Resources

CyberMentor's Tweet

https://twitter.com/thecybermentor/status/1207559600616161281?s=20

This One link gives a head start about where to start and what to do to enter in to the world of CyberSecurity.

VIRSECCON2020

This one is really informative Security Conference. You must check this out.

Defcon Red Team Mayhem Summit

If you are really into Red Teaming check this one out.

Mobile app testing guide

This One link has the most updated Git for all the things that you need to do with App Pentest. Cool Part is that comes with a Guide.

https://github.com/OWASP/owasp-mstg

Learn Web application Pentest Sitting at Home Without Spending $1

https://www.peerlyst.com/posts/learn-web-application-pentest-sitting-at-home-without-spending-usd1-chintan-gurjar?utm_source=peerlyst_perspective&utm_medium=email&utm_content=peerlyst_post&utm_campaign=special_digest_07262020

Online Intro Courses for NIST SP 800-53, SP 800-53A, and SP 800-53B | CSRCNIST has released three self-guided online introductory courses on the NIST Special Publication (SP) 800-53 security and privacy control catalog.

NIST Introduced free intro cources to get familiarized with the standards.

https://csrc.nist.gov/projects/cybersecurity-framework/filters#/csf/filters

https://csrc.nist.gov/News/2024/online-intro-courses-for-nist-sp-800-53

GitHub - ChrisJr404/HackerToolkit: HackerToolkit offers a curated selection of tools designed to enhance your hacking capabilities. This repository not only organizes these tools but provides information about them. Easily install all of them with one script.HackerToolkit offers a curated selection of tools designed to enhance your hacking capabilities. This repository not only organizes these tools but provides information about them. Easily install a...

https://github.com/ChrisJr404/HackerToolkit --- Contains all required Hacker Toolkit

Thomas Ballin

Before you buy your next Web App pentest, please read this...

There are loads of FREE ways to identify most of the vulnerabilities that you pay your penetration tester to find

I'm not talking about complex tools that require months to learn, or dodgy scripts written by god-knows-who

I'm talking about enterprise-grade tools, written by commercial vendors, with long-term support and designed to be used by engineers and developers (they're all also pipeline friendly)

All of these tools produce human-readable findings, with detailed descriptions and steps to remediate

I've personally used these tools for years, and have integrated them all into the Cytix SDLC

1) Let's start with the codebase. I'd like to highlight Semgrep. It's simple, easy to use, has a nice SaaS UI, and supports an insane range of languages. It's also super easy to build into existing CI

2) Now let's talk about DevOps. Two suggestions here; The first is Trivy by Aqua Security, which smashes lightweight container scanning. The second is Amazon Web Services (AWS)/ Microsoft Azure's inbuilt security tooling. Ok, you do pay a small fee for this as part of your subscription, but they're honestly a great option

3) Dynamic Testing... It has to be Zap by Simon Bennetts & co. You've likely heard of it but, if not, check it out. Just load up the UI, and click-to-run. You can customise and tweak it to your hearts content but straight out of the box it'll pick up a lot of low hanging fruit

Sure, tools produce false positives too, and there are vulnerabilities they can't find yet... but even just spending a few hours running through these before your next pentest is going to shrink your report in half

PS: I'm not telling you this to be nice. I'm telling you this because, speaking as someone who's been testing for well over a decade now, I'm bored and I'm tired of reporting the same simple findings over and over

Please find them, please fix them, please don't pay me thousands of pounds to tell you something you can find out at the click of a button. I'd rather be finding cool and interesting stuff, and I'm sure you would rather I was doing that too.

Page updated

Google Sites

Report abuse