All-In-One-CyberSecurity-Resources - LOT MORE COMING !!

List of CyberSecurity Resources with some different Sub-Sets of CyberSecurity.

To the community, by the community and for the community

Made with :heart: in :india:

Vision

A common updated repo for all, which acts as a pyramid for various sub-sets, walkthroughs, starting points, contents and other new or demanding resources in industry. Consists of all free and publicly available resources

We are here to help beginners for initializing their access in industry!!

Index

• Important-Key-Points
• Prerequisites for CyberSecurity
• Programming Languages Suggestion
• Computer Networking
• Commonn-CyberSecurity-Resources
• ICS/SCADA Operations
• Red Team Operations/Adversary Emulation
• Web-Application-Pentesting
• Exploit-Development

Respect to original creators who worked really hard for creating Aweasome Resources for our Industry -

Some important key points in industry

• Programming is the key element of everything and you must know, atleast understand some programs first.

• CyberSecurity is not difficult at all, just a misconception.

• Computer Networking is soul of IT.

• Curiosity makes individual successful.

• Skill matters not degrees.

Prerequisites for CyberSecurity

OffSec says you must try harder!!! - Abosolutely NOT "YOU MUST TRY SMARTER"

well, you should know these things mentioned below -

1. Linux, windows command line(cmd - powershell) and file system - Youtube is full of both :)
2. Programming - Start with python then, you'll get the idea in future - FreeCodeCamp(Youtube)
3. Cryptography basics - I will recommend you to do this - Same answer youtube.
4. Technical skills - example memory, cpu, bios, dealing with harware components aswell as basic technical operations - Internet is your friend:)
5. Computer Networking - Something you must know - Again same answer, it's Youtube.
6. Research or Googling - Very Important in CyberSecurity.

Our suggestion on Programming Languages

Beginners

• Python - According to us, we'll suggest to learn Python first

Intermediate - in Corporate Networks

• Python

• Bash

• C - Atleast basics are good

• SQL

• JavaScript (basics) - Web related

• PHP (basics) - Web related

• Powershell - Some understanding is Good

Anyone who's addicted to CyberSecurity :computer: :electric_plug: -

• Python (Recommended to all)

• SQL (Recommended to all)

• C Recommended to all

• Bash (Recommended to all)

• Csharp (Recommended to offensive or Red Team ops)

• C++ (MOSTLY recommended to Red Team Ops, malware developers or Researchers)

• Assembly - (Mostly to Red Team Ops, Exploit Developers and Reverse Engineers)

• Ruby ( Interest Based)

• Perl (Interest Based)

• Go (Interest Based)

• JavaScript (basic) - Web-Apps Pentesters

• Nim - Interest based or Red Team Ops

• Powershell - Recommended to all

• PHP (basic) - Web-Apps Pentesters

• nodejs ( Recommended to WebApps Pentesters ....) - Nowdays, Corporates started moving towards nodejs rather than PHP

• Lua ( Interest Based......)

• Java (Mostly to Android Application Pentesters)

• Some Basic knowledge of visual basic, Powershell scripting (MOSTLY Red Team Ops) - Basically Windows based languages [OPTIONAL, But you should be good in googling then it's optional for you. Sometimes we just need to ready our things on research basis]

  

Common CyberSecurity Resources

Youtube Channels

• English Youtube Channels

• Hindi youtube channels

Websites

• Hackers-arise by an amazing person - Occupy The Web
• Hacking Articles by Ignite Technologies India
• Null-Byte
• HackerSploit
• Sevagas
• Ehacking
• sans free community resources
• Hacksplaining
• LiveOverflow
• Infinite Logins
• Zsecurity

Best labs

• TryHackMe
• HackTheBox
• HackThisSite
• Proving Grounds
• VulnHub
• Setup your own VM Environment

Simple GitHub CyberSecurity - Penetesting Repos

• Aweasome-CyberSecurity
• Aweasome-Pentest
• Penetration-Testing
• Penetration-Testing-Tools
• Public-Pentesting-Reports
• Beginners-Network-Pentesting
• Hacker-Roadmap
• Web-Pentesting-Scratch
• Awesome-Pentest-Cheetsheet
• Awesome-Security
• Personal-Security
• Awesome-Cyber-Skills
• Awesome-Hacking
• Awesome-Cyber-Security
• awesome-cybersec
• Awesome-Security
• Awesome-Blue-Team-CyberSecurity
• Awesome-Infosec
• CyberSecurity
• NIST CyberSecurity Resources

Podcasts

• Delinea
• Infosec-live
• Darknet-Diaries
• TheCyberWire - Huge collection of Podcasts
• Red-Team-Podcasts
• social-engineer
• sans-podcast
• Hacker-valley
• CyberSecurity-Today

Platforms

1. Cybrary
2. ITProTv
3. EC-Council's Codered
4. OPSWAT Academy
5. Udemy
6. PluralSight
7. Edx
8. Coursera
9. FutureLearn
10. Sans Community
11. YouTube
12. Google and Research

Conferences

• BlackHat
• DEF CON
• NullCon
• Hack In The Box
• BSides
• RSA Conference
• ThreatCon

InfosecNews and Writeups

• Dark-Reading
• ThreatPost
• The Hacker News
• Infosec-Writeups
• Ctf-Writeups
• ThreatNinja - HTB CTF WriteUps
• GbHackers

Some CyberSecurity Search Engines

Credits - Julien Provenzano

1. Pipl --- Personal information
2. Censys --- Network mapping service
3. CRT sh --- URL Certificate report
4. Cyber Background Checks --- Personal information
5. DeHashed --- Personal information
6. Grep App --- GIT Map
7. Keyword Shitter --- Marketing keyword
8. Google AdWords --- Marketing keyword
9. GrayHatWarefare --- searchable database of open S3 buckets
10. EPIEOS --- Personal information
11. FullHunt --- URL IP report
12. HaveIBeenPwned --- Personal information
13. Hunter --- Email report
14. Intelligence x --- Email IP report
15. Keyword Tool --- Marketing keyword
16. KWFinder --- Marketing keyword
17. LeakIX --- URL IP Report
18. Firefox Monitor --- Personal information
19. Natlas --- IP Scanner
20. Netlas --- IP Scanner
21. Nuclear Leaks --- Directory
22. OSINT Framework --- Directory
23. Packet Storm Security --- Exploits database
24. PolySwarm --- URL Files Report
25. PublicWWW --- Marketing keyword
26. Pulsedive --- URL IP Report
27. SecurityTrails --- URL IP Report
28. Tineye --- Reverse Image
29. URL Scan --- URL IP Report
30. Vulners --- Exploits database
31. Binary Edge --- IP Report
32. Criminal IP --- IP Report
33. Grey Noise --- IP Report
34. Keyword discover --- Marketing keyword
35. Onyphe --- IP Report
36. Shodan --- Internet Of Things (IoT)
37. ZoomEye --- Network mapping service
38. WiGLE --- Wifi Map
39. OSINT-Link --- Directory
40. SignalHire --- Personal information
41. sploitus --- Exploits database
42. exploit-db --- Exploits database
43. CVE Details --- Exploits database
44. nmmapper --- Exploits database
45. Vulmon --- Exploits database
46. exploits.shodan --- Exploits database
47. vulnerability-lab --- Exploits database
48. Airport webcams --- Webcam
49. Insecam --- Webcam
50. Lookr --- Weather
51. Earthcam --- Webcam
52. Opentopia --- Webcam
53. Pictimo --- Webcam
54. Webcam-nl (NL) --- Webcam
55. Webcams-travel --- Webcam
56. Worldcam --- Webcam

Search Engines - Github

Awesome-Search-Engines

CyberSecurity Documentaries

Credits Joas A Santos and Pentest-Tools

Youtube-Playlist - https://www.youtube.com/watch?v=ZHl0WI32XkY&list=PLLUQRPAOwP1gCZ9DdsSlWwOKNNI6ADRT3

Computer Networking

Networking topics for CyberSecurity

• IP Addressing - IPv4,IPv6
• Subnetting & CIDR Notation
• MAC Addressing & why we use
• What is ISP
• TCP/IP Model
• OSI Model ( Reference or to understand only)
• Wide Area Network, lan Area Network, Personal Area Network, Metropolitan Area Network
• Accces Point, Router, WIFI Technology
• Maximum Trnsmitting Unit ( MTU )
• TCP 3 way handshake
• UDP
• ICMP
• DNS protocol
• ARP
• Broadcasting
• Bits,Bytes & data packet architecture
• Fragmentation
• VPN & Socks proxy
• DNS servers like cloudflare, google, default etc
• Routing
• Port nummbers & services
• FTP
• SMTP, POP3, IMAP
• HTTP,HTTPS
• Understand urls
• Port forwarding
• Packet Header Form
• As I listed services like DNS, SMTP, HTTPS, SNMP, DHCP etc - keep learning many of them time to time
• Network Topology
• Physical Network cables
• Firewalls, Intrusion detection system ( IDS ), Intrusion Prevention system ( IPS ) - workings, use & types

ICS/Scada Operations

Basics of ICS Pentesting (paid/free) -

Paid

• Fundamentals of ICS/SCADA CyberSecurity - Definately recommend it. if you want to understand faster and everything is covered there.!!!

Free

• What is ICS, Scada, HMI mainly.
• understand concept of MTU, RTU.
• Difference between IT and OT Security and what's the main difference in both compared to other.*
• OT is vulnerable in nature but what makes it vulnerable and why we can't resolve it by encryption.
• Understand ICS protocols for example Modbus, S7, Profinet, Profibus and various other.

IMPORTANT - We can infiltrate in ICS as per configured environment and all depends on the victim's environment. you just have to explore many amazing things by yourself :) (just research)

Learning Resources!!

• Practical Industrial Control System Penetration Testing - Udemy - Recommended
• Hacker-Arise-Scada - Recommedended
• ICS-Pentesting-Tools
• Awesome-IndustryControlSystems
• ICS-Security-Tools
• ICS-Hacking
• Aweasome-ICS-WriteUps
• Awesome-IOT-ICS - Combined short tutorials of both ICS and IOT
• Infosec-reference-Scada
• ICS-Pentesting-Youtube - Watch this too
• SANS ICS - youtube
• ICS Village - youtube
• plcprofessor
• Brian Douglas
• Rick-Cen-Youtube
• How to Pentest ICS Environments
• Pentesting-ICS-Systems--Overview - by Infosec Institute
• Pentesting-ICS-Systems--Methodology - recommended
• scadahacker
• ICS cybersecurity academy
• Cutaway-Security - youtube
• Cutaway-Security-Github
• A Collection of Resources for Getting Started in ICS/SCADA Cybersecurity
• controlthings.io
• ICS and PLC Pentesting and Hacking
• Free Industrial Control System (ICS) Cyber Security Training Course
• CISA Training - Recommended
• CISA's Training Portal - Recommended

ICS Books

• Pentesting Industrial Control Systems - Packt publishing.
• Industrial Cybersecurity: Efficiently monitor the cybersecurity posture of your ICS environment - Packt publishing.
• Hacking Exposed Industrial Control Systems: ICS and SCADA Security Secrets & Solutions - Multiple Authors.

Red Team Operations/Adversary Emulation

Basics for Red Team Ops

• Be familiar with Network Pentesting ( till privilege escalation, post-exploitation and clearing tracks. This gonna help you in Red Team Methodology, so you may able to adopt things more deeper ) .

• Requires practice and deep understanding cause Red Team Operations are totally Real-World and there's tons of things to explore !!! .

• Always be willing to research and learn new things daily .

• If you're good with obfuscation before, It might help you in long run . [OPTIONAL - You can learn or figure-out it after getting into Red-Team Operations too :)]

• Mindset - Nothing is Secure .

  

Main Resources -

• Hacking-Articles-Red-Teaming - Most updated with deep knowledge
• RedTeaming-Toolkit
• oddvar.moe
• Awesome-Red-Teaming-Resources
• Red-Team-OffensiveSecurity
• Awesome-Red-Team-Operations
• Red-Teaming/Adversary-Emulation
• Red-Team-Infrastructure-Wiki
• Adversary-Emulation-Library
• MITRE ATT&CK® - Must read & adopt in Red Team Operations to sharpen your skills, always be curious and ready to Emulate
• awesome-red-teaming
• Red-Teaming-Toolkit-Collection
• SANS Offensive Operations
• Sevagas

Web-Application Pentesting

Basics for Web-App Pentesting!!

• If you understand HTML, JavaScript, Node.JS, Java and PHP. It'll always be an upper hand for you.
• Web sometimes can be confusing, follow a methodology to do properly.
• Atleast get familiar with basic types of web-attacks and vulnerabilities.

Main Resources -

• Portswigger-Academy - Practical learning
• Web-Application-Pentesting - Medium writeups for beginners to level-up.
• Web-Tools-Resources
• Awesome-Web-Hacking
• Awesome-Web-Security
• Web-Checklists
• Web-Security-Roadmap
• WebSecurity-Stuff
• Owasp-Juice-Shop - Helps to learn and deal web vulnerabilities.

Exploit Development (Windows/Linux Both)

Basics of Exploit Development

• Be familiar with Assembly Language
• Learn some Reverse Engineering first
• Fuzzing
• Learn something about Zero-Day Vulnerabilities
• Debugging ( basics )
• What exactly is a shellcode
• Basics of C language atleast first
• System Architecture like x86, x64
• Memory and CPU concepts such as memory addressing, registers and stack
• Understand spiking or spike fuzzing
• Lots of Motivation to start

Note - Prerequisites of Cybersecurity is needed in all the sub-sets !!!!

Resources

• Exploit-Development-repo
• Getting-Started Exploit-Developmemt - Introduction
• LiveOverflow-Youtube
• Corelan
• FuzzySecurity
• Exploit Development
• Huge-Exploit-Development
• CryptoCat-Youtube-Playlist-BinaryExploitation
• PinkDraconian-playlist-BinaryExploitation
• Exploit Development - Cranelab