infosec.guide is a collection of resources for anyone in the infosec field
Switch branches/tags
Nothing to show
Clone or download
Latest commit 6b53ada Oct 15, 2018
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
media iniCom May 31, 2018
LICENSE Create LICENSE May 31, 2018
README.md Update README.md Oct 15, 2018

README.md

infosec.guide

infosec.guide




This is an introductory guide to tools, knowledge and resources useful for those in the InfoSec field. I was inspired to make this after seeing Sindre Sorhus' awesome list and also realising that the domain infosec.guide was available. Different from Sorhus' awesome list, this list will include things that are probably less than awesome, like proprietary software, because they are widely recognised and used.

If you think the list lack something that could be useful, either do a pull request or file an issue. Either way is fine, but please format it in Markdown as following:

- [Awesome thing](https://awesome-thing.com/) - Description of awesome thing.

Anything else won't be accepted. You could also suggest a new section if you believe it does not fit the ones below.

This is by no means any study plan or definite guide to every aspect that you will probably need, however I do think that as this list grows it will be able to give you a helping hand in what to learn next. If, however, you want me to create a sort of study plan, just ping me and I will try to start a list for that as well. A good starting point is to build stuff in Python (or any high-level language) and try to correlate it with InfoSec. Build a scraper; build something that utilises an exploit that you've heard of. The interpreter is the limit.

Contents

Programming languages

Low level

  • C - Low-level language useful to know if you are planning to dig into operative systems and understand their inner workings.
  • Go - Go (or golang) is a new language by Google that is specialises in concurrent execution. It is useful for making scalable web servers, but also for InfoSec tools that require speed. Bettercap is written in Go.
  • Rust - Rust is a blazingly fast language with focus on safe and secure code. Redox, a new microkernel based operative system, is written in Rust.

High level

  • Python - Python is a valuable tool for scripting things that cannot easily be done in shell scripting. It's also the perfect beginner's language with an extensive library and many resources available.

Scripting etc

  • bash - Unix shell with its own command language that can be executed as shell script files (.sh).
  • cmd - Windows' CLI with a primitive scripting language that can be executed as batch files (.bat).
  • Powershell - Microsoft's framework for task automation with its own scripting language. Useful from devOps to keystroke injection.

Books

Operative systems

Privacy, surveillance, censorship and privacy

Management

Learning hacking tools

Miscellaneous

  • PoC||GTFO by Travis Goodspeed et al. - Valuable source of both knowledge and inspiration to any hacker of any sort. In addition to the free issues available online, they are also published as a book that looks like a bible (because it is).
  • Schneier on Security by Bruce Schneier - Collection of essays from June 2002 to June 2008 that was published on his blog. For those with little to no initial knowledge in the field, this is a really good book to start with.

Editors

GUI

  • Atom - GitHub's open source editor that is highly customisable with unique features like collaborative writing (Teletype, using WebRTC).
  • Mark Text - Mark Text is an open source Markdown editor that features WYSIWYG editing, focus and typewriter modes, as well as a dark theme for your sore eyes. Can export to PDF and HTML.
  • Visual Studio Code - Microsoft's open source editor with a wide range of features like git integration, plugins and debuggers.

Terminal

  • emacs - More than just a text editor. Highly customisable with a mind boggling set of features.
  • Nano - A very simple text editor that is easy to learn.
  • vim - Vim is a highly configurable and efficient text editor. (You quit vim by typing ":q")

Software

Frameworks

Automatic exploitation tools

  • sqlmap - Automatic SQL injection and database takeover tool.

Disassemblers and debuggers

  • Cutter - GUI frontend for radare 2.
  • IDA Pro !--NOT FOSS--! - IDA Pro is a widely used proprietary disassembler and debugger.
  • Radare 2 - Forensics tool, scriptable CLI editor able to open disk files, analysing binaries, disassembling code, debugging programs, attaching to remote gdb servers, and so forth.
  • x64dbg - Open-source x64/x32 debugger for Windows.

Information gathering

  • amass - In-depth subdomain enumeration written in Go.
  • DotDotPwn - Directory Traversal Fuzzer
  • Golismero - Open source framework for security testing.
  • Lynis - Security auditing tool assisting compliance testing and system hardening.
  • Masscan - TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
  • Nikto - Open source webscanner.
  • Nmap - Network mapper; scans ports and has scripitng capabilities.
  • Pyparazzi - Link scanning on any domain.
  • Recon-ng - Web Reconnaissance framework written in Python.
  • Snort - lightweight network IDS, with real-time traffic analysis and packet logging on IP networks.
  • Tripwire - Security and data integrity tool for monitoring and alerting on file & directory changes.

Linux/BSD/UNIX tools

These tools are not a complete overview of what you need to know to get started using the terminal environment effectively. For that, there is a good and easy to follow video tutorial by Joe Collins that would help you.

  • alias - Creates an alias.
  • base64 - Base64 encode/decode data and print to standard output.
  • csplit - Split a file into sections determined by context lines
  • curl - Transfer data from or to a server, using various protocols.
  • cut - Remove sections from each line of files.
  • file - Determine file type.
  • find - Search for files in a directory hierarchy.
  • grep, egrep, fgrep - Print lines matching a pattern.
  • gzip, gunzip, zcat - Compress or expand files.
  • hexdump - Display file contents in ascii, decimal (base10), hexadecimal (base16), or octal (base8).
  • history - Display the command history list with line numbers.
  • link - Create a hard link or symbolic link (symlink).
  • strings - Print the strings of printable characters in files.
  • pinky, finger - Displays user activity.
  • tail - Output the last part of files.
  • unzip - List, test and extract compressed files in a ZIP archive.
  • zipgrep - Search files in a ZIP archive for lines matching a pattern.
  • zip - Package and compress (archive) files.

Projects

Privacy

  • Tor - A network that helps you defend against traffic analysis, network surveillance etc.

Journals and indices

  • CVE - Common Vulnerabilities and Exposures is a list of publicly known cybersecurity vulnerabilities.
  • Directory of Open Access Journals (DOAJ) - DOAJ is a community-curated online directory that indexes open access, peer-reviewed journals. All data is freely available under CC BY-SA.

Blogs

  • Krebs on Security - Brian Krebs is an American journalist and investigative reporter with great coverage on cybercrime.
  • Schneier on Security - Bruce Schneier is an American cryptographer, computer security professional, privacy specialist and writer.
  • Talos Intelligence - Cisco Talos Intelligence Group is one of the largest commercial intelligence teams in the world.
  • Shawn Webb (@lattera) - Security engineer for and cofounder of HardenedBSD.

Podcasts

  • Defensive Security - Cyber security podcast covering breaches and strategies for defence.

Video channels

  • 13Cubed - Infosec related topics including Digital Forensics and Incident Response (DFIR) and Penetration Testing.

Governmental sites

Guides and cheat sheets

Web security

Other

  • asciinema - Record and share your terminal sessions. Entirely terminal based; no GIFs or videos.
  • peek - Simple animated GIF screen recorder with an easy to use interface.