Welcome to Awesome-Hacking, your ultimate resource hub for all things hacking, pentesting, and security research.
This repository houses a curated collection of materials and tools I utilize daily in my work. It compiles a wealth of valuable information into a single resource, serving as an essential reference that I frequently revisit.
This repository is for everyone. While it caters specifically to System and Network Administrators, DevOps professionals, Pentesters, and Security Researchers, anyone can find something of interest here.
If you come across something that seems unclear or incorrect, please submit a pull request with valid and well-reasoned explanations for your changes or comments.
Here are a few guiding principles for this project:
- Welcoming and easy to understand
- Engaging and not tedious
- Practical and helpful
Additionally, consider the following rules:
- Easy to contribute to (using Markdown + HTML ...)
- Easy to navigate (simple Table of Contents, consider extending it if necessary)
URLs marked with * are temporarily unavailable. Please do not delete them without confirming their permanent expiration.
Before submitting a pull request, please review the contributing guidelines. Keep in mind:
+ This repository is focused on quality over quantity.
All suggestions and pull requests are welcome!
- β¨ Features
- π Legal Note
- π Get Started
- π Cybersecurity Education & Practical Labs
- π Valuable Repositories
- π οΈ Helpful Repositories
- π Reverse Engineering, Buffer Overflow, and Exploit Development
- π‘οΈ Malware Analysis
- π Elevating Privileges
- πΈοΈ Vulnerable Web Applications
- π§ Linux Penetration Testing OS
- πΊ YouTube Channels
- π Online Communities
- π Blogs
- π» Hacking and Security Forums
- π‘ Network Scanning / Reconnaissance
- π Credit To All Below
- Beginner's Guides: Step-by-step tutorials for newcomers to start their journey into hacking and cybersecurity.
- Pentesting Resources: Tools, methodologies, and real-world examples for penetration testers.
- Security Research: Latest trends, research papers, and insights from the cybersecurity field.
- Code Snippets: Useful scripts and snippets for various hacking tasks.
- Toolkits: Collections of essential tools and software for ethical hacking.
- Community Contributions: Insights and contributions from experienced hackers and security researchers.
All activities and discussions in this repository are conducted with the highest ethical standards and within legal boundaries.
Explore our curated resources, enhance your skills, and join a community of passionate cybersecurity enthusiasts. Happy hacking!
Name | Description |
---|---|
Academy Virtual Cyber Labs | Virtual labs offering interactive cybersecurity exercises and simulations for hands-on learning. |
arcX | Platform providing practical cybersecurity challenges and labs to develop skills in offensive and defensive techniques. |
Attack Defense | Provides over 1000 labs for practicing offensive and defensive cybersecurity skills. |
Backdoor | Pen testing labs featuring a space for beginners, a practice arena, and various competitions. |
CS 642: Intro to Computer Security | Comprehensive academic content, spanning a full semester. Includes assigned readings, homework, and GitHub references for exploit examples. |
CyberSec WTF | Web hacking challenges derived from bounty write-ups. |
Cybrary | Coursera-style website with a plethora of user-contributed content. Requires an account. Content can be filtered by experience level. |
Ctftime | The go-to website for all things related to CTFs. |
The cryptopals crypto challenges | A series of CTF challenges focused on cryptography. |
Challenge Land | A CTF site with a unique twist where solving a challenge is required to gain access. |
Crackmes.de Archive (2011-2015) | A repository focusing on reverse engineering challenges. |
Crackmes.one | Provides crackmes to enhance reverse engineering skills. |
CTFLearn | An account-based CTF site offering challenges across various categories. |
CTFs write-ups | A collection of write-ups from various CTFs, categorized by event. |
CTF365 | An account-based CTF platform recognized by institutions like Kaspersky, MIT, and T-Mobile. |
Dvwa | Damn Vulnerable Web Application is another intentionally insecure web application for practicing hacking skills. |
Defend the Web | An interactive security platform where you can learn and challenge your skills. |
Exploit exercises | Hosts five vulnerable virtual machines for practical exploitation practice. |
Free Cyber Security Training | Academic content, featuring 8 full courses with videos by a quirky instructor named Sam. Links to research, DEFCON materials, and other recommended training/learning resources. |
Google CTF | Provides source code from Google's CTF contests. |
Google CTF 2019 | Google's 2019 CTF edition. |
Google's XSS game | Offers XSS challenges with potential rewards. |
Hak5 | Podcast-style videos covering a variety of topics. Includes a forum and the "Metasploit Minute" video series. |
Hopper's Roppers Security Training | Four free self-paced courses on Computing Fundamentals, Security, Capture the Flags, and a Practical Skills Bootcamp to help beginners build a strong foundational knowledge base. |
Hackthissite | A site offering challenges, CTFs, and more to improve your hacking abilities. |
HackTheBox | An online platform to test and advance your penetration testing and cybersecurity skills. |
Hacker test | A beginner-friendly site for testing hacking skills. |
Hacker Gateway | Hosts CTFS covering steganography, cryptography, and web challenges. |
Hacksplaining | An interactive security education platform suitable for beginners. |
Hacking Articles | Offers CTF write-ups with screenshots for beginners. |
Hacker101 CTF | A CTF hosted by HackerOne, always online. |
Hacking Lab | A European platform hosting riddles, challenges, and competitions. |
hackburger.ee | Hosts web hacking challenges with an account requirement. |
Hack.me | Allows users to build, host, and attack vulnerable web apps. |
Hack this site! | A site where users progress through hacking challenges. |
Itsecgames | bWAPP or buggy web app is a deliberately insecure web application for practicing your skills. |
knock.xss.moe | Offers XSS challenges requiring an account. |
Learning Exploitation with Offensive Computer Security 2.0 | Blog-style instruction including slides, videos, homework, and discussion. No login required. |
Lin.security | Focuses on Linux privilege escalation practice. |
knock.xss.moe | Offers XSS challenges requiring an account. |
Mind Maps | Information Security-related mind maps. |
MIT OCW 6.858 Computer Systems Security | Academic content, well-organized full-semester course. Includes assigned readings, lectures, videos, and required lab files. |
noe.systems | A Korean challenge site requiring an account. |
Offensive Computer Security | Full-semester academic course including 27 lecture videos with slides and assigned readings. |
OWASP Top 10 Web Security Risks | Free courseware focusing on the top web security vulnerabilities and mitigation techniques. |
Overthewire | Learn and practice security concepts through engaging games. |
PicoCTF | Offers fun CTF challenges of varying difficulty levels for practice. |
PortSwigger | Interactive labs covering a broad spectrum of web security topics designed for practical learning. |
Penetration Testing Practice Lab / Vulnerable Apps/Systems | Compilation of resources and labs to practice penetration testing skills on vulnerable applications and systems. |
Participating Challenge Sites | A universal ranking for CTF participants. |
PentesterLab | Hosts exercises and bootcamps focused on specific activities. |
Pentestit | An account-based CTF site requiring users to install OpenVPN. |
Pentest Practice | Offers account-based Pentest practice. |
Pentest.training | Provides various labs and VMs for hacking practice. |
PicoCTF | Hosts a yearly CTF event by Carnegie Mellon. |
pwnable.kr | A serious CTF site focusing on exploitation challenges. |
pwnable.tw | Hosts challenges with write-ups. |
Root-me | Platform hosting a variety of challenges to test and develop hacking skills across different domains. |
Ringzer0 Team | An account-based CTF site hosting over 272 challenges. |
ROP Emporium | Focuses on Return Oriented Programming challenges. |
Seed Labs | Structured labs with videos, tasks, and necessary resources for hands-on learning of cybersecurity concepts. |
SmashTheStack | Hosts various challenges requiring SSH access. |
Shellter Labs | Provides account-based infosec labs. |
SecurityTube | Video tutorials and "Megaprimer" series covering diverse cybersecurity topics and tools in a visual format. |
Solve Me | A challenge-based platform requiring an account. |
The enigma group | Offers web application security training with video tutorials. |
TryHackMe | Online platform offering interactive labs and challenges, including prebuilt virtual machines for practical cybersecurity training. |
Upload-Labs | Repository providing labs focusing on various types of file upload vulnerabilities for practical cybersecurity training. |
Vulnhub | Provides a collection of virtual machines with varying levels of difficulty for practicing penetration testing skills. |
VulHub | Repository of vulnerable environments and labs for practicing penetration testing and cybersecurity techniques. |
Vulapps | Vulnerable web applications designed for practicing penetration testing and cybersecurity skills. |
websec.fr | Focuses on web security challenges with optional registration. |
webhacking.kr | Offers web security challenges for beginners. |
Windows / Linux Local Privilege Escalation Workshop | Focuses on Linux and Windows privilege escalation practice. |
0day.today | A user-friendly exploit database that is simple to navigate. |
CXsecurity | Independent cybersecurity information site, operated by a single person. |
Snyk Vulnerability DB | Offers detailed information and remediation advice for known vulnerabilities, along with code testing capabilities. |
Repository | Description |
---|---|
Android Security | Curated resources for understanding Android security. |
AppSec | Resources to learn about securing applications. |
Asset Discovery | Tools and resources for asset discovery in security assessments. |
Bug Bounty | List of bug bounty programs and write-ups. |
Capsulecorp Pentest | Vagrant+Ansible lab for network penetration testing. |
Cellular Hacking | Research in 3G/4G/5G cellular security. |
CTF | Frameworks, libraries, and resources for Capture The Flag competitions. |
Cyber Skills | Environments to legally train and enhance cyber skills. |
DevSecOps | Tools for integrating security into DevOps practices. |
Embedded and IoT Security | Resources for securing embedded systems and IoT devices. |
Exploit Development | Learning resources for developing exploits. |
Fuzzing | Techniques and tools for fuzzing and exploit development. |
Hacking | Tutorials, tools, and resources for hacking. |
Hacking Resources | Collection of resources for penetration testing. |
Honeypots | Tools and resources for deploying honeypots. |
Incident Response | Tools for handling incident response. |
Industrial Control System Security | Security resources for industrial control systems (ICS). |
InfoSec | Courses and training resources for information security. |
IoT Hacks | Exploits and hacks in the IoT space. |
Mainframe Hacking | Resources for mainframe hacking and pentesting. |
Malware Analysis | Tools and resources for analyzing malware. |
OSINT | Tools and resources for Open Source Intelligence (OSINT). |
OSX and iOS Security | Security tools and resources for macOS and iOS. |
Pcaptools | Tools for processing network traces in Computer Science. |
Pentest | Resources and tools for penetration testing. |
PHP Security | Libraries and tools for PHP security. |
Real-time Communications hacking & pentesting resources | Security resources for VoIP, WebRTC, and VoLTE. |
Red Teaming | Resources for Red Team operations and resources. |
Reversing | Tools and resources for reverse engineering. |
Reinforcement Learning for Cyber Security | Machine learning resources applied to cyber security. |
Sec Talks | Collection of awesome security talks. |
SecLists | Collection of lists for security assessments. |
Security | Software, libraries, and resources for security. |
Serverless Security | Resources for securing serverless architectures. |
Social Engineering | Resources and techniques for social engineering. |
Static Analysis | Tools for static analysis and code quality checking. |
The Art of Hacking Series | Thousands of references and resources for cybersecurity. |
Threat Intelligence | Resources for threat intelligence gathering. |
Vehicle Security | Resources for learning about vehicle security and car hacking. |
Vulnerability Research | Resources and tools for vulnerability research. |
Web Hacking | Resources for web application security. |
Web3 Security | Materials and resources for Web3 security. |
Windows Exploitation - Advanced | Advanced references for Windows exploitation. |
WiFi Arsenal | Tools for hacking 802.11 networks. |
YARA | Rules, tools, and resources for YARA. |
Repository | Description |
---|---|
Adversarial Machine Learning | Resources for understanding adversarial machine learning. |
AI Security | Resources for securing AI applications. |
API Security Checklist | Checklist for securing APIs during development and testing. |
APT Notes | Public documents about APT campaigns. |
Bug Bounty Reference | Write-ups categorized by bug type from bug bounty programs. |
Cryptography | Tools and resources for cryptography. |
CTF Tool | Frameworks and tools for Capture The Flag competitions. |
CVE PoC | Proof of Concepts (PoCs) for CVEs. |
CVE PoC updated daily | Daily updated Proof of Concepts (PoCs) for CVEs. |
Detection Lab | Scripts to build a lab environment with security tooling. |
Forensics | Tools and resources for digital forensics. |
Free Programming Books | Collection of free programming books. |
Gray Hacker Resources | Resources for CTFs, wargames, and pentesting. |
GTFOBins | List of Unix binaries exploitable for bypassing local security. |
Hacker101 | Free web security class by HackerOne. |
Infosec Getting Started | Resources and documentation to start learning Infosec. |
Infosec Reference | Comprehensive reference for Information Security. |
IOC | Sources for indicators of compromise (IOCs). |
Linux Kernel Exploitation | Links related to Linux kernel fuzzing and exploitation. |
Lockpicking | Resources for lock, safe, and key security. |
Machine Learning for Cyber Security | Machine learning tools for cyber security. |
Payloads | Collection of web attack payloads. |
PayloadsAllTheThings | Payloads and bypass techniques for Web Application Security. |
Pentest Cheatsheets | Cheatsheets useful for penetration testing. |
Pentest Wiki | A free online security knowledge library for pentesters / researchers |
Probable Wordlists | Wordlists sorted by probability for password generation and testing. |
Resource List | Collection of useful GitHub projects categorized. |
Reverse Engineering | Articles, books, and papers on reverse engineering. |
RFSec-ToolKit | Hacktools for Radio Frequency Communication Protocols. |
Security Cheatsheets | Cheatsheets for various infosec tools and topics. |
Security List | Comprehensive security list for learning and practical use. |
Shell | Frameworks and tools for shell scripting and management. |
ThreatHunter-Playbook | Playbook for developing techniques and hypotheses for threat hunting. |
Web Security | Materials and resources for understanding and practicing web security. |
Name | Description |
---|---|
A Course on Intermediate Level Linux Exploitation | π An advanced course for those with some experience in Linux exploitation. |
Analysis and Exploitation (Unprivileged) | π A vast collection of reverse engineering information, organized by type. |
Binary Hacking | π₯ 35 straightforward videos on binary hacking and other useful info. |
Buffer Overflow Exploitation Megaprimer for Linux | πΊ A series of videos on Linux reverse engineering. |
Corelan Tutorials | π Detailed tutorials on memory exploitation and reverse engineering. |
Exploit Tutorials | π A set of nine exploit tutorials, including a podcast. |
Exploit Development | π£οΈ Links to exploit development posts on a forum, varying in quality and style. |
flAWS Challenge | βοΈ Learn about common mistakes and security pitfalls in Amazon Web Services (AWS) through a series of levels. |
Introduction to ARM Assembly Basics | π Comprehensive tutorials on ARM assembly by an infosec professional. |
Introductory Intel x86 | π» Extensive course materials on Intel x86, with no account required. |
Lena's Reversing for Newbies (Complete) | π A complete resource by Lena aimed at beginners in reverse engineering. |
Linux (x86) Exploit Development Series | π₯οΈ Blog posts with three different levels of Linux exploit development tutorials. |
Megabeets Journey into Radare2 | π Tutorials on using Radare2 for reverse engineering. |
Modern Binary Exploitation - CSCI 4968 | π Reverse engineering challenges and downloadable VMs from RPISEC. |
Recon.cx - Reversing Conference | π€ Conference site with recordings and slides of all talks on reverse engineering. |
Reverse Engineering for Beginners | π A comprehensive textbook on reverse engineering, open-source and free. |
Reverse Engineering Reading List | π A collection of reverse engineering tools and books on GitHub. |
Reverse Engineering Challenges | 𧩠Challenges created by the author of "Reverse Engineering for Beginners". |
Reverse Engineering for Beginners (GitHub Project) | π» GitHub repository for the "Reverse Engineering for Beginners" textbook. |
Reverse Engineering Malware 101 | π¦ An introductory course on malware reverse engineering with materials and VMs. |
Reverse Engineering Malware 102 | π¦ The follow-up course to "Reverse Engineering Malware 101". |
Reversing.kr Challenges | π§ Reverse engineering challenges of varying difficulty. |
Shell Storm | π A blog-style collection of reverse engineering information. |
Shellcode Injection | π‘ A blog post by a graduate student on shellcode injection. |
Micro Corruption β Assembly | π οΈ A CTF designed to learn Assembly by solving practical challenges. |
Name | Description |
---|---|
Analyze Malware Using Volatility | A framework for analyzing volatile memory for malware artifacts and indicators |
Bad Binaries | Walkthroughs of malware traffic analysis exercises and occasional malware analysis |
Honeynet Project | A project providing data and tools for analyzing malware captured by honeypots |
Malware Traffic Analysis | Exercises and resources for analyzing malware traffic |
Malware Unicorn - Workshops | Workshops on malware analysis and reverse engineering, including resources and VMs |
Malware Analysis For Hedgehogs | A learning path and resources for beginners and advanced users in malware analysis |
Malware Analysis Tutorials | Step-by-step tutorials on malware analysis by MalwareTech |
Malware Analysis - CSCI 4976 | Quality content from an RPISEC class on malware analysis |
Practical Malware Analysis & Triage | A practical guide to malware analysis and triage with hands-on labs and examples |
REMnux | A Linux toolkit for reverse-engineering and analyzing malware |
Zero2Automated | A comprehensive course on automated malware analysis and sandboxing |
Name | Description |
---|---|
4 Ways to Get Linux Privilege Escalation | Shows different methods to gain higher access in Linux systems. |
A Guide to Linux Privilege Escalation | Basics of escalating privileges on Linux systems. |
Abusing SUDO (Linux Privilege Escalation) | Techniques to exploit SUDO in Linux for privilege escalation. |
AutoLocalPrivilegeEscalation | Automated scripts that download and compile exploits from Exploit-DB. |
Basic Linux Privilege Escalation | Basic techniques for escalating privileges in Linux, also includes Windows tips. |
Common Windows Privilege Escalation Vectors | Common methods to escalate privileges in Windows. |
Editing /etc/passwd File for Privilege Escalation | How to manipulate the /etc/passwd file to gain higher access in Linux. |
GTFOBins | A curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems. |
Linux Privilege Escalation | Video on techniques for privilege escalation in Linux. |
Linux Privilege Escalation Check Script | A simple script to check for privilege escalation vulnerabilities in Linux. |
Linux Privilege Escalation Scripts | A list of scripts for checking privilege escalation vulnerabilities in Linux. |
Linux Privilege Escalation Using PATH Variable | How to exploit misconfigured PATH variables for privilege escalation in Linux. |
Linux Privilege Escalation using Misconfigured NFS | How to exploit misconfigured NFS for privilege escalation in Linux. |
Linux Privilege Escalation via Dynamically Linked Shared Object Library | Exploiting RPATH and weak file permissions for privilege escalation in Linux. |
Local Linux Enumeration & Privilege Escalation Cheatsheet | A cheatsheet of resources and scripts for privilege escalation in Linux. |
Linux Exploit Suggester | A tool to identify possible exploits for a given Linux system. |
LinEnum | A script for enumerating Linux systems for privilege escalation vulnerabilities. |
Linux Smart Enumeration | A script for detailed enumeration of Linux systems, highlighting privilege escalation vectors. |
OSCP - Windows Privilege Escalation | Common methods for escalating privileges in Windows for OSCP. |
Privilege Escalation for Windows and Linux | Various exploits for privilege escalation in Windows and Linux. |
Privilege Escalation in Linux with Live Example | Examples of common privilege escalation methods in Linux. |
Reach the Root | A detailed process for privilege escalation in Linux. |
RootHelper | A tool that runs various scripts to check for privilege escalation vulnerabilities. |
Unix Privilege Escalation Checker | A script to check for privilege escalation vulnerabilities in Unix systems. |
Windows Exploits, Mostly Precompiled | Precompiled Windows exploits, useful for reverse engineering. |
Windows Privilege Escalation | A collection of resources and techniques for escalating privileges in Windows. |
Windows Privilege Escalation | Notes and techniques for privilege escalation in Windows. |
Windows Privilege Escalation Checker | A list of topics linking to relevant resources on Windows privilege escalation. |
Windows Privilege Escalation Fundamentals | Tutorials and guides on privilege escalation in Windows, created by an OSCP. |
Windows Privilege Escalation Guide | A comprehensive guide on Windows privilege escalation. |
Windows Privilege Escalation Methods for Pentesters | A detailed blog post on various methods for privilege escalation in Windows. |
Windows Privilege Escalation Awesome Scripts | A collection of PowerShell scripts to assist with privilege escalation in Windows. |
Windows Exploit Suggester | A tool to identify possible exploits for a given Windows system. |
Watson | A tool to enumerate missing KBs and suggest exploits for privilege escalation in Windows. |
Name | Description |
---|---|
AltoroMutual | A simulated banking website to practice finding and exploiting security vulnerabilities |
BadStore | A vulnerable web application designed for security training |
bWAPP | A common buggy web app for hacking, great for beginners with lots of documentation |
Cyber Range | A collection of various vulnerable applications for practicing different types of attacks |
Damn Small Vulnerable Web (DSVW) | A web app written in less than 100 lines of code, full of vulnerabilities, ideal for teaching |
Damn Vulnerable Web Application (DVWA) | A PHP/MySQL web app for testing skills and tools |
Defend the Web | A series of web security challenges to test and improve your skills |
Google Gruyere | Host of challenges on this cheesy web app |
Hacme Bank | A deliberately vulnerable web application to practice security skills |
Hackazon | A vulnerable web application modeled after an e-commerce site |
HackMe Banking | A web application designed to demonstrate common web vulnerabilities in an online banking context |
Juice Shop | An intentionally insecure web application for security training |
Metasploitable 2 | A vulnerable virtual machine used for testing Metasploit and other tools |
NodeGoat | An OWASP project for learning Node.js security by trying to exploit vulnerabilities |
OWASP Broken Web Applications Project | Collection of broken web apps for learning |
OWASP Hackademic Challenges project | Web hacking challenges for practice |
OWASP Mutillidae II | Another OWASP vulnerable app with lots of documentation |
OWASP Juice Shop | Covers the OWASP top 10 vulnerabilities |
PentesterLab | Provides vulnerable systems to practice penetration testing techniques |
SecApps Playground | A playground to learn and practice web application security concepts |
Security Shepherd | An OWASP project designed to foster and improve security awareness |
SQLol | A vulnerable web app for learning SQL injection attacks |
VulnHub | Hosts vulnerable web applications for practicing penetration testing and security assessments |
WebGoat | A deliberately insecure web app maintained by OWASP for teaching web app security |
WebForPentester | A vulnerable web application designed for testing and learning pentesting techniques |
WackoPicko | A vulnerable web application to test security tools and demonstrate common web vulnerabilities |
XSS Game | A game developed by Google to teach cross-site scripting (XSS) vulnerabilities |
Name | Description |
---|---|
Android Tamer | Virtual/live platform specialized for Android security professionals |
BackBox | Community-driven Linux distribution geared towards securing IT environments |
BlackArch | Arch Linux-based penetration testing distribution, designed for compatibility with Arch installations |
Bugtraq | Advanced GNU/Linux distribution for penetration testing and security auditing |
Docker for Pentest | Docker image preloaded with essential tools for creating a pentesting environment quickly |
Kali Linux | Industry-leading Linux distribution for penetration testing and ethical hacking, developed by Offensive Security |
LionSec Linux | Ubuntu-based operating system tailored for penetration testing and security assessments |
Parrot Security OS | Debian-based OS featuring a complete portable lab for security testing, digital forensics, and development |
Pentoo | Gentoo-based Linux distribution focused on penetration testing and security auditing |
Name | Description |
---|---|
IppSec Channel - Hack The Box Writeups | Detailed Hack The Box walkthroughs and writeups. |
LiveOverflow - Explore weird machines... | Exploring weird machines and hacking concepts. |
GynvaelEN - Podcasts about CTFs, computer security, programming and similar things. | Podcasts on CTFs, computer security, and programming. |
John Hammond - Wargames and CTF writeups | CTF writeups and wargame walkthroughs. |
Murmus CTF - Weekly live streamings | Weekly live streams focusing on CTFs. |
PwnFunction | Videos on exploitation and security concepts. |
OJ Reeves | Tutorials and insights on cybersecurity topics. |
Hacksplained - A Beginner Friendly Guide to Hacking | Beginner-friendly hacking guides and tutorials. |
STΓK | Bug bounty hunting and cybersecurity content. |
Hackersploit | Penetration testing tutorials and cybersecurity content. |
The Cyber Mentor | Cybersecurity tutorials and ethical hacking courses. |
Nahamsec | Bug bounty tips, tricks, and live hacking streams. |
Hackerone | Bug bounty programs and cybersecurity insights. |
The Hated one | Privacy, cybersecurity, and hacking-related content. |
stacksmashing / Ghidra Ninja | Hardware hacking and reverse engineering. |
Hak5 | DIY hacking and cybersecurity tutorials. |
0patch by ACROS Security | A few short, specific videos focused on the 0patch platform. |
BlackHat | Features talks from BlackHat conferences around the world. |
Christiaan008 | A variety of videos on various security topics, though somewhat disorganized. |
Name | Description |
---|---|
Hunting for Top Bounties - Nicolas GrΓ©goire | Tips for hunting top bounties. |
BSidesSF 101 The Tales of a Bug Bounty Hunter - Arne Swinnen | Experiences of a bug bounty hunter. |
Security Fest 2016 The Secret life of a Bug Bounty Hunter - Frans RosΓ©n | Inside look at the life of a bug bounty hunter. |
The Conscience of a Hacker | Reflective talk on the mindset of a hacker. |
44contv | Information security conference based in London, lengthy instructional videos. |
MIT OCW 6.858 Computer Systems Security | Lengthy instructional videos on computer systems security. |
BruCON Security Conference | Security and hacker conference in Belgium with lengthy instructional videos. |
BSides Manchester | Security and hacker conference in Manchester with lengthy videos. |
BSidesAugusta | Security conference in Augusta, Georgia with lengthy instructional videos. |
CarolinaCon | Security conference in North Carolina, associated with various 2600 chapters, with lengthy instructional content. |
Cort Johnson | Talks from Hack Secure Opensec 2017. |
DevSecCon | Lengthy videos covering DevSecOps and making software more secure. |
Garage4Hackers - Information Security | A handful of lengthy videos, About section lacks description. |
HACKADAY | Lots of random tech content, not strictly infosec, some instructional. |
Hack In The Box Security Conference | Lengthy con-style instructional talks from an international security conference. |
Hack in Paris | Security conference in Paris featuring lots of instructional talks with difficult-to-see slides. |
Hacklu | Lengthy con-style instructional videos. |
Hacktivity | Lengthy con-style instructional videos from a conference in central/eastern Europe. |
Hardwear.io | Handful of lengthy con-style videos with an emphasis on hardware hacks. |
IEEE Symposium on Security and Privacy | Content from the symposium, a professional association based in the US, also publishes various journals. |
LASCON | Lengthy con-style talks from an OWASP conference held in Austin, TX. |
leHACK | The oldest (2003) leading security conference in Paris, France. |
Marcus Niemietz | Instructional content associated with HACKPRA, an offensive security course from a German institute. |
Media.ccc.de | The official channel of the Chaos Computer Club with tons of lengthy con-style videos. |
NorthSec | Lengthy con-style talks from an applied security conference in Canada. |
Pancake Nopcode | Channel of Radare2 whiz Sergi "pancake" Alvarez, featuring reverse engineering content. |
Psiinon | Medium-length instructional videos for the OWASP Zed Attack Proxy. |
SJSU Infosec | Lengthy instructional videos from San Jose State University's infosec program. |
Secappdev.org | Lengthy instructional lectures on secure application development. |
Security Fest | Medium-length con-style talks from a security festival in Sweden. |
SecurityTubeCons | An assortment of con-style talks from various conferences including BlackHat and Shmoocon. |
ToorCon | Medium-length con videos from a conference based in San Diego, CA. |
USENIX Enigma Conference | Medium-length "round table discussions with leading experts," content starts in 2016. |
ZeroNights | Con-style talks from the international ZeroNights conference. |
Defcon Conference | Talks and presentations from the DEFCON conference. |
x33fcon Conference | Security conference talks and presentations. |
Hack In Paris | Talks from the Hack In Paris conference. |
LeHack / HZV | Presentations from the LeHack conference. |
InfoCon.org | InfoCon.org is a comprehensive repository hosting data from hundreds of cybersecurity and hacker conferences worldwide. It serves as a valuable resource for accessing conference materials, including talks, presentations, and schedules. |
Irongeek | Irongeek.com, managed by Adrien Crenshaw, is a rich repository of cybersecurity and hacking resources. It offers a wealth of information, including tutorials, videos, and articles on various topics related to cybersecurity, hacking, and technology. |
infocondb.org | InfoConDB.org is dedicated to cataloging and cross-referencing information from hacker conferences globally. It provides a centralized platform for exploring details about past and upcoming conferences, including speakers, topics, and event histories. |
Name | Description |
---|---|
Detectify | Short videos aimed at showing how to use the Detectify scanner. |
Kaspersky Lab | Promotional content with some hidden cybersecurity gems. |
Metasploit | Medium-length instructional Metasploit demos (~25 minutes each). |
ntop | Network monitoring and packet analysis instructional videos. |
nVisium | Promos and a handful of instructional series on Rails vulnerabilities and web hacking. |
OpenNSM | Network analysis with many TCPDUMP videos. |
OWASP | See OWASP above. |
Rapid7 | Brief promotional and instructional videos (~5 minutes). |
Securelist | Brief videos and interviews discussing various cybersecurity topics. |
Segment Security | Promo videos, non-instructional. |
SocialEngineerOrg | Podcast-style instructional content, lengthy (~1 hour each). |
Sonatype | DevOps-related content, varied lengths, somewhat disorganized. |
SophosLabs | Brief, news-style content with segments like "7 Deadly IT Sins." |
Sourcefire | Brief videos covering topics like botnets and DDoS (~5 minutes each). |
Station X | Brief videos, disorganized, with unscheduled updates. |
Synack | Random, news-style videos, disorganized and non-instructional. |
TippingPoint Zero Day Initiative | Very brief and somewhat instructional videos (~30 seconds). |
Tripwire, Inc. | Tripwire demos and random news-style videos, non-instructional. |
Vincent Yiu | Instructional videos from a single hacker. |
Name | Description |
---|---|
0x41414141 | Channel with a couple of challenges, well explained. |
Adrian Crenshaw | Lots of lengthy con-style talks. |
Adrian Crenshaw | lots of lengthy con-style talks |
Corey Nachreiner | Security news bites, 2-3 videos a week, no set schedule. |
BalCCon - Balkan Computer Congress | Long con-style talks from the Balkan Computer Congress, doesn't update regularly. |
danooct1 | Brief screenshot how-to videos regarding malware, regular content updates. |
DedSec | Brief screenshot how-to videos based in Kali, no recent posts. |
DEFCON Conference | Lengthy con-style videos from the iconic DEFCON. |
DemmSec | Pen testing videos with somewhat irregular uploads. |
Derek Rook - CTF/Boot2root/wargames Walkthrough | Lengthy screenshot instructional videos. |
Don Does 30 | Amateur pen-tester posting brief screenshot videos regularly. |
Derek Rook - CTF/Boot2root/wargames Walkthrough | lots of lengthy screenshot instructional vids, with |
Error 404 Cyber News | Short screenshot videos with loud metal music, no dialogue, bi-weekly updates. |
Geeks Fort - KIF | Brief screenshot videos, no recent posts. |
GynvaelEN | Security streams from a Google researcher focused on CTFs, computer security, and programming. |
HackerSploit | Regular posts, medium-length screenshot videos with dialogue. |
HACKING TUTORIALS | Brief screenshot videos, no recent posts. |
iExplo1t | Screenshot videos aimed at novices, no recent posts. |
IPPSec | Hackthebox.eu retired machine walkthroughs to learn basic and advanced techniques. |
InfoSec Magazine | Comprehensive coverage of the latest topics in information security |
JackkTutorials | Medium-length instructional videos with some "Ask Me" videos. |
John Hammond | Solves CTF problems and provides pen testing tips and tricks. |
Latest Hacking News | Medium-length screenshot videos, no recent releases. |
LionSec | Brief screenshot instructional videos with no dialogue. |
LiveOverflow | Brief-to-medium instructional videos on topics like buffer overflows and exploit writing, regular posts. |
Metasploitation | Screenshot videos focused on using Metasploit, no recent updates. |
NetSecNow | Channel of pentesteruniversity.org, posts once a month, screenshot instructional videos. |
Open SecurityTraining | Lengthy lecture-style videos, no recent posts, but quality information. |
Pentester Academy TV | Brief videos with very regular posting, up to 8+ a week. |
rwbnetsec | Medium-length instructional videos covering tools from Kali 2.0, no recent posts. |
Recent Hash Leaks | Valuable resource for looking up leaked hashes and related information |
Samy Kamkar's Applied Hacking | Brief to medium-length instructional videos from the creator of PoisonTap for the Raspberry Pi Zero, no recent content. |
SecureNinjaTV | Brief news bites, irregular posting. |
Security Weekly | Regular updates with lengthy podcast-style interviews with industry professionals. |
Seytonic | DIY hacking tutorials, hardware hacks, regular updates. |
Shozab Haxor | Screenshot-style instructional videos, regular updates, Windows CLI tutorials. |
SSTec Tutorials | Brief screenshot videos, regular updates. |
Security Intelligence | Offers in-depth coverage of cybersecurity news and intelligence resources. |
Secjuice | Diverse cybersecurity community offering articles, podcasts, and more on security topics. |
Tradecraft Security Weekly | Learn about all the latest security tools and techniques. |
Troy Hunt | Medium-length news videos from a lone YouTuber, regular content. |
Threatpost | Provides timely updates on the latest threats, vulnerabilities, and breaches in cybersecurity. |
The Hacker News | Daily updates on hacking news, cybersecurity incidents, and vulnerabilities; also available as a mobile app |
The Daily Swig | Latest cybersecurity news from PortSwigger. |
Tradecraft Security Weekly | Want to learn about all of the latest security tools and techniques? |
Waleed Jutt | Brief screenshot videos covering web security and game programming. |
webpwnized | Brief screenshot videos, some CTF walkthroughs. |
Zer0Mem0ry | Brief C++ security videos, programming intensive. |
Name | Description |
---|---|
HACKING GOOGLE Series | A comprehensive series on Googleβs security measures. |
EP000: Operation Aurora HACKING GOOGLE | Overview of Operation Aurora. |
EP001: Threat Analysis Group HACKING GOOGLE | Insights from Googleβs Threat Analysis Group. |
EP002: Detection and Response HACKING GOOGLE | Googleβs detection and response strategies. |
EP003: Red Team HACKING GOOGLE | The role and activities of Googleβs Red Team. |
EP004: Bug Hunters HACKING GOOGLE | Googleβs bug bounty hunters and their experiences. |
EP005: Project Zero HACKING GOOGLE | Insights into Googleβs Project Zero team. |
Name | Description |
---|---|
Hacktoday | Community platform discussing various hacking topics, requires registration |
Hack+ Telegram Channel | Telegram channel dedicated to discussions on hacking and cybersecurity |
MPGH | MultiPlayerGameHacking forum community for gaming-related hacks and cheats |
Stack Overflow Security | Stack Overflow's dedicated tag for security-related questions and discussions |
Reddit /r/hacking | Subreddit focused on hacking discussions, news, and resources |
HackerOne Community | Community forum for HackerOne platform users and security enthusiasts |
Exploit Database Forum | Forum associated with the Exploit Database, discussing vulnerabilities and exploits |
Cybrary Community | Cybersecurity learning platform with an active community forum for discussions and support |
Null Byte | Community-focused on ethical hacking and cybersecurity tutorials, articles, and discussions |
Blog URL | Description |
---|---|
ScriptKidd1e | Follow the OSCP journey and experiences shared by ScriptKidd1e. |
Security Sift | Insights and tips on Offensive Security's courses and the OSCP certification by Security Sift. |
Ch3rn0byl | Detailed OSCP experiences and challenges shared by Ch3rn0byl. |
TechExams | A personal journey and reflections on the OSCP certification by JollyFrog. |
Hacking and Security | Blog covering various topics related to hacking and cybersecurity. |
Carnal0wnage | Insights into security research and exploits by Carnal0wnage. |
McGrew Security | Security blog focusing on penetration testing and research. |
Gnucitizen | Blog covering cybersecurity, privacy, and hacking topics from a critical perspective. |
Darknet | Articles and tools related to hacking, security, and cryptography. |
Spylogic | Insights into penetration testing and cybersecurity from Spylogic. |
Taosecurity | Thoughts and research from a cybersecurity perspective by TaoSecurity. |
Room362 | Blog focusing on cybersecurity, hacking, and digital forensics. |
Sipvicious | Articles and tools related to VoIP security and hacking. |
PortSwigger | Insights and updates from PortSwigger, the creators of Burp Suite. |
Pentest Monkey | Tips and techniques for penetration testing and cybersecurity. |
Jeremiah Grossman | Thoughts on web security, hacking, and technology by Jeremiah Grossman. |
i8jesus | Blog focusing on cybersecurity, penetration testing, and hacking techniques. |
C22 | Research and insights into cybersecurity and penetration testing by C22. |
SkullSecurity | Blog featuring tools, research, and insights into security topics. |
Metasploit | Updates and articles from the Metasploit project team. |
Darkoperator | Tips, tricks, and tutorials on penetration testing and security by Darkoperator. |
Skeptikal | Insights and thoughts on cybersecurity and technology from a skeptical viewpoint. |
PreachSecurity | Blog covering cybersecurity, ethical hacking, and digital forensics. |
TSSCI Security | Articles and tools related to cybersecurity and digital forensics. |
GDS Security | Research and insights into cybersecurity and penetration testing by GDS Security. |
WebSec | Blog focusing on web security, vulnerabilities, and hacking techniques. |
Bernardo Damele | Thoughts and research on cybersecurity and web application security. |
Laramies | Blog featuring tools and techniques related to cybersecurity and penetration testing. |
Spylogic (again) | Insights into penetration testing and cybersecurity from Spylogic. |
Andlabs | Research and insights into cybersecurity and mobile security by Andlabs. |
XS-Sniper | Blog covering cybersecurity, penetration testing, and tools. |
Common Exploits | Insights into cybersecurity and penetration testing from Common Exploits. |
Sensepost | Blog featuring research and insights from Sensepost, covering cybersecurity topics. |
WepMa | Blog focusing on cybersecurity and ethical hacking. |
Exploit.co.il | Articles and tools related to cybersecurity and exploits. |
Security Reliks | Articles and insights into cybersecurity and penetration testing. |
Mad Irish | Thoughts and insights on cybersecurity and hacking from Mad Irish. |
Sir Dark Cat | Blog covering cybersecurity, hacking, and technology from Sir Dark Cat. |
Reusable Security | Insights and research on cybersecurity and digital security topics. |
Myne-us | Blog focusing on cybersecurity, hacking, and digital forensics. |
NotSoSecure | Articles and insights into cybersecurity and penetration testing from NotSoSecure. |
SpiderLabs | Updates and insights from SpiderLabs, focusing on cybersecurity and digital forensics. |
Corelan | Blog featuring tutorials and tools related to exploit development and cybersecurity. |
Digininja | Research and insights into cybersecurity and penetration testing by Digininja. |
PaulDotCom | Blog covering cybersecurity news, tools, and techniques. |
Attack Vector | Insights and discussions on cybersecurity and hacking from Attack Vector. |
Deviating | Articles and insights into cybersecurity and digital forensics. |
AlphaOne Labs | Blog covering cybersecurity, hacking, and technology from AlphaOne Labs. |
Smashing Passwords | Tips and techniques related to password security and cracking. |
WireWatcher | Blog focusing on cybersecurity and network monitoring. |
Gynvael Coldwind | Articles and challenges related to cybersecurity and hacking by Gynvael Coldwind. |
Nullthreat | Blog covering cybersecurity and penetration testing topics. |
Question Defense | Insights into cybersecurity, digital forensics, and technology. |
ArchangelAmael | Blog covering cybersecurity, hacking, and technology by ArchangelAmael. |
Memset | Articles and insights into cybersecurity and digital security topics by Memset. |
Sickness | Blog focusing on cybersecurity and hacking techniques. |
Punter-Infosec | Insights into cybersecurity, ethical hacking, and digital forensics by Punter-Infosec. |
Security Ninja | Blog covering cybersecurity and ethical hacking topics from Security Ninja. |
Security and Risk | Insights and discussions on cybersecurity and risk management. |
Esploit | Articles and tools related to cybersecurity and hacking. |
Pentestit | Blog focusing on penetration testing and cybersecurity challenges. |
Name | Description |
---|---|
sla.ckers.org | Forum focusing on web application security, including vulnerabilities and exploits. |
Ethical Hacker Network | Community forum for ethical hackers and cybersecurity professionals to discuss topics and share knowledge. |
BackTrack Linux Forums | Forums associated with BackTrack Linux, focusing on penetration testing and security tools. |
Elite Hackers | Forum discussing various aspects of hacking, security, and technology. |
Hack This Site | Forum associated with the Hack This Site community, focusing on hacking challenges and discussions. |
Security Override | Forum for discussions on cybersecurity topics, vulnerabilities, and defense strategies. |
iExploit | Forum specializing in discussing and sharing exploits and vulnerabilities. |
Bright Shadows | Community forum for discussions on hacking techniques, security tools, and cybersecurity news. |
Government Security | Forum focusing on cybersecurity discussions, including government and enterprise security issues. |
intern0t | Forum for discussions on hacking, security, and technology. |
0x00sec | Community forum focusing on hacking, malware analysis, computer engineering, and reverse engineering. |
Antichat | Russian-based forum discussing various aspects of hacking and cybersecurity. |
CODEBY.NET | Russian-based forum covering hacking, web application penetration testing (WAPT), malware analysis, computer engineering, reverse engineering, and forensics. |
EAST Exploit Database | Exploit database focusing on commercial exploits written for the EAST Pentest Framework. |
Greysec | Forum dedicated to hacking and cybersecurity discussions, including tutorials and challenges. |
Hackforums | Forum for posting about hacks, exploits, and various cybersecurity discussions. |
4Hat Day | Brazilian-based forum focusing on hacking and cybersecurity topics. |
CaveiraTech | Brazilian-based forum covering general hacking and cybersecurity discussions. |
Name | Description |
---|---|
Foot Printing with WhoIS/DNS records | A comprehensive white paper by SANS on using WhoIS and DNS records for footprinting. |
Google Dorks/Google Hacking | A list of powerful Google search commands for hacking, revealing the full potential of the world's largest search engine. |
Nmap | A detailed manual for Nmap, one of the most widely used network scanning tools. |
Recon-ng | An open-source reconnaissance framework designed for advanced network reconnaissance. |
Shodan | A search engine for internet-connected devices, providing detailed information about device vulnerabilities. |
Maltego | A comprehensive tool for network and link analysis, visualizing relationships between data points. |
SpiderFoot | An automated OSINT (Open Source Intelligence) tool for threat intelligence and reconnaissance. |
Metasploit | A powerful penetration testing tool with modules for scanning, exploiting, and reporting. |
Zenmap | The official GUI for Nmap, making network scanning more user-friendly and accessible. |
theHarvester | A tool designed to gather emails, subdomains, hosts, employee names, and more from public sources. |
Netcat | A versatile networking tool for reading from and writing to network connections using TCP or UDP. |
Amass | An open-source tool for network mapping of attack surfaces and external asset discovery using passive information gathering and active reconnaissance techniques. |
Name | Description |
---|---|
Awesome Hacking | A curated list of awesome hacking tools, guides, and resources. π οΈ |
fsociety | Comprehensive hacking toolkit including exploits, reconnaissance, and more. π§° |
Hacking Tool | Collection of hacking tools for various purposes, from penetration testing to network analysis. π‘οΈ |
Hacker Roadmap | Roadmap for beginners to learn about different facets of hacking and cybersecurity. π£οΈ |
Cheatsheet God | Comprehensive cheatsheets for various hacking techniques, including OSCP preparation. π |
Movies for Hackers | List of movies every hacker should watch for entertainment and inspiration. π₯ |
Free Security E-Books | A collection of freely available e-books covering diverse topics in cybersecurity. π |