Awesome Resources For Learning Ethical Hacking & Pentesting ⚡️

What I’m sharing here is a collection of some best resources about Hacking & Penetration Testing to make you learn faster! Let's make it the best resource repository for our community.

Contents

• Books
• Online
• Offline
• Vulnerable Machines and Websites
• Vulnerability Databases And Resources
• Malware Analysis
• Linux Penetration Testing OS
• Courses
• Workshop Playlists
• Security Talks and Conferences
• YouTube Channels
• Forums

You are welcome to fork and contribute.

Also you can find my writeups/tutorials on medium: @hussnainfareed :)

Books

1. The Hacker Playbook 2: Practical Guide To Penetration Testing
2. The Basics of Hacking and Penetration Testing, Second Edition: Ethical Hacking and Penetration Testing Made Easy
3. Breaking into Information Security: Learning the Ropes 101
4. Penetration Testing: A Hands-On Introduction to Hacking
5. Social Engineering: The Art of Human Hacking
6. Hacking: The Art of Exploitation, 2nd Edition
7. Web Hacking 101
8. OWASP Testing Guide (A must-read for web application developers and penetration testers)
9. The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws
10. The Basics of Web Hacking: Tools and Techniques to Attack the Web

Learning Platforms to Sharpen Your Skills

Online

Name	Description
CTF Hacker101	The Hacker101 CTF is a game designed to let you learn to hack in a safe, rewarding environment. Hacker101 is a free educational site for hackers.
Hack The Box :: Penetration Testing Labs	An online platform to test and advance your skills in penetration testing and cyber security. Join today and start training in our online labs.
TryHackMe	TryHackMe is an online platform that teaches cyber security through short, gamified real-world labs.
CTF365	An account-based ctf site, awarded by Kaspersky, MIT, and T-Mobile.
Backdoor	Pen testing labs that have a space for beginners, a practice arena, and various competitions, account required.
Hack.me	Lets you build/host/attack vulnerable web apps.
CTFLearn	An account-based ctf site, where users can go in and solve a range of challenges.
OWASP Vulnerable Web Applications Directory Project (Online)	List of online available vulnerable applications for learning purposes.
Pentestit labs	Hands-on Pentesting Labs (OSCP style)
Root-me.org	Hundreds of challenges are available to train yourself in different and not simulated environments
Vulnhub.com	Vulnerable By Design VMs for practical 'hands-on' experience in digital security
Windows / Linux Local Privilege Escalation Workshop	Practice your Linux and Windows privilege escalation.
Hacking Articles	CTF Brief Write-up collection with a lot of screenshots good for beginners.
Rafay Hacking Articles, a great blog	Write up collections by Rafay Baloch.
PentesterLab	20$ signature, complete content basic to write exploits, web, android.
CyberSec WTF	Emulated web pentesting challenges from bounty write-ups
Pentest-Ground	Pentest Ground is a free playground with deliberately vulnerable web applications and network services.

Off-Line

Name	Description
Damn Vulnerable Xebia Training Environment	Docker Container including several vulnerable web applications (DVWA, DVWServices, DVWSockets, WebGoat, Juiceshop, Railsgoat, django.NV, Buggy Bank, Mutilidae II and more)
OWASP Vulnerable Web Applications Directory Project (Offline)	List of offline available vulnerable applications for learning purposes

Vulnerable Machines/Websites

1. FiringRange

Vulnerability Databases And Resources

Vulnerability Databases are the first place to start your day as a security professional. Any new vulnerability detection is generally available through the public vulnerability databases. These databases are a big source of information for hackers to be able to understand and exploit/avoid/fix the vulnerability.

• http://www.exploit-db.com/
• http://1337day.com/
• http://securityvulns.com/
• http://www.securityfocus.com/
• http://www.osvdb.org/
• http://www.securiteam.com/
• http://secunia.com/advisories/
• http://insecure.org/sploits_all.html
• http://zerodayinitiative.com/advisories/published/
• http://nmrc.org/pub/index.html
• http://web.nvd.nist.gov
• http://www.vupen.com/english/security-advisories/
• http://www.vupen.com/blog/
• http://cvedetails.com/
• http://www.rapid7.com/vulndb/index.jsp
• http://oval.mitre.org/
• http://sploitus.com/
• http://cxsecurity.com/

Malware Analysis

Name	Description
Malware traffic analysis	list of traffic analysis exercises
Malware Analysis - CSCI 4976	another class from the folks at RPISEC, quality content
[Bad Binaries] (https://www.badbinaries.com/)	walkthrough documents of malware traffic analysis exercises and some occasional malware analysis.

Linux Penetration Testing OS

Name	Description
Kali	the infamous pen-testing distro from the folks at Offensive Security
Parrot	Debian includes a full portable lab for security, DFIR, and development
Android Tamer	Android Tamer is a Virtual / Live Platform for Android Security professionals.
BlackArch	Arch Linux-based pentesting distro, compatible with Arch installs
LionSec Linux	pentesting OS based on Ubuntu

Courses

1. Computer Systems Security, MIT
2. cisco's cources 3.cybrary 4.hackers academy

For those who want to do CEH, the following links are for you. 2. CBT Nuggets CEH Training 3. CEH Books 4. Guide to Binary Exploitation

Workshops/Playlists

1. Web Hacking
2. Ethical Hacking, A Comprehensive Playlist covering almost everything

Security Talks and Conferences

1. InfoCon - Hacking Conference Archive
2. Curated list of Security Talks and Videos
3. Blackhat
4. Defcon
5. Security Tube
6. Kevin Mitnick: Live Hack at CeBIT
7. Ghost in the Cloud, Kevin Mitnick
8. Kevin Mitnick | Talks at Google
9. Complete Free Hacking Course: Go from Beginner to Expert Hacker Today

YouTube Channels

Now let’s get Towards YouTube Channel Links... These Channels are Shared By Hackers where They Upload their Video POCs.. Watching them u can actually understand how to demonstrate these types of attacks...

1. LiveOverflow
2. Black Hat
3. Injector Pca
4. Hisham Mir
5. Devil Killer
6. Suleman Malik
7. Dem0n
8. Frans Rosén
9. HackerOne
10. ak1t4 machine
11. Shawar Khan
12. vulnerability0lab
13. Bugcrowd
14. Vijay Kumar
15. Web Development Tutorials
16. Jan Wikholm
17. Bhargav Tandel
18. ErrOr SquaD
19. SecurityIdiots
20. Penetration Testing in Linux
21. Hussnain Fareed
22. Null Byte
23. ZAID
24. vabs tutorial
25. the cyber mentor
26. PwnFunction
27. GetCyber
28. Loi Liang Yang

Any Channel Link Missing? Kindly add it in the Comments

Forums

Name	Description
0x00sec	hacker, malware, computer engineering, Reverse engineering
Antichat	russian based forum
CODEBY.NET	hacker, WAPT, malware, computer engineering, Reverse engineering, forensics - russian based forum
EAST Exploit database	exploit DB for commercial exploits written for EAST Pentest Framework
Greysec	hacking and security forum
Hackforums	posting webstite for hacks/exploits/various discussion

Contribution

Your contributions and suggestions are heartily welcome. (emoji key)

NOTE:

All references are taken from the Internet and shared on the Internet xD Thanks to those who shared their opinion before that helped me learn 😉 if you have any questions, please ask in the comments. If you know about any good resource for beginners, please share it here.

<!-- ALL-CONTRIBUTORS-LIST:START - Do not remove or modify this section --> <!-- prettier-ignore-start --> <!-- markdownlint-disable --> <!-- markdownlint-restore --> <!-- prettier-ignore-end --> <!-- ALL-CONTRIBUTORS-LIST:END