Learn Cybersecurity for FREE

The most comprehensive Penetration Testing free online resource.

More than 1000 commands, cheat sheets, articles, tools, frameworks, links, ...

Welcome to DEFENSAHACKER Academy

One of the problems with cybersecurity nowadays is that there is A LOT of information spread across the Internet and sometimes is not easy to find nor even have an starting point. Actually still many people ask me where should they start to learn cybersecurity, penetration testing, malware analysis, etc.

I started this wiki in 2018 after I got the OSCP (Offensive Security Certified Professional) certification as a wiki to centralize all information, links, cheat sheets, tutorials, etc regarding offensive security and . Later with the boom of SOCs (Security Operations Centers) I also added more info about tools and frameworks for detection, malware analysis, threat intelligence among other topics.

I hope that with DEFENSAHACKER Academy people who wants to learn more about cybersecurity have it a little bit easier.

What is Penetration Testing?

A penetration test, colloquially known as a pentest, is an authorized simulated attack performed to evaluate the security of a server or a corporation.
There are three main types of Penetration Testing: Black box, Grey Box or White Box. Learn more about it here.

New YouTube channel

Offensive Security

Complete approach with different offensive security techniques


The most important foundation for and Operations based on standards such as PTES, CEH, OSSTMM among others

● PHASE I: Reconnaissance● PHASE II: Scanning● PHASE III: Enumeration● PHASE IV: Exploitation● PHASE V: Post exploitation● PHASE VI: Covering Tracks● PHASE VII: Lateral Movement

Learn how to hack mobile apps and protect against tampering

● Static Analysis for Android and iOS● Dynamic Analysis for Android and iOS● Protections to mitigate attacks

Red teaming tools to test defensive systems and simulate advanced attacks

● Tools and Frameworks for RED TEAMS

Defensive Security – SOC

Learn how to detect, analyze and prevent cyberattacks

Operational Technology (OT)
Industrial Control Systems (ICS)

Critical infrastructures are a current target for hackers and nation sponsored threat actors, learn how to set up a honeypot for OT or run on industrial devices, PLCs, etc

● Intrusion Deception Systems and Honeypots ● Vulnerability Assessment for OT/ICS devices

Latest from blog

Because Computer Security matters…

Petrochemical plant

OT industrial cybersecurity: ModBus protocol

OT stands for Operational Technology, contrary to the IT that is Information Technology. Inside IT we put things such as servers, computers, laptops, smartphones, etc. OT is more focused on[…]

Read more

SecDevOps: Protecting Terraform state file

Terraform is one of the most used tools to deploy Infrastructure as a Service or IaaS for short, but we have to manage it in a secure way. Some developers[…]

Read more

Hardening WordPress installation

When installing WordPress is important to change the predefined salts to avoid any weak cryptography that makes your cookies and session management weaker. The fastest way to fix that: https://api.wordpress.org/secret-key/1.1/salt/[…]

Read more


Jacobo Avariento

Founder & Hacker-In-Chief

With more than 15 years in the cybersecurity industry as a consultant and penetration tester working for top tier banks, the European Central Bank, pharmaceutical, automotive and gaming companies.

Contact me