Awesome-Hacking VS attack-stix-data

8. Security Knowledge Base: - Utilize resources like The-book-of-secret-knowledge (e.g., https://github.com/trimstray/the-book-of-secret-knowledge) and Awesome-Hacking (e.g., https://github.com/Hack-with-Github/Awesome-Hacking) to build a knowledge base. - Extract relevant security information and create a structured knowledge base within SecurIoT. - Implement functionality to query and retrieve security information from the knowledge base. - Thoroughly test the knowledge base integration, ensuring accurate retrieval of security knowledge.

https://github.com/sbilly/awesome-security https://github.com/Hack-with-Github/Awesome-Hacking

As for a database i am not aware. But you might find sone usefull tools in here https://github.com/Hack-with-Github/Awesome-Hacking

you cannot learn it from youtube as it youtube doesn't allow it. refer this.

Refer to this link for more resources: link

2) First i learned linux is hacking Distro kalilinux ,parrot os are used by most of security Researchers and pentester.They are many layers Webapp,andriod,ios,blockchain smartcontract,sourcecodeReview,Cves,iotDevices,cmshacking,windows exploitation,linux exploitation,Exploit development ,Reverse engineering ,Api,Threat and malware analysis 3) They are lot of tools and Resourses availabe on i listed MY Favourites https://github.com/rezaduty/cybersecurity-career-path https://github.com/Hack-with-Github/Awesome-Hacking https://github.com/vitalysim/Awesome-Hacking-Resources https://github.com/husnainfareed/Awesome-Ethical-Hacking-Resources 4) Favourite youtube channels https://blog.intigriti.com/2020/10/05/top-20-bug-bounty-youtube-channels-to-follow-in-2020/ 5) OWsap They Release Testing Guide For pentesters and Bugbounty listed the OwsapTop10 vulnearabilites 6) portswigger lab is the best lab to slove and understand the vulnerabilities and daily swig news of cybersecurity iam Biggest fan of jammes kattle Research on Http2 7) conferences is play the main role to attend watch video on Youtube and also join local group and conference Blackhat ,Defcon,Redteamvillage they are many and satellite village also 8) Be CURIOUS TO LEARN NEW

Ajd pogledaj ovo u/navodar994 https://github.com/Hack-with-Github/Awesome-Hacking

It mentions it but doesn't dig into the minutiae. If you want to learn about it, visit https://attack.mitre.org/

Start here: https://attack.mitre.org

We do have a good idea about what sort of attacks are common. There is a whole framework for how ATP's operate and there are lists of which attack methods they currently prefer to use. https://attack.mitre.org/

At first, I had a difficult time understanding the problem. It had too many acronyms that I wasn't familiar with, so I decided to click on the hint: https://attack.mitre.org.

Some thoughts from someone who has been in the security biz for a while:

1. Security is more a mindset than anything else. Get used to finding the edge cases. Think "how can I break this..." or "how can I get around this restriction..." Many security folks I know started actually by exactly what you mentioned- figuring out how to bypass copy protection on games, how to bypass client-side checks in multi-player games, ... and so on.

2. Many pure security folks are very poor developers. You'll have a unique skillset here if you can apply it. Most security oriented folks use Python for quick scripts. If you already know python, great; otherwise, learn it and use that as a marketable skill.

3. I'm not sure about jumping head first into a consultancy. I'd recommend getting some experience in a security field first. It's hard to have credibility without some experience first.

4. Don't bother with security+. If you want creds, go and take your favorite cloud provider's security specialist exam. Cloud security is still relatively new, in high demand, and can get you immediate credibility with employers or clients.

5. I'm a big fan of real-world experience. Set up your own Linux server and try to attack it. Learn what some of the real world attacker techniques are. See some of the following:

Learn the Techniques, Tactics, and Procedures (TTPs) outlined in the MITRE ATT&CK matrix (https://attack.mitre.org/).

There are a LOT of "Capture the Flag" (CTF) events and writeups out there. Search for ones in a subfield you find interesting. Security is a HUGE topic. You'll need to specialize. Do you want to reverse engineer code? Secure cloud applications? Help companies define their identity and access management strategy? There's a CTF for all of those and then some. Do some googling around.

I have a lot more tips, so if you're interested just reply to this comment with a way I can get in touch and I'll reach out.