Phase 1.3: Create RESOURCES/ folder
- Create RESOURCES/README.md as entry point - Create RESOURCES/TOOLS.md with cybersecurity tools - Create RESOURCES/COURSES.md with training platforms - Create RESOURCES/CERTIFICATIONS.md with exam prep - Create RESOURCES/COMMUNITIES.md with YouTube, Reddit, LinkedIn - Create RESOURCES/FRAMEWORKS.md with security frameworks - Update main README to link to RESOURCES/ - Reduce main README by ~420 lines
This commit is contained in:
parent
f001d20a4d
commit
7365a4c241
452
README.md
452
README.md
|
|
@ -35,17 +35,7 @@
|
|||
- [Intermediate Projects](#intermediate-projects)
|
||||
- [Advanced Projects](#advanced-projects)
|
||||
- [Certification Roadmaps](#certification-roadmaps)
|
||||
- [Cybersecurity Tools](#cybersecurity-tools)
|
||||
- [Study Platforms & Courses](#study-platforms--courses)
|
||||
- [Certifications & Exam Prep](#certifications--exam-prep)
|
||||
- [YouTube Channels & Videos](#youtube-channels--videos)
|
||||
- [Reddit Communities](#reddit-communities)
|
||||
- [Security Frameworks](#security-frameworks)
|
||||
- [Industry Resources](#industry-resources)
|
||||
- [Cloud Certifications](#cloud-certifications)
|
||||
- [CISSP Resources](#cissp-resources)
|
||||
- [LinkedIn Professionals](#linkedin-professionals-to-follow)
|
||||
- [Additional Learning Resources](#additional-learning-resources)
|
||||
- [Learning Resources](#learning-resources)
|
||||
|
||||
|
||||
Big thanks to the current contributors! ❤️
|
||||
|
|
@ -287,439 +277,17 @@ A collection of tools, courses, frameworks, and educational resources for cyber
|
|||
|
||||
---
|
||||
|
||||
## Cybersecurity Tools
|
||||
## Learning Resources
|
||||
|
||||
### Reconnaissance & Scanning
|
||||
- [Nmap](https://nmap.org/) - Network mapper and port scanner
|
||||
- [Nessus](https://www.tenable.com/products/nessus) - Vulnerability scanner
|
||||
- [Nikto](https://cirt.net/Nikto2) - Web server scanner
|
||||
- [Searchsploit](https://github.com/dev-angelist/Ethical-Hacking-Tools/blob/main/practical-ethical-hacker-notes/tools/searchsploit.md) - Exploit database CLI
|
||||
- [theHarvester](https://github.com/laramies/theHarvester) - Information gathering tool
|
||||
- [Amass](https://github.com/owasp-amass/amass) - Subdomain enumeration
|
||||
- [Sublist3r](https://github.com/aboul3la/Sublist3r) - Subdomain finder
|
||||
- [Recon-ng](https://github.com/lanmaster53/recon-ng) - Web reconnaissance framework
|
||||
- [Fierce](https://github.com/mschwager/fierce) - DNS scanner
|
||||
Comprehensive collection of cybersecurity tools, training courses, certifications, communities, and frameworks.
|
||||
|
||||
### Web Application Testing
|
||||
- [Burp Suite](https://portswigger.net/burp) - Web vulnerability scanner
|
||||
- [OWASP ZAP](https://www.zaproxy.org/) - Web application security scanner
|
||||
- [Nikto](https://cirt.net/Nikto2) - Web server scanner
|
||||
- [SQLmap](https://sqlmap.org/) - SQL injection testing
|
||||
- [Wfuzz](https://github.com/xmendez/wfuzz) - Web fuzzer
|
||||
- [Gobuster](https://github.com/OJ/gobuster) - URI/DNS/Vhost brute forcing
|
||||
- [SkipFish](https://github.com/spinkham/skipfish) - Active web application scanner
|
||||
- [Wapiti](https://github.com/wapiti-scanner/wapiti) - Web vulnerability scanner
|
||||
- [Arachni](https://github.com/Arachni/arachni) - Web application security scanner
|
||||
- [Nuclei](https://github.com/projectdiscovery/nuclei) - Template-based scanning
|
||||
- [Maltego](https://www.maltego.com/) - OSINT & data mining
|
||||
**[View All Learning Resources](./RESOURCES/README.md)**
|
||||
|
||||
### Network & Wireless
|
||||
- [Wireshark](https://www.wireshark.org/) - Network protocol analyzer
|
||||
- [Bettercap](https://github.com/bettercap/bettercap) - Network attack framework
|
||||
- [Responder](https://github.com/SpiderLabs/Responder) - LLMNR/NBT-NS poisoner
|
||||
- [Ettercap](https://github.com/Ettercap/ettercap) - Man-in-the-middle framework
|
||||
- [SSLstrip](https://github.com/moxie0/sslstrip) - SSL stripping attack
|
||||
- [Aircrack-ng](https://www.aircrack-ng.org/) - Wireless network auditing
|
||||
- [Kismet](https://github.com/kismetwireless/kismet) - Wireless network detector
|
||||
- [mitmproxy](https://github.com/mitmproxy/mitmproxy) - HTTP/HTTPS proxy
|
||||
- [Fiddler](https://www.telerik.com/fiddler) - Web debugging proxy
|
||||
- [Yersinia](https://github.com/tomac/yersinia) - Layer 2 attacks
|
||||
|
||||
### Exploitation & Post-Exploitation
|
||||
- [Metasploit](https://www.metasploit.com/) - Penetration testing framework
|
||||
- [Hydra](https://github.com/vanhauser-thc/thc-hydra) - Password cracking
|
||||
- [Ncrack](https://github.com/nmap/ncrack) - Network authentication cracker
|
||||
- [CrackMapExec](https://github.com/Porchetta-Industries/CrackMapExec) - Post-exploitation framework
|
||||
- [Evil-WinRM](https://github.com/Hackplayers/evil-winrm) - WinRM shell
|
||||
- [Empire](https://github.com/EmpireProject/Empire) - PowerShell post-exploitation
|
||||
- [Mimikatz](https://github.com/gentilkiwi/mimikatz) - Credential extraction
|
||||
- [Shellter](https://www.shellterproject.com/) - Dynamic shellcode injection
|
||||
- [BeEF](https://github.com/beefproject/beef) - Browser exploitation framework
|
||||
- [RouterSploit](https://github.com/threat9/routersploit) - Router exploitation framework
|
||||
- [Legion](https://github.com/Abacus-Group-RTO/legion) - Automated pentest tool
|
||||
- [Social-Engineer Toolkit (SET)](https://github.com/trustedsec/social-engineer-toolkit) - Social engineering attacks
|
||||
|
||||
### Cryptography & Analysis
|
||||
- [John the Ripper](https://www.openwall.com/john/) - Password cracker
|
||||
- [Hashcat](https://hashcat.net/hashcat/) - GPU-accelerated hash cracking
|
||||
- [Ghidra](https://ghidra-sre.org/) - Reverse engineering
|
||||
- [Radare2](https://github.com/radareorg/radare2) - Binary analysis framework
|
||||
- [Binwalk](https://github.com/ReFirmLabs/binwalk) - Binary file analysis
|
||||
|
||||
### Forensics & Malware Analysis
|
||||
- [Volatility](https://www.volatilityfoundation.org/) - Memory forensics
|
||||
- [Cuckoo Sandbox](https://cuckoosandbox.org/) - Malware analysis sandbox
|
||||
- [Impacket](https://github.com/fortra/impacket) - Network protocol library
|
||||
|
||||
### Monitoring & Defense
|
||||
- [Suricata](https://suricata.io/) - Network IDS/IPS
|
||||
- [OSSEC](https://www.ossec.net/) - Host-based intrusion detection
|
||||
- [Greenbone Vulnerability Manager](https://www.greenbone.net/en/) - Vulnerability scanning
|
||||
|
||||
### Code Security
|
||||
- [Snyk](https://snyk.io/) - Dependency vulnerability scanner
|
||||
- [OWASP Dependency-Check](https://github.com/jeremylong/DependencyCheck) - Dependency checker
|
||||
- [Semgrep](https://semgrep.dev/) - Static analysis tool
|
||||
- [Detectify](https://detectify.com/) - Web security platform
|
||||
|
||||
### Intelligence & Recon
|
||||
- [Shodan](https://www.shodan.io/) - Internet search engine
|
||||
- [Offensive Security Exploit Database](https://www.exploit-db.com/) - Exploit database
|
||||
- [BloodHound](https://github.com/BloodHoundAD/BloodHound) - Active Directory analysis
|
||||
- [EyeWitness](https://github.com/FortyNorthSecurity/EyeWitness) - Screenshot capture tool
|
||||
**Quick Access:**
|
||||
- **[Tools](./RESOURCES/TOOLS.md)** - Network analysis, vulnerability scanners, pentesting tools, SIEM platforms, and more
|
||||
- **[Courses & Training](./RESOURCES/COURSES.md)** - Free and premium platforms, Udemy courses, hands-on labs
|
||||
- **[Certifications](./RESOURCES/CERTIFICATIONS.md)** - Exam objectives, practice tests, study guides, vouchers
|
||||
- **[Communities](./RESOURCES/COMMUNITIES.md)** - YouTube channels, Reddit communities, LinkedIn professionals
|
||||
- **[Frameworks & Standards](./RESOURCES/FRAMEWORKS.md)** - NIST, ISO, MITRE, compliance regulations
|
||||
|
||||
---
|
||||
|
||||
## Study Platforms & Courses
|
||||
|
||||
### Udemy CompTIA Courses
|
||||
- [CompTIA Security+ (SY0-701) Complete Course & Exam](https://www.udemy.com/course/securityplus)
|
||||
- [CompTIA Security+ (SY0-701) Practice Exams Set 1](https://www.udemy.com/course/comptia-security-sy0-701-practice-exams/)
|
||||
- [CompTIA Security+ (SY0-701) Practice Exams Set 2](https://www.udemy.com/course/comptia-security-sy0-701-practice-exams-2nd-edition/)
|
||||
- [TOTAL: CompTIA Security+ Certification Course + Exam SY0-701](https://www.udemy.com/course/total-comptia-security-plus/)
|
||||
- [CompTIA A+ Core 1 (220-1101) Complete Course & Practice Exam](https://www.udemy.com/course/comptia-a-core-1/)
|
||||
- [CompTIA A+ Core 2 (220-1102) Complete Course & Practice Exam](https://www.udemy.com/course/comptia-a-core-2/)
|
||||
- [CompTIA A+ (220-1101) Core 1 Practice Exams](https://www.udemy.com/course/comptia-a-220-1101-core-1-practice-exams-new-for-2022/)
|
||||
- [CompTIA A+ (220-1102) Core 2 Practice Exams](https://www.udemy.com/course/comptia-a-220-1102-core-2-practice-exams-new-for-2022/)
|
||||
- [CompTIA A+ Core 1 & Core 2 - IT Cert Doctor - 2024](https://www.udemy.com/course/it-cert-doctor-comptia-a-220-1101-1102/)
|
||||
- [CompTIA Network+ (N10-009) Full Course & Practice Exam](https://www.udemy.com/course/comptia-network-009/)
|
||||
- [CompTIA Network+ (N10-009) 6 Full Practice Exams Set 1](https://www.udemy.com/course/comptia-network-n10-009-6-practice-exams-and-pbqs-set-1/)
|
||||
- [CompTIA Network+ (N10-009) 6 Full Practice Exams Set 2](https://www.udemy.com/course/comptia-network-n10-009-6-practice-exams-and-pbqs-set-2/)
|
||||
- [CompTIA CySA+ (CS0-003) Complete Course & Practice Exam](https://www.udemy.com/course/comptia-cysa-003/)
|
||||
- [CompTIA CySA+ (CS0-003) Practice Exams](https://www.udemy.com/course/comptia-cysa-cs0-003-practice-exams/)
|
||||
- [CompTIA PenTest+ (PT0-003) Full Course & Practice Exam](https://www.udemy.com/course/pentestplus/)
|
||||
- [CompTIA PenTest+ (PT0-003) 6 Practice Exams](https://www.udemy.com/course/comptia-pentest-pt0-003-6-practice-exams/)
|
||||
- [CompTIA SecurityX (CAS-005) Complete Course & Practice Exam](https://www.udemy.com/course/casp-plus/)
|
||||
- [CompTIA SecurityX (CAS-005) Practice Exam Prep](https://www.udemy.com/course/comptia-securityx-practice-exam-prep-new/)
|
||||
- [CompTIA Linux+ (XK0-005) Complete Course & Exam](https://www.udemy.com/course/comptia-linux/)
|
||||
- [CompTIA Linux+ (XK0-005) Practice Exams & Simulated PBQs](https://www.udemy.com/course/comptia-linux-exams/)
|
||||
|
||||
### Udemy Other Security Courses
|
||||
- [The Complete Cyber Security Course : Hackers Exposed!](https://www.udemy.com/course/the-complete-internet-security-privacy-course-volume-1/)
|
||||
- [The Complete Cyber Security Course : Network Security!](https://www.udemy.com/course/network-security-course/)
|
||||
- [The Complete Cyber Security Course : End Point Protection!](https://www.udemy.com/course/the-complete-cyber-security-course-end-point-protection/)
|
||||
- [Complete Ethical Hacking & Cyber Security Masterclass Course](https://www.udemy.com/course/ethicalhackingcourse/)
|
||||
- [Implementing the NIST Cybersecurity Framework (CSF)](https://www.udemy.com/course/nist-cybersecurity-framework/)
|
||||
- [ISC2 CISSP Full Course & Practice Exam](https://www.udemy.com/course/isc2-cissp-full-course-practice-exam/)
|
||||
- [ISC2 CISSP 6 Practice Exams](https://www.udemy.com/course/isc2-cissp-6-practice-exams/)
|
||||
- [The Complete Certified in Cybersecurity CC course ISC2 2024](https://www.udemy.com/course/certifiedincybersecurity/)
|
||||
|
||||
### Free Learning Platforms
|
||||
- [Cybrary](https://www.cybrary.it) - Free cybersecurity courses
|
||||
- [TryHackMe](https://tryhackme.com/) - Interactive hacking challenges
|
||||
- [Hack The Box](https://www.hackthebox.com/) - Penetration testing labs
|
||||
- [HackTheBox Academy](https://academy.hackthebox.com/) - Structured learning paths
|
||||
- [SANS Cyber Aces Online](https://www.cyberaces.org/) - Free tutorials
|
||||
- [Coursera](https://www.coursera.org/) - University-level courses
|
||||
- [edX Cybersecurity Programs](https://www.edx.org/professional-certificate/cybersecurity) - Professional certificates
|
||||
- [freeCodeCamp](https://www.youtube.com/freecodecamp) - Free comprehensive courses
|
||||
- [Codecademy Cybersecurity](https://www.codecademy.com/catalog/subject/cybersecurity) - Interactive coding
|
||||
|
||||
### Premium Platforms
|
||||
- [Pluralsight](https://www.pluralsight.com/) - Tech skill development
|
||||
- [CBT Nuggets](https://www.cbtnuggets.com/) - Video training
|
||||
- [LinkedIn Learning](https://www.linkedin.com/learning/) - Professional development
|
||||
- [INE Security Courses](https://ine.com/learning/areas/security) - Cybersecurity specialization
|
||||
- [Infosec Skills](https://www.infosecinstitute.com/skills/) - Hands-on labs
|
||||
- [Offensive Security (OffSec)](https://www.offensive-security.com/) - Advanced training
|
||||
- [TestOut](https://testoutce.com/) - Certification prep
|
||||
|
||||
---
|
||||
|
||||
## Certifications & Exam Prep
|
||||
|
||||
### CompTIA Exam Objectives
|
||||
- [A+ Core 1 (220-1101)](https://partners.comptia.org/docs/default-source/resources/comptia-a-220-1101-exam-objectives-(3-0))
|
||||
- [A+ Core 2 (220-1102)](https://partners.comptia.org/docs/default-source/resources/comptia-a-220-1102-exam-objectives-(3-0))
|
||||
- [Network+ (N10-009)](https://partners.comptia.org/docs/default-source/resources/comptia-network-n10-009-exam-objectives-(4-0))
|
||||
- [Security+ (SY0-701)](https://assets.ctfassets.net/82ripq7fjls2/6TYWUym0Nudqa8nGEnegjG/0f9b974d3b1837fe85ab8e6553f4d623/CompTIA-Security-Plus-SY0-701-Exam-Objectives.pdf)
|
||||
- [CySA+ (CS0-003)](https://partners.comptia.org/docs/default-source/resources/comptia-cysa-cs0-003-exam-objectives-(2-0))
|
||||
- [PenTest+ (PT0-003)](https://partners.comptia.org/docs/default-source/resources/comptia-pentest-pt0-003-exam-objectives-(1-0))
|
||||
- [SecurityX (CAS-005)](https://partners.comptia.org/docs/default-source/resources/comptia-securityx-cas-005-exam-objectives-(3-0))
|
||||
- [Linux+ (XK0-005)](https://partners.comptia.org/docs/default-source/resources/comptia-linux-xk0-005-exam-objectives-(1-0))
|
||||
- [Cloud+ (CV0-003)](https://partners.comptia.org/docs/default-source/resources/comptia-cloud-cv0-003-exam-objectives-(1-0))
|
||||
- [Data+ (DA0-001)](https://partners.comptia.org/docs/default-source/resources/comptia-data-da0-001-exam-objectives-(2-0))
|
||||
- [Server+ (SK0-005)](https://partners.comptia.org/docs/default-source/resources/comptia-server-sk0-005-exam-objectives-(1-0))
|
||||
|
||||
### Practice Test Resources
|
||||
- [CertNova](https://www.certnova.com/) - Free practice tests
|
||||
- [ExamCompass](https://www.examcompass.com/) - Practice exams
|
||||
- [ExamDigest](https://examsdigest.com/) - Exam resources
|
||||
- [Mike Meyers Practice Tests](https://www.totalsem.com/total-tester-practice-tests/) - Total Tester
|
||||
- [Quizlet](https://quizlet.com/) - Flashcards & quizzes
|
||||
|
||||
### Exam Vouchers & Official Resources
|
||||
- [CompTIA Student Discount](https://academic-store.comptia.org/) - 50% vouchers for students
|
||||
- [Official CompTIA Resources](https://www.comptia.org/resources) - Study materials
|
||||
- [CompTIA.org](https://www.comptia.org/) - Main website
|
||||
|
||||
### Study Guides & Books
|
||||
- [SYBEX CompTIA Books](https://www.amazon.com/s?k=wiley+sybex+comptia) - Official study guides
|
||||
- [Notes: CompTIA A+, Network+ and Security+](https://www.udemy.com/course/comptia-a-1001-1002-study-notes/) - Study notes collection
|
||||
|
||||
---
|
||||
|
||||
## YouTube Channels & Videos
|
||||
|
||||
### Top Cybersecurity Channels
|
||||
- [Professor Messer](https://www.youtube.com/@professormesser) - CompTIA certification prep
|
||||
- [NetworkChuck](https://www.youtube.com/@NetworkChuck) - Networking & security
|
||||
- [PowerCert Animated Videos](https://www.youtube.com/@PowerCertAnimatedVideos) - Educational animations
|
||||
- [HackerSploit](https://www.youtube.com/@HackerSploit) - Ethical hacking tutorials
|
||||
- [Cyberkraft](https://www.youtube.com/@cyberkraft) - Cybersecurity education
|
||||
- [howtonetwork](https://www.youtube.com/@howtonetworkcom) - Network fundamentals
|
||||
- [CBT Nuggets](https://www.youtube.com/user/cbtnuggets) - Professional training
|
||||
- [Eli the Computer Guy](https://www.youtube.com/user/elithecomputerguy) - IT & networking
|
||||
- [The Cyber Mentor](https://www.youtube.com/channel/UC0ArlFuFYMpEewyRBzdLHiw) - Ethical hacking
|
||||
- [ITProTV](https://www.youtube.com/user/ITProTV) - IT certifications
|
||||
- [freeCodeCamp.org](https://www.youtube.com/freecodecamp) - Free comprehensive courses
|
||||
- [With Sandra](https://www.youtube.com/@WithSandra) - Career & tech
|
||||
- [Andrew Huberman](https://www.youtube.com/@hubermanlab) - Learning & productivity science
|
||||
- [Tech with Jono](https://www.youtube.com/@TechwithJono) - Tech tutorials
|
||||
- [Practical Networking](https://www.youtube.com/@PracticalNetworking) - Networking fundamentals
|
||||
- [David Bombal](https://www.youtube.com/@davidbombal) - Cisco & networking
|
||||
- [John Hammond](https://www.youtube.com/@_JohnHammond) - Hacking & security
|
||||
- [LiveOverflow](https://www.youtube.com/@LiveOverflow) - CTF & binary exploitation
|
||||
- [PwnFunction](https://www.youtube.com/@PwnFunction) - Security concepts
|
||||
- [SecurityWeekly](https://www.youtube.com/@SecurityWeekly) - Security news & updates
|
||||
- [BlackHat Official](https://www.youtube.com/@BlackHatOfficialYT) - Security conferences
|
||||
- [DEFCONConference](https://www.youtube.com/@DEFCONConference) - Hacker conference talks
|
||||
|
||||
### Featured Video Playlists & Courses
|
||||
- [CompTIA A+ Full Course (31+ Hours)](https://www.youtube.com/watch?v=1CZXXNKAY5o&list=PLejqXniG-4qmFqpxbWd7Oo235uH1ffG2x&index=5)
|
||||
- [CompTIA Network+ Full Course](https://www.youtube.com/watch?v=qiQR5rTSshw&list=PLejqXniG-4qmFqpxbWd7Oo235uH1ffG2x&index=6)
|
||||
- [CompTIA Security+ SY0-701 Full Course](https://www.youtube.com/watch?v=KiEptGbnEBc&list=PLG49S3nxzAnl4QDVqK-hOnoqcSKEIDDuv)
|
||||
- [CompTIA CySA+ 2024 Crash Course (10+ Hours)](https://www.youtube.com/watch?v=qP9x0mucwVc&list=PLejqXniG-4qmFqpxbWd7Oo235uH1ffG2x&index=9)
|
||||
- [CASP+ Course](https://www.youtube.com/watch?v=vwNjLVpXNzk&list=PLCNmoXT8zexnJtDOdd8Owa8TAdSVVWF-J)
|
||||
- [Ethical Hacking 15 Hours Course](https://www.youtube.com/watch?v=3FNYvj2U0HM&list=PLejqXniG-4qmFqpxbWd7Oo235uH1ffG2x&index=13)
|
||||
- [Complete Ethical Hacking 16 Hours](https://www.youtube.com/watch?v=w_oxcjPOWos&list=PLejqXniG-4qmFqpxbWd7Oo235uH1ffG2x&index=4)
|
||||
- [Python Full Course for Free](https://www.youtube.com/watch?v=ix9cRaBkVe0)
|
||||
- [Subnetting Mastery](https://www.youtube.com/watch?v=BWZ-MHIhqjM&list=PLIFyRwBY_4bQUE4IB5c4VPRyDoLgOdExE)
|
||||
- [NMAP Full Guide](https://www.youtube.com/watch?v=JHAMj2vN2oU&t=33s)
|
||||
|
||||
### Learning Science & Study Techniques
|
||||
- [Optimal Protocols for Studying & Learning](https://youtu.be/ddq8JIMhz7c?si=qT00KFkFBAwm7LP7)
|
||||
- [How to Study Using Active Recall](https://youtu.be/mzexJPoXBCM?si=sv-yeuIoLF9pwDRG)
|
||||
- [Learning with Failures, Movement & Balance](https://youtu.be/jwChiek_aRY?si=3kyPbIAVwJWMPfnG)
|
||||
|
||||
### Practice Exam Videos
|
||||
- [CompTIA Security+ PBQ](https://youtu.be/zfwxSmL4n6w?si=q5lXlvmViTK6TnSI)
|
||||
- [CompTIA Network+ PBQ](https://www.youtube.com/live/9cdL214y-u0?si=lCSxriFy636PbOnR)
|
||||
- [CompTIA CySA+ PBQ](https://www.youtube.com/live/0NMffWaxlmA?si=Rm9IBkZ04OAxFJtp)
|
||||
- [CompTIA CASP+ PBQ](https://www.youtube.com/live/eInvTuYBF3Q?si=Hbe4mWLd3X31AUkA)
|
||||
|
||||
---
|
||||
|
||||
## Reddit Communities
|
||||
|
||||
### Main Subreddits
|
||||
- [r/CompTIA](https://www.reddit.com/r/CompTIA/) - CompTIA certifications
|
||||
- [r/CyberSecurity](https://www.reddit.com/r/cybersecurity/) - Cybersecurity discussions
|
||||
- [r/AskNetsec](https://www.reddit.com/r/AskNetsec/) - Network security Q&A
|
||||
- [r/ITCareerQuestions](https://www.reddit.com/r/ITCareerQuestions/) - Career advice
|
||||
- [r/InformationSecurity](https://www.reddit.com/r/InformationSecurity/) - InfoSec discussions
|
||||
- [r/netsec](https://www.reddit.com/r/netsec/) - Network security news
|
||||
- [r/ethicalhacking](https://www.reddit.com/r/ethicalhacking/) - Ethical hacking
|
||||
- [r/BlueTeamSec](https://www.reddit.com/r/BlueTeamSec/) - Defensive security
|
||||
- [r/RedTeam](https://www.reddit.com/r/RedTeam/) - Offensive security
|
||||
- [r/netsecstudents](https://www.reddit.com/r/netsecstudents/) - Students learning security
|
||||
|
||||
### Certification-Specific Communities
|
||||
- [r/Casp](https://www.reddit.com/r/casp/) - CASP+ certification
|
||||
- [r/CCNA](https://www.reddit.com/r/ccna/) - CCNA certification
|
||||
- [r/WGU](https://www.reddit.com/r/WGU/) - Western Governors University
|
||||
- [r/sysadmin](https://www.reddit.com/r/sysadmin/) - System administration
|
||||
- [r/linuxquestions](https://www.reddit.com/r/linuxquestions/) - Linux help
|
||||
- [r/ReverseEngineering](https://www.reddit.com/r/ReverseEngineering/) - Reverse engineering
|
||||
- [r/ITsecurity](https://www.reddit.com/r/ITsecurity/) - IT security
|
||||
|
||||
### Popular Reddit Posts
|
||||
- [Master List: Study Resources for A+, Network+, Security+](https://www.reddit.com/r/CompTIA/comments/i7hx4t/master_list_i_compiled_and_ranked_every_major/)
|
||||
- [How I Passed Sec+](https://www.reddit.com/r/CompTIA/comments/zkjs1d/how_a_dumdum_like_me_passed_sec/)
|
||||
- [How I Passed CompTIA A+, N+, S+](https://www.reddit.com/r/CompTIA/comments/1cra3cg/how_i_passed_comptia_a_n_s/)
|
||||
- [Passed Sec+, PenTest+, CySA+ in 2 Months 22 Days](https://www.reddit.com/r/CompTIA/comments/1f5cofp/passed_sec_pentest_cysa_in_2_months_22_days/)
|
||||
- [34 Year Old, No IT Experience, Got Hired After A+ Cert](https://www.reddit.com/r/CompTIA/comments/m38lb8/update_34_years_old_posted_a_month_ago_about/)
|
||||
- [Hiring Manager Advice to Newbies](https://www.reddit.com/r/ITCareerQuestions/comments/ni4vnm/general_advice_from_a_hiring_manager_and_23_year/)
|
||||
- [CompTIA Trifecta in 6 Months](https://www.reddit.com/r/CompTIA/comments/1fmjb2p/just_passed_network_got_the_trifecta_in_about_6/)
|
||||
- [I Passed CASP+ Study Guide](https://www.reddit.com/r/casp/comments/1ft2qjr/i_passed_casp_this_is_what_i_did_to_prepare/)
|
||||
|
||||
---
|
||||
|
||||
## Security Frameworks
|
||||
|
||||
### NIST Framework Suite
|
||||
- [NIST Cybersecurity Framework](https://www.nist.gov/cyberframework)
|
||||
- [NIST Privacy Framework](https://www.nist.gov/privacy-framework)
|
||||
- [NIST 800-53 Security Controls](https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final)
|
||||
- [NIST 800-171](https://csrc.nist.gov/publications/detail/sp/800-171/rev-2/final)
|
||||
- [NIST 800-37 Risk Management Framework](https://csrc.nist.gov/publications/detail/sp/800-37/rev-2/final)
|
||||
- [NIST 800-39 Managing Information Security Risk](https://csrc.nist.gov/publications/detail/sp/800-39/final)
|
||||
- [NIST 800-61 Incident Handling Guide](https://csrc.nist.gov/publications/detail/sp/800-61/rev-2/final)
|
||||
- [NIST 800-63 Digital Identity Guidelines](https://pages.nist.gov/800-63-3/)
|
||||
- [NIST 800-207 Zero Trust Architecture](https://csrc.nist.gov/publications/detail/sp/800-207/final)
|
||||
- [NIST 800-218 Secure Software Development Framework](https://csrc.nist.gov/publications/detail/sp/800-218/final)
|
||||
|
||||
### ISO/IEC Standards
|
||||
- [ISO/IEC 27001](https://www.iso.org/isoiec-27001-information-security.html) - Information security management
|
||||
- [ISO/IEC 27002](https://www.iso.org/standard/73906.html) - Security controls code of practice
|
||||
- [ISO/IEC 27032](https://www.iso.org/standard/44375.html) - Cybersecurity guidelines
|
||||
- [ISO/IEC 27033](https://www.iso.org/standard/63411.html) - Network security
|
||||
- [ISO/IEC 27034](https://www.iso.org/standard/44379.html) - Application security
|
||||
- [ISO 22301](https://www.iso.org/iso-22301-business-continuity.html) - Business continuity
|
||||
|
||||
### Industry Frameworks
|
||||
- [MITRE ATT&CK Framework](https://attack.mitre.org/) - Adversary tactics & techniques
|
||||
- [Lockheed Martin Cyber Kill Chain](https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html)
|
||||
- [OWASP Top 10](https://owasp.org/www-project-top-ten/) - Web application risks
|
||||
- [CIS Controls](https://www.cisecurity.org/controls) - Critical security controls
|
||||
- [Cybersecurity Maturity Model Certification (CMMC)](https://www.acq.osd.mil/cmmc/)
|
||||
- [Cloud Security Alliance CCSK](https://cloudsecurityalliance.org/education/ccsk/)
|
||||
|
||||
### Compliance & Regulatory
|
||||
- [PCI-DSS](https://www.pcisecuritystandards.org/) - Payment card security
|
||||
- [HIPAA Security Rule](https://www.hhs.gov/hipaa/for-professionals/security/index.html)
|
||||
- [GDPR](https://gdpr.eu/) - European data protection
|
||||
- [FedRAMP](https://www.fedramp.gov/) - Federal cloud security
|
||||
- [SOC 2](https://www.vanta.com/products/soc-2) - Service organization controls
|
||||
- [SOX IT Controls](https://www.sarbanes-oxley-101.com/sarbanes-oxley-compliance.htm)
|
||||
|
||||
### Analysis & Modeling
|
||||
- [Diamond Model of Intrusion Analysis](https://www.threatintel.academy/wp-content/uploads/2020/07/diamond-model.pdf)
|
||||
- [Unified Kill Chain](https://www.unifiedkillchain.com/assets/The-Unified-Kill-Chain.pdf)
|
||||
- [MITRE Shield](https://shield.mitre.org/) - Defense techniques
|
||||
- [MITRE Engage](https://engage.mitre.org/) - Adversary engagement
|
||||
- [VERIS](http://veriscommunity.net/) - Data breach framework
|
||||
|
||||
---
|
||||
|
||||
## Industry Resources
|
||||
|
||||
### Security News & Blogs
|
||||
- [Krebs on Security](https://krebsonsecurity.com/)
|
||||
- [Dark Reading](https://www.darkreading.com/)
|
||||
- [Rapid7 Blog](https://www.rapid7.com/blog/)
|
||||
- [Malwarebytes Labs](https://blog.malwarebytes.com/)
|
||||
|
||||
### Training & Education Organizations
|
||||
- [SANS Institute](https://www.sans.org/)
|
||||
- [InfoSec Institute](https://www.infosecinstitute.com/)
|
||||
- [OWASP](https://owasp.org)
|
||||
- [SANS Cyber Aces](https://www.cyberaces.org/)
|
||||
|
||||
### Professional Organizations
|
||||
- [CompTIA](https://www.comptia.org/)
|
||||
- [ISC2](https://www.isc2.org/)
|
||||
- [ISACA](https://www.isaca.org/)
|
||||
|
||||
### Development & Tools
|
||||
- [GitHub](https://github.com/) - Version control & collaboration
|
||||
- [Kali Linux](https://www.kali.org/) - Penetration testing distro
|
||||
- [Ubuntu](https://ubuntu.com/) - Linux distribution
|
||||
- [Oracle VirtualBox](https://www.oracle.com/virtualization/technologies/vm/downloads/virtualbox-downloads.html) - Virtual machines
|
||||
- [Red Hat](https://www.redhat.com/en) - Enterprise Linux
|
||||
|
||||
---
|
||||
|
||||
## Cloud Certifications
|
||||
|
||||
### AWS Cloud
|
||||
- [AWS Certified Cloud Practitioner Exam Guide](https://d1.awsstatic.com/training-and-certification/docs-cloud-practitioner/AWS-Certified-Cloud-Practitioner_Exam-Guide.pdf)
|
||||
- [AWS Cloud Practitioner Essentials (Free)](https://aws.amazon.com/training/learn-about/cloud-practitioner/)
|
||||
- [AWS Cloud Quest: Cloud Practitioner](https://aws.amazon.com/training/digital/aws-cloud-quest/)
|
||||
- [AWS Skill Builder - Free Learning Path](https://explore.skillbuilder.aws/learn/public/learning_plan/view/1/cloud-foundations-learning-plan)
|
||||
- [Ultimate AWS Certified Cloud Practitioner CLF-C02 2025](https://www.udemy.com/course/aws-certified-cloud-practitioner-new/)
|
||||
- [AWS Certified Cloud Practitioner YouTube Course](https://www.youtube.com/watch?v=SOTamWNgDKc)
|
||||
- [AWS Certified Cloud Practitioner 15 Hour FreeCodeCamp](https://www.youtube.com/watch?v=NhDYbskXRgc)
|
||||
- [AWS Security Specialty](https://aws.amazon.com/certification/certified-security-specialty/)
|
||||
|
||||
### Microsoft Azure
|
||||
- [Azure Fundamentals (AZ-900)](https://learn.microsoft.com/en-us/training/paths/az-900-describe-cloud-concepts/)
|
||||
- [Azure Security Engineer Associate](https://learn.microsoft.com/en-us/certifications/azure-security-engineer/)
|
||||
|
||||
### Google Cloud
|
||||
- [Google Cloud Digital Leader](https://cloud.google.com/certification/cloud-digital-leader)
|
||||
- [Google Professional Cloud Security Engineer](https://cloud.google.com/certification/cloud-security-engineer)
|
||||
|
||||
### Other Cloud Platforms
|
||||
- [Oracle Cloud Infrastructure Foundations](https://education.oracle.com/oracle-cloud-infrastructure-foundations-2023-associate/pexam_1Z0-1085-23)
|
||||
- [IBM Cloud Essentials](https://www.ibm.com/training/badge/cloud-essentials)
|
||||
|
||||
---
|
||||
|
||||
## CISSP Resources
|
||||
|
||||
### Official Materials
|
||||
- [CISSP Exam Outline](https://www.isc2.org/-/media/ISC2/Certifications/Exam-Outlines/CISSP-Exam-Outline-English-April-2021.ashx)
|
||||
- [ISC2 CISSP Certification Details](https://www.isc2.org/Certifications/CISSP)
|
||||
- [ISC2 Official Training](https://www.isc2.org/Training/Self-Study-Resources)
|
||||
- [Official ISC2 CISSP Study Guide (9th Edition)](https://www.amazon.com/Certified-Information-Security-Professional-Official/dp/1119786231/)
|
||||
- [CISSP Study Guide 2025-2026](https://www.amazon.com/CISSP-Study-Guide-2025-2026-Certification/dp/B0DRHZG41M)
|
||||
- [CISSP For Dummies (7th Edition)](https://www.amazon.com/CISSP-Dummies-Computer-Tech/dp/1119806836/)
|
||||
|
||||
### Practice Tests & Prep
|
||||
- [CISSP Official Practice Tests (3rd Edition)](https://www.amazon.com/CISSP-Official-ISC-Practice-Tests/dp/1119787637/)
|
||||
- [Boson CISSP Practice Exams](https://www.boson.com/practice-exam/cissp-isc2-practice-exam)
|
||||
- [TotalTester CISSP Practice Exams](https://www.totalsem.com/cissp-practice-tests/)
|
||||
- [CISSP Pocket Prep Mobile App](https://pocketprep.com/exam-bank/isc2-cissp/)
|
||||
- [CISSP Certification Complete Training 2025](https://www.udemy.com/course/cissp-certification-cissp-training/)
|
||||
- [CISSP Practice Exams 2025](https://www.udemy.com/course/cissp-practice-exams-2020/)
|
||||
|
||||
### YouTube Courses
|
||||
- [CISSP Course 2024](https://www.youtube.com/watch?v=M1_v5HBVHWo)
|
||||
- [CISSP MasterClass - Mike Chapple](https://www.youtube.com/watch?v=v8furUCfuaY)
|
||||
- [Inside CISSP - Kelly Handerhan](https://www.youtube.com/playlist?list=PL7XJSuT7Dq_XPLpbZOrNXA-lsQbvx3YeQ)
|
||||
|
||||
### Study Resources
|
||||
- [Study Notes and Theory CISSP Blog](https://www.studynotesandtheory.com/)
|
||||
- [Cybrary CISSP Course (Free)](https://www.cybrary.it/course/cissp/)
|
||||
|
||||
---
|
||||
|
||||
## LinkedIn Professionals to Follow
|
||||
|
||||
### Industry Leaders
|
||||
- [Mike Chapple](https://www.linkedin.com/in/mikechapple/) - Security educator
|
||||
- [Brian Krebs](https://www.linkedin.com/in/bkrebs/) - Security journalist
|
||||
- [Troy Hunt](https://www.linkedin.com/in/troyhunt/) - Web security expert
|
||||
- [Heath Adams](https://www.linkedin.com/in/heathadams/) - Ethical hacking educator
|
||||
- [Jason Dion](https://www.linkedin.com/in/jasondion/) - CompTIA instructor
|
||||
- [Kevin Mitnick](https://www.linkedin.com/in/kevinmitnick/) - Security consultant
|
||||
- [Chuck Brooks](https://www.linkedin.com/in/chuckbrooks/) - Security thought leader
|
||||
- [Jane Frankland](https://www.linkedin.com/in/janefrankland/) - Cybersecurity strategist
|
||||
- [Rinki Sethi](https://www.linkedin.com/in/rinkisethi/) - Security leader
|
||||
- [Tyler Cohen Wood](https://www.linkedin.com/in/tylercohenwood/) - Threat intelligence
|
||||
|
||||
### Organizations
|
||||
- [CompTIA](https://www.linkedin.com/company/comptia/posts/?feedView=all)
|
||||
- [ISC2](https://www.linkedin.com/company/isc2/)
|
||||
- [ISACA](https://www.linkedin.com/company/isaca/)
|
||||
- [SANS Institute](https://www.linkedin.com/company/sans-institute/)
|
||||
- [OWASP](https://www.linkedin.com/company/owasp/)
|
||||
|
||||
---
|
||||
|
||||
## Additional Learning Resources
|
||||
|
||||
### Specialized Platforms
|
||||
- [Infosec Skills](https://www.infosecinstitute.com/skills/) - Hands-on labs
|
||||
- [INE Security](https://ine.com/learning/areas/security) - Security specialization
|
||||
- [Offensive Security](https://www.offensive-security.com/) - Advanced training
|
||||
- [EC-Council CodeRed](https://codered.eccouncil.org/) - Interactive learning
|
||||
- [ITPRO](https://www.acilearning.com/itpro/) - IT Professional training
|
||||
- [Professor Messer Website](https://www.professormesser.com/) - Free study materials
|
||||
|
||||
### Cheat Sheets & References
|
||||
- [Digital Cloud Training AWS Cheat Sheets](https://digitalcloud.training/aws-cheat-sheets/)
|
||||
- [Tutorials Dojo AWS Exam Guide](https://tutorialsdojo.com/aws-cloud-practitioner-clf-c02-exam-guide/)
|
||||
- [wyzguys Cybersecurity Blog (CASP focused)](https://wyzguyscybersecurity.com/new-insights-for-the-casp-cas-004-exam/)
|
||||
|
||||
---
|
||||
|
||||
**Last Updated:** November 2025
|
||||
|
||||
**Tips for Success:**
|
||||
- Start with free resources to test your interest
|
||||
- Combine video courses with hands-on labs
|
||||
- Use practice exams to measure progress
|
||||
- Join communities for support and networking
|
||||
- Stay current with security news and trends
|
||||
|
|
|
|||
|
|
@ -0,0 +1,241 @@
|
|||
# Certifications & Exam Prep
|
||||
|
||||
Comprehensive certification resources including exam objectives, practice tests, official materials, and exam prep guides.
|
||||
|
||||
## CompTIA Exam Objectives
|
||||
|
||||
Official exam objectives documents for all major CompTIA certifications:
|
||||
|
||||
### Core Infrastructure
|
||||
|
||||
- [A+ Core 1 (220-1101)](https://partners.comptia.org/docs/default-source/resources/comptia-a-220-1101-exam-objectives-(3-0))
|
||||
- [A+ Core 2 (220-1102)](https://partners.comptia.org/docs/default-source/resources/comptia-a-220-1102-exam-objectives-(3-0))
|
||||
- [Network+ (N10-009)](https://partners.comptia.org/docs/default-source/resources/comptia-network-n10-009-exam-objectives-(4-0))
|
||||
|
||||
### Security
|
||||
|
||||
- [Security+ (SY0-701)](https://assets.ctfassets.net/82ripq7fjls2/6TYWUym0Nudqa8nGEnegjG/0f9b974d3b1837fe85ab8e6553f4d623/CompTIA-Security-Plus-SY0-701-Exam-Objectives.pdf)
|
||||
- [CySA+ (CS0-003)](https://partners.comptia.org/docs/default-source/resources/comptia-cysa-cs0-003-exam-objectives-(2-0))
|
||||
- [PenTest+ (PT0-003)](https://partners.comptia.org/docs/default-source/resources/comptia-pentest-pt0-003-exam-objectives-(1-0))
|
||||
- [SecurityX (CAS-005)](https://partners.comptia.org/docs/default-source/resources/comptia-securityx-cas-005-exam-objectives-(3-0))
|
||||
|
||||
### Additional Certifications
|
||||
|
||||
- [Linux+ (XK0-005)](https://partners.comptia.org/docs/default-source/resources/comptia-linux-xk0-005-exam-objectives-(1-0))
|
||||
- [Cloud+ (CV0-003)](https://partners.comptia.org/docs/default-source/resources/comptia-cloud-cv0-003-exam-objectives-(1-0))
|
||||
- [Data+ (DA0-001)](https://partners.comptia.org/docs/default-source/resources/comptia-data-da0-001-exam-objectives-(2-0))
|
||||
- [Server+ (SK0-005)](https://partners.comptia.org/docs/default-source/resources/comptia-server-sk0-005-exam-objectives-(1-0))
|
||||
|
||||
---
|
||||
|
||||
## Practice Test Resources
|
||||
|
||||
### Free Practice Tests
|
||||
|
||||
- [CertNova](https://www.certnova.com/) - Free practice tests
|
||||
- [ExamCompass](https://www.examcompass.com/) - Practice exams
|
||||
- [ExamDigest](https://examsdigest.com/) - Exam resources
|
||||
- [Quizlet](https://quizlet.com/) - Flashcards & quizzes
|
||||
|
||||
### Premium Practice Tests
|
||||
|
||||
- [Mike Meyers Practice Tests](https://www.totalsem.com/total-tester-practice-tests/) - Total Tester
|
||||
- [Boson Practice Exams](https://www.boson.com/) - Realistic exam simulations
|
||||
- [Udemy Practice Exams](https://www.udemy.com/) - Various certification practice tests
|
||||
|
||||
---
|
||||
|
||||
## Exam Vouchers & Discounts
|
||||
|
||||
### Student Discounts
|
||||
|
||||
- [CompTIA Student Discount](https://academic-store.comptia.org/) - 50% vouchers for students with valid .edu email
|
||||
|
||||
### Official Resources
|
||||
|
||||
- [Official CompTIA Resources](https://www.comptia.org/resources) - Study materials and exam information
|
||||
- [CompTIA.org](https://www.comptia.org/) - Main certification website
|
||||
- [CompTIA CertMaster](https://www.comptia.org/training/certmaster) - Official training platform
|
||||
|
||||
---
|
||||
|
||||
## Cloud Certifications
|
||||
|
||||
### AWS Certifications
|
||||
|
||||
**Foundational:**
|
||||
- [AWS Certified Cloud Practitioner](https://aws.amazon.com/certification/certified-cloud-practitioner/)
|
||||
- [Exam Guide (CLF-C02)](https://d1.awsstatic.com/training-and-certification/docs-cloud-practitioner/AWS-Certified-Cloud-Practitioner_Exam-Guide.pdf)
|
||||
|
||||
**Security:**
|
||||
- [AWS Certified Security Specialty](https://aws.amazon.com/certification/certified-security-specialty/)
|
||||
|
||||
**Resources:**
|
||||
- [AWS Cloud Practitioner Essentials (Free)](https://aws.amazon.com/training/learn-about/cloud-practitioner/)
|
||||
- [AWS Cloud Quest: Cloud Practitioner](https://aws.amazon.com/training/digital/aws-cloud-quest/)
|
||||
- [AWS Skill Builder - Free Learning Path](https://explore.skillbuilder.aws/learn/public/learning_plan/view/1/cloud-foundations-learning-plan)
|
||||
|
||||
### Microsoft Azure Certifications
|
||||
|
||||
**Foundational:**
|
||||
- [Azure Fundamentals (AZ-900)](https://learn.microsoft.com/en-us/training/paths/az-900-describe-cloud-concepts/)
|
||||
|
||||
**Security:**
|
||||
- [Azure Security Engineer Associate (AZ-500)](https://learn.microsoft.com/en-us/certifications/azure-security-engineer/)
|
||||
|
||||
### Google Cloud Certifications
|
||||
|
||||
**Foundational:**
|
||||
- [Google Cloud Digital Leader](https://cloud.google.com/certification/cloud-digital-leader)
|
||||
|
||||
**Security:**
|
||||
- [Google Professional Cloud Security Engineer](https://cloud.google.com/certification/cloud-security-engineer)
|
||||
|
||||
### Other Cloud Platforms
|
||||
|
||||
- [Oracle Cloud Infrastructure Foundations (1Z0-1085-23)](https://education.oracle.com/oracle-cloud-infrastructure-foundations-2023-associate/pexam_1Z0-1085-23)
|
||||
- [IBM Cloud Essentials](https://www.ibm.com/training/badge/cloud-essentials)
|
||||
- [Cloud Security Alliance CCSK](https://cloudsecurityalliance.org/education/ccsk/)
|
||||
|
||||
---
|
||||
|
||||
## CISSP Resources
|
||||
|
||||
### Official Materials
|
||||
|
||||
**Exam Information:**
|
||||
- [CISSP Exam Outline](https://www.isc2.org/-/media/ISC2/Certifications/Exam-Outlines/CISSP-Exam-Outline-English-April-2021.ashx)
|
||||
- [ISC2 CISSP Certification Details](https://www.isc2.org/Certifications/CISSP)
|
||||
- [ISC2 Official Training](https://www.isc2.org/Training/Self-Study-Resources)
|
||||
|
||||
**Study Guides:**
|
||||
- [Official ISC2 CISSP Study Guide (9th Edition)](https://www.amazon.com/Certified-Information-Security-Professional-Official/dp/1119786231/)
|
||||
- [CISSP Study Guide 2025-2026](https://www.amazon.com/CISSP-Study-Guide-2025-2026-Certification/dp/B0DRHZG41M)
|
||||
- [CISSP For Dummies (7th Edition)](https://www.amazon.com/CISSP-Dummies-Computer-Tech/dp/1119806836/)
|
||||
|
||||
### Practice Tests & Prep
|
||||
|
||||
**Practice Exams:**
|
||||
- [CISSP Official Practice Tests (3rd Edition)](https://www.amazon.com/CISSP-Official-ISC-Practice-Tests/dp/1119787637/)
|
||||
- [Boson CISSP Practice Exams](https://www.boson.com/practice-exam/cissp-isc2-practice-exam)
|
||||
- [TotalTester CISSP Practice Exams](https://www.totalsem.com/cissp-practice-tests/)
|
||||
- [CISSP Pocket Prep Mobile App](https://pocketprep.com/exam-bank/isc2-cissp/)
|
||||
|
||||
**Udemy Courses:**
|
||||
- [CISSP Certification Complete Training 2025](https://www.udemy.com/course/cissp-certification-cissp-training/)
|
||||
- [CISSP Practice Exams 2025](https://www.udemy.com/course/cissp-practice-exams-2020/)
|
||||
|
||||
### YouTube Courses
|
||||
|
||||
- [CISSP Course 2024](https://www.youtube.com/watch?v=M1_v5HBVHWo)
|
||||
- [CISSP MasterClass - Mike Chapple](https://www.youtube.com/watch?v=v8furUCfuaY)
|
||||
- [Inside CISSP - Kelly Handerhan](https://www.youtube.com/playlist?list=PL7XJSuT7Dq_XPLpbZOrNXA-lsQbvx3YeQ)
|
||||
|
||||
### Study Resources
|
||||
|
||||
- [Study Notes and Theory CISSP Blog](https://www.studynotesandtheory.com/)
|
||||
- [Cybrary CISSP Course (Free)](https://www.cybrary.it/course/cissp/)
|
||||
|
||||
---
|
||||
|
||||
## Offensive Security Certifications
|
||||
|
||||
### OSCP (Offensive Security Certified Professional)
|
||||
|
||||
**Official Resources:**
|
||||
- [OSCP Certification](https://www.offsec.com/courses-and-certifications/oscp-certification)
|
||||
- [PWK Course (PEN-200)](https://www.offensive-security.com/pwk-oscp/)
|
||||
- [Proving Grounds Practice Labs](https://www.offensive-security.com/labs/)
|
||||
|
||||
### OSWE (Offensive Security Web Expert)
|
||||
|
||||
**Official Resources:**
|
||||
- [OSWE Certification](https://www.offensive-security.com/web-expert-oswe/)
|
||||
- [AWE Course (WEB-300)](https://www.offensive-security.com/awe-oswe/)
|
||||
|
||||
### OSEP (Offensive Security Experienced Penetration Tester)
|
||||
|
||||
**Official Resources:**
|
||||
- [OSEP Certification](https://www.offsec.com/courses-and-certifications/osep-certification)
|
||||
- [PEN-300 Course](https://www.offensive-security.com/pen300-osep/)
|
||||
|
||||
---
|
||||
|
||||
## EC-Council Certifications
|
||||
|
||||
### CEH (Certified Ethical Hacker)
|
||||
|
||||
**Official Resources:**
|
||||
- [CEH v12 Certification](https://www.eccouncil.org/train-certify/certified-ethical-hacker-ceh-v12/)
|
||||
- [EC-Council Training](https://www.eccouncil.org/train-certify/)
|
||||
|
||||
---
|
||||
|
||||
## GIAC Certifications
|
||||
|
||||
### Security Essentials
|
||||
|
||||
- [GSEC - Security Essentials](https://www.giac.org/certifications/security-essentials-gsec/)
|
||||
|
||||
### Penetration Testing
|
||||
|
||||
- [GPEN - Penetration Tester](https://www.giac.org/certifications/penetration-tester-gpen/)
|
||||
- [GWAPT - Web Application Penetration Tester](https://www.giac.org/certifications/web-application-penetration-tester-gwapt/)
|
||||
- [GXPN - Exploit Researcher and Advanced Penetration Tester](https://www.giac.org/certification/exploit-researcher-advanced-penetration-tester-gxpn/)
|
||||
|
||||
### Incident Response
|
||||
|
||||
- [GCIH - Certified Incident Handler](https://www.giac.org/certifications/certified-incident-handler-gcih/)
|
||||
- [GCFA - Certified Forensic Analyst](https://www.giac.org/certifications/certified-forensic-analyst-gcfa/)
|
||||
|
||||
---
|
||||
|
||||
## ISACA Certifications
|
||||
|
||||
### Audit & Governance
|
||||
|
||||
- [CISA - Certified Information Systems Auditor](https://www.isaca.org/credentialing/cisa)
|
||||
- [CRISC - Risk and Information Systems Control](https://www.isaca.org/credentialing/crisc)
|
||||
- [CISM - Certified Information Security Manager](https://www.isaca.org/credentialing/cism)
|
||||
|
||||
---
|
||||
|
||||
## Cisco Certifications
|
||||
|
||||
### Network Security
|
||||
|
||||
- [CCNA - Cisco Certified Network Associate](https://www.cisco.com/c/en/us/training-events/training-certifications/certifications/associate/ccna.html)
|
||||
- [CCNP Security](https://www.cisco.com/c/en/us/training-events/training-certifications/certifications/professional/ccnp-security-v2.html)
|
||||
|
||||
---
|
||||
|
||||
## Additional Certifications
|
||||
|
||||
### SANS/GIAC
|
||||
|
||||
- [SANS Certification Catalog](https://www.sans.org/cyber-security-certifications/)
|
||||
|
||||
### Vendor-Specific
|
||||
|
||||
- [Microsoft Security Certifications](https://learn.microsoft.com/en-us/certifications/browse/?products=azure%2Cm365&type=role-based)
|
||||
- [Check Point CCSA/CCSE](https://www.checkpoint.com/support-services/training-certification/)
|
||||
- [Palo Alto Networks PCNSA/PCNSE](https://www.paloaltonetworks.com/services/education/certification)
|
||||
|
||||
---
|
||||
|
||||
## Certification Tracking & Communities
|
||||
|
||||
### Study Communities
|
||||
|
||||
- [r/CompTIA](https://www.reddit.com/r/CompTIA/) - CompTIA certification community
|
||||
- [r/CISSP](https://www.reddit.com/r/cissp/) - CISSP study group
|
||||
- [Discord Servers](https://discord.com/) - Various certification study groups
|
||||
|
||||
### Career Planning
|
||||
|
||||
For detailed certification roadmaps by career path, see:
|
||||
- [Certification Roadmaps](../ROADMAPS/README.md)
|
||||
|
||||
---
|
||||
|
||||
[Back to Resources](./README.md) | [Back to Main](../README.md)
|
||||
|
|
@ -0,0 +1,231 @@
|
|||
# Communities & Content Creators
|
||||
|
||||
Connect with cybersecurity professionals, educators, and communities across YouTube, Reddit, LinkedIn, and other platforms.
|
||||
|
||||
## YouTube Channels & Videos
|
||||
|
||||
### Top Cybersecurity Channels
|
||||
|
||||
**Certification Training:**
|
||||
- [Professor Messer](https://www.youtube.com/@professormesser) - CompTIA certification prep (Security+, Network+, A+)
|
||||
- [CBT Nuggets](https://www.youtube.com/user/cbtnuggets) - Professional IT training
|
||||
- [ITProTV](https://www.youtube.com/user/ITProTV) - IT certifications and training
|
||||
|
||||
**Networking & Security:**
|
||||
- [NetworkChuck](https://www.youtube.com/@NetworkChuck) - Networking, security, and IT tutorials
|
||||
- [PowerCert Animated Videos](https://www.youtube.com/@PowerCertAnimatedVideos) - Educational IT animations
|
||||
- [howtonetwork](https://www.youtube.com/@howtonetworkcom) - Network fundamentals
|
||||
- [Practical Networking](https://www.youtube.com/@PracticalNetworking) - Networking concepts explained
|
||||
- [David Bombal](https://www.youtube.com/@davidbombal) - Cisco, networking, and cybersecurity
|
||||
|
||||
**Ethical Hacking & Pentesting:**
|
||||
- [HackerSploit](https://www.youtube.com/@HackerSploit) - Ethical hacking tutorials and cybersecurity
|
||||
- [The Cyber Mentor](https://www.youtube.com/channel/UC0ArlFuFYMpEewyRBzdLHiw) - Ethical hacking and penetration testing
|
||||
- [John Hammond](https://www.youtube.com/@_JohnHammond) - Hacking, CTFs, and security challenges
|
||||
- [LiveOverflow](https://www.youtube.com/@LiveOverflow) - CTF walkthroughs and binary exploitation
|
||||
- [PwnFunction](https://www.youtube.com/@PwnFunction) - Security concepts and vulnerability explanations
|
||||
|
||||
**Cybersecurity Education:**
|
||||
- [Cyberkraft](https://www.youtube.com/@cyberkraft) - Cybersecurity education and career advice
|
||||
- [freeCodeCamp.org](https://www.youtube.com/freecodecamp) - Free comprehensive programming and security courses
|
||||
- [Eli the Computer Guy](https://www.youtube.com/user/elithecomputerguy) - IT fundamentals and networking
|
||||
|
||||
**Career & Productivity:**
|
||||
- [With Sandra](https://www.youtube.com/@WithSandra) - Tech career advice
|
||||
- [Andrew Huberman](https://www.youtube.com/@hubermanlab) - Learning science and productivity
|
||||
- [Tech with Jono](https://www.youtube.com/@TechwithJono) - Tech tutorials
|
||||
|
||||
**Security News & Conferences:**
|
||||
- [SecurityWeekly](https://www.youtube.com/@SecurityWeekly) - Security news and weekly updates
|
||||
- [BlackHat Official](https://www.youtube.com/@BlackHatOfficialYT) - Security conference presentations
|
||||
- [DEFCONConference](https://www.youtube.com/@DEFCONConference) - Hacker conference talks
|
||||
|
||||
---
|
||||
|
||||
## Reddit Communities
|
||||
|
||||
### Main Cybersecurity Subreddits
|
||||
|
||||
**General Security:**
|
||||
- [r/CyberSecurity](https://www.reddit.com/r/cybersecurity/) - General cybersecurity discussions
|
||||
- [r/InformationSecurity](https://www.reddit.com/r/InformationSecurity/) - InfoSec news and discussions
|
||||
- [r/netsec](https://www.reddit.com/r/netsec/) - Network security news and research
|
||||
- [r/AskNetsec](https://www.reddit.com/r/AskNetsec/) - Network security Q&A
|
||||
- [r/ITsecurity](https://www.reddit.com/r/ITsecurity/) - IT security discussions
|
||||
|
||||
**Offensive & Defensive Security:**
|
||||
- [r/ethicalhacking](https://www.reddit.com/r/ethicalhacking/) - Ethical hacking community
|
||||
- [r/BlueTeamSec](https://www.reddit.com/r/BlueTeamSec/) - Defensive security (blue team)
|
||||
- [r/RedTeam](https://www.reddit.com/r/RedTeam/) - Offensive security (red team)
|
||||
- [r/netsecstudents](https://www.reddit.com/r/netsecstudents/) - Students learning security
|
||||
|
||||
**Career & Learning:**
|
||||
- [r/CompTIA](https://www.reddit.com/r/CompTIA/) - CompTIA certifications discussion
|
||||
- [r/ITCareerQuestions](https://www.reddit.com/r/ITCareerQuestions/) - IT and security career advice
|
||||
|
||||
### Certification-Specific Communities
|
||||
|
||||
**CompTIA:**
|
||||
- [r/CompTIA](https://www.reddit.com/r/CompTIA/) - All CompTIA certifications
|
||||
- [r/Casp](https://www.reddit.com/r/casp/) - CASP+/SecurityX certification
|
||||
|
||||
**Networking:**
|
||||
- [r/CCNA](https://www.reddit.com/r/ccna/) - Cisco CCNA certification
|
||||
- [r/sysadmin](https://www.reddit.com/r/sysadmin/) - System administration
|
||||
|
||||
**Operating Systems:**
|
||||
- [r/linuxquestions](https://www.reddit.com/r/linuxquestions/) - Linux help and questions
|
||||
|
||||
**Specialized:**
|
||||
- [r/ReverseEngineering](https://www.reddit.com/r/ReverseEngineering/) - Reverse engineering discussions
|
||||
- [r/WGU](https://www.reddit.com/r/WGU/) - Western Governors University IT programs
|
||||
|
||||
### Popular Reddit Study Posts
|
||||
|
||||
**Certification Success Stories:**
|
||||
- [Master List: Study Resources for A+, Network+, Security+](https://www.reddit.com/r/CompTIA/comments/i7hx4t/master_list_i_compiled_and_ranked_every_major/)
|
||||
- [How I Passed Sec+](https://www.reddit.com/r/CompTIA/comments/zkjs1d/how_a_dumdum_like_me_passed_sec/)
|
||||
- [How I Passed CompTIA A+, N+, S+](https://www.reddit.com/r/CompTIA/comments/1cra3cg/how_i_passed_comptia_a_n_s/)
|
||||
- [Passed Sec+, PenTest+, CySA+ in 2 Months 22 Days](https://www.reddit.com/r/CompTIA/comments/1f5cofp/passed_sec_pentest_cysa_in_2_months_22_days/)
|
||||
- [CompTIA Trifecta in 6 Months](https://www.reddit.com/r/CompTIA/comments/1fmjb2p/just_passed_network_got_the_trifecta_in_about_6/)
|
||||
- [I Passed CASP+ Study Guide](https://www.reddit.com/r/casp/comments/1ft2qjr/i_passed_casp_this_is_what_i_did_to_prepare/)
|
||||
|
||||
**Career Advice:**
|
||||
- [34 Year Old, No IT Experience, Got Hired After A+ Cert](https://www.reddit.com/r/CompTIA/comments/m38lb8/update_34_years_old_posted_a_month_ago_about/)
|
||||
- [Hiring Manager Advice to Newbies](https://www.reddit.com/r/ITCareerQuestions/comments/ni4vnm/general_advice_from_a_hiring_manager_and_23_year/)
|
||||
|
||||
---
|
||||
|
||||
## LinkedIn Professionals to Follow
|
||||
|
||||
### Industry Leaders & Educators
|
||||
|
||||
**Security Educators:**
|
||||
- [Mike Chapple](https://www.linkedin.com/in/mikechapple/) - Security educator and CISSP instructor
|
||||
- [Jason Dion](https://www.linkedin.com/in/jasondion/) - CompTIA instructor and course creator
|
||||
- [Heath Adams](https://www.linkedin.com/in/heathadams/) - Ethical hacking educator (The Cyber Mentor)
|
||||
|
||||
**Security Researchers & Journalists:**
|
||||
- [Brian Krebs](https://www.linkedin.com/in/bkrebs/) - Security journalist and researcher
|
||||
- [Troy Hunt](https://www.linkedin.com/in/troyhunt/) - Web security expert, creator of Have I Been Pwned
|
||||
- [Kevin Mitnick](https://www.linkedin.com/in/kevinmitnick/) - Security consultant and former hacker
|
||||
|
||||
**Thought Leaders:**
|
||||
- [Chuck Brooks](https://www.linkedin.com/in/chuckbrooks/) - Cybersecurity thought leader
|
||||
- [Jane Frankland](https://www.linkedin.com/in/janefrankland/) - Cybersecurity strategist
|
||||
- [Rinki Sethi](https://www.linkedin.com/in/rinkisethi/) - Security leader
|
||||
- [Tyler Cohen Wood](https://www.linkedin.com/in/tylercohenwood/) - Threat intelligence expert
|
||||
|
||||
### Professional Organizations
|
||||
|
||||
**Major Organizations:**
|
||||
- [CompTIA](https://www.linkedin.com/company/comptia/posts/?feedView=all) - IT industry association
|
||||
- [ISC2](https://www.linkedin.com/company/isc2/) - Cybersecurity certification body
|
||||
- [ISACA](https://www.linkedin.com/company/isaca/) - IT audit and governance
|
||||
- [SANS Institute](https://www.linkedin.com/company/sans-institute/) - Security training
|
||||
- [OWASP](https://www.linkedin.com/company/owasp/) - Open Web Application Security Project
|
||||
|
||||
---
|
||||
|
||||
## Security News & Blogs
|
||||
|
||||
### Industry News Sites
|
||||
|
||||
**Top Security Blogs:**
|
||||
- [Krebs on Security](https://krebsonsecurity.com/) - In-depth security news by Brian Krebs
|
||||
- [Dark Reading](https://www.darkreading.com/) - Cybersecurity news and analysis
|
||||
- [Rapid7 Blog](https://www.rapid7.com/blog/) - Security research and insights
|
||||
- [Malwarebytes Labs](https://blog.malwarebytes.com/) - Threat intelligence and research
|
||||
|
||||
**RSS Feeds & Aggregators:**
|
||||
- [The Hacker News](https://thehackernews.com/) - Breaking cybersecurity news
|
||||
- [Threatpost](https://threatpost.com/) - Security news
|
||||
- [SecurityWeek](https://www.securityweek.com/) - Enterprise security news
|
||||
|
||||
---
|
||||
|
||||
## Security Conferences & Events
|
||||
|
||||
### Major Conferences
|
||||
|
||||
**Premier Events:**
|
||||
- [Black Hat](https://www.blackhat.com/) - Leading security conference
|
||||
- [DEF CON](https://defcon.org/) - Hacker convention
|
||||
- [RSA Conference](https://www.rsaconference.com/) - Security industry event
|
||||
- [BSides](http://www.securitybsides.com/) - Community-driven security conferences
|
||||
|
||||
**Specialized Events:**
|
||||
- [SANS Security Summit](https://www.sans.org/cyber-security-summit/) - Training-focused events
|
||||
- [OWASP Global AppSec](https://owasp.org/events/) - Application security conference
|
||||
- [ShmooCon](https://www.shmoocon.org/) - Hacker convention
|
||||
|
||||
---
|
||||
|
||||
## Podcasts
|
||||
|
||||
### Security Podcasts
|
||||
|
||||
- [Darknet Diaries](https://darknetdiaries.com/) - True stories from the dark side of the Internet
|
||||
- [Security Now](https://twit.tv/shows/security-now) - Weekly security discussion
|
||||
- [Risky Business](https://risky.biz/) - Information security podcast
|
||||
- [SANS Internet Stormcenter Daily](https://isc.sans.edu/podcast.html) - Daily security podcast
|
||||
- [The CyberWire Daily](https://thecyberwire.com/podcasts/daily-podcast) - Daily cybersecurity news
|
||||
|
||||
---
|
||||
|
||||
## Discord & Slack Communities
|
||||
|
||||
### Study Groups
|
||||
|
||||
**Popular Servers:**
|
||||
- TryHackMe Official Discord
|
||||
- Hack The Box Discord
|
||||
- r/CompTIA Discord
|
||||
- OSCP Study Groups
|
||||
- Various certification-specific servers
|
||||
|
||||
**Finding Communities:**
|
||||
- Search Discord for "cybersecurity" or specific certification names
|
||||
- Check subreddit sidebars for official Discord links
|
||||
- Join course-specific communities (Udemy, Cybrary, etc.)
|
||||
|
||||
---
|
||||
|
||||
## Twitter/X Security Community
|
||||
|
||||
### Security Researchers to Follow
|
||||
|
||||
**Notable Accounts:**
|
||||
- Follow researchers who present at Black Hat, DEF CON
|
||||
- CERT/CC and national security organizations
|
||||
- Security tool developers and maintainers
|
||||
- Vulnerability researchers and bug bounty hunters
|
||||
|
||||
**Hashtags:**
|
||||
- #InfoSec
|
||||
- #CyberSecurity
|
||||
- #Hacking
|
||||
- #BugBounty
|
||||
- #ThreatIntel
|
||||
|
||||
---
|
||||
|
||||
## Professional Organizations
|
||||
|
||||
### Membership Organizations
|
||||
|
||||
**Global Organizations:**
|
||||
- [CompTIA](https://www.comptia.org/) - Computing Technology Industry Association
|
||||
- [ISC2](https://www.isc2.org/) - International Information System Security Certification Consortium
|
||||
- [ISACA](https://www.isaca.org/) - Information Systems Audit and Control Association
|
||||
- [SANS Institute](https://www.sans.org/) - SysAdmin, Audit, Network, and Security Institute
|
||||
- [OWASP](https://owasp.org) - Open Web Application Security Project
|
||||
|
||||
**Regional & Specialized:**
|
||||
- [ISSA](https://www.issa.org/) - Information Systems Security Association
|
||||
- [EC-Council](https://www.eccouncil.org/) - International Council of E-Commerce Consultants
|
||||
- [Cloud Security Alliance](https://cloudsecurityalliance.org/) - Cloud security best practices
|
||||
|
||||
---
|
||||
|
||||
[Back to Resources](./README.md) | [Back to Main](../README.md)
|
||||
|
|
@ -0,0 +1,204 @@
|
|||
# Courses & Training
|
||||
|
||||
Comprehensive list of free and premium learning platforms, courses, and training programs for cybersecurity professionals.
|
||||
|
||||
## Study Platforms & Courses
|
||||
|
||||
### Free Learning Platforms
|
||||
|
||||
- [Cybrary](https://www.cybrary.it) - Free cybersecurity courses
|
||||
- [TryHackMe](https://tryhackme.com/) - Interactive hacking challenges
|
||||
- [Hack The Box](https://www.hackthebox.com/) - Penetration testing labs
|
||||
- [HackTheBox Academy](https://academy.hackthebox.com/) - Structured learning paths
|
||||
- [SANS Cyber Aces Online](https://www.cyberaces.org/) - Free tutorials
|
||||
- [Coursera](https://www.coursera.org/) - University-level courses
|
||||
- [edX Cybersecurity Programs](https://www.edx.org/professional-certificate/cybersecurity) - Professional certificates
|
||||
- [freeCodeCamp](https://www.youtube.com/freecodecamp) - Free comprehensive courses
|
||||
- [Codecademy Cybersecurity](https://www.codecademy.com/catalog/subject/cybersecurity) - Interactive coding
|
||||
|
||||
### Premium Platforms
|
||||
|
||||
- [Pluralsight](https://www.pluralsight.com/) - Tech skill development
|
||||
- [CBT Nuggets](https://www.cbtnuggets.com/) - Video training
|
||||
- [LinkedIn Learning](https://www.linkedin.com/learning/) - Professional development
|
||||
- [INE Security Courses](https://ine.com/learning/areas/security) - Cybersecurity specialization
|
||||
- [Infosec Skills](https://www.infosecinstitute.com/skills/) - Hands-on labs
|
||||
- [Offensive Security (OffSec)](https://www.offensive-security.com/) - Advanced training
|
||||
- [TestOut](https://testoutce.com/) - Certification prep
|
||||
- [EC-Council CodeRed](https://codered.eccouncil.org/) - Interactive learning
|
||||
- [ITPRO](https://www.acilearning.com/itpro/) - IT Professional training
|
||||
|
||||
---
|
||||
|
||||
## Udemy Courses
|
||||
|
||||
### CompTIA Certification Courses
|
||||
|
||||
**Security+:**
|
||||
- [CompTIA Security+ (SY0-701) Complete Course & Exam](https://www.udemy.com/course/securityplus)
|
||||
- [CompTIA Security+ (SY0-701) Practice Exams Set 1](https://www.udemy.com/course/comptia-security-sy0-701-practice-exams/)
|
||||
- [CompTIA Security+ (SY0-701) Practice Exams Set 2](https://www.udemy.com/course/comptia-security-sy0-701-practice-exams-2nd-edition/)
|
||||
- [TOTAL: CompTIA Security+ Certification Course + Exam SY0-701](https://www.udemy.com/course/total-comptia-security-plus/)
|
||||
|
||||
**A+:**
|
||||
- [CompTIA A+ Core 1 (220-1101) Complete Course & Practice Exam](https://www.udemy.com/course/comptia-a-core-1/)
|
||||
- [CompTIA A+ Core 2 (220-1102) Complete Course & Practice Exam](https://www.udemy.com/course/comptia-a-core-2/)
|
||||
- [CompTIA A+ (220-1101) Core 1 Practice Exams](https://www.udemy.com/course/comptia-a-220-1101-core-1-practice-exams-new-for-2022/)
|
||||
- [CompTIA A+ (220-1102) Core 2 Practice Exams](https://www.udemy.com/course/comptia-a-220-1102-core-2-practice-exams-new-for-2022/)
|
||||
- [CompTIA A+ Core 1 & Core 2 - IT Cert Doctor - 2024](https://www.udemy.com/course/it-cert-doctor-comptia-a-220-1101-1102/)
|
||||
|
||||
**Network+:**
|
||||
- [CompTIA Network+ (N10-009) Full Course & Practice Exam](https://www.udemy.com/course/comptia-network-009/)
|
||||
- [CompTIA Network+ (N10-009) 6 Full Practice Exams Set 1](https://www.udemy.com/course/comptia-network-n10-009-6-practice-exams-and-pbqs-set-1/)
|
||||
- [CompTIA Network+ (N10-009) 6 Full Practice Exams Set 2](https://www.udemy.com/course/comptia-network-n10-009-6-practice-exams-and-pbqs-set-2/)
|
||||
|
||||
**CySA+:**
|
||||
- [CompTIA CySA+ (CS0-003) Complete Course & Practice Exam](https://www.udemy.com/course/comptia-cysa-003/)
|
||||
- [CompTIA CySA+ (CS0-003) Practice Exams](https://www.udemy.com/course/comptia-cysa-cs0-003-practice-exams/)
|
||||
|
||||
**PenTest+:**
|
||||
- [CompTIA PenTest+ (PT0-003) Full Course & Practice Exam](https://www.udemy.com/course/pentestplus/)
|
||||
- [CompTIA PenTest+ (PT0-003) 6 Practice Exams](https://www.udemy.com/course/comptia-pentest-pt0-003-6-practice-exams/)
|
||||
|
||||
**SecurityX (formerly CASP+):**
|
||||
- [CompTIA SecurityX (CAS-005) Complete Course & Practice Exam](https://www.udemy.com/course/casp-plus/)
|
||||
- [CompTIA SecurityX (CAS-005) Practice Exam Prep](https://www.udemy.com/course/comptia-securityx-practice-exam-prep-new/)
|
||||
|
||||
**Linux+:**
|
||||
- [CompTIA Linux+ (XK0-005) Complete Course & Exam](https://www.udemy.com/course/comptia-linux/)
|
||||
- [CompTIA Linux+ (XK0-005) Practice Exams & Simulated PBQs](https://www.udemy.com/course/comptia-linux-exams/)
|
||||
|
||||
### Other Security Courses
|
||||
|
||||
**General Cybersecurity:**
|
||||
- [The Complete Cyber Security Course : Hackers Exposed!](https://www.udemy.com/course/the-complete-internet-security-privacy-course-volume-1/)
|
||||
- [The Complete Cyber Security Course : Network Security!](https://www.udemy.com/course/network-security-course/)
|
||||
- [The Complete Cyber Security Course : End Point Protection!](https://www.udemy.com/course/the-complete-cyber-security-course-end-point-protection/)
|
||||
- [Complete Ethical Hacking & Cyber Security Masterclass Course](https://www.udemy.com/course/ethicalhackingcourse/)
|
||||
|
||||
**Frameworks & Advanced:**
|
||||
- [Implementing the NIST Cybersecurity Framework (CSF)](https://www.udemy.com/course/nist-cybersecurity-framework/)
|
||||
- [ISC2 CISSP Full Course & Practice Exam](https://www.udemy.com/course/isc2-cissp-full-course-practice-exam/)
|
||||
- [ISC2 CISSP 6 Practice Exams](https://www.udemy.com/course/isc2-cissp-6-practice-exams/)
|
||||
- [The Complete Certified in Cybersecurity CC course ISC2 2024](https://www.udemy.com/course/certifiedincybersecurity/)
|
||||
|
||||
---
|
||||
|
||||
## YouTube Courses & Playlists
|
||||
|
||||
### Full Certification Courses
|
||||
|
||||
**CompTIA:**
|
||||
- [CompTIA A+ Full Course (31+ Hours)](https://www.youtube.com/watch?v=1CZXXNKAY5o&list=PLejqXniG-4qmFqpxbWd7Oo235uH1ffG2x&index=5)
|
||||
- [CompTIA Network+ Full Course](https://www.youtube.com/watch?v=qiQR5rTSshw&list=PLejqXniG-4qmFqpxbWd7Oo235uH1ffG2x&index=6)
|
||||
- [CompTIA Security+ SY0-701 Full Course](https://www.youtube.com/watch?v=KiEptGbnEBc&list=PLG49S3nxzAnl4QDVqK-hOnoqcSKEIDDuv)
|
||||
- [CompTIA CySA+ 2024 Crash Course (10+ Hours)](https://www.youtube.com/watch?v=qP9x0mucwVc&list=PLejqXniG-4qmFqpxbWd7Oo235uH1ffG2x&index=9)
|
||||
- [CASP+ Course](https://www.youtube.com/watch?v=vwNjLVpXNzk&list=PLCNmoXT8zexnJtDOdd8Owa8TAdSVVWF-J)
|
||||
|
||||
**Ethical Hacking:**
|
||||
- [Ethical Hacking 15 Hours Course](https://www.youtube.com/watch?v=3FNYvj2U0HM&list=PLejqXniG-4qmFqpxbWd7Oo235uH1ffG2x&index=13)
|
||||
- [Complete Ethical Hacking 16 Hours](https://www.youtube.com/watch?v=w_oxcjPOWos&list=PLejqXniG-4qmFqpxbWd7Oo235uH1ffG2x&index=4)
|
||||
|
||||
**Other Topics:**
|
||||
- [Python Full Course for Free](https://www.youtube.com/watch?v=ix9cRaBkVe0)
|
||||
- [Subnetting Mastery](https://www.youtube.com/watch?v=BWZ-MHIhqjM&list=PLIFyRwBY_4bQUE4IB5c4VPRyDoLgOdExE)
|
||||
- [NMAP Full Guide](https://www.youtube.com/watch?v=JHAMj2vN2oU&t=33s)
|
||||
|
||||
### Learning Science & Study Techniques
|
||||
|
||||
- [Optimal Protocols for Studying & Learning](https://youtu.be/ddq8JIMhz7c?si=qT00KFkFBAwm7LP7)
|
||||
- [How to Study Using Active Recall](https://youtu.be/mzexJPoXBCM?si=sv-yeuIoLF9pwDRG)
|
||||
- [Learning with Failures, Movement & Balance](https://youtu.be/jwChiek_aRY?si=3kyPbIAVwJWMPfnG)
|
||||
|
||||
### Practice Exam Videos
|
||||
|
||||
- [CompTIA Security+ PBQ](https://youtu.be/zfwxSmL4n6w?si=q5lXlvmViTK6TnSI)
|
||||
- [CompTIA Network+ PBQ](https://www.youtube.com/live/9cdL214y-u0?si=lCSxriFy636PbOnR)
|
||||
- [CompTIA CySA+ PBQ](https://www.youtube.com/live/0NMffWaxlmA?si=Rm9IBkZ04OAxFJtp)
|
||||
- [CompTIA CASP+ PBQ](https://www.youtube.com/live/eInvTuYBF3Q?si=Hbe4mWLd3X31AUkA)
|
||||
|
||||
---
|
||||
|
||||
## Cloud Provider Training
|
||||
|
||||
### AWS Cloud
|
||||
|
||||
**Official AWS:**
|
||||
- [AWS Cloud Practitioner Essentials (Free)](https://aws.amazon.com/training/learn-about/cloud-practitioner/)
|
||||
- [AWS Cloud Quest: Cloud Practitioner](https://aws.amazon.com/training/digital/aws-cloud-quest/)
|
||||
- [AWS Skill Builder - Free Learning Path](https://explore.skillbuilder.aws/learn/public/learning_plan/view/1/cloud-foundations-learning-plan)
|
||||
|
||||
**Third-Party AWS Courses:**
|
||||
- [Ultimate AWS Certified Cloud Practitioner CLF-C02 2025](https://www.udemy.com/course/aws-certified-cloud-practitioner-new/)
|
||||
- [AWS Certified Cloud Practitioner YouTube Course](https://www.youtube.com/watch?v=SOTamWNgDKc)
|
||||
- [AWS Certified Cloud Practitioner 15 Hour FreeCodeCamp](https://www.youtube.com/watch?v=NhDYbskXRgc)
|
||||
|
||||
### Microsoft Azure
|
||||
|
||||
- [Azure Fundamentals (AZ-900)](https://learn.microsoft.com/en-us/training/paths/az-900-describe-cloud-concepts/)
|
||||
- [Azure Security Engineer Associate](https://learn.microsoft.com/en-us/certifications/azure-security-engineer/)
|
||||
|
||||
### Google Cloud
|
||||
|
||||
- [Google Cloud Digital Leader](https://cloud.google.com/certification/cloud-digital-leader)
|
||||
- [Google Professional Cloud Security Engineer](https://cloud.google.com/certification/cloud-security-engineer)
|
||||
|
||||
### Other Cloud Platforms
|
||||
|
||||
- [Oracle Cloud Infrastructure Foundations](https://education.oracle.com/oracle-cloud-infrastructure-foundations-2023-associate/pexam_1Z0-1085-23)
|
||||
- [IBM Cloud Essentials](https://www.ibm.com/training/badge/cloud-essentials)
|
||||
|
||||
---
|
||||
|
||||
## Specialized Training Organizations
|
||||
|
||||
### Professional Organizations
|
||||
|
||||
- [SANS Institute](https://www.sans.org/) - Premium security training
|
||||
- [InfoSec Institute](https://www.infosecinstitute.com/) - Cybersecurity education
|
||||
- [OWASP](https://owasp.org) - Application security resources
|
||||
- [SANS Cyber Aces](https://www.cyberaces.org/) - Free tutorials
|
||||
- [Offensive Security](https://www.offensive-security.com/) - Advanced pentesting training
|
||||
|
||||
### Academic Resources
|
||||
|
||||
- [Professor Messer Website](https://www.professormesser.com/) - Free study materials and courses
|
||||
- [Cybrary CISSP Course (Free)](https://www.cybrary.it/course/cissp/)
|
||||
- [Study Notes and Theory CISSP Blog](https://www.studynotesandtheory.com/)
|
||||
|
||||
---
|
||||
|
||||
## Practice Platforms
|
||||
|
||||
### Hands-On Labs
|
||||
|
||||
- [TryHackMe](https://tryhackme.com/) - Guided learning paths
|
||||
- [HackTheBox](https://www.hackthebox.com/) - Realistic machines
|
||||
- [VulnHub](https://www.vulnhub.com/) - Downloadable VMs
|
||||
- [PentesterLab](https://pentesterlab.com/) - Web app focused
|
||||
- [Proving Grounds](https://www.offensive-security.com/labs/) - OSCP-like practice
|
||||
|
||||
### CTF Platforms
|
||||
|
||||
- [picoCTF](https://picoctf.org/) - Beginner-friendly CTF
|
||||
- [CTFtime](https://ctftime.org/) - CTF competition calendar
|
||||
- [OverTheWire](https://overthewire.org/) - War games
|
||||
|
||||
---
|
||||
|
||||
## Study Guides & Books
|
||||
|
||||
### CompTIA Study Materials
|
||||
|
||||
- [SYBEX CompTIA Books](https://www.amazon.com/s?k=wiley+sybex+comptia) - Official study guides
|
||||
- [Notes: CompTIA A+, Network+ and Security+](https://www.udemy.com/course/comptia-a-1001-1002-study-notes/) - Study notes collection
|
||||
|
||||
### Reference Materials
|
||||
|
||||
- [Digital Cloud Training AWS Cheat Sheets](https://digitalcloud.training/aws-cheat-sheets/)
|
||||
- [Tutorials Dojo AWS Exam Guide](https://tutorialsdojo.com/aws-cloud-practitioner-clf-c02-exam-guide/)
|
||||
- [wyzguys Cybersecurity Blog (CASP focused)](https://wyzguyscybersecurity.com/new-insights-for-the-casp-cas-004-exam/)
|
||||
|
||||
---
|
||||
|
||||
[Back to Resources](./README.md) | [Back to Main](../README.md)
|
||||
|
|
@ -0,0 +1,259 @@
|
|||
# Security Frameworks & Standards
|
||||
|
||||
Comprehensive collection of security frameworks, compliance standards, and threat analysis models used across the cybersecurity industry.
|
||||
|
||||
## NIST Framework Suite
|
||||
|
||||
The National Institute of Standards and Technology (NIST) publishes comprehensive cybersecurity frameworks and guidelines.
|
||||
|
||||
### Core Frameworks
|
||||
|
||||
- [NIST Cybersecurity Framework](https://www.nist.gov/cyberframework) - Framework for improving critical infrastructure cybersecurity
|
||||
- [NIST Privacy Framework](https://www.nist.gov/privacy-framework) - Privacy risk management framework
|
||||
- [NIST 800-37 Risk Management Framework](https://csrc.nist.gov/publications/detail/sp/800-37/rev-2/final) - RMF for information systems and organizations
|
||||
|
||||
### Security Controls
|
||||
|
||||
- [NIST 800-53 Security Controls](https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final) - Security and privacy controls for information systems
|
||||
- [NIST 800-171](https://csrc.nist.gov/publications/detail/sp/800-171/rev-2/final) - Protecting Controlled Unclassified Information (CUI)
|
||||
|
||||
### Risk Management
|
||||
|
||||
- [NIST 800-39 Managing Information Security Risk](https://csrc.nist.gov/publications/detail/sp/800-39/final) - Organization-level risk management
|
||||
|
||||
### Specialized Guidelines
|
||||
|
||||
- [NIST 800-61 Incident Handling Guide](https://csrc.nist.gov/publications/detail/sp/800-61/rev-2/final) - Computer security incident handling
|
||||
- [NIST 800-63 Digital Identity Guidelines](https://pages.nist.gov/800-63-3/) - Digital identity framework
|
||||
- [NIST 800-207 Zero Trust Architecture](https://csrc.nist.gov/publications/detail/sp/800-207/final) - Zero trust security model
|
||||
- [NIST 800-218 Secure Software Development Framework](https://csrc.nist.gov/publications/detail/sp/800-218/final) - Secure SDLC practices
|
||||
|
||||
---
|
||||
|
||||
## ISO/IEC Standards
|
||||
|
||||
International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) security standards.
|
||||
|
||||
### Information Security Management
|
||||
|
||||
- [ISO/IEC 27001](https://www.iso.org/isoiec-27001-information-security.html) - Information security management systems (ISMS) requirements
|
||||
- [ISO/IEC 27002](https://www.iso.org/standard/73906.html) - Code of practice for information security controls
|
||||
|
||||
### Specialized ISO Standards
|
||||
|
||||
- [ISO/IEC 27032](https://www.iso.org/standard/44375.html) - Guidelines for cybersecurity
|
||||
- [ISO/IEC 27033](https://www.iso.org/standard/63411.html) - Network security management
|
||||
- [ISO/IEC 27034](https://www.iso.org/standard/44379.html) - Application security guidelines
|
||||
- [ISO 22301](https://www.iso.org/iso-22301-business-continuity.html) - Business continuity management systems
|
||||
|
||||
---
|
||||
|
||||
## Industry Security Frameworks
|
||||
|
||||
### Threat Intelligence & Attack Frameworks
|
||||
|
||||
**MITRE Corporation:**
|
||||
- [MITRE ATT&CK Framework](https://attack.mitre.org/) - Adversary tactics, techniques, and common knowledge
|
||||
- [MITRE Shield](https://shield.mitre.org/) - Active defense knowledge base
|
||||
- [MITRE Engage](https://engage.mitre.org/) - Framework for adversary engagement operations
|
||||
|
||||
**Attack Models:**
|
||||
- [Lockheed Martin Cyber Kill Chain](https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html) - Framework for identifying and preventing cyber intrusions
|
||||
- [Diamond Model of Intrusion Analysis](https://www.threatintel.academy/wp-content/uploads/2020/07/diamond-model.pdf) - Model for analyzing cyber intrusions
|
||||
- [Unified Kill Chain](https://www.unifiedkillchain.com/assets/The-Unified-Kill-Chain.pdf) - Unified framework combining multiple kill chain models
|
||||
|
||||
### Application Security
|
||||
|
||||
- [OWASP Top 10](https://owasp.org/www-project-top-ten/) - Top 10 web application security risks
|
||||
- [OWASP ASVS](https://owasp.org/www-project-application-security-verification-standard/) - Application Security Verification Standard
|
||||
- [OWASP SAMM](https://owaspsamm.org/) - Software Assurance Maturity Model
|
||||
- [OWASP Mobile Top 10](https://owasp.org/www-project-mobile-top-10/) - Mobile application security risks
|
||||
|
||||
### Security Controls & Best Practices
|
||||
|
||||
- [CIS Controls](https://www.cisecurity.org/controls) - Critical security controls for effective cyber defense
|
||||
- [CIS Benchmarks](https://www.cisecurity.org/cis-benchmarks/) - Configuration best practices for various technologies
|
||||
|
||||
### Cloud Security
|
||||
|
||||
- [Cloud Security Alliance CCSK](https://cloudsecurityalliance.org/education/ccsk/) - Certificate of Cloud Security Knowledge
|
||||
- [CSA Cloud Controls Matrix](https://cloudsecurityalliance.org/research/cloud-controls-matrix/) - Security controls framework for cloud computing
|
||||
- [AWS Well-Architected Framework](https://aws.amazon.com/architecture/well-architected/) - Security pillar for AWS
|
||||
|
||||
---
|
||||
|
||||
## Compliance & Regulatory Frameworks
|
||||
|
||||
### Financial Services
|
||||
|
||||
**Payment Card Industry:**
|
||||
- [PCI-DSS](https://www.pcisecuritystandards.org/) - Payment Card Industry Data Security Standard
|
||||
- Requirements for securing credit card transactions
|
||||
- Applies to all entities that store, process, or transmit cardholder data
|
||||
|
||||
**Banking & Finance:**
|
||||
- [SOX (Sarbanes-Oxley Act)](https://www.sarbanes-oxley-101.com/sarbanes-oxley-compliance.htm) - Financial reporting and IT controls
|
||||
- [GLBA (Gramm-Leach-Bliley Act)](https://www.ftc.gov/business-guidance/privacy-security/gramm-leach-bliley-act) - Financial privacy requirements
|
||||
|
||||
### Healthcare
|
||||
|
||||
- [HIPAA Security Rule](https://www.hhs.gov/hipaa/for-professionals/security/index.html) - Health Insurance Portability and Accountability Act
|
||||
- Protects electronic protected health information (ePHI)
|
||||
- Administrative, physical, and technical safeguards
|
||||
- [HITECH Act](https://www.hhs.gov/hipaa/for-professionals/special-topics/hitech-act-enforcement-interim-final-rule/index.html) - Health Information Technology for Economic and Clinical Health
|
||||
|
||||
### Privacy Regulations
|
||||
|
||||
**International:**
|
||||
- [GDPR (General Data Protection Regulation)](https://gdpr.eu/) - European Union data protection and privacy
|
||||
- Applies to all organizations processing EU citizen data
|
||||
- Data protection by design and default
|
||||
|
||||
**United States:**
|
||||
- [CCPA (California Consumer Privacy Act)](https://oag.ca.gov/privacy/ccpa) - California privacy law
|
||||
- [CPRA (California Privacy Rights Act)](https://cpra.ca.gov/) - Enhanced California privacy protections
|
||||
|
||||
**Canada:**
|
||||
- [PIPEDA](https://www.priv.gc.ca/en/privacy-topics/privacy-laws-in-canada/the-personal-information-protection-and-electronic-documents-act-pipeda/) - Personal Information Protection and Electronic Documents Act
|
||||
|
||||
### Federal & Government
|
||||
|
||||
**United States Federal:**
|
||||
- [FISMA (Federal Information Security Management Act)](https://www.cisa.gov/fisma) - Federal information security requirements
|
||||
- [FedRAMP (Federal Risk and Authorization Management Program)](https://www.fedramp.gov/) - Cloud security assessment for federal agencies
|
||||
- [NIST SP 800-53](https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final) - Security controls for federal systems
|
||||
|
||||
**Defense:**
|
||||
- [CMMC (Cybersecurity Maturity Model Certification)](https://www.acq.osd.mil/cmmc/) - DoD cybersecurity framework
|
||||
- Required for defense contractors
|
||||
- Tiered maturity model (Levels 1-3)
|
||||
|
||||
### Industry Standards
|
||||
|
||||
- [SOC 2 Type II](https://www.vanta.com/products/soc-2) - Service Organization Control 2
|
||||
- Trust Services Criteria: Security, Availability, Processing Integrity, Confidentiality, Privacy
|
||||
- Common for SaaS and cloud service providers
|
||||
|
||||
---
|
||||
|
||||
## Incident Response Frameworks
|
||||
|
||||
### Response Methodologies
|
||||
|
||||
**NIST Incident Response:**
|
||||
- Preparation
|
||||
- Detection and Analysis
|
||||
- Containment, Eradication, and Recovery
|
||||
- Post-Incident Activity
|
||||
|
||||
**SANS Incident Response:**
|
||||
- Preparation
|
||||
- Identification
|
||||
- Containment
|
||||
- Eradication
|
||||
- Recovery
|
||||
- Lessons Learned
|
||||
|
||||
---
|
||||
|
||||
## Risk Management Frameworks
|
||||
|
||||
### Enterprise Risk
|
||||
|
||||
- [ISO 31000](https://www.iso.org/iso-31000-risk-management.html) - Risk management guidelines
|
||||
- [COSO ERM Framework](https://www.coso.org/guidance-on-enterprise-risk-management) - Enterprise risk management
|
||||
- [FAIR (Factor Analysis of Information Risk)](https://www.fairinstitute.org/) - Quantitative risk analysis
|
||||
|
||||
### IT Risk
|
||||
|
||||
- [OCTAVE (Operationally Critical Threat, Asset, and Vulnerability Evaluation)](https://insights.sei.cmu.edu/library/octave-threat-based-risk-assessment/) - Risk-based strategic assessment
|
||||
- [NIST RMF](https://csrc.nist.gov/projects/risk-management/about-rmf) - Risk Management Framework for information systems
|
||||
|
||||
---
|
||||
|
||||
## Security Architecture Frameworks
|
||||
|
||||
### Enterprise Architecture
|
||||
|
||||
- [SABSA (Sherwood Applied Business Security Architecture)](https://sabsa.org/) - Business-driven security architecture framework
|
||||
- [TOGAF (The Open Group Architecture Framework)](https://www.opengroup.org/togaf) - Enterprise architecture methodology
|
||||
- [Zachman Framework](https://www.zachman.com/about-the-zachman-framework) - Enterprise architecture framework
|
||||
|
||||
### Zero Trust
|
||||
|
||||
- [NIST Zero Trust Architecture (SP 800-207)](https://csrc.nist.gov/publications/detail/sp/800-207/final)
|
||||
- [Microsoft Zero Trust Model](https://www.microsoft.com/en-us/security/business/zero-trust)
|
||||
- [Google BeyondCorp](https://cloud.google.com/beyondcorp) - Zero trust security framework
|
||||
|
||||
---
|
||||
|
||||
## Industry-Specific Frameworks
|
||||
|
||||
### Critical Infrastructure
|
||||
|
||||
- [NERC CIP](https://www.nerc.com/pa/Stand/Pages/CIPstandards.aspx) - North American Electric Reliability Corporation Critical Infrastructure Protection
|
||||
- [TSA Security Directives](https://www.tsa.gov/for-industry/security-directives) - Transportation security requirements
|
||||
|
||||
### Manufacturing & IoT
|
||||
|
||||
- [IEC 62443](https://www.isa.org/standards-and-publications/isa-standards/isa-iec-62443-series-of-standards) - Industrial automation and control systems security
|
||||
- [NIST Cybersecurity for IoT](https://www.nist.gov/programs-projects/nist-cybersecurity-iot-program) - IoT security guidance
|
||||
|
||||
---
|
||||
|
||||
## Threat & Vulnerability Frameworks
|
||||
|
||||
### Vulnerability Databases
|
||||
|
||||
- [CVE (Common Vulnerabilities and Exposures)](https://cve.mitre.org/) - Vulnerability naming standard
|
||||
- [NVD (National Vulnerability Database)](https://nvd.nist.gov/) - US government vulnerability database
|
||||
- [CWE (Common Weakness Enumeration)](https://cwe.mitre.org/) - Software security weakness taxonomy
|
||||
|
||||
### Scoring Systems
|
||||
|
||||
- [CVSS (Common Vulnerability Scoring System)](https://www.first.org/cvss/) - Vulnerability severity scoring
|
||||
- [EPSS (Exploit Prediction Scoring System)](https://www.first.org/epss/) - Likelihood of exploitation
|
||||
|
||||
---
|
||||
|
||||
## Data Breach & Incident Frameworks
|
||||
|
||||
### Incident Documentation
|
||||
|
||||
- [VERIS (Vocabulary for Event Recording and Incident Sharing)](http://veriscommunity.net/) - Framework for describing security incidents
|
||||
- [STIX/TAXII](https://oasis-open.github.io/cti-documentation/) - Structured Threat Information Expression / Trusted Automated Exchange of Intelligence Information
|
||||
|
||||
---
|
||||
|
||||
## Maturity Models
|
||||
|
||||
### Security Maturity
|
||||
|
||||
- [OWASP SAMM](https://owaspsamm.org/) - Software Assurance Maturity Model
|
||||
- [CMMC](https://www.acq.osd.mil/cmmc/) - Cybersecurity Maturity Model Certification
|
||||
- [C2M2 (Cybersecurity Capability Maturity Model)](https://www.energy.gov/ceser/cybersecurity-capability-maturity-model-c2m2) - Energy sector cybersecurity maturity
|
||||
|
||||
### Governance Maturity
|
||||
|
||||
- [COBIT](https://www.isaca.org/resources/cobit) - Control Objectives for Information and Related Technologies
|
||||
- IT governance and management framework
|
||||
- Published by ISACA
|
||||
|
||||
---
|
||||
|
||||
## Additional Resources
|
||||
|
||||
### Framework Implementation Guides
|
||||
|
||||
- [NIST Cybersecurity Framework Implementation Guide](https://www.nist.gov/cyberframework/getting-started)
|
||||
- [CIS Controls Implementation Groups](https://www.cisecurity.org/controls/cis-controls-implementation-groups)
|
||||
- [ISO 27001 Implementation Guide](https://www.iso.org/standard/73906.html)
|
||||
|
||||
### Framework Mapping
|
||||
|
||||
- [NIST-to-ISO Mapping](https://www.nist.gov/cyberframework/nist-cybersecurity-framework-and-iso-27001)
|
||||
- [CIS Controls to NIST CSF Mapping](https://www.cisecurity.org/controls/cis-controls-navigator)
|
||||
|
||||
---
|
||||
|
||||
[Back to Resources](./README.md) | [Back to Main](../README.md)
|
||||
|
|
@ -0,0 +1,62 @@
|
|||
# Cybersecurity Learning Resources
|
||||
|
||||
A comprehensive collection of tools, courses, certifications, communities, and frameworks for cybersecurity professionals and learners.
|
||||
|
||||
## Resource Categories
|
||||
|
||||
### [Tools](./TOOLS.md)
|
||||
Cybersecurity tools organized by category: network analysis, security auditing, vulnerability scanning, SIEM platforms, and more.
|
||||
|
||||
### [Courses & Training](./COURSES.md)
|
||||
Free and premium learning platforms, Udemy courses, hands-on labs, and specialized training programs.
|
||||
|
||||
### [Certifications](./CERTIFICATIONS.md)
|
||||
Exam objectives, practice tests, official study guides, and certification preparation materials for CompTIA, CISSP, cloud providers, and more.
|
||||
|
||||
### [Communities](./COMMUNITIES.md)
|
||||
YouTube channels, Reddit communities, LinkedIn professionals, and security conferences to connect with other professionals.
|
||||
|
||||
### [Frameworks & Standards](./FRAMEWORKS.md)
|
||||
Industry frameworks (NIST, ISO, MITRE), compliance standards (PCI-DSS, HIPAA, GDPR), and security analysis models.
|
||||
|
||||
---
|
||||
|
||||
## Quick Links
|
||||
|
||||
**Popular Starting Points:**
|
||||
- [CompTIA Exam Objectives](./CERTIFICATIONS.md#comptia-exam-objectives)
|
||||
- [Free Learning Platforms](./COURSES.md#free-learning-platforms)
|
||||
- [Security Frameworks](./FRAMEWORKS.md#nist-framework-suite)
|
||||
- [Reddit Communities](./COMMUNITIES.md#main-subreddits)
|
||||
- [YouTube Channels](./COMMUNITIES.md#top-cybersecurity-channels)
|
||||
|
||||
**Practice & Labs:**
|
||||
- [TryHackMe](https://tryhackme.com/) - Interactive hacking challenges
|
||||
- [Hack The Box](https://www.hackthebox.com/) - Penetration testing labs
|
||||
- [HackTheBox Academy](https://academy.hackthebox.com/) - Structured learning paths
|
||||
- [Cybrary](https://www.cybrary.it) - Free cybersecurity courses
|
||||
|
||||
---
|
||||
|
||||
## Tips for Success
|
||||
|
||||
**Start with Free Resources:**
|
||||
- Test your interest before investing in paid courses
|
||||
- Use free platforms like Cybrary, TryHackMe, and YouTube
|
||||
- Practice with free labs and CTF challenges
|
||||
|
||||
**Combine Learning Methods:**
|
||||
- Video courses for concepts and theory
|
||||
- Hands-on labs for practical skills
|
||||
- Practice exams to measure progress
|
||||
- Community engagement for support
|
||||
|
||||
**Follow a Structured Path:**
|
||||
- Review [Certification Roadmaps](../ROADMAPS/README.md) for career guidance
|
||||
- Start with foundational certifications (Security+, A+)
|
||||
- Progress to specialized certifications based on your career goals
|
||||
- Build hands-on experience with [Projects](../PROJECTS/)
|
||||
|
||||
---
|
||||
|
||||
[Back to Main Repository](../README.md)
|
||||
|
|
@ -0,0 +1,196 @@
|
|||
# Cybersecurity Tools
|
||||
|
||||
Essential tools for security professionals, organized by category.
|
||||
|
||||
## Network Analysis & Monitoring
|
||||
|
||||
**Packet Analysis:**
|
||||
- [Wireshark](https://www.wireshark.org/) - Network protocol analyzer
|
||||
- [tcpdump](https://www.tcpdump.org/) - Command-line packet analyzer
|
||||
- [tshark](https://www.wireshark.org/docs/man-pages/tshark.html) - Terminal-based Wireshark
|
||||
|
||||
**Network Scanning:**
|
||||
- [Nmap](https://nmap.org/) - Network discovery and security auditing
|
||||
- [Masscan](https://github.com/robertdavidgraham/masscan) - Fast port scanner
|
||||
- [Angry IP Scanner](https://angryip.org/) - Fast network scanner
|
||||
|
||||
**Network Monitoring:**
|
||||
- [ntopng](https://www.ntop.org/) - Network traffic monitoring
|
||||
- [NetworkMiner](https://www.netresec.com/?page=NetworkMiner) - Network forensic analysis
|
||||
- [Zeek](https://zeek.org/) - Network security monitor
|
||||
|
||||
---
|
||||
|
||||
## Vulnerability Assessment
|
||||
|
||||
**Vulnerability Scanners:**
|
||||
- [Nessus](https://www.tenable.com/products/nessus) - Vulnerability scanner
|
||||
- [OpenVAS](https://www.openvas.org/) - Open-source vulnerability scanner
|
||||
- [Qualys](https://www.qualys.com/) - Cloud-based vulnerability management
|
||||
- [Rapid7 Nexpose](https://www.rapid7.com/products/nexpose/) - Vulnerability management
|
||||
|
||||
**Web Application Scanners:**
|
||||
- [Burp Suite](https://portswigger.net/burp) - Web application security testing
|
||||
- [OWASP ZAP](https://www.zaproxy.org/) - Web app security scanner
|
||||
- [Nikto](https://cirt.net/Nikto2) - Web server scanner
|
||||
- [Acunetix](https://www.acunetix.com/) - Automated web vulnerability scanner
|
||||
|
||||
**Dependency & Container Scanning:**
|
||||
- [Snyk](https://snyk.io/) - Developer security platform
|
||||
- [OWASP Dependency-Check](https://owasp.org/www-project-dependency-check/) - Software composition analysis
|
||||
- [Trivy](https://github.com/aquasecurity/trivy) - Container vulnerability scanner
|
||||
- [Clair](https://github.com/quay/clair) - Container static analysis
|
||||
|
||||
---
|
||||
|
||||
## Penetration Testing
|
||||
|
||||
**Exploitation Frameworks:**
|
||||
- [Metasploit](https://www.metasploit.com/) - Penetration testing framework
|
||||
- [Cobalt Strike](https://www.cobaltstrike.com/) - Adversary simulation
|
||||
- [Empire](https://github.com/BC-SECURITY/Empire) - Post-exploitation framework
|
||||
- [Covenant](https://github.com/cobbr/Covenant) - .NET command and control
|
||||
|
||||
**Password Attacks:**
|
||||
- [Hashcat](https://hashcat.net/hashcat/) - Password recovery
|
||||
- [John the Ripper](https://www.openwall.com/john/) - Password cracker
|
||||
- [Hydra](https://github.com/vanhauser-thc/thc-hydra) - Network login cracker
|
||||
- [Medusa](https://github.com/jmk-foofus/medusa) - Brute force tool
|
||||
|
||||
**Wireless Security:**
|
||||
- [Aircrack-ng](https://www.aircrack-ng.org/) - WiFi security auditing
|
||||
- [Kismet](https://www.kismetwireless.net/) - Wireless network detector
|
||||
- [Wifite](https://github.com/derv82/wifite2) - Automated wireless attack tool
|
||||
|
||||
---
|
||||
|
||||
## Security Information & Event Management (SIEM)
|
||||
|
||||
**SIEM Platforms:**
|
||||
- [Splunk](https://www.splunk.com/) - Data analytics and SIEM
|
||||
- [ELK Stack](https://www.elastic.co/elastic-stack) - Elasticsearch, Logstash, Kibana
|
||||
- [QRadar](https://www.ibm.com/qradar) - IBM security intelligence
|
||||
- [ArcSight](https://www.microfocus.com/en-us/products/siem-security-information-event-management/overview) - Security analytics
|
||||
|
||||
**Log Management:**
|
||||
- [Graylog](https://www.graylog.org/) - Log management
|
||||
- [Logstash](https://www.elastic.co/logstash) - Data processing pipeline
|
||||
- [Fluentd](https://www.fluentd.org/) - Unified logging layer
|
||||
|
||||
---
|
||||
|
||||
## Endpoint Detection & Response (EDR)
|
||||
|
||||
**EDR Solutions:**
|
||||
- [CrowdStrike Falcon](https://www.crowdstrike.com/products/endpoint-security/falcon-platform/) - Cloud-native endpoint protection
|
||||
- [SentinelOne](https://www.sentinelone.com/) - Autonomous endpoint protection
|
||||
- [Carbon Black](https://www.vmware.com/products/carbon-black-cloud.html) - Endpoint security
|
||||
- [Microsoft Defender for Endpoint](https://www.microsoft.com/en-us/security/business/endpoint-security/microsoft-defender-endpoint) - Enterprise endpoint security
|
||||
|
||||
**Open-Source EDR:**
|
||||
- [Wazuh](https://wazuh.com/) - Open-source security platform
|
||||
- [OSQuery](https://osquery.io/) - SQL-powered operating system instrumentation
|
||||
- [OSSEC](https://www.ossec.net/) - Host-based intrusion detection
|
||||
|
||||
---
|
||||
|
||||
## Static & Dynamic Analysis
|
||||
|
||||
**Static Application Security Testing (SAST):**
|
||||
- [SonarQube](https://www.sonarqube.org/) - Code quality and security
|
||||
- [Checkmarx](https://www.checkmarx.com/) - Application security testing
|
||||
- [Fortify](https://www.microfocus.com/en-us/products/static-code-analysis-sast/overview) - Static code analyzer
|
||||
- [Semgrep](https://semgrep.dev/) - Lightweight static analysis
|
||||
|
||||
**Dynamic Application Security Testing (DAST):**
|
||||
- [Burp Suite Pro](https://portswigger.net/burp/pro) - Web vulnerability scanner
|
||||
- [OWASP ZAP](https://www.zaproxy.org/) - Dynamic security testing
|
||||
- [Acunetix](https://www.acunetix.com/) - Automated DAST
|
||||
|
||||
**Malware Analysis:**
|
||||
- [Cuckoo Sandbox](https://cuckoosandbox.org/) - Automated malware analysis
|
||||
- [Any.run](https://any.run/) - Interactive malware sandbox
|
||||
- [VirusTotal](https://www.virustotal.com/) - File and URL analysis
|
||||
- [Hybrid Analysis](https://www.hybrid-analysis.com/) - Free malware analysis
|
||||
|
||||
---
|
||||
|
||||
## Forensics & Incident Response
|
||||
|
||||
**Forensic Tools:**
|
||||
- [Autopsy](https://www.autopsy.com/) - Digital forensics platform
|
||||
- [Volatility](https://www.volatilityfoundation.org/) - Memory forensics
|
||||
- [FTK Imager](https://www.exterro.com/ftk-imager) - Forensic imaging
|
||||
- [EnCase](https://www.opentext.com/products/encase-forensic) - Digital investigation
|
||||
|
||||
**Incident Response:**
|
||||
- [TheHive](https://thehive-project.org/) - Incident response platform
|
||||
- [GRR Rapid Response](https://github.com/google/grr) - Incident response framework
|
||||
- [Velociraptor](https://www.velocidex.com/) - Endpoint visibility and collection
|
||||
|
||||
---
|
||||
|
||||
## Cloud Security
|
||||
|
||||
**Cloud Security Tools:**
|
||||
- [Prowler](https://github.com/prowler-cloud/prowler) - AWS security assessment
|
||||
- [ScoutSuite](https://github.com/nccgroup/ScoutSuite) - Multi-cloud security auditing
|
||||
- [CloudSploit](https://github.com/aquasecurity/cloudsploit) - Cloud security configuration scanner
|
||||
- [Cloud Custodian](https://cloudcustodian.io/) - Cloud security and governance
|
||||
|
||||
**Container Security:**
|
||||
- [Trivy](https://github.com/aquasecurity/trivy) - Container vulnerability scanner
|
||||
- [Falco](https://falco.org/) - Runtime security monitoring
|
||||
- [Anchore](https://anchore.com/) - Container analysis and compliance
|
||||
|
||||
---
|
||||
|
||||
## Threat Intelligence
|
||||
|
||||
**Threat Intel Platforms:**
|
||||
- [MISP](https://www.misp-project.org/) - Threat intelligence sharing
|
||||
- [OpenCTI](https://www.opencti.io/) - Cyber threat intelligence platform
|
||||
- [ThreatConnect](https://threatconnect.com/) - Threat intelligence operations
|
||||
- [Anomali](https://www.anomali.com/) - Threat intelligence management
|
||||
|
||||
**Threat Hunting:**
|
||||
- [Yara](https://virustotal.github.io/yara/) - Pattern matching for malware
|
||||
- [Sigma](https://github.com/SigmaHQ/sigma) - Generic signature format for SIEM
|
||||
- [RITA](https://github.com/activecm/rita) - Real intelligence threat analytics
|
||||
|
||||
---
|
||||
|
||||
## Operating Systems & Distributions
|
||||
|
||||
**Security Distributions:**
|
||||
- [Kali Linux](https://www.kali.org/) - Penetration testing distribution
|
||||
- [Parrot Security OS](https://www.parrotsec.org/) - Security and privacy-focused
|
||||
- [BlackArch Linux](https://blackarch.org/) - Penetration testing distribution
|
||||
|
||||
**General Operating Systems:**
|
||||
- [Ubuntu](https://ubuntu.com/) - Popular Linux distribution
|
||||
- [Red Hat Enterprise Linux](https://www.redhat.com/en) - Enterprise Linux
|
||||
- [Windows Server](https://www.microsoft.com/en-us/windows-server) - Microsoft server OS
|
||||
|
||||
**Virtualization:**
|
||||
- [Oracle VirtualBox](https://www.oracle.com/virtualization/technologies/vm/downloads/virtualbox-downloads.html) - Virtual machines
|
||||
- [VMware Workstation](https://www.vmware.com/products/workstation-pro.html) - Virtualization platform
|
||||
- [Docker](https://www.docker.com/) - Container platform
|
||||
|
||||
---
|
||||
|
||||
## Development & Collaboration
|
||||
|
||||
**Version Control:**
|
||||
- [GitHub](https://github.com/) - Version control and collaboration
|
||||
- [GitLab](https://gitlab.com/) - DevOps platform
|
||||
- [Bitbucket](https://bitbucket.org/) - Git repository management
|
||||
|
||||
**CI/CD Security:**
|
||||
- [GitGuardian](https://www.gitguardian.com/) - Secrets detection
|
||||
- [TruffleHog](https://github.com/trufflesecurity/trufflehog) - Find credentials in git repos
|
||||
- [Gitleaks](https://github.com/gitleaks/gitleaks) - Detect hardcoded secrets
|
||||
|
||||
---
|
||||
|
||||
[Back to Resources](./README.md) | [Back to Main](../README.md)
|
||||
Loading…
Reference in New Issue