Welcome to DEFENSAHACKER Academy
One of the problems with cybersecurity nowadays is that there is A LOT of information spread across the Internet and sometimes is not easy to find nor even have an starting point. Actually still many people ask me where should they start to learn cybersecurity, penetration testing, malware analysis, etc.
I started this wiki in 2018 after I got the OSCP (Offensive Security Certified Professional) certification as a wiki to centralize all information, links, cheat sheets, tutorials, etc regarding offensive security and . Later with the boom of SOCs (Security Operations Centers) I also added more info about tools and frameworks for detection, malware analysis, threat intelligence among other topics.
I hope that with DEFENSAHACKER Academy people who wants to learn more about cybersecurity have it a little bit easier.
What is Penetration Testing?
A penetration test, colloquially known as a pentest, is an authorized simulated attack performed to evaluate the security of a server or a corporation.
There are three main types of Penetration Testing: Black box, Grey Box or White Box. Learn more about it here.
New YouTube channel
Offensive Security
Complete approach with different offensive security techniques
WEB APPLICATION TESTING
Learn how to perform Web Application to test websites, APIs, SQL injections, SSL/TLS attacks and OWASP TOP 10
● Intro to web application testing● Types of Web Application Attacks● OWASP TOP 10 explained● Attacks on SSL/TLS protocols● Webpentest through SOCKS proxy● Attacks on PHP websites● Attacks on JavaScript Frameworks● More on toolsINFRASTRUCTURE & NETWORK TESTING
The most important foundation for and Operations based on standards such as PTES, CEH, OSSTMM among others
● PHASE I: Reconnaissance● PHASE II: Scanning● PHASE III: Enumeration● PHASE IV: Exploitation● PHASE V: Post exploitation● PHASE VI: Covering Tracks● PHASE VII: Lateral MovementMOBILE SECURITY TESTING
Learn how to hack mobile apps and protect against tampering
● Static Analysis for Android and iOS● Dynamic Analysis for Android and iOS● Protections to mitigate attacksRED TEAMING
Red teaming tools to test defensive systems and simulate advanced attacks
● Tools and Frameworks for RED TEAMSDefensive Security – SOC
Learn how to detect, analyze and prevent cyberattacks
BLUE TEAM
● Tools and frameworks for BLUE TEAMSPURPLE TEAM
● Tools and frameworks for PURPLE TEAMSAPPLICATION SECURITY
● Tools and frameworks for APPLICATION SECURITY
Operational Technology
(OT)
Industrial Control Systems (ICS)
Critical infrastructures are a current target for hackers and nation sponsored threat actors, learn how to set up a honeypot for OT or run on industrial devices, PLCs, etc
● Intrusion Deception Systems and Honeypots ● Vulnerability Assessment for OT/ICS devicesDo not miss anything! Spam-free newsletter
Subscribe to be the first to know about updates and new articles and courses
Latest from blog
Because Computer Security matters…
OT industrial cybersecurity: ModBus protocol
OT stands for Operational Technology, contrary to the IT that is Information Technology. Inside IT we put things such as servers, computers, laptops, smartphones, etc. OT is more focused on[…]
Read more
SecDevOps: Protecting Terraform state file
Terraform is one of the most used tools to deploy Infrastructure as a Service or IaaS for short, but we have to manage it in a secure way. Some developers[…]
Read more
Hardening WordPress installation
When installing WordPress is important to change the predefined salts to avoid any weak cryptography that makes your cookies and session management weaker. The fastest way to fix that: https://api.wordpress.org/secret-key/1.1/salt/[…]
Read moreAbout DEFENSAHACKER
Jacobo Avariento
Founder & Hacker-In-Chief
With more than 15 years in the cybersecurity industry as a consultant and penetration tester working for top tier banks, the European Central Bank, pharmaceutical, automotive and gaming companies.
