a. Information and how-tos
b. Resources, Labs, and Training Environments
This is a selection of my favorite ethical hacking, infosec, and IT security training resources. I'm often asked for resources for beginners looking to get into security, or for professionals looking to improve their skills or switch to offensive security. These resources will serve as a 'one stop shop' for my recommendations.
- https://www.ired.team/ Great collection of TTPs
- https://book.hacktricks.xyz/ Great collection of TTPs
- https://pentestlab.blog/ Great collection of TTPs and blog posts
- http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet Reverse shell cheat sheet
- https://blog.ropnop.com/upgrading-simple-shells-to-fully-interactive-ttys/ Upgrading shells to TTYs
- https://azeria-labs.com/ Reverse Engineering, arm assembly, and exploitation dev tutorials and training
- PayloadsAllTheThings linux privesc
- PayloadsAllTheThings Methodology and Resources
- https://gtfobins.github.io/ (linux lolbins)
- https://lolbas-project.github.io/ (windows lolbins)
- https://www.hackthebox.eu/ : Industry-leading 'firing range' and training environment, including training tracks for beginners.
- https://tryhackme.com/ : Similar to hackthebox, though I have not tried TryHackMe.
- https://www.hackerone.com/ : Bug bounty platform for ethical hacking. Also Intigriti, BugCrowd, and Synack.
- https://overthewire.org/wargames/bandit/ : Introductory and very beginner-friendly tutorial providing familiarity with the linux commandline.
- https://nationalcyberleague.org/ : Training environment for college students, complete with coaches and recruiting opportunities.
- https://pentesterlab.com/ : Generic pentesting resources and labs. Good walkthroughs and tutorials.
- https://www.pentesteracademy.com/ : Generic pentesting resources and labs. Good walkthroughs and tutorials.
- https://institute.sektor7.net/ : High-quality and affordable courses in malware development, and operations.
- https://training.zeropointsecurity.co.uk/courses/red-team-ops : High-quality it security training and red team operations training
- https://www.mdsec.co.uk/training/adversary-simulation-red-team-tactics/ : High-quality training
- https://www.youtube.com/playlist?list=PL9HO6M_MU2nfQ4kHSCzAQMqxQxH47d1no : Mudge's Cobalt Strike training playlist
- RTFM Red Team Field Manual: Ben Clark
- Operator Handbook: Red Team + OSINT + Blue Team Reference: Joshua Picolet
- Windows Internals, Part 2, 7th Edition: Various Microsoft Employees
- Red Team Development and Operations: James Tubberville and Joe Vest