184 lines
11 KiB
Markdown
184 lines
11 KiB
Markdown
# Awesome Resources For Learning Ethical Hacking & Pentesting ⚡️ [![Awesome](https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg)](https://github.com/sindresorhus/awesome) ![Awesome Hacking](https://img.shields.io/badge/awesome-hacking-red.svg) ![Awesome community](https://img.shields.io/badge/awesome-community-green.svg)
|
||
|
||
What I’m sharing here is a collection of some best resources about Hacking & Penetration Testing to make you learn faster! Let's make it the best resource repository for our community.
|
||
|
||
**You are welcome to fork and contribute.**
|
||
|
||
**Also you can find my own writeups/tutorials on medium: @hussnainfareed :)**
|
||
|
||
|
||
## Books
|
||
|
||
1. The Hacker Playbook 2: Practical Guide To Penetration Testing
|
||
2. The Basics of Hacking and Penetration Testing, Second Edition: Ethical Hacking and Penetration Testing Made Easy
|
||
3. Breaking into Information Security: Learning the Ropes 101
|
||
4. Penetration Testing: A Hands-On Introduction to Hacking
|
||
5. Social Engineering: The Art of Human Hacking
|
||
6. Hacking: The Art of Exploitation, 2nd Edition
|
||
7. Web Hacking 101
|
||
8. OWASP Testing Guide (A must-read for web application developers and penetration testers)
|
||
9. The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws
|
||
10. The Basics of Web Hacking: Tools and Techniques to Attack the Web
|
||
|
||
|
||
## Learning Platforms to Sharpen Your Skills
|
||
|
||
### Online
|
||
Name | Description
|
||
---- | ----
|
||
[CTF Hacker101](https://ctf.hacker101.com/) | The Hacker101 CTF is a game designed to let you learn to hack in a safe, rewarding environment. Hacker101 is a free educational site for hackers.
|
||
[Hack The Box :: Penetration Testing Labs](https://www.hackthebox.eu) | An online platform to test and advance your skills in penetration testing and cyber security. Join today and start training in our online labs.
|
||
[TryHackMe](https://tryhackme.com) | TryHackMe is an online platform that teaches cyber security through short, gamified real-world labs.
|
||
[CTF365](https://ctf365.com/) | An account based ctf site, awarded by Kaspersky, MIT, T-Mobile.
|
||
[Backdoor](https://backdoor.sdslabs.co) | Pen testing labs that have a space for beginners, a practice arena and various competitions, account required.
|
||
[Hack.me](https://hack.me/) | Lets you build/host/attack vulnerable web apps.
|
||
[CTFLearn](https://ctflearn.com/) | An account-based ctf site, where users can go in and solve a range of challenges.
|
||
[OWASP Vulnerable Web Applications Directory Project (Online)](https://www.owasp.org/index.php/OWASP_Vulnerable_Web_Applications_Directory_Project#tab=On-Line_apps) | List of online available vulnerable applications for learning purposes.
|
||
[Pentestit labs](https://lab.pentestit.ru) | Hands-on Pentesting Labs (OSCP style)
|
||
[Root-me.org](https://www.root-me.org) | Hundreds of challenges are available to train yourself in different and not simulated environments
|
||
[Vulnhub.com](https://www.vulnhub.com) | Vulnerable By Design VMs for practical 'hands-on' experience in digital security
|
||
[Windows / Linux Local Privilege Escalation Workshop](https://github.com/sagishahar/lpeworkshop) | Practice your Linux and Windows privilege escalation.
|
||
[Hacking Articles](http://www.hackingarticles.in/ctf-challenges1/) | CTF Breif Write up collection with a lot of screenshots good for beggainers.
|
||
[Rafay Hacking Articles, a great blog](http://www.rafayhackingarticles.net/) | Write up collections by Rafay Baloch.
|
||
[PentesterLab](https://pentesterlab.com/) | 20$ signature, complete content basic to write exploits, web, android.
|
||
[CyberSec WTF](https://cybersecurity.wtf/)| Emulated web pentesting challenges from bounty write-ups
|
||
|
||
### Off-Line
|
||
Name | Description
|
||
---- | ----
|
||
[Damn Vulnerable Xebia Training Environment](https://github.com/davevs/dvxte) | Docker Container including several vurnerable web applications (DVWA,DVWServices, DVWSockets, WebGoat, Juiceshop, Railsgoat, django.NV, Buggy Bank, Mutilidae II and more)
|
||
[OWASP Vulnerable Web Applications Directory Project (Offline)](https://www.owasp.org/index.php/OWASP_Vulnerable_Web_Applications_Directory_Project#tab=Off-Line_apps) | List of offline available vulnerable applications for learning purposes
|
||
|
||
|
||
## Vulnerable Machines/Websites
|
||
|
||
1. [FiringRange](https://public-firing-range.appspot.com/)
|
||
|
||
## Vulnerability Databases And Resources
|
||
|
||
Vulnerability Databases are the first place to start your day as a security professional. Any new vulnerability detection is generally available through the public vulnerability databases. These databases are a big source of information for hackers to be able to understand and exploit/avoid/fix the vulnerability.
|
||
|
||
|
||
* http://www.exploit-db.com/
|
||
* http://1337day.com/
|
||
* http://securityvulns.com/
|
||
* http://www.securityfocus.com/
|
||
* http://www.osvdb.org/
|
||
* http://www.securiteam.com/
|
||
* http://secunia.com/advisories/
|
||
* http://insecure.org/sploits_all.html
|
||
* http://zerodayinitiative.com/advisories/published/
|
||
* http://nmrc.org/pub/index.html
|
||
* http://web.nvd.nist.gov
|
||
* http://www.vupen.com/english/security-advisories/
|
||
* http://www.vupen.com/blog/
|
||
* http://cvedetails.com/
|
||
* http://www.rapid7.com/vulndb/index.jsp
|
||
* http://oval.mitre.org/
|
||
* http://sploitus.com/
|
||
* http://cxsecurity.com/
|
||
|
||
### Malware Analysis
|
||
Name | Description
|
||
---- | ----
|
||
[Malware traffic analysis](http://www.malware-traffic-analysis.net/) | list of traffic analysis exercises
|
||
[Malware Analysis - CSCI 4976](https://github.com/RPISEC/Malware/blob/master/README.md) | another class from the folks at RPISEC, quality content
|
||
[Bad Binaries] (https://www.badbinaries.com/) | walkthrough documents of malware traffic analysis exercises and some occasional malware analysis.
|
||
|
||
### Linux Penetration Testing OS
|
||
Name | Description
|
||
---- | -----
|
||
[Kali](http://kali.org/) | the infamous pentesting distro from the folks at Offensive Security
|
||
[Parrot ](https://www.parrotsec.org/) | Debian includes full portable lab for security, DFIR, and development
|
||
[Android Tamer](https://androidtamer.com//) | Android Tamer is a Virtual / Live Platform for Android Security professionals.
|
||
[BlackArch](https://blackarch.org/index.html) | Arch Linux based pentesting distro, compatible with Arch installs
|
||
[LionSec Linux](https://lionsec-linux.org/) | pentesting OS based on Ubuntu
|
||
|
||
|
||
## Courses
|
||
|
||
1. [Computer Systems Security, MIT](http://ocw.mit.edu/courses/electrical-engineering-and-computer-science/6-858-computer-systems-security-fall-2014/video-lectures/)
|
||
2. [cisco's cources](https://www.netacad.com/courses/cybersecurity)
|
||
3.[cybrary](https://www.cybrary.it/catalog/cybersecurity/)
|
||
4.[hackers academy](https://hackersacademy.com/)
|
||
|
||
For those who want to do CEH, the following links are for you.
|
||
2. [CBT Nuggets CEH Training](http://goo.gl/JuW85U)
|
||
3. [CEH Books](https://goo.gl/gjCBLK)
|
||
4. [Guide to Binary Exploitation](https://github.com/r0hi7/binexp)
|
||
|
||
|
||
|
||
## Workshops/Playlists
|
||
|
||
1. [Web Hacking](https://www.youtube.com/playlist?list=PLJM73L2pQRd4lXBZjsHAmeEqsn5pENXxN)
|
||
2. [Ethical Hacking, A Comprehensive Playlist covering almost everything](https://www.youtube.com/playlist?list=PLkRo97mCIn9lgvE7AskNsmwJVOlJX2zaI)
|
||
|
||
|
||
## Security Talks and Conferences
|
||
|
||
1. [InfoCon - Hacking Conference Archive](https://infocon.org/cons/)
|
||
2. [Curated list of Security Talks and Videos](https://github.com/PaulSec/awesome-sec-talks)
|
||
3. [Blackhat](https://www.youtube.com/user/BlackHatOfficialYT)
|
||
4. [Defcon](https://www.youtube.com/user/DEFCONConference)
|
||
5. [Security Tube](http://www.securitytube.net/)
|
||
6. [Kevin Mitnick: Live Hack at CeBIT](https://www.youtube.com/watch?v=Q7G3kKRdUl4)
|
||
7. [Ghost in the Cloud, Kevin Mitnick](https://www.youtube.com/watch?v=76yrWGzScgI)
|
||
8. [Kevin Mitnick | Talks at Google](https://www.youtube.com/watch?v=aUqes9QdLQ4)
|
||
9. [Complete Free Hacking Course: Go from Beginner to Expert Hacker Today](https://www.youtube.com/watch?v=7nF2BAfWUEg)
|
||
|
||
|
||
## YouTube Channels
|
||
|
||
Now let’s get Towards YouTube Channel Links... These Channels are Shared By Hackers where They Upload their Video POCs.. Watching them u can actually understand how to demonstrate these type of attacks...
|
||
|
||
1. [LiveOverflow](https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w)
|
||
2. [Black Hat](https://www.youtube.com/channel/UCJ6q9Ie29ajGqKApbLqfBOg)
|
||
3. [Injector Pca](https://www.youtube.com/channel/UCRFG_j0cgLWtJOG6fl_-rxQ)
|
||
4. [Hisham Mir](https://www.youtube.com/channel/UCYTK8lk8oLLaA330rqd0qgA)
|
||
5. [Devil Killer](https://www.youtube.com/channel/UCwfYw-C2xqemqrXq0IKF_Mg)
|
||
6. [Suleman Malik](https://www.youtube.com/channel/UC59IHQcCmgNw4GIvsXeLnDQ)
|
||
7. [Dem0n](https://www.youtube.com/channel/UC_jNs1biBixcQeSUoJxvNLw)
|
||
8. [Frans Rosén](https://www.youtube.com/channel/UCV89UhUtxqwP0j4o9tMipsA)
|
||
9. [HackerOne](https://www.youtube.com/channel/UCsgzmECky2Q9lQMWzDwMhYw)
|
||
10. [ak1t4 machine](https://www.youtube.com/channel/UCaftcKRiJJW0AJHmR1E5MAQ)
|
||
11. [Shawar Khan](https://www.youtube.com/channel/UCPxJLZCoIRJHs1VebWeaByA)
|
||
12. [vulnerability0lab](https://www.youtube.com/channel/UC4QJ7X4nnkAYXsnFQpdytcA)
|
||
13. [Bugcrowd](https://www.youtube.com/channel/UCo1NHk_bgbAbDBc4JinrXww)
|
||
14. [Vijay Kumar](https://www.youtube.com/channel/UCs2NmJGRecw_huNzvQNf2_A)
|
||
15. [Web Development Tutorials](https://www.youtube.com/channel/UCS0y5e-AMsZO8GEFtKBAzkA)
|
||
16. [Jan Wikholm](https://www.youtube.com/channel/UCOQtLXVJduZ4-YUFOi5EzIA)
|
||
17. [Bhargav Tandel](https://www.youtube.com/channel/UCh5MTJLt3LYr_rkwcOQJNWg)
|
||
18. [ErrOr SquaD](https://www.youtube.com/channel/UCou-7r8Mk4oQcBmazxp5uwg)
|
||
19. [SecurityIdiots](https://www.youtube.com/channel/UCPPAYs04kwfXcHnerm_ueFw)
|
||
20. [Penetration Testing in Linux](https://www.youtube.com/channel/UC286ntgASMskhPIJQebJVvA)
|
||
21. [Hussnain Fareed](https://www.youtube.com/channel/UCbq5fgcqUz-PlMs3RCOUrXw)
|
||
22. [Null Byte](https://www.youtube.com/channel/UCgTNupxATBfWmfehv21ym-g)
|
||
23. [ZAID](https://www.youtube.com/user/zaidsabeeh)
|
||
24. [vabs tutorial](https://www.youtube.com/channel/UCa0wCQEB8CRKzjJV2GZ_EzA)
|
||
25. [the cyber mentor](https://www.youtube.com/channel/UC0ArlFuFYMpEewyRBzdLHiw)
|
||
26. [PwnFunction](https://www.youtube.com/channel/UCW6MNdOsqv2E9AjQkv9we7A)
|
||
27. [GetCyber](https://www.youtube.com/@GetCyber/videos)
|
||
|
||
Any Channel Link Missing? Kindly add it in Comments
|
||
|
||
### Forums
|
||
Name | Description
|
||
---- | ----
|
||
[0x00sec](https://0x00sec.org/) | hacker, malware, computer engineering, Reverse engineering
|
||
[Antichat](https://forum.antichat.ru/) | russian based forum
|
||
[CODEBY.NET](https://codeby.net/) | hacker, WAPT, malware, computer engineering, Reverse engineering, forensics - russian based forum
|
||
[EAST Exploit database](http://eastexploits.com/) | exploit DB for commercial exploits written for EAST Pentest Framework
|
||
[Greysec](https://greysec.net) | hacking and security forum
|
||
[Hackforums](https://hackforums.net/) | posting webstite for hacks/exploits/various discussion
|
||
|
||
### Contribution
|
||
Your contributions and suggestions are heartily welcome.
|
||
|
||
# NOTE:
|
||
All references taken from Internet and shared on internet xD Thanks to those who shared their opinion before that helped me learn 😉
|
||
if you have any questions, please ask in the comments. If you know about any good resource for beginners, please share it here.
|
||
|
||
For more articles on hacking you can follow me on Medium:
|
||
## medium.com/@hussnainfareed
|