Skip to content

Resources

DFIR

URL Expander
Expands shortened URLs created through bit.ly and other comparable services, which are commonly used in phishing attacks to obfuscate the actual destination of a link and bypass conventional spam filters.

ANY.RUN
Interactive cloud-based sandbox with additional features including network tracking, MITRE ATT&CK mapping, and a behavior graph of malicious activity experienced in the sandbox. Incredibly useful for evaluating the impact and scope of a particular malware.

Base64 Decode/Encode
Encode and/or decode common character sets (UTF, ASCII, etc.) to and from Base64. Useful for translating suspicious encoded strings or commands.

URL Redirect Checker
Enumerates the hops and redirects of a given URL. Useful in identifying tracking and the eventual destination of a suspicious link.

urlscan.io
Sandboxed URL analysis including a live screenshot of the URL’s destination, IP and geolocation information, and more.

File Signatures
A table of hex/ASCII file signatures for many common file formats. Aids in the identification of file type obfuscation and steganography.

HexEd.it
Going hand-in-hand with the “File Signatures” table, HexEd.it is an online hex editor that can be used to look at binaries in hexadecimal form. This is especially useful for forensic and data recovery purposes.


OSINT

Default TTL Values
A table containing the default time-to-live values for various common operating systems. Great for enumerating a target’s OS manually, but the information contained in this table is generally pre-included in OS identifying tools such as Nmap’s “-o” switch.

OSINT Framework
Portal for a wide variety of OSINT tools, ranging from flight traffic analysis to forum search engines.

Intelligence X
A robust search engine that allows you to specify email addresses, CIDRs, Bitcoin addresses, domains, etc. in your search; and combs through the internet, dark web, whois data, public data leaks and more for the results.

FreeCarrierLookup
Fairly self-explanatory, but FreeCarrierLookup will provide you with the cell carrier of a given phone number. This has actually come in pretty handy for me lately when trying to figure out what SMS gateway to reach certain coworkers with.


Pentesting

NetSPI Open Source Tools
A collection of several useful exploitation tools, including “PowerUpSQL” for attacking SQL Server, “goddi” for AD enumeration, and “PESecurity” for Windows binary security auditing.

Reverse Shell Generator
A graphical and web-based alternative to the popular “msfvenom” Metasploit module; used for generating shellcode payloads.


Programming

String Size (Bytes) Calculator
Useful in certain low-level programming situations, particularly with regards to storing variables and/or garbage collection.


Vulnerability Management

ShieldsUP!!
Checks the IP address of the visiting user for UPnP exposure, commonly found on consumer and ISP-supplied routing equipment.



Cybersecurity


Networking


Ippsec
Well known for his Hack The Box retired VM walkthroughs and in-depth commentary. A personal favorite.

John Hammond
Great channel on CTFs and malware analysis.

Computerphile
Very smart people explaining complex computing concepts in an easily digestible format.

Gerald Auger
A fairly new channel, but lots of helpful guides and career tips for those looking to get into the industry or just starting out.

Fireship
Information about different programming languages, presented in very short form. Incredibly useful for building a baseline understanding of certain technologies.

Programming with Mosh
Your next step after Fireship. Videos on programming spanning 4 minutes or full-on 6 hour tutorials, and everything in between.

freeCodeCamp.org
All in the name. Long (up to 14 hours) form videos for learning different programming languages.

Black Hat
The official YouTube channel for Black Hat Infosec events, and a great way of keeping up with the industry and budding technologies.

DEFCON Conference
The best way to stay up to date on new trends, concepts, and threats if attending the conference is not an option.

Wild West Hackin’ Fest
One last conference channel to catch up on amazing talks and speakers.

Null Byte
Guides to various hardware, wireless, and general “hacking” techniques. Some of the videos cover things that may apply more to hobbyists, but many of them include concepts that can be used in the real world, particularly in pentesting.

Jim Browning
Not a technical channel in the traditional sense, but there is lots of entertainment value in watching a software engineer save others from “tech support” scams.

Disrupt
Again, further away from the technical side, but videos with very high production value and storytelling on some of the more notorious malware of our time. Think “Darknet Diaries”, but in a video format.


DFIR

Malware-Traffic-Analysis.net
A collection of training exercises with downloadable packet captures containing real-world malicious traffic, allowing you to parse through them with Wireshark to try and answer questions about them.

MITRE ATT&CK Navigator
Interactive tool allowing you to more fully understand adversarial tactics and the concepts behind the MITRE ATT&CK framework.


Pentesting

picoCTF
A great hands-on and beginner friendly platform for CTF practice and competitions, offered by Carnegie Mellon.

HackTheBox
A virtual-lab/CTF platform aimed at gaining root-level privileges on hosted virtual machines. Originally not as beginner friendly as other platforms, but this has improved as of late with the expansion of HackTheBox Academy.

TryHackMe
Virtual-lab/CTF platform aimed at different cybersecurity concepts, with a focus on offensive disciplines.

VulnHub
Downloadable virtual machine images created to be vulnerable in one way or another on purpose. It’s up to you to discover the vulnerabilities!


Programming

HackerRank
Excellent platform with a lot of practice modules and certification options for different languages, including Python, SQL, C, Ruby, and more.

Codewars
Essentially a gamified version of HackerRank that allows you to team up with other site members for the purposes of competition.

RegExr
Tool that allows you to visualize matches in a body of text given a particular RegEx statement. Very useful in understanding the way RegEx works and its syntax.

Python Tutor
An essential tool for pretty much any introductory Python course, Python Tutor allows you to step through Python code one command at a time and visualize the execution. Invaluable for debugging, but limited by its inability to load 3rd party modules.

Learn Git Branching
Similar to RegExr in the visualization/simulation aspect, Learn Git Branching allows you to experiment with different Git commands to see how the commands and syntax works.