# Practical-Ethical-Hacking-Resources Compilation of Resources from TCM's Udemy Course ### General Links Link to Website: https://www.thecybermentor.com/ Link to the course: * https://academy.tcm-sec.com/p/practical-ethical-hacking-the-complete-course (tcm academy) Link to discord server: https://discord.gg/EM6tqPZ FAQ: https://github.com/hmaverickadams/Practical-Ethical-Hacking-FAQ ### Note Keeping Trilium: https://github.com/zadam/trilium KeepNote: http://keepnote.org/ CherryTree: https://www.giuspen.com/cherrytree/ GreenShot: https://getgreenshot.org/downloads/ FlameShot: https://github.com/lupoDharkael/flameshot OneNote: https://products.office.com/en-us/onenote/digital-note-taking-app?rtc=1 Joplin: https://github.com/laurent22/joplin ### Networking Refresher Seven Second Subnetting: https://www.youtube.com/watch?v=ZxAwQB8TZsM Subnet Guide: https://drive.google.com/file/d/1ETKH31-E7G-7ntEOlWGZcDZWuukmeHFe/view ### Setting up our Lab VMware: https://www.vmware.com/products/workstation-player/workstation-player-evaluation.html VirtualBox: https://www.virtualbox.org/wiki/Downloads Kali Download: https://www.offensive-security.com/kali-linux-vm-vmware-virtualbox-image-download/ Official Offensive Security kali 2019.3 release: http://old.kali.org/kali-images/kali-2019.3/ Other Offical kali 2019 Releases: https://cdimage.kali.org/ ### Mid-Course Capstone New Capstone boxes: https://drive.google.com/drive/folders/1VXEuyySgzsSo-MYmyCareTnJ5rAeVKeH Old Capstone boxes: https://youtu.be/JZN3JhoAdWo Linux Priv Esc course: https://academy.tcm-sec.com/p/windows-privilege-escalation-for-beginners Windows Priv Esc Course: https://academy.tcm-sec.com/p/linux-privilege-escalation ### Introduction to Exploit Development (Buffer Overflows) Immunity Debugger: https://www.immunityinc.com/products/debugger/ Vulnserver: http://www.thegreycorner.com/p/vulnserver.html Bad Chars: https://www.ins1gn1a.com/identifying-bad-characters/ ### Attacking Active Directory: Initial Attack Vectors Top Five Ways I Got DA on Your Internal Network Before Lunch: https://adam-toscher.medium.com/top-five-ways-i-got-domain-admin-on-your-internal-network-before-lunch-2018-edition-82259ab73aaa mitm6: https://blog.fox-it.com/2018/01/11/mitm6-compromising-ipv4-networks-via-ipv6/ Combining NTLM Relays and Kerberos Delegation: https://dirkjanm.io/worst-of-both-worlds-ntlm-relaying-and-kerberos-delegation/ ### Attacking Active Directory: Post-Compromise Enumeration PowerView Cheat Sheet: https://gist.github.com/HarmJ0y/184f9822b195c52dd50c379ed3117993 ### Attacking Active Directory: Post-Compromise Attacks Group Policy Pwnage: https://blog.rapid7.com/2016/07/27/pentesting-in-the-real-world-group-policy-pwnage/ Mimikatz: https://github.com/gentilkiwi/mimikatz Active Directory Security Blog: https://adsecurity.org/ Harmj0y Blog: http://blog.harmj0y.net/ Pentester Academy Active Directory: https://www.pentesteracademy.com/activedirectorylab Pentester Academy Red Team Labs: https://www.pentesteracademy.com/redteamlab eLS PTX: https://www.elearnsecurity.com/course/penetration_testing_extreme/ ### Web Application Enumeration, Revisited sumrecon: https://github.com/thatonetester/sumrecon ### Testing the Top 10 Web Application Vulnerabilities OWASP Top 10: https://owasp.org/www-pdf-archive/OWASP_Top_10-2017_%28en%29.pdf.pdf OWASP Testing Checklist: https://github.com/tanprathan/OWASP-Testing-Checklist OWASP Testing Guide: https://owasp.org/www-pdf-archive/OTGv4.pdf Installing Docker on Kali: https://medium.com/@airman604/installing-docker-in-kali-linux-2017-1-fbaa4d1447fe OWASP Juice Shop: https://github.com/bkimminich/juice-shop OWASP A1-Injection: https://www.owasp.org/index.php/Top_10-2017_A1-Injection OWASP A2-Broken Authentication: https://www.owasp.org/index.php/Top_10-2017_A2-Broken_Authentication OWASP A3-Sensetive Data Exposure: https://www.owasp.org/index.php/Top_10-2017_A3-Sensitive_Data_Exposure OWASP A4-XML External Entities: https://www.owasp.org/index.php/Top_10-2017_A4-XML_External_Entities_(XXE) OWASP A5-Broken Access Control: https://www.owasp.org/index.php/Top_10-2017_A5-Broken_Access_Control OWASP A6-Security Misconfigurations: https://www.owasp.org/index.php/Top_10-2017_A6-Security_Misconfiguration OWASP A7-Cross Site Scripting: https://www.owasp.org/index.php/Top_10-2017_A7-Cross-Site_Scripting_(XSS) DOM Based XSS: https://www.scip.ch/en/?labs.20171214 XSS Game: https://xss-game.appspot.com/ OWASP A8-Insecure Deserialization: https://www.owasp.org/index.php/Top_10-2017_A8-Insecure_Deserialization OWASP A9-Using Components with Known Vulnerabilities: https://www.owasp.org/index.php/Top_10-2017_A9-Using_Components_with_Known_Vulnerabilities OWASP A10-Insufficient Logging & Monitoring: https://owasp.org/www-project-top-ten/OWASP_Top_Ten_2017/Top_10-2017_A10-Insufficient_Logging%252526Monitoring.html ### Legal Documents and Report Writing Sample Pentest Report: https://github.com/hmaverickadams/TCM-Security-Sample-Pentest-Report ## Tools #### Pimpmykali * Github: https://github.com/Dewalt-arch/pimpmykali #### Hunter.io * Site: https://hunter.io/ #### theHarvester * Github: https://github.com/laramies/theHarvester #### breach-parse * Github: https://github.com/hmaverickadams/breach-parse #### Hashcat: * Github: https://github.com/hashcat/hashcat * Installing on Windows: https://www.erobber.in/2017/04/hashcat-for-windows.html #### mitm6: * Github: https://github.com/fox-it/mitm6 #### mimikatz: * Github: https://github.com/gentilkiwi/mimikatz #### sumrecon * Github: https://github.com/thatonetester/sumrecon ### Setting up Your AD Lab Using Azure Building Free AD lab: https://medium.com/@kamran.bilgrami/ethical-hacking-lessons-building-free-active-directory-lab-in-azure-6c67a7eddd7f