Skip to content

This repository is for tools, guides, cheatsheets, and anything else related to learning all different aspects of security.

License

Notifications You must be signed in to change notification settings

Johnson90512/Awesome-Security-Resources

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

46 Commits
 
 
 
 
 
 
 
 

Repository files navigation

title description tags
Awesome Security Resources
A collection of tools, cheatsheets, operating systems, learning materials, and more all related to security. There will also be a section for other Awesome lists that relate to cybersecurity.
penetration-testing
tools
cheatsheet
awesome
security

Awesome Glasses

Awesome Security Resources Awesome

A collection of tools, cheatsheets, operating systems, learning materials, and more all related to security. There will also be a section for other Awesome lists that relate to cybersecurity.

I seem to forget about all the tools and resources when attacking, defending, responding, or looking to learn about cyber security, the purpose of this is to help fix that.

Table of Contents

Security Focused Operating Systems

Name Description
Commando VM Virtual Machine dedicated to penetration testing using Windows 10 built by FireEye.
FLARE-VM Virtual Machine dedicated to malware analysis and reverse engineering using Windows 10 built by FireEye.
Kali Linux Open source linux operating system. Lots of built in tools for penetration testing and offensive security.
Parrot OS Debian-based linux operting system focused on security and privacy. Has lots of built in tools.
SIFT Workstation A group of free open-source incident response and forensic tools designed to perform detailed digital forensic examinations in a variety of settings.

Penetration Testing Tools

These tools are broken up into 4 categories. Enumeration, Exploitation, Privilege Escalation, and Miscellaneous.

  • Enumeration tools are any tools that help in the process of collecting more information about the target being attacked.

  • Exploitation tools are any tools that help in exploiting the target after it has been enumerated.

  • Privilege Escalation tools are the tools that will aid in vertical or horizontal permission change.

  • Micscellaneous tools are any pentesting tools that don't fit in the 3 above categories.

Name Description
Enumeration
Nmap A free and open source utility for network discovery and security auditing.
LinEnum A scripted local linux enumeration tool.
PSPY A command line tool designed to snoop on processes without need for root permissions.
WPScan A free, for non-commercial use, black box WordPress security scanner written for security professionals and blog maintainers to test the security of their WordPress websites.
Exploitation
Exploit Suggester Python script to suggesst different exploits to run on different Linux and Windows machines.
p0wny shell Single-file PHP shell.
SharpCat A Simple Reversed Command Shell which can be started using InstallUtil (Bypassing AppLocker)
ShellPop Generate easy and sophisticated reverse or bind shell commands to help you during penetration tests.
Shellcode tools About miscellaneous tools written in Python, mostly centered around shellcodes.
ZackAttack! A new Tool Set to do NTLM Authentication relaying unlike any other tool currently out there.
Privilege Escalation
DirtyCow POC Table listing the source code to several different variations of dirtycow.
GTFOBins A curated list of Unix binaries that can used to bypass local security restrictions in misconfigured systems.
Unix Privilege Escalation Shell script to check for simple privilege escalation vectors on Unix systems.
Miscellaneous
CyberChef Encoding and decoding tool for a variety of different ciphers.
Kali Tools List of all the tools that are pre-installed on Kali linux and an explanation to what they do.
Hack Tricks Welcome to the page where you will find each hacking trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.
Payload All the Things A list of useful payloads and bypass for Web Application Security and Pentest/CTF.
Pentest Book This book contains a bunch of info, scripts and knowledge used during my pentests.
Pentest Checklist Different Checklists to run through durring a pentest engagement.
PWNTools CTF framework and exploit development library.
Red Team Toolkit A collection of open source and commercial tools that aid in red team operations.
Various Pentest Tools Pentesting tools from a pentester.

DFIR

Name Description
Jeffrey's Image Metadata Viewer Shows the data that might be inside a digital image file.
Steganography Toolkit Collection of steganography tools - helps with CTF challenges.
Volatility An advanced memory forensics framework.
VolUtility Web App for Volatility framework

Malware Analysis

Name Description
Triage Malware sandbox or analysis.
Hybrid Analysis Free automated malware service
Virus Total Online malacious file analyzer

Reverse Engineering

Name Description
GDB The GNU Project Debugger
IDA Dissassembler has been the golden standard for years
Ghidra Ghidra is a software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate.
OllyDbg A 32-bit assembler level analysing debugger for Microsoft Windows.
Radare2 A portable reversing framework.

Networking

Name Description
CCNA Subreddit Subreddit dedicated to the CCNA Exam.
CCNA\CCENT Training Series A full course of 84 videos for CCNA and CCENT Routing and Switching taught by Cisco Instructor Andrew Crouthamel.
CCNA Training Series Youtube Series on CCNA information.
Impacket A collection of Python classes for working with network protocols.
SubnettingPractice The most extensive subnetting practice site on the web!
Subnetting.net Sunetting practice tools.
Wireshark The world’s foremost and widely-used network protocol analyzer.
Wireshark Certified Network Analyst Youtube series of 15 videos about the WCNA.
Wireshark Training Documenation In depth documentation on how to use wireshark.

Exploit Tools

Name Description

OSINT

Name Description
Bing Image Search Reverse image search.
DeHashed A hacked-database search-engine.
DNSDumpster Free domain research tool that can discover hosts related to a domain.
Jeffrey's Image Metadata Viewer Simple and free tool that shows the Exif data on images.
NameCheck Search site for usernames across different platforms.
NameCheckup Search site for usernames across different platforms.
HaveIBeenPwned Check to see if an account has been involved in a databreach.
Scylla.sh Database dumps search site.
Sherlock Hunt down social media accounts by username acrross social networks.
Threat Jammer REST API for developers, security engineers, and other IT professionals to access curated threat intelligence data from a variety of sources.
TinEye Reverse image search.
Online Traceroute Online Traceroute using MTR.
WhatsMyName Tool that allows you to enumerate usernames across many websites.
Yandex Reverse image search.

Practice Sites

Name Description
Attack/Defense Labs Very well built security attack and defense labs.
Certified Hacker Intentionally vulnerable website.
Defend the Web An interactive security platform where you can learn and challenge your skills.
Enigma Group Web application security training.
Exploit Education Provides a variety of resources that can be used to learn about vulnerability analysis, exploit development, software debugging, binary analysis, and general cyber security issues.
FLAWS AWS specific security challenge site.
GameofHacks This game was designed to test your application hacking skills.
Gh0st Networks CTF site for security practice.
Google CTF Yearly CTF hosted by Google.com.
HackMe Site to share vulnerable web applications for practice in web hacking.
HackTheBox Boot to root penetration testing practice site.
HackThisSite Wargame prictice site and community forums.
Hacking Lab An online ethical hacking, computer network and security challenge platform, dedicated to finding and educating cyber security talents.
Hellbound Hackers Hacking practice site.
IO Wargame site to practice hacking skills.
OvertheWire Begniier wargames that teach the basics of security.
Microcorruption Wargame to help in using a debugger and Assembly Language.
PentestIt Penetration Testing Laboratories.
Pentest Practice Online security training environment.
Pentest Training A simple website used as a hub for information revolving around the varies services we offer to help both experienced and new penetration testers practice and hone their skills.
Permanent CTF List List of CTFs that are always available online or able to be downloaded.
Pwnable.kr Wargame site to help improve hacking skills.
Pwnable.tw A wargame site for hackers to test and expand their binary exploiting skills.
Reversing.kr Site to test your Cracking and Reverse Engineering ability.
Ring0CTF Hacking practice site.
RootMe Hacking practice site.
SmashTheStack Site with various wargames available to practice.
Try2Hack This site provides several security-oriented challenges.
TryHackMe Room based site for hacking practice with good instruction.
VulnHub Downloadable virtual machines to practice hacking.
WeChall Security challenge site.
WeChalls Wargames to practice hacking.
Practice Labs
Metasploitable Intentionally vulnerable target machine for evaluating Metasploit
Pentest Lab contains examples to deploy a penetration testing lab on OpenStack provisioned with Heat, Chef and Docker.
SecGen Creates vulnerable virtual machines, lab environments, and hacking challenges, so students can learn security penetration testing techniques.
WebGOAT A deliberately insecure application that allows interested developers just like you to test vulnerabilities commonly found in Java-based applications that use common and popular open source components.

Youtube Channels

Name Description
13Cubed This channel covers information security-related topics including Digital Forensics and Incident Response (DFIR) and Penetration Testing.
Blackhat This is the channel for the security conference, with lots of talks and demonstrations on different security topics.
Guided Hacking A hacking and reverse engineering community with a focus on game hacking.
IppSec This channel shows walkthroughs of different HackTheBox machines.
John Hammond This channel covers solving CTFs and programming.
Learn Forensics This channel is devoted to computer forensics.
LiveOverflow Just a wannabe hacker... making videos about various IT security topics and participating in hacking competitions.
Stacksmashing This channel uses Ghidra to reverse engineer various things.

Awesome Repos

Name Description
Android Security A collection of android security related resources.
Application Security A curated list of resources for learning about application security.
CTF A curated list of CTF frameworks, libraries, resources and softwares.
Cybersecurity Blue Team A curated collection of awesome resources, tools, and other shiny things for cybersecurity blue teams.
DevSecOps Curating the best DevSecOps resources and tooling.
Embedded and IoT Security A curated list of awesome embedded and IoT security resources.
Fuzzing A curated list of awesome Fuzzing(or Fuzz Testing) for software security.
GDPR Protection of natural persons with regard to the processing of personal data and on the free movement of such data.
Hacking - carpedm20 A curated list of awesome Hacking tutorials, tools and resources.
Hacking - Hack with Github A collection of various awesome lists for hackers, pentesters and security researchers.
Hacking - vitalysim A collection of hacking / penetration testing resources to make you better!
Honeypots An awesome list of honeypot resources
Industrial Control Systems Security A curated list of resources related to Industrial Control System (ICS) security.
ICS Writeups Collection of writeups on ICS/SCADA security.
Incident Response A curated list of tools for incident response.
Lockpicking A curated list of awesome guides, tools, and other resources related to the security and compromise of locks, safes, and keys.
Malware Analysis A collention of awesome malware analysis tools
Pentest A collection of awesome penetration testing resources, tools, and other shiny things.
Pcap Tools A collection of tools developed by other researchers in the Computer Science area to process network traces. All the right reserved for the original authors.
Reversing A curated list of awesome reversing resources.
Security A collection of awesome software, libraries, documents, books, resources and cools stuffs about security.
Vehicle Security and Car Hacking A curated list of resources for learning about vehicle security and car hacking.
Web Security A curated list of Web Security materials and resources.
Windows Exploitation A curated list of awesome Windows Exploitation resources, and shiny things.

Walkthroughs

Name Description
Hackso.me CTF, HacktheBox, and Vulnhub walkthroughs
HackTheBox Guides Guides/Walkthroughs for various retired HacktheBox machines.

Learning Materials

Name Description
Enumeration
Advanced Nmap:Scanning Firewalls Advanced Nmap techniques for how to scann various types of firewalls.
Learning Nmap: The Basics - Part 1 The basics of how to use nmap.
Advanced Nmap: Some Scan Types - Part 2 Various Nmap scan types, and the practical use of these commands to scan various devices and networks.
Advanced Nmap: Scanning Techniques Continued - Part 3 More interesting scanning techniques.
Advanced Nmap: Fin Scan & OS Detection Various other command-line options.
db_nmap Running nmap from within metasploit.
GoBuster Guide Comprehensive guide on GoBuster tool.
Parsing ls Why you shouldn't parse the output of ls(1).
Exploitation
AppLocker Bypass Using Rundll32 to bypass Applocker.
Attacking & Securing WordPress Tecniques for enumeration and exploitation of wordpress sites.
Executing Meterpreter in Memory technique for executing an obfuscated PowerShell payload using Invoke-CradleCrafter in memory.
How to hack a Wordpress site Hacking a wordpress sites using different techniques.
How to pentest your WordPress site How to perform a pentest on you a wordpress site. More techniques and tools.
Metasploit Tutorial Metasploit Tutorial for beginners: Master in 5 minutes.
Practical guide to NTLM Relaying Practical guide to help clear up any confusion regarding NTLM relaying.
WordPress plugin Vulneribilities List of all vulnerabilities for WordPress plugins.
Reverse Engineering
Assembly Programming Tutorial A tutorial on programming in nasm Assembly.
Beginners Guide to Assembly This guide will explain exactly what is necessary to begin cheat creation for generally any online computer game, including both fields to study, and tools to use.
Beginner Reverse Engineering Info Reddit collection of beginner information on getting into Reverse Engineering.
Building a Home Lab for Offensive Security Guide on how to build a home lab for security purposes.
Ghidra Simple Keygen Generation From installing ghidra on ubuntu to writing a working keygen in python.
Ghidra Tutorial Youtube playlist on how to use ghidra using different example files.
Guide to x86 Assembly This guide describes the basics of 32-bit x86 assembly language programming, covering a small but useful subset of the available instructions and assembler directives.
Guide to Assmebly in VS .NET This tutorial explains how to use assembly code in a Visual Studio .NET project.
How to start out in Reverse Engineering Reddit post on the steps to get started in Reverse Engineering.
IDA Pro Tutorial Tutorial on how to reverse engineer with IDA Pro.
Intel 64 and IA32 Software Manual This document contains all four volumes of the Intel 64 and IA-32 Architectures Software Developer's Manual.
Intermediate x86 Intermediate Intel x86: Architecture, Assembly, Applications, & Alliteration. Part 2 to Into to x86.
Intro to Malware Analysis and Reverse Engineering Malware analysis course to learn how to perform dynamic and static analysis on all major files types, how to carve malicious executables from documents and how to recognize common malware tactics and debug and disassemble malicious binaries.
Intro to x86 Introductory Intel x86: Architecture, Assembly, Applications, & Alliteration.
Malware Analysis Tutorial Malware Analysis Tutorials: a Reverse Engineering Approach.
Mastering Ghidra Video from Infiltrate 2019 on mastering Ghidra.
Myne-US From 0x90 to 0x4c454554, a journey into exploitation.
Reverse Engineering 101 Vimeo video by Dan Guido
Reverse Engineering 101 - Malware Unicorn Malwareunicorn.org provides workshops and resources for reverse engineering in the infosec space. Workshop content is now available.
Reverse Engineering 102 Vimeo video by Dan Guido
Reversing for Newbies A collection of tutorials aimed particularly for newbie reverse engineers.
RE Guide for beginners Methodology and Tools of reverse engineering.
So you want to be a Malware Analyst Malwarebytes blog on becomming a malware analyst and what all is involved.
Windows oneliners to download and execute code Oneliners for executing arbitrary command lines and eventually compromising a system.
Where to start in leaning reverse engineering Forum post detailing the process to start learning reverse engineering.
Privilege Escalation
Basic Linux Privilege Escalation Blog teaching the basics of Linux Privelege Escalation.
Linux Privilege Escalation Techniques SANS papers on the linux privilege escalation.
Linux Privilege Escalation tools/tactics List of different linux privilege escalation tools and techniques as well as several scripts to download to automate the process.
Windows Privilege Escalation Guide on techniques for Windows Privilege Escalation.
LXD Privilege Escalation Describes how an account on the system that is a member of the lxd group is able to escalate the root privilege by exploiting the features of LXD.
Shells
How to build a RAT Building a RAT from scratch for educational purposes.
How to create a backdoor Article on how to create a nearly undetectable backdoor with Cryptcat.
How to create a remote command shell Creating a remote command shell using a default windows command line tools
How to create a reverse Shell Article detailing how to create a reverse shell and when to do it.
Reverse Shell in Bash Reverse shells in bash for Dummies by a Dummy.
Hacking and Pentesting
Pentesting Methodology Step by step walkthough of a basic pentesting methodology.
The Hacking Process Lots of information on the hacking process.
Guide to Penetration Testing Varonis Seven Part Guide to Penetration Testing.
CTF
CTF Field Guide How to get started in CTFs

Books and Cheatsheets

Name Description
Books
Programming from the Ground Up Using Linux assembly language to teach new programmers the most important concepts in programming.
Cheatsheets
DFIR Infographics Infographics about various DFI topics including file info, volume info, attribute info.
General DFIR Cheatsheets for general dfir info.
Malware Analysis Cheatsheets for different aspects of malware analysis.
Memory Forensics Cheatsheets for memory forensics. SANS memory forensics.
OSINT Cheatsheets for OSINT strategies and tools.
Pentesting Tools Cheatsheet A quick reference high level overview.
Radare2 Cheatsheet Cheatsheet of common commands for program Radare2
Reverse Shell Cheatsheet Several different types of reverse shells
SANS DFIR Digital Forensics and Incident Response cheatsheets from SANS.
SANS Pentest Posters These are Pentesting Posters that SANS supplies.
SANS Cheatsheets Various SANS cheatsheets.
THC Favorite tips, tricks and hacks Various tips & tricks for typical penetration testing engagements from highon.coffee.
Volatility Command Reference Quick reference command list for Volatility.
Windows Post Exploitation Command List Quick Reference command list used in post-exploitation of windows machines.
Windows Registry Forensics Cheatsheets on windows registry for different tools and information.
x86 and and64 instruction reference Reference for instructions with included summary of each.

Podcasts

Name Description
7 Minute Security A weekly infosec podcast about pentesting, blue teaming and building a career in security.
Hackable? Hackable? gives us a front row seat to explore where we’re vulnerable in our daily routines, without even realizing it.
InfoSec ICU The Health Information Security podcast from the Medical University of South Carolina.
Malicious Life Malicious Life by Cybereason tells the unknown stories of the history of cybersecurity, with comments and reflections by real hackers, security experts, journalists, and politicians.
Risky Business Risky Business podcast features news and in-depth commentary from security industry luminaries.
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast A brief daily summary of what is important in cyber security.
Security Now! Security podcast with Steve Gibson and Leo Laporte.
The CyberWire Daily The daily cybersecurity news and analysis industry leaders depend on.

Documentation

Name Description
Security Policy Templates SANS has developed and posted here a set of security policy templates for your use.

Programming

Name Description
C
Learn C Free interactive C tutorial.
Python
Learn Python Free Python tutorial.

Industrial Control System Info

Name Description
Learning Materials
Getting Started in ICS A Collection of Resources for Getting Started in ICS/SCADA Cybersecurity.
SCADA Hacking Information on how to hack ICS/SCADA devices.
Tools
Cronpot ICS/SCADA honeypot.
ICS Security Tools Tools, tips, tricks, and more for exploring ICS Security.

Contributing

Your contributions are always welcome! Please take a look at the contribution guidelines first.


If you have any question about this opinionated list, do not hesitate to contact me @johnson90512 on Twitter or open an issue on GitHub.

About

This repository is for tools, guides, cheatsheets, and anything else related to learning all different aspects of security.

Resources

License

Code of conduct

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published