This page contains a list of resources that I find useful to refer to. As such, the content may change as I find resources which I think are helpful/out of date.


CEH V9 - Covers a lot of the basics, handy to have even if you don't intend on doing the final exam.

The Web Application Hackers Handbook 2 - This book is considered to be the most comprehensive practical guide to finding and exploiting security flaws in web applications. It includes deep coverage of all kinds of attacks.

Elementary Information Security - This book covers the complete breadth of essential topics within information security. It covers both technical and non technical aspects using practical examples and real world assessment tools.

OSCP Related

Andy Gill - Zerosec

Andy has some fantastic blog posts, covering everything from setting up virtualisation, application testing methodology, and Burpsuite. Andy is a also a very successful bugbounty hunter, having discovered many vulnerabilities. He is also a heck of nice guy as well, so well worth checking his blog out.

Brian Johnson - 7 minute security

Brian has some great content including some awesome podcasts which as his blog title suggests, are approximately 7 minutes long, ideal to listen to when time is short. He also has some great walkthroughs of some of the vulnhub vms over on his youtube channel. Well worth a visit.


VulnHub provides materials allowing anyone to gain practical hands-on experience with digital security, computer applications and network administration tasks. There are a variety of Virtual Machines that can be downloaded, allowing you to practise different penetration techniques in a legal manner.


If you jump over to my twitter profile you will see that I follow a variety of people and organisations, all of which are related to information security. Feel free to add me or join in the conversation. One of the best ways to get involved in infosec is to start following people who have similar interests to you own and engage with them.