Today is Security Friday! There’s a lot of FUD going around, there’s no denying that. The best way to get rid of FUD is to increase your knowledge in the security arena. I found the links below particularly helpful.
Security Gurus Reveal Their Mentors: The Influencers – from Tripwire
In stark contrast, nearly as many who participated found it hard to narrow the field down to just one or even several individuals, and the passion with which they spoke of their mentors and the positive influence they had on their development was readily apparent.
Usually, there isn’t just one person who mentored or influenced us. It’s usually various different individuals. This is especially true when you move through different positions in your IT career.
Getting Started in Exploit Development – from Daniel Beck
I’ve always considered writing exploits to be the black magic of computer security. So much of what we do revolves around exploits yet few practitioners know more than which Metasploit commands to run to exploit a vulnerability. With this in mind, I started teaching myself how to write exploits. There’s a lot of information out there, and it’s hard to find examples that actually work but I’ve compiled this roadmap that should set anyone interested in exploit development on the right course.
This is why we secure our systems right? I have an affinity towards exploits and vulnerabilities. I’m just not where I want to be yet.
Learn The Tradecraft of Red Team Operations – from NoVA Infosec
Rapheal Mudge (aka @armitagehacker) recently published this great series of nine videos on learning the tradecraft of red team operations. Totaling over 4 hours, and just a bit of a sales pitch for Cobalt Strike, not only does it explain how to execute a targeted attack but also provides invaluable knowledge to understand from a defender’s perspective.
While on the topic of exploit development, Rapheal Mudge has a couple of videos discussing Metasploit Framework and Cobalt Strike.
Security Engineering – from Ross J. Anderson
When I wrote the first edition, we put the chapters online free after four years and found that this boosted sales of the paper edition. People would find a useful chapter online and then buy the book to have it as a reference. Wiley and I agreed to do the same with the second edition, and now, four years after publication, I am putting all the chapters online for free. Enjoy them – and I hope you’ll buy the paper version to have as a conveient shelf reference.
Here’s a free book on security engineering. Included are supplemental materials used in courses at Cambridge.