We will try to do regular checks using the W3C Link checker, but if you find a broken link, please report it ASAP so we can fix it! KTHXBYE!
Talks
Paul Asadoorian and John Strand
DerbyCon 2.0 2012 - Offensive Countermeasures: Still trying to bring sexy back
DerbyCon 3.0 2013 - Hacking Back Active Defense And Internet Tough Guys
Raphael Mudge
Bsides Las Vegas 2012 - Force Multipliers for Red Team Operations
DEFCON 20 2012 - Cortana: Rise of the Automated Red Team
Derbycon 3.0 2013 - Browser Pivoting (FU2FA)
ShowMeCon 2014 - Hacking To Get Caught: A Concept For Adversary Replication And Penetration Testing
Tom Steele and Dan Kottmann
Defcon 21 - Collaborative Penetration Testing With Lair
DerbyCon 3.0 2013 - Collaborative Penetration Testing With Lair
Tom Steele
ShmooCon 2013 Firetalks - ShellSquid Distributed Shells With Node
Solomon Sonya, Nick Kulesza
Derbycon 3.0 2013 - Exploiting_the_Zeroth_Hour(); Developing your Advanced Persistent Threat to Pwn the Network
Chris Gates and Joe McCray
Shmoocon Epilogue 2013 - The Evolution of Pentesting High Security Environments
Chris Gates and Mubix “Rob” Fuller
DerbyCon 1.0 2011 - The Dirty Little Secrets They Didn't Teach You In Pentesting Class
DerbyCon 2.0 2012 - Dirty Little Secrets Part 2
DerbyCon 3.0 2013 - Windows Attacks: AT is the new black
Rick Redman
DerbyCon 3.0 2013 - Cracking Corporate Passwords – Exploiting Password Policy Weaknesses
Andrew MacPherson and Roelof Temmingh
Black Hat 2013 - Maltego Tungsten As a Collaborative Attack Platform
Shane Macdougall
DerbyCon 3.0 2013 - Practical Osint
Moxie Marlinspike
Blackhat 2010 - New threats to privacy
DerbyCon 1.0 2011 - The Dirty Little Secrets They Didn't Teach You In Pentesting Class
DerbyCon 2.0 2012 - Dirty Little Secrets Part 2
DerbyCon 3.0 2013 - Windows Attacks: AT is the new black
Rick Redman
DerbyCon 3.0 2013 - Cracking Corporate Passwords – Exploiting Password Policy Weaknesses
Andrew MacPherson and Roelof Temmingh
Black Hat 2013 - Maltego Tungsten As a Collaborative Attack Platform
Shane Macdougall
DerbyCon 3.0 2013 - Practical Osint
Dr. Richard Hamming
Bell Communications Research Colloquium Seminar 1995 - You and Your Research
Haroon Meer
Bell Communications Research Colloquium Seminar 1995 - You and Your Research
Haroon Meer
Moxie Marlinspike
Blackhat 2010 - New threats to privacy
Articles and Slides
Wi-Fi
Stefan Viehböck - Brute forcing Wi-Fi Protected Setup
IPv6 Penetration Testing
H. D. Moore - Exploiting tomorrow's internet today: penetration testing with IPv6
Atik Pilihanto - A Complete Guide on IPv6 Attack and Defense
Michael Messner - Pen testing on IPv6 networks: In Through the Back Door
Password Cracking
Rick Redman - Supercharged John the Ripper Techniques
Rick Redman - Cracking Corporate Users' Passwords Made Easy
Miscellaneous
Chris Gates and Joe McCray: Big Bang Theory... The Evolution of Pentesting High Security Environments
Jonathan Brossard - Sandboxing is (the) shit!
Dr. Richard Hamming: Bell Communications Research Colloquium Seminar 1986 - You and Your Research
Defense
Active defense
Active Defense Harbinger Distribution (ADHD) - http://sourceforge.net/projects/adhd/
Project Artillery - https://www.trustedsec.com/downloads/artillery/
HoneyDocs - https://www.honeydocs.com/
Honeywords Project - http://people.csail.mit.edu/rivest/honeywords/
Honeytokens - http://www.symantec.com/connect/articles/honeytokens-other-honeypot
Honeytokens - https://www.auto.tuwien.ac.at/Workshops/dimva05/papers/cenys.pdf
Honeyports - http://pauldotcom.com/2013/08/honeyports-tech-segment-with-p.html
Whitelisting
Whitetrash - http://whitetrash.sourceforge.net/
Penetration testing
Team collaboration tools
Armitage - http://www.fastandeasyhacking.com/
Cobalt Strike - http://www.advancedpentest.com/
Immunity STRATEGIC (CANVAS) - http://www.immunityinc.com/products-strategic.shtml
Splinter - https://github.com/splinterbotnet
Information sharing tools
Dradis - http://dradisframework.org/
Lair - https://github.com/fishnetsecurity/Lair
White Chapel - http://www.room362.com/blog/2013/01/18/intro-to-white-chapel/
Magic Tree - http://www.gremwell.com/what_is_magictree
Information Gathering and Reconnaissance
osintstalker - https://github.com/milo2012/osintstalker
rapportive.py - http://jordan-wright.github.io/blog/2013/10/14/automated-social-engineering-recon-using-rapportive/
Alexa - http://www.alexa.com/
Alexa 1 Million Top-Sites CSV - http://s3.amazonaws.com/alexa-static/top-1m.csv.zip
Scanning and Exploitation
SMBEXEC - https://github.com/pentestgeek/smbexec
Powershell Portscanner - http://webstersprodigy.net/2013/07/01/powershell-portscanner/
Post Exploitation
Post Exploitation Wiki - https://github.com/mubix/post-exploitation-wiki
Poor man's VPN pivoting - http://www.phillips321.co.uk/2013/10/29/poor-mans-vpn-pivot-at-last/
Password Cracking
"Crack Me If You Can" - DEFCON 2010, Korelogic Rules - http://contest-2010.korelogic.com/rules.html
John The Ripper rockyou.chr README - https://www.korelogic.com/Resources/Tools/README-rockyou.txt
John The Ripper rockyou.chr - https://www.korelogic.com/Resources/Tools/rockyou.chr
John The Ripper rockyou-lanman.chr - https://www.korelogic.com/Resources/Tools/rockyou-lanman.chr
Wordlist mode rulesets for use with John the Ripper - http://openwall.info/wiki/john/rules
Free Rainbow Tables - https://www.freerainbowtables.com/
ophcrack - http://ophcrack.sourceforge.net/
Phising
Phishing Frenzy - http://www.pentestgeek.com/2013/11/04/introducing-phishing-frenzy/
Phish5 - https://phish5.com/
Threat Agent - https://www.threatagent.com/
Phishing Simulator - https://secure.tracesecurity.com/index.cfm
Other
Binwalk - https://code.google.com/p/binwalk/
Netzob: Reverse Engineering Communication Protocols - http://www.netzob.org/
Malware
Online checks / sandboxes
VirusTotal - https://www.virustotal.com
Malwr - https://malwr.com/
Cuckoo Sandbox - http://www.cuckoosandbox.org/
Botnets
Russian Underground 101 - http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-russian-underground-101.pdf
A beginner’s guide to building botnets - http://arstechnica.com/security/2013/04/a-beginners-guide-to-building-botnets-with-little-assembly-required/
HOWTOs
Windows 7 / Kali Dualboot with Full Disk Encryption (FDE) - http://0x776b7364.wordpress.com/2013/06/19/windows-7-kali-dualboot-with-full-disk-encryption-fde/Reset Local Administrator Password Using A Different Random String On Each Computer And Recover The Passwords Securely - http://www.sans.org/windows-security/2013/08/01/reset-local-administrator-password-automatically-with-a-different-password-across-the-enterprise
IT security / Pentest job interview questions/stuff
Daniel Miessler's blog post - http://www.danielmiessler.com/study/infosec_interview_questions/Jamie Rougvie's blog - http://jamierougive.co.uk/jobs/interviewing/
Craig Freyman's blog post - http://www.pwnag3.com/2013/12/penetration-testing-interviews-minimum.html
My Information Security Job - http://www.myinfosecjob.com/2010/03/itinformation-security-interview-questions/
Websites
Whispersystems (RedPhone, TextSecure) - https://whispersystems.org/
Abine (DoNotTrachMe, MaskMe) - https://www.abine.com/
Real time honeymaps
HoneyMap - http://map.honeynet.org/
CIRCL map - http://map.circl.lu/
Sicherheitstacho (T-Systems) - http://www.sicherheitstacho.eu/
Blogs/websites of friends/colleges
woFF - http://woff.hu/
NTDSXtract - http://www.ntdsxtract.com/
Soonerorlater - http://www.soonerorlater.hu/
Marcell Major's homepage - http://marcellmajor.com/
Andras Kabai's homepage - http://www.kabaiandras.hu/
Other
Thinkts.com - http://thinkst.com/index.shtml
ConCollector - http://cc.thinkst.com/
Hacker suli - http://hackersuli.appsec.xyz