Introduction:

Whether you’re a seasoned professional, a curious beginner, or somewhere in between, staying informed and up-to-date with the latest tools, techniques, and insights is crucial. In this pursuit, the right resources can be a game changer in enhancing your skills and understanding.

In this blog post, I’ve compiled a list of essential cybersecurity resources that have been instrumental in my own journey. From in-depth blog posts to podcasts to training courses, these resources, developed by some of the most respected names in the field, offer a wealth of knowledge for anyone looking to expand their cybersecurity expertise.

I hope you take away even a small golden nugget from this post.

Security Resources and Blogs:

1. Black Hills information security- John Strand and team

• A renowned cybersecurity company specializing in penetration testing, vulnerability assessment, and security training. They are well-known for providing high-quality educational content and resources to the cybersecurity community, including free and pay-what-you-can courses to make cybersecurity education accessible to everyone.
• Noteworthy: https://www.blackhillsinfosec.com/projects/ https://www.blackhillsinfosec.com/blog/

2. Trimarc Security- Sean Metcalf and team

• A cybersecurity firm focused on improving security in Microsoft environments, particularly Active Directory. They are recognized for their expertise in Active Directory security and provide valuable resources, such as detailed blog posts and specialized tooling, to help organizations secure their IT infrastructure
• Noteworthy: https://www.hub.trimarcsecurity.com/posts https://www.hub.trimarcsecurity.com/post/securing-active-directory-performing-an-active-directory-security-review

3. ADsecurity.org

• Sean Metcalf’s personal website that has a ton of valuable information. Mostly focused around active directory attack vectors and mitigations.

4. TCM Security:

• Started by Heath Adams (the Cyber Mentor), TCM Security is a cybersecurity company that offers a range of services including penetration testing and training. They have a collection of courses aimed at beginners and intermediate cybersecurity enthusiasts. I am a holder of their Practical Network Penetration Tester certification, and have loved the courses I have been able to take.
• They are also known for their strong online presence, providing a variety of educational courses, YouTube content, and live streams on platforms like Twitch to educate and engage with the cybersecurity community.
• Noteworthy: Courses: the PEH, and Windows Priv Esc and Linux Priv Esc | Youtube: https://www.youtube.com/@TCMSecurityAcademy

5. Specter Ops:

• A company specializing in cybersecurity research and development. They are particularly famous for creating BloodHound, a tool used for analyzing security relationships within an Active Directory environment. Their blog and other resources are highly regarded for deep insights into advanced cybersecurity tactics and techniques.
• Noteworthy: https://specterops.io/blog/ https://github.com/BloodHoundAD/BloodHound

6. Phillip Wylie:

• A prominent figure in the cybersecurity field, known as a content creator, author, and educator. He hosts two notable podcasts, “The Hacker Factory” and “Phillip Wylie Show,” where he discusses various topics related to hacking, cybersecurity, and the broader tech industry.
• These podcasts have been daily listen to me for a long time. They make any commute better. Phillip interviews a wide range of cybersecurity professionals so this is a great place to find resources or other content creators to follow.

His two podcasts:

1. The Hacker Factory

Favorite episodes:

In this episode, Phillip interviews TJ Null, who created a list of vulnerable boxes to practice for the OSCP exam by Offsec. It’s a really fun interview full of golden nuggets.

https://podcasts.apple.com/us/podcast/a-conversation-with-tj-null-the-hacker/id1581926992?i=1000576626322

In this episode, Phillip interviews Michael Padrick about his journey into cybersecurity and pentesting. Definitely worth the listen.

https://podcasts.apple.com/us/podcast/from-pool-cleaner-to-pentester-a-conversation/id1581926992?i=1000549328781

2. Phillip Wylie Show

Favorite episodes:

In this episode Phillip interviews Jake Hildreth, a Active Directory guru and lead at Trimarc Security mentioned above. Jake goes into depth on his transition from a sys admin to cybersecurity.

https://podcasts.apple.com/us/podcast/powerlifting-and-powershell-a-discussion/id1685564407?i=1000627102063

Phillip interviews Daniel Miessler, the creator of Seclists. It’s a great interview where Daniel talks about creating cybersecurity content.

https://podcasts.apple.com/us/podcast/talking-ai-and-content-creation-with-daniel-miessler/id1685564407?i=1000616815923

7. Taggert Institute:

• An educational institution done by Michael Taggert offering specialized courses in cybersecurity. They focus on providing in-depth training and education in various aspects of cybersecurity, catering to both beginners and experienced professionals in the field.
• Noteworthy: Practical Web application security and testing course: https://taggartinstitute.org/p/pwst Website: https://taggartinstitute.org/p/home

8. AAD Internals:

• A resource dedicated to Azure Active Directory (AAD), providing in-depth insights, blog posts, and tools. It focuses on the internal workings of AAD, offering valuable information and resources for professionals working with Microsoft’s cloud-based identity and access management service.
• Noteworthy: https://aadinternals.com/ https://github.com/Gerenios/AADInternals

9. HarmJ0y:

• Will Schroeder aka Harmj0y, works for specterops. He does some awesome work with creating tools and is very knowledgeable in the Active Directory space. Harmj0y is a tool mastermind in my opinion. He co-founded the Empire project and the BloodHound analysis platform. He also developed PowerUp and PowerView. All of the above tools are helpful for post exploitation and lateral movement. People should recognize them as some staples from the pentester’s toolbelt.
• Noteworthy: Blog: https://blog.harmj0y.net/about/ Github: https://github.com/HarmJ0y

10. Byt3Bl33d3r:

• Marcello aka Byt3bl33d3r is A cybersecurity researcher known for their informative blog and development of security tools. One of their most famous tools is CrackMapExec, which is a tool used for lateral movement in networks, particularly Windows Active Directory networks.
• Marcello provides insights and tools that help in addressing cybersecurity challenges, particularly in the areas of network security and vulnerability assessment. Although the blog has not been updated in some time, there is still some really good information in the articles.
• Noteworthy: Blog: https://byt3bl33d3r.github.io/ Tool: https://github.com/byt3bl33d3r/CrackMapExec

Conclusion:

As we’ve seen, the cybersecurity landscape is rich with resources that cater to a wide range of needs and expertise levels. The tools and knowledge shared by companies like Black Hills Information Security, Trimarc Security, and the many others mentioned are more than just learning materials; they are guides leading us through the complex and ever-changing cybersecurity terrain. Remember, the field of cybersecurity is as challenging as it is rewarding, and staying updated is key to success.

Whether you’re building your foundation or expanding your knowledge, these resources are sure to be valuable assets in your cybersecurity toolkit. I encourage you to explore these resources, engage with their content, and continue your journey of learning and growth in cybersecurity.

Feel free to share your experiences and favorite cybersecurity tools in the comments below — let’s learn and grow together in this fascinating and vital field