I was cleaning out my bookmarks, de-cluttering twitter favourites and closing a few tabs. Re-saw a few 'hidden gems' as well as repeating finding links for people, so I thought I would try and 'dump' them all in one place.
These are roughly sorted, if you're wanting something better - I highly recommend having a look at the pentest-bookmarks.
This list will be updated from time to time!
Programming & Coding
[Bash] Advanced Bash-Scripting Guide - http://tldp.org/LDP/abs/html/
[Bash] Bash shell scripting tutorial - http://steve-parker.org/sh/sh.shtml
[Bash] Bourne Shell Reference - http://linuxreviews.org/beginner/bash_GNU_Bourne-Again_SHell_Reference/
[CheatSheet] Scripting Languages: PHP, Perl, Python, Ruby - http://hyperpolyglot.org/scripting
[Tip] Forcing Scripts to Run as root - http://bashshell.net/shell-scripts/forcing-scripts-to-run-as-root/
[Tip] HTML5 Security Cheat Sheet - https://www.owasp.org/index.php/HTML5_Security_Cheat_Sheet
[Regex] Learn Regex The Hard Way (ALPHA) - http://regex.learncodethehardway.org
File Include (Local & Remote)
[LFI] When All You Can Do Is Read - http://www.digininja.org/blog/when_all_you_can_do_is_read.php
[LFI] Local File Inclusion – Tricks of the Trade - http://labs.neohapsis.com/2008/07/21/local-file-inclusion-%E2%80%93-tricks-of-the-trade/
[LFI] LFI with phpinfo Assistance- http://www.insomniasec.com/publications/LFI%20With%20PHPInfo%20Assistance.pdf
[LFI] Exploiting PHP File Inclusion Overview - https://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/
http://www.0x50sec.org/how-to-exploit-local-file-inclusion-vulnerability/
https://foro.undersecurity.net/read.php?15,3768
http://www.ush.it/2008/08/18/lfi2rce-local-file-inclusion-to-remote-code-execution-advanced-exploitation-proc-shortcuts/
http://www.brianhaddock.com/2011/gaining-shell-access-via-local-file-inclusion-vulnerabilities
http://www.enye-sec.org/en/papers/web_vuln-en.txt
http://labs.neohapsis.com/2008/07/21/local-file-inclusion-%E2%80%93-tricks-of-the-trade/
WarGames / CTF / Challenges
[Challenges] The Ksplice Pointer Challenge - http://blogs.oracle.com/ksplice/
[Forensics] iAWACS 2011 Forensics challenge - http://cvo-lab.blogspot.com/2011/05/iawacs-2011-forensics-challenge.html
[CTF] Index Of / - http://ftp.hackerdom.ru/ctf-images/
[Forensics] Test Images and Forensic Challenges - http://www.forensicfocus.com/images-and-challenges
[WarGames] Pentest lab vulnerable servers-applications list - http://r00tsec.blogspot.com/2011/02/pentest-lab-vulnerable-servers.html
[WarGames] Practices for a Hacker (WarGames) - http://jhyx4life.blogspot.com/2007/02/practicas-para-un-hacker-wargames.html (English)
[Challenges] OWASP iGoat Project - https://www.owasp.org/index.php/OWASP_iGoat_Project
[Challenges] Can you crack it? - http://canyoucrackit.co.uk
[WarGames] Vanilla Dome Wargame - https://sm0k.org/dojo/vanilla.php
[CTF] Index Of / - http://repo.shell-storm.org/CTF/
[Boot2Root] Exploit-Exercises - http://exploit-exercises.com
[WarGames] try2hack - http://try2hack.nl
[Fuzzing] Resources - http://www.vdalabs.com/tools/efs_gpf.html
[Web] Web Application Vulnerability Scanner Evaluation Project - https://code.google.com/p/wavsep/
[Web] SQL Injection and Filter Evasion Challenge - http://www.modsecurity.org/demo/
[Walkthrough] preCON CTF Walkthrough - http://amolnaik4.blogspot.com/2011/12/clubhack-precon-ctf-walkthrough.html
[Walkthough] Rooting Kioptrix Level 1 in an Organized Fashion - http://securityjuggernaut.blogspot.com/2011/10/rooting-kioptrix-level-1-in-organized.html?spref=tw
http://pentest.cryptocity.net/capture-the-flag/
[Forensics] Forensic Challenge 8 - "Malware Reverse Engineering" - https://www.honeynet.org/node/668
[Collection] List of CTFs - http://x86overflow.blogspot.com/p/ctfs.html
http://www.hackfest.ca/en/hacking-games/anciens-jeux
Exploit Development (Programs)
[Download] Old Version Downloads - http://www.oldapps.com
[Download] Oldversions of Windows, Mac, Linux Software & Abandonware Games - http://www.oldversion.com
[Download] Exploit Database Search - http://www.exploit-db.com/search/
Kernel
[Linux] Index of Documentation for People Interested in Writing and/orUnderstanding the Linux Kernel. - http://jungla.dit.upm.es/~jmseyas/linux/kernel/hackers-docs.html
[PDF] From Browser To Kernel Exploitation - http://ensiwiki.ensimag.fr/images/6/61/SecurIMAG-2011-11-17-teach-a_long_way_from_browser_vulnerability_to_kernel_exploitation.pdf
[PDF] Introduction to Linux Kernel 2.6. How to write a Rootkit - https://info.fs.tum.de/images/2/21/2011-01-19-kernel-hacking.pdf
Offensive Security's Pentesting With BackTrack (PWB) Course
[Pre-course] Corelan Team - http://www.corelan.be
[Pre-course] The Penetration Testing Execution Standard - http://www.pentest-standard.org/index.php/Main_Page
[Hash] NTLM Decrypter - http://www.md5decrypter.co.uk/ntlm-decrypt.aspx
[Hash] reverse hash search and calculator - http://goog.li
[Tip] Ash's mental thoughts going into the OSCP exam - http://security.crudtastic.com/?p=213
Misc
[RSS] Open Penetration Testing Bookmarks Collection - https://code.google.com/p/pentest-bookmarks/downloads/list
[ExploitDev] Data mining Backtrack 4 for buffer overflow return addresses - http://insidetrust.blogspot.com/2010/12/data-mining-backtrack-4-for-buffer.html
[DIY] Repair a Broken Ethernet Plug - http://www.instructables.com/id/Repair-a-Broken-Ethernet-Plug/step5/Make-its-Head-Thin/
[Desktop] Ubuntu Security - http://ubuntuforums.org/showthread.php?t=510812
http://www.blackhat.com/presentations/bh-europe-05/BH_EU_05-Long.pdf
http://www.packetstan.com/2011/03/nbns-spoofing-on-your-way-to-world.html
http://dsecrg.blogspot.com/search/label/SMBRelay%20bible
http://www.ivizsecurity.com/blog/web-application-security/testing-flash-applications-pen-tester-guide/
http://sghctoma.extra.hu/index.php?p=entry&id=18
http://www.anti-forensics.com/beat-encase-file-signature-analysis-on-a-windows-system
https://blogs.msdn.com/themes/blogs/generic/post.aspx?WeblogApp=oldnewthing&y=2011&m=09&d=21&WeblogPostID=10214405&GroupKeys=
http://tuts4you.com/download.php?view.3216
http://tuts4you.com/download.php?list.17
http://portal.b-at-s.net/download.php
http://journeyintoir.blogspot.com/2011/09/building-timelines-tools-usage.html
http://quequero.org/uicwiki/index.php?diff=12753&oldid=prev&title=Carberp_Reverse_Engineering
https://code.google.com/p/findmyhash/downloads/list
http://www.contextis.com/research/blog/reverseproxybypass/
https://nealpoole.com/blog/2011/10/java-applet-same-origin-policy-bypass-via-http-redirect/
http://git.or.cz/course/svn.html
http://grandstreamdreams.blogspot.com/2012/01/wipies-part-ii-full-coverage-cleaning.html
http://blog.9bplus.com/quickly-summarizing-pcaps
[PDF] GPG Guide for Secure Communications - https://s3.amazonaws.com/access.3cdn.net/61181827185c940f93_45m6i2j28.pdf
Advanced DLL Injection - http://syprog.blogspot.com/2011/11/advanced-dll-injection.html
A pure python web based disassembler - http://pyms86.appspot.com/
[Guide] Extracting Malicious Flash Objects from PDFs Using SWF Mastah - http://blog.zeltser.com/post/12615013257/extracting-swf-from-pdf-using-swf-mastah
Tech Humour
[TechHumor] Title - https://www.xkcd.com
http://www.geeksaresexy.net/2009/09/01/a-hidden-gem-in-html/
http://bobby-tables.com/
http://theoatmeal.com/
http://www.cad-comic.com/
Malware
[Program] A malware identification and classification tool - https://code.google.com/p/yara-project/
[Samples] Base of malware packages - http://malwares.pl/index.php?dir=
[Samples] A Collection of Web Backdoors & Shells - http://contagiodump.blogspot.com/2010/03/collection-of-web-backdoors-shells-from.html
[BootKit] Bootkit Threat Evolution in 2011 - http://blog.eset.com/2012/01/03/bootkit-threat-evolution-in-2011-2
[Analysis] Deconstructing the Black Hole Exploit Kit - http://blog.imperva.com/2011/12/deconstructing-the-black-hole-exploit-kit.html
[OSX] Inside a Modern Mac Trojan - https://krebsonsecurity.com/2011/09/inside-a-modern-mac-trojan/
[Analysis] Deobfuscating malicious code layer http://pandalabs.pandasecurity.com/deobfuscating-malicious-code-layer-by-layer/
[Collection] Debuggers Anti-Attaching Techniques - Part 1 - http://waleedassar.blogspot.com/2011/12/debuggers-anti-attaching-techniques.html
Exploit Development
[Guides] Corelan Team - http://www.corelan.be
[Guide] From 0x90 to 0x4c454554, a journey into exploitation. - http://myne-us.blogspot.com/2010/08/from-0x90-to-0x4c454554-journey-into.html
[Guide] An Introduction to Fuzzing: Using fuzzers (SPIKE) to find vulnerabilities - http://resources.infosecinstitute.com/intro-to-fuzzing/
[Video] TiGa's Video Tutorial Series on IDA Pro - http://www.woodmann.com/TiGa/idaseries.html
[Guide] Advanced Windows Buffer Overflows - http://labs.snort.org/awbo/
[Guide] Stack Based Windows Buffer Overflow Tutorial - http://grey-corner.blogspot.com/2010/01/beginning-stack-based-buffer-overflow.htmlt
[Guide] SEH Stack Based Windows Buffer Overflow Tutorial - http://grey-corner.blogspot.com/2010/01/seh-stack-based-windows-buffer-overflow.html
[Guide] Windows Buffer Overflow Tutorial: Dealing with Character Translation - http://grey-corner.blogspot.com/2010/01/windows-buffer-overflow-tutorial.html
[Guide] Heap Spray Exploit Tutorial: Internet Explorer Use After Free Aurora Vulnerability< - http://grey-corner.blogspot.com/2010/01/heap-spray-exploit-tutorial-internet.html
[Guide] Windows Buffer Overflow Tutorial: An Egghunter and a Conditional Jump - http://grey-corner.blogspot.com/2010/02/windows-buffer-overflow-tutorial.html
[Collection] Linux exploit development part 1 – Stack overflow. - http://sickness.tor.hu/?p=363
[Video] Athcon / Hack In Paris Demo 2 - https://www.youtube.com/watch?v=klXFqtYR5Mg
[Mona] Exploit Development with mona.py - http://amolnaik4.blogspot.com/2011/06/exploit-development-with-monapy.html
[Theory] Stack frame layout on x86-64 - http://eli.thegreenplace.net/2011/09/06/stack-frame-layout-on-x86-64
[Challenge] Helping Developers Understand Security - http://spotthevuln.com
[Guides] Exploit Writing Tutorials - http://www.corelan.be/index.php/category/security/exploit-writing-tutorials/
[Guide] Breaking MailEnable 2.34: A lesson in security featuring Metasploit, Immunity Debugger, and mona.py - http://volatile-minds.blogspot.com/2011/07/breaking-mailenable-234-lesson-in.html
[Web] Finding 0days in Web Applications - http://www.exploit-db.com/finding-0days-in-web-applications/
[Windows] Offensive Security Exploit Weekend - http://www.corelan.be/index.php/2010/11/13/offensive-security-exploit-weekend/
[Windows] From vulnerability to exploit under 5 min - http://0entropy.blogspot.com/2011/02/from-vulnerability-to-exploit-under-5.html
[Windows] Remote control manager FAIL - http://www.skullsecurity.org/blog/2011/remote-control-manager-fail
[Guide] Heap Overflows For Humans 102.5 - http://net-ninja.net/blog/?p=952
[Guide] Analyzing CVE-2011-2462 - Part Three - http://blog.9bplus.com/analyzing-cve-2011-2462-part-three
[Guide] A Textbook Buffer Overflow: A Look at the FreeBSD telnetd Code - http://thexploit.com/secdev/a-textbook-buffer-overflow-a-look-at-the-freebsd-telnetd-code/
[Guide] Egghunter Exploitation Tutorial - http://resources.infosecinstitute.com/buffer-overflow-vulnserver/
Exploit Development (Patch Analysis)
[Windows] A deeper look at MS11-058 - http://www.skullsecurity.org/blog/2011/a-deeper-look-at-ms11-058
[Windows] Patch Analysis for MS11-058 - https://community.qualys.com/blogs/securitylabs/2011/08/23/patch-analysis-for-ms11-058
[Windows] CVE-2011-1281: A story of a Windows CSRSS Privilege Escalation vulnerability - http://j00ru.vexillium.org/?p=893
[Mobile] Analyzing and dissecting Android applications for security defects and vulnerabilities - https://www.net-security.org/article.php?id=1613
Exploit Development (Reserve Energising)
[Guide] Exploiting Adobe Flash Player on Windows 7 - http://www.abysssec.com/blog/2011/04/18/exploiting-adobe-flash-player-on-windows-7/
[Guide] Heap Spraying Adobe: exploiting collab.collectemailinfo() - http://dreamofareverseengineer.blogspot.com/2011/07/heap-spraying-adobe-exploiting.html
[Guide] Intro. To Reversing - W32Pinkslipbot - http://blog.opensecurityresearch.com/2011/12/intro-to-reversing-w32pinkslipbot.html
[Guide] Decrypting iPhone Apps - https://www.sensepost.com/blog/6254.html
Databases
[Exploits] SHODAN Exploits - http://www.shodanhq.com/exploits
Executing commands in MySQL with it’s running privilege - http://0x80.org/blog/?p=298
Basic Linux
[Tip] Linux 101: Useful Commands - http://www.codedrunk.com/2011/09/linux-101-useful-commands.html
[Tip] Linux Directory Structure Explained - http://www.codedrunk.com/2011/09/linux-directory-structure-explained.html
[Remote] Tips for Remote Unix Work (SSH, screen, And VNC) http://shebang.brandonmintern.com/tips-for-remote-unix-work-ssh-screen-and-vnc
Exploit Development (Metasploit Wishlist)
[ExplotDev] Metasploit Exploits Wishlist ! - http://esploit.blogspot.com/2011/03/metasploit-exploits-wishlist.html
[Guide] Porting Exploits To Metasploit Part 1 - http://www.securitytube.net/video/2118
[Guide] Want to get your feet wet? Start here. - https://github.com/rapid7/metasploit-framework/wiki/Contributing-to-Metasploit
[Guide] MonaSploit - https://community.rapid7.com/community/solutions/metasploit/blog/2011/10/11/monasploit
[WishList] Top 50 Exploits - https://dev.metasploit.com/redmine/projects/framework/wiki/Exploit_Todo
[WishList] Metasploit Framework Wishlist - http://cosine-security.blogspot.com/2011/02/metasploit-framework-wishlist.html
Passwords & Rainbow Tables (WPA) & Wordlists
[RSS] Title - http://ob-security.info/?p=475
[RSS] Title - http://nakedsecurity.sophos.com/2011/06/14/the-top-10-passcodes-you-should-never-use-on-your-iphone/
[RSS] Title - http://www.troyhunt.com/2011/06/brief-sony-password-analysis.html
[WPA] Offensive Security: WPA Rainbow Tables - http://www.offensive-security.com/wpa-tables/
[Wiki] The Password Project - http://thepasswordproject.com/
[Tool] Ultra High Security Password Generator - https://www.grc.com/passwords.htm
[Tool] John the Ripper config generator - https://sites.google.com/site/reusablesec2/jtrconfiggenerator
[Guide] Creating effective dictionaries for password attacks - http://insidetrust.blogspot.com/2010/07/creating-effective-dictionaries-for.html
[Leaked] Diccionarios con Passwords de Sitios Expuestos - http://www.dragonjar.org/diccionarios-con-passwords-de-sitios-expuestos.xhtml
[Download] Index of / - http://svn.isdpodcast.com/wordlists/
[Guide] Using Wikipedia as brute forcing dictionary - http://lab.lonerunners.net/blog/using-wikipedia-as-brute-forcing-dictionary
[Tool] CeWL - Custom Word List generator - http://www.digininja.org/projects/cewl.php
[Download] Title - http://www.aircrack-ng.org/doku.php?id=faq#where_can_i_find_good_wordlists
[Leaked] Passwords - http://www.skullsecurity.org/wiki/index.php/Passwords
[Tools] password analysis and cracking kit - http://thesprawl.org/projects/pack/
[Tools] crunch - http://sourceforge.net/projects/crunch-wordlist/
Anti-Virus
[Metasploit] Facts and myths about antivirus evasion with Metasploit - http://schierlm.users.sourceforge.net/avevasion.html
[Terms] Methods of bypassing Anti-Virus (AV) Detection - NetCat - http://compsec.org/security/index.php/anti-virus/283-anti-virus-central-methods-of-bypassing-anti-virus-av-detection.html
Web Based Attacks
[Burp] Hacking Web Authentication – Part 1 - http://resources.infosecinstitute.com/authentication-hacking-pt1/
[Guide] Liferay Portlet Shell - http://www.insinuator.net/2011/12/liferay-portlet-shell/
http://www.justanotherhacker.com/2011/12/writing-a-stealth-web-shell.html
http://www.justanotherhacker.com/2011/05/htaccess-based-attacks.html
SQL Injection
[Tip] Best damn quick tips for a total SQL injection newbie (period) - http://unconciousmind.blogspot.com/2011/09/quick-tips-for-total-sql-injection.html
Clickjacking
[Presentation] Clickjacking For Shells - http://www.morningstarsecurity.com/research/clickjacking-wordpress
Privilege Escalation
[Linux] Hacking Linux Part I: Privilege Escalation - http://www.dankalia.com/tutor/01005/0100501004.htm
[Windows] Windows 7 UAC whitelist - http://www.pretentiousname.com/misc/win7_uac_whitelist2.html
[Windows] Windows Privilege Escalation Part 1: Local Administrator Privileges - http://www.netspi.com/blog/2009/10/05/windows-privilege-escalation-part-1-local-administrator-privileges/
[TTY] Post-Exploitation Without A TTY - http://pentestmonkey.net/blog/post-exploitation-without-a-tty
[UAC] Windows 7 UAC whitelist:Proof-of-concept source code - http://www.pretentiousname.com/misc/W7E_Source/win7_uac_poc_details.html
[UAC] Bypass Windows 7 x86/x64 UAC Fully Patched – Meterpreter Module - http://www.secmaniac.com/blog/2011/01/01/bypass-windows-uac/
[Program] windows-privesc-check - http://code.google.com/p/windows-privesc-check/
Local Security
[Hashs] Recovering Hashes from Domain Controller - http://www.hackfest.ca/?p=659
[Hashs] Get Domain Admins (GDA) - https://github.com/nullbind/Other-Projects/tree/master/GDA
[Windows] Step-by-step guide to installing TrueCrypt and encrypting Windows XP system partition - http://www.securitybeacon.com/?p=673
[OSX] Inside Mac OS X 10.7 Lion: File Vault full disk encryption and cloud key storage - http://www.appleinsider.com/articles/11/02/28/inside_mac_os_x_10_7_lion_file_vault_full_disk_encryption_and_cloud_key_storage/
[Linux] Home directory and full disk encryption in Ubuntu 11.04 - http://www.linuxbsdos.com/2011/05/09/home-directory-and-full-disk-encryption-in-ubuntu-11-04/
[BackUp] Unison File Synchronizer:Liberation through Data Replication - http://www.stanford.edu/~pgbovine/unison_guide.htm
Metasploit
[Guide] fxsst.dll persistence: the evil fax machine - http://www.room362.com/blog/2011/6/27/fxsstdll-persistence-the-evil-fax-machine.html
[Guide] Bypassing DEP/ASLR in browser exploits with McAfee and Symantec - http://www.scriptjunkie.us/2011/08/custom-payloads-in-metasploit-4/
[Guides] Metasploit Unleashed - http://www.offensive-security.com/metasploit-unleashed/Metasploit_Unleashed_Information_Security_Training
[Guides] Metasploit Megaprimer (Exploitation Basics And Need For Metasploit) Part 1 - http://www.securitytube.net/video/1175
[Downloads] Metasploit Password Modules - http://securityxploded.com/metasploit-password-modules.php
[Guide] Process Injection Outside of Metasploit - http://carnal0wnage.attackresearch.com/2011/07/process-injection-outside-of-metasploit.html
[Guide] Path of Least Resistance - http://www.fishnetsecurity.com/blogs/?p=250
[Plugin] New Meterpreter Extension Released: MSFMap Beta - http://blog.securestate.com/post/2012/01/06/New-Meterpreter-Extension-Released-MSFMap-Beta.aspx
[Tip] Metasploit and PTES - https://community.rapid7.com/community/solutions/metasploit/blog/2011/12/02/metasploit-and-ptes
[Tip] Running MultiplePost Modules - http://www.darkoperator.com/blog/2011/12/16/running-multiplepost-modules.html
Cross Site Scripting (XSS)
[Guide] vbSEO – From XSS to Reverse PHP Shell - http://www.exploit-db.com/vbseo-from-xss-to-reverse-php-shell/
[XSS] XSS Rays - http://www.thespanner.co.uk/2009/03/25/xss-rays/
[XSS] How I Almost Won Pwn2Own via XSS - http://jon.oberheide.org/blog/2011/03/07/how-i-almost-won-pwn2own-via-xss/
[XSS] JS-less XSS Using HTML Injection to hijack accounts without JavaScript. - http://skeletonscribe.blogspot.com/2011/05/js-less-xss.html
[XSS] XSS Illustrated (for masses) - http://unconciousmind.blogspot.com/2011/09/xss-illustrated.html
[XSS] Cookie Grabbing using XSS - http://www.pentester.co.in/2011/10/cookie-grabbing-using-xss.html