🔸 pure-bash-bible – is a collection of pure bash alternatives to external processes.
🔸 pure-sh-bible – is a collection of pure POSIX sh alternatives to external processes.
🔸 bash-guide – is a guide to learn bash.
🔸 bash-handbook – for those who wanna learn Bash.
🔸 The Bash Hackers Wiki – hold documentation of any kind about GNU Bash.
🔸 Shell & Utilities – describes the commands offered to application programs by POSIX-conformant systems.
🔸 the-art-of-command-line – master the command line, in one page.
🔸 Shell Style Guide – a shell style guide for Google-originated open-source projects.
🔸 Vim Cheat Sheet – great multi language vim guide.
🔸 Awesome Python – a curated list of awesome Python frameworks, libraries, software and resources.
🔸 python-cheatsheet – comprehensive Python cheatsheet.
🔸 pythoncheatsheet.org – basic reference for beginner and advanced developers.
🔸 F’Awk Yeah! – advanced sed and awk usage (Parsing for Pentesters 3).
🔸 nixCraft – linux and unix tutorials for new and seasoned sysadmin.
🔸 TecMint – the ideal Linux blog for Sysadmins & Geeks.
🔸 Omnisecu – free Networking, System Administration and Security tutorials.
🔸 linux-cheat – Linux tutorials and cheatsheets. Minimal examples. Mostly user-land CLI utilities.
🔸 linuxupskillchallenge – learn the skills required to sysadmin.
🔸 Unix Toolbox – Unix/Linux/BSD commands and tasks which are useful for IT work or for advanced users.
🔸 Linux Kernel Teaching – is a collection of lectures and labs Linux kernel topics.
🔸 htop explained – explanation of everything you can see in htop/top on Linux.
🔸 Linux Guide and Hints – tutorials on system administration in Fedora and CentOS.
🔸 strace-little-book – a little book which introduces strace.
🔸 linux-tracing-workshop – examples and hands-on labs for Linux tracing tools workshops.
🔸 http2-explained – a detailed document explaining and documenting HTTP/2.
🔸 http3-explained – a document describing the HTTP/3 and QUIC protocols.
🔸 HTTP/2 in Action – an excellent introduction to the new HTTP/2 standard.
🔸 Let’s code a TCP/IP stack – great stuff to learn network and system programming at a deeper level.
🔸 Nginx Admin’s Handbook – how to improve NGINX performance, security and other important things.
🔸 nginxconfig.io – NGINX config generator on steroids.
🔸 openssh guideline – is to help operational teams with the configuration of OpenSSH server and client.
🔸 SSH Handshake Explained – is a relatively brief description of the SSH handshake.
🔸 ISC’s Knowledgebase – you’ll find some general information about BIND 9, ISC DHCP, and Kea DHCP.
🔸 PacketLife.net – a place to record notes while studying for Cisco’s CCNP certification.
🔸 AD-Attack-Defense – attack and defend active directory using modern post exploitation activity.
🔸 The System Design Primer – learn how to design large-scale systems.
🔸 Awesome Scalability – best practices in building High Scalability, High Availability, High Stability, and more.
🔸 Web Architecture 101 – the basic architecture concepts.
🔸 CIS Benchmarks – secure configuration settings for over 100 technologies, available as a free PDF.
🔸 Security Harden CentOS 7 – this walks you through the steps required to security harden CentOS.
🔸 CentOS 7 Server Hardening Guide – great guide for hardening CentOS; familiar with OpenSCAP.
🔸 awesome-security-hardening – is a collection of security hardening guides, tools and other resources.
🔸 The Practical Linux Hardening Guide – provides a high-level overview of hardening GNU/Linux systems.
🔸 Linux Hardening Guide – how to harden Linux as much as possible for security and privacy.
🔸 Hacking Articles – LRaj Chandel’s Security & Hacking Blog.
🔸 AWS security tools – make your AWS cloud environment more secure.
🔸 Rawsec’s CyberSecurity Inventory – an inventory of tools and resources about CyberSecurity.
🔸 The Illustrated TLS Connection – every byte of a TLS connection explained and reproduced.
🔸 SSL Research – SSL and TLS Deployment Best Practices by SSL Labs.
🔸 SELinux Game – learn SELinux by doing. Solve Puzzles, show skillz.
🔸 Certificates and PKI – everything you should know about certificates and PKI but are too afraid to ask.
🔸 The Art of Subdomain Enumeration – a reference for subdomain enumeration techniques.
🔸 Quitting Google – the comprehensive guide to quitting Google.
🔸 OWASP – worldwide not-for-profit charitable organization focused on improving the security of software.
🔸 OWASP ASVS 3.0.1 – OWASP Application Security Verification Standard Project.
🔸 OWASP ASVS 3.0.1 Web App – simple web app that helps developers understand the ASVS requirements.
🔸 OWASP ASVS 4.0 – is a list of application security requirements or tests.
🔸 OWASP Testing Guide v4 – includes a “best practice” penetration testing framework.
🔸 OWASP Dev Guide – this is the development version of the OWASP Developer Guide.
🔸 OWASP WSTG – is a comprehensive open source guide to testing the security of web apps.
🔸 OWASP API Security Project – focuses specifically on the top ten vulnerabilities in API security.
🔸 Mozilla Web Security – help operational teams with creating secure web applications.
🔸 security-bulletins – security bulletins that relate to Netflix Open Source.
🔸 API-Security-Checklist – security countermeasures when designing, testing, and releasing your API.
🔸 Enable CORS – enable cross-origin resource sharing.
🔸 Application Security Wiki – is an initiative to provide all application security related resources at one place.
🔸 Weird Proxies – reverse proxy related attacks; it is a result of analysis of various proxies.
🔸 Webshells – great series about malicious payloads.
🔸 Practical Web Cache Poisoning – show you how to compromise websites by using esoteric web features.
🔸 Hidden directories and files – as a source of sensitive information about web application.
🔸 Explosive blog – great blog about cybersec and pentests.
🔸 Security Cookies – this paper will take a close look at cookie security.
🔸 APISecurityBestPractices – help you keep secrets (API keys, db credentials, certificates) out of source code.
🔸 LZone Cheat Sheets – all cheat sheets.
🔸 Dan’s Cheat Sheets’s – massive cheat sheets documentation.
🔸 Rico’s cheatsheets – this is a modest collection of cheatsheets.
🔸 DevDocs API – combines multiple API documentations in a fast, organized, and searchable interface.
🔸 cheat.sh – the only cheat sheet you need.
🔸 gnulinux.guru – collection of cheat sheets about bash, vim and networking.
🔸 free-programming-books – list of free learning resources in many languages.
🔸 CTF Series : Vulnerable Machines – the steps below could be followed to find vulnerabilities and exploits.
🔸 50M_CTF_Writeup – $50 million CTF from Hackerone – writeup.
🔸 ctf-tasks – an archive of low-level CTF challenges developed over the years.
🔸 How to start RE/malware analysis? – collection of some hints and useful links for the beginners.
🔸 The C10K problem – it’s time for web servers to handle ten thousand clients simultaneously, don’t you think?
🔸 How 1500 bytes became the MTU of the internet – great story about the Maximum Transmission Unit.
🔸 poor man’s profiler – like dtrace’s don’t really provide methods to see what programs are blocking on.
🔸 HTTPS on Stack Overflow – this is the story of a long journey regarding the implementation of SSL.
🔸 Julia’s Drawings – some drawings about programming and unix world, zines about systems & debugging tools.
🔸 Hash collisions – this great repository is focused on hash collisions exploitation.
🔸 sha256-animation – animation of the SHA-256 hash function in your terminal.
🔸 BGP Meets Cat – after 3072 hours of manipulating BGP, Job Snijders has succeeded in drawing a Nyancat.
🔸 bgp-battleships – playing battleships over BGP.
🔸 What happens when… – you type google.com into your browser and press enter?
🔸 how-web-works – based on the ‘What happens when…’ repository.
🔸 HTTPS in the real world – great tutorial explain how HTTPS works in the real world.
🔸 Gitlab and NFS bug – how we spent two weeks hunting an NFS bug in the Linux kernel.
🔸 Gitlab melts down – postmortem on the database outage of January 31 2017 with the lessons we learned.
🔸 How To Become A Hacker – if you want to be a hacker, keep reading.
🔸 Operation Costs in CPU – should help to estimate costs of certain operations in CPU clocks.
🔸 Let’s Build a Simple Database – writing a sqlite clone from scratch in C.
🔸 simple-computer – great resource to understand how computers work under the hood.
🔸 The story of “Have I been pwned?” – working with 154 million records on Azure Table Storage.
🔸 TOP500 Supercomputers – shows the 500 most powerful commercially available computer systems known to us.
🔸 How to build a 8 GPU password cracker – any “black magic” or hours of frustration like desktop components do.
🔸 CERN Data Centre – 3D visualizations of the CERN computing environments (and more).
🔸 How fucked is my database – evaluate how fucked your database is with this handy website.
🔸 Linux Troubleshooting 101 , 2016 Edition – everything is a DNS Problem…
🔸 Five Whys – you know what the problem is, but you cannot solve it?
🔸 Maersk, me & notPetya – how did ransomware successfully hijack hundreds of domain controllers?
🔸 howhttps.works – how HTTPS works …in a comic!
🔸 howdns.works – a fun and colorful explanation of how DNS works.
🔸 POSTGRESQLCO.NF – your postgresql.conf documentation and recommendations.
Inspiring Lists [TOC]
🔸 Awesome Sysadmin – amazingly awesome open source sysadmin resources.
🔸 Awesome Shell – awesome command-line frameworks, toolkits, guides and gizmos.
🔸 Command-line-text-processing – finding text to search and replace, sorting to beautifying, and more.
🔸 Awesome Pcaptools – collection of tools developed by other researchers to process network traces.
🔸 awesome-ebpf – a curated list of awesome projects related to eBPF.
🔸 Linux Network Performance – where some of the network sysctl variables fit into the Linux/Kernel network flow.
🔸 Awesome Postgres – list of awesome PostgreSQL software, libraries, tools and resources.
🔸 quick-SQL-cheatsheet – a quick reminder of all SQL queries and examples on how to use them.
🔸 Awesome-Selfhosted – list of Free Software network services and web applications which can be hosted locally.
🔸 List of applications – huge list of apps sorted by category, as a reference for those looking for packages.
🔸 CS-Interview-Knowledge-Map – build the best interview map.
🔸 DevOps-Guide – DevOps Guide from basic to advanced with Interview Questions and Notes.
🔸 FreeBSD Journal – it is a great list of periodical magazines about FreeBSD and other important things.
🔸 devops-interview-questions – contains interview questions on various DevOps and SRE related topics.
🔸 Web Developer Roadmap – roadmaps, articles and resources to help you choose your path, learn and improve.
🔸 Front-End-Checklist – the perfect Front-End Checklist for modern websites and meticulous developers.
🔸 Front-End-Performance-Checklist – Front-End Performance Checklist that runs faster than the others.
🔸 Python’s Magic Methods – what are magic methods? They’re everything in object-oriented Python.
🔸 wtfpython – a collection of surprising Python snippets and lesser-known features.
🔸 js-dev-reads – a list of books and articles for the discerning web developer to read.
🔸 Commit messages guide – a guide to understand the importance of commit messages.
🔸 Awesome Web Security – a curated list of Web Security materials and resources.
🔸 awesome-cyber-skills – a curated list of hacking environments where you can train your cyber skills.
🔸 awesome-devsecops – an authoritative list of awesome devsecops tools.
🔸 awesome-osint – is a curated list of amazingly awesome OSINT.
🔸 HolyTips – tips and tutorials on Bug Bounty Hunting and Web App Security.
🔸 awesome-threat-intelligence – a curated list of Awesome Threat Intelligence resources.
🔸 Red-Teaming-Toolkit – a collection of open source and commercial tools that aid in red team operations.
🔸 awesome-burp-extensions – a curated list of amazingly awesome Burp Extensions.
🔸 Free Security eBooks – list of a Free Security and Hacking eBooks.
🔸 Hacking-Security-Ebooks – top 100 Hacking & Security E-Books.
🔸 privacy-respecting – curated list of privacy respecting services and software.
🔸 reverse-engineering – list of awesome reverse engineering resources.
🔸 linux-re-101 – a collection of resources for linux reverse engineering.
🔸 reverseengineering-reading-list – a list of Reverse Engineering articles, books, and papers.
🔸 Awesome-WAF – a curated list of awesome web-app firewall (WAF) stuff.
🔸 awesome-shodan-queries – interesting, funny, and depressing search queries to plug into shodan.io.
🔸 RobotsDisallowed – a curated list of the most common and most interesting robots.txt disallowed directories.
🔸 HackingNeuralNetworks – is a small course on exploiting and defending neural networks.
🔸 wildcard-certificates – why you probably shouldn’t use a wildcard certificate.
🔸 Don’t use VPN services – which is what every third-party “VPN provider” does.
🔸 awesome-yara – a curated list of awesome YARA rules, tools, and people.
🔸 macOS-Security-and-Privacy-Guide – guide to securing and improving privacy on macOS.
🔸 macos_security – macOS Security Compliance Project.
🔸 awesome-sec-talks – is a collected list of awesome security talks.
🔸 Movies for Hackers – list of movies every hacker & cyberpunk must watch.
🔸 Cryptography_1 – materials used whilst taking Prof. Dan Boneh Stanford Crypto course.
🔸 Crypton – library to learn and practice Offensive and Defensive Cryptography.
🔸 Cheatography – over 3,000 free cheat sheets, revision aids and quick references.
🔸 awesome-static-analysis – static analysis tools for all programming languages.
🔸 computer-science – path to a free self-taught education in Computer Science.
🔸 post-mortems – is a collection of postmortems (config errors, hardware failures, and more).
🔸 build-your-own-x – build your own (insert technology here).
🔸 Project-Based-Tutorials-in-C – is a curated list of project-based tutorials in C.
🔸 The-Documentation-Compendium – various README templates & tips on writing high-quality documentation.
🔸 awesome-python-applications – free software that works great, and also happens to be open-source Python.
🔸 awesome-public-datasets – a topic-centric list of HQ open datasets.
🔸 machine-learning-algorithms – a curated list of all machine learning algorithms and concepts.
🔸 Comparing C to machine lang – compare a simple C app with the compiled machine code of that program.
🔸 Brendan Gregg’s Blog – is an industry expert in computing performance and cloud computing.
🔸 Gynvael “GynDream” Coldwind – is a IT security engineer at Google.
🔸 Michał “lcamtuf” Zalewski – white hat hacker, computer security expert.
🔸 Mattias Geniar – developer, sysadmin, blogger, podcaster and public speaker.
🔸 Nick Craver – software developer and systems administrator for Stack Exchange.
🔸 Scott Helme – security researcher, speaker and founder of securityheaders.com and report-uri.com.
🔸 Brian Krebs – The Washington Post and now an Independent investigative journalist.
🔸 Bruce Schneier – is an internationally renowned security technologist, called a “security guru”.
🔸 Chrissy Morgan – advocate of practical learning, Chrissy also takes part in bug bounty programs.
🔸 Andy Gill – is a hacker at heart who works as a senior penetration tester.
🔸 Daniel Miessler – cybersecurity expert and writer.
🔸 Samy Kamkar – is an American privacy and security researcher, computer hacker.
🔸 Javvad Malik – is a security advocate at AlienVault, a blogger event speaker and industry commentator.
🔸 Graham Cluley – public speaker and independent computer security analyst.
🔸 Kacper Szurek – detection engineer at ESET.
🔸 Troy Hunt – web security expert known for public education and outreach on security topics.
🔸 raymii.org – sysadmin specializing in building high availability cloud environments.
🔸 Robert Penz – IT security expert.
🔸 Linux Audit – the Linux security blog about auditing, hardening and compliance by Michael Boelen.
🔸 Linux Security Expert – trainings, howtos, checklists, security tools, and more.
🔸 The Grymoire – collection of useful incantations for wizards, be you computer wizards, magicians, or whatever.
🔸 Secjuice – is the only non-profit, independent and volunteer led publication in the information security space.
🔸 Decipher – security news that informs and inspires.
🔸 Tenable Podcast – conversations and interviews related to Cyber Exposure, and more.
🔸 Sophos – threat news room, giving you news, opinion, advice and research on computer security issues.
🔸 Tripwire State of Security – blog featuring the latest news, trends and insights on current security issues.
🔸 Malwarebytes Labs Blog – security blog aims to provide insider news about cybersecurity.
🔸 TrustedSec – latest news, and trends about cybersecurity.
🔸 PortSwigger Web Security Blog – about web app security vulns and top tips from our team of web security.
🔸 AT&T Cybersecurity blog – news on emerging threats and practical advice to simplify threat detection.
🔸 Thycotic – where CISOs and IT Admins come to learn about industry trends, IT security, and more.
🔸 Risky Business – is a weekly information security podcast featuring news and in-depth interviews.
🔸 Cyber, by Motherboard – stories, and focus on the ideas about cybersecurity.
🔸 Tenable Podcast – conversations and interviews related to Cyber Exposure, and more.
🔸 Cybercrime Investigations – podcast by Geoff White about cybercrimes.
🔸 The many hats club – featuring stories from a wide range of Infosec people (Whitehat, Greyhat and Blackhat).
🔸 Darknet Diaries – true stories from the dark side of the Internet.
🔸 OSINTCurious Webcasts – is the investigative curiosity that helps people be successful in OSINT.
🔸 Security Weekly – the latest information security and hacking news.
🔸 rev3rse security – offensive, binary exploitation, web app security, hardening, red team, blue team.
🔸 LiveOverflow – a lot more advanced topics than what is typically offered in paid online courses – but for free.
🔸 J4vv4D – the important information regarding our internet security.
🔸 CyberTalks – talks, interviews, and article about cybersecurity.
Build your own DNS Servers
🔸 Unbound DNS Tutorial – a validating, recursive, and caching DNS server.
🔸 Knot Resolver on Fedora – how to get faster and more secure DNS resolution with Knot Resolver on Fedora.
🔸 DNS-over-HTTPS – tutorial to setup your own DNS-over-HTTPS (DoH) server.
🔸 dns-over-https – a cartoon intro to DNS over HTTPS.
🔸 DNS-over-TLS – following to your DoH server, setup your DNS-over-TLS (DoT) server.
🔸 DNS Servers – how (and why) i run my own DNS Servers.
🔸 OpenSSL Certificate Authority – build your own certificate authority (CA) using the OpenSSL tools.
🔸 step-ca Certificate Authority – build your own certificate authority (CA) using open source step-ca.
🔸 os-tutorial – how to create an OS from scratch.
🔸 Write your Own Virtual Machine – how to write your own virtual machine (VM).
🔸 x86 Bare Metal Examples – dozens of minimal operating systems to learn x86 system programming.
🔸 simple-computer – the scott CPU from “But How Do It Know?” by J. Clark Scott.
🔸 littleosbook – the little book about OS development.