- CyberChef: https://gchq.github.io/CyberChef/
- Shodan: https://shodan.io/
- Scylla: https://scylla.sh/
- Dcode: https://www.dcode.fr/
- Boxentriq: https://www.boxentriq.com/code-breaking/cipher-identifier
- LibcDB (pwn libc lookups): https://libc.blukat.me/
- HackTheBox (free): https://hackthebox.eu/
- ImmersiveLabs (corporate): https://immersivelabs.com/
- PentesterAcademy Attack-Defense (paid): https://attackdefence.com/
- VulnHub (free): https://vulnhub.com/
- TryHackMe (paid/edu): https://tryhackme.com/
- PortSwigger(free) : https://portswigger.net/web-security
- Pentesterlabs(paid) : https://pentesterlab.com/
- EchoCTF (free): https://echoctf.red/
- Proving Grouds (free/paid): https://www.offensive-security.com/labs/individual/
- Root-me (free): https://www.root-me.org/
- ServmorSec (free/paid): https://servmorsec.co.uk/
- Virtual Hacking Labs (paid): https://www.virtualhackinglabs.com/
- John Hammond (YouTube): https://www.youtube.com/channel/UCVeW9qkBjo3zosnqUbG7CFw
- IppSec (HTB YouTube): https://www.youtube.com/channel/UCa6eh7gCkpPo5XXUDfygQQA
- TheCyberMentor (Courses and THM): https://www.youtube.com/channel/UC0ArlFuFYMpEewyRBzdLHiw
- optional (THM - inactive): https://www.youtube.com/optionalctf
- Nahamsec (Bug Bounty): https://www.youtube.com/channel/UCCZDt7MuC3Hzs6IH4xODLBw
- LiveOverflow (Youtube): https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w
- Stacksmashing / Ghidra Ninja (Rev eng.): https://www.youtube.com/channel/UC3S8vxwRfqLBdIhgRlDRVzw
- STÖK (Bug Bounty): https://www.youtube.com/channel/UCQN2DsjnYH60SFBIA6IkNwg
- Ceos3c (Tutorials): https://www.youtube.com/c/ceos3ctutorials
- kegn (HTB): https://www.youtube.com/channel/UCYH5zGyYYwg7tkpSx5pAtkQ
- AshF0x (pwn and THM): https://www.twitch.tv/ash_f0x
- Nightmare (pwn): https://guyinatuxedo.github.io/
- TheCyberMentor Network Pentesting: https://www.youtube.com/watch?v=WnN6dbos5u8
- HTB Prolabs | Dante: https://www.hackthebox.eu/press/prolab-dante
- ROP Emporium (pwn): https://ropemporium.com/
- TheNewBoston (all rounder - Inactive): https://www.youtube.com/user/thenewboston
- Codecademy: https://www.codecademy.com/
- Jabrils (Machine learning): https://www.youtube.com/channel/UCQALLeQPoZdZC4JNUboVEUg
- Exercism: https://exercism.io/
- Jacob Sorber (C programming and data structures): https://www.youtube.com/channel/UCwd5VFu4KoJNjkWJZMFJGHQ
- Hackerone (Bounty Platform): https://www.hackerone.com/
- Bugcrowd (Bounty Platform): http://bugcrowd.com/
- Disclose.io (Bounty Platform): https://disclose.io/
- Exploit-DB (Recent CVEs and Exploits): https://www.exploit-db.com/
- Mitre-CVE (CVEs): https://cve.mitre.org/
- Attacker-KB (CVE Explanation): https://attackerkb.com/
- Server Side Template Injection Blog (SSTI Blog OnSecurity): https://www.onsecurity.co.uk/blog/server-side-template-injection-with-jinja2/
- Zerologon (CVE + PoC): https://github.com/risksense/zerologon
- NMAP (Network Mapper): https://nmap.org/
- RustScan (Network Mapper): https://github.com/RustScan/RustScan
- Gobuster (CLI Directory Brute Force): https://github.com/OJ/gobuster
- DirBuster (GUI Directory Brute Force): https://tools.kali.org/web-applications/dirbuster
- SMBMap (SMB Enumeration): https://github.com/ShawnDEvans/smbmap
- Sublist3r (Sub-Domain Enumeration): https://github.com/aboul3la/Sublist3r
- Nikto (Web Enumeration): https://github.com/sullo/nikto