Local Tech Repair: Information Security Training

Tuesday, July 18, 2017

Information Security Training

Here is some training information for the cyber security analyst may need to know to be effective at monitoring the network of an organization. This is just a stripped down and formatted a little different than some of the other articles that I have written before. Lot of the resources will be the same.







Table of Content

 


Education Resources (general)

Look at the subpages for a topic and resources for learning it.

News

·        https://isc.sans.edu/
·        https://securelist.com/
·       http://kalypto.org/



Casual Reading

·        http://arstechnica.com/

Research


Tools

·        https://regex101.com/
·        https://malwr.com/

Education

Threat Maps (pew pew pew)


Network Overview

Cisco CCNA
Cisco CCENT
LAN Security Using Switch Features
Network Layer 1 & 2 Troubleshooting
Network Monitoring with Open Source Tools
SiLK Traffic Analysis
Wireless Network Security
Security and DNS
Securing the Network Perimeter
Advanced PCAP Analysis and Signature Development (APA)


Scripting & Programming


Security Specific


A short, focused primer related to secure coding.


Python


Codecademy's browser-based, interactive Python training.
LearnPython.org's browser-based, interactive Python training.
Primal Security's InfoSec focused Python tutorials.
Create your own clients, tools, and test cases using Python.
Free digital copy of the third edition of Zed Shaw's Python book.


Regular Expressions


regex101.com helps explain what your regex does
regexone.com well walk you through tutorials to learn it.

Ruby



Assembly



Web



Bash



Powershell


Powershell Fu with Metasploit – Ben Turner & Dave Hardy
Building an empire with Powershell -Will Schroeder & Justin Warner


Introduction to Windows Scripting
Advanced Windows Scripting

Offensive Security/Red Team


Setting up Lab:

Learning Exploit process and testing:


For more additional resources for labs check out


Information Gathering:


Phase 1.1 - People and Organizational


Phase 1.2 - Infrastructure


Analysis and Planning:



Vulnerability Identification:

Nessus
Nmap scripting engine
Metasploit
Webapp, xampp, webdav, nikto
Directory transversals


Exploitation:


Dump Windows Password Hashes


Windows Passing The Hash


Windows Privilege Escalation


Exploit Development:

Corelan Exploits – Corelan Team
Opensecurity Training Playlist – Opensecurity training
FuzzySecurity Tutorials – FuzzySecurity

Post Exploitation:

Windows Attacks AT is the new black – Mubix (Rob Fuller) & Carnalownage (Chris Gates)
I Hunt Sys Admins – Harmj0y
Pillage the Village Redux – John Strand and Ed Skoudis
Operating in the Shadows – Carlos Perez

Linux Privilege Escalation


Tunneling & Port Forwarding


Reporting:



Standards:


Offensive Security Classes that aren't dedicated resources:


General Security sites:


Malware Analysis/Reverse Engineering


Analysis:


Dynamic Analysis


Static analysis


Network Analysis

Flow analysis and Network Hunting and videos can be found here 




Automated malware analysis:


online


Distros



Tools:

 RegShot is for comparing differences in registry and filesystem from clean state to after malware was installed to see what happened. 
WinAPIOverride helps you follow the injection process of dlls and api calls for a running process to see what it did and where it went. 
wireshark to identify network traffic and if it is calling out. 
netstat is a built in tool in windows to tell what connections and ports are open on the computer. common command is netstat -anob
sysinternals suite has lots of tools like process monitors and what not to help identify what is going on on the computer. 
Gmer can help detect hidden files and rootkits that may be hiding. 
virtual box is important for keeping malware isolated.  granted other VMs could work to as long as you can limit them to the host network and can't get out to compromise other machines. 
CFF Explorer Suite is a tool to explore the PE file and DLLs. this will help you explore a exe file and what dlls that it is loading or has packaged with it. 
Sigcheck helps you check and verify the signatures on files to see if a dll is signed by microsoft or vendor or if its unsigned and not legitimate file. 
attrib command is very useful for changing attributes via command line. 
API Monitor is a way to track and monitor applications that track api calls. 

Book Recommendations

Splunk


Splunk Developers Guide (Released 5/2015 - ISBN 1785285297)

Splunk Essentials (Released 2/2015 - ISBN 1784398381)

Building Splunk Solutions, 2nd Edition (Released 10/2015 -  ISBN 1514615746)

Splunk Operational Intelligence Cookbook (Released 10/2014 - ISBN 1849697841)

Implementing Splunk, 2nd Edition - (Released 7/2015 - ISBN 1784391603)


Monitoring/IR/Network Forensics


Data-Driven Security: Analysis, Visualization and Dashboards (Released 3/2014 - ASIN B00MXHAU8A)

Network Security Through Data Analysis: Building Situational Awareness (Released 2/2014 - ISBN 1449357903)

The Practice of Network Security Monitoring (Released 8/2013 - ISBN 1593275099)

Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems (Released 7/2011 - ISBN 1593272669)

Applied Network Security Monitoring: Collection, Detection, and Analysis (Released 12/2013 - ISBN 0124172083)

Crafting the InfoSec Playbook: Security Monitoring and Incident Response Master Plan (Released 5/2015 - ISBN 1491949406)

Silence on the Wire: A Field Guide to Passive Reconnaissance and Indirect Attacks (Released 4/2005 - ISBN 1593270461)

The Computer Incident Response Planning Handbook: Executable Plans for Protecting Information at Risk (Released 8/2012 - ISBN 007179039X)

Security Operations Center: Building, Operating, and Maintaining your SOC (Released 11/2015 - ISBN 0134052013)

Network Forensics: Tracking Hackers through Cyberspace (Released 6/2012 - ISBN B008CG8CYU)

Wireshark 101: Essential Skills for Network Analysis (Released 2/2013 - ISBN 1893939723)


Pentesting


Nmap Network Scanning: The Official Project Guide to Network Discovery and Security Scanning (Released 1/2009 - ISBN 0979958717)

Hacking Exposed 7: Network Security Secrets and Solutions (Released 8/2012 - ISBN 0071780289)

Gray Hat Hacking The Ethical Hacker's Handbook, Fourth Edition (Released 1/2015 - ISBN 0071832386)

The Browser Hacker's Handbook (Released 3/2014 - ISBN 1118662091)

Metasploit: The Penetration Tester's Guide (Released 7/2011 - ISBN 159327288X)


Traditional Forensics


Real Digital Forensics: Computer Security and Incident Response (Released 10/2005 - ISBN 0321240693)

Forensic Discovery (Released 1/2005 - ISBN 0321703251)

Windows Forensic Analysis Toolkit, 4th Edition (Released 4/2014 - ISBN 0124171575)

The Art of Memory Forensics (Released 7/2014 - ISBN 1118825098)

File System Forensic Analysis (Released 3/2005 - ISBN 0321268172)


Application Security


The Art of Software Security Assessment  (Released 11/2006 - ISBN 0321444426)

A Bug Hunter's Diary (Released 11/2011 - ISBN 1593273851)

Fuzzing: Brute Force Vulnerability Discovery (Released 7/2007 - ISBN 0321446119)

Exploit Creation


Hacking: The Art of Exploitation, 2nd Edition (Released 2/2008 - ISBN 1593271441)

The Shellcoder's Handbook: Discovering and Exploiting Security Holes, 2nd Edition (Released 8/2007 - ISBN 047008023X)


Web Security


The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws, 2nd Edition (Released 9/2011 - ISBN 1118026470)

The Tangled Web: A Guide to Securing Modern Web Applications  (Released 11/2011 - ISBN 1593273886)


Mobile Security


Android Hacker's Handbook (Released 3/2014 - ISBN 111860864X)

Android Security Internals: An In-Depth Guide to Android's Security Architecture (Released 11/2014 - ISBN 1593275811)

iOS Hacker's Handbook (Released 5/2012 - ISBN 1118204123)

Hacking and Securing iOS Applications: Stealing Data, Hijacking Software, and How to Prevent It (Released 1/2012 - ISBN 1449318746)


Reverse Engineering/Malware Analysis


The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler (Released 7/2014 - ISBN 1593272898)

Reversing: Secrets of Reverse Engineering (Released 4/2005 - ISBN 0764574817)

Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation (Released 2/2014 - ISBN 1118787315)

Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software (Released 3/2012 - ISBN 1593272901)

Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code (Released 11/2010 - ISBN 0470613033)


Cyber Security Analyst Mind Map