Info
This page for purpose share the idea, community, skillset, technical about Cyber Security and Information Security. How we can improve the skillset via LAB and CTF contest
General
- Youtube - 60 Hacking Commands You NEED to Know
- Cybersecurity Conferences
- OWASP
- The Hacker News - Cybersecurity News and Analysis
- HACKING roadmap
- bugbounty-cheatsheet/books.md at master ยท EdOverflow/bugbounty-cheatsheet
- Billโs Security Site
InfoSec Blog page
- Blog | hackers-arise
- WhiteHat.vn
- Sebastian Neef - 0day.work
- tl;dr sec
- Escape - The API Security Blog
- Top Cybersecurity And Information Security Guides - HackersOnlineClub
- With Secure Publications
- Wiz.blog
- Vsociety - CVE Org analysis : CVE analysis and publish CVE
- AttackerKB : CVE analysis
- Intigriti Blog
- HTB Blog
- THM Blog
- Hackerone Blog
- Medium - System Weakness
- Medium - Infosec Writeups
- Medium - S12 H4CK
- Medium - Coded Conversations ๐๐ฌ
- LRTV Blog
- Hacking Articles - Raj Chandelโs Blog
- Sun* Cyber Security Team - Vietnamese
- Cloudflare Blog
- Cloudflare Learning
- ElNiak Blog
- Prof Bill Buchanan OBE FRSE : Professor of Cryptography
Technical and Technologies for hacking
Awesome repository
- awesome-pentest : A collection of awesome penetration testing resources, tools and other shiny things
- awesome-infosec : A curated list of awesome
infoseccourses and training resources. - the-book-of-secret-knowledge : A collection of inspiring lists, manuals, cheat-sheets, blogs, hacks, one-liners, cli/web tools and more.
- Awesome-Hacking : A collection of various awesome lists for hackers, pentesters and security researchers
- awesome-hacker-search-engines : A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more
- h4cker : About ethical hacking, bug bounties, digital forensics and incident response (DFIR), artificial intelligence security, vulnerability research, exploit development, reverse engineering, and more.
- GO Simple Tunnel: A simple security tunnel written in golang
- awesome-ctf : A curated list of CTF frameworks, libraries, resources and softwares
- Awesome-Cybersecurity-Handbooks : A huge chunk of my personal notes since I started playing CTFs and working as a Red Teamer.
- awesome-privilege-escalation : A curated list of awesome privilege escalation
Browser Search
Programing Language
CVE Exploits Explorer
Container
- Medium - Docker and runC Vulnerabilities: A Deep Dive into CVE-2024โ21626 and Its Counterparts
- Medium - Breaking Free: 26 Advanced Techniques to Escape Docker Containers
- dive : A tool for exploring each layer in a docker image
- crane: A tool for interacting with remote images and registries
OS and Computer architecture
InfoSec Research (Protocol, Malware, Vulnerables, โฆ)
- Ping Power โ ICMP Tunnel. An attacker is often required to face aโฆ | by Nir Chako | InfoSec Write-ups
- Different types of Computer Viruses - Computer Virus Classification
- Linux Privilege Escalation - Vietnamese
General Attacking + Defend skill
- MITRE ATT&CKยฎ : Globally-accessible knowledge base of adversary tactics and techniques based on real-world observations.
- Defend MITRE: Defend skillset base on real-world secenarios
- CAPEC - Common Attack Pattern Enumeration and Classification (CAPECโข)
- Pentester Land - Offensive InfoSec
- Exploit Database - Exploits for Penetration Testers, Researchers, and Ethical Hackers : Find PoC and Exploit method
- Vulnerability & Exploit Database
- Application Security Cheat Sheet - Application Security Cheat Sheet
- ๐ Sploitus | Exploit & Hacktool Search Engine
- Reddit Hacking
- KitPloit - PenTest & Hacking Tools
- Introduction - OWASP Cheat Sheet Series
- vitalysim/Awesome-Hacking-Resources: A collection of hacking / penetration testing resources to make you better!
- SecurityZines : Visualization Hacking, Architecture and Technical by Image with step by step
- Get Reverse-shell via Windows one-liner - Hacking Articles
- blaCCkHatHacEEkr/PENTESTING-BIBLE: Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.
- AD-Attack-Defense
- Hive: a public repository for red/blue team stuff.
Privilege Escalation (RCE)
- PEASS-ng : PEASS - Privilege Escalation Awesome Scripts SUITE
- GTFOBLookup : GTFO Lookup
Cryptography
- dCode - Solveurs, Crypto, Maths, Codes, Outils en Ligne
- Online Calculators & Tools - RapidTables.com
- Cipher Identifier (online tool) | Boxentriq
- Morse Code World
- CrackStation - Online Password Hash Cracking
- CyberChef - The bunch of cyber tools
- Modular conversion, encoding and encryption online โ cryptii
- CrypTool
- Practical Cryptography : Talk about Cryptography but explain more about them
OSINT
- TinEye Reverse Image Search
- Internet Archive: Wayback Machine
- GPS coordinates, latitude and longitude with interactive Maps
Forensics
- HexEd.it - Browser-based Online and Offline Hex Editing
- BertNaseโs Own - npiet fun!
- Unicode Text Steganography Encoders/Decoders
- AperiโSolve
- Brightness and contrast online
- FTK Forensic Toolkit
- Steganographic Comparator
- Volatility 3 โ Volatility 3 2.4.0 documentation
- Top 22 Tools for Solving Steganography Challenges - Yeah Hub
- Hiding Information by Manipulating an Imageโs Height
- Steghide - An Easy way to Hide Confidential Data Inside Images and Sound Objects in Linux | 2DayGeek
- Information hiding
- Modifying Embedded Filesystems in ARM Linux zImages | jamchambโs blog
Web (Recon, Exploit)
- SecLists : Wordlist for attacking
- Online - Reverse Shell Generator
- Snyk
- crt.sh | Certificate Search
- JSON Web Tokens - jwt.io
Webhook
- Webhook.site : Generates free, unique URLs and e-mail addresses and lets you see everything thatโs sent there instantly. (Usage: Steal cookies, bypass authorized, โฆ)
- Mockoon: Locally mock API
- Beeceptor : API Mocking
Reverse Engineer (RE)
- CPUlator Computer System Simulator
- Compiler Explorer
- Decompiler Explorer
- Valgrind - An instrumentation framework for building dynamic analysis tools and use to detect memory leaking
Code Search
- grep.app | code search : Search specify code block on github community
Vulnerables Search Engine
- Search Engine for Security Intelligence | Vulners
- CVE MITRE - CVE
- CVE security vulnerability database. Security vulnerabilities, exploits, references and more
- CWE - Common Weakness Enumeration
- CVE-Search
- Vulnerability Database ๐ก
- NVD NIST
- CVE Trends
- Vulmon - Vulnerability Intelligence Search Engine
Networking
- Subnet Calculator
- Reverse IP Lookup - All Names Hosted at an IP - DomainTools
- DNSdumpster.com - dns recon and research, find and lookup dns records
- Shodan Search Engine
- Google Public DNS
- Network Tools by YouGetSignal.com
VPN
Give applause for Nyr for contributing a wonderful setup, with those script, you just need 1 minutes for creating your own VPN and safely connected remotely with your network
- openvpn-install.sh: Setting up
openvpnfor your host (Author: Nyr) - wireguard-install.sh: Setting up
wireguardvpnfor your host (Author: Nyr)
Tunnelling
- awesome-tunneling : List of ngrok/Cloudflare Tunnel alternatives and other tunneling software and services. Focus on self-hosting.
- wstunnel : Tunnel all your traffic over Websocket or HTTP2 - Bypass firewalls/DPI - Static binary available
IPS / IDS
Virtual Private LAN Service
- Kแบฟt nแปi private LAN qua Cloudflare Tunnels sแปญ dแปฅng Wireguard
- Cisco - Configuring Virtual Private LAN Service (VPLS)
- What is multiprotocol label switching (MPLS)?
Zero Trust Network Access (ZTNA)
Zero Trust Mesh
Training page (LAB)
Info
The collections of mine about what you need to learn, how to solve problem and figure out what you decide on hacking, doing security and have fun
Introduce
- List of hacking websites | RazviOverflow
- HackTricks - HackTricks : Wikipedia of Hacking
- Payloads All The Things: Useful payloads and bypasses for Web Application Security
- Web-CTF-Cheatsheet
RE (Reverse Engineer)
- Crackme : Place to improving the RE skill
- Nightmare: Intro to binary exploitation / reverse engineering course based around ctf challenges
Misc + Lab Machine
- Hack The Box: Hacking Training For The Best | Individuals & Companies : Lab Machine where you can put the effort for pwn the machine and learn about red, blue team skillset
- TryHackMe | Cyber Security Training : Like HTB but more tutorials
- Web Application Security, Testing, & Scanning - PortSwigger : Learn about web hacking fundamentals (HELPFUL)
- PentesterLab: Learn Web Penetration Testing: The Right Way: Learn and try practical with Lab via Penetration Test
- Online Cyber Security Blue Team Training - CyberDefenders: Learn and try to improving the defensive skillset on Blue Team
- OverTheWire: Wargames : The level competition which you need to find the key for reach to next level (HELPFUL - FOR UPGRADE LINUX SKILL)
- UnderTheWire: Wargames: Wargames where help you improve hacking skill (HELPFUL - FOR UPGRADE POWERSHELL SKILL)
- Welcome [Root Me : Hacking and Information Security learning platform] : Like HTB and THM but you will have fun things to exploit
- Application Security Training For Developers | Kontra : Vulnerables Site which visual on illustration and take you image what happen when attacking occur
- Vulnerable By Design ~ VulnHub : Like HTB and THM, but you need to learn about virtualization to setup the pentest environment
- Attack-Defense Labs : More Labs you can take and archive your knowledge, bro trust me.
- HackThisSite : Legally site where you can make penetration test
Network + Forensics + Digital Forensics
- Malware-Traffic-Analysis.net - Traffic Analysis Exercises : Labs of Networking where you can gain the knowledge on analysis network traffic
- JPEG FIF : Detail explanation about JPEG File Interchange Format
- MemLabs : Educational, CTF-styled labs for individuals interested in Memory Forensics
HacktheBox/CTF solution, hacking technical and OSCP
- 0xdf hacks stuff | CTF solutions, malware analysis, home lab development
- @TJ_Nullโs OSCP Prep - YouTube
- OSCP Room Prep - NetSecFocus Trophy Room
- Roadmap to OSCP 2023. Crack OSCP in 6 months, starting fromโฆ | by Usman Shah | Medium
- IppSec Achievement
CTF (Capture the flag)
Info
โCTFs are gamified competitive cybersecurity events that are based on different challenges or aspects of information security. They are excellent for both beginners and experienced hackers looking to develop, test, and prove their skills because they gamify hacking concepts. Weโre big believers in the power of gamification here at Hack The Box! Gamification makes learning about something like a video game. Because gamification is fun and makes you think creatively, itโs one of the most effective ways to learn and develop skills.โ
Introduce
- Introduction | CTF Resources
- Awesome CTF | awesome-ctf
- Use these cheatsheets to increase your CTF speed. | by Vicky Aryan | Nov, 2023 | InfoSec Write-ups
Youtube Channel
- Martin Carlisle: Super cool and bring you more knowledge about CTF, especially for newbie via PicoCTF
- SloppyJoePirates CTF Writeups: Trust me, he is really rare CTF player with most of passion and helpful contents
- Almond Force: He write about Web and Forensic CTF challenge, Supper cool guy
- CryptoCat: InfoSec education channel: CTF walkthroughs, binary exploitation, pen-testing, bug bounty, malware analysis, programming/scripting etc.
Training page
- PicoCTF: Best of way for newbie and starter (LEGACY PAGE)
- PWNABLE.VN : Vietnamese group whose create a wonderful page for practicing CTF
- Bแบฏt ฤแบงu vแปi CTF: Tแปng hแปฃp cรกc trang WarGame ฤแป luyแปn tแบญp | WhiteHat.vn : Collection of CTF from huge page about security WhiteHat (Vietnamese)
- Home Page - ImaginaryCTF : Monthly CTF challenge page, Super cool contents. You will learn a lot from that
- CTFLearn : CTF challenge page, you can practice more and level up skillset on multiple category of CTF game
- Viblo CTF: Like CTFLearn but Vietnamese version
Events
- CTFTime : Place where you can find the next CTF events time.
Best Writeups ever
- CSAW 2k22 ALL WEB WRITEUPS - ./n0s-Writeups
- Noir CSAW22 Writeup - HackMD
- ๏ผโยด3๏ฝโ๏ผGoooood
- CSAW CTF
- TFC CTF 2022 Writeup - ใใฃใกใใฎใใญใฐ
Cloud
Info
Cloud computing security or, more simply, cloud security, refers to a broad set of policies, technologies, applications, and controls utilized to protect virtualized IP, data, applications, services, and the associated infrastructure of cloud computing. It is a sub-domain of computer security, network security, and, more broadly, information security. Source: Wikipedia
Awesome pages
- T Wiki : Chinese page who talk about Security Cloud with multiple provider like Azure, AWS, GCP, โฆ
- Hacking the Cloud: An encyclopedia of the attacks/tactics/techniques that offensive security professionals can use on their next cloud exploitation adventure.
Articles
Bug Bounty
Info
Aย bug bounty programย is a deal offered by many websites, organizations, and software developers by which individuals can receive recognition and compensationย for reportingย bugs, especially those pertaining toย securityย exploitsย andย vulnerabilities. You can become participant of Bounty program via
Hacking/InfoSec Youtube Channel
- 13Cubed: Digital Forensics. Hacking. Home Labs.
- Motasem Hamdan: HTB and THM resolution, creative guy who will guide you about security
- John Hammond : Super dope and cool guy who teach you helpful things, cool stuff about hacking, cyber security
- David Bombal : Networking Guy with hand on in physical network items, hacking conservation and guide you on hacking journey with cool contribute
- LiveOverflow: Binary exploiting guy with guide you about that, more about IT security
- NetworkChuck: Very Helpful, super dope and friendly guy with detailing explanation (Recommendation), guide you about network, cloud, linux and more about homelab
- IppSec: Best ever on HTB Solution, Guide you pwn a box and learn about scenarios to reaching them
- Loi Liang Yang: Super cool technic with hacking can explore
- Computerphile: All about computers and computer stuff
- The Cyber Mentor: TCM Security, Very clear contents for starters
- Null Byte : Aspiring ethical hackers, computer scientists, and the infosec community
- DC CyberSec: Freelance in Cybersecurity Guy
- Grant Collins: Funny guy who guide you about Cybersecurity career, education, and the occasional deeboodah shenanigans.
- Seytonic : Break down and dissect cyber security related tech news
- STรK: Bug Bounty sharing, explain and suggest a cool mindset prep for bug bounty
- InsiderPhD: She is guiding about bug bounty for starter, cool contents and technics
- SecurityFWD: SecurityFWD shows the latest security tools, amazing projects, and keeps you on the edge of whatโs possible in security today.
- zSecurity: Provide for guideline to becoming Ethical Hacker
- Hak5
- Zanidd: Hacker, Dev & Educator
- HackerSploit : HackerSploit is the leading provider of free Infosec and cybersecurity training
- NahamSec: Bug bounty guy with impressed technics, conversation hacking and moreover
- DAY0: Previous
DAY[0]podcasts as well as other reverse engineering / exploit development-related media - Cristi Vlad
- LTN Labs