Cybersecurity_Resources

Table of Contents

• General Stuff

• Scoping Phase

• Reconnaissance

• Vulnerability Assessment

• Exploitation

• Post Exploitation

• Exploit Developement

• Reporting

• Prevention

• Malware Analysis

• Reverse Engineering

• Vulnerability Databases

General Stuff

News and Magazines

• Ars Technica
• CIO Security
• CSO Online
• Dark Reading
• Guardian Information Security Hub
• Homeland Security News Wire – Cybersecurity
• Infosecurity Magazine
• SC Magazine
• Secure List
• Threat Post

Blogs

• Google Online Security Blog
• InfoSec Resources
• Krebs on Security
• Microsoft Malware Protection Center Blog
• Security Bloggers Network

Books

• Where Wizards Stay Up Late
• Security Metrics: Replacing Fear, Uncertainty, and Doubt
• Secrets and Lies
• No Place to Hide: Edward Snowden, the NSA, and the U.S. Surveillance State
• Cyber War: The Next Threat to National Security and What to Do About It
• Confront and Conceal: Obama’s Secret Wars and Surprising Use of American Power
• Breaking In to Information Security

Security Groups/Communities

• AFCEA Chapters - AFCEA is concerned with cyber security as it relates to defense, homeland security and intelligence communities. Chapters are spread throughout the world.
• CSA Chapters - As CSA puts it, members are usually composed of a credible group of cloud security experts for the region. Chapters are located around the globe and must have a minimum of 20 CSA members.
• IEEE Chapter - Focused on the advancement of technology, IEEE Technical Chapters contain members from one or more IEEE Societies/Technical Councils who share technical interests and geographical proximity. Chapter events include guest speakers, workshops, seminars and social functions.
• ISACA Local Chapters - ISACA is one of the biggest networking organizations, with 200+ chapters worldwide. Chapters sponsor local educational seminars and workshops, conduct IT research projects and provide members with a number of leadership training opportunities.
• OWASP Chapters Program - Unlike other programs which require membership, OWASP chapters are free, open to all and managed by a set of universal guidelines.

Conferences

• Nullcon - Founded in 2010, Nullcon provides a platform for exchanging information on the latest attack vectors, zero day vulnerabilities and unknown threats. Held annually in Delhi and Goa.
• RSA Security Conference - Founded by RSA in 1991, this conference is intended to serve as a forum for cryptographers to share the latest knowledge and advancements in the area of Internet security. Annual industry events in the U.S., Europe and Asia.
• DEFCON - Held annually in Las Vegas, DEF CON is one of the largest and most notorious hacking conferences in the world. In addition to talks, there are a huge variety of social events and contests.
• SANS CDI: Cyber Defense Initiative - Thanks to SANS’s position as one of the biggest players in information security training and certification, the CDI conference draws a healthy crowd. This is where the Netwars Tournament of Champions takes place.

Scoping Phase

Articles/Research Papers

• Scoping a pentest
• The Importance of Scope in Penetration Testing
• How do you determine the scope of a penetration test?
• Scoping a penetration test

Tutorials

• Pentest Walkthrough - Scoping & Planning
• The Rules of Engagement For Performing Penetration Testing

Reconnaissance

Articles/Research Papers

• Penetration Testing: Intelligence Gathering
• Penetration Testing Introduction: Scanning & Reconnaissance
• Passive Reconnaissance
• Reconnaissance and Social Engineering Risks as Effects of Social Networking
• Importance of Reconnaissance in Pentesting
• Google Dorking

Tools

• CHECKUSERNAMES - CheckUserNames is an online username checker that lets type in any username and check its availability across top 45 social networking sites.
• ';--have i been pwned? - It helps in checking if you have an account that has been compromised in a data breach
• BeenVerified - Helps in searching compelling data, such as social profiles and photos, properties and assets, bankruptcy information and more
• Censys -
• Maltego - Maltego is a software used for open-source intelligence and forensics, developed by Paterva.
• theHarvester - theHarvester is a tool for gathering e-mail accounts, subdomain names, virtual hosts, open ports/ banners, and employee names from different public sources (search engines, pgp key servers).
• Shodan - It is the world's first search engine for Internet-connected devices.
• Fierce - It is meant specifically to locate likely targets both inside and outside a corporate network.
• Unicornscan - Unicornscan is an attempt at a User-land Distributed TCP/IP stack. It is intended to provide a researcher a superior interface for introducing a stimulus into and measuring a response from a TCP/IP enabled device or network.
• Recon-ng - Recon-ng is a full-featured Web Reconnaissance framework written in Python. Complete with independent modules, database interaction, built in convenience.
• Nmap - NMAP is a free utility tool for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.

Tutorials

• OSNIT
• Recon-ng
• Nmap
• Information Gathering

Cheat Sheets

• Nmap
• Google Dorking
• Recon-ng v5
• Maltego
• Unicronscan