A list of random resources

Blogs and Pentesting notes from peeps in the community

• Pentest tips and resources by Lisandre

• Nate's blog

• The Mayor Pentesting notes on Notion

• Hacktricks by Carlos Polop

• Pentest Monkey

• Pentesting bible - Ammar Amer

• Blog 0dayslab

Cryptography

• CyberChef

Lists and mindmaps

• A lot of mindmaps inforsec related - Aman Hardikar

Mobile App

• Android Application Testing Using Windows 11 and Windows Subsystem for Android

Tools

• AERoot is a command line tool that allows you to give the root privileges on-the-fly to any process running on the Android emulator with Google Play flavors AVDs.

Code Review

• How to Analyze Code for Vulnerabilities - Vickie Lee

Passwords

Default Passwords

When you find a login it is always worth to check and see if you can login using default credentials. You can find some default password here:

• Passwords - CIRT

• Default Password

• Default Passwords - Data recovery

Weak and Leaked Passwords

There are plenty of lists with weak or leaked passwords that are worth trying for an engagement

• The section passwords of the very famous SecLists

• The Leaked Databases section of the very famous SecLists

• List of password on skull security

Online Passwords crackers

• Cisco Password Cracker

Practice

API

• vAPI is Vulnerable Adversely Programmed Interface

• VAmPI - The Vulnerable API (Based on OpenAPI 3)

Mobile App

• Reverse Engineering iOS Applications

Graphql

• Damn Vulnerable Graphql Application

Web Apps

• Pentest-Ground