Sparwol Security

Education is crucial to understanding.

As such, here are some security resources that may be helpful and hopefully entertaining to further the education of the end-user or the aspiring future cyber ninja.


  • Black Hat Python (Justin Seitz, Tim Arnold)
  • Advanced Penetration Testing (Wil Allsopp)
  • Red Team Field Manual (Ben Clark)
  • The Hacker Playbook 3 (Peter Kim)
  • Practical Malware Analysis (Michael Sikorski, Andrew Honig)
  • Black Hat Go (Tom Steele, Chris Patten, Dan Kottmann)
  • The Web Application Hacker's Handbook (Dafydd Stuttard, Marcus Pinto)
  • Penetration Testing: A Hands-On Introduction to Hacking (Georgia Weidman)


This is just some of the old favorites.

  • AutoRecon A very useful, time-saving, multi-threaded, automated network reconnaissance tool
  • Bloodhound A visual tool utilizing graph theory to display all relationships in an Active Directory or AzureAD environment, whether or not those privilege relationships are intentional
  • Chisel A TCP/UDP tunneling and SOCKS proxy tool
  • Crackmapexec A multifunction post-exploitation tool that uses Impacket and PowerSploit for attacks on SMB, LDAP, winrm, MSSQL, SSH, and RDP
  • Impacket A suite of tools written in Python for working with network protocols
  • Mimikatz A well-known tool for extracting passwords, hashes, and tickets from memory to view, pass, or turn into a Golden ticket
  • Nishang A Windows framework for pentesting
  • PEASS The Privilege Escalation Awesome Scripts Suite (PEASS) made for Linux and Windows executes an automated script to discover common vulnerabilities on a system.
  • PowerSploit A collection of PowerShell modules for reconnaissance, privilege escalation, exfiltration, anti-virus bypass, persistence, script modification, and code execution. Two particularly useful modules are PowerView which has a variety of recon functions and PowerUp used for privilege escalation
  • Responder This LLMNR/NBT-NS/mDNS Poisoner is used to capture hashes from network traffic. The hashes can then be cracked offline or used to Pass-the-Hash using NTLMRealyx from Impacket more
  • SecLists A collection of wordlists for a wide variety of dictionary attacks compiled by Daniel Meissler

Useful Bookmarks


Read our blog for an up-to-date account of what we are learning, as we learn it.