黑客学习资源汇总-渗透测试项目学习资料

黑客学习资源汇总-渗透测试项目学习资料

黑客学习资源汇总

黑客学习资源汇总

目录

学习的技巧 黑客学习资源汇总

姓名 描述
badbinaries.com 一个简单的质量文档和笔记opendir对各种安全议题充满恶意软件良好的演练交通分析和系统管理员的东西。
642计算机的安全:介绍的CS 学术内容,全学期的课程,包括指定的读物,为开发实例作业和GitHub的裁判。没有视频讲座。
百库 Coursera风格的网站,很多用户贡献的内容,要求,内容可由经验水平过滤
免费的网络安全培训 学术内容,8全课程从一个古怪的导师山姆的视频,链接的研究,该材料和其他推荐的培训/学习
免费的互动实验室的白帽子学院 32个实验室,易帐户登录在GitHub的凭据
Hak5 视频播客风格涵盖各种主题,有一个论坛,“Metasploit分钟”系列视频可能是有用的
学习计算机安全2.0开发进攻 博客式的教学,包括:幻灯片、视频、作业、讨论。无需登录。
思维导图 信息安全相关的Mind Maps
MIT OCW 6.858计算机系统安全 学术内容,精心组织,全学期的课程,包括指定的课外读物、讲座、录像、要求的实验室文件。
offensivecomputersecurity 学术内容,全学期的课程包括讲座视频与幻灯片和27指定阅读资料
OWASP 10大Web安全风险 免费课件,需要考虑
securitytube 管式的内容,“引物”视频,涵盖各种主题,现场没有可读的内容。
种子实验室 学术内容,条理清晰,具有实验室视频,任务,需要的代码文件,及推荐读物

YouTube频道 黑客学习资源汇总

姓名 描述
通过在安全0patch 一些视频,很短,具体到0patch
黑帽 会谈在黑帽会议在世界各地
christiaan008 主机的各种安全主题的各种视频,混乱
公司
Detectify 很短的视频,旨在展示如何使用detictify扫描仪
Hak5 看到Hak5以上
卡巴斯基实验室 卡巴斯基茂德很多网络安全,一些隐藏的宝石
Metasploit 中等长度的Metasploit演示收集,~ 25minutes各教学
ntop 网络监控,数据分析,教学
nvisium 一些nvisum茂德,少数教学系列导轨vulns和网络黑客
opennsm 网络分析,tcpdump很多的录像,教学,
OWASP 看到OWASP以上
rapid7 简短的视频,宣传和指导,~五分钟
简短的视频,访谈,讨论各种网络安全问题
段安全 宣传视频,非教学
socialengineerorg 播客风格、教学、冗长的内容~每1小时
Sonatype 随机视频很多,一个好的集群的DevOps相关内容,长度范围大,混乱
SophosLabs 很多简短的新闻式的内容,“七宗这罪”段注
Sourcefire 简短的视频内容覆盖了很多像僵尸网络的DDoS ~五分钟,
站X 一些简短的视频,杂乱无章,不定期的内容更新
SYNACK 随机型disorganized,新闻,视频,非教学
TippingPoint的Zero Day Initiative 非常简短的视频~ 30秒,有些教学
Tripwire公司 一些绊演示,和随机的新闻风格的视频,非教学
文森特耀 从一个黑客的视频部分,教学
会议 黑客学习资源汇总
44contv 总部位于伦敦的信息安全,漫长的教学视频
brucon Security Conference 安全和黑客会议基于B \比利时,冗长的instructinoal很多的录像
同时曼彻斯特 安全和黑客展立足Mancheseter,冗长的视频很多
bsidesaugusta 总部设在奥古斯塔,格鲁吉亚的安全,许多冗长的教学视频
carolinacon 总部在北卡罗莱纳的安全,各种2600章有关,冗长的教学内容很多
科特约翰逊 一些冗长的CON式会谈黑客安全opensec 2017
devseccon devsecops lenghty CON视频覆盖,使软件更安全
garage4hackers -信息安全 一些冗长的视频,有关部门缺乏描述
Hackaday 随机技术含量很多,没有严格的信息安全,一些教学
骇客安全大会 冗长的CON式教学对话从国际安全
黑客在巴黎 总部在巴黎的安全,教学对话的功能很多,它可以是很难看到。
hacklu 冗长的CON风格教学视频很多
Hacktivity 中/东欧和许多冗长的骗局式的教学视频
hardwear.io 冗长的骗局式的视频把,硬件黑客的重点
IEEE安全与隐私会议 从会议内容IEEE是一个美国的专业协会,他们还出版各种期刊
lascon 冗长的CON风格从奥斯丁举行会谈,OWASP TX
马库斯niemietz 教学内容丰富,与hackpra,从德国的一所攻击的安全课程
media.ccc.de 的混沌计算机俱乐部的官方渠道,由CCC VOC -冗长的CON式视频吨
northsec 冗长的CON式会谈从应用安全会议在加拿大举行
煎饼nopcode 对radare2专家Sergi“煎饼”的阿尔瓦雷斯海峡,逆向工程的内容
psiinon 中等长度的教学视频,为OWASP Zed攻击代理
州立圣何塞大学信息安全 圣何塞州立大学信息安全教学视频把冗长的
secappdev.org 冗长的教学讲座安全应用开发吨
安全节 中等长度的控制方式从安全节在瑞典会谈
securitytubecons 欺诈式会谈从各种缺点包括黑帽和shmoocon分类
toorcon 中等长度的handful of based in的视频与来自圣地亚哥,CA
USENIX会议之谜 中等长度的“圆桌讨论与领先的专家”,内容开始于2016年
新闻 黑客学习资源汇总 黑客学习资源汇总
阿德里安克伦肖 冗长的CON式会谈很多
科里Nachreiner 安全NewsBites,2.7k订户,每周2-3视频,没有设定时间表
巴尔康-巴尔干计算机大会 长期欺骗式会谈从巴尔干计算机大会,不定期更新
danooct1 简单的截图很多,入门视频关于恶意软件,定期的内容更新,186k followerss
dedsec 简短的视频截图如何立足Kali的地段,没有最近的帖子。
Defcon会议 从象形DEFCON很多冗长的CON式视频
demmsec 笔测试视频很多,有点不规则的上传,44k追随者
德里克车- CTF / boot2root /兵棋演练 冗长的截图教学视频很多,有
Don 30 业余笔发布简短视频截图经常很多,9k追随者
错误404网络新闻 短镜头视频用响亮的金属,没有对话,双周刊
极客堡-如果 简单的截图作品很多,没有新的文章
hackersploit 定期的岗位,中等长度的视频截图,对话框
黑客教程 简短的视频部分截图,没有最近的帖子。
iexplo1t 很多视频截图针对新手,5.7k追随者,没有最近的帖子
jackktutorials 从Youtube网友一些问我视频中长很多教学视频
最新的黑客新闻 10k追随者,中等长度的视频截图,视频,最近没有发布
lionsec 短暂的教学视频截图很多,没有对话
liveoverflow 简短的视频中isntructional地段,占地之类的缓冲overflwos开拓写作,定期的岗位。
metasploitation 视频截图很多,几乎没有对话,所有关于使用Metasploit的,没有最近的视频。
netsecnow 通道pentesteruniversity.org,似乎后一个月一次,教学视频截图
打开securitytraining 冗长的说教式的作品很多,没有新的日志,但质量信息。
pentester电视学院 简短的视频很多,很有规律的发布,到8个星期
在Linux的渗透测试 删除
rwbnetsec 中等长度的教学视频,涵盖了从卡利2工具很多,没有新的文章。
Samy Kamkar的应用黑客 简短的中等长度的教学视频从poisontap造物主Raspberry Pi的零,没有新的内容,最后更新2016
secureninjatv 简短的新闻口,不规则的发布,18k追随者
安全周刊 定期更新,漫长的播客风格采访了业内专家
seytonic 各种DIY硬件黑客,黑客教程,定期更新
shozab haxor 大量的截图方式教学视频,定期更新,Windows的CLI教程
公司教程 简短的视频截图很多,定期更新
谍报安全周刊 想了解所有最新的安全工具和技术?
特洛伊亨特 孤独的YouTuber,中等长度的新闻视频,16k追随者,常规的内容
瓦利德jutt 很多简单的截屏视频覆盖网络安全和游戏编程
webpwnized 简单的截图作品很多,有些CTF演练
zer0mem0ry 简短的C安全很多的录像,编程密集
lionsec 短暂的教学视频截图很多,没有对话
阿德里安克伦肖 冗长的CON式会谈很多
hackersploit 定期的岗位,中等长度的视频截图,对话框
德里克车- CTF / boot2root /兵棋演练 冗长的截图教学视频很多,有
谍报安全周刊 想了解所有最新的安全工具和技术?
ippsec hackthebox.eu退休机易损机演练来帮助你学习基本的和先进的工艺和技术

锐化你的技能

姓名 描述
后门 笔测试实验室,有一个空间的初学者,一个实践的舞台和各种比赛,账户需要
的cryptopals加密的挑战 一群CTF的挑战,都集中在密码。
挑战的土地 一个扭曲的CTF的网站,没有一个简单的注册,你必须解决的一个挑战,即使走那么远!
crackmes.de archive(2015年) 反向工程信息回购,开始在2003
crackmes.one 这是一个简单的地方,你可以下载crackmes提高逆向工程技能。
ctflearn 基于CTF网站账户,用户可以在解决一系列挑战
ctfs写-不间断电源 从各种CTF集合writeups,主办
ctf365 基于CTF网站账户,由卡巴斯基,麻省理工学院颁发,T-Mobile
谜组 Web应用程序安全性的培训,基于账户的,视频教程
利用练习 5 fulnerable主机虚拟机你攻击,不考虑所需
谷歌CTF 2017 谷歌2017 CTF的源代码
谷歌CTF 2018 2018版的谷歌CTF比赛
谷歌的XSS的游戏 XSS的挑战和潜在的机会得到报酬!
黑盒子 笔测试实验室举办超过39易受攻击的机器有两个额外的每月新增
黑客测试 类似于“hackthissite”,没有考虑要求。
黑客网关 CTFS覆盖隐藏密码,和网络的挑战,客户要求
hacksplaining 点击安全信息网站,对初学者很好。
hackburger.ee 拥有一大批网络黑客的挑战,客户要求
hack.me 让你建立/主机/攻击脆弱的Web应用程序
黑客网站! 一个老人但糖果,帐户,用户开始在低水平和进展困难
knock.xss.moe XSS的挑战,客户的要求。
lin.security 实践你的escalation Linux权限
noe.systems 韩国的挑战网站,需要一个帐户
在导线 CTF是基于每个实验室的递进层次,用户的SSH,没有考虑recquired
OWASP安全的牧羊人 截至11月6断
参与挑战的网站 旨在创造CTF参与者普遍排名
pentesterlab 举办各种活动以及各种各样的“新兵训练营”,专注于特定的活动
pentestit 时间的CTF的网站,用户必须安装Open VPN并获得证书
渗透测试实践 基于渗透测试实践,自由报名,但也有付费的特征
pentest.training 你试图破解各种实验室/ VMS的地段,注册是可选的。
picoctf CTF的卡耐基-梅隆大学,每年举办时,账户需要。
pwnable.kr 不要让卡通人物愚弄你,这是一个严重的CTF的网站,会教你很多,客户要求
pwnable.tw 主机27的挑战伴随writeups,账户需要
ringzer0团队 基于CTF网站账户,托管超过272的挑战
ROP商场 返回导向编程的挑战
smashthestack 主机的各种挑战,类似于overthewire,用户必须ssh到机器和进步水平
shellter实验室 基于信息安全实验室,他们的目标是使这些社会活动
解决我 “另一个挑战”,客户要求。
vulnhub 网站提供大量不同的脆弱的虚拟机映像,下载并让黑客
websec.fr 专注于网站的挑战,注册是可选的。
webhacking.kr 网络安全挑战,很多都是可用的,建议初学者。你需要解决注册一个简单的挑战。
千篇一律的挑战 网络安全专家的挑战,客户要求。
缟CTF 2.0 过去的安全竞赛,你可以发现和利用模拟的Web应用程序的漏洞。
Windows / Linux本地权限提升车间 实践你的Linux和Windows特权升级

逆向工程,缓冲区溢出和开发利用

姓名 描述
对中级水平的Linux开发过程 正如标题所说,本课程不适合初学者
分析和开发(特权) 巨大的收集信息,组织类型。
二进制的黑客 35“没有废话”二进制视频以及其他信息
缓冲区溢出的Linux开发引物 Linux启收。工程视频
Corelan教程 详细的教程,关于记忆的很多很好的信息
开发教程 一系列的9开发教程,还设有一个播客
开发利用 对论坛的利用开发文章的链接,质量和后期的风格将每个海报有所不同
缺陷的挑战 通过一系列的水平,你将了解常见的错误和陷阱在使用亚马逊网络服务(AWS)。
以ARM汇编基础知识介绍 从信息安全专业azeria教程吨,在推特跟着她
Introductory Intel x86 63天的OS类材料,29班,24教师,没有帐户所需
莱娜的倒车新手(完成) 在莱娜漫长的上市资源,针对课程
Linux(x86)开发系列 通过sploitfun博客后,有3个不同的层次
megabeets旅程进入radare2 一个用户的radare2教程
现代二进制开发CSCI 4968 重新挑战,你可以下载文件或下载虚拟机创建的rpisec专门为挑战,并链接到他们的主页,信息安全讲座吨
初学者的逆向工程 巨大的教材,由Dennis Yurichev创造的、开源的
逆向工程的阅读清单 一个再工具书GitHub的收集
逆向工程的挑战 从重新初学者的作家挑战收藏
初学者的逆向工程(GitHub项目) 对于上述GitHub
逆向工程恶意软件101 介绍了恶意软件的独角兽创建,完成材料和两个VM的
逆向工程恶意软件102 re101续集to the
reversing.kr挑战 逆向工程的挑战不同的困难
壳的风暴 博客风格的收集与组织信息启。工程
Shellcode注射液 博客从一个毕业生在SDS实验室

escalation特权  黑客学习资源汇总

姓名 描述
4种方式让Linux escalation特权 显示PE不同的例子
指南escalation Linux的特权 Linux权限提升的基础
滥用sudo(Linux特权升级) 滥用sudo(Linux特权升级)
autolocalprivilegeescalation 自动化脚本下载和编译exploitdb
基本的Linux escalation权限 基本的Linux开发,也包括Windows
常见的Windows权限提升的载体 常见的Windows权限提升的载体
编辑/etc/passwd文件特权升级 编辑/etc/passwd文件特权升级
escalation Linux权限 Linux权限提升–谍报安全周刊(视频)
Linux的特权escalation检查脚本 基于Linux的简单检查脚本
Linux的特权escalation脚本 一列PE检查脚本,有些可能已经覆盖
Linux权限升级使用路径变量 Linux权限升级使用路径变量
Linux权限升级使用配置NFS Linux权限升级使用配置NFS
Linux权限升级通过动态链接的共享库 多路径和弱文件权限会导致系统的妥协。
本地Linux枚举和特权升级列表 可以编译成一个剧本的好资源
示波器- Windows特权升级 常见的Windows特权升级
escalation特权为Windows和Linux 涵盖了Windows和Linux两个不同的漏洞
特权升级Linux举例 包括Linux几个普通PE方法
达到根 讨论了Linux的开发过程的特权
roothelper 一个工具,运行各种枚举脚本检查特权升级
UNIX privesc检查器 一个脚本,在系统漏洞检查PE
Windows的漏洞,主要是预编译。 预编译的Windows漏洞,可以用于逆向工程太
Windows escalation特权 wiki页面覆盖Windows特权升级收集
Windows escalation特权 在Windows特权升级说明
Windows特权升级检查 一个主题列表,链接到pentestlab.blog,所有Windows特权升级相关
escalation基础Windows权限 重要的信息/教程收集,选择通过Patreon贡献的创造者,创造者是一个示波器
Windows特权escalation指南 Windows特权escalation指南
Windows特权升级方法者 Windows特权升级方法者

恶意软件分析 黑客学习资源汇总

姓名 描述
恶意软件的流量分析 流量分析表练习
恶意软件分析- CSCI 4976 另一个班在rpisec乡亲,高质量的内容
[坏](二进制文件https://www.badbinaries.com/ 恶意软件的流量分析习题演练文件和一些偶尔的恶意软件分析。

网络扫描/识别  黑客学习资源汇总

姓名 描述
足印的WHOIS和DNS记录 从SANS白皮书
谷歌/谷歌的黑客们 谷歌黑客命令列表,释放出世界上最大的搜索引擎的力量

脆弱的Web应用程序  黑客学习资源汇总

姓名 描述
bwapp 黑客常用车的Web应用程序,非常适合初学者,很多文件
该死的脆弱的小网站 用不到100行代码,这个Web应用程序有吨的vulns,伟大的教学
该死的脆弱的Web应用(DVWA) PHP / MySQL的Web应用程序测试工具和技巧
谷歌的格里尔 挑战这个俗气的Web应用程序的主机
OWASP破碎的Web应用程序项目 主机收集破碎的Web应用程序
OWASP hackademic挑战项目 网络黑客的挑战
OWASP Mutillidae II 另一个OWASP脆弱的应用程序,很多文件。
OWASP果汁店 包括OWASP Top 10 vulns
WebGoat:故意不安全的Web应用 由OWASP和设计给Web应用程序的安全性

脆弱的操作系统  黑客学习资源汇总

姓名 描述
一般的测试环境的指导 从专业人士在Rapid7白皮书
metasploitable2(Linux) 脆弱的操作系统,非常适合练习黑客
metasploitable3安装] 这个脆弱的操作系统的安装第三
vulnhub 对不同弱势OS和挑战吨收集

Linux操作系统的渗透测试

姓名 描述
Android的驯兽师 Android的驯兽师是一个虚拟的生活平台Android安全专家。
配电箱 开源社区项目,促进安全在这enivornments
blackarch 基于Linux的发行版拱渗透测试,兼容拱安装
BugTraq 先进的GNU Linux笔测试技术
卡莉 臭名昭著的渗透测试发行版从乡亲们进攻安全
lionsec Linux pentesting based on Ubuntu操作系统
鹦鹉 Debian包括安全、完整的便携式实验室DFIR,发展

利用  黑客学习资源汇总

姓名 描述
0day.today 易于导航数据库的利用
数据库的开发 各种各样的CVE标准漏洞数据库,档案
cxsecurity 独立的信息管理由1人。
snyk漏洞数据库 详细信息和已知的漏洞时修复的指导,也可以让你测试你的代码

论坛  黑客学习资源汇总

姓名 描述
0x00sec 黑客、恶意软件、计算机工程、逆向工程
antichat 俄罗斯的论坛
东开发数据库 利用DB商业利用渗透测试框架写的东
greysec 黑客和安全论坛
HackForums 发布黑客/攻击/讨论伺

存档的安全会议视频  黑客学习资源汇总

姓名 描述
infocon.org 从数百个缺点主机数据
irongeek Adrien Crenshaw官方网站,主机一吨的信息。

在线社区 黑客学习资源汇总

姓名 描述
hacktoday 需要一个账户,涵盖各类黑客的话题
乱劈 链接需要电报被使用
mpgh multiplayergamehacking社区大学

在线新闻来源

姓名 描述
信息安全 涵盖了所有最新的信息安全问题
最近的哈希漏洞 好地方散列查找
安全智能 涵盖各类新闻,伟大的智力资源
Threatpost 涵盖了所有最新的威胁和漏洞
黑客新闻 具有日常流黑客新闻,也有一个应用程序

英文版本(原版)———-黑客学习资源汇总

Awesome Hacking Resources

A collection of hacking / penetration testing resources to make you better!

Let’s make it the biggest resource repository for our community.

You are welcome to fork and contribute.

We started a new tools list, come and contribute

Table of Contents  黑客学习资源汇总

Learning the Skills 黑客学习资源汇总

Name Description
BadBinaries.com a simple opendir full of quality docs and notes on a variety of security topics; good walkthroughs on malware trafic analysis and sysadmin stuff.
CS 642: Intro to Computer Security academic content, full semester course, includes assigned readings, homework and github refs for exploit examples. NO VIDEO LECTURES.
Cybrary coursera style website, lots of user-contributed content, account required, content can be filtered by experience level
Free cyber security training Academic content, 8 full courses with videos from a quirky instructor sam, links to research, defcon materials and other recommended training/learning
Free interactive labs with White Hat Academy 32 labs, easy account sign in with github credentials
Hak5 podcast-style videos covering various topics, has a forum,
Learning Exploitation with Offensive Computer Security 2.0 blog-style instruction, includes: slides, videos, homework, discussion. No login required.
Mind Maps Information Security related Mind Maps
MIT OCW 6.858 Computer Systems Security academic content, well organized, full-semester course, includes assigned readings, lectures, videos, required lab files.
OffensiveComputerSecurity academic content, full semester course including 27 lecture videos with slides and assign readings
OWASP top 10 web security risks free courseware, requires account
SecurityTube tube-styled content,
Seed Labs academic content, well organized, featuring lab videos, tasks, needed code files, and recommended readings

YouTube Channels 黑客学习资源汇总

Name Description
0patch by ACROS Security few videos, very short, specific to 0patch
BlackHat features talks from the BlackHat conferences around the world
Christiaan008 hosts a variety of videos on various security topics, disorganized
Companies 黑客学习资源汇总
Detectify very short videos, aimed at showing how to use Detictify scanner
Hak5 see Hak5 above
Kaspersky Lab lots of Kaspersky promos, some hidden cybersecurity gems
Metasploit collection of medium length metasploit demos, ~25minutes each, instructional
ntop network monitoring, packet analysis, instructional
nVisium Some nVisum promos, a handful of instructional series on Rails vulns and web hacking
OpenNSM network analysis, lots of TCPDUMP videos, instructional,
OWASP see OWASP above
Rapid7 brief videos, promotional/instructional, ~ 5 minutes
Securelist brief videos, interviews discussing various cyber security topics
Segment Security promo videos, non-instructional
SocialEngineerOrg podcast-style, instructional, lengthy content ~1 hr each
Sonatype lots of random videos, a good cluster of DevOps related content, large range of lengths, disorganized
SophosLabs lots of brief, news-style content,
Sourcefire lots of brief videos covering topics like botnets, DDoS ~5 minutes each
Station X handful of brief videos, disorganized, unscheduled content updates
Synack random, news-style videos, disorganized, non-instructional
TippingPoint Zero Day Initiative very brief videos ~30 sec, somewhat instructional
Tripwire, Inc. some tripwire demos, and random news-style videos, non-instructional
Vincent Yiu handful of videos from a single hacker, instructional
Conferences 黑客学习资源汇总
44contv information security con based in London, lengthy instructional videos
BruCON Security Conference security and hacker conference based in b\Belgium, lots of lengthy instructinoal videos
BSides Manchester security and hacker con based in Mancheseter, lots of lengthy videos
BSidesAugusta security con based in Augusta, Georgia, lots of lengthy instructional videos
CarolinaCon security con based in North Carolina, associated with various 2600 chapters, lots of lengthy instructional content
Cort Johnson a handful of lengthy con-style talks from Hack Secure Opensec 2017
DevSecCon lenghty con videos covering DevSecOps, making software more secure
Garage4Hackers – Information Security a handful of lengthy videos, About section lacks description
HACKADAY lots of random tech content, not strictly infosec, some instructional
Hack In The Box Security Conference lengthy con-style instructional talks from an international security con
Hack in Paris security con based in paris, features lots of instructional talks, slides can be difficult to see.
Hacklu lots of lengthy con-style instructional videos
Hacktivity lots of lengthy con-style instructional videos from a con in central/eastern europe
Hardwear.io handful of lengthy con-style video, emphasis on hardware hacks
IEEE Symposium on Security and Privacy content from the symposium; IEEE is a professional association based in the us, they also publish various journals
LASCON lengthy con-style talks from an OWASP con held in Austin, TX
Marcus Niemietz lots of instructional content, associated with HACKPRA, an offensive security course from an institute in Germany
Media.ccc.de The real official channel of the chaos computer club, operated by the CCC VOC – tons of lengthy con-style vids
NorthSec lengthy con-style talks from an applied security conference in Canada
Pancake Nopcode channel of Radare2 whiz Sergi
Psiinon medium length instructional videos, for the OWASP Zed Attack Proxy
SJSU Infosec handful of lengthy instructional videos from San Jose State university Infosec
Secappdev.org tons of lengthy instructional lectures on Secure App Development
Security Fest medium length con-style talks from a security festival in Sweden
SecurityTubeCons an assortment of con-style talks from various cons including BlackHat and Shmoocon
ToorCon handful of medium length con videos from con based in San Diego, CA
USENIX Enigma Conference medium length
News 黑客学习资源汇总
Adrian Crenshaw lots of lengthy con-style talks
Corey Nachreiner security newsbites, 2.7K subscribers, 2-3 videos a week, no set schedule
BalCCon – Balkan Computer Congress Long con-style talks from the Balkan Computer Congress, doesn’t update regularly
danooct1 lots of brief screenshot, how-to vids regarding malware, regular content updates, 186K followerss
DedSec lots of brief screenshot how-to vids based in Kali, no recent posts.
DEFCON Conference lots of lengthy con-style vids from the iconical DEFCON
DemmSec lots of pen testing vids, somewhat irregular uploads, 44K followers
Derek Rook – CTF/Boot2root/wargames Walkthrough lots of lengthy screenshot instructional vids, with
Don Does 30 amateur pen-tester posting lots of brief screenshot vids regularly, 9K Followers
Error 404 Cyber News short screen-shot videos with loud metal, no dialog, bi-weekly
Geeks Fort – KIF lots of brief screenshot vids, no recent posts
HackerSploit regular posts, medium length screenshot vids, with dialog
HACKING TUTORIALS handful of brief screenshot vids, no recent posts.
iExplo1t lots of screenshot vids aimed at novices, 5.7K Followers, no recent posts
JackkTutorials lots of medium length instructional vids with some AskMe vids from the youtuber
Latest Hacking News 10K followers, medium length screenshot videos, no recent releases
LionSec lots of brief screenshot instructional vids, no dialog
LiveOverflow Lots of brief-to-medium isntructional vids, covering things like buffer overflwos and exploit writing, regular posts.
Metasploitation lots of screenshot vids, little to no dialogue, all about using Metasploit, no recent vids.
NetSecNow channel of pentesteruniversity.org, seems to post once a month, screenshot instructional vids
Open SecurityTraining lots of lengthy lecture-style vids, no recent posts, but quality info.
Pentester Academy TV lots of brief videos, very regular posting, up to +8 a week
Penetration Testing in Linux DELETE
rwbnetsec lots of medium length instructional videos covering tools from Kali 2.0, no recent posts.
Samy Kamkar’s Applied Hacking brief to medium length instructional vids from the creator of PoisonTap for the Raspberry Pi Zero, no recent content, last updated in 2016
SecureNinjaTV brief news bites, irregular posting, 18K followers
Security Weekly regular updates, lengthy podcast-style interviews with industry pros
Seytonic variety of DIY hacking tutorials, hardware hacks, regular updates
Shozab Haxor lots of screenshot style instructional vids, regular updates, windows CLI tutorial
SSTec Tutorials lots of brief screenshot vids, regular updates
Tradecraft Security Weekly Want to learn about all of the latest security tools and techniques?
Troy Hunt lone youtuber, medium length news videos, 16K followers, regular content
Waleed Jutt lots of brief screenshot vids covering web security and game programming
webpwnized lots of brief screenshot vids, some CTF walkthroughs
Zer0Mem0ry lots of brief c++ security videos, programming intensive
LionSec lots of brief screenshot instructional vids, no dialog
Adrian Crenshaw lots of lengthy con-style talks
HackerSploit regular posts, medium length screenshot vids, with dialog
Derek Rook – CTF/Boot2root/wargames Walkthrough lots of lengthy screenshot instructional vids, with
Tradecraft Security Weekly Want to learn about all of the latest security tools and techniques?
IPPSec Hackthebox.eu retired machine vulnerable machine walkthroughs to help you learn both basic and advanced processes and techniques

Sharpening Your Skills 黑客学习资源汇总

Name Description
Backdoor pen testing labs that have a space for beginners, a practice arena and various competitions, account required
The cryptopals crypto challenges A bunch of CTF challenges, all focused on cryptography.
Challenge Land Ctf site with a twist, no simple sign-up, you have to solve a challengeto even get that far!
Crackmes.de Archive (2011-2015) a reverse engineering information Repo, started in 2003
Crackmes.one This is a simple place where you can download crackmes to improve your reverse engineering skills.
CTFLearn an account-based ctf site, where users can go in and solve a range of challenges
CTFs write-ups a collection of writeups from various CTFs, organized by
CTF365 account based ctf site, awarded by Kaspersky, MIT, T-Mobile
The enigma group web application security training, account based, video tutorials
Exploit exercises hosts 5 fulnerable virtual machines for you to attack, no account required
Google CTF 2017 Source code of Google 2017 CTF
Google CTF 2018 2018 edition of the Google CTF contest
Google’s XSS game XSS challenges, and potentially a chance to get paid!
Hack The Box Pen testing labs hosting over 39 vulnerable machines with two additional added every month
Hacker test similar to
Hacker Gateway ctfs covering steganography, cryptography, and web challengs, account required
Hacksplaining a clickthrough security informational site, very good for beginners.
hackburger.ee hosts a number of web hacking challenges, account required
Hack.me lets you build/host/attack vulnerable web apps
Hack this site! an oldy but goodie, account required, users start at low levels and progress in difficulty
knock.xss.moe XSS challenges, account required.
Lin.security Practice your Linux privilege escalation
noe.systems Korean challenge site, requires an account
Over the wire A CTF that’s based on progressive levels for each lab, the users SSH in, no account recquired
OWASP Security Shepherd BROKEN AS OF 11/6
Participating Challenge Sites aims at creating a universal ranking for CTF participants
PentesterLab hosts a variety of exercises as well as various
Pentestit acocunt based CTF site, users have to install open VPN and get credentials
Pentest Practice account based Pentest practice, free to sign up, but there’s also a pay-as-you-go feature
Pentest.training lots of various labs/VMS for you to try and hack, registry is optional.
PicoCTF CTF hosted by Carnegie Mellon, occurs yearly, account required.
pwnable.kr Don’t let the cartoon characters fool you, this is a serious CTF site that will teach you a lot, account required
pwnable.tw hosts 27 challenges accompanied with writeups, account required
Ringzer0 Team an account based CTF site, hosting over 272 challenges
ROP Emporium Return Oriented Programming challenges
SmashTheStack hosts various challenges, similar to OverTheWire, users must SSH into the machines and progress in levels
Shellter Labs account based infosec labs, they aim at making these activities social
Solve Me
Vulnhub site hosts a ton of different vulnerable Virtual Machine images, download and get hacking
websec.fr Focused on web challenges, registration is optional.
webhacking.kr lots of web security challenges are available, recommended for beginners. You need to solve a simple challenge to sign up.
Stereotyped Challenges Challenges for web security professionals, account required.
Stripe CTF 2.0 Past security contest where you can discover and exploit vulnerabilities in mock web applications.
Windows / Linux Local Privilege Escalation Workshop Practice your Linux and Windows privilege escalation

Reverse Engineering, Buffer Overflow and Exploit Development

Name Description
A Course on Intermediate Level Linux Exploitation as the title says, this course isn’t for beginners
Analysis and exploitation (unprivileged) huge collection of RE information, organized by type.
Binary hacking 35
Buffer Overflow Exploitation Megaprimer for Linux Collection of Linux Rev. Engineering videos
Corelan tutorials detailed tutorial, lots of good information about memory
Exploit tutorials a series of 9 exploit tutorials,also features a podcast
Exploit development links to the forum’s exploit dev posts, quality and post style will vary with each poster
flAWS challenge Through a series of levels you’ll learn about common mistakes and gotchas when using Amazon Web Services (AWS).
Introduction to ARM Assembly Basics tons of tutorials from infosec pro Azeria, follow her on twitter
Introductory Intel x86 63 days of OS class materials, 29 classes, 24 instructors, no account required
Lena’s Reversing for Newbies (Complete) listing of a lengthy resource by Lena, aimed at being a course
Linux (x86) Exploit Development Series blog post by sploitfun, has 3 different levels
Megabeets journey into Radare2 one user’s radare2 tutorials
Modern Binary Exploitation – CSCI 4968 RE challenges, you can download the files or download the VM created by RPISEC specifically for challenges, also links to their home page with tons of infosec lectures
Reverse Engineering for Beginners huge textbook, created by Dennis Yurichev, open-source
Reverse engineering reading list a github collection of RE tools and books
Reverse Engineering challenges collection of challenges from the writer of RE for Beginners
Reverse Engineering for beginners (GitHub project) github for the above 黑客学习资源汇总
Reverse Engineering Malware 101 intro course created by Malware Unicorn, complete with material and two VM’s
Reverse Engineering Malware 102 the sequel to RE101
reversing.kr challenges reverse engineering challenges varying in difficulty
Shell storm Blog style collection with organized info about Rev. Engineering.
Shellcode Injection a blog entry from a grad student at SDS Labs

Privilege Escalation 黑客学习资源汇总

Name Description
4 Ways get linux privilege escalation shows different examples of PE
A GUIDE TO LINUX PRIVILEGE ESCALATION Basics of Linux privilege escalation
Abusing SUDO (Linux Privilege Escalation) Abusing SUDO (Linux Privilege Escalation)
AutoLocalPrivilegeEscalation automated scripts that downloads and compiles from exploitdb
Basic linux privilege escalation basic linux exploitation, also covers Windows
Common Windows Privilege Escalation Vectors Common Windows Privilege Escalation Vectors
Editing /etc/passwd File for Privilege Escalation Editing /etc/passwd File for Privilege Escalation
Linux Privilege Escalation Linux Privilege Escalation – Tradecraft Security Weekly (Video)
Linux Privilege Escalation Check Script a simple linux PE check script
Linux Privilege Escalation Scripts a list of PE checking scripts, some may have already been covered
Linux Privilege Escalation Using PATH Variable Linux Privilege Escalation Using PATH Variable
Linux Privilege Escalation using Misconfigured NFS Linux Privilege Escalation using Misconfigured NFS
Linux Privilege Escalation via Dynamically Linked Shared Object Library How RPATH and Weak File Permissions can lead to a system compromise.
Local Linux Enumeration & Privilege Escalation Cheatsheet good resources that could be compiled into a script
OSCP – Windows Priviledge Escalation Common Windows Priviledge Escalation
Privilege escalation for Windows and Linux covers a couple different exploits for Windows and Linux
Privilege escalation linux with live example covers a couple common PE methods in linux
Reach the root discusses a process for linux privilege exploitation
RootHelper a tool that runs various enumeration scripts to check for privilege escalation
Unix privesc checker a script that checks for PE vulnerabilities on a system
Windows exploits, mostly precompiled. precompiled windows exploits, could be useful for reverse engineering too
Windows Privilege Escalation collection of wiki pages covering Windows Privilege escalation
Windows Privilege Escalation Notes on Windows Privilege Escalation
Windows privilege escalation checker a list of topics that link to pentestlab.blog, all related to windows privilege escalation
Windows Privilege Escalation Fundamentals collection of great info/tutorials, option to contribute to the creator through patreon, creator is an OSCP
Windows Privilege Escalation Guide Windows Privilege Escalation Guide
Windows Privilege Escalation Methods for Pentesters Windows Privilege Escalation Methods for Pentesters

Malware Analysis 黑客学习资源汇总

Name Description
Malware traffic analysis list of traffic analysis exercises
Malware Analysis – CSCI 4976 another class from the folks at RPISEC, quality content
[Bad Binaries] (https://www.badbinaries.com/) walkthrough documents of malware traffic analysis exercises and some occasional malware analysis.

Network Scanning / Reconnaissance 黑客学习资源汇总

Name Description
Foot Printing with WhoIS/DNS records a white paper from SANS
Google Dorks/Google Hacking list of commands for google hacks, unleash the power of the world’s biggest search engine

Vulnerable Web Application 黑客学习资源汇总

Name Description
bWAPP common buggy web app for hacking, great for beginners, lots of documentation
Damn Small Vulnerable Web written in less than 100 lines of code, this web app has tons of vulns, great for teaching
Damn Vulnerable Web Application (DVWA) PHP/MySQL web app for testing skills and tools
Google Gruyere host of challenges on this cheesy web app
OWASP Broken Web Applications Project hosts a collection of broken web apps
OWASP Hackademic Challenges project web hacking challenges
OWASP Mutillidae II another OWASP vulnerable app, lots of documentation.
OWASP Juice Shop covers the OWASP top 10 vulns
WebGoat: A deliberately insecure Web Application maintained by OWASP and designed to to teach web app security

Vulnerable OS 黑客学习资源汇总

Name Description
General Test Environment Guidance white paper from the pros at rapid7
Metasploitable2 (Linux) vulnerable OS, great for practicing hacking
Metasploitable3 [Installation] the third installation of this vulnerable OS
Vulnhub collection of tons of different vulnerable OS and challenges

Linux Penetration Testing OS 黑客学习资源汇总

Name Description
Android Tamer Android Tamer is a Virtual / Live Platform for Android Security professionals.
BackBox open source community project, promoting security in IT enivornments
BlackArch Arch Linux based pentesting distro, compatible with Arch installs
Bugtraq advanced GNU Linux pen-testing technology
Kali the infamous pentesting distro from the folks at Offensive Security
LionSec Linux pentesting OS based on Ubuntu
Parrot Debian includes full portable lab for security, DFIR, and development

Exploits 黑客学习资源汇总

Name Description
0day.today Easy to navigate database of exploits
Exploit Database database of a wide variety exploits, CVE compliant archive
CXsecurity Indie cybersecurity info managed by 1 person
Snyk Vulnerability DB detailed info and remediation guidance for known vulns, also allows you to test your code

Forums 黑客学习资源汇总

Name Description
0x00sec hacker, malware, computer engineering, Reverse engineering
Antichat russian based forum
EAST Exploit database exploit DB for commercial exploits written for EAST Pentest Framework
Greysec hacking and security forum
Hackforums posting webstite for hacks/exploits/various discussion

Archived Security Conference Videos 黑客学习资源汇总

Name Description
InfoCon.org hosts data from hundreds of cons
Irongeek Website of Adrien Crenshaw, hosts a ton of info.

Online Communities 黑客学习资源汇总

Name 黑客学习资源汇总 Description
Hacktoday requires an account, covering all kinds of hacking topics
Hack+ link requires telegram to be used
MPGH community of MultiPlayerGameHacking

Online News Sources

Name Description
InfoSec covers all the latest infosec topics
Recent Hash Leaks great place to lookup hashes
Security Intell covers all kinds of news, great intelligence resources
Threatpost covers all the latest threats and breaches
The Hacker News features a daily stream of hack news, also has an app