Practical Cyber Security Resources 🌟

This repository contains a curated list of resources I suggest on LinkedIn and Twitter.📝🌝 I hope you find it useful.🌸😌

In addition, other platforms where you can connect with me for articles, repositories, and more that I will publish in the new year;

• https://www.linkedin.com/in/brcyrr/

• https://twitter.com/brcyrr

• https://medium.com/@brcyrr

Contents

• Pentest General Resources
• Web Pentest
• Mobile Pentest
• Cloud Security & Pentest
• Bug Bounty
• OSINT & Google Dorks
• API Security & Pentest
• Active Directory
• Red Teaming
• Exploit Development
• AppSec & Code Review
• DevSecOps
• CTFs & Writeups
• Social Engineering
• Certifications
• Roadmaps
• Security Architecture
• IoT Security
• Container Security
• Blockchain Security
• Threat Modelling
• Kubernetes Security
• General Resources

Happy hunting❗️👻

Pentest General Resources 📝

• https://github.com/enaqx/awesome-pentest

• https://blog.compass-security.com/2019/10/hacking-tools-cheat-sheet/

• https://www.ired.team/offensive-security-experiments/offensive-security-cheetsheets

• https://github.com/Hack-with-Github/Awesome-Hacking

• https://github.com/juliocesarfort/public-pentesting-reports

• https://github.com/vlakhani28/Cyber-Security-Resources

• https://github.com/wtsxDev/Penetration-Testing

• https://github.com/wwong99/pentest-notes

• https://github.com/Kitsun3Sec/Pentest-Cheat-Sheets

• https://github.com/husnainfareed/Awesome-Ethical-Hacking-Resources

• https://github.com/Samsar4/Ethical-Hacking-Labs

• https://github.com/swisskyrepo/PayloadsAllTheThings

• https://github.com/netbiosX/Checklists

• https://hariprasaanth.notion.site/hariprasaanth/THICK-CLIENT-PENTESTING-CHECKLIST-35c6803f26eb4c9d89ba7f5fdc901fb0

• https://github.com/SubediBibek-cmd/awesome-network-security

• https://github.com/carpedm20/awesome-hacking

• https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE

• https://www.lifars.com/knowledge-center/python-penetration-testing-cheat-sheet/

• https://github.com/purabparihar/Infrastructure-Pentesting-Checklist

• https://github.com/Orange-Cyberdefense/arsenal/tree/master/mindmap

• https://github.com/RafaelFunchal/wordpress-security-checklist/blob/master/items.md

• https://viperone.gitbook.io/pentest-everything/

• https://s0cm0nkey.gitbook.io/s0cm0nkeys-security-reference-guide/

---

Web Pentest 📝

• https://pentestbook.six2dez.com/others/web-checklist

• https://github.com/Ignitetechnologies/Web-Application-Cheatsheet

• https://infosecwriteups.com/serialization-deserialization-attacks-on-php-d5fb02e29248

• https://github.com/infoslack/awesome-web-hacking

• https://github.com/qazbnm456/awesome-web-security

• https://github.com/5bhuv4n35h/pentestmindmap/blob/master/web_application_penetration_testing.png

• https://guidesmiths.github.io/cybersecurity-handbook/attacks_explained/

• https://github.com/dhaval17/awsome-security-write-ups-and-POCs

• https://hariprasaanth.notion.site/hariprasaanth/WEB-APPLICATION-PENTESTING-CHECKLIST-0f02d8074b9d4af7b12b8da2d46ac998

• https://alike-lantern-72d.notion.site/Web-Application-Penetration-Testing-Checklist-4792d95add7d4ffd85dd50a5f50659c6

---

Mobile Pentest 📝

• https://0xn3va.gitbook.io/cheat-sheets/

• https://github.com/muellerberndt/android_app_security_checklist

• https://medium.com/vakifbank-teknoloji/android-application-security-penetration-tests-1-2da29240093d

• https://github.com/tanprathan/MobileApp-Pentest-Cheatsheet

• https://github.com/vaib25vicky/awesome-mobile-security

---

Cloud Security & Pentest 📝

• https://github.com/dafthack/CloudPentestCheatsheets

• https://github.com/TROUBLE-1/Cloud-Pentesting/blob/main/Note %26 Mind Map/Cloud Pentesting/Attacking Cloud.pdf

• https://raw.githubusercontent.com/5bhuv4n35h/pentestmindmap/master/cloud_penetration_testing.png

• https://github.com/six2dez/pentest-book/tree/master/enumeration/cloud

• https://github.com/Funkmyster/awesome-cloud-security

• https://github.com/4ndersonLin/awesome-cloud-security

• https://github.com/aquasecurity/cloud-security-remediation-guides

---

Bug Bounty 📝

• https://bugbountyforum.com/tools/recon/

• https://infosecwriteups.com/bug-bounty-hunting-methodology-toolkit-tips-tricks-blogs-ef6542301c65

• https://infosecsanyam.medium.com/bug-bounty-methodology-ttp-tactics-techniques-and-procedures-v-2-0-2ccd9d7eb2e2

• https://github.com/djadmin/awesome-bug-bounty#write-ups--authors

• https://github.com/bobby-lin/study-bug-bounty

• https://github.com/hahwul/WebHackersWeapons

• https://github.com/jassics/security-study-plan/blob/main/web-pentest-study-plan.md

• https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters

• https://bughacking.com/best-bug-bounty-platforms/

• https://github.com/tuhin1729/Bug-Bounty-Methodology

• https://github.com/daffainfo/AllAboutBugBounty

• https://www.infosecmatter.com/bug-bounty-tips-1/

• https://www.infosecmatter.com/bug-bounty-tips-2-jun-30/

• https://github.com/sehno/Bug-bounty/blob/master/bugbounty_checklist.md

• https://gowsundar.gitbook.io/book-of-bugbounty-tips/

• https://github.com/Neelakandan-A/BugBounty_CheatSheet

• https://github.com/vavkamil/awesome-bugbounty-tools

• https://github.com/ngalongc/bug-bounty-reference

• https://github.com/YaS5in3/Bug-Bounty-Wordlists

• https://mokhansec.medium.com/what-would-i-do-if-i-start-bug-hunting-from-0-again-79c7fa78b789

• https://bbinfosec.medium.com/collection-of-bug-bounty-tip-will-be-updated-daily-605911cfa248

• https://github.com/imran-parray/Mind-Maps/blob/master/Recon%20-%20Imran%20parray/My-recon.png

---

OSINT & Google Dorks 📝

• https://github.com/jivoi/awesome-osint

• https://github.com/TheBurnsy/Vehicle-OSINT-Collection

• https://blog.blockmagnates.com/open-source-intelligence-osint-996c8d2db362

• https://cyb3r.gitbook.io/pentest-journey/open-source-intelligence-osint-fundamentals/osint-flowcharts

• https://www.bruceclay.com/blog/bing-google-advanced-search-operators/

• https://www.hackthebox.com/blog/What-Is-Google-Dorking

• https://dnsdumpster.com/footprinting-reconnaissance/

• https://github.com/redhuntlabs/Awesome-Asset-Discovery

• https://github.com/Proviesec/google-dorks

---

API Security & Pentest 📝

• https://raw.githubusercontent.com/cyprosecurity/API-SecurityEmpire/main/assets/API Pentesting Mindmap.png

• https://github.com/cyprosecurity/API-SecurityEmpire/blob/main/assets/API Pentesting Mindmap ATTACK.pdf

• https://github.com/shieldfy/API-Security-Checklist

• https://github.com/erev0s/VAmPI

• https://github.com/roottusk/vapi

• https://danaepp.com/beginners-guide-to-api-hacking

• https://bughunters.google.com/learn/presentations/5783688075542528/android-app-hacking-workshop

• https://www.virtuesecurity.com/api-penetration-testing/

• https://university.apisec.ai/

• https://www.productsecurity.ai/course/api-security-training

---

Active Directory 📝

• https://1337red.wordpress.com/building-and-attacking-an-active-directory-lab-with-powershell/

• https://github.com/Integration-IT/Active-Directory-Exploitation-Cheat-Sheet

• https://blog.spookysec.net/ad-lab-1/

• https://blog.spookysec.net/ad-lab-2/

• https://github.com/WazeHell/vulnerable-AD

---

Red Teaming 📝

• https://github.com/yeyintminthuhtut/Awesome-Red-Teaming

• https://github.com/infosecn1nja/Red-Teaming-Toolkit

• https://github.com/0xJs/RedTeaming_CheatSheet

---

Exploit Development 📝

• https://github.com/FabioBaroni/awesome-exploit-development

---

AppSec & Code Review 📝

• https://wehackpurple.com/blogs/page/2/

• https://wehackpurple.com/blogs/page/3/

• https://wehackpurple.com/blogs/page/4/

• https://google.github.io/eng-practices/review/

• https://github.com/MahdiMashrur/Awesome-Application-Security-Checklist

• https://github.com/paragonie/awesome-appsec

• https://erdemstar08.medium.com/source-code-scan-7448df9a1358

• https://erdemstar08.medium.com/java-source-code-scanning-with-maven-fortify-4514b61696b6

• https://erdemstar08.medium.com/ios-source-code-scanning-fortify-b0cca71ab519

• https://erdemstar08.medium.com/android-source-code-scanning-fortify-f218df889eeb

• https://erdemstar08.medium.com/code-scan-with-sast-net-framework-4-8-876d42673c72

• https://erdemstar08.medium.com/code-scan-with-sast-net-core-3-49cb8c742ecc

---

DevSecOps 📝

• https://github.com/sottlmarek/DevSecOps

• https://github.com/hahwul/DevSecOps

• https://github.com/magnologan/awesome-k8s-security

• https://github.com/TaptuIT/awesome-devsecops

• https://github.com/We5ter/Awesome-DevSecOps-Platforms

• https://www.productsecurity.ai/course/devsecops-training

---

CTFs & Writeups 📝

• https://bitvijays.github.io/LFC-VulnerableMachines.html#ctf-series-vulnerable-machines

• https://uppusaikiran.github.io/hacking/Capture-the-Flag-CheatSheet/

• https://htbmachines.github.io/

• https://github.com/Crypto-Cat/CTF

---

Social Engineering 📝

• https://github.com/v2-dev/awesome-social-engineering

---

Certifications 📝

• https://brcyrr.medium.com/recommendations-of-oscp-433a08c86f27

• https://areyou1or0.it/index.php/2021/02/10/finally-oscp-may-the-force-be-with-you/

• https://brcyrr.medium.com/recommendations-review-of-emapt-819e72a27f06

• http://www.mannulinux.org/2022/07/covenant-c2-for-oscp-ad-lab.html

• https://www.mannulinux.org/2022/07/covenant-c2-for-oscp-ad-lab-part-2.html

• https://brcyrr.medium.com/recommendations-review-of-ewptxv2-66a114e450db

• https://brcyrr.medium.com/recommendations-of-oswp-c14ab45ae491

• https://github.com/brcyrr/OSWP

• https://twitter.com/Shubham_pen/status/1537657538795085824

---

Roadmaps 📝

• https://medium.com/@rezaduty/web-penetration-testing-roadmap-4e7bb9edf23b

• https://medium.com/@rezaduty/mobile-penetration-tester-roadmap-f2ec9bd68dcf

• https://github.com/rezaduty/cybersecurity-career-path

• https://github.com/CyberSecurityUP/PenTest-Certifications-Roadmap

---

Security Architecture 📝

• https://zeltser.com/security-architecture-cheat-sheet/

---

IoT Security 📝

• https://github.com/V33RU/IoTSecurity101

• https://github.com/nebgnahz/awesome-iot-hacks

---

Container Security 📝

• https://github.com/krol3/container-security-checklist

• https://www.productsecurity.ai/course/container-security-course

---

Blockchain Security 📝

• https://github.com/xxxeyJ/Awesome-Blockchain-Security

---

Threat Modelling 📝

• https://github.com/hysnsec/awesome-threat-modelling

• https://www.productsecurity.ai/course/threat-modeling-training

---

Kubernetes Security 📝

• https://www.productsecurity.ai/course/kubernetes-security-course

---

General Resources 📝

• https://danielmiessler.com/blog/the-difference-between-a-penetration-test-and-a-red-team-engagement/

• https://kalitut.com/

• https://hackermovie.club/

• https://github.com/PaulSec/awesome-sec-talks

• https://zeltser.com/information-security/

• https://infosecwriteups.com/finding-of-directory-path-in-linux-820be9ae759b

• https://cybersecuritybase.mooc.fi/

• https://www.cyberseek.org/pathway.html

• http://dfir.org/?q=node/8