Here is some training information for the cyber security analyst may need to know to be effective at monitoring the network of an organization. This is just a stripped down and formatted a little different than some of the other articles that I have written before. Lot of the resources will be the same.

Direct link:https://embed.coggle.it/diagram/WUfi54WDXgAB6iGY/71cb408b42237284e247877557b9e4a4835f81ad556bed46d8e9e2840a8e8230

Table of Content

Education Resources (general)

Look at the subpages for a topic and resources for learning it.

News

· https://www.reddit.com/r/netsec/

· https://isc.sans.edu/

· http://www.tripwire.com/state-of-security/latest-security-news/

· https://securelist.com/

· http://www.securityweek.com/

· http://blog.onapsis.com/

· http://www.darkreading.com/rss_simple.asp

· http://blog.didierstevens.com/

· http://firmwaresecurity.com/

· http://feeds.feedburner.com/GrahamCluleysBlog

· http://feeds2.feedburner.com/HelpNetSecurity

· http://feeds.feedburner.com/infosecResources

· http://krebsonsecurity.com/

· http://blog.malwarebytes.org/

· http://www.malwaretech.com/feeds/posts/default

· http://blogs.technet.com/b/msrc/rss.aspx

· http://feeds.feedburner.com/NakedSecurity

· http://feeds.feedburner.com/PCSympathy?format=xml

· http://seclists.org/rss/pen-test.rss

· http://googleprojectzero.blogspot.com/feeds/posts/default

· http://securityblog.redhat.com/

· http://research.zscaler.com/feeds/posts/default

· https://www.schneier.com/blog/atom.xml

· http://securityaffairs.co/wordpress/feed

· https://www.pentestpartners.com/blog/

· https://www.trustwave.com/rss/SpiderLabs-Blog

· http://thehackernews.com/feeds/posts/default

· http://feeds.feedburner.com/tripwire-state-of-security

· http://threatpost.com/en_us/rss.xml

· http://feeds.feedburner.com/TroyHunt

· http://feeds.feedblitz.com/alienvaultotx

· http://blog.gentilkiwi.com/feed

· http://www.bulbsecurity.com/

· http://cybersecology.com/atom/

· http://davidjorm.blogspot.com/feeds/posts/default?alt=rss

· http://labs.detectify.com/rss

· http://www.hotforsecurity.com/blog/category/e-threats-2/feed

· http://kalypto.org/

· https://technet.microsoft.com/en-us/security/rss/advisory

· https://community.rapid7.com/community/metasploit/blog/feeds/posts

· https://www.blogger.com/feeds/2059619926966266961/posts/default

· http://blog.silentsignal.eu/

· http://blog.strategiccyber.com/

· http://opensecuritytraining.info/ChangeBlog/rss.xml

Casual Reading

· http://arstechnica.com/

Research

· http://www.cl.cam.ac.uk/research/security/

Tools

· https://www.alienvault.com

· https://regex101.com/

· https://malwr.com/

Education

· https://fedvte.usalearning.gov/
only available to USA Federal Employees but has free resources for them

Threat Maps (pew pew pew)

· https://www.stateoftheinternet.com/trends-visualizations-ip-reputation-client-reputation-for-website-security-global-map-of-attacking-ip-addresses.html

· https://www.fireeye.com/cyber-map/threat-map.html

Network Overview

Pcap Analysis & Network Hunting

Flow Analysis & Network Hunting

Introduction to Network Forensics

From USAlearning.gov

Cisco CCNA

Cisco CCENT

LAN Security Using Switch Features

Network Layer 1 & 2 Troubleshooting

Network Monitoring with Open Source Tools

SiLK Traffic Analysis

Wireless Network Security

Security and DNS

Securing the Network Perimeter

Advanced PCAP Analysis and Signature Development (APA)

Introduction and Layer 1

Layer 2 - Data Link

Layer 3 - Network, Part 1: Addressing & Masking

Layer 3 - Network, Part 2: Routing

Layer 3 - Network, Part 3: Communication

Layer 4 - Transport

Layers 5 & 6 - Session and Presentation

Layer 7 - Application

Inter-Layer Communication & Conclusions

Router Hacking Series

Wireless LAN Security and Penetration Testing Megaprimer

Scripting & Programming

Security Specific

Intro to Secure Coding	A short, focused primer related to secure coding.
Secure Coding

Python

Python Training	Codecademy's browser-based, interactive Python training.
Python Training	LearnPython.org's browser-based, interactive Python training.
Python Tutorials	Primal Security's InfoSec focused Python tutorials.
Offensive Python for Web Hackers	Create your own clients, tools, and test cases using Python.
Learn Python The Hard Way	Free digital copy of the third edition of Zed Shaw's Python book.
Python for Security Professionals

Regular Expressions

regex101.com helps explain what your regex does

regexone.com well walk you through tutorials to learn it.

Ruby

Ruby Training

Assembly

Introductory Intel x86: Architecture, Assembly, Applications, & Alliteration

Introductory Intel x86-64: Architecture, Assembly, Applications, & Alliteration

Introduction to ARM

Intermediate Intel x86: Architecture, Assembly, Applications, & Alliteration

Advanced x86: Virtualization with Intel VT-x

Advanced x86: Introduction to BIOS & SMM

Assembly Language Megaprimer for Linux

Windows Assembly Language Megaprimer

Web

PHP - Introduction

PHP - Syntax & Variables

PHP - Operators

PHP - Flow Control

Basic Web Security

Installing Apache & PHP

Bash

Scripting Introduction & Linux Review

Variables & Parameters

Flow Control

Parsing & Scripting

Practical Uses & Conclusion

Powershell

Introduction to PowerShell

Cmdlets

Scripting, Variables and Syntax

Flow Control

Practical Uses & Conclusion

No Tools No Problem Building a PowerShell Botnet – Christopher Cambell

Grey Hat Powershell – Ben0xA

Practical PowerShell Programming for Professional People – Ben0xA

Powershell Fu with Metasploit – Ben Turner & Dave Hardy

Building an empire with Powershell -Will Schroeder & Justin Warner

From USAlearning.gov

Introduction to Windows Scripting

Advanced Windows Scripting

Offensive Security/Red Team

Setting up Lab:

Learning Exploit process and testing:

Vulnerable web Service

Broken Web Application

Setting up a Penetration Testing Labs

https://www.owasp.org/index.php/OWASP_Web_Testing_Environment_Project

https://code.google.com/p/owaspbwa/

https://www.mavensecurity.com/web_security_dojo/

http://hackingdojo.com/dojo-media/

http://informatica.uv.es/~carlos/docencia/netinvm/

http://www.bonsai-sec.com/en/research/moth.php

http://sourceforge.net/projects/metasploitable/files/Metasploitable2/

http://sourceforge.net/projects/lampsecurity/?source=navbar

https://www.hacking-lab.com/index.html

http://sourceforge.net/projects/virtualhacking/files/

http://www.irongeek.com/i.php?page=mutillidae/mutillidae-deliberately-vulnerable-php-owasp-top-10

http://www.dvwa.co.uk/

http://sourceforge.net/projects/thebutterflytmp/

http://magikh0e.ihtb.org/pubPapers/

For more additional resources for labs check out

http://www.amanhardikar.com/mindmaps/Practice.html

Information Gathering:

Penetration Testing Information Gathering

https://en.wikipedia.org/wiki/Open-sourceintelligence

http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-part-1-social-networks/

http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-%E2%80%93-part-2-blogs-message-boards-and-metadata/

http://www.spylogic.net/2009/10/enterprise-open-source-intelligence-gathering-part-3-monitoring/

http://www.slideshare.net/Laramies/tactical-information-gathering

http://www.infond.fr/2010/05/toturial-footprinting.html

Phase 1.1 - People and Organizational

http://www.spokeo.com/

http://www.spoke.com/

https://www.xing.com/

http://www.zoominfo.com/

https://pipl.com/

http://www.zabasearch.com/

http://www.searchbug.com/

http://skipease.com/

http://addictomatic.com/

http://socialmention.com/

http://entitycube.research.microsoft.com/

http://www.yasni.com/

http://www.glassdoor.com/index.htm

https://connect.data.com/

https://searchwww.sec.gov/EDGARFSClient/jsp/EDGAR_MainAccess.jsp

https://www.tineye.com/

http://www.peekyou.com/_

EDGAR

Phase 1.2 - Infrastructure

http://uptime.netcraft.com/

http://www.shodanhq.com/

http://www.domaintools.com/

http://centralops.net/co/

http://whois.webhosting.info/

https://www.ssllabs.com/ssltest/analyze.html

https://www.exploit-db.com/google-hacking-database/

http://www.my-ip-neighbors.com/

https://tools.digitalpoint.com/

Analysis and Planning:

Vulnerability Identification:

Introduction to Vulnerability Assessment

Introduction To Using The Nessus Vulnerability Scanner

OpenVas Tutorial

https://www.cybrary.it/course/advanced-penetration-testing/ select module 5

Nessus

Nmap scripting engine

Metasploit

Webapp, xampp, webdav, nikto

Directory transversals

Corelan Exploits – Corelan Team

Opensecurity Training Playlist – Opensecurity training

Primal Security Exploit Tutorials – Primal Security

FuzzySecurity Tutorials – FuzzySecurity

Metasploit exploit development – Rapid7

Jumping into exploit development – Sneakerhax

Moving past Metasploit writing your first exploit – Calvin Hedler

Post Exploitation:

Post Exploitation Hacking

Powerup: A usage guide – harmj0y

Metasploit Local Exploit Suggester: Do Less, Get More! – Rapid7

My 5 Top Ways to Escalate Privileges – SpiderLabs

Basic Linux Privilege Escalation – g0tmi1k

Encyclopedia Of Windows Privilege Escalation – Brett Moore

Windows Attacks AT is the new black – Mubix (Rob Fuller) & Carnalownage (Chris Gates)

Windows Privilege Escalation Fundamentals – Fuzzysecurity

Post Exploitation Wiki – Mubix

Post Exploitation 2.0 Veil-Pillage Defcon 22 – Harmj0y

I Hunt Sys Admins – Harmj0y

Tactical Post Exploitation – Carlos Perez

Abusing Active Directory in Post Exploitation – Carlos Perez

Pillage the Village Redux – John Strand and Ed Skoudis

Operating in the Shadows – Carlos Perez

Linux Privilege Escalation

http://incolumitas.com/wp-content/uploads/2012/12/blackhats_view.pdf

http://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation.html

http://pentestmonkey.net/tools/audit/unix-privesc-check

http://www.rebootuser.com/?page_id=1721

http://www.rebootuser.com/?p=1758

http://www.rebootuser.com/?p=1623

http://insidetrust.blogspot.nl/2011/04/quick-guide-to-linux-privilege.html

Tunneling & Port Forwarding

https://www.sans.org/reading-room/whitepapers/testing/tunneling-pivoting-web-application-penetration-testing-36117

https://highon.coffee/blog/reverse-shell-cheat-sheet/

https://highon.coffee/blog/ssh-meterpreter-pivoting-techniques/

http://staff.washington.edu/corey/fw/ssh-port-forwarding.html

http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet

http://magikh0e.ihtb.org/pubPapers/ssh_gymnastics_tunneling.html

http://www.debianadmin.com/howto-use-ssh-local-and-remote-port-forwarding.html

http://www.danscourses.com/Network-Penetration-Testing/metasploit-pivoting.html

http://carnal0wnage.attackresearch.com/2007/09/using-metasploit-to-pivot-through_06.html

http://www.offensive-security.com/metasploit-unleashed/Portfwd

http://www.offensive-security.com/metasploit-unleashed/Pivoting

http://www.howtoforge.com/reverse-ssh-tunneling

http://ftp.acc.umu.se/pub/putty/putty-0.57/htmldoc/Chapter7.htmla_

Reporting:

Reporting Standards

Dradis

https://www.youtube.com/watch?v=tH01_5-Tkg0

magictree

Metasploit report generation

CobaltStrike Reports

Standards:

Pentest Standards

Offensive Security Classes that aren't dedicated resources:

Penetration Testing and Ethical Hacking

Security+

Red Teaming Basics - older

Advanced Threat Tactics -newer

Cryptography

Understanding Cryptology: Core Concepts

Understanding Cryptology: Cryptanalysis

Advanced Penetration Testing

CASP

CISSP

Intro to Malware Analysis and Reverse Engineering

Metasploit

Social Engineering and Manipulation

Android Forensics & Security Testing

Introduction to Vulnerability Assessment

Certified Information Systems Security Professional (CISSP)® Common Body of Knowledge (CBK)® Review

Metasploit Unleashed

General Security sites:

SecurityTube.net

Exploit Database

Hacking Tutorials

Information Security tools and resources

Malware Analysis/Reverse Engineering

Analysis:

Intro to malware analysis and reverse engineering

Dynamic Analysis

Dynamic Malware Analysis

Static analysis

Reverse Engineering Malware

Network Analysis

Intro to Network Forensics

Flow analysis and Network Hunting and videos can be found here

PE and Elf file Structure

Malware Researchers Handbook

Automated malware analysis:

https://www.cuckoosandbox.org/

online

https://www.payload-security.com/

https://www.virustotal.com/

https://malwr.com/

Distros

SIFT

Remnux

Tools:

RegShot is for comparing differences in registry and filesystem from clean state to after malware was installed to see what happened.

WinAPIOverride helps you follow the injection process of dlls and api calls for a running process to see what it did and where it went.

wireshark to identify network traffic and if it is calling out.

netstat is a built in tool in windows to tell what connections and ports are open on the computer. common command is netstat -anob

sysinternals suite has lots of tools like process monitors and what not to help identify what is going on on the computer.

Gmer can help detect hidden files and rootkits that may be hiding.

virtual box is important for keeping malware isolated. granted other VMs could work to as long as you can limit them to the host network and can't get out to compromise other machines.

CFF Explorer Suite is a tool to explore the PE file and DLLs. this will help you explore a exe file and what dlls that it is loading or has packaged with it.

Sigcheck helps you check and verify the signatures on files to see if a dll is signed by microsoft or vendor or if its unsigned and not legitimate file.

attrib command is very useful for changing attributes via command line.

API Monitor is a way to track and monitor applications that track api calls.

Book Recommendations

Splunk

Splunk Developers Guide (Released 5/2015 - ISBN 1785285297)

Splunk Essentials (Released 2/2015 - ISBN 1784398381)

Building Splunk Solutions, 2nd Edition (Released 10/2015 - ISBN 1514615746)

Splunk Operational Intelligence Cookbook (Released 10/2014 - ISBN 1849697841)

Implementing Splunk, 2nd Edition - (Released 7/2015 - ISBN 1784391603)

Monitoring/IR/Network Forensics

Data-Driven Security: Analysis, Visualization and Dashboards (Released 3/2014 - ASIN B00MXHAU8A)

Network Security Through Data Analysis: Building Situational Awareness (Released 2/2014 - ISBN 1449357903)

The Practice of Network Security Monitoring (Released 8/2013 - ISBN 1593275099)

Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems (Released 7/2011 - ISBN 1593272669)

Applied Network Security Monitoring: Collection, Detection, and Analysis (Released 12/2013 - ISBN 0124172083)

Crafting the InfoSec Playbook: Security Monitoring and Incident Response Master Plan (Released 5/2015 - ISBN 1491949406)

Silence on the Wire: A Field Guide to Passive Reconnaissance and Indirect Attacks (Released 4/2005 - ISBN 1593270461)

The Computer Incident Response Planning Handbook: Executable Plans for Protecting Information at Risk (Released 8/2012 - ISBN 007179039X)

Security Operations Center: Building, Operating, and Maintaining your SOC (Released 11/2015 - ISBN 0134052013)

Network Forensics: Tracking Hackers through Cyberspace (Released 6/2012 - ISBN B008CG8CYU)

Wireshark 101: Essential Skills for Network Analysis (Released 2/2013 - ISBN 1893939723)

Pentesting

Nmap Network Scanning: The Official Project Guide to Network Discovery and Security Scanning (Released 1/2009 - ISBN 0979958717)

Hacking Exposed 7: Network Security Secrets and Solutions (Released 8/2012 - ISBN 0071780289)

Gray Hat Hacking The Ethical Hacker's Handbook, Fourth Edition (Released 1/2015 - ISBN 0071832386)

The Browser Hacker's Handbook (Released 3/2014 - ISBN 1118662091)

Metasploit: The Penetration Tester's Guide (Released 7/2011 - ISBN 159327288X)

Traditional Forensics

Real Digital Forensics: Computer Security and Incident Response (Released 10/2005 - ISBN 0321240693)

Forensic Discovery (Released 1/2005 - ISBN 0321703251)

Windows Forensic Analysis Toolkit, 4th Edition (Released 4/2014 - ISBN 0124171575)

The Art of Memory Forensics (Released 7/2014 - ISBN 1118825098)

File System Forensic Analysis (Released 3/2005 - ISBN 0321268172)

Application Security

The Art of Software Security Assessment (Released 11/2006 - ISBN 0321444426)

A Bug Hunter's Diary (Released 11/2011 - ISBN 1593273851)

Fuzzing: Brute Force Vulnerability Discovery (Released 7/2007 - ISBN 0321446119)

Exploit Creation

Hacking: The Art of Exploitation, 2nd Edition (Released 2/2008 - ISBN 1593271441)

The Shellcoder's Handbook: Discovering and Exploiting Security Holes, 2nd Edition (Released 8/2007 - ISBN 047008023X)

Web Security

The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws, 2nd Edition (Released 9/2011 - ISBN 1118026470)

The Tangled Web: A Guide to Securing Modern Web Applications (Released 11/2011 - ISBN 1593273886)

Mobile Security

Android Hacker's Handbook (Released 3/2014 - ISBN 111860864X)

Android Security Internals: An In-Depth Guide to Android's Security Architecture (Released 11/2014 - ISBN 1593275811)

iOS Hacker's Handbook (Released 5/2012 - ISBN 1118204123)

Hacking and Securing iOS Applications: Stealing Data, Hijacking Software, and How to Prevent It (Released 1/2012 - ISBN 1449318746)

Reverse Engineering/Malware Analysis

The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler (Released 7/2014 - ISBN 1593272898)

Reversing: Secrets of Reverse Engineering (Released 4/2005 - ISBN 0764574817)

Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation (Released 2/2014 - ISBN 1118787315)

Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software (Released 3/2012 - ISBN 1593272901)

Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code (Released 11/2010 - ISBN 0470613033)


Cyber Security Analyst Mind Map

Pages

Tuesday, July 18, 2017

Information Security Training

Education Resources (general)

No comments:

Post a Comment