For fun or profit.

• Metasploit Post Exploitation Command List

• Obscure Systems (AIX, Embeded, etc) Post-Exploit Command List.

• OSX Post-Exploitation.

• Windows Post-Exploitation Command List.

• Linux/Unix/BSD Post-Exploitation Command List.

grep word f1

sort | uniq -c

diff f1 f2

find -size f1

zcat f1 > f2

gzip -d file

bzip2 -d f1

tar -xvf file

nc localhost 30000

echo 4wcYUJFw0k0XLShlDzztnTBHiqxU3b3e | nc localhost 30000

openssl s_client -connect localhost:30001 -quiet

nmap -p 31000-32000 localhost

telnet localhost 3000

• Static code security analyzers: SonarQube (Javascript scanner), NodeJsScan.
• Package dependency security analyzers: Snyk
• Docker image security analyzers: Hadolint, Clair, Anchore
• AWS IAM permission analyzers: IAM access advisor APIs, PMapper.
• AWS S3 permission analyzers: s3audit.
• Docker runtime anomaly detection: Falco.
• Kubernetes policy security analyzers: RBAC.
• Policy auditing tools: Rakkess.

• Bulletproof SSL and TLS
• Reversing: Secrets of Reverse Engineering
• The Art of Memory Forensics
• The C Programming Language
• The Unix Programming Environment
• UNIX Network Programming
• Threat Modeling: Designing for Security
• The Tangled Web
• The Art of Exploitation
• The Art of Software Security Assessment
• Practical Packet Analysis
• Gray Hat Python
• Black Hat Python
• Violent Python
• Shellcoders Handbook
• Practice Malware Analysis

• Continuous security.
• How to not get hacked.

• Spam Nation
• The Art of Intrusion
• This Machine Kills Secrets

• Krebs Series on how to be in InfoSec: Thomas Ptacek, Bruce Schneier, Charlie Miller
• How to be a InfoSec Geek
• My Blog

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. When making a reference to my work, please use my website.