/Cyber-Sec-Resources

An organized list of resources including tools, blog-posts and how-to tutorials compiled and created by SCSP community members.

Primary LanguagePython

Cyber Security Resources by SCSP

An organized list of resources including tools, blog-posts and how-to tutorials compiled and created by Seasoned Cyber Security Professionals community members.

Follow us on Facebook YouTube

Table of Contents




Content By SCSP




Books

Network Analysis

  • Nmap Network Scanning by Gordon Fyodor Lyon
  • Wireshark Network Analysis by Laura Chappell
  • Practical Packet Analysis by Chris Sanders

Social Engineering

  • Ghost in the Wires - My Adventures as the World's Most Wanted Hacker by Kevin Mitnick, William L. Simon
  • No Tech Hacking by Johnny Long & Jack Wiles
  • The Art of Deception by Kevin D. Mitnick & William L. Simon
  • Unmasking the Social Engineer: The Human Element of Security by Christopher Hadnagy

Malware Analysis

  • Malware analysis cookbook - tools and techniques for fighting malicious code by Michael Ligh
  • The Art of Memory Forensics by Michael Hale Ligh
  • Practical Malware Analysis by Michael Sikorski & Andrew Honig

Mobile Application

  • Android Hacker's Handbook by Joshua J. Drake
  • The Mobile Application Hacker's Handbook by Dominic Chell
  • iOS Hacker's Handbook by Charlie Miller
  • OWASP Mobile Security Testing Guide (MSTG)
  • Exploiting Androids for Fun and Profit
  • SEI CERT Android Secure Coding Standard
  • Android Security Internals
  • Android Cookbook
  • Android Security Cookbook
  • Android Malware and Analysis
  • Android Security: Attacks and Defenses
  • Hacking and Securing iOS Applications: Stealing Data, Hijacking Software, and How to Prevent It
  • iOS Penetration Testing
  • iOS App Security, Penetration Testing, and Development
  • Hacking iOS Applications a detailed testing guide
  • Develop iOS Apps (Swift)
  • iOS Programming Cookbook

Web Application

  • The Web Application Hackers Handbook by Dafydd Stuttard
  • Hacking Web Apps: Detecting and Preventing Web Application Security Problems by Mike Shema
  • The Tangled Web: A Guide to Securing Modern Web Applications by Michal Zalewski
  • The Basics of Web Hacking: Tools and Techniques to Attack the Web by Josh Pauli
  • Web Penetration Testing with Kali Linux by Joseph Muniz & Aamir Lakhani
  • Web Application Security, A Beginner's Guide by Bryan Sullivan

Penetration Testing

  • Penetration Testing - A Hands-On Introduction to Hacking by Georgia Weidman
  • The Basics of Hacking and Penetration Testing by Patrick Engebretson
  • Advanced Penetration Testing by Wil Allsopp
  • Metasploit: The Penetration Tester's Guide by David Kennedy
  • The Art of Exploitation by Jon Erickson
  • The Hacker Playbook: Practical Guide To Penetration Testing by Peter Kim

Reverse Engineering

  • Practical Reverse Engineering by Bruce Dang
  • Reverse Engineering for Beginners by Dennis Yurichev
  • The IDA Pro Book by Chris Eagle

Forensics

  • Network Forensics: Tracking Hackers through Cyberspace by Sherri Davidoff & Jonathan Ham
  • The Art of Memory Forensics by Michael Ligh, Andrew Case, Jamie Levy, and AAron Walters

Cryptography

  • Cryptography Engineering Principles Practical Applications

Python for Hackers

  • Black Hat Python: Python Programming for Hackers and Pentesters by Justin Seitz
  • Violent Python by TJ O'Connor



Linux Basics




Interview Questions




Basics of Web and Networks

Web

An overview of what is the World Wide Web and how it works.

https://www.tutorialspoint.com/web_developers_guide/web_basic_concepts.htm
https://developers.google.com/web/fundamentals/security/
http://www.alphadevx.com/a/7-The-Basics-of-Web-Technologies
http://www.cs.kent.edu/~svirdi/Ebook/wdp/ch01.pdf

HTTP

HyperText Transfer Protocol is must to understand while learning Web Application Security. You must learn how an application communicates with its end users and the servers it is hosted on. From these links you can HTTP Protocols, HTTP Requests, Response, Status Codes, Encoding/Decoding, HTTP with a security perspective e.g SOP, Cookies, MIEM etc. These will be helpful to you later on with Web application testing.

https://www.w3.org/Protocols/
https://www.w3schools.com/whatis/whatis_http.asp
https://www.tutorialspoint.com/http/http_status_codes.htm
https://www.tutorialspoint.com/http/http_url_encoding.htm
https://www.tutorialspoint.com/http/http_requests.htm
https://www.tutorialspoint.com/http/http_responses.htm
https://www.hacker101.com/sessions/web_in_depth

Networking:

A basic understanding of networking is important for anyone who’s into cybersecurity.

https://commotionwireless.net/docs/cck/networking/learn-networking-basics/
https://commotionwireless.net/docs/cck/networking/learn-networking-basics/
https://www.slideshare.net/variwalia/basic-to-advanced-networking-tutorials
https://www.cisco.com/c/en/us/solutions/small-business/resource-center/networking/networking-basics.html
http://www.penguintutor.com/linux/basic-network-reference
https://www.utilizewindows.com/list-of-common-network-port-numbers/
https://code.tutsplus.com/tutorials/an-introduction-to-learning-and-using-dns-records–cms-24704
https://www.digitalocean.com/community/tutorials/an-introduction-to-networking-terminology-interfaces-and-protocols

Programming Resources

HTML:

https://www.w3schools.com/html
https://www.codecademy.com/learn/learn-html
https://learn.shayhowe.com/advanced-html-css
https://htmldog.com/guides/html/advanced

PHP:

https://www.w3schools.com/php/
https://stackify.com/learn-php-tutorials/
https://www.codecademy.com/learn/learn-php
https://www.guru99.com/php-tutorials.html
https://www.codecademy.com/learn/paths/web-development

JavaScript:

https://www.youtube.com/watch?v=PkZNo7MFNFg
https://www.codecademy.com/learn/introduction-to-javascript
https://learnjavascript.today/
https://www.thebalancecareers.com/learn-javascript-online-2071405

SQL(Structured Query Language):

https://www.youtube.com/watch?v=HXV3zeQKqGY
https://www.w3schools.com/sql/
https://www.codecademy.com/learn/learn-sql
http://www.sqlcourse.com/

C/C++

https://www.youtube.com/watch?v=vLnPwxZdW4Y
https://www.learncpp.com/
https://www.codecademy.com/learn/learn-c-plus-plus
https://www.sololearn.com/Course/CPlusPlus/
https://www.learn-c.org/
https://www.youtube.com/watch?v=KJgsSFOSQv0

Java:

https://www.codecademy.com/learn/learn-java
https://www.geeksforgeeks.org/java-how-to-start-learning-java/
https://www.learnjavaonline.org/
https://www.youtube.com/watch?v=grEKMHGYyns

Python:

https://realpython.com/
https://docs.python.org/3/tutorial/
https://drive.google.com/drive/u/0/folders/0ByWO0aO1eI_MT1E1NW91VlJ2TVk?fbclid=IwAR35WNZwBQudINaZ10I5ZA2YDQdtNXSEwRyEiLEK91_csJ7ekN1ut7AQNeQ

Bash:

https://www.tutorialspoint.com/unix/shell_scripting.htm
https://www.learnshell.org/
https://medium.com/quick-code/top-tutorials-to-learn-shell-scripting-on-linux-platform-c250f375e0e5

Ruby:

https://www.learnrubyonline.org/
https://www.codecademy.com/learn/learn-ruby

Golang:

https://tour.golang.org/welcome/1
https://www.udemy.com/learn-go-the-complete-bootcamp-course-golang/




Resources and Write-ups




Exploit Development Resources




Tools

(Coming Soon)




SIEM Solutions




How-to Tutorials




Capture The Flag Walk-throughs




Online Labs for Practice




Vulnerable Virtual Machines

  • Damn Vulnerable Web Application (DVWA)
    Damn Vulnerable Web Application (DVWA) is a PHP/MySQL web application that is vulnerable to multiple web attacks.
  • OWASP Broken Web Applications Project
    Open Web Application Security Project (OWASP) Broken Web Applications Project, a collection of vulnerable web applications that people can practice their skills on.
  • WebGoat
    WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons.
  • OWASP Security Shepherd
    The OWASP Security Shepherd project is a web and mobile application security training platform.
  • Vulnhub
    A collection of vulnerable machines to practice on. You can download the vulnerable vms on your system and learn pentesting
  • Hack the box
    A collection of vulnerable machines and challenges



Vulnerability Databases

List of resources containing known list of exploits and common vulnerabilities found in softwares, OS, Mobile applications, CMS etc.




SCSP Seminar Presentations Slides

(Coming Soon)