From 45f906949f8cfce887c3fd8e5c69a5ea0b1c0894 Mon Sep 17 00:00:00 2001 From: spirizeon Date: Sun, 8 Dec 2024 02:09:35 +0530 Subject: [PATCH 1/7] draft: rewrite of cyber roadmap --- testcyber.md | 76 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 76 insertions(+) create mode 100644 testcyber.md diff --git a/testcyber.md b/testcyber.md new file mode 100644 index 0000000..5b5b83f --- /dev/null +++ b/testcyber.md @@ -0,0 +1,76 @@ +# Cyber Security Roadmap + +## 1. Foundational Tips +- **Shadow Libraries & PDFs**: Explore responsibly for supplemental resources + +- **Intro to Cybersecurity**: [Cisco NetAcad Course](https://www.netacad.com/courses/introduction-to-cybersecurity) + +--- + +## 2. Basics + +### **Linux** +- [Linux Basics for Hackers](https://kea.nu/files/textbooks/humblesec/linuxbasicsforhackers.pdf) + +### **Networking** +- [Networking Basics - Cisco](https://www.netacad.com/courses/networking-basics) + +### **Network Programming** +- [Beej's Guide to Network Programming](https://beej.us/guide/bgnet/pdf/bgnet_usl_c_1.pdf) + +### **Operating Systems** +- [Dive Into Systems](https://diveintosystems.org/singlepage/) + +### **Low-Level Programming** +- [Rust by Example](https://doc.rust-lang.org/rust-by-example/) + +### **Automation & Scripting** +- **Bash**: [shellscript.sh](https://www.shellscript.sh/) +- **Python**: [Python 3.x Guide (PDF)](https://olinux.net/wp-content/uploads/2019/01/python.pdf) +- **Wargames**: [OverTheWire Challenges](https://overthewire.org/wargames/) + +### **Building Tools** +- [Cybersecurity Tools Repository](https://github.com/cyberguideme/Tools) + +### **Finalizing Your Basics** +- [Ethical Hacking Course - Cisco](https://www.netacad.com/courses/ethical-hacker) + +--- + +## 3. Specializations + +### **Computer Forensics** +- **What is Computer Forensics?**: [Open University](https://www.open.edu/openlearn/science-maths-technology/digital-forensics/content-section-0?intro=1) +- **File Handling**: + - [File Systems Basics](https://www.ufsexplorer.com/articles/file-systems-basics.php) + - [Detailed File Extensions List](https://www.online-convert.com/file-type) + - [File Signatures: Magic Bytes](https://blog.netspi.com/magic-bytes-identifying-common-file-formats-at-a-glance/) + - [Understanding Metadata](https://resources.infosecinstitute.com/metadata-and-information-security/#gref) +- **Memory Forensics**: + - [Introduction to Memory Analysis](https://forensicswiki.org/wiki/Memory_analysis) + - [Volatility Memory Forensics Tool](https://resources.infosecinstitute.com/memory-forensics-and-analysis-using-volatility/#gref) +- **Network Analysis**: + - [Burp Suite Playlist](https://www.youtube.com/playlist?list=PLWPirh4EWFpEiXbu4JgQG0KoX6-MU8FbT) + - [Wireshark User Guide](https://www.wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html) +- **Steganography**: [Overview & Tutorial](https://www.edureka.co/blog/steganography-tutorial) + + + - **Reverse engineering**: [CyberYeti YouTube Playlists](https://www.youtube.com/@jstrosch/playlists) + + +### **Cryptography** +- [Cryptography Cheatsheet](https://picoctf.com/learning_guides/Book-2-Cryptography.pdf) + + +### **Web Exploitation & Scraping** +- [PortSwigger Labs](https://portswigger.net/) +- [HackTheBox Free Labs](https://www.hackthebox.com/) + +--- + +## 4. Preparing for Interviews +- [Cybersecurity Interview Guide (PDF)](https://cdn.ttgtmedia.com/rms/pdf/bookshelf_hack_the_cybersecurity_interview_excerpt.pdf) + +--- + +Organized and ready for learning. Let me know if you need further refinements! From 7d4122b8f6756c276bb5d0cadc4570885031ed4d Mon Sep 17 00:00:00 2001 From: Ayush Dutta Date: Sun, 8 Dec 2024 02:22:41 +0530 Subject: [PATCH 2/7] Update testcyber.md --- testcyber.md | 70 +++++++++++++++++++++++++++------------------------- 1 file changed, 37 insertions(+), 33 deletions(-) diff --git a/testcyber.md b/testcyber.md index 5b5b83f..2beeef0 100644 --- a/testcyber.md +++ b/testcyber.md @@ -1,41 +1,32 @@ # Cyber Security Roadmap ## 1. Foundational Tips -- **Shadow Libraries & PDFs**: Explore responsibly for supplemental resources -- **Intro to Cybersecurity**: [Cisco NetAcad Course](https://www.netacad.com/courses/introduction-to-cybersecurity) +***[Click me first](AS6380756171694101529140490119_content_1.pdf)*** + + +**MUST READ PORTION** + +Always make sure you work for the morally good side of you. Also, remember to patiently and wisely study every single resource accordingly. Patience and persistence are one of the most important qualities of CyberSecurity engineering. +Apart from the prerequisites mentioned in the main readme, Cyber Security as a domain requires a few more fundamental concepts and topics to be covered. +Follow the links sequentially, If you can't seem to afford physical or e-copies of any books mentioned, fret not! You can download them from any shadow archive like [Libgen](https://libgen.is) ---- +- **Intro to Cybersecurity**: [Cisco NetAcad Course](https://www.netacad.com/courses/introduction-to-cybersecurity) ## 2. Basics -### **Linux** - [Linux Basics for Hackers](https://kea.nu/files/textbooks/humblesec/linuxbasicsforhackers.pdf) - -### **Networking** - [Networking Basics - Cisco](https://www.netacad.com/courses/networking-basics) - -### **Network Programming** - [Beej's Guide to Network Programming](https://beej.us/guide/bgnet/pdf/bgnet_usl_c_1.pdf) - -### **Operating Systems** - [Dive Into Systems](https://diveintosystems.org/singlepage/) - -### **Low-Level Programming** - [Rust by Example](https://doc.rust-lang.org/rust-by-example/) +- [Bash scripting](https://www.shellscript.sh/) +- [Python 3.x Guide (PDF)](https://olinux.net/wp-content/uploads/2019/01/python.pdf) +- [Scripting challenges](https://overthewire.org/wargames/) +- [Inspire yourself and rebuild some tools](https://github.com/cyberguideme/Tools) +- [Finalise your basics!](https://www.netacad.com/courses/ethical-hacker) -### **Automation & Scripting** -- **Bash**: [shellscript.sh](https://www.shellscript.sh/) -- **Python**: [Python 3.x Guide (PDF)](https://olinux.net/wp-content/uploads/2019/01/python.pdf) -- **Wargames**: [OverTheWire Challenges](https://overthewire.org/wargames/) - -### **Building Tools** -- [Cybersecurity Tools Repository](https://github.com/cyberguideme/Tools) -### **Finalizing Your Basics** -- [Ethical Hacking Course - Cisco](https://www.netacad.com/courses/ethical-hacker) - ---- ## 3. Specializations @@ -54,23 +45,36 @@ - [Wireshark User Guide](https://www.wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html) - **Steganography**: [Overview & Tutorial](https://www.edureka.co/blog/steganography-tutorial) - - - **Reverse engineering**: [CyberYeti YouTube Playlists](https://www.youtube.com/@jstrosch/playlists) +### **Reverse engineering**: +[What is Reverse Engineering?](https://www.geeksforgeeks.org/software-engineering-reverse-engineering/) +* A crash-course/cheatsheet on [Assembly Languages and Code](https://www.tutorialspoint.com/assembly_programming/assembly_quick_guide.htm) +* Using [IDA](https://www.hex-rays.com/products/ida/support/idadoc/) for Disassembly and Decompiling +* Debugging using [GDB](https://betterexplained.com/articles/debugging-with-gdb/) -### **Cryptography** -- [Cryptography Cheatsheet](https://picoctf.com/learning_guides/Book-2-Cryptography.pdf) +Here's a [CTF-themed overview](https://ctf101.org/binary-exploitation/overview/) of Binary Exploitation and all it's concepts. Being a very vast and vaguely defined topic, it is essential to know the techniques and tools before the theory to properly form an outlook. Don't be scared if you can't do this, it's one of the most difficult yet the most sought-after expertise in Cyber Security! +* [CyberYeti YouTube Playlists](https://www.youtube.com/@jstrosch/playlists) +* How to setup a [Malware analysis Lab environment](https://systemweakness.com/building-a-secure-malware-analysis-lab-from-scratch-a-step-by-step-guide-2cbf15ba7c2c) for malware analysis +* Practical binary analysis [book](https://nostarch.com/binaryanalysis) +* Primer to malware analysis [book](https://nostarch.com/malware) + +### **Cryptography** +Here's a nifty [cheatsheet](https://picoctf.com/learning_guides/Book-2-Cryptography.pdf) for everything you need to understand at the very least in cryptography. If you're still here looking for a resource, take a look at the prerequisites in the main readme! ### **Web Exploitation & Scraping** -- [PortSwigger Labs](https://portswigger.net/) -- [HackTheBox Free Labs](https://www.hackthebox.com/) +[What counts as Web Exploitation?](https://www.valencynetworks.com/blogs/cyber-attacks-explained-web-exploitation/) + +* What is [SQL Injection](https://www.w3schools.com/sql/sql_injection.asp) and how to use [SQLMap](https://github.com/sqlmapproject/sqlmap/wiki) +* Man-in-the-middle attacking using [mitmproxy](https://docs.mitmproxy.org/stable/) +* Understanding [Cross-site Scripting](https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)) +* Forcing out hidden directories using [DirBuster](https://www.hackingarticles.in/comprehensive-guide-on-dirbuster-tool/) +* Learn [PHP](https://www.w3schools.com/php/) and [JSON](https://www.tutorialspoint.com/json/index.htm) +* Hands-on Labs on [Portswigger](https://portswigger.net/web-security) +* [PortSwigger Labs](https://portswigger.net/) +* [HackTheBox Free Labs](https://www.hackthebox.com/) ---- ## 4. Preparing for Interviews - [Cybersecurity Interview Guide (PDF)](https://cdn.ttgtmedia.com/rms/pdf/bookshelf_hack_the_cybersecurity_interview_excerpt.pdf) ---- - -Organized and ready for learning. Let me know if you need further refinements! From 6f4ec4f72c5e99ed8dddbfa35078e50aea2e6518 Mon Sep 17 00:00:00 2001 From: Ayush Dutta Date: Sun, 8 Dec 2024 02:23:00 +0530 Subject: [PATCH 3/7] Delete CyberSec.md --- CyberSec.md | 61 ----------------------------------------------------- 1 file changed, 61 deletions(-) delete mode 100644 CyberSec.md diff --git a/CyberSec.md b/CyberSec.md deleted file mode 100644 index 4283c24..0000000 --- a/CyberSec.md +++ /dev/null @@ -1,61 +0,0 @@ -# Cyber Security - -***[Click me first](AS6380756171694101529140490119_content_1.pdf)*** - -Apart from the prerequisites mentioned in the main readme, Cyber Security as a domain requires a few more fundamental concepts and topics to be covered. An exhaustive introduction can be found in [Cisco Networking Academy's Introduction to Cyber Security](https://www.netacad.com/courses/security/cybersecurity-essentials), and in [SANS Cyber Aces Online Tutorial](https://tutorials.cyberaces.org/tutorials.html). - -Before you go ahead and dive into any of the fields below, play a few CTFs ([WTF is CTF?](https://ctftime.org/ctf-wtf/)) to practice and hone your basic skills. A good start would be the [picoCTF](https://picoctf.com/) followed by [OverTheWire's wargames](https://overthewire.org/wargames/)! - -Also, If you can't seem to afford physical or e-copies of any books mentioned, fret not! You can download them from any shadow archive like [Libgen](https://libgen.is) - -**Jump into any one of the sections below that you wish. Specialize in one and then go for others!** - -## Tool building -The secret to a great cybersecurity engineer is the ability to build software that tailors to their need. Whether the purpose is to root, test or even protect. -* This is an advanced guide for bash: [Black-Hat Bash](https://nostarch.com/black-hat-bash) -* Rust combines high-level logic with machine-level control: [Black-Hat Rust](https://kerkour.com/black-hat-rust) -* Learn basics of C & x86ASM with [Dive into systems](https://diveintosystems.org/book/) - -## Computer Forensics -[What is Computer Forensics?](https://www.open.edu/openlearn/science-maths-technology/digital-forensics/content-section-0?intro=1) - -* File Handling: - * [File Systems](https://www.ufsexplorer.com/articles/file-systems-basics.php) - * Detailed list of all [File Extensions](https://www.online-convert.com/file-type) - * Using [File Signatures](https://blog.netspi.com/magic-bytes-identifying-common-file-formats-at-a-glance/) as a tool - * [MetaData](https://resources.infosecinstitute.com/metadata-and-information-security/#gref) of a file -* [Memory Forensics](https://forensicswiki.org/wiki/Memory_analysis) - * [Volatility](https://resources.infosecinstitute.com/memory-forensics-and-analysis-using-volatility/#gref) for extraction -* Network analysis using [Burp Suite](https://www.youtube.com/playlist?list=PLWPirh4EWFpEiXbu4JgQG0KoX6-MU8FbT) or [Wireshark](https://www.wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html) -* [Steganography](https://www.edureka.co/blog/steganography-tutorial): The Why and How - -## Cryptography -Here's a nifty [cheatsheet](https://picoctf.com/learning_guides/Book-2-Cryptography.pdf) for everything you need to understand at the very least in cryptography. If you're still here looking for a resource, take a look at the prerequisites in the main readme! - -## Reverse Engineering -[What is Reverse Engineering?](https://www.geeksforgeeks.org/software-engineering-reverse-engineering/) - -* A crash-course/cheatsheet on [Assembly Languages and Code](https://www.tutorialspoint.com/assembly_programming/assembly_quick_guide.htm) -* Using [IDA](https://www.hex-rays.com/products/ida/support/idadoc/) for Disassembly and Decompiling -* Debugging using [GDB](https://betterexplained.com/articles/debugging-with-gdb/) - -## Web Exploitation and Scraping -[What counts as Web Exploitation?](https://www.valencynetworks.com/blogs/cyber-attacks-explained-web-exploitation/) - -* What is [SQL Injection](https://www.w3schools.com/sql/sql_injection.asp) and how to use [SQLMap](https://github.com/sqlmapproject/sqlmap/wiki) -* Man-in-the-middle attacking using [mitmproxy](https://docs.mitmproxy.org/stable/) -* Understanding [Cross-site Scripting](https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)) -* Forcing out hidden directories using [DirBuster](https://www.hackingarticles.in/comprehensive-guide-on-dirbuster-tool/) -* Learn [PHP](https://www.w3schools.com/php/) and [JSON](https://www.tutorialspoint.com/json/index.htm) -* Hands-on Labs on [Portswigger](https://portswigger.net/web-security) - -## Binary Exploitation - -Here's a [CTF-themed overview](https://ctf101.org/binary-exploitation/overview/) of Binary Exploitation and all it's concepts. Being a very vast and vaguely defined topic, it is essential to know the techniques and tools before the theory to properly form an outlook. Don't be scared if you can't do this, it's one of the most difficult yet the most sought-after expertise in Cyber Security! - -## Malware Analysis -[What is Malware Analysis?](https://www.crowdstrike.com/cybersecurity-101/malware/malware-analysis/) - -* How to setup a [Lab environment](https://systemweakness.com/building-a-secure-malware-analysis-lab-from-scratch-a-step-by-step-guide-2cbf15ba7c2c) for malware analysis -* Practical binary analysis [book](https://nostarch.com/binaryanalysis) -* Primer to malware analysis [book](https://nostarch.com/malware) From 88adf243f4174f4756a672620d90349e59b9f0b2 Mon Sep 17 00:00:00 2001 From: Ayush Dutta Date: Sun, 8 Dec 2024 02:23:14 +0530 Subject: [PATCH 4/7] Rename testcyber.md to CyberSec.md --- testcyber.md => CyberSec.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename testcyber.md => CyberSec.md (100%) diff --git a/testcyber.md b/CyberSec.md similarity index 100% rename from testcyber.md rename to CyberSec.md From d67584bd866dd93cc63041c0afa8d17a0ce1a431 Mon Sep 17 00:00:00 2001 From: Ayush Dutta Date: Sun, 8 Dec 2024 02:26:48 +0530 Subject: [PATCH 5/7] Update CyberSec.md --- CyberSec.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/CyberSec.md b/CyberSec.md index 2beeef0..c484d4d 100644 --- a/CyberSec.md +++ b/CyberSec.md @@ -7,11 +7,15 @@ **MUST READ PORTION** -Always make sure you work for the morally good side of you. Also, remember to patiently and wisely study every single resource accordingly. Patience and persistence are one of the most important qualities of CyberSecurity engineering. +Always make sure you work for the morally good side of you. Also, remember to patiently and wisely study every single resource accordingly. + +Patience and persistence are one of the most important qualities of CyberSecurity engineering. + Apart from the prerequisites mentioned in the main readme, Cyber Security as a domain requires a few more fundamental concepts and topics to be covered. + Follow the links sequentially, If you can't seem to afford physical or e-copies of any books mentioned, fret not! You can download them from any shadow archive like [Libgen](https://libgen.is) -- **Intro to Cybersecurity**: [Cisco NetAcad Course](https://www.netacad.com/courses/introduction-to-cybersecurity) +Alright, let's start with [the foundations](https://www.netacad.com/courses/introduction-to-cybersecurity) (Click me!) ## 2. Basics From ec8827abb6944bf2822a45e237e0bf7c67bf9b26 Mon Sep 17 00:00:00 2001 From: Ayush Dutta Date: Sun, 8 Dec 2024 02:37:40 +0530 Subject: [PATCH 6/7] Update: Added certification info --- CyberSec.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/CyberSec.md b/CyberSec.md index c484d4d..055423e 100644 --- a/CyberSec.md +++ b/CyberSec.md @@ -82,3 +82,9 @@ Here's a nifty [cheatsheet](https://picoctf.com/learning_guides/Book-2-Cryptogra ## 4. Preparing for Interviews - [Cybersecurity Interview Guide (PDF)](https://cdn.ttgtmedia.com/rms/pdf/bookshelf_hack_the_cybersecurity_interview_excerpt.pdf) +## 4.A Certifications +- [eJPT: Red Team, Entry-level](https://security.ine.com/certifications/ejpt-certification/) +- [Comptia CySA+: Blue Team, Intermediate-Level](https://partners.comptia.org/certifications/cybersecurity-analyst) +- Any Cloud Certification: Foundational + Associate level (AWS/GCP/Azure) + - [Practice Cloud pentesting](https://pwnedlabs.io/) + From 9414159d4a03b84125bcc1c939b76edd001f2e70 Mon Sep 17 00:00:00 2001 From: Ayush Dutta Date: Sun, 8 Dec 2024 16:45:32 +0530 Subject: [PATCH 7/7] Update CyberSec.md --- CyberSec.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/CyberSec.md b/CyberSec.md index 055423e..a4bb7a1 100644 --- a/CyberSec.md +++ b/CyberSec.md @@ -82,6 +82,11 @@ Here's a nifty [cheatsheet](https://picoctf.com/learning_guides/Book-2-Cryptogra ## 4. Preparing for Interviews - [Cybersecurity Interview Guide (PDF)](https://cdn.ttgtmedia.com/rms/pdf/bookshelf_hack_the_cybersecurity_interview_excerpt.pdf) +## 4.B Capture The Flags +But what is a [CTF](https://www.geeksforgeeks.org/what-is-ctfs-capture-the-flag/)? +- [Learn how CTFs work](https://www.root-me.org) +- [live CTFs](https://ctftime.org/) + ## 4.A Certifications - [eJPT: Red Team, Entry-level](https://security.ine.com/certifications/ejpt-certification/) - [Comptia CySA+: Blue Team, Intermediate-Level](https://partners.comptia.org/certifications/cybersecurity-analyst)