For another much larger list you can also take a look at!


Name Mirror Description Language
GDB Cheatsheet link Cheatsheet for the GNU Debugger, GDB. English
Debugging with gdb n/a The GDB manual, for when cheatsheets don't answer your questions. English
Writing Buffer Overflows link Introduction to writing buffer overflows using gcc/gdb/nasm/ld/objdump/python. English
Reverse Engineering a Binary Part 1 Part 2 link 1 link 2 Short introduction to reverse engineering a simple C++ binary. English
GironSec Blog n/a Blog by Joe Giron, mainly about Reverse Engineering and/or Malware English
Coursera Course: Malware n/a Coursera course on Malware with some pointers to other resources about lowlevel/asm stuff. English
Programming from the Ground Up link Ebook about programming, approaching the topic from the lower level, including ASM and cpu architecture etc. English
Youtube playlist: Intro x86 (32 bit) todo Around 13 hours of decent x86 explanation English
Brian Raiter's Resources link Some articles about binary tools, ELF hacking, etc. English
Tuts 4 You n/a Better content than you'd think with this name. Mainly about reverse engineering and debugging, and tools like WinDbg, OllyDbg, IDA, Immunity, etc. English
From NAND to Tetris link "Building a Modern Computer From First Principles", starting at the logic gate level. English
Shellcode/buffer overflow lab link Practical exercise on exploiting a buffer overflow by writing and using shellcode. English
Veil - Framework n/a Shellcode generation and AV evasion framework English
shell-storm - Jonathan Salwan's Blog link Blog with interesting posts about binary exploitation and malware, also a lot of relevant presentations. Also a large shellcode repository at /shellcode/ English
Corelan Team n/a Many high quality in-depth articles and writeups about mainly reversing/binary stuff. English
Assembly x86_64 programming for Linux link 64-bit x86 ASM tutorial in 8 parts English
X86 Opcode and Instruction Reference n/a Reference for 32-bit and 64-bit opcodes and instructions for various architectures, including instructionsets specific for stuff like MMX, SSE, Itanium, VMX, etc. English n/a Blog from Russel Willis (Rapid7) about RE'ing, shellcode analysis, Ruby, obfuscation, etc. English
8-part buffer overflow tutorial (Youtube, total ~45 mins) n/a Introduction to exploiting with executable stack; analysing crashes in gdb, EIP control, and using shellcode to expoit the buffer overflow. English
Smashing the Stack For Fun And Profit (Phrack, vol 7 issue 49) n/a An early (1996) writeup about stack overflows in the Phrack magazine English
Assembly Language Megaprimer for Linux (SecurityTube) n/a 11-part video series about Assembly language, aimed at hackers with no previous knowledge about ASM. English
Buffer Overflow Exploitation Megaprimer for Linux (SecurityTube) n/a 9-part video series about Buffer Overflow Exploitation English
The 101 of ELF Binaries on Linux: Understanding and Analysis n/a Background information about the ELF format and tools for analysing binaries. English
MIPS Basic Training Course n/a Video course in 11 parts covering basic MIPS architecture and related software interfaces. Aimed at driver developers and other low-level programmers. English
The Ksplice Pointer Challenge n/a If you think you understand arrays and pointers in C, try these short exercises. English
Learning C with GDB n/a Blog post about how to use GDB to understand more about C peculiarities. English
Understanding C by learning Assembly n/a Blog post about how to use GDB to understand more about Assembly language. English
Reverse Engineering for beginners link Work in progress, but already a large amount of useful information around RE such as: Oracle RDBMS, Itanium, copy-protection dongles, LD_PRELOAD, stack overflow, ELF, win32 PE file format, x86-64, critical sections, syscalls, TLS, position-independent code (PIC), profile-guided optimization, C++ STL, OpenMP, win32 SEH, and more. English or Russian

Wargame / Challenge Sites

Name Language
A Challengers Handbook by Caesum English
Certified Secure English + Dutch
Hellbound Hackers English English
SmashTheStack Wargaming Network English
OverTheWire English
Microcorruption English English + French
Net Force English
Enigmagroup English
Hackthissite English
Hack This English
Can You Hack It English
VulnHub English
IO (x86) | IO (x86_64) | IO (ARM) English

Crypto and SSL

Name Mirror Description Language
The Matasano Crypto Challenges n/a Several sets of crypto challenges combined with programming exercises. Good as an introduction to both crypto and a new language you'd like to learn. English n/a Strong Ciphers for Apache, nginx and Lighttpd (and a few more applications/services) English
Youtube: Introduction to Cryptography by Christof Paar n/a 20+ lectures on modern cryptography, quite technical. English
1 hour crypto lecture (PDF) n/a "Everything you need to know about cryptography in 1 hour" by Colin Percival English
Crypto 101 n/a Introductory Course in PDF-format by Laurens Van Houtven on Cryptography freely available for programmers of all ages and skill levels. (jun 2015: seems to be a WIP) English

CTF Teams & Writeups

Name Mirror Description Language
CTF Field Guide n/a General information about CTF's and how to approach them. English
Eindbazen n/a One of the better Dutch CTF teams, plenty of writeups on their blog. English
CTF Time n/a Scoreboard / Lists of many CTF events and teams English
Plaid Parliament of Pwning n/a One of the best CTF teams internationally, affiliated with Carnegie Mellon University. English
Regenpijp's Security Blog n/a A lot of nice CTF writeups. English
CTF Writeups n/a Collection of many CTF writeups by the ctf community English
CTF Hacker n/a And more CTF writeups English


Name Mirror Description Language
Paterva n/a Open Source Intelligence & Forensics tools like Maltego and CaseFile. English
SANS Digital Forensics & Incident Response Poster link Cheatsheet about many subjects relating to forensics, good for finding google keywords. English
SANS Windows Artifacts Analysis n/a Cheatsheet about Windows Forensics to help you remember where you can discover key items to an activity on Microsoft Windows systems. English

Oct 11th 2016: Seems to be down at the moment..

n/a Blog about Digital Forensics and Incident Response English
SANS Challenge(s) n/a SANS Digital Forensics & Incident Response Challenges, includes answers. English
SANS Blog n/a SANS Digital Forensics & Incident Response Blog English


Name Mirror Description Language Wiki n/a Elaborate resource for creating operating systems and related architecture. English
SecurityTube n/a Over 13k+ security-related video's, some nice playlists, hackercon video material, etc. English
How To Become A Hacker - Eric Steven Raymond n/a One of the 'classics', of course slightly outdated but still contains a lot of truth. English
How To Learn Hacking - Eric Steven Raymond n/a Another 'classic', still mostly applicable today despite its age. English
Hacking in the Media

Oct 11th 2016: Seems to be down at the moment..

n/a Collection of documentaries and news mentions of Hacking, both English and Dutch. English / Dutch
Dit geef je allemaal prijs als je inlogt op een openbaar wifinetwerk n/a Article about the risks of logging in to a public WiFi network, aimed at the general public. Dutch Blog n/a No activity since 2011 but still has some good info. English
HackForums n/a Largest public forum about 'hacking', a lot of skids though. English
Learn To hack in 17 easy steps n/a Short but informative post back in 1995 on the alt.2600 newsgroup. English
Offensive Computer Security Course n/a Florida State University Course on offensive security, aimed at 15 weeks (27 lectures) English
PentesterLab n/a PentesterLab provides vulnerable systems that can be used to test and understand vulnerabilities. Varies in difficulty, good to get acquainted with some CVE's. English
Password Tips n/a Useful information for both techies and non-techies about picking good passwords. Dutch
Hakipedia Wiki n/a "The Hakipedia collaborative is an endeavor aimed to centralize information and articles in regard to the different layers of the hacking sub-culture." English
Black Hats Manual - Software Security, Auditing, Cracking, Debugging n/a Vast resource on a lot of topics, ranging from buffer overflows, setuid applications to networking and crypto. Slightly outdated (2002). English
Blackhat 2014 Youtube Playlist n/a More than 100 videos covering BlackHat 2014 talks. English
I � Unicode n/a An analysis of the state of Unicode and also some possible security implications of bad handling. English
Cylance Operation Clever 2012 n/a High level but also hands-on report on a lof of malicious 'cyber' activity all over the world by Cylance. English
Igor Korkin's collection of docs n/a Papers and slides about HVM rootkits and generic virtualization security issues. English
Secure Salted Password Hashing - Doing it Right n/a Developer-oriented article on how to do password hashing the right way. English
RaiderSec Blog n/a Interesting blog with technical articles about various topics, writeups, reports, etc. English
Pentest Geek Blog n/a Yet another security blog with good articles. English
Computer Security Student n/a A lot of information English
hacktracking blog n/a Blog with various technical articles, from CTF writeups to binary to sysadmin stuff. English
Packet Storm n/a Aggregator of various other sites, and also a very large repository of software (exploits), tools, advisories and whitepapers. English n/a Lots of conference video material, also some video tutorials. English
Awesome AppSec n/a Another nice list of resources, aimed at security professionals, mainly from a developer/programmer point of view. English
Shellcoding for Linux and Windows Tutorial n/a description English


Name Mirror Description Language
Be a kernel hacker n/a Introduction on Linux Kernel (module) development. English
Security: OpenBSD vs FreeBSD n/a In-depth roundup of kernel/system level security features in both OpenBSD and FreeBSD. English
Linux Process States n/a Introduction to some more advanced process management and terminology in Linux English
Hacker's Hut n/a Some random hacking hints, mainly from a Linux point of view. (These are the words of the author, actually it's quite an elaborate series of good pointers and articles which are commonly found in CTF's and wargames) English


Name Mirror Description Language
Android Pentesting Portable Integrated Environment (APPIE) n/a Appie is a software package that has been pre-configured to function as an Android Pentesting Environment on any windows based machine without the need of a VM or dualboot. English


Name Mirror Description Language
Data Communication Lecture Series n/a Lecture Series on Data Communication by Prof.A. Pal. Slightly outdated but still a lot of valid information about networking fundamentals, mainly on the lower layers. English
A Practical Guide to (Correctly) Troubleshooting with Traceroute link Presentation by NANOG which clears up a lot of confusion and common mistakes surrounding traceroutes. English
Hping3 Examples n/a Some documentation and examples about the useful hping3 utility. English
Mutually Agreed Norms for Routing Security link Information about global BGP/routing policies including some security details. English
Opening TCP/UDP sockets using bash built-ins n/a Interesting article about how to open network connections from a linux machine without tools like telnet/netcat/socat English

Physical Security + Lockpicking

Name Mirror Description Language
"Evil Maid" Attacks on Encrypted Hard Drives n/a Short article by Bruce Schneier on the evil maid attack, with some more in-depth links in it. English
Netragard’s Hacker Interface Device (HID) n/a Interesting article about a physical layer attack using a malicious USB HID - a mouse in this case - to compromise a host. English
Inception (Tool) n/a Inception is a physical memory manipulation and hacking tool exploiting PCI-based DMA. The tool can attack over FireWire, Thunderbolt, ExpressCard, PC Card and any other PCI/PCIe interfaces. English


Name Mirror Description Language
OWASP n/a Open Web Application Security Project, a lot of material about web security. English
fuzzdb n/a Attack and Discovery Pattern Database for Application Fuzz Testing English
Are PDO prepared statements sufficient to prevent SQL injection? n/a Informative stackoverflow question & answer about PDO and 2nd order SQLi. English
Blind SQL Injection in Plain English (PDF) n/a Presentation on basic SQL Injection. English
BeEF - The Browser Exploitation Framework n/a BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser. English


Name Mirror Description Language
ophcrack n/a GPL-licensed Windows LM+NTLM hash cracker based on rainbow tables. English
Windows privilege escalation via weak service permissions n/a Interesting blog post about windows security, including a MSF example of exploiting this particular issue. Also check out this useful comment if you're reading this for OSCP. English
Windows Services – All roads lead to SYSTEM n/a Thorough article on Windows Services and what can go wrong when they are misconfigured. Code execution, privilege escalation, etc. English
Understanding Windows Shellcode link An intro into Windows Shellcode construction and a detailed look on a set of Windows shellcode examples. English