Toggle navigation
bounty.fi
/main
/learning
/platforms
/tools
/labs
/mobile
/recon
/iot
/misc
/info
Learning/study material
Bug bounty and security blogs etc.
https://owasp.org/Top10/
https://blog.f-secure.com/so-you-want-to-be-an-ethical-hacker-21-ways/
https://bugcrowd.com/crowdstream
https://hackerone.com/hacktivity
https://hackersploit.org/
https://labs.bishopfox.com/home
https://labs.detectify.com/
https://medium.com/intigriti
https://pentester.land/list-of-bug-bounty-writeups.html
https://portswigger.net/research
https://samcurry.net/blog/
https://teamrot.fi/team-blog/
https://tomnniiomnom.com/
https://www.secjuice.com/
https://infosecwriteups.com/
https://www.bugcrowd.com/blog/getting-started-bug-bounty-hunter-methodology/
https://codingo.com/search/
https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters
https://infosecwriteups.com/
https://s0cm0nkey.gitbook.io/s0cm0nkeys-security-reference-guide/web-app-hacking/
https://bugbountypoc.com/
https://xploitlab.com/bug-lists/
https://iwantmore.pizza/
https://janmasarik.gitlab.io/automating-bug-bounty/
#/
https://blog.ropnop.com/proxying-cli-tools/
https://hacklido.com/blog/183-web-app-pentesting-checklist
https://www.hacksplaining.com/lessons
https://codingo.io/tools/ffuf/bounty/2020/09/17/everything-you-need-to-know-about-ffuf.html
https://iwantmore.pizza/posts/PEzor.html
https://hacklido.com/blog/183-web-app-pentesting-checklist
https://github.com/TROUBLE-1/Cloud-Pentesting/blob/main/Note%20%26%20Mind%20Map/Cloud%20Pentesting/Attacking%20Cloud.pdf
https://www.darkreading.com/edge-articles/bug-bounty-hunters-pro-tips-on-chasing-vulns-money
https://jivoi.github.io/2015/08/21/pentest-tips-and-tricks-number-2/
https://hakluke.medium.com/haklukes-guide-to-amass-how-to-use-amass-more-effectively-for-bug-bounties-7c37570b83f7
Courses, both free and commercial
https://academy.tcm-sec.com/
https://cybersecuritybase.mooc.fi/
http://security.cs.rpi.edu/courses/binexp-spring2015/
https://pwn.college/
https://srcincite.io/training/
https://www.offensive-security.com/
https://www.pluralsight.com/courses/code-auditing-security-hackers-developers
https://www.pluralsight.com/courses/fuzzing-security-hackers-developers
Podcasts
https://turvakarajat.fi/
(Finnish)
https://www.f-secure.com/fi/business/podcasts/herrasmieshakkerit
(Finnish)
https://www.social-engineer.org/category/podcast/
https://darknetdiaries.com/
https://inteltechniques.com/podcast.html
Books
https://www.owasp.org/index.php/OWASP_Testing_Project
https://www.amazon.com/Silence-Wire-Passive-Reconnaissance-Indirect/dp/1593270461
https://www.amazon.com/gp/product/1118026470/
(The Web Application Hacker's Handbook)
https://www.amazon.com/Phishing-Dark-Waters-Offensive-Defensive/dp/1118958470
https://www.amazon.com/Art-Deception-Controlling-Element-Security/dp/076454280X
https://www.amazon.com/Social-Engineering-Science-Human-Hacking/dp/111943338X/r
https://www.amazon.com/Ghost-Wires-Adventures-Worlds-Wanted/dp/0316037729
https://www.amazon.com/Mission-Men-Me-Lessons-Commander/dp/0425236579
https://www.amazon.com/Influence-Psychology-Persuasion-Robert-Cialdini/dp/006124189X
https://www.amazon.com/dp/B06X9FY51S/ref=redir_mobile_desktop
OSINT (Open Source Intelligence)
https://github.com/fastfire/goca
https://github.com/FelixChop/MediumArticles/blob/master/Graph_analysis_Python.ipynb
https://github.com/jivoi/awesome-osint
https://github.com/optiv/OSINT_Encyclopedia
https://github.com/sinwindie/OSINT
https://infosecwriteups.com/web-osint-tryhackme-walkthrough-5f497a2ba12b
https://inteltechniques.com/JE/OSINT_Packet_2019.pdf
https://medium.com/@benjamindbrown/finding-mcafee-a-case-study-on-geoprofiling-and-imagery-analysis-6f16bbd5c219
https://medium.com/@hackermaderas/the-beginning-of-one-hackers-thoroughly-referenced-evidenced-osint-investigation-of-clearview-ai-1aa2e9109492
https://nixintel.info/osint/using-flight-tracking-for-geolocation-quiztime-30th-october-2019/
https://pimeyes.com/
https://raidforums.com/Announcement-Database-Index-CLICK-ME
https://towardsdatascience.com/getting-started-with-graph-analysis-in-python-with-pandas-and-networkx-5e2d2f82f18e
https://www.aware-online.com/en/15-useful-google-operators-for-your-investigation/
https://www.bellingcat.com/category/resources/how-tos/
https://www.bellingcat.com/resources/how-tos/2019/12/26/guide-to-using-reverse-image-search-for-investigations/
https://www.hackers-arise.com/osint
https://www.hackers-arise.com/post/2019/05/28/osint-part-3-extracting-employee-names-from-companies-tesla-and-breitbart-on-linkedin
https://www.hackers-arise.com/post/osint-tracking-the-suspect-s-precise-location-using-wigle-net
https://yandex.com/
(reverse image search)
https://www.spiderfoot.net/
https://www.opennic.org/projects/
(grep.geek search)
https://wiby.me/
https://www.mojeek.com/
https://map.snapchat.com/
https://buckets.grayhatwarfare.com/
https://intelx.io/
https://infosecwriteups.com/dorking-for-bug-bounties-d81cc857b2c8
https://osintcurio.us/2019/04/18/basic-opsec-tips-and-tricks-for-osint-researchers/
https://cybarrior.com/blog/2019/04/05/eagle-eye-reverse-lookup-tool-for-social-media-accounts/
https://start.me/p/DPYPMz/the-ultimate-osint-collection
Cyber Threat Intelligence / Threat hunting / Threat Modelling
https://www.misp-project.org/
https://www.usenix.org/system/files/sec20-bouwman.pdf
(A different cup of TI? The added value of commercial threat intelligence)
https://hakin9.org/opencti-open-cyber-threat-intelligence-platform/
https://github.com/OpenCTI-Platform/opencti/
https://github.com/fastfire/deepdarkCTI
https://github.com/intelowlproject/IntelOwl
https://labs.inquest.net/
https://github.com/fireeye/ThreatPursuit-VM
https://github.com/0x4D31/awesome-threat-detection
https://wiki.owasp.org/index.php/Threat_Risk_Modeling
https://www.openintel.nl/
https://vulmon.com/
https://labs.inquest.net/
https://blog.bushidotoken.net/2021/09/how-do-you-run-cybercrime-gang.html
http://www.hexacorn.com/blog/2017/01/28/beyond-good-ol-run-key-all-parts/
https://medium.com/katies-five-cents/faqs-on-getting-started-in-cyber-threat-intelligence-f567f267348e
https://www.activeresponse.org/the-4-qualities-of-good-threat-intelligence/
https://github.com/mike-goodwin/owasp-threat-dragon-desktop/blob/master/README.md
https://www.threatmodelingmanifesto.org/
https://www.recordedfuture.com/threat-category-risk-framework/
https://www.kyberturvallisuuskeskus.fi/fi/palvelumme/tilannekuva-ja-verkostojohtaminen/kybermittari
DFIR
https://www.ashemery.com/dfir.html
https://blog.dfir.fi/
https://blog.onfvp.com/post/volatility-cheatsheet/
https://github.com/Invoke-IR/ForensicPosters
https://www.dfir.training/resources/downloads/windows-registry
https://www.ethicalhacker.net/features/root/using-cold-boot-attacks-forensic-techniques-penetration-tests/
Social Engineering
https://www.social-engineer.org/