All In One Study Guide For Pentesters And Forensics. 2

to progress through the story wherein you play as a blackhat hacker hired to track down another hacker by any means possible. It contains scripts that are vulnerable to Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Structured Query Language Injection (SQLi), Remote Command Injection (RCE), and many more. This VMware machine runs on Fedora 14. SIZE : around 600 MB 7.3 [Kioptrix](https://www.kioptrix.com/blog/test-page/)Kioptrix have three VMware images and challenges which require the attacker to have a root access using any technique in order to pawn the image. 7.4 [NETinVM](http://informatica.uv.es/~carlos/docencia/netinvm/#id7)A Virtualbox or VMware image that runs a series of a series of User-mode Linux (UML) virtual machines which can be used for learning about systems, networks and security and is developed by Carlos Perez and David Perez. 7.5 [Lamp Security](http://sourceforge.net/projects/lampsecurity/)A series of vulnerable virtual machine images that are used for teaching and training an individual about the security configurations of a LAMP server. It is also a hacking dojo where you can play CTF’s and contains pages that are vulnerable to SQL Injection and other known web vulnerabilities. 7.6 [Multilidae](http://sourceforge.net/projects/mutillidae/)A free and open source web application for website penetration testing and hacking which was developed by Adrian “Irongeek” Crenshaw and Jeremy “webpwnized” Druin. It is designed to be exploitable and vulnerable and ideal for practicing your Web Fu skills like SQL injection, cross site scripting, HTML injection, Javascript injection, clickjacking, local file inclusion, authentication bypass methods, remote code execution and many more based on OWASP (Open Web Application Security) Top 10 Web Vulnerabilties. 7.7 [Webgoat](https://code.google.com/p/webgoat/)An OWASP project and a deliberately insecure J2EE web application designed to teach web application security lessons and concepts. What’s cool about this web application is that it lets users demonstrate their understanding of a security issue by exploiting a real vulnerability in the application in each lesson. 7.8 [DVWA](http://www.dvwa.co.uk/)(Dam Vulnerable Web Application) – This vulnerable PHP/MySQL web application is one of the famous web applications used for testing your skills in web penetration testing and your knowledge in manual SQL Injection, XSS, Blind SQL Injection, etc. DVWA is developed by Ryan Dewhurst a.k.a ethicalhack3r and is part of RandomStorm OpenSource project 7.9 [SQLol](https://github.com/SpiderLabs/SQLol)Is a configurable SQL injection testbed which allows you to exploit SQLI (Structured Query Language Injection) flaws, but furthermore allows a large amount of control over the manifestation of the flaw. This application was released at Austin Hackers Association meeting 0x3f by Daniel “unicornFurnace” Crowley of Trustwave Holdings, Inc. – Spider Labs. 7.10 [Bodgeit](https://code.google.com/p/bodgeit/) Is an open source and vulnerable web application which is currently aimed at people who are new to web penetration testing. It is easy to install and requires java and a servlet engine, e.g. Tomcat. It includes vulnerabilities like Cross Site Scripting, SQL injection, Hidden (but unprotected) content, Debug Code, Cross Site Request Forgery, Insecure Object References, and Application logic vulnerabilities. 7.11 [Exploit KB](http://exploit.co.il/projects/vuln-web-app/)Vulnerable Web App – is one of the most famous vulnerable web app designed as a learning platform to test various SQL injection Techniques and it is a functional web site with a content management system based on fckeditor. This web application is also included in the BackTrack Linux 5r2-PenTesting Edition lab. 7.12 [Wacko Picko](https://github.com/adamdoupe/WackoPicko)Is a vulnerable web application written by Adam Doupé. It contains known and common vulnerabilities for you to harness your web penetration skills and knowledge like XSS vulnerabilities, SQL injections, command-line injections, sessionID vulnerabilities, file inclusions, parameters manipulation, Reflected XSS Behind JavaScript, Logic Flaw, Reflected XSS Behind a Flash Form, and Weak usernames or passwords. **Please note that, this topic will be constantly updated once a week. All the above links are not used for advertising but rather a guide as i've been struggling to find a topic that can help me find what i need.**If you have any queries or complaints please reply below ;) --xMidnightSnowx **UPDATED !**Edit Log : Added Virtualization Tools Category Added Vulnerable Applications Category Added More Guides / Links -- xMidnightSnowx Weekly Update #2 Great list of resources. Thanks for taking the time to create. Awesome! Thank you very much for sharing this. Thank you I appreciate this; I also use google and search for flash cards, this one was helpful. http://www.cram.com/flashcards/ceh-exam-2463559 Thanks for the updates xMidnightSnowx... Great job ... good idea to combine everything in 1 post. You can also add TAILS OS to your list . An entire OS that aims to preserve your privacy and anonymity. ^\_^ thnx buddy :) Thanks for the info Thanks just thanks Sure ill add them in coming update. -- xMidnightSnowx Dear xMidnightSnowx, Please share Cyber Forensic related books and tools for beginners. thanks buddy great collection out their :) appreciated i like it Another cool distribution is [SIFT](http://digital-forensics.sans.org/community/downloads) from SANS Security, is based on Ubuntu. thanks bulkathos... happy to share with us. thanks for sharing @xmidnightsnowx thanks man, Thaks Wow!! helps a lot mate, many thanks MidnightSnow. This is an awesome collection! Thanks for sharing. Thank you Here's a link to [CEH digital flashcards on Quizlet.com](https://quizlet.com/40937332/ceh-flash-cards/)This site has tons of digital flash cards for studying a variety of topics. People create sets of cards and share them. You can sign up for a free account or you can use it without registering Nice list - thank you! Thanks Well, nothing to say just Thank You!! Btw if i found any material i know where i can post it Awesome!! Thanks :D newbee in IT security .do i get CEH tookits free download links ?... Thanks for all Thanks for sharing. Thanks for the post! What a great clearinghouse of reference material all in one place! @xMidnightSnow Thanks. any of these tools best for embedded system (connected device - IoT) pen testing? I'd like to suggest a helpful book to supplement the tools listed in this thread: Guide to Computer Forensics & Investigations, 5th edition by by Bill Nelson and Amelia Phillips. I began my Computer Forensics studies w/the 4th edition of this book and found it to be very comprehensive. The disc it came with includes lots of useful tools: practice exercises from the chapters, and eval/freeware tools, including the free version of FTK. Thanks, all. I think this should be in there. Awesome tool for training/ CTF.. https://github.com/OWASP/SecurityShepherd cheers! Thanks for this wonderful information. Good materials. Thank you! This is a great resource cool stuff, you saved a lot of time for us Can't believe I just saw this...**excellent** post, and many thanks!! :) bloopie Thanks for sharing. Thank you for the info, good post Thanks This is an excellent list. I am going to come back to this! Now a days cybersecurity plays a very important role This is great information. good job! Thanks for the information. I will check it out when get a chance!! Great info, thanks for sharing. ? That was graat Tks Nice. Hello can you suggest a seperate tutorial on parrot os