Hi this is just a simple set of learning paths and tricks I found to help me, this is a quick list and is broken out into some sub paths. As there is so much content I will update when I can. If you have suggestions feel free to comment or create an issue or pull request. This can be openly shared and modified.
Click here to check this out in the website
- Offical python site for getting started and tutorials: www.python.org <-- You should read this first. This is a great place to get started, goes over different text editors, has a link to python libraries, tutorials etc.
- (Free)(General python - Great for beginning through some experienced) "Automate the boring stuff" <-- Great for some practical challenges and beginning to write some code
- Violent Python <-- Good for IT security
- Black Hat Python <-- Good for pentest and red team
(To be added)
- Fast.ai (pyTorch Deep learning) <-- Machine/Deep learning course
- Deeplizard <-- Machine/Deep learning course
- Regular Expressions - testing: regex101
- Decode / Encode: Cyberchef.io
- Development enviroment - IDE/Text editor (VScode) <-- Theres other text editors and IDEs like Atom, sublime, eclipse. VScode is my favorite as extensions make adding new programming languages easy and add on almost anything else you can imagine to help from running a live server, debugging, dev containers, live share "peer" program, docker to build and ship your apps.
- Visual Studio Dev Essentials <-- This has free azure credits, trial subscriptions like M365 E5, downloads for Windows 10, Windows server, and SQL server, certifications and more (check out too if your company already has a paid subscription you get more cool stuff like Visual studio enterprise, more monthly credits etc)
- Hands on learning game style - Tryhackme.com <-- This is personally one of my favorite websites there are complete virtual machines on here that can get you started with learning basic linux commands, python, hacking, networking, and some blue team functions.
- Understanding C2 Frameworks
- The C2 matrix <-- List of some of the most popular C2 Frameworks, with links to the frameworks
- SANS Slingshot C2 Matrix <-- VM of several C2 frameworks
I defintely recommend first before using the tools section learn the techniques in the owasp top 10 and manually exploit first, tools can help but many times you may not be able to use them in rule of engagement with bug bounties.
- Vulnerable Enviroment: Web Goat
- OWASP ZAP
- Burpsuite
- Nmap
- SQLmap
- Foca
- Fiddler (Windows only)
- Nikto
- Shodan.io
- Hands on learning game style - Tryhackme.com <-- This is personally one of my favorite websites there are complete virtual machines on here that can get you started with learning basic linux commands, python, hacking, networking, and some blue team functions.
- Malware.re <-- Reverse engineering class and content
- Malwareunicorn <-- Setup of lab and good intro to reversing
- CCDCOE - Malware Reverse Engineering Handbook <-- Good content for intro to alot of RE concepts for practical analysis
- Any.run
- [Joe sandbox]
- [Virus Total]
- Urlscan.io <- look up websites
- Eric Zimmerman's Tools <-- Excellent for looking through alot of artifacts you may collect off a host using a collection agent like KAPE
- Uncoder.io <-- Convert Sigma rules to your SIEM's language
- SOC Prime <-- SIGMA detection rules (free/paid content)
- SIGMA Git Repo <-- A lot of SIGMA Detection rules, templates to make your own, guidance, and tools
Check this out to understand alittle more on chosing your lab build -> https://medium.com/@darkcaracal/building-a-free-threat-hunting-lab-for-testing-detections-and-ttps-in-5-minutes-1d216cc9d419
- Defensive Origins
- Detection Lab <-- One of the easiest labs to setup on host, actual steps you need to take are less than 5 minutes
- Azure Sentinel2GO <-- Awesome newer lab released in last year with logging setup, VMs and SIEM without limits, oh and "one click deploy"
- SimuLand <-- Building off Azure Sentinel2GO, Simuland requires alittle more setup but is geared toward giving scenarios of attacks, this is cool and will be even better with more releases
- Microsoft Evaluations<--Has "free" versions of windows, server, etc, use these in your lab for testing
These are just a few cool things that helped me learn, and search for answers quickly.
- Start a library of all your code or projects, Github is the easiest way to share all your cool projects once you have a few.
- Get google drive or OneDrive and store PDFs from sites like humble bundle, every 3ish weeks they will come out with a new bundle of about 12ish books on topics from Python, to web application hacking or focused on linux only for $5-$15, just pick the ones you want to learn now or a later date. You can search the contents of all your books for keywords to quickly search hundreds of books in google drive at only $2 a month for 100GB.
- Make a plan of what your goal is and layout what you want to learn, in small blocks of time each day maybe an hour or two focus on a book, website or another source to learn. Personally I think its difficult to learn if you arent doing what you want to learn hands on.
- Join peer groups for your learning interest, I really like the app Discord and will have tons of people willing to mentor you. Just search for a group and join. Learning these topics is often a very solo activity however, some good friends can help guide you alittle more and help when you're stuck.