List of CyberSecurity Resources with some different Sub-Sets of CyberSecurity.

A common updated repo for all, which acts as a pyramid for various sub-sets, walkthroughs, starting points, contents and other new or demanding resources in industry. Consists of all free and publicly available resources

We are here to help beginners for initializing their access in industry!!

• Important-Key-Points
• Prerequisites for CyberSecurity
• Programming Languages Suggestion
• Computer Networking
• Common-CyberSecurity-Resources
• ICS/SCADA Operations
• Red Team Operations/Adversary Emulation
• Web-Application-Pentesting
• Exploit-Development

• Programming is the key element of everything and you must know, atleast understand some programs first.

• CyberSecurity is not difficult at all, just a misconception.

• Computer Networking is soul of IT.

• Curiosity makes individual successful.

• Skill matters not degrees.

1. Linux, windows command line(cmd - powershell) and file system - Youtube is full of both :)
2. Programming - Start with python then, you'll get the idea in future - FreeCodeCamp(Youtube)
3. Cryptography basics - I will recommend you to do this - Same answer youtube.
4. Technical skills - example memory, cpu, bios, dealing with harware components aswell as basic technical operations - Internet is your friend:)
5. Computer Networking - Something you must know - Again same answer, it's Youtube.
6. Research or Googling - Very Important in CyberSecurity.

• Python - According to us, we'll suggest to learn Python first

• Python

• Bash

• C - Atleast basics are good

• SQL

• JavaScript (basics) - Web related

• PHP (basics) - Web related

• Powershell - Some understanding is Good

• Python (Recommended to all)

• SQL (Recommended to all)

• C Recommended to all

• Bash (Recommended to all)

• Csharp (Recommended to offensive or Red Team ops)

• C++ (MOSTLY recommended to Red Team Ops, malware developers or Researchers)

• Assembly - (Mostly to Red Team Ops, Exploit Developers and Reverse Engineers)

• Ruby ( Interest Based)

• Perl (Interest Based)

• Go (Interest Based)

• JavaScript (basic) - Web-Apps Pentesters

• Nim - Interest based or Red Team Ops

• Powershell - Recommended to all

• PHP (basic) - Web-Apps Pentesters

• nodejs ( Recommended to WebApps Pentesters ....) - Nowdays, Corporates started moving towards nodejs rather than PHP

• Lua ( Interest Based......)

• Java (Mostly to Android Application Pentesters)

• Some Basic knowledge of visual basic, Powershell scripting (MOSTLY Red Team Ops) - Basically Windows based languages [OPTIONAL, But you should be good in googling then it's optional for you. Sometimes we just need to ready our things on research basis]

  

• English Youtube Channels

• Hindi youtube channels

• Hackers-arise by an amazing person - Occupy The Web
• Hacking Articles by Ignite Technologies India
• Null-Byte
• HackerSploit
• Sevagas
• Ehacking
• sans free community resources
• Hacksplaining
• LiveOverflow
• Infinite Logins
• Zsecurity

• TryHackMe
• HackTheBox
• HackThisSite
• Proving Grounds
• VulnHub
• Setup your own VM Environment

• Aweasome-CyberSecurity
• Aweasome-Pentest
• Penetration-Testing
• Penetration-Testing-Tools
• Public-Pentesting-Reports
• Beginners-Network-Pentesting
• Hacker-Roadmap
• Web-Pentesting-Scratch
• Awesome-Pentest-Cheetsheet
• Awesome-Security
• Personal-Security
• Awesome-Cyber-Skills
• Awesome-Hacking
• Awesome-Cyber-Security
• awesome-cybersec
• Awesome-Security
• Awesome-Blue-Team-CyberSecurity
• Awesome-Infosec
• CyberSecurity
• NIST CyberSecurity Resources

• Delinea
• Infosec-live
• Darknet-Diaries
• TheCyberWire - Huge collection of Podcasts
• Red-Team-Podcasts
• social-engineer
• sans-podcast
• Hacker-valley
• CyberSecurity-Today

1. Cybrary
2. ITProTv
3. EC-Council's Codered
4. OPSWAT Academy
5. Udemy
6. PluralSight
7. Edx
8. Coursera
9. FutureLearn
10. Sans Community
11. YouTube
12. Google and Research

• BlackHat
• DEF CON
• NullCon
• Hack In The Box
• BSides
• RSA Conference
• ThreatCon

• Dark-Reading
• ThreatPost
• The Hacker News
• Infosec-Writeups
• Ctf-Writeups
• ThreatNinja - HTB CTF WriteUps
• GbHackers

1. Pipl --- Personal information
2. Censys --- Network mapping service
3. CRT sh --- URL Certificate report
4. Cyber Background Checks --- Personal information
5. DeHashed --- Personal information
6. Grep App --- GIT Map
7. Keyword Shitter --- Marketing keyword
8. Google AdWords --- Marketing keyword
9. GrayHatWarefare --- searchable database of open S3 buckets
10. EPIEOS --- Personal information
11. FullHunt --- URL IP report
12. HaveIBeenPwned --- Personal information
13. Hunter --- Email report
14. Intelligence x --- Email IP report
15. Keyword Tool --- Marketing keyword
16. KWFinder --- Marketing keyword
17. LeakIX --- URL IP Report
18. Firefox Monitor --- Personal information
19. Natlas --- IP Scanner
20. Netlas --- IP Scanner
21. Nuclear Leaks --- Directory
22. OSINT Framework --- Directory
23. Packet Storm Security --- Exploits database
24. PolySwarm --- URL Files Report
25. PublicWWW --- Marketing keyword
26. Pulsedive --- URL IP Report
27. SecurityTrails --- URL IP Report
28. Tineye --- Reverse Image
29. URL Scan --- URL IP Report
30. Vulners --- Exploits database
31. Binary Edge --- IP Report
32. Criminal IP --- IP Report
33. Grey Noise --- IP Report
34. Keyword discover --- Marketing keyword
35. Onyphe --- IP Report
36. Shodan --- Internet Of Things (IoT)
37. ZoomEye --- Network mapping service
38. WiGLE --- Wifi Map
39. OSINT-Link --- Directory
40. SignalHire --- Personal information
41. sploitus --- Exploits database
42. exploit-db --- Exploits database
43. CVE Details --- Exploits database
44. nmmapper --- Exploits database
45. Vulmon --- Exploits database
46. exploits.shodan --- Exploits database
47. vulnerability-lab --- Exploits database
48. Airport webcams --- Webcam
49. Insecam --- Webcam
50. Lookr --- Weather
51. Earthcam --- Webcam
52. Opentopia --- Webcam
53. Pictimo --- Webcam
54. Webcam-nl (NL) --- Webcam
55. Webcams-travel --- Webcam
56. Worldcam --- Webcam

Awesome-Search-Engines

Youtube-Playlist - https://www.youtube.com/watch?v=ZHl0WI32XkY&list=PLLUQRPAOwP1gCZ9DdsSlWwOKNNI6ADRT3

• IP Addressing - IPv4,IPv6
• Subnetting & CIDR Notation
• MAC Addressing & why we use
• What is ISP
• TCP/IP Model
• OSI Model ( Reference or to understand only)
• Wide Area Network, lan Area Network, Personal Area Network, Metropolitan Area Network
• Accces Point, Router, WIFI Technology
• Maximum Trnsmitting Unit ( MTU )
• TCP 3 way handshake
• UDP
• ICMP
• DNS protocol
• ARP
• Broadcasting
• Bits,Bytes & data packet architecture
• Fragmentation
• VPN & Socks proxy
• DNS servers like cloudflare, google, default etc
• Routing
• Port nummbers & services
• FTP
• SMTP, POP3, IMAP
• HTTP,HTTPS
• Understand urls
• Port forwarding
• Packet Header Form
• As I listed services like DNS, SMTP, HTTPS, SNMP, DHCP etc - keep learning many of them time to time
• Network Topology
• Physical Network cables
• Firewalls, Intrusion detection system ( IDS ), Intrusion Prevention system ( IPS ) - workings, use & types

• Fundamentals of ICS/SCADA CyberSecurity - Definately recommend it. if you want to understand faster and everything is covered there.!!!

• What is ICS, Scada, HMI mainly.
• understand concept of MTU, RTU.
• Difference between IT and OT Security and what's the main difference in both compared to other.*
• OT is vulnerable in nature but what makes it vulnerable and why we can't resolve it by encryption.
• Understand ICS protocols for example Modbus, S7, Profinet, Profibus and various other.

• Practical Industrial Control System Penetration Testing - Udemy - Recommended
• Hacker-Arise-Scada - Recommedended
• ICS-Pentesting-Tools
• Awesome-IndustryControlSystems
• ICS-Security-Tools
• ICS-Hacking
• Aweasome-ICS-WriteUps
• Awesome-IOT-ICS - Combined short tutorials of both ICS and IOT
• Infosec-reference-Scada
• ICS-Pentesting-Youtube - Watch this too
• SANS ICS - youtube
• ICS Village - youtube
• plcprofessor
• Brian Douglas
• Rick-Cen-Youtube
• How to Pentest ICS Environments
• Pentesting-ICS-Systems--Overview - by Infosec Institute
• Pentesting-ICS-Systems--Methodology - recommended
• scadahacker
• ICS cybersecurity academy
• Cutaway-Security - youtube
• Cutaway-Security-Github
• A Collection of Resources for Getting Started in ICS/SCADA Cybersecurity
• controlthings.io
• ICS and PLC Pentesting and Hacking
• Free Industrial Control System (ICS) Cyber Security Training Course
• CISA Training - Recommended
• CISA's Training Portal - Recommended

• Pentesting Industrial Control Systems - Packt publishing.
• Industrial Cybersecurity: Efficiently monitor the cybersecurity posture of your ICS environment - Packt publishing.
• Hacking Exposed Industrial Control Systems: ICS and SCADA Security Secrets & Solutions - Multiple Authors.

• Be familiar with Network Pentesting ( till privilege escalation, post-exploitation and clearing tracks. This gonna help you in Red Team Methodology, so you may able to adopt things more deeper ) .

• Requires practice and deep understanding cause Red Team Operations are totally Real-World and there's tons of things to explore !!! .

• Always be willing to research and learn new things daily .

• If you're good with obfuscation before, It might help you in long run . [OPTIONAL - You can learn or figure-out it after getting into Red-Team Operations too :)]

• Mindset - Nothing is Secure .

  

• Hacking-Articles-Red-Teaming - Most updated with deep knowledge
• RedTeaming-Toolkit
• oddvar.moe
• Awesome-Red-Teaming-Resources
• Red-Team-OffensiveSecurity
• Awesome-Red-Team-Operations
• Red-Teaming/Adversary-Emulation
• Red-Team-Infrastructure-Wiki
• Adversary-Emulation-Library
• MITRE ATT&CK® - Must read & adopt in Red Team Operations to sharpen your skills, always be curious and ready to Emulate
• awesome-red-teaming
• Red-Teaming-Toolkit-Collection
• SANS Offensive Operations
• Sevagas

• If you understand HTML, JavaScript, Node.JS, Java and PHP. It'll always be an upper hand for you.
• Web sometimes can be confusing, follow a methodology to do properly.
• Atleast get familiar with basic types of web-attacks and vulnerabilities.

• Portswigger-Academy - Practical learning
• Web-Application-Pentesting - Medium writeups for beginners to level-up.
• Web-Tools-Resources
• Awesome-Web-Hacking
• Awesome-Web-Security
• Web-Checklists
• Web-Security-Roadmap
• WebSecurity-Stuff
• Owasp-Juice-Shop - Helps to learn and deal web vulnerabilities.

• Be familiar with Assembly Language
• Learn some Reverse Engineering first
• Fuzzing
• Learn something about Zero-Day Vulnerabilities
• Debugging ( basics )
• What exactly is a shellcode
• Basics of C language atleast first
• System Architecture like x86, x64
• Memory and CPU concepts such as memory addressing, registers and stack
• Understand spiking or spike fuzzing
• Lots of Motivation to start

• Exploit-Development-repo
• Getting-Started Exploit-Developmemt - Introduction
• LiveOverflow-Youtube
• Corelan
• FuzzySecurity
• Exploit Development
• Huge-Exploit-Development
• CryptoCat-Youtube-Playlist-BinaryExploitation
• PinkDraconian-playlist-BinaryExploitation
• Exploit Development - Cranelab