Skip to content

joshmoore-sec/infosec_resources

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

41 Commits
README.md
README.md
 
 

Repository files navigation

infosec_resources

Curation of training and helpful resources for information security related topics.

CISSP - Last update 4/3/2024

  1. 8 Domain Note Card - Hasn't been updated since 2018/2019. Contains old information and missing newer information, but a very quality notes card for a number of the foundations. https://www.sunflower-cissp.com/downloads/sunflower_cissp_layout.pdf
  2. Youtube CISSP Exam Cram - Very thorough and covers updates for the 2021 exam. https://www.youtube.com/watch?v=_nyZhYnCNLA
  3. Cheatsheet (Reddit) - https://www.reddit.com/r/cissp/s/bfC7tyzebi
  4. Youtube Think Like a Manager - It is recommended to take the exam from the persona of a manager and not a technical/engineer viewpoint. https://www.youtube.com/watch?v=vfC9OLsCqgk
  5. Think Like a Manager Presentation - https://onedrive.live.com/?authkey=%21AJ2QzIcuTj7FuzI&cid=1590B798C9CD6D68&id=1590B798C9CD6D68%21137612&parId=1590B798C9CD6D68%21136912&o=OneUp
  6. 50 free CISSP Study Questions - https://insidethemicrosoftcloud.com/cissp-practice-quiz/
  7. Cryptography Drilldown - https://www.youtube.com/watch?v=8_NLPDRLfg4
  8. 50 Hard CISSP and also Mindset video - https://youtu.be/qbVY0Cg8Ntw

Security Frameworks & Controls

  1. CIS - https://www.auditscripts.com/free-resources/critical-security-controls
  2. NIST CSF Explained - https://www.linkedin.com/events/nistcsfexplained7125846309378359296/comments/
  3. NIST 800-53 - https://delinea.com/blog/nist-800-53-security-privacy-privileged-access
  4. NIST GOV 800-353 - https://csrc.nist.gov/projects/risk-management/sp800-53-controls/downloads
  5. Differentiating between Policy, Standards, Procedures, and Guidelines - https://frsecure.com/blog/differentiating-between-policies-standards-procedures-and-guidelines/

Azure / Microsoft Entra

  1. John Savills Youtube (Is a must watch for all things Azure / Entra) - https://www.youtube.com/@NTFAQGuy

Hack the Box - Need to Recategorize

  1. https://osintframework.com/
  2. OWASP Juice Shop - https://owasp.org/www-project-juice-shop/ - Is a modern vulnerable web application written in Node.js, Express, and Angular which showcases the entire OWASP Top Ten along with many other real-world application security flaws.
  3. Metasploitable 2 - https://docs.rapid7.com/metasploit/metasploitable-2-exploitability-guide/ - Is a purposefully vulnerable Ubuntu Linux VM that can be used to practice enumeration, automated, and manual exploitation.
  4. Metasploitable 3 - https://github.com/rapid7/metasploitable3 - Is a template for building a vulnerable Windows VM configured with a wide range of vulnerabilities.
  5. DVWA - https://github.com/digininja/DVWA - This is a vulnerable PHP/MySQL web application showcasing many common web application vulnerabilities with varying degrees of difficulty.

HTB Powershell & Scripting Tutortials

  1. https://underthewire.tech/wargames
  2. Blog - https://0xdf.gitlab.io/
  3. https://overthewire.org/wargames/

HTB Youtube References

  1. IppSec - https://www.youtube.com/channel/UCa6eh7gCkpPo5XXUDfygQQA -Provides an extremely in-depth walkthrough of every retired HTB box packed full of insight from his own experience, as well as videos on various techniques.
  2. VbScrub - https://www.youtube.com/channel/UCpoyhjwNIWZmsiKNKpsMAQQ - Provides HTB videos as well as videos on techniques, primarily focusing on Active Directory exploitation.
  3. STÖK - https://www.youtube.com/channel/UCQN2DsjnYH60SFBIA6IkNwg - Provides videos on various infosec related topics, mainly focusing on bug bounties and web application penetration testing.
  4. LiveOverflow - https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w - Provides videos on a wide variety of technical infosec topics.

General Training

  1. Intro to Cybersecurity Course (15 hours) Learn how to protect your personal data and privacy online and in social media, and why more and more IT jobs require cybersecurity awareness and understanding. Receive a certificate of completion. https://www.netacad.com/portal/web/self-enroll/c/course-1003729
  2. Enemy Perspective - https://www.optiv.com/explore-optiv-insights/blog/learning-enemy-perspective
  3. Opprotunistic Threats - https://www.optiv.com/explore-optiv-insights/downloads/covid-19-thwarting-opportunistic-attackers-technical-checklist
  4. Modern Marriage - Identity, Data, and Zero Trust - https://www.optiv.com/explore-optiv-insights/downloads/modern-marriage-identity-data-and-zero-trust
  5. 7 Tenets of Successful IAM - https://www.youtube.com/watch?v=XDgE0IGRmgI&feature=youtu.be
  6. PowerShell for Active Directory Administrators - https://www.udemy.com/course/powershell-for-active-directory-administrators/
  7. Manage IAM in Azure - https://docs.microsoft.com/en-us/learn/paths/manage-identity-and-access/?source=learn

Tools

  1. Review which sites support 2FA and those that don't. https://twofactorauth.org/
  2. ForcePoint URL assessment. https://support.forcepoint.com/KBArticle?id=How-do-I-find-out-how-a-site-is-categorized-1258048436086
  3. Browser extension review tool - (DUO) - https://crxcavator.io/
  4. Package Manager for Windows - https://chocolatey.org/
  5. Windows Bloodhoud - https://bloodhound.readthedocs.io/en/latest/installation/windows.html

Resources

  1. SANS - https://www.sans.org/about/
  2. ISSA - https://www.issa.org/?page=CodeofEthics
  3. Optiv Resources - https://www.optiv.com/explore-optiv-insights?keys=&topic=5596&year=All&sort=latest
  4. ISC2 - https://www.isc2.org/
  5. GSA (Handling of PII) - https://www.gsa.gov/directive/gsa-rules-of-behavior-for-handling-personally-identifiable-information-(pii)-
  6. NIST 800-122 (PII) - https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-122.pdf
  7. Microsoft Security Webinars - https://techcommunity.microsoft.com/t5/security-compliance-and-identity/join-our-security-community/ba-p/927888

CyberArk

  1. Privileged Access Management Fundamentals - https://www.cyberark.com/resources/webinars/privileged-access-management-fundamentals-secure-your-success
  2. Why You Should Be Using Privileged Access Management as a Service - https://www.cyberark.com/resources/webinars/why-you-should-be-using-privileged-access-management-as-a-service
  3. Rapidly Reducing Risk By Prioritizing PAM as A Service - https://www.cyberark.com/resources/webinars/rapidly-reduce-risk-by-prioritizing-pam-as-a-service
  4. The CyberArk Blueprint: Achieving Privileged Management Success - https://www.cyberark.com/resources/webinars/the-cyberark-blueprint-achieving-privileged-access-management-success

Podcasts

  1. Risky Business - https://risky.biz/
  2. Cybrary - https://www.cybrary.it/info/cybrary-podcast/

Incident Response

  1. Crowdstrike IR tracker - https://www.crowdstrike.com/blog/crowdstrike-releases-digital-forensics-and-incident-response-tracker/

About

Infosec resources

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors