- HackTricks: https://book.hacktricks.xyz/welcome/readme
- Zseano's methodology: https://www.bugbountyhunter.com/methodology/zseanos-methodology.pdf
- Pentest Book:https://pentestbook.six2dez.com/
- PayloadsAllTheThings: https://github.com/swisskyrepo/PayloadsAllTheThings
- Portswigger Academy: https://portswigger.net/web-security/dashboard
- OWASP tesing guide: https://owasp.org/www-project-web-security-testing-guide/
- Security Bootcamp: https://www.first.org/education/bootcamp
- CS 253 Web Security: https://web.stanford.edu/class/cs253/
- APISec University: https://www.apisecuniversity.com/?ref=srt-pathways#courses
- Exploit Database: https://www.exploit-db.com/
- 2023 CWE Top 25 Most Dangerous Software Weaknesses: https://cwe.mitre.org/top25/archive/2023/2023_top25_list.html
- Using ATT&CK for Cyber Threat Intelligence Training: https://attack.mitre.org/resources/training/cti/
- Advanced XXE exploitation: https://gosecure.github.io/xxe-workshop/#0
- Building Your Active Directory Lab on AWS: https://sethsec.blogspot.com/2017/05/pentest-home-lab-0x1-building-your-ad.html
- FuzzySecurity: https://fuzzysecurity.com/tutorials/expDev/1.html
- Windows Privilege Escalation 1: https://www.absolomb.com/2018-01-26-Windows-Privilege-Escalation-Guide/
- Windows Privilege Escalation 2: https://sushant747.gitbooks.io/total-oscp-guide/content/privilege_escalation_windows.html
- Bug Bounty disclosed reports: https://www.bugbountyhunter.com/disclosed/
- Linux PricEsc: https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/
- GTFOBins (GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems): https://gtfobins.github.io/#find
- LOLBAS (like GTFOBins but for Windows): https://lolbas-project.github.io/