bookmarks (awesome links / malware analysis / re)

• Malware Analysis
  • Malware Collection
    • Anonymizers
    • Honeypots
    • Malware Corpora
  • Open Source Threat Intelligence
    • Tools
    • Other Resources
  • Detection and Classification
  • Online Scanners and Sandboxes
  • Domain Analysis
  • Browser Malware
  • Documents and Shellcode
  • File Carving
  • Deobfuscation
  • Debugging and Reverse Engineering
  • Network
  • Memory Forensics
  • Windows Artifacts
  • Storage and Workflow
  • Miscellaneous
• Resources
  • Books
  • Twitter
  • Other

Web traffic anonymizers for analysts.

• Anonymouse.org - A free, web based anonymizer.
• OpenVPN - VPN software and hosting solutions.
• Privoxy - An open source proxy server with some privacy features.
• Tor - The Onion Router, for browsing the web without leaving traces of the client IP.

Trap and collect your own samples.

• Conpot - ICS/SCADA honeypot.
• Dionaea - Honeypot designed to trap malware.
• Glastopf - Web application honeypot.
• Honeyd - Create a virtual honeynet.
• HoneyDrive - Honeypot bundle Linux distro.
• Kippo - Medium interaction SSH honeypot.
• Mnemosyne - A normalizer for honeypot data; supports Dionaea.
• Thug - Low interaction honeyclient, for investigating malicious websites.

Malware samples collected for analysis.

• Clean MX - Realtime database of malware and malicious domains.
• Contagio - A collection of recent malware samples and analyses.
• Exploit Database - Exploit and shellcode samples.
• Malshare - Large repository of malware actively scrapped from malicious sites.
• maltrieve - Retrieve malware samples directly from a number of online sources.
• MalwareDB - Malware samples repository.
• theZoo - Live malware samples for analysts.
• ViruSign - Malware database that detected by many anti malware programs except ClamAV.
• VirusShare - Malware repository, registration
• Zeltser's Sources - A list of malware sample sources put together by Lenny Zeltser.
• Zeus Source Code - Source for the Zeus trojan leaked in 2011. required.

Harvest and analyze IOCs.

• Combine - Tool to gather Threat Intelligence indicators from publicly available sources.
• IntelMQ - A tool for CERTs for processing incident data using a message queue.
• IOC Editor - A free editor for XML IOC files.
• ioc_writer - Python library for working with OpenIOC objects, from Mandiant.
• Massive Octo Spice - Previously known as CIF (Collective Intelligence Framework). Aggregates IOCs from various lists. Curated by the CSIRT Gadgets Foundation.
• MISP - Malware Information Sharing Platform curated by The MISP Project.
• PassiveTotal - Research, connect, tag and share IPs and domains.
• PyIOCe - A Python OpenIOC editor.
• threataggregator - Aggregates security threats from a number of sources, including some of those listed below in other resources.
• ThreatCrowd - A search engine for threats, with graphical visualization.
• ThreatTracker - A Python script to monitor and generate alerts based on IOCs indexed by a set of Google Custom Search Engines.
• TIQ-test - Data visualization and statistical analysis of Threat Intelligence feeds.

Threat intelligence and IOC resources.

• Autoshun (list) - Snort plugin and blocklist.
• CI Army (list) - Network security blocklists.
• Critical Stack- Free Intel Market - Free intel aggregator with deduplication featuring 90 feeds and over 1.2M indicators.
• CRDF ThreatCenter - List of new threats detected by CRDF anti-malware.
• Emerging Threats - Rulesets and more.
• FireEye IOCs - Indicators of Compromise shared publicly by FireEye.
• hpfeeds - Honeypot feed protocol.
• Internet Storm Center (DShield) - Diary and searchable incident database, with a web API (unofficial Python library).
• malc0de - Searchable incident database.
• Malware Domain List - Search and share malicious URLs.
• OpenIOC - Framework for sharing threat intelligence.
• Palevo Blocklists - Botnet C&C blocklists.
• STIX - Structured Threat Information eXpression - Standardized language to represent and share cyber threat information. Related efforts from MITRE:
  • CAPEC - Common Attack Pattern Enumeration and Classification
  • CybOX - Cyber Observables eXpression
  • MAEC - Malware Attribute Enumeration and Characterization
  • TAXII - Trusted Automated eXchange of Indicator Information
• threatRECON - Search for indicators, up to 1000 free per month.
• Yara rules - Yara rules repository.
• ZeuS Tracker - ZeuS blocklists.

Antivirus and other malware identification tools

• AnalyzePE - Wrapper for a variety of tools for reporting on Windows PE files.
• chkrootkit - Local Linux rootkit detection.
• ClamAV - Open source antivirus engine.
• ExifTool - Read, write and edit file metadata.
• hashdeep - Compute digest hashes with a variety of algorithms.
• Loki - Host based scanner for IOCs.
• Malfunction - Catalog and compare malware at a function level.
• MASTIFF - Static analysis framework.
• MultiScanner - Modular file scanning/analysis framework
• nsrllookup - A tool for looking up hashes in NIST's National Software Reference Library database.
• packerid - A cross-platform Python alternative to PEiD.
• PEiD - Packer identifier for Windows binaries.
• PEV - A multiplatform toolkit to work with PE files, providing feature-rich tools for proper analysis of suspicious binaries.
• Rootkit Hunter - Detect Linux rootkits.
• ssdeep - Compute fuzzy hashes.
• totalhash.py - Python script for easy searching of the TotalHash.com database.
• TrID - File identifier.
• YARA - Pattern matching tool for analysts.
• Yara rules generator - Generate yara rules based on a set of malware samples. Also contains a good strings DB to avoid false positives.

Web-based multi-AV scanners, and malware sandboxes for automated analysis.

• AndroTotal - free online analysis of APKs against multiple mobile antivirus apps.
• Anubis - Malware Analysis for Unknown Binaries and Site Check.
• AVCaesar - Malware.lu online scanner and malware repository.
• Cryptam - Analyze suspicious office documents.
• Cuckoo Sandbox - Open source, self hosted sandbox and automated analysis system.
• cuckoo-modified - Modified version of Cuckoo Sandbox released under the GPL. Not merged upstream due to legal concerns by the author.
• DeepViz - Multi-format file analyzer with machine-learning classification.
• DRAKVUF - Dynamic malware analysis system.
• Hybrid Analysis - Online malware analysis tool, powered by VxSandbox.
• IRMA - An asynchronous and customizable analysis platform for suspicious files.
• Jotti - Free online multi-AV scanner.
• Malheur - Automatic sandboxed analysis of malware behavior.
• Malwr - Free analysis with an online Cuckoo Sandbox instance.
• MASTIFF Online - Online static analysis of malware.
• Metascan Online - Free file scanning with multiple antivirus engines.
• Noriben - Uses Sysinternals Procmon to collect information about malware in a sandboxed environment.
• PDF Examiner - Analyse suspicious PDF files.
• Recomposer - A helper script for safely uploading binaries to sandbox sites.
• SEE - Sandboxed Execution Environment (SEE) is a framework for building test automation in secured Environments.
• VirusTotal - Free online analysis of malware samples and URLs
• Zeltser's List - Free automated sandboxes and services, compiled by Lenny Zeltser.

Inspect domains and IP addresses.

• Desenmascara.me - One click tool to retrieve as much metadata as possible for a website and to assess its good standing.
• Dig - Free online dig and other network tools.
• IPinfo - Gather information about an IP or domain by searching online resources.
• MaltegoVT - Maltego transform for the VirusTotal API. Allows domain/IP research, and searching for file hashes and scan reports.
• SenderBase - Search for IP, domain or network owner.
• SpamCop - IP based spam block list.
• SpamHaus - Block list based on domains and IPs.
• Sucuri SiteCheck - Free Website Malware and Security Scanner.
• TekDefense Automator - OSINT tool for gatherig information about URLs, IPs, or hashes.
• URLQuery - Free URL Scanner.
• Whois - DomainTools free online whois search.
• Zeltser's List - Free online tools for researching malicious websites, compiled by Lenny Zeltser.
• ZScalar Zulu - Zulu URL Risk Analyzer.

Analyze malicious URLs. See also the domain analysis and documents and shellcode sections.

• Firebug - Firefox extension for web development.
• Java Decompiler - Decompile and inspect Java apps.
• Java IDX Parser - Parses Java IDX cache files.
• JSDetox - JavaScript malware analysis tool.
• jsunpack-n - A javascript unpacker that emulates browser functionality.
• Malzilla - Analyze malicious web pages.
• RABCDAsm - A "Robust ActionScript Bytecode Disassembler."
• swftools - Tools for working with Adobe Flash files.
• xxxswf - A Python script for analyzing Flash files.

Analyze malicious JS and shellcode from PDFs and Office documents. See also the browser malware section.

• AnalyzePDF - A tool for analyzing PDFs and attempting to determine whether they are malicious.
• diStorm - Disassembler for analyzing malicious shellcode.
• JS Beautifier - JavaScript unpacking and deobfuscation.
• JS Deobfuscator - Deobfuscate simple Javascript that use eval or document.write to conceal its code.
• libemu - Library and tools for x86 shellcode emulation.
• malpdfobj - Deconstruct malicious PDFs into a JSON representation.
• OfficeMalScanner - Scan for malicious traces in MS Office documents.
• olevba - A script for parsing OLE and OpenXML documents and extracting useful information.
• Origami PDF - A tool for analyzing malicious PDFs, and more.
• PDF Tools - pdfid, pdf-parser, and more from Didier Stevens.
• PDF X-Ray Lite - A PDF analysis tool, the backend-free version of PDF X-RAY.
• peepdf - Python tool for exploring possibly malicious PDFs.
• Spidermonkey - Mozilla's JavaScript engine, for debugging malicious JS.

For extracting files from inside disk and memory images.

• bulk_extractor - Fast file carving tool.
• EVTXtract - Carve Windows Event Log files from raw binary data.
• Foremost - File carving tool designed by the US Air Force.
• Hachoir - A collection of Python libraries for dealing with binary files.
• Scalpel - Another data carving tool.

Reverse XOR and other code obfuscation methods.

• Balbuzard - A malware analysis tool for reversing obfuscation (XOR, ROL, etc) and more.
• de4dot - .NET deobfuscator and unpacker.
• ex_pe_xor & iheartxor - Two tools from Alexander Hanel for working with single-byte XOR encoded files.
• NoMoreXOR - Guess a 256 byte XOR key using frequency analysis.
• PackerAttacker - A generic hidden code extractor for Windows malware.
• unxor - Guess XOR keys using known-plaintext attacks.
• VirtualDeobfuscator - Reverse engineering tool for virtualization wrappers.
• XORBruteForcer - A Python script for brute forcing single-byte XOR keys.
• XORSearch & XORStrings - A couple programs from Didier Stevens for finding XORed data.
• xortool - Guess XOR key length, as well as the key itself.

Disassemblers, debuggers, and other static and dynamic analysis tools.

• angr - Platform-agnostic binary analysis framework developed at UCSB's Seclab.
• BARF - Multiplatform, open source Binary Analysis and Reverse engineering Framework.
• binnavi - Binary analysis IDE for reverse engineering based on graph visualization.
• Bokken - GUI for Pyew and Radare.
• Capstone - Disassembly framework for binary analysis and reversing, with support for many architectures and bindings in several languages.
• codebro - Web based code browser using clang to provide basic code analysis.
• dnSpy - .NET assembly editor, decompiler and debugger.
• Evan's Debugger (EDB) - A modular debugger with a Qt GUI.
• GDB - The GNU debugger.
• GEF - GDB Enhanced Features, for exploiters and reverse engineers.
• hackers-grep - A utility to search for strings in PE executables including imports, exports, and debug symbols.
• IDA Pro - Windows disassembler and debugger, with a free evaluation version.
• Immunity Debugger - Debugger for malware analysis and more, with a Python API.
• ltrace - Dynamic analysis for Linux executables.
• objdump - Part of GNU binutils, for static analysis of Linux binaries.
• OllyDbg - An assembly-level debugger for Windows executables.
• PANDA - Platform for Architecture-Neutral Dynamic Analysis
• PEDA - Python Exploit Development Assistance for GDB, an enhanced display with added commands.
• pestudio - Perform static analysis of Windows executables.
• Process Monitor - Advanced monitoring tool for Windows programs.
• Pyew - Python tool for malware analysis.
• Radare2 - Reverse engineering framework, with debugger support.
• SMRT - Sublime Malware Research Tool, a plugin for Sublime 3 to aid with malware analyis.
• strace - Dynamic analysis for Linux executables.
• Udis86 - Disassembler library and tool for x86 and x86_64.
• Vivisect - Python tool for malware analysis.
• X64dbg - An open-source x64/x32 debugger for windows.

Analyze network interactions.

• Bro - Protocol analyzer that operates at incredible scale; both file and network protocols.
• BroYara - Use Yara rules from Bro.
• CapTipper - Malicious HTTP traffic explorer.
• chopshop - Protocol analysis and decoding framework.
• Fiddler - Intercepting web proxy designed for "web debugging."
• Hale - Botnet C&C monitor.
• INetSim - Network service emulation, useful when building a malware lab.
• Malcom - Malware Communications Analyzer.
• Maltrail - A malicious traffic detection system, utilizing publicly available (black)lists containing malicious and/or generally suspicious trails and featuring an reporting and analysis interface.
• mitmproxy - Intercept network traffic on the fly.
• Moloch - IPv4 traffic capturing, indexing and database system.
• NetworkMiner - Network forensic analysis tool, with a free version.
• ngrep - Search through network traffic like grep.
• PcapViz - Network topology and traffic visualizer.
• Tcpdump - Collect network traffic.
• tcpick - Trach and reassemble TCP streams from network traffic.
• tcpxtract - Extract files from network traffic.
• Wireshark - The network traffic analysis tool.

Tools for dissecting malware in memory images or running systems.

• DAMM - Differential Analysis of Malware in Memory, built on Volatility
• FindAES - Find AES encryption keys in memory.
• Muninn - A script to automate portions of analysis using Volatility, and create a readable report.
• Rekall - Memory analysis framework, forked from Volatility in 2013.
• TotalRecall - Script based on Volatility for automating various malware analysis tasks.
• VolDiff - Run Volatility on memory images before and after malware execution, and report changes.
• Volatility - Advanced memory forensics framework.
• WinDbg - Live memory inspection and kernel debugging for Windows systems.

• AChoir - A live incident response script for gathering Windows artifacts.
• python-evt - Python library for parsing Windows Event Logs.
• python-registry - Python library for parsing registry files.
• RegRipper (GitHub) - Plugin-based registry analysis tool.

• Aleph - OpenSource Malware Analysis Pipeline System.
• CRITs - Collaborative Research Into Threats, a malware and threat repository.
• Malwarehouse - Store, tag, and search malware.
• Viper - A binary management and analysis framework for analysts and researchers.

• DC3-MWCP - The Defense Cyber Crime Center's Malware Configuration Parser framework.
• Pafish - Paranoid Fish, a demonstration tool that employs several techniques to detect sandboxes and analysis environments in the same way as malware families do.
• REMnux - Linux distribution and docker images for malware reverse engineering and analysis.
• Santoku Linux - Linux distribution for mobile forensics, malware analysis, and security.

Essential malware analysis reading material.

• Malware Analyst's Cookbook and DVD - Tools and Techniques for Fighting Malicious Code.
• Practical Malware Analysis - The Hands-On Guide to Dissecting Malicious Software.
• The Art of Memory Forensics - Detecting Malware and Threats in Windows, Linux, and Mac Memory.
• The IDA Pro Book - The Unofficial Guide to the World's Most Popular Disassembler.

Some relevant Twitter accounts.

• Adamb @Hexacorn
• Andrew Case @attrc
• Claudio @botherder
• Dustin Webber @mephux
• Glenn @hiddenillusion
• jekil @jekil
• Jurriaan Bremer @skier_t
• Lenny Zeltser @lennyzeltser
• Liam Randall @hectaman
• Mark Schloesser @repmovsb
• Michael Ligh (MHL) @iMHLv2
• Open Malware @OpenMalware
• Richard Bejtlich @taosecurity
• Volatility @volatility

• APT Notes - A collection of papers and notes related to Advanced Persistent Threats.
• Honeynet Project - Honeypot tools, papers, and other resources.
• Malicious Software - Malware blog and resources by Lenny Zeltser.
• Malware Analysis Search - Custom Google search engine from Corey Harrell.
• WindowsIR: Malware - Harlan Carvey's page on Malware.
• /r/csirt_tools - Subreddit for CSIRT tools and resources, with a malware analysis flair.
• /r/Malware - The malware subreddit.
• /r/ReverseEngineering - Reverse engineering subreddit, not limited to just malware.
• Malware Samples and Traffic - This blog focuses on network traffic related to malware infections.

• Online Resources
  • Penetration Testing Resources
  • Shellcode development
  • Social Engineering Resources
  • Lock Picking Resources
• Tools
  • Penetration Testing Distributions
  • Basic Penetration Testing Tools
  • Vulnerability Scanners
  • Network Tools
  • Wireless Network Tools
  • SSL Analysis Tools
  • Hex Editors
  • Crackers
  • Windows Utils
  • DDoS Tools
  • Social Engineering Tools
  • OSInt Tools
  • Anonimity Tools
  • Reverse Engineering Tools
• Books
  • Penetration Testing Books
  • Hackers Handbook Series
  • Network Analysis Books
  • Reverse Engineering Books
  • Malware Analysis Books
  • Windows Books
  • Social Engineering Books
  • Lock Picking Books
• Vulnerability Databases
• Security Courses
• Information Security Conferences
• Information Security Magazines

• Metasploit Unleashed - Free Offensive Security metasploit course
• PTES - Penetration Testing Execution Standard
• OWASP - Open Web Application Security Project

• Shellcode Tutorials - Tutorials on how to write shellcode
• Shellcode Examples - Shellcodes database

• Social Engineering Framework - An information resource for social engineers

• Schuyler Towne channel - Lockpicking videos and security talks
• /r/lockpicking - Resources for learning lockpicking, equipment recommendations.

• Kali - A Linux distribution designed for digital forensics and penetration testing
• BlackArch - Arch Linux-based distribution for penetration testers and security researchers
• NST - Network Security Toolkit distribution
• Pentoo - security-focused livecd based on Gentoo
• BackBox - Ubuntu-based distribution for penetration tests and security assessments

• Metasploit Framework - World's most used penetration testing software
• Burp Suite - An integrated platform for performing security testing of web applications
• ExploitPack - Graphical tool for penetration testing with a bunch of exploits

• Netsparker - Web Application Security Scanner
• Nexpose - Vulnerability Management & Risk Management Software
• Nessus - Vulnerability, configuration, and compliance assessment
• Nikto - Web application vulnerability scanner
• OpenVAS - Open Source vulnerability scanner and manager
• OWASP Zed Attack Proxy - Penetration testing tool for web applications
• Secapps - Integrated web application security testing environment
• w3af - Web application attack and audit framework
• Wapiti - Web application vulnerability scanner
• WebReaver - Web application vulnerability scanner for Mac OS X

• nmap - Free Security Scanner For Network Exploration & Security Audits
• tcpdump/libpcap - A common packet analyzer that runs under the command line
• Wireshark - A network protocol analyzer for Unix and Windows
• Network Tools - Different network tools: ping, lookup, whois, etc
• netsniff-ng - A Swiss army knife for for network sniffing
• Intercepter-NG - a multifunctional network toolkit
• SPARTA - Network Infrastructure Penetration Testing Tool

• Aircrack-ng - a set of tools for auditing wireless network
• Kismet - Wireless network detector, sniffer, and IDS
• Reaver - Brute force attack against Wifi Protected Setup

• SSLyze - SSL configuration scanner
• sslstrip - a demonstration of the HTTPS stripping attacks

• HexEdit.js - Browser-based hex editing

• John the Ripper - Fast password cracker
• Online MD5 cracker - Online MD5 hash Cracker

• Sysinternals Suite - The Sysinternals Troubleshooting Utilities
• Windows Credentials Editor - security tool to list logon sessions and add, change, list and delete associated credentials
• mimikatz - Credentials extraction tool for Windows OS

• LOIC - An open source network stress tool for Windows
• JS LOIC - JavaScript in-browser version of LOIC

• SET - The Social-Engineer Toolkit from TrustedSec

• Maltego - Proprietary software for open source intelligence and forensics, from Paterva.

• Tor - The free software for enabling onion routing online anonymity
• I2P - The Invisible Internet Project

• IDA Pro - A Windows, Linux or Mac OS X hosted multi-processor disassembler and debugger
• IDA Free - The freeware version of IDA v5.0
• WDK/WinDbg - Windows Driver Kit and WinDbg
• OllyDbg - An x86 debugger that emphasizes binary code analysis
• Radare2 - Opensource, crossplatform reverse engineering framework.
• x64_dbg - An open-source x64/x32 debugger for windows.
• Pyew - A Python tool for static malware analysis.
• Bokken - GUI for Pyew Radare2.
• Immunity Debugger - A powerful new way to write exploits and analyze malware
• Evan's Debugger - OllyDbg-like debugger for Linux

• The Art of Exploitation by Jon Erickson, 2008
• Metasploit: The Penetration Tester's Guide by David Kennedy and others, 2011
• Penetration Testing: A Hands-On Introduction to Hacking by Georgia Weidman, 2014
• Rtfm: Red Team Field Manual by Ben Clark, 2014
• The Hacker Playbook by Peter Kim, 2014
• The Basics of Hacking and Penetration Testing by Patrick Engebretson, 2013
• Professional Penetration Testing by Thomas Wilhelm, 2013
• Advanced Penetration Testing for Highly-Secured Environments by Lee Allen,2012
• Violent Python by TJ O'Connor, 2012
• Fuzzing: Brute Force Vulnerability Discovery by Michael Sutton, Adam Greene, Pedram Amini, 2007
• Black Hat Python: Python Programming for Hackers and Pentesters, 2014
• Penetration Testing: Procedures & Methodologies (EC-Council Press),2010

• The Shellcoders Handbook by Chris Anley and others, 2007
• The Web Application Hackers Handbook by D. Stuttard, M. Pinto, 2011
• iOS Hackers Handbook by Charlie Miller and others, 2012
• Android Hackers Handbook by Joshua J. Drake and others, 2014
• The Browser Hackers Handbook by Wade Alcorn and others, 2014
• The Mobile Application Hackers Handbook by Dominic Chell and others, 2015

• Nmap Network Scanning by Gordon Fyodor Lyon, 2009
• Practical Packet Analysis by Chris Sanders, 2011
• Wireshark Network Analysis by by Laura Chappell, Gerald Combs, 2012

• Reverse Engineering for Beginners by Dennis Yurichev (free!)
• The IDA Pro Book by Chris Eagle, 2011
• Practical Reverse Engineering by Bruce Dang and others, 2014
• Reverse Engineering for Beginners

• Practical Malware Analysis by Michael Sikorski, Andrew Honig, 2012
• The Art of Memory Forensics by Michael Hale Ligh and others, 2014
• Malware Analyst's Cookbook and DVD by Michael Hale Ligh and others, 2010

• Windows Internals by Mark Russinovich, David Solomon, Alex Ionescu

• The Art of Deception by Kevin D. Mitnick, William L. Simon, 2002
• The Art of Intrusion by Kevin D. Mitnick, William L. Simon, 2005
• Ghost in the Wires by Kevin D. Mitnick, William L. Simon, 2011
• No Tech Hacking by Johnny Long, Jack Wiles, 2008
• Social Engineering: The Art of Human Hacking by Christopher Hadnagy, 2010
• Unmasking the Social Engineer: The Human Element of Security by Christopher Hadnagy, 2014
• Social Engineering in IT Security: Tools, Tactics, and Techniques by Sharon Conheady, 2014

• Practical Lock Picking by Deviant Ollam, 2012
• Keys to the Kingdom by Deviant Ollam, 2012
• CIA Lock Picking Field Operative Training Manual
• Lock Picking: Detail Overkill by Solomon
• Eddie the Wire books

• NVD - US National Vulnerability Database
• CERT - US Computer Emergency Readiness Team
• OSVDB - Open Sourced Vulnerability Database
• Bugtraq - Symantec SecurityFocus
• Exploit-DB - Offensive Security Exploit Database
• Fulldisclosure - Full Disclosure Mailing List
• MS Bulletin - Microsoft Security Bulletin
• MS Advisory - Microsoft Security Advisories
• Inj3ct0r - Inj3ct0r Exploit Database
• Packet Storm - Packet Storm Global Security Resource
• SecuriTeam - Securiteam Vulnerability Information
• CXSecurity - CSSecurity Bugtraq List
• Vulnerability Laboratory - Vulnerability Research Laboratory
• ZDI - Zero Day Initiative

• Offensive Security Training - Training from BackTrack/Kali developers
• SANS Security Training - Computer Security Training & Certification
• Open Security Training - Training material for computer security classes
• CTF Field Guide - everything you need to win your next CTF competition
• Cybrary - online IT and Cyber Security training platform

• DEF CON - An annual hacker convention in Las Vegas
• Black Hat - An annual security conference in Las Vegas
• BSides - A framework for organising and holding security conferences
• CCC - An annual meeting of the international hacker scene in Germany
• DerbyCon - An annual hacker conference based in Louisville
• PhreakNIC - A technology conference held annually in middle Tennessee
• ShmooCon - An annual US east coast hacker convention
• CarolinaCon - An infosec conference, held annually in North Carolina
• HOPE - A conference series sponsored by the hacker magazine 2600
• SummerCon - One of the oldest hacker conventions, held during Summer
• Hack.lu - An annual conference held in Luxembourg
• HITB - Deep-knowledge security conference held in Malaysia and The Netherlands
• Troopers - Annual international IT Security event with workshops held in Heidelberg, Germany
• Hack3rCon - An annual US hacker conference
• ThotCon - An annual US hacker conference held in Chicago
• LayerOne - An annual US security conerence held every spring in Los Angeles
• DeepSec - Security Conference in Vienna, Austria
• SkyDogCon - A technology conference in Nashville
• SECUINSIDE - Security Conference in Seoul
• DefCamp - Largest Security Conference in Eastern Europe, held anually in Bucharest, Romania

• 2600: The Hacker Quarterly - An American publication about technology and computer "underground"
• Phrack Magazine - By far the longest running hacker zine

• System
  • Tutorials
  • Tools
  • General
• Reverse Engineering
  • Tutorials
  • Tools
  • General
• Web
  • Tutorials
  • Tools
• Network
  • Tutorials
  • Tools
• Forensic
  • Tutorials
  • Tools
• Cryptography
  • Tutorials
  • Tools
• Wargame
  • System
  • Reverse Engineering
  • Web
  • Network
  • Forensic
  • Cryptography
• CTF
  • Competition
  • General
• General

• xortool - A tool to analyze multi-byte xor cipher
• John the Ripper - A fast password cracker
• Aircrack - Aircrack is 802.11 WEP and WPA-PSK keys cracking program.