awesome-nicc#
A list of cybersecurity resources from the NJIT Information and Cybersecurity Club.
HTML version, Markdown version.
Entries#
This page lists all entries. Use links in the sidebar or click on tags to browse projects by category.
10 Types of Application Security Testing Tools#
List of different application security testing tools and methods.
A Graduate Course in Applied Cryptography Book#
“Throughout the book we present many case studies to survey how deployed systems operate. We describe common mistakes to avoid as well as attacks on real-world systems that illustrate the importance of rigor in cryptography.”
By Dan Boneh and Victor Shoup.
AC Hunter#
Tool for network C2 monitoring.
Antisyphon Training#
Approachable, accessible, and affordable public and private training.
Aperisolve#
Steganography analysis for multiple tools combined into one.
Awesome CTF#
“A curated list of Capture The Flag (CTF) frameworks, libraries, resources, softwares and tutorials.”
Awesome Selfhosted#
“This is a list of Free Software network services and web applications which can be hosted on your own server(s)..”
Backdoors & Breaches#
Incident response card game. Can buy card deck or play online.
binwalk#
Binwalk is a fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images.
BlackArch Linux#
“BlackArch Linux is an Arch Linux-based penetration testing distribution for penetration testers and security researchers.”
BurpSuite#
For pentesting web applications. Can replay and modify requests, fuzz request values, proxy between the browser and site, etc.
Canarytokens#
“Canarytokens helps track activity and actions on your network.”
”Canarytokens are like motion sensors for your networks, computers and clouds. You can put them in folders, on network devices and on your phones.”
Clark#
Largest platform for building and sharing free cybersecurity curriculum.
cloudtango#
Catalog of MSPs (managed service providers).
CMD Challenge#
“Test your shell knowledge by taking the CMD Challenge”
Codecademy Cybersecurity#
Contains multiple cybersecurity focused courses.
Competitive Programmer’s Handbook#
“The purpose of this book is to give you a thorough introduction to competitive programming.”
By Antti Laaksonen.
Computer Systems Security: Planning For Success#
“The text, labs, and review questions in this book are designed as an introduction to the applied topic of computer security.”
By Ryan Tolboom.
CUPP#
Common User Password Profiler
Generates password word lists based knowledge known about a user.
CyberChef#
“The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis.”
Datadog#
Infrastructure monitoring tool.
10 servers free for 2 years via GitHub Education Pack.
Dcode.fr#
Many encode and decode tools for different ciphers.
Deepsound#
Hides files within audio.
Dirb#
Dictionary scan of web servers.
dnSpy#
.NET / Unity decompiler.
Enum_AzureSubdomains#
“A Metasploit Auxiliary module for enumerating public Azure services by locating valid subdomains through various DNS queries.”
Evilginx#
“Evilginx is a man-in-the-middle attack framework used for phishing login credentials along with session cookies, which in turn allows to bypass 2-factor authentication protection.”
F00L.DE#
Collection of miscellaneous tools such as vigenere cipher cracking, file analysis, etc.
Web App Windows Mac Linux Freeware Source Given with No License
FederalPay.org#
“We are a non-governmental information portal built by federal employees, for federal employees.”
ForeverCTF#
CTF that is up indefinitely for practice.
GCA Cybersecurity Toolkit#
A toolkit to help improve your personal cyber hygiene.
Ghidra#
Suite of tools for software reverse engineering developed by the NSA.
Google Dorking Tutorial#
Tutorial on Google “dorking” which is the art of using search operators to find what you want.
gpp-decrypt#
Ruby script used to decrypt Microsoft Group Policy preferences strings. Included in Kali by default.
GTFOBins#
“GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems.”
HackTheBox#
Test your skills against a variety of hacking labs!
HackThisSite#
“HackThisSite.org is a free, safe and legal training ground for hackers to test and expand their ethical hacking skills with challenges, CTFs, and more.”
HackTricks#
Collection of hacking tricks: e.g reverse shells, encoded text for web, etc.
Hashcat#
Password hash cracker.
Hiration#
Cover letter and resume builder.
How To Secure A Linux Server#
“An evolving how-to guide for securing a Linux server.”
Hydra#
Online password brute-force tool for SSH, RDP, HTTP, etc.
ILSpy#
.NET / Unity decompiler.
DNS Remote Code Execution#
Video series exploiting WAN vulnerabilities in network devices.
Intro to Binary Exploitation#
Intro to Binary Exploitation video series.
IronGeek Unicode Steg#
Hides text within text.
John the Ripper#
Password hash cracker.
JWT.io#
Tool to decode and encode JSON Web Tokens.
Kali Linux#
Pentesting focused OS based on Debian Linux. Many cybersecurity tools are preinstalled.
Kontra Application Security Training#
Interactive application security training.
Kurose/Ross Networking Book#
Material on understanding computer networks.
By Jim Kurose and Keith Ross.
learnpython.org#
Python references and tutorials.
Linux auditd for Threat Detection#
Blog post on configuring auditd on Linux systems.
LOLBAS#
“The goal of the LOLBAS project is to document every binary, script, and library that can be used for Living Off The Land techniques.”
Malcat#
“Malcat is a feature-rich hexadecimal editor / disassembler for Windows and Linux targeted to IT-security professionals.”
Metasploit#
“The world’s most used penetration testing framework.”
Metasploitable#
“Metasploitable is an intentionally vulnerable Linux virtual machine.”
Microsoft Security Complaince Toolkit#
“Policy Analyzer is a utility for analyzing and comparing sets of Group Policy Objects (GPOs). It can highlight when a set of Group Policies has redundant settings or internal inconsistencies, and can highlight the differences between versions or sets of Group Policies.”
National Cyber Scholarship Foundation#
“National Cyber Scholarship Foundation (NCSF) has launched a national initiative to identify and develop a new generation of Cyber Stars.”
NCAE CyberGames#
“NCAE Cyber Games is dedicated to inspiring college students to enter the exciting (and sometimes profitable!) realm of cyber competitions.”
NetBox#
Network engineer tool for IPAM, provisioning, routing, diagrams, etc.
NetworkMiner#
NetworkMiner is an open source network forensics tool that extracts artifacts, such as files, images, emails and passwords, from captured network traffic in PCAP files.
CISA National Initiative for Cybersecurity Careers and Studies#
“NICCS is the premier online resource for cybersecurity training, education, and career information.”
Nightmare Bin/Rev Guide#
Nightmare is an intro to binary exploitation / reverse engineering course based around ctf challenges.
NJIT Secure Computing Initiative#
“The NJIT Secure Computing Initiative (SCI) seeks to award scholarships as part of the CyberCorps® Scholarship for Service (SFS) program.”
Nmap#
Network port scanner tool.
OpenStego#
Stegonography application for data hiding and watermarking.
OSINT Framework#
Guide to assist in gathering information while performing OSINT.
OSINT Techniques Book#
“Resources for Uncovering Online Information”
By Michael Bazzell.
OutGuess#
“Outguess is a universal steganographic tool that allows the insertion of hidden information into the redundant bits of data sources.”
OverTheWire#
Learn Linux basics through fun-filled games.
OWASP Top Ten#
“The OWASP Top 10 is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications.”
OWASP WebGoat#
“WebGoat is a deliberately insecure application that allows interested developers just like you to test vulnerabilities commonly found in Java-based applications that use common and popular open source components.”
OWASP ZAP#
For pentesting web applications. Can replay and modify requests, fuzz request values, proxy between the browser and site, etc.
Parrot Linux#
Another pentesting focused OS based on Kali.
Payloads All The PDFs#
“A list of crafted malicious PDF files to test the security of PDF readers and tools.”
Payloads All The Things#
“A list of useful payloads and bypasses for Web Application Security.”
PentesterLab#
Learn how to manually exploit web applications!
picoGym#
CTF that is up indefinitely for practice.
PortSwigger Web Security Academy#
Free, online web security training from the creators of BurpSuite!
PSBits Offline GPO Analysis#
Analyze Microsoft Group Policy files offline.
Pwntools#
Pwntools is a python ctf library designed for rapid exploit development.
QRazyBox#
“QR Code Analysis and Recovery Toolkit”
Rapid Tables#
Collection of different converter tools and calculators.
Secure the Future#
Palo Alto Network’s academic cybersecurity competition.
Security Certification Roadmap#
A roadmap of differnet cybersecurity certifications.
shellscript.sh#
Tutorials for bash scripting.
Shodan#
Search engine for IoT devices. Can search for publically accessible servers based on details such as header, geolocation, etc.
sig2n#
Python scripts to perform JWT algorithm confusion.
Usage instructions from PortSwigger here.
Snort#
IDS/IPS that does packet monitoring and logging based on rules.
Snyk CTF 101 Workshop#
“Check out this hands-on, virtual workshop to learn how to solve Capture the Flag (CTF) challenges, including pwn and web. After the workshop, you’ll have the security skills and experience to compete in CTFs.”
Spectra Assure Community#
“Spectra Assure Community monitors open source packages to identify malware, code tampering and indicators of software supply chain attacks.”
Stegdetect#
Abandoned tool for detecting steganographic content in images.
StegOnline#
Online Image Steganography Tool for Embedding and Extracting data through LSB techniques.
Suricata#
IDS/IPS that does packet monitoring and logging based on rules. Similar to Snort but multithreaded.
tcpdump#
CLI data network packet analyzer. Can dump to pcap files.
TryHackMe#
Hand-on cyber security training through real-world scenarios.
VirtualBox#
Virtual machine hypervisor. Generally used to create Kali or Parrot VMs separate from your host operating system.
VulnHub#
Collection of vulnerable VM images.
Wireshark#
Network packet sniffer that can capture from interfaces in real time or read pcap files.
Zerodium#
Bug bounty program.
List of Licenses#
0BSD- BSD Zero-Clause LicenceAGPL-3.0- GNU Affero General Public License 3.0Apache-2.0- Apache, Version 2.0APSL-2.0- Apple Public Source License, Version 2.0Artistic-2.0- Artistic License Version 2.0Beerware- Beerware LicenseBSD-2-Clause- BSD 2-clause “Simplified”BSD-2-Clause-FreeBSD- BSD 2-Clause FreeBSD LicenseBSD-3-Clause- BSD 3-Clause “New” or “Revised”BSD-3-Clause-Attribution- BSD with attributionBSD-4-Clause- BSD 4-clause “Original”CC-BY-NC-4.0- Creative Commons Attribution-NonCommercial 4.0 LicenseCC-BY-NC-SA-4.0- Creative Commons Attribution-NonCommercial-ShareAlike 4.0 LicenseCC-BY-SA-3.0- Creative Commons Attribution-ShareAlike 3.0 LicenseCC-BY-SA-4.0- Creative Commons Attribution-ShareAlike 4.0 LicenseCC0-1.0- Public Domain/Creative Common Zero 1.0CDDL-1.0- Common Development and Distribution LicenseCECILL-B- CEA CNRS INRIA Logiciel LibreEPL-1.0- Eclipse Public License, Version 1.0EPL-2.0- Eclipse Public License, Version 2.0EUPL-1.2- European Union Public License 1.2Freemium- Freemium (Free to use in some capacity but has paid upgrades)Freeware- Freeware (Free to use)GPL-1.0- GNU General Public License 1.0GPL-2.0- GNU General Public License 2.0GPL-3.0- GNU General Public License 3.0IPL-1.0- IBM Public LicenseLGPL-2.1- Lesser General Public License 2.1LGPL-3.0- Lesser General Public License 3.0MIT- MIT LicenseMPL-1.1- Mozilla Public License Version 1.1MPL-2.0- Mozilla Public LicenseMultiple Licenses- Multiple Licenses (for entries such as Linux distros which contain many programs)Nmap-PSL- Nmap Public Source LicenseOSL-3.0- Open Software License 3.0Proprietary- Proprietary (closed source)Sendmail- Sendmail LicenseSource Given with No License- Source Given with No LicenseRuby- Ruby LicenseUnlicense- The UnlicenseZlib- Zlib/libpng LicenseZPL-2.0- Zope Public License 2.0
Contributing#
Contributing guidelines can be found here.
License#
This list is under the Creative Commons Attribution-ShareAlike 3.0 Unported License.
Terms of the license are summarized here.
Markdown and HTML generating code adapted from the awesome-selfhosted community. Changes were made to page verbage and formatting.