#hackers Resources

A list of hacking resources wouldn't be complete without a link to Awesome-Hacking.

Hands-on Learning

• TryHackMe. Well-known beginner-friendly cybersecurity training platform.
• PortSwigger Web Security Academy. Free, online web security training from the creators of Burp Suite.
• Hacker101 CTF. Capture The Flag (CTF) run by HackerOne.
• YesWeHack - Dojo. Monthly CTF-type challenges for web applications.
• OverTheWire Wargames. Variety of wargames that teach hacking.
• Juice Shop. Intentionally insecure web application created by OWASP.
• Pwn College. Free online platform for students and hackers to practice core cybersecurity concepts and skills.
• Hack The Box. Learn how to hack from beginner to advanced levels with courses, labs, and competitions.
  • Penetration Tester Path HackTheBox offers the "penetration tester path" which is probably the most comprehensive pentesting training path out there, which leads up to the CPTS certification.
• Proving Grounds. OffSec Proving Grounds offers a modern network for practicing penetration testing skills on real-world vectors.
• Altered Security. Windows, Active Directory, and Azure AD-focused hands-on offensive security training.
• PentesterLab. Web hacking and security review-focused training courses and exercises.
• Offensive Security. Offers realistic certifications and training focused on offensive security techniques.
• Ret2 Wargames. Lab-based software exploitation training.
• VulnHub. Collection of vulnerable applications to practice penetration testing.
• HackInTheBox. Provides various security training resources and challenges.
• SANS Cyber Aces. Free introductory courses in cybersecurity fundamentals.
• CTF Time. Aggregates information about Capture The Flag (CTF) competitions worldwide.
• CTF Writeups. Repository of write-ups for various Capture The Flag challenges.
• Infosec Skills. Cybersecurity training with hands-on labs and exercises.
• Pentester Academy. Offers online courses and labs for penetration testing and security.
• CyberRanges. World-class cybersecurity training exercises and capability development platform.
• Cobalt Strike. Provides a range of offensive security tools and training resources.
• eLearnSecurity. Offers a variety of cybersecurity training courses and certifications.
• Red Team Village. Provides resources and training for red teaming and offensive security.
• OWASP. A virtual machine with various vulnerable applications for practice.
• Hacking Lab. Offers a range of online labs and challenges for cybersecurity practice.
• SecTools.org. Provides a comprehensive list of security tools used in penetration testing.
• Exploit-DB. A comprehensive archive of exploits and vulnerabilities. The Google Hacking Database is worth checking out.
• Hacking Articles. Provides tutorials and articles on various cybersecurity topics.
• CTF Learn. Offers a range of Capture The Flag challenges for practice.
• Security Onion. Free and open-source Linux distribution for intrusion detection and network security monitoring.
• Nviso Blog. Cybersecurity research, straight from the lab.

Training (Not Hands-On)

General

• OpenSecurity Training. OpenSecurityTraining.info offers free training material for computer security classes.
• OpenSecurity Training 2. Relaunch of OpenSecurityTraining with updated materials.
• OALabs. Open Analysis Labs provide malware reversing videos and training.
• Corelan.be. Corelan offers well-regarded articles and paid training bootcamps on exploit writing.
• Hacker House. Resources and training for various levels of security expertise.
• Tenable. Vulnerability management and security training resources.

Windows

• Code Machine. Comprehensive training on Windows security.
• Maldev Academy. Windows-focused malware development courses.

Linux

• Linux Kernel Exploitation. Blog series on exploiting Linux kernels.
• Linux Privilege Escalation. Comprehensive guide to Linux privilege escalation techniques.

Web

• Checkpoint's Web Hacking Training. Web hacking training offerings from Checkpoint.
• Websites Vulnerable to SSTI. Simple websites to learn how to exploit Server-Side Template Injections (SSTI).
• OWASP Cheat Sheet Series. Collection of cheat sheets on web security practices.
• Web Security Testing Guide. Comprehensive guide on web security testing methodologies.
• CS 253 Web Security Stanford's CS 253 course on web security

MacOS

• MacOS Security Research. Research and articles on macOS security.
• MacOS Exploitation Techniques. Exploits and techniques for macOS.

Other

• Fuzzing 101. Fuzz testing course.
• VX Underground. Papers, source, and resources on malware.
• Reverse Engineering 101. Comprehensive guide to reverse engineering techniques and tools.
• Malware Analysis Tools. Curated list of malware analysis tools and resources.

Media / Content Creators

• NahamSec. Educational cybersecurity content focused on bug bounty and web application security.
• SecurityTube. Video content and tutorials on various cybersecurity topics.
• The Cyber Mentor. YouTube channel offering practical cybersecurity tutorials and CTF walkthroughs.
• LiveOverflow. YouTube channel focused on computer security and hacking.

Books

• Windows Internals. Windows Internals: System architecture, processes, threads, memory management, and more.
• Hacking: The Art of Exploitation. Comprehensive guide to hacking techniques and tools.
• The Web Application Hacker's Handbook. Detailed guide on web application security and hacking techniques.
• Practical Malware Analysis. Hands-on guide to malware analysis and reverse engineering.
• The Fuzzing Book A nice detailed book on fuzzing and software testing.

Magazines

• Phrack Magazine. Phrack is an e-zine written by and for hackers, first published in 1985.
• 2600: The Hacker Quarterly. Quarterly publication focusing on hacker culture and computer security.
• Hakin9. Magazine offering articles and tutorials on various cybersecurity topics.