All in One Study Guide for Pentesters and Forensics.Computer and Hacking Forensics Course

Begin Learning Cyber Security for FREE Now!

Already a Member Login Here

Home Forums Courses Computer and Hacking Forensics Course All in One Study Guide for Pentesters and Forensics.

This topic contains 78 replies, has 61 voices, and was last updated by  adianon 2 years, 6 months ago.

Viewing 20 posts - 1 through 20 (of 79 total)
  • Author
  • #11108

    Akash Raghav M


    LAST UPDATED : Monday, 22/06/2015 , 3:20 PM Indian Standard Time

    If you are reading this post then you are probably searching for the Guide Materials ( such as CEH Instructor Slides, Links to other websites for testing your Pentesting skills etc ).

    So i’ve compiled a list of all the Study Guide i found and so i’ve uploaded them to Media Fire for download by you all 😉 ( Kind eh xD? )

    PLEASE NOTE : There are whole lot more guides available, and i’ll update this topic everytime i find new guides. 😉

    All files are 100% Virus Free and i’d suggest you to scan for viruses yourself too just in case. If you find any virus with any guide, please reply below and i’ll upload a new Virus Free version.

    So without any further ado lets go !

    1. CEH Tools :

    1.1. CEH v7 Instructor Slides

    CEH v7 Instructor Slides are 11 PDF Files for you to learn Complete Ethical Hacking or, refer it side by side when learning it from Cybrary. Each file has more than 100 Slides and they also include link to specific tools and softwares for you to use. Size : 170 MB

    1.2. CEH v8 Toolkit ( ISO )

    This is the Disk version of CEH v8 Toolkit. You can find all the tools here.

    2. Pentesting OS :

    2.1. Kali Linux

    Kali Linux, The most powerfull and advanced Pentesting System. Most of you might be familar with else, just visit the link above 😉

    2.2. Parrot Security OS

    Parrot Security OS is one of the known Pentesting OS available. Little has been known about this OS ( to me ) so i’d like your review on this 😉

    2.3. Cyborg Hawk Linux</em

    Cyborg Hawk Linux runs on Ubuntu ( unlike Kali which run on Debain ) and has more features and tools and a sexy little OS. Give it a try !

    2.4. Black Arch Linux

    For those who liked the BlackTrack much, Black Arch Linux offers a similar GUI but with more than 1288 Tools.

    2.5. Arch Assault

    Arch Assault is nice and i havent tried this a long time 😉

    2.6. Back Box Linux

    This OS similar to Cyborg runs on Ubuntu.

    2.7. Pentoo Linux

    Pentoo is a security-focused livecd based on Gentoo It’s basically a gentoo install with lots of customized tools, customized kernel, and much more. Here is a non-exhaustive list of the features currently included: Hardened Kernel with aufs patches, Backported Wifi stack from latest stable kernel release, Module loading support ala slax, Changes saving on usb stick, XFCE4 wm and Cuda/OPENCL cracking support with development tools.
    Pentoo is Gentoo with the pentoo overlay. This overlay is available in layman so all you have to do is layman -L and layman -a pentoo. We have a pentoo/pentoo meta ebuild and multiple pentoo profiles, which will install all the pentoo tools based on USE flags.

    2.8. Caine Linux

    Similar to BackBox, this is also an Italian based distro led NanniBassetti by @NanniBassetti
    CAINE stands for (Computer Aided INvestigative Environment) is an Italian GNU/Linux live distribution created as a project of Digital Forensics. CAINE has a specific focus on digital forensics, so if this is your area the this distro is highly recommended.
    CAINE is configured to help the security expert (digital forensics expert) to exercise the various phases of a digital investigation. A great feature of CAINE is that it includes a semi-automated compilation of a final report, i.e. an audit. Since most security professionals hate doing audit reports this is really a great feature!
    CAINE is completely open source and even has a Windows version called Wintaylor.

    2.9. Matriux Linux

    Matriux is a fully featured security distribution, based on Ubuntu.
    It consists of powerful, free and open source computer forensics and data recovery tools which can be used for forensics analysis and investigation purposes.
    Apart from forensics usages Matriux also provides a wide platform to let security professionals utilize the power of open source to perform day-to-day web application penetration testing and server hardening tasks.
    Matriux is lite and designed to run from a CD / DVD or USB stick or it can easily be installed to your hard disk in a few steps in no time.

    Special Note : Its origin is from India

    2.10. Weak Net Linux

    Weakerth4n has a very well maintained website and a devoted community. Built from Debian Squeeze (Fluxbox within a desktop environment) this operating system is particularly suited for WiFi hacking as it contains plenty of Wireless cracking and hacking tools.
    Tools includes: Wifi attacks, SQL Hacking, Cisco Exploitation, Password Cracking, Web Hacking, Bluetooth, VoIP Hacking, Social Engineering, Information Gathering, Fuzzing Android Hacking, Networking and creating Shells.

    2.11. DEFT

    For all the Computer Forensics Expert out there. This is the tool you need.

    2.12. Node Zero

    Node Zero, another great OS.

    3. Cheat Sheets :

    3.1. Cheat Sheet

    This cheat sheet gives you all the commands you need for any part of Computer Forensic or Pentesting to Hacking.

    3.2. Cheat Sheet #2

    This cheat sheet by pentesting monkey , organizes very well so that you can find out what you are looking for easily. Please note that since all these cheat sheets are old, there is a small possibility that some might not work but always try 😉

    3.3. Metasploit Cheat Sheet

    This cheat sheet, posted by me in this very own forum will help you with Metasploit.

    4. Programming Help :

    4.1. Tutorials Point

    Tutorials Point can help you learning Programming Languages. But i highly recommend you to visit other Links before this as they just explain with single example with a single sentence. So not worth it.

    4.2. W3 Schools can help you learn Programming Language easily and hey, they have their own free online IDE to try it out your self 😉

    4.3. Online IDE

    This link will help you with your programming , as they provide free Online IDE to try your programs. They provide IDE Free for most if not, all of the courses.

    5. Misc. Tools :

    5.1. Ethical Hacking Books List

    Thanks to ZeroSuiteSnake for posting about this Ethical Hacking Book.

    5.2. Hackers Dictionary

    This is the Hackers Dictionary ( as the name says ) and will help you understand a lot of new tersm you will come to know when hacking. Really usefull 😉

    5.3. Advanced Pentesting Lab – Guide

    Thanks to , this will help you to set up your very own advanced pentesting lab !

    5.4. Pentest Tools

    Thanks to Cybrary for this list of Pentesting and Hacking tools and how to use them.

    5.5. HackThisSite

    HackThisSite is a place where you put your learning and knowledge into test by undertaking various missions.

    5.6. WonderHowTo

    Null-Byte of WonderHowTo is an amazing place to learn more about Cyber Security, Hacking, Cracking and Post Exploitation Methods and Tutorials. Im C1BR0X btw , if you are going to put my name if they ask referred by xD.

    6. Pentesting Labs

    6.1 VMWare Workstation

    This Virtualization Lab, will provide you with easy GUI and setup. Its a paid one so buy it if you have $$$.

    6.2 Virtual Box

    Virtual Box was designed by Oracle and is completely open source and free. The best Virtual Host to have.

    7. Vulnerable Distributions

    7.1 Metasploitable

    Its a vulnerable VMware virtual machine based on Ubuntu that is released by the Metasploit team in order to solve your problem in learning the Metasploit framework. It focuses on network-layer vulnerabilities because it contains vulnerable services for you to penetrate.

    7.2 Hackxor

    a web application hacking game built by albino. Players must locate and exploit vulnerabilities to progress through the story wherein you play as a blackhat hacker hired to track down another hacker by any means possible. It contains scripts that are vulnerable to Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Structured Query Language Injection (SQLi), Remote Command Injection (RCE), and many more. This VMware machine runs on Fedora 14.

    SIZE : around 600 MB

    7.3 Kioptrix

    Kioptrix have three VMware images and challenges which require the attacker to have a root access using any technique in order to pawn the image.

    7.4 NETinVM

    A Virtualbox or VMware image that runs a series of a series of User-mode Linux (UML) virtual machines which can be used for learning about systems, networks and security and is developed by Carlos Perez and David Perez.

    7.5 Lamp Security

    A series of vulnerable virtual machine images that are used for teaching and training an individual about the security configurations of a LAMP server. It is also a hacking dojo where you can play CTF’s and contains pages that are vulnerable to SQL Injection and other known web vulnerabilities.

    7.6 Multilidae

    A free and open source web application for website penetration testing and hacking which was developed by Adrian “Irongeek” Crenshaw and Jeremy “webpwnized” Druin. It is designed to be exploitable and vulnerable and ideal for practicing your Web Fu skills like SQL injection, cross site scripting, HTML injection, Javascript injection, clickjacking, local file inclusion, authentication bypass methods, remote code execution and many more based on OWASP (Open Web Application Security) Top 10 Web Vulnerabilties.

    7.7 Webgoat

    An OWASP project and a deliberately insecure J2EE web application designed to teach web application security lessons and concepts. What’s cool about this web application is that it lets users demonstrate their understanding of a security issue by exploiting a real vulnerability in the application in each lesson.

    7.8 DVWA

    (Dam Vulnerable Web Application) – This vulnerable PHP/MySQL web application is one of the famous web applications used for testing your skills in web penetration testing and your knowledge in manual SQL Injection, XSS, Blind SQL Injection, etc. DVWA is developed by Ryan Dewhurst a.k.a ethicalhack3r and is part of RandomStorm OpenSource project

    7.9 SQLol

    Is a configurable SQL injection testbed which allows you to exploit SQLI (Structured Query Language Injection) flaws, but furthermore allows a large amount of control over the manifestation of the flaw. This application was released at Austin Hackers Association meeting 0x3f by Daniel “unicornFurnace” Crowley of Trustwave Holdings, Inc. – Spider Labs.

    7.10 Bodgeit

    Is an open source and vulnerable web application which is currently aimed at people who are new to web penetration testing. It is easy to install and requires java and a servlet engine, e.g. Tomcat. It includes vulnerabilities like Cross Site Scripting, SQL injection, Hidden (but unprotected) content, Debug Code, Cross Site Request Forgery, Insecure Object References, and Application logic vulnerabilities.

    7.11 Exploit KB

    Vulnerable Web App – is one of the most famous vulnerable web app designed as a learning platform to test various SQL injection Techniques and it is a functional web site with a content management system based on fckeditor. This web application is also included in the BackTrack Linux 5r2-PenTesting Edition lab.

    7.12 Wacko Picko

    Is a vulnerable web application written by Adam Doupé. It contains known and common vulnerabilities for you to harness your web penetration skills and knowledge like XSS vulnerabilities, SQL injections, command-line injections, sessionID vulnerabilities, file inclusions, parameters manipulation, Reflected XSS Behind JavaScript, Logic Flaw, Reflected XSS Behind a Flash Form, and Weak usernames or passwords.

    Please note that, this topic will be constantly updated once a week. All the above links are not used for advertising but rather a guide as i’ve been struggling to find a topic that can help me find what i need.

    If you have any queries or complaints please reply below 😉



    Akash Raghav M

    Feel free to suggest anything you find interesting out there that you want me to add in this topic.

    — xMidnightSnowx


    Akash Raghav M

    13. Pwn Wiki

    Thanks to m0wgli for this share, is a collection TTPs (tools, tactics, and procedures) for what to do after access has been gained.


    — xMidnightSnowx

    • This reply was modified 5 years, 1 month ago by  Akash Raghav M. Reason: Update

    Akash Raghav M



    Akash Raghav M


    Thanks to Will , there is also another Pentesting Linux Distro called : Cyborg.

    Cyborg Linux Distro

    For its reference :

    Cyborg Linux Distro Reference

    — xMidnightSnowx



    Thank you.



    damn dude thanks for this


    Akash Raghav M

    To everyone :
    Your welcome 😉




    Let’s not forget about the blackarch distro



    Wow! Thanks xMidnightSnowx for all the info!


    Akash Raghav M

    @glariful Sure, I’ll add that sorry for late response 😉



    Benjamin Cardy

    Wow, another great post by Midnight, thanks very much 🙂



    Thanks for the updations!



    lots of info thanks Midnight One of the great learning assets of this site is its forums



    Along with Cyborg hawk ( great distro )

    May i recommend Parrot OS from ParrotSEC, Reminds me of Kali on steroids with a more elaborate GUI


    Akash Raghav M

    Yea I saw Parrot OS , I din’t want to put it in this list before I tried so that’s y xD.

    — xMidnightSnowx



    Thanks for share all with us!


    Akash Raghav M

    Next update will be done in few hours with more links and study materials.

    All the topics I have posted so far will be updated once in a week.

    — xMidnightSnowx



    This is exact;y what i have been looking for for the last 3 months.
    Thanks for the share



    Thanks for the info !

Viewing 20 posts - 1 through 20 (of 79 total)

You must be logged in to reply to this topic.

Our Revolution

We believe Cyber Security training should accessible for everyone, everywhere. Everyone deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is the world's largest community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

We recommend always using caution when following any link

Are you sure you want to continue?