Updated: 04/2020
This is my ongoing list of resources I regularly use. I will attempt keep this updated as I run across useful resources.
Please feel free to recommend additional resources here.
General Security Education
Cybrary.it – https://www.cybrary.it/
Security Tube – http://www.securitytube.net/
Offensive Computer Security – https://www.cs.fsu.edu/~redwood/OffensiveComputerSecurity/lectures.html
Udemy – https://www.udemy.com/
Web
OWASP – https://owasp.org/
Over the Wire: http://overthewire.org/wargames/natas/
BugCrowd University: https://www.bugcrowd.com/hackers/bugcrowd-university/
Security Shephard: https://www.owasp.org/index.php/OWASP_Security_Shepherd
Vuln web app: https://www.vulnhub.com/entry/bwapp-bee-box-v16,53/
Bloggers:
The Human Machine Interface – https://h0mbre.github.io/
The Sh3llc0d3r’s Blog – http://sh3llc0d3r.com/
Security talks:
Iron Geek – http://www.irongeek.com/
Offensive Security:
CTFs – https://ctftime.org/
Vuln Hub – https://www.vulnhub.com/
Over the Wire – https://overthewire.org/wargames/
Pwnable XYZ- https://pwnable.xyz/challenges/
Smash The Stack – http://smashthestack.org/
Embedded Security – https://microcorruption.com/login
Red Team Powershell Cheat sheet – https://gist.github.com/jivoi/c354eaaf3019352ce32522f916c03d70
Exploit Development – https://github.com/longld/peda
Password Cracking – https://bytesoverbombs.io/cracking-everything-with-john-the-ripper-d434f0f6dc1c
Defensive Security:
Tons of honeypots – https://github.com/paralax/awesome-honeypots
Malware Analysis
PepperMalware Blog – http://www.peppermalware.com/2019/03/quick-analysis-of-trickbot-sample-with.html
Malware Samples – https://github.com/ytisf/theZoo
News
InfoSecIndustry – https://infosecindustry.com/
Reddit – https://www.reddit.com/r/netsec/ , https://www.reddit.com/r/sysadmin/
StackExchange – https://security.stackexchange.com/
HackerNews – https://news.ycombinator.com/
Reverse Engineering
Malware Analysis
Chrackmes – https://crackmes.one/
Pwnable KR – https://pwnable.kr/
Pwnable TW – https://pwnable.tw/
Penetration Testing
Reconnaissance
Whois Lookup – https://whois.arin.net/ui/query.do
RIPE Network Coordination Centre – https://apps.db.ripe.net/db-web-ui/fulltextsearch
Shodan – https://www.shodan.io/
Cruchbase – https://www.crunchbase.com/
URL and website scanner – https://urlscan.io/
Domain Flyover Tool – https://github.com/michenriksen/aquatone
Fuzzing Tools
https://github.com/OpenRCE/sulley
https://github.com/jtpereyda/boofuzz
Debugging Tools
https://github.com/corelan/mona
https://www.immunityinc.com/products/debugger/
Sysadmin Tools
NirSoft – http://www.nirsoft.net/
Sysinternals Suite – https://docs.microsoft.com/en-us/sysinternals/downloads/sysinternals-suite
Sectools – https://sectools.org/
Web Archive
Wayback Machine – https://archive.org/
Time Travel – http://timetravel.mementoweb.org/
Cached View – http://cachedview.com/
Jobs
peerlyst – https://www.peerlyst.com/
Compliance
NIST Publications – https://csrc.nist.gov/publications/
NIAP – https://www.niap-ccevs.org/
Common Criteria – https://www.commoncriteriaportal.org/
Podcasts
I regularly listen to podcasts during my commute. My list changes often, but here is my current list of recommended podcasts for information security.
AWS Podcast – Amazon Web Services
AWS re:Invent 2018 – AWS
Brakeing Down Incident Response – Michael Gough
Brakeing Down Security Podcast – Bryan Brake
Darknet Diaries – Jack Rhysider
Defensive Security Podcast – Malware, Hacking, Cyber Security & Infosec – Jerry Bell and Andrew Kalat
Down the Security Rabbithole Podcast – Rafal Los (Wh1t3Rabbit)
Hackable? – McAfee
Malicious Life – Cyberreason
Packet Pushers Podcast Network – Packet Pushers
Security Now – Twit