Here are some quick links to resources to some tools, training videos, and other information that I have found useful
- Linux Distros/Windows tools
- Kali Linux: Pentesting/ethical hacking Linux Distro, full of good tools to learn about pentesting/explotation tons of good resources are on the site and generally found on the internet about the distro
- SIFT Workstation: A Linux Virtual Machine from the folks over at SANS. Contains free/open source Incident Response and forensic tools (like Sleuthkit, Volatility, and regripper)
- REMnux: A Linux Virtual Machine geared more towards malware analysis and reverse engineering with tools (Ghidra, pedump, StringSifter among other tools).
- Active Defense Harbinger Distribution(ADHD): Active defense tools to help create Honeypots/accounts to lure attackers away from production environments. Created by the team at Black Hills Information Security
- RITA (Real Intelligence Threat Analytics): Open source framework for detecting C2 (command and control also known as C&C) though network traffic analysis. can ingest Zeek or PCAPS converted to Zeek logs for analysis
- Flare-VM: Windows Based malware analysis/reverse engineering tool kit created by FireEye. Has tools (IDA Free, Ghidra, OllyDbg). it is recommended to install in a virtual machine, unlike the others this an installer to install on Windows
- Training/labs
- Cybary.it: a great resource for both infosec and general IT training videos and a wide range of topics, has a little bit of everything from DevOps, cloud, server administration, and of course Cyber/information security. Paid access gets you access to labs and other useful features like practice exams, and knowledge checks (which can point you to other courses/videos to help on you weak spots and explain it)
- Security Blue Team: Practical hands on training for Blue team. Security Blue team deals more with training/certification side of the house which has different level’s based on different skill sets.
- Tryhackme: Hands on cybersecurity training that has gamified lessons (that are generally broken down in to the key points needed) and you get to apply what you learn with labs reinforcing the concepts taught in the lesson. Is a little more geared towards the “hacking” side but there has been a lot of new general blue team/cyber securtiy offerings uploaded
- Hack the Box Academy: Academy is a newer option from Hack the Box that is geared a little more towards the red team/pentesting side of the house but they do have some blue team challenges as well. Some of them are build by the community and others are hosted within HTB much like their normal
- Pluralsight: Much like Cybary in terms of video courses but is a little more in depth with certain tools (IE Qradar, Splunk, Zeek, Snort, ELK among others). versus what you might need for a certification (which Plurasight does offer). However, unlike Cybary unless it is a company account you will not have access to labs like you would in Cybary even with a paid subscription. The flip side is that a lot of the “lab” videos are also geared towards walking you setting it up in your own environment as well as having guides to do it.
- Antisyphone: Home to what was Black Hills Information Security training (like John strands getting started in Security). The courses cover a wide variety of topics and generally rotate to have offerings thoughout the year. Most are web bassed but some are timed around Black Hills Information Security’s Wild Hackin fest conference. Some of the training can be done on demand and some have the “pay what you can”.
- We Hack Purple: SecDevOps/Application security based training that goes over software development and proper security posture
- Cyber5w: Free/paid digital forensics/Incident response (DFIR) training covering both windows/Linux environments.
- Zero2Automated: Malware analysis/reverse engineering courses
- CTF
- Hack The Box: Free (with paid options) Ethical hacking training. For Hack the Box you will need to figure out and play with the site to get a log in code. While having some CTF styled challanges it is geared more towards red team/penitration testing objectives of getting root/admin.
- BTLO (Blue Team Labs Online):They also now have a Labs which is more “CTF” in style but again geared more towards the blue team versus red (more incident response, malware, traffic analysis in nature). The Labs has both free and paid labs
- Antisyphon Cyber Range: full tilt normal CTF that you might find at a con (conference) with a wide range of topics and different scores (versus the easy/medium/hard you might see with other ones).
- Resources
- SANS institute: While most know of SANS for their training, they also have blogs, podcast and other resources available on a wide range of Cyber/information security topics. They also have scholarships for their training as noted below:
- VetSuccess Academy: for transitioning veterans within 6 months ETS, Veterans within 10 years of separation, and no Cybersecurity work experience
- Women’s Immersion Academy: Open to females that are seniors in college in a STEM field or college graduate/career changes not working in information security field
- SANS Cyber Diversity Academy: open to BIPoC (Black, Indigenous, and people of color) and women to help bridge the diversity gap. Like others it is open to seniors in college in a STEM field or college graduate/career changes not working in information
- This includes Latinx, Native American, Native Hawaiian, Asian Pacific, Asian Indian, or sub-Saharan backgrounds)
- SANS HBCU Academy: Geared towards blacks who are either in an historically black collage/university (junior, senior or even graduate) or a alumnus that wants to transition to cyber security. You can have under 1 year in the field for this scholarship.
- Black Hills Information Security: While known for their red team/pentesting they have tons of good resources for learning skills, from their webcast, pay what you can training (both red/blue), general paid training, and blog post. they also have an open source tool RITA to help look for beacons in network traffic).
- #Misec: Michigian based IT/DevOps/Inforamtion/Cyber Securtiy professionals that Monthly talks and also socials that are smaller in scope compared to something like DefCon for example. There is an active Discord with ongoing discussion on a wide range of typics/hobbies
- VetSec: Military veteran based cybersecurity community that can help with the needs of the veteran community along with provide networking and mentorship opportunities along with giveaways/vouchers for workshops/cons/training
- SANS institute: While most know of SANS for their training, they also have blogs, podcast and other resources available on a wide range of Cyber/information security topics. They also have scholarships for their training as noted below:
M0rt0n86 