awesome-cyber-security/README.md
2024-06-24 15:03:54 +01:00

179 lines
14 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Awesome Cyber Security
A curated list of cyber security resources and tools.
## Awesome lists
* [Awesome Security](https://github.com/sbilly/awesome-security/) - A collection of awesome software, libraries, documents, books, resources and cool stuff about security.
* [Awesome Web Security](https://github.com/qazbnm456/awesome-web-security) - A curated list of Web Security materials and resources for learning cutting edge penetration techniques.
* [Awesome Machine Learning for Cyber Security](https://github.com/jivoi/awesome-ml-for-cybersecurity) - A curated list of amazingly awesome tools and resources related to the use of machine learning for cyber security.
* [awesome-web-hacking](https://github.com/infoslack/awesome-web-hacking) - This list is for anyone wishing to learn about web application security but do not have a starting point.
* [awesome-mobile-security](https://github.com/vaib25vicky/awesome-mobile-security) - Maintained by @vaib25vicky with contributions from the security and developer communities.
* [awesome-threat-intelligence](https://github.com/hslatman/awesome-threat-intelligence) - A curated list of awesome Threat Intelligence resources.
* [awesome-security-hardening](https://github.com/decalage2/awesome-security-hardening) - collection of awesome security hardening guides, best practices, checklists, benchmarks, tools and other resources.
* [Awesome Cyber Security](https://github.com/fabionoth/awesome-cyber-security) - A collection of awesome software, libraries, documents, books, resources and cool stuff about security.
* [Awesome Malware Analysis](https://github.com/rshipp/awesome-malware-analysis) - A curated list of awesome malware analysis tools and resources.
## Threat databases and alerts
* [ATT&CK](https://attack.mitre.org/) - ATT&CK is a knowledge base of cyber adversary behavior and taxonomy for adversarial actions across their lifecycle. ATT&CK has two parts: ATT&CK for Enterprise, which covers behavior against enterprise IT networks and cloud, and ATT&CK for Mobile, which focuses on behavior against mobile devices.
* [NHS Digital Cyber Alerts](https://digital.nhs.uk/cyber-alerts) - We issue cyber security alert notifications to health and care organisations, ranging from weekly threat bulletins to immediate high-severity alerts.
* [cve-search](https://cve.circl.lu/) - cve-search is accessible via a web interface and an HTTP API. cve-search is an interface to search publicly known information from security vulnerabilities in software and hardware along with their corresponding exposures.
* [VULDB](https://vuldb.com/?) - Number one vulnerability database documenting and explaining security vulnerabilities, threats, and exploits since 1970.
* [The Exploit Database](https://www.exploit-db.com/) - The Exploit Database is maintained by Offensive Security, an information security training company that provides various Information Security Certifications as well as high end penetration testing services.
* [0day.today](https://en.0day.today/) - 0day.today - Biggest Exploits Database and 0day market - The Underground, is one of the world's most popular and comprehensive computer security web sites.
* [RAPID7](https://www.rapid7.com/db/) - A curated repository of vetted computer software exploits and exploitable vulnerabilities.
* [National Vulnerability Database](https://nvd.nist.gov/vuln/search) - The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP).
* [CXSecurity](https://cxsecurity.com/exploit/) - (WLB2) World Laboratory of Bugtraq is a huge collection of information on data communications safety. Its main objective is to inform about errors in various applications.
* [China National Vulnerability Database (CNNVD)](http://www.cnnvd.org.cn/) - Chinese government-run vulnerability database analoguous to the United Statess CVE database hosted by Mitre Corporation.
* [Vulnerability Assessment Platform](https://vulners.com/) - Largest correlated database of vulnerabilities and exploits
* [GitHub Advisory Database](https://github.com/advisories/) - The latest security vulnerabilities from the world of open source software.
* [OSV](https://osv.dev/) - OSV is a vulnerability database and triage infrastructure for open source projects aimed at helping both open source maintainers and consumers of open source.
* [Snyk Vulnerability DB](https://snyk.io/vuln/) - Detailed information and remediation guidance for known vulnerabilities.
* [Vulnerability Notes Database](https://www.kb.cert.org/vuls/) - The Vulnerability Notes Database provides information about software vulnerabilities. Vulnerability notes include summaries, technical details, remediation information, and lists of affected vendors.
* [Intelligence X](https://intelx.io/) - Intelligence X is a search engine and data archive. The company is based in Prague, Czech Republic. Its mission is to develop and maintain the search engine and data archive.
* [Stellastra TLS Cipher Suite Database](https://stellastra.com/cipher-suite) - List of hundreds of TLS cipher suites alongside their security rating and vulnerability/deprecation status.
## Security advice and guidance
* [The National Cyber Security Centre](https://www.ncsc.gov.uk/section/advice-guidance/all-topics) - Helping to make the UK the safest place to live and work online.
* [End user device (EUD) security guidance](https://www.ncsc.gov.uk/collection/end-user-device-security/) - Guidance for organisations deploying a range of end user device platforms as part of a remote working solution
* [Políticas de seguridad para la pyme](https://www.incibe.es/protege-tu-empresa/herramientas/politicas) - Para ayudar a la pyme a poner en marcha los procesos internos con los que mejorar su ciberseguridad presentamos una serie de documentos que hemos denominado como «políticas de seguridad».
## Lits of cyber security resources
* [50+ Cybersecurity Resources](https://darkcubed.com/cybersecurity-resources) - Dark Cubeds cybersecurity resources page provides links to dozens of 100% free resources you can use for your own business or for your customers.
* [SANS](https://www.sans.org/security-resources/) - The most trusted source for cyber security training, certification, and research.
* [The Uber List of Cybersecurity Resources](https://www.cyberdegrees.org/resources/the-big-list/) - Weve subtitled this list: “Everything you want to know about cyber security and are too tired to search for.” Whatever you may be interested in — from DEF CON to SANS — you will find on this page.
* [Cybersecurity resource center](https://cybersecurityguide.org/resources/) - This guide is intended to provide actionable resources for everyone looking to learn more about the field.
* [US Homeland Security - Cybersecurity Resources](https://www.dhs.gov/science-and-technology/cybersecurity-resources) - DHS Science and Technology Directorate (S&T) published documents and other cybersecurity references and links can be found on this page.
* [Cyber Security Education](https://www.cybersecurityeducation.org/resources/) - This page is devoted to helping cyber security experts find the resources they need to grow and thrive.
* [NATIONAL INITIATIVE FOR CYBERSECURITY CAREERS AND STUDIES](https://niccs.cisa.gov/workforce-development/cybersecurity-resources) - The premier online resource for cybersecurity training. NICCS connects Government employees, students, educators, and industry with cybersecurity training providers throughout the Nation.
* [25 Free Cybersecurity Resources, Courses, and Tools](https://www.springboard.com/blog/cybersecurity/free-cybersecurity-resources/) - A plethora of free cybersecurity courses and resources on all topics related to the field.
* [Top Cybersecurity Sites and Blogs](https://www.purdueglobal.edu/blog/information-technology/cybersecurity-industry-resources/) - Here are some of the best top cybersecurity blogs and sites.
* [Cybersecurity Related Websites](https://www.csiac.org/resources/cybersecurity-related-websites/) - The listing of related sites provide additional sources to pursue the topic of Cybersecurity. The sites include Government organizations, including federal agencies, Department of Defense and military service agencies, commercial organizations, and academic institutions.
* [COMPUTER SECURITY RESOURCE CENTER](https://csrc.nist.gov/) - For 20 years, the Computer Security Resource Center (CSRC) has provided access to NIST's cybersecurity- and information security-related projects, publications, news and events. CSRC supports stakeholders in government, industry and academia—both in the U.S. and internationally.
* [Secureworks Resources & Research](https://www.secureworks.com/resources) - Cybersecurity thought leadership resources & Counter Threat Unit™ research.
* [IEEE](https://innovationatwork.ieee.org/cyber-security/) - IEEE is the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity.
* [The best resources to learn cybersecurity online in 2021](https://www.mygreatlearning.com/blog/the-best-resources-to-learn-cybersecurity-online/) - his list of free and paid cybersecurity resources, courses, books, blogs, tools and cheat codes will help both freshers and professionals to stay updated.
* [Sifma Cybersecurity Resources](https://www.sifma.org/resources/cybersecurity-resources/) - Here are resources for the financial industry to address critical cyber threats and improve the industrys overall cybersecurity.
* [Internet Safety 101SM](https://internetsafety101.org/CyberSecurityResources) - Internet Safety 101SM is a digitally-based internet safety resource designed to educate, equip and empower parents, educators and other adults with the knowledge and resources needed to protect children from Internet dangers including pornography, predators, cyberbullies and threats related to online gaming, social networking and mobile devices.
* [Security Acronyms](https://github.com/cloudsecurelab/security-acronyms) - Curated list of security related acronyms and terms.
* [vnaya - Cybersecurity For Your Kids](https://www.vnaya.com/these-top-educational-cyber-security-resources-will-help-your-kids-to-stay-safe-from-cyber-crime/) - These Top Educational Cyber Security Resources Will Help Your Kids To Stay Safe From Cyber Crime.
## Must Read
- [RTFM: Red Team Field Manual v2](https://amzn.to/3IZXVj2) by Ben Clark, Nick Downer
- [The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws](https://amzn.to/3F5H9xT) by Dafydd Stuttard, and Marcus Pinto
- [The Hacker Playbook 3: Practical Guide To Penetration Testing](https://amzn.to/3mwdDLt) by Peter Kim
- [Bug Bounty Bootcamp](https://amzn.to/3l1a8fn) by Vickie Li
- [Black Hat Python](https://amzn.to/3T3a4Zd) by Justin Seitz and Tim Arnold
- [Black Hat Go](https://amzn.to/3mvzh2f) by Tom Steele, Chris Patten, and Dan Kottmann
## Fundamental Books
- [Ethical Hacking](https://amzn.to/41TLu12) by Daniel G. Graham
- [Foundations of Information Security](https://amzn.to/41VOPga) by Jason Andress
- [Penetration Testing](https://amzn.to/3mweg7N) by Georgia Weidman
- [Metasploit](https://amzn.to/3Zq362M) by David Kennedy, Jim OGorman, Devon Kearns, and Mati Aharoni
- [The Tangled Web: A Guide to Securing Modern Web Applications](https://amzn.to/3yhgv14) by Michal Zalewski
## Web Hacking & Bug Bounty
- [Hacking APIs](https://amzn.to/3F3M1Dw) by Corey Ball
- [Real-World Bug Hunting](https://amzn.to/3ZLqc3F) by Peter Yaworski
## Platforms to learn cyber security
- [TryHackMe](https://tryhackme.com)
- [Hackthebox](https://hackthebox.com)
- [Blueteamlabs](https://blueteamlabs.online)
- [overthewire](https://overthewire.org)
- [cyberdefenders](https://cyberdefenders.org)
- the xss rat
- [ine](https://ine.com)
- [Cybersecurity roadmap](https://roadmap.sh/cyber-security)
- [Cybrary](https://www.cybrary.it)
- [PortSwigger](https://portswigger.net/web-security)
- [Vulnhub](https://www.vulnhub.com)
- [root-me](https://www.root-me.org)
- [picoctf](https://picoctf.org)
- pwntilldawn0
- [hackthissite](https://www.hackthissite.org)
- hackforums
- ctf az
- [TCM academy](https://academy.tcm-sec.com/)
- [Hacking Articles - Raj Chandel's Blog](https://www.hackingarticles.in/)
- [Active Directory Security](https://adsecurity.org/)
- [HackTricks](https://book.hacktricks.xyz/welcome/readme)
- hadess.io
- [Home | RedTeamRecipe](https://redteamrecipe.com/)
- [PentesterLab](https://pentesterlab.com/)
- [LetsDefend](https://letsdefend.io/)
- [SECURITY BLUE TEAM](https://securityblue.team/training/)
- [The Red Canary Blog](https://redcanary.com/blog/)
- [Explore Atomic Red Team](https://atomicredteam.io/)
- [Projectdiscovery.io](https://chaos.projectdiscovery.io/#/)
- [BugBountyHunting.com](https://www.bugbountyhunting.com/)
- [Bug Bounty Guide](https://bugbountyguide.org/)
- [Pentester Land](https://pentester.land/)
- [isc2](https://www.isc2.org)
- [vulnmachines](https://www.vulnmachines.com/)
- [Purple Academy | picussecurity.com](https://academy.picussecurity.com/start)
- [OPSWAT Academy](https://learn.opswatacademy.com/certifications)
- [APIsec University](https://www.apisecuniversity.com/)
- [HackerSploit](https://hackersploit.org/)
- [Practical DevSecOps](https://www.practical-devsecops.com/)
- [Tracelabs](https://www.tracelabs.org/)
- [Hacksplaining](https://www.hacksplaining.com)
- [DarkRelay Security Labs](https://www.darkrelay.com)
## Certifications
- [Security Certification Roadmap - Paul Jerimy Media](https://pauljerimy.com/security-certification-roadmap/)
## Contributions welcome
If you wish to contribute to this list, just fork, make your changes and send me a pull request, I'll be happy to review all of your suggestions :)
## Check out also
* [Awesome Storage](https://github.com/okhosting/awesome-storage/) - A curated list of storage open source tools. Backups, redundancy, sharing, distribution, encryption, etc.