Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/infosec-shinobi/awesome-cybersecurity-practice

A curated list of resources that can be leveraged to enhance and/or keep your skill set up in the cybersecurity field.
https://github.com/infosec-shinobi/awesome-cybersecurity-practice

List: awesome-cybersecurity-practice

Last synced: 16 days ago
JSON representation

A curated list of resources that can be leveraged to enhance and/or keep your skill set up in the cybersecurity field.

Awesome Lists containing this project

README

        

# awesome-cybersecurity-practice

A curated list of resources that can be leveraged to enhance and/or keep your skill set up in the cybersecurity field. If you need assistance figuring out what to learn next, you can leverage this [mind map](https://roadmap.sh/cyber-security) of cybersecurity topics to pick.

## Holiday Challenges

* [https://tryhackme.com/r/christmas](https://tryhackme.com/r/christmas) - annual cyber challenge
* [https://adventofcode.com/](https://adventofcode.com/) - annual coding challenge
* [Sans Holiday Hack Challenge](https://www.sans.org/mlp/holiday-hack-challenge-2023/)

## Active Directory

* [https://adsecurity.org/](https://adsecurity.org/) - learn all things AD security
* [https://github.com/Orange-Cyberdefense/GOAD](https://github.com/Orange-Cyberdefense/GOAD)

## Blogs

* [https://www.blackhillsinfosec.com/blog/](https://www.blackhillsinfosec.com/blog/)
* [https://securitylabs.datadoghq.com/articles/container-security-fundamentals-part-1/](https://securitylabs.datadoghq.com/articles/container-security-fundamentals-part-1/)
* [https://blog.alexellis.io/](https://blog.alexellis.io/)
* [https://www.darkoperator.com/](https://www.darkoperator.com/)

## Books

* Always check your local library for free resources. A lot of libraries offer access to the Libby app which gets you access to a lot of audiobooks and ebooks. They also often offer access to services like oreilly online and linkedin learning videos
* [https://nostarch.com/](https://nostarch.com/)
* [https://www.oreilly.com/](https://www.oreilly.com/)
* [https://www.humblebundle.com/books](https://www.humblebundle.com/books)

## Certificates

* [https://pauljerimy.com/security-certification-roadmap/](https://pauljerimy.com/security-certification-roadmap/) - Cert roadmap for piking a certificate
* [https://www.isc2.org/landing/1mcc](https://www.isc2.org/landing/1mcc) - Free entry level training and cert from ISC^2
* [https://www.sans.org/](https://www.sans.org/)

## Coding

* [https://www.codewars.com/](https://www.codewars.com/)
* [https://leetcode.com/](https://leetcode.com/)
* [https://exercism.org/](https://exercism.org/)
* [https://automatetheboringstuff.com/](https://automatetheboringstuff.com/)
* [https://code.golf/](https://code.golf/)

## Conferences

* [https://queencitycon.org/](https://queencitycon.org/)
* [https://grrcon.com/](https://grrcon.com/)
* [https://defcon.org/](https://defcon.org/)
* [https://blackhat.com/](https://blackhat.com/)
* [https://www.bsidescolumbus.com/](https://www.bsidescolumbus.com/)

## CTFs

* [https://microcorruption.com](https://microcorruption.com) - Focused on embedded devices
* [https://ctf101.org/](https://ctf101.org/) - site for helping you understand components in a ctf and how one might start to tackle them
* [https://picoctf.com/](https://picoctf.com/) - educational ctf
* [https://ringzer0ctf.com/home](https://ringzer0ctf.com/home)
* [https://parrot-ctfs.com/](https://parrot-ctfs.com/)
* [https://online.pwntilldawn.com/Account/Login?ReturnUrl=%2f](https://online.pwntilldawn.com/Account/Login?ReturnUrl=%2f)
* [https://echoctf.red/](https://echoctf.red/)
* [https://ctftime.org/](https://ctftime.org/)

## General CompSci

* [https://teachyourselfcs.com/](https://teachyourselfcs.com/)
* [https://missing.csail.mit.edu/](https://missing.csail.mit.edu/)
* [https://www.opsschool.org/](https://www.opsschool.org/)

## Hands-on Exercises

### Online General

* [http://overthewire.org/](http://overthewire.org/)
* [https://www.hackthebox.com/](https://www.hackthebox.com/)
* [https://kc7cyber.com/](https://kc7cyber.com/)
* [https://www.academy.attackiq.com/](https://www.academy.attackiq.com/)
* [https://tryhackme.com/](https://tryhackme.com/)
* [https://cyberdefenders.org/blueteam-ctf-challenges/](https://cyberdefenders.org/blueteam-ctf-challenges/)
* [https://attackdefense.com/](https://attackdefense.com/)
* [https://pwn.college/](https://pwn.college/)
* [https://cmdchallenge.com/](https://cmdchallenge.com/)
* [https://blueteamlabs.online/](https://blueteamlabs.online/)

### Cloud

* [https://hackingthe.cloud/](https://hackingthe.cloud/)

#### AWS

* [https://github.com/RhinoSecurityLabs/cloudgoat](https://github.com/RhinoSecurityLabs/cloudgoat) - Deploy vulnerable aws resources
* [https://bigiamchallenge.com/challenge/1](https://bigiamchallenge.com/challenge/1) - AWS IAM Challenges
* [http://flaws.cloud/](http://flaws.cloud/) - Vulnerable aws infra
* [http://flaws2.cloud/](http://flaws2.cloud/) - Vulnerable aws infra
* [https://awssecworkshops.com/workshops/](https://awssecworkshops.com/workshops/)
* [https://workshops.aws/](https://workshops.aws/)

### Containers/K8s

* [https://eksclustergames.com/](https://eksclustergames.com/) - k8s ctf via wiz hosted on aws eks
* [https://killercoda.com/killer-shell-ckad](https://killercoda.com/killer-shell-ckad)
* [https://github.com/kelseyhightower/kubernetes-the-hard-way](https://github.com/kelseyhightower/kubernetes-the-hard-way)
* [https://github.com/madhuakula/kubernetes-goat](https://github.com/madhuakula/kubernetes-goat)

### Infra

* [https://github.com/splunk/attack_range](https://github.com/splunk/attack_range) - Tool for creating local or cloud based vulnerable infra
* [https://www.vulnhub.com/](https://www.vulnhub.com/) - vulnerable vms

## Online Courses

* [https://www.cybrary.it/](https://www.cybrary.it/) - Cyber focused video courses
* [https://samsclass.info/](https://samsclass.info/) - Open sourced college courses
* [https://opensecuritytraining.info/Welcome.html](https://opensecuritytraining.info/Welcome.html) - Open sourced security training
* [https://portswigger.net/web-security](https://portswigger.net/web-security)
* [https://devopswithkubernetes.com/](https://devopswithkubernetes.com/)
* [https://ocw.mit.edu/](https://ocw.mit.edu/)
* [https://www.cybrary.it/](https://www.cybrary.it/)

## Mentoring

* [https://nationalcyberleague.org/](https://nationalcyberleague.org/)
* [https://www.uscyberpatriot.org/](https://www.uscyberpatriot.org/)
* [https://www.nationalccdc.org/](https://www.nationalccdc.org/)

## News

* [https://thehackernews.com/search/label/hacking%20news](https://thehackernews.com/search/label/hacking%20news)

## Newsletters

* [https://cloudseclist.com/](https://cloudseclist.com/)
* Weekly newsletter focused on all things cloud native. Variety of topics including blue, red, and purple tactics.
* [https://danielmiessler.com/](https://danielmiessler.com/)
* Weekly
* [https://tldrsec.com/](https://tldrsec.com/)
* Weekly newsletter with stories that cover a wide range of thing broken down into categories which makes it easy for skimming... Usually includes a few new tools or tutorials to research and try out.
* [https://www.sans.org/newsletters/newsbites/](https://www.sans.org/newsletters/newsbites/)
* Sans sponsored newsletter that delivers weekly security news
* [https://www.zetter-zeroday.com/](https://www.zetter-zeroday.com/)
* For fans of research journalism, Kim uses this platform to publish in progress work

## Subreddits

* [https://www.reddit.com/r/blueteamsec/](https://www.reddit.com/r/blueteamsec/)
* [https://www.reddit.com/r/digitalforensics/](https://www.reddit.com/r/digitalforensics/)
* [https://www.reddit.com/r/AskNetsec/](https://www.reddit.com/r/AskNetsec/)
* [https://www.reddit.com/r/ComputerSecurity/](https://www.reddit.com/r/ComputerSecurity/)
* [https://www.reddit.com/r/cybersecurity/](https://www.reddit.com/r/cybersecurity/)
* [https://www.reddit.com/r/hacking/](https://www.reddit.com/r/hacking/)
* [https://www.reddit.com/r/InfoSecNews/](https://www.reddit.com/r/InfoSecNews/)
* [https://www.reddit.com/r/netsec/](https://www.reddit.com/r/netsec/)
* [https://www.reddit.com/r/securityCTF/](https://www.reddit.com/r/securityCTF/)
* [https://www.reddit.com/r/computerforensics/](https://www.reddit.com/r/computerforensics/)
* [https://www.reddit.com/r/OSINT/](https://www.reddit.com/r/OSINT/)