This README holds links to everything I've found.

Articles

• 10 Immutable Laws of Security Administration
• Ten Immutable Laws of Security (Version 2.0)
• Basic Recon Using A Domain Name
• Become shell literate
• Blue Team Fundamentals (and Part Two)
• C Program Compilation Process - Source to Binary
• Code Fearlessly
• Contents of a Physical Pen Tester's Backpack
• Cyber Intrusion Services 2018 Incident Response Casebook
• DEF CON 28 OpenSOC Blue Team CTF: Lessons and Tips
• Defenders think in lists. Attackers think in graphs. As long as this is true, attackers win.
• Day-1 Skills That Cybersecurity Hiring Managers Are Looking For
• Defense at Scale
• Docker for Pentesters
• Evergreen skills for those who work with servers
• Files (Dan Luu at DeconstructConf)
• How I went from NOOB to OSCP in 90 days
• How To Build And Run A SOC for Incident Response: A Collection of Resources
• InfoSec
• Introducing the InfoSec colour wheel—blending developers with red and blue security teams.
• Life of an HTTP request in a Go server
• Linux Privilege Escalation: Automated Script
• Log Everything All The Time
• Masscan as a lesson in TCP/IP
• new-sysadmin: You're a production sysadmin now. That comes with certain responsibilities.
• PowerShell ♥ the Blue Team
• The real power of Linux executables
• Proxyjump, the SSH option you probably never heard of
• Same Same But Different: Discovering SQL Injections Incrementally with Isomorphic SQL Statements
• Speed matters: Why working quickly is more important than it seems
• Starting an InfoSec Career - The Megamix
• Stop Lighting Shit Up
• Threat Intel RSS Feeds via Twitter Lists
• Top 25 Active Directory Security Best Practices
• Tracing a packet journey using Linux tracepoints, perf and eBPF
• Understanding HTTP Request Headers
• Undervalued Software Engineering Skills: Writing Well
• (Very) Basic Intro To Elliptic Curve Cryptography
• What does debugging a program look like? and When debugging, your attitude matters
• What is DevOps?
• What is the Linux Auditing System (aka AuditD)?

Blogs, News, Subreddits (Text Periodicals)

• Active Directory Security
• Ars Technica Security
• BASHing Data
• Dark Reading
• The DFIR Report
• Internet Storm Center Diary
• Incrememt: Security
• Krebs on Security
• NetSec Subreddit
  • Ask NetSec Subreddit
• Open Source Forensic Tools
• Project Zero
• Pwned Subreddit
• SANS Reading Room
• Schneier On Security
• SecurityBytes
• ThreatPost
• TISIPHONE.NET: Leslie Carhart, full-spectrum cyber-warrior princess
• Vimways
• XPN InfoSec Blog

"Books" (well, they are sort of books)

• ACCESS PROHIBITED - The Physical Security Tool Guide to Hacks, Cracks, and Recon
• A Tour of Go
• Beej's Guide to Network Programming
• Building Virtual Machine Labs: A Hands-On Guide
• Chaos Engineering
• Connecting Discrete Mathematics and Computer Science
• The Embedded Rust Book
• Handbook of Applied Cryptography
• Library Athena: Read free books in the public domain
• LibriVox: Free public domain audiobooks
• Operating Systems: Three Easy Pieces
• Principles of System Administration
• Programming Books You Wish You Read Earlier
• Quantum computing for the very curious
• Security Engineering — Third Edition
• The Rust Programming Language
• Learn Vimscript the Hard Way

Challenges (Hacking and Programming)

• All-Army CyberStakes
• Analyst Unknown Cyber Range
• The Case of the Stolen Szechuan Sauce
• CodeWars
• CryptoHack: A fun platform for learning modern cryptography
• crackmes.one
• CSAW 365
• CTF365
• CTFtime
• DFIR.Training
• EnigmaGroup
• Exercism
• Exploit Education
• Flexbox Froggy: help Froggy and friends by writing CSS code
• Google Gruyere
• Gophercises
• GPU Puzzles
• Hack This Site
• Hacking 4 Defense
• HackTheBox
• HackThis
• HackXor
• Hack.me
• Hacking-Lab
• Hellbound Hackers
• IO
• Kaggle
• Microcorruption
• Oh My Git!
• Over The Wire
• PicoCTF
• Programmr
• Project Euler
• PWN0
• Pwnable.kr
• Regex Crossword
• Root Me
• RunCode
• SmashTheStack
• Sphere Online Judge
• SQL Murder Mystery
• Try2Hack
• TryHackMe
• TwilioQuest
• Under The Wire
• W3Challs
• We Chall: Challenge site aggregator

Channels and Podcasts (Audio/Visual Periodicals)

• 7 Minute Security
• CyberWire Daily Podcast
• Darknet Diaries
• Defensive Security
• Enterprise Security Weekly
• Internet Storm Center Daily Information Security Podcast
• LiveOverflow
• Malicious.life
• Recorded Future: Inside Threat Intelligence
• Steve Gibson: Security Now
• Tradecraft Security Weekly

Cheatsheets

• A linux-oriented binary anaylysis cheatsheet
• Awk cheatsheet
• The Concise Blue Team Cheat Sheets
• Dangit, Git!?!
• hackerscrolls' SecurityTips MindMaps
• Linux Performance
• Markdown Cheatsheet
• Nmap
• One-liners
• Oh, shit, git!
• One XSS cheatsheet to rule them all
• OSCP Cheat Sheet and Command Reference
  • Plus the Windows & Active Directory Exploitation Cheat Sheet and Command Reference
• The POSIX Shell And Utilities
• Rico's Cheatsheets
• SANS Windows Command Line Cheatsheet
• TechRepublic Cheat Sheets
• Vim Cheat Sheet
• Windows Security Event Logs

Checklists

• CIS Benchmarks
• Microsoft recommended block rules
• New Server Checklist
• Windows Security From The Ground Up

Communities (Discord, Mastodon, RocketChat, Slack, etc)

• The Dev's Guild
• OSInt.team

Conferences

• Deconstruct
• Hardwear.io
• Hacker Maps
• Hackers On Planet Earth

Courses

• 190 Universities, 600 Free Online Courses
• 9 Free Training Courses to Learn Linux Online
• Amazon's Machine Learning University
• Automate the Boring Stuff: Python scripting
• Brilliant.org: Math and science done right
• Clark Center: Effective cybersecurity curriculum at your fingertips
• A Cyber Threat Intelligence Self-Study Plan
• Defense Against The Dark Arts: Tufts University COMP 116 — Introduction to Computer Security
• E-learning by Tracy Parish
• From Nand to Tetris
• Getting Started with Microsoft PowerShell
• GraphQLab
• Hopper's Roppers
• How to learn to code for free at Stanford and make six figures in under 1 year
• Immerisve Labs
• Katacoda: Interactive learning platform for software engineers
• Learn-C.org
• Learn to Code From Home: The Coronavirus Quarantine Developer Skill Handbook
• Low-Level Academy: TCP/IP Fundamentals (in Rust)
• Malware Traffic Analysis
• Microsoft Software and Systems Academy
• Microsoft Virtual Academy
  • Windows Server Administration Fundamentals: Windows Server 2008
• Microsoft Windows Server 2016 Fundamentals
• The Missing Semester of Your CS Education
• Open Security Training
• Open Source Society University: Path to a free self-taught education in Computer Science!
• The Open Source Computer Science Degree
• Open Syllabus
• Portswigger Web Security Academy
• PowerShell Basics
• PowerShell Security Best Practices
• Practical Python Programming
• pwn.college
• PwnSchool Project
• Python for Security Professionals
• The Recurse Center
• Reverse Engineering 101
• Reverse Engineering 102
• The Rise and Fall of Civilizations: A Reader Course
• UW CSE341: Programming Languages, Spring 2019

Doctrine, Ethics, Law, and Policy

• Cybersecurity Law, Policy, and Institutions
• Cyberspace Solarium Comission

Enlightenment

• The Codeless Code
• The Dharma of Vi
• Emperor Sh and the Traveller
• Falsehoods CS Students (Still) Believe Upon Graduating and (A few) Ops Lessons We All Learn The Hard Way
• Rootless Root
• The Tao of Programming
• The Unix Power Classic
• Vim Kōans

Exercises

• curl exercises
• git exercises: navigate a repository
• malware_training_vol1
• PentesterLab: Introduction to code review
• PostgreSQL Exercises
• questions from wizardzines

Fun

• 1997 Crayola Internet Colors
• Bach's prelude in C major from WTC book I, written in sed
• Bacon Ipsum: A Meatier Lorem Ipsum Generator
• Bartosz Ciechanowski has amazing visualizations
• 🤣⌨️: Type words, get emoji.
• Fancy Font Generator
• Hacker Typer
• Low Earth Orbit Visualization
• Neal.fun: Bringing back the weird web!
• Online color picker for 256 colors terminal
• Penguin Classics Cover Generator
• Rectangular map-scheme of the observable universe
• Reversing the Technical Interview
• $wagify: Generates SICK 2003 usernames like [MTNDEW]xxX_m@ng0PdF_Xxx.
• terminal.sexy: Design your terminal colorscheme
• Text faces: Click-to-copy unicode faces like these guys: ( ͡° ͜ʖ ͡°) ¯_(ツ)_/¯
• Undocumented Admin

Guides

• Automating Red Team Homelabs
• Automating the Vim workplace
• [A]ndroid [A]pplication [P]entest [G]uide
• Bare-Metal STM32: From Power-Up to Hello World
• A beginner's guide to network troubleshooting in Linux
• The Big Blog Post of Information Security Training Materials
• Building Free Active Directory Lab in Azure
• Center for Internet Security
• Complete Sed Command Guide
• CTF Design Guidelines
• Cryptographic Attacks: A Guide for the Perplexed
• Defending Windows Domain Against Mimikatz Attacks
• The Dog Whisperer's Handbook
• Ethical OS
• Ethical Web Design
• Firewall Rule Best Practices
• The Git Rebase Handbook: A Definitive Guide to Rebasing
• The Hitchhiker’s Guide to Python
• How DNS Works
• An Interactive Guide to Flexbox
• The Internet of Shit Guide
• Learn X in Y Minutes: Scenic Programming Language Tours
• Linux Kernel etc/sysctl.conf Security Hardening
• Network Protocols for anyone who knows a programming language
• OSINT: How to find information on anyone
• The Programming Languages Zoo
• A penetration tester’s guide to subdomain enumeration
• Preventing Mimikatz Attacks
• Regex for Noobs (like me!): An Illustrated Guide
• Sideways Dictionary: Please explain ...
• TecMint Linux Guide
• Trunked Radio: A Guide
• Ultimate Go
• Why's (Poignant) Guide to Ruby
• Wizard Zines

Human skills

• About Cybersecurity Management and Expectations
• Asynchronous Communication: The Real Reason Remote Workers Are More Productive
• Being Glue
• Boilerplate Advice
• Contempt Culture
• Consent decision making
• Google Spent 2 Years Studying 180 Teams. The Most Successful Ones Shared These 5 Traits.
• How Focus Became More Important Than Intelligence
• How to Salvage a Disastrous Day in Your Covid-19 Quarantine
• The Legal Risks of Security Research
• Maker's Schedule, Manager's Schedule
• Making Slides
• On Lucidity
• Paradox of Choice
• Please Learn to Write
• Principles of Technology Leadership (watch how Bryan Cantrill's elbow bends wayyyyy too far)
• Techincal Writing Courses for Engineers
• Work is Work: In which returns diminish

Infographics

• Guillaume Infosec
• Occurrences of words in the Linux kernel source code over time

Motivational

• 80,000 Hours Career Guide

  • Pair with Giving What We Can and/or GiveWell to maximize the impact of your life

• A Conspiracy To Kill IE6

• Advice to (Cybersecurity) Undergrads

• Advice to a student poet from E.E. Cummings

  And so my advice to all young people... is: do something easy, like learning how to blow up the world — unless you're not only willing, but glad, to feel and work and fight till you die.

• Build Impossible Programs

• Codex Atlanticus

• Death To Bullshit

• Doug's Demo

• The Easy Way to Learn DFIR

• Fast Running

  But after a certain point, the expectations become the anchor, not the engine.

• Fix Like No One's Watching

• Harry Nyquist

• In the Beginning was the Command Line

• Infosec Income Questionnaire (Responses)

• Levels.fyi: Compare career levels across companies

• The Makers of Things

• The map of the observable Universe from the Milky Way to the edge of what can be seen

• The Matriculant Theory of Value

  I’m sorry to report that the market doesn’t care about your degrees, it cares about what you can produce and the value the market places on that product.

  • Pair with Dolly Parton and the Danger of Doing What You Love

• Model, document and share

• Nobody Cares

• A Portrait of Tenochtitlan

• The Ransomware Superhero of Normal, Illinois

• Seven Secular Sermons: Towards a more profoundly satisfying appreciation of reality at large.

• Tears in Rain

• Tribe of Hackers

• We've built a towering pile of shite

• What Should You Do with Your Life? Directions and Advice

• Wisdom from James Mickens

• You can't impress developers. So don't try.

• spaceprob.es

• They Write the Right Stuff

Online tools

• AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA: Are your URLs too short?
• AmIUnique: My browser fingerprint
• AS Report
• AutoDraw
• Binary Ninja Cloud
• Blacklight: A Real-Time Website Privacy Inspector
• Botometer
• Bot Sentinel
• Buypass Go SSL: Free TLS certificates
• check-your-website.server-daten-de: Check DNS, Urls + Redirects, Certificates and Content of your Website
• Compiler Explorer: interact with compilers in the browser
• CSP Evaluator: check if a CSP serves as strong mitigation against XSS
• CVE List: Common Vulnerabilities and Exposures list
• CyberChef: translate strings
• Dangerzone: Take potentially dangerous PDFs, office documents, or images and convert them to a safe PDF
• dark.fail: Is a darknet site online?
• de4js: JavaScript Deobfuscator and Unpacker
• diagrams.net: open source, online, desktop and container deployable diagramming software
• DNS Dumpster: dns recon & research, find & lookup dns records
• emailrep.io: Simple Email Reputation
• Excalidraw: Virtual whiteboard for sketching hand-drawn like diagram
• explainshell.com - match command-line arguments to their help text
• file.io: ephemeral file sharing
• GreyNoise Visualizer
• ';--have i been pwned?: check your email addresses and passwords
• JS Bin: JavaScript learning tool
• Hunchly
• IM Observatory: Testing the security of the Jabber/XMPP network since '13.
• IPLEAK.NET: This is the kind of information that all of the sites you visit, as well as their advertisers and any embedded widget, can see and collect about you.
• Let's Encrypt: Free TLS certificates
• LibreSpeed: Speed Test
• MailTester.com: Check validity of an email address
• Mail-Tester: Test the spammy-ness of email newsletters
• Mamont's open FTP Index
• Measure: See how well your website performs
• MilitaryMap: Plan your Mission
• Mono-Alphabetic Substitution
• Observatory: Scan your site
• OSINT Framework
• regular expressions 101
• SecurityHeaders.com: test http(s) security headers
• sha256algorithm.com
• a simple DNS lookup tool
• SSL Labs: test https configuration
• tilde.town: a computer meant for sharing
• verylegit.link: A link shortener that makes the link look really dodgy.
• WebPageTest: website performance metrics
• What Does My Site Cost?: Find out how much it costs for someone to use your site on mobile networks around the world
• Wigle.net: All the networks. Found by Everyone.

Papers

• DFIR Review
• Modelling the Cognitive Work of Cyber Protection Teams
• pfSense Best Practices

Personal Privacy and Security

• Big Ass Data Broker Opt-Out List
• Device and Account Security Checklist 2.0
• Extreme Privacy: What It Takes to Disappear in America
• How to Dox Yourself on the Internet: A step-by-step guide to finding and removing your personal information from the internet
• How to encrypt your entire life in less than an hour
• How To Protect Your Data And Remove Personal Information From The Internet For Free
• Just Delete Me: A directory of direct links to delete your account from web services
• Last visits to your Twitter profile
• Opt Out List: Master list of data broker opt-out links
• Own your domain
• Penetration Tester's Guide to Windows 10 Privacy & Security
• Security Checklist
• Semiphemeral: Automatically delete your old tweets, except for the ones you want to keep - here's the online app
• Should I Block Ads?: Yes, you should use an ad blocker
• SSH Agent Forwarding considered harmful: (try ssh whoami.filippo.io to see the effects)
• Skip the Surveillance By Opting Out of Face Recognition At Airports
• Why & Where You Should Plant Your Flag

Programming Advice

• The Codeless Code
• Crash Course on Notation in Programming Language Theory
• Crash-Only Software
• Destroy All Software
  • Wat, Useing You're Type's Good, The Birth & Death of JavaScript, etc
• Eich's Law
• Great Works in Programming Languages
• HTMHell: A collection of bad practices in HTML, copied from real websites
• Mastering Programming
• Notes on Programming in C
• On Linux's Random Number Generation
• Practical Go: Real world advice for writing maintainable Go programs
• SB Changes
• Small Functions considered Harmful
• Software Structure for anyone who knows a programming language
• The Perfect Programming Language
• Why bother writing tests at all?
• Why do some developers at strong companies like Google consider Agile development to be nonsense?
• Why Go and not Rust?
• YAGNI, yes. Skimping, no. Technical Debt? Not even.

Repositories

• Active Directory Kill Chain Attack & Defense
• Advice for writing LaTeX documents
• The Art of Command Line
• auditd-attack: A Linux Auditd rule set mapped to MITRE's ATT&CK framework
• Awesome Cybersecurity Blue Team
• Awesome Software and Architectural Design Patterns
• Big List of Naughty Strings
• CyberChef Recipies
• FuzzDB: Dictionary of attack patterns and primitives
• GTFOBins: Unix binaries to bypass local security restrictions
• Information Security / Hacking for noobs
• The Hitchhiker's Guide to Online Anonymity
• How To Secure A Linux Server
• Infosec Reference: a reference that doesn't suck
• Infosec Learning Materials
  • Includes Building a Pentest Lab with lots of sources for vulnerable machines
• Logging Made Easy
  • From the United Kingdom National Cyber Security Center
• LOLBAS: Living Off The Land Binaries, Scripts, and Libraries
• LOTS Project: Living Off Trusted Sites
• National Security Agency
  • Also NSA Cybersecurity
• Notes to (NUS) Computer Science Freshmen, From The Future
• Operation Secretum Praesidium
• OSCP Exam Report Template
• Pandas cookbook
• Powershell & Python: A side-by-side comparison
• Public APIs: A collective list of free APIs for use in software and web development
• The Practical Linux Hardening Guide
• Public Pentesting Reports
• pwndra: A collection of pwn/CTF related utilities for Ghidra
• SecLists: Collection of username/password lists

Search Engines

• AlienVault: Threat intelligence
• BinaryEdge: Threat intelligence
• censys.io: Find internet-exposed devices
• Dehashed: View leaked credentials
• crt.sh: Certificate Search
• DNSDumpster
• Dorksearch: Really fast Google dorking
• ExploitDB
• Fofa: Threat intelligence
• FullHunt
• GrayHatWarefare: Search public S3 buckets
• Grep App: Git repos
• Greynoise Visualizer
• hunter.io: Emails by domain
• IntelligenceX
• LeakIX
• Netlas
• ONYPHE: Threat intelligence
• PolySwarm: Scan files and URLs for threats
• PulseDive: Threat intelligence
• SearchCode
• SecurityTrails: DNS data
• Shodan: Find internet-exposed devices
• Source Code Search Engine
• sploitus.com: Exploit search engine
• URL Scan
• Vulners
• WayBackMachine
• Wigle: Database of wireless networks
• ZoomEye: Cybersecurity Search Engine

Software

• APT-Hunter
• AutoRecon: multi-threaded network reconnaissance tool which performs automated enumeration of services
• Andriller: collection of forensic tools for smartphones
• axiom: dynamic infrastructure setup for bug bounty and pentesting
• Buscador OSINT VM
• dSploit: An Android network penetration suite
• Envizon: The network visualization tool
• EvilVM
• ffmprovisr: Making FFmpeg Easier
• LeakLooker: Find open databases with Shodan
• linux-smart-enumeration: Linux enumeration tool for pentesting and CTFs with verbosity levels
• Lynis: Auditing, system hardening, compliance testing
• netsniff-ng: Swiss army knife for your daily Linux network plumbing
• Passer
• PenTesters Framework
• PingCastle: Get Active Directory Security at 80% in 20% of the time
• Princeton IoT Inspector
• recon-ng: Web reconnaissance framework
• retoolkit: Reverse Engineer's Toolkit
• RsaCtfTool
• Scott Hanselman's 2021 Ultimate Developer and Power Users Tool List for Windows
• Shodan snippets
• Skiptracer: OSINT scraping framework
• SOF-ELK: Security Operations and Forensics — Elasticsearch, Logstash, and Kibana
• Sourcetrail: free and open-source interactive source explorer
• Strelka: File scanning for threat hunting, threat detection, and incident response
• testssl.sh: Testing TLS/SSL encryption
• Threatcare Breach and Attack Simulation
• Tsurugi: DFIR-focused Linux distribution
• The ZMap Project

Taxonomy (Terms and Definitions):

• MITRE ATT&CK
• Lockheed-Martin Cyber Killchain

Tutorials

• Awk in 20 minutes
• Chaining Vulnerabilities to Exploit Post-Based Reflected XSS
• Debugging in Vim
• git rebase in depth
• email = git = <3
• I Have a Binary, But Where Is Main?
• Daniel Miessler's tcpdump Tutorial
• Derek Wyatt's Vim Tutorials
• Linux and Unix dig Command Examples
• DiG HOWTO: How to use dig to query DNS name servers
• UNIX Tutorial for Beginners
• Essential Linux Skills with CentOS7 and Building a Secure WordPress server with LAMP on CentOS 7 and SELinux from Ray Heffer
• FreeBSD Desktop
• Learn vim For the Last Time: A Tutorial and Primer
• Linuxize
• Digital Ocean
• The General Problem: Let's build a compiler!
• How to Protect SSH With Fail2Ban on CentOS 7
• Top 20 OpenSSH Server Best Security Practices
• Learning PowerShell
• Linux prevent unprivileged users from viewing dmesg command output
• Ben Eater's Tutorials
• How HTTPS works
• How To Use Bash Parameter Substitution Like A Pro
• Real Python Tutorials
• A Readable Specification of TLS 1.3
• The Illustrated TLS Connection
• The New Illustrated TLS Connection
• The Plain Text Project
• Tightly integrating Git into Vim
• Tips for an Information Security Analyst/Pentester career - Ep. 33 - Metasploit intro
• Tutorials on common hacks
• Using Wireshark: Exporting Objects from a Pcap
• Vim anti-patterns
• Vim Tips — Edit Remote Files with Vim On Linux
• Vim Tip of the Day: A Series
• Windows management from linux command line
• Writing an OS in Rust
• Writing in Plain Text: A Tutorial for the Non-Techy Writer
• The Easiest Metasploit Guide You'll Ever Read

Wikis

• ATT&CK
• SANS Blue Team Wiki

Videos and (Video) Playlists

• A Compiler From Scratch
• Active Directory
• DEF CON Media Server
• Demystifying the Windows Firewall – Learn how to irritate attackers without crippling your network
• I'll Let Myself In: Tactics of Physical Pen Testers
• InfoCon Server: Hacking Conference Archive
• Malware Hunting with the Sysinternals Tools
• Microsoft Powershell
• Radare2 Tutorial
• The Sysinternals tools make you better at your job
• Vim Alphabet
• Vim Un-Alphabet

Vulnerable Applications and Systems

• Bodgeit Store
• DVIA
• Hackademic
• Juice Shop
• WebGoat