Getting Started in Cybersecurity and Hacking
Introduction
Getting Started in Cybersecurity
Entering the world of cybersecurity can feel overwhelming with numerous resources available. This guide simplifies the journey for newcomers interested in technology, cybersecurity, ethical hacking, and bug bounty hunting.
- Use the Table of Contents as your roadmap. Begin with Getting Started to grasp fundamentals, then explore Hacking and Security Challenges for understanding threats.
- Explore Hacking Techniques to learn about cyberattacks. Progress through Programming, Linux, and Networking for foundational skills.
- Consider Certifications for validation and explore Web Application Security for specialized knowledge. Find essential tools in Cybersecurity Tools and expand expertise in cloud security, digital forensics, and operating systems.
- Engage with the cybersecurity community through Communities and Conferences, stay updated via Blogs, Wikis, Magazines, and Forums, and explore cutting-edge research in Security Research.
- For clarity, consult the Glossary and terms. Contribute your insights through Contributions. This structured approach empowers you to navigate the world of cybersecurity effectively.
Table of Contents
- Getting Started
- Hacking and Security Challenges
- Hacking Techniques
- Programming
- Linux
- Networking
- Certifications
- Web Application Security
- Cybersecurity Tools
- Cloud Security
- Digital Forensics
- Operating Systems
- Osint
- References and Cheat sheets
- Communities and Conferences
- Blogs, Wikis, Magazines, and Forums
- Security Research
- Glossary and terms Various terms are used in this article. A glossary of cybersecurity terms is provided below
- Contributions
Getting Started
Books and PDFs
Legal PDFs about Programming, Networking, IT, Cybersecurity, and Penetration Testing
- Hacker High School
- Free Security eBooks on GitHub
- Free Programming eBooks on GitHub Please note that pirating will not be supported, as many books are available for free in a legal way.
Educational Channels
Hacking/Cybersecurity Youtubers:
- Hak5 Hacking hardware, cybersecurity news, hacking tech, and general hacking tutorials.
- Webpwnized Hacking tutorials, CTFS, Linux.
- Sstec Hacking tutorials, CTFS, and projects.
- Hackhappy Hacking tutorials, CTFS, and Linux.
- Derek Rook CTFS (Capture the Flags).
- John Hammond Programming, hacking tutorials, malware analysis, CTFS, Linux, and careers.
- Nullbyte Hacking tutorials, cybersecurity for ethical hackers and programmers.
- Hackersploit Penetration testing, web application hacking tutorials, Linux, malware analysis.
- InsiderPHD How to get started with bug bounty hunting.
- STOK Bug bounty tutorials, vulnerability analysis, hacking tools, and hacking methodology.
- Liveoverflow Hacking tutorials, CTFs/writeups, HackTheBox, web programming.
- IppSec Labs and capture-the-flag tutorials, HackTheBox, etc.
- Peter Yaworski Web-application hacking tips and interviews.
- Bugcrowd Bug bounty methodology and interviews.
- The Cyber Mentor Ethical hacking, web application hacking, hardware tutorials, tech reviewer.
- Nahamsec Educational hacking and bug bounty videos and career advice.
- Simply Cyber Helps people with cybersecurity career development, and has a daily cybersecurity news video.
- Black Hat Technical cybersecurity conferences.
- DEFCON Technical Cybersecurity Conference.
- 13Cubed Videos on tools, forensics, and incident response.
- BlackPerl Malware analysis, forensics, and incident response.
- Computerphile Programming, programming concepts, tech concepts, networking, programming and hacking, Linux.
- Security Weekly Interviews with cybersecurity figures.
- SecurityNow Cybercrime news, hacking, and web application security.
- Infosec Institute Cybersecurity awareness.
- InfoSec Live Everything cybersecurity related from tutorials to interviews.
- The PC Security Channel Windows security, malware news, and tutorials.
- David Bombal Everything cybersecurity related.
Tech Reviewers/PC Building/Consumer Tech
- Barnacules Nerdgasm Tech reviewer, hardware tutorials.
- Linus Tech Tips Hardware tutorials, tech reviewer, PC building.
- ThioJoe Hardware tutorials, tech reviewer, PC building.
- Elithecomputerguy Hardware tutorials, network tutorials, hardware reviewer, hacking tutorials, Linux tutorials, website development.
- Joe CollinsEverything Linux related, including tutorials and guides
- Network Chuck: All-around networking YouTuber
- Professor Messer Hardware Networking and Security Certifications Youtubers. Has extensive resources on CompTIA certifications
Podcasts
- Darknet Diaries
- SimplyCyber
- Smashing Security
- Hacking Humans
- Fraudology
- The Brett Johnson Show
- What The Shell
- The Hacker Mind
- The Cyber Queens Podcast
- Cyber Warrior Studios
- The Hacker Factory wirh Phillip Wylie
Hacking and Security Challenges
Capture the Flag (CTF) Challenges
- TryHackMe Highly recommended for beginners. They have many good free tutorials and detailed walkthroughs for many rooms.
- HackThisSite Focuses primarily on web exploit challenges.
- HackTheBox Virtual machines available for download to practice hacking. Offers both beginner-friendly and advanced content.
- Juice Shop An intentionally vulnerable web application developed by OWASP for hands-on learning of web application security.
- HackerOne Web hacking challenges and bug bounty program platform.
- CyberSecLabs An online platform offering cybersecurity challenges and labs for hands-on practice and learning.
- WebScanTest A website/application that allows users to test and analyze the security of web applications through vulnerability assessments and penetration testing.
- PortSwigger Web hacking CTFs and challenges and extensive resources on learning web application security
- CrackMe Contains various Small programs or applications to download designed to test a user's reverse engineering and software cracking skills.
Bug Bounty Programs
- HackerOne One of the largest bug bounty platforms with diverse programs and well-known clients. Offers rewards for security vulnerabilities in various applications
- Bugcrowd Crowdsourced platform that connects ethical hackers with companies seeking vulnerability assessments. Offers programs from startups to enterprises
- Synack Hybrid platform that combines human and AI-powered security testing. Offers continuous monitoring and has a private network of skilled researchers
- Open Bug Bounty Unique platform with a focus on responsible disclosure. Allows researchers to report vulnerabilities to websites without fear of legal consequences
- YesWeHack European bug bounty platform with a wide range of programs and collaboration with cybersecurity experts. Offers a Responsible Disclosure program for non-monetary rewards
- Zerodium Zerodium pays BIG bounties to security researchers to acquire their original and previously unreported zero-day research
Vulnerable Software:
- VulnHub Virtual machines available for download to practice hacking.
- Exploit-DB Database of exploits and vulnerability information.
- OWASP SiteGenerator A project by OWASP that helps generate vulnerable web applications for learning and testing web application security.
- McAfee Hacme, Hacme Casino, Hacme Shipping, Hacme Travel: Deliberately vulnerable web applications developed by McAfee for practicing security testing and identifying vulnerabilities.
- OldApps Provides archived versions of software applications for compatibility or nostalgic purposes.
- OldVersion Provides archived versions of software applications for compatibility or nostalgic purposes.
Hacking Techniques
Google Hacking and Dorking:
- http://www.stachliu.com/index.php/resources/tools/google-hacking-diggity-project/ - Google Hacking and Dorking software
- http://midnightresearch.com/projects/search-engine-assessment-tool/#downloads - Search engine vulnerability assessment
- http://sqid.rubyforge.org/#next - SQL Injection Digger
- http://voidnetwork.org/5ynL0rd/darkc0de/python_script/dorkScan.html - Python dork scanning tool
Wireless
- http://code.google.com/p/pyrit/
- http://www.oact.inaf.it/ws-ssri/Costa.pdf - Wireless Network Hacking PDF.
- http://packetstormsecurity.org/papers/wireless/cracking-air.pdf - Cracking the Wireless Encryption PDF
Password and Hash Cracking Tutorials
- Security and Password Exploitation Class
- Default Passwords for Various Vendors and Software
- Tutorial on Cracking Passwords Using Medusa
- Tutorial on Cracking Hashes Using Medusa
- Blog About Cracking Hashes and Passwords
- How to Find Passwords and Hashes in a System
- Default Passwords
- Online Hash Cracker
- Cracking Hashes and Passwords with Ncrack
- Hacking Tutorials Using Medusa
- Password Cracking with John the Ripper
- Tutorials on Using Ophcrack
- Hacking Tutorials with Keimpx
- Detection and Exploitation of SMB Default Credentials
- Cracking Hashes with GPU Acceleration
Password and Hash Cracking in the Browser:
- Online Website for Hash Cracking
- Tool for Cracking Various Hash Types
- Decode Base64 Encoded Hashes
- Tool to Decode Encoded Hashes
Wordlists
- Seclists is one of the most well-known sets of wordlists. Referenced in many CTFS
- Korelogic
- PacketStorm
- Skullsecurity
- Wordbook
Pass the Hash
- http://www.sans.org/reading_room/whitepapers/testing/pass-the-hash-attacks-tools-mitigation_33283
- http://www.sans.org/reading_room/whitepapers/testing/crack-pass-hash_33219
MiTM (Man in the Middle) :
- http://media.techtarget.com/searchUnifiedCommunications/downloads/Seven_Deadliest_UC_Attacks_Ch3.pdf - 7 Deadliest UC Attacks PDF.
- http://www.blackhat.com/presentations/bh-europe-03/bh-europe-03-valleri.pdf - MITM BlackHat talk
- http://www.irongeek.com/i.php?page=videos/ettercap-plugins-find-ip-gw-discover-isolate - Ettercap Plugins video.
- http://www.irongeek.com/i.php?page=videos/ettercapfiltervid1 - Tutorial on Ettercap Filters video
- http://articles.manugarg.com/arp_spoofing.pdf - ARP Spoofing paper
Active Directory
- Deep dive into Active directory Attacking Active Directory: 0 to 0.9
- Active Directory Mindmap In-depth active directory Mindmap by orange-cyberdefense
Metasploit:
- Metasploit Exploitation Framework - Exploiting with the power of the Metasploit framework
- Irongeek Metasploit Course - Introduction to exploitation with Metasploit
Programming
- edX Provides various free programming courses from universities.
- freeCodeCamp A free website for learning web development and Python. FOcuses extensively on Front end and back-end web development
- Udemy Offers career training courses, some of which are free.
- Khan Academy Provides courses on math, English, and computer programming in a fun gamified way for free.
- MIT OpenCourseWare Free intro to programming course released by MIT.
- Code.Google Google's Python class tutorials.
- Swaroopch Python tutorials by Swaroop.
- TheNewBoston Programming tutorials and resources.
- Hackerrank Coding challenges and competitions.
- Sololearn Offers interactive coding lessons for various programming languages.
- Codecademy Provides interactive coding lessons.
- Coursera Offers career development courses, both paid and free.
- DevDocs Comprehensive documentation for various programming languages and technologies.
- W3Schools Provides web development tutorials and references.
- GitHub Code sharing and collaboration platform.
- PythonAnywhere Online Python development and hosting platform.
- CS50 Well-known free course for introduction to programming.
- HackerRank Offers coding challenges and competitions.
- SoloLearn Provides interactive coding lessons for various programming languages.
- Khan Academy Highly recommended resource with lots of free courses in programming, computer science, math, English, etc.
- DevDocs Comprehensive documentation for various programming languages and technologies.
- W3Schools Provides web development tutorials and references.
- TheNewBoston Programming tutorials (web development - front end and back end, python, ruby).
- The Net Ninja Front-end and Back-End web development tutorials
- Derek Banas Tutorials on almost every kind of programming you can imagine.
- Traversy Media Python, Web Development, and various programming tutorials
- Programming with Mosh Programming Tutorials for various languages
Linux
- Linux Training Academy: Cheat sheet for useful command-line tools.
- TryHackMe Website for beginners and advanced users to learn about Linux and more.
- Linux Journey A hands-on step-by-step process for learning how to use Linux.
- Compute Freely Resources for learning about Linux and open-source software.
- Linux Newbie Guide Provides an overview of Linux and its features.
- Null Byte Linux Basics A series of free Linux basic tutorials.
- UbuntuPIT List of 50 very useful Linux commands.
- Linux for Ethical Hackers YouTube video series on Linux for ethical hackers.
- FreeCodeCamp Linux Crash Course YouTube beginner crash course in Linux.
- Linux Server Course YouTube course on Linux server system configuration and operation.
- Switched to Linux Linux tutorials and stuff Linux related.
- TheLinuxGamer Linux gaming, Linux tutorials, photo editing, music editing, programming, and some hacking tutorials
Networking
- Professor Messer's Network+ Training Course Highly recommended network+ training course on YouTube.
- FreeCodeCamp Networking Course Networking course by freeCodeCamp and Network+ preparation.
- Network Chuck Networking Course/CCNA Training Networking course by Network Chuck/CCNA training course.
Certifications
Hardware
- CompTIA A+ General hardware certification with a wide range of job offerings Cost Low/Mid (USD $300-400)
- Professor Messer A+ Course YouTube course by Professor Messer on A+ certification.
- Apple Certified Macintosh Technician Apple-specific hardware certification Cost High (USD $2,800)
Networking
- CompTIA Network+ Networking certification
the Cost is Low/Mid (USD $300-400) - Professor Messer Network+ Course Free YouTube course by Professor Messer on Network+ certification.
- Udemy Network+ Course Paid course on Udemy for Network+ certification. The Cost is Low (USD $20-30)
Linux
- CompTIA Linux+ CompTia Certification for Linux Cost is Low/Mid (USD $300-400)
Security - Entry Level
- CompTIA Security+ Comptia Entry-level security certification Cost is Low/Mid (USD $300-400)
- Stay Tuned for a Security + study guide
- CEH Certified Ethical Hacker certification. This is for the multiple-choice exam. The Cost is High (USD $1200)
- Google Cybersecurity Professional Certificate Entry-level cybersecurity certification from Google
- CC Entry level certification from ISC2
Security - Management Level
- CISSP Certified Information Systems Security Professional Cost Mid ($USD 700-800)
Penetration Testing
- CompTIA PenTest+ Certification focusing on penetration testing methodology The Cost is Low/Mid (USD $300-400)
- PJPT Hands-on exam from TheCyberMentor (Heath Adams) covering internal penetration testing Cost Low/Mid (USD $200)
- PNPT Hands-on exam from TheCyberMentor (Heath Adams) covering active directory external penetration testing and privilege escalation Cost Low/Mid (USD $300-400)
- EJPT Practical exam for penetration testing The Cost is Low/Mid (USD $300-400)
- EWPT Hands-on web application penetration testing exam The Cost is Low/Mid (USD $300-400)
- EMAPT Hands-on mobile application penetration testing exam The Cost is Low/Mid (USD $300-400)
- ECPPT Hands-on network penetration testing exam The Cost is Low/Mid (USD $300-400)
- CEH Master Practical CEH exam Cost is really high (USD $4,670) including CEH multiple-choice and hands-on exams. Typically need college, a scholarship, or work to pay for it.
- OSCP Highly recognized penetration testing certification with a focus on manual testing techniques by Offensive Security The cost is High (USD $1000-2500)
- I will be writing an OSCP study guide soon.
- OSWA Hands-on web application penetration testing exam by Offensive Security The cost is High (USD $1000-2500)
- OSWP Hands-on wireless penetration testing exam by Offensive Security The Cost is Mid/High (USD $800-900 with learn fundamentals package)
- Looking for people to give feedback on SANS certifications
Web Application Security
Exploitation Frameworks and Tools
- BeEF - Browser Exploitation Framework
- BlindElephant - Scanner for known vulnerable web apps
- XSSer - Cross-site Scripting attack tool
- RIPS Scanner - Scanner for vulnerable PHP apps
- Authforce - Password cracking tool
- Software Exploitation Toolkit - Software exploitation toolkit
- SQL Injection Digger - SQL Injection Digger search guide
- Pinata CSRF Tool - Cross-Site Request Forgery exploration and exploitation tool
- XSSer Introduction - Cross-site Scripting attack tool
- Clickjacking Attack Tool - Clickjacking attack tool
- Unicode Exploitation Guide - Unicode exploitation guide
- Web Security Testing Framework - Web security testing framework
- Squid Imposter - SSL impostering for MITM attacks
SQL Injection (SQLi)
A vulnerability that permits attackers to manipulate SQL queries to gain unauthorized access, modify, or retrieve sensitive data from a database.
- MSSQL SQL Injection Cheat Sheet
- SQL Injection Intro
- SQL Server Versions
- Testing for MS Access
- SQL Injection Video Tutorial
Upload Tricks
Upload web vulnerabilities refer to security flaws that allow malicious users to upload and execute unauthorized files, potentially leading to server compromise or unauthorized access to the system.
- Bypassing Upload File Type
- Tricks & Tips: Bypassing Image Uploaders
- Raven PHP Scripts: File Upload Vulnerability
- Cross-site Scripting Scanner
- Microsoft Security Advisory: File Upload
- TangoCMS Issue 237
- Cross-Site File Upload Attacks
- File Upload Security
- TikiWiki Script File Upload Security Bypass Vulnerability
LFI/RFI (Local File Inclusion/Remote File Inclusion)
Allows an attacker to include files from the target system or remote servers, potentially leading to unauthorized access or code execution.
XSS (Cross-site Scripting)
An attack where malicious scripts are injected into web pages, affecting users who visit the page and potentially stealing their data or taking control of their accounts.
- Cross-site Scripting Tutorial
- Basic Tutorial on XSS
- Comprehensive Guide to XSS Attack and Defense
- Filter Evasion Houdini on the Wire
- Javascript-based XSS Cheat Sheet
- Subreddit for XSS
- XSS Discussions
Metasploit
- WmapNikto - Metasploit
- Metasploit Mailing List
- Meterpreter
- Metasploit Video Tutorial
- Meterpreter Client
- Fast and Easy Hacking with Metasploit
Metadata
OSINT (Open-source Intelligence)
Shells
Attack Strings
Scanners
- w3af - Open-source web application security scanner.
- Skipfish - Automated web application security audit tool.
- sqlmap - Automated SQL injection and database takeover tool.
- SQID - Web application security library.
- Cross-Site Scripting Scanner
- Unauthorized Web Server Access Scanner
- Web Vulnerability Scanner
- Burp Suite - Web vulnerability scanner and testing tool.
- Belch - Web vulnerability scanner.
- Burp Intruder: Fuzzing Approach to Credentials Discovery
Net Scanners and Scripts
- Nmap - Network mapping and port scanning tool
- SambaScan2 - Windows-based shell script for discovering LanMan/NTLM authentication information
- SoftPerfect Network Scanner - Network scanner tool
- OpenVAS - Vulnerability scanner and management
- Nessus - Vulnerability scanner and management
- Rapid7 Vulnerability Scanner - Vulnerability scanner and management
- Retina Community - Vulnerability scanner
Content Management System (CMS) Hacking
Content Management Systems (CMS) are popular platforms used to manage, create, and modify digital content on websites and web applications. While they provide convenience and flexibility, improper configuration and vulnerabilities can lead to security risks. Ethical hacking (penetration testing) of CMSs is essential to identify weaknesses and implement robust security measures. However, it is crucial to obtain proper authorization before conducting any testing. Here's an overview of popular CMS platforms and resources for ethical hacking:
WordPress:
- WordPress A widely used open-source CMS for websites and blogs.
- WPScan WordPress vulnerability scanner.
- Securi Wordpress Guide Official security guide by WordPress.
- OWASP WordPress Security Implementation Guideline OWASP WordPress Security Cheat Sheet.
Drupal:
- Drupal An open-source CMS known for flexibility and scalability.
- Drupal Security Official security page for Drupal with advisories.
- Guide on Drupal Security.
ColdFusion:
- ColdFusion Directory Traversal FAQ (CVE-2010-2861)Information about major ColdFusion vulnerability.
- Attacking ColdFusion Insights into attacking ColdFusion applications.
Joomla:
- Joomla A popular open-source CMS with extensibility features.
- Joomla Security Security checklist and guidelines from Joomla.
Magento:
- Magento An e-commerce-focused open-source CMS.
- Magento Security Best Practices Security best practices from Magento.
Shopify:
- Shopify A hosted CMS for e-commerce solutions.
- Shopify Security Security measures and guidelines provided by Shopify.
Wix:
- Wix Cloud-based website builder with drag-and-drop tools.
- Wix Security Wix's security measures and policies.
Squarespace:
- Squarespace A website builder with visually appealing templates.
- Squarespace Security Security practices and protocols from Squarespace.
Typo3:
- Typo3 An enterprise-level open-source CMS known for scalability.
- Typo3 Security Typo3 security guide.
Umbraco:
- Umbraco An open-source CMS based on Microsoft's ASP.NET framework.
- Umbraco Security Security information and guidelines from Umbraco.
Ghost:
- Ghost A CMS designed for bloggers and writers.
- Ghost Security Security concepts and practices for Ghost.
Cybersecurity Tools
section in progress
Cloud Security
Cloud Security Resources:
- Cloud Security Alliance (CSA) A non-profit organization focused on promoting best practices for cloud security and providing education and guidance.
- Microsoft Cloud Security Microsoft's official cloud security page, offers information on Azure security and compliance.
- AWS Security Amazon Web Services (AWS) security center, providing resources and best practices for securing cloud environments on AWS.
- Google Cloud Security Google Cloud's security page, with information on securing applications and data on Google Cloud Platform.
- Cloud Security by Oracle Oracle Cloud's security resources, including whitepapers and best practices for securing cloud deployments.
- NIST Cloud Computing Security National Institute of Standards and Technology (NIST) publications and guidelines on cloud computing security.
- CSO Online - Cloud Security Articles and news on cloud security from CSO Online.
- Cloud Security Blogs A collection of top cloud security blogs, providing insights and updates on cloud security trends.
- Cloud Security Podcasts A podcast series focused on cloud security topics and discussions.
- SANS Institute Cloud Security Training Cloud security courses and training offered by the SANS Institute.
- Azure Fundamentals from YouTube
This section is still in progress
Digital Forensics
This section is still in progress
Operating systems
- Kali Linux is the most common operating system used for ethical hacking. Best for all levels has the most tutorials and support and the largest community. Note various cybersecurity courses assume you are utilizing Kali including offensive security and pnpt/tcm
- Parrot Security OS Similar to kali . easy to use but not as much support as Kali
- BlackArch Linux very customizable version of Linux, with a very steep learning curve but is still very powerful
- For more info on individual Operating Systems see distrowatch
ISOS
An ISO is a virtual "box" that contains all the necessary files and data to set up a computer system or an operating system. ISO files are typically used to distribute software, including operating systems like Windows or Linux.
Windows ISO images from Microsoft
Linux ISO images
Common Linux Distros
- Debian Stable and open-source OS with vast software repositories
- UbuntuUser-friendly Linux OS based on Debian with frequent updates
- Linux Mint Accessible OS, great for beginners, based on Ubuntu
- Arch Lightweight and customizable Linux OS, preferred by experienced users
- For more info on other Operating Systems
Virtual machine software and virtualization
- VirtualBox windows mac and Linux
- Vmware Vmware workstation windows mac and Linux
- Wine emulator for running windows applications on Linux, macOS, & BSD (not a virtual machine) Instead of simulating internal Windows logic like a virtual machine or emulator, Wine translates Windows API calls into POSIX calls on the fly, eliminating the performance and memory penalties of other methods and allowing you to cleanly integrate Windows applications into your desktop.
Osint
OSINT (Open Source Intelligence) -The practice of collecting information from published or otherwise publicly available sources
People and Organizational
- http://www.spokeo.com/ - locate people using online search
- http://www.123people.com/ - search engine for people
- http://www.xing.com/ - online networking platform
- http://www.zoominfo.com/search - business information search
- http://pipl.com/ - search engine mainly for people
- http://www.zabasearch.com/ - people and business search engine
- http://www.searchbug.com/default.aspx - Contact and services search engine
- http://theultimates.com/ - people and business search
- http://skipease.com/ - public records search
- http://addictomatic.com/ - Search topics and key phrases
- http://socialmention.com/ - see how often a phrase is mentioned
- http://entitycube.research.microsoft.com/ - link entities to other sources
- http://www.yasni.com/ - search engine for people and business
- http://tweepz.com/ - Search and find Twitter profiles
- http://tweepsearch.com/ - Tweet search engine
- http://www.glassdoor.com/index.htm - Search for employers and salaries
- http://www.jigsaw.com/ - Business information exchange
- http://searchwww.sec.gov/EDGARFSClient/jsp/EDGAR_MainAccess.jsp - public trading and financial documents
- http://www.tineye.com/ - Search for images
- http://www.peekyou.com/ - Online people search
- http://picfog.com/ - search engine for images
- http://twapperkeeper.com/index.php - Twitter archival search
Infrastructure:
- https://searchdns.netcraft.com/ - DNS lookup provider
- https://securityheaders.com/ - Secure HTTP response headers scanner
- http://uptime.netcraft.com/ - Website uptime checking
- http://www.domaintools.com/ - Domain information provider
- http://centralops.net/co/ - DNS and IP information lookup
- http://hackerfantastic.com/ - Website security scanning
- http://whois.webhosting.info/ - WHOIS lookup tool
- https://www.ssllabs.com/ssldb/analyze.html - SSL security assessment
- http://www.clez.net/ - IP address intelligence
- http://www.my-ip-neighbors.com/ - IP relationships explorer
- https://www.shodan.io/ - IoT device search engine
- http://www.exploit-db.com/google-dorks/ - Vulnerability search engine
- http://www.hackersforcharity.org/ghdb/ - Security knowledgebase
References and Cheatsheets
- http://en.wikipedia.org/wiki/IPv4_subnetting_reference
- http://www.nixtutor.com/linux/all-the-best-linux-cheat-sheets/
- http://shelldorado.com/shelltips/beginner.html
- http://www.linuxsurvival.com/
- http://mywiki.wooledge.org/BashPitfalls
- http://rubular.com/
- http://www.iana.org/assignments/port-numbers
- http://www.robvanderwoude.com/ntadmincommands.php
- http://www.nixtutor.com/linux/all-the-best-linux-cheat-sheets/
- http://cirt.net/ports_dl.php?export=services - Lists of port services definitions
- http://www.cheat-sheets.org/ - Compilation of cheatsheets for a variety of topics
Communities and Conferences:
- Defcon one of the largest worldwide Hacking conferences in the world
- Blackhat large worldwide conference all over the globe
- RSA Conference The RSA Conference is an annual event focused on helping improve cybersecurity awareness and cybersecurity culture in companies, and similarly expanding this knowledge in individuals across the globe.
- Calendar for Information Security Conferences
Blogs, Wikis, Magazines, and Forums
Blogs
Forums:
Created for forums that will help in both tool usage, syntax, attack techniques, and collection of scripts and tools.
- EH-Net Forums
- Hak5 Forums
- Kali Linux Forums
- Hack Forums
- Hackthissite Forums
- Security Override Forums
- Government Security
Wikis
Magazines:
Security Research
- https://www.shodan.io/: network monitoring and analytics platform.
- https://www.exploit-db.com/google-hacking-database google search term exploit database
- http://www.exploit-db.com/: exploited and vulnerable software vulnerabilities database.
- http://www.cvedetails.com/: comprehensive database of security vulnerabilities.
- https://cxsecurity.com/: security vulnerability database.
- http://www.packetstormsecurity.org/: security attack and audit sources.
- http://www.securityforest.com/wiki/index.php/Main_Page: security and penetration testing tips.
- http://www.securityfocus.com/bid: Bugtraq discussion forum & vulnerability tracking system.
- http://nvd.nist.gov/: U.S. National Vulnerability Database.
- http://osvdb.org/: open source vulnerability database.
- http://www.nullbyte.org.il/Index.html: cyber security and hacking website.
- http://secunia.com/: online IT security vulnerability resource.
- http://cve.mitre.org/: database of publicly known security vulnerabilities
Glossary
- Sans Glossary of Security Terms
- NICCS glossary of terms
- NIST Glossary
- Common Security Acronyms
- Skillsoft list
- For more terms see Cybersecurity ventures article
Contributions
Special thanks to all the contributors who have helped compile and curate this comprehensive list of resources. Your valuable contributions have made this collection possible and will undoubtedly assist many in their pursuit of knowledge and understanding in the world of cybersecurity and information technology. Together, we strive to improve and share knowledge, making the digital landscape safer for all. In no particular order thank you