Ask HN: What are the best resources for learning security and pen testing?The following is an extraction of some of the great resources offered. Although the contextual commentary is absent here, it is colorful and very helpful and certainly merits a read.
(Work in Progress)
Hands-on Practice:
OverTheWire
WeChall
+Ma's Reversing
CTF Time
Pwn Adventure
VulnHub
YouTube Videos:
CTF video write-ups
Pwn Adventure 3: Pwnie Island
IppSec
John Hammond
GynvaelEN
Derek Rook
Online Courses:
Cybrary
Pluralsight
PentesterLab
Books:
The Web Application Hacker's Handbook 2nd Edition
The Hacker Playbook 3: Practical Guide To Penetration Testing
RTFM - Red Team Field Manual
BTFM - Blue Team Field Manual
The Hacked World Order: How Nations Fight, Trade, Maneuver, and Manipulate in the Digital Age
The Red Web: The Struggle Between Russia's Digital Dictators and the New Online Revolutionaries
Dark Territory: The Secret History of Cyber War
Cyberspies: The Secret History of Surveillance, Hacking, and Digital Espionage
The Tangled Web
Hacking, 2nd edition
Other Resources:
Exploit Database
Kali Linux
Kali NetHunter
Reddit /r/netsec
CTFs
Advice on Certs: CEH, CISSP, OSCP
Other Topics: DOD 8570 compliance, security people on Twitter, publicly disclosed bug bounty reports on Hackerone and Bugcrowd, Burp Suite, Foxyproxy in Firefox, talking to folks in the trenches, infra/app security and/or incidents, chat room, APIs,
No comments:
Post a Comment