This repository has been forked from Mia von Steinkirch. Since her repository has been archived and I intend to create one, I have forked her repository. It already has few resources available. I haven't got the time to go through all of them. I have put them in bt3gl sub-folder. My resources will be available in the parent directory of the repository. Overtime, I will merge her resources with mine and make a grand one.
All information and software available on this site are for educational purposes only. Use these at your own discretion, the site owners cannot be held responsible for any damages caused. The views expressed on this site are our own and do not necessarily reflect those of our employers.
Usage of all tools on this site for attacking targets without prior mutual consent is illegal. It is the end user’s responsibility to obey all applicable local, state and federal laws. We assume no liability and are not responsible for any misuse or damage caused by this site.
- The Art of Intrusion.
- Krebs Series on how to be in InfoSec: Thomas Ptacek, Bruce Schneier, Charlie Miller.
- How to be a InfoSec Geek.
- Continuous security.
- How to not get hacked.
- The Hacker Playbook I have written a bash-script to download all the tools mentioned in this book. They are in Hacker Playbook Utility repository.
- Applied Cryptography (2nd Edition) by Bruice Schneir
- The Code Book by Simon Singh
- The Web Application Hackers Handbook by Dafydd Stuttard and Marcus Pinto
- Security Engineering by Ross Anderson
- Handbook to Applied Cryptography by Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone
- NGINX Admin Handbook
- Hacker101 — Newcomers Playlist
- Computer Networks
- Operating Systems
- Operating System - UC Berkley
- Seytonic - Youtube Channel
- YouTube Playlist on Web Challenges CTF
- HackerSploit Playlists - Youtube Channel
- CTF Walkthrough on Basic Pentesting
- Application Security - AppSec
- Threat Modeling Spyware - SheHacksPurple
- Hacker101 Videos
- LiveOverFlow Channel
- Binary Exploitation / Memory Corruption - LiveOverFlow
- Cryptography I from Stanford
- Computer Forensics
- I bought these two courses when I was starting and looking for resources.
- Learn Ethical Hacking from Scratch by Zaid Sabih and Z Security.
- The Complete Ethical Hacking Course: Beginner to Advance by Ermin Kreponic - I bought it but never tried the course.
- CTF Playground
- Training Ground
- Binary Exploitation
- Crypto Playground
- CryptoPals - Cryptography related problem. Very good for basic cryptographers.
- Wargames
- OverTheWire Wargame - A good starting point for beginners.
- bugcrowd university
- Intigriti
- VulnHub
- Programming Talks
- Netflix's Stethoscope
- Ghidra
- Awesome Pentensting
- Repulsive Grizzly - Netflix
- Netflix Skunkwork
- Microsoft Threat Modeling Tool
- AssemblyLine
- OWASP - Project Dragon Threat Modeling Tool
- OWASP ZAP Zed Attack Proxy
- ScriptHunter - a tool that finds javascript files for a given website
- JSMon - JavaScript Change Monitor
- URL Tracker
- PWNMachine
- American Fuzzy Lop
- Shodan
- Security is Everybody's Job - Part 1 - DevSecOps
- Security is Everybody's Job - Part 2 - What is Application Security?
- Security is Everybody's Job - Part 3 - What IS DevOps?
- Security is Everybody's Job - Part 4 - What is DevSecOps?
- Security is Everybody's Job - Part 5 - The First Way
- Security is Everybody's Job - Part 6 - The Second Way
- Security is Everybody's Job - Part 7 - The Third Way
- Part 1 - Pushing left, Like a boss
- Part 2 - Security Requirements
- Part 3 - Secure Design
- Part 4 - Secure Coding
- Part 5 - Secure Coding Guidelines
- Part 5.1 - Input Validation, Output Encoding and Parameterized Queries
- Part 5.2 - Use Safe Dependencies
- Part 5.3 - Browser and Client-Side Hardening
- Part 5.4 - Session Management
- Part 5.5 - File Upload
- Part 5.6 - Redirects and Forwards
- Part 5.7 - URL Parameters
- Part 5.8 - Securing Your Cookies
- Part 5.9 - Error Handling and Logging
- Part 5.10 - Untrusted Data
- Part 5.11 - Authorization (AuthZ)
- Part 5.12 - Authentication (AuthN), Identity and Access Control
- Part 5.13 - HTTPS Only
- Part 5.14 - Secure Coding Summary
- Part 6 - Threat Modelling
- Part 7 - Code Review and Static Code Analysis
- Part 8 - Testing
- Part 9 - An AppSec Program
- Part 10 - Special AppSec Activities and Situations
- Work with encryption
- A Reddit post on How to start “hacking”
- Apples Secure Coding Guide
- Paul Ionescu's Security Code Review
- Blog post on different threat modeling method
- STRIDE - Wikipedia
- PASTA - Wikipedia
- Threat Modeling Serverless - Tanya Janca
- Hacking Robots and Eating Sushi
- OWASP Cheat Sheet Series
- OWASP Web Security Testing Guide
- OWASP Top Ten Web Application Security Risks
- OWASP - Threat Modeling
- OWASP - Application Threat Modeling
- OWASP - Threat Modeling Cheat Sheet
- Real World Threat Modeling Using PASTA Methodology
- Trail of bits CTF guide
- CTF Challenges Walkthrough
- CTF Writeup collection
- Waldo Writeup (HackTheBox)
- Shitsco CTF Problem Walkthrough
- 0xdf hacks stuff
- Union SQLi Challenges (Zixem Write-up)
- Google’s Project Zero