A bunch of resources containing learning resources, certifications, security frameworks, bug bounties, podcasts and tools used for cyber security. This repository focuses primarily on hands on stuffs instead of theoritical ones.
Some learning resources which includes basic concepts, books, youtube channels, CTF platforms and certifications
- Networking fundamentals (HackTheBox Academy) - An introduction to networking concepts, protocols, and architecture, designed to build a foundation for cybersecurity.
- Practical Networking - A GitHub repository providing practical learning modules for computer networking fundamentals.
- Linux OS fundamentals (HackTheBox Academy) - A course covering the essential concepts and tools of the Linux operating system for cybersecurity purposes.
- Practical OS fundamentals - A resource that provides practical knowledge on operating system fundamentals, focusing on key concepts like processes and memory management.
- Web programming fundamentals: HTML and CSS basics (Freecodecamp) - A beginner-friendly course covering the fundamentals of HTML and CSS for building web pages.
- Web programming fundamentals: Javascript basics (Freecodecamp) - A comprehensive course teaching JavaScript programming, focusing on algorithms and data structures.
- Programming fundamentals: Python basics (Freecodecamp) - A course teaching the basics of Python programming, designed for beginners and covering fundamental concepts.
- Web fundamentals (Angela Yu, Udemy) - A comprehensive course on web development covering HTML, CSS, JavaScript, and backend fundamentals.
- Relational Database fundamentals with SQL (Freecodecamp) - A course that teaches relational database concepts and SQL for querying and managing databases.
- Backend API fundamentals using Expressjs (Freecodecamp) - A course focused on building backend APIs using Express.js, teaching how to handle HTTP requests and data.
- HackTheBox Academy - A learning platform by HackTheBox offering structured courses on hacking and cybersecurity skills.
- TryHackMe - An interactive site where users can learn and practice cybersecurity with hands-on labs and challenges.
- Portswigger Web Security Learning - A resource that teaches web security through guided learning paths and interactive labs focused on real-world vulnerabilities.
- CyberDefenders - A platform providing blue team (defense) challenges and training for cybersecurity professionals.
- CryptoHack - A platform focused on cryptography challenges, helping users learn and practice breaking cryptographic systems.
- Pwnable - A site with reverse engineering and binary exploitation challenges designed to improve hacking skills.
- PwnCollege - An educational platform offering courses on cybersecurity, with a focus on binary exploitation and advanced topics.
- Crackmes - A community-driven platform where users can solve reverse engineering challenges (crackmes) to enhance their skills.
- Web Application Hacker's Handbook - A comprehensive guide to discovering, exploiting, and securing web application vulnerabilities.
- Hacking: The Art of Exploitation, 2nd Edition - A deep dive into the techniques and concepts behind hacking and security, with a focus on coding and exploitation.
- Linux Basics for Hackers: Getting Started with Networking, Scripting, and Security in Kali - An introduction to Linux and essential hacking skills using the Kali Linux distribution.
- CompTIA Security+ SY0-701 Certification Guide: Master Cybersecurity Fundamentals and Pass the SY0-701 Exam on Your First Attempt - A study guide that covers all the cybersecurity topics required to pass the Security+ certification exam.
- Black Hat Python, 2nd Edition: Python Programming for Hackers and Pentesters - A book that teaches Python programming techniques for writing security tools and scripts for penetration testing.
- Cryptography and Network Security: Principles and Practice - A detailed book that explains cryptographic techniques and how they apply to network security.
- The Cyber Mentor - Tutorials on ethical hacking, penetration testing, and cybersecurity certifications.
- HackerSploit - Cybersecurity training focused on penetration testing and ethical hacking.
- Ryan John - Cybersecurity concepts, research, and practical tutorials.
- John Hammond - CTF walkthroughs, malware analysis, and cybersecurity tips.
- David Bombal - Networking and cybersecurity lessons, including certifications like Cisco and ethical hacking.
- Network Chuck - Cybersecurity and IT tutorials, focusing on practical skills and certifications.
- ComputerPhile - Videos explaining computer science topics, cybersecurity, and cryptography.
- Ippsec - HackTheBox walkthroughs and penetration testing strategies.
- Hak 5 - Hacking tools, techniques, and cybersecurity tips.
- Stok - Bug bounty tips and insights for aspiring hunters.
- Insider PhD - Bug bounty tutorials and tips for beginners in cybersecurity.
- With Sandra - Cybersecurity career advice and practical hacking tutorials.
- Unix Guy - Tutorials on Linux, Unix systems, and security.
- picoCTF - A platform with fun, beginner-friendly hacking challenges for students and new learners in cybersecurity.
- Overthewire - A website with games to help you learn cybersecurity and Linux by solving hands-on challenges.
- CTFTime - A site that lists Capture the Flag (CTF) competitions, shows rankings, and tracks events for competitive players.
- HackTheBox CTF - A popular platform where you can practice hacking in realistic environments through CTF challenges and labs.
- TryHackMe CTF - An interactive platform with CTF challenges and guided lessons for people learning cybersecurity at all levels.
- Hacker101 - A free course by HackerOne that teaches hacking and web security through lessons and CTF challenges, with a focus on finding bugs.
- RingZeroCTF - A platform with hacking challenges in cryptography, reverse engineering, and more to improve your skills.
- BugCrowdCTF - A bug bounty website that sometimes runs CTF challenges to help you practice finding security flaws.
- VulnHub - A site where you can download vulnerable machines to practice hacking and security testing in a safe environment.
- RootMe - A platform with hundreds of hacking challenges for both beginners and experts to improve their cybersecurity skills.
A list of certifications that you can take to boost your career both in the red team side or the blue team
- CompTIA Pentest+ - A certification that validates skills in penetration testing, vulnerability assessment, and management.
- Offensive Security Certified Professional (OSCP) - A hands-on certification that demonstrates practical knowledge of penetration testing methodologies and techniques.
- Certified Ethical Hacker (CEH) - A certification focusing on ethical hacking tools and techniques for assessing and securing systems.
- Certified Penetration Tester (CPT) - A certification designed to validate practical penetration testing skills and methodologies.
- Practical Web Penetration Tester (PWPT) - A certification focused on web application security, providing hands-on experience in penetration testing.
- Certified Bug Bounty Hunter (CBBH) - A certification designed for individuals interested in participating in bug bounty programs and finding vulnerabilities.
- eLearnSecurity Mobile Application Penetration Tester (eMAPT) - A certification that focuses on assessing the security of mobile applications through practical exercises.
- eLearnSecurity Web Application Penetration Tester eXtreme (eWPTXv2) - An advanced certification covering web application penetration testing techniques and strategies.
- eLearnSecurity Junior Penetration Tester (eJPT) - An entry-level certification validating foundational knowledge and skills in penetration testing.
- CompTIA Security+ - A foundational certification covering essential security concepts and practices for IT professionals.
- Certified Information Systems Security Professional (CISSP) - A globally recognized certification validating expertise in information security management and practices.
- Microsoft Certified: Security Operations Analyst Associate - A certification focused on using Microsoft security tools to detect and respond to security threats.
- Certified Cybersecurity Analyst (CySA+) - A certification that emphasizes security analytics, threat detection, and incident response.
- Certified SOC Analyst (CSA) - A certification tailored for SOC roles, focusing on skills required for effective security operations.
- Cisco Certified CyberOps Associate - A certification providing knowledge and skills for security operations in network environments.
- OWASP Top Ten - A widely recognized list of the ten most critical web application security risks, providing guidance on vulnerabilities and best practices for developers and security professionals.
- OWASP ASVS (Application Security Verification Standard) - A framework for designing, developing, and testing secure web applications, providing a basis for assessing security controls.
- CWE (Common Weakness Enumeration) - A community-developed list of common software and hardware weaknesses that can lead to security vulnerabilities, serving as a guide for secure coding practices.
- SANS Top 25 Software Errors - A list identifying the 25 most dangerous software errors that can lead to vulnerabilities in web applications, offering guidance for prevention.
- ISO/IEC 27032 - An international standard providing guidelines for cybersecurity, focusing on the protection of information in cyberspace and addressing network security considerations.
- NIST Cybersecurity Framework - A flexible framework that provides guidelines for managing and mitigating cybersecurity risks, including those related to network security.
- Fortinet Security Fabric - A comprehensive cybersecurity framework designed by Fortinet, integrating various security solutions to protect network infrastructure from threats.
- MITRE ATT&CK - A knowledge base that provides a framework for understanding and defending against cyber adversaries, including tactics and techniques that can affect network security.
Some bug bounty programs where you can find vulnerabilities and get bounties for it
- Hackerone - A leading bug bounty platform that connects businesses with ethical hackers to find and report security vulnerabilities.
- Bugcrowd - A crowdsourced cybersecurity platform offering bug bounty programs to help organizations identify and fix vulnerabilities.
- Yeswehack - A global bug bounty platform providing opportunities for ethical hackers to find vulnerabilities in various organizations' systems.
- Patchstack - A bug bounty platform focused on securing WordPress plugins and themes through vulnerability disclosure and patching.
- Redstorm.io - A bug bounty platform that allows hackers to report vulnerabilities in exchange for rewards, focusing on improving cybersecurity for businesses.
- app.cyberarmy.id - An Indonesian bug bounty platform connecting security researchers with companies to help them identify and resolve vulnerabilities.
- David Bombal Podcast - A podcast hosted by David Bombal, covering cybersecurity topics, networking, and tech interviews with industry experts.
- Darknet Diaries - A storytelling podcast focused on true stories from the dark side of the internet, including hacking and cybercrime.
- The IT Career Podcast - A podcast offering insights into IT careers, cybersecurity, and practical advice for getting started or advancing in the field.
- Critical Thinking Bug Bounties Podcast - A podcast focusing on bug bounties, ethical hacking, and vulnerability disclosure, featuring discussions with security experts.
- Hacker Valley Media - A podcast exploring various cybersecurity topics, from hacking stories to mental health in the cybersecurity industry.
- Hack The Box Podcast - The official Hack The Box podcast that discusses ethical hacking, cybersecurity challenges, and interviews with security professionals.
- Langley Files - A podcast by the CIA offering a behind-the-scenes look at intelligence, cybersecurity, and national security issues.
A list of tools used in cyber security which includes web app pentesting, network pentesting, software security and network security
- Recon-ng - A web reconnaissance framework that provides a powerful environment for open-source web-based reconnaissance.
- Google Dorking - A technique that uses advanced Google search operators to find sensitive information exposed on the web.
- Burpsuite - A popular web application security testing tool that includes features for scanning, crawling, and analyzing web applications.
- OWASP ZAP - An open-source web application security scanner that helps find security vulnerabilities in web applications.
- Nikto - A web server scanner that performs comprehensive tests against web servers for multiple items, including outdated server software, and vulnerabilities.
- Acunetics - An automated web application security scanner that checks for vulnerabilities like SQL injection, XSS, and more.
- SQLMap - An open-source penetration testing tool that automates the process of detecting and exploiting SQL injection vulnerabilities.
- XSSer - a tool to exploit XSS vulnerabilities.
- Burpsuite (Intruder) - Besides scanning, Burp's Intruder tool can be used for brute-forcing and payload injection.
- Hydra - A popular password-cracking tool used for conducting rapid dictionary attacks against various protocols.
- BeEF - a powerful tool that can perform various tasks aimed at exploiting vulnerabilities in web browsers.
- Maltego - A tool for open-source intelligence (OSINT) and forensics that can visualize relationships between data.
- Harvester - A tool used for gathering e-mail accounts and subdomain names from different public sources (search engines, pgp key servers).
- DNSRecon - A DNS reconnaissance tool that performs various DNS enumeration techniques.
- Nmap - A powerful network scanner used for discovering hosts and services on a computer network.
- Nessus - A widely used vulnerability scanner that identifies vulnerabilities in systems and applications.
- Wireshark - A network protocol analyzer that captures and analyzes network traffic, useful for troubleshooting and identifying vulnerabilities.
- Metasploit - A widely used penetration testing framework that includes a range of exploits and payloads to gain access to systems.
- Hydra - A fast network logon cracker that supports numerous protocols for password guessing.
- Aircrack-ng - A suite of tools for assessing Wi-Fi network security, including capturing packets and cracking WEP/WPA/WPA2 keys.
- Netcat - A networking utility that can create TCP/UDP connections and is often used for creating backdoors.
- Meterpreter - A payload within Metasploit that allows for post-exploitation, providing a command shell and extensive features for maintaining access.
- Empire - A post-exploitation framework that uses PowerShell agents for persistence and control.
- Cobalt Strike - A commercial penetration testing tool that provides advanced features for post-exploitation and persistence.
- RATs (Remote Access Trojans) - Tools like DarkComet or NjRAT allow attackers to maintain remote control over compromised systems.
- CCleaner - A tool used to remove unnecessary files and clear logs to cover tracks after an attack.
- Metasploit (Clearing Logs / Post Exploitation Modules) - Metasploit's post-exploitation modules can assist in clearing logs and covering tracks.
- Timestomp - A tool that allows users to modify file timestamps to obscure evidence of access or modification.
- Sysinternals Suite - A collection of utilities (like PsExec) that can help manage and hide processes, as well as clear logs.
- Rootkits - Though illegal and unethical for legitimate pentesting, rootkits can hide files and processes from detection.
- Microsoft Threat Modelling Tool - A tool that helps identify and address security threats early in the software development process by creating threat models.
- SonarQube - An open-source platform that automatically inspects code quality and security vulnerabilities during development.
- Semgrep - A fast and customizable static analysis tool for finding security vulnerabilities and enforcing code standards.
- ZAP-Cli - A command-line interface for OWASP ZAP that automates web application security scanning and testing.
- Detect It Easy (DIE) - A tool for identifying and analyzing file formats and executable packers to help with reverse engineering.
- Ghidra - An open-source software reverse engineering tool developed by the NSA, providing powerful decompilation and analysis capabilities.
- IDA Pro - A widely used disassembler and debugger for reverse engineering applications and malware analysis.
- Radare 2 - A free and open-source reverse engineering framework offering disassembly, debugging, and binary analysis features.
- JADX - A decompiler for Android applications, converting APK files back into readable Java source code.
- Any Run - An interactive online malware analysis service that allows users to run and analyze malicious files in real time.
- Triage - A cloud-based automated malware analysis platform designed for quick and efficient analysis of suspicious files.
- Cuckoo Sandbox - An open-source automated malware analysis system that runs suspicious files in an isolated environment to observe behavior.
- Snort - An open-source intrusion detection and prevention system (IDS/IPS) capable of real-time traffic analysis and packet logging.
- Suricata - A high-performance, open-source IDS, IPS, and network security monitoring engine that can handle multi-threaded traffic analysis.
- OSSEC - An open-source host-based intrusion detection system (HIDS) that monitors logs, detects anomalies, and provides real-time alerting.
- Zeek - A network security monitoring tool that analyzes traffic and provides deep inspection and logging of network activity.
- Security Onion - A free and open-source Linux distribution for intrusion detection, network security monitoring, and log management.
- Dionaea - A low-interaction honeypot designed to capture malware and network attacks by emulating vulnerable services.
- Glastopf - A web application honeypot that emulates vulnerable websites to gather information on web-based attacks.
- Cowrie - A medium-interaction SSH and Telnet honeypot designed to log brute-force attacks and shell commands.
- Kippo - A medium-interaction SSH honeypot focused on logging brute-force login attempts and simulating an interactive shell.
- Laravel application honeypot - A honeypot package for Laravel applications to protect against automated form submissions and spam.
- Wordpress honeypots - Honeypot setups specifically designed to capture attacks targeting vulnerabilities in WordPress installations.
- Honeyd - A versatile low-interaction honeypot that simulates various network services and hosts to detect and log network activity.
- Mongodb honeypot proxy - A honeypot proxy that simulates MongoDB servers to capture and analyze malicious activity targeting exposed databases.
- Wazuh - An open-source security monitoring platform that offers SIEM, intrusion detection, and compliance management.
- Splunk - A powerful SIEM solution that collects, analyzes, and visualizes machine data in real-time for security monitoring and analytics.
- IBM Security QRadar - An enterprise-level SIEM that helps detect, analyze, and respond to security threats across the network.
- Rapid7 InsightIDR - A cloud-based SIEM tool that focuses on detecting intrusions, investigating security incidents, and automating responses.
- Fortinet FortiSIEM - A comprehensive SIEM that combines real-time monitoring, event correlation, and performance management.
- SolarWinds Security Event Manager - A SIEM solution that provides automated threat detection, event correlation, and incident response capabilities.
Varied resources in a plethora of topics
- the-book-of-secret-knowledge - A huge collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more.
- awesome-threat-intelligence - A curated list of Awesome Threat Intelligence resources.
- awesome-osint - A curated list of amazingly awesome Open-Source Intelligence.
- awesome-cyber-skills - A curated list of hacking environments where you can train your cyber skills.