Lista con algunos SIEM Gratuitos

Graylog Open
https://www.graylog.org/products/open-source/

AlienVault OSSIM
https://linoxide.com/install-configure-alienvault-siem-ossim/

SIEMonster
https://siemonster.com/download-community-edition/

Wazuh
https://wazuh.com/install/

Snort (IPS)
https://www.snort.org/

OSSEC (IDS)
https://www.ossec.net/docs/docs/manual/installation/index.html

Apache Metron
http://metron.apache.org/

Splunk Free
https://docs.splunk.com/Documentation/Splunk/9.0.1/Admin/MoreaboutSplunkFree

Algunas herramientas para atacar las diferentes capas de red

Brutex – Open Source Tool for Brute Force Automation
https://www.geeksforgeeks.org/brutex-open-source-tool-for-brute-force-automation/

ARP-Poisoning-Tool
https://github.com/EmreOvunc/ARP-Poisoning-Tool

Kali/Layer 1 Attacks
https://charlesreid1.com/wiki/Kali/Layer_1_Attacks

Kali/Layer 2 Attacks
https://charlesreid1.com/wiki/Kali/Layer_2_Attacks

Kali/Layer 3 Attacks
https://charlesreid1.com/wiki/Kali/Layer_3_Attacks

Kali/Layer 4 Attacks
https://charlesreid1.com/wiki/Kali/Layer_4_Attacks

Kali/Layer 5 Attacks
https://charlesreid1.com/wiki/Kali/Layer_5_Attacks

Security Operation Center Trainings

Splunk Courses (FREE)
https://lnkd.in/d_dZNduf

Fortinet Courses (FREE)
https://lnkd.in/dmmkZ-tH

AttackIQ Mitre Att&ck Courses (FREE)
https://lnkd.in/dcfmSPEJ

Microsoft SC-200 Course (FREE)
https://lnkd.in/dbCn3k4n

Awesome OSINT Courses (FREE)
https://lnkd.in/dTCaCf-u

CSILinux Forensic Trainings (FREE)
https://lnkd.in/dhjwx_5h

Cybrary Trainings (FREE)
https://cybrary.it

Introduccion a ThreatHunting Parte 1

 Threat Hunting Introduction PT 1.pdf - Google Drive - Joas Antonio

The best talks about PenTest and Red Team

Kevin Mitnick + Dave Kennedy -- Adaptive Penetration Testing

https://www.youtube.com/watch?v=btLiG9K1_EU&ab_channel=AdrianCrenshaw

DEF CON 23 - Social Engineering Village - Dave Kennedy - Understanding End-User Attacks

https://www.youtube.com/watch?v=UJdxrhERDyM&ab_channel=DEFCONConference

DEF CON 18 - Barnaby Jack - Jackpotting Automated Teller Machines Redux

https://www.youtube.com/watch?v=FkteGFfvwJ0&ab_channel=DEFCONConference

DEF CON 23 - Charlie Miller & Chris Valasek - Remote Exploitation of an Unaltered Passenger Vehicle

https://www.youtube.com/watch?v=OobLb1McxnI&ab_channel=DEFCONConference

AVPASS: Leaking and Bypassing Antivirus Detection Model Automatically

https://www.youtube.com/watch?v=MO11gJ-WJqY&ab_channel=BlackHat

DEF CON Safe Mode Red Team Village - Jorge Orchilles - Deep Dive into Adversary Emulation Ransomware

https://www.youtube.com/watch?v=TelqSCdwi10&ab_channel=DEFCONConference

Discovering C&C in Malicious PDFs with obfuscation, encoding, and other techniques by Filipi Pires

https://www.youtube.com/watch?v=mJZCNqcO10A&ab_channel=RedTeamVillage

DEF CON 26 - Rob Joyce - NSA Talks Cybersecurity

https://www.youtube.com/watch?v=gmgV4r25XxA&ab_channel=DEFCONConference

Evading Microsoft ATA for Active Directory Domination

https://www.youtube.com/watch?v=bHkv63-1GBY&ab_channel=BlackHat

Black Hat 2013 - Exploiting Network Surveillance Cameras Like a Hollywood Hacker

https://www.youtube.com/watch?v=B8DjTcANBx0&ab_channel=HackersOnBoard

DEF CON 23 - Marc Rogers and Kevin Mahaffey - How to Hack a Tesla Model S

https://www.youtube.com/watch?v=KX_0c9R4Fng&ab_channel=DEFCONConference

Daniel Bohannon – Invoke-Obfuscation: PowerShell obFUsk8tion

https://www.youtube.com/watch?v=uE8IAxM_BhE&t=1s&ab_channel=Hacktivity-ITSecurityFestival

DEF CON 23 - Chris Domas - Repsych: Psychological Warfare in Reverse Engineering

https://www.youtube.com/watch?v=HlUe0TUHOIc&ab_channel=DEFCONConference

OSCP 2021 to 2022 (Offensive Security Certified Professional) Pass and Preparation - Active Directory

Links:

https://lnkd.in/ecf3g9t
https://lnkd.in/e-k9jwa
https://lnkd.in/eBee79k
https://lnkd.in/e__s4AH
https://lnkd.in/ev4B-ZF
https://lnkd.in/euApgZ8
https://lnkd.in/eKimv9k
https://lnkd.in/eNXxRUy
https://lnkd.in/eJNZ64U
https://lnkd.in/e_Hw2fK
https://lnkd.in/e6V2VE6
https://lnkd.in/eUa7m6y
https://lnkd.in/eWhpmU9
https://lnkd.in/eJCfshN
https://lnkd.in/d_U9SQ9
https://lnkd.in/dPPtpejv
https://lnkd.in/drKhHYfd
https://lnkd.in/dmvipXdp
https://lnkd.in/dW_29vyQ
https://lnkd.in/dV7SUxbx
https://lnkd.in/dKmvdTNj

Recursos para practicar PenTesting

No todos los sitios son gratuitos!!

HackTheBox

https://lnkd.in/esmZ7pFT

TryHackMe

https://tryhackme.com/

Hack This Site

https://www.hackthissite.org/

Cybrary

https://www.cybrary.it/info/freehackingtraining/

EchoCTF

https://echoctf.red/

Ethical Hacking in 12 Hours - Full Course - Learn to Hack!

https://www.youtube.com/watch?v=fNzpcB7ODxQ&ab_channel=TheCyberMentor

Hack Yourself First

https://hack-yourself-first.com/

OWASP Juice Shop

https://github.com/juice-shop/juice-shop

PortSwigger Web Security Academy

https://portswigger.net/web-security

Game Of Hacks

https://www.gameofhacks.com/

VulnHub

https://www.vulnhub.com/

INE

https://my.ine.com/

HackerTest

http://www.hackertest.net/

Beginner Web Application Hacking (Full Course)

https://www.youtube.com/watch?v=24fHLWXGS-M&ab_channel=TheCyberMentor

PentesterLab

https://www.pentesterlab.com/

Defend The Web

https://defendtheweb.net/

Hackxor

https://hackxor.net/

Full Ethical Hacking Course - Network Penetration Testing for Beginners (2019)

https://www.youtube.com/watch?v=3Kq1MIfTWCE&ab_channel=freeCodeCamp.org

Google Gruyere

https://google-gruyere.appspot.com/

Linux for Ethical Hackers (2022 - Full Kali Linux Course)

https://www.youtube.com/watch?v=U1w4T03B30I&ab_channel=TheCyberMentor

OverTheWire

https://overthewire.org/wargames/

Que es un ataque de diccionario?

 What is a Dictionary Attack? How the Attack works and How to Prevent the Dictionary Attack

Algunos recursos para aprender Wireshark

Wireshark es un software gratuito para capturar y analizar tráfico, esta es una habilidad invaluable en el ambiente de redes y cibersegurdiad! 

CompTIA Guide to Wireshark:
https://lnkd.in/eT2sfxjB

LetsDefend “Malware Traffic Analysis with Wireshark”:
https://lnkd.in/esNfk24X

Deep Dive Into Wireshark (YouTube Playlist)
https://lnkd.in/eFjW8pvH

Wireshark Tutorial - David Bombal (YouTube Video)
https://lnkd.in/eP-xMsSt

10 Herramientas Gratuitas para Investigacion Forense

Sleuth Kit (+Autopsy)
https://www.sleuthkit.org/autopsy/

Forensic Investigator
https://splunkbase.splunk.com/app/2895/

Autopsy
https://www.autopsy.com/

Dumpzilla
https://www.dumpzilla.org/

Browser History
https://www.nirsoft.net/utils/browsing_history_view.html

FTK Imager
https://accessdata.com/product-download

X-Ways Forensics
http://www.x-ways.net/forensics/

CAINE
https://www.caine-live.net/

Toolsley
https://www.toolsley.com/file.html

ExifTool
https://exiftool.org/

Fuente:
https://cybersecuritynews-com.cdn.ampproject.org/c/s/cybersecuritynews.com/free-forensic-investigation-tools/?amp

Recursos gratuitos para aprender seguridad de APIs

1. Traceable AI, API Hacking 101

https://www.youtube.com/watch?v=qC8NQFwVOR0&ab_channel=Traceable

2. Video: Katie Paxton-Fear, API Hacking

https://www.youtube.com/watch?v=kcV8TLSTn78&ab_channel=OWASPFoundation

3. Video: Bugcrowd, Bad API, hAPI Hackers

https://www.bugcrowd.com/resources/levelup/bad-api-hapi-hackers

4. Video: OWASP API Security Top 10 Webinar

https://www.youtube.com/watch?v=pvAjQ9mMepk&ab_channel=Wallarm

5. Blog: Detectify, How To Hack API's in 2021

https://labs.detectify.com/2021/08/10/how-to-hack-apis-in-2021/

6. Blog: HackXpert, Let's build an API to hack

https://medium.com/codex/lets-build-an-api-to-hack-information-disclosure-1e2da7df6d60

7. Video: Bugcrowd, API Security 101 by Sadako

https://www.youtube.com/watch?v=ijalD2NkRFg&ab_channel=Bugcrowd

8. Video: David Bombal, Free API Hacking Course

https://www.youtube.com/watch?v=CkVvB5woQRM&ab_channel=DavidBombal

9. Blog: Wallarm, How To Hack API In 60 Minutes

https://www.wallarm.com/what/how-to-hack-api-in-60-minutes-with-open-source

10. Website: APIsecurity IO, API Security Articles

https://apisecurity.io/

11. Blog: Curity, The API Security Maturity Model

https://curity.io/resources/learn/the-api-security-maturity-model/

12. Blog: Expedited Security, API Security MegaGuide

https://expeditedsecurity.com/api-security-best-practices-megaguide/

13. Video: Grant Ongers, API Security Testing Workshop

https://www.youtube.com/watch?v=l0ISDMUpm68&ab_channel=StackHawk

14. Blog: APIsec OWASP API Security Top 10: A Deep Dive

https://www.apisec.ai/blog/what-is-owasp-api-security-top-10

15. Podcast: We Hack Purple, API Security Best Practices

https://wehackpurple.com/podcast/episode-38-api-security-best-practices/

16. Blog: Kontra Application Security, Owasp Top 10 for API

https://application.security/free/owasp-top-10-API

17. Blog: Secure Delivery, OWASP API Top 10 CTF Walk-through

https://securedelivery.io/articles/api-top-ten-walkthrough/

18. Blog: SmartBear, How To Hack An API And Get Away With It

https://smartbear.com/blog/api-security-testing-how-to-hack-an-api-part-1/

https://smartbear.com/blog/api-security-testing-how-to-hack-an-api-part-3/

19. Blog: Ping Identity, API Security: The Complete Guide 2022

https://www.pingidentity.com/en/resources/blog/post/complete-guide-to-api-security.html

20. Blog: Bend Theory, Finding and Exploiting Unintended Functionality in Main Web App APIs

https://bendtheory.medium.com/finding-and-exploiting-unintended-functionality-in-main-web-app-apis-6eca3ef000af

21. Blog: Bright Security, Complete Guide to Threats, Methods & Tools

https://brightsec.com/blog/api-security/

Lista de Websites para escanear dominios o IPs

1. GreyNoise https://www.greynoise.io/

2. VirusTotal https://www.virustotal.com/gui/home/search

3. Whois https://www.whois.com/whois

4. AbuseIPDB https://www.abuseipdb.com/

5. IpAddress https://www.ipaddress.com/search/

6. ARIN https://search.arin.net/

7. Censys https://search.censys.io/

8. Intelligence X https://intelx.io/

9. Shodan https://www.shodan.io/

10. ZoomEye https://www.zoomeye.org/discover

11. ONYPHYE https://www.onyphe.io/

12. What is My IP https://whatismyip.live/ip-lookup

13. BinaryEdge https://docs.binaryedge.io/search/

14. URL Scan https://urlscan.io/search/#*

15. Abuse CH https://abuse.ch/#platforms

Nuevos Cursos Gratuitos

 Aqui les dejo unos cuantos recursos gratuitos:

1. SANS Cyberaces Training

2. COMPTIA (networking, cloud and cyber)

3. Cybrary IT

4. Cybersecurity Basics

5. Fortinet Information Security Awareness

Recursos para aprender Python

 Aqui les dejo algunos recursos para aprender Python:

1. Google Python Course

2. Microsoft's Introduction to Python Course

3. Introduction to Python Programming on Udemy

4. Python 13 YouTube Videos

5. NetworkChuck YouTube Python Course

6. Learn Python 3 for Total Beginners on Udemy

7. Learn Python - Full Course for Beginners by freeCodeCamp

8. LearnPython free course

9. Learn Python with Programming with Mosh

Aqui pueden ver 2 clases completas de TCM Security Academy

1. Ethical Hacking in 12 Hours - Full Course - Learn to Hack!

2. Open-Source Intelligence (OSINT) in 5 Hours - Full Course - Learn OSINT!

Bienvenidos!

Hola a todos! Gracias por tomarse el tiempo de visitar mi Blog. Aqui tratare de publicar cosas relevantes del tema de Ciberseguridad.