Repository files navigation

List of CyberSecurity Resources with some different Sub-Sets of CyberSecurity.

A common updated repo for all, which acts as a pyramid for various sub-sets, walkthroughs, starting points, contents and other new or demanding resources in industry.Consists of all free and publicly available resources

We are here to help beginners for initializing their access in industry!!

• Important-Key-Points
• Prerequisites for CyberSecurity
• Programming Languages Suggestion
• Computer Networking
• Common-CyberSecurity-Resources
• ICS/SCADA Operations
• Red Team Operations/Adversary Emulation
• Web-Application-Pentesting
• Exploit-Development

• Programming is the key element of everything and you must know, atleast understand some programs first.

• CyberSecurity is not difficult at all, just a misconception.

• Computer Networking is soul of IT.

• Curiosity makes individual successful.

• Skill matters not degrees.

1. Linux, windows command line(cmd - powershell) and file system -Youtube is full of both :)
2. Programming - Start with python then, you'll get the idea in future -FreeCodeCamp(Youtube)
3. Cryptography basics - I will recommend you to do this -Same answer youtube.
4. Technical skills - example memory, cpu, bios, dealing with harware components aswell as basic technical operations -Internet is your friend:)
5. Computer Networking -Something you must know -Again same answer, it's Youtube.
6. Research or Googling -Very Important in CyberSecurity.

• Python - According to us, we'll suggest to learn Python first

• Python

• Bash

• C - Atleast basics aregood

• SQL

• JavaScript (basics) - Web related

• PHP (basics) - Web related

• Powershell - Some understanding isGood

• Python (Recommended to all)

• SQL (Recommended to all)

• C Recommended to all

• Bash (Recommended to all)

• Csharp (Recommended to offensive or Red Team ops)

• C++ (MOSTLY recommended to Red Team Ops, malware developers or Researchers)

• Assembly - (Mostly to Red Team Ops, Exploit Developers and Reverse Engineers)

• Ruby ( Interest Based)

• Perl (Interest Based)

• Go (Interest Based)

• JavaScript (basic) - Web-Apps Pentesters

• Nim - Interest based or Red Team Ops

• Powershell - Recommended to all

• PHP (basic) - Web-Apps Pentesters

• nodejs ( Recommended to WebApps Pentesters ....) - Nowdays, Corporates started moving towards nodejs rather than PHP

• Lua ( Interest Based......)

• Java (Mostly to Android Application Pentesters)

• Some Basic knowledge of visual basic, Powershell scripting (MOSTLY Red Team Ops) - Basically Windows based languages [OPTIONAL, But you should be good in googling then it's optional for you. Sometimes we just need to ready our things on research basis]

  

• English Youtube Channels

• Hindi youtube channels

• Hackers-arise by an amazing person - Occupy The Web
• Hacking Articles by Ignite Technologies India
• Null-Byte
• HackerSploit
• Sevagas
• Ehacking
• sans free community resources
• Hacksplaining
• LiveOverflow
• Infinite Logins
• Zsecurity

• TryHackMe
• HackTheBox
• HackThisSite
• Proving Grounds
• VulnHub
• Setup your own VM Environment

• Aweasome-CyberSecurity
• Aweasome-Pentest
• Penetration-Testing
• Penetration-Testing-Tools
• Public-Pentesting-Reports
• Beginners-Network-Pentesting
• Hacker-Roadmap
• Web-Pentesting-Scratch
• Awesome-Pentest-Cheetsheet
• Awesome-Security
• Personal-Security
• Awesome-Cyber-Skills
• Awesome-Hacking
• Awesome-Cyber-Security
• awesome-cybersec
• Awesome-Security
• Awesome-Blue-Team-CyberSecurity
• Awesome-Infosec
• CyberSecurity
• NIST CyberSecurity Resources

• Delinea
• Infosec-live
• Darknet-Diaries
• TheCyberWire - Huge collection of Podcasts
• Red-Team-Podcasts
• social-engineer
• sans-podcast
• Hacker-valley
• CyberSecurity-Today

1. Cybrary
2. ITProTv
3. EC-Council's Codered
4. OPSWAT Academy
5. Udemy
6. PluralSight
7. Edx
8. Coursera
9. FutureLearn
10. Sans Community
11. YouTube
12. Google and Research

• BlackHat
• DEF CON
• NullCon
• Hack In The Box
• BSides
• RSA Conference
• ThreatCon

• Dark-Reading
• ThreatPost
• The Hacker News
• Infosec-Writeups
• Ctf-Writeups
• ThreatNinja - HTB CTF WriteUps
• GbHackers

1. Pipl --- Personal information
2. Censys --- Network mapping service
3. CRT sh --- URL Certificate report
4. Cyber Background Checks --- Personal information
5. DeHashed --- Personal information
6. Grep App --- GIT Map
7. Keyword Shitter --- Marketing keyword
8. Google AdWords --- Marketing keyword
9. GrayHatWarefare --- searchable database of open S3 buckets
10. EPIEOS --- Personal information
11. FullHunt --- URL IP report
12. HaveIBeenPwned --- Personal information
13. Hunter --- Email report
14. Intelligence x --- Email IP report
15. Keyword Tool --- Marketing keyword
16. KWFinder --- Marketing keyword
17. LeakIX --- URL IP Report
18. Firefox Monitor --- Personal information
19. Natlas --- IP Scanner
20. Netlas --- IP Scanner
21. Nuclear Leaks --- Directory
22. OSINT Framework --- Directory
23. Packet Storm Security --- Exploits database
24. PolySwarm --- URL Files Report
25. PublicWWW --- Marketing keyword
26. Pulsedive --- URL IP Report
27. SecurityTrails --- URL IP Report
28. Tineye --- Reverse Image
29. URL Scan --- URL IP Report
30. Vulners --- Exploits database
31. Binary Edge --- IP Report
32. Criminal IP --- IP Report
33. Grey Noise --- IP Report
34. Keyword discover --- Marketing keyword
35. Onyphe --- IP Report
36. Shodan --- Internet Of Things (IoT)
37. ZoomEye --- Network mapping service
38. WiGLE --- Wifi Map
39. OSINT-Link --- Directory
40. SignalHire --- Personal information
41. sploitus --- Exploits database
42. exploit-db --- Exploits database
43. CVE Details --- Exploits database
44. nmmapper --- Exploits database
45. Vulmon --- Exploits database
46. exploits.shodan --- Exploits database
47. vulnerability-lab --- Exploits database
48. Airport webcams --- Webcam
49. Insecam --- Webcam
50. Lookr --- Weather
51. Earthcam --- Webcam
52. Opentopia --- Webcam
53. Pictimo --- Webcam
54. Webcam-nl (NL) --- Webcam
55. Webcams-travel --- Webcam
56. Worldcam --- Webcam

Awesome-Search-Engines

Youtube-Playlist -https://www.youtube.com/watch?v=ZHl0WI32XkY&list=PLLUQRPAOwP1gCZ9DdsSlWwOKNNI6ADRT3

• IP Addressing - IPv4,IPv6
• Subnetting & CIDR Notation
• MAC Addressing & why we use
• What is ISP
• TCP/IP Model
• OSI Model ( Reference or to understand only)
• Wide Area Network, lan Area Network, Personal Area Network, Metropolitan Area Network
• Accces Point, Router, WIFI Technology
• Maximum Trnsmitting Unit ( MTU )
• TCP 3 way handshake
• UDP
• ICMP
• DNS protocol
• ARP
• Broadcasting
• Bits,Bytes & data packet architecture
• Fragmentation
• VPN & Socks proxy
• DNS servers like cloudflare, google, default etc
• Routing
• Port nummbers & services
• FTP
• SMTP, POP3, IMAP
• HTTP,HTTPS
• Understand urls
• Port forwarding
• Packet Header Form
• As I listed services like DNS, SMTP, HTTPS, SNMP, DHCP etc -keep learning many of them time to time
• Network Topology
• Physical Network cables
• Firewalls, Intrusion detection system ( IDS ), Intrusion Prevention system ( IPS ) -workings, use & types

• Fundamentals of ICS/SCADA CyberSecurity -Definately recommend it. if you want to understand faster and everything is covered there.!!!

• What is ICS, Scada, HMI mainly.
• understand concept of MTU, RTU.
• Difference between IT and OT Security and what's the main difference in both compared to other.*
• OT is vulnerable in nature but what makes it vulnerable and why we can't resolve it by encryption.
• Understand ICS protocols for example Modbus, S7, Profinet, Profibus and various other.

• Practical Industrial Control System Penetration Testing - Udemy - Recommended
• Hacker-Arise-Scada - Recommedended
• ICS-Pentesting-Tools
• Awesome-IndustryControlSystems
• ICS-Security-Tools
• ICS-Hacking
• Aweasome-ICS-WriteUps
• Awesome-IOT-ICS - Combined short tutorials of both ICS and IOT
• Infosec-reference-Scada
• ICS-Pentesting-Youtube - Watch this too
• SANS ICS - youtube
• ICS Village - youtube
• plcprofessor
• Brian Douglas
• Rick-Cen-Youtube
• How to Pentest ICS Environments
• Pentesting-ICS-Systems--Overview - by Infosec Institute
• Pentesting-ICS-Systems--Methodology - recommended
• scadahacker
• ICS cybersecurity academy
• Cutaway-Security - youtube
• Cutaway-Security-Github
• A Collection of Resources for Getting Started in ICS/SCADA Cybersecurity
• controlthings.io
• ICS and PLC Pentesting and Hacking
• Free Industrial Control System (ICS) Cyber Security Training Course
• CISA Training - Recommended
• CISA's Training Portal - Recommended

• Pentesting Industrial Control Systems - Packt publishing.
• Industrial Cybersecurity: Efficiently monitor the cybersecurity posture of your ICS environment - Packt publishing.
• Hacking Exposed Industrial Control Systems: ICS and SCADA Security Secrets & Solutions - Multiple Authors.

• Be familiar with Network Pentesting ( till privilege escalation, post-exploitation and clearing tracks. This gonna help you in Red Team Methodology, so you may able to adopt things more deeper ) .

• Requires practice and deep understanding cause Red Team Operations are totally Real-World and there's tons of things to explore !!! .

• Always be willing to research and learn new things daily .

• If you're good with obfuscation before, It might help you in long run . [OPTIONAL - You can learn or figure-out it after getting into Red-Team Operations too :)]

• Mindset - Nothing is Secure .

  

• Hacking-Articles-Red-Teaming - Most updated with deep knowledge
• RedTeaming-Toolkit
• oddvar.moe
• Awesome-Red-Teaming-Resources
• Red-Team-OffensiveSecurity
• Awesome-Red-Team-Operations
• Red-Teaming/Adversary-Emulation
• Red-Team-Infrastructure-Wiki
• Adversary-Emulation-Library
• MITRE ATT&CK® - Must read & adopt in Red Team Operations to sharpen your skills, always be curious and ready to Emulate
• awesome-red-teaming
• Red-Teaming-Toolkit-Collection
• SANS Offensive Operations
• Sevagas

• If you understand HTML, JavaScript, Node.JS, Java and PHP. It'll always be an upper hand for you.
• Web sometimes can be confusing, follow a methodology to do properly.
• Atleast get familiar with basic types of web-attacks and vulnerabilities.

• Portswigger-Academy - Practical learning
• Web-Application-Pentesting - Medium writeups for beginners to level-up.
• Web-Tools-Resources
• Awesome-Web-Hacking
• Awesome-Web-Security
• Web-Checklists
• Web-Security-Roadmap
• WebSecurity-Stuff
• Owasp-Juice-Shop - Helps to learn and deal web vulnerabilities.

• Be familiar with Assembly Language
• Learn some Reverse Engineering first
• Fuzzing
• Learn something about Zero-Day Vulnerabilities
• Debugging ( basics )
• What exactly is a shellcode
• Basics of C language atleast first
• System Architecture like x86, x64
• Memory and CPU concepts such as memory addressing, registers and stack
• Understand spiking or spike fuzzing
• Lots of Motivation to start

• Exploit-Development-repo
• Getting-Started Exploit-Developmemt - Introduction
• LiveOverflow-Youtube
• Corelan
• FuzzySecurity
• Exploit Development
• Huge-Exploit-Development
• CryptoCat-Youtube-Playlist-BinaryExploitation
• PinkDraconian-playlist-BinaryExploitation
• Exploit Development - Cranelab