Information Security Cheat Sheet
This is a recollection of links and resources I have found / been told about over the years. I developed this post in the hope to map out good resources in the indurstry, facilitating the spread of knowledge, no matter the skill level.
If any errors are spotted, or any links need adding / updating / removing. Please contact me via Twitter @SecGus (https://twitter.com/SecGus).
Personal Contributions
- MySQL Blind SQL Injection using Binary queries and REGEXP -https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/SQL Injection/MySQL Injection.md#mysql-blind-sql-injection-binary-query-using-regexp
- MySQL Blind SQL Injection in Order By clause -https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/SQL Injection/MySQL Injection.md#mysql-blind-sql-injection-in-order-by-clause-using-a-binary-query-and-regexp
CTF Pages
The King Of CTF Pages-https://ctftime.org/
247CTF -https://247ctf.com
HackTheBox -https://hackthebox.eu/
RootMe -https://root-me.org/
0x0539 -https://0x0539.net/
Laptop Hacking Coffee -https://ctf.laptophackingcoffee.org/
pwnable tw -http://pwnable.tw/(Only BinExp)
pwnable kr -http://pwnable.kr/(Only BinExp)
PicoCTF -https://picoctf.com/(Beginner friendly)
reversing kr -http://reversing.kr/
The Stereotyped Challenges -https://chall.stypr.com/
SDSLabs CTF -https://backdoor.sdslabs.co/
Payload Cheat Sheets
PayloadsAllTheThings -https://github.com/swisskyrepo/PayloadsAllTheThings
BurpSuite XSS Cheat Sheet -https://portswigger.net/web-security/cross-site-scripting/cheat-sheet
OSCP Preparation
Sam’s Review / Guide -https://coffeejunkie.me/OSCP-Exam-Overview/
R4J Buffer Overflow -https://github.com/r4j0x00/oscp-like-stack-buffer-overflow
Computerphile BoF Explanation -https://www.youtube.com/watch?v=1S0aBV-Waeo
g0tm1lk Linux Priv Esc Cheat Sheet -https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/
Windows Priv Esc -https://www.absolomb.com/2018-01-26-Windows-Privilege-Escalation-Guide/
Windows Priv Esc (built around OSCP) -https://sushant747.gitbooks.io/total-oscp-guide/privilege_escalation_windows.html
SAST Practice Pages
Secure Code Warrior -https://securecodewarrior.com/
ExploitDB (May require imagination) -https://www.exploit-db.com/
All Around Practical Learning (non-competitive)
OWASP Juice Shop -https://owasp.org/www-project-juice-shop/
Pentester Labs -https://pentesterlab.com/
OverTheWire -https://overthewire.org/(Beginner friendly)
Pentester Academy -https://www.pentesteracademy.com/
PortSwigger Labs -https://portswigger.net/web-security
OverTheWire -http://www.overthewire.org/
CTFLearn -http://ctflearn.com/
VulnHub -http://vulnhub.com/
Hacker101 -https://www.hacker101.com/
OSINTme -https://osintme.com/
All Around Theory Learning (non-competitive)
OWASP -https://owasp.org/
BurpSuite Research -https://portswigger.net/research
HumbleBundle Cyber Security Books -https://www.humblebundle.com/books/cybersecurity-2020-wiley-books?hmb_source=navbar&hmb_medium=product_tile&hmb_campaign=tile_index_4
Free SANS courses for the fundamentals -https://www.cyberaces.org/courses.html
Relevant Blogs / Podcasts
Security Weekly -https://securityweekly.com/category-shows/application-security-weekly/
Darknet Diaries -https://darknetdiaries.com/
TheManyHatsClub -https://themanyhats.club/
0x00Sec (Community Blog) -https://0x00sec.org/
Secret Club -https://secret.club/
g0tm1lk -https://blog.g0tmi1k.com/
Cybering -https://cybering.cc/
Twitch Hacking Channels (English)
TheBlindHacker -https://www.twitch.tv/theblindhacker
GeoHotz -https://www.twitch.tv/georgehotz
LiveOverflow -https://www.twitch.tv/LiveOverflow
Twitch Hacking Channels (Spanish)
S4vitar -https://www.twitch.tv/s4vitaar
Youtube Channels Pentesting (English)
HackerSploit -https://www.youtube.com/channel/UC0ZTPkdxlAKf-V33tqXwi3Q
IppSec -https://youtube.com/ippsec
TheCyberMentor -https://www.youtube.com/channel/UC0ArlFuFYMpEewyRBzdLHiw
LiveOverflow -https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w
Computerphile -https://www.youtube.com/user/Computerphile
Youtube Channels Pentesting (Spanish)
Victor Garcia -https://www.youtube.com/channel/UCjNHFaBm_0-Mo749MB3A9cQ
S4vitar -https://www.youtube.com/channel/UCNHWpNqiM8yOQcHXtsluD7Q
Julio Ureña -https://www.youtube.com/channel/UC2o1vzpUIvgf0VMJIMKZ_rQ
Relevant Discord Servers and Communities
TheManyHatsClub -https://discord.gg/infosec
ThugCrowd -https://thugcrowd.com/
LaptopHackingCoffee -https://laptophackingcoffee.org/doku.php?id=start
HackTheBox -https://discord.gg/hRXnCFA
0x00Sec -https://discord.gg/PHM9Wak(https://0x00sec.org)
John Hammond Discord -https://discord.gg/Kgtnfw4
ReSwitched -https://discordapp.com/invite/ZdqEhed
ur-hackr -https://ur-hackr.com/
Companies Offering Certificate
ELearnSecurity -https://elearnsecurity.com/
Pentester Academy -https://www.pentesteracademy.com/
Offensive Security -https://www.offensive-security.com/
HackTheBox -https://hackthebox.eu/
Other Relevant Links
The Cybrary -https://www.cybrary.it/
CyberFirst -https://www.ncsc.gov.uk/cyberfirst/
Mind Map Everything -https://www.amanhardikar.com/mindmaps.html
Events around London -https://medium.com/@securestep9/cybersecurity-infosec-appsec-meetups-events-in-london-3688c4a42ea6
Razvi’s List of Hacking Sites -https://razvioverflow.github.io/starthacking
Peerlyst -https://www.peerlyst.com/
CTFs for beginners -https://twitter.com/JenF3rr_/status/1208577793359003648
HackerOne Bugbounty page -https://hackerone.com/
Using Twitter for InfoSec -https://dev.to/vickilanger/that-s-it-that-s-the-tweet-send-3e0h
CVE feed from the mitre -https://cve.mitre.org/