Some of the best general resources available on all things cybersecurity.

General

  • Google Project Zero [Formed in 2014, Project Zero is a team of security researchers at Google who study zero-day vulnerabilities]
  • Didier Stevens [Didier Stevens @DidierStevens personal blog]
  • Mubix [Mubix “Rob” Fuller personal blog]
  • Portswigger [Burpsuite blog]
  • NetSPI [Penetration testing articles]
  • Buffered IO [OJs Blog – a security guy trying to make the world a better place, one hack at a time.]
  • Rapid7 Blog [Rapid7 blog]
  • Silent Signal [@SilentSignalHU blog]
  • Minded Security [Minded Security’s blog is focus on supporting businesses and organizations to build secure products and services.]
  • Carnal 0wnage [Chris Gates @carnal0wnage personal blog]
  • Skull Security [“Just another security weblog”]
  • Wouter Coekaerts [@WouterCoekaerts personal blog]
  • Corelan [Corelan Team is a group of IT Security researchers]
  • Harmj0y [@harmj0y personal blog]
  • SpiderLabs [This is the security community’s go-to destination for technical breakdowns of the latest threats, critical vulnerability disclosures and cutting-edge research.]
  • IOActive [Thought leaders in information security, we conduct radical, world-changing research and deliver renowned presentations around the world.]
  • nvisium [nVisium’s company blog]
  • lcamtuf [lcamtuf’s personal blog]
  • BugCrowd [Bugcrowd is a crowdsourced security platform.]
  • pwntester [Security Researcher blog]
  • Crypto Fails [Showcasing bad cryptography.]
  • HackerOne [HackerOne is a vulnerability coordination and bug bounty platform that connects businesses with penetration testers and cybersecurity researchers.]
  • RIPTutorial [ Learn programming through books and examples]
  • Internet Archive [Search the history of over 544 billion web pages on the Internet.]
  • Pentestmonkey [Penetration testing blog]
  • EdX [Cybersecurity Courses online courses (some are free)]
  • Cybrary [Online video courses with hands on labs]
  • FedVTE [Free online cybersecurity training for federal, state, local, tribal, and territorial government employees, federal contractors, and US military veterans.]
  • ITProTV [Online video courses]
  • PentesterLab [Hands on pen testing labs]
  • PicoCTF [Free computer security training game platform]
  • CTFChallenege [CTFchallenge is a collection of 12 vulnerable web applications, each one has its own realistic infrastructure]
  • Brute XSS [Master the art of Cross Site Scripting.]
  • KNOXSS [KNOXSS IS AN ONLINE XSS TOOL WITH DEMONSTRATION OF VULNERABILITY.]
  • DigiNinja [Tools or patches DigiNinja created and released to the security community.]
  • Termbin.com [command line pastebin – easy way to share your terminal output.]
  • SecLists [It’s a collection of multiple types of lists used during security assessments]
  • CeWL [Custom Word List generator]
  • Crunch [generates complex and exhaustive wordlists using custom patters and permutations.]
  • Lime Proxies [proxy servers]
  • Squid Proxies [proxy servers]
  • ProxyChains [allows to run any program through HTTP or SOCKS proxy]

OSINT

  • OSINT Framework [Excellent resource for investigators and penetration testers]
  • OSINT.link [Resource of links, search engines, and web directories designed to gather information.]
  • IntelTechniques [OSINT services]
  • Hunchly [Hunchly automatically collects, documents, and annotates every web page you visit.]
  • Storm Proxies [Proxy auto rotate tool to avoid detection]

Cryptocurrencies