Offensive Resources
Offensive Platforms #
Top #
- Have CRTP, CRTE, CRTM, CARTP, etc.
- Hands-on Active Directory labs
- Created by the SecOps Group
- Diverse pentesting labs
- Owned by INE
- Extensive pentesting courses
- Have multiple certification paths, including offensive cloud certifications
Proving Grounds Play and Practice
- Labs by OffSec
Other #
- Dead link, similar to HTB
- Pentesting labs, certificates, has IoT course
- French HTB
Web Application Resources #
Top #
Web Security Academy - PortSwigger
- Free web security lessons / training
- Web app security exercises
- API security learning platform
- Bug bounty platform and training
- Home of OWASP Top 10
Create Your Own #
- Intentionally vulnerable app
DVWA - Damn Vulnerable Web Application
- Test web exploit skills
Other #
- Web challenges
- XSS challenges
- Web hacking courses
CTF Challenge - Web App Security Challenges
- CTF-style web puzzles
- Tiny XSS challenges
- Publicly hosted Juice Shop variant
Online tools #
- Public exploit search
- Find vulnerable devices
- Search leaked accounts
Public Buckets by GrayhatWarfare
- Open storage bucket finder
- Check leaked credentials
- Breached database search
Cloud #
- Cloud pentesting courses and certs (Azure and AWS)
- AWS flaws walkthrough
- More AWS flaw challenges
- Another Hacktricks for cloud
- Cloud security training
Mobile #
- Moblie courses and certifications
Resource Pages #
- Compare C2 frameworks
- HTB video walkthroughs
- Attack payload collection
- Red team tactics guide
- HackTricks clone
- Drone hacking guide
- Good AD cheatsheets
- List of offensive security tools and scripts
Dark Wolf Android Security Research Playbook
- Android hacking playbook
Training #
- Red team training (CRTO and CRTL)
- Physical pentesting training and certifications
- Drone hacking courses
- Pentesting courses
- Social engineering training
- https://www.udemy.com/user/jeremiahtalamantes/
- Trainings for RTAC and RTAJ
- Multiple pentesting courses and training
- Red team online courses (Maldev and red teaming focused)
- Malware development training (and phishing)
- Evilginx training course
- Mobile, Hardware, IoT (and many more) pentesting courses
- Physical pentesting training in the EU
- Binary exploitation course
- Home of new Practical Industrial Control System Penetration Testing course ( POISE)
- Malware development training
Red Team Field Manual (RTFM) Video Library
- Video library for the RTFMv2 book. Has challenge coin
Corelan Consulting - Exploit Development Training for Windows
- Windows MalDev courses
HackingHub - Ethical Hacking Training
- CTFs / Labs made by NahamSec and John Hammond
- ICS training
- Malware development training
- Initial Access Training
- Red team labs
Other #
- Dead link, hosted vulnerable web apps for download
Exploit Education :: Andrew Griffiths’ Exploit Education
- VMs for exploit development and buffer overflow attacks
NetSecFocus Trophy Room - Google Sheets
- HTB box prep list for OSCP (TJNull)
- Offensive security blog and workshops
- Brute Ratel C4
The Penetration Testing Execution Standard
- Standardized pentesting guide (PTES)
- Security lab exercises
- Public pentest reports
- AI red teaming
- CTF: https://platform.dreadnode.io/
- IoT security tool
- Book
Lists #
- Unix binary exploits
- Living Off The Land Binaries, Scripts and Libraries
- Living Off the Orchard
- Living Off the Land apps
- List of offensive tools for Windows/AD
LOTP - Living Off the Pipeline
- CI/CD RCE methods
- DLL Hijacking list
- Living Off The Land Drivers
Living Off the Living Off the Land | LOLOL
- List of lists (GTFOBins, LOLBAS, etc.)
Online Resources #
Online - Reverse Shell Generator
- Command-line shell generator
- Download cradle stuff