Hacking/Infosec Resources
Hacking resources: links, tutorials, courses, and books on security. This post will continue to be updated with new resources.
- Links
a. Information and how-tos
b. Resources, Labs, and Training Environments
c. Courses - Books
a. Historical
b. Technical
c. Operational
d. Social
This is a selection of my favorite ethical hacking, infosec, and IT security training resources. I'm often asked for resources for beginners looking to get into security, or for professionals looking to improve their skills or switch to offensive security. These resources will serve as a 'one stop shop' for my recommendations.
Links:
Information and how-tos:
- https://www.ired.team/ Great collection of TTPs
- https://book.hacktricks.xyz/ Great collection of TTPs
- https://pentestlab.blog/ Great collection of TTPs and blog posts
- http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet Reverse shell cheat sheet
- https://blog.ropnop.com/upgrading-simple-shells-to-fully-interactive-ttys/ Upgrading shells to TTYs
- https://5pider.net
- https://azeria-labs.com/ Reverse Engineering, arm assembly, and exploitation dev tutorials and training
- https://hakluke.com/
- PayloadsAllTheThings linux privesc
- PayloadsAllTheThings Methodology and Resources
- https://gtfobins.github.io/ (linux lolbins)
- https://lolbas-project.github.io/ (windows lolbins)
Resources, labs, and environments:
- https://www.hackthebox.eu/ : Industry-leading 'firing range' and training environment, including training tracks for beginners.
- https://tryhackme.com/ : Similar to hackthebox, though I have not tried TryHackMe.
- https://www.hackerone.com/ : Bug bounty platform for ethical hacking. Also Intigriti, BugCrowd, and Synack.
- https://overthewire.org/wargames/bandit/ : Introductory and very beginner-friendly tutorial providing familiarity with the linux commandline.
- https://nationalcyberleague.org/ : Training environment for college students, complete with coaches and recruiting opportunities.
- https://pentesterlab.com/ : Generic pentesting resources and labs. Good walkthroughs and tutorials.
- https://www.pentesteracademy.com/ : Generic pentesting resources and labs. Good walkthroughs and tutorials.
Courses:
- https://institute.sektor7.net/ : High-quality and affordable courses in malware development, and operations.
- https://training.zeropointsecurity.co.uk/courses/red-team-ops : High-quality it security training and red team operations training
- https://www.mdsec.co.uk/training/adversary-simulation-red-team-tactics/ : High-quality training
- https://www.youtube.com/playlist?list=PL9HO6M_MU2nfQ4kHSCzAQMqxQxH47d1no : Mudge's Cobalt Strike training playlist
Books:
Historical
- Sandworm: Andy Greenberg
- Countdown to Zero Day: Kim Zetter
- Cuckoo's Egg: Cliff Stoll
Technical
- RTFM Red Team Field Manual: Ben Clark
- Operator Handbook: Red Team + OSINT + Blue Team Reference: Joshua Picolet
- Windows Internals, Part 2, 7th Edition: Various Microsoft Employees
Operational
- Red Team Development and Operations: James Tubberville and Joe Vest
Social
- Weapons of Math Destruction: Cathy O'Neil
- LikeWar: P.W. Singer and Emerson Brookings
Photo by Adi Goldstein on Unsplash