# Getting Started and other Resources ## TryHackMe A great place to start is [TryHackMe](https://tryhackme.com/). I can't recommend it enough. It's a resource that has a lot of free rooms and paths, as well as CTF's(Capture The Flag) for hands on learning. If you want to upgrade is very affordable and unlocks a lot more. First is the Complete [Beginner path](https://tryhackme.com/path/outline/beginner). This will cover how to get started using TryHackMe, their VPN or in browser machine. There is a good path called [Pre Security](https://tryhackme.com/path/outline/presecurity). This will go over intros to Offensive and Defensive Security, various Careers within CyberSec, and more. Overall TryHackMe if a great place to start as it is hands on. It allows you to use your own VirtualMachine (VM) or if you don't have that ability or don't know how to yet, you can use [their in browser machine](https://tryhackme.com/my-machine) to do everything from. If you would like to know more on setting up VMs, I have [guides here](https://cybersec.th4ntis.com/lab-setup). My recommendations for beginner TryHackMe modules are: * [Intro to CyberSecurity](https://tryhackme.com/module/introduction-to-cyber-security) * [Network Fundamentals](https://tryhackme.com/module/network-fundamentals) * [Windows Fundamentals](https://tryhackme.com/module/windows-fundamentals) * [Linux Fundamentals](https://tryhackme.com/module/linux-fundamentals) * [How The Web Works](https://tryhackme.com/module/how-the-web-works) * [Nmap](https://tryhackme.com/module/nmap) ## HackTheBox [HackTheBox](https://app.hackthebox.com/) is a great hands-on learning place to go after you feel comfortable with what you have learned from TryHackMe. Though this is geared more toward Offensive security, they do have a smaller handful of Defensive Security. It is free, but they also offer paid versions to get more access. They have more CTFs but also offer their learning platform [HackTheBox Academy](https://academy.hackthebox.com/). Similar to TryHackMe you can run it in your own VirtualMachine(VM) or they offer an in browser machine to use as well. A great place to start here is [Starting Point](https://app.hackthebox.com/starting-point), as it covers the basics and getting started. Then after that they have Tracks, such as the [Beginner Track](https://app.hackthebox.com/tracks/Beginner-Track), that is for easy machines. They also offer Official Write-ups of the machines if you need help or get stuck, as well as their forums and a discord channel. ## TCM Academy [TCM Academy](https://academy.tcm-sec.com/courses) is a great place as well as the options are affordable for their courses and they offer some hands-on training to get [their industry recognized certifications](https://certifications.tcm-sec.com/). Offering [Live-Trainings](https://certifications.tcm-sec.com/live-training/) and a great community discord. ## Lets Defend [Lets Defend](https://letsdefend.io/) is more for the hands-on learning Defensive side of things. They offer free plan as well as paid ones to get more access. A list of their trainings can be found [here](https://app.letsdefend.io/training) as well as their own CTFs [here](https://app.letsdefend.io/challenge). I haven't used much of this myself BUT I have heard great things and it's been recommended a lot. ## CTFs There are plenty of CTFs out there but some range from beginner to advanced. These are very nice and helpful for hands on as well as learning. When it comes to a CTF the objective is to of course, Capture The Flag, but it's more important to make sure you learn. Understand the tactics and techniques you're using and learning. Other than just TryHackMe or HackTheBox here's some additional CTFs to get started with as well: * [Over The Wire](https://overthewire.org/wargames/) * [PicoCTF](https://picoctf.org/) * [RootMe](https://www.root-me.org/?lang=en) ## Learning Resources There are a lot of learning resources out there and some are free, some paid, some subscription based. Here are some I know of, use some I use, and others that that are helpful overall. ### Attacking/Defending Cloud * [CloudBreach](https://cloudbreach.io/) (AWS and Azure) * [AlteredSecurity](https://www.alteredsecurity.com) (Azure) * [Attacking and Defending Azure](https://training.xintra.org/attacking-and-defending-azure-m365) * [TryHackMe Attacking and Defending AWS](https://tryhackme.com/paths) * [Pwnedlabs](https://pwnedlabs.io/) * [Pluralsight](https://www.pluralsight.com/) * [Pentesting Skills](https://www.pluralsight.com/browse/information-cyber-security/penetration-testing) * [CyberSec Skill Paths](https://www.pluralsight.com/browse/information-cyber-security) * [Beau Bullock's Breaching the cloud](https://www.blackhillsinfosec.com/breaching-the-cloud-perimeter-w-beau-bullock/) * [On Antisyphon](https://www.antisyphontraining.com/on-demand-courses/breaching-the-cloud-w-beau-bullock/) * [HackTricks Cloud](https://cloud.hacktricks.xyz/pentesting-cloud/pentesting-cloud-methodology) * [AWS Pentesting](https://cloud.hacktricks.xyz/pentesting-cloud/aws-security) * [Azure Pentesting](https://cloud.hacktricks.xyz/pentesting-cloud/azure-security) * [Digital Ocean Pentesting](https://cloud.hacktricks.xyz/pentesting-cloud/digital-ocean-pentesting) ### Hands-On * [TryHackMe](https://tryhackme.com/) <-- CTF and Courses * [HackTheBox](https://app.hackthebox.com/) <-- CTF and Courses * [Offensive Security](https://offensive-security.com) * [Cybrary](https://www.cybrary.it/) - Online learning courses * [VulnHub](https://www.vulnhub.com/) - Download Vulnerable VMs to run and attack * [PentesterLab](https://www.pentesterlab.com/) <-- Downloads VMs to attack * [VulnHub](https://www.vulnhub.com/) <-- Downloads VMs to attack * [EchoCTF](https://echoctf.com/) * [LetsDefend](https://letsdefend.io/) * [Over The Wire](https://overthewire.org/wargames/) <-- CTF * [PicoCTF](https://picoctf.org/) <-- CTF * [RootMe](https://www.root-me.org/?lang=en) <-- CTF ### People(Videos and channels) * [John Hammond](https://www.youtube.com/c/JohnHammond010) * [The Cyber Mentor](https://www.youtube.com/c/TheCyberMentor) * [InfoSecEDU](https://www.youtube.com/@InfosecEdu) * [Hackersploit](https://www.youtube.com/c/HackerSploit) * [IppSec](https://www.youtube.com/@ippsec) * [Joe Helle](https://www.youtube.com/@JoeHellethemayor) * [NahamSec](https://www.youtube.com/@NahamSec) * [Hak5](https://www.youtube.com/c/hak5) * [Sans Institute](https://youtube.com/user/sansinstitute) * [DefCON](https://www.youtube.com/user/DEFCONConference) * [DC CyberSec](https://www.youtube.com/c/DCcybersec) * [Network Chuck](https://www.youtube.com/c/NetworkChuck) * [David Bombal](https://www.youtube.com/c/DavidBombal) ### Videos/Courses * [TCM Security Academy](https://academy.tcm-sec.com/courses) * [Udemy](https://udemy.com) * [Coursera](https://www.coursera.org/) * [HackingThe.Cloud](https://hackingthe.cloud) - It’s not quite a course, but has a ton of educational content on cloud pentesting. Leans more toward AWS. ## Keeping Up with Cyber/Info Sec There's multiple ways to do this, I have my recommendations over in the [CyberSec News](https://cybersec.th4ntis.com/general-info/cybersec-news) section of this. ## Additional Additional resources thanks to: [7h3h4ckv157](https://twitter.com/7h3h4ckv157) and [danielmakelley](https://twitter.com/danielmakelley). [Twitter list here](https://twitter.com/7h3h4ckv157/status/1575875803744591872?s=20\&t=AsH0RR8UAiC5pZXyHu70hw)