Early 2017, I did a seminar with an old friend on the topic. At that time, I was trying to get students to enroll in my new club on Computer and Network Security. Unfortunately the club was terminated after I graduated in 2018 but it may be resurrected soon (hopefully). I cringe every time I see a snippet of that video. I don't know why I kept smiling the whole time, but that's story for a different day. I never watched the full video so I may have said some b.s but oh well..
In the same year, I was privileged to be teaching assistant for CSCD27H3 - Computer and Network Security under Prof. Thierry Sans. At the end of the course, I made a final post for the students in case any one wanted to continue their studies in the field. The content of the original post will be in the Appendix section.
This post is an updated take on the original, links have been updated and newer or more useful materials have been added. These are marked as [UPDATE] and [NEW] respectively. The marker [NU] means No updates at this time. Most likely reason being I haven't done much in this domain since the original post. Another reason could be the materials from the original post are still authority in the field. Feel free to suggest
DISCLAIMER:
As much as I try to stay in loop with most of the aspects of Computer and Information Security, I have a strong bias from certain sub-domains. You can expect that my knowledge on materials and resources will be skewed in favor of these areas. If you have a resource that you can vouch for, mention in the comments and I'll add it to the list and credit your mention.
Also, I have not visited or used every resource there is, so if something is missing from this list, it does not in any way imply that the material is subpar. I've just not looked into it. Also, I do not rate content. If I have used a resource and it was beneficial to me in any way (or recommended from the comments) it will be on this list.
- Social Engineering and Hacker mentality
- [NEW] Open Source Intelligence (OSINT)
- Cryptography
- [NU]
- Network (In)Security
- [NEW] Conferences and Conference Talks
- [NEW] Penetration Testing and Red Teaming
- [NEW] Books
- OS & Software (In)Security
- [NEW] Windows Exploitation
- [NEW] Linux Exploitation
- [NEW] General Exploitation
- Project Zero Blog
- Phrack Magazines
- Diary of a Reverse Engineer
- TrailOfBits blog
- Sheningans Labs
- FuzzySecurity
- Sensepost blog
- [NEW] Browser Exploitation
- @yeyint_mth's list on Browser Exploitation in Windows
- LiveOverflow on Browser Exploitation
- Samuel Groß - Attacking JavaScript Engines
- Axel Souchet - Introduction to SpiderMonkey Exploitation
- Argp - OR'LYEH? The Shadow over Firefox
- [NEW] Vulnerability Modelling and Fuzzing
- Vulnerability Modelling with Binary Ninja
- Automated Bug Hunting by Modeling Vulnerable Code
- Fuzzilli by Samuel Groß
- Guided Fuzzing for JavaScript Engines
- Ned Williamson - Modern Source Fuzzing
- [NEW] Mitre Att&ck Matrix
- Reverse Engineering
- [NEW] Conferences and Conference Talks
- Web Application Security
- [NEW] Free Labs and Training
- Secure Programming
- [NU]
- Digital Forensics and Incidence Response
- General Resources
- [UPDATE] https://exploit-exercises.com/ ==> https://exploit.education/
- Putting it all together
- Penetration Testing
- HackTheBox
- [NEW] IPPSEC vs HackTheBox
- [NEW] Virtual Hacking Labs
- Malware Design and Analysis
- [NEW] Books and Articles
- [NEW] Platforms
- [NEW] Repository
- Bug Bounty
- [NEW] Exploit Market
- CTFs
- [NU]
- [NEW] Tools
Appendix
Hi Mallories,This post is in response to <redacted>
Hopefully, for most of you, this course has sparked an interest in Computer and Network Security! and now for those of you interested in pursuing this interest, it's never too late to start. Security hasn't been the most publicly available knowledge but that has changed in the recent years given the rise in breaches and the shortage of grey hats.
I'll attempt to provide a list of resources related to the topics covered in this course and more so you can explore your curiosity! You'll learn by doing so I'll provide books and challenge sites. This is a non exhaustive list and the list is unordered.
- Social Engineering and Hacker mentality
- Books by Kevin MitnickOnce upon a time,
greatest hacker of all times, Kevin Mitnick has a lot of books on how
hackers think and act. You can find them here. Personally, these helped
me with having the right mindset:
- https://mitnicksecurity.com/shopping/books-by-kevin-mitnick
- Penetration testing write-upsYou may not understand the concepts yet but reading these writeups can help you see how the attacker thought about the compromise from planning to execution. It's like gaining many years of experience by just reading technical stories. Not everything will make sense but eventually, it will as you learn more. See the section on Penetration testing.
- Books by Kevin MitnickOnce upon a time,
greatest hacker of all times, Kevin Mitnick has a lot of books on how
hackers think and act. You can find them here. Personally, these helped
me with having the right mindset:
- Cryptography
There are many good books and resources out there for this topic but I'm shy of this so I haven't really invested time into this field hence, i have nothing to recommend but the site below. However, I can assure that going through these challenges, will point you in the right direction for help and knowledge.
- Network (In)SecurityResources listed here
are mostly on offense. But even if you plan to defend, you will learn
what to look out for. I don't specialize in defense so I'm short on
resources related to Network Administration etc.
- OS & Program (In)Security
- Reverse Engineering
- Web Application Security
- Secure Programming
- Hopefully, while solving and reading about other topics, you learn what's secure and what's not. There are book on this but they are language specific.
- Secure Code Review by opensecuritytraining
- Forensics
- The art of Memory forensics
- Practical digital forensics
- Android Forensics by opensecurity
- CSC423H5 at UTM
- Network Forensics by opensecuritytraining
- Overthewire Bandit Not really forensics but will teach you your way around *NIX environments
- General resources
- Some of these have already been mentioned before
Videos, courses and challenges:
http://www.opensecuritytraining.info/Training.html
https://www.cybrary.it/
https://liveoverflow.com/
http://overthewire.org/wargames/
https://exploit-exercises.com/
https://ropemporium.com/
https://www.owasp.org/index.php/Main_Page
and lots more..
- Some of these have already been mentioned before
Combining it all together:
- Penetration Testing
- Hack the box:
Site: https://www.hackthebox.eu/
About: You're required to hack the invite process before you can register. The platform has a variety of Windows and Linux servers available for compromise over VPN.
Hackers are ranked by number of system accounts hacked (NT\AUTHORITY and root) and regular user accounts. You start as n00b. This hacker rank also comes with some perks. There are also job postings and you can only apply to jobs whose hacker rank requirement includes your rank.
Access to servers is completely free but while attacking a server you may get kicked out or the server may be reset by another hacker if you don't cancel the reset request in time. I usually have to wait for off hours to work.
There's also an in house community. Allowing you to chat with other hackers in case you're stuck. Your questions have to be smart though, no one would give you the direct answer. If you think Prof. Thierry's answers were usually indirect, you haven't met these folks. This is why people there know everyone has earned their stripes. That being said, in this field, talking to someone is better than Google.
There's also regular challenges on forensics, crypto, exploitation etc. You also cannot find writeups online because that will ruin the fun. My handle on this platform is n33trix. I haven't been active since May but I'll probably spend my holiday on here. If you stop by, hit me up :-) - Pentestit Labs
Site: https://lab.pentestit.ru/
About:Registration is free. The platform simulates a cooporate environment and runs for about six months before a new simulation is up. Hacker progress are also publicly announced on their site and twitter. Since the lab simulates a cooperate environment, there is a sense of accomplishment when you own the Admin servers/boxes.
You start as an external attacker over VPN. Starting from the external gateway (the only box you initially have access to) you are required to make it into the Admin network, owning as many machines as possible. This is a sample network map. Connectivity is more stable. There's community as well and same applies for the community mentioned above. Hacker's aren't ranked. Write-ups are posted about 3 months in.
- Hack the box:
- Malware Design and Analysis
- Malware DesignNot many books or resources on the design of malware (how to make/write). However, there's this (possibly dated book) does a good job. You'll need to brush up on your assembly skills and knowledge of OS to read this book. Good thing is, if you can analyze Malware, then you can find the recipe to how they work :-). I also haven't researched a lot on this so there may be some resources i'm not aware of. Be curios but that land in the wrong place.
- Malware Analysis
Shout out to all the reverse engineers reading binaries on a daily, much respect. Reverse Engineering is not for the faint of heart, so you'll need to be good with that first. After which, you can explore, the following from OpenSecurityTraining. These courses might have pre-reqs, I find it's better to complete the pre-req courses first.
1. Malware Dynamic Analysis
2. Reverse Engineering Malware
3. RPISEC on Malware
Books:
1. Practical Malware Analysis
- Bug bounty
- Introduction to bug bountyThis is a new step to better security. Essentially, companies release their software or service for hacking and the successful hacker gets rewarded. You will need to report the bug to the company and probably work with them to fix it. Hacker's are registered, no fowl play. This book will enlighten you further. HackerOne and BugCrowd are example bounty platform. Companies like Google also have standalone bounty programs.
- CTFs
After you have trained like a pro, go out there and join a team! All of this is to much work for one person, find a niche you love the most, specialize in it and play CTF games for fun and profit. For more about CTFs, read this and check out CTFtime.org to join a team and play
Best of luck!
No comments:
Post a Comment