A compilation of some of my favourite Cybsersecurity Resources - tools, articles, practice platforms, learning materials, and more.
This list is based on a version that I helped to build for Sheffield Ethical Student Hackers society. You can find the original list here: https://shefesh.com/wiki/resources
I converted the HTML code to markdown using Turndown. Thanks for making my life easy!
HackTheBox.eu - Generally more advanced boxes, however there are some easy boxes too
TryHackMe - A useful website for walkthroughs and instructional learning (which can be hard to come by in cybersecurity). Some of our favourite rooms are linked below (and you can find a full list here)
- Linux - Missed our session on Linux Basics? TryHackMe has you covered
- Juice Shop! - You'll have seen this one if you've been to pretty much any of our sessions :) It's a great start for learning web application testing
- Vulnversity - A great room for the basics of recon, Burp Suite, and more
- Nmap - Learn the ropes of this crucial networking tool
- Attacktive Directory - Learn some Active Directory enumeration tools and methodologies, step by step
Immersive Labs - A collection of highly interactive labs, ranging from theory to guided tutorials of common tools - free for students!
Vulnhub + Docker Machines - Vulnhub is a website full of Virtual Machine images, ready to be hacked! Specific boxes that we enjoyed are listed below, along with some cool Docker images we've used for exercises!
- Stack Overflows for Beginners
- Brooks' Permissions Puzzle - run in a Docker Environment with "docker run --rm -it thelostlambda/perm-puzzle"
OverTheWire Wargames - A collection of miniature challenges, mostly Linux based, and great for learning the basics
Hack this Site - A site similar to Wargames with a series of missions, in a range of difficulties
Hacksplaining - The basics of hacking with interactive examples and short quizzes
GTFOBins - A website that shows possible privilege escalation vectors through SUID/GUID binaries
ippsec.rocks - A searchable directory of hundreds of HackTheBox video walkthroughs
OWASP Top 10 - OWASP's list of the most critical Cybsersecurity risks
excess-xss - A comprehensive guide to Cross Site Scripting attacks
Portswigger SQL Injection - An excellent writeup of SQL Injection techniques, from the people who brought you Burp Suite! Includes a great cheat sheet
AWS UK-OFFICIAL Quickstart - AWS' Template for an Official-rated cloud network. A good example of secure cloud infrastructure!
Scraping Club - A great website full of web scraping challenges
Enumerating Active Directory - An interesting article on common commands when poking around a Windows Domain Controller
- and the original repo this was forked from: https://github.com/xapax/security/tree/master/docs
-
Simple Bash Scripting - A nice guide to writing basic bash scripts
-
Bash with arguments - A guide to passing data to your script
-
Python with arguments - Command line arguments in a python script
Corelan Articles: https://www.corelan.be/index.php/articles/
LiveOverflow: - Full Playlist - Buffer Overflow with Shellcode - Writing a Simple Buffer Overflow Exploit
Udemy - A large catalogue of Cybersecurity courses
LinkedIn Learning - Cybersecurity Foundations - A course by Malcolm Shore, with more courses on his page
LinkedIn Learning - Python for Automation - A course by Sam Pettus, covering the basics of web scraping, Python HTTP requests, and more
Udemy Automation - Another automation course
Computerphile Password Cracking - A brilliant explanation of password cracking (featuring plenty of sexy GPUs)
Computerphile SQL Injection - A great visual explanation of SQL Injection
Computerphile Diffie-Hellman - A gorgeous visual explanation of a popular key exchange algorithm for all you cryptography nerds
CompTIA Exam Prep - A (long) video that goes over the crucial information for the CompTIA+ Qualification - even if you're not studying for it, this video is a great intro to networking!
Ippsec - A YouTube channel dedicated to walkthroughs of HackTheBox and other challenges
Juice Shop Solutions - A comprehensive list of solutions for the Juice Shop Challenges
Jack Barradell-Johns - Excellent writeups from our former Vice President!
WireGuard Setup - Set up your own VPN network with WireGuard!
Rana Khalil OSCP Prep Series - An excellent series of HTB writeups built for those preparing for OSCP
Remember the Code of Conduct (and the Computer Misuse Act) when using these tools! They are for education only, to be used on systems where you have explicit permission
Once you're sure you're working ethically and within the law... have fun!
-
Nmap - A tool for enumerating networks, with lots of built in scripts for enriching information - this is the first step in most security assessments!
-
Gobuster - Insanely fast tool for discovering webpages on a domain - often the first step when exploring a web app
-
ldapsearch & ldapenum - Tools for enumerating system and domain controllers over LDAP - useful for Windows boxes!
-
pspy - For monitoring processes on a Linux machine - useful for discovering interesting things post-exploitation!
-
PrivEsc Scripts Suite - A list of brilliant scripts for enumerating ahead of privelege escalation, including linPEAS and winPEAS. (It pairs nicely with this)
-
Bloodhound - Brilliant tool for visualising exploitation paths in Active Directory, and suggesting exploits
-
Burp Suite - A powerful tool for capturing and analysing HTTP requests, and modifying them on the fly - this is an essential in your toolkit!
-
Wireshark - An incredibly powerful tool for analysing network traffic
-
Beautiful Soup - The essential web scraping library, with great documentation
-
Scrapy - A powerful web scraping framework
-
sqlmap - A tool for automatically detecting and performing SQL injection attacks
-
Metasploit - An extensive set of exploit implementations, downloadable for free via Metasploit Framework
-
CrackMapExec - A mindblowingly versatile tool used for enumerating and exploiting Windows Machines and Active Directory - with incredible documentation!
-
Impacket - A collection of brilliant Python Scripts, perfect for pulling secrets out of Windows Machines (and much more). We used many of these scripts during our Enumeration Session
-
tomcatWarDeployer - For deploying malicious payloads to compromised Tomcat webservers
- Social Engineering Toolkit - A suite of social engineering and OSINT tools, including phishing and fake login pages!
- Ghidra - A suite of software reverse engineering tools, developed by the NSA
-
Cyberchef - A GCHQ released tool that's useful for encodings, cryptography and a ton of other useful tools!
-
jwt - A tool useful for decoding JWT tokens used in web applications
-
John the Ripper - A great password cracking tool, supporting hundreds of hash and cipher types
-
Regex101 - A lovely little regex checker, for help with all those greps
-
JSLinux - Try Linux out in your browser! (Although we recommend installing it properly)
-
tmux - A video guide to tmux from Ippsec, a useful tool for terminal productivity
-
HTTPBin - A website for testing HTTP requests
-
CTF Tools - A work-in-progress repo with various cybersecurity tools, including a password cracker and a repeater, built by Mac
-
Red Teaming Toolkit - A collection of amazing repositories and tools for all your hacking needs
-
SecLists - Thought this list was long? This repo compiles an egregious number of passwords, URLs, and payloads for fuzzing, password cracking, and everything in between
-
ExtendsClass - A host of free online developer tools for testing Regexes, API calls, XML validation, and more!
Security of Advanced Systems - A research group @ UoS, focusing on security by design and security analysis methods
Verification - A research group @ UoS, focusing on formal methods and mathematically rigorous verification of software and hardware
Linux Pocket Guide by Daniel J Barrett - A detailed list of the most useful Linux commands, and how to use them!
Web Application Hackers Handbook by Stuttard and Pinto - An incredibly detailed book with demonstrations of a wide range of exploits
Network Security Assessment by Chris McNab - Another highly detailed book focusing on network security
Red Team Field Manual by Ben Clark - A Red Teamer's reference guide
NCC Group - A series of great blogs, including the excellent 'Black Team War Stories'
Hacker News - A curated list of technology news articles
Risky Business Podcast - A regular podcast taking a deep dive into Cybsersecurity news
NCSC - The official blog of the National Cyber Security Centre
AWS Security - General security articles from AWS
AWS Provable Security - Another AWS blog, focusing more on formal methods
#resources