From 6e8eac595952648485cc2b800d62b6757b324c64 Mon Sep 17 00:00:00 2001 From: joshua ortiz Date: Mon, 4 Dec 2017 23:06:13 -0700 Subject: [PATCH] update readme --- readme2.md | 418 ++++++++++++++++++++++++++--------------------------- 1 file changed, 209 insertions(+), 209 deletions(-) diff --git a/readme2.md b/readme2.md index 828b113..0f91bc0 100644 --- a/readme2.md +++ b/readme2.md @@ -37,266 +37,266 @@ We started a new [tools](https://github.com/vitalysim/Awesome-Hacking-Resources/ ###Learning the Skills Name | Description ---- | ---- -[Free interactive labs with White Hat Academy](https://ex.whitehat.academy) - 32 labs, easy account sign in with github credentials -[Learning Exploitation with Offensive Computer Security 2.0](http://howto.hackallthethings.com/2016/07/learning-exploitation-with-offensive.html) - blog-style instruction, includes: slides, videos, homework, discussion. No login required. -[Cybrary](https://www.cybrary.it/) - coursera style website, lots of user-contributed content, account required, content can be filtered by experience level -[OffensiveComputerSecurity](https://www.cs.fsu.edu/~redwood/OffensiveComputerSecurity/lectures.html) - academic content, full semester course including 27 lecture videos with slides and assign readings -[CS 642: Intro to Computer Security](http://pages.cs.wisc.edu/~ace/cs642-spring-2016.html) - academic content, full semester course, includes assigned readings, homework and github refs for exploit examples. NO VIDEO LECTURES. -[Free cyber security training](https://www.samsclass.info/) - Academic content, 8 full courses with videos from a quirky instructor sam, links to research, defcon materials and other recommended training/learning -[SecurityTube](http://www.securitytube.net/) - tube-styled content, "megaprimer" videos covering various topics, no readable content on site. -[Seed Labs](http://www.cis.syr.edu/~wedu/seed/labs.html) - academic content, well organized, featuring lab videos, tasks, needed code files, and recommended readings -[Hak5](https://www.hak5.org/) - podcast-style videos covering various topics, has a forum, "metasploit-minute" video series could be useful -[OWASP top 10 web security risks](https://www.online.hack2secure.com/courses/owasp-top10-web-security-risk) - free courseware, requires account -[MIT OCW 6.858 Computer Systems Security](https://ocw.mit.edu/courses/electrical-engineering-and-computer-science/6-858-computer-systems-security-fall-2014/) - academic content, well organized, full-semester course, includes assigned readings, lectures, videos, required lab files. +[Free interactive labs with White Hat Academy](https://ex.whitehat.academy) | 32 labs, easy account sign in with github credentials +[Learning Exploitation with Offensive Computer Security 2.0](http://howto.hackallthethings.com/2016/07/learning-exploitation-with-offensive.html) | blog-style instruction, includes: slides, videos, homework, discussion. No login required. +[Cybrary](https://www.cybrary.it/) | coursera style website, lots of user-contributed content, account required, content can be filtered by experience level +[OffensiveComputerSecurity](https://www.cs.fsu.edu/~redwood/OffensiveComputerSecurity/lectures.html) | academic content, full semester course including 27 lecture videos with slides and assign readings +[CS 642: Intro to Computer Security](http://pages.cs.wisc.edu/~ace/cs642-spring-2016.html) | academic content, full semester course, includes assigned readings, homework and github refs for exploit examples. NO VIDEO LECTURES. +[Free cyber security training](https://www.samsclass.info/) | Academic content, 8 full courses with videos from a quirky instructor sam, links to research, defcon materials and other recommended training/learning +[SecurityTube](http://www.securitytube.net/) | tube-styled content, "megaprimer" videos covering various topics, no readable content on site. +[Seed Labs](http://www.cis.syr.edu/~wedu/seed/labs.html) | academic content, well organized, featuring lab videos, tasks, needed code files, and recommended readings +[Hak5](https://www.hak5.org/) | podcast-style videos covering various topics, has a forum, "metasploit-minute" video series could be useful +[OWASP top 10 web security risks](https://www.online.hack2secure.com/courses/owasp-top10-web-security-risk) | free courseware, requires account +[MIT OCW 6.858 Computer Systems Security](https://ocw.mit.edu/courses/electrical-engineering-and-computer-science/6-858-computer-systems-security-fall-2014/) | academic content, well organized, full-semester course, includes assigned readings, lectures, videos, required lab files. ###YouTube Channels Name | Description ---- | ---- -[OWASP](https://www.youtube.com/user/OWASPGLOBAL) - see OWASP above -[Hak5](https://www.youtube.com/user/Hak5Darren) - see Hak5 above -[BlackHat](https://www.youtube.com/channel/UCJ6q9Ie29ajGqKApbLqfBOg) - features talks from the BlackHat conferences around the world -[Christiaan008](https://www.youtube.com/channel/UCEPzS1rYsrkqzSLNp76nrcg) - hosts a variety of videos on various security topics, disorganized -[0patch by ACROS Security](https://www.youtube.com/channel/UCwlGrzF4on-bjiBhD8lO3QA) - few videos, very short, specific to 0patch -[Detectify](https://www.youtube.com/channel/UCm6N84sAaQ-BiNdCaaLT4qg) - very short videos, aimed at showing how to use Detictify scanner -[Kaspersky Lab](https://www.youtube.com/channel/UCGhEv7BFBWdo0k4UXTm2eZg) - lots of Kaspersky promos, some hidden cybersecurity gems -[Metasploit](https://www.youtube.com/channel/UCx4d2aRIfxfEUdS_5YIYKPg) - collection of medium length metasploit demos, ~25minutes each, instructional -[OpenNSM](https://www.youtube.com/user/OpenNSM/feed) - network analysis, lots of TCPDUMP videos, instructional, -[Rapid7](https://www.youtube.com/channel/UCnctXOUIeRFu1BR5O0W5e9w) - brief videos, promotional/instructional, ~ 5 minutes -[Securelist](https://www.youtube.com/user/Securelist/featured) - brief videos, interviews discussing various cyber security topics -[Segment Security](https://www.youtube.com/channel/UCMCI9TE3-PZ7CgKk7X6Qd_w/featured) - promo videos, non-instructional -[SocialEngineerOrg](https://www.youtube.com/channel/UCC1vbVVbYdNe-OZRldj-U6g) - podcast-style, instructional, lengthy content ~1 hr each -[Sonatype](https://www.youtube.com/user/sonatype/featured) - lots of random videos, a good cluster of DevOps related content, large range of lengths, disorganized -[SophosLabs](https://www.youtube.com/user/SophosLabs/featured) - lots of brief, news-style content, "7 Deadly IT Sins" segment is of note -[Sourcefire](https://www.youtube.com/user/SourcefireInc/featured) - lots of brief videos covering topics like botnets, DDoS ~5 minutes each -[Station X](https://www.youtube.com/channel/UC-vWmE-BHcUrYW5zwDijL1g) - handful of brief videos, disorganized, unscheduled content updates -[Synack](https://www.youtube.com/channel/UCRH0mvESjZ7eKY1LJZDPIbw/featured) - random, news-style videos, disorganized, non-instructional -[TippingPoint Zero Day Initiative](https://www.youtube.com/channel/UChbH7B5YhXANmlMYJRHpw0g) - very brief videos ~30 sec, somewhat instructional -[Tripwire, Inc.](https://www.youtube.com/user/TripwireInc/videos) - some tripwire demos, and random news-style videos, non-instructional -[Vincent Yiu](https://www.youtube.com/channel/UCFVI3_M1zqFzEok2sTeEP8w/featured) - handful of videos from a single hacker, instructional -[nVisium](https://www.youtube.com/channel/UCTE8R-Otq_kVTo08eLsfeyg) - Some nVisum promos, a handful of instructional series on Rails vulns and web hacking -[ntop](https://www.youtube.com/channel/UCUYWuYlYKD5Yq5qBz0AIXJw/feed) - network monitoring, packet analysis, instructional -[44contv](https://www.youtube.com/user/44contv) - information security con based in London, lengthy instructional videos -[BruCON Security Conference](https://www.youtube.com/channel/UCqwMU1l90lf9BLersW6eAHw) - security and hacker conference based in b\Belgium, lots of lengthy instructinoal videos -[BSides Manchester](https://www.youtube.com/channel/UC1mLiimOTqZFK98VwM8Ke4w) - security and hacker con based in Mancheseter, lots of lengthy videos -[BSidesAugusta](https://www.youtube.com/channel/UC85CvsnrVlD_44eEgzb2OfA) - security con based in Augusta, Georgia, lots of lengthy instructional videos -[CarolinaCon](https://www.youtube.com/channel/UCTY3Dpz68CyrjwRzqkE4sFw) - security con based in North Carolina, associated with various 2600 chapters, lots of lengthy instructional content -[Cort Johnson](https://www.youtube.com/channel/UCV9r-yMeARWVCJEesim25Ag) - a handful of lengthy con-style talks from Hack Secure Opensec 2017 -[DevSecCon](https://www.youtube.com/channel/UCgxhfP2Hi8MQYz6ZkwpLA0A) - lenghty con videos covering DevSecOps, making software more secure -[Garage4Hackers - Information Security](https://www.youtube.com/channel/UCDqagqREZlmJitWco-yPtvw/feed) - a handful of lengthy videos, About section lacks description -[HACKADAY](https://www.youtube.com/channel/UCnv0gfLQFNGPJ5MHSGuIAkw) - lots of random tech content, not strictly infosec, some instructional -[Hack In The Box Security Conference](https://www.youtube.com/channel/UC0BJVNTIEbG8CLG-xVVWJnA) - lengthy con-style instructional talks from an international security con -[Hack in Paris](https://www.youtube.com/channel/UC7xJU9_oqw-vS6OJExS-2iA) - security con based in paris, features lots of instructional talks, slides can be difficult to see. -[Hacklu](https://www.youtube.com/channel/UCI6B0zYvK-7FdM0Vgh3v3Tg/feed) - lots of lengthy con-style instructional videos -[Hacktivity](https://www.youtube.com/user/hacktivity/feed) - lots of lengthy con-style instructional videos from a con in central/eastern europe -[Hardwear.io](https://www.youtube.com/channel/UChwYb9xc9tZXquQxu4G0l_g/featured) - handful of lengthy con-style video, emphasis on hardware hacks -[IEEE Symposium on Security and Privacy](https://www.youtube.com/channel/UC6pXMS7qre9GZW7A7FVM90Q) - content from the symposium; IEEE is a professional association based in the us, they also publish various journals -[LASCON](https://www.youtube.com/channel/UCDHsOiMPS-SLppAOAJRD37Q) - lengthy con-style talks from an OWASP con held in Austin, TX -[Marcus Niemietz](https://www.youtube.com/channel/UCtThfJl65L04ukWp0XZi3yg/videos) - lots of instructional content, associated with HACKPRA, an offensive security course from an institute in Germany -[Media.ccc.de](https://www.youtube.com/channel/UC2TXq_t06Hjdr2g_KdKpHQg) - The real official channel of the chaos computer club, operated by the CCC VOC - tons of lengthy con-style vids -[NorthSec](https://www.youtube.com/channel/UCqVhMzTdQK5VAosAGkMtpJw) - lengthy con-style talks from an applied security conference in Canada -[Pancake Nopcode](https://www.youtube.com/channel/UC3G6k7XfTgcWD2PJR8qJSkQ) - channel of Radare2 whiz Sergi "pancake" Alvarez, Reverse Engineering Content -[Psiinon](https://www.youtube.com/channel/UC-3qyzm4f29C12KGp3-12bQ) - medium length instructional videos, for the OWASP Zed Attack Proxy -[SJSU Infosec](https://www.youtube.com/channel/UCDNzNvZlYK8jZLsUbdiGrsQ/videos) - handful of lengthy instructional videos from San Jose State university Infosec -[Secappdev.org](https://www.youtube.com/channel/UCSii2fuiLLlGqaR6sR_y0rA) - tons of lengthy instructional lectures on Secure App Development -[Security Fest](https://www.youtube.com/channel/UCByLDp7r7gHGoO7yYMYFeWQ) - medium length con-style talks from a security festival in Sweden -[SecurityTubeCons](https://www.youtube.com/channel/UC2wNN-Zqiq4J1PLPnyMBWUg) - an assortment of con-style talks from various cons including BlackHat and Shmoocon -[ToorCon](https://www.youtube.com/channel/UCnzjmL0xkTBYwFZD7agHGWw) - handful of medium length con videos from con based in San Diego, CA -[USENIX Enigma Conference](https://www.youtube.com/channel/UCIdV7bE97mSPTH1mOi_yUrw/feed) - medium length "round table discussion with leading experts", content starts in 2016 +[OWASP](https://www.youtube.com/user/OWASPGLOBAL)|see OWASP above +[Hak5](https://www.youtube.com/user/Hak5Darren)|see Hak5 above +[BlackHat](https://www.youtube.com/channel/UCJ6q9Ie29ajGqKApbLqfBOg)|features talks from the BlackHat conferences around the world +[Christiaan008](https://www.youtube.com/channel/UCEPzS1rYsrkqzSLNp76nrcg)|hosts a variety of videos on various security topics, disorganized +[0patch by ACROS Security](https://www.youtube.com/channel/UCwlGrzF4on-bjiBhD8lO3QA)|few videos, very short, specific to 0patch +[Detectify](https://www.youtube.com/channel/UCm6N84sAaQ-BiNdCaaLT4qg)|very short videos, aimed at showing how to use Detictify scanner +[Kaspersky Lab](https://www.youtube.com/channel/UCGhEv7BFBWdo0k4UXTm2eZg)|lots of Kaspersky promos, some hidden cybersecurity gems +[Metasploit](https://www.youtube.com/channel/UCx4d2aRIfxfEUdS_5YIYKPg)|collection of medium length metasploit demos, ~25minutes each, instructional +[OpenNSM](https://www.youtube.com/user/OpenNSM/feed)|network analysis, lots of TCPDUMP videos, instructional, +[Rapid7](https://www.youtube.com/channel/UCnctXOUIeRFu1BR5O0W5e9w)|brief videos, promotional/instructional, ~ 5 minutes +[Securelist](https://www.youtube.com/user/Securelist/featured)|brief videos, interviews discussing various cyber security topics +[Segment Security](https://www.youtube.com/channel/UCMCI9TE3-PZ7CgKk7X6Qd_w/featured)|promo videos, non-instructional +[SocialEngineerOrg](https://www.youtube.com/channel/UCC1vbVVbYdNe-OZRldj-U6g)|podcast-style, instructional, lengthy content ~1 hr each +[Sonatype](https://www.youtube.com/user/sonatype/featured)|lots of random videos, a good cluster of DevOps related content, large range of lengths, disorganized +[SophosLabs](https://www.youtube.com/user/SophosLabs/featured)|lots of brief, news-style content, "7 Deadly IT Sins" segment is of note +[Sourcefire](https://www.youtube.com/user/SourcefireInc/featured)|lots of brief videos covering topics like botnets, DDoS ~5 minutes each +[Station X](https://www.youtube.com/channel/UC-vWmE-BHcUrYW5zwDijL1g)|handful of brief videos, disorganized, unscheduled content updates +[Synack](https://www.youtube.com/channel/UCRH0mvESjZ7eKY1LJZDPIbw/featured)|random, news-style videos, disorganized, non-instructional +[TippingPoint Zero Day Initiative](https://www.youtube.com/channel/UChbH7B5YhXANmlMYJRHpw0g)|very brief videos ~30 sec, somewhat instructional +[Tripwire, Inc.](https://www.youtube.com/user/TripwireInc/videos)|some tripwire demos, and random news-style videos, non-instructional +[Vincent Yiu](https://www.youtube.com/channel/UCFVI3_M1zqFzEok2sTeEP8w/featured)|handful of videos from a single hacker, instructional +[nVisium](https://www.youtube.com/channel/UCTE8R-Otq_kVTo08eLsfeyg)|Some nVisum promos, a handful of instructional series on Rails vulns and web hacking +[ntop](https://www.youtube.com/channel/UCUYWuYlYKD5Yq5qBz0AIXJw/feed)|network monitoring, packet analysis, instructional +[44contv](https://www.youtube.com/user/44contv)|information security con based in London, lengthy instructional videos +[BruCON Security Conference](https://www.youtube.com/channel/UCqwMU1l90lf9BLersW6eAHw)|security and hacker conference based in b\Belgium, lots of lengthy instructinoal videos +[BSides Manchester](https://www.youtube.com/channel/UC1mLiimOTqZFK98VwM8Ke4w)|security and hacker con based in Mancheseter, lots of lengthy videos +[BSidesAugusta](https://www.youtube.com/channel/UC85CvsnrVlD_44eEgzb2OfA)|security con based in Augusta, Georgia, lots of lengthy instructional videos +[CarolinaCon](https://www.youtube.com/channel/UCTY3Dpz68CyrjwRzqkE4sFw)|security con based in North Carolina, associated with various 2600 chapters, lots of lengthy instructional content +[Cort Johnson](https://www.youtube.com/channel/UCV9r-yMeARWVCJEesim25Ag)|a handful of lengthy con-style talks from Hack Secure Opensec 2017 +[DevSecCon](https://www.youtube.com/channel/UCgxhfP2Hi8MQYz6ZkwpLA0A)|lenghty con videos covering DevSecOps, making software more secure +[Garage4Hackers|Information Security](https://www.youtube.com/channel/UCDqagqREZlmJitWco-yPtvw/feed)|a handful of lengthy videos, About section lacks description +[HACKADAY](https://www.youtube.com/channel/UCnv0gfLQFNGPJ5MHSGuIAkw)|lots of random tech content, not strictly infosec, some instructional +[Hack In The Box Security Conference](https://www.youtube.com/channel/UC0BJVNTIEbG8CLG-xVVWJnA)|lengthy con-style instructional talks from an international security con +[Hack in Paris](https://www.youtube.com/channel/UC7xJU9_oqw-vS6OJExS-2iA)|security con based in paris, features lots of instructional talks, slides can be difficult to see. +[Hacklu](https://www.youtube.com/channel/UCI6B0zYvK-7FdM0Vgh3v3Tg/feed)|lots of lengthy con-style instructional videos +[Hacktivity](https://www.youtube.com/user/hacktivity/feed)|lots of lengthy con-style instructional videos from a con in central/eastern europe +[Hardwear.io](https://www.youtube.com/channel/UChwYb9xc9tZXquQxu4G0l_g/featured)|handful of lengthy con-style video, emphasis on hardware hacks +[IEEE Symposium on Security and Privacy](https://www.youtube.com/channel/UC6pXMS7qre9GZW7A7FVM90Q)|content from the symposium; IEEE is a professional association based in the us, they also publish various journals +[LASCON](https://www.youtube.com/channel/UCDHsOiMPS-SLppAOAJRD37Q)|lengthy con-style talks from an OWASP con held in Austin, TX +[Marcus Niemietz](https://www.youtube.com/channel/UCtThfJl65L04ukWp0XZi3yg/videos)|lots of instructional content, associated with HACKPRA, an offensive security course from an institute in Germany +[Media.ccc.de](https://www.youtube.com/channel/UC2TXq_t06Hjdr2g_KdKpHQg)|The real official channel of the chaos computer club, operated by the CCC VOC|tons of lengthy con-style vids +[NorthSec](https://www.youtube.com/channel/UCqVhMzTdQK5VAosAGkMtpJw)|lengthy con-style talks from an applied security conference in Canada +[Pancake Nopcode](https://www.youtube.com/channel/UC3G6k7XfTgcWD2PJR8qJSkQ)|channel of Radare2 whiz Sergi "pancake" Alvarez, Reverse Engineering Content +[Psiinon](https://www.youtube.com/channel/UC-3qyzm4f29C12KGp3-12bQ)|medium length instructional videos, for the OWASP Zed Attack Proxy +[SJSU Infosec](https://www.youtube.com/channel/UCDNzNvZlYK8jZLsUbdiGrsQ/videos)|handful of lengthy instructional videos from San Jose State university Infosec +[Secappdev.org](https://www.youtube.com/channel/UCSii2fuiLLlGqaR6sR_y0rA)|tons of lengthy instructional lectures on Secure App Development +[Security Fest](https://www.youtube.com/channel/UCByLDp7r7gHGoO7yYMYFeWQ)|medium length con-style talks from a security festival in Sweden +[SecurityTubeCons](https://www.youtube.com/channel/UC2wNN-Zqiq4J1PLPnyMBWUg)|an assortment of con-style talks from various cons including BlackHat and Shmoocon +[ToorCon](https://www.youtube.com/channel/UCnzjmL0xkTBYwFZD7agHGWw)|handful of medium length con videos from con based in San Diego, CA +[USENIX Enigma Conference](https://www.youtube.com/channel/UCIdV7bE97mSPTH1mOi_yUrw/feed)|medium length "round table discussion with leading experts", content starts in 2016 * NEWS -[Corey Nachreiner](https://www.youtube.com/channel/UC7dUL0FbVPGqzdb2HtWw3Xg) - security newsbites, 2.7K subscribers, 2-3 videos a week, no set schedule -[Error 404 Cyber News](https://www.youtube.com/channel/UC4HcNHFKshqj-aeyi6imW7Q) - short screen-shot videos with loud metal, no dialog, bi-weekly -[Latest Hacking News](https://www.youtube.com/user/thefieldhouse/feed) - 10K followers, medium length screenshot videos, no recent releases -[Pentester Academy TV](https://www.youtube.com/channel/UChjC1q6Ami7W0E71TzPZELA) - lots of brief videos, very regular posting, up to +8 a week -[SecureNinjaTV](https://www.youtube.com/channel/UCNxfV4yR0nIlhFmfwcdf3BQ) - brief news bites, irregular posting, 18K followers -[Troy Hunt](https://www.youtube.com/channel/UCD6MWz4A61JaeGrvyoYl-rQ) - lone youtuber, medium length news videos, 16K followers, regular content -[Samy Kamkar's Applied Hacking](https://www.youtube.com/user/s4myk) - brief to medium length instructional vids from the creator of PoisonTap for the Raspberry Pi Zero, no recent content, last updated in 2016 -[danooct1](https://www.youtube.com/channel/UCqbkm47qBxDj-P3lI9voIAw) - lots of brief screenshot, how-to vids regarding malware, regular content updates, 186K followerss -[DedSec](https://www.youtube.com/channel/UCx34ZZW2KgezfUPPeL6m8Dw) - lots of brief screenshot how-to vids based in Kali, no recent posts. -[DEFCON Conference](https://www.youtube.com/channel/UC6Om9kAkl32dWlDSNlDS9Iw) - lots of lengthy con-style vids from the iconical DEFCON -[DemmSec](https://www.youtube.com/channel/UCJItQmwUrcW4VdUqWaRUNIg) - lots of pen testing vids, somewhat irregular uploads, 44K followers -[Don Does 30](https://www.youtube.com/channel/UCarxjDjSYsIf50Jm73V1D7g) - amateur pen-tester posting lots of brief screenshot vids regularly, 9K Followers -[Geeks Fort - KIF](https://www.youtube.com/channel/UC09NdTL2hkThGLSab8chJMw) - lots of brief screenshot vids, no recent posts -[iExplo1t](https://www.youtube.com/channel/UCx0HClQ_cv0sLNOVhoO2nxg/videos) - lots of screenshot vids aimed at novices, 5.7K Followers, no recent posts -[HACKING TUTORIALS](https://www.youtube.com/channel/UCbsn2kQwNxcIzHwbdDjzehA) - handful of brief screenshot vids, no recent posts. -[LiveOverflow](https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w) - Lots of brief-to-medium isntructional vids, covering things like buffer overflwos and exploit writing, regular posts. -[Metasploitation](https://www.youtube.com/channel/UC9Qa_gXarSmObPX3ooIQZrg) - lots of screenshot vids, little to no dialogue, all about using Metasploit, no recent vids. -[NetSecNow](https://www.youtube.com/channel/UC6J_GnSAi7F2hY4RmnMcWJw) - channel of pentesteruniversity.org, seems to post once a month, screenshot instructional vids -[Open SecurityTraining](https://www.youtube.com/channel/UCthV50MozQIfawL9a_g5rdg) - lots of lengthy lecture-style vids, no recent posts, but quality info. -[BalCCon - Balkan Computer Congress](https://www.youtube.com/channel/UCoHypmu8rxlB5Axh5JxFZsA) - Long con-style talks from the Balkan Computer Congress, doesn't update regularly -[Penetration Testing in Linux](https://www.youtube.com/channel/UC286ntgASMskhPIJQebJVvA) - DELETE -[rwbnetsec](https://www.youtube.com/channel/UCAJ8Clc3188ek9T_5XTVzZQ) - lots of medium length instructional videos covering tools from Kali 2.0, no recent posts. -[Security Weekly](https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg) - regular updates, lengthy podcst-style interview with industry pros -[Seytonic](https://www.youtube.com/channel/UCW6xlqxSY3gGur4PkGPEUeA) - variety of DIY hacking tutorials, hardware hacks, regular updates -[Shozab Haxor](https://www.youtube.com/channel/UCBwub2kRoercWQJ2mw82h3A) - lots of screenshot style instructional vids, regular updates, windows CLI tutorial -[SSTec Tutorials](https://www.youtube.com/channel/UCHvUTfxL_9bNQgqzekPWHtg) - lots of brief screenshot vids, regular updates -[Waleed Jutt](https://www.youtube.com/channel/UCeN7cOELsyMHrzfMsJUgv3Q) - lots of brief screenshot vids covering web security and game programming -[webpwnized](https://www.youtube.com/channel/UCPeJcqbi8v46Adk59plaaXg) - lots of brief screenshot vids, some CTF walkthroughs -[JackkTutorials](https://www.youtube.com/channel/UC64x_rKHxY113KMWmprLBPA) - lots of medium length instructional vids with some AskMe vids from the youtuber -[Zer0Mem0ry](https://www.youtube.com/channel/UCDk155eaoariJF2Dn2j5WKA) - lots of brief c++ security videos, programming intensive -[LionSec](https://www.youtube.com/channel/UCCQLBOt_hbGE-b9I696VRow) - lots of brief screenshot instructional vids, no dialog -[Adrian Crenshaw](https://www.youtube.com/user/irongeek) - lots of lengthy con0style talks -[HackerSploit](https://www.youtube.com/channel/UC0ZTPkdxlAKf-V33tqXwi3Q) - regular posts, medium length screenshot vids, with dialog -[Derek Rook - CTF/Boot2root/wargames Walkthrough](https://www.youtube.com/channel/UCMACXuWd2w6_IEGog744UaA) - lots of lengthy screenshot instructional vids, with +[Corey Nachreiner](https://www.youtube.com/channel/UC7dUL0FbVPGqzdb2HtWw3Xg)|security newsbites, 2.7K subscribers, 2-3 videos a week, no set schedule +[Error 404 Cyber News](https://www.youtube.com/channel/UC4HcNHFKshqj-aeyi6imW7Q)|short screen-shot videos with loud metal, no dialog, bi-weekly +[Latest Hacking News](https://www.youtube.com/user/thefieldhouse/feed)|10K followers, medium length screenshot videos, no recent releases +[Pentester Academy TV](https://www.youtube.com/channel/UChjC1q6Ami7W0E71TzPZELA)|lots of brief videos, very regular posting, up to +8 a week +[SecureNinjaTV](https://www.youtube.com/channel/UCNxfV4yR0nIlhFmfwcdf3BQ)|brief news bites, irregular posting, 18K followers +[Troy Hunt](https://www.youtube.com/channel/UCD6MWz4A61JaeGrvyoYl-rQ)|lone youtuber, medium length news videos, 16K followers, regular content +[Samy Kamkar's Applied Hacking](https://www.youtube.com/user/s4myk)|brief to medium length instructional vids from the creator of PoisonTap for the Raspberry Pi Zero, no recent content, last updated in 2016 +[danooct1](https://www.youtube.com/channel/UCqbkm47qBxDj-P3lI9voIAw)|lots of brief screenshot, how-to vids regarding malware, regular content updates, 186K followerss +[DedSec](https://www.youtube.com/channel/UCx34ZZW2KgezfUPPeL6m8Dw)|lots of brief screenshot how-to vids based in Kali, no recent posts. +[DEFCON Conference](https://www.youtube.com/channel/UC6Om9kAkl32dWlDSNlDS9Iw)|lots of lengthy con-style vids from the iconical DEFCON +[DemmSec](https://www.youtube.com/channel/UCJItQmwUrcW4VdUqWaRUNIg)|lots of pen testing vids, somewhat irregular uploads, 44K followers +[Don Does 30](https://www.youtube.com/channel/UCarxjDjSYsIf50Jm73V1D7g)|amateur pen-tester posting lots of brief screenshot vids regularly, 9K Followers +[Geeks Fort|KIF](https://www.youtube.com/channel/UC09NdTL2hkThGLSab8chJMw)|lots of brief screenshot vids, no recent posts +[iExplo1t](https://www.youtube.com/channel/UCx0HClQ_cv0sLNOVhoO2nxg/videos)|lots of screenshot vids aimed at novices, 5.7K Followers, no recent posts +[HACKING TUTORIALS](https://www.youtube.com/channel/UCbsn2kQwNxcIzHwbdDjzehA)|handful of brief screenshot vids, no recent posts. +[LiveOverflow](https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w)|Lots of brief-to-medium isntructional vids, covering things like buffer overflwos and exploit writing, regular posts. +[Metasploitation](https://www.youtube.com/channel/UC9Qa_gXarSmObPX3ooIQZrg)|lots of screenshot vids, little to no dialogue, all about using Metasploit, no recent vids. +[NetSecNow](https://www.youtube.com/channel/UC6J_GnSAi7F2hY4RmnMcWJw)|channel of pentesteruniversity.org, seems to post once a month, screenshot instructional vids +[Open SecurityTraining](https://www.youtube.com/channel/UCthV50MozQIfawL9a_g5rdg)|lots of lengthy lecture-style vids, no recent posts, but quality info. +[BalCCon|Balkan Computer Congress](https://www.youtube.com/channel/UCoHypmu8rxlB5Axh5JxFZsA)|Long con-style talks from the Balkan Computer Congress, doesn't update regularly +[Penetration Testing in Linux](https://www.youtube.com/channel/UC286ntgASMskhPIJQebJVvA)|DELETE +[rwbnetsec](https://www.youtube.com/channel/UCAJ8Clc3188ek9T_5XTVzZQ)|lots of medium length instructional videos covering tools from Kali 2.0, no recent posts. +[Security Weekly](https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg)|regular updates, lengthy podcst-style interview with industry pros +[Seytonic](https://www.youtube.com/channel/UCW6xlqxSY3gGur4PkGPEUeA)|variety of DIY hacking tutorials, hardware hacks, regular updates +[Shozab Haxor](https://www.youtube.com/channel/UCBwub2kRoercWQJ2mw82h3A)|lots of screenshot style instructional vids, regular updates, windows CLI tutorial +[SSTec Tutorials](https://www.youtube.com/channel/UCHvUTfxL_9bNQgqzekPWHtg)|lots of brief screenshot vids, regular updates +[Waleed Jutt](https://www.youtube.com/channel/UCeN7cOELsyMHrzfMsJUgv3Q)|lots of brief screenshot vids covering web security and game programming +[webpwnized](https://www.youtube.com/channel/UCPeJcqbi8v46Adk59plaaXg)|lots of brief screenshot vids, some CTF walkthroughs +[JackkTutorials](https://www.youtube.com/channel/UC64x_rKHxY113KMWmprLBPA)|lots of medium length instructional vids with some AskMe vids from the youtuber +[Zer0Mem0ry](https://www.youtube.com/channel/UCDk155eaoariJF2Dn2j5WKA)|lots of brief c++ security videos, programming intensive +[LionSec](https://www.youtube.com/channel/UCCQLBOt_hbGE-b9I696VRow)|lots of brief screenshot instructional vids, no dialog +[Adrian Crenshaw](https://www.youtube.com/user/irongeek)|lots of lengthy con0style talks +[HackerSploit](https://www.youtube.com/channel/UC0ZTPkdxlAKf-V33tqXwi3Q)|regular posts, medium length screenshot vids, with dialog +[Derek Rook-CTF/Boot2root/wargames Walkthrough](https://www.youtube.com/channel/UCMACXuWd2w6_IEGog744UaA)|lots of lengthy screenshot instructional vids, with ###Sharpening Your Skills Name | Description ---- | ---- -[OWASP Security Shepherd](https://security-shepherd.ctf365.com/login.jsp) - BROKEN AS OF 11/6 -[CTFLearn](https://ctflearn.com/) - an account-based ctf site, where users can go in and solve a range of challenges -[CTFs write-ups](https://github.com/ctfs) - a collection of writeups from various CTFs, organized by -[CTF365](https://ctf365.com/) - account based ctf site, awarded by Kaspersky, MIT, T-Mobile -[Pentestit](https://lab.pentestit.ru/) - acocunt based CTF site, users have to install open VPN and get credentials -[Hacksplaining](https://www.hacksplaining.com/) - a clickthrough security informational site, very good for beginners. -[The cryptopals crypto challenges](http://cryptopals.com/) - A bunch of CTF challenges, all focused on cryptography. -[The enigma group](https://www.enigmagroup.org/) - web application security training, account based, video tutorials -[Ringzer0 Team](https://ringzer0team.com/challenges) - an account based CTF site, hosting over 272 challenges -[Hack The Box](https://www.hackthebox.gr/en/login) - Pen testing labs hosting over 39 vulnerable machines with two additional added every month -[Over the wire](http://overthewire.org/wargames/) - A CTF that's based on progressive levels for each lab, the users SSH in, no account recquired -[Backdoor](https://backdoor.sdslabs.co) - pen testing labs that have a space for beginners, a practice arena and various competitions, account required -[Vulnhub](https://www.vulnhub.com/) - site hosts a ton of different vulnerable Virtual Machine images, download and get hacking -[Hack.me](https://hack.me/) - lets you build/host/attack vulnerable web apps -[Hack this site!](https://www.hackthissite.org/) - an oldy but goodie, account required, users start at low levels and progress in difficulty -[Exploit exercises](https://exploit-exercises.com/) - hosts 5 fulnerable virtual machines for you to attack, no account required -[PentesterLab](https://pentesterlab.com/) - hosts a variety of exercises as well as various "bootcamps" focused on specific activities -[SmashTheStack](http://smashthestack.org/wargames.html) - hosts various challenges, similar to OverTheWire, users must SSH into the machines and progress in levels -[PicoCTF](https://2017game.picoctf.com/) - CTF hosted by Carnegie Mellon, occurs yearly, account required. -[Shellter Labs](https://shellterlabs.com/en/) - account based infosec labs, they aim at making these activities social -[Pentest Practice](https://www.pentestpractice.com/) - account based Pentest practice, free to sign up, but there's also a pay-as-you-go feature -[Pentest.training](https://pentest.training) - lots of various labs/VMS for you to try and hack, registry is optional. -[pwnable.kr](http://pwnable.kr/) - Don't let the cartoon characters fool you, this is a serious CTF site that will teach you a lot, account required -[pwnable.tw](http://pwnable.tw/) - hosts 27 challenges accompanied with writeups, account required -[hackburger.ee](http://hackburger.ee/) - hosts a number of web hacking challenges, account required -[http://noe.systems/](http://noe.systems/) - Korean challenge site, requires an account -[Hacker Gateway](https://www.hackergateway.com/) - ctfs covering steganography, cryptography, and web challengs, account required -[Solve Me](http://solveme.safflower.kr/) - "yet another challenge", account required. -[Challenge Land](http://challengeland.co/) - Ctf site with a twist, no simple sign-up, you have to solve a challengeto even get that far! -[Participating Challenge Sites](http://www.wechall.net/active_sites/all/by/site_avg/DESC/page-1) - aims at creating a universal ranking for CTF participants -[Hacker test](http://www.hackertest.net/) - similar to "hackthissite", no account required. -[Crackmes.de Archive (2011-2015)](https://tuts4you.com/download.php?view.3152) - a reverse engineering information Repo, started in 2003 -[ROP Emporium](https://ropemporium.com/) - Return Oriented Programming challenges -[Google's XSS game](https://xss-game.appspot.com/) - XSS challenges, an dpotentially a chance to get paid! +[OWASP Security Shepherd](https://security-shepherd.ctf365.com/login.jsp)|BROKEN AS OF 11/6 +[CTFLearn](https://ctflearn.com/)|an account-based ctf site, where users can go in and solve a range of challenges +[CTFs write-ups](https://github.com/ctfs)|a collection of writeups from various CTFs, organized by +[CTF365](https://ctf365.com/)|account based ctf site, awarded by Kaspersky, MIT, T-Mobile +[Pentestit](https://lab.pentestit.ru/)|acocunt based CTF site, users have to install open VPN and get credentials +[Hacksplaining](https://www.hacksplaining.com/)|a clickthrough security informational site, very good for beginners. +[The cryptopals crypto challenges](http://cryptopals.com/)|A bunch of CTF challenges, all focused on cryptography. +[The enigma group](https://www.enigmagroup.org/)|web application security training, account based, video tutorials +[Ringzer0 Team](https://ringzer0team.com/challenges)|an account based CTF site, hosting over 272 challenges +[Hack The Box](https://www.hackthebox.gr/en/login)|Pen testing labs hosting over 39 vulnerable machines with two additional added every month +[Over the wire](http://overthewire.org/wargames/)|A CTF that's based on progressive levels for each lab, the users SSH in, no account recquired +[Backdoor](https://backdoor.sdslabs.co)|pen testing labs that have a space for beginners, a practice arena and various competitions, account required +[Vulnhub](https://www.vulnhub.com/)|site hosts a ton of different vulnerable Virtual Machine images, download and get hacking +[Hack.me](https://hack.me/)|lets you build/host/attack vulnerable web apps +[Hack this site!](https://www.hackthissite.org/)|an oldy but goodie, account required, users start at low levels and progress in difficulty +[Exploit exercises](https://exploit-exercises.com/)|hosts 5 fulnerable virtual machines for you to attack, no account required +[PentesterLab](https://pentesterlab.com/)|hosts a variety of exercises as well as various "bootcamps" focused on specific activities +[SmashTheStack](http://smashthestack.org/wargames.html)|hosts various challenges, similar to OverTheWire, users must SSH into the machines and progress in levels +[PicoCTF](https://2017game.picoctf.com/)|CTF hosted by Carnegie Mellon, occurs yearly, account required. +[Shellter Labs](https://shellterlabs.com/en/)|account based infosec labs, they aim at making these activities social +[Pentest Practice](https://www.pentestpractice.com/)|account based Pentest practice, free to sign up, but there's also a pay-as-you-go feature +[Pentest.training](https://pentest.training)|lots of various labs/VMS for you to try and hack, registry is optional. +[pwnable.kr](http://pwnable.kr/)|Don't let the cartoon characters fool you, this is a serious CTF site that will teach you a lot, account required +[pwnable.tw](http://pwnable.tw/)|hosts 27 challenges accompanied with writeups, account required +[hackburger.ee](http://hackburger.ee/)|hosts a number of web hacking challenges, account required +[http://noe.systems/](http://noe.systems/)|Korean challenge site, requires an account +[Hacker Gateway](https://www.hackergateway.com/)|ctfs covering steganography, cryptography, and web challengs, account required +[Solve Me](http://solveme.safflower.kr/)|"yet another challenge", account required. +[Challenge Land](http://challengeland.co/)|Ctf site with a twist, no simple sign-up, you have to solve a challengeto even get that far! +[Participating Challenge Sites](http://www.wechall.net/active_sites/all/by/site_avg/DESC/page-1)|aims at creating a universal ranking for CTF participants +[Hacker test](http://www.hackertest.net/)|similar to "hackthissite", no account required. +[Crackmes.de Archive (2011-2015)](https://tuts4you.com/download.php?view.3152)|a reverse engineering information Repo, started in 2003 +[ROP Emporium](https://ropemporium.com/)|Return Oriented Programming challenges +[Google's XSS game](https://xss-game.appspot.com/)|XSS challenges, an dpotentially a chance to get paid! ###Reverse Engineering, Buffer Overflow and Exploit Development Name | Description ---- | ---- -[Shell storm](http://shell-storm.org/) - Blog style collection with organized info about Rev. Engineering. -[Buffer Overflow Exploitation Megaprimer for Linux](http://www.securitytube.net/groups?operation=view&groupId=4) - Collection of Linux Rev. Engineering videos -[Reverse Engineering Malware 101](https://securedorg.github.io/RE101/) - intro course created by Malware Unicorn, complete with material and two VM's -[Reverse Engineering Malware 102](https://securedorg.github.io/RE102/) - the sequel to RE102 -[Modern Binary Exploitation - CSCI 4968](https://github.com/RPISEC/MBE) - RE challenges, you can download the files or download the VM created by RPISEC specifically for challenges, also links to their home page with tons of infosec lectures -[Introductory Intel x86](http://www.opensecuritytraining.info/IntroX86.html) - 63 days of OS class materials, 29 classes, 24 instructors, no account required -[Binary hacking](http://liveoverflow.com/binary_hacking/index.html) - 35 "no bullshit" binary videos along with other info -[Shellcode Injection](https://dhavalkapil.com/blogs/Shellcode-Injection/) - a blog entry from a grad student at SDS Labs -[Reverse Engineering for Beginners](https://beginners.re/RE4B-EN.pdf) - huge OS textbook, created by Dennis Yurichev -[Exploit tutorials](http://www.primalsecurity.net/tutorials/exploit-tutorials/) - a series of 9 exploit tutorials,also features a podcast -[Exploit development](https://0x00sec.org/c/exploit-development) - links to the forum's exploit dev posts, quality and post style will vary with each poster -[Corelan tutorials](https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/) - detailed tutorial, lots of good information about memory -[Reverse engineering reading list](https://github.com/onethawt/reverseengineering-reading-list/blob/master/README.md) - a github collection of RE tools and books -[Reverse Engineering challenges](https://challenges.re/) - collection of challenges from the writer of RE for Beginners -[Reverse Engineering for beginners (GitHub project)](https://github.com/dennis714/RE-for-beginners) - github for the above -[reversing.kr challenges](http://www.reversing.kr/challenge.php) - reverse engineering challenges varying in difficulty -[Analysis and exploitation (unprivileged)](https://www.it-sec-catalog.info/analysis_and_exploitation_unprivileged.html) - huge collection of RE information, organized by type. -[A Course on Intermediate Level Linux Exploitation](https://github.com/nnamon/linux-exploitation-course) - as the title says, this course isn't for beginners -[Lena's Reversing for Newbies (Complete)](https://tuts4you.com/download.php?view.2876) - listing of a lengthy resource by Lena, aimed at being a course -[Megabeets journey into Radare2](https://www.megabeets.net/a-journey-into-radare-2-part-1/) - one user's radare2 tutorials -[Introduction to ARM Assembly Basics] (https://azeria-labs.com/writing-arm-assembly-part-1/) - tons of tutorials from infosec pro Azeria, follow her on twitter -[Linux (x86) Exploit Development Series](https://sploitfun.wordpress.com/2015/06/26/linux-x86-exploit-development-tutorial-series/) - blog post by sploitfun, has 3 different levels +[Shell storm](http://shell-storm.org/)|Blog style collection with organized info about Rev. Engineering. +[Buffer Overflow Exploitation Megaprimer for Linux](http://www.securitytube.net/groups?operation=view&groupId=4)|Collection of Linux Rev. Engineering videos +[Reverse Engineering Malware 101](https://securedorg.github.io/RE101/)|intro course created by Malware Unicorn, complete with material and two VM's +[Reverse Engineering Malware 102](https://securedorg.github.io/RE102/)|the sequel to RE102 +[Modern Binary Exploitation|CSCI 4968](https://github.com/RPISEC/MBE)|RE challenges, you can download the files or download the VM created by RPISEC specifically for challenges, also links to their home page with tons of infosec lectures +[Introductory Intel x86](http://www.opensecuritytraining.info/IntroX86.html)|63 days of OS class materials, 29 classes, 24 instructors, no account required +[Binary hacking](http://liveoverflow.com/binary_hacking/index.html)|35 "no bullshit" binary videos along with other info +[Shellcode Injection](https://dhavalkapil.com/blogs/Shellcode-Injection/)|a blog entry from a grad student at SDS Labs +[Reverse Engineering for Beginners](https://beginners.re/RE4B-EN.pdf)|huge OS textbook, created by Dennis Yurichev +[Exploit tutorials](http://www.primalsecurity.net/tutorials/exploit-tutorials/)|a series of 9 exploit tutorials,also features a podcast +[Exploit development](https://0x00sec.org/c/exploit-development)|links to the forum's exploit dev posts, quality and post style will vary with each poster +[Corelan tutorials](https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/)|detailed tutorial, lots of good information about memory +[Reverse engineering reading list](https://github.com/onethawt/reverseengineering-reading-list/blob/master/README.md)|a github collection of RE tools and books +[Reverse Engineering challenges](https://challenges.re/)|collection of challenges from the writer of RE for Beginners +[Reverse Engineering for beginners (GitHub project)](https://github.com/dennis714/RE-for-beginners)|github for the above +[reversing.kr challenges](http://www.reversing.kr/challenge.php)|reverse engineering challenges varying in difficulty +[Analysis and exploitation (unprivileged)](https://www.it-sec-catalog.info/analysis_and_exploitation_unprivileged.html)|huge collection of RE information, organized by type. +[A Course on Intermediate Level Linux Exploitation](https://github.com/nnamon/linux-exploitation-course)|as the title says, this course isn't for beginners +[Lena's Reversing for Newbies (Complete)](https://tuts4you.com/download.php?view.2876)|listing of a lengthy resource by Lena, aimed at being a course +[Megabeets journey into Radare2](https://www.megabeets.net/a-journey-into-radare-2-part-1/)|one user's radare2 tutorials +[Introduction to ARM Assembly Basics] (https://azeria-labs.com/writing-arm-assembly-part-1/)|tons of tutorials from infosec pro Azeria, follow her on twitter +[Linux (x86) Exploit Development Series](https://sploitfun.wordpress.com/2015/06/26/linux-x86-exploit-development-tutorial-series/)|blog post by sploitfun, has 3 different levels ###Privilege Escalation Name | Description ---- | ---- -[Reach the root](https://hackmag.com/security/reach-the-root/) - discusses a process for linux privilege exploitation -[Basic linux privilege escalation](https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/) - basic linux exploitation, also covers Windows -[Windows Privilege Escalation](http://www.bhafsec.com/wiki/index.php/Windows_Privilege_Escalation) - collection of wiki pages covering Windows Privilege escalation -[Privilege escalation for Windows and Linux](https://github.com/AusJock/Privilege-Escalation) - covers a couple different exploits for Windows and Linux -[Windows Privilege Escalation Fundamentals](http://www.fuzzysecurity.com/tutorials/16.html) - collection of great info/tutorials, option to contribute to the creator through patreon, creator is an OSCP -[RootHelper](https://github.com/NullArray/RootHelper) - a tool that runs various enumeration scripts to check for privilege escalation -[Windows exploits, mostly precompiled.](https://github.com/abatchy17/WindowsExploits) - precompiled windows exploits, could be useful for reverse engineering too -[Unix privesc checker](http://pentestmonkey.net/tools/audit/unix-privesc-check) - a script that checks for PE vulnerabilities on a system -[Privilege escalation linux with live example](http://resources.infosecinstitute.com/privilege-escalation-linux-live-examples/) - covers a couple common PE methods in linux -[Windows privilege escalation checker](https://github.com/netbiosX/Checklists/blob/master/Windows-Privilege-Escalation.md) - a list of topics that link to pentestlab.blog, all related to windows privilege escalation -[Linux Privilege Escalation Scripts](http://netsec.ws/?p=309#more-309) - a list of PE checking scripts, some may have already been covered -[AutoLocalPrivilegeEscalation](https://github.com/ngalongc/AutoLocalPrivilegeEscalation) - automated scripts that downloads and compiles from exploitdb -[Linux Privilege Escalation Check Script](https://github.com/sleventyeleven/linuxprivchecker) - a simple linux PE check script -[Local Linux Enumeration & Privilege Escalation Cheatsheet](https://www.rebootuser.com/?p=1623) - good resources that could be compiled into a script -[4 Ways get linux privilege escalation](http://www.hackingarticles.in/4-ways-get-linux-privilege-escalation/) - shows different examples of PE +[Reach the root](https://hackmag.com/security/reach-the-root/)|discusses a process for linux privilege exploitation +[Basic linux privilege escalation](https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/)|basic linux exploitation, also covers Windows +[Windows Privilege Escalation](http://www.bhafsec.com/wiki/index.php/Windows_Privilege_Escalation)|collection of wiki pages covering Windows Privilege escalation +[Privilege escalation for Windows and Linux](https://github.com/AusJock/Privilege-Escalation)|covers a couple different exploits for Windows and Linux +[Windows Privilege Escalation Fundamentals](http://www.fuzzysecurity.com/tutorials/16.html)|collection of great info/tutorials, option to contribute to the creator through patreon, creator is an OSCP +[RootHelper](https://github.com/NullArray/RootHelper)|a tool that runs various enumeration scripts to check for privilege escalation +[Windows exploits, mostly precompiled.](https://github.com/abatchy17/WindowsExploits)|precompiled windows exploits, could be useful for reverse engineering too +[Unix privesc checker](http://pentestmonkey.net/tools/audit/unix-privesc-check)|a script that checks for PE vulnerabilities on a system +[Privilege escalation linux with live example](http://resources.infosecinstitute.com/privilege-escalation-linux-live-examples/)|covers a couple common PE methods in linux +[Windows privilege escalation checker](https://github.com/netbiosX/Checklists/blob/master/Windows-Privilege-Escalation.md)|a list of topics that link to pentestlab.blog, all related to windows privilege escalation +[Linux Privilege Escalation Scripts](http://netsec.ws/?p=309#more-309)|a list of PE checking scripts, some may have already been covered +[AutoLocalPrivilegeEscalation](https://github.com/ngalongc/AutoLocalPrivilegeEscalation)|automated scripts that downloads and compiles from exploitdb +[Linux Privilege Escalation Check Script](https://github.com/sleventyeleven/linuxprivchecker)|a simple linux PE check script +[Local Linux Enumeration & Privilege Escalation Cheatsheet](https://www.rebootuser.com/?p=1623)|good resources that could be compiled into a script +[4 Ways get linux privilege escalation](http://www.hackingarticles.in/4-ways-get-linux-privilege-escalation/)|shows different examples of PE ###Malware Analysis Name | Description ---- | ---- -[Malware traffic analysis](http://www.malware-traffic-analysis.net/) - list of traffic analysis exercises -[Malware Analysis - CSCI 4976](https://github.com/RPISEC/Malware/blob/master/README.md) - another class from the folks at RPISEC, quality content +[Malware traffic analysis](http://www.malware-traffic-analysis.net/)|list of traffic analysis exercises +[Malware Analysis|CSCI 4976](https://github.com/RPISEC/Malware/blob/master/README.md)|another class from the folks at RPISEC, quality content ###Network Scanning / Reconnaissance Name | Description ---- | ---- -[Foot Printing with WhoIS/DNS records](https://www.sans.org/reading-room/whitepapers/hackers/fundamentals-computer-hacking-956) - a white paper from SANS -[Google Dorks/Google Hacking](https://d4msec.wordpress.com/2015/09/03/google-dorks-for-finding-emails-admin-users-etc/) - list of commands for google hacks, unleash the power of the world's biggest search engine +[Foot Printing with WhoIS/DNS records](https://www.sans.org/reading-room/whitepapers/hackers/fundamentals-computer-hacking-956)|a white paper from SANS +[Google Dorks/Google Hacking](https://d4msec.wordpress.com/2015/09/03/google-dorks-for-finding-emails-admin-users-etc/)|list of commands for google hacks, unleash the power of the world's biggest search engine ###Vulnerable Web Application Name | Description ---- | ---- -[OWASP Hackademic Challenges project](https://github.com/Hackademic/hackademic/) - web hacking challenges -[bWAPP](http://www.itsecgames.com/) - common buggy web app for hacking, great for beginners, lots of documentation -[Damn Vulnerable Web Application (DVWA)](http://www.dvwa.co.uk/) - PHP/MySQL web app for testing skills and tools -[WebGoat: A deliberately insecure Web Application](https://github.com/WebGoat/WebGoat) - maintained by OWASP and designed to to teach web app security -[OWASP Mutillidae II](https://sourceforge.net/projects/mutillidae/files/) - another OWASP vulnerable app, lots of documentation. -[OWASP Broken Web Applications Project](https://github.com/chuckfw/owaspbwa/) - hosts a collection of broken web apps -[Damn Small Vulnerable Web](https://github.com/stamparm/DSVW) - written in less than 100 lines of code, this web app has tons of vulns, great for teaching -[OWASP Juice Shop](https://github.com/bkimminich/juice-shop) - covers the OWASP top 10 vulns -[Google Gruyere](https://google-gruyere.appspot.com/) - host of challenges on this cheesy web app +[OWASP Hackademic Challenges project](https://github.com/Hackademic/hackademic/)|web hacking challenges +[bWAPP](http://www.itsecgames.com/)|common buggy web app for hacking, great for beginners, lots of documentation +[Damn Vulnerable Web Application (DVWA)](http://www.dvwa.co.uk/)|PHP/MySQL web app for testing skills and tools +[WebGoat: A deliberately insecure Web Application](https://github.com/WebGoat/WebGoat)|maintained by OWASP and designed to to teach web app security +[OWASP Mutillidae II](https://sourceforge.net/projects/mutillidae/files/)|another OWASP vulnerable app, lots of documentation. +[OWASP Broken Web Applications Project](https://github.com/chuckfw/owaspbwa/)|hosts a collection of broken web apps +[Damn Small Vulnerable Web](https://github.com/stamparm/DSVW)|written in less than 100 lines of code, this web app has tons of vulns, great for teaching +[OWASP Juice Shop](https://github.com/bkimminich/juice-shop)|covers the OWASP top 10 vulns +[Google Gruyere](https://google-gruyere.appspot.com/)|host of challenges on this cheesy web app ###Vulnerable OS Name | Description ---- | ---- -[Metasploitable2 (Linux)](https://sourceforge.net/projects/metasploitable/files/Metasploitable2/) - vulnerable OS, great for practicing hacking -[Metasploitable3](https://github.com/rapid7/metasploitable3) \[[Installation](https://github.com/rapid7/metasploitable3/blob/master/README.md)\] - the third installation of this vulnerable OS -[Vulnhub](https://www.vulnhub.com/) - collection of tons of different vulnerable OS and challenges -[General Test Environment Guidance](https://community.rapid7.com/docs/DOC-2196) - white paper from the pros at rapid7 +[Metasploitable2 (Linux)](https://sourceforge.net/projects/metasploitable/files/Metasploitable2/)|vulnerable OS, great for practicing hacking +[Metasploitable3](https://github.com/rapid7/metasploitable3) \[[Installation](https://github.com/rapid7/metasploitable3/blob/master/README.md)\]|the third installation of this vulnerable OS +[Vulnhub](https://www.vulnhub.com/)|collection of tons of different vulnerable OS and challenges +[General Test Environment Guidance](https://community.rapid7.com/docs/DOC-2196)|white paper from the pros at rapid7 ###Linux Penetration Testing OS ---- | ---- -[BackBox](https://backbox.org/index) - open source community project, promoting security in IT enivornments -[BlackArch](https://blackarch.org/index.html) - Arch Linux based pentesting distro, compatible with Arch installs -[Kali](http://kali.org/) - the infamous pentesting distro from the folks at Offensive Security -[LionSec Linux](https://lionsec-linux.org/) - pentesting OS based on Ubuntu -[Parrot ](https://www.parrotsec.org/) - Debian includes full portable lab for security, DFIR, and development -[Bugtraq](http://bugtraq-team.com/) - advanced GNU Linux pen-testing technology -[Android Tamer](https://androidtamer.com//) - Android Tamer is a Virtual / Live Platform for Android Security professionals. +[BackBox](https://backbox.org/index)|open source community project, promoting security in IT enivornments +[BlackArch](https://blackarch.org/index.html)|Arch Linux based pentesting distro, compatible with Arch installs +[Kali](http://kali.org/)|the infamous pentesting distro from the folks at Offensive Security +[LionSec Linux](https://lionsec-linux.org/)|pentesting OS based on Ubuntu +[Parrot ](https://www.parrotsec.org/)|Debian includes full portable lab for security, DFIR, and development +[Bugtraq](http://bugtraq-team.com/)|advanced GNU Linux pen-testing technology +[Android Tamer](https://androidtamer.com//)|Android Tamer is a Virtual / Live Platform for Android Security professionals. ###Exploits Name | Description ---- | ---- -[Exploit Database](https://www.exploit-db.com/) - database of a wide variety exploits, CVE compliant archive -[CXsecurity](https://cxsecurity.com/exploit/) - Indie cybersecurity info managed by 1 person -[0day.today](http://0day.today/) - Easy to navigate databse of exploits -[Snyk Vulnerability DB](https://snyk.io/vuln/) - detailed info and remediation guidance for known vulns, also allows you to test your code +[Exploit Database](https://www.exploit-db.com/)|database of a wide variety exploits, CVE compliant archive +[CXsecurity](https://cxsecurity.com/exploit/)|Indie cybersecurity info managed by 1 person +[0day.today](http://0day.today/)|Easy to navigate databse of exploits +[Snyk Vulnerability DB](https://snyk.io/vuln/)|detailed info and remediation guidance for known vulns, also allows you to test your code ###Forums Name | Description -[Greysec](https://greysec.net) - hacking and security forum -[Hackforums](https://hackforums.net/) - posting webstite for hacks/exploits/various discussion -[0x00sec](https://0x00sec.org/) - hacker, malware, computer engineering, Reverse engineering -[Antichat](https://forum.antichat.ru/) - russian based forum -[EAST Exploit database](http://eastexploits.com/) - exploit DB for commercial exploits written for EAST Pentest Framework +[Greysec](https://greysec.net)|hacking and security forum +[Hackforums](https://hackforums.net/)|posting webstite for hacks/exploits/various discussion +[0x00sec](https://0x00sec.org/)|hacker, malware, computer engineering, Reverse engineering +[Antichat](https://forum.antichat.ru/)|russian based forum +[EAST Exploit database](http://eastexploits.com/)|exploit DB for commercial exploits written for EAST Pentest Framework ###Archived Security Conference Videos Name | Description ---- | ---- -[InfoCon.org](https://infocon.org/cons/) - hosts data from hundreds of cons -[Irongeek](http://www.irongeek.com/) - Website of Adrien Crenshaw, hosts a ton of info. +[InfoCon.org](https://infocon.org/cons/)|hosts data from hundreds of cons +[Irongeek](http://www.irongeek.com/)|Website of Adrien Crenshaw, hosts a ton of info. ###Online Communities Name | Description -[Hack+](http://t.me/hacking_group_channel) - link requires telegram to be used -[MPGH](http://mpgh.net) - community of MultiPlayerGameHacking -[Hacktoday](https://www.hacktoday.net/) - requires an account, covering all kinds of hacking topics +[Hack+](http://t.me/hacking_group_channel)|link requires telegram to be used +[MPGH](http://mpgh.net)|community of MultiPlayerGameHacking +[Hacktoday](https://www.hacktoday.net/)|requires an account, covering all kinds of hacking topics ###Online News Sources Name | Description -[Recent Hash Leaks](https://hashes.org/public.php) - great place to lookup hashes -[InfoSec](http://www.infosecurity-magazine.com/) - covers all the latest infosec topics -[Threatpost](https://threatpost.com/) - covers all the latest threats and breaches -[Security Intell](https://securityintelligence.com/news/) - covers all kinds of news, great intelligence resources -[The Hacker News](https://thehackernews.com/) - features a daily stream of hack news, also has an app +[Recent Hash Leaks](https://hashes.org/public.php)|great place to lookup hashes +[InfoSec](http://www.infosecurity-magazine.com/)|covers all the latest infosec topics +[Threatpost](https://threatpost.com/)|covers all the latest threats and breaches +[Security Intell](https://securityintelligence.com/news/)|covers all kinds of news, great intelligence resources +[The Hacker News](https://thehackernews.com/)|features a daily stream of hack news, also has an app