Resources

The following is a list of blogs, communities, or other miscellaneous resources that can provide some great reads and educational info on topics pertaining to security. Feel free to leave comments below if you think anything should be added!

News

http://packetstormsecurity.org/ -- News/Current Exploits (Gathers top stories from other security news sites [and shows new exploits at the bottom])
http://www.theregister.co.uk/security/ --News (One of my favorites, stays very up to date)
http://www.wired.com/threatlevel/ --News – Another good general security blog (not so much technically oriented)
http://www.schneier.com/  --Blog “Schneier on Security”
http://googleonlinesecurity.blogspot.com/  --Security Blog (Just saw this one, but seems very good with good information)
http://www.exploit-db.com/ --Current Exploits
http://www.guardian.co.uk/technology/hacking --News (Up-to-date resource)

Classes:

http://pentest.cryptocity.net/ -- Arguably the best free security class on the web. Excellent videos, slides, content, and information. Definitely check it out!
http://www.security-class.org [tentatively unavailable 01/28/2012]- Security class offered for free by Stanford Univ. Starts late March 2012.
https://www.coursera.org/crypto/class - Free Cryptography class offered by Stanford Univ. Started early March.
http://ocw.mit.edu/courses/electrical-engineering-and-computer-science/6-857-network-and-computer-security-fall-2003/ - Free Network and Computer Security course offered by MIT
http://www.codecademy.com/ - Great resource if you're looking to learn programming

Books:

Hacking: The Art of Exploitation - Great book to that teaches low level exploitation techniques, as well as crucial fundamentals
Violent Python: A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers - Book on using Python for penetration testing tasks
Metasploit: The Penetration Tester's Guide - Book covering the ins and outs of Metasploit. Provides in depth information on usage as well as development
File System Forensic Analysis - Covers forensic techniques for different filesystems. Very thorough and in depth information
The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws - Great book covering techniques for auditing and exploiting web applications
SQL Injection Attacks and Defense - The "SQL Injection Bible". Covers numerous auditing and exploiting techniques using SQL Injection
The Shellcoder's Handbook - Great resource for developing shellcode for use with exploitation 
Real Digital Forensics - Similar to File System Forensic Analysis but with Network forensics and response techniques
Silence on the Wire: A Field Guide to Passive Reconnaissance and Passive Attacks - Interesting book covering fundamentals of fingerprinting and other passive attack techniques 
Social Engineering: The Art of Human Hacking - In depth coverage of social engineering techniques and exploitation
Bejtlich Best Books - Annual lists of best security books read by security professional Richard Bejtlich

Communities:

http://www.reddit.com/r/netsec - Netsec subreddit - always up-to-date with the latest stories in netsec
http://www.reddit.com/r/SocialEngineering - Social Engineering subreddit
http://www.reddit.com/r/computerforensics - Computer Forensics subreddit
http://www.reddit.com/r/ReverseEngineering - Reverse Engineering subreddit
http://www.reddit.com/r/lockpicking/ - Lockpicking subreddit
http://www.criticalsecurity.net/ - Security forum (many of these exist)

Training/Wargames:

http://www.hackthissite.org/ - Challenges to test exploitation skills
http://smashthestack.org/ - Different exploitation challenges
http://www.overthewire.org/wargames/ - Many different wargames teaching a variety of security techniques
https://www.pentesterlab.com/ - Free Penetration Testing exercises geared towards web app exploitation
http://code.google.com/p/dvwa/ - Damn Vulnerable Web App

Tutorials:
https://www.corelan.be/index.php/category/security/exploit-writing-tutorials/ - Corelan Exploit Writing tutorials (ie a great and thorough Buffer Overflow tutorial can be found here.)
http://www.offensive-security.com/metasploit-unleashed/Main_Page - Metasploit Unleashed tutorials provide coverage of using Metasploit
http://www.unixwiz.net/techtips/sql-injection.html - Simple SQL Injection Tutorial

Security Conference Whitepapers and Presentations:

http://defcon.org/html/links/dc-archives.html -- Presentations (Years’ worth of whitepapers and video/audio presentations)
http://defcon.org/html/links/dc-tools.html       -- Tools released at Defcon
https://www.blackhat.com/html/archives.html --Presentations (Years’ worth of whitepapers and video/audio presentations)
https://www.derbycon.com/videos-2011/ - All videos from the 2011 DerbyCon
http://cansecwest.com/pastevents.html - Slides and content from past CanSecWest conferences
http://www.irongeek.com/i.php?page=videos/derbycon2/mainlist - Derbycon 2012 videos

Existing Vulnerability Research (what we aim to protect against):

http://projects.webappsec.org/w/page/13246978/Threat-Classification -- Seems very similar to the webpage right below – Discusses attack vectors and threats
https://www.owasp.org/index.php/Category:Attack – I’ve been looking at this recently and I enjoyed their analysis of many attack vectors
http://en.wikipedia.org/wiki/Portal:Computer_Security – General Wikipedia portal for all things Computer Security
http://resources.infosecinstitute.com/ --Scroll to the bottom for archives of whitepapers

Multimedia Resources

http://www.securitytube.net/ --The "YouTube of Security" (couldn’t recommend this site highly enough!!)
http://www.grc.com/securitynow.htm -- Incredible Security Podcast (available on iTunes!)
http://www.social-engineer.org/podcast/ --Great social engineering podcast by social-engineer.org

Notable Blogs

Carnal0wnage - Attack and Research blog
http://www.devttys0.com/blog/ - Blog focused on hardware and reverse engineering
Metasploit Blog
SkullSecurity - Blog focused on misc. security topics
TrailofBits Blog - Misc. Security topics
Room362 Blog - Misc. Security topics
Volatility Labs Blog - Focused on malware and memory forensic analysis
Pentest Geek - Misc. Security topics

Other Resources:

http://www.ctftime.org/ - Resource that provides information for ongoing and upcoming CTF events
http://www.social-engineer.org/ --Social Engineering Framework and Blog (Great Resource to learn SE!)
http://safaribooksonline.com/ -- Site full of great resources - requires subscription (provided for free if you're a Tech student - will show you how to access it in the meetings).
Amazon Security Books – Amazon is (IMHO) one of the best places for security books. I’ve bought numerous over the years and have enjoyed the price.
http://www.lockpicking101.com/ -- A great resource (forum) for learning best physical security practices as well as being able to measure physical security deficiencies with standard locks.

For Twitter Users:

http://blogs.csoonline.com/1539/follow_friday_security_pros_to_find_on_twitter_june_3 -- Security Professionals on Twitter that you may want to follow (I’m not a twitter user, so I haven’t checked any of these out personally.)

Want to Learn Python?

http://www.codecademy.com/tracks/python - Codecademy Python course
http://learnpythonthehardway.org/ - Fantastic book (free to read online) that teaches Python
http://www.diveintopython.net/toc/index.html - Another great book (free to read online) that teaches Python
http://www.learnpython.org/ - Python tutorials (contains in-browser code-editor)

106 comments:

  1. What about MOOC's, do you think they are worth it?

    ReplyDelete
    Replies
    1. Absolutely! I'm currently taking the "Malicious Software and its Underground Economy: Two Sides to Every Story" via coursera, and it's great.

      MOOC's are becoming more and more popular, which is good - it's time we open-source high-quality education. Places like Coursera provide fantastic class at a price I tend to like (free!).

      Delete
  2. Nice post, very helpful for us.I will
    vulnerability assessment
    penetration testing come back here again & again...:)

    ReplyDelete
    Replies
    1. On sait depuis longtemps que travailler avec du texte lisible et contenant du sens est source de distractions, et empêche de se concentrer sur la mise en page elle-même. L'avantage du Lorem Ipsum sur un texte générique comme 'Du texte. Du texte. Du texte.'
      mesin pembuat kopi Elektrolux and artikel harga mesin kopi Illy terbaru dan artikel harga mesin kopi merk Kenwood and article harga mesin kopi Nescafe dan ulasan harga mesin cuci 1 tabung dan artikel harga mesin cuci 2 tabung serta artikel harga mesin cuci front loading dan harga mesin cuci top loading juga harga kompor gas merk Quantum dan info harga kompor gas merk Rinnai

      Delete
  3. Such a nice blogs, communities, or other miscellaneous resources for the it security course
    Thanks for sharing this nice blog..!!!!

    ReplyDelete

  4. Hi, I am John working in IT company. Cause of busy I work in my home so, I need a high-configaration which is one of the
    best computers.best computers.
    So, I was feeling worried about the best computer. By friend suggest me to visit your website and got it. This is really good product.
    Specially RAM, graphic, and all configaration are good. I am happy. I am happy.

    ReplyDelete
  5. Great post!I am actually getting ready to across this information,i am very happy to this commands.Also great blog here with all of the valuable information you have.Well done,its a great knowledge.
    Python Training in Chennai

    ReplyDelete
  6. Great post! I am see the programming coding and step by step execute the outputs.I am gather this coding more information. It's helpful for me my friend. Also great blog here with all of the valuable information you have.
    Python Training in Chennai

    ReplyDelete
  7. It is amazing and wonderful to visit your site.Thanks for sharing this information,this is useful to me...
    Android Training in Chennai
    Ios Training in Chennai

    ReplyDelete
  8. now in this new version there are so many new feature and bugs fix.


    สูตรบาคาร่า
    goldenslot

    ReplyDelete
  9. It is amazing and wonderful to visit your site.Thanks for sharing this information,this is useful to me...
    Android Training in Chennai
    Ios Training in Chennai

    ReplyDelete
  10. Online Computer Courses - Get the free of cost computer courses, classes, training and certification online at your home. Nitro India one of the popular organization provide these services to you free of cost. To get now free classes, courses and certification from Nitro all over the world visit- nitroindia.org.

    ReplyDelete
  11. Thanks for one marvelous posting! I enjoyed reading it; you are a great author. Besant technology provides python course training in Bangalore

    ReplyDelete
  12. It’s always so sweet and also full of a lot of fun for me personally and my office colleagues to search your blog a minimum of thrice in a week to see the new guidance you have got.Besant Technologies offers the best
    Selenium Training in Bangalore

    ReplyDelete
  13. Those guidelines additionally worked to become a good way to recognize that other people online have the identical fervor like mine to grasp great deal more around this condition.

    Java Training in Bangalore|

    ReplyDelete
  14. Does your blog have a contact page? I’m having problems locating it but, I’d like to shoot you an email. I’ve got some recommendations for your blog you might be interested in hearing. DevOps Training in Bangalore

    ReplyDelete
  15. Thank you a lot for providing individuals with a very spectacular possibility to read critical reviews from this site.

    Dotnet Training in bangalore

    ReplyDelete
  16. This is really too useful and has more ideas from your blog. Keep sharing many techniques. We are waiting for your new blog and for useful information. Keep post more blogs. AWS Training in Bangalore

    ReplyDelete
  17. Very Nice Blog on info on topics pertaining to security.
    Interesting links for blogs kindly keep Blogging.
    Devops Training in Bangalore

    ReplyDelete
  18. Thanks for sharing these these type of blogs keep posting it
    Iot Online Training

    ReplyDelete
  19. very helpfull blog it was a pleasure reading your blog
    would love to read it more
    knowldege is not found but earned through hardwork and good teaching
    that being said click here to join us the next best thing in bangalore
    devops online training
    Devops Training in Bangalore

    ReplyDelete
  20. Fabulous information you have shared thanks to provide Devops Online Training Bangalore

    ReplyDelete
  21. Much obliged this post truly opened my eyes. It is not just enlightening rather extremely gainful for the general population the individuals who need to benefit something in his life. AWS / Amazon Web Services Training in India | AWS / Amazon Web Services Training Institutes

    ReplyDelete
  22. Thanks for your useful information shared with us. check it once through Android Online Course Hyderabad

    ReplyDelete
  23. Nice post about MSBI, looking for best msbi online training institute ?

    ReplyDelete
  24. Thanks for posting the useful information to my vision. This is excellent information,.
    iphone app training course in hyd

    ReplyDelete
  25. Nice post. Thanks for this awesome blog. Keep sharing
    AWS Training in Noida

    ReplyDelete
  26. Phenomenal blog. You put Good stuff. All the subjects were cleared up briefly. so quickly appreciate for me. I am holding up Inventory Verification | Fixed Assets Audit | Customer Helpdesk

    ReplyDelete
  27. Thanks for sharing valuable information with us, Keep share more content on MSBI Online course Bangalorea

    ReplyDelete
  28. Thanks for sharing valuable information with us to learn more things about MSBI Online Training

    ReplyDelete
  29. I read your blog this is really good and it helpful for learners. Thanks for sharing your thoughts with us Keep update on MSBI Online Training Bangalore

    ReplyDelete
  30. Those guidelines additionally worked to become a good way to recognize that other people online have the identical fervor like mine to grasp great deal more around this condition.

    AWS Training in Chennai

    ReplyDelete
  31. Nice blog. Thank you for sharing such useful post. Keep posting
    Amazon web Services Course in Gurgaon

    ReplyDelete
  32. Nice blog. Thank you for sharing. The information you shared is very effective for learners I have got some important suggestions from it. Duplicate Payment Review | Continuous Transaction Monitoring | Duplicate Payment Recovery

    ReplyDelete
  33. I read your blog this is really helpful for learners, Thanks for sharing valuable information with us. Keep share more content on Android Online Course bangalore

    ReplyDelete
  34. The information which you have provided is very good. It is very useful who is looking for selenium Online Training Bangalore

    ReplyDelete
  35. Thanks a lot very much for the high quality and results-oriented help. I won’t think twice to endorse your blog post to anybody who wants and needs support about this area.
    Python Training in Bangalore

    ReplyDelete
  36. This is a perfect blog to learners who are looking for android technology, check it once at Android Online Training Bangalore

    ReplyDelete
  37. I believe there are many more pleasurable opportunities ahead for individuals that looked at your site. Best AWS Training in Bangalore

    ReplyDelete
  38. Nice information thank you,but we want better teaching and good training center in hyderabad please chechk it once
    MSBI Training in Hyderabad

    ReplyDelete
  39. Replies
    1. It has been simply incredibly generous with you to provide openly what exactly many individuals would’ve marketed for an eBook to end up making some cash for their end.
      AWS Training in Bangalore
      Python Training in Bangalore

      Delete
  40. It has been simply incredibly generous with you to provide openly what exactly many individuals would’ve marketed for an eBook to end up making some cash for their end, primarily given that you could have tried it in the event you wanted.

    AWS Training in Bangalore
    Python Training in Bangalore

    ReplyDelete
  41. Keeping the quality of a job expands its efficacy and helps to boost it. I’m pleased to get the info about the importance of ‘Blog commenting’ and some precious clues to improve it. Thanks for the article. Best AWS Training in Bangalore

    ReplyDelete
  42. I feel really happy to have seen your webpage and look forward to so many more entertaining times reading here. Thanks once more for all the details.

    amazon web services training in bangalore


    ReplyDelete
  43. This is a much needed information thank you for sharing and it's very helpful to know about this information. Thanks for sharing it MSBI Online Training Bangalore

    ReplyDelete
  44. The information which you have provided is very good. It is very useful who is looking for salesforce Online Training Hyderabad

    ReplyDelete
  45. This comment has been removed by the author.

    ReplyDelete
  46. This comment has been removed by the author.

    ReplyDelete
  47. "Techonolgy is updated day to day
    Thanks for sharing the info"
    salesforce Development Training Hyderabad

    ReplyDelete
  48. This comment has been removed by the author.

    ReplyDelete
  49. This comment has been removed by the author.

    ReplyDelete
  50. This comment has been removed by the author.

    ReplyDelete
  51. This comment has been removed by the author.

    ReplyDelete
  52. This comment has been removed by the author.

    ReplyDelete
  53. Awesome post.
    I found so many exciting data in this particular blog.
    Thank you for sharing this blog.
    best professional training institute in Lagos

    ReplyDelete
  54. It has been simply incredibly generous with you to provide openly what exactly many individuals would’ve marketed for an eBook to end up making some cash for their end, primarily given that you could have tried it in the event you wanted.

    AWS Certified Developer

    AWS Interview Questions

    Aws Azure Job Opening

    Aws Freshers Opening in Chennai and Bangalore

    ReplyDelete
  55. We offer Industrial PLC and Automation training designed for engineering, operation and maintenance of PLC automation solutions. We provide practical training and advanced level PLC training in Noida Delhi NCR which helps to students in a better understanding. After training, we will give you PLC training certificate. Call @9953489987.

    ReplyDelete
  56. The information which you have provided is very good. It is very useful who is looking for salesforce Online Training Bangalore

    ReplyDelete
  57. nice blog has been shared by you. before i read this blog i didn't have any knowledge about this but now i got some knowledge so keep on sharing such kind of an interesting blogs.
    mulesoft training hyderabad

    ReplyDelete
  58. This Blog is Very interesting to read and thank you for sharing the valuable information about SAP Training in Hyderabad SAP Training in Hyderabad. The information you provided was very easy to read and understand. I gathered a lot of information from your SAP blog.
    http://www.sapschool.in/

    ReplyDelete
  59. This blog is very nice thank you for sharing it is very useful information python Online Training

    ReplyDelete
  60. the blog is good and Interactive it is about Mulesoft Developer it is useful for students and Mulesoft Developers for more updates on Mulesoft mulesoft Online training hyderabad

    ReplyDelete
  61. Devops training institute in Noida
    Devops Training in Noida- Webtrackker Technology is providing the Devops Training in Noida with 100% placement support. If you are looking for the Devops training in noida then I will suggest to you that webtrackker Technology will be the option for you. we are also providing the Iot Training in noida so if you are looking for the IOT training institute in noida then you can contanc to webtrackker Technology.

    Company Address:
    Webtrackker Technology
    C- 67, Sector- 63 Noida (India)
    Phone: 0120-4330760, 8802820025
    Email: info@webtrackker.com
    Website: http://webtrackker.com

    ReplyDelete
  62. This article information was really wonderful. Which is very much useful for me and impressed by reading. Your information will be very help full to Sap training institutes in hyderabad. We're providing the best SAP training institutes in hyderabad.
    http://www.sapschool.in/

    ReplyDelete
  63. I have read your blog and i got a very useful and knowledgeable information from your blog.its really a very nice article.You have done a great job . If anyone want to get
    Networking Training in Chennai | Hibernate Training in Chennai.

    ReplyDelete
  64. Thank you so much... your blog is giving very useful knowledge for all.i didn’t have the knowledge in this now i get an idea about this..
    thks a lot:-)To know more cloud sim training in chennai | arduino training in chennai .

    ReplyDelete
  65. Nice and good article. It is very useful for me to learn and understand easily.

    Networking Training in Chennai | Hibernate Training in Chennai.

    ReplyDelete
  66. Good article. It is very useful for me to learn and understand easily Learn Mulesoft Online Thanks for posting.

    ReplyDelete
  67. Very Nice!
    It is very clearly i like it.Thank you for sharing.
    Top level training centers for all college students in best Hibernate Training in Chennai | Vlsi Training in Chennai.

    ReplyDelete