- Linux
- Web sec
- Cryptography
- Steganography
- OSINT
- Binary exploitation
- Networking
- Cloud sec
- Windows
- Bug bounty
- General hacking resources
- Other cool contents
-
Collection of Beginner to Advanced level resources:
https://www.notion.so/Linux-Resources-ad018e0a007347ab9d039cc2d29c3bf4 -
Linux exercises[lab]:
https://overthewire.org/wargames/natas/ -
Linux challenges:
https://tryhackme.com/room/zthlinux -
Introduction to tmux:
https://www.youtube.com/watch?v=Lqehvpe_djs -
Learn find command in linux : I have tried to cover most of the flags used in
findcommand in incremental way.:
https://shishirsubedi.com.np/linux/find/ -
Bash Pitfalls:
https://mywiki.wooledge.org/BashPitfalls -
Iptables:
-
Nmap cheat sheet:
https://shishirsubedi.com.np/network/nmap/ -
Port Forwarding using chisel:
Local box : sudo ./chisel server -p 1880 --reverse
on Remote box : ./chisel client 10.6.31.213:1880 R:4506:127.0.0.1:4506
-
Bypassing IDS for network scanning using nmap - Part 1:
https://redcodelabs.io/blog/exploring_nmap_1.html -
FFUF — Everything You Need To Know:
https://www.cybersecnerds.com/ffuf-everything-you-need-to-know/ -
CURL — Everything You Need To Know:
https://www.cybersecnerds.com/curl-everything-you-need-to-know/ -
static-binaries:
https://github.com/andrew-d/static-binaries
-
CS253 - Web Security:
https://web.stanford.edu/class/cs253/ -
Exces XSS: A comprehensive tutorial on cross-site-scripting:
https://excess-xss.com/ -
Deserialization Attacks on Java:
-
IPPSEC's Videos on PHP deserialization:
-
Good Resource for Manual SQL injection:
https://sqlwiki.netspi.com/ -
Master the art of Cross Site Scripting:
https://brutelogic.com.br/blog/ -
List of XSS payloads:
http://www.xss-payloads.com -
XXE 3 hour workshop:
https://gosecure.github.io/xxe-workshop/
-
Multiple crypto challenges:
https://cryptopals.com/ -
Cryptography:
https://www.notion.so/Cryptography-4d846b9a6af44b9f995418d60f641a6a -
Quickly encoding, decoding, encryption, decryption, hashing:
https://medium.com/swlh/quickly-encoding-decoding-encryption-decryption-hashing-318f7b3ea11e -
CS255 stanford "Introduction to cryptography":
https://crypto.stanford.edu/~dabo/courses/OnlineCrypto/ -
Hamming codes part 1 ...:
https://www.youtube.com/watch?v=X8jsijhllIA -
Hamming codes part 2 ...:
https://www.youtube.com/watch?v=b3NxrZOu_CE
-
Steganography tools:
https://github.com/DominicBreuker/stego-toolkit -
Steganographic Decoder:
https://futureboy.us/stegano/decinput.html -
Steganographic Encoder:
https://futureboy.us/stegano/encinput.html -
Steganography Online[encode/decode]:
https://stylesuxx.github.io/steganography/ -
Really good article on Steganography:
https://hackersonlineclub.com/steganography/ -
Cheatsheet - Steganography 101:
https://pequalsnp-team.github.io/cheatsheet/steganography-101
-
Collection of OSINT Tools:
https://osintframework.com/ -
bellingcat - the home of online investigations:
https://www.bellingcat.com/ -
Osint Curious OSINT Resource List:
https://docs.google.com/document/d/14li22wAG2Wh2y0UhgBjbqEvZJCDsNZY8vpUAJ_jJ5X8/edit#heading=h.5mxacuke75jk
-
Cool playlist for introduction :
https://www.youtube.com/watch?v=iyAyN3GFM7A -
Nightmare: An intro to binary exploitation/reverse engineering course based around CTF challenges:
https://guyinatuxedo.github.io/ -
Exploit education:
https://exploit.education/
- Networking tutorial:
https://www.youtube.com/playlist?list=PLowKtXNTBypH19whXTVoG3oKSuOcw_XeW
- Hacking the Cloud: The Encyclopedia for Offensive Security in the Cloud:
https://hackingthe.cloud/
-
Special privileges on windows and exploiting them to get a system shell:
https://2018.romhack.io/slides/RomHack%202018%20-%20Andrea%20Pierini%20-%20whoami%20priv%20-%20show%20me%20your%20Windows%20privileges%20and%20I%20will%20lead%20you%20to%20SYSTEM.pdf -
Playlist for Basics of Active Directory:
https://www.youtube.com/playlist?list=PL3B8L-z5QU-Yw80HOGXXUASBfv_K1WwO5 -
Windows Privesc Cheat Sheet : Similar to gtfobins:
https://wadcoms.github.io/ -
Attacking Active Directory:
https://zer1t0.gitlab.io/posts/attacking_ad/
-
Awesome Bugbounty Writeups:
https://github.com/devanshbatham/Awesome-Bugbounty-Writeups -
All the DOD Sites Listed in Bug Programs, Open-Scope, Automation lai sajilo hola 😂 dod-sites.txt
-
How to Get Into Bug Bounties - Part 01:
https://0xprial.com/how-to-get-into-bug-bounties-part-01/
-
hacking-resources:
https://gist.github.com/selftaught/23943c6f04e59171cf11d625f220bf24 -
A course bundle of ethical hacking lessons:
https://drive.google.com/drive/folders/0B39jsuKsL3G8VFcxaG1jQ3BDQjg -
Yet another bundle of ethical hacking lessons/courses, but larger collection than the previous:
https://drive.google.com/drive/folders/1Se-U7xWI7-cK8Ez4hyFax5DCaZVAxzjU
-
If you don't understand what some linux command's do with all the flags and pipes added, this site explains it pretty nicely:
https://explainshell.com/ -
This repo has a lot of resources that may be required during a ctf challenge:
https://github.com/JohnHammond/ctf-katana -
OSCP notes:
https://hackanythingfor.blogspot.com/2020/08/oscp-personal-notes.html?m=1 -
InfoSec Write-ups:
https://medium.com/bugbountywriteup -
Reverse-shell:
https://resources.infosecinstitute.com/icmp-reverse-shell/#gref -
Linux | Windows Privilege Escalation Labs/Workshops/Slides:
https://github.com/sagishahar/lpeworkshop -
This is an online sqlmap powered tool that allows you to perform a fast SQLi check. Link:
https://suip.biz/?act=sqlmap -
Why you can't get a root shell with a script with suid bit set and owned by root?
https://www.youtube.com/watch?v=-wGtxJ8opa8 -
Privilege Escalation with LXD group:
https://www.hackingarticles.in/lxd-privilege-escalation/ -
Privilage escalation to the host from docker if docker.socks is mounted on your container:
https://thearkcon.com/static/wu/inception.pdf -
https://pop-eax.github.io/blog/posts/ctf-writeup/web/2020/08/01/h-cktivitycon-ctf-specialorder/
-
Simple VU Capture The Flag lab:
https://kernal.eu/posts/vuctflab/ -
Brute XSS - Master the art of Cross Site Scripting.:
https://brutelogic.com.br/ -
Behind the scenes of HTTPS: How does HTTPS actually work?:
https://robertheaton.com/2014/03/27/how-does-https-actually-work/ -
What is ctf and how to get started:
https://dev.to/atan/what-is-ctf-and-how-to-get-started-3f04 -
CTF challenges:
https://ctflearn.com/challenge/1/browse -
How I Hacked Facebook Again! Unauthenticated RCE on MobileIron MDM:
https://blog.orange.tw/2020/09/how-i-hacked-facebook-again-mobileiron-mdm-rce.html -
From the person who is the owner of a popular repo in github "Seclists". It will make you feel bad for sure, but worth reading: * How to Build a Cybersecurity Career [2019 Update] | Daniel Miessler:
https://danielmiessler.com/blog/build-successful-infosec-career/ -
So You Want to Be a Hacker: 2021 Edition | By TheCyberMentor:
https://tcm-sec.com/so-you-want-to-be-a-hacker-2021-edition/ -
How to Be an Ethical Hacker in 2021 | The Cyber Mentor:
https://www.youtube.com/watch?v=mdsChhW056A -
Bugs found in Facebook, writeups from @samm0uda:
https://ysamm.com/ -
Ex-NSA hacker tells us how to get into hacking!:
https://www.youtube.com/watch?v=SFbV7sTSAlA -
A Collection of Tools | Rawsec's CyberSecurity Inventory:
https://inventory.raw.pm/ -
The Confessions of the Hacker Who Saved the Internet:
https://www.wired.com/story/confessions-marcus-hutchins-hacker-who-saved-the-internet/ -
We Hacked Apple for 3 Months: Here’s What We Found:
https://samcurry.net/hacking-apple/ -
Collection of Github Repositories for 𝗛𝗮𝗰𝗸𝗶𝗻𝗴 / 𝗣𝗲𝗻𝘁𝗲𝘀𝘁𝗶𝗻𝗴 / 𝗕𝘂𝗴 𝗕𝗼𝘂𝗻𝘁𝘆.
- Book of Secret Knowledge = https://github.com/trimstray/the-book-of-secret-knowledge
- Awesome Hacking = https://github.com/Hack-with-Github/Awesome-Hacking
- Awesome Bug Bounty = https://github.com/djadmin/awesome-bug-bounty
- Awesome Penetration Testing = https://github.com/wtsxDev/Penetration-Testing
- Awesome Web Hacking = https://github.com/infoslack/awesome-web-hacking
- Awesome Hacking Resources = https://github.com/vitalysim/Awesome-Hacking-Resources
- Awesome Pentest = https://github.com/enaqx/awesome-pentest
- Awesome Red Teaming = https://github.com/yeyintminthuhtut/Awesome-Red-Teaming
- Awesome Web Security = https://github.com/qazbnm456/awesome-web-security
- Penetration Test Guide based on OWASP = https://github.com/Voorivex/pentest-guide
- Pentest Compilation = https://github.com/adon90/pentest_compilation
- Infosec Reference = https://github.com/rmusser01/Infosec_Reference
-
iamrajivd/pentest:
https://github.com/iamrajivd/pentest -
CyberDefenders: Blue Team CTF Challenges:
https://cyberdefenders.org/labs/ -
Free Tools | By SANS' Faculty:
https://www.sans.org/img/free-faculty-tools.pdf
.
.
.
.
All the resources/links above are collected from 'RESOURCES' in our Discord Server; credits to the ones who shared them as well as to the ones who created them. Go to CONTRIBUTORS.md to see the list of contributors.