Just a list of resources on different subjects.
Go to file
2024-12-17 22:24:50 +00:00
README.md Update README.md 2024-12-17 22:24:50 +00:00

Project: Knowledge

Overview

Knowledge is a curated collection of resources for learning and exploring various topics in cybersecurity, hacking, and technology. This repository serves as a guide to help you dive into key concepts, frameworks, and methodologies across several domains.

Many resources are inspired by and built upon the foundation of Awesome Cyber Security.


Table of Contents

  1. Web Hacking
  2. Android Security
  3. Malware Analysis
  4. Bug Bounty
  5. Social Engineering
  6. Reverse Engineering

Web Hacking

Web hacking focuses on exploiting vulnerabilities in web applications, websites, IoT devices, and other web-hosted systems. This field is an essential starting point for aspiring cybersecurity professionals.

Getting Started

  1. Learn the basics: Familiarize yourself with core web technologies like HTML, CSS, and JavaScript.
  2. Build and break: Create a simple website using technologies like Node.js, Express.js, Prisma (with SQLite), and EJS rendering. Test its security as your first project.
  • Begin with XSS (Cross-Site Scripting) and SQL Injection.
  • Progress to CSRF, RCE, XXE, and SSRF.
  • Study browser security concepts like CORS and CSP headers.

Hands-On Practice

Additional Resources

Books for Beginners

  1. RTFM: Red Team Field Manual v2
  2. The Web Application Hacker's Handbook
  3. The Hacker Playbook 3
  4. Bug Bounty Bootcamp

Android Security

With the rise of smartphones and IoT devices, Android security has become a critical area of study. Understanding the Android ecosystem and common vulnerabilities can help you secure mobile applications and devices.

Resources


Malware Analysis

Malware analysis is a vital skill in the fight against cyber threats. It involves dissecting malicious software to understand its behavior, purpose, and impact. Whether youre detecting ransomware, analyzing advanced persistent threats (APTs), or studying botnets, malware analysis is an essential discipline for cybersecurity professionals.

Steps in Malware Analysis

  1. Static Analysis: Examine the malware without running it. This includes inspecting file metadata, strings, and disassembling code.
  2. Dynamic Analysis: Observe the malware in action by running it in a controlled sandbox or virtual environment.
  3. Behavioral Analysis: Identify the changes the malware makes, such as file creation, registry modification, or network connections.
  4. Reverse Engineering: Use tools like IDA Pro, Ghidra, or Radare2 to decompile and understand the malware's inner workings.

Essential Resources

  1. Awesome malware analysis - git list like this one but only with malware resources
  2. Malware Unicorns Training - Excellent workshops and guides for malware analysis.
  3. Practical Malware Analysis Labs - Hands-on exercises to practice analysis.
  4. Remnux - A Linux distribution specifically tailored for malware analysis.
  5. Flare-On - A reverse engineering CTF designed for malware analysts.

Further Reading

Hands-On Activities

  • Set up a virtual lab using VMware or VirtualBox with tools like FLARE VM.
  • Use honeypots like Dionaea to capture malware samples.
  • Practice capturing network traffic from malicious executables using Wireshark.

Bug Bounty

Bug bounty programs offer ethical hackers a chance to find and report vulnerabilities in return for rewards. Its an excellent way to test your skills in real-world scenarios.

Resources


Social Engineering

Social engineering exploits human psychology to gain unauthorized access or gather sensitive information. It remains one of the most effective attack vectors in cybersecurity.

Types of Social Engineering Attacks

  1. Phishing: Sending fake emails to trick users into revealing sensitive information.
  2. Spear Phishing: Highly targeted phishing aimed at specific individuals or organizations.
  3. Pretexting: Creating a fabricated scenario to manipulate victims into divulging information.
  4. Baiting: Using physical or digital bait, like infected USB drives, to trick users.
  5. Tailgating: Gaining access to secure areas by following authorized personnel.

Practical Tips to Avoid Social Engineering

  1. Train employees to recognize phishing attempts.
  2. Verify the identity of individuals before sharing sensitive information.
  3. Use multifactor authentication to secure accounts.
  4. Monitor for unusual activity, such as unauthorized login attempts.

Further Reading

  1. Social Engineering: The Science of Human Hacking by Christopher Hadnagy MISSING
  2. Social Engineering Framework - Comprehensive resource for understanding social engineering tactics.
  3. The Psychology of Information Security MISSING - Learn about human factors in cybersecurity.

Hands-On Activities

  • Conduct phishing campaigns in a controlled environment using Gophish.
  • Practice OSINT techniques with tools like Sherlock.
  • Participate in social engineering CTFs to test your skills.

Reverse Engineering

Reverse engineering involves analyzing software or hardware to understand its design and behavior. This skill is essential for malware analysis, vulnerability research, and exploit development.

  1. Practical Reverse Engineering
  2. The IDA Pro Book MISSING
  3. GhidraBook

Contributions

Contributions are welcome! Feel free to open issues or submit pull requests to add valuable resources or enhance existing content.


Final Thoughts

This repository is a starting point for exploring diverse fields in cybersecurity. Use the recommended resources to build your skills, and dont hesitate to seek help or clarification. Good luck on your journey!