General 📚

CTFs

• What is CTF? - A video by LiveOverFlow introducing the idea of security Capture The Flag competitions.
• CTFtime - A site all about CTFs, with information on CTF teams, CTF ratings, CTF writeups, CTF archive and upcoming CTFs.
• CTF 101 - A guide for techniques, thought processes, and methodologies to succeed in CTF competitions.
• Trail of Bits' CTF guide - A simple guide for getting into the CTF world and cyber security.
• CTFlearn - An ethical hacking platform that enables tens of thousands to learn, practice, and compete.
• PicoCTF - Popular CTF created by students at CMU.
• RingZer0 CTF - RingZer0 Team's online CTF offers you tons of challenges designed to test and improve your hacking skills through hacking challenges.
• apsdehal/awesome-ctf - A curated list of Capture The Flag (CTF) frameworks, libraries, resources, softwares and tutorials.
• zardus/ctf-tools - A collection of security tools that might be needed in a CTF.

CTF Making

• CTF Design Guidelines - Design guidelines for CTF authors and organizers.
• How to make boot2root machines - An article showcasing the setup process for a boot2root machine.
• pwning/docs - PPP's tips and suggestions for running a CTF
• Kali Linux CTF Blueprints - A book detailing how to create CTF challenges.
• Tips and Tactics for Creating Your Own CTF Event

Wargames and Challenge Sites

• WeChall - Overview of hacking challenge and problem solving sites.
• zardus/wargame-nexus - An organized, PR-able list of wargame sites.
• Deuterium's Hacking Sites - Similar to the lists above, organized by category and with description for each site.
• OverTheWire - Popular wargames site with challenges at Bash scripting, linux exploitation and web exploitation.
• UnderTheWire - Similar to OverTheWire, but with Powershell scripting.
• CMD challenge - Challenges created to teach shell basics and specifically bash.
• hackthissite.org - Free, safe and legal training ground for hackers to test and expand their ethical hacking skills with challenges, CTFs, and more.
• SANS Holiday Hack Challenges - Every christmas since 2011 SANS puts out a big event with tons of great challenges, the events are avaliable after the holiday.
• Smash The Stack - One of the oldest wargames.

Linux

• Linux Journey
• LinuxCommand.org - A site for The Linux Command Line book by William Shotts.

Conferences

• DEF CON - One of the largest and most notable security conference.
• Black Hat - Similar to DEF CON, one of the premier information security conferences in the world.
• Security BSides - A series of loosely affiliated information security conferences, multiple events each year including one in Israel.
• RSA - A series of bussiness-oriented IT security conferences, initially on cryptography but now covers multiple areas.

Forums

• r/netsec - A community for technical news and discussion of information security and closely related topics.
• r/hacking
• r/cybersecurity
• GreySec
• 0x00sec
• Tuts 4 You's forum

Blogs

• Krebs on Security - In-depth security news and investigation.
• Schneier on Security
• Project Zero
• Megabeets

Wikis & Megathreads

• r/hacking wiki
• Developer-Y/cs-video-courses - Free university CS courses with video lectures.
• gerryguy311/Free_CyberSecurity_Professional_Development_Resources - An awesome list of resources for training, conferences, speaking, labs, reading, etc. that are free.
• trimstray/the-book-of-secret-knowledge - A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.
• LHC Resources - A list of resources from the laptop hacking coffee community.
• The-Art-of-Hacking\h4cker - Tons of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.
• Simply Cyber's Resources - An awesome list of resources for training, conferences, speaking, labs, reading, etc that are free.

Guides & Notes

• Nickapic's Notes - Notes, resources and writeups related to Cybersecurity.
• HackTricks - carlospolop's notes on tricks/techniques and what he learnt in CTFs, pentesting and reading on cybersecurity.

Youtube Channels

• LiveOverflow
• John Hammond
• IppSec
• Gynvael
• PwnFunction
• PinkDraconian
• 247CTF
• stacksmashing
• Nahamsec
• The Cyber Mentor
• STÖK

Podcasts

• Darknet Diaries- Fairly dramatic podcast on cyber by Jack Rhysider.
• StormCast - Daily 5-10 minute information security threat updates, by SANS.
• Security Now
• The Cyberwire Podcasts - Podcasts provided by The Cyberwire, includes daily and weekly shows.
• Malicious Life - A podcast by Cybereason.
• The Hacker Mind
• Command Line Heroes - A podcast by Red Hat.
• Smashing Security
• DAY[0]
• Hackable? - Similar to Darknet Diaries, by McAfee.
• CYBER - A podcast by VICE.
• CPRadio - A weekly podcast discussing new threats and vulnerabilities, by CheckPoint.
• risky.biz
• Security Weekly

Papers & E-zines

• Phrack Magazine

Courses

• osirislab/Hack-Night
• Roppers Academy
• Cybrary
• Professor Messer

Cryptography 🔐

General

• David Wong's blog and channel - David Wong is an author and blogger, he has a lot of content on cryptography and security in general.
• r/crypto - A forum on cryptography and cryptanalysis.
• r/codes - A forum on basic cipher and codes.
• Crypton - An educational library to learn and practice offensive and defensive cryptography.
• Cryptology ePrint Archive - The Cryptology ePrint Archive provides rapid access to recent research in cryptology.

Tools

• Cyberchef - A web app for simple encryption, encoding, compression and data analysis.
• dCode - Similar to Cyberchef with more ecryption and encoding systems.
• Pycryptodome - Self-contained Python package of low-level cryptographic primitives.
• SageMath - Open-source mathematics software system using python 3, this system contains many cryptosystems and is used for algerbric calculation and cryptanalysis.
• CrypTool - E-learning platform for cryptography and cryptanalysis.
• CrackStation - A tool for cracking hashes using massive pre-computed lookup tables.
• factordb - A tool for factoring numbers using a database of known factorings.

Courses

• Cryptography I - A free online introduction course in cryptography by Dan Boneh.
• Crypto101 - An introductory course on cryptography, freely available for programmers of all ages and skill levels.
• Introduction to Cryptography by Christof Paar - A comprehensive introduction to modern applied crypto. Only high school math is required to follow the lectures.
• Block Breakers - A course on block ciphers and attacks on block ciphers.

Books

• CrypTool Book - Good free book in cryptography for people without mathematical background.
• Serious Cryptography -A Practical Introduction to Modern Encryption.
• Introduction to Modern Cryptography - An introduction to the core principles of modern cryptography.
• A Graduate Course in Applied Cryptography - A WIP cryptography book by Dan Boneh and Victor Shoup.
• Handbook of Applied Cryptography - An overview of cryptography, a bit old but a good introductory book.

Learning Platforms & Exercises

• Cryptohack - A fun platform for learning modern cryptography.
• Cryptopals - A learning platform with a lot of exercises separated into sets.
• id0-rsa - Similar to cryptopals.

Web Exploitation 🕸

General

• W3Schools - An educational website for learning web technologies.
• PwnFunction - A YouTube channel discussing web exploitation techniques in a simple to understand manner.
• Hacksplaining - A website for learning simple web exploitation techniques and vulnerabilities.
• infoslack/awesome-web-hacking

Tools

• Burp Suite - A fully featured web application attack tool.
• Postman - A tool for making HTTP requests and test API's.
• PayloadAllTheThings - A list of useful payloads and bypasses for Web Application Security.
• Damn Vulnerable Web Application - A vulnerable PHP/MySQL web application for testing attacks and learning web application security.
• OWASP Juice Shop - Modern and sophisticated insecure web application for security training, demos, CTFs and etc.

Courses

• CS 253 Web Security - A course giving a comprehensive overview of web security by the CS department in Stanford University.
• TryHackMe's Web Hacking Fundamentals - A module exploring the basics of web applications and basic exploitation.
• Hacker101 - A free class for web security, created by hackerOne.

Books

• The Web Application Hacker's Handbook - A well-known book for learning basic web exploitation.

Learning Platforms & Exercises

• PortSwigger's Web Security Academy - Free online training center for web application security.
• OverTheWire's Natas - A series of challenges teaching the basics of server-side web security.
• Immersive Labs - New platform for learning web exploitation.
• CTF Challenge - a series of web application hacking challenges.
• websec.fr

Reversing & Binary Exploitation ⏮

General

• Tuts 4 You - A community dedicated to the sharing of knowledge and information on reverse engineering.
• Smashing The Stack For Fun And Profit - The first public paper on stack buffer overflow and one of the first public binary exploitation papers, it is really high quality and still relevant today.
• r/ReverseEngineering - A forum discussing topics in reverse engineering.
• tylerha97/awesome-reversing - A curated list of awesome reversing resources.
• wtsxDev/reverse-engineering - List of awesome reverse engineering resources, currently unmaintained so you should check the fork for updated links.
• onethawt/reverseengineering-reading-list - A list of Reverse Engineering articles, books, and papers.
• Binary Exploitation Notes - A collection of notes on binary exploitation and vulnerable binaries.
• muff-in/resources.md - Resources in Assembly Language / Reversing / Malware Analysis.
• ytisf/theZoo - A repository of live malwares for educational reasons.
• MalwareBazaar - A project from abuse.ch with the goal of sharing malware samples with the infosec community

Tools

• IDA Free - An interactive disassembler and debugger.
• Ghidra - An open source reverse engineering framework created by the NSA, containing a disassember and decompiler.
• radare2 - A UNIX portable reversing framework.
• JADX - Dex to Java decompiler producing Java source code from Android Dex and Apk files.
• Apktool - A tool for reverse engineering 3rd party, closed, binary Android apps.
• Cutter - Free and Open Source RE Platform powered by Rizin.
• ILSpy - An open-source .NET assembly browser and decompiler.
• Frida - Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.

Courses

• pwn.college - A first-stage education platform for students to learn about, and practice, core cybersecurity concepts in a hands-on fashion.
• Nightmare - Intro to binary exploitation / reverse engineering course based around CTF challenges.
• Reverse Engineering For Everyone! - Courses on reversing ARM and Intel architectures.
• Reverse Engineering for Beginners - A beginner course to RE and hooking (with the very original name) created by Ophir Harpaz.
• Malwareunicorn - A site providing workshops and resources in reverse engineering.
• Binary Exploitation / Memory Corruption by LiveOverflow - A series of YouTube videos created by LiveOverFlow about binary exploitation. From beginner to advanced.
• CS6038/CS5138 Malware Analysis, UC - An introductory course to Malware Analysis and Reverse Engineering from the department of EE and CS in the university of Cincinnati.
• CSCI 4968 Modern Binary Exploitation - Course Material for CSCI 4986 in Rensselaer Polytechnic Institute.
• CSCI 4976 Malware Analysis - Course Material for CSCI 4976 in Rensselaer Polytechnic Institute.
• Binary Analysis Course
• Azeria Labs - Tutorials on ARM assembly and exploitation.
• Fu11Shade's Windows Exploitation - A pathway for learning Windows exploit development.
• OpenSecurityTraining - Detailed course on cybersecurity and specifically reverse engineering and binary exploitation, version 2.0 is coming mid-2021.
• heap-exploitation - A short book for people who want to understand the internals of 'heap memory'.
• shellphish/how2heap - A repository for learning various heap exploitation techniques.
• Lena's Reversing for Newbies - A collection of tutorials aimed particularly for newbie reverse engineers.

Blogs

• shell-storm - A blog by a security researcher about reversing.
• Corelan Cybersecurity Research - Site created by a team of security researchers, mostly on windows reversing and exploitation.

Books

• Reverse Engineering For Beginners - An open-source e-book on reverse engineering, highly praised and used worldwide in universities to teach assembly and reverse engineering.
• Reversing: Secrets of Reverse Engineering - This book provides readers with practical, in-depth techniques for software reverse engineering, a must-read for those who want to get to reverse engineering and binary exploitation.
• Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software - A book teaching you the tools and techniques used by professional malware analysts.
• Hacking: The Art of Exploitation, 2nd Edition - An introduction to hacking, reversing and binary exploitation.
• The Shellcoder's Handbook: Discovering and Exploiting Security Holes, 2nd Edition - A book on finding security holes in any operating system or applications and exploiting them.
• The IDA Pro Book, 2nd Edition

Learning Platforms & Exercises

• crackmes.one - A simple place where you can download crackmes to improve your reverse engineering skills.
• pwnable.kr - A non-commercial wargame site which provides various pwn challenges regarding system exploitation.
• pwnable.xyz - pwnables for beginners. Most of the challenges were created for an internal event for OpenToAll's team (a CTF team anyone can join).
• pwnable.tw- A wargame site for hackers to test and expand their binary exploiting skills.
• challenges.re - A set of challenges with a variety of levels and technologies created by the author of Reverse Engineering For Beginners.
• reversing.kr - A set of reversing challenges with decreasing difficulty, good for beginners.
• ReversingHero - Engineering self learning kit (x86_64 on linux) wrapped inside one binary file. It is made of 15 levels, with difficulty gradually increasing
• IO netgarage - One of the oldest and most popular wargame.
• The Flare-On Challenges - An archive of challenges from Flare-On events created by FireEye.
• Microcorruption - Challenges covering reversing of embedded devices.
• ROP Emporium - Learn return-oriented programming through a series of challenges designed to teach ROP techniques in isolation, with minimal reverse-engineering or bug hunting.

Game Exploitation 👾

General

• Guided Hacking - Especially Beginner Guide here
• GameHackingAcademy
• Pwn Adventure
• mrT4ntr4/CTF-Game-Challenges
• dsasmblr/game-hacking

Forensics 🕵🏼‍♂️

General

• MemLabs - An educational, introductory set of CTF-styled challenges which is aimed to encourage people to get started with the field of Memory Forensics.
• corkami/pics - corkami is a security researcher and illustrator, this repo contains his illustration of file formats specifications in a simple to understand manner.
• DFIR Diva - A blog on digital forensics and incident response, includes a great list of resources on this areas.
• AboutDFIR - A site for the DFIR community, with books, tutorials and guides on the subject.
• cugu/awesome-forensics

Books

• The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory
• Malware Analyst's Cookbook and DVD

Guides

• Basics of Memory Forensics

Steganography 👻

• The Theorist Gateway Toolbox - Slides describing techniques and tools for hiding and extracting information, the ARG itself is very good too.
• ae27ff - a set of levels including simple ciphers, steganography, different types of encodings, and familiarity with internet resources.

Coding 💻

General

• Michael0x2a/curated-programming-resources - A curated list of resources for learning programming.
• The Odin Project - A site to learn web development free.

Courses

• Codecademy - A platform for learning programming languages.
• Corey Schafer's Python Course - A good python course for beginner and advanced coders
• FreeCodeCamp - A friendly community where you can learn to code for free, with courses on everything coding related, including cyber security.

Challenges

• leetcode - A site to practice your coding skills with coding challenges.
• HackerRank - Similar to leetcode.
• Codewars - Improve your skills by training with others on real code challenges.
• Codesignal - Similar to the sites above, but focused more on interview practice.
• Project Euler - A series of challenging mathematical/computer programming problems.

Pentesting 🖧

General

• enaqx/awesome-pentest - A collection of awesome penetration testing and offensive cybersecurity resources.

Courses

• Metasploit Unleashed

Learning Platforms & Exercises

• Hack The Box - An online platform allowing you to test your penetration testing skills and exchange ideas and methodologies with thousands of people in the security field.
• HTB Academy - A new platform by Hack The Box for learning cybersecurity.
• TryHackMe - A free online platform for learning cyber security and pentesting, using hands-on exercises and labs, all through your browser.
• Root Me - Similar to TryHackMe and Hack The Box.
• VulnHub - Vulnerable By Design - A growing collection of vulnerable virtual machine to hack and practice on.
• Hack My VM - A new site similar to vulnhub with more gamification elements.
• Exploit Exercises - One of the most known exploitation challenges, mostly linux exploitation and binary exploitation.
• PentesterLab - Exercises in pentesting, with a lot of free ones.
• PentesterAcademy - Similar to PentesterLab, high quality but all the courses require membership.

Books

• Metasploit: The Penetration Tester's Guide

Bug Bounty 🐞

Platforms

• Bugcrowd
• hackerone

Courses

• Bugcrowd University

Books

• Real-World Bug Hunting: A Field Guide to Web Hacking