Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
Wiki ▸ InfoSec
Cool stuff for "the Cyber" that tech antifa folks have played around with/contributed to/enjoyed pentesting in the past.
🔰 Are you a newbie and feeling a little overwhelmed by this page? Try our starting recommendations.
- At AnarchoTechNYC
- CTFs and Hacking Games
- Labs and practice VMs
- Lesson plans and guidance
- For defenders
- Other lists
- CTF team, a semi-private cybersecurity study group that puts the "ethical" back into "ethical hacking."
- Lockpicking club, a locksport practice session and meditative discussion circle featuring those most ubiquitous of doorway decorations.
- Mr. Robot's Netflix 'n' Hack, a weekly guided tour of hacking tools in pop culture.
CTFs and Hacking Games
Capture The Flag competitions (CTFs) are sets of puzzles intended to distill the essence of many aspects of professional computer security work into a single short-lived exercise that is objectively measurable. Most competitions are free to participate, and some even award prizes to winners. They are often associated with a conference or event, so are open only at certain times, run for a short while, then close and rank the participants according to the competition's scoring rules.
Wargames, sometimes also called hacking challenges, are stand-alone puzzlers that are always available (they are not associated with a time or event). Typically, they are organized into levels that get progressively harder as you solve more of them. Some hacking/wargame sites also organize challenges into categories based on the skills you need to solve them.
Deliberately vulnerable systems, or deliberately exploitable apps, are bundled software packages that are intentionally designed to be practice targets for exploitation attempts. These tools sometimes contain self-describing tutorials or exercise descriptions so that they can be used as a self-contained educational course. They are a noteworthy variant of wargames that can be played "offline" because you can download them to your own computer, like a practice lab.
Cyberwarfare Ranges are digital live-fire ranges, semi-private inter-networks where participants can set up and attack other participant's servers and services for educational purposes. They are typically heavily firewalled and accessible only with an invitation and/or through a VPN tunnel; think of them like the digital equivalent of paintball arenas or live-fire gun ranges.
ℹ️ A note on netiquette. While each of these gaming styles offer educational opportunities, most have slightly different etiquette. For instance, it's customary for participants to publish solutions to the challenges presented during CTF competitions in the form of writeups on blogs, but this is discouraged by many hacking challenge sites. Take a moment to familiarize yourself with the publisher of the challenge you're tackling before you publish your solution to the whole Internet, as you may be spoiling the fun of the game for others.
💡 There are more resources on this wiki. If you do end up tackling some of these hacking puzzlers, you'll definitely find some help elsewhere on this wiki, or the AnarchoTechNYC CTF team's wiki. For instance, sooner rather than later you'll find yourself identifying data formats you never recognized before.
CTF calendars and archives
Hundreds of upcoming CTFs are listed at:
- CTFTime.org - List of upcoming CTFs to compete in, central (unofficial) directory of teams, and archive of previous challenge write-ups for educational purposes.
- CapTF Calendar
An always-open game targeted for high school students but useful for anyone who is just starting out in computer security. Available games are PicoCTF 2013, PicoCTF 2014, PicoCTF 2017, and PicoCTF 2018.
An annual capture-the-flag contest that takes place every winter -- generally in January, but sometimes in February.
A crowdsourced collection of practice problems ranging from beginner to expert difficulty. Accounts are free, and anyone can post problems, solve problems, or share news about CTFs. Kind of like a HackerRank or CodeWars for cybersecurity challenges.
The fact that this wargame can be played entirely in your browser makes it really great if you are new to reverse engineering and binary exploitation as you do not have to worry about learning GDB or other tools to get going. It's still really fun even if you are not new. The levels start out simple -- grabbing a key from memory, basic stack smashing -- and get more complicated as defensive measures are enabled and the reversing task is made more complicated by obfuscation.
🚧 TK-TODO (needs a good, succinct description)
Learn how cryptosystems are built and how they are attacked. By the same creators as Microcorruption.
Pwn Adventure 3: Pwnie Island is a limited-release, first-person, true open-world MMORPG set on a beautiful island where anything could happen. That's because this game is intentionally vulnerable to all kinds of silly hacks! Flying, endless cash, and more are all one client change or network proxy away.
This is a series of games played over SSH. Each level corresponds to a user with a shell account on the game server. There's a set of binaries with their setuid flags set. The tasks are typically in the form of: exploit the binary, become the next user, repeat. Unlike micorcorruption, there's no nice webapp debugger, so you'll need to learn GDB, radare2 or something. I thought these were really fun, and because the environment is a lot less controlled than microcorruption, I learned a lot about how subtle factors can foil your exploit.
Like Over the Wire, the io games are played over SSH with the goal of escalating privileges to advance levels. Home to a great IRC channel too.
A variety of virtual machines, documentation and challenges that can be used to learn about a variety of computer security issues such as privilege escalation, vulnerability analysis, exploit development, debugging, reverse engineering, and general cyber security issues.
SQL injection challenges by increasing difficulty. Fun for the whole database family!
Mixture of Web and binary security challenges.
More memory corruption. Most levels are vulnerable services running on a particular port. You can exploit them remotely to get a shell, read a "flag" file, and register it with the website to be awarded "points."
A couple dozen diverse reverse engineering challenges, including Java programs, Windows executables, Linux binaries, and more.
Several hundred challenges across numerous cybersecurity categories that you can tackle on your own time. Also includes a leaderboard and encourages participants to post write-ups of their solutions to the hacking puzzles, so you can learn from others' successful hacks.
Month-long "Capture the Flag" and "Root the Box" style challenges, appearing monthly, and with a rolling scoreboard. They also provide (some) guidance in the form of a roadmap that may help guide you through some of their challenges. (But see also #Lesson plans and guidance, below.)
A set of increasingly difficult hacking "levels."
Free class for Web security structured as a set of video lessons, some covering multiple topics, some covering a single one. Additionally, there are coursework levels where you can hunt for bugs and experiment with exploitation in practice. As you work through the video content, try out the coursework to see what you can find!
Mostly a community site and forum, but has a number of categorized challenges as well, including a couple entirely about writing Web scraping programs.
A collection of a couple hundred stand-alone online challenges and several dozen practice labs ("virtual environments") in a variety of categories.
A set of challenges in categories such as cryptography, steganography, and Web exploitation "cover[ing] the exploits listed in the OWASP Top 10 Project [to] teach members the many other types of exploits that are found in today's applications; thus, helping them to become better programmers in the mean time."
A user-submitted collection of practice problems in various categories. Accounts are free, and anyone can post problems, solve problems, or share news about CTFs. Similar in functionality to CTFLearn.
A free-to-use "training platform designed to teach anyone the actionable skills needed to be effective in cybersecurity." Built by ForAllSecure, Inc., which provides cybersecurity training services, the site serves as an industry recruiting tool by running competitive CTFs. Usefully, the hacking challenges remain accessible and solvable after the competitions have ended, making the site akin to the explicitly educational PicoCTF. Consider signing up with a fake name and other false details to avoid being marketed at down the line.
Learn return-oriented programming through a series of challenges designed to teach ROP techniques in isolation, with minimal reverse-engineering and bug-hunting. Includes a beginner's guide to help newcomers learn the basics of ROP techniques, and a set of increasingly difficult challenges. Good for practicing how to write this specific kind of exploit development.
RPISEC's Modern Binary Exploitation (CSCI 4968)
This repository contains the materials as developed and used by RPISEC to teach Modern Binary Exploitation at Rensselaer Polytechnic Institute in Spring 2015. This was a university course developed and run solely by students to teach skills in vulnerability research, reverse engineering, and binary exploitation.
Set of network forensics puzzles run as part of regular contests.
Labs and practice VMs
- Penteseter Lab
- Malware Unicorn Workshops
- Root Me
- Open Security Training
- FuzzySecurity: Tutorials
- Hacking Lab
- PentestIT Labs
- Janos Gyerik's "Hacking contest on a Live CD"
Deliberately vulnerable systems
The OWASP Vulnerable Web Applications Directory Project (VWAD) is a comprehensive and well maintained registry of all known intentionally vulnerable Web applications currently available for legal security and vulnerability testing of various kinds. Notable items include Google Gruyere, the Damn Vulnerable Web Application, and WebGoat.
"[T]his application can be used by mobile security enthusiasts and students to learn or review the basics of mobile application security." Supplemental guides can be found on the author's site's DVIA page.
"The goal of this project is to simulate a real world environment to help people learn about other CPU architectures outside of the x86_64 space. This project will also help people get into discovering new things about hardware." Supplemental guides can be found on the author's blog: 1, 2.
Lesson plans and guidance
This section contains a curated, ordered list of supplementary educational content in an effort to provide those who want it with a suggested course "to go from start to finish." Although listed "in order," there are no rules for how you go about your own education. Many topics reference related subjects, or provide only a shallow examination of them so if you find something confusing, consider jumping around a bit until you feel more at ease, or take a break and watch one of our favorite conference talks from years past.
Exceptionally friendly and thorough introduction to penetration testing ("hacking") and general security concepts written with teenagers in mind. Perfect for people who want a more guided path to learning network security and computer exploitation basics. Pair with PicoCTF (described above).
Build a Computer from First Principles - Nand2Tetris
A freely available course and textbook for self-learners about the construction of modern, full-scale computer systems—hardware and software. The course follows a bottom-up path beginning with how simple electrical circuits can store information (i.e., "computer memory") all the way through to the workings of a modern laptop. The lectures, book chapters and projects are modular, so you can pursue subsets of them in any desired order and scope. The chapters and projects related to memory storage, the assembler, and the parser have profound implications for and are thus particularly relevant to security.
Linux From Scratch
These free guidebooks offer step-by-step instruction manuals for building a GNU/Linux system entirely from source code. (If you don't know what "a GNU/Linux system" is, read about Why Linux Is Better first.) Being able to build directly from source, rather than rely on difficult-to-inspect binary packages distributed by vendors, offers extreme advantages to security-conscious users, so it's wise to gain experience doing this. After completing the main guide, additional guides focus on particular interest areas. Of these, the "Hardened Linux From Scratch" guidebook, which "focuses on building an LFS system with heightened security," is of special note as it walks you through the process of configuring many of GNU/Linux's built-in security features. (Pair with Michiel Derhaeg's "Build Linux" tutorial.)
CTF Field Guide
A handy companion guide for learning an interdisciplinary set of skills in infosec, with a mind towards practicing them by puzzling out various CTF challenges.
A free guide by the makers of the free software exploitation framework known as Metasploit covering the basics of its use through a hands-on introduction in a practice environment against a pre-configured and deliberately vulnerable Linux system. Rather than expect this walk-through to explain the details of exploitation, use this guide to get a feel for the overall process of vulnerability discovery, assessment, exploitation, and persistence so that later guides that reference Metasploit and its numerous utilities are already at least cursorily familiar to you.
Lecture Series: Introductory x86 (32 bit)
A series of video lectures from Xeno Kovah's 2 day "Introductory x86" class in Fall of 2010. This is one of the more comprehensive free video resources for learning low-level programming (assembly language) and provides much of the background knowledge required to understand machine instructions and operation, for later use in exploit development ("shellcode") and reverse engineering. If you're having fun, continue on to ARM Assembly Basics from Azeria Labs.
Reverse Engineering for Beginners
A free e-book providing a complete study guide for learning how to analyze raw computer instructions and recover meaningful source code in the process. It provides practice exercises for those with a modest existing understanding of compiled languages like C or Java to work through and explanations of each step in the process. Pair with Malware Unicorn's Reverse Engineering 101 workshop.
Programming Linux Anti-Reversing Techniques
A free e-book, with an accompanying pre-compiled binary, that "teaches the reader how to code and analyze well known anti-reversing techniques for Linux. The book shows how a reverse engineer analyzes a binary using tools like IDA, Radare2, GDB, readelf, and more." Useful for learning reverse engineering beginners. Its companion repositories can be found on GitHub.
A free and condensed practical introductory course on cryptography, "freely available for programmers of all ages and skill levels." The book's Forward says it "starts with very simple primitives, and gradually introduces new ones, demonstrating why they’re necessary. Eventually, all of this is put together into complete, practical cryptosystems, such as TLS, GPG and OTR. The goal of this book is not to make anyone a cryptographer or a security researcher. The goal of this book is to understand how complete cryptosystems work from a bird’s eye view, and how to apply them in real software."
A Graduate Course in Applied Cryptography
A free textbook developed for use in Stanford's and New York University's computer science and mathematics departments covering cryptography. A beginning reader can read though the book to learn how cryptographic systems work and why they are secure. Some knowledge of basic algebra and probability is assumed but you do not need prior experience with graduate-level mathematics courses to utilize this book. (See also Coursera.org's Cryptography I course, taught by one of this book's co-authors.) Use this text if you are already well-versed with the material covered in "Crypto 101" (above).
More lesson material
Lectures by Prof. Dr. Christoph Meinel on "Internet Security - Weaknesses and Targets" gives a detailed introduction on problems concerning Internet and intranet security. After starting with some remarks on risk analysis and computer crimes, security weaknesses and targets are discussed in detail. The lecture concludes with the discussion on possibilities to detect attacks and intrusions and ethical issuses are introduced as well.
The compellingly written non-fiction account of an astronomer turned system administrator who, on his second day on the job, discovers an accounting error that leads to a highly personal and high-stakes hunt for a hacker attempting to infiltrate CIA and NSA computer systems. The events in the book take place in the mid-1980's, so the book offers a remarkable historic context on security system implementations and the humans who administered those systems at the time. Highly suggested reading material that's a little more exciting and a lot less dry than a textbook.
Simply start at the top and read down the page for an introduction to various privacy tools and relevant legal concepts. Each section provides a limited set of specific recommendations to follow up on. This is as brief a guided introduction to privacy issues and what to do about them as it gets. (For a more complete reference of privacy-enhancing software, see PRISM-Break.org.)
Start here if you're unconvinced that you "have something to hide." This site offers an accessible deep-dive into research about the data industry, how advertisers and communication service providers (like Facebook and Google) track you online, what they do with your information, and what you can do about it. It includes several short privacy guides along with a helpful interactive visualization breaking down which activity leaves what type of data trail and even an "8-day data detox" plan.
A thorough walk-through showing how to implement basic and intermediate cybersecurity best practices, geared for oppressed groups whose likely adversary are trolls, white supremacists, and other individuals or mob-sized malicious actors. Written with careful explanations and a good grasp of the state of the art. Highly recommended reading for the politically conscious defender.
A super-accessible guide providing "imminent technical support to survivors of domestic violence." This resource can be of use both to people facing intimate partner or domestic violence scenarios as well as anyone seeking a more focused guide regarding adversaries who are not State-level actors.
A meta-list of additional resources written, compiled, and maintained by the Crash Override Network, including links to purpose-built guides such as Prevent Doxing and additional pointers to third-party explainers, such as the Nonconsensual Intimate Images ("Revenge Porn") Removal Guide.
"This guide is for anyone who fears they might be targeted, or who is already under attack, for speaking their mind online, but is especially designed for women, people of color, trans and genderqueer people, and everyone else whose existing oppressions are made worse by digital violence. It details best security practices for social media, email, online gaming, website platforms, and ensuring privacy of personal information online, as well as the documentation and reporting of harassment, and caring for yourself emotionally during an online attack. You don’t need any specialized knowledge to use this guide – just basic computer and internet skills." Pair with the Crash Override Network's Prevent Doxing guide, linked above.
The Electronic Frontier Foundation's comprehensive guide to using privacy-enhancing technologies for defending yourself and your friends from (primarily corporate and State) surveillance. You can read it like a book, from beginning to end, or you can jump to tutorials on specific tools, advice about choosing the tools in the first place ("threat modeling" for a specific kind of user). Similar to Security In a Box.
A set of comprehensive guides to tools, tactics, and procedures for staying safer online and while using modern day necessities, like phones. The site is organized into sections covering basic principles ("Tactics Guides"), step-by-step instructions for specific tools ("Tool Guides"), and advice for people of specific demographics ("Community Guides") such as women who are human rights defenders. Similar to the Electronic Frontier Foundation's Surveillance Self-Defense.
The Tactical Technology Collective's "Exposing the Invisible" project includes its own self-defense resource listing geared specifically for people using the Internet to conduct journalistic investigations. Notably, this resource includes discussions of how to more safely and anonymously publish the results of investigations online. Pair with the Info-Activism How To Guide.
The "complete manual" of personal digital security maintained by the Tactical Tech Collective's GenderSec Wiki. Available in English and in Spanish.
A detailed report regarding the special-case risks travelers face at the United States border circa 2017. The report includes suggestions for what to do before, during, and after crossing the border to protect your personal data, privacy, and legal rights from violation by border agents.
A meta-list of additional security training resources for defenders in various situations, curated by digital security trainers making commitments update the list regularly. (This resource is probably more useful for trainers than it is for students, but it is useful nonetheless.) See also our own Persona-based training matrix.
A directory of dozens of radical server projects around the world where you can get free or low-cost email, chat, VPN, social media, and other anti-corporate services. The tools available to you on one or more of these servers can be used as drop-in replacements for the so-called "free" services offered by corporations funded by surveillance capitalism, such as GMail, Facebook, Twitter, OneDrive, Dropbox, and so on. See also LibreProjects.net for another view of the same information, and AlternativeTo.net's "Open Source Self-Hosted" directory for details about the free software powering these anti-corporate services, themselves.
- awesome-hacking (meta-list)
- Aman Hardikar's mindmaps
- Black Hat Arsenal Tools
- CapTF.com's Practice CTF List
- NetSec Focus - Learning Resources
- Security Now Curricula
- Sneakerhax's Getting Started Resources