• Stars
    star
    5,478
  • Rank 7,508 (Top 0.2 %)
  • Language
    Python
  • Created over 4 years ago
  • Updated almost 2 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Compilation of Resources from TCM's Practical Ethical Hacking Udemy Course

Practical-Ethical-Hacking-Resources

Compilation of Resources from TCM's Udemy Course

General Links

Link to Website: https://www.thecybermentor.com/

Link to the course:

Link to discord server: https://discord.gg/EM6tqPZ

FAQ: https://github.com/hmaverickadams/Practical-Ethical-Hacking-FAQ

Note Keeping

Trilium: https://github.com/zadam/trilium

KeepNote: http://keepnote.org/

CherryTree: https://www.giuspen.com/cherrytree/

GreenShot: https://getgreenshot.org/downloads/

FlameShot: https://github.com/lupoDharkael/flameshot

OneNote: https://products.office.com/en-us/onenote/digital-note-taking-app?rtc=1

Joplin: https://github.com/laurent22/joplin

Networking Refresher

Seven Second Subnetting: https://www.youtube.com/watch?v=ZxAwQB8TZsM

Subnet Guide: https://drive.google.com/file/d/1ETKH31-E7G-7ntEOlWGZcDZWuukmeHFe/view

Setting up our Lab

VMware: https://www.vmware.com/products/workstation-player/workstation-player-evaluation.html

VirtualBox: https://www.virtualbox.org/wiki/Downloads

Kali Download: https://www.offensive-security.com/kali-linux-vm-vmware-virtualbox-image-download/

Official Offensive Security kali 2019.3 release: http://old.kali.org/kali-images/kali-2019.3/

Other Offical kali 2019 Releases: https://cdimage.kali.org/

Mid-Course Capstone

New Capstone boxes: https://drive.google.com/drive/folders/1VXEuyySgzsSo-MYmyCareTnJ5rAeVKeH

Old Capstone boxes: https://youtu.be/JZN3JhoAdWo

Linux Priv Esc course: https://academy.tcm-sec.com/p/windows-privilege-escalation-for-beginners

Windows Priv Esc Course: https://academy.tcm-sec.com/p/linux-privilege-escalation

Introduction to Exploit Development (Buffer Overflows)

Immunity Debugger: https://www.immunityinc.com/products/debugger/

Vulnserver: http://www.thegreycorner.com/p/vulnserver.html

Bad Chars: https://www.ins1gn1a.com/identifying-bad-characters/

Attacking Active Directory: Initial Attack Vectors

Top Five Ways I Got DA on Your Internal Network Before Lunch: https://adam-toscher.medium.com/top-five-ways-i-got-domain-admin-on-your-internal-network-before-lunch-2018-edition-82259ab73aaa

mitm6: https://blog.fox-it.com/2018/01/11/mitm6-compromising-ipv4-networks-via-ipv6/

Combining NTLM Relays and Kerberos Delegation: https://dirkjanm.io/worst-of-both-worlds-ntlm-relaying-and-kerberos-delegation/

Attacking Active Directory: Post-Compromise Enumeration

PowerView Cheat Sheet: https://gist.github.com/HarmJ0y/184f9822b195c52dd50c379ed3117993

Attacking Active Directory: Post-Compromise Attacks

Group Policy Pwnage: https://blog.rapid7.com/2016/07/27/pentesting-in-the-real-world-group-policy-pwnage/

Mimikatz: https://github.com/gentilkiwi/mimikatz

Active Directory Security Blog: https://adsecurity.org/

Harmj0y Blog: http://blog.harmj0y.net/

Pentester Academy Active Directory: https://www.pentesteracademy.com/activedirectorylab

Pentester Academy Red Team Labs: https://www.pentesteracademy.com/redteamlab

eLS PTX: https://www.elearnsecurity.com/course/penetration_testing_extreme/

Web Application Enumeration, Revisited

sumrecon: https://github.com/thatonetester/sumrecon

Testing the Top 10 Web Application Vulnerabilities

OWASP Top 10: https://owasp.org/www-pdf-archive/OWASP_Top_10-2017_%28en%29.pdf.pdf

OWASP Testing Checklist: https://github.com/tanprathan/OWASP-Testing-Checklist

OWASP Testing Guide: https://owasp.org/www-pdf-archive/OTGv4.pdf

Installing Docker on Kali: https://medium.com/@airman604/installing-docker-in-kali-linux-2017-1-fbaa4d1447fe

OWASP Juice Shop: https://github.com/bkimminich/juice-shop

OWASP A1-Injection: https://www.owasp.org/index.php/Top_10-2017_A1-Injection

OWASP A2-Broken Authentication: https://www.owasp.org/index.php/Top_10-2017_A2-Broken_Authentication

OWASP A3-Sensetive Data Exposure: https://www.owasp.org/index.php/Top_10-2017_A3-Sensitive_Data_Exposure

OWASP A4-XML External Entities: https://www.owasp.org/index.php/Top_10-2017_A4-XML_External_Entities_(XXE)

OWASP A5-Broken Access Control: https://www.owasp.org/index.php/Top_10-2017_A5-Broken_Access_Control

OWASP A6-Security Misconfigurations: https://www.owasp.org/index.php/Top_10-2017_A6-Security_Misconfiguration

OWASP A7-Cross Site Scripting: https://www.owasp.org/index.php/Top_10-2017_A7-Cross-Site_Scripting_(XSS)

DOM Based XSS: https://www.scip.ch/en/?labs.20171214

XSS Game: https://xss-game.appspot.com/

OWASP A8-Insecure Deserialization: https://www.owasp.org/index.php/Top_10-2017_A8-Insecure_Deserialization

OWASP A9-Using Components with Known Vulnerabilities: https://www.owasp.org/index.php/Top_10-2017_A9-Using_Components_with_Known_Vulnerabilities

OWASP A10-Insufficient Logging & Monitoring: https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A10-Insufficient_Logging%252526Monitoring.html

Legal Documents and Report Writing

Sample Pentest Report: https://github.com/hmaverickadams/TCM-Security-Sample-Pentest-Report

Tools

Pimpmykali

Hunter.io

theHarvester

breach-parse

Hashcat:

mitm6:

mimikatz:

sumrecon

Setting up Your AD Lab Using Azure

Building Free AD lab: https://medium.com/@kamran.bilgrami/ethical-hacking-lessons-building-free-active-directory-lab-in-azure-6c67a7eddd7f