Selected: IT Security Links
For a long time I wanted to write this post with a selection of useful links, since they very often ask this (I think many who are in this (and in other) sphere). Links are divided into categories.
OWASP is the largest web security portal. Information about all kinds of attacks, vectors, pentest guides and much more has been collected. On it you can make a separate selection of links:
- www.owasp.org/index.php/Top_10_2013-Top_10 - top 10 attacks on web applications in 2013
- https://www.owasp.org/index.php/Category:OWASP_Download - downloads. Usually, they go through the resource immediately - dir buster
- www.owasp.org/index.php/Web_Application_Penetration_Testing - Pentest guide. As PDF
- www.owasp.org/index.php/Testing_Checklist - Checklist (draft)
Sites with many different exploits (programs / techniques that automate the exploitation of vulnerabilities)
Many sites pay for vulnerabilities on their sites.
- blog.nibblesec.org/2011/10/no-more-free-bugs-initiatives.html - a list of BugBounty programs
- bugcrowd.com - a platform where you can put your site on a pentest (temporarily) or participate in this, receiving money for each bug. Now something has already passed about 30+ such pentest.
Site Vulnerability Collections
- xssed.com - a collection of mostly XSS vulnerabilities (the very first resource in this area)
- bugscollector.com - any vulnerabilities
Capture the flag
Safety competitions. The tasks of the participants either solve the tasks assigned to them, or hack & protect each other
- ctftime.org - a central site with a schedule of various CTFs in the world, team ratings, vraytapami, etc.
- pentestit.ru - Penetration Testing Laboratory. Also holds contests in CTF style. By the way, they will have to organize, on ZeroNights , his lab . Anyone can try their hand at breaking it :)
- www.aircrack-ng.org/doku.php?id=simple_wep_crack - hacking WEP
- www.aircrack-ng.org/doku.php?id=cracking_wpa - hacking WPA / WPA2 (password selection)
- habrahabr.ru/company/xakep/blog/143834 - hack WiFi via PIN codes
- habrahabr.ru/post/122553 - Password selection for WPA / WPA2 using a video card
Various Linux distributions, already stuffed with different tools for working in this field
Miscellaneous / WEB
- www.idontplaydarts.com/2012/06/encoding-web-shells-in-png-idat-chunks - create a png file with php code inside
- pastebin.com/3cznqi8P - create jpeg images with php code inside that save this php code after the imagecopyresized () and imagecopyresampled () functions
- www.exploit-db.com/wp-content/themes/exploit/docs/22763.pdf - guide to the pentest of sites on Joomla
- SQL injection guide: MySQL, MSSQL , Oracle SQL , PostgreSQL . Microsoft Access SQL , Ingres SQL , SQLite
Miscellaneous / Application Software
Miscellaneous / Training
- course.secsem.ru - special course "Modern cryptography" and "Application Security" (faculty of the VMK Moscow State University named after MV Lomonosov and Yandex)
- www.securitytube.net - video tutorials on hacking (almost any topic)
- oisd.sergeybelove.ru - my old lessons x) there are records on youtube
- www.offensive-security.com/metasploit-unleashed/Msfconsole_Commands - list of metasploit commands
- www.agarri.fr/docs/HiP2k13-Burp_Pro_Tips_and_Tricks.pdf - tips and tricks for using Burp Pro
- github.com/rapid7/metasploit-framework/wiki/Setting-Up-a-Metasploit-Development-Environment - environment setting for MetaSploit
Security mailing lists
Mailing about various vulnerabilities
Sites of conferences publishing presentations / recordings of reports of their speakers. There are so many interesting things that you can sit on them for a week.
- 2012.zeronights.org/materials & 2011.zeronights.org/materials
- PHDays. 2011 - seminars , master classes , business seminars ; 2012 - all presentations , recordings of reports ; 2013 - presentations , recordings of reports , recordings of reports in Russian
- 2013.confidence.org.pl/materials (and a year earlier)
Suggestions in the comments (especially about application software) are welcome!