List of Step by Step Manuals, Howto Guide & Tutorials for Every Software Engineers

Shell/Command line

  🔸 pure-bash-bible – is a collection of pure bash alternatives to external processes.
  🔸 pure-sh-bible – is a collection of pure POSIX sh alternatives to external processes.
  🔸 bash-guide – is a guide to learn bash.
  🔸 bash-handbook – for those who wanna learn Bash.
  🔸 The Bash Hackers Wiki – hold documentation of any kind about GNU Bash.
  🔸 Shell & Utilities – describes the commands offered to application programs by POSIX-conformant systems.
  🔸 the-art-of-command-line – master the command line, in one page.
  🔸 Shell Style Guide – a shell style guide for Google-originated open-source projects.

▪️ Text Editors

  🔸 Vim Cheat Sheet – great multi language vim guide.

▪️ Python

  🔸 Awesome Python – a curated list of awesome Python frameworks, libraries, software and resources.
  🔸 python-cheatsheet – comprehensive Python cheatsheet.
  🔸 pythoncheatsheet.org – basic reference for beginner and advanced developers.

▪️ Sed & Awk & Other

  🔸 F’Awk Yeah! – advanced sed and awk usage (Parsing for Pentesters 3).

▪️ *nix & Network

  🔸 nixCraft – linux and unix tutorials for new and seasoned sysadmin.
  🔸 TecMint – the ideal Linux blog for Sysadmins & Geeks.
  🔸 Omnisecu – free Networking, System Administration and Security tutorials.
  🔸 linux-cheat – Linux tutorials and cheatsheets. Minimal examples. Mostly user-land CLI utilities.
  🔸 linuxupskillchallenge – learn the skills required to sysadmin.
  🔸 Unix Toolbox – Unix/Linux/BSD commands and tasks which are useful for IT work or for advanced users.
  🔸 Linux Kernel Teaching – is a collection of lectures and labs Linux kernel topics.
  🔸 htop explained – explanation of everything you can see in htop/top on Linux.
  🔸 Linux Guide and Hints – tutorials on system administration in Fedora and CentOS.
  🔸 strace-little-book – a little book which introduces strace.
  🔸 linux-tracing-workshop – examples and hands-on labs for Linux tracing tools workshops.
  🔸 http2-explained – a detailed document explaining and documenting HTTP/2.
  🔸 http3-explained – a document describing the HTTP/3 and QUIC protocols.
  🔸 HTTP/2 in Action – an excellent introduction to the new HTTP/2 standard.
  🔸 Let’s code a TCP/IP stack – great stuff to learn network and system programming at a deeper level.
  🔸 Nginx Admin’s Handbook – how to improve NGINX performance, security and other important things.
  🔸 nginxconfig.io – NGINX config generator on steroids.
  🔸 openssh guideline – is to help operational teams with the configuration of OpenSSH server and client.
  🔸 SSH Handshake Explained – is a relatively brief description of the SSH handshake.
  🔸 ISC’s Knowledgebase – you’ll find some general information about BIND 9, ISC DHCP, and Kea DHCP.
  🔸 PacketLife.net – a place to record notes while studying for Cisco’s CCNP certification.

▪️ Microsoft

  🔸 AD-Attack-Defense – attack and defend active directory using modern post exploitation activity.

▪️ Large-scale systems

  🔸 The System Design Primer – learn how to design large-scale systems.
  🔸 Awesome Scalability – best practices in building High Scalability, High Availability, High Stability, and more.
  🔸 Web Architecture 101 – the basic architecture concepts.

▪️ System hardening

  🔸 CIS Benchmarks – secure configuration settings for over 100 technologies, available as a free PDF.
  🔸 Security Harden CentOS 7 – this walks you through the steps required to security harden CentOS.
  🔸 CentOS 7 Server Hardening Guide – great guide for hardening CentOS; familiar with OpenSCAP.
  🔸 awesome-security-hardening – is a collection of security hardening guides, tools and other resources.
  🔸 The Practical Linux Hardening Guide – provides a high-level overview of hardening GNU/Linux systems.
  🔸 Linux Hardening Guide – how to harden Linux as much as possible for security and privacy.

▪️ Security & Privacy

  🔸 Hacking Articles – LRaj Chandel’s Security & Hacking Blog.
  🔸 AWS security tools – make your AWS cloud environment more secure.
  🔸 Rawsec’s CyberSecurity Inventory – an inventory of tools and resources about CyberSecurity.
  🔸 The Illustrated TLS Connection – every byte of a TLS connection explained and reproduced.
  🔸 SSL Research – SSL and TLS Deployment Best Practices by SSL Labs.
  🔸 SELinux Game – learn SELinux by doing. Solve Puzzles, show skillz.
  🔸 Certificates and PKI – everything you should know about certificates and PKI but are too afraid to ask.
  🔸 The Art of Subdomain Enumeration – a reference for subdomain enumeration techniques.
  🔸 Quitting Google – the comprehensive guide to quitting Google.

▪️ Web Apps

  🔸 OWASP – worldwide not-for-profit charitable organization focused on improving the security of software.
  🔸 OWASP ASVS 3.0.1 – OWASP Application Security Verification Standard Project.
  🔸 OWASP ASVS 3.0.1 Web App – simple web app that helps developers understand the ASVS requirements.
  🔸 OWASP ASVS 4.0 – is a list of application security requirements or tests.
  🔸 OWASP Testing Guide v4 – includes a “best practice” penetration testing framework.
  🔸 OWASP Dev Guide – this is the development version of the OWASP Developer Guide.
  🔸 OWASP WSTG – is a comprehensive open source guide to testing the security of web apps.
  🔸 OWASP API Security Project – focuses specifically on the top ten vulnerabilities in API security.
  🔸 Mozilla Web Security – help operational teams with creating secure web applications.
  🔸 security-bulletins – security bulletins that relate to Netflix Open Source.
  🔸 API-Security-Checklist – security countermeasures when designing, testing, and releasing your API.
  🔸 Enable CORS – enable cross-origin resource sharing.
  🔸 Application Security Wiki – is an initiative to provide all application security related resources at one place.
  🔸 Weird Proxies – reverse proxy related attacks; it is a result of analysis of various proxies.
  🔸 Webshells – great series about malicious payloads.
  🔸 Practical Web Cache Poisoning – show you how to compromise websites by using esoteric web features.
  🔸 Hidden directories and files – as a source of sensitive information about web application.
  🔸 Explosive blog – great blog about cybersec and pentests.
  🔸 Security Cookies – this paper will take a close look at cookie security.
  🔸 APISecurityBestPractices – help you keep secrets (API keys, db credentials, certificates) out of source code.

▪️ All-in-one

  🔸 LZone Cheat Sheets – all cheat sheets.
  🔸 Dan’s Cheat Sheets’s – massive cheat sheets documentation.
  🔸 Rico’s cheatsheets – this is a modest collection of cheatsheets.
  🔸 DevDocs API – combines multiple API documentations in a fast, organized, and searchable interface.
  🔸 cheat.sh – the only cheat sheet you need.
  🔸 gnulinux.guru – collection of cheat sheets about bash, vim and networking.

▪️ Ebooks

  🔸 free-programming-books – list of free learning resources in many languages.

▪️ Other

  🔸 CTF Series : Vulnerable Machines – the steps below could be followed to find vulnerabilities and exploits.
  🔸 50M_CTF_Writeup – $50 million CTF from Hackerone – writeup.
  🔸 ctf-tasks – an archive of low-level CTF challenges developed over the years.
  🔸 How to start RE/malware analysis? – collection of some hints and useful links for the beginners.
  🔸 The C10K problem – it’s time for web servers to handle ten thousand clients simultaneously, don’t you think?
  🔸 How 1500 bytes became the MTU of the internet – great story about the Maximum Transmission Unit.
  🔸 poor man’s profiler – like dtrace’s don’t really provide methods to see what programs are blocking on.
  🔸 HTTPS on Stack Overflow – this is the story of a long journey regarding the implementation of SSL.
  🔸 Julia’s Drawings – some drawings about programming and unix world, zines about systems & debugging tools.
  🔸 Hash collisions – this great repository is focused on hash collisions exploitation.
  🔸 sha256-animation – animation of the SHA-256 hash function in your terminal.
  🔸 BGP Meets Cat – after 3072 hours of manipulating BGP, Job Snijders has succeeded in drawing a Nyancat.
  🔸 bgp-battleships – playing battleships over BGP.
  🔸 What happens when… – you type google.com into your browser and press enter?
  🔸 how-web-works – based on the ‘What happens when…’ repository.
  🔸 HTTPS in the real world – great tutorial explain how HTTPS works in the real world.
  🔸 Gitlab and NFS bug – how we spent two weeks hunting an NFS bug in the Linux kernel.
  🔸 Gitlab melts down – postmortem on the database outage of January 31 2017 with the lessons we learned.
  🔸 How To Become A Hacker – if you want to be a hacker, keep reading.
  🔸 Operation Costs in CPU – should help to estimate costs of certain operations in CPU clocks.
  🔸 Let’s Build a Simple Database – writing a sqlite clone from scratch in C.
  🔸 simple-computer – great resource to understand how computers work under the hood.
  🔸 The story of “Have I been pwned?” – working with 154 million records on Azure Table Storage.
  🔸 TOP500 Supercomputers – shows the 500 most powerful commercially available computer systems known to us.
  🔸 How to build a 8 GPU password cracker – any “black magic” or hours of frustration like desktop components do.
  🔸 CERN Data Centre – 3D visualizations of the CERN computing environments (and more).
  🔸 How fucked is my database – evaluate how fucked your database is with this handy website.
  🔸 Linux Troubleshooting 101 , 2016 Edition – everything is a DNS Problem…
  🔸 Five Whys – you know what the problem is, but you cannot solve it?
  🔸 Maersk, me & notPetya – how did ransomware successfully hijack hundreds of domain controllers?
  🔸 howhttps.works – how HTTPS works …in a comic!
  🔸 howdns.works – a fun and colorful explanation of how DNS works.
  🔸 POSTGRESQLCO.NF – your postgresql.conf documentation and recommendations.

Inspiring Lists  [TOC]

▪️ SysOps/DevOps

  🔸 Awesome Sysadmin – amazingly awesome open source sysadmin resources.
  🔸 Awesome Shell – awesome command-line frameworks, toolkits, guides and gizmos.
  🔸 Command-line-text-processing – finding text to search and replace, sorting to beautifying, and more.
  🔸 Awesome Pcaptools – collection of tools developed by other researchers to process network traces.
  🔸 awesome-ebpf – a curated list of awesome projects related to eBPF.
  🔸 Linux Network Performance – where some of the network sysctl variables fit into the Linux/Kernel network flow.
  🔸 Awesome Postgres – list of awesome PostgreSQL software, libraries, tools and resources.
  🔸 quick-SQL-cheatsheet – a quick reminder of all SQL queries and examples on how to use them.
  🔸 Awesome-Selfhosted – list of Free Software network services and web applications which can be hosted locally.
  🔸 List of applications – huge list of apps sorted by category, as a reference for those looking for packages.
  🔸 CS-Interview-Knowledge-Map – build the best interview map.
  🔸 DevOps-Guide – DevOps Guide from basic to advanced with Interview Questions and Notes.
  🔸 FreeBSD Journal – it is a great list of periodical magazines about FreeBSD and other important things.
  🔸 devops-interview-questions – contains interview questions on various DevOps and SRE related topics.

▪️ Developers

  🔸 Web Developer Roadmap – roadmaps, articles and resources to help you choose your path, learn and improve.
  🔸 Front-End-Checklist – the perfect Front-End Checklist for modern websites and meticulous developers.
  🔸 Front-End-Performance-Checklist – Front-End Performance Checklist that runs faster than the others.
  🔸 Python’s Magic Methods – what are magic methods? They’re everything in object-oriented Python.
  🔸 wtfpython – a collection of surprising Python snippets and lesser-known features.
  🔸 js-dev-reads – a list of books and articles for the discerning web developer to read.
  🔸 Commit messages guide – a guide to understand the importance of commit messages.

▪️ Security/Pentesting

  🔸 Awesome Web Security – a curated list of Web Security materials and resources.
  🔸 awesome-cyber-skills – a curated list of hacking environments where you can train your cyber skills.
  🔸 awesome-devsecops – an authoritative list of awesome devsecops tools.
  🔸 awesome-osint – is a curated list of amazingly awesome OSINT.
  🔸 HolyTips – tips and tutorials on Bug Bounty Hunting and Web App Security.
  🔸 awesome-threat-intelligence – a curated list of Awesome Threat Intelligence resources.
  🔸 Red-Teaming-Toolkit – a collection of open source and commercial tools that aid in red team operations.
  🔸 awesome-burp-extensions – a curated list of amazingly awesome Burp Extensions.
  🔸 Free Security eBooks – list of a Free Security and Hacking eBooks.
  🔸 Hacking-Security-Ebooks – top 100 Hacking & Security E-Books.
  🔸 privacy-respecting – curated list of privacy respecting services and software.
  🔸 reverse-engineering – list of awesome reverse engineering resources.
  🔸 linux-re-101 – a collection of resources for linux reverse engineering.
  🔸 reverseengineering-reading-list – a list of Reverse Engineering articles, books, and papers.
  🔸 Awesome-WAF – a curated list of awesome web-app firewall (WAF) stuff.
  🔸 awesome-shodan-queries – interesting, funny, and depressing search queries to plug into shodan.io.
  🔸 RobotsDisallowed – a curated list of the most common and most interesting robots.txt disallowed directories.
  🔸 HackingNeuralNetworks – is a small course on exploiting and defending neural networks.
  🔸 wildcard-certificates – why you probably shouldn’t use a wildcard certificate.
  🔸 Don’t use VPN services – which is what every third-party “VPN provider” does.
  🔸 awesome-yara – a curated list of awesome YARA rules, tools, and people.
  🔸 macOS-Security-and-Privacy-Guide – guide to securing and improving privacy on macOS.
  🔸 macos_security – macOS Security Compliance Project.
  🔸 awesome-sec-talks – is a collected list of awesome security talks.
  🔸 Movies for Hackers – list of movies every hacker & cyberpunk must watch.
  🔸 Cryptography_1 – materials used whilst taking Prof. Dan Boneh Stanford Crypto course.
  🔸 Crypton – library to learn and practice Offensive and Defensive Cryptography.

▪️ Other

  🔸 Cheatography – over 3,000 free cheat sheets, revision aids and quick references.
  🔸 awesome-static-analysis – static analysis tools for all programming languages.
  🔸 computer-science – path to a free self-taught education in Computer Science.
  🔸 post-mortems – is a collection of postmortems (config errors, hardware failures, and more).
  🔸 build-your-own-x – build your own (insert technology here).
  🔸 Project-Based-Tutorials-in-C – is a curated list of project-based tutorials in C.
  🔸 The-Documentation-Compendium – various README templates & tips on writing high-quality documentation.
  🔸 awesome-python-applications – free software that works great, and also happens to be open-source Python.
  🔸 awesome-public-datasets – a topic-centric list of HQ open datasets.
  🔸 machine-learning-algorithms – a curated list of all machine learning algorithms and concepts.

Blogs/Podcasts/Videos  [TOC]

▪️ SysOps/DevOps

  🔸 Varnish for PHP developers – very interesting presentation of Varnish by Mattias Geniar.
  🔸 A Netflix Guide to Microservices – talks about the chaotic and vibrant world of microservices at Netflix.

▪️ Developers

  🔸 Comparing C to machine lang – compare a simple C app with the compiled machine code of that program.

▪️ Geeky Persons

  🔸 Brendan Gregg’s Blog – is an industry expert in computing performance and cloud computing.
  🔸 Gynvael “GynDream” Coldwind – is a IT security engineer at Google.
  🔸 Michał “lcamtuf” Zalewski – white hat hacker, computer security expert.
  🔸 Mattias Geniar – developer, sysadmin, blogger, podcaster and public speaker.
  🔸 Nick Craver – software developer and systems administrator for Stack Exchange.
  🔸 Scott Helme – security researcher, speaker and founder of securityheaders.com and report-uri.com.
  🔸 Brian Krebs – The Washington Post and now an Independent investigative journalist.
  🔸 Bruce Schneier – is an internationally renowned security technologist, called a “security guru”.
  🔸 Chrissy Morgan – advocate of practical learning, Chrissy also takes part in bug bounty programs.
  🔸 Andy Gill – is a hacker at heart who works as a senior penetration tester.
  🔸 Daniel Miessler – cybersecurity expert and writer.
  🔸 Samy Kamkar – is an American privacy and security researcher, computer hacker.
  🔸 Javvad Malik – is a security advocate at AlienVault, a blogger event speaker and industry commentator.
  🔸 Graham Cluley – public speaker and independent computer security analyst.
  🔸 Kacper Szurek – detection engineer at ESET.
  🔸 Troy Hunt – web security expert known for public education and outreach on security topics.
  🔸 raymii.org – sysadmin specializing in building high availability cloud environments.
  🔸 Robert Penz – IT security expert.

▪️ Geeky Blogs

  🔸 Linux Audit – the Linux security blog about auditing, hardening and compliance by Michael Boelen.
  🔸 Linux Security Expert – trainings, howtos, checklists, security tools, and more.
  🔸 The Grymoire – collection of useful incantations for wizards, be you computer wizards, magicians, or whatever.
  🔸 Secjuice – is the only non-profit, independent and volunteer led publication in the information security space.
  🔸 Decipher – security news that informs and inspires.

▪️ Geeky Vendor Blogs

  🔸 Tenable Podcast – conversations and interviews related to Cyber Exposure, and more.
  🔸 Sophos – threat news room, giving you news, opinion, advice and research on computer security issues.
  🔸 Tripwire State of Security – blog featuring the latest news, trends and insights on current security issues.
  🔸 Malwarebytes Labs Blog – security blog aims to provide insider news about cybersecurity.
  🔸 TrustedSec – latest news, and trends about cybersecurity.
  🔸 PortSwigger Web Security Blog – about web app security vulns and top tips from our team of web security.
  🔸 AT&T Cybersecurity blog – news on emerging threats and practical advice to simplify threat detection.
  🔸 Thycotic – where CISOs and IT Admins come to learn about industry trends, IT security, and more.

▪️ Geeky Cybersecurity Podcasts

  🔸 Risky Business – is a weekly information security podcast featuring news and in-depth interviews.
  🔸 Cyber, by Motherboard – stories, and focus on the ideas about cybersecurity.
  🔸 Tenable Podcast – conversations and interviews related to Cyber Exposure, and more.
  🔸 Cybercrime Investigations – podcast by Geoff White about cybercrimes.
  🔸 The many hats club – featuring stories from a wide range of Infosec people (Whitehat, Greyhat and Blackhat).
  🔸 Darknet Diaries – true stories from the dark side of the Internet.
  🔸 OSINTCurious Webcasts – is the investigative curiosity that helps people be successful in OSINT.
  🔸 Security Weekly – the latest information security and hacking news.

▪️ Geeky Cybersecurity Video Blogs

  🔸 rev3rse security – offensive, binary exploitation, web app security, hardening, red team, blue team.
  🔸 LiveOverflow – a lot more advanced topics than what is typically offered in paid online courses – but for free.
  🔸 J4vv4D – the important information regarding our internet security.
  🔸 CyberTalks – talks, interviews, and article about cybersecurity.

Build your own DNS Servers

  🔸 Unbound DNS Tutorial – a validating, recursive, and caching DNS server.
  🔸 Knot Resolver on Fedora – how to get faster and more secure DNS resolution with Knot Resolver on Fedora.
  🔸 DNS-over-HTTPS – tutorial to setup your own DNS-over-HTTPS (DoH) server.
  🔸 dns-over-https – a cartoon intro to DNS over HTTPS.
  🔸 DNS-over-TLS – following to your DoH server, setup your DNS-over-TLS (DoT) server.
  🔸 DNS Servers – how (and why) i run my own DNS Servers.

Build your own Certificate Authority

  🔸 OpenSSL Certificate Authority – build your own certificate authority (CA) using the OpenSSL tools.
  🔸 step-ca Certificate Authority – build your own certificate authority (CA) using open source step-ca.

Build your own System/Virtual Machine

  🔸 os-tutorial – how to create an OS from scratch.
  🔸 Write your Own Virtual Machine – how to write your own virtual machine (VM).
  🔸 x86 Bare Metal Examples – dozens of minimal operating systems to learn x86 system programming.
  🔸 simple-computer – the scott CPU from “But How Do It Know?” by J. Clark Scott.
  🔸 littleosbook – the little book about OS development.

Rajesh Kumar
Follow me