I've exported the links I've captured during the training sessions using Mindjet Mindmanager which is what I use to take study notes. I haven't captured all the links or the names of all the many people who contributed them but thanks to all for sharing 
EC-Council Certified Ethical Hacker exam 312-50
CPE requirements
Cryptography
Penetration Testing Process
- Foot-printing (aka Recon)
- Open Source Intelligence Gathering (OSINT) Training by Michael Bazzell
- Social Engineering
- Maltego from Paterva
- SHODAN - Computer Search Engine
- Path Analyzer Pro - Graphical Traceroute
- Metadata leakage
- Whois tools
- Google hacking database
- Social networks
- Web server content - Netcraft
- Search engines (not just google) - OSINT custom search
- People sites
- UK 192.com
- Yasni
- Spokeo People Search - White Pages - Find People
- Whitepages โ Find People, Businesses & More
- AnyWho
- Financial Web
- Archives
- Scanning
- Zmap
- Fing - Network Scanner on the App Store on iTunes
- Angry IP scanner
- nmap (zenmap = gui)
- hping
- Superscan
- Scapy (packet crafter)
- Vulnerability scanners (for whitebox pentest only)
- Network diagrams / topology
- Solarwinds
- Friendly Pinger (may have virus) and has been replaced by Algorius Net Viewer
- Spiceworks network mapping software
- Zabbix
- Nagios
.
- Enumeration
- LDAP tools
- DNS tools
- nslookup (to force a zone transfer)
- samspade (old tool)
*SANS Using Sam Spade
- Superscan 4.1 by Foundstone
- Dumpsec
.
- Gain Access
See Packet sniffers section below - USB rubber ducky
- Rainbow tables
- Social engineering
- Jimmy Kemmel 'What is your password?'
- World wide web tools to lookup default hardware passwords
- Keyloggers
- Keyghost
- MS Windows Problem Steps Recorder (built-in tool)
- MS keyboard disguised as USB wall charger
- Thermal imaging to steal from ATM
.
- Privilege Escalation
- psgetsid (from Sysinternals suite)
- user2sid and sid2user by Evgenii B. Rudnyi
- Trinity rescue kit - requires physical access for local accounts
- ERD commander in v6.5 of Microsoft's Diagnostic and Recovery Toolset (MSDaRT)
- x.exe (old tool but Sean said he sill uses it)
.
.
- Maintaining Access
- Exfiltrating data from activity monitors
- Physical drop box (e.g. MiniPwner and Pwnieexpress )
. - Cover your tracks
- auditpol
- winzapper (for targetted removal of log entries*
- Alternate data streams (forked file system) - Practical Guide to Alternative Data Streams in NTFS
- Steganography
Malware (chapter 8 )
- Worm example
- Trojans
- netcat
- Ncat - Netcat for the 21st Century
- cryptcat
- Detection
- TCPview from Sysinternals Suite
- netstat -a
- Rootkits
- Microsoft Threat Report on Rootkits
- Rootkit Revealer from Sysinternals Suite
- Advanced Persistent Threats (APTs)
- IP viking live attack map
shows which ant-malware products detect a threat) - Anti-malware tools referenced in forum
- Virustotal (online scanner for files and URLs
- VIPRE
- Spybot
- ESET
- Malwarebytes
- Windows Defender
.
Sniffing
- Tools
- Wireshark
- Linux Dsniff (for SMTP packet extraction)
- Etherape graphical only
- Network Monitor (Microsoft) replaced by Microsoft Message Analyzer
- WinPCap
- Command line utilities
- Wireless with wireshark
- AirPCap (hardware for wireless, approx $300-800)
- Detecting sniffers
Social Engineering
- Social Engineer Podcast
- Social Engineering Toolkit
- Social Engineering Framework
- Recommended Books
- Managing an Information Security and Privacy Awareness and Training Program, Second Edition by Rebecca Herold - personal recommendation, excellent
.
Denial of Service
- Examples cited
- Botnets used for DDOS
- Packet crafting
- hping2
- hping3
- colasoft packet crafter
- 'Gobbler' for targeted attack against a DHCP server
- Attack types cited
- Generic
- Targetted
- DHCP servers
- DHCP starvation attack (see Gobbler tool)
- DNS servers
- DNS poisoning attack
- NTP servers
- NTP amiplification attack
- Web servers
- examples cited: slashdot and 'fark effect'
- SQL servers
- examples cited: Slammer worm
- DHCP servers
- Physical attacks
- Phlashing attacks against routers / switches
- Other useful links
- Denial-of-service attack - Wikipedia
- Digital Attack Map (visualise DDOS over time)
- US CERT on Denial of Service (Published 1997)
- Distributed denial-of-service attack defense
- Zone H (hacked sites)
- Internet Health Report (shows internet backbone providers)
- Kali Linux Hacking Tutorials Denial Of Service Attacks Explained for Beginners and Dummies
.
Session Hijacking
.
Web Servers and Web Applications
- Tools
- Siterippers
- Scanning, etc.
- Firefox add-ins
- Selenium automation
- Tamper Data (also see Why Hackers Love the Tamper Data Firefox Add-On
*Countermeasures - Web application firewall - Mod Security (open source)
- Web IDS/IPS - Appsensor from OWASP
- Other stuff
.
SQL Injection
- Tools
- Firefox addins
* SQL inject me - SQLmap
- Google dorking list for 2015/16
- Firefox addins
- Additional resources
- Tutorial on SQLi Labs - InfoSec Institute uses Audi-1-sqli-labs ยท GitHub
- SQL injection tutorial (used in class)
.
Wireless Networking
- Security standards
- Frequency bands
- Attack types
- war-catting (!)
- Wi-Fi jamming (don't do it!)
- Tools
- Bluetooth
- btscanner 2.1 for linux
- Ubertooth One
- UD100 SENA - also sold by Pwnie Express
- Bluetooth from a mile away (make your own bluetooth adapter
- Bluetooth keylogger
- Wireless
- Bluetooth
- In-depth tutorials on wi-fi hacking
- SecurityTube Wireless LAN Security and Penetration Testing Megaprimer with Vivek Ramachandran - personally highly recommend
- Hak5 1122.1, WiFi Hacking Workshop Part 1.1 recommended by WS
- Eli the computer guy recommended by BC
- Additional resources
.
Evading IDSs, Firewalls, and Honeypots
Coming soon
.
Physical Security
This was not covered as a separate segment but embedded into the social engineering and other examples. Lots online on the topic including a useful checklist from SANS. One resource I particularly like for various things is the CPNI website.
.
Penetration testing distributions
KaliLinux
BlackArch
Backbox Linux
Cyborg Hawk
IDS
Other security tool sites
Sysinternals suite
Security tools
Labs
- Oracle VirtualBox
- http://www.vmware.com/products/player/
- KVM (Linux)
- Microsoft VMs for testing
- 10 Vulnerable Web Applications You Can Play With
- NDG labs worldwide
Report writing
- SANS How to write a pen test report
- Reporting - The Penetration Testing Execution Standard
- The Art of Writing Penetration Test Reports - InfoSec Institute
- Offensive Security
Other interesting links posted
- Epic Privacy Browser
- 33Mail.com -unlimited free disposable anonymous email addresses
- Cheat sheets at packetlife
- Phishing Quiz from OpenDNS
- Hacking webcams
- LatinSquares
- Computer crime presentations and training
- EFS and audit policy video from ITPro.tv
- Complementary training (I use in addition to itpro.tv)
- Mindmaps for pen testers by Aman Hardikar
.
Security Podcasts listened to by participants
