Resources
Where to start…
Getting started of security whether it be pen testing, DFIR, reverse engineering, etc can be a little overwhelming. The good news is that there is a lot of resources out there and the community is very helpful. Depending on what you are trying to learn, there is some resources below to help you get started. I would recommend trying to stick to one thing at first and once you get some experience and gain some confidence then go ahead and branch out to other things.
In the beginning it might be useful to play around with a few different concepts and tools and once you find something that really grasps your interest, dig deeper into and try to master it. YouTube is your friend, the community shares a lot of stuff and there is a lot of good tutorials and information.
Things I recommend before you begin…
I highly recommend that you get started with some basic knowledge of networks and learn how to do some programming, especially in a scripting language. I highly recommend Python, because it is highly supported and a very powerful tool that you can use to write scripts as well as a full application.
For reverse engineering I recommend you learn assembly before you attempt to reverse any software/malware. You can start with something simple like MIPS and do some assembly coding so you can get an idea of how it works. Writing things in C and then disassembling the code to see what it looks like in assembly is greatly beneficial, this can help you learn some of the C constructs.
Books & Reading
- Software Engineering
- Clean Code
- The pragmatic programmer
- Code Complete
- The Mythical Man-Month
- The Security Development Lifecycle [free ebook]
- Threat Modeling: Designing for Security
- Reverse Engineering / DFIR
- Practical Malware Analysis
- Must have in my opinion (and many others =) ) to get started in reverse engineering & malware analysis. If you can only get one book, this would be it for me.
- The IDA Pro Book
- Good reference guide for IDA Pro
- Practical Reverse Engineering
- Attacking Network Protocols
- Windows Internals Part 1
- Get a better understanding of Windows
- Practical Binary Analysis
- The Art of Memory Forensics
- Practical Forensic Imaging: Securing Digital Evidence with Linux Tools
- https://beginners.re/
- Practical Malware Analysis
- Exploit Dev
- The Shellcoder’s Handbook: Discovering and Exploiting Security Holes
- Pen Testing
- Rtfm: Red Team Field Manual
- Gray Hat Hacking
- The Hacker Playbook series
- Penetration Testing
- The Web Application Hacker’s Handbook
- Attacking Network Protocols
- Windows Internals Part 1
- Get a better understanding of Windows
- Troubleshooting with the Windows Sysinternals Tools
- Reference on how to get the most out of the Sysinternals suite
- Cryptography
- Serious Cryptography: A Practical Introduction to Modern Encryption
(I suggest starting with this one) - Applied Cryptography: Protocols, Algorithms and Source Code in C
- Cryptography Engineering: Design Principles and Practical Applications
- Serious Cryptography: A Practical Introduction to Modern Encryption
- https://pagedout.institute/
Tools
- Software Engineering
- VIM =)
- Visual Studio Code
- Extensions
- Better Comments
- Shell Launcher
- Allows you to switch Shells (Super useful)
- Bracket Pair Colorizer (very useful)
- Indenticator
- indent-rainbow
- Bookmarks
- Todo Tree
- Language Extensions
- C/C++ – Microsoft
- C# – Microsoft
- PowerShell – Microsoft
- Python – Microsoft
- x86 and x64 Assembly
- Themes
- Noctis
- Material
- Monokai Pro
- Cobalt2
- Dracula
- Night Owl
- Rainglow
- Extensions
- Visual Studio IDE
- Atom
- Sublime Text
- General
- VMWare Workstation Pro
- Virtual Machine
- Alternatively get VMWare Workstation Player which is free, but doesn’t have the ability to take snapshots.
- VirtualBox
- Virtual Machine
- FREE
- Snapshots!
- WSL – Windows Subsystem for Linux
- Super useful when doing command line stuff on windows without having to fire up a VM
- PowerShell
- Learn to use it, very powerful
- Linux
- Choose your flavor and learn to use it well
- Cygwin
- VirusTotal
- Not too sure if that file you downloaded is safe? Upload it to VirusTotal!
- VMWare Workstation Pro
- Python Useful Modules
- Scapy
- RE
- Socket
- Scrapy
- Reverse Engineering
- IDA Pro
- Binary Ninja
- Plugins
- Ghidra
- ODA (Online Disassembler)
- Hopper
- Radare
- Frida – Dissasembler
- Binwalk
- Snowman
- JD-Gui
- x64Dbg
- WinDbg
- Wireshark
- Sysinternals
- REMnux
- FLARE VM
- Frida.re – Dynamic Instrumentation Toolkit
- .Net Stuff
- dnSpy
- dotPeek
- dotMemory
- DFIR
- Volatility
- SIFT Workstation
- Penetration Testing
- Metasploit
- Nmap
- Nessus
- Hashcat
- Web Penetration Testing
- Burp Suite
- Firefox plugins:
- FoxyProxy
- Wappalyzer or BuiltWith
- DirBuster
- Enumerates directories/paths/subpaths in a given domain
- Sublist3r
- Uses OSINT from search engines to help enumerate subdomains
- Knockpy
- Enumerate subdomains using a provided word list
- Striker
- Cloudflare bypass
- DNS Enum
- Checks for WordPress use
- And more
- Fuzzing
- Security Tools for All
Hardware Tools
- https://null-byte.wonderhowto.com/how-to/run-usb-rubber-ducky-scripts-super-inexpensive-digispark-board-0198484/
- https://www.aliexpress.com/item/4000051256454.html
Reference
- Reverse Engineering
- Known bad hosts/ C2Cs
Blogs / Websites
Mix
- https://0xdarkvortex.dev/
- https://0ffset.net/
- https://msrc-blog.microsoft.com/category/srd/
- https://threatvector.cylance.com/
- https://www.fireeye.com/blog.html
- https://googleprojectzero.blogspot.com/
- https://vxug.fakedoma.in/
Reverse Engineering
- https://medium.com/@ryancor/reverse-engineering-encrypted-code-segments-b01aead67701
- https://www.malwaretech.com/
- https://malwareunicorn.org/
- https://about.me/hasherezade
- https://mayahustle.com/
Microsoft / Windows
- http://www.geoffchappell.com/
- https://tyranidslair.blogspot.com/
- https://sandboxescaper.blogspot.com/2019/10/hunting-for-filesystem-bugs.html
- https://www.cyberark.com/threat-research-blog/follow-the-link-exploiting-symbolic-links-with-ease/
- https://windows-internals.com/category/windows-internals/
- https://youtu.be/0KO3oGXtMNo
DFIR
Podcasts
- Risky Business
- Security Now
- Security Weekly
- Darknet Diaries
- BHIS Podcast
- TrustedSec Podcast
Conferences
- DEFCON
- Black Hat
- BSides
- S4
- INFILTRATE
Training
- SANS Institute
- OSCP
- Cybrary
- Pluralsight
- ISC2
- Cyber Aces
- Infosec Institute
- SecureNinja
- YouTube
- OpenSecurityTraining
- EC-Council
- NICCS
- ICS-CERT
- VeteranSec.com
- https://workplus.splunk.com/veterans
- withyouwithme.com
- https://www.bleepingcomputer.com/news/security/free-cybersecurity-training-now-available-for-us-veterans/
- https://samsclass.info/
- University/College
- Computer Science Degree
- Software Engineering Degree
- Cyber Security Degree
ICS
https://github.com/Ka0sKl0wN/ICS-Security-Study-Resources
Certifications Prep
GIAC
Building an Index:
- https://tisiphone.net/2015/08/18/giac-testing/
- https://www.ericooi.com/how-to-build-a-sans-giac-index/
- https://www.youtube.com/watch?v=bHpkTArlXWc&feature=emb_logo