Resources

Education is crucial to understanding.

As such, here are some security resources that may be helpful and hopefully entertaining to further the education of the end-user or the aspiring future cyber ninja.

Books

Black Hat Python (Justin Seitz, Tim Arnold)
Advanced Penetration Testing (Wil Allsopp)
Red Team Field Manual (Ben Clark)
The Hacker Playbook 3 (Peter Kim)
Practical Malware Analysis (Michael Sikorski, Andrew Honig)
Black Hat Go (Tom Steele, Chris Patten, Dan Kottmann)
The Web Application Hacker's Handbook (Dafydd Stuttard, Marcus Pinto)
Penetration Testing: A Hands-On Introduction to Hacking (Georgia Weidman)

Tools

This is just some of the old favorites.

AutoRecon A very useful, time-saving, multi-threaded, automated network reconnaissance tool
Bloodhound A visual tool utilizing graph theory to display all relationships in an Active Directory or AzureAD environment, whether or not those privilege relationships are intentional
Chisel A TCP/UDP tunneling and SOCKS proxy tool
Crackmapexec A multifunction post-exploitation tool that uses Impacket and PowerSploit for attacks on SMB, LDAP, winrm, MSSQL, SSH, and RDP
Impacket A suite of tools written in Python for working with network protocols
Mimikatz A well-known tool for extracting passwords, hashes, and tickets from memory to view, pass, or turn into a Golden ticket
Nishang A Windows framework for pentesting
PEASS The Privilege Escalation Awesome Scripts Suite (PEASS) made for Linux and Windows executes an automated script to discover common vulnerabilities on a system.
PowerSploit A collection of PowerShell modules for reconnaissance, privilege escalation, exfiltration, anti-virus bypass, persistence, script modification, and code execution. Two particularly useful modules are PowerView which has a variety of recon functions and PowerUp used for privilege escalation
Responder This LLMNR/NBT-NS/mDNS Poisoner is used to capture hashes from network traffic. The hashes can then be cracked offline or used to Pass-the-Hash using NTLMRealyx from Impacket more
SecLists A collection of wordlists for a wide variety of dictionary attacks compiled by Daniel Meissler

Useful Bookmarks

Learning

TCM Security Academy

ZeroPoint Security

Portswigger Web Security Academy

RangeForce Community Edition

Reverse Engineering 101

Enterprise Security Azure Pentesting

Damn Vulnerable Resources