Learning the Skills

NameDescription
BadBinaries.coma simple opendir full of quality docs and notes on a variety of security topics; good walkthroughs on malware trafic analysis and sysadmin stuff.
CS 642: Intro to Computer Securityacademic content, full semester course, includes assigned readings, homework and github refs for exploit examples. NO VIDEO LECTURES.
Cybrarycoursera style website, lots of user-contributed content, account required, content can be filtered by experience level
Free cyber security trainingAcademic content, 8 full courses with videos from a quirky instructor sam, links to research, defcon materials and other recommended training/learning
Interactive labs with White Hat Academy32 labs, easy account sign in with github credentials; this is no longer free content
Hak5podcast-style videos covering various topics, has a forum, “metasploit-minute” video series could be useful
Learning Exploitation with Offensive Computer Security 2.0blog-style instruction, includes: slides, videos, homework, discussion. No login required.
Mind MapsInformation Security related Mind Maps
MIT OCW 6.858 Computer Systems Securityacademic content, well organized, full-semester course, includes assigned readings, lectures, videos, required lab files.
OffensiveComputerSecurityacademic content, full semester course including 27 lecture videos with slides and assign readings
OWASP top 10 web security risksfree courseware, requires account
SecurityTubetube-styled content, “megaprimer” videos covering various topics, no readable content on site.
Seed Labsacademic content, well organized, featuring lab videos, tasks, needed code files, and recommended readings

YouTube Channels

NameDescription
0patch by ACROS Securityfew videos, very short, specific to 0patch
BlackHatfeatures talks from the BlackHat conferences around the world
Christiaan008hosts a variety of videos on various security topics, disorganized
Companies
Detectifyvery short videos, aimed at showing how to use Detictify scanner
Hak5see Hak5 above
Kaspersky Lablots of Kaspersky promos, some hidden cybersecurity gems
Metasploitcollection of medium length metasploit demos, ~25minutes each, instructional
ntopnetwork monitoring, packet analysis, instructional
nVisiumSome nVisum promos, a handful of instructional series on Rails vulns and web hacking
OpenNSMnetwork analysis, lots of TCPDUMP videos, instructional,
OWASPsee OWASP above
Rapid7brief videos, promotional/instructional, ~ 5 minutes
Securelistbrief videos, interviews discussing various cyber security topics
Segment Securitypromo videos, non-instructional
SocialEngineerOrgpodcast-style, instructional, lengthy content ~1 hr each
Sonatypelots of random videos, a good cluster of DevOps related content, large range of lengths, disorganized
SophosLabslots of brief, news-style content, “7 Deadly IT Sins” segment is of note
Sourcefirelots of brief videos covering topics like botnets, DDoS ~5 minutes each
Station Xhandful of brief videos, disorganized, unscheduled content updates
Synackrandom, news-style videos, disorganized, non-instructional
TippingPoint Zero Day Initiativevery brief videos ~30 sec, somewhat instructional
Tripwire, Inc.some tripwire demos, and random news-style videos, non-instructional
Vincent Yiuhandful of videos from a single hacker, instructional
Conferences
44contvin
MIT OCW 6.858 Computer Systems SecurityInformation security con based in London, lengthy instructional videos
BruCON Security Conferencesecurity and hacker conference based in b\Belgium, lots of lengthy instructinoal videos
BSides Manchestersecurity and hacker con based in Mancheseter, lots of lengthy videos
BSidesAugustasecurity con based in Augusta, Georgia, lots of lengthy instructional videos
CarolinaConsecurity con based in North Carolina, associated with various 2600 chapters, lots of lengthy instructional content
Cort Johnsona handful of lengthy con-style talks from Hack Secure Opensec 2017
DevSecConlenghty con videos covering DevSecOps, making software more secure
Garage4Hackers – Information Securitya handful of lengthy videos, About section lacks description
HACKADAYlots of random tech content, not strictly infosec, some instructional
Hack In The Box Security Conferencelengthy con-style instructional talks from an international security con
Hack in Parissecurity con based in paris, features lots of instructional talks, slides can be difficult to see.
Hacklulots of lengthy con-style instructional videos
Hacktivitylots of lengthy con-style instructional videos from a con in central/eastern europe
Hardwear.iohandful of lengthy con-style video, emphasis on hardware hacks
IEEE Symposium on Security and Privacycontent from the symposium; IEEE is a professional association based in the us, they also publish various journals
LASCONlengthy con-style talks from an OWASP con held in Austin, TX
Marcus Niemietzlots of instructional content, associated with HACKPRA, an offensive security course from an institute in Germany
Media.ccc.deThe real official channel of the chaos computer club, operated by the CCC VOC – tons of lengthy con-style vids
NorthSeclengthy con-style talks from an applied security conference in Canada
Pancake Nopcodechannel of Radare2 whiz Sergi “pancake” Alvarez, Reverse Engineering Content
Psiinonmedium length instructional videos, for the OWASP Zed Attack Proxy
SJSU Infosechandful of lengthy instructional videos from San Jose State university Infosec
Secappdev.orgtons of lengthy instructional lectures on Secure App Development
Security Festmedium length con-style talks from a security festival in Sweden
SecurityTubeConsan assortment of con-style talks from various cons including BlackHat and Shmoocon
ToorConhandful of medium length con videos from con based in San Diego, CA
USENIX Enigma Conferencemedium length “round table discussion with leading experts”, content starts in 2016
News
0x41414141Channel with couple challenges, well explained
Adrian Crenshawlots of lengthy con-style talks
Corey Nachreinersecurity newsbites, 2.7K subscribers, 2-3 videos a week, no set schedule
BalCCon – Balkan Computer CongressLong con-style talks from the Balkan Computer Congress, doesn’t update regularly
danooct1lots of brief screenshot, how-to vids regarding malware, regular content updates, 186K followerss
DedSeclots of brief screenshot how-to vids based in Kali, no recent posts.
DEFCON Conferencelots of lengthy con-style vids from the iconical DEFCON
DemmSeclots of pen testing vids, somewhat irregular uploads, 44K followers
Derek Rook – CTF/Boot2root/wargames Walkthroughlots of lengthy screenshot instructional vids, with
Don Does 30amateur pen-tester posting lots of brief screenshot vids regularly, 9K Followers
Error 404 Cyber Newsshort screen-shot videos with loud metal, no dialog, bi-weekly
Geeks Fort – KIFlots of brief screenshot vids, no recent posts
GynvaelENSecurity streams from Google Researcher. Mainly about CTFs, computer security, programing and similar things.
HackerSploitregular posts, medium length screenshot vids, with dialog
HACKING TUTORIALShandful of brief screenshot vids, no recent posts.
iExplo1tlots of screenshot vids aimed at novices, 5.7K Followers, no recent posts
JackkTutorialslots of medium length instructional vids with some AskMe vids from the youtuber
Latest Hacking News10K followers, medium length screenshot videos, no recent releases
LionSeclots of brief screenshot instructional vids, no dialog
LiveOverflowLots of brief-to-medium instructional vids, covering things like buffer overflows and exploit writing, regular posts.
Metasploitationlots of screenshot vids, little to no dialogue, all about using Metasploit, no recent vids.
NetSecNowchannel of pentesteruniversity.org, seems to post once a month, screenshot instructional vids
Open SecurityTraininglots of lengthy lecture-style vids, no recent posts, but quality info.
Pentester Academy TVlots of brief videos, very regular posting, up to +8 a week
Penetration Testing in LinuxDELETE
rwbnetseclots of medium length instructional videos covering tools from Kali 2.0, no recent posts.
Samy Kamkar’s Applied Hackingbrief to medium length instructional vids from the creator of PoisonTap for the Raspberry Pi Zero, no recent content, last updated in 2016
SecureNinjaTVbrief news bites, irregular posting, 18K followers
Security Weeklyregular updates, lengthy podcast-style interviews with industry pros
Seytonicvariety of DIY hacking tutorials, hardware hacks, regular updates
Shozab Haxorlots of screenshot style instructional vids, regular updates, windows CLI tutorial
SSTec Tutorialslots of brief screenshot vids, regular updates
Tradecraft Security WeeklyWant to learn about all of the latest security tools and techniques?
Troy Huntlone youtuber, medium length news videos, 16K followers, regular content
Waleed Juttlots of brief screenshot vids covering web security and game programming
webpwnizedlots of brief screenshot vids, some CTF walkthroughs
Zer0Mem0rylots of brief c++ security videos, programming intensive
LionSeclots of brief screenshot instructional vids, no dialog
Adrian Crenshawlots of lengthy con-style talks
HackerSploitregular posts, medium length screenshot vids, with dialog
Derek Rook – CTF/Boot2root/wargames Walkthroughlots of lengthy screenshot instructional vids, with
Tradecraft Security WeeklyWant to learn about all of the latest security tools and techniques?
IPPSecHackthebox.eu retired machine vulnerable machine walkthroughs to help you learn both basic and advanced processes and techniques

Sharpening Your Skills

NameDescription
Backdoorpen testing labs that have a space for beginners, a practice arena and various competitions, account required
The cryptopals crypto challengesA bunch of CTF challenges, all focused on cryptography.
Challenge LandCtf site with a twist, no simple sign-up, you have to solve a challengeto even get that far!
Crackmes.de Archive (2011-2015)a reverse engineering information Repo, started in 2003
Crackmes.oneThis is a simple place where you can download crackmes to improve your reverse engineering skills.
CTFLearnan account-based ctf site, where users can go in and solve a range of challenges
CTFs write-upsa collection of writeups from various CTFs, organized by
CTF365account based ctf site, awarded by Kaspersky, MIT, T-Mobile
The enigma groupweb application security training, account based, video tutorials
Exploit exerciseshosts 5 fulnerable virtual machines for you to attack, no account required
Google CTF 2017Source code of Google 2017 CTF
Google CTF 20182018 edition of the Google CTF contest
Google’s XSS gameXSS challenges, and potentially a chance to get paid!
Hack The BoxPen testing labs hosting over 39 vulnerable machines with two additional added every month
Hacker testsimilar to “hackthissite”, no account required.
Hacker Gatewayctfs covering steganography, cryptography, and web challengs, account required
Hacksplaininga clickthrough security informational site, very good for beginners.
hackburger.eehosts a number of web hacking challenges, account required
Hack.melets you build/host/attack vulnerable web apps
Hack this site!an oldy but goodie, account required, users start at low levels and progress in difficulty
knock.xss.moeXSS challenges, account required.
Lin.securityPractice your Linux privilege escalation
noe.systemsKorean challenge site, requires an account
Over the wireA CTF that’s based on progressive levels for each lab, the users SSH in, no account recquired
Participating Challenge Sitesaims at creating a universal ranking for CTF participants
PentesterLabhosts a variety of exercises as well as various “bootcamps” focused on specific activities
Pentestitacocunt based CTF site, users have to install open VPN and get credentials
Pentest Practiceaccount based Pentest practice, free to sign up, but there’s also a pay-as-you-go feature
Pentest.traininglots of various labs/VMS for you to try and hack, registry is optional.
PicoCTFCTF hosted by Carnegie Mellon, occurs yearly, account required.
pwnable.krDon’t let the cartoon characters fool you, this is a serious CTF site that will teach you a lot, account required
pwnable.twhosts 27 challenges accompanied with writeups, account required
Ringzer0 Teaman account based CTF site, hosting over 272 challenges
ROP EmporiumReturn Oriented Programming challenges
SmashTheStackhosts various challenges, similar to OverTheWire, users must SSH into the machines and progress in levels
Shellter Labsaccount based infosec labs, they aim at making these activities social
Solve Me“yet another challenge”, account required.
Vulnhubsite hosts a ton of different vulnerable Virtual Machine images, download and get hacking
websec.frFocused on web challenges, registration is optional.
webhacking.krlots of web security challenges are available, recommended for beginners. You need to solve a simple challenge to sign up.
Stereotyped ChallengesChallenges for web security professionals, account required.
Stripe CTF 2.0Past security contest where you can discover and exploit vulnerabilities in mock web applications.
Windows / Linux Local Privilege Escalation WorkshopPractice your Linux and Windows privilege escalation
Hacking ArticlesCTF Brief Write up collection with a lot of screenshots good for beggainers

Reverse Engineering, Buffer Overflow and Exploit Development

NameDescription
A Course on Intermediate Level Linux Exploitationas the title says, this course isn’t for beginners
Analysis and exploitation (unprivileged)huge collection of RE information, organized by type.
Binary hacking35 “no bullshit” binary videos along with other info
Buffer Overflow Exploitation Megaprimer for LinuxCollection of Linux Rev. Engineering videos
Corelan tutorialsdetailed tutorial, lots of good information about memory
Exploit tutorialsa series of 9 exploit tutorials,also features a podcast
Exploit developmentlinks to the forum’s exploit dev posts, quality and post style will vary with each poster
flAWS challengeThrough a series of levels you’ll learn about common mistakes and gotchas when using Amazon Web Services (AWS).
Introduction to ARM Assembly Basicstons of tutorials from infosec pro Azeria, follow her on twitter
Introductory Intel x8663 days of OS class materials, 29 classes, 24 instructors, no account required
Lena’s Reversing for Newbies (Complete)listing of a lengthy resource by Lena, aimed at being a course
Linux (x86) Exploit Development Seriesblog post by sploitfun, has 3 different levels
Megabeets journey into Radare2one user’s radare2 tutorials
Modern Binary Exploitation – CSCI 4968RE challenges, you can download the files or download the VM created by RPISEC specifically for challenges, also links to their home page with tons of infosec lectures
Recon.cx – reversing conferencethe conference site contains recordings and slides of all talks!!
Reverse Engineering for Beginnershuge textbook, created by Dennis Yurichev, open-source
Reverse engineering reading lista github collection of RE tools and books
Reverse Engineering challengescollection of challenges from the writer of RE for Beginners
Reverse Engineering for beginners (GitHub project)github for the above
Reverse Engineering Malware 101intro course created by Malware Unicorn, complete with material and two VM’s
Reverse Engineering Malware 102the sequel to RE101
reversing.kr challengesreverse engineering challenges varying in difficulty
Shell stormBlog style collection with organized info about Rev. Engineering.
Shellcode Injectiona blog entry from a grad student at SDS Labs

Privilege Escalation

NameDescription
4 Ways get linux privilege escalationshows different examples of PE
A GUIDE TO LINUX PRIVILEGE ESCALATIONBasics of Linux privilege escalation
Abusing SUDO (Linux Privilege Escalation)Abusing SUDO (Linux Privilege Escalation)
AutoLocalPrivilegeEscalationautomated scripts that downloads and compiles from exploitdb
Basic linux privilege escalationbasic linux exploitation, also covers Windows
Common Windows Privilege Escalation VectorsCommon Windows Privilege Escalation Vectors
Editing /etc/passwd File for Privilege EscalationEditing /etc/passwd File for Privilege Escalation
Linux Privilege Escalation Linux Privilege Escalation – Tradecraft Security Weekly (Video)
Linux Privilege Escalation Check Scripta simple linux PE check script
Linux Privilege Escalation Scriptsa list of PE checking scripts, some may have already been covered
Linux Privilege Escalation Using PATH VariableLinux Privilege Escalation Using PATH Variable
Linux Privilege Escalation using Misconfigured NFSLinux Privilege Escalation using Misconfigured NFS
Linux Privilege Escalation via Dynamically Linked Shared Object LibraryHow RPATH and Weak File Permissions can lead to a system compromise.
Local Linux Enumeration & Privilege Escalation Cheatsheetgood resources that could be compiled into a script
OSCP – Windows Priviledge EscalationCommon Windows Priviledge Escalation
Privilege escalation for Windows and Linuxcovers a couple different exploits for Windows and Linux
Privilege escalation linux with live examplecovers a couple common PE methods in linux
Reach the rootdiscusses a process for linux privilege exploitation
RootHelpera tool that runs various enumeration scripts to check for privilege escalation
Unix privesc checkera script that checks for PE vulnerabilities on a system
Windows exploits, mostly precompiled.precompiled windows exploits, could be useful for reverse engineering too
Windows Privilege Escalationcollection of wiki pages covering Windows Privilege escalation
Windows Privilege EscalationNotes on Windows Privilege Escalation
Windows privilege escalation checkera list of topics that link to pentestlab.blog, all related to windows privilege escalation
Windows Privilege Escalation Fundamentalscollection of great info/tutorials, option to contribute to the creator through patreon, creator is an OSCP
Windows Privilege Escalation GuideWindows Privilege Escalation Guide
Windows Privilege Escalation Methods for PentestersWindows Privilege Escalation Methods for Pentesters

Malware Analysis

NameDescription
Malware traffic analysislist of traffic analysis exercises
Malware Analysis – CSCI 4976another class from the folks at RPISEC, quality content
[Bad Binaries] (https://www.badbinaries.com/)walkthrough documents of malware traffic analysis exercises and some occasional malware analysis.

Network Scanning / Reconnaissance

NameDescription
Foot Printing with WhoIS/DNS recordsa white paper from SANS
Google Dorks/Google Hackinglist of commands for google hacks, unleash the power of the world’s biggest search engine

Vulnerable Web Application

NameDescription
bWAPPcommon buggy web app for hacking, great for beginners, lots of documentation
Damn Small Vulnerable Webwritten in less than 100 lines of code, this web app has tons of vulns, great for teaching
Damn Vulnerable Web Application (DVWA)PHP/MySQL web app for testing skills and tools
Google Gruyerehost of challenges on this cheesy web app
OWASP Broken Web Applications Projecthosts a collection of broken web apps
OWASP Hackademic Challenges projectweb hacking challenges
OWASP Mutillidae IIanother OWASP vulnerable app, lots of documentation.
OWASP Juice Shopcovers the OWASP top 10 vulns
WebGoat: A deliberately insecure Web Applicationmaintained by OWASP and designed to to teach web app security

Vulnerable OS

NameDescription
General Test Environment Guidancewhite paper from the pros at rapid7
Metasploitable2 (Linux)vulnerable OS, great for practicing hacking
Metasploitable3 [Installation]the third installation of this vulnerable OS
Vulnhubcollection of tons of different vulnerable OS and challenges

Linux Penetration Testing OS

NameDescription
Android TamerAndroid Tamer is a Virtual / Live Platform for Android Security professionals.
BackBoxopen source community project, promoting security in IT enivornments
BlackArchArch Linux based pentesting distro, compatible with Arch installs
Bugtraqadvanced GNU Linux pen-testing technology
Kalithe infamous pentesting distro from the folks at Offensive Security
LionSec Linuxpentesting OS based on Ubuntu
Parrot Debian includes full portable lab for security, DFIR, and development

Exploits

NameDescription
0day.todayEasy to navigate database of exploits
Exploit Databasedatabase of a wide variety exploits, CVE compliant archive
CXsecurityIndie cybersecurity info managed by 1 person
Snyk Vulnerability DBdetailed info and remediation guidance for known vulns, also allows you to test your code

Forums

NameDescription
0x00sechacker, malware, computer engineering, Reverse engineering
Antichatrussian based forum
CODEBY.NEThacker, WAPT, malware, computer engineering, Reverse engineering, forensics – russian based forum
EAST Exploit databaseexploit DB for commercial exploits written for EAST Pentest Framework
Greysechacking and security forum
Hackforumsposting webstite for hacks/exploits/various discussion

Archived Security Conference Videos

NameDescription
InfoCon.orghosts data from hundreds of cons
IrongeekWebsite of Adrien Crenshaw, hosts a ton of info.
infocondb.orga site that aims to catalog and cross-reference all hacker conferences.

Online Communities

NameDescription
Hacktodayrequires an account, covering all kinds of hacking topics
Hack+link requires telegram to be used
MPGHcommunity of MultiPlayerGameHacking

Online News Sources

NameDescription
InfoSeccovers all the latest infosec topics
Recent Hash Leaksgreat place to lookup hashes
Security Intellcovers all kinds of news, great intelligence resources
Threatpostcovers all the latest threats and breaches
The Hacker Newsfeatures a daily stream of hack news, also has an app

By admin

Leave a Reply

Your email address will not be published. Required fields are marked *