Home

Awesome


title: Awesome Security Resources description: A collection of tools, cheatsheets, operating systems, learning materials, and more all related to security. There will also be a section for other Awesome lists that relate to cybersecurity. tags: [penetration-testing, tools, cheatsheet, awesome, security]

Awesome Glasses

Awesome Security Resources Awesome

A collection of tools, cheatsheets, operating systems, learning materials, and more all related to security. There will also be a section for other Awesome lists that relate to cybersecurity.

I seem to forget about all the tools and resources when attacking, defending, responding, or looking to learn about cyber security, the purpose of this is to help fix that.

Table of Contents

Security Focused Operating Systems

NameDescription
Commando VMVirtual Machine dedicated to penetration testing using Windows 10 built by FireEye.
FLARE-VMVirtual Machine dedicated to malware analysis and reverse engineering using Windows 10 built by FireEye.
Kali LinuxOpen source linux operating system. Lots of built in tools for penetration testing and offensive security.
Parrot OSDebian-based linux operting system focused on security and privacy. Has lots of built in tools.
SIFT WorkstationA group of free open-source incident response and forensic tools designed to perform detailed digital forensic examinations in a variety of settings.

Penetration Testing Tools

These tools are broken up into 4 categories. Enumeration, Exploitation, Privilege Escalation, and Miscellaneous.

NameDescription
Enumeration
NmapA free and open source utility for network discovery and security auditing.
LinEnumA scripted local linux enumeration tool.
PSPYA command line tool designed to snoop on processes without need for root permissions.
WPScanA free, for non-commercial use, black box WordPress security scanner written for security professionals and blog maintainers to test the security of their WordPress websites.
Exploitation
Exploit SuggesterPython script to suggesst different exploits to run on different Linux and Windows machines.
p0wny shellSingle-file PHP shell.
SharpCatA Simple Reversed Command Shell which can be started using InstallUtil (Bypassing AppLocker)
ShellPopGenerate easy and sophisticated reverse or bind shell commands to help you during penetration tests.
Shellcode toolsAbout miscellaneous tools written in Python, mostly centered around shellcodes.
ZackAttack!A new Tool Set to do NTLM Authentication relaying unlike any other tool currently out there.
Privilege Escalation
DirtyCow POCTable listing the source code to several different variations of dirtycow.
GTFOBinsA curated list of Unix binaries that can used to bypass local security restrictions in misconfigured systems.
Unix Privilege EscalationShell script to check for simple privilege escalation vectors on Unix systems.
Miscellaneous
CyberChefEncoding and decoding tool for a variety of different ciphers.
Kali ToolsList of all the tools that are pre-installed on Kali linux and an explanation to what they do.
Hack TricksWelcome to the page where you will find each hacking trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.
Payload All the ThingsA list of useful payloads and bypass for Web Application Security and Pentest/CTF.
Pentest BookThis book contains a bunch of info, scripts and knowledge used during my pentests.
Pentest ChecklistDifferent Checklists to run through durring a pentest engagement.
PWNToolsCTF framework and exploit development library.
Red Team ToolkitA collection of open source and commercial tools that aid in red team operations.
Various Pentest ToolsPentesting tools from a pentester.

DFIR

NameDescription
Jeffrey's Image Metadata ViewerShows the data that might be inside a digital image file.
Steganography ToolkitCollection of steganography tools - helps with CTF challenges.
VolatilityAn advanced memory forensics framework.
VolUtilityWeb App for Volatility framework

Malware Analysis

NameDescription
TriageMalware sandbox or analysis.
Hybrid AnalysisFree automated malware service
Virus TotalOnline malacious file analyzer

Reverse Engineering

NameDescription
GDBThe GNU Project Debugger
IDADissassembler has been the golden standard for years
GhidraGhidra is a software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate.
OllyDbgA 32-bit assembler level analysing debugger for Microsoft Windows.
Radare2A portable reversing framework.

Networking

NameDescription
CCNA SubredditSubreddit dedicated to the CCNA Exam.
CCNA\CCENT Training SeriesA full course of 84 videos for CCNA and CCENT Routing and Switching taught by Cisco Instructor Andrew Crouthamel.
CCNA Training SeriesYoutube Series on CCNA information.
ImpacketA collection of Python classes for working with network protocols.
SubnettingPracticeThe most extensive subnetting practice site on the web!
Subnetting.netSunetting practice tools.
WiresharkThe world’s foremost and widely-used network protocol analyzer.
Wireshark Certified Network AnalystYoutube series of 15 videos about the WCNA.
Wireshark Training DocumenationIn depth documentation on how to use wireshark.

Exploit Tools

NameDescription

OSINT

NameDescription
Bing Image SearchReverse image search.
DeHashedA hacked-database search-engine.
DNSDumpsterFree domain research tool that can discover hosts related to a domain.
Jeffrey's Image Metadata ViewerSimple and free tool that shows the Exif data on images.
NameCheckSearch site for usernames across different platforms.
NameCheckupSearch site for usernames across different platforms.
HaveIBeenPwnedCheck to see if an account has been involved in a databreach.
Scylla.shDatabase dumps search site.
SherlockHunt down social media accounts by username acrross social networks.
Threat JammerREST API for developers, security engineers, and other IT professionals to access curated threat intelligence data from a variety of sources.
TinEyeReverse image search.
Online TracerouteOnline Traceroute using MTR.
WhatsMyNameTool that allows you to enumerate usernames across many websites.
YandexReverse image search.

Practice Sites

NameDescription
Attack/Defense LabsVery well built security attack and defense labs.
Certified HackerIntentionally vulnerable website.
Defend the WebAn interactive security platform where you can learn and challenge your skills.
Enigma GroupWeb application security training.
Exploit EducationProvides a variety of resources that can be used to learn about vulnerability analysis, exploit development, software debugging, binary analysis, and general cyber security issues.
FLAWSAWS specific security challenge site.
GameofHacksThis game was designed to test your application hacking skills.
Gh0st NetworksCTF site for security practice.
Google CTFYearly CTF hosted by Google.com.
HackMeSite to share vulnerable web applications for practice in web hacking.
HackTheBoxBoot to root penetration testing practice site.
HackThisSiteWargame prictice site and community forums.
Hacking LabAn online ethical hacking, computer network and security challenge platform, dedicated to finding and educating cyber security talents.
Hellbound HackersHacking practice site.
IOWargame site to practice hacking skills.
OvertheWireBegniier wargames that teach the basics of security.
MicrocorruptionWargame to help in using a debugger and Assembly Language.
PentestItPenetration Testing Laboratories.
Pentest PracticeOnline security training environment.
Pentest TrainingA simple website used as a hub for information revolving around the varies services we offer to help both experienced and new penetration testers practice and hone their skills.
Permanent CTF ListList of CTFs that are always available online or able to be downloaded.
Pwnable.krWargame site to help improve hacking skills.
Pwnable.twA wargame site for hackers to test and expand their binary exploiting skills.
Reversing.krSite to test your Cracking and Reverse Engineering ability.
Ring0CTFHacking practice site.
RootMeHacking practice site.
SmashTheStackSite with various wargames available to practice.
Try2HackThis site provides several security-oriented challenges.
TryHackMeRoom based site for hacking practice with good instruction.
VulnHubDownloadable virtual machines to practice hacking.
WeChallSecurity challenge site.
WeChallsWargames to practice hacking.
Practice Labs
MetasploitableIntentionally vulnerable target machine for evaluating Metasploit
Pentest Labcontains examples to deploy a penetration testing lab on OpenStack provisioned with Heat, Chef and Docker.
SecGenCreates vulnerable virtual machines, lab environments, and hacking challenges, so students can learn security penetration testing techniques.
WebGOATA deliberately insecure application that allows interested developers just like you to test vulnerabilities commonly found in Java-based applications that use common and popular open source components.

Youtube Channels

NameDescription
13CubedThis channel covers information security-related topics including Digital Forensics and Incident Response (DFIR) and Penetration Testing.
BlackhatThis is the channel for the security conference, with lots of talks and demonstrations on different security topics.
Guided HackingA hacking and reverse engineering community with a focus on game hacking.
IppSecThis channel shows walkthroughs of different HackTheBox machines.
John HammondThis channel covers solving CTFs and programming.
Learn ForensicsThis channel is devoted to computer forensics.
LiveOverflowJust a wannabe hacker... making videos about various IT security topics and participating in hacking competitions.
StacksmashingThis channel uses Ghidra to reverse engineer various things.

Awesome Repos

NameDescription
Android SecurityA collection of android security related resources.
Application SecurityA curated list of resources for learning about application security.
CTFA curated list of CTF frameworks, libraries, resources and softwares.
Cybersecurity Blue TeamA curated collection of awesome resources, tools, and other shiny things for cybersecurity blue teams.
DevSecOpsCurating the best DevSecOps resources and tooling.
Embedded and IoT SecurityA curated list of awesome embedded and IoT security resources.
FuzzingA curated list of awesome Fuzzing(or Fuzz Testing) for software security.
GDPRProtection of natural persons with regard to the processing of personal data and on the free movement of such data.
Hacking - carpedm20A curated list of awesome Hacking tutorials, tools and resources.
Hacking - Hack with GithubA collection of various awesome lists for hackers, pentesters and security researchers.
Hacking - vitalysimA collection of hacking / penetration testing resources to make you better!
HoneypotsAn awesome list of honeypot resources
Industrial Control Systems SecurityA curated list of resources related to Industrial Control System (ICS) security.
ICS WriteupsCollection of writeups on ICS/SCADA security.
Incident ResponseA curated list of tools for incident response.
LockpickingA curated list of awesome guides, tools, and other resources related to the security and compromise of locks, safes, and keys.
Malware AnalysisA collention of awesome malware analysis tools
PentestA collection of awesome penetration testing resources, tools, and other shiny things.
Pcap ToolsA collection of tools developed by other researchers in the Computer Science area to process network traces. All the right reserved for the original authors.
ReversingA curated list of awesome reversing resources.
SecurityA collection of awesome software, libraries, documents, books, resources and cools stuffs about security.
Vehicle Security and Car HackingA curated list of resources for learning about vehicle security and car hacking.
Web SecurityA curated list of Web Security materials and resources.
Windows ExploitationA curated list of awesome Windows Exploitation resources, and shiny things.

Walkthroughs

NameDescription
Hackso.meCTF, HacktheBox, and Vulnhub walkthroughs
HackTheBox GuidesGuides/Walkthroughs for various retired HacktheBox machines.

Learning Materials

NameDescription
Enumeration
Advanced Nmap:Scanning FirewallsAdvanced Nmap techniques for how to scann various types of firewalls.
Learning Nmap: The Basics - Part 1The basics of how to use nmap.
Advanced Nmap: Some Scan Types - Part 2Various Nmap scan types, and the practical use of these commands to scan various devices and networks.
Advanced Nmap: Scanning Techniques Continued - Part 3More interesting scanning techniques.
Advanced Nmap: Fin Scan & OS DetectionVarious other command-line options.
db_nmapRunning nmap from within metasploit.
GoBuster GuideComprehensive guide on GoBuster tool.
Parsing lsWhy you shouldn't parse the output of ls(1).
Exploitation
AppLocker BypassUsing Rundll32 to bypass Applocker.
Attacking & Securing WordPressTecniques for enumeration and exploitation of wordpress sites.
Executing Meterpreter in Memorytechnique for executing an obfuscated PowerShell payload using Invoke-CradleCrafter in memory.
How to hack a Wordpress siteHacking a wordpress sites using different techniques.
How to pentest your WordPress siteHow to perform a pentest on you a wordpress site. More techniques and tools.
Metasploit TutorialMetasploit Tutorial for beginners: Master in 5 minutes.
Practical guide to NTLM RelayingPractical guide to help clear up any confusion regarding NTLM relaying.
WordPress plugin VulneribilitiesList of all vulnerabilities for WordPress plugins.
Reverse Engineering
Assembly Programming TutorialA tutorial on programming in nasm Assembly.
Beginners Guide to AssemblyThis guide will explain exactly what is necessary to begin cheat creation for generally any online computer game, including both fields to study, and tools to use.
Beginner Reverse Engineering InfoReddit collection of beginner information on getting into Reverse Engineering.
Building a Home Lab for Offensive SecurityGuide on how to build a home lab for security purposes.
Ghidra Simple Keygen GenerationFrom installing ghidra on ubuntu to writing a working keygen in python.
Ghidra TutorialYoutube playlist on how to use ghidra using different example files.
Guide to x86 AssemblyThis guide describes the basics of 32-bit x86 assembly language programming, covering a small but useful subset of the available instructions and assembler directives.
Guide to Assmebly in VS .NETThis tutorial explains how to use assembly code in a Visual Studio .NET project.
How to start out in Reverse EngineeringReddit post on the steps to get started in Reverse Engineering.
IDA Pro TutorialTutorial on how to reverse engineer with IDA Pro.
Intel 64 and IA32 Software ManualThis document contains all four volumes of the Intel 64 and IA-32 Architectures Software Developer's Manual.
Intermediate x86Intermediate Intel x86: Architecture, Assembly, Applications, & Alliteration. Part 2 to Into to x86.
Intro to Malware Analysis and Reverse EngineeringMalware analysis course to learn how to perform dynamic and static analysis on all major files types, how to carve malicious executables from documents and how to recognize common malware tactics and debug and disassemble malicious binaries.
Intro to x86Introductory Intel x86: Architecture, Assembly, Applications, & Alliteration.
Malware Analysis TutorialMalware Analysis Tutorials: a Reverse Engineering Approach.
Mastering GhidraVideo from Infiltrate 2019 on mastering Ghidra.
Myne-USFrom 0x90 to 0x4c454554, a journey into exploitation.
Reverse Engineering 101Vimeo video by Dan Guido
Reverse Engineering 101 - Malware UnicornMalwareunicorn.org provides workshops and resources for reverse engineering in the infosec space. Workshop content is now available.
Reverse Engineering 102Vimeo video by Dan Guido
Reversing for NewbiesA collection of tutorials aimed particularly for newbie reverse engineers.
RE Guide for beginnersMethodology and Tools of reverse engineering.
So you want to be a Malware AnalystMalwarebytes blog on becomming a malware analyst and what all is involved.
Windows oneliners to download and execute codeOneliners for executing arbitrary command lines and eventually compromising a system.
Where to start in leaning reverse engineeringForum post detailing the process to start learning reverse engineering.
Privilege Escalation
Basic Linux Privilege EscalationBlog teaching the basics of Linux Privelege Escalation.
Linux Privilege Escalation TechniquesSANS papers on the linux privilege escalation.
Linux Privilege Escalation tools/tacticsList of different linux privilege escalation tools and techniques as well as several scripts to download to automate the process.
Windows Privilege EscalationGuide on techniques for Windows Privilege Escalation.
LXD Privilege EscalationDescribes how an account on the system that is a member of the lxd group is able to escalate the root privilege by exploiting the features of LXD.
Shells
How to build a RATBuilding a RAT from scratch for educational purposes.
How to create a backdoorArticle on how to create a nearly undetectable backdoor with Cryptcat.
How to create a remote command shellCreating a remote command shell using a default windows command line tools
How to create a reverse ShellArticle detailing how to create a reverse shell and when to do it.
Reverse Shell in BashReverse shells in bash for Dummies by a Dummy.
Hacking and Pentesting
Pentesting MethodologyStep by step walkthough of a basic pentesting methodology.
The Hacking ProcessLots of information on the hacking process.
Guide to Penetration TestingVaronis Seven Part Guide to Penetration Testing.
CTF
CTF Field GuideHow to get started in CTFs

Books and Cheatsheets

NameDescription
Books
Programming from the Ground UpUsing Linux assembly language to teach new programmers the most important concepts in programming.
Cheatsheets
DFIR InfographicsInfographics about various DFI topics including file info, volume info, attribute info.
General DFIRCheatsheets for general dfir info.
Malware AnalysisCheatsheets for different aspects of malware analysis.
Memory ForensicsCheatsheets for memory forensics. SANS memory forensics.
OSINTCheatsheets for OSINT strategies and tools.
Pentesting Tools CheatsheetA quick reference high level overview.
Radare2 CheatsheetCheatsheet of common commands for program Radare2
Reverse Shell CheatsheetSeveral different types of reverse shells
SANS DFIRDigital Forensics and Incident Response cheatsheets from SANS.
SANS Pentest PostersThese are Pentesting Posters that SANS supplies.
SANS CheatsheetsVarious SANS cheatsheets.
THC Favorite tips, tricks and hacksVarious tips & tricks for typical penetration testing engagements from highon.coffee.
Volatility Command ReferenceQuick reference command list for Volatility.
Windows Post Exploitation Command ListQuick Reference command list used in post-exploitation of windows machines.
Windows Registry ForensicsCheatsheets on windows registry for different tools and information.
x86 and and64 instruction referenceReference for instructions with included summary of each.

Podcasts

NameDescription
7 Minute SecurityA weekly infosec podcast about pentesting, blue teaming and building a career in security.
Hackable?Hackable? gives us a front row seat to explore where we’re vulnerable in our daily routines, without even realizing it.
InfoSec ICUThe Health Information Security podcast from the Medical University of South Carolina.
Malicious LifeMalicious Life by Cybereason tells the unknown stories of the history of cybersecurity, with comments and reflections by real hackers, security experts, journalists, and politicians.
Risky BusinessRisky Business podcast features news and in-depth commentary from security industry luminaries.
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security StormcastA brief daily summary of what is important in cyber security.
Security Now!Security podcast with Steve Gibson and Leo Laporte.
The CyberWire DailyThe daily cybersecurity news and analysis industry leaders depend on.

Documentation

NameDescription
Security Policy TemplatesSANS has developed and posted here a set of security policy templates for your use.

Programming

NameDescription
C
Learn CFree interactive C tutorial.
Python
Learn PythonFree Python tutorial.

Industrial Control System Info

NameDescription
Learning Materials
Getting Started in ICSA Collection of Resources for Getting Started in ICS/SCADA Cybersecurity.
SCADA HackingInformation on how to hack ICS/SCADA devices.
Tools
CronpotICS/SCADA honeypot.
ICS Security ToolsTools, tips, tricks, and more for exploring ICS Security.

Contributing

Your contributions are always welcome! Please take a look at the contribution guidelines first.


If you have any question about this opinionated list, do not hesitate to contact me @johnson90512 on Twitter or open an issue on GitHub.