When you first start learning something, it can be difficult to discover high-quality resources to help you on your journey. . In particular, these resources will provide beginner hackers with an excellent foundation for bug bounty hunting or penetration testing. Now keep in mind that there are a lot of resources out there, so I am definitely missing a lot of them. If I missed anything that you think should be covered – let me know!

The list is quite long, but don’t be overwhelmed. You don’t need to binge every piece of content at every link. You would have a hard time ever getting through it all. I certainly haven’t. Instead, aim to learn a little bit regularly. Or, as James Clear put it, “you should be far more concerned with your current trajectory than with your current results.”

Introduction to Hacking

Hacking in its simplest explanation is breaking into a system that has a certain degree of security.

Hacking is a skill set and requires a lot of practice to become good at.

There are 3 types of hackers, they are:

  • Black Hat.
  • White Hat.
  • Grey Hat.

Black hat hackers: This category of hackers do hacking for malicious purposes.

White hat hackers: This category of hackers do hacking for the benefit of others. They hack to secure the vulnerability that can lead to harm.

Grey Hat Hackers: This category of hackers acts as both white Hat and black hat hackers. This makes them be on both the good and bad side, depending on the situation 😀 .

Hacking is a vast subject. It has a lot of sub-categories which includes:

  • Web application.
  • Forensic.
  • Networking.
  • Cloud.
  • Systems both mobile and desktop devices.
  • Hardware.

These are some of the various things you can learn and each has sub-topics that are interesting.

The main goal of a white-hat hacker is to find a potential vulnerability, exploit it, gain access, create a detailed document and report it to the authorities.

Hackers or pentesters are paid on the scale of priority of the vulnerability reported. This is decided based on a priority table that is made by the board showing which part of their infrastructure is most important and needs special attention. If you are successful in finding a vulnerability in that specific section you can expect a high reward.

If you are not into full-time pentesting and want to do part-time then Bug-bounty hunting is the go-to thing for you.

Bug-bounty hunting is a program hosted by company websites with specified rules and regulations. They usually specify things they won’t consider a bug and other than those things, any other possible bug you find will get you some reward from the website.

A Bug in this sense is a vulnerability that can be exploited to gain information or unauthorized access into the server.

Bug bounty hunters usually have extensive knowledge of different types of bugs. Some of the common types of bugs include XSS, HTML-INJECTION, CSRF, etc. Having knowledge and being able to detect these vulnerabilities as a bug-bounty hunter can get you a decent amount of pay from the bounty.

Other than being a bug-bounty hunter, you can also be a freelance pentester, where the work will be more but the payout is more than that of a bug bounty.

Why Learn to Hack?

In my previous explanation, I have introduced you to various types of hackers and what they do for a living. Having knowledge of hacking and how it works, you can be able to protect yourself and others, and also educate them with your experience. You can also make a living via hacking by being a bug-bounty hunter or a freelance pentester. You could also get a job after gaining a few certifications.

This leads us to our next question where to start? if you ask me there is no way you can excel in any field without knowing the basics relating to the field you are going to choose.

All the things such as basic networking, web application, and programming can be learned from web sources such as Youtube or Udemy but if you want professional teaching then you can opt for training from official sources such as Offensive security, INE, EC-Council, etc.

Fundamentals are easy to understand anyone can achieve learning the fundamentals, but the main goal is to learn the advanced things, for example, if you understand how the server works with the client-side request, you can learn how to manipulate and possibly exploit the server.

You need not worry, anyone can achieve this. Some people are afraid to learn things from a new field while studying in a different field, for example, a commerce student fears that studying this topic will be of no use for him in the future even though it has potential.

Similarly, anyone from any field can learn to hack and become a hacker but it requires dedication and a lot of practice to learn and perfect your skills.

Professional aspect: Cybersecurity is a fast-growing field for job opportunities and even new freshers can also get a high salary job with work experience if you have prior experience and certifications then you can expect a good salary and high growth in your job profile.

The list of lists

I am not the first person to create a list of resources for beginner hackers, and I won’t be the last! Below you will find a list of lists. Each one is it’s own repository of resources, similar to this one.

  • Nahamsec’s “Resources for Beginner Bug Bounty Hunters” is an organised index of resources for learning to hack. It is quite comprehensive and well curated. It would take months to get through it all!
  • Codingo’s search functionality on his website indexes a huge stack of public content from hackers. This is particularly useful if you’re looking for content about a specific topic or vulnerability class.
  • S0cm0nkey’s “Security Reference Guide” is another excellent, well-curated and well-organised repository of cybersecurity resources.
  • InfosecWriteups is a Medium publication that has a huge amount of cybersecurity related write-ups for CTFs and bug bounties.

Labs

  • Pentesterlab has a hands-on approach to learning hacking. Each lesson is a hands-on lab where you need to exploit a vulnerability that mimics something you might see in a real-world application. It covers a lot of different bug classes from basic to advanced. They have a hosted paid offering, or you can download some of their more basic exercises as ISOs.
  • Portswigger labs is a huge set of web application security labs that are totally free. Each hands-on lab also comes with a solution and a “community solution” which is typically a YouTube video from the hacking community.
  • Tryhackme is a cybersecurity training platform and competitive hacking game. When you sign up, you choose between three streams: pre-security for fundamentals, offensive pentesting or cyber defense. The platform seems quite comprehensive, and includes labs for more than just web application vulnerabilities including buffer overflow, active directory and more.
  • Hackthebox is best known for being an ongoing worldwide competitive CTF, but they also provide some very high quality training “tracks” for any / all topics that you could think of. They offer a lot of labs/boxes for free, but also have different premium subscriptions that allow you to hack expired boxes, less crowded lab environments and pro labs.
  • Kontra is an online platform that offers a series of hosted labs designed to teach developers about application security. The platform is very slick and beginner friendly – each lab is story based. It walks through a plausible real-life attack scenario, teaching the student how the vulnerability would be exploited, and also what the vulnerable code looks like.
  • Hacker101.com is an online training platform for web security, created by bug bounty platform Hackerone. It includes a bunch of CTF challenges inspired by real-world vulnerabilities and also a series of video tutorials about all elements of web hacking.
  • Vulnhub is a platform that allows users to upload “challenge boxes” which are purposely vulnerable virtual machines, the aim is to gain root/system level access on these machines by exploiting various vulnerabilities.

YouTube Channels

  • John Hammond has a very entertaining channel covering all kinds of topics including CTF walkthroughs, programming tutorials, interviews, the dark web, malware analysis, and more! 
  • Nahamsec does “Recon Sundays” every Sunday, where he streams live recon and brings on guests to interview or hack with. He also hosts “Nahamcon”, a virtual security conference with great speakers.
  • STÖK makes all kinds of different cybersecurity related videos, mostly pertaining to bug bounties. He interviews some great hackers and documents live hacking events. He releases “Bug Bounty Thursdays” every week which outlines the latest bug bounty news.
  • Farah Hawa is excellent at taking complex topics and explaining them in a way that you will understand by breaking it down to fundamentals. She describes different bug classes, hacking process and career.
  • Codingo creates bug bounty specific videos including videos about tools, hacking processes, recon and more.
  • Liveoverflow is a cybersecurity YouTube legend at this point, having released over 300 videos about a huge range of topics.
  • PwnFunction also focuses primarily on web application hacking. The videos have a really nice style and are very well explained. 
  • Ippsec almost exclusively creates walkthroughs of HackTheBox challenge boxes. Every action is explained very well, it feels like you are watching a pro over their shoulder, and it is an excellent way to learn.
  • InsiderPhD “Dr, apparently, hacker, Lecturer in Cyber Security, Educational YouTuber, Application Security Engineer and still awaiting the nobel prize for more hours in the day.” Makes great videos about hacking, bug bounties, machine learning and more!
  • The Cyber Mentor (TCM) is an excellent cybersecurity educator who now runs his own academy, “TCM Security Academy“. He is best known for developing excellent cybersecurity courses, particularly in penetration testing.
  • Hakluke. I can recommend myself, right? I make instructional videos, bug bounty report explainers, career and mindset videos.

Video Sources

There are a lot of online video sources such as Youtube and Udemy. On social media platforms, you can follow some professionals who have great links and useful resources to learn from.

Social media

These are some of the best social media influencers who share information of value and can help you in your works.

On Youtube, you can refer to the following Youtube channels:

I would recommend you follow David Bombals’s Youtube video as he gives a lot of giveaways. I love his works, his explanations are also really easy to understand and beginner-friendly.

Web-articles

Web articles are write-ups that enable people with knowledge to share their thoughts and points related to a certain topic or a certain event that matters in the cybersecurity world.

There are several websites where one can find web articles. But I am going to mention a few of them that I find to be quite informative.

Website links:

These are some of the useful websites you can use to learn more about the latest events and more related to security-related content.

Books.

Cybersecurity-related books are all over the internet but some of them stand out. I am going to list 11 of the best ones to start your security journey.

Book links:

These are some of the most useful books out there for beginners and intermediate-level hackers.

Paid and free courses.

Udemy courses:

Weblinks to gain infinite knowledge in any field for free:

Twitter Accounts

I won’t give a description of each Twitter account because the content being posted will vary quite significantly from day to day. All of these Twitter accounts post excellent cybersecurity related content, most of them with a lilt towards bug bounties.

Blogs and Write-ups

  • Codelivly – Don’t Miss US
  • Hackerone Hacktivity has an unlimited stream of disclosed vulnerabilities on the Hackerone platform. Reading through them is a great way to see what kinds of things people are finding and inspiring your own hacking.
  • Crowdstream is the Bugcrowd equivalent of Hackerone’s Hacktivity. Although there are far less disclosed reports there, it’s worth reading through them!
  • Pentesterland has a huge, curated list of bug bounty writeups and resources for beginner hackers.
  • Inti De Ceukelaire is a great bug bounty hunter and the Head of Hackers at bug bounty platform Intigriti. He has a knack for finding critical systemic bugs that affect a lot of organisations, and doing great write-ups!
  • D0nut’s blog is a total mixed bag with lots of gems.
  • Intigriti’s Medium Publication is filled with great bug bounty content!
  • Secjuice is a not-for-profit publication that posts all kinds of articles about cybersecurity including CTF writeups, tutorials, methodologies and more.
  • Tomnomnom‘s blog has three exceptional technical write-ups about cooking cake, cooking steak and debugging a bug in an extremely niche window manager. As it turns out, “medium sized” eggs vary in size quite significantly.

There are also some great blogs with more advanced security research content, you can see a few of them below!

Discord / Forums

Being a part of the community and finding people to bounce ideas off is sometimes really helpful! Here are a bunch of invites for hacking-related Discord servers.

And so many more – you can use Discord’s “discover” feature to search for cybersecurity-related keywords.

Capture the Flag (CTF) Challenges

Capture the Flag (CTF) challenges are a popular way for beginners to learn hacking. These challenges are designed to simulate real-world hacking scenarios and allow participants to practice their skills in a safe and controlled environment. Here are some popular CTF platforms that beginners can use to start their hacking journey:

  1. HackTheBox: HackTheBox is a popular CTF platform that offers a wide range of challenges for beginners and advanced hackers. The challenges cover various topics, including web exploitation, cryptography, and reverse engineering.
  2. TryHackMe: TryHackMe is another popular CTF platform that offers a variety of challenges for beginners. The platform offers a gamified learning experience and provides virtual machines for participants to practice their hacking skills.
  3. VulnHub: VulnHub is a CTF platform that offers virtual machines with vulnerabilities that participants can exploit. The platform has a wide range of challenges, from beginner to advanced, and covers various topics, including web exploitation, cryptography, and reverse engineering.
  4. PicoCTF: PicoCTF is a CTF platform designed for beginners. The challenges cover various topics, including cryptography, web exploitation, and reverse engineering. The platform provides a gamified learning experience and offers tutorials and hints to help participants solve the challenges.
  5. OverTheWire: OverTheWire is a CTF platform that offers challenges related to system security and network security. The challenges cover various topics, including password cracking, network sniffing, and privilege escalation.

By using these CTF platforms, beginners can practice their hacking skills in a safe and controlled environment. These platforms provide a gamified learning experience and offer challenges that cover various topics related to hacking and cybersecurity.

Learning the Skills

NameDescription
CS 642: Intro to Computer Securityacademic content, full semester course, includes assigned readings, homework and github refs for exploit examples. NO VIDEO LECTURES.
CyberSec WTFCyberSec WTF Web Hacking Challenges from Bounty write-ups
Cybrarycoursera style website, lots of user-contributed content, account required, content can be filtered by experience level
Free Cyber Security TrainingAcademic content, 8 full courses with videos from a quirky instructor sam, links to research, defcon materials and other recommended training/learning
Hak5podcast-style videos covering various topics, has a forum, “metasploit-minute” video series could be useful
Hopper’s Roppers Security TrainingFour free self-paced courses on Computing Fundamentals, Security, Capture the Flags, and a Practical Skills Bootcamp that help beginners build a strong base of foundational knowledge. Designed to prepare for students for whatever they need to learn next.
Learning Exploitation with Offensive Computer Security 2.0blog-style instruction, includes: slides, videos, homework, discussion. No login required.
Mind MapsInformation Security related Mind Maps
MIT OCW 6.858 Computer Systems Securityacademic content, well organized, full-semester course, includes assigned readings, lectures, videos, required lab files.
OffensiveComputerSecurityacademic content, full semester course including 27 lecture videos with slides and assign readings
OWASP top 10 web security risksfree courseware, requires account
SecurityTubetube-styled content, “megaprimer” videos covering various topics, no readable content on site.
Seed Labsacademic content, well organized, featuring lab videos, tasks, needed code files, and recommended readings
TryHackMeDesigned prebuilt challenges which include virtual machines (VM) hosted in the cloud ready to be deployed

Malware Analysis

NameDescription
Malware traffic analysislist of traffic analysis exercises
Malware Analysis – CSCI 4976another class from the folks at RPISEC, quality content
[Bad Binaries] (https://www.badbinaries.com/)walkthrough documents of malware traffic analysis exercises and some occasional malware analysis.

Linux Penetration Testing OS

NameDescription
Kalithe infamous pentesting distro from the folks at Offensive Security
ParrotDebian includes full portable lab for security, DFIR, and development
Android TamerAndroid Tamer is a Virtual / Live Platform for Android Security professionals.
BlackArchArch Linux based pentesting distro, compatible with Arch installs
LionSec Linuxpentesting OS based on Ubuntu

Workshops/Playlists

  1. Web Hacking
  2. Ethical Hacking, A Comprehensive Playlist covering almost everything

Security Talks and Conferences

  1. InfoCon – Hacking Conference Archive
  2. Curated list of Security Talks and Videos
  3. Blackhat
  4. Defcon
  5. Security Tube
  6. Kevin Mitnick: Live Hack at CeBIT
  7. Ghost in the Cloud, Kevin Mitnick
  8. Kevin Mitnick | Talks at Google
  9. Complete Free Hacking Course: Go from Beginner to Expert Hacker Today

Sharpening Your Skills

NameDescription
Backdoorpen testing labs that have a space for beginners, a practice arena and various competitions, account required
The cryptopals crypto challengesA bunch of CTF challenges, all focused on cryptography.
Challenge LandCtf site with a twist, no simple sign-up, you have to solve a challengeto even get that far!
Crackmes.de Archive (2011-2015)a reverse engineering information Repo, started in 2003
Crackmes.oneThis is a simple place where you can download crackmes to improve your reverse engineering skills.
CTFLearnan account-based ctf site, where users can go in and solve a range of challenges
CTFs write-upsa collection of writeups from various CTFs, organized by
CTF365account based ctf site, awarded by Kaspersky, MIT, T-Mobile
The enigma groupweb application security training, account based, video tutorials
Exploit exerciseshosts 5 fulnerable virtual machines for you to attack, no account required
Google CTFSource code of Google 2017, 2018 and 2019 CTF
Google CTF 20192019 edition of the Google CTF contest
Google’s XSS gameXSS challenges, and potentially a chance to get paid!
Hack The BoxPen testing labs hosting over 39 vulnerable machines with two additional added every month
Hacker testsimilar to “hackthissite”, no account required.
Hacker Gatewayctfs covering steganography, cryptography, and web challengs, account required
Hacksplaininga clickthrough security informational site, very good for beginners.
hackburger.eehosts a number of web hacking challenges, account required
Hack.melets you build/host/attack vulnerable web apps
Hack this site!an oldy but goodie, account required, users start at low levels and progress in difficulty
knock.xss.moeXSS challenges, account required.
Lin.securityPractice your Linux privilege escalation
noe.systemsKorean challenge site, requires an account
Over the wireA CTF that’s based on progressive levels for each lab, the users SSH in, no account recquired
Participating Challenge Sitesaims at creating a universal ranking for CTF participants
PentesterLabhosts a variety of exercises as well as various “bootcamps” focused on specific activities
Pentestitacocunt based CTF site, users have to install open VPN and get credentials
Pentest Practiceaccount based Pentest practice, free to sign up, but there’s also a pay-as-you-go feature
Pentest.traininglots of various labs/VMS for you to try and hack, registry is optional.
PicoCTFCTF hosted by Carnegie Mellon, occurs yearly, account required.
pwnable.krDon’t let the cartoon characters fool you, this is a serious CTF site that will teach you a lot, account required
pwnable.twhosts 27 challenges accompanied with writeups, account required
Ringzer0 Teaman account based CTF site, hosting over 272 challenges
ROP EmporiumReturn Oriented Programming challenges
SmashTheStackhosts various challenges, similar to OverTheWire, users must SSH into the machines and progress in levels
Shellter Labsaccount based infosec labs, they aim at making these activities social
Solve Me“yet another challenge”, account required.
Vulnhubsite hosts a ton of different vulnerable Virtual Machine images, download and get hacking
websec.frFocused on web challenges, registration is optional.
tryhackmeAwesome platform to start learning cybersecurity, account is needed
webhacking.krlots of web security challenges are available, recommended for beginners. You need to solve a simple challenge to sign up.
Stereotyped ChallengesChallenges for web security professionals, account required.
Stripe CTF 2.0Past security contest where you can discover and exploit vulnerabilities in mock web applications.
Windows / Linux Local Privilege Escalation WorkshopPractice your Linux and Windows privilege escalation
Hacking ArticlesCTF Brief Write up collection with a lot of screenshots good for begginers
Hacker101 CTFCTF hosted by HackerOne, always online. You will receive invitations to some private programs on HackerOne platform as a reward.
Hacking LabEuropean platform hosting lots of riddles, challenges and competitions
PortswiggerBest Platform inorder to learn Web Pentesting, account required

Reverse Engineering, Buffer Overflow and Exploit Development

NameDescription
A Course on Intermediate Level Linux Exploitationas the title says, this course isn’t for beginners
Analysis and exploitation (unprivileged)huge collection of RE information, organized by type.
Binary hacking35 “no bullshit” binary videos along with other info
Buffer Overflow Exploitation Megaprimer for LinuxCollection of Linux Rev. Engineering videos
Corelan tutorialsdetailed tutorial, lots of good information about memory
Exploit tutorialsa series of 9 exploit tutorials,also features a podcast
Exploit developmentlinks to the forum’s exploit dev posts, quality and post style will vary with each poster
flAWS challengeThrough a series of levels you’ll learn about common mistakes and gotchas when using Amazon Web Services (AWS).
Introduction to ARM Assembly Basicstons of tutorials from infosec pro Azeria, follow her on twitter
Introductory Intel x8663 days of OS class materials, 29 classes, 24 instructors, no account required
Lena’s Reversing for Newbies (Complete)listing of a lengthy resource by Lena, aimed at being a course
Linux (x86) Exploit Development Seriesblog post by sploitfun, has 3 different levels
Megabeets journey into Radare2one user’s radare2 tutorials
Modern Binary Exploitation – CSCI 4968RE challenges, you can download the files or download the VM created by RPISEC specifically for challenges, also links to their home page with tons of infosec lectures
Recon.cx – reversing conferencethe conference site contains recordings and slides of all talks!!
Reverse Engineering for Beginnershuge textbook, created by Dennis Yurichev, open-source
Reverse engineering reading lista github collection of RE tools and books
Reverse Engineering challengescollection of challenges from the writer of RE for Beginners
Reverse Engineering for beginners (GitHub project)github for the above
Reverse Engineering Malware 101intro course created by Malware Unicorn, complete with material and two VM’s
Reverse Engineering Malware 102the sequel to RE101
reversing.kr challengesreverse engineering challenges varying in difficulty
Shell stormBlog style collection with organized info about Rev. Engineering.
Shellcode Injectiona blog entry from a grad student at SDS Labs
Micro Corruption — AssemblyCTF designed to learn Assembly by practicing

Privilege Escalation

NameDescription
4 Ways get linux privilege escalationshows different examples of PE
A GUIDE TO LINUX PRIVILEGE ESCALATIONBasics of Linux privilege escalation
Abusing SUDO (Linux Privilege Escalation)Abusing SUDO (Linux Privilege Escalation)
AutoLocalPrivilegeEscalationautomated scripts that downloads and compiles from exploitdb
Basic linux privilege escalationbasic linux exploitation, also covers Windows
Common Windows Privilege Escalation VectorsCommon Windows Privilege Escalation Vectors
Editing /etc/passwd File for Privilege EscalationEditing /etc/passwd File for Privilege Escalation
Linux Privilege EscalationLinux Privilege Escalation – Tradecraft Security Weekly (Video)
Linux Privilege Escalation Check Scripta simple linux PE check script
Linux Privilege Escalation Scriptsa list of PE checking scripts, some may have already been covered
Linux Privilege Escalation Using PATH VariableLinux Privilege Escalation Using PATH Variable
Linux Privilege Escalation using Misconfigured NFSLinux Privilege Escalation using Misconfigured NFS
Linux Privilege Escalation via Dynamically Linked Shared Object LibraryHow RPATH and Weak File Permissions can lead to a system compromise.
Local Linux Enumeration & Privilege Escalation Cheatsheetgood resources that could be compiled into a script
OSCP – Windows Priviledge EscalationCommon Windows Priviledge Escalation
Privilege escalation for Windows and Linuxcovers a couple different exploits for Windows and Linux
Privilege escalation linux with live examplecovers a couple common PE methods in linux
Reach the rootdiscusses a process for linux privilege exploitation
RootHelpera tool that runs various enumeration scripts to check for privilege escalation
Unix privesc checkera script that checks for PE vulnerabilities on a system
Windows exploits, mostly precompiled.precompiled windows exploits, could be useful for reverse engineering too
Windows Privilege Escalationcollection of wiki pages covering Windows Privilege escalation
Windows Privilege EscalationNotes on Windows Privilege Escalation
Windows privilege escalation checkera list of topics that link to pentestlab.blog, all related to windows privilege escalation
Windows Privilege Escalation Fundamentalscollection of great info/tutorials, option to contribute to the creator through patreon, creator is an OSCP
Windows Privilege Escalation GuideWindows Privilege Escalation Guide
Windows Privilege Escalation Methods for PentestersWindows Privilege Escalation Methods for Pentesters

Malware Analysis

NameDescription
Malware traffic analysislist of traffic analysis exercises
Malware Analysis – CSCI 4976another class from the folks at RPISEC, quality content
[Bad Binaries] (https://www.badbinaries.com/)walkthrough documents of malware traffic analysis exercises and some occasional malware analysis.

Network Scanning / Reconnaissance

NameDescription
Foot Printing with WhoIS/DNS recordsa white paper from SANS
Google Dorks/Google Hackinglist of commands for google hacks, unleash the power of the world’s biggest search engine

Vulnerable Web Application

NameDescription
bWAPPcommon buggy web app for hacking, great for beginners, lots of documentation
Damn Small Vulnerable Webwritten in less than 100 lines of code, this web app has tons of vulns, great for teaching
Damn Vulnerable Web Application (DVWA)PHP/MySQL web app for testing skills and tools
Google Gruyerehost of challenges on this cheesy web app
OWASP Broken Web Applications Projecthosts a collection of broken web apps
OWASP Hackademic Challenges projectweb hacking challenges
OWASP Mutillidae IIanother OWASP vulnerable app, lots of documentation.
OWASP Juice Shopcovers the OWASP top 10 vulns
WebGoat: A deliberately insecure Web Applicationmaintained by OWASP and designed to to teach web app security

Vulnerable OS

NameDescription
General Test Environment Guidancewhite paper from the pros at rapid7
Metasploitable2 (Linux)vulnerable OS, great for practicing hacking
Metasploitable3 [Installation]the third installation of this vulnerable OS
Vulnhubcollection of tons of different vulnerable OS and challenges

Linux Penetration Testing OS

NameDescription
Android TamerAndroid Tamer is a Virtual / Live Platform for Android Security professionals.
BackBoxopen source community project, promoting security in IT enivornments
BlackArchArch Linux based pentesting distro, compatible with Arch installs
Bugtraqadvanced GNU Linux pen-testing technology
Docker for pentestImage with the more used tools to create a pentest environment easily and quickly.
Kalithe infamous pentesting distro from the folks at Offensive Security
LionSec Linuxpentesting OS based on Ubuntu
ParrotDebian includes full portable lab for security, DFIR, and development
Pentoopentesting OS based on Gentoo

Exploits

NameDescription
0day.todayEasy to navigate database of exploits
Exploit Databasedatabase of a wide variety exploits, CVE compliant archive
CXsecurityIndie cybersecurity info managed by 1 person
Snyk Vulnerability DBdetailed info and remediation guidance for known vulns, also allows you to test your code

Forums

NameDescription
0x00sechacker, malware, computer engineering, Reverse engineering
Antichatrussian based forum
CODEBY.NEThacker, WAPT, malware, computer engineering, Reverse engineering, forensics – russian based forum
EAST Exploit databaseexploit DB for commercial exploits written for EAST Pentest Framework
Greysechacking and security forum
Hackforumsposting webstite for hacks/exploits/various discussion
4Hat Daybrazilian based hacker forum
CaveiraTechbrazilian based, general hacker forum

Archived Security Conference Videos

NameDescription
InfoCon.orghosts data from hundreds of cons
IrongeekWebsite of Adrien Crenshaw, hosts a ton of info.
infocondb.orga site that aims to catalog and cross-reference all hacker conferences.

Online Communities

NameDescription
Hacktodayrequires an account, covering all kinds of hacking topics
Hack+link requires telegram to be used
MPGHcommunity of MultiPlayerGameHacking

Online News Sources

NameDescription
InfoSeccovers all the latest infosec topics
Recent Hash Leaksgreat place to lookup hashes
Security Intellcovers all kinds of news, great intelligence resources
Threatpostcovers all the latest threats and breaches
Secjuice
The Hacker Newsfeatures a daily stream of hack news, also has an app

NOTE:

All references taken from Internet and shared on internet xD Thanks to those who shared their opinion before that helped me learn 😉 if you have any questions, please ask in the comments. If you know about any good resource for beginners, please share it here.

Conclusion

In conclusion, learning hacking can be a challenging task, but it is also a rewarding experience. As a beginner, there are many resources available online that can help you get started on your hacking journey. In this blog post, we have discussed some of the most popular resources for beginners to learn hacking, including online courses, CTF challenges, and online forums. By using these resources, beginners can gain a better understanding of the tools and techniques used in hacking, and practice their skills in a safe and controlled environment. As with any new skill, it takes time, patience, and dedication to become proficient in hacking, but with the right resources and a willingness to learn, anyone can become a successful hacker.

Shares:

Leave a Reply

Your email address will not be published. Required fields are marked *