## 1 research NOTE: THIS DIRECTLY CONNECTS TO A SEPARATE TT PAGE CALLED OSINT ## 2 planning DELIVERY One not-too-uncommon approach to distribute less-than-legitimate software and content online is to intentionally get neighboring websites: - (use actual example) barbecuetips.com might be an amazing site for BBQ-related tips, so hackers will take up barbbecuetips.com, bbqtips.com, barbecuetips.co, barbecuetips.net, and so on - one of the most successful was whitehouse.com during the Clinton years, which was a porn site. ## antivirus tip Overall Strategy Diversify your analysis approach. Don't rely on the results from a single tool. Run everything with as few privileges as necessary. APT investigations must be seperated from commodity malware, otherwise you give malware authors "ideas". Treat everything like it could be malicious until you have enough evidence to suggest otherwise. ## hacking types - ddos DDoS can be layer 4 or layer 7 ## Hacking Types A specific type of attack prevention: deploy various file types (randomly named) for tracking an encryption attack (i.e., terminates an encrypting process mid-process) types of phishing: Standard phishing, like cold-call sales, sends out many emails at once to get anyone gullible enough to give information. Spear phishing writes a personal letter to someone with potentially privileged information. CEO fraud and government phishing use an official-looking email address like a company CEO or government bureau. Clone phishing copies a legitimate message with an attachment and sends an identical one with a virus attachment instead. Cloud phishing sends a link to a cloud service to download a seemingly legitimate file. [How can I create a file full of 0s? : HowToHack](https://old.reddit.com/r/HowToHack/comments/vqdvku/how_can_i_create_a_file_full_of_0s/) - zip bombs? ### PBX Hacking By hacking a phone, hackers can incur fees of a legit company "calling" a toll-based number 1. Route the phone via voicemail (default password is last 4 of phone #) to another place, which can rack up expenses when people try calling it 2. make phone calls that originate from a known IP address for a PBX, where the IP can be the source phone # for other calls ## be careful who you hack [Hackers Apologize to Arab Royal Families for Leaking Their Data](https://www.vice.com/en/article/n7nw8m/conti-ransomware-hackers-apologize-to-arab-royal-families-for-leaking-their-data) ## bug bounties and reporting risks [Bounties for unsecured pages? : HowToHack](https://old.reddit.com/r/HowToHack/comments/xza471/bounties_for_unsecured_pages) [Where does one place a bounty on decoding a proprietary communications protocol? : hacking](https://old.reddit.com/r/hacking/comments/qarhuk/where_does_one_place_a_bounty_on_decoding_a) [Apple silently fixes iOS zero-day, asks bug reporter to keep quiet | Hacker News](https://news.ycombinator.com/item?id=28856203) [Apple silently fixes iOS zero-day, asks bug reporter to keep quiet](https://www.bleepingcomputer.com/news/apple/apple-silently-fixes-ios-zero-day-asks-bug-reporter-to-keep-quiet/) [Google launches new vulnerability reward platform | Hacker News](https://news.ycombinator.com/item?id=27971921) [Google Online Security Blog: A new chapter for Google's Vulnerability Reward Program](https://security.googleblog.com/2021/07/a-new-chapter-for-googles-vulnerability.html) [Google Online Security Blog](https://security.googleblog.com/) the latest news and insights from Google on security and safety on the Internet. [Breaking GitHub Private Pages for $35k | Hacker News](https://news.ycombinator.com/item?id=26709159) [Breaking GitHub Private Pages for $35k](https://robertchen.cc/blog/2021/04/03/github-pages-xss) [$20k bounty was claimed | Hacker News](https://news.ycombinator.com/item?id=38434613) [$20k Bounty was Claimed! · Prettier](https://prettier.io/blog/2023/11/27/20k-bounty-was-claimed) [Ethical hacker found a bug on my site... reward? : hacking](https://old.reddit.com/r/hacking/comments/pgkog2/ethical_hacker_found_a_bug_on_my_site_reward) [Prosecutor won't charge reporter who uncovered database flaw | Hacker News](https://news.ycombinator.com/item?id=30318208) [Prosecutor won't charge reporter who uncovered database flaw](https://www.kshb.com/news/local-news/prosecutor-wont-charge-reporter-who-uncovered-database-flaw) [White hat hacker awarded $2M for fixing ETH-creation bug | Hacker News](https://news.ycombinator.com/item?id=30321347) [White Hat Hacker Awarded $2 Million for Fixing ETH-Creation Bug](https://cryptoadventure.com/white-hat-hacker-awarded-2-million-for-fixing-eth-creation-bug/) [Ubiquiti is suing Brian Krebs for his reporting on their breach | Hacker News](https://news.ycombinator.com/item?id=30850416) [Corey Quinn on X: "So I've been a *mostly* happy @Ubiquiti customer, despite a few hiccups with their Cloud Key Gen 2+ model space heater. And a security breach. That I first found out about from @briankrebs. Against whom Ubiquiti has apparently just filed a lawsuit. https://t.co/7juZxBJSNi" / X](https://twitter.com/QuinnyPig/status/1508965090019577856) [Brian Krebs](https://krebsonsecurity.com/) The Washington Post and now an Independent investigative journalist. [USPS 'Informed Delivery' Is Stalker's Dream](https://krebsonsecurity.com/2017/10/usps-informed-delivery-is-stalkers-dream) [I found a security issue on a competitor, got fired and served a summons | Hacker News](https://news.ycombinator.com/item?id=30706014) [I found a security issue on a competitor, got fired and served a summons - AccidHacker](https://web.archive.org/web/20220317014638/https://accidhacker.wordpress.com/2022/03/16/i-found-a-security-issue-on-a-competitor-got-fired-and-served-a-summons/) ## Chinese hacking [Chinese APT Using Google Drive, Dropbox to Drop Malware](https://www.databreachtoday.com/chinese-apt-using-google-drive-dropbox-to-drop-malware-a-20522) ## ctf [WarGames for real: How one 1983 exercise nearly triggered WWIII | Ars Technica](https://arstechnica.com/information-technology/2020/11/wargames-for-real-how-one-1983-exercise-nearly-triggered-wwiii) ## cybercrime cost [The low, low cost of committing cybercrime | Hacker News](https://news.ycombinator.com/item?id=37342548) [The low, low cost of (committing) cybercrime - SANS Internet Storm Center](https://isc.sans.edu/diary/The+low+low+cost+of+committing+cybercrime/30176) ## cyberpunk culture [A Cypherpunk's Manifesto (1993) | Hacker News](https://news.ycombinator.com/item?id=33554818) [web.archive.org/web/20230401212942/https://what.cd/](https://web.archive.org/web/20230401212942/https://what.cd/) [Cypherpunk - Wikipedia](https://en.m.wikipedia.org/wiki/Cypherpunk) [Cyberpunk (genre) - FritzWiki](https://fritzfreiheit.com/wiki/Cyberpunk_%28genre%29) [KHEPER - Kheper](https://www.kheper.net/) [Cyberpunk - InstallGentoo Wiki](https://wiki.installgentoo.com/wiki/Cyberpunk) [THE EVOLUTION OF CYBERPUNK - The New York Times](https://www.nytimes.com/1993/08/08/style/the-evolution-of-cyberpunk.html) [Cyberpunk Information Database](http://project.cyberpunk.ru/idb/) [Cyberlife](https://cyberpunk-life.neocities.org/) cyberpunk-related links such as imageboards, blogs, info, wikis [Cyberpunk Forums](https://cyberpunkforums.com/) [CyberPunk Network](https://cyberpunk.xyz/) [CyberPunk Wires: Live news wire](https://cyberpunk.xyz/theWire) [danger/u/](https://dangeru.us/) cyberpunk-styled board [Calling All Hackers | Hacker News](https://news.ycombinator.com/item?id=41306128) [.:: Phrack Magazine ::.](https://phrack.org/issues/71/17.html#article) [phrack.org](http://phrack.org/index.html) an awesome collection of articles from several respected hackers and other thinkers. [Phrack Issue 70 | Hacker News](https://news.ycombinator.com/item?id=28758486) [.:: Phrack Magazine ::.](http://phrack.org/issues/70/1.html) http://www.phrack.org/archives [Cyberpunk derivatives - Wikipedia](https://en.m.wikipedia.org/wiki/Cyberpunk_derivatives#Postcyberpunk) ### cyberpunk websites [static.anarchivism.org](https://static.anarchivism.org/) Anarchivism [cyberpunked](https://cyberpunked.org/) cyberpunk-related site on security/encryption etc The Cyberpunk Directory ### cyberpunk magazines and newsletters [Exolymph is a cyberpunk newsletter focused on futurism.](https://www.exolymph.news/) Exolymph (2015-2018) [close this World](https://lainzine.org/) Lainzine (2015-2018) ## data breaches [Biggest Data Breaches of 2020 - and What Developers Should Learn From Them](https://www.freecodecamp.org/news/biggest-data-breaches-lessons-learned) [Tesla 'insider' breaches personal data of more than 75,000 employees](https://www.washingtonexaminer.com/news/business/tesla-insider-breaches-personal-data-employees) [Inside the "3 billion people" national public data breach | Hacker News](https://news.ycombinator.com/item?id=41248104) [Troy Hunt: Inside the "3 Billion People" National Public Data Breach](https://www.troyhunt.com/inside-the-3-billion-people-national-public-data-breach/) [FlightAware Leaks Customer Data (Name, Email Addresses and Passwords) | Hacker News](https://news.ycombinator.com/item?id=41277429) [FlightAware Leaks Customer Data (Name, Email Addresses & Passwords) - LoyaltyLobby](https://loyaltylobby.com/2024/08/16/flightaware-leaks-customer-data-name-email-addresses-passwords/) [Congress demands answers about consumer data breach | WORLD](https://wng.org/sift/congress-demands-answers-about-consumer-data-breach-1724450407) ## ethical hacking [Belgium legalises ethical hacking | Hacker News](https://news.ycombinator.com/item?id=35847860) [Belgium legalises ethical hacking: a threat or an opportunity for cybersecurity? - CiTiP blog](https://www.law.kuleuven.be/citip/blog/belgium-legalises-ethical-hacking-a-threat-or-an-opportunity-for-cybersecurity/) [TechAgainstTerrorism - Tech Against Terrorism](https://www.techagainstterrorism.org) ## exposed containers [Over 900,000 Kubernetes instances found exposed online](https://web.archive.org/web/20220628145029/https://www.bleepingcomputer.com/news/security/over-900-000-kubernetes-instances-found-exposed-online) ## govt pentesting [Department of Justice announces new policy for charging cases under the CFAA | Hacker News](https://news.ycombinator.com/item?id=31435945) [Office of Public Affairs | Department of Justice Announces New Policy for Charging Cases under the Computer Fraud and Abuse Act | United States Department of Justice](https://www.justice.gov/opa/pr/department-justice-announces-new-policy-charging-cases-under-computer-fraud-and-abuse-act) [NSO group iPhone zero-click, zero-day exploit captured in the wild | Hacker News](https://news.ycombinator.com/item?id=37425007) [BLASTPASS: NSO Group iPhone Zero-Click, Zero-Day Exploit Captured in the Wild - The Citizen Lab](https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/) [DHS Has a DoS Robot to Disable Internet of Things ‘Booby Traps’ Inside Homes](https://www.404media.co/dhs-has-a-ddos-robot-to-disable-internet-of-things-booby-traps-inside-homes/) ## govt vs apple [Despite the hype, iPhone security no match for NSO spyware (2021) | Hacker News](https://news.ycombinator.com/item?id=30130251) [Apple iPhones were successfully hacked by NSO's Pegasus surveillance tool - The Washington Post](https://www.washingtonpost.com/technology/2021/07/19/apple-iphone-nso/) ## govt vs ransomware groups [FBI Disrupts 'Hive' Ransomware Group - WSJ](https://www.wsj.com/articles/u-s-disrupts-hive-ransomware-group-seizes-its-servers-11674749213) ## hacking botnets [Script Kiddie Nightmares: Hacking Poorly Coded Botnets](https://v3ded.github.io/pwn/hacking-botnets.html) ## hacking labs [So I got my virtual lab up… where to from here? : hacking](https://old.reddit.com/r/hacking/comments/q6ueme/so_i_got_my_virtual_lab_up_where_to_from_here) ## hacking locations [GitHub - daviddias/awesome-hacking-locations: List of Awesome Hacking Locations, organised by Country and City, listing if it features power and wifi](https://github.com/daviddias/awesome-hacking-locations) ## hacking on a budget [I got $5, tell me what to buy. : HowToHack](https://old.reddit.com/r/HowToHack/comments/xo3af7/i_got_5_tell_me_what_to_buy) [I got $60, tell me what to buy to help/use/advance in your hacking career. : HowToHack](https://old.reddit.com/r/HowToHack/comments/xs5569/i_got_60_tell_me_what_to_buy_to_helpuseadvance_in) ## hacking the hackers [My Phone Was Spying on Me, So I Tracked Down the Surveillants | Hacker News](https://news.ycombinator.com/item?id=25288341) [Martin Gundersen on X: "My Phone Was Spying on Me, so I Tracked Down the Surveillants THREAD on the location data industry and how European personal data ended up at a U.S. government contractor. https://t.co/ezuNnVyNFC" / X](https://twitter.com/martingund/status/1334465877153095680) [I tracked down my impostor | Hacker News](https://news.ycombinator.com/item?id=26604093) [Experience: I tracked down my impostor | Life and style | The Guardian](https://www.theguardian.com/lifeandstyle/2021/mar/26/experience-i-tracked-down-my-impostor) ## hacking types - 0-day [0-days exploited by commercial surveillance vendor in Egypt | Hacker News](https://news.ycombinator.com/item?id=37614816) [0-days exploited by commercial surveillance vendor in Egypt](https://blog.google/threat-analysis-group/0-days-exploited-by-commercial-surveillance-vendor-in-egypt/) [The WebP 0day | Hacker News](https://news.ycombinator.com/item?id=37600852) [The WebP 0day](https://blog.isosceles.com/the-webp-0day/) [Android app from China executed 0-day exploit on millions of devices: technews](https://www.reddit.com/r/technews/comments/123pflc/android_app_from_china_executed_0day_exploit_on) [MOVEit zero-day exploit used by data breach gangs: The how, the why, and what to do…](https://nakedsecurity.sophos.com/2023/06/05/moveit-zero-day-exploit-used-by-data-breach-gangs-the-how-the-why-and-what-to-do/) [Sophos](https://nakedsecurity.sophos.com/) threat news room, giving you news, opinion, advice and research on computer security issues. ## hacking types - 0 misc exposure [Please log in with router's password | Hacker News](https://news.ycombinator.com/item?id=28134176) ["Please log in with router's password" - Google Search](https://www.google.com/search?q=%22Please+log+in+with+router%27s+password%22) ## hacking types - 1-click exploit [I found a 1-click exploit in South Korea's biggest mobile chat app | Hacker News](https://news.ycombinator.com/item?id=40776880) [1-click Exploit in South Korea's biggest mobile chat app | stulle123's Blog](https://stulle123.github.io/posts/kakaotalk-account-takeover/) ## hacking types - acoustic attack [New acoustic attack steals data from keystrokes with 95% accuracy | Hacker News](https://news.ycombinator.com/item?id=37013704) [New acoustic attack steals data from keystrokes with 95% accuracy](https://www.bleepingcomputer.com/news/security/new-acoustic-attack-steals-data-from-keystrokes-with-95-percent-accuracy/) ## hacking types - atm skimming [Crazy Thin 'Deep Insert' ATM Skimmers | Hacker News](https://news.ycombinator.com/item?id=32843961) [Say Hello to Crazy Thin 'Deep Insert' ATM Skimmers - Krebs on Security](https://krebsonsecurity.com/2022/09/say-hello-to-crazy-thin-deep-insert-atm-skimmers/) ## hacking types - backdoors - js [The Invisible JavaScript Backdoor | Hacker News](https://news.ycombinator.com/item?id=29170954) [The Invisible JavaScript Backdoor - Certitude Blog](https://certitude.consulting/blog/en/invisible-backdoor/) ## hacking types - backdoors - machine learning [Planting Undetectable Backdoors in Machine Learning Models | Hacker News](https://news.ycombinator.com/item?id=34938299) [Planting Undetectable Backdoors in Machine Learning Models : [Extended Abstract] | IEEE Conference Publication | IEEE Xplore](https://ieeexplore.ieee.org/abstract/document/9996741) ## hacking types - backdoors [Snowden leak: Cavium networking hardware may contain NSA backdoor | Hacker News](https://news.ycombinator.com/item?id=37570407) [Matthew Green on X: "New leak from the Snowden documents. https://t.co/L0bOxAKoD3" / X](https://twitter.com/matthew_d_green/status/1703959863796158678) [4-year campaign backdoored iPhones using advanced exploit | Hacker News](https://news.ycombinator.com/item?id=38784073) [Operation Triangulation: What you get when attack iPhones of researchers | Hacker News](https://news.ycombinator.com/item?id=38783112) [Operation Triangulation: The last (hardware) mystery | Securelist](https://securelist.com/operation-triangulation-the-last-hardware-mystery/111669/) [RotaJakiro: A long live secret backdoor with 0 VT detection | Hacker News](https://news.ycombinator.com/item?id=26981886) [RotaJakiro: A long live secret backdoor with 0 VT detection](https://web.archive.org/web/20210430063926/https://blog.netlab.360.com/stealth_rotajakiro_backdoor_en/) ## hacking types - bitb [New Browser-in-the Browser (BITB) Attack Makes Phishing Nearly Undetectable : programming](https://old.reddit.com/r/programming/comments/tk3dwp/new_browserinthe_browser_bitb_attack_makes) ## hacking types - bruteforcing [ELI5 : how can brute forcing password still exist if sites lock the account after several failed attempts? : explainlikeimfive](https://old.reddit.com/r/explainlikeimfive/comments/13mosyb/eli5_how_can_brute_forcing_password_still_exist) [Brute.Fail: Watch brute force attacks fail in real time | Hacker News](https://news.ycombinator.com/item?id=36169954) [Brute.Fail: Watch brute force attacks fail in real time](https://brute.fail/) ## hacking types - buffer overflow [Chrome: Heap buffer overflow in WebP | Hacker News](https://news.ycombinator.com/item?id=37478403) [Chrome Releases: Stable Channel Update for Desktop](https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html) ## hacking types - ci-cd pipelines [10 real-world stories of how we've compromised CI/CD pipelines - NCC Group Research](https://research.nccgroup.com/2022/01/13/10-real-world-stories-of-how-weve-compromised-ci-cd-pipelines) ## hacking types - clickjacking [GRC | Notes for Episode #168  ](https://www.grc.com/sn/notes-168.htm) ## hacking types - copy-paste [Don't copy-paste commands from webpages - you can get hacked](https://www.bleepingcomputer.com/news/security/dont-copy-paste-commands-from-webpages-you-can-get-hacked) ## hacking types - cpu vulnerabilities [New x86 micro-op vulnerability breaks all known Spectre defenses | Hacker News](https://news.ycombinator.com/item?id=27000570) [Computer scientists discover new vulnerability affecting computers globally | ScienceDaily](https://www.sciencedaily.com/releases/2021/04/210430165903.htm) ## hacking types - credential fishing [What's your play when you come across a website being used for cred fishing? : cybersecurity](https://old.reddit.com/r/cybersecurity/comments/w806hl/whats_your_play_when_you_come_across_a_website) [Sending spammers to password purgatory | Hacker News](https://news.ycombinator.com/item?id=32338186) [Troy Hunt: Sending Spammers to Password Purgatory with Microsoft Power Automate and Cloudflare Workers KV](https://www.troyhunt.com/sending-spammers-to-password-purgatory-with-microsoft-power-automate-and-cloudflare-workers-kv/) ## hacking types - credential reuse [GitHub - D4Vinci/Cr3dOv3r: Know the dangers of credential reuse attacks.](https://github.com/D4Vinci/Cr3dOv3r) ## hacking types - credential stuffing [Hackers steal $300,000 in DraftKings credential stuffing attack](https://www.bleepingcomputer.com/news/security/hackers-steal-300-000-in-draftkings-credential-stuffing-attack) ## hacking types - css [Can you get pwned with CSS?](https://scotthelme.co.uk/can-you-get-pwned-with-css) [Scott Helme](https://scotthelme.co.uk/) security researcher, speaker and founder of securityheaders.com and report-uri.com. ## hacking types - ddos [Someone has been attempting to DDoS us for weeks and we do nothing | Hacker News](https://news.ycombinator.com/item?id=39872686) [We are under DDoS attack and we do nothing | TablePlus](https://tableplus.com/blog/2024/03/how-we-deal-with-ddos.html) [The Internet Archive is under a DDoS attack | Hacker News](https://news.ycombinator.com/item?id=40492264) [internetarchive: "Sorry to say, archive.org is u…" - Internet Archive](https://mastodon.archive.org/@internetarchive/112513905401989149) [Digital Attack Map](https://www.digitalattackmap.com/#anim=1&color=0&country=ALL&list=0&time=18763&view=map) [Nine-year-old kids are launching DDoS attacks against schools](https://www.bitdefender.com/blog/hotforsecurity/nine-year-old-kids-are-launching-ddos-attacks-against-schools) ## hacking types - dependency confusion [Dependency Confusion: How I Hacked Into Apple, Microsoft and Other Companies | Hacker News](https://news.ycombinator.com/item?id=26087064) [Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies | by Alex Birsan | Medium](https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610) ## hacking types - dirty pipe vulnerability [The Dirty Pipe Vulnerability — The Dirty Pipe Vulnerability documentation](https://dirtypipe.cm4all.com/) ## hacking types - DLL injection [InjectedDLL](https://www.nirsoft.net/utils/injected_dll.html) ## hacking types - double free [GitHub - stong/how-to-exploit-a-double-free: How to exploit a double free vulnerability in 2021. Use After Free for Dummies](https://github.com/stong/how-to-exploit-a-double-free) ## hacking types - FREAK [Tracking the FREAK Attack](https://freakattack.com) ## hacking types - glowworm attack [New "Glowworm attack" recovers audio from devices' power LEDs | Ars Technica](https://arstechnica.com/gadgets/2021/08/new-glowworm-attack-recovers-audio-from-devices-power-leds) ## hacking types - Goodwill ransomware [GoodWill ransomware forces victims to donate to the poor | Hacker News](https://news.ycombinator.com/item?id=31527446) [GoodWill ransomware forces victims to donate to the poor and provides financial assistance to patients in need | Threat Intelligence | CloudSEK](https://www.cloudsek.com/threatintelligence/goodwill-ransomware-forces-victims-to-donate-to-the-poor-and-provides-financial-assistance-to-patients-in-need) ## hacking types - hardware espionage [A low budget consumer hardware espionage implant (2018) | Hacker News](https://news.ycombinator.com/item?id=40363704) [Inside a low budget consumer hardware espionage implant](https://ha.cking.ch/s8_data_line_locator/) ## hacking types - Hertzbleed attack [A new vulnerability in Intel and AMD CPUs lets hackers steal encryption keys : cybersecurity](https://old.reddit.com/r/cybersecurity/comments/vct6i6/a_new_vulnerability_in_intel_and_amd_cpus_lets) [Hertzbleed Attack | Hacker News](https://news.ycombinator.com/item?id=31743110) [Hertzbleed Attack](https://www.hertzbleed.com/) ## hacking types - infostealer [Hacker confirms access through infostealer infection [withdrawn] | Hacker News](https://news.ycombinator.com/item?id=40534868) [Hudson Rock - Cybercrime Intelligence Solutions](https://www.hudsonrock.com/) ## hacking types - keyboard logging [Over a billion users could be at risk from keyboard logging app security flaw | TechRadar](https://www.techradar.com/pro/security/over-a-billion-users-could-be-at-risk-from-keyboard-logging-app-security-flaw) ## hacking types - keycards [Hackers found a way to open any of 3M hotel keycard locks | Hacker News](https://news.ycombinator.com/item?id=39779291) [Hackers Found a Way to Open Any of 3 Million Hotel Keycard Locks in Seconds | WIRED](https://www.wired.com/story/saflok-hotel-lock-unsaflok-hack-technique/) ## hacking types - keystroke injection [Bluetooth keystroke-injection in Android, Linux, macOS and iOS | Hacker News](https://news.ycombinator.com/item?id=38661182) [reblog/cve-2023-45866 at main · skysafe/reblog · GitHub](https://github.com/skysafe/reblog/tree/main/cve-2023-45866) ## hacking types - marvin attack [The Marvin Attack](https://people.redhat.com/~hkario/marvin/) ## hacking types - MFA bombing [Recent 'MFA Bombing' Attacks Targeting Apple Users | Hacker News](https://news.ycombinator.com/item?id=39836350) [Recent 'MFA Bombing' Attacks Targeting Apple Users - Krebs on Security](https://krebsonsecurity.com/2024/03/recent-mfa-bombing-attacks-targeting-apple-users/) ## hacking types - misconfiguration [What is the type of vulnerability called where you put the wrong file extension in the URL on a file that you shouldnt have access to? : AskNetsec](https://old.reddit.com/r/AskNetsec/comments/spf17d/what_is_the_type_of_vulnerability_called_where) ## hacking types - MitM [Is it wrong to MitM Dating app traffic on your own device.](https://old.reddit.com/r/hacking/comments/15sn0ks/is_it_wrong_to_mitm_dating_app_traffic_on_your/) [Demo of a simple NTLM relay attack allowing any standard domain user without local admin privileges to become Domain Admin : HowToHack](https://old.reddit.com/r/HowToHack/comments/xplwef/demo_of_a_simple_ntlm_relay_attack_allowing_any) ## hacking types - NAT slipstreaming [NAT Slipstreaming | Hacker News](https://news.ycombinator.com/item?id=24955891) [Samy Kamkar - NAT Slipstreaming v2.0](https://samy.pl/slipstream/) ## hacking types - networks [Hacking millions of modems and investigating who hacked my modem | Hacker News](https://news.ycombinator.com/item?id=40570781) [Hacking Millions of Modems (and Investigating Who Hacked My Modem)](https://samcurry.net/hacking-millions-of-modems) ## hacking types - phishing [Google Ads Phishing | DomainGuard | Threat Visibility Platform | Phishing and Fraud Prevention](https://guardyourdomain.com/blog/google-ads-phishing/) ## hacking types - POODLE [The POODLE Attack and Tracking SSLv3 Deployment - Censys](https://censys.io/the-poodle-attack-and-tracking-sslv3-deployment) ## hacking types - remote code execution [BleedingTooth: Linux Bluetooth Zero-Click Remote Code Execution | security-research](https://google.github.io/security-research/pocs/linux/bleedingtooth/writeup.html) [RCE over ham radio - Reverse shell via WinAPRS memory corruption bug | Hacker News](https://news.ycombinator.com/item?id=31571476) [Hacking Ham Radio: WinAPRS - Part 5 - Coalfire](https://www.coalfire.com/the-coalfire-blog/hacking-ham-radio-winaprs-part-5) [Unauthenticated RCE on a RIGOL oscilloscope | Hacker News](https://news.ycombinator.com/item?id=36745664) [Unauthenticated RCE on a RIGOL oscilloscope - tortel.li](https://tortel.li/post/insecure-scope/) ## hacking types - repojacking [GitHub Dataset Research Reveals Millions Potentially Vulnerable to RepoJacking](https://blog.aquasec.com/github-dataset-research-reveals-millions-potentially-vulnerable-to-repojacking) ## hacking types - reverse engineering [Reverse engineering of a rechargeable bus ticket](https://old.reddit.com/r/hacking/comments/15pi27m/reverse_engineering_of_a_rechargeable_bus_ticket/) ## hacking types - reverse shell [Blocking Visual Studio Code embedded reverse shell before it's too late | Hacker News](https://news.ycombinator.com/item?id=37623562) [Blocking Visual Studio Code embedded reverse shell before it's too late | ipfyx blog](https://ipfyx.fr/post/visual-studio-code-tunnel/) ## hacking types - rowhammer [The Rowhammer: the Evolution of a Dangerous Attack | Infosec Resources](https://resources.infosecinstitute.com/topic/rowhammer-evolution-dangerous-attack-years) [ZenHammer: Rowhammer attacks on AMD Zen-based platforms | Hacker News](https://news.ycombinator.com/item?id=39819599) [ZenHammer: Rowhammer Attacks on AMD Zen-based Platforms - Computer Security Group](https://comsec.ethz.ch/research/dram/zenhammer/) ## hacking types - sim swapping [Student charged for extorting over 40 people for money and crypto by SIM swapping : technews](https://old.reddit.com/r/technews/comments/ppchqp/student_charged_for_extorting_over_40_people_for) [Companies embracing SMS for account logins should be blamed for SIM-swap attacks | Hacker News](https://news.ycombinator.com/item?id=39269327) [Companies embracing SMS for account logins should be blamed for SIM-swap attacks - Key Discussions](https://keydiscussions.com/2024/02/05/sim-swap-attacks-can-be-blamed-on-companies-embracing-sms-based-password-resets/) [T-Mobile employees across the country receive cash offers to illegally swap SIMs | Hacker News](https://news.ycombinator.com/item?id=40045093) [T-Mobile Employees Across The Country Receive Cash Offers To Illegally Swap SIMs](https://tmo.report/2024/04/t-mobile-employees-across-the-country-receive-cash-offers-to-illegally-swap-sims/) ## hacking types - sms phishing [SMS phishing is way too easy | Hacker News](https://news.ycombinator.com/item?id=31862994) [SMS phishing is way too easy](https://www.bejarano.io/sms-phishing/) ## hacking types - sms timings [Freaky Leaky SMS: Extracting User Locations by Analyzing SMS Timings](https://old.reddit.com/r/netsec/comments/14a8oaj/freaky_leaky_sms_extracting_user_locations_by/) ## hacking types - sql injection [Google results for PHP tutorials contain SQL injection vulnerabilities | Hacker News](https://news.ycombinator.com/item?id=27952135) [16 of 30 Google results contain SQL injection vulnerabilities](https://web.archive.org/web/20210725193847/https://waritschlager.de/sqlinjections-in-google-results.html) [Bypassing airport security via SQL injection | Hacker News](https://news.ycombinator.com/item?id=41392128) [Bypassing airport security via SQL injection](https://ian.sh/tsa) ## hacking types - supply chain attack [A supply chain attack on PyTorch | Hacker News](https://news.ycombinator.com/item?id=38969533) [Playing with Fire - How We Executed a Critical Supply Chain Attack on PyTorch - John Stawinski IV](https://johnstawinski.com/2024/01/11/playing-with-fire-how-we-executed-a-critical-supply-chain-attack-on-pytorch/) [Polyfill supply chain attack hits 100K+ sites | Hacker News](https://news.ycombinator.com/item?id=40791829) [Polyfill supply chain attack hits 100K+ sites](https://sansec.io/research/polyfill-supply-chain-attack) [Dozens of malicious PyPI packages discovered targeting developers | Hacker News](https://news.ycombinator.com/item?id=33438678) [Phylum Discovers Dozens More PyPI Packages Attempting to Deliver W4SP Stealer in Ongoing Supply-Chain Attack](https://blog.phylum.io/phylum-discovers-dozens-more-pypi-packages-attempting-to-deliver-w4sp-stealer-in-ongoing-supply-chain-attack/) ## hacking types - sybil attack [Blockchain Sybil resistance: Searching for the perfect waste of resources](https://www.finder.com.au/blockchain-sybil-resistance-searching-for-the-perfect-waste-of-resources) ## hacking types - tracking devices [Help me identify possible tracking device found in my car | Hacker News](https://news.ycombinator.com/item?id=32040251) [Help me identify possible tracking device found in my car](https://gist.github.com/jwbee/90e32362fd24b1a233b882ffa7950616) ## hacking types - trojans [ELI5:Why do scams trojan horses ect always use ťĥéşé țýpěś õf şpéćîãľ ļéťťëřš doesn't that just make the scam look obvious? : explainlikeimfive](https://old.reddit.com/r/explainlikeimfive/comments/1168l28/eli5why_do_scams_trojan_horses_ect_always_use) [Ken Thompson really did launch his "trusting trust" trojan attack in real life | Hacker News](https://news.ycombinator.com/item?id=33008519) [Ken Thompson Really Did Launch His "Trusting Trust" Trojan Attack in Real Life](https://niconiconi.neocities.org/posts/ken-thompson-really-did-launch-his-trusting-trust-trojan-attack-in-real-life/) [Booby-trapped sites delivered potent new backdoor trojan to macOS users | Ars Technica](https://arstechnica.com/information-technology/2022/01/booby-trapped-sites-delivered-potent-new-backdoor-trojan-to-macos-users) ['Trojan Source' Bug Threatens the Security of All Code | Hacker News](https://news.ycombinator.com/item?id=29062982) ['Trojan Source' Bug Threatens the Security of All Code - Krebs on Security](https://krebsonsecurity.com/2021/11/trojan-source-bug-threatens-the-security-of-all-code/) [Threat actor abuses Cloudflare tunnels to deliver remote access trojans | Hacker News](https://news.ycombinator.com/item?id=41132328) [Threat Actor Abuses Cloudflare Tunnels to Deliver RATs | Proofpoint US](https://www.proofpoint.com/us/blog/threat-insight/threat-actor-abuses-cloudflare-tunnels-deliver-rats) ## hacking types - VPN decloaking [Attackers can decloak routing-based VPNs | Hacker News](https://news.ycombinator.com/item?id=40279632) [CVE-2024-3661: TunnelVision - How Attackers Can Decloak Routing-Based VPNs For a Total VPN Leak — Leviathan Security Group - Penetration Testing, Security Assessment, Risk Advisory](https://www.leviathansecurity.com/blog/tunnelvision) ## hacking types - webcams [Webcam Hacking (again) - Safari UXSS | Ryan Pickren](https://www.ryanpickren.com/safari-uxss) ## hacking types - wireless hacking [New 5G protocol vulnerabilities allow location tracking | Hacker News](https://news.ycombinator.com/item?id=26610705) [New 5G protocol vulnerabilities allow location tracking](https://therecord.media/new-5g-protocol-vulnerabilities-allow-location-tracking) [Kind of a Wifi attack that isn't Evil Twin : AskNetsec](https://old.reddit.com/r/AskNetsec/comments/uw3ymp/kind_of_a_wifi_attack_that_isnt_evil_twin) [WiFi without internet on a Southwest flight | Hacker News](https://news.ycombinator.com/item?id=37691232) [Wifi without internet on a Southwest flight - james vaughan](https://jamesbvaughan.com/southwest-wifi/) [Millions Of Xiongmai Video Surveillance Devices Can Be Hacked Via Cloud Feature (Xmeye P2p Cloud)](https://sec-consult.com/blog/detail/millions-of-xiongmai-video-surveillance-devices-can-be-hacked-via-cloud-feature-xmeye-p2p-cloud) - ALSO IN PORTS PAGE [Some remotely exploitable Linux kernel WiFi vulnerabilities | Hacker News](https://news.ycombinator.com/item?id=33200171) [Some remotely exploitable kernel WiFi vulnerabilities [LWN.net]](https://lwn.net/Articles/911062/) [Wi-Fi jamming to knock out cameras suspected in nine Minnesota burglaries | Hacker News](https://news.ycombinator.com/item?id=39360050) [Wi-Fi jamming to knock out cameras suspected in nine Minnesota burglaries -- smart security systems vulnerable as tech becomes cheaper and easier to acquire | Tom's Hardware](https://www.tomshardware.com/networking/wi-fi-jamming-to-knock-out-cameras-suspected-in-nine-minnesota-burglaries-smart-security-systems-vulnerable-as-tech-becomes-cheaper-and-easier-to-acquire) [Crooks can take over your video doorbell by pushing a button @ AskWoody](https://www.askwoody.com/2024/crooks-can-take-over-your-video-doorbell-by-pushing-a-button/) [The Pumpkin Eclipse | Hacker News](https://news.ycombinator.com/item?id=40525130) [The Pumpkin Eclipse - Lumen](https://blog.lumen.com/the-pumpkin-eclipse/) [AirPods fast connect security vulnerability | Hacker News](https://news.ycombinator.com/item?id=40832223) [Do a firmware update for your AirPods – now – Jonas’ Blog](https://blogs.gnome.org/jdressler/2024/06/26/do-a-firmware-update-for-your-airpods-now/) [341: 1337: Part 1 - explain xkcd](https://www.explainxkcd.com/wiki/index.php/341:_1337:_Part_1) [342: 1337: Part 2 - explain xkcd](https://www.explainxkcd.com/wiki/index.php/342:_1337:_Part_2) [343: 1337: Part 3 - explain xkcd](https://www.explainxkcd.com/wiki/index.php/343:_1337:_Part_3) [344: 1337: Part 4 - explain xkcd](https://www.explainxkcd.com/wiki/index.php/344:_1337:_Part_4) [345: 1337: Part 5 - explain xkcd](https://www.explainxkcd.com/wiki/index.php/345:_1337:_Part_5) [WIFI Hacking on the go! : hacking](https://old.reddit.com/r/hacking/comments/vrvqk0/wifi_hacking_on_the_go) [FragAttacks: new security vulnerabilities that affect wi-fi devices | Hacker News](https://news.ycombinator.com/item?id=27121918) [FragAttacks: Security flaws in all Wi-Fi devices](https://www.fragattacks.com/) [Walmart router, others on Amazon, eBay have hidden backdoors to control devices | Hacker News](https://news.ycombinator.com/item?id=25186843) [Chinese routers with backdoors sold in Walmart, Amazon & eBay | Cybernews](https://cybernews.com/security/walmart-exclusive-routers-others-made-in-china-contain-backdoors-to-control-devices/) [w00tsec: ARRIS Cable Modem has a Backdoor in the Backdoor](https://w00tsec.blogspot.com/2015/11/arris-cable-modem-has-backdoor-in.html) ## hacking types - worms [Morris worm - Wikipedia](https://en.wikipedia.org/wiki/Morris_worm) ## hacking types - zero-click ['Zero-Click' Hacks Are Growing in Popularity. There's Practically No Way to Stop Them](https://www.bqprime.com/technology/-zero-click-hacks-by-nso-group-and-others-growing-in-popularity) [Potential drive-by 0-click 0-day on chrome : AskNetsec](https://old.reddit.com/r/AskNetsec/comments/t7vt2g/potential_driveby_0click_0day_on_chrome) ## hacking types - zero-day [Google finds 18 zero-day vulnerabilities in Samsung Exynos chipsets : cybersecurity](https://old.reddit.com/r/cybersecurity/comments/11tq0q3/google_finds_18_zeroday_vulnerabilities_in/) ["Expert" hackers used 11 0-days to infect Windows, iOS, and Android users | Ars Technica](https://arstechnica.com/information-technology/2021/03/expert-hackers-used-11-zerodays-to-infect-windows-ios-and-android-users) [Critical Zero-Day Vulnerability in Citrix NetScaler ADC and NetScaler Gateway](https://old.reddit.com/r/netsec/comments/15g7j5u/critical_zeroday_vulnerability_in_citrix/) ## hacktivism [GitHub - transient-jonas/awesome-hacktivism: A curated list about Hacktivism.](https://github.com/transient-jonas/awesome-hacktivism) ## ip address schemes [Tech CEO sentenced to 5 years in IP address scheme | Hacker News](https://news.ycombinator.com/item?id=37917597) [Tech CEO Sentenced to 5 Years in IP Address Scheme - Krebs on Security](https://krebsonsecurity.com/2023/10/tech-ceo-sentenced-to-5-years-in-ip-address-scheme/) ## ip listening [SNItch overview](http://snitch.arpa2.net) ## metasploit [Metasploit 2 Insight : HowToHack](https://old.reddit.com/r/HowToHack/comments/116f552/metasploit_2_insight) ## mobile surveillance [Mobile Surveillance Trailers : videosurveillance](https://old.reddit.com/r/videosurveillance/comments/13qrayg/mobile_surveillance_trailers/) ## notable data leaks [38TB of data accidentally exposed by Microsoft AI researchers | Hacker News](https://news.ycombinator.com/item?id=37556605) [38TB of data accidentally exposed by Microsoft AI researchers | Wiz Blog](https://www.wiz.io/blog/38-terabytes-of-private-data-accidentally-exposed-by-microsoft-ai-researchers) [How to own an airline in 3 easy steps and grab the TSA nofly list along the way | Hacker News](https://news.ycombinator.com/item?id=34446673) [how to completely own an airline in 3 easy steps](https://maia.crimew.gay/posts/how-to-hack-an-airline/) [U.S. 'No Fly List' Leaks After Being Left in an Unsecured Airline Server](https://www.vice.com/en/article/93a4p5/us-no-fly-list-leaks-after-being-left-in-an-unsecured-airline-server) ["I'm selling data of 400M Twitter users that was scraped via a vulnerability" | Hacker News](https://news.ycombinator.com/item?id=34125843) [Twitter Data Breach +400 million users | BreachForums](https://web.archive.org/web/20221224171620/https://breached.vc/Thread-Selling-Twitter-Data-Breach-400-million-users) [Names of Canada truck convoy donors leaked after reported hack | Hacker News](https://news.ycombinator.com/item?id=30334094) [Names of Canada truck convoy donors leaked after reported hack | Reuters](https://web.archive.org/web/20230808012403/https://www.reuters.com/world/us/leak-site-says-it-has-been-given-list-canada-truck-convoy-donors-after-reported-2022-02-14/) ## notable hackers [DEV-0537 targeting organizations for data exfiltration and destruction | Hacker News](https://news.ycombinator.com/item?id=30774406) [DEV-0537 criminal actor targeting organizations for data exfiltration and destruction | Microsoft Security Blog](https://www.microsoft.com/en-us/security/blog/2022/03/22/dev-0537-criminal-actor-targeting-organizations-for-data-exfiltration-and-destruction/) [North Korean campaign targeting security researchers | Hacker News](https://news.ycombinator.com/item?id=37420831) [Active North Korean campaign targeting security researchers](https://blog.google/threat-analysis-group/active-north-korean-campaign-targeting-security-researchers/) [He escaped the dark web's biggest bust. Now he's back | Ars Technica](https://arstechnica.com/tech-policy/2021/09/he-escaped-the-dark-webs-biggest-bust-now-hes-back) [North Korea hacked him, so he took down its internet | Hacker News](https://news.ycombinator.com/item?id=30180566) [North Korea Hacked Him. So He Took Down Its Internet | WIRED](https://www.wired.com/story/north-korea-hacker-internet-outage/) [A Saudi woman's iPhone revealed hacking around the world | Hacker News](https://news.ycombinator.com/item?id=30393530) [Insight: How a Saudi woman's iPhone revealed hacking around the world | Reuters](https://web.archive.org/web/20231011234511/https://www.reuters.com/technology/how-saudi-womans-iphone-revealed-hacking-around-world-2022-02-17/) [John Oliver's Data Privacy Stunt, and Why You Should Support It. : IntellectualDarkWeb](https://old.reddit.com/r/IntellectualDarkWeb/comments/u1c9qr/john_olivers_data_privacy_stunt_and_why_you) [Mastermind Behind iSpoof Scam Site Jailed For 13 Years | ZeroHedge](https://www.zerohedge.com/technology/mastermind-behind-ispoof-scam-site-jailed-13-years) ## pentesting community [/r/blackhat](https://www.reddit.com/r/blackhat/) hackers on steroid [Hackster.io - The community dedicated to learning hardware.](https://www.hackster.io/) projects and stuff! [Sinisterly](https://sinister.ly/) [Demon Forums Advanced Hacking](https://demonforums.net/Forum-Advanced-Hacking) [HACKCRAZE The Hacking & Security Forum](https://hackcraze.com/) [Cracking Forums](https://cracking.org/) [Crackia - Cracking Forum | Best cracking forums and community](https://crackia.com/) [Cracking Portal | Cracking Begins | Best Cracking Forum](https://crackingportal.com/) [howtohack sub sidebar](https://www.reddit.com/r/HowToHack/) [hackerthreads.org - Index page](https://www.hackerthreads.org/) ## pentesting for kids [How can i support my son ? : HowToHack](https://old.reddit.com/r/HowToHack/comments/x0vfs8/how_can_i_support_my_son) ## pentesting newsletters [Darknet](https://www.darknet.org.uk/) latest hacking tools, hacker news, cybersecurity best practices, ethical hacking & pen-testing. ## port scanning [List of well-known web sites that port scan their visitors](https://www.bleepingcomputer.com/news/security/list-of-well-known-web-sites-that-port-scan-their-visitors/) ## preinstalled malware [Potentially millions of Android TVs and phones come with malware preinstalled | Hacker News](https://news.ycombinator.com/item?id=36020431) [Potentially millions of Android TVs and phones come with malware preinstalled | Ars Technica](https://arstechnica.com/information-technology/2023/05/potentially-millions-of-android-tvs-and-phones-come-with-malware-preinstalled/) ## questionable legality [German developer guilty of 'hacking' for exposing hardcoded credentials in app | Hacker News](https://news.ycombinator.com/item?id=39046838) [Yellow Flag: "German law is making security …" - Infosec Exchange](https://infosec.exchange/@WPalant/111776937550399546) ## ransomware leaks [After Boeing declines to pay up, ransomware group leaks 45 GB of data | Hacker News](https://news.ycombinator.com/item?id=38352484) [After Boeing declines to pay up, ransomware group leaks 45 GB of data](https://www.itbrew.com/stories/2023/11/17/after-boeing-declines-to-pay-up-ransomware-group-leaks-45-gb-of-data) ## red teaming [Vincent Yiu/RedTips](https://github.com/vysec/RedTips) Red Team Tips [DiabloHorn](https://diablohorn.com/2015/09/04/discovering-the-secrets-of-a-pageant-minidump/) (2015) Discovering the secrets of a pageant minidump ## scraping data [I Attended This Hacker Conference and All I Got Was All the Data on Your Hard Drive](https://www.popsci.com/gear-gadgets/article/2005-04/i-attended-hacker-conference-and-all-i-got-was-all-data-your-hard-drive) ## scripting languages [Perl/Python/Ruby - SecTools Top Network Security Tools](https://sectools.org/tool/perl-python) ## spam calls [ELI5 what actually happens with a spam call and no one is in the other line, only a few clicks or beeps? : explainlikeimfive](https://old.reddit.com/r/explainlikeimfive/comments/wvvc4j/eli5_what_actually_happens_with_a_spam_call_and) ## threat intelligence [The Black Box of GitHub Leaks: Analyzing Companies' GitHub Repos](https://socradar.io/the-black-box-of-github-leaks-analyzing-companies-github-repos/) ## vulnerabilities [900 Sites, 125M accounts, 1 Vulnerability | Hacker News](https://news.ycombinator.com/item?id=39742422) [900 Sites, 125 million accounts, 1 vulnerability - env.fail](https://env.fail/posts/firewreck-1/) [The disclose.io Project | Open-source tools for a healthy Internet Immune System.](https://disclose.io/) ## vulnerability scanner [Is There A Tool For Scanning All Near Devices And Discover What Network They Are Connected To : hacking](https://old.reddit.com/r/hacking/comments/pfqxt8/is_there_a_tool_for_scanning_all_near_devices_and) ## certifications_ocsp [OSCP-Exam-Report-Template-Markdown](https://github.com/noraj/OSCP-Exam-Report-Template-Markdown) [GitHub - mohitkhemchandani/OSCP_BIBLE: This is a collection of resources, scripts, bookmarks, writeups, notes, cheatsheets that will help you in OSCP Preparation as well as for general pentesting and learning. If you feel like you can contribute in it. Please do that, I'll appreciate you.](https://github.com/mohitkhemchandani/OSCP_BIBLE) [GitHub - 0x4D31/awesome-oscp: A curated list of awesome OSCP resources](https://github.com/0x4D31/awesome-oscp) [OSCP Cheatsheet](https://medium.com/oscp-cheatsheet/oscp-cheatsheet-6c80b9fa8d7e) [The Journey to Try Harder: TJnull's Preparation Guide for PWK/OSCP | NetSec Focus](https://www.netsecfocus.com/oscp/2019/03/29/The_Journey_to_Try_Harder-_TJNulls_Preparation_Guide_for_PWK_OSCP.html) [OSCPRepo](https://github.com/rewardone/OSCPRepo) a list of resources and scripts in preparation for the OSCP. [Offensive Security Bookmarks](https://jivoi.github.io/2015/07/03/offensive-security-bookmarks/) security bookmarks collection, all things that author need to pass OSCP. ## certifications [CompTIA Security+](http://comptia.org/certifications/security) [Matt G's Road to CCIE](https://sites.google.com/site/mattgsccie/Home) [Offensive Security](https://www.offensive-security.com/) true performance-based penetration testing training for over a decade. [Offensive Security Certifications](https://www.offensive-security.com/courses-and-certifications/) (paid) [Are these certifications industry recognized by most employers? : HowToHack](https://old.reddit.com/r/HowToHack/comments/yb0atj/are_these_certifications_industry_recognized_by) [GitHub - dhn/OSEE: Collection of resources for my preparation to take the OSEE certification.](https://github.com/dhn/OSEE) ## certifications - Pentest [PenTest+ (Plus) Certification | CompTIA IT Certifications](https://www.comptia.org/certifications/pentest) [Dave - One Education](https://www.oneeducation.org.uk/members/davestucky-tech/course/#learning) - CompTIA pentest+ course ## ethical hacking - certifications [Certified Ethical Hacker](http://eccouncil.org/programs/certified-ethical-hacker-ceh) [EC-Council Certifications | Best Cybersecurity Courses & Training](https://www.eccouncil.org) [Which certificates are good for finding work as an ethical hacker? : hacking](https://old.reddit.com/r/hacking/comments/plqqkd/which_certificates_are_good_for_finding_work_as) ## ethical hacking [GitHub - The-Art-of-Hacking/h4cker: This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking, bug bounties, digital forensics and incident response (DFIR), artificial intelligence security, vulnerability research, exploit development, reverse engineering, and more.](https://github.com/The-Art-of-Hacking/h4cker) includes thousands of cybersecurity-related references and resources. [Websploit](https://websploit.h4cker.org/) single vm lab with the purpose of combining several vulnerable appliations in one environment. [Cybersecurity Laws & Regulations - IPOhub](https://www.ipohub.org/cybersecurity-laws-regulations) ## hacking types [10 Types of Web Vulnerabilities that are Often Missed - Detectify Labs](https://labs.detectify.com/2021/09/30/10-types-web-vulnerabilities-often-missed) [8 Types of Cyber Attacks So Basic You Just Might Miss Them | Cybersecurity | CompTIA](https://www.comptia.org/blog/types-of-cyber-attacks) [GitHub - RhinoSecurityLabs/CVEs: A collection of proof-of-concept exploit scripts written by the team at Rhino Security Labs for various CVEs.](https://github.com/RhinoSecurityLabs/CVEs) ## pentesting [A pentester gets root - step by step example | Hacker News](https://news.ycombinator.com/item?id=30405959) [HTB - DevOops](https://kaizoku.dev/htb-devoops) [Hacking, Spyware & The Internet of Things : AskNetsec](https://old.reddit.com/r/AskNetsec/comments/tkgi5l/hacking_spyware_the_internet_of_things) [How To Become A Hacker , Eric Steven Raymond (revision 1.23 , 27 oct 2003)](http://vadeker.net/articles/hacker-howto.html) [How To Become A Hacker](http://www.catb.org/esr/faqs/hacker-howto.html) if you want to be a hacker, keep reading. [catb](http://www.catb.org/esr/) the personal site of eric s. raymond [The Jargon File](http://catb.org/esr/jargon/html/index.html) [GitHub - nijithneo/InfoSecLibrary: Welcome to InfoSecLibrary - Your comprehensive resource hub for cybersecurity enthusiasts! Explore a curated collection of PDFs covering penetration testing, network security, ethical hacking, and more. Enhance your knowledge in the ever-evolving world of information security.](https://github.com/nijithneo/InfoSecLibrary) [Best YouTube Channels To Learn Hacking!](https://azidsecurity.blogspot.com/2018/07/best-youtube-channels-to-learn-hacking.html) [Phrozen](https://www.phrozen.io/) Programming Guides [The Penetration Testing Execution Standard](http://www.pentest-standard.org/index.php/Main_Page) the penetration testing execution standard. [GitHub - enaqx/awesome-pentest: A collection of awesome penetration testing resources, tools and other shiny things](https://github.com/enaqx/awesome-pentest) Penetration Testing Index [Penetration-Testing](https://github.com/wtsxDev/Penetration-Testing) Penetration Testing Resources [Pentest Bookmarks](https://github.com/jhaddix/pentest-bookmarks) there are a LOT of pentesting blogs. [Beginner-Network-Pentesting](https://github.com/hmaverickadams/Beginner-Network-Pentesting) notes for beginner network pentesting course. [pentest-wiki](https://github.com/nixawk/pentest-wiki) is a free online security knowledge library for pentesters/researchers. [Guifre Ruiz Notes](https://guif.re/) collection of security, system, network and pentest cheatsheets. [GitHub - carpedm20/awesome-hacking: A curated list of awesome Hacking tutorials, tools and resources](https://github.com/carpedm20/awesome-hacking) a curated list of awesome hacking tutorials, tools and resources. [GitHub - Hack-with-GitHub/Awesome-Hacking: A collection of various awesome lists for hackers, pentesters and security researchers](https://github.com/Hack-with-GitHub/Awesome-Hacking) awesome lists for hackers, pentesters and security researchers. [Awesome-Hacking](https://github.com/Hack-with-GitHub/Awesome-Hacking/blob/master/README.md) [vitalysim/Awesome-Hacking-Resources: A collection of hacking/penetration testing resources to make you better!](https://github.com/vitalysim/awesome-hacking-resources) collection of hacking/penetration testing resources to make you better. [GitHub - laxa/HackingTools: Exhaustive list of hacking tools](https://github.com/laxa/HackingTools) [GitHub - bL34cHig0/Pentest-Resources-Cheat-Sheets: This repository contains a curated list of websites and repositories featuring pentest & red-team resources such as cheatsheets, write-ups, tools, techniques, programming/scripting notes, and more. I documented them in this repo to provide like-minded offensive security enthusiasts and professionals easy access to these valuable resources.](https://github.com/bL34cHig0/Pentest-Resources-Cheat-Sheets) [PENTESTING-BIBLE](https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE) hacking & penetration testing & red team & cyber security resources. [A-poc/RedTeam-Tools: Tools and Techniques for Red Team / Penetration Testing](https://github.com/A-poc/RedTeam-Tools) [GitHub - bluscreenofjeff/Red-Team-Infrastructure-Wiki: Wiki to collect Red Team infrastructure hardening resources](https://github.com/bluscreenofjeff/Red-Team-Infrastructure-Wiki) [Red Team Ops](https://training.zeropointsecurity.co.uk/courses/red-team-ops) (paid) [marcosValle/awesome-windows-red-team: A curated list of awesome Windows frameworks, libraries, software and resources for Red Teams](https://github.com/marcosValle/awesome-windows-red-team) [GitHub - kurogai/100-redteam-projects: Projects for security students](https://github.com/kurogai/100-redteam-projects) [hacker-roadmap | A collection of hacking tools, resources and references to practice ethical hacking.](https://sundowndev.github.io/hacker-roadmap/) [GitHub - x86trace/Hacking-101: Most Extenisve Hacking Resources List](https://github.com/x86trace/Hacking-101) [From Zero to your first Penetration Test | by Cristian Cornea | Medium](https://corneacristian.medium.com/from-zero-to-your-first-penetration-test-7479bce3a5) [Boost Your Career with Infosec: Resources, Training & Certification Prep | Infosec](https://resources.infosecinstitute.com/) [Cybersecurity Training & Certifications | Infosec Institute](https://www.infosecinstitute.com/) InfoSec [HackThis!](https://www.hackthis.co.uk/levels/) discover how hacks, dumps and defacements are performed and secure your website. [0x00sec](https://0x00sec.org/) the home of the Hacker Malware, Reverse Engineering, and Computer Science. [How to start hacking? The ultimate two path guide to information security. : hacking](https://old.reddit.com/r/hacking/comments/a3oicn/how_to_start_hacking_the_ultimate_two_path_guide) [Pentester Academy: Learn Pentesting Online](https://www.pentesteracademy.com/) [GitHub - Brute-f0rce/Resources: Resources for Cyber Security](https://github.com/Brute-f0rce/Resources) [kaiiyer/Cyber-Christmas: A curated list of resources for Cyber Professionals](https://github.com/kaiiyer/Cyber-Christmas) [Free sources for Hacking (Posting my comment that had so many upvotes) : hacking](https://old.reddit.com/r/hacking/comments/qkflf0/free_sources_for_hacking_posting_my_comment_that) [README - Pentester's Promiscuous Notebook](https://ppn.snovvcrash.rocks/) [HackTricks - HackTricks](https://book.hacktricks.xyz/welcome/readme) [Home | Hacker101](https://www.hacker101.com/) is a free class for web security. [hacker101](https://github.com/Hacker0x01/hacker101) [Awesome Hacking - Awesome Hacking 0.1 documentation](https://awesomehacking.org/) [Hacker Test: A site to test and learn about web hacking](https://www.hackertest.net/) [HBH: Learn how hackers break in, and how to keep them out.](https://hbh.sh/home) [A Roadmap for Becoming a Penetration Tester in 2023 - IT Security Guru](https://www.itsecurityguru.org/2023/05/31/a-roadmap-for-becoming-a-penetration-tester-in-2023) ## pentesting - ethical hacking [Practical Ethical Hacking - The Complete Course | TCM Security, Inc.](https://academy.tcm-sec.com/p/practical-ethical-hacking-the-complete-course) [Practical-Ethical-Hacking-Resources - compilation of resources from TCM's Udemy Course](https://github.com/Gr1mmie/Practical-Ethical-Hacking-Resources) [all courses](https://academy.tcm-sec.com/courses) [TCM Security](https://tcm-sec.com/) Entry level courses for cybersecurity. [So You Want to Be a Hacker: 2022 Edition - TCM Security](https://tcm-sec.com/so-you-want-to-be-a-hacker-2022-edition/) [Linux 101 | TCM Security, Inc.](https://academy.tcm-sec.com/p/linux-101) (paid) [Practical ethical hacking](https://www.udemy.com/course/practical-ethical-hacking/) [2024 FREE Ethical Hacking Training | Online Free Hacking Course | Mast](https://masterofproject.com/p/ethical-hacking-overview) [GitHub - husnainfareed/awesome-ethical-hacking-resources: Awesome list about all kinds of resources for learning Ethical Hacking and Penetration Testing.](https://github.com/husnainfareed/awesome-ethical-hacking-resources) [GitHub - lisus18ikrak/be-a-hacker: it content free resources including courses that help you to learn ethical hacking for beginners to advanced](https://github.com/lisus18ikrak/be-a-hacker) [Ethical Hacking Tutorials](https://www.hacking-tutorial.com/) [GitHub - MLSAKIIT/ETHICAL-HACKING: Notes and Resources for beginners in Ethical-Hacking and Cyber Security Field.](https://github.com/MLSAKIIT/ETHICAL-HACKING) [Learn Ethical Hacking and Cyber Security | Insecure Lab](https://www.insecure.in/) ## red teaming [yeyintminthuhtut/Awesome-Red-Teaming](https://github.com/yeyintminthuhtut/Awesome-Red-Teaming) List of Awesome Red Team / Red Teaming Resources [Computer Science Department at FSU](https://www.cs.fsu.edu/~redwood/OffensiveComputerSecurity/lectures.html) Offensive Computer Security Course with Lecture / Videos / Slides / Reading [European Cyber Security Challenge](https://ecsc.eu/) ## security assessments and metrics [Daniel Miessler](https://danielmiessler.com/study/information-security-metrics/) An Information Security Metrics Primer [Daniel Miessler](https://danielmiessler.com/study/security-assessment-types/) (2017) Information Security Assessment Types [Daniel Miessler](https://danielmiessler.com/study/multi-dimensional-vulnerability-hierarchies/) Multi-dimensional Vulnerability Hierarchies ## wargames and ctf [pwnable.kr](http://pwnable.kr/index.php) non-commercial wargame site which provides various pwn challenges. [Pwnable.tw](https://pwnable.tw/) is a wargame site for hackers to test and expand their binary exploiting skills. ## white vs black hat [What are White Hat, Black Hat, and Red Hat Hackers? Different Types of Hacking Explained](https://www.freecodecamp.org/news/white-hat-black-hat-red-hat-hackers) ## brick a device [How to Brick a Roku TV 101: hacking](https://old.reddit.com/r/hacking/comments/pqtelg/how_to_brick_a_roku_tv_101) ## bug bounties [HolyTips](https://github.com/HolyBugx/HolyTips) tips and tutorials on Bug Bounty Hunting and Web App Security. [GitHub - nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters: A list of resources for those interested in getting started in bug bounties](https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters) [GitHub - xalgord/Massive-Web-Application-Penetration-Testing-Bug-Bounty-Notes](https://github.com/xalgord/Massive-Web-Application-Penetration-Testing-Bug-Bounty-Notes) [GitHub - x86trace/BugBounty: Bug Bounty Programs + Platforms + Books + Guide + Reports](https://github.com/x86trace/BugBounty) [Awesome Bug Bounty](https://github.com/djadmin/awesome-bug-bounty) Bug Bounty Resources a comprehensive curated list of available Bug Bounty. [bug-bounty-reference](https://github.com/ngalongc/bug-bounty-reference) a list of bug bounty write-ups. [Bug bounty writeups](https://pentester.land/list-of-bug-bounty-writeups.html) list of bug bounty writeups (2012-2020). [Awesome-Bugbounty-Writeups](https://github.com/devanshbatham/Awesome-Bugbounty-Writeups) is a curated list of bugbounty writeups. [GitHub - slowmist/awesome-blockchain-bug-bounty: A comprehensive curated list of available Blockchain Bug Bounty Programs.](https://github.com/slowmist/awesome-blockchain-bug-bounty) [SlowMist Zone - Blockchain Ecosystem Security Zone](https://slowmist.io/) ## car hacking [GitHub - jaredthecoder/awesome-vehicle-security: A curated list of resources for learning about vehicle security and car hacking.](https://github.com/jaredthecoder/awesome-vehicle-security) ## ci-cd [Yaniv Yehuda](https://devops.com/7-highly-effective-continuous-delivery-principles/) 7 Highly Effective Continuous Delivery Principles [Automatic Software](https://automic.com/resources/tco-assessment-tools/devops-maturity-assessment) DevOps Maturity model assessment : Where are you on your DevOps journey? [ciandcd/awesome-ciandcd](https://github.com/ciandcd/awesome-ciandcd) list of resources about Continuous Integration and Continuous Delivery [GitHub - cytopia/awesome-ci: Awesome Continuous Integration - Lot's of tools for git, file and static source code analysis.](https://github.com/cytopia/awesome-ci) ## ci-cd pipeline hacking [gitoops/blog.md at main · ovotech/gitoops · GitHub](https://github.com/ovotech/gitoops/blob/main/docs/blog.md) CI/CD ## clone id cards [Cloning ID cards : HowToHack](https://old.reddit.com/r/HowToHack/comments/p6tj7y/cloning_id_cards) ## ctf [apsdehal/awesome-ctf: A curated list of CTF frameworks, libraries, resources and softwares](https://github.com/apsdehal/awesome-ctf) [shell-storm repo CTF](http://shell-storm.org/repo/CTF/) great archive of CTFs. [My-CTF-Web-Challenges](https://github.com/orangetw/My-CTF-Web-Challenges) collection of CTF Web challenges. [ctf](https://github.com/bl4de/ctf) CTF (Capture The Flag) writeups, code snippets, notes, scripts. [50M_CTF_Writeup](https://github.com/manoelt/50M_CTF_Writeup) $50 million CTF from Hackerone writeup. [ctf-tasks](https://github.com/j00ru/ctf-tasks) an archive of low-level CTF challenges developed over the years. [RingZer0](https://ringzer0ctf.com/) tons of challenges designed to test and improve your hacking skills. [RingZer0 CTF](https://ringzer0ctf.com/challenges) offers you tons of challenges designed to test and improve your hacking skills. [docfate111's cybersecclub roadmap](https://docfate111.github.io/cybersecclub/roadmap.html) [SmashTheStack Wargaming Network](https://www.smashthestack.org/) ## edr bypass [tkmru/awesome-edr-bypass: Awesome EDR Bypass Resources For Ethical Hacking](https://github.com/tkmru/awesome-edr-bypass) ## hacking labs - crypto attacks [Cryptopals](https://cryptopals.com/) the cryptopals crypto challenges. ## hacking labs - ctf [Pico CTF](https://picoctf.org/) is a free computer security game targeted at middle and high school students. hack by playing [EchoCTF](https://echoctf.red/) Train your offensive and defensive skills. [Over the Wire](https://overthewire.org/wargames/) Security concepts via challenges. capture the flag practise games can help you to learn and practice security concepts in the form of fun-filled games. Wargaming site for learning security concepts. wargames [OverTheWire: Bandit](https://overthewire.org/wargames/bandit/) [Overthewire.org | Hacker News](https://news.ycombinator.com/item?id=37281745) [Command Line Hacking - Over The Wire Bandit Walkthrough (CTF Wargame) - YouTube](https://www.youtube.com/watch?v=9ReSHQihuZw) Wargames : help you to learn and practice security concepts in the form of fun-filled games ## hacking labs - vulnerable apps [GitHub - kaiiyer/awesome-vulnerable: A curated list of VULNERABLE APPS and SYSTEMS which can be used as PENETRATION TESTING PRACTICE LAB.](https://github.com/kaiiyer/awesome-vulnerable) [GitHub - vavkamil/awesome-vulnerable-apps: Awesome Vulnerable Applications](https://github.com/vavkamil/awesome-vulnerable-apps) [GitHub - stamparm/DSVW: Damn Small Vulnerable Web](https://github.com/stamparm/DSVW) is a deliberately vulnerable web application written in under 100 lines of code. [GitHub - appsecco/dvna: Damn Vulnerable NodeJS Application](https://github.com/appsecco/dvna) damn vulnerable NodeJS application. [CloudGoat 2: The “Vulnerable by Design” AWS Deployment Tool](https://rhinosecuritylabs.com/aws/introducing-cloudgoat-2/) [AllSafe](https://github.com/t0thkr1s/allsafe) Intentionally vulnerable Android application [GitHub - digininja/DVWA: Damn Vulnerable Web Application (DVWA)](https://github.com/digininja/DVWA) [prateek147/DVIA-v2: Damn Vulnerable iOS App (DVIA) is an iOS application that is damn vulnerable. Its main goal is to provide a platform to mobile security enthusiasts/professionals or students to test their iOS penetration testing skills in a legal environment. This project is developed and maintained by @prateekg147. The vulnerabilities and solutions covered in this app are tested up to iOS 11. The current version is writen in Swift and has the following vulnerabilities.](https://github.com/prateek147/DVIA-v2) ## hacking labs - vulnerable sites [awesome-cyber-skills](https://github.com/joe-shenouda/awesome-cyber-skills) a curated list of hacking environments where you can train your cyber skills. [metasploitable3](https://github.com/rapid7/metasploitable3) is a VM that is built from the ground up with a large amount of security vulnerabilities. [metasploitable2](https://metasploit.help.rapid7.com/docs/metasploitable-2) vulnerable web application amongst security researchers. [Nexpose: Vulnerability Scanner & Software | Rapid7](https://www.rapid7.com/products/nexpose) [Rapid7 Labs Open Data](https://opendata.rapid7.com/) is a great resources of datasets from Project Sonar. [Vulnerability & Exploit Database](https://www.rapid7.com/db) [hackazon](https://github.com/rapid7/hackazon) a modern vulnerable web app. [Rapid7 have decided to close public access to their Open Data internet research, a fantastic resource for passive domain reconnaissance/OSINT : hacking](https://old.reddit.com/r/hacking/comments/sq2b1d/rapid7_have_decided_to_close_public_access_to) [OWASP Mutillidae II](https://sourceforge.net/projects/mutillidae/) free, open source, deliberately vulnerable web-application. [OWASP Juice Shop Project](https://www.owasp.org/index.php/OWASP_Juice_Shop_Project) the most bug-free vulnerable application in existence. [juicy-ctf](https://github.com/iteratec/juicy-ctf) run Capture the Flags and Security Trainings with OWASP Juice Shop. [Vuln Machines](https://www.vulnmachines.com/) Real world scenarios to practice. ## hacking types - 0-day [zero day guide](https://0xboku.com/2021/09/14/0dayappsecBeginnerGuide.html) ## hacking types - bruteforcing [Password Cracking 101 - How Hackers Get Your Passwords - TipTopSecurity](https://tiptopsecurity.com/password-cracking-101-how-hackers-get-your-passwords#bruteforce) ## hacking types - buffer overflow [What is a Buffer Overflow Attack - and How to Stop it](https://www.freecodecamp.org/news/buffer-overflow-attacks) ## hacking types - csrf [Cross Site Request Forgery - What is a CSRF Attack and How to Prevent It](https://www.freecodecamp.org/news/what-is-cross-site-request-forgery) ## hacking types - ddos [How to Protect Against DDoS Attacks](https://www.freecodecamp.org/news/protect-against-ddos-attacks) ## hacking types - dns rebinding [DNS Rebinding Attacks Explained - Daniel Miessler](https://danielmiessler.com/blog/dns-rebinding-explained) ## hacking types - hash collisions [Hash collisions](https://github.com/corkami/collisions) this great repository is focused on hash collisions exploitation. [GitHub - corkami/collisions: Hash collisions and exploitations - a tool which can manipulate hash quines: crypto](https://www.reddit.com/r/crypto/comments/12ocsin/github_corkamicollisions_hash_collisions_and) ## hacking types - heap spraying [Heap spraying - Wikipedia](https://en.wikipedia.org/wiki/Heap_spraying) ## hacking types [Hacking the Cloud](https://hackingthe.cloud/) Encyclopedia of the attacks/tactics/techniques that offensive security professionals can use on cloud exploitation (#AWS, #Azure, #GoogleCloud, #Terraform,) [Web hacking techniques of 2021 | Hacker News](https://news.ycombinator.com/item?id=30284022) [Top 10 web hacking techniques of 2021 | PortSwigger Research](https://portswigger.net/research/top-10-web-hacking-techniques-of-2021) [GitHub - sammwyy/ows: The online-with-security project is a small cyber security manuscript for the prevention of computer attacks.](https://github.com/sammwyy/ows) ## hacking types - owasp top ten [Can you eli5 what exactly the top 10 owasp vulnerabilities are?: cybersecurity](https://www.reddit.com/r/cybersecurity/comments/10z110j/can_you_eli5_what_exactly_the_top_10_owasp) [OWASP Top Ten | OWASP Foundation](https://owasp.org/www-project-top-ten/) [The OWASP Top 10 - A Technical Deep-Dive into Web Security](https://www.freecodecamp.org/news/technical-dive-into-owasp) [OWASP Top 10: Real-World Examples](https://medium.com/@cxosmo/owasp-top-10-real-world-examples-part-1-a540c4ea2df5) test your web apps with real-world examples (two-part series). [Enigma Group WebApp Training](https://www.enigmagroup.org/#) these challenges cover the exploits listed in the OWASP Top 10 Project. [OWASP dependency-check](https://jeremylong.github.io/DependencyCheck/index.html) is an open source solution the OWASP Top 10 2013 entry. [OWASP Node js Goat Project](https://www.owasp.org/index.php/Projects/OWASP_Node_js_Goat_Project) oWASP Top 10 security risks apply to web apps developed using Node.js. [KONTRA](https://application.security/) application security training (OWASP Top Web & Api). [OWASP Web Security Testing Guide | OWASP Foundation](https://owasp.org/www-project-web-security-testing-guide/) [OWASP Testing Guide v4](https://www.owasp.org/index.php/OWASP_Testing_Project) includes a "best practice" penetration testing framework. [OWASP Dev Guide](https://github.com/OWASP/DevGuide) this is the development version of the OWASP Developer Guide. [OWASP API Security Project](https://www.owasp.org/index.php/OWASP_API_Security_Project) focuses specifically on the top ten vulnerabilities in API security. [OWASP Wiki](https://www.owasp.org/index.php/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide) OWASP Secure coding practices ## hacking types - reverse engineering [GitHub mytechnotalent/Reverse-Engineering: A FREE comprehensive reverse engineering tutorial covering x86, x64, 32-bit ARM & 64-bit ARM architectures.](https://github.com/mytechnotalent/reverse-engineering-tutorial) [linux-re-101](https://github.com/michalmalik/linux-re-101) a collection of resources for linux reverse engineering. [reverseengineering-reading-list](https://github.com/onethawt/reverseengineering-reading-list) a list of Reverse Engineering articles, books, and papers. [Reverse engineering guide for beginners: Methodology and tools | Hacker News](https://news.ycombinator.com/item?id=14537506) [RE guide for beginners: Methodology and tools - Reverse Engineering - 0x00sec - The Home of the Hacker](https://0x00sec.org/t/re-guide-for-beginners-methodology-and-tools/2242) [Reverse Engineering Challenges](https://challenges.re/) challenges, exercises, problems and tasks by level, by type, and more. [Crackmes](https://crackmes.one/) download crackmes to help improve your reverse engineering skills. [Reverse Engineering for Everyone | Hacker News](https://news.ycombinator.com/item?id=41069256) [Introduction · Reverse Engineering](https://0xinfection.github.io/reversing/) ## hacking types - salami slicing scam [Salim Kara stole $2M in coins with a magnet and a car antenna (2022) | Hacker News](https://news.ycombinator.com/item?id=38839652) [What Is A Salami Slicing Scam? Examples of Salami Slicing Scams](https://www.nofreelunch.co.uk/blog/what-is-salami-slicing-scam/) ## hacking types - side-channel attack [GoFetch: New side-channel attack using data memory-dependent prefetchers | Hacker News](https://news.ycombinator.com/item?id=39779195) [GoFetch](https://gofetch.fail/) ## hacking types - sim swapping [How to Protect Yourself Against SIM Swapping Attacks](https://www.freecodecamp.org/news/protect-yourself-against-sim-swapping-attacks) ## hacking types - sql injection [SQL Injection Tutorial - What is SQL Injection and How to Prevent it](https://www.freecodecamp.org/news/what-is-sql-injection-how-to-prevent-it) ## hacking types - ss7 attack [What is an SS7 attack and how does it work? : AskNetsec](https://old.reddit.com/r/AskNetsec/comments/s0t5za/what_is_an_ss7_attack_and_how_does_it_work) ## hacking types - ssrf [SSRF Tips](http://blog.safebuff.com/2016/07/03/SSRF-Tips/index.html) a collection of SSRF Tips. ## hacking types - supply chain attack [What Is a Supply Chain Attack?](https://www.wired.com/story/hacker-lexicon-what-is-a-supply-chain-attack/) ## hacking types - sybil attack [Sybil attack - Wikipedia](https://en.wikipedia.org/wiki/Sybil_attack) ## hacking types - tabnabbing [What is Tabnabbing and How to Prevent it](https://www.freecodecamp.org/news/what-is-tabnabbing/) ## hacking types - timing attack [Timing attack - Wikipedia](https://en.wikipedia.org/wiki/Timing_attack) ## hacking types - web cache poisoning [Practical Web Cache Poisoning](https://portswigger.net/blog/practical-web-cache-poisoning) show you how to compromise websites by using esoteric web features. ## hacking types - wireless hacking [GitHub - W00t3k/Awesome-Cellular-Hacking: Awesome-Cellular-Hacking](https://github.com/W00t3k/Awesome-Cellular-Hacking) ## history [How to Do Things at ARL](http://ftp.arl.army.mil/~mike/howto/) how to configure modems, scan images, record CD-ROMs, and other. [Things Every Hacker Once Knew (2017) | Hacker News](https://news.ycombinator.com/item?id=37701117) [Things Every Hacker Once Knew](http://www.catb.org/~esr/faqs/things-every-hacker-once-knew/) ## ios pentesting [iOS Pentesting 101 | Cobalt Blog](https://cobalt.io/blog/ios-pentesting-101) ## legality [If I was to spread a virus over the internet but it was harmless, is that illegal? : hacking](https://old.reddit.com/r/hacking/comments/srpdwt/if_i_was_to_spread_a_virus_over_the_internet_but) ## metasploit [Spy On Windows Machines Using Metasploit | by Jamie Pegg | Medium](https://jamiepegg.medium.com/spy-on-windows-machines-using-metasploit-758dbf72bb90) [Metasploit for Beginners — A Guide to the Powerful Exploitation Framework](https://www.freecodecamp.org/news/learn-metasploit-for-beginners/) ## network hacking [How does an entire network get compromised after one device is infected? : hacking](https://old.reddit.com/r/hacking/comments/rt7k6y/how_does_an_entire_network_get_compromised_after) ## pentesting neural networks [HackingNeuralNetworks](https://github.com/Kayzaks/HackingNeuralNetworks) is a small course on exploiting and defending neural networks. ## rtc hacking [GitHub - EnableSecurity/awesome-rtc-hacking: a list of awesome resources related to security and hacking of VoIP, WebRTC and VoLTE](https://github.com/EnableSecurity/awesome-rtc-hacking) ## threat hunting [ThreatHunter-Playbook](https://github.com/Cyb3rWard0g/ThreatHunter-Playbook) to aid the development of techniques and hypothesis for hunting campaigns. ## vulnerability research [GitHub - sergey-pronin/Awesome-Vulnerability-Research: A curated list of the awesome resources about the Vulnerability Research](https://github.com/sergey-pronin/Awesome-Vulnerability-Research) [Exploit Education :: Andrew Griffiths' Exploit Education](https://exploit.education/) ## web hacking [infoslack/awesome-web-hacking: A list of web application security](https://github.com/infoslack/awesome-web-hacking) ## xss [Brute XSS](https://brutelogic.com.br/blog/) master the art of Cross Site Scripting. [AwesomeXSS](https://github.com/s0md3v/AwesomeXSS) is a collection of Awesome XSS resources. [Security Basics: XSS Explained. I'm sure you've heard of XSS… | by Andrew Long | The Startup | Sep, 2020 | Medium](https://medium.com/swlh/security-basics-xss-explained-3ade8071aaa1) [XSS Game - Learning XSS Made Simple! | Created by PwnFunction](https://xss.pwnfunction.com/)