awesome-cybersec
A collection of awesome platforms, blogs, documents, books, resources and cool stuff about security
While this repository is still a work in progress , the goal is to build a categorized community-driven collection of very well-known resources.
All the good stuff in one place
Training
- Defbox
- Range force
- HTB
- Tryhackme
- Blue team academy
- Blue team labs
- Kali revealed
- Metasploit Unleashed
- platform.mosse-institute.com
- riptutorial.com/bash
- hackerrank.com/domains/shell
- https://pentesterlab.com/
- https://www.pentesteracademy.com/
- https://www.offensive-security.com/labs/individual/
- https://www.vulnhub.com/
- Google doc : vulnhub oscp like vm’s list
- Wordpress boxes on vulnhub
- Vulnhub CTF writeups
- Linux Privilige escalation Cheatsheet
- Privilige escalation
- corelan: exploit-writing-tutorial-part-1-stack-based-overflows
- https://scs.hacking-lab.com/
- Malware Noob2Ninja course
- n3t2.3c
- Hacking-cisco
- Open security training
- Pentest standard
- Security-tube
- Binary Analysis course
- https://training.zempirians.com/start/here
-
Pwncollege pwn.college is a first-stage education platform for students (and other interested parties) to learn about, and practice, core cybersecurity concepts in a hands-on fashion. It is designed to take a “white belt” in cybersecurity to becoming a “blue belt”, able to approach (simple) CTFs and wargames. The philosophy of pwn.college is “practice makes perfect”.
- Web Application Exploits and DefensesThis codelab is built around Gruyere /ɡruːˈjɛər/ - a small, cheesy web application that allows its users to publish snippets of text and store assorted files. “Unfortunately,” Gruyere has multiple security bugs ranging from cross-site scripting and cross-site request forgery, to information disclosure, denial of service, and remote code execution. The goal of this codelab is to guide you through discovering some of these bugs and learning ways to fix them both in Gruyere and in general.
- Course materials for Modern Binary Exploitation
- professormesser.com
- MCSI free training
- insecure.org/stf/smashstack.html
WebApp/Bugbounty resources
- Web Security Academy
- https://owasp.org/www-project-juice-shop/
- Mutillidae II
- VulnWeb
- https://www.bugbountyhunter.com/
- hacker101 is a free class for web security. Whether you’re a programmer with an interest in bug bounties or a seasoned security professional, Hacker101 has something to teach you.
- https://www.hacksplaining.com/
- awesome-web-hacking
- Resources-for-Beginner-Bug-Bounty-Hunters
- https://thexssrat.podia.com/dashboard
- https://github.com/websploit/websploit
- https://dvwa.co.uk/
- https://owasp.org/www-project-webgoat/
- Resources & Disclosed Reports
- Bug-bounty-roadmaps
- Bug-hunting-methodologies
- Open Source Bug Bounty Guide - Methodology, Tools, Resources
- Thug-bounty
- Bugbounty-Writeups
- The Best Bug Bounty Recon Methodology
- Pentesting web checklist
- Web-application cheatsheet
- Web-pentesting-checklist
- OWASP Web Security Testing Guide
- OWASP Top Ten
- Bugcroud university
- learning how various stacks function seems to be an important aspect of bug bounty hunting , so you need to learn at least one of MERN or LAMP or whatever. You can learn the MERN Stack by building your own Yelp-like restaurant review site. MERN stands for MongoDB + Express + React + Node.js. Then in the second half of the course, you’ll learn how to swap out your Node.js/Express back end in favor of Serverless Architecture. (3 hour YouTube course): https://www.freecodecamp.org/news/create-a-mern-stack-app-with-a-serverless-backend/
Resources from the hacker101 discord server
How to get started with hacking and bug bounties? We’ve gathered some useful resources to get your started on your bug bounty journey!
- Guide to learn hacking
- Finding your first bug
- Port Swigger Web Security Academy
- Nahamsec’s Twitch
- Nahamsec interviews with top bug bounty hunters
- Nahamsec’s beginner repo
- Stök
- InsiderPhD
- Series for new bug hunters
- Jhaddix
Posts from Hacker101 members on how to get started hacking
- zonduu
- p4nda
- also a blog on subdomain takeovers
- clos2100 on getting started without a technical background
- al-madjus from 0 to bug hunter
- dee-see’s resources for Android Hacking
- hacker101 videos
Tools
- Pwncat is a post-exploitation platform
for Linux targets. It started out as a wrapper around basic bind and reverse shells and has grown from there. It streamlines common red team operations while staging code from your attacker machine, not the target. - Automatic bypass (brute force) waf
- DFIR-Tools
- https://pentestbox.org/
- Notes , tons of notes
- Writehat : A pentest reporting tool written in Python. Free yourself from Microsoft Word.
- OSINT4ALL
- Shadrak : Shadrak is a script to generate decompression bomb in various formats.
- Fish: a phishing tool
- Owasp Zap, a free and opensource burpsuite alternative
- Pimpmykai
- Name that hash
- Burp Automator(burpa) - A Burp Suite Automation Tool.
- The harvester
- https://technisette.com/p/tools
- Hakrawler
- Service Enumeration
CTF’s
- https://ctftime.org/
- https://ctf.hackthebox.eu/ctfs
- https://www.hackthissite.org/
- Hack.me
- Try2Hackme
- Hackthissite
- https://overthewire.org/wargames/
- https://underthewire.tech/wargames
- Pwnable.tw
- Pwnable.kr
- Root-me
- Smash the stack
- Cryptohack.org
- PicoCTF
- CMDchallenge
- Defend the web
- ChaosVPN
- PentestIT
- Overthewire-Warzone
- CTF Difficulty cheatsheet (Vulnhub)
- hpwnadventure
- ctf.komodosec
- counterhack.net
- hellboundhackers
- ringzer0ctf.com
- io.netgarage
- pwn0.com
- w3c.com
- hax.tor.hu
- reversing.kr
- ctflearn.com
- microcorruption.com
- ctf365.com
- codegate.org
- legitbs.net
- ghostintheshellcode
- try2hack
- gameofhacks
- https://hackingzone.net/ try using this with google translate
- http://suninatas.com/challenges
- Dream hack is Korean cyber security course. it also offer CTF. You can try it out with google translate.
- The cyber institute Free OSINT Courses and Free OSINT Challenges.
- Sans holiday hack challenge - past challenges
- Holidayhackchallenge-2020
- Kringlecon
- Sans cyber-ranges
- CTF-challenge
- 247CTF
- Backdoor ctf
- Cybersecurity.wtf
Github resources
- Malware Analysis Course
- Malware-IR-TH-TI-Resources
- Red Team tactics and techniques
- Red Teaming toolkit
- Red Team
- awesome red teaming
- Powershell red team
- Red Teaming
- Red-team
- Red team diaries
- awesome-web-hacking
- awesome-security
- infosec-resources
- Everything about web application firewalls (WAFs)
- awesome-hacking
- Awesome-Hacking-2
- BARF: Binary analysis and reverse engineering framework
- Automatic Linux privesc via exploitation of low-hanging fruit
- CTF-KATANA
- Active-directory-exploitation-cheatsheet
- The book of secret knowledge : A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.
- PyWhat : identify anything
- OSEE prep resources
- PayloadsAllTheThings
- Thefuck
Blogs
- https://blog.tryhackme.com/free_path/
- From zero to hero in your first pentest
- So you want to be a hacker in 2021
- netsecfocus
- https://nosecurity.blog/cptc2020
- https://null-byte.wonderhowto.com/
- https://portswigger.net/blog/flying-high-in-the-web-security-academy
- https://www.simplycyber.io/free-cyber-resources
- https://blog.g0tmi1k.com/
- https://www.hackingarticles.in/
- https://www.hackingtutorials.org/
- https://www.hacking-tutorial.com/
- The Journey to Try Harder- TJnull’s Preparation Guide for PEN-200 PWK OSCP 2.0
- https://hacklido.com/
- What is a block cypher
- freecodecamp blog
- Redhuntlabs blog
- Hackthebox blog
- Tryhackme blog
- Start in infosec
- Ethical Hacking With Hack The Box :A free book for getting started in Ethical Hacking
- Hacking tutorials
- Halls of valhalla is a place for sharing knowledge and ideas. Users can submit code, as well as science, technology, and engineering-oriented news and articles.They also have an assortment of fun and educational challenges intended to help users learn more about programming, mathematics, encryption, hacking and more.
- Pentest.blog
- https://hausec.com/
- https://dirkjanm.io/
- https://adsecurity.org/
- infosec write-ups
- Hacksplained blog
- Get ready to pass the CISSP
- Blackmorerepos
Paid training
- cybersec labs
- Virtual Hacking Labs
- https://academy.tcm-sec.com/courses
- INE
- https://hackersacademy.com/
- Red team ops
- Pentester academy - red team labs
- Pentester labs
Resources
- https://startupstash.com/cybersecurity-resources/
- https://threatexpress.com/redteaming/resources/
- Reverse enginering
- https://ippsec.rocks/?#
- https://liveoverflow.com/
- Learn vim or Emacs i don’t care , i’m not trying to start a war
- Python Cybersecurity - Build your own tools
- Osint framework
- Getting started with OSINT
- Vulnhub resources
Programing resources
Learn git
https://www.freecodecamp.org/news/what-is-git-learn-git-version-control/
General
Comprehensive Guide to Learn CS Online
Get Started With TypeScript the Easy Way
Machine Learning with Introduction
Fullstackopen : Deep Dive Into Modern Web Development
Learn {Python,Java,C,JavaScript,PHP,Shell,C#}
Learn to build a website with LandChad.net
Python
A beginner’s guide to data visualization with Python
Nice Guide on Modern Python Packages
Intro to Python and Programming for non-CS majors
https://www.gormanalysis.com/blog/python-pandas-for-your-grandpa/
Practicepython.org Python Tutorial: A Comprehensive Guide for Beginners
Javascript
The Modern JavaScript Tutorial
JavaScript 101 - Variables & Primitives
Guide To Javascript Array Functions: Why you should pick the least powerful tool for the job
Learn and practice modern JavaScript
Java
A Hitchhiker’s Guide to Containerizing (Spring Boot) Java Apps
A beginner’s guide to CDC (Change Data Capture)
Java 15 Programmer’s Guide To Text Blocks
Modern Web Development in Java - The (Never) Complete Guide
C++
The Definitive C++ Book Guide and List
PHP
Misclaneous links
- You’ll find majority of the books you’re looking for here
- ssh-audit
- Secure your linux install
- Awesome-Linux-Software
- Twitter-geolocate
- Linux training academy
- modern-unix A collection of modern/faster/saner alternatives to common unix commands.
- Linuxzoo
- Snaplabs.io
- shortcutfoo.com
Youtube channels
Discord servers
➡️ Contributions
You are Welcome to Contribute. You can contribute by:
- Translating into other languages
- Adding more Tools, and other Resources.
- Just adding a star the Github project :)
If you have some new idea about this Repository, issue, feedback or found some valuable tool feel free to open an issue or just DM me on discord @thelastmethbender#4823
Star History
</a>