[ Links ]
Curated outbound links across security — the third-party tools, frameworks, and reference sites that pair with the Code & Tools, guides, and exploits on this site. Grouped by role: Good Websites Forums, research collectives, wargames, and the personal blogs worth bookmarking. Reverse Engineering Disassemblers and debuggers — IDA, Ghidra, OllyDBG. Static + dynamic binary work. Offensive Tools Red-team frameworks and post-ex tooling — payload generation, credential dumping. Password & Crypto Password managers and crypto utilities. Keep your own house in order. Wireless Wireless / Wi-Fi tooling — the WiFiPineapple package repo and friends. Random The bucket for things that don't fit anywhere else but are worth keeping around.
[ Good Websites ]
Offensive-security training and consulting shop. Long-running practitioner-focused outfit with conference talks and red-team training going back to the early 2000s.
Veteran security-history archive. Defacement mirrors, errata, charlatan call-outs, and a frankly opinionated take on the industry going back to the late 1990s. The institutional memory of infosec.
Security blog and community hub — tutorials and writeups across offensive and defensive topics.
Annual Canadian security conference (Quebec City). Strong CTF, hands-on workshops, and a long history of speaker submissions from practitioners rather than vendors.
The penetration-testing framework. Module library, payload generation, post-exploitation tooling. Open-source Framework edition plus Rapid7's commercial Pro tier. Still the lingua franca for exploit delivery despite a thousand alternatives.
Personal security blog. Vulnerability writeups, exploit-development notes, and lower-level systems content.
Long-running wargame network. SSH into a host, escalate through progressively harder levels. Good for sharpening binary-exploitation, local-privesc, and shell-fu without standing up your own lab.
Long-running personal security blog — exploit notes, tooling writeups, and assorted post-ex hacks.
Researcher blog with malware analysis writeups, RE walkthroughs, and incident-response notes. Detailed reversing posts rather than quick-take news.
Research collective publishing deep technical posts — kernel internals, anti-cheat reversing, hypervisor work, Windows arcana. High signal-to-noise.
Crackme challenges and walkthroughs. Useful as RE practice between real-world targets — small contained binaries with clear win conditions, gradient of difficulty.
[ Reverse Engineering Tools ]
Multi-processor disassembler and debugger for Windows, Linux, and macOS. The commercial standard for binary RE — pricey but unmatched processor coverage, an excellent decompiler (Hex-Rays), and deep IDC / IDAPython scripting. Free edition exists for x86/x64 with limited features.
Open-source software reverse-engineering suite from the NSA Research Directorate. Free and capable enough to be a real IDA alternative — multi-arch disassembler, decompiler, scripting in Java and Python, collaborative project support. Default RE workbench when budget rules out IDA.
32-bit assembler-level analysing debugger for Windows. Classic dynamic-analysis tool with a strong plugin ecosystem — still useful for malware unpacking and binary patching work despite the arch limitation. Pair with x64dbg for 64-bit targets.
[ Offensive Tools ]
Red-team toolkit focused on evading detection. Payload generators (Veil-Evasion), in-memory PowerShell injection (PowerTools / PowerView ancestors), and obfuscation utilities. Older but still a useful reference for the techniques that work when off-the-shelf msfvenom gets caught.
Benjamin Delpy's Windows credential-extraction tool. Reads cleartext passwords, hashes, PINs, and Kerberos tickets from LSASS; performs pass-the-hash / pass-the-ticket / golden-ticket attacks. Foundational post-exploitation tool for AD environments — understanding what it does is required reading regardless of which side of the fence you sit on.
[ Password & Crypto ]
Free, open-source, light-weight password manager. Local file-based vault (.kdbx) encrypted with AES-256 / ChaCha20 + Argon2 KDF — no cloud sync unless you point it at your own. Strong plugin ecosystem plus a long list of compatible third-party clients (KeePassXC on Linux/macOS, KeePassDX on Android, etc.).
[ Wireless ]
WiFiPineapple Repo — 03.2015
Unofficial repository of OpenWRT / WiFiPineapple Mark V packages. Mirrored locally since the original index has been intermittently unreachable. Wireless-pentest payloads, infusions, and karma-style rogue-AP tooling for the Mark V hardware platform.
[ Random ]
Vintage OpenBSD devil ASCII art and the matching tattoo photo. Kept around because the BSD demonologica is a cornerstone of operating- system iconography that newer hackers don't always get exposed to.
