Info
This page for purpose share the idea, community, skillset, technical about Cyber Security and Information Security. How we can improve the skillset via LAB and CTF contest
General
Info
General things will cover a lot of stuff when you want to start with cyber and information security
- Youtube - 60 Hacking Commands You NEED to Know
- Cybersecurity Conferences
- OWASP
- The Hacker News - Cybersecurity News and Analysis
- HACKING roadmap
- bugbounty-cheatsheet/books.md at master ยท EdOverflow/bugbounty-cheatsheet
- Billโs Security Site
- OWASP Penetration Testing Check List
- SecurityZines : Visualization Hacking, Architecture and Technical by Image with step by step
InfoSec Blog page
Info
Blog page where provide you more information about techniques, tools and madness things inside information security field
- Blog | hackers-arise
- WhiteHat.vn
- Sebastian Neef - 0day.work
- tl;dr sec
- Escape - The API Security Blog
- Top Cybersecurity And Information Security Guides - HackersOnlineClub
- With Secure Publications
- Wiz.blog
- Vsociety - CVE Org analysis : CVE analysis and publish CVE
- AttackerKB : CVE analysis
- Intigriti Blog
- HTB Blog
- THM Blog
- Hackerone Blog
- Medium - System Weakness
- Medium - Infosec Writeups
- Medium - S12 H4CK
- Medium - Coded Conversations ๐๐ฌ
- LRTV Blog
- Hacking Articles - Raj Chandelโs Blog
- Sun* Cyber Security Team - Vietnamese
- Cloudflare Blog
- Cloudflare Learning
- ElNiak Blog
- Prof Bill Buchanan OBE FRSE : Professor of Cryptography
- Medium - n00๐
- SSH Academy
- HighOn.Coffee - Penetration Testing && Security Research
- Troy Hunt
- Pentester Land - Offensive InfoSec
- Reddit Hacking
- KitPloit - PenTest & Hacking Tools
Awesome Infomation Security repository
Info
The madness and badass repository will provide huge information about Cyber and Information Security
- awesome-pentest : A collection of awesome penetration testing resources, tools and other shiny things
- awesome-infosec : A curated list of awesome
infoseccourses and training resources. - the-book-of-secret-knowledge : A collection of inspiring lists, manuals, cheat-sheets, blogs, hacks, one-liners, cli/web tools and more.
- awesome-api-security: A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.
- Awesome-Hacking : A collection of various awesome lists for hackers, pentesters and security researchers
- awesome-hacker-search-engines : A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more
- h4cker : About ethical hacking, bug bounties, digital forensics and incident response (DFIR), artificial intelligence security, vulnerability research, exploit development, reverse engineering, and more.
- GO Simple Tunnel: A simple security tunnel written in golang
- awesome-ctf : A curated list of CTF frameworks, libraries, resources and softwares
- Awesome-Cybersecurity-Handbooks : A huge chunk of my personal notes since I started playing CTFs and working as a Red Teamer.
- awesome-privilege-escalation : A curated list of awesome privilege escalation
- NetExec : The Network Execution Tool. Website
- CheatSheetSeries : The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
- HackTricks - HackTricks : Wikipedia of Hacking
- Cloud - HackTricks : Wikipedia of Hacking Cloud
- pentest-book: This book contains a bunch of info, scripts and knowledge used during pentests.
- public-pentesting-reports: A list of public penetration test reports published by several consulting firms and academic security groups.
- The Hacker Recipes: providing technical guides on various hacking topics
- MobileApp-Pentest-Cheatsheet : Arsenal for mobile application attack
- OWASP Project : Collection about OWASP Opensource
- OWASP Collection: Free for Open Source Application Security Tools
- sec_profile: Chinese Collection about Security with profile vulnerability and awesome hacking technique
Awesome Articles
Info
The collection of myself about tool and technique is useful for learning and practicing Cyber and Info Security
- General - Medium - Rust for Cyber Security and Red Teaming
- General - Python for DevSecOps and Any Security Engineer
- Pwnable - Wiz.io - CVE-2024-3094 : Backdoor XZ
- Pwnable - Medium - Docker and runC Vulnerabilities: A Deep Dive into CVE-2024โ21626 and Its Counterparts
- Pwnable - Medium - Breaking Free: 26 Advanced Techniques to Escape Docker Containers
- Pwnable - Medium - Ping Power โ ICMP Tunnel
- Pwnable - Different types of Computer Viruses - Computer Virus Classification
- Pwnable - Linux Privilege Escalation - Vietnamese
- Pwnable - x86 and amd64 instruction reference
- Crypto - Practical Cryptography : Talk about Cryptography but explain more about them
- Forensics - Steghide - An Easy way to Hide Confidential Data Inside Images and Sound Objects in Linux
- Forensics - Hiding Information by Manipulating an Imageโs Height
- Forensics - Information hiding
- Forensics - Modifying Embedded Filesystems in ARM Linux zImages
- Web - Medium - How to find subdomain takeover using httpx + dig
- Pwnable - Get Reverse-shell via Windows one-liner - Hacking Articles
- Networking - Medium - VPN is dead? Long live the Jump Host?
- Networking - Medium - Using Suricata Intrusion Prevention System To Monitor Network Traffic
- Networking - Kแบฟt nแปi private LAN qua Cloudflare Tunnels sแปญ dแปฅng Wireguard
- Networking - Cisco - Configuring Virtual Private LAN Service (VPLS)
- Networking - What is multiprotocol label switching (MPLS)?
- Networking - Zero Trust Network Access (ZTNA) vs VPNs
- Networking - 10 Useful Open Source Security Firewalls for Linux Systems
- Cloud - Creating unintentional ways to bypass AWS IAM policies when using the โForAllValuesโ operator
- Networking - Medium - SSH Over Openssl Over Haproxy: Bypassing Blocks
- SOC - Networking - Medium - Building an Effective SOC with Open-Source SIEM Tools: My Masterโs Project Journey
Tools and Techniques
Reconnaissance (All categories)
Info
In this phase, the tester gathers as much information about the target system as they can, including information about the network topology, operating systems and applications, user accounts, and other relevant information. The goal is to gather as much data as possible so that the tester can plan an effective attack strategy.
Browser Search
Container
- dive : A tool for exploring each layer in a docker image
- crane: A tool for interacting with remote images and registries
- trivy: Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
OSINT
- TinEye Reverse Image Search
- Internet Archive: Wayback Machine
- GPS coordinates, latitude and longitude with interactive Maps
Web
- SecLists : Wordlist for attacking
- Snyk : DAST and SAST tools
- crt.sh : Certificate Search
- jwt.io : JSON Web Tokens
- digwebinterface : Dig on browser
- Censys Search Engine : Web recon tool
- Shodan Search Engine : Web recon tool
- Google Public DNS : Find and validate dns with Google DNS
- DNSdumpster.com: dns recon and research, find and lookup dns records
Exploitation
Info
In this phase, ethical hacker need to attack to target and try to grasp some thing about weakness of system or applications
Collections about Attack and Defend
- MITRE ATT&CKยฎ : Globally-accessible knowledge base of adversary tactics and techniques based on real-world observations.
- Defend MITRE: Defend skillset base on real-world secenarios
- CAPEC : Common Attack Pattern Enumeration and Classification (CAPECโข)
- Application Security Cheat Sheet: Application Security Cheat Sheet
- OWASP Cheat Sheet Series : Provide a concise collection of high value information on specific application security topics
- Awesome-Hacking-Resources : A collection of hacking / penetration testing resources to make you better!
- PENTESTING-BIBLE: Attack and Defend articles in PDF
- AD-Attack-Defense : Attack and defend active directory using modern post exploitation adversary tradecraft activity
- MAAD Attack Framework : An attack tool for simple, fast & effective security testing of M365 & Entra ID (Azure AD).
- GTFOBins : A curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems.
- Metaspoit: Metasploit Framework for penetration testing
- impacket-examples-windows: The great impacket example scripts compiled for Windows
- Active-Directory-Exploitation-Cheat-Sheet: A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
Privilege Escalation (RCE)
- PEASS-ng : PEASS - Privilege Escalation Awesome Scripts SUITE
- GTFOBLookup : GTFO Lookup
- chisel : A fast TCP/UDP tunnel over HTTP
- nishang : Nishang - Offensive PowerShell for red team, penetration testing and offensive security.
- Online - Reverse Shell Generator
Cryptography
- dCode: Solveurs, Crypto, Maths, Codes, Outils en Ligne
- RapidTables.com : Online Calculators & Tools
- Boxentriq : Cipher Identifier (online tool)
- Morse Code World: Morse Code crypto for encrypt and decrypt
- CrackStation: Online Password Hash Cracking
- CyberChef: The bunch of cyber tools for crypto and file format
- cryptii: Modular conversion, encoding and encryption online
- CrypTool: Try crypto tools, learn cryptography and solve puzzles
- Unicode Text Steganography Encoders/Decoders : Unicode Text Steganography Encoders/Decoders
Forensics
- HexEd.it : Browser-based Online and Offline Hex Editing
- BertNaseโs Own - npiet fun!
- AperiโSolve : Forensic integrate all tool in one platform
- Brightness and contrast online:
- FTK Forensic Toolkit : Toolkit for Forensic
- Steganographic Comparator
- Volatility 3 โ Volatility 3 2.4.0 documentation: Arsenal for digital forensics
Webhook
- Webhook.site : Generates free, unique URLs and e-mail addresses and lets you see everything thatโs sent there instantly. (Usage: Steal cookies, bypass authorized, โฆ)
- Mockoon: Locally mock API
- Beeceptor : API Mocking
Reverse Engineer (RE)
- CPUlator Computer System Simulator
- Compiler Explorer
- Decompiler Explorer
- Valgrind - An instrumentation framework for building dynamic analysis tools and use to detect memory leaking
External
Info
The collection of myself about something are need for prepare for security and explore about how the applications prevent with attack to network, code and moreover
Web Application Firewall
- ModSecurity : ย An open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx.
- naxsi : An open-source, high performance, low rules maintenance WAF for NGINX
- lua-resty-waf : High-performance WAF built on the OpenResty stack
- Nginx-Lua-Anti-DDoS : A Anti-DDoS script to protect Nginx web servers using Lua with a HTML Javascript
Code Search Engine
- grep.app | code search : Search specify code block on github community
Vulnerables Search Engine
- Search Engine for Security Intelligence | Vulners
- CVE MITRE - CVE
- CVE security vulnerability database. Security vulnerabilities, exploits, references and more
- CWE - Common Weakness Enumeration
- CVE-Search
- Vulnerability Database ๐ก
- NVD NIST
- CVE Trends
- Vulmon - Vulnerability Intelligence Search Engine
- Bug Bounty Hunting Search Engine
- Exploit Database : Find PoC and Exploit method for Penetration Testers, Researchers, and Ethical Hackers
- Vulnerability & Exploit Database : Exploit DB of Rapid7 (Metasploit product)
- ๐ Sploitus : Exploit & Hacktool Search Engine
Vulnerability management
- faraday: Open Source Vulnerability Management Platform
- vuls: Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
- ThreatMapper: Open Source Cloud Native Application Protection Platform (CNAPP). Documentation
- django-DefectDojo : DevSecOps, ASPM, Vulnerability Management. All on one platform.
Vulnerability Scanner
- Nettacker : Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management
- nuclei : Fast and customizable vulnerability scanner based on simple YAML based DSL. Doc and Cloud Platform
- zaproxy : The ZAP core project
SOC Operation system
- VultureOS : ย An operating system based onย HardenedBSD. It has been design to deliverer cybersecurity services for the Advens SOC.
Mobile
- Apktool: A tool for reverse engineering Android apk files
- mobile-nuclei-templates : Mobile Template for using with nuclei
Burp extension
- agartha : A Burp extension helps identifying injection flaws (LFI, RCE, SQLi), authentication/authorization issues, and HTTP 403 access violations, while also converting HTTP requests to JavaScript for enhanced XSS exploitation.
Code Validate
- codeql: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
IAST (Interactive Application Security Testing)
- DongTai: (IAST) tool that enables real-time detection of common vulnerabilities in Java applications and third-party components through passive instrumentation.
Networking
Info
Security techniques take the concept around networking and techniques related
General knowledge
- Subnet Calculator: Calculator CIDR concept of subnet
- VLSM Calculator: Calculator VLSM concept of subnet
- DomainTools: Reverse IP Lookup - All Names Hosted at an IP
VPN
Give applause for Nyr for contributing a wonderful setup, with those script, you just need 1 minutes for creating your own VPN and safely connected remotely with your network
- openvpn-install.sh: Setting up
openvpnfor your host (Author: Nyr) - wireguard-install.sh: Setting up
wireguardvpnfor your host (Author: Nyr)
External Networking Techniques
- awesome-tunneling : List of ngrok/Cloudflare Tunnel alternatives and other tunneling software and services. Focus on self-hosting.
- wstunnel : Tunnel all your traffic over Websocket or HTTP2 - Bypass firewalls/DPI - Static binary available
- ZTM : A privacy-first open-source decentralized network software based on HTTP/2 tunnels.
- Xray-core: Xray, Penetrates Everything. Also the best v2ray-core, with XTLS support. Fully compatible configuration.
- frp: A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.
- localtunnel: Localtunnel allows you to easily share a web service on your local development machine without messing with DNS and firewall settings.
Cloud
Info
Cloud computing security or, more simply, cloud security, refers to a broad set of policies, technologies, applications, and controls utilized to protect virtualized IP, data, applications, services, and the associated infrastructure of cloud computing. It is a sub-domain of computer security, network security, and, more broadly, information security. Source: Wikipedia
- T Wiki : Chinese page who talk about Security Cloud with multiple provider like Azure, AWS, GCP, โฆ
- Hacking the Cloud: An encyclopedia of the attacks/tactics/techniques that offensive security professionals can use on their next cloud exploitation adventure.
Training page (LAB)
Info
The collections of mine about what you need to learn, how to solve problem and figure out what you decide on hacking, doing security and have fun
Introduce
- List of hacking websites | RazviOverflow
- HackTricks - HackTricks : Wikipedia of Hacking
- Payloads All The Things: Useful payloads and bypasses for Web Application Security
- Web-CTF-Cheatsheet
- Internal All The Things : Active Directory and Internal Pentest Cheatsheets
- Hardware All The Things: A curated collection of valuable payloads and bypass techniques tailored for Hardware and IoT Security
- Hacktrick Training: Learn Cloud Hacking & Become HackTricks Training Certified
Reverse Engineer
- Crackme : Place to improving the RE skill
- Nightmare: Intro to binary exploitation / reverse engineering course based around ctf challenges
Security Lab
Info
Misc + Lab Machine
- Hack The Box: Hacking Training For The Best | Individuals & Companies : Lab Machine where you can put the effort for pwn the machine and learn about red, blue team skillset
- TryHackMe | Cyber Security Training : Like HTB but more tutorials
- Web Application Security, Testing, & Scanning - PortSwigger : Learn about web hacking fundamentals (HELPFUL)
- PentesterLab: Learn Web Penetration Testing: The Right Way: Learn and try practical with Lab via Penetration Test
- Online Cyber Security Blue Team Training - CyberDefenders: Learn and try to improving the defensive skillset on Blue Team
- OverTheWire: Wargames : The level competition which you need to find the key for reach to next level (HELPFUL - FOR UPGRADE LINUX SKILL)
- UnderTheWire: Wargames: Wargames where help you improve hacking skill (HELPFUL - FOR UPGRADE POWERSHELL SKILL)
- Welcome [Root Me : Hacking and Information Security learning platform] : Like HTB and THM but you will have fun things to exploit
- Application Security Training For Developers | Kontra : Vulnerables Site which visual on illustration and take you image what happen when attacking occur
- Vulnerable By Design ~ VulnHub : Like HTB and THM, but you need to learn about virtualization to setup the pentest environment
- Attack-Defense Labs : More Labs you can take and archive your knowledge, bro trust me.
- HackThisSite : Legally site where you can make penetration test
- GOAD: Game of active directory
Forensics
Info
Network + Forensics + Digital Forensics
- Malware-Traffic-Analysis.net - Traffic Analysis Exercises : Labs of Networking where you can gain the knowledge on analysis network traffic
- JPEG FIF : Detail explanation about JPEG File Interchange Format
- MemLabs : Educational, CTF-styled labs for individuals interested in Memory Forensics
Walkthrough
Info
HacktheBox/CTF solution, hacking technical and OSCP
- 0xdf hacks stuff | CTF solutions, malware analysis, home lab development
- @TJ_Nullโs OSCP Prep - YouTube
- OSCP Room Prep - NetSecFocus Trophy Room
- Roadmap to OSCP 2023. Crack OSCP in 6 months, starting fromโฆ | by Usman Shah | Medium
- IppSec Achievement
CTF (Capture the flag)
Info
โCTFs are gamified competitive cybersecurity events that are based on different challenges or aspects of information security. They are excellent for both beginners and experienced hackers looking to develop, test, and prove their skills because they gamify hacking concepts. Weโre big believers in the power of gamification here at Hack The Box! Gamification makes learning about something like a video game. Because gamification is fun and makes you think creatively, itโs one of the most effective ways to learn and develop skills.โ
Introduce
- Introduction | CTF Resources
- Awesome CTF | awesome-ctf
- Use these cheatsheets to increase your CTF speed. | by Vicky Aryan | Nov, 2023 | InfoSec Write-ups
- Top 22 Tools for Solving Steganography Challenges - Yeah Hub
Youtube Channel
- Martin Carlisle: Super cool and bring you more knowledge about CTF, especially for newbie via PicoCTF
- SloppyJoePirates CTF Writeups: Trust me, he is really rare CTF player with most of passion and helpful contents
- Almond Force: He write about Web and Forensic CTF challenge, Supper cool guy
- CryptoCat: InfoSec education channel: CTF walkthroughs, binary exploitation, pen-testing, bug bounty, malware analysis, programming/scripting etc.
Training page
- PicoCTF: Best of way for newbie and starter (LEGACY PAGE)
- PWNABLE.VN : Vietnamese group whose create a wonderful page for practicing CTF
- Bแบฏt ฤแบงu vแปi CTF: Tแปng hแปฃp cรกc trang WarGame ฤแป luyแปn tแบญp | WhiteHat.vn : Collection of CTF from huge page about security WhiteHat (Vietnamese)
- Home Page - ImaginaryCTF : Monthly CTF challenge page, Super cool contents. You will learn a lot from that
- CTFLearn : CTF challenge page, you can practice more and level up skillset on multiple category of CTF game
- Viblo CTF: Like CTFLearn but Vietnamese version
Events
- CTFTime : Place where you can find the next CTF events time.
Best Writeups ever
- CSAW 2k22 ALL WEB WRITEUPS - ./n0s-Writeups
- Noir CSAW22 Writeup - HackMD
- ๏ผโยด3๏ฝโ๏ผGoooood
- CSAW CTF
- TFC CTF 2022 Writeup - ใใฃใกใใฎใใญใฐ
- KMA - HTB Business CTF 2024: The Vault Of Hope Write Up
Bug Bounty
Info
Aย bug bounty programย is a deal offered by many websites, organizations, and software developers by which individuals can receive recognition and compensationย for reportingย bugs, especially those pertaining toย securityย exploitsย andย vulnerabilities
You can become participant of Bounty program via
Youtube Channel
Info
Hacking/InfoSec Youtube Channel
- 13Cubed: Digital Forensics. Hacking. Home Labs.
- Motasem Hamdan: HTB and THM resolution, creative guy who will guide you about security
- John Hammond : Super dope and cool guy who teach you helpful things, cool stuff about hacking, cyber security
- David Bombal : Networking Guy with hand on in physical network items, hacking conservation and guide you on hacking journey with cool contribute
- LiveOverflow: Binary exploiting guy with guide you about that, more about IT security
- NetworkChuck: Very Helpful, super dope and friendly guy with detailing explanation (Recommendation), guide you about network, cloud, linux and more about homelab
- IppSec: Best ever on HTB Solution, Guide you pwn a box and learn about scenarios to reaching them
- Loi Liang Yang: Super cool technic with hacking can explore
- Computerphile: All about computers and computer stuff
- The Cyber Mentor: TCM Security, Very clear contents for starters
- Null Byte : Aspiring ethical hackers, computer scientists, and the infosec community
- DC CyberSec: Freelance in Cybersecurity Guy
- Grant Collins: Funny guy who guide you about Cybersecurity career, education, and the occasional deeboodah shenanigans.
- Seytonic : Break down and dissect cyber security related tech news
- STรK: Bug Bounty sharing, explain and suggest a cool mindset prep for bug bounty
- InsiderPhD: She is guiding about bug bounty for starter, cool contents and technics
- SecurityFWD: SecurityFWD shows the latest security tools, amazing projects, and keeps you on the edge of whatโs possible in security today.
- zSecurity: Provide for guideline to becoming Ethical Hacker
- Hak5
- Zanidd: Hacker, Dev & Educator
- HackerSploit : HackerSploit is the leading provider of free Infosec and cybersecurity training
- NahamSec: Bug bounty guy with impressed technics, conversation hacking and moreover
- DAY0: Previous
DAY[0]podcasts as well as other reverse engineering / exploit development-related media - Cristi Vlad
- LTN Labs