Skip to content

stong/infosec-resources

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

35 Commits
 
 

Repository files navigation

List of InfoSec resources

I get this question a lot so I compiled a big list that I can just link people to directly.

Submissions are welcome. Please make a PR and I will try to get around to it when I have time.

Where to start?

CTFs

If you are new, you should start with high school level and eventually level up to college level.

  • https://ctftime.org - Find CTFs and write-ups
  • https://picoctf.com/ (high school level)
  • NSA Codebreaker challenge
  • CSAW RED (high school level) - Formerly known as CSAW HSF
  • CSAW CTF (college level)
  • HackTheBox - I never did this, but it's popular
  • Flare-On: Annual reversing CTF
  • PlaidCTF (warning: hard)
  • AngstromCTF, TJCTF, UMDCTF, TUCTF, UIUCTF. Look for CTFs organized by college students or people somewhat above your skill level but not too far
  • Other great CTFs in no particular order, some may be missing (may be hard): DiceCTF, Sekai CTF, Midnight Sun CTF, Google CTF, Blue Water CTF

Blockchain / Web3

Binary Exploitation

Game hacking and reversing

  • Pointers for REAL dummies - This is how I finally understood pointers when I was 12 years old. GREAT guide and it will teach you about C and what is memory.
  • Fl33p's CS:S bunnyhop hack tutorial (YT) - A bit outdated but this is what helped me finally understand how to use a debugger and Cheat Engine and Visual Studio. The explanations are not 100% accurate but most importantly it is really beginner friendly for noobs
  • godbolt.org Compiler Explorer - Good to learn what code looks like when it gets compiled
  • Reverse Engineering Stack Exchange - Good place to figure out how to do something in IDA Pro.
  • osdev wiki - Has some outdated or inaccurate info, but usually a good starting point.

Discord servers

Remember to be nice, don't be rude or annoying, etc. Act like an adult.

⚠️⚠️⚠️ DISCLAIMER: I DO NOT ENDORSE any of these servers personally, their administrators, or any of the discussion that may occur in them. I deny any particular knowledge or awareness of the day-to-day occurrences and contents of conversations on these servers. In other words, this is simply a list of some well-known, popular infosec related servers. The views, opinions, and speech of the participants or administrators on the servers below bear NO REFLECTION whatsoever on my own personal opinions, values, or beliefs. This list is provided as a USEFUL RESOURCE only. ⚠️⚠️⚠️

Blogs (in no particular order)

⚠️⚠️⚠️ DISCLAIMER: I DO NOT ENDORSE the personal character of any of the listed authors. The blogs listed below are chosen SOLELY based on the merits and quality of the publications and research ONLY. In other words, this is simply a list of well-known infosec authors. The views, opinions, and writing of the blogs below or their authors bear NO REFLECTION whatsoever on my own personal opinions, values, or beliefs. This list is provided as a USEFUL RESOURCE only. ⚠️⚠️⚠️

Other InfoSec newsletters, zines, and publications

Favorite Tools

I am a Windows user so I mainly use Windows tools. Sorry Linux users.

Must-have, essential tools

Other handy tools

Hex-Rays plugins

x64dbg plugins

Lectures and slides

Reference materials

  • Intel Manual volume 3 - they say that every question you have is answered somewhere in this book. the question is where to find it. and also how to understand it. since this shit is not easy nor fun to read. sometimes if you ask some stupid question people will tell you to go read the intel manual. it's an advanced way to tell people to fuck off.
  • Hacker's Delight - bit hacking tricks, you see them used by compilers often. Division constants
  • Dragon Book - popular compilers textbook
  • SSA book - resource for advanced topics on single static assignment form in compilers
  • MSDN - win32 and windows internals