Here’s a list of resources I regularly use when doing CTFs, listed in no particular order.
- HackTricks - A site that lists (nearly) everything you need for pentesting a particular service.
- Pentestmonkey Cheatsheets - A handy list of cheatsheets for SQL injections, reverse shells, etc.
- PayloadsAllTheThings - A huge list of payloads for nearly everything you can think of, by swisskyrepo on Github.
- Active Directory Exploitation Cheatsheet - A (pretty) big list of things that you can do to exploit Active Directory, by S1ckB0y1337 on Github.
- GTFOBins - A list of legitimate *nix binaries that can be exploited under the right circumstances.
- LOLBAS - A list of legitimate Windows executables that can be exploited under the right circumstances.
- IppSec.Rocks - A searchable list of IppSec videos.
- SecLists - A very useful collection of wordlists for fuzzing or dictionary attacks, by danielmiessler on Github.
- Upgrading to Full Interactive TTY using Python - I do this on every non-interactive *nix reverse shell I catch (of course, python needs to be installed).