Our Top 10 Pentest Resources
Every penetration tester has their own secret notebook detailing how they managed to pop up a machine via a newly discovered 0-day technique. They keep it safe and secure for no one to see just like Gollum from the Lord of the Rings!
Jokes aside, we pentesters, love our notes. We detail everything from full compromise write-ups, common tests and checklists for application assessments to step by step guides on how to obfuscate our payload so it will be undetected from Antivirus software. Unfortunately, this requires a lot of time to write and maintain.
Lucky for us the hacking community loves to share things on the Internet! Here is our top 10 list with our favourite public notebooks and cheat sheets:
- Hacktricks is the holy grail of cheat sheets and examples. Carlos Polop has done a fine job of supplying an easy-to-read gitbook with tons of information about various exploits, fuzzing and enumeration techniques on lots of different services. You have found a service and you don’t know where to start? Hacktricks has the answer.
- Payload all the things is another excellent resource for cheat sheets where we find ourselves visiting more than any other site. This GitHub repository has lots of examples and exploit techniques for just about anything roaming on the web. SSTI, SSRF, deserialization entry points, you name it. The name alone does not give the repo enough justice.
- ippsec.rocks is an amazing online search tool to lookup any technique used by “ippsec” in his videos. As a pentester, “Hack The Box” is an amazing resource to hone your skills, but trying to remember specific techniques and reading online articles can get frustrating. For visual-learning people like ourselves ippsec.rocks help to pinpoint certain techniques and referencing points in his fantastic videos.
- GTFObins is perfect for anything related to Linux binaries. After performing our privilege escalation enumeration and gaining our attack surface, GFTObins has the answer to almost every misconfigured binary out there. Simple UI and easy to use search bar help any pentester search for quick and easy answers.
- LOLBAS is GTFObins’s older brother for MS Windows binaries. The goal of the LOLBAS project is to document every binary, script, and library that can be used for “Living Off The Land” techniques (i.e. minimizing evidence left behind). LOLBAS has the same easy to use UI as GTFObins which we also like.
- Active Directory Cheat Sheet is a great cheat sheet by S1ckB0y for MS Windows Active Directory exploitation. The GitHub repo contains tools and exploitation techniques for local and domain privilege escalation as well as techniques for persistence and lateral movement within the AD network.
- Ired.team is a GitBook created by @spotheplanet to document common and uncommon attack techniques, to understand how the attacks and techniques can be executed and how they work. For anyone who wants to know how an exploit works “spotheplanet” goes into a lot of detail explaining the attack.
- MITRE ATT&CK framework is a knowledge base of adversary tactics and techniques used by threat actors. It is mainly used by cyber security analysts and threat intelligence operators to log attack patterns identified in the wild, but it can also be helpful to penetration testers and red teamers to learn and observe new techniques used by Advanced Persistent Threats (APTs).
- XSS Cheat Sheet by “Portswigger” is our go-to cheat sheet for anything related to XSS. It has an extremely simplified UI where the user can filter their XSS attack surface and get examples for exploiting the environment they are in.
- This would not be a valid top 10 list without the CyberMouflons Wiki Page. The “CyberMouflons” are a competitive CTF group that provides excellent resources for all major CTF categories, but this does not mean their resources do not apply to real-life scenarios. If you are like us and are always searching for new tricks, strategies, tools and resources to use for CTF challenges, the CYberMouflons Wiki Page has everything you need.