Cybersecurity-Roadmap

Index

1. Linux
2. Computer Networks
3. Security Features and Vulnerabilities
4. Encryption, Authentication, and Access Control
5. Metasploit and Wireshark
6. SQL Injection and XSS
7. Controlled Simulation Labs to try pentesting

---

1. Linux Operating System

• The operating system Linux is one of the widely used operating system, community-developed operating system (OS) for computers, servers, mainframes, mobile devices and embedded devices. It is supported on almost every major computer platform, including x86, ARM and SPARC, making it one of the most widely supported operating systems.

• Resources

  • Video Resource: Introduction to Linux & Terminal Commands by Kunal Kushwaha
  • Linux Commands Cheat Sheet by Linux Training Academy
  • Apache, PostgreSQL, and Proxies
  • Scripting

• Extras

  • Linux Basics for Hackers
  • Data Structures Handbook – The Key to Scalable Software

• Tasks:

  • Upload a report about your Linux System, including device specification, network information, and drivers using the Terminal
  • Commands for file management and implement a few commands from the shared resources on an application based task of your choice.

---

2. Networking/OSI

• The working of Computer Networks can be simply defined as rules or protocols which help in sending and receiving data via the links which allow Computer networks to communicate. Each device has an IP Address, that helps in identifying a device.

• Resources

  • Video resource by Dion Training
  • Blog by Karthikeyan Natarajan on Medium
  • TCP and UDP protocols
  • Configure your network in kali machine and learn about them

• Tasks:

  • Upload a report showcasing your usage of Wireshark, capture a few HTTP files and analyse them.
  • See how GET/Request Parameters are processed in insecure communications.
  • In the same report mention some of the networking commands you have read.

---

3. Security Features and Vulnerabilities

• The security measures and techniques used in order to prevent any kind of cyber attacks are the security featurs of that perticular system or sofware. A critical security feature of any technology is the ability to turn it off, undo it, deactivate it, or otherwise separate the harm it might cause from those it might harm.

• Resources

  • Port-Swigger Blog to read on latest developments

• Tasks:

  • Understand the overview and concept
  • Try to find out the tools used for these purposes
  • Make a list of the tools and solve access control labs using burpsuite

• Labs to solve

  • Lab 1
  • Lab 2

---

4. Encryption, Authentication, and Access Control.

• Encryption is the process by which a readable message is converted to an unreadable form to prevent unauthorized parties from reading it. Decryption is the process of converting an encrypted message back to its original (readable) format. The original message is called the plaintext message. Authentication is the process of verifying who a user is, while authorization is the process of verifying what they have access to. Authentication collects information from the user or entity in the form of text (e.g., passwords), unstructured data (e.g., image of the user's face), or an access token. Authorization requires a token proving that the entity is authenticated and additional information about the entity to apply access rules

• Resources

  • Access-Control
  • Authentication
  • Encryption/Decryption

• Tasks:

  • Try to use Burpsuite and learn how different tools can be used for this purpose
  • Learn the commands
  • Upload the screenshot of the solved lab here

• Labs to solve

  • Lab 1
  • Lab 2

---

5. Metasploit and Wireshark

• Metasploit is the world’s leading open-source penetrating framework used by security engineers as a penetration testing system and a development platform that allows to create security tools and exploits. The framework makes hacking simple for both attackers and defenders. Wireshark is a software tool used to monitor the network traffic through a network interface. It is the most widely used network monitoring tool today. Wireshark is loved equally by system administrators, network engineers, network enthusiasts, network security professionals and black hat hackers. The extent of its popularity is such, that experience with Wireshark is considered as a valuable/essential trait in a computer networking-related professional.

• Resources

  • Penetration Testing using Metasploit and Wireshark

• Tasks:

  • Watch the video and make a note of the steps.
  • Learn the commands.
  • Solve the kioptrix level one and attach the snapshot of captured shell.
    • Tutorial

---

6. SQL Injection and XSS

• SQL injection, also known as SQLI, is a common attack vector that uses malicious SQL code for backend database manipulation to access information that was not intended to be displayed. This information may include any number of items, including sensitive company data, user lists or private customer details. Cross-site scripting (XSS) is an attack in which an attacker injects malicious executable scripts into the code of a trusted application or website. Attackers often initiate an XSS attack by sending a malicious link to a user and enticing the user to click it.

• Resources

  • SQL Injection For Beginners - Loi Liang Yang
  • SQL Injection - W3Schools

• Tasks:

  • Watch the video and make a note of the steps
  • Learn the commands
  • Upload the md file that you make, attach the snapshots for the same labs that you solve.

• Labs to solve:

  • Lab 1 (SQL-Injection)
  • Lab 2 (SQL-Injection)
  • Lab 3 (XSS)

---

7. Controlled Simulation Labs to try pentesting

Labs for you to solve for better understanding

1. SQL-Injection Labs

• Lab 1
• Lab 2

2. XXE labs

• Lab 1
• Lab 2

3. Authentication

• Lab 1
• Lab 2

---

Submissions

1. Fork this repo
2. Fetch changes
3. Make changes, upload your tasks completed according to the tasks mentioned, in PDF, or script format
4. Make a pull request with relevant commit message