Links Úteis

05-01-2021

Blogs
https://thehackernews.com/
https://www.cisoadvisor.com.br/
https://threatpost.com/
https://cgreinhold.dev/
https://snyk.io/blog/
https://www.troyhunt.com/
https://samy.pl/
https://www.malwaretech.com/
https://minutodaseguranca.blog.br/
https://www.welivesecurity.com
https://secnhack.in/ **
https://www.syhunt.com/pt/?n=News.2021-Leaks&key=lucy17 (Leaks Feed)
https://eskelsen.medium.com/

Youtubers
https://youtube.com/LiveOverflowCTF
https://youtube.com/c/DavidBombal/
https://youtube.com/c/JohnHammond010/
https://youtube.com/stokfredrik
https://youtube.com/c/GabrielPato/

Github profiles
https://github.com/carlospolop
https://github.com/KingOfBugbounty
https://github.com/helviojunior
https://github.com/VitorOriel

Web Scanners
https://gf.dev/toolbox/ (Canivete suiço para ambientes Web)
https://www.ssllabs.com/ssltest/ (Diversas verificações para sistemas Web)
https://hstspreload.org/ (Teste para HSTS simples e direto)
https://observatory.mozilla.org/ (Diversas verificações para sistemas Web)
https://securityheaders.com/ (Verificações focadas em HTTP Headers necessários)
https://www.securityscore.com.br/ (Scan que vai além do sistema web, consulta e-mails e portas associadas ao domínio)
https://spyse.com/ (Scanner de informações públicas do site, crawler, url de js e css’s)

Vazamento de Senhas e Dados
https://haveibeenpwned.com/ (Verificação de vazamento de senhas)
https://spycloud.com (Verifica os vazamentos associados a sua conta com a informação das senhas abertas)
https://intelx.io/ (Consulta à base de dados de vazamentos)
http://pwndb2am4tzkvold.onion/ (Consulta à base de vazamentos)
http://xjypo5vzgmo7jca6b322dnqbsdnp3amd24ybx26x5nxbusccjkm4pwid.onion (Consulta à base de vazamentos)
https://breached.to/ (Antigo raidforums.com desativado - Forum com exposição de vazamentos)

OSINT
https://search.censys.io/ (Scan de IPs e portas)
https://www.shodan.io/ (Scan de IPs e portas)
https://wigle.net/ (Mapeamento mundial de redes wifi)
https://www.exploit-db.com/google-hacking-database/ (Google dorking)
https://www.shhgit.com/ (Monitoramento em tempo real de possíveis informações sensíveis sendo commitadas no GitHub, GitLab e BitBucket)
https://osintframework.com/ (Grande indexador de ferramentas e OSINT’s para reconhecimento e pentest)
https://community.riskiq.com/ (Scanner de informações públicas, encontra bastante subdomínios e só serve para isso na conta gratuíta)
http://securitytrails.com (Eficiente para encontrar subdomínios)
https://gf.dev/whois-hosting (Descobrir caminhos de IPs de um site)

Web Tools
https://gchq.github.io/CyberChef/ (Canivete suiço. Diversos ‘utils’, scrab, estractor, etc)
https://www.processlibrary.com/en/ (Busca de dlls e processos)
https://id-ransomware.malwarehunterteam.com/ (Identificar ransomware)
https://caniuse.com/ (Verificação de compatibilidade de browsers)
https://grabify.link/ (Encurtado de links com IP logger)
https://archive.org/web/ (Way back machine - Histórico das páginas antigas)
https://beautifier.io/ (Transforma um js minificado para legível)
https://bgp.he.net (BGP Check)
https://www.100security.com.br/rsg (Reverse shell generator)
https://report-uri.com/home/tools (CSP Analyse, CSP Builder, CSP Hash, Header Analyser, SRI HAsh, PEM Decoder)

Desktop Tools
https://beefproject.com/
http://sqlmap.org/
https://docs.microsoft.com/en-us/sysinternals/ (Canivete suiço de ferramentas de análise de ambiente)
https://github.com/globocom/huskyCI (Ferramenta feito pela Globo. Orquestrador de análise de código de repositório para rodar junto com um CI)
https://github.com/Genymobile/scrcpy (Solução para transmitir a tela do celular para o computador)
https://www.postman.com/ (Monta requisições Http sob demanda)
https://dbeaver.io/ (Conector com banco de dados universal)
https://github.com/assetnote/kiterunner (Endpoint spider)
https://github.com/KingOfBugbounty/SecretFinder (Procura por possíveis chaves em arquivos HTML ou Js)
https://github.com/lirantal/is-website-vulnerable (Alternativa open source para auditar as tecnologias front end de um sistema web, com resultados objetivos e claros indicando os problemas)
https://github.com/projectdiscovery/nuclei
https://github.com/skavngr/rapidscan (multi-tool web vulnerability scanner)
https://github.com/NESCAU-UFLA/FuzzingTool
https://github.com/Abdulrahman-Kamel/tokenScanner (Token Scanner - Passa um token para o scanner e ele identifica de que tipo que é o token. Ferramenta boa… é simples, informa do que se trata possivelmente o token e já passa uma url de como fazer o exploit e testar)
https://github.com/Abdulrahman-Kamel/extract-comments (Extrai comentários das páginas - Testado e funciona. Bom se achar um crowler para pegar todas as urls de um domínio para depois passar como parâmetro)
https://github.com/Abdulrahman-Kamel/xssHeaders (Testa Blind XSS Headers - Tem que fazer um conta no site https://xsshunter.com/ para ter o profile no XssHunter.)

Browser plugins

  • DotGit
  • Link Gopher
  • Http Header Live
  • JS Beautifier
  • KeyFinder
  • Web scan

Pentest (DAST)
https://www.zaproxy.org/ (scripts link)
https://subgraph.com/vega/
https://github.com/1N3/Sn1per/
https://owasp.org/www-community/Vulnerability_Scanning_Tools (Lista de várias ferramentas pagas e free)
https://start.me/p/BnBb5v/jornadas-osint (Reune vários links OSINTs, buscadores de nicks, de imagens, de pessoas, etc)

Analisadores de tráfego
https://portswigger.net/burp/
https://www.charlesproxy.com/
https://www.telerik.com/fiddler
https://www.wireshark.org/

Listas
https://github.com/danielmiessler/SecLists (Payloads)
https://github.com/swisskyrepo/PayloadsAllTheThings (Payload para quase tudo)
https://github.com/sindresorhus/awesome#security (Indexador de materiais para pentest, recon, etc)
https://github.com/carpedm20/awesome-hacking#readme (Indexador de materiais para pentest, recon, etc)
https://github.com/qazbnm456/awesome-web-security#readme (Indexador de materiais para pentest, recon, etc)
https://github.com/sbilly/awesome-security#web (Indexador de materiais para pentest, recon, etc)
https://www.routerpasswords.com/ (Lista de senhas padrões de dispositivos)
https://minutodaseguranca.blog.br/lista-completa-de-ferramentas-de-teste-de-penetracao-e-hacking/
https://github.com/nixawk/pentest-wiki (Indexador e guia para recon e pentests)
https://github.com/enaqx/awesome-pentest (Github para pentesters)

Sobre API keys
https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/API%20Key%20Leaks
https://community.turgensec.com/finding-hidden-api-keys-how-to-use-them/

Sobre AWS Buckets
https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/AWS%20Amazon%20Bucket%20S3

Criptografia, Hash databases e crackers
https://hashdecryption.com/
https://emn178.github.io/online-tools/
https://hashtoolkit.com/
https://www.perturb.org/content/hashes/
http://hashmash.info/
https://md5hashing.net/
https://sha1.gromweb.com/
https://www.boxentriq.com/code-breaking/cipher-identifier/ (Analisador de possível tipo de cifra utilizado)
https://www.openwall.com/john/ (John the Ripper password cracker)
https://crackstation.net/crackstation-wordlist-password-cracking-dictionary.htm (Base para download)
https://hstrike.com/ (Algumas ferremantes para análise de criptografias e senhas)

Wordlists
https://wordlists.assetnote.io/
https://github.com/Abdulrahman-Kamel/httpAuth

Aplicação para validação de web scanners
http://public-firing-range.appspot.com/

Databases para verificação de vulnerabilidade de bibliotecas
https://snyk.io/vuln |
https://ossindex.sonatype.org/
https://cve.mitre.org/cve/search_cve_list.html
https://www.nuget.org/packages/Audit.NET/ (Extensão para Visual Studio)

Verificação de DNS
https://toolbox.googleapps.com/apps/dig/
https://dnslytics.com/
https://mxtoolbox.com/

Mapas mentais, diagramas e prototipação
https://www.mindmeister.com/
https://miro.com/app/

Compartilhamento de arquivos e textos
https://gofile.io/
https://pastebin.com/
http://dontpad.com/

Emissão de certificado Https baixo ou nenhum custo
https://letsencrypt.org/

CORS ByPass
https://cors-anywhere.herokuapp.com/
https://portswigger.net/research/exploiting-cors-misconfigurations-for-bitcoins-and-bounties

Reverse Tabnabbing
https://security.christmas/2019/12
https://owasp.org/www-community/attacks/Reverse_Tabnabbing
https://github.com/OWASP/www-community/blob/master/pages/attacks/Reverse_Tabnabbing.md

Third party libraries
https://deps.dev/ => Mais simples de ver quais vulnerabildiade uma determinada versão de uma biblioteca tem diretamente, por exemplo https://deps.dev/npm/jquery/2.2.1
https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity
https://www.srihash.org/

CSP
https://cspscanner.com/ (Teste simples para CSP)
https://csper.io/evaluator (Avaliador para CPS)
https://csper.io/generator/ (Gerador de CSP)
https://developer.mozilla.org/pt-BR/docs/Web/HTTP/CSP

Lax vs Strict
https://blog.benpri.me/blog/2019/05/13/samesite-cookies-in-practice/

XSS Game
https://xss-game.appspot.com

I Know What You Download
https://iknowwhatyoudownload.com/en/peer/

Regras de boas práticas para desenvolvimento do Sonar
https://rules.sonarsource.com/csharp

CheatSheets e prevenções

Geral - OWASP cheatsheetseries link
XSS - Portswigger XSS cheatsheet link
XSS - OWASP XSS cheatsheet link
DOM XSS - OWASP DOM XSS cheatsheet link
XSS - XSS payloads além do alert link
XSS - PayloadsAllTheThings payloads link
Markdown XSS - https://github.com/cujanovic/Markdown-XSS-Payloads/blob/master/Markdown-XSS-Payloads.txt
SQLi - Portswigger SQLi cheatsheet link
SQLi - Netsparker SQLi cheatsheet link
Privilege Escalation - https://github.com/Ignitetechnologies/Privilege-Escalation/
Burp - https://github.com/Ignitetechnologies/BurpSuite-For-Pentester
Malware - https://github.com/malwares

Sniping Insecure Cookies with XSS
https://breakdev.org/sniping-insecure-cookies-with-xss/

Angular template injection

Web Cache Deception
http://omergil.blogspot.com/2017/02/web-cache-deception-attack.html
Examples for some of the past vulnerable pages:

1
2
3
- https://www.paypal.com/myaccount/home/attack.css
- https://www.paypal.com/myaccount/settings/notifications/attack.css
- https://history.paypal.com/cgi-bin/webscr/attack.css?cmd=_history-details

Metadada in Files
https://github.com/loseys/Goblyn
https://www.kaspersky.com.br/blog/office-documents-metadata/7192/

Services
https://www.kvstore.io/ (a simple key/value API based storage service)
https://nordvpn.com/ (VPN para comunicação segura - Pago)

.Net
https://github.com/pwntester/ysoserial.net (Exploit unsafe .NET object deserialization)

Calcular nível de vulnerabilidades
https://www.first.org/cvss/calculator/3.0
https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator

Coleção de relatórios de pentestes
https://github.com/juliocesarfort/public-pentesting-reports

Eventos
https://bekk.christmas/
https://security.christmas/
https://tryhackme.com/room/25daysofchristmas

Security Awareness

Personal Security Checklist
https://github.com/Lissy93/personal-security-checklist

Cofre de senhas
https://bitwarden.com/

Quiz do Google sobre phishing
https://phishingquiz.withgoogle.com/

Critérios de segurança no código
https://security-code-scan.github.io/

Guides

The National Cyber Security Centre
https://www.ncsc.gov.uk/

CTO Security Checklist/Guide
https://www.goldfiglabs.com/guide/saas-cto-security-checklist/

Bugbounty Tips
https://github.com/KingOfBugbounty/KingOfBugBountyTips

Verificação de assinaturas de arquivos
https://www.garykessler.net/library/file_sigs.html

Analisando mensagens HTTP com Burp Suite e FoxyProxy
https://luan-cf-bnu.medium.com/analisando-mensagens-http-com-burp-suite-e-foxyproxy-9fb0a32d6fa4

4 coisas que todo relatório deve ter
https://rhinosecuritylabs.com/penetration-testing/four-things-every-penetration-test-report/

Focar nos itens importantes do guide, como e o que utilizar
https://www.apriorit.com/dev-blog/622-qa-web-application-pen-testing-owasp-checklist

Security Design Guidelines for Web Services
https://msdn.microsoft.com/en-us/library/ff649737.aspx

Sobre HSTS
https://www.troyhunt.com/understanding-http-strict-transport

12 Discas contra DDoS
https://blog.4linux.com.br/12-metodos-para-prevenir-ddos/

Como implementar corretamente o Salt
https://crackstation.net/hashing-security.htm

Dicas para quem programa em .Net
https://cheatsheetseries.owasp.org/cheatsheets/DotNet_Security_Cheat_Sheet.html (Tópico ‘ASP NET Web Forms Guidance’, sobre CSRF e ViewState)

Comunicação segura: Jitsi, Signal ou Wire
https://thehackernews.com/2020/04/zoom-cybersecurity-hacking.html

For everything else that requires sharing sensitive information, there are more secure options like self-hosted Jitsi, Signal and Wire.

WCF: Dicas de client
https://www.oreilly.com/library/view/programming-wcf-services/9781449382476/ch01s13.html

Fundamentos do GC
https://docs.microsoft.com/en-us/dotnet/standard/garbage-collection/fundamentals?redirectedfrom=MSDN#background_server_garbage_collection

CVE-2021-44228 - Log4j

1
2
3
4
https://youtu.be/7qoPDq41xhQ

Exploit Demo: https://github.com/leonjza/log4jpwn
Shell Check: https://log4shell.huntress.com/