Recommended Links

This page is just a collection of links to great content that I can easily reference.  I will try to keep it updated and hopefully others will find it useful:
     *Metasploit Unleashed
          Excellent tutorial by Offensive Security on the basics of using Metasploit.

     *Hash-Dumping Techniques
          Series from Bernardo Damele AG on all known NT/LM hash dumping methods.

     *Hacking Oracle
          Six-part series from Chris Gates on methods of getting shell through Oracle.

     *Post-Exploitation Techniques
          Mubix has organized several great post-exploitation resources on Google Docs.

     *Getting Started with PowerShell
          SynJunkie goes through a quick introduction to PowerShell.

     *PowerShell Basics and the Environment
          Carlos Perez does a great job introducing security pros to PowerShell!

      *Exploit Writing Tutorials
          The Corelan Team has put together great tutorials on exploitation which are regularly referenced (or stolen) in most exploit writing classes.

      *Secrets of PowerShell Remoting
          This guide to using PowerShell remotely is extremely detailed and has already been updated several times by Don Jones.  Download the zip and check it out.

Technical Posts and Tools
     *Keyboard Pattern Password Generation
          Excellent post by d3ad0ne about keyboard patterns and a script to help crack them.

     *Injecting Shellcode with PowerShell
          Great way to use PowerShell to bypass application whitelisting and AV by Matt Graeber.

     *How Metasploit Generates Payloads
          Scriptjunkie discusses how payload generation works and the comments references a great AV bypass.

     *Excel Exercises in Style
          Didier Stevens does a lot of great research, but I have heavily used this macro on engagements.
     *Command-line Tips and Tricks
          This is actually another link page on the Command Line Kung Fu blog but its really helpful.

     *How to Collect Passwords
          Mark Burnett lists several ways to compile an effective password dictionary.

Articles and Opinion Posts
     *Facts and Myths about Meterpreter AV Evasion
          Mihi scientifically explains AV evasion with meterpreter payloads.
     *Certifications don't make you a penetration tester
          A common debate from some people who know.

     *Maximizing Value in Pen Testing
          A good writeup on report writing and focus on business value for pen testers by Ed Skoudis.

     *What to do with the local Administrator account?
          A discussion about the risk associated with different Local Admin password strategies.

Infosec Humor
     *How to get anyone's IP Address by NextGenHacker101
          Over a million views on youtube.
     *You Should Work for Symantec
          We have all had a conversation like this.

          A short talk about language inconsistencies.

     *Even Bill Gates has to pray to the Demo gods
          Bill Gates getting a BSOD is still funny.

     *How to Become an Infosec Rockstar
          Lean how you can become a Infosec Rockstar (Hint: not a good thing).