A collection of hacking / penetration testing resources to make you better!
 
Go to file
VS 42029b8f40
Merge pull request #79 from giomke/patch-22
Update README.md
2017-12-05 14:39:16 +02:00
LICENSE Initial commit 2017-10-14 09:43:40 +03:00
README.md Update README.md 2017-12-04 12:35:30 +04:00
contributing.md Added Lena's tutorials and a few tools such as BinNavi 2017-10-20 15:05:33 -07:00
tools.md Update tools.md 2017-11-06 10:30:49 +04:00

README.md


awesome

Awesome Hacking Resources Awesome Hacking Awesome community

A collection of hacking / penetration testing resources to make you better!

Let's make it the biggest resource repository for our community.

You are welcome to fork and contribute.

We started a new tools list, come and contribute

Table of Contents

Learning the Skills

YouTube Channels

  • OWASP - see OWASP above
  • Hak5 - see Hak5 above
  • BlackHat - features talks from the BlackHat conferences around the world
  • Christiaan008 - hosts a variety of videos on various security topics, disorganized
  • Companies
    • 0patch by ACROS Security - few videos, very short, specific to 0patch
    • Detectify - very short videos, aimed at showing how to use Detictify scanner
    • Kaspersky Lab - lots of Kaspersky promos, some hidden cybersecurity gems
    • Metasploit - collection of medium length metasploit demos, ~25minutes each, instructional
    • OpenNSM - network analysis, lots of TCPDUMP videos, instructional,
    • Rapid7 - brief videos, promotional/instructional, ~ 5 minutes
    • Securelist - brief videos, interviews discussing various cyber security topics
    • Segment Security - promo videos, non-instructional
    • SocialEngineerOrg - podcast-style, instructional, lengthy content ~1 hr each
    • Sonatype - lots of random videos, a good cluster of DevOps related content, large range of lengths, disorganized
    • SophosLabs - lots of brief, news-style content, "7 Deadly IT Sins" segment is of note
    • Sourcefire - lots of brief videos covering topics like botnets, DDoS ~5 minutes each
    • Station X - handful of brief videos, disorganized, unscheduled content updates
    • Synack - random, news-style videos, disorganized, non-instructional
    • TippingPoint Zero Day Initiative - very brief videos ~30 sec, somewhat instructional
    • Tripwire, Inc. - some tripwire demos, and random news-style videos, non-instructional
    • Vincent Yiu - handful of videos from a single hacker, instructional
    • nVisium - Some nVisum promos, a handful of instructional series on Rails vulns and web hacking
    • ntop - network monitoring, packet analysis, instructional
  • Conferences
    • 44contv - information security con based in London, lengthy instructional videos
    • BruCON Security Conference - security and hacker conference based in b\Belgium, lots of lengthy instructinoal videos
    • BSides Manchester - security and hacker con based in Mancheseter, lots of lengthy videos
    • BSidesAugusta - security con based in Augusta, Georgia, lots of lengthy instructional videos
    • CarolinaCon - security con based in North Carolina, associated with various 2600 chapters, lots of lengthy instructional content
    • Cort Johnson - a handful of lengthy con-style talks from Hack Secure Opensec 2017
    • DevSecCon - lenghty con videos covering DevSecOps, making software more secure
    • Garage4Hackers - Information Security - a handful of lengthy videos, About section lacks description
    • HACKADAY - lots of random tech content, not strictly infosec, some instructional
    • Hack In The Box Security Conference - lengthy con-style instructional talks from an international security con
    • Hack in Paris - security con based in paris, features lots of instructional talks, slides can be difficult to see.
    • Hacklu - lots of lengthy con-style instructional videos
    • Hacktivity - lots of lengthy con-style instructional videos from a con in central/eastern europe
    • Hardwear.io - handful of lengthy con-style video, emphasis on hardware hacks
    • IEEE Symposium on Security and Privacy - content from the symposium; IEEE is a professional association based in the us, they also publish various journals
    • LASCON - lengthy con-style talks from an OWASP con held in Austin, TX
    • Marcus Niemietz - lots of instructional content, associated with HACKPRA, an offensive security course from an institute in Germany
    • Media.ccc.de - The real official channel of the chaos computer club, operated by the CCC VOC - tons of lengthy con-style vids
    • NorthSec - lengthy con-style talks from an applied security conference in Canada
    • Pancake Nopcode - channel of Radare2 whiz Sergi "pancake" Alvarez, Reverse Engineering Content
    • Psiinon - medium length instructional videos, for the OWASP Zed Attack Proxy
    • SJSU Infosec - handful of lengthy instructional videos from San Jose State university Infosec
    • Secappdev.org - tons of lengthy instructional lectures on Secure App Development
    • Security Fest - medium length con-style talks from a security festival in Sweden
    • SecurityTubeCons - an assortment of con-style talks from various cons including BlackHat and Shmoocon
    • ToorCon - handful of medium length con videos from con based in San Diego, CA
    • USENIX Enigma Conference - medium length "round table discussion with leading experts", content starts in 2016
  • NEWS
    • Corey Nachreiner - security newsbites, 2.7K subscribers, 2-3 videos a week, no set schedule
    • Error 404 Cyber News - short screen-shot videos with loud metal, no dialog, bi-weekly
    • Latest Hacking News - 10K followers, medium length screenshot videos, no recent releases
    • Pentester Academy TV - lots of brief videos, very regular posting, up to +8 a week
    • SecureNinjaTV - brief news bites, irregular posting, 18K followers
    • Troy Hunt - lone youtuber, medium length news videos, 16K followers, regular content
  • Samy Kamkar's Applied Hacking - brief to medium length instructional vids from the creator of PoisonTap for the Raspberry Pi Zero, no recent content, last updated in 2016
  • danooct1 - lots of brief screenshot, how-to vids regarding malware, regular content updates, 186K followerss
  • DedSec - lots of brief screenshot how-to vids based in Kali, no recent posts.
  • DEFCON Conference - lots of lengthy con-style vids from the iconical DEFCON
  • DemmSec - lots of pen testing vids, somewhat irregular uploads, 44K followers
  • Don Does 30 - amateur pen-tester posting lots of brief screenshot vids regularly, 9K Followers
  • Geeks Fort - KIF - lots of brief screenshot vids, no recent posts
  • iExplo1t - lots of screenshot vids aimed at novices, 5.7K Followers, no recent posts
  • HACKING TUTORIALS - handful of brief screenshot vids, no recent posts.
  • LiveOverflow - Lots of brief-to-medium isntructional vids, covering things like buffer overflwos and exploit writing, regular posts.
  • Metasploitation - lots of screenshot vids, little to no dialogue, all about using Metasploit, no recent vids.
  • NetSecNow - channel of pentesteruniversity.org, seems to post once a month, screenshot instructional vids
  • Open SecurityTraining - lots of lengthy lecture-style vids, no recent posts, but quality info.
  • BalCCon - Balkan Computer Congress - Long con-style talks from the Balkan Computer Congress, doesn't update regularly
  • Penetration Testing in Linux - DELETE
  • rwbnetsec - lots of medium length instructional videos covering tools from Kali 2.0, no recent posts.
  • Security Weekly - regular updates, lengthy podcst-style interview with industry pros
  • Seytonic - variety of DIY hacking tutorials, hardware hacks, regular updates
  • Shozab Haxor - lots of screenshot style instructional vids, regular updates, windows CLI tutorial
  • SSTec Tutorials - lots of brief screenshot vids, regular updates
  • Waleed Jutt - lots of brief screenshot vids covering web security and game programming
  • webpwnized - lots of brief screenshot vids, some CTF walkthroughs
  • JackkTutorials - lots of medium length instructional vids with some AskMe vids from the youtuber
  • Zer0Mem0ry - lots of brief c++ security videos, programming intensive
  • LionSec - lots of brief screenshot instructional vids, no dialog
  • Adrian Crenshaw - lots of lengthy con0style talks
  • HackerSploit - regular posts, medium length screenshot vids, with dialog
  • Derek Rook - CTF/Boot2root/wargames Walkthrough - lots of lengthy screenshot instructional vids, with

Sharpening Your Skills

Privilege Escalation

Malware Analysis

Network Scanning / Reconnaissance

Vulnerable Web Application

Vulnerable OS

Linux Penetration Testing OS

  • BackBox - open source community project, promoting security in IT enivornments
  • BlackArch - Arch Linux based pentesting distro, compatible with Arch installs
  • Kali - the infamous pentesting distro from the folks at Offensive Security
  • LionSec Linux - pentesting OS based on Ubuntu
  • Parrot - Debian includes full portable lab for security, DFIR, and development
  • Bugtraq - advanced GNU Linux pen-testing technology
  • Android Tamer - Android Tamer is a Virtual / Live Platform for Android Security professionals.

Exploits

  • Exploit Database - database of a wide variety exploits, CVE compliant archive
  • CXsecurity - Indie cybersecurity info managed by 1 person
  • 0day.today - Easy to navigate databse of exploits
  • Snyk Vulnerability DB - detailed info and remediation guidance for known vulns, also allows you to test your code

Forums

  • Greysec - hacking and security forum
  • Hackforums - posting webstite for hacks/exploits/various discussion
  • 0x00sec - hacker, malware, computer engineering, Reverse engineering
  • Antichat - russian based forum
  • EAST Exploit database - exploit DB for commercial exploits written for EAST Pentest Framework

Archived Security Conference Videos

  • InfoCon.org - hosts data from hundreds of cons
  • Irongeek - Website of Adrien Crenshaw, hosts a ton of info.

Online Communities

  • Hack+ - link requires telegram to be used
  • MPGH - community of MultiPlayerGameHacking
  • Hacktoday - requires an account, covering all kinds of hacking topics

Online News Sources