2023-06-09 00:49:49 +00:00
# Awesome Resources For Learning Ethical Hacking & Pentesting ![Awesome Hacking](https://img.shields.io/badge/awesome-hacking-red.svg) ![Awesome community](https://img.shields.io/badge/awesome-community-green.svg)
2019-03-08 15:37:33 +00:00
2023-06-09 00:49:49 +00:00
What I’ m sharing here is a collection of some best resources about Hacking & Penetration Testing to make you learn faster! Let's make it the best resource repository for our community.
2019-02-08 12:46:17 +00:00
2023-06-09 00:49:49 +00:00
**You are welcome to fork and contribute.**
2019-03-08 16:09:11 +00:00
2023-06-09 00:49:49 +00:00
**Also you can find my own writeups/tutorials on medium : @hussnainfareed :)**
2018-03-01 15:44:21 +00:00
2018-05-19 22:46:08 +00:00
2023-06-09 00:49:49 +00:00
## Books
2018-03-01 15:52:38 +00:00
2018-03-01 15:44:21 +00:00
1. The Hacker Playbook 2: Practical Guide To Penetration Testing
2. The Basics of Hacking and Penetration Testing, Second Edition: Ethical Hacking and Penetration Testing Made Easy
3. Breaking into Information Security: Learning the Ropes 101
4. Penetration Testing: A Hands-On Introduction to Hacking
5. Social Engineering: The Art of Human Hacking
6. Hacking: The Art of Exploitation, 2nd Edition
7. Web Hacking 101
8. OWASP Testing Guide (A must read for web application developers and penetration testers)
2019-10-10 23:38:16 +00:00
9. The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws
10. The Basics of Web Hacking: Tools and Techniques to Attack the Web
2018-05-19 22:46:08 +00:00
2018-03-01 15:52:38 +00:00
2023-06-09 00:49:49 +00:00
## Learning Platforms to Sharpen Your Skills
2018-05-19 22:46:08 +00:00
### Online
2023-06-09 00:49:49 +00:00
Name | Description
2019-03-08 15:40:10 +00:00
---- | ----
2023-06-09 00:49:49 +00:00
[CTF Hacker101 ](https://ctf.hacker101.com/ ) | The Hacker101 CTF is a game designed to let you learn to hack in a safe, rewarding environment. Hacker101 is a free educational site for hackers.
[Hack The Box :: Penetration Testing Labs ](https://www.hackthebox.eu ) | An online platform to test and advance your skills in penetration testing and cyber security. Join today and start training in our online labs.
[TryHackMe ](https://tryhackme.com ) | TryHackMe is an online platform that teaches cyber security through short, gamified real-world labs.
[CTF365 ](https://ctf365.com/ ) | An account based ctf site, awarded by Kaspersky, MIT, T-Mobile.
[Backdoor ](https://backdoor.sdslabs.co ) | Pen testing labs that have a space for beginners, a practice arena and various competitions, account required.
[Hack.me ](https://hack.me/ ) | Lets you build/host/attack vulnerable web apps.
[CTFLearn ](https://ctflearn.com/ ) | An account-based ctf site, where users can go in and solve a range of challenges.
[OWASP Vulnerable Web Applications Directory Project (Online) ](https://www.owasp.org/index.php/OWASP_Vulnerable_Web_Applications_Directory_Project#tab=On-Line_apps ) | List of online available vulnerable applications for learning purposes.
[Pentestit labs ](https://lab.pentestit.ru ) | Hands-on Pentesting Labs (OSCP style)
[Root-me.org ](https://www.root-me.org ) | Hundreds of challenges are available to train yourself in different and not simulated environments
[Vulnhub.com ](https://www.vulnhub.com ) | Vulnerable By Design VMs for practical 'hands-on' experience in digital security
[Windows / Linux Local Privilege Escalation Workshop ](https://github.com/sagishahar/lpeworkshop ) | Practice your Linux and Windows privilege escalation.
[Hacking Articles ](http://www.hackingarticles.in/ctf-challenges1/ ) | CTF Breif Write up collection with a lot of screenshots good for beggainers.
[Rafay Hacking Articles, a great blog ](http://www.rafayhackingarticles.net/ ) | Write up collections by Rafay Baloch.
[PentesterLab ](https://pentesterlab.com/ ) | 20$ signature, complete content basic to write exploits, web, android.
[CyberSec WTF ](https://cybersecurity.wtf/ )| Emulated web pentesting challenges from bounty write-ups
2018-03-01 15:44:21 +00:00
2018-05-19 23:02:32 +00:00
### Off-Line
2023-06-09 00:49:49 +00:00
Name | Description
2019-03-08 15:43:26 +00:00
---- | ----
2023-06-09 00:49:49 +00:00
[Damn Vulnerable Xebia Training Environment ](https://github.com/davevs/dvxte ) | Docker Container including several vurnerable web applications (DVWA,DVWServices, DVWSockets, WebGoat, Juiceshop, Railsgoat, django.NV, Buggy Bank, Mutilidae II and more)
[OWASP Vulnerable Web Applications Directory Project (Offline) ](https://www.owasp.org/index.php/OWASP_Vulnerable_Web_Applications_Directory_Project#tab=Off-Line_apps ) | List of offline available vulnerable applications for learning purposes
2018-05-19 23:02:32 +00:00
2018-05-19 23:06:28 +00:00
2023-06-09 00:49:49 +00:00
## Vulnerable Machines/Websites
2018-03-01 15:52:38 +00:00
2018-07-11 18:56:43 +00:00
1. [FiringRange ](https://public-firing-range.appspot.com/ )
2018-03-01 15:44:21 +00:00
2023-06-09 00:49:49 +00:00
## Vulnerability Databases And Resources
2019-02-21 14:19:30 +00:00
2023-06-09 00:49:49 +00:00
Vulnerability Databases are the first place to start your day as a security professional. Any new vulnerability detection is generally available through the public vulnerability databases. These databases are a big source of information for hackers to be able to understand and exploit/avoid/fix the vulnerability.
2019-02-21 14:19:30 +00:00
2019-03-08 16:00:09 +00:00
* http://www.exploit-db.com/
* http://1337day.com/
* http://securityvulns.com/
* http://www.securityfocus.com/
* http://www.osvdb.org/
2019-03-08 16:03:33 +00:00
* http://www.securiteam.com/
* http://secunia.com/advisories/
* http://insecure.org/sploits_all.html
* http://zerodayinitiative.com/advisories/published/
* http://nmrc.org/pub/index.html
* http://web.nvd.nist.gov
* http://www.vupen.com/english/security-advisories/
* http://www.vupen.com/blog/
* http://cvedetails.com/
* http://www.rapid7.com/vulndb/index.jsp
* http://oval.mitre.org/
2019-10-23 07:46:00 +00:00
* http://sploitus.com/
* http://cxsecurity.com/
2019-03-08 16:03:33 +00:00
2023-06-09 00:49:49 +00:00
### Malware Analysis
2019-03-08 16:09:11 +00:00
Name | Description
---- | ----
2023-06-09 00:49:49 +00:00
[Malware traffic analysis ](http://www.malware-traffic-analysis.net/ ) | list of traffic analysis exercises
[Malware Analysis - CSCI 4976 ](https://github.com/RPISEC/Malware/blob/master/README.md ) | another class from the folks at RPISEC, quality content
[Bad Binaries] (https://www.badbinaries.com/) | walkthrough documents of malware traffic analysis exercises and some occasional malware analysis.
### Linux Penetration Testing OS
2019-03-08 16:03:33 +00:00
Name | Description
---- | -----
2023-06-09 00:49:49 +00:00
[Kali ](http://kali.org/ ) | the infamous pentesting distro from the folks at Offensive Security
[Parrot ](https://www.parrotsec.org/ ) | Debian includes full portable lab for security, DFIR, and development
[Android Tamer ](https://androidtamer.com// ) | Android Tamer is a Virtual / Live Platform for Android Security professionals.
[BlackArch ](https://blackarch.org/index.html ) | Arch Linux based pentesting distro, compatible with Arch installs
[LionSec Linux ](https://lionsec-linux.org/ ) | pentesting OS based on Ubuntu
2019-03-08 16:06:24 +00:00
2019-03-08 16:03:33 +00:00
2023-06-09 00:49:49 +00:00
## Courses
2018-03-01 15:44:21 +00:00
2018-07-11 18:56:43 +00:00
1. [Computer Systems Security, MIT ](http://ocw.mit.edu/courses/electrical-engineering-and-computer-science/6-858-computer-systems-security-fall-2014/video-lectures/ )
2020-10-01 05:30:44 +00:00
2. [cisco's cources ](https://www.netacad.com/courses/cybersecurity )
3.[cybrary](https://www.cybrary.it/catalog/cybersecurity/)
4.[hackers academy](https://hackersacademy.com/)
2018-07-11 18:56:43 +00:00
2023-06-09 00:49:49 +00:00
For those who want to do CEH, the following links are for you.
2018-07-11 18:56:43 +00:00
2. [CBT Nuggets CEH Training ](http://goo.gl/JuW85U )
3. [CEH Books ](https://goo.gl/gjCBLK )
2018-10-17 05:55:00 +00:00
4. [Guide to Binary Exploitation ](https://github.com/r0hi7/binexp )
2018-07-11 18:56:43 +00:00
2018-03-01 15:44:21 +00:00
2023-06-09 00:49:49 +00:00
## Workshops/Playlists
2018-03-01 15:52:38 +00:00
2018-07-11 18:56:43 +00:00
1. [Web Hacking ](https://www.youtube.com/playlist?list=PLJM73L2pQRd4lXBZjsHAmeEqsn5pENXxN )
2. [Ethical Hacking, A Comprehensive Playlist covering almost everything ](https://www.youtube.com/playlist?list=PLkRo97mCIn9lgvE7AskNsmwJVOlJX2zaI )
2018-03-01 15:52:38 +00:00
2023-06-09 00:49:49 +00:00
## Security Talks and Conferences
2018-05-19 22:57:33 +00:00
1. [InfoCon - Hacking Conference Archive ](https://infocon.org/cons/ )
2. [Curated list of Security Talks and Videos ](https://github.com/PaulSec/awesome-sec-talks )
3. [Blackhat ](https://www.youtube.com/user/BlackHatOfficialYT )
4. [Defcon ](https://www.youtube.com/user/DEFCONConference )
2018-05-19 23:06:28 +00:00
5. [Security Tube ](http://www.securitytube.net/ )
6. [Kevin Mitnick: Live Hack at CeBIT ](https://www.youtube.com/watch?v=Q7G3kKRdUl4 )
7. [Ghost in the Cloud, Kevin Mitnick ](https://www.youtube.com/watch?v=76yrWGzScgI )
8. [Kevin Mitnick | Talks at Google ](https://www.youtube.com/watch?v=aUqes9QdLQ4 )
9. [Complete Free Hacking Course: Go from Beginner to Expert Hacker Today ](https://www.youtube.com/watch?v=7nF2BAfWUEg )
2018-03-01 15:44:21 +00:00
2023-06-09 00:49:49 +00:00
## YouTube Channels
2018-03-01 15:52:38 +00:00
2023-06-09 00:49:49 +00:00
Now let’ s get Towards YouTube Channel Links... These Channels are Shared By Hackers where They Upload their Video POCs.. Watching them u can actually understand how to demonstrate these type of attacks...
2018-08-20 13:58:09 +00:00
2019-03-08 16:12:17 +00:00
1. [LiveOverflow ](https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w )
2018-11-08 14:39:07 +00:00
2. [Black Hat ](https://www.youtube.com/channel/UCJ6q9Ie29ajGqKApbLqfBOg )
3. [Injector Pca ](https://www.youtube.com/channel/UCRFG_j0cgLWtJOG6fl_-rxQ )
4. [Hisham Mir ](https://www.youtube.com/channel/UCYTK8lk8oLLaA330rqd0qgA )
5. [Devil Killer ](https://www.youtube.com/channel/UCwfYw-C2xqemqrXq0IKF_Mg )
6. [Suleman Malik ](https://www.youtube.com/channel/UC59IHQcCmgNw4GIvsXeLnDQ )
7. [Dem0n ](https://www.youtube.com/channel/UC_jNs1biBixcQeSUoJxvNLw )
8. [Frans Rosén ](https://www.youtube.com/channel/UCV89UhUtxqwP0j4o9tMipsA )
9. [HackerOne ](https://www.youtube.com/channel/UCsgzmECky2Q9lQMWzDwMhYw )
10. [ak1t4 machine ](https://www.youtube.com/channel/UCaftcKRiJJW0AJHmR1E5MAQ )
11. [Shawar Khan ](https://www.youtube.com/channel/UCPxJLZCoIRJHs1VebWeaByA )
12. [vulnerability0lab ](https://www.youtube.com/channel/UC4QJ7X4nnkAYXsnFQpdytcA )
13. [Bugcrowd ](https://www.youtube.com/channel/UCo1NHk_bgbAbDBc4JinrXww )
14. [Vijay Kumar ](https://www.youtube.com/channel/UCs2NmJGRecw_huNzvQNf2_A )
15. [Web Development Tutorials ](https://www.youtube.com/channel/UCS0y5e-AMsZO8GEFtKBAzkA )
16. [Jan Wikholm ](https://www.youtube.com/channel/UCOQtLXVJduZ4-YUFOi5EzIA )
17. [Bhargav Tandel ](https://www.youtube.com/channel/UCh5MTJLt3LYr_rkwcOQJNWg )
18. [ErrOr SquaD ](https://www.youtube.com/channel/UCou-7r8Mk4oQcBmazxp5uwg )
2019-03-08 16:12:17 +00:00
19. [SecurityIdiots ](https://www.youtube.com/channel/UCPPAYs04kwfXcHnerm_ueFw )
2018-11-08 14:39:07 +00:00
20. [Penetration Testing in Linux ](https://www.youtube.com/channel/UC286ntgASMskhPIJQebJVvA )
2019-03-08 16:12:17 +00:00
21. [Hussnain Fareed ](https://www.youtube.com/channel/UCbq5fgcqUz-PlMs3RCOUrXw )
2020-08-02 15:29:47 +00:00
22. [Null Byte ](https://www.youtube.com/channel/UCgTNupxATBfWmfehv21ym-g )
2020-10-01 05:30:44 +00:00
23. [ZAID ](https://www.youtube.com/user/zaidsabeeh )
24. [vabs tutorial ](https://www.youtube.com/channel/UCa0wCQEB8CRKzjJV2GZ_EzA )
25. [the cyber mentor ](https://www.youtube.com/channel/UC0ArlFuFYMpEewyRBzdLHiw )
2021-09-29 18:58:18 +00:00
26. [PwnFunction ](https://www.youtube.com/channel/UCW6MNdOsqv2E9AjQkv9we7A )
2023-06-09 00:49:49 +00:00
Any Channel Link Missing? Kindly add it in Comments
2018-03-01 15:44:21 +00:00
2023-06-09 00:49:49 +00:00
### Forums
Name | Description
2019-03-08 16:03:33 +00:00
---- | ----
2023-06-09 00:49:49 +00:00
[0x00sec ](https://0x00sec.org/ ) | hacker, malware, computer engineering, Reverse engineering
[Antichat ](https://forum.antichat.ru/ ) | russian based forum
[CODEBY.NET ](https://codeby.net/ ) | hacker, WAPT, malware, computer engineering, Reverse engineering, forensics - russian based forum
[EAST Exploit database ](http://eastexploits.com/ ) | exploit DB for commercial exploits written for EAST Pentest Framework
[Greysec ](https://greysec.net ) | hacking and security forum
[Hackforums ](https://hackforums.net/ ) | posting webstite for hacks/exploits/various discussion
2019-03-08 16:03:33 +00:00
2023-06-09 00:49:49 +00:00
### Contribution
Your contributions and suggestions are heartily welcome.
2019-02-08 12:47:10 +00:00
2023-06-09 00:49:49 +00:00
# NOTE:
All references taken from Internet and shared on internet xD Thanks to those who shared their opinion before that helped me learn 😉
if you have any questions, please ask in the comments. If you know about any good resource for beginners, please share it here.
2018-03-01 15:44:21 +00:00
2023-06-09 00:49:49 +00:00
For more articles on hacking you can follow me on Medium:
2018-05-19 23:02:32 +00:00
## medium.com/@hussnainfareed