Ultimate Cloud Security Roadmap

Overview

Free Certification

Process

1. Starter Guide

  • AWS - Amazon Web Services
  • Azure - Azure
  • GCP - Google Cloud Platform

2. CTF - Capture The flag

  • HackTheBox
  • TryHackMe
  • VulnHub
  • picoCTF
  • SANS Holiday Hack Challenge

3. Security Skills

  1. Common Hacking Tools
  2. Common Exploit Frameworks
  3. Defense in Depth
  4. Runbooks
  5. Basics of Forensics
  6. Basics and Concepts of Threat Hunting
  7. Basics of Vulnerability Management
  8. Penetration Testing Rules of Engagement
  9. Core Concepts of Zero Trust
  10. Roles of Compliance and Auditors
  11. Understand the Definition of Risk
  12. Understand Backups and Resiliency
  13. Cyber Kill Chain
  14. MFA and 2FA
  15. Operating System Hardening
  16. Understand the Concept of Isolation
  17. Basics of IDS and IPS
  18. Authentication vs Authorization
  19. Blue Team vs Red Team vs Purple Team
  20. False Negative / False Positive
  21. Basics of Threat Intel, OSINT
  22. Understand Handshakes
  23. Understand CIA Triad
  24. Web Based Attacks and OWASP 10
  25. Learn how Malware Operates and Types

Tools for Insidence Response and Discovery

  1. Nmap
  2. tracert
  3. nslookup
  4. dig
  5. curl
  6. ipconfig
  7. hping
  8. ping
  9. arp
  10. cat
  11. dd
  12. head
  13. tail
  14. grep
  15. wireshark
  16. winhex
  17. memdump
  18. FTK Imager
  19. autopsy

Understanding Framework

  1. ATT&CK
  2. Kill chain
  3. Diamond Model

Understand Common Stander

  1. ISO
  2. NIST
  3. RMF
  4. CIS
  5. CSF

Understanding

  1. SIEM
  2. SOAR

Common Distro For hacking

  1. ParrotOS
  2. Kali Linux

Understanding Tools for intended purpose

  1. LOLBAS

Learn how to find use these logs

  1. Event Logs
  2. Packet Capturing
  3. Syslogs
  4. netflow
  5. Firewall logs

Understanding Hardening Concept

  1. MAC-based
  2. NAC-based
  3. Port Blocking
  4. Group Policy
  5. ACLs
  6. Sinkholes
  7. Patching
  8. Jump Server
  9. Endpoint Security

Basics of Cryptography

  1. Salting
  2. Hashing
  3. Key Exchange
  4. PKI
  5. Pvt Key vs Pub Key
  6. Obfuscation

Understanding Secure and Unsecure Protocol

  1. FTP vs SFTP
  2. SSL vs TLS
  3. SSL vs TLS
  4. DNSSEC
  5. LDAPS
  6. SRTP
  7. S/MIME

Understand the Incident Response Process

  1. Preparation
  2. Identification
  3. Containment
  4. Eradication
  5. Recovery
  6. Lessons Learned
    • Post-Incident Review
    • Root Cause Analysis
    • Update Policies and Procedures
    • Conduct Employee Training
    • Document the Incident

Understand Threat Classification

  1. Zero Day
  2. Known vs Unknown
  3. APT

Attack types and Diffences

  1. Phishing vs Vishing vs Whaling vs Smishing
  2. Spam vs Spim
  3. Shoulder Surfing
  4. Dumpster Diving
  5. Tailgating
  6. Zero Day
  7. Social Engineering
  8. Reconnaissance
  9. Impersonation
  10. Watering Hole Attack
  11. Drive by Attack
  12. Typo Squatting
  13. Brute Force vs Password Spray

Common Network base attacks

  1. DoS vs DDoS
  2. MITM
  3. ARP Poisoning
  4. Evil Twin
  5. DNS Poisoning
  6. Spoofing
  7. Deauth Attack
  8. VLAN Hopping
  9. Rogue Access Point
  10. War-driving/dialing

  1. Buffer Overflow
  2. Memory Leak
  3. XSS
  4. SQL Injection
  5. CSRF
  6. Replay Attack
  7. Pass the Hash
  8. Directory Traversal

Understanding Common Tools

  1. VirusTotal
  2. Joe Sandbox
  3. any.run
  4. urlvoid
  5. urlscan
  6. WHOIS

Membership

Contact

Sangam Biradar