Security Distributions

• Kali Linux - Security-focused Linux distribution
• Parrot Security OS - Security distribution with privacy tools
• BlackArch Linux - Arch-based penetration testing distribution
• Security Onion - Security monitoring distribution

Virtualization

• VirtualBox - Free virtualization platform
• VMware Workstation Player - Virtualization software
• Proxmox VE - Open-source virtualization platform

Vulnerability Assessment

• Nessus - Vulnerability scanner
• OpenVAS - Open-source vulnerability scanner
• Nexpose - Vulnerability management
• Qualys - Cloud-based vulnerability management

Penetration Testing

• Metasploit - Penetration testing framework
• Burp Suite - Web application security testing
• OWASP ZAP - Open-source web app scanner
• Wireshark - Network protocol analyzer
• Aircrack-ng - Wireless security assessment

Cryptography

• OpenSSL - Cryptography toolkit
• GnuPG - Free implementation of the OpenPGP standard
• Cryptool - E-learning tool for cryptography

Digital Forensics

• Autopsy - Digital forensics platform
• FTK Imager - Forensic imaging
• Volatility - Memory forensics framework
• The Sleuth Kit - Digital forensics toolkit

Security Monitoring

• Elastic Stack - Log analysis platform
• Wazuh - Security monitoring solution
• Suricata - Network threat detection engine
• Zeek - Network security monitor

Books

• The Web Application Hacker’s Handbook by Dafydd Stuttard and Marcus Pinto
• Practical Malware Analysis by Michael Sikorski and Andrew Honig
• Blue Team Handbook by Don Murdoch
• Red Team Field Manual by Ben Clark
• The Tangled Web by Michal Zalewski
• Penetration Testing: A Hands-On Introduction by Georgia Weidman

Online Courses and Platforms

• TryHackMe - Hands-on cybersecurity training
• HackTheBox - Cybersecurity training platform
• SANS Cyber Aces - Free online courses
• Cybrary - Free and premium cybersecurity training
• PortSwigger Web Security Academy - Web security learning
• INE Security - Comprehensive security training

Capture The Flag (CTF) Platforms

• CTFtime - CTF event listing and team rankings
• PicoCTF - Educational CTF for beginners
• VulnHub - Vulnerable virtual machines
• CyberDefenders - Blue team challenges

YouTube Channels

• IppSec - HackTheBox walkthroughs
• STÖK - Bug bounty and penetration testing
• John Hammond - CTFs and security topics
• The Cyber Mentor - Ethical hacking tutorials
• David Bombal - Networking and cybersecurity

Standards and Frameworks

• NIST Cybersecurity Framework
• MITRE ATT&CK - Adversary tactics and techniques
• OWASP - Web application security
• CIS Controls
• ISO/IEC 27001

Threat Intelligence

• AlienVault OTX - Open Threat Exchange
• MISP - Threat intelligence sharing platform
• VirusTotal - File and URL analysis
• Recorded Future - Threat intelligence

Vulnerability Databases

• CVE - Common Vulnerabilities and Exposures
• NVD - National Vulnerability Database
• Exploit-DB - Archive of exploits
• Vulners - Vulnerability database

Security News and Blogs

• Krebs on Security
• Schneier on Security
• The Hacker News
• Bleeping Computer
• Dark Reading

Network Security Lab

The following components can be used to build a comprehensive network security lab:

1. Network Devices
   • Router (physical or virtual)
   • Switches (Layer 2/3)
   • Firewall appliance
2. Server Infrastructure
   • Windows Server (Active Directory)
   • Linux servers (various distributions)
   • Web servers (Apache, Nginx)
   • Database servers (MySQL, PostgreSQL)
3. Security Tools
   • SIEM system (Elastic Stack)
   • IDS/IPS (Snort, Suricata)
   • Vulnerability scanner (OpenVAS)
   • Honeypot (T-Pot)
4. Client Systems
   • Windows workstations
   • Linux desktops
   • Mobile device emulators

Web Application Security Lab

Components for a web application security testing environment:

1. Vulnerable Applications
   • DVWA (Damn Vulnerable Web Application)
   • OWASP Juice Shop
   • WebGoat
   • bWAPP (buggy web application)
2. Testing Tools
   • Burp Suite
   • OWASP ZAP
   • Nikto
   • SQLmap
3. Browser Extensions
   • FoxyProxy
   • Cookie Editor
   • User-Agent Switcher
   • HackTools

Malware Analysis Lab

A safe environment for analyzing malicious software:

1. Isolated Network
   • No internet access or strictly controlled
   • Network monitoring tools
2. Analysis Systems
   • REMnux Linux distribution
   • FLARE VM (Windows-based)
   • Cuckoo Sandbox
3. Analysis Tools
   • Static analysis tools (PEStudio, IDA Free)
   • Dynamic analysis tools (Process Monitor, Wireshark)
   • Memory analysis (Volatility)

Lab Guides

Detailed step-by-step guides for all course labs will be provided through the learning platform.

Cheat Sheets

• Network commands reference
• Linux security hardening checklist
• Windows security hardening checklist
• OWASP Top 10 mitigation strategies
• Common ports and services
• Incident response procedures

Templates

• Vulnerability assessment report
• Penetration testing report
• Security policy templates
• Incident response playbooks

This resource list will be updated throughout the course. If you have suggestions for additional resources, please share them in the course forum.