Last Updated: 5/22/23

This page contains all the resources I found useful or that look interesting for different topics in security. I’ll update this page periodically as I find new things.

Malware Analysis

Books

• Practical Malware Analysis
• The Art of Memory Forensics
• Practical Binary Analysis
• Malware Analyst’s Cookbook

Practice and/or Courses

• Zero2Automated
• Reverse Engineering 101 by Malware Unicorn
• Reverse Engineering 102 by Malware Unicorn
• Practical Malware Analysis by Sam Bowne (Undergrad Course @ City College of San Francisco)
• Malware Analysis (Graduate Course @ University of Cincinnati)
• Open Security Training 2
• Malware Traffic Analysis

Extras

• [Blog] c3rb3ru5d3d53c/Malware Hell - Malware Analysis for Beginners
• [Blog] c3rb3ru5d3d53c/Malware Hell - Malware Analysis and RE Workflow
• [Blog] [Exploit Reversing] (https://exploitreversing.com/)
• [Tool] REmnux
• [Tool] Cuckoo Sandbox
• [Tool] FLARE VM
• [Tool] CAPEv2
• [Tool] Binary Refinery
• [Tool] Unprotect Project
• [Website] theZoo
• [Website] VirusBay
• [Website] VirusShare
• [Website] MalwareBazaar
• [Website] vx-underground
• [Youtube Channel] OALabs
• [Youtube Channel] c3rb3ru5d3d53c/Malware Hell

Reverse Engineering

Books

• Reverse Engineering for Beginners
• Practical Reverse Engineering

Practice and/or Courses

• Reverse Engineering for Beginners Challenges
• Microcorruption
• Pwnable.kr
• Lena’s Reversing for Newbies
• CrackMes
• Begin.re
• Open Security Training 2
• Flare-On CTF
• Z0F’s RE Course on TryHackMe

Extras

• [Blog] Secret Club
• [Blog] Reverse Engineering a Router
  • Series of blog posts walking through how to reverse engineer a Huawei HG533 router
• [Youtube] Reverse Engineering with Ghidra
  • Playlist of lectures from HackadayU’s course “Reverse Engineering with Ghidra”
• [Blog] Windows Internals

Vulnerability Research/Exploit Development

Books

• Hacking - The Art of Exploitation
• The Shellcoder’s Handbook
• The Fuzzing Book

Practice and/or Courses

• Pwnable.kr
• Pwnable.xyz
• Exploit.Education
• ROP Emporium
• Nightmare Challenges
• HackSysExtremeVulnerableDriver
• pwn.college
• Fuzzing101
• Vulnerabilities 1001: C-Family Software Implementation Vulnerabilities
• Offensive Security and Reverse Engineering Course

Extras

• [Website] ir0nstone BinEXP Notes
• [Website] DayZeroSec: CTFs to Real-World
• [Blog] h0mbre’s blog
• [Blog] Connor McGarr’s blog
• [Blog] chompie’s blog
• [Blog] Project Zero Blog
• [Blog] HN Security - Automating binary vulnerability discovery with Ghidra and Semgrep
• [Video] LiveOverflow’s Sudo Vulnerability Series
• [Video] PinkDraconian’s Pwn Zero to Hero Series
• [Video] CryptoCat’s Intro to Binary Exploitation Series
• [Blog] Alex Plaskett: Demystifying Security Research
• [YouTube Channel] areyou1or0
• [Blog] Survey of Security Mitigations and Architecture
• [Blog] Jack Halon: Chrome Browser Exploitation Series

Hardware Hacking

Books

• The Hardware Hacking Handbook
• Practical IoT Hacking

Practice and/or Courses

• Hardware Hacking Bootcamp (Paid Course) - Haven’t taken this, but looks good.

Extras

• [Blog] Wrongbaud’s Blog
• [YouTube Channel] Flashback Team
• [Video] BusesCanFly - Hardware Hacking for the Masses
• [Reference] Hardware All The Things

Pentesting

Books

• Red Team Field Manual
• The Hacker Playbook 2
• The Hacker Playbook 3

Practice and/or Courses

• Sektor7 (Paid Course)
• HackTheBox
• TryHackMe
• Practical Ethical Hacking by Heath Adams (Paid Course)
• Penetration Testing with Kali (PWK/OSCP) (Paid Course)

Extras

• GTFOBins
• LOLBAS
• WADComs

Blue Team Stuff

Practice and/or Courses

• CyberDefenders
  • SIEM, Threat Hunting, PCAP, Reverse Engineering, Memory Forensics
• Blue Team Labs Online (Free and Paid)
  • Incident Response, Digital Forensics, and Threat Hunting.
• Blue Team Level 1
  • Security Fundamentals, Phishing Analysis, Threat Intel, Digital Forensics, SIEM, Incident Response

Bug Bounties and Web Stuff

Books

• A Bug Hunter’s Diary
• The Web Application Hacker’s Handbook 2
• Real World Bug Hunting
• Bug Bounty Bootcamp

Practice and/or Courses

• PortSwigger Web Security Academy
• Hacker101
• PentesterLab (Paid subscription)
• BugBountyHunter (Free and Paid)

Extras

• OWASP Web Security Testing Guide
• PayloadsAllTheThings
• HackerOne (Public/Private)
• BugCrowd (Public/Private)
• Synack Red Team (Private)
• Bug Bounty Hunter Methodology v3
• List of Bug Bounty Writeups