This will be a live document that will be updated often. I try to only list Free resources here.
In alphabetical order:
Apps | Books | Certs | CTF | Games | Hardware | Jobs | Movies | OSINT | Podcasts | Repositories | Software | Study | TV | Training | Websites
APPLICATIONS
Enigma X – is a cybersecurity-focused platform centered around OSINT investigations, and digital footprint analysis. It transforms your text, voice, and media messages into unbreakable 100% private emoji ciphers that stores your encryption keys locally, only on your device, never uploaded to any server or cloud.
Fing – is a powerful free network scanner and monitoring tool that helps you discover devices, enhance cybersecurity, and optimize performance.
BOOKS
The Art of Invisibility is a 2017 book by world-renowned hacker Kevin D. Mitnick, an American computer security consultant, author, and convicted hacker. In 1995, he was arrested for various computer and communications-related crimes, and spent five years in prison after being convicted of fraud and illegally intercepting communications.
This book teaches practical methods for protecting personal privacy in an age of mass surveillance and big data. It provides actionable advice on overcoming tracking by corporations and governments, covering topics from secure browsing to advanced anonymization techniques.
The Cuckoo’s Egg by Clifford Stoll is a 1989 book detailing his real-life, year-long hunt for a hacker, “Hunter,” who was stealing sensitive data from U.S. computer networks and selling it to the KGB, a story that evolved into a major international espionage case involving the CIA.
Stoll, an astronomer-turned-systems manager, tracked the intruder through a 75-cent accounting error, leading to a high-stakes game of cat-and-mouse that exposed the vulnerability of computer systems and the reality of cyber espionage.
The Cult of the Dead Cow, also known as “cDc”, is one of the oldest and most influential American hacking groups and DIY media organizations, founded in 1984 in Lubbock, Texas. Known for pioneering “hacktivism”, the group creates tools to expose security flaws, notably Back Orifice, and advocates for privacy, freedom, and human rights through both hacking and media.
The group maintains a weblog on its site, also titled “Cult of the Dead Cow”. New media are released first through the blog, which also features thoughts and opinions of the group’s members.
Social Engineering: The Science of Human Hacking written by Christopher Hadnagy, is the art of manipulating, influencing, or deceiving people into performing actions or divulging confidential information.
Rather than exploiting software, it exploits human emotions like fear, curiosity, or trust to bypass security measures. It is a common, highly effective method for data breaches and scams.
CERTIFICATIONS
Please visit the CERTIFICATIONS page to explore certifications from entry-level up to aligning with your chosen cybersecurity domain or specialization.
CTF’s
What is a CTF?
MegaCTF is a cybersecurity skills and training platform designed to teach practical security skills through gamified “Capture the Flag” (CTF) competitions, hands-on labs, and simulated environments as well as helps organizations recruit, train, and retain cybersecurity professionals, and serves individuals looking to break into the industry.
PicoCTF is a free, gamified computer security education program developed by Carnegie Mellon University that allows students of all skill levels to learn cybersecurity through Capture The Flag (CTF) challenges. It offers a safe environment featuring web exploitation, forensics, and cryptography, designed for high school and college students.
VulnHub offers multiple challenges, specializing in CTF competition, digital learning, and network administration. It provides vulnerable applications/machines to participants who want to gain real-life experience in debugging. The CTF platform is a great initiative for pen testing tools, especially on virtual machines, available in abundance on the platform. It prompts users to gain root access to the target devices and read the flag file, which, in most cases, are the main objects of the challenges.
GAMES
BitBurner is a free, text-based cyberpunk incremental RPG (idle game) available on Steam and in web browsers. Players act as hackers in 2077, using actual JavaScript programming to automate tasks, hack servers, and manage resources, making it a unique tool for learning to code while gaming.
Breach Labs – currently offer 2 games: Ghost (22 levels of Linux & Shell fundamentals) and Phantom (32 levels that teach the full discipline of post-exploitation. This is the complete chain a real operator runs against a real compromised environment in 2026.).
CMD Challenge – is an online, browser-based interactive game designed to test and improve user skills in Bash command-line scripting. It features a series of tasks, ranging from basic to intermediate levels, that must be solved using single-line terminal commands within an emulated Linux environment.
OverTheWire known for its list of popular Wargames, OverTheWire allows individuals to practice cybersecurity concepts through fun and thrilling games for both experienced hackers and total newbies with a selection of simple to complex games.
UnderTheWire offers PowerShell-based Wargames designed explicitly for the cybersecurity community. Similar to OverTheWire, UnderTheWire employs Wargames to sharpen PowerShell skills with rare instances and practical problem-solving techniques.
HARDWARE
| ITEM | USAGE |
| Flipper Zero | a portable, open-source multi-tool designed for pentesters and hardware enthusiasts used for security testing and protocol analysis in authorized environments |
| Wifi Pineapple | a specialized, portable wireless networking device designed for pentesting and network auditing that functions as a "rogue access point" that intercepts and analyzes traffic between users and the internet |
| Raspberry Pi | a low-cost, credit-card-sized, single-board computer that connects to a monitor, mouse, keyboard and is widely used as smart home hubs, retro gaming consoles, media centers, and robotics, often running Linux |
| Rubber Ducky | a specialized, programmable hacking tool designed to look and function like a USB flash drive, but which actually operates as a Human Interface Device (HID) essentially acting as a USB keyboard |
| Yubikey | is a small hardware security key used to protect online accounts and devices from unauthorized access through strong, phishing-resistant multi-factor authentication to verify your identity, replacing or supplementing passwords and SMS codes. |
Most hardware can be purchased at the following vendors:
JOBS
Data Annotation is a remote work platform for AI training tasks, where users are paid to write or evaluate AI responses, label or compare data, and to help train machine learning models (LLMs).
MOVIES
Hacking has been on screen since before most of us had a computer. This collection of films and documentaries spans decades of hacking culture, covering everything from social engineering and surveillance to critical infrastructure attacks and insider threats. Whether Hollywood got it right or spectacularly wrong, some are technically solid, but all of them are worth a watch if you want to understand how hacking became part of the cultural conversation as well as how each one shaped the way the public thinks about cybersecurity.
| TITLE | YEAR | CATEGORY |
| Antitrust | 2001 | Corporate Espionage / IP Theft |
| Blackhat | 2015 | APT / RAT Malware / Critical Infrastructure (nuclear) |
| Enemy of the State | 1998 | OSINT / Mass Surveillance |
| Firewall | 2006 | Insider Threat / Financial Fraud / Extortion |
| Hackers | 1995 | Social Engineering + Malware / Corporate Espionage |
| Johnny Mnemonic | 1995 | Data Exfiltration / Encrypted Courier |
| Jurassic Park | 1993 | Privilege Escalation / Insider Threat |
| Live Free or Die Hard | 2007 | Critical Infrastructure Attack / ICS/SCADA |
| Sneakers | 1992 | Penetration Testing / Red Teaming + Cryptography |
| Snowden | 2016 | Insider Threat / Mass Surveillance / Whistleblowing |
| Surrogates | 2009 | Identity Spoofing / Remote Access Exploitation |
| Swordfish | 2001 | Worm Development / Financial Cybercrime |
| Takedown | 2000 | True Crime — Kevin Mitnick / Social Engineering + Phone Phreaking |
| The Amateur | 2025 | Cryptography / SIGINT / Cyber Espionage / ICS Hacking |
| The Girl with the Dragon Tattoo | 2009 | OSINT + Intrusion / Digital Forensics |
| The Great Hack | 2019 | Data Harvesting / Influence Operations / Cambridge Analytica |
| The Italian Job | 2003 | ICS Hacking (traffic systems) |
| The Matrix | 1999 | System Exploitation / Zero-Day / Privilege Escalation |
| The Net | 1994 | Identity Theft / Data Manipulation |
| The X-Files: Fight the Future | 1998 | Government Coverup / Data Breach |
| Virtuosity | 1995 | AI Threat / Containment Failure |
| WarGames | 1983 | Unauthorized Access / ICS & SCADA (military systems) |
OSINT TOOLS
Go to OSINT page for more information.
PODCASTS
Darknet Diaries is a popular, critically acclaimed documentary-style podcast hosted by Jack Rhysider that explores true stories about hackers, data breaches, cybercrime, and shadow government activity. Launched in 2017, it covers the “dark side of the internet” through in-depth interviews and narrative storytelling, making complex technical security topics accessible to a general audience.
Malicious Life by Cybereason tells the unknown stories of the history of cybersecurity, with comments and reflections by real hackers, security experts, journalists, and politicians.
CyberSpeaksLive – is an InfoSec podcast series hosted by the late Duncan McAlynn (@infosecwar) and his special guest co-hosts, where the listeners would get to participate in the discussions with full video and audio.
Secure AF is hosted by industry veterans Donovan Farrow and Jonathan Kimmitt, who dive deep into real-world infosec challenges, red team tactics, blue team strategies, current events and the latest tools shaping the cybersecurity landscape.
Secure After Dark hosted by Tanner Shin, focuses on the “after-hours” side of cybersecurity, featuring unfiltered, raw, and humorous stories from pentesters, private investigators, and unconventional cybersecurity figures that offer a “back alley” look at the industry, including conference stories, social engineering, and the “strange, bizarre, and profane” aspects of the job.
Social Engineering hosted by Christopher Hadnagy, has 4 series per month: The Human Element: The original podcast with unique guests to teach us all new skills, The SEcurity Awareness Series: Focused on helping C Level security with their security needs, The Dr. Is In: Dr. Abbie Marono and Chris discuss a very science based topic, and The 4th Monday: Chris and Co-Host Mike Holfeld discuss a wide range of topics.
REPOSITORIES
Commit Issues – is a cybersecurity-focused GitHub controlled chaos repository that makes complex tech accessible, dangerous knowledge digestible, and boring tools actually fun to use.
Eagle Eye – allows you to use a reverse image search to find social media accounts.
fon-tech-io – is a comprehensive UI Component Suite collection of 41 accessible, themeable Angular components built with Angular 20+ and modern best practices.
GeoWiFi – is an open-source tool designed to locate WiFi networks by querying multiple public databases using a BSSID or SSID. It helps identify the approximate location of access points, offering output in JSON or interactive HTML maps.
InfoSecWar – has open-source security and development projects from the late Duncan “InfoSecWar” McAlynn.
MemPalace – is a memory training app/software that helps users improve recall by using the method of loci (memory palace technique), a visualization method where you store information in imagined “locations” inside a familiar space. [MemPalace.net]
RuView – turns commodity WiFi signals into real-time spatial intelligence, vital sign monitoring, and presence detection — all without a single pixel of video.
S0cial-Lain – is a cybersecurity-focused GitHub repository showcasing pentesting tools, automation scripts, OSINT work, and hands-on write-ups that emphasize practical, real-world offensive security and experimentation..
Th3 Inspector – is a multi-Information Gathering tool.
Trape – is a framework used for security research and social engineering awareness in controlled environments.
SOFTWARE
Inkscape – is a free, open-source vector graphics editor used to create or edit illustrations, diagrams, logos, and complex paintings. It uses Scalable Vector Graphics (SVG) as its native format, allowing for sharp, scalable designs. It is popular as a professional-grade alternative to Adobe Illustrator, available on Windows, Mac, and Linux.
STUDY MATERIALS
Python For Everybody – is a complete, free Python3 course created by the University of Michigan’s School of Information’s Clinical Professor Dr Charles Severance (Dr Chuck), with no pre-requisites and avoids all but the simplest mathematics.
Professor Messer’s CompTIA SY0-701 Security+ Training Course – offers well over 100+ full free videos within 5 detailed sections taught by Professor Messer.
SecAIPlus – offers a free flashcard deck with tips and explanations included, written by someone who just passed CompTIA SecAI+ CY0-001 certification exam. 25 scenario-based questions. All 4 exam domains covered. Free — no strings.
TELEVISION
Hackers have been on primetime tv just as long as they’ve been in the theaters, giving us some of the most technically accurate portrayals of hacking ever put to screen and some of the most gloriously terrible. From Mr. Robot’s frighteningly accurate malware deployments to real-world predator hunting in Undercover Underage, these shows cover the full spectrum of cybersecurity domains spanning everything from hacktivist take-downs and corporate espionage to surveillance states.
| Show | Year | Primary Hacking Category |
| Halt and Catch Fire | 2014–2019 | Early Computing / IP Theft / Tech Culture |
| Mr. Robot | 2015–2019 | Social Engineering, Malware, APT, Ransomware, ICS |
| Rabbit Hole | 2023– | Cyber Espionage / Disinformation / Corporate Intrigue |
| The Capture | 2019– | Deepfakes / Surveillance State / Evidence Tampering |
| Undercover Underage | 2021– | OSINT / Social Engineering / Digital Identity / Predator Hunting |
TRAINING
BugCrowd – teams with elite security researchers to reduce risk & improve security ROI through our bug bounty, pen testing, & vulnerability disclosure programs.
CryptoHack – is a fun, free platform to learn about cryptography through solving challenges and cracking insecure code.
Hacker101 – is a free class for web security. Whether you’re a programmer with an interest in bug bounties or a seasoned security professional, Hacker101 has something to teach you.
HackerOne – is an agentic AI system that turns vulnerability noise into validated, prioritized, and remediated outcomes, helping security teams reduce risk at scale.
HackTheBox – is an online hacking training platform and playground that allows individuals and organizations to level up their cybersecurity skills in action.
Pentest-Ground – is a free sandbox with deliberately vulnerable web applications and network services to test tools and for educational purposes. It was designed for penetration testers, ethical hackers, and other offensive security professionals as a free service provided by Pentest-Tools.com.
PentesterLab – offers advanced web hacking and security code review through real-world CVEs, vulnerable code, hands-on exploitation, and detailed technical walkthroughs.
Social-Engineer teaches about the “human operating system” and the art of Social Engineering via tools like the Social-Engineer Framework to educate on mitigating human-centric security threats, emphasizing training, psychology, and awareness.
TryHackMe – is a free online platform for learning cyber security, using hands-on exercises and labs, all through your browser!.
YesWeHack – is a leading Offensive Security and Exposure Management platform. We provide a comprehensive suite of integrated, API-based solutions designed to secure organizations’ growing attack surfaces in an increasingly complex digital landscape..
WEBSITES
Delete Me – employs human agents to handle significant sites where data deletion and privacy automation won’t cut it.
ExcaliDraw – is a virtual collaborative whiteboard tool that lets you easily sketch diagrams that have a hand-drawn feel to them.
URLScan – is a free, web-based sandbox service that scans and analyzes potentially malicious websites to help users identify security threats like phishing and malware.