Cyber-Security-Learning-Resources
Material Untuk Belajar Cyber Security.
Project maintained by dimasma0305
Hosted on GitHub Pages — Theme by mattgraham
Original link: link
,----------------, ,---------,
,-----------------------, ," ,"|
," ,"| ," ," |
+-----------------------+ | ," ," |
| .-----------------. | | +---------+ |
| | | | | | -==----'| |
| | WELCOME TO THE | | | | | |
| | /r/hacking wiki | | |/----|`---= | |
| | C:\>_ | | | ,/|==== ooo | ;
| | | | | // |(((( [33]| ,"
| `-----------------' |," .;'| |(((( | ,"
+-----------------------+ ;; | | |," -Kevin Lam-
/_)______________(_/ //' | +---------+
___________________________/___ `,
/ oooooooooooooooo .o. oooo /, \,"-----------
/ ==ooooooooooooooo==.o. ooo= // ,`\--{)B ,"
/_==__==========__==_ooo__ooo=_/' /___________,"
`-----------------------------'
Welcome to /r/hacking!
A subreddit dedicated to hacking and hacking culture.
What we are about: quality and constructive discussion about the culture, profession and love of hacking.
This sub is aimed at those with an understanding of hacking - please visit /r/HowToHack for posting beginner links and tutorials; any beginner questions should be directed there as they will result in a ban here.
Guides and tutorials are welcome here as long as they are suitably complex and most importantly legal!
Please don’t post illegal stuffs. Bans are handed out at moderator discretion.
Rules
- Keep it legal. Hacking can be a grey area but keep it above board. Discussion around the legality of issues is ok, encouraging or aiding illegal activities is not.
- We are not your personal army. This is not the place to try to find hackers to do your dirty work and you will be banned for trying. This includes: Asking someone to hack for you, trying to hire hackers, asking for help with your DoS, asking how to get into your “girlfriend’s” instagram, and offering to do these things will also result in a ban.
- No “how do i start hacking?” posts. See /r/howtohack or the stickied post. Intermediate questions are welcomed - e.g. “How does HSTS prevent SSL stripping?” is a good question. “How do I hack wifi with Kali?” is bad.
- No “I got hacked” posts unless it’s an interesting post-mortem of a unique attack. Your nan being phished doesn’t count.
- Sharing of personal data is forbidden - no doxxing or IP dumping.
- Spam is strictly forbidden and will result in a ban. Professional promotion e.g. from security firms/pen testing companies is allowed within the confines of site-wide rules on self promotion found here, but will otherwise be considered spam.
- Off-topic posts will be treated as spam.
- Low-effort content will be removed at moderator discretion.
- We are not tech support, these posts should be kept on /r/techsupport.
- Don’t be a dick. Play nice, support each other and encourage learning.
FAQ
Beginning & Basics to hacking
How do I start hacking?
Hacking is an incredibly broad topic.There’s is no single “hacking” action. You will need to describe what you want to learn. This post will help you define hacking. From there, check out resources related to the areas of hacking you are interested in.
Past Threads:
Where should I start?
Again, narrow down what you want to learn. There is simply too much in the wide world of hacking to not narrow it down. Here are a few resources that provide a good general basis:
-
Hacking: the art of exploitation (amazon) - General overview of hacker mentality and basic exploitation techniques
-
Violent Python (amazon) - Using basic python skills to create powerful tools for offence and defence.
-
Web Application Hacker’s Handbook (amazon) - Very in depth guide to website security and common vulnerabilities.
-
Practical Malware Analysis (amazon) - This will teach you how to analyze malware thoroughly. Yes, it will teach you how malware is written and how malware authors think.
Has my password been leaked, stolen or compromised? How can I check?
https://haveibeenpwned.com
Have I been hacked? What do I do if I’ve been hacked?
http://www.helpivebeenhacked.com/
Resources
News
Conferences
History
Reading & Culture
Another one got caught today, it’s all over the papers. “Teenager Arrested in Computer Crime Scandal”, “Hacker Arrested after Bank Tampering”…
Damn kids. They’re all alike.
But did you, in your three-piece psychology and 1950’s technobrain, ever take a look behind the eyes of the hacker? Did you ever wonder what made him tick, what forces shaped him, what may have molded him?
I am a hacker, enter my world…
Mine is a world that begins with school… I’m smarter than most of the other kids, this crap they teach us bores me…
Damn underachiever. They’re all alike.
I’m in junior high or high school. I’ve listened to teachers explain for the fifteenth time how to reduce a fraction. I understand it. “No, Ms. Smith, I didn’t show my work. I did it in my head…”
Damn kid. Probably copied it. They’re all alike.
I made a discovery today. I found a computer. Wait a second, this is cool. It does what I want it to. If it makes a mistake, it’s because I screwed it up. Not because it doesn’t like me… Or feels threatened by me… Or thinks I’m a smart ass… Or doesn’t like teaching and shouldn’t be here…
Damn kid. All he does is play games. They’re all alike.
And then it happened… a door opened to a world… rushing through the phone line like heroin through an addict’s veins, an electronic pulse is sent out, a refuge from the day-to-day incompetencies is sought… a board is found. “This is it… this is where I belong…” I know everyone here… even if I’ve never met them, never talked to them, may never hear from them again… I know you all…
Damn kid. Tying up the phone line again. They’re all alike…
You bet your ass we’re all alike… we’ve been spoon-fed baby food at school when we hungered for steak… the bits of meat that you did let slip through were pre-chewed and tasteless. We’ve been dominated by sadists, or ignored by the apathetic. The few that had something to teach found us willing pupils, but those few are like drops of water in the desert.
This is our world now… the world of the electron and the switch, the beauty of the baud. We make use of a service already existing without paying for what could be dirt-cheap if it wasn’t run by profiteering gluttons, and you call us criminals. We explore… and you call us criminals. We seek after knowledge… and you call us criminals. We exist without skin color, without nationality, without religious bias… and you call us criminals. You build atomic bombs, you wage wars, you murder, cheat, and lie to us and try to make us believe it’s for our own good, yet we’re the criminals.
Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for.
I am a hacker, and this is my manifesto. You may stop this individual, but you can’t stop us all… after all, we’re all alike.
~ The Conscience of a Hacker aka The Hacker Manifesto - Written on January 8, 1986
Malware
Viruses & Worms
History
Hackers
- Adrian Lamo - gained media attention for breaking into several high-profile computer networks, including those of The New York Times, Yahoo!, and Microsoft, culminating in his 2003 arrest. Lamo was best known for reporting U.S. soldier Chelsea Manning to Army criminal investigators in 2010 for leaking hundreds of thousands of sensitive U.S. government documents to WikiLeaks.
- Albert Gonzales - an American computer hacker and computer criminal who is accused of masterminding the combined credit card theft and subsequent reselling of more than 170 million card and ATM numbers from 2005 to 2007: the biggest such fraud in history.
- Andrew Auernheimer (known as Weev) - Went to jail for using math against AT&T website.
- Barnaby Jack - was a New Zealand hacker, programmer and computer security expert. He was known for his presentation at the Black Hat computer security conference in 2010, during which he exploited two ATMs and made them dispense fake paper currency on the stage. Among his other most notable works were the exploitation of various medical devices, including pacemakers and insulin pumps.
- Benjamin Delpy - Mimikatz
- DVD-Jon - He wrote the DeCSS software, which decodes the Content Scramble System used for DVD licensing enforcement.
- Eric Corley (known as Emmanuel Goldstein) - 2600
- Gary McKinnon - a Scottish systems administrator and hacker who was accused in 2002 of perpetrating the “biggest military computer hack of all time,” although McKinnon himself states that he was merely looking for evidence of free energy suppression and a cover-up of UFO activity and other technologies potentially useful to the public. 👽🛸
- George Hotz aka geohot - “The former Facebook engineer took on the giants of the tech world by developing the first iPhone carrier-unlock techniques,” says Mark Greenwood, head of data science at Netacea, “followed a few years later by reverse engineering Sony’s PlayStation 3, clearing the way for users to run their own code on locked-down hardware. George sparked an interest in a younger generation frustrated with hardware and software restrictions being imposed on them and led to a new scene of opening up devices, ultimately leading to better security and more openness.”
- Guccifer 2.0 - a persona which claimed to be the hacker(s) that hacked into the Democratic National Committee (DNC) computer network and then leaked its documents to the media, the website WikiLeaks, and a conference event.
- Hector Monsegur (known as Sabu) - an American computer hacker and co-founder of the hacking group LulzSec. He Monsegur became an informant for the FBI, working with the agency for over ten months to aid them in identifying the other hackers from LulzSec and related groups.
- Jacob Appelbaum - an American independent journalist, computer security researcher, artist, and hacker. He has been employed by the University of Washington, and was a core member of the Tor project, a free software network designed to provide online anonymity.
- James Forshaw - one of the world’s foremost bug bounty huners
- Jeanson James Ancheta - On May 9, 2006, Jeanson James Ancheta (born 1985) became the first person to be charged for controlling large numbers of hijacked computers or botnets.
- Jeremy Hammond - He was convicted of computer fraud in 2013 for hacking the private intelligence firm Stratfor and releasing data to the whistle-blowing website WikiLeaks, and sentenced to 10 years in prison.
- John Draper - also known as Captain Crunch, Crunch or Crunchman (after the Cap’n Crunch breakfast cereal mascot), is an American computer programmer and former legendary phone phreak.
- Kevin Mitnick - Free Kevin
- Kimberley Vanvaeck, credited as being the first virus to be written in C#.
- Lauri Love - a British activist charged with stealing data from United States Government computers including the United States Army, Missile Defense Agency, and NASA via computer intrusion.
- Michael Calce (known as MafiaBoy) - a security expert from Île Bizard, Quebec who launched a series of highly publicized denial-of-service attacks in February 2000 against large commercial websites, including Yahoo!, Fifa.com, Amazon.com, Dell, Inc., E*TRADE, eBay, and CNN.
- Mudge - Peiter C. Zatko, better known as Mudge, is a network security expert, open source programmer, writer, and a hacker. He was the most prominent member of the high-profile hacker think tank the L0pht as well as the long-lived computer and culture hacking cooperative the Cult of the Dead Cow.
- Phineas Fisher - vigilante hacker god
- PRAGMA - Also known as Impragma or PHOENiX, PRAGMA is the author of Snipr, one of the most prolific credential stuffing tools available online.
Hacking Groups
- The 414s - The 414s were a group of computer hackers who broke into dozens of high-profile computer systems, including ones at Los Alamos National Laboratory, Sloan-Kettering Cancer Center, and Security Pacific Bank, in 1982 and 1983.
- The Shadow Brokers - is a hacker group who first appeared in the summer of 2016. They published several leaks containing hacking tools from the National Security Agency (NSA), including several zero-day exploits. Specifically, these exploits and vulnerabilities targeted enterprise firewalls, antivirus software, and Microsoft products.[6] The Shadow Brokers originally attributed the leaks to the Equation Group threat actor, who have been tied to the NSA’s Tailored Access Operations unit.
- Equation Group - The Equation Group, classified as an advanced persistent threat, is a highly sophisticated threat actor suspected of being tied to the Tailored Access Operations (TAO) unit of the United States National Security Agency (NSA).
- Fancy Bear - Fancy Bear (also known as APT28 (by Mandiant), Pawn Storm, Sofacy Group (by Kaspersky), Sednit, Tsar Team (by FireEye) and STRONTIUM (by Microsoft)) is a Russian cyber espionage group. Cybersecurity firm CrowdStrike has said with a medium level of confidence that it is associated with the Russian military intelligence agency GRU.
Software
Groups
Music
Movies & TV
Movies
TV
Anime
- nmap - Port Scanner & Network Exploration Tool
VPNs
If you are gunna be hackin, use a VPN.
Free
- CalyxVPN - CalyxVPN is an open-source VPN service The Calyx Institute offers as part of our non-profit mission. Our VPN is free for everyone on the internet to use, thanks to the generous support of our members.
- RiseUp - Riseup offers Personal VPN service for censorship circumvention, location anonymization and traffic encryption. To make this possible, it sends all your internet traffic through an encrypted connection to riseup.net, where it then goes out onto the public internet. Unlike most other VPN providers, Riseup does not log your IP address.
Paid
- Mullvad - Mullvad is an open-source commercial VPN service based in Sweden.
XSS
Forums
Popular forums in the hacking scene.
- HackForums (EN)
- BlackHatWorld (EN)
RaidForums (EN) - RIP. Seized by the FBI in Feb 2022- OGUsers (EN)
- SentryMBA (EN)
- Nulled (EN)
- UnKnoWnCheaTs (EN)
- MPGH (EN)
- Cracked.to (EN)
- Leakforums (EN)
- XSS (EN/RU)
- Antichat (RU)
- Exploit.in (RU)
- BHF (RU)
- FuckAV (RU)
- Korovka (RU)
CTFs
New to CTFs
If you know nothing about CTFs or this is your first attempt at doing a CTF, it is suggested you read over the Awesome CTF list first.
What is a CTF?
CTF stands for Capture The Flag, a style of hacking event where you have one goal: hack in and find the flag. Flags are placed in various locations – they might be in a file, in the database, stuck into source code, or otherwise – and your goal is to hunt them all down.
CTF for Beginners
- Bandit - The Bandit wargame is aimed at absolute beginners. It will teach the basics needed to be able to play other wargames.
Popular CTFs
- Hack The Box - Hack The Box is an online platform allowing you to test your penetration testing skills and exchange ideas and methodologies with thousands of people in the security field. Click below to hack our invite challenge, then get started on one of our many live machines or challenges.
- Hacker101 CTF - The Hacker101 CTF is a game designed to let you learn to hack in a safe, rewarding environment. Hacker101 is a free educational site for hackers, run by HackerOne. This CTF is another integral component in our plans to make the world a better place, one bug at a time.
- Root Me CTF - Improve your hacking skills in a realistic environment where the goal is to fully compromise, « root » the host!
- Hack This Site - Hack This Site is a free, safe and legal training ground for hackers to test and expand their hacking skills. More than just another hacker wargames site, we are a living, breathing community with many active projects in development, with a vast selection of hacking articles and a huge forum where users can discuss hacking, network security, and just about everything. Tune in to the hacker underground and get involved with the project.
- Hack This! - Want to learn about hacking and network security? Discover how hacks, dumps and defacements are performed and secure your website against hackers with HackThis!!
- OverTheWire - is a brilliant beginner resource. It gets you used to Linux, teaches you about a range of different tools, technologies, protocols etc. Even at the beginning at the challenge it points you in the right direction if you are unsure. This has definitely helped me in more advanced CTF challenges.
- picoCTF - is very good for learning a wide range of skills or just practicing old ones. It includes reverse engineering, binary exploitation, web hacking and more. There is also a great number of walkthroughs online for each challenge should you need to view them.
- Vulnhub - Vulnhub is a popular platform that hosts good boot2root vm’s that range in difficulty. These too have a lot of online walkthroughs in case you need them.
- The National Cyber League - The National Cyber League (NCL) is a biannual cybersecurity competition for high school and college students. The competition consists of a series of challenges that allows students to demonstrate their ability to identify hackers from forensic data, break into vulnerable websites, recover from ransomware attacks, and more
Want to talk about CTFs or techniques? Check out /r/securityCTF.
Want to make your own CTF? Check out ctfd.
Education
Classes (Free and Paid)
Certification Help
Professor Messer Videos
How To Guides & Tutorials
Videos
Reading
Podcasts
- Darknet Diaries - Darknet Diaries produces audio stories specifically intended to capture, preserve, and explain the culture around hacking and cyber security in order to educate and entertain both technical and non-technical audiences.
- Hacking Humans - Join Dave Bittner and Joe Carrigan each week as they look behind the social engineering scams, phishing schemes, and criminal exploits that are making headlines and taking a heavy toll on organizations around the world.
- Security Now - TechTV’s Leo Laporte and I spend somewhat shy of two hours each week to discuss important issues of personal computer security. Sometimes we’ll discuss something that just happened. Sometimes we’ll talk about long-standing problems, concerns, or solutions. Either way, every week we endeavor to produce something interesting and important for every personal computer user.
- Modem Mischief Podcast - Modem Mischief is a true cybercrime podcast. Created, produced and hosted by Keith Korneluk.
Bug Bounty Programs
Get paid to discover vulnerabilities and security issues.
Law
- Computer Fraud and Abuse Act (CFAA) - US - is a United States cybersecurity bill that was enacted in 1986 as an amendment to existing computer fraud law (18 U.S.C. § 1030), which had been included in the Comprehensive Crime Control Act of 1984. The law prohibits accessing a computer without authorization, or in excess of authorization. This is what the FBI is gunna use to bust your ass (or a conspiracy or wire fraud charge) if you fuck around and get caught. Read up about it. If you are busted, the FBI may pressure you into becoming a Confidential Human Source aka a snitch. Do not do it. Lawyer up!
- Computer Misuse Act 1990 - UK - 1990 is a key piece of legislation that criminalizes the act of accessing or modifying data stored on a computer system without appropriate consent or permission.
OSINT
Scanning
- OpenDoor - OpenDoor OWASP is console multifunctional web sites scanner. This application find all possible ways to login, index of/ directories, web shells, restricted access points, subdomains, hidden data and large backups.
- Raccoon - A high performance offensive security tool for reconnaissance and vulnerability scanning
- dirmap - An advanced web directory & file scanning tool that will be more powerful than DirBuster, Dirsearch, cansina, and Yu Jian.一个高级web目录、文件扫描工具,功能将会强于DirBuster、Dirsearch、cansina、御剑。
- dirhunt - Dirhunt is a web crawler optimize for search and analyze directories. This tool can find interesting things if the server has the “index of” mode enabled. Dirhunt is also useful if the directory listing is not enabled. It detects directories with false 404 errors, directories where an empty index file has been created to hide things and much more.
Cracking
Need help cracking a password hash? Try posting the hash to /r/crackthis for help.
Hashes
Passwords
Password & Wordlists (HTTP/HTTPS) - working as of 3/2022
WPA/WPA2
hashcat
Google Dorks
SQLi
- sqlmap - Automatic SQL injection and database takeover tool
- SQLi Dumper
Useful Github Resources
Awesome Lists
- Awesome OSINT - A curated list of amazingly awesome OSINT
- Awesome Malware Analysis - A curated list of awesome malware analysis tools and resources.
- Awesome CTF - A curated list of Capture The Flag (CTF) frameworks, libraries, resources, softwares and tutorials. This list aims to help starters as well as seasoned CTF players to find everything related to CTFs at one place.
- Awesome Hacking - A curated list of awesome Hacking.
- Awesome Honeypots - A curated list of awesome honeypots, plus related components and much more, divided into categories such as Web, services, and others, with a focus on free and open source projects.
- Awesome Incident Response - A curated list of tools and resources for security incident response, aimed to help security analysts and DFIR teams.
- Awesome Vehicle Security - curated list of awesome resources, books, hardware, software, applications, people to follow, and more cool stuff about vehicle security, car hacking, and tinkering with the functionality of your car.
- Awesome Web Security - Curated list of Web Security materials and resources.
- Awesome Lockpicking - A curated list of awesome guides, tools, and other resources relating to the security and compromise of locks, safes, and keys.
- Awesome Cybersecurity Blue Team - A collection of awesome resources, tools, and other shiny things for cybersecurity blue teams.
- Awesome AppSec - A curated list of resources for learning about application security. Contains books, websites, blog posts, and self-assessment quizzes.
- Awesome Security - A collection of awesome software, libraries, documents, books, resources and cool stuff about security.
- Awesome Pentest - A collection of awesome penetration testing resources, tools and other shiny things
Cracking & Bruteforce & Scanning
- Subdomain bruteforce - a subdomain brute forcing tool for windows
- Instashell - Multi-threaded Instagram Brute Forcer without password limit
- Nuclei - a fast tool for configurable targeted scanning based on templates offering massive extensibility and ease of use.
WordPress
- WPScan - WPScan is a free, for non-commercial use, black box WordPress Vulnerability Scanner written for security professionals and blog maintainers to test the security of their WordPress websites. Can be used to discover usernames and bruteforce logins.
- WordPress Exploit Framework - WPXF. A Ruby framework designed to aid in the penetration testing of WordPress systems.
- CMSeeK - CMS Detection and Exploitation suite - Scan WordPress, Joomla, Drupal and over 180 other CMSs
Remote Administration & Payloads
- pupy - Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python
- BYOB (Build Your Own Botnet) - BYOB is an open-source project that provides a framework for security researchers and developers to build and operate a basic botnet to deepen their understanding of the sophisticated malware that infects millions of devices every year and spawns modern botnets, in order to improve their ability to develop counter-measures against these threats.
- QuasarRAT - Free, Open-Source Remote Administration Tool for Windows
- SillyRAT - A Cross Platform multifunctional (Windows/Linux/Mac) RAT.
- TheFatRat - TheFatRat is an exploiting tool which compiles a malware with famous payload, and then the compiled maware can be executed on Linux , Windows , Mac and Android. TheFatRat Provides An Easy way to create Backdoors and Payload which can bypass most anti-virus.
- Powershell RAT - This RAT will help someone during red team engagements to backdoor any Windows machines. It tracks the user activity using screen capture and sends the information to an attacker as an e-mail attachment.
Red Team
- Antivirus Evasion - Various Antivirus evasion tools
- UACMe - Defeating Windows User Account Control by abusing built-in Windows AutoElevate backdoor.
- Genesis Scripting Engine (gscript) - framework to rapidly implement custom droppers for all three major operating systems
- SlackPirate - This is a tool developed in Python which uses the native Slack APIs to extract ‘interesting’ information from a Slack workspace given an access token.
- Empire - Empire 3.0 is a PowerShell and Python 3.x post-exploitation framework.
Phishing
- Gophish - Open-Source Phishing Toolkit
- SocialFish - Educational Phishing Tool & Information Collector
- Evilginx2 - Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
- Modlishka - Modlishka is a powerful and flexible HTTP reverse proxy. It implements an entirely new and interesting approach of handling browser-based HTTP traffic flow, which allows to transparently proxy multi-domain destination traffic, both TLS and non-TLS, over a single domain, without a requirement of installing any additional certificate on the client. What does this exactly mean? In short, it simply has a lot of potential, that can be used in many use case scenarios.
- BlackPhish - Super lightweight with many features and blazing fast speeds.
- The Social Engineer Toolkit (SET) - The Social-Engineer Toolkit is an open-source penetration testing framework designed for social engineering. SET has a number of custom attack vectors that allow you to make a believable attack quickly.
Routers
- RouterSploit - The RouterSploit Framework is an open-source exploitation framework dedicated to embedded devices.
Wifi
- Fluxion - MITM WPA attack toolset
- howmanypeoplearearound - Count the number of people around you 👨👨👦 by monitoring wifi signals 📡
- Wifiphisher - The Rogue Access Point Framework
- wifite2 - Rewrite of the popular wireless network auditor, “wifite”
- wifijammer - Continuously jam all wifi clients and access points within range. The effectiveness of this script is constrained by your wireless card. Alfa cards seem to effectively jam within about a block radius with heavy access point saturation. Granularity is given in the options for more effective targeting.
- hashcatch - Capture handshakes of nearby WiFi networks automatically
- pwnagotchi - Pwnagotchi is an A2C-based “AI” powered by bettercap and running on a Raspberry Pi Zero W that learns from its surrounding WiFi environment in order to maximize the crackable WPA key material it captures (either through passive sniffing or by performing deauthentication and association attacks). This material is collected on disk as PCAP files containing any form of handshake supported by hashcat, including full and half WPA handshakes as well as PMKIDs.
- bettercap - The Swiss Army knife for 802.11, BLE and Ethernet networks reconnaissance and MITM attacks.
Shells
Internet of Things
- Cotopaxi - Set of tools for security testing of Internet of Things devices using protocols: AMQP, CoAP, DTLS, HTCPCP, mDNS, MQTT, MQTT-SN, QUIC, RTSP, SSDP.
Ransomware
- Demonware - Ransomware, made for a demo on ransomware awareness and how easy it is to do. Encrypt every file in your Home and send the key to a remote server.
Misc.
- LaZagne - The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext, APIs, custom algorithms, databases, etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software
- Lazy script
- Sonar.js - A framework for identifying and launching exploits against internal network hosts. Works via WebRTC IP enumeration, WebSocket host scanning, and external resource fingerprinting.
Organizations
Operating Systems
Privacy
- Tails - The Amnesic Incognito Live System. Tails is a live system that aims to preserve your privacy and anonymity. It helps you to use the Internet anonymously and circumvent censorship almost anywhere you go and on any computer but leaving no trace unless you ask it to explicitly.
- Whonix - A High Security Method of Surfing the Internet. Whonix is a desktop operating system designed for advanced security and privacy.
- QubesOS - Qubes is a security-oriented, free and open-source operating system for personal computers that allows you to securely compartmentalize your digital life.
Pentesting
- Kali Linux - /r/KaliLinux - a Debian-derived Linux distribution designed for digital forensics and penetration testing.
- Parrot OS - /r/ParrotOS - a Linux distribution based on Debian with a focus on computer security. It is designed for penetration testing, vulnerability assessment and mitigation, computer forensics and anonymous web browsing.
- BlackArch - an Arch Linux-based penetration testing distribution for penetration testers and security researchers.
Hosting
- Debian - The Universal Operating System
- FreeBSD - FreeBSD is an operating system used to power modern servers, desktops, and embedded platforms.
- Ubuntu - Ubuntu is an open source software operating system that runs from the desktop, to the cloud, to all your internet connected things.
- Fedora - Fedora creates an innovative, free, and open source platform for hardware, clouds, and containers that enables software developers and community members to build tailored solutions for their users.
- CentOS - a Linux distribution that provides a free, enterprise-class, community-supported computing platform functionally compatible with its upstream source, Red Hat Enterprise Linux (RHEL).
- Windows Server 2019
Android
- LineageOS - /r/lineageos - A free and open-source operating system for various devices, based on the Android mobile platform.
- GrapheneOS - /r/GrapheneOS - GrapheneOS is a privacy and security focused mobile OS with Android app compatibility.
Misc.
- Mint - Linux Mint is an elegant, easy to use, up to date and comfortable GNU/Linux desktop distribution.
- Rasberrian - Raspbian is a free operating system based on Debian optimized for the Raspberry Pi hardware.
Credit to u/PM_ME_YOUR_SHELLCODE
Technical Blogs
- nedwill’s security blog - # (#)
- Realmode Labs - Medium - # (#)
- Hanno’s blog - # (#)
- Active Directory Security - # (#)
- Mogozobo - # (#)
- Jump ESP, jump! - # (#)
- Carnal0wnage & Attack Research Blog - # (#)
- gynvael.coldwind//vx.log (pl) - # (#)
- Raelize - # (#)
- DigiNinja - # (#)
- enigma0x3 - # (#)
- Randy Westergren - # (#)
- ZeroSec - Adventures In Information Security - # (#)
- Max Justicz - # (#)
- Blog of Osanda - # (#)
- ADD / XOR / ROL - # (#)
- Intercept the planet! - # (#)
- The Exploit Laboratory - # (#)
- Linux Audit - # (#)
- markitzeroday.com - # (#)
- The Human Machine Interface - # (#)
- Trail of Bits Blog - # (#)
- F-Secure Labs - # (#)
- Exodus Intelligence - # (#)
- Diary of a reverse-engineer - # (#)
- Sean Heelan’s Blog - # (#)
- Alex Chapman’s Blog - # (#)
- MKSB(en) - # (#)
- pi3 blog - # (#)
- Mozilla Attack & Defense - # (#)
- Doyensec’s Blog - # (#)
- TRIOX - # (#)
- secret club - # (#)
- Va_start’s Vulnerability Research - # (#)
- Revers.engineering - # (#)
- phoenhex team - # (#)
- Rhino Security Labs - # (#)
- Zero Day Initiative - Blog - # (#)
- BlackArrow - # (#)
- PortSwigger Research - # (#)
- Praetorian Security Blog - # (#)
- research.securitum.com - # (#)
- Project Zero - # (#)
- Corelan Team - # (#)
- NCC Group Research - # (#)
- Zeta-Two.com - # (#)
- Grsecurity Blog RSS Feed - # (#)
- Positive Technologies - learn and secure - # (#)
- Alexander Popov - # (#)
- Windows Internals Blog - # (#)
- Tyranid’s Lair (James Foreshaw) - # (#)
Less Technical Blogs
- anti-virus rants - # (#)
- Secureworks Blog - # (#)
- Microsoft Security Response Center - # (#)
- ColbaltStrike Blog - # (#)
- CERT Blogs - # (#)
- xorl %eax, %eax - # (#)
- TRUESEC Blog - # (#)
- The Daily Swig - # (#)
- (IN)SECURE Magazine Notifications RSS - # (#)
- Unit42 - # (#)
- r2c website - # (#)
- BREAKDEV - # (#)
- Deeplinks - # (#)
- SANS Internet Storm Center, InfoCON: green - # (#)
- NotSoSecure - # (#)
- TrustedSec - # (#)
- Microsoft Security - # (#)
- Zimperium Mobile Security Blog - # (#)
- Bugcrowd - # (#)
- codeblog - # (#)
- Google Online Security Blog - # (#)
- Mozilla Security Blog - # (#)
- HackerOne - # (#)
- Rendition Infosec - # (#)
- Check Point Research - # (#)
- Offensive Security - # (#)
- Rapid7 Blog - # (#)
Social
- newest submissions : ExploitDev - # (#)
- disclose.io - Latest topics - # (#)
- newest submissions : netsec - # (#)
- newest submissions : websecurityresearch - # (#)
- newest submissions : ReverseEngineering - # (#)
- newest submissions : lowlevel - # (#)
News
- Wired - Security Latest - # (#)
- News ≈ Packet Storm - # (#)
- Naked Security - # (#)
- The Hacker News - # (#)
- ZDNet - Security - # (#)
- Ars Technica - # (#)
-
| Threatpost |
The first stop for security news - # (#) |
- Krebs on Security - # (#)
- Dark Reading: - # (#)
- BleepingComputer - # (#)
Research
- arXiv Crypto and Security Papers - #
- IACR Transactions on Cryptographic Hardware and Embedded Systems - # (#)
- Full Disclosure - # (#)
- Files ≈ Packet Storm - # (#)