Resources/Blogs/Conferences/Labs

Gitbooks

HackTricks gitbook is what inspired me to creat this Gitbook, I as well use his content to populate my gitbook. Highly encourage to bookmark: https://book.hacktricks.xyz/

RowBot has a great Gitbook with his PenTest Notes, which I draw a lot of my information from: https://guide.offsecnewbie.com/

Best resources on finding free OffSec/Coding training from DFIR Diva: https://dfirdiva.com/free-training

Blogs

Spectre Intelligence Blog - https://slaeryan.github.io/

Kerbs on Security - https://krebsonsecurity.com/

Darknet - https://www.darknet.org.uk/

Security Weekly - https://securityweekly.com/

SANS blog - https://www.sans.org/blog/

WIRED Security - https://www.wired.com/category/threatlevel/

ICS SANS - https://isc.sans.edu/

Conferences

TheManyHatsClub2's TMHC Isolation Con

Blue Team/App Sec Track https://m.twitch.tv/videos/596561192
Purple Track: https://m.twitch.tv/videos/596561374

VirSecCon CTF

Eyeless SQL writeup https://www.wclaymoody.com/blog/virseconctf-eyeless-writeup/

Labs/Exercises

Self Hosted Vulnerable Labs

Juice-shop

OWASP created Juice-shop and its the best way to learn Web App security via vulnerable app. Best way to install Juice Shop is within a docket container on your Kali. Follow "Installing- Docker in Kali Linux" Medium guide to install Docker on Kali and follow Juice-shop's Github Docker instructions to install Juice-shop. WARNING: Docker version has seen some issues with working vulnerabilities (e.g. XXE and Reflected XSS)

OWASP BWA

Exercises/CTFs

Best Resouce to find live CTFs: https://ctftime.org/

Hack The Box: https://www.hackthebox.eu/

TryHackMe: https://www.tryhackme.com/

KONTRA - OWASP Top 10, free appsec training: https://application.security/free-application-security-training

CyberSecLabs: https://www.cyberseclabs.co.uk

Labtainer: https://nps.edu/web/c3o/labtainers

[Really Good] Enigma Group's Security Challenges: https://www.enigmagroup.org

VirtualHackingLabs: https://www.virtualhackinglabs.com/

[Fun] Javascript Learning Game: https://alexnisnevich.github.io/untrusted/

SecurityMB XSS Challenge Writeup: https://securitymb.github.io/xss/2/?xss=

Writeup https://oshogbo.vexillium.org/blog/75/

Intigriti's XSS challenges: https://challenge.intigriti.io

@gynvael's Twitter Web Sec Challenge: http://35.204.139.205:5000

# Twitter Web Sec Challenge answer
curl 'http://35.204.139.205:5000/fetch' --data 'url=http://127.0.0.1:5000/secret&lang=%0D%0AX-Secret: YEAH'

@phant0mrouge's HUGE list of Training links: https://twitter.com/phant0mrouge/status/1238737102600155136

EnigmaGroup's training (XSS, SQLi, and others): https://www.enigmagroup.org/members/home

PreviousEthical Hacking NextWriting Vulnerability Reports

Last updated 3 years ago