WORK IN PROGRESS

This list is still in progress, stay tuned to read an improved version.

Mooc

Sensibilisation ou initiation / Awarness or introduction

• Mooc de l’anssi (only in french)
• Cybersecurity specialization Coursera (free access to courses material but quizzes and certifications premium)

Misc

• Section sécurité numérique du site développez.com (only in french)
• Free classes for every level on Open Security Training
• Distributed computer system engineering, MIT Open Courseware
• Cours carte puce, Pascal Chour
• Cours et exercices sur la sécurité informatique à télécharger en PDF, bestcours
• Classes by D.J. Bernstein
• Free Courses in Wikiversity

Pentest

• Metasploit Unleashed – Free Ethical Hacking Course
• Cours NYU offensive security

Reverse Engineering

• Modern binary exploitation (Rensselaer polytechnic institute)

Software – IOT – Security Dev

• Security software principles (Rensselaer polytechnic institute)
• Web Connectivity and Security in Embedded Systems, EIT Digital on Coursera
• Computer Programming on Khan Academy

Exploit

• Intro to software exploitation MIT

Forensics

• Digital forensics, Open Learn

Cybersécurité hollistique / Hollistic Cybersecurity

• Securing Digital Democracy by Michigan University on Coursera

Cryptographie / Cryptography

• Cryptography by Khan Academy / Cryptographie sur Khan Academy (available in English / disponible en français)
• Cryptography, MIT Open Courseware
• Cryptography and cryptanalysis, MIT Open Courseware
• Advanced topics in Cryptographyt, MIT Open Courseware
• Cryptgraphy I, Stanford on Coursera

Données / Data

• RGPD, CNIL (only in french)

Blockchain

• Top 6 Free Online Blockchain Course to break into the industry today by Atulya Bhatt on Medium
• Bitcoin and cryptocurrency, Princeton University on Coursera

Réseaux et sécurité des réseaux / Networks and networks’ security

• Cisco netacademy (some of them are free)
• Network and computer security, MIT Open courseware

Podcast

• Humans of infosec: Ep 17 Rock Lambros: Enterprise security lessons for startups
• Humans of infosec on soundcloud
• Infosec Campus

Videos and webinars

Pentest – Bug bounty

• Pentester Academy
• Penetration Testing With Kali Linux
• Open Security Training
• Bhargav Tandel’s channel with content about pentest
• Jhaddix’ youtube channel
• STÖK youtube channel
• OWASP’s youtube channel has Web Pentest content
• Alissa Knight’s youtube channel
• Hackerone’s youtube channel
• Hak5’s youtube channel
• InsiderPhD’s youtube channel

Software – IOT – Security Dev

• SheHacksPurple aka Tanya Janca always has great videos on her youtube channel
• The coding train, watch Daniel Shiffman while he challenges himself with limited time coding challenges.
• Traversy media, web development and programming tutorials
• The Net Ninja, black belt your web skills
• CS Dojo, Python and Javascript tutorials by building a startup with an app to improve a language skill
• Academind, tutorials for web development
• Programming Knowledge, programming tutorials
• Coding Tech
• OWASP’s youtube channel has AppSec content
• Harvard’s CS50’s youtube channel
• E-mma (in french only)
• FreeCodeCamp’s youtube channel

Hollistic Cybersecurity

• STARTS Talks on Cybersecurity and IoT moderated Urmas Paet
• Global Conference on Cyberspace 2015
• Chloe Messdaghi’s channel with Q&As
• Diploweb, Pierre Verluise (french only)
• Cyber News TV
• S&D magazine’s youtube channel
• SERENE-RISC’s youtube channel

Conferences – Communities

• NorthSec’s youtube channel
• Defcon’s youtube channel
• RSA Conference’s videos
• WoSEC International’s youtube channel
• Women Techmakers Montreal’s youtube channel

MISC

• MIT OpenCourseWare’s youtube channel
• Mosse’s Cybersecurity Institute’s youtube channel
• The Cyber Mentor
• Computerphile
• Cookie connecté
• The New Boston, tutorials about programming, web design, graphic design, networking and many more!
• ESD Cyber Security Academy (in french only)
• InfosecGirls’ youtube channel
• Geek Gurl Diaries
• Art of the problem
• Advanced Computer Security, Stanford

CTF writeups

• GynvaelEN
• IppSec
• LiveOverflow

Certifications

• Professor Messer helps out for CompTIA A+, Network+, Security+, Linux+ and other IT certifications
• A full course of 84 videos for CCNA and CCENT Routing and Switching taught by Cisco Instructor Andrew Crouthamel.

Cryptography

• Cryptography boot camp

Bitcoin

• Bitcoin courses of Khan Academy

Learning by doing

CTF Platforms

• Hack The Box (big community, Great OSCP preparation, popular with recruiter)
• Try Hack Me (noob friendly 😀 , have lots of educational content)
• Root-me CTF platform (français / english)(popular with recruiter)
• Hack This Site!
• RingZer0
• Certified Secure (access to many free content see also here for my review about them)
• Defend the web
• Try2hack
• Hellbound hackers
• XSS game area
• Embedded Security CTF, microcorruption
• NYU Osiris CTF
• Plateforme de CTF ESD (français)
• PICOCTF free computer security game targeted at middle and high school student (anyone 13 and older can play for fun or learning during or after the competition period)

Wargames

• NetGarage, wargames
• Wargames, smash the stack
• Wargames, overthewire

Vulnerable labs to set up or vulnerable websites

• OWASP Vulnerable Web Applications Directory
• bWapp
• Damn vulnerable iOS app
• Google gruyere, appspot
• Peruggia by Andrew Kramer
• OWASP Juice shop project
• OWASP Mutillidae
• DVWA: Damn Vulnerable Web Application
• Bodhi – Client-Side Vulnerability Playground
• Metasploitable II
• Metasploitable III

Games for awarness

• PBS: Nova Labs, Cybersecurity Lab
• Texas University: Keep Tradition Secure
• The Weakest Link
• Safeonweb.be: How safe are you?
• Trend Micro: Targeted Attacke: The Game
• Cyber Security Games, Texas A&M University
• Cybermission (reviewed here)

Misc

• Checkmarx: Game of Hacks (code review)
• The Cryptopals Crypto Challenges
• Cyber Security Challenge UK
• Korelogic previous contests
• Learn SQL with SQLZOO

Resources for noobs

• Tips for getting started with CTF, Square CTF
• Le petit guide du chasseur de drapeaux, ungeek
• OWASP WebGoat Web Hacking Simulation Walkthrough
• CTF guide by Trail of Bits (reviewed here)

Other lists of resources for CTF

• Tools and Resources to Prepare for a Hacker CTF Competition or Challenge, Infosec Institute
• A curated list of CTF frameworks, libraries, resources and softwares, Amanpreet Singh
• Capture The Flag (CTF) and Pentest Training Tools, Keith R. Watson

Resources for game creation

Create CTF

• Open cyber challenge
• CTFd, CTF framework
• 10 questions to answer before running a capture the flag (CTF) contest, David Strom

Awarness or training for organizations

• CISA’s Tabletop Exercise Package

---

Ouvrages, articles de référence, sites, tutoriels, associations, conférences et blogs utiles / Books, papers, articles, useful websites, tutorials, communities, conferences and blogs

Lois et normes / Law and Policy

• Parlement ouvert lois sur les données personnelles
• Cadre juridique de la cybersécurité dans l’espace francophone par l’AUF et l’IFIC
• Le RGPD expliqué ligne par ligne, Next Impact
• Intelligence artificielle en droit, precisement.org
• Towards a Common Policy and Technology Context for Cyber Security Norms, Claire Vishik, Mihoko Matsubara, Audrey Plonk
• GDPR for developer, BOZHO’S TECH BLOG
• Q&R: Les nouvelles règles de l’UE sur la protection des données placent les citoyens aux commandes, Parlement européen
• ONU’s repository cybercrime

Pentest

• Mastering Kali Linux for Advanced Penetration Testing 18.44$ on Amazon

Economie / Economy

• Le guide pratique du chef d’entreprise face au risque numérique, 3e forum international sur la cybersécurité
• Follow the Money: Civilizing the Darkweb Economy, Wilson Center
• De la souveraineté fonctionnelle, Internet actu
• Le nouveau paradigme de la cyber sécurité, PAC

Cryptographie, mathématiques / Cryptography, maths

• De la cryptographie dans l’histoire, blog keltia.net
• Blog chiffrer.info
• Introduction to Cryptography, Crypto Kait
• The Code Bookn Simon Singh (teenage version)
• Publications de Gilles Zemor de l’Université de Bordeaux ainsi que certains de ses cours / Gilles Zemor’s papers (some are in English)
• Applied Cryptography, Second Edition, Bruce Schneier
• Bibliothèque des maths
• Cours de cryptographie de l’Université Paris XIII
• How to implement a simple hash table in JavaScript, Alex Nadalin
• Cryptographic Hash Functions Explained: A Beginner’s Guide, Komode platform
• Basics of Hash Tables, Hackerearth
• The State of Hashing Algorithms  The Why, The How, and The Future, Raul Jordan
• Learn Cryptography: From Beginner to Expert, Common Lounge
• Crypto101
• How to Learn Cryptography in 2018 (and Stay Sane), Chris Pete
• How to start learning cryptography, vixentael
• Cambridge University, Cryptography
• NSA Codebreakers, an email address from a recognized U.S. school or university is required
• Dcode (french only)
• Cyber chef automated encoded detection

Systèmes d’exploitations / Operating System

• UNIX / LINUX Tutorial, Tutorials point
• UNIX Tutorial for Beginners, University of Surrey
• Learn Linux in 5 Days Jason Cannon
• Training resources from Linux Foundation

Blockchain

• Blockchain programming, digital-dreamer on GitHub
• Ethereum France

Géopolitique / Geopolitical

• Digital Watch Geneva Internet Platform
• Cyberdéfense OTAN
• Cybersécurité programme de référence générique OTAN
• Guide pratique de la cybersécurité et de la cyberdéfense
• United Nations Institute for Disarmament
• Cybersécurité: au coeur des menaces informatiques, le facteur humain, Ministère des armées
• Cybersecurity of Nuclear Weapons Systems Threats, Vulnerabilities and Consequences, Chatham House
• Cyberguerre, aboutissement de la guerre totale : la France est-elle prête? ESEQ
• Internet a-t-il transformé la guerre, France Inter
• La Cyberguerre, Université de Caen

Surveillance, protection des données, fuite de données / Surveillance, Personal Data protection, data leaks

• Surveillance : entre légende et connaissance, France culture
• Louis Pouzin Internet est bâti sur un marécage, L’Express
• Les fuites de données, armes de déstabilisation massive
• Les droits pour maitriser vos données personnelles, CNIL
• Le blog Informatique et Libertés du CNAM de Paris

Techniques et outils de cybersécurité, Conférences, Ressources pour apprendre / Cybersecurity techniques and tools, Conventions, learning resources

• Peerlyst, Where professionals get IT right
• Getting Started in Information Security, reddit
• Beginner’s Guide To Cyber Deception, Varmour
• Comment devenir hacker éthique? Lydéric LEFEBVRE article available in english here
• Let’s Encrypt is a free, automated, and open certificate authority
• Cyber defense magazine
• Actes SSTIC 2018
• DefCon talks or on youtube
• Kitploit, the hacker’s tools
• Leiden safety and security blog
• Mindmap for pentesting practice, Aman Hardikar
• OWASP
• Review of tools and courses, Concise Courses
• Free Ethical Hacking Tutorials: Course for Beginners, Guru99
• Penetration testing tools cheatsheet, HighOn.Coffee
• CVE Security database
• Cyber Misfits
• Le blog du hacker
• Hack in the box
• Hacking tutorial
• Hack a day
• Break the security
• Hacking loops
• Building a home lab to become a malware hunter, alien vault
• Cours CyberSécurité – Concepts Clés Franck Franchin
• Morning star security (content curation website)
• List of tools for cybersecurity, seclists.org
• Web sandbox, urlscan
• Web pentesting and hacking articles, Raj Chandel’s Blog
• Linux journey
• List of resources on GitHub to learn to hack, Awesome Hacking
• Ressources ANSSI et outils pédagogiques
• Top 5 free learning resources for cybersecurity beginners, infosec institute
• List of Free resources for learning, Business news daily
• Exploit database
• Tutoriel injection SQL, zest de savoir
• Tutoriel détaillé injection SQL, hackademics
• Injection SQL, bases hacking (only in french)
• Cours de réseaux, developpez.com
• Analyse réseaux avec Wireshark, developpez.com
• Partage de connaissances du monde TCP/IP, frameip
• Repository of doc.lagout.org (ressources en français / resources in english)
• Repository de zen-security (beaucoup ressources en français / some resources in english)
• Repository de root-me.org (ressources en français / some resources in english)
• McAfee free tools for security
• Vuln hub (resources for training)
• CyberPunk: Open Source CyberSecurity
• Free infosec training resources, James Webb
• MIT Open Courseware
• Blog Fox Gloves Security
• Seach security on techtarget.com
• The A-Z of computer and data security threats, Sophos
• EU funded project on digital security
• SANS Cyber Aces Online Courses
• Guide de planification de la sécurisation des accès par carte à puce, Microsoft
• Virus Total
• JavaSnoop: How to hack anything in Java, Arshan Dabirsiagh
• 80+ Best Free Hacking Tutorials | Resources to Become Pro Hacker, fromdev
• OWASP PHP object injection
• Phrack Magazine
• Base criteria for penetration testing reporting, pentest standard
• Nikto web server scanner
• Nmap Security Scanner
• Introduction to Kali Linux by Offensive Security
• Automatic SQL injection and database takeover tool
• Testing TLS/SSL encryption anywhere on any port
• FIRST is providing several different trainings with the goal to educate new CSIRTs and enhance the capabilities of current teams.
• Top 5 free learning resources for cybersecurity beginners
• The top 10 mobile hacking tools for iOS for reversing and pentesting apps, Nic Cancellari on Peerlyst
• The complete list of Infosec related cheat sheets by Claus Cramon Houmann on Peerlyst

Initiation à la cybersécurité ou outils pédagogiques d’initiation/ Initiation to cybersecurity or initiation tools

• Cybersecurity online training by IASE
• NIH Information Security and information management training courses
• Cyber education and digital citizenship
• Security training material, CalPoly
• Free Information Security Training Materials, risk3sixty
• OWASP Education free training
• Security awareness for teens, hacker high school
• Cybersecurity for beginners
• The novice toolkit by Cyber security challenge UK
• Hacklu2018 is a beginners workshop to understand the basics on telecommunication security and get started with the area.

Social Engineering

• Le social engineering, internet et les entreprises, tech2tech.fr

Internet

• How the Internet works, the EDRi papers
• What is the Internet, vox.com
• Carte de la santé d’Internet d’Oracle, silicon.fr

Labos et machines virtuelles / Labs and virtual machines

• Pentesterlab
• Metaspoloitable
• Liste de lab à télécharger pour apprendre le pentesting, kali-linux.fr
• Apprendre le pentesting sans aller en prison, blogspot de lcdcodeur
• Response Operation Collection Kit

Humanités Numériques / Digital Humanities

• Sign post six: list of downloads for Insider risk management
• Sign post six: list of links

Développement d’application, reverse engineering, revue de code / Software development, reverse engineering, code review

• Introduction to assembly
• Making Vulnerable Web-Applications: XXS, RCE, SQL Injection and Stored XSS ( + Buffer Overflow) Alexander V. Leonov
• Wasmjit is a small embeddable WebAssembly runtime.
• OWASP Secure Coding Practices Quick Reference Guide
• Owasp DevSlop project
• Unlearning toxic behaviors in a code review culture, Sandya Sankarram
• Security training for developers, hacksplaining
• Thimble is an online code editor that makes it easy to create and publish your own web pages while learning, Mozilla (disponible en français)
• Learn Python, Java, C, C++, JavaScript, and Ruby,  visualize code and get live help, Pythontutor
• Learn Python the right way in five steps, data quest
• Snuffleupagus bug-classes killers and virtual-patching
• Checkio, games to learn Python and Javascript
• Dyne, digital community and free software foundry
• Jaromil of Dyne
• ASP.NET tutorials, Microsoft
• W3 Schools
• PHP the right way
• PHP Tutorials and Courses
• Learn to be a self-taught expert developer, bento.io
• The Best Way to Learn JavaScript, tutplus
• Learning JavaScript Design Patterns, Addy Osmani
• Super Hero JS
• EloquentJavaScript, Marijn Haverbeke
• How to Learn JavaScript Properly, javascript sexy
• RIPS – A static source code analyser for vulnerabilities in PHP scripts
• Secure Programming with Static Analysis, Brian Chest, Jacob West
• IDA Deassembler
• PHP internals book
• Pro Git book, written by Scott Chacon and Ben Straub and published by Apress
• OWASP Java Page
• OWASP PHP Page
• Flaw flinder, code analysis
• CPP Check, static analysis
• OWASP Null derefence
• A collection of security related Python and Bash shell scripts, Peter Mosmans
• Bandit is a tool designed to find common security issues in Python code
• Safety checks your dependencies for known security vulnerabilities
• VisualCodeGrepper – Code security scanning tool.
• Target= »_blank » – the most underestimated vulnerability ever
• Programming Notes for Professionals books
• Joern A Robust Code Analysis Platform for C/C++
• Exploiting Python Deserialization Vulnerabilities
• Snuffleupagus has a lot of features that can be divided in two main categories: bug-classes killers and virtual-patching
• The JavaScript Learning Landscape in 2018, CSS tricks
• hackr.io many tutorials on many languages
• ASP.NET Tutorials and Courses, hackr.io
• Learn Ruby With the Edgecase Ruby Koans
• Ruby on Rails Tutorial (Rails 5) Learn Web Development with Rails Michael Hartl
• Why’s poignant guide to ruby by Why the Lucky Stiff
• An « Awesome » list of code review resources – articles, papers, tools, etc joho on Github
• Three Great Ways to Learn Ruby Faster, Justin Weiss
• Free tutorials of the pragmatic studio (the rest of the content is not free)
• Scratch, MIT
• MDN Web Docs, Mozilla
• Python for malware analysis on Malwology by Anuj Soni
• The anatomy of a .NET malware dropper by Amit Serper
• A Quick Look At A Malicious Script, execute malware blog
• Malware Analysis for the Incident Responder, Matt Aubert
• Open Analyisis labs on github
• Open malware analysis, Openanalysis
• Reversing My Tamagotchi Forever Evolution, Natalie Silvanovich (I put this here because it is a great example of reverse engineering)
• 11 resources for teaching and learning Python
• The 50 Best Websites to Learn PHP, Code Conquest
• Top 14 Free Resources For Learning JavaScript Online 2018 , colorlib
• 10 Places to Learn JavaScript Online, the balance careers
• 50 resources to help you start learning JavaScript in 2017, Daniel Borowski
• A code review checklist prevents stupid mistakes, Blaine Osepchuk
• 10 principles of a good code review, Jason C. McDonald
• Code review guidelines, Philipp Hauer’s Blog
• Top ten pull request review mistakes, Scott Nonnenberg
• How to write a git commit message, Chris Beams
• How should we do code review, Kamil Lelonek
• What are some best practices for Code Review? Ricardo Castelhano
• Effective code review tips, ruby garage
• Phabricator is a set of tools that help companies build better software, faster.
• Reviewable, GitHub code review
• How to conduct effective code review, Billie Cleek
• Top 10 Most Popular Code Review Tools for Developers and Testers, software testing help
• Security code review guidelines, Adam Shostack
• A beginners workshop to understand the basics on telecommunication security by the blackhoodies
• Programmer’s Day: Resources to audit your code by Cecilia Pastorino from Eset
• Facebook Open Source

Evènements / Events

• Crypto Kait made a list of tips before attending a convention in her case it was the Def Con but i’m sure it could be useful for any other convention
• List of computer security conferences, Wikipedia

Bug bounty platforms

• Bug crowd
• Hackerone
• Bounty factory (french but available in english)
• Yogosha (in english and french)
• List of bug bounty program, vulnerability lab
• Fire bounty