Learn to hack

From Enlace Hacktivista
Jump to navigation Jump to search

This page aims to compile high quality resources for hackers. All books listed on this page can be found on Library Genesis.

Make sure that you follow good OPSEC when carrying out your operations! See OPSEC

General Resources

Resources that assume little to no background knowledge:

Resources that assume minimal tech background:

Resources that assume a tech or hacking background:

Practice labs:


General references

General resources you may find useful for learning. see General

OWASP Top 10 is a broad consensus about the most critical security risks to web applications. See TryHackMe's room for practical OWASP Top 10 learning and their Juice Shop.

Red Team Tools for post exploitation (Windows)

Find common vulnerabilities and misconfigurations in a windows environment to escalate your privileges: winPEAS

Red Team Tools for post exploitation (Linux)

Rooting: Rooting linux

Linux & Windows Backdoors

Recommended reading - Library

See recommended reading books that will aid you in your learning. See recommended reading in the library


Collection of malware source code and binaries:

Active Directory

Active Directory General Tools & resources you may find useful for learning. see Active Directory


Office 365 & Azure




C2 Frameworks

Antivirus & EDR Evasion



Microsoft Exchange

ProxyLogon is dead. It's mitigated by Defender. ProxyShell is not. AMSI catches unmodified public exploits.

Initial Access

There are many ways to get a foothold into a targets network, from phishing, buying credential access, buying infected machines in corporate networks, password spraying, performing a targeted penetration test and spray and pray scanning for vulnerabilities and hacking in. Here we list some resources in these regards.

For more information on gaining a foothold, see Initial Access Tactics, techniques and procedures

Scanning and Recon

For scanning and Recon tools. see Scanning and Recon. Make sure to make us of your tools documentation and read the help menu (-hh/-h/--help).

Search Engines

Search engines are a useful tool for gathering information and intelligence from publicly available sources. Some are paid and some are not. Make sure to operate good OPSEC whenever placing a purchase for any service that will be used in your recon on a target.

For more information on recommended search engines, see Search Engines Resources


Open-source intelligence (OSINT) refers to the collection and analysis of information from publicly available sources.

For more information on recommended tools and resources, see OSINT Tools and Resources

API Hacking

  • Prerequisite reading: (Book) Hacking APIs: Breaking Web Application Programming Interfaces

Intercepting proxies

These let you view, edit, and replay requests, and are extremely useful for finding vulnerabilities in web, mobile and API applications.

API hacking practice

API hacking blogs

IoT Hacking

Hacking blogs

It's important that we as hackers stay fully up to date and get the latest cyber security news which will allow us to learn new TTPs, find out when new vulnerabilities and exploits are released and stay up to date with the latest news. White hats typically do a lot of the brunt work for us with developing tools and coming up with new interesting and innovative methods which we can learn from and apply this knowledge to our hacktivist operations. We can also learn how hackers get arrested and their OPSEC fails which will enable us to avoid making the same mistakes they did.

See Hacking blogs.

Operational security

Operational security (OPSEC) is crucial for protecting oneself from surveillance and maintaining anonymity while conducting hacktivist activities.

Recommended Measures

Any illegal hacktivity should be done from an encrypted and separate computer or virtual machine, with all traffic router over Tor.

For more information on recommended operational security measures, see Opsec Measures

Secure Messaging

Best practice for secure messaging includes proxying connections over Tor and using end-to-end encryption for messages.

Recommended Applications

For Jabber/XMPP, make sure to enable OTR or OMEMO encryption. For email use PGP for encryption. For file sharing use onionshare.

For more information on recommended applications, see Secure Messaging Applications