Here’s a list of resources I regularly use when doing CTFs, listed in no particular order.

If you have any suggestions, or if you want me to remove your page from this list, do hit me up via email or drop me a message on the HackTheBox forums.

  • HackTricks - A site that lists (nearly) everything you need for pentesting a particular service.
  • Pentestmonkey Cheatsheets - A handy list of cheatsheets for SQL injections, reverse shells, etc.
  • PayloadsAllTheThings - A huge list of payloads for nearly everything you can think of, by swisskyrepo on Github.
  • Active Directory Exploitation Cheatsheet - A (pretty) big list of things that you can do to exploit Active Directory, by S1ckB0y1337 on Github.
  • GTFOBins - A list of legitimate *nix binaries that can be exploited under the right circumstances.
  • LOLBAS - A list of legitimate Windows executables that can be exploited under the right circumstances.
  • IppSec.Rocks - A searchable list of IppSec videos.
  • SecLists - A very useful collection of wordlists for fuzzing or dictionary attacks, by danielmiessler on Github.
  • Upgrading to Full Interactive TTY using Python - I do this on every non-interactive *nix reverse shell I catch (of course, python needs to be installed).