hackertalkytalk.md

List of Helpful Information Security Multimedia

The channels listed here will eventually be monitored by @HackerTalkyTalk, so that whenever new videos get uploaded, there's only one Twitter account you need to watch to keep track of new material as it gets released. :D

Feel free to add more to the list; this is pretty incomplete, but better than nothing for folks who are new. Pull requests or Twitter DMs are both fine :)

PLEASE NOTE: Each list is randomly ordered. @hexwaxwing will reorder them more appropriately once more fully-enumerated lists are assembled.

UPDATE (2-20-2018): Added a History & Culture section, since I'm finding a lot of younger newcomers need help understanding the historical context of the hacker subculture in infosec. Also, added a TOC with links to the different sections. And a bunch of new entries.

UPDATE (2-19-2018): Added a few other sections that aren't really relevant to @HackerTalkyTalk, but are useful for learners: Complete & Utter Newbie Starting Resources, Practice Materials && Labs, and Workstation VMs.

Table of Contents

• Infosec/Hacker Conference Talk Recordings [127 conferences]
  • Infosec&&Hacker Cons [84]
  • BSides [43]
  • Meetups That Record Their Talks [2]
• Other Audiovisual Multimedia
  • Shows &/or Livestreams [40]
  • Podcasts [86]
• Playgrounds!: Practice Materials && Labs [31]
• Workstation VMs [9]
• Introductory Resources for the Complete Newbie [7]
• Hacker History & Culture [13]

---

Infosec&&Hacker Conference Talk Recordings

Infosec&&Hacker Cons

0. 3C/CCC
1. DEFCON
2. Infocon.org [talk+podcast aggregator; torrents available]
3. Irongeek's channel [Collection of ~2000+ con videos from smaller American cons]
   • DerbyCon: [III: 2011 • IV: 2012 • V: 2013 • IV: 2014 • V: 2015 • VI: 2016 • VII: 2017]
   • Converge [2016 • 2017]
   • GrrCon [2015 • 2016 • 2017]
   • ANYCon [2017]
   • CircleCityCon [2014 • 2015 • 2016 • 2017]
   • ShowMeCon [2015 • 2016 • 2017]
   • NolaCon [2016 • 2017]
   • AIDE [2015 • 2017]
   • CypherCon [1.0: 2016 • 2.0: 2017]
   • BloomCon [2017]
   • PhreakNIC [XII: 2008]
   • HouSecCon [#6: 2015]
   • ShmooCon [Firetalks: 2015]
   • DEFCON [Wireless Village: 2014]
   • OISF [2015]
   • SecureWV/Hack3rcon: [VI: 2015 • VII: 2016 • VIII: 2017]
   • Louisville Infosec [2013 • 2015 • 2016 • 2017]
   • BSides Tampa: [2015 • 2017]
   • BSides NoVa (Northern Virginia) [2017]
   • BSides Cleveland [2014 • 2015 • 2017]
   • BSides Detroit [2015 • 2016 • 2017]
   • BSides Charm (Baltimore) [2017]
   • BSides Nashville [2014 • 2015 • 2017]
   • BSides Indy [2017]
   • BSides Philly (Philadelphia): [2016 • 2017]
   • BSides Augusta [2015 • 2016]
   • BSides San Francisco [2015 • 2016]
   • BSidesLV (Las Vegas) [2012 • 2013 • 2015]
   • BSidesCincy (Cincinnati) [2015]
   • BSides Boston [2015]
   • BSides Columbus [2015]
   • BSidesRI (Rhode Island): [2013]
   • BSides Chicago [2014]
   • BSidesDE (Delaware) [2013]
4. Cooper (@Ministraitor): [YouTube • archive.org] [Kinda like a European version of Irongeek]
   • hack.lu: [2016 • 2017]
   • eth0: [Winter 2017]
   • MISP Summit: [2016 • 2017]
   • SteelCon: [2016]
   • HaxoGreen: [2016]
   • hardwear.io (@hardwear_io): [2016 • 2017] (FIXME: needs separate playlists for each year)
   • IRISSCON (@irisscert): [2013 • 2014 • 2015 • 2016 • 2017]
   • Securi-Tay (@AlbertayHackers): [IV: 2015 • V: 2016 • VI: 2017]
   • OWASP Chapter Meetings: [2016 • 2017]
   • BSides Ljubljana (@BSidesLjubljana): [2016 • 2017]
   • BSides Hamburg (@HamburgSides): [2015 • 2016]
   • BSides Hannover (@BSidesHN): [2016 • 2017]
   • BSides Belfast (@bsidesbelfast): [2016]
   • BSides Munich (@BSidesMunich): [2017 (YouTube | archive.org)]
   • BSides Bordeaux (@BSidesBDX): [2017]
   • BSides Luxembourg (@BSidesLux): [2017]
   • BSides Amsterdam (@BSidesAMS): [2017]
   • BSides Manchester (@BSidesMCR): [2014 inc. • 2015 • 2016 • 2017]
   • BSides Edinburgh Scotland (@BSidesScot): [2017]
5. PhreakNIC: VII: 2003 • VIII: 2004 • IX: 2005 • X: 2006 • XI: 2007 • XVI: 2012 • XVII: 2013 • XVIII: 2014 • IXX: 2015 • XX: 2016 • XXI: 2017 (cf. Irongeek's channel for PhreakNIC XII [2008])
6. Hacktivity
7. S4 [ICS]
8. ZeroNights
9. REcon (@reconmtl @reconbrx): 2013 [YouTube|REcon (in schedule talk descriptions)] • 2014 [YouTube|REcon+slides] • 2015 [YouTube|REcon+slides] • 2016 [YouTube|REcon] • 2017 [YouTube|REcon) [reverse engineering]
10. BruCON
11. Hack in the Box (HITB)
12. SANS DFIR [DFIR + threat hunting + threat intel]
13. SANS Pentesting [penetration testing]
14. SANS ISC [netsec + nsm]
15. GHP1989 • HEU1993 • HIP1997 • HAL2001 • WTH2005 • HAR2009 • OHM2013: [...do recordings exist...?]
16. SHA2017: [YouTube channel • media.ccc.de]
17. SAINTcon [playlists & videos]
18. Toorcon
19. ekoparty
20. Real World Crypto [cryptography]
21. CarolinaCon [offsec]
22. Wild West Hackin' Fest
23. Rooted Con
24. BalCCon
25. SEC-T
26. FSec
27. LayerOne: 2015 • 2016 • 2017
28. TROOPERScon: [defense + management + SAP + IPv6 + NGI + embedded + offsec]
29. BlackAlps CyberSecurityConference
30. x33fcon [purple team]
31. SkyDogCon
32. SecurityOnion Con [NSM+IDS+IPS]
33. Nullcon Goa: 2013 • 2014 • 2015 • 2016 • 2017 • 2018
34. KansasFest [retro gaming, some reverse engineering]
35. Botconf.eu [malware analysis]
36. ShmooCon: [2017 & 2018]
37. SyScan360 Singapore: [2014 • 2015 • 2016]
38. BlueHat IL (Israel): [2017 • 2018] (no official playlist, but all on this YouTube acct)
39. Infiltrate: [2011 inc • 2012 • 2013 inc • 2014 • 2015 • 2016 • 2017]
40. Hackers On Planet Earth (HOPE): [1994 • 1997 • 2000 • 2002 • V: 2004 • IX: 2012 • X: 2013]
41. Code Blue (@codeblue_jp): [2013 • 2014 • 2015 • 2016 • 2017]
42. HackerHotel: [2015 • 2016 • 2018 (livestream)] (needs to be separated into playlists)
43. NLUUG: [2015 • 2017] (needs to be separated into playlists)
44. eth0:winter [2014 (wiki) • 2015 (wiki) • 2016 (wiki) • 2017 (wiki)]
45. Electromagnetic Field (@emfcamp): [2014 • 2016]
46. Black Hat (Europe): [2014 • 2015 • 2016 • 2017]
47. Black Hat (USA): [2013 • 2014 • 2015 • 2016 • 2017]
48. Black Hat (Asia): [2014 • 2015 • 2016 • 2017]
49. r2con: [2017]
50. LevelUp: [2017]
51. SteelCon: [2014 • 2015 • 2016 • 2017]
52. CanSecWest: [slides for 2000–2017] [...do recordings exist...?]
53. PacSec: [slides for 2003–2017] [...do recordings exist...?]
54. FOSDEM: [2003 • 2004 • 2005 • 2006 • 2007 • 2008 • 2009 • 2010 • 2011 • 2012 • 2013 • 2014 • 2015 • 2016 • 2017]
55. AppSecEU: [2014 • 2015 • 2016 • 2017]
56. AppSecUSA: [2013 • 2014 • 2015 • 2016 • 2017]
57. OWASP AppSec California: [2014 • 2015 • 2016 • 2017]
58. Hack in Paris: [2011 • 2012 • 2013 • 2014 • 2015 • 2016 • 2017]
59. H.A.C.K Camp:::CampZer0 (@campzer0): [2013 (slides)]
60. H.A.C.K Camp:::Camp++: [2014 (slides) • 2015:0x7df • 2016:0x7e0 • 2017:0x7e1]
61. NorthSec: [2015 • 2016 • 2017]
62. TRISS: 2017

BSides

0. BSidesLV (Las Vegas): [irongeek: 2012 • 2013 • 2015]
1. BSidesLisbon
2. BSidesRaleigh
3. BSidesCapeTown
4. BSidesStJohns
5. BSidesLondon
6. BSidesVancouver
7. BSidesIOWA
8. BSidesDE (Delaware): [irongeek: 2013]
9. BSidesOrlando
10. BSidesWarsaw
11. BSidesSLC
12. BSidesSF: [irongeek: 2015 • 2016]
13. BSidesPhilly (Philadelphia): [irongeek: 2016 • 2017]
14. BSides Tel Aviv: BSidesTLV2017 & BSidesTLV2016
15. BSidesLA/ShellCon: ShellCon 2017.
16. BSidesCharm: [2016] [irongeek: 2017]
17. BSides Asheville: 2014 • 2015 (Sat, Sun) • 2016 • 2017
18. BSidesCalgary (@bsides_calgary): [2016 • 2017] (FIXME: years need to be separated into playlists)
19. BSidesNYC: [2018]
20. BSides Ljubljana (@BSidesLjubljana): [2016 • 2017]
21. BSides Hamburg (@HamburgSides): [2015 • 2016]
22. BSides Hannover (@BSidesHN): [2016 • 2017]
23. BSides Belfast (@bsidesbelfast): [2016 • 2017]
24. BSides Munich (@BSidesMunich): [2017 (YouTube | archive.org)]
25. BSides Bordeaux (@BSidesBDX): [2017]
26. BSides Luxembourg (@BSidesLux): [2017]
27. BSides Amsterdam (@BSidesAMS): [2017]
28. BSides Manchester (@BSidesMCR): [2014 inc. • 2015 • 2016 • 2017]
29. BSides Edinburgh Scotland (@BSidesScot): 2017
30. BSides Tampa: [irongeek: 2015 • 2017]
31. BSides NoVa (Northern Virginia): [irongeek: 2017]
32. BSides Cleveland: [irongeek: 2014 • 2015 • 2017]
33. BSides Detroit: [irongeek: 2015 • 2016 • 2017]
34. BSides Nashville: [irongeek: 2014 • 2015 • 2017]
35. BSides Indy (Indianapolis): [irongeek: 2017]
36. BSides Augusta: [irongeek: 2015 • 2016]
37. BSidesCincy (Cincinnati): [irongeek: 2015]
38. BSides Boston: [irongeek: 2015]
39. BSides Columbus: [irongeek: 2015]
40. BSidesRI (Rhode Island): [2013]
41. BSides Chicago: [irongeek: 2014]
42. [BSides Leeds] (@BSidesLeeds): [2018]
43. BSides Pittsburgh: [2015 • 2016 • 2017]

Meetups That Record Their Talks

0. SecKC
1. SecDSM
2. Louisville ISSA Web Pentesting workshop [2013] [pentesting + appsec + bug bounty]
3. Louisville Nmap workshop [2014] [pentesting]
4. Steel City InfoSec
5. To explore infosec/hacker events near you (& see talks in person &/or meet local infosec folk [we don't bite! usually!]), check out @nyxgeek's world map of security meetups&conferences at hackermaps.org, & check out @evilsocket's ConfWatch.Ninja (@confwatchninja) for a schedule of upcoming cons. <3

---

---

---

Other Audiovisual Multimedia

Shows &/or Livestreams

0. @LiveOverflow's livestream [CTF + reverse engineering + exploit dev]
1. @TheColonial's OJ Reeves/th3colon1al livestream [Metasploit, Meterpreter dev + exploit dev]
2. @gynvael Coldwind's livestream [CTF + reverse engineering]
3. @hedgeberg's livestream [reverse engineering + hardware hacking + console hacking]
4. @ktemkin's livestream [reverse engineering + hardware hacking]
5. @_r00k_'s livestreams + walkthroughs [CTF walkthroughs]
6. @MurmusCTF's walkthroughs [CTF walkthroughs]
7. @IppSec's walkthroughs [CTF walkthroughs]
8. MeshX93 [walkthroughs]
9. webpwnized [appsec, websec, netsec]
10. Micah Elizabeth Scott's @scanlime show: YouTube • Patreon [reverse engineering + sundry]
11. John Hammond's YouTube channel [CTF walkthroughs + programming tutorials]
12. Cybersecurity Camp
13. @Hak5's tutorials (with @Snubs, @mubix, @hak5darren) [basic skills + pentesting] 0. Hak5: Seasons 1-5 • Seasons 6-10 • Seasons 11-15 0. Open Source Recommendations 0. Hack Across the Planet 0. 3D Printing 0. HakTip with @Snubs 0. Metasploit Minute with @mubix
14. SecurityTube
15. @DAkacki @da_667 @oscaron @benheise @Ajediday & @mzbat's Rally Security [weekly news breakdown]
16. @HECFBlog's Forensic Lunch [DFIR]
17. Sam Bowne's livestreamed infosec classes [Careers in Computer Networking • Ethical Hacking & Network Defense • CISSP prep • Securing Web Applications • Exploit Development]
18. vTriple livestream [DFIR & dev]
19. @struppigel's Malware Analysis for Hedgehogs [DFIR + malware analysis]
20. @hasherezade's walkthroughs [malware analysis + reverse engineering]
21. Colin Hardy [malware analysis + reverse engineering]
22. @herrcore + @seanmw's Open Analysis Labs #OpenAnalysisLive [malware analysis + reverse engineering]
23. Computerphile
24. SDR intro with Michael Ossmann
25. @SecureTheHuman's SANS Security Awareness: SecureTheHuman webcasts [soft skills + security awareness]
26. Big Brain Security
27. @duosec's DuoSec Talks
28. @BHinfoSecurity's webinars [pentesting]
29. @brompwnie's livestreams [android hacking]
30. ChiefRiver videos [pentesting + windows]
31. #nullconchat [live infosec-themed discussion on Twitter]
32. @thatsjet's @DevSecOpsLIFE [DevSecOps]
33. @424f424f, @dafthack, @ustayready, + @ralphte1's @CoinSecPodcast: YouTube • Spotify [cryptocurrency]
34. @dildog's Noctem livestream
35. @FuzzySec's Patreon livestream [red team, pentesting, exploit dev, general amazingness]
36. @TrustedSec TV
37. @samykamkar's tutorials
38. @gattaca's Liquid Matrix Security Digest TV: [full episodes • mini episodes]
39. The Internet Society's various livestreamed events: [ I • II ]

---

Podcasts

0. Paul Asadoorian's Security Weekly (@securityweekly @swfeeds) podcasts: [official website • YouTube • infocon.org: PaulDotCom Weekly && Security Weekly]
   1. Paul's Security Weekly: with @haxorthematrix @securityweekly @Carlos_Perez @jack_daniel @MrJeffMan @joff_thyer
   2. Hack Naked News: with @securityweekly @Jason_Wood
   3. Enterprise Security Weekly: with @securityweekly @strandjs
   4. Business|Startup Security Weekly: with @securityweekly @catalyst
   5. Secure Digital Life: with @dougwhitephd @rbeauchemin [newbie friendly • security ambassadoring]
   6. Tradecraft Security Weekly:
   7. Application Security Weekly: with @securityweekly @andMYhacks
   8. Interviews
1. @chrissanders88's Source Code [interviews with infosec folks re: path into infosec]
2. @maliciouslink & @lerg's Defensive Security (@Defensivesec) podcast: [general]
3. @bryanbrake & @InfoSystir's @BrakeSec podcast: podcast • YouTube [general]
4. Patrick Gray (@riskybusiness)'s Risky Business security podcast: [official site • infocon][general]
5. @steved3's #SaltedHash podcast: [video • podcast] {from @csoonline}
6. @DanielMiessler's Unsupervised Learning podcast [weekly news]
7. @CyberSecStu's @TheManyHatsClub's weekly interviews with infosec folk (livestream on Discord • podcast) [general]
8. The Southern Fried Security Podcast (@SFSPodcast): [official site • infocon • iTunes]
9. @phillmoore's This Week in 4n6: [roundup of interesting DFIR items + podcast]
10. @humanhackers's The Social-Engineer Podcast #SEPodcast: [official site • infocon] [social engineering]
11. @wadebaker & @jayjacobs' @cyentiainst Podcast
12. @gcluley & @caroletheriault's @SmashinSecurity [weekly news breakdown]
13. @XenoPhage & AgentSixty6's Iron Sysadmin Podcast (@ironsysadmin) [adjacent: sysad]
14. @kyleshevlin's @2ndCareerDevs [adjacent: devops + lateral]
15. @7MinSec's 7 Minute Security podcast
16. @PurpleSquadSec's Purple Squad Security podcast
17. The Cyberwire (@thecyberwire) podcasts
18. Darknet Diaries [cybercrime]
19. Stewart A. Baker's Cyberlaw Podcast [cyberlaw stuff from former NSA general counsel]
20. @LawyerLiz's #BuzzOffwithLawyerLiz [law + policy + tech]
21. @Jenny_Radcliffe's #HumanFactor podcast [social engineering]
22. @embeddedfm's Embedded [hardware hacking-ish]
23. Steve Gibson (@SGgrc) & Leo Laporte's Security Now! podcast: [infocon • iTunes • RSS • twit.tv]
24. @textfiles' Jason Scott Talks His Way Out of It podcast: [YouTube • Patreon]
25. Michael Bazzell (@IntelTechniques)'s Complete Privacy & Security Podcast [privacy + OSINT]
26. @edgeroute & @RobertHurlbut's @AppSecPodcast [appsec]
27. @CSI_Podcast's Cyber Security Interviews podcast
28. The Security Ledger (@securityledger) podcast
29. The Ask Mr. DNS Podcast [netsec]
30. SANS Internet Storm Center (@sans_isc)'s daily ISC StormCast podcast: [threat hunting • malware analysis • blue team • DFIR]
31. 2600's Off The Wall Radio Show: [archives: 2003–2018 • infocon.org: 2006–2014]
32. 2600's Off The Hook Radio Show (@HackerRadioShow): [iTunes • infocon.org: 2006–2016]
33. Phone Losers of America's The Snow Plow Show: phone comedy podcast: [official site • infocon • Patreon]
34. @securitycurrent's Security Current podcast
35. @gattaca's Liquid Matrix Security Digest podcast: [iTunes • infocon • YouTube]
36. @OWASP's OWASP 24/7 Podcast: [official site • infocon: I, II] (FIXME: neither infocon directory is well-organized)
37. Bob Rudis & Jay Jacob's Data Driven Security podcast [security + data analytics • data visualization]
38. The SteptoeCyberLaw Podcast: [official site • infocon] [law]
39. [Down The Security Rabbithole] (@DtSR_Podcast, wh1t3rabbit) podcast: [official site • infocon]
40. The Social Media Security Podcast: [official site • infocon]
41. Defrag This (@defrag_this) podcast
42. Bruce Shneier (@schneierblog)'s Crypto-Gram podcast: [official site • infocon.org (pre-2010) • newsletter]
43. CERT's Security for Business Leaders podcast: [iTunes] [management]
44. RunAs Radio podcast: [iTunes • RSS]
45. The Standard Deviant Security Podcast (@standeviant): [Stitcher]
46. The In-Security Podcast: [iTunes • RSS]
47. ISMG Network Podcasts:
    1. The Healthcare Information Security Podcast
    2. The Careers Information Security Podcast
    3. The Data Breach Today Podcast
    4. The Banking Information Security Podcast
48. infocon.org has archives of several older podcasts:
    1. CERT.org podcast: 2006–2014
    2. CyberSpeak podcast: 2006–2013
    3. Eurotrash Security podcast: pre-2014
    4. Exotic Liability podcast: pre-2010
    5. Hacker Podcast Radio: pre-2014
    6. Security Management Podcast: pre-2014
    7. Network Security Podcast podcast: 2014
    8. Finux Tech Whatever: (FIXME: files seem to be missing; anybody have an archive?)
    9. hacktv.org podcast: (FIXME: files seem to be missing; anybody have an archive?)
    10. Hacker News Network (HNN):
        1. HHNCast:: 2009–2011?
        2. ToolTime: 2010-2011
        3. Stack of Shame: 2010-2011
        4. ConFu: 2010-2011
        5. Behind The Firewall: (FIXME: only one clip; anybody have a complete archive?)
    11. Hak5 (@Hak5): 0. NOTE: For more up-to-date links, cf. @Hak5 entries in Shows &/or Livestreams above.
        1. ThreatWire: 2015-2016
        2. HakTip + Metasploit Minute
        3. Hak5: (seems to be episodes from their YouTube show?)

Podcasts from Companies

0. @TalosSecurity's Beers with Talos podcast (from @TalosSecurity) [news, netsec]
1. @Sophos's Naked Security Podcast {from @Sophos}
2. @IBM's Security Intelligence Podcast {from @IBM}
3. @BrianRexroad & @jclausing's #ThreatTraq {from @ATT}
4. Shaun Walsh (@cingulus)'s InSecurity Podcast {from @cylance}
5. @cybereason's malicious.life (@MaliciousLife) Podcast {from @cybereason}
6. TrustedSec Security Podcast {from @TrustedSec}
7. Gary McGraw's Silver Bullet Security podcast: [iTunes • YouTube • infocon: [I, II]] {from IEEE Security & Privacy}
8. @mike_mimoso & Chris Brook's The Threatpost Podcast: [iTunes • RSS {from @ThreatPost}
9. Jessica Ortega, Ram Gall, Topher Tebow's Decoding Security podcast: [official site • YouTube • iTunes] {from @SiteLock}
10. @nuix's Unscripted podcast: {from @nuix}
11. @tripwire's Security Slice podcast: {from @tripwire}

---

---

---

Playgrounds!: Practice Materials && Labs (FOSS)

0. @blackroomsec's List of Hacking & CTF Challenge Sites - Updated February 2, 2018
1. @FSecure's Cyber Security MOOC
2. @0xmchow's COMP 116: Introduction to Computer Security
3. Rensselaer Polytechnic Institute's @RPISEC CSCI 4968: Modern Binary Exploitation • CSCI 4976: Malware Analysis [exploit dev • malware analysis]
4. @XenoKovah & co's introductory infosec classes [29 classes with videos; 63 days of open source class materials—many domains]
5. Get some "help desk"-esque experience online & learn beginning malware triage/analysis for free: @BleepinComputer's Malware Removal Training Program[malware analysis]
6. @chrissanders88's The Cuckoo's Egg Decompiled [intro to SOC • NSM • DFIR]
7. @bartblaze's Introduction to Malware Analysis, Threat Intelligence, & Reverse Engineering [malware analysis!!! • threat intelligence • reverse engineering]
8. JPCERT/CC's catalogue of DFIR artifacts left by common attack tools [threat hunting • DFIR]
9. HackTheBox.eu [mostly pentesting • red team, but a few DFIR challenges too]
10. @daeken's Hacker101.com [bug bounty • websec • appsec • pentesting • netsec] {from @Hacker0x01}
11. @OWASP's collection of vulnerable web apps [bug bounty • pentesting • websec • appsec • netsec]
12. Damn Vulnerable Web App (DVWA) VM [bug bounty • appsec]
13. @b1ack0wl's Damn Vulnerable Router [embedded • exploit dev • pentesting]
14. @ProjectHoneynet challenge archive [DFIR]
15. @Fox0x01's ARM reverse engineering tutorials & ARM assembly introduction [reverse engineering (ARM)]
16. @malwareunicorn's RE101 & RE102 [reverse engineering (x86) + malware analysis intro]
17. @malware_traffic's malware traffic analysis exercises [network forensics]
18. @FuzzySec's exploit dev tutorials [exploit dev • pentesting • red team]
19. @abatchy17's Windows Kernel Exploitation tutorial series + Vulnhub walkthroughs [exploit dev • red team]
20. @sambowne's samsclass.info
21. @bellis1000's Exploit Challenges [exploit dev]
22. ROP Emporium [exploit dev]
23. @g0tmi1k's @VulnHub, a vulnerable VM repository + walkthroughs [pentesting • red team • exploit dev • bug bounty]
24. exploit-exercises.com [exploit dev]
25. root-me.org [exploit dev • etc]
26. GNS3 [neteng + netsec — you'll need to track down firmware images, though]
27. #DailyScriptlets [practice malware analysis • DFIR]
28. @CTFtime's CTFtime.org [find currently scheduled CTFs]
29. @Magoo's Incident Response tabletop scenarios (@badthingsdaily) [DFIR • incident response • blue team]
30. Hacking Printers wiki [pentesting]
31. Want to build your own virtual homelab to practice in? GOOD. Go buy @da_667's Big Black Tome, Building Virtual Machine Labs: A Hands-On Guide.
32. Issues of PoC||GTFO are usually hackable. >:D

---

---

---

Workstation VMs (Virtual Machines)

0. @SANS' SIFT Workstation VM [DFIR Linux (Ubuntu) distro]
1. @SANS' Remnux Workstation VM [malware analysis • reverse engineering Linux (Ubuntu) distro]
2. @IntelTechniques' Buscador VM [OSINT+RECON Linux (Ubuntu) distro]
3. @securityonion's SecurityOnion VM [NSM+IDS+IPS • netsec Linux (Ubuntu) distro]
4. @offsectraining's Kali VM (@kalilinux) [offensive security • pentesting Linux distro]
5. @Zero_ChaosX's Pentoo VM (@pentoo_linux) [wireless+SDR+RF Linux (Gentoo) distro]
6. @ParrotSec's Parrot Security OS VM [pentesting • DFIR Linux (Debian) distro]
7. @rootkovska's @QubesOS
8. @ShadowDXS's guide to installing Arch Linux

---

---

---

Introductory Resources for the Complete Newbie

0. A Non-Nerd's Guide to the Command Line
1. @mpratland's Terminus [super gentle introduction to using a CLI]
2. explainshell.com [help break down common commands you don't understand]
3. OverTheWire's Wargames [beginning exercises for bash scripting, exploit dev, bug bounty-ish stuff...go through Bandit to get used to CLIs]
4. "The Art of the Command Line"
5. What happens when...: uses the example of searching Google to traverse different domains; common interview question]`
6. Stack Overflow: Helping One Million Developers Exit Vim [so you will understand the Exiting Vim memes]

---

---

---

Hacker History & Culture

0. @nyxgeek's reading list: read up on your #HackerHistory, fam. <3
1. The Hacker's Manifesto
2. @jack_daniel's Shoulders of Infosec project
3. SecLists.Org Security Mailing List Archive
4. 2600: The Hacker Quarterly
5. Phrack Magazine
6. Uninformed Magazine: Informative Information for the Uninformed
7. POC||GTFO: Proof of Concept or Get The Fuck Out!: [download mirrors: alchemistowl.org • greatscottgadgets • ludost.net • github.com/filcab] {Please note this blogpost|contalk from @ESultanik that explains how you can play with several issues' polyglots. ;)}
8. Jason Scott (@textfiles)'s textfiles.com
9. OpenRCE.org articles
10. archive.org's HyperCard Stacks archive
11. Bastard Operator from Hell (BOFH)
12. DEFCON's Hacker Movie List