- !!! Always do all work from VM or dedicated machine for that, remember that all tools that you install may have some
- viruses, trojans, etc(mostly not but risk exists).
- So you shoul prevent them to access your real machine with you secure data. !!!
- Also dont forget to use VPN, even when using training vm from hackthebox(cause u will be sharing same network with many people)- https://www.youtube.com/watch?v=WnN6dbos5u8&ab_channel=TheCyberMentor - Course for beginners
- Staring Point course from https://www.hackthebox.com/
- https://pwning.owasp-juice.shop/ - How to pawn Juice Shop guide
- https://book.hacktricks.xyz/ - many tutorials and howtos
- https://guyinatuxedo.github.io/index.html - exsploits & reverse engineering course
- https://medium.com/purple-team/buffer-overflow-c36dd9f2be6f - buffer overflow for beginers
- https://medium.com/cyber-unbound/buffer-overflows-ret2libc-ret2plt-and-rop-e2695c103c4c - buffer overflow, how to pass ASLR & PIE & NO-STACK-EXECUTION protection
- https://github.com/tanprathan/OWASP-Testing-Checklist - OWASP testing checklist. Help to not forget something
- https://owasp.org/www-project-web-security-testing-guide/v41/ - OWASP testing guide for checklist above ^
- https://www.youtube.com/c/JohnHammond010/playlists - Many cool videos on Binary exploatation, reverse engineering, cryptography, etc
- https://www.vmware.com/products/workstation-player.html - VM player to run Kali
- https://www.kali.org/ - Kali linux for pentesters. Base Tool
- https://github.com/sullo/nikto - web site vulnerability scanner.
- https://wpscan.com/wordpress-security-scanner - wordpress vulnrability scanner.
- https://www.kali.org/tools/nmap/ - NMAP port, script, vulnerability scanner. Base tool
- https://www.kali.org/tools/hydra/ - Login cracker for different protocols
- https://www.kali.org/tools/gobuster/ - Dir,Subdomains enumerator for websites
- https://www.metasploit.com/ - Pentesting framework. Base Tool
- https://github.com/carlospolop/PEASS-ng/tree/master/winPEAS - Privilege escalation for Win. Base Tool
- https://github.com/carlospolop/PEASS-ng/tree/master/linPEAS - Privilege escalation for Linux. Base Tool
- https://www.kali.org/tools/gdb/ - console debugger
- https://www.kali.org/tools/edb-debugger/ - edb debugger with ui
- https://ghidra-sre.org/ - A software reverse engineering (SRE) suite of tools developed by NSA's Research Directorate in support of the Cybersecurity mission
- https://github.com/slimm609/checksec.sh - checking executable security properties
- https://github.com/Gallopsled/pwntools/ - Pwntools is a CTF framework and exploit development library
- https://hunter.io/ - find emails on domain
- https://haveibeenpwned.com/ - find if email was leaked
- https://crt.sh/ - subdomain search
- https://builtwith.com/ - technology stack info
- https://search.censys.io/ - servers search engine
- https://www.shodan.io/ - servers search engine
- https://github.com/philipperemy/tensorflow-1.4-billion-password-analysis - how passwords changes with time + 1.4B email:pass
- https://www.hackthebox.com/ - Platform with VMs that you can try to hack
- https://tryhackme.com/ - training site
- https://github.com/juice-shop/juice-shop - Training app for web pentesters
- https://pentesterlab.com/ - excercices for hackers (not free)
- https://ropemporium.com/ - Learn return-oriented programming through a series of challenges.
- https://github.com/danielmiessler/SecLists/ - many different
- https://github.com/payloadbox/sql-injection-payload-list - SQL inj payloads
- https://github.com/foospidy/payloads - web payloads