Wiki - Resources

Resources and useful links!

We know how hard it can be to figure out where to start in Cybersecurity - that's why we've curated this list! You can find learning resources, tools, walkthroughs, and more below

Penetration Testing Labs

HackTheBox.eu - Generally more advanced boxes, however there are some easy boxes too

TryHackMe - A useful website for walkthroughs and instructional learning (which can be hard to come by in cybersecurity). Some of our favourite rooms are linked below (and you can find a full list here)

  • Linux - Missed our session on Linux Basics? TryHackMe has you covered
  • Juice Shop! - You'll have seen this one if you've been to pretty much any of our sessions :) It's a great start for learning web application testing
  • Vulnversity - A great room for the basics of recon, Burp Suite, and more
  • Nmap - Learn the ropes of this crucial networking tool
  • Attacktive Directory - Learn some Active Directory enumeration tools and methodologies, step by step

Immersive Labs - A collection of highly interactive labs, ranging from theory to guided tutorials of common tools - free for students!

Vulnhub + Docker Machines - Vulnhub is a website full of Virtual Machine images, ready to be hacked! Specific boxes that we enjoyed are listed below, along with some cool Docker images we've used for exercises!

OverTheWire Wargames - A collection of miniature challenges, mostly Linux based, and great for learning the basics

Hack this Site - A site similar to Wargames with a series of missions, in a range of difficulties

Learning Resources

Hacksplaining - The basics of hacking with interactive examples and short quizzes

GTFOBins - A website that shows possible privilege escalation vectors through SUID/GUID binaries

ippsec.rocks - A searchable directory of hundreds of HackTheBox video walkthroughs

OWASP Top 10 - OWASP's list of the most critical Cybsersecurity risks

excess-xss - A comprehensive guide to Cross Site Scripting attacks

Portswigger SQL Injection - An excellent writeup of SQL Injection techniques, from the people who brought you Burp Suite! Includes a great cheat sheet

AWS UK-OFFICIAL Quickstart - AWS' Template for an Official-rated cloud network. A good example of secure cloud infrastructure!

Scraping Club - A great website full of web scraping challenges

Enumerating Active Directory - An interesting article on common commands when poking around a Windows Domain Controller

Scripting

Courses + Videos

Udemy - A large catalogue of Cybersecurity courses

LinkedIn Learning - Cybersecurity Foundations - A course by Malcolm Shore, with more courses on his page

LinkedIn Learning - Python for Automation - A course by Sam Pettus, covering the basics of web scraping, Python HTTP requests, and more

Udemy Automation - Another automation course

Computerphile Password Cracking - A brilliant explanation of password cracking (featuring plenty of sexy GPUs)

Computerphile SQL Injection - A great visual explanation of SQL Injection

Computerphile Diffie-Hellman - A gorgeous visual explanation of a popular key exchange algorithm for all you cryptography nerds

CompTIA Exam Prep - A (long) video that goes over the crucial information for the CompTIA+ Qualification - even if you're not studying for it, this video is a great intro to networking!

Walkthroughs and Writeups

Ippsec - A YouTube channel dedicated to walkthroughs of HackTheBox and other challenges

Juice Shop Solutions - A comprehensive list of solutions for the Juice Shop Challenges

Jack Barradell-Johns - Excellent writeups from our former Vice President!

WireGuard Setup - Set up your own VPN network with WireGuard!

Tools

Remember the Code of Conduct (and the Computer Misuse Act) when using these tools! They are for education only, to be used on systems where you have explicit permission

Once you're sure you're working ethically and within the law... have fun!

Enumeration + Privelege Escalation

  • Nmap - A tool for enumerating networks, with lots of built in scripts for enriching information - this is the first step in most security assessments!

  • Gobuster - Insanely fast tool for discovering webpages on a domain - often the first step when exploring a web app

  • ldapsearch & ldapenum - Tools for enumerating system and domain controllers over LDAP - useful for Windows boxes!

  • pspy - For monitoring processes on a Linux machine - useful for discovering interesting things post-exploitation!

  • PrivEsc Scripts Suite - A list of brilliant scripts for enumerating ahead of privelege escalation, including linPEAS and winPEAS. (It pairs nicely with this)

  • Bloodhound - Brilliant tool for visualising exploitation paths in Active Directory, and suggesting exploits

Networking + Web Scraping

  • Burp Suite - A powerful tool for capturing and analysing HTTP requests, and modifying them on the fly - this is an essential in your toolkit!

  • Wireshark - An incredibly powerful tool for analysing network traffic

  • Beautiful Soup - The essential web scraping library, with great documentation

  • Scrapy - A powerful web scraping framework

Exploitation

  • sqlmap - A tool for automatically detecting and performing SQL injection attacks

  • Metasploit - An extensive set of exploit implementations, downloadable for free via Metasploit Framework

  • CrackMapExec - A mindblowingly versatile tool used for enumerating and exploiting Windows Machines and Active Directory - with incredible documentation!

  • Impacket - A collection of brilliant Python Scripts, perfect for pulling secrets out of Windows Machines (and much more). We used many of these scripts during our Enumeration Session

  • tomcatWarDeployer - For deploying malicious payloads to compromised Tomcat webservers

Social Engineering + OSINT

Reverse Engineering

  • Ghidra - A suite of software reverse engineering tools, developed by the NSA

Utility

  • Cyberchef - A GCHQ released tool that's useful for encodings, cryptography and a ton of other useful tools!

  • jwt - A tool useful for decoding JWT tokens used in web applications

  • John the Ripper - A great password cracking tool, supporting hundreds of hash and cipher types

  • Regex101 - A lovely little regex checker, for help with all those greps

  • JSLinux - Try Linux out in your browser! (Although we recommend installing it properly)

  • tmux - A video guide to tmux from Ippsec, a useful tool for terminal productivity

  • HTTPBin - A website for testing HTTP requests

  • CTF Tools - A work-in-progress repo with various cybersecurity tools, including a password cracker and a repeater, built by Mac

Lists within lists!

  • Red Teaming Toolkit - A collection of amazing repositories and tools for all your hacking needs

  • SecLists - Thought this list was long? This repo compiles an egregious number of passwords, URLs, and payloads for fuzzing, password cracking, and everything in between

  • ExtendsClass - A host of free online developer tools for testing Regexes, API calls, XML validation, and more!

Academic Research

Security of Advanced Systems - A research group @ UoS, focusing on security by design and security analysis methods

Verification - A research group @ UoS, focusing on formal methods and mathematically rigorous verification of software and hardware

Textbooks

Linux Pocket Guide by Daniel J Barrett - A detailed list of the most useful Linux commands, and how to use them!

Web Application Hackers Handbook by Stuttard and Pinto - An incredibly detailed book with demonstrations of a wide range of exploits

Network Security Assessment by Chris McNab - Another highly detailed book focusing on network security

Red Team Field Manual by Ben Clark - A Red Teamer's reference guide

Blogs & News

NCC Group - A series of great blogs, including the excellent 'Black Team War Stories'

Hacker News - A curated list of technology news articles

Risky Business Podcast - A regular podcast taking a deep dive into Cybsersecurity news

NCSC - The official blog of the National Cyber Security Centre

AWS Security - General security articles from AWS

AWS Provable Security - Another AWS blog, focusing more on formal methods