A page containing bookmarks for anyone interested in learning cybersecurity.
These platforms are great starting points to build your cybersecurity knowledge and hacking skills.
-
One of the first links I ever clicked on when I became curious about hacking. Start with Bandit to learn command line basics in a fun way, then tackle the harder levels. Old school is cool!
-
Another old-school hacking training site.
-
A beginner-friendly CTF website with free and affordable premium content. Hand-holding included, so it's perfect for newcomers. For something more challenging, try Hack The Box.
-
Known for providing a more challenging environment with hands-on labs for developing hacking skills.
-
Root-Me is a well-known platform, but can be tricky to navigate due to language settings that often default to French.
Resources for setting up a home lab to practice penetration testing and vulnerability discovery.
-
A platform offering downloadable virtual machines designed for penetration testing practice. A fantastic resource for building hands-on experience with vulnerable systems.
-
DVWA is a deliberately insecure web application that lets you practice common web vulnerabilities like SQL injection, XSS, and more, in a controlled environment.
These platforms connect hackers with companies looking to improve their security.
- A well-known platform for participating in bug bounties and helping secure real-world applications.
Additional tools, platforms, and links for building cybersecurity skills.
For secure and anonymous browsing:
-
Essential for anonymous web browsing.
-
A privacy-focused OS that can be run from a USB drive.
Critical tools for Open-Source Intelligence (OSINT) and network scanning:
-
A well-organized resource to aid in information gathering from open sources.
-
A powerful search engine for discovering internet-connected devices. Basic membership is $49 for a lifetime.
-
A simple yet powerful open-source port scanner that's been continually improving since 1997.
-
A great tool for fuzzing endpoints
Tools and frameworks for exploit development and vulnerability testing.
-
A popular open-source framework for developing and executing exploit code against a remote target machine. A must-have for penetration testers.
-
An open source penetration testing tool that automate the process of detecting and exploiting SQL injection flaws and taking over of database servers.
-
A list of useful payloads and bypasses for Web Application Security.
Tools and techniques for gathering credentials, escalating privileges, and persisting access after an initial compromise.
-
A powerful post-exploitation tool for extracting credentials, performing privilege escalation, and accessing sensitive information from Windows systems.
A curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems.
Living Off The Land Binaries, Scripts and Libraries (For Windows environments)
Additional interesting resources:
-
A list of open source malware hosted on github. Easier than reversing in assembly. Can be an eye opener on how various types of malware work.
-
Marcus Hutchins' blog. Incredibly detailed low-level stuff. Fascinating rabbit holes to go down! (Marcus Hutchins is famous for stopping WannaCry).�
-
Thank you Daniel Miessler for such a comprehensive pen-testing wordlist!
"A journey of a thousand miles begins with a single step." - Lao Tzu