Curated list of content to learn and practice some of the skills and knowledge required for Information Security
- InfoSec News, Blogs, etc
- Recommended Twitter Accounts to Follow
- Recommended Podcasts
- Recommended Books
- Recommended Certifications
- Basic Networking
- Cryptography
- Web and Network Attacks
- Vulnerabilities
- Network Traffic Analysis
- Linux
- Mac
- Windows
- Active Directory
- Security Infrastructure
- Regex and Programming
- Malware
- Set Up your Home Lab
- Hands on
- Additional Resources
- Krebs on Security
- Internet Storm Center Diary
- Dark Reading
- NetSec Subreddit
- Pwned Subreddit
- Ask NetSec Subreddit
- Google Project Zero
- SANS Reading Room
- Schneier on Security
- ThreatPost
- Ars Technica Security
- @briankrebs
- @troyhunt
- @taviso
- @jepayneMSFT
- @matthewdunwoody
- @danielhbohannon
- @HackingDave
- @subTee
- @gentilkiwi
- Internet Storm Center Daily Information Security Podcast
- The CyberWire Daily Podcast
- Enterprise Security Weekly
- Hack Naked News
- Steve Gibson's Security Now
- Defensive Security
- Recorded Future Inside Threat Intelligence
- Tradecraft Security Weekly
- 7 Minute Security
- Practical Packet Analysis : Using Wireshark to Solve Real-World Network Problems
- The Practice of Network Security Monitoring : Understanding Incident Detection and Response
- The Tao of Network Security Monitoring
- Blue Team Field Manual
- Blue Team Handbook: Incident Response Edition
- Blue Team Handbook: SOC, SIEM, and Threat Hunting Use Cases
- Red Team Field Manual
- The Web Application Hacker's Handbook 2nd edition: Finding and Exploiting Security Flaws
- Malware Analyst’s Cookbook
- The Art of Memory Forensics
- Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software
- Incident Response & Computer Forensics, Third Edition
- CompTIA Security+
- CompTIA CyberSecurity Analyst +
- Certified Ethical Hacker
- GIAC Continuous Monitoring Certification (GMON)
- GIAC Certified Incident Handler (GCIH)
- GIAC Certified Intrusion Analyst (GCIA)
- ISACA CSX
Knowledge of networking is a critical foundation for all InfoSec analysts and is used in several follow-on disciplines.
- The OSI Model Demystified
- Internetworking Basics
- Introduction to LAN Protocols
- Introduction to WAN Technologies
- Bridging and Switching Basics
- Routing Basics
- OSI Protocols
- Address Resolution Protocol (ARP) Explained
- How a DNS Server (Domain Name System) works
- TCP vs UDP Comparison
- IPv4 vs IPv6 Tutorial
- DHCP Explained - Dynamic Host Configuration Protocol
- Subnetting
- Virtual Private Networks
- Cisco eLearning Network-CCENT up to CCIE
Knowledge of algorithms, ciphers, and security systems is useful to understand how it may be used to protect sensitive data or to conceal malicious activities.
- SSL/TLS part 1 - Ciphersuite, Hashing,Encryption
- SSL/TLS part 2 – Understanding key exchange algorithm
- SSL/TLS part 3 – Understanding Certificate Authority
- SSL/TLS part 4 – Understanding the TLS Handshake Protocol
- You Wouldn't Base64 a Password - Cryptography Decoded (Paragon Initiative)
Knowing the tactics, techniques, and procedures used by malicious actors to probe and exploit security holes, or vulnerabilities is essential for an analyst.
- Mitre Adversarial Tactics, Techniques & Common Knowledge (ATT&CK)
- Common Attack Pattern Enumeration and Classification (CAPEC): A comprehensive dictionary and classification taxonomy of known attacks
- OWASP Top 10: Represent the most critical security risks to web applications
- Hacksplaining: Toturial on common web application attacks
- ARP Spoofing
- Deep Inside a DNS DDoS Amplification Attack
- List of Adversary Emulation Tools
- Verizon 2018 Data Breach Investigations Report (DBIR)
Understanding security vulnerabilities and where to get more information on them is a necessary skill. Many well known breaches were due to exploitation of an unpatched vulnerability.
Network traffic analysis is the process of recording, reviewing, and analyzing network traffic for the purpose of performance, security and/or general network operations and management. This is a primary skill for intrusion analysis and incident response.
- Basic Wireshark overview
- Sample Captures of various protocols and devices
- Wireshark and Wireshark Security Videos
Understanding the operating systems and internal tools better helps an analyst more effectively protect, diagnose, and triage systems.
- Linux Command Line Basics
- Linux Foundation - audit for free
- Introduction to Red Hat Linux - audit for free
- Linux Essentials
- Linux Hardening Guide part 1
- Introduction to OpenStack - audit for free
- MacAdmins Slack
- MacAdmins Registration
- Channels to watch: #security, #microsoft-office, #jamfnation
An understanding of how to leverage the Windows OS's internal tools helps an analyst more effectively protect, diagnose, and triage systems.
- Windows Command Line Basics
- Windows Command Line Cheat Sheet
- Windows Server 2016 Fundamentals - 5 courses (audit for free)
- The Sysinternals tools make you better at your job
- PowerShell for the Blue team
For Windows systems, knowing how active directory works is necessary for effective analysis and response.
- Understanding Active Directory: 01 Introduction to Active Directory
- Understanding Active Directory: 02 Active Directory Certificate Services (CS)
- Understanding Active Directory: 03 Active Directory Federation Services (FS)
- Understanding Active Directory: 04 Active Directory Rights Management Services (RMS)
- Understanding Active Directory: 05 Active Directory Lightweight Directory Services (LDS)
Defense in depth is the implementation of layered devices (IDS, firewalls, AV, policy, DRP) and procedures working in unison to mitigate risk of malicious activity from both external and internal sources. Knowledge of the strengths and weaknesses of devices at each layer is key for understanding the overall security posture.
- Security Defense in Depth
- IDS/IPS - Defense in Depth
- Firewalls
- Next Gen and Traditional AV Comparison
Many security and IT tools do not fully cover our needs as analysts and responders. Some of the key skills are being able to match, locate, and manage text through large amounts of data with REGEX or creating scripts/automations.
- REGEX tutorial: Create patterns that help
- Automate the boring stuff with Python
- Mozilla Developer Network - Learn how to do web programming
- Python Tutorial
- PowerShell Beginner - Audit for free
- PowerShell Security Best Practices - Audit for free
- Bash Scripting Tutorial
- Python for Security Professionals
- W3 Schools - Learn HTML up to PHP and Perl
Malware analysis is the study or process of determining the functionality, origin and potential impact of a given malware sample such as a virus, worm, trojan horse, rootkit, or backdoor. Understanding how malware works is a key analytical skill.
- List of Types of Malware
- Malware Hunting with the Sysinternals Tools
- Reverse Engineering Malware 101
Setting up and utilizing a home lab allows a learner to put into practice the lessons learned. Do not be afraid to setup, break, and teardown home labs. These experiences, both good and bad, are essential to the development of a well-rounded security professional.
Virtualization software allows you to run operating system images of your choice and to experiment without affecting your host operating system.
- IDS/IPS - Snort
- Microsoft Developer Network Library
- Microsoft Developer Network Emulators
- Microsoft Windows Base Virtual Machines
- Kali: Linux distribution aimed at advanced Penetration Testing and Security Auditing
- SIFT Workstation: Open-source incident response and forensic tools designed for detailed digital forensic examinations
- REMnux: Linux Toolkit for Reverse-Engineering and Analyzing Malware
- Security Operations and Forensics - Elasticsearch, Logstash, Kibana (SOF-ELK):
- Metasploitable 3: Intentionally vulnerable linux image
- OWASP Mutillidae 2: Vulnerable Web Aplication
- Windows 7-10 VMs: Build your own vulnerable Windows VMs
- Sectools.org: List of the top 125 network security tools
- Security Onion: Intrusion detection, enterprise security monitoring, and log management distro.
- Snort: Network intrusion prevention system
- Splunk: Platform to search, analyze and visualize machine-generated data
- Sophos UTM Home Use Firewall
- pfsense Firewall
Use the following scenarios and challenges to apply your knowledge. Some content will require analysis in a controlled environment.
- Malware Traffic Analysis Exercises
- Metasploit Unleashed Course
- Exploit and CTF Challenges
- VMs for hands-on security experience
- Vulnerable web application code VMs
List of free and paid resource ideas to continue learning.
Expand
- Command Line Crash Course - Linux and Windows
- Linux Academy
- Linux Hardening Guide part 2
- Windows 10 Hardening Guide
- Pentester Lab
- Tufts Introduction to Computer Security
- List of InfoSec learning resources
- List of Hacking Resources
- List of Hacking Environments
- Learn Python the Hard Way 3
- Learn REGEX in 55 minutes
- Professor Messer CompTIA Network+ free training
- Professor Messer CompTIA Security+ free training
- What happens when you type google.com into your browser's address box and press enter?
- VIM Tutorial
- TCPDump Tutorial
- Selection of varied InfoSec and IT Tutorials
- Open Source Intelligence Resources
- VMWare Introduction - VMWare Certified Associate
- Open Courseware - Coursera
- Open Courseware - CCCOER
- Open Textbook - M.I.T.
- US CyberPatriot - Resources