🚀 resources

Table of Contents

Collection of some great resources to become a Pentester / Red Teamer. Keep these resources handy if you are preparing for certifications like OSCP, eCPPT, CRTP, CRTO etc.

Note: 💲 means paid resources.

Enumeration

• Introduction To Pentesting - Enumeration - HackerSploit

• Ethical Hacking Practical - Enumeration - Semi Yulianto

Network Pentesting

• Beginner Network Penetration Testing - Heath Adams (The Cyber Mentor)

• https://book.hacktricks.xyz/pentesting/pentesting-network

• Network Penetration Testing for Beginners - FreeCodeCamp

Web Applications Pentesting

• https://owasp.org/www-project-web-security-testing-guide/latest/

• https://owasp.org/www-project-top-ten/

• Web Application Ethical Hacking - Penetration Testing Course for Beginners - FreeCodeCamp, Heath Adams (The Cyber Mentor)

Buffer Overflows

• Buffer Overflows Made Easy (2022 Edition) - Heath Adams (The Cyber Mentor)

• Running a Buffer Overflow Attack - Computerphile

Buffer Overflow Labs

• https://github.com/Gallopsled/pwntools-tutorial

• http://overthewire.org/wargames/narnia/

• https://tryhackme.com/room/bufferoverflowprep

• https://tryhackme.com/room/brainpan

• https://tryhackme.com/room/brainstorm

• https://tryhackme.com/room/bof1

• Sneaky (Medium) - Machine, Walkthrough

• Enterprise (Medium) - Machine, Walkthrough

• October (Medium) - Machine, Walkthrough

• Jail (Insane) - 💲 Machine, Walkthrough

• Node (Medium) - 💲 Machine, Walkthrough

Metasploit Usage

• Metasploit Minute - Hak5

• Metasploit For Beginners - HackerSploit

• Metasploit - David Bombal

• Complete Metasploit System Hacking Tutorial! - Joseph Delgadillo

• https://karol-mazurek95.medium.com/solid-metasploit-b1e043470b8c

• https://www.offensive-security.com/metasploit-unleashed/meterpreter-basics/

Active Directory Pentesting

• Active Directory Basics

• Active Directory Pentesting

• Active Directory Pentesting - Red Team - I.T & Security

• Building Home AD Lab - Conda

• Attacking Active Directory - Conda

• https://www.hackingarticles.in/red-teaming/

• https://www.ired.team

• https://zer1t0.gitlab.io/posts/attacking_ad/

• https://adsecurity.org/

• https://book.hacktricks.xyz/windows/active-directory-methodology

• https://github.com/S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet

• https://github.com/infosecn1nja/AD-Attack-Defense

Active Directory Labs

• Forest (Easy) - 💲 Machine, Walkthrough

• Active (Easy) - 💲 Machine, Walkthrough

• Fuse (Medium) - 💲 Machine, Walkthrough

• Cascade (Medium) - 💲 Machine, Walkthrough

• Monteverde (Medium) - 💲 Machine, Walkthrough

• Resolute (Medium) - 💲 Machine, Walkthrough

• Arkham (Medium)- 💲 Machine, Walkthrough

• Mantis (Hard) - 💲 Machine, Walkthrough

• APT (Insane) - 💲 Machine, Walkthrough

• https://tryhackme.com/room/activedirectorybasics

• https://tryhackme.com/room/postexploit

• https://tryhackme.com/room/vulnnetroasted

• https://tryhackme.com/room/attacktivedirectory

• https://tryhackme.com/room/raz0rblack

• https://tryhackme.com/room/enterprise

• https://tryhackme.com/room/vulnnetactive

• 💲 https://tryhackme.com/room/zer0logon

• 💲 https://tryhackme.com/room/hololive

• 💲 https://tryhackme.com/network/throwback

Password Cracking & Brute Forcing

• Password Cracking With John The Ripper - RAR/ZIP & Linux Passwords - HackerSploit

• Password cracking with Kali Linux and HashCat - NetworkChuck

Exploit Development

• https://github.com/gh0x0st/Buffer_Overflow

• https://www.youtube.com/watch?v=yJF0YPd8lDw

• https://hex-men.tech/vulnserver_buffer_overflow/

• https://www.ired.team/offensive-security/code-injection-process-injection/binary-exploitation/64-bit-stack-based-buffer-overflow

• https://www.coalfire.com/the-coalfire-blog/september-2020/the-basics-of-exploit-development-5-x86-64-buffer

Exploition & Post-Exploition

• Ethical Hacking Practical - Exploitation - Semi Yulianto

• Ethical Hacking Practical - Automated Exploitation - Semi Yulianto

• Ethical Hacking Practical - Post Exploitation - Semi Yulianto

• https://github.com/mubix/post-exploitation-wiki

• https://pentestlab.blog/category/post-exploitation/

Privilege Escalation

• Windows Local Privilege Escalation - Sagi Shahar

• Privilege Escalation - Conda

• 💲 https://academy.tcm-sec.com/p/windows-privilege-escalation-for-beginners

• 💲 https://academy.tcm-sec.com/p/linux-privilege-escalation

• 💲 https://www.udemy.com/course/windows-privilege-escalation/

• 💲 https://www.udemy.com/course/linux-privilege-escalation/

• https://book.hacktricks.xyz/windows/windows-local-privilege-escalation

• https://book.hacktricks.xyz/linux-unix/privilege-escalation

Privilege Escalation Labs

• https://tryhackme.com/room/linuxprivesc

• https://tryhackme.com/room/windows10privesc

Lateral Movement

• https://www.ired.team/offensive-security/lateral-movement

• https://riccardoancarani.github.io/2019-10-04-lateral-movement-megaprimer/

• https://kjohn333.gitbook.io/offsec-journey/active-directory/lateral-movement

• https://pentestlab.blog/2020/07/21/lateral-movement-services/

• https://cheats.philkeeble.com/active-directory/lateral-movement

Pivoting

• https://posts.specterops.io/offensive-security-guide-to-ssh-tunnels-and-proxies-b525cbd4d4c6

• https://systemweakness.com/the-shades-of-tunneling-a8b6ce1d7fed

• https://www.saintlad.com/nmap-with-proxychains/

• https://nullsweep.com/pivot-cheatsheet-for-pentesters/

• https://gitbook.seguranca-informatica.pt/cheat-sheet-1/stuff/pivoting

• Port Forwarding and Tunneling - Network Pivoting - Motasem Hamdan

• https://www.hackingarticles.in/port-forwarding-tunnelling-cheatsheet/

• https://book.hacktricks.xyz/tunneling-and-port-forwarding

• https://sushant747.gitbooks.io/total-oscp-guide/content/port_forwarding_and_tunneling.html

• https://medium.com/axon-technologies/how-to-implement-pivoting-and-relaying-techniques-using-meterpreter-b6f5ec666795

• https://www.onmsft.com/how-to/how-to-configure-port-forwarding-on-a-windows-10-pc

Courses

• Ethical Hacking in 12 Hours - Heath Adams (The Cyber Mentor)

• 💲 Practical Ethical Hacking - Heath Adams (The Cyber Mentor)

• 💲 Windows Privilege Escalation for OSCP & Beyond! - Tib3rius

• 💲 Windows Privilege Escalation for Beginners - Heath Adams (The Cyber Mentor)

• 💲 Linux Privilege Escalation for OSCP & Beyond! - Tib3rius

• 💲 Linux Privilege Escalation for Beginners - Heath Adams (The Cyber Mentor)

• 💲 Movement, Pivoting, and Persistence For Pentesters and Ethical Hackers - Joe Helle

• 💲 Active Directory Pentesting Full Course - Red Team Hacking - Security Gurus

Books

• 💲 Penetration Testing: A Hands-On Introduction to Hacking - Georgia Weidman

• 💲 The Hacker Playbook 3: Practical Guide To Penetration Testing - Peter Kim

Free Labs to Practice

• Attack-Defense - https://attackdefense.com
• Alert to win - https://alf.nu/alert1
• Bancocn - https://bancocn.com
• CTF Komodo Security - https://ctf.komodosec.com
• CryptoHack - https://cryptohack.org/
• CMD Challenge - https://cmdchallenge.com
• Explotation Education - https://exploit.education
• Google CTF - https://capturetheflag.withgoogle.com
• HackTheBox - https://www.hackthebox.com
• Hackthis - https://www.hackthis.co.uk
• Hacksplaining - https://www.hacksplaining.com/lessons
• Hacker101 - https://ctf.hacker101.com
• Hacker Security - https://capturetheflag.com.br
• Hacking-Lab - https://hacking-lab.com/
• HSTRIKE - https://hstrike.com
• ImmersiveLabs - https://immersivelabs.com
• NewbieContest - https://www.newbiecontest.org
• OverTheWire - http://overthewire.org
• Practical Pentest Labs - https://practicalpentestlabs.com
• Pentestlab - https://pentesterlab.com
• Hackaflag BR - https://hackaflag.com.br/
• Penetration Testing Practice Labs - https://www.amanhardikar.com/mindmaps/Practice.html
• PentestIT LAB - https://lab.pentestit.ru
• PicoCTF - https://picoctf.com
• PWNABLE - https://pwnable.kr/play.php
• Root-Me - https://www.root-me.org
• Root in Jail - http://rootinjail.com
• SANS Challenger - https://www.holidayhackchallenge.com/2021/
• SmashTheStack - http://www.smashthestack.org/wargames.html
• The Cryptopals Crypto Challenges - https://cryptopals.com
• Try Hack Me - https://tryhackme.com
• Vulnhub - https://www.vulnhub.com
• W3Challs - https://w3challs.com
• WeChall - http://www.wechall.net
• Zenk-Security - https://www.zenk-security.com
• Cyberdefenders - https://cyberdefenders.org/blueteam-ctf-challenges/
• LetsDefend- https://letsdefend.io/