(page is updated on the go, if interesting information is collected …)
PECB
PECB CLEH info
https://pecb.com/en/education-and-certification-for-individuals/ethical-hacking
Exam preparation guides
Download Candidate’s Handbook (pecb.com)
Certified Lead Ethical Hacker Manuals – PECB Help Center (PECB X2Go Client)
Certified Lead Ethical Hacker Manuals – PECB Help Center (PECB CLEH Online Exam)
Certified Lead Ethical Hacker Manuals – PECB Help Center (CLEH Technical Requirements)
PECB X2Go client download (after login)
Note taking
CherryTree
https://www.giuspen.com/cherrytree/
http://giuspen.com/cherrytreemanual/
https://www.giuspen.com/cherrytree/#downl
Interesting references
Data breach reports
Cybercrime costs
ENISA threat landscape reports
Current (2021)
https://www.enisa.europa.eu/publications/enisa-threat-landscape-2021
Previous
https://www.enisa.europa.eu/topics/threat-risk-management/threats-and-trends/enisa-threat-landscape/enisa-threat-landscape-2020
https://www.enisa.europa.eu/publications/enisa-threat-landscape-report-2018
https://www.enisa.europa.eu/news/enisa-news/enisa-report-the-2017-cyber-threat-landscape
https://www.enisa.europa.eu/publications/enisa-threat-landscape-report-2016
https://www.enisa.europa.eu/publications/etl2015
ISO
https://ffwd2.me/FreeISO
>https://standards.iso.org/ittf/PubliclyAvailableStandards/
Freely accessible standards – online
https://www.iso.org/covid19
Free download (from: https://standards.iso.org/ittf/PubliclyAvailableStandards/)
ISO/IEC 27000:2018 EN – FR | 5th | Information technology — Security techniques — Information security management systems — Overview and vocabulary | ISO/IEC JTC 1/SC 27 |
---|
https://standards.iso.org/ittf/PubliclyAvailableStandards/c073906_ISO_IEC_27000_2018_E.zip
https://standards.iso.org/ittf/PubliclyAvailableStandards/c073906_ISO_IEC_27000_2018_F.zip
ISSAF (out-dated)
Lockheed Martin – Cyber Kill chain
https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html
Mitre
Att&ck
Engage
CVE
NIST
NIST-SP 500-291, NIST Cloud Computing Standards Roadmap
https://www.nist.gov/publications/nist-sp-500-291-nist-cloud-computing-standards-roadmap
NIST SP800 series
https://www.nist.gov/itl/publications-0/nist-special-publication-800-series-general-information
SP 800-41 Rev. 1: Guidelines on Firewalls and Firewall Policy
https://csrc.nist.gov/publications/detail/sp/800-41/rev-1/final
SP 800-82 Rev. 2
Guide to Industrial Control Systems (ICS) Security
https://csrc.nist.gov/publications/detail/sp/800-82/rev-2/final
CSF
https://www.nist.gov/cyberframework
OWASP
https://owasp.org/www-project-top-ten/
https://owasp.org/www-project-mobile-security-testing-guide/
OSSTMM
PTES (out of date)
http://www.pentest-standard.org/index.php/Main_Page
http://www.pentest-standard.org/index.php/PTES_Technical_Guidelines
Unified Kill chain
V 2022-05-18
https://www.unifiedkillchain.com/
OSI Model
https://en.wikipedia.org/wiki/OSI_model
https://simple.wikipedia.org/wiki/TCP/IP_model
TCP/IP Port numbers
https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
SANS/GIAC
HTML error codes
https://developer.mozilla.org/en-US/docs/Web/HTTP/Status
https://developer.mozilla.org/en-US/docs/Web/HTTP/Status
The story of Error Code 418
https://www.berkeleysquares.co.uk/2021/06/html-response-code-418-why-youve-never-heard-of-it-and-never-will-again/
https://datatracker.ietf.org/doc/draft-ietf-httpbis-semantics/
Security controls framework
https://www.securecontrolsframework.com/secure-controls-framework
https://github.com/securecontrolsframework/securecontrolsframework
Tips & tricks
Book
https://book.hacktricks.xyz/welcome/readme
OCSP
https://github.com/CountablyInfinite/oscp_cheatsheet
https://guide.offsecnewbie.com/cherrytree-oscp-template
Tools
Pentest wiki
Pentest Wiki: https://pentestwiki.org/
Haveibeenpwnd
https://haveibeenpwned.com/
https://haveibeenpwned.com/Passwords
OSINT
https://github.com/jivoi/awesome-osint
https://github.com/topics/osint-tools
https://www.osintessentials.com/maps
https://hackcontrol.org/OSINT/Maps.html
Phishing – open source
Metasploit
https://www.metasploit.com/
https://www.metasploit.com/get-started
https://github.com/rapid7/metasploit-framework/wiki/Nightly-Installers
Exploit DB
https://www.offensive-security.com/backtrack/offensive-security-exploit-archive-online/
Google Dorking
https://www.exploit-db.com/google-hacking-database
Rubber ducky – USB Key logger
https://shop.hak5.org/products/usb-rubber-ducky-deluxe
https://infosecwriteups.com/make-usb-rubber-ducky-with-less-than-3-fa72dac9e4de
Pen testing labs
Free labs
https://www.google.com/search?q=free+pentesting+labs
https://www.hackthebox.com/
https://www.hackthissite.org/
https://www.offensive-security.com/labs/
https://www.pentesterlab.com/exercises
https://www.vulnhub.com/
https://www.root-me.org/?lang=en
https://www.hacking-lab.com/events/
Various labs
Source: https://github.com/michelbernardods/labs-pentest
-> Academy Hackaflag -BR https://academy.hackaflag.com.br
-> Try Hack Me https://tryhackme.com
-> Attack-Defense https://attackdefense.com
-> alert to win https://alf.nu/alert1
-> CTF Komodo Security https://ctf.komodosec.com
-> CMD Challenge https://cmdchallenge.com
-> Explotation Education https://exploit.education
-> Google CTF https://capturetheflag.withgoogle.com
-> HackTheBox https://www.hackthebox.eu
-> Hackthis https://www.hackthis.co.uk
-> Hacksplaining https://www.hacksplaining.com/exercises
-> Hacker101 https://ctf.hacker101.com
-> Hacker Security https://capturetheflag.com.br
-> Hacking-Lab https://www.hacking-lab.com/index.html
-> HSTRIKE https://hstrike.com
-> ImmersiveLabs https://immersivelabs.com
-> Labs Wizard Security https://labs.wizard-security.net
-> NewbieContest https://www.newbiecontest.org
-> OverTheWire http://overthewire.org
-> Practical Pentest Labs https://practicalpentestlabs.com
-> Pentestlab https://pentesterlab.com
-> Penetration Testing Practice Labs http://www.amanhardikar.com/mindmaps/Practice.html
-> PentestIT LAB https://lab.pentestit.ru
-> PicoCTF https://picoctf.com
-> PWNABLE https://pwnable.kr/play.php
-> Root-Me https://www.root-me.org
-> Root in Jail http://ctf.rootinjail.com
-> Shellter https://shellterlabs.com/pt
-> SANS Challenger https://www.holidayhackchallenge.com
-> SmashTheStack http://smashthestack.org/wargames.html
-> Try Hack Me https://tryhackme.com
-> The Cryptopals Crypto Challenges https://cryptopals.com
-> Vulnhub https://www.vulnhub.com
-> W3Challs https://w3challs.com
-> WeChall http://www.wechall.net
-> Zenk-Security https://www.zenk-security.com/epreuves.php