PLEXTRAC RESOURCE

2023 Hacking
Resources
Name URL or Full Name Comments

GETTING STARTED

Reddit NetSec Getting Started
Mubix’s curated list of Infosec
newbie resources
Drunkrhin0’s Medium article
https://www.reddit.com/r/netsec/wiki/start Historically a very good resource, but it
was last updated 4 years ago
https://gist.github.com/mubix/5737a066c8845d25
721ec4bf3139fd31#file-infosec_newbie-md @mubix (Rob Fuller), a is red teamer turned purple
teamer. He started his career in the United States
Marine Corps working with explosives and has
gone on to have a highly successful career in the
security industry working at companies like
Rapid7, GE, Uber, Cruise Automation and now
Black Hills Information Security
https://medium.com/heck-the-packet/a-graduates-
thoughts-how-to-get-started-in-information-security-and-
cyber-security-d01a1efaed0f

Daniel Miessler - How to Build

a Cybersecurity Career https://danielmiessler.com/blog/build-successful-infosec-career/

Starting an InfoSec Career –

The Megamix - Lesley Carhart https://tisiphone.net/2015/10/12/starting-an-infosec-career-the-megamix-chapters-1-3/

Starting an InfoSec Career –

The Megamix - Lesley Carhart https://tisiphone.net/2015/11/08/starting-an-infosec-career-the-megamix-chapters-4-5/

SANS Cyber Aces https://www.cyberaces.org/courses.html

Cybrary https://www.cybrary.it/course/introduction-to-it-and-cybersecurity/

Coursera https://www.coursera.org/specializations/intro-cyber-security

SOCIAL WEB SITES

YouTube https://www.youtube.com/results?search_query=infosec See the YouTube section for a selection of content

creators in cybersecurity

Twitter https://twitter.com/search?q=infosec

Reddit https://www.reddit.com/r/netsec/

CHEAT SHEETS

Awesome Penetration Testing https://github.com/enaqx/awesome-pentest Last updated 2 years ago

Pentest Cheat Sheet https://github.com/SecuProject/Pentest-Cheat-Sheet

Pentest Cheat Sheet https://github.com/alexelefth/pentest-cheatsheet

Pentest Cheat Sheet https://github.com/dmtaddict/Pentest-cheatsheet In Russian

Mobile Application Penetration
Testing Cheat Sheet
https://github.com/armourinfosec/
Offensive-Pentesting-Host
https://github.com/tanprathan/MobileApp-
Pentest-Cheatsheet
Penetration testing tools cheat sheet, a quick
reference high level overview for typical
penetration testing engagements. Convenient
commands for your pentesting / red-teaming
engagements, OSCP and CTFs.

Awesome Mobile Application

Penetration Testing https://github.com/ByteHackr/AwesomeMobilePentest

Cyber Security Cheatsheets https://github.com/tevers200/cyber-security-cheatsheets

omegaspard-pentest-cheat-sheet https://github.com/omegaspard/omegaspard-pentest-cheat-sheet

Penetration testing tools cheat sheet https://github.com/TristanGitHub/Penetration-Testing

Repository containing useful

commands https://github.com/Moumi/Penetration-Testing

PENTEST LABS

OWASP Vulnerable Web

Applications Directory https://owasp.org/www-project-vulnerable-web-applications-directory/

Damn Vulnerable Web App (DVWA) http://www.dvwa.co.uk/

WebGoat.NET https://github.com/jerryhoff/WebGoat.NET/

PentesterLab https://pentesterlab.com/

Butterfly Security Project http://thebutterflytmp.sourceforge.net/

Foundstone Hackme Bank http://www.mcafee.com/us/downloads/free-tools/hacme-bank.aspx

Foundstone Hackme Books http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx

Foundstone Hackme Casino http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx

Foundstone Hackme Shipping http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx

Foundstone Hackme Travel http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx

LAMPSecurity http://sourceforge.net/projects/lampsecurity/

WackoPicko https://github.com/adamdoupe/WackoPicko

BadStore http://www.badstore.net/

WebSecurity Dojo http://www.mavensecurity.com/web_security_dojo/

BodgeIt Store http://code.google.com/p/bodgeit/

hackxor http://hackxor.sourceforge.net/cgi-bin/index.pl

SQLol https://github.com/SpiderLabs/SQLol

CryptOMG https://github.com/SpiderLabs/CryptOMG

XMLmao https://github.com/SpiderLabs/XMLmao

GameOver http://sourceforge.net/projects/null-gameover/

Zap WAVE http://code.google.com/p/zaproxy/downloads/detail?name=zap-wave-0.1.zip

PuzzleMall http://code.google.com/p/puzzlemall/

VulnApp http://www.nth-dimension.org.uk/blog.php?id=88

sqli-labs https://github.com/Audi-1/sqli-labs

SocketToMe https://digi.ninja/projects/sockettome.php

Gh0st Lab http://www.gh0st.net/

Hack This Site http://www.hackthissite.org/

HackThis http://www.hackthis.co.uk/

HackQuest http://www.hackquest.com/

Hack.me https://hack.me

Hacking-Lab https://www.hacking-lab.com

Hacker Test http://www.hackertest.net/

Hax.Tor http://hax.tor.hu/

OverTheWire http://www.overthewire.org/wargames/

Root Me http://www.root-me.org/?lang=en

Security Treasure Hunt http://www.securitytreasurehunt.com/

Smash The Stack http://www.smashthestack.org/

ThisIsLegal http://thisislegal.com/

MOBILE APPS

ExploitMe Mobile Android Labs http://securitycompass.github.io/AndroidLabs/

ExploitMe Mobile iPhone Labs http://securitycompass.github.io/iPhoneLabs/

OWASP iGoat http://code.google.com/p/owasp-igoat/

OWASP Goatdroid https://github.com/jackMannino/OWASP-GoatDroid-Project

Damn Vulnerable iOS App (DVIA) http://damnvulnerableiosapp.com/

Damn Vulnerable Android App (DVAA) https://code.google.com/p/dvaa/

Damn Vulnerable FirefoxOS

Application (DVFA) https://github.com/pwnetrationguru/dvfa/

NcN Wargame http://noconname.org/evento/wargame/

Hacme Bank Android http://www.mcafee.com/us/downloads/free-tools/hacme-bank-android.aspx

CLOUD SECURITY

AWS https://aws.amazon.com/blogs/training-and-certification/
tag/free-training/ Learn from AWS experts. Advance your skills and
knowledge. Build your future in the AWS Cloud.
For free.

AWS https://explore.skillbuilder.aws/learn AWS Skill Builder. Your learning center to build

in-demand cloud skills.
Azure https://docs.microsoft.com/en-us/learn/azure/

Google Cloud https://cloud.google.com/training/learning-path-offer Cloud OnBoard is a free, online training where

instructors will lead hands-on labs and test your
skills with quizzes and games.

Everything Cloud https://www.youtube.com There is a plethora of free content on all things

cloud, from official AWS, GCP, and Azure training,
to tips and tricks from some of the leading
administrators and sysadmins in the field.

CONTAINERS

Docker https://www.udemy.com/courses/search/?price=
price-free&q=Docker&sort=relevance&src=ukw Docker Containers courses.

HOUDINI https://github.com/cybersecsi/HOUDINI

Kuberetes https://www.udemy.com/topic/kubernetes/free/ Free Kubernetes courses and tutorials.

BUG BOUNTIES

Bugcrowd https://www.bugcrowd.com/bug-bounty-list/

HackerOne https://hackerone.com/bug-bounty-programs

Open Bug Bounty https://www.openbugbounty.org/

Synack https://www.synack.com/

Facebook https://www.facebook.com/whitehat

GitHub https://bounty.github.com/

Microsoft https://www.microsoft.com/en-us/msrc/bounty

Bug Hunter’s Methodology https://www.youtube.com/watch?v=uKWu6yhnhbQ

CERTIFICATIONS

eLearn Security https://elearnsecurity.com/

eCDFP Certification Certified Digital Forensics Professional

eCIR Certification Certified Incident Responder

eCMAP Certification Certified Malware Analysis Professional

eCPPTv2 Certification Certified Professional Penetration Tester

eCPTXv2 Certification Certified Penetration Tester eXtreme

eCRE Certification Certified Reverse Engineer

eCTHPv2 Certification Certified eXploit Developer

eCXD Certification Certified eXploit Developer

eJPT Certification Junior Penetration Tester https://github.com/grumpzsux/eJPT-Notes/

eMAPT Certification Mobile Application Penetration Tester

eNDP certification Network Defense Professional

eWDP Certification Web Defense Professional

eWPT Certification Web application Penetration Tester

eWPTXv2 Certification Web application Penetration Tester eXtreme

CompTIA https://www.comptia.org/certifications/

IT Fundamentals Basic IT

A+ Core IT

Network+ IT Infrastructure

Security+ Core Cybersecurity

Linux+ Linux Administration

Server+ Server Administration

Cloud+ Cloud Administration

CySA+ Cybersecurity Analyst

CASP+ Advanced Security Practitioner

PenTest+ Penetration Tester

Data+ Data Analytics

Project+ Project Management

CTT+ Certified Technical Trainer

Cloud Essentials+ Business in the Cloud

GIAC https://www.giac.org/

GSEC GIAC Security Essentials

GCIA GIAC Certified Intrusion Analyst

GICSP GIAC Global Industrial Cyber Security Professional

GWAPT GIAC Web Application Penetration Tester

GREM GIAC Reverse Engineering Malware

GPEN GIAC Penetration Tester

GCIH GIAC Certified Incident Handler

GSOM GIAC Security Operations Manager

GCFA GIAC Exploit Researcher and Advanced Penetration Tester

GXPN GIAC Exploit Researcher and Advanced Penetration Tester

GISP GIAC Information Security Professional

GLEG GIAC Law of Data Security & Investigations

GCPM GIAC Certified Project Manager

GWEB GIAC Certified Web Application Defender

GSOC GIAC Security Operations Certified

GSNA GIAC Systems and Network Auditor

GSLC GIAC Security Leadership

GRID GIAC Response and Industrial Defense

GPYC GIAC Python Coder

GPCS GIAC Public Cloud Security

GOSI GIAC Open Source Intelligence

GMON GIAC Continuous Monitoring Certification

GMOB GIAC Mobile Device Security Analyst

GISF GIAC Information Security Fundamentals

GNFA GIAC Network Forensic Analyst

GFACT GIAC Foundational Cybersecurity Technologies

GEVA GIAC Enterprise Vulnerability Assessor

GDSA GIAC Defensible Security Architecture

GDAT GIAC Defending Advanced Threats

GCWN GIAC Certified Windows Security Administrator

GCTI GIAC Cyber Threat Intelligence

GCSA GIAC Cloud Security Automation

GCPN GIAC Cloud Penetration Tester

GCLD GIAC Cloud Security Essentials

GCIP GIAC Critical Infrastructure Protection

GCFE GIAC Certified Forensic Examiner

GCED GIAC Certified Enterprise Defender

GCDA GIAC Certified Detection Analyst

GCCC GIAC Critical Controls Certification

GAWN GIAC Assessing and Auditing Wireless Networks

GBFA GIAC Battlefield Forensics and Acquisition

GASF GIAC Advanced Smartphone Forensics

CDPSE Certified Data Privacy Solutions Engineer

ISACA https://www.isaca.org/

CISA Certified Information Systems Auditor

CRISC Certified in Risk and Information Systems Control

CISM Certified Information Security Manager

CGEIT Certified in the Governance of Enterprise IT

CSX-P Cybersecurity Practitioner Certification

CDPSE Certified Data Privacy Solutions Engineer

ITCA Information Technology Certified Associate

CET Certified in Emerging Technology Certification

Offensive Security https://www.offensive-security.com/

OSCP Offensive Security Certified Professional

OSEP Offensive Security Experienced Penetration Tester

OSED Offensive Security Exploit Developer

OSMR Offensive Security macOS Researcher

OSEE Offensive Security Exploitation Expert

OSDA Security Operations and Defensive Analysis

OSWP Offensive Security Wireless Professional

OSWE Offensive Security Web Expert

OSWA Offensive Security Web Assessor

EC-Council https://www.eccouncil.org/

CEH Certified Ethical Hacker

CND Certified Network Defender

CEH-Master Certified Ethical Hacker-Master

CTIA Certified Threat Intelligence Analyst

APT Advanced Penetration Testing

LPT – Master Licensed Penetration Tester

ECIH Certified Incident Handler

CHFI Computer Hacking Forensic Investigator

CCISO Certified Chief Information Security Officer

CNDA Certified Network Defense Architect

CBP Certified Blockchain Professional

ECES Certified Encryption Specialist

CAST 614 Advanced Network Defense

CSCU Certified Secure Computer User

CASE – Java Certified Application Security Engineer

CASE – .Net Certified Application Security Engineer

ECSS Certified Security Specialist

EDRP EC-Council Disaster Recovery Professional

CSA Certified SOC Analyst

Security Blue Team

BTL1 https://securityblue.team/why-btl1/

BTL2 https://securityblue.team/btl2/

ACTIVE DIRECTORY

https://outsidersecurity.nl/ https://dirkjanm.io/ Excellent personal blog containing research on

topics such as (Azure) Active Directory internals,
protocols, and vulnerabilities.

Active Directory Security https://adsecurity.org/ Active directory & enterprise security, methods to
secure active directory, attack methods &
effective defenses, PowerShell, tech notes, &
geek trivia…

TRAINING FOR VETS

Collection https://cybersecurityguide.org/resources/veterans-guide-to-cybersecurity/

https://veteransec.org/

TRAINING FOR WOMEN

Collection https://cybersecurityguide.org/resources/women-in-cybersecurity/

CONFERENCES

Collection https://infosec-conferences.com/

ShmooCon

ThotCon

CactusCon

OWASP

BSides

DEFCON

BlackHat

PODCASTS & VLOGS

Collection https://digitalguardian.com/blog/best-information-security-podcasts

Audible https://www.audible.com/pd/Hacking-into-Security-Career-Talks-Podcast/B08K57S4H1?qid=1641412127

YouTube See the YouTube section below for details

MUST KNOW TOOLS (FREE)

PowerShell If you’re going to learn to program, PowerShell and

Python are arguable the best.

Bash You can do quite a bit with command line tools and
a Bbash one-liner.

Python If you’re going to learn to program, PowerShell and

Python are arguable the best.

Penetration Testing Tools

Reference Collection https://www.engetsu-consulting.com/2021/02/05/
penetration-testing-tools-reference-guide/ Fantastic selection of tools for the offensive
security practitioner.

Rawsec's CyberSecurity Inventory https://inventory.rawsec.ml/tools.html

o365recon https://github.com/nyxgeek/o365recon

SOFT SKILLS

Speaking

Toastmasters https://www.toastmasters.org/ Toastmasters International is a US-headquartered

nonprofit educational organization that operates
clubs worldwide for the purpose of promoting
communication, public speaking, and leadership.

https://learndigital.withgoogle.com/digitalgarage/course/
public-speaking

Public Speaking https://www.pentestpartners.com/security-blog/

speaking-at-security-events/ This free course will highlight some important
body language whilst speaking in public and the
correct preparation before giving a speech so it’s
tailored to your audience.

TED https://masterclass.ted.com/ TED’s official public speaking course

Writing
https://plextrac.com/direct-download-writing-a-killer-penetration-test-report/

https://blog.eccouncil.org/the-art-of-report-writing-by-penetration-testers/

REGULATORY WITH PENTESTING REQUIREMENTS

PCI

FedRamp

CMMC

CCPA

FFIEC

CHECK/CREST

YOUTUBE

The Cyber Mentor https://www.youtube.com/c/TheCyberMentor/videos?view=0&sort=p&flow=grid

Cover 6 Solutions https://www.youtube.com/c/Cover6Solutions/videos?view=0&sort=p&flow=grid

John Hammond https://www.youtube.com/c/JohnHammond010/videos?view=0&sort=p&flow=grid

Farah Hawah https://www.youtube.com/c/FarahHawa/videos?view=0&sort=p&flow=grid

Nahamsec https://www.youtube.com/c/Nahamsec/videos?view=0&sort=p&flow=grid

IppSec https://www.youtube.com/c/ippsec/videos?view=0&sort=p&flow=grid

DC CyberSec https://www.youtube.com/c/DCcybersec/videos?view=0&sort=p&flow=grid

Rana Khalil https://www.youtube.com/c/RanaKhalil101/videos?view=0&sort=p&flow=grid

The Pwn School Project https://www.youtube.com/c/ThePwnSchoolProject/videos?view=0&sort=p&flow=grid

PwnFunction https://www.youtube.com/c/PwnFunction/videos?view=0&sort=p&flow=grid

Hack eXPlorer https://www.youtube.com/c/HackeXPlorer/videos?view=0&sort=p&flow=grid

Hak5 https://www.youtube.com/c/hak5/videos?view=0&sort=p&flow=grid

Jack Rhysider https://www.youtube.com/c/JackRhysider/videos?view=0&sort=p&flow=grid

Cyberspatial https://www.youtube.com/c/Cyberspatial/videos?view=0&sort=p&flow=grid

Nato as Code https://www.youtube.com/c/NatoasCode/videos?view=0&sort=p&flow=grid

InsiderPhD https://www.youtube.com/c/InsiderPhD/videos?view=0&sort=p&flow=grid

Gerald Auger - Simply Cyber https://www.youtube.com/c/GeraldAuger/videos?view=0&sort=p&flow=grid

MrTurvey https://www.youtube.com/c/MrTurvey/videos?view=0&sort=p&flow=grid

Hacksplained https://www.youtube.com/c/Hacksplained/videos?view=0&sort=p&flow=grid

HackerSploit https://www.youtube.com/c/HackerSploit/videos?view=0&sort=p&flow=grid

NetworkChuck https://www.youtube.com/c/NetworkChuck/videos?view=0&sort=p&flow=grid

HacksForPancakes https://www.youtube.com/c/hacks4pancakes/videos?view=0&sort=p&flow=grid