{"id":25182937,"url":"https://github.com/zeyad-azima/offensive-resources","last_synced_at":"2026-01-19T14:05:51.558Z","repository":{"id":37572353,"uuid":"338854952","full_name":"Zeyad-Azima/Offensive-Resources","owner":"Zeyad-Azima","description":"A Huge Learning Resources with Labs For Offensive Security Players","archived":false,"fork":false,"pushed_at":"2022-07-13T19:58:03.000Z","size":21563,"stargazers_count":973,"open_issues_count":1,"forks_count":218,"subscribers_count":35,"default_branch":"main","last_synced_at":"2025-07-11T22:32:07.363Z","etag":null,"topics":["api","api-security","cloud-security","cybersecurity","hack","hacking","infrastructure","learning","mobile","mobile-security","offensive","offensive-security","owasp","owasp-top-10","red-team","red-teaming","redteam","security","web","web-security"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Zeyad-Azima.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-02-14T17:00:27.000Z","updated_at":"2025-07-09T14:47:50.000Z","dependencies_parsed_at":"2022-08-08T21:00:19.449Z","dependency_job_id":null,"html_url":"https://github.com/Zeyad-Azima/Offensive-Resources","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/Zeyad-Azima/Offensive-Resources","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Zeyad-Azima%2FOffensive-Resources","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Zeyad-Azima%2FOffensive-Resources/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Zeyad-Azima%2FOffensive-Resources/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Zeyad-Azima%2FOffensive-Resources/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Zeyad-Azima","download_url":"https://codeload.github.com/Zeyad-Azima/Offensive-Resources/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Zeyad-Azima%2FOffensive-Resources/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28571559,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-19T12:50:50.164Z","status":"ssl_error","status_checked_at":"2026-01-19T12:50:42.704Z","response_time":67,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["api","api-security","cloud-security","cybersecurity","hack","hacking","infrastructure","learning","mobile","mobile-security","offensive","offensive-security","owasp","owasp-top-10","red-team","red-teaming","redteam","security","web","web-security"],"created_at":"2025-02-09T18:18:36.230Z","updated_at":"2026-01-19T14:05:51.533Z","avatar_url":"https://github.com/Zeyad-Azima.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# Offensive-Resources V4\n((اللَّهُمَّ انْفَعْنِي بِمَا عَلَّمْتَنِي، وَعَلِّمْنِي مَا يَنْفَعُنِي، وَزِدْنِي عِلْمًا))\n\u003chr\u003e\n\n# A Huge Learning Resources with Labs For Offensive Security Players.\n\n\u003e EveryBody is welcome to pull requests and add new resources, fix false-positives and more. \"Every update will be added to the website:.\n\nNow You can visit the website and explore all the resources: https://offensive-resources.github.io/\n\n\u003cbr\u003e\n\n\u003cimg width=\"1536\" height=\"1024\" alt=\"image\" src=\"https://github.com/user-attachments/assets/80580527-b9f5-406a-9e41-7945d9158d84\" /\u003e\n\n# What is new in V4 ?\n\n\u003cimg width=\"843\" height=\"477\" alt=\"new\" src=\"https://github.com/user-attachments/assets/353bc45f-8248-4d18-b232-fa75fea71d72\" /\u003e\n\n\n\u003cbr\u003e\n\u003cbr\u003e\n\u003cbr\u003e\n\n# Content\n  - \u003ca href=\"#infrastructure\"\u003eInfrastructure\u003c/a\u003e\n  - \u003ca href=\"#wireless\"\u003eWireless\u003c/a\u003e\n  - \u003ca href=\"#iot--hardware\"\u003eIoT \u0026 Hardware\u003c/a\u003e\n  - \u003ca href=\"#ics-and-scada\"\u003eICS and SCADA\u003c/a\u003e\n  - \u003ca href=\"#exploit-development\"\u003eExploit Development\u003c/a\u003e\n  - \u003ca href=\"#web-applications\"\u003eWeb Applications\u003c/a\u003e\n  - \u003ca href=\"#mobile-applications\"\u003eMobile Applications\u003c/a\u003e\n  - \u003ca href=\"#api\"\u003eAPI\u003c/a\u003e\n  - \u003ca href=\"#cloud\"\u003eCloud\u003c/a\u003e\n  - \u003ca href=\"#reverse-engineering\"\u003eReverse Engineering\u003c/a\u003e\n  - \u003ca href=\"#social-engineering\"\u003eSocial Engineering\u003c/a\u003e\n  - \u003ca href=\"#offensive-programming\"\u003eOffensive Programming\u003c/a\u003e\n  - \u003ca href=\"#blockchain\"\u003eBlockchain\u003c/a\u003e\n  - \u003ca href=\"#car-hacking\"\u003eCar Hacking\u003c/a\u003e\n  - \u003ca href=\"#game-hacking\"\u003eGame Hacking\u003c/a\u003e\n  - \u003ca href=\"#source-code-review\"\u003eSource Code Review\u003c/a\u003e\n  - \u003ca href=\"#telecom\"\u003eTelecom\u003c/a\u003e\n  - \u003ca href=\"#malware-development\"\u003eMalware Development\u003c/a\u003e\n  - \u003ca href=\"#voip\"\u003eVOIP\u003c/a\u003e\n  - \u003ca href=\"#rfid--sdr\"\u003eRFID \u0026 SDR\u003c/a\u003e\n  - \u003ca href=\"#atm-hacking\"\u003eATM Hacking\u003c/a\u003e\n  - \u003ca href=\"#aircraft-hacking\"\u003eAircraft Hacking\u003c/a\u003e\n  - \u003ca href=\"#ai-hacking\"\u003eAI Hacking\u003c/a\u003e\n  - \u003ca href=\"#devsecops\"\u003eDevSecOps\u003c/a\u003e\n  - \u003ca href=\"#linux-exploit-development\"\u003eLinux Exploit Development\u003c/a\u003e\n  - \u003ca href=\"#windows-exploit-development\"\u003eWindows Exploit Development\u003c/a\u003e\n  - \u003ca href=\"#android-exploit-development\"\u003eAndroid Exploit Development\u003c/a\u003e\n  - \u003ca href=\"#ios-exploit-development\"\u003eiOS Exploit Development\u003c/a\u003e\n  - \u003ca href=\"#browser-exploitation\"\u003eBrowser Exploitation\u003c/a\u003e\n  - \u003ca href=\"#hypervisor-exploitation\"\u003eHypervisor Exploitation\u003c/a\u003e\n  - \u003ca href=\"#drones-hacking\"\u003eDrones Hacking\u003c/a\u003e\n  - \u003ca href=\"#medtech-hacking\"\u003eMedTech Hacking\u003c/a\u003e\n  - \u003ca href=\"#cpu-exploitation\"\u003eCPU Exploitation\u003c/a\u003e\n  - \u003ca href=\"#gpu-exploitation\"\u003eGPU Exploitation\u003c/a\u003e\n  - \u003ca href=\"#macos-exploitation\"\u003emacOS Exploitation\u003c/a\u003e\n  - \u003ca href=\"#satellite-hacking\"\u003eSatellite Hacking\u003c/a\u003e\n  - \u003ca href=\"#robots-hacking\"\u003eRobots Hacking\u003c/a\u003e\n  - \u003ca href=\"#vending-machine-hacking\"\u003eVending Machine Hacking\u003c/a\u003e\n  - \u003ca href=\"#osint\"\u003eOSINT\u003c/a\u003e\n  \n\u003cbr\u003e\n\u003cbr\u003e\n\u003cbr\u003e\n\n# Infrastructure\n\n- Books\n  - \u003ca href=\"https://www.amazon.com/Hackers-Handbook-Strategy-Breaking-Defending/dp/0849308887\"\u003eThe Hacker's Handbook\u003c/a\u003e \n  - \u003ca href=\"https://www.amazon.com/Advanced-Infrastructure-Penetration-Testing-methodized-ebook/dp/B076QC8FRT\"\u003eAdvanced Infrastructure  Penetration testing\u003c/a\u003e\n  - \u003ca href=\"https://www.amazon.com/Peter-Kim/e/B00J12259C/ref=dp_byline_cont_book_1\"\u003eHacker playbook series\u003c/a\u003e\n  - \u003ca href=\"https://www.amazon.com/Art-Network-Penetration-Testing-company/dp/1617296821\"\u003eThe Art of Network Penetration Testing\u003c/a\u003e\n  - \u003ca href=\"https://www.amazon.com/Mastering-Linux-Advanced-Penetration-Testing/dp/178934056X/\"\u003eMastering Kali Linux for Advanced Penetration Testing \u003c/a\u003e\n  - \u003ca href=\"https://www.amazon.com/Advanced-Penetration-Testing-Highly-Secured-Environments-ebook/dp/B01A14X6LE/\"\u003eAdvanced Penetration Testing for Highly-Secured Environments\u003c/a\u003e\n  - \u003ca href=\"https://www.amazon.com/Advanced-Penetration-Testing-Hacking-Networks/dp/1119367689/\"\u003eAdvanced Penetration Testing \u003c/a\u003e\n  - \u003ca href=\"https://www.amazon.com/Hands-Penetration-Testing-Windows-PowerShell/dp/1788295668/\"\u003eHands-On Penetration Testing on Windows\u003c/a\u003e\n  - \u003ca href=\"https://www.amazon.com/Mastering-Wireless-Penetration-Testing-Environments-ebook/dp/B00T4ACP78/\"\u003eMastering Wireless Penetration Testing for Highly Secured Environments\u003c/a\u003e\n  - \u003ca href=\"https://www.amazon.com/Cybersecurity-state-art-organization-cybercriminals/dp/183882779X/\"\u003eCybersecurity - Attack and Defense Strategies\u003c/a\u003e\n  - \u003ca href=\"https://www.amazon.com/Rtfm-Red-Team-Field-Manual/dp/1494295504/\"\u003eRTFM: Red Team Field Manual\u003c/a\u003e\n  - \u003ca href=\"https://www.amazon.com/Penetration-Testing-Hands-Introduction-Hacking/dp/1593275641/\"\u003ePenetration Testing: A Hands-on Introduction to Hacking\u003c/a\u003e\n  - \u003ca href=\"https://www.amazon.com/Hacking-Firewalls.../dp/B085LS67BH\"\u003eHacking: Hacking Firewalls \u0026 Bypassing Honeypot\u003c/a\u003e\n  - \u003ca href=\"https://www.amazon.com/Red-Team-Development-Operations-practical/dp/B083XVG633\"\u003eRed Team Development and Operations: A practical guide \u003c/a\u003e\n  - \u003ca href=\"https://www.amazon.com/Hands-Red-Team-Tactics-operations/dp/1788995236\"\u003eHands-On Red Team Tactics\u003c/a\u003e\n  \n  \n- Courses\n  - \u003ca href=\"https://www.offensive-security.com/pwk-oscp/\"\u003eOSCP\u003c/a\u003e\n  - \u003ca href=\"https://www.offensive-security.com/pen300-osep/\"\u003eOSEP\u003c/a\u003e\n  - \u003ca href=\"https://my.ine.com/CyberSecurity/learning-paths/9a29e89e-1327-4fe8-a201-031780263fa9/penetration-testing-professional\"\u003eeCPPT\u003c/a\u003e\n  - \u003ca href=\"https://my.ine.com/CyberSecurity/learning-paths/154876ad-ae9f-43d6-add4-f635cab537a7/advanced-penetration-testing\"\u003eeCPTX\u003c/a\u003e\n  - \u003ca href=\"https://www.sans.org/cyber-security-courses/network-penetration-testing-ethical-hacking/\"\u003eSEC560\u003c/a\u003e\n  - \u003ca href=\"https://www.sans.org/cyber-security-courses/advanced-penetration-testing-exploits-ethical-hacking/\"\u003eSEC660\u003c/a\u003e\n  - \u003ca href=\"https://www.sans.org/cyber-security-courses/red-team-exercises-adversary-emulation/\"\u003eSEC564\u003c/a\u003e\n  - \u003ca href=\"https://academy.tcm-sec.com/p/practical-ethical-hacking-the-complete-course\"\u003ePractical Ethical Hacking\u003c/a\u003e\n  - \u003ca href=\"https://academy.tcm-sec.com/p/windows-privilege-escalation-for-beginners\"\u003eWindows Privilege Escalation for Beginners\u003c/a\u003e\n  - \u003ca href=\"https://academy.tcm-sec.com/p/linux-privilege-escalation\"\u003eLinux Privilege Escalation for Beginners\u003c/a\u003e\n  - \u003ca href=\"https://academy.tcm-sec.com/p/movement-pivoting-and-persistence-for-pentesters-and-ethical-hackers\"\u003eMovement, Pivoting, and Persistence\u003c/a\u003e\n  - \u003ca href=\"https://academy.tcm-sec.com/p/external-pentest-playbook\"\u003eThe External Pentest Playbook\u003c/a\u003e\n  - \u003ca href=\"https://www.pentesteracademy.com/activedirectorylab\"\u003eCRTP\u003c/a\u003e\n  - \u003ca href=\"https://www.pentesteracademy.com/redteamlab\"\u003eCRTE\u003c/a\u003e\n  - \u003ca href=\"https://www.pentesteracademy.com/gcb\"\u003ePACES\u003c/a\u003e\n  - \u003ca href=\"https://www.mile2.com/professional-ethical-hacker/\"\u003eCPEH\u003c/a\u003e\n  - \u003ca href=\"https://www.mile2.com/penetration-testing-engineer-outline/\"\u003eCPTE\u003c/a\u003e\n  \n- Labs\n  - \u003ca href=\"https://www.amazon.com/Building-Virtual-Pentesting-Advanced-Penetration-ebook/dp/B01JLBMC8G\"\u003eBuilding Virtual Pentesting Labs for Advanced Penetration Testing\u003e\u003c/a\u003e\n  - \u003ca href=\"https://www.hackthebox.eu/hacker/pro-labs\"\u003eHack The Box: Pro Labs\u003c/a\u003e\n  - \u003ca href=\"https://github.com/Marshall-Hallenbeck/red_team_attack_lab\"\u003eRed Team Attack Lab\u003c/a\u003e\n  - \u003ca href=\"https://github.com/R3dy/capsulecorp-pentest\"\u003eCapsulecorp Pentest\u003c/a\u003e\n  - \u003ca href=\"https://rmusser.net/git/admin-2/Infosec_Reference/src/branch/master/Draft/Building_A_Lab.md\"\u003eBuilding a Lab\u003c/a\u003e\n  - \u003ca href=\"https://github.com/oliverwiegers/pentest_lab\"\u003ePentest Lab\u003c/a\u003e\n  - \u003ca href=\"https://github.com/itboxltda/pentestlab\"\u003eLocal PentestLab Management Script\u003c/a\u003e\n  - \u003ca href=\"https://github.com/s0wr0b1ndef/pentest-lab\"\u003ePentest-lab\u003c/a\u003e\n  - \u003ca href=\"https://github.com/indigos33k3r/portainer-pentest-lab\"\u003eOffensive Security Lab\u003c/a\u003e\n  - \u003ca href=\"https://attackdefense.pentesteracademy.com/search\"\u003ePentesteracademy Labs\u003c/a\u003e\n  - \u003ca href=\"https://www.hackthebox.eu/\"\u003eHack The Box\u003c/a\u003e\n  - \u003ca href=\"https://www.vulnhub.com/\"\u003eVulnhub\u003c/a\u003e\n  - \u003ca href=\"https://www.offensive-security.com/labs/individual/\"\u003eOffensive Security Proving Grounds\u003c/a\u003e\n  - \u003ca href=\"https://tryhackme.com\"\u003eTryHackMe\u003c/a\u003e\n\n\u003cbr\u003e\n\u003cbr\u003e\n\n# Wireless\n  - Books\n    - \u003ca href=\"https://www.amazon.com/BackTrack-Wireless-Penetration-Testing-Beginners/dp/1849515581\"\u003eBackTrack 5 Wireless Penetration Testing Beginner's Guide\u003c/a\u003e\n    - \u003ca href=\"https://www.amazon.com/Linux-Wireless-Penetration-Testing-Cookbook/dp/1783554088\"\u003eKali Linux Wireless Penetration Testing Cookbook\u003c/a\u003e\n    - \u003ca href=\"https://www.amazon.com/Mastering-Wireless-Penetration-Testing-Environments/dp/9352130839\"\u003eMastering Wireless Penetration Testing for Highly Secured Environments\u003c/a\u003e\n    \n  - Courses\n    - \u003ca href=\"https://www.offensive-security.com/wifu-oswp/\"\u003eOSWP\u003c/a\u003e\n    - \u003ca href=\"https://www.pentesteracademy.com/course?id=9\"\u003eWi-Fi Security and Pentesting\u003c/a\u003e\n    - \u003ca href=\"https://www.udemy.com/course/wi-fi-password-penetration-testing-course/\"\u003eWi-Fi Hacking and Wireless Penetration Testing Course \u003c/a\u003e\n    - \u003ca href=\"https://www.sans.org/cyber-security-courses/wireless-penetration-testing-ethical-hacking/\"\u003eSEC617: Wireless Penetration Testing and Ethical Hacking\u003c/a\u003e\n    \n  - Labs\n    - \u003ca href=\"https://www.amazon.com/Building-Pentesting-Lab-Wireless-Networks/dp/1785283154\"\u003eBuilding a Pentesting Lab for Wireless Networks\u003c/a\u003e\n    - The Courses and Books have explained how to build a lab\n\n\u003cbr\u003e\n\u003cbr\u003e\n\n# IoT \u0026 Hardware\n  - Books\n    - \u003ca href=\"https://www.amazon.com/Practical-IoT-Hacking-Fotios-Chantzis-ebook/dp/B085BVVSN6\"\u003ePractical IoT Hacking: The Definitive Guide to Attacking the Internet of Things\u003c/a\u003e\n    - \u003ca href=\"https://www.amazon.com/IoT-Hackers-Handbook-Practical-Internet/dp/1484242998\"\u003eThe IoT Hacker's Handbook: A Practical Guide to Hacking the Internet of Things\u003c/a\u003e\n    - \u003ca href=\"https://www.amazon.com/IoT-Penetration-Testing-Cookbook-vulnerabilities/dp/1787280578\"\u003eIoT Penetration Testing Cookbook: Identify Vulnerabilities and Secure Your Smart Devices\u003c/a\u003e\n    - \u003ca href=\"https://nostarch.com/hardwarehacking\"\u003eThe Hardware Hacking Handbook: Breaking Embedded Security with Hardware Attacks\u003c/a\u003e\n    - \u003ca href=\"https://www.amazon.com/Practical-Hardware-Pentesting-attacking-protecting/dp/1789619130\"\u003ePractical Hardware Pentesting: A Guide to Attacking Embedded Systems and Protecting Them Against the Most Common Hardware Attacks\u003c/a\u003e\n\n    \n  - Courses\n    - \u003ca href=\"https://www.sans.org/cyber-security-courses/iot-penetration-testing/\"\u003eSEC556: IoT Penetration Testing\u003c/a\u003e\n    - \u003ca href=\"https://www.attify.com/iot-security-exploitation-training\"\u003eOffensive IoT Exploitation\u003c/a\u003e\n    - \u003ca href=\"https://www.udemy.com/course/securing-iot-from-security-to-practical-pentesting-on-iot/\"\u003eSecuring IoT: From Security to Practical Pentesting on IoT \u003c/a\u003e\n    - \u003ca href=\"https://securinghardware.com/training/courses/\"\u003eApplied Physical Attacks Series\u003c/a\u003e\n    \n  - Labs\n    - The Courses and Books have explained how to build a lab\n\n\u003cbr\u003e\n\u003cbr\u003e\n\n# ICS and SCADA\n  - Books\n    - \u003ca href=\"https://www.amazon.com/Hacking-Exposed-Industrial-Control-Systems/dp/1259589714\"\u003eHacking Exposed Industrial Control Systems: ICS and SCADA Security Secrets \u0026 Solutions\u003c/a\u003e\n    - \u003ca href=\"https://www.amazon.com/Hacking-SCADA-Industrial-Control-Systems/dp/1533022062\"\u003eHacking SCADA/Industrial Control Systems: The Pentest Guide\u003c/a\u003e\n    - \u003ca href=\"https://www.amazon.com/Handbook-SCADA-Control-Systems-Security/dp/1498717071\"\u003eHandbook of SCADA/Control Systems Security\u003c/a\u003e\n    - \u003ca href=\"\"\u003e\u003c/a\u003e\n    \n    \n  - Courses\n    - \u003ca href=\"https://www.eccouncil.org/programs/ics-scada-cybersecurity/\"\u003eICS/SCADA Cybersecurity (Ec council)\u003c/a\u003e\n    - \u003ca href=\"https://www.sans.org/cyber-security-courses/ics-scada-cyber-security-essentials/\"\u003eICS410: ICS/SCADA Security Essentials\u003c/a\u003e\n    \n  - Labs\n    - The Courses and Books have explained how to build a lab\n\n\u003cbr\u003e\n\u003cbr\u003e\n\n# Exploit Development\n  - Books\n    - \u003ca href=\"https://www.amazon.com/Penetration-Testing-Shellcode-network-level-vulnerabilities-ebook/dp/B076H9DD9N\"\u003ePenetration Testing with Shellcode\u003c/a\u003e\n    - \u003ca href=\"https://www.amazon.com/Shellcoders-Handbook-Discovering-Exploiting-Security-ebook/dp/B004P5O38Q/\"\u003eThe Shellcoder's Handbook\u003c/a\u003e\n    - \u003ca href=\"https://www.amazon.com/Hacking-Art-Exploitation-Jon-Erickson-ebook/dp/B004OEJN3I/\"\u003eHacking: The Art of Exploitation\u003c/a\u003e\n    - \u003ca href=\"https://www.amazon.com/Attacking-Network-Protocols-Analysis-Exploitation/dp/1593277504/\"\u003eAttacking Network Protocols: A Hacker's Guide to Capture, Analysis, and Exploitation\u003c/a\u003e\n    - \u003ca href=\"https://www.amazon.com/Bug-Hunters-Diary-Software-Security/dp/1593273851/\"\u003eA Bug Hunter's Diary\u003c/a\u003e\n    - \u003ca href=\"https://www.amazon.com/Buffer-Overflow-Attacks-Exploit-Prevent-ebook/dp/B002C1B7SE/\"\u003eBuffer Overflow Attacks: Detect, Exploit, Prevent\u003c/a\u003e\n    - \u003ca href=\"https://www.amazon.com/Linux-Exploit-Development-Beginners-Step-ebook/dp/B082DMZHK2\"\u003eLinux Exploit Development for Beginners\u003c/a\u003e\n    - \u003ca href=\"https://www.amazon.com/Fuzzing-Brute-Force-Vulnerability-Discovery/dp/0321446119/\"\u003eFuzzing: Brute Force Vulnerability Discovery\u003c/a\u003e\n    - \u003ca href=\"https://www.amazon.com/Fuzzing-Software-Security-Testing-Assurance/dp/1608078507/\"\u003eFuzzing for Software Security Testing and Quality Assurance\u003c/a\u003e\n    - \u003ca href=\"https://www.fuzzingbook.org/\"\u003eThe Fuzzing Book\u003c/a\u003e\n    - \u003ca href=\"https://www.amazon.com/Open-Source-Fuzzing-Tools-Rathaus-ebook/dp/B0050UZ258/\"\u003eOpen Source Fuzzing Tools\u003c/a\u003e\n    - \u003ca href=\"https://www.amazon.com/Guide-Kernel-Exploitation-Attacking-Core/dp/1597494860\"\u003eA Guide to Kernel Exploitation\u003c/a\u003e\n\n \n  - Courses\n    - \u003ca href=\"https://www.offensive-security.com/ctp-osce/\"\u003eOSCE\u003c/a\u003e\n    - \u003ca href=\"https://www.offensive-security.com/awe-osee/\"\u003eOSEE\u003c/a\u003e\n    - \u003ca href=\"https://my.ine.com/path/019938d9-11cf-459b-b8ee-e662e10515f2\"\u003eeCXD\u003c/a\u003e\n    - \u003ca href=\"https://www.sans.org/cyber-security-courses/advanced-exploit-development-penetration-testers/\"\u003eSEC760\u003c/a\u003e\n    - \u003ca href=\"https://github.com/cranelab/exploit-development\"\u003eExploit-Development Repo\u003c/a\u003e\n    - \u003ca href=\"https://guyinatuxedo.github.io/\"\u003eNightmare\u003c/a\u003e\n    - \u003ca href=\"https://www.pentesteracademy.com/course?id=3\"\u003ex86 Assembly Language and Shellcoding on Linux\u003c/a\u003e\n    - \u003ca href=\"https://samsclass.info/127/127_S21.shtml\"\u003eCNIT 127: Exploit Development\u003c/a\u003e\n    - \u003ca href=\"https://www.pentesteracademy.com/course?id=7\"\u003ex86_64 Assembly Language and Shellcoding on Linux\u003c/a\u003e\n    - \u003ca href=\"https://www.pentesteracademy.com/course?id=41\"\u003eReverse Engineering Win32 Applications\u003c/a\u003e\n    - \u003ca href=\"https://www.pentesteracademy.com/course?id=40\"\u003eReverse Engineering Linux 32-bit Applications\u003c/a\u003e\n    - \u003ca href=\"https://www.pentesteracademy.com/course?id=13\"\u003eExploiting Simple Buffer Overflows on Win32\u003c/a\u003e\n    - \u003ca href=\"https://www.udemy.com/course/reverse-engineering-and-exploit-development/\"\u003eReverse Engineering and Exploit Development \u003c/a\u003e\n    - \u003ca href=\"https://www.udemy.com/course/exploit-development/\"\u003eExploit Development for Linux (x86)\u003c/a\u003e\n    - \u003ca href=\"https://www.udemy.com/course/64bit-linux-exploit-development/\"\u003eExploit Development for Linux x64\u003c/a\u003e\n    - \u003ca href=\"https://www.udemy.com/course/introduction-to-exploitzero-day-discovery-and-development/\"\u003eIntroduction to Exploit/Zero-Day Discovery and Development\u003c/a\u003e\n    - \u003ca href=\"https://www.udemy.com/course/exploit-development-from-scratch/\"\u003eExploit Development From Scratch\u003c/a\u003e\n    - \u003ca href=\"https://www.udemy.com/course/hands-on-exploit-development/\"\u003eHands-on Fuzzing and Exploit Development(Part 1)\u003c/a\u003e\n    - \u003ca href=\"https://www.udemy.com/course/hands-on-exploit-development-advanced/\"\u003eHands-on Fuzzing and Exploit Development(Part 2)\u003c/a\u003e\n    - \u003ca href=\"https://zdresearch.com/training/exploit-development/\"\u003eZDResearch Exploit Development\u003c/a\u003e\n  \n    \n  - Labs\n    - Analyize previous and new zero-days vulnerabilities will dive you deep into the real-world\n    - \u003ca href=\"https://cse466.pwn.college/\"\u003ePWN collage\u003c/a\u003e\n    - \u003ca href=\"https://pwnable.kr/play.php\"\u003ePwnable\u003c/a\u003e\n    - \u003ca href=\"https://github.com/stephenbradshaw/vulnserver\"\u003eVulnserver\u003c/a\u003e\n    - \u003ca href=\"\"\u003eBlazeDVD 5 Professional\u003c/a\u003e\n    - \u003ca href=\"\"\u003eDVDx Player\u003c/a\u003e\n    - \u003ca href=\"\"\u003eEasy CD DVD\u003c/a\u003e\n    - \u003ca href=\"\"\u003eEasy Chat Server 3.1\u003c/a\u003e\n    - \u003ca href=\"\"\u003eEasy File Sharing FTP Server 3.5\u003c/a\u003e\n    - \u003ca href=\"\"\u003eEasy File Management Web Server 5.3\u003c/a\u003e\n    - \u003ca href=\"\"\u003eEasy File Sharing Web Server 7.2\u003c/a\u003e\n    - \u003ca href=\"\"\u003eEasy RM to MP3 Converter 2.7.3.7\u003c/a\u003e\n    - \u003ca href=\"\"\u003eEureka\u003c/a\u003e\n    - \u003ca href=\"\"\u003eFreeFTP 1.0.8 \u003c/a\u003e\n    - \u003ca href=\"\"\u003eFreeFloat\u003c/a\u003e\n    - \u003ca href=\"\"\u003eKarjaSoft Sami FTP Server 2.0.1\u003c/a\u003e\n    - \u003ca href=\"\"\u003eKnFTP Server 1.0.0\u003c/a\u003e\n    - \u003ca href=\"\"\u003eKolibri v2.0 HTTP Server\u003c/a\u003e\n    - \u003ca href=\"\"\u003eMillenium MP3 Studio\u003c/a\u003e\n    - \u003ca href=\"\"\u003eMinialic HTTP\u003c/a\u003e\n    - \u003ca href=\"\"\u003eMinishare\u003c/a\u003e\n    - \u003ca href=\"\"\u003eProSysInfo TFTP Server TFTPDWIN 0.4.2\u003c/a\u003e\n    - \u003ca href=\"\"\u003eQuickZip 4.60\u003c/a\u003e\n    - \u003ca href=\"\"\u003eR v3.4.4\u003c/a\u003e\n    - \u003ca href=\"\"\u003eRicoh DC Software DL-10 FTP Server\u003c/a\u003e\n    - \u003ca href=\"\"\u003eSolarFTP\u003c/a\u003e\n    - \u003ca href=\"\"\u003eSoritong MP3 Player 1.0 \u003c/a\u003e\n    - \u003ca href=\"\"\u003eXitami Webserver 2.5\u003c/a\u003e\n    - \u003ca href=\"https://www.vulnhub.com/\"\u003eVulnhub\u003c/a\u003e\n    - \u003ca href=\"https://www.hackthebox.eu/\"\u003eHack the box\u003c/a\u003e\n \n\u003cbr\u003e\n\u003cbr\u003e\n\n# Web Applications\n  - Books\n    - \u003ca href=\"https://www.amazon.com/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470/\"\u003eWeb Application Hacker's Handbook\u003c/a\u003e\n    - \u003ca href=\"https://portswigger.net/web-security/all-materials\"\u003ePortswigger learning materials\u003c/a\u003e\n    - \u003ca href=\"https://owasp.org/www-project-web-security-testing-guide/v42/\"\u003eOwasp web Testing Guide\u003c/a\u003e\n    - \u003ca href=\"https://www.amazon.com/Real-World-Bug-Hunting-Field-Hacking/dp/1593278616\"\u003eReal World Bug Hunting\u003c/a\u003e\n    - \u003ca href=\"https://payhip.com/ghostlulz\"\u003eBug Bounty playbook part 1 \u0026 2\u003c/a\u003e\n    - \u003ca href=\"https://www.amazon.com/Mastering-Modern-Web-Penetration-Testing/dp/1785284584\"\u003eMastering Modern Web Penetration Testing\u003c/a\u003e\n    - \u003ca href=\"https://www.amazon.com/Mastering-Kali-Linux-Penetration-Testing-ebook/dp/B0721264KJ\"\u003eMastering Kali Linux for Web Penetration Testing\u003c/a\u003e\n    - \u003ca href=\"https://www.amazon.com/gp/product/B078MRV57M\"\u003eKali Linux Web Penetration Testing Cookbook\u003c/a\u003e\n    - \u003ca href=\"https://www.amazon.com/Bug-Bounty-Bootcamp-Reporting-Vulnerabilities-ebook/dp/B08YK368Y3\"\u003eBug Bounty Bootcamp\u003c/a\u003e\n  \n  - Courses\n    - \u003ca href=\"https://www.offensive-security.com/awae-oswe/\"\u003eOSWE\u003c/a\u003e\n    - \u003ca href=\"https://my.ine.com/CyberSecurity/learning-paths/50d07b7c-1224-4bda-a57b-3954e189bfc1/web-application-penetration-tester-professional\"\u003eeWAPT\u003c/a\u003e\n    - \u003ca href=\"https://my.ine.com/CyberSecurity/learning-paths/7d3a5df8-a6cf-4855-b686-30e9d7e76425/advanced-web-application-penetration-testing\"\u003eeWAPTX\u003c/a\u003e\n    - \u003ca href=\"https://www.sans.org/cyber-security-courses/web-app-penetration-testing-ethical-hacking/\"\u003eSEC542\u003c/a\u003e\n    - \u003ca href=\"https://www.sans.org/cyber-security-courses/advanced-web-app-penetration-testing-ethical-hacking/\"\u003eSEC642\u003c/a\u003e\n    - \u003ca href=\"https://hackersera.com/p/?page=online-training\"\u003eOffensive bug bounty hunter part 1 \u00262 hackersera\u003c/a\u003e\n    - \u003ca href=\"https://hakin9.org/product/web-application-attacks-and-api-hacking-w51/\"\u003eWeb Application Attacks and API Hacking (W51)\u003c/a\u003e\n    \n  - Labs\n    - \u003ca href=\"http://sourceforge.net/projects/bwapp/files/bee-box/\"\u003ebWAPP\u003c/a\u003e\n    - \u003ca href=\"https://github.com/jbarone/penlab\"\u003epenlab\u003c/a\u003e\n    - \u003ca href=\"https://portswigger.net/web-security/all-labs\"\u003ePortswigger labs\u003c/a\u003e\n    - \u003ca href=\"https://hack.me/\"\u003eHack me\u003c/a\u003e\n    - \u003ca href=\"https://owasp.org/www-project-juice-shop/\"\u003eOWASP Juice shop\u003c/a\u003e\n    - \u003ca href=\"https://owasp.org/www-project-broken-web-applications/migrated_content\"\u003eOwasp Broken Web Apps \u003c/a\u003e\n    - \u003ca href=\"https://pentesterlab.com/\"\u003ePentesterlab\u003c/a\u003e\n    - \u003ca href=\"https://www.root-me.org/\"\u003eroot-me\u003c/a\u003e\n\n\u003cbr\u003e\n\u003cbr\u003e\n\n# Mobile Applications\n  - Books\n    - \u003ca href=\"https://owasp.org/www-project-mobile-security-testing-guide/\"\u003eOWASP Mobile Security Testing Guide\u003c/a\u003e\n    - \u003ca href=\"https://www.amazon.com/Mobile-Application-Penetration-Testing-Vijay-ebook/dp/B019IOX4Y2/\"\u003eMobile application penetration testing\u003c/a\u003e\n    - \u003ca href=\"https://www.amazon.com/Mobile-Application-Hackers-Handbook/dp/1118958500/\"\u003eMobile applicatons hacker's handbook\u003c/a\u003e\n    - \u003ca href=\"https://www.amazon.com/Android-Hackers-Handbook-Joshua-Drake/dp/111860864X/\"\u003eAndroid hacker's handbook/\u003c/a\u003e\n    - \u003ca href=\"https://www.amazon.com/iOS-Hackers-Handbook-Charlie-Miller/dp/1118204123/\"\u003eiOS Hacker's Handbook\u003c/a\u003e\n    \n  - Courses\n    - \u003ca href=\"https://my.ine.com/CyberSecurity/learning-paths/eec5479e-a8d1-4803-817f-c016bb528639/mobile-application-penetration-testing-professional\"\u003eeMAPT\u003c/a\u003e\n    - \u003ca href=\"https://www.sans.org/cyber-security-courses/mobile-device-security-ethical-hacking/\"\u003eSEC575\u003c/a\u003e\n    - \u003ca href=\"https://hackersera.com/p/?page=online-training\"\u003eOffensive AndroHunter\u003c/a\u003e\n    - \u003ca href=\"https://www.udemy.com/course/bug-bounty-hunting-practical-android-penetration-testing/\"\u003eANDROID Hacking \u0026 Penetration Testing\u003c/a\u003e\n    - \u003ca href=\"https://www.udemy.com/course/hacking-and-pentesting-ios-applications/\"\u003eHacking and Pentesting iOS Applications \u003c/a\u003e\n    \n  - Labs\n    - \u003ca href=\"http://damnvulnerableiosapp.com/\"\u003eDamn Vulnerable iOS Application (DVIA)\u003c/a\u003e\n    - \u003ca href=\"https://pentester.land/cheatsheets/2018/10/12/list-of-Intentionally-vulnerable-android-apps.html\"\u003eList of intentionally vulnerable Android apps\u003c/a\u003e\n    - \u003ca href=\"https://securitycompass.github.io/iPhoneLabs/\"\u003eExploitMe Mobile iPhone Labs \u003c/a\u003e\n    - \u003ca href=\"https://securitycompass.github.io/AndroidLabs/\"\u003eExploitMe Mobile Android Labs \u003c/a\u003e\n\n\u003cbr\u003e\n\u003cbr\u003e\n\n# API\n  - Books\n    - \u003ca href=\"https://owasp.org/www-project-api-security/\"\u003eOWASP API Security Project\u003c/a\u003e\n    - \u003ca href=\"https://www.amazon.com/Hacking-APIs-Application-Programming-Interfaces/dp/1718502443\"\u003eHacking APIs\u003c/a\u003e\n    - \u003ca href=\"https://www.manning.com/books/api-security-in-action\"\u003eApi Secuirty in Action\u003c/a\u003e\n    - \u003ca href=\"https://www.manning.com/books/understanding-api-security\"\u003eUnderstanding Api Security\u003c/a\u003e\n  \n  - Courses\n    - \u003ca href=\"https://hackerassociate.com/training-and-certification/oaes-offensive-api-exploitation-and-security-training/\"\u003eOAES Offensive API Exploitation and Security\u003c/a\u003e\n    - \u003ca href=\"https://www.pluralsight.com/courses/owasp-top-ten-api-security-playbook\"\u003eOWASP Top 10: API Security Playbook\u003c/a\u003e\n    - \u003ca href=\"https://ar-ar.facebook.com/officialhackersera/posts/1387454408290281?__tn__=-R\"\u003eOffensive Api  penetration testing\u003c/a\u003e\n    - \u003ca href=\"https://hakin9.org/product/web-application-attacks-and-api-hacking-w51/\"\u003eWeb Application Attacks and API Hacking (W51)\u003c/a\u003e\n    - \u003ca href=\"https://hakin9.org/course/api-security-offence-and-defence/\"\u003eAPI Security: Offence and Defence (W35)\u003c/a\u003e\n\n  - Labs\n    - \u003ca href=\"https://github.com/payatu/Tiredful-API\"\u003eTiredful API\u003c/a\u003e\n    - \u003ca href=\"https://github.com/rahulunair/vulnerable-api\"\u003evulnerable-api\u003c/a\u003e\n    - \u003ca href=\"https://github.com/marmicode/websheep\"\u003ewebsheep\u003c/a\u003e\n\n\u003cbr\u003e\n\u003cbr\u003e\n\n# Cloud\n  - Books\n    - \u003ca href=\"https://www.amazon.com/AWS-Penetration-Testing-Beginners-Metasploit/dp/1839216921/\"\u003eAWS Penetration Testing \u003c/a\u003e\n    - \u003ca href=\"https://www.amazon.com/Hands-Penetration-Testing-Kali-Linux/dp/1789136725/\"\u003eHands-On AWS Penetration Testing with Kali Linux\u003c/a\u003e\n    - \u003ca href=\"https://www.amazon.com/Pentesting-Azure-Applications-Definitive-Deployments/dp/1593278632/\"\u003ePentesting Azure Applications\u003c/a\u003e\n    - \u003ca href=\"https://www.amazon.com/Mastering-Cloud-Penetration-Testing-Sehgal/dp/1786461234/\"\u003eMastering Cloud Penetration Testing\u003c/a\u003e\n  \n  - Courses\n    - \u003ca href=\"https://www.sans.org/cyber-security-courses/cloud-penetration-testing/\"\u003eSEC588\u003c/a\u003e\n  \n  - Labs\n    - \u003ca href=\"https://github.com/juanjoSanz/aws-pentesting-lab\"\u003eAWS Pen-Testing Laboratory\u003c/a\u003e\n    - Create Your own lab from the books\n\u003cbr\u003e\n\u003cbr\u003e\n\n# Reverse Engineering\n  - Books\n    - \u003ca href=\"https://www.amazon.com/Reversing-Secrets-Engineering-Eldad-Eilam/dp/0764574817\"\u003eReversing: Secrets of Reverse Engineering\u003c/a\u003e\n    - \u003ca href=\"https://www.amazon.com/Mastering-Reverse-Engineering-Re-engineer-ethical-ebook/dp/B07BXTBP8W/\"\u003eMastering Reverse Engineering\u003c/a\u003e\n    - \u003ca href=\"https://beginners.re/\"\u003eReverse Engineering for Beginners\u003c/a\u003e\n    - \u003ca href=\"\"\u003eThe Ghidra Book: The Definitive Guide\u003c/a\u003e\n    - \u003ca href=\"https://www.amazon.com/IDA-Pro-Book-Unofficial-Disassembler/dp/1593272898\"\u003eThe IDA Pro Book, 2nd Edition\u003c/a\u003e\n    - \u003ca href=\"https://www.amazon.com/Practical-Reverse-Engineering-Reversing-Obfuscation/dp/1118787315\"\u003ePractical Reverse Engineering\u003c/a\u003e\n    \n    \n  - Courses\n    - \u003ca href=\"https://my.ine.com/CyberSecurity/learning-paths/67c2d9f8-f4f5-4705-b5e2-56d6c3583030/reverse-engineering-professional\"\u003eeCRE\u003c/a\u003e\n    - \u003ca href=\"https://www.sans.org/cyber-security-courses/reverse-engineering-malware-malware-analysis-tools-techniques/\"\u003eFOR610: Reverse-Engineering Malware\u003c/a\u003e\n    - \u003ca href=\"https://www.udemy.com/course/reverse-engineering-deep-dive/\"\u003eReverse Engineering Deep Dive\u003c/a\u003e\n    - \u003ca href=\"https://www.udemy.com/course/reverse-engineering-ida/\"\u003eReverse Engineering: IDA For Beginners\u003c/a\u003e\n    - \u003ca href=\"https://www.udemy.com/course/expert-malware-analysis-and-reverse-engineering/\"\u003eExpert Malware Analysis and Reverse Engineering\u003c/a\u003e\n    - \u003ca href=\"https://www.udemy.com/course/x64dbg-debugger/\"\u003eReverse Engineering 1: x64dbg Debugger for Beginners \u003c/a\u003e\n    - \u003ca href=\"https://www.udemy.com/course/reverse-engineering-ghidra/\"\u003eReverse Engineering: Ghidra For Beginners \u003c/a\u003e\n    - \u003ca href=\"https://www.udemy.com/course/reverse-engineering-dnspy/\"\u003eReverse Engineering 6: Reversing .NET with dnSpy \u003c/a\u003e\n    - \u003ca href=\"https://www.youtube.com/watch?v=BRZq5EVQqhg\u0026list=PLMB3ddm5Yvh3gf_iev78YP5EPzkA3nPdL\"\u003eReverse Engineering For Beginners (Youtube)\u003c/a\u003e\n\n\n  - Labs\n    - \u003ca href=\"https://ctf101.org/reverse-engineering/overview/\"\u003eCTF101: Reverse Engineering\u003c/a\u003e\n    - \u003ca href=\"https://cybertalents.com/competitions/reverse-engineering-ctf/challenges\"\u003eCyberTalents: Reverse Engineering CTF\u003c/a\u003e\n    - \u003ca href=\"https://fareedfauzi.gitbook.io/practice-ctf-list/reverse-engineering\"\u003eReverse Engineering CTF List\u003c/a\u003e\n\n\u003cbr\u003e\n\u003cbr\u003e\n\n# Social Engineering\n  - Books\n    - \u003ca href=\"https://www.amazon.com/Social-Engineering-Science-Human-Hacking/dp/111943338X/\"\u003eSocial Engineering: The Science of Human Hacking\u003c/a\u003e\n    - \u003ca href=\"https://www.amazon.com/Social-Engineering-Art-Human-Hacking/dp/B08B6ZCT57/\"\u003eSocial Engineering: The Art of Human Hacking\u003c/a\u003e\n    - \u003ca href=\"https://www.amazon.com/Social-Engineers-Playbook-Practical-Pretexting/dp/0692306617/\"\u003eThe Social Engineer's Playbook\u003c/a\u003e \n    - \u003ca href=\"https://www.amazon.com/Social-Engineering-Hacking-Systems-Societies-ebook/dp/B07XHP7MQ5/\"\u003eSocial Engineering: Hacking Systems, Nations, and Societies\u003c/a\u003e\n    - \u003ca href=\"https://www.amazon.com/Learn-Social-Engineering-internationally-renowned-ebook/dp/B079HYPC27/\"\u003eLearn Social Engineering\u003c/a\u003e\n    \n \n  - Courses\n    - \u003ca href=\"https://www.udemy.com/course/learn-social-engineering-from-scratch/\"\u003eLearn Social Engineering From Scratch\u003c/a\u003e\n    - \u003ca href=\"https://www.udemy.com/course/learn-malware-social-engineering-and-osint-for-hacking/\"\u003eThe Complete Social Engineering: Phishing \u0026 Malware\u003c/a\u003e\n    - \u003ca href=\"https://www.social-engineer.com/training-courses/advanced-practical-social-engineering-training/\"\u003eAdvanced Social Engineering Training\u003c/a\u003e\n    - \u003ca href=\"https://www.cybrary.it/course/social-engineering/\"\u003eSocial Engineering (Cybrary)\u003c/a\u003e\n    \n    \n - Labs\n  - Bro, it's about human hacking. Just hack yourself xD\n\n\n\u003cbr\u003e\n\u003cbr\u003e\n\n# Offensive Programming\n  - Books\n    - \u003ca href=\"https://www.amazon.com/Hands-Penetration-Testing-Python-intelligent/dp/178899082X\"\u003eHands-On Penetration Testing with Python\u003c/a\u003e\n    - \u003ca href=\"https://www.amazon.com/Python-Penetration-Testing-Cookbook-post-exploitation/dp/1784399779\"\u003ePython Penetration Testing Cookbook\u003c/a\u003e\n    - \u003ca href=\"https://www.amazon.com/Python-Offensive-PenTest-practical-penetration/dp/1788838971\"\u003ePython for Offensive PenTest\u003c/a\u003e\n    - \u003ca href=\"https://www.amazon.com/Black-Hat-Python-Programming-Pentesters/dp/1593275900\"\u003eBlack Hat Python\u003c/a\u003e\n    - \u003ca href=\"https://www.amazon.com/Gray-Hat-Creating-Automating-Security/dp/1593277598\"\u003eGray Hat C#: A Hacker's Guide to Creating and Automating Security Tools\u003c/a\u003e\n    - \u003ca href=\"https://www.amazon.com/Black-Hat-Go-Programming-Pentesters/dp/1593278659\"\u003eBlack Hat Go: Go Programming For Hackers and Pentesters \u003c/a\u003e\n    - \u003ca href=\"https://www.amazon.com/Security-Go-Explore-Golang-services/dp/1788627911\"\u003eSecurity with Go\u003c/a\u003e\n    - \u003ca href=\"https://www.amazon.com/Penetration-Testing-Perl-Douglas-Berdeaux/dp/1783283459\"\u003ePenetration Testing with PerL\u003c/a\u003e\n    - \u003ca href=\"https://www.amazon.com/Black-Hat-Ruby-programming-Pentesters/dp/B08JHSF6GT\"\u003eBlack Hat Ruby\u003c/a\u003e\n    \n  - Courses\n    - I encourage you to read the books, cause there are a lot of courses for offensive programming but the most are using python.\n    - \u003ca href=\"https://www.udemy.com/course/learn-python-and-ethical-hacking-from-scratch/\"\u003eLearn Python \u0026 Ethical Hacking From Scratch\u003c/a\u003e\n    - \u003ca href=\"https://www.udemy.com/course/ethical-hacking-python/\"\u003eThe Complete Python Hacking Course: Beginner to Advanced! \u003c/a\u003e\n    - \u003ca href=\"https://www.infosecinstitute.com/skills/learning-paths/offensive-bash-scripting/\"\u003eOffensive Bash Scripting\u003c/a\u003e\n    - \u003ca href=\"https://www.pentesteracademy.com/course?id=21\"\u003ePowershell for Pentesters\u003c/a\u003e\n\n  - Labs\n    - First of all try to create automation tools for your tasks. also you can search for offensive tools and try to write one on your own way.\n    - Tools:\n      - \u003ca href=\"\"\u003eSubdomain Enumeration\u003c/a\u003e\n      - \u003ca href=\"\"\u003eDirectory Bruteforcing\u003c/a\u003e\n      - \u003ca href=\"\"\u003eLive Subdomain checker\u003c/a\u003e\n      - \u003ca href=\"\"\u003eGoogle Dorking\u003c/a\u003e\n      - \u003ca href=\"\"\u003eExtract javascript urls using page source\u003c/a\u003e\n      - \u003ca href=\"\"\u003eReverse \u0026 Bind Shells\u003c/a\u003e\n      - \u003ca href=\"\"\u003eProtocol Enumeration\u003c/a\u003e\n      - \u003ca href=\"\"\u003ePort Scanner (TCP \u0026 UDP)\u003c/a\u003e\n      - \u003ca href=\"\"\u003eHash \u0026 Password Cracking\u003c/a\u003e\n      - \u003ca href=\"\"\u003eFuzzer\u003c/a\u003e\n      - \u003ca href=\"\"\u003eMalware ( Keylogger, Spyware, CryptoMalware, etc)\u003c/a\u003e\n      - \u003ca href=\"\"\u003ePacket Sniffer\u003c/a\u003e\n      - \u003ca href=\"\"\u003eWifi Scanner or Bruteforcer\u003c/a\u003e\n      - \u003ca href=\"\"\u003eVulnerability Scanner ( Web, Network \u0026 System Vulnerabilities, etc )\u003c/a\u003e\n      - \u003ca href=\"\"\u003eExploition Tool ( Try to write an exploition tool for known vulnerability [e.x: Vsftpd backdoor exploition tool] ) \u003c/a\u003e\n      - \u003ca href=\"\"\u003eNetwork Sniffer\u003c/a\u003e\n      - \u003ca href=\"\"\u003eMAC address Changer\u003c/a\u003e\n      - \u003ca href=\"\"\u003eNetwork Scanner\u003c/a\u003e\n\n\n\u003cbr\u003e\n\u003cbr\u003e\n\n# Blockchain\n\n - Books\n   - \u003ca href=\"https://www.amazon.com/Bitcoin-Blockchain-Security-Ghassan-Karame-ebook/dp/B01N7XNEF3\"\u003eBitcoin and Blockchain Security\u003c/a\u003e\n   - \u003ca href=\"https://www.amazon.com/Blockchain-Technology-Hacking-Financial-Framework-ebook/dp/B07221VJ1S\"\u003eBlockchain Technology And Hacking\u003c/a\u003e\n   - \u003ca href=\"https://www.packtpub.com/product/hands-on-cybersecurity-with-blockchain/9781788990189\"\u003eHands-On Cybersecurity with Blockchain\u003c/a\u003e\n  \n- Courses\n  - \u003ca href=\"https://blockchaintrainingalliance.com/products/cbsp\"\u003eCertified Blockchain Security Professional (CBSP)\u003c/a\u003e\n  - \u003ca href=\"https://www.sans.org/cyber-security-courses/blockchain-smart-contract-security/\"\u003eSEC554: Blockchain and Smart Contract Security\u003c/a\u003e\n  - \u003ca href=\"https://academy.101blockchains.com/courses/certified-blockchain-security-expert\"\u003eBlockchain Security Expert (CBSE)\u003c/a\u003e\n  - \u003ca href=\"https://hakin9.org/course/attack-and-defence-in-blockchain-technologies-w39/\"\u003eAttack and Defence in Blockchain Technologies (W39)\u003c/a\u003e\n  - \u003ca href=\"https://www.dasp.co/\n\"\u003eDecentralized Application Security Project \u003c/a\u003e\n\n\n- Labs\n  - \u003ca href=\"https://github.com/ConsenSys/smart-contract-best-practices\"\u003esmart contract security best practices\u003c/a\u003e\n  - \u003ca href=\"https://github.com/nccgroup/GOATCasino\"\u003eGOATCasino\u003c/a\u003e\n  - \u003ca href=\"https://ethernaut.openzeppelin.com/level/0x4E73b858fD5D7A5fc1c3455061dE52a53F35d966\"\u003eEthernaut\u003c/a\u003e\n\n\n\u003cbr\u003e\n\u003cbr\u003e\n\n\n\n# Car Hacking\n\n - Books\n   - \u003ca href=\"https://www.amazon.com/Car-Hackers-Handbook-Penetration-Tester/dp/1593277032\"\u003eThe Car Hacker's Handbook\u003c/a\u003e\n   - \u003ca href=\"https://www.amazon.com/Hacking-Connected-Cars-Techniques-Procedures/dp/1119491800\"\u003eHacking Connected Cars\u003c/a\u003e\n\n - Courses\n   - \u003ca href=\"https://www.udemy.com/course/carhacking/\"\u003eCAR HACKING 101\u003c/a\u003e\n   - \u003ca href=\"https://www.udemy.com/course/automotive-hacking-for-beginners/\"\u003eAutomotive hacking for Beginners\u003c/a\u003e\n   - \u003ca href=\"https://cyberweek.ae/2021/courses/car-hacking-training-automotive-cybersecurity-and-in-vehicle-networks-for-beginners-hitb-cyberweek-2021/\"\u003eCar Hacking Training: Automotive Cybersecurity and In-Vehicle Networks for Beginners\u003c/a\u003e\n   - \u003ca href=\"https://quarkslab.com/training-practical-car-hacking/\"\u003ePractical car hacking\u003c/a\u003e\n\n - Labs\n   - Setup your lab from the courses \u0026 books\n\n\n\n\u003cbr\u003e\n\u003cbr\u003e\n\n\n# Game Hacking\n\n - Books\n   - \u003ca href=\"https://www.amazon.com/Exploiting-Online-Games-Massively-Distributed/dp/0132271915\"\u003eExploiting Online Games\u003c/a\u003e\n   - \u003ca href=\"https://www.amazon.com/Game-Hacking-Developing-Autonomous-Online/dp/1593276699\"\u003eGame Hacking: Developing Autonomous Bots for Online Games\u003c/a\u003e\n   - \u003ca href=\"https://www.amazon.com/Hacking-Video-Game-Consoles-ExtremeTech/dp/0764578065\"\u003eHacking Video Game Consoles\u003c/a\u003e\n   - \u003ca href=\"https://www.amazon.com/Game-Console-Hacking-PlayStation-Nintendo/dp/1931836310\"\u003eGame Console Hacking: Xbox, PlayStation, Nintendo, Game Boy, Atari and Sega\u003c/a\u003e\n   - \u003ca href=\"https://www.amazon.com/Hacking-Xbox-Introduction-Reverse-Engineering/dp/1593270291\"\u003eHacking the Xbox: An Introduction to Reverse Engineering\u003c/a\u003e\n\n\n - Courses\n   - \u003ca href=\"https://www.youtube.com/playlist?list=PLt9cUwGw6CYG1b4L76vZ49tvI2mfmRSCl\"\u003eCS420 Game Hacking Course\u003c/a\u003e\n   - \u003ca href=\"https://www.udemy.com/course/playhack/\"\u003eLearn How To Code a Hack For ANY Game! - Game Hacking \u003c/a\u003e\n   - \u003ca href=\"https://www.udemy.com/course/cheat-engine-game-hacking-basics/\"\u003eGame Hacking: Cheat Engine Game Hacking Basics\u003c/a\u003e\n   - \u003ca href=\"https://www.youtube.com/playlist?list=PLt9cUwGw6CYFSoQHsf9b12kHWLdgYRhmQ\"\u003eGame Hacking Shenanigans - Game Hacking Tutorial Series\u003c/a\u003e\n   - \u003ca href=\"https://www.youtube.com/playlist?list=PL0DAC43CDE5EF7694\"\u003eGame Hacking Tutorial\u003c/a\u003e\n\n\n - Labs\n   - Setup your lab from the courses \u0026 books\n\n\u003cbr\u003e\n\u003cbr\u003e\n\n\n# Source Code Review\n\n - Books\n   - \u003ca href=\"https://www.amazon.com/SECURE-COMPUTER-SOFTWARE-DEVELOPMENT-VULNERABILITY-ebook/dp/B01NAGF70E\"\u003eSECURE COMPUTER SOFTWARE DEVELOPMENT: INTRODUCTION TO VULNERABILITY DETECTION TOOLS\u003c/a\u003e\n   - \u003ca href=\"https://www.amazon.com/Software-Vulnerability-Programming-Herbert-Thompson/dp/1584503580\"\u003eSoftware Vulnerability Guide\u003c/a\u003e\n   - \u003ca href=\"https://www.amazon.de/-/en/Brian-Chess/dp/0321424778\"\u003eecure Programming with Static Analysis: Getting Software Security Right with Static Analysis\u003c/a\u003e\n   - \u003ca href=\"https://owasp.org/www-pdf-archive/OWASP_Code_Review_Guide_v2.pdf\"\u003eOWASP Code Review Guide v2\u003c/a\u003e\n   - \u003ca href=\"https://www.codacy.com/ebooks/guide-to-code-reviews-I\"\u003eThe ultimate guide to code reviews - Edition I\u003c/a\u003e\n\n\n - Courses (Tutorials)\n    - \u003ca href=\"https://www.youtube.com/playlist?list=PLOeXMuu5HOMoYdidoH6UlghfrVVkzZ_cf\"\u003eSAST\u003c/a\u003e\n    - \u003ca href=\"https://www.youtube.com/watch?v=fb-t3WWHsMQ\"\u003eHow to do Code Review - The Offensive Security Way\u003c/a\u003e\n    - \u003ca href=\"https://www.youtube.com/watch?v=eQ1I0wzS8p0\"\u003eHow to find vulnerabilities by source code review\u003c/a\u003e\n    - \u003ca href=\"https://www.youtube.com/watch?v=kpf3UkMc5Y4\"\u003eFinding Security Vulnerabilities through Code Review - The OWASP way\u003c/a\u003e\n    - \u003ca href=\"https://www.youtube.com/watch?v=rAwxFw25x3E\"\u003eOWASP DevSlop Show: Security Code Review 101 with Paul Ionescu!\u003c/a\u003e\n    - \u003ca href=\"https://www.youtube.com/watch?v=A8CNysN-lOM\"\u003eHow to Analyze Code for Vulnerabilities\u003c/a\u003e\n\n\n - Labs\n   - \u003ca href=\"https://pentesterlab.com/exercises?utf8=%E2%9C%93\u0026query=code+review\"\u003ePentesterlab Code Review\u003c/a\u003e\n   - \u003ca href=\"https://github.com/h4x0r101/Damn-Vulnerable-Source-Code\"\u003eDamn Vulnerable Source Code\u003c/a\u003e\n   - \u003ca href=\"https://github.com/uleroboticsgroup/SVCP4CDataset\n\"\u003eSVCP4CDataset\u003c/a\u003e\n\n\n\n\u003cbr\u003e\n\u003cbr\u003e\n\n\n# Telecom\n\n\n - Books\n    - \u003ca href=\"https://www.amazon.com/Security-Telecommunications-Networks-Advances-Information-ebook/dp/B002C73P2E\n\"\u003eSecurity for Telecommunications Networks\u003c/a\u003e\n\n\n - Courses\n   - \u003ca href=\"https://www.youtube.com/watch?v=3XUo7UBn28o\"\u003eMobile Network Hacking, IP Edition\u003c/a\u003e\n   - \u003ca href=\"https://www.youtube.com/watch?v=_f1SByh6f4Q\"\u003eNew Era in Telecom Hacking by Ali Abdollahi at BSides Toronto 2020\u003c/a\u003e\n\n - Labs\n   - Setup your lab from the courses \u0026 books \n\n\n\u003cbr\u003e\n\u003cbr\u003e\n\n\n# Malware Development\n\n- Books\n  - You can read malware analysis books to get a deep understanding of malwares\n\n\n- Courses\n  - \u003ca href=\"https://institute.sektor7.net/red-team-operator-malware-development-essentials\"\u003eRED TEAM Operator: Malware Development Essentials Course\u003c/a\u003e\n  - \u003ca href=\"https://institute.sektor7.net/rto-maldev-intermediate\"\u003eRED TEAM Operator: Malware Development Intermediate Course\u003c/a\u003e\n  - \u003ca href=\"https://www.udemy.com/course/build-undetectable-malware-using-c-language-ethical-hacking/\"\u003eBuild Undetectable Malware Using C Language: Ethical Hacking\u003c/a\u003e\n  - \u003ca href=\"https://www.udemy.com/course/malware-development-beginner-level/\"\u003ePractical Malware Development For Beginners\u003c/a\u003e\n  - \u003ca href=\"https://www.udemy.com/course/coding-botnet-backdoor-in-python-for-ethical-hacking/\"\u003eCoding Botnet \u0026 Backdoor In Python For Ethical Hacking\u003c/a\u003e\n  - \u003ca href=\"https://www.udemy.com/course/ehf-maldev-in-windows/\"\u003eEthical Hacking Foundations: Malware Development in Windows\u003c/a\u003e\n  \n  \n - Labs\n   - No need for online labs you need to write a malicious code\n   \n   \n\u003cbr\u003e\n\u003cbr\u003e\n\n# VOIP\n\n - Books\n   - \u003ca href=\"https://www.amazon.com/Hacking-VoIP-Protocols-Attacks-Countermeasures/dp/1593271638\"\u003eHacking VoIP: Protocols, Attacks, and Countermeasures\u003c/a\u003e\n   - \u003ca href=\"https://www.amazon.com/Hacking-Exposed-VoIP-Security-Solutions/dp/0072263644\"\u003eHacking Exposed VoIP: Voice Over IP Security Secrets \u0026 Solutions\u003c/a\u003e\n   - \u003ca href=\"https://www.amazon.com/Hacking-Exposed-Communications-Security-Solutions/dp/0071798765\"\u003eHacking Exposed Unified Communications \u0026 VoIP Security Secrets \u0026 Solutions, Second Edition\u003c/a\u003e\n   \n   \n - Courses\n   - \u003ca href=\"https://hakin9.org/product/w47-voip-pentesting/\"\u003eVoIP Pentesting (W47)\u003c/a\u003e\n   - \u003ca href=\"https://academy.ehacking.net/p/voip-hacking-penetration-testing-training\"\u003eVoIP Hacking \u0026 Penetration Testing Training\u003c/a\u003e\n   - \u003ca href=\"https://www.voip.school/p/voip-hacking\"\u003eVoIP pentest and SIP hacking\u003c/a\u003e\n\n\n - Labs\n   - Setup your lab from the courses \u0026 books\n\n\n\u003cbr\u003e\n\u003cbr\u003e\n\n# RFID \u0026 SDR\n - Books\n   - \u003ca href=\"https://www.amazon.com/RFID-Security-Frank-Thornton-ebook/dp/B002C4KMKA\"\u003eRFID Security\u003c/a\u003e\n   - \u003ca href=\"https://www.amazon.com/Inside-Radio-Attack-Defense-Guide/dp/9811084467\"\u003eInside Radio: An Attack and Defense Guide\u003c/a\u003e\n\n\n - Courses\n   - \u003ca href=\"https://www.udemy.com/course/the-vulnerability-of-rfid-tag/\"\u003eEthical RFID Hacking\u003c/a\u003e\n   - \u003ca href=\"https://training.hackersera.com/p/?page=online-training#collapsesdr1\"\u003eSDR Exploitation\u003c/a\u003e\n   - \u003ca href=\"https://www.udemy.com/course/software-defined-radio/\"\u003eSDR for Ethical Hackers and Security Researchers \u003c/a\u003e\n   - \u003ca href=\"https://www.udemy.com/course/advance-sdr-for-ethical-hackers-security-researchers/\"\u003eAdvance SDR for Ethical Hackers Security Researchers 2.0\u003c/a\u003e\n   - \u003ca href=\"https://www.udemy.com/course/software-defined-radio-3/\"\u003eSDR for Ethical Hackers and Security Researchers 3.0\u003c/a\u003e\n\n\n - Labs\n   - Setup your lab from the courses \u0026 books\n\n\u003cbr\u003e\n\u003cbr\u003e\n\n# ATM Hacking\n\nA curated collection of resources covering ATM security research, penetration testing, malware analysis, and defensive strategies.\n\n---\n\n- Books\n  - \u003ca href=\"https://www.amazon.com/Digital-Robbery-Implications-SpringerBriefs-Cybersecurity/dp/3030707059\"\u003eDigital Robbery: ATM Hacking and Implications\u003c/a\u003e\n  - \u003ca href=\"https://www.amazon.com/Security-Analysis-Hacking-Banking-Attacks/dp/1540643808\"\u003eThe Security Analysis, Hacking of Banking EMV Cards, ATM, CHIP, PIN \u0026 Attacks\u003c/a\u003e\n  - \u003ca href=\"https://www.europol.europa.eu/sites/default/files/documents/public_-_cashing_in_on_atm_malware.pdf\"\u003eCashing in on ATM Malware (Trend Micro / Europol)\u003c/a\u003e\n  - \u003ca href=\"https://link.springer.com/chapter/10.1007/978-3-030-70706-4_3\"\u003eThe ATM Hacking Case (SpringerLink Chapter)\u003c/a\u003e\n  - \u003ca href=\"https://ceur-ws.org/Vol-3035/paper17.pdf\"\u003eAcademic Paper on ATM Security (CEUR-WS)\u003c/a\u003e\n  - \u003ca href=\"https://blackhat.com/docs/us-16/materials/us-16-Hecker-Hacking-Next-Gen-ATMs-From-Capture-To-Cashout.pdf\"\u003eHacking Next-Gen ATMs: From Capture to Cashout (Black Hat 2016)\u003c/a\u003e\n  - \u003ca href=\"https://media.defcon.org/DEF%20CON%2028/DEF%20CON%20Safe%20Mode%20presentations/DEF%20CON%20Safe%20Mode%20-%20Trey%20Keown%20and%20Brenda%20So%20-%20Applied%20Cash%20Eviction%20through%20ATM%20Exploitation%20-%20WP.pdf\"\u003eApplied Cash Eviction through ATM Exploitation (DEF CON 28)\u003c/a\u003e\n  - \u003ca href=\"https://go.group-ib.com/hubfs/report/group-ib-cobalt-logical-attacks-on-atms-threat-research-2016-en.pdf\"\u003eCobalt - Logical Attacks on ATMs (Group-IB Threat Report)\u003c/a\u003e\n  - \u003ca href=\"https://digitalcommons.usf.edu/cgi/viewcontent.cgi?article=4520\u0026context=fac_publications\"\u003eAcademic Paper on ATM Security (University of South Florida)\u003c/a\u003e\n  - \u003ca href=\"https://www.se.rit.edu/~swen-440/activities/ATM%20Use%20Case%20Analysis%20Example.pdf\"\u003eATM Use Case Analysis Example (RIT)\u003c/a\u003e\n  - \u003ca href=\"https://www.scribd.com/document/694640565/atm-hacking\"\u003eATM Hacking (Scribd)\u003c/a\u003e\n  - \u003ca href=\"https://www.scribd.com/document/806922511/ATM-Hacking-101\"\u003eATM Hacking 101 (Scribd)\u003c/a\u003e\n  - \u003ca href=\"https://www.scribd.com/document/408747641/ATM-Hacking-IsC-Beijing-September-2018\"\u003eATM Hacking ISC Beijing 2018 (Scribd)\u003c/a\u003e\n  - \u003ca href=\"https://www.scribd.com/document/534831075/ATM-Jackpotting\"\u003eATM Jackpotting (Scribd)\u003c/a\u003e\n  - \u003ca href=\"https://www.scribd.com/document/494376862/Atm-Hack-to-Get-Much-More-Money-Than-You-Withdraw-and-DL-Link2\"\u003eATM Hack to Get Much More Money (Scribd)\u003c/a\u003e\n  - \u003ca href=\"https://www.scribd.com/document/432852137/ATM-Hack\"\u003eATM Hack (Scribd)\u003c/a\u003e\n  - \u003ca href=\"https://www.scribd.com/document/447998695/Hacking-an-ATM-machine-is-something-that-has-been-there-for-a-very-long-time-1\"\u003eHacking an ATM Machine (Scribd)\u003c/a\u003e\n\n\n- Courses\n  - \u003ca href=\"https://cyberfoxtrain.com/course/atm-hacking-and-penetration-testing-training/\"\u003eATM Hacking and Penetration Testing Training (CyberFox)\u003c/a\u003e\n  - \u003ca href=\"https://www.atmia.com/training/security-training/\"\u003eATM Security Training (ATMIA Academy)\u003c/a\u003e\n  - \u003ca href=\"https://www.atmia.com/training/courses/?cid=8\"\u003eATM Training Courses (ATMIA)\u003c/a\u003e\n  - \u003ca href=\"https://www.tandemsec.com/hacking-in-practice-2.php\"\u003eHacking in Practice 2 (includes ATM module)\u003c/a\u003e\n  - \u003ca href=\"https://www.classcentral.com/course/youtube-introduction-to-atm-penetration-testing-hector-cuevas-ekoparty-2021-cyberfinance-by-galicia-173150\"\u003eIntroduction to ATM Penetration Testing (Ekoparty)\u003c/a\u003e\n\n\n- Labs\n  - \u003ca href=\"https://atm.cybercrime-tracker.net/index.php?x=goodies\"\u003eGlobal ATM Malware Wall (Malware Samples)\u003c/a\u003e\n  - \u003ca href=\"https://happysavebankingcorporation.com/challenge/index.html\"\u003eHSBC\u0026L ATM CTF Challenge\u003c/a\u003e\n  - \u003ca href=\"https://www.cen.eu/work/areas/ICT/eBusiness/Pages/WS-XFS.aspx\"\u003eCEN/XFS SDK \u0026 Development Environment\u003c/a\u003e\n  - \u003ca href=\"https://www.tutorialjinni.com/skimer-atm-malware-sample-download.html\"\u003eSkimer ATM Malware Sample\u003c/a\u003e\n\n\n- Blogs/Series\n  - \u003ca href=\"https://securelist.com/tyupkin-manipulating-atm-machines-with-malware/66988/\"\u003eTyupkin: Manipulating ATM Machines with Malware (Kaspersky)\u003c/a\u003e\n  - \u003ca href=\"https://securelist.com/atm-malware-from-latin-america-to-the-world/83836/\"\u003eATM Malware from Latin America to the World (Kaspersky)\u003c/a\u003e\n  - \u003ca href=\"https://securelist.com/atm-malware-is-being-sold-on-darknet-market/81871/\"\u003eATM Malware is Being Sold on Darknet Market (Kaspersky)\u003c/a\u003e\n  - \u003ca href=\"https://securelist.com/atm-pos-malware-landscape-2020-2022/107656/\"\u003eATM/PoS Malware Landscape 2020-2022 (Kaspersky)\u003c/a\u003e\n  - \u003ca href=\"https://securelist.com/criminals-atms-and-a-cup-of-coffee/91406/\"\u003eCriminals, ATMs and a Cup of Coffee - ATMJaDi (Kaspersky)\u003c/a\u003e\n  - \u003ca href=\"https://securelist.com/atm-infector/74772/\"\u003eATM Infector - Skimer (Kaspersky)\u003c/a\u003e\n  - \u003ca href=\"https://securelist.com/malware-and-non-malware-ways-for-atm-jackpotting-extended-cut/74533/\"\u003eMalware and Non-Malware Ways for ATM Jackpotting (Kaspersky)\u003c/a\u003e\n  - \u003ca href=\"https://securelist.com/atm-pos-malware-landscape-2017-2019/96750/\"\u003eATM/PoS Malware Landscape 2017-2019 (Kaspersky)\u003c/a\u003e\n  - \u003ca href=\"https://www.ptsecurity.com/ww-en/analytics/atm-vulnerabilities-2018/\"\u003eATM Vulnerabilities 2018 Report (Positive Technologies)\u003c/a\u003e\n  - \u003ca href=\"https://www.ptsecurity.com/ww-en/about/news/atms-can-be-hacked-in-minutes/\"\u003eATMs Can Be Hacked in Minutes (Positive Technologies)\u003c/a\u003e\n  - \u003ca href=\"https://www.ptsecurity.com/ww-en/about/news/ncr-patches-atm-vulnerabilities/\"\u003eNCR Patches ATM Vulnerabilities (Positive Technologies)\u003c/a\u003e\n  - \u003ca href=\"https://blog.talosintelligence.com/2019/05/10-years-of-virtual-dynamite.html\"\u003e10 Years of Virtual Dynamite: ATM Malware Retrospective (Cisco Talos)\u003c/a\u003e\n  - \u003ca href=\"https://www.infosecinstitute.com/resources/penetration-testing/atm-penetration-testing/\"\u003eATM Penetration Testing (Infosec Institute)\u003c/a\u003e\n  - \u003ca href=\"https://www.infosecinstitute.com/resources/malware-analysis/tyupkin-atm-malware-analysis/\"\u003eTyupkin ATM Malware Analysis (Infosec Institute)\u003c/a\u003e\n  - \u003ca href=\"https://resources.infosecinstitute.com/topic/hacking-atms-new-wave-malware/\"\u003eHacking ATMs: New Wave of Malware (Infosec Institute)\u003c/a\u003e\n  - \u003ca href=\"https://www.infosecinstitute.com/resources/malware-analysis/jackpotting-malware/\"\u003eJackpotting Malware (Infosec Institute)\u003c/a\u003e\n  - \u003ca href=\"https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/adventures-in-atm-hacking/\"\u003eAdventures in ATM Hacking (Trustwave SpiderLabs)\u003c/a\u003e\n  - \u003ca href=\"https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/9-pen-testing-essentials-for-making-atms-less-hackable/\"\u003e9 Pen Testing Essentials for Making ATMs Less Hackable (Trustwave)\u003c/a\u003e\n  - \u003ca href=\"https://www.komodosec.com/post/atm-jackpotting-using-fileless-malware\"\u003eJackpotting ATM Attack: A Technical Breakdown (Komodo)\u003c/a\u003e\n  - \u003ca href=\"https://gbhackers.com/advanced-atm-penetration-testing-methods/\"\u003eAdvanced ATM Penetration Testing Methods (GBHackers)\u003c/a\u003e\n  - \u003ca href=\"https://medium.com/@redfanatic7/atm-hacking-advanced-methods-for-finding-security-vulnerabilities-7e01e71ffe96\"\u003eATM Hacking: Advanced Methods for Finding Security Vulnerabilities\u003c/a\u003e\n  - \u003ca href=\"https://shasaurabh.blogspot.com/2018/01/analyzing-atm-malwares.html\"\u003eAnalyzing ATM Malwares (XFS Analysis)\u003c/a\u003e\n  - \u003ca href=\"https://ruuand.github.io/ATM/\"\u003eATM Hacking Wiki (French)\u003c/a\u003e\n  - \u003ca href=\"https://krebsonsecurity.com/tag/atm-jackpotting/\"\u003eKrebsOnSecurity - ATM Jackpotting\u003c/a\u003e\n  - \u003ca href=\"https://www.itgovernance.eu/blog/en/tyupkin-atm-malware-banks-give-away-cash\"\u003eTyupkin ATM Malware: Banks Give Away Cash\u003c/a\u003e\n  - \u003ca href=\"https://www.scmagazine.com/news/atm-malware-tyupkin-found-on-over-50-machines-in-europe-spreads-to-u-s\"\u003eATM Malware Tyupkin Spreads to U.S. (SC Magazine)\u003c/a\u003e\n  - \u003ca href=\"https://www.malwarebytes.com/blog/news/2019/05/everything-you-need-to-know-about-atm-attacks-and-fraud-part-1\"\u003eEverything You Need to Know About ATM Attacks - Part 1 (Malwarebytes)\u003c/a\u003e\n  - \u003ca href=\"https://www.malwarebytes.com/blog/news/2019/08/atm-attacks-and-fraud-part-2\"\u003eATM Attacks and Fraud - Part 2 (Malwarebytes)\u003c/a\u003e\n  - \u003ca href=\"https://medium.com/@Charafeddine_/cracking-the-code-unmasking-the-ingenious-world-of-atm-hacking-part-1-introduction-21c40e53608f\"\u003eCracking the Code: ATM Hacking Series - Part 1 (Medium)\u003c/a\u003e\n  - \u003ca href=\"https://medium.com/@Charafeddine_/breaking-the-code-the-crafty-art-of-atm-manipulation-part-2-309125b6ba91\"\u003eCracking the Code: ATM Hacking Series - Part 2 (Medium)\u003c/a\u003e\n  - \u003ca href=\"https://medium.com/@Charafeddine_/cracking-the-code-xfs-integrity-controls-and-the-ongoing-battle-against-atm-malware-part-3-b7db1c5bd49b\"\u003eCracking the Code: XFS Integrity Controls - Part 3 (Medium)\u003c/a\u003e\n  - \u003ca href=\"https://medium.com/@Charafeddine_/cracking-the-code-escaping-kiosk-mode-and-unraveling-dispenser-board-firmware-insecurity-part-4-d17c0a7d7bfe\"\u003eCracking the Code: Escaping Kiosk Mode - Part 4 (Medium)\u003c/a\u003e\n  - \u003ca href=\"https://hackinglab.cz/en/blog/atm-security/\"\u003eATM Security (Hacking Lab CZ)\u003c/a\u003e\n  - \u003ca href=\"https://hackinglab.cz/en/blog/audit-atm-replay-attack/\"\u003eATM Replay Attack Audit (Hacking Lab CZ)\u003c/a\u003e\n  - \u003ca href=\"https://www.group-ib.com/blog/unc2891-bank-heist/\"\u003eUNC2891 Bank Heist Analysis (Group-IB)\u003c/a\u003e\n  - \u003ca href=\"https://sepiocyber.com/resources/whitepapers/atm-jackpotting/\"\u003eATM Jackpotting Whitepaper (Sepio Cyber)\u003c/a\u003e\n  - \u003ca href=\"https://www.cloudsek.com/blog/dark-web-and-atm-hacking\"\u003eDark Web and ATM Hacking (CloudSEK)\u003c/a\u003e\n\n\n- Presentations/Conferences/Papers\n  - \u003ca href=\"https://owasp.org/www-chapter-london/assets/slides/OWASPLondon_20180125Leigh_Anne_Galloway_TYunusov_Buy_Hack_ATM.pdf\"\u003eBuy Hack ATM - OWASP London (2018)\u003c/a\u003e\n  - \u003ca href=\"https://www.cybertrends.it/wp-content/uploads/pubblicazioni/atm-security-publication.pdf\"\u003eATM Security Publication (CyberTrends)\u003c/a\u003e\n  - \u003ca href=\"https://av.tib.eu/media/49767\"\u003eATM Security Video Presentation (TIB AV-Portal)\u003c/a\u003e\n  - \u003ca href=\"http://www.securitytube.net/video/1140\"\u003eJackpotting Automated Teller Machines Redux - Barnaby Jack (Black Hat 2010)\u003c/a\u003e\n  - \u003ca href=\"https://media.defcon.org/DEF%20CON%2018/\"\u003eDEF CON 18 Archive - Barnaby Jack Presentation\u003c/a\u003e\n  - \u003ca href=\"https://www.blackhat.com/docs/us-16/materials/us-16-Hecker-Hacking-Next-Gen-ATMs-From-Capture-To-Cashout.pdf\"\u003eHacking Next-Gen ATMs: From Capture to Cash-Out - Weston Hecker (Black Hat 2016)\u003c/a\u003e\n  - \u003ca href=\"https://github.com/fboldewin/ATM-Hacking-ISC2018/blob/master/ATM%20Hacking%20-%20ISC%20Beijing%20September%202018.pdf\"\u003eATM Hacking - Frank Boldewin (ISC Beijing 2018)\u003c/a\u003e\n  - \u003ca href=\"https://www.researchgate.net/publication/330133482_ATM_Security_A_case_study_of_Emerging_Threats\"\u003eATM Security: A Case Study of Emerging Threats (ResearchGate)\u003c/a\u003e\n  - \u003ca href=\"https://www.researchgate.net/publication/381325155_CAPABILITY_ANALYSIS_OF_ATM_MALWARE_USING_THE_CAPA_FOR_FORENSIC_INVESTIGATIONS\"\u003eCapability Analysis of ATM Malware Using CAPA (ResearchGate 2023)\u003c/a\u003e\n  - \u003ca href=\"https://www.irjet.net/archives/V8/i11/IRJET-V8I1180.pdf\"\u003eATM Hacking/Jackpotting – A Case Study (IRJET)\u003c/a\u003e\n  - \u003ca href=\"https://www.researchgate.net/publication/329836170_Malware_Analysis_and_Detection_Using_Reverse_Engineering_Technique\"\u003eMalware Analysis and Detection Using Reverse Engineering (ResearchGate)\u003c/a\u003e\n  - \u003ca href=\"https://se.jku.at/wp-content/uploads/2017/01/2016.ATM-Security.pdf\"\u003eA Risk Assessment of Logical Attacks on CEN/XFS (JKU)\u003c/a\u003e\n  - \u003ca href=\"https://global.ptsecurity.com/analytics/positive-research-2019\"\u003ePositive Research 2019 (ATM Section)\u003c/a\u003e\n  - \u003ca href=\"https://www.securityweek.com/atm-hacking-video-barnaby-jack-demonstrates-atm-hacking-black-hat-usa-2010/\"\u003eATM Hacking Video - Barnaby Jack Black Hat 2010 (SecurityWeek)\u003c/a\u003e\n  - \u003ca href=\"https://www.technologyreview.com/2013/07/29/83230/watch-the-atm-hacker-at-work/\"\u003eWatch the ATM Hacker at Work (MIT Technology Review)\u003c/a\u003e\n  - \u003ca href=\"https://threatpost.com/throwback-barnaby-jack-jackpotting-atms/101506/\"\u003eThrowback: Barnaby Jack Jackpotting ATMs (Threatpost)\u003c/a\u003e\n  - \u003ca href=\"https://www.computerworld.com/article/1544985/barnaby-jack-hits-atm-jackpot-at-black-hat.html\"\u003eBarnaby Jack Hits ATM Jackpot at Black Hat (Computerworld)\u003c/a\u003e\n  - \u003ca href=\"https://techcrunch.com/2020/08/06/hackers-atm-spit-cash/\"\u003eHackers Say Jackpotting Flaws Tricked ATMs Into Spitting Out Cash (TechCrunch)\u003c/a\u003e\n  - \u003ca href=\"https://www.darkreading.com/vulnerabilities-threats/slideshow-barnaby-jack-hits-the-jackpot-with-atm-hack\"\u003eBarnaby Jack Hits The Jackpot With ATM Hack (Dark Reading)\u003c/a\u003e\n  - \u003ca href=\"https://westoahu.hawaii.edu/cyber/vulnerability-research/vulnerabilities-weekly-summaries/jackpotting-the-wrong-type-of-jackpot/\"\u003eJackpotting, The Wrong Type of Jackpot (UH West Oahu)\u003c/a\u003e\n\n\n\n- Notes\n  - \u003ca href=\"https://ruuand.github.io/ATM/\"\u003eATM Hacking Wiki / Notes (French)\u003c/a\u003e\n  - \u003ca href=\"https://shasaurabh.blogspot.com/2018/01/analyzing-atm-malwares.html\"\u003eAnalyzing ATM Malwares Guide\u003c/a\u003e\n  - \u003ca href=\"https://www.cen.eu/work/areas/ICT/eBusiness/Pages/WS-XFS.aspx\"\u003eCEN/XFS Official Specification \u0026 SDK\u003c/a\u003e\n  - \u003ca href=\"https://en.wikipedia.org/wiki/CEN/XFS\"\u003eCEN/XFS Overview (Wikipedia)\u003c/a\u003e\n  - \u003ca href=\"https://www.kal.com/en/knowledge/articles/a-new-xfs-is-born-and-it-may-change-the-atm-world\"\u003eXFS4IoT - Next-Gen Standard (KAL)\u003c/a\u003e\n  - \u003ca href=\"https://www.cyber.nj.gov/threat-landscape/malware/atm-malware\"\u003eNJCCIC ATM Malware Threat Profiles\u003c/a\u003e\n  - \u003ca href=\"https://www.cyber.nj.gov/threat-profiles/atm-malware-variants/cutletmaker\"\u003eCutletMaker Malware Profile (NJCCIC)\u003c/a\u003e\n  - \u003ca href=\"https://web.archive.org/web/20211202180248/https://en.iguru.gr/atm-hacking-proigmenes-methodoi-gia-tin-evresi-kenon-asfaleias/\"\u003eAdvanced ATM Hacking Methods (Archived)\u003c/a\u003e\n  - \u003ca href=\"https://archive.is/20180603161506/https://gbhackers.com/advanced-atm-penetration-testing-methods/\"\u003eAdvanced ATM Penetration Testing Methods (Archived)\u003c/a\u003e\n  - \u003ca href=\"https://archive.is/p4LRZ\"\u003eATM Hacking Article (Archive.is)\u003c/a\u003e\n\n\n- Misc\n  - \u003ca href=\"https://github.com/ohkuom/awesome-atm-hacking\"\u003eAwesome ATM Hacking - Curated List (GitHub)\u003c/a\u003e\n  - \u003ca href=\"https://github.com/fboldewin/ATM-Hacking-ISC2018\"\u003eATM-Hacking-ISC2018 (GitHub)\u003c/a\u003e\n  - \u003ca href=\"https://github.com/KAL-ATM-Software\"\u003eKAL-ATM-Software / XFS4IoT Framework (GitHub)\u003c/a\u003e\n  - \u003ca href=\"https://github.com/threatrack/cti_report_collection\"\u003eCTI Report Collection - ATM Malware Reports (GitHub)\u003c/a\u003e\n  - \u003ca href=\"https://github.com/yeahhub/Hacking-Security-Ebooks\"\u003eHacking-Security-Ebooks (GitHub)\u003c/a\u003e\n  - \u003ca href=\"https://github.com/vallejocc/PoC-Fake-Msxfs\"\u003ePoC-Fake-Msxfs (GitHub)\u003c/a\u003e\n  - \u003ca href=\"https://github.com/arsene0121/XFS.Net\"\u003eXFS.Net - .NET Wrapper for CEN/XFS (GitHub)\u003c/a\u003e\n  - \u003ca href=\"https://github.com/mortezabarzkar/XFS4NET\"\u003eXFS4NET (GitHub)\u003c/a\u003e\n  - \u003ca href=\"https://github.com/Kelvinkins/CoreXfs\"\u003eCoreXfs (GitHub)\u003c/a\u003e\n  - \u003ca href=\"https://github.com/topics/atm\"\u003eATM Topic on GitHub\u003c/a\u003e\n  - \u003ca href=\"https://cloud.google.com/blog/topics/threat-intelligence/unc2891-overview/\"\u003eUNC2891 Threat Intelligence Overview (Google Cloud)\u003c/a\u003e\n  - \u003ca href=\"https://www.atmia.com/\"\u003eATMIA (ATM Industry Association)\u003c/a\u003e\n  - \u003ca href=\"https://www.netspi.com/netspi-ptaas/hardware-systems/atm/\"\u003eNetSPI ATM Penetration Testing\u003c/a\u003e\n  - \u003ca href=\"https://sepiocyber.com/resources/whitepapers/atm-jackpotting/\"\u003eSepio ATM Jackpotting Whitepaper\u003c/a\u003e\n  - \u003ca href=\"https://www.retail-fcl.com/2018/11/20/atm-hacking-report-scenarios-from-2018-atm-hacks/\"\u003eATM Hacking Report: Scenarios from 2018 ATM Hacks\u003c/a\u003e\n  - \u003ca href=\"https://www.cardsinternational.com/special-reports/positive-technologies-atm-vulnerabilities/\"\u003ePositive Technologies ATM Vulnerabilities Report\u003c/a\u003e\n  - \u003ca href=\"https://www.technadu.com/atm-malware-evolution-deployment/69183/\"\u003eA Decade of ATM Malware Evolution and Deployment\u003c/a\u003e\n\n\n- Videos\n  - \u003ca href=\"https://www.youtube.com/watch?v=q5tQWe6YsLM\"\u003eATM Hacking Presentation\u003c/a\u003e\n  - \u003ca href=\"https://www.youtube.com/watch?v=auoEA8ZD8YA\"\u003eATM Security Analysis\u003c/a\u003e\n  - \u003ca href=\"https://www.youtube.com/watch?v=l-cplhlRF2k\"\u003eATM Exploitation Techniques\u003c/a\u003e\n  - \u003ca href=\"https://www.youtube.com/watch?v=mll8_0cKXRg\"\u003eATM Malware Analysis\u003c/a\u003e\n  - \u003ca href=\"https://www.youtube.com/watch?v=Ff-0zXTYhuA\"\u003eATM Jackpotting Demo\u003c/a\u003e\n  - \u003ca href=\"https://www.youtube.com/watch?v=9H0SKHJ5tNk\"\u003eATM Security Research\u003c/a\u003e\n  - \u003ca href=\"https://www.youtube.com/watch?v=ThPJrPf7O2s\u0026t=354s\"\u003eATM Hacking Talk\u003c/a\u003e\n  - \u003ca href=\"https://www.youtube.com/watch?v=kno0vDhbb7Y\"\u003eATM Penetration Testing\u003c/a\u003e\n\n  \u003cbr\u003e\n  \u003cbr\u003e\n\n  # AirCraft Hacking\n\n  ## Books \u0026 Whitepapers\n\n  * [Aviation Cybersecurity: Foundations, Principles, and Applications](https://www.amazon.com/Aviation-Cybersecurity-Foundations-principles-applications/dp/1839533218)\n  * [Cyber-Security Challenges in Aviation Industry: A Review of Current and Future Trends (MDPI 2022)](https://www.mdpi.com/2078-2489/13/3/146)\n  * [Assessing Aircraft Security: A Comprehensive Survey and Methodology for Evaluation (ACM 2023)](https://dl.acm.org/doi/10.1145/3610772)\n  * [Building an Avionics Laboratory for Cybersecurity Testing (Martin Strohmeier PDF)](https://lenders.ch/publications/conferences/cset22.pdf)\n  * [A Review on Cybersecurity Vulnerabilities for Urban Air Mobility (NASA PDF)](https://ntrs.nasa.gov/api/citations/20205011115/downloads/A Review of Cybersecurity Vulnerabilities for UAM Final Draft.pdf)\n  * [Cyber-Security Challenges in Aviation Industry Survey (arXiv PDF)](https://arxiv.org/pdf/2107.04910)\n  * [A Framework for Aviation Cybersecurity (ResearchGate)](https://www.researchgate.net/publication/329477408_A_Framework_for_Aviation_Cybersecurity)\n  * [Cyber Security Challenges in Aviation Communication, Navigation, and Surveillance (ScienceDirect)](https://www.sciencedirect.com/science/article/abs/pii/S0167404821003400)\n  * [Aviation Cybersecurity: An Overview (Craiger \u0026 Kessler, Embry-Riddle 2018)](https://commons.erau.edu/cgi/viewcontent.cgi?article=1191\u0026context=ntas)\n  * [ARINC 429 Cyber-vulnerabilities and Voltage Data in Hardware-in-the-Loop Simulator (2024)](https://ui.adsabs.harvard.edu/abs/2024arXiv240816714T/abstract)\n  * [Cyber Risk Landscape of the Global Aviation Industry 2024 (SecurityScorecard)](https://securityscorecard.com/company/press/cyber-risk-landscape-of-the-global-aviation-industry-2024/)\n  * [Commercial Aviation Cybersecurity Threats in 2025 (Airways Magazine)](https://www.airwaysmag.com/new-post/aviation-cybersecurity-threats-in-2025)\n  * [The Types of Hackers and Cyberattacks in the Aviation Industry (Journal of Transportation Security 2024)](https://link.springer.com/article/10.1007/s12198-024-00281-9)\n  * [FAA Penetration Testing Training \u0026 Outreach (PDF)](https://www.faa.gov/sites/faa.gov/files/air_traffic/technology/cas/ct/ct2.pdf)\n  * [Hugo Teso: Aircraft Hacking - Practical Aero Series (HITB 2013 PDF)](https://conference.hitb.org/hitbsecconf2013ams/materials/D1T1 - Hugo Teso - Aircraft Hacking - Practical Aero Series.pdf)\n  * [Simulating ADS-B and CPDLC Messages with SDR (DiVA Portal PDF)](https://www.diva-portal.org/smash/get/diva2:1442163/FULLTEXT01.pdf)\n  * [Connected Aircraft: Cyber-Safety Risks, Insider Threat (University of Hawaii PDF)](https://scholarspace.manoa.hawaii.edu/bitstream/10125/59759/1/0319.pdf)\n  * [Phil Polstra: Cyber-hijacking Airplanes - Truth or Fiction (DEF CON 22 PDF)](https://defcon.org/images/defcon-22/dc-22-presentations/Polstra/DEFCON-22-Phil-Polstra-Cyber-hijacking-Airplanes-Truth-or-Fiction-Updated.pdf)\n  * [Brad RenderMan Haines: Hackers + Airplanes (DEF CON 20 PDF)](https://defcon.org/images/defcon-20/dc-20-presentations/Renderman/DEFCON-20-RenderMan-Hackers-plus-Airplanes.pdf)\n  * [UAV Exploitation: A New Domain for Cyber Power (CCDCOE PDF)](https://ccdcoe.org/uploads/2018/10/Art-13-UAV-Exploitation-A-New-Domain-for-Cyber-Power.pdf)\n  * [Unmanned Aircraft Systems (UAS) in the Cyber Domain (New Prairie Press PDF)](https://newprairiepress.org/cgi/viewcontent.cgi?filename=3\u0026article=1021\u0026context=ebooks\u0026type=additional)\n  * [Cyber Threats to US Aviation (Homeland Security Perspectives Journal PDF)](https://hnspjournal.org/wp-content/uploads/2023/01/jhnsp-7.1-final-draft-cyber-threats-us-aviation-schafer-january-2023-3.pdf)\n  * [GAO Report: Aviation Cybersecurity - FAA Should Fully Implement Key Practices (PDF)](https://www.gao.gov/assets/gao-21-86.pdf)\n  * [Cybersecurity in Aviation: Addressing Cybersecurity Challenges (Critical Software PDF)](https://criticalsoftware.com/multimedia/common/UXqMH8QWb-CSW_WhitePaper_Aviation_Cybersecurity_in_Aviation.pdf)\n  * [Aviation Cybersecurity: Scoping the Challenge (Atlantic Council PDF)](https://www.atlanticcouncil.org/wp-content/uploads/2019/12/AVIATION-CYBERSECURITY-12-19-.pdf)\n  * [Civil Aviation and CyberSecurity (National Academies PDF)](https://sites.nationalacademies.org/cs/groups/depssite/documents/webpage/deps_084768.pdf)\n  * [SAE Standards on Cybersecurity - Aviation Framework (PDF)](https://www.sae.org/binaries/content/assets/cm/content/attend/2017/aerospace-standards-summit/standards_on_cybersecurity.pdf)\n  * [Avionics Cybersecurity Research Test Bed (INL Factsheet PDF)](https://factsheets.inl.gov/FactSheets/Avionics%20Cybersecurity%20Research%20Test%20Bed.pdf)\n  * [Avionics Cyber Test and Evaluation (ITEA PDF)](https://itea.org/images/pdf/conferences/2016 Symposium/2016_Sym_Proceedings/Nichols Avionics Cyber TE.pdf)\n  * [Safety vs. Security: Attacking Avionic Systems with Humans in the Loop (arXiv PDF)](https://lenders.ch/publications/reports/arxiv19.pdf)\n  * [Vulnerability Assessment for Security in Aviation Cyber-Physical Systems (ResearchGate PDF)](https://www.researchgate.net/profile/Sathish-Kumar-26/publication/318669860_Vulnerability_Assessment_for_Security_in_Aviation_Cyber-Physical_Systems/links/59f139c2aca272cdc7ce0a44/Vulnerability-Assessment-for-Security-in-Aviation-Cyber-Physical-Systems.pdf)\n  * [FAA Aircraft Systems Information Security/Protection (ASISP) R\u0026D (PDF)](https://www.faa.gov/sites/faa.gov/files/2022-08/nopsSC-Sep2020-AircraftSystemsInformationSecurityProtection(ASISP)R\u0026D.pdf)\n  * [Airport Security Vulnerability Assessments Guidebook (PARAS PDF)](https://www.sskies.org/images/uploads/subpage/PARAS_0016.SVAGuidebook__.Final__.pdf)\n  * [ICAO Aviation Cybersecurity Strategy (PDF)](https://www.icao.int/sites/default/files/Meetings/a42/Documents/AVIATION-CYBERSECURITY-STRATEGY.EN_.pdf)\n  * [IATA Cyber Security Presentation (PDF)](https://www.aaco.org/Library/Assets/Cyber Security by Shawn Goudge - IATA-103603.pdf)\n  * [Deep Learning for Large-Scale Real-World ACARS and ADS-B Radio Signal Classification (arXiv PDF)](https://arxiv.org/pdf/1904.09425)\n  * [On the Security of Satellite-Based Air Traffic Control (ADS-C) (NDSS 2024 PDF)](https://www.ndss-symposium.org/wp-content/uploads/spacesec2024-22-paper.pdf)\n  * [ADS-B and ADS-C Communication in the Light of Digitalisation (SKYbrary PDF)](https://skybrary.aero/sites/default/files/bookshelf/4871.pdf)\n  * [Securing the Air-Ground Link in Aviation (Oxford PDF)](https://www.cs.ox.ac.uk/files/13226/chapter-revision.pdf)\n  * [Evaluating the Security of Aircraft Systems (arXiv PDF)](https://arxiv.org/pdf/2209.04028)\n  * [Economy Class Crypto: Exploring Weak Cipher in Aviation (Oxford PDF)](http://www.cs.ox.ac.uk/files/9693/fc-paper.pdf)\n  * [On the Implications of Spoofing and Jamming Aviation Datalink Applications (ACSAC PDF)](https://aanjhan.com/assets/sathaye22_acsac.pdf)\n  * [The ADS-B Protocol and Its Weaknesses (DiVA Portal PDF)](http://www.diva-portal.org/smash/get/diva2:1464430/FULLTEXT01.pdf)\n\n## Courses\n\n  * [DEF CON Aerospace Village (Annual)](https://www.aerospacevillage.org/)\n  * [IATA Aviation Cyber Security (Classroom)](https://www.iata.org/en/training/courses/aviation-cyber-security/tscs59/en/)\n  * [IATA Aviation Cyber Security (Virtual Classroom)](https://www.iata.org/en/training/courses/aviation-cyber-security-virtual/tscs59/en/)\n  * [IATA Aviation Cyber Security Management Diploma](https://www.iata.org/en/training/courses/diploma_programs/aviation-cyber-security-management-diploma/142/)\n  * [Tonex Aviation Cybersecurity Training Bootcamp](https://www.tonex.com/training-courses/aviation-cybersecurity-training-bootcamp/)\n  * [ICAO Foundations of Aviation Cybersecurity Leadership and Technical Management](https://igat.icao.int/ated/trainingCatalogue/Course/5131)\n  * [AIAA Aviation Cybersecurity Management Course](https://aiaa.org/courses/aviation-cybersecurity/)\n  * [UK CAA Aviation Cybersecurity Oversight Training](https://caainternational.com/course/aviation-cybersecurity-oversight/)\n  * [Aviation Cybersecurity Training (Airline-Cybersecurity.ch)](https://www.airline-cybersecurity.ch/Airline_Cybersecurity_Training.html)\n  * [Aviation eLearning: Cyber Security in Aviation](https://ael.aero/courses/general/cyber-security-in-aviation/)\n  * [JAA TO Aviation Cyber Security](https://jaato.com/courses/1013/aviation-cyber-security/)\n\n## Labs\n\n  * [DEF CON Aerospace Village: Drone Hacking Activity](https://www.aerospacevillage.org/defcon-32-activites)\n  * [DEF CON Aerospace Village: ADS-B Receiver Building Workshop (Raspberry Pi + RTL-SDR)](https://www.aerospacevillage.org/defcon-32-workshop-schedule)\n  * [DEF CON Aerospace Village: Aviation Infrastructure Cyber Defense Challenges](https://www.aerospacevillage.org/defcon-33/def-con-33-activites)\n  * [DEF CON Aerospace Village: Offensive Cybersecurity in Space Workshop](https://www.aerospacevillage.org/defcon-31-activities)\n  * [RTL-SDR Tutorial: Receiving Airplane Data with ACARS](https://www.rtl-sdr.com/rtl-sdr-radio-scanner-tutorial-receiving-airplane-data-with-acars/)\n  * [ACARS Decoding Guide (thebaldgeek)](https://thebaldgeek.github.io/vhf-acars.html)\n  * [Lightweight ACARS Decoders for RTL-SDR (One Transistor)](https://www.onetransistor.eu/2018/04/lightweight-acars-decoders-for-rtl-sdr.html)\n  * [Decoding ADSC, ADSB, ACARS, VDL2, Iridium, HF-DL Messages](https://thebaldgeek.github.io/)\n\n## Blogs \u0026 Series\n\n  * [ACARS Under the Hacker's Magnifier: Aviation Security, SDR Fun (Medium 2025)](https://medium.com/@Cid_Kagenou/acars-under-the-hackers-magnifier-aviation-security-sdr-fun-and-why-encryption-matters-part-84c4cfbd35dc)\n  * [RTL-SDR ACARS Tag Articles](https://www.rtl-sdr.com/tag/acars/)\n  * [Frugal Radio: How To Decode L-band Satellite ACARS and CPDLC Messages](https://www.rtl-sdr.com/frugal-radio-how-to-decode-l-band-satellite-acars-and-cpdlc-messages-with-jaero-and-your-sdr/)\n  * [More on Chris Roberts and Avionics Security (Schneier on Security)](https://www.schneier.com/blog/archives/2015/05/more_on_chris_r.html)\n  * [Greatest Cyber Threats to Aircraft Come from the Ground (CSO Online)](https://www.csoonline.com/article/644636/greatest-cyber-threats-to-aircraft-come-from-the-ground.html)\n  * [Skyhacked (Flight Safety Australia 2017)](https://www.flightsafetyaustralia.com/2017/11/skyhacked/)\n  * [Hacker Uses Android to Remotely Attack and Hijack an Airplane (Computerworld)](https://www.computerworld.com/article/1499332/hacker-uses-an-android-to-remotely-attack-and-hijack-an-airplane.html)\n  * [Boeing, IFE Experts Hit Back at Hacker Claims (Runway Girl Network)](https://runwaygirlnetwork.com/2015/05/boeing-ife-experts-hit-back-at-hacker-claims-in-fbi-report/)\n  * [The Serious Threat of GPS Spoofing: An Analysis (Aviation Week)](https://aviationweek.com/business-aviation/safety-ops-regulation/serious-threat-gps-spoofing-analysis)\n  * [Intel Brief on GPS Spoofing and Jamming in Aviation (Dyami Services)](https://www.dyami.services/post/intel-brief-on-gps-spoofing-and-jamming-in-aviation)\n  * [What is GPS Spoofing in Aviation (APG)](https://flyapg.com/blog/what-is-gps-spoofing)\n  * [GNSS Jamming and Spoofing (SKYbrary)](https://skybrary.aero/articles/gnss-jamming-and-spoofing)\n  * [GPS Spoofing: Should Operators Be Concerned? (NBAA 2024)](https://nbaa.org/news/business-aviation-insider/2024-03/gps-spoofing-should-operators-be-concerned/)\n  * [GPS Spoofing - A Growing Risk for Flight Safety (EASA Community)](https://www.easa.europa.eu/community/topics/gps-spoofing-growing-risk-flight-safety-thomas-hytten-caa-norway)\n  * [GPS Spoofing and Jamming: Can We Keep Aviation On Track?](https://www.airtraffictechnologyinternational.com/content/in-depth/gps-spoofing-and-jamming-can-we-keep-aviation-on-track)\n  * [Mitigating the Effects on Aircraft of GNSS Jamming and Spoofing (AIN 2025)](https://www.ainonline.com/aviation-news/air-transport/2025-01-03/mitigating-effects-gnss-jamming-and-spoofing)\n  * [Manipulated GNSS Signals: Implications for Pilots (ECA)](https://www.eurocockpit.eu/news/manipulated-gnss-signals-implications-pilots)\n  * [Inertial Reference Systems - GPS Spoofing/Jamming Solutions (Honeywell)](https://aerospace.honeywell.com/us/en/about-us/blogs/spoofing-and-jamming)\n  * [The Cybersecurity Challenges of Modern Aviation Systems (NXLog Blog)](https://nxlog.co/news-and-blog/posts/the-cybersecurity-challenges-of-modern-aviation-systems)\n  * [Aviation and Aerospace Sectors Face Skyrocketing Cyber Threats (Resecurity)](https://www.resecurity.com/blog/article/the-aviation-and-aerospace-sectors-face-skyrocketing-cyber-threats)\n  * [Advancing Aviation Cybersecurity Through Collective Action (TAC)](https://thetac.tech/together-against-threats-advancing-aviation-cybersecurity-through-collective-action/)\n\n## Presentations \u0026 Conferences\n\n  * [DEF CON 32 Aerospace Village Activities](https://www.aerospacevillage.org/defcon-32-activites)\n  * [DEF CON 33 Aerospace Village Activities (2025)](https://www.aerospacevillage.org/def-con-33/def-con-33-activites)\n  * [DEF CON 31 Aerospace Village Talk Schedule](https://www.aerospacevillage.org/defcon-31-talks)\n  * [DEF CON 29 Aerospace Village Videos (Space \u0026 Cybersecurity)](https://www.spacesecurity.info/en/def-con-29-aerospace-village-videos/)\n  * [Hugo Teso: Aircraft Hacking - Practical Aero Series (HITB 2013)](https://pdfslide.net/documents/d1t1-hugo-teso-aircraft-hacking-practical-aero-series.html)\n  * [Aviation Cybersecurity Conference September 2025 London (Cyber Senate)](https://cybersenate.com/aviation-cybersecurity-conference-cyber-senate/)\n  * [RSA Conference: Securing Aviation Systems with Cybersecurity](https://www.rsaconference.com/library/blog/securing-aviation-systems-with-cybersecurity)\n  * [Black Hat USA 2024 \u0026 DEF CON 32 August 2025 Las Vegas](https://blackhat.com/us-24/defcon.html)\n  * [Vulnerability Assessment for Security in Aviation Cyber-Physical Systems (IEEE)](https://ieeexplore.ieee.org/document/7987190)\n  * [Pen Test Partners Events \u0026 Speaking](https://www.pentestpartners.com/events-and-speaking/)\n  * [EASA Compilation of Aviation Cybersecurity Videos](https://www.easa.europa.eu/community/topics/compilation-aviation-cybersecurity-videos)\n\n## Videos\n\n  * [EASA Aviation Cybersecurity Videos Compilation](https://www.easa.europa.eu/community/topics/compilation-aviation-cybersecurity-videos)\n  * [Mentour Pilot: Can Aircraft be Hacked?!](https://www.youtube.com/results?search_query=mentour+pilot+aircraft+hacked)\n  * [ICAO Secretary General: Cyber-Security in Aviation](https://www.youtube.com/results?search_query=ICAO+cybersecurity+aviation)\n  * [TomoNews US: Aircraft Hacking Vulnerabilities](https://www.youtube.com/results?search_query=TomoNews+aircraft+hacking)\n  * [Aviation Cybersecurity Tutorial Series](https://www.youtube.com/results?search_query=aviation+cybersecurity+tutorial)\n\n## Tools \u0026 Frameworks\n\n**ADS-B Reception \u0026 Decoding:**\n  * [dump1090: Mode S Decoder for RTLSDR Devices](https://github.com/antirez/dump1090)\n  * [dump1090-fa: FlightAware's Fork of dump1090](https://github.com/flightaware/dump1090)\n  * [PiAware: FlightAware's Raspberry Pi Flight Tracking Software](https://flightaware.com/adsb/piaware/)\n  * [FlightAware Ground Station Network](https://flightaware.com/)\n  * [tar1090: Web Interface for dump1090](https://github.com/wiedehopf/tar1090)\n  * [Virtual Radar Server: Aircraft Tracking Web Interface](https://www.virtualradarserver.co.uk/)\n\n**ACARS Decoders:**\n  * [acarsdec: Multi-Channel ACARS Decoder with RTL-SDR Support](https://github.com/TLeconte/acarsdec)\n  * [AcarsDeco2: ACARS Decoder for Windows/Linux/Raspberry Pi/OS X](https://www.acarsd.org/)\n  * [JAERO: L-band Satellite ACARS Decoder](https://github.com/jontio/JAERO)\n  * [dumpvdl2: VDL Mode 2 Message Decoder](https://github.com/szpajder/dumpvdl2)\n  * [dumphfdl: HF Data Link Protocol Decoder](https://github.com/szpajder/dumphfdl)\n\n**SDR Hardware:**\n  * [RTL-SDR Blog V3: USB DVB-T Software Defined Radio](https://www.rtl-sdr.com/buy-rtl-sdr-dvb-t-dongles/)\n  * [FlightAware Pro Stick Plus: Optimized ADS-B USB Receiver](https://flightaware.com/adsb/prostick/)\n  * [Airspy: High Performance SDR](https://airspy.com/)\n  * [HackRF One: Software Defined Radio Platform](https://greatscottgadgets.com/hackrf/)\n  * [BladeRF: Software Defined Radio Platform](https://www.nuand.com/)\n\n**Aircraft Tracking Platforms:**\n  * [FlightRadar24: Real-Time Flight Tracking](https://www.flightradar24.com/)\n  * [ADS-B Exchange: Unfiltered Flight Tracking](https://www.adsbexchange.com/)\n  * [OpenSky Network: Open Air Traffic Data](https://opensky-network.org/)\n  * [RadarBox: Live Flight Tracker](https://www.radarbox.com/)\n\n**Analysis \u0026 Research Tools:**\n  * [GNU Radio: Software Defined Radio Framework](https://www.gnuradio.org/)\n  * [SDR#: Popular SDR Software for Windows](https://airspy.com/download/)\n  * [GQRX: SDR Software for Linux/Mac](https://gqrx.dk/)\n  * [Wireshark: Network Protocol Analyzer (with aviation protocol dissectors)](https://www.wireshark.org/)\n\n**Aviation Security Testing:**\n  * [Metasploit Pro: Penetration Testing Framework](https://www.metasploit.com/)\n  * [BackTrack Tools: Vulnerability Assessment Tools](https://www.backtrack-linux.org/)\n\n## Notes\n\n  * **2024-2025 Statistics:** Cyberattacks on aviation increased by 74% since 2020; aviation industry experienced 24% increase in cyber attacks with 55 reported incidents in 2022\n  * **Global Threat Landscape:** Aviation industry averages a \"B\" cybersecurity rating; organizations with B rating are 2.9x more likely to suffer data breaches than those with A rating\n  * **Major Incidents (2024-2025):** Arab Civil Aviation Organization (ACAO) breach in February 2025; ICAO data breach with 42,000 documents exposed; Japan Airlines attack in December 2024 disrupting baggage services; Seattle-Tacoma Airport Rhysida ransomware attack in 2024\n  * **Breach Statistics:** In global aviation systems, breaches caused by hacking or information leakage increased from 4% in 2010 to 81% in 2024\n  * **Attack Vectors:** DDoS attacks represent 25% of cyber incidents targeting airlines and airports; GPS spoofing exploits weaknesses in aircraft navigation systems; malicious acts from hostile operators on ground or flight operations\n  * **ACARS Vulnerabilities:** ACARS transmits at 131.550 MHz unencrypted; has no encryption (messages sent in plain sight), no authentication (receiver can't verify sender), no integrity (no signature or hash)\n  * **ADS-B Security Issues:** ADS-B broadcasts detailed aircraft information (position, velocity, identity) over unencrypted data links; susceptible to eavesdropping, spoofing, and injection attacks\n  * **ARINC 429 Protocol:** Ubiquitous data bus for civil avionics lacks any form of encryption or authentication; inherently insecure communication protocol vulnerable to denial-of-service attacks\n  * **GPS Spoofing/Jamming:** GPS jamming prevents receivers from locking onto satellite signals; spoofing broadcasts counterfeit signals causing false positioning; particularly affects conflict zones (Black Sea, Middle East)\n  * **Effects on Aircraft Systems:** GPS spoofing can disable Inertial Reference System (IRS), cause failures in GPS Clock, Weather Radar, ADS-B, and Terrain Warning Systems; FMS can show aircraft more than 60nm off-track\n  * **Detection Indicators:** GPS position suddenly 100+ nm from FMS position; abnormally low groundspeed readings; significant difference between GPS altitude and actual altitude\n  * **Notable Researchers:** Hugo Teso (n.runs Professionals) demonstrated aircraft hacking via FMS computers and ACARS at HITB 2013; Chris Roberts (One World Labs) claimed IFE system hacks on 15-20 flights between 2011-2014\n  * **Industry Response:** Boeing and Airbus state IFE systems are isolated from flight and navigation systems; third-party penetration testing allowed during aircraft development; grey-box testing mimics malicious passenger actions\n  * **DEF CON Aerospace Village:** Annual gathering featuring drone hacking workshops, ADS-B receiver building using Raspberry Pi + RTL-SDR, aviation infrastructure cyber defense challenges, offensive space cybersecurity sessions\n  * **Lab Setup:** Use RTL-SDR ($20-$30) with dump1090/PiAware for ADS-B reception; acarsdec/JAERO for ACARS decoding; GNU Radio for signal analysis; Raspberry Pi for portable tracking stations\n  * **Countermeasures:** Signal strength monitoring, time-of-arrival analysis, cryptographic authentication, multiple satellite navigation systems for cross-verification, enhanced pilot training, backup navigation systems\n  * **Regulatory Bodies:** FAA provides penetration testing training; ICAO offers cybersecurity leadership courses; EASA publishes aviation cybersecurity guidance; IATA provides industry-standard training programs\n  * **Research Institutions:** Embry-Riddle's Center for Aerospace Resilient Systems (CARS) researches AI/ML for aviation cybersecurity defense; SecurityScorecard conducts industry-wide cybersecurity assessments\n  * **Legal Warning:** Unauthorized access to aircraft systems, jamming GPS signals, or interfering with aviation communications is illegal and dangerous. All research must be conducted in authorized lab environments with proper permissions\n  * **Testing Limitations:** Conducting penetration tests on live aviation systems could impact operations and present safety risks; testing must use controlled environments with simulated systems\n  * **Ethical Considerations:** Aviation security research should be conducted responsibly with coordinated disclosure to manufacturers and regulatory bodies; focus on defensive understanding and improving aviation safety\n  * **Hardware Requirements:** RTL-SDR V3 or FlightAware dongles for VHF ACARS (blue dongles filtered for 1090 MHz ADS-B will not work on VHF-ACARS); appropriate antennas for 1090 MHz (ADS-B) and 131.550 MHz (ACARS)\n  * **Best Practices:** Build receiving stations for passive monitoring only; never transmit on aviation frequencies; contribute data to open networks (FlightAware, ADS-B Exchange, OpenSky) for research purposes\n  * **Future Trends:** AI integration in aviation cybersecurity defense; quantum-resistant cryptography for aviation communications; enhanced authentication protocols for ACARS/ADS-B replacement systems\n\n\u003cbr\u003e\n\u003cbr\u003e\n\n# AI Hacking\n\n## Books \u0026 Whitepapers\n\n  * [Not with a Bug, But with a Sticker (Book)](https://www.google.com/search?q=https://www.wiley.com/en-us/Not%2Bwith%2Ba%2BBug,%2BBut%2Bwith%2Ba%2BSticker:%2BAttacks%2Bon%2BMachine%2BLearning%2BSystems%2Band%2BWhat%2BTo%2BDo%2BAbout%2BThem-p-9781119883982)\n  * [Hacking Artificial Intelligence (Book)](https://www.google.com/search?q=https://www.amazon.com/Hacking-Artificial-Intelligence-Deepfakes-Learning/dp/1538155083)\n  * [Redefining Hacking (Book)](https://www.amazon.com/-/he/Redefining-Hacking-Comprehensive-Teaming-AI-driven/dp/0138363617)\n  * [Large Language Models in Cybersecurity (Book)](https://www.practical-devsecops.com/best-ai-security-books/)\n  * [Hands-On Large Language Models (Book)](https://www.practical-devsecops.com/best-ai-security-books/)\n  * [Jailbreaking Large Language Models via Logic Chain Injection (Arxiv)](https://arxiv.org/html/2409.09493v2)\n  * [Arxiv Paper 2508.21669](https://arxiv.org/pdf/2508.21669)\n  * [LLM Agents can Autonomously Hack Websites (Whitepaper)](https://medium.com/@danieldkang/llm-agents-can-autonomously-hack-websites-ab33fadb3062)\n  * [NIST AI 100-2e2025: Adversarial Machine Learning Taxonomy (Updated 2025)](https://nvlpubs.nist.gov/nistpubs/ai/NIST.AI.100-2e2023.pdf)\n  * [CISO's GenAI Security Blueprint: 2025 OWASP Top 10 LLM Risks (Securiti Whitepaper)](https://securiti.ai/whitepapers/ciso-genai-security-owasp-top-10-llm-risks/)\n  * [Securing AI Systems: A Guide to Known Attacks and Impacts (Arxiv 2025)](https://arxiv.org/html/2506.23296v1)\n  * [A Comprehensive Review of Adversarial Attacks and Defense Strategies (MDPI 2025)](https://www.mdpi.com/2227-7080/13/5/202)\n  * [Dataset \u0026 Lessons: 2024 SaTML LLM CTF (Arxiv)](https://arxiv.org/html/2406.07954v1)\n  * [Prompt Injection Attacks in Defended Systems (Arxiv)](https://arxiv.org/html/2406.14048v1)\n  * [Multi-Chain Prompt Injection Attacks (WithSecure Labs)](https://labs.withsecure.com/publications/multi-chain-prompt-injection-attacks)\n  * [Adversarial Machine Learning and Cybersecurity (Georgetown CSET)](https://cset.georgetown.edu/publication/adversarial-machine-learning-and-cybersecurity/)\n  * [Prompt Hacking in LLMs 2024-2025 Literature Review](https://www.rohan-paul.com/p/prompt-hacking-in-llms-2024-2025)\n\n## Courses\n\n  * [HTB Academy: AI Red Teamer Path](https://academy.hackthebox.com/path/preview/ai-red-teamer)\n  * [HTB Academy: Introduction to Red Teaming AI](https://academy.hackthebox.com/course/preview/introduction-to-red-teaming-ai)\n  * [Antisyphon: Hacking AI/LLM Applications Workshop](https://www.antisyphontraining.com/product/workshop-hacking-ai-llm-applications-with-brian-fehrman-joff-thyer-and-derek-banks/)\n  * [Udemy: Hands-on AI LLM Red Teaming](https://www.udemy.com/course/hands-on-ai-llm-red-teaming/)\n  * [Udemy: OWASP Top 10 for LLM Applications 2025](https://www.udemy.com/course/owasp-top-10-for-llm-applications-2025/?couponCode=CP251118G4)\n  * [SANS SEC545: GenAI and LLM Application Security](https://www.sans.org/cyber-security-courses/genai-llm-application-security/)\n  * [TCM Security: AI Hacking 101](https://academy.tcm-sec.com/p/ai-hacking-101)\n  * [Microsoft AI Red Team Training Series](https://learn.microsoft.com/en-us/security/ai-red-team/training)\n  * [NVIDIA: Exploring Adversarial Machine Learning (Self-Paced)](https://developer.nvidia.com/blog/ai-red-team-machine-learning-security-training/)\n  * [DeepLearning.AI: Red Teaming LLM Applications](https://www.deeplearning.ai/short-courses/red-teaming-llm-applications/)\n  * [Learn Prompting: AI Red Teaming and AI Security Masterclass](https://maven.com/learn-prompting-company/ai-red-teaming-and-ai-safety-masterclass)\n  * [OffSec: LLM \u0026 AI Training for Red Teams](https://www.offsec.com/learning/paths/llm-red-teaming/)\n  * [Practical DevSecOps: Certified AI Security Professional (CAISP)](https://www.practical-devsecops.com/best-ai-security-books/)\n  * [Tonex: Certified AI Penetration Tester – Red Team (CAIPT-RT)](https://www.tonex.com/training-courses/certified-ai-penetration-tester-red-team-caipt-rt/)\n\n## Labs\n\n  * [TryHackMe: Output Handling and Privacy Risks](https://tryhackme.com/room/outputhandlingandprivacyrisks)\n  * [PortSwigger: Web LLM Attacks](https://portswigger.net/web-security/learning-paths/llm-attacks)\n  * [Gandalf by Lakera](https://gandalf.lakera.ai/)\n  * [Dreadnode Crucible](https://dreadnode.io/)\n  * [OWASP FinBot CTF](https://genai.owasp.org/)\n  * [Microsoft AI Red Teaming Playground](https://github.com/microsoft/AI-Red-Teaming-Playground-Labs)\n  * [SaTML 2024 LLM CTF Competition](https://ctf.spylab.ai/)\n  * [Bishop Fox's Local LLM CTF Lab](https://bishopfox.com/blog/ready-to-hack-an-llm-our-top-ctf-recommendations)\n  * [WithSecure Workout Planner CTF Challenge](https://myllmdoc.com)\n  * [CTF Prompt Injection (GitHub Lab)](https://github.com/CharlesTheGreat77/ctf-prompt-injection)\n  * [Steve's Chat Playground (Browser-Based Sandbox)](https://labs.withsecure.com/publications/multi-chain-prompt-injection-attacks)\n  * [Wild LLaMa (Prompt Engineering Mini-Game)](https://bishopfox.com/blog/ready-to-hack-an-llm-our-top-ctf-recommendations)\n  * [Damn Vulnerable LLM Agent](https://bishopfox.com/blog/ready-to-hack-an-llm-our-top-ctf-recommendations)\n\n## Blogs \u0026 Series\n\n  * [LLM Security Best Practices (VIEH Group)](https://medium.com/@viehgroup/llm-security-best-practices-af5cf9d3a668?source=rss------hacking-5)\n  * [Getting Started with AI Hacking Part 2 (BHIS)](https://www.blackhillsinfosec.com/getting-started-with-ai-hacking-part-2/)\n  * [LLM Jailbreaking: Advanced Attack Techniques (JIN)](https://ai.plainenglish.io/llm-jailbreaking-advanced-attack-techniques-and-defense-strategies-unpacked-7c17b31ff1de?source=rss------hacking-5)\n  * [LLM Pentest Agent Hacking (Blaze Infosec)](https://www.blazeinfosec.com/post/llm-pentest-agent-hacking/)\n  * [From Prompt to Pwn: How I Pen-Tested a LLM](https://abhishekml.medium.com/from-prompt-to-pwn-how-i-pen-tested-and-broke-a-llm-25471e1b22f3?source=rss------ethical_hacking-5)\n  * [Stanford's 8-Word Hack (Medium)](https://medium.com/@akshayamary/stanfords-8-word-hack-that-unlocked-ai-s-lost-creativity-fcdd8ab1e0a0?source=rss------hacking-5)\n  * [Understanding LLM Attacks and Prompt Injections](https://medium.com/@anmol.sh/hacking-ai-understanding-llm-attacks-and-prompt-injections-9354f26a8353?source=rss------bug_bounty-5)\n  * [Six Key Adversarial Attacks and Their Consequences (Mindgard)](https://mindgard.ai/blog/ai-under-attack-six-key-adversarial-attacks-and-their-consequences)\n  * [LLM Security in 2025: Risks, Examples, and Best Practices (Oligo Security)](https://www.oligo.security/academy/llm-security-in-2025-risks-examples-and-best-practices)\n  * [Securing AI/LLMs in 2025: A Practical Guide (Software Analyst)](https://softwareanalyst.substack.com/p/securing-aillms-in-2025-a-practical)\n  * [AI Under the Microscope: OWASP Top 10 for LLMs 2025 (Qualys)](https://blog.qualys.com/vulnerabilities-threat-research/2024/11/25/ai-under-the-microscope-whats-changed-in-the-owasp-top-10-for-llms-2025)\n  * [Safeguarding Generative AI LLMs and Agentic AI (ISACA)](https://www.isaca.org/resources/news-and-trends/isaca-now-blog/2025/safeguarding-the-future-strategies-for-protecting-generative-ai-llms-and-agentic-ai)\n  * [Security Roundup: Top AI Stories in 2024 (IBM)](https://www.ibm.com/think/insights/security-roundup-top-ai-stories-in-2024)\n  * [SaTML 2024 LLM CTF Write-up](https://jacoporepossi.github.io/learningq/posts/2024-06-29-satml-llm-ctf/)\n  * [CTFs on AI - Part 1: LLM Prompt Injection Attacks](https://defjm.github.io/hemb/posts/20240127_ctf-llm-part1/)\n  * [Adversarial Machine Learning (UC Berkeley CLTC)](https://cltc.berkeley.edu/aml/)\n\n\n**Darshan Naresh Naik Series:**\n\n  * [Part 2: Prompt Injection](https://medium.com/@darshannnaik1234/ai-llm-hacking-part-2-prompt-injection-13030a731e15?source=rss------hacking-5)\n  * [Part 3: Sensitive Data Disclosure](https://medium.com/@darshannnaik1234/ai-llm-hacking-part-3-sensitive-data-disclosure-5417f57b778b?source=rss------hacking-5)\n  * [Part 4: Supply Chain \u0026 Poisoning](https://medium.com/@darshannnaik1234/ai-llm-hacking-part-4-supply-chain-data-model-poisoning-vulnerabilities-4c9bcc358055?source=rss------hacking-5)\n  * [Part 6: Excessive Agency \u0026 Plugins](https://infosecwriteups.com/ai-llm-hacking-part-6-excessive-agency-insecure-plugin-6c83013c6806?source=rss------hacking-5)\n  * [Part 7: System Prompt Leakage](https://blog.gopenai.com/ai-llm-hacking-part-7-system-prompt-leakage-vector-embedding-weakness-68bca76d9dd4?source=rss------ethical_hacking-5)\n  * [Part 8: Misinformation \u0026 DoS](https://infosecwriteups.com/ai-llm-hacking-part-8-misinformation-overreliance-unbounded-consumption-mdos-model-d1cee7d625d2?source=rss------hacking-5)\n\n## Presentations \u0026 Conferences\n\n  * [DEF CON 32: Hacker vs AI perspectives from an ex spy](https://www.youtube.com/watch?v=WC-tY-gEIPc)\n  * [DEF CON 32: On Your Ocean's 11 Team, I'm the AI Guy](https://www.youtube.com/watch?v=pTSEViCwAig)\n  * [TEDx: The Rise of AI Hackbots](https://www.youtube.com/watch?v=Y_x6KXV1y_0)\n  * [YouTube: AI Hacking Resource](https://www.youtube.com/watch?v=tiwx7WPW8Jc)\n\n## Notes \u0026 Misc\n\n  * [Walkthrough: TryHackMe EvilGPT (Medium)](https://motasemhamdan.medium.com/llm-ai-hacking-how-ai-is-being-exploited-by-hackers-tryhackme-evilgpt-1-2-5fda60114a5a)\n  * [The Best AI for Ethical Hacking (Tools List)](https://systemweakness.com/the-best-ai-for-ethical-hacking-911c92de3b37?source=rss------bug_bounty-5)\n  * [Hacking with AI SASTs (Reddit Discussion)](https://ift.tt/LKo0WFS)\n  * [Awesome-AI-Security (GitHub)](https://github.com/ottosulin/awesome-ai-security)\n  * [Awesome AI for Security (GitHub)](https://github.com/AmanPriyanshu/Awesome-AI-For-Security)\n  * [Awesome AI Cybersecurity (GitHub)](https://github.com/ElNiak/awesome-ai-cybersecurity)\n  * [Awesome-AI-Security by TalEliyahu (GitHub)](https://github.com/TalEliyahu/Awesome-AI-Security)\n  * [MITRE ATLAS Framework](https://atlas.mitre.org/)\n  * [OWASP LLM Top 10](https://llmtop10.com/)\n  * [OWASP Gen AI Security Project](https://genai.owasp.org/)\n  * [Google's Secure AI Framework (SAIF)](https://cloud.google.com/security/ai)\n  * [What Are Adversarial AI Attacks? (Palo Alto Networks)](https://www.paloaltonetworks.com/cyberpedia/what-are-adversarial-attacks-on-AI-Machine-Learning)\n  * [NIST: Types of Cyberattacks That Manipulate AI Systems](https://www.nist.gov/news-events/news/2024/01/nist-identifies-types-cyberattacks-manipulate-behavior-ai-systems)\n\n## Tools \u0026 Frameworks\n\n  * [Cybersecurity AI (CAI) Framework (GitHub)](https://github.com/aliasrobotics/cai)\n  * [LLM Guard by Protect AI (GitHub)](https://github.com/protectai/llm-guard)\n  * [LlamaFirewall (GitHub)](https://github.com/llamafirewall/llamafirewall)\n  * [Garak - LLM Security Probing Tool (GitHub)](https://github.com/leondz/garak)\n  * [Llamator - LLM Vulnerability Testing Framework (GitHub)](https://github.com/llamator/llamator)\n  * [Foolbox - Adversarial Examples Toolbox (GitHub)](https://github.com/bethgelab/foolbox)\n  * [Counterfit - ML Security Assessment Tool (GitHub)](https://github.com/Azure/counterfit)\n  * [TenSEAL - Homomorphic Encryption for Tensors (GitHub)](https://github.com/OpenMined/TenSEAL)\n  * [dstack - Confidential AI Framework (GitHub)](https://github.com/dstack-group/dstack)\n  * [AI Security Analyzer (GitHub)](https://github.com/xvnpw/ai-security-analyzer)\n  * [SaTML LLM CTF Codebase (GitHub)](https://github.com/ethz-spylab/satml-llm-ctf)\n\n\u003cbr\u003e\n\u003cbr\u003e\n\n# DevSecOps\n\n## **Books \u0026 Whitepapers**\n\n**Books**\n\n  - [The DevOps Handbook: How to Create World-Class Agility, Reliability, and Security](https://www.amazon.com/DevOps-Handbook-World-Class-Reliability-Organizations/dp/1942788002)\n  - [DevSecOps: A leader’s guide to producing secure software](https://www.amazon.com/DevSecOps-producing-compromising-continuous-improvement/dp/1781335028)\n  - [Learning DevSecOps: A Practical Guide to Processes and Tools](https://www.amazon.com/Learning-DevSecOps-Practical-Guide-Processes/dp/1098144864)\n  - [Securing DevOps: Security in the Cloud](https://www.amazon.com/Securing-DevOps-Security-Julien-Vehent/dp/1617294136)\n  - [The DevSecOps Playbook: Deliver Continuous Security at Speed](https://www.amazon.com/DevSecOps-Playbook-Deliver-Continuous-Security/dp/1394169795)\n  - [Implementing DevSecOps Practices](https://www.amazon.com/Implementing-DevSecOps-Practices-Supercharge-excellence/dp/1803231491)\n  - [Hands-On Security in DevOps](https://www.amazon.com/Hands-Security-DevOps-continuous-deployment/dp/1788995503)\n  - [Container Security: Fundamental Technology Concepts](https://www.amazon.com/Container-Security-Fundamental-Technology-Containerized/dp/1492056707)\n  - [Software Supply Chain Security](https://www.amazon.com/Software-Supply-Chain-Security-End/dp/1098133706)\n  - [Security as Code: DevSecOps Patterns with AWS](https://www.amazon.com/Security-Code-DevSecOps-Patterns-AWS/dp/1492081124)\n  - [Epic Failures in DevSecOps](https://www.amazon.com/Epic-Failures-DevSecOps-Mark-Miller/dp/1728806992)\n  - [Alice and Bob Learn Application Security](https://www.wiley.com/en-gb/Alice+and+Bob+Learn+Application+Security-p-9781119687405)\n  - [Microservices Security in Action](https://www.google.com/search?q=https://www.amazon.com/Microservices-Security-Action-Prabath-Siriwardena/dp/1617295922)\n  - [DevSecOps in Oracle Cloud](https://www.oreilly.com/library/view/devsecops-in-oracle/9780138029777/)\n  - [DevSecOps for Azure](https://www.amazon.com/DevSecOps-Azure-End-end-security/dp/1837631115)\n  - [Mastering DevSecOps](https://www.amazon.com/Mastering-DevSecOps-Comprehensive-Become-Expert/dp/B0CGYQ1QCJ)\n  - [DevSecOps for .NET Core](https://www.amazon.com/DevSecOps-NET-Core-Securing-Applications/dp/1484258495)\n  - [Practical Security Automation and Testing](https://www.amazon.com/Practical-Security-Automation-Testing-techniques/dp/1789802024)\n\n**Whitepapers**\n\n  - [DoD Enterprise DevSecOps Reference Design v2.0 (PDF)](https://dodcio.defense.gov/Portals/0/Documents/Library/DevSecOpsReferenceDesign.pdf)\n  - [MITRE: DevSecOps Security Test Automation Briefing (PDF)](https://www.mitre.org/sites/default/files/2021-11/prs-19-0769-devsecops-security-test-automation-briefing.pdf)\n  - [NIST SP 800-204: Security Strategies for Microservices (PDF)](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-204.pdf)\n  - [CSA: The Six Pillars of DevSecOps](https://cloudsecurityalliance.org/artifacts/six-pillars-of-devsecops)\n  - [CSA: DevSecOps Automated Security Testing](https://www.google.com/search?q=https://cloudsecurityalliance.org/artifacts/devsecops-automated-security-testing)\n  - [Integrating Security into CI/CD Pipelines: A DevSecOps Approach with SAST, DAST, and SCA Tools (ResearchGate)](https://www.researchgate.net/publication/390459514_Integrating_Security_into_CICD_Pipelines_A_DevSecOps_Approach_with_SAST_DAST_and_SCA_Tools)\n\n## **Courses**\n\n  - [SANS SEC540: Cloud Native Security and DevSecOps Automation](https://www.sans.org/cyber-security-courses/cloud-native-security-devsecops-automation/)\n  - [Practical DevSecOps: Certified DevSecOps Professional (CDP)](https://www.practical-devsecops.com/certified-devsecops-professional/)\n  - [OffSec: DevSecOps Essentials (OS-210)](https://www.offsec.com/learning/paths/devsecops-essentials/)\n  - [Linux Foundation: Implementing DevSecOps (LFS262)](https://training.linuxfoundation.org/training/implementing-devsecops-lfs262/)\n  - [Linux Foundation: Developing Secure Software (LFD121)](https://training.linuxfoundation.org/training/developing-secure-software-lfd121/)\n  - [Coursera: IBM DevOps and Software Engineering Professional Certificate](https://www.coursera.org/professional-certificates/devops-and-software-engineering)\n  - [Coursera: Cybersecurity in the Cloud Specialization (Univ. of Minnesota)](https://www.google.com/search?q=https://www.coursera.org/specializations/cyber-security-cloud)\n  - [Udemy: DevSecOps \u0026 DevOps with Jenkins, Kubernetes, Terraform \u0026 AWS](https://www.udemy.com/course/devsecops-with-terraform-kubernetes-jenkins-aws/)\n  - [Udemy: Ultimate DevSecOps Bootcamp by School of Devops](https://www.udemy.com/course/ultimate_devsecops_bootcamp/)\n  - [Pluralsight: DevSecOps - The Big Picture](https://www.pluralsight.com/courses/devsecops-big-picture)\n  - [LinkedIn Learning: DevSecOps - Automated Security Testing](https://www.linkedin.com/learning/devsecops-automated-security-testing)\n  - [Codecademy: DevSecOps Principles](https://www.codecademy.com/learn/ext-courses/devsecops-principles-from-devops-to-devsecops)\n  - [EC-Council: Certified DevSecOps Engineer (E|CDE)](https://www.eccouncil.org/programs/certified-devsecops-engineer-ecde/)\n  - [DevOps Institute: DevSecOps Foundation (DOF)](https://www.devopsinstitute.com/certifications/devsecops-foundation/)\n  - [DevOps Institute: DevSecOps Practitioner (DOP)](https://www.devopsinstitute.com/certifications/devsecops-practitioner/)\n  - [EXIN: DevSecOps Professional](https://www.exin.com/certifications/exin-devsecops-professional-exam)\n  - [NotSoSecure: DevSecOps Training](https://notsosecure.com/security-training/devsecops-training)\n  - [Udemy: DevSecOps - Kubernetes DevOps \u0026 Security](https://www.udemy.com/course/kubernetes-devsecops/)\n  - [IGM Guru: DevSecOps Training with Certification](https://www.igmguru.com/cloud-computing/devsecops-training)\n  - [Security Compass: DevSecOps Training](https://www.securitycompass.com/blog/top-devsecops-training-courses/)\n\n## **Labs**\n\n  - [TryHackMe: DevSecOps Path](https://tryhackme.com/path/outline/devsecops)\n  - [OWASP Juice Shop](https://owasp.org/www-project-juice-shop/)\n  - [Kontra: DevSecOps Interactive Training](https://application.security/free-application-security-training)\n  - [SecureFlag](https://www.secureflag.com/)\n  - [Punk Security DevSecOps CTF](https://punksecurity.co.uk/ctf/2024/)\n  - [DevSecOps Home Lab (DevSecBlueprint)](https://www.devsecblueprint.com/projects/devsecops-home-lab/)\n  - [Practical DevSecOps Platform Labs](https://portal.practical-devsecops.training/)\n  - [OWASP WebGoat](https://owasp.org/www-project-webgoat/)\n  - [DVWA (Damn Vulnerable Web Application)](https://github.com/digininja/DVWA)\n  - [Kubernetes Goat](https://github.com/madhuakula/kubernetes-goat)\n  - [CI/CD Goat](https://github.com/cider-security-research/cicd-goat)\n\n## **Blogs \u0026 Series**\n\n  - [Red Hat Developer: DevSecOps Topics \u0026 Resources](https://developers.redhat.com/topics/devsecops#devsecops)\n  - [RSA Conference Blog: Combining DAST with SAST for Holistic Coverage](https://www.rsaconference.com/library/blog/combining-dast-with-sast-for-holistic-application-security-coverage)\n  - [AWS Security Blog](https://aws.amazon.com/blogs/security/)\n  - [Google Cloud Security Blog](https://cloud.google.com/blog/products/identity-security)\n  - [GitLab Blog: DevSecOps](https://about.gitlab.com/blog/categories/devsecops/)\n  - [Snyk Blog](https://snyk.io/blog/)\n  - [Practical DevSecOps: Top 15 DevSecOps Best Practices for 2025](https://www.practical-devsecops.com/devsecops-best-practices/)\n  - [GeeksforGeeks: 10 DevSecOps Best Practices for 2025](https://www.geeksforgeeks.org/devops/devsecops-best-practices/)\n  - [Pynt.io: DevSecOps Principles, Tools, and Best Practices [2025 Guide]](https://www.pynt.io/learning-hub/devsecops/devsecops-principles-tools-and-best-practices-2025-guide)\n  - [Codefresh: Top 10 DevSecOps Best Practices for 2025](https://codefresh.io/learn/devsecops/devsecops-best-practices/)\n  - [Check Point: Top 10 DevSecOps Best Practices](https://www.checkpoint.com/cyber-hub/cloud-security/devsecops/10-devsecops-best-practices/)\n  - [Tigera: 5 DevSecOps Best Practices You Must Implement](https://www.tigera.io/learn/guides/devsecops/devsecops-best-practices/)\n  - [DevSecOps Guides: Simple Guide for Development and Operation](https://www.devsecopsguides.com/)\n  - [ChaosSearch: 5 DevSecOps Checklists for Advanced Techniques in 2025](https://www.chaossearch.io/blog/checklists-for-advanced-devsecops-techniques)\n  - [AWS DevOps Blog: Building End-to-End AWS DevSecOps CI/CD Pipeline](https://aws.amazon.com/blogs/devops/building-end-to-end-aws-devsecops-ci-cd-pipeline-with-open-source-sca-sast-and-dast-tools/)\n  - [Medium: Mastering DevSecOps - Building a Secure End-to-End Pipeline](https://medium.com/@mayankarya837/mastering-devsecops-building-a-secure-end-to-end-modern-pipeline-security-with-sast-dast-sca-4469117cd5c2)\n  - [Wiz Academy: 11 DevSecOps Tools and Top Use Cases in 2025](https://www.wiz.io/academy/devsecops-tools)\n  - [StationX: 25 Top DevSecOps Tools - Ultimate Guide for 2025](https://www.stationx.net/top-devsecops-tools/)\n  - [Codefresh: 15 DevSecOps Tools to Know in 2025](https://codefresh.io/learn/devsecops/15-devsecops-tools-to-know-in-2025/)\n  - [Spacelift: 21 Best DevSecOps Tools and Platforms for 2025](https://spacelift.io/blog/devsecops-tools)\n  - [Atlassian: DevSecOps Tools Guide](https://www.atlassian.com/devops/devops-tools/devsecops-tools)\n  - [Escape: Top 10 DAST Tools for DevSecOps - Tested in CI/CD (2025)](https://escape.tech/blog/top-dast-tools/)\n  - [Jit: Top 10 DAST Tools for 2025](https://www.jit.io/resources/appsec-tools/top-dast-tools-for-2024)\n  - [Kiuwan: Application Security Tools Comparison](https://www.kiuwan.com/blog/application-security-tools-comparison/)\n  - [TechTarget: Compare SAST vs. DAST vs. SCA for DevSecOps](https://www.techtarget.com/searchsecurity/tip/Understanding-3-key-automated-DevSecOps-tools)\n\n## **Presentations \u0026 Conferences**\n\n  - [Black Hat USA 2019: DevSecOps - What, Why, And How (PDF)](https://i.blackhat.com/USA-19/Thursday/us-19-Shrivastava-DevSecOps-What-Why-And-How.pdf)\n  - [RSAC 2025: DevSecOps Revolution - Unleashing Generative AI](https://www.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzeyad-azima%2Foffensive-resources","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fzeyad-azima%2Foffensive-resources","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzeyad-azima%2Foffensive-resources/lists"}