Local Tech Repair: Information Security Training

Tuesday, July 18, 2017

Information Security Training

Here is some training information for the cyber security analyst may need to know to be effective at monitoring the network of an organization. This is just a stripped down and formatted a little different than some of the other articles that I have written before. Lot of the resources will be the same.

Direct link:https://embed.coggle.it/diagram/WUfi54WDXgAB6iGY/71cb408b42237284e247877557b9e4a4835f81ad556bed46d8e9e2840a8e8230

Table of Content


Education Resources (general)

Look at the subpages for a topic and resources for learning it.


·        https://isc.sans.edu/
·        https://securelist.com/
·       http://kalypto.org/

Casual Reading

·        http://arstechnica.com/



·        https://regex101.com/
·        https://malwr.com/


Threat Maps (pew pew pew)

Network Overview

Cisco CCNA
LAN Security Using Switch Features
Network Layer 1 & 2 Troubleshooting
Network Monitoring with Open Source Tools
SiLK Traffic Analysis
Wireless Network Security
Security and DNS
Securing the Network Perimeter
Advanced PCAP Analysis and Signature Development (APA)

Scripting & Programming

Security Specific

A short, focused primer related to secure coding.


Codecademy's browser-based, interactive Python training.
LearnPython.org's browser-based, interactive Python training.
Primal Security's InfoSec focused Python tutorials.
Create your own clients, tools, and test cases using Python.
Free digital copy of the third edition of Zed Shaw's Python book.

Regular Expressions

regex101.com helps explain what your regex does
regexone.com well walk you through tutorials to learn it.






Powershell Fu with Metasploit – Ben Turner & Dave Hardy
Building an empire with Powershell -Will Schroeder & Justin Warner

Introduction to Windows Scripting
Advanced Windows Scripting

Offensive Security/Red Team

Setting up Lab:

Learning Exploit process and testing:

For more additional resources for labs check out

Information Gathering:

Phase 1.1 - People and Organizational

Phase 1.2 - Infrastructure

Analysis and Planning:

Vulnerability Identification:

Nmap scripting engine
Webapp, xampp, webdav, nikto
Directory transversals


Dump Windows Password Hashes

Windows Passing The Hash

Windows Privilege Escalation

Exploit Development:

Corelan Exploits – Corelan Team
Opensecurity Training Playlist – Opensecurity training
FuzzySecurity Tutorials – FuzzySecurity

Post Exploitation:

Windows Attacks AT is the new black – Mubix (Rob Fuller) & Carnalownage (Chris Gates)
I Hunt Sys Admins – Harmj0y
Pillage the Village Redux – John Strand and Ed Skoudis
Operating in the Shadows – Carlos Perez

Linux Privilege Escalation

Tunneling & Port Forwarding



Offensive Security Classes that aren't dedicated resources:

General Security sites:

Malware Analysis/Reverse Engineering


Dynamic Analysis

Static analysis

Network Analysis

Flow analysis and Network Hunting and videos can be found here 

Automated malware analysis:




 RegShot is for comparing differences in registry and filesystem from clean state to after malware was installed to see what happened. 
WinAPIOverride helps you follow the injection process of dlls and api calls for a running process to see what it did and where it went. 
wireshark to identify network traffic and if it is calling out. 
netstat is a built in tool in windows to tell what connections and ports are open on the computer. common command is netstat -anob
sysinternals suite has lots of tools like process monitors and what not to help identify what is going on on the computer. 
Gmer can help detect hidden files and rootkits that may be hiding. 
virtual box is important for keeping malware isolated.  granted other VMs could work to as long as you can limit them to the host network and can't get out to compromise other machines. 
CFF Explorer Suite is a tool to explore the PE file and DLLs. this will help you explore a exe file and what dlls that it is loading or has packaged with it. 
Sigcheck helps you check and verify the signatures on files to see if a dll is signed by microsoft or vendor or if its unsigned and not legitimate file. 
attrib command is very useful for changing attributes via command line. 
API Monitor is a way to track and monitor applications that track api calls. 

Book Recommendations


Splunk Developers Guide (Released 5/2015 - ISBN 1785285297)

Splunk Essentials (Released 2/2015 - ISBN 1784398381)

Building Splunk Solutions, 2nd Edition (Released 10/2015 -  ISBN 1514615746)

Splunk Operational Intelligence Cookbook (Released 10/2014 - ISBN 1849697841)

Implementing Splunk, 2nd Edition - (Released 7/2015 - ISBN 1784391603)

Monitoring/IR/Network Forensics

Data-Driven Security: Analysis, Visualization and Dashboards (Released 3/2014 - ASIN B00MXHAU8A)

Network Security Through Data Analysis: Building Situational Awareness (Released 2/2014 - ISBN 1449357903)

The Practice of Network Security Monitoring (Released 8/2013 - ISBN 1593275099)

Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems (Released 7/2011 - ISBN 1593272669)

Applied Network Security Monitoring: Collection, Detection, and Analysis (Released 12/2013 - ISBN 0124172083)

Crafting the InfoSec Playbook: Security Monitoring and Incident Response Master Plan (Released 5/2015 - ISBN 1491949406)

Silence on the Wire: A Field Guide to Passive Reconnaissance and Indirect Attacks (Released 4/2005 - ISBN 1593270461)

The Computer Incident Response Planning Handbook: Executable Plans for Protecting Information at Risk (Released 8/2012 - ISBN 007179039X)

Security Operations Center: Building, Operating, and Maintaining your SOC (Released 11/2015 - ISBN 0134052013)

Network Forensics: Tracking Hackers through Cyberspace (Released 6/2012 - ISBN B008CG8CYU)

Wireshark 101: Essential Skills for Network Analysis (Released 2/2013 - ISBN 1893939723)


Nmap Network Scanning: The Official Project Guide to Network Discovery and Security Scanning (Released 1/2009 - ISBN 0979958717)

Hacking Exposed 7: Network Security Secrets and Solutions (Released 8/2012 - ISBN 0071780289)

Gray Hat Hacking The Ethical Hacker's Handbook, Fourth Edition (Released 1/2015 - ISBN 0071832386)

The Browser Hacker's Handbook (Released 3/2014 - ISBN 1118662091)

Metasploit: The Penetration Tester's Guide (Released 7/2011 - ISBN 159327288X)

Traditional Forensics

Real Digital Forensics: Computer Security and Incident Response (Released 10/2005 - ISBN 0321240693)

Forensic Discovery (Released 1/2005 - ISBN 0321703251)

Windows Forensic Analysis Toolkit, 4th Edition (Released 4/2014 - ISBN 0124171575)

The Art of Memory Forensics (Released 7/2014 - ISBN 1118825098)

File System Forensic Analysis (Released 3/2005 - ISBN 0321268172)

Application Security

The Art of Software Security Assessment  (Released 11/2006 - ISBN 0321444426)

A Bug Hunter's Diary (Released 11/2011 - ISBN 1593273851)

Fuzzing: Brute Force Vulnerability Discovery (Released 7/2007 - ISBN 0321446119)

Exploit Creation

Hacking: The Art of Exploitation, 2nd Edition (Released 2/2008 - ISBN 1593271441)

The Shellcoder's Handbook: Discovering and Exploiting Security Holes, 2nd Edition (Released 8/2007 - ISBN 047008023X)

Web Security

The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws, 2nd Edition (Released 9/2011 - ISBN 1118026470)

The Tangled Web: A Guide to Securing Modern Web Applications  (Released 11/2011 - ISBN 1593273886)

Mobile Security

Android Hacker's Handbook (Released 3/2014 - ISBN 111860864X)

Android Security Internals: An In-Depth Guide to Android's Security Architecture (Released 11/2014 - ISBN 1593275811)

iOS Hacker's Handbook (Released 5/2012 - ISBN 1118204123)

Hacking and Securing iOS Applications: Stealing Data, Hijacking Software, and How to Prevent It (Released 1/2012 - ISBN 1449318746)

Reverse Engineering/Malware Analysis

The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler (Released 7/2014 - ISBN 1593272898)

Reversing: Secrets of Reverse Engineering (Released 4/2005 - ISBN 0764574817)

Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation (Released 2/2014 - ISBN 1118787315)

Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software (Released 3/2012 - ISBN 1593272901)

Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code (Released 11/2010 - ISBN 0470613033)

Cyber Security Analyst Mind Map

No comments:

Post a Comment