Blogs, Feeds, Guides + Links

*This wasn't meant to be live just yet!*

I scheduled all draft posts. I became ill and wasn't available to stop it from posting.


I was cleaning out my bookmarks, de-cluttering twitter favourites and closing a few tabs. Re-saw a few 'hidden gems' as well as repeating finding links for people, so I thought I would try and 'dump' them all in one place.

These are roughly sorted, if you're wanting something better - I highly recommend having a look at the pentest-bookmarks.

This list will be updated from time to time!

Programming & Coding

[Bash] Advanced Bash-Scripting Guide - http://tldp.org/LDP/abs/html/

[Bash] Bash shell scripting tutorial - http://steve-parker.org/sh/sh.shtml

[Bash] Bourne Shell Reference - http://linuxreviews.org/beginner/bash_GNU_Bourne-Again_SHell_Reference/

[CheatSheet] Scripting Languages: PHP, Perl, Python, Ruby - http://hyperpolyglot.org/scripting

[Tip] Forcing Scripts to Run as root - http://bashshell.net/shell-scripts/forcing-scripts-to-run-as-root/

[Tip] HTML5 Security Cheat Sheet - https://www.owasp.org/index.php/HTML5_Security_Cheat_Sheet

[Regex] Learn Regex The Hard Way (ALPHA) - http://regex.learncodethehardway.org

Programs & Scripts

[Program] HTML5 (plugin-free) web-based terminal emulator and SSH client - https://github.com/liftoff/GateOne

[Tips] Exploiting Powershell's Features (Not Flaws) - http://www.exploit-monday.com/2011/10/exploiting-powershells-features-not.html

[Tip] Shellcode in Powershell - http://pastebin.com/3mJ0jLRZ

[Program] easy-creds - http://sourceforge.net/projects/easy-creds/files/

[Program] ghost-phisher - http://code.google.com/p/ghost-phisher/

[Book] Network Security Tools - http://commons.oreilly.com/wiki/index.php/Network_Security_Tools

[Program] Password Security Scanner - http://www.nirsoft.net/utils/password_security_scanner.html

[Collection] Security Tools - http://securityxploded.com/tools.php

Tunnelling & Pivoting

[Linux] SSH gymnastics with proxychains - http://pauldotcom.com/2010/03/ssh-gymnastics-with-proxychain.html

[Windows] Nessus Through SOCKS Through Meterpreter - http://www.digininja.org/blog/nessus_over_sock4a_over_msf.php

[Shell] Reverse Shell Techniques for Linux - http://web.archive.org/web/20110602024754/http://www.coresec.org/2011/05/28/reverse-shell-techniques-for-linux/

[Shell] Python One Line Shellcode - http://pauldotcom.com/2011/10/python-one-line-shell-code.html

[Shell] Reverse Shell with Bash - http://www.gnucitizen.org/blog/reverse-shell-with-bash/

[Shell] Reverse shells one-liners - http://bernardodamele.blogspot.com/2011/09/reverse-shells-one-liners.html

[Shell] Creating a 13 line backdoor worry free of A/V - http://www.secmaniac.com/blog/2011/06/20/creating-a-13-line-backdoor-worry-free-of-av/

[Meteterpreter] Get a meterpreter reverse shell through SSH tunnel - https://hdesser.wordpress.com/2011/12/03/quick-notes-get-a-meterpreter-reverse-shell-through-ssh-tunnel/

[Shell] Reverse Shell Cheat Sheet - http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet

Cheat-Sheets

[OS] A Sysadmin's Unixersal Translator - http://bhami.com/rosetta.html

[WiFi] WirelessDefence.org's Wireless Penetration Testing Framework - http://www.wirelessdefence.org/Contents/Wireless%20Pen%20Test%20Framework.html

[Programming] The Ultimate Anti-Debugging Reference - http://tuts4you.com/download.php?view.3260

File Include (Local & Remote)

[LFI] When All You Can Do Is Read - http://www.digininja.org/blog/when_all_you_can_do_is_read.php

[LFI] Local File Inclusion – Tricks of the Trade - http://labs.neohapsis.com/2008/07/21/local-file-inclusion-%E2%80%93-tricks-of-the-trade/

[LFI] LFI with phpinfo Assistance- http://www.insomniasec.com/publications/LFI%20With%20PHPInfo%20Assistance.pdf

[LFI] Exploiting PHP File Inclusion Overview - https://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/

http://web.archive.org/web/20100426143634/http://www.0x50sec.org/how-to-exploit-local-file-inclusion-vulnerability

http://web.archive.org/web/20130818055744/https://foro.undersecurity.net/read.php?15,3768

http://www.ush.it/2008/08/18/lfi2rce-local-file-inclusion-to-remote-code-execution-advanced-exploitation-proc-shortcuts/

http://www.brianhaddock.com/2011/gaining-shell-access-via-local-file-inclusion-vulnerabilities

http://www.enye-sec.org/en/papers/web_vuln-en.txt

http://labs.neohapsis.com/2008/07/21/local-file-inclusion-%E2%80%93-tricks-of-the-trade/

WarGames / CTF / Challenges

[Challenges] The Ksplice Pointer Challenge - http://blogs.oracle.com/ksplice/

[Forensics] iAWACS 2011 Forensics challenge - http://cvo-lab.blogspot.com/2011/05/iawacs-2011-forensics-challenge.html

[CTF] Index Of / - http://ftp.hackerdom.ru/ctf-images/

[Forensics] Test Images and Forensic Challenges - http://www.forensicfocus.com/images-and-challenges

[WarGames] Pentest lab vulnerable servers-applications list - http://r00tsec.blogspot.com/2011/02/pentest-lab-vulnerable-servers.html

[WarGames] Practices for a Hacker (WarGames) - http://jhyx4life.blogspot.com/2007/02/practicas-para-un-hacker-wargames.html (English)

[Challenges] OWASP iGoat Project - https://www.owasp.org/index.php/OWASP_iGoat_Project

[Challenges] Can you crack it? - hxxp://canyoucrackit.co.uk

[WarGames] Vanilla Dome Wargame - hxxps://sm0k.org/dojo/vanilla.php

[CTF] Index Of / - http://repo.shell-storm.org/CTF/

[Boot2Root] Exploit-Exercises - http://exploit-exercises.com

[WarGames] try2hack - http://try2hack.nl

[Fuzzing] Resources - http://www.vdalabs.com/tools/efs_gpf.html

[Web] Web Application Vulnerability Scanner Evaluation Project - https://code.google.com/p/wavsep/

[Web] SQL Injection and Filter Evasion Challenge - http://www.modsecurity.org/demo/

[Walkthrough] preCON CTF Walkthrough - http://amolnaik4.blogspot.com/2011/12/clubhack-precon-ctf-walkthrough.html

[Walkthough] Rooting Kioptrix Level 1 in an Organized Fashion - http://securityweekly.com/2011/10/rooting-kioptrix-level-1-samba.html

http://pentest.cryptocity.net/capture-the-flag/

[Forensics] Forensic Challenge 8 - "Malware Reverse Engineering" - https://www.honeynet.org/node/668

[Collection] List of CTFs - http://x86overflow.blogspot.com/p/ctfs.html

http://www.hackfest.ca/en/hacking-games/anciens-jeux

Exploit Development (Programs)

[Download] Old Version Downloads - http://www.oldapps.com

[Download] Oldversions of Windows, Mac, Linux Software & Abandonware Games - http://www.oldversion.com

[Download] Exploit Database Search - http://www.exploit-db.com/search/

Kernel

[Linux] Index of Documentation for People Interested in Writing and/orUnderstanding the Linux Kernel. - http://jungla.dit.upm.es/~jmseyas/linux/kernel/hackers-docs.html

[PDF] From Browser To Kernel Exploitation - http://ensiwiki.ensimag.fr/images/6/61/SecurIMAG-2011-11-17-teach-a_long_way_from_browser_vulnerability_to_kernel_exploitation.pdf

[PDF] Introduction to Linux Kernel 2.6. How to write a Rootkit - https://info.fs.tum.de/images/2/21/2011-01-19-kernel-hacking.pdf

Offensive Security's Pentesting With BackTrack (PWB) Course

[Pre-course] Corelan Team - http://www.corelan.be

[Pre-course] The Penetration Testing Execution Standard - http://www.pentest-standard.org/index.php/Main_Page

[Hash] NTLM Decrypter - http://www.md5decrypter.co.uk/ntlm-decrypt.aspx

[Hash] reverse hash search and calculator - http://goog.li

[Tip] Ash's mental thoughts going into the OSCP exam - http://security.crudtastic.com/?p=213

Misc

[RSS] Open Penetration Testing Bookmarks Collection - https://code.google.com/p/pentest-bookmarks/downloads/list

[ExploitDev] Data mining Backtrack 4 for buffer overflow return addresses - http://insidetrust.blogspot.com/2010/12/data-mining-backtrack-4-for-buffer.html

[DIY] Repair a Broken Ethernet Plug - http://www.instructables.com/id/Repair-a-Broken-Ethernet-Plug/step5/Make-its-Head-Thin/

[Desktop] Ubuntu Security - http://ubuntuforums.org/showthread.php?t=510812

http://www.blackhat.com/presentations/bh-europe-05/BH_EU_05-Long.pdf

http://www.packetstan.com/2011/03/nbns-spoofing-on-your-way-to-world.html

http://dsecrg.blogspot.com/search/label/SMBRelay%20bible

http://www.ivizsecurity.com/blog/web-application-security/testing-flash-applications-pen-tester-guide/

http://sghctoma.extra.hu/index.php?p=entry&id=18

http://www.anti-forensics.com/beat-encase-file-signature-analysis-on-a-windows-system

https://blogs.msdn.com/themes/blogs/generic/post.aspx?WeblogApp=oldnewthing&y=2011&m=09&d=21&WeblogPostID=10214405&GroupKeys=

http://tuts4you.com/download.php?view.3216

http://tuts4you.com/download.php?list.17

http://portal.b-at-s.net/download.php

http://journeyintoir.blogspot.com/2011/09/building-timelines-tools-usage.html

http://quequero.org/uicwiki/index.php?diff=12753&oldid=prev&title=Carberp_Reverse_Engineering

https://code.google.com/p/findmyhash/downloads/list

http://www.contextis.com/research/blog/reverseproxybypass/

https://nealpoole.com/blog/2011/10/java-applet-same-origin-policy-bypass-via-http-redirect/

http://git.or.cz/course/svn.html

http://grandstreamdreams.blogspot.com/2012/01/wipies-part-ii-full-coverage-cleaning.html

http://blog.9bplus.com/quickly-summarizing-pcaps

[PDF] GPG Guide for Secure Communications - https://s3.amazonaws.com/access.3cdn.net/61181827185c940f93_45m6i2j28.pdf

Advanced DLL Injection - http://syprog.blogspot.com/2011/11/advanced-dll-injection.html

A pure python web based disassembler - http://pyms86.appspot.com/

[Guide] Extracting Malicious Flash Objects from PDFs Using SWF Mastah - http://blog.zeltser.com/post/12615013257/extracting-swf-from-pdf-using-swf-mastah

Tech Humour

[TechHumor] Title - https://www.xkcd.com

http://www.geeksaresexy.net/2009/09/01/a-hidden-gem-in-html/

http://bobby-tables.com/

http://theoatmeal.com/

http://www.cad-comic.com/

Malware

[Program] A malware identification and classification tool - https://code.google.com/p/yara-project/

[Samples] Base of malware packages - http://malwares.pl/index.php?dir=

[Samples] A Collection of Web Backdoors & Shells - http://contagiodump.blogspot.com/2010/03/collection-of-web-backdoors-shells-from.html

[BootKit] Bootkit Threat Evolution in 2011 - http://blog.eset.com/2012/01/03/bootkit-threat-evolution-in-2011-2

[Analysis] Deconstructing the Black Hole Exploit Kit - http://blog.imperva.com/2011/12/deconstructing-the-black-hole-exploit-kit.html

[OSX] Inside a Modern Mac Trojan - https://krebsonsecurity.com/2011/09/inside-a-modern-mac-trojan/

[Analysis] Deobfuscating malicious code layer http://pandalabs.pandasecurity.com/deobfuscating-malicious-code-layer-by-layer/

[Collection] Debuggers Anti-Attaching Techniques - Part 1 - http://waleedassar.blogspot.com/2011/12/debuggers-anti-attaching-techniques.html

Videos

[Program] easy-creds https://www.youtube.com/user/Brav0Hax

[Series] Social Engineering Toolkit Megaprimer Part 1 - http://www.securitytube.net/video/2571

[Program] BeEF & Intranet Footprinting - https://www.youtube.com/watch?v=zOJ1LUfcv3k

[Program] Demonstrating BeEF's Metasploit Plugin - https://www.youtube.com/watch?v=al0veZ2950M

Embedded Devies

[Router] RouterPwn - http://www.routerpwn.com

[Router] Database of private SSL/SSH keys for embedded devices - https://code.google.com/p/littleblackbox/

[Geo] mapping MAC addresses - http://samy.pl/androidmap/

[BIOS] BIOS Password Backdoors in Laptops - http://dogber1.blogspot.com/2009/05/table-of-reverse-engineered-bios.html

[Protection] Cisco Router Hardening Step-by-Step - https://www.sans.org/reading_room/whitepapers/firewalls/cisco-router-hardening-step-by-step_794

[iPhone] iPhone Tracker - http://petewarden.github.com/iPhoneTracker/

Exploit Development

[Guides] Corelan Team - http://www.corelan.be

[Guide] From 0x90 to 0x4c454554, a journey into exploitation. - http://myne-us.blogspot.com/2010/08/from-0x90-to-0x4c454554-journey-into.html

[Guide] An Introduction to Fuzzing: Using fuzzers (SPIKE) to find vulnerabilities - http://resources.infosecinstitute.com/intro-to-fuzzing/

[Video] TiGa's Video Tutorial Series on IDA Pro - http://www.woodmann.com/TiGa/idaseries.html

[Guide] Advanced Windows Buffer Overflows - http://labs.snort.org/awbo/

[Guide] Stack Based Windows Buffer Overflow Tutorial - http://www.thegreycorner.com/2010/01/beginning-stack-based-buffer-overflow.html

[Guide] SEH Stack Based Windows Buffer Overflow Tutorial - http://www.thegreycorner.com/2010/01/seh-stack-based-windows-buffer-overflow.html

[Guide] Windows Buffer Overflow Tutorial: Dealing with Character Translation - http://grey-corner.blogspot.com/2010/01/windows-buffer-overflow-tutorial.html

[Guide] Heap Spray Exploit Tutorial: Internet Explorer Use After Free Aurora Vulnerability - http://grey-corner.blogspot.com/2010/01/heap-spray-exploit-tutorial-internet.html

[Guide] Windows Buffer Overflow Tutorial: An Egghunter and a Conditional Jump - http://grey-corner.blogspot.com/2010/02/windows-buffer-overflow-tutorial.html

[Collection] Linux exploit development part 1 – Stack overflow. - http://sickness.tor.hu/?p=363

[Video] Athcon / Hack In Paris Demo 2 - https://www.youtube.com/watch?v=klXFqtYR5Mg

[Mona] Exploit Development with mona.py - http://amolnaik4.blogspot.com/2011/06/exploit-development-with-monapy.html

[Theory] Stack frame layout on x86-64 - http://eli.thegreenplace.net/2011/09/06/stack-frame-layout-on-x86-64

[Challenge] Helping Developers Understand Security - hxxp://spotthevuln.com

[Guides] Exploit Writing Tutorials - http://www.corelan.be/index.php/category/security/exploit-writing-tutorials/

[Guide] Breaking MailEnable 2.34: A lesson in security featuring Metasploit, Immunity Debugger, and mona.py - http://volatile-minds.blogspot.com/2011/07/breaking-mailenable-234-lesson-in.html

[Web] Finding 0days in Web Applications - http://www.exploit-db.com/finding-0days-in-web-applications/

[Windows] Offensive Security Exploit Weekend - http://www.corelan.be/index.php/2010/11/13/offensive-security-exploit-weekend/

[Windows] From vulnerability to exploit under 5 min - http://0entropy.blogspot.com/2011/02/from-vulnerability-to-exploit-under-5.html

[Windows] Remote control manager FAIL - http://www.skullsecurity.org/blog/2011/remote-control-manager-fail

[Guide] Heap Overflows For Humans 102.5 - http://net-ninja.net/article/?p=952

[Guide] Analyzing CVE-2011-2462 - Part Three - http://blog.9bplus.com/analyzing-cve-2011-2462-part-three

[Guide] A Textbook Buffer Overflow: A Look at the FreeBSD telnetd Code - http://thexploit.com/secdev/a-textbook-buffer-overflow-a-look-at-the-freebsd-telnetd-code/

[Guide] Egghunter Exploitation Tutorial - http://resources.infosecinstitute.com/buffer-overflow-vulnserver/

Exploit Development (Patch Analysis)

[Windows] A deeper look at MS11-058 - http://www.skullsecurity.org/blog/2011/a-deeper-look-at-ms11-058

[Windows] Patch Analysis for MS11-058 - https://community.qualys.com/blogs/securitylabs/2011/08/23/patch-analysis-for-ms11-058

[Windows] CVE-2011-1281: A story of a Windows CSRSS Privilege Escalation vulnerability - http://j00ru.vexillium.org/?p=893

[Mobile] Analyzing and dissecting Android applications for security defects and vulnerabilities - https://www.net-security.org/article.php?id=1613

Exploit Development (Reserve Energising)

[Guide] Exploiting Adobe Flash Player on Windows 7 - http://www.abysssec.com/blog/2011/04/18/exploiting-adobe-flash-player-on-windows-7/

[Guide] Heap Spraying Adobe: exploiting collab.collectemailinfo() - http://dreamofareverseengineer.blogspot.com/2011/07/heap-spraying-adobe-exploiting.html

[Guide] Intro. To Reversing - W32Pinkslipbot - http://blog.opensecurityresearch.com/2011/12/intro-to-reversing-w32pinkslipbot.html

[Guide] Decrypting iPhone Apps - https://www.sensepost.com/blog/6254.html

Databases

[Exploits] SHODAN Exploits - http://www.shodanhq.com/exploits

Executing commands in MySQL with it's running privilege - http://0x80.org/blog/?p=298

Basic Linux

[Tip] Linux 101: Useful Commands - http://www.codedrunk.com/2011/09/linux-101-useful-commands.html

[Tip] Linux Directory Structure Explained - http://www.codedrunk.com/2011/09/linux-directory-structure-explained.html

[Remote] Tips for Remote Unix Work (SSH, screen, And VNC) http://shebang.brandonmintern.com/tips-for-remote-unix-work-ssh-screen-and-vnc

Exploit Development (Metasploit Wishlist)

[ExplotDev] Metasploit Exploits Wishlist ! - http://web.archive.org/web/20111027133518/http://esploit.blogspot.com/2011/03/metasploit-exploits-wishlist.html

[Guide] Porting Exploits To Metasploit Part 1 - http://www.securitytube.net/video/2118

[Guide] Want to get your feet wet? Start here. - https://github.com/rapid7/metasploit-framework/wiki/Contributing-to-Metasploit

[Guide] MonaSploit - https://community.rapid7.com/community/solutions/metasploit/blog/2011/10/11/monasploit

[WishList] Top 50 Exploits - https://dev.metasploit.com/redmine/projects/framework/wiki/Exploit_Todo

[WishList] Metasploit Framework Wishlist - http://cosine-security.blogspot.com/2011/02/metasploit-framework-wishlist.html

Passwords & Rainbow Tables (WPA) & Wordlists

[RSS] Title - http://ob-security.info/?p=475

[RSS] Title - http://nakedsecurity.sophos.com/2011/06/14/the-top-10-passcodes-you-should-never-use-on-your-iphone/

[RSS] Title - http://www.troyhunt.com/2011/06/brief-sony-password-analysis.html

[WPA] Offensive Security: WPA Rainbow Tables - hxxp://www.offensive-security.com/wpa-tables/ (http://web.archive.org/web/20090401203054/http://www.offensive-security.com/wpa-tables)

[Wiki] The Password Project - http://thepasswordproject.com/

[Tool] Ultra High Security Password Generator - https://www.grc.com/passwords.htm

[Tool] John the Ripper config generator - https://sites.google.com/site/reusablesec2/jtrconfiggenerator

[Guide] Creating effective dictionaries for password attacks - http://insidetrust.blogspot.com/2010/07/creating-effective-dictionaries-for.html

[Leaked] Diccionarios con Passwords de Sitios Expuestos - http://www.dragonjar.org/diccionarios-con-passwords-de-sitios-expuestos.xhtml

[Download] Index of / - hxxp://svn.isdpodcast.com/wordlists/

[Guide] Using Wikipedia as brute forcing dictionary - http://lab.lonerunners.net/blog/using-wikipedia-as-brute-forcing-dictionary

[Tool] CeWL - Custom Word List generator - http://www.digininja.org/projects/cewl.php

[Download] Title - http://www.aircrack-ng.org/doku.php?id=faq#where_can_i_find_good_wordlists

[Leaked] Passwords - http://www.skullsecurity.org/wiki/index.php/Passwords

[Tools] password analysis and cracking kit - http://thesprawl.org/projects/pack/

[Tools] crunch - http://sourceforge.net/projects/crunch-wordlist/

Anti-Virus

[Metasploit] Facts and myths about antivirus evasion with Metasploit - http://schierlm.users.sourceforge.net/avevasion.html

[Terms] Methods of bypassing Anti-Virus (AV) Detection - NetCat - http://web.archive.org/web/20130527213205/http://compsec.org/security/index.php/anti-virus/283-anti-virus-central-methods-of-bypassing-anti-virus-av-detection.html

Web Based Attacks

[Burp] Hacking Web Authentication – Part 1 - http://resources.infosecinstitute.com/authentication-hacking-pt1/

[Guide] Liferay Portlet Shell - http://www.insinuator.net/2011/12/liferay-portlet-shell/

http://www.justanotherhacker.com/2011/12/writing-a-stealth-web-shell.html

http://www.justanotherhacker.com/2011/05/htaccess-based-attacks.html

SQL Injection

[Tip] Best damn quick tips for a total SQL injection newbie (period) - http://unconciousmind.blogspot.com/2011/09/quick-tips-for-total-sql-injection.html

Clickjacking

[Presentation] Clickjacking For Shells - http://www.morningstarsecurity.com/research/clickjacking-wordpress

Privilege Escalation

[Linux] Hacking Linux Part I: Privilege Escalation - http://www.dankalia.com/tutor/01005/0100501004.htm

[Windows] Windows 7 UAC whitelist - http://www.pretentiousname.com/misc/win7_uac_whitelist2.html

[Windows] Windows Privilege Escalation Part 1: Local Administrator Privileges - http://www.netspi.com/blog/2009/10/05/windows-privilege-escalation-part-1-local-administrator-privileges/

[TTY] Post-Exploitation Without A TTY - http://pentestmonkey.net/blog/post-exploitation-without-a-tty

[UAC] Windows 7 UAC whitelist:Proof-of-concept source code - http://www.pretentiousname.com/misc/W7E_Source/win7_uac_poc_details.html

[UAC] Bypass Windows 7 x86/x64 UAC Fully Patched – Meterpreter Module - http://www.secmaniac.com/blog/2011/01/01/bypass-windows-uac/

[Program] windows-privesc-check - http://code.google.com/p/windows-privesc-check/

Local Security

[Hashs] Recovering Hashes from Domain Controller - http://www.hackfest.ca/?p=659

[Hashs] Get Domain Admins (GDA) - https://github.com/nullbind/Other-Projects/tree/master/GDA

[Windows] Step-by-step guide to installing TrueCrypt and encrypting Windows XP system partition - http://www.securitybeacon.com/?p=673

[OSX] Inside Mac OS X 10.7 Lion: File Vault full disk encryption and cloud key storage - http://www.appleinsider.com/articles/11/02/28/inside_mac_os_x_10_7_lion_file_vault_full_disk_encryption_and_cloud_key_storage/

[Linux] Home directory and full disk encryption in Ubuntu 11.04 - http://www.linuxbsdos.com/2011/05/09/home-directory-and-full-disk-encryption-in-ubuntu-11-04/

[BackUp] Unison File Synchronizer:Liberation through Data Replication - http://web.archive.org/web/20070429173330/http://www.stanford.edu/~pgbovine/unison_guide.htm

Metasploit

[Guide] fxsst.dll persistence: the evil fax machine - http://web.archive.org/web/20110712135154/http://www.room362.com/blog/2011/6/27/fxsstdll-persistence-the-evil-fax-machine.html

[Guide] Bypassing DEP/ASLR in browser exploits with McAfee and Symantec - http://www.scriptjunkie.us/2011/08/custom-payloads-in-metasploit-4/

[Guides] Metasploit Unleashed - http://www.offensive-security.com/metasploit-unleashed/Metasploit_Unleashed_Information_Security_Training

[Guides] Metasploit Megaprimer (Exploitation Basics And Need For Metasploit) Part 1 - http://www.securitytube.net/video/1175

[Downloads] Metasploit Password Modules - http://securityxploded.com/metasploit-password-modules.php

[Guide] Process Injection Outside of Metasploit - http://carnal0wnage.attackresearch.com/2011/07/process-injection-outside-of-metasploit.html

[Guide] Path of Least Resistance - http://www.fishnetsecurity.com/blogs/?p=250

[Plugin] New Meterpreter Extension Released: MSFMap Beta - http://blog.securestate.com/post/2012/01/06/New-Meterpreter-Extension-Released-MSFMap-Beta.aspx

[Tip] Metasploit and PTES - https://community.rapid7.com/community/solutions/metasploit/blog/2011/12/02/metasploit-and-ptes

[Tip] Running MultiplePost Modules - http://www.darkoperator.com/blog/2011/12/16/running-multiplepost-modules.html

Default Generators

[WEP] mac2wepkey - Huawei default WEP generator - http://websec.ca/blog/view/mac2wepkey_huawei

[WEP] Generator: Attacking SKY default router password - http://sec.jetlib.com/BackTrack_Linux_Forums/2011/01/12/Generator:_Attacking_SKY_default_router_password

[WEP] Default key algorithm in Thomson and BT Home Hub routers - http://www.gnucitizen.org/blog/default-key-algorithm-in-thomson-and-bt-home-hub-routers/

Statistics

[Defacements] Zone-H - http://www.zone-h.org

[ExploitKits] CVE Exploit Kit list - http://exploitkit.ex.ohost.de/CVE%20Exploit%20Kit%20List.htm

http://www.ccssforum.org/malware-certificates.php?&pag=1f

Detection

[Web Shells] Analysis of compromised websites - hacked PHP scripts - http://nakedsecurity.sophos.com/2011/10/19/analysis-of-compromised-web-sites-hacked-php-scripts/

Cross Site Scripting (XSS)

[Guide] vbSEO – From XSS to Reverse PHP Shell - http://www.exploit-db.com/vbseo-from-xss-to-reverse-php-shell/

[XSS] XSS Rays - http://www.thespanner.co.uk/2009/03/25/xss-rays/

[XSS] How I Almost Won Pwn2Own via XSS - http://jon.oberheide.org/blog/2011/03/07/how-i-almost-won-pwn2own-via-xss/

[XSS] JS-less XSS Using HTML Injection to hijack accounts without JavaScript. - http://skeletonscribe.blogspot.com/2011/05/js-less-xss.html

[XSS] XSS Illustrated (for masses) - http://unconciousmind.blogspot.com/2011/09/xss-illustrated.html

[XSS] Cookie Grabbing using XSS - http://www.pentester.co.in/2011/10/cookie-grabbing-using-xss.html

Media

[Podcast] PaulDotCom - http://pauldotcom.com/podcast/psw.xml

[Podcast] Social-Engineer - http://socialengineer.podbean.com/feed/

[Magazine] ClubHACK Magazine - http://chmag.in/

[Magazine] The hacker News Magazine - http://thehackernews.com/p/magazine.html

Blogs & RSS

[RSS] SecManiac - http://www.secmaniac.com

[Guides] Carnal0wnage & Attack Research - http://carnal0wnage.attackresearch.com

[RSS] Contagio - http://contagiodump.blogspot.com

[News] THN : The Hacker News - http://thehackernews.com

[News] Packet Storm: Full Disclosure Information Security - http://packetstormsecurity.org

[Guides] pentestmonkey | Taking the monkey work out of pentesting - http://pentestmonkey.net

[RSS] Darknet - The Darkside | Ethical Hacking, Penetration Testing & Computer Security - http://www.darknet.org.uk

[RSS] Irongeek - http://www.irongeek.com

[Metasploit] Room 363 - http://www.room362.com

[Guides] Question Defense: Technology Answers For Technology Questions - http://www.question-defense.com/

[Guides] stratmofo's blog - http://securityjuggernaut.blogspot.com

[Guides] TheInterW3bs - http://theinterw3bs.com

[Guides] consolecowboys - http://console-cowboys.blogspot.com

[Guides] A day with Tape - http://adaywithtape.blogspot.com

[Guides] Cybexin's Blog - Network Security Blog - http://cybexin.blogspot.com

[RSS] BackTrack Linux - Penetration Testing Distribution - http://www.backtrack-linux.org/feed/

[RSS] Offensive Security - http://www.offensive-security.com/blog/feed/

[News] Title - hxxp://www.pentestit.com

[RSS] Title - http://michael-coates.blogspot.com

[RSS] Title - hxxp://blog.0x0e.org

[RSS] Title - http://archangelamael.shell.tor.hu

[RSS] Title - http://archangelamael.blogspot.com

[RSS] Title - hxxp://www.coresec.org

[RSS] Title - http://noobys-journey.blogspot.com

[RSS] Title - http://www.get-root.com

[RSS] Title - http://www.kislaybhardwaj.com

[RSS] Title - https://community.rapid7.com/community/metasploit/blog

[RSS] Title - http://mimetus.blogspot.com

[RSS] Title - http://hashcrack.blogspot.com

[RSS] Title - https://rephraseit.wordpress.com

[ExploitDB] Title - http://www.exploit-db.com

[RSS] Title - http://skidspot.blogspot.com

[RSS] Title - http://grey-corner.blogspot.com

[RSS] Title - http://vishnuvalentino.com

[RSS] Title - http://ob-security.info

...Not enough? Try twitter and/or IRC!

404'd

[WarGames] Title - http://securityoverride.com

[WarGames] Title - http://intruded.net