Try Harder for Dummies

Small set of useful info for Offensive Security & Security Research.

Passwords

Lists

• Large Default Password List

Linux

• gimmecredz - grab you some Linux passwords

Payloads

• php web shells 101
• PayloadsAllTheThings - huge list of payloads

PrivEsc

Windows

• Sherlock - Local PrivEsc Suggester
• FuzzySecurity Windows PrivEsc Fundamentals - a very nice Windows privesc guide
• ADAPE-Script - Active Directory Assessment & PrivEsc

Linux

• GTFOBins - common Unix binaries that could be used to bypass local restrictions

Exploit Suggesters

I'd love to have one tool that does all of this, but different tools seem better at detecting / suggesting specific exploits.

• kernelpop
• linux-exploit-suggester
• perl Linux_Exploit_Suggester - if you have trouble with the others
• Linux Private-i
• LinEnum

Post-Exploitation

Windows

• ibombshell - Powershell based post-exploitation framework
• p0wnedShell - PowerShell post-exploitation framework (compiled, does not require PS to run)

Pivoting

Windows

• FuzzySecurity Windows Pivoting

Generic

• A Red Teamer's guide - showcases proxychains, SOCKS, 3proxy, etc.

Windows QoL

Download & Execute Remote Payload

• Remote Payload Oneliners

Powershell alternatives

• PowerLessShell - PowerShell without powershell.exe
• MSBuildShell - Powershell Host within MSBuild.exe
• Ps1 to .exe

Guides

Upgrading shells to fully interactive TTYs

• ropnop blog

Buffer Overflows

• https://pinkysplanet.net/simple-linux-x86-buffer-overflow/
• http://ly0n.me/2015/07/25/exploit-writing-simple-buffer-overflows/
• http://www.madirish.net/142

Debuggers

• Beej's Quick Guide to GDB

Fuzzers

• honggfuzz - security-oriented, evolutionary fuzzer
• boofuzz - network / protocol fuzzing

Misc

• How to use SMB from Linux
• Awesome Hacking List
• FuzzySecurity Guides

CTF / Challenge Sites

• AttackDefense Labs
• HackTheBox
• OverTheWire Natas
• VulnHub
• PentesterLab - paid course on learning web penetration testing