Manuals/Howtos/Tutorials
Shell/Command lineβ
pure-bash-bible - is a collection of pure bash alternatives to external processes.
pure-sh-bible - is a collection of pure POSIX sh alternatives to external processes.
bash-guide - is a guide to learn bash.
bash-handbook - for those who wanna learn Bash.
The Bash Hackers Wiki - hold documentation of any kind about GNU Bash.
Shell & Utilities - describes the commands offered to application programs by POSIX-conformant systems.
the-art-of-command-line - master the command line, in one page.
Shell Style Guide - a shell style guide for Google-originated open-source projects.
Text Editorsβ
Vim Cheat Sheet - great multi language vim guide.
Pythonβ
Awesome Python - a curated list of awesome Python frameworks, libraries, software and resources.
python-cheatsheet - comprehensive Python cheatsheet.
pythoncheatsheet.org - basic reference for beginner and advanced developers.
Sed & Awk & Otherβ
FβAwk Yeah! - advanced sed and awk usage (Parsing for Pentesters 3).
*nix & Networkβ
nixCraft - linux and unix tutorials for new and seasoned sysadmin.
TecMint - the ideal Linux blog for Sysadmins & Geeks.
Omnisecu - free Networking, System Administration and Security tutorials.
linux-cheat - Linux tutorials and cheatsheets. Minimal examples. Mostly user-land CLI utilities.
linuxupskillchallenge - learn the skills required to sysadmin.
Unix Toolbox - Unix/Linux/BSD commands and tasks which are useful for IT work or for advanced users.
Linux Kernel Teaching - is a collection of lectures and labs Linux kernel topics.
htop explained - explanation of everything you can see in htop/top on Linux.
Linux Guide and Hints - tutorials on system administration in Fedora and CentOS.
strace-little-book - a little book which introduces strace.
linux-tracing-workshop - examples and hands-on labs for Linux tracing tools workshops.
http2-explained - a detailed document explaining and documenting HTTP/2.
http3-explained - a document describing the HTTP/3 and QUIC protocols.
HTTP/2 in Action - an excellent introduction to the new HTTP/2 standard.
Let's code a TCP/IP stack - great stuff to learn network and system programming at a deeper level.
Nginx Admin's Handbook - how to improve NGINX performance, security and other important things.
nginxconfig.io - NGINX config generator on steroids.
openssh guideline - is to help operational teams with the configuration of OpenSSH server and client.
SSH Handshake Explained - is a relatively brief description of the SSH handshake.
ISC's Knowledgebase - you'll find some general information about BIND 9, ISC DHCP, and Kea DHCP.
PacketLife.net - a place to record notes while studying for Cisco's CCNP certification.
Microsoftβ
AD-Attack-Defense - attack and defend active directory using modern post exploitation activity.
Large-scale systemsβ
The System Design Primer - learn how to design large-scale systems.
Awesome Scalability - best practices in building High Scalability, High Availability, High Stability, and more.
Web Architecture 101 - the basic architecture concepts.
System hardeningβ
CIS Benchmarks - secure configuration settings for over 100 technologies, available as a free PDF.
Security Harden CentOS 7 - this walks you through the steps required to security harden CentOS.
CentOS 7 Server Hardening Guide - great guide for hardening CentOS; familiar with OpenSCAP.
awesome-security-hardening - is a collection of security hardening guides, tools and other resources.
The Practical Linux Hardening Guide - provides a high-level overview of hardening GNU/Linux systems.
Linux Hardening Guide - how to harden Linux as much as possible for security and privacy.
Security & Privacyβ
Hacking Articles - LRaj Chandel's Security & Hacking Blog.
AWS security tools - make your AWS cloud environment more secure.
Rawsec's CyberSecurity Inventory - an inventory of tools and resources about CyberSecurity.
The Illustrated TLS Connection - every byte of a TLS connection explained and reproduced.
SSL Research - SSL and TLS Deployment Best Practices by SSL Labs.
SELinux Game - learn SELinux by doing. Solve Puzzles, show skillz.
Certificates and PKI - everything you should know about certificates and PKI but are too afraid to ask.
The Art of Subdomain Enumeration - a reference for subdomain enumeration techniques.
Quitting Google - the comprehensive guide to quitting Google.
Web Appsβ
OWASP - worldwide not-for-profit charitable organization focused on improving the security of software.
OWASP ASVS 3.0.1 - OWASP Application Security Verification Standard Project.
OWASP ASVS 3.0.1 Web App - simple web app that helps developers understand the ASVS requirements.
OWASP ASVS 4.0 - is a list of application security requirements or tests.
OWASP Testing Guide v4 - includes a "best practice" penetration testing framework.
OWASP Dev Guide - this is the development version of the OWASP Developer Guide.
OWASP WSTG - is a comprehensive open source guide to testing the security of web apps.
OWASP API Security Project - focuses specifically on the top ten vulnerabilities in API security.
Mozilla Web Security - help operational teams with creating secure web applications.
security-bulletins - security bulletins that relate to Netflix Open Source.
API-Security-Checklist - security countermeasures when designing, testing, and releasing your API.
Enable CORS - enable cross-origin resource sharing.
Application Security Wiki - is an initiative to provide all application security related resources at one place.
Weird Proxies - reverse proxy related attacks; it is a result of analysis of various proxies.
Webshells - great series about malicious payloads.
Practical Web Cache Poisoning - show you how to compromise websites by using esoteric web features.
Hidden directories and files - as a source of sensitive information about web application.
Explosive blog - great blog about cybersec and pentests.
Security Cookies - this paper will take a close look at cookie security.
APISecurityBestPractices - help you keep secrets (API keys, db credentials, certificates) out of source code.
All-in-oneβ
LZone Cheat Sheets - all cheat sheets.
Danβs Cheat Sheetsβs - massive cheat sheets documentation.
Rico's cheatsheets - this is a modest collection of cheatsheets.
DevDocs API - combines multiple API documentations in a fast, organized, and searchable interface.
cheat.sh - the only cheat sheet you need.
gnulinux.guru - collection of cheat sheets about bash, vim and networking.
Ebooksβ
free-programming-books - list of free learning resources in many languages.
Otherβ
CTF Series : Vulnerable Machines - the steps below could be followed to find vulnerabilities and exploits.
50M_CTF_Writeup - $50 million CTF from Hackerone - writeup.
ctf-tasks - an archive of low-level CTF challenges developed over the years.
How to start RE/malware analysis? - collection of some hints and useful links for the beginners.
The C10K problem - it's time for web servers to handle ten thousand clients simultaneously, don't you think?
How 1500 bytes became the MTU of the internet - great story about the Maximum Transmission Unit.
poor man's profiler - like dtrace's don't really provide methods to see what programs are blocking on.
HTTPS on Stack Overflow - this is the story of a long journey regarding the implementation of SSL.
Julia's Drawings - some drawings about programming and unix world, zines about systems & debugging tools.
Hash collisions - this great repository is focused on hash collisions exploitation.
sha256-animation - animation of the SHA-256 hash function in your terminal.
BGP Meets Cat - after 3072 hours of manipulating BGP, Job Snijders has succeeded in drawing a Nyancat.
bgp-battleships - playing battleships over BGP.
What happens when... - you type google.com into your browser and press enter?
how-web-works - based on the 'What happens when...' repository.
HTTPS in the real world - great tutorial explain how HTTPS works in the real world.
Gitlab and NFS bug - how we spent two weeks hunting an NFS bug in the Linux kernel.
Gitlab melts down - postmortem on the database outage of January 31 2017 with the lessons we learned.
How To Become A Hacker - if you want to be a hacker, keep reading.
Operation Costs in CPU - should help to estimate costs of certain operations in CPU clocks.
Let's Build a Simple Database - writing a sqlite clone from scratch in C.
simple-computer - great resource to understand how computers work under the hood.
The story of "Have I been pwned?" - working with 154 million records on Azure Table Storage.
TOP500 Supercomputers - shows the 500 most powerful commercially available computer systems known to us.
How to build a 8 GPU password cracker - any "black magic" or hours of frustration like desktop components do.
CERN Data Centre - 3D visualizations of the CERN computing environments (and more).
How fucked is my database - evaluate how fucked your database is with this handy website.
Linux Troubleshooting 101 , 2016 Edition - everything is a DNS Problem...
Five Whys - you know what the problem is, but you cannot solve it?
Maersk, me & notPetya - how did ransomware successfully hijack hundreds of domain controllers?
howhttps.works - how HTTPS works ...in a comic!
howdns.works - a fun and colorful explanation of how DNS works.
POSTGRESQLCO.NF - your postgresql.conf documentation and recommendations.