Resource List

List of resources about everything under cybersecurity

List of resources that others have gathered for sharing. Compiling/ customising my own list here for easy reference even though there's plenty of lists out there. However, this list concentrates fully on learning technical skills and how or where to get started. Beats saving everything in my Bookmarks and reviewing it occassionally. Good if you think this list benefits you too! Feel free to contact me if you would like to add additional resources below.

1. CTI/ OSINT

Learn

• Beginner's guide to OSINT https://www.osint-jobs.com/post/the-ultimate-beginners-guide-to-osint

• Wakelet CTI fundamentals & resources https://wakelet.com/wake/qovrrmXrZQA912c3OxfxU

• Tips and resources for starting out in CTI https://medium.com/@likethecoins

• 80/20 of CTI Domain knowledge summary of Foundations, business value, requirements, critical thinking, concepts, distinctions and resources http://correlatedsecurity.com/cyber-threat-intelligence-summary/

• Self-study CTI plan https://medium.com/katies-five-cents/a-cyber-threat-intelligence-self-study-plan-part-1-968b5a8daf9a

• CTI Glossary (by Meghan Jacquot) https://docs.google.com/document/d/1EzBWMYX61jE0vujCIOQzCKFtpPbhhgAsFd67Qyg5WQw/edit

• MITRE ATT&CK for CTI Training https://attack.mitre.org/resources/training/cti/

• OSINT Challenges to work on https://www.osintdojo.com

• OSINT Combine's recorded access to Australian OSINT Symposium 2020 https://academy.osintcombine.com/p/australian-osint-symposium-2020

Blogs

• OH SHINT! https://ohshint.gitbook.io/oh-shint-its-a-blog/

• OSINT Curious Project https://osintcurio.us

• Sector 35 https://sector035.nl/articles/category:week-in-osint

• The Record - news blog https://therecord.media

• Tilting at windmills (CTI & IR) https://threatintel.eu

• APTNotes, a repo of papers and blogs https://github.com/aptnotes/data & https://github.com/kbandla/APTnotes

• The Citizen Lab https://citizenlab.ca

• DFIR Report https://thedfirreport.com

• Tracking sheet of APT groups (not exactly a blog) https://apt.threattracking.com

• VX Underground has a list of APT-related papers https://www.vx-underground.org/apts.html

Tools

• OSINT Framework https://osintframework.com

• Meta OSINT https://metaosint.github.io/chart/

• List of OSINT tools by @cyb_detective https://github.com/cipher387/osint_stuff_tool_collectionhttps://github.com/cipher387

• Bellingcat's OSINT links https://docs.google.com/spreadsheets/d/18rtqh8EG2q1xBo2cLNyhIDuK9jrPGwYr9DI2UncoqJQ/edit#gid=930747607

• List of OSINT tools https://www.osinttechniques.com/osint-tools.html

• Another long list of OSINT tools https://osint.link

• HATLESS1DER with a list of OSINT tools, training, news, podcasts, challenges and groups to join https://start.me/p/DPYPMz/the-ultimate-osint-collection

• SANS SEC487 OSINT resource list https://start.me/p/ydEgyG/core-osint-skills

• AMITT Disinformation TTP Framework https://github.com/cogsec-collaborative/AMITT

• Cyber Operations Tracker is a database of publicy-known state-sponsored incidents https://www.cfr.org/cyber-operations/

• Playbook viewer with content on Adversaries parsing STIX2 content https://pan-unit42.github.io/playbook_viewer/

• VirusTotal analyses files, URLs and links to detect malware https://www.virustotal.com/gui/home/upload

• Urlscan to scan and analyse potentially malicious websites https://urlscan.io

• CellID http://sec487.info/q6

• Tools by OSINT Combine https://www.osintcombine.com/tools

• Epieos OSINT Information about an email address without alerting the user https://epieos.com

• Google dorking https://dorksearch.com

• Username search https://usersearch.org/index.php

• Sherlock Project to search usernames with command lin

• Global Scam database https://scamsearch.io

• OSINT links some some in Chinese https://start.me/p/GE7JQb/osint

• Another collection of OSINT links https://www.technisette.com/p/home

• Massive list of threat intel tools https://github.com/hslatman/awesome-threat-intelligence

2. Forensics

Learn

• Basics of forensics https://bluedemy.cyberdefenders.org

Practice

• CTFs and Challenges on Forensics https://aboutdfir.com/education/challenges-ctfs/

• Forensic Challenges on network, host, malware analysis and list of online resources https://www.amanhardikar.com/mindmaps/ForensicChallenges.html

• DFIR Madness https://dfirmadness.com

• Lets defend https://letsdefend.io

• Blue Team Labs https://blueteamlabs.online

• Range Force https://www.rangeforce.com

• Offline CTF challenges for practice https://cyberdefenders.org/labs/

Resources

• List of forensic tools, mobile tools, memory/RAM tools, network tools, malware tools, OSINT tools, getting started in forensics resources, other utilities, SANS cheatsheets, test images & test device setup, youtube feeds/blogs/podcasts on Forensics https://start.me/p/q6mw4Q/forensics

• DFIRLinks compiles a list of CTFs & Challenges, Virtual Cons, Pordcasts, Malware Analysis, Tools and legacy https://dfirlinks.blogspot.com

3. General Tools

• Cyberchef is a widely used tool but not many share how it can be used. This is a good resource on ways to use Cyberchef. https://github.com/mattnotmax/cyberchef-recipes

• Splunk is a favourite tool in the industry for data visualisation, analysis of logs and SIEM tool. Learning resources for Splunk https://www.splunk.com/en_us/training.html?sort=Newest

• Elastic Stack (or ElasticSearch, LogStash and Kibana) is very similar to Splunk as they are both SIEM tools, serving the same objectives like threat hunting, security monitoring and data visualisation etc. https://www.elastic.co/training/free

4. Free Training

Wide Range of Topics

• Beginner to Advanced Class training materials for download on forensics, network, malware analysis, crypto, exploits, RE https://opensecuritytraining.info/Training.html

• Various cybersecurity topics on a training platform https://defendtheweb.net

• Forensics, OSINT & Pentesting resources https://www.hackers-arise.com

• AttackIQ Academy https://academy.attackiq.com/catalog

• Beginner level computer, network, linux, programming and defensive topics https://www.cyberwarrior.com/cybersecurity-platform/

• Wide range of topics on a training platform (some free modules) https://tryhackme.com/hacktivities

• MIT Open courseware on Computer Systems Security https://ocw.mit.edu/courses/electrical-engineering-and-computer-science/6-858-computer-systems-security-fall-2014/lecture-notes/

Penetration Testing

• HackTheBox has academy training, challenges and labs for 'playing' https://www.hackthebox.com

• Web penetration testing on vulnerable software https://websploit.org

• Web application security training https://portswigger.net/web-security

• Another web application hacking site (need programming knowledge) https://www.gameofhacks.com

• Ethical hacking environment in the form of Wargames http://www.smashthestack.org/

• Binary/Programming/Assembly/RE modules https://pwn.college

CTF Practice

• PicoCTF built by Carneige Mellon University with training and CTF challenges https://picoctf.org

• Some beginner topics and CTF challenges are free https://www.cyberseclabs.co.uk

• Archive of Defcon CTF challenges https://archive.ooo

• Various CTF challenges https://ctflearn.com/challenge/1/browse

• Cryptography challenges https://cryptopals.com

Cryptography

• Intensive introduction to Cryptography https://intensecrypto.org/public/index.html

Cloud

• Google Cloud https://cloud.google.com/training

• AWS https://aws.amazon.com/training/