🔐
SecWiki
  • Home
  • General
    • Interesting Links
      • Curriculum
    • Pentest Labs, Wargames Sites
      • How To Vulnhub with VirtualBox
  • Network Pentest
    • Courses
      • TCM - Zero to Hero
        • Week 1: Setup
          • ipsweep.sh
        • Week 2: Python 101
          • python101.py
          • bof.py
        • Week 3: Python 102
          • python102.py
          • scanner.py
        • Week 4: Passive OSINT
        • Week 5: Scanning Tools & Tactics
          • nmap
          • Nessus
          • msfconsole
        • Week 6: Enumeration
        • Week 7: Exploitation, Shells, and Some Credential Stuffing
        • Week 8: LLMNR/NBT-NS Poisoning
        • Week 9: NTLM
        • Week 10: MS17-010, GPP/cPasswords, and Kerberoasting
        • Week 11: File Transfers, Pivoting, Reporting
        • Commands
      • Penetration Testing Student (PTS)
      • OSCP Study
    • Recon
      • OSINT
    • Enumeration
      • Samba Shares
      • ProFtpd
    • Gaining Access
      • Reverse Shells
    • Privilege Escalation
      • Meterpreter
      • Spawning a TTY Shell
      • Reverse Shell Cheat Sheet
      • Cracking Hashes
      • Restricted Linux Shell Escape
      • Linux Privilege Escalation
        • lxd
        • sytemctl
      • Windows Privilege Escalation
        • Active Directory
          • What is AD?
        • User Enumeration
    • Post Exploitation
      • Cleanup
      • Maintaining Access
      • Pivoting
      • File Transfers
      • Covering Tracks
    • Vulnerabilities Checklist
    • Report Writing
  • Web App Pentest
    • Tools
      • Burp Suite
      • THC-Hydra BruteForce
    • Injection
      • SQL Injection
    • Broken Authentication
    • Sensitive Data Exposure
      • SQLite3
    • XML External Entity
      • XML Background
      • XPath Injection
    • Broken Access Control
    • Security Misconfiguration
    • Upload/Download
      • Download Bypass: Poison Null Byte
    • XSS
      • DOMXSS
      • Persistent XSS
      • Reflected (Client-side) XSS
      • Data URLs
    • Insecure Deserialization
    • Components with Known Vulnerabilities
    • Insufficient Logging and Monitoring
    • Server-Side Request Forgery (SSRF)
  • CTF
    • Intro to CTF
    • Forensics
      • Challenges
    • Steganography
    • Reverse Engineering
    • Tools
  • Network Security
    • Courses
      • Sec+
      • IBM Cybersecurity Analyst Professional Certificate
      • ISCI CNSS Course
        • Introduction to Network Security
          • Network Basics
          • Basic Network Utilities
          • The OSI Model
          • Threat Classification
          • Security Terminology
          • Approaches of Network Security
          • Law and Network Security
        • Types of Attacks
          • Denial of Service Attacks
          • Buffer Overflow Attacks
          • IP Spoofing
          • Session Hijacking
        • Fundamentals of Firewalls
          • What is a Firewall
          • Firewall Types
          • Firewall Implementation
          • Proxy Servers
          • Windows Firewalls
          • Linux Firewalls
        • Intrusion-Detection Systems
          • IDS Concepts
          • Components and Processes of IDS
          • Implementing IDS
          • Honeypots
        • Fundamentals of Encryption
          • The History of Encryption
          • Modern Encryption Methods
          • Windows and Linux Encryption
          • Hashing
          • Cracking Passwords
        • Virtual Private Networks (VPN)
          • Introduction to VPN
          • VPN Protocols
          • IPSec
          • SSL/TLS
          • VPN Solutions
        • Operating System Hardening
          • Configuring Windows
          • Configuring Linux
          • Operating System Patches
        • Virus Attacks and How to Defend
          • Virus Types and Attacks
          • Virus Scanners
          • Antivirus
          • Virus Infection and Identification
          • Trojan Horses
          • Spyware or Adware
        • Security Policies
          • User Policies Definition
          • System Administration Policies
          • Access Control
        • Assessing System Security
          • Risk Assessment
          • Conducting an Initial Assessment
          • Probing the Network
          • Vulnerabilities
          • Documenting Security
        • Security Standards
          • ISO Standards
          • NIST Standards
          • General Data Protection Regulation (GDPR)
          • PCI DSS
        • Physical Security and Recovery
          • Physical Security
          • Disaster Recovery
          • Fault Tolerance
        • Attackers Techniques
          • Hacking Preparation
          • The Attack Phase
          • Hacking Wi-Fi
    • The Web
    • The OSI Model
    • Malware Traffic Analysis with Wireshark
  • Digital Forensics
    • Autopsy - open-source digital forensics platform
  • Exploit Dev/Analysis
    • Code Review
      • Tools
    • Buffer Overflows
    • Static Analysis
      • Antivirus Scanning
      • Hashing
      • File strings
      • Packed and Obfuscated Malware
        • Demo: UPX
      • Portable Executable File Format (PE)
        • Tools
        • Linked Libraries and Functions
        • PE File Headers and Sections
  • Shell
    • ./missing-semester
      • Course overview + the shell
      • Shell Tools and Scripting
      • Editors (Vim)
      • Data Wrangling
      • Command-line Environment
    • Bash Tricks
    • .bashrc
    • Random Commands
      • sed
  • Hardware
    • NAND2Tetris
      • Boolean Functions and Gate Logic
      • Boolean Arithmetic and the ALU
      • Memory
      • Machine Language
      • Computer Architecture
      • Assembler
  • Other
    • K8s
      • Chapter 1: From Monolith to Microservices
      • Chapter 2: Container Orchestration
      • Chapter 3: Kubernetes
      • Chapter 4: Kubernetes Architecture
Powered by GitBook
On this page

Was this helpful?

  1. General
  2. Interesting Links

Curriculum

https://www.reddit.com/r/pentest/comments/cwvstm/how_to_start_studying_to_get_into_cyber_security/eyiihsv/

I've received a few messages requesting info for starting out. I'll go ahead and lay out a full curriculum. It will consist of books, online courses (some free, some not), and associated certifications.

  1. Operating Systems

    1. Windows

      1. ebook: Google for "Windows Operating System Fundamentals" filetype:pdf

      2. ebook: Google for "Windows Server Administration Fundamentals" filetype:pdf

      3. training: https://www.edx.org/course/windows-server-2016-infrastructure

      4. ebook: https://en.wikibooks.org/wiki/Windows_Batch_Scripting

      5. training: https://www.edx.org/course/windows-powershell-basics-1

    2. Linux

      1. training: https://www.edx.org/course/introduction-to-linux

      2. training: https://www.edx.org/course/fundamentals-red-hat-enterprise-linux-red-hat-rh066x

      3. ebook: https://www.tldp.org/LDP/Bash-Beginners-Guide/Bash-Beginners-Guide.pdf

      4. ebook: https://www.perl.org/books/beginning-perl/

    3. Mac (OS X)

      1. resource: https://edu.gcfglobal.org/en/osxbasics/

      2. book: Mac OS X For Unix Geeks, 4th Edition - ISBN: 9780596520625

      3. ebook: http://macadmins.psu.edu/files/2017/07/psumac2017-212-Practical-Python-for-Mac-Admins-w5hh1r.pdf

    4. OS Other

      1. book: Operating System Concepts 8th Edition - ISBN-13: 978-0470128725

      2. training: http://www.vmwarevideos.com/free-vmware-training

      3. resource: https://geek-university.com/oracle-virtualbox/oracle-virtualbox-online-course/

  2. Networking Concepts

    1. training: https://www.edx.org/course/it-support-networking-essentials-10

    2. training: https://www.edx.org/course/digital-networks-essentials

    3. resource: https://learningnetwork.cisco.com/thread/15662

  3. Programming

    1. C/C++

      1. resource: https://www.edx.org/learn/c-plus-plus

      2. training: https://www.edx.org/course/programming-in-c-getting-started

    2. Python

      1. training: https://www.codecademy.com/learn/learn-python-3

      2. book: Python Crash Course, 2nd Edition: A Hands-On, Project-Based Introduction to Programming - ISBN-13: 978-1593279288

    3. Java

      1. resource: https://introcs.cs.princeton.edu/java/home/

      2. resource: https://developer.ibm.com/tutorials/j-introtojava1/

    4. Javascript

      1. resource: https://www.w3schools.com/js/

      2. resource: https://www.codecademy.com/learn/introduction-to-javascript

      3. training: https://www.coursera.org/learn/server-side-nodejs

  4. Cloud

    1. resource: https://aws.amazon.com/training/

    2. resource: https://www.edx.org/learn/azure

  5. Broad Security Concepts

    1. resource: https://www.edx.org/learn/cybersecurity

    2. book: CISSP All-in-One Exam Guide, Eighth Edition - ISBN-13: 978-1260142655

    3. resource: https://www.owasp.org

    4. resource: https://nvd.nist.gov/800-53

    5. resource: https://cloudsecurityalliance.org/education/ccsk/study-guide/

    6. resource: https://isc.sans.edu/

  6. Pentesting

    1. training: https://www.offensive-security.com/information-security-training/penetration-testing-training-kali-linux/

    2. training: https://www.offensive-security.com/information-security-certifications/oswe-offensive-security-web-expert/

    3. book: The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws 2nd Edition - ISBN-13: 978-1118026472

    4. resource: https://portswigger.net/web-security

    5. training: https://www.offensive-security.com/metasploit-unleashed/

    6. training: https://www.elearnsecurity.com/course/penetration_testing/

    7. training: https://www.elearnsecurity.com/course/web_application_penetration_testing/

PreviousInteresting LinksNextPentest Labs, Wargames Sites

Last updated 4 years ago

Was this helpful?