On this page
rocket_launch
RoadMap
Cloud Security Roadmap
Free Certification
- add free cloud security certification
- [101] Introduction to Open Source Security & Dependency Management
- [201]Implementing Open Source Security & Dependency Management
- Implementing Open Source Security & Dependency Management
- Operationalizing Cloud Security with Deepfence ThreatMapper
Process
1. Starter Guide
- AWS - Amazon Web Services
- Azure - Azure
- GCP - Google Cloud Platform
2. CTF - Capture The flag
- HackTheBox
- TryHackMe
- VulnHub
- picoCTF
- SANS Holiday Hack Challenge
3. Security Skills
- Common Hacking Tools
- Common Exploit Frameworks
- Defense in Depth
- Runbooks
- Basics of Forensics
- Basics and Concepts of Threat Hunting
- Basics of Vulnerability Management
- Penetration Testing Rules of Engagement
- Core Concepts of Zero Trust
- Roles of Compliance and Auditors
- Understand the Definition of Risk
- Understand Backups and Resiliency
- Cyber Kill Chain
- MFA and 2FA
- Operating System Hardening
- Understand the Concept of Isolation
- Basics of IDS and IPS
- Authentication vs Authorization
- Blue Team vs Red Team vs Purple Team
- False Negative / False Positive
- Basics of Threat Intel, OSINT
- Understand Handshakes
- Understand CIA Triad
- Web Based Attacks and OWASP 10
- Learn how Malware Operates and Types
Tools for Insidence Response and Discovery
- Nmap
- tracert
- nslookup
- dig
- curl
- ipconfig
- hping
- ping
- arp
- cat
- dd
- head
- tail
- grep
- wireshark
- winhex
- memdump
- FTK Imager
- autopsy
Understanding Framework
- ATT&CK
- Kill chain
- Diamond Model
Understand Common Stander
- ISO
- NIST
- RMF
- CIS
- CSF
Understanding
- SIEM
- SOAR
Common Distro For hacking
- ParrotOS
- Kali Linux
Understanding Tools for intended purpose
- LOLBAS
Learn how to find use these logs
- Event Logs
- Packet Capturing
- Syslogs
- netflow
- Firewall logs
Understanding Hardening Concept
- MAC-based
- NAC-based
- Port Blocking
- Group Policy
- ACLs
- Sinkholes
- Patching
- Jump Server
- Endpoint Security
Basics of Cryptography
- Salting
- Hashing
- Key Exchange
- PKI
- Pvt Key vs Pub Key
- Obfuscation
Understanding Secure and Unsecure Protocol
- FTP vs SFTP
- SSL vs TLS
- SSL vs TLS
- DNSSEC
- LDAPS
- SRTP
- S/MIME
Understand the Incident Response Process
- Preparation
- Identification
- Containment
- Eradication
- Recovery
- Lessons Learned
- Post-Incident Review
- Root Cause Analysis
- Update Policies and Procedures
- Conduct Employee Training
- Document the Incident
Understand Threat Classification
- Zero Day
- Known vs Unknown
- APT
Attack types and Diffences
- Phishing vs Vishing vs Whaling vs Smishing
- Spam vs Spim
- Shoulder Surfing
- Dumpster Diving
- Tailgating
- Zero Day
- Social Engineering
- Reconnaissance
- Impersonation
- Watering Hole Attack
- Drive by Attack
- Typo Squatting
- Brute Force vs Password Spray
Common Network base attacks
- DoS vs DDoS
- MITM
- ARP Poisoning
- Evil Twin
- DNS Poisoning
- Spoofing
- Deauth Attack
- VLAN Hopping
- Rogue Access Point
- War-driving/dialing
- Buffer Overflow
- Memory Leak
- XSS
- SQL Injection
- CSRF
- Replay Attack
- Pass the Hash
- Directory Traversal
Understanding Common Tools
- VirusTotal
- Joe Sandbox
- any.run
- urlvoid
- urlscan
- WHOIS
Last updated 08 May 2024, 14:49 +0530 .