Skip to content

Latest commit

 

History

History
745 lines (671 loc) · 76.7 KB

README.md

File metadata and controls

745 lines (671 loc) · 76.7 KB

Welcome to Hack-Academia, your ultimate resource hub for all things hacking, pentesting, and security research.

Awesome Badge Pull Requests MIT License Platforms

📔  Overview

This repository houses a curated collection of materials and tools I utilize daily in my work. It compiles a wealth of valuable information into a single resource, serving as an essential reference that I frequently revisit.

🚻  Audience

This repository is for everyone. While it caters specifically to System and Network Administrators, DevOps professionals, Pentesters, and Security Researchers, anyone can find something of interest here.

ℹ️  Contributing

If you come across something that seems unclear or incorrect, please submit a pull request with valid and well-reasoned explanations for your changes or comments.

Here are a few guiding principles for this project:

  • Welcoming and easy to understand
  • Engaging and not tedious
  • Practical and helpful

Additionally, consider the following rules:

  • Easy to contribute to (using Markdown + HTML ...)
  • Easy to navigate (simple Table of Contents, consider extending it if necessary)

URLs marked with * are temporarily unavailable. Please do not delete them without confirming their permanent expiration.

Before submitting a pull request, please review the contributing guidelines. Keep in mind:

+ This repository is focused on quality over quantity.

All suggestions and pull requests are welcome!

Table of Contents

✨ Features

  • Beginner's Guides: Step-by-step tutorials for newcomers to start their journey into hacking and cybersecurity.
  • Pentesting Resources: Tools, methodologies, and real-world examples for penetration testers.
  • Security Research: Latest trends, research papers, and insights from the cybersecurity field.
  • Code Snippets: Useful scripts and snippets for various hacking tasks.
  • Toolkits: Collections of essential tools and software for ethical hacking.
  • Community Contributions: Insights and contributions from experienced hackers and security researchers.

📜 Legal Note

All activities and discussions in this repository are conducted with the highest ethical standards and within legal boundaries.

🚀 Get Started

Explore our curated resources, enhance your skills, and join a community of passionate cybersecurity enthusiasts. Happy hacking!

🔒 Cybersecurity Education & Practical Labs

Name Description
Academy Virtual Cyber Labs Virtual labs offering interactive cybersecurity exercises and simulations for hands-on learning.
arcX Platform providing practical cybersecurity challenges and labs to develop skills in offensive and defensive techniques.
Attack Defense Provides over 1000 labs for practicing offensive and defensive cybersecurity skills.
Backdoor Pen testing labs featuring a space for beginners, a practice arena, and various competitions.
CS 642: Intro to Computer Security Comprehensive academic content, spanning a full semester. Includes assigned readings, homework, and GitHub references for exploit examples.
CyberSec WTF Web hacking challenges derived from bounty write-ups.
Cybrary Coursera-style website with a plethora of user-contributed content. Requires an account. Content can be filtered by experience level.
Ctftime The go-to website for all things related to CTFs.
The cryptopals crypto challenges A series of CTF challenges focused on cryptography.
Challenge Land A CTF site with a unique twist where solving a challenge is required to gain access.
Crackmes.de Archive (2011-2015) A repository focusing on reverse engineering challenges.
Crackmes.one Provides crackmes to enhance reverse engineering skills.
CTFLearn An account-based CTF site offering challenges across various categories.
CTFs write-ups A collection of write-ups from various CTFs, categorized by event.
CTF365 An account-based CTF platform recognized by institutions like Kaspersky, MIT, and T-Mobile.
Dvwa Damn Vulnerable Web Application is another intentionally insecure web application for practicing hacking skills.
Defend the Web An interactive security platform where you can learn and challenge your skills.
Exploit exercises Hosts five vulnerable virtual machines for practical exploitation practice.
Free Cyber Security Training Academic content, featuring 8 full courses with videos by a quirky instructor named Sam. Links to research, DEFCON materials, and other recommended training/learning resources.
Google CTF Provides source code from Google's CTF contests.
Google CTF 2019 Google's 2019 CTF edition.
Google's XSS game Offers XSS challenges with potential rewards.
Hak5 Podcast-style videos covering a variety of topics. Includes a forum and the "Metasploit Minute" video series.
Hopper's Roppers Security Training Four free self-paced courses on Computing Fundamentals, Security, Capture the Flags, and a Practical Skills Bootcamp to help beginners build a strong foundational knowledge base.
Hackthissite A site offering challenges, CTFs, and more to improve your hacking abilities.
HackTheBox An online platform to test and advance your penetration testing and cybersecurity skills.
Hacker test A beginner-friendly site for testing hacking skills.
Hacker Gateway Hosts CTFS covering steganography, cryptography, and web challenges.
Hacksplaining An interactive security education platform suitable for beginners.
Hacking Articles Offers CTF write-ups with screenshots for beginners.
Hacker101 CTF A CTF hosted by HackerOne, always online.
Hacking Lab A European platform hosting riddles, challenges, and competitions.
hackburger.ee Hosts web hacking challenges with an account requirement.
Hack.me Allows users to build, host, and attack vulnerable web apps.
Hack this site! A site where users progress through hacking challenges.
Itsecgames bWAPP or buggy web app is a deliberately insecure web application for practicing your skills.
knock.xss.moe Offers XSS challenges requiring an account.
Learning Exploitation with Offensive Computer Security 2.0 Blog-style instruction including slides, videos, homework, and discussion. No login required.
Lin.security Focuses on Linux privilege escalation practice.
knock.xss.moe Offers XSS challenges requiring an account.
Mind Maps Information Security-related mind maps.
MIT OCW 6.858 Computer Systems Security Academic content, well-organized full-semester course. Includes assigned readings, lectures, videos, and required lab files.
noe.systems A Korean challenge site requiring an account.
Offensive Computer Security Full-semester academic course including 27 lecture videos with slides and assigned readings.
OWASP Top 10 Web Security Risks Free courseware focusing on the top web security vulnerabilities and mitigation techniques.
Overthewire Learn and practice security concepts through engaging games.
PicoCTF Offers fun CTF challenges of varying difficulty levels for practice.
PortSwigger Interactive labs covering a broad spectrum of web security topics designed for practical learning.
Penetration Testing Practice Lab / Vulnerable Apps/Systems Compilation of resources and labs to practice penetration testing skills on vulnerable applications and systems.
Participating Challenge Sites A universal ranking for CTF participants.
PentesterLab Hosts exercises and bootcamps focused on specific activities.
Pentestit An account-based CTF site requiring users to install OpenVPN.
Pentest Practice Offers account-based Pentest practice.
Pentest.training Provides various labs and VMs for hacking practice.
PicoCTF Hosts a yearly CTF event by Carnegie Mellon.
pwnable.kr A serious CTF site focusing on exploitation challenges.
pwnable.tw Hosts challenges with write-ups.
Root-me Platform hosting a variety of challenges to test and develop hacking skills across different domains.
Ringzer0 Team An account-based CTF site hosting over 272 challenges.
ROP Emporium Focuses on Return Oriented Programming challenges.
Seed Labs Structured labs with videos, tasks, and necessary resources for hands-on learning of cybersecurity concepts.
SmashTheStack Hosts various challenges requiring SSH access.
Shellter Labs Provides account-based infosec labs.
SecurityTube Video tutorials and "Megaprimer" series covering diverse cybersecurity topics and tools in a visual format.
Solve Me A challenge-based platform requiring an account.
The enigma group Offers web application security training with video tutorials.
TryHackMe Online platform offering interactive labs and challenges, including prebuilt virtual machines for practical cybersecurity training.
Upload-Labs Repository providing labs focusing on various types of file upload vulnerabilities for practical cybersecurity training.
Vulnhub Provides a collection of virtual machines with varying levels of difficulty for practicing penetration testing skills.
VulHub Repository of vulnerable environments and labs for practicing penetration testing and cybersecurity techniques.
Vulapps Vulnerable web applications designed for practicing penetration testing and cybersecurity skills.
websec.fr Focuses on web security challenges with optional registration.
webhacking.kr Offers web security challenges for beginners.
Windows / Linux Local Privilege Escalation Workshop Focuses on Linux and Windows privilege escalation practice.
0day.today A user-friendly exploit database that is simple to navigate.
CXsecurity Independent cybersecurity information site, operated by a single person.
Snyk Vulnerability DB Offers detailed information and remediation advice for known vulnerabilities, along with code testing capabilities.

📘 Valuable Repositories

Repository Description
Android Security Curated resources for understanding Android security.
AppSec Resources to learn about securing applications.
Asset Discovery Tools and resources for asset discovery in security assessments.
Bug Bounty List of bug bounty programs and write-ups.
Capsulecorp Pentest Vagrant+Ansible lab for network penetration testing.
Cellular Hacking Research in 3G/4G/5G cellular security.
CTF Frameworks, libraries, and resources for Capture The Flag competitions.
Cyber Skills Environments to legally train and enhance cyber skills.
DevSecOps Tools for integrating security into DevOps practices.
Embedded and IoT Security Resources for securing embedded systems and IoT devices.
Exploit Development Learning resources for developing exploits.
Fuzzing Techniques and tools for fuzzing and exploit development.
Hacking Tutorials, tools, and resources for hacking.
Hacking Resources Collection of resources for penetration testing.
Honeypots Tools and resources for deploying honeypots.
Incident Response Tools for handling incident response.
Industrial Control System Security Security resources for industrial control systems (ICS).
InfoSec Courses and training resources for information security.
IoT Hacks Exploits and hacks in the IoT space.
Mainframe Hacking Resources for mainframe hacking and pentesting.
Malware Analysis Tools and resources for analyzing malware.
OSINT Tools and resources for Open Source Intelligence (OSINT).
OSX and iOS Security Security tools and resources for macOS and iOS.
Pcaptools Tools for processing network traces in Computer Science.
Pentest Resources and tools for penetration testing.
PHP Security Libraries and tools for PHP security.
Real-time Communications hacking & pentesting resources Security resources for VoIP, WebRTC, and VoLTE.
Red Teaming Resources for Red Team operations and resources.
Reversing Tools and resources for reverse engineering.
Reinforcement Learning for Cyber Security Machine learning resources applied to cyber security.
Sec Talks Collection of awesome security talks.
SecLists Collection of lists for security assessments.
Security Software, libraries, and resources for security.
Serverless Security Resources for securing serverless architectures.
Social Engineering Resources and techniques for social engineering.
Static Analysis Tools for static analysis and code quality checking.
The Art of Hacking Series Thousands of references and resources for cybersecurity.
Threat Intelligence Resources for threat intelligence gathering.
Vehicle Security Resources for learning about vehicle security and car hacking.
Vulnerability Research Resources and tools for vulnerability research.
Web Hacking Resources for web application security.
Web3 Security Materials and resources for Web3 security.
Windows Exploitation - Advanced Advanced references for Windows exploitation.
WiFi Arsenal Tools for hacking 802.11 networks.
YARA Rules, tools, and resources for YARA.

🛠️ Helpful Repositories

Repository Description
Adversarial Machine Learning Resources for understanding adversarial machine learning.
AI Security Resources for securing AI applications.
API Security Checklist Checklist for securing APIs during development and testing.
APT Notes Public documents about APT campaigns.
Bug Bounty Reference Write-ups categorized by bug type from bug bounty programs.
Cryptography Tools and resources for cryptography.
CTF Tool Frameworks and tools for Capture The Flag competitions.
CVE PoC Proof of Concepts (PoCs) for CVEs.
CVE PoC updated daily Daily updated Proof of Concepts (PoCs) for CVEs.
Detection Lab Scripts to build a lab environment with security tooling.
Forensics Tools and resources for digital forensics.
Free Programming Books Collection of free programming books.
Gray Hacker Resources Resources for CTFs, wargames, and pentesting.
GTFOBins List of Unix binaries exploitable for bypassing local security.
Hacker101 Free web security class by HackerOne.
Infosec Getting Started Resources and documentation to start learning Infosec.
Infosec Reference Comprehensive reference for Information Security.
IOC Sources for indicators of compromise (IOCs).
Linux Kernel Exploitation Links related to Linux kernel fuzzing and exploitation.
Lockpicking Resources for lock, safe, and key security.
Machine Learning for Cyber Security Machine learning tools for cyber security.
Payloads Collection of web attack payloads.
PayloadsAllTheThings Payloads and bypass techniques for Web Application Security.
Pentest Cheatsheets Cheatsheets useful for penetration testing.
Pentest Wiki A free online security knowledge library for pentesters / researchers
Probable Wordlists Wordlists sorted by probability for password generation and testing.
Resource List Collection of useful GitHub projects categorized.
Reverse Engineering Articles, books, and papers on reverse engineering.
RFSec-ToolKit Hacktools for Radio Frequency Communication Protocols.
Security Cheatsheets Cheatsheets for various infosec tools and topics.
Security List Comprehensive security list for learning and practical use.
Shell Frameworks and tools for shell scripting and management.
ThreatHunter-Playbook Playbook for developing techniques and hypotheses for threat hunting.
Web Security Materials and resources for understanding and practicing web security.

🔍 Reverse Engineering, Buffer Overflow, and Exploit Development

Name Description
A Course on Intermediate Level Linux Exploitation 🌟 An advanced course for those with some experience in Linux exploitation.
Analysis and Exploitation (Unprivileged) 📚 A vast collection of reverse engineering information, organized by type.
Binary Hacking 🎥 35 straightforward videos on binary hacking and other useful info.
Buffer Overflow Exploitation Megaprimer for Linux 📺 A series of videos on Linux reverse engineering.
Corelan Tutorials 📝 Detailed tutorials on memory exploitation and reverse engineering.
Exploit Tutorials 🎓 A set of nine exploit tutorials, including a podcast.
Exploit Development 🗣️ Links to exploit development posts on a forum, varying in quality and style.
flAWS Challenge ☁️ Learn about common mistakes and security pitfalls in Amazon Web Services (AWS) through a series of levels.
Introduction to ARM Assembly Basics 📘 Comprehensive tutorials on ARM assembly by an infosec professional.
Introductory Intel x86 💻 Extensive course materials on Intel x86, with no account required.
Lena's Reversing for Newbies (Complete) 📖 A complete resource by Lena aimed at beginners in reverse engineering.
Linux (x86) Exploit Development Series 🖥️ Blog posts with three different levels of Linux exploit development tutorials.
Megabeets Journey into Radare2 🔍 Tutorials on using Radare2 for reverse engineering.
Modern Binary Exploitation - CSCI 4968 🎓 Reverse engineering challenges and downloadable VMs from RPISEC.
Recon.cx - Reversing Conference 🎤 Conference site with recordings and slides of all talks on reverse engineering.
Reverse Engineering for Beginners 📚 A comprehensive textbook on reverse engineering, open-source and free.
Reverse Engineering Reading List 📖 A collection of reverse engineering tools and books on GitHub.
Reverse Engineering Challenges 🧩 Challenges created by the author of "Reverse Engineering for Beginners".
Reverse Engineering for Beginners (GitHub Project) 💻 GitHub repository for the "Reverse Engineering for Beginners" textbook.
Reverse Engineering Malware 101 🦄 An introductory course on malware reverse engineering with materials and VMs.
Reverse Engineering Malware 102 🦄 The follow-up course to "Reverse Engineering Malware 101".
Reversing.kr Challenges 🧠 Reverse engineering challenges of varying difficulty.
Shell Storm 🌐 A blog-style collection of reverse engineering information.
Shellcode Injection 💡 A blog post by a graduate student on shellcode injection.
Micro Corruption — Assembly 🛠️ A CTF designed to learn Assembly by solving practical challenges.

🛡️ Malware Analysis

Name Description
Analyze Malware Using Volatility A framework for analyzing volatile memory for malware artifacts and indicators
Bad Binaries Walkthroughs of malware traffic analysis exercises and occasional malware analysis
Honeynet Project A project providing data and tools for analyzing malware captured by honeypots
Malware Traffic Analysis Exercises and resources for analyzing malware traffic
Malware Unicorn - Workshops Workshops on malware analysis and reverse engineering, including resources and VMs
Malware Analysis For Hedgehogs A learning path and resources for beginners and advanced users in malware analysis
Malware Analysis Tutorials Step-by-step tutorials on malware analysis by MalwareTech
Malware Analysis - CSCI 4976 Quality content from an RPISEC class on malware analysis
Practical Malware Analysis & Triage A practical guide to malware analysis and triage with hands-on labs and examples
REMnux A Linux toolkit for reverse-engineering and analyzing malware
Zero2Automated A comprehensive course on automated malware analysis and sandboxing

🚀 Elevating Privileges

Name Description
4 Ways to Get Linux Privilege Escalation Shows different methods to gain higher access in Linux systems.
A Guide to Linux Privilege Escalation Basics of escalating privileges on Linux systems.
Abusing SUDO (Linux Privilege Escalation) Techniques to exploit SUDO in Linux for privilege escalation.
AutoLocalPrivilegeEscalation Automated scripts that download and compile exploits from Exploit-DB.
Basic Linux Privilege Escalation Basic techniques for escalating privileges in Linux, also includes Windows tips.
Common Windows Privilege Escalation Vectors Common methods to escalate privileges in Windows.
Editing /etc/passwd File for Privilege Escalation How to manipulate the /etc/passwd file to gain higher access in Linux.
GTFOBins A curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems.
Linux Privilege Escalation Video on techniques for privilege escalation in Linux.
Linux Privilege Escalation Check Script A simple script to check for privilege escalation vulnerabilities in Linux.
Linux Privilege Escalation Scripts A list of scripts for checking privilege escalation vulnerabilities in Linux.
Linux Privilege Escalation Using PATH Variable How to exploit misconfigured PATH variables for privilege escalation in Linux.
Linux Privilege Escalation using Misconfigured NFS How to exploit misconfigured NFS for privilege escalation in Linux.
Linux Privilege Escalation via Dynamically Linked Shared Object Library Exploiting RPATH and weak file permissions for privilege escalation in Linux.
Local Linux Enumeration & Privilege Escalation Cheatsheet A cheatsheet of resources and scripts for privilege escalation in Linux.
Linux Exploit Suggester A tool to identify possible exploits for a given Linux system.
LinEnum A script for enumerating Linux systems for privilege escalation vulnerabilities.
Linux Smart Enumeration A script for detailed enumeration of Linux systems, highlighting privilege escalation vectors.
OSCP - Windows Privilege Escalation Common methods for escalating privileges in Windows for OSCP.
Privilege Escalation for Windows and Linux Various exploits for privilege escalation in Windows and Linux.
Privilege Escalation in Linux with Live Example Examples of common privilege escalation methods in Linux.
Reach the Root A detailed process for privilege escalation in Linux.
RootHelper A tool that runs various scripts to check for privilege escalation vulnerabilities.
Unix Privilege Escalation Checker A script to check for privilege escalation vulnerabilities in Unix systems.
Windows Exploits, Mostly Precompiled Precompiled Windows exploits, useful for reverse engineering.
Windows Privilege Escalation A collection of resources and techniques for escalating privileges in Windows.
Windows Privilege Escalation Notes and techniques for privilege escalation in Windows.
Windows Privilege Escalation Checker A list of topics linking to relevant resources on Windows privilege escalation.
Windows Privilege Escalation Fundamentals Tutorials and guides on privilege escalation in Windows, created by an OSCP.
Windows Privilege Escalation Guide A comprehensive guide on Windows privilege escalation.
Windows Privilege Escalation Methods for Pentesters A detailed blog post on various methods for privilege escalation in Windows.
Windows Privilege Escalation Awesome Scripts A collection of PowerShell scripts to assist with privilege escalation in Windows.
Windows Exploit Suggester A tool to identify possible exploits for a given Windows system.
Watson A tool to enumerate missing KBs and suggest exploits for privilege escalation in Windows.

🕸️ Vulnerable Web Applications

Name Description
AltoroMutual A simulated banking website to practice finding and exploiting security vulnerabilities
BadStore A vulnerable web application designed for security training
bWAPP A common buggy web app for hacking, great for beginners with lots of documentation
Cyber Range A collection of various vulnerable applications for practicing different types of attacks
Damn Small Vulnerable Web (DSVW) A web app written in less than 100 lines of code, full of vulnerabilities, ideal for teaching
Damn Vulnerable Web Application (DVWA) A PHP/MySQL web app for testing skills and tools
Defend the Web A series of web security challenges to test and improve your skills
Google Gruyere Host of challenges on this cheesy web app
Hacme Bank A deliberately vulnerable web application to practice security skills
Hackazon A vulnerable web application modeled after an e-commerce site
HackMe Banking A web application designed to demonstrate common web vulnerabilities in an online banking context
Juice Shop An intentionally insecure web application for security training
Metasploitable 2 A vulnerable virtual machine used for testing Metasploit and other tools
NodeGoat An OWASP project for learning Node.js security by trying to exploit vulnerabilities
OWASP Broken Web Applications Project Collection of broken web apps for learning
OWASP Hackademic Challenges project Web hacking challenges for practice
OWASP Mutillidae II Another OWASP vulnerable app with lots of documentation
OWASP Juice Shop Covers the OWASP top 10 vulnerabilities
PentesterLab Provides vulnerable systems to practice penetration testing techniques
SecApps Playground A playground to learn and practice web application security concepts
Security Shepherd An OWASP project designed to foster and improve security awareness
SQLol A vulnerable web app for learning SQL injection attacks
VulnHub Hosts vulnerable web applications for practicing penetration testing and security assessments
WebGoat A deliberately insecure web app maintained by OWASP for teaching web app security
WebForPentester A vulnerable web application designed for testing and learning pentesting techniques
WackoPicko A vulnerable web application to test security tools and demonstrate common web vulnerabilities
XSS Game A game developed by Google to teach cross-site scripting (XSS) vulnerabilities

🐧 Linux Penetration Testing OS

Name Description
Android Tamer Virtual/live platform specialized for Android security professionals
BackBox Community-driven Linux distribution geared towards securing IT environments
BlackArch Arch Linux-based penetration testing distribution, designed for compatibility with Arch installations
Bugtraq Advanced GNU/Linux distribution for penetration testing and security auditing
Docker for Pentest Docker image preloaded with essential tools for creating a pentesting environment quickly
Kali Linux Industry-leading Linux distribution for penetration testing and ethical hacking, developed by Offensive Security
LionSec Linux Ubuntu-based operating system tailored for penetration testing and security assessments
Parrot Security OS Debian-based OS featuring a complete portable lab for security testing, digital forensics, and development
Pentoo Gentoo-based Linux distribution focused on penetration testing and security auditing

📺 YouTube Channels

Name Description
IppSec Channel - Hack The Box Writeups Detailed Hack The Box walkthroughs and writeups.
LiveOverflow - Explore weird machines... Exploring weird machines and hacking concepts.
GynvaelEN - Podcasts about CTFs, computer security, programming and similar things. Podcasts on CTFs, computer security, and programming.
John Hammond - Wargames and CTF writeups CTF writeups and wargame walkthroughs.
Murmus CTF - Weekly live streamings Weekly live streams focusing on CTFs.
PwnFunction Videos on exploitation and security concepts.
OJ Reeves Tutorials and insights on cybersecurity topics.
Hacksplained - A Beginner Friendly Guide to Hacking Beginner-friendly hacking guides and tutorials.
STÖK Bug bounty hunting and cybersecurity content.
Hackersploit Penetration testing tutorials and cybersecurity content.
The Cyber Mentor Cybersecurity tutorials and ethical hacking courses.
Nahamsec Bug bounty tips, tricks, and live hacking streams.
Hackerone Bug bounty programs and cybersecurity insights.
The Hated one Privacy, cybersecurity, and hacking-related content.
stacksmashing / Ghidra Ninja Hardware hacking and reverse engineering.
Hak5 DIY hacking and cybersecurity tutorials.
0patch by ACROS Security A few short, specific videos focused on the 0patch platform.
BlackHat Features talks from BlackHat conferences around the world.
Christiaan008 A variety of videos on various security topics, though somewhat disorganized.

🎤 Conferences

Name Description
Hunting for Top Bounties - Nicolas Grégoire Tips for hunting top bounties.
BSidesSF 101 The Tales of a Bug Bounty Hunter - Arne Swinnen Experiences of a bug bounty hunter.
Security Fest 2016 The Secret life of a Bug Bounty Hunter - Frans Rosén Inside look at the life of a bug bounty hunter.
The Conscience of a Hacker Reflective talk on the mindset of a hacker.
44contv Information security conference based in London, lengthy instructional videos.
MIT OCW 6.858 Computer Systems Security Lengthy instructional videos on computer systems security.
BruCON Security Conference Security and hacker conference in Belgium with lengthy instructional videos.
BSides Manchester Security and hacker conference in Manchester with lengthy videos.
BSidesAugusta Security conference in Augusta, Georgia with lengthy instructional videos.
CarolinaCon Security conference in North Carolina, associated with various 2600 chapters, with lengthy instructional content.
Cort Johnson Talks from Hack Secure Opensec 2017.
DevSecCon Lengthy videos covering DevSecOps and making software more secure.
Garage4Hackers - Information Security A handful of lengthy videos, About section lacks description.
HACKADAY Lots of random tech content, not strictly infosec, some instructional.
Hack In The Box Security Conference Lengthy con-style instructional talks from an international security conference.
Hack in Paris Security conference in Paris featuring lots of instructional talks with difficult-to-see slides.
Hacklu Lengthy con-style instructional videos.
Hacktivity Lengthy con-style instructional videos from a conference in central/eastern Europe.
Hardwear.io Handful of lengthy con-style videos with an emphasis on hardware hacks.
IEEE Symposium on Security and Privacy Content from the symposium, a professional association based in the US, also publishes various journals.
LASCON Lengthy con-style talks from an OWASP conference held in Austin, TX.
leHACK The oldest (2003) leading security conference in Paris, France.
Marcus Niemietz Instructional content associated with HACKPRA, an offensive security course from a German institute.
Media.ccc.de The official channel of the Chaos Computer Club with tons of lengthy con-style videos.
NorthSec Lengthy con-style talks from an applied security conference in Canada.
Pancake Nopcode Channel of Radare2 whiz Sergi "pancake" Alvarez, featuring reverse engineering content.
Psiinon Medium-length instructional videos for the OWASP Zed Attack Proxy.
SJSU Infosec Lengthy instructional videos from San Jose State University's infosec program.
Secappdev.org Lengthy instructional lectures on secure application development.
Security Fest Medium-length con-style talks from a security festival in Sweden.
SecurityTubeCons An assortment of con-style talks from various conferences including BlackHat and Shmoocon.
ToorCon Medium-length con videos from a conference based in San Diego, CA.
USENIX Enigma Conference Medium-length "round table discussions with leading experts," content starts in 2016.
ZeroNights Con-style talks from the international ZeroNights conference.
Defcon Conference Talks and presentations from the DEFCON conference.
x33fcon Conference Security conference talks and presentations.
Hack In Paris Talks from the Hack In Paris conference.
LeHack / HZV Presentations from the LeHack conference.
InfoCon.org InfoCon.org is a comprehensive repository hosting data from hundreds of cybersecurity and hacker conferences worldwide. It serves as a valuable resource for accessing conference materials, including talks, presentations, and schedules.
Irongeek Irongeek.com, managed by Adrien Crenshaw, is a rich repository of cybersecurity and hacking resources. It offers a wealth of information, including tutorials, videos, and articles on various topics related to cybersecurity, hacking, and technology.
infocondb.org InfoConDB.org is dedicated to cataloging and cross-referencing information from hacker conferences globally. It provides a centralized platform for exploring details about past and upcoming conferences, including speakers, topics, and event histories.

🏢 Companies

Name Description
Detectify Short videos aimed at showing how to use the Detectify scanner.
Kaspersky Lab Promotional content with some hidden cybersecurity gems.
Metasploit Medium-length instructional Metasploit demos (~25 minutes each).
ntop Network monitoring and packet analysis instructional videos.
nVisium Promos and a handful of instructional series on Rails vulnerabilities and web hacking.
OpenNSM Network analysis with many TCPDUMP videos.
OWASP See OWASP above.
Rapid7 Brief promotional and instructional videos (~5 minutes).
Securelist Brief videos and interviews discussing various cybersecurity topics.
Segment Security Promo videos, non-instructional.
SocialEngineerOrg Podcast-style instructional content, lengthy (~1 hour each).
Sonatype DevOps-related content, varied lengths, somewhat disorganized.
SophosLabs Brief, news-style content with segments like "7 Deadly IT Sins."
Sourcefire Brief videos covering topics like botnets and DDoS (~5 minutes each).
Station X Brief videos, disorganized, with unscheduled updates.
Synack Random, news-style videos, disorganized and non-instructional.
TippingPoint Zero Day Initiative Very brief and somewhat instructional videos (~30 seconds).
Tripwire, Inc. Tripwire demos and random news-style videos, non-instructional.
Vincent Yiu Instructional videos from a single hacker.

📰 Cybersecurity News

Name Description
0x41414141 Channel with a couple of challenges, well explained.
Adrian Crenshaw Lots of lengthy con-style talks.
Adrian Crenshaw lots of lengthy con-style talks
Corey Nachreiner Security news bites, 2-3 videos a week, no set schedule.
BalCCon - Balkan Computer Congress Long con-style talks from the Balkan Computer Congress, doesn't update regularly.
danooct1 Brief screenshot how-to videos regarding malware, regular content updates.
DedSec Brief screenshot how-to videos based in Kali, no recent posts.
DEFCON Conference Lengthy con-style videos from the iconic DEFCON.
DemmSec Pen testing videos with somewhat irregular uploads.
Derek Rook - CTF/Boot2root/wargames Walkthrough Lengthy screenshot instructional videos.
Don Does 30 Amateur pen-tester posting brief screenshot videos regularly.
Derek Rook - CTF/Boot2root/wargames Walkthrough lots of lengthy screenshot instructional vids, with
Error 404 Cyber News Short screenshot videos with loud metal music, no dialogue, bi-weekly updates.
Geeks Fort - KIF Brief screenshot videos, no recent posts.
GynvaelEN Security streams from a Google researcher focused on CTFs, computer security, and programming.
HackerSploit Regular posts, medium-length screenshot videos with dialogue.
HACKING TUTORIALS Brief screenshot videos, no recent posts.
iExplo1t Screenshot videos aimed at novices, no recent posts.
IPPSec Hackthebox.eu retired machine walkthroughs to learn basic and advanced techniques.
InfoSec Magazine Comprehensive coverage of the latest topics in information security
JackkTutorials Medium-length instructional videos with some "Ask Me" videos.
John Hammond Solves CTF problems and provides pen testing tips and tricks.
Latest Hacking News Medium-length screenshot videos, no recent releases.
LionSec Brief screenshot instructional videos with no dialogue.
LiveOverflow Brief-to-medium instructional videos on topics like buffer overflows and exploit writing, regular posts.
Metasploitation Screenshot videos focused on using Metasploit, no recent updates.
NetSecNow Channel of pentesteruniversity.org, posts once a month, screenshot instructional videos.
Open SecurityTraining Lengthy lecture-style videos, no recent posts, but quality information.
Pentester Academy TV Brief videos with very regular posting, up to 8+ a week.
rwbnetsec Medium-length instructional videos covering tools from Kali 2.0, no recent posts.
Recent Hash Leaks Valuable resource for looking up leaked hashes and related information
Samy Kamkar's Applied Hacking Brief to medium-length instructional videos from the creator of PoisonTap for the Raspberry Pi Zero, no recent content.
SecureNinjaTV Brief news bites, irregular posting.
Security Weekly Regular updates with lengthy podcast-style interviews with industry professionals.
Seytonic DIY hacking tutorials, hardware hacks, regular updates.
Shozab Haxor Screenshot-style instructional videos, regular updates, Windows CLI tutorials.
SSTec Tutorials Brief screenshot videos, regular updates.
Security Intelligence Offers in-depth coverage of cybersecurity news and intelligence resources.
Secjuice Diverse cybersecurity community offering articles, podcasts, and more on security topics.
Tradecraft Security Weekly Learn about all the latest security tools and techniques.
Troy Hunt Medium-length news videos from a lone YouTuber, regular content.
Threatpost Provides timely updates on the latest threats, vulnerabilities, and breaches in cybersecurity.
The Hacker News Daily updates on hacking news, cybersecurity incidents, and vulnerabilities; also available as a mobile app
The Daily Swig Latest cybersecurity news from PortSwigger.
Tradecraft Security Weekly Want to learn about all of the latest security tools and techniques?
Waleed Jutt Brief screenshot videos covering web security and game programming.
webpwnized Brief screenshot videos, some CTF walkthroughs.
Zer0Mem0ry Brief C++ security videos, programming intensive.

🕵️‍♂️ Hacking Google Series

Name Description
HACKING GOOGLE Series A comprehensive series on Google’s security measures.
EP000: Operation Aurora HACKING GOOGLE Overview of Operation Aurora.
EP001: Threat Analysis Group HACKING GOOGLE Insights from Google’s Threat Analysis Group.
EP002: Detection and Response HACKING GOOGLE Google’s detection and response strategies.
EP003: Red Team HACKING GOOGLE The role and activities of Google’s Red Team.
EP004: Bug Hunters HACKING GOOGLE Google’s bug bounty hunters and their experiences.
EP005: Project Zero HACKING GOOGLE Insights into Google’s Project Zero team.

🌐 Online Communities

Name Description
Hacktoday Community platform discussing various hacking topics, requires registration
Hack+ Telegram Channel Telegram channel dedicated to discussions on hacking and cybersecurity
MPGH MultiPlayerGameHacking forum community for gaming-related hacks and cheats
Stack Overflow Security Stack Overflow's dedicated tag for security-related questions and discussions
Reddit /r/hacking Subreddit focused on hacking discussions, news, and resources
HackerOne Community Community forum for HackerOne platform users and security enthusiasts
Exploit Database Forum Forum associated with the Exploit Database, discussing vulnerabilities and exploits
Cybrary Community Cybersecurity learning platform with an active community forum for discussions and support
Null Byte Community-focused on ethical hacking and cybersecurity tutorials, articles, and discussions

📝 Blogs

Blog URL Description
ScriptKidd1e Follow the OSCP journey and experiences shared by ScriptKidd1e.
Security Sift Insights and tips on Offensive Security's courses and the OSCP certification by Security Sift.
Ch3rn0byl Detailed OSCP experiences and challenges shared by Ch3rn0byl.
TechExams A personal journey and reflections on the OSCP certification by JollyFrog.
Hacking and Security Blog covering various topics related to hacking and cybersecurity.
Carnal0wnage Insights into security research and exploits by Carnal0wnage.
McGrew Security Security blog focusing on penetration testing and research.
Gnucitizen Blog covering cybersecurity, privacy, and hacking topics from a critical perspective.
Darknet Articles and tools related to hacking, security, and cryptography.
Spylogic Insights into penetration testing and cybersecurity from Spylogic.
Taosecurity Thoughts and research from a cybersecurity perspective by TaoSecurity.
Room362 Blog focusing on cybersecurity, hacking, and digital forensics.
Sipvicious Articles and tools related to VoIP security and hacking.
PortSwigger Insights and updates from PortSwigger, the creators of Burp Suite.
Pentest Monkey Tips and techniques for penetration testing and cybersecurity.
Jeremiah Grossman Thoughts on web security, hacking, and technology by Jeremiah Grossman.
i8jesus Blog focusing on cybersecurity, penetration testing, and hacking techniques.
C22 Research and insights into cybersecurity and penetration testing by C22.
SkullSecurity Blog featuring tools, research, and insights into security topics.
Metasploit Updates and articles from the Metasploit project team.
Darkoperator Tips, tricks, and tutorials on penetration testing and security by Darkoperator.
Skeptikal Insights and thoughts on cybersecurity and technology from a skeptical viewpoint.
PreachSecurity Blog covering cybersecurity, ethical hacking, and digital forensics.
TSSCI Security Articles and tools related to cybersecurity and digital forensics.
GDS Security Research and insights into cybersecurity and penetration testing by GDS Security.
WebSec Blog focusing on web security, vulnerabilities, and hacking techniques.
Bernardo Damele Thoughts and research on cybersecurity and web application security.
Laramies Blog featuring tools and techniques related to cybersecurity and penetration testing.
Spylogic (again) Insights into penetration testing and cybersecurity from Spylogic.
Andlabs Research and insights into cybersecurity and mobile security by Andlabs.
XS-Sniper Blog covering cybersecurity, penetration testing, and tools.
Common Exploits Insights into cybersecurity and penetration testing from Common Exploits.
Sensepost Blog featuring research and insights from Sensepost, covering cybersecurity topics.
WepMa Blog focusing on cybersecurity and ethical hacking.
Exploit.co.il Articles and tools related to cybersecurity and exploits.
Security Reliks Articles and insights into cybersecurity and penetration testing.
Mad Irish Thoughts and insights on cybersecurity and hacking from Mad Irish.
Sir Dark Cat Blog covering cybersecurity, hacking, and technology from Sir Dark Cat.
Reusable Security Insights and research on cybersecurity and digital security topics.
Myne-us Blog focusing on cybersecurity, hacking, and digital forensics.
NotSoSecure Articles and insights into cybersecurity and penetration testing from NotSoSecure.
SpiderLabs Updates and insights from SpiderLabs, focusing on cybersecurity and digital forensics.
Corelan Blog featuring tutorials and tools related to exploit development and cybersecurity.
Digininja Research and insights into cybersecurity and penetration testing by Digininja.
PaulDotCom Blog covering cybersecurity news, tools, and techniques.
Attack Vector Insights and discussions on cybersecurity and hacking from Attack Vector.
Deviating Articles and insights into cybersecurity and digital forensics.
AlphaOne Labs Blog covering cybersecurity, hacking, and technology from AlphaOne Labs.
Smashing Passwords Tips and techniques related to password security and cracking.
WireWatcher Blog focusing on cybersecurity and network monitoring.
Gynvael Coldwind Articles and challenges related to cybersecurity and hacking by Gynvael Coldwind.
Nullthreat Blog covering cybersecurity and penetration testing topics.
Question Defense Insights into cybersecurity, digital forensics, and technology.
ArchangelAmael Blog covering cybersecurity, hacking, and technology by ArchangelAmael.
Memset Articles and insights into cybersecurity and digital security topics by Memset.
Sickness Blog focusing on cybersecurity and hacking techniques.
Punter-Infosec Insights into cybersecurity, ethical hacking, and digital forensics by Punter-Infosec.
Security Ninja Blog covering cybersecurity and ethical hacking topics from Security Ninja.
Security and Risk Insights and discussions on cybersecurity and risk management.
Esploit Articles and tools related to cybersecurity and hacking.
Pentestit Blog focusing on penetration testing and cybersecurity challenges.

💻 Hacking and Security Forums

Name Description
sla.ckers.org Forum focusing on web application security, including vulnerabilities and exploits.
Ethical Hacker Network Community forum for ethical hackers and cybersecurity professionals to discuss topics and share knowledge.
BackTrack Linux Forums Forums associated with BackTrack Linux, focusing on penetration testing and security tools.
Elite Hackers Forum discussing various aspects of hacking, security, and technology.
Hack This Site Forum associated with the Hack This Site community, focusing on hacking challenges and discussions.
Security Override Forum for discussions on cybersecurity topics, vulnerabilities, and defense strategies.
iExploit Forum specializing in discussing and sharing exploits and vulnerabilities.
Bright Shadows Community forum for discussions on hacking techniques, security tools, and cybersecurity news.
Government Security Forum focusing on cybersecurity discussions, including government and enterprise security issues.
intern0t Forum for discussions on hacking, security, and technology.
0x00sec Community forum focusing on hacking, malware analysis, computer engineering, and reverse engineering.
Antichat Russian-based forum discussing various aspects of hacking and cybersecurity.
CODEBY.NET Russian-based forum covering hacking, web application penetration testing (WAPT), malware analysis, computer engineering, reverse engineering, and forensics.
EAST Exploit Database Exploit database focusing on commercial exploits written for the EAST Pentest Framework.
Greysec Forum dedicated to hacking and cybersecurity discussions, including tutorials and challenges.
Hackforums Forum for posting about hacks, exploits, and various cybersecurity discussions.
4Hat Day Brazilian-based forum focusing on hacking and cybersecurity topics.
CaveiraTech Brazilian-based forum covering general hacking and cybersecurity discussions.

📡 Network Scanning / Reconnaissance

Name Description
Foot Printing with WhoIS/DNS records A comprehensive white paper by SANS on using WhoIS and DNS records for footprinting.
Google Dorks/Google Hacking A list of powerful Google search commands for hacking, revealing the full potential of the world's largest search engine.
Nmap A detailed manual for Nmap, one of the most widely used network scanning tools.
Recon-ng An open-source reconnaissance framework designed for advanced network reconnaissance.
Shodan A search engine for internet-connected devices, providing detailed information about device vulnerabilities.
Maltego A comprehensive tool for network and link analysis, visualizing relationships between data points.
SpiderFoot An automated OSINT (Open Source Intelligence) tool for threat intelligence and reconnaissance.
Metasploit A powerful penetration testing tool with modules for scanning, exploiting, and reporting.
Zenmap The official GUI for Nmap, making network scanning more user-friendly and accessible.
theHarvester A tool designed to gather emails, subdomains, hosts, employee names, and more from public sources.
Netcat A versatile networking tool for reading from and writing to network connections using TCP or UDP.
Amass An open-source tool for network mapping of attack surfaces and external asset discovery using passive information gathering and active reconnaissance techniques.

🌟 Credit To All Below

Name Description
Awesome Hacking A curated list of awesome hacking tools, guides, and resources. 🛠️
fsociety Comprehensive hacking toolkit including exploits, reconnaissance, and more. 🧰
Hacking Tool Collection of hacking tools for various purposes, from penetration testing to network analysis. 🛡️
Hacker Roadmap Roadmap for beginners to learn about different facets of hacking and cybersecurity. 🛣️
Cheatsheet God Comprehensive cheatsheets for various hacking techniques, including OSCP preparation. 📑
Movies for Hackers List of movies every hacker should watch for entertainment and inspiration. 🎥
Free Security E-Books A collection of freely available e-books covering diverse topics in cybersecurity. 📚