THMPO

Introduction to Cyber Security

Section 1
Introduction to Cyber Security
Offensive Security Intro
Defensive Security Intro
Careers in Cyber
Section 2
Introduction to Offensive Security
Web Application Security
Operating System Security
Network Security
Section 3
Introduction to Defensive Security
Intro to Digital Forensics
Security Operations

Pre Security

Section 1
Introduction to Cyber Security
Offensive Security Intro
Defensive Security Intro
Careers in Cyber
Section 2
Network Fundamentals
What is Networking?
Intro to LAN
OSI Model
Packets & Frames
Extending Your Network
Section 3
How The Web Works
DNS in detail
HTTP in detail
How websites work
Putting it all together
Section 4
Linux Fundamentals
Linux Fundamentals Part 1
Linux Fundamentals Part 2
Linux Fundamentals Part 3
Section 5
Windows Fundamentals
Windows Fundamentals 1
Windows Fundamentals 2
Windows Fundamentals 3

Cyber Security 101

Section 1
Start Your Cyber Security Journey
Offensive Security Intro
Defensive Security Intro
Search Skills
Section 2
Linux Fundamentals
Linux Fundamentals Part 1
Linux Fundamentals Part 2
Linux Fundamentals Part 3
Section 3
Windows and AD Fundamentals
Windows Fundamentals 1
Windows Fundamentals 2
Windows Fundamentals 3
Active Directory Basics
Section 4
Command Line
Windows Command Line
Windows PowerShell
Linux Shells
Section 5
Networking
Networking Concepts
Networking Essentials
Networking Core Protocols
Networking Secure Protocols
Wireshark: The Basics
Tcpdump: The Basics
Nmap: The Basics
Section 6
Cryptography
Cryptography Basics
Public Key Cryptography Basics
Hashing Basics
John the Ripper: The Basics
Section 7
Exploitation Basics
Moniker Link (CVE-2024-21413)
Metasploit: Introduction
Metasploit: Exploitation
Metasploit: Meterpreter
Blue
Section 8
Web Hacking
Web Application Basics
JavaScript Essentials
SQL Fundamentals
Burp Suite: The Basics
OWASP Top 10 - 2021
Section 9
Offensive Security Tooling
Hydra
Gobuster: The Basics
Shells Overview
SQLMap: The Basics
Section 10
Defensive Security
Defensive Security Intro
SOC Fundamentals
Digital Forensics Fundamentals
Incident Response Fundamentals
Logs Fundamentals
Section 11
Security Solutions
Introduction to SIEM
Firewall Fundamentals
IDS Fundamentals
Vulnerability Scanner Overview
Section 12
Defensive Security Tooling
CyberChef: The Basics
CAPA: The Basics
REMnux: Getting Started
FlareVM: Arsenal of Tools
Section 13
Build Your Cyber Security Career
Security Principles
Careers in Cyber
Training Impact on Teams

Complete Beginner

Section 1
Complete Beginner Introduction
Tutorial
Starting Out In Cyber Sec
Introductory Researching
Section 2
Linux Fundamentals
Linux Fundamentals Part 1
Linux Fundamentals Part 2
Linux Fundamentals Part 3
Section 3
Network Exploitation Basics
Introductory Networking
Nmap
Network Services
Network Services 2
Section 4
Web Hacking Fundamentals
How websites work
HTTP in detail
Burp Suite: The Basics
OWASP Top 10 - 2021
OWASP Juice Shop
Upload Vulnerabilities
Pickle Rick
Section 5
Cryptography
Hashing - Crypto 101
John the Ripper: The Basics
Encryption - Crypto 101
Section 6
Windows Exploitation Basics
Windows Fundamentals 1
Windows Fundamentals 2
Active Directory Basics
Metasploit: Introduction
Metasploit: Exploitation
Metasploit: Meterpreter
Blue
Section 7
Shells and Privilege Escalation
What the Shell?
Common Linux Privesc
Linux PrivEsc
Section 8
Basic Computer Exploitation
Vulnversity
Basic Pentesting
Kenobi
Steel Mountain

Web Fundamentals

Section 1
How The Web Works
DNS in detail
HTTP in detail
How websites work
Putting it all together
Section 2
Introduction to Web Hacking
Walking An Application
Content Discovery
Subdomain Enumeration
Authentication Bypass
IDOR
File Inclusion
Intro to SSRF
Intro to Cross-site Scripting
Command Injection
SQL Injection
Section 3
Burp Suite
Burp Suite: The Basics
Burp Suite: Repeater
Burp Suite: Intruder
Burp Suite: Other Modules
Burp Suite: Extensions
Section 4
Web Hacking Fundamentals
How websites work
HTTP in detail
Burp Suite: The Basics
OWASP Top 10 - 2021
OWASP Juice Shop
Upload Vulnerabilities
Pickle Rick

Security Engineer

Section 1
Introduction to Security Engineering
Security Engineer Intro
Security Principles
Introduction to Cryptography
Identity and Access Management
Section 2
Threats and Risks
Governance & Regulation
Threat Modelling
Risk Management
Vulnerability Management
Section 3
Network and System Security
Secure Network Architecture
Linux System Hardening
Microsoft Windows Hardening
Active Directory Hardening
Network Device Hardening
Network Security Protocols
Virtualization and Containers
Intro to Cloud Security
Auditing and Monitoring
Section 4
Software Security
OWASP Top 10 - 2021
OWASP API Security Top 10 - 1
OWASP API Security Top 10 - 2
SSDLC
SAST
DAST
Weaponizing Vulnerabilities
Introduction to DevSecOps
Mother's Secret
Traverse
Section 5
Managing Incidents
Intro to IR and IM
Logging for Accountability
Becoming a First Responder
Cyber Crisis Management

SOC Level 1

Section 1
Cyber Defence Frameworks
Junior Security Analyst Intro
Pyramid Of Pain
Cyber Kill Chain
Unified Kill Chain
Diamond Model
MITRE
Summit
Eviction
Section 2
Cyber Threat Intelligence
Intro to Cyber Threat Intel
Threat Intelligence Tools
Yara
OpenCTI
MISP
Friday Overtime
Trooper
Section 3
Network Security and Traffic Analysis
Traffic Analysis Essentials
Snort
Snort Challenge - The Basics
Snort Challenge - Live Attacks
NetworkMiner
Zeek
Zeek Exercises
Brim
Wireshark: The Basics
Wireshark: Packet Operations
Wireshark: Traffic Analysis
TShark: The Basics
TShark: CLI Wireshark Features
TShark Challenge I: Teamwork
TShark Challenge II: Directory
Section 4
Endpoint Security Monitoring
Intro to Endpoint Security
Core Windows Processes
Sysinternals
Windows Event Logs
Sysmon
Osquery: The Basics
Wazuh
Monday Monitor
Retracted
Section 5
Security Information and Event Management
Introduction to SIEM
Investigating with ELK 101
ItsyBitsy
Splunk: Basics
Incident handling with Splunk
Investigating with Splunk
Benign
Section 6
Digital Forensics and Incident Response
DFIR: An Introduction
Windows Forensics 1
Windows Forensics 2
Linux Forensics
Autopsy
Redline
KAPE
Volatility
Velociraptor
TheHive Project
Intro to Malware Analysis
Unattended
Disgruntled
Critical
Secret Recipe
Section 7
Phishing
Phishing Analysis Fundamentals
Phishing Emails in Action
Phishing Analysis Tools
Phishing Prevention
The Greenholt Phish
Snapped Phish-ing Line
Section 8
SOC Level 1 Capstone Challenges
Tempest
Boogeyman 1
Boogeyman 2
Boogeyman 3

Jr Penetration Tester

Section 1
Introduction to Cyber Security
Offensive Security Intro
Defensive Security Intro
Careers in Cyber
Section 2
Introduction to Pentesting
Pentesting Fundamentals
Principles of Security
Section 3
Introduction to Web Hacking
Walking An Application
Content Discovery
Subdomain Enumeration
Authentication Bypass
IDOR
File Inclusion
Intro to SSRF
Intro to Cross-site Scripting
Command Injection
SQL Injection
Section 4
Burp Suite
Burp Suite: The Basics
Burp Suite: Repeater
Burp Suite: Intruder
Burp Suite: Other Modules
Burp Suite: Extensions
Section 5
Network Security
Passive Reconnaissance
Active Reconnaissance
Nmap Live Host Discovery
Nmap Basic Port Scans
Nmap Advanced Port Scans
Nmap Post Port Scans
Protocols and Servers
Protocols and Servers 2
Net Sec Challenge
Section 6
Vulnerability Research
Vulnerabilities 101
Exploit Vulnerabilities
Vulnerability Capstone
Section 7
Metasploit
Metasploit: Introduction
Metasploit: Exploitation
Metasploit: Meterpreter
Section 8
Privilege Escalation
What the Shell?
Linux Privilege Escalation
Windows Privilege Escalation

Web Application Pentesting

Section 1
Authentication
Enumeration & Brute Force
Session Management
JWT Security
OAuth Vulnerabilities
Multi-Factor Authentication
Hammer
Section 2
Injection Attacks
Advanced SQL Injection
NoSQL Injection
XXE Injection
Server-side Template Injection
LDAP Injection
ORM Injection
Injectics
Section 3
Advanced Server-Side Attacks
Insecure Deserialisation
SSRF
File Inclusion, Path Traversal
Race Conditions
Prototype Pollution
Include
Section 4
Advanced Client-Side Attacks
XSS
CSRF
DOM-Based Attacks
CORS & SOP
Whats Your Name?
Section 5
HTTP Request Smuggling
HTTP Request Smuggling
HTTP/2 Request Smuggling
Request Smuggling: WebSockets
HTTP Browser Desync
El Bandito

Offensive Pentesting

Section 1
Getting Started
Tutorial
Vulnversity
Blue
Kenobi
Section 2
Advanced Exploitation
Steel Mountain
Alfred
HackPark
Game Zone
Skynet
Daily Bugle
Overpass 2 - Hacked
Relevant
Internal
Section 3
Buffer Overflow Exploitation
Buffer Overflow Prep
Brainstorm
Gatekeeper
Brainpan 1
Section 4
Active Directory
Active Directory Basics
Breaching Active Directory
Enumerating Active Directory
Lateral Movement and Pivoting
Exploiting Active Directory
Persisting Active Directory
Credentials Harvesting
Section 5
Extra Credit
Hacking with PowerShell
Corp
Mr Robot CTF
Retro

Cyber Defense

Section 1
Cyber Defense Introduction
Tutorial
Introductory Networking
Network Services
Network Services 2
Wireshark 101
Windows Fundamentals 1
Active Directory Basics
Section 2
Threat and Vulnerability Management
Nessus
MITRE
Yara
Zero Logon
OpenVAS
MISP
Section 3
Security Operations & Monitoring
Core Windows Processes
Sysinternals
Windows Event Logs
Sysmon
Osquery: The Basics
Splunk: Basics
Splunk 2
Section 4
Threat Emulation
Attacktive Directory
Attacking Kerberos
Section 5
Incident Response and Forensics
Volatility
Investigating Windows
Windows Forensics 1
Windows Forensics 2
Redline
Autopsy
Disk Analysis & Autopsy
Section 6
Malware Analysis
History of Malware
MAL: Malware Introductory
MAL: Strings
Basic Malware RE
MAL: REMnux - The Redux

DevSecOps

Section 1
Secure Software Development
Introduction to DevSecOps
SDLC
SSDLC
Section 2
Security of the Pipeline
Intro to Pipeline Automation
Source Code Security
CI/CD and Build Security
Section 3
Security in the Pipeline
Dependency Management
SAST
DAST
Mother's Secret
Section 4
Container Security
Intro to Containerisation
Intro to Docker
Intro to Kubernetes
Container Vulnerabilities
Container Hardening
Section 5
Infrastructure as Code
Intro to IaC
On-Premises IaC
Cloud-based IaC

Red Teaming

Section 1
Red Team Fundamentals
Red Team Fundamentals
Red Team Engagements
Red Team Threat Intel
Red Team OPSEC
Intro to C2
Section 2
Initial Access
Red Team Recon
Weaponization
Password Attacks
Phishing
Section 3
Post Compromise
The Lay of the Land
Enumeration
Windows Privilege Escalation
Windows Local Persistence
Lateral Movement and Pivoting
Data Exfiltration
Section 4
Host Evasions
Windows Internals
Introduction to Windows API
Abusing Windows Internals
Introduction to Antivirus
AV Evasion: Shellcode
Obfuscation Principles
Signature Evasion
Bypassing UAC
Runtime Detection Evasion
Evading Logging and Monitoring
Living Off the Land
Section 5
Network Security Evasion
Network Security Solutions
Firewalls
Sandbox Evasion
Section 6
Compromising Active Directory
Active Directory Basics
Breaching Active Directory
Enumerating Active Directory
Lateral Movement and Pivoting
Exploiting Active Directory
Persisting Active Directory
Credentials Harvesting

SOC Level 2

Section 1
Log Analysis
Intro to Logs
Log Operations
Intro to Log Analysis
Section 2
Advanced Splunk
Splunk: Exploring SPL
Splunk: Setting up a SOC Lab
Splunk: Dashboards and Reports
Splunk: Data Manipulation
Fixit
Section 3
Advanced ELK
Logstash: Data Processing Unit
Custom Alert Rules in Wazuh
Advanced ELK Queries
Slingshot
Section 4
Detection Engineering
Intro to Detection Engineering
Tactical Detection
Threat Intelligence for SOC
Sigma
SigHunt
Aurora EDR
SOAR
Section 5
Threat Hunting
Threat Hunting: Introduction
Threat Hunting: Foothold
Threat Hunting: Pivoting
Threat Hunting: Endgame
Hunt Me I: Payment Collectors
Hunt Me II: Typo Squatters
Section 6
Threat Emulation
Intro to Threat Emulation
Threat Modelling
Atomic Red Team
CALDERA
Atomic Bird Goes Purple #1
Atomic Bird Goes Purple #2
Section 7
Incident Response
Preparation
Identification & Scoping
Threat Intel & Containment
Eradication & Remediation
Lessons Learned
Tardigrade
Section 8
Malware Analysis
x86 Architecture Overview
x86 Assembly Crash Course
Windows Internals
Dissecting PE Headers
Basic Static Analysis
MalBuster
Advanced Static Analysis
Basic Dynamic Analysis
Dynamic Analysis: Debugging
Anti-Reverse Engineering
MalDoc: Static Analysis

CompTIA Pentest+

Section 1
Planning and Scoping
Pentesting Fundamentals
Red Team Engagements
Governance & Regulation
Section 2
Tools and Code Analysis
Metasploit: Introduction
Wireshark: The Basics
Hydra
Python Basics
Python for Pentesters
Section 3
Information Gathering and Vulnerability Scanning
Passive Reconnaissance
Active Reconnaissance
Nmap Live Host Discovery
Nmap Basic Port Scans
Nmap Advanced Port Scans
Section 4
Attacks and Exploits
HTTP in detail
OWASP Top 10 - 2021
OWASP Juice Shop
Phishing
Windows Privilege Escalation
Windows Local Persistence
Active Directory Basics
Breaching Active Directory
Linux Privilege Escalation
Lateral Movement and Pivoting
Persisting Active Directory
Credentials Harvesting