Home

Awesome

Awesome Cyber Security

Awesome

A collection of awesome software, libraries, documents, books, resources, and cool stuff about security.

Inspired by Awesome Security and Herman Slatman.

Thanks to all contributors. You're awesome. This wouldn't be possible without you! The goal is to build a categorized, community-driven collection of very well-known resources.

List links and description

<a name="cert"></a>CERT and alerts

LinkDescription
CERT-EU - Latest News(Latest News) Computer emergency response Tean for the EU (Europe Union) institutions, bodies, and agencies
CERT-US - ALERTS(Alerts) US-CERT United States Computer Emergency Readiness Team
ICS-CERT-US - AlertsAn ICS-CERT Alert is intended to provide timely notification to critical infrastructure owners and operators concerning threats or activity with the potential to impact critical infrastructure computing networks.

<a name="certification"></a>Certification

LinkDescription
CEH - Certified Ethical HackerA Certified Ethical Hacker is a skilled professional who understands and knows how to look for weaknesses and vulnerabilities in target systems and uses the same knowledge and tools as a malicious hacker, but in a lawful and legitimate manner to assess the security posture of a target system(s). The CEH credential certifies individuals in the specific network security discipline of Ethical Hacking from a vendor-neutral perspective.
CISSP - CERTIFIED INFORMATION SYSTEMS SECURITY PROFESSIONALThe Certified Information Systems Security Professional (CISSP) is an information security certification for security analysts.
CompTIA Security +CompTIA Security+ is a global certification that validates the baseline skills you need to perform core security functions and pursue an IT security career.
GPEN - GIAC Penetration TesterThe GPEN certification is for security personnel whose job duties involve assessing target networks and systems to find security vulnerabilities. Certification objectives include penetration-testing methodologies, the legal issues surrounding penetration testing and how to properly conduct a penetration test as well as best practice technical and non-technical techniques specific to conduct a penetration test.
PWK - Penetration Testing Training with Kali LinuxPenetration Testing with Kali (PWK) is a self-paced, online course that introduces students to the latest ethical hacking tools and techniques.
PNPT - Practical Network Penetration TesterPNPT certification is an intermediate-level penetration testing exam experience. Students will have five (5) full days to complete the assessment and an additional two (2) days to write a professional report.
PENT - Professional Penetration TesterPENT is a zero to hero style instructor-led cybersecurity course to equip students to learn professional penetration testing & vulnerability assessment skills by building lab networks to practice network and application enumeration scanning, exploitation, privilege escalation, and lateral movement skills.
OSCP - Offensive Security Certified ProfessionalThe Offensive Security Certified Professional (OSCP) is the companion certification for our Penetration Testing with Kali Linux training course and is the world’s first completely hands-on offensive information security certification. The OSCP challenges the students to prove they have a clear and practical understanding of the penetration testing process and life-cycle through an arduous twenty-four (24) hour certification exam.

<a name="org"></a>Organizations

LinkDescription
CIS Center for Internet SecurityCIS® (Center for Internet Security, Inc.) is a forward-thinking, non-profit entity that harnesses the power of a global IT community to safeguard private and public organizations against cyber threats.
CVE - Common Vulnerabilities and ExposuresCVE® is a list of entries—each containing an identification number, a description, and at least one public reference—for publicly known cybersecurity vulnerabilities.
No more ransomwareNeed Help unlocking your digital life without paying your attackers?
OWASPOpen Web Application Security Project
ZeroDayInitiative(Alerts) Zero Day Initiative

<a name="blogs"></a>Informatives and blogs

LinkDescription
Mandiant Research BlogsAdvesary and threat Research oriented cybersecurity blogs
Elastic Security Labs BlogsCybersecurity Research oriented blogs
DarkRelay Security Labs BlogsCybersecurity blogs
EffectHackingBlog
ICS SansSans Industrial Control Systems blog
GBHackers on SecuritySecurity blog
Google Security BlogGoogle Security Blog
g0tmi1k BlogHacker blog
Hacker SecurityHacker security News and Blog
HelpNetSecurityHelp Net Security
Security FocusSecurity Focus
SecurityWeekInternet and Enterprise Security News, Insights e Analysis
Security art WorkSecurity art Work
Security AffairsCopyright 2015 Security Affairs by Pierluigi Paganini All Right Reserved.
The Hacker NewsThe Hacker News Security in a Serius Way
Virus GuidesPowered by Knowledge
MalwaretechNews about Malware
WeLiveSecurityNews, Views, and insight from the ESET security community
Virtual Dispersive NetworkingVirtual Dispersive Networking for Cyber Security Blog
Advisory WeekSecurity Advisories published by major vendors this week

<a name="training"></a>CTF, Training L3g@l and G@mes

LinkDescription
BetterMotherFucking CTFMotherfuckingCTF inspired platform. But better.
CTF365CTF Practicing
FBCTFFacebook Capture the Flag
Hacker ExperienceGame of Hacker Experience
HackflagBrazilian Hackflag
Hacking-LABHacking-Lab is an online ethical hacking, computer network and security challenge platform, dedicated to finding and educating cyber security talents.
HackTheBoxPen-testing Labs
Over The WireThe wargames offered by the OverTheWire community can help you to learn and practice security concepts in the form of fun-filled games.
Open Security TrainingOpenSecurityTraining.info is dedicated to sharing training material for computer security classes, on any topic, that are at least one day long.
Pwnable.kr'pwnable.kr' is a non-commercial wargame site which provides various pwn challenges regarding system exploitation.
Trailofbits GithubCTF Field Guide
ShellterSocial Network focused on information security

<a name="hackactivism"></a>Non-legal Cyber activism

LinkDescription
Zone-HList of sites attacked by unethical Hackers
WikiLeaksWikiLeaks is a multi-national media organization and associated library.

<a name="ithack"></a>IT Hacking DB list

LinkDescription
Google Hacking DatabaseGoogle Hacking Database (GHDB)

<a name="athack"></a>AT Hacking list

LinkDescription
ShodanOpen ports in A.T
CritifenceDefault Password database of A.T

<a name="courses"></a>Courses and Guides Sites

LinkDescription
CybraryFree and Open Source Cyber Security Learning
O Tao do Desenvolvimento Seguro[PT-BR] Safe Development Guide
Guru99Website with guides and a Free Ethical Hacking Course
PortSwigger LabsFree learning resources focused on web and API security only
DarkRelay Security LabsFree & paid cybersecurity trainings with certifications

<a name="os"></a>OS - Operation Systens

LinkDescription
BackBoxLinuxBackBox Linux is a penetration testing and security assessment-oriented Linux distro.
BlackArchLinuxBlackArch Linux is an Arch Linux-based penetration testing distribution for penetration testers and security researchers. The repository contains 1925 tools. You can install tools individually or in groups. BlackArch Linux is compatible with existing Arch installs.
KaliPenetration Testing Distribution OS
Kali PurpleKali OS but for Defense
ParrotSecParrot Security Operating System is a Penetration Testing & Forensics Distro dedicated to Ethical Hackers & Cyber Security Professionals.
QubesOSQubes OS is a security-oriented operating system (OS). The OS is the software that runs all the other programs on a computer. Some examples of popular OSes are Microsoft Windows, Mac OS X, Android, and iOS. Qubes is free and open-source software (FOSS).
Samurai Web Tester FrameworkWeb Tester OS
PENTOOSPentoo is a security-focused livecd based on Gentoo
VulnhubOS with vulnerabilities for pentests

<a name="tools"></a>Tools

LinkDescription
PixeeFinds security & performance issues in code and creates merge-ready pull requests with recommended fixes.
CrowdSecOpen-source, free, & collaborative IPS/IDS (Go lang), analyzes visitor behavior & provide an adapted response.
Find Sec BugsThe FindBugs plugin for security audits of Java Web Applications.
SonarqubeStatic Code Reviewer
PunkSPIDERA global web application vulnerability search engine.
Metasploit FrameworkPentest Framework used by Kali Linux.
NMapNmap "Network Mapper" is a free and open source utility for network discovery and security auditing.
NetcatNetcat is a featured networking utility which reads and writes data across network connections, using the TCP/IP protocol.
TCPDumpTcpdump prints out a description of the contents of packets on a network interface that match the boolean expression;
OSSECOSSEC is a multiplatform, opensource and free HIDS
WazuhWazun is an open source enterprise-ready security monitoring solution for threat detection, integrity monitoring, incident response and compliance.
w3afWeb Application Attack And Audit Framework
WiresharkWireshark is the world’s foremost and widely-used network protocol analyzer
OWASP ZAPOWASP ZAP is a MITM which is free and open source
ZeekZeek is an open source network security monitoring tool
zeek2esAn open source tool to convert Zeek logs to Elastic/OpenSearch. You can also output pure JSON from Zeek's TSV logs!
StellastraScans email headers to diagnose authentication and security issues including SPF, DKIM, and DMARC analysis.

<a name="books"></a>Books

LinkDescription
The Security Engineer Handbooka small book on how to make it in a security team, as part of a broader organization