Online Resources

This page contains all the curated online resources that are useful to InfoSec practitioners.

Favorite Sites

Sites I frequently visit.

• https://hackthebox.eu
• https://github.com/frizb/OSCP-Survival-Guide
• https://www.cybrary.it/
• https://ss64.com/
• https://consolia-comic.com/
• https://repl.it/
• https://rogerdudler.github.io/git-guide/
• https://danielmiessler.com/blog/build-successful-infosec-career/#education
• https://ss64.com/bash/
• http://www.informit.com/blogs/blog.aspx?uk=The-10-Most-Important-Linux-Commands
• http://resources.infosecinstitute.com/useful-linux-commands/#gref
• http://linuxcommand.org/index.php
• https://rogerdudler.github.io/git-guide/
• http://overthewire.org/wargames/
• https://media.defcon.org/

Web Development Stuff

Helpful links if you are interested in web development.

• https://bower.io/
• http://www.goodui.org/
• https://frontend.directory/p
• https://www.keycdn.com/blog/web-development-tools/
• https://wdrl.info/
• https://mothereff.in/
• http://www.inmotionhosting.com/support/website/php/command-line-settings
• https://davidwalsh.name/
• https://laragon.org/
• https://javascript30.com/
• https://laracasts.com/series/laravel-from-scratch-2017

Privilege Escalation Techniques

Gain root or system access with these techniques.

• https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/
• http://www.bhafsec.com/wiki/index.php/Windows_Privilege_Escalation
• https://github.com/GDSSecurity/Windows-Exploit-Suggester
• https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
• http://www.fuzzysecurity.com/tutorials/16.html
• http://www.hack4.net/2017/07/lare-local-auto-root-exploiter-is-bash.html

Exploits/Reverse Shells

Pop a shell with these pretty cool tools and scripts.

• http://pentestmonkey.net/tools/web-shells/php-reverse-shell
• http://paulsec.github.io/blog/2014/04/14/updating-openfuck-exploit/
• https://github.com/51x/WHP
• https://www.insomniasec.com/releases
• https://foxglovesecurity.com/2016/01/16/hot-potato/
• https://pentestlab.blog/2017/04/07/secondary-logon-handle/

Writeups/Walkthroughs

Learn through these walkthroughs.

• https://blog.christophetd.fr/write-up-mr-robot/
• https://nopresearch.com/walkthroughs/pwnerrank/
• https://www.n00py.io/2017/03/vulnhub-walkthrough-hackfest2016-sedna/
• https://highon.coffee/blog/fartknocker-walkthrough/
• https://blog.techorganic.com/2012/08/29/loophole-hacking-challenge/

OSCP Reviews/Guides

Motivations? Read these and be inspired.

• https://theslickgeek.com/oscp/
• https://www.jimwilbur.com/2017/07/oscp-review/
• https://tulpa-security.com/2016/09/19/prep-guide-for-offsecs-pwk/
• http://blog.pentestbegins.com/2017/07/05/my-oscp-certification-journey-2017/
• http://www.abatchy.com/2017/03/how-to-prepare-for-pwkoscp-noob.html

Penetration Testing Labs/CTFs

Need cool sites to sharpen your h@ck1ng skills? You might want to visit these.

• https://pentesterlab.com/exercises?dir=desc&only=free&sort=published_at
• https://labyrenth.com/mud/
• https://ctf.garage4hackers.com/
• https://pwnable.tw
• https://www.root-me.org
• http://hackthebox.eu/
• https://www.pwnerrank.com/signup/

Tutorials

Pretty good tutorials that you might want to see.

• https://excess-xss.com/
• http://www.vividmachines.com/shellcode/shellcode.html
• https://netsec.ws/?p=337
• https://www.trustedsec.com/2015/06/interactive-powershell-sessions-within-meterpreter/
• https://www.greyhathacker.net/?p=500
• http://www.hackingdna.com/2016/09/smb-enumeration.html
• https://www.darkoperator.com/installing-metasploit-in-ubunt/
• https://pen-testing.sans.org/blog/2012/06/06/escaping-restricted-linux-shells
• https://blog.netspi.com/15-ways-to-download-a-file/
• http://www.binarytides.com/hack-windows-xp-metasploit/
• http://opensecuritytraining.info/

Decompilers

Decompile java class files.

• http://www.javadecompilers.com/

Cryptography

Crack them hashes.

• https://crackstation.net/

Reverse Engineering

Want to start becoming a master in RE? These sites might help.

• http://mspgcc.sourceforge.net/manual/x223.html
• https://securedorg.github.io/RE101/

Other Useful Links

Links that you won’t easily find.

• http://seclists.org/fulldisclosure/
• http://www.amanhardikar.com/mindmaps/Practice.html
• https://highon.coffee/blog/penetration-testing-tools-cheat-sheet/
• https://www.blackmoreops.com/2016/12/20/kali-linux-cheat-sheet-for-penetration-testers/
• https://highon.coffee/blog/nmap-cheat-sheet/
• http://infosecaddict
• http://www.vulnerabilityassessment.co.uk/
• http://www.0daysecurity.com/penetration-testing/enumeration.html
• https://unix.stackexchange.com/questions/7351/unix-file-naming-convention
• https://www.darknet.org.uk/
• https://xapax.gitbooks.io/security/content/list_of_common_ports.html
• https://www.maketecheasier.com/windows-run-commands/
• http://www.tcpipguide.com/free/t_IPAddressClassABandCNetworkandHostCapacities.htm
• https://letsencrypt.org/
• https://pinboard.in/u:unfo/t:oscp
• https://codeshare.io/
• https://syntaxdb.com/
• https://workhack.com/security

---

Links will be added here regularly.