Peerlyst ha publicado una lista de Lista (sic) de Cheet Sheets (Hojas de trucos) de aplicaciones y guías de seguridad.

La lista es extensa y brinda una idea sobre la cantidad de información abierta que podemos encontrar sobre cualquier tema relacionado a la seguridad de la informacion.

General

• Mobile Application Penetration Testing Cheat Sheet
• Python Penetration Testing Cheet Sheet
• Pentesting‍
• XSS Vectors - SQL Injection and Cookie Stealing - xss vectors‍ cookie stealing‍
• Penetration testing tools - https://highon.coffee/blog/penetration-testing-tools-cheat-sheet/#port-scanning
• Penetration testing & exploit development - https://imgur.com/Mr9pvq9
• Printer - security testing - http://hacking-printers.net/wiki/index.php/Printer_Security_Testing_Cheat_Sheet
• Nmap (Printable, 2013): https://pen-testing.sans.org/blog/2013/10/08/nmap-cheat-sheet-1-0/
• Nmap (Not printable, date unknown): https://hackertarget.com/nmap-cheatsheet-a-quick-reference-guide/
• Nmap 5(older version, not printable): https://nmapcookbook.blogspot.lu/2010/02/nmap-cheat-sheet.html
• Nmap 5 (older version, printable) http://www.cheat-sheets.org/saved-copy/Nmap5.cheatsheet.eng.v1.pdf
• cobalt strike beacon‍ - https://github.com/HarmJ0y/CheatSheets/blob/master/Beacon.pdf
• Java-Deserialization‍ - https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet
• Metasploit - https://www.tunnelsup.com/metasploit-cheat-sheet/
• Another Metasploit: http://resources.infosecinstitute.com/metasploit-cheat-sheet/
• Powerupsql - https://github.com/NetSPI/PowerUpSQL/wiki/PowerUpSQL-CheatSheet
• Scapy - https://pen-testing.sans.org/blog/2016/04/05/scapy-cheat-sheet-from-sans-sec560#
• HTTP status codes‍ http://suso.suso.org/docs/infosheets/HTTP_status_codes.gif - HTTP‍
• Beacon - https://github.com/HarmJ0y/CheatSheets/blob/master/Beacon.pdf
• Powershellempire - https://github.com/HarmJ0y/CheatSheets/blob/master/Empire.pdf
• Powersploit - https://github.com/HarmJ0y/CheatSheets/blob/master/PowerSploit.pdf
• PowerUp https://github.com/HarmJ0y/CheatSheets/blob/master/PowerUp.pdf
• Powerview - https://github.com/HarmJ0y/CheatSheets/blob/master/PowerView.pdf
• Vim‍ https://people.csail.mit.edu/vgod/vim/vim-cheat-sheet-en.pdf
• Attack Surface Analysis - attack surface analysis‍
• XSS Filter Evasion - XSS filter evasion‍
• REST Assessment - REST assessment‍ api security‍
• Web Application Security Testing - web application testing‍
• Android Testing - android security‍
• IOS Developer - iOS internals‍
• Mobile Jailbreaking - mobile jailbreaking‍
• sql injection‍ https://www.veracode.com/security/sql-injection
• MYSQL - SQL - injection - http://pentestmonkey.net/cheat-sheet/sql-injection/mysql-sql-injection-cheat-sheet
• Password cracking: https://www.unix-ninja.com/p/A_cheat-sheet_for_password_crackers
• SSL - manual - testing: http://www.exploresecurity.com/wp-content/uploads/custom/SSL_manual_cheatsheet.html
• Python - python‍
• OWASP Webapp checklist owasp‍ Owasp webapp checklist‍
• AIXBuild‍ https://github.com/jshaw87/Cheatsheets/blob/master/Cheatsheet_AIXBuild.txt
• AVBypass‍ with Veil https://github.com/jshaw87/Cheatsheets/blob/master/Cheatsheet_AVBypass.txt
• Bash - Scripting - https://github.com/jshaw87/Cheatsheets/blob/master/Cheatsheet_BashScripting.txt
• IKEScan for aggresive mode - IKEScan‍ aggressive mode‍
• LinuxPrivilegeEsc - Linux privilege escalation‍
• VOIP - https://github.com/jshaw87/Cheatsheets/blob/master/Cheatsheet_VOIP.txt
• Wireless Testing https://github.com/jshaw87/Cheatsheets/blob/master/Cheatsheet_WirelessTesting.txt - wireless testing‍
• CEH Cheat Sheet Exercises - CEH exercises‍
• Meterpreter Cheat Sheet - meterpreter tips‍
• netcat - netcat tips‍
• Nessus NMAP Commands - Tenable Nessus‍ NMAP commands‍
• NMap Mindmap Reference - mindmap‍
• NMap Quick Reference Guide - nmap‍
• Reconnaissance Reference Sheet - reconnaissance‍
• Tripwire Common Security Exploit-Vuln Matrix
• Linux - Bourne Shell Quick Reference.pdf - Bourne Shell‍
• Linux - Quick Reference Card.pdf - linux‍
• Linux - Shell Cheat Sheet.pdf
• Linux - Shell Scrip Cheat Sheet.pdf
• Linux - tcpdump.pdf
• Penetration Testing - Penetration Testing Framework (vulnerabilityassessment.co.uk) - penetration testing framework‍

Password cracking cheat sheets

• Password - cracking: https://www.unix-ninja.com/p/A_cheat-sheet_for_password_crackers

Forensics cheat sheets

• master boot record‍, guid partition table‍, NTFS‍ volume boot record‍, Master file table record‍, standard information attribute, $Attribute list attribute, $file name attribute, and more forensics‍ posters/cheat sheets: https://github.com/Invoke-IR/ForensicPosters
• Mounting DD Images https://sift.readthedocs.io/en/latest/cheatsheet/
• XP only - old https://www.sans.org/media/score/checklists/ID-Windows.pdf
• https://www.sans.org/media/score/checklists/ID-Linux.pdf
• https://github.com/Invoke-IR/ForensicPosters - forensics posters‍
• Regex / PCRE - https://github.com/niklongstone/regular-expression-cheat-sheet

CISO, blue team, Sysadmin and webadmin cheat sheets

• CSP - cheat sheet - https://scotthelme.co.uk/csp-cheat-sheet/#require-sri-for (via Scott Helme‍)
• HSTS Cheat Sheet - HSTS‍
• HPKP Cheat Sheet - HPKP‍
• HTTPS Cheat Sheet - HTTPS‍
• Performance Cheat Sheet - HTTPS performance‍
• HTTP Status codes http://suso.suso.org/docs/infosheets/HTTP_status_codes.gif
• The windows - logging Cheat Sheet https://www.malwarearchaeology.com/s/Windows-Logging-Cheat-Sheet_ver_Oct_2016.pdf
• The Windows Splunk Logging Cheat Sheet - Splunk logging‍
• The Windows File Auditing Logging Cheat Sheet - file auditing logging‍
• The Windows Registry Auditing Logging Cheat Sheet - registry auditing logging‍
• The Windows PowerShell Logging Cheat Sheet - powershell logging‍
• Curl HTTP https://bagder.github.io/curl-cheat-sheet/http-sheet.html
• Virtual Patching - virtual patching‍
• Cloud - Control Matrix (CCM) https://cloudsecurityalliance.org/group/cloud-controls-matrix/
• Antivirus Event Analysis (what types of AV alerts should you worry about and why)
• CiscoIOS https://github.com/jshaw87/Cheatsheets/blob/master/Cheatsheet_CiscoIOS.txt
• GPG - https://github.com/jshaw87/Cheatsheets/blob/master/Cheatsheet_GPG.txt
• Regex / PCRE‍ https://github.com/niklongstone/regular-expression-cheat-sheet
• Security Onion - http://chrissanders.org/2017/06/security-onion-cheat-sheet/
• Linux Security Quick Reference Guide - linux security‍
• IP Tables - iptables‍
• TCPDump - tcpdump‍
• Wireshark Filters - wireshark filters‍
• IP Access Lists
• Common Ports - common ports‍
• netcat
• Linux Admin Quick Reference
• Crontab Reference
• Networking - Border Gateway Protocol.pdf - BGP‍ border gateway protocol‍
• Networking - Cisco IOS IPv4 Access Lists.pdf
• Networking - Cisco IOS Versions.pdf
• Networking - Common TCP-UDP Ports.pdf
• Networking - EIGRP (Enhanced Interior Gateway Routing Protocol).pdf
• Networking - First Hop (Router) Redundancy.pdf
• Networking - Frame Mode MPLS.pdf
• Networking - IEEE 802.11 WirelessLAN.pdf
• Networking - IEEE 802.1X Authentication.pdf
• Networking - IPsec.pdf
• Networking - IPv4 Multicast.pdf
• Networking - IPv4_Subnetting.pdf
• Networking - IPv6.pdf
• Networking - IS-IS.pdf
• Networking - NAT.pdf
• Networking - OSPF.pdf
• Networking - Physical Terminations.pdf
• Networking - PPP.pdf
• Networking - QoS.pdf
• Networking - Spanning Tree.pdf
• Networking - TCPIP.pdf
• Networking - VLANs.pdf
• Networking - Wireshark Display Filters.pdf
• VMware - Reference Card.pdf

Threat hunting

• Intrusion Discovery Cheat Sheet for Windows
• Intrusion Discovery Cheat Sheet for Linux
• https://www.sans.org/media/score/checklists/ID-Windows.pdf
• https://www.sans.org/media/score/checklists/ID-Linux.pdf
• Regex https://github.com/niklongstone/regular-expression-cheat-sheet

Malware analysis and reverse engineering:

• Malware analysis: http://r00ted.com/cheat%20sheet%20reverse%20v5.png
• ADB: https://github.com/maldroid/adb_cheatsheet
• GDB vs windbg - https://twitter.com/it4sec/status/828159963654668288/photo/1
• REMNUX distro: https://zeltser.com/media/docs/remnux-malware-analysis-tips.pdf
• IDAPro: https://securedorg.github.io/idacheatsheet.html
• Regex https://github.com/niklongstone/regular-expression-cheat-sheet

Developers/Builders

• 3rd Party Javascript Management
• Access Control
• AJAX Security Cheat Sheet
• Authentication (ES)
• Bean Validation Cheat Sheet
• Choosing and Using Security Questions
• Clickjacking Defense
• C-Based Toolchain Hardening
• Credential Stuffing Prevention Cheat Sheet
• Cross-Site Request Forgery (CSRF) Prevention
• Cryptographic Storage
• Deserialization
• DOM based XSS Prevention
• Forgot Password
• HTML5 Security
• HTTP Strict Transport Security
• Injection Prevention Cheat Sheet
• Input Validation
• JAAS
• LDAP Injection Prevention
• Logging
• Mass Assignment Cheat Sheet
• .NET Security
• OWASP Top Ten
• Password Storage
• Pinning
• Query Parameterization
• Ruby on Rails
• REST Security
• Session Management
• SAML Security
• SQL Injection Prevention
• Transaction Authorization
• Transport Layer Protection
• Unvalidated Redirects and Forwards
• User Privacy Protection
• Web Service Security
• XSS (Cross Site Scripting) Prevention
• XML External Entity (XXE) Prevention Cheat Sheet
• Python
• Linux Commands Reference Card
• One page Linux Manual
• Unix Tool Box
• Treebeard’s Unix Cheat Sheet
• Terminal Shortcuts
• More Terminal Shortcuts
• Useful Gnome/KDE shortcuts
• KDE Cheat Sheet
• Vi Cheat Sheet
• Concise Vim Cheat Sheet
• awk nawk and gawk cheat sheet
• Sed Stream Editor Cheat Sheet
• Screen Quick Reference
• Screen Terminal Emulator Cheat Sheet
• Vi/Vim Cheat Sheet
• Ubuntu Cheat Sheet
• Debian Cheat Sheet
• HTML - Markdown.pdf
• MAC - OSX Key Combo Reference Guide.pdf
• SQL - MySQL Commands.pdf
  

OWASP Cheat-Sheets

• Application Security Architecture
• Business Logic Security
• Command Injection Defense Cheat Sheet
• PHP Security
• Regular Expression Security Cheatsheet
• Secure Coding
• Secure SDLC
• Threat Modeling
• Grails Secure Code Review
• IOS Application Security Testing
• Key Management
• Insecure Direct Object Reference Prevention
• Content Security Policy