目录导航
黑客学习资源汇总-渗透测试项目学习资料
黑客学习资源汇总
黑客学习资源汇总
目录
- 学习的技巧
- YouTube频道
- 锐化你的技能
- 逆向工程,缓冲区溢出和开发利用
- escalation特权
- 网络扫描/识别
- 恶意软件分析
- 脆弱的Web应用程序
- 脆弱的操作系统
- 利用
- 论坛
- 存档的安全会议视频
- 在线社区
- 在线新闻来源
- Linux操作系统的渗透测试
学习的技巧 黑客学习资源汇总
| 姓名 | 描述 |
|---|---|
| badbinaries.com | 一个简单的质量文档和笔记opendir对各种安全议题充满恶意软件良好的演练交通分析和系统管理员的东西。 |
| 642计算机的安全:介绍的CS | 学术内容,全学期的课程,包括指定的读物,为开发实例作业和GitHub的裁判。没有视频讲座。 |
| 百库 | Coursera风格的网站,很多用户贡献的内容,要求,内容可由经验水平过滤 |
| 免费的网络安全培训 | 学术内容,8全课程从一个古怪的导师山姆的视频,链接的研究,该材料和其他推荐的培训/学习 |
| 免费的互动实验室的白帽子学院 | 32个实验室,易帐户登录在GitHub的凭据 |
| Hak5 | 视频播客风格涵盖各种主题,有一个论坛,“Metasploit分钟”系列视频可能是有用的 |
| 学习计算机安全2.0开发进攻 | 博客式的教学,包括:幻灯片、视频、作业、讨论。无需登录。 |
| 思维导图 | 信息安全相关的Mind Maps |
| MIT OCW 6.858计算机系统安全 | 学术内容,精心组织,全学期的课程,包括指定的课外读物、讲座、录像、要求的实验室文件。 |
| offensivecomputersecurity | 学术内容,全学期的课程包括讲座视频与幻灯片和27指定阅读资料 |
| OWASP 10大Web安全风险 | 免费课件,需要考虑 |
| securitytube | 管式的内容,“引物”视频,涵盖各种主题,现场没有可读的内容。 |
| 种子实验室 | 学术内容,条理清晰,具有实验室视频,任务,需要的代码文件,及推荐读物 |
YouTube频道 黑客学习资源汇总
| 姓名 | 描述 | ||
|---|---|---|---|
| 通过在安全0patch | 一些视频,很短,具体到0patch | ||
| 黑帽 | 会谈在黑帽会议在世界各地 | ||
| christiaan008 | 主机的各种安全主题的各种视频,混乱 | ||
| 公司 | |||
| Detectify | 很短的视频,旨在展示如何使用detictify扫描仪 | ||
| Hak5 | 看到Hak5以上 | ||
| 卡巴斯基实验室 | 卡巴斯基茂德很多网络安全,一些隐藏的宝石 | ||
| Metasploit | 中等长度的Metasploit演示收集,~ 25minutes各教学 | ||
| ntop | 网络监控,数据分析,教学 | ||
| nvisium | 一些nvisum茂德,少数教学系列导轨vulns和网络黑客 | ||
| opennsm | 网络分析,tcpdump很多的录像,教学, | ||
| OWASP | 看到OWASP以上 | ||
| rapid7 | 简短的视频,宣传和指导,~五分钟 | ||
| 上 | 简短的视频,访谈,讨论各种网络安全问题 | ||
| 段安全 | 宣传视频,非教学 | ||
| socialengineerorg | 播客风格、教学、冗长的内容~每1小时 | ||
| Sonatype | 随机视频很多,一个好的集群的DevOps相关内容,长度范围大,混乱 | ||
| SophosLabs | 很多简短的新闻式的内容,“七宗这罪”段注 | ||
| Sourcefire | 简短的视频内容覆盖了很多像僵尸网络的DDoS ~五分钟, | ||
| 站X | 一些简短的视频,杂乱无章,不定期的内容更新 | ||
| SYNACK | 随机型disorganized,新闻,视频,非教学 | ||
| TippingPoint的Zero Day Initiative | 非常简短的视频~ 30秒,有些教学 | ||
| Tripwire公司 | 一些绊演示,和随机的新闻风格的视频,非教学 | ||
| 文森特耀 | 从一个黑客的视频部分,教学 | ||
| 会议 | 黑客学习资源汇总 | ||
| 44contv | 总部位于伦敦的信息安全,漫长的教学视频 | ||
| brucon Security Conference | 安全和黑客会议基于B \比利时,冗长的instructinoal很多的录像 | ||
| 同时曼彻斯特 | 安全和黑客展立足Mancheseter,冗长的视频很多 | ||
| bsidesaugusta | 总部设在奥古斯塔,格鲁吉亚的安全,许多冗长的教学视频 | ||
| carolinacon | 总部在北卡罗莱纳的安全,各种2600章有关,冗长的教学内容很多 | ||
| 科特约翰逊 | 一些冗长的CON式会谈黑客安全opensec 2017 | ||
| devseccon | devsecops lenghty CON视频覆盖,使软件更安全 | ||
| garage4hackers -信息安全 | 一些冗长的视频,有关部门缺乏描述 | ||
| Hackaday | 随机技术含量很多,没有严格的信息安全,一些教学 | ||
| 骇客安全大会 | 冗长的CON式教学对话从国际安全 | ||
| 黑客在巴黎 | 总部在巴黎的安全,教学对话的功能很多,它可以是很难看到。 | ||
| hacklu | 冗长的CON风格教学视频很多 | ||
| Hacktivity | 中/东欧和许多冗长的骗局式的教学视频 | ||
| hardwear.io | 冗长的骗局式的视频把,硬件黑客的重点 | ||
| IEEE安全与隐私会议 | 从会议内容IEEE是一个美国的专业协会,他们还出版各种期刊 | ||
| lascon | 冗长的CON风格从奥斯丁举行会谈,OWASP TX | ||
| 马库斯niemietz | 教学内容丰富,与hackpra,从德国的一所攻击的安全课程 | ||
| media.ccc.de | 的混沌计算机俱乐部的官方渠道,由CCC VOC -冗长的CON式视频吨 | ||
| northsec | 冗长的CON式会谈从应用安全会议在加拿大举行 | ||
| 煎饼nopcode | 对radare2专家Sergi“煎饼”的阿尔瓦雷斯海峡,逆向工程的内容 | ||
| psiinon | 中等长度的教学视频,为OWASP Zed攻击代理 | ||
| 州立圣何塞大学信息安全 | 圣何塞州立大学信息安全教学视频把冗长的 | ||
| secappdev.org | 冗长的教学讲座安全应用开发吨 | ||
| 安全节 | 中等长度的控制方式从安全节在瑞典会谈 | ||
| securitytubecons | 欺诈式会谈从各种缺点包括黑帽和shmoocon分类 | ||
| toorcon | 中等长度的handful of based in的视频与来自圣地亚哥,CA | ||
| USENIX会议之谜 | 中等长度的“圆桌讨论与领先的专家”,内容开始于2016年 | ||
| 新闻 黑客学习资源汇总 | 黑客学习资源汇总 | ||
| 阿德里安克伦肖 | 冗长的CON式会谈很多 | ||
| 科里Nachreiner | 安全NewsBites,2.7k订户,每周2-3视频,没有设定时间表 | ||
| 巴尔康-巴尔干计算机大会 | 长期欺骗式会谈从巴尔干计算机大会,不定期更新 | ||
| danooct1 | 简单的截图很多,入门视频关于恶意软件,定期的内容更新,186k followerss | ||
| dedsec | 简短的视频截图如何立足Kali的地段,没有最近的帖子。 | ||
| Defcon会议 | 从象形DEFCON很多冗长的CON式视频 | ||
| demmsec | 笔测试视频很多,有点不规则的上传,44k追随者 | ||
| 德里克车- CTF / boot2root /兵棋演练 | 冗长的截图教学视频很多,有 | ||
| Don 30 | 业余笔发布简短视频截图经常很多,9k追随者 | ||
| 错误404网络新闻 | 短镜头视频用响亮的金属,没有对话,双周刊 | ||
| 极客堡-如果 | 简单的截图作品很多,没有新的文章 | ||
| hackersploit | 定期的岗位,中等长度的视频截图,对话框 | ||
| 黑客教程 | 简短的视频部分截图,没有最近的帖子。 | ||
| iexplo1t | 很多视频截图针对新手,5.7k追随者,没有最近的帖子 | ||
| jackktutorials | 从Youtube网友一些问我视频中长很多教学视频 | ||
| 最新的黑客新闻 | 10k追随者,中等长度的视频截图,视频,最近没有发布 | ||
| lionsec | 短暂的教学视频截图很多,没有对话 | ||
| liveoverflow | 简短的视频中isntructional地段,占地之类的缓冲overflwos开拓写作,定期的岗位。 | ||
| metasploitation | 视频截图很多,几乎没有对话,所有关于使用Metasploit的,没有最近的视频。 | ||
| netsecnow | 通道pentesteruniversity.org,似乎后一个月一次,教学视频截图 | ||
| 打开securitytraining | 冗长的说教式的作品很多,没有新的日志,但质量信息。 | ||
| pentester电视学院 | 简短的视频很多,很有规律的发布,到8个星期 | ||
| 在Linux的渗透测试 | 删除 | ||
| rwbnetsec | 中等长度的教学视频,涵盖了从卡利2工具很多,没有新的文章。 | ||
| Samy Kamkar的应用黑客 | 简短的中等长度的教学视频从poisontap造物主Raspberry Pi的零,没有新的内容,最后更新2016 | ||
| secureninjatv | 简短的新闻口,不规则的发布,18k追随者 | ||
| 安全周刊 | 定期更新,漫长的播客风格采访了业内专家 | ||
| seytonic | 各种DIY硬件黑客,黑客教程,定期更新 | ||
| shozab haxor | 大量的截图方式教学视频,定期更新,Windows的CLI教程 | ||
| 公司教程 | 简短的视频截图很多,定期更新 | ||
| 谍报安全周刊 | 想了解所有最新的安全工具和技术? | ||
| 特洛伊亨特 | 孤独的YouTuber,中等长度的新闻视频,16k追随者,常规的内容 | ||
| 瓦利德jutt | 很多简单的截屏视频覆盖网络安全和游戏编程 | ||
| webpwnized | 简单的截图作品很多,有些CTF演练 | ||
| zer0mem0ry | 简短的C安全很多的录像,编程密集 | ||
| lionsec | 短暂的教学视频截图很多,没有对话 | ||
| 阿德里安克伦肖 | 冗长的CON式会谈很多 | ||
| hackersploit | 定期的岗位,中等长度的视频截图,对话框 | ||
| 德里克车- CTF / boot2root /兵棋演练 | 冗长的截图教学视频很多,有 | ||
| 谍报安全周刊 | 想了解所有最新的安全工具和技术? | ||
| ippsec | hackthebox.eu退休机易损机演练来帮助你学习基本的和先进的工艺和技术 | ||
锐化你的技能
| 姓名 | 描述 |
|---|---|
| 后门 | 笔测试实验室,有一个空间的初学者,一个实践的舞台和各种比赛,账户需要 |
| 的cryptopals加密的挑战 | 一群CTF的挑战,都集中在密码。 |
| 挑战的土地 | 一个扭曲的CTF的网站,没有一个简单的注册,你必须解决的一个挑战,即使走那么远! |
| crackmes.de archive(2015年) | 反向工程信息回购,开始在2003 |
| crackmes.one | 这是一个简单的地方,你可以下载crackmes提高逆向工程技能。 |
| ctflearn | 基于CTF网站账户,用户可以在解决一系列挑战 |
| ctfs写-不间断电源 | 从各种CTF集合writeups,主办 |
| ctf365 | 基于CTF网站账户,由卡巴斯基,麻省理工学院颁发,T-Mobile |
| 谜组 | Web应用程序安全性的培训,基于账户的,视频教程 |
| 利用练习 | 5 fulnerable主机虚拟机你攻击,不考虑所需 |
| 谷歌CTF 2017 | 谷歌2017 CTF的源代码 |
| 谷歌CTF 2018 | 2018版的谷歌CTF比赛 |
| 谷歌的XSS的游戏 | XSS的挑战和潜在的机会得到报酬! |
| 黑盒子 | 笔测试实验室举办超过39易受攻击的机器有两个额外的每月新增 |
| 黑客测试 | 类似于“hackthissite”,没有考虑要求。 |
| 黑客网关 | CTFS覆盖隐藏密码,和网络的挑战,客户要求 |
| hacksplaining | 点击安全信息网站,对初学者很好。 |
| hackburger.ee | 拥有一大批网络黑客的挑战,客户要求 |
| hack.me | 让你建立/主机/攻击脆弱的Web应用程序 |
| 黑客网站! | 一个老人但糖果,帐户,用户开始在低水平和进展困难 |
| knock.xss.moe | XSS的挑战,客户的要求。 |
| lin.security | 实践你的escalation Linux权限 |
| noe.systems | 韩国的挑战网站,需要一个帐户 |
| 在导线 | CTF是基于每个实验室的递进层次,用户的SSH,没有考虑recquired |
| OWASP安全的牧羊人 | 截至11月6断 |
| 参与挑战的网站 | 旨在创造CTF参与者普遍排名 |
| pentesterlab | 举办各种活动以及各种各样的“新兵训练营”,专注于特定的活动 |
| pentestit | 时间的CTF的网站,用户必须安装Open VPN并获得证书 |
| 渗透测试实践 | 基于渗透测试实践,自由报名,但也有付费的特征 |
| pentest.training | 你试图破解各种实验室/ VMS的地段,注册是可选的。 |
| picoctf | CTF的卡耐基-梅隆大学,每年举办时,账户需要。 |
| pwnable.kr | 不要让卡通人物愚弄你,这是一个严重的CTF的网站,会教你很多,客户要求 |
| pwnable.tw | 主机27的挑战伴随writeups,账户需要 |
| ringzer0团队 | 基于CTF网站账户,托管超过272的挑战 |
| ROP商场 | 返回导向编程的挑战 |
| smashthestack | 主机的各种挑战,类似于overthewire,用户必须ssh到机器和进步水平 |
| shellter实验室 | 基于信息安全实验室,他们的目标是使这些社会活动 |
| 解决我 | “另一个挑战”,客户要求。 |
| vulnhub | 网站提供大量不同的脆弱的虚拟机映像,下载并让黑客 |
| websec.fr | 专注于网站的挑战,注册是可选的。 |
| webhacking.kr | 网络安全挑战,很多都是可用的,建议初学者。你需要解决注册一个简单的挑战。 |
| 千篇一律的挑战 | 网络安全专家的挑战,客户要求。 |
| 缟CTF 2.0 | 过去的安全竞赛,你可以发现和利用模拟的Web应用程序的漏洞。 |
| Windows / Linux本地权限提升车间 | 实践你的Linux和Windows特权升级 |
逆向工程,缓冲区溢出和开发利用
| 姓名 | 描述 |
|---|---|
| 对中级水平的Linux开发过程 | 正如标题所说,本课程不适合初学者 |
| 分析和开发(特权) | 巨大的收集信息,组织类型。 |
| 二进制的黑客 | 35“没有废话”二进制视频以及其他信息 |
| 缓冲区溢出的Linux开发引物 | Linux启收。工程视频 |
| Corelan教程 | 详细的教程,关于记忆的很多很好的信息 |
| 开发教程 | 一系列的9开发教程,还设有一个播客 |
| 开发利用 | 对论坛的利用开发文章的链接,质量和后期的风格将每个海报有所不同 |
| 缺陷的挑战 | 通过一系列的水平,你将了解常见的错误和陷阱在使用亚马逊网络服务(AWS)。 |
| 以ARM汇编基础知识介绍 | 从信息安全专业azeria教程吨,在推特跟着她 |
| Introductory Intel x86 | 63天的OS类材料,29班,24教师,没有帐户所需 |
| 莱娜的倒车新手(完成) | 在莱娜漫长的上市资源,针对课程 |
| Linux(x86)开发系列 | 通过sploitfun博客后,有3个不同的层次 |
| megabeets旅程进入radare2 | 一个用户的radare2教程 |
| 现代二进制开发CSCI 4968 | 重新挑战,你可以下载文件或下载虚拟机创建的rpisec专门为挑战,并链接到他们的主页,信息安全讲座吨 |
| 初学者的逆向工程 | 巨大的教材,由Dennis Yurichev创造的、开源的 |
| 逆向工程的阅读清单 | 一个再工具书GitHub的收集 |
| 逆向工程的挑战 | 从重新初学者的作家挑战收藏 |
| 初学者的逆向工程(GitHub项目) | 对于上述GitHub |
| 逆向工程恶意软件101 | 介绍了恶意软件的独角兽创建,完成材料和两个VM的 |
| 逆向工程恶意软件102 | re101续集to the |
| reversing.kr挑战 | 逆向工程的挑战不同的困难 |
| 壳的风暴 | 博客风格的收集与组织信息启。工程 |
| Shellcode注射液 | 博客从一个毕业生在SDS实验室 |
escalation特权 黑客学习资源汇总
| 姓名 | 描述 |
|---|---|
| 4种方式让Linux escalation特权 | 显示PE不同的例子 |
| 指南escalation Linux的特权 | Linux权限提升的基础 |
| 滥用sudo(Linux特权升级) | 滥用sudo(Linux特权升级) |
| autolocalprivilegeescalation | 自动化脚本下载和编译exploitdb |
| 基本的Linux escalation权限 | 基本的Linux开发,也包括Windows |
| 常见的Windows权限提升的载体 | 常见的Windows权限提升的载体 |
| 编辑/etc/passwd文件特权升级 | 编辑/etc/passwd文件特权升级 |
| escalation Linux权限 | Linux权限提升–谍报安全周刊(视频) |
| Linux的特权escalation检查脚本 | 基于Linux的简单检查脚本 |
| Linux的特权escalation脚本 | 一列PE检查脚本,有些可能已经覆盖 |
| Linux权限升级使用路径变量 | Linux权限升级使用路径变量 |
| Linux权限升级使用配置NFS | Linux权限升级使用配置NFS |
| Linux权限升级通过动态链接的共享库 | 多路径和弱文件权限会导致系统的妥协。 |
| 本地Linux枚举和特权升级列表 | 可以编译成一个剧本的好资源 |
| 示波器- Windows特权升级 | 常见的Windows特权升级 |
| escalation特权为Windows和Linux | 涵盖了Windows和Linux两个不同的漏洞 |
| 特权升级Linux举例 | 包括Linux几个普通PE方法 |
| 达到根 | 讨论了Linux的开发过程的特权 |
| roothelper | 一个工具,运行各种枚举脚本检查特权升级 |
| UNIX privesc检查器 | 一个脚本,在系统漏洞检查PE |
| Windows的漏洞,主要是预编译。 | 预编译的Windows漏洞,可以用于逆向工程太 |
| Windows escalation特权 | wiki页面覆盖Windows特权升级收集 |
| Windows escalation特权 | 在Windows特权升级说明 |
| Windows特权升级检查 | 一个主题列表,链接到pentestlab.blog,所有Windows特权升级相关 |
| escalation基础Windows权限 | 重要的信息/教程收集,选择通过Patreon贡献的创造者,创造者是一个示波器 |
| Windows特权escalation指南 | Windows特权escalation指南 |
| Windows特权升级方法者 | Windows特权升级方法者 |
恶意软件分析 黑客学习资源汇总
| 姓名 | 描述 |
|---|---|
| 恶意软件的流量分析 | 流量分析表练习 |
| 恶意软件分析- CSCI 4976 | 另一个班在rpisec乡亲,高质量的内容 |
| [坏](二进制文件https://www.badbinaries.com/) | 恶意软件的流量分析习题演练文件和一些偶尔的恶意软件分析。 |
网络扫描/识别 黑客学习资源汇总
| 姓名 | 描述 |
|---|---|
| 足印的WHOIS和DNS记录 | 从SANS白皮书 |
| 谷歌/谷歌的黑客们 | 谷歌黑客命令列表,释放出世界上最大的搜索引擎的力量 |
脆弱的Web应用程序 黑客学习资源汇总
| 姓名 | 描述 |
|---|---|
| bwapp | 黑客常用车的Web应用程序,非常适合初学者,很多文件 |
| 该死的脆弱的小网站 | 用不到100行代码,这个Web应用程序有吨的vulns,伟大的教学 |
| 该死的脆弱的Web应用(DVWA) | PHP / MySQL的Web应用程序测试工具和技巧 |
| 谷歌的格里尔 | 挑战这个俗气的Web应用程序的主机 |
| OWASP破碎的Web应用程序项目 | 主机收集破碎的Web应用程序 |
| OWASP hackademic挑战项目 | 网络黑客的挑战 |
| OWASP Mutillidae II | 另一个OWASP脆弱的应用程序,很多文件。 |
| OWASP果汁店 | 包括OWASP Top 10 vulns |
| WebGoat:故意不安全的Web应用 | 由OWASP和设计给Web应用程序的安全性 |
脆弱的操作系统 黑客学习资源汇总
| 姓名 | 描述 |
|---|---|
| 一般的测试环境的指导 | 从专业人士在Rapid7白皮书 |
| metasploitable2(Linux) | 脆弱的操作系统,非常适合练习黑客 |
| metasploitable3【安装] | 这个脆弱的操作系统的安装第三 |
| vulnhub | 对不同弱势OS和挑战吨收集 |
Linux操作系统的渗透测试
| 姓名 | 描述 |
|---|---|
| Android的驯兽师 | Android的驯兽师是一个虚拟的生活平台Android安全专家。 |
| 配电箱 | 开源社区项目,促进安全在这enivornments |
| blackarch | 基于Linux的发行版拱渗透测试,兼容拱安装 |
| BugTraq | 先进的GNU Linux笔测试技术 |
| 卡莉 | 臭名昭著的渗透测试发行版从乡亲们进攻安全 |
| lionsec Linux | pentesting based on Ubuntu操作系统 |
| 鹦鹉 | Debian包括安全、完整的便携式实验室DFIR,发展 |
利用 黑客学习资源汇总
| 姓名 | 描述 |
|---|---|
| 0day.today | 易于导航数据库的利用 |
| 数据库的开发 | 各种各样的CVE标准漏洞数据库,档案 |
| cxsecurity | 独立的信息管理由1人。 |
| snyk漏洞数据库 | 详细信息和已知的漏洞时修复的指导,也可以让你测试你的代码 |
论坛 黑客学习资源汇总
| 姓名 | 描述 |
|---|---|
| 0x00sec | 黑客、恶意软件、计算机工程、逆向工程 |
| antichat | 俄罗斯的论坛 |
| 东开发数据库 | 利用DB商业利用渗透测试框架写的东 |
| greysec | 黑客和安全论坛 |
| HackForums | 发布黑客/攻击/讨论伺 |
存档的安全会议视频 黑客学习资源汇总
| 姓名 | 描述 |
|---|---|
| infocon.org | 从数百个缺点主机数据 |
| irongeek | Adrien Crenshaw官方网站,主机一吨的信息。 |
在线社区 黑客学习资源汇总
| 姓名 | 描述 |
|---|---|
| hacktoday | 需要一个账户,涵盖各类黑客的话题 |
| 乱劈 | 链接需要电报被使用 |
| mpgh | multiplayergamehacking社区大学 |
在线新闻来源
| 姓名 | 描述 |
|---|---|
| 信息安全 | 涵盖了所有最新的信息安全问题 |
| 最近的哈希漏洞 | 好地方散列查找 |
| 安全智能 | 涵盖各类新闻,伟大的智力资源 |
| Threatpost | 涵盖了所有最新的威胁和漏洞 |
| 黑客新闻 | 具有日常流黑客新闻,也有一个应用程序 |
英文版本(原版)———-黑客学习资源汇总
Awesome Hacking Resources
A collection of hacking / penetration testing resources to make you better!
Let’s make it the biggest resource repository for our community.
You are welcome to fork and contribute.
We started a new tools list, come and contribute
Table of Contents 黑客学习资源汇总
- Learning the Skills
- YouTube Channels
- Sharpening Your Skills
- Reverse Engineering, Buffer Overflow and Exploit Development
- Privilege Escalation
- Network Scanning / Reconnaissance
- Malware Analysis
- Vulnerable Web Application
- Vulnerable OS
- Exploits
- Forums
- Archived Security Conference Videos
- Online Communities
- Online News Sources
- Linux Penetration Testing OS
Learning the Skills 黑客学习资源汇总
| Name | Description |
|---|---|
| BadBinaries.com | a simple opendir full of quality docs and notes on a variety of security topics; good walkthroughs on malware trafic analysis and sysadmin stuff. |
| CS 642: Intro to Computer Security | academic content, full semester course, includes assigned readings, homework and github refs for exploit examples. NO VIDEO LECTURES. |
| Cybrary | coursera style website, lots of user-contributed content, account required, content can be filtered by experience level |
| Free cyber security training | Academic content, 8 full courses with videos from a quirky instructor sam, links to research, defcon materials and other recommended training/learning |
| Free interactive labs with White Hat Academy | 32 labs, easy account sign in with github credentials |
| Hak5 | podcast-style videos covering various topics, has a forum, |
| Learning Exploitation with Offensive Computer Security 2.0 | blog-style instruction, includes: slides, videos, homework, discussion. No login required. |
| Mind Maps | Information Security related Mind Maps |
| MIT OCW 6.858 Computer Systems Security | academic content, well organized, full-semester course, includes assigned readings, lectures, videos, required lab files. |
| OffensiveComputerSecurity | academic content, full semester course including 27 lecture videos with slides and assign readings |
| OWASP top 10 web security risks | free courseware, requires account |
| SecurityTube | tube-styled content, |
| Seed Labs | academic content, well organized, featuring lab videos, tasks, needed code files, and recommended readings |
YouTube Channels 黑客学习资源汇总
| Name | Description | ||
|---|---|---|---|
| 0patch by ACROS Security | few videos, very short, specific to 0patch | ||
| BlackHat | features talks from the BlackHat conferences around the world | ||
| Christiaan008 | hosts a variety of videos on various security topics, disorganized | ||
| Companies | 黑客学习资源汇总 | ||
| Detectify | very short videos, aimed at showing how to use Detictify scanner | ||
| Hak5 | see Hak5 above | ||
| Kaspersky Lab | lots of Kaspersky promos, some hidden cybersecurity gems | ||
| Metasploit | collection of medium length metasploit demos, ~25minutes each, instructional | ||
| ntop | network monitoring, packet analysis, instructional | ||
| nVisium | Some nVisum promos, a handful of instructional series on Rails vulns and web hacking | ||
| OpenNSM | network analysis, lots of TCPDUMP videos, instructional, | ||
| OWASP | see OWASP above | ||
| Rapid7 | brief videos, promotional/instructional, ~ 5 minutes | ||
| Securelist | brief videos, interviews discussing various cyber security topics | ||
| Segment Security | promo videos, non-instructional | ||
| SocialEngineerOrg | podcast-style, instructional, lengthy content ~1 hr each | ||
| Sonatype | lots of random videos, a good cluster of DevOps related content, large range of lengths, disorganized | ||
| SophosLabs | lots of brief, news-style content, | ||
| Sourcefire | lots of brief videos covering topics like botnets, DDoS ~5 minutes each | ||
| Station X | handful of brief videos, disorganized, unscheduled content updates | ||
| Synack | random, news-style videos, disorganized, non-instructional | ||
| TippingPoint Zero Day Initiative | very brief videos ~30 sec, somewhat instructional | ||
| Tripwire, Inc. | some tripwire demos, and random news-style videos, non-instructional | ||
| Vincent Yiu | handful of videos from a single hacker, instructional | ||
| Conferences | 黑客学习资源汇总 | ||
| 44contv | information security con based in London, lengthy instructional videos | ||
| BruCON Security Conference | security and hacker conference based in b\Belgium, lots of lengthy instructinoal videos | ||
| BSides Manchester | security and hacker con based in Mancheseter, lots of lengthy videos | ||
| BSidesAugusta | security con based in Augusta, Georgia, lots of lengthy instructional videos | ||
| CarolinaCon | security con based in North Carolina, associated with various 2600 chapters, lots of lengthy instructional content | ||
| Cort Johnson | a handful of lengthy con-style talks from Hack Secure Opensec 2017 | ||
| DevSecCon | lenghty con videos covering DevSecOps, making software more secure | ||
| Garage4Hackers – Information Security | a handful of lengthy videos, About section lacks description | ||
| HACKADAY | lots of random tech content, not strictly infosec, some instructional | ||
| Hack In The Box Security Conference | lengthy con-style instructional talks from an international security con | ||
| Hack in Paris | security con based in paris, features lots of instructional talks, slides can be difficult to see. | ||
| Hacklu | lots of lengthy con-style instructional videos | ||
| Hacktivity | lots of lengthy con-style instructional videos from a con in central/eastern europe | ||
| Hardwear.io | handful of lengthy con-style video, emphasis on hardware hacks | ||
| IEEE Symposium on Security and Privacy | content from the symposium; IEEE is a professional association based in the us, they also publish various journals | ||
| LASCON | lengthy con-style talks from an OWASP con held in Austin, TX | ||
| Marcus Niemietz | lots of instructional content, associated with HACKPRA, an offensive security course from an institute in Germany | ||
| Media.ccc.de | The real official channel of the chaos computer club, operated by the CCC VOC – tons of lengthy con-style vids | ||
| NorthSec | lengthy con-style talks from an applied security conference in Canada | ||
| Pancake Nopcode | channel of Radare2 whiz Sergi | ||
| Psiinon | medium length instructional videos, for the OWASP Zed Attack Proxy | ||
| SJSU Infosec | handful of lengthy instructional videos from San Jose State university Infosec | ||
| Secappdev.org | tons of lengthy instructional lectures on Secure App Development | ||
| Security Fest | medium length con-style talks from a security festival in Sweden | ||
| SecurityTubeCons | an assortment of con-style talks from various cons including BlackHat and Shmoocon | ||
| ToorCon | handful of medium length con videos from con based in San Diego, CA | ||
| USENIX Enigma Conference | medium length | ||
| News | 黑客学习资源汇总 | ||
| Adrian Crenshaw | lots of lengthy con-style talks | ||
| Corey Nachreiner | security newsbites, 2.7K subscribers, 2-3 videos a week, no set schedule | ||
| BalCCon – Balkan Computer Congress | Long con-style talks from the Balkan Computer Congress, doesn’t update regularly | ||
| danooct1 | lots of brief screenshot, how-to vids regarding malware, regular content updates, 186K followerss | ||
| DedSec | lots of brief screenshot how-to vids based in Kali, no recent posts. | ||
| DEFCON Conference | lots of lengthy con-style vids from the iconical DEFCON | ||
| DemmSec | lots of pen testing vids, somewhat irregular uploads, 44K followers | ||
| Derek Rook – CTF/Boot2root/wargames Walkthrough | lots of lengthy screenshot instructional vids, with | ||
| Don Does 30 | amateur pen-tester posting lots of brief screenshot vids regularly, 9K Followers | ||
| Error 404 Cyber News | short screen-shot videos with loud metal, no dialog, bi-weekly | ||
| Geeks Fort – KIF | lots of brief screenshot vids, no recent posts | ||
| HackerSploit | regular posts, medium length screenshot vids, with dialog | ||
| HACKING TUTORIALS | handful of brief screenshot vids, no recent posts. | ||
| iExplo1t | lots of screenshot vids aimed at novices, 5.7K Followers, no recent posts | ||
| JackkTutorials | lots of medium length instructional vids with some AskMe vids from the youtuber | ||
| Latest Hacking News | 10K followers, medium length screenshot videos, no recent releases | ||
| LionSec | lots of brief screenshot instructional vids, no dialog | ||
| LiveOverflow | Lots of brief-to-medium isntructional vids, covering things like buffer overflwos and exploit writing, regular posts. | ||
| Metasploitation | lots of screenshot vids, little to no dialogue, all about using Metasploit, no recent vids. | ||
| NetSecNow | channel of pentesteruniversity.org, seems to post once a month, screenshot instructional vids | ||
| Open SecurityTraining | lots of lengthy lecture-style vids, no recent posts, but quality info. | ||
| Pentester Academy TV | lots of brief videos, very regular posting, up to +8 a week | ||
| Penetration Testing in Linux | DELETE | ||
| rwbnetsec | lots of medium length instructional videos covering tools from Kali 2.0, no recent posts. | ||
| Samy Kamkar’s Applied Hacking | brief to medium length instructional vids from the creator of PoisonTap for the Raspberry Pi Zero, no recent content, last updated in 2016 | ||
| SecureNinjaTV | brief news bites, irregular posting, 18K followers | ||
| Security Weekly | regular updates, lengthy podcast-style interviews with industry pros | ||
| Seytonic | variety of DIY hacking tutorials, hardware hacks, regular updates | ||
| Shozab Haxor | lots of screenshot style instructional vids, regular updates, windows CLI tutorial | ||
| SSTec Tutorials | lots of brief screenshot vids, regular updates | ||
| Tradecraft Security Weekly | Want to learn about all of the latest security tools and techniques? | ||
| Troy Hunt | lone youtuber, medium length news videos, 16K followers, regular content | ||
| Waleed Jutt | lots of brief screenshot vids covering web security and game programming | ||
| webpwnized | lots of brief screenshot vids, some CTF walkthroughs | ||
| Zer0Mem0ry | lots of brief c++ security videos, programming intensive | ||
| LionSec | lots of brief screenshot instructional vids, no dialog | ||
| Adrian Crenshaw | lots of lengthy con-style talks | ||
| HackerSploit | regular posts, medium length screenshot vids, with dialog | ||
| Derek Rook – CTF/Boot2root/wargames Walkthrough | lots of lengthy screenshot instructional vids, with | ||
| Tradecraft Security Weekly | Want to learn about all of the latest security tools and techniques? | ||
| IPPSec | Hackthebox.eu retired machine vulnerable machine walkthroughs to help you learn both basic and advanced processes and techniques | ||
Sharpening Your Skills 黑客学习资源汇总
| Name | Description |
|---|---|
| Backdoor | pen testing labs that have a space for beginners, a practice arena and various competitions, account required |
| The cryptopals crypto challenges | A bunch of CTF challenges, all focused on cryptography. |
| Challenge Land | Ctf site with a twist, no simple sign-up, you have to solve a challengeto even get that far! |
| Crackmes.de Archive (2011-2015) | a reverse engineering information Repo, started in 2003 |
| Crackmes.one | This is a simple place where you can download crackmes to improve your reverse engineering skills. |
| CTFLearn | an account-based ctf site, where users can go in and solve a range of challenges |
| CTFs write-ups | a collection of writeups from various CTFs, organized by |
| CTF365 | account based ctf site, awarded by Kaspersky, MIT, T-Mobile |
| The enigma group | web application security training, account based, video tutorials |
| Exploit exercises | hosts 5 fulnerable virtual machines for you to attack, no account required |
| Google CTF 2017 | Source code of Google 2017 CTF |
| Google CTF 2018 | 2018 edition of the Google CTF contest |
| Google’s XSS game | XSS challenges, and potentially a chance to get paid! |
| Hack The Box | Pen testing labs hosting over 39 vulnerable machines with two additional added every month |
| Hacker test | similar to |
| Hacker Gateway | ctfs covering steganography, cryptography, and web challengs, account required |
| Hacksplaining | a clickthrough security informational site, very good for beginners. |
| hackburger.ee | hosts a number of web hacking challenges, account required |
| Hack.me | lets you build/host/attack vulnerable web apps |
| Hack this site! | an oldy but goodie, account required, users start at low levels and progress in difficulty |
| knock.xss.moe | XSS challenges, account required. |
| Lin.security | Practice your Linux privilege escalation |
| noe.systems | Korean challenge site, requires an account |
| Over the wire | A CTF that’s based on progressive levels for each lab, the users SSH in, no account recquired |
| OWASP Security Shepherd | BROKEN AS OF 11/6 |
| Participating Challenge Sites | aims at creating a universal ranking for CTF participants |
| PentesterLab | hosts a variety of exercises as well as various |
| Pentestit | acocunt based CTF site, users have to install open VPN and get credentials |
| Pentest Practice | account based Pentest practice, free to sign up, but there’s also a pay-as-you-go feature |
| Pentest.training | lots of various labs/VMS for you to try and hack, registry is optional. |
| PicoCTF | CTF hosted by Carnegie Mellon, occurs yearly, account required. |
| pwnable.kr | Don’t let the cartoon characters fool you, this is a serious CTF site that will teach you a lot, account required |
| pwnable.tw | hosts 27 challenges accompanied with writeups, account required |
| Ringzer0 Team | an account based CTF site, hosting over 272 challenges |
| ROP Emporium | Return Oriented Programming challenges |
| SmashTheStack | hosts various challenges, similar to OverTheWire, users must SSH into the machines and progress in levels |
| Shellter Labs | account based infosec labs, they aim at making these activities social |
| Solve Me | |
| Vulnhub | site hosts a ton of different vulnerable Virtual Machine images, download and get hacking |
| websec.fr | Focused on web challenges, registration is optional. |
| webhacking.kr | lots of web security challenges are available, recommended for beginners. You need to solve a simple challenge to sign up. |
| Stereotyped Challenges | Challenges for web security professionals, account required. |
| Stripe CTF 2.0 | Past security contest where you can discover and exploit vulnerabilities in mock web applications. |
| Windows / Linux Local Privilege Escalation Workshop | Practice your Linux and Windows privilege escalation |
Reverse Engineering, Buffer Overflow and Exploit Development
| Name | Description |
|---|---|
| A Course on Intermediate Level Linux Exploitation | as the title says, this course isn’t for beginners |
| Analysis and exploitation (unprivileged) | huge collection of RE information, organized by type. |
| Binary hacking | 35 |
| Buffer Overflow Exploitation Megaprimer for Linux | Collection of Linux Rev. Engineering videos |
| Corelan tutorials | detailed tutorial, lots of good information about memory |
| Exploit tutorials | a series of 9 exploit tutorials,also features a podcast |
| Exploit development | links to the forum’s exploit dev posts, quality and post style will vary with each poster |
| flAWS challenge | Through a series of levels you’ll learn about common mistakes and gotchas when using Amazon Web Services (AWS). |
| Introduction to ARM Assembly Basics | tons of tutorials from infosec pro Azeria, follow her on twitter |
| Introductory Intel x86 | 63 days of OS class materials, 29 classes, 24 instructors, no account required |
| Lena’s Reversing for Newbies (Complete) | listing of a lengthy resource by Lena, aimed at being a course |
| Linux (x86) Exploit Development Series | blog post by sploitfun, has 3 different levels |
| Megabeets journey into Radare2 | one user’s radare2 tutorials |
| Modern Binary Exploitation – CSCI 4968 | RE challenges, you can download the files or download the VM created by RPISEC specifically for challenges, also links to their home page with tons of infosec lectures |
| Reverse Engineering for Beginners | huge textbook, created by Dennis Yurichev, open-source |
| Reverse engineering reading list | a github collection of RE tools and books |
| Reverse Engineering challenges | collection of challenges from the writer of RE for Beginners |
| Reverse Engineering for beginners (GitHub project) | github for the above 黑客学习资源汇总 |
| Reverse Engineering Malware 101 | intro course created by Malware Unicorn, complete with material and two VM’s |
| Reverse Engineering Malware 102 | the sequel to RE101 |
| reversing.kr challenges | reverse engineering challenges varying in difficulty |
| Shell storm | Blog style collection with organized info about Rev. Engineering. |
| Shellcode Injection | a blog entry from a grad student at SDS Labs |
Privilege Escalation 黑客学习资源汇总
| Name | Description |
|---|---|
| 4 Ways get linux privilege escalation | shows different examples of PE |
| A GUIDE TO LINUX PRIVILEGE ESCALATION | Basics of Linux privilege escalation |
| Abusing SUDO (Linux Privilege Escalation) | Abusing SUDO (Linux Privilege Escalation) |
| AutoLocalPrivilegeEscalation | automated scripts that downloads and compiles from exploitdb |
| Basic linux privilege escalation | basic linux exploitation, also covers Windows |
| Common Windows Privilege Escalation Vectors | Common Windows Privilege Escalation Vectors |
| Editing /etc/passwd File for Privilege Escalation | Editing /etc/passwd File for Privilege Escalation |
| Linux Privilege Escalation | Linux Privilege Escalation – Tradecraft Security Weekly (Video) |
| Linux Privilege Escalation Check Script | a simple linux PE check script |
| Linux Privilege Escalation Scripts | a list of PE checking scripts, some may have already been covered |
| Linux Privilege Escalation Using PATH Variable | Linux Privilege Escalation Using PATH Variable |
| Linux Privilege Escalation using Misconfigured NFS | Linux Privilege Escalation using Misconfigured NFS |
| Linux Privilege Escalation via Dynamically Linked Shared Object Library | How RPATH and Weak File Permissions can lead to a system compromise. |
| Local Linux Enumeration & Privilege Escalation Cheatsheet | good resources that could be compiled into a script |
| OSCP – Windows Priviledge Escalation | Common Windows Priviledge Escalation |
| Privilege escalation for Windows and Linux | covers a couple different exploits for Windows and Linux |
| Privilege escalation linux with live example | covers a couple common PE methods in linux |
| Reach the root | discusses a process for linux privilege exploitation |
| RootHelper | a tool that runs various enumeration scripts to check for privilege escalation |
| Unix privesc checker | a script that checks for PE vulnerabilities on a system |
| Windows exploits, mostly precompiled. | precompiled windows exploits, could be useful for reverse engineering too |
| Windows Privilege Escalation | collection of wiki pages covering Windows Privilege escalation |
| Windows Privilege Escalation | Notes on Windows Privilege Escalation |
| Windows privilege escalation checker | a list of topics that link to pentestlab.blog, all related to windows privilege escalation |
| Windows Privilege Escalation Fundamentals | collection of great info/tutorials, option to contribute to the creator through patreon, creator is an OSCP |
| Windows Privilege Escalation Guide | Windows Privilege Escalation Guide |
| Windows Privilege Escalation Methods for Pentesters | Windows Privilege Escalation Methods for Pentesters |
Malware Analysis 黑客学习资源汇总
| Name | Description |
|---|---|
| Malware traffic analysis | list of traffic analysis exercises |
| Malware Analysis – CSCI 4976 | another class from the folks at RPISEC, quality content |
| [Bad Binaries] (https://www.badbinaries.com/) | walkthrough documents of malware traffic analysis exercises and some occasional malware analysis. |
Network Scanning / Reconnaissance 黑客学习资源汇总
| Name | Description |
|---|---|
| Foot Printing with WhoIS/DNS records | a white paper from SANS |
| Google Dorks/Google Hacking | list of commands for google hacks, unleash the power of the world’s biggest search engine |
Vulnerable Web Application 黑客学习资源汇总
| Name | Description |
|---|---|
| bWAPP | common buggy web app for hacking, great for beginners, lots of documentation |
| Damn Small Vulnerable Web | written in less than 100 lines of code, this web app has tons of vulns, great for teaching |
| Damn Vulnerable Web Application (DVWA) | PHP/MySQL web app for testing skills and tools |
| Google Gruyere | host of challenges on this cheesy web app |
| OWASP Broken Web Applications Project | hosts a collection of broken web apps |
| OWASP Hackademic Challenges project | web hacking challenges |
| OWASP Mutillidae II | another OWASP vulnerable app, lots of documentation. |
| OWASP Juice Shop | covers the OWASP top 10 vulns |
| WebGoat: A deliberately insecure Web Application | maintained by OWASP and designed to to teach web app security |
Vulnerable OS 黑客学习资源汇总
| Name | Description |
|---|---|
| General Test Environment Guidance | white paper from the pros at rapid7 |
| Metasploitable2 (Linux) | vulnerable OS, great for practicing hacking |
| Metasploitable3 [Installation] | the third installation of this vulnerable OS |
| Vulnhub | collection of tons of different vulnerable OS and challenges |
Linux Penetration Testing OS 黑客学习资源汇总
| Name | Description |
|---|---|
| Android Tamer | Android Tamer is a Virtual / Live Platform for Android Security professionals. |
| BackBox | open source community project, promoting security in IT enivornments |
| BlackArch | Arch Linux based pentesting distro, compatible with Arch installs |
| Bugtraq | advanced GNU Linux pen-testing technology |
| Kali | the infamous pentesting distro from the folks at Offensive Security |
| LionSec Linux | pentesting OS based on Ubuntu |
| Parrot | Debian includes full portable lab for security, DFIR, and development |
Exploits 黑客学习资源汇总
| Name | Description |
|---|---|
| 0day.today | Easy to navigate database of exploits |
| Exploit Database | database of a wide variety exploits, CVE compliant archive |
| CXsecurity | Indie cybersecurity info managed by 1 person |
| Snyk Vulnerability DB | detailed info and remediation guidance for known vulns, also allows you to test your code |
Forums 黑客学习资源汇总
| Name | Description |
|---|---|
| 0x00sec | hacker, malware, computer engineering, Reverse engineering |
| Antichat | russian based forum |
| EAST Exploit database | exploit DB for commercial exploits written for EAST Pentest Framework |
| Greysec | hacking and security forum |
| Hackforums | posting webstite for hacks/exploits/various discussion |
Archived Security Conference Videos 黑客学习资源汇总
| Name | Description |
|---|---|
| InfoCon.org | hosts data from hundreds of cons |
| Irongeek | Website of Adrien Crenshaw, hosts a ton of info. |
Online Communities 黑客学习资源汇总
| Name 黑客学习资源汇总 | Description |
|---|---|
| Hacktoday | requires an account, covering all kinds of hacking topics |
| Hack+ | link requires telegram to be used |
| MPGH | community of MultiPlayerGameHacking |
Online News Sources
| Name | Description |
|---|---|
| InfoSec | covers all the latest infosec topics |
| Recent Hash Leaks | great place to lookup hashes |
| Security Intell | covers all kinds of news, great intelligence resources |
| Threatpost | covers all the latest threats and breaches |
| The Hacker News | features a daily stream of hack news, also has an app |