awesome-nicc

A list of cybersecurity resources from the NJIT Information and Cybersecurity Club.

HTML version, Markdown version.

Click here to return to the NICC website.

---

Table of contents

• Entries
  • Competition
  • Cracking
  • Crypto
  • Employment
  • Exploitation
  • Forensics
  • Monitoring
  • Networking
  • NJIT Student Access
  • Operating System
  • OSINT
  • Programming
  • Pwn
  • Rev
  • Scholarship
  • Steg
  • Sysadmin
  • Training
  • Video
  • Web
• List of Licenses
• Contributing
• License

---

Entries

Competition

^ back to top ^

Cybersecurity competitions and resources for them.

• NCAE CyberGames - "NCAE Cyber Games is dedicated to inspiring college students to enter the exciting (and sometimes profitable!) realm of cyber competitions."
• Secure the Future - Palo Alto Network's academic cybersecurity competition.

Cracking

^ back to top ^

Tools to be used for username/password cracking.

• CUPP - Common User Password Profiler
  
  Generates password word lists based knowledge known about a user. GPL-3.0 Windows/Mac/Linux
• Hashcat - Password hash cracker. (Source Code) MIT Windows/Mac/Linux
• Hydra - Online password brute-force tool for SSH, RDP, HTTP, etc. AGPL-3.0 Mac/Linux
• John the Ripper - Password hash cracker. (Source Code) GPL-2.0 Mac/Linux

Crypto

^ back to top ^

Anything related to cryptography.

• CyberChef - "The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis." (Source Code) Apache-2.0 Web App
• Dcode.fr - Many encode and decode tools for different ciphers. Proprietary/Freeware Web App
• F00L.DE - Collection of miscellaneous tools such as vigenere cipher cracking, file analysis, etc. Freeware/Source Given with No License Web App/Windows/Mac/Linux
• Rapid Tables - Collection of different converter tools and calculators. Proprietary/Freeware Web App

Employment

^ back to top ^

Resources for finding jobs.

• cloudtango - Catalog of MSPs (managed service providers). Proprietary/Freeware Web App
• FederalPay.org - "We are a non-governmental information portal built by federal employees, for federal employees." Proprietary/Freeware Web App
• Hiration - Cover letter and resume builder. Proprietary/Freeware Web App
• Zerodium - Bug bounty program.

Exploitation

^ back to top ^

General exploitation category for things that don't fit in other places.

• GTFOBins - "GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems." (Source Code) GPL-3.0 Web App
• LOLBAS - "The goal of the LOLBAS project is to document every binary, script, and library that can be used for Living Off The Land techniques." (Source Code) GPL-3.0 Web App
• Payloads All The PDFs - "A list of crafted malicious PDF files to test the security of PDF readers and tools." Apache-2.0 ``

Forensics

^ back to top ^

Anything related to computer forensics.

• binwalk - Binwalk is a fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images. MIT Mac/Linux
• gpp-decrypt - Ruby script used to decrypt Microsoft Group Policy preferences strings. Included in Kali by default. (Source Code) Freeware/Source Given with No License Windows/Mac/Linux
• Microsoft Security Complaince Toolkit - "Policy Analyzer is a utility for analyzing and comparing sets of Group Policy Objects (GPOs). It can highlight when a set of Group Policies has redundant settings or internal inconsistencies, and can highlight the differences between versions or sets of Group Policies." Proprietary/Freeware Windows
• oletools - Python tools to analyze Microsoft OLE2 files (used in Office, Outlook, MSI files). BSD-2-Clause Windows/Linux/Mac
• PSBits Offline GPO Analysis - Analyze Microsoft Group Policy files offline. Unlicense Windows

Monitoring

^ back to top ^

Tools to be used for monitoring systems and networks.

• Datadog - Infrastructure monitoring tool.
  
  10 servers free for 2 years via GitHub Education Pack. Proprietary/Freemium Web App/Windows/Mac/Linux

Networking

^ back to top ^

Anything related to computer networking.

• AC Hunter - Tool for network C2 monitoring. Proprietary/Freemium Linux
• Canarytokens - "Canarytokens helps track activity and actions on your network."
  
  "Canarytokens are like motion sensors for your networks, computers and clouds. You can put them in folders, on network devices and on your phones." (Source Code) GPL-3.0 Web App
• NetworkMiner - NetworkMiner is an open source network forensics tool that extracts artifacts, such as files, images, emails and passwords, from captured network traffic in PCAP files. (Source Code) GPL-2.0 Windows/Linux
• Nmap - Network port scanner tool. (Source Code) Nmap-PSL Windows/Mac/Linux
• Snort - IDS/IPS that does packet monitoring and logging based on rules. (Source Code) GPL-2.0 Windows/Linux
• Suricata - IDS/IPS that does packet monitoring and logging based on rules. Similar to Snort but multithreaded. (Source Code) GPL-2.0 Windows/Linux
• tcpdump - CLI data network packet analyzer. Can dump to pcap files. (Source Code) BSD-3-Clause Windows/Mac/Linux
• Wireshark - Network packet sniffer that can capture from interfaces in real time or read pcap files. (Source Code) GPL-2.0 Windows/Mac/Linux

NJIT Student Access

^ back to top ^

Software that is given to us as NJIT students.

Operating System

^ back to top ^

Computer operating systems.

• BlackArch Linux - "BlackArch Linux is an Arch Linux-based penetration testing distribution for penetration testers and security researchers." (Source Code) Multiple Licenses Linux
• Kali Linux - Pentesting focused OS based on Debian Linux. Many cybersecurity tools are preinstalled. (Source Code) Multiple Licenses Linux
• Parrot Linux - Another pentesting focused OS based on Kali. (Source Code) Multiple Licenses Linux
• VirtualBox - Virtual machine hypervisor. Generally used to create Kali or Parrot VMs separate from your host operating system. (Source Code) GPL-3.0 Windows/Mac/Linux

OSINT

^ back to top ^

Anything related to open source intelligence.

• OSINT Framework - Guide to assist in gathering information while performing OSINT. (Source Code) MIT Web App
• OSINT Techniques Book - "Resources for Uncovering Online Information"
  
  By Michael Bazzell. `` Book

Programming

^ back to top ^

Anything related to programming.

• Spectra Assure Community - "Spectra Assure Community monitors open source packages to identify malware, code tampering and indicators of software supply chain attacks." Proprietary/Freemium Web App

Pwn

^ back to top ^

Tools related to exploting binaries (common in CTFs).

• Metasploit - "The world’s most used penetration testing framework." (Source Code) BSD-3-Clause Windows/Mac/Linux
• Pwntools - Pwntools is a python ctf library designed for rapid exploit development. Multiple Licenses Mac/Linux

Rev

^ back to top ^

Anything related to reverse engineering software.

• dnSpy - .NET / Unity decompiler. GPL-3.0 Windows
• Ghidra - Suite of tools for software reverse engineering developed by the NSA. (Source Code) Apache-2.0 Windows/Mac/Linux
• ILSpy - .NET / Unity decompiler. MIT Windows/Mac/Linux
• Malcat - "Malcat is a feature-rich hexadecimal editor / disassembler for Windows and Linux targeted to IT-security professionals." Proprietary/Freemium Windows/Linux

Scholarship

^ back to top ^

Education scholarship programs.

• National Cyber Scholarship Foundation - "National Cyber Scholarship Foundation (NCSF) has launched a national initiative to identify and develop a new generation of Cyber Stars."
• NJIT Secure Computing Initiative - "The NJIT Secure Computing Initiative (SCI) seeks to award scholarships as part of the CyberCorps® Scholarship for Service (SFS) program."

Steg

^ back to top ^

Anything related to steganography.

• Aperisolve - Steganography analysis for multiple tools combined into one. (Source Code) Freeware/Source Given with No License Web App
• Deepsound - Hides files within audio. Freeware/Source Given with No License Windows
• IronGeek Unicode Steg - Hides text within text. Proprietary/Freeware Web App
• OpenStego - Stegonography application for data hiding and watermarking. (Source Code) GPL-2.0 Windows/Mac/Linux
• OutGuess - "Outguess is a universal steganographic tool that allows the insertion of hidden information into the redundant bits of data sources." BSD-4-Clause Linux
• QRazyBox - "QR Code Analysis and Recovery Toolkit" (Source Code) MIT Web App
• Stegdetect - Abandoned tool for detecting steganographic content in images. BSD-4-Clause Linux
• StegOnline - Online Image Steganography Tool for Embedding and Extracting data through LSB techniques. (Source Code) WTFPL Web App

Sysadmin

^ back to top ^

Anything related to systems administration.

• Awesome Selfhosted - "This is a list of Free Software network services and web applications which can be hosted on your own server(s).." (Source Code) CC-BY-SA-3.0 Web App
• NetBox - Network engineer tool for IPAM, provisioning, routing, diagrams, etc. (Source Code) Apache-2.0 Linux

Training

^ back to top ^

Training resources.

• 10 Types of Application Security Testing Tools - List of different application security testing tools and methods. `` Web App
• A Graduate Course in Applied Cryptography Book - "Throughout the book we present many case studies to survey how deployed systems operate. We describe common mistakes to avoid as well as attacks on real-world systems that illustrate the importance of rigor in cryptography."
  
  By Dan Boneh and Victor Shoup. `` Book
• Antisyphon Training - Approachable, accessible, and affordable public and private training. Proprietary/Freemium Web App
• Awesome CTF - "A curated list of Capture The Flag (CTF) frameworks, libraries, resources, softwares and tutorials." CC0-1.0 Web App
• Backdoors & Breaches - Incident response card game. Can buy card deck or play online. `` Web App
• Clark - Largest platform for building and sharing free cybersecurity curriculum. Proprietary/Freeware Web App
• CMD Challenge - "Test your shell knowledge by taking the CMD Challenge" (Source Code) MIT Web App
• Codecademy Cybersecurity - Contains multiple cybersecurity focused courses. Proprietary/Freemium Web App
• Competitive Programmer’s Handbook - "The purpose of this book is to give you a thorough introduction to competitive programming."
  
  By Antti Laaksonen. `` Book
• Computer Systems Security: Planning For Success - "The text, labs, and review questions in this book are designed as an introduction to the applied topic of computer security."
  
  By Ryan Tolboom. CC-BY-NC-SA-4.0 Web App/Book
• Cybersecurity Guide - A collection of guides on different cybersecurity career paths and certifications. `` Web App
• ForeverCTF - CTF that is up indefinitely for practice. Proprietary/Freeware Web App
• GCA Cybersecurity Toolkit - A toolkit to help improve your personal cyber hygiene. Proprietary/Freeware Web App
• Google Dorking Tutorial - Tutorial on Google "dorking" which is the art of using search operators to find what you want. Proprietary/Freeware Web App
• HackTheBox - Test your skills against a variety of hacking labs! Proprietary/Freemium Web App
• HackTricks - Collection of hacking tricks: e.g reverse shells, encoded text for web, etc. (Source Code) CC-BY-NC-4.0 Web App
• How To Secure A Linux Server - "An evolving how-to guide for securing a Linux server." CC-BY-SA-4.0 ``
• DNS Remote Code Execution - Video series exploiting WAN vulnerabilities in network devices.
• Intro to Binary Exploitation - Intro to Binary Exploitation video series.
• Kontra Application Security Training - Interactive application security training. Proprietary/Freemium Web App
• Kurose/Ross Networking Book - Material on understanding computer networks.
  
  By Jim Kurose and Keith Ross. Proprietary/Freeware Web App/Book
• learnpython.org - Python references and tutorials. (Source Code) Proprietary/Freeware Web App
• Linux auditd for Threat Detection - Blog post on configuring auditd on Linux systems. `` Web App/Book
• Metasploitable - "Metasploitable is an intentionally vulnerable Linux virtual machine." (Source Code) Multiple Licenses Linux
• CISA National Initiative for Cybersecurity Careers and Studies - "NICCS is the premier online resource for cybersecurity training, education, and career information." Proprietary/Freeware Web App
• Nightmare Bin/Rev Guide - Nightmare is an intro to binary exploitation / reverse engineering course based around ctf challenges. (Source Code) Freeware/Source Given with No License Web App
• OverTheWire - Learn Linux basics through fun-filled games. Proprietary/Freeware Web App
• Payloads All The Things - "A list of useful payloads and bypasses for Web Application Security." (Source Code) MIT Web App
• PentesterLab - Learn how to manually exploit web applications! Proprietary/Freemium Web App
• picoGym - CTF that is up indefinitely for practice. (Source Code) Proprietary/Freeware Web App
• PortSwigger Web Security Academy - Free, online web security training from the creators of BurpSuite! Proprietary/Freeware Web App
• Security Certification Roadmap - A roadmap of differnet cybersecurity certifications. (Source Code) CC-BY-SA-4.0 Web App
• shellscript.sh - Tutorials for bash scripting. Proprietary/Freeware Web App
• Snyk CTF 101 Workshop - "Check out this hands-on, virtual workshop to learn how to solve Capture the Flag (CTF) challenges, including pwn and web. After the workshop, you'll have the security skills and experience to compete in CTFs." Proprietary/Freeware Web App
• Splunk Work+ Training - 1 year of free Splunk SIEM Training for NJIT students.
  Courses should come up as $0. If not, send and email to [email protected]. Proprietary/Freemium Web App
• TryHackMe - Hand-on cyber security training through real-world scenarios. Proprietary/Freemium Web App
• VulnHub - Collection of vulnerable VM images. Multiple Licenses ``

Video

^ back to top ^

Videos.

Web

^ back to top ^

Anything related to websites and website exploitation.

• BurpSuite - For pentesting web applications. Can replay and modify requests, fuzz request values, proxy between the browser and site, etc. Proprietary/Freemium Windows/Mac/Linux
• Dirb - Dictionary scan of web servers. GPL-2.0 Linux
• Enum_AzureSubdomains - "A Metasploit Auxiliary module for enumerating public Azure services by locating valid subdomains through various DNS queries." Freeware/Source Given with No License Windows/Mac/Linux
• Evilginx - "Evilginx is a man-in-the-middle attack framework used for phishing login credentials along with session cookies, which in turn allows to bypass 2-factor authentication protection." BSD-3-Clause Windows/Mac/Linux
• HackThisSite - "HackThisSite.org is a free, safe and legal training ground for hackers to test and expand their ethical hacking skills with challenges, CTFs, and more." Proprietary/Freeware Web App
• JWT.io - Tool to decode and encode JSON Web Tokens. (Source Code) MIT Web App
• OWASP Top Ten - "The OWASP Top 10 is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications." (Source Code) CC-BY-SA-4.0 Web App
• OWASP WebGoat - "WebGoat is a deliberately insecure application that allows interested developers just like you to test vulnerabilities commonly found in Java-based applications that use common and popular open source components." (Source Code) GPL-2.0 Windows/Mac/Linux
• OWASP ZAP - For pentesting web applications. Can replay and modify requests, fuzz request values, proxy between the browser and site, etc. (Source Code) Apache-2.0 Windows/Mac/Linux
• Shodan - Search engine for IoT devices. Can search for publically accessible servers based on details such as header, geolocation, etc. Proprietary/Freemium Web App
• sig2n - Python scripts to perform JWT algorithm confusion.
  
  Usage instructions from PortSwigger here. (Source Code) GPL-3.0 Windows/Mac/Linux
• WhatWeb - Scans websites to recognize what software is being used to power them. (Source Code) GPL-2.0 Windows/Mac/Linux/Web App

---

List of Licenses

^ back to top ^

• 0BSD - BSD Zero-Clause Licence
• AAL - Attribution Assurance License
• AGPL-3.0 - GNU Affero General Public License 3.0
• Apache-2.0 - Apache, Version 2.0
• APSL-2.0 - Apple Public Source License, Version 2.0
• Artistic-2.0 - Artistic License Version 2.0
• Beerware - Beerware License
• BSD-2-Clause - BSD 2-clause "Simplified"
• BSD-2-Clause-FreeBSD - BSD 2-Clause FreeBSD License
• BSD-3-Clause - BSD 3-Clause "New" or "Revised"
• BSD-3-Clause-Attribution - BSD with attribution
• BSD-4-Clause - BSD 4-clause "Original"
• CC-BY-NC-4.0 - Creative Commons Attribution-NonCommercial 4.0 License
• CC-BY-NC-SA-4.0 - Creative Commons Attribution-NonCommercial-ShareAlike 4.0 License
• CC-BY-SA-3.0 - Creative Commons Attribution-ShareAlike 3.0 License
• CC-BY-SA-4.0 - Creative Commons Attribution-ShareAlike 4.0 License
• CC0-1.0 - Public Domain/Creative Common Zero 1.0
• CDDL-1.0 - Common Development and Distribution License
• CECILL-B - CEA CNRS INRIA Logiciel Libre
• CPAL-1.0 - Common Public Attribution License Version 1.0
• ECL-2.0 - Educational Community License, Version 2.0
• EPL-1.0 - Eclipse Public License, Version 1.0
• EPL-2.0 - Eclipse Public License, Version 2.0
• EUPL-1.2 - European Union Public License 1.2
• Freemium - Freemium (Free to use in some capacity but has paid upgrades)
• Freeware - Freeware (Free to use)
• GPL-1.0 - GNU General Public License 1.0
• GPL-2.0 - GNU General Public License 2.0
• GPL-3.0 - GNU General Public License 3.0
• IPL-1.0 - IBM Public License
• ISC - Internet Systems Consortium License
• LGPL-2.1 - Lesser General Public License 2.1
• LGPL-3.0 - Lesser General Public License 3.0
• MIT - MIT License
• MPL-1.1 - Mozilla Public License Version 1.1
• MPL-2.0 - Mozilla Public License
• Multiple Licenses - Multiple Licenses (for entries such as Linux distros which contain many programs)
• Nmap-PSL - Nmap Public Source License
• OSL-3.0 - Open Software License 3.0
• Proprietary - Proprietary (closed source)
• Sendmail - Sendmail License
• Source Given with No License - Source Given with No License
• Ruby - Ruby License
• Unlicense - The Unlicense
• WTFPL - Do What the Fuck You Want to Public License
• Zlib - Zlib/libpng License
• ZPL-2.0 - Zope Public License 2.0

---

Contributing

Contributing guidelines can be found here.

License

This list is under the Creative Commons Attribution-ShareAlike 3.0 Unported License. Terms of the license are summarized here.
Markdown and HTML generating code adapted from the awesome-selfhosted community. Changes were made to page verbage and formatting.