Everything is Awesome
This section contains quotes from many sources!

Web Architecture

1
https://developer.mozilla.org/en-US/docs/Web/Apps/Fundamentals/Modern_web_app_architecture
2
https://www.tutorialsteacher.com/mvc/mvc-architecture
3
https://spin.atomicobject.com/2015/04/06/web-app-client-side-server-side/
4
https://spin.atomicobject.com/2015/04/13/web-app-persistent-data/
5
https://spin.atomicobject.com/2015/04/20/front-end-dev-frameworks-libraries/
6
https://engineering.videoblocks.com/web-architecture-101-a3224e126947
7
https://blog.appcanary.com/2017/http-security-headers.html
8
https://medium.com/@giuseppemaggiore/profiling-the-hidden-costs-of-json-and-http-s-c8f327d5db89
9
http://ismailkasan.com/2019/08/02/asp-net-coreda-websocket-kullanimi/
Copied!

Linux Architecture

1
https://blog.k3170makan.com/2018/11/introduction-to-elf-format-part-vii.html?m=1
Copied!

Windows Architecture

1
https://github.com/kahun/awesome-sysadmin
Copied!

Powershell

1
https://github.com/janikvonrotz/awesome-powershell
2
https://github.com/Cn33liz/p0wnedShell
3
https://www.blackhillsinfosec.com/hostrecon-situational-awareness-tool
4
https://fortynorthsecurity.com/blog/under-the-hood-wmimplant-invoking-powershell/
Copied!

Red Team & Privilege Escalation

1
https://github.com/beahunt3r/Windows-Hunting?files=1
2
https://github.com/trustedsec/unicorn
3
https://github.com/quickbreach/smbetray
4
https://github.com/Raikia/CredNinja
5
https://twitter.com/CyberWarship/status/1062312575432605696?s=12
6
https://fireshellsecurity.team/restricted-linux-shell-escaping-techniques/
7
https://github.com/infosecn1nja/AD-Attack-Defense
8
https://github.com/defaultnamehere/cookie_crimes
9
https://x-c3ll.github.io/posts/DNS-endpoint-exfiltration/
10
https://github.com/alepacheco/Client
11
https://github.com/mthbernardes/GTRS/blob/master/README.md
12
https://github.com/portcullislabs/linikatz
13
https://github.com/jonatan1024/clrinject
14
https://b4rtik.blogspot.com/2018/12/execute-assembly-via-meterpreter-session.html
15
https://github.com/Mebus/cupp
16
http://carnal0wnage.attackresearch.com/2013/09/stealing-passwords-every-time-they.html
17
https://github.com/kahun/awesome-sysadmin
18
https://github.com/thom-s/docx-embeddedhtml-injection
19
https://www.harmj0y.net/blog/activedirectory/targeted-kerberoasting/
20
https://ired.team/
21
https://github.com/dirkjanm/privexchange/
22
https://github.com/itsKindred/winPortPush
23
https://github.com/infosecn1nja/Red-Teaming-Toolkit/blob/master/README.md
24
https://www.leeholmes.com/blog/2019/01/04/extracting-activity-history-from-powershell-process-dumps/
25
https://github.com/shr3ddersec/Shr3dKit
26
https://hausec.com/2018/10/05/windows-privilege-escalation-via-unquoted-service-paths/
27
https://hausec.com/2019/03/12/penetration-testing-active-directory-part-ii/
28
https://www.attackdebris.com/?p=311
29
http://blog.redxorblue.com/2019/04/sharpexec-lateral-movement-with-your.html
30
https://outflank.nl/blog/2019/04/17/bypassing-amsi-for-vba/
31
https://in.security/an-intro-into-abusing-and-identifying-wmi-event-subscriptions-for-persistence/
32
https://0x00-0x00.github.io/research/2018/10/28/How-to-bypass-AMSI-and-Execute-ANY-malicious-powershell-code.html
33
https://github.com/byt3bl33d3r/OffensiveDLR
34
https://github.com/mdsecactivebreach/WMIPersistence/blob/master/WMIPersist.cs
35
https://modexp.wordpress.com/2019/06/03/disable-amsi-wldp-dotnet/
36
https://github.com/Pickfordmatt/SharpLocker
37
https://github.com/itm4n/VBA-RunPE
38
https://0x00-0x00.github.io/research/2018/10/28/How-to-bypass-AMSI-and-Execute-ANY-malicious-powershell-code.html
39
https://remoteawesomethoughts.blogspot.com/2019/05/windows-10-task-schedulerservice.html
40
https://medium.com/@mattharr0ey/lateral-movement-using-reflection-assembly-71fdf098dd54
41
https://posts.specterops.io/cve-2019-13382-local-privilege-escalation-in-snagit-abe5f31c349
42
https://github.com/bitsadmin/wesng
43
https://github.com/Vlad-tri/awesome-windows-kernel-security-development
44
https://github.com/obscuritylabs/HastySeries
45
https://medium.com/@prsecurity_/how-to-build-an-internal-red-team-7957ec644695
46
https://github.com/rootm0s/WinPwnage
47
https://github.com/FSecureLABS/SharpGPOAbuse
48
https://chryzsh.github.io/exploiting-privexchange/
49
https://medium.com/@markmotig/bypassing-ad-account-lockout-for-a-compromised-account-5c908d663de8
50
https://posts.specterops.io/case-study-password-analysis-with-bloodhound-a3d264736c7
51
https://jsecurity101.com/2019/Syncing-into-the-Shadows/
52
https://chryzsh.github.io/relaying-delegation/
53
https://iwantmore.pizza/posts/amsi.html
54
https://dirkjanm.io/getting-in-the-zone-dumping-active-directory-dns-with-adidnsdump/
55
https://secureyourit.co.uk/wp/2019/05/10/dynamic-microsoft-office-365-amsi-in-memory-bypass-using-vba
56
https://github.com/Pickfordmatt/SharpLocker
57
https://offsec.provadys.com/osquery-windows-acl-misconfiguration-eop.html
58
https://modexp.wordpress.com/2019/06/03/disable-amsi-wldp-dotnet/
59
https://silentbreaksecurity.com/modern-red-team-infrastructure/
60
https://sdmsoftware.com/group-policy-blog/security-related/hijacking-administrative-templates/
61
https://outflank.nl/blog/2019/06/19/red-team-tactics-combining-direct-system-calls-and-srdi-to-bypass-av-edr/
62
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/unc-path-injection-with-microsoft-access/
63
https://medium.com/@technicalsyn/eternalrelayx-py-non-admin-ntlm-relaying-eternalblue-exploitation-dab9e2b97337
64
https://docs.google.com/document/d/1HYPX0MMn2Qc0TNYRRIaaYU2GIbuTMXHm-JBhRR2vNMU/mobilebasic
Copied!

Windows Pentest

1
https://github.com/kahun/awesome-sysadmin
2
https://github.com/infosecn1nja/AD-Attack-Defense
3
http://carnal0wnage.attackresearch.com/2013/09/stealing-passwords-every-time-they.html
4
https://www.harmj0y.net/blog/activedirectory/targeted-kerberoasting/
5
https://github.com/dirkjanm/privexchange/
6
https://github.com/itsKindred/winPortPush
7
https://www.leeholmes.com/blog/2019/01/04/extracting-activity-history-from-powershell-process-dumps/
8
https://hausec.com/2018/10/05/windows-privilege-escalation-via-unquoted-service-paths/
9
https://hausec.com/2019/03/12/penetration-testing-active-directory-part-ii/
10
https://www.attackdebris.com/?p=311
11
https://in.security/an-intro-into-abusing-and-identifying-wmi-event-subscriptions-for-persistence/
12
https://0x00-0x00.github.io/research/2018/10/28/How-to-bypass-AMSI-and-Execute-ANY-malicious-powershell-code.html
13
https://github.com/mdsecactivebreach/WMIPersistence/blob/master/WMIPersist.cs
14
https://remoteawesomethoughts.blogspot.com/2019/05/windows-10-task-schedulerservice.html
15
https://posts.specterops.io/cve-2019-13382-local-privilege-escalation-in-snagit-abe5f31c349
16
https://github.com/bitsadmin/wesng
17
https://github.com/rootm0s/WinPwnage
18
https://github.com/FSecureLABS/SharpGPOAbuse
19
https://www.blackhillsinfosec.com/an-smb-relay-race-how-to-exploit-llmnr-and-smb-message-signing-for-fun-and-profit/
20
https://github.com/fox-it/adconnectdump
21
https://chryzsh.github.io/exploiting-privexchange/
22
https://medium.com/@markmotig/bypassing-ad-account-lockout-for-a-compromised-account-5c908d663de8
23
https://posts.specterops.io/case-study-password-analysis-with-bloodhound-a3d264736c7
24
https://chryzsh.github.io/relaying-delegation/
25
https://googleprojectzero.blogspot.com/2019/04/windows-exploitation-tricks-abusing.html
26
https://dirkjanm.io/getting-in-the-zone-dumping-active-directory-dns-with-adidnsdump/
27
https://offsec.provadys.com/osquery-windows-acl-misconfiguration-eop.html
28
https://sdmsoftware.com/group-policy-blog/security-related/hijacking-administrative-templates/
29
https://outflank.nl/blog/2019/06/19/red-team-tactics-combining-direct-system-calls-and-srdi-to-bypass-av-edr/
30
https://medium.com/@technicalsyn/eternalrelayx-py-non-admin-ntlm-relaying-eternalblue-exploitation-dab9e2b97337
Copied!

Linux Pentest

1
https://github.com/portcullislabs/linikatz
2
https://medium.com/syscall59/on-eggs-and-egg-hunters-linux-x64-305b947f792e
3
https://www.corelan.be/index.php/2010/08/22/exploit-notes-win32-eggs-to-omelet/
4
https://www.hackingarticles.in/linux-for-pentester-apt-privilege-escalation/
5
https://github.com/diego-treitos/linux-smart-enumeration
Copied!

Process & DLL Hijacking

1
https://github.com/jonatan1024/clrinject
2
https://liberty-shell.com/sec/2019/03/12/dll-hijacking/
3
https://enigma0x3.net/2017/08/03/wsh-injection-a-case-study/
4
https://blog.didierstevens.com/2009/11/22/quickpost-selectmyparent-or-playing-with-the-windows-process-tree/
5
http://www.pwncode.club/2018/08/macro-used-to-spoof-parent-process.html
6
https://github.com/fdiskyou/injectAllTheThings/tree/master/injectAllTheThings
7
https://github.com/stephenfewer/ReflectiveDLLInjection
8
https://remoteawesomethoughts.blogspot.com/2019/05/windows-10-task-schedulerservice.html
9
https://github.com/SafeBreach-Labs/pinjectra
10
https://github.com/Vlad-tri/IAT-Hooking-Using-EasyHook-
11
https://posts.specterops.io/lateral-movement-scm-and-dll-hijacking-primer-d2f61e8ab992
12
https://dirkjanm.io/getting-in-the-zone-dumping-active-directory-dns-with-adidnsdump/
Copied!

Obfuscating & Evasion

1
https://github.com/trustedsec/unicorn
2
https://github.com/tokyoneon/Armor
3
https://twitter.com/omespino/status/1082361280248336384?s=12
4
https://twitter.com/404death/status/1082517937154473984
5
https://www.mdsec.co.uk/2018/06/exploring-powershell-amsi-and-logging-evasion/
6
https://twitter.com/Lulztigre/status/1084160449262833666?s=12
7
https://github.com/Bashfuscator/Bashfuscator
8
https://www.shelliscoming.com/2019/03/one-way-shellcode-for-firewall-evasion.html
9
https://secrary.com/Random/AbusingWSLforEvasion/
10
https://link.medium.com/9YQgEOa6CX
Copied!

Exfiltration

1
https://x-c3ll.github.io/posts/DNS-endpoint-exfiltration/
2
https://github.com/wangyu-/udp2raw-tunnel
3
https://twitter.com/climagic/status/1079026659435704320?s=12
4
https://github.com/depletionmode/wsIPC
5
https://medium.com/@d0nut/better-exfiltration-via-html-injection-31c72a2dae8b
6
https://blog.aquasec.com/dns-spoofing-kubernetes-clusters
7
https://medium.com/@alpinoacademy/incident-response-case-from-ssh-tunnel-to-endpoint-analysis-a4a7c9d0b67d
Copied!

Docker Pentest

1
https://blog.ropnop.com/docker-for-pentesters/
Copied!

Remote Access Terminal (RAT & C&C)

1
https://github.com/nathanlopez/Stitch
2
https://github.com/alepacheco/Client
3
https://www.hackingarticles.in/command-control-tool-pupy/
4
https://github.com/SafeBreach-Labs/SirepRAT
5
https://github.com/n1nj4sec/pupy
6
https://github.com/Fr33domD0wntime/NanoCore-RAT
7
https://github.com/MikeZeDev/NanocoreDecoder
8
https://github.com/b4rtik/RedPeanut
9
https://github.com/BishopFox/sliver
10
https://www.coalfire.com/The-Coalfire-Blog/June-2019/Introducing-Slackor
Copied!

Web & Client Shell

1
https://github.com/mthbernardes/GTRS/blob/master/README.md
2
https://medium.com/@somdevsangwan/backdooring-websites-like-a-ninja-62ac86d60993
3
https://www.hackingarticles.in/get-reverse-shell-via-windows-one-liner/
Copied!

Bug Bounty Stuff

1
https://github.com/EdOverflow/bugbountywiki/wiki
2
https://bugbountyguide.com/
3
https://github.com/EdOverflow/can-i-take-over-xyz
4
https://github.com/LewisArdern/bXSS
5
https://github.com/snoopysecurity/awesome-burp-extensions
6
https://github.com/random-robbie/bugbounty-scans
7
https://github.com/Bo0oM/fuzz.txt
8
https://github.com/wagiro/BurpBounty/blob/master/Changelog_3.0.4beta.md
9
https://github.com/We5ter/Scanners-Box
10
https://github.com/streaak/keyhacks
11
https://github.com/ngalongc/bug-bounty-reference
12
https://github.com/ffuf/ffuf
13
https://searchcode.com/
14
https://github.com/RhinoSecurityLabs/SleuthQL
15
https://altair.sirmuel.design/
Copied!

Bug Bounty & Pentest Tip

1
https://twitter.com/uraniumhacker/status/1061992982847533059?s=12
2
https://twitter.com/payloadartist/status/1062248690679668736?s=12
3
https://twitter.com/payloadartist/status/1062251209724063744?s=12
4
https://twitter.com/payloadartist/status/1062250344850190336?s=12
5
https://twitter.com/jobertabma/status/1071091295425191937?s=12
6
https://twitter.com/chybeta/status/1159261425279234048?s=09
7
https://twitter.com/samidrif/status/1112577474225823744?s=12
8
https://twitter.com/MeetAn0nym0us/status/1170394858000982016?s=09
Copied!

Bug Bounty Blog Post

1
https://medium.com/bugbountywriteup/xss-bypass-using-meta-tag-in-realestate-postnl-nl-32db25db7308
2
https://samcurry.net/reading-asp-secrets-for-17000/
3
https://medium.com/@putracraft.theworld/server-side-request-forgery-in-openid-support-defcc64d5e41
4
https://www.allysonomalley.com/2018/12/03/ios-bug-hunting-web-view-xss/
5
https://medium.com/bugbountywriteup/exfiltration-via-css-injection-4e999f63097d
6
https://blog.duszynski.eu/tor-ip-disclosure-through-http-301-cache-poisoning/
7
https://paper.seebug.org/991/
8
https://enciphers.com/markdown-for-penetration-testers-bug-bounty-hunters/
9
https://gist.github.com/akhil-reni/e2116cc243af096ca3416168f49b3298
10
https://medium.com/bugbountywriteup/exploiting-jsonp-and-bypassing-referer-check-2d6e40dfa24
11
https://medium.com/@logicbomb_1/bugbounty-how-i-was-able-to-download-the-source-code-of-indias-largest-telecom-service-52cf5c5640a1
12
https://github.com/shipcod3/mySapAdventures
13
https://samcurry.net/reading-asp-secrets-for-17000/
Copied!

Machine Learning

1
https://towardsdatascience.com/a-complete-machine-learning-walk-through-in-python-part-one-c62152f39420
2
https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/august/building-safer-machine-learning-systems-a-threat-model/
Copied!

Malware Analysis & Development

1
https://blog.manchestergreyhats.co.uk/2018/11/07/php-malware-examination/
2
https://medium.com/@Bank_Security/undetectable-c-c-reverse-shells-fab4c0ec4f15
3
https://media.ccc.de/v/35c3-9561-first_sednit_uefi_rootkit_unveiled
4
https://github.com/thom-s/docx-embeddedhtml-injection
5
https://0x00sec.org/t/malware-writing-python-malware-part-1/11700
6
https://medium.com/secjuice/the-road-to-reverse-engineering-malware-7c0bc1bda9d2
7
https://medium.com/@alpinoacademy/detecting-dns-tunnelling-with-wireshark-71ce39cd8fe5
8
https://outflank.nl/blog/2019/04/17/bypassing-amsi-for-vba/
9
https://gist.github.com/glenux/3e705387e30f229c242ea153de6e6a4d
10
https://github.com/JPCERTCC/MalConfScan/blob/master/README.md
11
https://www.linkedin.com/feed/update/urn:li:activity:6535142503195258880
12
https://github.com/itm4n/VBA-RunPE
13
https://www.youtube.com/watch?v=QuFJpH3My7A&feature=youtu.be
14
https://threat.tevora.com/5-minute-forensics-decoding-powershell-payloads/
15
https://jask.com/powershell-and-fileless-attacks/
16
https://github.com/evilsocket/ergo-pe-av
17
https://medium.com/@alpinoacademy/incident-response-case-from-ssh-tunnel-to-endpoint-analysis-a4a7c9d0b67d
18
https://darungrim.com/research/2019-10-01-analyzing-powershell-threats-using-powershell-debugging.html
19
https://www.blackhillsinfosec.com/analyzing-arp-to-discover-exploit-stale-network-address-configurations
20
https://blog.xpnsec.com/evading-sysmon-dns-monitoring/
21
https://www.malshare.com/register.php
22
https://medium.com/@curtbraz/getting-malicious-office-documents-to-fire-with-protected-view-4de18668c386
23
https://github.com/dreadl0ck/netcap
24
https://medium.com/palantir/tampering-with-windows-event-tracing-background-offense-and-defense-4be7ac62ac63
25
https://www.jaiminton.com/cheatsheet/DFIR/#common-startup-locations
Copied!

Binary Analysis & Exploitation

1
https://github.com/BinaryAnalysisPlatform/bap
2
https://0xrick.github.io/binary-exploitation/bof1/
3
https://0xrick.github.io/binary-exploitation/bof2/
4
https://0xrick.github.io/binary-exploitation/bof3/
5
https://0x00sec.org/t/autobof-a-journey-into-automation-exploit-development-and-buffer-overflows/13415
6
https://blog.rapid7.com/2019/06/12/heap-overflow-exploitation-on-windows-10-explained/
7
https://github.com/NetSPI/PESecurity
Copied!

Reverse Engineering

1
https://github.com/cea-sec/miasm/
2
https://ghidra-sre.org/CheatSheet.html
3
https://medium.com/@nishanmaharjan17/reversing-golang-binaries-part-1-c273b2ca5333
4
http://opensecuritytraining.info/
5
https://oalabs.openanalysis.net/2019/06/03/reverse-engineering-c-with-ida-pro-classes-constructors-and-structs/
6
https://icyphox.sh/blog/python-for-re-1/
7
https://github.com/wtsxDev/reverse-engineering
8
https://github.com/iOS-Reverse-Engineering-Dev/Swift-Apps-Reverse-Engineering/blob/master/Reverse%20Engineering%20Swift%20Applications.pdf
9
https://blog.rapid7.com/2019/06/12/heap-overflow-exploitation-on-windows-10-explained/
10
https://www.apriorit.com/dev-blog/363-how-to-reverse-engineer-os-x-and-ios-software
11
https://maddiestone.github.io/AndroidAppRE/
Copied!

Web Pentest

1
https://github.com/snoopysecurity/awesome-burp-extensions
2
https://github.com/g0rx/CVE-2018-7600-Drupal-RCE
3
https://mohemiv.com/all/exploiting-xxe-with-local-dtd-files/
4
https://medium.com/@klose7/https-medium-com-klose7-xxe-attacks-part-1-xml-basics-6fa803da9f26
5
https://github.com/foospidy/payloads
6
https://medium.com/@somdevsangwan/backdooring-websites-like-a-ninja-62ac86d60993
7
https://www.hackingarticles.in/multiple-ways-to-exploiting-http-authentication/
8
https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/
9
https://github.com/ambionics/phpggc
10
https://trustfoundry.net/bypassing-wafs-with-json-unicode-escape-sequences/
11
https://github.com/ngalongc/bug-bounty-reference
12
https://github.com/righettod/poc-graphql
13
https://github.com/binux/pyspider
14
https://github.com/guidovranken/django-fuzzers
Copied!

Web Application Secure Coding

1
https://medium.com/bugbountywriteup/how-to-write-secure-code-against-injection-attacks-aad4fff058da
Copied!

Cross-Site Scripting (XSS)

1
https://github.com/LewisArdern/bXSS
2
https://medium.com/bugbountywriteup/xss-bypass-using-meta-tag-in-realestate-postnl-nl-32db25db7308
3
https://twitter.com/xsspayloads/status/1077828663071199232?s=12
4
https://twitter.com/xsspayloads/status/1082228019962490880?s=12
5
https://medium.com/taptuit/exploiting-xss-via-markdown-72a61e774bf8
Copied!

Server Side Request Forgery (SSRF)

1
https://medium.com/@putracraft.theworld/server-side-request-forgery-in-openid-support-defcc64d5e41
Copied!

XML External Entity (XXE)

1
https://medium.com/@klose7/https-medium-com-klose7-xxe-attacks-part-1-xml-basics-6fa803da9f26
2
https://github.com/incredibleindishell/oxml_xxe
Copied!

Server Side Template Injection (SSTI)

1
https://www.we45.com/blog/server-side-template-injection-a-crash-course-?hs_amp=true
Copied!

JSON Web Token

1
https://www.we45.com/blog/server-side-template-injection-a-crash-course-?hs_amp=true
Copied!

Java RMI

1
https://mogwailabs.de/blog/2019/03/attacking-java-rmi-services-after-jep-290/
Copied!

Deserialization

1
https://github.com/portswigger/freddy-deserialization-bug-finder
2
https://www.notsosecure.com/exploiting-viewstate-deserialization-using-blacklist3r-and-ysoserial-net/
3
https://soroush.secproject.com/blog/2019/04/exploiting-deserialisation-in-asp-net-via-viewstate/
4
https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet
5
https://github.com/omerlh/insecure-deserialisation-net-poc
Copied!

Mobile Application Pentest

1
https://medium.com/@ansjdnakjdnajkd/dynamic-analysis-of-ios-apps-wo-jailbreak-1481ab3020d8
2
https://github.com/yagiz/Bagel
3
https://www.allysonomalley.com/2018/12/03/ios-bug-hunting-web-view-xss/
4
https://github.com/ivRodriguezCA/RE-iOS-Apps/blob/master/README.md
5
https://resources.infosecinstitute.com/android-penetration-tools-walkthrough-series-drozer/
6
https://resources.infosecinstitute.com/lab-hacking-an-android-device-with-msfvenom/
7
https://resources.infosecinstitute.com/android-application-hacking-insecure-bank-part-1/#article
8
https://resources.infosecinstitute.com/android-application-hacking-insecure-bank-part-2/
9
https://resources.infosecinstitute.com/android-application-hacking-insecure-bank-part-3
10
https://resources.infosecinstitute.com/android-application-hacking-insecure-bank-part-4
11
https://resources.infosecinstitute.com/android-hacking-and-security-part-25-hooking-and-patching-android-apps-using-xposed-framework/
12
https://resources.infosecinstitute.com/android-hacking-and-security-part-23-introduction-to-debugging-android-apps-using-andbug/
13
https://resources.infosecinstitute.com/android-hacking-security-part-14-examining-android-app-specific-data-non-rooted-devices/
14
https://resources.infosecinstitute.com/android-app-sec-test-guide-part-2/
15
https://resources.infosecinstitute.com/pen-test-apps-android-devices/
16
https://github.com/tanprathan/MobileApp-Pentest-Cheatsheet
17
https://medium.com/@macho_reverser/bypassing-certificate-pinning-on-ios-12-with-frida-809acdb875e7
18
https://github.com/tanprathan/MobileApp-Pentest-Cheatsheet
19
https://medium.com/@ved_wayal/hail-frida-the-universal-ssl-pinning-bypass-for-android-e9e1d733d29
20
https://medium.com/@yogendra_h1/ios-application-security-jailbreak-12-4-5e3fc0dc0726
21
https://github.com/iOS-Reverse-Engineering-Dev/Swift-Apps-Reverse-Engineering/blob/master/Reverse%20Engineering%20Swift%20Applications.pdf
22
https://spenkk.github.io/bugbounty/Configuring-Frida-with-Burp-and-GenyMotion-to-bypass-SSL-Pinning/
23
https://www.apriorit.com/dev-blog/363-how-to-reverse-engineer-os-x-and-ios-software
Copied!

Digispark & Rubber Ducky & IOT

1
https://digistump.com/wiki/digispark/tutorials/connecting
2
https://github.com/digistump/DigistumpArduino
3
https://digistump.com/wiki/digispark/tutorials/programming
4
https://gist.github.com/Ircama/22707e938e9c8f169d9fe187797a2a2c
5
https://github.com/eclypsium/USBAnywhere
6
https://github.com/Matheus-Garbelini/esp32_esp8266_attacks
7
https://hackaday.com/2016/10/28/duckhunting-stopping-rubber-ducky-attacks/
Copied!

Hardening

1
https://github.com/PaulSec/awesome-windows-domain-hardening
Copied!
Last modified 2yr ago