Useful links

General documentation

• HackTricks: https://book.hacktricks.xyz/
• PayloadAllTheThings: https://github.com/swisskyrepo/PayloadsAllTheThings
• Hacker's Grimoire: https://vulp3cula.gitbook.io/hackers-grimoire/
• Pentest book: https://pentestbook.six2dez.com/
• m0chan's blog: https://m0chan.github.io/
• burmat: https://burmat.gitbook.io/security/
• penetration testing cheatsheet: https://highon.coffee/blog/penetration-testing-tools-cheat-sheet/
• Binary exploitation course: https://guyinatuxedo.github.io/
• OWASP XSS cheatsheet: https://owasp.org/www-community/xss-filter-evasion-cheatsheet
• Bug bounty write-ups: https://www.bugbountyhunting.com/
• ZAP tutorial videos: https://www.zaproxy.org/videos-list/

Learning

• Building a computer from first principles: https://www.nand2tetris.org/
• How to regex: https://www.bugcrowd.com/blog/how-to-regex-a-practical-guide-to-regular-expressions-regex-for-hackers/
• SSH tunnels: https://robotmoon.com/ssh-tunnels/
• Learn Git: https://learngitbranching.js.org/
• VLAN basics: https://www.thomas-krenn.com/en/wiki/VLAN_Basics?xtxsearchselecthit=1
• Configuring VLANs: https://blog.monstermuffin.org/understanding-and-configuring-vlans/
• Network simulation, security-oriented: https://netsim.erinn.io/
• Over the wire: http://overthewire.org/wargames/
• Hack the box: https://www.hackthebox.eu/
• Micro corruption, embedded security CTF: https://microcorruption.com/login
• PicoCTF, beginner CTFs: https://picoctf.com/
• Hacker101, CTFs from hacker one: https://www.hacker101.com/
• Google CTFs: https://capturetheflag.withgoogle.com/#beginners/
• Reverse engineering for beginners: https://www.begin.re/
• Intro to x86_64 reverse engineering: https://leotindall.com/tutorial/an-intro-to-x86_64-reverse-engineering/
• Pentest reports: https://cure53.de/#publications

Programming and databases

• SICP book, but readable and modern: http://sarabander.github.io/sicp/
• Resources on learning SICP: https://crash.net.nz/
• Web application with golang: https://astaxie.gitbooks.io/build-web-application-with-golang/content/en/
• Say no to Venn diagrams when explaining JOINs: https://blog.jooq.org/2016/07/05/say-no-to-venn-diagrams-when-explaining-joins/
• Problem Solving with Algorithms and Data Structures using Python: https://runestone.academy/runestone/books/published/pythonds3/index.html
• Leetcode study guide: https://www.reddit.com/r/cscareerquestions/comments/eb1e2b/my_leetcode_study_guide/
• DIY Git in Python: https://www.leshenko.net/p/ugit/#
• Comprehensive Python cheatsheet: https://gto76.github.io/python-cheatsheet/

Recon

• DNS tools: https://viewdns.info/
• DNS dumpster: https://dnsdumpster.com/
• Find email addresses: https://hunter.io/users/sign_in
• Premade google dorks: https://dorks.faisalahmed.me/
• Get website's fingerprint for other search engines: https://mmhdan.herokuapp.com/
• Search public buckets: https://buckets.grayhatwarfare.com/

Reverse shells

• reverse shell cheatsheet: https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md
• pentest monkey reverse shell cheatsheet: https://web.archive.org/web/20200901140719/http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet

Pentesting tools

• reverse shell generator: https://0day.exposed/reverseshell/
• OSINT framework: https://osintframework.com/
• Search engine for vulnerabilities: https://sploitus.com/
• Exploit database: https://www.exploit-db.com/
• MITRE knowledge base: https://attack.mitre.org/
• Application security wiki: https://appsecwiki.com/#/
• OSCP goldmine: http://0xc0ffee.io/blog/OSCP-Goldmine
• Code pastebin: https://bpaste.net/
• Wildcard DNS for any IP address (useful for SSRFs): https://nip.io/
• Sqlmap documentation: http://www.it-docs.net/ddata/4956.pdf
• Unicode tools: http://qaz.wtf/u/
• IP converter: https://h.43z.one/ipconverter/

Exploitation tools

• Unix binaries exploit: https://gtfobins.github.io/
• Static binaries: https://github.com/andrew-d/static-binaries
• Inspect incoming HTTP or e-mail request: https://webhook.site/
• Capture and inspect HTTP requests: https://hookbin.com/

Windows exploitation

• WADComs: https://wadcoms.github.io/
• Learning powershell, overthewire for PS: https://underthewire.tech/
• Offensive WMI: https://0xinfection.github.io/posts/wmi-basics-part-1/

OSINT

• Analyze twitter accounts: https://botsentinel.com/#
• Impressive AI face search: https://pimeyes.com/en
• Instagram, reddit and snapchat toolkit: https://one-plus.github.io/Instagram
• Massive list of OSINT tools: https://cipher387.github.io/osint_stuff_tool_collection/

Communities

• Lobste.rs: https://lobste.rs/
• Lemmy: https://dev.lemmy.ml/
• YOSPOS: https://forums.somethingawful.com/forumdisplay.php?forumid=219
• 0X00sec: https://0x00sec.org/
• Peerlyst: https://www.peerlyst.com/wall
• OWASP slack: https://owasp.slack.com
• Netsec focus: https://mm.netsecfocus.com/nsf/channels/general
• Bug bounty notes: https://www.bugbountynotes.com/

Podcasts

• Rally security: https://rallysecurity.com/
• Security now: https://twit.tv/shows/security-now
• Comptoir sécu: https://www.comptoirsecu.fr/
• No limit sécu: https://www.nolimitsecu.fr/

Guides and tutorials

• Tracking satellites: https://nyan-sat.com/index.html
• Make your own ISP: https://startyourownisp.com/