Open-Source-Security-Guide VS mutillidae

Cyber Security is one of the biggest needs in the industry right now as well. This Github has a lot of information for all the different areas.

Useful Tools and Resources for those getting into IT Security development such as Security Standards, Frameworks, Threat Models, Encryption, and Benchmarks.

Useful Tools and Resources for Open Source Security development.

I found this useful Open Source Security Guide. I thought I'd share for anyone that's interested .

Open sourse OS that comes preintalled with lots of tools we use includijg a software write blocker. Best for investigating an image of an infected device. https://tsurugi-linux.org/ IR plan https://github.com/guardsight/gsvsoc_cybersecurity-incident-response-plan Very detailed IR battle cards https://github.com/guardsight/gsvsoc_cirt-playbook-battle-cards IR focused guide that lists lots of helpful tools and resources, like things to use for reverse engineering. https://github.com/mikeroyal/Open-Source-Security-Guide

Found a useful set of Tools, Programs, and Learning Resources for Security. It covers Security Standards, Frameworks, Benchmarks , and Networking.

There's also a bunch of intentionally vulnerable Webapps and VMs aimed at demonstrating potential footholds and common exploits leading to owning of the host including but not limited to: bWAPP, Damn Vulnerable Web App, WebGoat, Metasploitable 3, Mutillidae, Juice Shop

I would recommend getting an Ubuntu server VM and installing Mutillidae (and/or OWASP Juice Shop). First learn how to configure and harden your Ubuntu server. Then add it to an internal network with a few other VMs and examine what happens, how they communicate, etc. Then open up your Kali and have some fun with Mutillidae or Juice Shop.

We use OWASPs Mutillidae.

The WAHH contains a pretty solid baseline for understanding web vulnerabilities, but the latest version is from 2011 so it's missing a decade of new techniques. It's not a terrible place to start since a lot of the fundamentals haven't changed in a while, but you'll definitely want to look into things like (as mentioned in another comment) the Web Security Academy as a next step. Other fun options are the OWASP Juice Shop and Mutillidae applications.