Additional Resources
Table of contents
Please support this book: buy it (PDF, EPUB, MOBI)

Additional Resources

Starting with the 30,000’ View

Rating of Threats

OWASP Threat Analysis

OWASP Ranking of Threats

Tooling Setup

Kali Linux package version tracking is useful for seeing what versions of tools are currently in the distribution.

TP-LINK TL-WN722N USB Wireless Adapter

  1. ath9k_htc Debian Module
  2. VirtualBox information around setting up the TL-WN722N
  3. TP-LINK TL-WN722N wiki
  4. Loading and unloading Linux Kernel Modules
  5. Kernel Module Blacklisting


Useful Intelligence Gathering resource

NMap Idle Scan and Decoy Host

Idle Scan docs

Man page is very good

NMap Script Categories

NMap Scripting Engine

The Hacker Playbook 2 has a good example of how to use recon-ng

Useful New Zealand Web Resources for reconnaissance
Finding details on people:
Finding details on companies:

Firejail tips

Insight on where Qubes is going

The Operating System That Can Protect You even when you get hacked

Offensive Exploitation tooling setup
For the Black Hat in a potentially hostile environment, one example of a machine configuration might be:
on top of

OpenSSL Heartbleed and Apples Goto Fail could have been prevented if (S)TDD was used. Check out Mike Bland’s excellent study and POC

BSIMM has some good guidance on security testing

NodeGoat Regression Testing with Zap

Essentials for Creating and Maintaining a High Performance Development Team

How to Increase Software Developer Productivity

Pair Programming Metrics from Fog Creek


Morale, Productivity and Engagement Killers: An excellent resource around motivation can be found in Chapter 11 of Steve McConnell’s excellent “Rapid Development” book.

Presentation I performed at AgileNZ 2014 around increasing developer productivity

Social Engineer website has a plethora of excellent resources.

Creating a Custom Wordlist with Crunch

Creating wordlists with crunch v3.0

How to Use CUPP to Generate Password Lists

Creating a Custom Wordlist with CeWL

Target specific automated dictionary generation with WordHound

WordHound souce code

Hydra source code

Medusa documentation

SMSspoofing information

Vishing scams under the heading “Examples”

The Social Engineer’s Playbook by Jeremiah Talamantes has a collection of Vishing plays near the end of the book.

Phishing scams under the heading “Here are a few social engineering scams executed via phishing”

The Social Engineer’s Playbook by Jeremiah Talamantes has a collection of spear phishing plays near the end of the book.

USB Rubber Ducky Home

Rubber Ducky resources!

Rubber Ducky on github

Rubber Ducky manual

Rubber Ducky tutorials

Ducky on hak5darren

Ducky on midnitesnake

Online ducky toolkit

Comunity payloads for ducky

Simple-Ducky on google code
Moving to github

Social Engineering Toolkit website, under Teensy USB HID Attack Vector has good information on using this device as a penetration testing tool

The following books have been influential for me and the content from the People chapter should reflect that. They are very insightful and well worth the investment.

Tips on preparing for and carrying out exit interviews

Next: Attributions