JulienTips by Gabrielle B.
Dernière mise à jour : 18 juin
Please note that this article will be updated regularly. Put it in your favorites!
[FREE RESOURCES / PENTEST REPORT]
Want to upgrade your reporting skills?
A good report is beneficial for your customer. That’s why you need good writing skills!
You need to be able to explain complex concepts in a simple way for the executive summary.
For the vulnerability report, you have to explain your steps clearly.
Also, do not forget to keep a base of templates so that you can reuse them and adapt them to your new context without having to rewrite the whole thing.
Check out my article about this here:
https://csbygb.gitbook.io/pentips/reporting/pentest-report
BONUS: Want to take efficient notes on the go, you can use cherry tree: https://www.giuspen.com/cherrytree/
Check my comment below for other great resources for reporting! 👇
Check out this report, because reading other people's reports is really helpful to make yours better.
Radically Open security report: https://www.ushahidi.com/uploads/post-images/REP-20170303-vv1-pen-otf-ushahidi-pentest_Redacted.pdf
Check out this other tools for notekeeping:
[FREE RESOURCES / PENTEST - OSINT]
Want to specialize?
There are many options!
After mastering the fundamentals, basics, and sophisticated attacks, you can go further and find one or two specializations to give you more prospects in the job market.
Today I will share resources for those who wish to learn more about OSINT and maybe specialize in it!
OSINT is often part of a pentest, but you could also become an OSINT specialist!
Check out The Ultimate OSINT collection by Hatless1der: https://start.me/p/DPYPMz/the-ultimate-osint-collection
BONUS: A 5 hours free course by TCM
More resources in comment
COMMENT: Follow OsintCurio.us! They share tons of articles about OSINT: https://osintcurio.us/
[𝐅𝐑𝐄𝐄 𝐑𝐄𝐒𝐎𝐔𝐑𝐂𝐄𝐒 / 𝐏𝐄𝐍𝐓𝐄𝐒𝐓 - 𝐌𝐎𝐁𝐈𝐋𝐄 𝐀𝐏𝐏] 𝟐
Want to specialize?
There are many options!
After mastering the fundamentals, basics, and sophisticated attacks, you can go further and find one or two specializations to give you more prospects in the job market.
Today I will share resources for those who wish to learn more about 𝐌𝐨𝐛𝐢𝐥𝐞 𝐀𝐩𝐩 𝐏𝐞𝐧𝐭𝐞𝐬𝐭 and maybe specialize in it! 📱📱
[𝐓𝐇𝐄𝐎𝐑𝐘] Check out this great blog post on Hackthebox
https://www.hackthebox.com/blog/intro-to-mobile-pentesting
[𝐏𝐑𝐀𝐂𝐓𝐈𝐂𝐄]
IOS with https://github.com/prateek147/DVIA-v2 by prateek147
Android with this list of intentionally vulnerable apps from The Dark Source: https://thedarksource.com/vulnerable-android-apps/
[𝐁𝐎𝐍𝐔𝐒] Check out Nahamsec resources for beginner bug bounty hunters on mobile App
https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters/blob/master/assets/mobile.md
More resources in comment 👇👇
𝐒𝐇𝐀𝐑𝐄 - Do you know other good resources on mobile app pentest? Share them in the comment
COMMENT: Check out this course by ASecurity with Abraham Aranguren and John Hammond
https://www.youtube.com/watch?v=OscXnj0kqj4
[𝗙𝗥𝗘𝗘 𝗥𝗘𝗦𝗢𝗨𝗥𝗖𝗘𝗦 / 𝗣𝗘𝗡𝗧𝗘𝗦𝗧 - 𝗖𝗟𝗢𝗨𝗗] 𝟯
Want to specialize?
There are many options!
After mastering the fundamentals, basics, and sophisticated attacks, you can go further and find one or two specializations to give you more prospects in the job market.
Today I will share resources for those who wish to learn more about 𝗖𝗟𝗢𝗨𝗗 Pentest and maybe specialize in it! ☁️☁️
Check out these methodologies on PayloadAllTheThings
[𝐁𝐎𝐍𝐔𝐒]
Checkout this Cloud Pentest CheatsSheets by dafthack
https://github.com/dafthack/CloudPentestCheatsheets
More resources in comment 👇👇
𝐒𝐇𝐀𝐑𝐄 - Do you know other good resources on Cloud pentest? Share them in the comment
Comment
Check out this great blog post on Hackthebox
https://www.hackthebox.com/blog/intro-cloud-pentesting
[𝗙𝗥𝗘𝗘 𝗥𝗘𝗦𝗢𝗨𝗥𝗖𝗘𝗦 / 𝗣𝗘𝗡𝗧𝗘𝗦𝗧 - 𝗜𝗖𝗦] 𝟰
Want to specialize?
There are many options!
After mastering the fundamentals, basics, and sophisticated attacks, you can go further and find one or two specializations to give you more prospects in the job market.
Today I will share resources for those who wish to learn more about 𝗜𝗖𝗦 (Industrial Control System) and maybe specialize in it!
Check out Robert M Lee’s Collection of Resources for Getting Started in ICS/SCADA Cybersecurity
https://www.robertmlee.org/a-collection-of-resources-for-getting-started-in-icsscada-cybersecurity/
[𝐁𝐎𝐍𝐔𝐒]
Check out John Hammond’s video on Attacking ICS Devices:
https://www.youtube.com/watch?v=1txnyN_3_zk&ab_channel=JohnHammond
Comment
Check out this comprehensive guide on Mission Secure
https://www.missionsecure.com/ot-cybersecurity
[FREE RESOURCES / REVERSE ENGINEERING]
Pentesting can be at the intersection of several areas.
In this series I will suggest some of these areas where having an understanding of pentesting can help you in your practice.
Check out Amanda Rousseau Malware Unicorn’s workshop and labs here: https://malwareunicorn.org/workshops/re101.html#11
Practice with Kevin Thomas’ tutorial: https://github.com/mytechnotalent/Reverse-Engineering#readme
More resources in comment 👇👇
𝐒𝐇𝐀𝐑𝐄 - Do you know other good resources on Reverse Engineering? Share them in the comment
Comment Check out this Intro to reverse Engineering: https://opensecuritytraining.info/IntroductionToReverseEngineering.html
[FREE RESOURCES / PURPLE TEAM] - 2
Pentesting can be at the intersection of several areas.
In this Series I will suggest some of these areas where having an understanding of pentesting can help you in your practice.
Check out this amazing study on Enterprise Purple Teaming by Xena Olsen, Ch33r10 https://github.com/ch33r10/EnterprisePurpleTeaming
Get the book Purple Teaming for dummies by Jonathan Relber Ben Opel Carl Wright for free here:
https://attackiq.com/lp/purple-teaming-for-dummies/
Check out this article by Scythe on why and how you can go purple https://www.scythe.io/library/actionable-purple-teaming-why-and-how-you-can-and-should-go-purple
More resources in comment 👇👇
𝐒𝐇𝐀𝐑𝐄 - Do you know other good resources on Purple Team? Share them in the comment
Comment
Have look at Scythe Exercise framework https://github.com/scythe-io/purple-team-exercise-framework/blob/master/PTEFv2.md
Check out these courses on Attack.IQ https://academy.attackiq.com/learning-paths/purple-teaming
[𝗙𝗥𝗘𝗘 𝗥𝗘𝗦𝗢𝗨𝗥𝗖𝗘𝗦 - 𝗖𝗬𝗕𝗘𝗥𝗦𝗘𝗖𝗨𝗥𝗜𝗧𝗬 𝗣𝗢𝗗𝗖𝗔𝗦𝗧𝗦 𝗔𝗡𝗗 𝗕𝗟𝗢𝗚𝗦]
A good way to have a more holistic approach to Cybersecurity is to listen to podcasts or to read blogs.
It is an entertaining way to learn and you get to hear about people in the industry from wherever you are!
Check out Phillip Wylie’s Podcast on ITSP Magazine “The Hacker Factory” here: https://www.itspmagazine.com/the-hacker-factory-podcast
And if you enjoyed why not voting for it for the European Cybersecurity Awards here: https://docs.google.com/forms/d/e/1FAIpQLSdNDzjvToMSq36YkIHQWwhma90SR0E9rLndflZ3Cu_gVI2Axw/viewform
Check out Christophe Foulon’s podcast here: https://podcasts.apple.com/us/podcast/breaking-into-cybersecurity/id1463136698
You are more of a reader? 🤓 I’ve got your back! Check this great blog Security Queens
And guess what! You can also vote for them for the European Cybersecurity Awards!
Have a look at Daniel Miessler’s Blog: https://danielmiessler.com/
More resources in comment 👇👇
𝐒𝐇𝐀𝐑𝐄 - Do you know other good blogs or podcast? Please share them in the comment!
Comment
Check out the Focal Point Podcast by Angela Marafino and Chantel Sims on ITSP Magazine here: https://www.itspmagazine.com/focal-point-podcast
Have a look at Your Cyber Path podcast: https://www.yourcyberpath.com/podcasts/
Check out the different shows on Hacker Valley: https://hackervalley.com/
[𝗙𝗥𝗘𝗘 𝗥𝗘𝗦𝗢𝗨𝗥𝗖𝗘𝗦 - 𝗧𝗵𝗿𝗲𝗮𝘁 𝗺𝗼𝗱𝗲𝗹𝗶𝗻𝗴] - 𝟯
Pentesting can be at the intersection of several areas.
In this series I will suggest some of these areas where having an understanding of pentesting can help you in your practice.
Lately, we see more and more Threat modeling integrated with pentest processes.
Check out this session about threat modeling on Hackerone: https://www.hacker101.com/sessions/threat_modeling.html
Stay in track with this Threat modeling cheat sheet on OWASP: https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Threat_Modeling_Cheat_Sheet.md
[BONUS] Check out this list of Threat modeling resources on Infosec reference by Robert musser: https://rmusser.net/git/admin-2/Infosec_Reference/src/commit/d44538cb60d7d3ad64880feb45e05362382e550a/Draft/Threat%20Modeling.md
More resources in comment 👇👇
𝐒𝐇𝐀𝐑𝐄 - Do you know other resources about Threat Modeling? Please share them in the comment!
Comment
Check out the Threat modeling manifesto here: https://www.threatmodelingmanifesto.org/
[FREE RESOURCES - Secure Code Review]
Want to specialize?
There are many options!
After mastering the fundamentals, basics, and sophisticated attacks, you can go further and find one or two specializations to give you more prospects in the job market.
Moreover, for white box pentest engagements you will have to do code review.
Check out this free introduction to Secure Code Review on Pentesterlab: https://pentesterlab.com/exercises/codereview/course
Check out this security training platform for devs: https://www.hacksplaining.com/
BONUS: Want to make a vulnerable PHP App? Check out this video by Wesley (The XSS Rat) Thijs https://youtu.be/e_dLSVpQy40
𝐒𝐇𝐀𝐑𝐄 - Do you know other resources? Please share them in the comment
Comment
Check out Tanya Janca’s book Alice and Bob learn Application Security https://www.amazon.ca/Alice-Bob-Learn-Application-Security/dp/1119687357
[FREE RESOURCES - Cybersecurity Job hunting]
Finding a new position can be tricky.
Here are a few resources to help you out.
Check out this article by Jay Jay Davey on “How to use Linkedin”: https://www.linkedin.com/pulse/how-use-linkedin-jay-jay-davey-/
Get Advice on writing a Cyber Resume with Joe Hudson here: https://www.youtube.com/watch?v=5T_u7l-t56g&list=PL4Q-ttyNIRArEf_K0V418lc6tjYEdJn4A&index=4
Get ready for your interview with these questions
https://www.springboard.com/blog/cybersecurity/25-cybersecurity-job-interview-questions-and-answers/
BONUS: Optimize your resume here https://www.jobscan.co/ to get past the applicant tracking systems (ATS)
More resources in comment 👇👇
𝐒𝐇𝐀𝐑𝐄 - Do you know other resources? Please share them in the comment
Comment
Check out this article on how to hack into a cyberse
curity career: