Awesome
Awesome Resources For Learning Ethical Hacking & Pentesting ⚡️
What I’m sharing here is a collection of some best resources about Hacking & Penetration Testing to make you learn faster! Let's make it the best resource repository for our community.
Contents
- Books
- Online
- Offline
- Vulnerable Machines and Websites
- Vulnerability Databases And Resources
- Malware Analysis
- Linux Penetration Testing OS
- Courses
- Workshop Playlists
- Security Talks and Conferences
- YouTube Channels
- Forums
You are welcome to fork and contribute.
Also you can find my writeups/tutorials on medium: @hussnainfareed :)
Books
- The Hacker Playbook 2: Practical Guide To Penetration Testing
- The Basics of Hacking and Penetration Testing, Second Edition: Ethical Hacking and Penetration Testing Made Easy
- Breaking into Information Security: Learning the Ropes 101
- Penetration Testing: A Hands-On Introduction to Hacking
- Social Engineering: The Art of Human Hacking
- Hacking: The Art of Exploitation, 2nd Edition
- Web Hacking 101
- OWASP Testing Guide (A must-read for web application developers and penetration testers)
- The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws
- The Basics of Web Hacking: Tools and Techniques to Attack the Web
Learning Platforms to Sharpen Your Skills
Online
Name | Description |
---|---|
CTF Hacker101 | The Hacker101 CTF is a game designed to let you learn to hack in a safe, rewarding environment. Hacker101 is a free educational site for hackers. |
Hack The Box :: Penetration Testing Labs | An online platform to test and advance your skills in penetration testing and cyber security. Join today and start training in our online labs. |
TryHackMe | TryHackMe is an online platform that teaches cyber security through short, gamified real-world labs. |
CTF365 | An account-based ctf site, awarded by Kaspersky, MIT, and T-Mobile. |
Backdoor | Pen testing labs that have a space for beginners, a practice arena, and various competitions, account required. |
Hack.me | Lets you build/host/attack vulnerable web apps. |
CTFLearn | An account-based ctf site, where users can go in and solve a range of challenges. |
OWASP Vulnerable Web Applications Directory Project (Online) | List of online available vulnerable applications for learning purposes. |
Pentestit labs | Hands-on Pentesting Labs (OSCP style) |
Root-me.org | Hundreds of challenges are available to train yourself in different and not simulated environments |
Vulnhub.com | Vulnerable By Design VMs for practical 'hands-on' experience in digital security |
Windows / Linux Local Privilege Escalation Workshop | Practice your Linux and Windows privilege escalation. |
Hacking Articles | CTF Brief Write-up collection with a lot of screenshots good for beginners. |
Rafay Hacking Articles, a great blog | Write up collections by Rafay Baloch. |
PentesterLab | 20$ signature, complete content basic to write exploits, web, android. |
CyberSec WTF | Emulated web pentesting challenges from bounty write-ups |
Pentest-Ground | Pentest Ground is a free playground with deliberately vulnerable web applications and network services. |
Off-Line
Name | Description |
---|---|
Damn Vulnerable Xebia Training Environment | Docker Container including several vulnerable web applications (DVWA, DVWServices, DVWSockets, WebGoat, Juiceshop, Railsgoat, django.NV, Buggy Bank, Mutilidae II and more) |
OWASP Vulnerable Web Applications Directory Project (Offline) | List of offline available vulnerable applications for learning purposes |
Vulnerable Machines/Websites
Vulnerability Databases And Resources
Vulnerability Databases are the first place to start your day as a security professional. Any new vulnerability detection is generally available through the public vulnerability databases. These databases are a big source of information for hackers to be able to understand and exploit/avoid/fix the vulnerability.
- http://www.exploit-db.com/
- http://1337day.com/
- http://securityvulns.com/
- http://www.securityfocus.com/
- http://www.osvdb.org/
- http://www.securiteam.com/
- http://secunia.com/advisories/
- http://insecure.org/sploits_all.html
- http://zerodayinitiative.com/advisories/published/
- http://nmrc.org/pub/index.html
- http://web.nvd.nist.gov
- http://www.vupen.com/english/security-advisories/
- http://www.vupen.com/blog/
- http://cvedetails.com/
- http://www.rapid7.com/vulndb/index.jsp
- http://oval.mitre.org/
- http://sploitus.com/
- http://cxsecurity.com/
Malware Analysis
Name | Description |
---|---|
Malware traffic analysis | list of traffic analysis exercises |
Malware Analysis - CSCI 4976 | another class from the folks at RPISEC, quality content |
[Bad Binaries] (https://www.badbinaries.com/) | walkthrough documents of malware traffic analysis exercises and some occasional malware analysis. |
Linux Penetration Testing OS
Name | Description |
---|---|
Kali | the infamous pen-testing distro from the folks at Offensive Security |
Parrot | Debian includes a full portable lab for security, DFIR, and development |
Android Tamer | Android Tamer is a Virtual / Live Platform for Android Security professionals. |
BlackArch | Arch Linux-based pentesting distro, compatible with Arch installs |
LionSec Linux | pentesting OS based on Ubuntu |
Courses
For those who want to do CEH, the following links are for you. 2. CBT Nuggets CEH Training 3. CEH Books 4. Guide to Binary Exploitation
Workshops/Playlists
Security Talks and Conferences
- InfoCon - Hacking Conference Archive
- Curated list of Security Talks and Videos
- Blackhat
- Defcon
- Security Tube
- Kevin Mitnick: Live Hack at CeBIT
- Ghost in the Cloud, Kevin Mitnick
- Kevin Mitnick | Talks at Google
- Complete Free Hacking Course: Go from Beginner to Expert Hacker Today
YouTube Channels
Now let’s get Towards YouTube Channel Links... These Channels are Shared By Hackers where They Upload their Video POCs.. Watching them u can actually understand how to demonstrate these types of attacks...
- LiveOverflow
- Black Hat
- Injector Pca
- Hisham Mir
- Devil Killer
- Suleman Malik
- Dem0n
- Frans Rosén
- HackerOne
- ak1t4 machine
- Shawar Khan
- vulnerability0lab
- Bugcrowd
- Vijay Kumar
- Web Development Tutorials
- Jan Wikholm
- Bhargav Tandel
- ErrOr SquaD
- SecurityIdiots
- Penetration Testing in Linux
- Hussnain Fareed
- Null Byte
- ZAID
- vabs tutorial
- the cyber mentor
- PwnFunction
- GetCyber
- Loi Liang Yang
Any Channel Link Missing? Kindly add it in the Comments
Forums
Name | Description |
---|---|
0x00sec | hacker, malware, computer engineering, Reverse engineering |
Antichat | russian based forum |
CODEBY.NET | hacker, WAPT, malware, computer engineering, Reverse engineering, forensics - russian based forum |
EAST Exploit database | exploit DB for commercial exploits written for EAST Pentest Framework |
Greysec | hacking and security forum |
Hackforums | posting webstite for hacks/exploits/various discussion |
Contribution
Your contributions and suggestions are heartily welcome. (emoji key)
NOTE:
All references are taken from the Internet and shared on the Internet xD Thanks to those who shared their opinion before that helped me learn 😉 if you have any questions, please ask in the comments. If you know about any good resource for beginners, please share it here.
<!-- ALL-CONTRIBUTORS-LIST:START - Do not remove or modify this section --> <!-- prettier-ignore-start --> <!-- markdownlint-disable --> <!-- markdownlint-restore --> <!-- prettier-ignore-end --> <!-- ALL-CONTRIBUTORS-LIST:END -->