A forever growing list of resources I have found helpful with some notes for some of them.

• Trainings - Hands on labs
• Blogs - Reading/watching material
• Books - Content that is worth purchasing
• Tools - Lesser known useful tools

Table of Contents

• Certifications
• Web
  • Trainings
  • Blogs
  • Books
• Network
  • Trainings
  • Blogs
  • Books
• Active Directory
  • Trainings
  • Blogs
  • Books
• Red Team
  • Trainings
  • Blogs
  • Books
• Malware Development
  • Trainings
  • Blogs
  • Books
• Cloud
  • Trainings
  • Blogs
  • Books
• Programming
  • Trainings
  • Blogs
  • Books
• Tools
  • Web
  • Network
  • Active Directory
  • Red Team
• Non-Technical
• News

Certifications

OSEP - A good certification for beginners to malware development, AD Pentesting and stealth techniques. A bit dated for 2024 but good information.

OSWE - Good coverage of introduction to code review and how to go about findings exploits. Not every exploit is covered, but I worked off v1 of the course.

OSCP - Updates look good but I don’t plan on retaking. Good for beginners to the field.

CRTO - Good Cobalt Strike information, only training I know of that lets you use this.

CRTP - Good if you know nothing about active directory.

CREST CRT - I got this with having passed OSCP within 3 years of passing CPSA, so did not sit for the exam.

CREST CPSA - How I imagine CEH feels, only take if your job requires you to.

Web

Trainings

Portswigger - Best free resource out there.

PentesterLab - Well worth the subscription fee.

ApiSec University

JuiceShop - Good introduction

crAPI - API Practice

Blogs

PentesterLand - Not specific for web, but lots are web based. Writeups from all topics are curated here.

EWPTXv2 Notes

Pentesting Web Checklist

StratumSecurity

Books

Web Application Hacker’s Handbook v2

Hacking APIs

Real-World Bug Hunting

JavaScript for Hackers

Network

Trainings

HacktheBox

Blogs

HackTricks Pentesting Network

Ippsec

0xdf

Books

Network Security Assessment

Attacking Network Protocols

How to Hack Like a Pornstar

Active Directory

Trainings

SnapLabs

GOAD

Blogs

HackTricks AD Methodology

adsecurity

BloodHound Cypher Cheatsheet

Books

Red Team

Trainings

Blogs

RedTeam-Tools

Prelude Youtube - Talks on red team evasion topics

RedTeamRecipe

Active Directory Enumeration for Red Teams

Ired

BlackHill Security

reveng007 - EDR Evasion

0xMrNiko - Awesome Red Teaming

Books

Evading EDR - Dives deep into technical, great for experienced people

Red Team Development and Operations - Not technical but good information

Malware Development

Trainings

MalDev Academy - Well worth the $500 lifetime fee.

Sektor7 - All trainings are good, MalDev Academy is better priced.

Mr. Un1k0d3r

Blogs

0xPat MalDev - Introduction of C Malware

OffensiveNim

Books

Cloud

Trainings

Cantrill - Not offensive oriented related but good training nonetheless

Blogs

Breaching the Cloud

Books

Programming

Trainings

Blogs

Books

Black Hat Go

Black Hat Python 2nd Edition

Black Hat GraphQL

Tools

Web

nuclei

Burp-PYJFuzz - Good Burp extension for fuzzing

Autorize

katana - Web crawler

Network

wstunnel - Working tunneling tool

Active Directory

NetExec - Updates to CME

Red Team

Non-Technical

Blogs

DarkNet Diaries

Books

This Is How They Tell Me the World Ends

Sandworm

The Cuckoo’s Egg

Cult of the Dead Cow

News

Talkback

InfoSec Exchange

Bleeping Computer