Resource List

List of resources about everything under cybersecurity

List of resources that others have gathered for sharing. Compiling/ customising my own list here for easy reference even though there's plenty of lists out there. However, this list concentrates fully on learning technical skills and how or where to get started. Beats saving everything in my Bookmarks and reviewing it occassionally. Good if you think this list benefits you too! Feel free to contact me if you would like to add additional resources below.

1. CTI/ OSINT

Learn

Beginner's guide to OSINT https://www.osint-jobs.com/post/the-ultimate-beginners-guide-to-osint
Wakelet CTI fundamentals & resources https://wakelet.com/wake/qovrrmXrZQA912c3OxfxU
Tips and resources for starting out in CTI https://medium.com/@likethecoins
80/20 of CTI Domain knowledge summary of Foundations, business value, requirements, critical thinking, concepts, distinctions and resources http://correlatedsecurity.com/cyber-threat-intelligence-summary/
Self-study CTI plan https://medium.com/katies-five-cents/a-cyber-threat-intelligence-self-study-plan-part-1-968b5a8daf9a
CTI Glossary (by Meghan Jacquot) https://docs.google.com/document/d/1EzBWMYX61jE0vujCIOQzCKFtpPbhhgAsFd67Qyg5WQw/edit
MITRE ATT&CK for CTI Training https://attack.mitre.org/resources/training/cti/
OSINT Challenges to work on https://www.osintdojo.com
OSINT Combine's recorded access to Australian OSINT Symposium 2020 https://academy.osintcombine.com/p/australian-osint-symposium-2020

Blogs

OH SHINT! https://ohshint.gitbook.io/oh-shint-its-a-blog/
OSINT Curious Project https://osintcurio.us
Sector 35 https://sector035.nl/articles/category:week-in-osint
The Record - news blog https://therecord.media
Tilting at windmills (CTI & IR) https://threatintel.eu
APTNotes, a repo of papers and blogs https://github.com/aptnotes/data & https://github.com/kbandla/APTnotes
The Citizen Lab https://citizenlab.ca
DFIR Report https://thedfirreport.com
Tracking sheet of APT groups (not exactly a blog) https://apt.threattracking.com
VX Underground has a list of APT-related papers https://www.vx-underground.org/apts.html

Tools

OSINT Framework https://osintframework.com
Meta OSINT https://metaosint.github.io/chart/
List of OSINT tools by @cyb_detective https://github.com/cipher387/osint_stuff_tool_collectionhttps://github.com/cipher387
Bellingcat's OSINT links https://docs.google.com/spreadsheets/d/18rtqh8EG2q1xBo2cLNyhIDuK9jrPGwYr9DI2UncoqJQ/edit#gid=930747607
List of OSINT tools https://www.osinttechniques.com/osint-tools.html
Another long list of OSINT tools https://osint.link
HATLESS1DER with a list of OSINT tools, training, news, podcasts, challenges and groups to join https://start.me/p/DPYPMz/the-ultimate-osint-collection
SANS SEC487 OSINT resource list https://start.me/p/ydEgyG/core-osint-skills
AMITT Disinformation TTP Framework https://github.com/cogsec-collaborative/AMITT
Cyber Operations Tracker is a database of publicy-known state-sponsored incidents https://www.cfr.org/cyber-operations/
Playbook viewer with content on Adversaries parsing STIX2 content https://pan-unit42.github.io/playbook_viewer/
VirusTotal analyses files, URLs and links to detect malware https://www.virustotal.com/gui/home/upload
Urlscan to scan and analyse potentially malicious websites https://urlscan.io
CellID http://sec487.info/q6
Tools by OSINT Combine https://www.osintcombine.com/tools
Epieos OSINT Information about an email address without alerting the user https://epieos.com
Google dorking https://dorksearch.com
Username search https://usersearch.org/index.php
Sherlock Project to search usernames with command lin
Global Scam database https://scamsearch.io
OSINT links some some in Chinese https://start.me/p/GE7JQb/osint
Another collection of OSINT links https://www.technisette.com/p/home
Massive list of threat intel tools https://github.com/hslatman/awesome-threat-intelligence

2. Forensics

Learn

Basics of forensics https://bluedemy.cyberdefenders.org

Practice

CTFs and Challenges on Forensics https://aboutdfir.com/education/challenges-ctfs/
Forensic Challenges on network, host, malware analysis and list of online resources https://www.amanhardikar.com/mindmaps/ForensicChallenges.html
DFIR Madness https://dfirmadness.com
Lets defend https://letsdefend.io
Blue Team Labs https://blueteamlabs.online
Range Force https://www.rangeforce.com
Offline CTF challenges for practice https://cyberdefenders.org/labs/

Resources

List of forensic tools, mobile tools, memory/RAM tools, network tools, malware tools, OSINT tools, getting started in forensics resources, other utilities, SANS cheatsheets, test images & test device setup, youtube feeds/blogs/podcasts on Forensics https://start.me/p/q6mw4Q/forensics
DFIRLinks compiles a list of CTFs & Challenges, Virtual Cons, Pordcasts, Malware Analysis, Tools and legacy https://dfirlinks.blogspot.com

3. General Tools

Cyberchef is a widely used tool but not many share how it can be used. This is a good resource on ways to use Cyberchef. https://github.com/mattnotmax/cyberchef-recipes
Splunk is a favourite tool in the industry for data visualisation, analysis of logs and SIEM tool. Learning resources for Splunk https://www.splunk.com/en_us/training.html?sort=Newest
Elastic Stack (or ElasticSearch, LogStash and Kibana) is very similar to Splunk as they are both SIEM tools, serving the same objectives like threat hunting, security monitoring and data visualisation etc. https://www.elastic.co/training/free

4. Free Training

Wide Range of Topics

Beginner to Advanced Class training materials for download on forensics, network, malware analysis, crypto, exploits, RE https://opensecuritytraining.info/Training.html
Various cybersecurity topics on a training platform https://defendtheweb.net
Forensics, OSINT & Pentesting resources https://www.hackers-arise.com
AttackIQ Academy https://academy.attackiq.com/catalog
Beginner level computer, network, linux, programming and defensive topics https://www.cyberwarrior.com/cybersecurity-platform/
Wide range of topics on a training platform (some free modules) https://tryhackme.com/hacktivities
MIT Open courseware on Computer Systems Security https://ocw.mit.edu/courses/electrical-engineering-and-computer-science/6-858-computer-systems-security-fall-2014/lecture-notes/

Penetration Testing

HackTheBox has academy training, challenges and labs for 'playing' https://www.hackthebox.com
Web penetration testing on vulnerable software https://websploit.org
Web application security training https://portswigger.net/web-security
Another web application hacking site (need programming knowledge) https://www.gameofhacks.com
Ethical hacking environment in the form of Wargames http://www.smashthestack.org/
Binary/Programming/Assembly/RE modules https://pwn.college

CTF Practice

PicoCTF built by Carneige Mellon University with training and CTF challenges https://picoctf.org
Some beginner topics and CTF challenges are free https://www.cyberseclabs.co.uk
Archive of Defcon CTF challenges https://archive.ooo
Various CTF challenges https://ctflearn.com/challenge/1/browse
Cryptography challenges https://cryptopals.com

Cryptography

Intensive introduction to Cryptography https://intensecrypto.org/public/index.html

Cloud

Google Cloud https://cloud.google.com/training
AWS https://aws.amazon.com/training/

PreviousHack-a-Sat 3 NextSetups

Last updated 2 years ago

Resource List

List of resources about everything under cybersecurity

1. CTI/ OSINT

Learn

Beginner's guide to OSINT https://www.osint-jobs.com/post/the-ultimate-beginners-guide-to-osint
Wakelet CTI fundamentals & resources https://wakelet.com/wake/qovrrmXrZQA912c3OxfxU
Tips and resources for starting out in CTI https://medium.com/@likethecoins
80/20 of CTI Domain knowledge summary of Foundations, business value, requirements, critical thinking, concepts, distinctions and resources http://correlatedsecurity.com/cyber-threat-intelligence-summary/
Self-study CTI plan https://medium.com/katies-five-cents/a-cyber-threat-intelligence-self-study-plan-part-1-968b5a8daf9a
CTI Glossary (by Meghan Jacquot) https://docs.google.com/document/d/1EzBWMYX61jE0vujCIOQzCKFtpPbhhgAsFd67Qyg5WQw/edit
MITRE ATT&CK for CTI Training https://attack.mitre.org/resources/training/cti/
OSINT Challenges to work on https://www.osintdojo.com
OSINT Combine's recorded access to Australian OSINT Symposium 2020 https://academy.osintcombine.com/p/australian-osint-symposium-2020

Blogs

OH SHINT! https://ohshint.gitbook.io/oh-shint-its-a-blog/
OSINT Curious Project https://osintcurio.us
Sector 35 https://sector035.nl/articles/category:week-in-osint
The Record - news blog https://therecord.media
Tilting at windmills (CTI & IR) https://threatintel.eu
APTNotes, a repo of papers and blogs https://github.com/aptnotes/data & https://github.com/kbandla/APTnotes
The Citizen Lab https://citizenlab.ca
DFIR Report https://thedfirreport.com
Tracking sheet of APT groups (not exactly a blog) https://apt.threattracking.com
VX Underground has a list of APT-related papers https://www.vx-underground.org/apts.html

Tools

OSINT Framework https://osintframework.com
Meta OSINT https://metaosint.github.io/chart/
List of OSINT tools by @cyb_detective https://github.com/cipher387/osint_stuff_tool_collectionhttps://github.com/cipher387
Bellingcat's OSINT links https://docs.google.com/spreadsheets/d/18rtqh8EG2q1xBo2cLNyhIDuK9jrPGwYr9DI2UncoqJQ/edit#gid=930747607
List of OSINT tools https://www.osinttechniques.com/osint-tools.html
Another long list of OSINT tools https://osint.link
HATLESS1DER with a list of OSINT tools, training, news, podcasts, challenges and groups to join https://start.me/p/DPYPMz/the-ultimate-osint-collection
SANS SEC487 OSINT resource list https://start.me/p/ydEgyG/core-osint-skills
AMITT Disinformation TTP Framework https://github.com/cogsec-collaborative/AMITT
Cyber Operations Tracker is a database of publicy-known state-sponsored incidents https://www.cfr.org/cyber-operations/
Playbook viewer with content on Adversaries parsing STIX2 content https://pan-unit42.github.io/playbook_viewer/
VirusTotal analyses files, URLs and links to detect malware https://www.virustotal.com/gui/home/upload
Urlscan to scan and analyse potentially malicious websites https://urlscan.io
CellID http://sec487.info/q6
Tools by OSINT Combine https://www.osintcombine.com/tools
Epieos OSINT Information about an email address without alerting the user https://epieos.com
Google dorking https://dorksearch.com
Username search https://usersearch.org/index.php
Sherlock Project to search usernames with command lin
Global Scam database https://scamsearch.io
OSINT links some some in Chinese https://start.me/p/GE7JQb/osint
Another collection of OSINT links https://www.technisette.com/p/home
Massive list of threat intel tools https://github.com/hslatman/awesome-threat-intelligence

2. Forensics

Learn

Basics of forensics https://bluedemy.cyberdefenders.org

Practice

CTFs and Challenges on Forensics https://aboutdfir.com/education/challenges-ctfs/
Forensic Challenges on network, host, malware analysis and list of online resources https://www.amanhardikar.com/mindmaps/ForensicChallenges.html
DFIR Madness https://dfirmadness.com
Lets defend https://letsdefend.io
Blue Team Labs https://blueteamlabs.online
Range Force https://www.rangeforce.com
Offline CTF challenges for practice https://cyberdefenders.org/labs/

Resources

List of forensic tools, mobile tools, memory/RAM tools, network tools, malware tools, OSINT tools, getting started in forensics resources, other utilities, SANS cheatsheets, test images & test device setup, youtube feeds/blogs/podcasts on Forensics https://start.me/p/q6mw4Q/forensics
DFIRLinks compiles a list of CTFs & Challenges, Virtual Cons, Pordcasts, Malware Analysis, Tools and legacy https://dfirlinks.blogspot.com

3. General Tools

Cyberchef is a widely used tool but not many share how it can be used. This is a good resource on ways to use Cyberchef. https://github.com/mattnotmax/cyberchef-recipes
Splunk is a favourite tool in the industry for data visualisation, analysis of logs and SIEM tool. Learning resources for Splunk https://www.splunk.com/en_us/training.html?sort=Newest
Elastic Stack (or ElasticSearch, LogStash and Kibana) is very similar to Splunk as they are both SIEM tools, serving the same objectives like threat hunting, security monitoring and data visualisation etc. https://www.elastic.co/training/free

4. Free Training

Wide Range of Topics

Beginner to Advanced Class training materials for download on forensics, network, malware analysis, crypto, exploits, RE https://opensecuritytraining.info/Training.html
Various cybersecurity topics on a training platform https://defendtheweb.net
Forensics, OSINT & Pentesting resources https://www.hackers-arise.com
AttackIQ Academy https://academy.attackiq.com/catalog
Beginner level computer, network, linux, programming and defensive topics https://www.cyberwarrior.com/cybersecurity-platform/
Wide range of topics on a training platform (some free modules) https://tryhackme.com/hacktivities
MIT Open courseware on Computer Systems Security https://ocw.mit.edu/courses/electrical-engineering-and-computer-science/6-858-computer-systems-security-fall-2014/lecture-notes/

Penetration Testing

HackTheBox has academy training, challenges and labs for 'playing' https://www.hackthebox.com
Web penetration testing on vulnerable software https://websploit.org
Web application security training https://portswigger.net/web-security
Another web application hacking site (need programming knowledge) https://www.gameofhacks.com
Ethical hacking environment in the form of Wargames http://www.smashthestack.org/
Binary/Programming/Assembly/RE modules https://pwn.college

CTF Practice

PicoCTF built by Carneige Mellon University with training and CTF challenges https://picoctf.org
Some beginner topics and CTF challenges are free https://www.cyberseclabs.co.uk
Archive of Defcon CTF challenges https://archive.ooo
Various CTF challenges https://ctflearn.com/challenge/1/browse
Cryptography challenges https://cryptopals.com

Cryptography

Intensive introduction to Cryptography https://intensecrypto.org/public/index.html

Cloud

Google Cloud https://cloud.google.com/training
AWS https://aws.amazon.com/training/

PreviousHack-a-Sat 3 NextSetups

Last updated 2 years ago