Tools & Services I Use and Recommend
Everything listed on this page is something I actively use, have used, or have personally vetted. No pay-to-play. No tool lands here because a company asked nicely.
Affiliate Disclosure
Some of the links on this page are affiliate links. If you sign up through them, I earn a small commission at no extra cost to you — and in some cases you get a sign-up credit. I only recommend things I'd use myself. Full details on the affiliate disclosure page.
Links marked [link coming soon] are pending affiliate program approval. The recommendation still stands — the link will be added once the program is live.
VPS Providers
If you want to self-host anything — a blog, a VPN, a password manager, a CTF lab — you need a VPS. These are the four I've either used in production or tested thoroughly.
Hetzner — best value in Europe
This is what byte-guard.net runs on. A CPX22 in Helsinki: 3 vCPUs, 4 GB RAM, 80 GB NVMe, 20 TB traffic, for around €7.50/month. Unbeatable price-to-performance if your audience is European. Fast NVMe, clean control panel, and the Cloud API is pleasant to work with.
Best for: Self-hosters, European audiences, anyone who wants the most hardware per euro.
Sign up: [link coming soon]
Vultr — global footprint, per-hour billing
25+ locations worldwide, per-hour billing, and a clean control panel. Slightly pricier than Hetzner but worth it if you need a specific region or you're spinning servers up and down for testing.
Best for: Testing across regions, short-lived projects, US/Asia audiences.
Sign up: [link coming soon]
DigitalOcean — best documentation
Not the cheapest, but their tutorials are legendary — almost every "how to install X on Ubuntu" search on Google leads to a DigitalOcean community post. Good if you're learning and want maximum hand-holding.
Best for: Beginners, teams that value documentation, developers who want managed databases + Kubernetes ready to go.
Sign up: [link coming soon]
Linode (Akamai) — reliable veteran
Acquired by Akamai but the experience is still solid. Predictable pricing, strong network, and a decade-plus reputation for reliability. A safe default.
Best for: Production workloads where uptime matters more than shaving a few euros.
Sign up: [link coming soon]
Self-Hosting Stack
The actual software running byte-guard.net right now. All of it is open-source and free.
| Tool | What it does | Why I use it |
|---|---|---|
| Ghost | Publishing platform | Fast, clean, built for writers (not page builders) |
| Nginx Proxy Manager | Reverse proxy + SSL | GUI for Nginx + automatic Let's Encrypt certs |
| Uptime Kuma | Status page + monitoring | Self-hosted, beautiful UI, runs in 50 MB of RAM |
| Docker | Container runtime | Everything on the server is containerized |
| Docker Compose | Multi-container orchestration | One YAML file = the entire stack |
| Umami | Privacy-friendly analytics | Self-hosted, GDPR-clean, no cookie banner needed |
| N8N | Workflow automation | Self-hosted Zapier replacement, runs my content pipelines |
Full walkthrough of the byte-guard.net setup: How I Built byte-guard.net from Scratch on a Hetzner VPS.
Security Tools
The tools I reach for when auditing a server, testing a web app, or investigating network traffic.
Burp Suite (Community / Pro)
The de-facto web app security testing tool. The Community edition covers most of what you'll need while learning. Pro is worth it once you're getting paid to test.
Get it: portswigger.net/burp
Nmap
Network discovery, port scanning, OS detection. Thirty years old and still the standard. Pair it with masscan for very large ranges.
Get it: nmap.org
Wireshark
Packet capture and analysis. Nothing beats actually seeing the bytes when you're debugging a TLS handshake or a weird protocol issue.
Get it: wireshark.org
gobuster / ffuf
Directory and subdomain brute-forcing. Essential for CTFs and authorized web app tests.
Learning Platforms
Where I practice and sharpen — highly recommended if you're moving into security.
HackTheBox
Realistic, hands-on pentesting labs. Retired machines are free; the Pro Labs and Academy courses are paid. My CTF write-ups on this blog are almost all HTB retired boxes.
Sign up: [link coming soon]
TryHackMe
More beginner-friendly than HTB, with structured learning paths. Great starting point if you've never touched offensive security before.
Sign up: [link coming soon]
PortSwigger Web Security Academy
Free, structured training on web app vulnerabilities, from the makers of Burp Suite. If you want to learn web security properly, start here.
Get it: portswigger.net/web-security — free, no affiliate, just excellent.
Books
The short list of books I'd actually hand to someone getting into this field.
- The Web Application Hacker's Handbook — Stuttard & Pinto. Dated in parts but still the reference for web app testing fundamentals. [link coming soon]
- The Linux Command Line — William Shotts. If you're not comfortable in a terminal yet, start here. Also available free at linuxcommand.org. [link coming soon]
- Docker Deep Dive — Nigel Poulton. The book that finally made Docker networking click for me. [link coming soon]
- Practical Packet Analysis — Chris Sanders. Wireshark, but how to actually use it on real traffic. [link coming soon]
What's Missing?
This page grows as I test more tools and get more affiliate programs approved. If there's a tool or service you think belongs here — or you want an honest review of something — email me or hit me up on Twitter.