/All-In-One-CyberSecurity-Resources

List of CyberSecurity Resources and some different Sub-Domains of CyberSecurity

All-In-One-CyberSecurity-Resources - LOT MORE COMING !!

List of CyberSecurity Resources with some different Sub-Sets of CyberSecurity.

To the community, by the community and for the community.

Made with ❤️ in 🇮🇳

image

Vision

A common updated repo for all, which acts as a pyramid for various sub-sets, walkthroughs, starting points, contents and other new or demanding resources in industry. Consists of all free and publicly available resources

Thomas-Edison-quote

We are here to help beginners for initializing their access in industry!!

Index

Respect to original creators who worked really hard for creating Aweasome Resources for our Industry -

respect

Some important key points in industry

  • Programming is the key element of everything and you must know, atleast understand some programs first.
  • CyberSecurity is not difficult at all, just a misconception.
  • Computer Networking is soul of IT.
  • Curiosity makes individual successful.
  • Skill matters not degrees.

giphy

Prerequisites for CyberSecurity

download

OffSec says you must try harder!!! - Abosolutely NOT, "YOU MUST TRY SMARTER"

well, you should know these things mentioned below -
  1. Linux, windows command line(cmd - powershell) and file system - Youtube is full of both :)
  2. Programming - Start with python then, you'll get the idea in future - FreeCodeCamp(Youtube)
  3. Cryptography basics - I will recommend you to do this - Same answer youtube.
  4. Technical skills - example memory, cpu, bios, dealing with harware components aswell as basic technical operations - Internet is your friend:)
  5. Computer Networking - Something you must know - Again same answer, it's Youtube.
  6. Research or Googling - Very Important in CyberSecurity.

Our suggestions on Programming Languages

images

Beginners

  • Python - According to us, we'll suggest to learn Python first

Intermediate - in Corporate Networks

  • Python

  • Bash

  • C - Atleast basics are good

  • SQL

  • JavaScript (basics) - Web related

  • PHP (basics) - Web related

  • Powershell - Some understanding is Good

Anyone who's addicted to CyberSecurity 💻 🔌 -

  • Python (Recommended to all)

  • SQL (Recommended to all)

  • C Recommended to all

  • Bash (Recommended to all)

  • Csharp (Recommended to offensive or Red Team ops)

  • C++ (MOSTLY recommended to Red Team Ops, malware developers or Researchers)

  • Assembly - (Mostly to Red Team Ops, Exploit Developers and Reverse Engineers)

  • Ruby ( Interest Based)

  • Perl (Interest Based)

  • Go (Interest Based)

  • JavaScript (basic) - Web-Apps Pentesters

  • Nim - Interest based or Red Team Ops

  • Powershell - Recommended to all

  • PHP (basic) - Web-Apps Pentesters

  • nodejs ( Recommended to WebApps Pentesters ....) - Nowdays, Corporates started moving towards nodejs rather than PHP

  • Lua ( Interest Based......)

  • Java (Mostly to Android Application Pentesters)

  • Some Basic knowledge of visual basic, Powershell scripting (MOSTLY Red Team Ops) - Basically Windows based languages [OPTIONAL, But you should be good in googling then it's optional for you. Sometimes we just need to ready our things on research basis]

    image

Common CyberSecurity Resources

matrix

Youtube Channels

Websites

Best labs

  • TryHackMe
  • HackTheBox
  • HackThisSite
  • Proving Grounds
  • VulnHub
  • Setup your own VM Environment

Simple GitHub CyberSecurity - Penetesting Repos

giphy (1)

Podcasts

Platforms

  1. Cybrary
  2. ITProTv
  3. EC-Council's Codered
  4. OPSWAT Academy
  5. Udemy
  6. PluralSight
  7. Edx
  8. Coursera
  9. FutureLearn
  10. Sans Community
  11. YouTube
  12. Google and Research

Conferences

  • BlackHat
  • DEF CON
  • NullCon
  • Hack In The Box
  • BSides
  • RSA Conference
  • ThreatCon

InfosecNews and Writeups

Some CyberSecurity Search Engines

  1. Pipl --- Personal information
  2. Censys --- Network mapping service
  3. CRT sh --- URL Certificate report
  4. Cyber Background Checks --- Personal information
  5. DeHashed --- Personal information
  6. Grep App --- GIT Map
  7. Keyword Shitter --- Marketing keyword
  8. Google AdWords --- Marketing keyword
  9. GrayHatWarefare --- searchable database of open S3 buckets
  10. EPIEOS --- Personal information
  11. FullHunt --- URL IP report
  12. HaveIBeenPwned --- Personal information
  13. Hunter --- Email report
  14. Intelligence x --- Email IP report
  15. Keyword Tool --- Marketing keyword
  16. KWFinder --- Marketing keyword
  17. LeakIX --- URL IP Report
  18. Firefox Monitor --- Personal information
  19. Natlas --- IP Scanner
  20. Netlas --- IP Scanner
  21. Nuclear Leaks --- Directory
  22. OSINT Framework --- Directory
  23. Packet Storm Security --- Exploits database
  24. PolySwarm --- URL Files Report
  25. PublicWWW --- Marketing keyword
  26. Pulsedive --- URL IP Report
  27. SecurityTrails --- URL IP Report
  28. Tineye --- Reverse Image
  29. URL Scan --- URL IP Report
  30. Vulners --- Exploits database
  31. Binary Edge --- IP Report
  32. Criminal IP --- IP Report
  33. Grey Noise --- IP Report
  34. Keyword discover --- Marketing keyword
  35. Onyphe --- IP Report
  36. Shodan --- Internet Of Things (IoT)
  37. ZoomEye --- Network mapping service
  38. WiGLE --- Wifi Map
  39. OSINT-Link --- Directory
  40. SignalHire --- Personal information
  41. sploitus --- Exploits database
  42. exploit-db --- Exploits database
  43. CVE Details --- Exploits database
  44. nmmapper --- Exploits database
  45. Vulmon --- Exploits database
  46. exploits.shodan --- Exploits database
  47. vulnerability-lab --- Exploits database
  48. Airport webcams --- Webcam
  49. Insecam --- Webcam
  50. Lookr --- Weather
  51. Earthcam --- Webcam
  52. Opentopia --- Webcam
  53. Pictimo --- Webcam
  54. Webcam-nl (NL) --- Webcam
  55. Webcams-travel --- Webcam
  56. Worldcam --- Webcam

Search Engines - Github

Awesome-Search-Engines

CyberSecurity Documentaries

Youtube-Playlist - https://www.youtube.com/watch?v=ZHl0WI32XkY&list=PLLUQRPAOwP1gCZ9DdsSlWwOKNNI6ADRT3

Computer Networking

network

Networking topics for CyberSecurity

  • IP Addressing - IPv4,IPv6
  • Subnetting & CIDR Notation
  • MAC Addressing & why we use
  • What is ISP
  • TCP/IP Model
  • OSI Model ( Reference or to understand only)
  • Wide Area Network, lan Area Network, Personal Area Network, Metropolitan Area Network
  • Accces Point, Router, WIFI Technology
  • Maximum Trnsmitting Unit ( MTU )
  • TCP 3 way handshake
  • UDP
  • ICMP
  • DNS protocol
  • ARP
  • Broadcasting
  • Bits,Bytes & data packet architecture
  • Fragmentation
  • VPN & Socks proxy
  • DNS servers like cloudflare, google, default etc
  • Routing
  • Port nummbers & services
  • FTP
  • SMTP, POP3, IMAP
  • HTTP,HTTPS
  • Understand urls
  • Port forwarding
  • Packet Header Form
  • As I listed services like DNS, SMTP, HTTPS, SNMP, DHCP etc - keep learning many of them time to time
  • Network Topology
  • Physical Network cables
  • Firewalls, Intrusion detection system ( IDS ), Intrusion Prevention system ( IPS ) - workings, use & types

ICS/Scada Operations

images

Basics of ICS Pentesting (Paid/Free) -

Paid

Free

  • What is ICS, Scada, HMI mainly.
  • understand concept of MTU, RTU.
  • Difference between IT and OT Security and what's the main difference in both compared to other.*
  • OT is vulnerable in nature but what makes it vulnerable and why we can't resolve it by encryption.
  • Understand ICS protocols for example Modbus, S7, Profinet, Profibus and various other.

IMPORTANT - We can infiltrate in ICS as per configured environment and all depends on the victim's environment. you just have to explore many amazing things by yourself :) (just research)

Learning Resources!!

ICS Books

  • Pentesting Industrial Control Systems - Packt publishing.
  • Industrial Cybersecurity: Efficiently monitor the cybersecurity posture of your ICS environment - Packt publishing.
  • Hacking Exposed Industrial Control Systems: ICS and SCADA Security Secrets & Solutions - Multiple Authors.

Red Team Operations/Adversary Emulation

cybersecurity-RED-TEAM-CYBER-partner-page

Basics for Red Team Ops

  • Be familiar with Network Pentesting ( till privilege escalation, post-exploitation and clearing tracks. This gonna help you in Red Team Methodology, so you may able to adopt things more deeper ) .

  • Requires practice and deep understanding cause Red Team Operations are totally Real-World and there's tons of things to explore !!! .

  • Always be willing to research and learn new things daily .

  • If you're good with obfuscation before, It might help you in long run . [OPTIONAL - You can learn or figure-out it after getting into Red-Team Operations too :)]

  • Mindset - Nothing is Secure .

    mitre-Attack

Main Resources -

Web-Application Pentesting

images

Basics for Web-App Pentesting!!

  • If you understand HTML, JavaScript, Node.JS, Java and PHP. It'll always be an upper hand for you.
  • Web sometimes can be confusing, follow a methodology to do properly.
  • Atleast get familiar with basic types of web-attacks and vulnerabilities.

Main Resources -

Exploit Development (Windows/Linux Both)

pwndbg_context

Basics of Exploit Development

  • Be familiar with Assembly Language
  • Learn some Reverse Engineering first
  • Fuzzing
  • Learn something about Zero-Day Vulnerabilities
  • Debugging ( basics )
  • What exactly is a shellcode
  • Basics of C language atleast first
  • System Architecture like x86, x64
  • Memory and CPU concepts such as memory addressing, registers and stack
  • Understand spiking or spike fuzzing
  • Lots of Motivation to start

Note - Prerequisites of Cybersecurity is needed in all the sub-sets !!!!

Resources

giphy