Today we have a guest post by security analyst Chris Goff. Chris has collected a set of info, links and lists that definitely qualify as extremely cool resources! You can check out Chris' website at http://chris-goff.com/ or follow him at https://www.linkedin.com/in/goffchris
There's a lot of info packed in here, and it's pretty technical. But you don't have to memorize it all now and there won't be a test! Just skim it, enjoy it and bookmark it!
Information Security Learning Resources
or information security for the self-learner
by Chris Goff
This is the result of many years of
notes. This is by no means an exhaustive list, nor the definitive path to
information security.
Bookmark these Google Search cheat
sheets, they will come in handy:
Core competencies
Here are three core competencies within
information technology that will provide a solid foundation on which to start a
security career:
- Systems Administration
- Network Administration
- Programming
The core competencies are not a
requirement, however be aware that InfoSec is expected to be a Subject Matter
Expert (SME) on most topics. If you wish to be successful diversity of
knowledge is key.
“There is no security without understanding.” – Michael Lucas, author Absolute OpenBSD
Systems Administration
“Fast, cheap, and reliable. Choose two.”
Top 10 Tenants of a System Administrator - https://github.com/Leo-G/DevopsWiki/wiki/Top-10-tenets-of-a-System-Administrator
Understand how Operating Systems work at a low level
Windows
o Active Directory
o Group Policy
o Exchange
o IIS
o File sharing in a Windows Environment (permissions, etc.)
o Windows Update Services (WSUS)
o System Center Configuration Manager (SCCM)
o Event Logs
o PowerShell
§ See resources under Programming
o Office 365 (administration and architecture)
o Windows Firewall
Direct Download Links to the
Official Microsoft ISO images - https://www.heidoc.net/joomla/technology-science/microsoft/
http://ss64.com/ - command line reference
http://www.nirsoft.net/ - amazing
little tools
Linux
o Learn Debian and Red Hat Linux or a derivative thereof (Ubuntu,
CentOS). These are the two most popular distributions for getting stuff done.
o Apache, nginx
o salt, ansible, Puppet, chef
§ Getting Started with SaltStack - https://techarena51.com/index.php/getting-started-with-saltstack/
o BASH shell
o Package Management (apt, yum, etc.)
o Learn the most common command line utilities (grep, awk, sed, etc.)
§ Guide to Unix Command Line Utilities - https://en.wikibooks.org/wiki/Guide_to_Unix/Commands/File_System_Utilities
§
The Hacker Ways: Gentle
Introduction the Command Line and UNIX toolset - http://juanreyero.com/hacker-ways/index.html
o iptables / netfilter
BSD
o FreeBSD
o OpenBSD
§ The OpenBSD documentation is very good. Use man liberally.
§ Absolute OpenBSD by Michael Lucas
§ The Book of PF by Peter N. M. Hansteen
§ pf – The amazing packet filter
Databases
o MySQL and Microsoft SQL are popular SQL options
Log management and system
monitoring
o syslog
Virtualization
o iSCSI knowledge is helpful.
o VMware
§ Be familiar with vSphere. Consider a VCP certification or browsing
through the blueprints for the latest release.
§ I recommend purchasing a copy of VMware Workstation (or VMware Fusion
if you are on a Mac), especially if you are going to be building labs. Note
that you can build out an ESXi architecture within
VMware Workstation, just make sure you have plenty of CPU and RAM (VMware
Configuration Maxims: https://www.vmware.com/pdf/vsphere6/r60/vsphere-60-configuration-maximums.pdf). The VMware Communities are chock full of useful information for
both learning and troubleshooting.
o Hyper-V
§ Microsoft Virtual Academy Courses - https://mva.microsoft.com/training-topics/virtualization#!lang=1033
Cloud
o Learn how to automate and orchestrate
o Azure
o Amazon Web Services (AWS)
o Google
Backups
Books
- The Practice of System and Network Administration by Thomas A. Limoncelli and Christina J. Hogan (http://everythingsysadmin.com)
- Server Fault - http://serverfault.com/
- Super User - http://superuser.com/
- Petri IT Knowledgebase - https://www.petri.com/forums/
- League of Professional System Administrators - http://lopsa.org/
- IT Service Management Webcasts - https://www.brighttalk.com/community/it-service-management/webcasts
- Sysadmin Casts - https://sysadmincasts.com/
- CommandlineFu - http://www.commandlinefu.com
- Ops School Curriculum - https://ops-school.readthedocs.org/en/latest/
RFC 1925: The Twelve Networking Truths - https://tools.ietf.org/html/rfc1925
o Note that the OSI model is not a rigid definition of where a protocol
should sit on the network stack. For example, MPLS (https://en.wikipedia.org/wiki/Multiprotocol_Label_Switching) “sits” between layers 2 and 3.
Protocols
§ If your ISP does not offer native IPv6, you can use a tunnel broker
such as Hurricane Electric (http://he.net/). Hurricane Electric also offers a free IPv6 certification process
which is an excellent learning tool: https://ipv6.he.net/certification/.
o
Routing
protocols such as BGP
o
Inter-VLAN routing (http://www.firewall.cx/networking-topics/vlan-networks/222-intervlan-routing.html)
Basic Applications
o SMTP
o POP3
o DNS
§ Why DNS is awesome and why you should love it (https://blog.skullsecurity.org/2015/if-youre-a-pentester-you-should-love-dns)
o SSL/TLS
o HTTP
o FTP
o Etc.
Authentication
o LDAP
o RADIUS
o Kerberos
o MFA (Multi-factor authentication)
o OTP (One Time Password)
o PKI (Public Key Infrastructure)
Switching / Layer 2
o Difference between a VLAN and a subnet - http://networkengineering.stackexchange.com/questions/1029/difference-between-subnet-and-vlan
Firewalls
RADIUS
Network Access Control
Load Balancing
Proxies
o How Proxies Work - https://parsiya.net/blog/2016-07-28-thick-client-proxying---part-6-how-https-proxies-work/
Network Time Protocol (NTP)
Intrusion Detection and Prevention
Books
- Interconnections: Bridges, Routers, Switches, and Internetworking Protocols by Radia Perlman.
- Network Security: Private Communication in a Public World by Radia Perlman.
- The TCP/IP Guide is one of my favorite books and is freely available online: http://www.tcpipguide.com/.
- CCNA/CCENT Training Course - https://www.youtube.com/playlist?list=PLmdYg02XJt6QRQfYjyQcMPfS3mrSnFbRC
- You Down With BGP? - https://www.youtube.com/watch?v=RT-1DU33xIk&feature=youtu.be ;-)
- PacketLife - http://packetlife.net/
- Router god - http://www.routergod.com/
- Router Freak - http://www.routerfreak.com/
- MX Toolbox - http://mxtoolbox.com/
- The Network is reliable - https://aphyr.com/posts/288-the-network-is-reliable
- Building a small DC - https://v.gd/gjEERc
- PacketLife Cheat Sheets - http://packetlife.net/library/cheat-sheets/
- The Packet University - http://www.packetu.com/
- iproute2 cheat sheet - http://baturin.org/docs/iproute2/
- Linux advanced routing and traffic control - http://lartc.org/lartc.html
- Wireshark - https://www.wireshark.org/
- Publicly available PCAP repositories - http://www.netresec.com/?page=PcapFiles
- Packet Bomb - http://packetbomb.com/
- tcpdump - tcpdump101 - http://tcpdump101.com/
- NetworkMiner - http://www.netresec.com/?page=NetworkMiner
- Cisco Packet Tracer - https://www.netacad.com/about-networking-academy/packet-tracer/
- GNS3 Graphical Network Simulator – http://www.gns3.net/
- EtherealMind - http://etherealmind.com/
- Packet Pushers - http://packetpushers.net/
Programming / Scripting
A common response to programming from
operations folks is “I don’t need that”.
If you want to take your skills to the
next level I recommend learning a scripting language (e.g. Python or
PowerShell) and a “real” programming language (e.g. C). Having a detailed
understanding of how computers work will change the way you perceive security,
and give you a newfound respect for the difficulty of creating secure (and
usable) software. If you plan on doing any of the “sexy” things in
security (pen testing) effectively you will need to be able to get around in a
programming environment.
If you have trouble learning programming:
consider a project you are working on and how you might automate it using a
script. When you’ve automated something, work on improving the efficiency of
the script including documentation and error control.
Learn how to use a good text editor. Some
common ones include vim, Atom, Sublime Text, Notepad++, and nano.
Free programming books - https://github.com/vhf/free-programming-books/blob/master/free-programming-books.md
“This is the UNIX philosophy: Write programs that do one thing, and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface.” – Doug Mcilroy
- Small is beautiful
- Make each program do one thing well.
- Build a prototype as soon as possible.
- Choose portability over efficiency.
- Store data in flat text files.
- Use software leverage to your advantage.
- Use shell scripts to increase leverage and portability.
- Avoid captive user interfaces.
- Make every program a filter.
“Computers do calculations, and remember the results of those calculations. Two things, and two things only.”Memory
o Stack, heap, pointers, buffer overflows
Assembly, computer organization
(architecture)
o David Poplowski’s Page, Michigan Technical University, Department of
Computer Science (http://www.cs.mtu.edu/~pop/)
o “Think of assembly instructions as the DNS of CPUs. Opcodes would be
analogous to IP addresses.”
Design
o Object Oriented
o SOLID
o YAGNI
o Patterns - book by the Gang of Four
JavaScript
o Server and client side
o Cross site scripting
o JavaScript sandbox
o JSON
o Jquery
o AJAX/Asychronous requests
o REST (state versus stateful)
o OAuth2
o Sessions
o Load balancing, sessions across multiple servers
SQL, relational databases
o How does data map?
o Indexes, SQL injection, etc.
§ SQL Pattern Matching
§ Pattern Matching in Search Conditions - https://technet.microsoft.com/en-us/library/ms187489(v=sql.105).aspx
ORMs
o Entity Framework
o Dapper
o nHibernate
Automatic Testing
Continuous Integration
Write lots of programs
Continuous Integration
Write lots of programs
Look at other people's code
(open-source)
Regular Expressions
Source control
o Github, Bitbucket etc.
o Swim lanes (different environments)
PowerShell Resources
- http://ss64.com/ps/
- http://ss64.com/ps/syntax.html
- /r/powershell
- Getting Started With Microsoft PowerShell
- The PowerShell Best Practices and Style Guide
- Hey, Scripting Guy!
- TechNet Virtual Lab: Introduction to Windows PowerShell
- Windows PowerShell Survival Guide
- PowerShell Classes on Channel 9
- Learn Windows PowerShell in a Month of Lunches by Don Jones (Youtube Channel)
- Windows PowerShell Cookbook by Lee Holmes
- PowerScripting Podcast
- PowerShell Resources - Put together by Warren F
C Resources
- C Programming - http://www.lysator.liu.se/c/
- C Puzzles - http://www.gowrikumar.com/c/index.php
- Learn C Programming by Robert Elder
- Illustrating C by Donald Alcock
- Practical C Programming by Steve Oualline
- Absolute Beginner's Guide to C by Greg Perry
- The C Book
- Learn C The Hard Way
- /r/C_Programming
- Rules for defensive C programming
- 10 Rules for Writing Safety Critical Code (PDF)
Python Resources
- Automate the Boring
Stuff with Python by Al Sweigart
- Beginner's Guide to Python
- CodingBat Python code practice
- LearnPython.org interactive tutorial
- Learn Python The Hard Way
- The Hitchhiker’s Guide to Python
- /r/python
Videos
- Network Automation with Python - https://www.youtube.com/watch?v=eiYemtNKS-M&list=PLtw40n4ybvFoHoigW7IwITNilmZn2cfNv
I stumbled across your blog and wanted to let you know that I'm the author of http://tcpdump101.com listed here. Just wanted to say thanks to you and your submitter and that I hope you and your readers find it useful.
ReplyDeleteCheers,
Gr@ve_Rose
This comment has been removed by a blog administrator.
ReplyDelete