apaas.dev
31 May 2022
Books
- The Hacker Playbook 2: Practical Guide To Penetration Testing
- The Basics of Hacking and Penetration Testing, Second Edition: Ethical Hacking and Penetration Testing Made Easy
- Breaking into Information Security: Learning the Ropes 101
- Penetration Testing: A Hands-On Introduction to Hacking
- Social Engineering: The Art of Human Hacking
- Hacking: The Art of Exploitation, 2nd Edition
- Web Hacking 101
- OWASP Testing Guide (A must read for web application developers and penetration testers)
- The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws
- The Basics of Web Hacking: Tools and Techniques to Attack the Web
Learning Platforms to Sharpen Your Skills
Online
| Name | Description |
|---|---|
| CTF Hacker101 | The Hacker101 CTF is a game designed to let you learn to hack in a safe, rewarding environment. Hacker101 is a free educational site for hackers. |
| Hack The Box :: Penetration Testing Labs | An online platform to test and advance your skills in penetration testing and cyber security. Join today and start training in our online labs. |
| TryHackMe | TryHackMe is an online platform that teaches cyber security through short, gamified real-world labs. |
| CTF365 | An account based ctf site, awarded by Kaspersky, MIT, T-Mobile. |
| Backdoor | Pen testing labs that have a space for beginners, a practice arena and various competitions, account required. |
| Hack.me | Lets you build/host/attack vulnerable web apps. |
| CTFLearn | An account-based ctf site, where users can go in and solve a range of challenges. |
| OWASP Vulnerable Web Applications Directory Project (Online) | List of online available vulnerable applications for learning purposes. |
| Pentestit labs | Hands-on Pentesting Labs (OSCP style) |
| Root-me.org | Hundreds of challenges are available to train yourself in different and not simulated environments |
| Vulnhub.com | Vulnerable By Design VMs for practical 'hands-on' experience in digital security |
| Windows / Linux Local Privilege Escalation Workshop | Practice your Linux and Windows privilege escalation. |
| Hacking Articles | CTF Breif Write up collection with a lot of screenshots good for beggainers. |
| Rafay Hacking Articles, a great blog | Write up collections by Rafay Baloch. |
| PentesterLab | 20$ signature, complete content basic to write exploits, web, android. |
| CyberSec WTF | Emulated web pentesting challenges from bounty write-ups |
Off-Line
| Name | Description |
|---|---|
| Damn Vulnerable Xebia Training Environment | Docker Container including several vurnerable web applications (DVWA,DVWServices, DVWSockets, WebGoat, Juiceshop, Railsgoat, django.NV, Buggy Bank, Mutilidae II and more) |
| OWASP Vulnerable Web Applications Directory Project (Offline) | List of offline available vulnerable applications for learning purposes |
Vulnerable Machines/Websites
Vulnerability Databases And Resources
Vulnerability Databases are the first place to start your day as a security professional. Any new vulnerability detection is generally available through the public vulnerability databases. These databases are a big source of information for hackers to be able to understand and exploit/avoid/fix the vulnerability.
- http://www.exploit-db.com/
- http://1337day.com/
- http://securityvulns.com/
- http://www.securityfocus.com/
- http://www.osvdb.org/
- http://www.securiteam.com/
- http://secunia.com/advisories/
- http://insecure.org/sploits_all.html
- http://zerodayinitiative.com/advisories/published/
- http://nmrc.org/pub/index.html
- http://web.nvd.nist.gov
- http://www.vupen.com/english/security-advisories/
- http://www.vupen.com/blog/
- http://cvedetails.com/
- http://www.rapid7.com/vulndb/index.jsp
- http://oval.mitre.org/
- http://sploitus.com/
- http://cxsecurity.com/
Malware Analysis
| Name | Description |
|---|---|
| Malware traffic analysis | list of traffic analysis exercises |
| Malware Analysis - CSCI 4976 | another class from the folks at RPISEC, quality content |
| [Bad Binaries] (https://www.badbinaries.com/) | walkthrough documents of malware traffic analysis exercises and some occasional malware analysis. |
Linux Penetration Testing OS
| Name | Description |
|---|---|
| Kali | the infamous pentesting distro from the folks at Offensive Security |
| Parrot | Debian includes full portable lab for security, DFIR, and development |
| Android Tamer | Android Tamer is a Virtual / Live Platform for Android Security professionals. |
| BlackArch | Arch Linux based pentesting distro, compatible with Arch installs |
| LionSec Linux | pentesting OS based on Ubuntu |
Courses
For those who want to do CEH, the following links are for you. 2. CBT Nuggets CEH Training 3. CEH Books 4. Guide to Binary Exploitation
Workshops/Playlists
Security Talks and Conferences
- InfoCon - Hacking Conference Archive
- Curated list of Security Talks and Videos
- Blackhat
- Defcon
- Security Tube
- Kevin Mitnick: Live Hack at CeBIT
- Ghost in the Cloud, Kevin Mitnick
- Kevin Mitnick | Talks at Google
- Complete Free Hacking Course: Go from Beginner to Expert Hacker Today
YouTube Channels
Now let’s get Towards YouTube Channel Links... These Channels are Shared By Hackers where They Upload their Video POCs.. Watching them u can actually understand how to demonstrate these type of attacks...
- LiveOverflow
- Black Hat
- Injector Pca
- Hisham Mir
- Devil Killer
- Suleman Malik
- Dem0n
- Frans Rosén
- HackerOne
- ak1t4 machine
- Shawar Khan
- vulnerability0lab
- Bugcrowd
- Vijay Kumar
- Web Development Tutorials
- Jan Wikholm
- Bhargav Tandel
- ErrOr SquaD
- SecurityIdiots
- Penetration Testing in Linux
- Hussnain Fareed
- Null Byte
- ZAID
- vabs tutorial
- the cyber mentor
- PwnFunction
Any Channel Link Missing? Kindly add it in Comments
Forums
| Name | Description |
|---|---|
| 0x00sec | hacker, malware, computer engineering, Reverse engineering |
| Antichat | russian based forum |
| CODEBY.NET | hacker, WAPT, malware, computer engineering, Reverse engineering, forensics - russian based forum |
| EAST Exploit database | exploit DB for commercial exploits written for EAST Pentest Framework |
| Greysec | hacking and security forum |
| Hackforums | posting webstite for hacks/exploits/various discussion |
原文:https://github.com/husnainfareed/Awesome-Ethical-Hacking-Resources
- 登录 发表评论