Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/vatsalgupta67/All-In-One-CyberSecurity-Resources
List of CyberSecurity Resources and some different Sub-Domains of CyberSecurity
https://github.com/vatsalgupta67/All-In-One-CyberSecurity-Resources
List: All-In-One-CyberSecurity-Resources
awesome awesome-list binary-exploitation collections cybersecurity exploit-development hacking ics infosec learning penetration-testing prerequisites redteaming resources scada web-application-security
Last synced: 3 months ago
JSON representation
List of CyberSecurity Resources and some different Sub-Domains of CyberSecurity
- Host: GitHub
- URL: https://github.com/vatsalgupta67/All-In-One-CyberSecurity-Resources
- Owner: vatsalgupta67
- Created: 2022-08-31T12:41:09.000Z (about 2 years ago)
- Default Branch: main
- Last Pushed: 2023-09-30T13:44:24.000Z (about 1 year ago)
- Last Synced: 2024-05-23T07:12:26.503Z (5 months ago)
- Topics: awesome, awesome-list, binary-exploitation, collections, cybersecurity, exploit-development, hacking, ics, infosec, learning, penetration-testing, prerequisites, redteaming, resources, scada, web-application-security
- Homepage:
- Size: 115 KB
- Stars: 55
- Watchers: 4
- Forks: 8
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- ultimate-awesome - All-In-One-CyberSecurity-Resources - List of CyberSecurity Resources and some different Sub-Domains of CyberSecurity . (Other Lists / PowerShell Lists)
README
# All-In-One-CyberSecurity-Resources - LOT MORE COMING !!
List of CyberSecurity Resources with some different Sub-Sets of CyberSecurity.
## To the community, by the community and for the community.
# ***Made with :heart: in :india:***
# Vision
A common updated repo for all, which acts as a pyramid for various sub-sets, walkthroughs, starting points, contents and other new or demanding resources in industry. **Consists of all free and publicly available resources**
**We are here to help beginners for initializing their access in industry!!**
# Index
* [Important-Key-Points](https://github.com/vatsalgupta67/All-In-One-CyberSecurity-Resources#some-important-key-points-in-industry)
* [Prerequisites for CyberSecurity](https://github.com/vatsalgupta67/All-In-One-CyberSecurity-Resources#prerequisites-for-cybersecurity)
* [Programming Languages Suggestion](https://github.com/vatsalgupta67/All-In-One-CyberSecurity-Resources#our-suggestion-on-programming-languages)
* [Computer Networking](https://github.com/vatsalgupta67/All-In-One-CyberSecurity-Resources/tree/main#computer-networking)
* [Common-CyberSecurity-Resources](https://github.com/vatsalgupta67/All-In-One-CyberSecurity-Resources/blob/main/README.md#common-cybersecurity-resources)
* [ICS/SCADA Operations](https://github.com/vatsalgupta67/All-In-One-CyberSecurity-Resources/blob/main/README.md#icsscada-operations)
* [Red Team Operations/Adversary Emulation](https://github.com/vatsalgupta67/All-In-One-CyberSecurity-Resources/blob/main/README.md#red-team-operationsadversary-emulation)
* [Web-Application-Pentesting](https://github.com/vatsalgupta67/All-In-One-CyberSecurity-Resources/blob/main/README.md#web-application-pentesting)
* [Exploit-Development](https://github.com/vatsalgupta67/All-In-One-CyberSecurity-Resources/blob/main/README.md#exploit-development)
#### **Respect to original creators who worked really hard for creating Aweasome Resources for our Industry -**
## Some important key points in industry
* ###### Programming is the key element of everything and you must know, atleast understand some programs first.
* ###### CyberSecurity is not difficult at all, just a misconception.
* ###### Computer Networking is soul of IT.
* ###### *Curiosity* makes individual successful.
* ###### Skill matters not degrees.
# Prerequisites for CyberSecurity
## ***OffSec says you must try harder!!! - Abosolutely NOT, "YOU MUST TRY SMARTER"***
###### well, you should know these things mentioned below -
1. Linux, windows command line(cmd - powershell) and file system - **Youtube is full of both :)**
2. Programming - Start with python then, you'll get the idea in future - **FreeCodeCamp(Youtube)**
3. Cryptography basics - I will recommend you to do this - **Same answer youtube**.
4. Technical skills - example memory, cpu, bios, dealing with harware components aswell as basic technical operations - ***Internet is your friend:)***
5. Computer Networking - *Something you must know* - **Again same answer, it's Youtube**.
6. Research or Googling - *Very Important in CyberSecurity*.
# *Our suggestions on Programming Languages*
## Beginners
* Python - According to us, we'll suggest to learn Python first
## Intermediate - in Corporate Networks
* Python
* Bash
* C - Atleast basics are **good**
* SQL
* JavaScript (basics) - Web related
* PHP (basics) - Web related
* Powershell - Some understanding is **Good**
## Anyone who's addicted to CyberSecurity :computer: :electric_plug: -
* Python (Recommended to all)
* SQL (Recommended to all)
* C Recommended to all
* Bash (Recommended to all)
* Csharp (Recommended to offensive or Red Team ops)
* C++ (MOSTLY recommended to Red Team Ops, malware developers or Researchers)
* Assembly - (Mostly to Red Team Ops, Exploit Developers and Reverse Engineers)
* Ruby ( Interest Based)
* Perl (Interest Based)
* Go (Interest Based)
* JavaScript (basic) - Web-Apps Pentesters
* Nim - Interest based or Red Team Ops
* Powershell - Recommended to all
* PHP (basic) - Web-Apps Pentesters
* nodejs ( Recommended to WebApps Pentesters ....) - Nowdays, Corporates started moving towards nodejs rather than PHP
* Lua ( Interest Based......)
* Java (Mostly to Android Application Pentesters)
* Some Basic knowledge of visual basic, Powershell scripting (MOSTLY Red Team Ops) - Basically Windows based languages [***OPTIONAL, But you should be good in googling then it's optional for you. Sometimes we just need to ready our things on research basis***]
# *Common CyberSecurity Resources*
## Youtube Channels
* [English Youtube Channels](https://github.com/vatsalgupta67/All-in-one-CyberSecurity-Resources/blob/main/Common-English-Youtube-Channels)
* [Hindi youtube channels](https://github.com/vatsalgupta67/All-in-one-CyberSecurity-Resources/blob/main/Common-Hindi-Youtube-Channels)
## Websites
* [Hackers-arise](https://www.hackers-arise.com) by an amazing person - Occupy The Web
* [Hacking Articles](https://www.hackingarticles.in) by Ignite Technologies India
* [Null-Byte](https://null-byte.wonderhowto.com)
* [HackerSploit](https://hackersploit.org)
* [Sevagas](https://blog.sevagas.com)
* [Ehacking](https://www.ehacking.net)
* [sans free community resources](https://www.sans.org/security-resources/?msc=main-nav)
* [Hacksplaining](https://www.hacksplaining.com)
* [LiveOverflow](https://liveoverflow.com)
* [Infinite Logins](https://infinitelogins.com)
* [Zsecurity](https://zsecurity.org/hacking-and-security)
## Best labs
* TryHackMe
* HackTheBox
* HackThisSite
* Proving Grounds
* VulnHub
* Setup your own VM Environment
## Simple GitHub CyberSecurity - Penetesting Repos
* [Aweasome-CyberSecurity](https://github.com/fabionoth/awesome-cyber-security)
* [Aweasome-Pentest](https://github.com/enaqx/awesome-pentest)
* [Penetration-Testing](https://github.com/wtsxDev/Penetration-Testing)
* [Penetration-Testing-Tools](https://github.com/mgeeky/Penetration-Testing-Tools)
* [Public-Pentesting-Reports](https://github.com/juliocesarfort/public-pentesting-reports)
* [Beginners-Network-Pentesting](https://github.com/hmaverickadams/Beginner-Network-Pentesting)
* [Hacker-Roadmap](https://github.com/sundowndev/hacker-roadmap)
* [Web-Pentesting-Scratch](https://github.com/PacktPublishing/Learn-Website-Hacking-Penetration-Testing-From-Scratch)
* [Awesome-Pentest-Cheetsheet](https://github.com/coreb1t/awesome-pentest-cheat-sheets)
* [Awesome-Security](https://github.com/sbilly/awesome-security)
* [Personal-Security](https://github.com/Lissy93/personal-security-checklist)
* [Awesome-Cyber-Skills](https://github.com/joe-shenouda/awesome-cyber-skills)
* [Awesome-Hacking](https://github.com/carpedm20/awesome-hacking)
* [Awesome-Cyber-Security](https://github.com/okhosting/awesome-cyber-security)
* [awesome-cybersec](https://github.com/theredditbandit/awesome-cybersec)
* [Awesome-Security](https://github.com/mbcrump/awesome-security)
* [Awesome-Blue-Team-CyberSecurity](https://github.com/fabacab/awesome-cybersecurity-blueteam)
* [Awesome-Infosec](https://github.com/onlurking/awesome-infosec)
* [CyberSecurity](https://github.com/harisqazi1/Cybersecurity)
* [NIST CyberSecurity Resources](https://www.nist.gov/itl/applied-cybersecurity/nice/resources/online-learning-content)
## Podcasts
* [Delinea](https://delinea.com/events/podcasts)
* [Infosec-live](https://www.youtube.com/c/infoseclive/featured)
* [Darknet-Diaries](https://darknetdiaries.com)
* [TheCyberWire](https://thecyberwire.com) - Huge collection of Podcasts
* [Red-Team-Podcasts](https://www.podchaser.com/podcasts/red-team-podcast-585628)
* [social-engineer](https://www.social-engineer.org/podcasts)
* [sans-podcast](https://isc.sans.edu/podcast)
* [Hacker-valley](https://hackervalley.com)
* [CyberSecurity-Today](https://podcasts.apple.com/us/podcast/cybersecurity-today/id1363182054)
## Platforms
1. ***Cybrary***
2. ***ITProTv***
3. ***EC-Council's Codered***
4. ***OPSWAT Academy***
5. ***Udemy***
6. ***PluralSight***
7. ***Edx***
8. ***Coursera***
9. ***FutureLearn***
10. ***Sans Community***
11. ***YouTube***
12. ***Google and Research***
## Conferences
* *BlackHat*
* *DEF CON*
* *NullCon*
* *Hack In The Box*
* *BSides*
* *RSA Conference*
* *ThreatCon*
## InfosecNews and Writeups
* [Dark-Reading](https://www.darkreading.com)
* [ThreatPost](https://threatpost.com)
* [The Hacker News](https://thehackernews.com)
* [Infosec-Writeups](https://infosecwriteups.com/tagged/medium)
* [Ctf-Writeups](https://medium.com/ctf-writeups/tagged/cybersecurity)
* [ThreatNinja](https://threatninja.net) - HTB CTF WriteUps
* [GbHackers](https://gbhackers.com)
## Some CyberSecurity Search Engines
#### Credits - [Julien Provenzano](https://www.linkedin.com/in/julienprovenzano)
1. Pipl --- Personal information
2. Censys --- Network mapping service
3. CRT sh --- URL Certificate report
4. Cyber Background Checks --- Personal information
5. DeHashed --- Personal information
6. Grep App --- GIT Map
7. Keyword Shitter --- Marketing keyword
8. Google AdWords --- Marketing keyword
9. GrayHatWarefare --- searchable database of open S3 buckets
10. EPIEOS --- Personal information
11. FullHunt --- URL IP report
12. HaveIBeenPwned --- Personal information
13. Hunter --- Email report
14. Intelligence x --- Email IP report
15. Keyword Tool --- Marketing keyword
16. KWFinder --- Marketing keyword
17. LeakIX --- URL IP Report
18. Firefox Monitor --- Personal information
19. Natlas --- IP Scanner
20. Netlas --- IP Scanner
21. Nuclear Leaks --- Directory
22. OSINT Framework --- Directory
23. Packet Storm Security --- Exploits database
24. PolySwarm --- URL Files Report
25. PublicWWW --- Marketing keyword
26. Pulsedive --- URL IP Report
27. SecurityTrails --- URL IP Report
28. Tineye --- Reverse Image
29. URL Scan --- URL IP Report
30. Vulners --- Exploits database
31. Binary Edge --- IP Report
32. Criminal IP --- IP Report
33. Grey Noise --- IP Report
34. Keyword discover --- Marketing keyword
35. Onyphe --- IP Report
36. Shodan --- Internet Of Things (IoT)
37. ZoomEye --- Network mapping service
38. WiGLE --- Wifi Map
39. OSINT-Link --- Directory
40. SignalHire --- Personal information
41. sploitus --- Exploits database
42. exploit-db --- Exploits database
43. CVE Details --- Exploits database
44. nmmapper --- Exploits database
45. Vulmon --- Exploits database
46. exploits.shodan --- Exploits database
47. vulnerability-lab --- Exploits database
48. Airport webcams --- Webcam
49. Insecam --- Webcam
50. Lookr --- Weather
51. Earthcam --- Webcam
52. Opentopia --- Webcam
53. Pictimo --- Webcam
54. Webcam-nl (NL) --- Webcam
55. Webcams-travel --- Webcam
56. Worldcam --- Webcam
#### Search Engines - Github
[Awesome-Search-Engines](https://github.com/edoardottt/awesome-hacker-search-engines)
## CyberSecurity Documentaries
#### Credits [Joas A Santos](https://www.linkedin.com/in/joas-antonio-dos-santos) and [Pentest-Tools](https://pentest-tools.com)
Youtube-Playlist - https://www.youtube.com/watch?v=ZHl0WI32XkY&list=PLLUQRPAOwP1gCZ9DdsSlWwOKNNI6ADRT3
# *Computer Networking*
## Networking topics for CyberSecurity
* *IP Addressing - IPv4,IPv6*
* *Subnetting & CIDR Notation*
* *MAC Addressing & why we use*
* *What is ISP*
* *TCP/IP Model*
* *OSI Model ( Reference or to understand only)*
* *Wide Area Network, lan Area Network, Personal Area Network, Metropolitan Area Network*
* *Accces Point, Router, WIFI Technology*
* *Maximum Trnsmitting Unit ( MTU )*
* *TCP 3 way handshake*
* *UDP*
* *ICMP*
* *DNS protocol*
* *ARP*
* *Broadcasting*
* *Bits,Bytes & data packet architecture*
* *Fragmentation*
* *VPN & Socks proxy*
* *DNS servers like cloudflare, google, default etc*
* *Routing*
* *Port nummbers & services*
* *FTP*
* *SMTP, POP3, IMAP*
* *HTTP,HTTPS*
* *Understand urls*
* *Port forwarding*
* *Packet Header Form*
* *As I listed services like DNS, SMTP, HTTPS, SNMP, DHCP etc* - ***keep learning many of them time to time***
* *Network Topology*
* *Physical Network cables*
* *Firewalls, Intrusion detection system ( IDS ), Intrusion Prevention system ( IPS )* - ***workings, use & types***
# *ICS/Scada Operations*
## Basics of ICS Pentesting (Paid/Free) -
### Paid
* [Fundamentals of ICS/SCADA CyberSecurity](https://www.udemy.com/course/fundamentals-of-ot-cybersecurity/) - ***Definately recommend it. if you want to understand faster and everything is covered there.!!!***
### Free
* **What is ICS, Scada, HMI mainly.**
* **understand concept of MTU, RTU.**
* **Difference between IT and OT Security and what's the main difference in both compared to other.***
* **OT is vulnerable in nature but what makes it vulnerable and why we can't resolve it by encryption.**
* **Understand ICS protocols for example Modbus, S7, Profinet, Profibus and various other.**
#### ***IMPORTANT - We can infiltrate in ICS as per configured environment and all depends on the victim's environment. you just have to explore many amazing things by yourself :) (just research)***
## Learning Resources!!
* [Practical Industrial Control System Penetration Testing - Udemy](https://www.udemy.com/course/practical-ics-pentesting) - Recommended
* [Hacker-Arise-Scada](https://www.hackers-arise.com/scada-hacking) - Recommedended
* [ICS-Pentesting-Tools](https://github.com/kh4sh3i/ICS-Pentesting-Tools)
* [Awesome-IndustryControlSystems](https://github.com/hslatman/awesome-industrial-control-system-security)
* [ICS-Security-Tools](https://github.com/ITI/ICS-Security-Tools)
* [ICS-Hacking](https://github.com/miguelob/ICS-Hacking)
* [Aweasome-ICS-WriteUps](https://github.com/neutrinoguy/awesome-ics-writeups)
* [Awesome-IOT-ICS](https://github.com/reaperb0t/awesome-iot-ics-embed-pentest) - Combined short tutorials of both ICS and IOT
* [Infosec-reference-Scada](https://github.com/rmusser01/Infosec_Reference/blob/master/Draft/SCADA.md#talks)
* [ICS-Pentesting-Youtube](https://youtube.com/playlist?list=PLYXlhBJ7y2_CVdbG8YGmkhJHQLsquxbu2) - Watch this too
* [SANS ICS](https://www.youtube.com/c/SANSICSsecurity/featured) - youtube
* [ICS Village](https://www.youtube.com/c/ICSVillage/featured) - youtube
* [plcprofessor](https://www.youtube.com/user/plcprofessor)
* [Brian Douglas](https://www.youtube.com/user/ControlLectures/videos)
* [Rick-Cen-Youtube](https://www.youtube.com/c/RickCenOT)
* [How to Pentest ICS Environments](https://security.packt.com/how-to-pentest-ics-environments)
* [Pentesting-ICS-Systems--Overview](https://resources.infosecinstitute.com/topic/pentesting-ics-systems/) - by Infosec Institute
* [Pentesting-ICS-Systems--Methodology](https://security.packt.com/how-to-pentest-ics-environments) - recommended
* [scadahacker](https://scadahacker.com)
* [ICS cybersecurity academy](https://ics-cybersecurity.academy)
* [Cutaway-Security](https://www.youtube.com/channel/UCIYSTYxNT3D6wVFVi5r5uaA/featured) - youtube
* [Cutaway-Security-Github](https://github.com/cutaway-security)
* [A Collection of Resources for Getting Started in ICS/SCADA Cybersecurity](https://www.robertmlee.org/a-collection-of-resources-for-getting-started-in-icsscada-cybersecurity)
* [controlthings.io](https://www.controlthings.io/home)
* [ICS and PLC Pentesting and Hacking](https://github.com/miguelob/ICS-Hacking)
* [Free Industrial Control System (ICS) Cyber Security Training Course](https://instrumentationtools.com/free-industrial-control-system-ics-cyber-security-training-course)
* [CISA Training](https://www.cisa.gov/ics-training-available-through-cisa) - Recommended
* [CISA's Training Portal](https://ics-training.inl.gov/learn) - Recommended
## ICS Books
* Pentesting Industrial Control Systems - Packt publishing.
* Industrial Cybersecurity: Efficiently monitor the cybersecurity posture of your ICS environment - Packt publishing.
* Hacking Exposed Industrial Control Systems: ICS and SCADA Security Secrets & Solutions - Multiple Authors.
# *Red Team Operations/Adversary Emulation*
## Basics for Red Team Ops
* **Be familiar with Network Pentesting ( till privilege escalation, post-exploitation and clearing tracks. This gonna help you in Red Team Methodology, so you may able to adopt things more deeper )** .
* **Requires practice and deep understanding cause Red Team Operations are totally Real-World and there's tons of things to explore !!!** .
* **Always be willing to research and learn new things daily** .
* **If you're good with obfuscation before, It might help you in long run** . [OPTIONAL - You can learn or figure-out it after getting into Red-Team Operations too :)]
* **Mindset - Nothing is Secure** .
## Main Resources -
* [Hacking-Articles-Red-Teaming](https://www.hackingarticles.in/red-teaming) - Most updated with deep knowledge
* [RedTeaming-Toolkit](https://github.com/infosecn1nja/Red-Teaming-Toolkit)
* [oddvar.moe](https://oddvar.moe/)
* [Awesome-Red-Teaming-Resources](https://github.com/yeyintminthuhtut/Awesome-Red-Teaming)
* [Red-Team-OffensiveSecurity](https://github.com/bigb0sss/RedTeam-OffensiveSecurity)
* [Awesome-Red-Team-Operations](https://github.com/CyberSecurityUP/Awesome-Red-Team-Operations)
* [Red-Teaming/Adversary-Emulation](https://0x1.gitlab.io/pentesting/Red-Teaming-Toolkit)
* [Red-Team-Infrastructure-Wiki](https://github.com/bluscreenofjeff/Red-Team-Infrastructure-Wiki#further-resources)
* [Adversary-Emulation-Library](https://github.com/center-for-threat-informed-defense/adversary_emulation_library)
* [MITRE ATT&CK®](https://attack.mitre.org) - Must read & adopt in Red Team Operations to sharpen your skills, always be curious and ready to Emulate
* [awesome-red-teaming](https://github.com/an4kein/awesome-red-teaming)
* [Red-Teaming-Toolkit-Collection](https://0xsp.com/offensive/red-teaming-toolkit-collection)
* [SANS Offensive Operations](https://www.youtube.com/c/SANSOffensiveOperations)
* [Sevagas](https://blog.sevagas.com)
# *Web-Application Pentesting*
## *Basics for Web-App Pentesting!!*
* **If you understand HTML, JavaScript, Node.JS, Java and PHP. It'll always be an upper hand for you.**
* **Web sometimes can be confusing, follow a methodology to do properly.**
* **Atleast get familiar with basic types of web-attacks and vulnerabilities.**
## Main Resources -
* [Portswigger-Academy](https://portswigger.net) - Practical learning
* [Web-Application-Pentesting](https://sango667.medium.com/resources-for-web-application-penetration-testing-95f64bb8333f) - Medium writeups for beginners to level-up.
* [Web-Tools-Resources](https://gbhackers.com/web-application-security-tools-resources)
* [Awesome-Web-Hacking](https://github.com/infoslack/awesome-web-hacking)
* [Awesome-Web-Security](https://github.com/qazbnm456/awesome-web-security)
* [Web-Checklists](https://github.com/Hari-prasaanth/Web-App-Pentest-Checklist)
* [Web-Security-Roadmap](https://medium.com/@rezaduty/web-penetration-testing-roadmap-4e7bb9edf23b)
* [WebSecurity-Stuff](https://relevant.software/blog/penetration-testing-for-web-applications)
* [Owasp-Juice-Shop](https://github.com/juice-shop/juice-shop) - Helps to learn and deal web vulnerabilities.
# Exploit Development (Windows/Linux Both)
## Basics of Exploit Development
* **Be familiar with Assembly Language**
* **Learn some Reverse Engineering first**
* **Fuzzing**
* **Learn something about Zero-Day Vulnerabilities**
* **Debugging ( basics )**
* **What exactly is a shellcode**
* **Basics of C language atleast first**
* **System Architecture like x86, x64**
* **Memory and CPU concepts such as memory addressing, registers and stack**
* **Understand spiking or spike fuzzing**
* **Lots of Motivation to start**
### ***Note - [Prerequisites of Cybersecurity](https://github.com/vatsalgupta67/All-In-One-CyberSecurity-Resources#prerequisites-for-cybersecurity) is needed in all the sub-sets !!!!***
## Resources
* [Exploit-Development-repo](https://github.com/wtsxDev/Exploit-Development)
* [Getting-Started Exploit-Developmemt - Introduction](https://dayzerosec.com/blog/2021/02/02/getting-started.html)
* [LiveOverflow-Youtube](https://www.youtube.com/c/LiveOverflow/featured)
* [Corelan](https://www.corelan.be/)
* [FuzzySecurity](http://fuzzysecurity.com/tutorials.html)
* [Exploit Development](https://github.com/jopraveen/exploit-development)
* [Huge-Exploit-Development](https://github.com/cranelab/exploit-development)
* [CryptoCat-Youtube-Playlist-BinaryExploitation](https://www.youtube.com/watch?v=wa3sMSdLyHw&list=PLHUKi1UlEgOIc07Rfk2Jgb5fZbxDPec94)
* [PinkDraconian-playlist-BinaryExploitation](https://www.youtube.com/watch?v=W5dVsa3__N4&list=PLeSXUd883dhjnFXPf2QA0KnUnJnn9dPWy&index=1)
* [Exploit Development - Cranelab](https://github.com/cranelab/exploit-development)
