├── .github └── workflows │ └── ci.yaml ├── .gitignore ├── CNAME ├── CONTRIBUTING.md ├── docs ├── CNAME ├── index.md ├── osint │ ├── index.md │ └── links.md └── resource_links │ ├── blogs.md │ ├── bugbounty.md │ ├── challenges.md │ ├── communities.md │ ├── culture.md │ ├── guides.md │ ├── media.md │ ├── metadata.json │ ├── misc.md │ ├── tools.md │ └── training.md ├── mkdocs.yml ├── overrides └── partials │ └── copyright.html └── readme.md /.github/workflows/ci.yaml: -------------------------------------------------------------------------------- 1 | name: ci 2 | on: 3 | push: 4 | branches: 5 | - main 6 | permissions: 7 | contents: write 8 | jobs: 9 | deploy: 10 | runs-on: ubuntu-latest 11 | steps: 12 | - uses: actions/checkout@v3 13 | - uses: actions/setup-python@v4 14 | with: 15 | python-version: 3.x 16 | - run: pip install mkdocs-material 17 | - run: mkdocs gh-deploy --force 18 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # ignore mkdocs venv 2 | venv/ 3 | -------------------------------------------------------------------------------- /CNAME: -------------------------------------------------------------------------------- 1 | infosec.grds.io -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing 2 | A more in-depth contribution guide is coming soon. Please hold tight! 3 | -------------------------------------------------------------------------------- /docs/CNAME: -------------------------------------------------------------------------------- 1 | infosec.grds.io -------------------------------------------------------------------------------- /docs/index.md: -------------------------------------------------------------------------------- 1 | # Infosec Getting Started 2 | The rendered version of my Infosec knowledge base. This site is generated from the content found in my [Github Repository](https://github.com/gradiuscypher/infosec_getting_started). 3 | 4 | Everything under "Resource Links" is from my previous iteration of this knowledge base, but I'd like to start updating and curating these links to provide better context around the information provided. 5 | 6 | Otherwise, as I start to fill them out, individual sections will have things like guides, link collections, and write ups about infosec topics. This is a living document where I plan on collecting anything I find interesting that could be related to infosec. 7 | 8 | # Contributions 9 | Contributions are on hold while I figure out a good contribution guide as well as additional layouts for other information. When this update is complete, an entire contribution guide will be found at the root of this repository. 10 | -------------------------------------------------------------------------------- /docs/osint/index.md: -------------------------------------------------------------------------------- 1 | ??? warning "Under Construction" 2 | This section is currently under construction so might appear a bit empty. Expect this section to change as I include additional content. 3 | 4 | # Open Source Intelligence 5 | !!! abstract "" 6 | "Open-source intelligence (OSINT) is the collection and analysis of data gathered from open sources (covert and publicly available sources) to produce actionable intelligence" - Wikipedia 7 | -------------------------------------------------------------------------------- /docs/osint/links.md: -------------------------------------------------------------------------------- 1 | # Links Collection 2 | * [awesome-intelligence](https://github.com/ARPSyndicate/awesome-intelligence) 3 | * [osintframework](https://osintframework.com/) 4 | -------------------------------------------------------------------------------- /docs/resource_links/blogs.md: -------------------------------------------------------------------------------- 1 | # blogs 2 | Blogs from various sources 3 | 4 | | URL | Description | 5 | | --- | --- | 6 | | [https://gru.gq/blog-feed/](https://gru.gq/blog-feed/) | "From in-depth papers on forensics and anti-forensics, to detailed analysis of events that skirt both international espionage and cyber security." | 7 | | [https://medium.com/@magoo](https://medium.com/@magoo) | "Writing about risk, security, and startups." | 8 | | [https://threatpost.com/](https://threatpost.com/) | "The First Stop For Security News" | 9 | | [https://shop.hak5.org/blogs/news](https://shop.hak5.org/blogs/news) | "At Hak5 we're committed to elevating the information security industry, by educating, equipping and encouraging this all-inclusive community – one where all hackers belong." | 10 | | [https://taosecurity.blogspot.com/](https://taosecurity.blogspot.com/) | "Richard Bejtlich's blog on digital security, strategic thought, and military history." | 11 | | [https://www.schneier.com/](https://www.schneier.com/) | "I am a public-interest technologist, working at the intersection of security, technology, and people." | 12 | -------------------------------------------------------------------------------- /docs/resource_links/bugbounty.md: -------------------------------------------------------------------------------- 1 | # bugbounty 2 | A collection of guides specifically related to bug bounty hunting. 3 | 4 | | URL | Description | 5 | | --- | --- | 6 | | [https://forum.bugcrowd.com/t/researcher-resources-getting-started/115](https://forum.bugcrowd.com/t/researcher-resources-getting-started/115) | A collection of various resource links for bug bounty hunting, hosted by Bugcrowd. | 7 | | [https://forum.bugcrowd.com/t/researcher-resources-how-to-become-a-bug-bounty-hunter/1102](https://forum.bugcrowd.com/t/researcher-resources-how-to-become-a-bug-bounty-hunter/1102) | A collection of getting started guides for bug bounty hunting, hosted by Bugcrowd. | 8 | | [https://www.bugcrowd.com/university/](https://www.bugcrowd.com/university/) | A collection of various training resources for various but bounty techniques | 9 | | [https://bugbountyforum.com/ama/](https://bugbountyforum.com/ama/) | A collection of AMAs (ask me anything) interviews of bug bounty hunters. | 10 | | [https://www.intigriti.com/](https://www.intigriti.com/) | A bug bounty platform. | 11 | | [https://www.bugcrowd.com/](https://www.bugcrowd.com/) | A bug bounty platform. | 12 | | [https://bugbountyforum.com/tools/](https://bugbountyforum.com/tools/) | A collection of other bug bounty tools. | 13 | | [https://www.zerocopter.com/](https://www.zerocopter.com/) | A bug bounty platform. | 14 | | [https://www.youtube.com/watch?v=U41D_d4JQLs](https://www.youtube.com/watch?v=U41D_d4JQLs) | A presentation by Tim "lanmaster53" Tomes on using Burp Suite. | 15 | | [https://www.synack.com/](https://www.synack.com/) | A bug bounty platform. | 16 | | [https://bugbountyforum.com/resources/](https://bugbountyforum.com/resources/) | A collection of other bug bounty guides, tools, and learning resources. | 17 | | [https://forum.bugcrowd.com/t/researcher-resources-tutorials/370](https://forum.bugcrowd.com/t/researcher-resources-tutorials/370) | A collection of tutorials that go over various bug bounty techniques. | 18 | | [https://forum.bugcrowd.com/](https://forum.bugcrowd.com/) | A bug bounty forum for discussion of bug bounties | 19 | | [https://blog.appsecco.com/open-source-intelligence-gathering-101-d2861d4429e3](https://blog.appsecco.com/open-source-intelligence-gathering-101-d2861d4429e3) | A presentation on Open Source Intelligence for bug bounty hunting. | 20 | | [https://blog.appsecco.com/open-source-intelligence-gathering-201-covering-12-additional-techniques-b76417b5a544](https://blog.appsecco.com/open-source-intelligence-gathering-201-covering-12-additional-techniques-b76417b5a544) | A presentation on Open Source Intelligence for bug bounty hunting. | 21 | | [https://bugbountyforum.com/blogs/](https://bugbountyforum.com/blogs/) | A collection of blogs of bug bounty hunters. | 22 | | [https://bugbountyforum.com/](https://bugbountyforum.com/) | A bug bounty forum for discussion of bug bounties | 23 | | [https://www.hackerone.com/](https://www.hackerone.com/) | A bug bounty platform. | 24 | | [https://www.hackerone.com/blog/resources-for-new-hackers](https://www.hackerone.com/blog/resources-for-new-hackers) | A collection of resources for bug bounty hunters. | 25 | -------------------------------------------------------------------------------- /docs/resource_links/challenges.md: -------------------------------------------------------------------------------- 1 | # challenges 2 | Challenges to help practice skills 3 | 4 | | URL | Description | 5 | | --- | --- | 6 | | [https://www.hackthebox.eu/](https://www.hackthebox.eu/) | A collection of vulnerable VMs that are rotated out on a regular schedule. Both free and paid accounts are available. | 7 | | [https://www.vulnhub.com/](https://www.vulnhub.com/) | A collection of community-made virtual machines that are configured in a vulnerable state. | 8 | | [https://overthewire.org/wargames/](https://overthewire.org/wargames/) | The wargames offered by the OverTheWire community can help you to learn and practice security concepts in the form of fun-filled games. | 9 | | [https://ctftime.org/](https://ctftime.org/) | A security CTF scoreboard and challenge tracker. | 10 | | [https://www.dvwa.co.uk/](https://www.dvwa.co.uk/) | Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. | 11 | | [https://pen-testing.sans.org/holiday-challenge/2014](https://pen-testing.sans.org/holiday-challenge/2014) | Multiple years of holiday themed security challenges from SANS. | 12 | | [https://www.owasp.org/index.php/OWASP_Vulnerable_Web_Applications_Directory_Project](https://www.owasp.org/index.php/OWASP_Vulnerable_Web_Applications_Directory_Project) | The OWASP Vulnerable Web Applications Directory Project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available for legal security and vulnerability testing of various kinds. | 13 | | [https://www.hackthissite.org/](https://www.hackthissite.org/) | Hack This Site is a free, safe and legal training ground for hackers to test and expand their hacking skills. | 14 | -------------------------------------------------------------------------------- /docs/resource_links/communities.md: -------------------------------------------------------------------------------- 1 | # communities 2 | Infosec communities across the Internet 3 | 4 | | URL | Description | 5 | | --- | --- | 6 | | [https://www.reddit.com/r/netsec/](https://www.reddit.com/r/netsec/) | A subreddit curated for high quality Infosec posts. | 7 | | [https://www.reddit.com/r/homelab/](https://www.reddit.com/r/homelab/) | A subreddit dedicated to creating your own IT lab. | 8 | | [https://www.reddit.com/r/AskNetsec/](https://www.reddit.com/r/AskNetsec/) | A subreddit for security related Q + A | 9 | | [https://security.stackexchange.com/](https://security.stackexchange.com/) | A Q + A site dedicated to Infosec questions | 10 | | [https://www.reddit.com/r/netsec/](https://www.reddit.com/r/netsec/) | A subreddit curated for high quality Infosec posts. | 11 | | [https://forum.bugcrowd.com/](https://forum.bugcrowd.com/) | A forum dedicated to bug bounty hunting and the Bugcrowd platform. | 12 | | [https://news.ycombinator.com/news](https://news.ycombinator.com/news) | A community curated rotating list of interesting links. | 13 | -------------------------------------------------------------------------------- /docs/resource_links/culture.md: -------------------------------------------------------------------------------- 1 | # culture 2 | Things that I believe other hackers might find interesting, may or may not be related to Infosec 3 | 4 | | URL | Description | 5 | | --- | --- | 6 | | [https://www.art-of-lockpicking.com/single-pin-picking-skills/](https://www.art-of-lockpicking.com/single-pin-picking-skills/) | TOOOL is an international group of lockpicking enthusiasts dedicated to advancing the general public knowledge about locks and lockpicking through teaching, research, and competition. | 7 | | [https://toool.us/](https://toool.us/) | TOOOL is an international group of lockpicking enthusiasts dedicated to advancing the general public knowledge about locks and lockpicking through teaching, research, and competition. | 8 | | [https://siliconpr0n.org/](https://siliconpr0n.org/) | Circuit reverse engineering wikis. | 9 | | [https://danielmiessler.com/study/infosec_interview_questions/](https://danielmiessler.com/study/infosec_interview_questions/) | What follows is a list of techniques for vetting candidates in Information Security | 10 | -------------------------------------------------------------------------------- /docs/resource_links/guides.md: -------------------------------------------------------------------------------- 1 | # guides 2 | Guides on various topics 3 | 4 | | URL | Description | 5 | | --- | --- | 6 | | [https://gist.github.com/mubix/5737a066c8845d25721ec4bf3139fd31](https://gist.github.com/mubix/5737a066c8845d25721ec4bf3139fd31) | Collection of other infosec getting started guides. | 7 | | [https://tisiphone.net/2015/10/12/starting-an-infosec-career-the-megamix-chapters-1-3/](https://tisiphone.net/2015/10/12/starting-an-infosec-career-the-megamix-chapters-1-3/) | Comprehensive blog about starting an Infosec career. | 8 | | [https://danielmiessler.com/blog/build-successful-infosec-career/](https://danielmiessler.com/blog/build-successful-infosec-career/) | A prescriptive guide to building a successful career in the field of information security | 9 | | [https://zeltser.com/cheat-sheets/](https://zeltser.com/cheat-sheets/) | These information security cheat sheets, checklists and templates are designed to assist IT professionals in difficult situations, even if they find themselves unprepared. | 10 | | [https://medium.com/@sroberts/introduction-to-dfir-d35d5de4c180](https://medium.com/@sroberts/introduction-to-dfir-d35d5de4c180) | Introduction to DFIR | 11 | | [https://defensivesecurity.org/entering-information-security-industry/](https://defensivesecurity.org/entering-information-security-industry/) | This page contains resources and information for people looking to enter the IT security field. | 12 | | [https://digi.ninja/projects/breaking_in_part_1.php](https://digi.ninja/projects/breaking_in_part_1.php) | Multi-part blog post on breaking into the information security industry | 13 | | [https://github.com/andrewjkerr/security-cheatsheets](https://github.com/andrewjkerr/security-cheatsheets) | A collection of cheatsheets for various infosec tools and topics. | 14 | | [https://github.com/ForgottenSec/Transitioning_Into_InfoSec/blob/master/index.md](https://github.com/ForgottenSec/Transitioning_Into_InfoSec/blob/master/index.md) | Collection of Infosec learning and getting started resources. | 15 | -------------------------------------------------------------------------------- /docs/resource_links/media.md: -------------------------------------------------------------------------------- 1 | # media 2 | Infosec media like podcasts, recorded presentations, etc 3 | 4 | | URL | Description | 5 | | --- | --- | 6 | | [https://github.com/PaulSec/awesome-sec-talks](https://github.com/PaulSec/awesome-sec-talks) | A collected list of awesome security talks | 7 | | [https://www.amazon.com/Gray-Hat-Python-Programming-Engineers/dp/1593271921](https://www.amazon.com/Gray-Hat-Python-Programming-Engineers/dp/1593271921) | Python is fast becoming the programming language of choice for hackers, reverse engineers, and software testers because it's easy to write quickly, and it has the low-level support and libraries that make hackers happy. | 8 | | [https://www.amazon.com/Cuckoos-Egg-Tracking-Computer-Espionage/dp/1416507787/](https://www.amazon.com/Cuckoos-Egg-Tracking-Computer-Espionage/dp/1416507787/) | Cliff Stoll's dramatic firsthand account is "a computer-age detective story, instantly fascinating [and] astonishingly gripping" (Smithsonian). | 9 | | [https://isc.sans.edu/podcast.html](https://isc.sans.edu/podcast.html) | Stormcasts are daily 5-10 minute information security threat updates. The podcast is produced each work day, and typically released late in the day to be ready for your morning commute. | 10 | | [https://www.amazon.com/Gray-Hat-Python-Programming-Engineers/dp/1593271921](https://www.amazon.com/Gray-Hat-Python-Programming-Engineers/dp/1593271921) | Python is fast becoming the programming language of choice for hackers, reverse engineers, and software testers because it's easy to write quickly, and it has the low-level support and libraries that make hackers happy. | 11 | | [https://defensivesecurity.org/](https://defensivesecurity.org/) | The Defensive Security podcast is an attempt to look at recent security news and pick out lessons we can apply to the organizations we are charged with keeping secure. | 12 | | [https://www.trustedsec.com/podcasts/](https://www.trustedsec.com/podcasts/) | Welcome to the Trusted Security Podcast – a podcast dedicated to bringing the latest news on information security and the industry. | 13 | | [https://risky.biz/netcasts/risky-business/](https://risky.biz/netcasts/risky-business/) | Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. | 14 | | [https://www.amazon.com/Violent-Python-Cookbook-Penetration-Engineers/dp/1597499579/](https://www.amazon.com/Violent-Python-Cookbook-Penetration-Engineers/dp/1597499579/) | Violent Python shows you how to move from a theoretical understanding of offensive computing concepts to a practical implementation. | 15 | | [https://www.amazon.com/Hacking-Art-Exploitation-Jon-Erickson/dp/1593271441/](https://www.amazon.com/Hacking-Art-Exploitation-Jon-Erickson/dp/1593271441/) | Hacking is the art of creative problem solving, whether that means finding an unconventional solution to a difficult problem or exploiting holes in sloppy programming. | 16 | | [https://securityweekly.com/shows/](https://securityweekly.com/shows/) | A collection of Security podcasts covering many areas of the Infosec industry. | 17 | | [https://www.amazon.com/Malware-Analysts-Cookbook-DVD-Techniques/dp/0470613033](https://www.amazon.com/Malware-Analysts-Cookbook-DVD-Techniques/dp/0470613033) | Written by well-known malware experts, this guide reveals solutions to numerous problems and includes a DVD of custom programs and tools that illustrate the concepts, enhancing your skills. | 18 | | [https://www.amazon.com/dp/1118026470](https://www.amazon.com/dp/1118026470) | This practical book has been completely updated and revised to discuss the latest step-by-step techniques for attacking and defending the range of ever-evolving web applications. | 19 | | [https://www.amazon.com/Practical-Malware-Analysis-Hands-Dissecting-ebook-dp-B007ED2XDS/dp/B007ED2XDS](https://www.amazon.com/Practical-Malware-Analysis-Hands-Dissecting-ebook-dp-B007ED2XDS/dp/B007ED2XDS/) | For those who want to stay ahead of the latest malware, Practical Malware Analysis will teach you the tools and techniques used by professional analysts. | 20 | -------------------------------------------------------------------------------- /docs/resource_links/metadata.json: -------------------------------------------------------------------------------- 1 | { 2 | "shelf": "", 3 | "title": "Link Collection", 4 | "description": "A collection of topics and related links" 5 | } 6 | -------------------------------------------------------------------------------- /docs/resource_links/misc.md: -------------------------------------------------------------------------------- 1 | # misc 2 | Miscellaneous resources that don't fit elsewhere 3 | 4 | | URL | Description | 5 | | --- | --- | 6 | | [https://github.com/markofu/pcaps](https://github.com/markofu/pcaps) | Public Repository of all Publicly Available Packet Captures that I've used or come across | 7 | -------------------------------------------------------------------------------- /docs/resource_links/tools.md: -------------------------------------------------------------------------------- 1 | # tools 2 | Useful software tools related to Infosec 3 | 4 | | URL | Description | 5 | | --- | --- | 6 | | [https://sectools.org/](https://sectools.org/) | A catalog of security tools with ratings and list sorting. | 7 | | [https://exploit-db.com/](https://exploit-db.com/) | A collection of software exploits, with the ability to search and filter by many values. | 8 | -------------------------------------------------------------------------------- /docs/resource_links/training.md: -------------------------------------------------------------------------------- 1 | # training 2 | Information on training and classes, both free and paid 3 | 4 | | URL | Description | 5 | | --- | --- | 6 | | [https://www.sans.org/find-training?](https://www.sans.org/find-training?) | Online and in-person training courses. Most courses also offer well known industry certificates for various skills. | 7 | | [https://www.offensive-security.com/courses-and-certifications/](https://www.offensive-security.com/courses-and-certifications/) | Courses focused on real world application of skills. Classes are presented side by side with a lab for students to learn while doing. | 8 | | [https://ocw.mit.edu/courses/electrical-engineering-and-computer-science/](https://ocw.mit.edu/courses/electrical-engineering-and-computer-science/) | MIT computer science courses available for watching online for free | 9 | | [https://www.cybrary.it/](https://www.cybrary.it/) | Cybrary | Access high quality, exclusive cybersecurity and I.T. video learning resources. | 10 | | [https://en.wikipedia.org/wiki/List_of_computer_security_certifications](https://en.wikipedia.org/wiki/List_of_computer_security_certifications) | A Wikipedia article on computer security certifications | 11 | | [https://www.coursera.org/browse/computer-science/computer-security-and-networks](https://www.coursera.org/browse/computer-science/computer-security-and-networks) | Computer security and networks courses address the foundations of creating modern, secure software and hardware. | 12 | | [https://opensecuritytraining.info/Welcome.html](https://opensecuritytraining.info/Welcome.html) | OpenSecurityTraining.info is dedicated to sharing training material for computer security classes, on any topic, that are at least one day long. | 13 | -------------------------------------------------------------------------------- /mkdocs.yml: -------------------------------------------------------------------------------- 1 | site_name: Infosec Getting Started 2 | theme: 3 | name: material 4 | custom_dir: overrides 5 | palette: 6 | scheme: slate 7 | accent: green 8 | primary: black 9 | icon: 10 | repo: fontawesome/brands/github 11 | features: 12 | - navigation.indexes 13 | 14 | extra: 15 | social: 16 | - icon: fontawesome/brands/mastodon 17 | link: https://infosec.exchange/@gradius 18 | name: gradius 19 | 20 | markdown_extensions: 21 | - admonition 22 | - pymdownx.details 23 | - pymdownx.superfences 24 | - pymdownx.highlight: 25 | anchor_linenums: true 26 | - pymdownx.inlinehilite 27 | - pymdownx.snippets 28 | - pymdownx.superfences 29 | - attr_list 30 | - md_in_html 31 | - pymdownx.superfences 32 | 33 | plugins: 34 | - search 35 | - tags 36 | - offline 37 | 38 | repo_url: https://github.com/gradiuscypher/infosec_getting_started/ 39 | repo_name: infosec_getting_started 40 | -------------------------------------------------------------------------------- /overrides/partials/copyright.html: -------------------------------------------------------------------------------- 1 | {#- 2 | This file was automatically generated - do not edit 3 | -#} 4 |
5 | {% if config.copyright %} 6 |
7 | {{ config.copyright }} 8 |
9 | {% endif %} 10 | {% if not config.extra.generator == false %} 11 | hacked together with ❤️ by gradius by using 12 | 13 | Material for MkDocs 14 | 15 | {% endif %} 16 |
17 | -------------------------------------------------------------------------------- /readme.md: -------------------------------------------------------------------------------- 1 | # Infosec Getting Started 2 | My infosec knowledge base. You can find the rendered version here: https://infosec.grds.io or https://gradiuscypher.github.io/infosec_getting_started. 3 | 4 | You can find the Markdown-based content for this repository here: [docs/](docs/) 5 | # Contributing 6 | Currently I'm reorganizing the repo and layout, but when I'm ready for contributions, I'll modify this section. Thank you in advance! 7 | --------------------------------------------------------------------------------