Name | Website | Source | Description | Price |
---|---|---|---|---|
AVORD | [Website] | UK penetration testing platform | Free | |
AntiHACK | [Website] | Singapore bug bounty platform | Free | |
Bug Bounty Hub | [Website] | Bug bounty platform | Free | |
BugBounty.jp | [Website] | Japan bug bounty platform | Free | |
Bugcrowd | [Website] | Bug bounty platform | Free | |
Bugv | [Website] | Bug bounty platform | Free | |
Cobalt.io | [Website] | Crowdsourced pentest and bug bounty platform | Free | |
Crowdswarn | [Website] | Crowdsourced pentest & bug bounty platform | Free | |
CyberArmyID | [Website] | VDP & bug bounty platform | Free | |
disclose.io | [Website] | VDP platform | Free | |
FEDERACY | [Website] | Crowdsourced pentest & bug bounty platform | Free | |
FireBounty | [Website] | Bug bounty program aggregator | Free | |
HackenProof | [Website] | Bug bounty platform | Free | |
HackerOne | [Website] | Bug bounty platform | Free | |
Hackrate | [Website] | Bug bounty platform | Free | |
HackTrophy | [Website] | Bug bounty platform | Free | |
huntr | [Website] | A bug bounty platform dedicated to Artificial Intelligence (AI) and Machine Learning (ML) | Free | |
Immunefi | [Website] | Bug bounty platform focused on DeFi (Decentralized Finance), blockchain and smart contract security | Free | |
Inspectiv | [Website] | Bug bounty platform | Free | |
IssueHunt | [Website] | Bug bounty platform | Free | |
Intigriti | [Website] | Bug bounty platform | Free | |
Open Bug Bounty | [Website] | Non-profit bug bounty platform | Free | |
OpenCIRT | [Website] | Open Cyber Incident Response Team; coordinated vulnerability disclosure for softwares without VDP | Free | |
Plugbounty | [Website] | Bug bounty platform for plugins, themes, extensions, libraries | Free | |
RedStorm | [Website] | VDP & bug bounty platform | Free | |
SafeHats | [Website] | Bug bounty platform | Free | |
ScanTitan | [Website] | Crowdsourced pentest | Free | |
SSD Secure Disclosure | [Website] | Rewarded responsible disclosure service | Free | |
SynAck Red Team | [Website] | Crowdsourced pentest and bug bounty platform | Free | |
Yes We Hack | [Website] | European bug bounty platform based on the legislation and rules in force in european countries | Free | |
Yogosha | [Website] | Bug bounty platform | Free | |
Zero Day Initiative | [Website] | Rewarded responsible disclosure service | Free | |
Zerocopter | [Website] | Invite-only and closed bug bounty platform | Free | |
ZeroDisclo.com | [Website] | Coordinated disclosure platform by YesWeHack | Free |
Resources
Note: Paid resources may exist in a free limited version or a demo version
Bug bounty, pentest and disclosure platforms
Challenges platforms
Name | Website | Source | Description | Price |
---|---|---|---|---|
ae27ff | [Website] | Challenge platform | Free | |
Backdoor | [Website] | Practice area with some past CTF challenges | Free | |
BattleHack | [Website] | Challenge platform | Paid | |
Begin.re | [Website] | Binary reverse guided challenges for beginners | Free | |
BugBountyHunter | [Website] | Learn how to test for security vulnerabilities on web applications with our various real-life web applications; security researcher tutorials, guides, writeups | Paid | |
CanYouHack.It | [Website] | Challenge platform | Free | |
Challenge Land | [Website] | Challenge platform | Free | |
CryptoHack | [Website] | Crypto challenges platform | Free | |
Cryptopals | [Website] | Crypto challenges platform | Free | |
CTFLearn | [Website] | Challenge platform | Free | |
CyberDefenders | [Website] | Training platform focused on the defensive side of cybersecurity, aiming to provide a place for blue teams to practice | Free | |
DefendTheWeb | [Website] | Challenge platform | Free | |
Electrica | [Website] | Programming, cryptography challenges | Free | |
EnigmaGroup | [Website] | Challenge platform | Free | |
Exploit Education | [Website] | Exercises and resources about vulnerability analysis, exploit development, software debugging, binary analysis, and general cyber security issues | Free | |
Exploit Exercises | [Website] | VMs, documentation and challenges | Free | |
FreeHackQuest | [Website] | [Source] | Challenge platform | Free |
Flag4jobs | [Website] | Challenge platform with job offers | Free | |
Gekkó | [Website] | Challenge platform | Free | |
Graker | [Website] | Binary challenges having a slow learning curve, and write-ups for each level (SSH connection) | Free | |
Hack The Box | [Website] | Challenge platform | Paid | |
Hack This Site | [Website] | Challenge platform and community | Free | |
HackBBS | [Website] | Challenge platform and community | Free | |
HackCenter | [Website] | Private challenge platforms | Free | |
Hacker Gateway | [Website] | Challenge platform | Free | |
Hacker.org | [Website] | Challenge platform | Free | |
Hacking Lab | [Website] | Challenge platform with teachers and solutions | Free | |
Hackropole | [Website] | Challenge platform; challenges from previous years FCSC | Free | |
HackThis!! | [Website] | Challenge platform | Free | |
HackViser | [Website] | Challenge platform | Paid | |
ImmersiveLabs | [Website] | Story-driven exercises and practical, gamified labs | Paid | |
IO | [Website] | Binary challenges (SSH connection) | Free | |
LOST-Chall | [Website] | Challenge platform | Free | |
Microcorruption | [Website] | Platform including many challenges about embedded devices security; using a debugger the goal is to to unlock the smart lock device by finding vulnerabilities like memory corruption bugs; it involves assembly knowledge and reverse-engineering | Free | |
Mod-X | [Website] | Challenge platforms through a fictional game | Free | |
Net-Force | [Website] | Challenge platform | Free | |
NCP | [Website] | NICE Challenge Project by the NIST and the NSA (for American students only) | Free | |
Over The Wire | [Website] | [Source] | Challenge platform | Free |
OWASP Juice Shop | [Website] | [Source] | Online demo instance of the OWASP Juice Shop | Free |
Pwnable.kr | [Website] | Pwn challenges | Free | |
pwnable.tw | [Website] | Pwn challenges | Free | |
Rankk | [Website] | Programming, cryptography challenges | Free | |
RedTigers Hackit | [Website] | PHP / SQL challenge platform | Free | |
Reversing.Kr | [Website] | Cracking and Reverse Code Engineering challenge platform | Free | |
Revolution Elite | [Website] | Math and programming challenges | Free | |
Ringzer0Team | [Website] | Challenge platform | Free | |
Root-me | [Website] | Challenge platform | Paid | |
RoseCode | [Website] | Challenge platform | Free | |
SecDim | [Website] | Defensive programming challenges, wargames and learning modules | Paid | |
Security Traps | [Website] | Challenge platform | Free | |
SmashTheStack | [Website] | Mostly binary challenges | Free | |
Solve Me | [Website] | Challenge platform | Free | |
SPOJ | [Website] | Programming challenges | Free | |
Stereotyped Challenges | [Website] | Web challenges | Free | |
Tasteless | [Website] | Challenge platform | Free | |
TheBlackSheep | [Website] | Challenge platform | Free | |
ThisisLegal.com | [Website] | Challenge platform | Free | |
TryHackMe | [Website] | Challenge platform with deployable machines; there are also tutorials and courses | Paid | |
TryThis0ne | [Website] | Challenge platform | Free | |
Valhalla | [Website] | Challenge platform and community | Free | |
Virtual Hacking Labs | [Website] | Virtual penetration testing environment with courses and VMs | Paid | |
VulnHub | [Website] | VM-based challenges | Free | |
VulnMachines | [Website] | Challenge platform | Free | |
WebHacking | [Website] | Web challenges | Free | |
W3Challs | [Website] | Challenge platform | Free | |
WeChall | [Website] | Challenge platform | Free | |
wixxerd | [Website] | Challenge platform | Free | |
WTHack | [Website] | Challenge platform | Free | |
yoire | [Website] | Challenge platform | Free | |
Zenk-security | [Website] | Challenge platform and community | Free | |
ZSIS CTF | [Website] | Challenge platform | Free | |
µContest | [Website] | Programming challenges | Free |
CVE
Name | Website | Source | Description | Price |
---|---|---|---|---|
Archlinux security issues | [Website] | CVE affecting Archlinux | Free | |
AttackerKB | [Website] | Forum for the security community to share insights and views that help security professionals better understand the risk in their environment and make more informed decisions around prioritization and defense | Free | |
CISA Known Exploited Vulnerabilities Catalog | [Website] | Known Exploited Vulnerabilities Catalog | Free | |
CVE Details | [Website] | Advanced CVE datasource | Free | |
CVExploits | [Website] | Search engine to find exploits related to a CVE | Free | |
Debian security issues | [Website] | CVE affecting Debian | Free | |
Mitre | [Website] | CVE datasource standard | Free | |
NVD | [Website] | CVE datasource | Free | |
Red Hat security issues | [Website] | CVE affecting Red Hat | Free | |
OpenCVE | [Website] | Customizable CVE dashboard, track vulnerabilities that concern you (previously named Saucs) | Free | |
SUSE security issues | [Website] | CVE affecting SUSE | Free | |
Ubuntu security issues | [Website] | CVE affecting Ubuntu | Free | |
VULDB | [Website] | Community-driven vulnerability database | Free | |
VulnIQ | [Website] | Vulnerability database with CVE, OVAL, CWE, CAPEC, etc. | Free |
Events
Name | Website | Source | Description | Price |
---|---|---|---|---|
CFP TIME | [Website] | World Call For Papers (CFP) agenda for security conferences | Free | |
CTF TIME | [Website] | World CTF agenda and scoreboard | Free | |
InfoSec Conferences | [Website] | World cybersecurity conferences agenda | Free | |
SecurityCTF (reddit) | [Website] | Community for security CTF announcements and writeups | Free |
Information, News, Blog
Name | Language | Website | Source | Description | Price |
---|---|---|---|---|---|
hackndo | French | [Website] | Blog about pentesting | Free | |
InfoSecAdemy | English | [Website] | Blog about pentesting | Free | |
Hacking Loops | English | [Website] | Blog about pentesting | Free | |
KitPloit | English | [Website] | Tools presentation and announcement | Free | |
Latest Hacking News | English | [Website] | Cybersecurity news, tools presentation and announcement | Free | |
Offensive OSINT | English | [Website] | OSINT articles from an offensive perspective | Free | |
Pentest Blog | English | [Website] | Blog targeting pentesters: security advisories, OS, appsec, network, tools, articles | Free | |
Security List Network | English | [Website] | Tools presentation and announcement | Free |
Knowledge and tools
Name | Website | Source | Description | Price |
---|---|---|---|---|
Argument Injection Vectors | [Website] | [Source] | Curated list of exploitable options when dealing with argument injection bugs and association between CVEs and vectors | Free |
azure-mindmap | [Source] | Mindmap listing all possible compromise paths when faced with an Azure environment during a cloud security engagement | Free | |
Bootloaders | [Website] | [Source] | Curated list of known malicious bootloaders for various operating systems | Free |
bounty-targets-data | [Source] | Hourly-updated data dumps of bug bounty platform scopes that are eligible for reports | Free | |
Bug Bounty Guide | [Website] | [Source] | Launchpad for bug bounty programs and bug bounty hunters | Free |
Bug Bounty Hunting | [Website] | Search engine for bug bounty writeups, payloads and tips | Free | |
Bug Bounty Reference | [Source] | A list of bug bounty write-up that is categorized by the bug nature | Free | |
C2 Matrix | [Source] | A table comparing most C2 frameworks | Free | |
Can I take over XYZ? | [Source] | List of services and how to claim (sub)domains with dangling DNS records | Free | |
Cloud Security Atlas | [Website] | Risk register for cloud threats and vulnerabilities, search and filter by cloud provider platform, risk type, and sort by impact, exploitability, and recency | Free | |
Cloudvulndb | [Website] | List all known cloud vulnerabilities and CSP security issues | Free | |
CSP Bypass Search | [Website] | [Source] | Helps bypass restrictive domain whitelist based CSP and exploit XSS vulnerabilities | Free |
ctf-tools | [Source] | Setup scripts for security tools | Free | |
CXSECURITY | [Website] | Exploit index | Free | |
deepdarkCTI | [Source] | Collection of Cyber Threat Intelligence sources from the deep and dark web | Free | |
DefaultPassword | [Website] | Default passwords for many devices and services | Free | |
dioterms | [Website] | [Source] | Vulnerability disclosure policy templates; terms for Vulnerability Disclosure Policy (VDP) and Bug Bounty Policy (BBP) | Free |
Exploitalert | [Website] | Exploit index; semi-automatic intelligence supervised by a human operator to find publicly available exploits in the Internet | Free | |
Exploit Database | [Website] | Exploit index; aka EDB or Exploit-DB; can be searched from the CLI with searchploit, sploitctl, getsploit and many other third party tools | Free | |
Extended BApp Store | [Website] | Burp Suite extensions search engine | Free | |
Filesec.io | [Website] | Curated list of file extensions being used by attackers | Free | |
findsecuritycontacts.com | [Website] | [Source] | List of security contacts for websites extracted from security.txt and dnssecuritytxt | Free |
Forensics Wiki | [Website] | Forensics tips and tools | Free | |
fuzzdb | [Website] | Dictionaries of fault injection patterns, predictable resource locations, and regex for matching server responses | Free | |
GHDB | [Website] | Google Hacking Database; Collection of google dorks | Free | |
Guifre | [Website] | Security, system and network cheatsheets | Free | |
GTFOBins | [Website] | [Source] | Curated list/cheatsheet of Unix binaries that can be exploited by an attacker to bypass local security restrictions, obtain shells, read files | Free |
GraphQL Threat Matrix | [Source] | GraphQL threat framework to research security gaps in GraphQL implementations; documente features and limits of various engines | Free | |
Hacking the cloud | [Source] | Encyclopedia of the attacks/tactics/techniques for offensive cloud exploitation | Free | |
HackTricks | [Website] | [Source] | Guide and cheatsheet for pentesting: shell, linux exploitation, windows exploitation, mobile app pentesting, network pentesting, web pentesting, binary exploit, forensics, crypto, backdoor, etc. | Free |
HackTricks Cloud | [Website] | [Source] | Guide and cheatsheet for cloud pentesting: CI/CD, Kubernetes, GCP, GWS, AWS, Azure, Digital Ocean, IBM Cloud, etc. | Free |
Havoc store | [Website] | [Source] | Havoc modules and extensions store | Free |
HijackLibs | [Website] | [Source] | Tracking publicly disclosed DLL hijacking opportunities | Free |
HTML5 Security Cheatsheet | [Website] | XSS vector making use of HTML5, HTML4, CSS, DOM, UFT7, SVG, JSON, etc ... | Free | |
Internal All The Things | [Website] | [Source] | Active Directory, internal infrastructure and cloud penetration test, red team cheatsheets | Free |
Kaonashi | [Source] | Wordlist, hashcat rules and hashcat masks from Kaonashi project (RootedCON 2019) | Free | |
Linux kernel syscall tables | [Website] | [Source] | Browsable linux kernel syscall tables built with Systrack | Free |
LOFLCAB | [Website] | [Source] | Living off the Foreign Land Cmdlets and Binaries; curated list of cmdlets and binaries that are capable of performing activities from the local Windows system to a remote system | Free |
LOLAPPS | [Website] | [Source] | Living Off The Land Applications; curated list of applications that have been used & abused for adversarial gain | Free |
LOLBAS | [Website] | [Source] | Living Off The Land Binaries and Scripts; curated list/cheatsheet of Windows binaries that can be exploited by an attacker to bypass local security restrictions, obtain shells, read files | Free |
LOLDrivers | [Website] | [Source] | Living Off The Land Drivers; curated list of Windows drivers used by adversaries to bypass security controls and carry out attacks | Free |
LOLOL | [Website] | Living Off the Living Off the Land; collection of curated list/cheatsheet of commands and other resources that can be abused or allow security bypass on various environments | Free | |
LOOBins | [Website] | [Source] | Living Off the Orchard macOS Binaries; curated list/cheatsheet of macOS binaries that can be exploited by an attacker for malicious purpose | Free |
LOTHardware | [Website] | Living Off The Hardware; curated list of guidance for offensive hardware and offensive devices | Free | |
LOTS | [Website] | Living Off Trusted Sites; curated list of popular legitimate domains used by attackers to conduct phishing, C&C, exfiltration and downloading tools to evade detection | Free | |
MalAPI | [Website] | Maps Windows APIs to common techniques used by malware | Free | |
Malware Traffic Analysis | [Website] | Malware traffic analysis blog and pastebin posts with pcap and malware samples attached; traffic analysis exercises | Free | |
MD5 maxmin record | [Website] | Collection of various extremes of MD5 hashes | Free | |
MDN - Event reference | [Website] | DOM Events reference, useful for XSS | Free | |
MichMich | [Website] | Personal pentest notes and cheat sheets | Free | |
Microsoft Wont-Fix-List | [Source] | List of vulnerabilities or design flaws Microsoft does not intend to fix | Free | |
NetSPI SQL Injection Wiki | [Website] | [Source] | A wiki knowledge base focused on SQL injection for various DBMS | Free |
Packet Storm | [Website] | Exploit index and security news | Free | |
Payloads All The Things | [Website] | [Source] | A list of useful payloads and bypass for Web Application Security and Pentest/CTF | Free |
Pentesting Azure Mindmap | [Source] | Mindmap to get the Global Admin access for Azure penetration tests | Free | |
persistence-info | [Website] | [Source] | Curated list of techniques to gain Windows persistence | Free |
Portswigger - XSS cheat sheet | [Website] | XSS cheat sheet containing many vectors that can help bypassing WAFs and filters | Free | |
Priv2Admin | [Source] | Exploitation paths allowing to use the Windows Privileges to elevate rights within the OS | Free | |
Privacy Tools | [Website] | [Source] | Website that provides knowledge and tools to protect your privacy against global mass surveillance | Free |
Probable Wordlists | [Source] | Password lists sorted by probability originally created for password generation and testing | Free | |
PTES | [Website] | The penetration testing execution standard covers all steps related to a penetration test | Free | |
Red Teaming Tactics and Techniques | [Website] | [Source] | Exploring Red Teaming tactics and techniques, some of the common offensive security techniques involving gaining code execution, lateral movement, persistence and more | Free |
Red Teaming and Malware Analysis | [Website] | Notes on red teaming, pentest and malware analysis | Free | |
RubyFu | [Website] | [Source] | Offensive Ruby book | Free |
SecLists | [Source] | Collection of multiple types of lists used during security assessments, collected in one place; include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, etc. | Free | |
Security Certification Roadmap | [Website] | [Source] | Map referencing all security certifications existing in several categories: Implementation, Architecture, Management, Analysis, Defensive Operations, Offensive Operations | Free |
Sploitus | [Website] | Exploit search engine (PacketStorm, Exploit-DB, 0day.today, etc.) and tools search engine (KitPloit) | Free | |
SSH Hardening Guides | [Website] | Guides to hardening SSH on various systems | Free | |
SSL Checklist for Pentesters (Explore Security) | [Website] | List of SSL/TLS checks that can be performed manually with OpenSSL or a web browser | Free | |
StegOnline checklist | [Website] | [Source] | CTF Image Steganography Checklist | Free |
The Bug Hunter's Methodology | [Source] | A collection of tips, tricks, tools, analysis and notes related to web application security assessments and more specifically towards bug hunting in bug bounties | Free | |
The Hacker Recipes | [Website] | Guide and knowledge base for pentesting: active directory services, servers, web services, intelligence gathering, physical intrusion, social engineering, phishing, mobile apps | Free | |
The Hacking Tool Trove | [Website] | THTT; tools cheat sheets, tools command examples, tools references | Free | |
TIBER-EU | [Website] | European framework for threat intelligence-based ethical red-teaming | Free | |
Unprotect | [Website] | Database of information about malware evasion techniques | Free | |
Vergilius | [Website] | A collection of Microsoft Windows kernel structures, unions and enumerations; most of them are not officially documented and cannot be found in Windows Driver Kit (WDK) headers | Free | |
VOID | [Website] | Verica Open Incident Database; community-contributed collection of software-related incident reports | Free | |
VRT | [Website] | [Source] | Bugcrowd Vulnerability Rating Taxonomy (VRT) provides a baseline vulnerability priority scale for bug hunters and organizations | Free |
vx-underground | [Website] | Collection of malware source code, samples, and papers | Free | |
WADComs | [Website] | [Source] | Interactive cheat sheet, containing a curated list of offensive security tools and their respective commands, to be used against Windows/AD environments | Free |
WEAKPASS | [Website] | Index of wordlists for brute-force attacks | Free | |
Windows & Active Directory Exploitation Cheat Sheet and Command Reference | [Website] | Windows & Active Directory exploitation: enumeration, exploitation, lateral movement, privilege escalation, persistence, domain persistence, post-exploitation | Free | |
WTFBins | [Website] | [Source] | Curated list of legitimate binaries that behaves exactly like malware | Free |
XSS Payloads | [Website] | Provides advanced XSS payload, tools and documentation about XSS | Free |
National security agencies and services
Name | Country | Website | Source | Description |
---|---|---|---|---|
ANSSI | France | [Website] | Agence Nationale de la Sécurité des Systèmes d'Information, French service responsible for computer security | |
ASD | Australia | [Website] | Australian Signals Directorate, Australian service responsible for computer security | |
CCB | Belgium | [Website] | Centre for Cyber Security Belgium, Belgium service responsible for computer security | |
CNSS | United States of America | [Website] | Committee on National Security Systems, USA intergovernmental organization for the security of the USA security systems | |
CSE/CST | Canada | [Website] | Communications Security Establishment/Centre de la sécurité des télécommunications, Canadian service responsible for computer security | |
ENISA | [Website] | European Network and Information Security Agency, European Union service responsible for computer security | ||
NCSC | Great Britain | [Website] | National Cyber Security Center, United Kingdom service responsible for computer security | |
NIST | United States of America | [Website] | National Institute of Standards and Technology, Metrology laboratory and non-regulatory agency of the USA Department of Commerce | |
NSA | United States of America | [Website] | National Security Agency, United States of America service responsible for computer security |
Non english
Name | Language | Website | Source | Description | Price |
---|---|---|---|---|---|
Bamboofox | Chinese | [Website] | CTF guide | Free | |
CERT.pl challenges | Polish | [Website] | Prequals challenge of the Polish CTF team for ECW | Free | |
ctfs.me | Indonesian | [Website] | Challenges platform, challenges are in english | Free | |
elhacker.net | Spanish | [Website] | Challenges platform | Free | |
Flu-Project | Spanish | [Website] | Challenge platform, guides and news | Free | |
Hack Players | Spanish | [Website] | Challenge platform, guides and news | Free | |
Hacking-Challenges | German | [Website] | Challenges platform | Free | |
Happy-Security | German | [Website] | Challenges platform | Free | |
MIPT CTF | Russian | [Source] | CTF guide | Free | |
NewbieContest | French | [Website] | Challenge platform | Free | |
NOE | Korean | [Website] | Challenge platform | Free | |
SuNiNaTaS | Korean | [Website] | Challenge platform | Free | |
TDHack | Polish | [Website] | Challenge platform | Free | |
TheBlackSide | French | [Website] | Challenge platform | Free | |
Tower CTF | French | [Website] | Challenge platform | Free | |
World of Wargame | Spanish | [Website] | Challenge platform | Free | |
XCTF Agenda | Chinese | [Website] | World CTF agenda | Free | |
Yashira | Spanish | [Website] | Challenge platform | Free |
Trainings and courses
Name | Website | Source | Description | Price |
---|---|---|---|---|
API Security Academy | [Website] | [Source] | Platform dedicated to understand and secure GraphQL applications | Free |
Bugcrowd University | [Website] | [Source] | Modules with slides, videos and sometimes labs to learn web security, by Bugcrowd | Free |
CoursesOnline | [Website] | Browse cyber security courses from a range of training providers, with options for beginners and those with more experience | Paid | |
Cybersecurity Guide | [Website] | List of degree programs, scholarships, and certifications | Free | |
Cybrary | [Website] | Cyber Security learning, training and certification | Paid | |
flAWS | [Website] | Learn about common mistakes and gotchas when using Amazon Web Services (AWS) from an offensive perspective | Free | |
flAWS 2 | [Website] | Learn about common mistakes and gotchas when using Amazon Web Services (AWS) from an offensive and defensive perspective | Free | |
Hacker101 | [Website] | [Source] | Class for web security targeting bug bounty hunters and security professionals, with video lessons and a CTF platform, by HackerOne | Free |
Hextree | [Website] | Hacking courses platform organized as micro learning | Paid | |
ITonlinelearning | [Website] | Training provider who offers certified online courses in IT, cyber security, and ethical hacking (CompTIA and EC-Council) | Paid | |
OWASP Vulnerable Web Applications Directory | [Website] | [Source] | Comprehensive and registry of all known vulnerable web applications currently available | Free |
PentestAcademy | [Website] | Cyber Security training with an online lab | Paid | |
PentesterLab | [Website] | Pentest lab with exercises and videos: Unix, PCAP, HTTP, Code review, serialization, JWT, real vulnerabilities, GraphQL, common web vulnerabilities, MiTM, authentication (oAuth, SAML), Android, recon, advanced attacks, API, etc. | Paid | |
Portswigger Web Security Academy | [Website] | Web Security training with an online lab | Free | |
Pwned Labs | [Website] | Cloud security labs | Paid | |
SANS | [Website] | Escal Institute of Advanced Technologies provides courses, certifications and learning materials | Paid | |
Virtual Hacking Labs | [Website] | Pentest lab | Paid |
Tutorials
Name | Website | Source | Description | Price |
---|---|---|---|---|
Cobalt - Getting Started with Android Application Security | [Website] | Tutorial covering Android core, application components, security testing, testing environment, adb usage, bypassing SSL pinning, reverse engineering APK | Free | |
CTF Field Guide | [Website] | [Source] | CTF guide | Free |
CTF Resources | [Website] | [Source] | CTF guide | Free |
Infosec Institute - What a Challenger Perceives in most CTF Categories/Challenges | [Website] | Questions a challenger can ask himself during a CTF, classed by category | Free | |
ISIS Lab Wiki | [Website] | CTF guide | Free | |
Endgame - How to Get Started in CTF | [Website] | Tutorial for CTF beginners | Free | |
NIZKCTF tutorial | [Source] | Tutorial to set up NIZKCTF | Free | |
Xapax IT-Security Notebook | [Website] | [Source] | Overview guide for all kind of pentesting | Free |
Writeups collections and challenges source
Name | Website | Source | Description | Price |
---|---|---|---|---|
Captf | [Website] | Dumped CTF challenges | Free | |
CTFs write-ups | [Source] | Write-ups archive | Free | |
hackthebox-writeups | [Source] | Writeups for HacktheBox machines and challenges (PDF) | Free | |
Pwning OWASP Juice Shop | [Website] | [Source] | Official companion guide to the OWASP Juice Shop | Free |
pwntools writeups | [Source] | Write-ups using pwntools archive | Free | |
tryhackme-writeups | [Source] | Writeups for TryHackMe rooms (walkthrough & challenge) | Free |