning for vulnerabilities

👉 Mapping/Discovery

✔ Burp-Suite- Web Proxy

✔ OWASP ZAP - Web Proxy

👉 Exploitation

✔ Metasploit Framework: Exploitation tool with payloads, exploits

✔ Burp-Suite- Web Proxy

✔ Exploit-db - To search for exploits

✔ Netcat

🚨 Follow Rajneesh he offers amazing content 🚨

👉 You know the Nmap project? Well they have a list of the top 125 Network Security Tools: https://sectools.org/

👉 You want Open Source?

✴️Julien Maury shared a Top 10 on eSecurity Planet: https://www.esecurityplanet.com/applications/open-source-penetration-testing-tools/

✴️And SANS has a list of tools including plenty of pentest tools: https://www.sans.org/img/free-faculty-tools.pdf

👉 Finally arch3rPro has an amazing amount of tools listed on github: https://github.com/arch3rPro/PentestTools

NETWORK SECURITY, Networking

👉 𝗪𝗵𝗮𝘁 𝗶𝘀 𝗡𝗲𝘁𝘄𝗼𝗿𝗸𝗶𝗻𝗴?

🌟 Cover your digital basics with netacad: https://www.netacad.com/courses/os-it/get-connected

🌟 Professor Messer’s CompTIA Network+ Course https://www.professormesser.com/network-plus/n10-008/n10-008-video/n10-008-training-course/

🌟 OSI Model https://en.wikipedia.org/wiki/OSI_model

👉 𝗪𝗵𝗮𝘁 𝗶𝘀 𝗡𝗲𝘁𝘄𝗼𝗿𝗸 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆?

🌟 What is Network Security on Hackthebox blog by Kim Crawley: https://www.hackthebox.com/blog/what-is-network-security

🌟 Network Security Course on OpenLearn by The Open University https://www.open.edu/openlearn/digital-computing/network-security

🌟 OSI Layers and related Attack types by Harun Seker

👉 𝗛𝗼𝘄 𝘁𝗼 P𝗲𝗻𝘁𝗲𝘀𝘁 𝗡𝗲𝘁𝘄𝗼𝗿𝗸𝘀?

🌟 Full Ethical Hacking Course - Beginner Network Penetration Testing by TCM Security https://youtu.be/WnN6dbos5u8

🌟 Infrastructure Pentesting Checklist by Purab Parihar: https://github.com/purabparihar/Infrastructure-Pentesting-Checklist

PRIVILEGE ESCALATION, Windows and Linux

👉 𝗪𝗵𝗮𝘁 𝗶𝘀 𝗣𝗿𝗶𝘃𝗶𝗹𝗲𝗴𝗲 𝗘𝘀𝗰𝗮𝗹𝗮𝘁𝗶𝗼𝗻?

🌟 Cybersecurity 101 - What is Privilege escalation on CrowdStrike https://www.crowdstrike.com/cybersecurity-101/privilege-escalation/ https://www.linkedin.com/company/crowdstrike/

🌟 Privilege Escalation Attack and defend explained on BeyondTrust https://www.beyondtrust.com/blog/entry/privilege-escalation-attack-defense-explained https://www.linkedin.com/company/beyondtrust/

👉 𝗪𝗶𝗻𝗱𝗼𝘄𝘀 𝗣𝗿𝗶𝘃𝗶𝗹𝗲𝗴𝗲 𝗘𝘀𝗰𝗮𝗹𝗮𝘁𝗶𝗼𝗻

🌟 Gabrielle B 🔑's Pentips on Windows Privilege escalation on CSbyGB - Pentips https://csbygb.gitbook.io/pentips/windows/privesc

🌟 Windows Privilege Escalation on PayloadsAllTheThings https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Windows%20-%20Privilege%20Escalation.md

🌟 Windows Privesc guide on absolomb’s security blog https://www.absolomb.com/2018-01-26-Windows-Privilege-Escalation-Guide/

🌟 Privilege Escalation Windows on sushant747’s gitbook https://sushant747.gitbooks.io/total-oscp-guide/content/privilege_escalation_windows.html

🌟 Windows Local Privilege Escalation checklist on HackTricks https://book.hacktricks.xyz/windows-hardening/checklist-windows-privilege-escalation

👉 𝗟𝗶𝗻𝘂𝘅 𝗣𝗿𝗶𝘃𝗶𝗹𝗲𝗴𝗲 𝗘𝘀𝗰𝗮𝗹𝗮𝘁𝗶𝗼𝗻

🌟 Gabrielle B 🔑's Pentips on Linux Privilege Escalation on CSbyGB - Pentips https://csbygb.gitbook.io/pentips/linux/privesc

🌟 Linux Privilege Escalation on PayloadsAllTheThings https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Linux%20-%20Privilege%20Escalation.md

🌟 Basic Linux Privilege Escalation on g0tm1lk’s blog https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/

🌟 Guide Linux Privilege Escalation on Payatu https://payatu.com/blog/a-guide-to-linux-privilege-escalation/ https://www.linkedin.com/company/payatu/

🌟 A curated list of Unix Binaries to bypass local security restrictions by GTFOBins https://gtfobins.github.io/

🌟 Linux Privilege Escalation Checklist on HackTricks https://book.hacktricks.xyz/linux-hardening/linux-privilege-escalation-checklist

EXPLOITING

👉 𝗪𝗵𝗮𝘁 𝗶𝘀 𝗲𝘅𝗽𝗹𝗼𝗶𝘁 𝗱𝗲𝘃𝗲𝗹𝗼𝗽𝗺𝗲𝗻𝘁?

🌟 Exploit Development Introduction on Hack the Box Academy https://academy.hackthebox.com/course/preview/stack-based-buffer-overflows-on-linux-x86/exploit-development-introduction

🌟 Exploit Development - Everything you need to know by null-bytes https://null-byte.wonderhowto.com/how-to/exploit-development-everything-you-need-know-0167801/

👉 𝗟𝗲𝘁’𝘀 𝘀𝘁𝗮𝗿𝘁 𝗹𝗲𝗮𝗿𝗻𝗶𝗻𝗴 𝗮𝗯𝗼𝘂𝘁 𝗶𝘁 𝗮𝗻𝗱 𝗣𝗿𝗮𝗰𝘁𝗶𝗰𝗲

🌟 Getting Started with Exploit Development by Specter and zi https://dayzerosec.com/blog/2021/02/02/getting-started.html

🌟 Exploit Courses by Dobin Rutishauser https://exploit.courses/#/index

🌟 Pwn College https://pwn.college/ https://www.twitch.tv/pwncollege/videos https://www.youtube.com/pwncollege

🌟 A curated list of resources for learning about Exploit Development by wtsxDev https://github.com/wtsxDev/Exploit-Development/blob/master/README.md

🌟 Practice with exploit education https://exploit.education/

🌟 Fundamentals of Software Exploitation https://wargames.ret2.systems/course

🌟 Shellcode Devlopment by Joas Antonio https://drive.google.com/file/d/1R3ZTFerBaBSfnS0rP_r2d8xH2p-n3kdt/view

🌟 Shellcode Development by Aayush Malla https://aayushmalla56.medium.com/shellcode-development-4590117a26bf

🌟 Joas Antonio OSEP guide with plenty of resources https://github.com/CyberSecurityUP/OSCE-Complete-Guide#osep

🌟 Awesome Exploit Development by Joas Antonio https://github.com/CyberSecurityUP/Awesome-Exploit-Development#readme

👉 𝗕𝗢𝗡𝗨𝗦: 𝗪𝗮𝗻𝘁 𝘁𝗼 𝘂𝗻𝗱𝗲𝗿𝘀𝘁𝗮𝗻𝗱 𝗵𝗼𝘄 𝗮 𝗺𝗮𝗹𝘄𝗮𝗿𝗲 𝘄𝗼𝗿𝗸𝘀?

🌟 Beginner’s Blue Team Guide to creating Malware in Python by David Elgut https://www.linkedin.com/pulse/beginners-blue-team-guide-creating-malware-python-david-elgut/

REVERSING

👉 𝗥𝗲𝘃𝗲𝗿𝘀𝗲 𝗘𝗻𝗴𝗶𝗻𝗲𝗲𝗿𝗶𝗻𝗴

🌟 Reverse Engineering for Beginners by Ophir Harpaz https://www.begin.re/

🌟 Reverse Engineering for Everyone by Kevin Thomas My Technotalent https://0xinfection.github.io/reversing/

🌟 Reverse Engineering for beginners by Dennis Yurichev (available in many languages) https://beginners.re/main.html

🌟 Reverse Engineering 101 by 0x00 (with exercises) https://0x00sec.org/t/reverse-engineering-101/1233

👉 𝗠𝗮𝗹𝘄𝗮𝗿𝗲 𝗔𝗻𝗮𝗹𝘆𝘀𝗶𝘀

🌟 Malware Analysis In 5+ Hours - Full Course - Learn Practical Malware Analysis! by HuskyHacks https://youtu.be/qA0YcYMRWyI

🌟 Malware Analysis – Mind Map by Thatintel https://thatintel.blog/2016/05/30/malware-analysis-mind-map/

🌟 Malware Analysis Tutorials: a Reverse Engineering Approach by Dr Xiang Fu https://fumalwareanalysis.blogspot.com/p/malware-analysis-tutorials-reverse.html

👉 𝗔𝗺𝗮𝘇𝗶𝗻𝗴 𝗕𝗼𝗻𝘂𝘀

Malware Analysis and Reverse Engineering courses by DFIR Diva https://training.dfirdiva.com/listing-category/malware-analysis-and-re

SECURE CODE

👉 𝗪𝗵𝗮𝘁 𝗶𝘀 𝘀𝗲𝗰𝘂𝗿𝗲 𝗰𝗼𝗱𝗲 𝗿𝗲𝘃𝗶𝗲𝘄?

🌟 How to Identify Vulnerabilities in code – Manual Code Review on Hackingloops https://www.hackingloops.com/how-to-identify-vulnerabilities-in-code-manual-code-review/

🌟 Security Code Review 101 by Paul Ionescu: https://medium.com/@paul_io/security-code-review-101-a3c593dc6854

🌟 OWASP® Foundation Secure Coding Practice https://owasp.org/www-pdf-archive/OWASP_SCP_Quick_Reference_Guide_v2.pdf https://www.linkedin.com/company/owasp/

👉 𝗜𝗻𝘁𝗿𝗼𝗱𝘂𝗰𝘁𝗶𝗼𝗻 𝘁𝗼 𝘀𝗲𝗰𝘂𝗿𝗲 𝗰𝗼𝗱𝗲 𝗿𝗲𝘃𝗶𝗲𝘄

🌟 Farah Hawa’s post about the subject: A few weeks ago, I took up a challenge to learn Secure Code Reviews in 20 days. I chose PHP as the language to focus on and here are the resources I used to learn:

PentesterLab videos about different strategies to use while reviewing code https://www.linkedin.com/company/pentesterlab/
Sonar Rules for code review rules/hacks to find vulnerabilities in PHP. This had great examples of compliant vs non-compliant code snippets. https://www.linkedin.com/company/sonarsource/ https://rules.sonarsource.com/php/type/Vulnerability
Looking for bugs in vulnerable apps like DVWA after finding their code on GitHub: https://github.com/digininja/DVWA/tree/master/vulnerabilities
Watching videos by Vickie Li, and Shubham Shah on the OWASP DevSlop YouTube channel: https://www.youtube.com/c/OWASPDevSlop https://www.linkedin.com/company/owasp-devslop/
Solving challenges posted by YesWeHack ⠵and Intigriti on Twitter but they can also be found on their websites: https://www.yeswehack.com/ https://www.linkedin.com/company/yes-we-hack/ https://blog.yeswehack.com/yeswerhackers/dojoweb-application-bypass-v2-0/ https://www.linkedin.com/company/intigriti/
OWASP® Foundation has a great book Code Review Guide which has good theoretical knowledge about different bug classes https://owasp.org/www-pdf-archive/OWASP_Code_Review_Guide_v2.pdf https://www.linkedin.com/company/owasp/

You can also watch the video I made about this: https://youtu.be/ajcxjnTFo6A

🌟 Introduction to Secure Code Review on PentesterLab: https://www.linkedin.com/company/pentesterlab/ https://pentesterlab.com/exercises/codereview/course

🌟 Freddy Macho’s PDF Code review checklist

🌟 Check out the dedicated section on Secure Code Review on my pentips https://csbygb.gitbook.io/pentips/secure-code-review/code-review

👉 𝗣𝗿𝗮𝗰𝘁𝗶𝗰𝗲 𝗮𝗻𝗱 𝘀𝗵𝗮𝗿𝗽𝗲𝗻 𝘆𝗼𝘂𝗿 𝗿𝗲𝘃𝗶𝗲𝘄𝗲𝗿 𝘀𝗸𝗶𝗹𝗹𝘀

🌟 Security training platform for devs Hacksplaining: https://www.hacksplaining.com/

🌟 Make a vulnerable PHP App with this video by Wesley (The XSS Rat) Thijs https://www.youtube.com/live/e_dLSVpQy40?feature=share

🌟 Join the WeHackPurple Community to talk about secure code practice and more https://community.wehackpurple.com/

👉 𝗧𝗼𝗼𝗹𝘀

🌟 Manual code review versus using a SAST Tool on We Hack Purple https://wehackpurple.com/pushing-left-like-a-boss-part-7-code-review-and-static-code-analysis/ https://www.linkedin.com/company/wehackpurple/

🌟 Code Review tools on HackTricks https://book.hacktricks.xyz/network-services-pentesting/pentesting-web/code-review-tools

🌟 Awesome DevSecOps by TaptuIT https://github.com/TaptuIT/awesome-devsecops

BUG BOUNTY

👉 A great introduction on how to get into bug bounty by Wesley Thijs xssrat https://thexssrat.medium.com/bug-bounty-methodology-v3-0-hunt-like-a-rat-9e030fc54363

👉 A list of bug bounty platforms by Bughacking https://bughacking.com/best-bug-bounty-platforms/

👉 A list of bug bounty programs by vpnmentor: https://www.vpnmentor.com/blog/the-complete-list-of-bug-bounty-programs/

👉 Want to apply to the Synack Red Team Artemis program? https://www.linkedin.com/company/synack-red-team/

An exclusive community open to security professionals who identify as women, trans and nonbinary people, and others who identify as a gender minority. See this link: https://www.synack.com/artemis/

👉 Farah Hawa has a great video about bug bounty resources: https://youtu.be/ig5DuM6M2CQ

👉 The Bug Hunter Handbook by Gowthams https://gowthams.gitbook.io/bughunter-handbook/

👉 A repo “AllAboutBugBounty” by daffainfo https://github.com/daffainfo/AllAboutBugBounty#readme

Mobile App pentest

👉 Android Bug Bounty Hunting: Hunt Like a Rat by Wesley Thijs https://codered.eccouncil.org/course/android-bug-bounty-hunting-hunt-like-a-rat

👉 Set up your lab, learn about the methodology and get more resources on my Pentips

🌟 Gabrielle B's talk and resources for TDI 2022: https://csbygb.gitbook.io/pentips/talks/android-app

🌟 The dedicate Android App hacking page: https://csbygb.gitbook.io/pentips/mobile-app-pentest/android

👉 Mobile App Penetration Testing Cheat Sheet by tanprathan https://github.com/tanprathan/MobileApp-Pentest-Cheatsheet

👉 Don’t forget the standards. Read OWASP MASVS and OWASP MASTG here https://mas.owasp.org/#our-mission

API Pentesting

🌟 I highly recommend taking the API Penetration Testing course by Corey J. Ball on APIsec University https://university.apisec.ai/ https://www.linkedin.com/company/apisec-university/

👉 I had a blast working on this course. You will have the opportunity to learn and apply the concepts right after with a hands-on lab that you can install and deploy yourself.

👉 You will learn about the following topics

Set Up an API Hacking lab
API Reconnaissance
Endpoint Analysis
Scanning APIs
API Authentication Attacks
Exploiting API Authorization
Testing for Improper Assets Management
Mass Assignment
Injection Attacks
Rate Limit Testing
Combining Tools and Techniques

🙏 I can not thank enough the team of APIsec University special mention to Corey J. Ball and Dan Barahona for all that you do for the community. 🙏

🌟 Learn more about the course:

👉 Corey's Book: https://nostarch.com/hacking-apis

👉 Corey talks about API Hacking with David Bombal: https://youtu.be/CkVvB5woQRM

👉 Check out my notes about API Hacking here: https://csbygb.gitbook.io/pentips/web-pentesting/api

Threat Modeling

👉 𝗪𝗵𝗮𝘁 𝗶𝘀 𝘁𝗵𝗿𝗲𝗮𝘁 𝗺𝗼𝗱𝗲𝗹𝗶𝗻𝗴?

🌟 Threat Modeling on OWASP by Victoria Drake https://owasp.org/www-community/Threat_Modeling

👉 𝗛𝗼𝘄 𝗱𝗼𝗲𝘀 𝗶𝘁 𝘄𝗼𝗿𝗸?

🌟 Threat Modeling the Right way for builders Workshop on AWS Skill builder https://explore.skillbuilder.aws/learn/course/external/view/elearning/13274/threat-modeling-the-right-way-for-builders-workshop

🌟 Even my dad is a threat modeler by Sarthak Taneja https://youtu.be/Y587UFgjqhQ

👉 𝗘𝘅𝗮𝗺𝗽𝗹𝗲𝘀 𝗮𝗻𝗱 𝗥𝗲𝘀𝗼𝘂𝗿𝗰𝗲𝘀

🌟 Threat Model Examples by Tal Eliyahu https://github.com/TalEliyahu/Threat_Model_Examples#readme

🌟 Julien Provenzano made multiple posts on the subject

✅ GUIDE TO CYBER THREAT MODELLING by Cyber Security Agency of Singapore (CSA) This document aims to provide a practical and systematic way to identify threat events that can be used in a cybersecurity risk assessment.

It will introduce various approaches and methods of threat modelling, and provide a suggested framework, coupled with practical examples, for individuals and groups to adopt to derive a robust system threat model and relevant threat events.

System owners can then incorporate these threat events into their cybersecurity risk assessment to develop and prioritise effective controls.

target audience:

Internal stakeholders e.g. system owners, business unit heads, Chief Information Security Officers, and personnel involved in IT risk assessment and management within any organisation, including Critical Information Infrastructure Owners;
External consultants or service providers engaged to conduct threat modelling on behalf of system owners; and
Red team members, blue team defenders, and purple team members.

2 APPROACH

2.1 System Level Approach

2.2 Common Missteps in Threat Modelling

2.3 Integrating Threat Modelling into Risk Assessment Process

3 METHODOLOGY

3.1 Overview of Method

3.2 Step 1: Preliminaries and Scope Definition

3.3 Step 2: System Decomposition

3.4 Step 3: Threat Identification

3.5 Step 4: Attack Modelling

3.6 Step 5: Bringing Everything Together

✅ Threat Modeling course by British Columbia Provincial Government

This training course is just one part of the Office of the Chief Information Officer (OCIO) Information Security Branch (ISB) education series.

The goal of this course is to inform staff of what threat modelling is, why it is important, and how it fits into the Security Threat Risk Assessment, and Statement of Acceptable Risk, processes.

Threat Modelling Frameworks

A threat modelling practice flows from a methodology or framework. There are many threat modelling frameworks available for use. Some of these are specialised models designed for a specific task, for example, some focus specifically on risk or on privacy concerns.

They can be optionally combined to create a more robust and well-rounded view of potential threats.

Threat modelling should be performed early in the development cycle because if potential issues arise, they can be caught early and remedied. This can prevent a much costlier fix down the line. Using threat modelling to think about security requirements can lead to proactive architectural decisions that help reduce threats right from the start.

Threat Modeling frameworks

Microsoft STRIDE Threat Modelling Tool (Developer Focused)
OWASP Application Threat modelling (Software Focused)
OCTAVE (Practice Focused)
Trike Threat modelling (Acceptable Risk Focused)
P.A.S.T.A. Threat modelling (Attacker Focused)
VAST Threat modelling (Enterprise Focused)

Threat Modelling Tools

IriusRisk
PyTM
SecuriCAD
ThreatModeler
SD Elements
Tutamantic
OWASP Threat Dragon Project
Mozilla SeaSponge
OVVL

✅ Threat Modeling Architecting & Designing with Security in Mind by OWASP® Foundation - Venkatesh Jagannathan

Why do we create application threat models in the Software Development Life Cycle ?

SDLC refers to a methodology with clearly defined processes for creating high-quality software.

To identify potential flaws that have been there since the applications were created, threat modeling identifies risks and flaws affecting an application, no matter how old or new that application is.

Threat modeling should take place as soon as the architecture is in place as the cost of resolving issues generally increases further along in the SDLC.

Introduction to Threat Modeling
Precursors to Threat Modeling
Threat Modeling – How-To
Test Focused Threat Modeling
Alternate Threat Models
Estimating Threat Modeling for Applications
CVSS vs OCTAVE

🌟 The threat Model playbook by Toreon https://github.com/Toreon/threat-model-playbook

🌟 OWASP Threat Modeling Cheat Sheet https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Threat_Modeling_Cheat_Sheet.md

SEARCH ENGINES FOR PENTESTERS

👉 TryHackMe room Introductory Researching: https://tryhackme.com/room/introtoresearch https://www.linkedin.com/company/tryhackme/

👉 Rajnessh Gupta - How to use Google for hacking https://youtu.be/lLnDrv696u4

👉 Have you heard about dorking? It is also very helpful.

✴️ Hack The Box What is Google Dorking: https://www.hackthebox.com/blog/What-Is-Google-Dorking https://www.linkedin.com/company/hackthebox/

✴️ Tryhackme Google Dorking: https://tryhackme.com/room/googledorking

💭 TIP: Lots of Engine use dorking, see DuckDuckGo Search Syntax: https://help.duckduckgo.com/duckduckgo-help-pages/results/syntax/

💭 TIP2: Automate Google dorking with Katana by TebbaaX: https://github.com/TebbaaX/Katana

👉 Bruce Clay, Inc. - Advanced Search Operators for Bing and Google (Guide and Cheat Sheet) https://www.bruceclay.com/blog/bing-google-advanced-search-operators/ https://www.linkedin.com/company/bruce-clay-inc-/

👉 Daniel Kelley 30 cybersecurity search engines

Here are 30 cybersecurity search engines:

Dehashed—View leaked credentials.
SecurityTrails—Extensive DNS data.
DorkSearch—Really fast Google dorking.
ExploitDB—Archive of various exploits.
ZoomEye—Gather information about targets.
Pulsedive—Search for threat intelligence.
GrayHatWarfare—Search public S3 buckets.
PolySwarm—Scan files and URLs for threats.
Fofa—Search for various threat intelligence.
LeakIX—Search publicly indexed information.
DNSDumpster—Search for DNS records quickly.
FullHunt—Search and discovery attack surfaces.
AlienVault—Extensive threat intelligence feed.
ONYPHE—Collects cyber-threat intelligence data.
Grep App—Search across a half million git repos.
URL Scan—Free service to scan and analyse websites.
Vulners—Search vulnerabilities in a large database.
WayBackMachine—View content from deleted websites.
Shodan—Search for devices connected to the internet.
Netlas—Search and monitor internet connected assets.
CRT sh—Search for certs that have been logged by CT.
Wigle—Database of wireless networks, with statistics.
PublicWWW—Marketing and affiliate marketing research.
Binary Edge—Scans the internet for threat intelligence.
GreyNoise—Search for devices connected to the internet.
Hunter—Search for email addresses belonging to a website.
Censys—Assessing attack surface for internet connected devices.
IntelligenceX—Search Tor, I2P, data leaks, domains, and emails.
Packet Storm Security—Browse latest vulnerabilities and exploits.
SearchCode—Search 75 billion lines of code from 40 million projects.

Cybersec FRAMEWORKS & STANDARDS:

PENTESTING STANDARDS:

(PTES) The Penetration Testing Execution Standard http://www.pentest-standard.org/

(OSSTMM) The Open Source Security Testing Methodology https://www.isecom.org/ https://www.isecom.org/OSSTMM.3.pdf

MITRE ATT&CK

MITRE ATT&CK framework by MITRE ATT&CK https://youtu.be/Yxv1suJYMI8

Putting MITRE ATT&CK into Action with What You Have, Where You Are (By Katie Nickels) https://youtu.be/bkfwMADar0M

MITRE room on TryHackMe https://tryhackme.com/room/mitre

Cyber Kill Chain Framework:

The Cyber Kill Chain® framework, developed by Lockheed Martin, is part of the Intelligence Driven Defense® model for identification and prevention of cyber intrusions activity. The model identifies what the adversaries must complete in order to achieve their objective. https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html

NIST:

NIST Cybersecurity Framework Explained - Kelly Hood, Thomas Conkle - RSA Conference https://youtu.be/nFUyCrSnR68

PCI Security Standards:

PCI Security Standards Council https://www.pcisecuritystandards.org/

ISO STANDARDS:

ISO 27000 Family of Standards by Aron Lange https://youtu.be/7PscOoWtR7g

A youtube playlist about ISO27001 by risk3sixty https://www.youtube.com/c/risk3sixty https://www.youtube.com/playlist?list=PLboNZ8lgLkUjg353Am3x4SytHme-XDL2N

Frameworks compared:

NIST Cybersecurity Framework vs ISO 27001/27002 vs NIST 800-53 vs Secure Controls Framework on Compliance Forge https://www.complianceforge.com/faq/nist-800-53-vs-iso-27002-vs-nist-csf-vs-scf

Mitre Attack vs Cyber Kill chain on blackberry.com https://www.blackberry.com/us/en/solutions/endpoint-security/mitre-attack/mitre-attack-vs-cyber-kill-chain

PENTEST reporting:

How to take NOTES:

CherryTree, a hierarchical note taking application. https://www.giuspen.com/cherrytree/

Joplin, an Open Source note-taking app. https://joplinapp.org/

KeepNote, a note taking application http://keepnote.org/

How to report your findings:

https://csbygb.gitbook.io/pentips/reporting/pentest-report

Writing Tips for IT Professionals (By Lenny Zeltser) https://zeltser.com/writing-tips-for-it-professionals/

How To Write A Penetration Testing Report by HackerSploit https://www.youtube.com/c/HackerSploit/ https://youtu.be/J34DnrX7dTo

REPORTING:

A list of public penetration test reports published by several consulting firms and academic security groups.

https://github.com/juliocesarfort/public-pentesting-reports

A Directory of ethical hacking writeups including bug bounty, responsible disclosure and pentest writeups.

https://pentester.land/writeups/

PENTEST AUTOMATION:

BlackStone Project by MicroJoan https://microjoan.com/ https://github.com/micro-joan/BlackStone

Pentext by https://www.radicallyopensecurity.com/ https://github.com/radicallyopensecurity/pentext

Web PENTEST:

Web Security Academy by PortSwigger:

https://portswigger.net/web-security/learning-path

Rana Khalil Youtube channel

https://www.youtube.com/c/RanaKhalil101

Wesley Thijs XSSrat’s Youtube channel

https://www.youtube.com/c/TheXSSrat

The Pentesting Web Checklist on Pentest Book by six2dez

https://pentestbook.six2dez.com/others/web-checklist

OWASP® Foundation Top 10:

https://owasp.org/www-project-top-ten/

Vulnerable Web Applications to practice:

https://owasp.org/www-project-vulnerable-web-applications-directory/

API PENTEST

API Hacking beginners guide by Dana Epp https://danaepp.com/beginners-guide-to-api-hacking

Corey J. Ball API workshop https://sway.office.com/HVrL2AXUlWGNDHqy https://github.com/hAPI-hacker/Hacking-APIs

API PENTEST ORGANIZING:

MalAPI by mrd0x https://malapi.io/

MindAPI by David Sopas https://dsopas.github.io/MindAPI/play/

API PENTESTING PRACTICE:

Hackxpert - OWASP top 10 API training https://hackxpert.com/API-testing.php

VAmPI by erev0s: https://hakin9.org/vampi-vulnerable-rest-api-with-owasp-top-10-vulnerabilities-for-security-testing/ https://github.com/erev0s/VAmPI

API Pentest videos and conferences:

APISecure Conference all their 2022 videos are available on their website https://www.apisecure.co/

Hacking mHealth Apps and APIs on KnightTV with Alissa Valentina Knight https://youtu.be/GLnhkf3JcL8

CLOUD PENTEST

Get familiar with Cloud Security fundamentals with Learn to cloud by Gwyneth Peña-Siguenza and Dayspring Johnson https://learntocloud.guide/#/phase5/README

Hacking the cloud by Nick Frichette an encyclopedia of the techniques that offensive security professionals can use against cloud environments. https://hackingthe.cloud/

Cloud Security - Attacks by CyberSecurityUP

https://github.com/CyberSecurityUP/Cloud-Security-Attacks

Practice with this free lab from Pentester Academy

https://attackdefense.pentesteracademy.com/challengedetailsnoauth?cid=2074 https://attackdefense.pentesteracademy.com/

ACTIVE DIRECTORY Pentest

AD Practice

Building an Active Directory Lab by spookysec: https://blog.spookysec.net/ad-lab-1/

A script to set up a Vulnerable AD Lab by WazeHell https://github.com/WazeHell/vulnerable-AD

Collection of various common attack scenarios on Azure Active Directory by Cloud-Architekt:

https://github.com/Cloud-Architekt/AzureAD-Attack-Defense

A great document full of resources by Julien Provenzano:

https://www.ralfkairos.com/ https://github.com/infosecn1nja/AD-Attack-Defense

An Active Directory Exploitation Cheat Sheet by Integration-IT

https://github.com/Integration-IT/Active-Directory-Exploitation-Cheat-Sheet

CTF

HACKTHEBOX, A Massive Hacking Playground; CTF challenges: Fullpwn (based on vulnerable machines), Cryptographic, Forensic, Pwn (based on binary exploitation and memory corruption), Web, Reversing, Cloud cybersecurity (AWS, GCP, and Azure misconfigurations) and Hardware. https://www.hackthebox.com/

What is CTF in hacking? Tips & CTFs for beginners by HTB. https://www.hackthebox.com/blog/what-is-ctf

Learn to Hack with Hack The Box: The Beginner's Bible. https://www.hackthebox.com/blog/learn-to-hack-beginners-bible

Getting Into CTFs As a Web Developer. https://erichogue.ca/2022/03/GettingIntoCTFsAsADev

CTFs (Write-Ups and Resources)

https://github.com/ctfs

Root Me https://www.root-me.org

TryHackMe https://tryhackme.com/

RingZer0 Team Online CTF https://ringzer0ctf.com/challenges

Cryptopals https://cryptopals.com/

CTF Time https://ctftime.org/

Marcelle Lee’s website reference sheet

https://info.marcellelee.com/ https://drive.google.com/drive/folders/1cfwjm_VqXwAFpFdBnUXkUi0-qT4_cpiJ https://docs.google.com/spreadsheets/d/1AkczyGQbtabSMbxq1P-c7u3NSXlmXqqv3cDoVpTlSoM/edit#gid=0

PURPLE TEAM

The Difference Between Red, Blue, and Purple Teams (By Daniel Miessler) https://danielmiessler.com/study/red-blue-purple-teams/

Purple Teaming for Dummies https://www.attackiq.com/lp/purple-teaming-for-dummies/

Purple Team Resources for Enterprise Purple Teaming: An Exploratory Qualitative Study by Xena Olsen. https://github.com/ch33r10/EnterprisePurpleTeaming

PURPLE TEAMING: Practice & Tips

Purple Team Exercise Framework https://github.com/scythe-io/purple-team-exercise-framework/blob/master/PTEFv2.md

Actionable Purple Teaming: Why and How You Can (and Should) Go Purple https://www.scythe.io/library/actionable-purple-teaming-why-and-how-you-can-and-should-go-purple https://www.scythe.io/ptef

TOOLS:

Bloodhound for Blue and Purple Teams. https://github.com/PlumHound/PlumHound

PurpleSharp is a C# adversary simulation tool that executes adversary techniques with the purpose of generating attack telemetry in monitored Windows environments. https://github.com/mvelazc0/PurpleSharp