10. Tools and Resources

Content Index:

• 10.1. Recommended Resources
  • 10.1.1. Book List
  • 10.1.2. WebSite
  • 10.1.3. Blog
  • 10.1.4. Bug Bounty
  • 10.1.5. Experimental Environment
  • 10.1.6. Knowledge Base
• 10.2. Related papers
  • 10.2.1. List of papers
  • 10.2.2. Traffic Analysis
  • 10.2.3. Vulnerability Automation
  • 10.2.4. Attack Techniques
  • 10.2.5. Attack Detection
  • 10.2.6. Privacy
  • 10.2.7. Fingerprints
  • 10.2.8. Side Channels
  • 10.2.9. Authentication
  • 10.2.10. Protection
• 10.3. Information Collection
  • 10.3.1. Whois
  • 10.3.2. Website filing
  • 10.3.3. CDN query
  • 10.3.4. Subdomain Blasting
  • 10.3.5. Domain Name Acquisition
  • 10.3.6. Weak Password Blasting
  • 10.3.7. Git information leakage
  • 10.3.8. Github Monitoring
  • 10.3.9. Path and file scanning
  • 10.3.10. Path Crawlers
  • 10.3.11. Fingerprint recognition
  • 10.3.12. Waf Fingerprint
  • 10.3.13. Port Scanning
  • 10.3.14. DNS data query
  • 10.3.15. DNS Association
  • 10.3.16. Cloud Services
  • 10.3.17. Data query
  • 10.3.18. Password
  • 10.3.19. CI Information Disclosur
  • 10.3.20. Profile of personal data
  • 10.3.21. Mailbox Collection
  • 10.3.22. Others
• 10.4. Social Engineering
  • 10.4.1. OSINT
  • 10.4.2. Social Tools
  • 10.4.3. Personal Search
  • 10.4.4. Hacking database
  • 10.4.5. Fishing
  • 10.4.6. squatting
  • 10.4.7. Network disk search
  • 10.4.8. Password guessing
  • 10.4.9. Forgery
  • 10.4.10. Integrated Framework
• 10.5. Fuzzing
  • 10.5.1. Web Fuzz
  • 10.5.2. Scanners
  • 10.5.3. XSS Payloads
  • 10.5.4. Burp plugin
  • 10.5.5. Dictionaries
  • 10.5.6. Unicode Fuzz
  • 10.5.7. WAF Bypass
• 10.6. Exploitation/Detection
  • 10.6.1. Database Injection
  • 10.6.2. Unstructured database injection
  • 10.6.3. Database exploits
  • 10.6.4. XSS
  • 10.6.5. SSRF
  • 10.6.6. Template Injection
  • 10.6.7. HTTP Request Smuggling
  • 10.6.8. Command Injection
  • 10.6.9. PHP
  • 10.6.10. LFI
  • 10.6.11. struts
  • 10.6.12. CMS
  • 10.6.13. Java Frameworks
  • 10.6.14. DNS related vulnerabilities
  • 10.6.15. DNS Data Extraction
  • 10.6.16. DNS Tunneling
  • 10.6.17. DNS Shell
  • 10.6.18. XXE
  • 10.6.19. Deserialization
  • 10.6.20. JNDI
  • 10.6.21. Port Hack
  • 10.6.22. JWT
  • 10.6.23. Wireless
  • 10.6.24. Man-in-the-middle attacks
  • 10.6.25. DHCP
  • 10.6.26. DDoS
  • 10.6.27. Regular expressions
  • 10.6.28. Shellcode
  • 10.6.29. Ultraviolet
  • 10.6.30. Utilizing the Platform
  • 10.6.31. Exploit Libraries
  • 10.6.32. Exploit Frameworks
  • 10.6.33. Windows
• 10.7. Near source penetration
  • 10.7.1. Bad USB
  • 10.7.2. wifi
  • 10.7.3. Wireless
• 10.8. Web Persistence
  • 10.8.1. WebShell Administration Tools
  • 10.8.2. WebShell
  • 10.8.3. Web Backdoors
• 10.9. Lateral movement
  • 10.9.1. Domain
  • 10.9.2. LDAP
  • 10.9.3. Container
  • 10.9.4. Microsoft-based product utilization
  • 10.9.5. Azure AD
  • 10.9.6. Exchange
  • 10.9.7. PowerShell
  • 10.9.8. Intranet Information Collection
  • 10.9.9. Kerberos
  • 10.9.10. Automated Auditing
  • 10.9.11. Bypass
  • 10.9.12. Intranet Scan
• 10.10. Cloud Security
  • 10.10.1. Cloud Environment Automated Testing
  • 10.10.2. Security Hardening
  • 10.10.3. Cloud scanning
  • 10.10.4. Range environment
• 10.11. Operating System Persistence
  • 10.11.1. Windows
  • 10.11.2. Linux
  • 10.11.3. Synthesis
• 10.12. Audit Tools
  • 10.12.1. General
  • 10.12.2. PHP
  • 10.12.3. Python
  • 10.12.4. Java
  • 10.12.5. JavaScript
  • 10.12.6. Supply Chain
• 10.13. Defense
  • 10.13.1. Log Inspection
  • 10.13.2. Terminal Monitoring
  • 10.13.3. XSS Protection
  • 10.13.4. Configuration Checks
  • 10.13.5. Security Check
  • 10.13.6. IDS
  • 10.13.7. RASP
  • 10.13.8. SIEM
  • 10.13.9. Threat Intelligence
  • 10.13.10. APT
  • 10.13.11. Intrusion Check
  • 10.13.12. Process check
  • 10.13.13. Waf
  • 10.13.14. Online virus detection
  • 10.13.15. WebShell killing
  • 10.13.16. Rules/ IoC
  • 10.13.17. Threat detection
  • 10.13.18. Security Advisories
  • 10.13.19. Security Tracker
  • 10.13.20. Match Tool
  • 10.13.21. DoS Protection
  • 10.13.22. Adversary Simulation
  • 10.13.23. Intrusion Prevention
• 10.14. Secure Development
  • 10.14.1. Risk Control
  • 10.14.2. Static Analysis
  • 10.14.3. Secure Coding Practices
  • 10.14.4. Vulnerability Management
  • 10.14.5. DevSecOps
• 10.15. Operation and Maintenance
  • 10.15.1. Traffic
  • 10.15.2. Bastion Machine
  • 10.15.3. Honeypots
  • 10.15.4. VPN Install
  • 10.15.5. Tunnels/Proxy
  • 10.15.6. Proxy chain
  • 10.15.7. Asset Management
  • 10.15.8. Compliance
  • 10.15.9. Risk Control
  • 10.15.10. SIEM
  • 10.15.11. Security Operation
  • 10.15.12. System Monitoring
  • 10.15.13. Windows
  • 10.15.14. Network Test
  • 10.15.15. Red Team Simulation
  • 10.15.16. Network Simulation
• 10.16. Forensics
  • 10.16.1. Memory Forensics
• 10.17. Others
  • 10.17.1. Integrated Framework
  • 10.17.2. CAPTCHA
  • 10.17.3. WebAssembly
  • 10.17.4. Obfuscation
  • 10.17.5. Proxy Pool
  • 10.17.6. Android
  • 10.17.7. Others