Index for the Hacker Playbook

3/7/2015
ARP Poisoning:145
AV Evasion:Evade,218
AV Evasion:Veil:227
AV Evasion:py2exe:224
Alternate Data Streams:Hiding files:253
BeEF:(http://beefproject.com/):5,81
BeEF:Installing:13
Bitsadmin:Uploading Files on Windows 7, 8:258
BlackHat:266,267
Bsides:266
Bugtraq:(http.securityfocus.com/bid):246
Burp:5
Burp:Download:10
Burp Suite:Active Scanner:52
Burp Suite:Configuring and Enabling:44
Burp Suite:Content Discover Lists(http://code.google.com/p/raft/source/browse/trunk/data/wordlists/?r=64):51
Burp Suite:Content Discovery:50
Burp Suite:Fuzzing/Input Validation:97
Burp Suite:Input Validation/Fuzzing:97
Burp Suite:Replay Attack:91
Burp Suite:Session Tokens:94
Burp Suite:Spidering:48
Burp Suite Pro:14
Business Logic Testing:104
Bypass UAC:Metasploit:251
Bypassuac:Installing:12
Cain and Abel:14,160 Cain and Abel:ARP Poisoning:146
CanSec:266
Capture the Flag:270
Content Discovery:Burp Suite:50
Crackstation-human-only:Password List:236
Cross-Site Request Forgery:90
Cross-Site Scripting:84
Cross-Site Scripting:Crowd Sourcing(http://www.reddit.com/r/xss),89
Cross-Site Scripting:OWAPS Evasion Cheat Sheet(https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet):90
Cross-Site Scripting:Obfuscation:88
Cross-Site Scripting:Scraping Reddit(http://securepla.net/script-alertreddit-script):89
Ctftime.org:270
Custom Password Lists:9
DNS Redirection:160
DefCon:265
DerbyCon:265,267
Discovery:Active:30
Discovery:Passive:20
Discovery:Scripts:21
Doppelganger domains167
Ettercap:(http://ettercap.github.io/ettercap):151,163
Evade14
Evade:AV evasion tool,218
Evading Antivirus:217
Evil Foca:14
EvilFoca:IPv6(http://www.informatica64.com/evilfoca/default.aspx):153
EvilFoca:Presentation(http://www.slideshare.net/chemai64/defcon-21-fear-the-evil-foca-mitm-attacks-using-ipv6):153
Exploit-db(http://www.exploit-db.com):247
Exploits(http://www.exploit-db.com/remote/):65
Exploits:Shellcoder's Handbook(http://amzn.to/19ZlgfE):65
FTP script delivery:253
Ferret:156
Ferret:Sidejacking:155
Firefox:5,14
Firefox:Foxy Proxy:6,14
Firefox:Installing Addons:13
Firefox:TamperData:5
Firefox:Taper Data:14
Firefox:User Agent Switcher:6,14
Firefox:Web Developer Add-on:5,14
Firesheep:158
Fuzzing/Input Validation:Burp Suite,97
FuzzingLists(see SecLists):13
Gnmap.pl:5
Group Policy Preferences:113
Group Policy Preferences:ESEC Post(http://esec-pentest.sogeti.com/post/Exploiting-Windows-2008-Group-Policy-Preferences),116
Group Policy Preferences:Gppprefdecrypt.py(http://pastebin.com/TE3fvhEh):115
Group Policy Preferences:Microsoft AES Key(http://msdn.microsoft.com/en-us/library/2c15cbf0-f086-4c74-8b70-1f2fa45dd4be.aspx):115
Group Policy Preferences:PowerSploit:117
Group Policy Preferences:TrustedSec Presentation(http://www.trustedsec.com/files/BSIDESLV_Secret_Pentesting_Techniques.pdf):116
Hamster:156
Hamster:Sidejacking:155
Hash Algorithms:237
Hiding Files on Windows:Alternate data streams:253
Hiding Files on Windows:\\?\ Trick:256
HxD:14
Hyperion:14
IPv6:MITM:153
Impacket:(http://code.google.com/p/impacket):112
Impacket:Configuration(http://pen-testing.sans.org/blog/pen-testing/2013/04/25/smb-relay-demystified-and-ntlmv2-pwnage-with-python):113
Input Validation/Fuzzing:Burp Suite:97
John the Ripper:111,235,238 Kali:Updating:6
Karmetasploit:Walkthrough(http://resources.infosecinstitute.com/karmetasploit):208,208
Kismet:Wireless sniffing and monitoring:193
LLMNR(Link-Local Multicast Name Resolution):108
Lethal:266
M3g9tr0n_Passwords_WordList_CLEANED:Password List(http://bit.ly/KrTcHF):236
Metasploit:(http://www.metasploit.com):14,57
Metasploit:Basic Attack Configuration:58
Metasploit:Bypass UAC,251
Metasploit:Cheat sheet(http://www.cheatography.com/huntereight/cheat-sheets/metasploit-4-5-0-dev-15713):59
Metasploit:Enabling loging:7
Metasploit:Logging(http://www.irongeek.com/i.php?page=videos/derbycon3/s106-owning-computers-without-shell-access-royce-davis):129
Metasploit:RC scripts:249
Metasploit:Scrips:62
Metasploit:Searching:59
Metasploit:Setting up:7
Metasploit:WarFTP(http://downloads.securityfocus.com/vulnerabilities/exploits/22944.py):62
Metasploit Pro:Phishing Module:172
Meterpreter:126
Meterpreter:getsystem:127
Meterpreter:kerberos:127
Meterpreter:migrate:127
Meterpreter:ps:126
Meterpreter:sessions:126
Meterpreter:wdigest:127
Microsoft Excel:Delivering payloads with:185
Mimikatz(http://blog.gentilkiwi.com/mimikatz):5,119
Mimikatz:Download:9
NBT-NS(NetBIOS over TCP/IP Name Service):108
NTLMv2:Cracking:239
Neighbor Advertisement(NA):IPv6:153
Neighbor Soliciation(NS):IPv6:153
Network Discovery Protocol:153
Network Scanning:31
Network Scanning:Nexpose/Nessus:31
Network Scanning:Nmap:31
Network Scanning:Peepingtom:31
Nexpose/Nessus:14
Nishang:14
Nmap:14
Nmap:Banner grabbing,34
Nmap:Installing scripts,11
OWASP:266
OclHashcat:14,112,235,239
Odroid:209
Offensive Security:267
Openssh:170
PACK:Password Analysis and Cracking Toolkit(http://thesprawl.org/media/research/passwords13-smarter-password-cracking-with-pack.pdf and http://www.youtube.com/watch?v=8j6fOAH-Sko):243
PSExec:121,122
PSExec:In-memory Metasploit module(auxiliary/admin/sbm/psexec_command):128
Password:Rules(http://contest-2010.korelogic.com/rules.html):237
Password Cracking:235
Password List:Crackstation-human-only:236
Password List:RockYou:236
Password List:m3g9tr0n_Passwords_WordList_CLEANED(http://bit.ly/KrTcHF):236
Password Lists:5
Password Lists:Adobe:27
Password Lists:Adobe(http://stricture-group.com/files/adobe-top100.txt):28,28
Password Lists:cleaned(http://securepla.net/download/foundpw.csv):29
Password Lists:comparison script(http://securepla.net/download/password_check.txt):29
Peeping Tom:5
Peepingtom:38
Peepingtom:Setup,10
Pentesting Drop Box:209
Physical Social Engineering:214
Post Exploitation:PowerSploit(https://github.com/mattifestation/PowerSploit):133
Post Exploitation:Powershell(http://code.google.com/p/nishang):141
Post Exploitation Tips:Linux/Unix/BSD(http://bit.ly/pqJxA5):120
Post Exploitation Tips:Metasploit(http://bit.ly/JpJ1TR):121
Post Exploitation Tips:OSX(http://bit.ly/1kVTIMf):121
Post Exploitation Tips:Obscure Systems(http://bit.ly/1eR3cbz):121
Post Exploitation Tips:Windows(http://bit.ly/1em7gvG):120
PowerShell:Base64 encoding:137
PowerSploit:5,14
PowerSploit:Group Policy Preferences:117
PowerSploit:Installing:11
PowerSploit:Keystroke Monitoring,:40
PowerSploit:Post Exploitation:133
PowerSploit:Powershell base64 encoding:137
Powershell:Post Exploitation:141
Powershell:Uploading Files:258
ProxBrute:RFID brute forcing:208
ProxMark3:RFID cloning:208
Py2exe:AV evasion:224
Python:AV evasion using py2exe(http://www.trustedsec.com/files/BSIDESLV_Secret_Pentesting_Techniques.pdf):224
Python:Keylogger:226
RAFT(Response Analysis and Further Testing Tool):(http://code.google.com/p/raft):51
RFID:208
RFID Cloning:Tastic RFID:209
RFIdiot:RFID cloning and scripts:208
Recon-ng:(http://bit.ly/1kZbNcj):26
Reponder:Installing:12
Reporting:262
Responder:(https://github.com/SpiderLabs/Responder):5,108
RockYou:Password List:236
SANS:267
SMB replay(Metasploit exploit/windows/smb/smb_replay):112
SMB replay:Rob Fuller Video(http://www.youtube.com/watch?v=05W5tUG7z2M):112
SMBexec:5
SMBexec:Creating obvuscated meterpreter executables:231
SMBexec:Installing:8
SMTP:168
SQL Injection:68
SQLmap:(http://sqlmap.org):69
SQLmap:GET Parameter Example:69
SQLmap:POST Parameter Example:71
SSH:169
SSLstrip:156,162
Scanning: (see also Network Scanning, Web Application Scanning):31
Scanning:External:19
Searchsploit:Vulnerability search on kali:244
SecLists:Installing:13
Session Tokens:Burp Suite:94
Shmoocon:266
Sidejacking:(http://www.pcworld.com/article/209333/how_to_hijack_facebook_using_firesheep.html):155
Social Engineering:Physical:214
Social Engineering Toolkit:(https://www.trustedsec.com/downloads/social-engineer-toolkit):176
Social Engineering Toolkit:Credential Harvester:176
Social Engineering Toolkit:Installing:12
Social Engineering Toolkit:Java Attack:179
Spear Phishing:Campaigns:182
Spear phishing:172
Spidering:Burp Suite:48
Sqlninja(http://sqlninja.sourceforge.net):72
Sqlninja:Execution:77
Sqlninja:GET Parameter Example:75
Sqlninja:POST Parameter Example:76
Tastic RFID:(http://www.bishopfox.com/resources/tools/rfid-hacking/attack-tools):209
Tcpdump:79,108
ToorCon:266
Uploading Files:Powershell:258
Uploading Files on Windows 7,8:bitsadmin:258
Veil:5,121,122
Veil:AV evasion,227
Veil:Installing,8
Vulnerability Searching:244
Vulnerability Searching:Bugtraq(http://www.securityfocus.com/bid):246
Vulnerability Searching:Exploit-db(http://www.exploit-db.com):247
Vulnerability Searching:Metasploit Query,247
Vulnerability Searchinng:Searchsploit,244
WCE:(http://ampliasecurity.com/research/wcefaq.html):5,118
WCE:Binary(http://www.ampliasecurity.com/research/wce_v1_41beta_universal.zip):118
WCE:Download,9
WEP Cracking:Wired Equivalent Privacy:197
WPA Enterprise:Fake Radius Attack(http://www.willhackforsushi.com/presentations/PEAP_Shmoocon2008_Wright_Antoniewicz.pdf):204
WPAD PAC file handling:(http://blogs.technet.com/b/srd/archive/2012/11/13/ms12-074-addressing-a-vulnerability-in-wpad-s-pac-file-handling.aspx):108
WPAv2(TKIP):Cracking:199
WPAv2:Cracking:239
WPAv2 WPS:Cracking(http://bit.ly/1eRN0qj):203
Web Application Penetration Testing:OWASP testing guide(http://bit.ly/19GkG5R):67
Web Application Penetration Testing:Web Application Hacker's Handbook(http://amzn.to/1lxZaCv):67
Web Application Scanning:43
WebGoat:(https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project):54
Windos Credential Editor(see WCE):118
Windows:Domain Controller hashes(c:\Windows\NTDS\ntds.dit):130
Windows:Domain Controller hashes SMBExec(http://github.com/pentestgeek/smbexec):130
Windows:Domain Controller hashes shadow copy(http://www.defcon.org/images/defcon-21/dc-21-presentations/Milam/DEFCON-21-Milam-Getting-The-Goods-With-smbexec-Updated.pdf):130
Windows:net group:128
Windows:net localgroup:128
Windows:net user:128
Windows:qwinsta:128
Windows VM Host:Tools:14
Windows proxy:net sh inferface portproxy:164
Windws VM Host:Setup:14
Wired Equivalent Privacy:Cracking(WEP):197
Wireless:Active Attacks:196
Wireless:Exploitation:191
Wireless:Hardware:192
Wireless:Wired Equivalent Privacy(WEP) Cracking:197
Wireless:sniffing and monitoring with Kismet:193
XSS(see Cross-Site Scripting):84


-- Hachi Nijuku