-
📝 BLOGS
-
📚 BOOKS
-
🎙️ PODCAST
-
📺 YOUTUBE
-
🗞️ NEWSLETTERS
-
⌨️ BASH
-
👨🍳 CyberChef
-
☁️ CLOUD
-
🕵️ DFIR
-
🐟 DOCKER
-
🏭 ICS/OT
-
⚙️ KUBERNETES
-
🐧 LINUX
-
🕷️ MALWARE
-
🌐 NETWORK
-
👁️🗨️ OSINT
-
🔥 PENTEST
-
🔒 PRIVACY
-
🐍 PYTHON
-
*️⃣ REGEX
-
🧪 SQL
-
💬 OTHER
- Heatmap
- Certification Road Map
- Workforce Framework for Cybersecurity
- LinkedIn Summary
- Why Being #OpenToWork on LinkedIn is Working Against You
- Mind the Gap: Leveraging mind maps & self-assessments to develop a personal training plan
- How to Professionally Say
- Recovering from burnout
- Burning out and quitting
- Cybersecurity Job Interview Simulation (Entry-level)
- Managing Underperformers
- How to understand/retain complex concepts 10x better
- Fighting With Your Boss
- International Tech Job Search Handbook
- What I tell people new to on-call
- Speaking for Hackers - how to do speaking on conferences
- ActivityWatch - is an app that automatically tracks how you spend time on your devices.
- ADSecurity
- Didier Stevens - malware analysis
- harmj0y
- Jason Turley's Website - CTF and tips
- Inversecos - DFIR and malware analysis
- DFIR Science
- The Book of Secret Knowledge - collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more
- SOC radar blog
- Dawid Bałut 🇵🇱
- CyberWatch
- threathuntergir
- Chris Sanders
- Hacking Articles
- Bushidotoken
- The Packet Thrower
- Darknet
- Exploit Reversing - Malware Analysis Series
- Web Breacher - posts related to OSINT
- Windows Commandline - not updated anymore but good posts
- Chappell University Labs -articles related to Wireshark and packet capture
- Gregor Reimling - Azure cloud ☁️
- Thomas Maurer - Azure cloud☁️
- Bruce Schneier - writing about security issues
- Curmudgeonly Ways
- We Hack People
- The Book of Secret Knowledge
- You should turn off autofill in your password manager
- Matt's DFIR Blog
- nixCraft - for Linux fans
- Detectify
- Mark's Blog - blog covering topics such as Windows troubleshooting, technologies and security.
- Windows Blog Archive
- Learn in public
- High on coffee
- X33U
- OpenSecurity 🇵🇱
- hackstreetboys - good blog post about Privilege Escalation
- Become a Cyberwarrior
- The security Noob
- El Kentaro - wardriving, warwalking blog
- The Mayor - hunting tips
- Counter Intelligence 🇵🇱
- Reversing Labs
- CISA Alerts
- Google Project Zero
- Packet Storm - information about exploits
- Cyble
- mr eerie - DFIR blog
- ThinkDFIR - DFIR blog
- Cheeky4n6Monkey - Forensics
- The Binary Hick - Thoughts From a Digital Forensic Practitioner
- dfir.blog - Digital forensics, web browsers, visualizations, & open source tools
- Yogesh Khatri's forensic blog - All things forensic and security related
- ZENA FORENSICS
- Initialization vectors - Digital Forensics and Incident Response. All things InfoSec
- TheHexNinja
- forensicmike1
- mac4n6 - MacOS forensics
- Another Forensics Blog
- LinuxSleuthing
- Sketchymoose's Blog
- cyb3rward0g - covers Azure & Sentinel
- securityinbits - DFIR
- Malwology
- Cloudbrothers - blog posts related to Microsoft solutions
- Blue Team Handbook: SOC, SIEM, and Threat Hunting
- Blue Team Handbook: Incident Response
- Ten Strategies of a World-Class Cybersecurity Operations Center
- Malware Analyst's Cookbook
- Practical Malware Analysis
- AWS Well-Architected Labs
- pwnable
- Backdoors&Breaches
- Blue Team Labs
- bWAPP - buggy web application
- Command Challenge - challenges to write single line bash commands for the given task
- CryptoHack - learn cryptography
- CTF Learn
- Cyber Defenders
- Digital Forensic Challenge Images 7 DFIR challanges by Ali Hadi
- ExploitMe Mobile Android Labs
- flAWS Cloud - learn about common mistakes and gotchas when using Amazon Web Services (AWS)
- Immersive Labs
- IO - the modern exploit mitigation techniques, like better ASLR
- Java Vulnerable Lab
- Lets Defend
- Hacker101
- Hack This Site
- Hacking Loops
- Hacksplaining
- Hacktoria - OSINT CTFs
- HackTheBox
- MemLabs - memory forensics
- Microcorruption - Security CTF
- OWASP Juice Shop
- PentesterLab
- Pico CTF
- Smash the Stack
- TryHackMe
- VulnHub
- War games - OverTheWire community can help you to learn and practice security concepts
- XSS Game
- Cybersec Labs - reports, analysis of attacks, IOCs
- Unit42 Paoalto Networks - reports, analysis of attacks, IOCs
- Malicious Life
- DARKNET DIARIES
- The Privacy, Security, and OSINT Show
- Digital Forensic Survival Podcast
- Down the Security Rabbithole Podcast
- The OSINT Curious Project
- Cyberlaw
- SANS Daily Stormcast
- CISO Series: Headlines, Why Discussions
- What the Shell?
- Cyber Sector 7
- All InfoSec News - The InfoSec & Cyber news aggregator
- ZDNET
- Bleeping Computer
- Cyber Scoop
- The Register
- Tech Beacon
- The Cyber Post
- Cyber News
- TechURLs
- The Daily Sqing
- ASEC - AhnLab security emergency reponse center.
- IronNet - Executive commentary, threat research, and analysis from the IronNet team.
- Zimperium
- 0x4rkØ - OSINT, Vulnerability Management
- HackerSploit
- Black Hills Information Security - security tranings
- Nahamsec
- STÖK - Bug hunting
- The Cyber Mentor - hacking, OSINT
- BlackPerl
- InsiderPhD
- DC CyberSec
- John Hammond
- The OSINT Curious Project - OSINT tips
- Data Rescue Labs - Digital Forensic
- Gerald Auger - Simply Cyber - cybersecurity career, interview, begginer information
- Neil Fox - Malware Analyse
- Cybersecurity Meg - Security Career
- Nicolas Moy - Senior Cloud Security Instructor
- Thomas Maurer - Azure cloud
- webpwnized - web, mobile and network penetration testing
- Andy Li - pentesting journey
- 247 CTF
- DFIRScience - DFIR stuff
- Email Forensics by Metaspike - Forensics
- Chris Greer - chanell about Wireshark
- Practical Networking
- Gary Ruddell - OSINT
Conferences:
- DEFCON
- SAINTCON - Security Advisory and Incident Network Team
- Blue Team Village - Defcon village
- Red Team Village - Defcon village
Polish:
- Kacper Szczurek 🇵🇱
- Maciej Kofel 🇵🇱
- UW-TEAM.org 🇵🇱
- Niebezpiecznik 🇵🇱
- Pasja informatyki 🇵🇱
- Sekurak 🇵🇱
- This Week in Security
- Unsupervised Learning
- tl;dr sec
- Intigriti
- Hacker newsletter
- SANS Newsletter
- CISA
- cybersecurityventures
- Robin Oldham newsletter
- Naked security
- Microsoft Evaluation Center - iso for MS products
- AD Security
- Active Directory Security
- Harmj0y
- Bash introduction for hackers part 1
- Bash introduction for hackers part 2
- Introduction to Bash Programming by InsiderPhD
- OWASP juice Shop - learning about web app pentesting
- OWASP Testing guide
- BugBountyHunter - Learning about web application vulnerabilities
- BRUTE XSS
- The Bug Hunter's Methodology Full 2-hour Training by Jason Haddix
- CS 253 Web Security - This course is a comprehensive overview of web security.
- Playlist of live bug bounty by Nahamsec
- Script for recon
- Security Headers - scan website to check headers
- Cyberchef Recipes
- CyberChef: Example DFIR Use Cases
- CyberChef for Security Analysts - paid course that I recommand
- Podstawy narzędzia CyberChef 🇵🇱 - free 2h+ video in polish
- Advanced CyberChef Techniques For Malware Analysis - Detailed Walkthrough and Examples
- unfur
- The Hitchhiker's Guide to DFIR: Experiences From Beginners and Experts
- Stark4n6's startme
- Awesome Incident Response
- Digital Forensics Guide
- Intro to DFIR - free 3 h
- Playbooks
- SNAS youtube
- Start.me Digital Forensics
- Start.me Forensics
- Memory Forensics with Vol(a|u)tility - video
- Cobalt Strike, a Defender’s Guide
- DFIR Madness - examples of cases really useful!
- PowerShell Commands for Incident Response
- Digital Forensics Essentials (DFE) - free course
- 'X-Ways Forensics' Video Clips
- Memory Forensic - write ups, tutorials, blog
- Threat hunting with hints of incident response
- Digital Forensic & Incident Response
- PSDecode - This is a PowerShell script for deobfuscating other encoded PowerShell scripts.
- processhacker
- PE Explorer
- regshot
- ShellBags Explorer - A GUI for browsing shellbags data. Handles locked files.
- USBDeview - lists all USB devices that currently connected to your computer, as well as all USB devices that you previously used.
- Thumbcache Viewer - extract thumbnail images from the thumbcache
- JumpListsView - displays the information stored by the 'Jump Lists' filename, data, event, id, size etc.
- Docker Tutorial for Beginners [FULL COURSE in 3 Hours]
- Top 8 Docker Best Practices for using Docker in Production
- Docker Tutorial for Beginners
- Kubernetes Crash Course for Absolute Beginners
- Awesome Docker Compose Examples
- Play with docker - labs and tutorials that help you get hands-on experience using Docker
TRAINING
- CISA ICS training - Free training by CISA
PODCASTS
- Control Loop - Control Loop is the OT Cybersecurity Podcast, your terminal for ICS security, intelligence, and learning. Every two weeks, we bring you the latest news, strategies, and technologies that industry professionals rely on to safeguard civilization.
- The Industrial Security Podcast - takes a deep-dive into the most pressing emerging issues in SCADA technologies today.
- The PrOTect OT cybersecurity Podcast - brings together experts in the field of cybersecurity for critical infrastructure and industrial organizations.
- Unsolicited Response - Every week Dale Peterson interviews the innovators in OT and ICS security, as well as the top talent in related fields.
- CS2AI podcast show CTFs -CAPTURE THE FLAG 2024 - DRAGOS
CERTIFICATES
- GICSP - SANS Global Industrial Cyber Security Professional Certification (💲 paid)
- GRID - SANS GIAC Response and Industrial Defense (💲 paid)
- GCIP - SANS GIAC Critical Infrastructure Protection Certification (💲 paid)
- Blue Teams Academy - Free Training 2022
- Self-Study SOC Analyst Curriculum
- SOC Analyst Study Guide
- Awesome-infosec - A curated list of awesome information security resources
- The Analyst Mindset: A Cognitive Skills Assessment of Digital Forensic Analysts
- The Diamond Model of Intrusion Analysis
- Tool Analysis Result Sheet - summarizes the results of examining logs recorded in Windows upon execution of the 49 tools
- Writing better Yara rules in 2023
- UNDERSTANDING RANSOMWARE-AS-A-SERVICE (RAAS) - A GUIDE
- Demystifying DLL Hijacking Understanding the Intricate World of Dynamic Link Library Attacks
- Splunk Detections
- Create a new Sigma rule
- Yara Toolkit - yara editor, generator etc.
- haveïbeensquattɘd¿ Typosquat checks
- Blue Team Guides
- Living off the False Positive - Living off the False Positive is an autogenerated collection of false positives sourced from some of the most popular rule sets.
- Practical Incident Response - Active Directory
- Tool Analysis Result Sheet - summarizes the results of examining logs recorded in Windows upon execution of the 49 tools ⭐
Is an open-source container-orchestration system for automating computer application deployment, scaling, and management.
- Understanding Kubernetes - ebook
- Kubernetes Tutorial for Beginners - free video course
- Bandit - is aimed at absolute beginners. It will teach the basics needed to be able to play other wargames.
- linuxjourney
- Cyberciti
- The Complete Linux for Ethical Hackers Course for 2019
- Linux ip Command Examples
- Linux Survival
- Linux command line for you and me!
- Learng it Branching - learn git
- Malware Analysis In 5+ Hours
- maldefense
- Abuse - is providing community driven threat intelligence on cyber threats
- malware-traffic-analysis
- SANS Malicious-File-Investigation-Procedures
- exploit-db
- Malware Wiki
- The Zoo
- Malware Trends
- How You Can Start Learning Malware Analysis
- Malicious Life Podcast
- Microsoft Defender Submit a file
- Tools For Security Researchers & Malware Analyst
- The Art of Modern Malware Analysis - free labs
- Malware Unicorn
- List of materials for Malware Analysis
- A Beginner’s Guide to Tracking Malware Infrastructure
- Learning Malware Analysis - This repository contains sample programs that mimick behavior found in real-world malware.
- GETTING STARTED ANALYZING MALICIOUS DOCUMENTS - 3 page PDF quick reference provides you with the tools you need to know when analyzing malicious documents, such as Word, OneNote and PDF.
- Downlaod Windows 10
- REMnux
- The TCP/IP Guide
- Wi is Fi - Understanding Wi-Fi 4/5/6/6E/7 (802.11 n/ac/ax/be)
- Network lessons
- Network Defense Essentials (NDE) - free course
- Free CCNA 200-301 course
- Cyren IP Reputation Check
- Cisco IP Reputation
- System Design Basics - Load Balancing Algorithms
- WhoYouCalling - Monitors network activity made by a process through the use of Windows Event Tracing (ETW) and Full Packet Capture (FPC). Filters a generated .pcap file with BPF based on the detected network activity made by the process.
- OSINT Framework
- OSINT Me
- GROSpy - detecting where the photo was taken
- OSINTCurious - great tips related to OSINT, they have great podcast!
- OSINT Dojo
- Tips and Tricks on Reverse Image Searches
- The Ultimate Beginner's Guide to OSINT
- OSINT tips - missing person (Trace Lab)
- Trace Lab OSINT Search Party CTF Contestant Guide
- Search Paty writeups
- OSINT Protips
- Learn All the Things
- UNREDACTED Magazine - free magazine about Privacy, Security, and OSINT
- Bellingcat
- Hunting Warhead - podcast that follows a group of journalists tracking down paedophiles and eventually a guy who ran one of the biggest paedophilia website.
- OSINT – jakie informacje o sobie można znaleźć w Internecie 🇵🇱
- Delete your data from Facebook
- HandleFinder - find usernames across many social networks
- Twitter Advance Searches
- ID Ransomware - identify ransomware
- Unlisted Videos - find unlisted YouTube videos
- breachdirectory - CHECK IF YOUR EMAIL OR USERNAME WAS COMPROMISED
- scamsearch
- castrickclues
- holehe - Efficiently finding registered accounts from emails.
- mailcat - The only cat who can find existing email addresses by nickname.
- Wikimapia - s an online editable map - you can describe any place on Earth.
- cylect - the Ultimate AI OSINT Tool
- Bellingcat OpenStreetMap search
- Face check id - search based on the photo of the face
- GeoSpy Vision - Convert pixels into actionable intelligence using generative AI
- Solve the case - Help solve real world cases
- Surveillance Under Surveillance - leverages hard-to-reach Open Street Maps data to geolocate all cameras.
- Free LinkedIn Profile viewr Tool
- SpiderFoot - SpiderFoot automates the collection of OSINT to find everything possible about a target
- Sherlock - Command line tool to search usernames across social networks
- Buster - An advanced tool for email reconnaissance
- Face Depixelizer
- Tinyeye
- Pimeye
- Sync Me
- Shodan
- Censys - similar to Shodan
- Binary Edge - similar to Shodan
- Wayback machine
- Archive.today
- CachedView - The Google Cache Browser for any page on the Internet.
- Cachedpages - Get the cached page of any URL
- Webcitation
- Timetravel
- OldWeb
- Geocities
- Phonebook
- Email verification
- Email-checker
- Dehashed
- WhatsMyName
- Snaptik - download TikTok videos
- GoSearch - is an efficient and reliable OSINT tool designed for uncovering digital footprints associated with a given username.
- Awesome Sites To Test On
- Zero to Hero Pentesting
- SHODAN for Penetration Testers
- Full Ethical Hacking Course - Beginner Network Penetration Testing (2019) - 15 h course for free
- Beginner-Network-Pentesting
- Free Password Hash Cracker
- The Journey to Try Harder: TJnull’s Preparation Guide for PWK/OSCP
- Hack Tricks
- The Ultimate OSCP Preparation Guide, 2021
- Penetration Testing Tools Cheat Sheet
- OSCP - Links and Notes
- Payloads All The Things - A list of useful payloads and bypasses for Web Application Security.
- Ethical Hacking Essentials (EHE) - free course
- API Security Certified Expert - free course by Corey Ball
- Pentest Book
- RedTeamRecipe ⭐
- Manipulating ActiveProcessLinks to Hide Processes in Userland
- 15 Ways to Bypass the PowerShell Execution Policy
- Reverse Shell Generator
- PowerShell forensics
- Learn PowerShell
- Getting Started with PowerShell 3.0
- The Guide to Learning PowerShell - ebook
- PowerShell Magazine
- Your activity in Google - Stored Google activity data
- Privacy is sexy - Enforce privacy & security on Windows and macOS
- Your activity outside of Facebook - a list of sites you have visited that use integration with this service. The number of sites depends mainly on whether you use Adblock.
- Open Source Alternative
- Tutanota - Secure email for everybody.
- Privnote - PrivnoteSend notes that will self-destruct after being read.
- GrapheneOS - The private and secure mobile operating system with Android app compatibility
- Aegis Authenticator
- Orbot: Tor for android
- Shelter - Android app - is a Free and Open-Source (FOSS) app that leverages the “Work Profile” feature of Android to provide an isolated space that you can install or clone apps into.
- KeePassDX - android app
- Briar - Secure messaging, anywhere
- Element - Secure and independent communication, connected via Matrix
- OnionShare - is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network.
- ai.robots.txt - an open list of web crawlers associated with AI companies and the training of LLMs to block.
- Python Tutorial for Beginners - Learn Python in 5 Hours - I recommand!
- Python for everybody - free video course series that teaches the basics of using Python 3.
- 18 Python one-liners that will speed up your coding process.
- Data Analysis with Python
- Python Beginners
- Automate Your Life with Python
- Automate the Boring Stuff with Python
- Python
- Regular Expression Cheat Sheet
- Regex101
- Regex Learn
- RegExHub
- Regular-Expressions
- THM room Regular expressions
- Reverse Engineering 101
- Reverse Engineering For Everyone!
- Nightmare - intro to binary exploitation / reverse engineering course based around ctf challenges
- Reverse Engineering & Vulnerability Analysis - free lectures
- SQLbolt
- PGEXERCISE
- SQL teaching
- KingLab
- DB designer - Online Database Schema Design and Modeling Tool
- SQL tips and tricks
- CyberChef - web app for encryption, encoding, compression and data analysis
- CTI 101 Student Handout
- Linux Threat hunting part 1
- Linux Threat hunting part 2
- Living Off Trusted Sites (LOTS) Project - Attackers are using popular legitimate domains when conducting phishing, C&C, exfiltration and downloading tools to evade detection. The list of websites below allow attackers to use their domain or subdomain.
- LOLOL Farm - Living Off the Living Off the Land - A great collection of resources to thrive off the land
- CTI Analyst Challenge - This repository contains instructions and resources for an intelligence analysis challenge
- intelbase - have I been pwned on steroids
- Investigation Theory
- Practical Threat Hunting
- SOC Core Skills w/ John Strand
- Getting Started in Security with BHIS and MITRE ATT&CK
- Google Data Analytics Professional Certificate Blue Team Level 1 - Paid - £399 GBP
- CCD - Certified CyberDefender - Paid - $800 USD
- ENISA CSIRT Training Resources - Trainings for Cybersecurity Specialists
- ActiveCountermeasures - Cyber Threat Hunting training course
- Wireshark Tutorial
- Cuckoosegg training
- Incident Response class
- Elastic for Security Analysts. Part 1: Searching Strings
- CRYPTO101
- CS50's Introduction to Computer Science
- Code Red - Network Defense Essentials, Ethical Hacking Essentials, Digital Forensics Essentials
- C2 Attack & Defend
- CSI Linux - go to Academy and there is a fee course - CSI Linux is a focused Linux distribution for digital forensics and was developed as an open source 'theme park' for the cyber security industry.
- Fundamentals of Dark Web
- CVE Trends
- VARIoT IoT vulnerabilities and exploits databases
- RouterSploit
- Remedy Cloud - Search for a CVE below to see all the available fixes
- Sound of Text - makes a sound of the text you wirte
- Rambox - the best way to organize your workspace
- Mindmup - create your mindmap
- Forest - Stay focused be present (pomodoro technique)
- Postman - API Testing
- Stackedit - In-browser Markdown editor
- Canva - graphic design platform, used to create social media graphics, presentations, posters, documents and other visual content.
- Ninte - Install and Update All Your Programs at Once
- BurpSuite community
- Process Explorer - shows a list of the currently active processes, including the names of their owning accounts
- WinSCP - File Manager
- Putty - an SSH and telnet client
- Win32 Disk Imager - to write a raw disk image to a removable device or backup a removable device to a raw image file.
- pfpmaker - Create an awesome profile picture for free
- Meld - helps you compare files, directories, and version controlled projects. It provides two- and three-way comparison of both files and directories, and has support for many popular version control systems.
- Netatmo - inteligent camera
- crxaminer - Enter the ID of the Chrome extension you want to analyze.
- Mitaka - searching IP, domain, URL, hash, etc. via the context menu.
- Facebook Container - Firefox
- DuckDuckGo Privacy Essentials
- Enhancer for YouTube
- HTTPS Everywhere
- AdGuard AdBlocker
- SafeType - Cyera Safe Type is an extention for anonimyzing private data in ChatGPT
- Kali Linux
- Pop OS - for STEM and creative professionals who use their computer as a tool to discover and create.
- xfce - lightweight desktop environment for UNIX-like operating systems
- Secure Drop - It allows a platform to securely and anonymously share documents.
- WikiLeaks Upload
- ProtonMail
- Shadow Wallet – Keeping Your Cryptocurrency Running
- Deep Web Radio - Listen to Music Anonymously, Because Why Not?
- Email templates
- cleanup.pictures - remove any unwanted object on the picture
- Tor: From the Dark Web to the Future of Privacy - A biography of Tor—a cultural and technological history of power, privacy, and global politics at the internet's core.