| Article | Description |
|---|---|
| Explore Hidden Networks With Double Pivoting | Good article for understanding network pivoting during penetration tests with multiple networks. |
| So You Want To Be A Hacker: 2021 Edition | Great guide on how to become an hacker/pentester. |
| Book | Description |
|---|---|
| A Bug Hunter's Diary | A Bug Hunter's Diary follows security expert Tobias Klein as he tracks down and exploits bugs in some of the world's most popular software. |
| Ghost In The Wires | Kevin's Mitnick account when he was on the run from the FBI. |
| Hacking: The Art of Exploitation | A bit outdated but definitely should be in any hackers aresnal, with working examples and tutorials on hacking. |
| Penetration Testing – A Hands-On Introduction to Hacking | Book about core skills and techniques that all hackers should have. |
| Red Team Field Manual | It is very handy and cheap but very effective and informative as well. It contains 90 pages of commands for Windows, Linux, Nmap, SQLMAP, VPN and more. |
| Serious Cryptography | This practical guide to modern encryption breaks down the fundamental mathematical concepts at the heart of cryptography. |
| The Art of Software Security Assessment | The Art of Software Security Assessment covers the full spectrum of software vulnerabilities in both UNIX/Linux and Windows environments. |
| The Cuckoo's Egg | It is his first-person account of the hunt for a computer hacker who broke into a computer at the Lawrence Berkeley National Laboratory (LBNL). |
| The Hacker Playbook 3 | This book is for those stepping up their penetration testing game or understand how advanced adversaries think and act. |
| The Shellcoder's Handbook | In a nutshell, this book is about code and data and what happens when the two become confused. |
| The Web Application Hacker′s Handbook | This practical book has been completely updated and revised to discuss the latest step-by-step techniques for attacking and defending the range of ever-evolving web applications. |
| Certificates | Description |
|---|---|
| Certification Road Map | A chart attempts to classify and rank security certifications based on reputation, difficulty, and usefulness of the material covered. |
| Certified Ethical Hacking V11 | Certified Ethical Hacker (CEH) is a qualification obtained by demonstrating knowledge of assessing the security of computer systems by looking for weaknesses and vulnerabilities in target systems. |
| CompTIA Security+ | CompTIA Security+ is a entry level certification that validates you have a good baseline of skills in security operations, assessing security posture, laws and regulations. |
| CompTIA Pentest+ | CompTIA Pentest+ is a new certification which is a good mid-point between Security+ and OSCP. Focus on tools and methodologies for conducting pentests. |
| CREST Registered Penetration Tester | The CREST Registered Penetration Tester examination is recognised by the NCSC as providing the minimum standard for CHECK Team Member status and is designed to assess a candidate’s ability to carry out basic vulnerability assessment and penetration testing tasks. |
| Offensive Security Certified Professional - OSCP | The OSCP is a foundational penetration testing certification, intended for those seeking a step up in their skills and career. PEN-200 and time in the practice labs prepare you for the certification exam. |
| Professor Messer | Well-known channel with quality courses preparing you for A+, Network+ and Security+ certifications. |
| Course | Description |
|---|---|
| Cybrary | Cybersecurity Professional Development Platform - contains many quality courses with hands-on labs e.g. for Pentest+ certification. Subscription based. 3 day free trial. |
| Learn Ethical Hacking From Scratch | Become an ethical hacker that can hack computer systems like black hat hackers and secure them like security experts. |
| Linux Heap Exploitation - Part 1 | An hands-on course, students will learn new techniques and developing their own exploits based on what they've learned. |
| Metasploit unleashed | Metasploit Unleashed (MSFU) course is provided free of charge by Offensive Security focusing on Metasploit framework. |
| Pluralsight | Wealth of online courses in all things IT. Subscription based. 200 minutes watching free trial. |
| Practical Ethical Hacking | The Cyber Mentor ethical hacking course. |
| Website | Description |
|---|---|
| BoxenTriq | Free tools and resources to help you solve code-breaking challenges and ciphers with some automation support. |
| Bugcrowd bug bounty list | The most comprehensive, up to date crowdsourced list of bug bounty and security disclosure programs from across the web curated by the hacker community. |
| CTFtime | CTF archive with a rating system as well. |
| CyberChef | CyberChef is a free service that you may use locally or online to convert, parse or carry out well over 100 different operations. |
| dcode.fr | dCode has a huge library of scripts for decoding or encoding messages with standard cryptography techniques. |
| explainshell | Command-line to see the help text that matches each argument |
| GTFOBins | GTFOBins is a curated list of Unix binaries that can used to bypass local security restrictions in misconfigured systems. |
| HackerOne | HackerOne is a vulnerability coordination and bug bounty platform. |
| HackTheBox Academy | Cyber security training with hands-on exercises and labs made by Hack The Box. |
| HackTheBox | HTB is an online platform allowing you to test your penetration testing skills and exchange ideas and methodologies with thousands of people in the security field. |
| HackThisSite | HackThisSite.org is a free, safe and legal training ground for hackers to test and expand their ethical hacking skills. |
| HighOn.Coffee | Penetration Testing && Security Research Blog. A lot of various cheatsheets, pentest tools. |
| Kali linux tools | List of all hacking tools included in the most popular hacking operating system. |
| Khaotic Developments | A collection of links to other high quality pentest resources, cheatsheets, guides etc. |
| OpenSecuirtyTraining | OpenSecurityTraining.info is dedicated to sharing training material for computer security classes. |
| OverTheWire | The wargames offered by the OverTheWire community can help you to learn and practice security concepts in the form of fun-filled games. |
| Pentest Monkey | |
| PicoCTF | PicoCTF is the largest cybersecurity hacking contest for middle and high school students. |
| Portswigger-Web Security | Website dedicated to showing indepth points of web security. |
| SecJuice | Secjuice is the only non-profit, independent and volunteer led publication in the information security space. |
| Steganography Online | Online Steganography tool with basic encode/decode functionality. |
| TryHackMe | TryHackMe is an online platform for learning cyber security, using hands-on exercises and labs. |
| StegOnline | A web-based, enhanced and open-source port of StegSolve. Upload any image file, and the relevant options will be displayed. View a live demo or download the offline version here |
| Vulnhub | To provide materials that allows anyone to gain practical 'hands-on' experience in digital security, computer software & network administration. |
| Virtual Card Reader | The Virtual Card Reader” scans and parses any punch card images generated by “The Virtual Keypunch. |
| We Chall.net | Site with challenges mainly focussed on computer-related problems. UI is bad but there's a huge amount of specialised sites linked. Also can track our progress with the linked sites. |
| Channel | Description |
|---|---|
| Andy | Developing intermediate-level skills. |
| DAY0 | Podcasts as well as other reverse engineering / exploit development-related media. |
| IppSec | Walkthroughs on retired machines on the HackTheBox website. |
| John Hammond | Tutorials on programming languages and other hacking related subjects. |
| LiveOverFlow | Capture the Flag write up's and hardware security research channel. |
| Nahamsec | Educational hacking videos for anyone with an interest in web application hacking with a focus on bug bounties. |
| NetworkChuck | Everything IT related, this channel is involved in. |
| STÖK | Content related to Cyber Security, Hacking, Penetration testing and Bug Bounties. |
| The Cyber Mentor | Helpful guides and tutorials that include indepth knowledge on certain subject matters. |