Phase 1.3: Create RESOURCES/ folder

- Create RESOURCES/README.md as entry point
- Create RESOURCES/TOOLS.md with cybersecurity tools
- Create RESOURCES/COURSES.md with training platforms
- Create RESOURCES/CERTIFICATIONS.md with exam prep
- Create RESOURCES/COMMUNITIES.md with YouTube, Reddit, LinkedIn
- Create RESOURCES/FRAMEWORKS.md with security frameworks
- Update main README to link to RESOURCES/
- Reduce main README by ~420 lines
This commit is contained in:
CarterPerez-dev 2026-01-29 04:15:52 -05:00
parent f001d20a4d
commit 7365a4c241
7 changed files with 1203 additions and 442 deletions

452
README.md
View File

@ -35,17 +35,7 @@
- [Intermediate Projects](#intermediate-projects)
- [Advanced Projects](#advanced-projects)
- [Certification Roadmaps](#certification-roadmaps)
- [Cybersecurity Tools](#cybersecurity-tools)
- [Study Platforms & Courses](#study-platforms--courses)
- [Certifications & Exam Prep](#certifications--exam-prep)
- [YouTube Channels & Videos](#youtube-channels--videos)
- [Reddit Communities](#reddit-communities)
- [Security Frameworks](#security-frameworks)
- [Industry Resources](#industry-resources)
- [Cloud Certifications](#cloud-certifications)
- [CISSP Resources](#cissp-resources)
- [LinkedIn Professionals](#linkedin-professionals-to-follow)
- [Additional Learning Resources](#additional-learning-resources)
- [Learning Resources](#learning-resources)
Big thanks to the current contributors! ❤️
@ -287,439 +277,17 @@ A collection of tools, courses, frameworks, and educational resources for cyber
---
## Cybersecurity Tools
## Learning Resources
### Reconnaissance & Scanning
- [Nmap](https://nmap.org/) - Network mapper and port scanner
- [Nessus](https://www.tenable.com/products/nessus) - Vulnerability scanner
- [Nikto](https://cirt.net/Nikto2) - Web server scanner
- [Searchsploit](https://github.com/dev-angelist/Ethical-Hacking-Tools/blob/main/practical-ethical-hacker-notes/tools/searchsploit.md) - Exploit database CLI
- [theHarvester](https://github.com/laramies/theHarvester) - Information gathering tool
- [Amass](https://github.com/owasp-amass/amass) - Subdomain enumeration
- [Sublist3r](https://github.com/aboul3la/Sublist3r) - Subdomain finder
- [Recon-ng](https://github.com/lanmaster53/recon-ng) - Web reconnaissance framework
- [Fierce](https://github.com/mschwager/fierce) - DNS scanner
Comprehensive collection of cybersecurity tools, training courses, certifications, communities, and frameworks.
### Web Application Testing
- [Burp Suite](https://portswigger.net/burp) - Web vulnerability scanner
- [OWASP ZAP](https://www.zaproxy.org/) - Web application security scanner
- [Nikto](https://cirt.net/Nikto2) - Web server scanner
- [SQLmap](https://sqlmap.org/) - SQL injection testing
- [Wfuzz](https://github.com/xmendez/wfuzz) - Web fuzzer
- [Gobuster](https://github.com/OJ/gobuster) - URI/DNS/Vhost brute forcing
- [SkipFish](https://github.com/spinkham/skipfish) - Active web application scanner
- [Wapiti](https://github.com/wapiti-scanner/wapiti) - Web vulnerability scanner
- [Arachni](https://github.com/Arachni/arachni) - Web application security scanner
- [Nuclei](https://github.com/projectdiscovery/nuclei) - Template-based scanning
- [Maltego](https://www.maltego.com/) - OSINT & data mining
**[View All Learning Resources](./RESOURCES/README.md)**
### Network & Wireless
- [Wireshark](https://www.wireshark.org/) - Network protocol analyzer
- [Bettercap](https://github.com/bettercap/bettercap) - Network attack framework
- [Responder](https://github.com/SpiderLabs/Responder) - LLMNR/NBT-NS poisoner
- [Ettercap](https://github.com/Ettercap/ettercap) - Man-in-the-middle framework
- [SSLstrip](https://github.com/moxie0/sslstrip) - SSL stripping attack
- [Aircrack-ng](https://www.aircrack-ng.org/) - Wireless network auditing
- [Kismet](https://github.com/kismetwireless/kismet) - Wireless network detector
- [mitmproxy](https://github.com/mitmproxy/mitmproxy) - HTTP/HTTPS proxy
- [Fiddler](https://www.telerik.com/fiddler) - Web debugging proxy
- [Yersinia](https://github.com/tomac/yersinia) - Layer 2 attacks
### Exploitation & Post-Exploitation
- [Metasploit](https://www.metasploit.com/) - Penetration testing framework
- [Hydra](https://github.com/vanhauser-thc/thc-hydra) - Password cracking
- [Ncrack](https://github.com/nmap/ncrack) - Network authentication cracker
- [CrackMapExec](https://github.com/Porchetta-Industries/CrackMapExec) - Post-exploitation framework
- [Evil-WinRM](https://github.com/Hackplayers/evil-winrm) - WinRM shell
- [Empire](https://github.com/EmpireProject/Empire) - PowerShell post-exploitation
- [Mimikatz](https://github.com/gentilkiwi/mimikatz) - Credential extraction
- [Shellter](https://www.shellterproject.com/) - Dynamic shellcode injection
- [BeEF](https://github.com/beefproject/beef) - Browser exploitation framework
- [RouterSploit](https://github.com/threat9/routersploit) - Router exploitation framework
- [Legion](https://github.com/Abacus-Group-RTO/legion) - Automated pentest tool
- [Social-Engineer Toolkit (SET)](https://github.com/trustedsec/social-engineer-toolkit) - Social engineering attacks
### Cryptography & Analysis
- [John the Ripper](https://www.openwall.com/john/) - Password cracker
- [Hashcat](https://hashcat.net/hashcat/) - GPU-accelerated hash cracking
- [Ghidra](https://ghidra-sre.org/) - Reverse engineering
- [Radare2](https://github.com/radareorg/radare2) - Binary analysis framework
- [Binwalk](https://github.com/ReFirmLabs/binwalk) - Binary file analysis
### Forensics & Malware Analysis
- [Volatility](https://www.volatilityfoundation.org/) - Memory forensics
- [Cuckoo Sandbox](https://cuckoosandbox.org/) - Malware analysis sandbox
- [Impacket](https://github.com/fortra/impacket) - Network protocol library
### Monitoring & Defense
- [Suricata](https://suricata.io/) - Network IDS/IPS
- [OSSEC](https://www.ossec.net/) - Host-based intrusion detection
- [Greenbone Vulnerability Manager](https://www.greenbone.net/en/) - Vulnerability scanning
### Code Security
- [Snyk](https://snyk.io/) - Dependency vulnerability scanner
- [OWASP Dependency-Check](https://github.com/jeremylong/DependencyCheck) - Dependency checker
- [Semgrep](https://semgrep.dev/) - Static analysis tool
- [Detectify](https://detectify.com/) - Web security platform
### Intelligence & Recon
- [Shodan](https://www.shodan.io/) - Internet search engine
- [Offensive Security Exploit Database](https://www.exploit-db.com/) - Exploit database
- [BloodHound](https://github.com/BloodHoundAD/BloodHound) - Active Directory analysis
- [EyeWitness](https://github.com/FortyNorthSecurity/EyeWitness) - Screenshot capture tool
**Quick Access:**
- **[Tools](./RESOURCES/TOOLS.md)** - Network analysis, vulnerability scanners, pentesting tools, SIEM platforms, and more
- **[Courses & Training](./RESOURCES/COURSES.md)** - Free and premium platforms, Udemy courses, hands-on labs
- **[Certifications](./RESOURCES/CERTIFICATIONS.md)** - Exam objectives, practice tests, study guides, vouchers
- **[Communities](./RESOURCES/COMMUNITIES.md)** - YouTube channels, Reddit communities, LinkedIn professionals
- **[Frameworks & Standards](./RESOURCES/FRAMEWORKS.md)** - NIST, ISO, MITRE, compliance regulations
---
## Study Platforms & Courses
### Udemy CompTIA Courses
- [CompTIA Security+ (SY0-701) Complete Course & Exam](https://www.udemy.com/course/securityplus)
- [CompTIA Security+ (SY0-701) Practice Exams Set 1](https://www.udemy.com/course/comptia-security-sy0-701-practice-exams/)
- [CompTIA Security+ (SY0-701) Practice Exams Set 2](https://www.udemy.com/course/comptia-security-sy0-701-practice-exams-2nd-edition/)
- [TOTAL: CompTIA Security+ Certification Course + Exam SY0-701](https://www.udemy.com/course/total-comptia-security-plus/)
- [CompTIA A+ Core 1 (220-1101) Complete Course & Practice Exam](https://www.udemy.com/course/comptia-a-core-1/)
- [CompTIA A+ Core 2 (220-1102) Complete Course & Practice Exam](https://www.udemy.com/course/comptia-a-core-2/)
- [CompTIA A+ (220-1101) Core 1 Practice Exams](https://www.udemy.com/course/comptia-a-220-1101-core-1-practice-exams-new-for-2022/)
- [CompTIA A+ (220-1102) Core 2 Practice Exams](https://www.udemy.com/course/comptia-a-220-1102-core-2-practice-exams-new-for-2022/)
- [CompTIA A+ Core 1 & Core 2 - IT Cert Doctor - 2024](https://www.udemy.com/course/it-cert-doctor-comptia-a-220-1101-1102/)
- [CompTIA Network+ (N10-009) Full Course & Practice Exam](https://www.udemy.com/course/comptia-network-009/)
- [CompTIA Network+ (N10-009) 6 Full Practice Exams Set 1](https://www.udemy.com/course/comptia-network-n10-009-6-practice-exams-and-pbqs-set-1/)
- [CompTIA Network+ (N10-009) 6 Full Practice Exams Set 2](https://www.udemy.com/course/comptia-network-n10-009-6-practice-exams-and-pbqs-set-2/)
- [CompTIA CySA+ (CS0-003) Complete Course & Practice Exam](https://www.udemy.com/course/comptia-cysa-003/)
- [CompTIA CySA+ (CS0-003) Practice Exams](https://www.udemy.com/course/comptia-cysa-cs0-003-practice-exams/)
- [CompTIA PenTest+ (PT0-003) Full Course & Practice Exam](https://www.udemy.com/course/pentestplus/)
- [CompTIA PenTest+ (PT0-003) 6 Practice Exams](https://www.udemy.com/course/comptia-pentest-pt0-003-6-practice-exams/)
- [CompTIA SecurityX (CAS-005) Complete Course & Practice Exam](https://www.udemy.com/course/casp-plus/)
- [CompTIA SecurityX (CAS-005) Practice Exam Prep](https://www.udemy.com/course/comptia-securityx-practice-exam-prep-new/)
- [CompTIA Linux+ (XK0-005) Complete Course & Exam](https://www.udemy.com/course/comptia-linux/)
- [CompTIA Linux+ (XK0-005) Practice Exams & Simulated PBQs](https://www.udemy.com/course/comptia-linux-exams/)
### Udemy Other Security Courses
- [The Complete Cyber Security Course : Hackers Exposed!](https://www.udemy.com/course/the-complete-internet-security-privacy-course-volume-1/)
- [The Complete Cyber Security Course : Network Security!](https://www.udemy.com/course/network-security-course/)
- [The Complete Cyber Security Course : End Point Protection!](https://www.udemy.com/course/the-complete-cyber-security-course-end-point-protection/)
- [Complete Ethical Hacking & Cyber Security Masterclass Course](https://www.udemy.com/course/ethicalhackingcourse/)
- [Implementing the NIST Cybersecurity Framework (CSF)](https://www.udemy.com/course/nist-cybersecurity-framework/)
- [ISC2 CISSP Full Course & Practice Exam](https://www.udemy.com/course/isc2-cissp-full-course-practice-exam/)
- [ISC2 CISSP 6 Practice Exams](https://www.udemy.com/course/isc2-cissp-6-practice-exams/)
- [The Complete Certified in Cybersecurity CC course ISC2 2024](https://www.udemy.com/course/certifiedincybersecurity/)
### Free Learning Platforms
- [Cybrary](https://www.cybrary.it) - Free cybersecurity courses
- [TryHackMe](https://tryhackme.com/) - Interactive hacking challenges
- [Hack The Box](https://www.hackthebox.com/) - Penetration testing labs
- [HackTheBox Academy](https://academy.hackthebox.com/) - Structured learning paths
- [SANS Cyber Aces Online](https://www.cyberaces.org/) - Free tutorials
- [Coursera](https://www.coursera.org/) - University-level courses
- [edX Cybersecurity Programs](https://www.edx.org/professional-certificate/cybersecurity) - Professional certificates
- [freeCodeCamp](https://www.youtube.com/freecodecamp) - Free comprehensive courses
- [Codecademy Cybersecurity](https://www.codecademy.com/catalog/subject/cybersecurity) - Interactive coding
### Premium Platforms
- [Pluralsight](https://www.pluralsight.com/) - Tech skill development
- [CBT Nuggets](https://www.cbtnuggets.com/) - Video training
- [LinkedIn Learning](https://www.linkedin.com/learning/) - Professional development
- [INE Security Courses](https://ine.com/learning/areas/security) - Cybersecurity specialization
- [Infosec Skills](https://www.infosecinstitute.com/skills/) - Hands-on labs
- [Offensive Security (OffSec)](https://www.offensive-security.com/) - Advanced training
- [TestOut](https://testoutce.com/) - Certification prep
---
## Certifications & Exam Prep
### CompTIA Exam Objectives
- [A+ Core 1 (220-1101)](https://partners.comptia.org/docs/default-source/resources/comptia-a-220-1101-exam-objectives-(3-0))
- [A+ Core 2 (220-1102)](https://partners.comptia.org/docs/default-source/resources/comptia-a-220-1102-exam-objectives-(3-0))
- [Network+ (N10-009)](https://partners.comptia.org/docs/default-source/resources/comptia-network-n10-009-exam-objectives-(4-0))
- [Security+ (SY0-701)](https://assets.ctfassets.net/82ripq7fjls2/6TYWUym0Nudqa8nGEnegjG/0f9b974d3b1837fe85ab8e6553f4d623/CompTIA-Security-Plus-SY0-701-Exam-Objectives.pdf)
- [CySA+ (CS0-003)](https://partners.comptia.org/docs/default-source/resources/comptia-cysa-cs0-003-exam-objectives-(2-0))
- [PenTest+ (PT0-003)](https://partners.comptia.org/docs/default-source/resources/comptia-pentest-pt0-003-exam-objectives-(1-0))
- [SecurityX (CAS-005)](https://partners.comptia.org/docs/default-source/resources/comptia-securityx-cas-005-exam-objectives-(3-0))
- [Linux+ (XK0-005)](https://partners.comptia.org/docs/default-source/resources/comptia-linux-xk0-005-exam-objectives-(1-0))
- [Cloud+ (CV0-003)](https://partners.comptia.org/docs/default-source/resources/comptia-cloud-cv0-003-exam-objectives-(1-0))
- [Data+ (DA0-001)](https://partners.comptia.org/docs/default-source/resources/comptia-data-da0-001-exam-objectives-(2-0))
- [Server+ (SK0-005)](https://partners.comptia.org/docs/default-source/resources/comptia-server-sk0-005-exam-objectives-(1-0))
### Practice Test Resources
- [CertNova](https://www.certnova.com/) - Free practice tests
- [ExamCompass](https://www.examcompass.com/) - Practice exams
- [ExamDigest](https://examsdigest.com/) - Exam resources
- [Mike Meyers Practice Tests](https://www.totalsem.com/total-tester-practice-tests/) - Total Tester
- [Quizlet](https://quizlet.com/) - Flashcards & quizzes
### Exam Vouchers & Official Resources
- [CompTIA Student Discount](https://academic-store.comptia.org/) - 50% vouchers for students
- [Official CompTIA Resources](https://www.comptia.org/resources) - Study materials
- [CompTIA.org](https://www.comptia.org/) - Main website
### Study Guides & Books
- [SYBEX CompTIA Books](https://www.amazon.com/s?k=wiley+sybex+comptia) - Official study guides
- [Notes: CompTIA A+, Network+ and Security+](https://www.udemy.com/course/comptia-a-1001-1002-study-notes/) - Study notes collection
---
## YouTube Channels & Videos
### Top Cybersecurity Channels
- [Professor Messer](https://www.youtube.com/@professormesser) - CompTIA certification prep
- [NetworkChuck](https://www.youtube.com/@NetworkChuck) - Networking & security
- [PowerCert Animated Videos](https://www.youtube.com/@PowerCertAnimatedVideos) - Educational animations
- [HackerSploit](https://www.youtube.com/@HackerSploit) - Ethical hacking tutorials
- [Cyberkraft](https://www.youtube.com/@cyberkraft) - Cybersecurity education
- [howtonetwork](https://www.youtube.com/@howtonetworkcom) - Network fundamentals
- [CBT Nuggets](https://www.youtube.com/user/cbtnuggets) - Professional training
- [Eli the Computer Guy](https://www.youtube.com/user/elithecomputerguy) - IT & networking
- [The Cyber Mentor](https://www.youtube.com/channel/UC0ArlFuFYMpEewyRBzdLHiw) - Ethical hacking
- [ITProTV](https://www.youtube.com/user/ITProTV) - IT certifications
- [freeCodeCamp.org](https://www.youtube.com/freecodecamp) - Free comprehensive courses
- [With Sandra](https://www.youtube.com/@WithSandra) - Career & tech
- [Andrew Huberman](https://www.youtube.com/@hubermanlab) - Learning & productivity science
- [Tech with Jono](https://www.youtube.com/@TechwithJono) - Tech tutorials
- [Practical Networking](https://www.youtube.com/@PracticalNetworking) - Networking fundamentals
- [David Bombal](https://www.youtube.com/@davidbombal) - Cisco & networking
- [John Hammond](https://www.youtube.com/@_JohnHammond) - Hacking & security
- [LiveOverflow](https://www.youtube.com/@LiveOverflow) - CTF & binary exploitation
- [PwnFunction](https://www.youtube.com/@PwnFunction) - Security concepts
- [SecurityWeekly](https://www.youtube.com/@SecurityWeekly) - Security news & updates
- [BlackHat Official](https://www.youtube.com/@BlackHatOfficialYT) - Security conferences
- [DEFCONConference](https://www.youtube.com/@DEFCONConference) - Hacker conference talks
### Featured Video Playlists & Courses
- [CompTIA A+ Full Course (31+ Hours)](https://www.youtube.com/watch?v=1CZXXNKAY5o&list=PLejqXniG-4qmFqpxbWd7Oo235uH1ffG2x&index=5)
- [CompTIA Network+ Full Course](https://www.youtube.com/watch?v=qiQR5rTSshw&list=PLejqXniG-4qmFqpxbWd7Oo235uH1ffG2x&index=6)
- [CompTIA Security+ SY0-701 Full Course](https://www.youtube.com/watch?v=KiEptGbnEBc&list=PLG49S3nxzAnl4QDVqK-hOnoqcSKEIDDuv)
- [CompTIA CySA+ 2024 Crash Course (10+ Hours)](https://www.youtube.com/watch?v=qP9x0mucwVc&list=PLejqXniG-4qmFqpxbWd7Oo235uH1ffG2x&index=9)
- [CASP+ Course](https://www.youtube.com/watch?v=vwNjLVpXNzk&list=PLCNmoXT8zexnJtDOdd8Owa8TAdSVVWF-J)
- [Ethical Hacking 15 Hours Course](https://www.youtube.com/watch?v=3FNYvj2U0HM&list=PLejqXniG-4qmFqpxbWd7Oo235uH1ffG2x&index=13)
- [Complete Ethical Hacking 16 Hours](https://www.youtube.com/watch?v=w_oxcjPOWos&list=PLejqXniG-4qmFqpxbWd7Oo235uH1ffG2x&index=4)
- [Python Full Course for Free](https://www.youtube.com/watch?v=ix9cRaBkVe0)
- [Subnetting Mastery](https://www.youtube.com/watch?v=BWZ-MHIhqjM&list=PLIFyRwBY_4bQUE4IB5c4VPRyDoLgOdExE)
- [NMAP Full Guide](https://www.youtube.com/watch?v=JHAMj2vN2oU&t=33s)
### Learning Science & Study Techniques
- [Optimal Protocols for Studying & Learning](https://youtu.be/ddq8JIMhz7c?si=qT00KFkFBAwm7LP7)
- [How to Study Using Active Recall](https://youtu.be/mzexJPoXBCM?si=sv-yeuIoLF9pwDRG)
- [Learning with Failures, Movement & Balance](https://youtu.be/jwChiek_aRY?si=3kyPbIAVwJWMPfnG)
### Practice Exam Videos
- [CompTIA Security+ PBQ](https://youtu.be/zfwxSmL4n6w?si=q5lXlvmViTK6TnSI)
- [CompTIA Network+ PBQ](https://www.youtube.com/live/9cdL214y-u0?si=lCSxriFy636PbOnR)
- [CompTIA CySA+ PBQ](https://www.youtube.com/live/0NMffWaxlmA?si=Rm9IBkZ04OAxFJtp)
- [CompTIA CASP+ PBQ](https://www.youtube.com/live/eInvTuYBF3Q?si=Hbe4mWLd3X31AUkA)
---
## Reddit Communities
### Main Subreddits
- [r/CompTIA](https://www.reddit.com/r/CompTIA/) - CompTIA certifications
- [r/CyberSecurity](https://www.reddit.com/r/cybersecurity/) - Cybersecurity discussions
- [r/AskNetsec](https://www.reddit.com/r/AskNetsec/) - Network security Q&A
- [r/ITCareerQuestions](https://www.reddit.com/r/ITCareerQuestions/) - Career advice
- [r/InformationSecurity](https://www.reddit.com/r/InformationSecurity/) - InfoSec discussions
- [r/netsec](https://www.reddit.com/r/netsec/) - Network security news
- [r/ethicalhacking](https://www.reddit.com/r/ethicalhacking/) - Ethical hacking
- [r/BlueTeamSec](https://www.reddit.com/r/BlueTeamSec/) - Defensive security
- [r/RedTeam](https://www.reddit.com/r/RedTeam/) - Offensive security
- [r/netsecstudents](https://www.reddit.com/r/netsecstudents/) - Students learning security
### Certification-Specific Communities
- [r/Casp](https://www.reddit.com/r/casp/) - CASP+ certification
- [r/CCNA](https://www.reddit.com/r/ccna/) - CCNA certification
- [r/WGU](https://www.reddit.com/r/WGU/) - Western Governors University
- [r/sysadmin](https://www.reddit.com/r/sysadmin/) - System administration
- [r/linuxquestions](https://www.reddit.com/r/linuxquestions/) - Linux help
- [r/ReverseEngineering](https://www.reddit.com/r/ReverseEngineering/) - Reverse engineering
- [r/ITsecurity](https://www.reddit.com/r/ITsecurity/) - IT security
### Popular Reddit Posts
- [Master List: Study Resources for A+, Network+, Security+](https://www.reddit.com/r/CompTIA/comments/i7hx4t/master_list_i_compiled_and_ranked_every_major/)
- [How I Passed Sec+](https://www.reddit.com/r/CompTIA/comments/zkjs1d/how_a_dumdum_like_me_passed_sec/)
- [How I Passed CompTIA A+, N+, S+](https://www.reddit.com/r/CompTIA/comments/1cra3cg/how_i_passed_comptia_a_n_s/)
- [Passed Sec+, PenTest+, CySA+ in 2 Months 22 Days](https://www.reddit.com/r/CompTIA/comments/1f5cofp/passed_sec_pentest_cysa_in_2_months_22_days/)
- [34 Year Old, No IT Experience, Got Hired After A+ Cert](https://www.reddit.com/r/CompTIA/comments/m38lb8/update_34_years_old_posted_a_month_ago_about/)
- [Hiring Manager Advice to Newbies](https://www.reddit.com/r/ITCareerQuestions/comments/ni4vnm/general_advice_from_a_hiring_manager_and_23_year/)
- [CompTIA Trifecta in 6 Months](https://www.reddit.com/r/CompTIA/comments/1fmjb2p/just_passed_network_got_the_trifecta_in_about_6/)
- [I Passed CASP+ Study Guide](https://www.reddit.com/r/casp/comments/1ft2qjr/i_passed_casp_this_is_what_i_did_to_prepare/)
---
## Security Frameworks
### NIST Framework Suite
- [NIST Cybersecurity Framework](https://www.nist.gov/cyberframework)
- [NIST Privacy Framework](https://www.nist.gov/privacy-framework)
- [NIST 800-53 Security Controls](https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final)
- [NIST 800-171](https://csrc.nist.gov/publications/detail/sp/800-171/rev-2/final)
- [NIST 800-37 Risk Management Framework](https://csrc.nist.gov/publications/detail/sp/800-37/rev-2/final)
- [NIST 800-39 Managing Information Security Risk](https://csrc.nist.gov/publications/detail/sp/800-39/final)
- [NIST 800-61 Incident Handling Guide](https://csrc.nist.gov/publications/detail/sp/800-61/rev-2/final)
- [NIST 800-63 Digital Identity Guidelines](https://pages.nist.gov/800-63-3/)
- [NIST 800-207 Zero Trust Architecture](https://csrc.nist.gov/publications/detail/sp/800-207/final)
- [NIST 800-218 Secure Software Development Framework](https://csrc.nist.gov/publications/detail/sp/800-218/final)
### ISO/IEC Standards
- [ISO/IEC 27001](https://www.iso.org/isoiec-27001-information-security.html) - Information security management
- [ISO/IEC 27002](https://www.iso.org/standard/73906.html) - Security controls code of practice
- [ISO/IEC 27032](https://www.iso.org/standard/44375.html) - Cybersecurity guidelines
- [ISO/IEC 27033](https://www.iso.org/standard/63411.html) - Network security
- [ISO/IEC 27034](https://www.iso.org/standard/44379.html) - Application security
- [ISO 22301](https://www.iso.org/iso-22301-business-continuity.html) - Business continuity
### Industry Frameworks
- [MITRE ATT&CK Framework](https://attack.mitre.org/) - Adversary tactics & techniques
- [Lockheed Martin Cyber Kill Chain](https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html)
- [OWASP Top 10](https://owasp.org/www-project-top-ten/) - Web application risks
- [CIS Controls](https://www.cisecurity.org/controls) - Critical security controls
- [Cybersecurity Maturity Model Certification (CMMC)](https://www.acq.osd.mil/cmmc/)
- [Cloud Security Alliance CCSK](https://cloudsecurityalliance.org/education/ccsk/)
### Compliance & Regulatory
- [PCI-DSS](https://www.pcisecuritystandards.org/) - Payment card security
- [HIPAA Security Rule](https://www.hhs.gov/hipaa/for-professionals/security/index.html)
- [GDPR](https://gdpr.eu/) - European data protection
- [FedRAMP](https://www.fedramp.gov/) - Federal cloud security
- [SOC 2](https://www.vanta.com/products/soc-2) - Service organization controls
- [SOX IT Controls](https://www.sarbanes-oxley-101.com/sarbanes-oxley-compliance.htm)
### Analysis & Modeling
- [Diamond Model of Intrusion Analysis](https://www.threatintel.academy/wp-content/uploads/2020/07/diamond-model.pdf)
- [Unified Kill Chain](https://www.unifiedkillchain.com/assets/The-Unified-Kill-Chain.pdf)
- [MITRE Shield](https://shield.mitre.org/) - Defense techniques
- [MITRE Engage](https://engage.mitre.org/) - Adversary engagement
- [VERIS](http://veriscommunity.net/) - Data breach framework
---
## Industry Resources
### Security News & Blogs
- [Krebs on Security](https://krebsonsecurity.com/)
- [Dark Reading](https://www.darkreading.com/)
- [Rapid7 Blog](https://www.rapid7.com/blog/)
- [Malwarebytes Labs](https://blog.malwarebytes.com/)
### Training & Education Organizations
- [SANS Institute](https://www.sans.org/)
- [InfoSec Institute](https://www.infosecinstitute.com/)
- [OWASP](https://owasp.org)
- [SANS Cyber Aces](https://www.cyberaces.org/)
### Professional Organizations
- [CompTIA](https://www.comptia.org/)
- [ISC2](https://www.isc2.org/)
- [ISACA](https://www.isaca.org/)
### Development & Tools
- [GitHub](https://github.com/) - Version control & collaboration
- [Kali Linux](https://www.kali.org/) - Penetration testing distro
- [Ubuntu](https://ubuntu.com/) - Linux distribution
- [Oracle VirtualBox](https://www.oracle.com/virtualization/technologies/vm/downloads/virtualbox-downloads.html) - Virtual machines
- [Red Hat](https://www.redhat.com/en) - Enterprise Linux
---
## Cloud Certifications
### AWS Cloud
- [AWS Certified Cloud Practitioner Exam Guide](https://d1.awsstatic.com/training-and-certification/docs-cloud-practitioner/AWS-Certified-Cloud-Practitioner_Exam-Guide.pdf)
- [AWS Cloud Practitioner Essentials (Free)](https://aws.amazon.com/training/learn-about/cloud-practitioner/)
- [AWS Cloud Quest: Cloud Practitioner](https://aws.amazon.com/training/digital/aws-cloud-quest/)
- [AWS Skill Builder - Free Learning Path](https://explore.skillbuilder.aws/learn/public/learning_plan/view/1/cloud-foundations-learning-plan)
- [Ultimate AWS Certified Cloud Practitioner CLF-C02 2025](https://www.udemy.com/course/aws-certified-cloud-practitioner-new/)
- [AWS Certified Cloud Practitioner YouTube Course](https://www.youtube.com/watch?v=SOTamWNgDKc)
- [AWS Certified Cloud Practitioner 15 Hour FreeCodeCamp](https://www.youtube.com/watch?v=NhDYbskXRgc)
- [AWS Security Specialty](https://aws.amazon.com/certification/certified-security-specialty/)
### Microsoft Azure
- [Azure Fundamentals (AZ-900)](https://learn.microsoft.com/en-us/training/paths/az-900-describe-cloud-concepts/)
- [Azure Security Engineer Associate](https://learn.microsoft.com/en-us/certifications/azure-security-engineer/)
### Google Cloud
- [Google Cloud Digital Leader](https://cloud.google.com/certification/cloud-digital-leader)
- [Google Professional Cloud Security Engineer](https://cloud.google.com/certification/cloud-security-engineer)
### Other Cloud Platforms
- [Oracle Cloud Infrastructure Foundations](https://education.oracle.com/oracle-cloud-infrastructure-foundations-2023-associate/pexam_1Z0-1085-23)
- [IBM Cloud Essentials](https://www.ibm.com/training/badge/cloud-essentials)
---
## CISSP Resources
### Official Materials
- [CISSP Exam Outline](https://www.isc2.org/-/media/ISC2/Certifications/Exam-Outlines/CISSP-Exam-Outline-English-April-2021.ashx)
- [ISC2 CISSP Certification Details](https://www.isc2.org/Certifications/CISSP)
- [ISC2 Official Training](https://www.isc2.org/Training/Self-Study-Resources)
- [Official ISC2 CISSP Study Guide (9th Edition)](https://www.amazon.com/Certified-Information-Security-Professional-Official/dp/1119786231/)
- [CISSP Study Guide 2025-2026](https://www.amazon.com/CISSP-Study-Guide-2025-2026-Certification/dp/B0DRHZG41M)
- [CISSP For Dummies (7th Edition)](https://www.amazon.com/CISSP-Dummies-Computer-Tech/dp/1119806836/)
### Practice Tests & Prep
- [CISSP Official Practice Tests (3rd Edition)](https://www.amazon.com/CISSP-Official-ISC-Practice-Tests/dp/1119787637/)
- [Boson CISSP Practice Exams](https://www.boson.com/practice-exam/cissp-isc2-practice-exam)
- [TotalTester CISSP Practice Exams](https://www.totalsem.com/cissp-practice-tests/)
- [CISSP Pocket Prep Mobile App](https://pocketprep.com/exam-bank/isc2-cissp/)
- [CISSP Certification Complete Training 2025](https://www.udemy.com/course/cissp-certification-cissp-training/)
- [CISSP Practice Exams 2025](https://www.udemy.com/course/cissp-practice-exams-2020/)
### YouTube Courses
- [CISSP Course 2024](https://www.youtube.com/watch?v=M1_v5HBVHWo)
- [CISSP MasterClass - Mike Chapple](https://www.youtube.com/watch?v=v8furUCfuaY)
- [Inside CISSP - Kelly Handerhan](https://www.youtube.com/playlist?list=PL7XJSuT7Dq_XPLpbZOrNXA-lsQbvx3YeQ)
### Study Resources
- [Study Notes and Theory CISSP Blog](https://www.studynotesandtheory.com/)
- [Cybrary CISSP Course (Free)](https://www.cybrary.it/course/cissp/)
---
## LinkedIn Professionals to Follow
### Industry Leaders
- [Mike Chapple](https://www.linkedin.com/in/mikechapple/) - Security educator
- [Brian Krebs](https://www.linkedin.com/in/bkrebs/) - Security journalist
- [Troy Hunt](https://www.linkedin.com/in/troyhunt/) - Web security expert
- [Heath Adams](https://www.linkedin.com/in/heathadams/) - Ethical hacking educator
- [Jason Dion](https://www.linkedin.com/in/jasondion/) - CompTIA instructor
- [Kevin Mitnick](https://www.linkedin.com/in/kevinmitnick/) - Security consultant
- [Chuck Brooks](https://www.linkedin.com/in/chuckbrooks/) - Security thought leader
- [Jane Frankland](https://www.linkedin.com/in/janefrankland/) - Cybersecurity strategist
- [Rinki Sethi](https://www.linkedin.com/in/rinkisethi/) - Security leader
- [Tyler Cohen Wood](https://www.linkedin.com/in/tylercohenwood/) - Threat intelligence
### Organizations
- [CompTIA](https://www.linkedin.com/company/comptia/posts/?feedView=all)
- [ISC2](https://www.linkedin.com/company/isc2/)
- [ISACA](https://www.linkedin.com/company/isaca/)
- [SANS Institute](https://www.linkedin.com/company/sans-institute/)
- [OWASP](https://www.linkedin.com/company/owasp/)
---
## Additional Learning Resources
### Specialized Platforms
- [Infosec Skills](https://www.infosecinstitute.com/skills/) - Hands-on labs
- [INE Security](https://ine.com/learning/areas/security) - Security specialization
- [Offensive Security](https://www.offensive-security.com/) - Advanced training
- [EC-Council CodeRed](https://codered.eccouncil.org/) - Interactive learning
- [ITPRO](https://www.acilearning.com/itpro/) - IT Professional training
- [Professor Messer Website](https://www.professormesser.com/) - Free study materials
### Cheat Sheets & References
- [Digital Cloud Training AWS Cheat Sheets](https://digitalcloud.training/aws-cheat-sheets/)
- [Tutorials Dojo AWS Exam Guide](https://tutorialsdojo.com/aws-cloud-practitioner-clf-c02-exam-guide/)
- [wyzguys Cybersecurity Blog (CASP focused)](https://wyzguyscybersecurity.com/new-insights-for-the-casp-cas-004-exam/)
---
**Last Updated:** November 2025
**Tips for Success:**
- Start with free resources to test your interest
- Combine video courses with hands-on labs
- Use practice exams to measure progress
- Join communities for support and networking
- Stay current with security news and trends

241
RESOURCES/CERTIFICATIONS.md Normal file
View File

@ -0,0 +1,241 @@
# Certifications & Exam Prep
Comprehensive certification resources including exam objectives, practice tests, official materials, and exam prep guides.
## CompTIA Exam Objectives
Official exam objectives documents for all major CompTIA certifications:
### Core Infrastructure
- [A+ Core 1 (220-1101)](https://partners.comptia.org/docs/default-source/resources/comptia-a-220-1101-exam-objectives-(3-0))
- [A+ Core 2 (220-1102)](https://partners.comptia.org/docs/default-source/resources/comptia-a-220-1102-exam-objectives-(3-0))
- [Network+ (N10-009)](https://partners.comptia.org/docs/default-source/resources/comptia-network-n10-009-exam-objectives-(4-0))
### Security
- [Security+ (SY0-701)](https://assets.ctfassets.net/82ripq7fjls2/6TYWUym0Nudqa8nGEnegjG/0f9b974d3b1837fe85ab8e6553f4d623/CompTIA-Security-Plus-SY0-701-Exam-Objectives.pdf)
- [CySA+ (CS0-003)](https://partners.comptia.org/docs/default-source/resources/comptia-cysa-cs0-003-exam-objectives-(2-0))
- [PenTest+ (PT0-003)](https://partners.comptia.org/docs/default-source/resources/comptia-pentest-pt0-003-exam-objectives-(1-0))
- [SecurityX (CAS-005)](https://partners.comptia.org/docs/default-source/resources/comptia-securityx-cas-005-exam-objectives-(3-0))
### Additional Certifications
- [Linux+ (XK0-005)](https://partners.comptia.org/docs/default-source/resources/comptia-linux-xk0-005-exam-objectives-(1-0))
- [Cloud+ (CV0-003)](https://partners.comptia.org/docs/default-source/resources/comptia-cloud-cv0-003-exam-objectives-(1-0))
- [Data+ (DA0-001)](https://partners.comptia.org/docs/default-source/resources/comptia-data-da0-001-exam-objectives-(2-0))
- [Server+ (SK0-005)](https://partners.comptia.org/docs/default-source/resources/comptia-server-sk0-005-exam-objectives-(1-0))
---
## Practice Test Resources
### Free Practice Tests
- [CertNova](https://www.certnova.com/) - Free practice tests
- [ExamCompass](https://www.examcompass.com/) - Practice exams
- [ExamDigest](https://examsdigest.com/) - Exam resources
- [Quizlet](https://quizlet.com/) - Flashcards & quizzes
### Premium Practice Tests
- [Mike Meyers Practice Tests](https://www.totalsem.com/total-tester-practice-tests/) - Total Tester
- [Boson Practice Exams](https://www.boson.com/) - Realistic exam simulations
- [Udemy Practice Exams](https://www.udemy.com/) - Various certification practice tests
---
## Exam Vouchers & Discounts
### Student Discounts
- [CompTIA Student Discount](https://academic-store.comptia.org/) - 50% vouchers for students with valid .edu email
### Official Resources
- [Official CompTIA Resources](https://www.comptia.org/resources) - Study materials and exam information
- [CompTIA.org](https://www.comptia.org/) - Main certification website
- [CompTIA CertMaster](https://www.comptia.org/training/certmaster) - Official training platform
---
## Cloud Certifications
### AWS Certifications
**Foundational:**
- [AWS Certified Cloud Practitioner](https://aws.amazon.com/certification/certified-cloud-practitioner/)
- [Exam Guide (CLF-C02)](https://d1.awsstatic.com/training-and-certification/docs-cloud-practitioner/AWS-Certified-Cloud-Practitioner_Exam-Guide.pdf)
**Security:**
- [AWS Certified Security Specialty](https://aws.amazon.com/certification/certified-security-specialty/)
**Resources:**
- [AWS Cloud Practitioner Essentials (Free)](https://aws.amazon.com/training/learn-about/cloud-practitioner/)
- [AWS Cloud Quest: Cloud Practitioner](https://aws.amazon.com/training/digital/aws-cloud-quest/)
- [AWS Skill Builder - Free Learning Path](https://explore.skillbuilder.aws/learn/public/learning_plan/view/1/cloud-foundations-learning-plan)
### Microsoft Azure Certifications
**Foundational:**
- [Azure Fundamentals (AZ-900)](https://learn.microsoft.com/en-us/training/paths/az-900-describe-cloud-concepts/)
**Security:**
- [Azure Security Engineer Associate (AZ-500)](https://learn.microsoft.com/en-us/certifications/azure-security-engineer/)
### Google Cloud Certifications
**Foundational:**
- [Google Cloud Digital Leader](https://cloud.google.com/certification/cloud-digital-leader)
**Security:**
- [Google Professional Cloud Security Engineer](https://cloud.google.com/certification/cloud-security-engineer)
### Other Cloud Platforms
- [Oracle Cloud Infrastructure Foundations (1Z0-1085-23)](https://education.oracle.com/oracle-cloud-infrastructure-foundations-2023-associate/pexam_1Z0-1085-23)
- [IBM Cloud Essentials](https://www.ibm.com/training/badge/cloud-essentials)
- [Cloud Security Alliance CCSK](https://cloudsecurityalliance.org/education/ccsk/)
---
## CISSP Resources
### Official Materials
**Exam Information:**
- [CISSP Exam Outline](https://www.isc2.org/-/media/ISC2/Certifications/Exam-Outlines/CISSP-Exam-Outline-English-April-2021.ashx)
- [ISC2 CISSP Certification Details](https://www.isc2.org/Certifications/CISSP)
- [ISC2 Official Training](https://www.isc2.org/Training/Self-Study-Resources)
**Study Guides:**
- [Official ISC2 CISSP Study Guide (9th Edition)](https://www.amazon.com/Certified-Information-Security-Professional-Official/dp/1119786231/)
- [CISSP Study Guide 2025-2026](https://www.amazon.com/CISSP-Study-Guide-2025-2026-Certification/dp/B0DRHZG41M)
- [CISSP For Dummies (7th Edition)](https://www.amazon.com/CISSP-Dummies-Computer-Tech/dp/1119806836/)
### Practice Tests & Prep
**Practice Exams:**
- [CISSP Official Practice Tests (3rd Edition)](https://www.amazon.com/CISSP-Official-ISC-Practice-Tests/dp/1119787637/)
- [Boson CISSP Practice Exams](https://www.boson.com/practice-exam/cissp-isc2-practice-exam)
- [TotalTester CISSP Practice Exams](https://www.totalsem.com/cissp-practice-tests/)
- [CISSP Pocket Prep Mobile App](https://pocketprep.com/exam-bank/isc2-cissp/)
**Udemy Courses:**
- [CISSP Certification Complete Training 2025](https://www.udemy.com/course/cissp-certification-cissp-training/)
- [CISSP Practice Exams 2025](https://www.udemy.com/course/cissp-practice-exams-2020/)
### YouTube Courses
- [CISSP Course 2024](https://www.youtube.com/watch?v=M1_v5HBVHWo)
- [CISSP MasterClass - Mike Chapple](https://www.youtube.com/watch?v=v8furUCfuaY)
- [Inside CISSP - Kelly Handerhan](https://www.youtube.com/playlist?list=PL7XJSuT7Dq_XPLpbZOrNXA-lsQbvx3YeQ)
### Study Resources
- [Study Notes and Theory CISSP Blog](https://www.studynotesandtheory.com/)
- [Cybrary CISSP Course (Free)](https://www.cybrary.it/course/cissp/)
---
## Offensive Security Certifications
### OSCP (Offensive Security Certified Professional)
**Official Resources:**
- [OSCP Certification](https://www.offsec.com/courses-and-certifications/oscp-certification)
- [PWK Course (PEN-200)](https://www.offensive-security.com/pwk-oscp/)
- [Proving Grounds Practice Labs](https://www.offensive-security.com/labs/)
### OSWE (Offensive Security Web Expert)
**Official Resources:**
- [OSWE Certification](https://www.offensive-security.com/web-expert-oswe/)
- [AWE Course (WEB-300)](https://www.offensive-security.com/awe-oswe/)
### OSEP (Offensive Security Experienced Penetration Tester)
**Official Resources:**
- [OSEP Certification](https://www.offsec.com/courses-and-certifications/osep-certification)
- [PEN-300 Course](https://www.offensive-security.com/pen300-osep/)
---
## EC-Council Certifications
### CEH (Certified Ethical Hacker)
**Official Resources:**
- [CEH v12 Certification](https://www.eccouncil.org/train-certify/certified-ethical-hacker-ceh-v12/)
- [EC-Council Training](https://www.eccouncil.org/train-certify/)
---
## GIAC Certifications
### Security Essentials
- [GSEC - Security Essentials](https://www.giac.org/certifications/security-essentials-gsec/)
### Penetration Testing
- [GPEN - Penetration Tester](https://www.giac.org/certifications/penetration-tester-gpen/)
- [GWAPT - Web Application Penetration Tester](https://www.giac.org/certifications/web-application-penetration-tester-gwapt/)
- [GXPN - Exploit Researcher and Advanced Penetration Tester](https://www.giac.org/certification/exploit-researcher-advanced-penetration-tester-gxpn/)
### Incident Response
- [GCIH - Certified Incident Handler](https://www.giac.org/certifications/certified-incident-handler-gcih/)
- [GCFA - Certified Forensic Analyst](https://www.giac.org/certifications/certified-forensic-analyst-gcfa/)
---
## ISACA Certifications
### Audit & Governance
- [CISA - Certified Information Systems Auditor](https://www.isaca.org/credentialing/cisa)
- [CRISC - Risk and Information Systems Control](https://www.isaca.org/credentialing/crisc)
- [CISM - Certified Information Security Manager](https://www.isaca.org/credentialing/cism)
---
## Cisco Certifications
### Network Security
- [CCNA - Cisco Certified Network Associate](https://www.cisco.com/c/en/us/training-events/training-certifications/certifications/associate/ccna.html)
- [CCNP Security](https://www.cisco.com/c/en/us/training-events/training-certifications/certifications/professional/ccnp-security-v2.html)
---
## Additional Certifications
### SANS/GIAC
- [SANS Certification Catalog](https://www.sans.org/cyber-security-certifications/)
### Vendor-Specific
- [Microsoft Security Certifications](https://learn.microsoft.com/en-us/certifications/browse/?products=azure%2Cm365&type=role-based)
- [Check Point CCSA/CCSE](https://www.checkpoint.com/support-services/training-certification/)
- [Palo Alto Networks PCNSA/PCNSE](https://www.paloaltonetworks.com/services/education/certification)
---
## Certification Tracking & Communities
### Study Communities
- [r/CompTIA](https://www.reddit.com/r/CompTIA/) - CompTIA certification community
- [r/CISSP](https://www.reddit.com/r/cissp/) - CISSP study group
- [Discord Servers](https://discord.com/) - Various certification study groups
### Career Planning
For detailed certification roadmaps by career path, see:
- [Certification Roadmaps](../ROADMAPS/README.md)
---
[Back to Resources](./README.md) | [Back to Main](../README.md)

231
RESOURCES/COMMUNITIES.md Normal file
View File

@ -0,0 +1,231 @@
# Communities & Content Creators
Connect with cybersecurity professionals, educators, and communities across YouTube, Reddit, LinkedIn, and other platforms.
## YouTube Channels & Videos
### Top Cybersecurity Channels
**Certification Training:**
- [Professor Messer](https://www.youtube.com/@professormesser) - CompTIA certification prep (Security+, Network+, A+)
- [CBT Nuggets](https://www.youtube.com/user/cbtnuggets) - Professional IT training
- [ITProTV](https://www.youtube.com/user/ITProTV) - IT certifications and training
**Networking & Security:**
- [NetworkChuck](https://www.youtube.com/@NetworkChuck) - Networking, security, and IT tutorials
- [PowerCert Animated Videos](https://www.youtube.com/@PowerCertAnimatedVideos) - Educational IT animations
- [howtonetwork](https://www.youtube.com/@howtonetworkcom) - Network fundamentals
- [Practical Networking](https://www.youtube.com/@PracticalNetworking) - Networking concepts explained
- [David Bombal](https://www.youtube.com/@davidbombal) - Cisco, networking, and cybersecurity
**Ethical Hacking & Pentesting:**
- [HackerSploit](https://www.youtube.com/@HackerSploit) - Ethical hacking tutorials and cybersecurity
- [The Cyber Mentor](https://www.youtube.com/channel/UC0ArlFuFYMpEewyRBzdLHiw) - Ethical hacking and penetration testing
- [John Hammond](https://www.youtube.com/@_JohnHammond) - Hacking, CTFs, and security challenges
- [LiveOverflow](https://www.youtube.com/@LiveOverflow) - CTF walkthroughs and binary exploitation
- [PwnFunction](https://www.youtube.com/@PwnFunction) - Security concepts and vulnerability explanations
**Cybersecurity Education:**
- [Cyberkraft](https://www.youtube.com/@cyberkraft) - Cybersecurity education and career advice
- [freeCodeCamp.org](https://www.youtube.com/freecodecamp) - Free comprehensive programming and security courses
- [Eli the Computer Guy](https://www.youtube.com/user/elithecomputerguy) - IT fundamentals and networking
**Career & Productivity:**
- [With Sandra](https://www.youtube.com/@WithSandra) - Tech career advice
- [Andrew Huberman](https://www.youtube.com/@hubermanlab) - Learning science and productivity
- [Tech with Jono](https://www.youtube.com/@TechwithJono) - Tech tutorials
**Security News & Conferences:**
- [SecurityWeekly](https://www.youtube.com/@SecurityWeekly) - Security news and weekly updates
- [BlackHat Official](https://www.youtube.com/@BlackHatOfficialYT) - Security conference presentations
- [DEFCONConference](https://www.youtube.com/@DEFCONConference) - Hacker conference talks
---
## Reddit Communities
### Main Cybersecurity Subreddits
**General Security:**
- [r/CyberSecurity](https://www.reddit.com/r/cybersecurity/) - General cybersecurity discussions
- [r/InformationSecurity](https://www.reddit.com/r/InformationSecurity/) - InfoSec news and discussions
- [r/netsec](https://www.reddit.com/r/netsec/) - Network security news and research
- [r/AskNetsec](https://www.reddit.com/r/AskNetsec/) - Network security Q&A
- [r/ITsecurity](https://www.reddit.com/r/ITsecurity/) - IT security discussions
**Offensive & Defensive Security:**
- [r/ethicalhacking](https://www.reddit.com/r/ethicalhacking/) - Ethical hacking community
- [r/BlueTeamSec](https://www.reddit.com/r/BlueTeamSec/) - Defensive security (blue team)
- [r/RedTeam](https://www.reddit.com/r/RedTeam/) - Offensive security (red team)
- [r/netsecstudents](https://www.reddit.com/r/netsecstudents/) - Students learning security
**Career & Learning:**
- [r/CompTIA](https://www.reddit.com/r/CompTIA/) - CompTIA certifications discussion
- [r/ITCareerQuestions](https://www.reddit.com/r/ITCareerQuestions/) - IT and security career advice
### Certification-Specific Communities
**CompTIA:**
- [r/CompTIA](https://www.reddit.com/r/CompTIA/) - All CompTIA certifications
- [r/Casp](https://www.reddit.com/r/casp/) - CASP+/SecurityX certification
**Networking:**
- [r/CCNA](https://www.reddit.com/r/ccna/) - Cisco CCNA certification
- [r/sysadmin](https://www.reddit.com/r/sysadmin/) - System administration
**Operating Systems:**
- [r/linuxquestions](https://www.reddit.com/r/linuxquestions/) - Linux help and questions
**Specialized:**
- [r/ReverseEngineering](https://www.reddit.com/r/ReverseEngineering/) - Reverse engineering discussions
- [r/WGU](https://www.reddit.com/r/WGU/) - Western Governors University IT programs
### Popular Reddit Study Posts
**Certification Success Stories:**
- [Master List: Study Resources for A+, Network+, Security+](https://www.reddit.com/r/CompTIA/comments/i7hx4t/master_list_i_compiled_and_ranked_every_major/)
- [How I Passed Sec+](https://www.reddit.com/r/CompTIA/comments/zkjs1d/how_a_dumdum_like_me_passed_sec/)
- [How I Passed CompTIA A+, N+, S+](https://www.reddit.com/r/CompTIA/comments/1cra3cg/how_i_passed_comptia_a_n_s/)
- [Passed Sec+, PenTest+, CySA+ in 2 Months 22 Days](https://www.reddit.com/r/CompTIA/comments/1f5cofp/passed_sec_pentest_cysa_in_2_months_22_days/)
- [CompTIA Trifecta in 6 Months](https://www.reddit.com/r/CompTIA/comments/1fmjb2p/just_passed_network_got_the_trifecta_in_about_6/)
- [I Passed CASP+ Study Guide](https://www.reddit.com/r/casp/comments/1ft2qjr/i_passed_casp_this_is_what_i_did_to_prepare/)
**Career Advice:**
- [34 Year Old, No IT Experience, Got Hired After A+ Cert](https://www.reddit.com/r/CompTIA/comments/m38lb8/update_34_years_old_posted_a_month_ago_about/)
- [Hiring Manager Advice to Newbies](https://www.reddit.com/r/ITCareerQuestions/comments/ni4vnm/general_advice_from_a_hiring_manager_and_23_year/)
---
## LinkedIn Professionals to Follow
### Industry Leaders & Educators
**Security Educators:**
- [Mike Chapple](https://www.linkedin.com/in/mikechapple/) - Security educator and CISSP instructor
- [Jason Dion](https://www.linkedin.com/in/jasondion/) - CompTIA instructor and course creator
- [Heath Adams](https://www.linkedin.com/in/heathadams/) - Ethical hacking educator (The Cyber Mentor)
**Security Researchers & Journalists:**
- [Brian Krebs](https://www.linkedin.com/in/bkrebs/) - Security journalist and researcher
- [Troy Hunt](https://www.linkedin.com/in/troyhunt/) - Web security expert, creator of Have I Been Pwned
- [Kevin Mitnick](https://www.linkedin.com/in/kevinmitnick/) - Security consultant and former hacker
**Thought Leaders:**
- [Chuck Brooks](https://www.linkedin.com/in/chuckbrooks/) - Cybersecurity thought leader
- [Jane Frankland](https://www.linkedin.com/in/janefrankland/) - Cybersecurity strategist
- [Rinki Sethi](https://www.linkedin.com/in/rinkisethi/) - Security leader
- [Tyler Cohen Wood](https://www.linkedin.com/in/tylercohenwood/) - Threat intelligence expert
### Professional Organizations
**Major Organizations:**
- [CompTIA](https://www.linkedin.com/company/comptia/posts/?feedView=all) - IT industry association
- [ISC2](https://www.linkedin.com/company/isc2/) - Cybersecurity certification body
- [ISACA](https://www.linkedin.com/company/isaca/) - IT audit and governance
- [SANS Institute](https://www.linkedin.com/company/sans-institute/) - Security training
- [OWASP](https://www.linkedin.com/company/owasp/) - Open Web Application Security Project
---
## Security News & Blogs
### Industry News Sites
**Top Security Blogs:**
- [Krebs on Security](https://krebsonsecurity.com/) - In-depth security news by Brian Krebs
- [Dark Reading](https://www.darkreading.com/) - Cybersecurity news and analysis
- [Rapid7 Blog](https://www.rapid7.com/blog/) - Security research and insights
- [Malwarebytes Labs](https://blog.malwarebytes.com/) - Threat intelligence and research
**RSS Feeds & Aggregators:**
- [The Hacker News](https://thehackernews.com/) - Breaking cybersecurity news
- [Threatpost](https://threatpost.com/) - Security news
- [SecurityWeek](https://www.securityweek.com/) - Enterprise security news
---
## Security Conferences & Events
### Major Conferences
**Premier Events:**
- [Black Hat](https://www.blackhat.com/) - Leading security conference
- [DEF CON](https://defcon.org/) - Hacker convention
- [RSA Conference](https://www.rsaconference.com/) - Security industry event
- [BSides](http://www.securitybsides.com/) - Community-driven security conferences
**Specialized Events:**
- [SANS Security Summit](https://www.sans.org/cyber-security-summit/) - Training-focused events
- [OWASP Global AppSec](https://owasp.org/events/) - Application security conference
- [ShmooCon](https://www.shmoocon.org/) - Hacker convention
---
## Podcasts
### Security Podcasts
- [Darknet Diaries](https://darknetdiaries.com/) - True stories from the dark side of the Internet
- [Security Now](https://twit.tv/shows/security-now) - Weekly security discussion
- [Risky Business](https://risky.biz/) - Information security podcast
- [SANS Internet Stormcenter Daily](https://isc.sans.edu/podcast.html) - Daily security podcast
- [The CyberWire Daily](https://thecyberwire.com/podcasts/daily-podcast) - Daily cybersecurity news
---
## Discord & Slack Communities
### Study Groups
**Popular Servers:**
- TryHackMe Official Discord
- Hack The Box Discord
- r/CompTIA Discord
- OSCP Study Groups
- Various certification-specific servers
**Finding Communities:**
- Search Discord for "cybersecurity" or specific certification names
- Check subreddit sidebars for official Discord links
- Join course-specific communities (Udemy, Cybrary, etc.)
---
## Twitter/X Security Community
### Security Researchers to Follow
**Notable Accounts:**
- Follow researchers who present at Black Hat, DEF CON
- CERT/CC and national security organizations
- Security tool developers and maintainers
- Vulnerability researchers and bug bounty hunters
**Hashtags:**
- #InfoSec
- #CyberSecurity
- #Hacking
- #BugBounty
- #ThreatIntel
---
## Professional Organizations
### Membership Organizations
**Global Organizations:**
- [CompTIA](https://www.comptia.org/) - Computing Technology Industry Association
- [ISC2](https://www.isc2.org/) - International Information System Security Certification Consortium
- [ISACA](https://www.isaca.org/) - Information Systems Audit and Control Association
- [SANS Institute](https://www.sans.org/) - SysAdmin, Audit, Network, and Security Institute
- [OWASP](https://owasp.org) - Open Web Application Security Project
**Regional & Specialized:**
- [ISSA](https://www.issa.org/) - Information Systems Security Association
- [EC-Council](https://www.eccouncil.org/) - International Council of E-Commerce Consultants
- [Cloud Security Alliance](https://cloudsecurityalliance.org/) - Cloud security best practices
---
[Back to Resources](./README.md) | [Back to Main](../README.md)

204
RESOURCES/COURSES.md Normal file
View File

@ -0,0 +1,204 @@
# Courses & Training
Comprehensive list of free and premium learning platforms, courses, and training programs for cybersecurity professionals.
## Study Platforms & Courses
### Free Learning Platforms
- [Cybrary](https://www.cybrary.it) - Free cybersecurity courses
- [TryHackMe](https://tryhackme.com/) - Interactive hacking challenges
- [Hack The Box](https://www.hackthebox.com/) - Penetration testing labs
- [HackTheBox Academy](https://academy.hackthebox.com/) - Structured learning paths
- [SANS Cyber Aces Online](https://www.cyberaces.org/) - Free tutorials
- [Coursera](https://www.coursera.org/) - University-level courses
- [edX Cybersecurity Programs](https://www.edx.org/professional-certificate/cybersecurity) - Professional certificates
- [freeCodeCamp](https://www.youtube.com/freecodecamp) - Free comprehensive courses
- [Codecademy Cybersecurity](https://www.codecademy.com/catalog/subject/cybersecurity) - Interactive coding
### Premium Platforms
- [Pluralsight](https://www.pluralsight.com/) - Tech skill development
- [CBT Nuggets](https://www.cbtnuggets.com/) - Video training
- [LinkedIn Learning](https://www.linkedin.com/learning/) - Professional development
- [INE Security Courses](https://ine.com/learning/areas/security) - Cybersecurity specialization
- [Infosec Skills](https://www.infosecinstitute.com/skills/) - Hands-on labs
- [Offensive Security (OffSec)](https://www.offensive-security.com/) - Advanced training
- [TestOut](https://testoutce.com/) - Certification prep
- [EC-Council CodeRed](https://codered.eccouncil.org/) - Interactive learning
- [ITPRO](https://www.acilearning.com/itpro/) - IT Professional training
---
## Udemy Courses
### CompTIA Certification Courses
**Security+:**
- [CompTIA Security+ (SY0-701) Complete Course & Exam](https://www.udemy.com/course/securityplus)
- [CompTIA Security+ (SY0-701) Practice Exams Set 1](https://www.udemy.com/course/comptia-security-sy0-701-practice-exams/)
- [CompTIA Security+ (SY0-701) Practice Exams Set 2](https://www.udemy.com/course/comptia-security-sy0-701-practice-exams-2nd-edition/)
- [TOTAL: CompTIA Security+ Certification Course + Exam SY0-701](https://www.udemy.com/course/total-comptia-security-plus/)
**A+:**
- [CompTIA A+ Core 1 (220-1101) Complete Course & Practice Exam](https://www.udemy.com/course/comptia-a-core-1/)
- [CompTIA A+ Core 2 (220-1102) Complete Course & Practice Exam](https://www.udemy.com/course/comptia-a-core-2/)
- [CompTIA A+ (220-1101) Core 1 Practice Exams](https://www.udemy.com/course/comptia-a-220-1101-core-1-practice-exams-new-for-2022/)
- [CompTIA A+ (220-1102) Core 2 Practice Exams](https://www.udemy.com/course/comptia-a-220-1102-core-2-practice-exams-new-for-2022/)
- [CompTIA A+ Core 1 & Core 2 - IT Cert Doctor - 2024](https://www.udemy.com/course/it-cert-doctor-comptia-a-220-1101-1102/)
**Network+:**
- [CompTIA Network+ (N10-009) Full Course & Practice Exam](https://www.udemy.com/course/comptia-network-009/)
- [CompTIA Network+ (N10-009) 6 Full Practice Exams Set 1](https://www.udemy.com/course/comptia-network-n10-009-6-practice-exams-and-pbqs-set-1/)
- [CompTIA Network+ (N10-009) 6 Full Practice Exams Set 2](https://www.udemy.com/course/comptia-network-n10-009-6-practice-exams-and-pbqs-set-2/)
**CySA+:**
- [CompTIA CySA+ (CS0-003) Complete Course & Practice Exam](https://www.udemy.com/course/comptia-cysa-003/)
- [CompTIA CySA+ (CS0-003) Practice Exams](https://www.udemy.com/course/comptia-cysa-cs0-003-practice-exams/)
**PenTest+:**
- [CompTIA PenTest+ (PT0-003) Full Course & Practice Exam](https://www.udemy.com/course/pentestplus/)
- [CompTIA PenTest+ (PT0-003) 6 Practice Exams](https://www.udemy.com/course/comptia-pentest-pt0-003-6-practice-exams/)
**SecurityX (formerly CASP+):**
- [CompTIA SecurityX (CAS-005) Complete Course & Practice Exam](https://www.udemy.com/course/casp-plus/)
- [CompTIA SecurityX (CAS-005) Practice Exam Prep](https://www.udemy.com/course/comptia-securityx-practice-exam-prep-new/)
**Linux+:**
- [CompTIA Linux+ (XK0-005) Complete Course & Exam](https://www.udemy.com/course/comptia-linux/)
- [CompTIA Linux+ (XK0-005) Practice Exams & Simulated PBQs](https://www.udemy.com/course/comptia-linux-exams/)
### Other Security Courses
**General Cybersecurity:**
- [The Complete Cyber Security Course : Hackers Exposed!](https://www.udemy.com/course/the-complete-internet-security-privacy-course-volume-1/)
- [The Complete Cyber Security Course : Network Security!](https://www.udemy.com/course/network-security-course/)
- [The Complete Cyber Security Course : End Point Protection!](https://www.udemy.com/course/the-complete-cyber-security-course-end-point-protection/)
- [Complete Ethical Hacking & Cyber Security Masterclass Course](https://www.udemy.com/course/ethicalhackingcourse/)
**Frameworks & Advanced:**
- [Implementing the NIST Cybersecurity Framework (CSF)](https://www.udemy.com/course/nist-cybersecurity-framework/)
- [ISC2 CISSP Full Course & Practice Exam](https://www.udemy.com/course/isc2-cissp-full-course-practice-exam/)
- [ISC2 CISSP 6 Practice Exams](https://www.udemy.com/course/isc2-cissp-6-practice-exams/)
- [The Complete Certified in Cybersecurity CC course ISC2 2024](https://www.udemy.com/course/certifiedincybersecurity/)
---
## YouTube Courses & Playlists
### Full Certification Courses
**CompTIA:**
- [CompTIA A+ Full Course (31+ Hours)](https://www.youtube.com/watch?v=1CZXXNKAY5o&list=PLejqXniG-4qmFqpxbWd7Oo235uH1ffG2x&index=5)
- [CompTIA Network+ Full Course](https://www.youtube.com/watch?v=qiQR5rTSshw&list=PLejqXniG-4qmFqpxbWd7Oo235uH1ffG2x&index=6)
- [CompTIA Security+ SY0-701 Full Course](https://www.youtube.com/watch?v=KiEptGbnEBc&list=PLG49S3nxzAnl4QDVqK-hOnoqcSKEIDDuv)
- [CompTIA CySA+ 2024 Crash Course (10+ Hours)](https://www.youtube.com/watch?v=qP9x0mucwVc&list=PLejqXniG-4qmFqpxbWd7Oo235uH1ffG2x&index=9)
- [CASP+ Course](https://www.youtube.com/watch?v=vwNjLVpXNzk&list=PLCNmoXT8zexnJtDOdd8Owa8TAdSVVWF-J)
**Ethical Hacking:**
- [Ethical Hacking 15 Hours Course](https://www.youtube.com/watch?v=3FNYvj2U0HM&list=PLejqXniG-4qmFqpxbWd7Oo235uH1ffG2x&index=13)
- [Complete Ethical Hacking 16 Hours](https://www.youtube.com/watch?v=w_oxcjPOWos&list=PLejqXniG-4qmFqpxbWd7Oo235uH1ffG2x&index=4)
**Other Topics:**
- [Python Full Course for Free](https://www.youtube.com/watch?v=ix9cRaBkVe0)
- [Subnetting Mastery](https://www.youtube.com/watch?v=BWZ-MHIhqjM&list=PLIFyRwBY_4bQUE4IB5c4VPRyDoLgOdExE)
- [NMAP Full Guide](https://www.youtube.com/watch?v=JHAMj2vN2oU&t=33s)
### Learning Science & Study Techniques
- [Optimal Protocols for Studying & Learning](https://youtu.be/ddq8JIMhz7c?si=qT00KFkFBAwm7LP7)
- [How to Study Using Active Recall](https://youtu.be/mzexJPoXBCM?si=sv-yeuIoLF9pwDRG)
- [Learning with Failures, Movement & Balance](https://youtu.be/jwChiek_aRY?si=3kyPbIAVwJWMPfnG)
### Practice Exam Videos
- [CompTIA Security+ PBQ](https://youtu.be/zfwxSmL4n6w?si=q5lXlvmViTK6TnSI)
- [CompTIA Network+ PBQ](https://www.youtube.com/live/9cdL214y-u0?si=lCSxriFy636PbOnR)
- [CompTIA CySA+ PBQ](https://www.youtube.com/live/0NMffWaxlmA?si=Rm9IBkZ04OAxFJtp)
- [CompTIA CASP+ PBQ](https://www.youtube.com/live/eInvTuYBF3Q?si=Hbe4mWLd3X31AUkA)
---
## Cloud Provider Training
### AWS Cloud
**Official AWS:**
- [AWS Cloud Practitioner Essentials (Free)](https://aws.amazon.com/training/learn-about/cloud-practitioner/)
- [AWS Cloud Quest: Cloud Practitioner](https://aws.amazon.com/training/digital/aws-cloud-quest/)
- [AWS Skill Builder - Free Learning Path](https://explore.skillbuilder.aws/learn/public/learning_plan/view/1/cloud-foundations-learning-plan)
**Third-Party AWS Courses:**
- [Ultimate AWS Certified Cloud Practitioner CLF-C02 2025](https://www.udemy.com/course/aws-certified-cloud-practitioner-new/)
- [AWS Certified Cloud Practitioner YouTube Course](https://www.youtube.com/watch?v=SOTamWNgDKc)
- [AWS Certified Cloud Practitioner 15 Hour FreeCodeCamp](https://www.youtube.com/watch?v=NhDYbskXRgc)
### Microsoft Azure
- [Azure Fundamentals (AZ-900)](https://learn.microsoft.com/en-us/training/paths/az-900-describe-cloud-concepts/)
- [Azure Security Engineer Associate](https://learn.microsoft.com/en-us/certifications/azure-security-engineer/)
### Google Cloud
- [Google Cloud Digital Leader](https://cloud.google.com/certification/cloud-digital-leader)
- [Google Professional Cloud Security Engineer](https://cloud.google.com/certification/cloud-security-engineer)
### Other Cloud Platforms
- [Oracle Cloud Infrastructure Foundations](https://education.oracle.com/oracle-cloud-infrastructure-foundations-2023-associate/pexam_1Z0-1085-23)
- [IBM Cloud Essentials](https://www.ibm.com/training/badge/cloud-essentials)
---
## Specialized Training Organizations
### Professional Organizations
- [SANS Institute](https://www.sans.org/) - Premium security training
- [InfoSec Institute](https://www.infosecinstitute.com/) - Cybersecurity education
- [OWASP](https://owasp.org) - Application security resources
- [SANS Cyber Aces](https://www.cyberaces.org/) - Free tutorials
- [Offensive Security](https://www.offensive-security.com/) - Advanced pentesting training
### Academic Resources
- [Professor Messer Website](https://www.professormesser.com/) - Free study materials and courses
- [Cybrary CISSP Course (Free)](https://www.cybrary.it/course/cissp/)
- [Study Notes and Theory CISSP Blog](https://www.studynotesandtheory.com/)
---
## Practice Platforms
### Hands-On Labs
- [TryHackMe](https://tryhackme.com/) - Guided learning paths
- [HackTheBox](https://www.hackthebox.com/) - Realistic machines
- [VulnHub](https://www.vulnhub.com/) - Downloadable VMs
- [PentesterLab](https://pentesterlab.com/) - Web app focused
- [Proving Grounds](https://www.offensive-security.com/labs/) - OSCP-like practice
### CTF Platforms
- [picoCTF](https://picoctf.org/) - Beginner-friendly CTF
- [CTFtime](https://ctftime.org/) - CTF competition calendar
- [OverTheWire](https://overthewire.org/) - War games
---
## Study Guides & Books
### CompTIA Study Materials
- [SYBEX CompTIA Books](https://www.amazon.com/s?k=wiley+sybex+comptia) - Official study guides
- [Notes: CompTIA A+, Network+ and Security+](https://www.udemy.com/course/comptia-a-1001-1002-study-notes/) - Study notes collection
### Reference Materials
- [Digital Cloud Training AWS Cheat Sheets](https://digitalcloud.training/aws-cheat-sheets/)
- [Tutorials Dojo AWS Exam Guide](https://tutorialsdojo.com/aws-cloud-practitioner-clf-c02-exam-guide/)
- [wyzguys Cybersecurity Blog (CASP focused)](https://wyzguyscybersecurity.com/new-insights-for-the-casp-cas-004-exam/)
---
[Back to Resources](./README.md) | [Back to Main](../README.md)

259
RESOURCES/FRAMEWORKS.md Normal file
View File

@ -0,0 +1,259 @@
# Security Frameworks & Standards
Comprehensive collection of security frameworks, compliance standards, and threat analysis models used across the cybersecurity industry.
## NIST Framework Suite
The National Institute of Standards and Technology (NIST) publishes comprehensive cybersecurity frameworks and guidelines.
### Core Frameworks
- [NIST Cybersecurity Framework](https://www.nist.gov/cyberframework) - Framework for improving critical infrastructure cybersecurity
- [NIST Privacy Framework](https://www.nist.gov/privacy-framework) - Privacy risk management framework
- [NIST 800-37 Risk Management Framework](https://csrc.nist.gov/publications/detail/sp/800-37/rev-2/final) - RMF for information systems and organizations
### Security Controls
- [NIST 800-53 Security Controls](https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final) - Security and privacy controls for information systems
- [NIST 800-171](https://csrc.nist.gov/publications/detail/sp/800-171/rev-2/final) - Protecting Controlled Unclassified Information (CUI)
### Risk Management
- [NIST 800-39 Managing Information Security Risk](https://csrc.nist.gov/publications/detail/sp/800-39/final) - Organization-level risk management
### Specialized Guidelines
- [NIST 800-61 Incident Handling Guide](https://csrc.nist.gov/publications/detail/sp/800-61/rev-2/final) - Computer security incident handling
- [NIST 800-63 Digital Identity Guidelines](https://pages.nist.gov/800-63-3/) - Digital identity framework
- [NIST 800-207 Zero Trust Architecture](https://csrc.nist.gov/publications/detail/sp/800-207/final) - Zero trust security model
- [NIST 800-218 Secure Software Development Framework](https://csrc.nist.gov/publications/detail/sp/800-218/final) - Secure SDLC practices
---
## ISO/IEC Standards
International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) security standards.
### Information Security Management
- [ISO/IEC 27001](https://www.iso.org/isoiec-27001-information-security.html) - Information security management systems (ISMS) requirements
- [ISO/IEC 27002](https://www.iso.org/standard/73906.html) - Code of practice for information security controls
### Specialized ISO Standards
- [ISO/IEC 27032](https://www.iso.org/standard/44375.html) - Guidelines for cybersecurity
- [ISO/IEC 27033](https://www.iso.org/standard/63411.html) - Network security management
- [ISO/IEC 27034](https://www.iso.org/standard/44379.html) - Application security guidelines
- [ISO 22301](https://www.iso.org/iso-22301-business-continuity.html) - Business continuity management systems
---
## Industry Security Frameworks
### Threat Intelligence & Attack Frameworks
**MITRE Corporation:**
- [MITRE ATT&CK Framework](https://attack.mitre.org/) - Adversary tactics, techniques, and common knowledge
- [MITRE Shield](https://shield.mitre.org/) - Active defense knowledge base
- [MITRE Engage](https://engage.mitre.org/) - Framework for adversary engagement operations
**Attack Models:**
- [Lockheed Martin Cyber Kill Chain](https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html) - Framework for identifying and preventing cyber intrusions
- [Diamond Model of Intrusion Analysis](https://www.threatintel.academy/wp-content/uploads/2020/07/diamond-model.pdf) - Model for analyzing cyber intrusions
- [Unified Kill Chain](https://www.unifiedkillchain.com/assets/The-Unified-Kill-Chain.pdf) - Unified framework combining multiple kill chain models
### Application Security
- [OWASP Top 10](https://owasp.org/www-project-top-ten/) - Top 10 web application security risks
- [OWASP ASVS](https://owasp.org/www-project-application-security-verification-standard/) - Application Security Verification Standard
- [OWASP SAMM](https://owaspsamm.org/) - Software Assurance Maturity Model
- [OWASP Mobile Top 10](https://owasp.org/www-project-mobile-top-10/) - Mobile application security risks
### Security Controls & Best Practices
- [CIS Controls](https://www.cisecurity.org/controls) - Critical security controls for effective cyber defense
- [CIS Benchmarks](https://www.cisecurity.org/cis-benchmarks/) - Configuration best practices for various technologies
### Cloud Security
- [Cloud Security Alliance CCSK](https://cloudsecurityalliance.org/education/ccsk/) - Certificate of Cloud Security Knowledge
- [CSA Cloud Controls Matrix](https://cloudsecurityalliance.org/research/cloud-controls-matrix/) - Security controls framework for cloud computing
- [AWS Well-Architected Framework](https://aws.amazon.com/architecture/well-architected/) - Security pillar for AWS
---
## Compliance & Regulatory Frameworks
### Financial Services
**Payment Card Industry:**
- [PCI-DSS](https://www.pcisecuritystandards.org/) - Payment Card Industry Data Security Standard
- Requirements for securing credit card transactions
- Applies to all entities that store, process, or transmit cardholder data
**Banking & Finance:**
- [SOX (Sarbanes-Oxley Act)](https://www.sarbanes-oxley-101.com/sarbanes-oxley-compliance.htm) - Financial reporting and IT controls
- [GLBA (Gramm-Leach-Bliley Act)](https://www.ftc.gov/business-guidance/privacy-security/gramm-leach-bliley-act) - Financial privacy requirements
### Healthcare
- [HIPAA Security Rule](https://www.hhs.gov/hipaa/for-professionals/security/index.html) - Health Insurance Portability and Accountability Act
- Protects electronic protected health information (ePHI)
- Administrative, physical, and technical safeguards
- [HITECH Act](https://www.hhs.gov/hipaa/for-professionals/special-topics/hitech-act-enforcement-interim-final-rule/index.html) - Health Information Technology for Economic and Clinical Health
### Privacy Regulations
**International:**
- [GDPR (General Data Protection Regulation)](https://gdpr.eu/) - European Union data protection and privacy
- Applies to all organizations processing EU citizen data
- Data protection by design and default
**United States:**
- [CCPA (California Consumer Privacy Act)](https://oag.ca.gov/privacy/ccpa) - California privacy law
- [CPRA (California Privacy Rights Act)](https://cpra.ca.gov/) - Enhanced California privacy protections
**Canada:**
- [PIPEDA](https://www.priv.gc.ca/en/privacy-topics/privacy-laws-in-canada/the-personal-information-protection-and-electronic-documents-act-pipeda/) - Personal Information Protection and Electronic Documents Act
### Federal & Government
**United States Federal:**
- [FISMA (Federal Information Security Management Act)](https://www.cisa.gov/fisma) - Federal information security requirements
- [FedRAMP (Federal Risk and Authorization Management Program)](https://www.fedramp.gov/) - Cloud security assessment for federal agencies
- [NIST SP 800-53](https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final) - Security controls for federal systems
**Defense:**
- [CMMC (Cybersecurity Maturity Model Certification)](https://www.acq.osd.mil/cmmc/) - DoD cybersecurity framework
- Required for defense contractors
- Tiered maturity model (Levels 1-3)
### Industry Standards
- [SOC 2 Type II](https://www.vanta.com/products/soc-2) - Service Organization Control 2
- Trust Services Criteria: Security, Availability, Processing Integrity, Confidentiality, Privacy
- Common for SaaS and cloud service providers
---
## Incident Response Frameworks
### Response Methodologies
**NIST Incident Response:**
- Preparation
- Detection and Analysis
- Containment, Eradication, and Recovery
- Post-Incident Activity
**SANS Incident Response:**
- Preparation
- Identification
- Containment
- Eradication
- Recovery
- Lessons Learned
---
## Risk Management Frameworks
### Enterprise Risk
- [ISO 31000](https://www.iso.org/iso-31000-risk-management.html) - Risk management guidelines
- [COSO ERM Framework](https://www.coso.org/guidance-on-enterprise-risk-management) - Enterprise risk management
- [FAIR (Factor Analysis of Information Risk)](https://www.fairinstitute.org/) - Quantitative risk analysis
### IT Risk
- [OCTAVE (Operationally Critical Threat, Asset, and Vulnerability Evaluation)](https://insights.sei.cmu.edu/library/octave-threat-based-risk-assessment/) - Risk-based strategic assessment
- [NIST RMF](https://csrc.nist.gov/projects/risk-management/about-rmf) - Risk Management Framework for information systems
---
## Security Architecture Frameworks
### Enterprise Architecture
- [SABSA (Sherwood Applied Business Security Architecture)](https://sabsa.org/) - Business-driven security architecture framework
- [TOGAF (The Open Group Architecture Framework)](https://www.opengroup.org/togaf) - Enterprise architecture methodology
- [Zachman Framework](https://www.zachman.com/about-the-zachman-framework) - Enterprise architecture framework
### Zero Trust
- [NIST Zero Trust Architecture (SP 800-207)](https://csrc.nist.gov/publications/detail/sp/800-207/final)
- [Microsoft Zero Trust Model](https://www.microsoft.com/en-us/security/business/zero-trust)
- [Google BeyondCorp](https://cloud.google.com/beyondcorp) - Zero trust security framework
---
## Industry-Specific Frameworks
### Critical Infrastructure
- [NERC CIP](https://www.nerc.com/pa/Stand/Pages/CIPstandards.aspx) - North American Electric Reliability Corporation Critical Infrastructure Protection
- [TSA Security Directives](https://www.tsa.gov/for-industry/security-directives) - Transportation security requirements
### Manufacturing & IoT
- [IEC 62443](https://www.isa.org/standards-and-publications/isa-standards/isa-iec-62443-series-of-standards) - Industrial automation and control systems security
- [NIST Cybersecurity for IoT](https://www.nist.gov/programs-projects/nist-cybersecurity-iot-program) - IoT security guidance
---
## Threat & Vulnerability Frameworks
### Vulnerability Databases
- [CVE (Common Vulnerabilities and Exposures)](https://cve.mitre.org/) - Vulnerability naming standard
- [NVD (National Vulnerability Database)](https://nvd.nist.gov/) - US government vulnerability database
- [CWE (Common Weakness Enumeration)](https://cwe.mitre.org/) - Software security weakness taxonomy
### Scoring Systems
- [CVSS (Common Vulnerability Scoring System)](https://www.first.org/cvss/) - Vulnerability severity scoring
- [EPSS (Exploit Prediction Scoring System)](https://www.first.org/epss/) - Likelihood of exploitation
---
## Data Breach & Incident Frameworks
### Incident Documentation
- [VERIS (Vocabulary for Event Recording and Incident Sharing)](http://veriscommunity.net/) - Framework for describing security incidents
- [STIX/TAXII](https://oasis-open.github.io/cti-documentation/) - Structured Threat Information Expression / Trusted Automated Exchange of Intelligence Information
---
## Maturity Models
### Security Maturity
- [OWASP SAMM](https://owaspsamm.org/) - Software Assurance Maturity Model
- [CMMC](https://www.acq.osd.mil/cmmc/) - Cybersecurity Maturity Model Certification
- [C2M2 (Cybersecurity Capability Maturity Model)](https://www.energy.gov/ceser/cybersecurity-capability-maturity-model-c2m2) - Energy sector cybersecurity maturity
### Governance Maturity
- [COBIT](https://www.isaca.org/resources/cobit) - Control Objectives for Information and Related Technologies
- IT governance and management framework
- Published by ISACA
---
## Additional Resources
### Framework Implementation Guides
- [NIST Cybersecurity Framework Implementation Guide](https://www.nist.gov/cyberframework/getting-started)
- [CIS Controls Implementation Groups](https://www.cisecurity.org/controls/cis-controls-implementation-groups)
- [ISO 27001 Implementation Guide](https://www.iso.org/standard/73906.html)
### Framework Mapping
- [NIST-to-ISO Mapping](https://www.nist.gov/cyberframework/nist-cybersecurity-framework-and-iso-27001)
- [CIS Controls to NIST CSF Mapping](https://www.cisecurity.org/controls/cis-controls-navigator)
---
[Back to Resources](./README.md) | [Back to Main](../README.md)

62
RESOURCES/README.md Normal file
View File

@ -0,0 +1,62 @@
# Cybersecurity Learning Resources
A comprehensive collection of tools, courses, certifications, communities, and frameworks for cybersecurity professionals and learners.
## Resource Categories
### [Tools](./TOOLS.md)
Cybersecurity tools organized by category: network analysis, security auditing, vulnerability scanning, SIEM platforms, and more.
### [Courses & Training](./COURSES.md)
Free and premium learning platforms, Udemy courses, hands-on labs, and specialized training programs.
### [Certifications](./CERTIFICATIONS.md)
Exam objectives, practice tests, official study guides, and certification preparation materials for CompTIA, CISSP, cloud providers, and more.
### [Communities](./COMMUNITIES.md)
YouTube channels, Reddit communities, LinkedIn professionals, and security conferences to connect with other professionals.
### [Frameworks & Standards](./FRAMEWORKS.md)
Industry frameworks (NIST, ISO, MITRE), compliance standards (PCI-DSS, HIPAA, GDPR), and security analysis models.
---
## Quick Links
**Popular Starting Points:**
- [CompTIA Exam Objectives](./CERTIFICATIONS.md#comptia-exam-objectives)
- [Free Learning Platforms](./COURSES.md#free-learning-platforms)
- [Security Frameworks](./FRAMEWORKS.md#nist-framework-suite)
- [Reddit Communities](./COMMUNITIES.md#main-subreddits)
- [YouTube Channels](./COMMUNITIES.md#top-cybersecurity-channels)
**Practice & Labs:**
- [TryHackMe](https://tryhackme.com/) - Interactive hacking challenges
- [Hack The Box](https://www.hackthebox.com/) - Penetration testing labs
- [HackTheBox Academy](https://academy.hackthebox.com/) - Structured learning paths
- [Cybrary](https://www.cybrary.it) - Free cybersecurity courses
---
## Tips for Success
**Start with Free Resources:**
- Test your interest before investing in paid courses
- Use free platforms like Cybrary, TryHackMe, and YouTube
- Practice with free labs and CTF challenges
**Combine Learning Methods:**
- Video courses for concepts and theory
- Hands-on labs for practical skills
- Practice exams to measure progress
- Community engagement for support
**Follow a Structured Path:**
- Review [Certification Roadmaps](../ROADMAPS/README.md) for career guidance
- Start with foundational certifications (Security+, A+)
- Progress to specialized certifications based on your career goals
- Build hands-on experience with [Projects](../PROJECTS/)
---
[Back to Main Repository](../README.md)

196
RESOURCES/TOOLS.md Normal file
View File

@ -0,0 +1,196 @@
# Cybersecurity Tools
Essential tools for security professionals, organized by category.
## Network Analysis & Monitoring
**Packet Analysis:**
- [Wireshark](https://www.wireshark.org/) - Network protocol analyzer
- [tcpdump](https://www.tcpdump.org/) - Command-line packet analyzer
- [tshark](https://www.wireshark.org/docs/man-pages/tshark.html) - Terminal-based Wireshark
**Network Scanning:**
- [Nmap](https://nmap.org/) - Network discovery and security auditing
- [Masscan](https://github.com/robertdavidgraham/masscan) - Fast port scanner
- [Angry IP Scanner](https://angryip.org/) - Fast network scanner
**Network Monitoring:**
- [ntopng](https://www.ntop.org/) - Network traffic monitoring
- [NetworkMiner](https://www.netresec.com/?page=NetworkMiner) - Network forensic analysis
- [Zeek](https://zeek.org/) - Network security monitor
---
## Vulnerability Assessment
**Vulnerability Scanners:**
- [Nessus](https://www.tenable.com/products/nessus) - Vulnerability scanner
- [OpenVAS](https://www.openvas.org/) - Open-source vulnerability scanner
- [Qualys](https://www.qualys.com/) - Cloud-based vulnerability management
- [Rapid7 Nexpose](https://www.rapid7.com/products/nexpose/) - Vulnerability management
**Web Application Scanners:**
- [Burp Suite](https://portswigger.net/burp) - Web application security testing
- [OWASP ZAP](https://www.zaproxy.org/) - Web app security scanner
- [Nikto](https://cirt.net/Nikto2) - Web server scanner
- [Acunetix](https://www.acunetix.com/) - Automated web vulnerability scanner
**Dependency & Container Scanning:**
- [Snyk](https://snyk.io/) - Developer security platform
- [OWASP Dependency-Check](https://owasp.org/www-project-dependency-check/) - Software composition analysis
- [Trivy](https://github.com/aquasecurity/trivy) - Container vulnerability scanner
- [Clair](https://github.com/quay/clair) - Container static analysis
---
## Penetration Testing
**Exploitation Frameworks:**
- [Metasploit](https://www.metasploit.com/) - Penetration testing framework
- [Cobalt Strike](https://www.cobaltstrike.com/) - Adversary simulation
- [Empire](https://github.com/BC-SECURITY/Empire) - Post-exploitation framework
- [Covenant](https://github.com/cobbr/Covenant) - .NET command and control
**Password Attacks:**
- [Hashcat](https://hashcat.net/hashcat/) - Password recovery
- [John the Ripper](https://www.openwall.com/john/) - Password cracker
- [Hydra](https://github.com/vanhauser-thc/thc-hydra) - Network login cracker
- [Medusa](https://github.com/jmk-foofus/medusa) - Brute force tool
**Wireless Security:**
- [Aircrack-ng](https://www.aircrack-ng.org/) - WiFi security auditing
- [Kismet](https://www.kismetwireless.net/) - Wireless network detector
- [Wifite](https://github.com/derv82/wifite2) - Automated wireless attack tool
---
## Security Information & Event Management (SIEM)
**SIEM Platforms:**
- [Splunk](https://www.splunk.com/) - Data analytics and SIEM
- [ELK Stack](https://www.elastic.co/elastic-stack) - Elasticsearch, Logstash, Kibana
- [QRadar](https://www.ibm.com/qradar) - IBM security intelligence
- [ArcSight](https://www.microfocus.com/en-us/products/siem-security-information-event-management/overview) - Security analytics
**Log Management:**
- [Graylog](https://www.graylog.org/) - Log management
- [Logstash](https://www.elastic.co/logstash) - Data processing pipeline
- [Fluentd](https://www.fluentd.org/) - Unified logging layer
---
## Endpoint Detection & Response (EDR)
**EDR Solutions:**
- [CrowdStrike Falcon](https://www.crowdstrike.com/products/endpoint-security/falcon-platform/) - Cloud-native endpoint protection
- [SentinelOne](https://www.sentinelone.com/) - Autonomous endpoint protection
- [Carbon Black](https://www.vmware.com/products/carbon-black-cloud.html) - Endpoint security
- [Microsoft Defender for Endpoint](https://www.microsoft.com/en-us/security/business/endpoint-security/microsoft-defender-endpoint) - Enterprise endpoint security
**Open-Source EDR:**
- [Wazuh](https://wazuh.com/) - Open-source security platform
- [OSQuery](https://osquery.io/) - SQL-powered operating system instrumentation
- [OSSEC](https://www.ossec.net/) - Host-based intrusion detection
---
## Static & Dynamic Analysis
**Static Application Security Testing (SAST):**
- [SonarQube](https://www.sonarqube.org/) - Code quality and security
- [Checkmarx](https://www.checkmarx.com/) - Application security testing
- [Fortify](https://www.microfocus.com/en-us/products/static-code-analysis-sast/overview) - Static code analyzer
- [Semgrep](https://semgrep.dev/) - Lightweight static analysis
**Dynamic Application Security Testing (DAST):**
- [Burp Suite Pro](https://portswigger.net/burp/pro) - Web vulnerability scanner
- [OWASP ZAP](https://www.zaproxy.org/) - Dynamic security testing
- [Acunetix](https://www.acunetix.com/) - Automated DAST
**Malware Analysis:**
- [Cuckoo Sandbox](https://cuckoosandbox.org/) - Automated malware analysis
- [Any.run](https://any.run/) - Interactive malware sandbox
- [VirusTotal](https://www.virustotal.com/) - File and URL analysis
- [Hybrid Analysis](https://www.hybrid-analysis.com/) - Free malware analysis
---
## Forensics & Incident Response
**Forensic Tools:**
- [Autopsy](https://www.autopsy.com/) - Digital forensics platform
- [Volatility](https://www.volatilityfoundation.org/) - Memory forensics
- [FTK Imager](https://www.exterro.com/ftk-imager) - Forensic imaging
- [EnCase](https://www.opentext.com/products/encase-forensic) - Digital investigation
**Incident Response:**
- [TheHive](https://thehive-project.org/) - Incident response platform
- [GRR Rapid Response](https://github.com/google/grr) - Incident response framework
- [Velociraptor](https://www.velocidex.com/) - Endpoint visibility and collection
---
## Cloud Security
**Cloud Security Tools:**
- [Prowler](https://github.com/prowler-cloud/prowler) - AWS security assessment
- [ScoutSuite](https://github.com/nccgroup/ScoutSuite) - Multi-cloud security auditing
- [CloudSploit](https://github.com/aquasecurity/cloudsploit) - Cloud security configuration scanner
- [Cloud Custodian](https://cloudcustodian.io/) - Cloud security and governance
**Container Security:**
- [Trivy](https://github.com/aquasecurity/trivy) - Container vulnerability scanner
- [Falco](https://falco.org/) - Runtime security monitoring
- [Anchore](https://anchore.com/) - Container analysis and compliance
---
## Threat Intelligence
**Threat Intel Platforms:**
- [MISP](https://www.misp-project.org/) - Threat intelligence sharing
- [OpenCTI](https://www.opencti.io/) - Cyber threat intelligence platform
- [ThreatConnect](https://threatconnect.com/) - Threat intelligence operations
- [Anomali](https://www.anomali.com/) - Threat intelligence management
**Threat Hunting:**
- [Yara](https://virustotal.github.io/yara/) - Pattern matching for malware
- [Sigma](https://github.com/SigmaHQ/sigma) - Generic signature format for SIEM
- [RITA](https://github.com/activecm/rita) - Real intelligence threat analytics
---
## Operating Systems & Distributions
**Security Distributions:**
- [Kali Linux](https://www.kali.org/) - Penetration testing distribution
- [Parrot Security OS](https://www.parrotsec.org/) - Security and privacy-focused
- [BlackArch Linux](https://blackarch.org/) - Penetration testing distribution
**General Operating Systems:**
- [Ubuntu](https://ubuntu.com/) - Popular Linux distribution
- [Red Hat Enterprise Linux](https://www.redhat.com/en) - Enterprise Linux
- [Windows Server](https://www.microsoft.com/en-us/windows-server) - Microsoft server OS
**Virtualization:**
- [Oracle VirtualBox](https://www.oracle.com/virtualization/technologies/vm/downloads/virtualbox-downloads.html) - Virtual machines
- [VMware Workstation](https://www.vmware.com/products/workstation-pro.html) - Virtualization platform
- [Docker](https://www.docker.com/) - Container platform
---
## Development & Collaboration
**Version Control:**
- [GitHub](https://github.com/) - Version control and collaboration
- [GitLab](https://gitlab.com/) - DevOps platform
- [Bitbucket](https://bitbucket.org/) - Git repository management
**CI/CD Security:**
- [GitGuardian](https://www.gitguardian.com/) - Secrets detection
- [TruffleHog](https://github.com/trufflesecurity/trufflehog) - Find credentials in git repos
- [Gitleaks](https://github.com/gitleaks/gitleaks) - Detect hardcoded secrets
---
[Back to Resources](./README.md) | [Back to Main](../README.md)