markdown-body entry-content container-lg" itemprop="text">

Awesome Hacking Resources

A collection of hacking / penetration testing resources to make you better!

Let's make it the biggest resource repository for our community.

You are welcome to fork and contribute.

We started a new tools list, come and contribute

Learning the Skills
YouTube Channels
Sharpening Your Skills
Reverse Engineering, Buffer Overflow and Exploit Development
Privilege Escalation
Network Scanning / Reconnaissance
Malware Analysis
Vulnerable Web Application
Vulnerable OS
Exploits
Forums
Archived Security Conference Videos
Online Communities
Online News Sources
Linux Penetration Testing OS

Learning the Skills

Name	Description
CS 642: Intro to Computer Security	academic content, full semester course, includes assigned readings, homework and github refs for exploit examples. NO VIDEO LECTURES.
CyberSec WTF	CyberSec WTF Web Hacking Challenges from Bounty write-ups
Cybrary	coursera style website, lots of user-contributed content, account required, content can be filtered by experience level
Free Cyber Security Training	Academic content, 8 full courses with videos from a quirky instructor sam, links to research, defcon materials and other recommended training/learning
Hak5	podcast-style videos covering various topics, has a forum, "metasploit-minute" video series could be useful
Hopper's Roppers Security Training	Four free self-paced courses on Computing Fundamentals, Security, Capture the Flags, and a Practical Skills Bootcamp that help beginners build a strong base of foundational knowledge. Designed to prepare for students for whatever they need to learn next.
Learning Exploitation with Offensive Computer Security 2.0	blog-style instruction, includes: slides, videos, homework, discussion. No login required.
Mind Maps	Information Security related Mind Maps
MIT OCW 6.858 Computer Systems Security	academic content, well organized, full-semester course, includes assigned readings, lectures, videos, required lab files.
OffensiveComputerSecurity	academic content, full semester course including 27 lecture videos with slides and assign readings
OWASP top 10 web security risks	free courseware, requires account
SecurityTube	tube-styled content, "megaprimer" videos covering various topics, no readable content on site.
Seed Labs	academic content, well organized, featuring lab videos, tasks, needed code files, and recommended readings
TryHackMe	Designed prebuilt challenges which include virtual machines (VM) hosted in the cloud ready to be deployed

YouTube Channels

Name	Description
0patch by ACROS Security	few videos, very short, specific to 0patch
BlackHat	features talks from the BlackHat conferences around the world
Christiaan008	hosts a variety of videos on various security topics, disorganized
	Companies
Detectify	very short videos, aimed at showing how to use Detictify scanner
Hak5	see Hak5 above
Kaspersky Lab	lots of Kaspersky promos, some hidden cybersecurity gems
Metasploit	collection of medium length metasploit demos, ~25minutes each, instructional
ntop	network monitoring, packet analysis, instructional
nVisium	Some nVisum promos, a handful of instructional series on Rails vulns and web hacking
OpenNSM	network analysis, lots of TCPDUMP videos, instructional,
OWASP	see OWASP above
Rapid7	brief videos, promotional/instructional, ~ 5 minutes
Securelist	brief videos, interviews discussing various cyber security topics
Segment Security	promo videos, non-instructional
SocialEngineerOrg	podcast-style, instructional, lengthy content ~1 hr each
Sonatype	lots of random videos, a good cluster of DevOps related content, large range of lengths, disorganized
SophosLabs	lots of brief, news-style content, "7 Deadly IT Sins" segment is of note
Sourcefire	lots of brief videos covering topics like botnets, DDoS ~5 minutes each
Station X	handful of brief videos, disorganized, unscheduled content updates
Synack	random, news-style videos, disorganized, non-instructional
TippingPoint Zero Day Initiative	very brief videos ~30 sec, somewhat instructional
Tripwire, Inc.	some tripwire demos, and random news-style videos, non-instructional
Vincent Yiu	handful of videos from a single hacker, instructional
	Conferences
44contv	in
MIT OCW 6.858 Computer Systems Security	Information security con based in London, lengthy instructional videos
BruCON Security Conference	security and hacker conference based in b\Belgium, lots of lengthy instructinoal videos
BSides Manchester	security and hacker con based in Mancheseter, lots of lengthy videos
BSidesAugusta	security con based in Augusta, Georgia, lots of lengthy instructional videos
CarolinaCon	security con based in North Carolina, associated with various 2600 chapters, lots of lengthy instructional content
Cort Johnson	a handful of lengthy con-style talks from Hack Secure Opensec 2017
DevSecCon	lenghty con videos covering DevSecOps, making software more secure
Garage4Hackers - Information Security	a handful of lengthy videos, About section lacks description
HACKADAY	lots of random tech content, not strictly infosec, some instructional
Hack In The Box Security Conference	lengthy con-style instructional talks from an international security con
Hack in Paris	security con based in paris, features lots of instructional talks, slides can be difficult to see.
Hacklu	lots of lengthy con-style instructional videos
Hacktivity	lots of lengthy con-style instructional videos from a con in central/eastern europe
Hardwear.io	handful of lengthy con-style video, emphasis on hardware hacks
IEEE Symposium on Security and Privacy	content from the symposium; IEEE is a professional association based in the us, they also publish various journals
LASCON	lengthy con-style talks from an OWASP con held in Austin, TX
leHACK	leHACK is the oldest ( 2003 ), leading, security conference in Paris, FR
Marcus Niemietz	lots of instructional content, associated with HACKPRA, an offensive security course from an institute in Germany
Media.ccc.de	The real official channel of the chaos computer club, operated by the CCC VOC - tons of lengthy con-style vids
NorthSec	lengthy con-style talks from an applied security conference in Canada
Pancake Nopcode	channel of Radare2 whiz Sergi "pancake" Alvarez, Reverse Engineering Content
Psiinon	medium length instructional videos, for the OWASP Zed Attack Proxy
SJSU Infosec	handful of lengthy instructional videos from San Jose State university Infosec
Secappdev.org	tons of lengthy instructional lectures on Secure App Development
Security Fest	medium length con-style talks from a security festival in Sweden
SecurityTubeCons	an assortment of con-style talks from various cons including BlackHat and Shmoocon
ToorCon	handful of medium length con videos from con based in San Diego, CA
USENIX Enigma Conference	medium length "round table discussion with leading experts", content starts in 2016
ZeroNights	a lot of con-style talks from international conference ZeroNights
	News
0x41414141	Channel with couple challenges, well explained
Adrian Crenshaw	lots of lengthy con-style talks
Corey Nachreiner	security newsbites, 2.7K subscribers, 2-3 videos a week, no set schedule
BalCCon - Balkan Computer Congress	Long con-style talks from the Balkan Computer Congress, doesn't update regularly
danooct1	lots of brief screenshot, how-to vids regarding malware, regular content updates, 186K followerss
DedSec	lots of brief screenshot how-to vids based in Kali, no recent posts.
DEFCON Conference	lots of lengthy con-style vids from the iconical DEFCON
DemmSec	lots of pen testing vids, somewhat irregular uploads, 44K followers
Derek Rook - CTF/Boot2root/wargames Walkthrough	lots of lengthy screenshot instructional vids, with
Don Does 30	amateur pen-tester posting lots of brief screenshot vids regularly, 9K Followers
Error 404 Cyber News	short screen-shot videos with loud metal, no dialog, bi-weekly
Geeks Fort - KIF	lots of brief screenshot vids, no recent posts
GynvaelEN	Security streams from Google Researcher. Mainly about CTFs, computer security, programing and similar things.
HackerSploit	regular posts, medium length screenshot vids, with dialog
HACKING TUTORIALS	handful of brief screenshot vids, no recent posts.
iExplo1t	lots of screenshot vids aimed at novices, 5.7K Followers, no recent posts
JackkTutorials	lots of medium length instructional vids with some AskMe vids from the youtuber
John Hammond	Solves CTF problems. contains penTesting tips and tricks
Latest Hacking News	10K followers, medium length screenshot videos, no recent releases
LionSec	lots of brief screenshot instructional vids, no dialog
LiveOverflow	Lots of brief-to-medium instructional vids, covering things like buffer overflows and exploit writing, regular posts.
Metasploitation	lots of screenshot vids, little to no dialogue, all about using Metasploit, no recent vids.
NetSecNow	channel of pentesteruniversity.org, seems to post once a month, screenshot instructional vids
Open SecurityTraining	lots of lengthy lecture-style vids, no recent posts, but quality info.
Pentester Academy TV	lots of brief videos, very regular posting, up to +8 a week
Penetration Testing in Linux	DELETE
rwbnetsec	lots of medium length instructional videos covering tools from Kali 2.0, no recent posts.
Samy Kamkar's Applied Hacking	brief to medium length instructional vids from the creator of PoisonTap for the Raspberry Pi Zero, no recent content, last updated in 2016
SecureNinjaTV	brief news bites, irregular posting, 18K followers
Security Weekly	regular updates, lengthy podcast-style interviews with industry pros
Seytonic	variety of DIY hacking tutorials, hardware hacks, regular updates
Shozab Haxor	lots of screenshot style instructional vids, regular updates, windows CLI tutorial
SSTec Tutorials	lots of brief screenshot vids, regular updates
Tradecraft Security Weekly	Want to learn about all of the latest security tools and techniques?
Troy Hunt	lone youtuber, medium length news videos, 16K followers, regular content
Waleed Jutt	lots of brief screenshot vids covering web security and game programming
webpwnized	lots of brief screenshot vids, some CTF walkthroughs
Zer0Mem0ry	lots of brief c++ security videos, programming intensive
LionSec	lots of brief screenshot instructional vids, no dialog
Adrian Crenshaw	lots of lengthy con-style talks
HackerSploit	regular posts, medium length screenshot vids, with dialog
Derek Rook - CTF/Boot2root/wargames Walkthrough	lots of lengthy screenshot instructional vids, with
Tradecraft Security Weekly	Want to learn about all of the latest security tools and techniques?
IPPSec	Hackthebox.eu retired machine vulnerable machine walkthroughs to help you learn both basic and advanced processes and techniques
The Daily Swig	Latest Cybersecurity News

Sharpening Your Skills

Name	Description
Backdoor	pen testing labs that have a space for beginners, a practice arena and various competitions, account required
The cryptopals crypto challenges	A bunch of CTF challenges, all focused on cryptography.
Challenge Land	Ctf site with a twist, no simple sign-up, you have to solve a challengeto even get that far!
Crackmes.de Archive (2011-2015)	a reverse engineering information Repo, started in 2003
Crackmes.one	This is a simple place where you can download crackmes to improve your reverse engineering skills.
CTFLearn	an account-based ctf site, where users can go in and solve a range of challenges
CTFs write-ups	a collection of writeups from various CTFs, organized by
CTF365	account based ctf site, awarded by Kaspersky, MIT, T-Mobile
The enigma group	web application security training, account based, video tutorials
Exploit exercises	hosts 5 fulnerable virtual machines for you to attack, no account required
Google CTF	Source code of Google 2017, 2018 and 2019 CTF
Google CTF 2019	2019 edition of the Google CTF contest
Google's XSS game	XSS challenges, and potentially a chance to get paid!
Hack The Box	Pen testing labs hosting over 39 vulnerable machines with two additional added every month
Hacker test	similar to "hackthissite", no account required.
Hacker Gateway	ctfs covering steganography, cryptography, and web challengs, account required
Hacksplaining	a clickthrough security informational site, very good for beginners.
hackburger.ee	hosts a number of web hacking challenges, account required
Hack.me	lets you build/host/attack vulnerable web apps
Hack this site!	an oldy but goodie, account required, users start at low levels and progress in difficulty
knock.xss.moe	XSS challenges, account required.
Lin.security	Practice your Linux privilege escalation
noe.systems	Korean challenge site, requires an account
Over the wire	A CTF that's based on progressive levels for each lab, the users SSH in, no account recquired
Participating Challenge Sites	aims at creating a universal ranking for CTF participants
PentesterLab	hosts a variety of exercises as well as various "bootcamps" focused on specific activities
Pentestit	acocunt based CTF site, users have to install open VPN and get credentials
Pentest Practice	account based Pentest practice, free to sign up, but there's also a pay-as-you-go feature
Pentest.training	lots of various labs/VMS for you to try and hack, registry is optional.
PicoCTF	CTF hosted by Carnegie Mellon, occurs yearly, account required.
pwnable.kr	Don't let the cartoon characters fool you, this is a serious CTF site that will teach you a lot, account required
pwnable.tw	hosts 27 challenges accompanied with writeups, account required
Ringzer0 Team	an account based CTF site, hosting over 272 challenges
ROP Emporium	Return Oriented Programming challenges
SmashTheStack	hosts various challenges, similar to OverTheWire, users must SSH into the machines and progress in levels
Shellter Labs	account based infosec labs, they aim at making these activities social
Solve Me	"yet another challenge", account required.
Vulnhub	site hosts a ton of different vulnerable Virtual Machine images, download and get hacking
websec.fr	Focused on web challenges, registration is optional.
tryhackme	Awesome platform to start learning cybersecurity, account is needed
webhacking.kr	lots of web security challenges are available, recommended for beginners. You need to solve a simple challenge to sign up.
Stereotyped Challenges	Challenges for web security professionals, account required.
Stripe CTF 2.0	Past security contest where you can discover and exploit vulnerabilities in mock web applications.
Windows / Linux Local Privilege Escalation Workshop	Practice your Linux and Windows privilege escalation
Hacking Articles	CTF Brief Write up collection with a lot of screenshots good for begginers
Hacker101 CTF	CTF hosted by HackerOne, always online. You will receive invitations to some private programs on HackerOne platform as a reward.
Hacking Lab	European platform hosting lots of riddles, challenges and competitions
Portswigger	Best Platform inorder to learn Web Pentesting, account required

Reverse Engineering, Buffer Overflow and Exploit Development

Name	Description
A Course on Intermediate Level Linux Exploitation	as the title says, this course isn't for beginners
Analysis and exploitation (unprivileged)	huge collection of RE information, organized by type.
Binary hacking	35 "no bullshit" binary videos along with other info
Buffer Overflow Exploitation Megaprimer for Linux	Collection of Linux Rev. Engineering videos
Corelan tutorials	detailed tutorial, lots of good information about memory
Exploit tutorials	a series of 9 exploit tutorials,also features a podcast
Exploit development	links to the forum's exploit dev posts, quality and post style will vary with each poster
flAWS challenge	Through a series of levels you'll learn about common mistakes and gotchas when using Amazon Web Services (AWS).
Introduction to ARM Assembly Basics	tons of tutorials from infosec pro Azeria, follow her on twitter
Introductory Intel x86	63 days of OS class materials, 29 classes, 24 instructors, no account required
Lena's Reversing for Newbies (Complete)	listing of a lengthy resource by Lena, aimed at being a course
Linux (x86) Exploit Development Series	blog post by sploitfun, has 3 different levels
Megabeets journey into Radare2	one user's radare2 tutorials
Modern Binary Exploitation - CSCI 4968	RE challenges, you can download the files or download the VM created by RPISEC specifically for challenges, also links to their home page with tons of infosec lectures
Recon.cx - reversing conference	the conference site contains recordings and slides of all talks!!
Reverse Engineering for Beginners	huge textbook, created by Dennis Yurichev, open-source
Reverse engineering reading list	a github collection of RE tools and books
Reverse Engineering challenges	collection of challenges from the writer of RE for Beginners
Reverse Engineering for beginners (GitHub project)	github for the above
Reverse Engineering Malware 101	intro course created by Malware Unicorn, complete with material and two VM's
Reverse Engineering Malware 102	the sequel to RE101
reversing.kr challenges	reverse engineering challenges varying in difficulty
Shell storm	Blog style collection with organized info about Rev. Engineering.
Shellcode Injection	a blog entry from a grad student at SDS Labs
Micro Corruption — Assembly	CTF designed to learn Assembly by practicing

Privilege Escalation

Name	Description
4 Ways get linux privilege escalation	shows different examples of PE
A GUIDE TO LINUX PRIVILEGE ESCALATION	Basics of Linux privilege escalation
Abusing SUDO (Linux Privilege Escalation)	Abusing SUDO (Linux Privilege Escalation)
AutoLocalPrivilegeEscalation	automated scripts that downloads and compiles from exploitdb
Basic linux privilege escalation	basic linux exploitation, also covers Windows
Common Windows Privilege Escalation Vectors	Common Windows Privilege Escalation Vectors
Editing /etc/passwd File for Privilege Escalation	Editing /etc/passwd File for Privilege Escalation
Linux Privilege Escalation	Linux Privilege Escalation – Tradecraft Security Weekly (Video)
Linux Privilege Escalation Check Script	a simple linux PE check script
Linux Privilege Escalation Scripts	a list of PE checking scripts, some may have already been covered
Linux Privilege Escalation Using PATH Variable	Linux Privilege Escalation Using PATH Variable
Linux Privilege Escalation using Misconfigured NFS	Linux Privilege Escalation using Misconfigured NFS
Linux Privilege Escalation via Dynamically Linked Shared Object Library	How RPATH and Weak File Permissions can lead to a system compromise.
Local Linux Enumeration & Privilege Escalation Cheatsheet	good resources that could be compiled into a script
OSCP - Windows Priviledge Escalation	Common Windows Priviledge Escalation
Privilege escalation for Windows and Linux	covers a couple different exploits for Windows and Linux
Privilege escalation linux with live example	covers a couple common PE methods in linux
Reach the root	discusses a process for linux privilege exploitation
RootHelper	a tool that runs various enumeration scripts to check for privilege escalation
Unix privesc checker	a script that checks for PE vulnerabilities on a system
Windows exploits, mostly precompiled.	precompiled windows exploits, could be useful for reverse engineering too
Windows Privilege Escalation	collection of wiki pages covering Windows Privilege escalation
Windows Privilege Escalation	Notes on Windows Privilege Escalation
Windows privilege escalation checker	a list of topics that link to pentestlab.blog, all related to windows privilege escalation
Windows Privilege Escalation Fundamentals	collection of great info/tutorials, option to contribute to the creator through patreon, creator is an OSCP
Windows Privilege Escalation Guide	Windows Privilege Escalation Guide
Windows Privilege Escalation Methods for Pentesters	Windows Privilege Escalation Methods for Pentesters

Malware Analysis

Name	Description
Malware traffic analysis	list of traffic analysis exercises
Malware Analysis - CSCI 4976	another class from the folks at RPISEC, quality content
[Bad Binaries] (https://www.badbinaries.com/)	walkthrough documents of malware traffic analysis exercises and some occasional malware analysis.

Network Scanning / Reconnaissance

Name	Description
Foot Printing with WhoIS/DNS records	a white paper from SANS
Google Dorks/Google Hacking	list of commands for google hacks, unleash the power of the world's biggest search engine

Vulnerable Web Application

Name	Description
bWAPP	common buggy web app for hacking, great for beginners, lots of documentation
Damn Small Vulnerable Web	written in less than 100 lines of code, this web app has tons of vulns, great for teaching
Damn Vulnerable Web Application (DVWA)	PHP/MySQL web app for testing skills and tools
Google Gruyere	host of challenges on this cheesy web app
OWASP Broken Web Applications Project	hosts a collection of broken web apps
OWASP Hackademic Challenges project	web hacking challenges
OWASP Mutillidae II	another OWASP vulnerable app, lots of documentation.
OWASP Juice Shop	covers the OWASP top 10 vulns
WebGoat: A deliberately insecure Web Application	maintained by OWASP and designed to to teach web app security

Vulnerable OS

Name	Description
General Test Environment Guidance	white paper from the pros at rapid7
Metasploitable2 (Linux)	vulnerable OS, great for practicing hacking
Metasploitable3 [Installation]	the third installation of this vulnerable OS
Vulnhub	collection of tons of different vulnerable OS and challenges

Linux Penetration Testing OS

Name	Description
Android Tamer	Android Tamer is a Virtual / Live Platform for Android Security professionals.
BackBox	open source community project, promoting security in IT enivornments
BlackArch	Arch Linux based pentesting distro, compatible with Arch installs
Bugtraq	advanced GNU Linux pen-testing technology
Docker for pentest	Image with the more used tools to create a pentest environment easily and quickly.
Kali	the infamous pentesting distro from the folks at Offensive Security
LionSec Linux	pentesting OS based on Ubuntu
Parrot	Debian includes full portable lab for security, DFIR, and development
Pentoo	pentesting OS based on Gentoo

Exploits

Name	Description
0day.today	Easy to navigate database of exploits
Exploit Database	database of a wide variety exploits, CVE compliant archive
CXsecurity	Indie cybersecurity info managed by 1 person
Snyk Vulnerability DB	detailed info and remediation guidance for known vulns, also allows you to test your code

Forums

Name	Description
0x00sec	hacker, malware, computer engineering, Reverse engineering
Antichat	russian based forum
CODEBY.NET	hacker, WAPT, malware, computer engineering, Reverse engineering, forensics - russian based forum
EAST Exploit database	exploit DB for commercial exploits written for EAST Pentest Framework
Greysec	hacking and security forum
Hackforums	posting webstite for hacks/exploits/various discussion
4Hat Day	brazilian based hacker forum
CaveiraTech	brazilian based, general hacker forum

Archived Security Conference Videos

Name	Description
InfoCon.org	hosts data from hundreds of cons
Irongeek	Website of Adrien Crenshaw, hosts a ton of info.
infocondb.org	a site that aims to catalog and cross-reference all hacker conferences.

Online Communities

Name	Description
Hacktoday	requires an account, covering all kinds of hacking topics
Hack+	link requires telegram to be used
MPGH	community of MultiPlayerGameHacking

Online News Sources

Name	Description
InfoSec	covers all the latest infosec topics
Recent Hash Leaks	great place to lookup hashes
Security Intell	covers all kinds of news, great intelligence resources
Threatpost	covers all the latest threats and breaches
Secjuice
The Hacker News	features a daily stream of hack news, also has an app

License

vitalysim/Awesome-Hacking-Resources

About

Topics

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Contributors 61

Packages