Resources

Discription

List of all the resources to make your career in Cyber Security

Information Security Certifications

• Certified Ethical Hacker
• Certified Information Systems Security Professional (CISSP)
• Certified Penetration Testing Engineer (CPTE)
• CompTIA Security+
• GIAC Security Essentials (GSEC)
• Kali Linux Certified Professional (KLCP)
• Offensive Security Certified Expert (OSCE)
• Offensive Security Certified Professional (OSCP)
• Offensive Security Exploitation Expert (OSEE)
• Offensive Security Web Expert (OSWE)
• Offensive Security Wireless Professional (OSWP)
• Practical Network Penetration Tester (PNPT)
• HTB Certified Bug Bounty Hunter (HTB BBH)
• HTB Certified Penetration Testing Specialist (HTB CPTS)
• eLearnSecurity Junior Penetration Tester (eJPT)

Books

• A Bug Hunter’s Diary: A Guided Tour Through the Wilds of Software Security
• A Short Course on Computer Viruses
• AVIEN Malware Defense Guide for the Enterprise
• Advanced Penetration Testing: Hacking the World’s Most Secure Networks
• Applied Cryptography: Protocols, Algorithms and Source Code in C
• Applied Network Security Monitoring: Collection, Detection, and Analysis
• Black Hat Python: Python Programming for Hackers and Pentesters
• Bug Bounty Bootcamp By Vickie Li
• Blue Team Handbook: Incident Response Edition: A condensed field guide for the Cyber Security Incident Responder
• Bulletproof SSL and TLS: Understanding and Deploying SSL/TLS and PKI to Secure Servers and Web Applications
• CEH Certified Ethical Hacker All-in-One Exam Guide
• CISSP All-in-One Exam Guide
• CISSP: Certified Information Systems Security Professional Study Guide
• CISSP](ISC)2 Certified Information Systems Security Professional Official Study Guide
• Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon
• Cryptography Engineering: Design Principles and Practical Applications
• Cyber War: The Next Threat to National Security and What to Do About It
• Cybersecurity - Protecting Critical Infrastructures from Cyber Attack and Cyber Warfare
• Cybersecurity and Cyberwar: What Everyone Needs to Know
• Cybersecurity and Human Rights in the Age of Cyberveillance
• Cyberspies: The Secret History of Surveillance, Hacking, and Digital Espionage
• Essentials of Cybersecurity
• Future Crimes: Inside the Digital Underground and the Battle for Our Connected World
• Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker
• Hacked Again
• Hacking Exposed 7
• Hacking: The Art of Exploitation
• How Linux Works: What every superuser should know
• Information Assurance Handbook: Effective Computer Security and Risk Management Strategies
• Linux Shell Scripting Cookbook
• Network Forensics: Tracking Hackers through Cyberspace
• Network Security Through Data Analysis: Building Situational Awareness
• Penetration Testing: A Hands-On Introduction to Hacking
• Practical Malware Analysis: A Hands-On Guide to Dissecting Malicious Software
• Practice of Network Security Monitoring
• Protecting Your Internet Identity: Are You Naked Online?
• Protection and Security on the Information Superhighway
• Reversing: Secrets of Reverse Engineering
• Rtfm: Red Team Field Manual
• Security Metrics, A Beginner’s Guide
• Spam Nation: The Inside Story of Organized Cybercrime-from Global Epidemic to Your Front Door
• Surreptitious Software: Obfuscation, Watermarking, and Tamperproofing for Software Protection
• TCP/IP Illustrated
• The Art of Computer Virus Research and Defense
• The Art of Deception: Controlling the Human Element of Security
• The Art of Memory Forensics
• The Beginner’s Guide to Information Security
• The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography
• The Computer Incident Response Planning Handbook: Executable Plans for Protecting Information at Risk
• The Cyber Skill Gap
• The Hacker Playbook: Practical Guide To Penetration Testing
• The IDA Pro Book: The Unofficial Guide to the World’s Most Popular Disassembler
• The Ncsa Guide to PC and Lan Security
• The Shellcoder’s Handbook: Discovering and Exploiting Security Holes
• The Tao of Network Security Monitoring: Beyond Intrusion Detection
• The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws
• Thinking Security: Stopping Next Year’s Hackers
• Understanding Cryptography: A Textbook for Students and Practitioners
• We Are Anonymous: Inside the Hacker World of LulzSec, Anonymous, and the Global Cyber Insurgency
• Web Application Vulnerabilities: Detect, Exploit, Prevent
• Windows Internals
• Worm: The First Digital World War
• A Search Engine Backed by Internet-Wide Scanning - Ariana Mirian
• Advanced Penetration Testing by Wil Allsopp, 2017
• Advanced Penetration Testing for Highly-Secured Environments by Lee Allen, 2012
• Advanced Persistent Threat Hacking: The Art and Science of Hacking Any Organization by Tyler Wrightson, 2014
• Android Hackers Handbook by Joshua J. Drake et al., 2014
• Black Hat Python: Python Programming for Hackers and Pentesters by Justin Seitz, 2014
• Btfm: Blue Team Field Manual by Alan White and Ben Clark
• Bug Hunter’s Diary by Tobias Klein, 2011
• CIA Lock Picking Field Operative Training Manual
• Car Hacker’s Handbook by Craig Smith, 2016
• CompTIA Security+ SY0-501 Certification Study Guide
• Complete Guide to Shodan
• Dfir intro
• Eddie the Wire books
• Essentials of Enterprise Network Security
• Fuzzing: Brute Force Vulnerability Discovery by Michael Sutton et al., 2007
• Ghost in the Wires by Kevin D. Mitnick & William L. Simon, 2011
• Gray Hat Hacking The Ethical Hacker’s Handbook by Daniel Regalado et al., 2015
• Hacking the Xbox by Andrew Huang, 2003
• Holistic Info-Sec for Web Developers](https://leanpub.com/b/holisticinfosecforwebdevelopers)
• Kali Linux Revealed
• Keys to the Kingdom by Deviant Ollam, 2012
• Lock Picking: Detail Overkill by Solomon
• Malware Analyst’s Cookbook and DVD by Michael Hale Ligh et al., 2010
• Metasploit: The Penetration Tester’s Guide by David Kennedy et al., 2011
• Network Forensics: Tracking Hackers through Cyberspace by Sherri Davidoff & Jonathan Ham, 2012
• Network Security Assessment by Chris McNab
• Nmap Network Scanning by Gordon Fyodor Lyon, 2009
• No Tech Hacking by Johnny Long & Jack Wiles, 2008
• Open Source Intelligence Techniques - 8th Edition by Michael Bazell, 2021
• Penetration Testing: A Hands-On Introduction to Hacking by Georgia Weidman, 2014
• Penetration Testing: Procedures & Methodologies by EC-Council, 2010
• Practical Lock Picking by Deviant Ollam, 2012
• Practical Malware Analysis by Michael Sikorski & Andrew Honig, 2012
• Practical Packet Analysis by Chris Sanders, 2017
• Practical Reverse Engineering by Bruce Dang et al., 2014
• Professional Penetration Testing by Thomas Wilhelm, 2013
• Reverse Engineering for Beginners by Dennis Yurichev
• Rtfm: Red Team Field Manual by Ben Clark, 2014
• Secure Programming HOWTO
• Social Engineering in IT Security: Tools, Tactics, and Techniques by Sharon Conheady, 2014
• Social Engineering: The Art of Human Hacking by Christopher Hadnagy, 2010
• The Art of Deception by Kevin D. Mitnick & William L. Simon, 2002
• The Art of Exploitation by Jon Erickson, 2008
• The Art of Intrusion by Kevin D. Mitnick & William L. Simon, 2005
• The Art of Memory Forensics by Michael Hale Ligh et al., 2014
• The Basics of Hacking and Penetration Testing by Patrick Engebretson, 2013
• The Browser Hackers Handbook by Wade Alcorn et al., 2014
• The Database Hacker’s Handbook, David Litchfield et al., 2005
• The Hacker Playbook by Peter Kim, 2014
• The IDA Pro Book by Chris Eagle, 2011
• The Mac Hacker’s Handbook by Charlie Miller & Dino Dai Zovi, 2009
• The Mobile Application Hackers Handbook by Dominic Chell et al., 2015
• The Practice of Network Security Monitoring: Understanding Incident Detection and Response 9
• The Shellcoders Handbook by Chris Anley et al., 2007
• The Web Application Hackers Handbook by D. Stuttard, M. Pinto, 2011
• Unauthorised Access: Physical Penetration Testing For IT Security Teams by Wil Allsopp, 2010
• Unmasking the Social Engineer: The Human Element of Security by Christopher Hadnagy, 2014
• Violent Python by TJ O’Connor, 2012
• Windows Internals by Mark Russinovich et al., 2012
• Wireshark Network Analysis by Laura Chappell & Gerald Combs, 2012
• iOS Hackers Handbook by Charlie Miller et al., 2012

OSINT Tools Used

General OSINT Tools

• AbuseIPDB - Search engine for blacklisted IPs or domains.
• AutoShun - Public repository of malicious IPs and other resources.
• BadIPs - Online blacklist lookup.
• Barcode Reader - Decode barcodes in C#, VB, Java, C\C++, Delphi, PHP and other languages.
• Belati - The Traditional Swiss Army Knife For OSINT. Belati is tool for Collecting Public Data & Public Document from Website and other service for OSINT purpose.
• Binary Defense IP Ban List - Public IP blacklist.
• Blocklist Ipsets - Public IP blacklist.
• Censys - Collects data on hosts and websites through daily ZMap and ZGrab scans.
• CloudFrunt - Tool for identifying misconfigured CloudFront domains.
• Combine - Open source threat intelligence feed gathering tool.
• Creepy - Geolocation OSINT tool.
• Datasploit - Tool to perform various OSINT techniques on usernames, emails addresses, and domains.
• Dnsenum - Perl script that enumerates DNS information from a domain, attempts zone transfers, performs a brute force dictionary style attack, and then performs reverse look-ups on the results.
• Dnsmap - Passive DNS network mapper.
• Dnsrecon - DNS enumeration script.
• Dnstracer - Determines where a given DNS server gets its information from, and follows the chain of DNS servers.
• Dork-cli - Command line Google dork tool.
• emagnet - Automated hacking tool that will find leaked databases.
• FindFrontableDomains - Multithreaded tool for finding frontable domains.
• GOSINT - OSINT tool with multiple modules and a telegram scraper.
• Github-dorks - CLI tool to scan github repos/organizations for potential sensitive information leak.
• GooDork - Command line Google dorking tool.
• Google Hacking Database - Database of Google dorks; can be used for recon.
• Greynoise - “Anti-Threat Intelligence” Greynoise characterizes the background noise of the internet, so the user can focus on what is actually important.
• InfoByIp - Domain and IP bulk lookup tool.
• Intrigue Core - Framework for attack surface discovery.
• Machinae - Multipurpose OSINT tool using threat intelligence feeds.
• Maltego - Proprietary software for open source intelligence and forensics, from Paterva.
• Malware Domain List - Search and share malicious URLs.
• NetBootcamp OSINT Tools
• OSINT Framework
• OpenRefine - Free & open source power tool for working with messy data and improving it.
• Orbit - Draws relationships between crypto wallets with recursive crawling of transaction history.
• OsintStalker - Python script for Facebook and geolocation OSINT.
• Outwit - Find, grab and organize all kinds of data and media from online sources.
• PaGoDo - Passive, automated Google dorking tool.
• Passivedns-client - Library and query tool for querying several passive DNS providers.
• Passivedns - Network sniffer that logs all DNS server replies for use in a passive DNS setup.
• Photon - Crawler designed for OSINT.
• Pown Recon - Target reconnaissance framework powered by graph theory.
• QuickCode - Python and R data analysis environment.
• Raven - LinkedIn information gathering tool.
• Recon-ng - Full-featured Web Reconnaissance framework written in Python.
• SecApps Recon - Information gathering and target reconnaissance tool and UI.
• Spamcop - IP based blacklist.
• Spamhaus - Online blacklist lookup.
• Spiderfoot - Open source OSINT automation tool with a Web UI and report visualizations
• ThreatCrowd - Threat search engine.
• ThreatTracker - Python based IOC tracker.
• Vcsmap - Plugin-based tool to scan public version control systems for sensitive information.
• XRay - XRay is a tool for recon, mapping and OSINT gathering from public networks.
• Zen - Find email addresses of Github users.
• malc0de DNSSinkhole - List of domains that have been identified as distributing malware during the past 30 days.
• malc0de Database - Searchable incident database.
• pygreynoise - Greynoise Python Library
• sn0int - Semi-automatic OSINT framework and package manager.
• theHarvester - E-mail, subdomain and people names harvester.

Crypto OSINT Search

• Bitcoin Abuse - Database of wallets associated with ransomware, blackmailers and fraud.
• Bitcoin Who’s Who - Database of known ID information from bitcoin addresses.
• Blockchair - Multiple blockchain explorer.
• Wallet Explorer - Finds all known associated bitcoin addresses from a single known address.

Government Record Search

• Blackbook - Public Records Starting Point.
• FOIA Search - Government information request portal.
• PACER - Public Access to Federal Court Records.
• RECAP - Free version of PACER. Includes browser extensions for Chrome & Firefox.
• SSN Validator - Confirms valid Social Security Numbers.