General – Windows/AD – PWN – Web – Mobile – Password Cracking – Boot-2-Root/Wargames – Misc.
General
| Title | Link | Description |
|---|---|---|
| picoPrimer | Link! | Wonder what the shell is and how to use it? Maybe you haven’t thought about cryptography in ages and need a refresh? Revisit concepts you are familiar with or read something new to you in the picoPrimer. Authored by the picoCTF education team, the picoPrimer reviews cybersecurity principles used in our competition challenges. You do not need any additional software to read the picoPrimer or solve the challenges at the end of each chapter. |
| FuzzySecurity | Link! | Collection of security related topic by FuzzySecurity |
| Security and Pentesting Resources | Link! | A collection of online resources |
| 0x00sec | Link! | “The home of the Hacker” |
| Awesome Hacking | Link! | A collection of various awesome lists for hackers, pentesters and security researchers |
| CTF 101 | Link! | In this guide/wiki/handbook you’ll learn the techniques, thought processes, and methodologies you need to succeed in Capture the Flag competitions. |
| CTF Time Write-ups | Link! | A repository of write-ups for past CTFs hosted on ctftime.org |
| H4cker | Link! | This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more. |
Windows/AD
| Title | Link | Description |
|---|---|---|
| Windows Command List | Link! | This set of documentation describes the Windows Commands you can use to automate tasks by using scripts or scripting tools. |
| Active Directory Exploit Cheatsheet | Link! | A cheat sheet that contains common enumeration and attack methods for Windows Active Directory. |
| Active Directory Kill Chain Attack & Defense | Link! | Attack and defend active directory using modern post exploitation adversary tradecraft activity |
| Awesome Windows Red Team | Link! | A curated list of awesome Windows frameworks, libraries, software and resources for Red Teams |
| Active Directory Security | Link! | ADSecurity.org (Active Directory Security) is a place where he (Sean Metcalf) shares Microsoft enterprise security guidance and information about current threats to enterprise networks & mitigation for these threats, Active Directory design and configuration tips, as well as leveraging PowerShell in an Active Directory environment. |
| Attacking Active Directory | Link! | Attacking Active Directory: 0 to 0.9 |
| Post-Graduate AD Studies | Link! | Readings to amp up your AD skills |
| Game of Active Directory | Link! | GOAD is a pentest active directory LAB project. The purpose of this lab is to give pentesters a vulnerable Active directory environment ready to use to practice usual attack techniques. |
Pwn
| Title | Link | Description |
|---|---|---|
| pwn.college | Link! | pwn.college is a first-stage education platform for students (and other interested parties) to learn about, and practice, core cybersecurity concepts in a hands-on fashion. It is designed to take a “white belt” in cybersecurity to becoming a “yellow belt”, able to approach (simple) CTFs and wargames. |
| ROP Emporium | Link! | Learn return-oriented programming through a series of challenges designed to teach ROP techniques in isolation, with minimal reverse-engineering or bug hunting. |
| Interactive Beginner’s Guide to ROP | Link! | Vetie’s Guide on ROP – Includes an interactive console |
| Linux Kernel Teaching | Link! | This is a collection of lectures and labs Linux kernel topics. The lectures focus on theoretical and Linux kernel exploration. |
| Nightmare | Link! | Nightmare is an intro to binary exploitation / reverse engineering course based around ctf challenges |
| pwntools Tutorial | Link! | This repository contains some basic tutorials for getting started with pwntools (and pwntools). |
| Libc Database | Link! | libc database that allows version enumeration from a libc leak. Also includes the BuildID for use with One_Gadget |
| One_Gadget | Link! | The best tool for finding one gadget RCE in libc.so.6 |
Web
| Title | Link | Description |
|---|---|---|
| PortSwigger’s Web Security Academy | Link! | Brought to you by the creators of BurpSuite & the author of The Web Application Hacker’s Handbook |
| PentesterLab | Link! | Excellent resource to learn Web Hacking |
| OWASP’s Web Security Testing Guide | Link! | The WSTG is a comprehensive guide to testing the security of web applications and web services. |
Mobile
| Title | Link | Description |
|---|---|---|
| Mobile Application Penetration Testing Cheat Sheet | Link! | The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics. |
| Android App Reverse Engineering 101 | Link! | This workshop’s goal is to give you the foundations to begin reverse engineering Android applications. |
| OWASP Mobile Security Testing Guide | Link! | The MSTG is a comprehensive manual for mobile app security testing and reverse engineering for iOS and Android mobile security testers. |
| OverSecured | Link! | Oversecured is a company working on mobile app security. Their goal is to improve protection for the whole field, by researching and uncovering mobile vulnerabilities, automating the search for them, and also educating developers. Their blog is an excellent resource for learning different techniques. |
Password Cracking
| Title | Link | Description |
|---|---|---|
| One Rule to Rule Them All – Blog Post | Link! | |
| one Rule to Rule Them All – Rule | Link! | One rule to crack all passwords. or atleast we hope so. |
| J3rryBla4nks’ Password Cracking Methodology | Link! | |
| Probable Wordlists | Link! | Wordlists sorted by probability originally created for password generation and testing – make sure your passwords aren’t popular! |
Boot-2-Root/Wargames
| Title | Link | Description |
|---|---|---|
| HackTheBox | Link! | Cyber Security Gamified |
| VulnHub | Link! | To provide materials that allows anyone to gain practical ‘hands-on’ experience in digital security, computer software & network administration. |
| TryHackMe | Link! | A site geared toward beginners in cybersecurity, complete with public walkthroughs for most machines. |
| picoGym | Link! | picoGym is a noncompetitive practice space where you can explore and solve challenges from previously released picoCTF competitions, find fresh never before revealed challenges, and build a knowledge base of cybersecurity skills in a safe environment. |
| Root-Me | Link! | Root Me allows everyone to test and improve their knowledge in computer security and hacking. Legal. Free. Realistic. |
| Exploit Education | Link! | exploit.education provides a variety of resources that can be used to learn about vulnerability analysis, exploit development, software debugging, binary analysis, and general cyber security issues. |
| OverTheWire | Link! | The wargames offered by the OverTheWire community can help you to learn and practice security concepts in the form of fun-filled games. |
| PWNABLE.KR | Link! | ‘pwnable.kr’ is a non-commercial wargame site which provides various pwn challenges regarding system exploitation. the main purpose of pwnable.kr is ‘fun’. |
| crackmes.one | Link! | This is a simple place where you can download crackmes to improve your reverse engineering skills. |
| TJNull’s Vulnerable Machines list | Link! | TJNull has curated a list of vulnerable machines from several platform to help practice for various certification. |
Misc.
| Title | Link | Description |
|---|---|---|
| Crypto101 | Link! | Crypto 101 is an introductory course on cryptography, freely available for programmers of all ages and skill levels. |
| CryptoHack | Link! | Learn about modern cryptography by solving a series of interactive puzzles and challenges. Get to know the ciphers and protocols that secure the digital world by breaking them. |
| Powershell for Pentesters | Link! | A GitHub repo containing lessons for approaching powershell from the perspective of a pentester |
| How to Prepare to Take the Offensive Security Certified Professional (OSCP) Exam | Link! | |
| Introduction to Malware Analysis and Reverse Engineering | Link! | This class will introduce the CS graduate students to malware concepts, malware analysis, and black-box reverse engineering techniques. The target audience is focused on computer science graduate students or undergraduate seniors without prior cyber security or malware experience. It is intended to introduce the students to types of malware, common attack recipes, some tools, and a wide array of malware analysis techniques. |
| Reverse Engineering 101 | Link! | This workshop provides the fundamentals of reversing engineering (RE) Windows malware using a hands-on experience with RE tools and techniques. |
| Webhook.site | Link! | Webhook.site lets you easily inspect, test and run scripts and workflows for any incoming HTTP request or e-mail. |
| Interactsh | Link! | Interactsh is an Open-Source solution for Out of band Data Extraction, A tool designed to detect bugs that cause external interactions, For example – Blind SQLi, Blind CMDi, SSRF, etc. |