Clone of https://github.com/rmusser01/Infosec_Reference . For those who would prefer to not be tracked by MS.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

163 lines
13 KiB

5 years ago
2 years ago
2 years ago
4 years ago
2 years ago
2 years ago
2 years ago
2 years ago
4 years ago
2 years ago
2 years ago
2 years ago
4 years ago
2 years ago
4 years ago
2 years ago
4 years ago
2 years ago
2 years ago
4 years ago
2 years ago
4 years ago
2 years ago
4 years ago
2 years ago
4 years ago
2 years ago
4 years ago
2 years ago
2 years ago
4 years ago
2 years ago
4 years ago
2 years ago
2 years ago
4 years ago
2 years ago
4 years ago
2 years ago
4 years ago
2 years ago
4 years ago
4 years ago
2 years ago
4 years ago
3 years ago
2 years ago
4 years ago
2 years ago
4 years ago
  1. # Cheat Sheets & Reference Pages
  2. ## Table of Contents
  3. - [General](#general)
  4. - [Collection of Multiple](#collection)
  5. - [Communication](#comm)
  6. - [Active Directory](#ad)
  7. - [ARM](#arm)
  8. - [ASM](#asm)
  9. - [Android](#Android)
  10. - [iOS](#ios)
  11. - [Credential Attacks](#credatt)
  12. - [Exploitation Development](#exploitation)
  13. - [Forensics/IR](#for)
  14. - [Linux](#Linux)
  15. - [Malware](#Malware)
  16. - [Metasploit](#metasploit)
  17. - [Network Monitoring](#netmon)
  18. - [Network Scanning](#netscan)
  19. - [Penetration Testing Related](#pentest)
  20. - [PowerShell](#powershell)
  21. - [RE](#re)
  22. - [Security Design and Engineering](#sde)
  23. - [Tmux](#tmux)
  24. - [Web](#web)
  25. - [Windows](#windows)
  26. - [Wireless](#wifi)
  27. - [DB](#db)
  28. ## Contents
  29. * **General** <a name="general"></a>
  30. * [How to Suck at Information Security](https://zeltser.com/suck-at-security-cheat-sheet/)
  31. * [cheat.sh](https://github.com/chubin/cheat.sh)
  32. * the only cheat sheet you need https://cheat.sh/
  33. * [exp](https://github.com/troydm/exp)
  34. * a command line client for explainshell.com
  35. * [Malware Archaeology Cheatsheets](https://www.malwarearchaeology.com/cheat-sheets)
  36. * [Out of Band Exploitation (OOB) CheatSheet - NotSoSecure(2018)](https://notsosecure.com/oob-exploitation-cheatsheet/)
  37. * **Tools**
  38. * [cheat](https://github.com/cheat/cheat)
  39. * cheat allows you to create and view interactive cheatsheets on the command-line. It was designed to help remind nix system administrators of options for commands that they use frequently, but not frequently enough to remember.
  40. * **Collection of Multiple** <a name="collection"></a>
  41. * [Aman Hardikar's Mindmaps](http://www.amanhardikar.com/mindmaps.html)
  42. * [Hack3rScroll Mindmaps](https://github.com/hackerscrolls/SecurityTips/tree/master/MindMaps)
  43. * Mindmaps for Bugbounties, SSRF, OAUTH 2.0, and iOS Vuln assessment.
  44. * [Mobile Application Penetration Testing Cheat Sheet](https://github.com/tanprathan/MobileApp-Pentest-Cheatsheet)
  45. * The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.
  46. * [Templates and Checklists - Strategic Environmental Research and Development Program/US DoD](https://www.serdp-estcp.org/Tools-and-Training/Installation-Energy-and-Water/Cybersecurity/Templates-and-Checklists)
  47. * The Templates and Checklists are the various forms needed to create an RMF package and artifacts that support the completion of the eMASS registration. In addition to the Templates and Checklists, refer to the Cyber Commissioning and the Resources and Tools pages to review and download the Unified Facility Criteria and the Unified Facility Guide Specifications. While the templates and checklists are labeled DoD, ESTCP or Navy, they are fairly organization agnostic and any organization can modify them to suit their own use.
  48. * **Communication** <a name="comm"></a>
  49. * [Tips for Troubleshooting Human Communications](https://zeltser.com/human-communications-cheat-sheet/)
  50. * **Active Directory** <a name="ad"></a>
  51. * [Active Directory Cheat Sheet](https://github.com/punishell/ADCheatSheet)
  52. * Domain Demolition with Frank Castle and Powershell.
  53. * [Active Directory Exploitation Cheat Sheet - buftas](https://github.com/buftas/Active-Directory-Exploitation-Cheat-Sheet)
  54. * A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
  55. * **ARM** <a name="arm"></a>
  56. * [ARM Assembly Basics Cheatsheet - AzeriaLabs](https://azeria-labs.com/assembly-basics-cheatsheet/)
  57. * [ARMwiki - hehyrick.co.uk](https://www.heyrick.co.uk/armwiki/Category:Introduction)
  58. * ARM processor wiki
  59. * **ASM** <a name="asm"></a>
  60. * [x86 opcode structure and instruction overview](http://pnx.tf/files/x86_opcode_structure_and_instruction_overview.pdf)
  61. * [Intro to x86 calling conventions](http://codearcana.com/posts/2013/05/21/a-brief-introduction-to-x86-calling-conventions.html)
  62. * [Reading ASM](http://cseweb.ucsd.edu/classes/sp11/cse141/pdf/02/S01_x86_64.key.pdf)
  63. * [Assembler Language Instructions](http://www.laynetworks.com/assembly%20tutorials3.htm)
  64. * **Android** <a name="Android"></a>
  65. * [Android ADB cheat sheet](https://github.com/maldroid/adb_cheatsheet/blob/master/cheatsheet.pdf?raw=true)
  66. * **iOS** <a name="ios"></a>
  67. * [OWASP IOS Application Security Testing Cheat Sheet](https://www.owasp.org/index.php/IOS_Application_Security_Testing_Cheat_Sheet#Insecure_data_storage)
  68. * **Credential Attacks** <a name="credatt"></a>
  69. * Windows
  70. * [Credential Dumping Cheatsheet - Ignitetechnologies](https://github.com/Ignitetechnologies/Credential-Dumping)
  71. * This cheatsheet is aimed at the Red Teamers to help them understand the fundamentals of Credential Dumping (Sub Technique of Credential Access) with examples.
  72. * **Exploitation Development** <a name="exploitation"></a>
  73. * [x86 opcode structure and instruction overview](http://pnx.tf/files/x86_opcode_structure_and_instruction_overview.pdf)
  74. * [Nasm x86 reference](https://www.cs.uaf.edu/2006/fall/cs301/support/x86/)
  75. * [ARM Exploitation Cheat Sheet](https://azeria-labs.com/assembly-basics-cheatsheet/)
  76. * **Forensics/IR** <a name="for"></a>
  77. * [File Signature Table](http://www.garykessler.net/library/file_sigs.html)
  78. * [Mem forenics cheat sheet](http://forensicmethods.com/wp-content/uploads/2012/04/Memory-Forensics-Cheat-Sheet-v1.pdf)
  79. * [Security Incident Survey Cheat Sheet](https://zeltser.com/security-incident-survey-cheat-sheet/)
  80. * [Initial Security Incident Questionnaire for responders Cheat Sheet](https://zeltser.com/security-incident-questionnaire-cheat-sheet/)
  81. * [Critical Log Review Checklist for Security Incidents](https://zeltser.com/security-incident-log-review-checklist/)
  82. * [Network DDOS Incident Response Cheat Sheet](https://zeltser.com/ddos-incident-cheat-sheet/)
  83. * [Windows Registry Auditing Cheatsheet - Malware Archaeology](https://static1.squarespace.com/static/552092d5e4b0661088167e5c/t/5d497aefe58b7e00011f6947/1565096688890/Windows+Registry+Auditing+Cheat+Sheet+ver+Aug+2019.pdf)
  84. * **Linux** <a name="Linux"></a>
  85. * [Linux Syscall Table](http://www.informatik.htw-dresden.de/~beck/ASM/syscall_list.html)
  86. * Complete listing of all Linux Syscalls
  87. * **Malware** <a name="Malware"></a>
  88. * [Reverse Engineering Malware Cheat Sheet](https://zeltser.com/reverse-malware-cheat-sheet/)
  89. * [Analyzing Malicious Documents Cheat Sheet](https://zeltser.com/analyzing-malicious-documents/)
  90. * [Windows Registry Auditing Cheatsheet - Malware Archaeology](https://static1.squarespace.com/static/552092d5e4b0661088167e5c/t/5d497aefe58b7e00011f6947/1565096688890/Windows+Registry+Auditing+Cheat+Sheet+ver+Aug+2019.pdf)
  91. * **Metasploit** <a name="metasploit"></a>
  92. * [Metasploit 4.2 documentation](https://community.rapid7.com/docs/DOC-1751)
  93. * [MSF Payload Cheat Sheet](http://aerokid240.blogspot.com/2009/11/msfpayload-goodness-cheatsheet.html)
  94. * [Metasploit Meterpreter Cheat Sheet](https://scadahacker.com/library/Documents/Cheat_Sheets/Hacking%20-%20Meterpreter%20Cheat%20%20Sheet.pdf)
  95. * [Tips & Tricks](https://en.wikibooks.org/wiki/Metasploit/Tips_and_Tricks)
  96. * [Meterpreter Paranoid Mode - rapid7](https://github.com/rapid7/metasploit-framework/wiki/Meterpreter-Paranoid-Mode)
  97. * [Using the Database in Metasploit](https://www.offensive-security.com/metasploit-unleashed/using-databases/)
  98. * **Network Monitoring** <a name="netmon"></a>
  99. * [SiLK Toolsuite Quick Reference Guide](https://tools.netsa.cert.org/silk/silk-quickref.pdf)
  100. * **Network Scanning** <a name="netscan"></a>
  101. * [Nmap](https://highon.coffee/docs/nmap/)
  102. * **Penetration Testing Related** <a name="pentest"></a>
  103. * [General Tricks](http://averagesecurityguy.info/cheat-sheet/)
  104. * [Penetration Testing Tools Cheat Sheet](https://highon.coffee/blog/penetration-testing-tools-cheat-sheet/)
  105. * [AIX For Pentesters](http://www.giac.org/paper/gpen/6684/aix-penetration-testers/125890)
  106. * Good paper on exploiting/pentesting AIX based machines. From the paper itself “ The paper proposes some basic methods to do comprehensive local security checks and how to exploit the vulnerabilities.”
  107. * [Linux - Breaking out of shells](https://highon.coffee/docs/linux-commands/#breaking-out-of-limited-shells)
  108. * [RootVG - Website Dedicated to AIX](http://www.rootvg.net/content/view/102/98/)
  109. * [Windows Privilege Escalation Cheat Sheet/Tricks](http://it-ovid.blogspot.fr/2012/02/windows-privilege-escalation.html)
  110. * [Attack Surface Analysis Cheat Sheet](https://www.owasp.org/index.php/Attack_Surface_Analysis_Cheat_Sheet)
  111. * [Web Application Penetration Testing Cheat Sheet - jdow.io](https://jdow.io/blog/2018/03/18/web-application-penetration-testing-methodology/)
  112. * [Pentesting CheatSheets - @spotheplanet](https://ired.team/offensive-security-experiments/offensive-security-cheetsheets)
  113. * [Active Directory Cheat Sheet](https://github.com/Integration-IT/Active-Directory-Exploitation-Cheat-Sheet)
  114. * This repository contains a general methodology in the Active Directory environment. It is offered with a selection of quick commands from the most efficient tools based on Powershell, C, .Net 3.5 and .Net 4.5.
  115. * **PowerShell** <a name="powershell"></a>
  116. * [PowerShell Remoting Cheatsheet - Scott Sutherland](https://blog.netspi.com/powershell-remoting-cheatsheet/)
  117. * **RE** <a name="re"></a>
  118. * [Radare2 Cheat-Sheet](https://github.com/radareorg/radare2/blob/master/doc/intro.md)
  119. * [WinDbg Cheat Sheet/mindmap](http://tylerhalfpop.com/2014/08/16/windbg-cheatsheet/)
  120. * [Pdf of all WinDbg commands](http://windbg.info/download/doc/pdf/WinDbg_cmds.pdf)
  121. * [Arm instruction set](http://simplemachines.it/doc/arm_inst.pdf)
  122. * [IdaRef](https://github.com/nologic/idaref)
  123. * IDA Pro Full Instruction Reference Plugin - It's like auto-comments but useful.
  124. * **Security Design and Engineering** <a name="sde"></a>
  125. * [Security Architecture Cheat Sheet for Internet Applications](https://zeltser.com/security-architecture-cheat-sheet/)
  126. * **Tmux** <a name="tmux"></a>
  127. * [tmux Cheat Sheet](http://tmuxcheatsheet.com/)
  128. * **Web** <a name="web"></a>
  129. * [API Security Checklist](https://github.com/shieldfy/API-Security-Checklist/)
  130. * Checklist of the most important security countermeasures when designing, testing, and releasing your API.
  131. * [Drupal Security Checklist](https://github.com/gfoss/attacking-drupal/blob/master/presentation/drupal-security-checklist.pdf)
  132. * [OWASP Authentication Cheat Sheet](https://www.owasp.org/index.php/Authentication_Cheat_Sheet)
  133. * [OWASP Testing Checklist](https://www.owasp.org/index.php/Testing_Checklist)
  134. * [Securing Web Application Technologies Checklist](http://www.securingthehuman.org/developer/swat)
  135. * [SSRF Bible Cheatsheet](https://docs.google.com/document/d/1v1TkWZtrhzRLy0bYXBcdLUedXGb9njTNIJXa3u9akHM/edit)
  136. * [WebAppSec Testing Checklist](http://tuppad.com/blog/wp-content/uploads/2012/03/WebApp_Sec_Testing_Checklist.pdf)
  137. * [HTML5 Security Cheatsheet](https://github.com/jshaw87/Cheatsheets)
  138. * [XML DTD Cheat Sheet](https://web-in-security.blogspot.it/2016/03/xxe-cheat-sheet.html)
  139. * [OWASP XSS (Cross Site Scripting) Prevention Cheat Sheet](https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)\_Prevention_Cheat_Sheet)
  140. * [OWASP Input Validation Cheat Sheet](https://www.owasp.org/index.php/Input_Validation_Cheat_Sheet)
  141. * [OWASP Authentication Cheat Sheet](https://www.owasp.org/index.php/Authentication_Cheat_Sheet)
  142. * [OWASP Forgot Password Cheat Sheet](https://www.owasp.org/index.php/Forgot_Password_Cheat_Sheet)
  143. * [OWASP Choosing and Using Security Questions Cheat Sheet](https://www.owasp.org/index.php/Choosing_and_Using_Security_Questions_Cheat_Sheet)
  144. * [OWASP Session Management Cheat Sheet](https://www.owasp.org/index.php/Session_Management_Cheat_Sheet)
  145. * [OWASP Transport Layer Protection Cheat Sheet](https://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet)
  146. * [OWASP Pinning Cheat Sheet](https://www.owasp.org/index.php/Pinning_Cheat_Sheet)
  147. * [OWASP Cryptographic Storage Cheat Sheet](https://www.owasp.org/index.php/Cryptographic_Storage_Cheat_Sheet)
  148. * [Web Application Cheatsheet (Vulnhub)](https://github.com/Ignitetechnologies/Web-Application-Cheatsheet)
  149. * This cheatsheet is aimed at the CTF Players and Beginners to help them understand Web Application Vulnerablity with examples.
  150. * **Windows** <a name="windows"></a>
  151. * [Windows Startup Application Database](http://www.pacs-portal.co.uk/startup_content.php)
  152. * [Windows CMD Reference - ms](https://www.microsoft.com/en-us/download/details.aspx?id=56846)
  153. * [Windows Command Line cheatsheet (part 2): WMIC - andreafortuna](https://www.andreafortuna.org/dfir/windows-command-line-cheatsheet-part-2-wmic/)
  154. * [Windows CLI gems. Tweets of @wincmdfu](https://github.com/madhuakula/wincmdfu#list-missing-updates)
  155. * Windows one line commands that make life easier, shortcuts and command line fu.
  156. * [MS "reg" commandreference](http://www.computerhope.com/reg.htm)
  157. * **Wireless** <a name="wifi"></a>
  158. * [Management Frames Reference Sheet](http://download.aircrack-ng.org/wiki-files/other/managementframes.pdf)
  159. * **DB** <a name="db"></a>
  160. * [Checklist for mongodb](http://blog.mongodirector.com/10-tips-to-improve-your-mongodb-security/)