Learning-Resources/README.md

Project: Knowledge

Overview

Knowledge is a curated collection of resources for learning and exploring various topics in cybersecurity, hacking, and technology. This repository serves as a guide to help you dive into key concepts, frameworks, and methodologies across several domains.

Many resources are inspired by and built upon the foundation of Awesome Cyber Security.

---

Table of Contents

1. Web Hacking
2. Android Security
3. Malware Analysis
4. Bug Bounty
5. Social Engineering
6. Reverse Engineering
7. Binary Exploitation
8. Operating Systems
9. Programming Languages
10. Contributions

---

Web Hacking

Web hacking focuses on exploiting vulnerabilities in web applications, websites, IoT devices, and other web-hosted systems. This field is an essential starting point for aspiring cybersecurity professionals.

Getting Started

1. Learn the basics: Familiarize yourself with core web technologies like HTML, CSS, and JavaScript.
2. Build and break: Create a simple website using technologies like Node.js, Express.js, Prisma (with SQLite), and EJS rendering. Test its security as your first project.

Recommended Topics

• Begin with XSS (Cross-Site Scripting) and SQL Injection.
• Progress to CSRF, RCE, XXE, and SSRF.
• Study browser security concepts like CORS and CSP headers.

Hands-On Practice

• Labs: PortSwigger Academy
• Challenges: Test your skills with web challenges on CTFtime.

Additional Resources

• Awesome Web Security
• Bug Bounty References for real-world case studies and tools.

Books for Beginners

1. RTFM: Red Team Field Manual v2
2. The Web Application Hacker's Handbook
3. The Hacker Playbook 3
4. Bug Bounty Bootcamp

---

Android Security

With the rise of smartphones and IoT devices, Android security has become a critical area of study. Understanding the Android ecosystem and common vulnerabilities can help you secure mobile applications and devices.

Resources

• Mobile Security

---

Malware Analysis

Malware analysis is a vital skill in the fight against cyber threats. It involves dissecting malicious software to understand its behavior, purpose, and impact. Whether detecting ransomware, analyzing advanced persistent threats (APTs), or studying botnets, malware analysis is essential.

Steps in Malware Analysis

1. Static Analysis: Examine the malware without running it.
2. Dynamic Analysis: Observe the malware in action using sandboxes or virtual environments.
3. Behavioral Analysis: Identify system changes, like file creations or network activity.
4. Reverse Engineering: Decompile and analyze the malware's internal logic.

Recommended Tools

• Sandboxing: Cuckoo Sandbox, Any.Run
• Reverse Engineering: IDA Pro, Ghidra
• Static Analysis: PEStudio, Binwalk

Hands-On Activities

• Practical Malware Analysis Labs: Download here
• Honeypots: Capture malware samples with tools like Dionaea.

Books

• Practical malware analysis
• learning malware analysis
• Malware Analyst Cookbook
• Antivirus hackers handbook

Additional Resources

• Malware Unicorn’s Training
• Remnux
• Flare-On

---

Reverse Engineering

Reverse engineering involves dissecting software to understand its design and functionality. Essential for malware analysis and exploit development.

Recommended Tools

• IDA Free
• Ghidra
• Radare2

Hands-On Resources

• Reversing Hero
• Microcorruption

=======

Recommended Books

1. Practical Reverse Engineering

• The IDA Pro Book MISSING

• Implementing Reverse Engineering

• practical Reverse Engineering

• Reverse Engineering for beginners

• Reverse Engineering of object oriented code

• The Ghidra Book

• X86 Software Reverse-Engineering

---

Binary Exploitation

Binary exploitation focuses on finding and leveraging vulnerabilities at the binary level.

Recommended Topics

• Buffer Overflows
• Return-Oriented Programming (ROP)
• Heap Exploitation

Hands-On Resources

• Pwnable.kr
• Pwnable.xyz
• ROP Emporium
• Exploit Education
• pwn.college

---

Operating Systems

Operating systems are foundational for cybersecurity work, especially Linux.

Linux Distributions for Cybersecurity

• Kali Linux: Penetration testing and red teaming.
• Parrot OS: Lightweight alternative to Kali.
• Ubuntu: User-friendly and versatile for general security work.
• Arch Linux: For those who want deep customization.

---

Programming Languages

Knowing programming languages is crucial for automating tasks and developing exploits.

Languages and Resources

1. Python

   • Site: Python
   • Book: Automate the Boring Stuff
   • Libraries: pwntools, scapy, requests
   • Book: Black hat Python
   • Book: Python One-Liners
   • Book: Python crash course
   • Book: Python Tricks
   • Site: W3schools - please learn the basic concepts here if you're starting out!.

2. C/C++

   • Book: The C Programming Language (K&R)
   • site w3schoolss - i recommend starting here
   • Book: Windows Security Internals
   • Book: ComputerScienceOne

3. Rust

   • Site: The Rust Programming Language Book
   • Site: Reverse engineering rustlang
   • Book: Black Hat Rust

4. JavaScript I personally use JS for pretty much anything Web.

   • Docs: Node.js Docs
   • Book: Javascript for hackers
   • Libary / package Prisma Orm
   • Libary / package Express.js Minimalistic web framework

5. Golang

   • BOOK: blackhat Go

---

Contributions

Contributions are welcome! Feel free to open issues or submit pull requests to add valuable resources or enhance existing content.

---

Final Thoughts

This repository is a starting point for exploring diverse fields in cybersecurity. Use the recommended resources to build your skills, and don’t hesitate to seek help or clarification. Good luck on your journey!