This is a list of Information Security resources and tools I've found useful at some time during my study of security and I hope that others will too.
This list is will be updated whenever I've found something awesome to add.
- Recon
- Web
- Vulnerable Web Applications
- Linux
- Exploit Development
- Cryptography
- Privilege Escalation
- Scripting
- Courses
- Labs
- CTF
- Wargames
- OSCP
- Penetration Testing
- Binary Exploitation
- Reverse Engineering
- Malware Samples
- Bug Bounty
- Hacker Blogs
- Controls
- DNS Dumpster
- SecLists
- Sublist3r
- Subfinder
- Amass
- httprobe
- dirsearch
- webscreenshot
- cc.py
- @ITSecurityguard Visual Recon Guide
- Web Application Hacker’s Handbook 2nd Edition
- The Tangled Web
- OWASP Top 10 - 2017
- OWASP Top 10 - 2013
- Portswigger Web Security Blog
- detectify Web Security Blog
- HTTP Status Codes
- Dave Kukfa - Web Application Cheat Sheet
- Damn Vulnerable Web Application (DVWA)
- OWASP Mutillidae 2
- OWASP WebGoat
- Rapid7 Hackazon
- Google Gruyere
- Penetration Testing - A Systematic Approach
- The Red Team Field Manual (RTFM)
- The Hacker Playbook
- IppSec - Hack The Box Walkthrough Videos
- malwareunicorn - How to start reverse engineering malware
- malwareunicorn - RE101
- Ophir Harpaz - Reverse Engineering for Beginners
- Reversing.Kr
- Bug Bounty Forum
- Bug Bounty World
- Bug Bounty Notes
- Pentester Land - List of bug bounty writeups
- FireBounty
- Improving your reports - Google Bughunter University
- Facebook Bounty Hunter's Guide
- Breaking into Information Security: Learning the Ropes 101
- Web Hacking 101
- jhaddix - The Bug Hunters Methodology