Add content to Cyber security roadmap (#6978)

* 57 topics copy * 28 topics * Update iaas@1nPifNUm-udLChIqLC_uK.md * 18 topics * adding links to 20 topics * links added to 44 topics * links added to 67 topics * completed roadmap, no empty topics remain * mesh topic links * last 5 topics --------- Co-authored-by: Kamran Ahmed <kamranahmed.se@gmail.com>
4 months ago · ee143d8b6c
parent 7cf4618634
commit ee143d8b6c
143 changed files with 681 additions and 3187 deletions
--- a/src/data/roadmaps/cyber-security/content/acl@35oCRzhzpVfitQPL4K9KC.md
+++ b/src/data/roadmaps/cyber-security/content/acl@35oCRzhzpVfitQPL4K9KC.md
@ -0,0 +1,8 @@
 # ACL
 An Access Control List (ACL) is a security mechanism used to define which users or system processes are granted access to objects, such as files, directories, or network resources, and what operations they can perform on those objects. ACLs function by maintaining a list of permissions attached to each object, specifying the access rights of various entities—like users, groups, or network traffic—thereby providing fine-grained control over who can read, write, execute, or modify the resources. This method is essential in enforcing security policies, reducing unauthorized access, and ensuring that only legitimate users can interact with sensitive data or systems.
 Learn more from the following resources:
 - [@article@Access Control List: Definition, Types & Usages](https://www.okta.com/uk/identity-101/access-control-list/)
 - [@video@Access Control Lists](https://www.youtube.com/watch?v=IwLyr0mKK1w)
--- a/src/data/roadmaps/cyber-security/content/acls@8JM95sonFUhZCdaynUA_M.md
+++ b/src/data/roadmaps/cyber-security/content/acls@8JM95sonFUhZCdaynUA_M.md
@ -1,39 +1,8 @@
 # ACLs
-Access Control Lists (ACLs) act as an essential part of an organization's security infrastructure by helping to manage access rights to resources and maintain security between users, groups, and systems.
+An Access Control List (ACL) is a security mechanism used to define which users or system processes are granted access to objects, such as files, directories, or network resources, and what operations they can perform on those objects. ACLs function by maintaining a list of permissions attached to each object, specifying the access rights of various entities—like users, groups, or network traffic—thereby providing fine-grained control over who can read, write, execute, or modify the resources. This method is essential in enforcing security policies, reducing unauthorized access, and ensuring that only legitimate users can interact with sensitive data or systems.
-In this section, we will discuss the following:
+Learn more from the following resources:
- What are Access Control Lists
+- [@article@Access Control List: Definition, Types & Usages](https://www.okta.com/uk/identity-101/access-control-list/)
- Types of ACLs
+- [@video@Access Control Lists](https://www.youtube.com/watch?v=IwLyr0mKK1w)
 - How to implement and administer ACLs
 ## What are Access Control Lists
 Access Control Lists are rule sets that define which user, group, or system has access to specific resources and determine what type of access they have (e.g., read or write). ACLs act as a barrier to prevent unauthorized access to sensitive data and systems; this can help maintain confidentiality, integrity, and availability of your organization's critical assets.
 ## Types of ACLs
 There are two primary types of ACLs: Discretionary and Mandatory.
 - **Discretionary Access Control Lists (DACLs)**  
  DACLs allow the owner of a resource to determine who can gain access to the resource, and the level of access they can have. For example, a user or a group of users may have read access rights to a particular file, whereas another group may have full control over the file.
 - **Mandatory Access Control Lists (MACLs)**  
  MACLs rely on predefined security labels or classifications to enforce access control. In this case, resources are assigned security labels, and users or systems are given security clearances. Access is granted only if the user's security clearance level matches the resource label.
 ## Implementing and Administering ACLs
 Here are some best practices you can follow when implementing and administering Access Control Lists:
 - **Define clear access policies**: Establish clear rules and guidelines for accessing resources, such as who can access specific resources and what type of access they can have.
 - **Use Role-Based Access Control (RBAC)**: Assign permissions to roles instead of individual users. This will help simplify the ACL management process.
 - **Regular audits and reviews**: Periodically review and update the ACLs to ensure that access permissions are aligned with business requirements and security policies.
 - **Apply the principle of least privilege**: Grant users the minimum privileges they need to perform their tasks.
 - **Maintain a change management process**: Document all changes to ACLs, including the date of change, the reason for the change, and the individual responsible for executing the change.
 Remember that a well-implemented and maintained ACL system can significantly reduce the risks associated with unauthorized access to your organization's critical assets.
--- a/src/data/roadmaps/cyber-security/content/antimalware@9QtY1hMJ7NKLFztYK-mHY.md
+++ b/src/data/roadmaps/cyber-security/content/antimalware@9QtY1hMJ7NKLFztYK-mHY.md
@ -0,0 +1,8 @@
 # Anti-malware
 Anti-malware is a type of software designed to detect, prevent, and remove malicious software, such as viruses, worms, trojans, ransomware, and spyware, from computer systems. By continuously scanning files, applications, and incoming data, anti-malware solutions protect devices from a wide range of threats that can compromise system integrity, steal sensitive information, or disrupt operations. Advanced anti-malware programs utilize real-time monitoring, heuristic analysis, and behavioral detection techniques to identify and neutralize both known and emerging threats, ensuring that systems remain secure against evolving cyber attacks.
 Learn more from the following resources:
 - [@video@How Does Antivirus and Antimalware Software Work?](https://www.youtube.com/watch?v=bTU1jbVXlmM)
 - [@article@What is antimalware?](https://riskxchange.co/1006974/cybersecurity-what-is-anti-malware/)
--- a/src/data/roadmaps/cyber-security/content/antivirus@3140n5prZYySsuBHjqGOJ.md
+++ b/src/data/roadmaps/cyber-security/content/antivirus@3140n5prZYySsuBHjqGOJ.md
@ -0,0 +1,8 @@
 # Antivirus
 Antivirus software is a specialized program designed to detect, prevent, and remove malicious software, such as viruses, worms, and trojans, from computer systems. It works by scanning files and programs for known malware signatures, monitoring system behavior for suspicious activity, and providing real-time protection against potential threats. Regular updates are essential for antivirus software to recognize and defend against the latest threats. While it is a critical component of cybersecurity, antivirus solutions are often part of a broader security strategy that includes firewalls, anti-malware tools, and user education to protect against a wide range of cyber threats.
 Learn more from the following resources:
 - [@video@What is an antivirus and how does it keep us safe?](https://www.youtube.com/watch?v=jW626WMWNAE)
 - [@article@What is antivirus software?](https://www.webroot.com/gb/en/resources/tips-articles/what-is-anti-virus-software)
--- a/src/data/roadmaps/cyber-security/content/anyrun@GZHFR43UzN0WIIxGKZOdX.md
+++ b/src/data/roadmaps/cyber-security/content/anyrun@GZHFR43UzN0WIIxGKZOdX.md
@ -0,0 +1,8 @@
 # ANY.RUN
 ANY.RUN is an interactive online malware analysis platform that allows users to safely execute and analyze suspicious files and URLs in a controlled, virtualized environment. This sandbox service provides real-time insights into the behavior of potentially malicious software, such as how it interacts with the system, what files it modifies, and what network connections it attempts to make. Users can observe and control the analysis process, making it a valuable tool for cybersecurity professionals to identify and understand new threats, assess their impact, and develop appropriate countermeasures. ANY.RUN is particularly useful for dynamic analysis, enabling a deeper understanding of malware behavior in real-time.
 Learn more from the following resources:
 - [@official@ANY.RUN Website](https://any.run/)
 - [@video@Malware analysis with ANY.RUN](https://www.youtube.com/watch?v=QH_u7DHKzzI)
--- a/src/data/roadmaps/cyber-security/content/apt@l0BvDtwWoRSEjm6O0WDPy.md
+++ b/src/data/roadmaps/cyber-security/content/apt@l0BvDtwWoRSEjm6O0WDPy.md
@ -2,26 +2,7 @@
 Advanced Persistent Threats, or APTs, are a class of cyber threats characterized by their persistence over a long period, extensive resources, and high level of sophistication. Often associated with nation-state actors, organized cybercrime groups, and well-funded hackers, APTs are primarily focused on targeting high-value assets, such as critical infrastructure, financial systems, and government agencies.
 ## Key Aspects of APT
 - **Persistence**: APTs are designed to maintain a low profile and operate under the radar for extended periods. Hackers use advanced techniques to maintain access and control over their targets, and continually adapt and evolve in order to avoid being discovered.
 - **Sophistication**: APTs are known for employing a wide range of techniques and tactics to infiltrate and exploit their targets, including zero-day vulnerabilities, spear-phishing, social engineering, and advanced malware. The level of expertise behind APTs is typically higher than your average cybercriminal.
 - **Motivation**: APTs often have significant resources behind them, which allows for sustained cyber campaigns against specific targets. The motivation can be monetary gain, espionage, or even maintaining a competitive edge in the marketplace. APTs can also be used to sow chaos and destabilize geopolitical rivals.
 ## Detecting and Mitigating APTs
 Due to the sophisticated and persistent nature of APTs, they can be challenging to detect and protect against. However, implementing several best practices can help organizations mitigate the risk and impact of APTs:
 - Adopt a proactive approach to cyber security, including continuous network monitoring, threat hunting, and regular assessments.
 - Implement a robust set of defense-in-depth security measures, including intrusion detection systems (IDS), firewalls, and access controls.
 - Train employees on cybersecurity awareness and how to spot and respond to cyber threats.
 - Keep systems updated and patched to prevent exploitation of known vulnerabilities.
 - Employ advanced threat intelligence solutions to identify and anticipate potential APT campaigns.
 APT attacks can be damaging and disruptive to organizations, but understanding the nature of these threats and implementing a comprehensive security strategy can help minimize the risk and protect valuable assets. Remember, APTs are not just a concern for large enterprises and governments; organizations of all sizes can be targeted. Staying vigilant and proactive is key to staying safe from these advanced threats.
 Learn more from the following resources:
- [@article@What Are Advanced Persistent Threats? - IBM](https://www.ibm.com/topics/advanced-persistent-threats)
+- [@video@What is an Advanced Persistent Threat?](https://www.youtube.com/watch?v=sGthMsDlqew)
 - [@article@Advanced Persistent Threat (APT)](https://www.crowdstrike.com/cybersecurity-101/advanced-persistent-threat-apt/)
--- a/src/data/roadmaps/cyber-security/content/arp@M52V7hmG4ORf4TIVw3W3J.md
+++ b/src/data/roadmaps/cyber-security/content/arp@M52V7hmG4ORf4TIVw3W3J.md
@ -2,18 +2,11 @@
 ARP is a protocol used by the Internet Protocol (IP) to map an IP address to a physical address, also known as a Media Access Control (MAC) address. ARP is essential for routing data between devices in a Local Area Network (LAN) as it allows for the translation of IP addresses to specific hardware on the network.
 ## How It Works
 When a device wants to communicate with another device on the same LAN, it needs to determine the corresponding MAC address for the target IP address. ARP helps in this process by broadcasting an ARP request containing the target IP address. All devices within the broadcast domain receive this ARP request and compare the target IP address with their own IP address. If a match is found, the device with the matching IP address sends an ARP reply which contains its MAC address.
 The device that initiated the ARP request can now update its ARP cache (a table that stores IP-to-MAC mappings) with the new information, and then proceed to send data to the target's MAC address.
-## Security Concerns
+Learn more from the following resources: 
 While ARP is crucial for the functioning of most networks, it also presents certain security risks. ARP poisoning, for example, occurs when an attacker sends fake ARP messages with the goal to associate their MAC address with the IP address of a target device. This can lead to Man-in-the-Middle (MITM) attacks where the attacker can intercept, modify, or block traffic intended for the target device.
 To mitigate ARP poisoning attacks, organizations can implement security measures such as static ARP entries, dynamic ARP inspection, and ensuring that their network devices are updated with the latest security patches.
 By understanding ARP and the potential security risks it presents, you can help protect your network by incorporating appropriate security solutions and staying vigilant against potential threats.
- [@video@ARP Explained - Address Resolution Protocol](https://www.youtube.com/watch?v=cn8Zxh9bPio)
+- [@video@ARP Explained](https://www.youtube.com/watch?v=cn8Zxh9bPio)
 - [@article@What is Address Resolution Protocol?](https://www.fortinet.com/resources/cyberglossary/what-is-arp)
--- a/src/data/roadmaps/cyber-security/content/arp@fzdZF-nzIL69kaA7kwOCn.md
+++ b/src/data/roadmaps/cyber-security/content/arp@fzdZF-nzIL69kaA7kwOCn.md
@ -2,18 +2,11 @@
 ARP is a protocol used by the Internet Protocol (IP) to map an IP address to a physical address, also known as a Media Access Control (MAC) address. ARP is essential for routing data between devices in a Local Area Network (LAN) as it allows for the translation of IP addresses to specific hardware on the network.
 ## How It Works
 When a device wants to communicate with another device on the same LAN, it needs to determine the corresponding MAC address for the target IP address. ARP helps in this process by broadcasting an ARP request containing the target IP address. All devices within the broadcast domain receive this ARP request and compare the target IP address with their own IP address. If a match is found, the device with the matching IP address sends an ARP reply which contains its MAC address.
 The device that initiated the ARP request can now update its ARP cache (a table that stores IP-to-MAC mappings) with the new information, and then proceed to send data to the target's MAC address.
-## Security Concerns
+Learn more from the following resources: 
 While ARP is crucial for the functioning of most networks, it also presents certain security risks. ARP poisoning, for example, occurs when an attacker sends fake ARP messages with the goal to associate their MAC address with the IP address of a target device. This can lead to Man-in-the-Middle (MITM) attacks where the attacker can intercept, modify, or block traffic intended for the target device.
 To mitigate ARP poisoning attacks, organizations can implement security measures such as static ARP entries, dynamic ARP inspection, and ensuring that their network devices are updated with the latest security patches.
 By understanding ARP and the potential security risks it presents, you can help protect your network by incorporating appropriate security solutions and staying vigilant against potential threats.
- [@video@ARP Explained - Address Resolution Protocol](https://www.youtube.com/watch?v=cn8Zxh9bPio)
+- [@video@ARP Explained](https://www.youtube.com/watch?v=cn8Zxh9bPio)
 - [@article@What is Address Resolution Protocol?](https://www.fortinet.com/resources/cyberglossary/what-is-arp)
--- a/src/data/roadmaps/cyber-security/content/arp@hkO3Ga6KctKODr4gos6qX.md
+++ b/src/data/roadmaps/cyber-security/content/arp@hkO3Ga6KctKODr4gos6qX.md
@ -1,32 +1,12 @@
-# arp
+# ARP
-ARP is a crucial network protocol used to map IP addresses to their corresponding MAC (Media Access Control) addresses. This mapping is crucial, as devices on a network use MAC addresses to communicate with one another. As IP addresses are easier to remember and utilize for humans, ARP helps in converting these logical addresses to physical addresses that devices can understand.
+ARP is a protocol used by the Internet Protocol (IP) to map an IP address to a physical address, also known as a Media Access Control (MAC) address. ARP is essential for routing data between devices in a Local Area Network (LAN) as it allows for the translation of IP addresses to specific hardware on the network.
-## Why ARP is important
+When a device wants to communicate with another device on the same LAN, it needs to determine the corresponding MAC address for the target IP address. ARP helps in this process by broadcasting an ARP request containing the target IP address. All devices within the broadcast domain receive this ARP request and compare the target IP address with their own IP address. If a match is found, the device with the matching IP address sends an ARP reply which contains its MAC address.
-In a network, when a device wants to send data to another device, it needs to know the recipient's MAC address. If the sender only knows the IP address, it can use ARP to determine the corresponding MAC address. The mapping is stored in the device's ARP cache, which holds a record of both the IP and MAC addresses. This allows devices to quickly identify and communicate with others on the network.
+The device that initiated the ARP request can now update its ARP cache (a table that stores IP-to-MAC mappings) with the new information, and then proceed to send data to the target's MAC address.
-## ARP Request and Reply
+Learn more from the following resources: 
-Here are the basic steps involved in the ARP process:
+- [@video@ARP Explained](https://www.youtube.com/watch?v=cn8Zxh9bPio)
-
+- [@article@What is Address Resolution Protocol?](https://www.fortinet.com/resources/cyberglossary/what-is-arp)
 - The sender creates an ARP request packet with its own IP and MAC addresses, and the recipient's IP address. The packet is broadcast to all devices on the local network.
 - Each device on the network receives the ARP request, checks if the IP address is its own, and replies to the sender as needed.
 - The sender receives the ARP reply containing the recipient's MAC address and updates its ARP cache with the new information.
 - Finally, the sender uses the MAC address to transmit data packets to the intended recipient.
 ## Troubleshooting with ARP
 If you're having issues with network communication or want to investigate your network, the ARP table can be a helpful tool. You can view your device's ARP cache using commands specific to your operating system:
 - **Windows**: Open Command Prompt and type `arp -a`
 - **Linux**: Open Terminal and type `arp`
 - **macOS**: Open Terminal and type `arp -a`
 The output will display the IP and MAC addresses of devices on the network that the system has interacted with.
 ## ARP Spoofing and Security Concerns
 As crucial as ARP is, it can be exploited by attackers for malicious purposes. ARP spoofing, also known as ARP poisoning, is a form of cyberattack in which an attacker sends fake ARP requests to a network to link their MAC address with an IP address that legitimately belongs to another device. This enables the attacker to intercept and manipulate network traffic or launch denial-of-service (DoS) attacks.
 To mitigate ARP spoofing, consider implementing security measures such as monitoring ARP traffic, using a static ARP table, or employing security solutions like intrusion detection and prevention systems. Additionally, maintaining a secure and up-to-date network infrastructure can help reduce potential vulnerabilities.
--- a/src/data/roadmaps/cyber-security/content/autopsy@bIwpjIoxSUZloxDuQNpMu.md
+++ b/src/data/roadmaps/cyber-security/content/autopsy@bIwpjIoxSUZloxDuQNpMu.md
@ -2,35 +2,7 @@
 Autopsy is a versatile and powerful open-source digital forensics platform that is primarily used for incident response, cyber security investigations, and data recovery. As an investigator, you can utilize Autopsy to quickly and efficiently analyze a compromised system, extract crucial artifacts, and generate comprehensive reports. Integrated with The Sleuth Kit and other plug-ins, Autopsy allows examiners to automate tasks and dig deep into a system's structure to discover the root cause of an incident.
-## Features of Autopsy
+Learn more from the following resources:
- **Central Repository**: Autopsy features a central repository that allows analysts to store and manage case data, ingest modules, and collaborate with other team members. This functionality streamlines the investigation process with effective communication, data sharing, and collaborative analysis.
+- [@official@Autopsy Website](https://www.autopsy.com/)
-
+- [@video@Disk analysis with Autopsy](https://www.youtube.com/watch?v=o6boK9dG-Lc&t=236s)
 - **Intuitive Interface**: Autopsy's graphical user interface (GUI) is user-friendly and well organized. It presents the results in a structured and easy-to-navigate layout, showcasing file systems, metadata, and text strings from binary files.
 - **File System Support**: Autopsy natively supports multiple file systems like FAT12, FAT16, FAT32, NTFS, ext2, ext3, ext4, UFS1, UFS2, and more, making it an ideal solution for analyzing different storage devices.
 - **Timeline Analysis**: The Timeline feature in Autopsy allows analysts to visualize and explore the chronological sequence of file system events. This can be essential in understanding the chain of events during an incident and identifying suspicious activities or anomalies.
 - **Keyword Search**: Autopsy's keyword search function is an invaluable tool for locating artifacts of interest using keywords or regular expressions. Investigators can identify incriminating documents, emails or other files by searching for specific terms, phrases, or patterns.
 - **Integration with Other Tools**: Autopsy's modular design enables seamless integration with various digital forensics tools, facilitating the analysis with specialized features and functions, such as Volatility for memory analysis or PLASO for log parsing.
 ## Installation and Usage
 Autopsy is available for download from its official website, [www.autopsy.com/download/](https://www.autopsy.com/download/), and can be installed on Windows, Linux, and macOS platforms.
 Once installed, creating a new case is easy. Follow these basic steps:
 - Launch Autopsy.
 - Click on the "New Case" button.
 - Provide a case name, case number, examiner, and case directory.
 - Add a data source (e.g., a disk image, local folder, or cloud storage) to the case.
 - Configure data ingestion options and select specific modules of interest.
 - Click on "Finish" to begin the data analysis.
 As Autopsy completes its analysis, it will generate a comprehensive report that can be utilized for internal reporting, maintaining case records, or presenting evidence in legal proceedings.
 ## Conclusion
 In conclusion, Autopsy is a valuable tool for incident response and digital forensics professionals. By mastering its functions and capabilities, you can enhance your capabilities in incident investigations, data recovery, and threat attribution.
--- a/src/data/roadmaps/cyber-security/content/aws@0LztOTc3NG3OujCVwlcVU.md
+++ b/src/data/roadmaps/cyber-security/content/aws@0LztOTc3NG3OujCVwlcVU.md
@ -2,56 +2,6 @@
 Amazon Web Services (AWS) is a leading cloud computing platform provided by Amazon. Launched in 2006, AWS offers an extensive range of on-demand IT services, such as computing power, storage, databases, networking, and security, which enable organizations to develop, deploy, and scale applications and infrastructure quickly and cost-effectively.
-## Key AWS Services
+Learn more from the following resources:
-AWS provides over 200 different services, with new ones being added regularly. Some of the most important and commonly used services include:
+- [@course@AWS Complete Tutorial](https://www.youtube.com/watch?v=B8i49C8fC3E)
 ## Compute
 - **EC2 (Elastic Compute Cloud):** A virtual server that can be customized to suit various workloads and applications. Instances can be scaled up or down as needed.
 - **Lambda:** A serverless computing service that enables you to run your code in response to events or HTTP requests without provisioning or managing servers.
 ## Storage
 - **S3 (Simple Storage Service):** A scalable object storage service that allows you to store and retrieve files, such as documents, images, and videos.
 - **EBS (Elastic Block Store):** A block storage solution used with EC2 instances for persistent storage.
 - **Glacier:** A low-cost archiving solution used for long-term storage and data backup.
 ## Databases
 - **RDS (Relational Database Service):** A managed service for hosting, scaling, and backing up relational databases, such as MySQL, PostgreSQL, and Oracle.
 - **DynamoDB:** A managed NoSQL database service, designed for applications that need fast, consistent performance at any scale.
 ## Networking
 - **VPC (Virtual Private Cloud):** Provides a virtual network for your AWS resources, enabling you to control and isolate your cloud environment.
 - **Route 53:** A Domain Name System (DNS) web service that allows you to manage domain registration and routing policies.
 ## Security, Identity, and Compliance
 - **IAM (Identity and Access Management):** Provides centralized control over AWS resource access and user permissions, enabling secure access management for your resources.
 - **Cognito:** A user identity and data synchronization service that allows you to authenticate and manage users in your applications.
 ## Benefits of AWS
 There are several reasons why AWS is widely used and trusted:
 - **Scalability:** AWS services are designed to scale with the growing needs of your business. You can adjust resources as needed without any upfront investment.
 - **Flexibility:** AWS supports a wide array of operating systems, programming languages, and tools, making it easy to migrate existing applications or develop new ones.
 - **Cost-effective:** AWS follows a pay-as-you-go model, allowing you to pay only for the services and resources you use, eliminating upfront expenses.
 - **Security:** AWS has robust security features, such as data encryption, multi-factor authentication, and infrastructure security measures, ensuring that your data and applications remain secure.
 - **Global Presence:** With data centers across the globe, AWS enables you to serve your customers with low latency and maintain business continuity.
 As a part of your cybersecurity strategy, it’s crucial to understand and securely configure your AWS environment. Secure your cloud infrastructure by adhering to AWS best practices, implementing access controls, and regularly monitoring for vulnerabilities.
 For more information on securing your AWS environment, refer to the [AWS Well-Architected Framework](https://aws.amazon.com/architecture/well-architected/) and the [AWS Security Best Practices](https://d1.awsstatic.com/whitepapers/Security/AWS_Security_Best_Practices.pdf) whitepapers.
--- a/src/data/roadmaps/cyber-security/content/bash@tao0Bb_JR0Ubl62HO8plp.md
+++ b/src/data/roadmaps/cyber-security/content/bash@tao0Bb_JR0Ubl62HO8plp.md
@ -1,41 +1,9 @@
 # Bash
-Bash (**B**ourne **A**gain **Sh**ell) is a widely-used Unix shell and scripting language that acts as a command-line interface for executing commands and organizing files on your computer. It allows users to interact with the system's operating system by typing text commands, serving as an alternative to the graphical user interface (GUI). Bash, created as a free and improved version of the original Bourne Shell (`sh`), is the default shell in many Unix-based systems, including Linux, macOS, and the Windows Subsystem for Linux (WSL).
+Bash (Bourne Again Shell) is a widely-used Unix shell and scripting language that acts as a command-line interface for executing commands and organizing files on your computer. It allows users to interact with the system's operating system by typing text commands, serving as an alternative to the graphical user interface (GUI). Bash, created as a free and improved version of the original Bourne Shell (`sh`), is the default shell in many Unix-based systems, including Linux, macOS, and the Windows Subsystem for Linux (WSL).
-## Bash Scripting
+Learn more from the following resources:
-Bash scripting is an essential skill for anyone engaged in cyber security. It allows you to automate simple tasks, monitor system activities, and manage multiple files and directories with ease. With Bash scripts, you can develop tools, automate repetitive tasks, or even develop security testing tools.
+- [@video@Bash in 100 Seconds](https://www.youtube.com/watch?v=I4EWvMFj37g)
-
+- [@course@Beginners Guide To The Bash Terminal](https://www.youtube.com/watch?v=oxuRxtrO2Ag)
-## Key Features
+- [@course@Start learning bash](https://linuxhandbook.com/bash/)
 - **Variables**: Variables can store data in the form of strings or numbers, which can be used and manipulated throughout your script.
 - **Control Structures**: Bash supports loops (`for`, `while`) and conditional statements (`if`, `case`) to build more robust scripts with decision-making capabilities.
 - **Functions**: Create reusable code blocks that can be called with specified parameters, making your script more modular and easier to maintain.
 - **User Input**: Bash scripts allow you to interact with the user by accepting input or choosing options.
 - **File Management**: Create, modify, or analyze files using built-in commands such as `ls`, `cp`, `mkdir`, and `grep`.
 ## Learning Bash
 As a cyber security expert, having a strong foundation in Bash can save you time and help you better understand the inner workings of a system. Invest time in learning Bash essentials, such as basic commands, file manipulation, scripting, and processing text data.
 - Basic Commands: Start by learning some of the most commonly used Bash commands: `cd`, `mv`, `cp`, `rm`, `grep`, `find`, `sort`, etc.
 - File and Directory Management: Explore the use of commands, like `mkdir`, `rmdir`, `touch`, `chmod`, `chown`, and `ln`, to create, modify, and delete files and directories.
 - Text Processing: Learn to use commands like `cat`, `less`, `head`, `tail`, and `awk` to analyze and manipulate text data.
 - Scripting: Start by understanding the syntax and structure of Bash scripts, and learn how to create, debug, and execute scripts.
 Some resources to begin your journey with Bash are:
 - [@article@GNU Bash Manual](https://www.gnu.org/software/bash/manual/bash.html): A comprehensive guide to Bash, provided by the GNU project.
 - [@article@Bash Beginner's Guide](http://www.tldp.org/LDP/Bash-Beginners-Guide/html/): A beginner-friendly guide that covers the basics of Bash scripting.
 - [@official@Bash Academy](https://www.bash.academy/): An interactive platform to start learning Bash from scratch.
 - [@article@Learn Shell](https://www.learnshell.org/): An online resource with tutorials and exercises to help you practice your Bash skills.
 - [@feed@Explore top posts about Bash](https://app.daily.dev/tags/bash?ref=roadmapsh)
 Bash scripting is a versatile tool in the cybersecurity toolkit, and mastering it will provide you with greater control over the systems you protect.
--- a/src/data/roadmaps/cyber-security/content/basics-and-concepts-of-threat-hunting@_x3BgX93N-Pt1_JK7wk0p.md
+++ b/src/data/roadmaps/cyber-security/content/basics-and-concepts-of-threat-hunting@_x3BgX93N-Pt1_JK7wk0p.md
@ -1,39 +1,12 @@
 # Basics and Concepts of Threat Hunting
-Threat hunting is the proactive process of identifying and mitigating potential threats and vulnerabilities within a network, before they can be exploited by an attacker. To perform effective threat hunting, security professionals must use their knowledge, skills, and the latest threat intelligence to actively search for previously undetected adversaries and suspicious activities within a network.
+Threat hunting is a proactive approach to cybersecurity where security professionals actively search for hidden threats or adversaries that may have bypassed traditional security measures, such as firewalls and intrusion detection systems. Rather than waiting for automated tools to flag suspicious activity, threat hunters use a combination of human intuition, threat intelligence, and advanced analysis techniques to identify indicators of compromise (IoCs) and potential threats within a network or system.
-## Key Objectives of Threat Hunting
+The process involves several key concepts, starting with a **hypothesis**, where a hunter develops a theory about potential vulnerabilities or attack vectors that could be exploited. They then conduct a **search** through logs, traffic data, or endpoint activity to look for anomalies or patterns that may indicate malicious behavior. **Data analysis** is central to threat hunting, as hunters analyze vast amounts of network and system data to uncover subtle signs of attacks or compromises. If threats are found, the findings lead to **detection and mitigation**, allowing the security team to contain the threat, remove malicious entities, and prevent similar incidents in the future.
- **Detect**: Identify unknown threats and suspicious behavior that traditional security tools may miss.
+Threat hunting also involves **continuous learning** and adapting, as hunters refine their techniques based on evolving attack methods and the latest threat intelligence. This approach improves an organization’s overall security posture by identifying sophisticated or previously unknown threats that might evade conventional security measures.
 - **Contain**: Quickly isolate and remediate threats before they can cause significant damage.
 - **Learn**: Gather valuable insights about the adversary, their techniques, and the effectiveness of existing security measures.
-## Threat Hunting Techniques
+Learn more from the following resources:
-There are several practical approaches to threat hunting, such as:
+- [@article@What is Threat Hunting](https://www.ibm.com/topics/threat-hunting)
-
+- [@video@Cyber Security Threat Hunting explained](https://www.youtube.com/watch?v=VNp35Uw_bSM)
 - **Hypothesis-driven hunting**: Develop hypotheses about potential threats and validate them through data analysis and investigation.
 - **Indicator of Compromise (IoC) hunting**: Leverage existing threat intelligence and IoCs to search for matches within your environment.
 - **Machine learning-driven hunting**: Utilize algorithms and advanced analytics tools to automatically detect anomalies and other suspicious patterns of behavior.
 - **Situational awareness hunting**: Understand the normal behavior and baseline of the environment and look for deviations that may indicate malicious activity.
 ## Tools & Technologies for Threat Hunting
 Some common tools and technologies used for threat hunting include:
 - **Security information and event management (SIEM) systems**: Provide a centralized platform for detecting, alerting, and investigating security incidents and events.
 - **Endpoint detection and response (EDR) solutions**: Deliver real-time monitoring, analysis, and remediation capabilities for endpoints.
 - **Threat intelligence platforms (TIPs)**: Aggregate and analyze global threat data and indicators of compromise (IoC) to provide actionable intelligence.
 - **User and entity behavior analytics (UEBA) tools**: Apply advanced analytics algorithms to detect potential threats by analyzing the behavior of users, devices, and applications.
 ## Essential Skills for Threat Hunters
 Successful threat hunters should possess a strong combination of technical skills, critical thinking, and situational awareness. Some essential skills include:
 - **Understanding of networks and protocols**: Deep knowledge of network architecture, protocols, and communication patterns.
 - **Familiarity with operating systems**: Ability to navigate, investigate, and analyze various operating systems, including Windows, Linux, and macOS.
 - **Scripting and programming**: Proficiency in scripting languages (e.g., Python, PowerShell) and automation tools to streamline the threat hunting process.
 - **Knowledge of common attacker tactics, techniques, and procedures (TTPs)**: Awareness of the latest TTPs, ensuring that you stay ahead of potential threats.
 - **Critical thinking and problem-solving**: Ability to analyze complex scenarios and think creatively to identify potential threats and vulnerabilities.
 By developing a strong foundation in threat hunting concepts and techniques, security professionals are better equipped to proactively identify and mitigate potential attacks, thereby strengthening their organization's overall cybersecurity posture.
--- a/src/data/roadmaps/cyber-security/content/basics-of-computer-networking@T0aU8ZQGShmF9uXhWY4sD.md
+++ b/src/data/roadmaps/cyber-security/content/basics-of-computer-networking@T0aU8ZQGShmF9uXhWY4sD.md
@ -1,56 +1,17 @@
 # Basics of Computer Networking
-Computer networking refers to the practice of connecting two or more computing devices, creating an infrastructure in which they can exchange data, resources, and software. It is a fundamental part of cyber security and IT skills. In this chapter, we will cover five aspects of computer networking, including networking devices, network types, network protocols, IP addresses, and the OSI model.
+Computer networking involves connecting multiple computers and devices to share resources, such as data, applications, and internet connections. Networks can range from small local area networks (LANs) to large-scale wide area networks (WANs), such as the internet. The basic components of a network include devices (computers, servers, routers), transmission media (wired or wireless), and network protocols, which govern communication between devices.
-## Networking Devices
+Key concepts in networking include:
-Several devices enable and facilitate communication between different devices. Common networking devices include:
+1. **IP Addressing**: Every device on a network has a unique Internet Protocol (IP) address, which allows it to be identified and communicate with other devices.
 2. **Subnetting**: This involves dividing a network into smaller, manageable sections to optimize performance and security.
 3. **Routing**: Routers are used to forward data between different networks, ensuring that information reaches the correct destination.
 4. **DNS**: The Domain Name System translates human-readable domain names into IP addresses, enabling easier navigation and communication on the internet.
 5. **TCP/IP Protocol**: The Transmission Control Protocol/Internet Protocol (TCP/IP) suite is the foundation of most networks, handling how data is broken into packets, transmitted, and reassembled.
- **Hubs**: Devices that connect different devices together, transmitting data packets to all devices on the network.
+Learn more from the following resources:
 - **Switches**: Similar to hubs, but transmit data packets only to specific devices instead of broadcasting to all.
 - **Routers**: Devices that direct data packets between networks and provide the best path for data packets to reach their destination.
 - **Firewalls**: Devices or software that monitor and filter incoming and outgoing network traffic, allowing only authorized data to pass through.
-## Network Types
+- [@article@Networking basics - What you need to know](https://www.cisco.com/c/en/us/solutions/small-business/resource-center/networking/networking-basics.html)
-
+- [@video@Computer Networking in 100 seconds](https://www.youtube.com/watch?v=keeqnciDVOo)
-There are various types of networks based on the distance they cover, and the number of devices they connect. A few common network types are:
+- [@video@Computer Networks: Crash Course Computer Science #28](https://www.youtube.com/watch?v=3QhU9jd03a0)
 - **Personal Area Network (PAN)**: Connects devices within an individual workspace, typically within a range of 10 meters.
 - **Local Area Network (LAN)**: Covers a small geographical area, such as a home or office, connecting multiple computers and other devices.
 - **Wide Area Network (WAN)**: Covers a larger geographical area, interconnecting different LANs, often using leased telecommunication lines or wireless links.
 - **Virtual Private Network (VPN)**: A secure network established over the public internet, encrypting the data transferred and restricting access to authorized users only.
 ## Network Protocols
 Protocols are sets of rules that govern the communication between devices within a network. Some of the most common protocols include:
 - **Transmission Control Protocol (TCP)**: Ensures the reliable transmission of data and establishes connections between devices.
 - **Internet Protocol (IP)**: Facilitates the transmission of data packets, assigning unique IP addresses to identify devices.
 - **User Datagram Protocol (UDP)**: A lightweight, fast, but less reliable protocol compared to TCP, often used for streaming and gaming applications.
 ## IP Addresses
 An IP address is a unique identifier assigned to every device in a network. There are two types of IP addresses:
 - **IPv4**: Uses a 32-bit addressing system, allowing for approximately 4.3 billion unique IP addresses.
 - **IPv6**: Uses a 128-bit addressing system, providing a significantly larger number of available IP addresses.
 IP addresses can also be categorized as dynamic or static, depending on whether they change over time or remain constant for a device.
 ## OSI Model
 The Open Systems Interconnection (OSI) model is a conceptual framework used to understand and describe how different network protocols interact. It divides networking functions into seven distinct layers:
 - **Physical Layer**: Deals with the physical connection between devices, including cabling and hardware.
 - **Data Link Layer**: Handles the communication between adjacent devices on the same network.
 - **Network Layer**: Identifies the best route for data packets and manages IP addresses.
 - **Transport Layer**: Ensures the reliable transmission of data, including error checking and flow control.
 - **Session Layer**: Establishes, maintains, and terminates connections between applications on different devices.
 - **Presentation Layer**: Translates data into a format that is suitable for transmission between devices.
 - **Application Layer**: Represents the user interface with which applications interact.
 Mastering the basics of computer networking is key to understanding and implementing effective cyber security measures. This chapter has covered essential networking concepts, but it is important to continually expand your knowledge in this ever-evolving field.
 - [@article@What is Computer Networking?](https://tryhackme.com/room/whatisnetworking)
 - [@video@Learn Networking in 3 hours (basics for cybersecurity and DevOps)](https://www.youtube.com/watch?v=iSOfkw_YyOU\&t=1549s)
 - [@feed@Explore top posts about Networking](https://app.daily.dev/tags/networking?ref=roadmapsh)
--- a/src/data/roadmaps/cyber-security/content/basics-of-ids-and-ips@FJsEBOFexbDyAj86XWBCc.md
+++ b/src/data/roadmaps/cyber-security/content/basics-of-ids-and-ips@FJsEBOFexbDyAj86XWBCc.md
@ -6,31 +6,10 @@ When it comes to cybersecurity, detecting and preventing intrusions is crucial f
 An Intrusion Detection System (IDS) is a critical security tool designed to monitor and analyze network traffic or host activities for any signs of malicious activity, policy violations, or unauthorized access attempts. Once a threat or anomaly is identified, the IDS raises an alert to the security administrator for further investigation and possible actions.
 There are two types of IDS:
 - **Network-Based Intrusion Detection System (NIDS)**: This type of IDS is deployed on network devices such as routers, switches, or firewalls to monitor and analyze the traffic between hosts within the network.
 - **Host-Based Intrusion Detection System (HIDS)**: This type of IDS is installed on individual hosts, such as servers or workstations, to monitor and analyze the activities on that specific host.
 ## What is Intrusion Prevention System (IPS)?
 An Intrusion Prevention System (IPS) is an advanced security solution closely related to IDS. While an IDS mainly focuses on detecting and alerting about intrusions, an IPS takes it a step further and actively works to prevent the attacks. It monitors, analyzes, and takes pre-configured automatic actions based on suspicious activities, such as blocking malicious traffic, reseting connections, or dropping malicious packets.
 There are two types of IPS:
 - **Network-Based Intrusion Prevention System (NIPS)**: This type of IPS is deployed in-line with network devices and closely monitors network traffic, making it possible to take actions in real-time.
 - **Host-Based Intrusion Prevention System (HIPS)**: This type of IPS is installed on individual hosts and actively prevents attacks by controlling inputs and outputs on the host, restricting access to resources, and making use of application-level controls.
 ## Key Takeaways
 - IDS and IPS are essential components of a robust cybersecurity strategy.
 - IDS focuses on detecting and alerting about potential intrusions, while IPS takes it further by actively preventing and mitigating attacks.
 - Network-based systems protect networks, while host-based systems protect individual hosts within a network.
 - Regularly updating and configuring IDS/IPS is necessary to continually defend against evolving threats.
 By understanding the basics of IDS and IPS, you can better evaluate your security needs and take the right steps to protect your network and hosts from potential intruders.
 Learn more from the following resources:
 - [@video@Intrusion Prevention System (IPS)](https://www.youtube.com/watch?v=7QuYupuic3Q)
--- a/src/data/roadmaps/cyber-security/content/basics-of-nas-and-san@umbMBQ0yYmB5PgWfY6zfO.md
+++ b/src/data/roadmaps/cyber-security/content/basics-of-nas-and-san@umbMBQ0yYmB5PgWfY6zfO.md
@ -1,36 +1,11 @@
 # Basics of NAS and SAN
-Network Attached Storage (NAS) and Storage Area Network (SAN) technologies play a crucial role in managing data within an organization and serve as the building blocks for a more comprehensive IT infrastructure.
+Network Attached Storage (NAS) and Storage Area Network (SAN) are both technologies used for storing and managing data, but they operate in different ways and serve different purposes. NAS is a dedicated file storage device that connects to a network, allowing multiple users and devices to access files over a shared network. It operates at the file level and uses standard networking protocols such as NFS or SMB/CIFS, making it easy to set up and manage, especially for small to medium-sized businesses. NAS devices are ideal for sharing files, providing backups, and enabling centralized data access across multiple users in a local network.
-## Network Attached Storage (NAS)
+SAN, on the other hand, is a high-performance, specialized network designed to provide block-level storage, which means it acts as a direct-attached storage device to servers. SAN uses protocols such as Fibre Channel or iSCSI and is typically employed in large enterprise environments where fast, high-capacity, and low-latency storage is critical for applications like databases and virtualized systems. While NAS focuses on file sharing across a network, SAN is designed for more complex, high-speed data management, enabling servers to access storage as if it were directly connected to them. Both NAS and SAN are vital components of modern data storage infrastructure but are chosen based on the specific performance, scalability, and management needs of the organization.
-NAS is a high-capacity storage solution that operates on a data file level, allowing multiple users and clients to access, store, and retrieve data from a centralized location over a network. NAS devices are generally connected to a local area network (LAN) and use various file-sharing protocols, such as NFS (Network File System), SMB/CIFS (Server Message Block/Common Internet File System), or AFP (Apple Filing Protocol).
+Learn more from the following resources:
-Some key features of a NAS system include:
+- [@video@What is a NAS](https://www.youtube.com/watch?v=ZwhT-KI16jo)
-
+- [@video@What is a Storage Area Network](https://www.youtube.com/watch?v=7eGw4vhyeTA)
- **Ease of Deployment**: NAS devices are simple to install and configure, facilitating quick integration into existing network infrastructures.
+- [@article@NAS vs SAN - What are the differences?](https://www.backblaze.com/blog/whats-the-diff-nas-vs-san/)
 - **Scalability**: NAS systems can be easily expanded to accommodate growing storage needs by adding more drives or units.
 - **Data Protection**: Most NAS devices offer data protection features such as RAID (Redundant Array of Independent Disks), data backup, and data encryption.
 ## Storage Area Network (SAN)
 SAN is a high-performance, dedicated storage network designed to provide block-level data storage for applications and servers. Unlike NAS, which uses file-sharing protocols, SANs utilize block-based protocols such as Fibre Channel (FC) and iSCSI (Internet Small Computer System Interface) to handle storage requests.
 SANs offer several advantages in terms of performance, reliability, and scalability:
 - **Performance**: SANs can handle low-latency, high-speed data transfers, providing optimal performance for mission-critical applications and large-scale virtualization.
 - **Fault Tolerance**: SANs are designed to provide redundancy and failover capabilities, ensuring continued access to data in the event of hardware failures.
 - **Scalability**: SANs can be easily scaled by adding more disk arrays, switches, or connections to meet growing storage demands.
 ## NAS vs. SAN: Choosing the Right Solution
 When it comes to deciding between NAS and SAN, there are several factors to consider:
 - **Cost**: NAS devices are generally more affordable than SANs, making them an attractive option for smaller organizations or environments with limited budgets.
 - **Infrastructure**: NAS solutions can be more easily integrated into existing network infrastructures, whereas SANs may require dedicated hardware, connections, and management tools.
 - **Performance Requirements**: If you need high-performance storage for intensive applications, SANs may be a more appropriate choice than NAS.
 - **Data Management**: While NAS solutions excel in handling file-based storage, SANs provide better support for block-level storage and can deliver improved performance for virtualized environments and database applications.
 It's essential to evaluate your organization's specific needs and requirements to determine which storage solution is the most appropriate fit. As you expand your knowledge in cyber security, a solid understanding of both NAS and SAN technologies will prove invaluable in implementing secure and efficient data storage systems.
 - [@video@NAS vs SAN](https://youtu.be/3yZDDr0JKVc)
--- a/src/data/roadmaps/cyber-security/content/basics-of-reverse-engineering@uoGA4T_-c-2ip_zfEUcJJ.md
+++ b/src/data/roadmaps/cyber-security/content/basics-of-reverse-engineering@uoGA4T_-c-2ip_zfEUcJJ.md
@ -1,48 +1,10 @@
 # Basics of Reverse Engineering
-Reverse engineering is the process of analyzing a system, component, or software to understand how it works and deduce its design, architecture, or functionality. It is a critical skill in cybersecurity, as it helps security professionals uncover the potential attack vectors, hidden vulnerabilities, and underlying intentions of a piece of software or hardware.
+Reverse engineering is the process of deconstructing a system, software, or hardware to understand its internal workings, design, and functionality without having access to its source code or original documentation. In cybersecurity, reverse engineering is often used to analyze malware or software vulnerabilities to uncover how they operate, allowing security professionals to develop defenses, patches, or detection methods. This involves breaking down the binary code, disassembling it into machine code, and then interpreting it to understand the logic, behavior, and intent behind the program.
-In this section, we will cover the basic concepts and techniques of reverse engineering that every cybersecurity professional should be familiar with.
+Reverse engineering can also be used in hardware to investigate a device's design or performance, or in software development for compatibility, debugging, or enhancing legacy systems. The process typically includes static analysis, where the code is examined without execution, and dynamic analysis, where the program is executed in a controlled environment to observe its runtime behavior. The insights gained through reverse engineering are valuable for improving security, fixing bugs, or adapting systems for different uses. However, it’s important to be aware of the legal and ethical boundaries, as reverse engineering certain software or hardware can violate intellectual property rights.
-## Static Analysis Vs. Dynamic Analysis
+Learn more from the following resources:
-There are two main approaches to reverse engineering: static analysis and dynamic analysis. Static analysis involves examining the code and structure of a software without executing it. This includes analyzing the source code, if available, or examining the binary executable using disassemblers or decompilers.
+- [@course@Reverse Engineering for Everyone!](https://0xinfection.github.io/reversing/)
-
+- [@video@What is reverse engineering?](https://www.youtube.com/watch?v=gh2RXE9BIN8)
 Dynamic analysis, on the other hand, involves executing the software while observing and monitoring its behaviors and interactions with other components or systems. This analysis is typically performed in controlled environments, such as virtual machines or sandbox environments, to minimize potential risks.
 Both approaches have their merits and limitations, and combining them is often the most effective way to gain a comprehensive understanding of the target system.
 ## Disassemblers and Decompilers
 Disassemblers and decompilers are essential tools in reverse engineering, as they help transform binary executables into a more human-readable format.
 - **Disassemblers** convert machine code (binary executable) into assembly language, a low-level programming language that is more human-readable than raw machine code. Assembly languages are specific to the CPU architectures, such as x86, ARM, or MIPS.
 - **Decompilers** attempt to reverse-engineer binary executables into high-level programming languages, such as C or C++, by interpreting the structures and patterns in the assembly code. Decompilation, however, is not always perfect and may generate code that is more difficult to understand than assembly.
 Some popular disassemblers and decompilers are:
 - [@article@IDA Pro](https://www.hex-rays.com/products/ida/)
 - [@article@Ghidra](https://ghidra-sre.org/)
 - [@article@Hopper](https://www.hopperapp.com/)
 ## Debuggers
 Debuggers are another essential tool for reverse engineering, as they allow you to execute a program and closely monitor its behavior during runtime. Debuggers provide features such as setting breakpoints, stepping through code, and examining memory contents.
 Some popular debuggers include:
 - [@article@OllyDbg](http://www.ollydbg.de/)
 - [@article@GDB](https://www.gnu.org/software/gdb/)
 - [@article@x64dbg](https://x64dbg.com/)
 ## Common Reverse Engineering Techniques
 Here are some basic reverse engineering techniques:
 - **Control flow analysis:** Understanding the execution flow of a program, such as loops, branches, and conditional statements, to determine how the program behaves under certain conditions.
 - **Data flow analysis:** Analyzing how data is passed between different parts of a program and tracing the origin and destination of data.
 - **System call analysis:** Examining system calls made by a program to understand how it interacts with the operating system, hardware, or external resources.
 - **Cryptographic analysis:** Identifying and analyzing encryption and decryption algorithms used within a program or analyzing any cryptographic keys or certificates that may be present.
 - **Pattern recognition:** Identifying common patterns, structures, or routines in code that may indicate the use of known algorithms or frameworks.
 Remember that mastering the art of reverse engineering takes time and practice. As you delve deeper into the world of reverse engineering, you will develop the ability to recognize patterns, understand complex systems, and ultimately, better defend against cyber threats.
--- a/src/data/roadmaps/cyber-security/content/basics-of-subnetting@E8Z7qFFW-I9ivr0HzoXCq.md
+++ b/src/data/roadmaps/cyber-security/content/basics-of-subnetting@E8Z7qFFW-I9ivr0HzoXCq.md
@ -1,53 +1,11 @@
 # Basics of Subnetting
-Subnetting is the process of dividing an IP network into smaller sub-networks called subnets. It allows better allocation of IP addresses and provides better organization, control, and security for the network. Here we go through some of the basic concepts of subnetting and why it's crucial for cybersecurity.
+Subnetting is a technique used in computer networking to divide a large network into smaller, more manageable sub-networks, or "subnets." It enhances network performance and security by reducing broadcast traffic and enabling better control over IP address allocation. Each subnet has its own range of IP addresses, which allows network administrators to optimize network traffic and reduce congestion by isolating different sections of a network.
-## IP Addresses and Subnet Masks
+In subnetting, an IP address is split into two parts: the network portion and the host portion. The network portion identifies the overall network, while the host portion identifies individual devices within that network. Subnet masks are used to define how much of the IP address belongs to the network and how much is reserved for hosts. By adjusting the subnet mask, administrators can create multiple subnets from a single network, with each subnet having a limited number of devices. Subnetting is particularly useful for large organizations, allowing them to efficiently manage IP addresses, improve security by segmenting different parts of the network, and control traffic flow by minimizing unnecessary data transmissions between segments.
-An IP address is a unique identifier for devices on a network. It consists of two parts: the network address and the host address. The network address indicates the network to which a device belongs, while the host address identifies the specific device within that network.
+Learn more from the following resources:
-Subnet masks are used to define which portion of an IP address is the network address and which is the host address. For example, in the IP address `192.168.1.5`, and subnet mask `255.255.255.0`, the network address is `192.168.1.0`, and the host address is `5`.
+- [@article@Networking Basics: What is IPv4 Subnetting?](https://www.cbtnuggets.com/blog/technology/networking/networking-basics-what-is-ipv4-subnetting)
-
+- [@video@Lets subnet your home network!](https://www.youtube.com/watch?v=mJ_5qeqGOaI&list=PLIhvC56v63IKrRHh3gvZZBAGvsvOhwrRF&index=6)
-## Why Subnetting?
+- [@video@Subnetting for hackers](https://www.youtube.com/watch?v=o0dZFcIFIAw)
 Subnetting has several advantages, including:
 - **Improved Network Performance**: Breaking a large network into smaller subnets helps reduce congestion and improve overall performance.
 - **Enhanced Security**: By isolating different parts of a network, you can control access and limit the spread of potential threats.
 - **Easier Administration**: Smaller networks are easier to manage and maintain, as it's simpler to track issues and allocate resources.
 ## Subnetting Process
 The process of subnetting involves the following steps:
 - **Choose the Appropriate Subnet Mask**: Determine the right subnet mask for your network based on the number of required subnets and hosts. The more subnets you need, the more bits you will "borrow" from the host portion of the IP address.
 - **Divide the Network into Subnets**: Calculate the subnet addresses by incrementing the network portion of the IP address by the value of the borrowed bits.
 - **Determine Host Ranges**: Calculate the valid host addresses within each subnet by identifying the first and last usable IP addresses. Remember that the first address in a subnet is the network address, and the last address is used for broadcasting.
 - **Assign IP Addresses**: Allocate IP addresses to devices within their respective subnets, and configure devices with the correct subnet mask.
 ## Example
 Let's suppose we have the network `192.168.1.0` with a subnet mask of `255.255.255.0`. We want to create four smaller subnets. Here's how we can do it:
 - `255.255.255.0` in binary is `11111111.11111111.11111111.00000000`. We can borrow 2 bits from the host portion to create four subnets: `11111111.11111111.11111111.11000000`, which is `255.255.255.192` in decimal format.
 - Our subnets will have the following network addresses:
  - `192.168.1.0`
  - `192.168.1.64`
  - `192.168.1.128`
  - `192.168.1.192`
 - The valid host ranges within each subnet are:
  - `192.168.1.1 - 192.168.1.62`
  - `192.168.1.65 - 192.168.1.126`
  - `192.168.1.129 - 192.168.1.190`
  - `192.168.1.193 - 192.168.1.254`
 - Allocate IP addresses from these host ranges to devices within their respective subnets, and configure devices with the correct subnet mask (`255.255.255.192`).
 Understanding the basics of subnetting is essential to properly configuring and securing your network. By efficiently dividing your network into smaller subnets, you can optimize performance, organization, and security.
--- a/src/data/roadmaps/cyber-security/content/basics-of-threat-intel-osint@wN5x5pY53B8d0yopa1z8F.md
+++ b/src/data/roadmaps/cyber-security/content/basics-of-threat-intel-osint@wN5x5pY53B8d0yopa1z8F.md
@ -1,42 +1,10 @@
 # Basics of Threat Intel, OSINT
-Open Source Intelligence (OSINT) is a crucial part of cyber threat intelligence (CTI). It refers to the collection and analysis of publicly available information from various sources to identify potential threats to an organization's information security.
+Threat Intelligence (Threat Intel) and Open-Source Intelligence (OSINT) are both critical components in cybersecurity that help organizations stay ahead of potential threats. Threat Intelligence refers to the collection, analysis, and dissemination of information about potential or current attacks targeting an organization. This intelligence typically includes details on emerging threats, attack patterns, malicious IP addresses, and indicators of compromise (IoCs), helping security teams anticipate, prevent, or mitigate cyberattacks. Threat Intel can be sourced from both internal data (such as logs or past incidents) and external feeds, and it helps in understanding the tactics, techniques, and procedures (TTPs) of adversaries.
-## Why is OSINT important for threat intelligence?
+OSINT, a subset of Threat Intel, involves gathering publicly available information from open sources to assess and monitor threats. These sources include websites, social media, forums, news articles, and other publicly accessible platforms. OSINT is often used for reconnaissance to identify potential attack vectors, compromised credentials, or leaks of sensitive data. It’s also a valuable tool in tracking threat actors, as they may leave traces in forums or other public spaces. Both Threat Intel and OSINT enable organizations to be more proactive in their cybersecurity strategies by identifying vulnerabilities, understanding attacker behavior, and implementing timely defenses based on actionable insights.
-OSINT plays a significant role in achieving comprehensive threat intelligence by offering valuable insights into various threat actors, their tactics, techniques, and procedures (TTPs). By leveraging OSINT, security teams can:
+Learn more from the following resources:
- Identify and track adversaries targeting their organization
+- [@article@OSINT Framework](https://osintframework.com/)
- Gain knowledge about the latest attack strategies and trends
+- [@course@Open-Source Intelligence (OSINT) in 5 Hours](https://www.youtube.com/watch?v=qwA6MmbeGNo&t=457s)
 - Evaluate the effectiveness of existing security measures
 - Develop proactive defense strategies to mitigate potential threats
 ## Key OSINT Sources
 There are numerous sources of OSINT data that can be valuable for threat intelligence. Some of the main sources include:
 - **Publicly accessible websites and blogs**: Security researchers, hackers, and threat actors frequently share information about their findings, tools, and techniques in their blogs and websites.
 - **Social media platforms**: Social media platforms like Twitter, Reddit, and LinkedIn offer a wealth of information about threat actors' activities and can act as a valuable resource for threat intelligence.
 - **Security-related conference materials**: Many industry conferences and workshops publish their research papers, video recordings, and presentations online, allowing you to gather valuable insights from experts in the field.
 - **Online forums and chat rooms**: Hacker forums, online chat rooms, and bulletin boards often contain discussions related to the latest vulnerabilities, exploits, and attack techniques.
 - **Pastebin and GitHub**: These platforms offer code snippets and repositories that may contain working hacking tools or proof-of-concept exploits, making them valuable sources of OSINT.
 ## Best Practices for OSINT Collection
 Collecting and analyzing OSINT for threat intelligence may seem like a daunting task, but by following these best practices, you can effectively incorporate it into your cyber defense strategies:
 - **Set clear goals and objectives**: Define what you want to achieve with your OSINT collection efforts and how it contributes to your organization's threat intelligence initiatives.
 - **Establish a methodology**: Develop a structured approach and process for searching, collecting, and analyzing OSINT data.
 - **Filter your data**: As the volume of data available from OSINT sources can be overwhelming, it's essential to filter the data gathered effectively. Prioritize information that is relevant to your organizational context and specific intelligence requirements.
 - **Maintain up-to-date knowledge**: Regularly review newly available OSINT and stay current with the latest tactics, techniques, and procedures utilized by threat actors.
 - **Collaborate and share with peers**: The security community is known for collaboration and knowledge sharing. Engage with other security professionals to benefit from their knowledge and experience.
 In conclusion, OSINT is a significant aspect of threat intelligence that helps organizations identify and mitigate potential security threats. By effectively collecting and analyzing OSINT, you can gain a better understanding of the ever-evolving threat landscape and develop more effective strategies to protect your organization.
--- a/src/data/roadmaps/cyber-security/content/basics-of-vulnerability-management@lcxAXtO6LoGd85nOFnLo8.md
+++ b/src/data/roadmaps/cyber-security/content/basics-of-vulnerability-management@lcxAXtO6LoGd85nOFnLo8.md
@ -1,24 +1,12 @@
 # Basics of Vulnerability Management
-Vulnerability management is a crucial aspect of cybersecurity, as it helps organizations to identify, prioritize, and remediate potential risks in their networks, systems, and applications. It involves continuous processes and practices designed to protect sensitive data by reducing the attack surface and minimizing the likelihood of a breach.
+Vulnerability management is the process of identifying, evaluating, prioritizing, and mitigating security vulnerabilities in an organization's systems, applications, and networks. It is a continuous, proactive approach to safeguarding digital assets by addressing potential weaknesses that could be exploited by attackers. The process begins with **vulnerability scanning**, where tools are used to detect known vulnerabilities by analyzing software, configurations, and devices. 
-## Importance of Vulnerability Management
+Once vulnerabilities are identified, they are **assessed and prioritized** based on factors such as severity, potential impact, and exploitability. Organizations typically use frameworks like CVSS (Common Vulnerability Scoring System) to assign risk scores to vulnerabilities, helping them focus on the most critical ones first.
- **Prevent cyberattacks**: By addressing vulnerabilities before they can be exploited, organizations reduce the chances of successful attacks and protect their critical assets.
+Next, **remediation** is carried out through patching, configuration changes, or other fixes. In some cases, mitigation may involve applying temporary workarounds until a full patch is available. Finally, continuous **monitoring and reporting** ensure that new vulnerabilities are swiftly identified and addressed, maintaining the organization's security posture. Vulnerability management is key to reducing the risk of exploitation and minimizing the attack surface in today's complex IT environments.
 - **Comply with regulations**: Organizations must adhere to various data protection standards and regulations, such as GDPR, HIPAA, or PCI DSS. A robust vulnerability management program can help meet these requirements.
 - **Maintain customer trust**: Frequent security breaches can lead to reputational damages, making it vital to prioritize vulnerability management as a means to safeguard customer data.
 - **Save costs**: Proactively identifying and mitigating vulnerabilities reduces the financial implications of dealing with a security breach, including the costs of incident response, legal liabilities, and penalties.
-## Components of Vulnerability Management
+Learn more from the following resources:
- **Vulnerability Assessment**: Regular vulnerability assessments are essential to identify security weaknesses. This includes scanning networks, system components, software, and applications to identify existing vulnerabilities.
+- [@article@What is vulnerability management?](https://www.rapid7.com/fundamentals/vulnerability-management-and-scanning/)
-
+- [@video@Vulnerability Management explained by experts](https://www.youtube.com/watch?v=RE6_Lo2wSIg)
 - **Risk Analysis**: After identifying vulnerabilities, it is essential to assess their potential risks. This involves determining the likelihood and impact of each vulnerability, prioritizing them based on severity, and deciding which vulnerabilities to address first.
 - **Remediation**: The remediation process involves implementing patches, updates, or configuration changes to address the identified vulnerabilities. It is crucial to regularly review and ensure that patches have been applied effectively to prevent further exploitation.
 - **Verification**: After remediation, organizations must verify that the implemented solutions have effectively eliminated the risk posed by the vulnerability. Verification processes may include re-scanning and penetration testing.
 - **Reporting**: Maintaining comprehensive and accurate records of vulnerability management activities is essential for regulatory compliance and informing key stakeholders about the organization's security posture. Regular reporting can also aid in identifying problem areas and trends, allowing decision-makers to allocate resources and plan accordingly.
 By implementing a thorough vulnerability management program, organizations can significantly reduce their risk exposure and improve their overall cybersecurity posture. In today's digital landscape, proactively managing vulnerabilities is a critical step in safeguarding sensitive information and maintaining customer trust.
--- a/src/data/roadmaps/cyber-security/content/blue--red--purple-teams@7tDxTcKJNAUxbHLPCnPFO.md
+++ b/src/data/roadmaps/cyber-security/content/blue--red--purple-teams@7tDxTcKJNAUxbHLPCnPFO.md
@ -2,43 +2,10 @@
 In the context of cybersecurity, Blue Team, Red Team, and Purple Team are terms used to describe different roles and methodologies employed to ensure the security of an organization or system. Let's explore each one in detail.
-## Blue Team
+In cybersecurity, Blue Team and Red Team refer to opposing groups that work together to improve an organization's security posture. The Blue Team represents defensive security personnel who protect systems and networks from attacks, while the Red Team simulates real-world adversaries to test the Blue Team's defenses. Purple Team bridges the gap between the two, facilitating collaboration and knowledge sharing to enhance overall security effectiveness. This approach combines the defensive strategies of the Blue Team with the offensive tactics of the Red Team, creating a more comprehensive and dynamic security framework that continuously evolves to address emerging threats and vulnerabilities.
-The Blue Team is responsible for defending an organization's information systems, networks, and critical assets from security threats. They are tasked with the ongoing monitoring of systems, detecting and responding to potential security incidents, and implementing protective measures.
+Learn more from the following resources:
-**Key activities of the Blue Team:**
+- [@article@What is a blue team?](https://www.checkpoint.com/cyber-hub/cyber-security/what-is-a-blue-team/)
-
+- [@article@What is red teaming?](https://www.ibm.com/think/topics/red-teaming)
- Develop and implement security policies and procedures
+- [@article@Purple teaming explained](https://www.crowdstrike.com/cybersecurity-101/purple-teaming/)
 - Perform vulnerability assessments and risk assessments
 - Deploy security tools and technologies (e.g., firewalls, intrusion detection systems, etc.)
 - Monitor logs and analyze security events for potential threats
 - Respond to and investigate security incidents
 - Conduct security awareness and training programs
 ## Red Team
 The Red Team's primary goal is to simulate real-world attacks, identify vulnerabilities, and test the effectiveness of the Blue Team's defensive strategies. They are external or internal team members that act like adversaries, using creativity, and advanced techniques to test an organization's cybersecurity defenses.
 **Key activities of the Red Team:**
 - Perform regular penetration testing and security assessments
 - Use social engineering techniques to exploit human weaknesses
 - Analyze and exploit vulnerabilities in systems, networks, and applications
 - Emulate advanced persistent threats and attack scenarios
 - Provide actionable insights to improve the organization's security posture
 ## Purple Team
 The Purple Team bridges the gap between the Blue Team and Red Team, helping to create a more collaborative environment. They facilitate communication and information sharing between the two teams, ultimately aiming to improve the overall effectiveness of a security program.
 **Key activities of the Purple Team:**
 - Coordinate and plan joint exercises between Blue Team and Red Team
 - Share knowledge, techniques, and findings between the teams
 - Assist with the implementation of identified security improvements
 - Evaluate and measure the effectiveness of security controls
 - Foster a culture of continuous improvement and collaboration
 By investing in Blue, Red, and Purple Team efforts, organizations can achieve a more robust and resilient security posture, capable of withstanding and adapting to ever-evolving threats.
 - [@article@Red Team Fundamentals (TryHackMe)](https://tryhackme.com/room/redteamfundamentals)
--- a/src/data/roadmaps/cyber-security/content/bluetooth@DbWf5LdqiByPiJa4xHtl_.md
+++ b/src/data/roadmaps/cyber-security/content/bluetooth@DbWf5LdqiByPiJa4xHtl_.md
@ -1,21 +1,8 @@
 # Bluetooth
-**Bluetooth** is a wireless technology used to transfer data between devices over short distances. It operates in the 2.4 GHz frequency band and offers a reasonably secure means of communication between devices like smartphones, computers, headphones, and more.
+Bluetooth is a short-range wireless technology standard used for exchanging data between fixed and mobile devices over short distances. While it offers convenience for connecting peripherals and transferring information, it also presents several security concerns in the cybersecurity landscape. Bluetooth vulnerabilities can potentially allow attackers to intercept communications, execute malicious code, or gain unauthorized access to devices. Common attacks include bluejacking, bluesnarfing, and bluebugging. To mitigate these risks, cybersecurity professionals recommend regularly updating device firmware, using the latest Bluetooth protocols, enabling encryption, and turning off Bluetooth when not in use. Despite ongoing security improvements, Bluetooth remains an attack vector that requires vigilant monitoring and protection in both personal and enterprise environments.
-Below are some key points about Bluetooth:
+Learn more from the following resources:
- **Short-range communication**: Bluetooth typically works within a radius of 10 meters (33 feet), giving it a significant advantage in terms of power consumption when compared to other wireless technologies such as Wi-Fi. The short range also reduces the chances of interference between devices.
+- [@article@Bluetooth in Cyber Security](https://www.zenarmor.com/docs/network-basics/what-is-bluetooth)
-
+- [@video@Everything about Bluetooth Security](https://www.youtube.com/watch?v=i9mzl51ammA)
 - **Low power consumption**: Bluetooth devices are designed to use relatively low power compared to other wireless technologies. This aspect contributes to their widespread adoption in battery-powered devices like wearable gadgets and IoT sensors.
 - **Convenience**: Bluetooth allows for easy, automatic connection between devices once they have been paired. This 'pair and play' functionality ensures users can quickly establish connectivity between their devices with minimal effort.
 - **Security**: Bluetooth includes security features like encryption and authentication, which ensure secure communication between paired devices. However, users must remain vigilant in terms of keeping their devices up-to-date with the latest Bluetooth security patches and protocols.
 - **Potential vulnerabilities**: Despite its built-in security measures, Bluetooth is not immune to cyber attacks. Some common risks include "bluejacking" (unauthorized sending of messages or files), "bluesnarfing" (unauthorized access to device data), and "BlueBorne" (an attack vector that exploits Bluetooth connections to infiltrate devices and spread malware). Users should be cautious in their usage of Bluetooth and follow best practices like not accepting unknown connection requests and turning off Bluetooth when not in use.
 In conclusion, Bluetooth offers a convenient means of connecting devices wirelessly. While it provides reasonably secure communication, users must stay informed about potential vulnerabilities and follow good security practices to safeguard their devices.
 - [@article@Bluetooth security risks to know (and how to avoid them)](https://us.norton.com/blog/mobile/bluetooth-security)
 - [@official@Bluetooth security best practices from official website](https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/)
 - [@feed@Explore top posts about Bluetooth](https://app.daily.dev/tags/bluetooth?ref=roadmapsh)
--- a/src/data/roadmaps/cyber-security/content/box@4Man3Bd-ySLFlAdxbLOHw.md
+++ b/src/data/roadmaps/cyber-security/content/box@4Man3Bd-ySLFlAdxbLOHw.md
@ -1,24 +1,7 @@
 # Box
-[Box](https://www.box.com/) is a popular cloud storage service that provides individuals and businesses with a platform to securely store, share, and access files and documents from any device. Box is known for its emphasis on security and collaboration features, making it an ideal choice for businesses who want a secure way to share and collaborate on files with their teams.
+Box is a popular cloud storage service that provides individuals and businesses with a platform to securely store, share, and access files and documents from any device. Box is known for its emphasis on security and collaboration features, making it an ideal choice for businesses who want a secure way to share and collaborate on files with their teams.
-## Features
+Learn more from the following resources:
- **Security:** Box ensures the data stored within their platform is secure by implementing various security measures, such as encryption (in-transit and at-rest), multi-factor authentication, and granular access controls.
+- [@official@Box Website](https://www.box.com/en-gb/home)
 - **Collaboration:** Users can easily invite collaborators, assign permissions, and share files via secure links within Box. It also features real-time document editing and file version history.
 - **Integrations:** Box integrates with several other applications and services, such as Microsoft Office 365, Google Workspace, Salesforce, Slack, and more.
 - **Box Drive:** With Box Drive, users can access and work on their files directly from the desktop, without downloading them locally, making it easy to keep files up-to-date.
 ## Pricing
 Box offers a [variety of pricing plans](https://www.box.com/pricing), catering to different user requirements. These include:
 - **Individual Plan:** Free, with limited storage and features.
 - **Personal Pro Plan:** $10/month, includes 100GB storage, larger file size support, and additional features.
 - **Business Plans:** Starting at $5/user/month, tailored to meet the needs of small to enterprise-level businesses, with increased storage, advanced security, and much more.
 ## Privacy & Compliance
 Box is compliant with various international privacy laws and regulations, such as GDPR, HIPAA, and FedRAMP. It also undergoes third-party audits and assessments to verify the efficacy of their security measures.
 In conclusion, Box is a highly secure and feature-rich cloud storage service that is specifically designed for businesses and individuals who require advanced security and collaboration functionality.
--- a/src/data/roadmaps/cyber-security/content/brute-force-vs-password-spray@Q0i-plPQkb_NIvOQBVaDd.md
+++ b/src/data/roadmaps/cyber-security/content/brute-force-vs-password-spray@Q0i-plPQkb_NIvOQBVaDd.md
@ -11,3 +11,5 @@ Password Spray is a more targeted and stealthy method of password cracking where
 Visit the following resources to learn more:
 - [@article@Brute force vs. Password Spray attack](https://www.inspark.nl/brute-force-vs-password-spray-attack-in-azure-sentinel/)
 - [@article@What is password praying?](https://www.techtarget.com/whatis/definition/password-spraying)
 - [@article@What is a brute force attack?](https://www.fortinet.com/resources/cyberglossary/brute-force-attack)
--- a/src/data/roadmaps/cyber-security/content/buffer-overflow@n8ZOZxNhlnw7DpzoXe_f_.md
+++ b/src/data/roadmaps/cyber-security/content/buffer-overflow@n8ZOZxNhlnw7DpzoXe_f_.md
@ -5,5 +5,4 @@ A Buffer Overflow is a type of vulnerability that occurs when a program or proce
 Visit the following resources to learn more:
 - [@article@What Is Buffer Overflow?](https://www.fortinet.com/resources/cyberglossary/buffer-overflow)
 - [@article@Buffer Overflow Attack](https://www.imperva.com/learn/application-security/buffer-overflow/)
--- a/src/data/roadmaps/cyber-security/content/bus@0DWh4WmLK_ENDuqQmQcu4.md
+++ b/src/data/roadmaps/cyber-security/content/bus@0DWh4WmLK_ENDuqQmQcu4.md
@ -1,21 +1,8 @@
 # Bus
-A **bus topology** is a type of network configuration where all the devices or nodes in the network are connected to a single, central cable known as the bus, backbone or trunk. This common shared path serves as the medium for data transmission and communication amongst the nodes.
+In the context of cybersecurity, a bus refers to a communication system that transfers data between components inside a computer or between computers. It's a critical part of computer architecture that can be vulnerable to various security threats. Attackers may attempt to exploit bus systems to intercept sensitive data, inject malicious code, or perform side-channel attacks. These vulnerabilities can exist at different levels, from the system bus connecting major computer components to expansion buses for peripheral devices. Securing bus communications involves implementing encryption, access controls, and monitoring for unusual activity. As buses play a crucial role in data transfer, protecting them is essential for maintaining the overall security and integrity of computer systems and networks.
-## How Bus Topology Works
+Learn more from the following resources:
-In a bus topology, every node has a unique address that identifies it on the network. When a node wants to communicate with another node in the network, it broadcasts a message containing the destination node's address as well as its own address. All the nodes connected to the bus receive the message, but only the intended recipient with the matching address responds.
+- [@article@What is a bus?](https://www.lenovo.com/gb/en/glossary/bus/?srsltid=AfmBOoocoXVvqdupLu13XAm0FZMOHjRtjnnCCFxa59tEa-bQwhiVhac2)
-
+- [@video@Computer buses](https://www.youtube.com/watch?v=aBCaCrC3z0k)
 ## Advantages of Bus Topology
 - **Easy to set up**: Bus topology is relatively simple in terms of installation, as it requires less cable and minimal hardware.
 - **Cost-effective**: Due to its simplicity and reduced cabling requirements, it's typically more affordable to implement than other topologies.
 - **Expandable**: New nodes can be easily added to the network by connecting them to the bus.
 ## Disadvantages of Bus Topology
 - **Limited Scalability**: As the number of nodes increases, network performance may decrease due to increased collisions and data transmission time.
 - **Single point of failure**: If the central cable (bus) fails or gets damaged, the entire network will be affected and may result in a complete breakdown.
 - **Maintenance difficulty**: Troubleshooting and identifying issues within the network can be challenging due to the shared path for data transmission.
 Bus topology can be an effective solution for small networks with minimal devices. However, as network size and complexity increase, other topologies such as star, ring, or mesh may be more suitable for maintaining efficiency and reliability.
--- a/src/data/roadmaps/cyber-security/content/c@8jj9hpe9jQIgCc8Txyw3O.md
+++ b/src/data/roadmaps/cyber-security/content/c@8jj9hpe9jQIgCc8Txyw3O.md
@ -2,44 +2,7 @@
 C++ is a widely-used, high-level programming language that evolved from the earlier C programming language. Developed by Bjarne Stroustrup in 1985 at Bell Labs, C++ provides object-oriented features and low-level memory manipulation, making it an essential language for many fields, including game development, high-performance systems, and cybersecurity.
-## Key Features of C++:
+Learn more form the following resources:
-## Object-Oriented Programming (OOP)
+- [@course@C++ Full Course - BroCode](https://www.youtube.com/watch?v=-TkoO8Z07hI)
-
+- [@article@C++ Introduction](https://www.w3schools.com/cpp/cpp_intro.asp)
 C++ is one of the first programming languages to support Object-Oriented Programming (OOP). It allows code to be modular and reusable through the use of classes and objects.
 ## Performance
 C++ provides high performance, as it allows low-level access to memory and fine-grained control over system resources. This makes C++ suitable for performance-critical applications like network security systems and firewalls.
 ## Compatibility
 C++ is highly compatible with the C programming language, which makes it easier for programmers to transition from C to C++. Many system-level libraries and applications written in C can be easily extended or integrated with C++ code.
 ## Standard Template Library (STL)
 C++ comes with a rich library called the Standard Template Library (STL). The STL contains efficient templated data structures and algorithms, which can improve development speed and code quality.
 ## Importance of C++ in Cybersecurity
 C++ is widely used in the development of cybersecurity tools and applications due to its efficiency, low-level access, and compatibility with existing systems. Some reasons for its importance in cybersecurity include:
 - **Developing Security Software:** C++ is commonly used in developing antivirus software, firewalls, intrusion detection systems, and other security tools due to its strong performance capabilities.
 - **Reverse Engineering and Exploit Development:** Cybersecurity professionals often use C++ to reverse-engineer malware, study their behavior, and develop countermeasures to stop them.
 - **Vulnerability Analysis:** Since many applications are developed in C++, understanding the language helps cybersecurity professionals assess the code for vulnerabilities and potential exploits.
 - **Secure Code Development:** Developing secure applications is vital to prevent security breaches. With its powerful features, C++ enables developers to write efficient, maintainable, and secure code.
 ## Resources for Learning C++
 To advance your programming skills in C++ and leverage its power for cybersecurity tasks, consider the following resources:
 - [@article@Cplusplus.com](http://www.cplusplus.com/)
 - [@article@CPPReference.com](https://en.cppreference.com/)
 - [@course@Coursera: C++ For C Programmers](https://www.coursera.org/specializations/c-plus-plus-programming)
 - [@article@A Tour of C++](https://www.amazon.com/Tour-C-Depth/dp/0134997832) (book) by Bjarne Stroustrup.
 - [@feed@Explore top posts about C++](https://app.daily.dev/tags/c++?ref=roadmapsh)
 By mastering C++, you'll be well-equipped to develop and secure applications, analyze cybersecurity threats, and effectively contribute to the broader cybersecurity community.
--- a/src/data/roadmaps/cyber-security/content/cat@D2ptX6ja_HvFEafMIzWOy.md
+++ b/src/data/roadmaps/cyber-security/content/cat@D2ptX6ja_HvFEafMIzWOy.md
@ -2,50 +2,7 @@
 `cat` is a widely used command-line utility in UNIX and UNIX-like systems. It stands for "concatenate" which, as the name suggests, can be used to concatenate files, display file contents, or combine files. In the context of incident response and discovery tools, `cat` plays an essential role in quickly accessing and assessing the contents of various files that inform on security incidents and help users understand system data as well as potential threats.
-## Usage
+Learn more from the following resources:
-The default syntax for `cat` is as follows:
+- [@article@Linux cat command](https://phoenixnap.com/kb/linux-cat-command)
-
+- [@video@The cat command](https://www.youtube.com/shorts/lTOje2weu_o?app=desktop)
 ```sh
 cat [options] [file(s)]
 ```
 where `options` are command flags to modify the behavior of `cat` and `file(s)` are the input file(s) to be processed. If no file is specified, `cat` reads input from the standard input, which allows it to interact with output from other utilities or commands.
 ## Key Features
 Here are some of the useful features of `cat` in incident response and discovery:
 - **Display file contents**: Quickly view file content, which is useful for examining logs and configuration files.
  ```sh
  cat file.txt
  ```
 - **Combine multiple files**: Combine contents of multiple files that can be useful while investigating related logs.
  ```sh
  cat file1.txt file2.txt > combined.txt
  ```
 - **Number lines while displaying**: Use the `-n` flag to show line numbers in the output, assisting in pinpointing specific entries in large files.
  ```sh
  cat -n file.txt
  ```
 - **Display non-printable characters**: The `-v` flag allows viewing non-printable characters that might be hidden in a file.
  ```sh
  cat -v file.txt
  ```
 - **Piping and Archiving**: The `cat` command can interface seamlessly with other command-line utilities, allowing complex operations to be performed with ease.
  ```sh
  cat logs.txt | grep 'ERROR' > error_logs.txt
  ```
 ## Wrapping Up
 In summary, `cat` is a versatile and indispensable tool in cybersecurity for simplifying the process of navigating through files, logs, and data during an incident response. Its compatibility with various other Unix utilities and commands makes it a powerful tool in the hands of cyber professionals.
--- a/src/data/roadmaps/cyber-security/content/ccna@4RD22UZATfL8dc71YkJwQ.md
+++ b/src/data/roadmaps/cyber-security/content/ccna@4RD22UZATfL8dc71YkJwQ.md
@ -2,24 +2,7 @@
 The Cisco Certified Network Associate (CCNA) certification is an entry-level certification for IT professionals who want to specialize in networking, specifically within the realm of Cisco products. This certification validates an individual's ability to install, configure, operate, and troubleshoot medium-sized routed and switched networks. It also covers the essentials of network security and management.
-## Key Concepts
+Learn more from the following resources:
-As a CCNA candidate, you will learn the following concepts:
+- [@Network Chuck Free CCNA Course](https://www.youtube.com/playlist?list=PLIhvC56v63IJVXv0GJcl9vO5Z6znCVb1P)
-
+- [@official@CCNA Certification Website](https://www.cisco.com/site/us/en/learn/training-certifications/certifications/enterprise/ccna/index.html)
 - Network fundamentals: understanding the basics of networking technologies, such as how devices communicate and how data is transmitted
 - LAN switching technologies: understanding how switches work and how to configure them for optimal performance
 - IPv4 and IPv6 routing technologies: learning how routers process packets and route data between networks
 - WAN technologies: understanding Wide Area Networks (WANs) and how they are used to connect geographically dispersed networks
 - Infrastructure services: learning about DHCP, DNS, and other essential network services
 - Infrastructure security: understanding how to secure network devices and implement basic security measures
 - Infrastructure management: learning about SNMP, Syslog, and other tools for network monitoring and management
 ## CCNA Exam
 To obtain the CCNA certification, you will need to pass a single exam, currently the "200-301 CCNA" exam. This exam tests your knowledge and skills in the aforementioned key concepts. The exam consists of multiple-choice, drag-and-drop, and simulation questions that assess your understanding of networking theory, as well as your ability to perform practical tasks.
 ## Why CCNA?
 A CCNA certification can provide you with a solid foundation in networking and open doors to various career opportunities, such as network administrator, network engineer, or security specialist roles. Many employers value CCNA-certified professionals for their validated skills in working with Cisco networking products and their understanding of networking fundamentals. Additionally, attaining a CCNA certification can serve as a stepping stone towards more advanced Cisco certifications, such as the Cisco Certified Network Professional (CCNP) and the Cisco Certified Internetwork Expert (CCIE).
 - [@video@Free CCNA 200-301 | Complete Course 2023 by Jeremy's IT Lab](https://www.youtube.com/playlist?list=PLxbwE86jKRgMpuZuLBivzlM8s2Dk5lXBQ)
--- a/src/data/roadmaps/cyber-security/content/ceh@AAo7DXB7hyBzO6p05gx1i.md
+++ b/src/data/roadmaps/cyber-security/content/ceh@AAo7DXB7hyBzO6p05gx1i.md
@ -2,41 +2,6 @@
 **Certified Ethical Hacker (CEH)** is an advanced certification focused on equipping cybersecurity professionals with the knowledge and skills required to defend against the continuously evolving landscape of cyber threats. This certification is facilitated by the EC-Council, an internationally recognized organization for information security certifications.
-## Objectives
+Learn more from the following resources:
-The CEH certification aims to provide professionals with the following skills:
+- [@official@CEH Website](https://www.eccouncil.org/train-certify/certified-ethical-hacker-ceh/)
 - Understand the ethics and legal requirements of ethical hacking
 - Identify and analyze common cyber threats, including malware, social engineering, and various network attacks
 - Utilize the latest penetration testing tools and methodologies to uncover vulnerabilities in systems, networks, and applications
 - Implement defensive countermeasures to protect against cyber attacks
 ## Target Audience
 The CEH certification is ideal for:
 - Cybersecurity professionals seeking to expand their skill set
 - IT administrators responsible for securing their organization's systems and network
 - Penetration testers looking to demonstrate their ethical hacking capabilities
 - Security consultants who want a recognized certification in the IT security field
 ## Exam Details
 To become a Certified Ethical Hacker, you must pass the CEH exam, which consists of the following:
 - Number of Questions: 125
 - Exam Type: Multiple choice questions
 - Duration: 4 hours
 - Passing Score: 70%
 ## Preparation
 To prepare for the CEH exam, candidates can follow the EC-Council's official training course or opt for self-study. The recommended resources include:
 - EC-Council's [_CEH v11: Certified Ethical Hacker_](https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/) training course
 - Official CEH study guide and practice exams
 - CEH-related books, articles, and online resources
 ## Recertification
 CEH holders need to earn 120 ECE (Education Credits) within three years of obtaining their certification to retain their credentials. These credits can be obtained through training, workshops, conferences, and other continuous learning opportunities in the field of information security.
--- a/src/data/roadmaps/cyber-security/content/certificates@WXRaVCYwuGQsjJ5wyvbea.md
+++ b/src/data/roadmaps/cyber-security/content/certificates@WXRaVCYwuGQsjJ5wyvbea.md
@ -2,39 +2,9 @@
 Certificates, also known as digital certificates or SSL/TLS certificates, play a crucial role in the world of cybersecurity. They help secure communications between clients and servers over the internet, ensuring that sensitive data remains confidential and protected from prying eyes.
-## What is a Certificate?
+Digital certificates provide a crucial layer of security and trust for online communications. Understanding their role in cybersecurity, the different types of certificates, and the importance of acquiring certificates from trusted CAs can greatly enhance your organization's online security posture and reputation.
 A digital certificate is an electronic document that uses a digital signature to bind a public key with a specific identity, such as a website domain or an organization. It contains information about the certificate holder, the certificate's validity period, and the public key of the entity that the certificate represents.
 ## Certificate Authorities (CAs)
 Certificates are issued and signed by trusted third-party organizations called Certificate Authorities (CAs). CAs are responsible for verifying the authenticity of organizations or individuals making the request and ensuring that they, indeed, own the domain for which the certificate is issued.
 Some well-known CAs include:
 - DigiCert
 - Let's Encrypt
 - GlobalSign
 - Sectigo (formerly Comodo)
 - Entrust
 ## Types of Certificates
 Different types of certificates serve different purposes and offer varying levels of validation:
 - **Domain Validation (DV)**: These certificates validate the ownership of the domain but do not contain any information about the organization that owns it. DV certificates offer a basic level of security and are suitable for websites that don't process sensitive data, such as blogs or portfolio sites.
 - **Organization Validation (OV)**: OV certificates verify the ownership of the domain and contain information about the organization that owns it. This type of certificate provides an enhanced level of trust and is recommended for business websites where users need to know the identity of the organization they are dealing with.
 - **Extended Validation (EV)**: EV certificates provide the highest level of identity validation by conducting a rigorous verification process that involves checking the organization's legal status, physical presence, and domain ownership. Websites with an EV certificate display a green padlock or bar in the browser address bar, increasing user trust and confidence.
 ## Importance of Certificates
 Digital certificates offer various benefits in the realm of cybersecurity, such as:
 - **Authentication**: Certificates help to establish the authenticity of a domain or an organization, allowing users to trust that they are communicating with a legitimate entity.
 - **Encryption**: By using public key encryption, certificates enable secure communication between clients and servers, protecting sensitive data from being intercepted by malicious actors.
 - **Integrity**: Certificates ensure that the data transferred between parties remains intact and unaltered during transmission, preventing tampering or manipulation by malicious actors.
 - **Trust**: With the assurance that a website has a valid certificate from a trusted CA, users are more likely to trust and engage with the site, leading to increased conversion rates and customer loyalty.
-## Conclusion
+Learn more from the following resources:
-Digital certificates provide a crucial layer of security and trust for online communications. Understanding their role in cybersecurity, the different types of certificates, and the importance of acquiring certificates from trusted CAs can greatly enhance your organization's online security posture and reputation.
+- [@article@What is an SSL certificate?](https://www.cloudflare.com/en-gb/learning/ssl/what-is-an-ssl-certificate/)
 - [@article@What is a certificate authority](https://www.ssl.com/article/what-is-a-certificate-authority-ca/)
--- a/src/data/roadmaps/cyber-security/content/cidr@PPIH1oHW4_ZDyD3U3shDg.md
+++ b/src/data/roadmaps/cyber-security/content/cidr@PPIH1oHW4_ZDyD3U3shDg.md
@ -2,22 +2,11 @@
 CIDR, or Classless Inter-Domain Routing, is a method of allocating IP addresses and routing Internet Protocol packets in a more flexible and efficient way, compared to the older method of Classful IP addressing. Developed in the early 1990s, CIDR helps to slow down the depletion of IPv4 addresses and reduce the size of routing tables, resulting in better performance and scalability of the Internet.
 ## How CIDR works
 CIDR achieves its goals by replacing the traditional Class A, B, and C addressing schemes with a system that allows for variable-length subnet masking (VLSM). In CIDR, an IP address and its subnet mask are written together as a single entity, referred to as a _CIDR notation_.
 A CIDR notation looks like this: `192.168.1.0/24`. Here, `192.168.1.0` is the IP address, and `/24` represents the subnet mask. The number after the slash (/) is called the _prefix length_, which indicates how many bits of the subnet mask should be set to 1 (bitmask). The remaining bits of the subnet mask are set to 0.
-For example, a `/24` prefix length corresponds to a subnet mask of `255.255.255.0`, because the first 24 bits are set to 1. This allows for 256 total IP addresses in the subnet, with 254 of these IPs available for devices (The first and last IP are reserved for the network address and broadcast address, respectively).
+Learn more from the following resources:
 ## Advantages of CIDR
 - **Efficient IP allocation:** CIDR allows for more granular allocation of IPv4 addresses, reducing wasted IP space.
 - **Reduction of routing table size:** CIDR enables route aggregation (route summarization), which combines multiple network routes to a single routing table entry.
 - **Decreased routing updates:** By allowing routers to share more generalized routing information, the number of routing updates gets significantly reduced, improving network stability and reducing router workload.
 ## CIDR in IPv6
 CIDR also plays a crucial role in the IPv6 addressing system, where the use of CIDR notation and address aggregation has become even more critical in managing the immense address space of IPv6 efficiently.
-In conclusion, CIDR is an essential component of modern IP networking systems, enabling better utilization of IP address space and improving the overall scalability and performance of the Internet. It's crucial for network administrators and security professionals to have a solid understanding of CIDR, as it plays a significant role in configuring, managing, and securing IP networks.
+- [@article@What is CIDR?](https://aws.amazon.com/what-is/cidr/)
 - [@video@What is Network CIDR Notation?](https://www.youtube.com/watch?v=tpa9QSiiiUo)
--- a/src/data/roadmaps/cyber-security/content/cis@sSihnptkoEqUsHjDpckhG.md
+++ b/src/data/roadmaps/cyber-security/content/cis@sSihnptkoEqUsHjDpckhG.md
@ -2,32 +2,7 @@
 The **Center for Internet Security (CIS)** is a non-profit organization that focuses on enhancing the cybersecurity posture of individuals, organizations, and governments around the world. CIS offers various tools, best practices, guidelines, and frameworks that help in defending against common cyber threats.
-## CIS Critical Security Controls
+Learn more from the following resources:
-One of the most significant contributions of CIS is the **CIS Critical Security Controls (CSC)**, which are a set of prioritized actions that aim to improve cyber defense. These controls have been developed by a community of IT security experts and are regularly updated to remain relevant in the ever-evolving threat landscape.
+- [@video@CIS Overview](https://www.youtube.com/watch?v=f-Z7h5dI6uQ)
-
+- [@official@CIS Website](https://www.cisecurity.org/)
 The CIS Critical Security Controls are divided into three categories:
 - Basic Controls: Foundational security measures that every organization should implement.
 - Foundational Controls: Additional security measures providing a more robust defense.
 - Organizational Controls: Governance and management-related processes, ensuring the continuity and effectiveness of the security program.
 The following are the key objectives of implementing CIS Critical Security Controls:
 - Strengthen the security posture of an organization.
 - Protect sensitive information and valuable assets.
 - Identify and prioritize the most critical vulnerabilities.
 - Reduce the attack surface and risks associated with cyber threats.
 ## CIS Benchmarks
 CIS also provides **CIS Benchmarks**, which are a set of configuration guidelines for various technologies, including operating systems, cloud providers, and applications. These benchmarks offer practical guidance for securing systems and improving overall cybersecurity posture.
 CIS Benchmarks provide the following benefits:
 - Improve system security by reducing the attack surface.
 - Assist in meeting compliance requirements such as HIPAA, PCI DSS, and GDPR.
 - Enable organizations to adopt best practices in configuration management.
 - Facilitate audit preparation and maintaining system documentation.
 In summary, the Center for Internet Security (CIS) offers valuable resources that can help organizations bolster their security posture. The CIS Critical Security Controls and CIS Benchmarks are practical tools that provide guidance on implementing security measures to mitigate cyber threats effectively. By following these guidelines, organizations can improve their resilience and better protect themselves in the rapidly evolving digital landscape.
--- a/src/data/roadmaps/cyber-security/content/cisa@lqFp4VLY_S-5tAbhNQTew.md
+++ b/src/data/roadmaps/cyber-security/content/cisa@lqFp4VLY_S-5tAbhNQTew.md
@ -2,44 +2,9 @@
 The **Certified Information Systems Auditor (CISA)** is a globally recognized certification for professionals who audit, control, monitor, and assess an organization's information technology and business systems.
 ## Overview
 CISA was established by the Information Systems Audit and Control Association (ISACA) and is designed to demonstrate an individual's expertise in managing vulnerabilities, ensuring compliance with industry regulations, and instituting controls within the business environment.
-## Who Should Pursue CISA?
+Learn more from the following resources:
 CISA is most suitable for professionals with roles such as:
 - IT auditors
 - IT security professionals
 - IT risk analysts
 - IT compliance analysts
 - Security consultants
 ## Exam and Prerequisites
 To earn the CISA certification, candidates must pass a comprehensive exam. The prerequisites for the CISA certification include:
 - Five years of professional experience in information systems auditing, control, assurance, or security work. Some substitutions and waivers can be made for education, but a minimum of two years of experience in information systems audit or control is required.
 - Agree to the ISACA Code of Professional Ethics.
 - Adherence to the CISA Continuing Professional Education (CPE) Program, which requires a minimum of 20 CPE hours annually and 120 hours of CPE in a 3-year period.
 The exam itself has a duration of four hours and consists of 150 multiple-choice questions. It covers five domains:
 - The Process of Auditing Information Systems (21%)
 - Governance and Management of IT (16%)
 - Information Systems Acquisition, Development, and Implementation (18%)
 - Information Systems Operations, Maintenance, and Service Management (20%)
 - Protection of Information Assets (25%)
 ## Benefits of CISA Certification
 Upon obtaining the CISA certification, some of the benefits include:
 - Increased credibility and recognition in the industry
 - Enhanced career prospects and job security
 - A competitive edge over non-certified professionals
 - The potential for salary increase and promotions
 - Access to a global community of certified professionals and resources
-Overall, the CISA certification can be a valuable asset for those looking to advance their careers in cybersecurity, particularly in the area of auditing and controlling information systems.
+- [@official@CISA Website](https://www.isaca.org/credentialing/cisa)
 - [@article@What is a Certified Information Systems Auditor?](https://www.investopedia.com/terms/c/certified-information-systems-auditor.asp)
--- a/src/data/roadmaps/cyber-security/content/cism@s86x24SHPEbbOB9lYNU-w.md
+++ b/src/data/roadmaps/cyber-security/content/cism@s86x24SHPEbbOB9lYNU-w.md
@ -1,31 +1,10 @@
 # CISM
-The [Certified Information Security Manager (CISM)](https://www.isaca.org/credentialing/cism) is an advanced cybersecurity certification offered by ISACA that focuses on information security management. It is designed for professionals who have a strong understanding of information security and are responsible for overseeing, designing, and managing an organization's information security programs.
+The Certified Information Security Manager (CISM) is an advanced cybersecurity certification offered by ISACA that focuses on information security management. It is designed for professionals who have a strong understanding of information security and are responsible for overseeing, designing, and managing an organization's information security programs.
-## Who Should Pursue CISM Certification?
+Common ports are standardized communication endpoints used by various network protocols and services. In cybersecurity, understanding these ports is crucial for configuring firewalls, detecting potential threats, and managing network traffic. Some widely used ports include 80 and 443 for HTTP and HTTPS web traffic, 22 for SSH secure remote access, 25 for SMTP email transmission, and 53 for DNS name resolution. FTP typically uses port 21 for control and 20 for data transfer, while ports 137-139 and 445 are associated with SMB file sharing. Database services often use specific ports, such as 3306 for MySQL and 1433 for Microsoft SQL Server. Cybersecurity professionals must be familiar with these common ports and their expected behaviors to effectively monitor network activities, identify anomalies, and secure systems against potential attacks targeting specific services.
-The CISM certification is ideal for:
+Learn more from the following resources:
- Information security managers
+- [@official@CISM Website](https://www.isaca.org/credentialing/cism)
- IT consultants
+- [@article@Certified Information Security Manager (CISM)](https://www.techtarget.com/searchsecurity/definition/certified-information-security-manager-CISM)
 - IT auditors
 - Senior IT professionals responsible for information security
 - Security architects and engineers
 ## Exam Requirements and Process
 To obtain the CISM certification, candidates must:
 - **Register for the CISM Exam**: You must [register](https://www.isaca.org/exams) for the exam, pay the registration fee, and select an exam date during one of the three annual exam windows.
 - **Meet the Experience Requirements**: You must have at least five years of experience in information security management across at least three of the four CISM domains. There is the option to waive up to two years of experience based on your education or other certifications.
 - **Study for the Exam**: Thorough exam preparation is essential for success. ISACA provides a range of study materials, including the [CISM Review Manual](https://www.isaca.org/bookstore), online question banks, and instructor-led courses.
 - **Take the Exam**: The CISM exam consists of 150 multiple-choice questions, and you have four hours to complete it. It covers four main domains:
    - Information Security Governance
    - Information Risk Management
    - Information Security Program Development and Management
    - Information Security Incident Management
 - **Maintain Your Certification**: Once you pass the exam and meet the experience requirements, you need to [apply for certification](https://www.isaca.org/credentialing/certified-information-security-manager/get-cism-certified). To maintain your CISM credential, you must earn Continuing Professional Education (CPE) hours and renew your certification every three years.
 The CISM certification is globally recognized for its emphasis on the strategic and managerial aspects of information security. Professionals with this certification are in high demand, as they possess the knowledge and skills to develop and manage comprehensive information security programs in various organizations.
--- a/src/data/roadmaps/cyber-security/content/cissp@BqvijNoRzSGYLCMP-6hhr.md
+++ b/src/data/roadmaps/cyber-security/content/cissp@BqvijNoRzSGYLCMP-6hhr.md
@ -2,45 +2,7 @@
 The Certified Information Systems Security Professional (CISSP) is a globally recognized certification offered by the International Information System Security Certification Consortium (ISC)². It is designed for experienced security professionals to validate their knowledge and expertise in the field of information security.
-## Who Should Obtain the CISSP Certification?
+Learn more from the following resources:
-The CISSP certification is ideal for security consultants, managers, IT directors, security auditors, security analysts, and other professionals who are responsible for designing, implementing, and managing security for their organization. This certification is aimed at professionals with at least five years of full-time experience in two or more of the eight CISSP domains:
+- [@official@CISSP Certification Website](https://www.isc2.org/certifications/cissp)
-
+- [@course@CISSP Certification course](https://www.youtube.com/watch?v=M1_v5HBVHWo)
 - Security and Risk Management
 - Asset Security
 - Security Architecture and Engineering
 - Communication and Network Security
 - Identity and Access Management (IAM)
 - Security Assessment and Testing
 - Security Operations
 - Software Development Security
 ## Certification Process
 To obtain the CISSP certification, candidates must meet the following requirements:
 - **Experience:** Possess a minimum of five years of cumulative, paid, full-time work experience in two or more of the eight domains of the CISSP Common Body of Knowledge (CBK).
 - **Exam:** Pass the CISSP examination with a minimum scaled score of 700 out of 1000 points. The exam consists of 100 to 150 multiple-choice and advanced innovative questions that must be completed within three hours.
 - **Endorsement:** After passing the exam, candidates must submit an endorsement application to be reviewed and endorsed by an (ISC)² CISSP holder within nine months of passing the exam.
 - **Continuing Professional Education (CPE):** To maintain the CISSP certification, professionals must earn 120 CPE credits every three years, with a minimum of 40 credits earned each year, and pay an annual maintenance fee.
 ## Benefits of CISSP Certification
 Obtaining the CISSP certification comes with numerous benefits, such as:
 - Enhanced credibility, as the CISSP is often considered the gold standard in information security certifications.
 - Increased job opportunities, as many organizations and government agencies require or prefer CISSP-certified professionals.
 - Improved knowledge and skills, as the certification covers a broad range of security topics and best practices.
 - Higher salary potential, as CISSP-certified professionals often command higher salaries compared to their non-certified counterparts.
 - Access to a network of other CISSP-certified professionals and resources, enabling continuous learning and professional development.
 Learn more from the following resources
 - [@official@ISC2 CISSP](https://www.isc2.org/certifications/cissp)
 - [@official@ISC2 CISSP - Official Study Guide](https://www.wiley.com/en-us/ISC2+CISSP+Certified+Information+Systems+Security+Professional+Official+Study+Guide%2C+10th+Edition-p-9781394254699)
 - [@article@Destcert - CISSP Free Resources](https://destcert.com/resources/)
 - [@video@CISSP Exam Cram 2024](https://youtube.com/playlist?list=PL7XJSuT7Dq_XPK_qmYMqfiBjbtHJRWigD&si=_wSeCkvj-1rzv0ZF)
 - [@video@CISSP Prep (Coffee Shots)](https://youtube.com/playlist?list=PL0hT6hgexlYxKzBmiCD6SXW0qO5ucFO-J&si=9ICs373Vl1ce3s0H)
--- a/src/data/roadmaps/cyber-security/content/cloud-skills-and-knowledge@vVaBQ5VtsE_ZeXbCOF8ux.md
+++ b/src/data/roadmaps/cyber-security/content/cloud-skills-and-knowledge@vVaBQ5VtsE_ZeXbCOF8ux.md
@ -1,48 +1,10 @@
 # Cloud Skills and Knowledge
-In the realm of cyber security, cloud skills and knowledge are indispensable for professionals who work with cloud-based infrastructure and services. As more organizations migrate to the cloud, the demand for cloud security expertise continues to rise. This chapter focuses on the essential cloud skills and knowledge a cyber security specialist should possess.
+Cloud skills and knowledge are essential for working effectively with cloud computing technologies and services, which provide scalable, on-demand resources over the internet. Core cloud skills include understanding the architecture and types of cloud deployments, such as public, private, and hybrid clouds, as well as the major service models: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). Knowledge of cloud platforms like AWS, Microsoft Azure, and Google Cloud is crucial, along with the ability to manage virtual machines, storage, networking, and databases in a cloud environment.
-## Understanding Cloud Models
+Security in the cloud is a vital skill, encompassing encryption, identity and access management (IAM), compliance, and disaster recovery. Understanding DevOps practices, containerization (using tools like Docker and Kubernetes), and serverless computing also plays a significant role in cloud operations. Additionally, familiarity with cloud-native tools for automation, monitoring, and orchestration, as well as knowledge of cloud cost optimization and performance tuning, are important for maximizing cloud efficiency and ensuring a secure, scalable infrastructure.
-It is fundamental for a cyber security professional to be acquainted with the different cloud service models, including:
+Learn more from the following resources:
- **IaaS (Infrastructure as a Service):** Offers virtualized computing resources over the Internet (e.g., Amazon Web Services, Microsoft Azure).
+- [@article@7 Cloud Computing skills to know](https://www.coursera.org/articles/cloud-computing-skills)
- **PaaS (Platform as a Service):** Provides a platform for developers to build, test, and deploy applications (e.g., Google App Engine, Heroku).
+- [@video@What cloud skills are essential?](https://www.youtube.com/watch?v=udKBDRcj178)
 - **SaaS (Software as a Service):** Offers on-demand access to software applications over the Internet (e.g., Salesforce, Microsoft 365).
 ## Familiarity with Cloud Security Architecture
 A comprehensive understanding of cloud security architecture enables professionals to design and implement secure cloud environments. Key aspects include:
 - Identifying and managing risks in cloud deployments
 - Configuring and managing cloud security services
 - Applying best practices for data storage, access control, and encryption in the cloud
 ## Compliance and Legal Issues
 Cloud security specialists must be aware of various compliance and legal requirements related to cloud data storage and processing, such as GDPR, HIPAA, and PCI-DSS.
 ## Cloud Security Tools and Technologies
 Cyber security professionals should be proficient in using various security tools and technologies specifically designed for the cloud, including:
 - Cloud security monitoring and management tools (e.g., AWS Security Hub, Azure Security Center)
 - Cloud-native security platforms (e.g., Palo Alto Networks Prisma, Check Point CloudGuard)
 - API security and management tools (e.g., Postman, Swagger)
 ## Cloud Identity and Access Management
 A strong grasp of identity and access management (IAM) concepts in the cloud is crucial. This entails understanding:
 - How to create and manage user identities and permissions
 - Implementing multi-factor authentication (MFA)
 - Understanding the differences between cloud-based and traditional IAM systems
 ## Securing Cloud Networks
 Professionals should know the fundamentals of securing cloud networks, including:
 - Implementing network security features such as firewalls, virtual private networks (VPNs), and intrusion detection systems
 - Segmenting cloud networks for better security
 Overall, possessing cloud skills and knowledge prepares cyber security professionals to effectively protect and manage cloud infrastructure and applications in today's fast-paced digital landscape.
--- a/src/data/roadmaps/cyber-security/content/common-commands@WDrSO7wBNn-2jB8mcyT7j.md
+++ b/src/data/roadmaps/cyber-security/content/common-commands@WDrSO7wBNn-2jB8mcyT7j.md
@ -1,83 +1,30 @@
 # Common Commands
-In this guide, we will cover essential common commands you need to know when starting your journey in cyber security. By becoming proficient in these commands, you will be able to navigate, analyze, and manage different aspects of systems and networks. The list will cover command prompts, shell commands, and other tools.
+Common operating system (OS) commands are essential for interacting with a system's shell or command-line interface (CLI). These commands allow users to perform a wide range of tasks, such as navigating the file system, managing files and directories, checking system status, and administering processes. Below are some commonly used commands across Unix/Linux and Windows operating systems:
-_Please note this guide assumes you already have basic knowledge of command line interfaces (CLI)_
+1. **Navigating the File System:**
   - Unix/Linux: `ls` (list files), `cd` (change directory), `pwd` (print working directory)
   - Windows: `dir` (list files), `cd` (change directory), `echo %cd%` (print working directory)
-## Operating System Commands
+2. **File and Directory Management:**
   - Unix/Linux: `cp` (copy files), `mv` (move/rename files), `rm` (remove files), `mkdir` (create directory)
   - Windows: `copy` (copy files), `move` (move/rename files), `del` (delete files), `mkdir` (create directory)
-These commands are useful for managing and understanding your operating system and its components.
+3. **System Information and Processes:**
   - Unix/Linux: `top` or `htop` (view running processes), `ps` (list processes), `df` (disk usage), `uname` (system info)
   - Windows: `tasklist` (list processes), `taskkill` (kill process), `systeminfo` (system details)
-## Windows
+4. **File Permissions and Ownership:**
   - Unix/Linux: `chmod` (change file permissions), `chown` (change file ownership)
   - Windows: `icacls` (modify access control lists), `attrib` (change file attributes)
- `ipconfig`: Display the IP configuration for all network interfaces on the device.
+5. **Network Commands:**
   - Unix/Linux: `ping` (test network connection), `ifconfig` or `ip` (network interface configuration), `netstat` (network statistics)
   - Windows: `ping` (test network connection), `ipconfig` (network configuration), `netstat` (network statistics)
- `netstat`: Display active network connections, listening ports, and routing tables.
+These commands form the foundation of interacting with and managing an OS via the command line, providing greater control over system operations compared to graphical interfaces.
- `systeminfo`: Display detailed information about the computer's hardware and software configuration.
+Learn more from the following resources:
- `nslookup`: Look up the IP address of a domain or host.
+- [@video@60 Linux commands you must know](https://www.youtube.com/watch?v=gd7BXuUQ91w)
-
+- [@video@Top 40 Windows commands to know](https://www.youtube.com/watch?v=Jfvg3CS1X3A)
 - `ping`: Send a series of network packets to test network connectivity.
 ## Linux/Unix/MacOS
 - `ifconfig`: Display the IP configuration for all network interfaces on the device.
 - `netstat`: Display active network connections, listening ports, and routing tables.
 - `uname -a`: Display detailed information about the operating system.
 - `dig`: Look up the IP address of a domain or host.
 - `ping`: Send a series of network packets to test network connectivity.
 ## File System Commands
 These commands are useful for navigating and managing file systems on your device.
 ## Windows
 - `dir`: List files and directories in the current directory.
 - `cd`: Change the current directory.
 - `copy`: Copy files from one location to another.
 - `move`: Move files from one location to another.
 - `del`: Delete specified files.
 ## Linux/Unix/MacOS
 - `ls`: List files and directories in the current directory.
 - `cd`: Change the current directory.
 - `cp`: Copy files from one location to another.
 - `mv`: Move files from one location to another.
 - `rm`: Delete specified files.
 ## Network Analysis Commands
 These commands are useful for analyzing and troubleshooting network connections.
 - `traceroute` (Linux/Unix/MacOS) / `tracert` (Windows): Display the route and transit delay of packets across a network.
 - `tcpdump` (Linux/Unix/MacOS) / `Wireshark` (Windows): Capture and analyze network traffic.
 ## Cyber Security Tools
 - `nmap`: Scan networks and hosts for open ports and network services.
 - `Metasploit`: A penetration testing framework that simplifies the discovery and exploitation of vulnerabilities.
 - `John the Ripper`: A password-cracking tool that automatically detects and cracks multiple password formats.
 - `Wireshark`: A network protocol analyzer that captures and analyzes network traffic.
 - `Aircrack-ng`: A suite of tools for auditing wireless networks.
 By familiarizing yourself with these common commands and tools, you'll have a solid foundation to build upon in your cyber security journey. As you progress, you will encounter more advanced tools and techniques, so keep learning and stay curious!
--- a/src/data/roadmaps/cyber-security/content/common-ports-and-their-uses@0tx2QYDYXhm85iYrCWd9U.md
+++ b/src/data/roadmaps/cyber-security/content/common-ports-and-their-uses@0tx2QYDYXhm85iYrCWd9U.md
@ -1,39 +1,8 @@
 # Common Ports and their Uses
-Ports are crucial in networking, as they facilitate communication between devices and applications. They act as endpoints in the networking process, enabling data transfer. We've compiled a list of commonly used ports to help you understand their significance in cyber security.
+Common ports are standardized communication endpoints used by various network protocols and services. In cybersecurity, understanding these ports is crucial for configuring firewalls, detecting potential threats, and managing network traffic. Some widely used ports include 80 and 443 for HTTP and HTTPS web traffic, 22 for SSH secure remote access, 25 for SMTP email transmission, and 53 for DNS name resolution. FTP typically uses port 21 for control and 20 for data transfer, while ports 137-139 and 445 are associated with SMB file sharing. Database services often use specific ports, such as 3306 for MySQL and 1433 for Microsoft SQL Server. Cybersecurity professionals must be familiar with these common ports and their expected behaviors to effectively monitor network activities, identify anomalies, and secure systems against potential attacks targeting specific services.
-## Transmission Control Protocol (TCP) Ports
+Learn more from the following resources:
- **FTP (File Transfer Protocol) - Ports 20 and 21**: FTP is a widely used protocol for transferring files.
+- [@video@Common network ports](https://www.youtube.com/watch?v=dh8h-4u7Wak)
-
+- [@article@Common network ports you should know](https://opensource.com/article/18/10/common-network-ports)
 - **SSH (Secure Shell) - Port 22**: SSH allows secure communication and remote access to devices over an unsecured network.
 - **Telnet - Port 23**: Telnet is a text-based protocol that allows you to interact with remote devices over networks.
 - **SMTP (Simple Mail Transfer Protocol) - Port 25**: SMTP is a protocol for sending and receiving emails.
 - **DNS (Domain Name System) - Port 53**: DNS translates human-readable domain names into IP addresses to facilitate communication between devices.
 - **HTTP (Hypertext Transfer Protocol) - Port 80**: HTTP is the primary protocol used for communication on the World Wide Web.
 - **POP3 (Post Office Protocol 3) - Port 110**: POP3 is a protocol for receiving emails from your email server.
 - **IMAP (Internet Message Access Protocol) - Port 143**: IMAP is a more advanced email protocol that allows you to access and manage your emails on the email server.
 - **HTTPS (Hypertext Transfer Protocol Secure) - Port 443**: HTTPS is an encrypted and secure version of HTTP.
 - **RDP (Remote Desktop Protocol) - Port 3389**: RDP is a Microsoft-developed protocol for remotely accessing Windows devices.
 ## User Datagram Protocol (UDP) Ports
 - **DHCP (Dynamic Host Configuration Protocol) - Ports 67 and 68**: DHCP is used to allocate IP addresses to devices within a network.
 - **DNS (Domain Name System) - Port 53**: (same function as in TCP)
 - **TFTP (Trivial File Transfer Protocol) - Port 69**: TFTP is a simplified version of FTP for quick and easy file transfer.
 - **SNMP (Simple Network Management Protocol) - Port 161**: SNMP enables monitoring and managing network devices, including printers, routers, and switches.
 - **NTP (Network Time Protocol) - Port 123**: NTP is a standard protocol used to synchronize time across network devices.
 Understanding these common ports and their functions is essential for network administrators and cyber security professionals. Proper knowledge of these ports will help you identify and assess potential security risks, as well as implement robust network defense measures.
--- a/src/data/roadmaps/cyber-security/content/common-protocols-and-their-uses@ViF-mpR17MB3_KJ1rV8mS.md
+++ b/src/data/roadmaps/cyber-security/content/common-protocols-and-their-uses@ViF-mpR17MB3_KJ1rV8mS.md
@ -1,35 +1,8 @@
 # Common Protocols and their Uses
-In this section, we will discuss some of the most common protocols used in networking and their importance in maintaining cyber security. Protocols are a set of rules and procedures that define how data should be transmitted, formatted, and processed over a network.
+Networking protocols are essential for facilitating communication between devices and systems across networks. In cybersecurity, understanding these protocols is crucial for identifying potential vulnerabilities and securing data transmission. Common protocols include TCP/IP, the foundation of internet communication, which ensures reliable data delivery. HTTP and HTTPS are used for web browsing, with HTTPS providing encrypted connections. FTP and SFTP handle file transfers, while SMTP, POP3, and IMAP manage email services. DNS translates domain names to IP addresses, and DHCP automates IP address assignment. SSH enables secure remote access and management of systems. Other important protocols include TLS/SSL for encryption, SNMP for network management, and VPN protocols like IPsec and OpenVPN for secure remote connections. Cybersecurity professionals must be well-versed in these protocols to effectively monitor network traffic, implement security measures, and respond to potential threats targeting specific protocol vulnerabilities.
-## HyperText Transfer Protocol (HTTP) and HTTPS
+Learn more from the following resources:
-HTTP, or HyperText Transfer Protocol, is the foundation of data communication on the World Wide Web. It defines how data should be formatted and transmitted between a client (like your browser) and a web server. HTTP is a stateless protocol, meaning each request and response pair is independent from others.
+- [@video@Networking For Hackers! (Common Network Protocols)](https://www.youtube.com/watch?v=p3vaaD9pn9I)
-
+- [@article@12 common network protocols](https://www.techtarget.com/searchnetworking/feature/12-common-network-protocols-and-their-functions-explained)
 HTTPS, or HTTP Secure, is a secure version of HTTP that encrypts data between the client and server using Secure Sockets Layer (SSL) or Transport Layer Security (TLS) to protect sensitive data from being intercepted or tampered with.
 ## Transmission Control Protocol (TCP)
 TCP, or Transmission Control Protocol, is a reliable, connection-oriented protocol that ensures data is delivered correctly between applications over a network. It ensures accurate and complete data delivery by establishing a connection, segmenting data into smaller packets, verifying the receipt of packets, and reordering packets to their original sequence.
 ## Internet Protocol (IP)
 Internet Protocol (IP) is responsible for delivering packets from the source host to the destination host based on their IP addresses. IP is the primary protocol in the Internet Layer of the Internet Protocol Suite and has two main versions - IPv4 and IPv6.
 ## User Datagram Protocol (UDP)
 UDP, or User Datagram Protocol, is a connectionless communication protocol used for fast and efficient data transmission. Unlike TCP, UDP does not provide error checking or guarantee delivery, making it suitable for real-time applications like video streaming and online gaming where low latency is crucial.
 ## Domain Name System (DNS)
 The Domain Name System (DNS) is responsible for translating human-readable domain names (like www.example.com) into corresponding IP addresses that computers understand. This process is called domain name resolution. DNS is an essential component of internet communication, as it allows users to access websites using easy-to-remember names instead of numerical IP addresses.
 ## File Transfer Protocol (FTP)
 File Transfer Protocol (FTP) is a standard network protocol used for transferring files from one host to another over a TCP-based network, such as the Internet. FTP is commonly used for sharing files and transferring files between a client and a server.
 ## Simple Mail Transfer Protocol (SMTP)
 Simple Mail Transfer Protocol (SMTP) is the standard protocol for sending email messages across a network. It defines how email messages should be formatted, encrypted, and relayed between email clients, servers, and other email systems.
 Understanding these common protocols and their roles in network communication is vital for ensuring the proper implementation of cyber security measures. It will help you better identify potential vulnerabilities and make informed decisions on network defense strategies.
--- a/src/data/roadmaps/cyber-security/content/compliance@05Gbgy6aawYlYIx38u8DE.md
+++ b/src/data/roadmaps/cyber-security/content/compliance@05Gbgy6aawYlYIx38u8DE.md
@ -0,0 +1,8 @@
 # Compliance
 Compliance in cybersecurity refers to the adherence to laws, regulations, standards, and best practices designed to protect sensitive data and ensure the security of information systems. It encompasses a wide range of requirements that organizations must meet to safeguard their digital assets and maintain the trust of customers, partners, and regulatory bodies. Common compliance frameworks include GDPR for data protection in the EU, HIPAA for healthcare information in the US, PCI DSS for payment card industry, and ISO 27001 for information security management. Compliance often involves implementing specific security controls, conducting regular audits, maintaining documentation, and demonstrating ongoing commitment to security practices. While achieving compliance can be complex and resource-intensive, it is crucial for mitigating legal and financial risks, protecting reputation, and fostering a culture of security within organizations.
 Learn more from the following resources:
 - [@article@What is Cyber Security Compliance?](https://www.comptia.org/content/articles/what-is-cybersecurity-compliance)
 - [@article@Cyber Security Compliance 101](https://sprinto.com/blog/cyber-security-compliance/)
--- a/src/data/roadmaps/cyber-security/content/comptia-a@lbAgU5lR1O7L_5mCbNz_D.md
+++ b/src/data/roadmaps/cyber-security/content/comptia-a@lbAgU5lR1O7L_5mCbNz_D.md
@ -2,47 +2,7 @@
 CompTIA A+ is an entry-level certification for IT professionals that focuses on essential knowledge and skills in computer hardware, software, and troubleshooting. This certification is widely recognized in the IT industry and can serve as a stepping stone for individuals looking to start a career in the field of information technology.
 ## Objectives
 The CompTIA A+ certification aims to test and validate foundational IT knowledge and skills, including:
 - Installation, configuration, and upgrading of computer hardware, peripherals, and operating systems
 - Basic networking concepts and maintenance of wired and wireless networks
 - Troubleshooting and repair of computer hardware, software, and networks
 - Understanding the basics of mobile device hardware and networking
 - Familiarity with security concepts, operating system maintenance, and disaster recovery
 ## Exams
 To earn the CompTIA A+ certification, you'll need to pass two exams:
 - **CompTIA A+ 220-1001 (Core 1)**: This exam covers topics like mobile devices, networking technology, hardware, virtualization, and cloud computing.
 - **CompTIA A+ 220-1002 (Core 2)**: This exam focuses on topics such as operating systems, security, software troubleshooting, and operational procedures.
 Both exams consist of 90 questions each, which you'll need to complete within 90 minutes. The passing score is 675 for Core 1 and 700 for Core 2 (on a scale of 100-900).
 ## Recommended Experience
 Though the CompTIA A+ certification is designed for beginners, it's recommended that you have at least 9-12 months of hands-on experience in the lab or field before attempting the exams. If you don't have prior experience, you could consider taking a training course or working through hands-on labs to gain the required knowledge and skills.
 ## Benefits
 Achieving a CompTIA A+ certification can offer several benefits, such as:
 - Establishing your credibility as an IT professional with a strong foundation in hardware, software, and networking
 - Demonstrating your commitment to continuing education and career growth in the IT industry
 - Improving your employability and widening your job prospects, especially for entry-level IT roles
 - Serving as a prerequisite for more advanced certifications, such as CompTIA Network+ and CompTIA Security+
 Overall, if you're an aspiring IT professional, the CompTIA A+ certification is a great starting point to kick off your IT career and begin acquiring the skills and knowledge needed to thrive in this ever-evolving industry.
 Learn more from the following resources:
- [@official@CompTIA A+ Certification](https://www.comptia.org/certifications/a)
+- [@official@Comptia A+ Website](https://www.comptia.org/certifications/a)
- [@article@CompTIA A+ 220-1101 - Professor Messer's Course FREE](https://www.professormesser.com/free-a-plus-training/220-1101/220-1101-video/220-1101-training-course/)
+- [@course@Comptia A+ Course](https://www.youtube.com/watch?v=1CZXXNKAY5o)
 - [@article@CompTIA A+ 220-1102 - Professor Messer's Course FREE](https://www.professormesser.com/free-a-plus-training/220-1102/220-1102-video/220-1102-training-course/)
 - [@course@Total Seminars - CompTIA A+ Core 1 (220-1101)](https://www.udemy.com/course/comptia-aplus-core-1/)
 - [@course@Total Seminars - CompTIA A+ Core 2 (220-1102)](https://www.udemy.com/course/comptia-aplus-core-2/)
 - [@course@Dion Training - CompTIA A+ Core 1 (220-1101)](https://www.udemy.com/course/comptia-a-core-1/)
 - [@course@Dion Training - CompTIA A+ Core 2 (220-1102)](https://www.udemy.com/course/comptia-a-core-2//)
--- a/src/data/roadmaps/cyber-security/content/comptia-linux@p34Qwlj2sjwEPR2ay1WOK.md
+++ b/src/data/roadmaps/cyber-security/content/comptia-linux@p34Qwlj2sjwEPR2ay1WOK.md
@ -2,55 +2,7 @@
 The CompTIA Linux+ certification is an entry-level certification aimed at individuals who are seeking to learn and demonstrate their skills and knowledge of the Linux operating system. This certification is widely recognized in the IT industry as an essential qualification for entry-level Linux administrators and helps them gain a strong foundation in Linux system administration tasks.
-## Overview
+Learn more from the following resources:
- **Difficulty Level:** Beginner
+- [@official@Linux+ Website](https://www.comptia.org/certifications/linux)
- **Certification Type:** Professional
+- [@video@Linux+ Exam Prep](https://www.youtube.com/watch?v=niPWk7tgD2Q&list=PL78ppT-_wOmuwT9idLvuoKOn6UYurFKCp)
 - **Exam Format:** Multiple-choice and performance-based
 - **Duration:** 90 minutes
 - **Number of Questions:** Maximum of 90
 - **Passing Score:** 720 (on a scale of 100-900)
 ## Topics Covered
 The CompTIA Linux+ certification covers various aspects related to Linux, including:
 - **System Architecture:** Hardware settings, boot sequence, kernel modules, and system boot.
 - **Linux Installation and Package Management:** Designing hard disk layout, installing a boot manager, managing shared libraries, using Debian and RPM package management.
 - **GNU and Unix Commands:** Bash commands, text processing, redirection and pipes, and managing processes.
 - **Devices, Linux Filesystems, and Filesystem Hierarchy Standard:** Creating and configuring filesystems, maintaining the integrity of filesystems, managing disk quotas, and using file permissions to control access.
 - **Shells, Scripting, and Data Management:** Customizing and writing shell scripts, managing SQL data, and using regular expressions.
 - **User Interfaces and Desktops:** Installing X11, setting up display managers, and managing accessibility settings.
 - Administrative Tasks: Managing user and group accounts, automating system administration tasks, localization, and system logging.
 - Essential System Services: Configuring, managing, and troubleshooting network services, time synchronization, and system logging.
 - Network Fundamentals: Addressing and routing fundamentals, troubleshooting network issues, and configuring DNS clients.
 - Security: Perform security administration tasks, set up host security, and secure data with encryption.
 ## Skills Gained
 By earning the CompTIA Linux+ certification, you will be equipped with the knowledge and skills to:
 - Install, configure, and maintain Linux systems.
 - Perform essential Linux system administration tasks.
 - Troubleshoot and resolve issues related to Linux systems.
 - Implement basic security measures on Linux systems.
 ## Exam Preparation
 CompTIA provides a range of study materials and resources, including:
 - CompTIA Linux+ Study Guide: Thoroughly covers the exam objectives to help you prepare for the certification.
 - CompTIA Linux+ CertMaster Practice: A comprehensive online practice platform that helps you assess your knowledge and identify areas for improvement.
 - CompTIA Linux+ CertMaster Learn: Interactive learning experience offering a customizable learning path, flashcards, quizzes, and assessments.
 ## Conclusion
 The CompTIA Linux+ certification is an excellent starting point for aspiring Linux professionals, as it validates essential skills required for entry-level Linux administration roles. By obtaining this certification, you can enhance your career prospects and demonstrate your competence to potential employers. So, buckle up and start your Linux journey with the CompTIA Linux+ certification!
 - [@oficial@Official CompTIA Linux+](https://www.comptia.org/certifications/linux)
 - [@video@CompTIA Linux+ Exam Prep (XK0-005 revision)](https://youtube.com/playlist?list=PL78ppT-_wOmuwT9idLvuoKOn6UYurFKCp&si=0OAFuOOsjko8Gg61)
 - [@course@Dion Training](https://www.udemy.com/course/comptia-linux/)
--- a/src/data/roadmaps/cyber-security/content/comptia-network@4RGbNOfMPDbBcvUFWTTCV.md
+++ b/src/data/roadmaps/cyber-security/content/comptia-network@4RGbNOfMPDbBcvUFWTTCV.md
@ -2,46 +2,7 @@
 The CompTIA Network+ is a highly sought-after certification for IT professionals who aim to build a solid foundation in networking concepts and practices. This certification is vendor-neutral, meaning that it covers a broad range of knowledge that can be applied to various network technologies, products, and solutions. The Network+ certification is designed for beginners in the world of IT networking, and it is recommended that you first obtain the [CompTIA A+ certification](#) before moving on to Network+.
-## Topics Covered
+Learn more from the following resources:
-The CompTIA Network+ certification covers several essential networking topics, such as:
+- [@official@CompTIA Network+ Website](https://www.comptia.org/certifications/network)
-
+- [@course@CompTIA Network+ Course](https://www.youtube.com/watch?v=xmpYfyNmWbw)
 - **Networking Concepts**: This includes understanding network architectures, devices, protocols, and services.
 - **Infrastructure**: Learn about the various network components such as cabling, network devices, and storage.
 - **Network Operations**: Gain knowledge on how to monitor, analyze, and optimize network performance, as well as maintain network documentation and policies.
 - **Network Security**: Understand the fundamentals of securing a network, including access control, encryption, and firewalls.
 - **Network Troubleshooting and Tools**: Learn how to troubleshoot and resolve network issues using various diagnostic tools and techniques.
 ## Exam Details
 To become Network+ certified, you must pass the [N10-008 exam](https://www.comptia.org/certifications/network) or [N10-009 exam](https://www.comptia.org/certifications/network). The exam consists of:
 - Up to 90 questions, including multiple-choice and performance-based questions
 - Duration: 90 minutes
 - Passing Score: 720 out of 900
 - Exam Cost: $369 USD
 ## Benefits of CompTIA Network+ Certification
 By earning the CompTIA Network+ certification, you can demonstrate your competency in networking fundamentals and start your journey as an IT professional. The benefits of this certification include:
 - **Increased job opportunities**: A Network+ certification showcases your knowledge in networking, which can help you land entry-level positions such as network administrator or network technician.
 - **Higher salary potential**: Professionals with the Network+ certification typically enjoy higher salaries compared to their non-certified counterparts.
 - **Professional growth**: Gaining the Network+ certification helps you stay up-to-date with networking technologies and sets the stage for more advanced certifications, such as [CompTIA Security+](#) or [Cisco CCNA](#).
 - **Vendor-neutral**: Since the Network+ certification covers a broad range of networking topics, it is applicable to many different network environments and technologies.
 To get started with your CompTIA Network+ certification journey, [visit the official CompTIA website](https://www.comptia.org/certifications/network) for more information on the certification, exam preparation, and testing centers.
 ## Preparation Resources
 - **Strengthen Networking Fundamentals:**: The CompTIA Network+ exam emphasizes understanding networking fundamentals. To build a solid foundation, grasp concepts like TCP/IP protocols, subnetting, the OSI model, network devices, and addressing schemes.
 - **Engage in Hands-on Practice:**: Theory alone won't suffice for excelling in the N10-008 or N10-009 exam. Practical experience is crucial for understanding networking concepts and troubleshooting scenarios. Take practice exams to assess your readiness and get familiar with the exam format. Additionally, work with virtual labs to enhance your practical understanding of network configurations and troubleshooting. 
 Recommended resources include:
 - [@official@Official CompTIA Network+](https://www.comptia.org/certifications/network)
 - [@video@CompTIA Network+ Full Course FREE [23+ Hours]](https://www.youtube.com/watch?v=xmpYfyNmWbw)
 - [@article@Professor Messer’s CompTIA N10-008 Network+ Course FREE](https://www.professormesser.com/network-plus/n10-008/n10-008-video/n10-008-training-course/)
 - [@course@Total Seminars](https://www.udemy.com/course/comptia-networkplus-certification/)
 - [@course@Dion Training](https://www.udemy.com/course/comptia-network-009/)
--- a/src/data/roadmaps/cyber-security/content/comptia-security@AxeDcKK3cUtEojtHQPBw7.md
+++ b/src/data/roadmaps/cyber-security/content/comptia-security@AxeDcKK3cUtEojtHQPBw7.md
@ -2,34 +2,7 @@
 CompTIA Security+ is a highly recognized and respected certification for individuals seeking to start their careers in the field of cybersecurity. This certification is vendor-neutral, meaning it doesn't focus on any specific technology or platform, and provides a solid foundation in cybersecurity principles, concepts, and best practices.
-## Overview
+Learn more from the following resources:
-The CompTIA Security+ certification covers a variety of essential topics, including:
+- [@official@CompTIA Security+ Website](https://www.comptia.org/certifications/security)
-
+- [@course@CompTIA Security+ Course](https://www.youtube.com/watch?v=yLf2jRY39Rc&list=PLIhvC56v63IIyU0aBUed4qwP0nSCORAdB)
 - Network security
 - Threat management
 - Application, data, and host security
 - Access control and identity management
 - Cryptography
 - Compliance and operational security
 Earning the Security+ certification can open the door to various entry-level cybersecurity roles such as Security Analyst, Security Engineer, or Network Security Specialist.
 ## Exam Details
 To earn the CompTIA Security+ certification, candidates must pass the SY0-701 exam. The exam consists of 90 questions, which are a mix of multiple-choice and performance-based questions. Candidates are given 90 minutes to complete the exam, and a score of 750 out of 900 is required to pass. 
 ## Preparation Resources
 Preparation for the CompTIA Security+ exam involves a combination of self-study, instructor-led courses, and hands-on experience in the cybersecurity field. Recommended resources include:
 - [@official@Official CompTIA Security+ Study Guide](https://www.comptia.org/training/books/security-sy0-701-study-guide)
 - [@official@CompTIA Security+ Certification Exam Details](https://www.comptia.org/certifications/security#examdetails)
 - [@video@Professor Messer's Free Security+ Video Course](https://youtube.com/playlist?list=PLG49S3nxzAnl4QDVqK-hOnoqcSKEIDDuv&si=nwydzQ13lug4ymbl)
 - [@course@Dion Training](https://www.udemy.com/course/securityplus/)
 - [@course@Total Seminars](https://www.udemy.com/course/total-comptia-security-plus/)
 - [@podcast@CompTIA Security+ 701 Audio Course Podcast](https://open.spotify.com/show/1Ch1IPQc9V9FULKSBc6UfO?si=994f9ee5a0a24ee6)
 While there are no formal prerequisites to take the Security+ exam, CompTIA recommends candidates have two years of experience in IT administration, focusing on security, and a CompTIA Network+ certification.
 Overall, the CompTIA Security+ certification is an excellent choice for those looking to begin their journey in cybersecurity. It provides candidates with a strong foundational knowledge, while also serving as a stepping stone for more advanced certifications in the field.
--- a/src/data/roadmaps/cyber-security/content/computer-hardware-components@Ih0YZt8u9vDwYo8y1t41n.md
+++ b/src/data/roadmaps/cyber-security/content/computer-hardware-components@Ih0YZt8u9vDwYo8y1t41n.md
@ -1,71 +1,10 @@
 # Computer Hardware Components
-When it comes to understanding basic IT skills, one cannot overlook the importance of familiarizing yourself with the essential computer hardware components. These are the physical parts that make up a computer system, and understanding their functions will help you troubleshoot issues and maintain your device better. Here's a brief overview of some of the primary computer hardware components:
+Computer hardware components are the physical parts of a computer system that work together to perform computing tasks. The key components include the **central processing unit (CPU)**, which is the "brain" of the computer responsible for executing instructions and processing data. The **motherboard** is the main circuit board that connects and allows communication between the CPU, memory, and other hardware. **Random Access Memory (RAM)** serves as the computer's short-term memory, storing data that is actively being used by the CPU for quick access.
-## Central Processing Unit (CPU)
+The **storage device**, such as a hard disk drive (HDD) or solid-state drive (SSD), is where data is permanently stored, including the operating system, applications, and files. The **power supply unit (PSU)** provides the necessary electrical power to run the components. **Graphics processing units (GPU)**, dedicated for rendering images and videos, are important for tasks like gaming, video editing, and machine learning. Additionally, **input devices** like keyboards and mice, and **output devices** like monitors and printers, enable users to interact with the system. Together, these components make up the essential hardware of a computer, enabling it to perform various computing functions.
-The CPU serves as the heart and brain of a computer. It performs all the processing inside the computer and is responsible for executing instructions, performing calculations, and managing the flow of data.
+Learn more from the following resources:
-**Key Points:**
+- [@video@Computer Components for Dummies](https://www.youtube.com/watch?v=cZs6kh0WFRY)
-
+- [@article@What is computer hardware?](https://uk.crucial.com/articles/pc-builders/what-is-computer-hardware)
 - Considered the "brain" of the computer.
 - Performs all the major processes and calculations.
 ## Motherboard
 The motherboard is the main circuit board that connects all components of the computer. It provides a central hub for communication between the CPU, memory, and other hardware components.
 **Key Points:**
 - Connects all other hardware components.
 - Allows components to communicate with each other.
 ## Memory (RAM)
 Random Access Memory (RAM) is where data is temporarily stored while the computer is powered on. The data is constantly accessed, written, and rewritten by the CPU. The more RAM a system has, the more tasks it can process simultaneously.
 **Key Points:**
 - Temporary storage for data while the computer is on.
 - More RAM allows for better multitasking.
 ## Storage (Hard Drives)
 Storage devices like hard disk drives (HDD) or solid-state drives (SSD) are used to store data permanently on the computer, even when the device is powered off. Operating systems, software, and user files are stored on these drives.
 **Key Points:**
 - Permanent storage for data.
 - Comes in HDD and SSD types, with SSDs being faster but more expensive.
 ## Graphics Processing Unit (GPU)
 The GPU is responsible for rendering images, videos, and animations on the computer screen. Its main function is to handle and display graphics, making your visuals smooth and responsive.
 **Key Points:**
 - Handles and processes graphics and visuals.
 - Important for gaming, video editing, and graphic design tasks.
 ## Power Supply Unit (PSU)
 The power supply unit provides the necessary power to all components in the computer. It converts the AC power from the wall socket into the DC power that the computer's components require.
 **Key Points:**
 - Provides power to all computer components.
 - Converts AC power to DC power.
 ## Input/Output Devices
 Input devices, such as a mouse, keyboard, or scanner, are used to interact with and input data into the computer. Output devices, like the display monitor and speakers, present information and data in a format we can understand.
 **Key Points:**
 - Input devices allow users to interact with the computer.
 - Output devices present information to the user.
 By understanding these essential computer hardware components, you can enhance your knowledge of how a computer functions and improve your IT troubleshooting and maintenance skills. Happy computing!
 - [@video@What does what in your computer? Computer parts Explained](https://youtu.be/ExxFxD4OSZ0)
 - [@feed@Explore top posts about Hardware](https://app.daily.dev/tags/hardware?ref=roadmapsh)
--- a/src/data/roadmaps/cyber-security/content/connection-types-and-their-function@F1QVCEmGkgvz-_H5lTxY2.md
+++ b/src/data/roadmaps/cyber-security/content/connection-types-and-their-function@F1QVCEmGkgvz-_H5lTxY2.md
@ -1,32 +1,19 @@
 # Connection Types and their function
-In the realm of cyber security, understanding various connection types is crucial in maintaining a secure network environment. This section will provide you with an overview of different connection types commonly encountered in IT and their impact on security.
+There are several types of network connections that enable communication between devices, each serving different functions based on speed, reliability, and purpose. **Ethernet** is a wired connection type commonly used in local area networks (LANs), providing high-speed, stable, and secure data transfer. Ethernet is ideal for businesses and environments where reliability is crucial, offering speeds from 100 Mbps to several Gbps.
-## Wired Connections
+**Wi-Fi**, a wireless connection, enables devices to connect to a network without physical cables. It provides flexibility and mobility, making it popular in homes, offices, and public spaces. While Wi-Fi offers convenience, it can be less reliable and slower than Ethernet due to signal interference or distance from the access point.
-Ethernet is the most widespread and commonly used wired connection type. It provides a secure, high-speed data transmission between devices, such as computers, routers, and switches, using Category 5 (Cat5) or higher cables. Ethernet connections are generally considered more reliable and secure compared to wireless connections because they are less vulnerable to interference and unauthorized access.
+**Bluetooth** is a short-range wireless technology primarily used for connecting peripherals like headphones, keyboards, and other devices. It operates over shorter distances, typically up to 10 meters, and is useful for personal device communication rather than networking larger systems.
-## USB (Universal Serial Bus)
+**Fiber-optic connections** use light signals through glass or plastic fibers to transmit data at very high speeds over long distances, making them ideal for internet backbones or connecting data centers. Fiber is faster and more reliable than traditional copper cables, but it is also more expensive to implement.
-USB is a popular connection type, primarily used for connecting peripheral devices such as keyboards, mice, and storage devices to computers. While USB provides a convenient way of expanding a computer's functionality, it also poses security risks. Using untrusted USB devices can lead to the spread of malware, making it essential to ensure that only trusted devices are connected to your system.
+**Cellular connections**, such as 4G and 5G, allow mobile devices to connect to the internet via wireless cellular networks. These connections offer mobility, enabling internet access from almost anywhere, but their speeds and reliability can vary depending on network coverage.
-## Wireless Connections
+Each connection type plays a specific role, balancing factors like speed, distance, and convenience to meet the varying needs of users and organizations.
-Wi-Fi is the most prevalent wireless connection type, allowing devices to connect to the internet and each other without the need for physical cables. Although Wi-Fi provides greater flexibility and mobility, it introduces additional security risks. To minimize these risks, always use encryption (preferably WPA3 or WPA2), strong passwords, and update your router's firmware regularly.
+Learn more from the following resources:
-## Bluetooth
+- [@article@What is ethernet?](https://www.techtarget.com/searchnetworking/definition/Ethernet)
-
+- [@article@What is WiFi and how does it work?](https://computer.howstuffworks.com/wireless-network.htm)
-Bluetooth is another widely used wireless connection type, primarily designed for short-range communication between devices such as smartphones, speakers, and headsets. While Bluetooth offers convenience, it can also be susceptible to attacks, such as Bluesnarfing and Bluejacking. To mitigate these risks, keep your devices updated, use Bluetooth 4.0 or higher, and disable Bluetooth when not in use.
+- [@article@How bluetooth works](https://electronics.howstuffworks.com/bluetooth.htm)
 ## Network Connections
 A VPN is a secure tunnel that creates a private network connection over a public network (such as the internet) by encrypting data transfers between devices. VPNs help protect sensitive information from being intercepted by unauthorized parties and are especially useful when accessing public Wi-Fi hotspots. Always use trusted VPN providers to ensure your data remains encrypted and private.
 ## Peer-to-Peer (P2P)
 P2P is a decentralized connection type where devices connect directly with each other, without the need for a central server. P2P is commonly used for file-sharing services and can pose significant security risks if utilized without adequate security measures in place. To minimize risks, avoid using untrusted P2P services and refrain from sharing sensitive information on such networks.
 In summary, understanding and managing different connection types is an essential aspect of cyber security. By using secure connections and taking preventive measures, you can reduce the risk of unauthorized access, data breaches, and other malicious activities.
 - [@video@Connection & Service Types Pt. 1](https://youtu.be/TzEMiD2mc-Q)
 - [@video@Connection & Services Types Pt. 2 ](https://youtu.be/4N3M1aKzoyQ)
--- a/src/data/roadmaps/cyber-security/content/containment@l7WnKuR2HTD4Vf9U2TxkK.md
+++ b/src/data/roadmaps/cyber-security/content/containment@l7WnKuR2HTD4Vf9U2TxkK.md
@ -1,26 +1,8 @@
 # Containment
-In the Incident Response Process, containment is the step where the identified threat is controlled to prevent any further damage to the system and organization, while maintaining the integrity of the collected incident data. The primary goal of containment is to limit the attack's scope and prevent any further compromises.
+Containment in cybersecurity refers to the process of limiting the impact of a security incident by isolating affected systems, networks, or data to prevent further spread or damage. When a breach or malware infection is detected, containment strategies are quickly implemented to halt the attack's progress, often by disconnecting compromised systems from the network, blocking malicious traffic, or restricting user access. Containment is a critical step in incident response, allowing security teams to control the situation while they investigate the root cause, assess the extent of the breach, and prepare for remediation. Effective containment minimizes the potential harm to the organization, preserving the integrity of unaffected systems and data.
-## Short-term and Long-term Containment
+Learn more from the following resources:
-There are two main types of containment measures that need to be applied depending on the nature of the incident: short-term and long-term containment.
+- [@article@Microsoft security incident management: Containment, eradication, and recovery](https://learn.microsoft.com/en-us/compliance/assurance/assurance-sim-containment-eradication-recovery)
-
+- [@article@Containment - AWS](https://docs.aws.amazon.com/whitepapers/latest/aws-security-incident-response-guide/containment.html)
 ## Short-term Containment
 These measures are focused on stopping the immediate threat by disconnecting affected systems, blocking harmful IP addresses, or temporarily disabling the vulnerable service. However, these steps might result in the loss of valuable incident data, so it is essential to balance these actions against preserving evidence necessary for further investigation.
 ## Long-term Containment
 Long-term containment focuses on implementing more sustainable solutions to address the root cause of the incident, such as updating security patches, configuring firewalls, and implementing access control measures. These actions are taken to prevent reoccurrence and must be performed in parallel with the recovery phase to ensure a comprehensive Incident Response Process.
 ## Key Steps in Containment
 The following are some key steps that you should follow during the containment phase:
 - **Isolate** - Segregate the affected systems from the rest of the network to stop the spread of the threat.
 - **Preserve Evidence** - Securely capture relevant logs and data for future analysis and investigation.
 - **Implement Temporary Measures** - Take immediate actions to block the attacker and secure the environment while minimizing disruption.
 - **Update Containment Strategy** - Integrate lessons learned from previous incidents and external resources to continuously improve your containment process.
 By properly executing the containment phase of the Incident Response Process, you will be well-prepared to eradicate the root cause of the cyber security threat and recover your affected systems with minimal damage to your organization.
--- a/src/data/roadmaps/cyber-security/content/core-concepts-of-zero-trust@HavEL0u65ZxHt92TfbLzk.md
+++ b/src/data/roadmaps/cyber-security/content/core-concepts-of-zero-trust@HavEL0u65ZxHt92TfbLzk.md
@ -1,31 +1,8 @@
 # Core Concepts of Zero Trust
-_Zero Trust_ is a modern security framework that addresses the ever-evolving threat landscape in the digital world. It emphasizes the idea of "never trust, always verify". This approach requires organizations to abandon the traditional perimeter-based security models and adopt a more comprehensive, holistic approach to protecting their data and assets.
+The core concepts of Zero Trust revolve around the principle of "never trust, always verify," emphasizing the need to continuously validate every user, device, and application attempting to access resources, regardless of their location within or outside the network perimeter. Unlike traditional security models that rely on a strong perimeter defense, Zero Trust assumes that threats could already exist inside the network and that no entity should be trusted by default. Key principles include strict identity verification, least privilege access, micro-segmentation, and continuous monitoring. This approach limits access to resources based on user roles, enforces granular security policies, and continuously monitors for abnormal behavior, ensuring that security is maintained even if one segment of the network is compromised. Zero Trust is designed to protect modern IT environments from evolving threats by focusing on securing data and resources, rather than just the network perimeter.
-## Core Principles
+Learn more from the following resources:
- **Deny trust by default**: Assume all network traffic, both inside and outside the organization, is potentially malicious. Do not trust any user, device, or application just because they are within the network perimeter.
+- [@article@What is a zero trust network?](https://www.cloudflare.com/en-gb/learning/security/glossary/what-is-zero-trust/)
-
+- [@video@Zero trust explained in 4 minutes](https://www.youtube.com/watch?v=yn6CPQ9RioA)
 - **Verify every request**: Authenticate and authorize all requests (even for those from within the network) before granting access to any resource. Ensure that each user, device, or application is properly identified, and their access to resources is appropriate based on their role, rights, and privileges.
 - **Apply least privilege**: Limit users, applications, and devices to the minimum level of access required to perform their functions. This minimizes the risk of unauthorized access, and reduces the potential attack surface.
 - **Segment networks**: Isolate and segregate different parts of the network to limit the potential impact of a breach. If an attacker gains access to one segment, they should not be able to move laterally across the network and access other sensitive data.
 - **Inspect and log all traffic**: Actively monitor, analyze, and log network traffic to identify potential security incidents and perform forensic investigations. This provides valuable insights for security teams to continuously improve their security posture and detect early signs of malicious activities.
 ## Benefits
 - **Reduced attack surface**: Limiting access to sensitive resources and segmenting the network makes it more challenging for attackers to compromise systems and access valuable data.
 - **Enhanced visibility and monitoring**: By continuously inspecting and logging all traffic, security teams can gain unprecedented levels of visibility, helping them identify potential threats and attacks more effectively.
 - **Improved compliance and governance**: Implementing a Zero Trust model reinforces an organization's compliance and governance posture, ensuring access to sensitive data is only granted to authorized users.
 - **Adaptability**: A Zero Trust approach can be applied to a wide range of environments and can be tailored to meet the specific security needs and objectives of an organization.
 By implementing a Zero Trust framework, an organization can strengthen its security posture, safeguard against internal and external threats, and maintain control over their critical assets in an increasingly interconnected world.
 Visit the following resources to learn more:
 - [@video@Zero Trust - Professor Messer](https://www.youtube.com/watch?v=zC_Pndpg8-c)
--- a/src/data/roadmaps/cyber-security/content/crest@rA1skdztev3-8VmAtIlmr.md
+++ b/src/data/roadmaps/cyber-security/content/crest@rA1skdztev3-8VmAtIlmr.md
@ -2,25 +2,7 @@
 CREST is a non-profit, accreditation and certification body that represents the technical information security industry. Established in 2008, its mission is to promote the development and professionalization of the cyber security sector. CREST provides certifications for individuals and accreditations for companies, helping customers find knowledgeable and experienced professionals in the field.
-## CREST Examinations and Certifications
+Learn more from the following resources:
-CREST offers various examinations and certifications, including:
+- [@official@CREST Certifications Website](https://www.crest-approved.org/skills-certifications-careers/crest-certifications/)
-
+- [@video@A brief overview of CREST](https://www.youtube.com/watch?v=Cci5qrv8fHY)
 - **CREST Practitioner Security Analyst (CPSA)**: This is an entry-level certification for individuals looking to demonstrate their knowledge and competence in vulnerability assessment and penetration testing. Passing the CPSA exam is a prerequisite for taking other CREST technical examinations.
 - **CREST Registered Penetration Tester (CRT)**: This certification is aimed at professionals with a solid understanding of infrastructure and web application penetration testing. CRT holders have demonstrated practical skills in identifying and exploiting vulnerabilities in a controlled environment.
 - **CREST Certified Infrastructure Tester (CCIT)** and **CREST Certified Web Application Tester (CCWAT)**: These advanced certifications require candidates to have a deep technical understanding and practical skills in infrastructure or web application testing, respectively. These certifications are intended for experienced professionals who can perform in-depth technical assessments and identify advanced security vulnerabilities.
 - **CREST Certified Simulated Attack Manager (CCSAM)** and **CREST Certified Simulated Attack Specialist (CCSAS)**: These certifications focus on the planning, scoping, and management of simulated attack engagements, or red teaming. They require candidates to have experience in both the technical and managerial aspects of coordinated cyber attacks.
 ## Benefits of CREST Certifications
 Obtaining CREST certifications provides several benefits, such as:
 - Increased credibility and recognition within the cyber security industry
 - Validation of your technical knowledge and expertise
 - Access to resources and support through the CREST community
 - Assurance for employers and clients that you're skilled and trustworthy
 In the rapidly evolving field of cyber security, CREST certifications demonstrate a commitment to continuous learning, growth, and professionalism.
--- a/src/data/roadmaps/cyber-security/content/csf@HjfgaSEZjW9BOXy_Ixzkk.md
+++ b/src/data/roadmaps/cyber-security/content/csf@HjfgaSEZjW9BOXy_Ixzkk.md
@ -1,35 +1,8 @@
-# CSF
+# Cybersecurity Framework (CSF)
 ## Cybersecurity Framework (CSF) Summary
 The Cybersecurity Framework (CSF) is a set of guidelines aimed at helping organizations better protect their critical infrastructure from cyber threats. Developed by the National Institute of Standards and Technology (NIST), this voluntary framework provides a flexible, risk-based approach to managing cybersecurity risks.
-## Key Components of CSF
+Learn more from the following resources:
 CSF comprises three key components:
 - **Core** - Consists of five functions, each representing a high-level cybersecurity activity:
    - Identify: Understand the organization's cybersecurity risks.
    - Protect: Implement safeguards to protect the critical infrastructure.
    - Detect: Identify the occurrence of a potential cybersecurity event.
    - Respond: Develop and implement appropriate actions to address detected cybersecurity events.
    - Recover: Implement plans to restore systems and services after a cybersecurity incident.
 - **Tiers** - Provide context for organizations to consider the robustness of their cybersecurity program:
    - Tier 1: Partial – Minimal cybersecurity risk management practices.
    - Tier 2: Risk Informed – Risk management practices in place, but not consistently applied.
    - Tier 3: Repeatable – Risk management practices are consistent across the organization.
    - Tier 4: Adaptive – Proactive approach to managing cybersecurity risks.
 - **Profiles** - Organizations create profiles to align their cybersecurity activities with their organizational goals, risk tolerance, and resources. A target profile represents desired outcomes, whereas a current profile reflects the current state of cybersecurity programs.
 ## Benefits of Implementing CSF
 - Enhanced understanding of cybersecurity risks and corresponding management strategies within an organization.
 - Improved ability to prioritize cybersecurity investments based on risk assessments.
 - Strengthened communication between different departments and stakeholders regarding cybersecurity expectations and progress.
 - Compliance with industry standards and guidelines, including support for organizations subject to regulatory requirements.
-CSF offers organizations a structured approach to improving their cybersecurity posture. By following this framework, organizations can manage their cybersecurity risks more effectively, create a stronger defense against cyberattacks, and maintain the resilience of their critical infrastructure.
+- [@official@NIST Cybersecurity Framework](https://www.nist.gov/cyberframework)
 - [@video@NIST Cybersecurity Framework Explained](https://www.youtube.com/watch?v=_KXqDNVmpu8)
--- a/src/data/roadmaps/cyber-security/content/csrf@pK2iRArULlK-B3iSVo4-n.md
+++ b/src/data/roadmaps/cyber-security/content/csrf@pK2iRArULlK-B3iSVo4-n.md
@ -0,0 +1,8 @@
 # Cross-Site Request Forgery (CSRF)
 Cross-Site Request Forgery (CSRF) is a type of web security vulnerability that allows an attacker to trick a user into performing actions on a web application without their consent. It occurs when a malicious website or link causes a user’s browser to send unauthorized requests to a different site where the user is authenticated, such as submitting a form or changing account settings. Since the requests are coming from the user’s authenticated session, the web application mistakenly trusts them, allowing the attacker to perform actions like transferring funds, changing passwords, or altering user data. CSRF attacks exploit the trust that a web application has in the user's browser, making it critical for developers to implement countermeasures like CSRF tokens, same-site cookie attributes, and user confirmation prompts to prevent unauthorized actions.
 Learn more from the following resources:
 - [@video@Cross-Site Request Forgery Explained](https://www.youtube.com/watch?v=eWEgUcHPle0)
 - [@article@Cross-Site Request Forgery](https://owasp.org/www-community/attacks/csrf)
--- a/src/data/roadmaps/cyber-security/content/curl@W7iQUCjODGYgE4PjC5TZI.md
+++ b/src/data/roadmaps/cyber-security/content/curl@W7iQUCjODGYgE4PjC5TZI.md
@ -2,62 +2,7 @@
 Curl is a versatile command-line tool primarily used for transferring data using various network protocols. It is widely used in cybersecurity and development for the purpose of testing and interacting with web services, APIs, and scrutinizing web application security. Curl supports various protocols such as HTTP, HTTPS, FTP, SCP, SFTP, and many more.
-**Features of Curl:**
+Learn more from the following resources:
- Provides support for numerous protocols.
+- [@article@What is the cURL command?](https://blog.hubspot.com/website/curl-command)
- Offers SSL/TLS certificates handling and authentication.
+- [@video@You need to know how to use cURL](https://www.youtube.com/watch?v=q2sqkvXzsw8)
 - Customizable HTTP request headers and methods.
 - Proxies and redirections support.
 - IPv6 support.
 ## Common Curl Use Cases in Cybersecurity:
 - **HTTP Requests:**
  Curl can be used to test and troubleshoot web services by making GET or POST requests, specifying headers, or sending data. You can also use it to automate certain tasks.
  GET Request Example:
  ```
  curl https://example.com
  ```
  POST Request Example:
  ```
  curl -X POST -d "data=sample" https://example.com
  ```
 - **HTTPS with SSL/TLS:**
  Curl can be utilized to verify and test SSL/TLS configurations and certificates for web services.
  Test a site's SSL/TLS configuration:
  ```
  curl -Iv https://example.com
  ```
 - **File Transfers:**
  Curl can be used for transferring files using protocols like FTP, SCP, and SFTP.
  FTP Example:
  ```
  curl -u username:password ftp://example.com/path/to/file
  ```
 - **Web Application Testing:**
  Curl can help you find vulnerabilities in web applications by sending customized HTTP requests, injecting payloads or exploiting their features.
  Send Cookie Example:
  ```
  curl -H "Cookie: session=12345" https://example.com
  ```
  Detect Server Software Example:
  ```
  curl -I https://example.com
  ```
 Curl is a powerful tool in the arsenal of anyone working in cybersecurity. Understanding and mastering its usage can greatly enhance your capabilities when dealing with various network protocols, web services, and web applications.
--- a/src/data/roadmaps/cyber-security/content/cyber-kill-chain@H38Vb7xvuBJXVzgPBdRdT.md
+++ b/src/data/roadmaps/cyber-security/content/cyber-kill-chain@H38Vb7xvuBJXVzgPBdRdT.md
@ -12,6 +12,7 @@ The concept is based on a military model, where the term "kill chain" represents
 - **Command and Control (C2)**: The attacker establishes a communication channel with the infected system, allowing them to remotely control the malware and conduct further actions.
 - **Actions on Objectives**: In this final phase, the attacker achieves their goal, which may involve stealing sensitive data, compromising systems, or disrupting services.
-Understanding and analyzing the Cyber Kill Chain helps organizations and individuals take a more proactive approach to cybersecurity. By recognizing the signs of an attack at each stage, appropriate countermeasures can be employed to either prevent or minimize the damage from the attack.
+Learn more from the following resources:
-By staying informed and diligently employing security best practices, you can effectively protect your digital assets and contribute to a safer cyberspace.
+- [@official@Cyber Kill Chain](https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html)
 - [@video@Learn the Cyber Kill Chain](https://www.youtube.com/watch?v=oCUrkc_0tmw)
--- a/src/data/roadmaps/cyber-security/content/dd@9xbU_hrEOUtMm-Q09Fe6t.md
+++ b/src/data/roadmaps/cyber-security/content/dd@9xbU_hrEOUtMm-Q09Fe6t.md
@ -4,40 +4,7 @@
 This command-line utility is available on Unix-based systems such as Linux, BSD, and macOS. It can perform tasks like data duplication, data conversion, and error correction. Most importantly, it's an invaluable tool for obtaining a bit-by-bit copy of a disk or file, which can then be analyzed using forensic tools.
-## Use Cases:
+Learn more from the following resources:
-Some of the common use cases of `dd` in cybersecurity include:
+- [@video@How to use the dd command in Linux](https://www.youtube.com/watch?v=hsDxcJhCRLI)
-
+- [@article@When and how to use the dd command](https://www.baeldung.com/linux/dd-command)
 - Creating an exact copy of a disk or file for forensic analysis.
 - Retrieving deleted files from a disk image.
 - Performing data recovery on damaged disks.
 - Copying data between devices or files quickly and reliably.
 ## General Syntax:
 ```
 dd if=<input-file> of=<output-file> bs=<block-size> count=<number-of-blocks> skip=<blocks-to-skip> seek=<blocks-to-seek>
 ```
 - `if`: The input file or device to read from.
 - `of`: The output file or device to write to.
 - `bs`: The number of bytes to read and write at a time.
 - `count`: The number of blocks to copy.
 - `skip`: The number of input blocks to skip before starting to copy.
 - `seek`: The number of output blocks to skip before starting to copy.
 You can simply skip the `count`, `skip`, and `seek` option for default behaviour.
 ## Example:
 Let's say you need to create a forensically sound image of a suspect's USB drive for analysis. You would typically use a command like this:
 ```bash
 dd if=/dev/sdb1 of=~/usb_drive_image.img bs=4096
 ```
 In this example, `dd` creates an exact image of the USB drive (`/dev/sdb1`) and writes it to a new file in your home directory called `usb_drive_image.img`.
 Be cautious while using `dd` as it can overwrite and destroy data if used incorrectly. Always verify the input and output files and make sure to have backups of important data.
 By mastering the `dd` utility, you'll have a powerful forensic imaging tool at your disposal which will undoubtedly enhance your cybersecurity incident response and discovery capabilities.
--- a/src/data/roadmaps/cyber-security/content/default-gateway@5rKaFtjYx0n2iF8uTLs8X.md
+++ b/src/data/roadmaps/cyber-security/content/default-gateway@5rKaFtjYx0n2iF8uTLs8X.md
@ -1,25 +1,8 @@
 # default gateway
-In our journey through IP terminology, we now arrive at the topic of **Default Gateway**. Understanding the role and importance of the default gateway in a network is crucial for grasping the fundamentals of cyber security and data routing.
+A default gateway is a network node, typically a router or a firewall, that serves as the access point or intermediary between a local network and external networks, such as the internet. When a device on a local network needs to communicate with a device outside its own subnet—such as accessing a website or sending an email—it sends the data to the default gateway, which then routes it to the appropriate external destination. The default gateway acts as a traffic director, ensuring that data packets are correctly forwarded between the internal network and external networks, making it a crucial component for enabling communication beyond the local network's boundaries.
-## Overview
+Learn more from the following resources:
-The default gateway is basically a device (usually a router) on a network which serves as an access point for data traffic to travel from the local network to other networks, such as the internet. This device acts as a "middleman" between your computer and external networks, and is often set up by your internet service provider (ISP) or during the configuration of your own router.
+- [@article@What is a default gateway?](https://nordvpn.com/blog/what-is-a-default-gateway/?srsltid=AfmBOoosi5g4acnT9Gv_B86FMGr72hWDhk8J-4jr1HvxPCSu96FikCyw)
-
+- [@video@Routers and Default Gateways](https://www.youtube.com/watch?v=JOomC1wFrbU)
 ## Role in Networks
 In a nutshell, the default gateway plays the following roles:
 - **Packet Routing**: It directs the network packets from your local computer or device to their ultimate destination. When a packet with a destination IP address is not on the same network as the source device, the default gateway routes the packet to the appropriate external network.
 - **Address Resolution Protocol (ARP)**: The default gateway obtains the physical address (MAC address) of a computer that is located on another network by using ARP.
 - **Protection**: In many cases, the default gateway also serves as a layer of network protection by restricting access to certain external networks, as well as regulating traffic from the internet.
 ## Configuration
 To benefit from the services of a default gateway, your device needs to be properly configured. Most devices and operating systems obtain their network settings (including the default gateway address) automatically using DHCP. But you can also configure network settings manually if needed.
 **Note**: Each device connected to a network must have a unique IP address. Also, remember that devices on the same network should use the same default gateway address.
 In conclusion, recognizing the significance of the default gateway and having a working knowledge of how it functions is an essential part of IP terminology, affecting both cyber security and efficient data routing. Continuing your education on the subject will better equip you to take advantage of your devices' networking features, as well as protect your valuable data from potential cyber threats.
--- a/src/data/roadmaps/cyber-security/content/dhcp@R5HEeh6jwpQDo27rz1KSH.md
+++ b/src/data/roadmaps/cyber-security/content/dhcp@R5HEeh6jwpQDo27rz1KSH.md
@ -1,23 +1,8 @@
-# DHCP
+# Dynamic Host Configuration Protocol (DHCP)
-**Dynamic Host Configuration Protocol (DHCP)** is a network protocol that enables automatic assignment of IP addresses to devices on a network. It is an essential component of IP networking and aims to simplify the process of configuring devices to communicate over an IP-based network.
+The Dynamic Host Configuration Protocol (DHCP) is a network management protocol used to automatically assign IP addresses and other network configuration details, such as subnet masks, default gateways, and DNS servers, to devices on a network. When a device, such as a computer or smartphone, connects to a network, it sends a request to the DHCP server, which then dynamically assigns an available IP address from a defined range and provides the necessary configuration information. This process simplifies network management by eliminating the need for manual IP address assignment and reduces the risk of IP conflicts, ensuring that devices can seamlessly join the network and communicate with other devices and services.
-## Key Features of DHCP
+Learn more from the following resources:
- **Automatic IP Address Assignment**: DHCP eliminates the need for manual IP address assignment by automatically providing devices with the necessary IP addresses, reducing the risk of duplicate addressing.
+- [@video@What is DHCP and how does it work?](https://www.youtube.com/watch?v=ldtUSSZJCGg)
- **Network Configuration**: In addition to IP addresses, DHCP can also provide other essential network information such as subnet mask, default gateway, and DNS server information.
+- [@article@Dynamic Host Configuration Protocol (DHCP)](https://learn.microsoft.com/en-us/windows-server/networking/technologies/dhcp/dhcp-top)
 - **IP Address Reuse**: When a device leaves the network or no longer needs an IP address, DHCP allows the address to be reused and assigned to a different device.
 - **Lease Duration**: DHCP assigns IP addresses for a specific period called a "lease." After a lease expires, the device must request a new IP address or get its current address renewed.
 ## How DHCP Works
 The DHCP process consists of four main steps:
 - **DHCP Discover**: A device (client) looking to join a network sends a broadcast message known as a "DHCP Discover" message to locate a DHCP server.
 - **DHCP Offer**: Upon receiving the "DHCP Discover" broadcast, the DHCP server responds with a unicast "DHCP Offer" message containing the necessary network configuration information (e.g., IP address) for the client.
 - **DHCP Request**: The client receives the offer and sends back a "DHCP Request" message to confirm the IP address assignment and other network information.
 - **DHCP Acknowledgment (ACK)**: Finally, the DHCP server sends an "ACK" message confirming the successful assignment of IP address and network settings. The client can now use the allocated IP address to communicate over the network.
 ## Importance in Cyber Security
 Understanding DHCP is crucial for network professionals and cyber security experts as it can be a potential attack vector. Adversaries can exploit DHCP by setting up rogue DHCP servers on the network, conducting man-in-the-middle attacks or even conducting denial-of-service attacks. Consequently, securing DHCP servers, monitoring network traffic for anomalies, and employing strong authentication and authorization methods are essential practices for maintaining network security.
--- a/src/data/roadmaps/cyber-security/content/dhcp@T4312p70FqRBkzVfWKMaR.md
+++ b/src/data/roadmaps/cyber-security/content/dhcp@T4312p70FqRBkzVfWKMaR.md
@ -1,23 +1,8 @@
-# DHCP
+# Dynamic Host Configuration Protocol (DHCP)
-**Dynamic Host Configuration Protocol (DHCP)** is a network protocol that enables automatic assignment of IP addresses to devices on a network. It is an essential component of IP networking and aims to simplify the process of configuring devices to communicate over an IP-based network.
+The Dynamic Host Configuration Protocol (DHCP) is a network management protocol used to automatically assign IP addresses and other network configuration details, such as subnet masks, default gateways, and DNS servers, to devices on a network. When a device, such as a computer or smartphone, connects to a network, it sends a request to the DHCP server, which then dynamically assigns an available IP address from a defined range and provides the necessary configuration information. This process simplifies network management by eliminating the need for manual IP address assignment and reduces the risk of IP conflicts, ensuring that devices can seamlessly join the network and communicate with other devices and services.
-## Key Features of DHCP
+Learn more from the following resources:
- **Automatic IP Address Assignment**: DHCP eliminates the need for manual IP address assignment by automatically providing devices with the necessary IP addresses, reducing the risk of duplicate addressing.
+- [@video@What is DHCP and how does it work?](https://www.youtube.com/watch?v=ldtUSSZJCGg)
- **Network Configuration**: In addition to IP addresses, DHCP can also provide other essential network information such as subnet mask, default gateway, and DNS server information.
+- [@article@Dynamic Host Configuration Protocol (DHCP)](https://learn.microsoft.com/en-us/windows-server/networking/technologies/dhcp/dhcp-top)
 - **IP Address Reuse**: When a device leaves the network or no longer needs an IP address, DHCP allows the address to be reused and assigned to a different device.
 - **Lease Duration**: DHCP assigns IP addresses for a specific period called a "lease." After a lease expires, the device must request a new IP address or get its current address renewed.
 ## How DHCP Works
 The DHCP process consists of four main steps:
 - **DHCP Discover**: A device (client) looking to join a network sends a broadcast message known as a "DHCP Discover" message to locate a DHCP server.
 - **DHCP Offer**: Upon receiving the "DHCP Discover" broadcast, the DHCP server responds with a unicast "DHCP Offer" message containing the necessary network configuration information (e.g., IP address) for the client.
 - **DHCP Request**: The client receives the offer and sends back a "DHCP Request" message to confirm the IP address assignment and other network information.
 - **DHCP Acknowledgment (ACK)**: Finally, the DHCP server sends an "ACK" message confirming the successful assignment of IP address and network settings. The client can now use the allocated IP address to communicate over the network.
 ## Importance in Cyber Security
 Understanding DHCP is crucial for network professionals and cyber security experts as it can be a potential attack vector. Adversaries can exploit DHCP by setting up rogue DHCP servers on the network, conducting man-in-the-middle attacks or even conducting denial-of-service attacks. Consequently, securing DHCP servers, monitoring network traffic for anomalies, and employing strong authentication and authorization methods are essential practices for maintaining network security.
--- a/src/data/roadmaps/cyber-security/content/diamond-model@AY-hoPGnAZSd1ExaYX8LR.md
+++ b/src/data/roadmaps/cyber-security/content/diamond-model@AY-hoPGnAZSd1ExaYX8LR.md
@ -0,0 +1,8 @@
 # Diamond Model
 The Diamond Model is a cybersecurity framework used for analyzing and understanding cyber threats by breaking down an attack into four core components: Adversary, Infrastructure, Capability, and Victim. The Adversary represents the entity behind the attack, the Infrastructure refers to the systems and resources used by the attacker (such as command and control servers), the Capability denotes the tools or malware employed, and the Victim is the target of the attack. The model emphasizes the relationships between these components, helping analysts to identify patterns, track adversary behavior, and understand the broader context of cyber threats. By visualizing and connecting these elements, the Diamond Model aids in developing more effective detection, mitigation, and response strategies.
 Learn more from the following resources:
 - [@article@The Diamond Model: Simple Intelligence-Driven Intrusion Analysis](https://kravensecurity.com/diamond-model-analysis/)
 - [@video@The Diamond Model for Intrusion Detection](https://www.youtube.com/watch?v=3AOKomsmeUY)
--- a/src/data/roadmaps/cyber-security/content/different-versions-and-differences@yXOGqlufAZ69uiBzKFfh6.md
+++ b/src/data/roadmaps/cyber-security/content/different-versions-and-differences@yXOGqlufAZ69uiBzKFfh6.md
@ -22,4 +22,5 @@ When we talk about differences in the context of cybersecurity, they can refer t
 - **Threat Differences**: Various types of cyber threats exist (e.g., malware, phishing, denial-of-service attacks), and it is crucial to understand their differences in order to implement the most effective countermeasures.
-To sum up, keeping up with different versions of software and understanding the differences between technologies and threats are vital steps in maintaining a strong cyber security posture. Always update your software to the latest version, and continuously educate yourself on emerging threats and technologies to stay one step ahead of potential cyber attacks.
+Learn more from the following resources:
--- a/src/data/roadmaps/cyber-security/content/dig@D2YYv1iTRGken75sHO0Gt.md
+++ b/src/data/roadmaps/cyber-security/content/dig@D2YYv1iTRGken75sHO0Gt.md
@ -2,37 +2,7 @@
 `dig`, short for the Domain Information Groper, is a powerful and flexible command-line tool used to perform DNS queries and obtain valuable information about domains, IPs, and DNS records. This utility, available on UNIX-based systems like Linux and macOS, provides an essential function to help diagnose and resolve various issues related to domain name resolution and network connectivity. It is highly useful for network administrators and cybersecurity professionals when troubleshooting DNS-related problems.
-## Features
+Learn more from the following resources:
- **DNS Querying**: `dig` can retrieve various types of DNS records such as A, AAAA, MX, NS, CNAME, and many others.
+- [@video@How to look up DNS records with dig](https://www.youtube.com/watch?v=3AOKomsmeUY)
- **Flexibility**: With various command-line options, `dig` allows users to customize their queries easily.
+- [@article@How to use Linux dig command](https://www.google.com/search?client=firefox-b-d&q=linux+dig+command)
 - **User-friendly Formatting**: `dig` provides readable and straightforward responses, simplifying the interpretation of DNS records and related information.
 - **Batch Mode**: The tool enables users to perform multiple DNS queries in a batch file, increasing efficiency.
 ## Basic Usage
 Here's a basic example of how to use `dig` to perform a DNS query:
 ```
 dig example.com
 ```
 This command will return the A (IPv4) record for `example.com`.
 To perform a specific type of DNS query, such as fetching an AAAA (IPv6) record, use the following command:
 ```
 dig example.com AAAA
 ```
 ## Common Options
 Some common options to use with `dig` include:
 - `+short`: Condenses the output, providing only essential information.
 - `-t`: Specifies the type of DNS record to query (e.g., `A`, `AAAA`, `MX`, `NS`, etc.).
 - `+tcp`: Forces `dig` to use TCP instead of the default UDP for the DNS query.
 ## Conclusion
 In summary, `dig` is a valuable command-line tool for performing DNS queries and troubleshooting domain name resolution problems. Its power and flexibility make it an essential tool for any network administrator or cybersecurity professional.
--- a/src/data/roadmaps/cyber-security/content/dig@XyaWZZ45axJMKXoWwsyFj.md
+++ b/src/data/roadmaps/cyber-security/content/dig@XyaWZZ45axJMKXoWwsyFj.md
@ -1,107 +1,8 @@
 # dig
-Dig, short for Domain Information Groper, is a command-line tool used to query Domain Name System (DNS) servers to obtain valuable information about DNS records. Dig is available on most Unix-based systems, including Linux and macOS, and can also be installed on Windows.
+`dig`, short for the Domain Information Groper, is a powerful and flexible command-line tool used to perform DNS queries and obtain valuable information about domains, IPs, and DNS records. This utility, available on UNIX-based systems like Linux and macOS, provides an essential function to help diagnose and resolve various issues related to domain name resolution and network connectivity. It is highly useful for network administrators and cybersecurity professionals when troubleshooting DNS-related problems.
-As part of your incident response toolkit, dig helps you to discover essential domain details such as domain's IP addresses, mail server details, name servers, and more. This can be crucial when tracking down a cyberattack or monitoring the DNS health of your own organization.
+Learn more from the following resources:
-## Installation
+- [@video@How to look up DNS records with dig](https://www.youtube.com/watch?v=3AOKomsmeUY)
-
+- [@article@How to use Linux dig command](https://www.google.com/search?client=firefox-b-d&q=linux+dig+command)
 For Linux and macOS systems, dig is usually pre-installed as part of the BIND (Berkeley Internet Name Domain) package. To check if dig is installed, execute the following command:
 ```
 dig -v
 ```
 If the command is not found, install it using your system's package manager:
 - For Debian-based systems (Debian, Ubuntu, etc.):
  ```
  sudo apt-get install dnsutils
  ```
 - For Red Hat-based systems (RHEL, CentOS, Fedora, etc.):
  ```
  sudo yum install bind-utils
  ```
 - For macOS:
  ```
  brew install bind
  ```
 - For Windows, download the BIND package from the [official website](https://www.isc.org/download/) and follow the installation instructions.
 ## Basic Usage
 The basic syntax for using dig is:
 ```
 dig [options] [name] [record type]
 ```
 Where `options` can be various command-line flags, `name` is the domain name you want to query, and `record type` is the type of DNS record you want to fetch (e.g., A, MX, NS, TXT, etc.).
 Here are a few examples:
 - To query the IP addresses (A records) of example.com:
  ```
  dig example.com A
  ```
 - To query the mail servers (MX records) of example.com:
  ```
  dig example.com MX
  ```
 - To query the name servers (NS records) of example.com:
  ```
  dig example.com NS
  ```
 By default, dig queries your system's configured DNS servers, but you can also specify a custom DNS server as follows:
 ```
 dig @8.8.8.8 example.com A
 ```
 Where `8.8.8.8` is the IP address of the custom DNS server (e.g., Google's Public DNS).
 ## Advanced Usage
 Dig offers a variety of options for specifying query behavior, controlling output, and troubleshooting DNS issues.
 - To display only the answer section of the response:
  ```
  dig example.com A +short
  ```
 - To control the number of retries and timeout:
  ```
  dig example.com A +tries=2 +time=1
  ```
 - To query a specific DNSSEC (DNS Security Extensions) record:
  ```
  dig example.com DNSKEY
  ```
 - To show traceroute-like output for following the DNS delegation path:
  ```
  dig example.com A +trace
  ```
 For a comprehensive list of options, consult the [dig man page](https://manpages.debian.org/stretch/dnsutils/dig.1.en.html) and the [official BIND documentation](https://bind9.readthedocs.io/en/latest/reference.html#dig).
 ## Conclusion
 Dig is a powerful and flexible tool for querying DNS information, making it an essential part of any cyber security professional's toolkit. Whether you're investigating a breach, monitoring domain health, or troubleshooting DNS issues, dig can help you discover critical information about domain names and their associated records.
--- a/src/data/roadmaps/cyber-security/content/dmz@gfpvDQz61I3zTB7tGu7vp.md
+++ b/src/data/roadmaps/cyber-security/content/dmz@gfpvDQz61I3zTB7tGu7vp.md
@ -2,21 +2,7 @@
 A **DMZ**, also known as a **Demilitarized Zone**, is a specific part of a network that functions as a buffer or separation between an organization's internal, trusted network and the external, untrusted networks like the internet. The primary purpose of a DMZ is to isolate critical systems and data from the potentially hostile external environment and provide an extra layer of security.
-## Purpose of DMZ
+Learn more from the following resources:
- **Security**: By segregating critical systems, a DMZ reduces the risk of unauthorized access and potential damage from external threats. This is achieved by implementing strong access controls, firewalls, and intrusion detection and prevention systems (IDS/IPS) to monitor and filter traffic between the DMZ and internal networks.
+- [@article@What is a DMZ network?](https://www.fortinet.com/resources/cyberglossary/what-is-dmz)
- **Content Filtering**: It enables organizations to place publicly accessible servers (e.g., web and email servers) within the DMZ without exposing the entire internal network to potential attacks. This ensures that only authorized traffic is allowed to pass through.
+- [@video@DMZ explained](https://www.youtube.com/watch?v=48QZfBeU4ps)
 - **Ease of Management**: DMZ aids in simplifying security management processes as it provides a centralized location for implementing, auditing, and monitoring security policies, rules, and configurations for public-facing resources.
 ## Components of DMZ
 The key components in a DMZ include:
 - **Firewalls**: These devices are used to control and manage traffic between the DMZ, internal, and external networks. They can be configured to allow, deny, or restrict access based on pre-defined security policies and rules.
 - **Proxies**: Proxy servers act as intermediaries between the internal network and the internet. They help to screen and filter incoming and outgoing web traffic, providing an additional layer of security.
 - **Intrusion Detection and Prevention Systems (IDS/IPS)**: These tools continuously monitor and analyze network traffic, looking for signs of unauthorized access or malicious activities, and automatically take appropriate actions to mitigate threats.
 - **Public-Facing Servers**: These are the servers hosted within the DMZ, designed to serve content and resources to external users. They are typically configured with additional security measures to further reduce the risk of compromise.
 As the author of this guide, I hope this brief summary about DMZ helps you enhance your understanding of cyber security terminologies and their importance in protecting organizations' networks and data. Keep reading for more insights!
 - [@video@What is DMZ? (Demilitarized Zone)](https://www.youtube.com/watch?v=dqlzQXo1wqo)
--- a/src/data/roadmaps/cyber-security/content/dns@ORIdKG8H97VkBUYpiDtXf.md
+++ b/src/data/roadmaps/cyber-security/content/dns@ORIdKG8H97VkBUYpiDtXf.md
@ -1,27 +1,9 @@
-# DNS
+# Domain Name System (DNS)
-**DNS** is a key component in the internet infrastructure that translates human-friendly domain names (e.g., `www.example.com`) into IP addresses (e.g., `192.0.2.44`). This translation process enables us to easily connect to websites and other online resources without having to remember complex numeric IP addresses.
+The Domain Name System (DNS) is a fundamental protocol of the internet that translates human-readable domain names, like `www.example.com`, into IP addresses, such as `192.0.2.1`, which are used by computers to locate and communicate with each other. Essentially, DNS acts as the internet's phonebook, enabling users to access websites and services without needing to memorize numerical IP addresses. When a user types a domain name into a browser, a DNS query is sent to a DNS server, which then resolves the domain into its corresponding IP address, allowing the browser to connect to the appropriate server. DNS is crucial for the functionality of the internet, as it underpins virtually all online activities by ensuring that requests are routed to the correct destinations.
-The DNS operates as a distributed and hierarchical system which involves the following components:
+Learn more from the following resources:
- **DNS Resolver**: Your device's initial contact point with the DNS infrastructure, often provided by your Internet Service Provider (ISP) or a third-party service like Google Public DNS.
+- [@video@DNS Explained in 100 Seconds](https://www.youtube.com/watch?v=UVR9lhUGAyU)
-
+- [@video@What is DNS?](https://www.youtube.com/watch?v=nyH0nYhMW9M)
- **Root Servers**: The authoritative servers on the top of the DNS hierarchy that guide DNS queries to the appropriate Top-Level Domain (TLD) servers.
+- [@article@What is DNS?](https://www.cloudflare.com/en-gb/learning/dns/what-is-dns/)
 - **TLD Servers**: These servers manage the allocation of domain names for top-level domains, such as `.com`, `.org`, etc.
 - **Authoritative Name Servers**: These are the servers responsible for storing the DNS records pertaining to a specific domain (e.g., `example.com`).
 Some common DNS record types you might encounter include:
 - **A (Address) Record**: Maps a domain name to an IPv4 address.
 - **AAAA (Address) Record**: Maps a domain name to an IPv6 address.
 - **CNAME (Canonical Name) Record**: Maps an alias domain name to a canonical domain name.
 - **MX (Mail Exchange) Record**: Specifies the mail servers responsible for handling email for the domain.
 - **TXT (Text) Record**: Contains human-readable or machine-readable text, often used for verification purposes or providing additional information about a domain.
 As an essential part of the internet, the security and integrity of the DNS infrastructure are crucial. However, it's vulnerable to various types of cyber attacks, such as DNS cache poisoning, Distributed Denial of Service (DDoS) attacks, and DNS hijacking. Proper DNS security measures, such as DNSSEC (DNS Security Extensions) and monitoring unusual DNS traffic patterns, can help mitigate risks associated with these attacks.
 - [@article@DNS in detail (TryHackMe)](https://tryhackme.com/room/dnsindetail)
 - [@video@DNS Explained in 100 Seconds (YouTube)](https://www.youtube.com/watch?v=UVR9lhUGAyU)
 - [@feed@Explore top posts about DNS](https://app.daily.dev/tags/dns?ref=roadmapsh)
--- a/src/data/roadmaps/cyber-security/content/dns@r1IKvhpwg2umazLGlQZL1.md
+++ b/src/data/roadmaps/cyber-security/content/dns@r1IKvhpwg2umazLGlQZL1.md
@ -1,27 +1,9 @@
-# DNS
+# Domain Name System (DNS)
-**DNS** is a key component in the internet infrastructure that translates human-friendly domain names (e.g., `www.example.com`) into IP addresses (e.g., `192.0.2.44`). This translation process enables us to easily connect to websites and other online resources without having to remember complex numeric IP addresses.
+The Domain Name System (DNS) is a fundamental protocol of the internet that translates human-readable domain names, like `www.example.com`, into IP addresses, such as `192.0.2.1`, which are used by computers to locate and communicate with each other. Essentially, DNS acts as the internet's phonebook, enabling users to access websites and services without needing to memorize numerical IP addresses. When a user types a domain name into a browser, a DNS query is sent to a DNS server, which then resolves the domain into its corresponding IP address, allowing the browser to connect to the appropriate server. DNS is crucial for the functionality of the internet, as it underpins virtually all online activities by ensuring that requests are routed to the correct destinations.
-The DNS operates as a distributed and hierarchical system which involves the following components:
+Learn more from the following resources:
- **DNS Resolver**: Your device's initial contact point with the DNS infrastructure, often provided by your Internet Service Provider (ISP) or a third-party service like Google Public DNS.
+- [@video@DNS Explained in 100 Seconds](https://www.youtube.com/watch?v=UVR9lhUGAyU)
-
+- [@video@What is DNS?](https://www.youtube.com/watch?v=nyH0nYhMW9M)
- **Root Servers**: The authoritative servers on the top of the DNS hierarchy that guide DNS queries to the appropriate Top-Level Domain (TLD) servers.
+- [@article@What is DNS?](https://www.cloudflare.com/en-gb/learning/dns/what-is-dns/)
 - **TLD Servers**: These servers manage the allocation of domain names for top-level domains, such as `.com`, `.org`, etc.
 - **Authoritative Name Servers**: These are the servers responsible for storing the DNS records pertaining to a specific domain (e.g., `example.com`).
 Some common DNS record types you might encounter include:
 - **A (Address) Record**: Maps a domain name to an IPv4 address.
 - **AAAA (Address) Record**: Maps a domain name to an IPv6 address.
 - **CNAME (Canonical Name) Record**: Maps an alias domain name to a canonical domain name.
 - **MX (Mail Exchange) Record**: Specifies the mail servers responsible for handling email for the domain.
 - **TXT (Text) Record**: Contains human-readable or machine-readable text, often used for verification purposes or providing additional information about a domain.
 As an essential part of the internet, the security and integrity of the DNS infrastructure are crucial. However, it's vulnerable to various types of cyber attacks, such as DNS cache poisoning, Distributed Denial of Service (DDoS) attacks, and DNS hijacking. Proper DNS security measures, such as DNSSEC (DNS Security Extensions) and monitoring unusual DNS traffic patterns, can help mitigate risks associated with these attacks.
 - [@article@DNS in detail (TryHackMe)](https://tryhackme.com/room/dnsindetail)
 - [@video@DNS Explained in 100 Seconds (YouTube)](https://www.youtube.com/watch?v=UVR9lhUGAyU)
 - [@feed@Explore top posts about DNS](https://app.daily.dev/tags/dns?ref=roadmapsh)
--- a/src/data/roadmaps/cyber-security/content/dnssec@LLGXONul7JfZGUahnK0AZ.md
+++ b/src/data/roadmaps/cyber-security/content/dnssec@LLGXONul7JfZGUahnK0AZ.md
@ -1,24 +1,8 @@
-# DNSSEC
+# DNS Security Extensions (DNSSEC)
-DNS Security Extensions (DNSSEC) is a protocol designed to address security vulnerabilities in the Domain Name System (DNS). Here are the key points:
+DNS Security Extensions (DNSSEC) is a suite of protocols designed to add a layer of security to the Domain Name System (DNS) by enabling DNS responses to be authenticated. While DNS itself resolves domain names into IP addresses, it does not inherently verify the authenticity of the responses, leaving it vulnerable to attacks like cache poisoning, where an attacker injects malicious data into a DNS resolver’s cache. DNSSEC addresses this by using digital signatures to ensure that the data received is exactly what was intended by the domain owner and has not been tampered with during transit. When a DNS resolver requests information, DNSSEC-enabled servers respond with both the requested data and a corresponding digital signature. The resolver can then verify this signature using a chain of trust, ensuring the integrity and authenticity of the DNS response. By protecting against forged DNS data, DNSSEC plays a critical role in enhancing the security of internet communications.
 - **Digital Signatures:**
 DNSSEC protects against attacks by digitally signing DNS data. These signatures ensure data validity and prevent tampering.
 - **Hierarchical Signing:**
 DNSSEC signs data at every level of the DNS lookup process. For instance, when looking up ‘google.com,’ the root DNS server signs a key for the .COM nameserver, which then signs a key for google.com’s authoritative nameserver.
 - **Backwards Compatibility:**
 DNSSEC doesn’t disrupt traditional DNS lookups; it adds security without breaking existing functionality. It complements other security measures like SSL/TLS.
 - **Chain of Trust:**
 DNSSEC establishes a parent-child trust chain from the root zone down to specific domains.
 Any compromise in this chain exposes requests to on-path attacks.
 Learn more from the following resources:
- [@article@DNSSEC: What Is It and Why Is It Important? - ICANN](https://www.icann.org/resources/pages/dnssec-what-is-it-why-important-2019-03-05-en)
+- [@article@How DNSSEC works](https://www.cloudflare.com/en-gb/dns/dnssec/how-dnssec-works/)
- [@article@How DNSSEC Works - Cloudflare](https://www.cloudflare.com/dns/dnssec/how-dnssec-works/)
+- [@video@What is DNSSEC?](https://www.youtube.com/watch?v=Fk2oejzgSVQ)
 - [@article@What is DNS security? - Cloudflare](https://www.cloudflare.com/learning/dns/dns-security/)
 - [@video@What is DNSSEC? - IBM](https://www.youtube.com/watch?v=Fk2oejzgSVQ)
 - [@video@(DNS) 101 Miniseries](https://www.youtube.com/playlist?list=PLTk5ZYSbd9MhMmOiPhfRJNW7bhxHo4q-K)
--- a/src/data/roadmaps/cyber-security/content/dos-vs-ddos@IF5H0ZJ72XnqXti3jRWYF.md
+++ b/src/data/roadmaps/cyber-security/content/dos-vs-ddos@IF5H0ZJ72XnqXti3jRWYF.md
@ -0,0 +1,9 @@
 # Denial of Service (DoS) vs Distributed Denial of Service (DDoS)
 Denial of Service (DoS) and Distributed Denial of Service (DDoS) are both types of cyber attacks aimed at disrupting the normal functioning of a targeted service, typically a website or network. A DoS attack involves a single source overwhelming a system with a flood of requests or malicious data, exhausting its resources and making it unavailable to legitimate users. In contrast, a DDoS attack amplifies this disruption by using multiple compromised devices, often forming a botnet, to launch a coordinated attack from numerous sources simultaneously. This distributed nature makes DDoS attacks more challenging to mitigate, as the traffic comes from many different locations, making it harder to identify and block the malicious traffic. Both types of attacks can cause significant downtime, financial loss, and reputational damage to the targeted organization.
 Learn more from the following resources:
 - [@video@What is Denial-of-Service attack?](https://www.youtube.com/watch?v=Z7xG3b0aL_I)
 - [@video@What is a DDoS attack?](https://www.youtube.com/watch?v=z503nLsfe5s)
 - [@article@DoS vs DDoS](https://www.fortinet.com/resources/cyberglossary/dos-vs-ddos)
--- a/src/data/roadmaps/cyber-security/content/drive-by-attack@cO70zHvHgBAH29khF-hBW.md
+++ b/src/data/roadmaps/cyber-security/content/drive-by-attack@cO70zHvHgBAH29khF-hBW.md
@ -5,3 +5,4 @@ Drive-by Attack is a type of cyberattack where malicious code is automatically d
 Visit the following resources to learn more:
 - [@article@What is a Drive-By Attack?](https://www.ericom.com/glossary/what-is-a-drive-by-attack/)
 - [@video@Drive-By Download attack](https://www.youtube.com/watch?v=xL4DyblbnKg)
--- a/src/data/roadmaps/cyber-security/content/dropbox@9OastXVfiG1YRMm68ecnn.md
+++ b/src/data/roadmaps/cyber-security/content/dropbox@9OastXVfiG1YRMm68ecnn.md
@ -2,41 +2,6 @@
 Dropbox is a widely used cloud storage service that allows you to store, access, and share files, documents, and media with ease across various devices. Launched in 2007, Dropbox has become one of the most popular cloud storage solutions, catering to both individual users and businesses. The service is available on multiple platforms, including Windows, macOS, Linux, iOS, and Android.
-## Key features
+Learn more from the following resources:
- **File synchronization**: Sync the same files across all your devices and have instant access to updated files from anywhere.
+- [@official@Dropbox Website](https://dropbox.com)
 - **File sharing**: Easily share files or folders by sending a link or inviting other users to a shared folder.
 - **Collaboration**: Dropbox allows real-time collaboration on documents with multiple users using integrations with other tools like Google Workspace and Microsoft Office 365.
 - **Version history**: Retrieve previous versions of a file for up to 30 days, allowing you to recover deleted files or reverse changes.
 ## Plans and pricing
 Dropbox offers various plans for individual users and businesses with different storage capacities and features:
 - **Basic**: Free plan with 2 GB storage and core features like file synchronization and sharing.
 - **Plus**: Priced at $9.99/month for 2 TB storage, additional features like Smart Sync, remote device wipe, and a longer (30-day) version history.
 - **Professional**: Priced at $19.99/month for 3 TB storage and added features like advanced sharing controls and full-text search.
 - **Business plans**: Starting from $12.50/user/month for a minimum of 3 users, with 5 TB storage per user, priority support, and additional file controls.
 ## Security and privacy
 Dropbox takes security and privacy seriously, with features like:
 - **Encryption**: Files are encrypted both when they are stored on Dropbox servers and during transmission (using SSL/TLS).
 - **Two-factor authentication**: You can enable two-factor authentication (2FA) to add an extra layer of security to your account.
 - **Selective sync**: Choose which files and folders to sync on each device, allowing you to keep sensitive data off certain computers or devices.
 - **GDPR compliance**: Dropbox is compliant with the General Data Protection Regulation (GDPR), which ensures better data protection and privacy for users.
 ## Drawbacks
 There are a few downsides to using Dropbox as your cloud storage solution:
 - Limited storage on the free plan.
 - The need for a third-party app to encrypt files before uploading to add an extra layer of security.
 - Other alternatives offer additional features like built-in document editing.
 ## Conclusion
 Dropbox is a simple and user-friendly cloud storage service that offers seamless integration with various platforms and efficient file sharing options. While its free plan may be limited compared to other alternatives, the ease of use and robust feature set make it a popular choice for both personal and professional use.
 - [@official@Dropbox](https://www.dropbox.com/)
--- a/src/data/roadmaps/cyber-security/content/dumpster-diving@Iu0Qtk13RjrhHpSlm0uyh.md
+++ b/src/data/roadmaps/cyber-security/content/dumpster-diving@Iu0Qtk13RjrhHpSlm0uyh.md
@ -5,3 +5,4 @@ Dumpster Diving in the context of cybersecurity refers to the practice of search
 Visit the following resources to learn more:
 - [@article@What is Dumpster Diving](https://powerdmarc.com/dumpster-diving-in-cybersecurity/)
 - [@video@Dumpster diving for sensitive information](https://www.youtube.com/watch?v=Pom86gq4mk4)
--- a/src/data/roadmaps/cyber-security/content/eap-vs-peap@1jwtExZzR9ABKvD_S9zFG.md
+++ b/src/data/roadmaps/cyber-security/content/eap-vs-peap@1jwtExZzR9ABKvD_S9zFG.md
@ -0,0 +1,10 @@
 # Extensible Authentication Protocol (EAP) vs Protected Extensible Authentication Protocol (PEAP)
 EAP and PEAP are both authentication frameworks used in wireless networks and Point-to-Point connections to provide secure access. EAP is a flexible authentication framework that supports multiple authentication methods, such as token cards, certificates, and passwords, allowing for diverse implementations in network security. However, EAP by itself does not provide encryption, leaving the authentication process potentially vulnerable to attacks.
 PEAP, on the other hand, is a version of EAP designed to enhance security by encapsulating the EAP communication within a secure TLS (Transport Layer Security) tunnel. This tunnel protects the authentication process from eavesdropping and man-in-the-middle attacks. PEAP requires a server-side certificate to establish the TLS tunnel, but it does not require client-side certificates, making it easier to deploy while still ensuring secure transmission of credentials. PEAP is widely used in wireless networks to provide a secure authentication mechanism that protects user credentials during the authentication process.
 Learn more from the following resources:
 - [@article@Extensible Authentication Protocol (EAP) for network access](https://learn.microsoft.com/en-us/windows-server/networking/technologies/extensible-authentication-protocol/network-access?tabs=eap-tls%2Cserveruserprompt-eap-tls%2Ceap-sim)
 - [@article@What is Protected Extensible Authentication Protocol (PEAP)](https://www.techtarget.com/searchsecurity/definition/PEAP-Protected-Extensible-Authentication-Protocol)
--- a/src/data/roadmaps/cyber-security/content/edr@QvHWrmMzO8IvNQ234E_wf.md
+++ b/src/data/roadmaps/cyber-security/content/edr@QvHWrmMzO8IvNQ234E_wf.md
@ -5,3 +5,4 @@ Endpoint Detection and Response (EDR) is a cybersecurity technology that provide
 Learn more from the following resources:
 - [@video@What is Endpoint Detection and Response (EDR)? - IBM](https://www.youtube.com/watch?v=55GaIolVVqI)
 - [@article@What is Endpoint Detection and Response?](https://www.crowdstrike.com/cybersecurity-101/endpoint-security/endpoint-detection-and-response-edr/)
--- a/src/data/roadmaps/cyber-security/content/endpoint-security@LEgJtu1GZKOtoAXyOGWLE.md
+++ b/src/data/roadmaps/cyber-security/content/endpoint-security@LEgJtu1GZKOtoAXyOGWLE.md
@ -1,33 +1,8 @@
 # Endpoint Security
-Endpoint security refers to the practice of protecting individual devices, or "endpoints", that connect to your organization's network from potential cyber threats. These devices include desktop computers, laptops, smartphones, tablets, and servers. With the increase in remote working and the widespread use of personal devices in the workplace, endpoint security has become a critical aspect of a strong cybersecurity strategy.
+Endpoint security focuses on protecting individual devices that connect to a network, such as computers, smartphones, tablets, and IoT devices. It's a critical component of modern cybersecurity strategy, as endpoints often serve as entry points for cyberattacks. This approach involves deploying and managing security software on each device, including antivirus programs, firewalls, and intrusion detection systems. Advanced endpoint protection solutions may incorporate machine learning and behavioral analysis to detect and respond to novel threats. Endpoint security also encompasses patch management, device encryption, and access controls to mitigate risks associated with lost or stolen devices. As remote work and bring-your-own-device (BYOD) policies become more prevalent, endpoint security has evolved to include cloud-based management and zero-trust architectures, ensuring that security extends beyond the traditional network perimeter to protect data and systems regardless of device location or ownership.
 ## Why is Endpoint Security Important?
 Endpoint devices serve as potential entry points for cybercriminals to access sensitive data and launch attacks against your organization's network. By securing these devices, you can prevent unauthorized access, reduce the risk of data breaches, and maintain the integrity of your network.
 ## Key Components of Endpoint Security
 To effectively secure your endpoints, consider implementing the following measures:
 - **Antivirus and Malware Protection**: Make sure every endpoint device has up-to-date antivirus and anti-malware software installed. This will help to detect and remove malicious files, preventing them from causing harm to your network.
 - **Patch Management**: Stay up to date with the latest security patches for your operating systems and third-party applications. Regularly updating your software can help protect against vulnerabilities that cybercriminals may exploit.
 - **Device Management**: Implement a centralized device management solution that allows administrators to monitor, manage, and secure endpoints. This includes enforcing security policies, tracking device inventory, and remote wiping lost or stolen devices.
 - **Access Control**: Limit access to sensitive data by implementing a strict access control policy. Only grant necessary permissions to those who require it, and use authentication methods such as multi-factor authentication (MFA) to verify the identity of users.
 - **Encryption**: Encrypt sensitive data stored on endpoint devices to prevent unauthorized access to the data in case of device theft or loss.
 - **Firewall and Intrusion Prevention**: Deploy firewall and intrusion prevention systems to block external threats and alert administrators of potential attacks.
 - **User Training**: Educate users about the importance of endpoint security and the best practices for maintaining it. This includes topics like creating strong passwords, avoiding phishing scams, and following safe browsing practices.
 By taking a comprehensive approach to endpoint security, you can protect your organization's network and sensitive data from the growing threat of cyberattacks.
 Learn more from the following resources:
- [@video@Endpoint Security](https://youtu.be/5d7PCDm_MXs?si=RX3sAdNPLG0tJOaR&t=11)
+- [@article@What is Endpoint Security?](https://www.crowdstrike.com/cybersecurity-101/endpoint-security/)
- [@course@Manage endpoint security - Microsoft Learn](https://learn.microsoft.com/en-us/training/paths/manage-endpoint-security/)
+- [@video@Endpoints are the IT frontdoor - Gaurd them!](https://www.youtube.com/watch?v=Njqid_JpqTs)
--- a/src/data/roadmaps/cyber-security/content/eradication@N17xAIo7sgbB0nrIDMWju.md
+++ b/src/data/roadmaps/cyber-security/content/eradication@N17xAIo7sgbB0nrIDMWju.md
@ -1,21 +1,8 @@
 # Eradication
-Eradication is a crucial step in the incident response process where the primary goal is to eliminate any malicious activity from the infected system(s) and halt the attacker's foothold in the network. This step usually follows the detailed analysis and identification of the nature and scope of the incident. Below are some key aspects of the eradication process:
+Eradication in cybersecurity refers to the critical phase of incident response that follows containment, focusing on completely removing the threat from the affected systems. This process involves thoroughly identifying and eliminating all components of the attack, including malware, backdoors, and any alterations made to the system. Security teams meticulously analyze logs, conduct forensic examinations, and use specialized tools to ensure no traces of the threat remain. Eradication may require reimaging compromised systems, patching vulnerabilities, updating software, and resetting compromised credentials. It's a complex and often time-consuming process that demands precision to prevent reinfection or lingering security gaps. Successful eradication is crucial for restoring system integrity and preventing future incidents based on the same attack vector. After eradication, organizations typically move to the recovery phase, rebuilding and strengthening their systems with lessons learned from the incident.
-## Delete Malware & Vulnerability Patching
+Learn more from the following resources:
-Once the incident has been identified and understood, teams must remove any malicious software, including viruses, worms, and Trojans from the affected systems. Simultaneously, patch any vulnerabilities that were exploited to ensure the effectiveness of the eradication process.
+- [@article@Eradication - AWS](https://docs.aws.amazon.com/whitepapers/latest/aws-security-incident-response-guide/eradication.html)
-
+- [@article@What is eradication in Cybersecurity?](https://heimdalsecurity.com/blog/what-is-eradication-in-cybersecurity/)
 ## Enhance Security Measures
 After vulnerabilities have been patched, it's essential to boost the organization's security posture. This may involve updating and strengthening passwords, tightening access controls, or employing advanced security mechanisms like multi-factor authentication (MFA).
 ## System Restoration
 In some cases, it may be necessary to restore compromised systems from known backups or clean images to eliminate any lingering threats. Before restoring, verify the integrity and safety of the backups and ensure the security vulnerability is patched to avoid reinfection.
 ## Retain Evidentiary Data
 Be sure to retain any critical artifacts, logs, and other evidence associated with the incident. This information may be needed later for legal or insurance purposes, audit requirements, or continuous improvement of the organization's incident response capabilities.
 Remember that each incident is unique, and the eradication strategy must be customized according to the given incident's specifics. Proper documentation and communication should be maintained throughout the process to ensure smooth execution and avoid overlooking critical aspects. After eradication has been completed, it is essential to move forward and strengthen the overall cybersecurity posture to prevent future incidents.
--- a/src/data/roadmaps/cyber-security/content/esxi@BisNooct1vJDKaBKsGR7_.md
+++ b/src/data/roadmaps/cyber-security/content/esxi@BisNooct1vJDKaBKsGR7_.md
@ -2,20 +2,7 @@
 VMware ESXi is a Type 1 hypervisor and the core building block for VMware's virtualization technology. It represents a bare-metal hypervisor, which means it is installed directly onto your physical server's hardware, without the need for a supporting operating system. This results in elevated performance, reduced overhead, and efficient resource allocation.
-Key features and benefits of ESXi include:
+Learn more from the following resources:
- **Bare-metal performance**: ESXi can provide better performance by executing directly on the hardware, without the need for an additional operating system layer.
+- [@official@What is ESXi?](https://www.vmware.com/products/cloud-infrastructure/esxi-and-esx)
-
+- [@article@What is VMWare ESXi?](https://www.liquidweb.com/blog/what-is-vmware-esxi/)
 - **Security**: ESXi has a smaller footprint and is more resistant to attacks due to its limited scope and stringent VMware policies.
 - **Resource allocation**: ESXi allows for efficient allocation of resources, such as memory and CPU time, as it directly controls hardware.
 - **Scalability**: ESXi provides a simple and efficient environment to run multiple virtual machines (VMs) on a single server, which can reduce the need for additional hardware.
 - **Centralized management**: VMware offers vSphere, a centralized management platform that integrates seamlessly with ESXi, making it easy to deploy, manage, and maintain large-scale virtual infrastructure.
 - **Compatibility**: ESXi is compatible with a wide variety of hardware, which makes deployment and implementation more flexible and cost-effective.
 To get started with ESXi, you'll need to have compatible hardware and download the ESXi ISO from VMware's website. After installing it on your server, you can manage the virtual machines through VMware vSphere Client or other third-party tools. For more advanced management features, such as high availability, fault tolerance, and distributed resource scheduling, consider investing in VMware vSphere to fully leverage ESXi's potential.
 In summary, VMware's ESXi enables organizations to create, run, and manage multiple virtual machines on a single physical server. With its bare-metal performance, robust security, and seamless integration with management tools, ESXi is a powerful solution for businesses looking to optimize their IT infrastructure through virtualization technologies.
--- a/src/data/roadmaps/cyber-security/content/event-logs@KbFwL--xF-eYjGy8PZdrM.md
+++ b/src/data/roadmaps/cyber-security/content/event-logs@KbFwL--xF-eYjGy8PZdrM.md
@ -0,0 +1,8 @@
 # Event Logs
 Event logs are digital records that document activities and occurrences within computer systems and networks. They serve as a crucial resource for cybersecurity professionals, providing a chronological trail of system operations, user actions, and security-related events. These logs capture a wide range of information, including login attempts, file access, system changes, and application errors. In the context of security, event logs play a vital role in threat detection, incident response, and forensic analysis. They help identify unusual patterns, track potential security breaches, and reconstruct the sequence of events during an attack. Effective log management involves collecting logs from various sources, securely storing them, and implementing tools for log analysis and correlation. However, the sheer volume of log data can be challenging to manage, requiring advanced analytics and automation to extract meaningful insights and detect security incidents in real-time.
 Learn more from the following resources:
 - [@article@What is an event log?](https://www.crowdstrike.com/cybersecurity-101/observability/event-log/)
 - [@article@What are event logs and why do they matter?](https://www.blumira.com/blog/what-are-event-logs-and-why-do-they-matter)
--- a/src/data/roadmaps/cyber-security/content/evil-twin@O1fY2n40yjZtJUEeoItKr.md
+++ b/src/data/roadmaps/cyber-security/content/evil-twin@O1fY2n40yjZtJUEeoItKr.md
@ -2,20 +2,7 @@
 An Evil Twin is a type of wireless network attack where an attacker sets up a rogue Wi-Fi access point that mimics a legitimate Wi-Fi network. The rogue access point has the same SSID (network name) as the legitimate network, making it difficult for users to distinguish between the two. The attacker's goal is to trick users into connecting to the rogue access point, allowing them to intercept sensitive information, inject malware, or launch other types of attacks.
-## Types of Evil Twin Attacks
+Learn more from the following resources:
- **Captive Portal Attack:**  The most common evil twin attack scenario is an attack using Captive Portals, this is a common scenario where an attacker creates a fake captive portal that mimics the legitimate network's login page.
+- [@article@What is an Evil Twin attack?](https://www.techtarget.com/searchsecurity/definition/evil-twin)
-The goal is to trick users into entering their credentials, which the attacker can then use to gain access to the network.
+- [@video@How Hackers Can Grab Your Passwords Over Wi-Fi with Evil Twin Attacks](https://www.youtube.com/watch?v=HyxQqDq3qs4)
 - **Man-in-the-Middle (MitM) Attack:**  In this scenario, the attacker intercepts communication between the user's device and the legitimate network. The attacker can then inject malware, steal sensitive information, or modify data in real-time.
 - **SSL Stripping Attack:** The attacker downgrades the user's connection from HTTPS to HTTP, allowing them to intercept sensitive information, such as login credentials or credit card numbers.
 - **Malware Injection:** The attacker injects malware into the user's device, which can then spread to other devices on the network.
 ## How Evil Twin Attacks are Carried Out
 - **Rogue Access Point:** The attacker sets up a rogue access point with the same SSID as the legitimate network. This can be done using a laptop, a portable Wi-Fi router, or even a compromised device on the network.
 - **Wi-Fi Scanning:** The attacker uses specialized software to scan for nearby Wi-Fi networks and identify potential targets.
 - **Network Sniffing:** The attacker uses network sniffing tools to capture and analyze network traffic, allowing them to identify vulnerabilities and intercept sensitive information.
 Visit the following resources to learn more:
 - [@website@Common tool - airgeddon](https://www.kali.org/tools/airgeddon/)
--- a/src/data/roadmaps/cyber-security/content/false-negative--false-positive@XwRCZf-yHJsXVjaRfb3R4.md
+++ b/src/data/roadmaps/cyber-security/content/false-negative--false-positive@XwRCZf-yHJsXVjaRfb3R4.md
@ -5,3 +5,8 @@ A false positive happens when the security tool mistakenly identifies a non-thre
 A false negative occurs when the security tool fails to detect an actual threat or attack. This could result in a real attack going unnoticed, causing damage to the system, data breaches, or other negative consequences. A high number of false negatives indicate that the security system needs to be improved to capture real threats effectively.
 To have an effective cybersecurity system, security professionals aim to maximize true positives and true negatives, while minimizing false positives and false negatives. Balancing these aspects ensures that the security tools maintain their effectiveness without causing undue disruptions to a user's experience.
 Learn more from the following resources:
 - [@video@What is a false positive virus?](https://www.youtube.com/watch?v=WrcAGBvIT14)
 - [@video@False positives and false negatives](https://www.youtube.com/watch?v=bUNBzMnfHLw)
--- a/src/data/roadmaps/cyber-security/content/firewall--nextgen-firewall@tWDo5R3KU5KOjDdtv801x.md
+++ b/src/data/roadmaps/cyber-security/content/firewall--nextgen-firewall@tWDo5R3KU5KOjDdtv801x.md
@ -0,0 +1,10 @@
 # Firewalls & Next-Generation Firewalls
 Firewalls are network security devices that monitor and control incoming and outgoing traffic based on predetermined security rules. Traditional firewalls operate at the network layer, filtering traffic based on IP addresses, ports, and protocols. They provide basic protection by creating a barrier between trusted internal networks and untrusted external networks.
 Next-generation firewalls (NGFWs) build upon this foundation, offering more advanced features to address modern cyber threats. NGFWs incorporate deep packet inspection, application-level filtering, and integrated intrusion prevention systems. They can identify and control applications regardless of port or protocol, enabling more granular security policies. NGFWs often include additional security functions such as SSL/TLS inspection, antivirus scanning, and threat intelligence integration. This evolution allows for more comprehensive network protection, better visibility into network traffic, and improved defense against sophisticated attacks in today's complex and dynamic threat landscape.
 Learn more from the following resources:
 - [@article@What is a firewall?](https://www.kaspersky.com/resource-center/definitions/firewall)
 - [@article@What is a next-generation firewall (NGFW)?](https://www.cloudflare.com/en-gb/learning/security/what-is-next-generation-firewall-ngfw/)
--- a/src/data/roadmaps/cyber-security/content/firewall-logs@np0PwKy-EvIa_f_LC6Eem.md
+++ b/src/data/roadmaps/cyber-security/content/firewall-logs@np0PwKy-EvIa_f_LC6Eem.md
@ -0,0 +1,8 @@
 # Firewall Logs
 Firewall logs are detailed records of network traffic and security events captured by firewall devices. These logs provide crucial information about connection attempts, allowed and blocked traffic, and potential security incidents. They typically include data such as source and destination IP addresses, ports, protocols, timestamps, and the action taken by the firewall. Security professionals analyze these logs to monitor network activity, detect unusual patterns, investigate security breaches, and ensure policy compliance. Firewall logs are essential for troubleshooting network issues, optimizing security rules, and conducting forensic analysis after an incident. However, the volume of log data generated can be overwhelming, necessitating the use of log management tools and security information and event management (SIEM) systems to effectively process, correlate, and derive actionable insights from the logs. Regular review and analysis of firewall logs are critical practices in maintaining a robust security posture and responding promptly to potential threats.
 Learn more from the following resources:
 - [@article@What is firewall logging and why is it important?](https://cybriant.com/what-is-firewall-logging-and-why-is-it-important/)
 - [@video@Reviewing firewall logs](https://www.youtube.com/watch?v=XiJ30f8V_T4)
--- a/src/data/roadmaps/cyber-security/content/ftk-imager@_jJhL1RtaqHJmlcWrd-Ak.md
+++ b/src/data/roadmaps/cyber-security/content/ftk-imager@_jJhL1RtaqHJmlcWrd-Ak.md
@ -1,26 +1,8 @@
 # FTK Imager
-[FTK Imager](https://accessdata.com/product-download/digital-forensics/ftk-imager-version-3.1.1) is a popular and widely used free imaging tool developed by AccessData. It allows forensic analysts and IT professionals to create forensic images of digital devices and storage media. It is ideal for incident response and discovery as it helps in preserving and investigating digital evidence that is crucial for handling cyber security incidents.
+FTK Imager is a popular and widely used free imaging tool developed by AccessData. It allows forensic analysts and IT professionals to create forensic images of digital devices and storage media. It is ideal for incident response and discovery as it helps in preserving and investigating digital evidence that is crucial for handling cyber security incidents.
-FTK Imager provides users with a variety of essential features, such as:
+Learn more from the following resources:
- **Creating forensic images**: FTK Imager can create a forensically sound image of a computer's disk or other storage device in various formats, including raw (dd), E01, and AFF formats.
+- [@official@Create Forensic Images with Exterro FTK Imager](https://www.exterro.com/digital-forensics-software/ftk-imager)
-
+- [@video@Imaging a Directory Using FTK Imager](https://www.youtube.com/watch?v=trWDlPif84o)
 - **Previewing data**: It allows analysts to preview data stored on any imaging source, such as a hard drive, even before creating a forensic image so that they can determine if the source's data is relevant to the investigation.
 - **Acquiring live data**: FTK Imager can help capture memory (RAM) of a live system for further investigation, allowing you to analyze system information such as running processes, network connections, and file handles.
 - **Examining file systems**: It offers the ability to browse and examine file systems, identify file types, view, and export files and directories without needing to mount the disk image.
 - **Hashing support**: FTK Imager supports hashing files and capturing evident files, ensuring the integrity of data and confirming that the original data has not been tampered with during investigation and analysis.
 - **Mounting images**: Users can mount forensic images, enabling them to view and analyze disk images using various third-party tools.
 To use FTK Imager effectively in incident response:
 - Download and install FTK Imager from the [official website](https://accessdata.com/product-download/digital-forensics/ftk-imager-version-3.1.1).
 - Launch FTK Imager to create forensic images of digital devices or storage media by following the [user guide](https://ad-pdf.s3.amazonaws.com/Imager%20Lite%204_2%20Users%20Guide.pdf) and best practices.
 - Preview, examine, and export data as needed for further investigation and analysis.
 - Use FTK Imager along with other forensic tools and techniques to perform comprehensive digital investigations during incident response and discovery scenarios.
 In summary, FTK Imager is a versatile tool that plays a critical role in incident response and discovery efforts by providing secure and forensically sound digital imaging capabilities, enabling investigators to preserve, analyze, and present digital evidence for successful cyber security investigations.
--- a/src/data/roadmaps/cyber-security/content/ftp-vs-sftp@9Z6HPHPj4escSVDWftFEx.md
+++ b/src/data/roadmaps/cyber-security/content/ftp-vs-sftp@9Z6HPHPj4escSVDWftFEx.md
@ -0,0 +1,8 @@
 # File Transfer Protocol (FTP) vs Secure File Transfer Protol (SFTP)
 File Transfer Protocol (FTP) and Secure File Transfer Protocol (SFTP) are both used for transferring files over networks, but they differ significantly in terms of security. FTP is an older protocol that transmits data in plain text, making it vulnerable to interception and unauthorized access. It typically uses separate connections for commands and data transfer, operating on ports 20 and 21. SFTP, on the other hand, is a secure version that runs over the SSH protocol, encrypting both authentication credentials and file transfers. It uses a single connection on port 22, providing better firewall compatibility. SFTP offers stronger authentication methods and integrity checking, making it the preferred choice for secure file transfers in modern networks. While FTP is simpler and may be faster in some scenarios, its lack of built-in encryption makes it unsuitable for transmitting sensitive information, leading many organizations to adopt SFTP or other secure alternatives to protect their data during transit.
 Learn more from the following resources:
 - [@article@FTP defined and explained](https://www.fortinet.com/resources/cyberglossary/file-transfer-protocol-ftp-meaning)
 - [@video@How to use SFTP commands](https://www.youtube.com/watch?v=22lBJIfO9qQ)
--- a/src/data/roadmaps/cyber-security/content/ftp@ftYYMxRpVer-jgSswHLNa.md
+++ b/src/data/roadmaps/cyber-security/content/ftp@ftYYMxRpVer-jgSswHLNa.md
@ -1,33 +1,10 @@
-# FTP
+# File Transfer Protocol (FTP)
-**File Transfer Protocol (FTP)** is a standard network protocol used to transfer files from one host to another host over a TCP-based network, such as the Internet. Originally developed in the 1970s, it's one of the earliest protocols for transferring files between computers and remains widely used today.
+FTP is a standard network protocol used to transfer files from one host to another host over a TCP-based network, such as the Internet. Originally developed in the 1970s, it's one of the earliest protocols for transferring files between computers and remains widely used today.
 ## How FTP Works
 FTP operates on a client-server model, where one computer acts as the client (the sender or requester) and the other acts as the server (the receiver or provider). The client initiates a connection to the server, usually by providing a username and password for authentication, and then requests a file transfer.
-FTP uses two separate channels to carry out its operations:
+Learn more from the following resources:
 - **Control Channel:** This channel is used to establish the connection between the client and the server and send commands, such as specifying the file to be transferred, the transfer mode, and the directory structure.
 - **Data Channel:** This channel is used to transfer the actual file data between the client and the server.
 ## FTP Modes
 FTP offers two modes of file transfer:
 - **ASCII mode:** This mode is used for transferring text files. It converts the line endings of the files being transferred to match the format used on the destination system. For example, if the file is being transferred from a Unix system to a Windows system, the line endings will be converted from LF (Unix) to CR+LF (Windows).
 - **Binary mode:** This mode is used for transferring binary files, such as images, audio files, and executables. No conversion of the data is performed during the transfer process.
 ## FTP Security Concerns
 FTP has some significant security issues, primarily because it was designed before the widespread use of encryption and authentication mechanisms. Some of these concerns include:
 - Usernames and passwords are transmitted in plain text, allowing anyone who can intercept the data to view them.
 - Data transferred between the client and server is not encrypted by default, making it vulnerable to eavesdropping.
 - FTP does not provide a way to validate a server's identity, leaving it vulnerable to man-in-the-middle attacks.
 To mitigate these security risks, several secure alternatives to the FTP protocol have been developed, such as FTPS (FTP Secure) and SFTP (SSH File Transfer Protocol), which encrypt data transfers and provide additional security features.
 In conclusion, FTP is a commonly used protocol for transferring files between computers over a network. While it is easy to use, it has significant security vulnerabilities that make it a less desirable option for secure file transfers. It's essential to use more secure alternatives like FTPS or SFTP for transferring sensitive data.
- [@article@What Is FTP: FTP Explained for Beginners](https://www.hostinger.com/tutorials/what-is-ftp)
+- [@video@What is FTP?](https://www.youtube.com/watch?v=HI0Oh4NJqcI)
 - [@article@FTP meaning and uses](https://www.investopedia.com/terms/f/ftp-file-transfer-protocol.asp)
--- a/src/data/roadmaps/cyber-security/content/fundamental-it-skills@oimYzZYFXKjgvc7D4c-2u.md
+++ b/src/data/roadmaps/cyber-security/content/fundamental-it-skills@oimYzZYFXKjgvc7D4c-2u.md
@ -1,69 +1,7 @@
 # Fundamental IT Skills
-Basic IT skills are the foundation for understanding and navigating the digital world, as well as playing a crucial role in cyber security. Given below are some essential IT skills that will help you enhance your experience with technology and better protect your digital assets.
+Fundamental IT skills form the backbone of cybersecurity proficiency and encompass a broad range of technical knowledge. These skills include understanding computer hardware and software, networking concepts, and operating systems (particularly Windows and Linux). Proficiency in at least one programming language, such as Python or JavaScript, is increasingly important for automation and scripting tasks. Database management, including SQL, is crucial for handling and securing data. Knowledge of cloud computing platforms like AWS or Azure is becoming essential as organizations migrate to cloud environments. Familiarity with basic cybersecurity concepts such as encryption, access control, and common attack vectors provides a foundation for more advanced security work. Additionally, troubleshooting skills, the ability to interpret logs, and a basic understanding of web technologies are vital. These fundamental IT skills enable cybersecurity professionals to effectively protect systems, identify vulnerabilities, and respond to incidents in increasingly complex technological landscapes.
-## Computer Navigation
+Learn more from the following resources:
-Understanding how to navigate a computer's operating system is a vital skill. This includes knowing how to:
+- [@article@Top 10 in demand IT skills](https://www.comptia.org/blog/top-it-skills-in-demand)
 - Power on/off the device
 - Manage files and folders
 - Use shortcuts and right-click options
 - Install and uninstall software
 - Customize settings
 ## Internet Usage
 Having a working knowledge of how to navigate the internet will allow you to access information and resources more efficiently. Key skills include:
 - Web browsing
 - Internet searching
 - Bookmark management
 - Downloading files
 - Understanding hyperlinks and web addresses
 - Recognizing secure websites
 ## Email Management
 Communication using email is an essential aspect of the modern digital world. Important email management skills are:
 - Creating and organizing contacts
 - Composing, sending, and receiving emails
 - Detecting and avoiding spam and phishing emails
 - Managing email attachments
 - Understanding email etiquette
 ## Word Processing
 Word processing is a basic IT skill that is useful in both personal and professional environments. Skills related to word processing include:
 - Formatting text (font, size, bold, italic, etc.)
 - Creating and editing documents
 - Copying and pasting text
 - Inserting images and tables
 - Saving and printing documents
 ## Software and Application Installation
 Being able to install and manage software can make your experience with technology more efficient and tailored to your needs. Basic software-related skills include:
 - Identifying reliable sources for downloading software
 - Installing and updating applications
 - Uninstalling unwanted or unnecessary programs
 - Configuring applications according to your preferences
 - Updating software to prevent vulnerabilities
 ## Digital Security Awareness
 As the digital world is constantly evolving, so too are cyber threats. Therefore, remaining vigilant and familiarizing yourself with common cyber security practices is crucial. Some fundamental digital security skills include:
 - Creating strong, unique passwords
 - Ensuring a secure and updated Wi-Fi connection
 - Recognizing and avoiding phishing attempts
 - Keeping software and operating systems updated
 - Regularly backing up data
 By honing these basic IT skills, you will be better prepared to navigate and protect your digital life, as well as making the most of the technology at your fingertips.
 - [@video@IT skills Training for beginners | Complete Course](https://www.youtube.com/watch?v=On6dsIp5yw0)
 - [@feed@Explore top posts about Career](https://app.daily.dev/tags/career?ref=roadmapsh)
--- a/src/data/roadmaps/cyber-security/content/gcp@tOLA5QPKi6LHl1ljsOMwX.md
+++ b/src/data/roadmaps/cyber-security/content/gcp@tOLA5QPKi6LHl1ljsOMwX.md
@ -2,27 +2,7 @@
 Google Cloud Platform (GCP) is a collection of cloud computing services offered by Google, which provides infrastructure and platform services to businesses or individuals. It enables users to either build their own applications or services on the provided resources, or utilize ready-to-use services provided by Google. GCP covers a wide range of services, including (but not limited to) compute, storage, databases, networking, and many more.
-## Key Features
+Learn more from the following resources:
- **Global Infrastructure**: GCP is built on Google's global infrastructure, which ensures high performance, availability, and low latency for applications and services hosted on their platform.
+- [@official@Google Cloud Platform](https://cloud.google.com)
-
+- [@course@Google Cloud Platform Video Course](https://www.youtube.com/watch?v=fZOz13joN0o)
 - **Scalability**: The platform can easily scale up or down based on the user's needs. It allows users to run applications and services on one, tens, or even thousands of virtual machines simultaneously.
 - **Security**: GCP provides robust security measures that include data encryption at rest and in transit by default, as well as compliance with various certifications and regulations.
 - **Easy Integration**: GCP services can be easily integrated with other Google services, such as Google Drive or Google Analytics, to provide more insights and functionality to your applications.
 - **Cost-Effectiveness**: The pay-as-you-go pricing model lets users pay for only the resources they use, without any upfront costs or long-term commitments.
 ## Common GCP Services
 - **Compute Engine**: Provides virtual machines (VMs) that can be customized in terms of CPU, memory, storage, etc. You have full control over the VM and can install any software you need.
 - **App Engine**: A fully managed platform for building, deploying, and scaling applications without worrying about infrastructure management. Ideal for web applications or mobile app backends.
 - **Cloud Functions**: Offers event-driven computing, allowing you to run small pieces of code (functions) in response to specific events (triggers such as HTTP requests or file uploads).
 - **Cloud Storage**: A highly scalable and durable object storage solution for unstructured data.
 - **Bigtable**: A highly scalable, fully managed NoSQL database suitable for real-time analytics and large-scale data processing.
 - **Cloud SQL**: A fully managed relational database service for MySQL, PostgreSQL, or SQL Server databases.
 - **Cloud Spanner**: A fully managed, globally distributed relational database service that combines strong consistency, horizontal scaling, and transaction support.
 - **Cloud Pub/Sub**: A messaging service that allows you to send and receive messages between independent applications.
 These are just a few of the many services offered by GCP. Leveraging these services can help businesses build and deploy applications in the cloud with ease, while also ensuring that their data and applications are secure and scalable.
--- a/src/data/roadmaps/cyber-security/content/giac@ZiUT-lyIBfHTzG-dwSy96.md
+++ b/src/data/roadmaps/cyber-security/content/giac@ZiUT-lyIBfHTzG-dwSy96.md
@ -2,30 +2,6 @@
 GIAC is a globally recognized organization that provides certifications for information security professionals. Established in 1999, its primary aim is to validate the knowledge and skills of professionals in various cybersecurity domains. GIAC certifications focus on practical and hands-on abilities to ensure that certified individuals possess the necessary expertise to tackle real-world cybersecurity challenges.
-## GIAC Certification Categories
+Learn more from the following resources:
-GIAC certifications are divided into several categories, catering to different aspects of information security:
+- [@official@GIAC Website](https://www.giac.org/)
 - **Cyber Defense**: Certifications tailored to secure an organization's information infrastructure and develop incident response capabilities.
 - **Penetration Testing**: Certifications targeting professionals who conduct penetration tests to identify and mitigate security vulnerabilities.
 - **Incident Response and Forensics**: Certifications focusing on incident handling, forensics, and the legal aspects of cybersecurity.
 - **Management, Audit, Legal and Security Awareness**: Certifications aimed at security managers, auditors, and executives who are responsible for developing and managing security policies and procedures.
 - **Industrial Control Systems**: Certifications addressing the unique security requirements of industrial control systems and critical infrastructure.
 - **Developer**: Certifications targeting software developers and programmers to help them develop secure applications.
 ## GIAC Certification Process
 To obtain a GIAC certification, candidates must pass a comprehensive proctored exam that tests their knowledge and practical skills. The exams are usually associated with corresponding training courses offered by SANS Institute, a leading provider of cybersecurity training. However, taking a SANS course is not mandatory to sit for the exam. Individuals with sufficient knowledge and experience can directly register for a GIAC exam.
 The exams typically consist of multiple-choice questions and can range from 75 to 150 questions, depending on the certification. Candidates are given 2-5 hours to complete the exam, and a passing score varies between 63% and 80%.
 ## Benefits of GIAC Certifications
 GIAC-certified professionals are highly sought after due to the rigorous assessment and practical skills they possess. Obtaining a GIAC certification can lead to:
 - Enhanced career prospects
 - Higher salary potential
 - Peer recognition
 - Demonstrated commitment to professional development
 In summary, GIAC certifications are valuable and respected credentials that pave the way for a successful cybersecurity career. By completing a GIAC certification, you validate your expertise and increase your employability in the competitive field of cybersecurity.
--- a/src/data/roadmaps/cyber-security/content/go@jehVvdz8BnruKjqHMKu5v.md
+++ b/src/data/roadmaps/cyber-security/content/go@jehVvdz8BnruKjqHMKu5v.md
@ -2,33 +2,8 @@
 Go, also known as Golang, is an open-source programming language created by Google. Launched in 2009, it was designed to overcome issues present in other languages and offer a more secure, robust, and efficient development experience.
-## Key Features of Go
+Learn more from the following resources:
- **Performance**: Go is a statically-typed compiled language, which means that it offers greater performance compared to interpreted programming languages like Python or JavaScript.
+- [@roadmap@Go Roadmap](https://roadmap.sh/golang)
- **Concurrency**: One of the strengths of Go is its support for concurrent programming. It uses goroutines to handle multiple tasks simultaneously and efficiently.
+- [@video@Go in 100 seconds](https://www.youtube.com/watch?v=446E-r0rXHI)
- **Simplicity & Readability**: The syntax of Go is straightforward and easy to understand, making it an excellent choice for the development of secure applications.
+- [@course@Go tutorial for beginners](https://www.youtube.com/watch?v=yyUHQIec83I)
 - **Static Typing & Strong Type Safety**: Go enforces static typing, which helps to detect errors at the development stage and minimize security risks.
 - **Standard Library & Collaboration**: Go has a rich standard library, which provides numerous packages for various tasks, such as cryptography, data handling, and communication protocols.
 ## Go In Cyber Security
 Go is increasingly becoming popular in the field of cyber security due to its unique features:
 - **Secure Web Development**: Go offers built-in support for handling sensitive data, secure communication protocols like HTTPS, and secure cryptographic methods, which help in developing secure web applications.
 - **Network Security**: With its efficient concurrency model, Go is suitable for building network security tools like scanners, proxies, intrusion detection systems, and more.
 - **Malware Analysis**: Go's performance and ease of use make it suitable for developing tools to detect, analyze, and reverse engineer malware.
 - **Cryptographic Tools & Utility**: Go's standard library covers a wide range of cryptography methods, making it convenient to build secure tools and utilities.
 - **Open-Source Software Security**: As an open-source language, Go attracts a large community of developers who collaborate and continuously improve its security features.
 ## Go Resources
 To get started with Go, consider leveraging the following resources:
 - [@article@Official Go Documentation](https://golang.org/doc/)
 - [@article@Go by Example](https://gobyexample.com/)
 - [@article@A Tour of Go](https://tour.golang.org/)
 - [@article@The Go Programming Language book](http://www.gopl.io/)
 - [@course@Golang Courses on Udemy, Coursera, and Pluralsight](https://www.udemy.com/topic/go/)
 - [@feed@Explore top posts about Golang](https://app.daily.dev/tags/golang?ref=roadmapsh)
 As you learn and incorporate Go into your cyber security toolkit, you will find it to be a versatile and valuable language in building secure, efficient, and reliable tools and applications.
--- a/src/data/roadmaps/cyber-security/content/google-drive@fTZ4PqH-AMhYA_65w4wFO.md
+++ b/src/data/roadmaps/cyber-security/content/google-drive@fTZ4PqH-AMhYA_65w4wFO.md
@ -2,19 +2,6 @@
 Google Drive is a cloud-based storage solution provided by Google, which offers users the ability to store, share, and collaborate on files and documents across different platforms and devices. It is integrated with Google's productivity suite, including Google Docs, Sheets, Slides, and Forms, allowing seamless collaboration with team members in real-time.
-## Key Features
+Learn more from the following resources:
- **Storage Capacity:** Google Drive offers 15 GB of free storage for individual users, with the option to upgrade to additional storage plans with a subscription.
+- [@official@Google Drive Website](https://drive.google.com)
 - **File Sharing and Collaboration:** You can share files, folders, or your entire drive with others, allowing them to view, edit, or comment on your documents. Collaboration features include real-time editing and support for multiple users.
 - **Data Security:** Google Drive encrypts data in transit and at rest, ensuring that your files are protected from unauthorized access. Additionally, you can manage user permissions and expiration dates for shared files.
 - **Version History:** Drive keeps track of changes made to your documents, allowing you to view or revert to previous versions any time.
 - **Multi-platform Support:** Drive can be accessed through the web, as well as through desktop and mobile apps for Windows, macOS, Android, and iOS devices.
 - **Integration with Google Workspace:** Google Drive is seamlessly integrated with other Google Workspace applications like Google Docs, Sheets, Slides, and Forms for a fully integrated, cloud-based productivity suite.
 ## Tips for Using Google Drive Securely
 - **Enable Two-Factor Authentication (2FA):** Implement 2FA on your Google account to add an extra layer of security during login.
 - **Regularly Review Permissions:** Periodically review file and folder sharing permissions to ensure that access is granted only to necessary parties.
 - **Be Cautious with External Sharing:** Avoid sharing sensitive information with external users, and consider using expiring links or password protection for sensitive files.
 - **Employ Strong Passwords:** Utilize unique and complex passwords for your Google account to mitigate the risk of unauthorized access.
 - **Monitor Activity:** Leverage built-in Google Drive tools to audit user activity and identify potential security threats.
--- a/src/data/roadmaps/cyber-security/content/google-suite@IOK_FluAv34j3Tj_NvwdO.md
+++ b/src/data/roadmaps/cyber-security/content/google-suite@IOK_FluAv34j3Tj_NvwdO.md
@ -1,33 +1,7 @@
-# Google Suite
+# Google Workspace (Formerly G Suite)
-Google Suite, also known as G Suite or Google Workspace, is a collection of cloud-based productivity and collaboration tools developed by Google. These tools are designed to help individuals and businesses collaborate more efficiently and effectively. Here is a summary of some of the most popular tools in Google Suite:
+Google Workspace, formerly known as G Suite, is a collection of cloud-based productivity and collaboration tools developed by Google. It includes popular applications such as Gmail for email, Google Drive for file storage and sharing, Google Docs for document creation and editing, Google Sheets for spreadsheets, and Google Meet for video conferencing. From a cybersecurity perspective, Google Workspace presents both advantages and challenges. It offers robust built-in security features like two-factor authentication, encryption of data in transit and at rest, and advanced threat protection. However, its cloud-based nature means organizations must carefully manage access controls, data sharing policies, and compliance with various regulations. Security professionals must be vigilant about potential phishing attacks targeting Google accounts, data leakage through improper sharing settings, and the risks associated with third-party app integrations. Understanding how to properly configure and monitor Google Workspace is crucial for maintaining the security of an organization's collaborative environment and protecting sensitive information stored within these widely-used tools.
-## Google Drive
+Learn more from the following resources:
-Google Drive is a cloud storage service that allows users to store files, sync them across devices, and easily share them with others. With Google Drive, users get 15 GB of free storage, while more storage can be purchased as needed.
+- [@official@Google Workspace Website](https://workspace.google.com/intl/en_uk/)
 ## Google Docs, Sheets, and Slides
 These are the office suite tools that include a word processor (Docs), a spreadsheet program (Sheets), and a presentation program (Slides). All of these applications are web-based, allowing users to create, edit, and share documents in real-time with colleagues or collaborators. They also come with a variety of built-in templates, making it easier for users to quickly create and format their documents.
 ## Google Forms
 Google Forms is a tool for creating custom online forms and surveys. Users can design forms with various question types, including multiple-choice, dropdown, and text-based questions. The data collected from the forms can be automatically organized and analyzed in Google Sheets.
 ## Google Calendar
 A powerful scheduling tool, Google Calendar allows users to create and manage individual or shared calendars. Users can create events, invite attendees, and set reminders for themselves or others. Google Calendar also integrates with Gmail, allowing users to create and update events directly from their email.
 ## Gmail
 Gmail is a widely-used email service that provides a clean and user-friendly interface, powerful search capabilities, and excellent spam filtering. Gmail also integrates with other Google tools, making it a seamless part of the overall suite.
 ## Google Meet
 Google Meet is a video conferencing tool that allows users to host and join secure video meetings. With a G Suite account, users can schedule and join meetings directly from Google Calendar. Google Meet also supports screen sharing, breakout rooms, and live captioning during meetings.
 ## Google Chat
 Google Chat is a communication platform for teams that provides direct messaging, group conversations, and virtual meeting spaces. Users can create chat rooms for specific projects or topics, collaborate on documents in real-time, and make use of Google Meet for video chats.
 These are just some of the many tools offered by Google Suite. This platform is a popular choice for individuals, teams, and organizations looking for a comprehensive and efficient way to manage their work and communication needs.
--- a/src/data/roadmaps/cyber-security/content/gpen@t4h9rEKWz5Us0qJKXhxlX.md
+++ b/src/data/roadmaps/cyber-security/content/gpen@t4h9rEKWz5Us0qJKXhxlX.md
@ -1,32 +1,8 @@
 # GPEN
-The **GIAC Penetration Tester (GPEN)** certification is an advanced-level credential designed for professionals who want to demonstrate their expertise in the field of penetration testing and ethical hacking. Created by the Global Information Assurance Certification (GIAC) organization, GPEN validates an individual's ability to conduct legal, systematic, and effective penetration tests to assess the security of computer networks, systems, and applications.
+The GIAC Penetration Tester (GPEN) certification is an advanced-level credential designed for professionals who want to demonstrate their expertise in the field of penetration testing and ethical hacking. Created by the Global Information Assurance Certification (GIAC) organization, GPEN validates an individual's ability to conduct legal, systematic, and effective penetration tests to assess the security of computer networks, systems, and applications.
-## Key Topics
+Learn more from the following resources:
- **Reconnaissance:** Utilize various methods to gather information on a target's infrastructure, services, and vulnerabilities.
+- [@official@GPEN Certification Website](https://www.giac.org/certifications/penetration-tester-gpen/)
- **Scanning:** Employ tools and techniques to actively probe and evaluate target systems, including Nmap, Nessus, and Metasploit.
+- [@article@What is the GPEN Certification?](https://hackernoon.com/what-is-the-giac-penetration-tester-gpen-certification)
 - **Exploitation:** Understand how to exploit vulnerabilities effectively, including buffer overflow attacks, SQL injection, and browser-based attacks.
 - **Password Attacks:** Employ password cracking tools and techniques to bypass authentication mechanisms.
 - **Wireless and Monitoring**: Identify and exploit wireless networks, as well as monitor network traffic to uncover useful information.
 - **Post Exploitation**: Perform post-exploitation activities like privilege escalation, lateral movement, and data exfiltration.
 - **Legal and Compliance**: Understand the legal considerations involved in penetration testing, and follow industry best practices and standards.
 ## Target Audience
 The GPEN certification is primarily aimed at cybersecurity professionals, network administrators, security consultants, and penetration testers looking to enhance their skills and reinforce their credibility in the industry.
 ## Preparing for the GPEN Exam
 To prepare for the GPEN exam, candidates are recommended to have a strong foundation in the fundamentals of cybersecurity, networking, and ethical hacking. GIAC offers a comprehensive training course called "SEC560: Network Penetration Testing and Ethical Hacking" which aligns with the GPEN exam objectives. However, self-study using other resources like books, articles, and online tutorials is also a viable option.
 ## Exam Details
 - **Number of Questions:** 115
 - **Type of Questions:** Multiple-choice
 - **Duration:** 3 hours
 - **Passing Score:** 74%
 - **Exam Delivery:** Proctored, Online or at a testing center
 - **Cost:** $1,999 USD (Includes one retake)
 Upon successfully passing the exam, candidates will receive the GIAC Penetration Tester certification, which is valid for four years. To maintain the certification, professionals must earn plus 36 Continuing Professional Education (CPE) credits every two years and pay a maintenance fee to keep their credentials active.
--- a/src/data/roadmaps/cyber-security/content/grep@Dfz-6aug0juUpMmOJLCJ9.md
+++ b/src/data/roadmaps/cyber-security/content/grep@Dfz-6aug0juUpMmOJLCJ9.md
@ -2,50 +2,7 @@
 Grep is a powerful command-line tool used for searching and filtering text, primarily in Unix-based systems. Short for "global regular expression print", grep is widely used for its ability to search through files and directories, and find lines that match a given pattern. It is particularly useful for incident response and discovery tasks, as it helps you identify specific occurrences of potentially malicious activities within large amounts of log data.
-In this section, we will cover the basics of grep and how to wield its power for efficient incident response.
+Learn more from the following resources:
-## Basic Syntax
+- [@article@grep command in Linux](https://www.digitalocean.com/community/tutorials/grep-command-in-linux-unix)
-
+- [@video@The grep command](https://www.youtube.com/watch?v=Tc_jntovCM0)
 The basic syntax of grep is as follows:
 ```
 grep [options] pattern [files/directories]
 ```
 - `options`: Modify the behavior of grep (e.g., case-insensitive search, display line numbers)
 - `pattern`: The search pattern, which can be a fixed string, a regular expression, or a combination of both
 - `files/directories`: The target files or directories to search
 ## Common Grep Options
 Here are some commonly used grep options:
 - `-i`: Perform a case-insensitive search
 - `-v`: Invert the search, returning lines that do not match the pattern
 - `-n`: Display line numbers for matching lines
 - `-r`: Recursively search directories
 - `-c`: Display the count of matching lines
 ## Sample Use Cases
 - Case-insensitive search for the word "password":
 ```
 grep -i "password" /var/log/syslog
 ```
 - Display line numbers for lines containing "error" in log files:
 ```
 grep -n "error" /var/log/*.log
 ```
 - Search for IP addresses in a web server access log:
 ```
 grep -E -o "([0-9]{1,3}\.){3}[0-9]{1,3}" /var/log/apache2/access.log
 ```
 ## Conclusion
 Grep is an indispensable tool for incident response and discovery tasks in cyber security. It allows you to quickly pinpoint specific patterns in large volumes of data, making it easier to identify potential threats and respond accordingly. As you become more proficient with grep and its wide array of options, you'll gain a valuable resource in your cyber security toolkit.
--- a/src/data/roadmaps/cyber-security/content/group-policy@FxuMJmDoDkIsPFp2iocFg.md
+++ b/src/data/roadmaps/cyber-security/content/group-policy@FxuMJmDoDkIsPFp2iocFg.md
@ -2,26 +2,11 @@
 _Group Policy_ is a feature in Windows operating systems that enables administrators to define and manage configurations, settings, and security policies for various aspects of the users and devices in a network. This capability helps you to establish and maintain a consistent and secure environment, which is crucial for organizations of all sizes.
 ## How Group Policy Works
 Group Policy works by maintaining a hierarchy of _Group Policy Objects_ (GPOs), which contain multiple policy settings. GPOs can be linked to different levels of the Active Directory (AD) structure, such as domain, site, and organizational unit (OU) levels. By linking GPOs to specific levels, you can create an environment in which different settings are applied to different groups of users and computers, depending on their location in the AD structure.
 When a user logs in or a computer starts up, the relevant GPOs from the AD structure get evaluated to determine the final policy settings. GPOs are processed in a specific order — local, site, domain, and OUs, with the latter having the highest priority. This order ensures that you can have a baseline set of policies at the domain level, with more specific policies applied at the OU level, as needed.
-## Common Group Policy Scenarios
+Learn more from the following resources:
 Here are some typical scenarios in which Group Policy can be utilized to enforce security policies and settings:
 - **Password Policies**: You can use Group Policy to define minimum password length, complexity requirements, password history, and maximum password age for all users within the domain. This ensures a consistent level of password security across the organization.
 - **Account Lockout Policies**: Group Policy allows you to specify conditions under which user accounts will be locked out, such as after a specific number of failed login attempts. This helps to thwart brute-force attacks.
 - **Software Deployment**: Deploy and manage the installation of software packages and security updates across the entire network. Ensure that all devices are running the latest, most secure software versions.
 - **Device Security**: Apply configurations to enforce encryption, firewall settings, and other security-related device settings to protect your organization's network and sensitive data.
 - **User Rights Assignment**: Control various user rights, such as the ability to log in locally or remotely, access this computer from the network, or shut down the system.
 - **Restricted Groups**: Manage group memberships, including local administrator groups, to ensure that only authorized users have elevated privileges on targeted devices.
-By understanding and leveraging the capabilities of Group Policy, you can establish a robust and secure environment that meets your organization's specific requirements. Keep in mind that maintaining a well-documented, granular, and least-privileged approach to Group Policy settings will help ensure a manageable and resilient security posture.
+- [@official@Group Policy overview](https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/hh831791(v=ws.11))
 - [@video@Learn Windows Group Policy the easy way!](https://www.youtube.com/watch?v=rEhTzP-ScBo)
--- a/src/data/roadmaps/cyber-security/content/gsec@nlmATCTgHoIoMcEOW8bUW.md
+++ b/src/data/roadmaps/cyber-security/content/gsec@nlmATCTgHoIoMcEOW8bUW.md
@ -1,32 +1,7 @@
 # GSEC
-The **GIAC Security Essentials Certification (GSEC)** is an advanced cybersecurity certification that demonstrates an individual's knowledge and skills in addressing security threats and vulnerabilities in various systems. Developed by the Global Information Assurance Certification (GIAC), this certification is suitable for security professionals, IT managers, and network administrators who want to enhance their expertise in the core cybersecurity concepts and practices.
+The GIAC Security Essentials Certification (GSEC) is an advanced cybersecurity certification that demonstrates an individual's knowledge and skills in addressing security threats and vulnerabilities in various systems. Developed by the Global Information Assurance Certification (GIAC), this certification is suitable for security professionals, IT managers, and network administrators who want to enhance their expertise in the core cybersecurity concepts and practices.
-## Key Features of GSEC
+Learn more from the following resources:
- **Comprehensive coverage of security concepts**: GSEC covers a wide range of cybersecurity topics, including risk management, cryptography, access control, authentication, network security, wireless security, web application security, and incident response.
+- [@official@GSEC Certification Website](https://www.giac.org/certifications/security-essentials-gsec/)
 - **Hands-on approach**: GSEC focuses on practical, real-world situations and encourages students to develop problem-solving skills through hands-on labs and exercises.
 - **Vendor-neutral**: Unlike other certifications that focus on specific technologies or tools, GSEC is vendor-neutral and teaches concepts and techniques that can be applied in various environments and platforms.
 - **Globally recognized**: GSEC is a widely acknowledged certification among security professionals, and receiving it can help boost an individual's career in the cybersecurity industry.
 ## GSEC Exam Details
 The GSEC exam consists of 180 questions, and candidates have a total of 5 hours to complete the test. The minimum passing score is 73%. The exam covers the following domains:
 - Active defense concepts
 - Authentication and access control
 - Basic understanding of cryptographic concepts
 - Incident handling and response
 - IP networking concepts and network security
 - Security policy and contingency planning
 ## Preparing for the GSEC Exam
 To prepare for the GSEC exam, you can use the following resources:
 - **GIAC's official training courses**: GIAC offers a comprehensive training course, known as "SEC401: Security Essentials Boot- camp Style," to help students develop the necessary knowledge and skills for the GSEC certification exam. This course is available in various formats, including online, classroom-based, and on-demand.
 - **Study materials**: You can find several study guides, practice exams, and books specifically designed for GSEC exam preparation. These resources can help you deepen your understanding of the GSEC exam objectives and practice your skills through hands-on exercises.
 - **Online forums and study groups**: Participate in online forums and study groups related to GSEC and cybersecurity in general. These platforms can provide valuable insights, tips, and experiences from other security professionals and candidates preparing for the exam.
 - **GSEC Practice Exams**: GIAC offers two practice exams for the GSEC certification, which are an excellent way to assess your knowledge and identify areas that may require further attention.
 By obtaining the GSEC certification, you will demonstrate your advanced knowledge and skills in cybersecurity, showcasing your ability to protect information systems and networks effectively. This certification can be a significant asset to your career and help you stand out in the competitive cybersecurity job market.
--- a/src/data/roadmaps/cyber-security/content/guestos@LocGETHz6ANYinNd5ZLsS.md
+++ b/src/data/roadmaps/cyber-security/content/guestos@LocGETHz6ANYinNd5ZLsS.md
@ -1,27 +1,8 @@
 # GuestOS
-A Guest OS (Operating System) is an essential component in virtualization. It is an operating system that runs within a virtual machine (VM) created by a host operating system or a hypervisor. In this scenario, multiple guest operating systems can operate on a single physical host machine, sharing resources provided by the host.
+A Guest Operating System (Guest OS) refers to an operating system that runs within a virtual machine (VM) environment, managed by a hypervisor or virtual machine monitor. In virtualization technology, the Guest OS operates as if it were running on dedicated physical hardware, but it's actually sharing resources with the host system and potentially other guest systems. This concept is crucial in cybersecurity for several reasons. It allows for isolation of systems, enabling secure testing environments for malware analysis or vulnerability assessments. Guest OSes can be quickly deployed, cloned, or reset, facilitating rapid incident response and recovery. However, they also introduce new security considerations, such as potential vulnerabilities in the hypervisor layer, escape attacks where malware breaks out of the VM, and resource contention issues. Properly configuring, patching, and monitoring Guest OSes is essential for maintaining a secure virtualized infrastructure, balancing the benefits of flexibility and isolation with the need for robust security measures.
-## Key Features of Guest OS
+Learn more from the following resources:
- **Resource Sharing**: The guest OS shares the host's resources, such as CPU, memory, and storage, while having a virtualized environment of its own.
+- [@article@What is a Guest Operating System?](https://www.techtarget.com/searchitoperations/definition/guest-OS-guest-operating-system)
- **Isolation**: Each guest OS operates independently of others on the same host machine, ensuring that the performance or security of one system does not affect the others.
+- [@article@Guest Operating System](https://nordvpn.com/cybersecurity/glossary/guest-operating-system/?srsltid=AfmBOop0L-VFCtuYvEBQgHy7dCIa3sfzNVa-Zn6l0SniAYDpftfOgH7N)
 - **Customization**: You can install and manage different types of guest operating systems on the same host, catering to specific requirements or user preferences.
 - **Portability**: The guest OS and its associated data can be easily moved to another host machine, simplifying the management of multiple systems for businesses and individuals.
 ## Use Cases for Guest OS
 - **Testing and Development**: By providing a separate environment to experiment with different applications, guest operating systems are appropriate for testing and development.
 - **Security**: Sandbox environments can be created within the guest OS for analyzing malware or executing potentially unsafe applications, without affecting the host machine's performance or security.
 - **Legacy Applications**: Some older applications may not be compatible with modern operating systems. Having a guest OS with an older OS version helps to run these legacy applications.
 - **Resource Optimization**: Virtualization enables businesses to make the most of their hardware investments, as multiple guest OS can share the resources of a single physical machine.
 ## Guest OS Management
 To manage guest operating systems effectively, you must use virtualization software or a hypervisor. Some popular options include:
 - **VMware**: VMware provides tools like VMware Workstation and Fusion to create, manage, and run guest OS within virtual machines.
 - **Oracle VirtualBox**: Oracle's VirtualBox is an open-source hypervisor that supports the creation and management of guests operating systems across multiple host OS platforms.
 - **Microsoft Hyper-V**: Microsoft's free hypervisor solution, Hyper-V, is capable of creating and managing guest operating systems on Windows-based host machines.
 In conclusion, a guest operating system plays a vital role in virtualization, allowing users to operate multiple OS within virtual machines on a single host, optimizing resources, and providing the flexibility to work with a variety of applications and environments.
--- a/src/data/roadmaps/cyber-security/content/gwapt@rwniCTWfYpKP5gi02Pa9f.md
+++ b/src/data/roadmaps/cyber-security/content/gwapt@rwniCTWfYpKP5gi02Pa9f.md
@ -1,34 +1,7 @@
 # GWAPT
-The **GIAC Web Application Penetration Tester (GWAPT)** certification validates an individual's ability to perform in-depth web application security assessments and exploit vulnerabilities. GWAPT focuses on using ethical hacking methodologies to conduct web application penetration testing with the goal of identifying, evaluating, and mitigating security risks.
+The GIAC Web Application Penetration Tester (GWAPT) certification validates an individual's ability to perform in-depth web application security assessments and exploit vulnerabilities. GWAPT focuses on using ethical hacking methodologies to conduct web application penetration testing with the goal of identifying, evaluating, and mitigating security risks.
-## Key Concepts
+Learn more from the following resources:
-The GWAPT certification covers several key concepts and areas, including but not limited to:
+- [@official@GWAPT Certification Website](https://www.giac.org/certifications/web-application-penetration-tester-gwapt/)
 - **Web Application Security:** Knowledge of various web application security concepts, such as authentication mechanisms, session management, input validation, and access control.
 - **Testing Methodologies:** Understanding and application of web application penetration testing methodologies, such as OWASP Testing Guide and OWASP ASVS.
 - **Vulnerability Identification and Exploitation:** Identifying, exploiting, and assessing the impact of common web application vulnerabilities such as XSS, CSRF, SQL Injection, and others.
 - **Tools and Techniques:** Mastery of various web application testing tools, such as Burp Suite, WebInspect, and others.
 - **Report Preparation and Presentation:** Ability to document and present findings in a clear, concise manner, which can be understood by both technical and non-technical audiences.
 ## Certification Process
 To attain the GWAPT certification, candidates must:
 - Register for the GWAPT exam through the GIAC website (www.giac.org).
 - Prepare for the exam by undergoing various training methods, such as attending the SEC542: Web App Penetration Testing and Ethical Hacking course by SANS, self-study, attending workshops, or gaining hands-on experience.
 - Pass the proctored 75-question multiple-choice exam with a minimum score of 68% within the 2-hour time limit.
 - Maintain the certification by earning 36 Continuing Professional Experience (CPE) credits every four years and paying the renewal fee.
 ## Who Should Pursue GWAPT Certification?
 The GWAPT certification is aimed at professionals who are involved in web application security, such as penetration testers, security analysts, or application developers. Obtaining this certification demonstrates a high level of technical skill and knowledge in web application security testing, making it a valuable addition to any cybersecurity professional's credentials.
 ## Benefits of GWAPT Certification
 - Validates your skills and knowledge in web application security testing.
 - Enhances your professional credibility and marketability in the cybersecurity industry.
 - Provides a competitive edge over non-certified individuals.
 - Demonstrates a commitment to staying current with industry advancements and best practices.
 - Assists in advancing your career by meeting employer or client requirements for certified professionals.
--- a/src/data/roadmaps/cyber-security/content/hackthebox@wkuE_cChPZT2MHyGjUuU4.md
+++ b/src/data/roadmaps/cyber-security/content/hackthebox@wkuE_cChPZT2MHyGjUuU4.md
@ -2,30 +2,7 @@
 Hack The Box (HTB) is a popular online platform designed for security enthusiasts, penetration testers, and ethical hackers to develop and enhance their skills by engaging in real-world cybersecurity challenges. The platform provides a wide array of virtual machines (VMs), known as "boxes," each with a unique set of security vulnerabilities to exploit.
-## Features of Hack The Box
+Learn more from the following resources:
- **Lab Environment:** HTB offers a secure and legal environment for hacking challenges. The platform provides a VPN connection to a private network where the vulnerable machines (boxes) are hosted.
+- [@official@Hack The Box Website](https://www.hackthebox.com/)
-
+- [@video@I played HTB for 30 days, heres what I learnt](https://www.youtube.com/watch?v=bPv5pb7AcYs)
 - **Various Difficulty Levels:** The boxes on HTB come in varying levels of difficulty (easy, medium, hard, and insane), allowing users of different skill levels to participate and learn progressively.
 - **New Challenges Regularly:** New boxes are added to the platform regularly, ensuring that participants can continuously learn and enhance their cybersecurity skills.
 - **Community-driven:** The HTB community often collaborates and shares knowledge, techniques, and experiences, fostering a sense of camaraderie among members.
 - **Competition:** Users can compete against one another by attempting to solve challenges as quickly as possible and get to the top of the leaderboard.
 ## Participation Process
 - **Registration:** To get started with HTB, you will need to register for an account on the platform. Interestingly, the registration itself is a hacking challenge where you are required to find an invite code using your web application penetration testing skills. This unique invitation process ensures that only interested and skilled individuals join the community.
 - **Connect to the VPN:** After registration, connect to the HTB private network using the provided VPN configuration file. This allows you to access the lab environment and the boxes.
 - **Select a Box and Hack it:** Browse the list of available boxes, select one that suits your skill level, and start hacking! Each box has a specific set of objectives like finding particular files, referred to as "flags," that are hidden on the machines. These flags contain proof of your exploit and are used for scoring and ranking purposes.
 - **Submit Flags and Write-ups:** Upon solving a challenge, submit the flags you found to gain points and secure your spot on the leaderboard. Additionally, once a box is retired from the platform, you can create and share write-ups of your solution technique with the community.
 Hack The Box is an excellent resource for anyone looking to enhance their cybersecurity skills or explore the ethical hacking domain. Whether you're a beginner or a seasoned expert, HTB offers an engaging and collaborative environment to learn and grow as a cybersecurity professional.
 - [@official@HackTheBox website](https://www.hackthebox.com/)
 - [@article@HTB Academy ](https://academy.hackthebox.com/)
 - [@feed@Explore top posts about Security](https://app.daily.dev/tags/security?ref=roadmapsh)
--- a/src/data/roadmaps/cyber-security/content/hashing@0UZmAECMnfioi-VeXcvg8.md
+++ b/src/data/roadmaps/cyber-security/content/hashing@0UZmAECMnfioi-VeXcvg8.md
@ -1,35 +1,8 @@
 # Hashing
-In this section, we will discuss the concept of _hashing_, an important cryptographic primitive, and its multiple applications in the realm of cyber security.
+Hashing is a cryptographic process that converts input data of any size into a fixed-size string of characters, typically a hexadecimal number. This output, called a hash value or digest, is unique to the input data and serves as a digital fingerprint. Unlike encryption, hashing is a one-way process, meaning it's computationally infeasible to reverse the hash to obtain the original data. In cybersecurity, hashing is widely used for password storage, data integrity verification, and digital signatures. Common hashing algorithms include MD5 (now considered insecure), SHA-256, and bcrypt. Hashing helps detect unauthorized changes to data, as even a small alteration in the input produces a significantly different hash value. However, the strength of a hash function is crucial, as weak algorithms can be vulnerable to collision attacks, where different inputs produce the same hash, potentially compromising security measures relying on the uniqueness of hash values.
-**What is Hashing?**
+Learn more from the following resources:
-A _hash function_ is a mathematical algorithm that takes an input (or 'message') and returns a fixed-size string of bytes, usually in the form of a hexadecimal number. The output is called the _hash value_ or simply, the _hash_. Some characteristics of a good hash function are:
+- [@video@Hashing Explained](https://www.youtube.com/watch?v=EOe1XUykdP4)
-
+- [@article@What is hashing and how does it work?](https://www.techtarget.com/searchdatamanagement/definition/hashing)
 - _Deterministic_: The same input will always result in the same hash output.
 - _Efficient_: The time taken to compute the hash should be as quick as possible.
 - _Avalanche Effect_: A tiny change in the input should result in a drastically different hash output.
 - _One-way Function_: It should be computationally infeasible to reverse-engineer the input from its hash output.
 - _Collision Resistance_: It should be extremely unlikely to find two different inputs that produce the same hash output.
 **Common Hashing Algorithms**
 There are several widely used hashing algorithms with different strengths and weaknesses. Some of the most common ones include:
 - MD5 (Message Digest 5): Produces a 128-bit hash value. It is no longer considered secure due to vulnerability to collision attacks.
 - SHA-1 (Secure Hash Algorithm 1): Generates a 160-bit hash value. Like MD5, it is no longer considered secure due to collision attacks and is being phased out.
 - SHA-256 and SHA-512: Part of the SHA-2 family, SHA-256 produces a 256-bit hash value, while SHA-512 generates a 512-bit hash value. Both are widely adopted and considered secure.
 **Applications of Hashing**
 Hashing is a versatile mechanism and serves many purposes in cyber security, such as:
 - _Data Integrity_: Hashing can be used to ensure that a file or piece of data hasn't been altered or tampered with. Comparing the hash value of the original and received data can determine if they match.
 - _Password Storage_: Storing users' passwords as hashes makes it difficult for attackers to obtain the plain-text passwords even if they gain access to the stored hashes.
 - _Digital Signatures_: Digital signatures often rely on cryptographic hash functions to verify the integrity and authenticity of a message or piece of data.
 - _Proof of Work_: Hash functions are employed in consensus algorithms like the one used in Bitcoin mining, as they can solve computational challenges.
 In conclusion, hashing is a crucial technique in ensuring data integrity and maintaining security in various areas of cyber security. Understanding and adopting secure hashing algorithms is an essential skill for any cyber security professional.
--- a/src/data/roadmaps/cyber-security/content/head@VNmrb5Dm4UKUgL8JBfhnE.md
+++ b/src/data/roadmaps/cyber-security/content/head@VNmrb5Dm4UKUgL8JBfhnE.md
@ -1,61 +1,8 @@
 # head
 ## Summary
 `head` is a versatile command-line utility that enables users to display the first few lines of a text file, by default it shows the first 10 lines. In case of incident response and cyber security, it is a useful tool to quickly analyze logs or configuration files while investigating potential security breaches or malware infections in a system.
-## Usage
+Learn more from the following resources:
 The basic syntax of `head` command is as follows:
 ```
 head [options] [file(s)]
 ```
 Where `options` are flags that could be used to modify the output and `[file(s)]` are the input file(s) for which you want to display the first few lines.
 ## Examples
 - Display the first 10 lines of a file:
 ```
 head myfile.txt
 ```
 - You can change the number of lines to display using `-n` flag:
 ```
 head -n 20 myfile.txt
 ```
 - To display the first 5 lines of multiple files:
 ```
 head -n 5 file1.txt file2.txt
 ```
 - Another helpful flag is `-q` or `--quiet`, which avoids displaying file headers when viewing multiple files:
 ```
 head -q -n 5 file1.txt file2.txt
 ```
 ## Application in Incident Response
 During an incident response, the `head` command helps to quickly analyze logs and files to identify potential malicious activity or errors. You can use `head` to peek into logs at the early stages of an investigation, and once you have gathered enough information, you can move on to more advanced tools to analyze the data in depth.
 For example:
 - Check the first 5 lines of the system log for any potential issues:
 ```
 head -n 5 /var/log/syslog
 ```
 - Analyze the beginning of a large log file without loading the entire file:
 ```
 head -n 100 /var/log/large-log-file.log
 ```
-In summary, the `head` command is a handy tool for preliminary analysis of log files that can save crucial time during an incident response. However, for more in-depth analysis, other tools and techniques should be employed.
+- [@video@Head and Tail commands](https://www.youtube.com/watch?v=5EqL6Fc7NNw)
 - [@article@The Head and Tail commands in Linux](https://www.baeldung.com/linux/head-tail-commands)
--- a/src/data/roadmaps/cyber-security/content/honeypots@bj5YX8zhlam0yoNckL8e4.md
+++ b/src/data/roadmaps/cyber-security/content/honeypots@bj5YX8zhlam0yoNckL8e4.md
@ -1,35 +1,8 @@
 # Honeypots
-A **honeypot** is a security measure that is designed to lure and trap potential cyber attackers, usually by posing as a vulnerable system or network. Honeypots can be a valuable tool in understanding the various tactics used by malicious actors, which allows security professionals to develop better strategies for defending against these attacks. In this section, we will explore the different types of honeypots, their uses, and some important considerations when implementing them.
+Honeypots are decoy systems or networks designed to attract and detect unauthorized access attempts by cybercriminals. These intentionally vulnerable resources mimic legitimate targets, allowing security professionals to study attack techniques, gather threat intelligence, and divert attackers from actual critical systems. Honeypots can range from low-interaction systems that simulate basic services to high-interaction ones that replicate entire network environments. They serve multiple purposes in cybersecurity: early warning systems for detecting new attack vectors, research tools for understanding attacker behavior, and diversions to waste hackers' time and resources. However, deploying honeypots requires careful consideration, as they can potentially introduce risks if not properly isolated from production environments. Advanced honeypots may incorporate machine learning to adapt to evolving threats and provide more convincing decoys. While honeypots are powerful tools for proactive defense, they should be part of a comprehensive security strategy rather than a standalone solution.
-## Types of Honeypots
+Learn more from the following resources:
-There are several different types of honeypots that can be implemented, each with unique features and capabilities. Some common types include:
+- [@video@What is a Honeypot?](https://www.youtube.com/watch?v=FtR9sFJlkSA)
-
+- [@article@How Honeypots help security](https://www.kaspersky.com/resource-center/threats/what-is-a-honeypot)
 - **Low-Interaction Honeypots**: These honeypots simulate a limited set of services or vulnerabilities to lure attackers. They require minimal resources and are easier to set up than other types of honeypots. They are often used to gather basic information about attacker behavior and techniques.
 - **High-Interaction Honeypots**: These honeypots simulate a complete and realistic environment, often running full operating systems and services. They are resource-intensive but provide a more in-depth understanding of attacker behavior and can be used to identify more sophisticated threats.
 - **Research Honeypots**: These honeypots are designed specifically for the purpose of collecting detailed information about attacker methods and motives for further analysis. They often require advanced knowledge and resources to maintain but provide valuable intelligence.
 ## Uses of Honeypots
 Honeypots have several uses in the cybersecurity landscape:
 - **Identify new threats**: Honeypots can help security professionals identify new attack methods, malware, or other threats before they affect real systems.
 - **Distract attackers**: By presenting a seemingly vulnerable target, honeypots can divert attackers' attention from actual critical systems, thus providing an additional layer of security.
 - **Collect attack data**: By carefully monitoring interactions with honeypots, security professionals can gather valuable information on attacker behavior, tactics, and techniques, further improving cyber defense strategies.
 ## Important Considerations
 While honeypots can be powerful tools in a security professional's arsenal, there are some important factors to consider:
 - **Ethics and legality**: It's crucial to ensure that all honeypot activities are conducted ethically and within the boundaries of the law. In some jurisdictions, certain activities surrounding honeypots (such as trapping attackers) may be illegal or require specific permissions.
 - **Risk of compromise**: Honeypots can add another attack surface, which can be exploited by attackers if not adequately secured or maintained. If an attacker determines that a system is a honeypot, they may decide to attack the network further or launch more targeted attacks.
 - **Maintenance and resources**: Developing and maintaining honeypots can be resource-intensive, requiring dedicated systems or virtual machines, expertise in system administration, and ongoing monitoring.
 It's important to carefully weigh the benefits and risks of implementing honeypots and ensure they are used responsibly and strategically within your cybersecurity plan.
--- a/src/data/roadmaps/cyber-security/content/host-based-firewall@jWl1VWkZn3n1G2eHq6EnX.md
+++ b/src/data/roadmaps/cyber-security/content/host-based-firewall@jWl1VWkZn3n1G2eHq6EnX.md
@ -0,0 +1,8 @@
 # Host-based Firewall
 A host-based firewall is a software application that runs directly on individual devices, such as computers, servers, or mobile devices, to control network traffic to and from that specific host. It acts as a security barrier, monitoring and filtering incoming and outgoing network connections based on predefined rules. Host-based firewalls provide an additional layer of protection beyond network firewalls, allowing for more granular control over each device's network activities. They can block unauthorized access attempts, prevent malware from communicating with command and control servers, and restrict applications from making unexpected network connections. This approach is particularly valuable in environments with mobile or remote workers, where devices may not always be protected by corporate network firewalls. However, managing host-based firewalls across numerous devices can be challenging, requiring careful policy configuration and regular updates to maintain effective security without impeding legitimate user activities.
 Learn more from the following resources:
 - [@article@What is a host-based firewall?](https://www.paloaltonetworks.com/cyberpedia/what-is-a-host-based-firewall)
 - [@video@Host-based Firewalls](https://www.youtube.com/watch?v=aRHhm980oaE)
--- a/Show More
+++ b/Show More
`@ -22,4 +22,5 @@ When we talk about differences in the context of cybersecurity, they can refer t`

	`- Threat Differences: Various types of cyber threats exist (e.g., malware, phishing, denial-of-service attacks), and it is crucial to understand their differences in order to implement the most effective countermeasures.`	`- Threat Differences: Various types of cyber threats exist (e.g., malware, phishing, denial-of-service attacks), and it is crucial to understand their differences in order to implement the most effective countermeasures.`

	`To sum up, keeping up with different versions of software and understanding the differences between technologies and threats are vital steps in maintaining a strong cyber security posture. Always update your software to the latest version, and continuously educate yourself on emerging threats and technologies to stay one step ahead of potential cyber attacks.`	`Learn more from the following resources:`