Kalan logoKalan_
attribution

Sources

Kalan is a curated index — the lesson content itself lives on each publisher's site. We link out with attribution and, where applicable, the source's license. 63 unique sources across 8 paths.

  • Al Sweigart
    https://automatetheboringstuff.com/
    Foundations
    CC BY-NC-SA 3.0
  • Android Open Source Project
    https://source.android.com/docs/security
    Mobile & IoT
    Apache 2.0
  • AWS IAM Reference (awsdocs, Apache-2.0)
    https://github.com/awsdocs/iam-user-guide/blob/main/doc_source/best-practices.md
    Cloud Security
    Apache-2.0 / CC BY-SA 4.0
  • CIS Benchmarks (open PDF)
    https://raw.githubusercontent.com/ComplianceAsCode/content/master/products/eks/profiles/cis.profile
    Cloud Security
    CC BY-NC-SA 4.0
  • Cryptopals
    https://cryptopals.com/
    Foundations
  • FIRST.org
    https://www.first.org/cvss/v3.1/specification-document
    Reporting & Professional Practice
  • Fortra — Impacket
    https://github.com/fortra/impacket
    Network Exploitation
    Apache-1.1
  • Frida
    https://frida.re/docs/home/
    Mobile & IoT
    wxWindows Library Licence
  • Fyodor — Nmap.org
    https://nmap.org/book/toc.html
    Reconnaissance & Scanning
  • GitHub — public-pentesting-reports
    https://github.com/juliocesarfort/public-pentesting-reports
    Reporting & Professional Practice
    Public collection
  • GTFOBins
    https://gtfobins.github.io/
    Privilege Escalation
    GPL-3.0
  • HackTricks
    https://book.hacktricks.wiki/en/generic-methodologies-and-resources/pentesting-methodology.html
    Reconnaissance & Scanning
    CC BY-NC-SA 4.0
  • HackTricks
    https://book.hacktricks.wiki/en/windows-hardening/active-directory-methodology/index.html
    Network Exploitation
    CC BY-NC-SA 4.0
  • HackTricks
    https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html
    Privilege Escalation
    CC BY-NC-SA 4.0
  • HackTricks
    https://book.hacktricks.wiki/en/windows-hardening/windows-local-privilege-escalation/index.html
    Privilege Escalation
    CC BY-NC-SA 4.0
  • HackTricks Cloud
    https://cloud.hacktricks.wiki/en/index.html
    Cloud Security
    CC BY-NC-SA 4.0
  • IETF Datatracker
    https://datatracker.ietf.org/doc/html/rfc9293
    Foundations
    IETF Trust
  • Justin Nordine — OSINT Framework
    https://osintframework.com/
    Reconnaissance & Scanning
  • Kubernetes.io
    https://kubernetes.io/docs/concepts/security/
    Cloud Security
    CC BY 4.0
  • Laurens Van Houtven
    https://www.crypto101.io/
    Foundations
    CC BY 3.0
  • Linux Journey
    https://linuxjourney.com/
    Foundations
  • LOLBAS Project
    https://lolbas-project.github.io/
    Privilege Escalation
  • Microsoft Learn
    https://learn.microsoft.com/en-us/windows-server/security/kerberos/kerberos-authentication-overview
    Network Exploitation
  • MIT OpenCourseWare
    https://ocw.mit.edu/courses/6-0001-introduction-to-computer-science-and-programming-in-python-fall-2016/
    Foundations
    CC BY-NC-SA 4.0
  • MIT OpenCourseWare
    https://ocw.mit.edu/courses/6-875-cryptography-and-cryptanalysis-spring-2005/
    Foundations
    CC BY-NC-SA 4.0
  • MIT OpenCourseWare
    https://ocw.mit.edu/courses/6-858-computer-systems-security-fall-2014/
    Web Application Security
    CC BY-NC-SA 4.0
  • MIT OpenCourseWare
    https://ocw.mit.edu/courses/6-857-network-and-computer-security-spring-2014/
    Network Exploitation
    CC BY-NC-SA 4.0
  • MITRE ATT&CK
    https://attack.mitre.org/techniques/T1558/003/
    Network Exploitation
  • Mozilla Developer Network
    https://developer.mozilla.org/en-US/docs/Learn/Common_questions/Web_mechanics/How_does_the_Internet_work
    Foundations
    CC BY-SA 2.5
  • NIST
    https://csrc.nist.gov/pubs/sp/800/115/final
    Reporting & Professional Practice
  • Nmap.org
    https://nmap.org/book/man.html
    Reconnaissance & Scanning
  • OverTheWire
    https://overthewire.org/wargames/bandit/
    Foundations
  • OWASP
    https://github.com/OWASP/wstg/blob/master/document/6-Reporting/README.md
    Reporting & Professional Practice
    CC BY-SA 4.0
  • OWASP
    https://owasp.org/www-project-kubernetes-top-ten/
    Cloud Security
    CC BY-SA 4.0
  • OWASP
    https://owasp.org/www-project-internet-of-things/
    Mobile & IoT
    CC BY-SA 4.0
  • OWASP Amass
    https://owasp.org/www-project-amass/
    Reconnaissance & Scanning
    Apache 2.0
  • OWASP Foundation
    https://owasp.org/Top10/
    Web Application Security
    CC BY-SA 4.0
  • OWASP Foundation
    https://cheatsheetseries.owasp.org/
    Web Application Security
    CC BY-SA 4.0
  • OWASP iGoat-Swift
    https://github.com/OWASP/iGoat-Swift
    Mobile & IoT
    GPL-3.0
  • OWASP MAS
    https://mas.owasp.org/MASVS/
    Mobile & IoT
    CC BY-SA 4.0
  • OWASP MAS
    https://mas.owasp.org/MASTG/
    Mobile & IoT
    CC BY-SA 4.0
  • OWASP Web Security Testing Guide
    https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/
    Reconnaissance & Scanning
    CC BY-SA 4.0
  • Payatu — DIVA
    https://github.com/payatu/diva-android
    Mobile & IoT
    Apache 2.0
  • PEASS-ng project
    https://github.com/peass-ng/PEASS-ng
    Privilege Escalation
    MIT
  • PortSwigger
    https://portswigger.net/burp/documentation
    Web Application Security
  • PortSwigger Web Security Academy
    https://portswigger.net/web-security/sql-injection
    Web Application Security
  • PortSwigger Web Security Academy
    https://portswigger.net/web-security/sql-injection/lab-retrieve-hidden-data
    Web Application Security
  • PortSwigger Web Security Academy
    https://portswigger.net/web-security/cross-site-scripting
    Web Application Security
  • PortSwigger Web Security Academy
    https://portswigger.net/web-security/access-control
    Web Application Security
  • PortSwigger Web Security Academy
    https://portswigger.net/web-security/ssrf
    Web Application Security
  • PTES
    http://www.pentest-standard.org/index.php/Main_Page
    Reporting & Professional Practice
  • Python Software Foundation
    https://docs.python.org/3/tutorial/
    Foundations
    PSF License
  • Real Python
    https://realpython.com/python-sockets/
    Foundations
  • Scott Piper
    http://flaws.cloud/
    Cloud Security
  • Scott Piper
    http://flaws2.cloud/
    Cloud Security
  • SpecterOps
    https://bloodhound.specterops.io/
    Network Exploitation
    Apache 2.0
  • TryHackMe
    https://tryhackme.com/room/furthernmap
    Reconnaissance & Scanning
  • TryHackMe
    https://tryhackme.com/room/attacktivedirectory
    Network Exploitation
  • TryHackMe
    https://tryhackme.com/room/linuxprivesc
    Privilege Escalation
  • TryHackMe
    https://tryhackme.com/room/windowsprivesc
    Privilege Escalation
  • Wikipedia
    https://en.wikipedia.org/wiki/OSI_model
    Foundations
    CC BY-SA 4.0
  • William Shotts — LinuxCommand.org
    https://linuxcommand.org/tlcl.php
    Foundations
    CC BY-NC-ND 3.0
  • Wireshark User's Guide
    https://www.wireshark.org/docs/wsug_html_chunked/
    Foundations
    GPL docs