The following is a list of blogs, communities, or other miscellaneous resources that can provide some great reads and educational info on topics pertaining to security. Feel free to leave comments below if you think anything should be added!

News -- News/Current Exploits (Gathers top stories from other security news sites [and shows new exploits at the bottom]) --News (One of my favorites, stays very up to date) --News – Another good general security blog (not so much technically oriented)  --Blog “Schneier on Security”  --Security Blog (Just saw this one, but seems very good with good information) --Current Exploits --News (Up-to-date resource)

Classes: -- Arguably the best free security class on the web. Excellent videos, slides, content, and information. Definitely check it out! [tentatively unavailable 01/28/2012]- Security class offered for free by Stanford Univ. Starts late March 2012. - Free Cryptography class offered by Stanford Univ. Started early March. - Free Network and Computer Security course offered by MIT - Great resource if you're looking to learn programming


Hacking: The Art of Exploitation - Great book to that teaches low level exploitation techniques, as well as crucial fundamentals
Violent Python: A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers - Book on using Python for penetration testing tasks
Metasploit: The Penetration Tester's Guide - Book covering the ins and outs of Metasploit. Provides in depth information on usage as well as development
File System Forensic Analysis - Covers forensic techniques for different filesystems. Very thorough and in depth information
The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws - Great book covering techniques for auditing and exploiting web applications
SQL Injection Attacks and Defense - The "SQL Injection Bible". Covers numerous auditing and exploiting techniques using SQL Injection
The Shellcoder's Handbook - Great resource for developing shellcode for use with exploitation 
Real Digital Forensics - Similar to File System Forensic Analysis but with Network forensics and response techniques
Silence on the Wire: A Field Guide to Passive Reconnaissance and Passive Attacks - Interesting book covering fundamentals of fingerprinting and other passive attack techniques 
Social Engineering: The Art of Human Hacking - In depth coverage of social engineering techniques and exploitation
Bejtlich Best Books - Annual lists of best security books read by security professional Richard Bejtlich

Communities: - Netsec subreddit - always up-to-date with the latest stories in netsec - Social Engineering subreddit - Computer Forensics subreddit - Reverse Engineering subreddit - Lockpicking subreddit - Security forum (many of these exist)

Training/Wargames: - Challenges to test exploitation skills - Different exploitation challenges - Many different wargames teaching a variety of security techniques - Free Penetration Testing exercises geared towards web app exploitation - Damn Vulnerable Web App

Tutorials: - Corelan Exploit Writing tutorials (ie a great and thorough Buffer Overflow tutorial can be found here.) - Metasploit Unleashed tutorials provide coverage of using Metasploit - Simple SQL Injection Tutorial

Security Conference Whitepapers and Presentations: -- Presentations (Years’ worth of whitepapers and video/audio presentations)       -- Tools released at Defcon --Presentations (Years’ worth of whitepapers and video/audio presentations) - All videos from the 2011 DerbyCon - Slides and content from past CanSecWest conferences - Derbycon 2012 videos

Existing Vulnerability Research (what we aim to protect against): -- Seems very similar to the webpage right below – Discusses attack vectors and threats – I’ve been looking at this recently and I enjoyed their analysis of many attack vectors – General Wikipedia portal for all things Computer Security --Scroll to the bottom for archives of whitepapers

Multimedia Resources --The "YouTube of Security" (couldn’t recommend this site highly enough!!) -- Incredible Security Podcast (available on iTunes!) --Great social engineering podcast by

Notable Blogs

Carnal0wnage - Attack and Research blog - Blog focused on hardware and reverse engineering
Metasploit Blog
SkullSecurity - Blog focused on misc. security topics
TrailofBits Blog - Misc. Security topics
Room362 Blog - Misc. Security topics
Volatility Labs Blog - Focused on malware and memory forensic analysis
Pentest Geek - Misc. Security topics

Other Resources: - Resource that provides information for ongoing and upcoming CTF events --Social Engineering Framework and Blog (Great Resource to learn SE!) -- Site full of great resources - requires subscription (provided for free if you're a Tech student - will show you how to access it in the meetings).
Amazon Security Books – Amazon is (IMHO) one of the best places for security books. I’ve bought numerous over the years and have enjoyed the price. -- A great resource (forum) for learning best physical security practices as well as being able to measure physical security deficiencies with standard locks.

For Twitter Users: -- Security Professionals on Twitter that you may want to follow (I’m not a twitter user, so I haven’t checked any of these out personally.)

Want to Learn Python? - Codecademy Python course - Fantastic book (free to read online) that teaches Python - Another great book (free to read online) that teaches Python - Python tutorials (contains in-browser code-editor)


  1. What about MOOC's, do you think they are worth it?

    1. Absolutely! I'm currently taking the "Malicious Software and its Underground Economy: Two Sides to Every Story" via coursera, and it's great.

      MOOC's are becoming more and more popular, which is good - it's time we open-source high-quality education. Places like Coursera provide fantastic class at a price I tend to like (free!).

  2. Nice post, very helpful for us.I will
    vulnerability assessment
    penetration testing come back here again & again...:)

    1. On sait depuis longtemps que travailler avec du texte lisible et contenant du sens est source de distractions, et empêche de se concentrer sur la mise en page elle-même. L'avantage du Lorem Ipsum sur un texte générique comme 'Du texte. Du texte. Du texte.'
      mesin pembuat kopi Elektrolux and artikel harga mesin kopi Illy terbaru dan artikel harga mesin kopi merk Kenwood and article harga mesin kopi Nescafe dan ulasan harga mesin cuci 1 tabung dan artikel harga mesin cuci 2 tabung serta artikel harga mesin cuci front loading dan harga mesin cuci top loading juga harga kompor gas merk Quantum dan info harga kompor gas merk Rinnai

  3. Such a nice blogs, communities, or other miscellaneous resources for the it security course
    Thanks for sharing this nice blog..!!!!


  4. Hi, I am John working in IT company. Cause of busy I work in my home so, I need a high-configaration which is one of the
    best computers.
    So, I was feeling worried about the best computer. By friend suggest me to visit your website and got it. This is really good product.
    Specially RAM, graphic, and all configaration are good. I am happy. I am happy.

  5. Great post!I am actually getting ready to across this information,i am very happy to this commands.Also great blog here with all of the valuable information you have.Well done,its a great knowledge.
    Python Training in Chennai

  6. Great post! I am see the programming coding and step by step execute the outputs.I am gather this coding more information. It's helpful for me my friend. Also great blog here with all of the valuable information you have.
    Python Training in Chennai

  7. It is amazing and wonderful to visit your site.Thanks for sharing this information,this is useful to me...
    Android Training in Chennai
    Ios Training in Chennai

  8. now in this new version there are so many new feature and bugs fix.


  9. It is amazing and wonderful to visit your site.Thanks for sharing this information,this is useful to me...
    Android Training in Chennai
    Ios Training in Chennai

  10. Online Computer Courses - Get the free of cost computer courses, classes, training and certification online at your home. Nitro India one of the popular organization provide these services to you free of cost. To get now free classes, courses and certification from Nitro all over the world visit-

  11. Thanks for one marvelous posting! I enjoyed reading it; you are a great author. Besant technology provides python course training in Bangalore

  12. It’s always so sweet and also full of a lot of fun for me personally and my office colleagues to search your blog a minimum of thrice in a week to see the new guidance you have got.Besant Technologies offers the best
    Selenium Training in Bangalore

  13. Those guidelines additionally worked to become a good way to recognize that other people online have the identical fervor like mine to grasp great deal more around this condition.

    Java Training in Bangalore|

  14. Does your blog have a contact page? I’m having problems locating it but, I’d like to shoot you an email. I’ve got some recommendations for your blog you might be interested in hearing. DevOps Training in Bangalore

  15. Thank you a lot for providing individuals with a very spectacular possibility to read critical reviews from this site.

    Dotnet Training in bangalore

  16. This is really too useful and has more ideas from your blog. Keep sharing many techniques. We are waiting for your new blog and for useful information. Keep post more blogs. AWS Training in Bangalore

  17. Very Nice Blog on info on topics pertaining to security.
    Interesting links for blogs kindly keep Blogging.
    Devops Training in Bangalore

  18. Thanks for sharing these these type of blogs keep posting it
    Iot Online Training

  19. very helpfull blog it was a pleasure reading your blog
    would love to read it more
    knowldege is not found but earned through hardwork and good teaching
    that being said click here to join us the next best thing in bangalore
    devops online training
    Devops Training in Bangalore