All-In-One-CyberSecurity-Resources - LOT MORE COMING !!
List of CyberSecurity Resources with some different Sub-Sets of CyberSecurity.
To the community, by the community and for the community
Made with ❤️ in 🇮🇳
Vision
A common updated repo for all, which acts as a pyramid for various sub-sets, walkthroughs, starting points, contents and other new or demanding resources in industry. Consists of all free and publicly available resources
We are here to help beginners for initializing their access in industry!!
Index
- Important-Key-Points
- Prerequisites for CyberSecurity
- Programming Languages Suggestion
- Computer Networking
- Commonn-CyberSecurity-Resources
- ICS/SCADA Operations
- Red Team Operations/Adversary Emulation
- Web-Application-Pentesting
- Exploit-Development
Respect to original creators who worked really hard for creating Aweasome Resources for our Industry -
Some important key points in industry
-
Programming is the key element of everything and you must know, atleast understand some programs first.
-
CyberSecurity is not difficult at all, just a misconception.
-
Computer Networking is soul of IT.
-
Curiosity makes individual successful.
-
Skill matters not degrees.
Prerequisites for CyberSecurity
OffSec says you must try harder!!! - Abosolutely NOT "YOU MUST TRY SMARTER"
well, you should know these things mentioned below -
- Linux, windows command line(cmd - powershell) and file system - Youtube is full of both :)
- Programming - Start with python then, you'll get the idea in future - FreeCodeCamp(Youtube)
- Cryptography basics - I will recommend you to do this - Same answer youtube.
- Technical skills - example memory, cpu, bios, dealing with harware components aswell as basic technical operations - Internet is your friend:)
- Computer Networking - Something you must know - Again same answer, it's Youtube.
- Research or Googling - Very Important in CyberSecurity.
Our suggestion on Programming Languages
Beginners
- Python - According to us, we'll suggest to learn Python first
Intermediate - in Corporate Networks
-
Python
-
Bash
-
C - Atleast basics are good
-
SQL
-
JavaScript (basics) - Web related
-
PHP (basics) - Web related
-
Powershell - Some understanding is Good
Anyone who's addicted to CyberSecurity 💻 🔌 -
-
Python (Recommended to all)
-
SQL (Recommended to all)
-
C Recommended to all
-
Bash (Recommended to all)
-
Csharp (Recommended to offensive or Red Team ops)
-
C++ (MOSTLY recommended to Red Team Ops, malware developers or Researchers)
-
Assembly - (Mostly to Red Team Ops, Exploit Developers and Reverse Engineers)
-
Ruby ( Interest Based)
-
Perl (Interest Based)
-
Go (Interest Based)
-
JavaScript (basic) - Web-Apps Pentesters
-
Nim - Interest based or Red Team Ops
-
Powershell - Recommended to all
-
PHP (basic) - Web-Apps Pentesters
-
nodejs ( Recommended to WebApps Pentesters ....) - Nowdays, Corporates started moving towards nodejs rather than PHP
-
Lua ( Interest Based......)
-
Java (Mostly to Android Application Pentesters)
-
Some Basic knowledge of visual basic, Powershell scripting (MOSTLY Red Team Ops) - Basically Windows based languages [OPTIONAL, But you should be good in googling then it's optional for you. Sometimes we just need to ready our things on research basis]
Common CyberSecurity Resources
Youtube Channels
Websites
- Hackers-arise by an amazing person - Occupy The Web
- Hacking Articles by Ignite Technologies India
- Null-Byte
- HackerSploit
- Sevagas
- Ehacking
- sans free community resources
- Hacksplaining
- LiveOverflow
- Infinite Logins
- Zsecurity
Best labs
- TryHackMe
- HackTheBox
- HackThisSite
- Proving Grounds
- VulnHub
- Setup your own VM Environment
Simple GitHub CyberSecurity - Penetesting Repos
- Aweasome-CyberSecurity
- Aweasome-Pentest
- Penetration-Testing
- Penetration-Testing-Tools
- Public-Pentesting-Reports
- Beginners-Network-Pentesting
- Hacker-Roadmap
- Web-Pentesting-Scratch
- Awesome-Pentest-Cheetsheet
- Awesome-Security
- Personal-Security
- Awesome-Cyber-Skills
- Awesome-Hacking
- Awesome-Cyber-Security
- awesome-cybersec
- Awesome-Security
- Awesome-Blue-Team-CyberSecurity
- Awesome-Infosec
- CyberSecurity
- NIST CyberSecurity Resources
Podcasts
- Delinea
- Infosec-live
- Darknet-Diaries
- TheCyberWire - Huge collection of Podcasts
- Red-Team-Podcasts
- social-engineer
- sans-podcast
- Hacker-valley
- CyberSecurity-Today
Platforms
- Cybrary
- ITProTv
- EC-Council's Codered
- OPSWAT Academy
- Udemy
- PluralSight
- Edx
- Coursera
- FutureLearn
- Sans Community
- YouTube
- Google and Research
Conferences
- BlackHat
- DEF CON
- NullCon
- Hack In The Box
- BSides
- RSA Conference
- ThreatCon
InfosecNews and Writeups
- Dark-Reading
- ThreatPost
- The Hacker News
- Infosec-Writeups
- Ctf-Writeups
- ThreatNinja - HTB CTF WriteUps
- GbHackers
Some CyberSecurity Search Engines
Julien Provenzano
Credits -- Pipl --- Personal information
- Censys --- Network mapping service
- CRT sh --- URL Certificate report
- Cyber Background Checks --- Personal information
- DeHashed --- Personal information
- Grep App --- GIT Map
- Keyword Shitter --- Marketing keyword
- Google AdWords --- Marketing keyword
- GrayHatWarefare --- searchable database of open S3 buckets
- EPIEOS --- Personal information
- FullHunt --- URL IP report
- HaveIBeenPwned --- Personal information
- Hunter --- Email report
- Intelligence x --- Email IP report
- Keyword Tool --- Marketing keyword
- KWFinder --- Marketing keyword
- LeakIX --- URL IP Report
- Firefox Monitor --- Personal information
- Natlas --- IP Scanner
- Netlas --- IP Scanner
- Nuclear Leaks --- Directory
- OSINT Framework --- Directory
- Packet Storm Security --- Exploits database
- PolySwarm --- URL Files Report
- PublicWWW --- Marketing keyword
- Pulsedive --- URL IP Report
- SecurityTrails --- URL IP Report
- Tineye --- Reverse Image
- URL Scan --- URL IP Report
- Vulners --- Exploits database
- Binary Edge --- IP Report
- Criminal IP --- IP Report
- Grey Noise --- IP Report
- Keyword discover --- Marketing keyword
- Onyphe --- IP Report
- Shodan --- Internet Of Things (IoT)
- ZoomEye --- Network mapping service
- WiGLE --- Wifi Map
- OSINT-Link --- Directory
- SignalHire --- Personal information
- sploitus --- Exploits database
- exploit-db --- Exploits database
- CVE Details --- Exploits database
- nmmapper --- Exploits database
- Vulmon --- Exploits database
- exploits.shodan --- Exploits database
- vulnerability-lab --- Exploits database
- Airport webcams --- Webcam
- Insecam --- Webcam
- Lookr --- Weather
- Earthcam --- Webcam
- Opentopia --- Webcam
- Pictimo --- Webcam
- Webcam-nl (NL) --- Webcam
- Webcams-travel --- Webcam
- Worldcam --- Webcam
Search Engines - Github
CyberSecurity Documentaries
Joas A Santos and Pentest-Tools
CreditsYoutube-Playlist - https://www.youtube.com/watch?v=ZHl0WI32XkY&list=PLLUQRPAOwP1gCZ9DdsSlWwOKNNI6ADRT3
Computer Networking
Networking topics for CyberSecurity
- IP Addressing - IPv4,IPv6
- Subnetting & CIDR Notation
- MAC Addressing & why we use
- What is ISP
- TCP/IP Model
- OSI Model ( Reference or to understand only)
- Wide Area Network, lan Area Network, Personal Area Network, Metropolitan Area Network
- Accces Point, Router, WIFI Technology
- Maximum Trnsmitting Unit ( MTU )
- TCP 3 way handshake
- UDP
- ICMP
- DNS protocol
- ARP
- Broadcasting
- Bits,Bytes & data packet architecture
- Fragmentation
- VPN & Socks proxy
- DNS servers like cloudflare, google, default etc
- Routing
- Port nummbers & services
- FTP
- SMTP, POP3, IMAP
- HTTP,HTTPS
- Understand urls
- Port forwarding
- Packet Header Form
- As I listed services like DNS, SMTP, HTTPS, SNMP, DHCP etc - keep learning many of them time to time
- Network Topology
- Physical Network cables
- Firewalls, Intrusion detection system ( IDS ), Intrusion Prevention system ( IPS ) - workings, use & types
ICS/Scada Operations
Basics of ICS Pentesting (paid/free) -
Paid
- Fundamentals of ICS/SCADA CyberSecurity - Definately recommend it. if you want to understand faster and everything is covered there.!!!
Free
- What is ICS, Scada, HMI mainly.
- understand concept of MTU, RTU.
- Difference between IT and OT Security and what's the main difference in both compared to other.*
- OT is vulnerable in nature but what makes it vulnerable and why we can't resolve it by encryption.
- Understand ICS protocols for example Modbus, S7, Profinet, Profibus and various other.
IMPORTANT - We can infiltrate in ICS as per configured environment and all depends on the victim's environment. you just have to explore many amazing things by yourself :) (just research)
Learning Resources!!
- Practical Industrial Control System Penetration Testing - Udemy - Recommended
- Hacker-Arise-Scada - Recommedended
- ICS-Pentesting-Tools
- Awesome-IndustryControlSystems
- ICS-Security-Tools
- ICS-Hacking
- Aweasome-ICS-WriteUps
- Awesome-IOT-ICS - Combined short tutorials of both ICS and IOT
- Infosec-reference-Scada
- ICS-Pentesting-Youtube - Watch this too
- SANS ICS - youtube
- ICS Village - youtube
- plcprofessor
- Brian Douglas
- Rick-Cen-Youtube
- How to Pentest ICS Environments
- Pentesting-ICS-Systems--Overview - by Infosec Institute
- Pentesting-ICS-Systems--Methodology - recommended
- scadahacker
- ICS cybersecurity academy
- Cutaway-Security - youtube
- Cutaway-Security-Github
- A Collection of Resources for Getting Started in ICS/SCADA Cybersecurity
- controlthings.io
- ICS and PLC Pentesting and Hacking
- Free Industrial Control System (ICS) Cyber Security Training Course
- CISA Training - Recommended
- CISA's Training Portal - Recommended
ICS Books
- Pentesting Industrial Control Systems - Packt publishing.
- Industrial Cybersecurity: Efficiently monitor the cybersecurity posture of your ICS environment - Packt publishing.
- Hacking Exposed Industrial Control Systems: ICS and SCADA Security Secrets & Solutions - Multiple Authors.
Red Team Operations/Adversary Emulation
Basics for Red Team Ops
-
Be familiar with Network Pentesting ( till privilege escalation, post-exploitation and clearing tracks. This gonna help you in Red Team Methodology, so you may able to adopt things more deeper ) .
-
Requires practice and deep understanding cause Red Team Operations are totally Real-World and there's tons of things to explore !!! .
-
Always be willing to research and learn new things daily .
-
If you're good with obfuscation before, It might help you in long run . [OPTIONAL - You can learn or figure-out it after getting into Red-Team Operations too :)]
-
Mindset - Nothing is Secure .
Main Resources -
- Hacking-Articles-Red-Teaming - Most updated with deep knowledge
- RedTeaming-Toolkit
- oddvar.moe
- Awesome-Red-Teaming-Resources
- Red-Team-OffensiveSecurity
- Awesome-Red-Team-Operations
- Red-Teaming/Adversary-Emulation
- Red-Team-Infrastructure-Wiki
- Adversary-Emulation-Library
- MITRE ATT&CK® - Must read & adopt in Red Team Operations to sharpen your skills, always be curious and ready to Emulate
- awesome-red-teaming
- Red-Teaming-Toolkit-Collection
- SANS Offensive Operations
- Sevagas
Web-Application Pentesting
Basics for Web-App Pentesting!!
- If you understand HTML, JavaScript, Node.JS, Java and PHP. It'll always be an upper hand for you.
- Web sometimes can be confusing, follow a methodology to do properly.
- Atleast get familiar with basic types of web-attacks and vulnerabilities.
Main Resources -
- Portswigger-Academy - Practical learning
- Web-Application-Pentesting - Medium writeups for beginners to level-up.
- Web-Tools-Resources
- Awesome-Web-Hacking
- Awesome-Web-Security
- Web-Checklists
- Web-Security-Roadmap
- WebSecurity-Stuff
- Owasp-Juice-Shop - Helps to learn and deal web vulnerabilities.
Exploit Development (Windows/Linux Both)
Basics of Exploit Development
- Be familiar with Assembly Language
- Learn some Reverse Engineering first
- Fuzzing
- Learn something about Zero-Day Vulnerabilities
- Debugging ( basics )
- What exactly is a shellcode
- Basics of C language atleast first
- System Architecture like x86, x64
- Memory and CPU concepts such as memory addressing, registers and stack
- Understand spiking or spike fuzzing
- Lots of Motivation to start