External Resources
This page collects useful external resources for deepening your understanding of course topics.
Practice Platforms
Interactive Labs
-
TryHackMe — Interactive learning platform with guided paths
-
HackTheBox — Vulnerable machines and security challenges
-
OverTheWire — Wargames for learning security from the terminal
-
PicoCTF — Educational CTF competition from Carnegie Mellon
Vulnerable Applications
-
DVWA — Damn Vulnerable Web Application
-
OWASP Juice Shop — Modern vulnerable web application
-
Metasploitable 2 — Intentionally vulnerable virtual machine
-
WebGoat — OWASP platform for learning web security
Tools by Category
OSINT
- theHarvester — Email, subdomain, and host collection
- Maltego CE — Entity relationship visualization
- Shodan — Internet-connected device search engine
- Google Hacking Database — Advanced search dorks
Network Analysis
- Wireshark — Network traffic analysis with GUI
- tcpdump — Command-line packet capture
- Nmap — Port scanning and service discovery
Reverse Engineering and Binary Analysis
- Ghidra — NSA disassembler and decompiler
- Radare2 / Cutter — Reverse engineering framework with GUI
- GDB + pwndbg — Debugger with exploitation extensions
Cryptography
- CyberChef — Swiss army knife for cryptographic operations
- OpenSSL — Command-line cryptography toolkit
- GPG — Asymmetric encryption and digital signing
Pentesting
- Metasploit Framework — Exploitation framework
- Burp Suite Community — HTTP proxy for web testing
- sqlmap — SQL injection automation
Code Analysis
- Bandit — SAST for Python
- Semgrep — Multi-language static analysis
- Flawfinder — C/C++ code analysis
Digital Forensics
- Autopsy / Sleuth Kit — Disk forensic analysis suite
- Volatility — RAM forensic analysis
- Foremost — Deleted file recovery
DevSecOps
- Trivy — Container vulnerability analysis
- GitHub Actions — CI/CD pipeline automation
Frameworks and Standards
-
OWASP Top 10 — Critical web application vulnerabilities
-
MITRE ATT&CK — Attacker tactics and techniques knowledge base
-
NIST Cybersecurity Framework
-
PTES — Penetration Testing Execution Standard
-
OSSTMM — Open Source Security Testing Methodology Manual
-
CIS Controls — Prioritized security controls
Learning Resources
Online Courses
-
Cybrary — Cybersecurity courses
-
SANS Cyber Aces — Security fundamentals
-
Open Security Training — Advanced technical materials
-
PortSwigger Web Security Academy — Interactive web security
Recommended Reading
- “The Web Application Hacker’s Handbook” — Dafydd Stuttard, Marcus Pinto
- “Hacking: The Art of Exploitation” — Jon Erickson
- “Practical Malware Analysis” — Michael Sikorski, Andrew Honig
- “The Art of Invisibility” — Kevin Mitnick
- “Penetration Testing” — Georgia Weidman
News and Current Events
-
Krebs on Security
-
The Hacker News
-
Ars Technica Security
Vulnerability Databases
-
Exploit-DB — Public exploit database
-
CVE Details — CVE vulnerability details
-
VirusTotal — Suspicious file and URL analysis
-
Have I Been Pwned — Data breach verification
Organizations
-
OWASP — Open Web Application Security Project
-
SANS Institute
-
NIST — National Institute of Standards and Technology