References

External wikis, standards, labs, books, blogs, talks, and communities the topic pages link out to. Curated, not exhaustive — favourites kept current as of 2026.

Wikis and methodology references

HackTricks — broad pentest wiki (Carlos Polop).
HackTricks Cloud — cloud and Kubernetes companion.
ired.team — Windows and AD tradecraft reference (Ondrej Mihalek).
The Hacker Recipes — methodology reference.
PayloadsAllTheThings — payloads and bypass tricks by class.
SecLists — wordlists.
GTFOBins — Unix binaries that bypass local security.
LOLBAS — living-off-the-land binaries and scripts for Windows.
WADComs — interactive AD / Windows command cheatsheet.

OWASP — standards and testing guides

OWASP WSTG (GitHub) — the Web Security Testing Guide; canonical structured test methodology, one technique per section.
OWASP ASVS — Application Security Verification Standard; verification levels and per-control checks.
OWASP MASTG / MASVS — Mobile Application Security Testing Guide + Standard.
OWASP Cheat Sheet Series — succinct defensive cheat sheets, useful for understanding what good code looks like.
OWASP API Security Top 10 — current edition.
OWASP LLM Top 10 / Gen AI Security — LLM-specific risks.
OWASP Threat Modeling resources.
OWASP WebGoat — practice app for web bug classes.
OWASP Juice Shop — intentionally vulnerable modern JS app.

MITRE knowledge bases

MITRE ATT&CK — adversary TTP taxonomy.
MITRE D3FEND — defensive countermeasure taxonomy mapped to ATT&CK.
MITRE CWE — weakness taxonomy used by CVEs.
MITRE CAPEC — attack pattern catalogue.
MITRE ATLAS — adversarial tactics against ML systems.

Vulnerability databases and disclosed reports

HackerOne hacktivity.
Bugcrowd disclosure archive.
Intigriti researcher blog — Bug Bytes monthly + technique posts.
YesWeHack blog — EU bounty platform research + annual report.
huntr.com (Protect AI) — bounty platform for AI/ML supply-chain vulnerabilities.
Pentesterland Bug Bounty Writeups.
InfoSec Write-ups — aggregator; filter by author reputation.
Exploit-DB — public exploit archive.
Packet Storm.
CVE / Mitre · NVD.
AttackerKB — exploitability assessments.
VulnCheck — KEV-style feeds.

Hands-on labs and platforms

PortSwigger Web Security Academy — free, structured.
PortSwigger All Labs catalogue — every Academy lab, by topic and difficulty.
TryHackMe — guided rooms.
Hack The Box — machines, Pro Labs, Academy, Offensive AI Security track.
pwn.college — free ASU binary-exploitation curriculum + CTF Archive of replayable challenges.
OffSec Proving Grounds — paid lab environment.
GOAD — AD lab.
HackingHub — paid bug-bounty practice.
VulnLab — paid AD / red-team labs.
CloudGoat — vulnerable-by-design AWS scenarios.
Stratus Red Team — granular adversary emulation across AWS / Azure / GCP / Kubernetes.
KubeHound — BloodHound-style attack-path graphing for Kubernetes.

CTF and learning-by-CTF

CTFtime — canonical CTF calendar, team rankings, writeup index.
pwn.college CTF Archive — replay past challenges.
Handbook for CTFers (Nu1L Team, Springer) — the structured written companion.
Awesome CTF — curated tooling and resources.
0xdf write-ups — HTB and CTF.

Research blogs — high signal, currently active

Web and N-day teardowns

PortSwigger Research — James Kettle and team; novel HTTP / cache / smuggling research and the yearly Top 10 Web Hacking Techniques.
watchTowr Labs — rapid-turnaround enterprise edge-appliance N-day teardowns (Ivanti, Fortinet, etc.).
Horizon3.ai Attack Research — reproducible CVE writeups with PoCs.
GitHub Security Lab — CodeQL-driven variant analysis and OSS advisories.
Orange Tsai — protocol-level web bugs; Apache Confusion Attacks, WorstFit, Phrack #72.
Assetnote Research.
Doyensec.

Active Directory and Entra ID

dirkjanm.io — Dirk-jan Mollema; Entra ID, dMSA abuse, NTLM relay, AD CS internals.
adsecurity.org — Sean Metcalf; long-running AD hardening + Kerberoasting reference.
Akamai Security Research — BadSuccessor (dMSA escalation) and AD protocol research.
SpecterOps blog — BloodHound, AD CS (Certified Pre-Owned), Kerberos.
Itm4n — Windows / AD primitives.

Windows internals and kernel

Connor McGarr — approachable deep Windows kernel exploitation tutorials.
Project Zero — Google Project Zero; cross-platform kernel and browser research, structured 90-day disclosure write-ups.
hasherezade — Windows internals reverse engineering.
Modexp — Windows tradecraft primitives.

Linux kernel

xairy/linux-kernel-exploitation — continuously updated index of meaningful Linux-kernel exploit papers and talks.
Phrack — revived in 2025 with Issue 72; the highest-signal venue for long-form exploit dev.

macOS and iOS

DoubleYou — Patrick Wardle + Csaba Fitzl; macOS offensive and defensive primitives.
TAOMM — The Art of Mac Malware vol. 2, free online and maintained by Wardle.
Objective-See — Patrick Wardle’s older blog, still useful archive.
theevilbit — macOS primitives, TCC, sandbox.
Wojciech Reguła — macOS / iOS research.

Cloud and Kubernetes

Wiz Research.
Datadog Security Labs — rigorous cloud detection-engineering + home of Stratus Red Team + KubeHound.
Rhino Security Labs — maintainers of Pacu and the GCP IAM privesc matrix.
ramimac — independent cloud-security analysis; meta-reviews of vendor reports.
Mandiant / Google Cloud Threat Horizons — frontline IR data on how cloud and SaaS identities get compromised.
HackingTheCloud — practical attack-side cloud reference.
PEACH framework — SaaS-tenancy isolation model.

Red team tradecraft

SpecterOps Adversary Tactics — AD and red team.
Cobalt Strike Research Labs — joint Fortra + Outflank research on UDRLs, sleep masks, injection tradecraft.
MDSec Research — veteran UK red team shop; EDR evasion, COM hijack.
Outflank blog.
Black Hills Information Security — practitioner blog plus free webcasts.

AI / LLM security

Embrace the Red (Johann Rehberger) — agent and exfil-channel research.
Simon Willison — curated prompt-injection coverage.
NVIDIA AI Red Team blog — practical attack notes from a working AI red team.
Microsoft Security Blog (AI posts) — MSRC perspective on agentic AI vulnerabilities.
HiddenLayer Research.
Lakera blog.

Bug bounty methodology and writeups

Sam Curry — long-form chain writeups.
Intigriti Bug Bytes.
YesWeHack blog.
Pentesterland.
Bug Bounty Reports Explained — video deep-dives of disclosed reports.

Aggregators

tl;dr sec — weekly aggregator.

YouTube / video

IppSec — HTB walkthroughs as the best free practical learning material.
LiveOverflow — binary exploitation, browser, and research-style explainers.
John Hammond — CTF / malware analysis breakdowns.
Off-by-One Security — practitioner interviews and live red-team streams.
OffensiveCon talks — annual Berlin con; canonical recorded source for Windows / kernel / hypervisor exploit talks.
OALabs — malware reversing.
13Cubed — Windows DFIR; useful for understanding what defenders see.

Conferences

DEF CON Media — talks archive.
Black Hat archives.
OffensiveCon — Windows / kernel / hypervisor exploitation focus.
Hexacon — French exploitation con.
POC — Korean exploitation con.
Insomni’hack.
NorthSec.
x33fcon — red team + blue team symbiosis.
HITB — Hack In The Box.

Awesome lists

Books — web and bug bounty

The Web Application Hacker’s Handbook (1st + 2nd ed.) — Stuttard & Pinto (Wiley, 2007 / 2011). Still the reference text for chained logic bugs and methodology framing. Structural source for the injection, session-token-analysis, account-recovery, WebDAV, WAF, shared-hosting, canonicalization, DNS-rebinding, ViewState, and client-side-storage topic stubs.
Bug Bounty Bootcamp — Vickie Li (No Starch, 2021). Drawn on for the bug-class taxonomy under web-index and methodology ordering under bug-bounty-methodology.
Real-World Bug Hunting — Peter Yaworski (No Starch, 2019). Disclosed-report case studies that informed bug-class framing (HPP, HTML injection, CRLF, subdomain takeover, memory bugs in web stack).
Hacking APIs — Corey Ball (No Starch, 2022). Structural source for the API discovery, endpoint analysis, BOLA / BFLA / mass assignment, JWT, GraphQL, and XAS topics under api-index.
Bug Bounty Playbook V2 — Alex Thomas / Ghostlulz. CMS, exposed databases, subdomain takeover, and per-DB SQLi coverage that shaped web-index additions.
zseano’s Methodology — Sean Roesner. Informed the hacker-mindset and workflow stubs under bug-bounty-index.
Enumerating Esoteric Attack Surfaces — Jann Moon (2024). Deep recon framing — vertical vs horizontal scope, ASN / reverse-whois / acquisitions / cert-transparency / vhost / analytics-tag correlation surfaced under bug-bounty-index.
How To Shot Web (Jason Haddix, DEF CON 23, 2015). Bug-bounty philosophy and recon-stack framing.

Books — Windows, Linux, exploit dev, CTF

Windows Internals, Part 1 & 2 — Russinovich, Solomon, Ionescu.
The Shellcoder’s Handbook — Anley, Heasman, Lindner, Richarte.
Practical Binary Analysis — Dennis Andriesse.
A Guide to Kernel Exploitation — Perla, Oldani.
Hacking: The Art of Exploitation — Jon Erickson.
Handbook for CTFers — Nu1L Team (Springer, 2022). Cited as the structural source for the crypto, forensics, mobile, code-auditing, AWD, and CTF-style PWN topic categories in this hub.

Books — macOS / iOS

The Art of Mac Malware (vols 1–2) — Patrick Wardle.
macOS and iOS Internals trilogy — Jonathan Levin.

Books — cloud / container

Container Security — Liz Rice.
Hacking Kubernetes — Andrew Martin, Michael Hausenblas.
Hands-On AWS Penetration Testing with Kali Linux — Karl Gilbert, Benjamin Caudill.

Books — AI red team

Adversarial AI Attacks, Mitigations, and Defense Strategies — John Sotiropoulos.
Not with a Bug, But with a Sticker — Ram Shankar Siva Kumar & Hyrum Anderson (ML threat-model framing).

Communities

Discord / Slack workspaces around HTB, TryHackMe, PortSwigger, individual bug-bounty platforms, BloodHound, and AI red team groups.