Roadmap to becoming a developer in 2022
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

4883 lines
370 KiB

{
"oimYzZYFXKjgvc7D4c-2u": {
"title": "Fundamental IT Skills",
"description": "Fundamental IT skills form the backbone of cybersecurity proficiency and encompass a broad range of technical knowledge. These skills include understanding computer hardware and software, networking concepts, and operating systems (particularly Windows and Linux). Proficiency in at least one programming language, such as Python or JavaScript, is increasingly important for automation and scripting tasks. Database management, including SQL, is crucial for handling and securing data. Knowledge of cloud computing platforms like AWS or Azure is becoming essential as organizations migrate to cloud environments. Familiarity with basic cybersecurity concepts such as encryption, access control, and common attack vectors provides a foundation for more advanced security work. Additionally, troubleshooting skills, the ability to interpret logs, and a basic understanding of web technologies are vital. These fundamental IT skills enable cybersecurity professionals to effectively protect systems, identify vulnerabilities, and respond to incidents in increasingly complex technological landscapes.\n\nLearn more from the following resources:",
"links": [
{
"title": "Top 10 in demand IT skills",
"url": "https://www.comptia.org/blog/top-it-skills-in-demand",
"type": "article"
}
]
},
"Ih0YZt8u9vDwYo8y1t41n": {
"title": "Computer Hardware Components",
"description": "Computer hardware components are the physical parts of a computer system that work together to perform computing tasks. The key components include the **central processing unit (CPU)**, which is the \"brain\" of the computer responsible for executing instructions and processing data. The **motherboard** is the main circuit board that connects and allows communication between the CPU, memory, and other hardware. **Random Access Memory (RAM)** serves as the computer's short-term memory, storing data that is actively being used by the CPU for quick access.\n\nThe **storage device**, such as a hard disk drive (HDD) or solid-state drive (SSD), is where data is permanently stored, including the operating system, applications, and files. The **power supply unit (PSU)** provides the necessary electrical power to run the components. **Graphics processing units (GPU)**, dedicated for rendering images and videos, are important for tasks like gaming, video editing, and machine learning. Additionally, **input devices** like keyboards and mice, and **output devices** like monitors and printers, enable users to interact with the system. Together, these components make up the essential hardware of a computer, enabling it to perform various computing functions.\n\nLearn more from the following resources:",
"links": [
{
"title": "What is computer hardware?",
"url": "https://uk.crucial.com/articles/pc-builders/what-is-computer-hardware",
"type": "article"
},
{
"title": "Computer Components for Dummies",
"url": "https://www.youtube.com/watch?v=cZs6kh0WFRY",
"type": "video"
}
]
},
"F1QVCEmGkgvz-_H5lTxY2": {
"title": "Connection Types and their function",
"description": "There are several types of network connections that enable communication between devices, each serving different functions based on speed, reliability, and purpose. **Ethernet** is a wired connection type commonly used in local area networks (LANs), providing high-speed, stable, and secure data transfer. Ethernet is ideal for businesses and environments where reliability is crucial, offering speeds from 100 Mbps to several Gbps.\n\n**Wi-Fi**, a wireless connection, enables devices to connect to a network without physical cables. It provides flexibility and mobility, making it popular in homes, offices, and public spaces. While Wi-Fi offers convenience, it can be less reliable and slower than Ethernet due to signal interference or distance from the access point.\n\n**Bluetooth** is a short-range wireless technology primarily used for connecting peripherals like headphones, keyboards, and other devices. It operates over shorter distances, typically up to 10 meters, and is useful for personal device communication rather than networking larger systems.\n\n**Fiber-optic connections** use light signals through glass or plastic fibers to transmit data at very high speeds over long distances, making them ideal for internet backbones or connecting data centers. Fiber is faster and more reliable than traditional copper cables, but it is also more expensive to implement.\n\n**Cellular connections**, such as 4G and 5G, allow mobile devices to connect to the internet via wireless cellular networks. These connections offer mobility, enabling internet access from almost anywhere, but their speeds and reliability can vary depending on network coverage.\n\nEach connection type plays a specific role, balancing factors like speed, distance, and convenience to meet the varying needs of users and organizations.\n\nLearn more from the following resources:",
"links": [
{
"title": "What is ethernet?",
"url": "https://www.techtarget.com/searchnetworking/definition/Ethernet",
"type": "article"
},
{
"title": "What is WiFi and how does it work?",
"url": "https://computer.howstuffworks.com/wireless-network.htm",
"type": "article"
},
{
"title": "How bluetooth works",
"url": "https://electronics.howstuffworks.com/bluetooth.htm",
"type": "article"
}
]
},
"pJUhQin--BGMuXHPwx3JJ": {
"title": "OS-Independent Troubleshooting",
"description": "Understanding Common Symptoms\n-----------------------------\n\nIn order to troubleshoot effectively, it is important to recognize and understand the common symptoms encountered in IT systems. These can range from hardware-related issues, such as overheating or physical damage, to software-related problems, such as slow performance or unresponsiveness.\n\nBasic Troubleshooting Process\n-----------------------------\n\nFollowing a systematic troubleshooting process is critical, regardless of the operating system. Here are the basic steps you might follow:\n\n* **Identify the problem**: Gather information on the issue and its symptoms, and attempt to reproduce the problem, if possible. Take note of any error messages or unusual behaviors.\n* **Research and analyze**: Search for potential causes and remedies on relevant forums, web resources, or vendor documentation.\n* **Develop a plan**: Formulate a strategy to resolve the issue, considering the least disruptive approach first, where possible.\n* **Test and implement**: Execute the proposed solution(s) and verify if the problem is resolved. If not, repeat the troubleshooting process with a new plan until the issue is fixed.\n* **Document the process and findings**: Record the steps taken, solutions implemented, and results to foster learning and improve future troubleshooting efforts.\n\nIsolating the Problem\n---------------------\n\nTo pinpoint the root cause of an issue, it's important to isolate the problem. You can perform this by:\n\n* **Disabling or isolating hardware components**: Disconnect any peripherals or external devices, then reconnect and test them one by one to identify the defective component(s).\n* **Checking resource usage**: Utilize built-in or third-party tools to monitor resource usage (e.g., CPU, memory, and disk) to determine whether a bottleneck is causing the problem.\n* **Verifying software configurations**: Analyze the configuration files or settings for any software or applications that could be contributing to the problem.\n\nNetworking and Connectivity Issues\n----------------------------------\n\nEffective troubleshooting of network-related issues requires an understanding of various protocols, tools, and devices involved in networking. Here are some basic steps you can follow:\n\n* **Verify physical connectivity**: Inspect cables, connectors, and devices to ensure all components are securely connected and functioning correctly.\n* **Confirm IP configurations**: Check the system's IP address and related settings to ensure it has a valid IP configuration.\n* **Test network services**: Use command-line tools, such as `ping` and `traceroute` (or `tracert` in Windows), to test network connections and diagnose potential problems.\n\nLog Analysis\n------------\n\nLogs are records of system events, application behavior, and user activity, which can be invaluable when troubleshooting issues. To effectively analyze logs, you should:\n\n* **Identify relevant logs**: Determine which log files contain information related to the problem under investigation.\n* **Analyze log content**: Examine events, error messages, or patterns that might shed light on the root cause of the issue.\n* **Leverage log-analysis tools**: Utilize specialized tools or scripts to help parse, filter, and analyze large or complex log files.\n\nLearn more from the following resources:",
"links": [
{
"title": "How to identify 9 signs of Operating System.",
"url": "https://bro4u.com/blog/how-to-identify-9-signs-of-operating-system",
"type": "article"
},
{
"title": "Trouble shooting guide",
"url": "https://cdnsm5-ss6.sharpschool.com/userfiles/servers/server_20856499/file/teacher%20pages/lindsay%20dolezal/it%20essentials/5.6.pdf",
"type": "article"
}
]
},
"_7RjH4Goi0x6Noy6za0rP": {
"title": "Understand Basics of Popular Suites",
"description": "Microsoft Office\n----------------\n\nMicrosoft Office is a suite of productivity software applications developed by Microsoft. It includes popular programs like Word (word processing), Excel (spreadsheets), PowerPoint (presentations), Outlook (email and calendar), and OneNote (note-taking). The suite offers both desktop applications and cloud-based services through Office 365, enabling collaboration and remote work. Office integrates with Microsoft's cloud storage solution, OneDrive, for easy file sharing and syncing across devices. It's widely used in business, education, and personal settings for creating, editing, and managing various types of documents. Regular updates introduce new features and security improvements, maintaining Office's position as a standard tool in personal and professional computing environments.\n\nGoogle Workspace (formerly G Suite)\n-----------------------------------\n\nGoogle Workspace (formerly G Suite) is a cloud-based productivity and collaboration platform developed by Google. It includes applications like Gmail (email), Google Docs (word processing), Sheets (spreadsheets), Slides (presentations), Drive (cloud storage), Meet (video conferencing), and Calendar. These tools are designed for real-time collaboration, allowing multiple users to work on documents simultaneously. Google Workspace integrates seamlessly across devices, offers robust search capabilities, and provides advanced security features. It's popular among businesses, educational institutions, and individuals for its user-friendly interface, automatic saving, and extensive third-party app integrations. The platform emphasizes cloud-native work, promoting flexibility and remote collaboration in modern work environments.\n\nLibreOffice\n-----------\n\nLibreOffice is a free, open-source office productivity suite developed by The Document Foundation. It offers alternatives to Microsoft Office applications, including Writer (word processing), Calc (spreadsheets), Impress (presentations), Draw (graphics), Base (databases), and Math (formula editing). LibreOffice supports a wide range of file formats, including Microsoft Office formats, and emphasizes adherence to open standards. It's available for multiple operating systems, doesn't require a subscription, and allows users to customize or extend its functionality. While it may lack some advanced features of commercial alternatives, LibreOffice is popular in educational settings, government agencies, and among users seeking a cost-effective, privacy-focused office suite solution.\n\nLearn more from the following resources:",
"links": [
{
"title": "Microsoft Office",
"url": "https://www.office.com/",
"type": "article"
},
{
"title": "Google Workspace",
"url": "https://workspace.google.com",
"type": "article"
},
{
"title": "Libra Office",
"url": "https://www.libreoffice.org/",
"type": "article"
}
]
},
"T0aU8ZQGShmF9uXhWY4sD": {
"title": "Basics of Computer Networking",
"description": "Computer networking is the practice of connecting computers and devices to share data and resources. It involves the use of protocols like TCP/IP for communication, hardware such as routers and switches for directing traffic, and various network topologies (e.g., star, mesh, bus) for organizing connections. Networks can be categorized by size and scope, from small local area networks (LANs) to wide area networks (WANs) that span large geographical areas. Key concepts include IP addressing, subnetting, DNS for name resolution, and network security measures. Understanding networking basics is crucial for managing data flow, troubleshooting connectivity issues, and ensuring efficient communication in modern computing environments.\n\nLearn more from the following resources:",
"links": [
{
"title": "Networking basics - What you need to know",
"url": "https://www.cisco.com/c/en/us/solutions/small-business/resource-center/networking/networking-basics.html",
"type": "article"
},
{
"title": "Computer Networking in 100 seconds",
"url": "https://www.youtube.com/watch?v=keeqnciDVOo",
"type": "video"
},
{
"title": "Computer Networks: Crash Course Computer Science #28",
"url": "https://www.youtube.com/watch?v=3QhU9jd03a0",
"type": "video"
}
]
},
"hwAUFLYpc_ftCfXq95dey": {
"title": "NFC",
"description": "**Near Field Communication (NFC)** is a short-range wireless technology that allows devices to communicate and exchange data over very short distances, typically up to 4 inches (10 cm). NFC is commonly used for applications such as contactless payments, electronic ticketing, and data transfer between devices. It operates at a frequency of 13.56 MHz and supports various modes, including peer-to-peer communication, card emulation, and reader/writer modes. NFC enables quick and secure interactions with minimal setup, making it convenient for mobile payments, access control, and sharing information.\n\nLearn more from the following resources:",
"links": [
{
"title": "The Beginner's Guide to NFCs",
"url": "https://www.spiceworks.com/tech/networking/articles/what-is-near-field-communication/",
"type": "article"
},
{
"title": "NFC Guide: All You Need to Know About Near Field Communication",
"url": "https://squareup.com/us/en/the-bottom-line/managing-your-finances/nfc",
"type": "article"
},
{
"title": "NFC Explained: What is NFC? How NFC Works? Applications of NFC",
"url": "https://youtu.be/eWPtt2hLnJk",
"type": "video"
}
]
},
"fUBNKHNPXbemRYrnzH3VT": {
"title": "WiFi",
"description": "WiFi is a wireless networking technology that allows devices to connect to the internet and communicate with each other without physical cables. It uses radio waves to transmit data, typically operating on the 2.4 GHz and 5 GHz frequency bands. WiFi networks are created by wireless routers or access points and can be found in homes, offices, public spaces, and many other locations. The technology follows IEEE 802.11 standards, with newer versions (like WiFi 6 or 802.11ax) offering increased speeds, better performance in crowded areas, and improved energy efficiency. WiFi enables the proliferation of mobile and smart devices, supporting the Internet of Things (IoT) and allowing for greater flexibility and mobility in network connectivity.\n\nVisit the following resources to learn more:",
"links": [
{
"title": "Wireless Networks - Howstuffworks",
"url": "https://computer.howstuffworks.com/wireless-network.htm",
"type": "article"
},
{
"title": "That's How Wi-Fi Works",
"url": "https://youtu.be/hePLDVbULZc",
"type": "video"
Add content to cyber security roadmap (#6757) * Update dns.md - Fix the YouTube video link error and update the video title. * Update understand-cia-triad.md * Update comptia-security.md - Fix all broken links. - Update Exam Details. - Add new links. - Remove outdated links. * Update comptia-network.md - Update Exam Details. - Preparation Resources. - New links. * Update dnssec.md - summarized content. - relevant links. * Update apt.md - New section - Added a new link * Update comptia-a.md - Updated Professor Messer's link - New links added * Apply suggestions from code review * Update attck.md - new content. - relevant links. * Update src/data/roadmaps/cyber-security/content/attck@auR7fNyd77W2UA-PjXeJS.md * Update linux.md, comptia-linux.md and understand-the-osi-model.md Update linux.md - New Links - Remove Google Analytics parameters from link Update comptia-linux.md - Links updated Update understand-the-osi-model.md - New link * Update cissp.md - new resources links * Update src/data/roadmaps/cyber-security/content/cissp@BqvijNoRzSGYLCMP-6hhr.md * update basics-of-ids-and-ips.md - new links * update endpoint-security.md - new links * update edr.md - new text and links. update ssl-and-tls-basics.md - new links update ssl--tls.md - new links update dropbox.md - official link * ipsec.md - new content - new link kali-linux.md - new content linux.md - fix typo * Update src/data/roadmaps/cyber-security/content/kali-linux@w6wXkoLrv0_d-Ah0txUHd.md * change the CEH position to CISSP This is a suggestion, I believe that CEH appears as a highlight due to the larger space and this bothers many people. CISSP is a top professional-level certification in the field of cybersecurity and the the most respected certificate in the IT security field. He really deserves his place in the spotlight. * update xss.md, privilege-escalation.md, wlan.md and others update xss.md - new content update privilege-escalatio.md - new link update core-concepts-of-zero-trust.md - new link update zero-day.md - new content Note: This second zero-day topic is a subset of the "Attack Types and Differences" topic, so the content is minimal compared to the zero-day%40zqRaMmqcLfx400kJ-h0LO.md update wifi.md - new video link update wlan.md - new video links ( professor messer ) * update vpn.md, web-based-attacks-and-owasp.md update vpn.md - new links update web-based-attacks-and-owasp.md - new links * chore: update roadmap content json --------- Co-authored-by: dsh <daniel.s.holdsworth@gmail.com> Co-authored-by: Kamran Ahmed <kamranahmed.se@gmail.com> Co-authored-by: andreluis-oliveira <andreluis-oliveira@users.noreply.github.com>
4 months ago
},
{
"title": "Wireless Networking Explained",
"url": "https://www.youtube.com/watch?v=Uz-RTurph3c",
"type": "video"
}
]
},
"DbWf5LdqiByPiJa4xHtl_": {
"title": "Bluetooth",
"description": "Bluetooth is a short-range wireless technology standard used for exchanging data between fixed and mobile devices over short distances. While it offers convenience for connecting peripherals and transferring information, it also presents several security concerns in the cybersecurity landscape. Bluetooth vulnerabilities can potentially allow attackers to intercept communications, execute malicious code, or gain unauthorized access to devices. Common attacks include bluejacking, bluesnarfing, and bluebugging. To mitigate these risks, cybersecurity professionals recommend regularly updating device firmware, using the latest Bluetooth protocols, enabling encryption, and turning off Bluetooth when not in use. Despite ongoing security improvements, Bluetooth remains an attack vector that requires vigilant monitoring and protection in both personal and enterprise environments.\n\nLearn more from the following resources:",
"links": [
{
"title": "Bluetooth in Cyber Security",
"url": "https://www.zenarmor.com/docs/network-basics/what-is-bluetooth",
"type": "article"
},
{
"title": "Everything about Bluetooth Security",
"url": "https://www.youtube.com/watch?v=i9mzl51ammA",
"type": "video"
}
]
},
"KsZ63c3KQLLn373c5CZnp": {
"title": "Infrared",
"description": "Infrared (IR) is a type of wireless communication technology that utilizes light waves in the electromagnetic spectrum to transmit data between devices. Infrared connections are widely used in short-range communication, commonly found in devices like remote controls, wireless keyboards and mice, and computer-to-printer communication.\n\nLearn more from the following resources:",
"links": [
{
"title": "Infrared Definition",
"url": "https://nordvpn.com/cybersecurity/glossary/infrared/?srsltid=AfmBOop7r5E41gRA5itc1NmwrS9qpjfiFnW6UKBwVLuu_MifaKdLHoTe",
"type": "article"
},
{
"title": "Infrared",
"url": "https://www.larksuite.com/en_us/topics/cybersecurity-glossary/infrared",
"type": "article"
}
]
},
"E7yfALgu9E2auOYDOTmex": {
"title": "iCloud",
"description": "iCloud is a cloud storage and cloud computing service provided by Apple Inc. It allows users to store data, such as documents, photos, and music, on remote servers and synchronize them across their Apple devices, including iPhones, iPads, and MacBooks.\n\nLearn more from the following resources:",
"links": [
{
"title": "iCloud Website",
"url": "https://www.icloud.com/",
"type": "article"
}
]
},
"IOK_FluAv34j3Tj_NvwdO": {
"title": "Google Suite",
"description": "Google Workspace, formerly known as G Suite, is a collection of cloud-based productivity and collaboration tools developed by Google. It includes popular applications such as Gmail for email, Google Drive for file storage and sharing, Google Docs for document creation and editing, Google Sheets for spreadsheets, and Google Meet for video conferencing. From a cybersecurity perspective, Google Workspace presents both advantages and challenges. It offers robust built-in security features like two-factor authentication, encryption of data in transit and at rest, and advanced threat protection. However, its cloud-based nature means organizations must carefully manage access controls, data sharing policies, and compliance with various regulations. Security professionals must be vigilant about potential phishing attacks targeting Google accounts, data leakage through improper sharing settings, and the risks associated with third-party app integrations. Understanding how to properly configure and monitor Google Workspace is crucial for maintaining the security of an organization's collaborative environment and protecting sensitive information stored within these widely-used tools.\n\nLearn more from the following resources:",
"links": [
{
"title": "Google Workspace Website",
"url": "https://workspace.google.com/intl/en_uk/",
"type": "article"
}
]
},
"-5haJATqlmj0SFSFAqN6A": {
"title": "MS Office Suite",
"description": "The **Microsoft Office Suite** is a collection of productivity software developed by Microsoft, commonly used in both personal and professional settings. It includes core applications such as **Word** (word processing), **Excel** (spreadsheets), **PowerPoint** (presentations), and **Outlook** (email and calendar). Other applications in the suite may include **Access** (database management), **OneNote** (note-taking), and **Teams** (collaboration and communication). The suite offers integrated tools for creating, managing, and sharing documents, data, and communications, supporting a wide range of business and personal productivity tasks.\n\nLearn more from the following resources:",
"links": [
{
"title": "Microsoft Office Suite Directory",
"url": "https://www.microsoft.com/en-gb/microsoft-365/products-apps-services",
"type": "article"
},
{
"title": "Every Office 365 App Explained",
"url": "https://www.youtube.com/watch?v=2W0T2qGZ9Dc",
"type": "video"
}
]
},
"wkuE_cChPZT2MHyGjUuU4": {
"title": "HackTheBox",
"description": "Hack The Box (HTB) is a popular online platform designed for security enthusiasts, penetration testers, and ethical hackers to develop and enhance their skills by engaging in real-world cybersecurity challenges. The platform provides a wide array of virtual machines (VMs), known as \"boxes,\" each with a unique set of security vulnerabilities to exploit.\n\nLearn more from the following resources:",
"links": [
{
"title": "Hack The Box Website",
"url": "https://www.hackthebox.com/",
"type": "article"
},
{
"title": "I played HTB for 30 days, heres what I learnt",
"url": "https://www.youtube.com/watch?v=bPv5pb7AcYs",
"type": "video"
}
]
},
"kht-L7_v-DbglMYUHuchp": {
"title": "TryHackMe",
"description": "TryHackMe is an online platform designed for cybersecurity training and learning through hands-on experience. It offers a wide range of virtual rooms and challenges covering various security topics, from basic to advanced levels. Users can access vulnerable machines, engage in capture-the-flag (CTF) style exercises, and learn practical skills in areas like penetration testing, web security, and network security. TryHackMe uses browser-based tools and virtual machines, making it accessible without requiring powerful hardware. The platform caters to beginners and experienced professionals alike, providing guided learning paths, real-world scenarios, and a supportive community. It's widely used for both individual skill development and corporate cybersecurity training.\n\nLearn more from the following resources:",
"links": [
{
"title": "TryHackMe Website",
"url": "https://tryhackme.com/",
"type": "article"
},
{
"title": "Start Your Cybersecurity Career with TryHackMe",
"url": "https://www.youtube.com/watch?v=HPF8y_gDP7w",
"type": "video"
}
]
},
"W94wY_otBuvVW_-EFlKA6": {
"title": "VulnHub",
"description": "VulnHub is an online platform that provides a collection of intentionally vulnerable virtual machines for cybersecurity enthusiasts, penetration testers, and ethical hackers to practice their skills. These virtual machines simulate various real-world scenarios with different vulnerabilities and security misconfigurations. Users can download and run these VMs in their own environments, attempting to exploit vulnerabilities and gain root access. VulnHub offers a hands-on approach to learning about cybersecurity, allowing users to explore different attack vectors, practice exploitation techniques, and understand common security flaws in a safe, legal environment. It's a valuable resource for both beginners and experienced professionals to enhance their offensive security skills and prepare for certifications.\n\nLearn more from the following resources:",
"links": [
{
"title": "Vulnhub Website",
"url": "https://www.vulnhub.com/",
"type": "article"
},
{
"title": "A Beginners Guide to Vulnhub",
"url": "https://medium.com/@gavinloughridge/a-beginners-guide-to-vulnhub-part-1-52b06466635d",
"type": "article"
}
]
},
"pou5xHwnz9Zsy5J6lNlKq": {
"title": "picoCTF",
"description": "**picoCTF** is an online cybersecurity competition designed to help students and beginners learn and practice hacking skills through capture-the-flag (CTF) challenges. Developed by Carnegie Mellon University, picoCTF features a series of progressively difficult puzzles that teach concepts such as reverse engineering, cryptography, web exploitation, forensics, and binary exploitation. It's an educational platform that offers hands-on experience in solving real-world cybersecurity problems, making it popular among both students and aspiring cybersecurity professionals for learning and improving their skills in a practical, interactive environment.\n\nLearn more from the following resources:",
"links": [
{
"title": "picoCTF Website",
"url": "https://picoctf.org/",
"type": "article"
},
{
"title": "BEGINNER Capture The Flag - PicoCTF 2021 001 \"Obedient Cat\"",
"url": "https://www.youtube.com/watch?v=P07NH5F-t3s",
"type": "video"
}
]
},
"WCeJrvWl837m1BIjuA1Mu": {
"title": "SANS Holiday Hack Challenge",
"description": "The SANS Holiday Hack Challenge is an annual cybersecurity event that offers participants the opportunity to solve a series of themed cybersecurity puzzles and challenges. Designed to engage both beginners and experienced professionals, the challenge covers a wide range of topics including network forensics, penetration testing, reverse engineering, and more. It provides a fun, gamified learning experience that encourages participants to enhance their skills while collaborating with the global cybersecurity community. The event often features real-world security scenarios, creative storytelling, and interactive, hands-on tasks.\n\nLearn more from the following resources:",
"links": [
{
"title": "SANS Holiday Hack Website",
"url": "https://www.sans.org/mlp/holiday-hack-challenge-2023/",
"type": "article"
},
{
"title": "Official SANS Holiday Hack Challenge Video",
"url": "https://www.youtube.com/watch?v=zfhhLi8jZzI",
"type": "video"
}
]
},
"lbAgU5lR1O7L_5mCbNz_D": {
"title": "CompTIA A+",
"description": "CompTIA A+ is an entry-level certification for IT professionals that focuses on essential knowledge and skills in computer hardware, software, and troubleshooting. This certification is widely recognized in the IT industry and can serve as a stepping stone for individuals looking to start a career in the field of information technology.\n\nLearn more from the following resources:",
"links": [
{
"title": "Comptia A+ Course",
"url": "https://www.youtube.com/watch?v=1CZXXNKAY5o",
"type": "course"
},
{
"title": "Comptia A+ Website",
"url": "https://www.comptia.org/certifications/a",
"type": "article"
}
]
},
"p34Qwlj2sjwEPR2ay1WOK": {
"title": "CompTIA Linux+",
"description": "The CompTIA Linux+ certification is an entry-level certification aimed at individuals who are seeking to learn and demonstrate their skills and knowledge of the Linux operating system. This certification is widely recognized in the IT industry as an essential qualification for entry-level Linux administrators and helps them gain a strong foundation in Linux system administration tasks.\n\nLearn more from the following resources:",
"links": [
{
"title": "Linux+ Website",
"url": "https://www.comptia.org/certifications/linux",
"type": "article"
},
{
"title": "Linux+ Exam Prep",
"url": "https://www.youtube.com/watch?v=niPWk7tgD2Q&list=PL78ppT-_wOmuwT9idLvuoKOn6UYurFKCp",
"type": "video"
}
]
},
"4RGbNOfMPDbBcvUFWTTCV": {
"title": "CompTIA Network+",
"description": "The CompTIA Network+ is a highly sought-after certification for IT professionals who aim to build a solid foundation in networking concepts and practices. This certification is vendor-neutral, meaning that it covers a broad range of knowledge that can be applied to various network technologies, products, and solutions. The Network+ certification is designed for beginners in the world of IT networking, and it is recommended that you first obtain the [CompTIA A+ certification](#) before moving on to Network+.\n\nLearn more from the following resources:",
"links": [
{
"title": "CompTIA Network+ Course",
"url": "https://www.youtube.com/watch?v=xmpYfyNmWbw",
"type": "course"
},
{
"title": "CompTIA Network+ Website",
"url": "https://www.comptia.org/certifications/network",
"type": "article"
}
]
},
"4RD22UZATfL8dc71YkJwQ": {
"title": "CCNA",
"description": "The Cisco Certified Network Associate (CCNA) certification is an entry-level certification for IT professionals who want to specialize in networking, specifically within the realm of Cisco products. This certification validates an individual's ability to install, configure, operate, and troubleshoot medium-sized routed and switched networks. It also covers the essentials of network security and management.\n\nLearn more from the following resources:",
"links": [
{
"title": "@Network Chuck Free CCNA Course",
"url": "https://www.youtube.com/playlist?list=PLIhvC56v63IJVXv0GJcl9vO5Z6znCVb1P",
"type": "article"
},
{
"title": "CCNA Certification Website",
"url": "https://www.cisco.com/site/us/en/learn/training-certifications/certifications/enterprise/ccna/index.html",
"type": "article"
}
]
},
"AxeDcKK3cUtEojtHQPBw7": {
"title": "CompTIA Security+",
"description": "CompTIA Security+ is a highly recognized and respected certification for individuals seeking to start their careers in the field of cybersecurity. This certification is vendor-neutral, meaning it doesn't focus on any specific technology or platform, and provides a solid foundation in cybersecurity principles, concepts, and best practices.\n\nLearn more from the following resources:",
"links": [
{
"title": "CompTIA Security+ Course",
"url": "https://www.youtube.com/watch?v=yLf2jRY39Rc&list=PLIhvC56v63IIyU0aBUed4qwP0nSCORAdB",
"type": "course"
},
{
"title": "CompTIA Security+ Website",
"url": "https://www.comptia.org/certifications/security",
"type": "article"
}
]
},
"AAo7DXB7hyBzO6p05gx1i": {
"title": "CEH",
"description": "**Certified Ethical Hacker (CEH)** is an advanced certification focused on equipping cybersecurity professionals with the knowledge and skills required to defend against the continuously evolving landscape of cyber threats. This certification is facilitated by the EC-Council, an internationally recognized organization for information security certifications.\n\nLearn more from the following resources:",
"links": [
{
"title": "CEH Website",
"url": "https://www.eccouncil.org/train-certify/certified-ethical-hacker-ceh/",
"type": "article"
}
]
},
"lqFp4VLY_S-5tAbhNQTew": {
"title": "CISA",
"description": "The **Certified Information Systems Auditor (CISA)** is a globally recognized certification for professionals who audit, control, monitor, and assess an organization's information technology and business systems.\n\nCISA was established by the Information Systems Audit and Control Association (ISACA) and is designed to demonstrate an individual's expertise in managing vulnerabilities, ensuring compliance with industry regulations, and instituting controls within the business environment.\n\nLearn more from the following resources:",
"links": [
{
"title": "CISA Website",
"url": "https://www.isaca.org/credentialing/cisa",
"type": "article"
},
{
"title": "What is a Certified Information Systems Auditor?",
"url": "https://www.investopedia.com/terms/c/certified-information-systems-auditor.asp",
"type": "article"
}
]
},
"s86x24SHPEbbOB9lYNU-w": {
"title": "CISM",
"description": "The Certified Information Security Manager (CISM) is an advanced cybersecurity certification offered by ISACA that focuses on information security management. It is designed for professionals who have a strong understanding of information security and are responsible for overseeing, designing, and managing an organization's information security programs.\n\nCommon ports are standardized communication endpoints used by various network protocols and services. In cybersecurity, understanding these ports is crucial for configuring firewalls, detecting potential threats, and managing network traffic. Some widely used ports include 80 and 443 for HTTP and HTTPS web traffic, 22 for SSH secure remote access, 25 for SMTP email transmission, and 53 for DNS name resolution. FTP typically uses port 21 for control and 20 for data transfer, while ports 137-139 and 445 are associated with SMB file sharing. Database services often use specific ports, such as 3306 for MySQL and 1433 for Microsoft SQL Server. Cybersecurity professionals must be familiar with these common ports and their expected behaviors to effectively monitor network activities, identify anomalies, and secure systems against potential attacks targeting specific services.\n\nLearn more from the following resources:",
"links": [
{
"title": "CISM Website",
"url": "https://www.isaca.org/credentialing/cism",
"type": "article"
},
{
"title": "Certified Information Security Manager (CISM)",
"url": "https://www.techtarget.com/searchsecurity/definition/certified-information-security-manager-CISM",
"type": "article"
}
]
},
"nlmATCTgHoIoMcEOW8bUW": {
"title": "GSEC",
"description": "The GIAC Security Essentials Certification (GSEC) is an advanced cybersecurity certification that demonstrates an individual's knowledge and skills in addressing security threats and vulnerabilities in various systems. Developed by the Global Information Assurance Certification (GIAC), this certification is suitable for security professionals, IT managers, and network administrators who want to enhance their expertise in the core cybersecurity concepts and practices.\n\nLearn more from the following resources:",
"links": [
{
"title": "GSEC Certification Website",
"url": "https://www.giac.org/certifications/security-essentials-gsec/",
"type": "article"
}
]
},
"t4h9rEKWz5Us0qJKXhxlX": {
"title": "GPEN",
"description": "The GIAC Penetration Tester (GPEN) certification is an advanced-level credential designed for professionals who want to demonstrate their expertise in the field of penetration testing and ethical hacking. Created by the Global Information Assurance Certification (GIAC) organization, GPEN validates an individual's ability to conduct legal, systematic, and effective penetration tests to assess the security of computer networks, systems, and applications.\n\nLearn more from the following resources:",
"links": [
{
"title": "GPEN Certification Website",
"url": "https://www.giac.org/certifications/penetration-tester-gpen/",
"type": "article"
},
{
"title": "What is the GPEN Certification?",
"url": "https://hackernoon.com/what-is-the-giac-penetration-tester-gpen-certification",
"type": "article"
}
]
},
"rwniCTWfYpKP5gi02Pa9f": {
"title": "GWAPT",
"description": "The GIAC Web Application Penetration Tester (GWAPT) certification validates an individual's ability to perform in-depth web application security assessments and exploit vulnerabilities. GWAPT focuses on using ethical hacking methodologies to conduct web application penetration testing with the goal of identifying, evaluating, and mitigating security risks.\n\nLearn more from the following resources:",
"links": [
{
"title": "GWAPT Certification Website",
"url": "https://www.giac.org/certifications/web-application-penetration-tester-gwapt/",
"type": "article"
}
]
},
"ZiUT-lyIBfHTzG-dwSy96": {
"title": "GIAC",
"description": "GIAC is a globally recognized organization that provides certifications for information security professionals. Established in 1999, its primary aim is to validate the knowledge and skills of professionals in various cybersecurity domains. GIAC certifications focus on practical and hands-on abilities to ensure that certified individuals possess the necessary expertise to tackle real-world cybersecurity challenges.\n\nLearn more from the following resources:",
"links": [
{
"title": "GIAC Website",
"url": "https://www.giac.org/",
"type": "article"
}
]
},
"SwVGVP2bbCFs2uNg9Qtxb": {
"title": "OSCP",
"description": "**OSCP (Offensive Security Certified Professional)** is a widely recognized certification in cybersecurity that focuses on penetration testing and ethical hacking. Offered by Offensive Security, it requires candidates to complete a challenging exam that involves identifying and exploiting vulnerabilities in a controlled environment. The OSCP certification emphasizes hands-on skills, practical experience, and the ability to conduct comprehensive security assessments, making it highly valued by employers for its rigorous approach to real-world penetration testing techniques.\n\nLearn more from the following resources:",
"links": [
{
"title": "Offsec OSCP Site",
"url": "https://www.offsec.com/courses/pen-200/",
"type": "article"
},
{
"title": "How to prepare for the OSCP",
"url": "https://cybersecurityguide.org/programs/cybersecurity-certifications/oscp/",
"type": "article"
}
]
},
"rA1skdztev3-8VmAtIlmr": {
"title": "CREST",
"description": "CREST is a non-profit, accreditation and certification body that represents the technical information security industry. Established in 2008, its mission is to promote the development and professionalization of the cyber security sector. CREST provides certifications for individuals and accreditations for companies, helping customers find knowledgeable and experienced professionals in the field.\n\nLearn more from the following resources:",
"links": [
{
"title": "CREST Certifications Website",
"url": "https://www.crest-approved.org/skills-certifications-careers/crest-certifications/",
"type": "article"
},
{
"title": "A brief overview of CREST",
"url": "https://www.youtube.com/watch?v=Cci5qrv8fHY",
"type": "video"
}
]
},
"BqvijNoRzSGYLCMP-6hhr": {
"title": "CISSP",
"description": "The Certified Information Systems Security Professional (CISSP) is a globally recognized certification offered by the International Information System Security Certification Consortium (ISC)². It is designed for experienced security professionals to validate their knowledge and expertise in the field of information security.\n\nLearn more from the following resources:",
"links": [
{
"title": "CISSP Certification course",
"url": "https://www.youtube.com/watch?v=M1_v5HBVHWo",
"type": "course"
},
{
"title": "CISSP Certification Website",
"url": "https://www.isc2.org/certifications/cissp",
"type": "article"
}
]
},
"UY6xdt_V3YMkZxZ1hZLvW": {
"title": "Operating Systems",
"description": "**Operating systems (OS)** are software that manage computer hardware and provide a platform for applications to run. They handle essential functions such as managing memory, processing tasks, controlling input and output devices, and facilitating file management. Key examples include **Windows**, **macOS**, **Linux**, and **Unix**. Each operating system offers different features and interfaces, tailored to specific user needs or system requirements, from desktop computing to server management and embedded systems.\n\nLearn more from the following resources:",
"links": [
{
"title": "What is an operating system?",
"url": "https://www.geeksforgeeks.org/what-is-an-operating-system/",
"type": "article"
},
{
"title": "What is an operating system as fast as possible",
"url": "https://www.youtube.com/watch?v=pVzRTmdd9j0",
"type": "video"
}
]
},
"BNUKEQ4YpZmIhSPQdkHgU": {
"title": "Windows",
"description": "Windows is Microsoft's widely-used operating system for personal computers and servers. It provides a graphical user interface, multitasking capabilities, and supports a vast array of software applications and hardware devices. Windows offers features like file management, user account control, built-in security tools, and regular updates. It comes in various editions for different use cases, from home computing to enterprise environments. Windows integrates with Microsoft's cloud services and includes tools for productivity, gaming, and system management. Its widespread adoption makes it a primary target for both software developers and cybersecurity threats, necessitating regular security updates and patches.\n\nLearn more from the following resources:",
"links": [
{
"title": "Windows Security",
"url": "https://learn.microsoft.com/en-us/windows/security/",
"type": "article"
},
{
"title": "Windows 11 Full Tutorial - A 2 Hour Course to Learn and Master Windows 11",
"url": "https://www.youtube.com/watch?v=UKn-r3X2CLk",
"type": "article"
},
{
"title": "Explore top posts about Windows",
"url": "https://app.daily.dev/tags/windows?ref=roadmapsh",
"type": "article"
}
]
},
"4frVcjYI1VlVU9hQgpwcT": {
"title": "Linux",
"description": "Linux is an open-source, Unix-like operating system kernel first released by Linus Torvalds in 1991. It forms the core of various operating systems known as Linux distributions. Linux is known for its stability, security, and flexibility, making it popular for servers, embedded systems, and increasingly for desktop use. It supports a wide range of hardware and offers powerful command-line interfaces alongside graphical user interfaces. Linux adheres to Unix principles, emphasizing modularity and the philosophy of \"do one thing and do it well.\" Its open-source nature allows for community-driven development and customization. Linux is widely used in cloud computing, supercomputers, and Android devices, and is a fundamental component of the LAMP (Linux, Apache, MySQL, PHP) web server stack.\n\nLearn more from the following resources:",
"links": [
{
"title": "Linux from scratch - Cisco",
"url": "https://www.netacad.com/courses/os-it/ndg-linux-unhatched",
"type": "course"
},
{
"title": "Linux Roadmap",
"url": "https://roadmap.sh/linux",
"type": "article"
},
{
"title": "Linux Commands Cheat Sheet",
"url": "https://cdn.hostinger.com/tutorials/pdf/Linux-Commands-Cheat-Sheet.pdf",
"type": "article"
},
{
"title": "Explore top posts about Linux",
"url": "https://app.daily.dev/tags/linux?ref=roadmapsh",
"type": "article"
},
{
"title": "Linux in 100 Seconds",
"url": "https://www.youtube.com/watch?v=rrB13utjYV4",
"type": "video"
},
{
"title": "Introduction to Linux",
"url": "https://youtu.be/sWbUDq4S6Y8",
"type": "video"
}
]
},
"dztwr-DSckggQbcNIi4_2": {
"title": "MacOS",
"description": "**macOS** is an operating system developed by Apple Inc. for its line of Mac computers. Known for its user-friendly interface and integration with other Apple products, macOS features a Unix-based architecture, offering stability, security, and performance. It includes a suite of built-in applications, such as Safari, Mail, and Finder, and supports a wide range of third-party software. macOS provides seamless integration with services like iCloud, Continuity, and Handoff, enhancing productivity and connectivity across Apple devices. Regular updates and a focus on design and usability make macOS a popular choice for both personal and professional use.\n\nLearn more from the following resources:",
"links": [
{
"title": "MacOS Website",
"url": "https://www.apple.com/uk/macos/macos-sequoia/",
"type": "article"
},
{
"title": "Mac Tutorial for Beginners 2024",
"url": "https://www.youtube.com/watch?v=3jeeFc2Vo1U",
"type": "video"
}
]
},
"02aaEP9E5tlefeGBxf_Rj": {
"title": "Installation and Configuration",
"description": "To effectively protect your systems and data, it is vital to understand how to securely install software and configure settings, as well as assess the implications and potential vulnerabilities during installation and configuration processes.\n\nImportance of Proper Installation and Configuration\n---------------------------------------------------\n\nImproper installation or configuration of software can lead to an array of security risks, including unauthorized access, data breaches, and other harmful attacks. To ensure that your system is safeguarded against these potential threats, it is essential to follow best practices for software installation and configuration:\n\n* **Research the Software**: Before installing any software or application, research its security features and reputation. Check for any known vulnerabilities, recent patches, and the software's overall trustworthiness.\n \n* **Use Official Sources**: Always download software from trusted sources, such as the software vendor's official website. Avoid using third-party download links, as they may contain malicious code or altered software.\n \n* **Verify File Integrity**: Verify the integrity of the downloaded software by checking its cryptographic hash, often provided by the software vendor. This ensures that the software has not been tampered with or corrupted during the download process.\n \n* **Install Updates**: During the installation process, ensure that all available updates and patches are installed, as they may contain vital security fixes.\n \n* **Secure Configurations**: Following the installation, properly configure the software by following the vendor's documentation or industry best practices. This can include adjusting settings related to authentication, encryption, and access control, among other important security parameters.\n \n\nConfiguration Considerations\n----------------------------\n\nWhile software configurations will vary depending on the specific application or system being utilized, there are several key aspects to keep in mind:\n\n* **Least Privilege**: Configure user accounts and permissions with the principle of least privilege. Limit user access to the minimal level necessary to accomplish their tasks, reducing the potential attack surface.\n \n* **Password Policies**: Implement strong password policies, including complexity requirements, minimum password length, and password expiration periods.\n \n* **Encryption**: Enable data encryption to protect sensitive information from unauthorized access. This can include both storage encryption and encryption of data in transit.\n \n* **Firewalls and Network Security**: Configure firewalls and other network security measures to limit the attack surface and restrict unauthorized access to your systems.\n \n* **Logging and Auditing**: Configure logging and auditing to capture relevant security events and allow for analysis in the event of a breach or security incident.\n \n* **Disable Unnecessary Services**: Disable any unused or unnecessary services on your systems. Unnecessary services can contribute to an increased attack surface and potential vulnerabilities.\n \n\nLearn more from the following resources",
"links": []
},
"yXOGqlufAZ69uiBzKFfh6": {
"title": "Different Versions and Differences",
"description": "In the field of cyber security, it is essential to stay up-to-date with different versions of software, tools, and technology, as well as understanding the differences between them. Regularly updating software ensures that you have the latest security features in place to protect yourself from potential threats.\n\nImportance of Versions\n----------------------\n\n* **Security**: Newer versions of software often introduce patches to fix security vulnerabilities. Using outdated software can leave your system exposed to cyber attacks.\n \n* **Features**: Upgrading to a newer version of software can provide access to new features and functionalities, improving the user experience and performance.\n \n* **Compatibility**: As technology evolves, staying up-to-date with versions helps ensure that software or tools are compatible across various platforms and devices.\n \n\nUnderstanding Differences\n-------------------------\n\nWhen we talk about differences in the context of cybersecurity, they can refer to:\n\n* **Software Differences**: Different software or tools offer different features and capabilities, so it's crucial to choose one that meets your specific needs. Additionally, open-source tools may differ from proprietary tools in terms of functionalities, licensing, and costs.\n \n* **Operating System Differences**: Cybersecurity practices may differ across operating systems such as Windows, Linux, or macOS. Each operating system has its own security controls, vulnerabilities, and potential attack vectors.\n \n* **Protocol Differences**: Understanding the differences between various network protocols (HTTP, HTTPS, SSH, FTP, etc.) can help you choose the most secure method for your purposes.\n \n* **Threat Differences**: Various types of cyber threats exist (e.g., malware, phishing, denial-of-service attacks), and it is crucial to understand their differences in order to implement the most effective countermeasures.\n \n\nLearn more from the following resources:",
"links": []
},
"MGitS_eJBoY99zOR-W3F4": {
"title": "Navigating using GUI and CLI",
"description": "Graphical User Interface (GUI)\n------------------------------\n\nA Graphical User Interface (GUI) is a type of user interface that allows users to interact with a software program, computer, or network device using images, icons, and visual indicators. The GUI is designed to make the user experience more intuitive, as it enables users to perform tasks using a mouse and a keyboard without having to delve into complex commands. Most modern operating systems (Windows, macOS, and Linux) offer GUIs as the primary means of interaction.\n\n**Advantages of GUI:**\n\n* User-friendly and visually appealing\n* Easier for beginners to learn and navigate\n* Reduces the need to memorize complex commands\n\n**Disadvantages of GUI:**\n\n* Consumes more system resources (memory, CPU) than CLI\n* Some advanced features might not be available or accessibly as quickly compared to CLI\n\nCommand Line Interface (CLI)\n----------------------------\n\nA Command Line Interface (CLI) is a text-based interface that allows users to interact with computer programs or network devices directly through commands that are entered via a keyboard. CLIs are used in a variety of contexts, including operating systems (e.g., Windows Command Prompt or PowerShell, macOS Terminal, and Linux shell), network devices (such as routers and switches), and some software applications.\n\n**Advantages of CLI:**\n\n* Faster and more efficient in performing tasks once commands are known\n* Requires fewer system resources (memory, CPU) than GUI\n* Provides more control and advanced features for experienced users\n\n**Disadvantages of CLI:**\n\n* Steeper learning curve for beginners\n* Requires memorization or reference material for commands and syntax\n\nBy understanding how to navigate and use both GUI and CLI, you will be better equipped to manage and secure your computer systems and network devices, as well as perform various cyber security tasks that may require a combination of these interfaces. It is essential to be familiar with both methods, as some tasks may require the precision and control offered by CLI, while others may be more efficiently performed using a GUI.",
"links": []
},
"bTfL7cPOmBBFl-eHxUJI6": {
"title": "Understand Permissions",
"description": "Permissions in computing systems define the level of access and actions allowed for users or processes on files, directories, and resources. They typically include read (ability to view content), write (ability to modify), and execute (ability to run programs or scripts) privileges. Permissions are fundamental to system security, data protection, and user management, controlling who can access, modify, or run specific resources. In Unix-like systems, permissions are often represented as rwx (read, write, execute) for owner, group, and others. Windows systems use Access Control Lists (ACLs) for more granular control. Proper permission management is crucial for maintaining system integrity, preventing unauthorized access, and ensuring compliance with security policies and regulations.\n\nLearn more from the following resources:",
"links": [
{
"title": "Linux File Permissions (Linux Journey)",
"url": "https://linuxjourney.com/lesson/file-permissions",
"type": "article"
},
{
"title": "Linux Crash Course - Understanding File Permissions",
"url": "https://www.youtube.com/watch?v=4N4Q576i3zA",
"type": "video"
},
{
"title": "Managing Windows permissions with CLI (Icacls)",
"url": "https://www.youtube.com/watch?v=ddtc2rgtgAI",
"type": "video"
}
]
},
"Ot3LGpM-CT_nKsNqIKIye": {
"title": "Installing Software and Applications",
"description": "In the realm of cyber security, installing apps safely and securely is vital to protect your devices and personal information. In this guide, we'll cover some essential steps to follow when installing apps on your devices.\n\nChoose trusted sources\n----------------------\n\nTo ensure the safety of your device, always choose apps from trusted sources, such as official app stores (e.g., Google Play Store for Android or Apple's App Store for iOS devices). These app stores have strict guidelines and often review apps for malicious content before making them available for download.\n\nResearch the app and its developer\n----------------------------------\n\nBefore installing an app, it is essential to research the app and its developer thoroughly. Check for app reviews from other users and look for any red flags related to security or privacy concerns. Investigate the developer's web presence and reputation to ensure they can be trusted.\n\nCheck app permissions\n---------------------\n\nBefore installing an app, always review the permissions requested. Be aware of any unusual permissions that do not correspond with the app's functionality. If an app is asking for access to your contacts, GPS, or microphone, and there isn't a reasonable explanation for why it needs this information, it could be a potential security risk.\n\nKeep your device and apps updated\n---------------------------------\n\nTo maintain your device's security, always install updates as soon as they become available. This applies not only to the apps but also to the operating system of your device. Updates often include security patches that fix known vulnerabilities, so it is essential to keep everything up to date.\n\nInstall a security app\n----------------------\n\nConsider installing a security app from a reputable company to protect your device against malware, viruses, and other threats. These apps can monitor for suspicious activity, scan for malicious software, and help keep your device secure.\n\nUninstall unused apps\n---------------------\n\nRegularly review the apps on your device and uninstall any that are no longer being used. This will not only free up storage space but also reduce potential security risks that might arise if these apps are not maintained or updated by their developers.\n\nBy following these guidelines, you can significantly increase your device's security and protect your valuable data from cyber threats.",
"links": []
},
"zRXyoJMap9irOYo3AdHE8": {
"title": "Performing CRUD on Files",
"description": "Performing CRUD operations on files involves creating new files (using write mode), reading file contents (using read mode), updating files (by appending or overwriting existing content), and deleting files (using commands or functions like `os.remove()` in Python). These basic operations are fundamental for managing file data in various applications.\n\nLearn more from the following resources:",
"links": [
{
"title": "What is CRUD?",
"url": "https://www.crowdstrike.com/cybersecurity-101/observability/crud/",
"type": "article"
},
{
"title": "CRUD Operations",
"url": "https://www.freecodecamp.org/news/crud-operations-explained/",
"type": "article"
},
{
"title": "What is CRUD?",
"url": "https://www.youtube.com/watch?v=iNkspbIfcic",
"type": "video"
}
]
},
"xeRWOX1fWQDLNLWMAFTEe": {
"title": "Troubleshooting",
"description": "Troubleshooting is a systematic approach to problem-solving used to identify, diagnose, and resolve issues in complex systems, particularly in technology and engineering fields. It involves a step-by-step process of gathering information, identifying symptoms, formulating hypotheses, testing potential solutions, and implementing fixes. Effective troubleshooting requires analytical thinking, deep knowledge of the system in question, and often the use of diagnostic tools. In IT and network environments, common troubleshooting steps include checking physical connections, verifying configurations, analyzing logs, and isolating variables. The goal is to efficiently pinpoint the root cause of a problem and implement an appropriate solution, minimizing downtime and restoring normal operations as quickly as possible.\n\nLearn more from the following resources:",
"links": [
{
"title": "Problem Solve",
"url": "https://www.techtarget.com/searchsecurity/info/problemsolve",
"type": "article"
},
{
"title": "Steps for Network Troubleshooting",
"url": "https://www.youtube.com/watch?v=1i3XdhC2ZAs",
"type": "video"
}
]
},
"WDrSO7wBNn-2jB8mcyT7j": {
"title": "Common Commands",
"description": "Common operating system (OS) commands are essential for interacting with a system's shell or command-line interface (CLI). These commands allow users to perform a wide range of tasks, such as navigating the file system, managing files and directories, checking system status, and administering processes. Below are some commonly used commands across Unix/Linux and Windows operating systems:\n\n1. **Navigating the File System:**\n \n * Unix/Linux: `ls` (list files), `cd` (change directory), `pwd` (print working directory)\n * Windows: `dir` (list files), `cd` (change directory), `echo %cd%` (print working directory)\n2. **File and Directory Management:**\n \n * Unix/Linux: `cp` (copy files), `mv` (move/rename files), `rm` (remove files), `mkdir` (create directory)\n * Windows: `copy` (copy files), `move` (move/rename files), `del` (delete files), `mkdir` (create directory)\n3. **System Information and Processes:**\n \n * Unix/Linux: `top` or `htop` (view running processes), `ps` (list processes), `df` (disk usage), `uname` (system info)\n * Windows: `tasklist` (list processes), `taskkill` (kill process), `systeminfo` (system details)\n4. **File Permissions and Ownership:**\n \n * Unix/Linux: `chmod` (change file permissions), `chown` (change file ownership)\n * Windows: `icacls` (modify access control lists), `attrib` (change file attributes)\n5. **Network Commands:**\n \n * Unix/Linux: `ping` (test network connection), `ifconfig` or `ip` (network interface configuration), `netstat` (network statistics)\n * Windows: `ping` (test network connection), `ipconfig` (network configuration), `netstat` (network statistics)\n\nThese commands form the foundation of interacting with and managing an OS via the command line, providing greater control over system operations compared to graphical interfaces.\n\nLearn more from the following resources:",
"links": [
{
"title": "60 Linux commands you must know",
"url": "https://www.youtube.com/watch?v=gd7BXuUQ91w",
"type": "video"
},
{
"title": "Top 40 Windows commands to know",
"url": "https://www.youtube.com/watch?v=Jfvg3CS1X3A",
"type": "video"
}
]
},
"gSLr-Lc119eX9Ig-kDzJ2": {
"title": "Networking Knowledge",
"description": "**Networking knowledge** encompasses understanding the principles, technologies, and protocols involved in connecting and managing networks. Key areas include:\n\n* **Network Protocols**: Familiarity with protocols like TCP/IP, DNS, DHCP, and HTTP, which govern data transmission and communication between devices.\n* **Network Topologies**: Knowledge of network architectures such as star, ring, mesh, and hybrid topologies, which influence how devices are interconnected.\n* **IP Addressing and Subnetting**: Understanding IP address allocation, subnetting, and CIDR notation for organizing and managing network addresses.\n* **Network Devices**: Knowledge of routers, switches, firewalls, and access points, and their roles in directing traffic, providing security, and enabling connectivity.\n* **Network Security**: Awareness of security measures like VPNs, firewalls, IDS/IPS, and encryption to protect data and prevent unauthorized access.\n* **Troubleshooting**: Skills in diagnosing and resolving network issues using tools like ping, traceroute, and network analyzers.\n\nThis knowledge is essential for designing, implementing, and maintaining effective and secure network infrastructures.\n\nLearn more from the following resources:",
"links": [
{
"title": "What are Network Protocols?",
"url": "https://www.solarwinds.com/resources/it-glossary/network-protocols",
"type": "article"
},
{
"title": "Types of Network Topology",
"url": "https://www.geeksforgeeks.org/types-of-network-topology/",
"type": "article"
}
]
},
"OXUd1UPPsBhNoUGLKZJGV": {
"title": "Understand the OSI Model",
"description": "The OSI (Open Systems Interconnection) Model is a conceptual framework that describes how data communication occurs between devices in a network. It consists of seven layers, each with specific functions:\n\n1. Physical: Deals with physical transmission media\n2. Data Link: Handles error-free transfer between adjacent nodes\n3. Network: Manages addressing and routing\n4. Transport: Ensures end-to-end data delivery and flow control\n5. Session: Establishes, manages, and terminates connections\n6. Presentation: Formats and encrypts data for the application layer\n7. Application: Provides network services to end-user applications\n\nLearn more from the following resources:",
"links": [
{
"title": "What is OSI Model? - AWS",
"url": "https://aws.amazon.com/what-is/osi-model/",
"type": "article"
},
{
"title": "What is OSI Model?",
"url": "https://www.youtube.com/watch?v=Ilk7UXzV_Qc",
"type": "video"
}
]
},
"ViF-mpR17MB3_KJ1rV8mS": {
"title": "Common Protocols and their Uses",
"description": "Networking protocols are essential for facilitating communication between devices and systems across networks. In cybersecurity, understanding these protocols is crucial for identifying potential vulnerabilities and securing data transmission. Common protocols include TCP/IP, the foundation of internet communication, which ensures reliable data delivery. HTTP and HTTPS are used for web browsing, with HTTPS providing encrypted connections. FTP and SFTP handle file transfers, while SMTP, POP3, and IMAP manage email services. DNS translates domain names to IP addresses, and DHCP automates IP address assignment. SSH enables secure remote access and management of systems. Other important protocols include TLS/SSL for encryption, SNMP for network management, and VPN protocols like IPsec and OpenVPN for secure remote connections. Cybersecurity professionals must be well-versed in these protocols to effectively monitor network traffic, implement security measures, and respond to potential threats targeting specific protocol vulnerabilities.\n\nLearn more from the following resources:",
"links": [
{
"title": "12 common network protocols",
"url": "https://www.techtarget.com/searchnetworking/feature/12-common-network-protocols-and-their-functions-explained",
"type": "article"
},
{
"title": "Networking For Hackers! (Common Network Protocols)",
"url": "https://www.youtube.com/watch?v=p3vaaD9pn9I",
"type": "video"
}
]
},
"0tx2QYDYXhm85iYrCWd9U": {
"title": "Common Ports and their Uses",
"description": "Common ports are standardized communication endpoints used by various network protocols and services. In cybersecurity, understanding these ports is crucial for configuring firewalls, detecting potential threats, and managing network traffic. Some widely used ports include 80 and 443 for HTTP and HTTPS web traffic, 22 for SSH secure remote access, 25 for SMTP email transmission, and 53 for DNS name resolution. FTP typically uses port 21 for control and 20 for data transfer, while ports 137-139 and 445 are associated with SMB file sharing. Database services often use specific ports, such as 3306 for MySQL and 1433 for Microsoft SQL Server. Cybersecurity professionals must be familiar with these common ports and their expected behaviors to effectively monitor network activities, identify anomalies, and secure systems against potential attacks targeting specific services.\n\nLearn more from the following resources:",
"links": [
{
"title": "Common network ports you should know",
"url": "https://opensource.com/article/18/10/common-network-ports",
"type": "article"
},
{
"title": "Common network ports",
"url": "https://www.youtube.com/watch?v=dh8h-4u7Wak",
"type": "video"
}
]
},
"dJ0NUsODFhk52W2zZxoPh": {
"title": "SSL and TLS Basics",
"description": "Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are cryptographic protocols used to provide security in internet communications. These protocols encrypt the data that is transmitted over the web, so anyone who tries to intercept packets will not be able to interpret the data. One difference that is important to know is that SSL is now deprecated due to security flaws, and most modern web browsers no longer support it. But TLS is still secure and widely supported, so preferably use TLS.\n\nLearn more from the following resources:",
"links": [
{
"title": "What’s the Difference Between SSL and TLS?",
"url": "https://aws.amazon.com/compare/the-difference-between-ssl-and-tls/",
"type": "article"
},
{
"title": "TLS vs SSL - What's the Difference?",
"url": "https://www.youtube.com/watch?v=J7fI_jH7L84",
"type": "video"
}
]
},
"umbMBQ0yYmB5PgWfY6zfO": {
"title": "Basics of NAS and SAN",
"description": "Network Attached Storage (NAS) and Storage Area Network (SAN) are both technologies used for storing and managing data, but they operate in different ways and serve different purposes. NAS is a dedicated file storage device that connects to a network, allowing multiple users and devices to access files over a shared network. It operates at the file level and uses standard networking protocols such as NFS or SMB/CIFS, making it easy to set up and manage, especially for small to medium-sized businesses. NAS devices are ideal for sharing files, providing backups, and enabling centralized data access across multiple users in a local network.\n\nSAN, on the other hand, is a high-performance, specialized network designed to provide block-level storage, which means it acts as a direct-attached storage device to servers. SAN uses protocols such as Fibre Channel or iSCSI and is typically employed in large enterprise environments where fast, high-capacity, and low-latency storage is critical for applications like databases and virtualized systems. While NAS focuses on file sharing across a network, SAN is designed for more complex, high-speed data management, enabling servers to access storage as if it were directly connected to them. Both NAS and SAN are vital components of modern data storage infrastructure but are chosen based on the specific performance, scalability, and management needs of the organization.\n\nLearn more from the following resources:",
"links": [
{
"title": "NAS vs SAN - What are the differences?",
"url": "https://www.backblaze.com/blog/whats-the-diff-nas-vs-san/",
"type": "article"
},
{
"title": "What is a NAS",
"url": "https://www.youtube.com/watch?v=ZwhT-KI16jo",
"type": "video"
},
{
"title": "What is a Storage Area Network",
"url": "https://www.youtube.com/watch?v=7eGw4vhyeTA",
"type": "video"
}
]
},
"E8Z7qFFW-I9ivr0HzoXCq": {
"title": "Basics of Subnetting",
"description": "Subnetting is a technique used in computer networking to divide a large network into smaller, more manageable sub-networks, or \"subnets.\" It enhances network performance and security by reducing broadcast traffic and enabling better control over IP address allocation. Each subnet has its own range of IP addresses, which allows network administrators to optimize network traffic and reduce congestion by isolating different sections of a network. In subnetting, an IP address is split into two parts: the network portion and the host portion. The network portion identifies the overall network, while the host portion identifies individual devices within that network. Subnet masks are used to define how much of the IP address belongs to the network and how much is reserved for hosts. By adjusting the subnet mask, administrators can create multiple subnets from a single network, with each subnet having a limited number of devices. Subnetting is particularly useful for large organizations, allowing them to efficiently manage IP addresses, improve security by segmenting different parts of the network, and control traffic flow by minimizing unnecessary data transmissions between segments.\n\nLearn more from the following resources:",
"links": [
{
"title": "Networking Basics: What is IPv4 Subnetting?",
"url": "https://www.cbtnuggets.com/blog/technology/networking/networking-basics-what-is-ipv4-subnetting",
"type": "article"
},
{
"title": "Lets subnet your home network!",
"url": "https://www.youtube.com/watch?v=mJ_5qeqGOaI&list=PLIhvC56v63IKrRHh3gvZZBAGvsvOhwrRF&index=6",
"type": "video"
},
{
"title": "Subnetting for hackers",
"url": "https://www.youtube.com/watch?v=o0dZFcIFIAw",
"type": "video"
}
]
},
"2nQfhnvBjJg1uDZ28aE4v": {
"title": "Public vs Private IP Addresses",
"description": "Public addresses are IP addresses assigned to devices directly accessible over the internet, allowing them to communicate with external networks and services. In contrast, private addresses are used within local networks and are not routable over the internet, providing a way for devices within a private network to communicate with each other while conserving public IP address space. Public addresses are unique across the internet, whereas private addresses are reused across different local networks and are typically managed by network address translation (NAT) to interface with public networks.\n\nLearn more from the following resources:",
"links": [
{
"title": "Public vs Private IP Addresses",
"url": "https://www.avast.com/c-ip-address-public-vs-private",
"type": "article"
},
{
"title": "What is the difference between public and private ip?",
"url": "https://www.youtube.com/watch?v=R6Czae6Iow4&t=1s",
"type": "video"
}
]
},
"0TWwox-4pSwuXojI8ixFO": {
"title": "localhost",
"description": "**Localhost** refers to the standard hostname used to access the local computer on which a network service or application is running. It resolves to the loopback IP address `127.0.0.1` for IPv4 or `::1` for IPv6. When you connect to `localhost`, you're effectively communicating with your own machine, allowing you to test and debug network services or applications locally without accessing external networks.\n\nLearn more from the following resources:",
"links": [
{
"title": "What is localhost?",
"url": "https://www.freecodecamp.org/news/what-is-localhost/",
"type": "article"
},
{
"title": "What is localhost? | Explained",
"url": "https://www.youtube.com/watch?v=m98GX51T5dI",
"type": "video"
}
]
},
"W_oloLu2Euz5zRSy7v_T8": {
"title": "loopback",
"description": "**Loopback** refers to a special network interface used to send traffic back to the same device for testing and diagnostic purposes. The loopback address for IPv4 is `127.0.0.1`, while for IPv6 it is `::1`. When a device sends a request to the loopback address, the network data does not leave the local machine; instead, it is processed internally, allowing developers to test applications or network services without requiring external network access. Loopback is commonly used to simulate network traffic, check local services, or debug issues locally.\n\nLearn more from the following resources:",
"links": [
{
"title": "What is a loopback address?",
"url": "https://www.geeksforgeeks.org/what-is-a-loopback-address/",
"type": "article"
},
{
"title": "Understanding the loopback address and loopback interfaces",
"url": "https://study-ccna.com/loopback-interface-loopback-address/",
"type": "article"
}
]
},
"PPIH1oHW4_ZDyD3U3shDg": {
"title": "CIDR",
"description": "CIDR, or Classless Inter-Domain Routing, is a method of allocating IP addresses and routing Internet Protocol packets in a more flexible and efficient way, compared to the older method of Classful IP addressing. Developed in the early 1990s, CIDR helps to slow down the depletion of IPv4 addresses and reduce the size of routing tables, resulting in better performance and scalability of the Internet.\n\nCIDR achieves its goals by replacing the traditional Class A, B, and C addressing schemes with a system that allows for variable-length subnet masking (VLSM). In CIDR, an IP address and its subnet mask are written together as a single entity, referred to as a _CIDR notation_.\n\nA CIDR notation looks like this: `192.168.1.0/24`. Here, `192.168.1.0` is the IP address, and `/24` represents the subnet mask. The number after the slash (/) is called the _prefix length_, which indicates how many bits of the subnet mask should be set to 1 (bitmask). The remaining bits of the subnet mask are set to 0.\n\nLearn more from the following resources:",
"links": [
{
"title": "What is CIDR?",
"url": "https://aws.amazon.com/what-is/cidr/",
"type": "article"
},
{
"title": "What is Network CIDR Notation?",
"url": "https://www.youtube.com/watch?v=tpa9QSiiiUo",
"type": "video"
}
]
},
"f-v8qtweWXFY_Ryo3oYUF": {
"title": "subnet mask",
"description": "A subnet mask is a 32-bit number used in IP networking to divide an IP address into network and host portions. It determines which part of an IP address refers to the network and which part refers to the host. Subnet masks enable network administrators to create subnetworks, improving network efficiency and security by controlling traffic flow between subnets. Common subnet masks include 255.255.255.0 (for a /24 network) and 255.255.0.0 (for a /16 network). Subnetting helps in efficient IP address allocation, reduces broadcast traffic, and enhances network performance. Understanding subnet masks is crucial for network configuration, troubleshooting, and implementing effective network segmentation strategies.\n\nLearn more from the following resources:",
"links": [
{
"title": "What Is a Subnet Mask?",
"url": "https://www.spiceworks.com/tech/networking/articles/what-is-subnet-mask/",
"type": "article"
},
{
"title": "What is a subnet mask?",
"url": "https://www.youtube.com/watch?v=s_Ntt6eTn94",
"type": "video"
}
]
},
"5rKaFtjYx0n2iF8uTLs8X": {
"title": "default gateway",
"description": "A default gateway is a network node, typically a router or a firewall, that serves as the access point or intermediary between a local network and external networks, such as the internet. When a device on a local network needs to communicate with a device outside its own subnet—such as accessing a website or sending an email—it sends the data to the default gateway, which then routes it to the appropriate external destination. The default gateway acts as a traffic director, ensuring that data packets are correctly forwarded between the internal network and external networks, making it a crucial component for enabling communication beyond the local network's boundaries.\n\nLearn more from the following resources:",
"links": [
{
"title": "What is a default gateway?",
"url": "https://nordvpn.com/blog/what-is-a-default-gateway/?srsltid=AfmBOoosi5g4acnT9Gv_B86FMGr72hWDhk8J-4jr1HvxPCSu96FikCyw",
"type": "article"
},
{
"title": "Routers and Default Gateways",
"url": "https://www.youtube.com/watch?v=JOomC1wFrbU",
"type": "video"
}
]
},
"d5Cv3EXf6OXW19yPJ4x6e": {
"title": "VLAN",
"description": "A Virtual Local Area Network (VLAN) is a logical segmentation of a physical network, allowing multiple isolated networks to exist on the same physical infrastructure. VLANs group devices together based on function, department, or application, regardless of their physical location. They improve network performance by reducing broadcast traffic, enhance security by isolating sensitive systems, and provide flexibility in network design and management. VLANs are configured on network switches using IEEE 802.1Q standard, which adds tags to Ethernet frames to identify VLAN membership. This technology is crucial for efficient network administration in large enterprises, data centers, and complex network environments.\n\nLearn more from the following resources:",
"links": [
{
"title": "What is a VLAN?",
"url": "https://www.solarwinds.com/resources/it-glossary/vlan",
"type": "article"
},
{
"title": "VLAN Explained",
"url": "https://www.youtube.com/watch?v=jC6MJTh9fRE",
"type": "video"
}
]
},
"gfpvDQz61I3zTB7tGu7vp": {
"title": "DMZ",
"description": "A **DMZ**, also known as a **Demilitarized Zone**, is a specific part of a network that functions as a buffer or separation between an organization's internal, trusted network and the external, untrusted networks like the internet. The primary purpose of a DMZ is to isolate critical systems and data from the potentially hostile external environment and provide an extra layer of security.\n\nLearn more from the following resources:",
"links": [
{
"title": "What is a DMZ network?",
"url": "https://www.fortinet.com/resources/cyberglossary/what-is-dmz",
"type": "article"
},
{
"title": "DMZ explained",
"url": "https://www.youtube.com/watch?v=48QZfBeU4ps",
"type": "video"
}
]
},
"M52V7hmG4ORf4TIVw3W3J": {
"title": "ARP",
"description": "Address Resolution Protocol (ARP) is a crucial mechanism used in networking that allows the Internet Protocol (IP) to map an IP address to a corresponding physical address, commonly known as a Media Access Control (MAC) address. This protocol is essential for enabling devices within a Local Area Network (LAN) to communicate by translating IP addresses into specific hardware addresses.\n\nWhen one device on a LAN wants to communicate with another, it needs to know the MAC address associated with the target device’s IP address. ARP facilitates this by sending out an ARP request, which broadcasts the target IP to all devices in the network. Each device checks the requested IP against its own. The device that recognizes the IP as its own responds with an ARP reply, which includes its MAC address.\n\nOnce the requesting device receives the MAC address, it updates its ARP cache—a table that stores IP-to-MAC address mappings—allowing it to send data directly to the correct hardware address.\n\nLearn more from the following resources:",
"links": [
{
"title": "What is Address Resolution Protocol?",
"url": "https://www.fortinet.com/resources/cyberglossary/what-is-arp",
"type": "article"
},
{
"title": "ARP Explained",
"url": "https://www.youtube.com/watch?v=cn8Zxh9bPio",
"type": "video"
}
]
},
"ZTC5bLWEIQcdmowc7sk_E": {
"title": "VM",
"description": "A Virtual Machine (VM) is a software-based emulation of a physical computer. It runs an operating system and applications, isolated from the underlying hardware. VMs allow multiple \"guest\" operating systems to run on a single physical \"host\" machine, each with its own allocated virtual resources (CPU, memory, storage). This technology enables efficient hardware utilization, easier system administration, and improved security through isolation. VMs are widely used in cloud computing, software development, testing environments, and for running legacy applications. Hypervisors, such as VMware vSphere or Microsoft Hyper-V, manage the creation and operation of VMs on physical hardware.\n\nLearn more from the following resources:",
"links": [
{
"title": "What is a Virtual Machine and how does it work?",
"url": "https://azure.microsoft.com/en-gb/resources/cloud-computing-dictionary/what-is-a-virtual-machine",
"type": "article"
},
{
"title": "Explore top posts about Infrastructure",
"url": "https://app.daily.dev/tags/infrastructure?ref=roadmapsh",
"type": "article"
},
{
"title": "Virtualization Explained",
"url": "https://www.youtube.com/watch?v=UBVVq-xz5i0",
"type": "video"
}
]
},
"T4312p70FqRBkzVfWKMaR": {
"title": "DHCP",
"description": "The Dynamic Host Configuration Protocol (DHCP) is a network management protocol used to automatically assign IP addresses and other network configuration details, such as subnet masks, default gateways, and DNS servers, to devices on a network. When a device, such as a computer or smartphone, connects to a network, it sends a request to the DHCP server, which then dynamically assigns an available IP address from a defined range and provides the necessary configuration information. This process simplifies network management by eliminating the need for manual IP address assignment and reduces the risk of IP conflicts, ensuring that devices can seamlessly join the network and communicate with other devices and services.\n\nLearn more from the following resources:",
"links": [
{
"title": "Dynamic Host Configuration Protocol (DHCP)",
"url": "https://learn.microsoft.com/en-us/windows-server/networking/technologies/dhcp/dhcp-top",
"type": "article"
},
{
"title": "What is DHCP and how does it work?",
"url": "https://www.youtube.com/watch?v=ldtUSSZJCGg",
"type": "video"
}
]
},
"ORIdKG8H97VkBUYpiDtXf": {
"title": "DNS",
"description": "The Domain Name System (DNS) is a fundamental protocol of the internet that translates human-readable domain names, like `www.example.com`, into IP addresses, such as `192.0.2.1`, which are used by computers to locate and communicate with each other. Essentially, DNS acts as the internet's phonebook, enabling users to access websites and services without needing to memorize numerical IP addresses. When a user types a domain name into a browser, a DNS query is sent to a DNS server, which then resolves the domain into its corresponding IP address, allowing the browser to connect to the appropriate server. DNS is crucial for the functionality of the internet, as it underpins virtually all online activities by ensuring that requests are routed to the correct destinations.\n\nLearn more from the following resources:",
"links": [
{
"title": "What is DNS?",
"url": "https://www.cloudflare.com/en-gb/learning/dns/what-is-dns/",
"type": "article"
},
{
"title": "DNS Explained in 100 Seconds",
"url": "https://www.youtube.com/watch?v=UVR9lhUGAyU",
"type": "video"
},
{
"title": "What is DNS?",
"url": "https://www.youtube.com/watch?v=nyH0nYhMW9M",
"type": "video"
}
]
},
"Kkd3f_0OYNCdpDgrJ-_Ju": {
"title": "NAT",
"description": "**Network Address Translation (NAT)** is a method used to modify IP address information in packet headers while they are in transit across a network. NAT allows multiple devices on a private network to share a single public IP address for accessing external resources, helping conserve the limited number of available public IP addresses. It also enhances security by hiding internal IP addresses from the public internet. Common types of NAT include **Static NAT** (one-to-one mapping), **Dynamic NAT** (many-to-many mapping), and **Port Address Translation (PAT)** or **NAT overload** (many-to-one mapping, commonly used in home routers).\n\nLearn more from the following resources:",
"links": [
{
"title": "How NAT Works",
"url": "https://www.comptia.org/content/guides/what-is-network-address-translation",
"type": "article"
},
{
"title": "NAT explained",
"url": "https://www.youtube.com/watch?v=FTUV0t6JaDA",
"type": "video"
}
]
},
"FdoqB2---uDAyz6xZjk_u": {
"title": "IP",
"description": "IP, or Internet Protocol, is a fundamental concept in cybersecurity that refers to the way data is transferred across networks, specifically the internet. It is a core component of the internet's architecture and serves as the primary building block for communication between devices connected to the network. An IP address is a unique identifier assigned to each device connected to a network, like a computer or smartphone. It comprises a series of numbers separated by dots (e.g., 192.168.1.1). IP addresses can be either IPv4 (32-bit) or the newer IPv6 (128-bit) format, which provides more available addresses. They allow devices to send and receive data packets to and from other devices on the internet.\n\nLearn more from the following resources:",
"links": [
{
"title": "What is an IP address and what does it mean?",
"url": "https://www.kaspersky.com/resource-center/definitions/what-is-an-ip-address",
"type": "article"
},
{
"title": "Whats an IP address?",
"url": "https://www.youtube.com/watch?v=6is6Gulh7qE",
"type": "video"
}
]
},
"lwSFIbIX-xOZ0QK2sGFb1": {
"title": "Router",
"description": "Amazon Simple Storage Service (S3) is a scalable, object-based cloud storage service provided by AWS. It allows users to store and retrieve large amounts of data, such as files, backups, or media content, with high durability and availability. S3 is designed for flexibility, enabling users to access data from anywhere via the internet while offering security features like encryption and access controls. It is widely used for data storage, content distribution, disaster recovery, and big data analytics, providing cost-effective, scalable storage for a variety of applications.\n\nLearn more from the following resources:",
"links": [
{
"title": "What is a Router",
"url": "https://www.cloudflare.com/en-gb/learning/network-layer/what-is-a-router/",
"type": "article"
},
{
"title": "What is a router and how does it work?",
"url": "https://www.youtube.com/watch?v=UIJzHLpG9bM",
"type": "video"
}
]
},
"r9byGV8XuBPzoqj5ZPf2W": {
"title": "Switch",
"description": "A switch is a network device that operates at the data link layer (Layer 2) of the OSI model, connecting multiple devices within a local area network (LAN). It uses MAC addresses to forward data packets between devices, creating separate collision domains for each port. Switches improve network efficiency by sending packets only to their intended destinations, reducing unnecessary traffic. They support full-duplex communication, allowing simultaneous data transmission in both directions. Modern switches often include advanced features like VLANs, port mirroring, and Quality of Service (QoS) management. Switches are fundamental to creating efficient, segmented networks and are crucial components in both small office and large enterprise network infrastructures.\n\nLearn more from the following resources:",
"links": [
{
"title": "What is a network switch?",
"url": "https://www.cloudflare.com/en-gb/learning/network-layer/what-is-a-network-switch/",
"type": "article"
},
{
"title": "What is a SWITCH?",
"url": "https://www.youtube.com/watch?v=9eH16Fxeb9o",
"type": "video"
}
]
},
"gTozEpxJeG1NTkVBHH-05": {
"title": "VPN",
"description": "A Virtual Private Network (VPN) is a secure connection method used to extend private networks across public networks like the Internet. It creates an encrypted tunnel between the user's device and a remote server, masking the user's IP address and encrypting data in transit. VPNs are used for various purposes, including enhancing online privacy, bypassing geographical restrictions, securing communications over public Wi-Fi, and allowing remote access to corporate networks. They employ protocols like OpenVPN, L2TP/IPsec, or WireGuard to ensure data confidentiality and integrity. While VPNs offer significant privacy and security benefits, their effectiveness can vary based on the provider's policies and the specific implementation.\n\nVisit the following resources to learn more:",
Add content to cyber security roadmap (#6757) * Update dns.md - Fix the YouTube video link error and update the video title. * Update understand-cia-triad.md * Update comptia-security.md - Fix all broken links. - Update Exam Details. - Add new links. - Remove outdated links. * Update comptia-network.md - Update Exam Details. - Preparation Resources. - New links. * Update dnssec.md - summarized content. - relevant links. * Update apt.md - New section - Added a new link * Update comptia-a.md - Updated Professor Messer's link - New links added * Apply suggestions from code review * Update attck.md - new content. - relevant links. * Update src/data/roadmaps/cyber-security/content/attck@auR7fNyd77W2UA-PjXeJS.md * Update linux.md, comptia-linux.md and understand-the-osi-model.md Update linux.md - New Links - Remove Google Analytics parameters from link Update comptia-linux.md - Links updated Update understand-the-osi-model.md - New link * Update cissp.md - new resources links * Update src/data/roadmaps/cyber-security/content/cissp@BqvijNoRzSGYLCMP-6hhr.md * update basics-of-ids-and-ips.md - new links * update endpoint-security.md - new links * update edr.md - new text and links. update ssl-and-tls-basics.md - new links update ssl--tls.md - new links update dropbox.md - official link * ipsec.md - new content - new link kali-linux.md - new content linux.md - fix typo * Update src/data/roadmaps/cyber-security/content/kali-linux@w6wXkoLrv0_d-Ah0txUHd.md * change the CEH position to CISSP This is a suggestion, I believe that CEH appears as a highlight due to the larger space and this bothers many people. CISSP is a top professional-level certification in the field of cybersecurity and the the most respected certificate in the IT security field. He really deserves his place in the spotlight. * update xss.md, privilege-escalation.md, wlan.md and others update xss.md - new content update privilege-escalatio.md - new link update core-concepts-of-zero-trust.md - new link update zero-day.md - new content Note: This second zero-day topic is a subset of the "Attack Types and Differences" topic, so the content is minimal compared to the zero-day%40zqRaMmqcLfx400kJ-h0LO.md update wifi.md - new video link update wlan.md - new video links ( professor messer ) * update vpn.md, web-based-attacks-and-owasp.md update vpn.md - new links update web-based-attacks-and-owasp.md - new links * chore: update roadmap content json --------- Co-authored-by: dsh <daniel.s.holdsworth@gmail.com> Co-authored-by: Kamran Ahmed <kamranahmed.se@gmail.com> Co-authored-by: andreluis-oliveira <andreluis-oliveira@users.noreply.github.com>
4 months ago
"links": [
{
"title": "What is a VPN?",
"url": "https://azure.microsoft.com/en-us/resources/cloud-computing-dictionary/what-is-vpn",
"type": "article"
},
Add content to cyber security roadmap (#6757) * Update dns.md - Fix the YouTube video link error and update the video title. * Update understand-cia-triad.md * Update comptia-security.md - Fix all broken links. - Update Exam Details. - Add new links. - Remove outdated links. * Update comptia-network.md - Update Exam Details. - Preparation Resources. - New links. * Update dnssec.md - summarized content. - relevant links. * Update apt.md - New section - Added a new link * Update comptia-a.md - Updated Professor Messer's link - New links added * Apply suggestions from code review * Update attck.md - new content. - relevant links. * Update src/data/roadmaps/cyber-security/content/attck@auR7fNyd77W2UA-PjXeJS.md * Update linux.md, comptia-linux.md and understand-the-osi-model.md Update linux.md - New Links - Remove Google Analytics parameters from link Update comptia-linux.md - Links updated Update understand-the-osi-model.md - New link * Update cissp.md - new resources links * Update src/data/roadmaps/cyber-security/content/cissp@BqvijNoRzSGYLCMP-6hhr.md * update basics-of-ids-and-ips.md - new links * update endpoint-security.md - new links * update edr.md - new text and links. update ssl-and-tls-basics.md - new links update ssl--tls.md - new links update dropbox.md - official link * ipsec.md - new content - new link kali-linux.md - new content linux.md - fix typo * Update src/data/roadmaps/cyber-security/content/kali-linux@w6wXkoLrv0_d-Ah0txUHd.md * change the CEH position to CISSP This is a suggestion, I believe that CEH appears as a highlight due to the larger space and this bothers many people. CISSP is a top professional-level certification in the field of cybersecurity and the the most respected certificate in the IT security field. He really deserves his place in the spotlight. * update xss.md, privilege-escalation.md, wlan.md and others update xss.md - new content update privilege-escalatio.md - new link update core-concepts-of-zero-trust.md - new link update zero-day.md - new content Note: This second zero-day topic is a subset of the "Attack Types and Differences" topic, so the content is minimal compared to the zero-day%40zqRaMmqcLfx400kJ-h0LO.md update wifi.md - new video link update wlan.md - new video links ( professor messer ) * update vpn.md, web-based-attacks-and-owasp.md update vpn.md - new links update web-based-attacks-and-owasp.md - new links * chore: update roadmap content json --------- Co-authored-by: dsh <daniel.s.holdsworth@gmail.com> Co-authored-by: Kamran Ahmed <kamranahmed.se@gmail.com> Co-authored-by: andreluis-oliveira <andreluis-oliveira@users.noreply.github.com>
4 months ago
{
"title": "VPN (Virtual Private Network) Explained",
"url": "https://www.youtube.com/watch?v=R-JUOpCgTZc",
"type": "video"
},
{
"title": "Virtual Private Networks - Professor Messer",
"url": "https://www.youtube.com/watch?v=YFyt8aY8PfI",
"type": "video"
}
]
},
"LrwTMH_1fTd8iB9wJg-0t": {
"title": "MAN",
"description": "A **Metropolitan Area Network (MAN)** is a type of network that spans a city or large campus, connecting multiple local area networks (LANs) within that geographic area. MANs are designed to provide high-speed data transfer and communication services to organizations, institutions, or businesses across a city. They support a variety of applications, including internet access, intranet connectivity, and data sharing among multiple locations. Typically, MANs are faster and cover a broader area than LANs but are smaller in scope compared to wide area networks (WANs).\n\nLearn more from the following resources:",
"links": [
{
"title": "What is a Metropolitan Area Network?",
"url": "https://www.cloudflare.com/en-gb/learning/network-layer/what-is-a-metropolitan-area-network/",
"type": "article"
},
{
"title": "Network Types: MAN",
"url": "https://youtu.be/4_zSIXb7tLQ?si=1jTQ5C9PT4WUOztP&t=183",
"type": "video"
}
]
},
"xWxusBtMEWnd-6n7oqjHz": {
"title": "LAN",
"description": "A Local Area Network (LAN) is a computer network that interconnects computers and devices within a limited area, such as a home, office, school, or small group of buildings. LANs typically use Ethernet or Wi-Fi technologies to enable high-speed data communication among connected devices. They allow for resource sharing, including files, printers, and internet connections. LANs are characterized by higher data transfer rates, lower latency, and more direct control over network configuration and security compared to wide area networks (WANs). Common LAN applications include file sharing, collaborative work, local hosting of websites or services, and networked gaming. The advent of software-defined networking and cloud technologies has expanded LAN capabilities, enabling more flexible and scalable local network infrastructures.\n\nLearn more from the following resources:",
"links": [
{
"title": "What is a LAN?",
"url": "https://www.cisco.com/c/en_uk/products/switches/what-is-a-lan-local-area-network.html",
"type": "article"
},
{
"title": "LAN vs. WAN: What's the Difference?",
"url": "https://www.youtube.com/watch?v=5OoX_cRLaNM",
"type": "video"
}
]
},
"vCkTJMkDXcQmwsmeNUAX5": {
"title": "WAN",
"description": "A Wide Area Network (WAN) is a telecommunications network that extends over a large geographical area, connecting multiple smaller networks like LANs across cities, countries, or continents. WANs use technologies such as leased lines, satellites, cellular networks, or the internet to facilitate long-distance communication. They enable organizations to share data and resources across dispersed locations, supporting remote offices and global operations. WANs typically involve slower transmission speeds compared to LANs due to longer distances and varied connection types. Key considerations for WANs include bandwidth management, security protocols like VPNs, and optimizing performance across diverse network conditions.\n\nLearn more from the following resources:",
Add content to cyber security roadmap (#6757) * Update dns.md - Fix the YouTube video link error and update the video title. * Update understand-cia-triad.md * Update comptia-security.md - Fix all broken links. - Update Exam Details. - Add new links. - Remove outdated links. * Update comptia-network.md - Update Exam Details. - Preparation Resources. - New links. * Update dnssec.md - summarized content. - relevant links. * Update apt.md - New section - Added a new link * Update comptia-a.md - Updated Professor Messer's link - New links added * Apply suggestions from code review * Update attck.md - new content. - relevant links. * Update src/data/roadmaps/cyber-security/content/attck@auR7fNyd77W2UA-PjXeJS.md * Update linux.md, comptia-linux.md and understand-the-osi-model.md Update linux.md - New Links - Remove Google Analytics parameters from link Update comptia-linux.md - Links updated Update understand-the-osi-model.md - New link * Update cissp.md - new resources links * Update src/data/roadmaps/cyber-security/content/cissp@BqvijNoRzSGYLCMP-6hhr.md * update basics-of-ids-and-ips.md - new links * update endpoint-security.md - new links * update edr.md - new text and links. update ssl-and-tls-basics.md - new links update ssl--tls.md - new links update dropbox.md - official link * ipsec.md - new content - new link kali-linux.md - new content linux.md - fix typo * Update src/data/roadmaps/cyber-security/content/kali-linux@w6wXkoLrv0_d-Ah0txUHd.md * change the CEH position to CISSP This is a suggestion, I believe that CEH appears as a highlight due to the larger space and this bothers many people. CISSP is a top professional-level certification in the field of cybersecurity and the the most respected certificate in the IT security field. He really deserves his place in the spotlight. * update xss.md, privilege-escalation.md, wlan.md and others update xss.md - new content update privilege-escalatio.md - new link update core-concepts-of-zero-trust.md - new link update zero-day.md - new content Note: This second zero-day topic is a subset of the "Attack Types and Differences" topic, so the content is minimal compared to the zero-day%40zqRaMmqcLfx400kJ-h0LO.md update wifi.md - new video link update wlan.md - new video links ( professor messer ) * update vpn.md, web-based-attacks-and-owasp.md update vpn.md - new links update web-based-attacks-and-owasp.md - new links * chore: update roadmap content json --------- Co-authored-by: dsh <daniel.s.holdsworth@gmail.com> Co-authored-by: Kamran Ahmed <kamranahmed.se@gmail.com> Co-authored-by: andreluis-oliveira <andreluis-oliveira@users.noreply.github.com>
4 months ago
"links": [
{
"title": "What is a WAN?",
"url": "https://www.cloudflare.com/en-gb/learning/network-layer/what-is-a-wan/",
"type": "article"
Add content to cyber security roadmap (#6757) * Update dns.md - Fix the YouTube video link error and update the video title. * Update understand-cia-triad.md * Update comptia-security.md - Fix all broken links. - Update Exam Details. - Add new links. - Remove outdated links. * Update comptia-network.md - Update Exam Details. - Preparation Resources. - New links. * Update dnssec.md - summarized content. - relevant links. * Update apt.md - New section - Added a new link * Update comptia-a.md - Updated Professor Messer's link - New links added * Apply suggestions from code review * Update attck.md - new content. - relevant links. * Update src/data/roadmaps/cyber-security/content/attck@auR7fNyd77W2UA-PjXeJS.md * Update linux.md, comptia-linux.md and understand-the-osi-model.md Update linux.md - New Links - Remove Google Analytics parameters from link Update comptia-linux.md - Links updated Update understand-the-osi-model.md - New link * Update cissp.md - new resources links * Update src/data/roadmaps/cyber-security/content/cissp@BqvijNoRzSGYLCMP-6hhr.md * update basics-of-ids-and-ips.md - new links * update endpoint-security.md - new links * update edr.md - new text and links. update ssl-and-tls-basics.md - new links update ssl--tls.md - new links update dropbox.md - official link * ipsec.md - new content - new link kali-linux.md - new content linux.md - fix typo * Update src/data/roadmaps/cyber-security/content/kali-linux@w6wXkoLrv0_d-Ah0txUHd.md * change the CEH position to CISSP This is a suggestion, I believe that CEH appears as a highlight due to the larger space and this bothers many people. CISSP is a top professional-level certification in the field of cybersecurity and the the most respected certificate in the IT security field. He really deserves his place in the spotlight. * update xss.md, privilege-escalation.md, wlan.md and others update xss.md - new content update privilege-escalatio.md - new link update core-concepts-of-zero-trust.md - new link update zero-day.md - new content Note: This second zero-day topic is a subset of the "Attack Types and Differences" topic, so the content is minimal compared to the zero-day%40zqRaMmqcLfx400kJ-h0LO.md update wifi.md - new video link update wlan.md - new video links ( professor messer ) * update vpn.md, web-based-attacks-and-owasp.md update vpn.md - new links update web-based-attacks-and-owasp.md - new links * chore: update roadmap content json --------- Co-authored-by: dsh <daniel.s.holdsworth@gmail.com> Co-authored-by: Kamran Ahmed <kamranahmed.se@gmail.com> Co-authored-by: andreluis-oliveira <andreluis-oliveira@users.noreply.github.com>
4 months ago
},
{
"title": "WAN...it's not the internet!",
"url": "https://www.youtube.com/watch?v=xPi4uZu4uF0",
Add content to cyber security roadmap (#6757) * Update dns.md - Fix the YouTube video link error and update the video title. * Update understand-cia-triad.md * Update comptia-security.md - Fix all broken links. - Update Exam Details. - Add new links. - Remove outdated links. * Update comptia-network.md - Update Exam Details. - Preparation Resources. - New links. * Update dnssec.md - summarized content. - relevant links. * Update apt.md - New section - Added a new link * Update comptia-a.md - Updated Professor Messer's link - New links added * Apply suggestions from code review * Update attck.md - new content. - relevant links. * Update src/data/roadmaps/cyber-security/content/attck@auR7fNyd77W2UA-PjXeJS.md * Update linux.md, comptia-linux.md and understand-the-osi-model.md Update linux.md - New Links - Remove Google Analytics parameters from link Update comptia-linux.md - Links updated Update understand-the-osi-model.md - New link * Update cissp.md - new resources links * Update src/data/roadmaps/cyber-security/content/cissp@BqvijNoRzSGYLCMP-6hhr.md * update basics-of-ids-and-ips.md - new links * update endpoint-security.md - new links * update edr.md - new text and links. update ssl-and-tls-basics.md - new links update ssl--tls.md - new links update dropbox.md - official link * ipsec.md - new content - new link kali-linux.md - new content linux.md - fix typo * Update src/data/roadmaps/cyber-security/content/kali-linux@w6wXkoLrv0_d-Ah0txUHd.md * change the CEH position to CISSP This is a suggestion, I believe that CEH appears as a highlight due to the larger space and this bothers many people. CISSP is a top professional-level certification in the field of cybersecurity and the the most respected certificate in the IT security field. He really deserves his place in the spotlight. * update xss.md, privilege-escalation.md, wlan.md and others update xss.md - new content update privilege-escalatio.md - new link update core-concepts-of-zero-trust.md - new link update zero-day.md - new content Note: This second zero-day topic is a subset of the "Attack Types and Differences" topic, so the content is minimal compared to the zero-day%40zqRaMmqcLfx400kJ-h0LO.md update wifi.md - new video link update wlan.md - new video links ( professor messer ) * update vpn.md, web-based-attacks-and-owasp.md update vpn.md - new links update web-based-attacks-and-owasp.md - new links * chore: update roadmap content json --------- Co-authored-by: dsh <daniel.s.holdsworth@gmail.com> Co-authored-by: Kamran Ahmed <kamranahmed.se@gmail.com> Co-authored-by: andreluis-oliveira <andreluis-oliveira@users.noreply.github.com>
4 months ago
"type": "video"
}
]
},
"QCVYF1rmPsMVtklBNDNaB": {
"title": "WLAN",
"description": "A Wireless Local Area Network (WLAN) is a type of computer network that uses wireless data connections to link devices within a limited area. WLANs typically use Wi-Fi technology, allowing devices like laptops, smartphones, and IoT devices to connect to the internet or communicate with each other without physical cable connections. WLANs operate on radio frequencies, usually in the 2.4 GHz or 5 GHz bands, and are set up using wireless routers or access points. They offer flexibility and mobility within the network's range, but require security measures like encryption (e.g., WPA3) to protect against unauthorized access and data interception.\n\nVisit the following resources to learn more:",
"links": [
{
"title": "What Is a Wireless LAN?",
"url": "https://www.cisco.com/c/en/us/products/wireless/wireless-lan.html",
"type": "article"
Add content to cyber security roadmap (#6757) * Update dns.md - Fix the YouTube video link error and update the video title. * Update understand-cia-triad.md * Update comptia-security.md - Fix all broken links. - Update Exam Details. - Add new links. - Remove outdated links. * Update comptia-network.md - Update Exam Details. - Preparation Resources. - New links. * Update dnssec.md - summarized content. - relevant links. * Update apt.md - New section - Added a new link * Update comptia-a.md - Updated Professor Messer's link - New links added * Apply suggestions from code review * Update attck.md - new content. - relevant links. * Update src/data/roadmaps/cyber-security/content/attck@auR7fNyd77W2UA-PjXeJS.md * Update linux.md, comptia-linux.md and understand-the-osi-model.md Update linux.md - New Links - Remove Google Analytics parameters from link Update comptia-linux.md - Links updated Update understand-the-osi-model.md - New link * Update cissp.md - new resources links * Update src/data/roadmaps/cyber-security/content/cissp@BqvijNoRzSGYLCMP-6hhr.md * update basics-of-ids-and-ips.md - new links * update endpoint-security.md - new links * update edr.md - new text and links. update ssl-and-tls-basics.md - new links update ssl--tls.md - new links update dropbox.md - official link * ipsec.md - new content - new link kali-linux.md - new content linux.md - fix typo * Update src/data/roadmaps/cyber-security/content/kali-linux@w6wXkoLrv0_d-Ah0txUHd.md * change the CEH position to CISSP This is a suggestion, I believe that CEH appears as a highlight due to the larger space and this bothers many people. CISSP is a top professional-level certification in the field of cybersecurity and the the most respected certificate in the IT security field. He really deserves his place in the spotlight. * update xss.md, privilege-escalation.md, wlan.md and others update xss.md - new content update privilege-escalatio.md - new link update core-concepts-of-zero-trust.md - new link update zero-day.md - new content Note: This second zero-day topic is a subset of the "Attack Types and Differences" topic, so the content is minimal compared to the zero-day%40zqRaMmqcLfx400kJ-h0LO.md update wifi.md - new video link update wlan.md - new video links ( professor messer ) * update vpn.md, web-based-attacks-and-owasp.md update vpn.md - new links update web-based-attacks-and-owasp.md - new links * chore: update roadmap content json --------- Co-authored-by: dsh <daniel.s.holdsworth@gmail.com> Co-authored-by: Kamran Ahmed <kamranahmed.se@gmail.com> Co-authored-by: andreluis-oliveira <andreluis-oliveira@users.noreply.github.com>
4 months ago
},
{
"title": "Wireless Networking Explained | Cisco CCNA 200-301",
"url": "https://www.youtube.com/watch?v=Uz-RTurph3c",
Add content to cyber security roadmap (#6757) * Update dns.md - Fix the YouTube video link error and update the video title. * Update understand-cia-triad.md * Update comptia-security.md - Fix all broken links. - Update Exam Details. - Add new links. - Remove outdated links. * Update comptia-network.md - Update Exam Details. - Preparation Resources. - New links. * Update dnssec.md - summarized content. - relevant links. * Update apt.md - New section - Added a new link * Update comptia-a.md - Updated Professor Messer's link - New links added * Apply suggestions from code review * Update attck.md - new content. - relevant links. * Update src/data/roadmaps/cyber-security/content/attck@auR7fNyd77W2UA-PjXeJS.md * Update linux.md, comptia-linux.md and understand-the-osi-model.md Update linux.md - New Links - Remove Google Analytics parameters from link Update comptia-linux.md - Links updated Update understand-the-osi-model.md - New link * Update cissp.md - new resources links * Update src/data/roadmaps/cyber-security/content/cissp@BqvijNoRzSGYLCMP-6hhr.md * update basics-of-ids-and-ips.md - new links * update endpoint-security.md - new links * update edr.md - new text and links. update ssl-and-tls-basics.md - new links update ssl--tls.md - new links update dropbox.md - official link * ipsec.md - new content - new link kali-linux.md - new content linux.md - fix typo * Update src/data/roadmaps/cyber-security/content/kali-linux@w6wXkoLrv0_d-Ah0txUHd.md * change the CEH position to CISSP This is a suggestion, I believe that CEH appears as a highlight due to the larger space and this bothers many people. CISSP is a top professional-level certification in the field of cybersecurity and the the most respected certificate in the IT security field. He really deserves his place in the spotlight. * update xss.md, privilege-escalation.md, wlan.md and others update xss.md - new content update privilege-escalatio.md - new link update core-concepts-of-zero-trust.md - new link update zero-day.md - new content Note: This second zero-day topic is a subset of the "Attack Types and Differences" topic, so the content is minimal compared to the zero-day%40zqRaMmqcLfx400kJ-h0LO.md update wifi.md - new video link update wlan.md - new video links ( professor messer ) * update vpn.md, web-based-attacks-and-owasp.md update vpn.md - new links update web-based-attacks-and-owasp.md - new links * chore: update roadmap content json --------- Co-authored-by: dsh <daniel.s.holdsworth@gmail.com> Co-authored-by: Kamran Ahmed <kamranahmed.se@gmail.com> Co-authored-by: andreluis-oliveira <andreluis-oliveira@users.noreply.github.com>
4 months ago
"type": "video"
},
{
"title": "Wireless Technologies",
"url": "https://www.youtube.com/watch?v=_VwpcLiBkAQ",
Add content to cyber security roadmap (#6757) * Update dns.md - Fix the YouTube video link error and update the video title. * Update understand-cia-triad.md * Update comptia-security.md - Fix all broken links. - Update Exam Details. - Add new links. - Remove outdated links. * Update comptia-network.md - Update Exam Details. - Preparation Resources. - New links. * Update dnssec.md - summarized content. - relevant links. * Update apt.md - New section - Added a new link * Update comptia-a.md - Updated Professor Messer's link - New links added * Apply suggestions from code review * Update attck.md - new content. - relevant links. * Update src/data/roadmaps/cyber-security/content/attck@auR7fNyd77W2UA-PjXeJS.md * Update linux.md, comptia-linux.md and understand-the-osi-model.md Update linux.md - New Links - Remove Google Analytics parameters from link Update comptia-linux.md - Links updated Update understand-the-osi-model.md - New link * Update cissp.md - new resources links * Update src/data/roadmaps/cyber-security/content/cissp@BqvijNoRzSGYLCMP-6hhr.md * update basics-of-ids-and-ips.md - new links * update endpoint-security.md - new links * update edr.md - new text and links. update ssl-and-tls-basics.md - new links update ssl--tls.md - new links update dropbox.md - official link * ipsec.md - new content - new link kali-linux.md - new content linux.md - fix typo * Update src/data/roadmaps/cyber-security/content/kali-linux@w6wXkoLrv0_d-Ah0txUHd.md * change the CEH position to CISSP This is a suggestion, I believe that CEH appears as a highlight due to the larger space and this bothers many people. CISSP is a top professional-level certification in the field of cybersecurity and the the most respected certificate in the IT security field. He really deserves his place in the spotlight. * update xss.md, privilege-escalation.md, wlan.md and others update xss.md - new content update privilege-escalatio.md - new link update core-concepts-of-zero-trust.md - new link update zero-day.md - new content Note: This second zero-day topic is a subset of the "Attack Types and Differences" topic, so the content is minimal compared to the zero-day%40zqRaMmqcLfx400kJ-h0LO.md update wifi.md - new video link update wlan.md - new video links ( professor messer ) * update vpn.md, web-based-attacks-and-owasp.md update vpn.md - new links update web-based-attacks-and-owasp.md - new links * chore: update roadmap content json --------- Co-authored-by: dsh <daniel.s.holdsworth@gmail.com> Co-authored-by: Kamran Ahmed <kamranahmed.se@gmail.com> Co-authored-by: andreluis-oliveira <andreluis-oliveira@users.noreply.github.com>
4 months ago
"type": "video"
}
]
},
"R5HEeh6jwpQDo27rz1KSH": {
"title": "DHCP",
"description": "The Dynamic Host Configuration Protocol (DHCP) is a network management protocol used to automatically assign IP addresses and other network configuration details, such as subnet masks, default gateways, and DNS servers, to devices on a network. When a device, such as a computer or smartphone, connects to a network, it sends a request to the DHCP server, which then dynamically assigns an available IP address from a defined range and provides the necessary configuration information. This process simplifies network management by eliminating the need for manual IP address assignment and reduces the risk of IP conflicts, ensuring that devices can seamlessly join the network and communicate with other devices and services.\n\nLearn more from the following resources:",
"links": [
{
"title": "Dynamic Host Configuration Protocol (DHCP)",
"url": "https://learn.microsoft.com/en-us/windows-server/networking/technologies/dhcp/dhcp-top",
"type": "article"
},
{
"title": "What is DHCP and how does it work?",
"url": "https://www.youtube.com/watch?v=ldtUSSZJCGg",
"type": "video"
}
]
},
"r1IKvhpwg2umazLGlQZL1": {
"title": "DNS",
"description": "The Domain Name System (DNS) is a fundamental protocol of the internet that translates human-readable domain names, like `www.example.com`, into IP addresses, such as `192.0.2.1`, which are used by computers to locate and communicate with each other. Essentially, DNS acts as the internet's phonebook, enabling users to access websites and services without needing to memorize numerical IP addresses. When a user types a domain name into a browser, a DNS query is sent to a DNS server, which then resolves the domain into its corresponding IP address, allowing the browser to connect to the appropriate server. DNS is crucial for the functionality of the internet, as it underpins virtually all online activities by ensuring that requests are routed to the correct destinations.\n\nLearn more from the following resources:",
"links": [
{
"title": "What is DNS?",
"url": "https://www.cloudflare.com/en-gb/learning/dns/what-is-dns/",
"type": "article"
},
{
"title": "DNS Explained in 100 Seconds",
"url": "https://www.youtube.com/watch?v=UVR9lhUGAyU",
"type": "video"
},
{
"title": "What is DNS?",
"url": "https://www.youtube.com/watch?v=nyH0nYhMW9M",
"type": "video"
}
]
},
"tf0TymdPHbplDHvuVIIh4": {
"title": "NTP",
"description": "**Network Time Protocol (NTP)** is a protocol used to synchronize the clocks of computers and network devices over a network. It ensures that all systems maintain accurate and consistent time by coordinating with a hierarchy of time sources, such as atomic clocks or GPS, through network communication. NTP operates over UDP port 123 and uses algorithms to account for network delays and adjust for clock drift, providing millisecond-level accuracy. Proper time synchronization is crucial for applications requiring time-sensitive operations, logging events, and maintaining the integrity of security protocols.\n\nLearn more from the following resources:",
"links": [
{
"title": "What is NTP?",
"url": "https://www.pubnub.com/learn/glossary/ntp-protocol/",
"type": "article"
},
{
"title": "Network Time Protocol (NTP)",
"url": "https://www.youtube.com/watch?v=BAo5C2qbLq8",
"type": "video"
}
]
},
"hN8p5YBcSaPm-byQUIz8L": {
"title": "IPAM",
"description": "IP Address Management (IPAM) is a critical aspect of cyber security, as it helps organizations efficiently manage and track their IP addresses, DNS, and DHCP services. In any network, devices like servers, routers, and switches are assigned unique IP addresses, which enables them to communicate with each other. Efficient and secure management of these IP addresses is vital for maintaining network security and prevent unauthorized access.\n\nLearn more from the following resources:",
"links": [
{
"title": "What is IPAM?",
"url": "https://www.infoblox.com/glossary/ipam-ip-address-management/",
"type": "article"
},
{
"title": "IP Address Management",
"url": "https://learn.microsoft.com/en-us/windows-server/networking/technologies/ipam/ipam-top",
"type": "article"
}
]
},
"P0ZhAXd_H-mTOMr13Ag31": {
"title": "Star",
"description": "A star network topology is a configuration where all devices (nodes) are connected directly to a central hub or switch. In this arrangement, each node has a dedicated point-to-point link to the central device, forming a star-like structure. This topology offers advantages such as easy installation and reconfiguration, centralized management, and fault isolation. If one connection fails, it doesn't affect others. However, the central hub is a single point of failure for the entire network. Star topologies are commonly used in local area networks (LANs) due to their reliability, scalability, and ease of maintenance, making them a popular choice in both small office and large enterprise environments.\n\nLearn more from the following resources:",
"links": [
{
"title": "Advantages and Disadvantages of Star Topology",
"url": "https://www.geeksforgeeks.org/advantages-and-disadvantages-of-star-topology/",
"type": "article"
},
{
"title": "Star Topology",
"url": "https://www.youtube.com/watch?v=EQ3rW22-Py0",
"type": "video"
}
]
},
"9vEUVJ8NTh0wKyIE6-diY": {
"title": "Ring",
"description": "In a ring topology, each network device is connected in a circular fashion, where data travels through each node in one direction (or both in a bidirectional setup) until it reaches its destination. This structure simplifies wiring and ensures a predictable data path, but a failure in any single node or connection can disrupt the entire network unless redundant paths are used. Ring topology is known for its straightforward installation but is less common today due to its vulnerability to network interruptions.\n\nLearn more from the following resources:",
"links": [
{
"title": "What is ring topology?",
"url": "https://www.lenovo.com/gb/en/glossary/what-is-ring-topology/",
"type": "article"
},
{
"title": "Network Topologies - Ring",
"url": "https://www.youtube.com/watch?v=hjeDN2xnc50",
"type": "video"
}
]
},
"PYeF15e7iVB9seFrrO7W6": {
"title": "Mesh",
"description": "Mesh topology is a network architecture where devices or nodes are interconnected with multiple direct, point-to-point links to every other node in the network. This structure allows data to travel from source to destination through multiple paths, enhancing reliability and fault tolerance. In a full mesh topology, every node is connected to every other node, while in a partial mesh, only some nodes have multiple connections. Mesh networks are highly resilient to failures, as traffic can be rerouted if a link goes down. They're commonly used in wireless networks, IoT applications, and critical infrastructure where redundancy and self-healing capabilities are crucial. However, mesh topologies can be complex and expensive to implement, especially in large networks due to the high number of connections required.\n\nLearn more from the following resources:",
"links": [
{
"title": "What is mesh topology?",
"url": "https://www.lenovo.com/gb/en/glossary/mesh-topology",
"type": "article"
},
{
"title": "Mesh topology explained",
"url": "https://www.computerhope.com/jargon/m/mesh.htm",
"type": "article"
}
]
},
"0DWh4WmLK_ENDuqQmQcu4": {
"title": "Bus",
"description": "In the context of cybersecurity, a bus refers to a communication system that transfers data between components inside a computer or between computers. It's a critical part of computer architecture that can be vulnerable to various security threats. Attackers may attempt to exploit bus systems to intercept sensitive data, inject malicious code, or perform side-channel attacks. These vulnerabilities can exist at different levels, from the system bus connecting major computer components to expansion buses for peripheral devices. Securing bus communications involves implementing encryption, access controls, and monitoring for unusual activity. As buses play a crucial role in data transfer, protecting them is essential for maintaining the overall security and integrity of computer systems and networks.\n\nLearn more from the following resources:",
"links": [
{
"title": "What is a bus?",
"url": "https://www.lenovo.com/gb/en/glossary/bus/?srsltid=AfmBOoocoXVvqdupLu13XAm0FZMOHjRtjnnCCFxa59tEa-bQwhiVhac2",
"type": "article"
},
{
"title": "Computer buses",
"url": "https://www.youtube.com/watch?v=aBCaCrC3z0k",
"type": "video"
}
]
},
"8Mog890Lj-gVBpWa05EzT": {
"title": "SSH",
"description": "SSH (Secure Shell) is a cryptographic network protocol used for secure remote login and other secure network services over an unsecured network. It provides a secure channel over an unsecured network by using strong encryption to protect the connection against eavesdropping, tampering, and man-in-the-middle attacks. SSH is commonly used for remote command-line login, remote command execution, and secure file transfers. It typically runs on TCP port 22 and replaces older, less secure protocols like Telnet. SSH uses public-key cryptography for authentication and supports various authentication methods, including passwords and key-based authentication. It's a fundamental tool for system administrators, developers, and anyone requiring secure remote access to systems.\n\nLearn more from the following resources:",
"links": [
{
"title": "What is SSH? | Secure Shell (SSH) protocol",
"url": "https://www.cloudflare.com/en-gb/learning/access-management/what-is-ssh/",
"type": "article"
},
{
"title": "How does SSH work",
"url": "https://www.youtube.com/watch?v=5JvLV2-ngCI",
"type": "video"
}
]
},
"Ia6M1FKPNpqLDiWx7CwDh": {
"title": "RDP",
"description": "**Remote Desktop Protocol (RDP)** is a Microsoft-developed protocol that enables users to remotely access and control a computer over a network. It allows users to interact with a remote desktop environment as if they were sitting in front of the computer, providing access to applications, files, and network resources. RDP is commonly used for remote administration, technical support, and remote work. It operates over TCP port 3389 and supports encryption for secure data transmission, though proper security measures, like strong passwords and multi-factor authentication, are essential to prevent unauthorized access.\n\nLearn more from the following resources:",
"links": [
{
"title": "What is the Remote Desktop Protocol (RDP)?",
"url": "https://www.cloudflare.com/en-gb/learning/access-management/what-is-the-remote-desktop-protocol/",
"type": "article"
},
{
"title": "What is RDP and how to use it?",
"url": "https://www.youtube.com/watch?v=flPnBSz-lqw",
"type": "video"
}
]
},
"ftYYMxRpVer-jgSswHLNa": {
"title": "FTP",
"description": "FTP is a standard network protocol used to transfer files from one host to another host over a TCP-based network, such as the Internet. Originally developed in the 1970s, it's one of the earliest protocols for transferring files between computers and remains widely used today.\n\nFTP operates on a client-server model, where one computer acts as the client (the sender or requester) and the other acts as the server (the receiver or provider). The client initiates a connection to the server, usually by providing a username and password for authentication, and then requests a file transfer.\n\nLearn more from the following resources:",
"links": [
{
"title": "FTP meaning and uses",
"url": "https://www.investopedia.com/terms/f/ftp-file-transfer-protocol.asp",
"type": "article"
},
{
"title": "What is FTP?",
"url": "https://www.youtube.com/watch?v=HI0Oh4NJqcI",
"type": "video"
}
]
},
"YEy6o-clTBKZp1yOkLwNb": {
"title": "SFTP",
"description": "SFTP (SSH File Transfer Protocol) is a secure file transfer protocol that provides file access, transfer, and management over a reliable data stream. It runs over the SSH protocol, typically on port 22, ensuring encrypted file transfers. SFTP offers stronger security than traditional FTP by encrypting both commands and data in transit, preventing unauthorized interception. It supports features like resuming interrupted transfers, directory listings, and remote file system operations. SFTP is widely used for secure file transfers in various environments, from web hosting to enterprise data management, offering a more secure alternative to FTP while maintaining similar functionality. Its integration with SSH makes it a preferred choice for secure, authenticated file transfers in many network configurations.\n\nLearn more from the following resources:",
"links": [
{
"title": "What is SFTP?",
"url": "https://www.precisely.com/glossary/sftp",
"type": "article"
},
{
"title": "How to use SFTP Commands to Copy Files to/from a Server",
"url": "https://www.youtube.com/watch?v=22lBJIfO9qQ&t=4s",
"type": "video"
}
]
},
"3Awm221OJHxXNLiL9yxfd": {
"title": "HTTP / HTTPS",
"description": "HTTP (Hypertext Transfer Protocol) and HTTPS (HTTP Secure) are fundamental protocols for web communication. HTTP is the foundation for data exchange on the World Wide Web, allowing browsers to request resources from web servers. However, HTTP transmits data in plain text, making it vulnerable to eavesdropping and man-in-the-middle attacks. HTTPS addresses these security concerns by adding a layer of encryption using SSL/TLS (Secure Sockets Layer/Transport Layer Security). This encryption protects the confidentiality and integrity of data in transit, securing sensitive information such as login credentials and financial transactions. HTTPS also provides authentication, ensuring that users are communicating with the intended website. In recent years, there has been a significant push towards HTTPS adoption across the web, with major browsers marking HTTP sites as \"not secure.\" This shift has greatly enhanced overall web security, though it's important to note that HTTPS secures the connection, not necessarily the content of the website itself.\n\nLearn more from the following resources:",
"links": [
{
"title": "An overview of HTTP",
"url": "https://developer.mozilla.org/en-US/docs/Web/HTTP/Overview",
"type": "article"
},
{
"title": "What is HTTPS?",
"url": "https://www.cloudflare.com/en-gb/learning/ssl/what-is-https/",
"type": "article"
}
]
},
"LKK1A5-xawA7yCIAWHS8P": {
"title": "SSL / TLS",
"description": "Single Sign-On (SSO) is an authentication method that allows users to access multiple applications or systems with one set of login credentials. It enables users to log in once and gain access to various connected systems without re-entering credentials. SSO enhances user experience by reducing password fatigue, streamlines access management for IT departments, and can improve security by centralizing authentication controls. It typically uses protocols like SAML, OAuth, or OpenID Connect to securely share authentication information across different domains. While SSO offers convenience and can strengthen security when implemented correctly, it also presents a single point of failure if compromised, making robust security measures for the SSO system critical.\n\nLearn more from the following resources:",
"links": [
{
"title": "What’s the Difference Between SSL and TLS?",
"url": "https://aws.amazon.com/compare/the-difference-between-ssl-and-tls/",
"type": "article"
},
{
"title": "TLS vs SSL - What's the Difference?",
"url": "https://www.youtube.com/watch?v=J7fI_jH7L84",
"type": "video"
}
]
},
"AjywuCZdBi9atGUbetlUL": {
"title": "VMWare",
"description": "VMware is a leading provider of virtualization and cloud computing software. Its core technology allows multiple virtual machines (VMs) to run on a single physical server, each with its own operating system and resources. VMware's product suite includes tools for server virtualization, desktop virtualization, cloud management, and network virtualization. Key products like vSphere and ESXi enable efficient resource utilization, improved scalability, and simplified IT management. VMware's solutions are widely used in enterprise environments for consolidating servers, enabling cloud computing, facilitating disaster recovery, and supporting development and testing environments. The company's technology plays a crucial role in modern data center operations and hybrid cloud strategies.\n\nLearn more from the following resources:",
"links": [
{
"title": "VMWare Website",
"url": "https://www.vmware.com/",
"type": "article"
},
{
"title": "What is VMWare",
"url": "https://www.youtube.com/watch?v=zPNCp9AV-vA",
"type": "video"
}
]
},
"vGVFhZXYOZOy4qFpLLbxp": {
"title": "VirtualBox",
"description": "VirtualBox is a free, open-source virtualization software developed by Oracle. It allows users to run multiple operating systems simultaneously on a single physical machine. VirtualBox supports a wide range of guest operating systems, including various versions of Windows, Linux, macOS, and more. It provides features like snapshots for easy system state preservation, shared folders for file exchange between host and guest systems, and USB device support. VirtualBox is popular among developers, IT professionals, and enthusiasts for testing software, running legacy applications, and experimenting with different operating systems without the need for separate physical hardware.\n\nLearn more from the following resources:",
"links": [
{
"title": "VirtualBox Website",
"url": "https://www.virtualbox.org/",
"type": "article"
},
{
"title": "How to use VirtualBox",
"url": "https://www.youtube.com/watch?v=nvdnQX9UkMY",
"type": "video"
}
]
},
"BisNooct1vJDKaBKsGR7_": {
"title": "esxi",
"description": "VMware ESXi is a Type 1 hypervisor and the core building block for VMware's virtualization technology. It represents a bare-metal hypervisor, which means it is installed directly onto your physical server's hardware, without the need for a supporting operating system. This results in elevated performance, reduced overhead, and efficient resource allocation.\n\nLearn more from the following resources:",
"links": [
{
"title": "What is ESXi?",
"url": "https://www.vmware.com/products/cloud-infrastructure/esxi-and-esx",
"type": "article"
},
{
"title": "What is VMWare ESXi?",
"url": "https://www.liquidweb.com/blog/what-is-vmware-esxi/",
"type": "article"
}
]
},
"jqX1A5hFF3Qznqup4lfiF": {
"title": "proxmox",
"description": "**Proxmox** is an open-source virtualization management platform that integrates both **Proxmox Virtual Environment (Proxmox VE)** and **Proxmox Mail Gateway**. Proxmox VE combines virtualization technologies, including KVM for virtual machines and LXC for lightweight containers, into a unified web-based interface for managing and deploying virtualized environments. It offers features such as high availability, storage management, and backup solutions. Proxmox Mail Gateway provides email security and anti-spam solutions, protecting email systems from threats. Proxmox is valued for its flexibility, cost-effectiveness, and comprehensive management capabilities.\n\nLearn more from the following resources:",
"links": [
{
"title": "Proxmox Website",
"url": "https://www.proxmox.com/en/",
"type": "article"
},
{
"title": "What is Proxmox virtualization?",
"url": "https://www.youtube.com/watch?v=GMAvmHEWAMU",
"type": "video"
}
]
},
"CIoLaRv5I3sCr9tBnZHEi": {
"title": "Hypervisor",
"description": "A hypervisor, also known as a virtual machine monitor (VMM), is software or firmware that enables the creation and management of virtual machines (VMs) by abstracting the underlying hardware. It allows multiple VMs to run on a single physical machine, each operating independently with its own operating system and applications. Hypervisors facilitate better resource utilization by allowing a physical server to host several virtual environments, optimizing hardware efficiency.\n\nThere are two types of hypervisors:\n\n* **Type 1 hypervisor**, or bare-metal hypervisor, runs directly on the physical hardware without a host operating system. It provides better performance and is commonly used in enterprise environments. Examples include VMware ESXi and Microsoft Hyper-V.\n* **Type 2 hypervisor** runs on top of an existing operating system, relying on the host OS for resource management. These are typically used for personal or development purposes, with examples like VMware Workstation and Oracle VirtualBox.\n\nHypervisors are fundamental in cloud computing, virtualization, and server consolidation, allowing for flexible and efficient resource management and isolation between virtual environments.\n\nLearn more from the following resources:",
"links": [
{
"title": "What is a hypervisor?",
"url": "https://www.redhat.com/en/topics/virtualization/what-is-a-hypervisor",
"type": "article"
},
{
"title": "What is a Hypervisor?",
"url": "https://www.youtube.com/watch?v=LMAEbB2a50M",
"type": "video"
}
]
},
"251sxqoHggQ4sZ676iX5w": {
"title": "VM",
"description": "A Virtual Machine (VM) is a software-based emulation of a physical computer. It runs an operating system and applications, isolated from the underlying hardware. VMs allow multiple \"guest\" operating systems to run on a single physical \"host\" machine, each with its own allocated virtual resources (CPU, memory, storage). This technology enables efficient hardware utilization, easier system administration, and improved security through isolation. VMs are widely used in cloud computing, software development, testing environments, and for running legacy applications. Hypervisors, such as VMware vSphere or Microsoft Hyper-V, manage the creation and operation of VMs on physical hardware.\n\nLearn more from the following resources:",
"links": [
{
"title": "What is a Virtual Machine and how does it work?",
"url": "https://azure.microsoft.com/en-gb/resources/cloud-computing-dictionary/what-is-a-virtual-machine",
"type": "article"
},
{
"title": "Explore top posts about Infrastructure",
"url": "https://app.daily.dev/tags/infrastructure?ref=roadmapsh",
"type": "article"
},
{
"title": "Virtualization Explained",
"url": "https://www.youtube.com/watch?v=UBVVq-xz5i0",
"type": "video"
}
]
},
"LocGETHz6ANYinNd5ZLsS": {
"title": "GuestOS",
"description": "A Guest Operating System (Guest OS) refers to an operating system that runs within a virtual machine (VM) environment, managed by a hypervisor or virtual machine monitor. In virtualization technology, the Guest OS operates as if it were running on dedicated physical hardware, but it's actually sharing resources with the host system and potentially other guest systems. This concept is crucial in cybersecurity for several reasons. It allows for isolation of systems, enabling secure testing environments for malware analysis or vulnerability assessments. Guest OSes can be quickly deployed, cloned, or reset, facilitating rapid incident response and recovery. However, they also introduce new security considerations, such as potential vulnerabilities in the hypervisor layer, escape attacks where malware breaks out of the VM, and resource contention issues. Properly configuring, patching, and monitoring Guest OSes is essential for maintaining a secure virtualized infrastructure, balancing the benefits of flexibility and isolation with the need for robust security measures.\n\nLearn more from the following resources:",
"links": [
{
"title": "What is a Guest Operating System?",
"url": "https://www.techtarget.com/searchitoperations/definition/guest-OS-guest-operating-system",
"type": "article"
},
{
"title": "Guest Operating System",
"url": "https://nordvpn.com/cybersecurity/glossary/guest-operating-system/?srsltid=AfmBOop0L-VFCtuYvEBQgHy7dCIa3sfzNVa-Zn6l0SniAYDpftfOgH7N",
"type": "article"
}
]
},
"p7w3C94xjLwSMm5qA8XlL": {
"title": "HostOS",
"description": "A Host Operating System (Host OS) refers to the primary operating system installed directly on a computer's hardware, managing the physical resources and providing a platform for running applications and, in virtualized environments, supporting virtual machines. In cybersecurity, the Host OS plays a critical role as it forms the foundation of the system's security posture. It's responsible for implementing core security features such as access controls, system hardening, and patch management. The Host OS often runs the hypervisor software in virtualized environments, making its security crucial for protecting all guest operating systems and applications running on top of it. Vulnerabilities in the Host OS can potentially compromise all hosted virtual machines and services. Therefore, securing the Host OS through regular updates, proper configuration, and robust monitoring is essential for maintaining the overall security of both physical and virtualized IT infrastructures.\n\nLearn more from the following resources:",
"links": [
{
"title": "Host Operating System Definition",
"url": "https://nordvpn.com/cybersecurity/glossary/host-operating-system/",
"type": "article"
},
{
"title": "Host vs Guest OS",
"url": "https://www.datto.com/blog/whats-the-difference-host-vs-guest-os/",
"type": "article"
}
]
},
"tk4iG5i1Ml9w9KRO1tGJU": {
"title": "nslookup",
"description": "**nslookup** is a network utility used to query Domain Name System (DNS) servers for information about domain names and IP addresses. It allows users to obtain details such as IP address mappings for a given domain name, reverse lookups to find domain names associated with an IP address, and DNS record types like A, MX, and CNAME records. nslookup helps troubleshoot DNS-related issues, verify DNS configurations, and analyze DNS records. It can be run from the command line in various operating systems, including Windows, macOS, and Linux.\n\nLearn more from the following resources",
"links": [
{
"title": "nslookup",
"url": "https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/nslookup",
"type": "article"
},
{
"title": "What is Nslookup?",
"url": "https://www.youtube.com/watch?v=n6pT8lbyhog",
"type": "video"
}
]
},
"jr8JlyqmN3p7Ol3_kD9AH": {
"title": "iptables",
"description": "IPTables is a command-line utility for configuring and managing packet filtering rules within the Linux operating system. It allows the system administrator to define and manage the firewall rules that control the incoming and outgoing network traffic. IPTables is an essential tool for securing Linux systems and ensuring proper network traffic flow.\n\nLearn more from the following resources:",
"links": [
{
"title": "iptables man page",
"url": "https://linux.die.net/man/8/iptables",
"type": "article"
},
{
"title": "iptables complete guide",
"url": "https://www.youtube.com/watch?v=6Ra17Qpj68c",
"type": "video"
}
]
},
"k6UX0BJho5arjGD2RWPgH": {
"title": "Packet Sniffers",
"description": "**Packet sniffers** are tools used to capture and analyze network traffic by intercepting data packets as they traverse a network. They provide insights into network activity, including protocols, IP addresses, and payload contents, which can be useful for diagnosing network issues, monitoring performance, and detecting unauthorized or malicious activity. Packet sniffers operate in promiscuous mode, allowing them to capture all packets on a network segment, and are commonly used for network troubleshooting, security analysis, and forensic investigations. Examples include Wireshark and tcpdump.\n\nLearn more from the following resources:",
"links": [
{
"title": "Packet Sniffing Explained",
"url": "https://www.avast.com/c-packet-sniffing",
"type": "article"
},
{
"title": "What is Packet Sniffing?",
"url": "https://www.youtube.com/watch?v=5oioSbgBQ8I",
"type": "video"
}
]
},
"u-6xuZUyOrogh1bU4cwER": {
"title": "ipconfig",
"description": "`ipconfig` is a widely-used command-line utility for Windows operating systems that provides valuable information regarding a computer's network configuration. It can be extremely helpful for incident response and discovery tasks when investigating network-related issues, extracting crucial network details, or when trying to ascertain a machine's IP address.\n\nLearn more from the following resources:",
"links": [
{
"title": "ipconfig command",
"url": "https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/ipconfig",
"type": "article"
},
{
"title": "Understanding ipconfig",
"url": "https://www.whatismyip.com/ipconfig/",
"type": "article"
}
]
},
"2M3PRbGzo14agbEPe32ww": {
"title": "netstat",
"description": "**netstat** (network statistics) is a command-line tool used to display network connections, routing tables, and network interface statistics. It provides information about active TCP and UDP connections, listening ports, and the status of network interfaces. By using **netstat**, users can monitor network activity, diagnose connectivity issues, and identify open ports and services running on a system. The tool is available on various operating systems, including Windows, macOS, and Linux, and is often employed for network troubleshooting and security assessments.\n\nLearn more from the following resources:",
"links": [
{
"title": "netstat command",
"url": "https://docs.oracle.com/cd/E19504-01/802-5753/6i9g71m3i/index.html",
"type": "article"
},
{
"title": "netstat Command Explained",
"url": "https://www.youtube.com/watch?v=8UZFpCQeXnM",
"type": "video"
}
]
},
"iJRQHzh5HXADuWpCouwxv": {
"title": "Port Scanners",
"description": "Port scanners are essential tools in the troubleshooting and cybersecurity landscape. They are designed to detect open or closed network ports on a target system. Network ports serve as communication endpoints for various applications and services running on a device, and knowing the status of these ports can help identify potential security vulnerabilities or confirm that specific services are running as intended.\n\nLearn more from the following resources:",
"links": [
{
"title": "Top 5 Best port scanners",
"url": "https://securitytrails.com/blog/best-port-scanners",
"type": "article"
},
{
"title": "How To Use nmap To Scan For Open Ports",
"url": "https://www.youtube.com/watch?v=ifbwTt3_oCg",
"type": "video"
}
]
},
"GuuY-Q6FZzfspB3wrH64r": {
"title": "ping",
"description": "**Ping** is a network utility used to test the reachability and responsiveness of a device on a network. It sends Internet Control Message Protocol (ICMP) echo request packets to a target host and measures the time it takes for an echo reply to be received. Ping is commonly used to diagnose network connectivity issues, determine network latency, and check if a specific server or device is online. A successful ping response indicates that the target device is reachable, while failures or delays may suggest network problems, such as packet loss or routing issues.\n\nLearn more from the following resources:",
"links": [
{
"title": "What is ping?",
"url": "https://www.solarwinds.com/resources/it-glossary/ping",
"type": "article"
},
{
"title": "Ping command explained",
"url": "https://www.youtube.com/watch?v=7sv5pL-XgSg",
"type": "video"
}
]
},
"D2YYv1iTRGken75sHO0Gt": {
"title": "dig",
"description": "`dig`, short for the Domain Information Groper, is a powerful and flexible command-line tool used to perform DNS queries and obtain valuable information about domains, IPs, and DNS records. This utility, available on UNIX-based systems like Linux and macOS, provides an essential function to help diagnose and resolve various issues related to domain name resolution and network connectivity. It is highly useful for network administrators and cybersecurity professionals when troubleshooting DNS-related problems.\n\nLearn more from the following resources:",
"links": [
{
"title": "How to use Linux dig command",
"url": "https://www.google.com/search?client=firefox-b-d&q=linux+dig+command",
"type": "article"
},
{
"title": "How to look up DNS records with dig",
"url": "https://www.youtube.com/watch?v=3AOKomsmeUY",
"type": "video"
}
]
},
"hkO3Ga6KctKODr4gos6qX": {
"title": "arp",
"description": "ARP is a protocol used by the Internet Protocol (IP) to map an IP address to a physical address, also known as a Media Access Control (MAC) address. ARP is essential for routing data between devices in a Local Area Network (LAN) as it allows for the translation of IP addresses to specific hardware on the network. When a device wants to communicate with another device on the same LAN, it needs to determine the corresponding MAC address for the target IP address. ARP helps in this process by broadcasting an ARP request containing the target IP address. All devices within the broadcast domain receive this ARP request and compare the target IP address with their own IP address. If a match is found, the device with the matching IP address sends an ARP reply which contains its MAC address. The device that initiated the ARP request can now update its ARP cache (a table that stores IP-to-MAC mappings) with the new information, and then proceed to send data to the target's MAC address.\n\nLearn more from the following resources:",
"links": [
{
"title": "What is Address Resolution Protocol?",
"url": "https://www.fortinet.com/resources/cyberglossary/what-is-arp",
"type": "article"
},
{
"title": "ARP Explained",
"url": "https://www.youtube.com/watch?v=cn8Zxh9bPio",
"type": "video"
}
]
},
"K05mEAsjImyPge0hDtsU0": {
"title": "Protocol Analyzers",
"description": "**Protocol analyzers**, also known as network analyzers or packet sniffers, are tools used to capture, inspect, and analyze network traffic. They help diagnose network issues, troubleshoot performance problems, and ensure security by providing detailed insights into the data packets transmitted across a network. Protocol analyzers decode and display various network protocols, such as TCP/IP, HTTP, and DNS, allowing users to understand communication patterns, detect anomalies, and identify potential vulnerabilities. Popular examples include Wireshark and tcpdump.\n\nLearn more from the following resources:",
"links": [
{
"title": "What is a protocol analyzer?",
"url": "https://www.geeksforgeeks.org/what-is-protocol-analyzer/",
"type": "article"
},
{
"title": "Protocol Analyzers",
"url": "https://www.youtube.com/watch?v=hTMhlB-o0Ow",
"type": "video"
}
]
},
"xqwIEyGfdZFxk6QqbPswe": {
"title": "nmap",
"description": "**Nmap** (Network Mapper) is an open-source network scanning tool used to discover hosts and services on a network, identify open ports, and detect vulnerabilities. It provides detailed information about networked devices, including their IP addresses, operating systems, and running services. Nmap supports various scanning techniques such as TCP SYN scan, UDP scan, and service version detection. It's widely used for network security assessments, vulnerability scanning, and network inventory management, helping administrators and security professionals understand and secure their network environments.\n\nLearn more from the following resources:",
"links": [
{
"title": "NMAP Website",
"url": "https://nmap.org/",
"type": "article"
},
{
"title": "NMAP Cheat Sheet",
"url": "https://www.tutorialspoint.com/nmap-cheat-sheet",
"type": "article"
},
{
"title": "Nmap Tutorial to find Network Vulnerabilities",
"url": "https://www.youtube.com/watch?v=4t4kBkMsDbQ",
"type": "video"
}
]
},
"xFuWk7M-Vctk_xb7bHbWs": {
"title": "route",
"description": "The `route` command is a network utility used to view and manipulate the IP routing table on Unix-like and Windows systems. It allows users to display the current routes that data packets take, as well as add, modify, or delete routes for network traffic. This command is often used in network troubleshooting and configuration to control how data flows between different networks and subnets. By specifying routes manually, administrators can define specific paths for network traffic, bypassing default routes and optimizing performance or security.\n\nLearn more from the following resources:",
"links": [
{
"title": "How to check the routing table in Linux",
"url": "https://www.geeksforgeeks.org/route-command-in-linux-with-examples/",
"type": "article"
}
]
},
"y8GaUNpaCT1Ai88wPOk6d": {
"title": "tcpdump",
"description": "Tcpdump is a powerful command-line packet analyzer used for network troubleshooting and security analysis. It captures and displays the contents of network packets matching specified criteria. Tcpdump can intercept and display communication protocols, packet headers, and payload data passing over a network interface. It's commonly used for diagnosing network issues, monitoring network traffic, detecting suspicious activities, and analyzing protocol behavior. Tcpdump offers various filtering options to focus on specific types of traffic, IP addresses, or ports. While primarily used on Unix-like systems, its Windows equivalent is WinDump. Due to its ability to capture sensitive data, tcpdump usage often requires administrative privileges and must comply with legal and ethical guidelines.\n\nLearn more from the following resources:",
"links": [
{
"title": "tcpdump man page",
"url": "https://www.tcpdump.org/manpages/tcpdump.1.html",
"type": "article"
},
{
"title": "TCP Dump - What is it and how to use it?",
"url": "https://www.youtube.com/watch?v=e45Kt1IYdCI",
"type": "video"
}
]
},
"cSz9Qx3PGwmhq3SSKYKfg": {
"title": "tracert",
"description": "Tracert (traceroute in Unix-based systems) is a network diagnostic tool used to trace the path that data packets take from a source computer to a destination host. It shows the number of hops (intermediate routers) traversed, the IP addresses of these routers, and the round-trip time for each hop. Tracert works by sending packets with increasing Time-To-Live (TTL) values, causing each router along the path to respond. This tool is valuable for identifying network bottlenecks, pinpointing where packet loss occurs, and understanding the routing path of network traffic. It's commonly used for troubleshooting network connectivity issues, analyzing network performance, and mapping network topology.\n\nLearn more from the following resources:",
"links": [
{
"title": "traceroute man page",
"url": "https://linux.die.net/man/8/traceroute",
"type": "article"
},
{
"title": "tracert",
"url": "https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/tracert",
"type": "article"
},
{
"title": "Traceroute (tracert) Explained",
"url": "https://www.youtube.com/watch?v=up3bcBLZS74",
"type": "video"
}
]
},
"lG6afUOx3jSQFxbH92otL": {
"title": "Kerberos",
"description": "Kerberos is a network authentication protocol designed to provide strong authentication for client/server applications. It was developed by MIT in the 1980s and is named after the three-headed dog from Greek mythology that guarded the gates of Hades, symbolizing the protocol's aim to provide secure authentication in a potentially hostile network environment.\n\nLearn more from the following resources:",
"links": [
{
"title": "What is Kerberos?",
"url": "https://www.fortinet.com/resources/cyberglossary/kerberos-authentication",
"type": "article"
},
{
"title": "Kerberos Authentication Explained",
"url": "https://www.youtube.com/watch?v=5N242XcKAsM",
"type": "video"
}
]
},
"lV3swvD6QGLmD9iVfbKIF": {
"title": "LDAP",
"description": "LDAP (Lightweight Directory Access Protocol) is a standardized application protocol for accessing and maintaining distributed directory information services over an IP network. It's primarily used for querying and modifying directory services, such as user authentication and information lookup. LDAP organizes data in a hierarchical tree structure and is commonly used in enterprise environments for centralized user management, authentication, and authorization. It supports features like single sign-on and can integrate with various applications and services. LDAP is widely used in conjunction with Active Directory and other directory services to provide a centralized repository for user accounts, groups, and other organizational data, facilitating efficient user and resource management in networked environments.\n\nLearn more from the following resources:",
"links": [
{
"title": "What Is LDAP & How Does It Work?",
"url": "https://www.okta.com/uk/identity-101/what-is-ldap/",
"type": "article"
},
{
"title": "",
"url": "https://www.youtube.com/watch?v=vy3e6ekuqqg",
"type": "video"
}
]
},
"xL32OqDKm6O043TYgVV1r": {
"title": "SSO",
"description": "Single Sign-On (SSO) is an authentication method that allows users to access multiple applications or systems with one set of login credentials. It enables users to log in once and gain access to various connected systems without re-entering credentials. SSO enhances user experience by reducing password fatigue, streamlines access management for IT departments, and can improve security by centralizing authentication controls. It typically uses protocols like SAML, OAuth, or OpenID Connect to securely share authentication information across different domains. While SSO offers convenience and can strengthen security when implemented correctly, it also presents a single point of failure if compromised, making robust security measures for the SSO system critical.\n\nLearn more from the following resources:",
"links": [
{
"title": "What is SSO? | How single sign-on works",
"url": "https://www.cloudflare.com/en-gb/learning/access-management/what-is-sso/",
"type": "article"
},
{
"title": "What Is Single Sign-on (SSO)? How It Works",
"url": "https://www.youtube.com/watch?v=O1cRJWYF-g4",
"type": "video"
}
]
},
"tH3RLnJseqOzRIbZMklHD": {
"title": "RADIUS",
"description": "**Remote Authentication Dial-In User Service (RADIUS)** is a network protocol that provides centralized Authentication, Authorization, and Accounting (AAA) management for users who connect to and use a network service. It is commonly used for managing access to network resources such as VPNs, Wi-Fi, and dial-up services. RADIUS servers validate user credentials, enforce access policies, and log user activities. It operates over UDP ports 1812 (authentication) and 1813 (accounting), and supports encryption for securely transmitting user credentials and data.\n\nLearn more from the following resources:",
"links": [
{
"title": "RADIUS (Remote Authentication Dial-In User Service)",
"url": "https://www.techtarget.com/searchsecurity/definition/RADIUS",
"type": "article"
},
{
"title": "How RADIUS Authentication Works",
"url": "https://www.youtube.com/watch?v=LLrb3em-_po",
"type": "video"
}
]
},
"WXRaVCYwuGQsjJ5wyvbea": {
"title": "Certificates",
"description": "Certificates, also known as digital certificates or SSL/TLS certificates, play a crucial role in the world of cybersecurity. They help secure communications between clients and servers over the internet, ensuring that sensitive data remains confidential and protected from prying eyes.\n\nDigital certificates provide a crucial layer of security and trust for online communications. Understanding their role in cybersecurity, the different types of certificates, and the importance of acquiring certificates from trusted CAs can greatly enhance your organization's online security posture and reputation.\n\nLearn more from the following resources:",
"links": [
{
"title": "What is an SSL certificate?",
"url": "https://www.cloudflare.com/en-gb/learning/ssl/what-is-an-ssl-certificate/",
"type": "article"
},
{
"title": "What is a certificate authority",
"url": "https://www.ssl.com/article/what-is-a-certificate-authority-ca/",
"type": "article"
}
]
},
"vYvFuz7lAJXZ1vK_4999a": {
"title": "Local Auth",
"description": "Local authentication refers to the process of verifying a user's identity on a specific device or system without relying on external servers or networks. It typically involves storing and checking credentials directly on the device itself. Common methods include username/password combinations, biometrics (fingerprint, face recognition), or PIN codes. Local authentication is often used for device access, offline applications, or as a fallback when network-based authentication is unavailable. While it offers quick access and works without internet connectivity, it can be less secure than centralized authentication systems and more challenging to manage across multiple devices. Local authentication is commonly used in personal devices, standalone systems, and scenarios where network-based authentication is impractical or unnecessary.",
"links": []
},
"_hYN0gEi9BL24nptEtXWU": {
"title": "Security Skills and Knowledge",
"description": "In the constantly evolving world of cyber security, it is essential for professionals to stay updated with the latest skills and knowledge. This allows them to proactively defend against emerging threats, maintain secure systems, and create a robust security posture. Here's a brief summary of the essential security skills and knowledge you should possess:\n\nUnderstanding of Security Fundamentals\n--------------------------------------\n\nAn in-depth understanding of the fundamental concepts of cyber security is crucial, which includes:\n\n* Confidentiality, Integrity, and Availability (CIA) triad\n* Risk management\n* Security policies and best practices\n* Authentication, authorization, and access control\n* Cryptography\n\nNetworking\n----------\n\nA strong grasp of networking concepts is required to identify and prevent potential threats. Develop a comprehensive knowledge of:\n\n* Networking protocols, standards, and devices (e.g., switches, routers, and firewalls)\n* Network architecture and design\n* Virtual Private Networks (VPNs) and Virtual Local Area Networks (VLANs)\n\nOperating Systems and Application Security\n------------------------------------------\n\nWell-rounded knowledge of various operating systems (e.g., Windows, Linux, macOS) and applications, as well as:\n\n* Security configuration best practices\n* Patch management\n* Denial-of-service prevention\n* Privileged user management\n\nWeb Security\n------------\n\nWeb security expertise is necessary for maintaining a secure online presence. Key knowledge areas include:\n\n* Web application vulnerabilities (e.g., SQL injection, XSS)\n* Secure web protocols (e.g., HTTP Secure, Transport Layer Security)\n* Content Security Policy (CSP) and other defensive mechanisms\n\nSecurity Testing\n----------------\n\nFamiliarity with testing methodologies, tools, and frameworks is essential for identifying and mitigating vulnerabilities. Acquire competency in:\n\n* Vulnerability scanning and penetration testing\n* Security testing best practices (e.g., OWASP Top Ten)\n* Static and dynamic code analysis tools\n\nIncident Response and Forensic Analysis\n---------------------------------------\n\nLearn to handle security incidents and conduct investigations to minimize the impact of cyber threats. Enhance knowledge of:\n\n* Security incident containment and response strategies\n* Digital forensic tools and techniques\n* Regulatory requirements and legal implications of cyber incidents\n\nCloud Security\n--------------\n\nCloud platforms are becoming increasingly prevalent, making it necessary to understand cloud security best practices, including:\n\n* Cloud-specific risks and vulnerabilities\n* Implementing proper access control and identity management\n* Compliance in cloud environments\n\nSoft Skills\n-----------\n\nIn addition to technical skills, soft skills play an important role in effective communication and collaboration among cyber security teams. Develop:\n\n* Problem-solving ability\n* Adaptability and continuous learning\n* Teamwork and collaboration\n\nBy continually refining and updating your security skills and knowledge, you become an invaluable asset in the rapidly evolving field of cyber security, helping to protect critical systems and data from ever-increasing threats.",
"links": []
},
"rzY_QsvnC1shDTPQ-til0": {
"title": "Understand Common Hacking Tools",
"description": "Common hacking tools encompass a range of software used for network exploration, security auditing, and penetration testing. These include network scanners like Nmap, vulnerability assessment tools such as Nessus, password crackers like John the Ripper, and exploitation frameworks like Metasploit. Wireshark for packet analysis, Burp Suite for web application security testing, and Aircrack-ng for wireless network auditing are also widely used. While these tools have legitimate purposes in cybersecurity for identifying and addressing vulnerabilities, they can be misused for malicious activities. Ethical use of these tools requires proper authorization and adherence to legal and ethical guidelines. Understanding these tools is crucial for both offensive and defensive cybersecurity practices.\n\nLearn more from the following resources:",
"links": [
{
"title": "100 Top Hacking Tools and Ethical Hacking Tools",
"url": "https://www.eccouncil.org/cybersecurity-exchange/ethical-hacking/best-ethical-hacking-tools/",
"type": "article"
},
{
"title": "I Tried 100+ Hacking Tools",
"url": "https://www.youtube.com/watch?v=4WqymtvuWZQ",
"type": "video"
}
]
},
"Lg7mz4zeCToEzZBFxYuaU": {
"title": "Understand Common Exploit Frameworks",
"description": "Common exploit frameworks are comprehensive platforms used for developing, testing, and executing security exploits. The most prominent is Metasploit, which offers a large database of known vulnerabilities and exploit modules. It allows security professionals to simulate attacks and test system defenses. Other frameworks include Canvas by Immunity, Core Impact, and the open-source BeEF (Browser Exploitation Framework). These tools typically provide features for vulnerability scanning, payload generation, post-exploitation activities, and reporting. While primarily used for legitimate security testing and penetration testing, these frameworks can also be misused by malicious actors. Proper usage requires strict ethical guidelines, legal authorization, and a thorough understanding of cybersecurity principles and potential impacts.\n\nLearn more from the following resources:",
"links": [
{
"title": "Metasploit Framework",
"url": "https://www.metasploit.com/",
"type": "article"
},
{
"title": "Core Impact",
"url": "https://www.coresecurity.com/",
"type": "article"
},
{
"title": "Immunity Canvas",
"url": "www.immunitysec.com",
"type": "article"
},
{
"title": "Metasploit for Beginners",
"url": "https://www.youtube.com/watch?v=8lR27r8Y_ik",
"type": "video"
}
]
},
"Rae-f9DHDZuwIwW6eRtKF": {
"title": "Understand Concept of Defense in Depth",
"description": "Defense in Depth is a cybersecurity strategy that employs multiple layers of security controls throughout an IT system or network. This approach assumes that no single security measure is perfect, and therefore combines various defensive mechanisms to protect assets. It typically includes physical security, network security, endpoint protection, application security, data security, and user education. By implementing overlapping security measures, the strategy aims to create a comprehensive security posture that can withstand various types of attacks, slow down intruders, and provide multiple opportunities for detection and response. This layered approach helps organizations maintain security even if one layer is compromised, significantly improving overall resilience against cyber threats.\n\nLearn more from the following resources:",
"links": [
{
"title": "What is Defense in Depth?",
"url": "https://www.fortinet.com/resources/cyberglossary/defense-in-depth",
"type": "article"
},
{
"title": "Defense-in-Depth - CompTIA Security+",
"url": "https://www.youtube.com/watch?v=HLQ4wX8NxQY",
"type": "video"
}
]
},
"Ec6EairjFJLCHc7b-1xxe": {
"title": "Understand Concept of Runbooks",
"description": "Runbooks are standardized documents or automated scripts that outline step-by-step procedures for carrying out specific IT operations or resolving common issues. They provide a consistent approach to routine tasks, incident response, and problem-solving, enabling IT teams to handle situations efficiently and minimize human error. Runbooks typically include detailed instructions, decision trees, troubleshooting guides, and may incorporate automation for repetitive tasks. They are essential for maintaining operational consistency, reducing downtime, facilitating knowledge transfer among team members, and supporting rapid incident resolution in complex IT environments. Modern runbooks are often digital, interactive, and integrated with IT service management tools for streamlined operations and continuous improvement.\n\nLearn more from the following resources:",
"links": [
{
"title": "What is a runbook?",
"url": "https://www.pagerduty.com/resources/learn/what-is-a-runbook/",
"type": "article"
},
{
"title": "Create Automation Runbooks with AWS Systems Manager",
"url": "https://www.youtube.com/watch?v=fQ_KahCPBeU",
"type": "video"
}
]
},
"7KLGFfco-hw7a62kXtS3d": {
"title": "Understand Basics of Forensics",
"description": "Digital forensics is the process of collecting, analyzing, and preserving electronic evidence for legal or investigative purposes. It involves recovering data from various digital devices, including computers, smartphones, and networks, often in cases of cybercrime, data breaches, or legal disputes. Forensic analysts use specialized tools and techniques to extract and examine data, maintain chain of custody, and present findings in a court-admissible manner. Key aspects include data acquisition, file recovery, timeline analysis, and malware detection. Digital forensics plays a crucial role in cybersecurity incident response, criminal investigations, and corporate compliance, requiring a meticulous approach to ensure the integrity and admissibility of digital evidence.\n\nLearn more from the following resources:",
"links": [
{
"title": "Introduction to Digital Forensics (TryHackMe)",
"url": "https://tryhackme.com/room/introdigitalforensics",
"type": "article"
},
{
"title": "Digital Forensics",
"url": "https://www.youtube.com/watch?v=UtDWApdO8Zk",
"type": "video"
}
]
},
"_x3BgX93N-Pt1_JK7wk0p": {
"title": "Basics and Concepts of Threat Hunting",
"description": "Threat hunting is a proactive approach to cybersecurity where security professionals actively search for hidden threats or adversaries that may have bypassed traditional security measures, such as firewalls and intrusion detection systems. Rather than waiting for automated tools to flag suspicious activity, threat hunters use a combination of human intuition, threat intelligence, and advanced analysis techniques to identify indicators of compromise (IoCs) and potential threats within a network or system. The process involves several key concepts, starting with a **hypothesis**, where a hunter develops a theory about potential vulnerabilities or attack vectors that could be exploited. They then conduct a **search** through logs, traffic data, or endpoint activity to look for anomalies or patterns that may indicate malicious behavior. **Data analysis** is central to threat hunting, as hunters analyze vast amounts of network and system data to uncover subtle signs of attacks or compromises. If threats are found, the findings lead to **detection and mitigation**, allowing the security team to contain the threat, remove malicious entities, and prevent similar incidents in the future.\n\nLearn more from the following resources:",
"links": [
{
"title": "What is Threat Hunting",
"url": "https://www.ibm.com/topics/threat-hunting",
"type": "article"
},
{
"title": "Cyber Security Threat Hunting explained",
"url": "https://www.youtube.com/watch?v=VNp35Uw_bSM",
"type": "video"
}
]
},
"lcxAXtO6LoGd85nOFnLo8": {
"title": "Basics of Vulnerability Management",
"description": "Vulnerability management is the process of identifying, evaluating, prioritizing, and mitigating security vulnerabilities in an organization's systems, applications, and networks. It is a continuous, proactive approach to safeguarding digital assets by addressing potential weaknesses that could be exploited by attackers. The process begins with **vulnerability scanning**, where tools are used to detect known vulnerabilities by analyzing software, configurations, and devices.\n\nOnce vulnerabilities are identified, they are **assessed and prioritized** based on factors such as severity, potential impact, and exploitability. Organizations typically use frameworks like CVSS (Common Vulnerability Scoring System) to assign risk scores to vulnerabilities, helping them focus on the most critical ones first.\n\nNext, **remediation** is carried out through patching, configuration changes, or other fixes. In some cases, mitigation may involve applying temporary workarounds until a full patch is available. Finally, continuous **monitoring and reporting** ensure that new vulnerabilities are swiftly identified and addressed, maintaining the organization's security posture. Vulnerability management is key to reducing the risk of exploitation and minimizing the attack surface in today's complex IT environments.\n\nLearn more from the following resources:",
"links": [
{
"title": "What is vulnerability management? - Rapid7",
"url": "https://www.rapid7.com/fundamentals/vulnerability-management-and-scanning/",
"type": "article"
},
{
"title": "What is Vulnerability Management? - CrowdStrike",
"url": "https://www.crowdstrike.com/cybersecurity-101/vulnerability-management/",
"type": "article"
},
{
"title": "Vulnerability Management explained by experts",
"url": "https://www.youtube.com/watch?v=RE6_Lo2wSIg",
"type": "video"
}
]
},
"uoGA4T_-c-2ip_zfEUcJJ": {
"title": "Basics of Reverse Engineering",
"description": "Reverse engineering is the process of deconstructing a system, software, or hardware to understand its internal workings, design, and functionality without having access to its source code or original documentation. In cybersecurity, reverse engineering is often used to analyze malware or software vulnerabilities to uncover how they operate, allowing security professionals to develop defenses, patches, or detection methods. This involves breaking down the binary code, disassembling it into machine code, and then interpreting it to understand the logic, behavior, and intent behind the program. Reverse engineering can also be used in hardware to investigate a device's design or performance, or in software development for compatibility, debugging, or enhancing legacy systems. The process typically includes static analysis, where the code is examined without execution, and dynamic analysis, where the program is executed in a controlled environment to observe its runtime behavior. The insights gained through reverse engineering are valuable for improving security, fixing bugs, or adapting systems for different uses. However, it’s important to be aware of the legal and ethical boundaries, as reverse engineering certain software or hardware can violate intellectual property rights.\n\nLearn more from the following resources:",
"links": [
{
"title": "Reverse Engineering for Everyone!",
"url": "https://0xinfection.github.io/reversing/",
"type": "course"
},
{
"title": "What is reverse engineering?",
"url": "https://www.youtube.com/watch?v=gh2RXE9BIN8",
"type": "video"
}
]
},
"NkAAQikwH-A6vrF8fWpuB": {
"title": "Penetration Testing Rules of Engagement",
"description": "**Penetration Testing Rules of Engagement** define the guidelines and boundaries for conducting a penetration test. They establish the scope, objectives, and constraints, including the systems and networks to be tested, the testing methods allowed, and the times during which testing can occur. These rules ensure that the testing is conducted ethically and legally, minimizing disruptions and protecting sensitive data. They also include communication protocols for reporting findings and any necessary approvals or permissions from stakeholders to ensure that the testing aligns with organizational policies and compliance requirements.\n\nLearn more from the following resources:",
"links": [
{
"title": "Why are rules of engagement important to a Penetration Test?",
"url": "https://www.triaxiomsecurity.com/rules-of-engagement-important-to-penetration-test/",
"type": "article"
},
{
"title": "CompTIA Pentest+ : Rules of Engagement",
"url": "https://www.youtube.com/watch?v=Rt-4j8k6J2U",
"type": "video"
}
]
},
"PUgPgpKio4Npzs86qEXa7": {
"title": "Perimiter vs DMZ vs Segmentation",
"description": "In network security, **perimeter**, **DMZ (Demilitarized Zone)**, and **segmentation** are strategies for organizing and protecting systems:\n\n1. **Perimeter** security refers to the outer boundary of a network, typically protected by firewalls, intrusion detection systems (IDS), and other security measures. It acts as the first line of defense against external threats, controlling incoming and outgoing traffic to prevent unauthorized access.\n \n2. **DMZ** is a subnet that sits between an internal network and the external internet, hosting public-facing services like web servers and mail servers. The DMZ isolates these services to minimize the risk of attackers gaining access to the internal network by compromising a public-facing server.\n \n3. **Segmentation** divides a network into smaller, isolated sections or zones, each with its own security controls. This limits the spread of attacks, enhances internal security, and enforces access control between different parts of the network, reducing the potential impact of a breach.\n \n\nTogether, these strategies create a layered defense, protecting sensitive resources by managing traffic flow and access points across the network.\n\nLearn more from the following resources:",
"links": [
{
"title": "Best practice for network segmentation",
"url": "https://github.com/sergiomarotco/Network-segmentation-cheat-sheet",
"type": "opensource"
},
{
"title": "OWASP Network segmentation Cheat Sheet",
"url": "https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Network_Segmentation_Cheat_Sheet.md#network-segmentation-cheat-sheet",
"type": "opensource"
}
]
},
"HavEL0u65ZxHt92TfbLzk": {
"title": "Core Concepts of Zero Trust",
"description": "The core concepts of Zero Trust revolve around the principle of \"never trust, always verify,\" emphasizing the need to continuously validate every user, device, and application attempting to access resources, regardless of their location within or outside the network perimeter. Unlike traditional security models that rely on a strong perimeter defense, Zero Trust assumes that threats could already exist inside the network and that no entity should be trusted by default. Key principles include strict identity verification, least privilege access, micro-segmentation, and continuous monitoring. This approach limits access to resources based on user roles, enforces granular security policies, and continuously monitors for abnormal behavior, ensuring that security is maintained even if one segment of the network is compromised. Zero Trust is designed to protect modern IT environments from evolving threats by focusing on securing data and resources, rather than just the network perimeter.\n\nLearn more from the following resources:",
Add content to cyber security roadmap (#6757) * Update dns.md - Fix the YouTube video link error and update the video title. * Update understand-cia-triad.md * Update comptia-security.md - Fix all broken links. - Update Exam Details. - Add new links. - Remove outdated links. * Update comptia-network.md - Update Exam Details. - Preparation Resources. - New links. * Update dnssec.md - summarized content. - relevant links. * Update apt.md - New section - Added a new link * Update comptia-a.md - Updated Professor Messer's link - New links added * Apply suggestions from code review * Update attck.md - new content. - relevant links. * Update src/data/roadmaps/cyber-security/content/attck@auR7fNyd77W2UA-PjXeJS.md * Update linux.md, comptia-linux.md and understand-the-osi-model.md Update linux.md - New Links - Remove Google Analytics parameters from link Update comptia-linux.md - Links updated Update understand-the-osi-model.md - New link * Update cissp.md - new resources links * Update src/data/roadmaps/cyber-security/content/cissp@BqvijNoRzSGYLCMP-6hhr.md * update basics-of-ids-and-ips.md - new links * update endpoint-security.md - new links * update edr.md - new text and links. update ssl-and-tls-basics.md - new links update ssl--tls.md - new links update dropbox.md - official link * ipsec.md - new content - new link kali-linux.md - new content linux.md - fix typo * Update src/data/roadmaps/cyber-security/content/kali-linux@w6wXkoLrv0_d-Ah0txUHd.md * change the CEH position to CISSP This is a suggestion, I believe that CEH appears as a highlight due to the larger space and this bothers many people. CISSP is a top professional-level certification in the field of cybersecurity and the the most respected certificate in the IT security field. He really deserves his place in the spotlight. * update xss.md, privilege-escalation.md, wlan.md and others update xss.md - new content update privilege-escalatio.md - new link update core-concepts-of-zero-trust.md - new link update zero-day.md - new content Note: This second zero-day topic is a subset of the "Attack Types and Differences" topic, so the content is minimal compared to the zero-day%40zqRaMmqcLfx400kJ-h0LO.md update wifi.md - new video link update wlan.md - new video links ( professor messer ) * update vpn.md, web-based-attacks-and-owasp.md update vpn.md - new links update web-based-attacks-and-owasp.md - new links * chore: update roadmap content json --------- Co-authored-by: dsh <daniel.s.holdsworth@gmail.com> Co-authored-by: Kamran Ahmed <kamranahmed.se@gmail.com> Co-authored-by: andreluis-oliveira <andreluis-oliveira@users.noreply.github.com>
4 months ago
"links": [
{
"title": "What is a zero trust network?",
"url": "https://www.cloudflare.com/en-gb/learning/security/glossary/what-is-zero-trust/",
"type": "article"
},
{
"title": "Zero trust explained in 4 minutes",
"url": "https://www.youtube.com/watch?v=yn6CPQ9RioA",
Add content to cyber security roadmap (#6757) * Update dns.md - Fix the YouTube video link error and update the video title. * Update understand-cia-triad.md * Update comptia-security.md - Fix all broken links. - Update Exam Details. - Add new links. - Remove outdated links. * Update comptia-network.md - Update Exam Details. - Preparation Resources. - New links. * Update dnssec.md - summarized content. - relevant links. * Update apt.md - New section - Added a new link * Update comptia-a.md - Updated Professor Messer's link - New links added * Apply suggestions from code review * Update attck.md - new content. - relevant links. * Update src/data/roadmaps/cyber-security/content/attck@auR7fNyd77W2UA-PjXeJS.md * Update linux.md, comptia-linux.md and understand-the-osi-model.md Update linux.md - New Links - Remove Google Analytics parameters from link Update comptia-linux.md - Links updated Update understand-the-osi-model.md - New link * Update cissp.md - new resources links * Update src/data/roadmaps/cyber-security/content/cissp@BqvijNoRzSGYLCMP-6hhr.md * update basics-of-ids-and-ips.md - new links * update endpoint-security.md - new links * update edr.md - new text and links. update ssl-and-tls-basics.md - new links update ssl--tls.md - new links update dropbox.md - official link * ipsec.md - new content - new link kali-linux.md - new content linux.md - fix typo * Update src/data/roadmaps/cyber-security/content/kali-linux@w6wXkoLrv0_d-Ah0txUHd.md * change the CEH position to CISSP This is a suggestion, I believe that CEH appears as a highlight due to the larger space and this bothers many people. CISSP is a top professional-level certification in the field of cybersecurity and the the most respected certificate in the IT security field. He really deserves his place in the spotlight. * update xss.md, privilege-escalation.md, wlan.md and others update xss.md - new content update privilege-escalatio.md - new link update core-concepts-of-zero-trust.md - new link update zero-day.md - new content Note: This second zero-day topic is a subset of the "Attack Types and Differences" topic, so the content is minimal compared to the zero-day%40zqRaMmqcLfx400kJ-h0LO.md update wifi.md - new video link update wlan.md - new video links ( professor messer ) * update vpn.md, web-based-attacks-and-owasp.md update vpn.md - new links update web-based-attacks-and-owasp.md - new links * chore: update roadmap content json --------- Co-authored-by: dsh <daniel.s.holdsworth@gmail.com> Co-authored-by: Kamran Ahmed <kamranahmed.se@gmail.com> Co-authored-by: andreluis-oliveira <andreluis-oliveira@users.noreply.github.com>
4 months ago
"type": "video"
}
]
},
"kqT0FRLt9Ak9P8PhHldO-": {
"title": "Roles of Compliance and Auditors",
"description": "Compliance officers ensure that an organization adheres to legal, regulatory, and internal policies by proactively implementing controls, training employees, and mitigating risks. Auditors, both internal and external, assess the effectiveness of these controls and the accuracy of financial reporting through periodic evaluations, providing independent assurance to management and stakeholders. While compliance focuses on prevention and day-to-day adherence, auditors focus on verifying and evaluating past performance to ensure integrity and identify areas for improvement. Both roles work together to manage risk and maintain organizational accountability.\n\nLearn more from the following resources:",
"links": [
{
"title": "What is a compliance audit?",
"url": "https://www.auditboard.com/blog/compliance-audit/",
"type": "article"
}
]
},
"ggAja18sBUUdCfVsT0vCv": {
"title": "Understand the Definition of Risk",
"description": "In the context of cybersecurity, risk can be defined as the possibility of damage, loss, or any negative occurrence that is caused by external or internal vulnerabilities, and that may be avoided through preemptive action. Risk is typically characterized by three main components:\n\n* **Threat:** A potential danger to the confidentiality, integrity, or availability of information in your system. Threats can be natural (e.g., floods, earthquakes), human-made (e.g., hackers, malicious software), or due to technical issues (e.g., hardware malfunction).\n \n* **Vulnerability:** A weakness or flaw in your system that can be exploited by a threat agent to compromise the security of the system. Vulnerabilities can exist in various aspects, such as physical access, network services, or security procedures.\n \n* **Impact:** The potential amount of damage or loss that can occur to your organization, system, or data due to the successful execution of a threat. Impacts can be financial, reputational, operational, or any other negative consequence that your organization faces as a result of a security breach.\n \n\nWhen evaluating the risk levels of a cybersecurity scenario, it is important to assess the likelihood of a specific threat exploiting a specific vulnerability, as well as the associated impact if such an event occurs. By understanding risks and their components, you can better prioritize your security resources and take appropriate steps to mitigate potential risks. Remember that risk cannot be entirely eliminated, but rather managed to an acceptable level through effective security measures and strategies.\n\nLearn more from the following resources:",
"links": [
{
"title": "What is Cybersecurity Risk?",
"url": "https://securityscorecard.com/blog/what-is-cybersecurity-risk-factors-to-consider/",
"type": "article"
},
{
"title": "Risk Analysis - Know Your Threat Tolerance",
"url": "https://www.youtube.com/watch?v=xt_Cdtvjbd4",
"type": "video"
}
]
},
"9asy3STW4oTYYHcUazaRj": {
"title": "Understand Backups and Resiliency",
"description": "Backups and resiliency are critical components of data protection and business continuity strategies. Backups involve regularly copying data to secure storage locations, ensuring data can be recovered in case of loss, corruption, or disaster. Resiliency refers to a system's ability to maintain operations and recover quickly from disruptions. This includes implementing redundant systems, distributing resources across multiple locations, and designing fault-tolerant architectures. Effective backup and resiliency strategies incorporate diverse backup methods (full, incremental, differential), off-site storage, regular testing of recovery procedures, and automated failover mechanisms. These practices are essential for minimizing downtime, protecting against data loss, and maintaining business operations in the face of various threats, from hardware failures to cyberattacks.\n\nLearn more from the following resources:",
"links": [
{
"title": "Backup & Restore",
"url": "https://aws.amazon.com/solutions/resilience/backup-restore/",
"type": "article"
},
{
"title": "Why backup should be a part of your cyber resilience plan?",
"url": "https://www.youtube.com/watch?v=S8BIkoHlU_0",
"type": "video"
},
{
"title": "AWS re:Invent 2023 - Backup and disaster recovery strategies for increased resilience",
"url": "https://www.youtube.com/watch?v=E073XISxrSU",
"type": "video"
}
]
},
"H38Vb7xvuBJXVzgPBdRdT": {
"title": "Cyber Kill Chain",
"description": "The **Cyber Kill Chain** is a model that was developed by Lockheed Martin, a major aerospace, military support, and security company, to understand and prevent cyber intrusions in various networks and systems. It serves as a framework for breaking down the stages of a cyber attack, making it easier for security professionals to identify, mitigate, and prevent threats.\n\nThe concept is based on a military model, where the term \"kill chain\" represents a series of steps needed to successfully target and engage an adversary. In the context of cybersecurity, the model breaks down the stages of a cyber attack into seven distinct phases:\n\n* **Reconnaissance**: This initial phase involves gathering intelligence on the target, which may include researching public databases, performing network scans, or social engineering techniques.\n* **Weaponization**: In this stage, the attacker creates a weapon – such as a malware, virus, or exploit – and packages it with a delivery mechanism that can infiltrate the target's system.\n* **Delivery**: The attacker selects and deploys the delivery method to transmit the weapon to the target. Common methods include email attachments, malicious URLs, or infected software updates.\n* **Exploitation**: This is the phase where the weapon is activated, taking advantage of vulnerabilities in the target's systems or applications to execute the attacker's code.\n* **Installation**: Once the exploit is successful, the attacker installs the malware on the victim's system, setting the stage for further attacks or data exfiltration.\n* **Command and Control (C2)**: The attacker establishes a communication channel with the infected system, allowing them to remotely control the malware and conduct further actions.\n* **Actions on Objectives**: In this final phase, the attacker achieves their goal, which may involve stealing sensitive data, compromising systems, or disrupting services.\n\nLearn more from the following resources:",
"links": [
{
"title": "Cyber Kill Chain",
"url": "https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html",
"type": "article"
},
{
"title": "Learn the Cyber Kill Chain",
"url": "https://www.youtube.com/watch?v=oCUrkc_0tmw",
"type": "video"
}
]
},
"pnfVrOjDeG1uYAeqHxhJP": {
"title": "MFA & 2FA",
"description": "**Multi-Factor Authentication (MFA)** and **Two-Factor Authentication (2FA)** are security methods that require users to provide two or more forms of verification to access a system. **2FA** specifically uses two factors, typically combining something the user knows (like a password) with something they have (like a phone or token) or something they are (like a fingerprint). **MFA**, on the other hand, can involve additional layers of authentication beyond two factors, further enhancing security. Both methods aim to strengthen access controls by making it harder for unauthorized individuals to gain access, even if passwords are compromised.\n\nLearn more from the following resources:",
"links": [
{
"title": "What is MFA?",
"url": "https://www.onelogin.com/learn/what-is-mfa",
"type": "article"
},
{
"title": "What is 2FA?",
"url": "https://www.microsoft.com/en-gb/security/business/security-101/what-is-two-factor-authentication-2fa",
"type": "article"
}
]
},
"_S25EOGS3P8647zLM5i-g": {
"title": "Operating System Hardening",
"description": "**Operating system hardening** involves configuring and securing an OS to reduce vulnerabilities and improve its defense against attacks. This process includes disabling unnecessary services and ports, applying security patches and updates, configuring strong authentication mechanisms, enforcing least privilege principles, and enabling firewalls and intrusion detection systems. Hardening also involves setting up proper file permissions, securing system logs, and regularly auditing the system to ensure compliance with security policies and best practices. The goal is to minimize the attack surface and protect the OS from potential threats and exploits.\n\nLearn more from the following resources",
"links": [
{
"title": "OS Hardening: 15 Best Practices",
"url": "https://perception-point.io/guides/os-isolation/os-hardening-10-best-practices/",
"type": "article"
},
{
"title": "Hardening Techniques",
"url": "https://www.youtube.com/watch?v=wXoC46Qr_9Q",
"type": "video"
}
]
},
"aDF7ZcOX9uR8l0W4aqhYn": {
"title": "Understand Concept of Isolation",
"description": "Isolation in computing and cybersecurity refers to the practice of separating systems, processes, or data to contain potential threats and minimize the impact of security breaches. It involves creating boundaries between different components of a system or network to prevent unauthorized access or the spread of malware. Common isolation techniques include virtual machines, containers, network segmentation, and sandboxing. Isolation enhances security by limiting the attack surface, containing potential breaches, and protecting sensitive data or critical systems from compromised areas. It's a fundamental principle in designing secure architectures, implementing least privilege access, and managing multi-tenant environments in cloud computing.\n\nLearn more from the following resources:",
"links": [
{
"title": "The Power of Isolation in Cyber security",
"url": "https://peel-cyber.co.uk/the-power-of-isolation-in-cyber-security/",
"type": "article"
},
{
"title": "Bridging the Air Gap - Understanding Digital Isolation",
"url": "https://www.youtube.com/watch?v=0rv2996e3S0",
"type": "video"
}
]
},
"FJsEBOFexbDyAj86XWBCc": {
"title": "Basics of IDS and IPS",
"description": "When it comes to cybersecurity, detecting and preventing intrusions is crucial for protecting valuable information systems and networks. In this section, we'll discuss the basics of Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) to help you better understand their function and importance in your overall cybersecurity strategy.\n\nWhat is Intrusion Detection System (IDS)?\n-----------------------------------------\n\nAn Intrusion Detection System (IDS) is a critical security tool designed to monitor and analyze network traffic or host activities for any signs of malicious activity, policy violations, or unauthorized access attempts. Once a threat or anomaly is identified, the IDS raises an alert to the security administrator for further investigation and possible actions.\n\nWhat is Intrusion Prevention System (IPS)?\n------------------------------------------\n\nAn Intrusion Prevention System (IPS) is an advanced security solution closely related to IDS. While an IDS mainly focuses on detecting and alerting about intrusions, an IPS takes it a step further and actively works to prevent the attacks. It monitors, analyzes, and takes pre-configured automatic actions based on suspicious activities, such as blocking malicious traffic, reseting connections, or dropping malicious packets.\n\nLearn more from the following resources:",
"links": [
{
"title": "What is an Intrusion Prevention System?",
"url": "https://www.paloaltonetworks.com/cyberpedia/what-is-an-intrusion-prevention-system-ips",
"type": "article"
},
{
"title": "Intrusion Prevention System (IPS)",
"url": "https://www.youtube.com/watch?v=7QuYupuic3Q",
"type": "video"
}
]
},
"bj5YX8zhlam0yoNckL8e4": {
"title": "Honeypots",
"description": "Honeypots are decoy systems or networks designed to attract and detect unauthorized access attempts by cybercriminals. These intentionally vulnerable resources mimic legitimate targets, allowing security professionals to study attack techniques, gather threat intelligence, and divert attackers from actual critical systems. Honeypots can range from low-interaction systems that simulate basic services to high-interaction ones that replicate entire network environments. They serve multiple purposes in cybersecurity: early warning systems for detecting new attack vectors, research tools for understanding attacker behavior, and diversions to waste hackers' time and resources. However, deploying honeypots requires careful consideration, as they can potentially introduce risks if not properly isolated from production environments. Advanced honeypots may incorporate machine learning to adapt to evolving threats and provide more convincing decoys. While honeypots are powerful tools for proactive defense, they should be part of a comprehensive security strategy rather than a standalone solution.\n\nLearn more from the following resources:",
"links": [
{
"title": "How Honeypots help security",
"url": "https://www.kaspersky.com/resource-center/threats/what-is-a-honeypot",
"type": "article"
},
{
"title": "What is a Honeypot?",
"url": "https://www.youtube.com/watch?v=FtR9sFJlkSA",
"type": "video"
}
]
},
"WG7DdsxESm31VcLFfkVTz": {
"title": "Authentication vs Authorization",
"description": "Authentication vs Authorization\n-------------------------------\n\n**Authentication** is the process of validating the identity of a user, device, or system. It confirms that the entity attempting to access the resource is who or what they claim to be. The most common form of authentication is the use of usernames and passwords. Other methods include:\n\n**Authorization** comes into play after the authentication process is complete. It involves granting or denying access to a resource, based on the authenticated user's privileges. Authorization determines what actions the authenticated user or entity is allowed to perform within a system or application.",
"links": [
{
"title": "Two-factor authentication (2FA)",
"url": "https://authy.com/what-is-2fa/",
"type": "article"
},
{
"title": "Biometrics (fingerprint, facial recognition, etc.)",
"url": "https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5428991/",
"type": "article"
},
{
"title": "Security tokens or certificates",
"url": "https://www.comodo.com/e-commerce/ssl-certificates/certificate.php",
"type": "article"
},
{
"title": "Role-based access control (RBAC)",
"url": "https://en.wikipedia.org/wiki/Role-based_access_control",
"type": "article"
},
{
"title": "Access Control Lists (ACLs)",
"url": "https://en.wikipedia.org/wiki/Access-control_list",
"type": "article"
},
{
"title": "Attribute-based access control (ABAC)",
"url": "https://en.wikipedia.org/wiki/Attribute-based_access_control",
"type": "article"
}
]
},
"7tDxTcKJNAUxbHLPCnPFO": {
"title": "Blue / Red / Purple Teams",
"description": "In the context of cybersecurity, Blue Team, Red Team, and Purple Team are terms used to describe different roles and methodologies employed to ensure the security of an organization or system. Let's explore each one in detail. In cybersecurity, Blue Team and Red Team refer to opposing groups that work together to improve an organization's security posture. The Blue Team represents defensive security personnel who protect systems and networks from attacks, while the Red Team simulates real-world adversaries to test the Blue Team's defenses. Purple Team bridges the gap between the two, facilitating collaboration and knowledge sharing to enhance overall security effectiveness. This approach combines the defensive strategies of the Blue Team with the offensive tactics of the Red Team, creating a more comprehensive and dynamic security framework that continuously evolves to address emerging threats and vulnerabilities.\n\nLearn more from the following resources:",
"links": [
{
"title": "What is a blue team?",
"url": "https://www.checkpoint.com/cyber-hub/cyber-security/what-is-a-blue-team/",
"type": "article"
},
{
"title": "What is red teaming?",
"url": "https://www.ibm.com/think/topics/red-teaming",
"type": "article"
},
{
"title": "Purple teaming explained",
"url": "https://www.crowdstrike.com/cybersecurity-101/purple-teaming/",
"type": "article"
}
]
},
"XwRCZf-yHJsXVjaRfb3R4": {
"title": "False Negative / False Positive",
"description": "A false positive happens when the security tool mistakenly identifies a non-threat as a threat. For example, it might raise an alarm for a legitimate user's activity, indicating a potential attack when there isn't any. A high number of false positives can cause unnecessary diverting of resources and time, investigating false alarms. Additionally, it could lead to user frustration if legitimate activities are being blocked.\n\nA false negative occurs when the security tool fails to detect an actual threat or attack. This could result in a real attack going unnoticed, causing damage to the system, data breaches, or other negative consequences. A high number of false negatives indicate that the security system needs to be improved to capture real threats effectively.\n\nTo have an effective cybersecurity system, security professionals aim to maximize true positives and true negatives, while minimizing false positives and false negatives. Balancing these aspects ensures that the security tools maintain their effectiveness without causing undue disruptions to a user's experience.\n\nLearn more from the following resources:",
"links": [
{
"title": "What is a false positive virus?",
"url": "https://www.youtube.com/watch?v=WrcAGBvIT14",
"type": "video"
},
{
"title": "False positives and false negatives",
"url": "https://www.youtube.com/watch?v=bUNBzMnfHLw",
"type": "video"
}
]
},
"M6uwyD4ibguxytf1od-og": {
"title": "True Negative / True Positive",
"description": "True Negative / True Positive\n-----------------------------\n\nA True Positive occurs when a security system correctly identifies a genuine threat or malicious activity. It's an accurate alert that correctly detects an actual security incident. For example, an antivirus correctly flagging a file as malware. A True Negative is when a security system correctly identifies that there is no threat when indeed no threat exists. It's the system's accurate determination that normal, benign activity is not a security risk. For example, a firewall correctly allowing legitimate network traffic.\n\nBoth True Positives and True Negatives represent correct assessments by security systems, contributing to effective threat detection and minimizing false alarms. Balancing these with minimizing false positives and false negatives is crucial for optimal security system performance.\n\nLearn more from the following resources:",
"links": [
{
"title": "False Positives and False Negatives in Information Security",
"url": "https://www.guardrails.io/blog/false-positives-and-false-negatives-in-information-security/",
"type": "article"
},
{
"title": "False Positives and False Negatives",
"url": "https://www.youtube.com/watch?v=bUNBzMnfHLw",
"type": "video"
}
]
},
"wN5x5pY53B8d0yopa1z8F": {
"title": "Basics of Threat Intel, OSINT",
"description": "Threat Intelligence (Threat Intel) and Open-Source Intelligence (OSINT) are both critical components in cybersecurity that help organizations stay ahead of potential threats. Threat Intelligence refers to the collection, analysis, and dissemination of information about potential or current attacks targeting an organization. This intelligence typically includes details on emerging threats, attack patterns, malicious IP addresses, and indicators of compromise (IoCs), helping security teams anticipate, prevent, or mitigate cyberattacks. Threat Intel can be sourced from both internal data (such as logs or past incidents) and external feeds, and it helps in understanding the tactics, techniques, and procedures (TTPs) of adversaries. OSINT, a subset of Threat Intel, involves gathering publicly available information from open sources to assess and monitor threats. These sources include websites, social media, forums, news articles, and other publicly accessible platforms. OSINT is often used for reconnaissance to identify potential attack vectors, compromised credentials, or leaks of sensitive data. It’s also a valuable tool in tracking threat actors, as they may leave traces in forums or other public spaces. Both Threat Intel and OSINT enable organizations to be more proactive in their cybersecurity strategies by identifying vulnerabilities, understanding attacker behavior, and implementing timely defenses based on actionable insights.\n\nLearn more from the following resources:",
"links": [
{
"title": "Open-Source Intelligence (OSINT) in 5 Hours",
"url": "https://www.youtube.com/watch?v=qwA6MmbeGNo&t=457s",
"type": "course"
},
{
"title": "OSINT Framework",
"url": "https://osintframework.com/",
"type": "article"
}
]
},
"zQx_VUS1zRmF4zCGjJD5-": {
"title": "Understand Handshakes",
"description": "In networking and cybersecurity, a handshake is a process of establishing a secure connection between two parties before data exchange begins. It typically involves a series of predefined messages exchanged to verify identities, agree on communication parameters, and sometimes establish encryption keys. The most common example is the TCP three-way handshake used to initiate a connection. In cryptographic protocols like TLS/SSL, handshakes are more complex, involving certificate verification and key exchange. Handshakes are crucial for ensuring secure, authenticated communications, preventing unauthorized access, and setting up the parameters for efficient data transfer in various network protocols and security systems.\n\nLearn more from the following resources:",
"links": [
{
"title": "TCP 3-Way Handshake Process",
"url": "https://www.geeksforgeeks.org/tcp-3-way-handshake-process/",
"type": "article"
},
{
"title": "TLS Handshake Explained",
"url": "https://www.youtube.com/watch?v=86cQJ0MMses",
"type": "video"
}
]
},
"uz6ELaLEu9U4fHVfnQiOa": {
"title": "Understand CIA Triad",
"description": "The CIA Triad is a fundamental model in information security that defines three key principles: Confidentiality, Integrity, and Availability. Confidentiality ensures that data is accessible only to authorized parties. Integrity guarantees that information remains accurate and unaltered throughout its lifecycle. Availability ensures that data and resources are accessible to authorized users when needed. This model serves as a guide for developing security policies, designing secure systems, and evaluating the effectiveness of security measures. Balancing these three elements is crucial for comprehensive information security, as overemphasizing one aspect may compromise the others. The CIA Triad forms the basis for most security programs and is essential in risk assessment, compliance efforts, and overall cybersecurity strategy.\n\nLearn more from the following resources:",
"links": [
{
"title": "The CIA Triad",
"url": "https://www.fortinet.com/resources/cyberglossary/cia-triad",
"type": "article"
},
{
"title": "The CIA Triad - Professor Messer",
"url": "https://www.youtube.com/watch?v=SBcDGb9l6yo",
"type": "video"
}
]
},
"cvI8-sxY5i8lpelW9iY_5": {
"title": "Privilege Escalation",
"description": "Privilege escalation is a technique where an attacker increases their access level within a system, moving from lower to higher permissions, such as from a standard user to an administrator. This can be achieved by exploiting system vulnerabilities, misconfigurations, or security weaknesses. It is critical to implement strong access controls, adhere to the principle of least privilege, and regularly update and patch systems to defend against such attacks.\n\nVisit the following resources to learn more:",
Add content to cyber security roadmap (#6757) * Update dns.md - Fix the YouTube video link error and update the video title. * Update understand-cia-triad.md * Update comptia-security.md - Fix all broken links. - Update Exam Details. - Add new links. - Remove outdated links. * Update comptia-network.md - Update Exam Details. - Preparation Resources. - New links. * Update dnssec.md - summarized content. - relevant links. * Update apt.md - New section - Added a new link * Update comptia-a.md - Updated Professor Messer's link - New links added * Apply suggestions from code review * Update attck.md - new content. - relevant links. * Update src/data/roadmaps/cyber-security/content/attck@auR7fNyd77W2UA-PjXeJS.md * Update linux.md, comptia-linux.md and understand-the-osi-model.md Update linux.md - New Links - Remove Google Analytics parameters from link Update comptia-linux.md - Links updated Update understand-the-osi-model.md - New link * Update cissp.md - new resources links * Update src/data/roadmaps/cyber-security/content/cissp@BqvijNoRzSGYLCMP-6hhr.md * update basics-of-ids-and-ips.md - new links * update endpoint-security.md - new links * update edr.md - new text and links. update ssl-and-tls-basics.md - new links update ssl--tls.md - new links update dropbox.md - official link * ipsec.md - new content - new link kali-linux.md - new content linux.md - fix typo * Update src/data/roadmaps/cyber-security/content/kali-linux@w6wXkoLrv0_d-Ah0txUHd.md * change the CEH position to CISSP This is a suggestion, I believe that CEH appears as a highlight due to the larger space and this bothers many people. CISSP is a top professional-level certification in the field of cybersecurity and the the most respected certificate in the IT security field. He really deserves his place in the spotlight. * update xss.md, privilege-escalation.md, wlan.md and others update xss.md - new content update privilege-escalatio.md - new link update core-concepts-of-zero-trust.md - new link update zero-day.md - new content Note: This second zero-day topic is a subset of the "Attack Types and Differences" topic, so the content is minimal compared to the zero-day%40zqRaMmqcLfx400kJ-h0LO.md update wifi.md - new video link update wlan.md - new video links ( professor messer ) * update vpn.md, web-based-attacks-and-owasp.md update vpn.md - new links update web-based-attacks-and-owasp.md - new links * chore: update roadmap content json --------- Co-authored-by: dsh <daniel.s.holdsworth@gmail.com> Co-authored-by: Kamran Ahmed <kamranahmed.se@gmail.com> Co-authored-by: andreluis-oliveira <andreluis-oliveira@users.noreply.github.com>
4 months ago
"links": [
{
"title": "What is privilege escalation?",
"url": "https://www.crowdstrike.com/cybersecurity-101/privilege-escalation/",
"type": "article"
},
Add content to cyber security roadmap (#6757) * Update dns.md - Fix the YouTube video link error and update the video title. * Update understand-cia-triad.md * Update comptia-security.md - Fix all broken links. - Update Exam Details. - Add new links. - Remove outdated links. * Update comptia-network.md - Update Exam Details. - Preparation Resources. - New links. * Update dnssec.md - summarized content. - relevant links. * Update apt.md - New section - Added a new link * Update comptia-a.md - Updated Professor Messer's link - New links added * Apply suggestions from code review * Update attck.md - new content. - relevant links. * Update src/data/roadmaps/cyber-security/content/attck@auR7fNyd77W2UA-PjXeJS.md * Update linux.md, comptia-linux.md and understand-the-osi-model.md Update linux.md - New Links - Remove Google Analytics parameters from link Update comptia-linux.md - Links updated Update understand-the-osi-model.md - New link * Update cissp.md - new resources links * Update src/data/roadmaps/cyber-security/content/cissp@BqvijNoRzSGYLCMP-6hhr.md * update basics-of-ids-and-ips.md - new links * update endpoint-security.md - new links * update edr.md - new text and links. update ssl-and-tls-basics.md - new links update ssl--tls.md - new links update dropbox.md - official link * ipsec.md - new content - new link kali-linux.md - new content linux.md - fix typo * Update src/data/roadmaps/cyber-security/content/kali-linux@w6wXkoLrv0_d-Ah0txUHd.md * change the CEH position to CISSP This is a suggestion, I believe that CEH appears as a highlight due to the larger space and this bothers many people. CISSP is a top professional-level certification in the field of cybersecurity and the the most respected certificate in the IT security field. He really deserves his place in the spotlight. * update xss.md, privilege-escalation.md, wlan.md and others update xss.md - new content update privilege-escalatio.md - new link update core-concepts-of-zero-trust.md - new link update zero-day.md - new content Note: This second zero-day topic is a subset of the "Attack Types and Differences" topic, so the content is minimal compared to the zero-day%40zqRaMmqcLfx400kJ-h0LO.md update wifi.md - new video link update wlan.md - new video links ( professor messer ) * update vpn.md, web-based-attacks-and-owasp.md update vpn.md - new links update web-based-attacks-and-owasp.md - new links * chore: update roadmap content json --------- Co-authored-by: dsh <daniel.s.holdsworth@gmail.com> Co-authored-by: Kamran Ahmed <kamranahmed.se@gmail.com> Co-authored-by: andreluis-oliveira <andreluis-oliveira@users.noreply.github.com>
4 months ago
{
"title": "Privilege Escalation",
"url": "https://www.youtube.com/watch?v=ksjU3Iu195Q",
"type": "video"
}
]
},
"fyOYVqiBqyKC4aqc6-y0q": {
"title": "Web Based Attacks and OWASP10",
"description": "The OWASP (Open Web Application Security Project) Top 10 is a regularly updated list of the most critical web application security risks. It serves as a standard awareness document for developers and security professionals, highlighting the most important security concerns in web applications. The list includes vulnerabilities like injection flaws, broken authentication, sensitive data exposure, XML external entities (XXE), broken access control, security misconfigurations, cross-site scripting (XSS), insecure deserialization, using components with known vulnerabilities, and insufficient logging and monitoring. This resource helps organizations prioritize security efforts, guide secure development practices, and improve overall web application security posture.\n\nVisit the following resources to learn more:",
Add content to cyber security roadmap (#6757) * Update dns.md - Fix the YouTube video link error and update the video title. * Update understand-cia-triad.md * Update comptia-security.md - Fix all broken links. - Update Exam Details. - Add new links. - Remove outdated links. * Update comptia-network.md - Update Exam Details. - Preparation Resources. - New links. * Update dnssec.md - summarized content. - relevant links. * Update apt.md - New section - Added a new link * Update comptia-a.md - Updated Professor Messer's link - New links added * Apply suggestions from code review * Update attck.md - new content. - relevant links. * Update src/data/roadmaps/cyber-security/content/attck@auR7fNyd77W2UA-PjXeJS.md * Update linux.md, comptia-linux.md and understand-the-osi-model.md Update linux.md - New Links - Remove Google Analytics parameters from link Update comptia-linux.md - Links updated Update understand-the-osi-model.md - New link * Update cissp.md - new resources links * Update src/data/roadmaps/cyber-security/content/cissp@BqvijNoRzSGYLCMP-6hhr.md * update basics-of-ids-and-ips.md - new links * update endpoint-security.md - new links * update edr.md - new text and links. update ssl-and-tls-basics.md - new links update ssl--tls.md - new links update dropbox.md - official link * ipsec.md - new content - new link kali-linux.md - new content linux.md - fix typo * Update src/data/roadmaps/cyber-security/content/kali-linux@w6wXkoLrv0_d-Ah0txUHd.md * change the CEH position to CISSP This is a suggestion, I believe that CEH appears as a highlight due to the larger space and this bothers many people. CISSP is a top professional-level certification in the field of cybersecurity and the the most respected certificate in the IT security field. He really deserves his place in the spotlight. * update xss.md, privilege-escalation.md, wlan.md and others update xss.md - new content update privilege-escalatio.md - new link update core-concepts-of-zero-trust.md - new link update zero-day.md - new content Note: This second zero-day topic is a subset of the "Attack Types and Differences" topic, so the content is minimal compared to the zero-day%40zqRaMmqcLfx400kJ-h0LO.md update wifi.md - new video link update wlan.md - new video links ( professor messer ) * update vpn.md, web-based-attacks-and-owasp.md update vpn.md - new links update web-based-attacks-and-owasp.md - new links * chore: update roadmap content json --------- Co-authored-by: dsh <daniel.s.holdsworth@gmail.com> Co-authored-by: Kamran Ahmed <kamranahmed.se@gmail.com> Co-authored-by: andreluis-oliveira <andreluis-oliveira@users.noreply.github.com>
4 months ago
"links": [
{
"title": "OWASP Top Ten",
"url": "https://owasp.org/www-project-top-ten/",
"type": "article"
},
{
"title": "OWASP Top Ten",
"url": "https://youtube.com/playlist?list=PLyqga7AXMtPOguwtCCXGZUKvd2CDCmUgQ&si=ZYRbcDSRvqTOnDOo",
"type": "video"
}
]
},
"v7CD_sHqLWbm9ibXXESIK": {
"title": "Learn how Malware works and Types",
"description": "Malware, short for malicious software, refers to any software intentionally created to cause harm to a computer system, server, network, or user. It is a broad term that encompasses various types of harmful software created by cybercriminals for various purposes. In this guide, we will delve deeper into the major types of malware and their characteristics.\n\nVirus\n-----\n\nA computer virus is a type of malware that, much like a biological virus, attaches itself to a host (e.g., a file or software) and replicates when the host is executed. Viruses can corrupt, delete or modify data, and slow down system performance.\n\nWorm\n----\n\nWorms are self-replicating malware that spread through networks without human intervention. They exploit system vulnerabilities, consuming bandwidth and sometimes carrying a payload to infect target machines.\n\nTrojan Horse\n------------\n\nA trojan horse is a piece of software disguised as a legitimate program but contains harmful code. Users unknowingly download and install it, giving the attacker unauthorized access to the computer or network. Trojans can be used to steal data, create a backdoor, or launch additional malware attacks.\n\nRansomware\n----------\n\nRansomware is a type of malware that encrypts its victims' files and demands a ransom, typically in the form of cryptocurrency, for the decryption key. If the victim refuses or fails to pay within a specified time, the encrypted data may be lost forever.\n\nSpyware\n-------\n\nSpyware is a type of malware designed to collect and relay information about a user or organization without their consent. It can capture keystrokes, record browsing history, and access personal data such as usernames and passwords.\n\nAdware\n------\n\nAdware is advertising-supported software that automatically displays or downloads advertising materials, often in the form of pop-up ads, on a user's computer. While not always malicious, adware can be intrusive and open the door for other malware infections.\n\nRootkit\n-------\n\nA rootkit is a type of malware designed to hide or obscure the presence of other malicious programs on a computer system. This enables it to maintain persistent unauthorized access to the system and can make it difficult for users or security software to detect and remove infected files.\n\nKeylogger\n---------\n\nKeyloggers are a type of malware that monitor and record users' keystrokes, allowing attackers to capture sensitive information, such as login credentials or financial information entered on a keyboard.\n\nUnderstanding the different types of malware can help you better identify and protect against various cyber threats. As the cyber landscape continues to evolve, it's essential to stay informed about emerging malware and equip yourself with the necessary security skills and knowledge.",
"links": []
},
"Hoou7kWyfB2wx_yFHug_H": {
"title": "nmap",
"description": "**Nmap** (Network Mapper) is an open-source network scanning tool used to discover hosts and services on a network, identify open ports, and detect vulnerabilities. It provides detailed information about networked devices, including their IP addresses, operating systems, and running services. Nmap supports various scanning techniques such as TCP SYN scan, UDP scan, and service version detection. It's widely used for network security assessments, vulnerability scanning, and network inventory management, helping administrators and security professionals understand and secure their network environments.\n\nLearn more from the following resources:",
"links": [
{
"title": "NMAP Website",
"url": "https://nmap.org/",
"type": "article"
},
{
"title": "NMAP Cheat Sheet",
"url": "https://www.tutorialspoint.com/nmap-cheat-sheet",
"type": "article"
}
]
},
"jJtS0mgCYc0wbjuXssDRO": {
"title": "tracert",
"description": "Tracert (traceroute in Unix-based systems) is a network diagnostic tool used to trace the path that data packets take from a source computer to a destination host. It shows the number of hops (intermediate routers) traversed, the IP addresses of these routers, and the round-trip time for each hop. Tracert works by sending packets with increasing Time-To-Live (TTL) values, causing each router along the path to respond. This tool is valuable for identifying network bottlenecks, pinpointing where packet loss occurs, and understanding the routing path of network traffic. It's commonly used for troubleshooting network connectivity issues, analyzing network performance, and mapping network topology.\n\nLearn more from the following resources:",
"links": [
{
"title": "traceroute man page",
"url": "https://linux.die.net/man/8/traceroute",
"type": "article"
},
{
"title": "tracert",
"url": "https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/tracert",
"type": "article"
},
{
"title": "Traceroute (tracert) Explained",
"url": "https://www.youtube.com/watch?v=up3bcBLZS74",
"type": "video"
}
]
},
"OUarb1oS1-PX_3OXNR0rV": {
"title": "nslookup",
"description": "**nslookup** is a network utility used to query Domain Name System (DNS) servers for information about domain names and IP addresses. It allows users to obtain details such as IP address mappings for a given domain name, reverse lookups to find domain names associated with an IP address, and DNS record types like A, MX, and CNAME records. nslookup helps troubleshoot DNS-related issues, verify DNS configurations, and analyze DNS records. It can be run from the command line in various operating systems, including Windows, macOS, and Linux.\n\nLearn more from the following resources",
"links": [
{
"title": "nslookup",
"url": "https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/nslookup",
"type": "article"
},
{
"title": "What is Nslookup?",
"url": "https://www.youtube.com/watch?v=n6pT8lbyhog",
"type": "video"
}
]
},
"W7iQUCjODGYgE4PjC5TZI": {
"title": "curl",
"description": "Curl is a versatile command-line tool primarily used for transferring data using various network protocols. It is widely used in cybersecurity and development for the purpose of testing and interacting with web services, APIs, and scrutinizing web application security. Curl supports various protocols such as HTTP, HTTPS, FTP, SCP, SFTP, and many more.\n\nLearn more from the following resources:",
"links": [
{
"title": "What is the cURL command?",
"url": "https://blog.hubspot.com/website/curl-command",
"type": "article"
},
{
"title": "You need to know how to use cURL",
"url": "https://www.youtube.com/watch?v=q2sqkvXzsw8",
"type": "video"
}
]
},
"Cclbt4bNfkHwFwZOvJuLK": {
"title": "hping",
"description": "hping is a versatile and powerful command-line based packet crafting tool that allows network administrators, security professionals, and system auditors to manipulate and analyze network packets at a granular level. hping can be used to perform stress testing, firewall testing, scanning, and packet generation, among other functionalities.\n\nLearn more from the following resources:",
"links": [
{
"title": "hping source code",
"url": "https://salsa.debian.org/debian/hping3",
"type": "article"
},
{
"title": "What is hping?",
"url": "https://www.okta.com/uk/identity-101/hping/",
"type": "article"
}
]
},
"yfTpp-ePuDB931FnvNB-Y": {
"title": "ping",
"description": "**Ping** is a network utility used to test the reachability and responsiveness of a device on a network. It sends Internet Control Message Protocol (ICMP) echo request packets to a target host and measures the time it takes for an echo reply to be received. Ping is commonly used to diagnose network connectivity issues, determine network latency, and check if a specific server or device is online. A successful ping response indicates that the target device is reachable, while failures or delays may suggest network problems, such as packet loss or routing issues.\n\nLearn more from the following resources:",
"links": [
{
"title": "What is ping?",
"url": "https://www.solarwinds.com/resources/it-glossary/ping",
"type": "article"
},
{
"title": "Ping command explained",
"url": "https://www.youtube.com/watch?v=7sv5pL-XgSg",
"type": "video"
}
]
},
"fzdZF-nzIL69kaA7kwOCn": {
"title": "arp",
"description": "ARP is a protocol used by the Internet Protocol (IP) to map an IP address to a physical address, also known as a Media Access Control (MAC) address. ARP is essential for routing data between devices in a Local Area Network (LAN) as it allows for the translation of IP addresses to specific hardware on the network. When a device wants to communicate with another device on the same LAN, it needs to determine the corresponding MAC address for the target IP address. ARP helps in this process by broadcasting an ARP request containing the target IP address. All devices within the broadcast domain receive this ARP request and compare the target IP address with their own IP address. If a match is found, the device with the matching IP address sends an ARP reply which contains its MAC address. The device that initiated the ARP request can now update its ARP cache (a table that stores IP-to-MAC mappings) with the new information, and then proceed to send data to the target's MAC address.\n\nLearn more from the following resources:",
"links": [
{
"title": "What is Address Resolution Protocol?",
"url": "https://www.fortinet.com/resources/cyberglossary/what-is-arp",
"type": "article"
},
{
"title": "ARP Explained",
"url": "https://www.youtube.com/watch?v=cn8Zxh9bPio",
"type": "video"
}
]
},
"D2ptX6ja_HvFEafMIzWOy": {
"title": "cat",
"description": "`cat` is a widely used command-line utility in UNIX and UNIX-like systems. It stands for \"concatenate\" which, as the name suggests, can be used to concatenate files, display file contents, or combine files. In the context of incident response and discovery tools, `cat` plays an essential role in quickly accessing and assessing the contents of various files that inform on security incidents and help users understand system data as well as potential threats.\n\nLearn more from the following resources:",
"links": [
{
"title": "Linux cat command",
"url": "https://phoenixnap.com/kb/linux-cat-command",
"type": "article"
},
{
"title": "The cat command",
"url": "https://www.youtube.com/shorts/lTOje2weu_o?app=desktop",
"type": "video"
}
]
},
"9xbU_hrEOUtMm-Q09Fe6t": {
"title": "dd",
"description": "`dd` is a powerful data duplication and forensic imaging tool that is widely used in the realm of cybersecurity. As an incident responder, this utility can assist you in uncovering important evidence and preserving digital details to reconstruct the event timelines and ultimately prevent future attacks.\n\nThis command-line utility is available on Unix-based systems such as Linux, BSD, and macOS. It can perform tasks like data duplication, data conversion, and error correction. Most importantly, it's an invaluable tool for obtaining a bit-by-bit copy of a disk or file, which can then be analyzed using forensic tools.\n\nLearn more from the following resources:",
"links": [
{
"title": "When and how to use the dd command",
"url": "https://www.baeldung.com/linux/dd-command",
"type": "article"
},
{
"title": "How to use the dd command in Linux",
"url": "https://www.youtube.com/watch?v=hsDxcJhCRLI",
"type": "video"
}
]
},
"VNmrb5Dm4UKUgL8JBfhnE": {
"title": "head",
"description": "`head` is a versatile command-line utility that enables users to display the first few lines of a text file, by default it shows the first 10 lines. In case of incident response and cyber security, it is a useful tool to quickly analyze logs or configuration files while investigating potential security breaches or malware infections in a system.\n\nLearn more from the following resources:",
"links": [
{
"title": "The Head and Tail commands in Linux",
"url": "https://www.baeldung.com/linux/head-tail-commands",
"type": "article"
},
{
"title": "Head and Tail commands",
"url": "https://www.youtube.com/watch?v=5EqL6Fc7NNw",
"type": "video"
}
]
},
"Dfz-6aug0juUpMmOJLCJ9": {
"title": "grep",
"description": "Grep is a powerful command-line tool used for searching and filtering text, primarily in Unix-based systems. Short for \"global regular expression print\", grep is widely used for its ability to search through files and directories, and find lines that match a given pattern. It is particularly useful for incident response and discovery tasks, as it helps you identify specific occurrences of potentially malicious activities within large amounts of log data.\n\nLearn more from the following resources:",
"links": [
{
"title": "grep command in Linux",
"url": "https://www.digitalocean.com/community/tutorials/grep-command-in-linux-unix",
"type": "article"
},
{
"title": "The grep command",
"url": "https://www.youtube.com/watch?v=Tc_jntovCM0",
"type": "video"
}
]
},
"Sm9bxKUElINHND8FdZ5f2": {
"title": "wireshark",
"description": "Wireshark is a powerful, open-source network protocol analyzer used for real-time packet capture and analysis. It allows users to examine network traffic at a microscopic level, capturing and interactively browsing the traffic running on a computer network. Wireshark can decode a wide variety of network protocols, making it an essential tool for network troubleshooting, security analysis, software and protocol development, and education. It provides a user-friendly graphical interface and offers features like deep inspection of hundreds of protocols, live capture and offline analysis, and the ability to read/write many different capture file formats. Wireshark is widely used by IT professionals, security experts, and developers for diagnosing network issues and understanding network communication.\n\nLearn more from the following resources:",
"links": [
{
"title": "Wireshark Website",
"url": "https://www.wireshark.org/",
"type": "article"
},
{
"title": "How to Use Wireshark: Comprehensive Tutorial + Tips",
"url": "https://www.varonis.com/blog/how-to-use-wireshark",
"type": "article"
},
{
"title": "How to use Wireshark",
"url": "https://www.youtube.com/watch?v=zWoHJ3oGRGY",
"type": "video"
}
]
},
"gNan93Mg9Ym2AF3Q2gqoi": {
"title": "winhex",
"description": "WinHex is a universal hexadecimal editor and disk editor primarily used for computer forensics and data recovery. It allows users to examine and edit the raw content of files, disks, or memory in hexadecimal and ASCII formats. WinHex provides advanced features for data analysis, including disk cloning, secure data erasure, and file system reconstruction. It supports various file systems and can work with physical disks, disk images, and RAM. Forensic experts use WinHex to investigate digital evidence, recover deleted files, and analyze data structures. While powerful, it requires careful use as it can directly manipulate raw data, potentially causing unintended changes to critical system files or data.\n\nLearn more from the following resources:",
"links": [
{
"title": "WinHex Website",
"url": "https://x-ways.net/winhex/",
"type": "article"
},
{
"title": "What is WinHex?",
"url": "https://www.lenovo.com/in/en/glossary/winhex/",
"type": "article"
}
]
},
"wspNQPmqWRjKoFm6x_bVw": {
"title": "memdump",
"description": "**memdump** is a tool or process used to capture the contents of a computer's physical memory (RAM) for analysis. This \"memory dump\" can be useful in digital forensics, debugging, or incident response to identify active processes, open files, network connections, or potentially malicious code running in memory. By analyzing a memory dump, security professionals can investigate malware, recover encryption keys, or gather evidence in case of a breach. Tools like `memdump` (Linux utility) or `DumpIt` (Windows) are commonly used to perform this process.\n\nLearn more from the following resources:",
"links": [
{
"title": "memdump",
"url": "https://www.kali.org/tools/memdump/",
"type": "article"
}
]
},
"_jJhL1RtaqHJmlcWrd-Ak": {
"title": "FTK Imager",
"description": "FTK Imager is a popular and widely used free imaging tool developed by AccessData. It allows forensic analysts and IT professionals to create forensic images of digital devices and storage media. It is ideal for incident response and discovery as it helps in preserving and investigating digital evidence that is crucial for handling cyber security incidents.\n\nLearn more from the following resources:",
"links": [
{
"title": "Create Forensic Images with Exterro FTK Imager",
"url": "https://www.exterro.com/digital-forensics-software/ftk-imager",
"type": "article"
},
{
"title": "Imaging a Directory Using FTK Imager",
"url": "https://www.youtube.com/watch?v=trWDlPif84o",
"type": "video"
}
]
},
"bIwpjIoxSUZloxDuQNpMu": {
"title": "autopsy",
"description": "Autopsy is a versatile and powerful open-source digital forensics platform that is primarily used for incident response, cyber security investigations, and data recovery. As an investigator, you can utilize Autopsy to quickly and efficiently analyze a compromised system, extract crucial artifacts, and generate comprehensive reports. Integrated with The Sleuth Kit and other plug-ins, Autopsy allows examiners to automate tasks and dig deep into a system's structure to discover the root cause of an incident.\n\nLearn more from the following resources:",
"links": [
{
"title": "Autopsy Website",
"url": "https://www.autopsy.com/",
"type": "article"
},
{
"title": "Disk analysis with Autopsy",
"url": "https://www.youtube.com/watch?v=o6boK9dG-Lc&t=236s",
"type": "video"
}
]
},
"XyaWZZ45axJMKXoWwsyFj": {
"title": "dig",
"description": "`dig`, short for the Domain Information Groper, is a powerful and flexible command-line tool used to perform DNS queries and obtain valuable information about domains, IPs, and DNS records. This utility, available on UNIX-based systems like Linux and macOS, provides an essential function to help diagnose and resolve various issues related to domain name resolution and network connectivity. It is highly useful for network administrators and cybersecurity professionals when troubleshooting DNS-related problems.\n\nLearn more from the following resources:",
"links": [
{
"title": "How to use Linux dig command",
"url": "https://www.google.com/search?client=firefox-b-d&q=linux+dig+command",
"type": "article"
},
{
"title": "How to look up DNS records with dig",
"url": "https://www.youtube.com/watch?v=3AOKomsmeUY",
"type": "video"
}
]
},
"762Wf_Eh-3zq69CZZiIjR": {
"title": "tail",
"description": "The tail command is a Unix/Linux utility used to display the last part of a file. By default, it shows the last 10 lines of a specified file. It's particularly useful for viewing recent entries in log files, monitoring file changes in real-time, and quickly checking the end of large text files. The command can be customized to display a different number of lines, and with the -f (follow) option, it can continuously update to show new lines as they're added to the file. This makes tail invaluable for system administrators and developers for real-time log monitoring, troubleshooting, and observing ongoing processes or application outputs.\n\nLearn more from the following resources:",
"links": [
{
"title": "tail man page",
"url": "https://man7.org/linux/man-pages/man1/tail.1.html",
"type": "article"
},
{
"title": "Linux Tail Command",
"url": "https://www.youtube.com/watch?v=7Y6Ho9JUxTE",
"type": "video"
}
]
},
"IXNGFF4sOFbQ_aND-ELK0": {
"title": "ipconfig",
"description": "`ipconfig` is a widely-used command-line utility for Windows operating systems that provides valuable information regarding a computer's network configuration. It can be extremely helpful for incident response and discovery tasks when investigating network-related issues, extracting crucial network details, or when trying to ascertain a machine's IP address.\n\nLearn more from the following resources:",
"links": [
{
"title": "ipconfig command",
"url": "https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/ipconfig",
"type": "article"
},
{
"title": "Understanding ipconfig",
"url": "https://www.whatismyip.com/ipconfig/",
"type": "article"
}
]
},
"jqWhR6oTyX6yolUBv71VC": {
"title": "Salting",
"description": "Salting is a crucial concept within the realm of cryptography. It is a technique employed to enhance the security of passwords or equivalent sensitive data by adding an extra layer of protection to safeguard them against hacking attempts, such as brute-force attacks or dictionary attacks.\n\nLearn more from the following resources:",
"links": [
{
"title": "What is salting?",
"url": "https://www.techtarget.com/searchsecurity/definition/salt",
"type": "article"
},
{
"title": "",
"url": "https://www.youtube.com/watch?v=PsIO0gxJF3g",
"type": "video"
}
]
},
"0UZmAECMnfioi-VeXcvg8": {
"title": "Hashing",
"description": "Hashing is a cryptographic process that converts input data of any size into a fixed-size string of characters, typically a hexadecimal number. This output, called a hash value or digest, is unique to the input data and serves as a digital fingerprint. Unlike encryption, hashing is a one-way process, meaning it's computationally infeasible to reverse the hash to obtain the original data. In cybersecurity, hashing is widely used for password storage, data integrity verification, and digital signatures. Common hashing algorithms include MD5 (now considered insecure), SHA-256, and bcrypt. Hashing helps detect unauthorized changes to data, as even a small alteration in the input produces a significantly different hash value. However, the strength of a hash function is crucial, as weak algorithms can be vulnerable to collision attacks, where different inputs produce the same hash, potentially compromising security measures relying on the uniqueness of hash values.\n\nLearn more from the following resources:",
"links": [
{
"title": "What is hashing and how does it work?",
"url": "https://www.techtarget.com/searchdatamanagement/definition/hashing",
"type": "article"
},
{
"title": "Hashing Explained",
"url": "https://www.youtube.com/watch?v=EOe1XUykdP4",
"type": "video"
}
]
},
"rmR6HJqEhHDgX55Xy5BAW": {
"title": "Key Exchange",
"description": "Key exchange is a cryptographic process through which two parties securely share encryption keys over a potentially insecure communication channel. This process is fundamental in establishing a secure communication session, such as in SSL/TLS protocols used for internet security. The most widely known key exchange method is the Diffie-Hellman key exchange, where both parties generate a shared secret key, which can then be used for encrypting subsequent communications. Another common method is the RSA key exchange, which uses public-key cryptography to securely exchange keys. The goal of key exchange is to ensure that only the communicating parties can access the shared key, which is then used to encrypt and decrypt messages, thereby protecting the confidentiality and integrity of the transmitted data.\n\nLearn more from the following resources:",
"links": [
{
"title": "Key Exchange",
"url": "https://nordvpn.com/cybersecurity/glossary/key-exchange/?srsltid=AfmBOoocoykou-7M3OHUQq7APIsGDVjOR8P6wIcIvNA2fgOt1620RZwG",
"type": "article"
},
{
"title": "Secret Key Exchange",
"url": "https://www.youtube.com/watch?v=NmM9HA2MQGI",
"type": "video"
}
]
},
"fxyJxrf3mnFTa3wXk1MCW": {
"title": "PKI",
"description": "**Public Key Infrastructure (PKI)** is a framework that manages digital certificates and public-private key pairs, enabling secure communication, authentication, and data encryption over networks. PKI supports various security services such as confidentiality, integrity, and digital signatures. It includes components like **Certificate Authorities (CAs)**, which issue and revoke digital certificates, **Registration Authorities (RAs)**, which verify the identity of certificate requestors, and **certificates** themselves, which bind public keys to individuals or entities. PKI is essential for secure online transactions, encrypted communications, and identity verification in applications like SSL/TLS, email encryption, and code signing.\n\nLearn more from the following resources:",
"links": [
{
"title": "What is PKI?",
"url": "https://cpl.thalesgroup.com/faq/public-key-infrastructure-pki/what-public-key-infrastructure-pki",
"type": "article"
}
]
},
"7svh9qaaPp0Hz23yinIye": {
"title": "Private vs Public Keys",
"description": "**Public keys** and **private keys** are cryptographic components used in asymmetric encryption.\n\n* **Public Key:** This key is shared openly and used to encrypt data or verify a digital signature. It can be distributed widely and is used by anyone to send encrypted messages to the key owner or to verify their digital signatures.\n \n* **Private Key:** This key is kept secret by the owner and is used to decrypt data encrypted with the corresponding public key or to create a digital signature. It must be protected rigorously to maintain the security of encrypted communications and authentication.\n \n\nTogether, they enable secure communications and authentication, where the public key encrypts or verifies, and the private key decrypts or signs.\n\nLearn more from the following resources:",
"links": [
{
"title": "SSH Keys Explained",
"url": "https://www.sectigo.com/resource-library/what-is-an-ssh-key",
"type": "article"
},
{
"title": "Public Key vs Private Key: How are they Different?",
"url": "https://venafi.com/blog/what-difference-between-public-key-and-private-key/",
"type": "article"
}
]
},
"kxlg6rpfqqoBfmMMg3EkJ": {
"title": "Obfuscation",
"description": "**Obfuscation** is the practice of deliberately making data, code, or communications difficult to understand or analyze, often to protect intellectual property or enhance security. In software development, obfuscation involves transforming code into a complex or less readable form to hinder reverse engineering or unauthorized access. This technique can include renaming variables and functions to meaningless labels, or altering code structure while preserving functionality. In security contexts, obfuscation can also involve disguising malicious payloads to evade detection by antivirus or security systems.\n\nLearn more from the following resources:",
"links": [
{
"title": "How does Obfuscation work?",
"url": "https://www.hypr.com/security-encyclopedia/obfuscation",
"type": "article"
},
{
"title": "Obfuscation - CompTIA Security+",
"url": "https://www.youtube.com/watch?v=LfuTMzZke4g",
"type": "video"
}
]
},
"auR7fNyd77W2UA-PjXeJS": {
"title": "ATT&CK",
"description": "MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. It provides a comprehensive matrix of attack methods used by threat actors, organized into tactics like initial access, execution, persistence, and exfiltration. This framework is widely used by cybersecurity professionals for threat modeling, improving defensive capabilities, and developing more effective security strategies. ATT&CK helps organizations understand attacker behavior, assess their security posture, and prioritize defenses against the most relevant threats.\n\nLearn more from the following resources:",
"links": [
{
"title": "MITRE ATT&CK®",
"url": "https://attack.mitre.org/",
"type": "article"
},
{
"title": "MITRE ATT&CK Framework",
"url": "https://www.youtube.com/watch?v=Yxv1suJYMI8",
"type": "video"
},
{
"title": "Introduction To The MITRE ATT&CK Framework",
"url": "https://www.youtube.com/watch?v=LCec9K0aAkM",
"type": "video"
}
]
},
"7Bmp4x6gbvWMuVDdGRUGj": {
"title": "Kill Chain",
"description": "The **Cyber Kill Chain** is a model that was developed by Lockheed Martin, a major aerospace, military support, and security company, to understand and prevent cyber intrusions in various networks and systems. It serves as a framework for breaking down the stages of a cyber attack, making it easier for security professionals to identify, mitigate, and prevent threats.\n\nThe concept is based on a military model, where the term \"kill chain\" represents a series of steps needed to successfully target and engage an adversary. In the context of cybersecurity, the model breaks down the stages of a cyber attack into seven distinct phases:\n\n* **Reconnaissance**: This initial phase involves gathering intelligence on the target, which may include researching public databases, performing network scans, or social engineering techniques.\n* **Weaponization**: In this stage, the attacker creates a weapon – such as a malware, virus, or exploit – and packages it with a delivery mechanism that can infiltrate the target's system.\n* **Delivery**: The attacker selects and deploys the delivery method to transmit the weapon to the target. Common methods include email attachments, malicious URLs, or infected software updates.\n* **Exploitation**: This is the phase where the weapon is activated, taking advantage of vulnerabilities in the target's systems or applications to execute the attacker's code.\n* **Installation**: Once the exploit is successful, the attacker installs the malware on the victim's system, setting the stage for further attacks or data exfiltration.\n* **Command and Control (C2)**: The attacker establishes a communication channel with the infected system, allowing them to remotely control the malware and conduct further actions.\n* **Actions on Objectives**: In this final phase, the attacker achieves their goal, which may involve stealing sensitive data, compromising systems, or disrupting services.\n\nLearn more from the following resources:",
"links": [
{
"title": "Cyber Kill Chain",
"url": "https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html",
"type": "article"
},
{
"title": "Learn the Cyber Kill Chain",
"url": "https://www.youtube.com/watch?v=oCUrkc_0tmw",
"type": "video"
}
]
},
"AY-hoPGnAZSd1ExaYX8LR": {
"title": "Diamond Model",
"description": "The Diamond Model is a cybersecurity framework used for analyzing and understanding cyber threats by breaking down an attack into four core components: Adversary, Infrastructure, Capability, and Victim. The Adversary represents the entity behind the attack, the Infrastructure refers to the systems and resources used by the attacker (such as command and control servers), the Capability denotes the tools or malware employed, and the Victim is the target of the attack. The model emphasizes the relationships between these components, helping analysts to identify patterns, track adversary behavior, and understand the broader context of cyber threats. By visualizing and connecting these elements, the Diamond Model aids in developing more effective detection, mitigation, and response strategies.\n\nLearn more from the following resources:",
"links": [
{
"title": "The Diamond Model: Simple Intelligence-Driven Intrusion Analysis",
"url": "https://kravensecurity.com/diamond-model-analysis/",
"type": "article"
},
{
"title": "The Diamond Model for Intrusion Detection",
"url": "https://www.youtube.com/watch?v=3AOKomsmeUY",
"type": "video"
}
]
},
"oRssaVG-K-JwlL6TAHhXw": {
"title": "ISO",
"description": "The International Organization for Standardization (ISO) is an international standard-setting body composed of representatives from various national standards organizations. It promotes worldwide proprietary, industrial, and commercial standards. In the domain of cyber security, there are several important ISO standards that help organizations to protect their sensitive data and to be resilient against cyber threats.\n\nLearn more from the following resources:",
"links": [
{
"title": "ISO Website",
"url": "https://www.iso.org/home.html",
"type": "article"
},
{
"title": "What is the ISO?",
"url": "https://www.techtarget.com/searchdatacenter/definition/ISO#:~:text=ISO%20(International%20Organization%20for%20Standardization)%20is%20a%20worldwide,federation%20of%20national%20standards%20bodies.",
"type": "article"
}
]
},
"SOkJUTd1NUKSwYMIprv4m": {
"title": "NIST",
"description": "**NIST (National Institute of Standards and Technology)** is a U.S. federal agency that develops and promotes measurement standards, technology, and best practices. In the context of cybersecurity, NIST provides widely recognized guidelines and frameworks, such as the **NIST Cybersecurity Framework (CSF)**, which offers a structured approach to managing and mitigating cybersecurity risks. NIST also publishes the **NIST Special Publication (SP) 800 series**, which includes standards and guidelines for securing information systems, protecting data, and ensuring system integrity. These resources are essential for organizations seeking to enhance their security posture and comply with industry regulations.\n\nLearn more from the following resources:",
"links": [
{
"title": "NIST Website",
"url": "https://www.nist.gov/",
"type": "article"
},
{
"title": "What is NIST?",
"url": "https://www.encryptionconsulting.com/education-center/nist/",
"type": "article"
}
]
},
"fjEdufrZAfW4Rl6yDU8Hk": {
"title": "RMF",
"description": "A **Risk Management Framework (RMF)** is a structured approach that organizations use to identify, assess, manage, and mitigate risks. It provides a systematic process to ensure that risks are effectively controlled and aligned with the organization's objectives. Key components include:\n\n1. **Risk Identification:** Identifying potential internal and external risks that could impact the organization.\n2. **Risk Assessment:** Evaluating the likelihood and impact of identified risks.\n3. **Risk Mitigation:** Developing strategies to reduce or eliminate risks, such as controls, policies, and contingency plans.\n4. **Risk Monitoring:** Continuously tracking risks and the effectiveness of mitigation measures.\n5. **Communication and Reporting:** Regularly updating stakeholders on the risk status and actions taken.\n6. **Review and Improvement:** Periodically reassessing the framework and adapting to changes in the business or regulatory environment.\n\nThe RMF ensures that risks are managed proactively and consistently across the organization, helping to safeguard assets and support strategic decision-making.\n\nLearn more from the following resources:",
"links": [
{
"title": "What is the Risk Management Framework?",
"url": "https://www.techtarget.com/searchcio/definition/Risk-Management-Framework-RMF",
"type": "article"
},
{
"title": "RMF explained in 5 minutes",
"url": "https://www.youtube.com/watch?v=X5yqPFp__rc",
"type": "video"
}
]
},
"sSihnptkoEqUsHjDpckhG": {
"title": "CIS",
"description": "The **Center for Internet Security (CIS)** is a non-profit organization that focuses on enhancing the cybersecurity posture of individuals, organizations, and governments around the world. CIS offers various tools, best practices, guidelines, and frameworks that help in defending against common cyber threats.\n\nLearn more from the following resources:",
"links": [
{
"title": "CIS Website",
"url": "https://www.cisecurity.org/",
"type": "article"
},
{
"title": "CIS Overview",
"url": "https://www.youtube.com/watch?v=f-Z7h5dI6uQ",
"type": "video"
}
]
},
"HjfgaSEZjW9BOXy_Ixzkk": {
"title": "CSF",
"description": "The Cybersecurity Framework (CSF) is a set of guidelines aimed at helping organizations better protect their critical infrastructure from cyber threats. Developed by the National Institute of Standards and Technology (NIST), this voluntary framework provides a flexible, risk-based approach to managing cybersecurity risks.\n\nLearn more from the following resources:",
"links": [
{
"title": "NIST Cybersecurity Framework",
"url": "https://www.nist.gov/cyberframework",
"type": "article"
},
{
"title": "NIST Cybersecurity Framework Explained",
"url": "https://www.youtube.com/watch?v=_KXqDNVmpu8",
"type": "video"
}
]
},
"c2kY3wZVFKZYxMARhLIwO": {
"title": "SIEM",
"description": "SIEM, short for Security Information and Event Manager, is a term used to describe tools that greatly increases visibility into a network or system. It does this by monitoring, filtering, collecting, normalizing, and correlating vast amounts of data such as logs, and neatly presents it via an interface/dashboard. Organizations leverage SIEMs to monitor and thus identify, protect, and respond to potential threats in their environment. For hands-on experience, you should consider setting up a SIEM in your own environment. There are some commercial tools that you can try out for free, and there are also open source alternatives, such as Wazuh or LevelBlue OSSIM (AlienVault).\n\nVisit the following resources to learn more:",
"links": [
{
"title": "Security 101: What is a SIEM? - Microsoft",
"url": "https://www.microsoft.com/security/business/security-101/what-is-siem",
"type": "article"
},
{
"title": "SIEM Explained - Professor Messer",
"url": "https://www.youtube.com/watch?v=JEcETdy5WxU",
"type": "video"
},
{
"title": "Wazuh | Open source SIEM",
"url": "https://www.youtube.com/watch?v=3CaG2GI1kn0",
"type": "video"
},
{
"title": "Splunk | The Complete Beginner Tutorial",
"url": "https://www.youtube.com/playlist?list=PLY2f3p7xyMiTUbUo0A_lBFEwj6KdH0nFy",
"type": "video"
},
{
"title": "Elastic Security | Build a powerful home SIEM",
"url": "https://www.youtube.com/watch?v=2XLzMb9oZBI",
"type": "video"
}
]
},
"i0ulrA-GJrNhIVmzdWDrn": {
"title": "SOAR",
"description": "SOAR (Security Orchestration, Automation, and Response) is a set of software solutions and tools that enable organizations to streamline security operations. It combines three key capabilities: orchestration of security tools, automation of repetitive tasks, and intelligent incident response. SOAR platforms integrate with existing security tools, automate workflow processes, and provide case management features. They help security teams respond faster to incidents, reduce manual workload, standardize response procedures, and improve overall incident management efficiency. SOAR solutions are particularly valuable in managing the high volume of security alerts in modern environments, helping prioritize threats and coordinate responses across multiple tools and teams.\n\nLearn more from the following resources:",
"links": [
{
"title": "What is SOAR?",
"url": "https://www.paloaltonetworks.co.uk/cyberpedia/what-is-soar",
"type": "article"
},
{
"title": "What is SOAR (Security, Orchestration, Automation & Response)",
"url": "https://www.youtube.com/watch?v=k7ju95jDxFA",
"type": "video"
}
]
},
"zR6djXnfTSFVEfvJonQjf": {
"title": "ParrotOS",
"description": "ParrotOS is a Debian-based Linux distribution designed for security, privacy, and development. It includes a comprehensive suite of tools for penetration testing, digital forensics, and vulnerability assessment, making it popular among cybersecurity professionals and ethical hackers. ParrotOS also features privacy-focused applications and settings, and it provides an environment for developers and privacy-conscious users to work securely.\n\nVisit the following resources to learn more:",
"links": [
{
"title": "ParrotOS",
"url": "https://parrotsec.org/",
"type": "article"
}
]
},
"w6wXkoLrv0_d-Ah0txUHd": {
"title": "Kali Linux",
"description": "Kali Linux is a specialized Linux distribution that is designed for penetration testing, security auditing, and related information security tasks. Originating from the Debian distribution, Kali Linux is equipped with a vast array of tools that are used for ethical hacking purposes. It is an open-source project that provides users with the means to test the security of systems and networks by simulating attacks in a controlled environment.\n\nWith over 600 pre-installed penetration-testing programs, Kali Linux offers tools for various security-related tasks, such as network analysis, vulnerability scanning, and forensic analysis. Its development is overseen by Offensive Security, a company known for their contributions to the field of information security. Kali Linux is highly customizable, allowing users to tailor the system to their specific needs, and supports a wide range of hardware platforms. It is a powerful resource for professionals in the cybersecurity field, as well as for those who are passionate about learning and practicing ethical hacking techniques.",
"links": [
{
"title": "Kali Linux",
"url": "https://www.kali.org/",
"type": "article"
}
]
},
"10qbxX8DCrfyH7tgYexxQ": {
"title": "LOLBAS",
"description": "**LOLBAS** (Living Off the Land Binaries and Scripts) refers to a collection of legitimate system binaries and scripts that can be abused by attackers to perform malicious actions while evading detection. These tools, which are often part of the operating system or installed software, can be leveraged for various purposes, such as executing commands, accessing data, or modifying system configurations, thereby allowing attackers to carry out their activities without deploying custom malware. The use of LOLBAS techniques makes it harder for traditional security solutions to detect and prevent malicious activities since the binaries and scripts used are typically trusted and deemed legitimate.\n\nLearn more from the following resources:",
"links": [
{
"title": "LOLBAS project",
"url": "https://lolbas-project.github.io/#",
"type": "article"
},
{
"title": "Understanding the risks of LOLBAS in security",
"url": "https://pentera.io/blog/the-lol-isnt-so-funny-when-it-bites-you-in-the-bas/",
"type": "article"
},
{
"title": "LOLBAS T1105, MS Process Abuse",
"url": "https://www.youtube.com/watch?v=fq2_VvAU29g",
"type": "video"
}
]
},
"KbFwL--xF-eYjGy8PZdrM": {
"title": "Event Logs",
"description": "Event logs are digital records that document activities and occurrences within computer systems and networks. They serve as a crucial resource for cybersecurity professionals, providing a chronological trail of system operations, user actions, and security-related events. These logs capture a wide range of information, including login attempts, file access, system changes, and application errors. In the context of security, event logs play a vital role in threat detection, incident response, and forensic analysis. They help identify unusual patterns, track potential security breaches, and reconstruct the sequence of events during an attack. Effective log management involves collecting logs from various sources, securely storing them, and implementing tools for log analysis and correlation. However, the sheer volume of log data can be challenging to manage, requiring advanced analytics and automation to extract meaningful insights and detect security incidents in real-time.\n\nLearn more from the following resources:",
"links": [
{
"title": "What is an event log?",
"url": "https://www.crowdstrike.com/cybersecurity-101/observability/event-log/",
"type": "article"
},
{
"title": "What are event logs and why do they matter?",
"url": "https://www.blumira.com/blog/what-are-event-logs-and-why-do-they-matter",
"type": "article"
}
]
},
"7oFwRkmoZom8exMDtMslX": {
"title": "syslogs",
"description": "Syslog is a standard protocol used for message logging in computer systems, particularly in Unix-like environments. It allows separation of the software that generates messages, the system that stores them, and the software that reports and analyzes them. Syslog messages typically include information about system events, security incidents, and application statuses, categorized by facility and severity level. These logs are crucial for system administration, troubleshooting, security monitoring, and compliance. Many network devices and applications support syslog, enabling centralized log management. Syslog data can be stored locally or sent to remote servers for aggregation and analysis, playing a vital role in maintaining system health, detecting anomalies, and conducting forensic investigations.\n\nLearn more from the following resources:",
"links": [
{
"title": "What is syslog?",
"url": "https://www.solarwinds.com/resources/it-glossary/syslog",
"type": "article"
},
{
"title": "Free CCNA | Syslog",
"url": "https://www.youtube.com/watch?v=RaQPSKQ4J5A",
"type": "video"
}
]
},
"xXz-SwvXA2cLfdCd-hLtW": {
"title": "netflow",
"description": "**NetFlow** is a network protocol developed by Cisco for collecting and analyzing network traffic data. It provides detailed information about network flows, including the source and destination IP addresses, ports, and the amount of data transferred. NetFlow data helps network administrators monitor traffic patterns, assess network performance, and identify potential security threats. By analyzing flow data, organizations can gain insights into bandwidth usage, detect anomalies, and optimize network resources. NetFlow is widely supported across various network devices and often integrated with network management and security tools for enhanced visibility and control.\n\nLearn more from the following resources:",
"links": [
{
"title": "Cisco NetFlow Website",
"url": "https://www.cisco.com/c/en/us/products/ios-nx-os-software/ios-netflow/index.html",
"type": "article"
},
{
"title": "What is NetFlow?",
"url": "https://www.youtube.com/watch?v=aqTpUmUibB8",
"type": "video"
}
]
},
"TIxEkfBrN6EXQ3IKP1B7u": {
"title": "Packet Captures",
"description": "**Packet captures** involve recording and analyzing network traffic data packets as they travel across a network. This process allows network administrators and security professionals to inspect the content of packets, including headers and payloads, to diagnose network issues, monitor performance, and detect suspicious activities. Packet captures are typically performed using tools like Wireshark or tcpdump, which collect and store packets for later examination. This analysis helps in understanding network behavior, troubleshooting problems, and identifying security threats or vulnerabilities.\n\nLearn more from the following resources:",
"links": [
{
"title": "Packet Capture: What is it and What You Need to Know",
"url": "https://www.varonis.com/blog/packet-capture",
"type": "article"
},
{
"title": "Wireshark Tutorial for Beginners",
"url": "https://www.youtube.com/watch?v=qTaOZrDnMzQ",
"type": "video"
}
]
},
"np0PwKy-EvIa_f_LC6Eem": {
"title": "Firewall Logs",
"description": "Firewall logs are detailed records of network traffic and security events captured by firewall devices. These logs provide crucial information about connection attempts, allowed and blocked traffic, and potential security incidents. They typically include data such as source and destination IP addresses, ports, protocols, timestamps, and the action taken by the firewall. Security professionals analyze these logs to monitor network activity, detect unusual patterns, investigate security breaches, and ensure policy compliance. Firewall logs are essential for troubleshooting network issues, optimizing security rules, and conducting forensic analysis after an incident. However, the volume of log data generated can be overwhelming, necessitating the use of log management tools and security information and event management (SIEM) systems to effectively process, correlate, and derive actionable insights from the logs. Regular review and analysis of firewall logs are critical practices in maintaining a robust security posture and responding promptly to potential threats.\n\nLearn more from the following resources:",
"links": [
{
"title": "What is firewall logging and why is it important?",
"url": "https://cybriant.com/what-is-firewall-logging-and-why-is-it-important/",
"type": "article"
},
{
"title": "Reviewing firewall logs",
"url": "https://www.youtube.com/watch?v=XiJ30f8V_T4",
"type": "video"
}
]
},
"OAukNfV5T0KTnIF9jKYRF": {
"title": "MAC-based",
"description": "**Mandatory Access Control (MAC)** is a security model in which access to resources is governed by predefined policies set by the system or organization, rather than by individual users. In MAC, access decisions are based on security labels or classifications assigned to both users and resources, such as sensitivity levels or clearance levels. Users cannot change these access controls; they are enforced by the system to maintain strict security standards and prevent unauthorized access. MAC is often used in high-security environments, such as government or military systems, to ensure that data and resources are accessed only by individuals with appropriate authorization.\n\nLearn more from the following resources:",
"links": [
{
"title": "What is Mandatory Access Control?",
"url": "https://nordlayer.com/learn/access-control/mandatory-access-control/",
"type": "article"
},
{
"title": "Mandatory Access Control (MAC) Models",
"url": "https://www.youtube.com/watch?v=mNN-fEboRAA",
"type": "video"
}
]
},
"6oAzYfwsHQYNVbi7c2Tly": {
"title": "NAC-based",
"description": "Network Access Control (NAC) based hardening is a crucial component in enhancing the security of your network infrastructure. NAC provides organizations with the ability to control and manage access to the network resources, ensuring that only authorized users and devices can connect to the network. It plays a vital role in reducing the attack surface and preventing unauthorized access to sensitive data and resources. By implementing NAC-based hardening in your cybersecurity strategy, you protect your organization from threats and maintain secure access to critical resources.\n\nLearn more from the following resouces:",
"links": [
{
"title": "What is Network Access Control",
"url": "https://www.fortinet.com/resources/cyberglossary/what-is-network-access-control",
"type": "article"
},
{
"title": "Network Access Control",
"url": "https://www.youtube.com/watch?v=hXeFJ05J4pQ",
"type": "video"
}
]
},
"W7bcydXdwlubXF2PHKOuq": {
"title": "Port Blocking",
"description": "Port blocking is an essential practice in hardening the security of your network and devices. It involves restricting, filtering, or entirely denying access to specific network ports to minimize exposure to potential cyber threats. By limiting access to certain ports, you can effectively safeguard your systems against unauthorized access and reduce the likelihood of security breaches.\n\nLearn more from the following resources:",
"links": [
{
"title": "What is port blocking with LAN?",
"url": "https://www.geeksforgeeks.org/what-is-port-blocking-within-lan/",
"type": "article"
}
]
},
"FxuMJmDoDkIsPFp2iocFg": {
"title": "Group Policy",
"description": "_Group Policy_ is a feature in Windows operating systems that enables administrators to define and manage configurations, settings, and security policies for various aspects of the users and devices in a network. This capability helps you to establish and maintain a consistent and secure environment, which is crucial for organizations of all sizes.\n\nGroup Policy works by maintaining a hierarchy of _Group Policy Objects_ (GPOs), which contain multiple policy settings. GPOs can be linked to different levels of the Active Directory (AD) structure, such as domain, site, and organizational unit (OU) levels. By linking GPOs to specific levels, you can create an environment in which different settings are applied to different groups of users and computers, depending on their location in the AD structure.\n\nWhen a user logs in or a computer starts up, the relevant GPOs from the AD structure get evaluated to determine the final policy settings. GPOs are processed in a specific order — local, site, domain, and OUs, with the latter having the highest priority. This order ensures that you can have a baseline set of policies at the domain level, with more specific policies applied at the OU level, as needed.\n\nLearn more from the following resources:",
"links": [
{
"title": "Group Policy overview",
"url": "https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/hh831791(v=ws.11)",
"type": "article"
},
{
"title": "Learn Windows Group Policy the easy way!",
"url": "https://www.youtube.com/watch?v=rEhTzP-ScBo",
"type": "video"
}
]
},
"8JM95sonFUhZCdaynUA_M": {
"title": "ACLs",
"description": "An Access Control List (ACL) is a security mechanism used to define which users or system processes are granted access to objects, such as files, directories, or network resources, and what operations they can perform on those objects. ACLs function by maintaining a list of permissions attached to each object, specifying the access rights of various entities—like users, groups, or network traffic—thereby providing fine-grained control over who can read, write, execute, or modify the resources. This method is essential in enforcing security policies, reducing unauthorized access, and ensuring that only legitimate users can interact with sensitive data or systems.\n\nLearn more from the following resources:",
"links": [
{
"title": "Access Control List: Definition, Types & Usages",
"url": "https://www.okta.com/uk/identity-101/access-control-list/",
"type": "article"
},
{
"title": "Access Control Lists",
"url": "https://www.youtube.com/watch?v=IwLyr0mKK1w",
"type": "video"
}
]
},
"oFgyQYL3Ws-l7B5AF-bTR": {
"title": "Sinkholes",
"description": "A sinkhole in cybersecurity is a method used to redirect malicious Internet traffic away from its intended destination to a designated server or IP address controlled by a security team or researcher. This technique is often employed to combat botnets, malware, and other cyber threats. By redirecting traffic to a sinkhole, analysts can monitor and analyze malicious activities, prevent further spread of threats, and gather intelligence on attack patterns. Sinkholes are particularly useful in disrupting command and control communications of botnets, effectively neutralizing their ability to receive instructions or exfiltrate data. This approach is a critical tool in large-scale threat mitigation and cyber defense strategies.\n\nLearn more from the following resources:",
"links": [
{
"title": "DNS Sinkholes: What is it and how to start using",
"url": "https://www.threatintelligence.com/blog/dns-sinkhole",
"type": "article"
}
]
},
"e-MDyUR3GEv-e4Qsx_5vV": {
"title": "Patching",
"description": "**Patching** refers to the process of updating software or systems with fixes or improvements to address security vulnerabilities, bugs, or performance issues. This involves applying patches—small pieces of code provided by software vendors or developers—to close security gaps, resolve operational problems, and enhance functionality. Regular patching is crucial for maintaining system security and stability, protecting against exploits, and ensuring that systems remain compliant with security standards and best practices.\n\nLearn more from the following resources:",
"links": [
{
"title": "What is Patch Management?",
"url": "https://www.ibm.com/topics/patch-management",
"type": "article"
},
{
"title": "What Is Patch Management, and Why Does Your Company Need It?",
"url": "https://www.youtube.com/watch?v=O5XXlJear0w",
"type": "video"
}
]
},
"UF3BV1sEEOrqh5ilnfM1B": {
"title": "Jump Server",
"description": "A **jump server**, also known as a **bastion host** or **jump host**, is a critical security component in many network architectures. It is a dedicated, locked-down, and secure server that sits within a protected network, and provides a controlled access point for users and administrators to access specific components within the system. This intermediate server acts as a bridge between untrusted networks and the internal privileged systems, thereby reducing the attack surface and securing the environment.\n\nLearn more from the following resources:",
"links": [
{
"title": "What is a jump server?",
"url": "https://www.ssh.com/academy/iam/jump-server",
"type": "article"
},
{
"title": "What is a bastion host and why is it so important?",
"url": "https://www.youtube.com/watch?v=pI6glWVEkcY",
"type": "video"
}
]
},
"LEgJtu1GZKOtoAXyOGWLE": {
"title": "Endpoint Security",
"description": "Endpoint security focuses on protecting individual devices that connect to a network, such as computers, smartphones, tablets, and IoT devices. It's a critical component of modern cybersecurity strategy, as endpoints often serve as entry points for cyberattacks. This approach involves deploying and managing security software on each device, including antivirus programs, firewalls, and intrusion detection systems. Advanced endpoint protection solutions may incorporate machine learning and behavioral analysis to detect and respond to novel threats. Endpoint security also encompasses patch management, device encryption, and access controls to mitigate risks associated with lost or stolen devices. As remote work and bring-your-own-device (BYOD) policies become more prevalent, endpoint security has evolved to include cloud-based management and zero-trust architectures, ensuring that security extends beyond the traditional network perimeter to protect data and systems regardless of device location or ownership.\n\nLearn more from the following resources:",
"links": [
{
"title": "What is Endpoint Security?",
"url": "https://www.crowdstrike.com/cybersecurity-101/endpoint-security/",
"type": "article"
},
{
"title": "Endpoints are the IT frontdoor - Gaurd them!",
"url": "https://www.youtube.com/watch?v=Njqid_JpqTs",
"type": "video"
}
]
},
"9Z6HPHPj4escSVDWftFEx": {
"title": "FTP vs SFTP",
"description": "File Transfer Protocol (FTP) and Secure File Transfer Protocol (SFTP) are both used for transferring files over networks, but they differ significantly in terms of security. FTP is an older protocol that transmits data in plain text, making it vulnerable to interception and unauthorized access. It typically uses separate connections for commands and data transfer, operating on ports 20 and 21. SFTP, on the other hand, is a secure version that runs over the SSH protocol, encrypting both authentication credentials and file transfers. It uses a single connection on port 22, providing better firewall compatibility. SFTP offers stronger authentication methods and integrity checking, making it the preferred choice for secure file transfers in modern networks. While FTP is simpler and may be faster in some scenarios, its lack of built-in encryption makes it unsuitable for transmitting sensitive information, leading many organizations to adopt SFTP or other secure alternatives to protect their data during transit.\n\nLearn more from the following resources:",
"links": [
{
"title": "FTP defined and explained",
"url": "https://www.fortinet.com/resources/cyberglossary/file-transfer-protocol-ftp-meaning",
"type": "article"
},
{
"title": "How to use SFTP commands",
"url": "https://www.youtube.com/watch?v=22lBJIfO9qQ",
"type": "video"
}
]
},
"6ILPXeUDDmmYRiA_gNTSr": {
"title": "SSL vs TLS",
"description": "**SSL (Secure Sockets Layer)** is a cryptographic protocol used to secure communications by encrypting data transmitted between clients and servers. SSL establishes a secure connection through a process known as the handshake, during which the client and server agree on cryptographic algorithms, exchange keys, and authenticate the server with a digital certificate. SSL’s security is considered weaker compared to its successor, TLS, due to vulnerabilities in its older encryption methods and lack of modern cryptographic techniques.\n\n**TLS (Transport Layer Security)** improves upon SSL by using stronger encryption algorithms, more secure key exchange mechanisms, and enhanced certificate validation. Like SSL, TLS begins with a handshake where the client and server agree on a protocol version and cipher suite, exchange keys, and verify certificates. However, TLS incorporates additional features like Perfect Forward Secrecy (PFS) and more secure hashing algorithms, making it significantly more secure than SSL for modern communications.\n\nLearn more from the following resources:",
"links": [
{
"title": "What’s the Difference Between SSL and TLS?",
"url": "https://aws.amazon.com/compare/the-difference-between-ssl-and-tls/",
"type": "article"
},
{
"title": "TLS vs SSL - What's the Difference?",
"url": "https://www.youtube.com/watch?v=J7fI_jH7L84",
"type": "video"
}
]
},
"gNFVtBxSYP5Uw3o3tlJ0M": {
"title": "IPSEC",
"description": "IPSec, which stands for Internet Protocol Security, is a suite of protocols used to secure Internet communications by encrypting and authenticating IP packets. It is commonly utilized in Virtual Private Networks (VPNs) to ensure that data transmitted over public networks is not accessible to unauthorized individuals. IPSec operates by encrypting data at the source and decrypting it at the destination, maintaining the confidentiality and integrity of the data while in transit. Additionally, it provides authentication, ensuring that the data is being sent and received by the intended parties. This protocol suite is versatile as it can be used with both IPv4 and IPv6 networks, making it a fundamental component for secure online communication.",
"links": [
{
"title": "What is IPSec?",
"url": "https://www.cloudflare.com/en-gb/learning/network-layer/what-is-ipsec/",
"type": "article"
},
{
"title": "IP Sec VPN Fundamentals",
"url": "https://www.youtube.com/watch?v=15amNny_kKI",
"type": "video"
}
]
},
"LLGXONul7JfZGUahnK0AZ": {
"title": "DNSSEC",
"description": "DNS Security Extensions (DNSSEC) is a suite of protocols designed to add a layer of security to the Domain Name System (DNS) by enabling DNS responses to be authenticated. While DNS itself resolves domain names into IP addresses, it does not inherently verify the authenticity of the responses, leaving it vulnerable to attacks like cache poisoning, where an attacker injects malicious data into a DNS resolver’s cache. DNSSEC addresses this by using digital signatures to ensure that the data received is exactly what was intended by the domain owner and has not been tampered with during transit. When a DNS resolver requests information, DNSSEC-enabled servers respond with both the requested data and a corresponding digital signature. The resolver can then verify this signature using a chain of trust, ensuring the integrity and authenticity of the DNS response. By protecting against forged DNS data, DNSSEC plays a critical role in enhancing the security of internet communications.\n\nLearn more from the following resources:",
"links": [
{
"title": "How DNSSEC works",
"url": "https://www.cloudflare.com/en-gb/dns/dnssec/how-dnssec-works/",
"type": "article"
},
{
"title": "What is DNSSEC?",
"url": "https://www.youtube.com/watch?v=Fk2oejzgSVQ",
"type": "video"
}
]
},
"z_fDvTgKw51Uepo6eMQd9": {
"title": "LDAPS",
"description": "LDAPS (Lightweight Directory Access Protocol Secure) is a secure version of the Lightweight Directory Access Protocol (LDAP), which is used to access and manage directory services over a network. LDAP is commonly employed for user authentication, authorization, and management in environments like Active Directory, where it helps manage access to resources such as applications and systems. LDAPS adds security by encrypting LDAP traffic using SSL/TLS (Secure Sockets Layer/Transport Layer Security) protocols, protecting sensitive information like usernames, passwords, and directory data from being intercepted or tampered with during transmission. This encryption ensures data confidentiality and integrity, making LDAPS a preferred choice for organizations that require secure directory communication.\n\nBy using LDAPS, organizations can maintain the benefits of LDAP while ensuring that sensitive directory operations are protected from potential eavesdropping or man-in-the-middle attacks on the network.\n\nLearn more from the following resources:",
"links": [
{
"title": "How to enable LDAPS",
"url": "https://www.dell.com/support/kbdoc/en-uk/000212661/how-to-enable-secure-lightweight-directory-access-protocol-ldaps-on-an-active-directory-domain-controller",
"type": "article"
},
{
"title": "LDAP vs LDAPS - Whats the difference?",
"url": "https://www.youtube.com/watch?v=J2qtayKzMmA",
"type": "video"
}
]
},
"_9lQSG6fn69Yd9rs1pQdL": {
"title": "SRTP",
"description": "SRTP (Secure Real-time Transport Protocol) is a security-enhanced version of the Real-time Transport Protocol (RTP) used for voice and video communication over IP networks. It provides encryption, message authentication, and integrity for RTP data in unicast and multicast applications. SRTP is designed to ensure the confidentiality of media streams and protect against eavesdropping, tampering, and replay attacks in Voice over IP (VoIP) and video conferencing systems. It uses AES encryption for confidentiality and HMAC-SHA1 for authentication. SRTP is widely used in secure communication applications, including SIP-based VoIP systems and WebRTC, to protect sensitive audio and video transmissions across potentially untrusted networks.\n\nLearn more from the following resources:",
"links": [
{
"title": "SRTP (Secure RTP)",
"url": "https://developer.mozilla.org/en-US/docs/Glossary/RTP",
"type": "article"
}
]
},
"9rmDvycXFcsGOq3v-_ziD": {
"title": "S/MIME",
"description": "S/MIME (Secure/Multipurpose Internet Mail Extensions) is a protocol for sending digitally signed and encrypted messages. It provides end-to-end encryption and authentication for email communications. S/MIME uses public key cryptography to ensure message confidentiality, integrity, and non-repudiation. It allows users to verify the sender's identity and ensures that the message hasn't been tampered with during transmission. S/MIME is widely supported by major email clients and is commonly used in corporate environments to secure sensitive communications. While it offers strong security, its adoption can be limited by the need for certificate management and the complexity of key exchange processes.\n\nLearn more from the following resources:",
"links": [
{
"title": "S/MIME for message signing and encryption in Exchange Online",
"url": "https://learn.microsoft.com/en-us/exchange/security-and-compliance/smime-exo/smime-exo",
"type": "article"
},
{
"title": "S/MIME - Secure MIME protocol - Functions, Services",
"url": "https://www.youtube.com/watch?v=0hzmoB7yYfw",
"type": "video"
}
]
},
"3140n5prZYySsuBHjqGOJ": {
"title": "Antivirus",
"description": "Antivirus software is a specialized program designed to detect, prevent, and remove malicious software, such as viruses, worms, and trojans, from computer systems. It works by scanning files and programs for known malware signatures, monitoring system behavior for suspicious activity, and providing real-time protection against potential threats. Regular updates are essential for antivirus software to recognize and defend against the latest threats. While it is a critical component of cybersecurity, antivirus solutions are often part of a broader security strategy that includes firewalls, anti-malware tools, and user education to protect against a wide range of cyber threats.\n\nLearn more from the following resources:",
"links": [
{
"title": "What is antivirus software?",
"url": "https://www.webroot.com/gb/en/resources/tips-articles/what-is-anti-virus-software",
"type": "article"
},
{
"title": "What is an antivirus and how does it keep us safe?",
"url": "https://www.youtube.com/watch?v=jW626WMWNAE",
"type": "video"
}
]
},
"9QtY1hMJ7NKLFztYK-mHY": {
"title": "Antimalware",
"description": "Anti-malware is a type of software designed to detect, prevent, and remove malicious software, such as viruses, worms, trojans, ransomware, and spyware, from computer systems. By continuously scanning files, applications, and incoming data, anti-malware solutions protect devices from a wide range of threats that can compromise system integrity, steal sensitive information, or disrupt operations. Advanced anti-malware programs utilize real-time monitoring, heuristic analysis, and behavioral detection techniques to identify and neutralize both known and emerging threats, ensuring that systems remain secure against evolving cyber attacks.\n\nLearn more from the following resources:",
"links": [
{
"title": "What is antimalware?",
"url": "https://riskxchange.co/1006974/cybersecurity-what-is-anti-malware/",
"type": "article"
},
{
"title": "How Does Antivirus and Antimalware Software Work?",
"url": "https://www.youtube.com/watch?v=bTU1jbVXlmM",
"type": "video"
}
]
},
"QvHWrmMzO8IvNQ234E_wf": {
"title": "EDR",
"description": "Endpoint Detection and Response (EDR) is a cybersecurity technology that provides continuous monitoring and response to threats at the endpoint level. It is designed to detect, investigate, and mitigate suspicious activities on endpoints such as laptops, desktops, and mobile devices. EDR solutions log and analyze behaviors on these devices to identify potential threats, such as malware or ransomware, that have bypassed traditional security measures like antivirus software. This technology equips security teams with the tools to quickly respond to and contain threats, minimizing the risk of a security breach spreading across the network. EDR systems are an essential component of modern cybersecurity strategies, offering advanced protection by utilizing real-time analytics, AI-driven automation, and comprehensive data recording.\n\nLearn more from the following resources:",
"links": [
{
"title": "What is Endpoint Detection and Response?",
"url": "https://www.crowdstrike.com/cybersecurity-101/endpoint-security/endpoint-detection-and-response-edr/",
"type": "article"
},
{
"title": "What is Endpoint Detection and Response (EDR)? - IBM",
"url": "https://www.youtube.com/watch?v=55GaIolVVqI",
"type": "video"
}
]
},
"iolsTC-63d_1wzKGul-cT": {
"title": "DLP",
"description": "Data Loss Prevention (DLP) refers to a set of strategies, tools, and processes used by organizations to ensure that sensitive data is not lost, accessed, or misused by unauthorized users. DLP solutions monitor, detect, and block the movement of critical information outside an organization’s network, helping to prevent data breaches, leaks, and other security incidents.\n\nVisit the following resources to learn more:",
"links": [
{
"title": "What is data loss prevention (DLP)?",
"url": "https://www.techtarget.com/whatis/definition/data-loss-prevention-DLP",
"type": "article"
},
{
"title": "What is DLP (data loss prevention)?",
"url": "https://www.cloudflare.com/es-es/learning/access-management/what-is-dlp/",
"type": "article"
}
]
},
"35oCRzhzpVfitQPL4K9KC": {
"title": "ACL",
"description": "An Access Control List (ACL) is a security mechanism used to define which users or system processes are granted access to objects, such as files, directories, or network resources, and what operations they can perform on those objects. ACLs function by maintaining a list of permissions attached to each object, specifying the access rights of various entities—like users, groups, or network traffic—thereby providing fine-grained control over who can read, write, execute, or modify the resources. This method is essential in enforcing security policies, reducing unauthorized access, and ensuring that only legitimate users can interact with sensitive data or systems.\n\nLearn more from the following resources:",
"links": [
{
"title": "Access Control List: Definition, Types & Usages",
"url": "https://www.okta.com/uk/identity-101/access-control-list/",
"type": "article"
},
{
"title": "Access Control Lists",
"url": "https://www.youtube.com/watch?v=IwLyr0mKK1w",
"type": "video"
}
]
},
"tWDo5R3KU5KOjDdtv801x": {
"title": "Firewall & Nextgen Firewall",
"description": "Firewalls are network security devices that monitor and control incoming and outgoing traffic based on predetermined security rules. Traditional firewalls operate at the network layer, filtering traffic based on IP addresses, ports, and protocols. They provide basic protection by creating a barrier between trusted internal networks and untrusted external networks.\n\nNext-generation firewalls (NGFWs) build upon this foundation, offering more advanced features to address modern cyber threats. NGFWs incorporate deep packet inspection, application-level filtering, and integrated intrusion prevention systems. They can identify and control applications regardless of port or protocol, enabling more granular security policies. NGFWs often include additional security functions such as SSL/TLS inspection, antivirus scanning, and threat intelligence integration. This evolution allows for more comprehensive network protection, better visibility into network traffic, and improved defense against sophisticated attacks in today's complex and dynamic threat landscape.\n\nLearn more from the following resources:",
"links": [
{
"title": "What is a firewall?",
"url": "https://www.kaspersky.com/resource-center/definitions/firewall",
"type": "article"
},
{
"title": "What is a next-generation firewall (NGFW)?",
"url": "https://www.cloudflare.com/en-gb/learning/security/what-is-next-generation-firewall-ngfw/",
"type": "article"
}
]
},
"l5EnhOCnkN-RKvgrS9ylH": {
"title": "HIPS",
"description": "A Host Intrusion Prevention System (HIPS) is a security solution designed to monitor and protect individual host devices, such as servers, workstations, or laptops, from malicious activities and security threats. HIPS actively monitors system activities and can detect, prevent, and respond to unauthorized or anomalous behavior by employing a combination of signature-based, behavior-based, and heuristic detection methods.\n\nHIPS operates at the host level, providing a last line of defense by securing the individual endpoints within a network. It is capable of preventing a wide range of attacks, including zero-day exploits, malware infections, unauthorized access attempts, and policy violations.\n\nVisit the following resources to learn more:",
"links": [
{
"title": "What is an Intrusion Prevention System?",
"url": "https://www.paloaltonetworks.com/cyberpedia/what-is-an-intrusion-prevention-system-ips",
"type": "article"
},
{
"title": "What is Host intrusion prevention system (HIPS)?",
"url": "https://cyberpedia.reasonlabs.com/EN/host%20intrusion%20prevention%20system%20(hips).html",
"type": "article"
}
]
},
"LIPtxl_oKZRcbvXT4EdNf": {
"title": "NIDS",
"description": "A Network Intrusion Detection System (NIDS) is a security solution designed to monitor and analyze network traffic for signs of suspicious activity or potential threats. NIDS operates by inspecting the data packets that flow through a network, looking for patterns that match known attack signatures or anomalies that could indicate malicious behavior. Unlike a Host Intrusion Detection System (HIDS), which focuses on individual host devices, NIDS provides a broader view by monitoring network traffic across multiple systems and devices.\n\nVisit the following resources to learn more:",
"links": [
{
"title": "What is an Intrusion Detection System?",
"url": "https://www.paloaltonetworks.com/cyberpedia/what-is-an-intrusion-detection-system-ids",
"type": "article"
},
{
"title": "What is a Network Intrusion Detection system (NIDS)?",
"url": "https://bunny.net/academy/security/what-is-network-intrusion-detection-nids/",
"type": "article"
}
]
},
"7w9qj16OD4pUzq-ItdxeK": {
"title": "NIPS",
"description": "A **Network Intrusion Prevention System (NIPS)** is a security technology designed to monitor, detect, and prevent malicious activities or policy violations on a network. Unlike intrusion detection systems (IDS), which only alert on potential threats, a NIPS actively blocks or mitigates suspicious traffic in real-time. It analyzes network traffic patterns, inspects packet contents, and uses predefined signatures or behavioral analysis to identify threats. By preventing attacks such as malware, unauthorized access, and denial-of-service (DoS) attacks, a NIPS helps protect network integrity and maintain secure operations.\n\nLearn more from the following resources:",
"links": [
{
"title": "What is an Intrusion Prevention System?",
"url": "https://www.paloaltonetworks.co.uk/cyberpedia/what-is-an-intrusion-prevention-system-ips",
"type": "article"
},
{
"title": "Intrusion Prevention - SY0-601 CompTIA Security+",
"url": "https://www.youtube.com/watch?v=WPPSsFnWOYg",
"type": "video"
}
]
},
"jWl1VWkZn3n1G2eHq6EnX": {
"title": "Host Based Firewall",
"description": "A host-based firewall is a software application that runs directly on individual devices, such as computers, servers, or mobile devices, to control network traffic to and from that specific host. It acts as a security barrier, monitoring and filtering incoming and outgoing network connections based on predefined rules. Host-based firewalls provide an additional layer of protection beyond network firewalls, allowing for more granular control over each device's network activities. They can block unauthorized access attempts, prevent malware from communicating with command and control servers, and restrict applications from making unexpected network connections. This approach is particularly valuable in environments with mobile or remote workers, where devices may not always be protected by corporate network firewalls. However, managing host-based firewalls across numerous devices can be challenging, requiring careful policy configuration and regular updates to maintain effective security without impeding legitimate user activities.\n\nLearn more from the following resources:",
"links": [
{
"title": "What is a host-based firewall?",
"url": "https://www.paloaltonetworks.com/cyberpedia/what-is-a-host-based-firewall",
"type": "article"
},
{
"title": "Host-based Firewalls",
"url": "https://www.youtube.com/watch?v=aRHhm980oaE",
"type": "video"
}
]
},
"SLKwuLHHpC7D1FqrpPRAe": {
"title": "Sandboxing",
"description": "Sandboxing is a security technique where a program or code is isolated in a controlled environment, or \"sandbox,\" to prevent it from affecting other parts of the system. This isolation allows suspicious or untrusted code, such as software, scripts, or files, to be executed and analyzed safely without risking harm to the host system. Sandboxing is commonly used to detect malware or test potentially harmful applications in cybersecurity.\n\nVisit the following resources to learn more:",
"links": [
{
"title": "What is Sandboxing?",
"url": "https://www.checkpoint.com/cyber-hub/threat-prevention/what-is-sandboxing/",
"type": "article"
},
{
"title": "Sandboxing in under 4 minutes",
"url": "https://www.youtube.com/watch?v=kn32PHG2wcU",
"type": "video"
}
]
},
"1jwtExZzR9ABKvD_S9zFG": {
"title": "EAP vs PEAP",
"description": "EAP and PEAP are both authentication frameworks used in wireless networks and Point-to-Point connections to provide secure access. EAP is a flexible authentication framework that supports multiple authentication methods, such as token cards, certificates, and passwords, allowing for diverse implementations in network security. However, EAP by itself does not provide encryption, leaving the authentication process potentially vulnerable to attacks.\n\nPEAP, on the other hand, is a version of EAP designed to enhance security by encapsulating the EAP communication within a secure TLS (Transport Layer Security) tunnel. This tunnel protects the authentication process from eavesdropping and man-in-the-middle attacks. PEAP requires a server-side certificate to establish the TLS tunnel, but it does not require client-side certificates, making it easier to deploy while still ensuring secure transmission of credentials. PEAP is widely used in wireless networks to provide a secure authentication mechanism that protects user credentials during the authentication process.\n\nLearn more from the following resources:",
"links": [
{
"title": "Extensible Authentication Protocol (EAP) for network access",
"url": "https://learn.microsoft.com/en-us/windows-server/networking/technologies/extensible-authentication-protocol/network-access?tabs=eap-tls%2Cserveruserprompt-eap-tls%2Ceap-sim",
"type": "article"
},
{
"title": "What is Protected Extensible Authentication Protocol (PEAP)",
"url": "https://www.techtarget.com/searchsecurity/definition/PEAP-Protected-Extensible-Authentication-Protocol",
"type": "article"
}
]
},
"HSCGbM2-aTnJWUX6jGaDP": {
"title": "WPS",
"description": "Wi-Fi Protected Setup (WPS) is a network security standard designed to make it easier to connect devices to a secure wireless network. It allows users to add devices to a Wi-Fi network using a simple setup process, typically involving pressing a WPS button on the router and the device or entering a PIN. While WPS simplifies the connection process, it has known security vulnerabilities, which can potentially be exploited to gain unauthorized access to the network.\n\nVisit the following resources to learn more:",
"links": [
{
"title": "What Is WPS and Why Is It Dangerous?",
"url": "https://blog.pulsarsecurity.com/what-is-wps-why-is-it-dangerous",
"type": "article"
},
{
"title": "WPS – What is it, and how does it work?",
"url": "https://passwork.pro/blog/what-is-wps/",
"type": "article"
},
{
"title": "What is WPS in WiFi",
"url": "https://www.youtube.com/watch?v=pO1r4PWf2yg",
"type": "video"
}
]
},
"MBnDE0VyVh2u2p-r90jVk": {
"title": "WPA vs WPA2 vs WPA3 vs WEP",
"description": "WEP (Wired Equivalent Privacy) is an outdated and insecure wireless encryption standard that was the first to secure Wi-Fi networks but is now considered highly vulnerable to attacks. WPA (Wi-Fi Protected Access) improved upon WEP with stronger encryption and authentication methods, but it still had some security weaknesses. WPA2, the successor to WPA, introduced more robust encryption with the Advanced Encryption Standard (AES) and improved security overall. WPA3, the latest standard, offers enhanced security features such as stronger encryption, improved protection against brute-force attacks, and better security for public networks. Each successive standard provides increased security and protection for wireless networks.\n\nVisit the following resources to learn more:",
"links": [
{
"title": "What Is Wi-Fi Security? WEP, WPA, WPA2 & WPA3 Differences",
"url": "https://nilesecure.com/network-security/what-is-wi-fi-security-wep-wpa-wpa2-wpa3-differences",
"type": "article"
},
{
"title": "WiFi Security: What is WEP, WPA, and WPA2",
"url": "https://www.youtube.com/watch?v=jErjdGfbgoE",
"type": "video"
}
]
},
"w6V4JOtXKCMPAkKIQxvMg": {
"title": "Preparation",
"description": "The **Preparation** phase in incident response involves establishing and maintaining the tools, policies, and procedures necessary to handle security incidents effectively. This includes creating an incident response plan, defining roles and responsibilities, training staff, and ensuring that appropriate technologies, such as monitoring systems and logging tools, are in place to detect and respond to incidents. Preparation also involves conducting regular drills, threat intelligence gathering, and vulnerability assessments to enhance readiness, ensuring the organization is equipped to mitigate potential security threats quickly and efficiently.\n\nLearn more from the following resources:",
"links": [
{
"title": "",
"url": "https://www.microsoft.com/en-gb/security/business/security-101/what-is-incident-response",
"type": "article"
},
{
"title": "",
"url": "https://www.youtube.com/watch?v=ePZGqlcB1O8",
"type": "video"
}
]
},
"XsRoldaBXUSiGbvY1TjQd": {
"title": "Identification",
"description": "Identification refers to the process of detecting and recognizing that a security breach or anomalous activity has occurred within a network or system. This is the initial step in the incident response process, where security tools, monitoring systems, or alert mechanisms, such as Intrusion Detection Systems (IDS), log analysis, or user reports, indicate potential malicious activity. Effective identification is critical as it determines the subsequent steps in addressing the incident, such as containment, eradication, and recovery. Prompt and accurate identification helps minimize the impact of the incident, reducing downtime, data loss, and the overall damage to the organization.\n\nLearn more from the following resources:",
"links": [
{
"title": "How to identify Cybersecurity vulnerabilities",
"url": "https://fieldeffect.com/blog/how-to-identify-cybersecurity-vulnerabilities",
"type": "article"
},
{
"title": "What is an Intrusion Detection System",
"url": "https://www.ibm.com/topics/intrusion-detection-system",
"type": "article"
}
]
},
"l7WnKuR2HTD4Vf9U2TxkK": {
"title": "Containment",
"description": "Containment in cybersecurity refers to the process of limiting the impact of a security incident by isolating affected systems, networks, or data to prevent further spread or damage. When a breach or malware infection is detected, containment strategies are quickly implemented to halt the attack's progress, often by disconnecting compromised systems from the network, blocking malicious traffic, or restricting user access. Containment is a critical step in incident response, allowing security teams to control the situation while they investigate the root cause, assess the extent of the breach, and prepare for remediation. Effective containment minimizes the potential harm to the organization, preserving the integrity of unaffected systems and data.\n\nLearn more from the following resources:",
"links": [
{
"title": "Microsoft security incident management: Containment, eradication, and recovery",
"url": "https://learn.microsoft.com/en-us/compliance/assurance/assurance-sim-containment-eradication-recovery",
"type": "article"
},
{
"title": "Containment - AWS",
"url": "https://docs.aws.amazon.com/whitepapers/latest/aws-security-incident-response-guide/containment.html",
"type": "article"
}
]
},
"N17xAIo7sgbB0nrIDMWju": {
"title": "Eradication",
"description": "Eradication in cybersecurity refers to the critical phase of incident response that follows containment, focusing on completely removing the threat from the affected systems. This process involves thoroughly identifying and eliminating all components of the attack, including malware, backdoors, and any alterations made to the system. Security teams meticulously analyze logs, conduct forensic examinations, and use specialized tools to ensure no traces of the threat remain. Eradication may require reimaging compromised systems, patching vulnerabilities, updating software, and resetting compromised credentials. It's a complex and often time-consuming process that demands precision to prevent reinfection or lingering security gaps. Successful eradication is crucial for restoring system integrity and preventing future incidents based on the same attack vector. After eradication, organizations typically move to the recovery phase, rebuilding and strengthening their systems with lessons learned from the incident.\n\nLearn more from the following resources:",
"links": [
{
"title": "Eradication - AWS",
"url": "https://docs.aws.amazon.com/whitepapers/latest/aws-security-incident-response-guide/eradication.html",
"type": "article"
},
{
"title": "What is eradication in Cybersecurity?",
"url": "https://heimdalsecurity.com/blog/what-is-eradication-in-cybersecurity/",
"type": "article"
}
]
},
"vFjbZAJq8OfLb3_tsc7oT": {
"title": "Recovery",
"description": "The recovery phase of incident response focuses on restoring affected systems and services to normal operation, which involves repairing systems, recovering data from backups, validating functionality, and communicating with stakeholders. This phase also includes conducting a post-incident review to document lessons learned and update response plans to improve future preparedness. The aim is to minimize downtime, ensure data integrity, and return to normal operations efficiently.\n\nLearn more from the following resources:",
"links": [
{
"title": "Incident Response Plan: Framework and Steps",
"url": "https://www.crowdstrike.com/cybersecurity-101/incident-response/incident-response-steps/",
"type": "article"
},
{
"title": "Incident Response Process",
"url": "https://www.youtube.com/watch?v=fU_w8Ou9RVg",
"type": "video"
}
]
},
"ErRol7AT02HTn3umsPD_0": {
"title": "Lessons Learned",
"description": "The final and vital step of the incident response process is reviewing and documenting the \"lessons learned\" after a cybersecurity incident. In this phase, the incident response team conducts a thorough analysis of the incident, identifies key points to be learned, and evaluates the effectiveness of the response plan. These lessons allow organizations to improve their security posture, making them more resilient to future threats. Below, we discuss the main aspects of the lessons learned phase:\n\nPost-Incident Review\n--------------------\n\nOnce the incident has been resolved, the incident response team gathers to discuss and evaluate each stage of the response. This involves examining the actions taken, any issues encountered, and the efficiency of communication channels. This stage helps in identifying areas for improvement in the future.\n\nRoot Cause Analysis\n-------------------\n\nUnderstanding the root cause of the security incident is essential to prevent similar attacks in the future. The incident response team should analyze and determine the exact cause of the incident, how the attacker gained access, and what vulnerabilities were exploited. This will guide organizations in implementing proper security measures and strategies to minimize risks of a reoccurrence.\n\nUpdate Policies and Procedures\n------------------------------\n\nBased on the findings of the post-incident review and root cause analysis, the organization should update its security policies, procedures, and incident response plan accordingly. This may involve making changes to access controls, network segmentation, vulnerability management, and employee training programs.\n\nConduct Employee Training\n-------------------------\n\nSharing the lessons learned with employees raises awareness and ensures that they have proper knowledge and understanding of the organization's security policies and procedures. Regular training sessions and awareness campaigns should be carried out to enhance employee cybersecurity skills and reinforce best practices.\n\nDocument the Incident\n---------------------\n\nIt's crucial to maintain accurate and detailed records of security incidents, including the measures taken by the organization to address them. This documentation serves as evidence of the existence of an effective incident response plan, which may be required for legal, regulatory, and compliance purposes. Furthermore, documenting incidents helps organizations to learn from their experience, assess trends and patterns, and refine their security processes.\n\nIn conclusion, the lessons learned phase aims to identify opportunities to strengthen an organization's cybersecurity framework, prevent similar incidents from happening again, and continuously improve the incident response plan. Regular reviews of cybersecurity incidents contribute to building a robust and resilient security posture, mitigating risks and reducing the impact of cyber threats on the organization's assets and operations.",
"links": []
},
"zqRaMmqcLfx400kJ-h0LO": {
"title": "Zero Day",
"description": "A zero-day vulnerability is a software security flaw unknown to the vendor and exploit developers, leaving it unpatched and potentially exploitable. When attackers discover and exploit such a vulnerability before the software creator can develop and release a fix, it's called a zero-day attack. These attacks are particularly dangerous because they take advantage of the window between discovery and patching, during which systems are highly vulnerable. Zero-days are prized in cybercriminal circles and can be used for various malicious purposes, including data theft, system compromise, or as part of larger attack campaigns. Defending against zero-days often requires proactive security measures, as traditional signature-based defenses are ineffective against unknown threats.\n\nLearn more from the following resources:",
"links": [
{
"title": "What is a Zero-day Attack?",
"url": "https://www.kaspersky.com/resource-center/definitions/zero-day-exploit",
"type": "article"
},
{
"title": "What is a Zero Day Threat?",
"url": "https://www.youtube.com/watch?v=w5MV1Jeo76g",
"type": "video"
}
]
},
"HPlPGKs7NLqmBidHJkOZg": {
"title": "Known vs Unknown",
"description": "\"known\" and \"unknown\" refer to the classification of threats based on the visibility and familiarity of the attack or vulnerability.\n\n* **Known Threats** are those that have been previously identified and documented, such as malware signatures, vulnerabilities, or attack patterns. Security solutions like antivirus software and intrusion detection systems typically rely on databases of known threats to recognize and block them. These threats are easier to defend against because security teams have the tools and knowledge to detect and mitigate them.\n \n* **Unknown Threats**, on the other hand, refer to new, emerging, or sophisticated threats that have not been previously encountered or documented. These can include zero-day vulnerabilities, which are software flaws not yet known to the vendor or the public, or advanced malware designed to evade traditional defenses. Unknown threats require more advanced detection techniques, such as behavioral analysis, machine learning, or heuristic-based detection, to identify anomalies and suspicious activities that don't match known patterns.\n \n\nLearn more from the following resources:",
"links": [
{
"title": "Detecting known threats",
"url": "https://www.youtube.com/watch?v=hOaHDVMQ9_s",
"type": "video"
},
{
"title": "How to deal with unknown threats",
"url": "https://www.youtube.com/watch?v=CH4tX_MVLh0",
"type": "video"
}
]
},
"l0BvDtwWoRSEjm6O0WDPy": {
"title": "APT",
"description": "Advanced Persistent Threats, or APTs, are a class of cyber threats characterized by their persistence over a long period, extensive resources, and high level of sophistication. Often associated with nation-state actors, organized cybercrime groups, and well-funded hackers, APTs are primarily focused on targeting high-value assets, such as critical infrastructure, financial systems, and government agencies.\n\nLearn more from the following resources:",
"links": [
{
"title": "Advanced Persistent Threat (APT)",
"url": "https://www.crowdstrike.com/cybersecurity-101/advanced-persistent-threat-apt/",
"type": "article"
},
{
"title": "What is an Advanced Persistent Threat?",
"url": "https://www.youtube.com/watch?v=sGthMsDlqew",
"type": "video"
}
]
},
"rxzcAzHjzIc9lkWSw0fef": {
"title": "VirusTotal",
"description": "VirusTotal's main feature is multi-scanning using over 70 antivirus scanners to generate a cumulative report on whether a file is malicious. It also stores file hashes, eliminating the need to rescan previously uploaded files. Researchers can comment in the community, sharing their analysis and insights into malware for others to benefit from. VirusTotal's aggregated data comes from various antivirus engines, website scanners, file and URL analysis tools, and user contributions. These tools serve diverse purposes, including heuristic engines, known-bad signatures, metadata extraction, and identification of malicious signals. Additionally, VirusTotal offers services to search by file hash, IP address, and URL, which are also scanned. For more comprehensive features, VirusTotal provides Premium services such as Intelligence & Hunting.\n\nVisit the following resources to learn more:",
"links": [
{
"title": "VirusTotal's Docs on how VirusTotal Works",
"url": "https://docs.virustotal.com/docs/how-it-works",
"type": "article"
},
{
"title": "VirusTotal's website",
"url": "https://www.virustotal.com",
"type": "article"
},
{
"title": "@CISA's definition of VirusTotal",
"url": "https://www.cisa.gov/resources-tools/services/virustotal",
"type": "article"
},
{
"title": "Walkthrough VirusTotal Intelligence Interface",
"url": "https://www.youtube.com/watch?v=WoHVM8pCfsQ",
"type": "video"
}
]
},
"h__KxKa0Q74_egY7GOe-L": {
"title": "Joe Sandbox",
"description": "Joe Sandbox is an advanced malware analysis platform that allows security professionals to analyze suspicious files, URLs, and documents in a controlled and isolated environment known as a sandbox. This platform provides in-depth behavioral analysis by executing the potentially malicious code in a virtualized environment to observe its actions, such as file modifications, network communications, and registry changes, without risking the integrity of the actual network or systems. Joe Sandbox supports a wide range of file types and can detect and analyze complex, evasive malware that may attempt to avoid detection in less sophisticated environments. The insights generated from Joe Sandbox are crucial for understanding the nature of the threat, aiding in the development of countermeasures, and enhancing overall cybersecurity defenses.\n\nLearn more from the following resources:",
"links": [
{
"title": "Joe Sandbox Website",
"url": "https://www.joesandbox.com/#windows",
"type": "article"
},
{
"title": "Cybersecurity Sandbox for Security Analysts",
"url": "https://www.youtube.com/watch?v=FJGmRzY1igY",
"type": "video"
}
]
},
"GZHFR43UzN0WIIxGKZOdX": {
"title": "any.run",
"description": "ANY.RUN is an interactive online malware analysis platform that allows users to safely execute and analyze suspicious files and URLs in a controlled, virtualized environment. This sandbox service provides real-time insights into the behavior of potentially malicious software, such as how it interacts with the system, what files it modifies, and what network connections it attempts to make. Users can observe and control the analysis process, making it a valuable tool for cybersecurity professionals to identify and understand new threats, assess their impact, and develop appropriate countermeasures. ANY.RUN is particularly useful for dynamic analysis, enabling a deeper understanding of malware behavior in real-time.\n\nLearn more from the following resources:",
"links": [
{
"title": "ANY.RUN Website",
"url": "https://any.run/",
"type": "article"
},
{
"title": "Malware analysis with ANY.RUN",
"url": "https://www.youtube.com/watch?v=QH_u7DHKzzI",
"type": "video"
}
]
},
"lFt1k1Q-NlWWqyDA3gWD1": {
"title": "urlvoid",
"description": "UrlVoid is an online service that evaluates and analyzes websites to assess their safety and reputation. By checking a URL against various security databases and services, UrlVoid provides a summary of potential risks, such as malware, phishing, or blacklisting. This helps users identify and avoid potentially harmful or malicious websites.\n\nVisit the following resources to learn more:",
"links": [
{
"title": "UrlVoid",
"url": "https://www.urlvoid.com/",
"type": "article"
},
{
"title": "How to Check a Suspicious Web Link Without Clicking It",
"url": "https://www.youtube.com/watch?v=C1D0tNnTDe4",
"type": "video"
}
]
},
"lMiW2q-b72KUl-2S7M6Vb": {
"title": "urlscan",
"description": "[urlscan.io](http://urlscan.io) is a free service to scan and analyze websites. When a URL is submitted to [urlscan.io](http://urlscan.io), an automated process will browse to the URL like a regular user and record the activity that this page navigation creates. This includes the domains and IPs contacted, the resources (JavaScript, CSS, etc) requested from those domains, as well as additional information about the page itself. [urlscan.io](http://urlscan.io) will take a screenshot of the page, record the DOM content, JavaScript global variables, cookies created by the page, and a myriad of other observations. If the site is targeting the users one of the more than 900 brands tracked by [urlscan.io](http://urlscan.io), it will be highlighted as potentially malicious in the scan results.\n\nVisit the following resources to learn more:",
"links": [
{
"title": "urlscan.io",
"url": "https://urlscan.io/",
"type": "article"
},
{
"title": "Cybersecurity Tool for Beginner Security Analysts - URLScan",
"url": "https://www.youtube.com/watch?v=tA60bJstrQQ",
"type": "video"
}
]
},
"-RnlvUltJ9IDtH0HEnMbN": {
"title": "WHOIS",
"description": "WHOIS is a query and response protocol used to retrieve information about registered domain names, IP addresses, and autonomous systems on the Internet. It provides details such as the domain registrar, registration date, expiration date, and contact information for the domain owner (although this may be limited due to privacy protection). WHOIS databases are maintained by regional Internet registries and domain registrars. The protocol is commonly used by network administrators, cybersecurity professionals, and researchers for tasks like verifying domain ownership, investigating potential cyber threats, and gathering information for legal or business purposes. However, with the implementation of GDPR and other privacy regulations, some WHOIS information has become more restricted.\n\nLearn more from the following resources:",
"links": [
{
"title": "How to use the whois command on Linux",
"url": "https://www.howtogeek.com/680086/how-to-use-the-whois-command-on-linux/",
"type": "article"
},
{
"title": "Whois lookup",
"url": "https://www.whois.com/whois/",
"type": "article"
},
{
"title": "Passive Reconnaissance - Whois Lookup Tutorial",
"url": "https://www.youtube.com/watch?v=12MITs5KK40",
"type": "video"
}
]
},
"7obusm5UtHwWMcMMEB3lt": {
"title": "Phishing",
"description": "The technique where scammers pretend to be trusted organizations like your _bank_, _online retailers_ or a _government office_ in order to trick you into sharing your personal information like bank passcode, credit card number, Paypal password etc.\n\nVisit the following resources to learn more:",
"links": [
{
"title": "How to Recognize and Avoid Phishing Scams",
"url": "https://consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams",
"type": "article"
},
{
"title": "phishing - definition",
"url": "https://www.techtarget.com/searchsecurity/definition/phishing",
"type": "article"
},
{
"title": "Protect yourself from phishing",
"url": "https://support.microsoft.com/en-us/windows/protect-yourself-from-phishing-0c7ea947-ba98-3bd9-7184-430e1f860a44",
"type": "video"
},
{
"title": "Phishing attacks are SCARY easy to do!! (let me show you!)",
"url": "https://www.youtube.com/watch?v=u9dBGWVwMMA",
"type": "video"
}
]
},
"M65fCl72qlF0VTbGNT6du": {
"title": "Whishing",
"description": "Whishing, a portmanteau of \"wireless\" and \"phishing,\" is a cyber attack method that targets users of wireless networks, particularly public Wi-Fi hotspots. Attackers set up rogue wireless access points or compromise existing ones to intercept network traffic or redirect users to malicious websites. These fake hotspots often mimic legitimate ones, tricking users into connecting and potentially exposing their sensitive information. Whishing attacks can lead to theft of login credentials, financial data, or personal information. To protect against whishing, users are advised to avoid sensitive transactions on public Wi-Fi, use VPNs, verify network authenticity, and ensure HTTPS connections when browsing.\n\nLearn more from the following resources:",
"links": [
{
"title": "Wi-fi Phishing Explained",
"url": "https://it-explained.com/words/wi-fi-phishing-explained-explained",
"type": "article"
}
]
},
"KSwl6sX2W47vUmytpm8LH": {
"title": "Whaling",
"description": "Whaling is a specific type of phishing attack that targets high-profile individuals within an organization, such as executives, CEOs, or other senior leaders. The term \"whaling\" is derived from the idea of hunting large \"whales,\" as opposed to the more common \"phishing,\" which targets a broader range of users. Whaling attacks are highly sophisticated and often involve personalized emails or communications that appear legitimate, making them difficult to detect.\n\nVisit the following resources to learn more:",
"links": [
{
"title": "What is a Whaling Attack?",
"url": "https://usa.kaspersky.com/resource-center/definitions/what-is-a-whaling-attack",
"type": "article"
},
{
"title": "What is a whaling attack and how to stay protected",
"url": "https://www.youtube.com/watch?v=jQONycdUOAA",
"type": "video"
}
]
},
"d4U6Jq-CUB1nNN2OCFoum": {
"title": "Smishing",
"description": "Smishing, a portmanteau of \"SMS\" and \"phishing,\" is a form of cyber attack that uses text messages (SMS) to deceive recipients into divulging sensitive information or taking harmful actions. Attackers typically impersonate trusted entities like banks, government agencies, or popular services, urging victims to click on malicious links, download harmful apps, or provide personal data. These messages often create a sense of urgency or offer enticing rewards to manipulate recipients. Smishing exploits the trust people place in mobile communications and the limited security features of SMS. As mobile device usage increases, smishing has become a significant threat, requiring user awareness and caution when interacting with unsolicited text messages.\n\nLearn more from the following:",
"links": [
{
"title": "What is smishing (SMS phishing)?",
"url": "https://www.ibm.com/topics/smishing",
"type": "article"
},
{
"title": "What is smishing? How phishing via text message works",
"url": "https://www.youtube.com/watch?v=ZOZGQeG8avQ",
"type": "video"
}
]
},
"cbEMUyg_btIPjdx-XqIM5": {
"title": "Spam vs Spim",
"description": "Spam refers to unsolicited and often irrelevant messages sent over email, typically to a large number of recipients, with the purpose of advertising, phishing, spreading malware, or other malicious activities. Spam emails are usually sent by automated bots and are characterized by their bulk nature. Spim is a type of spam that specifically targets instant messaging (IM) platforms rather than email. Spim messages are unsolicited and typically used for advertising, phishing, or spreading malware. As instant messaging apps have grown in popularity, so too has the prevalence of Spim.\n\nVisit the following resources to learn more:",
"links": [
{
"title": "What Is Spam?",
"url": "https://www.proofpoint.com/us/threat-reference/spam",
"type": "article"
},
{
"title": "What Is Spim?",
"url": "https://www.brosix.com/blog/what-is-spim/",
"type": "article"
}
]
},
"FD0bkmxNpPXiUB_NevEUf": {
"title": "Shoulder Surfing",
"description": "In a Shoulder Surfing Attack, an attacker tries to get information when you are unaware of where the attacker looks over your shoulder or from your back to see what you're doing on your device and obtain sensitive information. Shoulder Surfing attacks are accomplished by observing the content \"over the victim's shoulder\". It is a social engineering attack where the attackers physically view the device screen and keypad to obtain personal information. This attack is mostly done when you are in a public place or crowded area. Sometimes attackers attack when you are busy on your device and the attacker could be your friend, someone you know or it may be some stranger.\n\nVisit the following resources to learn more:",
"links": [
{
"title": "What is shoulder surfing, and how can you avoid it?",
"url": "https://nordvpn.com/blog/shoulder-surfing/?srsltid=AfmBOorl5NPpW_Tnhas9gB2HiblorqwXyK0NJae7uaketrnDwbjJmiYV",
"type": "article"
},
{
"title": "What is Shoulder Surfing?",
"url": "https://www.mcafee.com/learn/what-is-shoulder-surfing/",
"type": "article"
},
{
"title": "What is Shoulder Surfing? 9 ways to protect yourself",
"url": "https://www.bigrock.in/blog/products/security/what-is-shoulder-surfing-9-ways-to-protect-yourself-from-shoulder-surfing/",
"type": "article"
}
]
},
"Iu0Qtk13RjrhHpSlm0uyh": {
"title": "Dumpster Diving",
"description": "Dumpster Diving in the context of cybersecurity refers to the practice of searching through discarded materials in trash or recycling bins to find confidential information. This technique may seem unsophisticated, but it can be extremely effective in obtaining valuable data such as passwords, account information, network diagrams, or any other sensitive information that has not been properly destroyed.\n\nVisit the following resources to learn more:",
"links": [
{
"title": "What is Dumpster Diving",
"url": "https://powerdmarc.com/dumpster-diving-in-cybersecurity/",
"type": "article"
},
{
"title": "Dumpster diving for sensitive information",
"url": "https://www.youtube.com/watch?v=Pom86gq4mk4",
"type": "video"
}
]
},
"o-keJgF9hmifQ_hUD91iN": {
"title": "Tailgating",
"description": "Tailgating is the act of getting access to a restricted area by simply following an authorized person. This is a common social engineering technique used by attackers to gain physical access to a building or a restricted area. The attacker waits for an authorized person to open the door and then follows them inside. This technique is effective because it is based on trust and the assumption that the attacker is an authorized person.\n\nLearn more from the following resources:",
"links": [
{
"title": "Tailgating attacks",
"url": "https://www.proofpoint.com/us/threat-reference/tailgating-attacks-cybersecurity",
"type": "article"
},
{
"title": "Tailgating and Piggybacking - Social Engineering Tactics Explained",
"url": "https://www.youtube.com/watch?v=4SpvulRcVQ0",
"type": "video"
}
]
},
"v9njgIxZyabJZ5iND3JGc": {
"title": "Zero day",
"description": "A zero-day vulnerability is a software security flaw unknown to the vendor and exploit developers, leaving it unpatched and potentially exploitable. When attackers discover and exploit such a vulnerability before the software creator can develop and release a fix, it's called a zero-day attack. These attacks are particularly dangerous because they take advantage of the window between discovery and patching, during which systems are highly vulnerable. Zero-days are prized in cybercriminal circles and can be used for various malicious purposes, including data theft, system compromise, or as part of larger attack campaigns. Defending against zero-days often requires proactive security measures, as traditional signature-based defenses are ineffective against unknown threats.\n\nLearn more from the following resources:",
Add content to cyber security roadmap (#6757) * Update dns.md - Fix the YouTube video link error and update the video title. * Update understand-cia-triad.md * Update comptia-security.md - Fix all broken links. - Update Exam Details. - Add new links. - Remove outdated links. * Update comptia-network.md - Update Exam Details. - Preparation Resources. - New links. * Update dnssec.md - summarized content. - relevant links. * Update apt.md - New section - Added a new link * Update comptia-a.md - Updated Professor Messer's link - New links added * Apply suggestions from code review * Update attck.md - new content. - relevant links. * Update src/data/roadmaps/cyber-security/content/attck@auR7fNyd77W2UA-PjXeJS.md * Update linux.md, comptia-linux.md and understand-the-osi-model.md Update linux.md - New Links - Remove Google Analytics parameters from link Update comptia-linux.md - Links updated Update understand-the-osi-model.md - New link * Update cissp.md - new resources links * Update src/data/roadmaps/cyber-security/content/cissp@BqvijNoRzSGYLCMP-6hhr.md * update basics-of-ids-and-ips.md - new links * update endpoint-security.md - new links * update edr.md - new text and links. update ssl-and-tls-basics.md - new links update ssl--tls.md - new links update dropbox.md - official link * ipsec.md - new content - new link kali-linux.md - new content linux.md - fix typo * Update src/data/roadmaps/cyber-security/content/kali-linux@w6wXkoLrv0_d-Ah0txUHd.md * change the CEH position to CISSP This is a suggestion, I believe that CEH appears as a highlight due to the larger space and this bothers many people. CISSP is a top professional-level certification in the field of cybersecurity and the the most respected certificate in the IT security field. He really deserves his place in the spotlight. * update xss.md, privilege-escalation.md, wlan.md and others update xss.md - new content update privilege-escalatio.md - new link update core-concepts-of-zero-trust.md - new link update zero-day.md - new content Note: This second zero-day topic is a subset of the "Attack Types and Differences" topic, so the content is minimal compared to the zero-day%40zqRaMmqcLfx400kJ-h0LO.md update wifi.md - new video link update wlan.md - new video links ( professor messer ) * update vpn.md, web-based-attacks-and-owasp.md update vpn.md - new links update web-based-attacks-and-owasp.md - new links * chore: update roadmap content json --------- Co-authored-by: dsh <daniel.s.holdsworth@gmail.com> Co-authored-by: Kamran Ahmed <kamranahmed.se@gmail.com> Co-authored-by: andreluis-oliveira <andreluis-oliveira@users.noreply.github.com>
4 months ago
"links": [
{
"title": "What is a Zero-day Attack?",
"url": "https://www.kaspersky.com/resource-center/definitions/zero-day-exploit",
"type": "article"
},
{
"title": "What is a Zero Day Threat?",
"url": "https://www.youtube.com/watch?v=w5MV1Jeo76g",
Add content to cyber security roadmap (#6757) * Update dns.md - Fix the YouTube video link error and update the video title. * Update understand-cia-triad.md * Update comptia-security.md - Fix all broken links. - Update Exam Details. - Add new links. - Remove outdated links. * Update comptia-network.md - Update Exam Details. - Preparation Resources. - New links. * Update dnssec.md - summarized content. - relevant links. * Update apt.md - New section - Added a new link * Update comptia-a.md - Updated Professor Messer's link - New links added * Apply suggestions from code review * Update attck.md - new content. - relevant links. * Update src/data/roadmaps/cyber-security/content/attck@auR7fNyd77W2UA-PjXeJS.md * Update linux.md, comptia-linux.md and understand-the-osi-model.md Update linux.md - New Links - Remove Google Analytics parameters from link Update comptia-linux.md - Links updated Update understand-the-osi-model.md - New link * Update cissp.md - new resources links * Update src/data/roadmaps/cyber-security/content/cissp@BqvijNoRzSGYLCMP-6hhr.md * update basics-of-ids-and-ips.md - new links * update endpoint-security.md - new links * update edr.md - new text and links. update ssl-and-tls-basics.md - new links update ssl--tls.md - new links update dropbox.md - official link * ipsec.md - new content - new link kali-linux.md - new content linux.md - fix typo * Update src/data/roadmaps/cyber-security/content/kali-linux@w6wXkoLrv0_d-Ah0txUHd.md * change the CEH position to CISSP This is a suggestion, I believe that CEH appears as a highlight due to the larger space and this bothers many people. CISSP is a top professional-level certification in the field of cybersecurity and the the most respected certificate in the IT security field. He really deserves his place in the spotlight. * update xss.md, privilege-escalation.md, wlan.md and others update xss.md - new content update privilege-escalatio.md - new link update core-concepts-of-zero-trust.md - new link update zero-day.md - new content Note: This second zero-day topic is a subset of the "Attack Types and Differences" topic, so the content is minimal compared to the zero-day%40zqRaMmqcLfx400kJ-h0LO.md update wifi.md - new video link update wlan.md - new video links ( professor messer ) * update vpn.md, web-based-attacks-and-owasp.md update vpn.md - new links update web-based-attacks-and-owasp.md - new links * chore: update roadmap content json --------- Co-authored-by: dsh <daniel.s.holdsworth@gmail.com> Co-authored-by: Kamran Ahmed <kamranahmed.se@gmail.com> Co-authored-by: andreluis-oliveira <andreluis-oliveira@users.noreply.github.com>
4 months ago
"type": "video"
}
]
},
"O1VceThdxRlgQ6DcGyY7Y": {
"title": "Social Engineering",
"description": "Social Engineering is a manipulation technique that exploits human psychology to gain access to confidential information, systems, or physical locations. Unlike traditional hacking methods that rely on technical skills, social engineering primarily focuses on deceiving or tricking individuals into revealing sensitive information or performing actions that compromise security.\n\nVisit the following resources to learn more:",
"links": [
{
"title": "What Is Social Engineering?",
"url": "https://www.cisco.com/c/en/us/products/security/what-is-social-engineering.html",
"type": "article"
},
{
"title": "Social Engineering Explained",
"url": "https://www.youtube.com/shorts/DdCSraNCxhs",
"type": "video"
}
]
},
"UU_inxa8Y2lLP2BRhdLDT": {
"title": "Reconnaissance",
"description": "Reconnaissance is the first phase of a cyberattack, during which attackers gather as much information as possible about a target system, network, or organization. The goal of reconnaissance is to identify potential vulnerabilities, entry points, and other valuable details that can be exploited in subsequent attack phases.\n\nVisit the following resources to learn more:",
"links": [
{
"title": "What is Cyber Reconnaissance",
"url": "https://www.sentinelone.com/cybersecurity-101/threat-intelligence/what-is-cyber-reconnaissance/",
"type": "article"
}
]
},
"ZEgxmvjWPp5NofLFz_FTJ": {
"title": "Impersonation",
"description": "Impersonation in cybersecurity refers to an attack technique where a threat actor pretends to be a legitimate person or entity to deceive individuals, systems, or organizations. This tactic is commonly used in social engineering attacks to gain unauthorized access to sensitive information, resources, or systems.\n\nVisit the following resources to learn more:",
"links": [
{
"title": "What is an Impersonation Attack?",
"url": "https://www.upguard.com/blog/impersonation-attack",
"type": "article"
}
]
},
"dcvuKHq0nHgHLcLwtl4IJ": {
"title": "Watering Hole Attack",
"description": "Watering Hole Attack is a type of cyberattack where the attacker targets a specific group of users by compromising a website or online resource that they are known to frequently visit. The name \"watering hole\" comes from the idea of predators waiting by a water source to attack prey, similar to how attackers wait for their targets to visit a compromised site.\n\nVisit the following resources to learn more:",
"links": [
{
"title": "What is a watering hole attack?",
"url": "https://www.techtarget.com/searchsecurity/definition/watering-hole-attack",
"type": "article"
},
{
"title": "Watering Hole Attacks",
"url": "https://www.youtube.com/watch?v=uBoVWqkfZjk",
"type": "video"
}
]
},
"cO70zHvHgBAH29khF-hBW": {
"title": "Drive by Attack",
"description": "Drive-by Attack is a type of cyberattack where malicious code is automatically downloaded and executed on a user's system simply by visiting a compromised or malicious website. The user does not need to click on anything or interact with the page; just loading the website is enough to trigger the attack.\n\nVisit the following resources to learn more:",
"links": [
{
"title": "What is a Drive-By Attack?",
"url": "https://www.ericom.com/glossary/what-is-a-drive-by-attack/",
"type": "article"
},
{
"title": "Drive-By Download attack",
"url": "https://www.youtube.com/watch?v=xL4DyblbnKg",
"type": "video"
}
]
},
"0LeDwj_tMaXjQBBOUJ5CL": {
"title": "Typo Squatting",
"description": "Typosquatting is a form of cyberattack that exploits common typing errors made by users when entering website URLs into their browsers. Attackers create malicious websites with URLs that are very similar to legitimate ones, often differing by just a single letter, number, or symbol. When a user accidentally mistypes a URL, they may be redirected to the malicious site, where they can be subjected to phishing attacks, malware downloads, or other forms of cyber exploitation.\n\nVisit the following resources to learn more:",
"links": [
{
"title": "What is Typosquatting",
"url": "https://www.mcafee.com/learn/what-is-typosquatting/#:~:text=Typosquatting%2C%20also%20known%20as%20URL,%E2%80%9CGoogle.com%E2%80%9D",
"type": "article"
}
]
},
"Q0i-plPQkb_NIvOQBVaDd": {
"title": "Brute Force vs Password Spray",
"description": "What is Brute Force?\n--------------------\n\nBrute Force is a method of password cracking where an attacker systematically tries all possible combinations of characters until the correct password is found. This method is highly resource-intensive, as it involves attempting numerous password variations in a relatively short period of time.\n\nWhat is Password Spray?\n-----------------------\n\nPassword Spray is a more targeted and stealthy method of password cracking where an attacker tries a small number of common passwords across many different accounts. Instead of bombarding a single account with numerous password attempts (as in brute force), password spraying involves using one or a few passwords against multiple accounts.\n\nVisit the following resources to learn more:",
"links": [
{
"title": "Brute force vs. Password Spray attack",
"url": "https://www.inspark.nl/brute-force-vs-password-spray-attack-in-azure-sentinel/",
"type": "article"
},
{
"title": "What is password praying?",
"url": "https://www.techtarget.com/whatis/definition/password-spraying",
"type": "article"
},
{
"title": "What is a brute force attack?",
"url": "https://www.fortinet.com/resources/cyberglossary/brute-force-attack",
"type": "article"
}
]
},
"IF5H0ZJ72XnqXti3jRWYF": {
"title": "DoS vs DDoS",
"description": "Denial of Service (DoS) and Distributed Denial of Service (DDoS) are both types of cyber attacks aimed at disrupting the normal functioning of a targeted service, typically a website or network. A DoS attack involves a single source overwhelming a system with a flood of requests or malicious data, exhausting its resources and making it unavailable to legitimate users. In contrast, a DDoS attack amplifies this disruption by using multiple compromised devices, often forming a botnet, to launch a coordinated attack from numerous sources simultaneously. This distributed nature makes DDoS attacks more challenging to mitigate, as the traffic comes from many different locations, making it harder to identify and block the malicious traffic. Both types of attacks can cause significant downtime, financial loss, and reputational damage to the targeted organization.\n\nLearn more from the following resources:",
"links": [
{
"title": "DoS vs DDoS",
"url": "https://www.fortinet.com/resources/cyberglossary/dos-vs-ddos",
"type": "article"
},
{
"title": "What is Denial-of-Service attack?",
"url": "https://www.youtube.com/watch?v=Z7xG3b0aL_I",
"type": "video"
},
{
"title": "What is a DDoS attack?",
"url": "https://www.youtube.com/watch?v=z503nLsfe5s",
"type": "video"
}
]
},
"ODlVT6MhV-RVUbRMG0mHi": {
"title": "MITM",
"description": "A Man-in-the-Middle (MITM) attack occurs when a malicious actor intercepts communication between two parties, such as a user and a website, without their knowledge. The attacker can eavesdrop, alter, or inject false information into the communication, often to steal sensitive data like login credentials or manipulate transactions. MITM attacks are commonly executed through compromised Wi-Fi networks or by exploiting security vulnerabilities in protocols.\n\nVisit the following resources to learn more:",
"links": [
{
"title": "Wikipedia - Man-in-the-middle attack",
"url": "https://en.wikipedia.org/wiki/Man-in-the-middle_attack",
"type": "article"
}
]
},
"LteSouUtAj3JWWOzcjQPl": {
"title": "Spoofing",
"description": "Spoofing is a form of deception where someone or something pretends to be another person, device, or entity to mislead or gain an advantage. In technology and cybersecurity, it often involves falsifying information like an IP address, email, or website to trick a user or system into believing it’s interacting with a legitimate source. Spoofing can be used to steal sensitive data, gain unauthorized access, or disrupt communication.\n\nVisit the following resources to learn more:",
"links": [
{
"title": "Definition and Explanation of Spoofing",
"url": "https://www.kaspersky.com/resource-center/definitions/spoofing",
"type": "article"
},
{
"title": "What is spoofing?",
"url": "https://www.youtube.com/watch?v=jIS9XUC4TB4",
"type": "video"
}
]
},
"O1fY2n40yjZtJUEeoItKr": {
"title": "Evil Twin",
"description": "An Evil Twin is a type of wireless network attack where an attacker sets up a rogue Wi-Fi access point that mimics a legitimate Wi-Fi network. The rogue access point has the same SSID (network name) as the legitimate network, making it difficult for users to distinguish between the two. The attacker's goal is to trick users into connecting to the rogue access point, allowing them to intercept sensitive information, inject malware, or launch other types of attacks.\n\nLearn more from the following resources:",
"links": [
{
"title": "What is an Evil Twin attack?",
"url": "https://www.techtarget.com/searchsecurity/definition/evil-twin",
"type": "article"
},
{
"title": "How Hackers Can Grab Your Passwords Over Wi-Fi with Evil Twin Attacks",
"url": "https://www.youtube.com/watch?v=HyxQqDq3qs4",
"type": "video"
}
]
},
"urtsyYWViEzbqYLoNfQAh": {
"title": "DNS Poisoning",
"description": "DNS spoofing or DNS cache poisoning, occurs when fake information is inserted into a DNS server’s cache.This causes DNS queries to return incorrect IP addresses, directing users to the wrong websites. Hackers exploit this to reroute traffic to malicious sites. The issue persists until the cached information is corrected.When the cache is poisoned, it misdirects traffic until the incorrect information is fixed. This technique exploits vulnerabilities in the DNS system and can spread to other servers, causing widespread issues.\n\nVisit the following resources to learn more:",
"links": []
},
"LfWJJaT3fv0p6fUeS8b84": {
"title": "Deauth Attack",
"description": "A Deauthentication (Deauth) Attack is a type of denial-of-service (DoS) attack specific to wireless networks. It involves sending fake deauthentication frames to a Wi-Fi client or access point, forcing the client to disconnect from the network. The attacker uses this technique to disrupt the communication between the client and the access point, often with the intention of capturing data, launching further attacks, or simply causing disruption.\n\nVisit the following resources to learn more:",
"links": [
{
"title": "Wi-Fi Deauthentication Attack",
"url": "https://medium.com/@balaramapunna123/wi-fi-deauthentication-attack-76cdd91d5fc",
"type": "article"
},
{
"title": "Deauthentication Attacks",
"url": "https://www.baeldung.com/cs/deauthentication-attacks",
"type": "article"
}
]
},
"u4hySof6if5hiONSaW-Uf": {
"title": "VLAN Hopping",
"description": "VLAN hopping is a network attack where an attacker exploits vulnerabilities in the VLAN (Virtual Local Area Network) configuration to gain unauthorized access to traffic on different VLANs. By manipulating VLAN tagging, the attacker can \"hop\" from one VLAN to another, bypassing network segmentation. This can be achieved using methods like switch spoofing or double tagging, allowing the attacker to intercept, alter, or reroute traffic within a network that was supposed to be isolated.\n\nVisit the following resources to learn more:",
"links": [
{
"title": "What is VLAN Hopping?",
"url": "https://www.packetlabs.net/posts/what-is-vlan-hopping/",
"type": "article"
},
{
"title": "VLAN Hopping",
"url": "https://www.youtube.com/watch?v=pDumMKDK4Wc",
"type": "video"
}
]
},
"Ee7LfbhwJbiWjJ3b_bbni": {
"title": "Rogue Access Point",
"description": "A Rogue Access Point (Rogue AP) is an unauthorized wireless access point installed on a secure network without the network administrator's knowledge or consent. These devices can be set up by malicious actors to intercept, steal, or manipulate network traffic, or by employees who unintentionally compromise network security by setting up their own wireless access points.\n\nVisit the following resources to learn more:",
"links": [
{
"title": "Rogue access points",
"url": "https://www.khanacademy.org/computing/computers-and-internet/xcae6f4a7ff015e7d:online-data-security/xcae6f4a7ff015e7d:cyber-attacks/a/rogue-access-points-mitm-attacks",
"type": "article"
}
]
},
"n8ZOZxNhlnw7DpzoXe_f_": {
"title": "Buffer Overflow",
"description": "A Buffer Overflow is a type of vulnerability that occurs when a program or process attempts to write more data to a buffer—a temporary storage area in memory—than it can hold. This overflow can cause the extra data to overwrite adjacent memory locations, potentially leading to unintended behavior, crashes, or security breaches.\n\nVisit the following resources to learn more:",
"links": [
{
"title": "What Is Buffer Overflow?",
"url": "https://www.fortinet.com/resources/cyberglossary/buffer-overflow",
"type": "article"
},
{
"title": "Buffer Overflow Attack",
"url": "https://www.imperva.com/learn/application-security/buffer-overflow/",
"type": "article"
}
]
},
"nOND14t7ISgSH3zNpV3F8": {
"title": "Memory Leak",
"description": "A Memory Leak occurs when a computer program consumes memory but fails to release it back to the operating system after it is no longer needed. Over time, this can lead to reduced system performance, increased memory usage, and, in severe cases, the program or system may crash due to the exhaustion of available memory.",
"links": [
{
"title": "What are memory leaks?",
"url": "https://learn.snyk.io/lesson/memory-leaks/",
"type": "article"
},
{
"title": "What are memory leaks?",
"url": "https://www.youtube.com/watch?v=00Kdpgl6fsY",
"type": "video"
}
]
},
"2jo1r9O_rCnDwRv1_4Wo-": {
"title": "XSS",
"description": "Cross-Site Scripting (XSS) is a common web application vulnerability where attackers inject malicious scripts into content from trusted websites. These scripts execute in victims' browsers, potentially stealing sensitive data, hijacking user sessions, or defacing websites. XSS attacks come in three main types: stored (persistent), reflected (non-persistent), and DOM-based. Stored XSS permanently embeds malicious code in a server, while reflected XSS occurs when user input is immediately returned by a web application. DOM-based XSS manipulates the Document Object Model in the browser. Prevention strategies include input validation, output encoding, and implementing Content Security Policy headers to mitigate the risk of XSS vulnerabilities.\n\nVisit the following resources to learn more:",
Add content to cyber security roadmap (#6757) * Update dns.md - Fix the YouTube video link error and update the video title. * Update understand-cia-triad.md * Update comptia-security.md - Fix all broken links. - Update Exam Details. - Add new links. - Remove outdated links. * Update comptia-network.md - Update Exam Details. - Preparation Resources. - New links. * Update dnssec.md - summarized content. - relevant links. * Update apt.md - New section - Added a new link * Update comptia-a.md - Updated Professor Messer's link - New links added * Apply suggestions from code review * Update attck.md - new content. - relevant links. * Update src/data/roadmaps/cyber-security/content/attck@auR7fNyd77W2UA-PjXeJS.md * Update linux.md, comptia-linux.md and understand-the-osi-model.md Update linux.md - New Links - Remove Google Analytics parameters from link Update comptia-linux.md - Links updated Update understand-the-osi-model.md - New link * Update cissp.md - new resources links * Update src/data/roadmaps/cyber-security/content/cissp@BqvijNoRzSGYLCMP-6hhr.md * update basics-of-ids-and-ips.md - new links * update endpoint-security.md - new links * update edr.md - new text and links. update ssl-and-tls-basics.md - new links update ssl--tls.md - new links update dropbox.md - official link * ipsec.md - new content - new link kali-linux.md - new content linux.md - fix typo * Update src/data/roadmaps/cyber-security/content/kali-linux@w6wXkoLrv0_d-Ah0txUHd.md * change the CEH position to CISSP This is a suggestion, I believe that CEH appears as a highlight due to the larger space and this bothers many people. CISSP is a top professional-level certification in the field of cybersecurity and the the most respected certificate in the IT security field. He really deserves his place in the spotlight. * update xss.md, privilege-escalation.md, wlan.md and others update xss.md - new content update privilege-escalatio.md - new link update core-concepts-of-zero-trust.md - new link update zero-day.md - new content Note: This second zero-day topic is a subset of the "Attack Types and Differences" topic, so the content is minimal compared to the zero-day%40zqRaMmqcLfx400kJ-h0LO.md update wifi.md - new video link update wlan.md - new video links ( professor messer ) * update vpn.md, web-based-attacks-and-owasp.md update vpn.md - new links update web-based-attacks-and-owasp.md - new links * chore: update roadmap content json --------- Co-authored-by: dsh <daniel.s.holdsworth@gmail.com> Co-authored-by: Kamran Ahmed <kamranahmed.se@gmail.com> Co-authored-by: andreluis-oliveira <andreluis-oliveira@users.noreply.github.com>
4 months ago
"links": [
{
"title": "Cross Site Scripting (XSS) - OWASP",
"url": "https://owasp.org/www-community/attacks/xss/",
"type": "article"
},
{
"title": "Cross Site Scripting Prevention Cheat Sheet",
"url": "https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html",
"type": "article"
},
{
"title": "Cross-site Scripting",
"url": "https://www.youtube.com/watch?v=PKgw0CLZIhE",
"type": "video"
}
]
},
"P-Am25WJV8cFd_KsX7cdj": {
"title": "SQL Injection",
"description": "**SQL Injection** is a type of web application security vulnerability that allows an attacker to inject malicious SQL code into a web application's database, potentially leading to unauthorized data access, modification, or deletion.\n\nVisit the following resources to learn more:",
"links": [
{
"title": "PortSwigger - SQL Injection",
"url": "https://portswigger.net/web-security/sql-injection",
"type": "article"
},
{
"title": "SQL Injections are scary",
"url": "https://www.youtube.com/watch?v=2OPVViV-GQk",
"type": "video"
}
]
},
"pK2iRArULlK-B3iSVo4-n": {
"title": "CSRF",
"description": "Cross-Site Request Forgery (CSRF) is a type of web security vulnerability that allows an attacker to trick a user into performing actions on a web application without their consent. It occurs when a malicious website or link causes a user’s browser to send unauthorized requests to a different site where the user is authenticated, such as submitting a form or changing account settings. Since the requests are coming from the user’s authenticated session, the web application mistakenly trusts them, allowing the attacker to perform actions like transferring funds, changing passwords, or altering user data. CSRF attacks exploit the trust that a web application has in the user's browser, making it critical for developers to implement countermeasures like CSRF tokens, same-site cookie attributes, and user confirmation prompts to prevent unauthorized actions.\n\nLearn more from the following resources:",
"links": [
{
"title": "Cross-Site Request Forgery",
"url": "https://owasp.org/www-community/attacks/csrf",
"type": "article"
},
{
"title": "Cross-Site Request Forgery Explained",
"url": "https://www.youtube.com/watch?v=eWEgUcHPle0",
"type": "video"
}
]
},
"mIX8PsIGuwgPCGQZ6ok2H": {
"title": "Replay Attack",
"description": "A Replay Attack is a type of network attack where an attacker intercepts and retransmits legitimate communication data, often with the aim of gaining unauthorized access to a system or performing unauthorized actions. In this attack, the attacker captures a valid data transmission and then \"replays\" it later, without needing to decrypt or alter the data, to trick the recipient into thinking it's a legitimate request.\n\nVisit the following resources to learn more:",
"links": [
{
"title": "What Is a Replay Attack?",
"url": "https://usa.kaspersky.com/resource-center/definitions/replay-attack",
"type": "article"
}
]
},
"sMuKqf27y4iG0GrCdF5DN": {
"title": "Pass the Hash",
"description": "Pass the Hash (PtH) is a hacking technique that allows an attacker to authenticate to a remote server or service using the hashed value of a user's password, without needing to know the actual plaintext password. This method exploits weaknesses in the way some authentication protocols handle hashed credentials, particularly in Windows-based systems.\n\nVisit the following resources to learn more:",
"links": [
{
"title": "What is a pass-the-hash attack?",
"url": "https://www.crowdstrike.com/cybersecurity-101/pass-the-hash/",
"type": "article"
},
{
"title": "Pass the Hash Attack",
"url": "https://www.netwrix.com/pass_the_hash_attack_explained.html",
"type": "article"
}
]
},
"L0ROYh2DNlkybNDO2ezJY": {
"title": "Directory Traversal",
"description": "Directory Traversal, also known as Path Traversal, is a vulnerability that allows attackers to read files on a system without proper authorization. These attacks typically exploit unsecured paths using \"../\" (dot-dot-slash) sequences and their variations, or absolute file paths. The attack is also referred to as \"dot-dot-slash,\" \"directory climbing,\" or \"backtracking.\"\n\nWhile Directory Traversal is sometimes combined with other vulnerabilities like Local File Inclusion (LFI) or Remote File Inclusion (RFI), the key difference is that Directory Traversal doesn't execute code, whereas LFI and RFI usually do.\n\nVisit the following resources to learn more:",
"links": [
{
"title": "TryHackMe's room on Path Traversal & File Inclusion",
"url": "https://tryhackme.com/r/room/filepathtraversal",
"type": "course"
},
{
"title": "HackTheBox Academy's module on File Inclusion & Path Traversal",
"url": "https://academy.hackthebox.com/course/preview/file-inclusion",
"type": "course"
},
{
"title": "Portswigger's guide on File Path Traversal",
"url": "https://portswigger.net/web-security/file-path-traversal",
"type": "article"
},
{
"title": "OWASP's article on Path Traversal",
"url": "https://owasp.org/www-community/attacks/Path_Traversal",
"type": "article"
},
{
"title": "Acunetix's article on directory traversal",
"url": "https://www.acunetix.com/websitesecurity/directory-traversal/",
"type": "article"
}
]
},
"lv6fI3WeJawuCbwKtMRIh": {
"title": "Stakeholders",
"description": "Stakeholders are individuals, groups, or organizations with an interest or concern in a project, business, or initiative. They can affect or be affected by the organization's actions, objectives, and policies. In a business context, stakeholders typically include shareholders, employees, customers, suppliers, government agencies, local communities, and sometimes competitors. Effective stakeholder management involves identifying key stakeholders, understanding their needs and expectations, communicating effectively with them, and balancing their often competing interests. Stakeholder engagement is crucial for project success, risk management, and organizational reputation. In IT and cybersecurity projects, stakeholders might include end-users, IT staff, management, compliance officers, and external regulators, each with distinct concerns regarding system functionality, security, and compliance.\n\nVisit the following resources to learn more:",
"links": [
{
"title": "TryHackMe room on Cyber Governance and regulation",
"url": "https://tryhackme.com/r/room/cybergovernanceregulation",
"type": "course"
},
{
"title": "NIST Publication on Engineering Trustworthy Secure Systems",
"url": "https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-160v1r1.pdf",
"type": "article"
},
{
"title": "NIST Glossary",
"url": "https://csrc.nist.gov/glossary/term/stakeholder",
"type": "article"
}
]
},
"05tH6WhToC615JTFN-TPc": {
"title": "HR",
"description": "Human Resources (HR) plays a crucial role in an organization's cybersecurity efforts, bridging the gap between people and technology. HR is responsible for developing and implementing policies that promote a security-conscious culture, including acceptable use policies, security awareness training, and insider threat prevention programs. They manage the employee lifecycle, from secure onboarding processes that include background checks and security clearances, to offboarding procedures that ensure proper revocation of access rights. HR collaborates with IT and security teams to define job roles and responsibilities related to data access, helping to enforce the principle of least privilege. They also handle sensitive employee data, making HR systems potential targets for cyber attacks. As such, HR professionals need to be well-versed in data protection regulations and best practices for safeguarding personal information. By fostering a security-minded workforce and aligning human capital management with cybersecurity objectives, HR significantly contributes to an organization's overall security posture.\n\nLearn more from the following resources:",
"links": [
{
"title": "What is HR?",
"url": "https://www.investopedia.com/terms/h/humanresources.asp",
"type": "article"
},
{
"title": "What does HR actually do?",
"url": "https://www.lucidchart.com/blog/what-does-hr-do",
"type": "article"
}
]
},
"C5bCIdPi0gGkY_r4qqoXZ": {
"title": "Legal",
"description": "A legal department within an organization is responsible for handling all legal matters that affect the business, ensuring compliance with laws and regulations, and providing advice on various legal issues. Its primary functions include managing contracts, intellectual property, employment law, and regulatory compliance, as well as addressing disputes, litigation, and risk management. The legal department also plays a crucial role in corporate governance, ensuring that the company operates within the boundaries of the law while minimizing legal risks. In some cases, they work with external legal counsel for specialized legal matters, such as mergers and acquisitions or complex litigation.\n\nLearn more from the following resources:",
"links": [
{
"title": "Key functions of a legal team",
"url": "https://uk.practicallaw.thomsonreuters.com/w-009-3932?transitionType=Default&contextData=(sc.Default)&firstPage=true",
"type": "article"
},
{
"title": "The Legal Team’s Responsibility in Corporate Cybersecurity",
"url": "https://www.trustwave.com/en-us/resources/blogs/trustwave-blog/expert-insight-the-legal-teams-responsibility-in-corporate-cybersecurity/",
"type": "article"
}
]
},
"05Gbgy6aawYlYIx38u8DE": {
"title": "Compliance",
"description": "Compliance in cybersecurity refers to the adherence to laws, regulations, standards, and best practices designed to protect sensitive data and ensure the security of information systems. It encompasses a wide range of requirements that organizations must meet to safeguard their digital assets and maintain the trust of customers, partners, and regulatory bodies. Common compliance frameworks include GDPR for data protection in the EU, HIPAA for healthcare information in the US, PCI DSS for payment card industry, and ISO 27001 for information security management. Compliance often involves implementing specific security controls, conducting regular audits, maintaining documentation, and demonstrating ongoing commitment to security practices. While achieving compliance can be complex and resource-intensive, it is crucial for mitigating legal and financial risks, protecting reputation, and fostering a culture of security within organizations.\n\nLearn more from the following resources:",
"links": [
{
"title": "What is Cyber Security Compliance?",
"url": "https://www.comptia.org/content/articles/what-is-cybersecurity-compliance",
"type": "article"
},
{
"title": "Cyber Security Compliance 101",
"url": "https://sprinto.com/blog/cyber-security-compliance/",
"type": "article"
}
]
},
"s9tHpzYRj2HCImwQhnjFM": {
"title": "Management",
"description": "The Management Department in a company is responsible for overseeing the organization's overall operations, strategy, and performance. It typically consists of senior executives and managers who make critical decisions, set goals, and provide leadership across various functional areas. This department focuses on planning, organizing, directing, and controlling resources to achieve organizational objectives. Key responsibilities include developing business strategies, managing budgets, overseeing human resources, ensuring regulatory compliance, and driving organizational growth. The Management Department also plays a crucial role in fostering company culture, facilitating communication between different departments, and adapting the organization to changing market conditions and internal needs.\n\nLearn more from the following resources:",
"links": [
{
"title": "Who Holds the Ultimate Responsibility for Cyber Security?",
"url": "https://resolutionit.com/news/who-holds-the-ultimate-responsibility-for-cyber-security/",
"type": "article"
},
{
"title": "Cybersecurity – a responsibility of top management",
"url": "https://www.valmet.com/insights/articles/experts-voice/cybersecurity--a-responsibility-of-top-management/",
"type": "article"
}
]
},
"vVaBQ5VtsE_ZeXbCOF8ux": {
"title": "Cloud Skills and Knowledge",
"description": "Cloud skills and knowledge are essential for working effectively with cloud computing technologies and services, which provide scalable, on-demand resources over the internet. Core cloud skills include understanding the architecture and types of cloud deployments, such as public, private, and hybrid clouds, as well as the major service models: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). Knowledge of cloud platforms like AWS, Microsoft Azure, and Google Cloud is crucial, along with the ability to manage virtual machines, storage, networking, and databases in a cloud environment.\n\nSecurity in the cloud is a vital skill, encompassing encryption, identity and access management (IAM), compliance, and disaster recovery. Understanding DevOps practices, containerization (using tools like Docker and Kubernetes), and serverless computing also plays a significant role in cloud operations. Additionally, familiarity with cloud-native tools for automation, monitoring, and orchestration, as well as knowledge of cloud cost optimization and performance tuning, are important for maximizing cloud efficiency and ensuring a secure, scalable infrastructure.\n\nLearn more from the following resources:",
"links": [
{
"title": "7 Cloud Computing skills to know",
"url": "https://www.coursera.org/articles/cloud-computing-skills",
"type": "article"
},
{
"title": "What cloud skills are essential?",
"url": "https://www.youtube.com/watch?v=udKBDRcj178",
"type": "video"
}
]
},
"ThLsXkqLw--uddHz0spCH": {
"title": "Understand the Concept of Security in the Cloud",
"description": "Cloud security encompasses the measures, controls, policies, and technologies implemented to protect data, applications, and infrastructure associated with cloud computing environments. It involves securing data both in transit and at rest, managing access controls, ensuring compliance with regulations, and protecting against threats like data breaches, account hijacking, and DDoS attacks. Cloud security strategies often include encryption, multi-factor authentication, regular security audits, and shared responsibility models between cloud providers and customers. While cloud platforms offer advanced security features, organizations must also adapt their security practices to address the unique challenges of cloud environments, such as data sovereignty issues, shared infrastructure risks, and the need for continuous monitoring across distributed systems.\n\nLearn more from the following resources:",
"links": [
{
"title": "What is cloud security",
"url": "https://www.checkpoint.com/cyber-hub/cloud-security/what-is-cloud-security/",
"type": "article"
},
{
"title": "What is cloud security",
"url": "https://www.youtube.com/watch?v=jI8IKpjiCSM",
"type": "video"
}
]
},
"XL3FVeGFDhAl_gSol6Tjt": {
"title": "Understand the basics and general flow of deploying in the cloud",
"description": "Deploying to the cloud involves the process of making applications, services, or infrastructure available in cloud computing environments. It typically includes selecting a cloud provider (e.g., AWS, Azure, Google Cloud), configuring necessary resources (compute, storage, networking), and using deployment tools to push code or infrastructure definitions. Modern cloud deployments often leverage containerization, orchestration platforms like Kubernetes, and CI/CD pipelines for automated, consistent releases. Key considerations include scalability, security, cost optimization, and maintaining high availability. Cloud-native approaches, such as microservices architecture and serverless computing, are frequently employed to maximize cloud benefits. Effective cloud deployment strategies balance performance, reliability, and cost-efficiency while ensuring compliance with relevant regulations and organizational policies.\n\nLearn more from the following resources:",
"links": [
{
"title": "What is cloud deployment?",
"url": "https://www.cognizant.com/us/en/glossary/cloud-deployment",
"type": "article"
},
{
"title": "Deploying a Website to AWS in Under 1 Minute",
"url": "https://www.youtube.com/watch?v=goiW0g7A0WE",
"type": "video"
}
]
},
"KGjYM4Onr5GQf1Yv9IabI": {
"title": "Understand the differences between cloud and on-premises",
"description": "Cloud computing involves using remote servers hosted on the internet to store, manage, and process data, rather than a local server or personal computer. It offers scalability, flexibility, and often lower upfront costs. Users can access resources on-demand and pay for what they use. Cloud solutions provide easier remote access and automatic updates but may raise data security and compliance concerns. On-premises (or on-prem) refers to installing and running software on computers and servers located within an organization's physical premises. This approach offers more direct control over data and systems, potentially better performance for certain applications, and can address specific regulatory requirements. However, it typically requires higher upfront investment, ongoing maintenance, and may be less scalable than cloud solutions. Many organizations now adopt hybrid approaches, combining both cloud and on-premises solutions to balance their specific needs for control, cost-efficiency, and flexibility.\n\nLearn more of the following resources:",
"links": [
{
"title": "What is On-Premises Data Centers vs. Cloud Computing?",
"url": "https://www.hpe.com/uk/en/what-is/on-premises-vs-cloud.html",
"type": "article"
},
{
"title": "On Premise vs Cloud : Is Cloud Computing the future?",
"url": "https://www.youtube.com/watch?v=FuPh2o-GMDA",
"type": "video"
}
]
},
"RJctUpvlUJGAdwBNtDSXw": {
"title": "Understand the concept of Infrastructure as Cloud",
"description": "Infrastructure as Code (IaC) is a practice of managing and provisioning computing infrastructure through machine-readable definition files, rather than physical hardware configuration or interactive configuration tools. It treats infrastructure configuration as software, allowing it to be version-controlled, tested, and automatically deployed. IaC enables consistent, repeatable environment setups, reduces manual errors, facilitates rapid scaling and disaster recovery, and improves collaboration between development and operations teams. Popular IaC tools include Terraform, AWS CloudFormation, and Ansible, which use declarative or imperative approaches to define infrastructure states. This approach is fundamental to DevOps practices, cloud computing, and the efficient management of complex, dynamic IT environments.\n\nLearn more from the following resources:",
"links": [
{
"title": "Terraform Roadmap",
"url": "https://roadmap.sh/terraform",
"type": "article"
}
]
},
"-83ltMEl3le3yD68OFnTM": {
"title": "Understand the Concept of Serverless",
"description": "Serverless computing is a cloud execution model where the cloud provider dynamically manages server allocation, allowing developers to focus solely on writing code. It offers automatic scaling, pay-per-use billing based on actual compute time, and typically operates through event-driven, stateless functions designed for quick execution. Popular platforms include AWS Lambda, Azure Functions, and Google Cloud Functions. While serverless computing provides reduced operational complexity and cost efficiency, particularly for microservices and event-driven applications, it may face challenges with long-running tasks, cold starts, and potential vendor lock-in. Despite its name, servers are still involved, but their management is abstracted away from the developer, simplifying the deployment and scaling of applications.\n\nLearn more from the following resources:",
"links": [
{
"title": "What is serverless computing?",
"url": "https://www.cloudflare.com/en-gb/learning/serverless/what-is-serverless/",
"type": "article"
},
{
"title": "What is serverless?",
"url": "https://www.youtube.com/watch?v=vxJobGtqKVM",
"type": "video"
}
]
},
"sVw5KVNxPEatBRKb2ZbS_": {
"title": "SaaS",
"description": "Software as a Service (SaaS) is a cloud-based model where software applications are delivered to users over the internet, eliminating the need for local installation or maintenance. SaaS providers manage infrastructure, security, and updates, allowing users to access the software on a subscription basis from any device with an internet connection. This model offers scalability, reduced upfront costs, and easy integration with other cloud services, making it a popular choice for businesses looking for flexibility and efficiency in software deployment.\n\nLearn more from the following resources:",
"links": [
{
"title": "iWhat is SaaS? Microsoft",
"url": "https://azure.microsoft.com/en-us/resources/cloud-computing-dictionary/what-is-saas",
"type": "article"
},
{
"title": "What is SaaS?",
"url": "https://www.youtube.com/watch?v=UEHdYNXiIUU",
"type": "video"
}
]
},
"PQ_np6O-4PK2V-r5lywQg": {
"title": "PaaS",
"description": "Platform as a Service, or **PaaS**, is a type of cloud computing service that provides a platform for developers to create, deploy, and maintain software applications. PaaS combines the software development platform and the underlying infrastructure, such as servers, storage, and networking resources. This enables developers to focus on writing and managing their applications, without worrying about the underlying infrastructure's setup, maintenance, and scalability. PaaS simplifies the application development and deployment process by providing a platform and its associated tools, saving developers time and resources. By leveraging PaaS, organizations can focus on their core competencies and build innovative applications without worrying about infrastructure management.\n\nLearn more from the following resources:",
"links": [
{
"title": "What is PaaS?",
"url": "https://azure.microsoft.com/en-us/resources/cloud-computing-dictionary/what-is-paas",
"type": "article"
},
{
"title": "PaaS Explained",
"url": "https://www.youtube.com/watch?v=QAbqJzd0PEE",
"type": "video"
}
]
},
"1nPifNUm-udLChIqLC_uK": {
"title": "IaaS",
"description": "Infrastructure as a Service (IaaS) is a type of cloud computing service that offers virtualized computing resources over the internet. Essentially, it enables you to rent IT infrastructure—such as virtual machines (VMs), storage, and networking—on a pay-as-you-go basis instead of buying and maintaining your own physical hardware.\n\nLearn more from the following resources:",
"links": [
{
"title": "What is IaaS?",
"url": "https://azure.microsoft.com/en-gb/resources/cloud-computing-dictionary/what-is-iaas",
"type": "article"
},
{
"title": "IaaS Explained",
"url": "https://www.youtube.com/watch?v=XRdmfo4M_YA",
"type": "video"
}
]
},
"ecpMKP1cQXXsfKETDUrSf": {
"title": "Private",
"description": "A **private cloud** is a cloud computing environment dedicated to a single organization, offering the same benefits as public clouds, such as scalability and self-service, but with greater control and customization. It is hosted either on-premises or by a third-party provider, and it ensures that the organization's data and applications are isolated from other entities. This setup enhances security and compliance, making it ideal for businesses with specific regulatory requirements or high-security needs.\n\nLearn more from the following resources:",
"links": [
{
"title": "What is a private cloud?",
"url": "https://aws.amazon.com/what-is/private-cloud/",
"type": "article"
},
{
"title": "Private cloud rules",
"url": "https://www.youtube.com/watch?v=Tzqy8lW0bk4",
"type": "video"
}
]
},
"ZDj7KBuyZsKyEMZViMoXW": {
"title": "Public",
"description": "A **public cloud** is a computing service offered by third-party providers over the internet, where resources such as servers, storage, and applications are shared among multiple users or organizations. It is typically managed by the cloud service provider and offers scalability, cost-effectiveness, and ease of access, with users paying only for the resources they consume. Public clouds are ideal for businesses and individuals who need flexible, on-demand computing resources without the overhead of managing physical infrastructure. Popular examples include Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP).\n\nLearn more from the following resources:",
"links": [
{
"title": "What is a public cloud? Microsoft",
"url": "https://azure.microsoft.com/en-gb/resources/cloud-computing-dictionary/what-is-a-public-cloud",
"type": "article"
},
{
"title": "What is a public cloud?",
"url": "https://www.youtube.com/watch?v=KaCyfQ7luVY",
"type": "video"
}
]
},
"ywRlTuTfh5-NHnv4ZyW1t": {
"title": "Hybrid",
"description": "Hybrid cloud architecture combines elements of both public and private cloud environments, allowing organizations to leverage the benefits of each while maintaining flexibility and control. This model enables businesses to keep sensitive data and critical applications in a private cloud or on-premises infrastructure while utilizing public cloud resources for less sensitive operations or to handle peak demand. From a cybersecurity perspective, hybrid clouds present unique challenges and opportunities. They require careful management of data flow between environments, robust identity and access management across multiple platforms, and consistent security policies. The complexity of hybrid setups can increase the attack surface, necessitating advanced security tools and practices such as cloud access security brokers (CASBs) and multi-factor authentication. However, hybrid clouds also offer advantages like the ability to implement data residency requirements and maintain greater control over critical assets. Effective security in hybrid environments demands a holistic approach, encompassing cloud-native security tools, traditional security measures, and strong governance to ensure seamless protection across all infrastructure components.\n\nLearn more from the following resources:",
"links": [
{
"title": "What is a Hybrid Cloud?",
"url": "https://cloud.google.com/learn/what-is-hybrid-cloud",
"type": "article"
},
{
"title": "What is Hybrid cloud?",
"url": "https://www.youtube.com/watch?v=3kGFBBy3Lyg",
"type": "video"
}
]
},
"0LztOTc3NG3OujCVwlcVU": {
"title": "AWS",
"description": "Amazon Web Services (AWS) is a leading cloud computing platform provided by Amazon. Launched in 2006, AWS offers an extensive range of on-demand IT services, such as computing power, storage, databases, networking, and security, which enable organizations to develop, deploy, and scale applications and infrastructure quickly and cost-effectively.\n\nLearn more from the following resources:",
"links": [
{
"title": "AWS Complete Tutorial",
"url": "https://www.youtube.com/watch?v=B8i49C8fC3E",
"type": "course"
},
{
"title": "AWS Roadmap",
"url": "https://roadmap.sh/aws",
"type": "article"
},
{
"title": "AWS Website",
"url": "https://aws.amazon.com",
"type": "article"
},
{
"title": "How to create an AWS account",
"url": "https://grapplingdev.com/tutorials/how-to-create-aws-account",
"type": "article"
},
{
"title": "AWS Overview",
"url": "https://www.youtube.com/watch?v=a9__D53WsUs",
"type": "video"
}
]
},
"tOLA5QPKi6LHl1ljsOMwX": {
"title": "GCP",
"description": "Google Cloud Platform (GCP) is a collection of cloud computing services offered by Google, which provides infrastructure and platform services to businesses or individuals. It enables users to either build their own applications or services on the provided resources, or utilize ready-to-use services provided by Google. GCP covers a wide range of services, including (but not limited to) compute, storage, databases, networking, and many more.\n\nLearn more from the following resources:",
"links": [
{
"title": "Google Cloud Platform Video Course",
"url": "https://www.youtube.com/watch?v=fZOz13joN0o",
"type": "course"
},
{
"title": "Google Cloud Platform",
"url": "https://cloud.google.com",
"type": "article"
}
]
},
"GklBi7Qx1akN_cS9UMrha": {
"title": "Azure",
"description": "Azure is Microsoft's comprehensive cloud computing platform that offers a wide range of services for building, deploying, and managing applications. It provides infrastructure as a service (IaaS), platform as a service (PaaS), and software as a service (SaaS) solutions, supporting various programming languages, tools, and frameworks. Azure's services include virtual machines, storage, databases, AI and machine learning, IoT, and more. It offers global data center coverage, integrated DevOps tools, and robust security features, making it a versatile platform for businesses of all sizes to innovate, scale, and transform their operations in the cloud.\n\nLearn more from the following resources:",
"links": [
{
"title": "Azure Website",
"url": "https://azure.microsoft.com",
"type": "article"
},
{
"title": "daily.dev Azure Feed",
"url": "https://app.daily.dev/tags/azure",
"type": "article"
},
{
"title": "Azure DevOps Tutorial for Beginners",
"url": "https://www.youtube.com/watch?v=4BibQ69MD8c",
"type": "video"
}
]
},
"2jsTgT7k8MeaDtx6RJhOP": {
"title": "S3",
"description": "Amazon Simple Storage Service (S3) is a scalable, object-based cloud storage service provided by AWS. It allows users to store and retrieve large amounts of data, such as files, backups, or media content, with high durability and availability. S3 is designed for flexibility, enabling users to access data from anywhere via the internet while offering security features like encryption and access controls. It is widely used for data storage, content distribution, disaster recovery, and big data analytics, providing cost-effective, scalable storage for a variety of applications.\n\nLearn more from the following resources:",
"links": [
{
"title": "AWS S3 Website",
"url": "https://aws.amazon.com/pm/serv-s3/?gclid=Cj0KCQjwrp-3BhDgARIsAEWJ6SyhAtgc3NJbsxaAXVbWEOW5gG-XFH51jIc8SxahYSxNJ501l9soUA0aAnEjEALw_wcB&trk=777b3ec4-de01-41fb-aa63-cde3d034a89e&sc_channel=ps&ef_id=Cj0KCQjwrp-3BhDgARIsAEWJ6SyhAtgc3NJbsxaAXVbWEOW5gG-XFH51jIc8SxahYSxNJ501l9soUA0aAnEjEALw_wcB:G:s&s_kwcid=AL!4422!3!638364429346!e!!g!!aws%20s3!19096959014!142655567183",
"type": "article"
},
{
"title": "Getting started with AWS S3",
"url": "https://www.youtube.com/watch?v=e6w9LwZJFIA",
"type": "video"
}
]
},
"9OastXVfiG1YRMm68ecnn": {
"title": "Dropbox",
"description": "Dropbox is a widely used cloud storage service that allows you to store, access, and share files, documents, and media with ease across various devices. Launched in 2007, Dropbox has become one of the most popular cloud storage solutions, catering to both individual users and businesses. The service is available on multiple platforms, including Windows, macOS, Linux, iOS, and Android.\n\nLearn more from the following resources:",
"links": [
{
"title": "Dropbox Website",
"url": "https://dropbox.com",
"type": "article"
}
]
},
"4Man3Bd-ySLFlAdxbLOHw": {
"title": "Box",
"description": "Box is a popular cloud storage service that provides individuals and businesses with a platform to securely store, share, and access files and documents from any device. Box is known for its emphasis on security and collaboration features, making it an ideal choice for businesses who want a secure way to share and collaborate on files with their teams.\n\nLearn more from the following resources:",
"links": [
{
"title": "Box Website",
"url": "https://www.box.com/en-gb/home",
"type": "article"
},
{
"title": "Box Cloud Storage Review 2024",
"url": "https://www.youtube.com/watch?v=ktNDLO1T96c",
"type": "video"
}
]
},
"MWqnhDKm9jXvDDjkeVNxm": {
"title": "OneDrive",
"description": "**OneDrive** is a cloud storage service provided by Microsoft that allows users to store, sync, and share files and folders online. It integrates seamlessly with Windows and Microsoft 365 applications, enabling users to access their data from any device with an internet connection. OneDrive offers features such as real-time collaboration, file versioning, and automatic backup, making it convenient for personal and professional use. It also provides options for sharing files with others and controlling access permissions, enhancing productivity and data management.\n\nLearn more from the following resources:",
"links": [
{
"title": "OneDrive Website",
"url": "https://onedrive.live.com",
"type": "article"
},
{
"title": "Microsoft OneDrive Tutorial",
"url": "https://www.youtube.com/watch?v=qgw01w0iYjA",
"type": "video"
}
]
},
"fTZ4PqH-AMhYA_65w4wFO": {
"title": "Google Drive",
"description": "Google Drive is a cloud-based storage solution provided by Google, which offers users the ability to store, share, and collaborate on files and documents across different platforms and devices. It is integrated with Google's productivity suite, including Google Docs, Sheets, Slides, and Forms, allowing seamless collaboration with team members in real-time.\n\nLearn more from the following resources:",
"links": [
{
"title": "Google Drive Website",
"url": "https://drive.google.com",
"type": "article"
}
]
},
"Wqy6ki13hP5c0VhGYEhHj": {
"title": "iCloud",
"description": "iCloud is a cloud storage and cloud computing service provided by Apple Inc. It allows users to store data, such as documents, photos, and music, on remote servers and synchronize them across their Apple devices, including iPhones, iPads, and MacBooks.\n\nLearn more from the following resources:",
"links": [
{
"title": "iCloud Website",
"url": "https://www.icloud.com/",
"type": "article"
}
]
},
"_RnuQ7952N8GWZfPD60sJ": {
"title": "Programming Skills",
"description": "Programming knowledge is a fundamental skill for professionals in the cybersecurity field, as it enables them to build, assess, and defend computer systems, networks, and applications. Having a strong foundation in programming languages, concepts, and techniques is essential for identifying potential security threats, writing secure code, and implementing robust security measures.\n\n* **Python**: As an easy-to-learn high-level language, Python is commonly used for tasks like automation, scripting, and data analysis. It also contains a plethora of libraries and frameworks for cybersecurity, making it highly valuable for security professionals.\n* **C/C++**: These two languages are foundational for understanding system and application-level vulnerabilities since most operating systems are written in C and C++. Knowledge of these languages allows cybersecurity experts to analyze source code, identify potential exploits, and create secure software.\n* **Java**: As a popular and versatile programming language, Java is often used in web applications and enterprise environments. Java knowledge equips cybersecurity professionals to understand and mitigate potential security flaws in Java-based applications.\n* **JavaScript**: With its ubiquity in modern web browsers, JavaScript is crucial for understanding and protecting against web security vulnerabilities, such as Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) attacks.\n* **Ruby**: Ruby has a strong foothold in web application development and is utilized for scripting and automation, just like Python. Familiarity with Ruby may give cybersecurity professionals an edge in certain environments.\n\nAcquiring programming knowledge in cybersecurity can help you stay on top of the latest threats, develop secure software, and implement effective countermeasures. As you progress in your cybersecurity career, you'll find that your programming skills will continually evolve and your understanding of various languages, concepts, and techniques will expand.",
"links": []
},
"XiHvGy--OkPFfJeKA6-LP": {
"title": "Python",
"description": "**Python** is a high-level, interpreted programming language known for its readability, simplicity, and versatility. It supports multiple programming paradigms, including procedural, object-oriented, and functional programming. Python's extensive standard library and a rich ecosystem of third-party packages make it suitable for a wide range of applications, from web development and data analysis to machine learning and automation. Its straightforward syntax and dynamic typing facilitate rapid development and prototyping, making it popular among beginners and experienced developers alike.\n\nLearn more from the following resources:",
"links": [
{
"title": "Python Full Course 2024",
"url": "https://www.youtube.com/watch?v=ix9cRaBkVe0",
"type": "course"
},
{
"title": "Python Roadmap",
"url": "https://roadmap.sh/python",
"type": "article"
},
{
"title": "Python in 100 Seconds",
"url": "https://www.youtube.com/watch?v=x7X9w_GIm1s",
"type": "video"
}
]
},
"jehVvdz8BnruKjqHMKu5v": {
"title": "Go",
"description": "Go, also known as Golang, is an open-source programming language created by Google. Launched in 2009, it was designed to overcome issues present in other languages and offer a more secure, robust, and efficient development experience.\n\nLearn more from the following resources:",
"links": [
{
"title": "Go tutorial for beginners",
"url": "https://www.youtube.com/watch?v=yyUHQIec83I",
"type": "course"
},
{
"title": "Go Roadmap",
"url": "https://roadmap.sh/golang",
"type": "article"
},
{
"title": "Go in 100 seconds",
"url": "https://www.youtube.com/watch?v=446E-r0rXHI",
"type": "video"
}
]
},
"2SThr6mHpX6rpW-gmsqxG": {
"title": "JavaScript",
"description": "JavaScript (often abbreviated as JS) is a widely-used, high-level programming language. It is predominantly used for creating and enhancing the interactive elements of web pages, making it an integral part of the web development space. JavaScript was initially known as LiveScript and was created by Brendan Eich in 1995, but it later got renamed to JavaScript.\n\nLearn more from the following resources:",
"links": [
{
"title": "JavaScript Roadmap",
"url": "https://roadmap.sh/javascript",
"type": "article"
},
{
"title": "What is JavaScript?",
"url": "https://developer.mozilla.org/en-US/docs/Learn/JavaScript/First_steps/What_is_JavaScript",
"type": "article"
},
{
"title": "100 JavaScript concepts you need to know",
"url": "https://www.youtube.com/watch?v=lkIFF4maKMU",
"type": "video"
}
]
},
"8jj9hpe9jQIgCc8Txyw3O": {
"title": "C++",
"description": "C++ is a widely-used, high-level programming language that evolved from the earlier C programming language. Developed by Bjarne Stroustrup in 1985 at Bell Labs, C++ provides object-oriented features and low-level memory manipulation, making it an essential language for many fields, including game development, high-performance systems, and cybersecurity.\n\nLearn more form the following resources:",
"links": [
{
"title": "C++ Full Course - BroCode",
"url": "https://www.youtube.com/watch?v=-TkoO8Z07hI",
"type": "course"
},
{
"title": "C++ Introduction",
"url": "https://www.w3schools.com/cpp/cpp_intro.asp",
"type": "article"
}
]
},
"tao0Bb_JR0Ubl62HO8plp": {
"title": "Bash",
"description": "Bash (Bourne Again Shell) is a widely-used Unix shell and scripting language that acts as a command-line interface for executing commands and organizing files on your computer. It allows users to interact with the system's operating system by typing text commands, serving as an alternative to the graphical user interface (GUI). Bash, created as a free and improved version of the original Bourne Shell (`sh`), is the default shell in many Unix-based systems, including Linux, macOS, and the Windows Subsystem for Linux (WSL).\n\nLearn more from the following resources:",
"links": [
{
"title": "Beginners Guide To The Bash Terminal",
"url": "https://www.youtube.com/watch?v=oxuRxtrO2Ag",
"type": "course"
},
{
"title": "Start learning bash",
"url": "https://linuxhandbook.com/bash/",
"type": "course"
},
{
"title": "Bash in 100 Seconds",
"url": "https://www.youtube.com/watch?v=I4EWvMFj37g",
"type": "video"
}
]
},
"paY9x2VJA98FNGBFGRXp2": {
"title": "Power Shell",
"description": "**PowerShell** is a task automation and configuration management framework from Microsoft, consisting of a command-line shell and an associated scripting language. It is widely used for system administration, enabling administrators to automate tasks, manage systems, and configure services both on-premises and in cloud environments. PowerShell supports complex scripting with its access to .NET libraries, making it powerful for automating processes, managing network configurations, and interacting with APIs. It also plays a critical role in cybersecurity, as attackers can use PowerShell for malicious purposes, while defenders use it for forensic analysis and system management.\n\nLearn more from the following resources:",
"links": [
{
"title": "Learning PowerShell GitHub Repository",
"url": "https://github.com/PowerShell/PowerShell/tree/master/docs/learning-powershell",
"type": "opensource"
},
{
"title": "PowerShell.org",
"url": "https://powershell.org/",
"type": "article"
},
{
"title": "Microsoft's Official PowerShell Documentation",
"url": "https://docs.microsoft.com/en-us/powershell/",
"type": "article"
},
{
"title": "PowerShell Course",
"url": "https://www.youtube.com/watch?v=ZOoCaWyifmI",
"type": "video"
}
]
},
"Jd9t8e9r29dHRsN40dDOk": {
"title": "GTFOBINS",
"description": "GTFOBins (GTFOBINS) is a curated list of Unix binaries that can be exploited by attackers to bypass local security restrictions on a misconfigured system. It provides a detailed index of commands and scripts, demonstrating how certain binaries, when used improperly, can enable privilege escalation, file manipulation, and other unauthorized activities, thus serving as a resource for both security professionals to understand potential vulnerabilities and for attackers to identify and exploit weaknesses.\n\nLearn more from the following resources:",
"links": [
{
"title": "GTFOBins/GTFOBins.github.io",
"url": "https://gtfobins.github.io/",
"type": "opensource"
},
{
"title": "Mastering Privilege Escalation: A Comprehensive Guide on GTFOBins",
"url": "https://www.youtube.com/watch?v=gx6CTtWohLQ",
"type": "video"
}
]
},
"Rnpx7VkhrBkSQTni6UuTR": {
"title": "WADCOMS",
"description": "WADcoms (Web Application Dangerous Commands) is a comprehensive database of dangerous web application commands and patterns that can be exploited to compromise web security. It offers a catalog of potentially harmful commands and their contexts, helping security professionals identify and mitigate risks associated with web applications by understanding how these commands can be misused for attacks like SQL injection, cross-site scripting (XSS), and remote code execution (RCE).\n\nLearn more from the following resources:",
"links": [
{
"title": "WADComs/WADComs.github.io",
"url": "https://wadcoms.github.io/",
"type": "opensource"
},
{
"title": "WADComs: Windows/Active Directory Interactive Cheat Sheet",
"url": "https://john-woodman.com/research/wadcoms/",
"type": "article"
}
]
}
}