Skip to content
/ security Public
forked from xapax/security

Stuff about it-security that might be good to know

xapax.gitbooks.io/security
0 stars 503 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

lanceae/security

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

654 Commits
.gitignore
.gitignore
 
 
README.md
README.md
 
 
SUMMARY.md
SUMMARY.md
 
 
active_information_gathering.md
active_information_gathering.md
 
 
arp-spoofing.md
arp-spoofing.md
 
 
automated_vulnerability_scanners.md
automated_vulnerability_scanners.md
 
 
bash-scripting.md
bash-scripting.md
 
 
basics_of_linux.md
basics_of_linux.md
 
 
basics_of_windows.md
basics_of_windows.md
 
 
binary_exploitation.md
binary_exploitation.md
 
 
binary_exploitation2.md
binary_exploitation2.md
 
 
broken_authentication_or_session_management.md
broken_authentication_or_session_management.md
 
 
clickjacking.md
clickjacking.md
 
 
cms_scanning.md
cms_scanning.md
 
 
connections.md
connections.md
 
 
cracking_passwords.md
cracking_passwords.md
 
 
creating_malicious_files.md
creating_malicious_files.md
 
 
cross-site-scripting.md
cross-site-scripting.md
 
 
cross_site_request_forgery.md
cross_site_request_forgery.md
 
 
dGaQO6Y.png
dGaQO6Y.png
 
 
dictionary_attack_--_ssh_ftp.md
dictionary_attack_--_ssh_ftp.md
 
 
dictionary_attacks.md
dictionary_attacks.md
 
 
dns-spoofing.md
dns-spoofing.md
 
 
dns_basics.md
dns_basics.md
 
 
dns_zone_transfer_attack.md
dns_zone_transfer_attack.md
 
 
email_harvesting.md
email_harvesting.md
 
 
example_of_company_architecture.md
example_of_company_architecture.md
 
 
examples.md
examples.md
 
 
examplesXSS.md
examplesXSS.md
 
 
exploit_examples_and_tutorials.md
exploit_examples_and_tutorials.md
 
 
exploiting.md
exploiting.md
 
 
exposed_version_control.md
exposed_version_control.md
 
 
find_subdomains.md
find_subdomains.md
 
 
finding_subdomains.md
finding_subdomains.md
 
 
general_tips.md
general_tips.md
 
 
generate_custom_wordlist.md
generate_custom_wordlist.md
 
 
hashcat.md
hashcat.md
 
 
heartbleed.md
heartbleed.md
 
 
identify_hash_and_crack_it.md
identify_hash_and_crack_it.md
 
 
internal_enumeration.md
internal_enumeration.md
 
 
list_of_common_ports.md
list_of_common_ports.md
 
 
littearature.md
littearature.md
 
 
metasploit.md
metasploit.md
 
 
msfconsole.md
msfconsole.md
 
 
msfvenom.md
msfvenom.md
 
 
mysql.md
mysql.md
 
 
netcat.md
netcat.md
 
 
network_traffic.md
network_traffic.md
 
 
networking.md
networking.md
 
 
nmap_scripts.md
nmap_scripts.md
 
 
nosql-injections.md
nosql-injections.md
 
 
passive_information_gatherig.md
passive_information_gatherig.md
 
 
passwords.md
passwords.md
 
 
persistence.md
persistence.md
 
 
phpmyadmin.md
phpmyadmin.md
 
 
port_knocking.md
port_knocking.md
 
 
port_scanning.md
port_scanning.md
 
 
post_exploitation.md
post_exploitation.md
 
 
privilege_escalation.md
privilege_escalation.md
 
 
python_fundamentals.md
python_fundamentals.md
 
 
recon-ng.md
recon-ng.md
 
 
reverse-shell.md
reverse-shell.md
 
 
scanning.md
scanning.md
 
 
scripting_with_python.md
scripting_with_python.md
 
 
server_misconfiguration.md
server_misconfiguration.md
 
 
smtp-user-enum.md
smtp-user-enum.md
 
 
smtp_-_extract_emails.md
smtp_-_extract_emails.md
 
 
social_engineering_-_phishing.md
social_engineering_-_phishing.md
 
 
spawning_shells.md
spawning_shells.md
 
 
sql-injections.md
sql-injections.md
 
 
ssl-strip.md
ssl-strip.md
 
 
subdomain_takeover.md
subdomain_takeover.md
 
 
tcp-dumps_on_pwnd_machines.md
tcp-dumps_on_pwnd_machines.md
 
 
text-injection.md
text-injection.md
 
 
the_basics.md
the_basics.md
 
 
tips.md
tips.md
 
 
tools.md
tools.md
 
 
tools_of_the_trade.md
tools_of_the_trade.md
 
 
transfering_files.md
transfering_files.md
 
 
vulnerabilities.md
vulnerabilities.md
 
 
vulnerability_analysi.md
vulnerability_analysi.md
 
 
vulnerability_analysi1s.md
vulnerability_analysi1s.md
 
 
vulnerability_analysis.md
vulnerability_analysis.md
 
 
waf_-_web_application_firewall.md
waf_-_web_application_firewall.md
 
 
web-scanning.md
web-scanning.md
 
 
web-services.md
web-services.md
 
 
wget.md
wget.md
 
 
wifi.md
wifi.md
 
 
wireshark.md
wireshark.md
 
 
wps.md
wps.md
 
 
xml_external_entity_attack.md
xml_external_entity_attack.md
 
 

Repository files navigation

Security

My notepad about stuff related to security. Stuff I have come across that I don't feel like googeling again.

Find practical examples

If you read about a vulnerability that you want to know more about I can really recommend searching for in on HackerOne via google. It is a good way to find real life examples of vulnerabilities.

Here is an example of such a search:

site:hackerone.com sql-injection

Real world examples

https://www.reddit.com/r/AskNetsec/comments/4p7onl/gaining_initial_access_in_realworld_pentesting/

Disclaimers

Sometimes the line isn't very clear between the chapters. Some actions might be considered part of the vulnerability analysis-phase, but it could also but considered part of the recon-phase. Whatever, it doesn't really matter. Pentesting isn't a science, it is a craft. It can only be learned by practice.

These chapters are written sporadically with a lot of stuff missing. I just add stuff that I didn't know about before.

About

Stuff about it-security that might be good to know

xapax.gitbooks.io/security

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • CSS 100.0%