Wireshark / TShark
Packet analysisBest starting point for protocol troubleshooting, TLS/DNS analysis, and validating what really happened on the wire.
$ wireshark / tshark
analyst@hack3rs:~$ cat index.html
White-hat network security learning resource focused on real-world threats, defensive tooling, and practical response workflows.
analyst@hack3rs:~$ cat scope.txt
White-hat content focused on attack vectors, defenses, tools, and learning paths.
focus
Network defense, visibility, hardening, and incident response education.
audience
Blue team learners, sysadmins, SOC analysts, and security-minded operators.
approach
Threat-informed, framework-aligned, and tool-practical (not hype-driven).
Network Security Threats and Defensive Priorities
evergreenThis homepage is designed as a learning resource, not just a portfolio splash page. It summarizes durable attack vectors, practical defenses, and hands-on tool guidance using a white-hat, operations-first perspective.
learning-navigation.txt
This site keeps learning navigation simple: pick a path, follow the modules, and continue manually where you left off.
recommended-next-links
threat-signals.log
- AV-01 high
Email phishing, credential harvesting, MFA fatigue, and session theft remain common entry paths into networks because they target people and identity workflows, not just software flaws.
$ action: Use MFA, phishing-resistant sign-in where possible, conditional access, and fast account lock / reset playbooks.
- AV-02 critical
Exposed services and remote access weaknesses
VPNs, firewalls, admin panels, RDP, SSH, and internet-facing applications are repeatedly targeted when patching, hardening, or access controls are weak.
$ action: Maintain an inventory of exposed services, patch aggressively, and restrict administrative access paths.
- AV-03 critical
Vulnerability exploitation and misconfiguration abuse
Attackers consistently exploit known weaknesses and insecure defaults, especially on public-facing systems, cloud services, and network appliances.
$ action: Prioritize externally exposed assets, secure defaults, and exploit-informed remediation over severity scores alone.
open /threats/vulnerability-exploitation-and-misconfiguration-abuse
- AV-04 high
Lateral movement after initial access
Once inside, attackers use shared credentials, weak segmentation, and poor monitoring to move across systems and escalate privileges.
$ action: Segment networks, reduce admin sprawl, monitor east-west traffic, and alert on abnormal authentication patterns.
why-this-matters.txt
The highest-value improvement for most teams is not buying more tools first. It is improving prioritization: asset inventory, identity hardening, visibility, KEV-driven patching, and practiced response.
Framework anchor:
NIST CSF (Govern, Identify, Protect, Detect, Respond, Recover)
Threat model anchor:
MITRE ATT&CK for enterprise + network devices + cloud platforms
open /threats Detailed pages for the four main attack vectors listed on the homepage learning-paths.md
If you want a white-hat, practical route into network security, use this sequence. It is designed to build competence in traffic interpretation and defensive operations before jumping to advanced tooling.
Foundations (Weeks 1-2)
Detection & Monitoring (Weeks 3-6)
Vulnerability & Exposure (Weeks 7-8)
defender-toolkit-index.json
These are foundational network security tools and references worth learning well. The goal is to understand what each tool is best at, where it fits in a workflow, and what output it produces.
Nmap
Discovery & auditUse for host discovery, port/service enumeration, version checks, and scripted validation of exposed services.
$ nmap -sV -O
Zeek
Network telemetryProduces rich protocol logs and metadata for threat hunting and retrospective analysis at scale.
$ zeekctl deploy
Suricata
IDS / IPS / detectionSignature and protocol-aware detection engine for network monitoring, IDS/IPS, and traffic inspection.
$ suricata -c suricata.yaml
Security Onion
Blue team platformIntegrated platform for network visibility, host visibility, log management, and case management.
$ so-setup
OpenVAS / Greenbone CE
Vulnerability managementCommunity vulnerability management stack for recurring scans and remediation workflows.
$ greenbone / openvas
defender-starter-checklist.sh
# Inventory internet-facing assets, remote access systems, and network devices.
# Turn on MFA for remote/admin access and review inactive accounts.
# Centralize firewall, VPN, IDS/IPS, DNS, and auth logs.
# Patch internet-facing KEV-listed vulnerabilities first, then high-risk exposures.
# Baseline alerting for auth anomalies, DNS spikes, scanning, and exfil patterns.
# Drill one ransomware and one DDoS response scenario each quarter.frameworks-and-feeds
- $ Use KEV-style exploited-vulnerability tracking for patch prioritization.
- $ Use practical baseline controls for small/medium teams.
- $ Use NIST CSF to structure governance and operations.
- $ Use MITRE ATT&CK to map detections and gaps.
- $ Use vendor/community tool docs to learn workflows deeply.
Status: learning hub index online
Content mode: white-hat / educational
Content mode: white-hat / educational
global-security-conferences-calendar.md
Widely recognized cybersecurity conferences and hacker gatherings by the month they are normally held. Exact dates change year-to-year, so use the linked official sites before booking travel.
Month labels reflect recurring conference timing patterns. Always confirm exact dates on the official site before travel.
open /security-conferences Browse the full conference calendar by recurring month and regionnetwork-security-faq.schema
FAQs below are also published as structured data (`FAQPage`) to improve search visibility and make the homepage more useful as a learning entry point.
open /network-security-faq Detailed beginner FAQ on careers, schools, skills, labs, ethics, and getting started in network securityWhat should I learn first in network security?
Start with networking fundamentals, then packet analysis (Wireshark), discovery and validation (Nmap), and network telemetry/detection (Zeek + Suricata). Add vulnerability management and incident response after you can explain what logs and packets actually mean.
How do I prioritize vulnerabilities?
Prioritize exploited vulnerabilities first (especially internet-facing systems) using CISA KEV as an input, then rank the rest by asset criticality, exploitability, and business impact. Severity score alone is not enough.
Do I need both Zeek and Suricata?
Often yes. Zeek gives rich network telemetry and protocol logs for investigations; Suricata provides IDS/IPS-style detections and packet inspection. They complement each other in a mature monitoring stack.
Which framework should guide a small team?
Start operationally with CISA CPGs, structure your program with NIST CSF 2.0, and improve detections with MITRE ATT&CK mappings. That combination is practical and scalable.
learning-resources.lst
Evergreen references for frameworks, tooling, and conference calendars. This section avoids time-bound report summaries so the homepage stays useful even when content updates are less frequent.
- $ CISA Known Exploited Vulnerabilities (KEV) Catalog
- $ CISA Cross-Sector Cybersecurity Performance Goals
- $ CISA Secure by Design
- $ NIST Cybersecurity Framework (CSF)
- $ MITRE ATT&CK Enterprise Matrix
- $ Suricata Documentation
- $ Zeek Documentation
- $ Wireshark Documentation
- $ Nmap Documentation
- $ Security Onion Docs (About)
- $ Greenbone Community Edition Docs
- $ Black Hat Upcoming Events
- $ Black Hat MEA
- $ DEF CON Forums Calendar (official)
- $ RSAC Conference (official)
- $ Infosecurity Europe (official)
- $ FIRST Annual Conference (official)
- $ GISEC Global (official)
- $ GovWare (official)
- $ it-sa Expo&Congress visitor information
- $ Nullcon (official)
- $ CanSecWest / secwest.net
- $ Chaos Communication Congress (official)
canada-government-cyber-careers.lst
Canadian government cyber and network-security career starting points, with official links. This is a practical learner-facing guide focused on organizations with named cyber pathways and core federal cyber missions.
Note: Public Safety Canada notes that nearly all federal departments have a need for cyber security professionals. Teams, mandates, and hiring pages can change, so always verify on the official site and GC Jobs.
open /cyber-careers Browse Canadian federal agencies, cyber mission areas, and official careers linksnetwork-security-certifications.lst
Network security certifications can help structure your learning and communicate baseline knowledge to employers, but they work best when paired with hands-on labs, packet analysis, logging practice, and documented troubleshooting.
Use certifications as a training roadmap, not a substitute for skill. Focus on fundamentals first, then defensive operations, and choose certs that match the role you want (network ops, SOC, IR, cloud, or governance).
open /netsec-certifications See recommended cert order, timelines, and detailed learning guidance for each certification