An organized list of resources including tools, blog-posts and how-to tutorials compiled and created by Seasoned Cyber Security Professionals community members.
- Content by SCSP
- Books
- Interview Questions
- Linux Basics
- Basics of Web and Networks
- Programming Resources
- Resources and Write-ups
- Data Protection
- Exploit Development Resources
- Tools
- SIEM Solution
- Web Application Security
- Mobile Application Security
- How-to Tutorials
- Capture The Flag Walk-throughs
- Online Labs for Practice
- Vulnerable Virtual Machines
- SNORT IPS IDS
- Vulnerability Databases
- SCSP Seminar Presentation slides
- Bug Bounty Hunting
Content By SCSP ⤴
- Linux Privilege Escalation Cheat Sheet
- Memory Forensics Cheat Sheet
- OSCP Cheat Sheet Part 1
- OSCP Cheat Sheet Part 2
- SIEM Use Cases Part 1
- SIEM Use Cases Part 2
- SIEM Use Cases Part 3
- Subdomain Enumeration Cheat Sheet
- Types of Windows Authentication
- Where to find OWASP Top 10 Mobile Vulnerabilities
- Windows Privilege Escalation Cheat Sheet
- Bug Bounty Tips
- OSINT Tools for Reconnaissance
Books ⤴
- Nmap Network Scanning by Gordon Fyodor Lyon
- Wireshark Network Analysis by Laura Chappell
- Practical Packet Analysis by Chris Sanders
- Ghost in the Wires - My Adventures as the World's Most Wanted Hacker by Kevin Mitnick, William L. Simon
- No Tech Hacking by Johnny Long & Jack Wiles
- The Art of Deception by Kevin D. Mitnick & William L. Simon
- Unmasking the Social Engineer: The Human Element of Security by Christopher Hadnagy
- Malware analysis cookbook - tools and techniques for fighting malicious code by Michael Ligh
- The Art of Memory Forensics by Michael Hale Ligh
- Practical Malware Analysis by Michael Sikorski & Andrew Honig
- Android Hacker's Handbook by Joshua J. Drake
- The Mobile Application Hacker's Handbook by Dominic Chell
- iOS Hacker's Handbook by Charlie Miller
- OWASP Mobile Security Testing Guide (MSTG)
- Exploiting Androids for Fun and Profit
- SEI CERT Android Secure Coding Standard
- Android Security Internals
- Android Cookbook
- Android Security Cookbook
- Android Malware and Analysis
- Android Security: Attacks and Defenses
- Hacking and Securing iOS Applications: Stealing Data, Hijacking Software, and How to Prevent It
- iOS Penetration Testing
- iOS App Security, Penetration Testing, and Development
- Hacking iOS Applications a detailed testing guide
- Develop iOS Apps (Swift)
- iOS Programming Cookbook
- The Web Application Hackers Handbook by Dafydd Stuttard
- Hacking Web Apps: Detecting and Preventing Web Application Security Problems by Mike Shema
- The Tangled Web: A Guide to Securing Modern Web Applications by Michal Zalewski
- The Basics of Web Hacking: Tools and Techniques to Attack the Web by Josh Pauli
- Web Penetration Testing with Kali Linux by Joseph Muniz & Aamir Lakhani
- Web Application Security, A Beginner's Guide by Bryan Sullivan
- Penetration Testing - A Hands-On Introduction to Hacking by Georgia Weidman
- The Basics of Hacking and Penetration Testing by Patrick Engebretson
- Advanced Penetration Testing by Wil Allsopp
- Metasploit: The Penetration Tester's Guide by David Kennedy
- The Art of Exploitation by Jon Erickson
- The Hacker Playbook: Practical Guide To Penetration Testing by Peter Kim
- Practical Reverse Engineering by Bruce Dang
- Reverse Engineering for Beginners by Dennis Yurichev
- The IDA Pro Book by Chris Eagle
- Network Forensics: Tracking Hackers through Cyberspace by Sherri Davidoff & Jonathan Ham
- The Art of Memory Forensics by Michael Ligh, Andrew Case, Jamie Levy, and AAron Walters
- Cryptography Engineering Principles Practical Applications
- Black Hat Python: Python Programming for Hackers and Pentesters by Justin Seitz
- Violent Python by TJ O'Connor
Linux Basics ⤴
Interview Questions ⤴
- Interview Questions for Penetration Testers
- Interview Questions for SOC Analysts
- Interview Questions for Digital Forensics Investigators
- Interview Questions for Application Security Testers
Basics of Web and Networks ⤴
An overview of what is the World Wide Web and how it works.
https://www.tutorialspoint.com/web_developers_guide/web_basic_concepts.htm
https://developers.google.com/web/fundamentals/security/
http://www.alphadevx.com/a/7-The-Basics-of-Web-Technologies
http://www.cs.kent.edu/~svirdi/Ebook/wdp/ch01.pdf
HyperText Transfer Protocol is must to understand while learning Web Application Security.
You must learn how an application communicates with its end users and the servers it is hosted on.
From these links you can HTTP Protocols, HTTP Requests, Response, Status Codes, Encoding/Decoding, HTTP with a security perspective e.g SOP, Cookies, MIEM etc.
These will be helpful to you later on with Web application testing.
https://www.w3.org/Protocols/
https://www.w3schools.com/whatis/whatis_http.asp
https://www.tutorialspoint.com/http/http_status_codes.htm
https://www.tutorialspoint.com/http/http_url_encoding.htm
https://www.tutorialspoint.com/http/http_requests.htm
https://www.tutorialspoint.com/http/http_responses.htm
https://www.hacker101.com/sessions/web_in_depth
A basic understanding of networking is important for anyone who’s into cybersecurity.
https://commotionwireless.net/docs/cck/networking/learn-networking-basics/
https://commotionwireless.net/docs/cck/networking/learn-networking-basics/
https://www.slideshare.net/variwalia/basic-to-advanced-networking-tutorials
https://www.cisco.com/c/en/us/solutions/small-business/resource-center/networking/networking-basics.html
http://www.penguintutor.com/linux/basic-network-reference
https://www.utilizewindows.com/list-of-common-network-port-numbers/
https://code.tutsplus.com/tutorials/an-introduction-to-learning-and-using-dns-records–cms-24704
https://www.digitalocean.com/community/tutorials/an-introduction-to-networking-terminology-interfaces-and-protocols
Programming Resources ⤴
https://www.w3schools.com/html
https://www.codecademy.com/learn/learn-html
https://learn.shayhowe.com/advanced-html-css
https://htmldog.com/guides/html/advanced
https://www.w3schools.com/php/
https://stackify.com/learn-php-tutorials/
https://www.codecademy.com/learn/learn-php
https://www.guru99.com/php-tutorials.html
https://www.codecademy.com/learn/paths/web-development
https://www.youtube.com/watch?v=PkZNo7MFNFg
https://www.codecademy.com/learn/introduction-to-javascript
https://learnjavascript.today/
https://www.thebalancecareers.com/learn-javascript-online-2071405
https://www.youtube.com/watch?v=HXV3zeQKqGY
https://www.w3schools.com/sql/
https://www.codecademy.com/learn/learn-sql
http://www.sqlcourse.com/
https://www.youtube.com/watch?v=vLnPwxZdW4Y
https://www.learncpp.com/
https://www.codecademy.com/learn/learn-c-plus-plus
https://www.sololearn.com/Course/CPlusPlus/
https://www.learn-c.org/
https://www.youtube.com/watch?v=KJgsSFOSQv0
https://www.codecademy.com/learn/learn-java
https://www.geeksforgeeks.org/java-how-to-start-learning-java/
https://www.learnjavaonline.org/
https://www.youtube.com/watch?v=grEKMHGYyns
https://realpython.com/
https://docs.python.org/3/tutorial/
https://drive.google.com/drive/u/0/folders/0ByWO0aO1eI_MT1E1NW91VlJ2TVk?fbclid=IwAR35WNZwBQudINaZ10I5ZA2YDQdtNXSEwRyEiLEK91_csJ7ekN1ut7AQNeQ
https://www.tutorialspoint.com/unix/shell_scripting.htm
https://www.learnshell.org/
https://medium.com/quick-code/top-tutorials-to-learn-shell-scripting-on-linux-platform-c250f375e0e5
https://www.learnrubyonline.org/
https://www.codecademy.com/learn/learn-ruby
https://tour.golang.org/welcome/1
https://www.udemy.com/learn-go-the-complete-bootcamp-course-golang/
Resources and Write-ups ⤴
- How Antivirus Works
- What is Intrusion Detection System and Intrusion Prevention System
- Server Side Template Injection
- Snort Installation on Kali Linux
- Detection of DoS Attack via Snort
- Data Privacy and Protection
- XXE Vulnerability Explanation
- XXE Vulnerability Lab
- Building a Port Scanner with Python
- Introducution to Github
- Buffer Overflow Vulnerability
Exploit Development Resources ⤴
- Exploit Writing Tutorials - Tutorials on how to develop exploits.
- Shellcode Examples - Shellcodes database.
- Shellcode Tutorial - Tutorial on how to write shellcode.
Tools ⤴
(Coming Soon)
- What is SIEM? A Beginner’s Guide
- What is SIEM? Updated Resource Guide For 2020
- OSSEC and ELK as a unified SIEM
- SANS - Creating Your Own SIEM and Incident Response Toolkit Using Open Source Tools
- Open Source SIEM Tools
- SIEM Use Cases Part 1
- SIEM Use Cases Part 2
- SIEM Use Cases Part 3
How-to Tutorials ⤴
- Buffer Overflow
- XXE Vulnerability Explanation
- XXE Vulnerability Lab
- Building a Port Scanner with Python
- Introducution to Github
- Kali Tools - Sublist3r
- Kali Tools - EyeWitness
- Kali Tools - SQLMap
- Kali Tools - GoBuster
- Kali Tools - JoomScan
- Kali Tools - HTTPProbe
- Kali Tools - Nikto
- Kali Tools - CherryTree
- Kali Tools - Davtest
- Kali Tools - DNSEnum
- Kali Tools - Apache Users
- Kali Tools - URL Crazy
- Kali Tools - Enum4linux
- Kali Tools - Searchsploit
- Kali Tools - Crunch
- Kali Tools - SSLstrip
- Kali Tools - SSLyze
- OSINT Tools - Buster
- OSINT Tools - Danger Zone
- OSINT Tools - R3con1z3r
- OSINT Tools - Shodan
- OSINT Tools - theHarvester
- OSINT Tools - TinEye
- OSINT Tools - SpiderFoot
- OSINT Tools - Metagoofil
Capture The Flag Walk-throughs ⤴
- Basic Pentesting 1
- Mr.Robot (OSCP-like)
- PwnLab:init (OSCP-like)
- Fristileaks 1.3 (OSCP-like)
- Vulnix (OSCP-like)
- Stapler 1 (OSCP-like)
- Remote Vulnerability 101 - Pentester Academy
- Brainpan 1 (OSCP-like)
- VulnOS 2 (OSCP-like)
- Kioptrix 1 (OSCP-like)
- SickOS 1,1 (OSCP-like)
- SkyTower (OSCP-like)
- Tr0ll 1 (OSCP-like)
Online Labs for Practice ⤴
- Buffer-Overflow Vulnerability Lab
Launching an attack to exploit the buffer-overflow vulnerability using shellcode. - Race-Condition Vulnerability Lab
Exploiting the race condition vulnerability in privileged program. - TCP/IP Attack Lab
Launching attacks to exploit the vulnerabilities of the TCP/IP protocol, including session hijacking, SYN flooding, TCP reset attacks, etc. - Heartbleed Attack Lab
Using the heartbleed attack to steal secrets from a remote server. - Packet Sniffing and Spoofing Lab
Writing programs to sniff packets sent over the local network; writing programs to spoof various types of packets. - From SQL Injection to Shell
This exercise explains how to gain access to the admin console using SQL injection, gain access to the administration console. - Web for Pentester
This exercise is a set of the most common web vulnerabilities. - Electronic Code Book
This exercise explains how you can tamper with an encrypted cookies to access another user's account. - XSS and MySQL FILE
This exercise explains how you to get access to admin's cookies using Cross-Site Scripting vulnerability. And after gaining access use the admin panel to exploit a SQLi vulnerability. - Pentester Lab
Pentester Labs contains a wide variety to practice web based vulnerabilities. - Port Swigger Web Security Academy
Designed by the creators of Burp Suite, the Web Security Academy is a free online training center for web application security. - Acunetix ASP Test
Acunetix ASP test and demonstration site - Acunetix ASP.NET Test
Acunetix ASP.Net test and demonstration site - Acunetix PHP Test
Acunetix PHP test and demonstration site - Hack this Site
A website designed where ethical hackers can legally test out their skills - Secret Key Encryption Lab
Exploring the secret-key encryption and its applications using OpenSSL. - One-Way Hash Function Lab
Exploring one-way hash function and its applications using OpenSSL. - Public-Key Cryptography and PKI Lab
Exploring public-key cryptography, digital signature, certificate, and PKI using OpenSSL. - Android Repackaging Lab
Insert malicious code inside an existing Android app, and repackage it. - Android Device Rooting Lab
Develop an OTA (Over-The-Air) package from scratch to root an Android device. - OWASP iGoat
- Damn Vulnerable iOS App (DVIA) v2
- Damn Vulnerable iOS App (DVIA) v1
- iPhoneLabs
- iOS-Attack-Defense
- DIVA (Damn insecure and vulnerable App)
- SecurityShepherd
- Damn Vulnerable Hybrid Mobile App (DVHMA)
- OWASP-mstg
- VulnerableAndroidAppOracle
- Android InsecureBankv2
- Purposefully Insecure and Vulnerable Android Application (PIIVA)
- Sieve app
- DodoVulnerableBank
- Digitalbank
- OWASP GoatDroid
- AppKnox Vulnerable Application
- Vulnerable Android Application
- MoshZuk
- Hackme Bank
- Android Security Labs
- Android-InsecureBankv2
- Android-security
- VulnDroid
Vulnerable Virtual Machines ⤴
- Damn Vulnerable Web Application (DVWA)
Damn Vulnerable Web Application (DVWA) is a PHP/MySQL web application that is vulnerable to multiple web attacks. - OWASP Broken Web Applications Project
Open Web Application Security Project (OWASP) Broken Web Applications Project, a collection of vulnerable web applications that people can practice their skills on. - WebGoat
WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons. - OWASP Security Shepherd
The OWASP Security Shepherd project is a web and mobile application security training platform. - Vulnhub
A collection of vulnerable machines to practice on. You can download the vulnerable vms on your system and learn pentesting - Hack the box
A collection of vulnerable machines and challenges
Vulnerability Databases ⤴
List of resources containing known list of exploits and common vulnerabilities found in softwares, OS, Mobile applications, CMS etc.
- Bugtraq (BID)
- Common Vulnerabilities and Exposures (CVE)
- Distributed Weakness Filing (DWF)
- Exploit-DB
- Full-Disclosure
- Inj3ct0r
- Microsoft Security Advisories
- Microsoft Security Bulletins
- Mozilla Foundation Security Advisories
- National Vulnerability Database (NVD)
- Vulnerability Lab
- Zero Day Initiative
SCSP Seminar Presentations Slides ⤴
(Coming Soon)