awesome-nicc
Resources at NICC
https://github.com/NJITICC/awesome-nicc
Last synced: 1 day ago
JSON representation
-
Certifications
-
The Master List of External Learning Resources
-
-
Videos
-
The Master List of External Learning Resources
-
-
Entries
-
Training
- DNS Remote Code Execution - Video series exploiting WAN vulnerabilities in network devices. `` ``
- 10 Types of Application Security Testing Tools - List of different application security testing tools and methods. `` `Web App`
- A Graduate Course in Applied Cryptography Book - \"Throughout the book we present many case studies to survey how deployed systems operate. We describe common mistakes to avoid as well as attacks on real-world systems that illustrate the importance of rigor in cryptography.\"<br><br>By Dan Boneh and Victor Shoup. `` `Book`
- Antisyphon Training - Approachable, accessible, and affordable public and private training. `Proprietary/Freemium` `Web App`
- Awesome CTF - \"A curated list of Capture The Flag (CTF) frameworks, libraries, resources, softwares and tutorials.\" `CC0-1.0` `Web App`
- Clark - Largest platform for building and sharing free cybersecurity curriculum. `Proprietary/Freeware` `Web App`
- Codecademy Cybersecurity - Contains multiple cybersecurity focused courses. `Proprietary/Freemium` `Web App`
- Competitive Programmer’s Handbook - \"The purpose of this book is to give you a thorough introduction to competitive programming.\"<br><br>By Antti Laaksonen. `` `Book`
- Computer Systems Security: Planning For Success - \"The text, labs, and review questions in this book are designed as an introduction to the applied topic of computer security.\"<br><br>By Ryan Tolboom. `CC-BY-NC-SA-4.0` `Web App/Book`
- ForeverCTF - CTF that is up indefinitely for practice. `Proprietary/Freeware` `Web App`
- GCA Cybersecurity Toolkit - A toolkit to help improve your personal cyber hygiene. `Proprietary/Freeware` `Web App`
- Google Dorking Tutorial - Tutorial on Google "dorking" which is the art of using search operators to find what you want. `Proprietary/Freeware` `Web App`
- HackTricks - Collection of hacking tricks: e.g reverse shells, encoded text for web, etc. ([Source Code](https://github.com/HackTricks-wiki/hacktricks)) `CC-BY-NC-4.0` `Web App`
- How To Secure A Linux Server - \"An evolving how-to guide for securing a Linux server.\" `CC-BY-SA-4.0` ``
- Kontra Application Security Training - Interactive application security training. `Proprietary/Freemium` `Web App`
- Kurose/Ross Networking Book - Material on understanding computer networks.<br><br>By Jim Kurose and Keith Ross. `Proprietary/Freeware` `Web App/Book`
- learnpython.org - Python references and tutorials. ([Source Code](https://github.com/jsonwebtoken/jsonwebtoken.github.io)) `Proprietary/Freeware` `Web App`
- Linux auditd for Threat Detection - Blog post on configuring auditd on Linux systems. `` `Web App/Book`
- Metasploitable - \"Metasploitable is an intentionally vulnerable Linux virtual machine.\" ([Source Code](https://sourceforge.net/projects/metasploitable)) `BSD/GPL-2.0` `Linux`
- CISA National Initiative for Cybersecurity Careers and Studies - \"NICCS is the premier online resource for cybersecurity training, education, and career information.\" `Proprietary/Freeware` `Web App`
- Payloads All The Things - \"A list of useful payloads and bypasses for Web Application Security.\" ([Source Code](https://github.com/swisskyrepo/PayloadsAllTheThings)) `MIT` `Web App`
- picoGym - CTF that is up indefinitely for practice. ([Source Code](https://salsa.debian.org/pkg-security-team/dirb)) `Proprietary/Freeware` `Web App`
- Snyk CTF 101 Workshop - \"Check out this hands-on, virtual workshop to learn how to solve Capture the Flag (CTF) challenges, including pwn and web. After the workshop, you'll have the security skills and experience to compete in CTFs.\" `Proprietary/Freeware` `Web App`
- Antisyphon Training - Approachable, accessible, and affordable public and private training. `Proprietary/Freemium` `Web App`
-
Cracking
-
Crypto
- F00L.DE - Collection of miscellaneous tools such as vigenere cipher cracking, file analysis, etc. `Freeware/Source Given with No License` `Web App/Windows/Mac/Linux`
-
Employment
- cloudtango - Catalog of MSPs (managed service providers). `Proprietary/Freeware` `Web App`
- FederalPay.org - \"We are a non-governmental information portal built by federal employees, for federal employees.\" `Proprietary/Freeware` `Web App`
- Hiration - Cover letter and resume builder. `Proprietary/Freeware` `Web App`
- Zerodium - Bug bounty program. `` ``
-
Exploitation
- Payloads All The PDFs - \"A list of crafted malicious PDF files to test the security of PDF readers and tools.\" `Apache-2.0` ``
-
Forensics
- binwalk - Binwalk is a fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images. `MIT` `Mac/Linux`
- gpp-decrypt - Ruby script used to decrypt Microsoft Group Policy preferences strings. Included in Kali by default. ([Source Code](https://gitlab.com/kalilinux/packages/gpp-decrypt)) `Freeware/Source Given with No License` `Windows/Mac/Linux`
- Microsoft Security Complaince Toolkit - \"Policy Analyzer is a utility for analyzing and comparing sets of Group Policy Objects (GPOs). It can highlight when a set of Group Policies has redundant settings or internal inconsistencies, and can highlight the differences between versions or sets of Group Policies.\" `Proprietary/Freeware` `Windows`
- PSBits Offline GPO Analysis - Analyze Microsoft Group Policy files offline. `Unlicense` `Windows`
-
Networking
- AC Hunter - Tool for network C2 monitoring. `Proprietary/Freemium` `Linux`
- NetworkMiner - NetworkMiner is an open source network forensics tool that extracts artifacts, such as files, images, emails and passwords, from captured network traffic in PCAP files. ([Source Code](https://www.netresec.com/?page=NetworkMinerSourceCode)) `GPL-2.0` `Windows/Linux`
- Snort - IDS/IPS that does packet monitoring and logging based on rules. ([Source Code](https://github.com/snort3/snort3)) `GPL-2.0` `Windows/Linux`
-
Operating System
-
OSINT
- OSINT Techniques Book - \"Resources for Uncovering Online Information\"<br><br>By Michael Bazzell. `` `Book`
-
Programming
- Spectra Assure Community - \"Spectra Assure Community monitors open source packages to identify malware, code tampering and indicators of software supply chain attacks.\" `Proprietary/Freemium` `Web App`
- Spectra Assure Community - \"Spectra Assure Community monitors open source packages to identify malware, code tampering and indicators of software supply chain attacks.\" `Proprietary/Freemium` `Web App`
-
Pwn
- Metasploit - \"The world’s most used penetration testing framework.\" ([Source Code](https://github.com/rapid7/metasploit-framework)) `BSD-3-Clause` `Windows/Mac/Linux`
- Pwntools - Pwntools is a python ctf library designed for rapid exploit development. `Multiple Licenses` `Mac/Linux`
-
Rev
-
Scholarship
- National Cyber Scholarship Foundation - \"National Cyber Scholarship Foundation (NCSF) has launched a national initiative to identify and develop a new generation of Cyber Stars.\" `` ``
- NJIT Secure Computing Initiative - \"The NJIT Secure Computing Initiative (SCI) seeks to award scholarships as part of the CyberCorps® Scholarship for Service (SFS) program.\" `` ``
-
Steg
- steganography
- Aperisolve - Steganography analysis for multiple tools combined into one. ([Source Code](https://github.com/Zeecka/AperiSolve)) `Freeware/Source Given with No License` `Web App`
- Deepsound - Hides files within audio. `Freeware/Source Given with No License` `Windows`
- OpenStego - Stegonography application for data hiding and watermarking. ([Source Code](https://github.com/syvaidya/openstego)) `GPL-2.0` `Windows/Mac/Linux`
- OutGuess - \"Outguess is a universal steganographic tool that allows the insertion of hidden information into the redundant bits of data sources.\" `BSD-4-Clause` `Linux`
- QRazyBox - \"QR Code Analysis and Recovery Toolkit\" ([Source Code](https://github.com/merricx/qrazybox)) `MIT` `Web App`
- Stegdetect - Abandoned tool for detecting steganographic content in images. `BSD-4-Clause` `Linux`
- StegOnline - Online Image Steganography Tool for Embedding and Extracting data through LSB techniques. ([Source Code](https://github.com/Ge0rg3/StegOnline)) `WTFPL` `Web App`
-
Sysadmin
- Awesome Selfhosted - \"This is a list of Free Software network services and web applications which can be hosted on your own server(s)..\" ([Source Code](https://github.com/awesome-selfhosted/awesome-selfhosted)) `CC-BY-SA-3.0` `Web App`
- NetBox - Network engineer tool for IPAM, provisioning, routing, diagrams, etc. ([Source Code](https://github.com/netbox-community/netbox)) `Apache-2.0` `Linux`
-
Competition
- Secure the Future - Palo Alto Network's academic cybersecurity competition. `` ``
- NCAE CyberGames - \"NCAE Cyber Games is dedicated to inspiring college students to enter the exciting (and sometimes profitable!) realm of cyber competitions.\" `` ``
-
Web
- BurpSuite - For pentesting web applications. Can replay and modify requests, fuzz request values, proxy between the browser and site, etc. `Proprietary/Freemium` `Windows/Mac/Linux`
- Dirb - Dictionary scan of web servers. `GPL-2.0` `Linux`
- Enum_AzureSubdomains - \"A Metasploit Auxiliary module for enumerating public Azure services by locating valid subdomains through various DNS queries.\" `Freeware/Source Given with No License` `Windows/Mac/Linux`
- Evilginx - \"Evilginx is a man-in-the-middle attack framework used for phishing login credentials along with session cookies, which in turn allows to bypass 2-factor authentication protection.\" `BSD-3-Clause` `Windows/Mac/Linux`
- HackThisSite - \"HackThisSite.org is a free, safe and legal training ground for hackers to test and expand their ethical hacking skills with challenges, CTFs, and more.\" `Proprietary/Freeware` `Web App`
- sig2n - Python scripts to perform JWT algorithm confusion.<br><br>Usage instructions from PortSwigger [here](https://portswigger.net/web-security/jwt/algorithm-confusion#:~:text=via%20algorithm%20confusion-,Deriving%20public%20keys%20from%20existing%20tokens,-In%20cases%20where). ([Source Code](https://github.com/silentsignal/rsa_sign2n)) `GPL-3.0` `Windows/Mac/Linux`
- here - 3.0` `Windows/Mac/Linux`
-
-
List of Licenses
-
Web
- BSD Zero-Clause Licence
- Attribution Assurance License
- GNU Affero General Public License 3.0
- Apache, Version 2.0
- Apple Public Source License, Version 2.0
- Artistic License Version 2.0
- Beerware License
- BSD 2-clause "Simplified"
- BSD 2-Clause FreeBSD License
- BSD 3-Clause "New" or "Revised"
- BSD with attribution
- BSD 4-clause "Original"
- Creative Commons Attribution-NonCommercial 4.0 License
- Creative Commons Attribution-NonCommercial-ShareAlike 4.0 License
- Creative Commons Attribution-ShareAlike 3.0 License
- Creative Commons Attribution-ShareAlike 4.0 License
- Public Domain/Creative Common Zero 1.0
- Common Development and Distribution License
- CEA CNRS INRIA Logiciel Libre
- Common Public Attribution License Version 1.0
- Educational Community License, Version 2.0
- Eclipse Public License, Version 1.0
- Eclipse Public License, Version 2.0
- European Union Public License 1.2
- Freemium (Free to use in some capacity but has paid upgrades)
- Freeware (Free to use)
- GNU General Public License 1.0
- GNU General Public License 2.0
- GNU General Public License 3.0
- IBM Public License
- Internet Systems Consortium License
- Lesser General Public License 2.1
- Lesser General Public License 3.0
- MIT License
- Mozilla Public License Version 1.1
- Mozilla Public License
- Multiple Licenses (for entries such as Linux distros which contain many programs)
- Nmap Public Source License
- Open Software License 3.0
- Proprietary (closed source)
- Sendmail License
- Source Given with No License
- Ruby License
- The Unlicense
- Do What the Fuck You Want to Public License
- Zlib/libpng License
- Zope Public License 2.0
-
-
Contributing
-
Web
-
-
Unsorted and maybe duplicates
-
The Master List of External Learning Resources
-
Programming Languages
Categories
Sub Categories
Keywords
security
4
c-sharp
2
ctf
2
pentesting
2
pentest
2
penetration-testing
2
linux
2
bsd
1
capture-the-flag
1
ctf-framework
1
defcon
1
exploit
1
pwnable
1
pwntools
1
python
1
python2
1
python3
1
rop
1
shellcode
1
shellcode-development
1
shellcoding
1
wargame
1
decompile
1
decompiler
1
dictionary-attack
1
password
1
password-strength
1
weak-passwords
1
wordlist
1
wordlist-generator
1
brute-force
1
brute-force-attacks
1
brute-force-passwords
1
bruteforce
1
bruteforce-attacks
1
bruteforcer
1
bruteforcing
1
hydra
1
network-security
1
password-cracker
1
password-cracking
1
pentest-tool
1
thc
1
web-pentest
1
web-security
1
linux-server
1
security-hardening
1
server
1
bounty
1
bugbounty
1