# Information Security Cheat Sheet This is a recollection of links and resources I have found / been told about over the years. I developed this post in the hope to map out good resources in the industry, facilitating the spread of knowledge, no matter the skill level. If any errors are spotted, or any links need adding / updating / removing. Please contact me via Twitter @SecGus (https://twitter.com/SecGus). ## Personal Contributions - MySQL Blind SQL Injection using Binary queries and REGEXP - https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/SQL%20Injection/MySQL%20Injection.md#mysql-blind-sql-injection-binary-query-using-regexp - MySQL Blind SQL Injection in Order By clause - https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/SQL%20Injection/MySQL%20Injection.md#mysql-blind-sql-injection-in-order-by-clause-using-a-binary-query-and-regexp ## CTF Pages __The King Of CTF Pages__ - https://ctftime.org/ 247CTF - https://247ctf.com HackTheBox - https://hackthebox.eu/ RootMe - https://root-me.org/ 0x0539 - https://0x0539.net/ Laptop Hacking Coffee - https://ctf.laptophackingcoffee.org/ pwnable tw - http://pwnable.tw/ (Only BinExp) pwnable kr - http://pwnable.kr/ (Only BinExp) PicoCTF - https://picoctf.com/ (Beginner friendly) reversing kr - http://reversing.kr/ The Stereotyped Challenges - https://chall.stypr.com/ SDSLabs CTF - https://backdoor.sdslabs.co/ ## Payload Cheat Sheets PayloadsAllTheThings - https://github.com/swisskyrepo/PayloadsAllTheThings BurpSuite XSS Cheat Sheet - https://portswigger.net/web-security/cross-site-scripting/cheat-sheet ## OSCP Preparation Sam's Review / Guide - https://coffeejunkie.me/OSCP-Exam-Overview/ R4J Buffer Overflow - https://github.com/r4j0x00/oscp-like-stack-buffer-overflow Computerphile BoF Explanation - https://www.youtube.com/watch?v=1S0aBV-Waeo g0tm1lk Linux Priv Esc Cheat Sheet - https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/ Windows Priv Esc - https://www.absolomb.com/2018-01-26-Windows-Privilege-Escalation-Guide/ Windows Priv Esc (built around OSCP) - https://sushant747.gitbooks.io/total-oscp-guide/privilege_escalation_windows.html ## SAST Practice Pages Secure Code Warrior - https://securecodewarrior.com/ ExploitDB (May require imagination) - https://www.exploit-db.com/ ## All Around Practical Learning (non-competitive) OWASP Juice Shop - https://owasp.org/www-project-juice-shop/ Pentester Labs - https://pentesterlab.com/ OverTheWire - https://overthewire.org/ (Beginner friendly) Pentester Academy - https://www.pentesteracademy.com/ PortSwigger Labs - https://portswigger.net/web-security OverTheWire - http://www.overthewire.org/ CTFLearn - http://ctflearn.com/ VulnHub - http://vulnhub.com/ Hacker101 - https://www.hacker101.com/ OSINTme - https://osintme.com/ ## All Around Theory Learning (non-competitive) OWASP - https://owasp.org/ BurpSuite Research - https://portswigger.net/research HumbleBundle Cyber Security Books - https://www.humblebundle.com/books/cybersecurity-2020-wiley-books?hmb_source=navbar&hmb_medium=product_tile&hmb_campaign=tile_index_4 Free SANS courses for the fundamentals - https://www.cyberaces.org/courses.html ## Relevant Blogs / Podcasts Security Weekly - https://securityweekly.com/category-shows/application-security-weekly/ Darknet Diaries - https://darknetdiaries.com/ TheManyHatsClub - https://themanyhats.club/ 0x00Sec (Community Blog) - https://0x00sec.org/ Secret Club - https://secret.club/ g0tm1lk - https://blog.g0tmi1k.com/ Cybering - https://cybering.cc/ ## Twitch Hacking Channels (English) TheBlindHacker - https://www.twitch.tv/theblindhacker GeoHotz - https://www.twitch.tv/georgehotz LiveOverflow - https://www.twitch.tv/LiveOverflow ## Twitch Hacking Channels (Spanish) S4vitar - https://www.twitch.tv/s4vitaar ## Youtube Channels Pentesting (English) HackerSploit - https://www.youtube.com/channel/UC0ZTPkdxlAKf-V33tqXwi3Q IppSec - https://youtube.com/ippsec TheCyberMentor - https://www.youtube.com/channel/UC0ArlFuFYMpEewyRBzdLHiw LiveOverflow - https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w Computerphile - https://www.youtube.com/user/Computerphile ## Youtube Channels Pentesting (Spanish) Victor Garcia - https://www.youtube.com/channel/UCjNHFaBm_0-Mo749MB3A9cQ S4vitar - https://www.youtube.com/channel/UCNHWpNqiM8yOQcHXtsluD7Q Julio UreƱa - https://www.youtube.com/channel/UC2o1vzpUIvgf0VMJIMKZ_rQ ## Relevant Discord Servers and Communities TheManyHatsClub - https://discord.gg/infosec ThugCrowd - https://thugcrowd.com/ LaptopHackingCoffee - https://laptophackingcoffee.org/doku.php?id=start HackTheBox - https://discord.gg/hRXnCFA 0x00Sec - https://discord.gg/PHM9Wak (https://0x00sec.org) John Hammond Discord - https://discord.gg/Kgtnfw4 ReSwitched - https://discordapp.com/invite/ZdqEhed ur-hackr - https://ur-hackr.com/ ## Companies Offering Certificates ELearnSecurity - https://elearnsecurity.com/ Pentester Academy - https://www.pentesteracademy.com/ Offensive Security - https://www.offensive-security.com/ HackTheBox - https://hackthebox.eu/ ## Other Relevant Links The Cybrary - https://www.cybrary.it/ CyberFirst - https://www.ncsc.gov.uk/cyberfirst/ Mind Map Everything - https://www.amanhardikar.com/mindmaps.html Events around London - https://medium.com/@securestep9/cybersecurity-infosec-appsec-meetups-events-in-london-3688c4a42ea6 Razvi's List of Hacking Sites - https://razvioverflow.github.io/starthacking Peerlyst - https://www.peerlyst.com/ CTFs for beginners - https://twitter.com/JenF3rr_/status/1208577793359003648 HackerOne Bugbounty page - https://hackerone.com/ Using Twitter for InfoSec - https://dev.to/vickilanger/that-s-it-that-s-the-tweet-send-3e0h CVE feed from the mitre - https://cve.mitre.org/