| Name | Website | Source | Description | Price |
|---|---|---|---|---|
| AVORD | [Website] | UK penetration testing platform | Free | |
| AntiHACK | [Website] | Singapore bug bounty platform | Free | |
| Bug Bounty Hub | [Website] | Bug bounty platform | Free | |
| BugBounty.jp | [Website] | Japan bug bounty platform | Free | |
| Bugcrowd | [Website] | Bug bounty platform | Free | |
| Bugv | [Website] | Bug bounty platform | Free | |
| Cobalt.io | [Website] | Crowdsourced pentest and bug bounty platform | Free | |
| Crowdswarn | [Website] | Crowdsourced pentest & bug bounty platform | Free | |
| CyberArmyID | [Website] | VDP & bug bounty platform | Free | |
| disclose.io | [Website] | VDP platform | Free | |
| FEDERACY | [Website] | Crowdsourced pentest & bug bounty platform | Free | |
| FireBounty | [Website] | Bug bounty program aggregator | Free | |
| HackenProof | [Website] | Bug bounty platform | Free | |
| HackerOne | [Website] | Bug bounty platform | Free | |
| Hackrate | [Website] | Bug bounty platform | Free | |
| HackTrophy | [Website] | Bug bounty platform | Free | |
| huntr | [Website] | A bug bounty platform dedicated to Artificial Intelligence (AI) and Machine Learning (ML) | Free | |
| Immunefi | [Website] | Bug bounty platform focused on DeFi (Decentralized Finance), blockchain and smart contract security | Free | |
| Inspectiv | [Website] | Bug bounty platform | Free | |
| IssueHunt | [Website] | Bug bounty platform | Free | |
| Intigriti | [Website] | Bug bounty platform | Free | |
| Open Bug Bounty | [Website] | Non-profit bug bounty platform | Free | |
| OpenCIRT | [Website] | Open Cyber Incident Response Team; coordinated vulnerability disclosure for softwares without VDP | Free | |
| Plugbounty | [Website] | Bug bounty platform for plugins, themes, extensions, libraries | Free | |
| RedStorm | [Website] | VDP & bug bounty platform | Free | |
| SafeHats | [Website] | Bug bounty platform | Free | |
| ScanTitan | [Website] | Crowdsourced pentest | Free | |
| SSD Secure Disclosure | [Website] | Rewarded responsible disclosure service | Free | |
| SynAck Red Team | [Website] | Crowdsourced pentest and bug bounty platform | Free | |
| Yes We Hack | [Website] | European bug bounty platform based on the legislation and rules in force in european countries | Free | |
| Yogosha | [Website] | Bug bounty platform | Free | |
| Zero Day Initiative | [Website] | Rewarded responsible disclosure service | Free | |
| Zerocopter | [Website] | Invite-only and closed bug bounty platform | Free | |
| ZeroDisclo.com | [Website] | Coordinated disclosure platform by YesWeHack | Free |
Resources
Note: Paid resources may exist in a free limited version or a demo version
Bug bounty, pentest and disclosure platforms
Challenges platforms
| Name | Website | Source | Description | Price |
|---|---|---|---|---|
| ae27ff | [Website] | Challenge platform | Free | |
| Backdoor | [Website] | Practice area with some past CTF challenges | Free | |
| BattleHack | [Website] | Challenge platform | Paid | |
| Begin.re | [Website] | Binary reverse guided challenges for beginners | Free | |
| BugBountyHunter | [Website] | Learn how to test for security vulnerabilities on web applications with our various real-life web applications; security researcher tutorials, guides, writeups | Paid | |
| CanYouHack.It | [Website] | Challenge platform | Free | |
| Challenge Land | [Website] | Challenge platform | Free | |
| CryptoHack | [Website] | Crypto challenges platform | Free | |
| Cryptopals | [Website] | Crypto challenges platform | Free | |
| CTFLearn | [Website] | Challenge platform | Free | |
| CyberDefenders | [Website] | Training platform focused on the defensive side of cybersecurity, aiming to provide a place for blue teams to practice | Free | |
| DefendTheWeb | [Website] | Challenge platform | Free | |
| Electrica | [Website] | Programming, cryptography challenges | Free | |
| EnigmaGroup | [Website] | Challenge platform | Free | |
| Exploit Education | [Website] | Exercises and resources about vulnerability analysis, exploit development, software debugging, binary analysis, and general cyber security issues | Free | |
| Exploit Exercises | [Website] | VMs, documentation and challenges | Free | |
| FreeHackQuest | [Website] | [Source] | Challenge platform | Free |
| Flag4jobs | [Website] | Challenge platform with job offers | Free | |
| Gekkó | [Website] | Challenge platform | Free | |
| Graker | [Website] | Binary challenges having a slow learning curve, and write-ups for each level (SSH connection) | Free | |
| Hack The Box | [Website] | Challenge platform | Paid | |
| Hack This Site | [Website] | Challenge platform and community | Free | |
| HackBBS | [Website] | Challenge platform and community | Free | |
| HackCenter | [Website] | Private challenge platforms | Free | |
| Hacker Gateway | [Website] | Challenge platform | Free | |
| Hacker.org | [Website] | Challenge platform | Free | |
| Hacking Lab | [Website] | Challenge platform with teachers and solutions | Free | |
| Hackropole | [Website] | Challenge platform; challenges from previous years FCSC | Free | |
| HackThis!! | [Website] | Challenge platform | Free | |
| HackViser | [Website] | Challenge platform | Paid | |
| ImmersiveLabs | [Website] | Story-driven exercises and practical, gamified labs | Paid | |
| IO | [Website] | Binary challenges (SSH connection) | Free | |
| LOST-Chall | [Website] | Challenge platform | Free | |
| Microcorruption | [Website] | Platform including many challenges about embedded devices security; using a debugger the goal is to to unlock the smart lock device by finding vulnerabilities like memory corruption bugs; it involves assembly knowledge and reverse-engineering | Free | |
| Mod-X | [Website] | Challenge platforms through a fictional game | Free | |
| Net-Force | [Website] | Challenge platform | Free | |
| NCP | [Website] | NICE Challenge Project by the NIST and the NSA (for American students only) | Free | |
| Over The Wire | [Website] | [Source] | Challenge platform | Free |
| OWASP Juice Shop | [Website] | [Source] | Online demo instance of the OWASP Juice Shop | Free |
| Pwnable.kr | [Website] | Pwn challenges | Free | |
| pwnable.tw | [Website] | Pwn challenges | Free | |
| Rankk | [Website] | Programming, cryptography challenges | Free | |
| RedTigers Hackit | [Website] | PHP / SQL challenge platform | Free | |
| Reversing.Kr | [Website] | Cracking and Reverse Code Engineering challenge platform | Free | |
| Revolution Elite | [Website] | Math and programming challenges | Free | |
| Ringzer0Team | [Website] | Challenge platform | Free | |
| Root-me | [Website] | Challenge platform | Paid | |
| RoseCode | [Website] | Challenge platform | Free | |
| SecDim | [Website] | Defensive programming challenges, wargames and learning modules | Paid | |
| Security Traps | [Website] | Challenge platform | Free | |
| SmashTheStack | [Website] | Mostly binary challenges | Free | |
| Solve Me | [Website] | Challenge platform | Free | |
| SPOJ | [Website] | Programming challenges | Free | |
| Stereotyped Challenges | [Website] | Web challenges | Free | |
| Tasteless | [Website] | Challenge platform | Free | |
| TheBlackSheep | [Website] | Challenge platform | Free | |
| ThisisLegal.com | [Website] | Challenge platform | Free | |
| TryHackMe | [Website] | Challenge platform with deployable machines; there are also tutorials and courses | Paid | |
| TryThis0ne | [Website] | Challenge platform | Free | |
| Valhalla | [Website] | Challenge platform and community | Free | |
| Virtual Hacking Labs | [Website] | Virtual penetration testing environment with courses and VMs | Paid | |
| VulnHub | [Website] | VM-based challenges | Free | |
| VulnMachines | [Website] | Challenge platform | Free | |
| WebHacking | [Website] | Web challenges | Free | |
| W3Challs | [Website] | Challenge platform | Free | |
| WeChall | [Website] | Challenge platform | Free | |
| wixxerd | [Website] | Challenge platform | Free | |
| WTHack | [Website] | Challenge platform | Free | |
| yoire | [Website] | Challenge platform | Free | |
| Zenk-security | [Website] | Challenge platform and community | Free | |
| ZSIS CTF | [Website] | Challenge platform | Free | |
| µContest | [Website] | Programming challenges | Free |
CVE
| Name | Website | Source | Description | Price |
|---|---|---|---|---|
| Archlinux security issues | [Website] | CVE affecting Archlinux | Free | |
| AttackerKB | [Website] | Forum for the security community to share insights and views that help security professionals better understand the risk in their environment and make more informed decisions around prioritization and defense | Free | |
| CISA Known Exploited Vulnerabilities Catalog | [Website] | Known Exploited Vulnerabilities Catalog | Free | |
| CVE Details | [Website] | Advanced CVE datasource | Free | |
| CVExploits | [Website] | Search engine to find exploits related to a CVE | Free | |
| Debian security issues | [Website] | CVE affecting Debian | Free | |
| Mitre | [Website] | CVE datasource standard | Free | |
| NVD | [Website] | CVE datasource | Free | |
| Red Hat security issues | [Website] | CVE affecting Red Hat | Free | |
| OpenCVE | [Website] | Customizable CVE dashboard, track vulnerabilities that concern you (previously named Saucs) | Free | |
| SUSE security issues | [Website] | CVE affecting SUSE | Free | |
| Ubuntu security issues | [Website] | CVE affecting Ubuntu | Free | |
| VULDB | [Website] | Community-driven vulnerability database | Free | |
| VulnIQ | [Website] | Vulnerability database with CVE, OVAL, CWE, CAPEC, etc. | Free |
Events
| Name | Website | Source | Description | Price |
|---|---|---|---|---|
| CFP TIME | [Website] | World Call For Papers (CFP) agenda for security conferences | Free | |
| CTF TIME | [Website] | World CTF agenda and scoreboard | Free | |
| InfoSec Conferences | [Website] | World cybersecurity conferences agenda | Free | |
| SecurityCTF (reddit) | [Website] | Community for security CTF announcements and writeups | Free |
Information, News, Blog
| Name | Language | Website | Source | Description | Price |
|---|---|---|---|---|---|
| hackndo | French | [Website] | Blog about pentesting | Free | |
| InfoSecAdemy | English | [Website] | Blog about pentesting | Free | |
| Hacking Loops | English | [Website] | Blog about pentesting | Free | |
| KitPloit | English | [Website] | Tools presentation and announcement | Free | |
| Latest Hacking News | English | [Website] | Cybersecurity news, tools presentation and announcement | Free | |
| Offensive OSINT | English | [Website] | OSINT articles from an offensive perspective | Free | |
| Pentest Blog | English | [Website] | Blog targeting pentesters: security advisories, OS, appsec, network, tools, articles | Free | |
| Security List Network | English | [Website] | Tools presentation and announcement | Free |
Knowledge and tools
| Name | Website | Source | Description | Price |
|---|---|---|---|---|
| Argument Injection Vectors | [Website] | [Source] | Curated list of exploitable options when dealing with argument injection bugs and association between CVEs and vectors | Free |
| azure-mindmap | [Source] | Mindmap listing all possible compromise paths when faced with an Azure environment during a cloud security engagement | Free | |
| Bootloaders | [Website] | [Source] | Curated list of known malicious bootloaders for various operating systems | Free |
| bounty-targets-data | [Source] | Hourly-updated data dumps of bug bounty platform scopes that are eligible for reports | Free | |
| Bug Bounty Guide | [Website] | [Source] | Launchpad for bug bounty programs and bug bounty hunters | Free |
| Bug Bounty Hunting | [Website] | Search engine for bug bounty writeups, payloads and tips | Free | |
| Bug Bounty Reference | [Source] | A list of bug bounty write-up that is categorized by the bug nature | Free | |
| C2 Matrix | [Source] | A table comparing most C2 frameworks | Free | |
| Can I take over XYZ? | [Source] | List of services and how to claim (sub)domains with dangling DNS records | Free | |
| Cloud Security Atlas | [Website] | Risk register for cloud threats and vulnerabilities, search and filter by cloud provider platform, risk type, and sort by impact, exploitability, and recency | Free | |
| Cloudvulndb | [Website] | List all known cloud vulnerabilities and CSP security issues | Free | |
| CSP Bypass Search | [Website] | [Source] | Helps bypass restrictive domain whitelist based CSP and exploit XSS vulnerabilities | Free |
| ctf-tools | [Source] | Setup scripts for security tools | Free | |
| CXSECURITY | [Website] | Exploit index | Free | |
| deepdarkCTI | [Source] | Collection of Cyber Threat Intelligence sources from the deep and dark web | Free | |
| DefaultPassword | [Website] | Default passwords for many devices and services | Free | |
| dioterms | [Website] | [Source] | Vulnerability disclosure policy templates; terms for Vulnerability Disclosure Policy (VDP) and Bug Bounty Policy (BBP) | Free |
| Exploitalert | [Website] | Exploit index; semi-automatic intelligence supervised by a human operator to find publicly available exploits in the Internet | Free | |
| Exploit Database | [Website] | Exploit index; aka EDB or Exploit-DB; can be searched from the CLI with searchploit, sploitctl, getsploit and many other third party tools | Free | |
| Extended BApp Store | [Website] | Burp Suite extensions search engine | Free | |
| Filesec.io | [Website] | Curated list of file extensions being used by attackers | Free | |
| findsecuritycontacts.com | [Website] | [Source] | List of security contacts for websites extracted from security.txt and dnssecuritytxt | Free |
| Forensics Wiki | [Website] | Forensics tips and tools | Free | |
| fuzzdb | [Website] | Dictionaries of fault injection patterns, predictable resource locations, and regex for matching server responses | Free | |
| GHDB | [Website] | Google Hacking Database; Collection of google dorks | Free | |
| Guifre | [Website] | Security, system and network cheatsheets | Free | |
| GTFOBins | [Website] | [Source] | Curated list/cheatsheet of Unix binaries that can be exploited by an attacker to bypass local security restrictions, obtain shells, read files | Free |
| GraphQL Threat Matrix | [Source] | GraphQL threat framework to research security gaps in GraphQL implementations; documente features and limits of various engines | Free | |
| Hacking the cloud | [Source] | Encyclopedia of the attacks/tactics/techniques for offensive cloud exploitation | Free | |
| HackTricks | [Website] | [Source] | Guide and cheatsheet for pentesting: shell, linux exploitation, windows exploitation, mobile app pentesting, network pentesting, web pentesting, binary exploit, forensics, crypto, backdoor, etc. | Free |
| HackTricks Cloud | [Website] | [Source] | Guide and cheatsheet for cloud pentesting: CI/CD, Kubernetes, GCP, GWS, AWS, Azure, Digital Ocean, IBM Cloud, etc. | Free |
| Havoc store | [Website] | [Source] | Havoc modules and extensions store | Free |
| HijackLibs | [Website] | [Source] | Tracking publicly disclosed DLL hijacking opportunities | Free |
| HTML5 Security Cheatsheet | [Website] | XSS vector making use of HTML5, HTML4, CSS, DOM, UFT7, SVG, JSON, etc ... | Free | |
| Internal All The Things | [Website] | [Source] | Active Directory, internal infrastructure and cloud penetration test, red team cheatsheets | Free |
| Kaonashi | [Source] | Wordlist, hashcat rules and hashcat masks from Kaonashi project (RootedCON 2019) | Free | |
| Linux kernel syscall tables | [Website] | [Source] | Browsable linux kernel syscall tables built with Systrack | Free |
| LOFLCAB | [Website] | [Source] | Living off the Foreign Land Cmdlets and Binaries; curated list of cmdlets and binaries that are capable of performing activities from the local Windows system to a remote system | Free |
| LOLAPPS | [Website] | [Source] | Living Off The Land Applications; curated list of applications that have been used & abused for adversarial gain | Free |
| LOLBAS | [Website] | [Source] | Living Off The Land Binaries and Scripts; curated list/cheatsheet of Windows binaries that can be exploited by an attacker to bypass local security restrictions, obtain shells, read files | Free |
| LOLDrivers | [Website] | [Source] | Living Off The Land Drivers; curated list of Windows drivers used by adversaries to bypass security controls and carry out attacks | Free |
| LOLOL | [Website] | Living Off the Living Off the Land; collection of curated list/cheatsheet of commands and other resources that can be abused or allow security bypass on various environments | Free | |
| LOOBins | [Website] | [Source] | Living Off the Orchard macOS Binaries; curated list/cheatsheet of macOS binaries that can be exploited by an attacker for malicious purpose | Free |
| LOTHardware | [Website] | Living Off The Hardware; curated list of guidance for offensive hardware and offensive devices | Free | |
| LOTS | [Website] | Living Off Trusted Sites; curated list of popular legitimate domains used by attackers to conduct phishing, C&C, exfiltration and downloading tools to evade detection | Free | |
| MalAPI | [Website] | Maps Windows APIs to common techniques used by malware | Free | |
| Malware Traffic Analysis | [Website] | Malware traffic analysis blog and pastebin posts with pcap and malware samples attached; traffic analysis exercises | Free | |
| MD5 maxmin record | [Website] | Collection of various extremes of MD5 hashes | Free | |
| MDN - Event reference | [Website] | DOM Events reference, useful for XSS | Free | |
| MichMich | [Website] | Personal pentest notes and cheat sheets | Free | |
| Microsoft Wont-Fix-List | [Source] | List of vulnerabilities or design flaws Microsoft does not intend to fix | Free | |
| NetSPI SQL Injection Wiki | [Website] | [Source] | A wiki knowledge base focused on SQL injection for various DBMS | Free |
| Packet Storm | [Website] | Exploit index and security news | Free | |
| Payloads All The Things | [Website] | [Source] | A list of useful payloads and bypass for Web Application Security and Pentest/CTF | Free |
| Pentesting Azure Mindmap | [Source] | Mindmap to get the Global Admin access for Azure penetration tests | Free | |
| persistence-info | [Website] | [Source] | Curated list of techniques to gain Windows persistence | Free |
| Portswigger - XSS cheat sheet | [Website] | XSS cheat sheet containing many vectors that can help bypassing WAFs and filters | Free | |
| Priv2Admin | [Source] | Exploitation paths allowing to use the Windows Privileges to elevate rights within the OS | Free | |
| Privacy Tools | [Website] | [Source] | Website that provides knowledge and tools to protect your privacy against global mass surveillance | Free |
| Probable Wordlists | [Source] | Password lists sorted by probability originally created for password generation and testing | Free | |
| PTES | [Website] | The penetration testing execution standard covers all steps related to a penetration test | Free | |
| Red Teaming Tactics and Techniques | [Website] | [Source] | Exploring Red Teaming tactics and techniques, some of the common offensive security techniques involving gaining code execution, lateral movement, persistence and more | Free |
| Red Teaming and Malware Analysis | [Website] | Notes on red teaming, pentest and malware analysis | Free | |
| RubyFu | [Website] | [Source] | Offensive Ruby book | Free |
| SecLists | [Source] | Collection of multiple types of lists used during security assessments, collected in one place; include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, etc. | Free | |
| Security Certification Roadmap | [Website] | [Source] | Map referencing all security certifications existing in several categories: Implementation, Architecture, Management, Analysis, Defensive Operations, Offensive Operations | Free |
| Sploitus | [Website] | Exploit search engine (PacketStorm, Exploit-DB, 0day.today, etc.) and tools search engine (KitPloit) | Free | |
| SSH Hardening Guides | [Website] | Guides to hardening SSH on various systems | Free | |
| SSL Checklist for Pentesters (Explore Security) | [Website] | List of SSL/TLS checks that can be performed manually with OpenSSL or a web browser | Free | |
| StegOnline checklist | [Website] | [Source] | CTF Image Steganography Checklist | Free |
| The Bug Hunter's Methodology | [Source] | A collection of tips, tricks, tools, analysis and notes related to web application security assessments and more specifically towards bug hunting in bug bounties | Free | |
| The Hacker Recipes | [Website] | Guide and knowledge base for pentesting: active directory services, servers, web services, intelligence gathering, physical intrusion, social engineering, phishing, mobile apps | Free | |
| The Hacking Tool Trove | [Website] | THTT; tools cheat sheets, tools command examples, tools references | Free | |
| TIBER-EU | [Website] | European framework for threat intelligence-based ethical red-teaming | Free | |
| Unprotect | [Website] | Database of information about malware evasion techniques | Free | |
| Vergilius | [Website] | A collection of Microsoft Windows kernel structures, unions and enumerations; most of them are not officially documented and cannot be found in Windows Driver Kit (WDK) headers | Free | |
| VOID | [Website] | Verica Open Incident Database; community-contributed collection of software-related incident reports | Free | |
| VRT | [Website] | [Source] | Bugcrowd Vulnerability Rating Taxonomy (VRT) provides a baseline vulnerability priority scale for bug hunters and organizations | Free |
| vx-underground | [Website] | Collection of malware source code, samples, and papers | Free | |
| WADComs | [Website] | [Source] | Interactive cheat sheet, containing a curated list of offensive security tools and their respective commands, to be used against Windows/AD environments | Free |
| WEAKPASS | [Website] | Index of wordlists for brute-force attacks | Free | |
| Windows & Active Directory Exploitation Cheat Sheet and Command Reference | [Website] | Windows & Active Directory exploitation: enumeration, exploitation, lateral movement, privilege escalation, persistence, domain persistence, post-exploitation | Free | |
| WTFBins | [Website] | [Source] | Curated list of legitimate binaries that behaves exactly like malware | Free |
| XSS Payloads | [Website] | Provides advanced XSS payload, tools and documentation about XSS | Free |
National security agencies and services
| Name | Country | Website | Source | Description |
|---|---|---|---|---|
| ANSSI | France | [Website] | Agence Nationale de la Sécurité des Systèmes d'Information, French service responsible for computer security | |
| ASD | Australia | [Website] | Australian Signals Directorate, Australian service responsible for computer security | |
| CCB | Belgium | [Website] | Centre for Cyber Security Belgium, Belgium service responsible for computer security | |
| CNSS | United States of America | [Website] | Committee on National Security Systems, USA intergovernmental organization for the security of the USA security systems | |
| CSE/CST | Canada | [Website] | Communications Security Establishment/Centre de la sécurité des télécommunications, Canadian service responsible for computer security | |
| ENISA | [Website] | European Network and Information Security Agency, European Union service responsible for computer security | ||
| NCSC | Great Britain | [Website] | National Cyber Security Center, United Kingdom service responsible for computer security | |
| NIST | United States of America | [Website] | National Institute of Standards and Technology, Metrology laboratory and non-regulatory agency of the USA Department of Commerce | |
| NSA | United States of America | [Website] | National Security Agency, United States of America service responsible for computer security |
Non english
| Name | Language | Website | Source | Description | Price |
|---|---|---|---|---|---|
| Bamboofox | Chinese | [Website] | CTF guide | Free | |
| CERT.pl challenges | Polish | [Website] | Prequals challenge of the Polish CTF team for ECW | Free | |
| ctfs.me | Indonesian | [Website] | Challenges platform, challenges are in english | Free | |
| elhacker.net | Spanish | [Website] | Challenges platform | Free | |
| Flu-Project | Spanish | [Website] | Challenge platform, guides and news | Free | |
| Hack Players | Spanish | [Website] | Challenge platform, guides and news | Free | |
| Hacking-Challenges | German | [Website] | Challenges platform | Free | |
| Happy-Security | German | [Website] | Challenges platform | Free | |
| MIPT CTF | Russian | [Source] | CTF guide | Free | |
| NewbieContest | French | [Website] | Challenge platform | Free | |
| NOE | Korean | [Website] | Challenge platform | Free | |
| SuNiNaTaS | Korean | [Website] | Challenge platform | Free | |
| TDHack | Polish | [Website] | Challenge platform | Free | |
| TheBlackSide | French | [Website] | Challenge platform | Free | |
| Tower CTF | French | [Website] | Challenge platform | Free | |
| World of Wargame | Spanish | [Website] | Challenge platform | Free | |
| XCTF Agenda | Chinese | [Website] | World CTF agenda | Free | |
| Yashira | Spanish | [Website] | Challenge platform | Free |
Trainings and courses
| Name | Website | Source | Description | Price |
|---|---|---|---|---|
| API Security Academy | [Website] | [Source] | Platform dedicated to understand and secure GraphQL applications | Free |
| Bugcrowd University | [Website] | [Source] | Modules with slides, videos and sometimes labs to learn web security, by Bugcrowd | Free |
| Cybersecurity Guide | [Website] | List of degree programs, scholarships, and certifications | Free | |
| Cybrary | [Website] | Cyber Security learning, training and certification | Paid | |
| flAWS | [Website] | Learn about common mistakes and gotchas when using Amazon Web Services (AWS) from an offensive perspective | Free | |
| flAWS 2 | [Website] | Learn about common mistakes and gotchas when using Amazon Web Services (AWS) from an offensive and defensive perspective | Free | |
| Hacker101 | [Website] | [Source] | Class for web security targeting bug bounty hunters and security professionals, with video lessons and a CTF platform, by HackerOne | Free |
| Hextree | [Website] | Hacking courses platform organized as micro learning | Paid | |
| ITonlinelearning | [Website] | Training provider who offers certified online courses in IT, cyber security, and ethical hacking (CompTIA and EC-Council) | Paid | |
| OWASP Vulnerable Web Applications Directory | [Website] | [Source] | Comprehensive and registry of all known vulnerable web applications currently available | Free |
| PentestAcademy | [Website] | Cyber Security training with an online lab | Paid | |
| PentesterLab | [Website] | Pentest lab with exercises and videos: Unix, PCAP, HTTP, Code review, serialization, JWT, real vulnerabilities, GraphQL, common web vulnerabilities, MiTM, authentication (oAuth, SAML), Android, recon, advanced attacks, API, etc. | Paid | |
| Portswigger Web Security Academy | [Website] | Web Security training with an online lab | Free | |
| Pwned Labs | [Website] | Cloud security labs | Paid | |
| SANS | [Website] | Escal Institute of Advanced Technologies provides courses, certifications and learning materials | Paid | |
| Virtual Hacking Labs | [Website] | Pentest lab | Paid |
Tutorials
| Name | Website | Source | Description | Price |
|---|---|---|---|---|
| Cobalt - Getting Started with Android Application Security | [Website] | Tutorial covering Android core, application components, security testing, testing environment, adb usage, bypassing SSL pinning, reverse engineering APK | Free | |
| CTF Field Guide | [Website] | [Source] | CTF guide | Free |
| CTF Resources | [Website] | [Source] | CTF guide | Free |
| Infosec Institute - What a Challenger Perceives in most CTF Categories/Challenges | [Website] | Questions a challenger can ask himself during a CTF, classed by category | Free | |
| ISIS Lab Wiki | [Website] | CTF guide | Free | |
| Endgame - How to Get Started in CTF | [Website] | Tutorial for CTF beginners | Free | |
| NIZKCTF tutorial | [Source] | Tutorial to set up NIZKCTF | Free | |
| Xapax IT-Security Notebook | [Website] | [Source] | Overview guide for all kind of pentesting | Free |
Writeups collections and challenges source
| Name | Website | Source | Description | Price |
|---|---|---|---|---|
| Captf | [Website] | Dumped CTF challenges | Free | |
| CTFs write-ups | [Source] | Write-ups archive | Free | |
| hackthebox-writeups | [Source] | Writeups for HacktheBox machines and challenges (PDF) | Free | |
| Pwning OWASP Juice Shop | [Website] | [Source] | Official companion guide to the OWASP Juice Shop | Free |
| pwntools writeups | [Source] | Write-ups using pwntools archive | Free | |
| tryhackme-writeups | [Source] | Writeups for TryHackMe rooms (walkthrough & challenge) | Free |