O pessoal do securityaegis teve um ideia bem legal, criar um bookmarks com uma série de sites úteis para realização de penstests/Testes de intrusão. O arquivo de bookmarks é muito bem organizando. Deem uma olhada na categorização dele:
Created for forums that will help in both tool usage, syntax, attack techniques, and collection of scripts and tools. Needs some help. I don’t really frequent too many underground forums but i actually find nice one-off scripts and info i can roll into my own code in these places. Would like to add more.
Blogs Worth It:
What the title says. There are a LOT of pentesting blogs, these are the ones i monitor constantly and value in the actual day to day testing work.
OSINT has become a hug part of the pentest methodology. From fueling social engineering, to passively profiling your target infrastructure. There are subfolders for Presentaions on how-to, sites for profiling people and organizations, ans sites for profiling technical assets. This section is doing okay atm.
Exploits and Advisories
Places to go for exploit descriptions, white-papers, and code. Needs work.
If you’d like to get into exploit dev, these are really the guides and docs that will start you off in the right direction. Since Exploit dev is not my primary occupation this section could always use help.
Mostly collections of guides on non-tool command line hacking syntax. Heavily inspired by Ed Skoudis and PDP of GNUCitizen. Needs work.
Cheatsheets and fu!
Random cheatsheets for heavily used tools and reference. Need a lot of work.
Collection of *nix command line knowledge and distributions for pentesting. Needs work.
Open source classes relating to hacking and penetration testing. I would really like to find more of these.
Some practical and some high level methodologies for hacking related activities. Needs a lot of work.
If you want to practice your fu, these links to test sites, blogs about practice, and lab setup-how to’s will help. needs work, would like to convert to direct links as well.
Semi-parsed, nor has it really been inspected for relevancy. More of just a place i dump links for new tools and tools i use often. Needs a LOT of help, parsing, additions, etc.
I do a lot of web stuff. Here are some web vectors and associated useful docs and cheatsheets on each of them. Could always use more in these sections.
Not categorized, misc, and randomness.
It’s not even parsed yet, nor has it really been inspected for relevancy. needs lots of work.
Needs additions to main pages of con video archives. It’s an okay start though. Needs work.
Um ponto legal deste projeto é que você pode enviar para os mantenedores dele o seu bookmarks, eles irão analisa-lo e se tiver algum site ou material legal, o mesmo será adicionado ao bookmarks e todos poderão utilizá-lo.
Se você ficou interessado em baixar esse bookmarks você precisa saber de duas coisas: Primeiro, ele foi feito para rodar em Firefox, porém há uma série de ferramentas existentes no mercado que são capazes de exportá-lo para outros browsers, e segundo, o link para download e esse aqui. 🙂
Eu particularmente achei o projeto fantástico, ele possibilitará uma troca de informação e de sites por diversos profissionais de segurança da informação.