Skip to content

Latest commit

 

History

History
338 lines (275 loc) · 22.2 KB

README.md

File metadata and controls

338 lines (275 loc) · 22.2 KB

Cybersecurity Handbook

📌 Description

This attemps to be a collection of Cybersecurity knowledge. I seek to encourage you to persue your curiosity. It's up to you how deep you want to dive in any subject.

Each topic is only described in an introductory level. Learning how to apply those concepts in real-life scenarios is up to you to research and experiment.


Fundamentals

Tools

Category Resource Description
Delivery Apache A popular open-source web server.
bdfproxy Payload injection in downloads.
Evilgrade Facilitates update exploitation via DNS spoofing.
Exploiting Exploit DB Database of exploits and docusaurus/docs/vulnerabilities.
Frameworks BeEf Framework for exploiting web browsers.
Burp Integrated platform for web application security.
Metasploit Popular framework for developing and executing exploit code against remote targets.
Nexpose Vulnerability scanner with integrated risk management.
Veil Generate antivirus-evading payloads.
Guidelines OSSTM Manual for open source security testing.
OWASP Non-profit organization with guidelines for web application security.
OWISAM Methodology for web application security assessments.
PTES Standard methodology for penetration testing.
Intelligence HUMIT Intelligence gathering from human sources.
OSINT Techniques for gathering information from publicly available sources.
SOCMINT Collection and analysis of data from social media platforms.
Malware Analysis binwalk Firmware analysis tool.
exiftool Software for reading, writing, and manipulating metadata in files.
Hybrid-Analysis Online malware analysis service.
md5deep Recursive hash computations.
Payloads msfvenom Payload generation tool.
Post Exploitation Meterpreter Advanced multi-function payload.
Scanning aircrack-ng Suite of tools for WiFi network security testing.
ARPSpoof Network auditing and ARP spoofing.
Bettercap Comprehensive tool for network analysis and attacks.
Discover Automating the process of detecting a target's network.
HunterIO Online service for finding and verifying email addresses.
IP Scanner Free, fast and powerful network scanner.
nmap (Link) Network discovery and security auditing tool.
OSINT Techniques to collect information from open sources.
Shodan Search engine for Internet-connected devices.
Wireshark Widely-used network protocol analyzer.
Zenmap Graphical interface for nmap.
MANA Toolkit Toolkit for setting up rogue access points.
Social Engineering Maltego Interactive data mining tool.
SendingBlue Email marketing service.
Utilities crunch Custom wordlist generator.
cupp Custom wordlist generator.
ifconfig/iwconfig Configuring network interfaces.
Web Applications SQLmap Automated tool for SQL injection testing.
sqlninja Exploiting SQL injection docusaurus/docs/vulnerabilities.
ffuf Web fuzzer (directory/vhost discovery).
Windows Security Windows Security Infrastructure Overview of Windows security infrastructure.

Cryptograpgy

Concepts and practices

Schemes

Cryptosystems

Crypto attacks

Offensive security

SQLi

XSS

Wordpress

Bug Bounty

Networking & Telecommunications

Concepts and practices

Standards

Protocols and specifications

Attacks

Social Engineering

Resource Description
Impersonating Deceiving by pretending to be someone else to gain unauthorized access or information.
Eavesdropping Listening in on private conversations or transmissions to gather sensitive information.
Shoulder Surfing Observing someone's private information by looking over their shoulder, often in public places.
Dumpster Diving Searching through trash to find sensitive documents or data that have been discarded.
Piggybacking Gaining unauthorized access to restricted areas by following someone with authorized access.
Tailgating Similar to piggybacking, it involves following closely behind a person to enter a secure area.
Vishing Phishing attacks conducted via telephone or voice communication.
Phishing Sending fraudulent communications that appear to come from a reputable source, usually via email.
Spam Unsolicited and often irrelevant messages sent over the Internet, typically to a large number of users.
Fake Security Apps Applications that pretend to provide security but are actually malicious software.
Baiting Offering something enticing to an end user in exchange for private information or access credentials.

Operating systems

Vulnerabilities Glossary

This is a list of vulnerabilities not included in the other sections.

Web

Server


💣 Other Resources

Links

Books summaries

Certifications study notes

Lectures

Pentesting & Bug hunting

SOC Analyst