Github url


by vitalysim

A collection of hacking / penetration testing resources to make you better!

9.6K Stars 1.5K Forks Last release: Not found GNU General Public License v3.0 268 Commits 0 Releases

Available items

No Items, yet!

The developer of this repository has not created any items for sale yet. Need a bug fixed? Help with integration? A different license? Create a request here:


Awesome Hacking Resources Awesome Hacking Awesome community

A collection of hacking / penetration testing resources to make you better!

Let's make it the biggest resource repository for our community.

You are welcome to fork and contribute.

We started a new tools list, come and contribute

Table of Contents

Learning the Skills

Name | Description ---- | | a simple opendir full of quality docs and notes on a variety of security topics; good walkthroughs on malware trafic analysis and sysadmin stuff.CS 642: Intro to Computer Security | academic content, full semester course, includes assigned readings, homework and github refs for exploit examples. NO VIDEO LECTURES.CyberSec WTF | CyberSec WTF Web Hacking Challenges from Bounty write-upsCybrary | coursera style website, lots of user-contributed content, account required, content can be filtered by experience levelFree Cyber Security Training | Academic content, 8 full courses with videos from a quirky instructor sam, links to research, defcon materials and other recommended training/learningHak5 | podcast-style videos covering various topics, has a forum, "metasploit-minute" video series could be usefulHopper's Roppers Security Training | Four free self-paced courses on Computing Fundamentals, Security, Capture the Flags, and a Practical Skills Bootcamp that help beginners build a strong base of foundational knowledge. Designed to prepare for students for whatever they need to learn next.Learning Exploitation with Offensive Computer Security 2.0 | blog-style instruction, includes: slides, videos, homework, discussion. No login required.Mind Maps | Information Security related Mind MapsMIT OCW 6.858 Computer Systems Security | academic content, well organized, full-semester course, includes assigned readings, lectures, videos, required lab files.OffensiveComputerSecurity | academic content, full semester course including 27 lecture videos with slides and assign readingsOWASP top 10 web security risks | free courseware, requires accountSecurityTube | tube-styled content, "megaprimer" videos covering various topics, no readable content on site.Seed Labs | academic content, well organized, featuring lab videos, tasks, needed code files, and recommended readingsTryHackMe | Designed prebuilt challenges which include virtual machines (VM) hosted in the cloud ready to be deployed

YouTube Channels

Name | Description ---- | ----0patch by ACROS Security | few videos, very short, specific to 0patchBlackHat | features talks from the BlackHat conferences around the worldChristiaan008 | hosts a variety of videos on various security topics, disorganized |

Companies |Detectify | very short videos, aimed at showing how to use Detictify scannerHak5 | see Hak5 aboveKaspersky Lab | lots of Kaspersky promos, some hidden cybersecurity gemsMetasploit | collection of medium length metasploit demos, ~25minutes each, instructionalntop | network monitoring, packet analysis, instructionalnVisium | Some nVisum promos, a handful of instructional series on Rails vulns and web hackingOpenNSM | network analysis, lots of TCPDUMP videos, instructional,OWASP | see OWASP aboveRapid7 | brief videos, promotional/instructional, ~ 5 minutesSecurelist | brief videos, interviews discussing various cyber security topicsSegment Security | promo videos, non-instructionalSocialEngineerOrg | podcast-style, instructional, lengthy content ~1 hr eachSonatype | lots of random videos, a good cluster of DevOps related content, large range of lengths, disorganizedSophosLabs | lots of brief, news-style content, "7 Deadly IT Sins" segment is of noteSourcefire | lots of brief videos covering topics like botnets, DDoS ~5 minutes eachStation X | handful of brief videos, disorganized, unscheduled content updatesSynack | random, news-style videos, disorganized, non-instructionalTippingPoint Zero Day Initiative | very brief videos ~30 sec, somewhat instructionalTripwire, Inc. | some tripwire demos, and random news-style videos, non-instructionalVincent Yiu | handful of videos from a single hacker, instructional | Conferences |44contv | inMIT OCW 6.858 Computer Systems Security |Information security con based in London, lengthy instructional videosBruCON Security Conference | security and hacker conference based in b\Belgium, lots of lengthy instructinoal videosBSides Manchester | security and hacker con based in Mancheseter, lots of lengthy videosBSidesAugusta | security con based in Augusta, Georgia, lots of lengthy instructional videosCarolinaCon | security con based in North Carolina, associated with various 2600 chapters, lots of lengthy instructional contentCort Johnson | a handful of lengthy con-style talks from Hack Secure Opensec 2017DevSecCon | lenghty con videos covering DevSecOps, making software more secureGarage4Hackers - Information Security | a handful of lengthy videos, About section lacks descriptionHACKADAY | lots of random tech content, not strictly infosec, some instructionalHack In The Box Security Conference | lengthy con-style instructional talks from an international security conHack in Paris | security con based in paris, features lots of instructional talks, slides can be difficult to see.Hacklu | lots of lengthy con-style instructional videosHacktivity | lots of lengthy con-style instructional videos from a con in central/eastern | handful of lengthy con-style video, emphasis on hardware hacksIEEE Symposium on Security and Privacy | content from the symposium; IEEE is a professional association based in the us, they also publish various journalsLASCON | lengthy con-style talks from an OWASP con held in Austin, TXleHACK | leHACK is the oldest ( 2003 ), leading, security conference in Paris, FRMarcus Niemietz | lots of instructional content, associated with HACKPRA, an offensive security course from an institute in | The real official channel of the chaos computer club, operated by the CCC VOC - tons of lengthy con-style vidsNorthSec | lengthy con-style talks from an applied security conference in CanadaPancake Nopcode | channel of Radare2 whiz Sergi "pancake" Alvarez, Reverse Engineering ContentPsiinon | medium length instructional videos, for the OWASP Zed Attack ProxySJSU Infosec | handful of lengthy instructional videos from San Jose State university | tons of lengthy instructional lectures on Secure App DevelopmentSecurity Fest | medium length con-style talks from a security festival in SwedenSecurityTubeCons | an assortment of con-style talks from various cons including BlackHat and ShmooconToorCon | handful of medium length con videos from con based in San Diego, CAUSENIX Enigma Conference | medium length "round table discussion with leading experts", content starts in 2016ZeroNights | a lot of con-style talks from international conference ZeroNights | News |0x41414141 | Channel with couple challenges, well explainedAdrian Crenshaw | lots of lengthy con-style talksCorey Nachreiner | security newsbites, 2.7K subscribers, 2-3 videos a week, no set scheduleBalCCon - Balkan Computer Congress | Long con-style talks from the Balkan Computer Congress, doesn't update regularlydanooct1 | lots of brief screenshot, how-to vids regarding malware, regular content updates, 186K followerssDedSec | lots of brief screenshot how-to vids based in Kali, no recent posts.DEFCON Conference | lots of lengthy con-style vids from the iconical DEFCONDemmSec | lots of pen testing vids, somewhat irregular uploads, 44K followersDerek Rook - CTF/Boot2root/wargames Walkthrough | lots of lengthy screenshot instructional vids, withDon Does 30 | amateur pen-tester posting lots of brief screenshot vids regularly, 9K FollowersError 404 Cyber News | short screen-shot videos with loud metal, no dialog, bi-weeklyGeeks Fort - KIF | lots of brief screenshot vids, no recent postsGynvaelEN | Security streams from Google Researcher. Mainly about CTFs, computer security, programing and similar things.HackerSploit | regular posts, medium length screenshot vids, with dialogHACKING TUTORIALS | handful of brief screenshot vids, no recent posts.iExplo1t | lots of screenshot vids aimed at novices, 5.7K Followers, no recent postsJackkTutorials | lots of medium length instructional vids with some AskMe vids from the youtuberJohn Hammond | Solves CTF problems. contains penTesting tips and tricksLatest Hacking News | 10K followers, medium length screenshot videos, no recent releasesLionSec | lots of brief screenshot instructional vids, no dialogLiveOverflow | Lots of brief-to-medium instructional vids, covering things like buffer overflows and exploit writing, regular posts.Metasploitation | lots of screenshot vids, little to no dialogue, all about using Metasploit, no recent vids.NetSecNow | channel of, seems to post once a month, screenshot instructional vidsOpen SecurityTraining | lots of lengthy lecture-style vids, no recent posts, but quality info.Pentester Academy TV | lots of brief videos, very regular posting, up to +8 a weekPenetration Testing in Linux | DELETErwbnetsec | lots of medium length instructional videos covering tools from Kali 2.0, no recent posts.Samy Kamkar's Applied Hacking | brief to medium length instructional vids from the creator of PoisonTap for the Raspberry Pi Zero, no recent content, last updated in 2016SecureNinjaTV | brief news bites, irregular posting, 18K followersSecurity Weekly | regular updates, lengthy podcast-style interviews with industry prosSeytonic | variety of DIY hacking tutorials, hardware hacks, regular updatesShozab Haxor | lots of screenshot style instructional vids, regular updates, windows CLI tutorialSSTec Tutorials | lots of brief screenshot vids, regular updatesTradecraft Security Weekly | Want to learn about all of the latest security tools and techniques?Troy Hunt | lone youtuber, medium length news videos, 16K followers, regular contentWaleed Jutt | lots of brief screenshot vids covering web security and game programmingwebpwnized | lots of brief screenshot vids, some CTF walkthroughsZer0Mem0ry | lots of brief c++ security videos, programming intensiveLionSec | lots of brief screenshot instructional vids, no dialogAdrian Crenshaw | lots of lengthy con-style talksHackerSploit | regular posts, medium length screenshot vids, with dialogDerek Rook - CTF/Boot2root/wargames Walkthrough | lots of lengthy screenshot instructional vids, withTradecraft Security Weekly | Want to learn about all of the latest security tools and techniques?IPPSec | retired machine vulnerable machine walkthroughs to help you learn both basic and advanced processes and techniques

Sharpening Your Skills

Name | Description ---- | ----Backdoor | pen testing labs that have a space for beginners, a practice arena and various competitions, account requiredThe cryptopals crypto challenges | A bunch of CTF challenges, all focused on cryptography.Challenge Land | Ctf site with a twist, no simple sign-up, you have to solve a challengeto even get that Archive (2011-2015) | a reverse engineering information Repo, started in | This is a simple place where you can download crackmes to improve your reverse engineering skills.CTFLearn | an account-based ctf site, where users can go in and solve a range of challengesCTFs write-ups | a collection of writeups from various CTFs, organized byCTF365 | account based ctf site, awarded by Kaspersky, MIT, T-MobileThe enigma group | web application security training, account based, video tutorialsExploit exercises | hosts 5 fulnerable virtual machines for you to attack, no account requiredGoogle CTF | Source code of Google 2017, 2018 and 2019 CTFGoogle CTF 2019 | 2019 edition of the Google CTF contestGoogle's XSS game | XSS challenges, and potentially a chance to get paidHack The Box | Pen testing labs hosting over 39 vulnerable machines with two additional added every monthHacker test | similar to "hackthissite", no account required.Hacker Gateway | ctfs covering steganography, cryptography, and web challengs, account requiredHacksplaining | a clickthrough security informational site, very good for | hosts a number of web hacking challenges, account | lets you build/host/attack vulnerable web appsHack this site! | an oldy but goodie, account required, users start at low levels and progress in | XSS challenges, account | Practice your Linux privilege | Korean challenge site, requires an accountOver the wire | A CTF that's based on progressive levels for each lab, the users SSH in, no account recquiredParticipating Challenge Sites | aims at creating a universal ranking for CTF participantsPentesterLab | hosts a variety of exercises as well as various "bootcamps" focused on specific activitiesPentestit | acocunt based CTF site, users have to install open VPN and get credentialsPentest Practice | account based Pentest practice, free to sign up, but there's also a pay-as-you-go | lots of various labs/VMS for you to try and hack, registry is optional.PicoCTF | CTF hosted by Carnegie Mellon, occurs yearly, account | Don't let the cartoon characters fool you, this is a serious CTF site that will teach you a lot, account | hosts 27 challenges accompanied with writeups, account requiredRingzer0 Team | an account based CTF site, hosting over 272 challengesROP Emporium | Return Oriented Programming challengesSmashTheStack | hosts various challenges, similar to OverTheWire, users must SSH into the machines and progress in levelsShellter Labs | account based infosec labs, they aim at making these activities socialSolve Me | "yet another challenge", account required.Vulnhub | site hosts a ton of different vulnerable Virtual Machine images, download and get | Focused on web challenges, registration is | lots of web security challenges are available, recommended for beginners. You need to solve a simple challenge to sign up.Stereotyped Challenges | Challenges for web security professionals, account required.Stripe CTF 2.0 | Past security contest where you can discover and exploit vulnerabilities in mock web applications.Windows / Linux Local Privilege Escalation Workshop | Practice your Linux and Windows privilege escalationHacking Articles | CTF Brief Write up collection with a lot of screenshots good for beggainersHacker101 CTF | CTF hosted by HackerOne, always online. You will receive invitations to some private programs on HackerOne platform as a reward.Hacking Lab | European platform hosting lots of riddles, challenges and competitions

Reverse Engineering, Buffer Overflow and Exploit Development

Name | Description ---- | ----A Course on Intermediate Level Linux Exploitation | as the title says, this course isn't for beginnersAnalysis and exploitation (unprivileged) | huge collection of RE information, organized by type.Binary hacking | 35 "no bullshit" binary videos along with other infoBuffer Overflow Exploitation Megaprimer for Linux | Collection of Linux Rev. Engineering videosCorelan tutorials | detailed tutorial, lots of good information about memoryExploit tutorials | a series of 9 exploit tutorials,also features a podcastExploit development | links to the forum's exploit dev posts, quality and post style will vary with each posterflAWS challenge | Through a series of levels you'll learn about common mistakes and gotchas when using Amazon Web Services (AWS).Introduction to ARM Assembly Basics | tons of tutorials from infosec pro Azeria, follow her on twitterIntroductory Intel x86 | 63 days of OS class materials, 29 classes, 24 instructors, no account requiredLena's Reversing for Newbies (Complete) | listing of a lengthy resource by Lena, aimed at being a courseLinux (x86) Exploit Development Series | blog post by sploitfun, has 3 different levelsMegabeets journey into Radare2 | one user's radare2 tutorialsModern Binary Exploitation - CSCI 4968 | RE challenges, you can download the files or download the VM created by RPISEC specifically for challenges, also links to their home page with tons of infosec - reversing conference | the conference site contains recordings and slides of all talks!! Reverse Engineering for Beginners | huge textbook, created by Dennis Yurichev, open-sourceReverse engineering reading list | a github collection of RE tools and booksReverse Engineering challenges | collection of challenges from the writer of RE for BeginnersReverse Engineering for beginners (GitHub project) | github for the aboveReverse Engineering Malware 101 | intro course created by Malware Unicorn, complete with material and two VM'sReverse Engineering Malware 102 | the sequel to challenges | reverse engineering challenges varying in difficultyShell storm | Blog style collection with organized info about Rev. Engineering.Shellcode Injection | a blog entry from a grad student at SDS LabsMicro Corruption — Assembly | CTF designed to learn Assembly by practicing

Privilege Escalation

Name | Description ---- | ----4 Ways get linux privilege escalation | shows different examples of PEA GUIDE TO LINUX PRIVILEGE ESCALATION | Basics of Linux privilege escalationAbusing SUDO (Linux Privilege Escalation) | Abusing SUDO (Linux Privilege Escalation)AutoLocalPrivilegeEscalation | automated scripts that downloads and compiles from exploitdbBasic linux privilege escalation | basic linux exploitation, also covers WindowsCommon Windows Privilege Escalation Vectors | Common Windows Privilege Escalation VectorsEditing /etc/passwd File for Privilege Escalation | Editing /etc/passwd File for Privilege EscalationLinux Privilege Escalation | Linux Privilege Escalation – Tradecraft Security Weekly (Video)Linux Privilege Escalation Check Script | a simple linux PE check scriptLinux Privilege Escalation Scripts | a list of PE checking scripts, some may have already been coveredLinux Privilege Escalation Using PATH Variable | Linux Privilege Escalation Using PATH VariableLinux Privilege Escalation using Misconfigured NFS | Linux Privilege Escalation using Misconfigured NFSLinux Privilege Escalation via Dynamically Linked Shared Object Library | How RPATH and Weak File Permissions can lead to a system compromise.Local Linux Enumeration & Privilege Escalation Cheatsheet | good resources that could be compiled into a scriptOSCP - Windows Priviledge Escalation | Common Windows Priviledge EscalationPrivilege escalation for Windows and Linux | covers a couple different exploits for Windows and LinuxPrivilege escalation linux with live example | covers a couple common PE methods in linuxReach the root | discusses a process for linux privilege exploitationRootHelper | a tool that runs various enumeration scripts to check for privilege escalationUnix privesc checker | a script that checks for PE vulnerabilities on a systemWindows exploits, mostly precompiled. | precompiled windows exploits, could be useful for reverse engineering tooWindows Privilege Escalation | collection of wiki pages covering Windows Privilege escalationWindows Privilege Escalation | Notes on Windows Privilege EscalationWindows privilege escalation checker | a list of topics that link to, all related to windows privilege escalationWindows Privilege Escalation Fundamentals | collection of great info/tutorials, option to contribute to the creator through patreon, creator is an OSCPWindows Privilege Escalation Guide | Windows Privilege Escalation GuideWindows Privilege Escalation Methods for Pentesters | Windows Privilege Escalation Methods for Pentesters

Malware Analysis

Name | Description ---- | ----Malware traffic analysis | list of traffic analysis exercisesMalware Analysis - CSCI 4976 | another class from the folks at RPISEC, quality contentBad Binaries | walkthrough documents of malware traffic analysis exercises and some occasional malware analysis.

Network Scanning / Reconnaissance

Name | Description ---- | ----Foot Printing with WhoIS/DNS records | a white paper from SANSGoogle Dorks/Google Hacking | list of commands for google hacks, unleash the power of the world's biggest search engine

Vulnerable Web Application

Name | Description ---- | ----bWAPP | common buggy web app for hacking, great for beginners, lots of documentationDamn Small Vulnerable Web | written in less than 100 lines of code, this web app has tons of vulns, great for teachingDamn Vulnerable Web Application (DVWA) | PHP/MySQL web app for testing skills and toolsGoogle Gruyere | host of challenges on this cheesy web appOWASP Broken Web Applications Project | hosts a collection of broken web appsOWASP Hackademic Challenges project | web hacking challengesOWASP Mutillidae II | another OWASP vulnerable app, lots of documentation.OWASP Juice Shop | covers the OWASP top 10 vulnsWebGoat: A deliberately insecure Web Application | maintained by OWASP and designed to to teach web app security

Vulnerable OS

Name | Description ---- | ----General Test Environment Guidance | white paper from the pros at rapid7Metasploitable2 (Linux) | vulnerable OS, great for practicing hackingMetasploitable3 [Installation] | the third installation of this vulnerable OSVulnhub | collection of tons of different vulnerable OS and challenges

Linux Penetration Testing OS

Name | Description ---- | -----Android Tamer | Android Tamer is a Virtual / Live Platform for Android Security professionals.BackBox | open source community project, promoting security in IT enivornmentsBlackArch | Arch Linux based pentesting distro, compatible with Arch installsBugtraq | advanced GNU Linux pen-testing technologyKali | the infamous pentesting distro from the folks at Offensive SecurityLionSec Linux | pentesting OS based on UbuntuParrot | Debian includes full portable lab for security, DFIR, and developmentPentoo | pentesting OS based on Gentoo


Name | Description ---- | | Easy to navigate database of exploitsExploit Database | database of a wide variety exploits, CVE compliant archiveCXsecurity | Indie cybersecurity info managed by 1 personSnyk Vulnerability DB | detailed info and remediation guidance for known vulns, also allows you to test your code


Name | Description ---- | ----0x00sec | hacker, malware, computer engineering, Reverse engineeringAntichat | russian based forumCODEBY.NET | hacker, WAPT, malware, computer engineering, Reverse engineering, forensics - russian based forumEAST Exploit database | exploit DB for commercial exploits written for EAST Pentest FrameworkGreysec | hacking and security forumHackforums | posting webstite for hacks/exploits/various discussion4Hat Day | brazilian based hacker forumCaveiraTech | brazilian based, general hacker forum

Archived Security Conference Videos

Name | Description ---- | | hosts data from hundreds of consIrongeek | Website of Adrien Crenshaw, hosts a ton of | a site that aims to catalog and cross-reference all hacker conferences.

Online Communities

Name | Description ---- | -----Hacktoday | requires an account, covering all kinds of hacking topicsHack+ | link requires telegram to be usedMPGH | community of MultiPlayerGameHacking

Online News Sources

Name | Description ---- | ----InfoSec | covers all the latest infosec topicsRecent Hash Leaks | great place to lookup hashesSecurity Intell | covers all kinds of news, great intelligence resourcesThreatpost | covers all the latest threats and breachesSecjuiceThe Hacker News | features a daily stream of hack news, also has an app

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.