...is just that, a collection of handy bookmarks initially collected and stored on google code that has aid me in my day to day work or I find in the course of research. They are not all inclusive and some sections need to be parsed but they are all good reference materials. I find having this Hackery folder in Firefox an easy way to reference syntax, tricks, methods, and generally facilitate and organize research.
Opening it up to everyone will facilitate a knowledge transfer. Hopefully the initial set will grow and expand.
Initially started by Jason Haddix, Director of Penetration Testing at HP Fortify but I noticed that the project had been abandoned for some time so I (Kurobeats) figured I'd get the thing going again.
Work and contributions by:
David Shaw of Redspin Penetration Testing @ownpile
Rob Fuller of Rapid7 @mubix
Nathan Drier of Trustwave SpiderLabs division
James Fitts of Strategic Security
Anthony Cozamanis of Diamond Cyber Security (Linkedin)
First off, we need help. OCD organizational people and people who can contribute or sort out the best links. I've migrated the project from a Firefox bookmark html to a markdown page on github to allow for easy forking/collaboration.
Since this is a github repo, just fork, add and submit a pull request. If you're new to github, check out the process here.
Try to ensure your submissions are of high quality.
Forums:
Created for forums that will help in both tool usage, syntax, attack techniques, and collection of scripts and tools. Needs some help. I don't really frequent too many underground forums but I actually find nice one-off scripts and info I can roll into my own code in these places. Would like to add more.
Blogs Worth It:
What the title says. There are a LOT of pentesting blogs, these are the ones I monitor constantly and value in the actual day to day testing work.
OSINT Sites:
OSINT has become a hug part of the pentest methodology. From fueling social engineering, to passively profiling your target infrastructure. There are subfolders for Presentaions on how-to, sites for profiling people and organizations, ans sites for profiling technical assets.
Exploits and Advisories
Places to go for exploit descriptions, white-papers, and code.
Exploitation Intro
If you'd like to get into exploit development, these are really the guides and docs that will start you off in the right direction.
Agile Hacking
Mostly collections of guides on non-tool command line hacking syntax. Heavily inspired by Ed Skoudis and PDP of GNUCitizen.
Cheatsheets and fu!
Random cheatsheets for heavily used tools and reference.
*
nix <3
Collection of *
nix command line knowledge and distributions for pentesting.
Training/Classes
Open source classes relating to hacking and penetration testing.
Methodologies
Some practical and some high level methodologies for hacking related activities.
Labs
If you want to practice your fu, these links to test sites, blogs about practice, and lab setup-how to's will help.
Tools
Semi-parsed, nor has it really been inspected for relevancy.
Web Vectors
I do a lot of web stuff. Here are some web vectors and associated useful docs and cheatsheets on each of them. Could always use more in these sections.
Misc Sec
Not categorized, misc, and randomness.
MiTM
It's not even parsed yet, nor has it really been inspected for relevancy.
Hacker Media
Needs additions to main pages of con video archives.