IT'S CURRENTLY A WIP - WORK IN PROGRESS
Cursos para fazer um "Zero to Hero" em Cyber Segurança sem marketing, vai ter que:
- estudar muito (estamos falando de um "Hero" né?)
- estudar coisas "não técnicas" e "não convencionais" (Qualidade = Hard Skills + Soft Skills)
- estudar mais de uma vez a mesma coisa (Saber = Repetir + Repetir + Repetir)
Ponto bom:
- Único investimento é o seu tempo, é tudo "na faixa", "de grátis", "sem custo de grana".
Disclaimer:
-
Ninguém precisa ser "Hero", mas lembre-se sempre da velha passagem (com tradução em seguida para a galera que ainda não começou o curso de inglês)
"Be careful whose advice you buy, but be patient with those who supply it. Advice is a form of nostalgia. Dispensing it is a way of fishing the past from the disposal, wiping it off, painting over the ugly parts and recycling it for more than it's worth."
"Tenha cuidado com as pessoas que lhe dão conselhos, mas seja paciente com elas. Conselho é uma forma de nostalgia. Dar conselhos é uma forma de resgatar o passado da lata de lixo, limpa-lo, esconder as partes feias e reciclá-lo por um preço maior do que realmente vale."
Sunscreen (Everybody's Free) - Baz Luhrmann
Sem mais delongas, te desejo bons estudos!
- Inglês
- Kultivi - Curso de inglês: https://kultivi.com/cursos/idiomas/ingles
- Português
- EV - Comunicação Escrita: https://www.ev.org.br/cursos/comunicacao-escrita
- Base de Computação
- Netacad - Get Connected: https://www.netacad.com/courses/os-it/get-connected
- FIAP - Gestão de Infraestrutura de TI: https://on.fiap.com.br/local/movimentobrasildigital/
- Segurança da informação geral
- FGV Nic.Br - Segurança Digital: https://educacao-executiva.fgv.br/cursos/online/curta-media-duracao-online/seguranca-digital
- FGV Nic.Br - Termos de Uso e Políticas de Privacidade: https://educacao-executiva.fgv.br/cursos/online/curta-media-duracao-online/termos-de-uso-e-politicas-de-privacidade
- Netacad - Introduction to Cybersecurity: https://www.netacad.com/courses/cybersecurity/introduction-cybersecurity
- Sistemas Operacionais Windows
- MSLearn - Path Microsoft 365 (9 Módulos): https://docs.microsoft.com/en-us/learn/paths/m365-getmodern/
- Sistemas Operacionais Linux
- Netacad - Linux Unhatched: https://www.netacad.com/courses/os-it/ndg-linux-unhatched
- Desenvolvimento de software
- Laracasts - PHP for Beginners: https://laracasts.com/series/php-for-beginners
- Bancos de dados
- Coursera Michigan - Introduction to SQL: https://www.coursera.org/learn/intro-sql
- Mosh - MySQL in 3 Hours: https://www.youtube.com/watch?v=7S_tz1z_5bA
- Soft Skills
- Coursera DTS - Learning How to Learn: https://www.coursera.org/learn/learning-how-to-learn
- FM2S - Criatividade: Princípios e Técnicas: https://ead.fm2s.com.br/curso/curso-de-criatividade-principios-e-abordagens/
- Português
- EV - Oficina de Gramática: https://www.ev.org.br/cursos/oficina-de-lingua-portuguesa-gramatica
- Base de computação
- edX Harvard - cs50x: https://www.edx.org/course/introduction-computer-science-harvardx-cs50x
- Base de Redes
- Netacad - CCNAv7 Introdução às Redes (pelo Nic.Br): https://cursoseventos.nic.br/curso/curso-ccna-intro-cisco-nicbr/
- Segurança da informação geral
- Netacad - Cybersecurity Essentials: https://www.netacad.com/courses/cybersecurity/cybersecurity-essentials
- SANS - CyberAces: https://www.sans.org/cyberaces/
- NIC.br - Tratamento de Incidentes de Segurança na Internet, explicado pelo NIC.br: https://youtu.be/flu6JPRHW04
- Sistemas Operacionais Windows
- MSLearn - Windows Deployment (5 Módulos): https://docs.microsoft.com/en-us/learn/paths/plan-your-windows-10-deployment-strategy/
- MSLearn - Windows Server (5 Módulos): https://docs.microsoft.com/en-us/learn/paths/windows-server-deployment-configuration-administration/
- Sistemas Operacionais Linux
- Linux Foundation - Introduction to Linux: https://training.linuxfoundation.org/training/introduction-to-linux/
- Sistemas de Firewall
- Jose Bravo - PFSense (43 Vídeos): https://www.youtube.com/watch?v=aRVJmlqXAdQ&list=PLHh9jhztlMypPs0EIcpHE5R-5sc27r4Bc
- Desenvolvimento de software
- Netacad - Python: https://www.netacad.com/courses/programming/pcap-programming-essentials-python
- Mosh - What is a REST API: https://www.youtube.com/watch?v=SLwpqD8n3d0
- Bancos de dados
- Coursera Michigan - Database Design PostgreSQL: https://www.coursera.org/learn/database-design-postgresql
- Ciência de dados
- Data Science Academy - Big Data Fundamentos 3.0: https://www.datascienceacademy.com.br/cursosgratuitos
- Data Science Academy - Inteligência Artificial Fundamentos 2.0: https://www.datascienceacademy.com.br/cursosgratuitos
- Data Science Academy - Introdução à Ciência de Dados 3.0: https://www.datascienceacademy.com.br/cursosgratuitos
- Soft Skills
- EV - Organizacao Pessoal: https://www.ev.org.br/cursos/organizacao-pessoal
- Português
- EV - Técnicas de Redação: https://www.ev.org.br/cursos/tecnicas-de-redacao
- Processos de TI
- LearnQuest Coursera - ITIL4: https://www.coursera.org/learn/itil-4-exam-preparation
- Base de Redes
- Netacad - CCNAv7 Switching, Routing e Wireless Essentials (pelo Nic.Br): https://cursoseventos.nic.br/curso/curso-ccna-srwe-cisco-nicbr/
- Base de Computação
- Princeton University Coursera - Computer Architecture: https://www.coursera.org/learn/comparch
- Base de computação em núvem
- FIAP - Cloud Fundamentals: https://on.fiap.com.br/local/movimentobrasildigital/
- Segurança da informação geral
- FIAP - Cybersecurity: https://on.fiap.com.br/local/movimentobrasildigital/
- AacadiTI - Network Defense Essentials: https://acaditi.com.br/essentials-series/#nde
- Coursera - New York University: https://www.coursera.org/specializations/intro-cyber-security
- Cert.br - Recomendações para Notificações de Incidentes de Segurança: https://www.cert.br/docs/whitepapers/notificacoes/
- SANS - The Cycle of Cyber Threat Intelligence: https://youtu.be/J7e74QLVxCk
- MITRE - Using ATT&CK for Cyber Threat Intelligence Training: https://attack.mitre.org/resources/training/cti/
- MITRE - Foundations of Operationalizing MITRE ATT&CK: https://academy.attackiq.com/courses/foundations-of-operationalizing-mitre-attck
- Pentest
- DESEC - Introducao Pentest: https://desecsecurity.com/curso/introducao-pentest
- Segurança Ofensiva
- AacadiTI - Ethical Hacking Essentials: https://acaditi.com.br/essentials-series/#ehe
- Portswigger Web Security Academy - Server-side topics (93 Labs): https://portswigger.net/web-security/learning-path
- Forense computacional
- AcadiTI - Digital Forensics Essentials: https://acaditi.com.br/essentials-series/#dfe
- BASIS - Intro to DFIR: https://dfir-training.basistech.com/courses/intro-to-divide-and-conquer
- Exercícios de "Capture the Flag"
- Beco do Exploit - Desafio#2: https://youtube.com/playlist?list=PLHBDBcFA_l_WBcUJWf8cp5BaPsUkquRQU
- Sistemas Operacionais Linux
- Aurélio - Portal do Shell: https://aurelio.net/shell/
- Sistemas Operacionais Windows
- MSLearn - PowerShell (6 Módulos): https://docs.microsoft.com/en-us/learn/paths/powershell/
- Desenvolvimento de software
- Netacad - JavaScript: https://www.netacad.com/courses/programming/javascript-essentials-1
- Caixa de Ferramentas
- Linux Foundation - Git: https://training.linuxfoundation.org/training/git-for-distributed-software-development-lfd109x/
- Ciência de dados
- Data Science Academy - Microsoft Power BI Para Data Science, Versão 2.0: https://www.datascienceacademy.com.br/cursosgratuitos
- Soft Skills
- FIAP - DevOps & Agile Culture: https://on.fiap.com.br/local/movimentobrasildigital/
- SrgioBuria - XGH Extreme Go Horse (como NÃO resolver as coisas em TI): https://pt.slideshare.net/SrgioBuria/xgh-extreme-go-horse
- Base de Redes
- Nic.Br - Curso Básico IPv6: https://cursoseventos.nic.br/curso/curso-basico-ipv6-ead/
- Netacad - CCNAv7 Enterprise Networking, Security, and Automation (pelo Nic.Br): https://cursoseventos.nic.br/curso/curso-ccna-ensa-cisco-nicbr
- Monitoramento de ambientes
- Elastic - Observability Fundamentals: https://www.elastic.co/training/observability-fundamentals
- Elastic - Kibana Fundamentals: https://www.elastic.co/training/kibana-fundamentals
- New Relic - Observability 101: The essentials: https://learn.newrelic.com/path/foundations/observability-101-the-essentials
- New Relic - Opentelemetry - An opensource data collection standard: https://learn.newrelic.com/opentelemetry-an-open-source-data-collection-standard
- Segurança Ofensiva
- GoHacking - EHC2: https://www.youtube.com/watch?v=bUqu8fh7xUg
- Beco do Exploit - Hacking Dojo: https://becodoexploit.com/HackingDojo/
- Portswigger Web Security Academy - Client-side topics (93 Labs): https://portswigger.net/web-security/learning-path
- GoHacking - BugBounty: https://youtu.be/UHo9TLzJneM
- Segurança Defensiva
- GoHacking - Security Operations 101: https://youtu.be/jHr6o8_sKZo
- Sistemas de SIEM
- Jose Bravo - What is a SIEM? (5 Vídeos): https://www.youtube.com/watch?v=MtqFMe4zSpQ&list=PLHh9jhztlMyp8lyKXt9orVM57ygW_ihPS
- Cybrary - AlienVault OSSIM: https://www.cybrary.it/course/alienvault-ossim/
- Elastic - SIEM Fundamentals: https://www.elastic.co/training/elastic-security-fundamentals-siem
- Sistemas de Firewall
- Checkpoint edX - Network Security: https://www.edx.org/course/jump-start-network-security
- Checkpoint edX - Product Deployment: https://www.edx.org/course/jump-start-product-deployment
- Exercícios de "Capture the Flag"
- Over the Wire - Wargames: https://overthewire.org/wargames/
- Desenvolvimento de Software
- Hackaflag Papo Binário - Programação moderna em C: https://hackaflag.com.br/academy.html
- Base de engenharia reversa
- Hackaflag Papo Binário - Curso de Engenharia Reversa Online: https://hackaflag.com.br/academy.html
- Auditoria de segurança em Sistemas Operacionais
- IPPSec - Linux Logging with Auditd: https://www.youtube.com/watch?v=lc1i9h1GyMA
- Jose Bravo - Sysmon (36 Vídeos): https://www.youtube.com/watch?v=Xl31zNp4YUY&list=PLHh9jhztlMyrlWsozcrUEOvByfLJvRBDy
- Organização pessoal e postura
- EV - Comunicacao Empresarial: https://www.ev.org.br/cursos/comunicacao-empresarial
- Legislação
- ENAP SERPRO - Lei Brasileira de Proteção de Dados Pessoais: https://www.escolavirtual.gov.br/curso/603
- Caixa de Ferramentas
- Linux Foundation - Linux Tools: https://training.linuxfoundation.org/training/linux-tools-for-software-development-lfd108x/
- Introduçao a eletrônica digital
- Georgia Tech Coursera - Introduction to Electronics: https://www.coursera.org/learn/electronics
- Georgia Tech Coursera - Linear Circuits DC: https://www.coursera.org/learn/linear-circuits-dcanalysis
- Georgia Tech Coursera - Linear Circuits AC: https://www.coursera.org/learn/linear-circuits-ac-analysis
- UAB Coursera - Digital Systems: From Logic Gates to Processors: https://www.coursera.org/learn/digital-systems
- Soft Skills
- ENAP - Habilidades de Resolução de Problemas: https://www.escolavirtual.gov.br/curso/600
- Prime Cursos - Noções basicas de PNL: https://www.primecursos.com.br/nocoes-basicas-de-pnl/
- Cybrary - Social Engineering: https://www.cybrary.it/course/social-engineering/
- Sarah Granger - Social Engineering Fundamentals, Part I: Hacker Tactics: http://web.archive.org/web/20160425153636/http://www.symantec.com/connect/articles/social-engineering-fundamentals-part-i-hacker-tactics
- Sarah Granger - Social Engineering Fundamentals, Part II: Combat Strategies: https://web.archive.org/web/20140912061257/http://www.symantec.com/connect/articles/social-engineering-fundamentals-part-ii-combat-strategies
- Exercícios de "Capture the Flag"
- Try Hack Me: https://tryhackme.com
- Hack The Box: https://www.hackthebox.eu
- Analise de vulnerabilidades
- Rapid7 - Fundamentals Vulnerability Risk Management: https://www.rapid7.com/fundamentals/vulnerabilities-exploits-threats/
- Tenable - Introduction to Tenable.sc: https://university.tenable.com/pubaccess/learn/course/internal/view/elearning/333/introduction-to-tenablesc
- Segurança da informaçao
- Cert.br - Honeypots e Honeynets: Definições e Aplicações: https://www.cert.br/docs/whitepapers/honeypots-honeynets/
- Segurança ofensiva em ambientes web
- Stanford - CS253 Web Security: https://web.stanford.edu/class/cs253/ (Vídeos das aulas: https://www.youtube.com/playlist?list=PL1y1iaEtjSYiiSGVlL1cHsXN_kvJOOhu-)
- Portswigger Web Security Academy - Advanced topics (93 Labs): https://portswigger.net/web-security/learning-path
- Ferramentas para Segurança Ofensiva
- Offensive Security - Metasploit Unleashed: https://www.offensive-security.com/metasploit-unleashed/
- GoHacking - Fundamentos de Análise de memória: https://youtu.be/Iz0Bh7L3iYM
- Sistemas de SIEM
- IPPSec - PowerSIEM Analyzing Sysmon Events with PowerShell: https://www.youtube.com/watch?v=MvfhIydxFmw
- Jose Bravo - QRadar (38 Vídeos): https://www.youtube.com/watch?v=P90e4iEJ32s&list=PLHh9jhztlMyqRRmj64BcVyNBkhApa_LIn
- Tecnologias de internet das coisas
- Netacad - Introduction to IoT: https://www.netacad.com/courses/iot/introduction-iot
- Desenvolvimento de software:
- edX - CS50’s Introduction to Programming with Python (CS50P): https://www.edx.org/professional-certificate/harvardx-computer-science-for-python-programming
- Mosh - Learn Node in 1 Hour: https://www.youtube.com/watch?v=TlB_eWDSMt4
- Base de Containers
- LINUXtips Descomplicando o Docker (50 vídeos): https://youtube.com/playlist?list=PLf-O3X2-mxDn1VpyU2q3fuI6YYeIWp5rR
- Técnicas de Segurança ofensiva
- Beco do Exploit - The Art of Bypass: https://www.youtube.com/watch?v=f0ErvZeTFVQ
- Beco do Exploit - Contra-inteligência em redes anônimas: https://www.youtube.com/watch?v=E4SYtCOYzQM
- Base de computação em núvem
- Skills Builder - AWS: https://explore.skillbuilder.aws/learn/course/external/view/elearning/134/aws-cloud-practitioner-essentials
- Coursera Google - GCP: https://www.coursera.org/learn/gcp-fundamentals
- Oracle Academy - OCI: https://mylearn.oracle.com/learning-path/become-an-oci-foundations-associate/98057
- MSLearn - Azure Fundamentals (6 Learning Paths):
- https://docs.microsoft.com/pt-br/learn/paths/az-900-describe-cloud-concepts/
- https://docs.microsoft.com/pt-br/learn/paths/az-900-describe-core-azure-services/
- https://docs.microsoft.com/pt-br/learn/paths/az-900-describe-core-solutions-management-tools-azure/
- https://docs.microsoft.com/pt-br/learn/paths/az-900-describe-general-security-network-security-features/
- https://docs.microsoft.com/pt-br/learn/paths/az-900-describe-identity-governance-privacy-compliance-features/
- https://docs.microsoft.com/pt-br/learn/paths/az-900-describe-azure-cost-management-service-level-agreements/
- Soft Skills
- FM2S - Introdução ao Lean: https://ead.fm2s.com.br/curso/introducao-ao-lean/
- Tecnologias de internet das coisas
- UCI Coursera - Introduction to Programming the Internet of Things (4 Cursos): https://www.coursera.org/specializations/iot
- Sistemas de firewall
- Network Direction - Palo Alto Firewalls (8 Vídeos): https://www.youtube.com/playlist?list=PLDQaRcbiSnqFM4qcMEskn2k48LsUGKFga
- Network Direction - CISCO ASA Firewalls (8 Vídeos): https://www.youtube.com/playlist?list=PLDQaRcbiSnqHXo_r1scHZook0BAED5-YN
- Ferramentas para Pentest
- Ryan Basden - Pentesting Team Tools (Twitter Thread): https://twitter.com/_rybaz/status/1544661984666427394?t=gjK3lCt_siNz8SUO-zNhcg&s=19
- Sistemas de SIEM
- Splunk
- Praveen - Splunk for beginners: https://youtu.be/lIQJMjSlY8U
- Splunk
- Gestão de segurança da informação
- Cert.br - Criando um Grupo de Respostas a Incidentes de Segurança em Computadores: Um Processo para Iniciar a Implantação: https://www.cert.br/certcc/csirts/Creating-A-CSIRT-br.html
- Desenvolvimento de software
- GoHacking - Desenvolvimento seguro e DevSecOps: https://youtu.be/oZc0SNpdOaI
- Miguel Grinberg - Flask Mega Tutorial: https://blog.miguelgrinberg.com/post/the-flask-mega-tutorial-part-i-hello-world
- Oracle Academy - Java Explorer: https://learn.oracle.com/ols/learning-path/java-explorer/40805/79726
- Cybrary - Secure Coding: https://www.cybrary.it/course/secure-coding/
- Segurança Ofensiva
- GoHacking - Atividades de pós exploracao: https://youtu.be/vCk3sAVRJSM
- GoHacking - Configurando Ambiente de Pentest em dispositivos móveis: https://youtu.be/n72AKrFBlj8
- Compartilhamento de informações
- FIRST - MISP General Usage Training - Part 1 of 2: https://www.youtube.com/watch?v=-NuODyh1YJE
- FIRST - MISP General Usage Training - Part 2 of 2: https://www.youtube.com/watch?v=LlKnh5b0bgw
- Tecnologias de rede
- Juniper - CCNA to JNCIA-Junos: https://learningportal.juniper.net/juniper/user_activity_info.aspx?id=EDU-JUN-WBT-JOL-CCNA-JNCIA-JUNOS
- Juniper - Security, Associate (JNCIA-SEC): https://learningportal.juniper.net/juniper/user_activity_info.aspx?id=EDU-JUN-WBT-JOL-JNCIA-SEC
- Network Direction - Voice Networks (VoIP): https://www.youtube.com/playlist?list=PLDQaRcbiSnqG0b2hevMJlEx62o8RnC41l
- Sistemas de SIEM
- ArcSight (2 séries/paylists de vídeos)
- Paul Brettle - What is Series: https://youtube.com/playlist?list=PL_JhopV-r9zLigctFEOzic-af0sEuHZ-x
- Paul Brettle - ArcSight ESM 101: https://youtube.com/playlist?list=PL_JhopV-r9zIXDz0pX2dmSJvBGVkczF5y
- ArcSight (2 séries/paylists de vídeos)
- Threat Hunting
- Active Countermeasures - Cyber Threat Hunting Level 1: https://www.youtube.com/watch?v=UEOqTu8cJt0
- Analise de redes
- CERT NetSA - Network Traffic Analysis with SiLK: https://tools.netsa.cert.org/silk/analysis-handbook.pdf
- Analise de malware
- CERT.pl - Build Your Own Malware Analysis Pipeline Using New Open Source Tools: https://www.youtube.com/watch?v=dPwzF_hsCow
- Tecnologias de plataforma industrial
- CISA VLP - 210W-03 Common ICS Components: https://ics-training.inl.gov/learn/course/internal/view/elearning/60/210w-03-common-ics-components
- CISA VLP - 210W-02 Influence of IT Components on Industrial Control Systems: https://ics-training.inl.gov/learn/course/internal/view/elearning/47/210w-02-influence-of-it-components-on-industrial-control-systems
- CISA VLP - 100W Cybersecurity Practices for Industrial Control Systems: https://ics-training.inl.gov/learn/course/internal/view/elearning/45/100w-cybersecurity-practices-for-industrial-control-systems
- Tecnologias de plataforma alta (Mainframe)
- IBM Z Enterprise Computing Kickstart: https://www.ibm.com/academic/topic/ibm-z
- Introduction to the Mainframe: https://www.ibm.com/academic/topic/ibm-z
- Tecnologias de plataforma industrial
- CISA VLP - 210W-04 Cybersecurity Within IT and ICS Domains (FY21): https://ics-training.inl.gov/learn/course/internal/view/elearning/162/210w-04-cybersecurity-within-it-and-ics-domains-fy21
- CISA VLP - 210W-10 Mapping IT Defense-In-Depth Security Solutions to ICS - Part I: https://ics-training.inl.gov/learn/course/internal/view/elearning/51/210w-10-mapping-it-defense-in-depth-security-solutions-to-ics-part-i
- CISA VLP - 210W-11 Mapping IT Defense-In_Depth Security Solutions to ICS - Part II: https://ics-training.inl.gov/learn/course/internal/view/elearning/52/210w-11-mapping-it-defense-indepth-security-solutions-to-ics-part-ii
- CISA VLP - 210W-09 Attack Methodologies in IT & ICS: https://ics-training.inl.gov/learn/course/internal/view/elearning/58/210w-09-attack-methodologies-in-it-ics
- Tecnologias de plataforma alta (Mainframe)
- z/OS Introduction: https://www.ibm.com/academic/topic/ibm-z
- Introduction to the Cobol Language: https://www.ibm.com/academic/topic/ibm-z
- Linux on IBM Z: https://www.ibm.com/academic/topic/ibm-z