Notes:
-Try Hack Me

Computer Science Basics

Pre Security

Introduction to Cyber Security

Network Fundamentals

How The Web Works

Linux Fundamentals

Windows Fundamentals

Windows Fundamentals 1
Windows Fundamentals 2
Windows Fundamentals 3

Cyber Security Foundations

Cyber Security 101

Start Your Cyber Security Journey

Linux Fundamentals

Windows and AD Fundamentals

Windows Fundamentals 1
Windows Fundamentals 2
Windows Fundamentals 3
Active Directory Basics

Command Line

Networking

Networking Concepts
Networking Essentials
Networking Core Protocols
Networking Secure Protocols
Wireshark: The Basics
Tcpdump: The Basics
Nmap: The Basics

Cryptography

Cryptography Basics
Public Key Cryptography Bascs
Hashing Basics
John the Ripper: The Basics

Exploitation Basics

Moniker Link (CVE-2024-21413)
Metasploit: Introduction
Metasploit: Exploitation
Metasploit: Meterpreter
Blue

Web Hacking

Web Application Basics
JavaScript Essentials
SQL Fundamentals
Burp Suite: The Basics
OWASP Top 10 - 2021

Offensive Security Tooling

Hydra
Gobuster: The Basics
Shells Overview
SQLMap: The Basics

Defensive Security

Defensive Security Intro
SOC Fundamentals
Digital Forensics Fundamentals
Incident Response Fundamentals
Logs Fundamentals

Security Solutions

Introduction to SIEM
Firewall Fundamentals
IDS Fundamentals
Vulnerability Scanner Overview

Defensive Security Tooling

CyberChef: The Basics
CAPA: The Basics
REMnux: Getting Started
FlareVM: Arsenal of Tools

Build Your Cyber Security Career

Security Principles
Careers in Cyber
Training Impact on Teams

Security Analyst

SOC Level 1

Cyber Defence Frameworks

Junior Security Analyst Intro
Pyramid of Pain
Cyber Kill Chain
Unified Kill Chain
Diamond Model
MITRE
Summit
Eviction

Cyber Threat Intelligence

Intro to Cyber Threat Intel
Threat Intelligence Tools
Yara
OpenCTI
MISP
Friday Overtime
Trooper

Network Security and Traffic Analysis

Traffic Analysis Essentials
Snort
Snort Challenge - The Basics
Snort Challenge - Live Attacks
NetworkMiner
Zeek
Zeek Exercises
Brim
Wireshark: The Basics
Wireshark: Packet Operations
Wireshark: Traffic Analysis
TShark: The Basics
TShark: CLI Wireshark Features
TShark Challenge I: Teamwork
TShark Challenge II: Directory

Endpoint Security Monitoring

Intro to Endpoint Security
Core Windows Processes
Sysinternals
Windows Event Logs
Sysmon
Osquery: The Basics
Wazuh
Monday Monitor
Retracted

Security Information and Event Management

Introduction to SIEM
Investigating with ELK 101
ItsyBitsy
Splunk: Basics
Incident handling with Splunk
Investigating with Splunk
Benign

Digital Forensics and Incident Response

DFIR: An Introduction
Windows Forensics 1
Windows Forensics 2
Linux Forensics
Autopsy
Redline
KAPE
Volatility
Velociraptor
TheHive Project
Intro to Malware Analysis
Unattended
Disgruntled
Critical
Secret Recipe

Phishing

Phishing Analysis Fundamentals
Phishing Emails in Action
Phishing Analysis Tools
Phishing Prevention
The Greenhold Phish
Snapped Phish-ing Line

SOC Level 1 Capstone Challenges

Tempest
Boogeyman 1
Boogeyman 2
Boogeyman 3

SOC Level 2

Log Analysis

Intro to Logs
Log Operations
Intro to Log Analysis

Advanced Splunk

Splunk: Exploring SPL
Splunk: Setting up a SOC Lab
Splunk: Dashboards and Reports
Splunk: Manipulation
Fixit

Advanced ELK

Logstash: Data Processing Unit
Custom Alert Rules in Wazuh
Advanced ELK Queries
Slingshot

Detection Engineering

Intro to Detection Engineering
Tactical Detecetion
Threat Intelligence for SOC
Sigma
SigHunt
Aurora EDR
SOAR

Threat Hunting

Threat Hunting: Introduction
Threat Hunting: Foothold
Threat Hunting: Pivoting
Threat Hunting: Endgame
Hunt Me I: Payment Collectors
Hunt Me II: Typo Squatters

Threat Emulation

Intro to Threat Emulation
Threat Modelling
Atomic Red Team
CALDERA
Atomic Bird Goes Purple #1
Atomic Bird Goes Purple #2

Incident Response

Preparation
Identification & Scoping
Threat Intel & Containment
Eradiction & Remediation
Lessons Learned
Tardigrade

Malware Analysis

x86 Architecture Overview
x86 Assembly Crash Course
Windows Internals
Dissecting PE Headers
Basic Static Analysis
MalBuster
Advanced Static Analysis
Basic Dynamic Analysis
Dynamic Analysis: Debugging
Anti-Reverse Engineering
MalDoc: Static Analysis

Penetration Tester

Jr Penetration Tester

Introduction to Cyber Security

Introduction to Pentesting

Pentesting Fundamentals
Principles of Security

Introduction to Web Hacking

Walking An Application
Content Discovery
Subdomain Enumeration
Authentication Bypass
IDOR
File Inclusion
Intro to SSRF
Intro to Cross-site Scripting
Command Injection
SQL Injection

Burp Suite

Burp Suite: The Basics
Burp Suite: Repeater
Burp Suite: Intruder
Burp Suite: Other Modules
Burp Suite: Extensions

Network Security

Passive Reconnaissance
Active Reconaissance
Nmap Live Host Discovery
Nmap Basic Port Scans
Nmap Advanced Port Scans
Nmap Post Port Scans
Protocols and Servers
Protocols and Servers 2
Net Sec Challenge

Vulnerability Research

Vulnerabilities 101
Exploit Vulnerabilities
Vulnerability Capstone

Metasploit

Metasploit: Introduction
Metasploit: Exploitation
Metasploit: Meterpreter

Privilege Escalation

What the Shell?
Linux Privilege Escalation
Windows Privilege Escalation

Web Fundamentals

How The Web Works

Introduction to Web Hacking

Walking An Application
Content Discovery
Subdomain Enumeration
Authentication Bypass
IDOR
File Inclusion
Intro to SSRF
Intro to Cross-site Scripting
Command Injection
SQL Injection

Burp Suite

Burp Suite: The Basics
Burp Suite: Repeater
Burp Suite: Intruder
Burp Suite: Other Modules
Burp Suite: Extensions

Web Hacking Fundamentals

How Websites Work
HTTP in Detail
Burp Suite: The Basics
OWASP Top 10 - 2021
OWASP Juice Shop
Upload Vulnerabilities
Pickle Rick

Web Application Pentesting

Authentication

Enumeration & Brute Force
Session Management
JWT Security
OAuth Vulnerabilities
Multi-Factor Authentication
Hammer

Injection Attacks

Advanced SQL Injection
NoSQL Injection
XXE Injection
Server-side Template Injection
LDAP Injection
ORM Injection
Injectics

Advanced Server-Side Attacks

Insecure Deserialisation
SSRF
File Inclusion, Path Traversal
Race Conditions
Prototype Pollution
Include

Advanced Client-Side Attacks

XSS
CSRF
DOM-Based Attacks
CORS & SOP
Whats Your Name?

HTTP Request Smuggling

HTTP Request Smuggling
HTTP/2 Request Smuggling
Request Smuggling: WebSockets
HTTP Browser Desync
El Bandito

Red Teaming

Red Team Fundamentals

Red Team Fundamentals
Red Team Engagements
Red Team Threat Intel
Red Team OPSEC
Intro to C2

Initial Access

Red Team Recon
Weaponization
Password Attacks
Phishing

Post Compromise

The Lay of the Land
Enumeration
Windows Privilege Escalation
Windows Local Persistence
Lateral Movement and Pivoting
Data Exfiltration

Host Evasions

Windows Internals
Introduction to Windows API
Abusing Windows Internals
Introduction to Antivirus
AV Evasion: Shellcode
Obfuscation Principles
Signature Evasion
Bypassing UAC
Runtime Detection Evasion
Evading Loggin and Monitoring
Living Off the Land

Network Security Evasion

Network Security Solutions
Firewall
Sandbox Evasion

Compromising Active Directory

Active Directory Basics
Breaching Active Directory
Enumerating Active Direcoty
Lateral Movement and Pivoting
Exploiting Active Directory
Persisting Active Directory
Credentials Harvesting

Security Engineer

Introduction to Security Engineering

Security Engineering Intro
Security Principles
Introduction to Cryptography
Identity and Access Management

Threats and Risks

Governance & Regulation
Threat Modelling
Risk Management
Vulnerability Managment

Network and System Security

Secure Network Architecture
Linux System Hardening
Microsoft Windows Hardening
Active Directory Hardening
Network Device Hardening
Network Security Protocols
Virtualization and Containers
Intro to Cloud Security
Auditing and Monitoring

Software Security

OWASP Top 10 - 2021
OWASP API Security Top 10 - 1
OWASP API Security Top 10 - 2
SSDLC
SAST
DAST
Weaponizing Vulnerabilities
Introduction to DevSecOps
Mother's Secret
Traverse

Managing Incidents

Intro to IR and IM
Logging for Accountability
Becoming a First Responder
Cyber Crisis Management

DevSecOps

Secure Software Development

Introduction to DevSecOps
SDLC
SSDLC

Security of the Pipeline

Intro to Pipeline Automation
Source Code Security
CI/CD and Build Security

Security in the Pipeline

Dependency Management
SAST
DAST
Mother's Secret

Container Security

Intro to Containerisation
Intro to Docker
Intro to Kubernetes
Container Vulnerabilities
Container Hardening

Infrastructure as Code

Intro to IaC
On-Premises IaC
Cloud-based IaC

Attacking and Defending AWS

Introduction to AWS

AWS: Cloud 101
AWS Basic Concepts

Introduction to IAM

Introduction to AWS IAM
IAM Principals
IAM Permissions
IAM Credentials
Resource Policies & SCPs
The Quest for Least Privilege
STS Credentials Lab

Attacking and Defending Core Services

AWS S3 - Attack and Defense
Amazon EC2 - Attack and Defense
AWS VPC - Attack and Defense
AWS VPC - Data Exfiltration

Attacking and Defending Serverless

AWS Lambda
Lambda - Data Exfiltration
AWS API Gateway

IAM Privilege Escalation