Collection of resources and practice sites, that helped us in learning about cybersecurity. This list is based on our experience.

How to use this?

My recommendation would be to stick to one thing first and try to get as far as you can on it, before moving on to next link. Don’t be overwhelmed. This is purely a collection. If you are beginner, start with the ones marked beginner. Don’t be afraid to try other categories. If you have any questions, feel free to reach out to a member in committee or ask in the relevant chat. We are always happy to help out :D.

Cryptography

Tools

• sagemath
• pycryptodome
• https://github.com/cryptohack/cryptohack-docker

Resources

• https://cryptohack.gitbook.io/cryptobook/

Practice

• https://cryptohack.org/ (beginner; Highly Recommended, best way to learn and gold community, Goes literally from zero to hero; if you stick with it)
• https://www.cryptopals.com/ (Old/outdated but a gem)

Pwn

Resources

Repository containing a large number of glibc heap attacks, not the best for learning heap pwn but good as a reference

• https://github.com/shellphish/how2heap

Practice

100s of similar challenges if you’re a masochist

• https://pwn.college/ - babyshell, babymem, babyrev are good (beginner friendly)

First few challenges are not realistic pwn, but builds understanding of low-level architecture and debugging techniques

• https://pwnable.xyz/
• https://pwnable.kr/

Rev

Resources

• https://pwn.college has some good resources for rev though you’re best just trying crackmes

Practice

• https://crackmes.one

Web

You’ll need Burp Suite to make your life easier

Resources

• https://portswigger.net/web-security/cross-site-scripting/cheat-sheet (TONES of xss exploits that you can push against a server)
• https://github.com/swisskyrepo/PayloadsAllTheThings/ (Payloads for all kinds of known vulnerabilities, reverse shells, etc… very useful as a reference)

Practice

• https://portswigger.net/web-security (Has amazing walkthroughs from the most basic to advanced web challenges)
• https://www.root-me.org/ (has a lot of web challs)

Full pwn (Box hacking)

Tools you’ll likely need: kali linux/parrotOS, nmap, burp suite, gobuster/ffuf, linPEAS/winPEAS, chisel, and most importantly, google

Resources

• https://www.youtube.com/ippsec (Walkthroughs of retired HTB boxes)
• https://blog.harmj0y.net/ (Active Directory attacks explained)
• https://gtfobins.github.io/ (SUID binaries, uncommon tools to break out of restricted shells, etc)
• https://github.com/swisskyrepo/PayloadsAllTheThings/

Good Writeups:

• https://0xdf.gitlab.io/

Practice

• https://www.hackthebox.com/ (start from easy boxes + any CTFS organized by HackTheBox may have box hacking too)
• https://tryhackme.com/

Blockchain/Smart-Contract Security

Resources

• https://cmichel.io/how-to-become-a-smart-contract-auditor/

Practice

• https://www.damnvulnerabledefi.xyz/ (difficult, but also somewhat beginner friendly)
• https://ctf.paradigm.xyz/challenges (Difficult not for beginners)
• https://capturetheether.com/ (i think the testnet this is hosted on, doesnt work)

Solidity practice:

• https://cryptozombies.io/