This attemps to be a collection of Cybersecurity knowledge. I seek to encourage you to persue your curiosity. It's up to you how deep you want to dive in any subject.
Each topic is only described in an introductory level. Learning how to apply those concepts in real-life scenarios is up to you to research and experiment.
- Cybersecurity Handbook
- Ethical hacking
- CID triad
- DiD: Defense in depth
- IOC: Indicator of compromise
- OWASP
- Threat mdeling
- Crowsourced testing
- White-box testing
| Category | Resource | Description |
|---|---|---|
| Delivery | Apache | A popular open-source web server. |
| bdfproxy | Payload injection in downloads. | |
| Evilgrade | Facilitates update exploitation via DNS spoofing. | |
| Exploiting | Exploit DB | Database of exploits and docusaurus/docs/vulnerabilities. |
| Frameworks | BeEf | Framework for exploiting web browsers. |
| Burp | Integrated platform for web application security. | |
| Metasploit | Popular framework for developing and executing exploit code against remote targets. | |
| Nexpose | Vulnerability scanner with integrated risk management. | |
| Veil | Generate antivirus-evading payloads. | |
| Guidelines | OSSTM | Manual for open source security testing. |
| OWASP | Non-profit organization with guidelines for web application security. | |
| OWISAM | Methodology for web application security assessments. | |
| PTES | Standard methodology for penetration testing. | |
| Intelligence | HUMIT | Intelligence gathering from human sources. |
| OSINT | Techniques for gathering information from publicly available sources. | |
| SOCMINT | Collection and analysis of data from social media platforms. | |
| Malware Analysis | binwalk | Firmware analysis tool. |
| exiftool | Software for reading, writing, and manipulating metadata in files. | |
| Hybrid-Analysis | Online malware analysis service. | |
| md5deep | Recursive hash computations. | |
| Payloads | msfvenom | Payload generation tool. |
| Post Exploitation | Meterpreter | Advanced multi-function payload. |
| Scanning | aircrack-ng | Suite of tools for WiFi network security testing. |
| ARPSpoof | Network auditing and ARP spoofing. | |
| Bettercap | Comprehensive tool for network analysis and attacks. | |
| Discover | Automating the process of detecting a target's network. | |
| HunterIO | Online service for finding and verifying email addresses. | |
| IP Scanner | Free, fast and powerful network scanner. | |
| nmap (Link) | Network discovery and security auditing tool. | |
| OSINT | Techniques to collect information from open sources. | |
| Shodan | Search engine for Internet-connected devices. | |
| Wireshark | Widely-used network protocol analyzer. | |
| Zenmap | Graphical interface for nmap. | |
| MANA Toolkit | Toolkit for setting up rogue access points. | |
| Social Engineering | Maltego | Interactive data mining tool. |
| SendingBlue | Email marketing service. | |
| Utilities | crunch | Custom wordlist generator. |
| cupp | Custom wordlist generator. | |
| ifconfig/iwconfig | Configuring network interfaces. | |
| Web Applications | SQLmap | Automated tool for SQL injection testing. |
| sqlninja | Exploiting SQL injection docusaurus/docs/vulnerabilities. | |
| ffuf | Web fuzzer (directory/vhost discovery). | |
| Windows Security | Windows Security Infrastructure | Overview of Windows security infrastructure. |
- Hashing
- Message Authentication Code (MAC)
- Mortal Sins of Crypto
- Padding
- Password Storage
- Key exchange
- XSS
- Types
- Discovering XSS
- Blind XSS
- Attacks
- Preventing XSS
- Devices
- Duplex
- Firewalls
- IDS/IPS
- Mime Sniffing
- Network communication types
- Network Topologies
- Packets
- Proxy Server
- SPOF: Single Point of Failure
- Subnetting
- User Agent
- WHATWG
- Commonly Used Port Numbers
- Cookies
- CORB: Cross-Origin Read Blocking
- CORS: Cross-Origin Resource Sharing
- CSP: Content Security Policy
- DOM: Document Object Model
- HTML
- HTTP / HTTPS
- HTTP Headers
- HTTP Requests
- IP Addressing
- MIME Types
- Routing Protocols
- SOP: Same-Origin-Policy
- SPF: Sender Policy Framework
- TCP/IP Model
- WHOIS
- DNS
- Virtual hosts
- Web crawling
- Passive infrastructure identification
- Passive subdomain enumeration
- Active infrastructure identification
- Active subdomain enumeration
| Resource | Description |
|---|---|
| Impersonating | Deceiving by pretending to be someone else to gain unauthorized access or information. |
| Eavesdropping | Listening in on private conversations or transmissions to gather sensitive information. |
| Shoulder Surfing | Observing someone's private information by looking over their shoulder, often in public places. |
| Dumpster Diving | Searching through trash to find sensitive documents or data that have been discarded. |
| Piggybacking | Gaining unauthorized access to restricted areas by following someone with authorized access. |
| Tailgating | Similar to piggybacking, it involves following closely behind a person to enter a secure area. |
| Vishing | Phishing attacks conducted via telephone or voice communication. |
| Phishing | Sending fraudulent communications that appear to come from a reputable source, usually via email. |
| Spam | Unsolicited and often irrelevant messages sent over the Internet, typically to a large number of users. |
| Fake Security Apps | Applications that pretend to provide security but are actually malicious software. |
| Baiting | Offering something enticing to an end user in exchange for private information or access credentials. |
- Linux
This is a list of vulnerabilities not included in the other sections.
- Auth-Z: Forced Browsing/Improper Authorization
- Clickjacking
- Command Injection
- Cookie Tampering
- CORS insecure configuration
- CSRF: Cross-Site Request Forgery
- File Inclusion
- File Upload
- Host Header
- HTML Injection
- Insuficient SPF
- MIME Sniffing
- Null Termination
- Path Traversal
- Parameter Tampering
- SQLi: Data Exfiltration
- SQLi: SQL Injection
- SSRF: Server-Side Request Forgery
- Subdomain Takeover
- Unchecked Redirects
- XXE: XML External Entities
- Bug Bounty Programs
- Learning Communities & Sites
- CTFs, Challenges and Vulnerable Systems
- Hack the box
- TryHackMe
- OWASP WebGoat Project
- Acunetix WVS
- Exploits, Payloads, Resources