WORK IN PROGRESS
This list is still in progress, stay tuned to read an improved version.
Mooc
Sensibilisation ou initiation / Awarness or introduction
- Mooc de l’anssi (only in french)
- Cybersecurity specialization Coursera (free access to courses material but quizzes and certifications premium)
Misc
- Section sécurité numérique du site développez.com (only in french)
- Free classes for every level on Open Security Training
- Distributed computer system engineering, MIT Open Courseware
- Cours carte puce, Pascal Chour
- Cours et exercices sur la sécurité informatique à télécharger en PDF, bestcours
- Classes by D.J. Bernstein
- Free Courses in Wikiversity
Pentest
Reverse Engineering
Software – IOT – Security Dev
- Security software principles (Rensselaer polytechnic institute)
- Web Connectivity and Security in Embedded Systems, EIT Digital on Coursera
- Computer Programming on Khan Academy
Exploit
Forensics
Cybersécurité hollistique / Hollistic Cybersecurity
Cryptographie / Cryptography
- Cryptography by Khan Academy / Cryptographie sur Khan Academy (available in English / disponible en français)
- Cryptography, MIT Open Courseware
- Cryptography and cryptanalysis, MIT Open Courseware
- Advanced topics in Cryptographyt, MIT Open Courseware
- Cryptgraphy I, Stanford on Coursera
Données / Data
Blockchain
- Top 6 Free Online Blockchain Course to break into the industry today by Atulya Bhatt on Medium
- Bitcoin and cryptocurrency, Princeton University on Coursera
Réseaux et sécurité des réseaux / Networks and networks’ security
- Cisco netacademy (some of them are free)
- Network and computer security, MIT Open courseware
Podcast
- Humans of infosec: Ep 17 Rock Lambros: Enterprise security lessons for startups
- Humans of infosec on soundcloud
- Infosec Campus
Videos and webinars
Pentest – Bug bounty
- Pentester Academy
- Penetration Testing With Kali Linux
- Open Security Training
- Bhargav Tandel’s channel with content about pentest
- Jhaddix’ youtube channel
- STÖK youtube channel
- OWASP’s youtube channel has Web Pentest content
- Alissa Knight’s youtube channel
- Hackerone’s youtube channel
- Hak5’s youtube channel
- InsiderPhD’s youtube channel
Software – IOT – Security Dev
- SheHacksPurple aka Tanya Janca always has great videos on her youtube channel
- The coding train, watch Daniel Shiffman while he challenges himself with limited time coding challenges.
- Traversy media, web development and programming tutorials
- The Net Ninja, black belt your web skills
- CS Dojo, Python and Javascript tutorials by building a startup with an app to improve a language skill
- Academind, tutorials for web development
- Programming Knowledge, programming tutorials
- Coding Tech
- OWASP’s youtube channel has AppSec content
- Harvard’s CS50’s youtube channel
- E-mma (in french only)
- FreeCodeCamp’s youtube channel
Hollistic Cybersecurity
- STARTS Talks on Cybersecurity and IoT moderated Urmas Paet
- Global Conference on Cyberspace 2015
- Chloe Messdaghi’s channel with Q&As
- Diploweb, Pierre Verluise (french only)
- Cyber News TV
- S&D magazine’s youtube channel
- SERENE-RISC’s youtube channel
Conferences – Communities
- NorthSec’s youtube channel
- Defcon’s youtube channel
- RSA Conference’s videos
- WoSEC International’s youtube channel
- Women Techmakers Montreal’s youtube channel
MISC
- MIT OpenCourseWare’s youtube channel
- Mosse’s Cybersecurity Institute’s youtube channel
- The Cyber Mentor
- Computerphile
- Cookie connecté
- The New Boston, tutorials about programming, web design, graphic design, networking and many more!
- ESD Cyber Security Academy (in french only)
- InfosecGirls’ youtube channel
- Geek Gurl Diaries
- Art of the problem
- Advanced Computer Security, Stanford
CTF writeups
Certifications
- Professor Messer helps out for CompTIA A+, Network+, Security+, Linux+ and other IT certifications
- A full course of 84 videos for CCNA and CCENT Routing and Switching taught by Cisco Instructor Andrew Crouthamel.
Cryptography
Bitcoin
Learning by doing
CTF Platforms
- Hack The Box (big community, Great OSCP preparation, popular with recruiter)
- Try Hack Me (noob friendly 😀 , have lots of educational content)
- Root-me CTF platform (français / english)(popular with recruiter)
- Hack This Site!
- RingZer0
- Certified Secure (access to many free content see also here for my review about them)
- Defend the web
- Try2hack
- Hellbound hackers
- XSS game area
- Embedded Security CTF, microcorruption
- NYU Osiris CTF
- Plateforme de CTF ESD (français)
- PICOCTF free computer security game targeted at middle and high school student (anyone 13 and older can play for fun or learning during or after the competition period)
Wargames
Vulnerable labs to set up or vulnerable websites
- OWASP Vulnerable Web Applications Directory
- bWapp
- Damn vulnerable iOS app
- Google gruyere, appspot
- Peruggia by Andrew Kramer
- OWASP Juice shop project
- OWASP Mutillidae
- DVWA: Damn Vulnerable Web Application
- Bodhi – Client-Side Vulnerability Playground
- Metasploitable II
- Metasploitable III
Games for awarness
- PBS: Nova Labs, Cybersecurity Lab
- Texas University: Keep Tradition Secure
- The Weakest Link
- Safeonweb.be: How safe are you?
- Trend Micro: Targeted Attacke: The Game
- Cyber Security Games, Texas A&M University
- Cybermission (reviewed here)
Misc
- Checkmarx: Game of Hacks (code review)
- The Cryptopals Crypto Challenges
- Cyber Security Challenge UK
- Korelogic previous contests
- Learn SQL with SQLZOO
Resources for noobs
- Tips for getting started with CTF, Square CTF
- Le petit guide du chasseur de drapeaux, ungeek
- OWASP WebGoat Web Hacking Simulation Walkthrough
- CTF guide by Trail of Bits (reviewed here)
Other lists of resources for CTF
- Tools and Resources to Prepare for a Hacker CTF Competition or Challenge, Infosec Institute
- A curated list of CTF frameworks, libraries, resources and softwares, Amanpreet Singh
- Capture The Flag (CTF) and Pentest Training Tools, Keith R. Watson
Resources for game creation
Create CTF
- Open cyber challenge
- CTFd, CTF framework
- 10 questions to answer before running a capture the flag (CTF) contest, David Strom
Awarness or training for organizations
Ouvrages, articles de référence, sites, tutoriels, associations, conférences et blogs utiles / Books, papers, articles, useful websites, tutorials, communities, conferences and blogs
Lois et normes / Law and Policy
- Parlement ouvert lois sur les données personnelles
- Cadre juridique de la cybersécurité dans l’espace francophone par l’AUF et l’IFIC
- Le RGPD expliqué ligne par ligne, Next Impact
- Intelligence artificielle en droit, precisement.org
- Towards a Common Policy and Technology Context for Cyber Security Norms, Claire Vishik, Mihoko Matsubara, Audrey Plonk
- GDPR for developer, BOZHO’S TECH BLOG
- Q&R: Les nouvelles règles de l’UE sur la protection des données placent les citoyens aux commandes, Parlement européen
- ONU’s repository cybercrime
Pentest
Economie / Economy
- Le guide pratique du chef d’entreprise face au risque numérique, 3e forum international sur la cybersécurité
- Follow the Money: Civilizing the Darkweb Economy, Wilson Center
- De la souveraineté fonctionnelle, Internet actu
- Le nouveau paradigme de la cyber sécurité, PAC
Cryptographie, mathématiques / Cryptography, maths
- De la cryptographie dans l’histoire, blog keltia.net
- Blog chiffrer.info
- Introduction to Cryptography, Crypto Kait
- The Code Bookn Simon Singh (teenage version)
- Publications de Gilles Zemor de l’Université de Bordeaux ainsi que certains de ses cours / Gilles Zemor’s papers (some are in English)
- Applied Cryptography, Second Edition, Bruce Schneier
- Bibliothèque des maths
- Cours de cryptographie de l’Université Paris XIII
- How to implement a simple hash table in JavaScript, Alex Nadalin
- Cryptographic Hash Functions Explained: A Beginner’s Guide, Komode platform
- Basics of Hash Tables, Hackerearth
- The State of Hashing Algorithms The Why, The How, and The Future, Raul Jordan
- Learn Cryptography: From Beginner to Expert, Common Lounge
- Crypto101
- How to Learn Cryptography in 2018 (and Stay Sane), Chris Pete
- How to start learning cryptography, vixentael
- Cambridge University, Cryptography
- NSA Codebreakers, an email address from a recognized U.S. school or university is required
- Dcode (french only)
- Cyber chef automated encoded detection
Systèmes d’exploitations / Operating System
- UNIX / LINUX Tutorial, Tutorials point
- UNIX Tutorial for Beginners, University of Surrey
- Learn Linux in 5 Days Jason Cannon
- Training resources from Linux Foundation
Blockchain
Géopolitique / Geopolitical
- Digital Watch Geneva Internet Platform
- Cyberdéfense OTAN
- Cybersécurité programme de référence générique OTAN
- Guide pratique de la cybersécurité et de la cyberdéfense
- United Nations Institute for Disarmament
- Cybersécurité: au coeur des menaces informatiques, le facteur humain, Ministère des armées
- Cybersecurity of Nuclear Weapons Systems Threats, Vulnerabilities and Consequences, Chatham House
- Cyberguerre, aboutissement de la guerre totale : la France est-elle prête? ESEQ
- Internet a-t-il transformé la guerre, France Inter
- La Cyberguerre, Université de Caen
Surveillance, protection des données, fuite de données / Surveillance, Personal Data protection, data leaks
- Surveillance : entre légende et connaissance, France culture
- Louis Pouzin Internet est bâti sur un marécage, L’Express
- Les fuites de données, armes de déstabilisation massive
- Les droits pour maitriser vos données personnelles, CNIL
- Le blog Informatique et Libertés du CNAM de Paris
Techniques et outils de cybersécurité, Conférences, Ressources pour apprendre / Cybersecurity techniques and tools, Conventions, learning resources
- Peerlyst, Where professionals get IT right
- Getting Started in Information Security, reddit
- Beginner’s Guide To Cyber Deception, Varmour
- Comment devenir hacker éthique? Lydéric LEFEBVRE article available in english here
- Let’s Encrypt is a free, automated, and open certificate authority
- Cyber defense magazine
- Actes SSTIC 2018
- DefCon talks or on youtube
- Kitploit, the hacker’s tools
- Leiden safety and security blog
- Mindmap for pentesting practice, Aman Hardikar
- OWASP
- Review of tools and courses, Concise Courses
- Free Ethical Hacking Tutorials: Course for Beginners, Guru99
- Penetration testing tools cheatsheet, HighOn.Coffee
- CVE Security database
- Cyber Misfits
- Le blog du hacker
- Hack in the box
- Hacking tutorial
- Hack a day
- Break the security
- Hacking loops
- Building a home lab to become a malware hunter, alien vault
- Cours CyberSécurité – Concepts Clés Franck Franchin
- Morning star security (content curation website)
- List of tools for cybersecurity, seclists.org
- Web sandbox, urlscan
- Web pentesting and hacking articles, Raj Chandel’s Blog
- Linux journey
- List of resources on GitHub to learn to hack, Awesome Hacking
- Ressources ANSSI et outils pédagogiques
- Top 5 free learning resources for cybersecurity beginners, infosec institute
- List of Free resources for learning, Business news daily
- Exploit database
- Tutoriel injection SQL, zest de savoir
- Tutoriel détaillé injection SQL, hackademics
- Injection SQL, bases hacking (only in french)
- Cours de réseaux, developpez.com
- Analyse réseaux avec Wireshark, developpez.com
- Partage de connaissances du monde TCP/IP, frameip
- Repository of doc.lagout.org (ressources en français / resources in english)
- Repository de zen-security (beaucoup ressources en français / some resources in english)
- Repository de root-me.org (ressources en français / some resources in english)
- McAfee free tools for security
- Vuln hub (resources for training)
- CyberPunk: Open Source CyberSecurity
- Free infosec training resources, James Webb
- MIT Open Courseware
- Blog Fox Gloves Security
- Seach security on techtarget.com
- The A-Z of computer and data security threats, Sophos
- EU funded project on digital security
- SANS Cyber Aces Online Courses
- Guide de planification de la sécurisation des accès par carte à puce, Microsoft
- Virus Total
- JavaSnoop: How to hack anything in Java, Arshan Dabirsiagh
- 80+ Best Free Hacking Tutorials | Resources to Become Pro Hacker, fromdev
- OWASP PHP object injection
- Phrack Magazine
- Base criteria for penetration testing reporting, pentest standard
- Nikto web server scanner
- Nmap Security Scanner
- Introduction to Kali Linux by Offensive Security
- Automatic SQL injection and database takeover tool
- Testing TLS/SSL encryption anywhere on any port
- FIRST is providing several different trainings with the goal to educate new CSIRTs and enhance the capabilities of current teams.
- Top 5 free learning resources for cybersecurity beginners
- The top 10 mobile hacking tools for iOS for reversing and pentesting apps, Nic Cancellari on Peerlyst
- The complete list of Infosec related cheat sheets by Claus Cramon Houmann on Peerlyst
Initiation à la cybersécurité ou outils pédagogiques d’initiation/ Initiation to cybersecurity or initiation tools
- Cybersecurity online training by IASE
- NIH Information Security and information management training courses
- Cyber education and digital citizenship
- Security training material, CalPoly
- Free Information Security Training Materials, risk3sixty
- OWASP Education free training
- Security awareness for teens, hacker high school
- Cybersecurity for beginners
- The novice toolkit by Cyber security challenge UK
- Hacklu2018 is a beginners workshop to understand the basics on telecommunication security and get started with the area.
Social Engineering
Internet
- How the Internet works, the EDRi papers
- What is the Internet, vox.com
- Carte de la santé d’Internet d’Oracle, silicon.fr
Labos et machines virtuelles / Labs and virtual machines
- Pentesterlab
- Metaspoloitable
- Liste de lab à télécharger pour apprendre le pentesting, kali-linux.fr
- Apprendre le pentesting sans aller en prison, blogspot de lcdcodeur
- Response Operation Collection Kit
Humanités Numériques / Digital Humanities
Développement d’application, reverse engineering, revue de code / Software development, reverse engineering, code review
- Introduction to assembly
- Making Vulnerable Web-Applications: XXS, RCE, SQL Injection and Stored XSS ( + Buffer Overflow) Alexander V. Leonov
- Wasmjit is a small embeddable WebAssembly runtime.
- OWASP Secure Coding Practices Quick Reference Guide
- Owasp DevSlop project
- Unlearning toxic behaviors in a code review culture, Sandya Sankarram
- Security training for developers, hacksplaining
- Thimble is an online code editor that makes it easy to create and publish your own web pages while learning, Mozilla (disponible en français)
- Learn Python, Java, C, C++, JavaScript, and Ruby, visualize code and get live help, Pythontutor
- Learn Python the right way in five steps, data quest
- Snuffleupagus bug-classes killers and virtual-patching
- Checkio, games to learn Python and Javascript
- Dyne, digital community and free software foundry
- Jaromil of Dyne
- ASP.NET tutorials, Microsoft
- W3 Schools
- PHP the right way
- PHP Tutorials and Courses
- Learn to be a self-taught expert developer, bento.io
- The Best Way to Learn JavaScript, tutplus
- Learning JavaScript Design Patterns, Addy Osmani
- Super Hero JS
- EloquentJavaScript, Marijn Haverbeke
- How to Learn JavaScript Properly, javascript sexy
- RIPS – A static source code analyser for vulnerabilities in PHP scripts
- Secure Programming with Static Analysis, Brian Chest, Jacob West
- IDA Deassembler
- PHP internals book
- Pro Git book, written by Scott Chacon and Ben Straub and published by Apress
- OWASP Java Page
- OWASP PHP Page
- Flaw flinder, code analysis
- CPP Check, static analysis
- OWASP Null derefence
- A collection of security related Python and Bash shell scripts, Peter Mosmans
- Bandit is a tool designed to find common security issues in Python code
- Safety checks your dependencies for known security vulnerabilities
- VisualCodeGrepper – Code security scanning tool.
- Target= »_blank » – the most underestimated vulnerability ever
- Programming Notes for Professionals books
- Joern A Robust Code Analysis Platform for C/C++
- Exploiting Python Deserialization Vulnerabilities
- Snuffleupagus has a lot of features that can be divided in two main categories: bug-classes killers and virtual-patching
- The JavaScript Learning Landscape in 2018, CSS tricks
- hackr.io many tutorials on many languages
- ASP.NET Tutorials and Courses, hackr.io
- Learn Ruby With the Edgecase Ruby Koans
- Ruby on Rails Tutorial (Rails 5) Learn Web Development with Rails Michael Hartl
- Why’s poignant guide to ruby by Why the Lucky Stiff
- An « Awesome » list of code review resources – articles, papers, tools, etc joho on Github
- Three Great Ways to Learn Ruby Faster, Justin Weiss
- Free tutorials of the pragmatic studio (the rest of the content is not free)
- Scratch, MIT
- MDN Web Docs, Mozilla
- Python for malware analysis on Malwology by Anuj Soni
- The anatomy of a .NET malware dropper by Amit Serper
- A Quick Look At A Malicious Script, execute malware blog
- Malware Analysis for the Incident Responder, Matt Aubert
- Open Analyisis labs on github
- Open malware analysis, Openanalysis
- Reversing My Tamagotchi Forever Evolution, Natalie Silvanovich (I put this here because it is a great example of reverse engineering)
- 11 resources for teaching and learning Python
- The 50 Best Websites to Learn PHP, Code Conquest
- Top 14 Free Resources For Learning JavaScript Online 2018 , colorlib
- 10 Places to Learn JavaScript Online, the balance careers
- 50 resources to help you start learning JavaScript in 2017, Daniel Borowski
- A code review checklist prevents stupid mistakes, Blaine Osepchuk
- 10 principles of a good code review, Jason C. McDonald
- Code review guidelines, Philipp Hauer’s Blog
- Top ten pull request review mistakes, Scott Nonnenberg
- How to write a git commit message, Chris Beams
- How should we do code review, Kamil Lelonek
- What are some best practices for Code Review? Ricardo Castelhano
- Effective code review tips, ruby garage
- Phabricator is a set of tools that help companies build better software, faster.
- Reviewable, GitHub code review
- How to conduct effective code review, Billie Cleek
- Top 10 Most Popular Code Review Tools for Developers and Testers, software testing help
- Security code review guidelines, Adam Shostack
- A beginners workshop to understand the basics on telecommunication security by the blackhoodies
- Programmer’s Day: Resources to audit your code by Cecilia Pastorino from Eset
- Facebook Open Source
Evènements / Events
- Crypto Kait made a list of tips before attending a convention in her case it was the Def Con but i’m sure it could be useful for any other convention
- List of computer security conferences, Wikipedia