Defender's Notes
  • Welcome!
  • Methodology
  • Ethical Hacking
  • Resources/Blogs/Conferences/Labs
  • Writing Vulnerability Reports
  • Linux Tips
  • Certifications
  • Bug Bounty
    • Hints
  • Python
  • PenTesting
    • Recon
    • Network Scanning
    • Reverse Shell Payloads
    • API Security Testing
    • 53 - DNS
    • 21 - ftp
    • 139,445 - SMB
    • 111,2049 - rcpbind
    • Authentication
    • Scripting
    • OSINT
    • Cloud Security
    • Reverse Engineering
    • Password
    • Proxy Chain
    • Steganography
    • Buffer Overflow
  • Windows
    • Recon
    • Golden/Silver Ticket
    • PowerShell for Beginners
    • Windows Priv Escalate
      • Icecast (RPC)
    • Kerberos Attack
  • Web Pentesting
    • 80,443,8080 - Recon
    • Resources
      • Burp Suite
    • Web Vulnerabilities
      • WordPress
      • CSP Bypass
      • JSON Web Tokens
      • Insecure Desensitization
      • Open Redirect
      • Command Injection
      • Path Traversals
      • SSRF
      • SQL Injection
      • IDOR
      • Shellshock
      • Heartbleed
      • Session Attacks/Bypass
      • XSS
      • XXE
      • CSRF
      • File Inclusion (Local/Remote)
      • Drupal
    • OWASP Top 10 2017
      • Top 1: Injection
      • Top 2: Broken Authentication
      • Top 3: Sensitive Data Exposure
      • Top 4: XML External Entities (XXE)
      • Top 5: Broken Access Control
      • Top 6: Security Misconfiguration
      • Top 7: Cross-Site Scripting (XSS)
      • Top 8: Insecure Deserialization
      • Top 9: Using Components with Known Vulnerabilities
      • Top 10: Insufficient Logging & Monitoring
    • OOB
    • Java
    • Python Web Security
  • Linux
    • Upgrading shell
    • Linux Priv Escalate
      • Path Variable Manipulation
      • Systemctl
  • Binary Security
    • AOT
  • Hardware Security
    • Wi-fi
    • Radio
  • Mobile Security
    • Android
    • SMS
  • Videos
    • IppSec Videos
    • The Cyber Mentor
Powered by GitBook
On this page
  • Gitbooks
  • Blogs
  • Conferences
  • Labs/Exercises
  • Self Hosted Vulnerable Labs
  • Exercises/CTFs

Was this helpful?

Resources/Blogs/Conferences/Labs

PreviousEthical HackingNextWriting Vulnerability Reports

Last updated 4 years ago

Was this helpful?

Gitbooks

HackTricks gitbook is what inspired me to creat this Gitbook, I as well use his content to populate my gitbook. Highly encourage to bookmark:

RowBot has a great Gitbook with his PenTest Notes, which I draw a lot of my information from:

Best resources on finding free OffSec/Coding training from DFIR Diva:

Blogs

Spectre Intelligence Blog -

Kerbs on Security -

Darknet -

Security Weekly -

SANS blog -

WIRED Security -

ICS SANS -

Conferences

TheManyHatsClub2's TMHC Isolation Con

VirSecCon CTF

Labs/Exercises

Self Hosted Vulnerable Labs

Juice-shop

OWASP BWA

Exercises/CTFs

# Twitter Web Sec Challenge answer
curl 'http://35.204.139.205:5000/fetch' --data 'url=http://127.0.0.1:5000/secret&lang=%0D%0AX-Secret: YEAH'

Blue Team/App Sec Track

Purple Track:

Eyeless SQL writeup

OWASP created Juice-shop and its the best way to learn Web App security via vulnerable app. Best way to install Juice Shop is within a docket container on your Kali. Follow to install Docker on Kali and follow to install Juice-shop. WARNING: Docker version has seen some issues with working vulnerabilities (e.g. XXE and Reflected XSS)

Best Resouce to find live CTFs:

Hack The Box:

TryHackMe:

KONTRA - OWASP Top 10, free appsec training:

CyberSecLabs:

Labtainer:

[Really Good] Enigma Group's Security Challenges:

VirtualHackingLabs:

[Fun] Javascript Learning Game:

SecurityMB XSS Challenge Writeup:

Writeup

Intigriti's XSS challenges:

@gynvael's Twitter Web Sec Challenge:

@phant0mrouge's HUGE list of Training links:

EnigmaGroup's training (XSS, SQLi, and others):

https://book.hacktricks.xyz/
https://guide.offsecnewbie.com/
https://dfirdiva.com/free-training
https://slaeryan.github.io/
https://krebsonsecurity.com/
https://www.darknet.org.uk/
https://securityweekly.com/
https://www.sans.org/blog/
https://www.wired.com/category/threatlevel/
https://isc.sans.edu/
https://m.twitch.tv/videos/596561192
https://m.twitch.tv/videos/596561374
https://www.wclaymoody.com/blog/virseconctf-eyeless-writeup/
"Installing- Docker in Kali Linux" Medium guide
Juice-shop's Github Docker instructions
https://ctftime.org/
https://www.hackthebox.eu/
https://www.tryhackme.com/
https://application.security/free-application-security-training
https://www.cyberseclabs.co.uk
https://nps.edu/web/c3o/labtainers
https://www.enigmagroup.org
https://www.virtualhackinglabs.com/
https://alexnisnevich.github.io/untrusted/
https://securitymb.github.io/xss/2/?xss=
https://oshogbo.vexillium.org/blog/75/
https://challenge.intigriti.io
http://35.204.139.205:5000
https://twitter.com/phant0mrouge/status/1238737102600155136
https://www.enigmagroup.org/members/home