List of InfoSec resources

I get this question a lot so I compiled a big list that I can just link people to directly.

Submissions are welcome. Please make a PR and I will try to get around to it when I have time.

Where to start?

• LiveOverflow's YouTube channel
• Advice for young hackers. How to teach yourself
• How to start hacking? The ultimate two path guide to information security. - /r/hacking

CTFs

If you are new, you should start with high school level and eventually level up to college level.

• https://ctftime.org - Find CTFs and write-ups
• https://picoctf.com/ (high school level)
• NSA Codebreaker challenge
• CSAW RED (high school level) - Formerly known as CSAW HSF
• CSAW CTF (college level)
• HackTheBox - I never did this, but it's popular
• Flare-On: Annual reversing CTF
• PlaidCTF (warning: hard)
• AngstromCTF, TJCTF, UMDCTF, TUCTF, UIUCTF. Look for CTFs organized by college students or people somewhat above your skill level but not too far
• Other great CTFs in no particular order, some may be missing (may be hard): DiceCTF, Sekai CTF, Midnight Sun CTF, Google CTF, Blue Water CTF

Blockchain / Web3

• The Auditooor Grindset
• Zellic blog - Blockchain security and cryptography research
• Paradigm CTF - chals
• ETHSecurity Telegram channel

Binary Exploitation

• pwn.college - Guide written by Zardus and adam doupe, former organisers of DEF CON CTF
• Gatech Sslab CS 6265: InfoSec Lab - GREAT resource on intro to binex.
• how2heap - intro to glibc heap exploitation
• Dhaval Kapil's heap explotation guide - intro to glibc heap exploitation. slightly outdated but still good
• http://pwnable.tw/ - more pwnables
• https://microcorruption.com/login
• Extreme Vulnerable Driver - a vulnerable driver you can learn to pwn drivers with
• exploit.education - Learn exploit dev, binary analysis (Suggested by @gautammenghani, not vetted by me)

Game hacking and reversing

• Pointers for REAL dummies - This is how I finally understood pointers when I was 12 years old. GREAT guide and it will teach you about C and what is memory.
• Fl33p's CS:S bunnyhop hack tutorial (YT) - A bit outdated but this is what helped me finally understand how to use a debugger and Cheat Engine and Visual Studio. The explanations are not 100% accurate but most importantly it is really beginner friendly for noobs
• godbolt.org Compiler Explorer - Good to learn what code looks like when it gets compiled
• Reverse Engineering Stack Exchange - Good place to figure out how to do something in IDA Pro.
• osdev wiki - Has some outdated or inaccurate info, but usually a good starting point.

Discord servers

Remember to be nice, don't be rude or annoying, etc. Act like an adult.

⚠️⚠️⚠️ DISCLAIMER: I DO NOT ENDORSE any of these servers personally, their administrators, or any of the discussion that may occur in them. I deny any particular knowledge or awareness of the day-to-day occurrences and contents of conversations on these servers. In other words, this is simply a list of some well-known, popular infosec related servers. The views, opinions, and speech of the participants or administrators on the servers below bear NO REFLECTION whatsoever on my own personal opinions, values, or beliefs. This list is provided as a USEFUL RESOURCE only. ⚠️⚠️⚠️

• Reverse Engineering discord - do NOT discuss game hacking in this Discord or you will be banned.
• Capture the Flag discord - CTF community
• Secret club public discord - Administered by Carl Schou and Derek Rynd.
• gynvael's server - administered by gynvael.
• Day0 podcast server - administered by zi and Specter.
• Awesome Fuzzing - fuzzing enthusiasts.
• Back.engineering server - administered by xeroxz.
• osdev server - I don't know this server, but it's popular.

Blogs (in no particular order)

⚠️⚠️⚠️ DISCLAIMER: I DO NOT ENDORSE the personal character of any of the listed authors. The blogs listed below are chosen SOLELY based on the merits and quality of the publications and research ONLY. In other words, this is simply a list of well-known infosec authors. The views, opinions, and writing of the blogs below or their authors bear NO REFLECTION whatsoever on my own personal opinions, values, or beliefs. This list is provided as a USEFUL RESOURCE only. ⚠️⚠️⚠️

• Zellic blog - Blockchain security and cryptography research
• chompie1337's blog - twitter
• Qualys Advisories - 1337 security research
• Back Engineering - misc reversing stuff
• Raymond Chen's Blog - windows internals
• Quarkslab Blog - Awesome security engineering, systems and systems research
• Gbps's blog - Good reverse engineering and low-level systems articles.
• Google Project Zero blog - Cutting-edge vulnerability research.
• Secret Club - Syndicated publication on various innovative research on reverse engineering, esp. game hacking.
• Can Bölük's blog - Hypervisors, Windows internals, anticheats. He is a legendary reverse engineer
• Derek Rynd and Aidan Khoury's blog (revers.engineering) - Hypervisors, Windows internals, Anticheats. They are both way smarter than me
• Sinaei's blog - Hypervisor from scratch
• Orange Tsai's blog - Lot of cutting-edge research on a broad range of topics. He is totally an infosec legend
• Alex Ionescu and Yarden Shafir's blog - Windows internals, systems, kernel.
• Rolf Rolles' blog - Reverse engineering, program analysis, (de)obfuscation, IDA Pro
• back.engineering - Mainly xeroxz's blog but also features some syndicated articles.
• lcamtuf's blog - Fuzzing and systems.
• Halvarflake's blog - Various topics in systems and security.
• Trail of Bits blog - State-of-the-art research on cryptography, program analysis, bug hunting
• Bruce Dawson's blog - Systems, compilers, and performance.
• Travis Downs' blog - Systems, compilers, and performance.
• Krebs on Security - Mainstream InfoSec news.
• Bruce Schneier's blog - Cryptography and privacy news.
• Hex-Rays blog - Tips and tricks for IDA Pro

Other InfoSec newsletters, zines, and publications

• phrack magazine - famous hacker zine
• LWN - Linux internals
• /r/securityCreators/
• zSecurity Twitter

Favorite Tools

I am a Windows user so I mainly use Windows tools. Sorry Linux users.

Must-have, essential tools

• Python 3 - hacker's best friend
• x64dbg - Windows userland debugger
• Process Hacker
• IDA Pro (or Ghidra) - disassembler
• HxD - hex editor
• Cheat Engine - memory hacking tool
• CFF explorer - PE editor
• Windows Calculator, MSpaint, and notepad
• diffchecker.com
• cyberchef - data processing multitool
• Sublime Text
• Sysinternals suite
• mitmproxy

Other handy tools

• Wireshark
• WinDbg - for Windows kernel debugging
• Pestudio - pe dissector and triage tool
• ReClassEx - in-memory struct dissector
• 010 hex editor - fancier, but paid, hex editor. I don't use this often but it's popular
• JDA Java disassembler - for Java applications
• dnSpy - for .NET applications
• apktool - for Android shit
• java-deobfuscator - written by samczsun who is smart as hell
• de4dot - .NET deobfuscator
• Detect It Easy (DIE) - detect compiler and packers. I don't often use this since I can usually recognize by experience
• Sage - for cryptography
• Proxifier - basically proxychains for Windows
• Krakatau - Good java disassembler
• Mitmproxy - Burp suite for broke people

Hex-Rays plugins

• HexRaysPyTools - must-have
• ClassInformer - RTTI parser (for Win32)
• ret-sync
• Labelless
• abyss

x64dbg plugins

• ScyllaHide - Anti-anti-debug
• xHotspots - Sometimes useful for reversing GUI shit
• OllyDumpEx
• In general, refer to this comprehensive list

Lectures and slides

• Gatech CS 8803: Compilers Theory and Practice
• Gatech Sslab CS 3210: Operating Systems

Reference materials

• Intel Manual volume 3 - they say that every question you have is answered somewhere in this book. the question is where to find it. and also how to understand it. since this shit is not easy nor fun to read. sometimes if you ask some stupid question people will tell you to go read the intel manual. it's an advanced way to tell people to fuck off.
• Hacker's Delight - bit hacking tricks, you see them used by compilers often. Division constants
• Dragon Book - popular compilers textbook
• SSA book - resource for advanced topics on single static assignment form in compilers
• MSDN - win32 and windows internals