Evan Hahn evanhahn.com
Web security and JavaScript. Express.js Helmet maintainer.
Security
Cybersecurity and infosec
31 sites
Ben Tasker bentasker.co.uk
Security, home automation, and self-hosting. Practical guides and projects.
Schneier on Security schneier.com
Bruce Schneier's security blog. Cryptographer and security expert writing since 2004.
Phrack Magazine phrack.org
The legendary hacker ezine since 1985. Technical articles on security, exploitation, and hacker culture. Issue 72 in 2025.
Privacy Tools privacytools.io
Services, tools and knowledge to protect your privacy. Curated recommendations for privacy-respecting software.
Have I Been Pwned haveibeenpwned.com
Check if your email or phone was in a data breach. Free service by Troy Hunt, essential for security awareness.
VirusTotal virustotal.com
Analyze files and URLs for malware. Scans with 70+ antivirus engines and URL/domain blocklists.
Moxie Marlinspike moxie.org
Founder of Signal. Writing on cryptography, privacy, security, and the intersection of technology and society.
Filippo Valsorda blog.filippo.io
Cryptographer, Go security lead. Creator of mkcert. Deep technical posts on cryptography and security.
Krebs on Security krebsonsecurity.com
Brian Krebs' investigative reporting on cybercrime. Breaking security news and deep dives into hacking incidents.
A Few Thoughts on Cryptographic Engineering blog.cryptographyengineering.com
Matthew Green's blog on cryptography and security. Accessible explanations of complex crypto topics.
Awesome Security github.com
Collection of security resources. Tools, books, and resources for security professionals.
Awesome Hacking github.com
Curated list of hacking resources. CTFs, tutorials, tools, and learning paths.
The Book of Secret Knowledge github.com
Collection of inspiring lists, manuals, cheatsheets, and tools. 200K+ stars. A hacker's encyclopedia.
SSL Labs ssllabs.com
Test SSL/TLS configuration of any website. Industry standard for SSL analysis.
Security Headers securityheaders.com
Analyze HTTP security headers of any website. Quick security audit.
tmp.0ut tmpout.sh
ELF research group and zine. Deep technical content on binary hacking, virus writing, and Linux internals.
PoC||GTFO pocorgtfo.hacke.rs
Proof of Concept or GTFO. Hacker journal with deeply technical essays on reverse engineering and file formats. Often a valid PDF, ZIP, and bootable OS simultaneously.
Exploit Database exploit-db.com
Archive of public exploits and vulnerable software. Essential resource for security researchers and penetration testers.
HackTricks book.hacktricks.xyz
Massive wiki of hacking techniques for CTFs and pentesting. Privilege escalation, web attacks, and more.
Shodan shodan.io
Search engine for Internet-connected devices. See what's exposed on the internet. Essential for security researchers.
conduition conduition.io
Deep technical reverse engineering posts. Famous for breaking down Ticketmaster's rotating barcode system.
mango.pdf.zone mango.pdf.zone
Security researcher Alex Hope. Famous for finding Tony Abbott's passport number on Instagram.
OverTheWire Wargames overthewire.org
Learn security through challenges. SSH-based hacking games.
Cryptopals cryptopals.com
Learn cryptography by breaking it. Programming challenges teaching crypto.
pwn.college pwn.college
Cybersecurity education platform. CTF-style learning from ASU.
TryHackMe tryhackme.com
Learn cybersecurity through hands-on exercises. Guided hacking rooms.
PortSwigger Web Security Academy portswigger.net
Free web security training. Learn to find and exploit vulnerabilities.
Electronic Frontier Foundation eff.org
Digital rights organization defending civil liberties online. Fighting for privacy, free speech, and innovation.
Citizen Lab citizenlab.ca
Research lab studying digital threats to civil society. Exposes government surveillance and spyware.
Mullvad VPN mullvad.net
Privacy-focused VPN that accepts cash by mail. No accounts, no email required, just anonymous access.