Nearly every person and business utilizes the internet today. This is something that I’m assuming everyone reading this knows and understands. As with anything good, there are those who wish to do bad things with it, and there are plenty of those individuals who succeed. Turn on the news and you’ll hear of breach after breach, services being interrupted or going down, cyber warfare between nation states, etc. It is difficult to keep up with the breakneck pace and plethora of things happening in the cyber and cybersecurity world. Not to mention how political everything is (we won’t go down that road; there’s plenty of that already plastered everywhere). So where do you go to keep up with it all?
I’ll share my resources below that have served me well thus far, and I’d love to hear about what resources you utilize. These aren’t ranked in any order of importance or usefulness — just some handy links for you to check out if you haven’t already!
BleepingComputer
I use this site nearly every day and I follow them on social media. A great site overall for staying up-to-date on current cyber threats, vulnerabilities, exploits, and recent attacks. They also have tutorials, virus removal guides, articles on cryptocurrencies and exchanges, and more.
Verizon DBIR
The Verizon Data Breach Investigations Report is an absolutely vital read in my opinion. Every year, the report details a thorough review of confirmed breaches and analyzes the how’s and why’s to give you a better understanding where the top risks are. It’ll come to no surprise to many of you that the human factor usually tops the charts. Phishing campaigns and social engineering are tactics that just work and the adversaries know and capitalize on them.
SANS Internet Storm Center
If you’ve ever been privileged enough to attend a SANS training, you’ll know that it’s second-to-none when it comes to hands-on, practical training that you can apply directly to your job. Their Internet Storm Center is a great collection of articles from folks “in the trenches” sharing their tips, tricks, and tools. There are also links to their daily 5 minute podcast which breaks down and summarizes the current threats and attacks.
Offensive Security
Likely a site you’ve visited before if you’re a pentester or wanted to try out Kali Linux. I was fortunate enough to go through their Offensive Security Certified Professional (OSCP) training a few years, but unfortunately wasn’t able to take the exam due to finishing up my degree. If you’re looking for a solid set of highly technical training, this is it. If you don’t know the tools the adversary is using against you, how do you defend against them? Kali is an industry standard pentesting operating system and one that I’ve used for many years and comes with a ton of tools to get you started. As always, make sure you have legal permission (i.e., express written consent, or your own local network) to utilize those tools beforehand!
IppSec
This guy gets his own section. The vast amount of knowledge and experience he has on technology, vulnerabilities, and exploits is astounding. He creates this content on Youtube for free for everyone to learn and benefit. In each video, he pulls back the layers of various vulnerabilities and explains them in a clear, concise way that is easy to understand (I still find myself googling terms and technologies though). If you ask me who I want to be when I grow up, it’s IppSec!
HackTheBox & TryHackMe
In order to practice your skills, you have to have an area to practice them in. Standing up a bunch of virtual machines (VMs) in your own personal lab is one option, but that can take a ton of work keeping them up-to-date and segregated from your other network segments. With HackTheBox and TryHackMe, you get a solid playground to tinker around with exploits and fire them off against vulnerable machines in a safe, legal way. I can’t say enough good things about both of these sites, so if you have the hacker mindset (or want to start training your mind that way), these are great options. I will be covering my journeys through each of them on this site!
ExploitDB
My go-to database for finding exploits to modify for use in HackTheBox or TryHackMe. I also use this as one point of reference to understand whether exploits exist for certain vulnerability assessment findings. Of course it doesn’t contain ALL known exploits, but it’s worth bookmarking and knowing it’s a great source of information when researching exploits and source code.
Tiobe Index
One of my favorite professors (Dr. K) told me about this site and I’ve visited it periodically ever since, which equates to a few times a year since 2011. While not directly a point of cyber security or threats in general, it is useful to know what the popular programming languages of the day are, and its interesting how they change over time. There are some languages on the list that their ranking may surprise you. I was a little shocked that Assembly Language still ranked in the top 10 (no. 8 at the time of this post). Everything is written in code, so it helps to know what the building materials are when analyzing threats and vulnerabilities.
Nice shout out to Dr. K! He helped change both of our lives dude.
That he sure did!