[ Links ]

Curated outbound links across security — the third-party tools,
frameworks, and reference sites that pair with the
Code & Tools, guides, and
exploits on this site. Grouped by role:

  Good Websites          Forums, research collectives, wargames,
                         and the personal blogs worth bookmarking.
  Reverse Engineering    Disassemblers and debuggers — IDA,
                         Ghidra, OllyDBG. Static + dynamic binary work.
  Offensive Tools        Red-team frameworks and post-ex tooling
                         — payload generation, credential dumping.
  Password & Crypto      Password managers and crypto utilities.
                         Keep your own house in order.
  Wireless               Wireless / Wi-Fi tooling — the
                         WiFiPineapple package repo and friends.
  Random                 The bucket for things that don't fit
                         anywhere else but are worth keeping around.

[ Good Websites ]

Offensive-security training and consulting shop. Long-running
practitioner-focused outfit with conference talks and red-team
training going back to the early 2000s.
Veteran security-history archive. Defacement mirrors, errata, charlatan
call-outs, and a frankly opinionated take on the industry going back
to the late 1990s. The institutional memory of infosec.
Security blog and community hub — tutorials and writeups across
offensive and defensive topics.
Annual Canadian security conference (Quebec City). Strong CTF, hands-on
workshops, and a long history of speaker submissions from practitioners
rather than vendors.
The penetration-testing framework. Module library, payload generation,
post-exploitation tooling. Open-source Framework edition plus
Rapid7's commercial Pro tier. Still the lingua franca for exploit
delivery despite a thousand alternatives.
Personal security blog. Vulnerability writeups, exploit-development
notes, and lower-level systems content.
Long-running wargame network. SSH into a host, escalate through
progressively harder levels. Good for sharpening binary-exploitation,
local-privesc, and shell-fu without standing up your own lab.
Long-running personal security blog — exploit notes, tooling
writeups, and assorted post-ex hacks.
Researcher blog with malware analysis writeups, RE walkthroughs, and
incident-response notes. Detailed reversing posts rather than
quick-take news.
Research collective publishing deep technical posts — kernel
internals, anti-cheat reversing, hypervisor work, Windows arcana.
High signal-to-noise.
Crackme challenges and walkthroughs. Useful as RE practice between
real-world targets — small contained binaries with clear win
conditions, gradient of difficulty.

[ Reverse Engineering Tools ]

Multi-processor disassembler and debugger for Windows, Linux, and
macOS. The commercial standard for binary RE — pricey but
unmatched processor coverage, an excellent decompiler (Hex-Rays), and
deep IDC / IDAPython scripting. Free edition exists for x86/x64 with
limited features.
Open-source software reverse-engineering suite from the NSA Research
Directorate. Free and capable enough to be a real IDA alternative —
multi-arch disassembler, decompiler, scripting in Java and Python,
collaborative project support. Default RE workbench when budget rules
out IDA.
32-bit assembler-level analysing debugger for Windows. Classic
dynamic-analysis tool with a strong plugin ecosystem — still
useful for malware unpacking and binary patching work despite the
arch limitation. Pair with x64dbg for 64-bit targets.

[ Offensive Tools ]

Red-team toolkit focused on evading detection. Payload generators
(Veil-Evasion), in-memory PowerShell injection (PowerTools / PowerView
ancestors), and obfuscation utilities. Older but still a useful
reference for the techniques that work when off-the-shelf msfvenom
gets caught.
Benjamin Delpy's Windows credential-extraction tool. Reads cleartext
passwords, hashes, PINs, and Kerberos tickets from LSASS; performs
pass-the-hash / pass-the-ticket / golden-ticket attacks. Foundational
post-exploitation tool for AD environments — understanding what
it does is required reading regardless of which side of the fence
you sit on.

[ Password & Crypto ]

Free, open-source, light-weight password manager. Local file-based
vault (.kdbx) encrypted with AES-256 / ChaCha20 + Argon2 KDF —
no cloud sync unless you point it at your own. Strong plugin ecosystem
plus a long list of compatible third-party clients (KeePassXC on
Linux/macOS, KeePassDX on Android, etc.).

[ Wireless ]

WiFiPineapple Repo — 03.2015
Unofficial repository of OpenWRT / WiFiPineapple Mark V packages.
Mirrored locally since the original index has been intermittently
unreachable. Wireless-pentest payloads, infusions, and
karma-style rogue-AP tooling for the Mark V hardware platform.

[ Random ]

OpenBSD Devil — HTML · Tattoo
Vintage OpenBSD devil ASCII art and the matching tattoo photo. Kept
around because the BSD demonologica is a cornerstone of operating-
system iconography that newer hackers don't always get exposed to.

[ See Also ]