This is a curated list of resources for those who want to get started with ethical hacking.

The Internet

IP Addresses

• https://www.cloudflare.com/learning/dns/glossary/what-is-my-ip-address/
• https://www.codedbrain.com/2019/12/one-hell-of-an-ip-addresspart-1-non-technical-perspective/
• https://www.iplocation.net/public-vs-private-ip-address

DNS

• https://www.cloudflare.com/learning/dns/what-is-dns/
• https://dyn.com/blog/dns-why-its-important-how-it-works/

DHCP

• https://whatismyipaddress.com/dhcp

How Internet Works

• https://web.stanford.edu/class/msande91si/www-spr04/readings/week1/InternetWhitepaper.htm
• https://developer.mozilla.org/en-US/docs/Learn/Common_questions/How_does_the_Internet_work

Overview of HTTP

• https://developer.mozilla.org/en-US/docs/Web/HTTP/Overview

How https Works

• https://robertheaton.com/2014/03/27/how-does-https-actually-work/

Linux Box Administration

Basics of linux command line

• https://www.digitalocean.com/community/tutorials/an-introduction-to-linux-basics
• https://maker.pro/linux/tutorial/basic-linux-commands-for-beginners

File Permissions

• http://linuxcommand.org/lc3_lts0090.php
• https://www.guru99.com/file-permissions.html

Programming

Scripting vs Compiled Languages

• https://stackoverflow.com/questions/17253545/scripting-language-vs-programming-language

Programming Language Resources

• https://github.com/getify/You-Dont-Know-JS
• https://www.programiz.com/c-programming
• https://developer.mozilla.org/

Hacking

Mastering Chrome Browser Developers Tools

• https://www.freecodecamp.org/news/mastering-chrome-developer-tools-next-level-front-end-development-techniques-3ac0b6fe8a3/

Port Scanning

• https://www.sans.org/reading-room/whitepapers/auditing/port-scanning-techniques-defense-70

TCP Three-way Handshake

• https://www.guru99.com/tcp-3-way-handshake.html

TCP vs UDP

• https://www.geeksforgeeks.org/differences-between-tcp-and-udp/

nmap UDP Scan

• https://nmap.org/book/scan-methods-udp-scan.html

netcat Cheatsheet

• https://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf

Web Security Resources

• https://github.com/qazbnm456/awesome-web-security

OWASP Top 10 Projects

• https://owasp.org/www-project-top-ten/

Tools Used to test Web Application Security

Vulnerability Scanners

• Burp Suite
• OWASP ZAP
• Acunetix Vulnerability Scanner
• Inception

Web Technology Identification Tools

• Wappalyzer
• BuiltWith

Subdomain Enumeration Tools

• Sublist3r
• Knockpy
• shuffleDNS
• Subfinder

Virtual Host Scanner

• VHostScan
• Virtual Host Discovery

Web Content Scanner

• DIRB
• Gobuster
• DirBuster
• Breacher
• Arjun

Automatic Browser Proxy Selection Extensions

• https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard/

Pentesting labs

• https://hackthebox.eu
• https://tryhackme.com
• https://ctftime.org
• http://pentesterlab.com (paid one)
• http://pentesteracademy.com (paid one)

CTF

Common CTF Practicing Tools & Use-cases

• https://resources.infosecinstitute.com/tools-of-trade-and-resources-to-prepare-in-a-hacker-ctf-competition-or-challenge/#gref
• EchoPwn CTF Lab
• picoCTF
• CTFchallenge.co.uk

Recommended YouTube Channels

• LiveOverflow
• HackerSploit
• Computerphile
• John Hammond
• GynvaelEN
• GynvaelEN
• Reconless
• IppSec

People to Follow

• Michael Gillespie (ransomware , malware related stuff)
• NahamSec (bug bounty related stuff)
• TomNomNom (open source tools maker)
• Mathias Bynens (works at v8js at google)
• Brute Logic (security researcher, creator of knoxss)
• Daniel Stenberg (maker of curl)
• Somdev Sangwan (security researcher)
• Martin Kleppe (an amazing JS guy also the maker of jsfuck)
• ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ (also his blog is amazing)
• terjanq (infosec at google plus ctf player)
• zseano (bug bounty related stuff)
• Jane Manchun Wong (she discovers unreleased features)
• Ron Chan (amazing researcher)
• FD (browser security researcher)
• James Kettle (websec research)
• Jobert Abma (cofounder of hackerone)
• angealbertini (amazing guy with file format expertise)
• Tavis Ormandy (works at google project zero, amazing researcher)
• Santosh Bhandari (that's me)

Books

• Penetration Testing: A Hands-On Introduction to Hacking
• The Hacker Playbook 3: Practical Guide To Penetration Testing
• Hacking: The Art of Exploitation
• The Web Application Hacker's Handbook
• Real-World Bug Hunting: A Field Guide to Web Hacking
• The Tangled Web
• Social Engineering: The Science of Human Hacking
• Linux Basics for Hackers
• Violent Python
• Black Hat Python