Favorites: IT Security Links

I have long wanted to write this post with a selection of useful links, because very often people ask this (I think, many who are in this (and in others) sphere). Links are divided into categories.
')

Owasp

OWASP is the largest web security portal. Collected information on all sorts of attacks, vectors, guides on Pentest and much more. On it you can make a separate selection of links:

• www.owasp.org/index.php/Top_10_2013-Top_10 - top 10 attacks on web applications in 2013
• https://www.owasp.org/index.php/Category:OWASP_Download - downloads. Usually on the resource immediately passed - dir buster
• www.owasp.org/index.php/Web_Application_Penetration_Testing - pentest guide. As PDF
• www.owasp.org/index.php/Testing_Checklist - Checklist (draft)

Exploits

Sites where a lot of different exploits are collected (programs / technicians automating the exploitation of vulnerabilities)

• exploit-db.com
• 1337day.com
• packetstormsecurity.com
• www.vulnerability-lab.com
• www.rapid7.com/db/modules

Forums

• garage4hackers.com
• rdot.org
• antichat.ru

Bug bounty

Many sites pay for vulnerabilities on their sites.

• blog.nibblesec.org/2011/10/no-more-free-bugs-initiatives.html - a list of BugBounty programs
• bugcrowd.com is a platform where you can put your site on pentest (temporarily) or participate in this, getting money for each bug. Now something has passed about 30+ such pentest.

Collections of vulnerabilities on sites

• xssed.com - a collection of mainly XSS vulnerabilities (the very first resource in this area)
• bugscollector.com - any vulnerabilities
• www.vulnerability-lab.com/show.php?cat=website

Capture the Flag

Security competitions. The tasks of the participants or to solve the tasks issued to them, or to hack & protect each other

• ctftime.org is a central site with a schedule of various CTFs in the world, rated teams, vraytaps, etc.
• pentestit.ru - Penetration Testing Laboratory. Also holds competitions in the style of CTF. By the way, they will organize our laboratory at ZeroNights . Anyone can try their hand at hacking it :)

WiFi hacking

• www.aircrack-ng.org/doku.php?id=simple_wep_crack - Hacking WEP
• www.aircrack-ng.org/doku.php?id=cracking_wpa - hacking WPA / WPA2 (password matching)
• habrahabr.ru/company/xakep/blog/143834 - hacking WiFi through PIN codes
• habrahabr.ru/post/122553 - Selection of passwords for WPA / WPA2 using a video card

Distributions

Various Linux distributions already crammed with different tools to work in this area

• Kali
• Backtrack
• Pentoo
• WEAKERTHAN
• Backbuntu
• Black widow

Miscellaneous / WEB

• www.idontplaydarts.com/2012/06/encoding-web-shells-in-png-idat-chunks - create png file with php code inside
• pastebin.com/3cznqi8P - create jpeg images with php code inside that save this php code after the imagecopyresized () and imagecopyresampled () functions
• www.exploit-db.com/wp-content/themes/exploit/docs/22763.pdf - guide on the pentest of Joomla sites
• Guide on SQL injection: MySQL, MSSQL , Oracle SQL , PostgreSQL . Microsoft Access SQL , Ingres SQL , SQLite
• raz0r.name

Miscellaneous / Application Software

• insecure.org/stf/smashstack.html - writing exploits
• redplait.blogspot.ru

Miscellaneous / Training

• course.secsem.ru - special course “Modern Cryptography” and “Application Security” (faculty of the VMK of the Moscow State University named after MV Lomonosov and the company Yandex)
• www.securitytube.net - video lessons on hacking (almost any topic)
• oisd.sergeybelove.ru - my old classes (x) there are entries on youtube
• www.offensive-security.com/metasploit-unleashed/Msfconsole_Commands - list of metasploit commands
• www.agarri.fr/docs/HiP2k13-Burp_Pro_Tips_and_Tricks.pdf - tips and tricks for using Burp Pro
• github.com/rapid7/metasploit-framework/wiki/Setting-Up-a-Metasploit-Development-Environment - environment setting for MetaSploit
• www.hackthissite.org
• www.dvwa.co.uk

Security mailing lists

Mailing on mail about different vulnerabilities

• www.securityfocus.com/archive
• seclists.org
• www.us-cert.gov/mailing-lists-and-feeds

Conferences

Conference sites that publish presentations / transcripts of their speakers. There is so much interesting there that you can spend a week on them.

• www.blackhat.com/html/archives.html
• www.defcon.org/html/links/dc-archives.html
• 2012.zeronights.org/materials & 2011.zeronights.org/materials
• www.hackinparis.com/node/154
• PHDays. 2011 - seminars , workshops , business seminars ; 2012 - all presentations , reports of reports ; 2013 - presentations , recording of reports , recording of reports in Russian
• www.powerofcommunity.net/archives.html
• archive.hack.lu
• www.nuitduhack.com/en#menu-624
• www.nullcon.net/website/archives/goa-2013.php
• www.derbycon.com/past-conferences
• hacktivity.com
• hackmiami.org/2013/07/08/presentation-archive
• 2013.confidence.org.pl/materials (and a year earlier)

Suggestions in the comments (especially about application software) are welcome!