黑客学习资源汇总-渗透测试项目学习资料

黑客学习资源汇总-渗透测试项目学习资料

黑客学习资源汇总

黑客学习资源汇总

目录

学习的技巧 黑客学习资源汇总

姓名描述
badbinaries.com一个简单的质量文档和笔记opendir对各种安全议题充满恶意软件良好的演练交通分析和系统管理员的东西。
642计算机的安全:介绍的CS学术内容,全学期的课程,包括指定的读物,为开发实例作业和GitHub的裁判。没有视频讲座。
百库Coursera风格的网站,很多用户贡献的内容,要求,内容可由经验水平过滤
免费的网络安全培训学术内容,8全课程从一个古怪的导师山姆的视频,链接的研究,该材料和其他推荐的培训/学习
免费的互动实验室的白帽子学院32个实验室,易帐户登录在GitHub的凭据
Hak5视频播客风格涵盖各种主题,有一个论坛,“Metasploit分钟”系列视频可能是有用的
学习计算机安全2.0开发进攻博客式的教学,包括:幻灯片、视频、作业、讨论。无需登录。
思维导图信息安全相关的Mind Maps
MIT OCW 6.858计算机系统安全学术内容,精心组织,全学期的课程,包括指定的课外读物、讲座、录像、要求的实验室文件。
offensivecomputersecurity学术内容,全学期的课程包括讲座视频与幻灯片和27指定阅读资料
OWASP 10大Web安全风险免费课件,需要考虑
securitytube管式的内容,“引物”视频,涵盖各种主题,现场没有可读的内容。
种子实验室学术内容,条理清晰,具有实验室视频,任务,需要的代码文件,及推荐读物

YouTube频道 黑客学习资源汇总

姓名描述
通过在安全0patch一些视频,很短,具体到0patch
黑帽会谈在黑帽会议在世界各地
christiaan008主机的各种安全主题的各种视频,混乱
公司
Detectify很短的视频,旨在展示如何使用detictify扫描仪
Hak5看到Hak5以上
卡巴斯基实验室卡巴斯基茂德很多网络安全,一些隐藏的宝石
Metasploit中等长度的Metasploit演示收集,~ 25minutes各教学
ntop网络监控,数据分析,教学
nvisium一些nvisum茂德,少数教学系列导轨vulns和网络黑客
opennsm网络分析,tcpdump很多的录像,教学,
OWASP看到OWASP以上
rapid7简短的视频,宣传和指导,~五分钟
简短的视频,访谈,讨论各种网络安全问题
段安全宣传视频,非教学
socialengineerorg播客风格、教学、冗长的内容~每1小时
Sonatype随机视频很多,一个好的集群的DevOps相关内容,长度范围大,混乱
SophosLabs很多简短的新闻式的内容,“七宗这罪”段注
Sourcefire简短的视频内容覆盖了很多像僵尸网络的DDoS ~五分钟,
站X一些简短的视频,杂乱无章,不定期的内容更新
SYNACK随机型disorganized,新闻,视频,非教学
TippingPoint的Zero Day Initiative非常简短的视频~ 30秒,有些教学
Tripwire公司一些绊演示,和随机的新闻风格的视频,非教学
文森特耀从一个黑客的视频部分,教学
会议黑客学习资源汇总
44contv总部位于伦敦的信息安全,漫长的教学视频
brucon Security Conference安全和黑客会议基于B \比利时,冗长的instructinoal很多的录像
同时曼彻斯特安全和黑客展立足Mancheseter,冗长的视频很多
bsidesaugusta总部设在奥古斯塔,格鲁吉亚的安全,许多冗长的教学视频
carolinacon总部在北卡罗莱纳的安全,各种2600章有关,冗长的教学内容很多
科特约翰逊一些冗长的CON式会谈黑客安全opensec 2017
devseccondevsecops lenghty CON视频覆盖,使软件更安全
garage4hackers -信息安全一些冗长的视频,有关部门缺乏描述
Hackaday随机技术含量很多,没有严格的信息安全,一些教学
骇客安全大会冗长的CON式教学对话从国际安全
黑客在巴黎总部在巴黎的安全,教学对话的功能很多,它可以是很难看到。
hacklu冗长的CON风格教学视频很多
Hacktivity中/东欧和许多冗长的骗局式的教学视频
hardwear.io冗长的骗局式的视频把,硬件黑客的重点
IEEE安全与隐私会议从会议内容IEEE是一个美国的专业协会,他们还出版各种期刊
lascon冗长的CON风格从奥斯丁举行会谈,OWASP TX
马库斯niemietz教学内容丰富,与hackpra,从德国的一所攻击的安全课程
media.ccc.de的混沌计算机俱乐部的官方渠道,由CCC VOC -冗长的CON式视频吨
northsec冗长的CON式会谈从应用安全会议在加拿大举行
煎饼nopcode对radare2专家Sergi“煎饼”的阿尔瓦雷斯海峡,逆向工程的内容
psiinon中等长度的教学视频,为OWASP Zed攻击代理
州立圣何塞大学信息安全圣何塞州立大学信息安全教学视频把冗长的
secappdev.org冗长的教学讲座安全应用开发吨
安全节中等长度的控制方式从安全节在瑞典会谈
securitytubecons欺诈式会谈从各种缺点包括黑帽和shmoocon分类
toorcon中等长度的handful of based in的视频与来自圣地亚哥,CA
USENIX会议之谜中等长度的“圆桌讨论与领先的专家”,内容开始于2016年
新闻 黑客学习资源汇总黑客学习资源汇总
阿德里安克伦肖冗长的CON式会谈很多
科里Nachreiner安全NewsBites,2.7k订户,每周2-3视频,没有设定时间表
巴尔康-巴尔干计算机大会长期欺骗式会谈从巴尔干计算机大会,不定期更新
danooct1简单的截图很多,入门视频关于恶意软件,定期的内容更新,186k followerss
dedsec简短的视频截图如何立足Kali的地段,没有最近的帖子。
Defcon会议从象形DEFCON很多冗长的CON式视频
demmsec笔测试视频很多,有点不规则的上传,44k追随者
德里克车- CTF / boot2root /兵棋演练冗长的截图教学视频很多,有
Don 30业余笔发布简短视频截图经常很多,9k追随者
错误404网络新闻短镜头视频用响亮的金属,没有对话,双周刊
极客堡-如果简单的截图作品很多,没有新的文章
hackersploit定期的岗位,中等长度的视频截图,对话框
黑客教程简短的视频部分截图,没有最近的帖子。
iexplo1t很多视频截图针对新手,5.7k追随者,没有最近的帖子
jackktutorials从Youtube网友一些问我视频中长很多教学视频
最新的黑客新闻10k追随者,中等长度的视频截图,视频,最近没有发布
lionsec短暂的教学视频截图很多,没有对话
liveoverflow简短的视频中isntructional地段,占地之类的缓冲overflwos开拓写作,定期的岗位。
metasploitation视频截图很多,几乎没有对话,所有关于使用Metasploit的,没有最近的视频。
netsecnow通道pentesteruniversity.org,似乎后一个月一次,教学视频截图
打开securitytraining冗长的说教式的作品很多,没有新的日志,但质量信息。
pentester电视学院简短的视频很多,很有规律的发布,到8个星期
在Linux的渗透测试删除
rwbnetsec中等长度的教学视频,涵盖了从卡利2工具很多,没有新的文章。
Samy Kamkar的应用黑客简短的中等长度的教学视频从poisontap造物主Raspberry Pi的零,没有新的内容,最后更新2016
secureninjatv简短的新闻口,不规则的发布,18k追随者
安全周刊定期更新,漫长的播客风格采访了业内专家
seytonic各种DIY硬件黑客,黑客教程,定期更新
shozab haxor大量的截图方式教学视频,定期更新,Windows的CLI教程
公司教程简短的视频截图很多,定期更新
谍报安全周刊想了解所有最新的安全工具和技术?
特洛伊亨特孤独的YouTuber,中等长度的新闻视频,16k追随者,常规的内容
瓦利德jutt很多简单的截屏视频覆盖网络安全和游戏编程
webpwnized简单的截图作品很多,有些CTF演练
zer0mem0ry简短的C安全很多的录像,编程密集
lionsec短暂的教学视频截图很多,没有对话
阿德里安克伦肖冗长的CON式会谈很多
hackersploit定期的岗位,中等长度的视频截图,对话框
德里克车- CTF / boot2root /兵棋演练冗长的截图教学视频很多,有
谍报安全周刊想了解所有最新的安全工具和技术?
ippsechackthebox.eu退休机易损机演练来帮助你学习基本的和先进的工艺和技术

锐化你的技能

姓名描述
后门笔测试实验室,有一个空间的初学者,一个实践的舞台和各种比赛,账户需要
的cryptopals加密的挑战一群CTF的挑战,都集中在密码。
挑战的土地一个扭曲的CTF的网站,没有一个简单的注册,你必须解决的一个挑战,即使走那么远!
crackmes.de archive(2015年)反向工程信息回购,开始在2003
crackmes.one这是一个简单的地方,你可以下载crackmes提高逆向工程技能。
ctflearn基于CTF网站账户,用户可以在解决一系列挑战
ctfs写-不间断电源从各种CTF集合writeups,主办
ctf365基于CTF网站账户,由卡巴斯基,麻省理工学院颁发,T-Mobile
谜组Web应用程序安全性的培训,基于账户的,视频教程
利用练习5 fulnerable主机虚拟机你攻击,不考虑所需
谷歌CTF 2017谷歌2017 CTF的源代码
谷歌CTF 20182018版的谷歌CTF比赛
谷歌的XSS的游戏XSS的挑战和潜在的机会得到报酬!
黑盒子笔测试实验室举办超过39易受攻击的机器有两个额外的每月新增
黑客测试类似于“hackthissite”,没有考虑要求。
黑客网关CTFS覆盖隐藏密码,和网络的挑战,客户要求
hacksplaining点击安全信息网站,对初学者很好。
hackburger.ee拥有一大批网络黑客的挑战,客户要求
hack.me让你建立/主机/攻击脆弱的Web应用程序
黑客网站!一个老人但糖果,帐户,用户开始在低水平和进展困难
knock.xss.moeXSS的挑战,客户的要求。
lin.security实践你的escalation Linux权限
noe.systems韩国的挑战网站,需要一个帐户
在导线CTF是基于每个实验室的递进层次,用户的SSH,没有考虑recquired
OWASP安全的牧羊人截至11月6断
参与挑战的网站旨在创造CTF参与者普遍排名
pentesterlab举办各种活动以及各种各样的“新兵训练营”,专注于特定的活动
pentestit时间的CTF的网站,用户必须安装Open VPN并获得证书
渗透测试实践基于渗透测试实践,自由报名,但也有付费的特征
pentest.training你试图破解各种实验室/ VMS的地段,注册是可选的。
picoctfCTF的卡耐基-梅隆大学,每年举办时,账户需要。
pwnable.kr不要让卡通人物愚弄你,这是一个严重的CTF的网站,会教你很多,客户要求
pwnable.tw主机27的挑战伴随writeups,账户需要
ringzer0团队基于CTF网站账户,托管超过272的挑战
ROP商场返回导向编程的挑战
smashthestack主机的各种挑战,类似于overthewire,用户必须ssh到机器和进步水平
shellter实验室基于信息安全实验室,他们的目标是使这些社会活动
解决我“另一个挑战”,客户要求。
vulnhub网站提供大量不同的脆弱的虚拟机映像,下载并让黑客
websec.fr专注于网站的挑战,注册是可选的。
webhacking.kr网络安全挑战,很多都是可用的,建议初学者。你需要解决注册一个简单的挑战。
千篇一律的挑战网络安全专家的挑战,客户要求。
缟CTF 2.0过去的安全竞赛,你可以发现和利用模拟的Web应用程序的漏洞。
Windows / Linux本地权限提升车间实践你的Linux和Windows特权升级

逆向工程,缓冲区溢出和开发利用

姓名描述
对中级水平的Linux开发过程正如标题所说,本课程不适合初学者
分析和开发(特权)巨大的收集信息,组织类型。
二进制的黑客35“没有废话”二进制视频以及其他信息
缓冲区溢出的Linux开发引物Linux启收。工程视频
Corelan教程详细的教程,关于记忆的很多很好的信息
开发教程一系列的9开发教程,还设有一个播客
开发利用对论坛的利用开发文章的链接,质量和后期的风格将每个海报有所不同
缺陷的挑战通过一系列的水平,你将了解常见的错误和陷阱在使用亚马逊网络服务(AWS)。
以ARM汇编基础知识介绍从信息安全专业azeria教程吨,在推特跟着她
Introductory Intel x8663天的OS类材料,29班,24教师,没有帐户所需
莱娜的倒车新手(完成)在莱娜漫长的上市资源,针对课程
Linux(x86)开发系列通过sploitfun博客后,有3个不同的层次
megabeets旅程进入radare2一个用户的radare2教程
现代二进制开发CSCI 4968重新挑战,你可以下载文件或下载虚拟机创建的rpisec专门为挑战,并链接到他们的主页,信息安全讲座吨
初学者的逆向工程巨大的教材,由Dennis Yurichev创造的、开源的
逆向工程的阅读清单一个再工具书GitHub的收集
逆向工程的挑战从重新初学者的作家挑战收藏
初学者的逆向工程(GitHub项目)对于上述GitHub
逆向工程恶意软件101介绍了恶意软件的独角兽创建,完成材料和两个VM的
逆向工程恶意软件102re101续集to the
reversing.kr挑战逆向工程的挑战不同的困难
壳的风暴博客风格的收集与组织信息启。工程
Shellcode注射液博客从一个毕业生在SDS实验室

escalation特权  黑客学习资源汇总

姓名描述
4种方式让Linux escalation特权显示PE不同的例子
指南escalation Linux的特权Linux权限提升的基础
滥用sudo(Linux特权升级)滥用sudo(Linux特权升级)
autolocalprivilegeescalation自动化脚本下载和编译exploitdb
基本的Linux escalation权限基本的Linux开发,也包括Windows
常见的Windows权限提升的载体常见的Windows权限提升的载体
编辑/etc/passwd文件特权升级编辑/etc/passwd文件特权升级
escalation Linux权限Linux权限提升–谍报安全周刊(视频)
Linux的特权escalation检查脚本基于Linux的简单检查脚本
Linux的特权escalation脚本一列PE检查脚本,有些可能已经覆盖
Linux权限升级使用路径变量Linux权限升级使用路径变量
Linux权限升级使用配置NFSLinux权限升级使用配置NFS
Linux权限升级通过动态链接的共享库多路径和弱文件权限会导致系统的妥协。
本地Linux枚举和特权升级列表可以编译成一个剧本的好资源
示波器- Windows特权升级常见的Windows特权升级
escalation特权为Windows和Linux涵盖了Windows和Linux两个不同的漏洞
特权升级Linux举例包括Linux几个普通PE方法
达到根讨论了Linux的开发过程的特权
roothelper一个工具,运行各种枚举脚本检查特权升级
UNIX privesc检查器一个脚本,在系统漏洞检查PE
Windows的漏洞,主要是预编译。预编译的Windows漏洞,可以用于逆向工程太
Windows escalation特权wiki页面覆盖Windows特权升级收集
Windows escalation特权在Windows特权升级说明
Windows特权升级检查一个主题列表,链接到pentestlab.blog,所有Windows特权升级相关
escalation基础Windows权限重要的信息/教程收集,选择通过Patreon贡献的创造者,创造者是一个示波器
Windows特权escalation指南Windows特权escalation指南
Windows特权升级方法者Windows特权升级方法者

恶意软件分析 黑客学习资源汇总

姓名描述
恶意软件的流量分析流量分析表练习
恶意软件分析- CSCI 4976另一个班在rpisec乡亲,高质量的内容
[坏](二进制文件https://www.badbinaries.com/恶意软件的流量分析习题演练文件和一些偶尔的恶意软件分析。

网络扫描/识别  黑客学习资源汇总

姓名描述
足印的WHOIS和DNS记录从SANS白皮书
谷歌/谷歌的黑客们谷歌黑客命令列表,释放出世界上最大的搜索引擎的力量

脆弱的Web应用程序  黑客学习资源汇总

姓名描述
bwapp黑客常用车的Web应用程序,非常适合初学者,很多文件
该死的脆弱的小网站用不到100行代码,这个Web应用程序有吨的vulns,伟大的教学
该死的脆弱的Web应用(DVWA)PHP / MySQL的Web应用程序测试工具和技巧
谷歌的格里尔挑战这个俗气的Web应用程序的主机
OWASP破碎的Web应用程序项目主机收集破碎的Web应用程序
OWASP hackademic挑战项目网络黑客的挑战
OWASP Mutillidae II另一个OWASP脆弱的应用程序,很多文件。
OWASP果汁店包括OWASP Top 10 vulns
WebGoat:故意不安全的Web应用由OWASP和设计给Web应用程序的安全性

脆弱的操作系统  黑客学习资源汇总

姓名描述
一般的测试环境的指导从专业人士在Rapid7白皮书
metasploitable2(Linux)脆弱的操作系统,非常适合练习黑客
metasploitable3安装]这个脆弱的操作系统的安装第三
vulnhub对不同弱势OS和挑战吨收集

Linux操作系统的渗透测试

姓名描述
Android的驯兽师Android的驯兽师是一个虚拟的生活平台Android安全专家。
配电箱开源社区项目,促进安全在这enivornments
blackarch基于Linux的发行版拱渗透测试,兼容拱安装
BugTraq先进的GNU Linux笔测试技术
卡莉臭名昭著的渗透测试发行版从乡亲们进攻安全
lionsec Linuxpentesting based on Ubuntu操作系统
鹦鹉Debian包括安全、完整的便携式实验室DFIR,发展

利用  黑客学习资源汇总

姓名描述
0day.today易于导航数据库的利用
数据库的开发各种各样的CVE标准漏洞数据库,档案
cxsecurity独立的信息管理由1人。
snyk漏洞数据库详细信息和已知的漏洞时修复的指导,也可以让你测试你的代码

论坛  黑客学习资源汇总

姓名描述
0x00sec黑客、恶意软件、计算机工程、逆向工程
antichat俄罗斯的论坛
东开发数据库利用DB商业利用渗透测试框架写的东
greysec黑客和安全论坛
HackForums发布黑客/攻击/讨论伺

存档的安全会议视频  黑客学习资源汇总

姓名描述
infocon.org从数百个缺点主机数据
irongeekAdrien Crenshaw官方网站,主机一吨的信息。

在线社区 黑客学习资源汇总

姓名描述
hacktoday需要一个账户,涵盖各类黑客的话题
乱劈链接需要电报被使用
mpghmultiplayergamehacking社区大学

在线新闻来源

姓名描述
信息安全涵盖了所有最新的信息安全问题
最近的哈希漏洞好地方散列查找
安全智能涵盖各类新闻,伟大的智力资源
Threatpost涵盖了所有最新的威胁和漏洞
黑客新闻具有日常流黑客新闻,也有一个应用程序

英文版本(原版)———-黑客学习资源汇总

Awesome Hacking Resources

A collection of hacking / penetration testing resources to make you better!

Let’s make it the biggest resource repository for our community.

You are welcome to fork and contribute.

We started a new tools list, come and contribute

Table of Contents  黑客学习资源汇总

Learning the Skills 黑客学习资源汇总

NameDescription
BadBinaries.coma simple opendir full of quality docs and notes on a variety of security topics; good walkthroughs on malware trafic analysis and sysadmin stuff.
CS 642: Intro to Computer Securityacademic content, full semester course, includes assigned readings, homework and github refs for exploit examples. NO VIDEO LECTURES.
Cybrarycoursera style website, lots of user-contributed content, account required, content can be filtered by experience level
Free cyber security trainingAcademic content, 8 full courses with videos from a quirky instructor sam, links to research, defcon materials and other recommended training/learning
Free interactive labs with White Hat Academy32 labs, easy account sign in with github credentials
Hak5podcast-style videos covering various topics, has a forum,
Learning Exploitation with Offensive Computer Security 2.0blog-style instruction, includes: slides, videos, homework, discussion. No login required.
Mind MapsInformation Security related Mind Maps
MIT OCW 6.858 Computer Systems Securityacademic content, well organized, full-semester course, includes assigned readings, lectures, videos, required lab files.
OffensiveComputerSecurityacademic content, full semester course including 27 lecture videos with slides and assign readings
OWASP top 10 web security risksfree courseware, requires account
SecurityTubetube-styled content,
Seed Labsacademic content, well organized, featuring lab videos, tasks, needed code files, and recommended readings

YouTube Channels 黑客学习资源汇总

NameDescription
0patch by ACROS Securityfew videos, very short, specific to 0patch
BlackHatfeatures talks from the BlackHat conferences around the world
Christiaan008hosts a variety of videos on various security topics, disorganized
Companies黑客学习资源汇总
Detectifyvery short videos, aimed at showing how to use Detictify scanner
Hak5see Hak5 above
Kaspersky Lablots of Kaspersky promos, some hidden cybersecurity gems
Metasploitcollection of medium length metasploit demos, ~25minutes each, instructional
ntopnetwork monitoring, packet analysis, instructional
nVisiumSome nVisum promos, a handful of instructional series on Rails vulns and web hacking
OpenNSMnetwork analysis, lots of TCPDUMP videos, instructional,
OWASPsee OWASP above
Rapid7brief videos, promotional/instructional, ~ 5 minutes
Securelistbrief videos, interviews discussing various cyber security topics
Segment Securitypromo videos, non-instructional
SocialEngineerOrgpodcast-style, instructional, lengthy content ~1 hr each
Sonatypelots of random videos, a good cluster of DevOps related content, large range of lengths, disorganized
SophosLabslots of brief, news-style content,
Sourcefirelots of brief videos covering topics like botnets, DDoS ~5 minutes each
Station Xhandful of brief videos, disorganized, unscheduled content updates
Synackrandom, news-style videos, disorganized, non-instructional
TippingPoint Zero Day Initiativevery brief videos ~30 sec, somewhat instructional
Tripwire, Inc.some tripwire demos, and random news-style videos, non-instructional
Vincent Yiuhandful of videos from a single hacker, instructional
Conferences黑客学习资源汇总
44contvinformation security con based in London, lengthy instructional videos
BruCON Security Conferencesecurity and hacker conference based in b\Belgium, lots of lengthy instructinoal videos
BSides Manchestersecurity and hacker con based in Mancheseter, lots of lengthy videos
BSidesAugustasecurity con based in Augusta, Georgia, lots of lengthy instructional videos
CarolinaConsecurity con based in North Carolina, associated with various 2600 chapters, lots of lengthy instructional content
Cort Johnsona handful of lengthy con-style talks from Hack Secure Opensec 2017
DevSecConlenghty con videos covering DevSecOps, making software more secure
Garage4Hackers – Information Securitya handful of lengthy videos, About section lacks description
HACKADAYlots of random tech content, not strictly infosec, some instructional
Hack In The Box Security Conferencelengthy con-style instructional talks from an international security con
Hack in Parissecurity con based in paris, features lots of instructional talks, slides can be difficult to see.
Hacklulots of lengthy con-style instructional videos
Hacktivitylots of lengthy con-style instructional videos from a con in central/eastern europe
Hardwear.iohandful of lengthy con-style video, emphasis on hardware hacks
IEEE Symposium on Security and Privacycontent from the symposium; IEEE is a professional association based in the us, they also publish various journals
LASCONlengthy con-style talks from an OWASP con held in Austin, TX
Marcus Niemietzlots of instructional content, associated with HACKPRA, an offensive security course from an institute in Germany
Media.ccc.deThe real official channel of the chaos computer club, operated by the CCC VOC – tons of lengthy con-style vids
NorthSeclengthy con-style talks from an applied security conference in Canada
Pancake Nopcodechannel of Radare2 whiz Sergi
Psiinonmedium length instructional videos, for the OWASP Zed Attack Proxy
SJSU Infosechandful of lengthy instructional videos from San Jose State university Infosec
Secappdev.orgtons of lengthy instructional lectures on Secure App Development
Security Festmedium length con-style talks from a security festival in Sweden
SecurityTubeConsan assortment of con-style talks from various cons including BlackHat and Shmoocon
ToorConhandful of medium length con videos from con based in San Diego, CA
USENIX Enigma Conferencemedium length
News黑客学习资源汇总
Adrian Crenshawlots of lengthy con-style talks
Corey Nachreinersecurity newsbites, 2.7K subscribers, 2-3 videos a week, no set schedule
BalCCon – Balkan Computer CongressLong con-style talks from the Balkan Computer Congress, doesn’t update regularly
danooct1lots of brief screenshot, how-to vids regarding malware, regular content updates, 186K followerss
DedSeclots of brief screenshot how-to vids based in Kali, no recent posts.
DEFCON Conferencelots of lengthy con-style vids from the iconical DEFCON
DemmSeclots of pen testing vids, somewhat irregular uploads, 44K followers
Derek Rook – CTF/Boot2root/wargames Walkthroughlots of lengthy screenshot instructional vids, with
Don Does 30amateur pen-tester posting lots of brief screenshot vids regularly, 9K Followers
Error 404 Cyber Newsshort screen-shot videos with loud metal, no dialog, bi-weekly
Geeks Fort – KIFlots of brief screenshot vids, no recent posts
HackerSploitregular posts, medium length screenshot vids, with dialog
HACKING TUTORIALShandful of brief screenshot vids, no recent posts.
iExplo1tlots of screenshot vids aimed at novices, 5.7K Followers, no recent posts
JackkTutorialslots of medium length instructional vids with some AskMe vids from the youtuber
Latest Hacking News10K followers, medium length screenshot videos, no recent releases
LionSeclots of brief screenshot instructional vids, no dialog
LiveOverflowLots of brief-to-medium isntructional vids, covering things like buffer overflwos and exploit writing, regular posts.
Metasploitationlots of screenshot vids, little to no dialogue, all about using Metasploit, no recent vids.
NetSecNowchannel of pentesteruniversity.org, seems to post once a month, screenshot instructional vids
Open SecurityTraininglots of lengthy lecture-style vids, no recent posts, but quality info.
Pentester Academy TVlots of brief videos, very regular posting, up to +8 a week
Penetration Testing in LinuxDELETE
rwbnetseclots of medium length instructional videos covering tools from Kali 2.0, no recent posts.
Samy Kamkar’s Applied Hackingbrief to medium length instructional vids from the creator of PoisonTap for the Raspberry Pi Zero, no recent content, last updated in 2016
SecureNinjaTVbrief news bites, irregular posting, 18K followers
Security Weeklyregular updates, lengthy podcast-style interviews with industry pros
Seytonicvariety of DIY hacking tutorials, hardware hacks, regular updates
Shozab Haxorlots of screenshot style instructional vids, regular updates, windows CLI tutorial
SSTec Tutorialslots of brief screenshot vids, regular updates
Tradecraft Security WeeklyWant to learn about all of the latest security tools and techniques?
Troy Huntlone youtuber, medium length news videos, 16K followers, regular content
Waleed Juttlots of brief screenshot vids covering web security and game programming
webpwnizedlots of brief screenshot vids, some CTF walkthroughs
Zer0Mem0rylots of brief c++ security videos, programming intensive
LionSeclots of brief screenshot instructional vids, no dialog
Adrian Crenshawlots of lengthy con-style talks
HackerSploitregular posts, medium length screenshot vids, with dialog
Derek Rook – CTF/Boot2root/wargames Walkthroughlots of lengthy screenshot instructional vids, with
Tradecraft Security WeeklyWant to learn about all of the latest security tools and techniques?
IPPSecHackthebox.eu retired machine vulnerable machine walkthroughs to help you learn both basic and advanced processes and techniques

Sharpening Your Skills 黑客学习资源汇总

NameDescription
Backdoorpen testing labs that have a space for beginners, a practice arena and various competitions, account required
The cryptopals crypto challengesA bunch of CTF challenges, all focused on cryptography.
Challenge LandCtf site with a twist, no simple sign-up, you have to solve a challengeto even get that far!
Crackmes.de Archive (2011-2015)a reverse engineering information Repo, started in 2003
Crackmes.oneThis is a simple place where you can download crackmes to improve your reverse engineering skills.
CTFLearnan account-based ctf site, where users can go in and solve a range of challenges
CTFs write-upsa collection of writeups from various CTFs, organized by
CTF365account based ctf site, awarded by Kaspersky, MIT, T-Mobile
The enigma groupweb application security training, account based, video tutorials
Exploit exerciseshosts 5 fulnerable virtual machines for you to attack, no account required
Google CTF 2017Source code of Google 2017 CTF
Google CTF 20182018 edition of the Google CTF contest
Google’s XSS gameXSS challenges, and potentially a chance to get paid!
Hack The BoxPen testing labs hosting over 39 vulnerable machines with two additional added every month
Hacker testsimilar to
Hacker Gatewayctfs covering steganography, cryptography, and web challengs, account required
Hacksplaininga clickthrough security informational site, very good for beginners.
hackburger.eehosts a number of web hacking challenges, account required
Hack.melets you build/host/attack vulnerable web apps
Hack this site!an oldy but goodie, account required, users start at low levels and progress in difficulty
knock.xss.moeXSS challenges, account required.
Lin.securityPractice your Linux privilege escalation
noe.systemsKorean challenge site, requires an account
Over the wireA CTF that’s based on progressive levels for each lab, the users SSH in, no account recquired
OWASP Security ShepherdBROKEN AS OF 11/6
Participating Challenge Sitesaims at creating a universal ranking for CTF participants
PentesterLabhosts a variety of exercises as well as various
Pentestitacocunt based CTF site, users have to install open VPN and get credentials
Pentest Practiceaccount based Pentest practice, free to sign up, but there’s also a pay-as-you-go feature
Pentest.traininglots of various labs/VMS for you to try and hack, registry is optional.
PicoCTFCTF hosted by Carnegie Mellon, occurs yearly, account required.
pwnable.krDon’t let the cartoon characters fool you, this is a serious CTF site that will teach you a lot, account required
pwnable.twhosts 27 challenges accompanied with writeups, account required
Ringzer0 Teaman account based CTF site, hosting over 272 challenges
ROP EmporiumReturn Oriented Programming challenges
SmashTheStackhosts various challenges, similar to OverTheWire, users must SSH into the machines and progress in levels
Shellter Labsaccount based infosec labs, they aim at making these activities social
Solve Me
Vulnhubsite hosts a ton of different vulnerable Virtual Machine images, download and get hacking
websec.frFocused on web challenges, registration is optional.
webhacking.krlots of web security challenges are available, recommended for beginners. You need to solve a simple challenge to sign up.
Stereotyped ChallengesChallenges for web security professionals, account required.
Stripe CTF 2.0Past security contest where you can discover and exploit vulnerabilities in mock web applications.
Windows / Linux Local Privilege Escalation WorkshopPractice your Linux and Windows privilege escalation

Reverse Engineering, Buffer Overflow and Exploit Development

NameDescription
A Course on Intermediate Level Linux Exploitationas the title says, this course isn’t for beginners
Analysis and exploitation (unprivileged)huge collection of RE information, organized by type.
Binary hacking35
Buffer Overflow Exploitation Megaprimer for LinuxCollection of Linux Rev. Engineering videos
Corelan tutorialsdetailed tutorial, lots of good information about memory
Exploit tutorialsa series of 9 exploit tutorials,also features a podcast
Exploit developmentlinks to the forum’s exploit dev posts, quality and post style will vary with each poster
flAWS challengeThrough a series of levels you’ll learn about common mistakes and gotchas when using Amazon Web Services (AWS).
Introduction to ARM Assembly Basicstons of tutorials from infosec pro Azeria, follow her on twitter
Introductory Intel x8663 days of OS class materials, 29 classes, 24 instructors, no account required
Lena’s Reversing for Newbies (Complete)listing of a lengthy resource by Lena, aimed at being a course
Linux (x86) Exploit Development Seriesblog post by sploitfun, has 3 different levels
Megabeets journey into Radare2one user’s radare2 tutorials
Modern Binary Exploitation – CSCI 4968RE challenges, you can download the files or download the VM created by RPISEC specifically for challenges, also links to their home page with tons of infosec lectures
Reverse Engineering for Beginnershuge textbook, created by Dennis Yurichev, open-source
Reverse engineering reading lista github collection of RE tools and books
Reverse Engineering challengescollection of challenges from the writer of RE for Beginners
Reverse Engineering for beginners (GitHub project)github for the above 黑客学习资源汇总
Reverse Engineering Malware 101intro course created by Malware Unicorn, complete with material and two VM’s
Reverse Engineering Malware 102the sequel to RE101
reversing.kr challengesreverse engineering challenges varying in difficulty
Shell stormBlog style collection with organized info about Rev. Engineering.
Shellcode Injectiona blog entry from a grad student at SDS Labs

Privilege Escalation 黑客学习资源汇总

NameDescription
4 Ways get linux privilege escalationshows different examples of PE
A GUIDE TO LINUX PRIVILEGE ESCALATIONBasics of Linux privilege escalation
Abusing SUDO (Linux Privilege Escalation)Abusing SUDO (Linux Privilege Escalation)
AutoLocalPrivilegeEscalationautomated scripts that downloads and compiles from exploitdb
Basic linux privilege escalationbasic linux exploitation, also covers Windows
Common Windows Privilege Escalation VectorsCommon Windows Privilege Escalation Vectors
Editing /etc/passwd File for Privilege EscalationEditing /etc/passwd File for Privilege Escalation
Linux Privilege EscalationLinux Privilege Escalation – Tradecraft Security Weekly (Video)
Linux Privilege Escalation Check Scripta simple linux PE check script
Linux Privilege Escalation Scriptsa list of PE checking scripts, some may have already been covered
Linux Privilege Escalation Using PATH VariableLinux Privilege Escalation Using PATH Variable
Linux Privilege Escalation using Misconfigured NFSLinux Privilege Escalation using Misconfigured NFS
Linux Privilege Escalation via Dynamically Linked Shared Object LibraryHow RPATH and Weak File Permissions can lead to a system compromise.
Local Linux Enumeration & Privilege Escalation Cheatsheetgood resources that could be compiled into a script
OSCP – Windows Priviledge EscalationCommon Windows Priviledge Escalation
Privilege escalation for Windows and Linuxcovers a couple different exploits for Windows and Linux
Privilege escalation linux with live examplecovers a couple common PE methods in linux
Reach the rootdiscusses a process for linux privilege exploitation
RootHelpera tool that runs various enumeration scripts to check for privilege escalation
Unix privesc checkera script that checks for PE vulnerabilities on a system
Windows exploits, mostly precompiled.precompiled windows exploits, could be useful for reverse engineering too
Windows Privilege Escalationcollection of wiki pages covering Windows Privilege escalation
Windows Privilege EscalationNotes on Windows Privilege Escalation
Windows privilege escalation checkera list of topics that link to pentestlab.blog, all related to windows privilege escalation
Windows Privilege Escalation Fundamentalscollection of great info/tutorials, option to contribute to the creator through patreon, creator is an OSCP
Windows Privilege Escalation GuideWindows Privilege Escalation Guide
Windows Privilege Escalation Methods for PentestersWindows Privilege Escalation Methods for Pentesters

Malware Analysis 黑客学习资源汇总

NameDescription
Malware traffic analysislist of traffic analysis exercises
Malware Analysis – CSCI 4976another class from the folks at RPISEC, quality content
[Bad Binaries] (https://www.badbinaries.com/)walkthrough documents of malware traffic analysis exercises and some occasional malware analysis.

Network Scanning / Reconnaissance 黑客学习资源汇总

NameDescription
Foot Printing with WhoIS/DNS recordsa white paper from SANS
Google Dorks/Google Hackinglist of commands for google hacks, unleash the power of the world’s biggest search engine

Vulnerable Web Application 黑客学习资源汇总

NameDescription
bWAPPcommon buggy web app for hacking, great for beginners, lots of documentation
Damn Small Vulnerable Webwritten in less than 100 lines of code, this web app has tons of vulns, great for teaching
Damn Vulnerable Web Application (DVWA)PHP/MySQL web app for testing skills and tools
Google Gruyerehost of challenges on this cheesy web app
OWASP Broken Web Applications Projecthosts a collection of broken web apps
OWASP Hackademic Challenges projectweb hacking challenges
OWASP Mutillidae IIanother OWASP vulnerable app, lots of documentation.
OWASP Juice Shopcovers the OWASP top 10 vulns
WebGoat: A deliberately insecure Web Applicationmaintained by OWASP and designed to to teach web app security

Vulnerable OS 黑客学习资源汇总

NameDescription
General Test Environment Guidancewhite paper from the pros at rapid7
Metasploitable2 (Linux)vulnerable OS, great for practicing hacking
Metasploitable3 [Installation]the third installation of this vulnerable OS
Vulnhubcollection of tons of different vulnerable OS and challenges

Linux Penetration Testing OS 黑客学习资源汇总

NameDescription
Android TamerAndroid Tamer is a Virtual / Live Platform for Android Security professionals.
BackBoxopen source community project, promoting security in IT enivornments
BlackArchArch Linux based pentesting distro, compatible with Arch installs
Bugtraqadvanced GNU Linux pen-testing technology
Kalithe infamous pentesting distro from the folks at Offensive Security
LionSec Linuxpentesting OS based on Ubuntu
ParrotDebian includes full portable lab for security, DFIR, and development

Exploits 黑客学习资源汇总

NameDescription
0day.todayEasy to navigate database of exploits
Exploit Databasedatabase of a wide variety exploits, CVE compliant archive
CXsecurityIndie cybersecurity info managed by 1 person
Snyk Vulnerability DBdetailed info and remediation guidance for known vulns, also allows you to test your code

Forums 黑客学习资源汇总

NameDescription
0x00sechacker, malware, computer engineering, Reverse engineering
Antichatrussian based forum
EAST Exploit databaseexploit DB for commercial exploits written for EAST Pentest Framework
Greysechacking and security forum
Hackforumsposting webstite for hacks/exploits/various discussion

Archived Security Conference Videos 黑客学习资源汇总

NameDescription
InfoCon.orghosts data from hundreds of cons
IrongeekWebsite of Adrien Crenshaw, hosts a ton of info.

Online Communities 黑客学习资源汇总

Name 黑客学习资源汇总Description
Hacktodayrequires an account, covering all kinds of hacking topics
Hack+link requires telegram to be used
MPGHcommunity of MultiPlayerGameHacking

Online News Sources

NameDescription
InfoSeccovers all the latest infosec topics
Recent Hash Leaksgreat place to lookup hashes
Security Intellcovers all kinds of news, great intelligence resources
Threatpostcovers all the latest threats and breaches
The Hacker Newsfeatures a daily stream of hack news, also has an app

Leave a Reply

您的电子邮箱地址不会被公开。