The following is a list of blogs, communities, or other miscellaneous resources that can provide some great reads and educational info on topics pertaining to security. Feel free to leave comments below if you think anything should be added!

News -- News/Current Exploits (Gathers top stories from other security news sites [and shows new exploits at the bottom]) --News (One of my favorites, stays very up to date) --News – Another good general security blog (not so much technically oriented)  --Blog “Schneier on Security”  --Security Blog (Just saw this one, but seems very good with good information) --Current Exploits --News (Up-to-date resource)

Classes: -- Arguably the best free security class on the web. Excellent videos, slides, content, and information. Definitely check it out! [tentatively unavailable 01/28/2012]- Security class offered for free by Stanford Univ. Starts late March 2012. - Free Cryptography class offered by Stanford Univ. Started early March. - Free Network and Computer Security course offered by MIT - Great resource if you're looking to learn programming


Hacking: The Art of Exploitation - Great book to that teaches low level exploitation techniques, as well as crucial fundamentals
Violent Python: A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers - Book on using Python for penetration testing tasks
Metasploit: The Penetration Tester's Guide - Book covering the ins and outs of Metasploit. Provides in depth information on usage as well as development
File System Forensic Analysis - Covers forensic techniques for different filesystems. Very thorough and in depth information
The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws - Great book covering techniques for auditing and exploiting web applications
SQL Injection Attacks and Defense - The "SQL Injection Bible". Covers numerous auditing and exploiting techniques using SQL Injection
The Shellcoder's Handbook - Great resource for developing shellcode for use with exploitation 
Real Digital Forensics - Similar to File System Forensic Analysis but with Network forensics and response techniques
Silence on the Wire: A Field Guide to Passive Reconnaissance and Passive Attacks - Interesting book covering fundamentals of fingerprinting and other passive attack techniques 
Social Engineering: The Art of Human Hacking - In depth coverage of social engineering techniques and exploitation
Bejtlich Best Books - Annual lists of best security books read by security professional Richard Bejtlich

Communities: - Netsec subreddit - always up-to-date with the latest stories in netsec - Social Engineering subreddit - Computer Forensics subreddit - Reverse Engineering subreddit - Lockpicking subreddit - Security forum (many of these exist)

Training/Wargames: - Challenges to test exploitation skills - Different exploitation challenges - Many different wargames teaching a variety of security techniques - Free Penetration Testing exercises geared towards web app exploitation - Damn Vulnerable Web App

Tutorials: - Corelan Exploit Writing tutorials (ie a great and thorough Buffer Overflow tutorial can be found here.) - Metasploit Unleashed tutorials provide coverage of using Metasploit - Simple SQL Injection Tutorial

Security Conference Whitepapers and Presentations: -- Presentations (Years’ worth of whitepapers and video/audio presentations)       -- Tools released at Defcon --Presentations (Years’ worth of whitepapers and video/audio presentations) - All videos from the 2011 DerbyCon - Slides and content from past CanSecWest conferences - Derbycon 2012 videos

Existing Vulnerability Research (what we aim to protect against): -- Seems very similar to the webpage right below – Discusses attack vectors and threats – I’ve been looking at this recently and I enjoyed their analysis of many attack vectors – General Wikipedia portal for all things Computer Security --Scroll to the bottom for archives of whitepapers

Multimedia Resources --The "YouTube of Security" (couldn’t recommend this site highly enough!!) -- Incredible Security Podcast (available on iTunes!) --Great social engineering podcast by

Notable Blogs

Carnal0wnage - Attack and Research blog - Blog focused on hardware and reverse engineering
Metasploit Blog
SkullSecurity - Blog focused on misc. security topics
TrailofBits Blog - Misc. Security topics
Room362 Blog - Misc. Security topics
Volatility Labs Blog - Focused on malware and memory forensic analysis
Pentest Geek - Misc. Security topics

Other Resources: - Resource that provides information for ongoing and upcoming CTF events --Social Engineering Framework and Blog (Great Resource to learn SE!) -- Site full of great resources - requires subscription (provided for free if you're a Tech student - will show you how to access it in the meetings).
Amazon Security Books – Amazon is (IMHO) one of the best places for security books. I’ve bought numerous over the years and have enjoyed the price. -- A great resource (forum) for learning best physical security practices as well as being able to measure physical security deficiencies with standard locks.

For Twitter Users: -- Security Professionals on Twitter that you may want to follow (I’m not a twitter user, so I haven’t checked any of these out personally.)

Want to Learn Python? - Codecademy Python course - Fantastic book (free to read online) that teaches Python - Another great book (free to read online) that teaches Python - Python tutorials (contains in-browser code-editor)


  1. What about MOOC's, do you think they are worth it?

    1. Absolutely! I'm currently taking the "Malicious Software and its Underground Economy: Two Sides to Every Story" via coursera, and it's great.

      MOOC's are becoming more and more popular, which is good - it's time we open-source high-quality education. Places like Coursera provide fantastic class at a price I tend to like (free!).

  2. Nice post, very helpful for us.I will
    vulnerability assessment
    penetration testing come back here again & again...:)

    1. On sait depuis longtemps que travailler avec du texte lisible et contenant du sens est source de distractions, et empêche de se concentrer sur la mise en page elle-même. L'avantage du Lorem Ipsum sur un texte générique comme 'Du texte. Du texte. Du texte.'
      mesin pembuat kopi Elektrolux and artikel harga mesin kopi Illy terbaru dan artikel harga mesin kopi merk Kenwood and article harga mesin kopi Nescafe dan ulasan harga mesin cuci 1 tabung dan artikel harga mesin cuci 2 tabung serta artikel harga mesin cuci front loading dan harga mesin cuci top loading juga harga kompor gas merk Quantum dan info harga kompor gas merk Rinnai

  3. Such a nice blogs, communities, or other miscellaneous resources for the it security course
    Thanks for sharing this nice blog..!!!!