Learning/study material

Bug bounty and security blogs etc.

• https://owasp.org/Top10/
• https://blog.f-secure.com/so-you-want-to-be-an-ethical-hacker-21-ways/
• https://bugcrowd.com/crowdstream
• https://hackerone.com/hacktivity
• https://hackersploit.org/
• https://labs.bishopfox.com/home
• https://labs.detectify.com/
• https://medium.com/intigriti
• https://pentester.land/list-of-bug-bounty-writeups.html
• https://portswigger.net/research
• https://samcurry.net/blog/
• https://teamrot.fi/team-blog/
• https://tomnniiomnom.com/
• https://www.secjuice.com/
• https://infosecwriteups.com/
• https://www.bugcrowd.com/blog/getting-started-bug-bounty-hunter-methodology/
• https://codingo.com/search/
• https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters
• https://infosecwriteups.com/
• https://s0cm0nkey.gitbook.io/s0cm0nkeys-security-reference-guide/web-app-hacking/
• https://bugbountypoc.com/
• https://xploitlab.com/bug-lists/
• https://iwantmore.pizza/
• https://janmasarik.gitlab.io/automating-bug-bounty/#/
• https://blog.ropnop.com/proxying-cli-tools/
• https://hacklido.com/blog/183-web-app-pentesting-checklist
• https://www.hacksplaining.com/lessons
• https://codingo.io/tools/ffuf/bounty/2020/09/17/everything-you-need-to-know-about-ffuf.html
• https://iwantmore.pizza/posts/PEzor.html
• https://hacklido.com/blog/183-web-app-pentesting-checklist
• https://github.com/TROUBLE-1/Cloud-Pentesting/blob/main/Note%20%26%20Mind%20Map/Cloud%20Pentesting/Attacking%20Cloud.pdf
• https://www.darkreading.com/edge-articles/bug-bounty-hunters-pro-tips-on-chasing-vulns-money
• https://jivoi.github.io/2015/08/21/pentest-tips-and-tricks-number-2/
• https://hakluke.medium.com/haklukes-guide-to-amass-how-to-use-amass-more-effectively-for-bug-bounties-7c37570b83f7

Courses, both free and commercial

• https://academy.tcm-sec.com/
• https://cybersecuritybase.mooc.fi/
• http://security.cs.rpi.edu/courses/binexp-spring2015/
• https://pwn.college/
• https://srcincite.io/training/
• https://www.offensive-security.com/
• https://www.pluralsight.com/courses/code-auditing-security-hackers-developers
• https://www.pluralsight.com/courses/fuzzing-security-hackers-developers

Podcasts

• https://turvakarajat.fi/ (Finnish)
• https://www.f-secure.com/fi/business/podcasts/herrasmieshakkerit (Finnish)
• https://www.social-engineer.org/category/podcast/
• https://darknetdiaries.com/
• https://inteltechniques.com/podcast.html

Books

• https://www.owasp.org/index.php/OWASP_Testing_Project
• https://www.amazon.com/Silence-Wire-Passive-Reconnaissance-Indirect/dp/1593270461
• https://www.amazon.com/gp/product/1118026470/ (The Web Application Hacker's Handbook)
• https://www.amazon.com/Phishing-Dark-Waters-Offensive-Defensive/dp/1118958470
• https://www.amazon.com/Art-Deception-Controlling-Element-Security/dp/076454280X
• https://www.amazon.com/Social-Engineering-Science-Human-Hacking/dp/111943338X/r
• https://www.amazon.com/Ghost-Wires-Adventures-Worlds-Wanted/dp/0316037729
• https://www.amazon.com/Mission-Men-Me-Lessons-Commander/dp/0425236579
• https://www.amazon.com/Influence-Psychology-Persuasion-Robert-Cialdini/dp/006124189X
• https://www.amazon.com/dp/B06X9FY51S/ref=redir_mobile_desktop

OSINT (Open Source Intelligence)

• https://github.com/fastfire/goca
• https://github.com/FelixChop/MediumArticles/blob/master/Graph_analysis_Python.ipynb
• https://github.com/jivoi/awesome-osint
• https://github.com/optiv/OSINT_Encyclopedia
• https://github.com/sinwindie/OSINT
• https://infosecwriteups.com/web-osint-tryhackme-walkthrough-5f497a2ba12b
• https://inteltechniques.com/JE/OSINT_Packet_2019.pdf
• https://medium.com/@benjamindbrown/finding-mcafee-a-case-study-on-geoprofiling-and-imagery-analysis-6f16bbd5c219
• https://medium.com/@hackermaderas/the-beginning-of-one-hackers-thoroughly-referenced-evidenced-osint-investigation-of-clearview-ai-1aa2e9109492
• https://nixintel.info/osint/using-flight-tracking-for-geolocation-quiztime-30th-october-2019/
• https://pimeyes.com/
• https://raidforums.com/Announcement-Database-Index-CLICK-ME
• https://towardsdatascience.com/getting-started-with-graph-analysis-in-python-with-pandas-and-networkx-5e2d2f82f18e
• https://www.aware-online.com/en/15-useful-google-operators-for-your-investigation/
• https://www.bellingcat.com/category/resources/how-tos/
• https://www.bellingcat.com/resources/how-tos/2019/12/26/guide-to-using-reverse-image-search-for-investigations/
• https://www.hackers-arise.com/osint
• https://www.hackers-arise.com/post/2019/05/28/osint-part-3-extracting-employee-names-from-companies-tesla-and-breitbart-on-linkedin
• https://www.hackers-arise.com/post/osint-tracking-the-suspect-s-precise-location-using-wigle-net
• https://yandex.com/ (reverse image search)
• https://www.spiderfoot.net/
• https://www.opennic.org/projects/ (grep.geek search)
• https://wiby.me/
• https://www.mojeek.com/
• https://map.snapchat.com/
• https://buckets.grayhatwarfare.com/
• https://intelx.io/
• https://infosecwriteups.com/dorking-for-bug-bounties-d81cc857b2c8
• https://osintcurio.us/2019/04/18/basic-opsec-tips-and-tricks-for-osint-researchers/
• https://cybarrior.com/blog/2019/04/05/eagle-eye-reverse-lookup-tool-for-social-media-accounts/
• https://start.me/p/DPYPMz/the-ultimate-osint-collection

Cyber Threat Intelligence / Threat hunting / Threat Modelling

• https://www.misp-project.org/
• https://www.usenix.org/system/files/sec20-bouwman.pdf (A different cup of TI? The added value of commercial threat intelligence)
• https://hakin9.org/opencti-open-cyber-threat-intelligence-platform/
• https://github.com/OpenCTI-Platform/opencti/
• https://github.com/fastfire/deepdarkCTI
• https://github.com/intelowlproject/IntelOwl
• https://labs.inquest.net/
• https://github.com/fireeye/ThreatPursuit-VM
• https://github.com/0x4D31/awesome-threat-detection
• https://wiki.owasp.org/index.php/Threat_Risk_Modeling
• https://www.openintel.nl/
• https://vulmon.com/
• https://labs.inquest.net/
• https://blog.bushidotoken.net/2021/09/how-do-you-run-cybercrime-gang.html
• http://www.hexacorn.com/blog/2017/01/28/beyond-good-ol-run-key-all-parts/
• https://medium.com/katies-five-cents/faqs-on-getting-started-in-cyber-threat-intelligence-f567f267348e
• https://www.activeresponse.org/the-4-qualities-of-good-threat-intelligence/
• https://github.com/mike-goodwin/owasp-threat-dragon-desktop/blob/master/README.md
• https://www.threatmodelingmanifesto.org/
• https://www.recordedfuture.com/threat-category-risk-framework/
• https://www.kyberturvallisuuskeskus.fi/fi/palvelumme/tilannekuva-ja-verkostojohtaminen/kybermittari

DFIR

• https://www.ashemery.com/dfir.html
• https://blog.dfir.fi/
• https://blog.onfvp.com/post/volatility-cheatsheet/
• https://github.com/Invoke-IR/ForensicPosters
• https://www.dfir.training/resources/downloads/windows-registry
• https://www.ethicalhacker.net/features/root/using-cold-boot-attacks-forensic-techniques-penetration-tests/

Social Engineering

• https://www.social-engineer.org/

---