标签(标签)

资源精选(342) Go开发(108) Go语言(103) Go(99) angular(82) LLM(75) 大语言模型(63) 人工智能(53) 前端开发(50) LangChain(43) golang(43) 机器学习(39) Go工程师(38) Go程序员(38) Go开发者(36) React(33) Go基础(29) Python(24) Vue(22) Web开发(20) Web技术(19) 精选资源(19) 深度学习(19) Java(18) ChatGTP(17) Cookie(16) android(16) 前端框架(13) JavaScript(13) Next.js(12) 安卓(11) 聊天机器人(10) typescript(10) 资料精选(10) NLP(10) 第三方Cookie(9) Redwoodjs(9) LLMOps(9) Go语言中级开发(9) 自然语言处理(9) PostgreSQL(9) 区块链(9) mlops(9) 安全(9) 全栈开发(8) ChatGPT(8) OpenAI(8) Linux(8) AI(8) GraphQL(8) iOS(8) 软件架构(7) Go语言高级开发(7) AWS(7) C++(7) 数据科学(7) whisper(6) Prisma(6) 隐私保护(6) RAG(6) JSON(6) DevOps(6) 数据可视化(6) wasm(6) 计算机视觉(6) 算法(6) Rust(6) 微服务(6) 隐私沙盒(5) FedCM(5) 语音识别(5) Angular开发(5) 快速应用开发(5) 提示工程(5) Agent(5) LLaMA(5) 低代码开发(5) Go测试(5) gorm(5) REST API(5) 推荐系统(5) WebAssembly(5) GameDev(5) CMS(5) CSS(5) machine-learning(5) 机器人(5) 游戏开发(5) Blockchain(5) Web安全(5) Kotlin(5) 低代码平台(5) 机器学习资源(5) Go资源(5) Nodejs(5) PHP(5) Swift(5) 智能体(4) devin(4) Blitz(4) javascript框架(4) Redwood(4) GDPR(4) 生成式人工智能(4) Angular16(4) Alpaca(4) 编程语言(4) SAML(4) JWT(4) JSON处理(4) Go并发(4) kafka(4) 移动开发(4) 移动应用(4) security(4) 隐私(4) spring-boot(4) 物联网(4) nextjs(4) 网络安全(4) API(4) Ruby(4) 信息安全(4) flutter(4) 专家智能体(3) Chrome(3) CHIPS(3) 3PC(3) SSE(3) 人工智能软件工程师(3) LLM Agent(3) Remix(3) Ubuntu(3) GPT4All(3) 软件开发(3) 问答系统(3) 开发工具(3) 最佳实践(3) RxJS(3) SSR(3) Node.js(3) Dolly(3) 移动应用开发(3) 低代码(3) IAM(3) Web框架(3) CORS(3) 基准测试(3) Go语言数据库开发(3) Oauth2(3) 并发(3) 主题(3) Theme(3) earth(3) nginx(3) 软件工程(3) azure(3) keycloak(3) 生产力工具(3) gpt3(3) 工作流(3) C(3) jupyter(3) 认证(3) prometheus(3) GAN(3) Spring(3) 逆向工程(3) 应用安全(3) Docker(3) Django(3) R(3) .NET(3) 大数据(3) Hacking(3) 渗透测试(3) C++资源(3) Mac(3) 微信小程序(3) Python资源(3) JHipster(3) 大型语言模型(2) 语言模型(2) 可穿戴设备(2) JDK(2) SQL(2) Apache(2) Hashicorp Vault(2) Spring Cloud Vault(2) Go语言Web开发(2) Go测试工程师(2) WebSocket(2) 容器化(2) AES(2) 加密(2) 输入验证(2) ORM(2) Fiber(2) Postgres(2) Gorilla Mux(2) Go数据库开发(2) 模块(2) 泛型(2) 指针(2) HTTP(2) PostgreSQL开发(2) Vault(2) K8s(2) Spring boot(2) R语言(2) 深度学习资源(2) 半监督学习(2) semi-supervised-learning(2) architecture(2) 普罗米修斯(2) 嵌入模型(2) productivity(2) 编码(2) Qt(2) 前端(2) Rust语言(2) NeRF(2) 神经辐射场(2) 元宇宙(2) CPP(2) 数据分析(2) spark(2) 流处理(2) Ionic(2) 人体姿势估计(2) human-pose-estimation(2) 视频处理(2) deep-learning(2) kotlin语言(2) kotlin开发(2) burp(2) Chatbot(2) npm(2) quantum(2) OCR(2) 游戏(2) game(2) 内容管理系统(2) MySQL(2) python-books(2) pentest(2) opengl(2) IDE(2) 漏洞赏金(2) Web(2) 知识图谱(2) PyTorch(2) 数据库(2) reverse-engineering(2) 数据工程(2) swift开发(2) rest(2) robotics(2) ios-animation(2) 知识蒸馏(2) 安卓开发(2) nestjs(2) solidity(2) 爬虫(2) 面试(2) 容器(2) C++精选(2) 人工智能资源(2) Machine Learning(2) 备忘单(2) 编程书籍(2) angular资源(2) 速查表(2) cheatsheets(2) SecOps(2) mlops资源(2) R资源(2) DDD(2) 架构设计模式(2) 量化(2) Hacking资源(2) 强化学习(2) flask(2) 设计(2) 性能(2) Sysadmin(2) 系统管理员(2) Java资源(2) 机器学习精选(2) android资源(2) android-UI(2) Mac资源(2) iOS资源(2) Vue资源(2) flutter资源(2) JavaScript精选(2) JavaScript资源(2) Rust开发(2) deeplearning(2) RAD(2)
更多的标签
x

【渗透测试】学习道德Hacking 和渗透测试的绝佳资源

apaas.dev
31 May 2022
SEO Title
Awesome Resources For Learning Ethical Hacking & Pentesting

Books

  1. The Hacker Playbook 2: Practical Guide To Penetration Testing
  2. The Basics of Hacking and Penetration Testing, Second Edition: Ethical Hacking and Penetration Testing Made Easy
  3. Breaking into Information Security: Learning the Ropes 101
  4. Penetration Testing: A Hands-On Introduction to Hacking
  5. Social Engineering: The Art of Human Hacking
  6. Hacking: The Art of Exploitation, 2nd Edition
  7. Web Hacking 101
  8. OWASP Testing Guide (A must read for web application developers and penetration testers)
  9. The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws
  10. The Basics of Web Hacking: Tools and Techniques to Attack the Web

Learning Platforms to Sharpen Your Skills

Online

Name Description
CTF Hacker101 The Hacker101 CTF is a game designed to let you learn to hack in a safe, rewarding environment. Hacker101 is a free educational site for hackers.
Hack The Box :: Penetration Testing Labs An online platform to test and advance your skills in penetration testing and cyber security. Join today and start training in our online labs.
TryHackMe TryHackMe is an online platform that teaches cyber security through short, gamified real-world labs.
CTF365 An account based ctf site, awarded by Kaspersky, MIT, T-Mobile.
Backdoor Pen testing labs that have a space for beginners, a practice arena and various competitions, account required.
Hack.me Lets you build/host/attack vulnerable web apps.
CTFLearn An account-based ctf site, where users can go in and solve a range of challenges.
OWASP Vulnerable Web Applications Directory Project (Online) List of online available vulnerable applications for learning purposes.
Pentestit labs Hands-on Pentesting Labs (OSCP style)
Root-me.org Hundreds of challenges are available to train yourself in different and not simulated environments
Vulnhub.com Vulnerable By Design VMs for practical 'hands-on' experience in digital security
Windows / Linux Local Privilege Escalation Workshop Practice your Linux and Windows privilege escalation.
Hacking Articles CTF Breif Write up collection with a lot of screenshots good for beggainers.
Rafay Hacking Articles, a great blog Write up collections by Rafay Baloch.
PentesterLab 20$ signature, complete content basic to write exploits, web, android.
CyberSec WTF Emulated web pentesting challenges from bounty write-ups

Off-Line

Name Description
Damn Vulnerable Xebia Training Environment Docker Container including several vurnerable web applications (DVWA,DVWServices, DVWSockets, WebGoat, Juiceshop, Railsgoat, django.NV, Buggy Bank, Mutilidae II and more)
OWASP Vulnerable Web Applications Directory Project (Offline) List of offline available vulnerable applications for learning purposes

Vulnerable Machines/Websites

  1. FiringRange

Vulnerability Databases And Resources

Vulnerability Databases are the first place to start your day as a security professional. Any new vulnerability detection is generally available through the public vulnerability databases. These databases are a big source of information for hackers to be able to understand and exploit/avoid/fix the vulnerability.

Malware Analysis

Name Description
Malware traffic analysis list of traffic analysis exercises
Malware Analysis - CSCI 4976 another class from the folks at RPISEC, quality content
[Bad Binaries] (https://www.badbinaries.com/) walkthrough documents of malware traffic analysis exercises and some occasional malware analysis.

Linux Penetration Testing OS

Name Description
Kali the infamous pentesting distro from the folks at Offensive Security
Parrot Debian includes full portable lab for security, DFIR, and development
Android Tamer Android Tamer is a Virtual / Live Platform for Android Security professionals.
BlackArch Arch Linux based pentesting distro, compatible with Arch installs
LionSec Linux pentesting OS based on Ubuntu

Courses

  1. Computer Systems Security, MIT
  2. cisco's cources 3.cybrary 4.hackers academy

For those who want to do CEH, the following links are for you. 2. CBT Nuggets CEH Training 3. CEH Books 4. Guide to Binary Exploitation

Workshops/Playlists

  1. Web Hacking
  2. Ethical Hacking, A Comprehensive Playlist covering almost everything

Security Talks and Conferences

  1. InfoCon - Hacking Conference Archive
  2. Curated list of Security Talks and Videos
  3. Blackhat
  4. Defcon
  5. Security Tube
  6. Kevin Mitnick: Live Hack at CeBIT
  7. Ghost in the Cloud, Kevin Mitnick
  8. Kevin Mitnick | Talks at Google
  9. Complete Free Hacking Course: Go from Beginner to Expert Hacker Today

YouTube Channels

Now let’s get Towards YouTube Channel Links... These Channels are Shared By Hackers where They Upload their Video POCs.. Watching them u can actually understand how to demonstrate these type of attacks...

  1. LiveOverflow
  2. Black Hat
  3. Injector Pca
  4. Hisham Mir
  5. Devil Killer
  6. Suleman Malik
  7. Dem0n
  8. Frans Rosén
  9. HackerOne
  10. ak1t4 machine
  11. Shawar Khan
  12. vulnerability0lab
  13. Bugcrowd
  14. Vijay Kumar
  15. Web Development Tutorials
  16. Jan Wikholm
  17. Bhargav Tandel
  18. ErrOr SquaD
  19. SecurityIdiots
  20. Penetration Testing in Linux
  21. Hussnain Fareed
  22. Null Byte
  23. ZAID
  24. vabs tutorial
  25. the cyber mentor
  26. PwnFunction

Any Channel Link Missing? Kindly add it in Comments

Forums

Name Description
0x00sec hacker, malware, computer engineering, Reverse engineering
Antichat russian based forum
CODEBY.NET hacker, WAPT, malware, computer engineering, Reverse engineering, forensics - russian based forum
EAST Exploit database exploit DB for commercial exploits written for EAST Pentest Framework
Greysec hacking and security forum
Hackforums posting webstite for hacks/exploits/various discussion

原文:https://github.com/husnainfareed/Awesome-Ethical-Hacking-Resources

标签