190 lines
11 KiB
Markdown
190 lines
11 KiB
Markdown
# Project: Knowledge
|
||
|
||
### Overview
|
||
**Knowledge** is a curated collection of resources for learning and exploring various topics in cybersecurity, hacking, and technology. This repository serves as a guide to help you dive into key concepts, frameworks, and methodologies across several domains.
|
||
|
||
Many resources are inspired by and built upon the foundation of [Awesome Cyber Security](https://theredteam.tech/ch0ic3/awesome-cyber-security).
|
||
|
||
---
|
||
|
||
## Table of Contents
|
||
1. [Web Hacking](#web-hacking)
|
||
2. [Android Security](#android-security)
|
||
3. [Malware Analysis](#malware-analysis)
|
||
4. [Bug Bounty](#bug-bounty)
|
||
5. [Social Engineering](#social-engineering)
|
||
6. [Reverse Engineering](#reverse-engineering)
|
||
7. [Binary Exploitation](#binary-exploitation)
|
||
8. [Operating Systems](#operating-systems)
|
||
9. [Programming Languages](#programming-languages)
|
||
10. [Contributions](#contributions)
|
||
|
||
---
|
||
|
||
## Web Hacking
|
||
Web hacking focuses on exploiting vulnerabilities in web applications, websites, IoT devices, and other web-hosted systems. This field is an essential starting point for aspiring cybersecurity professionals.
|
||
|
||
### **Getting Started**
|
||
1. **Learn the basics**: Familiarize yourself with core web technologies like HTML, CSS, and JavaScript.
|
||
2. **Build and break**: Create a simple website using technologies like Node.js, Express.js, Prisma (with SQLite), and EJS rendering. Test its security as your first project.
|
||
|
||
### **Recommended Topics**
|
||
- Begin with **XSS (Cross-Site Scripting)** and **SQL Injection**.
|
||
- Progress to **CSRF**, **RCE**, **XXE**, and **SSRF**.
|
||
- Study browser security concepts like **CORS** and **CSP headers**.
|
||
|
||
### **Hands-On Practice**
|
||
- Labs: [PortSwigger Academy](https://portswigger.net/web-security)
|
||
- Challenges: Test your skills with web challenges on [CTFtime](https://ctftime.org).
|
||
|
||
### **Additional Resources**
|
||
- [Awesome Web Security](https://theredteam.tech/ch0ic3/awesome-web-security)
|
||
- [Bug Bounty References](https://theredteam.tech/ch0ic3/bug-bounty-reference) for real-world case studies and tools.
|
||
|
||
### **Books for Beginners**
|
||
1. [RTFM: Red Team Field Manual v2](https://theredteam.tech/ch0ic3/My-Books/src/branch/main/Red%20team%20field%20manual%20v2.pdf)
|
||
2. [The Web Application Hacker's Handbook](https://theredteam.tech/ch0ic3/My-Books/src/branch/main/The%20web%20application%20hacker%27s%20handbook.pdf)
|
||
3. [The Hacker Playbook 3](https://theredteam.tech/ch0ic3/My-Books/src/branch/main/The%20Hacker%20Playbook%203%20Practical%20Guide%20to%20Penetration%20Testing%20%28Peter%20Kim%29.pdf)
|
||
4. [Bug Bounty Bootcamp](https://theredteam.tech/ch0ic3/My-Books/src/branch/main/Bug%20Bounty%20Bootcamp%20The%20Guide%20to%20Finding%20and%20Reporting%20Web%20Vulnerabilities%20%28Vickie%20Li%29.pdf)
|
||
|
||
---
|
||
|
||
## Android Security
|
||
With the rise of smartphones and IoT devices, Android security has become a critical area of study. Understanding the Android ecosystem and common vulnerabilities can help you secure mobile applications and devices.
|
||
|
||
### **Resources**
|
||
- [Mobile Security](https://theredteam.tech/ch0ic3/awesome-mobile-security)
|
||
|
||
---
|
||
|
||
## Malware Analysis
|
||
Malware analysis is a vital skill in the fight against cyber threats. It involves dissecting malicious software to understand its behavior, purpose, and impact. Whether detecting ransomware, analyzing advanced persistent threats (APTs), or studying botnets, malware analysis is essential.
|
||
|
||
### **Steps in Malware Analysis**
|
||
1. **Static Analysis**: Examine the malware without running it.
|
||
2. **Dynamic Analysis**: Observe the malware in action using sandboxes or virtual environments.
|
||
3. **Behavioral Analysis**: Identify system changes, like file creations or network activity.
|
||
4. **Reverse Engineering**: Decompile and analyze the malware's internal logic.
|
||
|
||
### **Recommended Tools**
|
||
- **Sandboxing**: [Cuckoo Sandbox](https://cuckoosandbox.org), [Any.Run](https://any.run)
|
||
- **Reverse Engineering**: [IDA Pro](https://hex-rays.com/ida-pro/), [Ghidra](https://ghidra-sre.org/)
|
||
- **Static Analysis**: [PEStudio](https://www.winitor.com/), [Binwalk](https://github.com/ReFirmLabs/binwalk)
|
||
|
||
### **Hands-On Activities**
|
||
- Practical Malware Analysis Labs: [Download here](http://practicalmalwareanalysis.com/labs/)
|
||
- Honeypots: Capture malware samples with tools like [Dionaea](https://github.com/DinoTools/dionaea).
|
||
|
||
### **Books**
|
||
- [Practical malware analysis](https://theredteam.tech/ch0ic3/My-Books/src/branch/main/Practical%20Malware%20Analysis.pdf)
|
||
- [learning malware analysis](https://theredteam.tech/ch0ic3/My-Books/src/branch/main/Learning%20Malware%20Analysis%20Explore%20the%20concepts%2C%20tools%2C%20and%20techniques%20to%20analyze%20and%20investigate%20Windows%20malware%20%28Monnappa%20K%20A%29.pdf)
|
||
- [Malware Analyst Cookbook](https://theredteam.tech/ch0ic3/My-Books/src/branch/main/Malware%20Analyst%27s%20Cookbook.pdf)
|
||
- [Antivirus hackers handbook](https://theredteam.tech/ch0ic3/My-Books/src/branch/main/Antivirus%20hackers%20handbook.pdf)
|
||
|
||
### **Additional Resources**
|
||
- [Malware Unicorn’s Training](https://malwareunicorn.org/#/workshops)
|
||
- [Remnux](https://remnux.org/)
|
||
- [Flare-On](https://www.fireeye.com/services/freeware/flare-on.html)
|
||
|
||
---
|
||
|
||
## Reverse Engineering
|
||
Reverse engineering involves dissecting software to understand its design and functionality. Essential for malware analysis and exploit development.
|
||
|
||
|
||
### **Recommended Tools**
|
||
- [IDA Free](https://hex-rays.com/ida-free/)
|
||
- [Ghidra](https://ghidra-sre.org/)
|
||
- [Radare2](https://rada.re/n/)
|
||
|
||
### **Hands-On Resources**
|
||
- [Reversing Hero](https://reversinghero.com)
|
||
- [Microcorruption](https://microcorruption.com)
|
||
|
||
=======
|
||
### **Recommended Books**
|
||
1. [Practical Reverse Engineering](https://theredteam.tech/ch0ic3/My-Books/src/branch/main/Practical%20Reverse%20Engineering%20x86%2C%20x64%2C%20ARM%2C%20Windows%20Kernel%2C%20Reversing%20Tools%2C%20and%20Obfuscation%20%28Bruce%20Dang%2C%20Alexandre%20Gazet%2C%20Elias%20Bachaalany%29.pdf)
|
||
- [The IDA Pro Book MISSING]()
|
||
|
||
- [Implementing Reverse Engineering](https://theredteam.tech/ch0ic3/My-Books/src/branch/main/Implementing%20Reverse%20Engineering%20The%20Real%20Practice%20of%20X86%20Internals%2C%20Code%20Calling%20Conventions%2C%20Ransomware%20Decryption%2C...%20%28Jitender%20Narula%29.pdf)
|
||
- [practical Reverse Engineering](https://theredteam.tech/ch0ic3/My-Books/src/branch/main/Practical%20reverse%20engineering%20x86%2C%20x64%2C%20ARM%2C%20Windows%20Kernel%2C%20reversing%20tools%2C%20and%20obfuscation%20%28Bruce%20Dang%2C%20Alexandre%20Gazet%2C%20Elias%20Bachaalany%20etc.%29%20%28Z-Library%29.pdf)
|
||
- [Reverse Engineering for beginners](https://theredteam.tech/ch0ic3/My-Books/src/branch/main/Reverse%20Engineering%20for%20Beginners%28Understanding%20Assembly%20Language%29%20%28Dennis%20Yurichev%29%20%28Z-Library%29.pdf)
|
||
- [Reverse Engineering of object oriented code](https://theredteam.tech/ch0ic3/My-Books/src/branch/main/Reverse%20Engineering%20of%20Object%20Oriented%20Code%20%28Paolo%20Tonella%2C%20Alessandra%20Potrich%29%20%28Z-Library%29.pdf)
|
||
- [The Ghidra Book](https://theredteam.tech/ch0ic3/My-Books/src/branch/main/theghidrabook.pdf)
|
||
- [X86 Software Reverse-Engineering](https://theredteam.tech/ch0ic3/My-Books/src/branch/main/x86%20Software%20Reverse-Engineering%2C%20Cracking%20-%20Stephanie%20Domas.pdf)
|
||
|
||
---
|
||
|
||
## Binary Exploitation
|
||
Binary exploitation focuses on finding and leveraging vulnerabilities at the binary level.
|
||
|
||
### **Recommended Topics**
|
||
- Buffer Overflows
|
||
- Return-Oriented Programming (ROP)
|
||
- Heap Exploitation
|
||
|
||
### **Hands-On Resources**
|
||
- [Pwnable.kr](http://pwnable.kr)
|
||
- [Pwnable.xyz](https://pwnable.xyz)
|
||
- [ROP Emporium](https://ropemporium.com)
|
||
- [Exploit Education](https://exploit.education/)
|
||
- [pwn.college](https://pwn.college)
|
||
|
||
---
|
||
|
||
## Operating Systems
|
||
Operating systems are foundational for cybersecurity work, especially Linux.
|
||
|
||
### **Linux Distributions for Cybersecurity**
|
||
- **Kali Linux**: Penetration testing and red teaming.
|
||
- **Parrot OS**: Lightweight alternative to Kali.
|
||
- **Ubuntu**: User-friendly and versatile for general security work.
|
||
- **Arch Linux**: For those who want deep customization.
|
||
|
||
---
|
||
|
||
## Programming Languages
|
||
Knowing programming languages is crucial for automating tasks and developing exploits.
|
||
|
||
### **Languages and Resources**
|
||
1. **Python**
|
||
- Site: [Python](https://www.python.org/)
|
||
- Book: [Automate the Boring Stuff](https://theredteam.tech/ch0ic3/My-Books/src/branch/main/Automate%20the%20Boring%20Stuff%20with%20Python.pdf)
|
||
- Libraries: `pwntools`, `scapy`, `requests`
|
||
- Book: [Black hat Python](https://theredteam.tech/ch0ic3/My-Books/src/branch/main/black%20hat%20python.pdf)
|
||
- Book: [Python One-Liners](https://theredteam.tech/ch0ic3/My-Books/src/branch/main/Python%20One-Liners%20-%20Write%20Concise%2C%20Eloquent%20Python%20Like%20a%20Professional.pdf)
|
||
- Book: [Python crash course](https://theredteam.tech/ch0ic3/My-Books/src/branch/main/Python%20Crash%20Course%20A%20Hands-On%2C%20Project-Based%20Introduction%20to%20Programming%20%28Eric%20Matthes%29%20%28Z-Library%29.pdf)
|
||
- Book: [Python Tricks](https://theredteam.tech/ch0ic3/My-Books/src/branch/main/Python%20Tricks%20-%20A%20Buffet%20of%20Awesome%20Python%20Features%20%28Dan%20Bader%29%20%28Z-Library%29.pdf)
|
||
- Site: [W3schools](https://www.w3schools.com/python/) - please learn the basic concepts here if you're starting out!.
|
||
|
||
2. **C/C++**
|
||
- Book: [The C Programming Language (K&R)](https://theredteam.tech/ch0ic3/My-Books/src/branch/main/The%20C%20Programming%20Language%20%28Brian%20Kernighan%20and%20Dennis%20Ritchie%29%20%28Z-Library%29.pdf)
|
||
- site [w3schoolss](https://www.w3schools.com/c/index.php) - i recommend starting here
|
||
- Book: [Windows Security Internals](https://theredteam.tech/ch0ic3/My-Books/src/branch/main/Windows%20Security%20Internals%20%28James%20Forshaw%29.pdf)
|
||
- Book: [ComputerScienceOne](https://theredteam.tech/ch0ic3/My-Books/src/branch/main/ComputerScienceOne.pdf)
|
||
|
||
3. **Rust**
|
||
- Site: [The Rust Programming Language Book](https://doc.rust-lang.org/book/)
|
||
- Site: [Reverse engineering rustlang](https://brightprogrammer.netlify.app/post/reverse-engineering-rustlang-binaries-0x1-empty-program/)
|
||
- Book: [Black Hat Rust](https://theredteam.tech/ch0ic3/My-Books/src/branch/main/Black%20Hat%20Rust%20Deep%20dive%20into%20offensive%20security%20with%20the%20Rust%20programming%20language%20%28Sylvain%20Kerkour%29.pdf)
|
||
|
||
4. **JavaScript**
|
||
I personally use JS for pretty much anything Web.
|
||
- Docs: [Node.js Docs](https://nodejs.org/docs/latest/api/)
|
||
- Book: [Javascript for hackers](https://theredteam.tech/ch0ic3/My-Books/src/branch/main/Gareth_Heyes_-_JavaScript_for_hackers_Learn_to_think_like_a_hacker_2022.pdf)
|
||
- Libary / package [Prisma Orm](https://www.prisma.io/)
|
||
- Libary / package [Express.js Minimalistic web framework](https://expressjs.com/)
|
||
|
||
5. **Golang**
|
||
- BOOK: [blackhat Go](https://theredteam.tech/ch0ic3/My-Books/src/branch/main/blackhatgo.pdf)
|
||
|
||
---
|
||
|
||
## Contributions
|
||
Contributions are welcome! Feel free to open issues or submit pull requests to add valuable resources or enhance existing content.
|
||
|
||
---
|
||
|
||
### Final Thoughts
|
||
This repository is a starting point for exploring diverse fields in cybersecurity. Use the recommended resources to build your skills, and don’t hesitate to seek help or clarification. Good luck on your journey!
|