- [System](#system) - [Tutorials](#system-tutorials) - [Tools](#sy

1.  
2.  
3. - [System](#system)
4. - [Tutorials](#system-tutorials)
5. - [Tools](#system-tools)
6. - [Docker](#system-docker)
7. - [General](#system-general)
8. - [Reverse Engineering](#reverse-engineering)
9. - [Tutorials](#reverse-engineering-tutorials)
10. - [Tools](#reverse-engineering-tools)
11. - [General](#reverse-engineering-general)
12. - [Web](#web)
13. - [Tutorials](#web-tutorials)
14. - [Tools](#web-tools)
15. - [Network](#network)
16. - [Tutorials](#network-tutorials)
17. - [Tools](#network-tools)
18. - [BugBounty](#bugbounty)
19. - [Forensic](#forensic)
20. - [Tutorials](#forensic-tutorials)
21. - [Tools](#forensic-tools)
22. - [Cryptography](#cryptography)
23. - [Tutorials](#cryptography-tutorials)
24. - [Tools](#cryptography-tools)
25. - [Wargame](#wargame)
26. - [System](#wargame-system)
27. - [Reverse Engineering](#wargame-reverse-engineering)
28. - [Web](#wargame-web)
29. - [Network](#wargame-network)
30. - [Forensic](#wargame-forensic)
31. - [Cryptography](#wargame-cryptography)
32. - [CTF](#ctf)
33. - [Competition](#ctf-competition)
34. - [General](#ctf-general)
35. - [OS](#os)
36. - [Online resources](#online-resources)
37. - [ETC](#etc)
38.  
39. <!-- /MarkdownTOC -->
40.  
41. # System
42.  
43. ## Tutorials
44. * [Corelan Team's Exploit writing tutorial](https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/)
45. * [Exploit Writing Tutorials for Pentesters](http://www.punter-infosec.com/exploit-writing-tutorials-for-pentesters/)
46.  
47. ## Tools
48. * [Metasploit](https://github.com/rapid7/metasploit-framework) A computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development.
49. * [mimikatz](https://github.com/gentilkiwi/mimikatz) - A little tool to play with Windows security
50.  
51. ### Docker Images for Penetration Testing & Security
52. * `docker pull kalilinux/kali-linux-docker` [official Kali Linux](https://hub.docker.com/r/kalilinux/kali-linux-docker/)
53. * `docker pull owasp/zap2docker-stable` - [official OWASP ZAP](https://github.com/zaproxy/zaproxy)
54. * `docker pull wpscanteam/wpscan` - [official WPScan](https://hub.docker.com/r/wpscanteam/wpscan/)
55. * `docker pull pandrew/metasploit` - [docker-metasploit](https://hub.docker.com/r/pandrew/metasploit/)
56. * `docker pull citizenstig/dvwa` - [Damn Vulnerable Web Application (DVWA)](https://hub.docker.com/r/citizenstig/dvwa/)
57. * `docker pull wpscanteam/vulnerablewordpress` - [Vulnerable WordPress Installation](https://hub.docker.com/r/wpscanteam/vulnerablewordpress/)
58. * `docker pull hmlio/vaas-cve-2014-6271` - [Vulnerability as a service: Shellshock](https://hub.docker.com/r/hmlio/vaas-cve-2014-6271/)
59. * `docker pull hmlio/vaas-cve-2014-0160` - [Vulnerability as a service: Heartbleed](https://hub.docker.com/r/hmlio/vaas-cve-2014-0160/)
60. * `docker pull opendns/security-ninjas` - [Security Ninjas](https://hub.docker.com/r/opendns/security-ninjas/)
61. * `docker pull usertaken/archlinux-pentest-lxde` - [Arch Linux Penetration Tester](https://hub.docker.com/r/usertaken/archlinux-pentest-lxde/)
62. * `docker pull diogomonica/docker-bench-security` - [Docker Bench for Security](https://hub.docker.com/r/diogomonica/docker-bench-security/)
63. * `docker pull ismisepaul/securityshepherd` - [OWASP Security Shepherd](https://hub.docker.com/r/ismisepaul/securityshepherd/)
64. * `docker pull danmx/docker-owasp-webgoat` - [OWASP WebGoat Project docker image](https://hub.docker.com/r/danmx/docker-owasp-webgoat/)
65. * `docker-compose build && docker-compose up` - [OWASP NodeGoat](https://github.com/owasp/nodegoat#option-3---run-nodegoat-on-docker)
66. * `docker pull citizenstig/nowasp` - [OWASP Mutillidae II Web Pen-Test Practice Application](https://hub.docker.com/r/citizenstig/nowasp/)
67. * `docker pull bkimminich/juice-shop` - [OWASP Juice Shop](https://github.com/bkimminich/juice-shop#docker-container--)
68.  
69. ## General
70. * [Exploit database](https://www.exploit-db.com/) - An ultimate archive of exploits and vulnerable software
71.  
72.  
73. # Reverse Engineering
74.  
75. ## Tutorials
76. * [Lenas Reversing for Newbies](https://tuts4you.com/download.php?list.17)
77. * [Malware Analysis Tutorials: a Reverse Engineering Approach](http://fumalwareanalysis.blogspot.kr/p/malware-analysis-tutorials-reverse.html)
78.  
79. ## Tools
80. * [nudge4j](https://github.com/lorenzoongithub/nudge4j) - Java tool to let the browser talk to the JVM
81. * [IDA](https://www.hex-rays.com/products/ida/) - IDA is a Windows, Linux or Mac OS X hosted multi-processor disassembler and debugger
82. * [OllyDbg](http://www.ollydbg.de/) - A 32-bit assembler level analysing debugger for Windows
83. * [x64dbg](http://x64dbg.com/) - An open-source x64/x32 debugger for Windows
84. * [dex2jar](https://github.com/pxb1988/dex2jar) - Tools to work with Android .dex and Java .class files
85. * [JD-GUI](http://jd.benow.ca/) - A standalone graphical utility that displays Java source codes of “.class” files
86. * [procyon](https://bitbucket.org/mstrobel/procyon/wiki/Java%20Decompiler) - A modern open-source Java decompiler
87. * [androguard](https://code.google.com/p/androguard/) - Reverse engineering, malware and goodware analysis of Android applications
88. * [JAD](http://varaneckas.com/jad/) - JAD Java Decompiler (closed-source, unmaintained)
89. * [dotPeek](https://www.jetbrains.com/decompiler/) - a free-of-charge .NET decompiler from JetBrains
90. * [ILSpy](https://github.com/icsharpcode/ILSpy/) - an open-source .NET assembly browser and decompiler
91. * [dnSpy](https://github.com/0xd4d/dnSpy) - .NET assembly editor, decompiler, and debugger
92. * [de4dot](https://github.com/0xd4d/de4dot) - .NET deobfuscator and unpacker.
93. * [antinet](https://github.com/0xd4d/antinet) - .NET anti-managed debugger and anti-profiler code
94. * [UPX](http://upx.sourceforge.net/) - the Ultimate Packer for eXecutables
95. * [radare2](https://github.com/radare/radare2) - A portable reversing framework
96. * [plasma](https://github.com/joelpx/plasma) - Interactive disassembler for x86/ARM/MIPS. Generates indented pseudo-code with colored syntax code.
97. * [Hopper](https://www.hopperapp.com) - A OS X and Linux Disassembler/Decompiler for 32/64-bit Windows/Mac/Linux/iOS executables.
98. * [ScratchABit](https://github.com/pfalcon/ScratchABit) - Easily retargetable and hackable interactive disassembler with IDAPython-compatible plugin API
99.  
100.  
101.  
102. ## General
103. * [Open Malware](http://www.offensivecomputing.net/)
104.  
105.  
106. # Web
107.  
108. ## Tools
109. * [sqlmap](https://github.com/sqlmapproject/sqlmap) - Automatic SQL injection and database takeover tool
110. * [tools.web-max.ca](http://tools.web-max.ca/encode_decode.php) - base64 base85 md4,5 hash, sha1 hash encoding/decoding
111.  
112.  
113. # Network
114.  
115. ## Tools
116. * [Wireshark](https://www.wireshark.org/) - A free and open-source packet analyzer
117. * [NetworkMiner](http://www.netresec.com/?page=NetworkMiner) - A Network Forensic Analysis Tool (NFAT)
118. * [tcpdump](http://www.tcpdump.org/) - A powerful command-line packet analyzer; and libpcap, a portable C/C++ library for network traffic capture
119. * [Paros](http://sourceforge.net/projects/paros/) - A Java-based HTTP/HTTPS proxy for assessing web application vulnerability
120. * [pig](https://github.com/rafael-santiago/pig) - A Linux packet crafting tool
121. * [ZAP](https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project) - The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications
122. * [mitmproxy](https://mitmproxy.org/) - An interactive, SSL-capable man-in-the-middle proxy for HTTP with a console interface
123. * [mitmsocks4j](https://github.com/Akdeniz/mitmsocks4j) - Man-in-the-middle SOCKS Proxy for Java
124. * [nmap](https://nmap.org/) - Nmap (Network Mapper) is a security scanner
125. * [Aircrack-ng](http://www.aircrack-ng.org/) - An 802.11 WEP and WPA-PSK keys cracking program
126. * [Charles Proxy](https://charlesproxy.com) - A cross-platform GUI web debugging proxy to view intercepted HTTP and HTTPS/SSL live traffic
127. * [Nipe](https://github.com/GouveaHeitor/nipe) - A script to make Tor Network your default gateway.
128. * [Habu](https://github.com/portantier/habu) - Python Network Hacking Toolkit
129. * [Wifi Jammer](https://n0where.net/wifijammer/) - Free program to jam all wifi clients in range
130. * [Firesheep](https://codebutler.github.io/firesheep/) - Free program for HTTP session hijacking attacks.
131. * [Scapy](https://github.com/secdev/scapy) - A Python tool and library for low level packet creation and maniputalion
132.  
133.  
134. # Forensic
135.  
136. ## Tools
137. * [Autospy](http://www.sleuthkit.org/autopsy/) - A digital forensics platform and graphical interface to [The Sleuth Kit](http://www.sleuthkit.org/sleuthkit/index.php) and other digital forensics tools
138. * [sleuthkit](https://github.com/sleuthkit/sleuthkit) - A library and collection of command-line digital forensics tools
139. * [EnCase](https://www.guidancesoftware.com/products/Pages/encase-forensic/overview.aspx) - The shared technology within a suite of digital investigations products by Guidance Software
140. * [malzilla](http://malzilla.sourceforge.net/) - Malware hunting tool
141. * [PEview](http://wjradburn.com/software/) - A quick and easy way to view the structure and content of 32-bit Portable Executable (PE) and Component Object File Format (COFF) files
142. * [HxD](http://mh-nexus.de/en/hxd/) - A hex editor which, additionally to raw disk editing and modifying of main memory (RAM), handles files of any size
143. * [WinHex](http://www.winhex.com/winhex/) - A hexadecimal editor, helpful in the realm of computer forensics, data recovery, low-level data processing, and IT security
144. * [BinText](http://www.mcafee.com/kr/downloads/free-tools/bintext.aspx) - A small, very fast and powerful text extractor that will be of particular interest to programmers
145.  
146.  
147. # Cryptography
148.  
149. ### Tools
150. * [xortool](https://github.com/hellman/xortool) - A tool to analyze multi-byte XOR cipher
151. * [John the Ripper](http://www.openwall.com/john/) - A fast password cracker
152. * [Aircrack](http://www.aircrack-ng.org/) - Aircrack is 802.11 WEP and WPA-PSK keys cracking program.
153.  
154.  
155. # Wargame
156.  
157. ## System
158. * [OverTheWire - Semtex](http://overthewire.org/wargames/semtex/)
159. * [OverTheWire - Vortex](http://overthewire.org/wargames/vortex/)
160. * [OverTheWire - Drifter](http://overthewire.org/wargames/drifter/)
161. * [pwnable.kr](http://pwnable.kr/) - Provide various pwn challenges regarding system security
162. * [Exploit Exercises - Nebula](https://exploit-exercises.com/nebula/)
163. * [SmashTheStack](http://smashthestack.org/)
164.  
165. ## Reverse Engineering
166. * [Reversing.kr](http://www.reversing.kr/) - This site tests your ability to Cracking & Reverse Code Engineering
167. * [CodeEngn](http://codeengn.com/challenges/) - (Korean)
168. * [simples.kr](http://simples.kr/) - (Korean)
169. * [Crackmes.de](http://crackmes.de/) - The world first and largest community website for crackmes and reversemes.
170.  
171. ## Web
172. * [Hack This Site!](https://www.hackthissite.org/) - a free, safe and legal training ground for hackers to test and expand their hacking skills
173. * [Webhacking.kr](http://webhacking.kr/)
174. * [0xf.at](https://0xf.at/) - a website without logins or ads where you can solve password-riddles (so called hackits).
175.  
176.  
177. ## Cryptography
178. * [OverTheWire - Krypton](http://overthewire.org/wargames/krypton/)
179.  
180. ## Bug bounty
181. * [Awsome bug bounty resourses by Edoverflow](https://github.com/EdOverflow/bugbounty-cheatsheet)
182.  
183. # CTF
184.  
185. ## Competition
186. * [DEF CON](https://legitbs.net/)
187. * [CSAW CTF](https://ctf.isis.poly.edu/)
188. * [hack.lu CTF](http://hack.lu/)
189. * [Pliad CTF](http://www.plaidctf.com/)
190. * [RuCTFe](http://ructf.org/e/)
191. * [Ghost in the Shellcode](http://ghostintheshellcode.com/)
192. * [PHD CTF](http://www.phdays.com/)
193. * [SECUINSIDE CTF](http://secuinside.com/)
194. * [Codegate CTF](http://ctf.codegate.org/html/Main.html?lang=eng)
195. * [Boston Key Party CTF](http://bostonkeyparty.net/)
196.  
197. ## General
198. * [Hack+](http://hack.plus) - An Intelligent network of bots that fetch the latest InfoSec content.
199. * [CTFtime.org](https://ctftime.org/) - All about CTF (Capture The Flag)
200. * [WeChall](http://www.wechall.net/)
201. * [CTF archives (shell-storm)](http://shell-storm.org/repo/CTF/)
202. * [Rookit Arsenal](https://amzn.com/144962636X) - OS RE and rootkit development
203. * [Pentest Cheat Sheets](https://github.com/coreb1t/awesome-pentest-cheat-sheets) - Collection of cheat sheets useful for pentesting
204. * [Movies For Hacker](https://github.com/k4m4/movies-for-hackers) - A curated list of movies every hacker & cyberpunk must watch.
205.  
206. # OS
207.  
208. ## Online resources
209. * [Security related Operating Systems @ Rawsec](http://rawsec.ml/en/security-related-os/) - Complete list of security related operating systems
210. * [Best Linux Penetration Testing Distributions @ CyberPunk](https://n0where.net/best-linux-penetration-testing-distributions/) - Description of main penetration testing distributions
211. * [Security @ Distrowatch](http://distrowatch.com/search.php?category=Security) - Website dedicated to talking about, reviewing and keeping up to date with open source operating systems
212.  
213. # ETC
214. * [SecTools](http://sectools.org/) - Top 125 Network Security Tools