This is a repository made of multiple cheats in order to perform penetration testing/red team exercice.
I created this repository in order to share all the stuff I'm gathering on the Internet.
I'm not, and I have never worked in an offensive position. However, as mainly working as a Blue Teamer, it is essential for me to have the "Think as an attacker" mindset.
Within my documents, I tries to link most of the techniques towards well-known standards. By using well-known standards, it enable to be able to speak the same language between people. Those two standards also explains the techniques more in depth, so if you want to go deeper, don't hesitate to follow the links and go more into details. They also explains how to detect and/or mitigate the techniques we try to use to compromise a system, which is uselfull when writting the report.
- The Web Security Testing Guide (WSTG) is a comprehensive guide to testing the security of web applications and web services.
- MITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations.
I read books in order to get additional informations from what was available on the Internet. Even if some of those books are a bit old, they are still valuable today. Here are some reasons:
- You will always fall down on old systems within engagements.
- Sometimes the writter created some tools or give some scripts which are very know
- ..
However, test the tools as well as the options, as their will be things that may have changed.
Book | Writter | Published | Description |
---|---|---|---|
Penetration Testing: A Hands-On Introduction to Hacking | Georgia Weidman | 2014 | Beginner-friendly book that explains the basics of pentesting. Nice to start with. |
Red Team Field Manual (RTFM) | Ben Clark | 2014 | Around 100 pages of cheat cheets. I would suggest to read it once you have already decent notes and a good understanding of basic Linux, Windows and Web pentest |
The Hacker Playbook 3: Practical Guide To Penetration Testing | Peter Kim | 2018 | It may looks like there is only around 250 pages but this book is a good very resource, as it has been published in 2018, there are new tools that were not there in well-known referenced books of early 2010s. Note that I started with the number 3 of this series thinking that it was always adding new stuff on top of previous version which is not the case. |
How I would recommend to read those books
- Penetration Testing: A Hands-On Introduction to Hacking (2014)
- Hacking Exposed Linux, 3rd Edition (2008)
- Hacking Exposed Windows: Microsoft Windows Security Secrets and Solutions, 3rd Edition (2007)
- Network Security Assessment: Know Your Network 3rd Edition (2016)
- The Art of Network Penetration Testing (2020)
- Hacking: The Art of Exploitation, 2nd Edition (2008)
- The Hacker Playbook: Practical Guide To Penetration Testing (2014)
- The Hacker Playbook 2: Practical Guide To Penetration Testing (2015)
- The Hacker Playbook 3: Practical Guide To Penetration Testing (2018)
- Operator Handbook: Red Team + OSINT + Blue Team Reference (2020)
- Red Team Field Manual (RTFM) (2014)
Here below are blogs and repos that I heavily used during my researchs
- https://book.hacktricks.xyz/
- https://adsecurity.org/
- https://0xrick.github.io/
- https://pentestlab.blog/
- https://haiderm.com/
- https://websec.ca/kb/sql_injection
- ...
As well as Linux man, Microsoft's Documentation, ... websites like
DISCLAIMER
The content of the repository, as well as all the research link to it is done during my free-time in order learn new skills and share with the community.
The content of the repository does not relate to any work within either my current or previous employeers.