==== OCI: ==== * https://docs.oracle.com/pt-br/iaas/Content/FreeTier/freetier_topic-Always_Free_Resources.htm ==== Ferramentas úteis: ==== * https://dontpad.com/ (notepad online) * https://www.freenom.com/ - registro domínio free * Mapas mentais: * https://miro.com/ * https://www.mindmeister.com/ - mapas mentais * http://freemind.sourceforge.net/wiki/index.php/Main_Page * https://www.heroku.com/ - Heroku is a cloud platform that lets companies build, deliver, monitor and scale apps — we're the fastest way to go from idea to URL, bypassing all those infrastructure headaches. * https://signaturehound.com/ - Criar assinatura para email * https://www.youtube.com/watch?v=7BKCoooUkKs * https://www.ventoy.net/en/index.html - Ventoy criar um pendrive bootavel com diversas ISOs. * https://www.pnetlab.com/pages/main - The PNETLab Store is the best place to discover and download Lab, you'll deploy on your laptop, PC, Server… * https://excalidraw.com - Excalidraw é uma ferramenta de quadro branco colaborativo virtual que permite esboçar facilmente diagramas que parecem desenhados à mão. * https://www.asustor.com/pt-BR/service/RAID_calculator - Calculadora RAID * https://spotifydown.com/ - download playlist spotify * https://www.zerotier.com/ - ZeroTier is a secure network overlay that allows you to manage all of your network resources as if they were on the same LAN. VPN. * https://dnsviz.net/ - DNSViz is a tool for visualizing the status of a DNS zone. * https://securityheaders.com/ - Security Headers is a part of Probely and was originally created by Scott Helme! It is a free and easy to use tool designed to help you better deploy and understand modern security features that are available for your website. * https://proton.me/pt-br/ - serviço de email ==== Redes: ==== * Meuip: * https://whatismyipaddress.com/ * DNS: Plataforma online: * https://www.buddyns.com/ * https://www.buddyns.com/delegation-lab/ * DNS: Site para checagem de reverso: * https://mxtoolbox.com/IPv6.aspx * https://toolbox.googleapps.com/apps/dig/#PTR/ * https://www.whatsmydns.net/ * http://www.kloth.net/services/nslookup.php * https://viewdns.info/ * https://dnschecker.org/#CNAME/pgd.ifsertao-pe.edu.br * https://dnschecker.org/all-dns-records-of-domain.php?query=pgd.ifsertao-pe.edu.br&rtype=ALL&dns=dnsauth * https://splicenet.com.br/index.php/dns-reverso/?ip=200.133.4.65 * https://www.gugweb.com.br/dns-reverso/ * DNS: Checagem propagação de DNS * https://dnsmid.com/brazil/#google_vignette * https://www.whatsmydns.net/ * https://cachecheck.opendns.com/ * Registro.br * https://registro.br/ajuda/gerenciamento-de-conta/mensagem-de-erro/ * https://registro.br/tecnologia/ferramentas/whois?search=2001:12f0:931::/48 * https://dnsdumpster.com/ - dns recon & research, find & lookup dns records * https://www.uyuni-project.org/ - Gestão de Patchs em Linux * **Estudo Docker:** * https://hub.docker.com * https://labs.play-with-docker.com * https://www.dnsperf.com/ * https://nperf.com/ * https://lookup.icann.org/lookup * https://www.wireshark.org/tools/oui-lookup.html * https://whois.domaintools.com/ * https://hunter.io/ * https://www.shodan.io - Search Engine for the Internet of Everything * https://labs.portcullis.co.uk/tools/enum4linux/ (voltado ao Samba) * https://subinsb.com/default-device-ttl-values/ * https://macvendors.com/ * https://packetlife.net/captures/ - Capturas de wireshark para estudo * https://devnetsandbox.cisco.com - labs cisco e outros, usar CML2 * https://www.keycloak.org/ - Open Source Identity and Access Management * https://lemonldap-ng.org/ - WEB SINGLE SIGN ON AND ACCESS MANAGEMENT FREE SOFTWARE * http://www.gestioip.net/cgi-bin/subnet_calculator.cgi - Calculadora de subrede ipv4/ipv6 * https://sourceforge.net/projects/t50/ - realizar stress tests em redes ou servidores específicos utilizando a técnica de injeção de pacotes * https://radar.qrator.net/ - Qrator.Radar is a BGP monitoring service designed to detect network anomalies that can significantly affect vailability and quality of services at the global routing level. * **Looking Glass**: A ferramenta Looking Glass, ou em uma tradução livre em português "espelho", é muito utilizada por operadores de rede Internet no mundo todo para visualizar suas rotas BGP e prefixos na tabela de roteamento de outros participantes. * https://wiki.brasilpeeringforum.org/w/Looking_Glass * https://lg.ix.br/ * https://openswan.org/ - Cliente vpn ipsec para Linux * https://www.netdeep.com.br/firewall/ - NETDEEP SECURE 3.6 NEXT GENERATION OPEN SOURCE FIREWALL ==== Segurança: ==== * https://www.offsec.com/metasploit-unleashed/ - Curso metasploit free * https://webmii.com/ - buscador de pessoas * https://www.virustotal.com/ * https://sectools.org/tag/sniffers/ * https://sectools.org/tag/wireless/ * http://www.voipmonitor.org/ * Dominio para testes: megacorpone.com * http://www.pentest-standard.org/ * http://www.exploit-db.com/google-hacking-database * https://temp-mail.org/ * https://sitereport.netcraft.com/?url=https://crs.eti.br * https://osintframework.com/ * OSINT framework focused on gathering information from free tools or resources. The intention is to help people find free OSINT resources. Some of the sites included might require registration or offer more data for $$$, but you should be able to get at least a portion of the available information for no cost. * https://openvas.org/ * https://portswigger.net/burp/communitydownload * https://subgraph.com/vega/ * https://securitytrails.com/blog/nikto-website-vulnerability-scanner * Whitewidow - Scanner de vulnerabilidade SQL: https://github.com/WhitewidowScanner/whitewidow * explo - formato de teste de vulnerabilidade da web legível por humanos e por máquina: https://github.com/telekom-security/explo * Blind-Sql-Bitshifting - SQLi cego via bitshifting: https://github.com/awnumar/blind-sql-bitshifting * Leviathan - amplo kit de ferramentas de auditoria em massa: https://github.com/utkusen/leviathan * Referência rápida de injeção de HTML (HIQR) em: https://mutantzombie.github.io/HIQR/hiqr.html * https://securityheaders.com/ * https://www.ssllabs.com/ * http://scanme.nmap.org/ * https://www.youtube.com/c/webpwnized * https://getgophish.com/ * https://www.rapid7.com/db (exploits) * https://www.isecom.org/research.html#content5-9d * www.mitre.org * https://attack.mitre.org/tactics/ * www.securityfocus.com * https://parrotsec.org/ * https://www.kali.org/ * https://blackarch.org/ * https://www.offensive-security.com/metasploit-unleashed/smb-login-check/ * https://github.com/SecureAuthCorp/impacket * https://github.com/laramies/theHarvester * dns_amp.rb - Módulo de varredura DNS - https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/dns/dns_amp.rb * Veja ataque de exaustão de DNS + DHCP em https://digi.ninja/metasploit/dns_dhcp.php * https://pentest-tools.com/ * https://digi.ninja/ * http://www.powershellempire.com/ * www.secureauth.com * https://www.cisecurity.org/ - Cyber-Attack Defense: [[wiki:private:links-teste|CIS]] Benchmarks * https://www.digi77.com/linux-kodachi/ - Kodachi Secury OS. Linux Kodachi operating system is based on Ubuntu 18.04.6 it will provide you with a secure, anti-forensic, and anonymous operating system considering all features that a person who is concerned about privacy would need to have in order to be secure. * https://v.firebog.net/hosts/lists.php - The Big Blocklist Collection: Text-only lists. [**Pode ser usado no external conector do Fortigate**] * The following links will expose the current blocklist URL's in different ways, so that you can add The Firebog's blocklists to your Pi-hole. Please be aware that entries in these lists will take on the same order as the front page (I.E: not appended to the end), as they are automatically scraped from the front page's HTML source. * https://dashboard.shadowserver.org/ - * http://web.clickjacker.io/ - teste vulnerabilidade clickjacking * https://academiadeforensedigital.com.br/sistema-iped-forense/ - IPED Forense: Processador e Indexador de Evidências Digitais * https://academiadeforensedigital.com.br/ferramentas-forenses-gratuitas-top-10/ - TOP 10 Ferramentas Gratuitas em Forense Digital * https://academiadeforensedigital.com.br/ferramenta-distrolinux/ - Distro Linux AFD Ferramenta Gratuita ==== Sites para testes: ==== * https://hack.me/ * http://testphp.vulnweb.com/ * http://testhtml5.vulnweb.com/ * https://www.root-me.org/?lang=en * https://www.hackthissite.org/ * http://demo.testfire.net/ ==== Diagramas: ==== * https://www.lucidchart.com/pages/pt * https://app.diagrams.net/ * https://draw.io ==== Finanças: ==== * https://jumba.com.br/mapa * https://vilela.one/opcoes/? * https://finviz.com/ * https://www.barchart.com/ * https://br.tradingview.com/chart/ * https://www.oceans14.com.br/ * https://www.fundamentus.com.br/ * https://statusinvest.com.br/ * https://fundamentei.com/ * https://www.velotax.com.br/ - calculadora IR * https://www.teletrader.com/ ==== Distros Linux: ==== * https://www.digi77.com/linux-kodachi/ ==== Cibersegurança: ==== * CTF * https://ctftime.org/ — Site com o acompanhamento de eventos de CTFs globais, todo final de semana acontece algum diferente. Você pode criar um time e convidar pessoas de seu interesse ou entrar em um já existente. * https://discord.gg/FxzcvXan - Boitatech, maior comunidade de cibersegurança do Brasil. * https://picoctf.org/ - CTF beginner-friendly 24/7. Vale muito a pena conferir, provavelmente tem write-ups de todos, ou quase todos. * Plataformas * https://overthewire.org/wargames/ - Feijão com arroz de cybersec. * https://tryhackme.com/ - Plataforma super conhecida, com muito conteúdo teórico e prático, 20% de desconto caso voce prove ser estudante. Muita coisa disponível no free-tier. * https://www.hackthebox.com/ - Outra super conhecida, porém com menos foco téorico e mais prático com a exploração de máquinas vulneráveis. * https://hextree.io/ - Plataforma com conteúdo imenso de cybersec. * https://dreamhack.io/ - Outra plataforma para aprender cybersec de uma forma estruturada. * https://blueteamlabs.online/ * Criptografia * https://cryptohack.org/ - Plataforma grátis para aprender criptografia, conteúdo extremamente bom. * https://cryptopals.com/ - Outro site super interessante, mas menos interativo. * Web * https://portswigger.net/web-security - Labs para estudar web . * https://overthewire.org/wargames/natas/ - Overthewire para web. * https://web.dev/ - Conteudo geral sobre web. * https://initg-xss.web.app/ - https://xss-game.appspot.com/ - https://prompt.ml/ - Colecao de exercicios XSS. * Rev * https://pwn.college/ - Ótimo site para aprender tópicos lower-level como Reversa e Exploitação de Binários. * Redes * https://overthewire.org/wargames/bandit/ - Overthewire para pegar a manha no linux. * https://sadservers.com/ - Site legal para treinar habilidades de linux, diversos servidores pra debugar, estilo CTF. * Conteudo geral * https://gitbook.ganeshicmc.com/ * https://www.youtube.com/@GaneshICMC/videos * Exames * https://www.examtopics.com/exams/ - Vendor information for certification