@DA_667 posted a twitter thread with a long list of resources that can aid someone starting out or on their Cyber Security journey. A large portion of the list below is taken exclusively from that twitter thread which you can read in its entirety here. The list of Exercise and CTF challenges suggested is linked from @blackroomsec website and is her work entirely and I recommend a visit to this post on her website if you are new and wanting to ask about where to start.
I have not reproduced the thread in its entirety just a list of links in some sort of categorised index it is here so that I can find what I need and maybe others can to. I have permission from @DA_667 and its likely something similar will appear on his blog soon given that the list was published on an open social media channel . I have used Cybrary and SecurityTube and can recommend them both personally.
General Cyber Security Training
- Cybrary – Online Cyber Security Training, Free, Forever – based around certification.
- OpenSecurity Training – Those who can, teach.
Learn to Code
- Codeacademy – Learn to code – “freemium site” some of the stuff is behind paywalls
- Kahn Academy – General education site but with some code tutorials
- Reverse engineering for beginners – A free book by Dennis Yurichev (plus some other resources)
- @malwareunicorn RE101 and Re102 – annihilate malware (thats a direct quote from @da_667, I am far to new at this to presume I can annihilate anything)
Web Application testing
- Samurai WTF – Comes with course documentation and a self-contained VM for practicing
- Metasploit Unleashed – GREAT resources for getting familiar with the metasploit framework and/or using as a cross-reference for remember command syntax
- Metasploitable – an intentionally vulnerable VM that is older than dirt, and so full of holes it looks like an XCOM mission site after I’ve been done with it – (another @da_667 quote) I don’t play XCOM – my game choice is much more tame…
- Metasploitable 2 – The Sequel with its exploitation guide
- Metasploitable 3 – Apparently its difficult to build – a subject for a future post maybe.
- SecurityTube SMFE – certificated course with examination – materials available for free – pay for exam, labs and support portal.
Penetration Testing and Red Team
- Penetration Testing Execution Standard – Shows the different steps that comprise a test
- absolomb’s security blog – “At first privilege escalation can seem like a daunting task” – so here is a blog post to help – Windows
- g0tmi1k’s blog – “I’m no expert, this is simply my finding, typed up, to be shared” – Linux
Digital Forensics and Incident Response (DFIR)
Adversary Observation, Threat Hunting and Threat Intelligence
- Cyber Kill Chain – A lot of marketing but a kernel of truth (another quote from the twitter post)
- The MITRE ATT&CK Framework – extremely valuable for mapping how adversaries perform various killchain-like actions on a network.
- Atomic Red Team – this tool gives you the ability to emulate an action from the ATT&CK framework almost instantly.
Challenges, Labs and Other Exercises
DFIR Focussed Challenges – Really nice DFIR-focused exercises! Courtesy of @BitAengel
Books for free or at low cost
Packt Publishing – gives out new, free books on a regular schedule. Additionally most of their book choices are fairly affordable as well.
Humble Bundle – Keep a look out for when humble bundle is doing partnerships with nostarch press. NSP books are good and humblebundle makes them REALLY cheap.