A collection of awesome links I've compiled. please report any link rot, typoes, etc. Thanks!
- HACKING GOOGLE Series
- Jim Browning - Getting Back At Scammers
- Hak5 - Technology/Security/Fun
- Linus Tech Tips - Get your tech tips
- Marques Brownle - Consumer Tech Reviews
- TWiT - Tech Podcast Network
- Security Now - A fun security podcast
- Shannon Morse - Awesome tech lady
- Red Team Village
- DEFCON - Security Conference YouTube Channel
- HackerOne
- Computerphile - Cool Tech Videos With Cool People
- Null Byte
- Day of Shecurity - Women Focused Security Confrence YouTube Channel
- Shannon Morse - Awesome Security / Tech Lady
- Jayz Two Cents - Current trends in Tech
- Zack Freedman - A Maker and Nerd Who Does Cool Projects
- David Bombal - Cool IT Dude
- Network Chuck - another Cool IT Dude Who Really Likes Coffee
- Null Byte - Ethical Hacking
- Dave's Garage - Former Microsoft Employee with a lot of awesome knowlege
- Danooct1 - Historical Malware Demos
- Exabeam - A SIEM Product, But Their Channel Has Some Good Videos!
- XKCD - A webcomic of romance, sarcasm, math, and language.
- XKCD - But With a CLI interface!
- SANS NewsBites - Hot Off The Press! Get you Security News!
- Slashdot - News for nerds, stuff that matters
- Hackaday - Fresh Hacks Every Day from around the Internet.
- Darknet Diaries β True stories from the dark side of the Internet.
- Krebs on Security
- BleepingComputer - Tech News
- GNU - Free Software Philosophy
- Computer Fraud and Abuse Act
- Wigle - a map of discovered wifi networks
- Hacker Typer - Hacking is hard... Hollywood makes it look easy; like this
- Security Bsides - Mini Confrences
- DEF CON - Possibly the most notorious and popular security confrence
- Day of Shecurity - Women in Security
- Black Hat Con - More Industry Focused Than Defcon
- Comptia's Career Pathways with their corosponding certifications
- Cyberseek - Career Pathways
- National Initiative for Cybersecurity Careers and Studies (NICCS)
- Cybersecurity Certification Roadmap
- NetworkChuck's 2023 Breaking into Cybersecurity Roadmap
- Security+ - Professor Messer
- Security+ - Jason Dion, I really like his style, but I am not a fan of Udemy's sales tatics. Never pay the full price on Udemy. You should see the course for under $20
I get asked frequently what software/programs I use on my computer(s). I main Windows 11 Pro; here's my must have software:
- LibreOffice - An Open Source Office Suite
- Sumatra PDF Reader - Small, Fast PDF Reader
- GIMP - Photoshop Alternative
- Inkscape - Drawing Tool For When I Feel Artsy
- Notepad++ - The Programmer's Notepad
- VS Code - My Favorite Intergrated Development Environment
- Windows Terminal... A Terminal For Windows... It's Good Trust Me Bro!
- Windows Subsystem For Linux (WSL) - Linux running on Windwos!
- Ubuntu Linux (WSL)
- 7-Zip - An Excellent Zip Archive Program (and Format)
- Mozilla Firefox - My Favorite Web Browser and a Great Organization
- Ublock Origin - Ad Blocker
- Privacy Badger - Tracker Blocker
- Dark Reader - Makes the Internet Dark Mode (the Correct Mode)
- Brave - For Those Times When I NEED a Chrominum Browser
- Authy - 2FA
- Bitwarden - Password Manager
- Private Internet Access - VPN
- MEGA - Cloud Storage
- Proton Mail - Personal Email
- VLC Media Player - A Cool Media Player That Can Also Live Stream on a LAN
- Foobar2000 - Music Player
- cmus - Music Player That Runs in a Terminal
- Kali - A Debian based distro with a bunch of Red Team tools
- Parrot OS - A comprehensive Red Team and Blue Team distro
- Ubuntu - A general purpose Debian based distro
- Linux Mint - A branch of Ubuntu with a different desktop environment
- Security Onion - A Blue Team focused distro
- Debian - The Distro many others are based on including Ubuntu, Linux Mint, and Kali
- Garuda - A visualy awesome looking Arch based distro. Check out the KDE Dr460nized Edition!
- Virtual Box - You won't hear me say much nice about Oracle, but Virtual Box is a nice hypervisor
- VM Ware - another great hypervisor
- Windows Subsystem for Linux (WSL) This is a really cool hypervisor built into modern Windows
- Some cybersecurity terms to be familar with!
- What is a Script Kitty - ααα’
- Star Wars in a Terminal!
- Star Wars Terminal in a web browser
- Discord QR Code Hacks
- Have I Been Pwned - Have your Credentials Been Leaked?
- Nonce - it's a funny word
- Royalty free images - ya never know when you need to make a presentation!
- How to take screenshots on an Apple Mac
- ARM Vs x86-64 - what is all this talk about CPU arctitectur
- Notepad++ - Sera's favorite text editor avaliable for Windows!
- Sublime Text - a minimilistic GUI based text editor.
- Cyber Chef - A Tool For Decoding Encoded Data Courtesy of British Intelligence!
- O.MG Cable - A USB cable that can execute scripts.
- Password Monster - Check your password strength.
- Online Tools For Checking Potentially Malicious Websites
- Bandit Over The Wire
- Hack The Box - Hacking Training For The Best
- TryHackMe - Cyber Security Training
- CTF Time
- picoCTF - CMU Cybersecurity Competition
- Cipher Tech Women & Minorities Online Challenge | Cyber Skyline
- Python Challenges
- Google Code Jam
- Cyber Defenders - Blue Team CTF Challenges
- BASH Scripting Challenges!
- SANS Holiday Hack Challenge - Fun Cybersecurity Practice
- DVWA - It's a Web App That's Pretty Damn Vaulnerable
- Vuln Web - Practice your skills in a live environment
- Backdoors and Breaches - an awesome tabletop to test your skills
- CIA Triad - First item in the Executive Summary
- Threats Vs. Vulnerabilities - It's from NASA so it's space security!
- Threats Vs. Vulnerabilities Vs. Risk - From Sectigo, a security company.
- Calculating Risk - SANS Formula
- Risk Tolerance
- Container Vs VM
- Linux File Sytem Structure
- Shell Vs. Terminal Vs. Console
- The 50 Most Popular Linux & Terminal Commands - Full Course for Beginners
- Linux File System/Structure Explained!
- Linux Command Cheat Sheet
- Linux for Hackers β Basics for Cybersecurity Beginners
- Where GREP Came From - Computerphile
- AWK Is Still Very Useful | Brian Kernighan and Lex Fridman
- Case Sensitivity Windows Vs. Linux
- Cron Jobs - OSTechNix
- Crontab Guru - a crontab calculator
- Cron Job: A Comprehensive Guide for Beginners 2023
- Start a process on boot
- Explain Shell- match command-line arguments to their help text
- /bin and /sbin what they have to do with PATH
- Operating System Vs. Kernel?
- What is CLI
- BASH Vs. Z Shell
- YUM Vs. APT: What's the Difference? | phoenixNAP KB
- A Great Vim Cheat Sheet
- Vim cheatsheet
- Cheatsheet for GNU nano
- How to Use Nano Text Editor in Linux [With Cheat Sheet]
- GNU Nano Cheatsheet
- Learn VIM while playing a game - VIM Adventures
- tar Cheat Sheet
- Linux Tar CommandsΒ Cheatsheet
- Cheat Sheet - Archives and Compression - Seb's IT blog
- Compressing Files
- ZIP - In depth
- β οΈAs of 01/17/2023 this link is dead. Will check againβ οΈChmod Calculator | Chmod Generator | Chmod Command
- Chmod Calculator | OMNI Calculator - Advanced Mode has special permissions
- Linux File Permissions Cheat Sheet
- Unix File Permissions
- What is SUID, SGID and Sticky bit
- Linux permissions: SUID, SGID, and sticky bit
- Linux File Permissions: Understanding setuid, setgid, and the Sticky Bit
Credit For this section in (large) part goes to Networkmancer
apt
is a command-line interface for managing software on Debian and its derivatives (like Ubuntu).- APT - Ubuntu Documentation for the apt package manager
Common uses:
apt update
: Updates package lists from repositories.apt upgrade
: Upgrades all the installed packages.apt install [package-name]
: Installs a specified package.apt remove [package-name]
: Removes a package but retains its configuration files.apt purge [package-name]
: Removes a package including its configuration files.apt search [package-name]
: Searches repositories for a pacage matching the provided name.
dpkg
is a tool for managing individual.deb
package files.- dpkg Technical Documentation
Common uses:
dpkg -i [package-file.deb]
: Installs/Upgrades a package from its .deb file.dpkg -r [package-name]
: Removes a package but retains configuration files.dpkg -P [package-name]
: Purges a package completely.dpkg -l
: Lists all packages installed.
- Pacman - Arch Documentation for the pacman package manager
- Brew - The missing package manager for Mac OS
- Windows Package Manager - Yuppers Windows has one too!
- How to Use SCP Command to Securely Transfer Files
- The SCP Command
- What is an SSH Key? An Overview of SSH Keys
- How To Use SSH to Connect to a Remote Server | DigitalOcean
- Origin of "Hello World"
- Environmental Variables - Linux has several variables that hold some cool information!
- Bash Scripting Tutorial for Beginners
- Bash Scripting Tutorial for Beginners: What It Is, How to Write One, and Script Examples
- Bash Scripting - Introduction to Bash and Bash Scripting - GeeksforGeeks
- if/else/elif logic
- Bash Scripting Cheatsheet!
- For Loops
- Validate User Input
- Break Your Terminal with a Fork Bomb DOS Attack!
- Shell Check - Helps figure out what's wrong with your script!
- Smart Draw - Create Network Diagrams
- OSI Model Explained!
- TCP 3-way Handshake
- SYN Flood - A TCP DDOS Attack!
- TCP Vs UDP
- Well Known Ports - Internet Assigned Numbers Authority
- DNS Poisining - A Cool Attack that Exploits DNS Requests
- Top Level Domains - All Domains Supported By ICANN
- Private IP Ranges
- What is a Port?
- What is a Subnet?
- Subnetting Cheat Sheet
- Smart Draw - A good utility for creating network diagrams
- UFW Firewall help - IPtables is a good firewall but making the interaction less complicated is better for everyone
- Wireshark's Official Introduction Doc
- Another Introduction to Wireshark
- Yet, Another Introduction to Wireshark!
- Some Useful Cheat Sheets
- Cheat Sheet!
- MAC Address OUI Lookup - Find the Manufacturer of Network Devices
- Decrypt HTTPS Traffic
- What is a Port?
- Uncomplicated Firewall (UFW) - It's a Firewall that Uncomplicated...
- UFW Official Documentation
- pfsense Firewall Download - It's free why not play with the Community Edition?
- lnav - A great way to view logs! πͺ΅
- Get info about IPs, CVEs, and a lot more! - Grey Noise
- Open Threat Exchange, Get More Information About Potiential Threats - Alienvault OTX
- Check an IP to see If It's A Known Malicious Server
- Defense In Depth Explained
- Defens In Depth is like an Onion... - I'll Let Oracle Explain
- The PB&J Instructional Exercise - Computers are VERY literal and will do EXACTLY what you tell them
- A History of Programming Languages
- Python Documentation
- The Zen of Python
- Python Tutorial
- PEP 8 β Style Guide for Python Code | peps.python.org
- W3Schools - An excellent resource for Python and other languages!
- Stack Overflow - Where Developers Learn, Share, & Build Careers
- Why do datatypes even exist?
- Converting Data Types - I will cast you as a string and you as a float!
- String Methods
- String Cheatsheet
- Python String Methods
- Need to Save Parts of an Object Into Multiple Variables?... Like Words in a String? Try Destructuring!
- Python List Methods
- List methods in Python
- Python - List Methods
- ".append()" Vs "+= []"
- Truth Tables
- os β Miscellaneous operating system interfaces
- Use Python as a graphing calculator with matplotlib
- Graphics in Python With Turtle
- Jupyter Notebook: An Introduction β Real Python
- .sort() Vs sorted()
- Lambda Functions - Almost magical one line functions
- Regex101: build, test, and debug Regex
- Regex Library - an awesome resource for Regex
- Regex Golf - practice your Regex skills
- VS Code - Currently my favorite IDE
- Indent-Rainbow - An extension for VS Code that will highlight indents
- Just In Time (JIT) Compilers - Computerphile
- Floating Point Numbers - Computerphile
- For Loops Vs While Loops (in Python)
- The Art of Code - Dylan Beattie
- The Problem with Time & Timezones - Computerphile
- Python Webserver with logging -
python3 -m http.server 80 2>&1 | tee -a access.log
or a shorthand way to redirect STDERRpython3 -m http.server 80 |& tee -a access.log
Python uses STDERR to display the logs on screen.
- DNS Record Types
- Network Time Protocol (NTP) - Computerphile
- OSI Model
- W3 Internet Protocol Stack
- Public vs Private IPs
- HTTP Response Codes - I am a teapot π« (look it up)
- OWASP Top 10 - This is a document listing the most common attacks happening on the web in the wild!
- Transport Layer Security (TLS) - It puts the "S" in HTTPS
- Using Net User to add users
- Managing Accounts with Net User
- Group Policy Architecture
- Remotly Install Software Via Group Policy
- A Better Control Panel Using "God Mode"
- Active Directory Administration
- LDAP Vs. Active Directory
- Detecting and Preventing LSASS Credential Dumping
- Kerberos - What is it and how does it work?
- Search EventLog With PowerShell
- Introduction to Scripting in PowerShell
- Batch Scripting - Tutorials Point
- WannaCry - Who doesn't like ransomware
- Stuxnet - Centrifuges in Iraqi Nuclear power plant go Brrrrr... APT.. USA... They both have 3 letters.
Sometimes even when you do everything right you may still end up in jail...
- Coalfire News Article
- Coalfire Tell All - Dark Reading
- Coalfire Official Press Release - Charges Dropped
- MITRE ATT&CK Framework - a framework for how attacks and red team activites are carried out
- Lockheed Martin Cyber Kill Chain - a more simplified framework for cyberattacks
- Whois - Online tool
- Nmap Cheat Sheet
- Nmap Xmas Scan - It's the most alarming time of the year!
- Spiderfoot - A OSINT collection tool
- OSINT Framework - A collection of OSINT resources
- Shodan - Search exposed devices across the world
- Nessus - A vaulneribility scanning suite
- Common Vulnerability Scoring System (CVSS)
- No Tech Hacking - OSINT is Best Intelligence
- OWASP Top 10
- OWASP Top 10 Explinations
- What is DOM?
- XSS Worm - Sammy wants to be your MySpace friend
- XSS-game - a fun place to practice xss
- Stored XSS walktrough
- OWASP XSS Attacks
- XSS Cheat Sheet - Portswigger
- URL Encoder - a quick way to URL encode your strings
- Primer on Predicate Logic - This is NOT something we are directly exploring, but a surprising amount of people have asked about Predicate Logic and its relation to SQL
- SQL Injection - An Introduction
- SQL Injection Cheat Sheet
- NOSQL Injection - For when the DB isn't a SQL DB
- RESTful API - Web Requests
- Why is Cross Site Scripting NOT called CSS, but XSS?
- Watch a hacker use Brupsuit
- Google Gruyere - A Web App You Can Hack... Get It Gruyere Has Holes... Like This App's Security
- Juice Shop is a modern web app you can hack after you pwn DVWA
- Salt Your Passwords - A More Secure Way of generating password Hashes
- Pepper Your Passwords - Because they Shold be Well Seasoned!
- AI Password Cracking - Be Afraid! Be VERY Afraid! Or Eh Not So Much
- CrackStation - Online Pre-Computed Lookup Tables
- John the Ripper - He's Coming For Your Passwrod Hashes
- Hydra - Need to Attack Webservices?
- RevShells - A Tool for Generating Code to Crreate Bind and Reverse Shells
- Ncat - A New Version of Net Cat With Extra Features
- ELF File Format - This is the Executable File Format for Linux
- PE File Format - This is the Executable File Format for Windows
- The 6 Principles of Social Engineering
- The psychology of social engineering - Microsoft
- Bind Vs. Reverse Shell
- EternalBlue - SMB Vaulneribilities Strike Hard!
- MSFVenom Official Documentation
- Metasploit Official Documentation
- MSFVenom Cheatsheet
- Safe, Reliable, Hashdumping
- Linux Privillage Checker - A cool post-exploit reconnonissance script
- Using private key to SSH
- User Private SSH key - Another Guide
- Windows Privillage Escalation Scripts/Tools
- Windows Potatoes π₯- Boil Them, Smash Them, Stick Them in a Stew
- MimiKats - Gentil Kiwi's Personal Blog
- Intro to Splunk
- Splunk Basic Searching
- Splunk Documentation
- SPLUNK
- Alien Vault (competetior SIEM owned by AT&T)
- ELK Stack (Free SIEM)
- Wazuh (Free Sera's prefered free SIEM)
- Pokemon Dataset - A fun dataset to practice and test your SIEM with!
- Autopsy
- Sleuth Kit
- Sleuth Kit Wiki
- Sleuth Kit Manual
- Volatility - Memory Forencsics Tool
- Eric Zimmermanβs Tools
- Yara - The pattern matching swiss knife for malware researchers (and everyone else)
- Maxim Suhanovβs YARP (CLI)
- OSFMount
- Notepad++ - My Favorite Windows Based Text Editor
- Binary Ninja - My Hex Editors of Choice
- XXD - CLI Hex Editor
- Hexcurse - I like this CLI Hex Editor Better Than XXD
- Ghidra - reverse engineering tool created by the NSA
- IDA-pro - widely used reverse engineering software
- Registry Hives - You though Hives Were For Bees?!?!π
- Registry Analysis - BEES πππ
- Microsoft Registry Hives - Official Documentation
- RegRipper - Report on Useful Artifacts in Registry Hives
- Writing DFIR Reports a Primer
- Intro to Report Writing for Digital Forensics
- Best Practices for Writing a Digital Forensics Report
- NIST Cybersecurity Framework
- Mitre d3fend Framework - Another Framework For Blue Team Operations
- Risk Management Framework
- Risk - threat x vulnerability x probability of occurrence x impact)/controls in place
- NIST Risk Management Tools
- Threat Modeling - OWASP
- Threat Modeling - CISCO
- Threat Modeling Manifesto
- STRIDE - Microsoft Threat Model
- PASTA - A threat modeling framework
- Security Controls
- Security Controls - Big Blue's (IBM) Definitions
- Writing Snort Rules
- Blameless PostMortems and a Just Culture
- Why You Need a Postmortem Process
- Learning From Incidents - An excellent blog
- Postmortem Templates
- Postmortem Examples
- The Art of Memory Forensics, 1st Ed. by Ligh et al. ISBN: 978-1118825099.
- Reference: Digital Evidence and Computer Crime: Forensic Science, Computers and the Internet, 3rd Ed. by Casey. ISBN: 978-0123742681.
- File System Forensic Analysis, 2nd th Ed. by Carrier. ISBN: 978-0321268174.
- Windows Registry Forensics, 2nd Ed. by Carvey. ISBN: 978-0128032916.
- Windows Forensic Analysis Toolkit, 4th Ed. by Carvey. ISBN: 978-0124171572.
- Secrets & Lies Digital Security in a Networked World, by Bruce Schneier. ISBN: 978-1119092438.
- The Mathmatics of Secrets Cryptography From Caesar Ciphers to Digital Encryption, by Joshua Holden. ISBN: 978-0691141756.
- Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers, by Andy Greenberg. ISBN: 978-0385544405.
- The Hundred-Page Machine Learning Book, by Andriy Burkov. ISBN: 978-1999579500.
- The C Programming Language, 2nd Edition, by Brian W. Kernighan and Dennis M. Ritchie. ISBN: 978-0131103627.
- Obfuscated C and Other Mysteries, by Don Libes. ISBN: 978-0471578055.