WebAppSecInjection
SQL Injection (WAF-safe patterns)
Identify and exploit SQL injection safely; parameterization and union-based detection.
Best Hacking Guides (2025)
100 practical, reputable guides spanning web, API, cloud, AD, DFIR, RE, mobile, and more
Quick Filters:
WebAppSecXSS
Cross-Site Scripting (XSS)
Reflected, stored, and DOM-based XSS with modern filters and sinks.
WebAppSecSSRF
Server-Side Request Forgery (SSRF)
Pivoting via SSRF, metadata services, and egress restrictions.
WebAppSecXXE
XML External Entity (XXE)
Entity expansion, out-of-band exfiltration, and modern mitigations.
WebAppSecInjection
OS Command Injection
Detecting and exploiting command injection safely.
WebAppSecFiles
Path Traversal
Break out of web roots and access unintended files.
WebAppSecFiles
File Upload Security
Bypassing content-type checks and storage sinks for RCE.
WebAppSecDeserialization
Deserialization Vulnerabilities
Gadgets, transformers, and practical exploitation paths.
WebAppSecSSTI
Template Injection (SSTI)
From blind payloads to full RCE across different engines.
WebAdvancedHTTP
Request Smuggling
CL/TE and TE/CL differentials; cache poisoning and splitting.
WebAppSecAuth
Authentication Vulnerabilities
Bypassing auth, weak MFA flows, and session handling.
WebAppSecAuth
Access Control
IDOR, privilege escalation, and broken object-level auth.
WebAppSecCORS
CORS Misconfigurations
Origins, credentials, and preflight pitfalls.
WebAppSecCSRF
CSRF
Modern token patterns, SameSite, and SPA nuances.
WebAppSecUI
Clickjacking
UI redressing defenses and bypasses.
WebAppSecRealtime
WebSockets Security
Stateful channels, origin checks, and message tampering.
WebAPIGraphQL
GraphQL Security
Introspection, authZ issues, and resolver flaws.
WebAPIAuth
OAuth Security
Implicit vs code flows, redirectors, and token leakage.
WebAPIAuth
JWT Security
Alg confusion, kid header abuse, and signing pitfalls.
WebAdvancedCaching
Web Cache Poisoning
Key/header confusion, unkeyed inputs, and DOS.
WebAppSecOWASP
OWASP Web Security Testing Guide
Comprehensive manual for testing web application security.
APIAppSecOWASP
OWASP API Security Top 10
Key API risks and testing guidance.
MobileAppSecOWASP
OWASP Mobile Security Testing Guide
Practical testing for Android and iOS apps.
MobileAppSecOWASP
OWASP MASVS
Verification standard for mobile application security.
ADWindowsInternal
Active Directory Methodology
End-to-end AD attack paths and enumeration.
WindowsPrivEscInternal
Windows Local Privilege Escalation
LPE primitives and checks.
ADWindowsTradecraft
BloodHound Shortcuts
Advanced AD/Windows tradecraft and graph thinking.
ADWindowsKerberos
Kerberos Attacks Primer
Kerberoasting, AS-REP, constrained delegation basics.
LinuxPrivEscInternal
Linux Privilege Escalation
Enumeration, misconfigs, SUIDs and capabilities.
LinuxPrivEscLOLBAS
GTFOBins Tactics
Living off the land on Unix systems.
CloudAWSIAM
AWS Security Basics
Enumeration, IAM abuse, and persistence in AWS.
CloudAzureIAM
Azure Security Basics
Entra ID, roles, and abuse paths in Azure.
CloudGCPIAM
GCP Security Basics
Service accounts, IAM, and GCP attack paths.
CloudKubernetesContainers
Kubernetes Attack Surface
From misconfigs to workloads takeover.
CloudKubernetesDefense
NSA/CISA Kubernetes Hardening
Practical defensive controls and checks.
ContainersDockerDefense
Docker Security Guide
Image, runtime, and supply chain security for containers.
OSINTReconDiscovery
Practical OSINT Workflow
Discoverable data sources and pivots for recon.
OSINTReconSearch
Shodan Field Guide
Query syntax, filters, and mapping attack surface.
OSINTReconSearch
Censys Search Guide
Cert, host, and index queries for discovery.
PhishingSocialCampaigns
Gophish Operator's Guide
Setup, templates, landing pages, and reporting.
DefenseBlue TeamPhishing
Modern Phishing Defenses
Map mitigations to adversary tradecraft.
PasswordsCrackingHashcat
Hashcat Rule-based Attacks
Generate smart candidates for real-world success.
PasswordsCrackingHashcat
Mask Attacks & Masks
Targeted brute force with masks and hybrid modes.
DFIRWindowsLogging
Windows Event Logging Cheatsheets
Know what to collect and how to interpret.
DFIRHuntingEndpoints
Velociraptor Ops
Hunting and collection at scale with VQL.
DFIRForensicsTimeline
Timesketch Workflow
Event timelines and collaboration.
DFIRMemoryForensics
Volatility 3 Cookbook
Practical memory analysis patterns.
REMalwareGhidra
Ghidra User Guide
Static analysis workflows and scripting.
REMalwareDetection
YARA Patterns
Rules, modules, and matching practice.
REMalwareUnpacking
Unpacking 101 (UnpacMe)
Automated unpacking and triage.
Red TeamC2ATT&CK
Adversary Emulation with CALDERA
Automating behaviors mapped to ATT&CK.
Red TeamC2Exploitation
Metasploit Modules & Guides
Module usage, payloads, and post-ex basics.
Blue TeamDetectionSIEM
Sigma to SIEM
Translate analytics across backends.
Blue TeamDetectionSIEM
Elastic Detection Engineering
Rules mapped to ATT&CK with context.
Threat IntelReportsMandiant
Threat Intel Playbooks
Intel-led reporting and techniques.
Threat IntelATT&CKMatrix
MITRE ATT&CK Usage
Tactics, techniques, and emulation guidance.
ReportingBug BountyDocs
HackerOne Reporting Best Practices
Write clear, reproducible reports and summaries.
ReportingWritingDocs
Google Technical Writing 1
Sharpen clarity in security writeups.
MobileAndroidTesting
Android App Testing Primer
Static/dynamic testing patterns for Android.
MobileiOSTesting
iOS App Security Primer
Static/dynamic testing patterns for iOS.
NetworkAnalysisWireshark
Wireshark Tactics
Filters, dissection, and PCAP strategy.
NetworkScanningNmap
Nmap Playbook
Scanning strategies and host discovery.
WirelessWi-FiCrypto
Aircrack-ng Handbook
WEP/WPA workflows and capture tips.
TrainingWebLabs
PortSwigger Labs (All)
Hands-on labs by difficulty and topic.
TrainingWebBug Bounty
Hacker101 & CTF
Beginner to advanced web security training.
TrainingPathsLabs
TryHackMe Learning Paths
Structured tracks for fundamentals to advanced.
TrainingPathsLabs
HTB Academy Paths
Role-based learning from web to AD.
CodeSASTSemgrep
Semgrep Rules & Playbooks
Write and use rules for practical code scanning.
WebDefenseHeaders
Secure Headers Guide
Headers that harden web surfaces.
WebDefenseHeaders
Mozilla Observatory Guide
Analyze and improve web security posture.
CryptoTLSDefense
TLS Configuration (Mozilla)
Modern TLS parameters and checks.
CryptoTLSDefense
SSL Labs Deep Dive
Grades, ciphers, and remediation tips.
AppSecArchitectureOWASP
Threat Modeling Basics
Modeling risks and prioritizing controls.
CodeAppSecDefense
Secure Coding Guidelines (MS)
Developer-focused secure coding guides.
CloudAWSDefense
SSRF Mitigations (Cloud)
Cloud-native patterns to prevent SSRF impact.
KubernetesRBACDefense
Kubernetes RBAC Primer
Designing least privilege for clusters.
ContainersDockerDefense
Dockerfile Security
Build-time best practices to reduce risk.
CloudIaCTerraform
Terraform Security Checks
Practical IaC misconfiguration patterns.
KubernetesDefenseBenchmarks
Kubernetes CIS Benchmarks
Automated checks with guidance.
CloudGCPIAM
Cloud IAM Least Privilege
Principles and examples for IAM.
CloudAzureDefense
Azure Security Benchmark
Baseline controls mapped to frameworks.
CloudAWSDefense
AWS Well-Architected: Security
Security Pillar with practical checks.
ContainersDefenseNIST
NIST Container Security (800-190)
Guidance for securing containers.
DefenseFrameworksCIS
CIS Controls v8 (Tactics)
Prioritized safeguards and quick wins.
AuthIdentityProtocols
SAML/OIDC Basics
Modern identity protocols and risks.
AuthIdentityRFC
OAuth Threat Model
Threats and mitigations for OAuth 2.0.
AuthJWTBest Practices
JWT Best Practices
Pitfalls and modern recommendations.
APIGraphQLDefense
GraphQL Best Practices
Limits, complexity, and authN/Z.
APIDefenseDoS
Rate Limiting Strategies
Protect APIs and apps from abuse.
WebDefenseCSP
Content Security Policy (CSP)
Mitigate XSS and injection with CSP.
WebDefenseCookies
SameSite Cookies
Modern CSRF protections using cookie flags.
WebDefenseSRI
Subresource Integrity (SRI)
Protect external scripts and styles.
Bug BountyReconLists
Bug Bounty Recon Guide
Wordlists that power discovery and fuzzing.
WebFuzzingDiscovery
FFUF Usage Guide
Fast content discovery with filters and recursion.
WebScanningAutomation
Nuclei Templates Guide
Template-driven vulnerability checks.
ReconAutomationWeb
ProjectDiscovery Toolkit
Integrate recon and scanning at scale.
IntelVulnsPrioritization
CISA KEV Usage
Prioritize by known exploitation.
ExploitResearchVulns
Exploit-DB Workflow
Search techniques and code vetting.
ExploitResearchPrioritization
Rapid7 AttackerKB
Weigh exploitability and impact.
Blue TeamDetectionSigma
Sigma Detection Cookbook
From hypothesis to tested analytics.
Blue TeamNSMZeek
Zeek Practical Guides
Network analytics and scripting.
Blue TeamNSMSuricata
Suricata Rule Writing
Practical IDS rule authoring.
Blue TeamWindowsTelemetry
Sysmon Config & Tuning
Practical Windows telemetry with noise control.
Blue TeamHuntingEndpoints
OSQuery Guide
Query endpoints like a database for hunting.
Blue TeamSIEMSplunk
Sigma to Splunk
Convert Sigma rules to Splunk queries.
Blue TeamATT&CKTesting
Atomic Red Team
ATT&CK-mapped tests to validate detections.
Blue TeamLabWindows
DetectionLab Setup
Spin up a full detection engineering lab.
Blue TeamHuntingPlaybooks
Threat Hunting Playbook
Methodologies and analytics for hunting.
WebResearchPayloads
PayloadsAllTheThings
Payloads and bypasses across scenarios.
WindowsLOLBASTradecraft
LOLBAS Project
Living off the land binaries and scripts.
DFIRForensicsUtility
CyberChef Recipes
Transform data for analysis and testing.
AppSecAuthOWASP
Auth Hardening Playbook
Patterns for protecting authentication.
CodeSASTAppSec
Security Code Review
Approaches and tooling for code review.
OSLinuxKali
Kali Linux Handbook
Operating the toolkit and workflows.
OSLinuxParrot
Parrot OS Security Guide
Parrot workflows for operators.
OSLinuxBlackArch
BlackArch Usage
Repo usage and tooling basics.
WindowsDefenseHardening
Windows Hardening Basics
Baseline hardening and mitigations.
LinuxDefenseHardening
Linux Hardening Basics
CIS-aligned practices and updates.
macOSDefenseHardening
macOS Security Primer
Platform security features and risks.