This page serves as a list of resources that I’ve either used myself or would like to use in the future.
It compiles all of the resources I would personally recommend either out of my own experience or that of others.
Education
For Beginners
Without a computer science background:
- Getting into Infosec - DFIR Madness (AKA The Five Pillars)
- Your 5 Year Path: Success in Infosec - Black Hills Information Security
- Cisco’s Introduction to Cybersecurity
With a computer science background:
- Thinking of a Cybersecurity Career? Read This - Krebs On Security
- A Guide to go from Zero to Hero - TryHackMe
- 30 Things to get you started - Black Hills Information Security
- So you want to be a pentester and/or red teamer? - Jean Maes
- Certification Talk - SpookySec
Platforms
- TryHackMe: Absolutely the best all-round platform I have found, especially for beginners.
- HackTheBox: Also fantastic, but more geared towards the experienced with less hand holding.
- CTFtime: For anyone who wants to know about all of the CTFs.
- OverTheWire
- Root Me
- CryptoHack
- CyberSecLabs
- AttackDefense
- PentesterAcademy
Tool Spotlight
- Pwncat: Post-exploitation platform for Linux which perfects reverse/bind shells. Just watch their video.
- RustScan: Turns a 17 minutes Nmap scan into 19 seconds. Still depends on nmap to do actual in-depth scanning.
Local Labs
- VulnHub: A bit chaotic, but lots of machines to practice on.
- Detection Lab
- Pentest Environment Deployer
Books
Must reads:
- X Hacking The Art of Exploitation - Jon Erickson €€
- ~ The Hacker Playbook: Practical Guide To Penetration Testing - Peter Kim €€
- ~ Red Team Development and Operations: A practical guide - Joe Vest & James Tubberville €
- ~ The Web Application Hacker’s Handbook - Dafydd Stuttard & Marcus Pinto €€
- O The Shellcoder’s Handbook: Discovering and Exploiting Security Holes €€
- O Social Engineering - Christopher Hadnagy €€
- O Hack & Detect - Nik Alleyne €€
- O Red Team: How to succeed by Thinking Like the Enemy - Micah Zenko €€
- O Becoming the Hacker - Adrian Pruteanu €€
In-depth:
- O GPEN GIAC Certified Penetration Tester All-in-One Exam Guide - Raymond Nutting & William MacCormack €€€
- O Pentesting Azure Applications: The Definitive Guide to Testing and Securing Deployments - M. Burrough €
- O Hands-On AWS Penetration Testing with Kali Linux - K. Gilbert & B. Caudill €€€
- How Browsers Work: Behind the scenes of modern web browsers - Tali Garsiel & Paul Irish
- Course content for UC Malware Analysis
- Docker for Pentesters - Ropnop
- Buffer Overflow Made Easy - TCM
Cryptography:
Personal development:
- ~ Difficult Conversations: How to Discuss What Matters Most - Douglas Stone €
- ~ How to win Friends and Influence People - Dale Carnegie €
- O Bulletproof Problem Solving: The One Skill That Changes Everything - Charles Conn €€
- O Mental Models: 30 Thinking Tools that Separate the Average From the Exceptional - Peter Hollins €
- The Importance of Deep Work & The 30-Hour Method for Learning a New Skill - Azeria: Overwhelmed? Read this!
Other book lists:
Other Resources
- Pentest Standard
- OWASP Testing Checklist
- How to Hunt for Jobs like a Hacker w/ Jason Blanchard
- Red Teaming Experiments
- Security Red Team subreddit
- The C2 Matrix
- Jason Haddix’s How To Show Web (2015)
- PortSwigger’s Web Application Hacker’s Handbook 3rd edition
- Paul Jerimy’s Certificate Overview
On post-exploitation
- Hacktricks’s Github Book (excellent!)
- Chryzsh’s pentest book
- Rapid7’s MSF post exploitation docs
- Pentest Standard on post exploitation
- Offsec’s mimikats cheat sheet
- Adsecurity’s Unofficial Guide to Mimikats & Command Reference
- HarmJ0y’s PowerView tricks
On windows privilege escalation
News
Blogs
Other Lists
- Pentest Cheat Sheet
- Awesome Hacking list
- Ankur Chowdhary’s Hacker Zone
- Enaqx’s Awesome Penetration Testing list
- DFIR Diva’s Free Training list
- Intigriti’s top 20 bug bounty hunter Youtube channels to follow in 2020
- Bayandin’s list of awesomeness
Entertainment//Culture
Books
Hacking stories:
- X Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon - Kim Zetter
- X The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage - Cliff Stoll
- ~ Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground - Kevin Poulsen
- ~ The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers - Kevin Mitnick
- O Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers - Andy Greenberg
- O The Watchman: The Twisted Life and Crimes of Serial Hacker Kevin Poulsen - Jonathan Littman
- O Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World - Joseph Menn
- O Mindf*ck: Cambridge Analytica and the Plot to Break America - Christopher Wylie
- O Permanent Record - Edward Snowden
Absolutely glorious science-fiction:
Movies
Classics:
- X V for Vendetta (2005)
- X Hackers (1995)
- X Swordfish (2001)
- X Sneakers (1992)
- X WarGames (1983)
- X Blade Runner (1982)
- X Blade Runner 2049 (2017)
- X The Matrix (1999)
- X The Matrix Reloaded (2003)
- X The Matrix Revolutions (2003)
- X Johnny Mnemonic (1995)
- X Total Recall (1990)
- X TRON (1982)
- X TRON: Legacy (2010)
- X Ghost in the Shell
- X Surrogates (2009)
- X Her (2013)
- O 23 (1998)
- O Prime Risk (1985)
- O Gamer (2009)
- O The Net (1995)
- O Blackhat (2015)
- O Who Am I (2014)
- O Untraceable (2008)
- O Firewall (2006)
- O Johnny Mnemonic (1995)
Personal suggestions:
More Lists:
TV Shows
Miscellaneous
- Phrack Magazine: A gem from the 1980’s.