Cybersecurity Resources

Getting Started

• TheCyberHUB: Getting started with Cyber Security
• OWASP: Open Web Application Security Project
• Hack The Box: Online platform to test and advance your skills in penetration testing and cybersecurity
• TryHackMe: Learn cybersecurity through hands-on exercises and labs
• Open Security Training: Free and high-quality security courses, ranging from beginner to advanced topics

Learning Platforms

• Cybrary: Free online cyber security training
• edX Cybersecurity Courses: Various cybersecurity courses from top institutions
• PortSwigger: Free, online web security training from the creators of Burp Suite
• The Taggart Institute: It provides high quality technology training to everyone free of charge.
• Bugcrowd University: Security, education, and training for the whitehat hacker community
• Hacker101: Hacker101 is a free class for web security
• SANS Cyber Aces: Free Cyber Security Training
• Coursera Cybersecurity Courses: Cybersecurity courses from leading universities and organizations
• Udemy Cybersecurity Courses: Affordable cybersecurity courses
• INE: Cybersecurity training, specializing in hands-on labs and certification tracks like eLearnSecurity (eJPT, eCPPT)

Bug Bounty Platforms

• HackerOne: Bug bounty and vulnerability coordination platform
• Bugcrowd: Crowdsourced security testing platform
• Intigriti: Global crowdsourced security provider
• Open Bug Bounty: Open bug bounty program
• BugBase: A continuous vulnerability assessment platform
• YesWeHack: Global Bug Bounty & Vulnerability Management Platform
• Cobalt: Bug bounty platform connecting companies to a global community of security researchers
• Synack: Invitation-only platform for top-tier bug hunters to identify vulnerabilities for enterprises

Tools and Frameworks

• Metasploit: Penetration testing framework
• Burp Suite: Web vulnerability scanner and tester
• Nmap: Network discovery and security auditing
• Wireshark: Network protocol analyzer
• Nessus: A vulnerability scanner
• Naabu: A fast port scanner written in go with a focus on reliability and simplicity
• Ffuf: A fast web fuzzer written in Go
• Arjun: Finds query parameters for URL endpoints
• Zap (OWASP ZAP): Open-source web application security scanner
• Dirsearch: Brute force directories and files in websites
• Gobuster: Tool for brute-forcing URLs
• John the Ripper: Password cracker
• Hashcat: Advanced password recovery tool
• Amass: OWASP project for network mapping and attack surface discovery
• BloodHound: Active Directory (AD) exploration tool used to identify attack paths within AD environments
• CyberChef: Web-based tool for encoding/decoding, encryption, and other cyber operations
• PwnTools: CTF framework for creating and exploiting binary exploits in a fast, concise, and reliable manner
• RustScan: Fast and efficient port scanner built with Rust, designed for high performance
• Recon-ng: Web reconnaissance framework with modules for gathering open-source intelligence (OSINT)
• Sublist3r: Tool for gathering subdomains using search engines, certificate transparency logs, and other sources

Writeups

• PentesterLand: A directory of ethical hacking writeups including bug bounty, responsible disclosure and pentest writeups
• Infosec Writeups: Awesome write-ups from the world’s best hackers intopics ranging from bug bounties, CTFs, Hack the box walkthroughs, hardware challenges, and real-life encounters

Cybersecurity News

• Krebs on Security: In-depth security news and investigation
• Dark Reading: Cybersecurity news and analysis
• Threatpost: Latest cybersecurity news
• The Hacker News: Updates on hacking, cyber attacks, and breaches
• Bleeping Computer: Security and technology news
• CyberScoop: Covers the latest in cybersecurity, government policies, and cyber threats
• SC Media: Reports on cybersecurity news, product reviews, and expert analysis
• SecurityWeek: Cybersecurity news, analysis, and resources focusing on IT security strategies

Cybersecurity and Bug Hunting Browser Extensions

• Wappalyzer: Technology profiler
• Shodan: Open ports and device information
• FoxyProxy: Proxy management tool
• Cookie-Editor: View and edit cookies
• User-Agent Switcher: Change your browser's user-agent
• HackBar: Web security testing tool
• BuiltWith: Identify web technologies used on websites
• Retire.js: Detect vulnerable JavaScript libraries
• HTTP Header Live: View and modify HTTP headers
• Tamper Data: Modify HTTP/HTTPS requests and responses
• HTTPS Everywhere: Enforce HTTPS connections
• NoScript: Block scripts and protect against XSS
• Resurrect Pages: View cached versions of web pages
• Penetration Testing Kit: Collection of web pentesting tools
• Vulners: Vulnerability scanner extension for web pages
• Web Developer: Browser extension providing a suite of tools for web application penetration testing

Practice and CTF Platforms

• VulnHub: Vulnerable virtual machines for practice
• OverTheWire: War games for learning security concepts
• PicoCTF: Computer security education program
• PortSwigger All Labs: All PortSwigger labs at one place
• pwn.college: The material on pwn.college is split into a number of "dojos"
• Hack This Site: HackThisSite.org is a free, safe and legal training ground for hackers to test and expand their ethical hacking skills with challenges, CTFs, and more
• WebSec: Web based ctfs
• Hacker101: Free educational site for hackers, run by HackerOne
• Pwn.tn: IT security related challenges for fun and learning purpose
• Root-Me: Platform for hacking challenges
• CyberDefenders: Blue team-focused platform offering real-world cybersecurity challenges and incident response scenarios
• RangeForce: Provides hands-on defensive cybersecurity exercises and simulated environments for skill-building
• HackThisSite: A community-driven website for learning and practicing ethical hacking through CTF challenges and tutorials
• CTFlearn: A free platform that offers a variety of challenges for beginners and advanced CTF players alike

Documentation and Cheat Sheets

• OWASP Cheat Sheet Series: Concise collection of high value information on specific application security topics
• PayloadsAllTheThings: A list of useful payloads and bypass for Web Application Security and Pentest/CTF
• SecLists: Collection of multiple types of lists used during security assessments, collected in one place
• Assetnote: High quality wordlists for content and subdomain discovery
• URL validation bypass: URL validation bypass cheat sheet
• SQLi cheat sheet: SQL injection cheat sheet
• XSS cheat sheet: Cross-site scripting (XSS) cheat sheet
• Red Team Cheat Sheet: Comprehensive red teaming cheat sheet
• GTFOBins: A curated list of Unix binaries that can be exploited by attackers to bypass security restrictions
• LOLBAS: Lists binaries, scripts, and libraries that can be used by attackers living off the land in Windows environments
• MITRE ATT&CK: A globally-accessible knowledge base of adversary tactics and techniques based on real-world observations

Communities and Forums

• r/netsec: Reddit's network security community
• Hacker News: Tech and cybersecurity news aggregator
• Exploit Database: Open-source archive of public exploits and software vulnerabilities
• Security StackExchange: A Q&A site for information security professionals to share knowledge and solve problems
• Packet Storm: A cybersecurity forum with updates on vulnerabilities, exploits, and security news
• 0day.today: Exploit marketplace and forum for security researchers and professionals