My Bookmarks

Personal bookmarks and resources I want at my fingertips anywhere I go

INFOSEC, Hacking, Penetration Testing

• Hacksplaining - Concise explanations of common security problems for software developers.
• lolbas – Living off the Land Binaries and Scripts. Native tools included in Windows that can be used in a penetration test.
• gtfobins – Curated list of Unix binaries that can be exploited by an attacker to bypass local security restrictions. “Living off the land.”
• Openwall Wordlists – Wordlists for password cracking.
• Aperi’Solve - Online platform that performs layer analysis on images.
• CI/CD Goat Project - A deliberately vulnerable continuous integration, continuous delivery environment for hacking practice. Similar to OWASP Juice Shop, only for CI/CD pipelines.
• NTLM Relaying 101 - An NTLM relaying workshop and lab.
• Subdomain Enumeration via Archived TLS Certs

Information Technology - General

• Understanding SDDL Syntax - A great explainer of Windows Security Descriptor Definition Language published by the University of Washington (with permission from the Stanford author). A must-have if you’re examining security attributes of Windows artifacts, like services.
• “PAT or JK” ASCII Art Generator – ASCII Art for your /etc/motd
• Mind Maps by Aman Hardikar - Brain compasses for mental navigation of technical tasks
• cheat sheet filetype:pdf site:sans.org – Google search straight to all the SANS Institute PDF cheat sheets

OSCP Specific Resources

• Web Testing on OSCP - Common web testing tasks in the OSCP environment
• Pentesting Cheatsheet - Steers away from using Metasploit