INDEX ONLINE
LABS / DOCS / FIELD REFERENCES
Trusted links.
Zero hype.
A small library of resources worth returning to. Curated for action, not bookmark-count flexing.
- ENTRIES
- 14
- TRACKS
- 06
- COST TO OPEN
- ₹0
- LAST REVIEW
- JUL 2026
START HEREIf you are new: Bandit → HTTP basics → Web Security Academy. Take notes while you work.
A useful reference does not replace authorization, scope, or judgment.
01 // RESOURCE INDEX
Find the next useful link.
OFFICIAL / WARGAME
OverTheWire Bandit
A command-line wargame built for absolute beginners.
Use it to make Linux navigation, files, permissions, pipes, and SSH feel normal.
OFFICIAL / GUIDE
MDN: HTTP Overview
A clear explanation of requests, responses, clients, servers, and proxies.
Read this before trying to understand web vulnerabilities or proxy traffic.
OFFICIAL / DOCUMENTATION
The Python Tutorial
The official language tutorial for people who already know basic programming.
Use it when a small script is better than repeating the same task by hand.
OFFICIAL / LABS
Web Security Academy
Free web-security learning material with realistic interactive labs.
My first recommendation for learning a web bug, testing it, and proving it safely.
OFFICIAL / METHODOLOGY
OWASP WSTG
A structured framework for testing web applications and services.
Use it as a methodology when you need to know what to test and why.
OFFICIAL / REFERENCE
OWASP Cheat Sheets
Focused defensive guidance for common application-security problems.
Open it after finding a weakness so your remediation advice is concrete.
COMMUNITY / FIELD NOTES
HackTricks
A broad community field reference covering many offensive-security topics.
Use it to form questions during a lab—not as a substitute for understanding the path.
COMMUNITY / REFERENCE
PayloadsAllTheThings
A community collection of payload patterns and security-testing references.
Use it inside authorized labs after you understand the vulnerability you are testing.
COMMUNITY / REFERENCE
GTFOBins
Unix-like executables and legitimate functions that can be abused on misconfigured systems.
Use it to study living-off-the-land behavior and local privilege boundaries.
COMMUNITY / REFERENCE
LOLBAS
A catalog of Windows binaries, scripts, and libraries used for living off the land.
Use it to understand dual-use Windows behavior and map it back to ATT&CK.
OFFICIAL / DOCUMENTATION
BloodHound Docs
The documentation hub for understanding and using BloodHound.
Start here before treating an Active Directory graph like a list of magic attack paths.
OFFICIAL / KNOWLEDGE BASE
MITRE ATT&CK
A public knowledge base of adversary tactics and techniques grounded in real observations.
Use it to connect a technique to behavior, context, data sources, and mitigations.
OFFICIAL / DOCUMENTATION
Wireshark Documentation
User guides, manual pages, display-filter references, and sample captures.
Return here when a packet or filter does not behave the way you expected.
OFFICIAL / PLATFORM
picoCTF / CyLab Academy
Carnegie Mellon University’s free cybersecurity learning and competition platform.
Use it for beginner-friendly practice across several security categories.
02 // USE THE LIBRARY
One link. One question. One note.
- 01Choose a question
Know what you are trying to understand.
- 02Open the source
Read enough to form a safe lab action.
- 03Do the work
Test only inside your authorized environment.
- 04Write the result
Keep the command, evidence, and correction.