Cyber Training, CTFs

[Cyber Team Building](../Cyber%20Team%20Building/Cyber%20Team%20Building.md) - https://www.antisyphontraining.com/training-calendar/ - https://notion.cybersader.com/cybersecurity-media-education-jobs - [ > TryHackMe | Cyber Security Training](https://tryhackme.com/soc-sim/) # Best Cyber Resources/Companies - gonna add more here - BHIS - https://www.blackhillsinfosec.com/projects/ - Cyber deception & active defense - https://www.activecountermeasures.com/ - https://www.blackhillsinfosec.com/blog/ - [antisyphontraining.com > Home - Antisyphon Training](https://www.antisyphontraining.com/) # Videos ### Technology and Infrastructure Teams - [Next Gen Strategies for Cleaning Up Previous Gen AD & SMB w/ Kent & Jordan](https://www.youtube.com/watch?v=lud3T2mHiI4) - Cleaning up NTFS file shares - How legacy happens - Cleanup Strategies - Relationships - Examples - [How to Not Get Burned in the Year of the Dragon w/ Jordan & Kent](https://www.youtube.com/watch?v=4ERqB2rwPO0) - Summary from 100s of pentests from BHIS pentests - Really in depth w/great recommendations - [BHIS | Sacred Cash Cow Tipping 2021 - John Strand & BHIS Testers](https://www.youtube.com/watch?v=P_fHD_Er_dg) - Security products all tell you they are going to stop attacks with zero false positives - Getting past all the marketing and buzz words - EDR has been improved, but that's only because sig-based detections were garbo and people were calling vendors out - Keep your vendors honest - [Adversarial Emulation Extravaganza w/ Kent & Jordan](https://www.youtube.com/watch?v=q_y05SOZvPY) - Passwordless authentication weaknesses - Shadow credentials - exploiting passwordless mechanisms in Windows local and AD - [New Methods to Attack & Defend Active Directory w/ Eric Kuehn](https://www.youtube.com/watch?v=rSgj-oMxG0g) ### DevSecOps - [Securing Speed: Safeguarding CI/CD Pipelines for Robust Software Delivery](https://www.youtube.com/watch?v=vd5JpQB_owg) #### Cyber Deception (Ben's Fave Topic) - [An Invitation to "Active Defense & Cyber Deception" w/ John Strand - 5 minutes](https://www.linkedin.com/posts/antisyphon-training_an-invitation-to-defense-activity-7043959108894355456-Bqyo?trk=public_profile_like_view) - [Active Defense & Cyber Deception - Day 1 | 2024-05-13 | with John Strand](https://www.youtube.com/watch?v=R-imWPT1HWo) ### SOC, InfoSec - [Fun with Office Macros w/ David Fletcher](https://www.youtube.com/watch?v=cfKDnxeoTuQ) - 2024 BHIS Cast on Office Macros w/Pentesting - [Phishtory and the Phuture of Phishing with Joseph](https://www.youtube.com/watch?v=jkApCKWsiUI) - [Measuring Success in Your SOC w/Hayden Covington | 1-Hour](https://www.youtube.com/watch?v=RvsAy4xXrpQ) - [DNS Deep Diving with Serena DiPenti](https://www.youtube.com/watch?v=p0Ar6eincE0) - [From Zero to Hero: Beginner’s Guide to Active Directory w/ Dale Hobbs](https://www.youtube.com/watch?v=XwOV7HpVLEA) #livestream #activedirectory ## Backdoors & Breaches - [Game-Based Tabletops](../Game-Based%20Tabletops/Game-Based%20Tabletops.md) - [Backdoors & Breaches - Introducing TRIMARC Expansion Deck](https://www.youtube.com/watch?v=P4sQCjRyG0o) - Great Active Directory pentesting-related expansion deck - Has a lot of modern attacks to think about - [Backdoors & Breaches](../Game-Based%20Tabletops/Backdoors%20&%20Breaches/Backdoors%20&%20Breaches.md) ## GRC, Audits - [RUN GRC: It's Like That and That's The Way It Is w/ Kelli & CJ](https://www.youtube.com/watch?v=dD27sV_vbno) - [Merry Christmas, It’s the Ugly Sweater GRC Roundup w/ Kellli & CJ](https://www.youtube.com/watch?v=F23uDx8D1ZM) ## Cybersecurity Basics, Non-Security - [Cyber Security Basics for Muggles & Minions with Ashley and Chris](https://www.youtube.com/watch?v=N_WBsEkuz5w) ## General Employees, Security Hygiene - # Podcasts, Fun Things to Listen to, News - https://darknetdiaries.com/ - true stories from the dark side of the internet - https://www.youtube.com/@BlackHillsInformationSecurity/streams - https://www.youtube.com/@SimplyCyber/streams # DIY Cyber Range - [DOAZLab Azure Purple Teaming Environment and Labs](../../📁%2098%20-%20ARCHIVE/GradSchoolProjects/Honey%20Accounts%20in%20Windows%20AD/Tech%20Stack,%20Architecture,%20Tools.md) - https://www.doazlab.com/ - Content - https://github.com/AppliedPurpleTeaming/AppliedPurpleTeaming # CTFs, Cyber Ranges, Technical Training - 2024 CTFs - [Cybersecurity Awereness | Huntress](https://www.huntress.com/cybersecurity-education/cybersecurity-awareness) - Other collab environments - [RangeForce](https://rangeforce.com/) - https://overthewire.org/wargames/ - Linux stuff - https://www.blackhillsinfosec.com/services/cyber-range/ - https://www.antisyphontraining.com/cyber-range/ - https://metactf.com/ - Threat Modeling, Pentesting - [TryHackMe](https://tryhackme.com/) - [Hackthebox](https://www.hackthebox.com/) - https://resources.hackthebox.com/finance - https://roadmap.sh/cyber-security - learn connected concepts - no signup - in browser - [PortSwigger](https://portswigger.net/) - web security academy - [Hacking Articles](https://www.hackingarticles.in/) - Raj Chandel's Blog - [Home | RedTeamRecipe](https://redteamrecipe.com/) - https://pentesterlab.com/appsecschool - [APIsec University](https://www.apisecuniversity.com/) - free app sec courses - [Hacksplaining](https://www.hacksplaining.com/) - https://www.vulnhub.com/resources/ - https://www.vulnhub.com/ - tons of hackable stuff - Legal hacking environments for training - https://github.com/joe-shenouda/awesome-cyber-skills - https://github.com/onlurking/awesome-infosec?tab=readme-ov-file#massive-online-open-courses - John Strand Intro Labs - https://github.com/strandjs/IntroLabs/tree/master - Free courses - https://www.edx.org/search?q=application+security ## CTF Resources - https://github.com/devploit/awesome-ctf-resources - https://ctftime.org/ ### Team-Building CTFs -