An organized list of resources including tools, blog-posts and how-to tutorials compiled and created by SCSP community members.

Cyber Security Resources by SCSP

An organized list of resources including tools, blog-posts and how-to tutorials compiled and created by Seasoned Cyber Security Professionals community members.

Follow us on

Table of Contents

• Content by SCSP
• Books
• Interview Questions
• Linux Basics
• Basics of Web and Networks
• Programming Resources
• Resources and Write-ups
• Data Protection
• Exploit Development Resources
• Tools
• SIEM Solution
• Web Application Security
• Mobile Application Security
• How-to Tutorials
• Capture The Flag Walk-throughs
• Online Labs for Practice
• Vulnerable Virtual Machines
• SNORT IPS IDS
• Vulnerability Databases
• SCSP Seminar Presentation slides
• Bug Bounty Hunting

Content By SCSP ⤴

• Linux Privilege Escalation Cheat Sheet
• Memory Forensics Cheat Sheet
• OSCP Cheat Sheet Part 1
• OSCP Cheat Sheet Part 2
• SIEM Use Cases Part 1
• SIEM Use Cases Part 2
• SIEM Use Cases Part 3
• Subdomain Enumeration Cheat Sheet
• Types of Windows Authentication
• Where to find OWASP Top 10 Mobile Vulnerabilities
• Windows Privilege Escalation Cheat Sheet
• Bug Bounty Tips
• OSINT Tools for Reconnaissance

Books ⤴

Network Analysis

• Nmap Network Scanning by Gordon Fyodor Lyon
• Wireshark Network Analysis by Laura Chappell
• Practical Packet Analysis by Chris Sanders

Social Engineering

• Ghost in the Wires - My Adventures as the World’s Most Wanted Hacker by Kevin Mitnick, William L. Simon
• No Tech Hacking by Johnny Long & Jack Wiles
• The Art of Deception by Kevin D. Mitnick & William L. Simon
• Unmasking the Social Engineer: The Human Element of Security by Christopher Hadnagy

Malware Analysis

• Malware analysis cookbook - tools and techniques for fighting malicious code by Michael Ligh
• The Art of Memory Forensics by Michael Hale Ligh
• Practical Malware Analysis by Michael Sikorski & Andrew Honig

Mobile Application

• Android Hacker’s Handbook by Joshua J. Drake
• The Mobile Application Hacker’s Handbook by Dominic Chell
• iOS Hacker’s Handbook by Charlie Miller
• OWASP Mobile Security Testing Guide (MSTG)
• Exploiting Androids for Fun and Profit
• SEI CERT Android Secure Coding Standard
• Android Security Internals
• Android Cookbook
• Android Security Cookbook
• Android Malware and Analysis
• Android Security: Attacks and Defenses
• Hacking and Securing iOS Applications: Stealing Data, Hijacking Software, and How to Prevent It
• iOS Penetration Testing
• iOS App Security, Penetration Testing, and Development
• Hacking iOS Applications a detailed testing guide
• Develop iOS Apps (Swift)
• iOS Programming Cookbook

Web Application

• The Web Application Hackers Handbook by Dafydd Stuttard
• Hacking Web Apps: Detecting and Preventing Web Application Security Problems by Mike Shema
• The Tangled Web: A Guide to Securing Modern Web Applications by Michal Zalewski
• The Basics of Web Hacking: Tools and Techniques to Attack the Web by Josh Pauli
• Web Penetration Testing with Kali Linux by Joseph Muniz & Aamir Lakhani
• Web Application Security, A Beginner’s Guide by Bryan Sullivan

Penetration Testing

• Penetration Testing - A Hands-On Introduction to Hacking by Georgia Weidman
• The Basics of Hacking and Penetration Testing by Patrick Engebretson
• Advanced Penetration Testing by Wil Allsopp
• Metasploit: The Penetration Tester’s Guide by David Kennedy
• The Art of Exploitation by Jon Erickson
• The Hacker Playbook: Practical Guide To Penetration Testing by Peter Kim

Reverse Engineering

• Practical Reverse Engineering by Bruce Dang
• Reverse Engineering for Beginners by Dennis Yurichev
• The IDA Pro Book by Chris Eagle

Forensics

• Network Forensics: Tracking Hackers through Cyberspace by Sherri Davidoff & Jonathan Ham
• The Art of Memory Forensics by Michael Ligh, Andrew Case, Jamie Levy, and AAron Walters

Cryptography

• Cryptography Engineering Principles Practical Applications

Python for Hackers

• Black Hat Python: Python Programming for Hackers and Pentesters by Justin Seitz
• Violent Python by TJ O’Connor

Linux Basics ⤴

• Basic Commands for Linux

Interview Questions ⤴

• Interview Questions for Penetration Testers
• Interview Questions for SOC Analysts
• Interview Questions for Digital Forensics Investigators
• Interview Questions for Application Security Testers

Basics of Web and Networks ⤴

Web

An overview of what is the World Wide Web and how it works.

https://www.tutorialspoint.com/web_developers_guide/web_basic_concepts.htm https://developers.google.com/web/fundamentals/security/ http://www.alphadevx.com/a/7-The-Basics-of-Web-Technologies http://www.cs.kent.edu/~svirdi/Ebook/wdp/ch01.pdf

HTTP

HyperText Transfer Protocol is must to understand while learning Web Application Security. You must learn how an application communicates with its end users and the servers it is hosted on. From these links you can HTTP Protocols, HTTP Requests, Response, Status Codes, Encoding/Decoding, HTTP with a security perspective e.g SOP, Cookies, MIEM etc. These will be helpful to you later on with Web application testing.

https://www.w3.org/Protocols/ https://www.w3schools.com/whatis/whatis_http.asp https://www.tutorialspoint.com/http/http_status_codes.htm https://www.tutorialspoint.com/http/http_url_encoding.htm https://www.tutorialspoint.com/http/http_requests.htm https://www.tutorialspoint.com/http/http_responses.htm https://www.hacker101.com/sessions/web_in_depth

Networking:

A basic understanding of networking is important for anyone who’s into cybersecurity.

https://commotionwireless.net/docs/cck/networking/learn-networking-basics/ https://commotionwireless.net/docs/cck/networking/learn-networking-basics/ https://www.slideshare.net/variwalia/basic-to-advanced-networking-tutorials https://www.cisco.com/c/en/us/solutions/small-business/resource-center/networking/networking-basics.html http://www.penguintutor.com/linux/basic-network-reference https://www.utilizewindows.com/list-of-common-network-port-numbers/ https://code.tutsplus.com/tutorials/an-introduction-to-learning-and-using-dns-records–cms-24704 https://www.digitalocean.com/community/tutorials/an-introduction-to-networking-terminology-interfaces-and-protocols

Programming Resources ⤴

HTML:

https://www.w3schools.com/html https://www.codecademy.com/learn/learn-html https://learn.shayhowe.com/advanced-html-css https://htmldog.com/guides/html/advanced

PHP:

https://www.w3schools.com/php/ https://stackify.com/learn-php-tutorials/ https://www.codecademy.com/learn/learn-php https://www.guru99.com/php-tutorials.html https://www.codecademy.com/learn/paths/web-development

JavaScript:

https://www.youtube.com/watch?v=PkZNo7MFNFg https://www.codecademy.com/learn/introduction-to-javascript https://learnjavascript.today/ https://www.thebalancecareers.com/learn-javascript-online-2071405

SQL(Structured Query Language):

https://www.youtube.com/watch?v=HXV3zeQKqGY https://www.w3schools.com/sql/ https://www.codecademy.com/learn/learn-sql http://www.sqlcourse.com/

C/C++

https://www.youtube.com/watch?v=vLnPwxZdW4Y https://www.learncpp.com/ https://www.codecademy.com/learn/learn-c-plus-plus https://www.sololearn.com/Course/CPlusPlus/ https://www.learn-c.org/ https://www.youtube.com/watch?v=KJgsSFOSQv0

Java:

https://www.codecademy.com/learn/learn-java https://www.geeksforgeeks.org/java-how-to-start-learning-java/ https://www.learnjavaonline.org/ https://www.youtube.com/watch?v=grEKMHGYyns

Python:

https://realpython.com/ https://docs.python.org/3/tutorial/ https://drive.google.com/drive/u/0/folders/0ByWO0aO1eI_MT1E1NW91VlJ2TVk?fbclid=IwAR35WNZwBQudINaZ10I5ZA2YDQdtNXSEwRyEiLEK91_csJ7ekN1ut7AQNeQ

Bash:

https://www.tutorialspoint.com/unix/shell_scripting.htm https://www.learnshell.org/ https://medium.com/quick-code/top-tutorials-to-learn-shell-scripting-on-linux-platform-c250f375e0e5

Ruby:

https://www.learnrubyonline.org/ https://www.codecademy.com/learn/learn-ruby

Golang:

https://tour.golang.org/welcome/1 https://www.udemy.com/learn-go-the-complete-bootcamp-course-golang/

Resources and Write-ups ⤴

• How Antivirus Works
• What is Intrusion Detection System and Intrusion Prevention System
• Server Side Template Injection
• Snort Installation on Kali Linux
• Detection of DoS Attack via Snort
• Data Privacy and Protection
• XXE Vulnerability Explanation
• XXE Vulnerability Lab
• Building a Port Scanner with Python
• Introducution to Github
• Buffer Overflow Vulnerability

Exploit Development Resources ⤴

• Exploit Writing Tutorials - Tutorials on how to develop exploits.
• Shellcode Examples - Shellcodes database.
• Shellcode Tutorial - Tutorial on how to write shellcode.

Tools ⤴

(Coming Soon)

SIEM Solutions

• What is SIEM? A Beginner’s Guide
• OSSEC and ELK as a unified SIEM
• SANS - Creating Your Own SIEM and Incident Response Toolkit Using Open Source Tools
• Open Source SIEM Tools
• SIEM Use Cases Part 1
• SIEM Use Cases Part 2
• SIEM Use Cases Part 3

How-to Tutorials ⤴

• Buffer Overflow
• XXE Vulnerability Explanation
• XXE Vulnerability Lab
• Building a Port Scanner with Python
• Introducution to Github
• Kali Tools - Sublist3r
• Kali Tools - EyeWitness
• Kali Tools - SQLMap
• Kali Tools - GoBuster
• Kali Tools - JoomScan
• Kali Tools - HTTPProbe
• Kali Tools - Nikto
• Kali Tools - CherryTree
• Kali Tools - Davtest
• Kali Tools - DNSEnum
• Kali Tools - Apache Users
• Kali Tools - URL Crazy
• Kali Tools - Enum4linux
• Kali Tools - Searchsploit
• Kali Tools - Crunch
• Kali Tools - SSLstrip
• Kali Tools - SSLyze
• OSINT Tools - Buster
• OSINT Tools - Danger Zone
• OSINT Tools - R3con1z3r
• OSINT Tools - Shodan
• OSINT Tools - theHarvester
• OSINT Tools - TinEye
• OSINT Tools - SpiderFoot
• OSINT Tools - Metagoofil

Capture The Flag Walk-throughs ⤴

• Basic Pentesting 1
• Mr.Robot (OSCP-like)
• PwnLab:init (OSCP-like)
• Fristileaks 1.3 (OSCP-like)
• Vulnix (OSCP-like)
• Stapler 1 (OSCP-like)
• Remote Vulnerability 101 - Pentester Academy
• Brainpan 1 (OSCP-like)
• VulnOS 2 (OSCP-like)
• Kioptrix 1 (OSCP-like)
• SickOS 1,1 (OSCP-like)
• SkyTower (OSCP-like)
• Tr0ll 1 (OSCP-like)

Online Labs for Practice ⤴

• Buffer-Overflow Vulnerability Lab Launching an attack to exploit the buffer-overflow vulnerability using shellcode.
• Race-Condition Vulnerability Lab Exploiting the race condition vulnerability in privileged program.
• TCP/IP Attack Lab Launching attacks to exploit the vulnerabilities of the TCP/IP protocol, including session hijacking, SYN flooding, TCP reset attacks, etc.
• Heartbleed Attack Lab Using the heartbleed attack to steal secrets from a remote server.
• Packet Sniffing and Spoofing Lab Writing programs to sniff packets sent over the local network; writing programs to spoof various types of packets.
• From SQL Injection to Shell This exercise explains how to gain access to the admin console using SQL injection, gain access to the administration console.
• Web for Pentester This exercise is a set of the most common web vulnerabilities.
• Electronic Code Book This exercise explains how you can tamper with an encrypted cookies to access another user’s account.
• XSS and MySQL FILE This exercise explains how you to get access to admin’s cookies using Cross-Site Scripting vulnerability. And after gaining access use the admin panel to exploit a SQLi vulnerability.
• Pentester Lab Pentester Labs contains a wide variety to practice web based vulnerabilities.
• Port Swigger Web Security Academy Designed by the creators of Burp Suite, the Web Security Academy is a free online training center for web application security.
• Acunetix ASP Test Acunetix ASP test and demonstration site
• Acunetix ASP.NET Test Acunetix ASP.Net test and demonstration site
• Acunetix PHP Test Acunetix PHP test and demonstration site
• Hack this Site A website designed where ethical hackers can legally test out their skills
• Secret Key Encryption Lab Exploring the secret-key encryption and its applications using OpenSSL.
• One-Way Hash Function Lab Exploring one-way hash function and its applications using OpenSSL.
• Public-Key Cryptography and PKI Lab Exploring public-key cryptography, digital signature, certificate, and PKI using OpenSSL.
• Android Repackaging Lab Insert malicious code inside an existing Android app, and repackage it.
• Android Device Rooting Lab Develop an OTA (Over-The-Air) package from scratch to root an Android device.
• OWASP iGoat
• Damn Vulnerable iOS App (DVIA) v2
• Damn Vulnerable iOS App (DVIA) v1
• iPhoneLabs
• iOS-Attack-Defense
• DIVA (Damn insecure and vulnerable App)
• SecurityShepherd
• Damn Vulnerable Hybrid Mobile App (DVHMA)
• OWASP-mstg
• VulnerableAndroidAppOracle
• Android InsecureBankv2
• Purposefully Insecure and Vulnerable Android Application (PIIVA)
• Sieve app
• DodoVulnerableBank
• Digitalbank
• OWASP GoatDroid
• AppKnox Vulnerable Application
• Vulnerable Android Application
• MoshZuk
• Hackme Bank
• Android Security Labs
• Android-InsecureBankv2
• Android-security
• VulnDroid

Vulnerable Virtual Machines ⤴

• Damn Vulnerable Web Application (DVWA) Damn Vulnerable Web Application (DVWA) is a PHP/MySQL web application that is vulnerable to multiple web attacks.
• OWASP Broken Web Applications Project Open Web Application Security Project (OWASP) Broken Web Applications Project, a collection of vulnerable web applications that people can practice their skills on.
• WebGoat WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons.
• OWASP Security Shepherd The OWASP Security Shepherd project is a web and mobile application security training platform.
• Vulnhub A collection of vulnerable machines to practice on. You can download the vulnerable vms on your system and learn pentesting
• Hack the box A collection of vulnerable machines and challenges

Vulnerability Databases ⤴

List of resources containing known list of exploits and common vulnerabilities found in softwares, OS, Mobile applications, CMS etc.

• Bugtraq (BID)
• Common Vulnerabilities and Exposures (CVE)
• Distributed Weakness Filing (DWF)
• Exploit-DB
• Full-Disclosure
• Inj3ct0r
• Microsoft Security Advisories
• Microsoft Security Bulletins
• Mozilla Foundation Security Advisories
• National Vulnerability Database (NVD)
• Vulnerability Lab
• Zero Day Initiative

SCSP Seminar Presentations Slides ⤴

(Coming Soon)