Skip to content

A list of resources I collected during my journey into cybersecurity

License

Notifications You must be signed in to change notification settings

W3rni0/W3rni0-awesome-resources

Folders and files

NameName
Last commit message
Last commit date

Latest commit

ย 

History

4 Commits
ย 
ย 
ย 
ย 

Repository files navigation

General ๐Ÿ“š

CTFs

  • What is CTF? - A video by LiveOverFlow introducing the idea of security Capture The Flag competitions.
  • CTFtime - A site all about CTFs, with information on CTF teams, CTF ratings, CTF writeups, CTF archive and upcoming CTFs.
  • CTF 101 - A guide for techniques, thought processes, and methodologies to succeed in CTF competitions.
  • Trail of Bits' CTF guide - A simple guide for getting into the CTF world and cyber security.
  • CTFlearn - An ethical hacking platform that enables tens of thousands to learn, practice, and compete.
  • PicoCTF - Popular CTF created by students at CMU.
  • RingZer0 CTF - RingZer0 Team's online CTF offers you tons of challenges designed to test and improve your hacking skills through hacking challenges.
  • apsdehal/awesome-ctf - A curated list of Capture The Flag (CTF) frameworks, libraries, resources, softwares and tutorials.
  • zardus/ctf-tools - A collection of security tools that might be needed in a CTF.

CTF Making

Wargames and Challenge Sites

  • WeChall - Overview of hacking challenge and problem solving sites.
  • zardus/wargame-nexus - An organized, PR-able list of wargame sites.
  • Deuterium's Hacking Sites - Similar to the lists above, organized by category and with description for each site.
  • OverTheWire - Popular wargames site with challenges at Bash scripting, linux exploitation and web exploitation.
  • UnderTheWire - Similar to OverTheWire, but with Powershell scripting.
  • CMD challenge - Challenges created to teach shell basics and specifically bash.
  • hackthissite.org - Free, safe and legal training ground for hackers to test and expand their ethical hacking skills with challenges, CTFs, and more.
  • SANS Holiday Hack Challenges - Every christmas since 2011 SANS puts out a big event with tons of great challenges, the events are avaliable after the holiday.
  • Smash The Stack - One of the oldest wargames.

Linux

Conferences

  • DEF CON - One of the largest and most notable security conference.
  • Black Hat - Similar to DEF CON, one of the premier information security conferences in the world.
  • Security BSides - A series of loosely affiliated information security conferences, multiple events each year including one in Israel.
  • RSA - A series of bussiness-oriented IT security conferences, initially on cryptography but now covers multiple areas.

Forums

Blogs

Wikis & Megathreads

Guides & Notes

  • Nickapic's Notes - Notes, resources and writeups related to Cybersecurity.
  • HackTricks - carlospolop's notes on tricks/techniques and what he learnt in CTFs, pentesting and reading on cybersecurity.

Youtube Channels

Podcasts

Papers & E-zines

Courses

Cryptography ๐Ÿ”

General

  • David Wong's blog and channel - David Wong is an author and blogger, he has a lot of content on cryptography and security in general.
  • r/crypto - A forum on cryptography and cryptanalysis.
  • r/codes - A forum on basic cipher and codes.
  • Crypton - An educational library to learn and practice offensive and defensive cryptography.
  • Cryptology ePrint Archive - The Cryptology ePrint Archive provides rapid access to recent research in cryptology.

Tools

  • Cyberchef - A web app for simple encryption, encoding, compression and data analysis.
  • dCode - Similar to Cyberchef with more ecryption and encoding systems.
  • Pycryptodome - Self-contained Python package of low-level cryptographic primitives.
  • SageMath - Open-source mathematics software system using python 3, this system contains many cryptosystems and is used for algerbric calculation and cryptanalysis.
  • CrypTool - E-learning platform for cryptography and cryptanalysis.
  • CrackStation - A tool for cracking hashes using massive pre-computed lookup tables.
  • factordb - A tool for factoring numbers using a database of known factorings.

Courses

  • Cryptography I - A free online introduction course in cryptography by Dan Boneh.
  • Crypto101 - An introductory course on cryptography, freely available for programmers of all ages and skill levels.
  • Introduction to Cryptography by Christof Paar - A comprehensive introduction to modern applied crypto. Only high school math is required to follow the lectures.
  • Block Breakers - A course on block ciphers and attacks on block ciphers.

Books

Learning Platforms & Exercises

  • Cryptohack - A fun platform for learning modern cryptography.
  • Cryptopals - A learning platform with a lot of exercises separated into sets.
  • id0-rsa - Similar to cryptopals.

Web Exploitation ๐Ÿ•ธ

General

Tools

  • Burp Suite - A fully featured web application attack tool.
  • Postman - A tool for making HTTP requests and test API's.
  • PayloadAllTheThings - A list of useful payloads and bypasses for Web Application Security.
  • Damn Vulnerable Web Application - A vulnerable PHP/MySQL web application for testing attacks and learning web application security.
  • OWASP Juice Shop - Modern and sophisticated insecure web application for security training, demos, CTFs and etc.

Courses

Books

Learning Platforms & Exercises

Reversing & Binary Exploitation โฎ

General

Tools

  • IDA Free - An interactive disassembler and debugger.
  • Ghidra - An open source reverse engineering framework created by the NSA, containing a disassember and decompiler.
  • radare2 - A UNIX portable reversing framework.
  • JADX - Dex to Java decompiler producing Java source code from Android Dex and Apk files.
  • Apktool - A tool for reverse engineering 3rd party, closed, binary Android apps.
  • Cutter - Free and Open Source RE Platform powered by Rizin.
  • ILSpy - An open-source .NET assembly browser and decompiler.
  • Frida - Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.

Courses

Blogs

Books

Learning Platforms & Exercises

  • crackmes.one - A simple place where you can download crackmes to improve your reverse engineering skills.
  • pwnable.kr - A non-commercial wargame site which provides various pwn challenges regarding system exploitation.
  • pwnable.xyz - pwnables for beginners. Most of the challenges were created for an internal event for OpenToAll's team (a CTF team anyone can join).
  • pwnable.tw- A wargame site for hackers to test and expand their binary exploiting skills.
  • challenges.re - A set of challenges with a variety of levels and technologies created by the author of Reverse Engineering For Beginners.
  • reversing.kr - A set of reversing challenges with decreasing difficulty, good for beginners.
  • ReversingHero - Engineering self learning kit (x86_64 on linux) wrapped inside one binary file. It is made of 15 levels, with difficulty gradually increasing
  • IO netgarage - One of the oldest and most popular wargame.
  • The Flare-On Challenges - An archive of challenges from Flare-On events created by FireEye.
  • Microcorruption - Challenges covering reversing of embedded devices.
  • ROP Emporium - Learn return-oriented programming through a series of challenges designed to teach ROP techniques in isolation, with minimal reverse-engineering or bug hunting.

Game Exploitation ๐Ÿ‘พ

General

Forensics ๐Ÿ•ต๐Ÿผโ€โ™‚๏ธ

General

  • MemLabs - An educational, introductory set of CTF-styled challenges which is aimed to encourage people to get started with the field of Memory Forensics.
  • corkami/pics - corkami is a security researcher and illustrator, this repo contains his illustration of file formats specifications in a simple to understand manner.
  • DFIR Diva - A blog on digital forensics and incident response, includes a great list of resources on this areas.
  • AboutDFIR - A site for the DFIR community, with books, tutorials and guides on the subject.
  • cugu/awesome-forensics

Books

Guides

Steganography ๐Ÿ‘ป

  • The Theorist Gateway Toolbox - Slides describing techniques and tools for hiding and extracting information, the ARG itself is very good too.
  • ae27ff - a set of levels including simple ciphers, steganography, different types of encodings, and familiarity with internet resources.

Coding ๐Ÿ’ป

General

Courses

  • Codecademy - A platform for learning programming languages.
  • Corey Schafer's Python Course - A good python course for beginner and advanced coders
  • FreeCodeCamp - A friendly community where you can learn to code for free, with courses on everything coding related, including cyber security.

Challenges

  • leetcode - A site to practice your coding skills with coding challenges.
  • HackerRank - Similar to leetcode.
  • Codewars - Improve your skills by training with others on real code challenges.
  • Codesignal - Similar to the sites above, but focused more on interview practice.
  • Project Euler - A series of challenging mathematical/computer programming problems.

Pentesting ๐Ÿ–ง

General

  • enaqx/awesome-pentest - A collection of awesome penetration testing and offensive cybersecurity resources.

Courses

Learning Platforms & Exercises

  • Hack The Box - An online platform allowing you to test your penetration testing skills and exchange ideas and methodologies with thousands of people in the security field.
  • HTB Academy - A new platform by Hack The Box for learning cybersecurity.
  • TryHackMe - A free online platform for learning cyber security and pentesting, using hands-on exercises and labs, all through your browser.
  • Root Me - Similar to TryHackMe and Hack The Box.
  • VulnHub - Vulnerable By Design - A growing collection of vulnerable virtual machine to hack and practice on.
  • Hack My VM - A new site similar to vulnhub with more gamification elements.
  • Exploit Exercises - One of the most known exploitation challenges, mostly linux exploitation and binary exploitation.
  • PentesterLab - Exercises in pentesting, with a lot of free ones.
  • PentesterAcademy - Similar to PentesterLab, high quality but all the courses require membership.

Books

Bug Bounty ๐Ÿž

Platforms

Courses

Books

About

A list of resources I collected during my journey into cybersecurity

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published