This repository is an overview of what resources you need in cybersecurity which we called infosec and a collection of hacking tools, resources and references to practice ethical hacking. Most of the tools are UNIX & LINUX compatible, free and open source.
- How to start hacking? The ultimate two path guide to information security. - /r/hacking
- LiveOverflow's YouTube channel
- Advice for young hackers. How to teach yourself
-
Threat Protection
- Protect against SIM-swap scam: via wired
- How to spot a phishing attack: via EFF
- Protection from Identity Theft: via Restore Privacy
- Protecting from key-stroke-logging, with KeyScrambler: via TechRepublic
- Guide to Hash Checks, to ensure a program has not been tampered with: via ProPrivacy
- Permanently and Securely Delete ‘Files and Directories’ in Linux: via TechMint
-
Networking
- How to enable DNS over HTTPS: via geekwire
- How to resolve DNS leak issue: via DNSLeakTest
- Protect against WebRTC Leaks: via Restore Privacy
- ISP and DNS privacy tips: via bluz71
- Beginners guide on getting started with Tor: via ProPrivacy
- Beginners guide to I2P: via The Tin Hat
- About Using VPN and Tor together: via ProPrivacy
- How to use
__nomap
, to reduce public exposure of SSID: via ghacks - Up-to-date router configurations for advanced security: via RouterSecurity.org
-
Communication
- Email Self-Defense, Configure your mail client securly, from scratch - via FSF.org
- How to avoid Phishing Attacks: via EFF
- How to use PGP: Via EFF - Windows, MacOS and Linux
- A Step-by-Step Guide to Generating More Secure GPG Keys: via spin.atomicobject.com
- How to Maintain Anonyimity in BitCoin Transactions: coinsutra.com
- Beginners Guide to Signal (secure messaging app): via Freedom of the Press Foundation
- How to use OTR messaging with Adium (MacOS): via CalyxiIstitute.org
- Full guide to using plaintext emails: via useplaintext.email
-
Devices
- How to Enable Encryption on your Devices: via SpreadPrivacy.com
- How to Delete your Data Securely: Via EFF - Windows, MacOS and Linux
- Layers of Personal Tech Security: via The Wire Cutter
- Device-Specific Privacy Guides: via SpreadPrivacy
- For: Windows 10, MacOS, Linux, Android and iOS
- Guide to scrubbing Windows OSs from forensic investigation: by u/moschles, via Reddit
- A curated list of Windows Domain Hardening techniques: by @PaulSec, via: GitHub
- Configuring Gboard for better Privacy: via Ghacks
- Settings to update on iPhone, for better privacy: via lifehacker
- How to check App Permissions (Android, iOS, Mac & Windows): via Wired
- How to manage Self-Encrypting Drives: via TechSpot
- Harden your MacOS Security: via @drduh on GitHub
-
Software
- Complete guide to configuring Firefox for Privacy + Speed: via 12bytes
- Firefox Configuration Guide for Beginners: via 12bytes
- How to use Vera Crypt: via howtogeek
- How to use KeePassXC: via EFF
- How to use uMatrix browser addon to block trackers: via ProPrivacy
- How to set up 2-Factor Auth on common websites: via The Verge
- How to use DuckDuckGo advanced search features: via Ghacks
- How to use Cryptomator (encrypt files on cloud storage): via It's Foss
-
Physical Security
- Guide to Living Anonymously, Personal Data Removal and Credit Freeze: via IntelTechniques.com
- Hiding from Physical Surveillance: via Snallabolaget
- Guide to opting-out of public data listings and marketing lists: via World Privacy Forum
-
Enterprise
- A basic checklist to harden GDPR compliancy: via GDPR Checklist
-
Reference Info
- A direcory of websites, apps and services supporting 2FA: via TwoFactorAuth.org
- A directory of direct links to delete your account from web services: via JustDeleteMe.xyz
- Impartial VPN Comparison Data: via ThatOnePrivacySite
- Terms of Service; Didn't Read - Vital resource that summarizes and extracts the key details from Privacy Policies/ Terms of Services, aiming to fix the issues caused by blindly agreeing to these Terms: via tosdr.org
- Free, open-source and privacy-respecting alternatives to popular software: via Switching.Software
- Product reviews from a privacy perspective, by Mozilla: via Privacy Not Included
- Surveillance Catalogue - Database of secret government surveillance equipment, Snowden: via The Intercept
- See also: The source code, on WikiLeaks Vault7 and Vault8, and the accompanying press release
- Who Has Your Back? - Which companies hand over your comply with Government Data Requests 2019: via EFF
- Check who your local and government representatives in your local area are WhoAreMyRepresentatives.org
- Open project to rate, annotate, and archive privacy policies: via PrivacySpy.org
- Hosts to block: via someonewhocares/ hosts / StevenBlack/ hosts
- Magic Numbers - Up-to-date file signature table, to identify / verify files have not been tampered with: via GaryKessler
- List of IP ranges per country: via Nirsoft
- Database of default passwords for various devices by manufacturer and model: via Default-Password.info
-
All-in-one digital and physical security
- Umbrella: an open source iOS/Android/Web app for learning about and managing digital, operational and physical security (from safe communication to dealing with a kidnap) via Security First
-
General
- 8-point manifesto, of why Privacy Matters: via whyprivacymatters.org
- Rethinking Digital Ads: via TheInternetHealthReport
-
Encryption
- Overview of projects working on next-generation secure email: via OpenTechFund
- Anatomy of a GPG Key: via @DaveSteele
-
Surveillance
- Twelve Million Phones, One Dataset, Zero Privacy: via NY Times
- Windows data sending: via The Hacker News
- Is your Anti-Virus spying on you: via Restore Privacy
- What does your car know about you?: via Washington Post
- Turns Out Police Stingray Spy Tools Can Indeed Record Calls: via Wired
- UK Police Accessing Private Phone Data Without Warrant: via Restore Privacy
- Rage Against Data Dominance: via Privacy International
- NSA Files Decoded, What the revelations mean for you: via The Guardian
- How to Track a Cellphone Without GPS—or Consent: via Gizmodo
- Apps able to track device location, through power manager: via Wired
- Hackers and governments can see you through your phone’s camera: via Business Insider
- Law Enforcement Geo-Fence Data Requests - How an Innocent cyclist became a suspect when cops accessed his Google location data: via Daily Mail
- IBM Used NYPD Surveillance Footage to Develop Technology That Lets Police Search by Skin Color: via TheIntercept
-
Threats
- 23 reasons not to reveal your DNA: via Internet Health Report
- Security of Third-Party Keyboard Apps on Mobile Devices: via Lenny Zelster
- Mobile Websites Can Tap Into Your Phone's Sensors Without Asking: via Wired
- Non-admin accounts mitigate 94% of critical Windows vulnerabilities: via ghacks
- Android Apps are able to monitor screen state, data usage, installed app details and more without any permissions: by @databurn-in, via GitHub
- See also, PrivacyBreacher - an app developed by @databurn-in, which demonstrates these issues
- How URL Previews in Apps can Leak Personal Info: via hunch.ly
- Big data privacy risks: via CSO Online
- Anti-Doxing Guide (For Activists Facing Attacks): via Equality Labs
-
Breaches
- Wired guide to data breaches - past, present and future: via Wired
- Grindr and OkCupid Spread Personal Details Study Says: via NY Times
- The Asia-Pacific Cyber Espionage Campaign that Went Undetected for 5 Years: via TheHackerNews
- ClearView AI Data Breach - 3 Billion Faces: via Forbes
- The MongoDB hack and the importance of secure defaults: via Synk
- Truecaller Data Breach – 47.5 Million Indian Truecaller Records On Sale: via GBHackers
- Hundreds of millions of Facebook user records were exposed on Amazon cloud server: via CBS News
- Microsoft data breach exposes 250 million customer support records: via Graham Cluley
-
Data Collection
- Ring Doorbell App Packed with Third-Party Trackers: via EFF
- How a highly targeted ad can track your precise movements: via Wired
- Based on the paper, Using Ad Targeting for Surveillance on a Budget: via Washington.edu
- How websites can see your full personal details, from your phone contract info: via Medium/@philipn
- Facebook and America’s largest companies give worker data to Equifax: via FastCompany
- Exfiltration of personal data by session-replay scripts: via Freedom-to-Tinker
- Apple's iTerm2 Leaks Everything You Hover in Your Terminal via DNS Requests: via BleepingComputer
- Google Has Quietly Dropped Ban on Personally Identifiable Web Tracking: via propublica.org
Warning: I have not read all of them so do not consider I am recommending them because I liked them. Those seem to provide useful resources that's why I'm recommending them.
- Penetration Testing: A Hands-On Introduction to Hacking (2014)
- Kali Linux Revealed - PDF (2017)
- Blue Team Field Manual (BTFM) (2017)
- Cybersecurity - Attack and Defense Strategies (2018)
- NMAP Network Scanning : Official Discovery (2009)
- Social Engineering : The Art of Human Hacking (2010)
- Incognito Toolkit: Tools, Apps, and Creative Methods for Remaining Anonymous (2013)
- Permanent Record (2019)
- Sandworm
- Extreme Privacy (2022)
- Ghost in the Wires (2011)
- The Art of Invisibility (2017)
-
Security Reserachers
- Krebs on Security - Lots of up-to-date, in-depth interesting cyber security news and investigations, by a true legend in the field and NY Times Bestseller, Brian Krebs. RSS
- Schneier on Security - Commentary, news, essays and more all about cryptography, cyber security and privacy. New posts are written almost daily, and this is also home to the famous Crypto Gram weekly newsletter, that's been popular since 1994. By the world-renowned security professional, and serial bestselling author, Bruce Schneier. RSS
- Troy Hunt - Security researcher and data breach collector. RSS
- Graham Cluley - Security news, advise and opinion. From Graham Cluley, co-host of Smashing Security.
- The Last Watch Dog - Privacy and Security articles, opinion and media by Byron Acohido
- Daniel Miessler - Summaries recent news and events, and focuses on security, technology and people. RSS
- Errata Security - Covers latest interesting news, and explains concepts clearly. By Robert Graham and David Maynor. RSS
- Underground Tradecraft - Counterintelligence, OPSEC and Tradecraft for everyone
- Google Project Zero blog - Cutting-edge vulnerability research.
- Secret Club - Syndicated publication on various innovative research on reverse engineering, esp. game hacking.
- Can Bölük's blog - Hypervisors, Windows internals, anticheats. He is a legendary reverse engineer
- Orange Tsai's blog - Lot of cutting-edge research on a broad range of topics. He is totally an infosec legend
- Rolf Rolles' blog - Reverse engineering, program analysis, (de)obfuscation, IDA Pro
- back.engineering - Mainly xeroxz's blog but also features some syndicated articles.
- lcamtuf's blog - Fuzzing and systems.
- Halvarflake's blog - Various topics in systems and security.
- Trail of Bits blog - State-of-the-art research on cryptography, program analysis, bug hunting
- Bruce Dawson's blog - Systems, compilers, and performance.
- Travis Downs' blog - Systems, compilers, and performance.
- Bruce Schneier's blog - Cryptography and privacy news.
- Hex-Rays blog - Tips and tricks for IDA Pro
-
Cyber Security News
- Dark Reading - Well-known cyber security news site, with articles on a range of topics, ranging from data breaches, IoT, cloud security and threat intelligence. RSS
- Threat Post - News and Articles Cloud Security, Malware, Vulnerabilities, Waterfall Security and Podcasts. RSS
- We Live Security - Security news, views, and insight, by ESET + Community. RSS
- The Hacker News - News and info covering Data Breaches, Cyber Attacks, Vulnerabilities, Malware. RSS
- Sophos: Naked Security - Security news and updates, presented in an easy-to-digest format. RSS
- IT Security Guru - Combines top cyber security news from multiple sites, easier to stay up-to-date
- FOSS Bytes - Cyber Security - News about the latest exploits and hacks
-
Cyber Security Infomation
- Heimdal - Personal Cyber Security Tutorials and Articles
- Tech Crunch - Cyber Security 101
- Email Self-Defense - Complete guide to secure email
- Security Planner - Great advise for beginners
- My Shaddow - Resources and guides, to help you take controll of your data
-
Privacy Guides
- EFF SSD - Tips for safer online communications
- Restore Privacy - Tools and guides about privacy and security
- That One Privacy Site - impartial comparisons and discussions
- The Hated One - Privacy and security videos
- 12Bytes - Tech, Privacy and more (Note, sometimes covers controversial topics)
- Pixel Privacy - Online privacy guides
- The Tin Hat - Tutorials and Articles for Online Privacy
- PrivacyTools.io - Tools to protect against mass surveillance
- PrismBreak - Secure app alternatives
- The VERGE guide to privacy - Guides for securing mobile, web and home tech
-
Privacy News
- Spread Privacy - Raising the standard of trust online, by DuckDuckGo
- BringBackPrivacy - Easy-reading, sharable privacy articles
- The Privacy Project - Articles and reporting on Privacy, by the NYT
-
Internet Freedom
- OONI, Internet freedom and analysis on blocked sites
- Internet Health Report - Mozilla is documenting and explaining what’s happening to openness and freedom on the Internet
- Worth Hiding - Posts about privacy, politics and the law
- John Hammond: link Amazing content on Cybersecurity
- IppSec: link Weekly Hackthebox WriteUps
- Conda: link He post videos on how to build and break things in the cybersecurity world. Currently he is a penetration tester and am passionate about helping others learn about and break in to this industry.
- The Cyber Mentor: link I'm a hacker by trade, but this channel will contain various lessons and even off-topic stuff from time to time.
- PwnFunction: link I make Animated Computer Science Videos.
- InsiderPhD: link PhD (Def&Sec) Student investigating Insider Threats using Natural Language Processing at Cranfield University. BSc in Computer Science.
- Alh4zr3d: link Practitioner, scholar, and teacher of the eldritch knowledge of hacking. Cthulhu fhtagn.
- Farah Hawa: link Hi! Welcome to my channel. Join me as I learn new things everyday and share useful resources as I move along in my journey as a hacker.
- HackerSploit: link HackerSploit is the leading provider of free Infosec and cybersecurity training. Our goal is to make cybersecurity training more effective and accessible to students and professionals. We achieve this by providing essential training on how to attack and defend systems with virtual labs and real-world scenarios. We offer individual and corporate training packages in Penetration Testing & Red Team Operations, Web application penetration testing, and cybersecurity awareness training.
- DC CyberSec: link I'm a CyberSec professional who has worked in multiple countries around the world primarily in defensive security and social engineering field operations.
- Cyber Warrior Studios: link I will be using this channel to provide tutorials to fellow security professionals, share my opinion on how companies can improve their network security, and otherwise provide other security information.
- The XSS Rat: link Hello everyone! I'm a full time dad and part time bug bounty hunter. My day job is mostly QA/QC but my heart is at NetSec. Currently a top 50 intigriti all time leaderboard hacker, i want invest my time into helping the community. We need ethical hackers like you in the future. My opinions are mine and mine alone and if you want a pentest from me, so is the content of your hard drive.
- SecAura: link SecAura was created for the distribution of Educational (Ethical) Hacking content, like and subscribe to inspire more content!
- STÖK: link HACKERS GONNA HACK // CREATORS GONNA CREATE
- Eric Belardo - Cyber Security / Raices Cyber: link Cyber Security and Online Safety Expert, Security Professional of 30+ years, USArmy Vet, Recovering CISO
- INEtraining: link From expert level CCIE training, to the many other Cisco certification courses being offered, INE can help you learn at any pace you desire.
- David Bombal: link On this channel, He discuss Python, Ethical Hacking, Networking, Network Automation, CCNA, Virtualization and other IT related topics.
- Tech69: link He post on Web, Red team, CSharp, Python and other general security related videos
Some Great Cybersecurity & Hacking Documentaries Recommendations!
- We Are Legion – The Story Of The Hacktivists
- 21st Century Hackers
- Hackers Wanted
- Hackers in wonderland
- The Internet’s Own Boy: The Story Of Aaron Swartz
- Def Con: The Documentary
- Hackers Are People Too
- Secret History Of Hacking
- Risk (2016)
- Zero Days (2016)
- Guardians Of The New World (Hacking Documentary) | Real Stories
- A Origem dos Hackers
- The Great Hack
- The Networks Dilemma
- Web Warriors
- Cyber War - Dot of Documentary
- CyberWar Threat - Inside Worlds Deadliest Cyberattack
- The Future of Cyberwarfare
- Dark Web Fighting Cybercrime Full Hacking
- Cyber Defense: Military Training for Cyber Warfare
- Hacker Hunter: WannaCry The History Marcus Hutchin
- The Life Hacker Documentary
- Hacker The Realm and Electron - Hacker Group
- Chasing Edward Snowden
- The Hacker Wars
- Hackers World
- In the Realm of the Hackers
- The Pirate Bay Away From Keyboard
- Wannacry: The Marcus Hutchins Story
- THE INSIDE LIFE OF A HACKER
- High Tech Hackers Documentary
- Drones, hackers and mercenaries - The future of war
- Darknet Diaries by Jack Rhysider: Stories from the dark sides of the internet.
- CYBER by Motherboard: News and analysis about the latest cyber threats
- The Privacy, Security, & OSINT Show by Michael Bazzell: Comprehensive guides on Privacy and OSINT
- Smashing Security by Graham Cluley and Carole Theriault: Casual, opinionated and humerous chat about current cybersecurity news
- IRL Podcast by Mozilla: Online Life is Real Life, Stories about the future of the Web
- Random but Memorable by 1Password - A Security advice podcast
More Security Podcasts on player.fm
More Podcasts (Verification Required): Naked Security | Open Source Security Podcast | Defensive Security Podcast | Malicious Life | Down the Security Rabbit Hole | Cyber Wire | Hacking Humans | Security Now | Cyber Security Interviews | Security Weekly | The Shared Security Podcast | Risky Business | Crypto-Gram Security Podcast | Off the Hook | Opt Out Podcast
(Remember to be nice there, don't be rude or annoying, etc. Act like an adult)
- Reverse Engineering discord - Do Not discuss game hacking in this Discord or you will be banned.
- Capture the Flag discord - CTF community
- Secret club public discord - Administered by Carl Schou and Derek Rynd.
- gynvael's server - administered by gynvael.
- Day0 podcast server - administered by zi and Specter.
- Awesome Fuzzing - fuzzing enthusiasts.
- Back.engineering server - administered by xeroxz.
- osdev server - I don't know this server, but it's popular.
-
General
- You are being watched by The New York Times
- The Power of Privacy by The Guardian
- Why Privacy matters, even if you have nothing to hide by The Hated One
- The Unhackable Email Service by Freethink
- NSA Whistleblower: Government Collecting Everything You Do by Empire Files
-
Cryptography
- Advanced Into to GnuPGP by Neal Walfield (walfield.org)
-
TED Talks
- How Online Trackers Track You, and What To Do About It by Luke Crouch
- Why you should switch off your home WiFi by Bram Bonné
- Why Privacy Matters, by Glenn Greenwald
- Fighting viruses, defending the net, by Mikko Hypponen
- The 1s and 0s behind cyber warfare, by Chris Domas
- State Sanctioned Hacking - The Elephant in the Room - Historic, economic and demographic overview of the growing threat to the U.S. from Chinese cyber invasions, by Frank Heidt
- How the IoT is Making Cybercrime Investigation Easier - How our data is changing the nature of "evidence" in digital forensics, by Jonathan Rajewski
- Online Privacy Doesn't Exist - The unexpected dangers our digital breadcrumbs can lead to, by Denelle Dixon
- Data is the new gold, who are the new thieves? - Introduction and demonstration of the power of data, by Tijmen Schep
-
Conferences
- DEF CON 27 - Collection of talks from DEF CON 2019, Vegas
- RSA Conference - Collection of security talks from the RSA conferences
- Administraitor.video - A regularly updated collection of new and interesting security confrence talks
-
Misc
- Through a PRISM, Darkly - Everything we know about NSA spying, by Kurt Opsahl
- What it REALLY takes to have True Privacy in the 21st Cen by @MalcomVetter
See also: awesome-sec-talks by @PaulSec
-
Research Results
- Internet Census Data - Includes data on address space allocation, traffic, DNS, service enumeration, internet outages and other internet topology data
- Web Tracking Data by Princeton University - This is the largest and most detailed analysis of online tracking to date, and measures both stateful (cookie-based) and stateless (fingerprinting-based) tracking. The crawls were made with OpenWPM
- Who has your Back? by EFF - Anual report assessing how companies handle personal data
- Lists of Websites Abusing Session Replay - Third-party sesssion replay scripts, record all your acions and allow them to be watched by a human. This list of websites include this
- Sensor Access Data - A Crawl of the Mobile Web Measuring Sensor Accesses, Illinois
- Canalys Newsroom - Research Studies on Security, Privacy, Technology and Finance
- Data Never Sleeps - An infographic visualizing how much data is generated every minute (2019)
- What they Know about You - An Infographic showing what information are Giant Tech Companies collecting from you (2020)
-
Databases
- Exodus - Trackers in Android Apps
- Exploit Database - A database or Current software vulnerabilities
- URLScan - Service scanning for malicious domains, with historical results
- Dehashed - Data Breaches and Credentials
- VirusTotal - Detailed virus scans of software
- Abuse IP DB - Database of IPs reported for abuse
- SnusBase - Long standing database hosting breached data
- OpenPhish - A feed of current phishing endpoints
- HashToolkit - Database of 'cracked' hashes
- SecLists - Starter list of leaked databases, passwords, usernames etc (Great for programming)
- Qualys SSL Pulse - A continuous and global dashboard for monitoring the quality of SSL / TLS support over time across 150,000 SSL - and TLS-enabled websites, based on Alexa’s list of the most popular sites in the world
- Tor Bulk Exit List - List of all exit nodes (IP) in use on the Tor network
-
Fun with Live Data 🌠
-
Internet
- Tor Flow - Real-time data flow between Tor nodes
- Internet Census - 24-hour world map of average utilization of IPv4 addresses
- ICMP ping requests were sent out via the Carna botnet. Read how this was done on the Official Site or download similar datasets
- Map of Mobile Internet - Shows world data coverage, according to Twitter data
- IKnow - Live data showing what content is being downloaded + distributed via torrents
- Semantic Internet Map - Shows how different websites link together
- Wiggle - Worlds largest WiFi Map showing personal hotspot statistics geographically
- BGP Stream - Shows all current outages
- Freedom House - Censorship Map - Global internet freedom and democracy status per country, over time
- DomainTools Statistics - Domain registration Numbers and Charts
- Insecam - A directory and feed of insecure or public live webcams
-
Cyber
- Checkpoint - Geographical plotting of Malware, Phishing and Exploits
- Comparitech Ransomware Attack Map - Geographically plotted ransomware attacks and stats
- FortiGuard - Incoming & Outgoing Attacks per Country
- Kaspersky Stats - Shows detailed threats per second from a variety of categories
- Kaspersky LogBook - Historic Threat Time Line
- See also
- Every AV-provider and wannabe security company has a matrix-style cyber map nowadays, here are some less-spectacular ones, which didn't make it onto the list: Fire Eye, BitDefender, ESET, Looking Glass Cyber Map, Digital Attack Map
- pewpew is a sweet web component, that you can use to build your own threat map (with sound effects!)
-
Unrelated, but Awesome Data
- Submarine Cable Map - An up-to-date map of major global internet cables (see also he.net and this)
- FlightRadar24 - World-wide map of live aircraft positions
- Marine Traffic - World-wide map of live ships, tankers, cargo & passenger vessels and more
- Stuff in Space - Shows objects orbiting Earth
- Asterank - A scientific and economic database of over 600,000 asteroids
- Flight Misery Map - Real-time US geographical flight delay & cancellation trends
- Meteor Showers - Shows commit locations, simulating meteor showers with time
- Airport WiFi Map - Shows WiFi networks and their passwords for airports around the world
- One in a Million - A real-time Twitter map
- ListenToWikipedia - Wikipedia edits, represented by a tone, depending on size, built by Hatnote
- BitListen - Real-time BTC transactions, represented by bubbles and tones
- FiatLeak - Real-time crypto stats
- Google Search Terms - Hourly Google Search Trends, in your location
- Sentiment Sweep - Geographic sentiment analysis on real-time Twitter data (- I made this one)
- Three Thousand Years - Shows major events throughout history, using Wikipedia data
- Wiki-Atlas - Wikipedia articles, categorized and plotted on a map
- ncov2019/live - Real-time Covid-19 data, map and dashboard (by Avi Schiffmann)
- National Grid: Live Status - Real-time UK energy stats (by Kate Morley) (similar to Grid Watch)
- Globe of Economic Complexity - Visualize's 15 Trillion dollars of world trade, where each dot is $100,000,000 of export
-
Interested in discovering more awesome real-time data visualizations? Check out this post, here 🌠
-
Journals
- Rethinking information privacy‐security: Does it really matter? By Waseem Afzal: via Wiley
- Crypto Paper: Privacy, Security, and Anonymity For Every Internet User, by Crypto Seb: via GitHub
- Challenges in assessing privacy impact, Tales from the Front Line: via Wiley
- A privacy‐preserving multifactor authentication system: via Wiley
- Web Browser Privacy: What Do Browsers Say When They Phone Home?: via scss.tcd.ie
- Online Tracking, A 1-million-site Measurement and Analysis: via Princeton University
- Detecting and Defending Against Third-Party Tracking on the Web: via Franziska Roesner
- Is Google degrading search? Consumer Harm from Universal Search: via law.berkeley.edu
- A Comprehensive Evaluation of Third-Party Cookie Policies: via WhoLeftOpenTheCookieJar.com
- The Dangers of Surveillance: via Harvard Law Review
- Recognizing Speech From Gyroscope Signals: via Stanford
- A Study of Scripts Accessing Smartphone Sensors: via sensor-js.xyz
- Pixel Perfect, Fingerprinting Canvas in HTML5: hovav.net
- Shining the Floodlights on Mobile Web Tracking — A Privacy Survey: via semanticscholar.org
- Characterizing the Use of Browser-Based Blocking Extensions To Prevent Online Tracking: via aruneshmathur.co.in
- Privacy implications of email tracking: via senglehardt.com
- Battery Status Not Included, Assessing Privacy in Web Standards: via princeton.edu
- Achieving Anonymity Against Major Face Recognition Algorithms: via ruhr-uni-bochum.de
- De-anonymizing Web Browsing Data with Social Networks: via princeton.edu
- The Surveillance Implications of Web Tracking: via senglehardt.com
- Understanding Facebook Connect login permissions: via jbonneau.com
- Corporate Surveillance in Everyday Life, How Companies Collect, Combine, Analyze, Trade, and Use Personal Data on Billions: By Wolfie Christl, via crackedlabs.org
- Using Ad Targeting for Surveillance on a Budget: via washington.edu
- Cross-Site WebSocket Hijacking: via christian-schneider.net
- Location Tracking using Mobile Device Power Analysis: scribd.com
- HORNET, High-speed Onion Routing at the Network Layer: via arxiv.org
- Decoy Routing: Toward Unblockable Internet Communication: via usenix.org
- Trackers Vs Firefox, Comparing different blocking utilities: via GitHub - @jawz101
- 'I've Got Nothing to Hide' and Other Misunderstandings of Privacy: via ssrn.com
-
Write-Ups
- Privacy - An Encyclopedic Definition and Background stanford.edu
-
Implementations and Standards
- The GNU Privacy Guard
- OpenPGP JavaScript Implementation
- WireGuard
- Nym - Next Generation of Privacy infrastructure
- REC-X.509 - The standard defining the format of public key certificates, used across most internet protocols and applications
- obfs4-spec & obfs3-protocol-spec - The Tor obfourscator and Pluggable transport for obfuscated traffic
- Contract for the Web
- Electronic Frountier Foundation - Defending digital privacy + more
- OWASP Foundation
- Freedom House - Fighting for freedom on the net
- Privacy International
- Open Tech Fund
- Freedom of the Press Foundation
- Open Rights Group
- LEAP Encryption Access Project
- The Guardian Project
- Foundation for Applied Privacy
- Safe + Secure - advise for journalists and film makers
- Citizen Lab
- Electronic Privacy Information Center
- American Civil Liberties Union
- Free Software Foundation
- Calyx Institute - Brooklyn-based organisation, aiming to educate the public about privacy in digital communications
- Courage Foundation - Supports those who risk life / liberty to make significant contributions to the historical record
- Fight for the Future - Fighting for a future where technology liberates
- Public Citizen - Standing up to corporate power and hold the government accountable
- The DNS Privacy Project - Collaborative open project to promote, implement and deploy DNS Privacy
- Epic - Washington DC-based organisation raising attention to emerging privacy and civil liberties issues
- Trusted software reccomendations and avice for privacy: privacytools.io
- Tips and tricks, for internet freedom, data health and privacy: datadetoxkit.org
- Digital security tools and tactics: securityinabox.org
- Online privacy guide, and software reccomendations: via Fried
- Guide to security through encryption: via ProPrivacy
- Large collection of beginner security guides: Heimdal Security
- The Motherboard guide to not getting hacked: via Vice
- Online anonimity, and Tor + VPN tutorials: via ivpn
-
Awesome Open Source Apps
- awesome-windows-apps by 'many'
- awesome-macOS-apps by @iCHAIT
- awesome-linux-software by @luong-komorebi
- open-source-ios-apps by @dkhamsing
- open-source-android-apps by @pcqpcq
- awesome-selfhosted by 'many'
- privacy-respecting by @nikitavoloboev
- awesome-privacy by @KevinColemanInc
- privacy-respecting-software by @lissy93
-
Guides
- MacOS-Security-and-Privacy-Guide by @drduh
- YubiKey-Guide by @drduh
- Debian-Privacy-Server-Guide by @drduh
- personal-security-checklist by @lissy93
-
Security Links (Hacking / Pen Testing / Threat Inteligence / CFTs)
- Security_list by @zbetcheckin
- awesome-security by @sbilly
- awesome-sec-talks by @PaulSec
- awesome-threat-intelligence by @hslatman
- awesome-incident-response by @meirwah
- awesome-anti-forensic by @remiflavien1
- awesome-malware-analysis by @rshipp
- awesome-lockpicking by @fabacab
- awesome-hacking by @carpedm20
- awesome-honeypots by @paralax
- awesome-forensics by @cugu
- awesome-pentest by @enaqx
- awesome-ctf by @apsdehal
- awesome-osint by @jivoi
- SecLists by @danielmiessler
- Infosec_Reference by @rmusser01
-
Misc
- awesome-crypto-papers by @pFarb
-
Awesome Lists of Awesome Lists
- Reddit/HowToHack Learn and ask about hacking, security and pen testing.
- Reddit/hacking Discuss about hacking and web security.
- ax0nes Hacking, security, and software development forum.
- 0Day.rocks on discord Discord server about the 0day.rocks blog for technical and general InfoSec/Cyber discussions & latest news.
- Reddit/AskNetsec Discuss about network security, ask professionals for advices about jobs and stuff.
- Vulnhub - Has a lot of VMs to play with. Some are beginner friendly, some aren't.
- Itsecgames - bWAPP or buggy web app is a deliberately insecure web application.
- Dvwa - Damn Vulnerable Web Application is another deliberately insecure web application to practice your skills on.
- Hackthissite - A site which provides challenges, CTFs, and more to improve your hacking skills.
- Defend the Web - Defend the Web is an interactive security platform where you can learn and challenge your skills.
- Root-me - Another website which hosts challenges to test your hacking skills.
- HackTheBox - An online platform to test and advance your skills in penetration testing and cyber security.
- Overthewire - Learn and practice security concepts in the form of fun-filled games.
- Ctftime - The de facto website for everything CTF related.
- TryHackMe - TryHackMe is a free online platform for learning cyber security, using hands-on exercises and labs.
- PicoCTF - Provides you with fun CTF challenges of varying levels of difficulty to practice on.
If you are new, you should start with high school level and eventually level up to college level.
- NSA Codebreaker challenge
- CSAW RED (high school level) - Formerly known as CSAW HSF
- CSAW CTF (college level)
For more details about CTF here. Complete list of how many type of CTF present on the internet.
- pwn.college - Guide written by Zardus and adam doupe, former organisers of DEF CON CTF
- Gatech Sslab CS 6265: InfoSec Lab - GREAT resource on intro to binex.
- how2heap - intro to glibc heap exploitation
- Dhaval Kapil's heap explotation guide - intro to glibc heap exploitation. slightly outdated but still good
- http://pwnable.tw/ - more pwnables
- https://microcorruption.com/login
- Extreme Vulnerable Driver - a vulnerable driver you can learn to pwn drivers with
- Pointers for REAL dummies - This is how I finally understood pointers when I was 12 years old. GREAT guide and it will teach you about C and what is memory.
- Fl33p's CS:S bunnyhop hack tutorial (YT) - A bit outdated but this is what helped me finally understand how to use a debugger and Cheat Engine and Visual Studio. The explanations are not 100% accurate but most importantly it is really beginner friendly for noobs
- godbolt.org Compiler Explorer - Good to learn what code looks like when it gets compiled
- Reverse Engineering Stack Exchange - Good place to figure out how to do something in IDA Pro.
- osdev wiki - Has some outdated or inaccurate info, but usually a good starting point.
- LWN - Linux internals
- /r/securityCreators/
- zSecurity Twitter
- phrack magazine
- Python 3 - hacker's best friend
- x64dbg - Windows userland debugger
- Process Hacker
- IDA Pro (or Ghidra) - disassembler
- HxD - hex editor
- Cheat Engine - memory hacking tool
- CFF explorer - PE editor
- Windows Calculator, MSpaint, and notepad
- diffchecker.com
- cyberchef - data processing multitool
- Sublime Text
- Sysinternals suite
- mitmproxy
- Wireshark
- WinDbg - for Windows kernel debugging
- Pestudio - pe dissector and triage tool
- ReClassEx - in-memory struct dissector
- 010 hex editor - fancier, but paid, hex editor. I don't use this often but it's popular
- JDA Java disassembler - for Java applications
- dnSpy - for .NET applications
- apktool - for Android shit
- java-deobfuscator - written by samczsun who is smart as hell
- de4dot - .NET deobfuscator
- Detect It Easy (DIE) - detect compiler and packers. I don't often use this since I can usually recognize by experience
- Sage - for cryptography
- Proxifier - basically proxychains for Windows
- Check and Test
- εxodus - Check which trackers any app on the Play Store has
- Have I been Pwned and Dehashed - Check if your details have been compromised
- Redirect Detective - Check where a suspicious URL redirects to
- Botometer - An AI script to check if a certain username is a bot
- Utilities
- Privacy.sexy - A collection of commands you can run to impplement best prctices on Windows or MacOS
- ExifRemove - Remove Meta/ EXIF data online
- Secure Password Check - Fun little tool, to demonstrate how long it could take to crack a password
- 33Mail or Anonaddy or SimpleLogin Protect your email address, by auto-generating unique permeant aliases for each account, so all emails land in your primary inbox
- Deseat Me - Clean up your online presence
- Anti-Tracking Analysis
- Panopticlick - Check if, and how your browser is tracking you
- Browser Leaks - Check which information is being leaked by your browser
- DNSLeakTest - Check for and fix a DNS leak
- IP Leak - IP Leak test
- Am I Unique? - If your fingerprint is unique, then websites can track you
- Qualys SSL Client Test - Check the SSL/TLS capabilities of your browser
- Phishing, Hacking and Abuse
- VirusTotal - Analyse a suspicious web resource for malware
- ScamAdviser - Check if a website is a scam, before buying from it
- Abuse IP DB - Report an IP address for abuse, spam or attacks, and check the status of any IP
- Phish Tank - Check if a link is a known phishing URL, Submit a phishing URL, browse recent phishing URLs
- Is It Hacked? - Check if a website or page appears to be hacked, hijacked or generally suspicious
- IP Tools
- I Know What You Download - Shows torrents that have been downloaded or distributed from your IP address
- Hetrix Tools - Blacklist Check - Check if your Domain or IP appears on any common blacklists
- Check: The Tor Project - Check if your connected via Tor, and diagnose issues
- Public Domain and Website Scanning Tools
- URL Scan - Scan and analyse websites, shows IP, DNS, domain and host data, as well as info about resources and requests
- Security Trails - Shows all DNS records, historical DNS data and sub domains
- crt.sh - Shows current and previous SSL/ TLS certificates for a given domain, has advanced search option
- Virus Total - Scans any URL, web asset or file for malware
- DomainTools WhoIs - Who Is Lookup. Check who registered a domain name, and find contact details
- Pentest Tools Vulnerability Scanner - Light scan searches for client and server-side vulnerabilities and missing HTTP security headers
- Qualys SSL Server Test - Perform a deep analysis of the configuration of any SSL web server on the public Internet
- Abuse IP DB - Check if an IP or domain has been reported for abuse, or file a report
- RIPEstat - Detailed analysis of IP Addresses (Routing, DNS, Abuse History, Activity etc)
- Multirbl - Complete IP check for sending Mailservers
- IPVoid - Full suit of Domain, IP, and DNS tools for Tracing, Lookup, Checking and Pinging
- Net Neutrality
- Blocked by ORG - Check if your website is blocked by certain ISPs
- Data Rights Finder - Find, understand and use information from privacy policies
- Down For Everyone Or Just Me - Quickly determine if a website is down, or just unavailable for you
- Anonymous Services - The following sites host a veriety of anonymous online services
- Archives
- The Way Back Machine - See previous versions of any website. An archive of 431 billion snapshots over 20 years
- PolitiTweet - Archives Tweets from powerful public figures, and records silent retractions and deleted tweets
- Internet Archive Software Collection - The largest vintage and historical software library
- OpenLibrary - A free, digital library of over 2 million eBooks, and information on over 20 million books
- Archive-It - Collecting and accessing cultural heritage on the web
- HexRaysPyTools - must-have
- ClassInformer - RTTI parser (for Win32)
- ret-sync
- Labelless
- abyss
- ScyllaHide - Anti-anti-debug
- xHotspots - Sometimes useful for reversing GUI shit
- Intel Manual volume 3 - they say that every question you have is answered somewhere in this book. the question is where to find it. and also how to understand it. since this shit is not easy nor fun to read. sometimes if you ask some stupid question people will tell you to go read the intel manual. it's an advanced way to tell people to fuck off.
- Hacker's Delight - bit hacking tricks, you see them used by compilers often. Division constants
- Dragon Book - popular compilers textbook
- SSA book - resource for advanced topics on single static assignment form in compilers
- Devbreak on Twitter
- The Life of a Security Researcher
- Find an awesome hacking spots in your country
- Awesome-Hacking Lists
- Crack Station
- Exploit Database
- Hackavision
- Hackmethod
- Packet Storm Security
- SecLists
- SecTools
- Smash the Stack
- Don't use VPN services
- How to Avoid Becoming a Script Kiddie
- 2017 Top 10 Application Security Risks
- Starting in cybersecurity ?