RoadMap

Free Certification link

• add free cloud security certification
• [101] Introduction to Open Source Security & Dependency Management
• [201]Implementing Open Source Security & Dependency Management
• Implementing Open Source Security & Dependency Management
• Operationalizing Cloud Security with Deepfence ThreatMapper

Process link

1. Starter Guide link

• AWS - Amazon Web Services
• Azure - Azure
• GCP - Google Cloud Platform

2. CTF - Capture The flag link

• HackTheBox
• TryHackMe
• VulnHub
• picoCTF
• SANS Holiday Hack Challenge

3. Security Skills link

1. Common Hacking Tools
2. Common Exploit Frameworks
3. Defense in Depth
4. Runbooks
5. Basics of Forensics
6. Basics and Concepts of Threat Hunting
7. Basics of Vulnerability Management
8. Penetration Testing Rules of Engagement
9. Core Concepts of Zero Trust
10. Roles of Compliance and Auditors
11. Understand the Definition of Risk
12. Understand Backups and Resiliency
13. Cyber Kill Chain
14. MFA and 2FA
15. Operating System Hardening
16. Understand the Concept of Isolation
17. Basics of IDS and IPS
18. Authentication vs Authorization
19. Blue Team vs Red Team vs Purple Team
20. False Negative / False Positive
21. Basics of Threat Intel, OSINT
22. Understand Handshakes
23. Understand CIA Triad
24. Web Based Attacks and OWASP 10
25. Learn how Malware Operates and Types

Tools for Insidence Response and Discovery link

1. Nmap
2. tracert
3. nslookup
4. dig
5. curl
6. ipconfig
7. hping
8. ping
9. arp
10. cat
11. dd
12. head
13. tail
14. grep
15. wireshark
16. winhex
17. memdump
18. FTK Imager
19. autopsy

Understanding Framework link

1. ATT&CK
2. Kill chain
3. Diamond Model

Understand Common Stander link

1. ISO
2. NIST
3. RMF
4. CIS
5. CSF

Understanding link

1. SIEM
2. SOAR

Common Distro For hacking link

1. ParrotOS
2. Kali Linux

Understanding Tools for intended purpose link

1. LOLBAS

Learn how to find use these logs link

1. Event Logs
2. Packet Capturing
3. Syslogs
4. netflow
5. Firewall logs

Understanding Hardening Concept link

1. MAC-based
2. NAC-based
3. Port Blocking
4. Group Policy
5. ACLs
6. Sinkholes
7. Patching
8. Jump Server
9. Endpoint Security

Basics of Cryptography link

1. Salting
2. Hashing
3. Key Exchange
4. PKI
5. Pvt Key vs Pub Key
6. Obfuscation

Understanding Secure and Unsecure Protocol link

1. FTP vs SFTP
2. SSL vs TLS
3. SSL vs TLS
4. DNSSEC
5. LDAPS
6. SRTP
7. S/MIME

Understand the Incident Response Process link

1. Preparation
2. Identification
3. Containment
4. Eradication
5. Recovery
6. Lessons Learned
   • Post-Incident Review
   • Root Cause Analysis
   • Update Policies and Procedures
   • Conduct Employee Training
   • Document the Incident

Understand Threat Classification link

1. Zero Day
2. Known vs Unknown
3. APT

Attack types and Diffences link

1. Phishing vs Vishing vs Whaling vs Smishing
2. Spam vs Spim
3. Shoulder Surfing
4. Dumpster Diving
5. Tailgating
6. Zero Day
7. Social Engineering
8. Reconnaissance
9. Impersonation
10. Watering Hole Attack
11. Drive by Attack
12. Typo Squatting
13. Brute Force vs Password Spray

Common Network base attacks link

1. DoS vs DDoS
2. MITM
3. ARP Poisoning
4. Evil Twin
5. DNS Poisoning
6. Spoofing
7. Deauth Attack
8. VLAN Hopping
9. Rogue Access Point
10. War-driving/dialing

11. Buffer Overflow
12. Memory Leak
13. XSS
14. SQL Injection
15. CSRF
16. Replay Attack
17. Pass the Hash
18. Directory Traversal

Understanding Common Tools link

1. VirusTotal
2. Joe Sandbox
3. any.run
4. urlvoid
5. urlscan
6. WHOIS