It is generally prohibited by law for you to attack or otherwise interfere with a remote or local system in which you do not have proper permission to attack. In the UK, doing so may result in you breaking the Computer Misuse Act which (depending on which Section you break) may land you with up to 10 years in prison. If you are working with people or companies in different countries, please also be aware of the local laws surrounding computer ‘misuse’.
If you are doing bug bounty programs, please be aware of the Terms and Conditions (T&Cs) for each program as well as any ‘Fair Use’ policies that may be in place. You should also consider reading the general T&Cs for the product you are testing as well as the End User Licence Agreement (EULA). For example, a lot of proprietary software prohibits the use of reverse engineering either in the T&Cs or EULA.
On top of this, if you are using any online services or attacking servers which are open for attack with the express purpose of learning and exploring (such as public instances of the Juice Shop, HackTheBox etc) please be aware of the T&Cs, EULAs and Fair Use Policies for these services.
Run it locally: https://owasp.org/www-project-juice-shop/
Ready-to-go instance, no installation required: https://juice-shop.herokuapp.com/#/
OWASP Juice Shop is a vulnerable-by-design website sandbox where you can test your hacking skills and learn new ones. If you are running this locally on your own machine, please do not open the server up to the network. As it is vulnerable by design, you will be opening up your computer to attack.
https://www.vulnhub.com/
This is a collection of machines that have vulnerable programs running on them. Don’t worry - these aren’t someone else’s machines! They are run by Vulnhub so that you can attack them.
https://application.security/
This is a mostly paid resource, but they have some really good free exercises regarding the OWASP Top 10 and AWS Top 10.
https://portswigger.net/web-security
This is a great resource that breaks down how a vulnerability comes to be, how it is exploited, and includes hands-on labs for each step. Teaches you how to use BurpSuite (which is a freemium tool), but you can also use OWASP Zap (FOSS - Free and Open Source Software).
https://leanpub.com/web-hacking-101
Using publicly disclosed vulnerabilities, Web Hacking 101 explains common web vulnerabilities and will show you how to start finding vulnerabilities and collecting bounties.
https://xsfs.xyz/
[AD] This is my own website that I am working on to post my own research, learnings and discoveries.
https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE
A large library of resources to learn about pen testing for almost anything you'd want to pen test
https://www.hackthebox.com/
Hack The Box is a massive, online cybersecurity training platform, allowing individuals, companies, universities and all kinds of organisations around the world to level up their hacking skills.
https://www.hacksplaining.com/
Hacksplaning is a security training course primarily aimed at developers, however it is reccomended that security engineers read the resources here too so that they can more easily explain concepts to developers they work with.
https://tryhackme.com/ Hands-on cyber security training through real-world scenarios. Uses gamified lessions to help make learning fun.
https://www.hacker101.com/
Hacker101 is an education platform that covers everything from the absolute basics of security, through to advanced topics like binary reverse-engineering and breaking cryptography in practical settings.
https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html
https://www.sans.org/blog/cyber-kill-chain-mitre-attack-purple-team/
https://attack.mitre.org/
The Cyber Kill Chain covers 7 high level goals, or tactics, attackers perform during an attack.
https://www.codecademy.com/learn/paths/fundamentals-of-cybersecurity
https://www.coursera.org/learn/it-security
https://www.secureflag.com/
SecureFlag is a Secure Coding Training Platform for Developers, QA and DevOps engineers to learn defensive programming through 100% hands-on exercises in real-world development environments.
https://osintframework.com/
A list of tools and resources used for Information Security, also useful for Cyber Security during the reconnaissance stage of investigation
https://www.hackerone.com/blog/how-to-recon-and-content-discovery
This provides a great starting point to the world of reconnaissance and discovering content in the real world, pointing you in the right direction for a number of key tools and resources.
https://www.youtube.com/watch?v=CU9Iafc-Igs
If you’re intimidated by the world of bounty hunting, this video is for you. This resource really lays out a great 9-point plan to get you to where you want to be.
https://bughunters.google.com/
Google's Bug Hunter University is another great resource that was created by the Google Security Team. It is particularly good for use in creating great vulnerability reports.
https://www.youtube.com/watch?v=2Ra1CCG8Guo
A talk about how viruses are made and how they work
https://www.youtube.com/watch?v=sOeuYuvOcl0 A short video essay about how it is impossible to fully trust any software (or even computer) you haven't built from scratch
https://www.youtube.com/c/Seytonic
https://www.youtube.com/c/NetworkChuck
https://www.youtube.com/c/STOKfredrik
https://www.youtube.com/c/hak5
https://www.youtube.com/c/TheCyberMentor
https://www.youtube.com/c/Sumsubcom
https://www.youtube.com/user/amihirata
https://www.youtube.com/c/LiveOverflow
https://www.youtube.com/channel/UC2Mq09_FBWckT1WmcraWr-g
https://www.youtube.com/channel/UCIXot2vRgeM5alhAlpTbhQA
https://www.youtube.com/c/JohnHammond010
https://www.youtube.com/channel/UCTLUi3oc1-a7dS-2-YgEKmA
https://www.youtube.com/c/HackerSploit
https://www.youtube.com/c/PentesterAcademyTV
https://www.youtube.com/c/PenetrationTestingwithddos
https://www.youtube.com/c/Nahamsec
https://youtube.com/playlist?list=PLowKtXNTBypH19whXTVoG3oKSuOcw_XeW
Key:
🟦 Tool is useful for blue team members (Defense Team)
🟥 Tool is useful for red team members (Attack Team)
🟪 Tool is useful for both teams
Classification may not be 100% accurate, but I’ve tried to classify them based on which team I think would get more use out of the specific tool.
Download
🟥 https://www.kali.org/
Beginners Guide to Kali Linux
https://www.guru99.com/kali-linux-tutorial.html
https://medium.com/quick-code/top-tutorials-to-learn-kali-linux-for-beginners-131a654b81ad
https://www.cybrary.it/blog/how-to-use-kali-linux-tools-on-windows-10/
https://www.educba.com/kali-linux-commands/
Top 20 Most Popular Tools in the Industry
https://intellipaat.com/blog/best-hacking-tools-and-software/
(Some of the below tools are already mentioned in the above article)
🟥 BurpSuite
https://portswigger.net/burp
🟥 OWASP Zap (FOSS version of BurpSuite)
https://www.zaproxy.org/
🟪 Postman
https://www.postman.com/
Postman is NOT an explicitly Cyber Security tool, it’s actually more commonly used by developers to test and debug APIs. Security Engineers would typically use either of the two tools above instead, as they contain similar functionality to Postman but have more facilities related to security. However, as it stands, Postman serves as a good introduction to manually interfacing with APIs.
🟦 Security Headers
https://securityheaders.com/
Useful for developers and defence teams to check the security headers of their websites to see if they comply with modern security standards
🟪 Public Buckets
https://buckets.grayhatwarfare.com/
This searches for resources in publicly accessible cloud buckets.
🟪 ScoutSuite
https://github.com/nccgroup/ScoutSuite
Scout Suite is an open source multi-cloud security-auditing tool, which enables security posture assessment of cloud environments.
🟦 GitLeaks
https://github.com/zricethezav/gitleaks
This is actually more of a developer's tools, but it’s also used on the remote git host side to prevent secrets (such as API Keys) from being saved and stored in a remote repository. Alternatives include:
https://github.com/awslabs/git-secrets
https://github.com/Yelp/detect-secrets
🟦 endoflife.date
This allows you to monitor when dependencies are going EoL, which can mean vulnerabilies that are discovered won't be fixed.
https://endoflife.date/
🟪 Have I been Pwned?
https://haveibeenpwned.com/
This is a website to check and see if your credentials have been leaked online
🟪 Certificate Search
https://crt.sh/
A free domain research tool that can discover hosts related to a domain based on certificates.
🟪 DNS Dumpster
https://dnsdumpster.com/
A free domain research tool that can discover hosts related to a domain based on domain names and records.
https://www.youtube.com/c/mentaloutlaw
Mental Outlaw is a mostly Linux-centred channel who also covers cooking and fitness. However, he also gives good insights into recent serious vulnerabilities and he’s quick to cover them.
Source: https://twit.tv/shows/security-now
YouTube Channel: https://www.youtube.com/c/securitynow
Spotify Podcast: https://open.spotify.com/show/7vAbYigR3zs8GYJP3EoVWw
Apple Podcast: https://podcasts.apple.com/gb/podcast/security-now-audio/id79016499
Google Podcast: https://podcasts.google.com/feed/aHR0cHM6Ly9mZWVkcy50d2l0LnR2L3NuLnhtbA
Security Now is a classic podcast that was established in 2005. They broadcast weekly the latest cybersecurity news, recent exploits and vulnerabilities. Broadcasts are typically 2 hours long, but depend on how busy the previous week was.
News will appear in reverse chronological order - i.e. newest first
March 2023
NUIT (Near-Ultrasound Inaudible Trojan) is an exploit targeting the 'assistant' functionality found in smart devices such as phones and speakers. There are two forms, NUIT-1 and NUIT-2.
NUIT-1 happens on the same device, where the victim device plays malicious audio which is picked up by the same device and parsed as commands for the assistant.
NUIT-2 is when the speakers from another device play infected audio which is then picked up by another device.
In any case, infected audio can trigger the activation of other smart devices which can compromise both the physical and digital safety and security of victims. Physical security can be breached if the victim has smart locks as part of their home security. NUIT could stealthily unlock someone's door, and if this user is being targeted could lead to a serious risk to life.
'Security Gone Wrong' is a series of news stories where large, recognizable names - names you would not expect to have a breach (such as security companies) - have been compromised.
March 2023
It appears that they were compromised via a Spear Phishing Social Engineering Attack. As I always say: the human link is the weakest link.
Quick Overview: https://www.youtube.com/shorts/yrGNgWu9eWo
Detailed Insight: https://www.youtube.com/watch?v=cwKqgU_kxto
LMG's Response: https://www.youtube.com/watch?v=yGXaAWbzl5A
Dec 2022 - Jan 2023
https://blog.lastpass.com/2022/12/notice-of-recent-security-incident/
https://support.lastpass.com/help/incident-2-additional-details-of-the-attack
April 2022