Attack Database

记录一下优秀的 Attack 数据集，方便查找使用。

MITRE ATT&CK

Description: Attack Framework, especially for APT, i.e. TTP

Link: https://attack.mitre.org/

PTES

Description: Penatration Test Guidance

Link: http://www.pentest-standard.org/index.php/PTES_Technical_Guidelines

Automated Tools List

Paper: Understanding Hackers’ Work

Link: https://dl.acm.org/doi/pdf/10.1145/3611643.3613900

Resources from NIST

Description: Official ~~（挂掉了好多hhh）~~

Methodologies	URL
Information Design Assurance Red Team (IDART)	http://www.idart.sandia.gov/
NIST SP 800-53A, Guide for Assessing the Security Controls in Federal Information Systems	http://csrc.nist.gov/publications/PubsSPs.html
National Security Agency (NSA) Information Assessment Methodology (IAM)	http://www.nsa.gov/ia/industry/education/iam.cfm?MenuID=10.2.4.2
Open Source Security Testing Methodology Manual (OSSTMM)	http://www.isecom.org/osstmm/
Open Web Application Security Project (OWASP) Testing Project	http://www.owasp.org/index.php/Category:OWASP_Testing_Project
ToolSet	URL
BackTrack (Linux live distribution)	http://www.remote-exploit.org/backtrack.html
Extra – Knoppix (Linux live distribution)	http://www.knopper.net/knoppix-mirrors/index-en.html
F.I.R.E. (Linux live distribution)	http://fire.dmzs.com/
Helix (Linux live distribution)	http://www.e-fense.com/helix/
INSERT Rescue Security Toolkit (Linux live distribution)	http://www.inside-security.de/insert_en.html
Knoppix Security Tools Distribution (STD) (Linux live distribution)	http://s-t-d.org/download.html
nUbuntu (Linux live distribution)	http://www.nubuntu.org/downloads.php
Operator (Linux live distribution)	http://www.ussysadmin.com/operator/
PHLAK (Linux live distribution)	http://sourceforge.net/projects/phlakproject/
Top 125 Network Security Tools	http://sectools.org/
Vulnerability Information	URL
Common Configuration Enumeration (CCE)	http://cce.mitre.org/
Common Vulnerabilities and Exposures (CVE)	http://cve.mitre.org/
Common Weakness Enumeration (CWE)	http://cwe.mitre.org/
French Security Incident Response Team (FrSIRT)	http://www.frsirt.com/english/
iDefense Lab’s Public Advisories List	http://labs.idefense.com/intelligence/vulnerabilities/
milw0rm	http://www.milw0rm.com/
National Vulnerability Database (NVD)	http://nvd.nist.gov/
Neohapsis Archives	http://archives.neohapsis.com/
Open Source Vulnerability Database	http://www.osvdb.org/
Open Web Application Security Project (OWASP) Vulnerabilities	http://www.owasp.org/index.php/Category:Vulnerability
Secunia Advisories	http://secunia.com/advisories/
SecurityFocus Vulnerabilities	http://www.securityfocus.com/vulnerabilities
SecurityTracker	http://www.securitytracker.com/
Secwatch’s Vulnerability Archive	http://secwatch.org/advisories/
The Hacker’s Choice (THC)	http://freeworld.thc.org/
United States Computer Emergency Readiness Team (US-CERT) Vulnerability Notes Database	http://www.kb.cert.org/vuls
Wireless Vulnerabilities and Exploits (WVE)	http://www.wirelessve.org/

OWASP-SourceCodeAnalysisTools

Description: 白盒代码审计工具 + 取证分析工具

Link: https://owasp.org/www-community/Source_Code_Analysis_Tools

Web Application List

Description: web application list with language and star number

From: share/ppt/BlackHat USA 2024

看起来很有用的 list，感谢 jianjun老师和相应团队的分享

Airz's Blog

I haven't read it yet, but I bet it's a lot.