Awesome-Hacking-Resources/README.md
Kanin Peanviriyakulkit 3e8b370b01 Add Bugtraq-team OS
2017-10-25 18:09:19 +07:00

289 lines
16 KiB
Markdown

<h1 align="center">
<br>
<img width="200" src="https://cdn.rawgit.com/sindresorhus/awesome/master/media/logo.svg" alt="awesome">
<br>
</h1>
# Awesome Hacking Resources ![Awesome Hacking](https://img.shields.io/badge/awesome-hacking-red.svg) ![Awesome community](https://img.shields.io/badge/awesome-community-green.svg)
A collection of hacking / penetration testing resources to make you better!
**Let's make it the biggest resource repository for our community.**
**You are welcome to fork and [contribute](https://github.com/vitalysim/Awesome-Hacking-Resources/blob/master/contributing.md#contribution-guidelines).**
We started a new [tools](https://github.com/vitalysim/Awesome-Hacking-Resources/blob/master/tools.md) list, come and contribute
## Table of Contents
* [Learning the Skills](#learning-the-skills)
* [YouTube Channels](#youtube-channels)
* [Companies](#Companies)
* [Conferences](#Conferences)
* [NEWS](#NEWS)
* [Sharpening Your Skills](#sharpening-your-skills)
* [Reverse Engineering, Buffer Overflow and Exploit Development](#reverse-engineering-buffer-overflow-and-exploit-development)
* [Privilege Escalation](#privilege-escalation)
* [Network Scanning / Reconnaissance](#network-Scanning-/-Reconnaissance)
* [Malware Analysis](#malware-analysis)
* [Vulnerable Web Application](#vulnerable-web-application)
* [Vulnerable OS](#vulnerable-os)
* [Exploits](#exploits)
* [Forums](#forums)
* [Archived Security Conference Videos](#archived-security-conference-videos)
* [Online Communities](#online-communities)
* [Online News Sources](#online-news-sources)
* [Linux Penetration Testing OS](#linux-penetration-testing-os)
Learning the Skills
--
* [Learning Exploitation with Offensive Computer Security 2.0](http://howto.hackallthethings.com/2016/07/learning-exploitation-with-offensive.html)
* [Cybrary](https://www.cybrary.it/)
* [OffensiveComputerSecurity](https://www.cs.fsu.edu/~redwood/OffensiveComputerSecurity/lectures.html)
* [CS 642: Intro to Computer Security](http://pages.cs.wisc.edu/~ace/cs642-spring-2016.html)
* [Free cyber security training](https://www.samsclass.info/)
* [SecurityTube](http://www.securitytube.net/)
* [Seed Labs](http://www.cis.syr.edu/~wedu/seed/labs.html)
* [Hak5](https://www.hak5.org/)
* [OWASP top 10 web security risks](https://www.online.hack2secure.com/courses/owasp-top10-web-security-risk)
* [MIT OCW 6.858 Computer Systems Security](https://ocw.mit.edu/courses/electrical-engineering-and-computer-science/6-858-computer-systems-security-fall-2014/)
YouTube Channels
--
* [OWASP](https://www.youtube.com/user/OWASPGLOBAL)
* [Hak5](https://www.youtube.com/user/Hak5Darren)
* [BlackHat](https://www.youtube.com/channel/UCJ6q9Ie29ajGqKApbLqfBOg)
* [Christiaan008](https://www.youtube.com/channel/UCEPzS1rYsrkqzSLNp76nrcg)
* Companies <a id="Companies"></a>
* [0patch by ACROS Security](https://www.youtube.com/channel/UCwlGrzF4on-bjiBhD8lO3QA)
* [Detectify](https://www.youtube.com/channel/UCm6N84sAaQ-BiNdCaaLT4qg)
* [Kaspersky Lab](https://www.youtube.com/channel/UCGhEv7BFBWdo0k4UXTm2eZg)
* [Metasploit](https://www.youtube.com/channel/UCx4d2aRIfxfEUdS_5YIYKPg)
* [OpenNSM](https://www.youtube.com/user/OpenNSM/feed)
* [Rapid7](https://www.youtube.com/channel/UCnctXOUIeRFu1BR5O0W5e9w)
* [Securelist](https://www.youtube.com/user/Securelist/featured)
* [Segment Security](https://www.youtube.com/channel/UCMCI9TE3-PZ7CgKk7X6Qd_w/featured)
* [SocialEngineerOrg](https://www.youtube.com/channel/UCC1vbVVbYdNe-OZRldj-U6g)
* [Sonatype](https://www.youtube.com/user/sonatype/featured)
* [SophosLabs](https://www.youtube.com/user/SophosLabs/featured)
* [Sourcefire](https://www.youtube.com/user/SourcefireInc/featured)
* [Station X](https://www.youtube.com/channel/UC-vWmE-BHcUrYW5zwDijL1g)
* [Synack](https://www.youtube.com/channel/UCRH0mvESjZ7eKY1LJZDPIbw/featured)
* [TippingPoint Zero Day Initiative](https://www.youtube.com/channel/UChbH7B5YhXANmlMYJRHpw0g)
* [Tripwire, Inc.](https://www.youtube.com/user/TripwireInc/videos)
* [Vincent Yiu](https://www.youtube.com/channel/UCFVI3_M1zqFzEok2sTeEP8w/featured)
* [nVisium](https://www.youtube.com/channel/UCTE8R-Otq_kVTo08eLsfeyg)
* [ntop](https://www.youtube.com/channel/UCUYWuYlYKD5Yq5qBz0AIXJw/feed)
* Conferences <a id="Conferences"></a>
* [44contv](https://www.youtube.com/user/44contv)
* [BruCON Security Conference](https://www.youtube.com/channel/UCqwMU1l90lf9BLersW6eAHw)
* [BSides Manchester](https://www.youtube.com/channel/UC1mLiimOTqZFK98VwM8Ke4w)
* [BSidesAugusta](https://www.youtube.com/channel/UC85CvsnrVlD_44eEgzb2OfA)
* [CarolinaCon](https://www.youtube.com/channel/UCTY3Dpz68CyrjwRzqkE4sFw)
* [Cort Johnson](https://www.youtube.com/channel/UCV9r-yMeARWVCJEesim25Ag)
* [DevSecCon](https://www.youtube.com/channel/UCgxhfP2Hi8MQYz6ZkwpLA0A)
* [Garage4Hackers - Information Security](https://www.youtube.com/channel/UCDqagqREZlmJitWco-yPtvw/feed)
* [HACKADAY](https://www.youtube.com/channel/UCnv0gfLQFNGPJ5MHSGuIAkw)
* [Hack In The Box Security Conference](https://www.youtube.com/channel/UC0BJVNTIEbG8CLG-xVVWJnA)
* [Hack in Paris](https://www.youtube.com/channel/UC7xJU9_oqw-vS6OJExS-2iA)
* [Hacklu](https://www.youtube.com/channel/UCI6B0zYvK-7FdM0Vgh3v3Tg/feed)
* [Hacktivity](https://www.youtube.com/feed/channels)
* [Hardwear.io](https://www.youtube.com/channel/UChwYb9xc9tZXquQxu4G0l_g/featured)
* [IEEE Symposium on Security and Privacy](https://www.youtube.com/channel/UC6pXMS7qre9GZW7A7FVM90Q)
* [LASCON](https://www.youtube.com/channel/UCDHsOiMPS-SLppAOAJRD37Q)
* [Marcus Niemietz](https://www.youtube.com/channel/UCtThfJl65L04ukWp0XZi3yg/videos)
* [Media.ccc.de](https://www.youtube.com/channel/UC2TXq_t06Hjdr2g_KdKpHQg)
* [NorthSec](https://www.youtube.com/channel/UCqVhMzTdQK5VAosAGkMtpJw)
* [Pancake Nopcode](https://www.youtube.com/channel/UC3G6k7XfTgcWD2PJR8qJSkQ)
* [Psiinon](https://www.youtube.com/channel/UC-3qyzm4f29C12KGp3-12bQ)
* [SJSU Infosec](https://www.youtube.com/channel/UCDNzNvZlYK8jZLsUbdiGrsQ/videos)
* [Secappdev.org](https://www.youtube.com/channel/UCSii2fuiLLlGqaR6sR_y0rA)
* [Security Fest](https://www.youtube.com/channel/UCByLDp7r7gHGoO7yYMYFeWQ)
* [SecurityTubeCons](https://www.youtube.com/channel/UC2wNN-Zqiq4J1PLPnyMBWUg)
* [ToorCon](https://www.youtube.com/channel/UCnzjmL0xkTBYwFZD7agHGWw)
* [USENIX Enigma Conference](https://www.youtube.com/channel/UCIdV7bE97mSPTH1mOi_yUrw/feed)
* NEWS <a id="NEWS"></a>
* [Corey Nachreiner](https://www.youtube.com/channel/UC7dUL0FbVPGqzdb2HtWw3Xg)
* [Error 404 Cyber News](https://www.youtube.com/channel/UC4HcNHFKshqj-aeyi6imW7Q)
* [Latest Hacking News](https://www.youtube.com/user/thefieldhouse/feed)
* [Pentester Academy TV](https://www.youtube.com/channel/UChjC1q6Ami7W0E71TzPZELA)
* [SecureNinjaTV](https://www.youtube.com/channel/UCNxfV4yR0nIlhFmfwcdf3BQ)
* [Troy Hunt](https://www.youtube.com/channel/UCD6MWz4A61JaeGrvyoYl-rQ)
* [Samy Kamkar's Applied Hacking](https://www.youtube.com/user/s4myk)
* [danooct1](https://www.youtube.com/channel/UCqbkm47qBxDj-P3lI9voIAw)
* [DedSec](https://www.youtube.com/channel/UCx34ZZW2KgezfUPPeL6m8Dw)
* [DEFCON Conference](https://www.youtube.com/channel/UC6Om9kAkl32dWlDSNlDS9Iw)
* [DemmSec](https://www.youtube.com/channel/UCJItQmwUrcW4VdUqWaRUNIg)
* [Don Does 30](https://www.youtube.com/channel/UCarxjDjSYsIf50Jm73V1D7g)
* [Geeks Fort - KIF](https://www.youtube.com/channel/UC09NdTL2hkThGLSab8chJMw)
* [iExplo1t](https://www.youtube.com/channel/UCx0HClQ_cv0sLNOVhoO2nxg/videos)
* [HACKING TUTORIALS](https://www.youtube.com/channel/UCbsn2kQwNxcIzHwbdDjzehA)
* [LiveOverflow](https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w)
* [Metasploitation](https://www.youtube.com/channel/UC9Qa_gXarSmObPX3ooIQZrg)
* [NetSecNow](https://www.youtube.com/channel/UC6J_GnSAi7F2hY4RmnMcWJw)
* [Open SecurityTraining](https://www.youtube.com/channel/UCthV50MozQIfawL9a_g5rdg)
* [BalCCon - Balkan Computer Congress](https://www.youtube.com/channel/UCoHypmu8rxlB5Axh5JxFZsA)
* [Penetration Testing in Linux](https://www.youtube.com/channel/UC286ntgASMskhPIJQebJVvA)
* [rwbnetsec](https://www.youtube.com/channel/UCAJ8Clc3188ek9T_5XTVzZQ)
* [Security Weekly](https://www.youtube.com/channel/UCg--XBjJ50a9tUhTKXVPiqg)
* [Seytonic](https://www.youtube.com/channel/UCW6xlqxSY3gGur4PkGPEUeA)
* [Shozab Haxor](https://www.youtube.com/channel/UCBwub2kRoercWQJ2mw82h3A)
* [SSTec Tutorials](https://www.youtube.com/channel/UCHvUTfxL_9bNQgqzekPWHtg)
* [Waleed Jutt](https://www.youtube.com/channel/UCeN7cOELsyMHrzfMsJUgv3Q)
* [webpwnized](https://www.youtube.com/channel/UCPeJcqbi8v46Adk59plaaXg)
* [JackkTutorials](https://www.youtube.com/channel/UC64x_rKHxY113KMWmprLBPA)
* [Zer0Mem0ry](https://www.youtube.com/channel/UCDk155eaoariJF2Dn2j5WKA)
* [LionSec](https://www.youtube.com/channel/UCCQLBOt_hbGE-b9I696VRow)
* [Adrian Crenshaw](https://www.youtube.com/user/irongeek)
* [HackerSploit](https://www.youtube.com/channel/UC0ZTPkdxlAKf-V33tqXwi3Q)
Sharpening Your Skills
--
* [OWASP Security Shepherd](https://security-shepherd.ctf365.com/login.jsp)
* [CTFLearn](https://ctflearn.com/)
* [CTFs write-ups](https://github.com/ctfs)
* [CTF365](https://ctf365.com/)
* [Pentestit](https://lab.pentestit.ru/)
* [Hacksplaining](https://www.hacksplaining.com/)
* [The cryptopals crypto challenges](http://cryptopals.com/)
* [The enigma group](https://www.enigmagroup.org/)
* [Ringzer0 Team](https://ringzer0team.com/challenges)
* [Hack The Box](https://www.hackthebox.gr/en/login)
* [Over the wire](http://overthewire.org/wargames/)
* [Backdoor](https://backdoor.sdslabs.co)
* [Vulnhub](https://www.vulnhub.com/)
* [Hack.me](https://hack.me/)
* [Hack this site!](https://www.hackthissite.org/)
* [Exploit exercises](https://exploit-exercises.com/)
* [PentesterLab](https://pentesterlab.com/)
* [SmashTheStack](http://smashthestack.org/wargames.html)
* [Root-Me](https://www.root-me.org/)
* [PicoCTF](https://2017game.picoctf.com/)
* [Shellter Labs](https://shellterlabs.com/en/)
* [Pentest Practice](https://www.pentestpractice.com/)
* [Pentest.training](https://pentest.training)
* [pwnable.kr](http://pwnable.kr/)
* [pwnable.tw](http://pwnable.tw/)
* [hackburger.ee](http://hackburger.ee/)
* [http://noe.systems/](http://noe.systems/)
* [Hacker Gateway](https://www.hackergateway.com/)
* [Solve Me](http://solveme.safflower.kr/)
* [Challenge Land](http://challengeland.co/)
* [Participating Challenge Sites](http://www.wechall.net/active_sites/all/by/site_avg/DESC/page-1)
* [Hacker test](http://www.hackertest.net/)
* [Crackmes.de Archive (2011-2015)](https://tuts4you.com/download.php?view.3152)
* [ROP Emporium](https://ropemporium.com/)
Reverse Engineering, Buffer Overflow and Exploit Development
--
* [Shell storm](http://shell-storm.org/)
* [Buffer Overflow Exploitation Megaprimer for Linux](http://www.securitytube.net/groups?operation=view&groupId=4)
* [Reverse Engineering Malware 101](https://securedorg.github.io/RE101/)
* [Reverse Engineering Malware 102](https://securedorg.github.io/RE102/)
* [Modern Binary Exploitation - CSCI 4968](https://github.com/RPISEC/MBE)
* [Introductory Intel x86](http://www.opensecuritytraining.info/IntroX86.html)
* [Binary hacking](http://liveoverflow.com/binary_hacking/index.html)
* [Shellcode Injection](https://dhavalkapil.com/blogs/Shellcode-Injection/)
* [Reverse Engineering for Beginners](https://beginners.re/RE4B-EN.pdf)
* [Exploit tutorials](http://www.primalsecurity.net/tutorials/exploit-tutorials/)
* [Exploit development](https://0x00sec.org/c/exploit-development)
* [Corelan tutorials](https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/)
* [Reverse engineering reading list](https://github.com/onethawt/reverseengineering-reading-list/blob/master/README.md)
* [Reverse Engineering challenges](https://challenges.re/)
* [Reverse Engineering for beginners (GitHub project)](https://github.com/dennis714/RE-for-beginners)
* [reversing.kr challenges](http://www.reversing.kr/challenge.php)
* [Analysis and exploitation (unprivileged)](https://www.it-sec-catalog.info/analysis_and_exploitation_unprivileged.html)
* [A Course on Intermediate Level Linux Exploitation](https://github.com/nnamon/linux-exploitation-course)
* [Lena's Reversing for Newbies (Complete)](https://tuts4you.com/download.php?view.2876)
* [Megabeets journey into Radare2](https://www.megabeets.net/a-journey-into-radare-2-part-1/)
Privilege Escalation
--
* [Reach the root](https://hackmag.com/security/reach-the-root/)
* [Basic linux privilege escalation](https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/)
* [Windows Privilege Escalation](http://www.bhafsec.com/wiki/index.php/Windows_Privilege_Escalation)
* [Privilege escalation for Windows and Linux](https://github.com/AusJock/Privilege-Escalation)
* [Windows Privilege Escalation Fundamentals](http://www.fuzzysecurity.com/tutorials/16.html)
* [RootHelper](https://github.com/NullArray/RootHelper)
* [Windows exploits, mostly precompiled.](https://github.com/abatchy17/WindowsExploits)
* [Unix privesc checker](http://pentestmonkey.net/tools/audit/unix-privesc-check)
* [Privilege escalation linux with live example](http://resources.infosecinstitute.com/privilege-escalation-linux-live-examples/)
* [Windows privilege escalation checker](https://github.com/netbiosX/Checklists/blob/master/Windows-Privilege-Escalation.md)
* [Linux Privilege Escalation Scripts](http://netsec.ws/?p=309#more-309)
* [AutoLocalPrivilegeEscalation](https://github.com/ngalongc/AutoLocalPrivilegeEscalation)
* [Linux Privilege Escalation Check Script](https://github.com/sleventyeleven/linuxprivchecker)
* [Local Linux Enumeration & Privilege Escalation Cheatsheet](https://www.rebootuser.com/?p=1623)
* [4 Ways get linux privilege escalation](http://www.hackingarticles.in/4-ways-get-linux-privilege-escalation/)
Malware Analysis
--
* [Malware traffic analysis](http://www.malware-traffic-analysis.net/)
* [Malware Analysis - CSCI 4976](https://github.com/RPISEC/Malware/blob/master/README.md)
Network Scanning / Reconnaissance
--
* [Foot Printing with WhoIS/DNS records](https://www.sans.org/reading-room/whitepapers/hackers/fundamentals-computer-hacking-956)
* [Google Dorks/Google Hacking](https://d4msec.wordpress.com/2015/09/03/google-dorks-for-finding-emails-admin-users-etc/)
Vulnerable Web Application
--
* [OWASP Hackademic Challenges project](https://github.com/Hackademic/hackademic/)
* [bWAPP](http://www.itsecgames.com/)
* [Damn Vulnerable Web Application (DVWA)](http://www.dvwa.co.uk/)
* [Xtreme Vulnerable Web Application (XVWA)](https://github.com/s4n7h0/xvwa)
* [WebGoat: A deliberately insecure Web Application](https://github.com/WebGoat/WebGoat)
* [OWASP Mutillidae II](https://sourceforge.net/projects/mutillidae/files/)
* [OWASP Broken Web Applications Project](https://github.com/chuckfw/owaspbwa/)
* [Damn Small Vulnerable Web](https://github.com/stamparm/DSVW)
* [OWASP Juice Shop](https://github.com/bkimminich/juice-shop)
* [Google Gruyere](https://google-gruyere.appspot.com/)
Vulnerable OS
--
* [Metasploitable2 (Linux)](https://sourceforge.net/projects/metasploitable/files/Metasploitable2/)
* [Metasploitable3](https://github.com/rapid7/metasploitable3) \[[Installation](https://github.com/rapid7/metasploitable3/blob/master/README.md)\]
* [Vulnhub](https://www.vulnhub.com/)
* [General Test Environment Guidance](https://community.rapid7.com/docs/DOC-2196)
Linux Penetration Testing OS
--
* [BackBox](https://backbox.org/index)
* [BlackArch](https://blackarch.org/index.html)
* [Kali](http://kali.org/)
* [LionSec Linux](https://lionsec-linux.org/)
* [Parrot ](https://www.parrotsec.org/)
* [Bugtraq](http://bugtraq-team.com/)
Exploits
--
* [Exploit Database](https://www.exploit-db.com/)
* [CXsecurity](https://cxsecurity.com/exploit/)
* [0day.today](http://0day.today/)
* [Snyk Vulnerability DB](https://snyk.io/vuln/)
Forums
--
* [Greysec](https://greysec.net)
* [Hackforums](https://hackforums.net/)
* [0x00sec](https://0x00sec.org/)
* [Antichat](https://forum.antichat.ru/)
Archived Security Conference Videos
--
* [InfoCon.org](https://infocon.org/cons/)
* [Irongeek](http://www.irongeek.com/)
Online Communities
--
* [Hack+](http://t.me/hacking_group_channel)
* [MPGH](http://mpgh.net)
Online News Sources
--
* [Recent Hash Leaks](https://hashes.org/public.php)
* [InfoSec](http://www.infosecurity-magazine.com/)
* [Threatpost](https://threatpost.com/)
* [Security Intell](https://securityintelligence.com/news/git-vulnerabilities-found-in-version-control-systems/)
* [The Hacker News](https://thehackernews.com/)