Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/husnainfareed/awesome-ethical-hacking-resources

😎 πŸ”— Awesome list about all kinds of resources for learning Ethical Hacking and Penetration Testing.
https://github.com/husnainfareed/awesome-ethical-hacking-resources

List: awesome-ethical-hacking-resources

awesome awesome-list ctf ethical-hacking hacking hacking-resources hacktoberfest learning-hacking owasp penetration-testing resources vulnerable-applications web-hacking

Last synced: 1 day ago
JSON representation

😎 πŸ”— Awesome list about all kinds of resources for learning Ethical Hacking and Penetration Testing.

Awesome Lists containing this project

README

        

# Awesome Resources For Learning Ethical Hacking & Pentesting ⚑️ [![Awesome](https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg)](https://github.com/sindresorhus/awesome) ![Awesome Hacking](https://img.shields.io/badge/awesome-hacking-red.svg) ![Awesome community](https://img.shields.io/badge/awesome-community-green.svg)

What I’m sharing here is a collection of some best resources about Hacking & Penetration Testing to make you learn faster! Let's make it the best resource repository for our community.

## Contents

- [Books](#books)
- [Online ](#online)
- [Offline](#offline)
- [Vulnerable Machines and Websites](#Vulnerable-machines-and-websites)
- [Vulnerability Databases And Resources](#vulnerability-databases-and-resources)
- [Malware Analysis](#malware-analysis)
- [Linux Penetration Testing OS](#linux-penetration-testing-os)
- [Courses](#courses)
- [Workshop Playlists](#workshop-playlists)
- [Security Talks and Conferences](#security-talks-and-conferences)
- [YouTube Channels](#youtube-channels)
- [Forums](#forums)

**You are welcome to fork and contribute.**

**Also you can find my writeups/tutorials on medium: @hussnainfareed :)**

## Books

1. The Hacker Playbook 2: Practical Guide To Penetration Testing
2. The Basics of Hacking and Penetration Testing, Second Edition: Ethical Hacking and Penetration Testing Made Easy
3. Breaking into Information Security: Learning the Ropes 101
4. Penetration Testing: A Hands-On Introduction to Hacking
5. Social Engineering: The Art of Human Hacking
6. Hacking: The Art of Exploitation, 2nd Edition
7. Web Hacking 101
8. OWASP Testing Guide (A must-read for web application developers and penetration testers)
9. The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws
10. The Basics of Web Hacking: Tools and Techniques to Attack the Web

## Learning Platforms to Sharpen Your Skills

### Online
Name | Description
---- | ----
[CTF Hacker101](https://ctf.hacker101.com/) | The Hacker101 CTF is a game designed to let you learn to hack in a safe, rewarding environment. Hacker101 is a free educational site for hackers.
[Hack The Box :: Penetration Testing Labs](https://www.hackthebox.eu) | An online platform to test and advance your skills in penetration testing and cyber security. Join today and start training in our online labs.
[TryHackMe](https://tryhackme.com) | TryHackMe is an online platform that teaches cyber security through short, gamified real-world labs.
[CTF365](https://ctf365.com/) | An account-based ctf site, awarded by Kaspersky, MIT, and T-Mobile.
[Backdoor](https://backdoor.sdslabs.co) | Pen testing labs that have a space for beginners, a practice arena, and various competitions, account required.
[Hack.me](https://hack.me/) | Lets you build/host/attack vulnerable web apps.
[CTFLearn](https://ctflearn.com/) | An account-based ctf site, where users can go in and solve a range of challenges.
[OWASP Vulnerable Web Applications Directory Project (Online)](https://www.owasp.org/index.php/OWASP_Vulnerable_Web_Applications_Directory_Project#tab=On-Line_apps) | List of online available vulnerable applications for learning purposes.
[Pentestit labs](https://lab.pentestit.ru) | Hands-on Pentesting Labs (OSCP style)
[Root-me.org](https://www.root-me.org) | Hundreds of challenges are available to train yourself in different and not simulated environments
[Vulnhub.com](https://www.vulnhub.com) | Vulnerable By Design VMs for practical 'hands-on' experience in digital security
[Windows / Linux Local Privilege Escalation Workshop](https://github.com/sagishahar/lpeworkshop) | Practice your Linux and Windows privilege escalation.
[Hacking Articles](http://www.hackingarticles.in/ctf-challenges1/) | CTF Brief Write-up collection with a lot of screenshots good for beginners.
[Rafay Hacking Articles, a great blog](http://www.rafayhackingarticles.net/) | Write up collections by Rafay Baloch.
[PentesterLab](https://pentesterlab.com/) | 20$ signature, complete content basic to write exploits, web, android.
[CyberSec WTF](https://cybersecurity.wtf/)| Emulated web pentesting challenges from bounty write-ups
[Pentest-Ground](https://pentest-ground.com/) | Pentest Ground is a free playground with deliberately vulnerable web applications and network services.
[pwn.guide](https://pwn.guide/) | A cybersecurity education website, offering about 100 tutorials, ranging from web, wireless... hacking to defense tutorials & forensics. Offers free plan.

### Off-Line
Name | Description
---- | ----
[Damn Vulnerable Xebia Training Environment](https://github.com/davevs/dvxte) | Docker Container including several vulnerable web applications (DVWA, DVWServices, DVWSockets, WebGoat, Juiceshop, Railsgoat, django.NV, Buggy Bank, Mutilidae II and more)
[OWASP Vulnerable Web Applications Directory Project (Offline)](https://www.owasp.org/index.php/OWASP_Vulnerable_Web_Applications_Directory_Project#tab=Off-Line_apps) | List of offline available vulnerable applications for learning purposes

## Vulnerable Machines/Websites

1. [FiringRange](https://public-firing-range.appspot.com/)

## Vulnerability Databases And Resources

Vulnerability Databases are the first place to start your day as a security professional. Any new vulnerability detection is generally available through the public vulnerability databases. These databases are a big source of information for hackers to be able to understand and exploit/avoid/fix the vulnerability.

* http://www.exploit-db.com/
* http://1337day.com/
* http://securityvulns.com/
* http://www.securityfocus.com/
* http://www.osvdb.org/
* http://www.securiteam.com/
* http://secunia.com/advisories/
* http://insecure.org/sploits_all.html
* http://zerodayinitiative.com/advisories/published/
* http://nmrc.org/pub/index.html
* http://web.nvd.nist.gov
* http://www.vupen.com/english/security-advisories/
* http://www.vupen.com/blog/
* http://cvedetails.com/
* http://www.rapid7.com/vulndb/index.jsp
* http://oval.mitre.org/
* http://sploitus.com/
* http://cxsecurity.com/

### Malware Analysis
Name | Description
---- | ----
[Malware traffic analysis](http://www.malware-traffic-analysis.net/) | list of traffic analysis exercises
[Malware Analysis - CSCI 4976](https://github.com/RPISEC/Malware/blob/master/README.md) | another class from the folks at RPISEC, quality content
[Bad Binaries] (https://www.badbinaries.com/) | walkthrough documents of malware traffic analysis exercises and some occasional malware analysis.

### Linux Penetration Testing OS
Name | Description
---- | -----
[Kali](http://kali.org/) | the infamous pen-testing distro from the folks at Offensive Security
[Parrot ](https://www.parrotsec.org/) | Debian includes a full portable lab for security, DFIR, and development
[Android Tamer](https://androidtamer.com//) | Android Tamer is a Virtual / Live Platform for Android Security professionals.
[BlackArch](https://blackarch.org/index.html) | Arch Linux-based pentesting distro, compatible with Arch installs
[LionSec Linux](https://lionsec-linux.org/) | pentesting OS based on Ubuntu

## Courses

1. [Computer Systems Security, MIT](https://ocw.mit.edu/courses/6-858-computer-systems-security-fall-2014/)
2. [cisco's cources](https://www.netacad.com/courses/cybersecurity)
3.[cybrary](https://www.cybrary.it/catalog/cybersecurity/)
4.[hackers academy](https://hackersacademy.com/)

For those who want to do CEH, the following links are for you.
2. [CBT Nuggets CEH Training](http://goo.gl/JuW85U)
3. [CEH Books](https://goo.gl/gjCBLK)
4. [Guide to Binary Exploitation](https://github.com/r0hi7/binexp)

## Workshops/Playlists

1. [Web Hacking](https://www.youtube.com/playlist?list=PLJM73L2pQRd4lXBZjsHAmeEqsn5pENXxN)
2. [Ethical Hacking, A Comprehensive Playlist covering almost everything](https://www.youtube.com/playlist?list=PLkRo97mCIn9lgvE7AskNsmwJVOlJX2zaI)

## Security Talks and Conferences

1. [InfoCon - Hacking Conference Archive](https://infocon.org/cons/)
2. [Curated list of Security Talks and Videos](https://github.com/PaulSec/awesome-sec-talks)
3. [Blackhat](https://www.youtube.com/user/BlackHatOfficialYT)
4. [Defcon](https://www.youtube.com/user/DEFCONConference)
5. [Security Tube](http://www.securitytube.net/)
6. [Kevin Mitnick: Live Hack at CeBIT](https://www.youtube.com/watch?v=Q7G3kKRdUl4)
7. [Ghost in the Cloud, Kevin Mitnick](https://www.youtube.com/watch?v=76yrWGzScgI)
8. [Kevin Mitnick | Talks at Google](https://www.youtube.com/watch?v=aUqes9QdLQ4)
9. [Complete Free Hacking Course: Go from Beginner to Expert Hacker Today](https://www.youtube.com/watch?v=7nF2BAfWUEg)

## YouTube Channels

Now let’s get Towards YouTube Channel Links... These Channels are Shared By Hackers where They Upload their Video POCs.. Watching them u can actually understand how to demonstrate these types of attacks...

1. [LiveOverflow](https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w)
2. [Black Hat](https://www.youtube.com/channel/UCJ6q9Ie29ajGqKApbLqfBOg)
3. [Injector Pca](https://www.youtube.com/channel/UCRFG_j0cgLWtJOG6fl_-rxQ)
4. [Hisham Mir](https://www.youtube.com/channel/UCYTK8lk8oLLaA330rqd0qgA)
5. [Devil Killer](https://www.youtube.com/channel/UCwfYw-C2xqemqrXq0IKF_Mg)
6. [Suleman Malik](https://www.youtube.com/channel/UC59IHQcCmgNw4GIvsXeLnDQ)
7. [Dem0n](https://www.youtube.com/channel/UC_jNs1biBixcQeSUoJxvNLw)
8. [Frans RosΓ©n](https://www.youtube.com/channel/UCV89UhUtxqwP0j4o9tMipsA)
9. [HackerOne](https://www.youtube.com/channel/UCsgzmECky2Q9lQMWzDwMhYw)
10. [ak1t4 machine](https://www.youtube.com/channel/UCaftcKRiJJW0AJHmR1E5MAQ)
11. [Shawar Khan](https://www.youtube.com/channel/UCPxJLZCoIRJHs1VebWeaByA)
12. [vulnerability0lab](https://www.youtube.com/channel/UC4QJ7X4nnkAYXsnFQpdytcA)
13. [Bugcrowd](https://www.youtube.com/channel/UCo1NHk_bgbAbDBc4JinrXww)
14. [Vijay Kumar](https://www.youtube.com/channel/UCs2NmJGRecw_huNzvQNf2_A)
15. [Web Development Tutorials](https://www.youtube.com/channel/UCS0y5e-AMsZO8GEFtKBAzkA)
16. [Jan Wikholm](https://www.youtube.com/channel/UCOQtLXVJduZ4-YUFOi5EzIA)
17. [Bhargav Tandel](https://www.youtube.com/channel/UCh5MTJLt3LYr_rkwcOQJNWg)
18. [ErrOr SquaD](https://www.youtube.com/channel/UCou-7r8Mk4oQcBmazxp5uwg)
19. [SecurityIdiots](https://www.youtube.com/channel/UCPPAYs04kwfXcHnerm_ueFw)
20. [Penetration Testing in Linux](https://www.youtube.com/channel/UC286ntgASMskhPIJQebJVvA)
21. [Hussnain Fareed](https://www.youtube.com/channel/UCbq5fgcqUz-PlMs3RCOUrXw)
22. [Null Byte](https://www.youtube.com/channel/UCgTNupxATBfWmfehv21ym-g)
23. [ZAID](https://www.youtube.com/user/zaidsabeeh)
24. [vabs tutorial](https://www.youtube.com/channel/UCa0wCQEB8CRKzjJV2GZ_EzA)
25. [the cyber mentor](https://www.youtube.com/channel/UC0ArlFuFYMpEewyRBzdLHiw)
26. [PwnFunction](https://www.youtube.com/channel/UCW6MNdOsqv2E9AjQkv9we7A)
27. [GetCyber](https://www.youtube.com/@GetCyber/videos)
28. [Loi Liang Yang](https://www.youtube.com/@LoiLiangYang)

Any Channel Link Missing? Kindly add it in the Comments

### Forums
Name | Description
---- | ----
[0x00sec](https://0x00sec.org/) | hacker, malware, computer engineering, Reverse engineering
[Antichat](https://forum.antichat.ru/) | russian based forum
[CODEBY.NET](https://codeby.net/) | hacker, WAPT, malware, computer engineering, Reverse engineering, forensics - russian based forum
[EAST Exploit database](http://eastexploits.com/) | exploit DB for commercial exploits written for EAST Pentest Framework
[Greysec](https://greysec.net) | hacking and security forum
[Hackforums](https://hackforums.net/) | posting webstite for hacks/exploits/various discussion

### Contribution
Your contributions and suggestions are heartily welcome. ([emoji key](https://allcontributors.org/docs/en/emoji-key))

# NOTE:
All references are taken from the Internet and shared on the Internet xD Thanks to those who shared their opinion before that helped me learn πŸ˜‰
if you have any questions, please ask in the comments. If you know about any good resource for beginners, please share it here.