Note-to-self: PECB CLEH Collaterals

(page is updated on the go, if interesting information is collected …)

PECB

PECB CLEH info

https://pecb.com/en/education-and-certification-for-individuals/ethical-hacking

Exam preparation guides

Download Candidate’s Handbook (pecb.com)
Certified Lead Ethical Hacker Manuals – PECB Help Center (PECB X2Go Client)
Certified Lead Ethical Hacker Manuals – PECB Help Center (PECB CLEH Online Exam)
Certified Lead Ethical Hacker Manuals – PECB Help Center (CLEH Technical Requirements)

PECB X2Go client download (after login)

https://pecb.com/en/cleh

Note taking

CherryTree

https://www.giuspen.com/cherrytree/

http://giuspen.com/cherrytreemanual/

https://www.giuspen.com/cherrytree/#downl

Interesting references

Data breach reports

See: https://identityunderground.wordpress.com/interesting-links/useful-cybersecurity-data-protection-breach-reports/

Cybercrime costs

https://www.grantthornton.global/en/insights/articles/cyber-attacks-cost-global-business-over-$300bn-a-year/

ENISA threat landscape reports

Current (2021)
https://www.enisa.europa.eu/publications/enisa-threat-landscape-2021

All reports
https://www.enisa.europa.eu/topics/threat-risk-management/threats-and-trends/enisa-threat-landscape/enisa-threat-landscape

Previous
https://www.enisa.europa.eu/topics/threat-risk-management/threats-and-trends/enisa-threat-landscape/enisa-threat-landscape-2020
https://www.enisa.europa.eu/publications/enisa-threat-landscape-report-2018
https://www.enisa.europa.eu/news/enisa-news/enisa-report-the-2017-cyber-threat-landscape
https://www.enisa.europa.eu/publications/enisa-threat-landscape-report-2016
https://www.enisa.europa.eu/publications/etl2015

ISO

https://ffwd2.me/FreeISO
>https://standards.iso.org/ittf/PubliclyAvailableStandards/

Freely accessible standards – online
https://www.iso.org/covid19

Free download (from: https://standards.iso.org/ittf/PubliclyAvailableStandards/)

ISO/IEC 27000:2018 EN – FR5thInformation technology — Security techniques — Information security management systems — Overview and vocabularyISO/IEC JTC 1/SC 27

https://standards.iso.org/ittf/PubliclyAvailableStandards/c073906_ISO_IEC_27000_2018_E.zip
https://standards.iso.org/ittf/PubliclyAvailableStandards/c073906_ISO_IEC_27000_2018_F.zip

ISSAF (out-dated)

https://oissggroup.com/

Lockheed Martin – Cyber Kill chain

https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html

Mitre

Att&ck

https://attack.mitre.org/

Engage

https://engage.mitre.org/

CVE

https://cve.mitre.org/

NIST

NIST-SP 500-291, NIST Cloud Computing Standards Roadmap

https://www.nist.gov/publications/nist-sp-500-291-nist-cloud-computing-standards-roadmap

NIST SP800 series

https://www.nist.gov/itl/publications-0/nist-special-publication-800-series-general-information

SP 800-41 Rev. 1: Guidelines on Firewalls and Firewall Policy
https://csrc.nist.gov/publications/detail/sp/800-41/rev-1/final

SP 800-82 Rev. 2

Guide to Industrial Control Systems (ICS) Security

https://csrc.nist.gov/publications/detail/sp/800-82/rev-2/final

CSF

https://www.nist.gov/cyberframework

OWASP

https://owasp.org/

https://owasp.org/www-project-top-ten/

https://owasp.org/www-project-mobile-security-testing-guide/

OSSTMM

https://www.isecom.org/

PTES (out of date)

http://www.pentest-standard.org/index.php/Main_Page

http://www.pentest-standard.org/index.php/PTES_Technical_Guidelines

Unified Kill chain

V 2022-05-18

https://www.unifiedkillchain.com/

OSI Model

https://en.wikipedia.org/wiki/OSI_model

https://simple.wikipedia.org/wiki/TCP/IP_model

TCP/IP Port numbers

https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

SANS/GIAC

Wired Equivalent Privacy Vulnerability – GIAC
https://www.giac.org/paper/gsec/624/wired-equivalent-privacy-vulnerability/101399

HTML error codes

https://developer.mozilla.org/en-US/docs/Web/HTTP/Status

https://developer.mozilla.org/en-US/docs/Web/HTTP/Status

The story of Error Code 418
https://www.berkeleysquares.co.uk/2021/06/html-response-code-418-why-youve-never-heard-of-it-and-never-will-again/
https://datatracker.ietf.org/doc/draft-ietf-httpbis-semantics/

Security controls framework

https://www.securecontrolsframework.com/secure-controls-framework

https://github.com/securecontrolsframework/securecontrolsframework

Tips & tricks

Book

https://book.hacktricks.xyz/welcome/readme

OCSP

https://github.com/CountablyInfinite/oscp_cheatsheet

https://guide.offsecnewbie.com/cherrytree-oscp-template

https://github.com/devzspy/oscp-certification/tree/master/Note%20Taking%20Tools/CherryTree%20Template

Tools

Pentest wiki

Pentest Wiki: https://pentestwiki.org/

Haveibeenpwnd

https://haveibeenpwned.com/
https://haveibeenpwned.com/Passwords

OSINT

https://osintframework.com/

https://github.com/jivoi/awesome-osint

https://github.com/topics/osint-tools

https://www.osintessentials.com/maps

https://hackcontrol.org/OSINT/Maps.html

Phishing – open source

https://getgophish.com/

Metasploit

https://www.metasploit.com/
https://www.metasploit.com/get-started

https://github.com/rapid7/metasploit-framework/wiki/Nightly-Installers

Exploit DB

https://www.offensive-security.com/backtrack/offensive-security-exploit-archive-online/

https://www.exploit-db.com/

Google Dorking

https://www.exploit-db.com/google-hacking-database

Rubber ducky – USB Key logger

https://shop.hak5.org/products/usb-rubber-ducky-deluxe

https://infosecwriteups.com/make-usb-rubber-ducky-with-less-than-3-fa72dac9e4de

Hack mag – Rubber Ducky

Pen testing labs

Free labs

https://www.google.com/search?q=free+pentesting+labs
https://www.hackthebox.com/
https://www.hackthissite.org/
https://www.offensive-security.com/labs/
https://www.pentesterlab.com/exercises
https://www.vulnhub.com/
https://www.root-me.org/?lang=en
https://www.hacking-lab.com/events/

Various labs

Source: https://github.com/michelbernardods/labs-pentest

-> Academy Hackaflag -BR https://academy.hackaflag.com.br
-> Try Hack Me https://tryhackme.com
-> Attack-Defense https://attackdefense.com
-> alert to win https://alf.nu/alert1
-> CTF Komodo Security https://ctf.komodosec.com
-> CMD Challenge https://cmdchallenge.com
-> Explotation Education https://exploit.education
-> Google CTF https://capturetheflag.withgoogle.com
-> HackTheBox https://www.hackthebox.eu
-> Hackthis https://www.hackthis.co.uk
-> Hacksplaining https://www.hacksplaining.com/exercises
-> Hacker101 https://ctf.hacker101.com
-> Hacker Security https://capturetheflag.com.br
-> Hacking-Lab https://www.hacking-lab.com/index.html
-> HSTRIKE https://hstrike.com
-> ImmersiveLabs https://immersivelabs.com
-> Labs Wizard Security https://labs.wizard-security.net
-> NewbieContest https://www.newbiecontest.org
-> OverTheWire http://overthewire.org
-> Practical Pentest Labs https://practicalpentestlabs.com
-> Pentestlab https://pentesterlab.com
-> Penetration Testing Practice Labs http://www.amanhardikar.com/mindmaps/Practice.html
-> PentestIT LAB https://lab.pentestit.ru
-> PicoCTF https://picoctf.com
-> PWNABLE https://pwnable.kr/play.php
-> Root-Me https://www.root-me.org
-> Root in Jail http://ctf.rootinjail.com
-> Shellter https://shellterlabs.com/pt
-> SANS Challenger https://www.holidayhackchallenge.com
-> SmashTheStack http://smashthestack.org/wargames.html
-> Try Hack Me https://tryhackme.com
-> The Cryptopals Crypto Challenges https://cryptopals.com
-> Vulnhub https://www.vulnhub.com
-> W3Challs https://w3challs.com
-> WeChall http://www.wechall.net
-> Zenk-Security https://www.zenk-security.com/epreuves.php

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.