This is a collection of online resources I have found to be useful, or which are on my to-read list. I am not the owner or creator of the sites listed here. If you find links that are broken, or think something should be added, feel free to let me know. Last Updated: December 26 2016 22:27:43.
For another much larger list you can also take a look at https://code.google.com/p/pentest-bookmarks/wiki/BookmarksList!
| Name | Mirror | Description | Language |
|---|---|---|---|
| GDB Cheatsheet | link | Cheatsheet for the GNU Debugger, GDB. | English |
| Debugging with gdb | n/a | The GDB manual, for when cheatsheets don't answer your questions. | English |
| Writing Buffer Overflows | link | Introduction to writing buffer overflows using gcc/gdb/nasm/ld/objdump/python. | English |
| Reverse Engineering a Binary Part 1 Part 2 | link 1 link 2 | Short introduction to reverse engineering a simple C++ binary. | English |
| GironSec Blog | n/a | Blog by Joe Giron, mainly about Reverse Engineering and/or Malware | English |
| Coursera Course: Malware | n/a | Coursera course on Malware with some pointers to other resources about lowlevel/asm stuff. | English |
| Programming from the Ground Up | link | Ebook about programming, approaching the topic from the lower level, including ASM and cpu architecture etc. | English |
| Youtube playlist: Intro x86 (32 bit) | todo | Around 13 hours of decent x86 explanation | English |
| Brian Raiter's Resources | link | Some articles about binary tools, ELF hacking, etc. | English |
| Tuts 4 You | n/a | Better content than you'd think with this name. Mainly about reverse engineering and debugging, and tools like WinDbg, OllyDbg, IDA, Immunity, etc. | English |
| From NAND to Tetris | link | "Building a Modern Computer From First Principles", starting at the logic gate level. | English |
| Shellcode/buffer overflow lab | link | Practical exercise on exploiting a buffer overflow by writing and using shellcode. | English |
| Veil - Framework | n/a | Shellcode generation and AV evasion framework | English |
| shell-storm - Jonathan Salwan's Blog | link | Blog with interesting posts about binary exploitation and malware, also a lot of relevant presentations. Also a large shellcode repository at /shellcode/ | English |
| Corelan Team | n/a | Many high quality in-depth articles and writeups about mainly reversing/binary stuff. | English |
| Assembly x86_64 programming for Linux | link | 64-bit x86 ASM tutorial in 8 parts | English |
| X86 Opcode and Instruction Reference | n/a | Reference for 32-bit and 64-bit opcodes and instructions for various architectures, including instructionsets specific for stuff like MMX, SSE, Itanium, VMX, etc. | English |
| Codinguy.net | n/a | Blog from Russel Willis (Rapid7) about RE'ing, shellcode analysis, Ruby, obfuscation, etc. | English |
| 8-part buffer overflow tutorial (Youtube, total ~45 mins) | n/a | Introduction to exploiting with executable stack; analysing crashes in gdb, EIP control, and using shellcode to expoit the buffer overflow. | English |
| Smashing the Stack For Fun And Profit (Phrack, vol 7 issue 49) | n/a | An early (1996) writeup about stack overflows in the Phrack magazine | English |
| Assembly Language Megaprimer for Linux (SecurityTube) | n/a | 11-part video series about Assembly language, aimed at hackers with no previous knowledge about ASM. | English |
| Buffer Overflow Exploitation Megaprimer for Linux (SecurityTube) | n/a | 9-part video series about Buffer Overflow Exploitation | English |
| The 101 of ELF Binaries on Linux: Understanding and Analysis | n/a | Background information about the ELF format and tools for analysing binaries. | English |
| MIPS Basic Training Course | n/a | Video course in 11 parts covering basic MIPS architecture and related software interfaces. Aimed at driver developers and other low-level programmers. | English |
| The Ksplice Pointer Challenge | n/a | If you think you understand arrays and pointers in C, try these short exercises. | English |
| Learning C with GDB | n/a | Blog post about how to use GDB to understand more about C peculiarities. | English |
| Understanding C by learning Assembly | n/a | Blog post about how to use GDB to understand more about Assembly language. | English |
| Reverse Engineering for beginners | link | Work in progress, but already a large amount of useful information around RE such as: Oracle RDBMS, Itanium, copy-protection dongles, LD_PRELOAD, stack overflow, ELF, win32 PE file format, x86-64, critical sections, syscalls, TLS, position-independent code (PIC), profile-guided optimization, C++ STL, OpenMP, win32 SEH, and more. | English or Russian |
| Name | Language |
|---|---|
| A Challengers Handbook by Caesum | English |
| Certified Secure | English + Dutch |
| Hellbound Hackers | English |
| pwnable.kr | English |
| SmashTheStack Wargaming Network | English |
| OverTheWire | English |
| Microcorruption | English |
| Root-me.org | English + French |
| Net Force | English |
| Enigmagroup | English |
| Hackthissite | English |
| Hack This | English |
| Can You Hack It | English |
| VulnHub | English |
| IO (x86) | IO (x86_64) | IO (ARM) | English |
| Name | Mirror | Description | Language |
|---|---|---|---|
| The Matasano Crypto Challenges | n/a | Several sets of crypto challenges combined with programming exercises. Good as an introduction to both crypto and a new language you'd like to learn. | English |
| Cipherli.st | n/a | Strong Ciphers for Apache, nginx and Lighttpd (and a few more applications/services) | English |
| Youtube: Introduction to Cryptography by Christof Paar | n/a | 20+ lectures on modern cryptography, quite technical. | English |
| 1 hour crypto lecture (PDF) | n/a | "Everything you need to know about cryptography in 1 hour" by Colin Percival | English |
| Crypto 101 | n/a | Introductory Course in PDF-format by Laurens Van Houtven on Cryptography freely available for programmers of all ages and skill levels. (jun 2015: seems to be a WIP) | English |
| Name | Mirror | Description | Language |
|---|---|---|---|
| CTF Field Guide | n/a | General information about CTF's and how to approach them. | English |
| Eindbazen | n/a | One of the better Dutch CTF teams, plenty of writeups on their blog. | English |
| CTF Time | n/a | Scoreboard / Lists of many CTF events and teams | English |
| Plaid Parliament of Pwning | n/a | One of the best CTF teams internationally, affiliated with Carnegie Mellon University. | English |
| Regenpijp's Security Blog | n/a | A lot of nice CTF writeups. | English |
| CTF Writeups | n/a | Collection of many CTF writeups by the ctf community | English |
| CTF Hacker | n/a | And more CTF writeups | English |
| Name | Mirror | Description | Language |
|---|---|---|---|
| Paterva | n/a | Open Source Intelligence & Forensics tools like Maltego and CaseFile. | English |
| SANS Digital Forensics & Incident Response Poster | link | Cheatsheet about many subjects relating to forensics, good for finding google keywords. | English |
| SANS Windows Artifacts Analysis | n/a | Cheatsheet about Windows Forensics to help you remember where you can discover key items to an activity on Microsoft Windows systems. | English |
| HandlerDiaries Oct 11th 2016: Seems to be down at the moment.. |
n/a | Blog about Digital Forensics and Incident Response | English |
| SANS Challenge(s) | n/a | SANS Digital Forensics & Incident Response Challenges, includes answers. | English |
| SANS Blog | n/a | SANS Digital Forensics & Incident Response Blog | English |
| Name | Mirror | Description | Language |
|---|---|---|---|
| OSDev.org Wiki | n/a | Elaborate resource for creating operating systems and related architecture. | English |
| SecurityTube | n/a | Over 13k+ security-related video's, some nice playlists, hackercon video material, etc. | English |
| How To Become A Hacker - Eric Steven Raymond | n/a | One of the 'classics', of course slightly outdated but still contains a lot of truth. | English |
| How To Learn Hacking - Eric Steven Raymond | n/a | Another 'classic', still mostly applicable today despite its age. | English |
| Hacking in the Media Oct 11th 2016: Seems to be down at the moment.. |
n/a | Collection of documentaries and news mentions of Hacking, both English and Dutch. | English / Dutch |
| Dit geef je allemaal prijs als je inlogt op een openbaar wifinetwerk | n/a | Article about the risks of logging in to a public WiFi network, aimed at the general public. | Dutch |
| infosecurity.ch Blog | n/a | No activity since 2011 but still has some good info. | English |
| HackForums | n/a | Largest public forum about 'hacking', a lot of skids though. | English |
| Learn To hack in 17 easy steps | n/a | Short but informative post back in 1995 on the alt.2600 newsgroup. | English |
| Offensive Computer Security Course | n/a | Florida State University Course on offensive security, aimed at 15 weeks (27 lectures) | English |
| PentesterLab | n/a | PentesterLab provides vulnerable systems that can be used to test and understand vulnerabilities. Varies in difficulty, good to get acquainted with some CVE's. | English |
| Password Tips | n/a | Useful information for both techies and non-techies about picking good passwords. | Dutch |
| Hakipedia Wiki | n/a | "The Hakipedia collaborative is an endeavor aimed to centralize information and articles in regard to the different layers of the hacking sub-culture." | English |
| Black Hats Manual - Software Security, Auditing, Cracking, Debugging | n/a | Vast resource on a lot of topics, ranging from buffer overflows, setuid applications to networking and crypto. Slightly outdated (2002). | English |
| Blackhat 2014 Youtube Playlist | n/a | More than 100 videos covering BlackHat 2014 talks. | English |
| I � Unicode | n/a | An analysis of the state of Unicode and also some possible security implications of bad handling. | English |
| Cylance Operation Clever 2012 | n/a | High level but also hands-on report on a lof of malicious 'cyber' activity all over the world by Cylance. | English |
| Igor Korkin's collection of docs | n/a | Papers and slides about HVM rootkits and generic virtualization security issues. | English |
| Secure Salted Password Hashing - Doing it Right | n/a | Developer-oriented article on how to do password hashing the right way. | English |
| RaiderSec Blog | n/a | Interesting blog with technical articles about various topics, writeups, reports, etc. | English |
| Pentest Geek Blog | n/a | Yet another security blog with good articles. | English |
| Computer Security Student | n/a | A lot of information | English |
| hacktracking blog | n/a | Blog with various technical articles, from CTF writeups to binary to sysadmin stuff. | English |
| Packet Storm | n/a | Aggregator of various other sites, and also a very large repository of software (exploits), tools, advisories and whitepapers. | English |
| Irongeek.com | n/a | Lots of conference video material, also some video tutorials. | English |
| Awesome AppSec | n/a | Another nice list of resources, aimed at security professionals, mainly from a developer/programmer point of view. | English |
| Shellcoding for Linux and Windows Tutorial | n/a | description | English |
| Name | Mirror | Description | Language |
|---|---|---|---|
| Be a kernel hacker | n/a | Introduction on Linux Kernel (module) development. | English |
| Security: OpenBSD vs FreeBSD | n/a | In-depth roundup of kernel/system level security features in both OpenBSD and FreeBSD. | English |
| Linux Process States | n/a | Introduction to some more advanced process management and terminology in Linux | English |
| Hacker's Hut | n/a | Some random hacking hints, mainly from a Linux point of view. (These are the words of the author, actually it's quite an elaborate series of good pointers and articles which are commonly found in CTF's and wargames) | English |
| Name | Mirror | Description | Language |
|---|---|---|---|
| Android Pentesting Portable Integrated Environment (APPIE) | n/a | Appie is a software package that has been pre-configured to function as an Android Pentesting Environment on any windows based machine without the need of a VM or dualboot. | English |
| Name | Mirror | Description | Language |
|---|---|---|---|
| Data Communication Lecture Series | n/a | Lecture Series on Data Communication by Prof.A. Pal. Slightly outdated but still a lot of valid information about networking fundamentals, mainly on the lower layers. | English |
| A Practical Guide to (Correctly) Troubleshooting with Traceroute | link | Presentation by NANOG which clears up a lot of confusion and common mistakes surrounding traceroutes. | English |
| Hping3 Examples | n/a | Some documentation and examples about the useful hping3 utility. | English |
| Mutually Agreed Norms for Routing Security | link | Information about global BGP/routing policies including some security details. | English |
| Opening TCP/UDP sockets using bash built-ins | n/a | Interesting article about how to open network connections from a linux machine without tools like telnet/netcat/socat | English |
| Name | Mirror | Description | Language |
|---|---|---|---|
| "Evil Maid" Attacks on Encrypted Hard Drives | n/a | Short article by Bruce Schneier on the evil maid attack, with some more in-depth links in it. | English |
| Netragard’s Hacker Interface Device (HID) | n/a | Interesting article about a physical layer attack using a malicious USB HID - a mouse in this case - to compromise a host. | English |
| Inception (Tool) | n/a | Inception is a physical memory manipulation and hacking tool exploiting PCI-based DMA. The tool can attack over FireWire, Thunderbolt, ExpressCard, PC Card and any other PCI/PCIe interfaces. | English |
| Name | Mirror | Description | Language |
|---|---|---|---|
| OWASP | n/a | Open Web Application Security Project, a lot of material about web security. | English |
| fuzzdb | n/a | Attack and Discovery Pattern Database for Application Fuzz Testing | English |
| Are PDO prepared statements sufficient to prevent SQL injection? | n/a | Informative stackoverflow question & answer about PDO and 2nd order SQLi. | English |
| Blind SQL Injection in Plain English (PDF) | n/a | Presentation on basic SQL Injection. | English |
| BeEF - The Browser Exploitation Framework | n/a | BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser. | English |
| Name | Mirror | Description | Language |
|---|---|---|---|
| ophcrack | n/a | GPL-licensed Windows LM+NTLM hash cracker based on rainbow tables. | English |
| Windows privilege escalation via weak service permissions | n/a | Interesting blog post about windows security, including a MSF example of exploiting this particular issue. Also check out this useful comment if you're reading this for OSCP. | English |
| Windows Services – All roads lead to SYSTEM | n/a | Thorough article on Windows Services and what can go wrong when they are misconfigured. Code execution, privilege escalation, etc. | English |
| Understanding Windows Shellcode | link | An intro into Windows Shellcode construction and a detailed look on a set of Windows shellcode examples. | English |