Skip to content

A bunch of resources containing learning resources, certifications, security frameworks, bug bounties, podcasts and tools used for cyber security.

License

Notifications You must be signed in to change notification settings

TzuriLabs/awesome-cyber-security

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Cyber Security Awesome Awesome

A bunch of resources containing learning resources, certifications, security frameworks, bug bounties, podcasts and tools used for cyber security. This repository focuses primarily on hands on stuffs instead of theoritical ones.

Table of Contents

Learning Resources

Some learning resources which includes basic concepts, books, youtube channels, CTF platforms and certifications

Basic Concepts

Cyber Security Learning Platforms

  • HackTheBox Academy - A learning platform by HackTheBox offering structured courses on hacking and cybersecurity skills.
  • TryHackMe - An interactive site where users can learn and practice cybersecurity with hands-on labs and challenges.
  • Portswigger Web Security Learning - A resource that teaches web security through guided learning paths and interactive labs focused on real-world vulnerabilities.
  • CyberDefenders - A platform providing blue team (defense) challenges and training for cybersecurity professionals.
  • CryptoHack - A platform focused on cryptography challenges, helping users learn and practice breaking cryptographic systems.
  • Pwnable - A site with reverse engineering and binary exploitation challenges designed to improve hacking skills.
  • PwnCollege - An educational platform offering courses on cybersecurity, with a focus on binary exploitation and advanced topics.
  • Crackmes - A community-driven platform where users can solve reverse engineering challenges (crackmes) to enhance their skills.

Books

Youtube Channels

  • The Cyber Mentor - Tutorials on ethical hacking, penetration testing, and cybersecurity certifications.
  • HackerSploit - Cybersecurity training focused on penetration testing and ethical hacking.
  • Ryan John - Cybersecurity concepts, research, and practical tutorials.
  • John Hammond - CTF walkthroughs, malware analysis, and cybersecurity tips.
  • David Bombal - Networking and cybersecurity lessons, including certifications like Cisco and ethical hacking.
  • Network Chuck - Cybersecurity and IT tutorials, focusing on practical skills and certifications.
  • ComputerPhile - Videos explaining computer science topics, cybersecurity, and cryptography.
  • Ippsec - HackTheBox walkthroughs and penetration testing strategies.
  • Hak 5 - Hacking tools, techniques, and cybersecurity tips.
  • Stok - Bug bounty tips and insights for aspiring hunters.
  • Insider PhD - Bug bounty tutorials and tips for beginners in cybersecurity.
  • With Sandra - Cybersecurity career advice and practical hacking tutorials.
  • Unix Guy - Tutorials on Linux, Unix systems, and security.

CTF Platforms

  • picoCTF - A platform with fun, beginner-friendly hacking challenges for students and new learners in cybersecurity.
  • Overthewire - A website with games to help you learn cybersecurity and Linux by solving hands-on challenges.
  • CTFTime - A site that lists Capture the Flag (CTF) competitions, shows rankings, and tracks events for competitive players.
  • HackTheBox CTF - A popular platform where you can practice hacking in realistic environments through CTF challenges and labs.
  • TryHackMe CTF - An interactive platform with CTF challenges and guided lessons for people learning cybersecurity at all levels.
  • Hacker101 - A free course by HackerOne that teaches hacking and web security through lessons and CTF challenges, with a focus on finding bugs.
  • RingZeroCTF - A platform with hacking challenges in cryptography, reverse engineering, and more to improve your skills.
  • BugCrowdCTF - A bug bounty website that sometimes runs CTF challenges to help you practice finding security flaws.
  • VulnHub - A site where you can download vulnerable machines to practice hacking and security testing in a safe environment.
  • RootMe - A platform with hundreds of hacking challenges for both beginners and experts to improve their cybersecurity skills.

Certifications

A list of certifications that you can take to boost your career both in the red team side or the blue team

Red Team Certifications

Blue Team Certifications

Security Frameworks

  • OWASP Top Ten - A widely recognized list of the ten most critical web application security risks, providing guidance on vulnerabilities and best practices for developers and security professionals.
  • OWASP ASVS (Application Security Verification Standard) - A framework for designing, developing, and testing secure web applications, providing a basis for assessing security controls.
  • CWE (Common Weakness Enumeration) - A community-developed list of common software and hardware weaknesses that can lead to security vulnerabilities, serving as a guide for secure coding practices.
  • SANS Top 25 Software Errors - A list identifying the 25 most dangerous software errors that can lead to vulnerabilities in web applications, offering guidance for prevention.
  • ISO/IEC 27032 - An international standard providing guidelines for cybersecurity, focusing on the protection of information in cyberspace and addressing network security considerations.
  • NIST Cybersecurity Framework - A flexible framework that provides guidelines for managing and mitigating cybersecurity risks, including those related to network security.
  • Fortinet Security Fabric - A comprehensive cybersecurity framework designed by Fortinet, integrating various security solutions to protect network infrastructure from threats.
  • MITRE ATT&CK - A knowledge base that provides a framework for understanding and defending against cyber adversaries, including tactics and techniques that can affect network security.

Bug Bounties

Some bug bounty programs where you can find vulnerabilities and get bounties for it

  • Hackerone - A leading bug bounty platform that connects businesses with ethical hackers to find and report security vulnerabilities.
  • Bugcrowd - A crowdsourced cybersecurity platform offering bug bounty programs to help organizations identify and fix vulnerabilities.
  • Yeswehack - A global bug bounty platform providing opportunities for ethical hackers to find vulnerabilities in various organizations' systems.
  • Patchstack - A bug bounty platform focused on securing WordPress plugins and themes through vulnerability disclosure and patching.
  • Redstorm.io - A bug bounty platform that allows hackers to report vulnerabilities in exchange for rewards, focusing on improving cybersecurity for businesses.
  • app.cyberarmy.id - An Indonesian bug bounty platform connecting security researchers with companies to help them identify and resolve vulnerabilities.

Podcasts

  • David Bombal Podcast - A podcast hosted by David Bombal, covering cybersecurity topics, networking, and tech interviews with industry experts.
  • Darknet Diaries - A storytelling podcast focused on true stories from the dark side of the internet, including hacking and cybercrime.
  • The IT Career Podcast - A podcast offering insights into IT careers, cybersecurity, and practical advice for getting started or advancing in the field.
  • Critical Thinking Bug Bounties Podcast - A podcast focusing on bug bounties, ethical hacking, and vulnerability disclosure, featuring discussions with security experts.
  • Hacker Valley Media - A podcast exploring various cybersecurity topics, from hacking stories to mental health in the cybersecurity industry.
  • Hack The Box Podcast - The official Hack The Box podcast that discusses ethical hacking, cybersecurity challenges, and interviews with security professionals.
  • Langley Files - A podcast by the CIA offering a behind-the-scenes look at intelligence, cybersecurity, and national security issues.

Tools

A list of tools used in cyber security which includes web app pentesting, network pentesting, software security and network security

Web Application Pentesting

1. Reconnaisance

  • Recon-ng - A web reconnaissance framework that provides a powerful environment for open-source web-based reconnaissance.
  • Google Dorking - A technique that uses advanced Google search operators to find sensitive information exposed on the web.

2. Scanning & Enumeration

  • Burpsuite - A popular web application security testing tool that includes features for scanning, crawling, and analyzing web applications.
  • OWASP ZAP - An open-source web application security scanner that helps find security vulnerabilities in web applications.
  • Nikto - A web server scanner that performs comprehensive tests against web servers for multiple items, including outdated server software, and vulnerabilities.
  • Acunetics - An automated web application security scanner that checks for vulnerabilities like SQL injection, XSS, and more.

3. Gaining Access / Exploitation

  • SQLMap - An open-source penetration testing tool that automates the process of detecting and exploiting SQL injection vulnerabilities.
  • XSSer - a tool to exploit XSS vulnerabilities.
  • Burpsuite (Intruder) - Besides scanning, Burp's Intruder tool can be used for brute-forcing and payload injection.
  • Hydra - A popular password-cracking tool used for conducting rapid dictionary attacks against various protocols.
  • BeEF - a powerful tool that can perform various tasks aimed at exploiting vulnerabilities in web browsers.

Network Pentesting

1. Reconnaisance

  • Maltego - A tool for open-source intelligence (OSINT) and forensics that can visualize relationships between data.
  • Harvester - A tool used for gathering e-mail accounts and subdomain names from different public sources (search engines, pgp key servers).
  • DNSRecon - A DNS reconnaissance tool that performs various DNS enumeration techniques.

2. Scanning & Enumeration

  • Nmap - A powerful network scanner used for discovering hosts and services on a computer network.
  • Nessus - A widely used vulnerability scanner that identifies vulnerabilities in systems and applications.
  • Wireshark - A network protocol analyzer that captures and analyzes network traffic, useful for troubleshooting and identifying vulnerabilities.

3. Gaining Access / Exploitation

  • Metasploit - A widely used penetration testing framework that includes a range of exploits and payloads to gain access to systems.
  • Hydra - A fast network logon cracker that supports numerous protocols for password guessing.
  • Aircrack-ng - A suite of tools for assessing Wi-Fi network security, including capturing packets and cracking WEP/WPA/WPA2 keys.

4. Maintaining Access

  • Netcat - A networking utility that can create TCP/UDP connections and is often used for creating backdoors.
  • Meterpreter - A payload within Metasploit that allows for post-exploitation, providing a command shell and extensive features for maintaining access.
  • Empire - A post-exploitation framework that uses PowerShell agents for persistence and control.
  • Cobalt Strike - A commercial penetration testing tool that provides advanced features for post-exploitation and persistence.
  • RATs (Remote Access Trojans) - Tools like DarkComet or NjRAT allow attackers to maintain remote control over compromised systems.

5. Clearing Tracks

  • CCleaner - A tool used to remove unnecessary files and clear logs to cover tracks after an attack.
  • Metasploit (Clearing Logs / Post Exploitation Modules) - Metasploit's post-exploitation modules can assist in clearing logs and covering tracks.
  • Timestomp - A tool that allows users to modify file timestamps to obscure evidence of access or modification.
  • Sysinternals Suite - A collection of utilities (like PsExec) that can help manage and hide processes, as well as clear logs.
  • Rootkits - Though illegal and unethical for legitimate pentesting, rootkits can hide files and processes from detection.

Software Security

  • Microsoft Threat Modelling Tool - A tool that helps identify and address security threats early in the software development process by creating threat models.
  • SonarQube - An open-source platform that automatically inspects code quality and security vulnerabilities during development.
  • Semgrep - A fast and customizable static analysis tool for finding security vulnerabilities and enforcing code standards.
  • ZAP-Cli - A command-line interface for OWASP ZAP that automates web application security scanning and testing.

Network Security

Malware Analysis

  • Detect It Easy (DIE) - A tool for identifying and analyzing file formats and executable packers to help with reverse engineering.
  • Ghidra - An open-source software reverse engineering tool developed by the NSA, providing powerful decompilation and analysis capabilities.
  • IDA Pro - A widely used disassembler and debugger for reverse engineering applications and malware analysis.
  • Radare 2 - A free and open-source reverse engineering framework offering disassembly, debugging, and binary analysis features.
  • JADX - A decompiler for Android applications, converting APK files back into readable Java source code.
  • Any Run - An interactive online malware analysis service that allows users to run and analyze malicious files in real time.
  • Triage - A cloud-based automated malware analysis platform designed for quick and efficient analysis of suspicious files.
  • Cuckoo Sandbox - An open-source automated malware analysis system that runs suspicious files in an isolated environment to observe behavior.

Intrusion Detection / Prevention System (IDS / IPS)

  • Snort - An open-source intrusion detection and prevention system (IDS/IPS) capable of real-time traffic analysis and packet logging.
  • Suricata - A high-performance, open-source IDS, IPS, and network security monitoring engine that can handle multi-threaded traffic analysis.
  • OSSEC - An open-source host-based intrusion detection system (HIDS) that monitors logs, detects anomalies, and provides real-time alerting.
  • Zeek - A network security monitoring tool that analyzes traffic and provides deep inspection and logging of network activity.
  • Security Onion - A free and open-source Linux distribution for intrusion detection, network security monitoring, and log management.

Honeypots

  • Dionaea - A low-interaction honeypot designed to capture malware and network attacks by emulating vulnerable services.
  • Glastopf - A web application honeypot that emulates vulnerable websites to gather information on web-based attacks.
  • Cowrie - A medium-interaction SSH and Telnet honeypot designed to log brute-force attacks and shell commands.
  • Kippo - A medium-interaction SSH honeypot focused on logging brute-force login attempts and simulating an interactive shell.
  • Laravel application honeypot - A honeypot package for Laravel applications to protect against automated form submissions and spam.
  • Wordpress honeypots - Honeypot setups specifically designed to capture attacks targeting vulnerabilities in WordPress installations.
  • Honeyd - A versatile low-interaction honeypot that simulates various network services and hosts to detect and log network activity.
  • Mongodb honeypot proxy - A honeypot proxy that simulates MongoDB servers to capture and analyze malicious activity targeting exposed databases.

SIEM

  • Wazuh - An open-source security monitoring platform that offers SIEM, intrusion detection, and compliance management.
  • Splunk - A powerful SIEM solution that collects, analyzes, and visualizes machine data in real-time for security monitoring and analytics.
  • IBM Security QRadar - An enterprise-level SIEM that helps detect, analyze, and respond to security threats across the network.
  • Rapid7 InsightIDR - A cloud-based SIEM tool that focuses on detecting intrusions, investigating security incidents, and automating responses.
  • Fortinet FortiSIEM - A comprehensive SIEM that combines real-time monitoring, event correlation, and performance management.
  • SolarWinds Security Event Manager - A SIEM solution that provides automated threat detection, event correlation, and incident response capabilities.

Misc

Varied resources in a plethora of topics

More Awesome Repos (actively maintained)

About

A bunch of resources containing learning resources, certifications, security frameworks, bug bounties, podcasts and tools used for cyber security.

Topics

Resources

License

Code of conduct

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •