Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/harisqazi1/Cybersecurity
This is meant to assist people looking for entry level Cybersecurity jobs, as well as study up on skills that they can put on their resume.
https://github.com/harisqazi1/Cybersecurity
Last synced: 3 months ago
JSON representation
This is meant to assist people looking for entry level Cybersecurity jobs, as well as study up on skills that they can put on their resume.
- Host: GitHub
- URL: https://github.com/harisqazi1/Cybersecurity
- Owner: harisqazi1
- License: mit
- Created: 2020-10-31T23:47:13.000Z (about 4 years ago)
- Default Branch: main
- Last Pushed: 2024-02-07T10:47:07.000Z (9 months ago)
- Last Synced: 2024-05-12T09:36:27.798Z (6 months ago)
- Homepage:
- Size: 226 KB
- Stars: 878
- Watchers: 57
- Forks: 83
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- All-In-One-CyberSecurity-Resources - CyberSecurity
README
[](https://github.com/harisqazi1/Cybersecurity/stargazers) [](https://github.com/harisqazi1/Cybersecurity/network) [](https://github.com/harisqazi1/Cybersecurity/blob/main/LICENSE)
# Cybersecurity Document
This document is meant to be a Swiss Army Knife for entry level Cybersecurity jobs and to learn hacking skills. A work in progress, so if you see mistakes, please mention it in the "Issues" section.
NOTE: I DO NOT OWN ANY OF THIS INFORMATION. THIS IS JUST MEANT TO BE A COMPILATION OF VARIOUS RESOURCES. SOURCES ON THE BOTTOM.
DISCLAIMER: The information below is for eduational purposes ONLY. You are responsible for your own actions. (Don't hack your friend for not hanging out with you!)
## Table of contents
* [Foothold Job Titles](#entry-level-job-titles-not-cybersecurity-per-se-but-for-getting-a-foothold-in-the-industry)
* [Entry-Level Job Titles](#entry-level-job-titles-cybersecurity)
* [Mid-Level Job Titles](#mid-level)
* [Advanced-Level Jobs Titles](#advanced-level)
* [Career Websites](#career-websites)
* [Learning Hacking Skills](#how-do-i)
* [Subreddits](#subreddits)
* [Blogs](#blogs)
* [Podcasts](#podcasts)
* [Certifications](#certifications)
* [OWASP](#OWASP)
* [Cheat Sheets](#cheat-sheets)
* [Sources for this Document](#sources)
* [Acknowledgements](#acknowledgements)
Entry Level Job Titles (Not Cybersecurity per-se, but for getting a foothold in the industry)
---------------
IT Support Technician - Using a ticketing system for internal support requests and installing programs on computers.
IT Helpdesk Tier 1 - Using a ticketing system to provide support, as well as providing technical support over the phone.
Junior Network Technician - Assisting in adding users to the network, modifying user access, and performing basic network maintenance tasks.
System Administrator - Responsible for the configuration, upkeep and reliable operation of a company’s network and computer systems.
Data Administrator - Use specialized software to store and organize data.
Network Administrator - Manage an organization's computer networks.
IT Technician - Provide general desktop and printer support for a company and/or its clients, or they provide network support.
Security Administrator - Installs, administers, and troubleshoots an organization's security solutions.
Network Engineer - Design, build, implement and maintain the computer networks businesses and organizations use.
Entry-Level Job Titles (Cybersecurity)
--------------------------------------
Information Security Analyst - Plan, implement, upgrade, or monitor security measures for the protection of computer networks and information.
Junior Penetration Tester - Hired by a client to bypass or defeat security controls.
Cybersecurity (Security) Technician / Specialist - Protects computer assets by establishing and documenting access; maintaining files.
Cyber Crime Analyst/Investigator - Information security professionals who use their skills and background knowledge in areas like network administration or network engineering to help counter the activities of cyber criminals such as hackers and developers of malicious software.
Incident Analyst/Responder - Require an understanding of security operations, a solid foundation of technical skills related to information and network security, and strong communication skills.
IT Auditor - Responsible for analyzing and assessing a company’s technological infrastructure to ensure processes and systems run accurately and efficiently, while remaining secure and meeting compliance regulations.
Mid-Level
----------
Cybersecurity Engineer (systems): ensures memory is handled safely, ensures interfaces are implemented securely, etc
Cybersecurity Engineer (Web): ensures web apps utilize frameworks or architecture paradigms that are resistant to CSRF/XSS/SQL injection attacks (using tokens, MVC frameworks, input validation, etc.), ensures imported libs are trustworthy, etc.
DevSecOps Engineer: largely operates in the IT security space, automates security tasks and functions in a security orchestration position
Cybersecurity Analyst - Information technology professional whose primary function is to protect organizations from cyber attacks and respond swiftly to restore protection if compromised.
Cybersecurity Consultant - Responsible for keeping a client’s data suitably protected and free from the risk of cyber attacks and related problems
Penetration & Vulnerability Tester - Highly skilled security specialists that spend their days attempting to breach computer and network security systems.
Cybersecurity Architect - Combines hardware and software knowledge with programming proficiency, research skills, and policy development.
Advanced-Level
---------------
Cybersecurity Manager / Admininstrator - Require an advanced understanding of information security concepts, security operations and information assurance, as well as risk management and project management skills.
Reverse Engineer(RE)/Malware Analyst: decompiles software and uses this information to determine the function or security flaws of target software. Often participates as a member of an Incident Response Team or sometimes even a red team. Probably has a background in OS or embedded/systems development, and in-depth knowledge of assembly code for the target processor architecture
Penetration Tester/Red Team Developer (SWE): May participate on a red team, building utilities and chaining tools that are configured for a specific target. Builds out software for C2 infrastructure. (example, chains a browser exploit, image parser exploit, and OS exploit, then executes code that maintains persistence and elevates privileges)
Career Websites
-------------------------
[Indeed](http://www.indeed.com/)
[Ziprecruiter](https://www.ziprecruiter.com/)
[Glassdoor](https://www.glassdoor.com/index.htm)
[Monster](https://www.monster.com/)
[Chegg](https://www.chegg.com/internships/)
[SimplyHired](https://www.simplyhired.com/)
[CareerBuilder](https://www.careerbuilder.com/)
[USAJobs](https://www.usajobs.gov/)
[NSA Jobs](https://apply.intelligencecareers.gov/home)
[FBI Jobs](https://apply.fbijobs.gov/)
*Google job search (etc. cybersecurity jobs [city name])*
*Job search on company websites*
How Do I....
------------
**Learn About Vulnerabilities:**
[HACKSPLAINING](https://www.hacksplaining.com/lessons)
**Learn About Kali Linux (Pen-testing OS):**
[Kali Linux Revealed Course](https://kali.training/courses/kali-linux-revealed/)
[tutorialspoint - Kali Linux](https://www.tutorialspoint.com/kali_linux/index.html)
**Learn About Parrot (Pen-testing OS):**
[tutorialspoint - Parrot](https://www.tutorialspoint.com/parrot/index.html)
[Parrot Linux Documentation](https://docs.parrotlinux.org/#documentation)
**Learn About BlackArch (Hacking OS):**
[BlackArch Linux Installation](https://www.blackarch.org/blackarch-install.html)
[The BlackArch Linux Guide](https://blackarch.org/blackarch-guide-en.pdf)
[uthena BlackArch Linux Course](https://uthena.com/courses/blackarch-linux) (Paid)
**Practice Linux Skills:**
[OverTheWire - Bandit](https://overthewire.org/wargames/bandit/)
**Practice CTF (Capture The Flag) Skills:**
[picoCTF](https://www.picoctf.org/) (Free)
[Cyber Skyline / National Cyber League](https://cyberskyline.com/events/ncl) (Paid)
[CTFlearn](https://ctflearn.com/) (Free)
[Hacker101](https://ctf.hacker101.com/) (Free)
**Practice Penetration Testing:**
[HACKTHEBOX](https://www.hackthebox.eu/) (Free/Paid)
[TryHackMe](https://tryhackme.com/) (Free/Paid)
[PentesterAcademy](https://www.pentesteracademy.com/onlinelabs) (Paid)
**Watch Videos Related To Hacking:**
[Youtube - ITProTV](https://www.youtube.com/channel/UC-8Ba047kFinfgp3sO53qcA)
[Youtube - The Cyber Mentor](https://www.youtube.com/channel/UC0ArlFuFYMpEewyRBzdLHiw)
[Youtube - BLACK ARCH LINUX TUTORIAL PLAYLIST](https://www.youtube.com/playlist?list=PLRCfGWSPoev68hGDQlGM0DHHhpCOaIu4K)
[Youtube - LiveOverflow](https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w)
**Watch Hackthebox Write-Ups:**
[Youtube - IppSec](https://www.youtube.com/channel/UCa6eh7gCkpPo5XXUDfygQQA)
[Youtube - HackerSploit](https://www.youtube.com/c/HackerSploit/videos)
**Learn MITRE ATT&CK**
[MITRE Website](https://attack.mitre.org/resources/getting-started/)
[MITRE Website - Training](https://attack.mitre.org/resources/training/cti/)
[Rapid 7 - MITRE ATT&CK](https://www.rapid7.com/fundamentals/mitre-attack/)
**Learn Reverse Engineering**
[MALWARE UNICORN](https://malwareunicorn.org/#/workshops)
**Practice Reverse Engineering**
[Binary Ninja](https://binary.ninja/)
[IDA Freeware](https://www.hex-rays.com/products/ida/support/download_freeware/)
[Radare](https://www.radare.org/r/)
**Learn PowerShell**
[Microsoft Documentation - PowerShell](https://docs.microsoft.com/en-us/powershell/scripting/learn/more-powershell-learning?view=powershell-7)
[PowerShell Tutorial](https://powershelltutorial.net/home/)
[tutorialspoint - PowerShell](https://www.tutorialspoint.com/powershell/index.htm)
**Learn Shell-Script**
[Shell Scripting Tutorial by Steve Parker](https://www.shellscript.sh/)
[Shell Scripting Tutorial](https://www.tutorialspoint.com/unix/shell_scripting.htm)
[Introduction to shell scripts](https://openclassrooms.com/en/courses/43538-reprenez-le-controle-a-laide-de-linux/42867-introduction-aux-scripts-shell)
Subreddits
----------------
[r/netsec](https://www.reddit.com/r/netsec/)
[r/cybersecurity](https://www.reddit.com/r/cybersecurity/)
[r/hacking](https://www.reddit.com/r/hacking/)
Blogs
------------
[PortSwigger](https://portswigger.net/daily-swig)
[SECURITYNEWSWIRE](https://securitynewswire.com/index.php/Home)
[ALL INFOSEC NEWS](https://allinfosecnews.com/)
[Threatpost](https://threatpost.com/)
[BleepingComputer](https://www.bleepingcomputer.com/)
[Hacking](https://www.theguardian.com/technology/hacking)
[Dark Reading](https://www.darkreading.com)
[Cyberscoop](https://www.cyberscoop.com)
[The Hacker News](https://thehackernews.com/)
[SANS Internet Storm Center, InfoCON: green](https://isc.sans.edu)
[binary foray](https://binaryforay.blogspot.com/)
[Troy Hunt's Blog](https://www.troyhunt.com/)
[Hexacorn Ltd](http://www.hexacorn.com/blog)
[Cyber Wardog Lab](https://cyberwardog.blogspot.com/)
[Project Zero](https://googleprojectzero.blogspot.com/)
[Another Forensics Blog](http://az4n6.blogspot.com/)
[Schneier on Security](https://www.schneier.com/blog/)
[Windows Incident Response](http://windowsir.blogspot.com/)
[DFIR and Threat Hunting](http://findingbad.blogspot.com/)
[ToolsWatch.org – The Hackers Arsenal Tools Portal](http://www.toolswatch.org)
[Krebs on Security](https://krebsonsecurity.com)
[Megabeets](https://www.megabeets.net)
[Didier Stevens](https://blog.didierstevens.com)
[This Week In 4n6](https://thisweekin4n6.com)
Podcasts
--------
[The CyberWire Daily](https://podcasts.apple.com/us/podcast/the-cyberwire-daily/id1071831261)
[SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast](https://podcasts.apple.com/podcast/id304863991)
[Down the Security Rabbithole Podcast](https://podcasts.apple.com/us/podcast/down-the-security-rabbithole-podcast/id466659176)
[Recorded Future - Inside Security Intelligence](https://podcasts.apple.com/us/podcast/recorded-future-inside-security-intelligence/id1225077306)
[Defensive Security Podcast](https://podcasts.apple.com/us/podcast/defensive-security-podcast-malware-hacking-cyber-security/id585914973)
[Brakeing Down Security](https://www.brakeingsecurity.com/)
[Malicious Life](https://malicious.life/)
[Darknet Diaries](https://darknetdiaries.com/)
[Hacking Humans](https://thecyberwire.com/podcasts/hacking-humans)
[Caveat - Cyber Law and Policy](https://thecyberwire.com/podcasts/caveat)
[SANS Blueprint](https://www.sans.org/blueprint-podcast)
[Grumpy Old Geeks](https://gog.show/)
[Detections](https://www.detections.org/)
[Industrial Security Podcast](https://waterfall-security.com/scada-security/podcasts-on-ics-cybersecurity/)
[Beers with Talos](https://talosintelligence.com/podcasts/shows/beers_with_talos)
Certifications
---------------
*Certifications are a way to get HR's eye. From my understanding, it DOES NOT replace a College/University Degree.*
(Source: https://www.pauljerimy.com/OC/Security%20Certification%20Progression%20Chart%20v7.0.png)
OWASP
---------------
The OWASP® Foundation works to improve the security of software through its community-led open source software projects, hundreds of chapters worldwide, tens of thousands of members, and by hosting local and global conferences.
- OWASP Web Security Testing Guide :
The Web Security Testing Guide (WSTG) Project produces the premier cybersecurity testing resource for web application developers and security professionals.
The WSTG is a comprehensive guide to testing the security of web applications and web services. Created by the collaborative efforts of cybersecurity professionals and dedicated volunteers, the WSTG provides a framework of best practices used by penetration testers and organizations all over the world.
[wstg-v4.2](https://github.com/OWASP/wstg/releases/download/v4.2/wstg-v4.2.pdf)
- OWASP Mobile Security Testing Guide
We are writing a security standard for mobile apps and a comprehensive testing guide that covers the processes, techniques, and tools used during a mobile app security test, as well as an exhaustive set of test cases that enables testers to deliver consistent and complete results.
[MSTG-EN](https://github.com/OWASP/owasp-mstg/releases/download/1.1.3-excel/MSTG-EN.pdf)
[OWASP_MASVS-v1.2-en](https://github.com/OWASP/owasp-masvs/releases/download/v1.2/OWASP_MASVS-v1.2-en.pdf)
- OWASP Application Security Verification Standard
The primary aim of the OWASP Application Security Verification Standard (ASVS) Project is to provide an open application security standard for web apps and web services of all types.
The standard provides a basis for designing, building, and testing technical application security controls, including architectural concerns, secure development lifecycle, threat modelling, agile security including continuous integration / deployment, serverless, and configuration concerns.
[OWASP.Application.Security.Verification.Standard.4.0.2](https://github.com/OWASP/ASVS/releases/download/v4.0.2_release/OWASP.Application.Security.Verification.Standard.4.0.2-en.pdf)
Cheat Sheets
------------
**Nmap and Nessus** (Source: https://cdn.comparitech.com/wp-content/uploads/2019/06/Nmap-Nessus-Cheat-Sheet.jpg)
**Wireshark** (Source: https://cdn.comparitech.com/wp-content/uploads/2019/06/Wireshark-Cheat-Sheet-1.jpg)
**Hacking Tools** (Source https://blog.compass-security.com/wp-content/uploads/2019/10/hacking_tools_cheat_sheet_v1.0-0.png)
**Hacking Tools P.2** (Source https://blog.compass-security.com/wp-content/uploads/2019/10/hacking_tools_cheat_sheet_v1.0-1.png)
Sources
---------
[best entry level cyber security jobs](https://startacybercareer.com/best-entry-level-cyber-security-jobs/)
[what is an it technician](https://www.indeed.com/career-advice/finding-a-job/what-is-an-it-technician)
[network administrator-525818](https://www.thebalancecareers.com/network-administrator-525818)
[Database_administrator](https://en.wikipedia.org/wiki/Database_administrator)
[what does a system administrator do](https://www.indeed.com/career-advice/careers/what-does-a-system-administrator-do)
[how to land an entry level cybersecurity job](https://securityintelligence.com/how-to-land-an-entry-level-cybersecurity-job/)
[security-administrator-job-description](https://www.betterteam.com/security-administrator-job-description)
[iHcJHP.png](https://i.lensdump.com/i/iHcJHP.png)
[system security technician job description](https://hiring.monster.com/employer-resources/job-description-templates/system-security-technician-job-description/)
[pathway](https://www.cyberseek.org/pathway.html)
[how to become a cyber security analyst](https://www.indeed.com/career-advice/career-development/how-to-become-a-cyber-security-analyst)
[cyber intelligence analyst-2071296](https://www.thebalancecareers.com/cyber-intelligence-analyst-2071296)
[incident responder](https://www.infosecinstitute.com/roles/incident-responder/)
[it auditor role defined](https://www.cio.com/article/3346029/it-auditor-role-defined.html)
[cyber security consultant](https://www.fieldengineer.com/skills/cyber-security-consultant)
[cybersecurity manager](https://www.infosecinstitute.com/roles/cybersecurity-manager/)
[cyber security engineer job description](https://www.betterteam.com/cyber-security-engineer-job-description)
Acknowledgements
------------------
I want to give a big shoutout to my partner on this document Jalan (JayCruzer17) for assisting me with creating and maintaining this document. I also want to give credit to those on the r/cybersecurity subreddit for giving me feedback on the document. I had made a [post on reddit](https://www.reddit.com/r/cybersecurity/comments/jm7np0/made_a_page_on_github_meant_for_people_jumping/) and I would like to thank all the comments for giving feedback in one area or another. In addition, I would like to thank the individuals doing pull requests on this document with additional links/information that I might have overlooked. Without the aforementioned people, this document will not be where it is now.