Curated References

The most comprehensive penetration testing reference. Covers every protocol, service, and technique with real commands.

Massive collection of payloads for web vulnerabilities — SQLi, XSS, SSRF, XXE, LFI, RCE, and more.

Unix binaries that can be abused to bypass local security restrictions. Essential for Linux privilege escalation.

Active Directory and internal network pentest cheatsheet from the creator of PayloadsAllTheThings.

Living Off The Land Binaries — Windows binaries for execution, download, and defense bypass without dropping tools.

Generate reverse shell one-liners for any language and listener configuration instantly.

The Cyber Swiss Army Knife — encode, decode, encrypt, analyse, and transform data entirely in the browser.

Red team notes covering offensive techniques, persistence, lateral movement, credential access, and evasion.

Industry-standard penetration testing labs. Machines, challenges, and Pro Labs covering all skill levels.

Browser-based learning paths from beginner to advanced. Structured rooms with guided content and free tier.

Free, world-class web security training from the makers of Burp Suite. Covers every OWASP category in depth.

OffSec's curated lab environment with retired and active machines. Direct preparation for OSCP.

Hundreds of challenges across web, network, reverse engineering, and cryptography. Free tier available.

Downloadable vulnerable VMs for offline practice. Hundreds of machines from the community.

Hands-on web vulnerability labs with badges. Great for systematic web application security skill-building.

Deliberately insecure web application for learning. Run locally to practice OWASP Top 10 vulnerabilities.

Knowledge base of adversary tactics, techniques, and procedures based on real-world breach observations.

Archive of exploits and vulnerable software maintained by Offensive Security. Searchable by product, CVE, or platform.

National Vulnerability Database. Search CVEs with CVSS scores, patch status, and references.

The standard awareness document for web application security risks. Updated regularly based on real breach data.

Community-rated CVE assessments. Security professionals score exploitability and real-world impact of known vulnerabilities.

Penetration Testing Execution Standard — defines methodology and scope for professional engagements.

Comprehensive methodology for testing web application security. Covers every category with test cases.

Official Kali Linux tool index. Full package list with descriptions and usage examples.

Search engine for internet-connected devices. Find exposed services, banners, and default credentials across the internet.

Visual map of OSINT tools organized by objective. Covers email, username, IP, domain, and social media.

Internet-wide scanning and certificate transparency search. Port/service data across the full IPv4 space.

Historical snapshots of websites. Find old endpoints, sensitive files, and removed content.

Free DNS recon and research tool. Discovers hosts, DNS records, and maps attack surface.

Technology profiling for websites — CMS, frameworks, hosting providers, analytics, and more.

Custom OSINT search tools by Michael Bazzell. Social media, email, username, and domain lookups.

The most comprehensive collection of security wordlists — passwords, usernames, URLs, fuzzing payloads, and more.

Massive pre-computed lookup tables for cracking unsalted hashes. Supports MD5, SHA1, SHA256, and NTLM.

Curated collection of wordlists sorted by usefulness. Download specific lists for targeted password attacks.

Attack patterns and primitive injection payloads for testing web applications and network services.

Sorted and analysed real-world password lists optimised for cracking efficiency via frequency analysis.

Modern evolved password lists derived from data breaches. Essential for realistic password cracking scenarios.

Global CTF event calendar and team rankings. Track upcoming competitions and read past writeups.

Video walkthroughs of every retired HTB machine. Best resource for learning methodology through observation.

In-depth HTB and CTF writeups with exceptional technical detail. Best written walkthroughs available.

Carnegie Mellon's beginner CTF platform. Permanent access to thousands of challenges across all categories.

Fun challenges for learning modern cryptography. Covers RSA, elliptic curves, symmetric ciphers, and protocols.

ASU's free binary exploitation dojo. Structured modules on assembly, memory exploitation, ROP, and kernel security.

Affordable, practical security courses from industry professionals. Covers pentest, AD attacks, and PNPT certification.

Bug bounty hunter sharing recon techniques, tooling mindset, and real hunting sessions. Great for web testers.

Bug bounty and web hacking videos. Live hacking sessions, tool breakdowns, and real-world methodology.

The OSCP course syllabus — a professional penetration testing curriculum and methodology roadmap.

High-signal security news, research papers, and vulnerability disclosures. Low noise, professional community.

Community for those learning offensive and defensive security. Certifications, labs, and career advice.