⌨ Curriculum for Information Security Specialists

A hands-on curriculum to become a successful cybersecurity engineer based on roles such as Pentest, AppSec, Cloud Security, DevSecOps, etc. Includes free and paid resources, tools and concepts.

⏺ Link to GitHub

@geekcode 😈

Open Source cyber security tools for professionals 🎃

1. Zeek: https://zeek.org/
Network Security Monitoring

2. ClamAV: https://www.clamav.net/
Antivirus

3. OpenVAS: https://www.openvas.org/
Vulnerability Scanner

4. TheHive: https://lnkd.in/e7aVCRUZ
Incident Response

5. PFSense: https://www.pfsense.org/
Security appliance (firewall/VPN/router)

6. Elastic: https://www.elastic.co/de/
Analytics

7. Osquery: https://www.osquery.io/
Endpoint visibility

8. Arkime: https://arkime.com/
Packet capture and search

9. Wazuh: https://wazuh.com/
XDR and SIEM

10. Alien Vault Ossim: https://lnkd.in/eShQt29h
SIEM

11. Velociraptor: https://lnkd.in/eYehEaNa
Forensic and IR

12. MISP project: https://lnkd.in/emaSrT57
Information sharing and Threat Intelligence

13. Kali: https://www.kali.org/
Security OS

14. Parrot: https://www.parrotsec.org/
Security OS

15. OpenIAM: https://www.openiam.com/
IAM

16. Yara: https://lnkd.in/eEJegEak
Patterns

17. Wireguard: https://www.wireguard.com/
VPN

18. OSSEC: https://www.ossec.net/
HIDS

19. Suricata: https://suricata.io/
IDS/IPS

20. Shuffler: https://shuffler.io/
SOAR

21. Phish Report: https://phish.report/
Anti Phishing

22. Graylog: https://lnkd.in/eAFuUmuw
Logmanagement

23. Trivy: https://lnkd.in/e7JxXStY
DevOps/IaC Scanning

24. OpenEDR: https://openedr.com/
EDR

25. Metasploit: https://lnkd.in/e4ECX-py
Pentest

26. NMAP: https://nmap.org/

Share & Support Us ❤️

@geekcode 😈

Roadmap for Cybersecurity 👾

@geekcode 😈

⌨️ Google CTF: Skills Repository

Job sets along with Google CTF solutions between 2017 and 2023.

⏺ Link to CTF

#CTF #geeks

@geekcode 😈

How to get started with Cyber Security

⏰ Wednesday, 04 Oct 2023 4:00PM IST (04 Oct 2023 10:30 UTC)


https://www.sans.org/webcasts/how-get-started-cyber-security/

#event

@geekcode 😈

AWS PENTESTING

https://github.com/redskycyber/Cloud-Security/blob/main/AWS-Security-Pentesting-Resources.md

Join us : @geekcode 😈

🤓WhatWeb - WhatWeb's next generation web scanner identifies websites.
Its purpose is to answer the question: “What kind of website is this?”

WhatWeb recognizes web technologies including content management systems (CMS), blogging platforms, statistical/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 1,800 plugins, each of which recognizes something different .

WhatWeb also identifies version numbers, email addresses, account IDs, web platform modules, SQL errors, and more.

🔗GitHub

@geekcode

😈 Hacker IntelBroker claims to have stolen Apple source codes

IntelBroker on BreachForums claimed to have stolen the source code for several internal tools from Apple.

🔍 According to the report, “Apple.com suffered a data breach in June 2024,” which led to the disclosure of information. IntelBroker claims that as a result it has obtained the source code for the following internal company tools: AppleConnect-SSO, Apple-HWE-Confluence-Advanced and AppleMacroPlugin.

Little is known about Apple-HWE-Confluence-Advanced and AppleMacroPlugin. But AppleConnect-SSO is an authentication system that allows you to access certain applications on the Apple network. This system is known to be integrated with the Directory Services database to provide secure access to internal resources.

@cyberagents

Monitor file system changes using fsmon
▪️supports Linux, iOS, OS X, Android
▪️identify when are binaries loaded (root)
▪️get dropped payloads (root)
▪️identify when are which files opened at app's runtime (db, txt, log, temp...) (non-root)

https://www.mobile-hacker.com/2024/06/24/monitoring-android-file-system-with-fsmon/

@geekcode