📚 Explore Useful Resources
Curated and categorized content to learn, practice, and sharpen your hacking & cybersecurity skills — all in one place.
🏫 Learning Platforms & Academies + Certificates 🏅
Top platforms, courses and certificates to start or level up in ethical hacking and cybersecurity.
Hack4u
The best Spanish platform to learn ethical hacking.
100% Recommended!
(Plans starting from 14,99€/month)
HackTheBox Academy
A CTF platform that offers the academy courses & modules for free, but the certificates are paid.
(Free)
TryHackMe
Similar to HackTheBox Academy, but mostly geared toward beginners with practical modules. Basic, yet great for getting started.
(Free)
PortSwigger
PortSwigger, oh what a treat — the best platform to learn web hacking. Honestly, it's no exaggeration — it's the best. You can learn all types of web pentesting completely for free, with labs that range from easy to extremely challenging.
I recommend it 100%. Give it a try.
(Free)
OSCP+
The OSCP+ (Offensive Security Certified Professional Plus) is widely recognized as one of the most respected and challenging certifications in the cybersecurity industry.
It builds on the legendary OSCP by adding advanced penetration testing techniques and real-world scenarios.
Holding an OSCP+ demonstrates exceptional practical skills, deep technical knowledge, and the ability to perform under pressure — making it the gold standard for aspiring and professional pentesters alike.
(Paid)
eJPT
The eJPT (eLearnSecurity Junior Penetration Tester) is an excellent entry-level certification for beginners.
It focuses on fundamental penetration testing skills and practical knowledge, making it perfect for those starting their cybersecurity journey.
(Paid)
Offensive Security
Offensive Security is a leading provider of advanced cybersecurity training and certifications, including the prestigious OSCP.
Their programs are known for their rigorous, hands-on approach that prepares students for real penetration testing and red team engagements.
(Paid)
eLearnSecurity
eLearnSecurity (now INE Security) offers hands-on, practical cybersecurity training focused on real-world skills.
Their courses and certifications are well-regarded for being accessible to beginners and professionals alike, emphasizing applied knowledge over theory.
(Paid)
TCM Security Academy
Just discovered it — and it’s worth checking out!
It offers courses for both Red Team and Blue Team, as well as foundational content like Linux and networking.
There’s both free and paid material, all well explained and highly practical — perfect for learning from scratch or leveling up your cybersecurity skills.
(Free and paid)
🎯 Labs & CTF Challenges
Practice environments and challenge-based learning to test your offensive skills.
HackTheBox
Yes, again; HackTheBox is the best CTF platform that lets you learn effectively. With machines, challenges, paths, etc., you learn in a practical and complete way.
100% recommended!
(Free is more than enough, but VIP paid exists)
TryHackMe
Oh yes, you're going to kill me, but here we go again. TryHackMe is honestly great for beginners.
It’s like HackTheBox but provides guidance, explanations, and step-by-step instructions to exploit labs and machines. So, if you don’t know where to start, I recommend beginning with TryHackMe before moving on to HackTheBox.
(Free is more than enough, but VIP paid exists)
Root-Me
A French CTF platform that gives you challenges to complete — as simple as that. Great for learning specific skills and techniques.
(Available in English & Spanish too)
(Free)
PortSwigger
PortSwigger — yes, we’ve mentioned it before, but it absolutely deserves a spot here too. It’s one of the best platforms for mastering web security through labs and CTF-style challenges.
Totally free, high quality, and packed with exercises from beginner to expert level — it’s a must for anyone serious about web hacking.
(Free)
VulnHub
Like HackTheBox, but local. Offers vulnerable machines you can download and run in your own environment (VirtualBox, VMware, etc.).
Ideal for practicing ethical hacking offline, simulating real audits, and improving your technical skills from scratch.
Recommended for hands-on, self-paced learning
(Free)
Vulhub
Agh, almost, it's missing an 'n', but that's how it is because it's totally different from Vulnhub haha.
Vulhub is a collection of ready-to-use Docker environments for practicing and learning about common vulnerabilities and exploits.
Unlike VulnHub, which focuses on downloadable VMs, Vulhub provides easy-to-deploy labs using Docker containers, making setup quick and hassle-free.
Perfect for testing exploits, experimenting with vulnerable services, and deepening your practical cybersecurity skills, all locally and efficiently.
(Free)
HackTricks is a one-stop resource packed with everything you need for penetration testing and cybersecurity. From web hacks to privilege escalation, network tricks, and more — it covers all the essential topics with practical tips and detailed explanations. A must-have toolkit for hackers of all levels.
PayloadsAllTheThings is a comprehensive repository of injection payloads, attack vectors, and exploitation techniques for web, network, and system pentesting. Ideal for bug bounty hunters, red teamers, and ethical hackers looking for ready-to-use payloads and in-depth exploitation tricks.
EsGeeks is a blog with articles/tutorials on ethical hacking, cybersecurity, and general IT topics. Very good for learning both specific and general things. I recommend checking it daily or weekly.
GTFOBins is a curated collection of Unix/Linux binaries that can be exploited by attackers to bypass local security restrictions, escalate privileges, or execute arbitrary commands. A must-have reference for post-exploitation and privilege escalation techniques.
LOLBAS (Living Off The Land Binaries And Scripts) is a comprehensive project that documents Windows native tools/binaries which can be abused by attackers for privilege escalation, persistence, or evasion. Essential for Red Teamers and defenders alike.
LOLDrivers is an extension of the LOLBAS project, focused specifically on vulnerable or malicious Windows drivers that can be abused by attackers. It provides a curated collection of signed drivers that can be exploited for kernel-level attacks, privilege escalation, or bypassing security mechanisms. An essential reference for advanced Red Teaming and malware analysis.
RedTeam-Tools
A well-organized GitHub repository listing essential offensive security tools for Red Team operations — from recon to post-exploitation.
Continuously updated and categorized for quick reference. Ideal for building or refining your toolkit.
Osint Framework
A well-structured web-based directory of free OSINT tools and public data sources. Browse through categorized treasure troves—from social media and domain investigation to people search and metadata analysis. A go-to resource for ethical hackers, researchers, and cybersecurity pros.
🖥️ OS & Systems
Essential systems and distributions to help you build your lab and streamline your daily hacking tasks.
Kali Linux
The best and most widely used Linux distributions for ethical hacking and penetration testing. Built on Debian and loaded with hundreds of powerful tools, Kali is trusted by security professionals for tasks like vulnerability scanning, exploitation, wireless testing, and digital forensics.
Parrot Security OS
A powerful Linux distribution similar to Kali, designed for cybersecurity, digital forensics, and privacy. It includes a wide range of hacking and security tools, with a strong focus on anonymity.
While it’s a solid choice for ethical hacking, I personally prefer Kali Linux due to its performance, toolset, and ease of use in offensive security workflows.
Arch Linux
A lightweight and highly customizable Linux distribution for advanced users. While not specifically designed for cybersecurity, Arch gives full control over your environment — ideal for building a personalized pentesting lab or minimal system.
Its rolling release model and AUR (Arch User Repository) make it powerful for developers and hackers who want to tailor everything from the ground up.
📺 YouTube Channels to Follow
Hand-picked creators delivering high-quality technical content, from exploitation techniques and red teaming to incident response and malware analysis.
Perfect for visual learners looking to boost their skills.
