sábado, 29 de agosto de 2020

Learning Resources For Hacking And Pentesting


In this article, I'm going to provide you a list of resources which I have found very useful. I don't remember all of them from top of my head so I might miss some. This list will be updated on usual basis. Hope you'll find some good stuff to learn. If you have got suggestions leave them down below in the comments section.

Free Hands on Labs:

1. Hack The Box - live machines to hack your way around. Besides boxes they have awesome challenges and great labs to try out.
2. TryHackMe - great way to learn pentesting while doing it. Lots of machines to hack and lots of ground to cover.
3. Portswigger Web Security Academy - learn web application pentesting.

Free Training (Mostly Introductory stuff):

1. Tenable University - training and certification on Nessus etc.
2. Palo Alto Networks - Palo Alto Networks offers an abundance of resources to prepare for there certifications. The training is free but the exams cost.
3. Open P-TECH - has an introductory course on Cybersecurity Fundamentals.
4. IBM Security Learning Academy - has many courses but focused on IBM security services and 
products.
5. Cisco Networking Academy - not all courses are free but Introduction to Cybersecurity and Cybersecurity Essentials are free.
6. AWS Training and Certification - has some free cloud security training courses.
7. Metasploit Unleashed - Free Online Ethical Hacking Course - Offensive Security's free online course on metasploit.
8. Coursera and Edx - you already know about them.

Blogs:

1. HackTricks - This is simply an awesome blog just visit it and you'll fall in love.
2. pentestmonkey - I visit it most of the time for one-liner reverse shells they are awesome.

Writeups:

1. 0xdf

YouTube:

1. ippsec - an awesome YouTube channel with tons of information in every video. New video comes out weekly as soon as the machine on hackthebox expires. https://ippsec.rocks for video searching
2. xct - short walkthroughs on hackthebox machines.
3. Cristi Vlad - advice and content on pentesting and python.
4. LiveOverflow - reverse engineering on steroids.
5. SANS Pen Test Training - SANS institute webinars and talks.
6. VbScrub - great pentesting videos.
7. BinaryAdventure - great pentesting and reverse engineering videos.
8. GynvaelEN - great videos and talks about CTFs and pentesting.

GitHub Repos:

1. PayloadsAllTheThings - heaven of hackers.
2. Pentest Monkey - reverse shells and more.

Related articles


  1. Github Hacking Tools
  2. Hack Tools For Windows
  3. Hackrf Tools
  4. Hacking Tools Free Download
  5. Hacker Tools List
  6. Easy Hack Tools
  7. Termux Hacking Tools 2019
  8. Pentest Tools Windows
  9. Easy Hack Tools
  10. Hacking Tools 2019
  11. Hacking Tools For Windows Free Download
  12. Hack Tools 2019
  13. Kik Hack Tools
  14. Hack Tools For Mac
  15. Pentest Tools Port Scanner
  16. Hacking Tools For Beginners
  17. Pentest Tools Website Vulnerability
  18. Hacker Security Tools
  19. Hacking Tools Windows
  20. Best Pentesting Tools 2018
  21. Pentest Tools Subdomain
  22. Hacker Tool Kit
  23. What Is Hacking Tools
  24. Pentest Tools
  25. Tools 4 Hack
  26. Hacker Tools For Mac
  27. Tools For Hacker
  28. Hacker Tools Software
  29. Hacker Techniques Tools And Incident Handling
  30. Pentest Tools For Android
  31. Hack Tools Mac
  32. Hak5 Tools
  33. Free Pentest Tools For Windows
  34. Pentest Tools Url Fuzzer
  35. Pentest Tools
  36. What Is Hacking Tools
  37. Hacker Tools Mac
  38. Pentest Tools Bluekeep
  39. Pentest Tools Review
  40. Pentest Tools Apk
  41. Hacker Tools Windows
  42. Hacker Tool Kit
  43. Hacker Tool Kit
  44. Hacker
  45. Blackhat Hacker Tools
  46. Hacking Tools For Beginners
  47. Pentest Tools List
  48. New Hacker Tools
  49. Hack Tools For Ubuntu
  50. Hacking Tools For Kali Linux
  51. Pentest Tools List
  52. Hack Tools For Pc
  53. Hacking Tools Hardware
  54. Hackers Toolbox
  55. Hack And Tools
  56. Pentest Tools For Android
  57. Hacker Tools Online
  58. Pentest Tools Apk
  59. Hacker Tools Mac
  60. Wifi Hacker Tools For Windows
  61. Pentest Tools Find Subdomains
  62. Hacking Tools Hardware
  63. Hacking Tools For Windows 7
  64. Pentest Tools Subdomain
  65. Hacking Tools For Games
  66. Hacker Hardware Tools
  67. Pentest Tools For Ubuntu
  68. Hack Tools 2019
  69. Pentest Tools Download
  70. Hack Tools For Pc
  71. Hak5 Tools
  72. Kik Hack Tools
  73. Hack Tools For Ubuntu
  74. Pentest Tools List
  75. Pentest Box Tools Download
  76. Ethical Hacker Tools
  77. Hacking Apps
  78. Hackers Toolbox
  79. Hacking Tools For Windows Free Download
  80. Hacker Tools For Pc
  81. Hacker Tools Hardware
  82. Hacker Tools
  83. Hacker Tools Linux
  84. Hack Tools
  85. Blackhat Hacker Tools
  86. Pentest Tools Linux
  87. Hacking Tools And Software
  88. Hacker Tools For Mac
  89. Hacking App
  90. Hacking Tools Name
  91. Hacking Tools For Windows Free Download
  92. Hacker
  93. Hack Tools
  94. Hacker Tools Free
  95. Pentest Tools Apk
  96. Hack Tools Mac
  97. Hacking Tools For Mac
  98. Hacker Tools Mac
  99. Tools 4 Hack
  100. Hacking Tools Download
  101. Hacking Apps
  102. Hack Tools Online
  103. Hacker Tools Free Download
  104. Physical Pentest Tools
  105. Computer Hacker
  106. World No 1 Hacker Software
  107. Hack Tools For Games
  108. New Hacker Tools
  109. Pentest Tools Bluekeep
  110. Hacking Tools Online
  111. Hacking Tools Name
  112. How To Make Hacking Tools
  113. Tools For Hacker
  114. Hacker Tools Online
  115. Android Hack Tools Github
  116. New Hacker Tools
  117. Hacker Tools
  118. Hacker Tools 2020
  119. Pentest Tools Framework
  120. Hackers Toolbox
  121. Pentest Tools For Windows
  122. Pentest Tools For Android
  123. Pentest Tools Framework
  124. New Hack Tools
  125. Hack Website Online Tool
  126. Pentest Tools Bluekeep
  127. Hack Tool Apk
  128. How To Install Pentest Tools In Ubuntu
  129. Install Pentest Tools Ubuntu
  130. Hacker Tools
  131. Hacking Tools Usb
  132. Hacker Tools 2020
  133. Hacking Tools For Windows 7
  134. Game Hacking
  135. Hack Tool Apk No Root
  136. Hak5 Tools
  137. Hacker Search Tools
  138. Nsa Hacker Tools
  139. Blackhat Hacker Tools
  140. Hacker Tools 2020
  141. Pentest Tools Tcp Port Scanner
  142. Hacker Tools Free Download
  143. Underground Hacker Sites
  144. Pentest Box Tools Download
  145. Kik Hack Tools
  146. Install Pentest Tools Ubuntu
  147. Hackrf Tools
  148. Hacking Tools Github
  149. Tools Used For Hacking
  150. Pentest Tools Bluekeep
  151. Termux Hacking Tools 2019
  152. Black Hat Hacker Tools
  153. Pentest Tools Android
  154. Hacking Tools Windows 10
  155. Nsa Hack Tools
  156. Blackhat Hacker Tools
  157. Pentest Tools Android
  158. Best Hacking Tools 2019
  159. Pentest Tools Apk
  160. Hack Tools For Games
  161. Hacking Tools Pc
  162. Pentest Box Tools Download
  163. Hak5 Tools
  164. Wifi Hacker Tools For Windows
  165. Hacks And Tools
  166. Hacker Tools Hardware
  167. Pentest Tools Port Scanner
  168. Hacker Tools Windows
  169. Pentest Tools Nmap
  170. Tools For Hacker
  171. Hacker Search Tools

Wirelurker For OSX, iOS (Part I) And Windows (Part II) Samples


PART II

Wirelurker for Windows (WinLurker)

Research: Palo Alto Claud Xiao: Wirelurker for Windows

Sample credit: Claud Xiao



PART I


Research: Palo Alto Claud Xiao WIRELURKER: A New Era in iOS and OS X Malware

Palo Alto |Claud Xiao - blog post Wirelurker

Wirelurker Detector https://github.com/PaloAltoNetworks-BD/WireLurkerDetector


Sample credit: Claud Xiao


Download

Download Part I
Download Part II

Email me if you need the password




List of files
List of hashes 

Part II

s+«sìÜ 3.4.1.dmg 925cc497f207ec4dbcf8198a1b785dbd
apps.ipa 54d27da968c05d463ad3168285ec6097
WhatsAppMessenger 2.11.7.exe eca91fa7e7350a4d2880d341866adf35
使用说明.txt 3506a0c0199ed747b699ade765c0d0f8
libxml2.dll c86bebc3d50d7964378c15b27b1c2caa
libiconv-2_.dll 9c8170dc4a33631881120a467dc3e8f7
msvcr100.dll bf38660a9125935658cfa3e53fdc7d65
libz_.dll bd3d1f0a3eff8c4dd1e993f57185be75
mfc100u.dll f841f32ad816dbf130f10d86fab99b1a

zlib1.dll c7d4d685a0af2a09cbc21cb474358595


│   apps.ipa
│   σ╛«σìÜ 3.4.1.dmg

└───WhatsAppMessenger 2.11.7
            libiconv-2_.dll
            libxml2.dll
            libz_.dll
            mfc100u.dll
            msvcr100.dll
            WhatsAppMessenger 2.11.7.exe
            zlib1.dll
            使用说明.txt


Part I

BikeBaron 15e8728b410bfffde8d54651a6efd162
CleanApp c9841e34da270d94b35ae3f724160d5e
com.apple.MailServiceAgentHelper dca13b4ff64bcd6876c13bbb4a22f450
com.apple.appstore.PluginHelper c4264b9607a68de8b9bbbe30436f5f28
com.apple.appstore.plughelper.plist 94a933c449948514a3ce634663f9ccf8
com.apple.globalupdate.plist f92640bed6078075b508c9ffaa7f0a78
com.apple.globalupdate.plist f92640bed6078075b508c9ffaa7f0a78
com.apple.itunesupdate.plist 83317c311caa225b17ac14d3d504387d
com.apple.machook_damon.plist 6507f0c41663f6d08f497ab41893d8d9
com.apple.machook_damon.plist 6507f0c41663f6d08f497ab41893d8d9
com.apple.MailServiceAgentHelper.plist e6e6a7845b4e00806da7d5e264eed72b
com.apple.periodic-dd-mm-yy.plist bda470f4568dae8cb12344a346a181d9
com.apple.systemkeychain-helper.plist fd7b1215f03ed1221065ee4508d41de3
com.apple.watchproc.plist af772d9cca45a13ca323f90e7d874c2c
FontMap1.cfg 204b4836a9944d0f19d6df8af3c009d5
foundation 0ff51cd5fe0f88f02213d6612b007a45
globalupdate 9037cf29ed485dae11e22955724a00e7
globalupdate 9037cf29ed485dae11e22955724a00e7
itunesupdate a8dfbd54da805d3c52afc521ab7b354b
libcrypto.1.0.0.dylib 4c5384d667215098badb4e850890127b
libcrypto.1.0.0.dylib 3b533eeb80ee14191893e9a73c017445
libiconv.2.dylib 94f9882f5db1883e7295b44c440eb44c
libiconv.2.dylib fac8ef9dabdb92806ea9b1fde43ad746
libimobiledevice.4.dylib c596adb32c143430240abbf5aff02bc0
libimobiledevice.4.dylib 5b0412e19ec0af5ce375b8ab5a0bc5db
libiodb.dylib bc3aa0142fb15ea65de7833d65a70e36
liblzma.5.dylib 5bdfd2a20123e0893ef59bd813b24105
liblzma.5.dylib 9ebf9c0d25e418c8d0bed2a335aac8bf
libplist.2.dylib 903cbde833c91b197283698b2400fc9b
libplist.2.dylib 109a09389abef9a9388de08f7021b4cf
libssl.1.0.0.dylib 49b937c9ff30a68a0f663828be7ea704
libssl.1.0.0.dylib ab09435c0358b102a5d08f34aae3c244
libusbmuxd.2.dylib e8e0663c7c9d843e0030b15e59eb6f52
libusbmuxd.2.dylib 9efb552097cf4a408ea3bab4aa2bc957
libxml2.2.dylib 34f14463f28d11bd0299f0d7a3985718
libxml2.2.dylib 95506f9240efb416443fcd6d82a024b9
libz.1.dylib 28ef588ba7919f751ae40719cf5cffc6
libz.1.dylib f2b19c7a58e303f0a159a44d08c6df63
libzip.2.dylib 2a42736c8eae3a4915bced2c6df50397
machook 5b43df4fac4cac52412126a6c604853c
machook ecb429951985837513fdf854e49d0682
periodicdate aa6fe189baa355a65e6aafac1e765f41
pphelper 2b79534f22a89f73d4bb45848659b59b
sfbase.dylib bc3aa0142fb15ea65de7833d65a70e36
sfbase.dylib bc3aa0142fb15ea65de7833d65a70e36
sfbase_v4000.dylib 582fcd682f0f520e95af1d0713639864
sfbase_v4001.dylib e40de392c613cd2f9e1e93c6ffd05246
start e3a61139735301b866d8d109d715f102
start e3a61139735301b866d8d109d715f102
start.sh 3fa4e5fec53dfc9fc88ced651aa858c6
stty5.11.pl dea26a823839b1b3a810d5e731d76aa2
stty5.11.pl dea26a823839b1b3a810d5e731d76aa2
systemkeychain-helper e03402006332a6e17c36e569178d2097
watch.sh 358c48414219fdbbbbcff90c97295dff
WatchProc a72fdbacfd5be14631437d0ab21ff960
7b9e685e89b8c7e11f554b05cdd6819a 7b9e685e89b8c7e11f554b05cdd6819a
update 93658b52b0f538c4f3e17fdf3860778c
start.sh 9adfd4344092826ca39bbc441a9eb96f

File listing

├───databases
│       foundation
├───dropped
│   ├───version_A
│   │   │   com.apple.globalupdate.plist
│   │   │   com.apple.machook_damon.plist
│   │   │   globalupdate
│   │   │   machook
│   │   │   sfbase.dylib
│   │   │   watch.sh
│   │   │
│   │   ├───dylib
│   │   │       libcrypto.1.0.0.dylib
│   │   │       libiconv.2.dylib
│   │   │       libimobiledevice.4.dylib
│   │   │       liblzma.5.dylib
│   │   │       libplist.2.dylib
│   │   │       libssl.1.0.0.dylib
│   │   │       libusbmuxd.2.dylib
│   │   │       libxml2.2.dylib
│   │   │       libz.1.dylib
│   │   │
│   │   ├───log
│   │   └───update
│   ├───version_B
│   │       com.apple.globalupdate.plist
│   │       com.apple.itunesupdate.plist
│   │       com.apple.machook_damon.plist
│   │       com.apple.watchproc.plist
│   │       globalupdate
│   │       itunesupdate
│   │       machook
│   │       start
│   │       WatchProc
│   │
│   └───version_C
│       │   com.apple.appstore.plughelper.plist
│       │   com.apple.appstore.PluginHelper
│       │   com.apple.MailServiceAgentHelper
│       │   com.apple.MailServiceAgentHelper.plist
│       │   com.apple.periodic-dd-mm-yy.plist
│       │   com.apple.systemkeychain-helper.plist
│       │   periodicdate
│       │   stty5.11.pl
│       │   systemkeychain-helper
│       │
│       └───manpath.d
│               libcrypto.1.0.0.dylib
│               libiconv.2.dylib
│               libimobiledevice.4.dylib
│               libiodb.dylib
│               liblzma.5.dylib
│               libplist.2.dylib
│               libssl.1.0.0.dylib
│               libusbmuxd.2.dylib
│               libxml2.2.dylib
│               libz.1.dylib
│               libzip.2.dylib
├───iOS
│       sfbase.dylib
│       sfbase_v4000.dylib
│       sfbase_v4001.dylib
│       start
│       stty5.11.pl
├───IPAs
│       7b9e685e89b8c7e11f554b05cdd6819a
│       pphelper
├───original
│       BikeBaron
│       CleanApp
│       FontMap1.cfg
│       start.sh
└───update
        start.sh
        update

More info