Awesome
Offensive-Resources V3
((اللَّهُمَّ انْفَعْنِي بِمَا عَلَّمْتَنِي، وَعَلِّمْنِي مَا يَنْفَعُنِي، وَزِدْنِي عِلْمًا))
<hr>A Huge Learning Resources with Labs For Offensive Security Players.
<br>What is new in V3 ?
- Added Blockchain Security Section
- Added Game Hacking Section
- Added Car Hacking Section
- Added Source Code Review Section
- Added Telecom Security Section
- Added Malware Development Section
- Added VOIP security Section
- Added RFID & SDR Section
Mind Map
<img src="img/OffensiveResourcesV3.png "> <br> <br> <br>Content
- <a href="#infrastructure">Infrastructure</a>
- <a href="#wireless">Wireless</a>
- <a href="#iot--hardware">IoT & Hardware</a>
- <a href="#ics-and-scada">ICS and SCADA</a>
- <a href="#exploit-development">Exploit Development</a>
- <a href="#web-applications">Web Applications</a>
- <a href="#mobile-applications">Mobile Applications</a>
- <a href="#api">API</a>
- <a href="#cloud">Cloud</a>
- <a href="#reverse-engineering">Reverse Engineering</a>
- <a href="#social-engineering">Social Engineering</a>
- <a href="#offensive-programming">Offensive Programming</a>
- <a href="#blockchain">Blockchain</a>
- <a href="#car-hacking">Car Hacking</a>
- <a href="#game-hacking">Game Hacking</a>
- <a href="#source-code-review">Source Code Review</a>
- <a href="#telecom">Telecom</a>
- <a href="#malware-development">Malware Development</a>
- <a href="#voip">VOIP</a>
- <a href="#rfid--sdr">RFID & SDR</a>
Infrastructure
- Books
-
<a href="https://www.amazon.com/Hackers-Handbook-Strategy-Breaking-Defending/dp/0849308887">The Hacker's Handbook</a>
-
<a href="https://www.amazon.com/Advanced-Infrastructure-Penetration-Testing-methodized-ebook/dp/B076QC8FRT">Advanced Infrastructure Penetration testing</a>
-
<a href="https://www.amazon.com/Peter-Kim/e/B00J12259C/ref=dp_byline_cont_book_1">Hacker playbook series</a>
-
<a href="https://www.amazon.com/Art-Network-Penetration-Testing-company/dp/1617296821">The Art of Network Penetration Testing</a>
-
<a href="https://www.amazon.com/Mastering-Linux-Advanced-Penetration-Testing/dp/178934056X/">Mastering Kali Linux for Advanced Penetration Testing </a>
-
<a href="https://www.amazon.com/Advanced-Penetration-Testing-Highly-Secured-Environments-ebook/dp/B01A14X6LE/">Advanced Penetration Testing for Highly-Secured Environments</a>
-
<a href="https://www.amazon.com/Advanced-Penetration-Testing-Hacking-Networks/dp/1119367689/">Advanced Penetration Testing </a>
-
<a href="https://www.amazon.com/Hands-Penetration-Testing-Windows-PowerShell/dp/1788295668/">Hands-On Penetration Testing on Windows</a>
-
<a href="https://www.amazon.com/Mastering-Wireless-Penetration-Testing-Environments-ebook/dp/B00T4ACP78/">Mastering Wireless Penetration Testing for Highly Secured Environments</a>
-
<a href="https://www.amazon.com/Cybersecurity-state-art-organization-cybercriminals/dp/183882779X/">Cybersecurity - Attack and Defense Strategies</a>
-
<a href="https://www.amazon.com/Rtfm-Red-Team-Field-Manual/dp/1494295504/">RTFM: Red Team Field Manual</a>
-
<a href="https://www.amazon.com/Penetration-Testing-Hands-Introduction-Hacking/dp/1593275641/">Penetration Testing: A Hands-on Introduction to Hacking</a>
-
<a href="https://www.amazon.com/Hacking-Firewalls.../dp/B085LS67BH">Hacking: Hacking Firewalls & Bypassing Honeypot</a>
-
<a href="https://www.amazon.com/Red-Team-Development-Operations-practical/dp/B083XVG633">Red Team Development and Operations: A practical guide </a>
-
<a href="https://www.amazon.com/Hands-Red-Team-Tactics-operations/dp/1788995236">Hands-On Red Team Tactics</a>
-
- Courses
- <a href="https://www.offensive-security.com/pwk-oscp/">OSCP</a>
- <a href="https://www.offensive-security.com/pen300-osep/">OSEP</a>
- <a href="https://my.ine.com/CyberSecurity/learning-paths/9a29e89e-1327-4fe8-a201-031780263fa9/penetration-testing-professional">eCPPT</a>
- <a href="https://my.ine.com/CyberSecurity/learning-paths/154876ad-ae9f-43d6-add4-f635cab537a7/advanced-penetration-testing">eCPTX</a>
- <a href="https://www.sans.org/cyber-security-courses/network-penetration-testing-ethical-hacking/">SEC560</a>
- <a href="https://www.sans.org/cyber-security-courses/advanced-penetration-testing-exploits-ethical-hacking/">SEC660</a>
- <a href="https://www.sans.org/cyber-security-courses/red-team-exercises-adversary-emulation/">SEC564</a>
- <a href="https://academy.tcm-sec.com/p/practical-ethical-hacking-the-complete-course">Practical Ethical Hacking</a>
- <a href="https://academy.tcm-sec.com/p/windows-privilege-escalation-for-beginners">Windows Privilege Escalation for Beginners</a>
- <a href="https://academy.tcm-sec.com/p/linux-privilege-escalation">Linux Privilege Escalation for Beginners</a>
- <a href="https://academy.tcm-sec.com/p/movement-pivoting-and-persistence-for-pentesters-and-ethical-hackers">Movement, Pivoting, and Persistence</a>
- <a href="https://academy.tcm-sec.com/p/external-pentest-playbook">The External Pentest Playbook</a>
- <a href="https://www.pentesteracademy.com/activedirectorylab">CRTP</a>
- <a href="https://www.pentesteracademy.com/redteamlab">CRTE</a>
- <a href="https://www.pentesteracademy.com/gcb">PACES</a>
- <a href="https://www.mile2.com/professional-ethical-hacker/">CPEH</a>
- <a href="https://www.mile2.com/penetration-testing-engineer-outline/">CPTE</a>
- Labs
- <a href="https://www.amazon.com/Building-Virtual-Pentesting-Advanced-Penetration-ebook/dp/B01JLBMC8G">Building Virtual Pentesting Labs for Advanced Penetration Testing></a>
- <a href="https://www.hackthebox.eu/hacker/pro-labs">Hack The Box: Pro Labs</a>
- <a href="https://github.com/Marshall-Hallenbeck/red_team_attack_lab">Red Team Attack Lab</a>
- <a href="https://github.com/R3dy/capsulecorp-pentest">Capsulecorp Pentest</a>
- <a href="https://rmusser.net/git/admin-2/Infosec_Reference/src/branch/master/Draft/Building_A_Lab.md">Building a Lab</a>
- <a href="https://github.com/oliverwiegers/pentest_lab">Pentest Lab</a>
- <a href="https://github.com/itboxltda/pentestlab">Local PentestLab Management Script</a>
- <a href="https://github.com/s0wr0b1ndef/pentest-lab">Pentest-lab</a>
- <a href="https://github.com/indigos33k3r/portainer-pentest-lab">Offensive Security Lab</a>
- <a href="https://attackdefense.pentesteracademy.com/search">Pentesteracademy Labs</a>
- <a href="https://www.hackthebox.eu/">Hack The Box</a>
- <a href="https://www.vulnhub.com/">Vulnhub</a>
- <a href="https://www.offensive-security.com/labs/individual/">Offensive Security Proving Grounds</a>
- <a href="https://tryhackme.com">TryHackMe</a>
Wireless
- Books
- <a href="https://www.amazon.com/BackTrack-Wireless-Penetration-Testing-Beginners/dp/1849515581">BackTrack 5 Wireless Penetration Testing Beginner's Guide</a>
- <a href="https://www.amazon.com/Linux-Wireless-Penetration-Testing-Cookbook/dp/1783554088">Kali Linux Wireless Penetration Testing Cookbook</a>
- <a href="https://www.amazon.com/Mastering-Wireless-Penetration-Testing-Environments/dp/9352130839">Mastering Wireless Penetration Testing for Highly Secured Environments</a>
- Courses
- <a href="https://www.offensive-security.com/wifu-oswp/">OSWP</a>
- <a href="https://www.pentesteracademy.com/course?id=9">Wi-Fi Security and Pentesting</a>
- <a href="https://www.udemy.com/course/wi-fi-password-penetration-testing-course/">Wi-Fi Hacking and Wireless Penetration Testing Course </a>
- <a href="https://www.sans.org/cyber-security-courses/wireless-penetration-testing-ethical-hacking/">SEC617: Wireless Penetration Testing and Ethical Hacking</a>
- Labs
- <a href="https://www.amazon.com/Building-Pentesting-Lab-Wireless-Networks/dp/1785283154">Building a Pentesting Lab for Wireless Networks</a>
- The Courses and Books have explained how to build a lab
IoT & Hardware
- Books
-
<a href="https://www.amazon.com/Practical-IoT-Hacking-Fotios-Chantzis-ebook/dp/B085BVVSN6">Practical IoT Hacking: The Definitive Guide to Attacking the Internet of Things</a>
-
<a href="https://www.amazon.com/IoT-Hackers-Handbook-Practical-Internet/dp/1484242998">The IoT Hacker's Handbook: A Practical Guide to Hacking the Internet of Things</a>
-
<a href="https://www.amazon.com/IoT-Penetration-Testing-Cookbook-vulnerabilities/dp/1787280578">IoT Penetration Testing Cookbook: Identify Vulnerabilities and Secure Your Smart Devices</a>
-
<a href="https://nostarch.com/hardwarehacking">The Hardware Hacking Handbook: Breaking Embedded Security with Hardware Attacks</a>
-
<a href="https://www.amazon.com/Practical-Hardware-Pentesting-attacking-protecting/dp/1789619130">Practical Hardware Pentesting: A Guide to Attacking Embedded Systems and Protecting Them Against the Most Common Hardware Attacks</a>
-
- Courses
- <a href="https://www.sans.org/cyber-security-courses/iot-penetration-testing/">SEC556: IoT Penetration Testing</a>
- <a href="https://www.attify.com/iot-security-exploitation-training">Offensive IoT Exploitation</a>
- <a href="https://www.udemy.com/course/securing-iot-from-security-to-practical-pentesting-on-iot/">Securing IoT: From Security to Practical Pentesting on IoT </a>
- <a href="https://securinghardware.com/training/courses/">Applied Physical Attacks Series</a>
- Labs
- The Courses and Books have explained how to build a lab
ICS and SCADA
- Books
-
<a href="https://www.amazon.com/Hacking-Exposed-Industrial-Control-Systems/dp/1259589714">Hacking Exposed Industrial Control Systems: ICS and SCADA Security Secrets & Solutions</a>
-
<a href="https://www.amazon.com/Hacking-SCADA-Industrial-Control-Systems/dp/1533022062">Hacking SCADA/Industrial Control Systems: The Pentest Guide</a>
-
<a href="https://www.amazon.com/Handbook-SCADA-Control-Systems-Security/dp/1498717071">Handbook of SCADA/Control Systems Security</a>
-
<a href=""></a>
-
- Courses
- <a href="https://www.eccouncil.org/programs/ics-scada-cybersecurity/">ICS/SCADA Cybersecurity (Ec council)</a>
- <a href="https://www.sans.org/cyber-security-courses/ics-scada-cyber-security-essentials/">ICS410: ICS/SCADA Security Essentials</a>
- Labs
- The Courses and Books have explained how to build a lab
Exploit Development
- Books
-
<a href="https://www.amazon.com/Penetration-Testing-Shellcode-network-level-vulnerabilities-ebook/dp/B076H9DD9N">Penetration Testing with Shellcode</a>
-
<a href="https://www.amazon.com/Shellcoders-Handbook-Discovering-Exploiting-Security-ebook/dp/B004P5O38Q/">The Shellcoder's Handbook</a>
-
<a href="https://www.amazon.com/Hacking-Art-Exploitation-Jon-Erickson-ebook/dp/B004OEJN3I/">Hacking: The Art of Exploitation</a>
-
<a href="https://www.amazon.com/Attacking-Network-Protocols-Analysis-Exploitation/dp/1593277504/">Attacking Network Protocols: A Hacker's Guide to Capture, Analysis, and Exploitation</a>
-
<a href="https://www.amazon.com/Bug-Hunters-Diary-Software-Security/dp/1593273851/">A Bug Hunter's Diary</a>
-
<a href="https://www.amazon.com/Buffer-Overflow-Attacks-Exploit-Prevent-ebook/dp/B002C1B7SE/">Buffer Overflow Attacks: Detect, Exploit, Prevent</a>
-
<a href="https://www.amazon.com/Linux-Exploit-Development-Beginners-Step-ebook/dp/B082DMZHK2">Linux Exploit Development for Beginners</a>
-
<a href="https://www.amazon.com/Fuzzing-Brute-Force-Vulnerability-Discovery/dp/0321446119/">Fuzzing: Brute Force Vulnerability Discovery</a>
-
<a href="https://www.amazon.com/Fuzzing-Software-Security-Testing-Assurance/dp/1608078507/">Fuzzing for Software Security Testing and Quality Assurance</a>
-
<a href="https://www.fuzzingbook.org/">The Fuzzing Book</a>
-
<a href="https://www.amazon.com/Open-Source-Fuzzing-Tools-Rathaus-ebook/dp/B0050UZ258/">Open Source Fuzzing Tools</a>
-
<a href="https://www.amazon.com/Guide-Kernel-Exploitation-Attacking-Core/dp/1597494860">A Guide to Kernel Exploitation</a>
-
- Courses
-
<a href="https://www.offensive-security.com/ctp-osce/">OSCE</a>
-
<a href="https://www.offensive-security.com/awe-osee/">OSEE</a>
-
<a href="https://my.ine.com/path/019938d9-11cf-459b-b8ee-e662e10515f2">eCXD</a>
-
<a href="https://www.sans.org/cyber-security-courses/advanced-exploit-development-penetration-testers/">SEC760</a>
-
<a href="https://github.com/cranelab/exploit-development">Exploit-Development Repo</a>
-
<a href="https://guyinatuxedo.github.io/">Nightmare</a>
-
<a href="https://www.pentesteracademy.com/course?id=3">x86 Assembly Language and Shellcoding on Linux</a>
-
<a href="https://samsclass.info/127/127_S21.shtml">CNIT 127: Exploit Development</a>
-
<a href="https://www.pentesteracademy.com/course?id=7">x86_64 Assembly Language and Shellcoding on Linux</a>
-
<a href="https://www.pentesteracademy.com/course?id=41">Reverse Engineering Win32 Applications</a>
-
<a href="https://www.pentesteracademy.com/course?id=40">Reverse Engineering Linux 32-bit Applications</a>
-
<a href="https://www.pentesteracademy.com/course?id=13">Exploiting Simple Buffer Overflows on Win32</a>
-
<a href="https://www.udemy.com/course/reverse-engineering-and-exploit-development/">Reverse Engineering and Exploit Development </a>
-
<a href="https://www.udemy.com/course/exploit-development/">Exploit Development for Linux (x86)</a>
-
<a href="https://www.udemy.com/course/64bit-linux-exploit-development/">Exploit Development for Linux x64</a>
-
<a href="https://www.udemy.com/course/introduction-to-exploitzero-day-discovery-and-development/">Introduction to Exploit/Zero-Day Discovery and Development</a>
-
<a href="https://www.udemy.com/course/exploit-development-from-scratch/">Exploit Development From Scratch</a>
-
<a href="https://www.udemy.com/course/hands-on-exploit-development/">Hands-on Fuzzing and Exploit Development(Part 1)</a>
-
<a href="https://www.udemy.com/course/hands-on-exploit-development-advanced/">Hands-on Fuzzing and Exploit Development(Part 2)</a>
-
<a href="https://zdresearch.com/training/exploit-development/">ZDResearch Exploit Development</a>
-
- Labs
- Analyize previous and new zero-days vulnerabilities will dive you deep into the real-world
- <a href="https://cse466.pwn.college/">PWN collage</a>
- <a href="https://pwnable.kr/play.php">Pwnable</a>
- <a href="https://github.com/stephenbradshaw/vulnserver">Vulnserver</a>
- <a href="">BlazeDVD 5 Professional</a>
- <a href="">DVDx Player</a>
- <a href="">Easy CD DVD</a>
- <a href="">Easy Chat Server 3.1</a>
- <a href="">Easy File Sharing FTP Server 3.5</a>
- <a href="">Easy File Management Web Server 5.3</a>
- <a href="">Easy File Sharing Web Server 7.2</a>
- <a href="">Easy RM to MP3 Converter 2.7.3.7</a>
- <a href="">Eureka</a>
- <a href="">FreeFTP 1.0.8 </a>
- <a href="">FreeFloat</a>
- <a href="">KarjaSoft Sami FTP Server 2.0.1</a>
- <a href="">KnFTP Server 1.0.0</a>
- <a href="">Kolibri v2.0 HTTP Server</a>
- <a href="">Millenium MP3 Studio</a>
- <a href="">Minialic HTTP</a>
- <a href="">Minishare</a>
- <a href="">ProSysInfo TFTP Server TFTPDWIN 0.4.2</a>
- <a href="">QuickZip 4.60</a>
- <a href="">R v3.4.4</a>
- <a href="">Ricoh DC Software DL-10 FTP Server</a>
- <a href="">SolarFTP</a>
- <a href="">Soritong MP3 Player 1.0 </a>
- <a href="">Xitami Webserver 2.5</a>
- <a href="https://www.vulnhub.com/">Vulnhub</a>
- <a href="https://www.hackthebox.eu/">Hack the box</a>
Web Applications
- Books
- <a href="https://www.amazon.com/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470/">Web Application Hacker's Handbook</a>
- <a href="https://portswigger.net/web-security/all-materials">Portswigger learning materials</a>
- <a href="https://owasp.org/www-project-web-security-testing-guide/v42/">Owasp web Testing Guide</a>
- <a href="https://www.amazon.com/Real-World-Bug-Hunting-Field-Hacking/dp/1593278616">Real World Bug Hunting</a>
- <a href="https://payhip.com/ghostlulz">Bug Bounty playbook part 1 & 2</a>
- <a href="https://www.amazon.com/Mastering-Modern-Web-Penetration-Testing/dp/1785284584">Mastering Modern Web Penetration Testing</a>
- <a href="https://www.amazon.com/Mastering-Kali-Linux-Penetration-Testing-ebook/dp/B0721264KJ">Mastering Kali Linux for Web Penetration Testing</a>
- <a href="https://www.amazon.com/gp/product/B078MRV57M">Kali Linux Web Penetration Testing Cookbook</a>
- <a href="https://www.amazon.com/Bug-Bounty-Bootcamp-Reporting-Vulnerabilities-ebook/dp/B08YK368Y3">Bug Bounty Bootcamp</a>
- Courses
- <a href="https://www.offensive-security.com/awae-oswe/">OSWE</a>
- <a href="https://my.ine.com/CyberSecurity/learning-paths/50d07b7c-1224-4bda-a57b-3954e189bfc1/web-application-penetration-tester-professional">eWAPT</a>
- <a href="https://my.ine.com/CyberSecurity/learning-paths/7d3a5df8-a6cf-4855-b686-30e9d7e76425/advanced-web-application-penetration-testing">eWAPTX</a>
- <a href="https://www.sans.org/cyber-security-courses/web-app-penetration-testing-ethical-hacking/">SEC542</a>
- <a href="https://www.sans.org/cyber-security-courses/advanced-web-app-penetration-testing-ethical-hacking/">SEC642</a>
- <a href="https://hackersera.com/p/?page=online-training">Offensive bug bounty hunter part 1 &2 hackersera</a>
- <a href="https://hakin9.org/product/web-application-attacks-and-api-hacking-w51/">Web Application Attacks and API Hacking (W51)</a>
- Labs
- <a href="http://sourceforge.net/projects/bwapp/files/bee-box/">bWAPP</a>
- <a href="https://github.com/jbarone/penlab">penlab</a>
- <a href="https://portswigger.net/web-security/all-labs">Portswigger labs</a>
- <a href="https://hack.me/">Hack me</a>
- <a href="https://owasp.org/www-project-juice-shop/">OWASP Juice shop</a>
- <a href="https://owasp.org/www-project-broken-web-applications/migrated_content">Owasp Broken Web Apps </a>
- <a href="https://pentesterlab.com/">Pentesterlab</a>
- <a href="https://www.root-me.org/">root-me</a>
Mobile Applications
- Books
- <a href="https://owasp.org/www-project-mobile-security-testing-guide/">OWASP Mobile Security Testing Guide</a>
- <a href="https://www.amazon.com/Mobile-Application-Penetration-Testing-Vijay-ebook/dp/B019IOX4Y2/">Mobile application penetration testing</a>
- <a href="https://www.amazon.com/Mobile-Application-Hackers-Handbook/dp/1118958500/">Mobile applicatons hacker's handbook</a>
- <a href="https://www.amazon.com/Android-Hackers-Handbook-Joshua-Drake/dp/111860864X/">Android hacker's handbook/</a>
- <a href="https://www.amazon.com/iOS-Hackers-Handbook-Charlie-Miller/dp/1118204123/">iOS Hacker's Handbook</a>
- Courses
- <a href="https://my.ine.com/CyberSecurity/learning-paths/eec5479e-a8d1-4803-817f-c016bb528639/mobile-application-penetration-testing-professional">eMAPT</a>
- <a href="https://www.sans.org/cyber-security-courses/mobile-device-security-ethical-hacking/">SEC575</a>
- <a href="https://hackersera.com/p/?page=online-training">Offensive AndroHunter</a>
- <a href="https://www.udemy.com/course/bug-bounty-hunting-practical-android-penetration-testing/">ANDROID Hacking & Penetration Testing</a>
- <a href="https://www.udemy.com/course/hacking-and-pentesting-ios-applications/">Hacking and Pentesting iOS Applications </a>
- Labs
- <a href="http://damnvulnerableiosapp.com/">Damn Vulnerable iOS Application (DVIA)</a>
- <a href="https://pentester.land/cheatsheets/2018/10/12/list-of-Intentionally-vulnerable-android-apps.html">List of intentionally vulnerable Android apps</a>
- <a href="https://securitycompass.github.io/iPhoneLabs/">ExploitMe Mobile iPhone Labs </a>
- <a href="https://securitycompass.github.io/AndroidLabs/">ExploitMe Mobile Android Labs </a>
API
-
Books
- <a href="https://owasp.org/www-project-api-security/">OWASP API Security Project</a>
- <a href="https://www.amazon.com/Hacking-APIs-Application-Programming-Interfaces/dp/1718502443">Hacking APIs</a>
- <a href="https://www.manning.com/books/api-security-in-action">Api Secuirty in Action</a>
- <a href="https://www.manning.com/books/understanding-api-security">Understanding Api Security</a>
-
Courses
- <a href="https://hackerassociate.com/training-and-certification/oaes-offensive-api-exploitation-and-security-training/">OAES Offensive API Exploitation and Security</a>
- <a href="https://www.pluralsight.com/courses/owasp-top-ten-api-security-playbook">OWASP Top 10: API Security Playbook</a>
- <a href="https://ar-ar.facebook.com/officialhackersera/posts/1387454408290281?__tn__=-R">Offensive Api penetration testing</a>
- <a href="https://hakin9.org/product/web-application-attacks-and-api-hacking-w51/">Web Application Attacks and API Hacking (W51)</a>
- <a href="https://hakin9.org/course/api-security-offence-and-defence/">API Security: Offence and Defence (W35)</a>
-
Labs
- <a href="https://github.com/payatu/Tiredful-API">Tiredful API</a>
- <a href="https://github.com/rahulunair/vulnerable-api">vulnerable-api</a>
- <a href="https://github.com/marmicode/websheep">websheep</a>
Cloud
- Books
- <a href="https://www.amazon.com/AWS-Penetration-Testing-Beginners-Metasploit/dp/1839216921/">AWS Penetration Testing </a>
- <a href="https://www.amazon.com/Hands-Penetration-Testing-Kali-Linux/dp/1789136725/">Hands-On AWS Penetration Testing with Kali Linux</a>
- <a href="https://www.amazon.com/Pentesting-Azure-Applications-Definitive-Deployments/dp/1593278632/">Pentesting Azure Applications</a>
- <a href="https://www.amazon.com/Mastering-Cloud-Penetration-Testing-Sehgal/dp/1786461234/">Mastering Cloud Penetration Testing</a>
- Courses
- <a href="https://www.sans.org/cyber-security-courses/cloud-penetration-testing/">SEC588</a>
- Labs
- <a href="https://github.com/juanjoSanz/aws-pentesting-lab">AWS Pen-Testing Laboratory</a>
- Create Your own lab from the books <br>
Reverse Engineering
-
Books
-
<a href="https://www.amazon.com/Reversing-Secrets-Engineering-Eldad-Eilam/dp/0764574817">Reversing: Secrets of Reverse Engineering</a>
-
<a href="https://www.amazon.com/Mastering-Reverse-Engineering-Re-engineer-ethical-ebook/dp/B07BXTBP8W/">Mastering Reverse Engineering</a>
-
<a href="https://beginners.re/">Reverse Engineering for Beginners</a>
-
<a href="">The Ghidra Book: The Definitive Guide</a>
-
<a href="https://www.amazon.com/IDA-Pro-Book-Unofficial-Disassembler/dp/1593272898">The IDA Pro Book, 2nd Edition</a>
-
<a href="https://www.amazon.com/Practical-Reverse-Engineering-Reversing-Obfuscation/dp/1118787315">Practical Reverse Engineering</a>
-
-
Courses
- <a href="https://my.ine.com/CyberSecurity/learning-paths/67c2d9f8-f4f5-4705-b5e2-56d6c3583030/reverse-engineering-professional">eCRE</a>
- <a href="https://www.sans.org/cyber-security-courses/reverse-engineering-malware-malware-analysis-tools-techniques/">FOR610: Reverse-Engineering Malware</a>
- <a href="https://www.udemy.com/course/reverse-engineering-deep-dive/">Reverse Engineering Deep Dive</a>
- <a href="https://www.udemy.com/course/reverse-engineering-ida/">Reverse Engineering: IDA For Beginners</a>
- <a href="https://www.udemy.com/course/expert-malware-analysis-and-reverse-engineering/">Expert Malware Analysis and Reverse Engineering</a>
- <a href="https://www.udemy.com/course/x64dbg-debugger/">Reverse Engineering 1: x64dbg Debugger for Beginners </a>
- <a href="https://www.udemy.com/course/reverse-engineering-ghidra/">Reverse Engineering: Ghidra For Beginners </a>
- <a href="https://www.udemy.com/course/reverse-engineering-dnspy/">Reverse Engineering 6: Reversing .NET with dnSpy </a>
- <a href="https://www.youtube.com/watch?v=BRZq5EVQqhg&list=PLMB3ddm5Yvh3gf_iev78YP5EPzkA3nPdL">Reverse Engineering For Beginners (Youtube)</a>
-
Labs
- <a href="https://ctf101.org/reverse-engineering/overview/">CTF101: Reverse Engineering</a>
- <a href="https://cybertalents.com/competitions/reverse-engineering-ctf/challenges">CyberTalents: Reverse Engineering CTF</a>
- <a href="https://fareedfauzi.gitbook.io/practice-ctf-list/reverse-engineering">Reverse Engineering CTF List</a>
Social Engineering
- Books
-
<a href="https://www.amazon.com/Social-Engineering-Science-Human-Hacking/dp/111943338X/">Social Engineering: The Science of Human Hacking</a>
-
<a href="https://www.amazon.com/Social-Engineering-Art-Human-Hacking/dp/B08B6ZCT57/">Social Engineering: The Art of Human Hacking</a>
-
<a href="https://www.amazon.com/Social-Engineers-Playbook-Practical-Pretexting/dp/0692306617/">The Social Engineer's Playbook</a>
-
<a href="https://www.amazon.com/Social-Engineering-Hacking-Systems-Societies-ebook/dp/B07XHP7MQ5/">Social Engineering: Hacking Systems, Nations, and Societies</a>
-
<a href="https://www.amazon.com/Learn-Social-Engineering-internationally-renowned-ebook/dp/B079HYPC27/">Learn Social Engineering</a>
-
- Courses
-
<a href="https://www.udemy.com/course/learn-social-engineering-from-scratch/">Learn Social Engineering From Scratch</a>
-
<a href="https://www.udemy.com/course/learn-malware-social-engineering-and-osint-for-hacking/">The Complete Social Engineering: Phishing & Malware</a>
-
<a href="https://www.social-engineer.com/training-courses/advanced-practical-social-engineering-training/">Advanced Social Engineering Training</a>
-
<a href="https://www.cybrary.it/course/social-engineering/">Social Engineering (Cybrary)</a>
-
- Labs
- Bro, it's about human hacking. Just hack yourself xD
Offensive Programming
-
Books
- <a href="https://www.amazon.com/Hands-Penetration-Testing-Python-intelligent/dp/178899082X">Hands-On Penetration Testing with Python</a>
- <a href="https://www.amazon.com/Python-Penetration-Testing-Cookbook-post-exploitation/dp/1784399779">Python Penetration Testing Cookbook</a>
- <a href="https://www.amazon.com/Python-Offensive-PenTest-practical-penetration/dp/1788838971">Python for Offensive PenTest</a>
- <a href="https://www.amazon.com/Black-Hat-Python-Programming-Pentesters/dp/1593275900">Black Hat Python</a>
- <a href="https://www.amazon.com/Gray-Hat-Creating-Automating-Security/dp/1593277598">Gray Hat C#: A Hacker's Guide to Creating and Automating Security Tools</a>
- <a href="https://www.amazon.com/Black-Hat-Go-Programming-Pentesters/dp/1593278659">Black Hat Go: Go Programming For Hackers and Pentesters </a>
- <a href="https://www.amazon.com/Security-Go-Explore-Golang-services/dp/1788627911">Security with Go</a>
- <a href="https://www.amazon.com/Penetration-Testing-Perl-Douglas-Berdeaux/dp/1783283459">Penetration Testing with PerL</a>
- <a href="https://www.amazon.com/Black-Hat-Ruby-programming-Pentesters/dp/B08JHSF6GT">Black Hat Ruby</a>
-
Courses
- I encourage you to read the books, cause there are a lot of courses for offensive programming but the most are using python.
- <a href="https://www.udemy.com/course/learn-python-and-ethical-hacking-from-scratch/">Learn Python & Ethical Hacking From Scratch</a>
- <a href="https://www.udemy.com/course/ethical-hacking-python/">The Complete Python Hacking Course: Beginner to Advanced! </a>
- <a href="https://www.infosecinstitute.com/skills/learning-paths/offensive-bash-scripting/">Offensive Bash Scripting</a>
- <a href="https://www.pentesteracademy.com/course?id=21">Powershell for Pentesters</a>
-
Labs
- First of all try to create automation tools for your tasks. also you can search for offensive tools and try to write one on your own way.
- Tools:
- <a href="">Subdomain Enumeration</a>
- <a href="">Directory Bruteforcing</a>
- <a href="">Live Subdomain checker</a>
- <a href="">Google Dorking</a>
- <a href="">Extract javascript urls using page source</a>
- <a href="">Reverse & Bind Shells</a>
- <a href="">Protocol Enumeration</a>
- <a href="">Port Scanner (TCP & UDP)</a>
- <a href="">Hash & Password Cracking</a>
- <a href="">Fuzzer</a>
- <a href="">Malware ( Keylogger, Spyware, CryptoMalware, etc)</a>
- <a href="">Packet Sniffer</a>
- <a href="">Wifi Scanner or Bruteforcer</a>
- <a href="">Vulnerability Scanner ( Web, Network & System Vulnerabilities, etc )</a>
- <a href="">Exploition Tool ( Try to write an exploition tool for known vulnerability [e.x: Vsftpd backdoor exploition tool] ) </a>
- <a href="">Network Sniffer</a>
- <a href="">MAC address Changer</a>
- <a href="">Network Scanner</a>
Blockchain
-
Books
- <a href="https://www.amazon.com/Bitcoin-Blockchain-Security-Ghassan-Karame-ebook/dp/B01N7XNEF3">Bitcoin and Blockchain Security</a>
- <a href="https://www.amazon.com/Blockchain-Technology-Hacking-Financial-Framework-ebook/dp/B07221VJ1S">Blockchain Technology And Hacking</a>
- <a href="https://www.packtpub.com/product/hands-on-cybersecurity-with-blockchain/9781788990189">Hands-On Cybersecurity with Blockchain</a>
-
Courses
- <a href="https://blockchaintrainingalliance.com/products/cbsp">Certified Blockchain Security Professional (CBSP)</a>
- <a href="https://www.sans.org/cyber-security-courses/blockchain-smart-contract-security/">SEC554: Blockchain and Smart Contract Security</a>
- <a href="https://academy.101blockchains.com/courses/certified-blockchain-security-expert">Blockchain Security Expert (CBSE)</a>
- <a href="https://hakin9.org/course/attack-and-defence-in-blockchain-technologies-w39/">Attack and Defence in Blockchain Technologies (W39)</a>
- <a href="https://www.dasp.co/ ">Decentralized Application Security Project </a>
-
Labs
- <a href="https://github.com/ConsenSys/smart-contract-best-practices">smart contract security best practices</a>
- <a href="https://github.com/nccgroup/GOATCasino">GOATCasino</a>
- <a href="https://ethernaut.openzeppelin.com/level/0x4E73b858fD5D7A5fc1c3455061dE52a53F35d966">Ethernaut</a>
Car Hacking
-
Books
- <a href="https://www.amazon.com/Car-Hackers-Handbook-Penetration-Tester/dp/1593277032">The Car Hacker's Handbook</a>
- <a href="https://www.amazon.com/Hacking-Connected-Cars-Techniques-Procedures/dp/1119491800">Hacking Connected Cars</a>
-
Courses
- <a href="https://www.udemy.com/course/carhacking/">CAR HACKING 101</a>
- <a href="https://www.udemy.com/course/automotive-hacking-for-beginners/">Automotive hacking for Beginners</a>
- <a href="https://cyberweek.ae/2021/courses/car-hacking-training-automotive-cybersecurity-and-in-vehicle-networks-for-beginners-hitb-cyberweek-2021/">Car Hacking Training: Automotive Cybersecurity and In-Vehicle Networks for Beginners</a>
- <a href="https://quarkslab.com/training-practical-car-hacking/">Practical car hacking</a>
-
Labs
- Setup your lab from the courses & books
Game Hacking
-
Books
- <a href="https://www.amazon.com/Exploiting-Online-Games-Massively-Distributed/dp/0132271915">Exploiting Online Games</a>
- <a href="https://www.amazon.com/Game-Hacking-Developing-Autonomous-Online/dp/1593276699">Game Hacking: Developing Autonomous Bots for Online Games</a>
- <a href="https://www.amazon.com/Hacking-Video-Game-Consoles-ExtremeTech/dp/0764578065">Hacking Video Game Consoles</a>
- <a href="https://www.amazon.com/Game-Console-Hacking-PlayStation-Nintendo/dp/1931836310">Game Console Hacking: Xbox, PlayStation, Nintendo, Game Boy, Atari and Sega</a>
- <a href="https://www.amazon.com/Hacking-Xbox-Introduction-Reverse-Engineering/dp/1593270291">Hacking the Xbox: An Introduction to Reverse Engineering</a>
-
Courses
- <a href="https://www.youtube.com/playlist?list=PLt9cUwGw6CYG1b4L76vZ49tvI2mfmRSCl">CS420 Game Hacking Course</a>
- <a href="https://www.udemy.com/course/playhack/">Learn How To Code a Hack For ANY Game! - Game Hacking </a>
- <a href="https://www.udemy.com/course/cheat-engine-game-hacking-basics/">Game Hacking: Cheat Engine Game Hacking Basics</a>
- <a href="https://www.youtube.com/playlist?list=PLt9cUwGw6CYFSoQHsf9b12kHWLdgYRhmQ">Game Hacking Shenanigans - Game Hacking Tutorial Series</a>
- <a href="https://www.youtube.com/playlist?list=PL0DAC43CDE5EF7694">Game Hacking Tutorial</a>
-
Labs
- Setup your lab from the courses & books
Source Code Review
-
Books
- <a href="https://www.amazon.com/SECURE-COMPUTER-SOFTWARE-DEVELOPMENT-VULNERABILITY-ebook/dp/B01NAGF70E">SECURE COMPUTER SOFTWARE DEVELOPMENT: INTRODUCTION TO VULNERABILITY DETECTION TOOLS</a>
- <a href="https://www.amazon.com/Software-Vulnerability-Programming-Herbert-Thompson/dp/1584503580">Software Vulnerability Guide</a>
- <a href="https://www.amazon.de/-/en/Brian-Chess/dp/0321424778">ecure Programming with Static Analysis: Getting Software Security Right with Static Analysis</a>
- <a href="https://owasp.org/www-pdf-archive/OWASP_Code_Review_Guide_v2.pdf">OWASP Code Review Guide v2</a>
- <a href="https://www.codacy.com/ebooks/guide-to-code-reviews-I">The ultimate guide to code reviews - Edition I</a>
-
Courses (Tutorials)
- <a href="https://www.youtube.com/playlist?list=PLOeXMuu5HOMoYdidoH6UlghfrVVkzZ_cf">SAST</a>
- <a href="https://www.youtube.com/watch?v=fb-t3WWHsMQ">How to do Code Review - The Offensive Security Way</a>
- <a href="https://www.youtube.com/watch?v=eQ1I0wzS8p0">How to find vulnerabilities by source code review</a>
- <a href="https://www.youtube.com/watch?v=kpf3UkMc5Y4">Finding Security Vulnerabilities through Code Review - The OWASP way</a>
- <a href="https://www.youtube.com/watch?v=rAwxFw25x3E">OWASP DevSlop Show: Security Code Review 101 with Paul Ionescu!</a>
- <a href="https://www.youtube.com/watch?v=A8CNysN-lOM">How to Analyze Code for Vulnerabilities</a>
-
Labs
- <a href="https://pentesterlab.com/exercises?utf8=%E2%9C%93&query=code+review">Pentesterlab Code Review</a>
- <a href="https://github.com/h4x0r101/Damn-Vulnerable-Source-Code">Damn Vulnerable Source Code</a>
- <a href="https://github.com/uleroboticsgroup/SVCP4CDataset ">SVCP4CDataset</a>
Telecom
-
Books
- <a href="https://www.amazon.com/Security-Telecommunications-Networks-Advances-Information-ebook/dp/B002C73P2E ">Security for Telecommunications Networks</a>
-
Courses
- <a href="https://www.youtube.com/watch?v=3XUo7UBn28o">Mobile Network Hacking, IP Edition</a>
- <a href="https://www.youtube.com/watch?v=_f1SByh6f4Q">New Era in Telecom Hacking by Ali Abdollahi at BSides Toronto 2020</a>
-
Labs
- Setup your lab from the courses & books
Malware Development
-
Books
- You can read malware analysis books to get a deep understanding of malwares
-
Courses
-
<a href="https://institute.sektor7.net/red-team-operator-malware-development-essentials">RED TEAM Operator: Malware Development Essentials Course</a>
-
<a href="https://institute.sektor7.net/rto-maldev-intermediate">RED TEAM Operator: Malware Development Intermediate Course</a>
-
<a href="https://www.udemy.com/course/build-undetectable-malware-using-c-language-ethical-hacking/">Build Undetectable Malware Using C Language: Ethical Hacking</a>
-
<a href="https://www.udemy.com/course/malware-development-beginner-level/">Practical Malware Development For Beginners</a>
-
<a href="https://www.udemy.com/course/coding-botnet-backdoor-in-python-for-ethical-hacking/">Coding Botnet & Backdoor In Python For Ethical Hacking</a>
-
<a href="https://www.udemy.com/course/ehf-maldev-in-windows/">Ethical Hacking Foundations: Malware Development in Windows</a>
-
-
Labs
-
No need for online labs you need to write a malicious code
-
VOIP
-
Books
-
<a href="https://www.amazon.com/Hacking-VoIP-Protocols-Attacks-Countermeasures/dp/1593271638">Hacking VoIP: Protocols, Attacks, and Countermeasures</a>
-
<a href="https://www.amazon.com/Hacking-Exposed-VoIP-Security-Solutions/dp/0072263644">Hacking Exposed VoIP: Voice Over IP Security Secrets & Solutions</a>
-
<a href="https://www.amazon.com/Hacking-Exposed-Communications-Security-Solutions/dp/0071798765">Hacking Exposed Unified Communications & VoIP Security Secrets & Solutions, Second Edition</a>
-
-
Courses
- <a href="https://hakin9.org/product/w47-voip-pentesting/">VoIP Pentesting (W47)</a>
- <a href="https://academy.ehacking.net/p/voip-hacking-penetration-testing-training">VoIP Hacking & Penetration Testing Training</a>
- <a href="https://www.voip.school/p/voip-hacking">VoIP pentest and SIP hacking</a>
-
Labs
- Setup your lab from the courses & books
RFID & SDR
-
Books
- <a href="https://www.amazon.com/RFID-Security-Frank-Thornton-ebook/dp/B002C4KMKA">RFID Security</a>
- <a href="https://www.amazon.com/Inside-Radio-Attack-Defense-Guide/dp/9811084467">Inside Radio: An Attack and Defense Guide</a>
-
Courses
- <a href="https://www.udemy.com/course/the-vulnerability-of-rfid-tag/">Ethical RFID Hacking</a>
- <a href="https://training.hackersera.com/p/?page=online-training#collapsesdr1">SDR Exploitation</a>
- <a href="https://www.udemy.com/course/software-defined-radio/">SDR for Ethical Hackers and Security Researchers </a>
- <a href="https://www.udemy.com/course/advance-sdr-for-ethical-hackers-security-researchers/">Advance SDR for Ethical Hackers Security Researchers 2.0</a>
- <a href="https://www.udemy.com/course/software-defined-radio-3/">SDR for Ethical Hackers and Security Researchers 3.0</a>
-
Labs
- Setup your lab from the courses & books
Created By
<a href="https://www.linkedin.com/in/zer0verflow/">Zeyad Azima</a> & <a href="https://www.linkedin.com/in/yosef0x1/">Youssef Mohamed</a>