Methodologies
There are many different types ex. to pass the OSCP, Bug bounty, incident response, etc. Like many, I would suggest to look at other people's methodologies and build your own. By building your own from your own writeups, notes and then looking at external sources to complete it, you learn a lot more than you would if you simply copied someone else's. Take notes. There are free applications available to help you keep detailed notes whether it's your methodology, courses, exercises it's important to keep notes.
I have divided them in two categories:
Both.
Defensive
Playbooks by SOCFortress on GitHub gives a good overview of what's in a playbook.
LetsDefend : platform with alerts that simulates a SIEM, with a playbook.
Learn about what it is and how to build one on this article on the Oracle website.
How to choose, configure and use cloud services securely. Guidance by the National Cyber Security Centre (UK).
Offensive
You can look at the youtube playlist, github or this pdf file.
You can learn from his bug bounty videos and add it to your own methodology.
He has released a free pdf version of his methodology. You can watch the YouTube video about it linked below and there's also a website with challenges and guides to help you.
Methodologies (examples):
nickvourd, d-sec-net, Ly0nt4r
Useful tools:
OSCP Survival Guide by Joas, Awesome OSCP
OSCP-Notes, OSCP cheat sheet 2023,
Both
Knowledge base of adversary tactics and techniques based on real-world observations. Can be used in simulated attacks and by defensive teams.
Knowledge base, but more specifically a knowledge graph of cybersecurity countermeasure techniques
Last updated