Wednesday, May 7, 2014

Resource List

I recently put together a list of resources that a new NetSec/InfoSec associate could use to familiarize himself with some of the subject matter he'll come into contact with. It's by no means exhaustive, even of the bookmarks and articles and media that just I've saved over the years, but I think there's some useful content and thought I'd post it. I'm still in the process of fleshing it out (at which point it'd probably be overload for a new person) but I enjoy organizing study materials and absorbing as much as I can in my limited free time. Comments are welcome if you see something you think is a stinker and even more welcome would be you sharing some of your links to add to the list. Thanks in advance!
(Please remember the target here is someone new to NetSec/InfoSec. A 50 page white paper on optimizing ring buffers would be interesting to others but probably not what you want to lay on the new guy on the team.

Information Security Resources

Web sites:
Internet Storm Center - https://isc.sans.edu/index.html
Dark Reading Daily - http://www.darkreading.com/
InfoSec Island - http://www.infosecisland.com/
Ethical Hacker Magazine - http://www.ethicalhacker.net/
PaulDotCom Tech Segments - http://wiki.pauldotcom.com/wiki/index.php/TechSegments

Videos:
SecurityTube - http://www.securitytube.net/
Derbycon(2013) - http://www.irongeek.com/i.php?page=videos/derbycon3/mainlist
Academy Pro - http://www.theacademypro.com/
SourceFire - Chalk Talks  - https://www.youtube.com/playlist?list=PL272154EC1786E588
DefCon - https://www.youtube.com/user/defconvidoes
BlackHat - https://www.blackhat.com/html/archives.html
ShmooCon(2014) - https://archive.org/details/shmoocon-2014
Microsoft (End User) - http://www.microsoft.com/security/default.aspx

Reference:
Security Tems Glossary - http://www.sans.org/security-resources/glossary-of-terms/
Network Security Glossary - http://www.watchguard.com/glossary/
Mind Maps - http://www.amanhardikar.com/mindmaps.html

Dashboards:
Talisker Security Wizadry - http://www.securitywizardry.com/radar.htm
Kapersky Threat Map - http://cybermap.kaspersky.com/
Arbor Networks DDoS Map - http://www.arbornetworks.com/asert/map/
Mailing Lists:
Team Cyru Dragon Newsbytes(Private)  - https://lists.cymru.com/mailman/listinfo/ians_dragon_newsbytes
Full Disclosure - http://nmap.org/mailman/listinfo/fulldisclosure
SANS (all) - http://www.sans.org/newsletters/

Linux:
Linux Library - http://www.troubleshooters.com/linux/index.htm
Learn Linux at Linux.com - http://www.linux.com/learn
Linux Documentation - http://linux.die.net/

Classes:
Open Security Training - http://opensecuritytraining.info/Training.html
EDX Intro to Linux (starts Aug 1, $2,400.00 class for free) - https://www.edx.org/course/linuxfoundationx/linuxfoundationx-lfs101x-introduction-1621#.U2fY1Pl4C4I

PodCasts:
Getmon IT Security Podcasts - http://www.getmon.com/
ISC Podcasts (SANS Internet Storm Center) - http://isc.sans.edu/podcast.html

Vulnerability Information:
U.S. CERT - http://www.us-cert.gov/
SecurityFocus - http://www.securityfocus.com/

TCPDump/Wireshark and General Packet Capturing
TCPDump command fu - http://www.commandlinefu.com/commands/using/tcpdump
Wireshark Wiki - http://wiki.wireshark.org/

Malicious Javascript:
http://cansecwest.com/slides07/csw07-nazario.pdf
http://www.cs.bham.ac.uk/~covam/blog/2008/10/dom-based-obfuscation-in-malicious-javascript.html

Blogs:
Bruce Schneier - https://www.schneier.com/index.html
Anton Chuvakin - http://www.chuvakin.com/
Marcus J. Ranum - http://www.ranum.com/
Lance Spitzner - http://www.spitzner.net/
Snort - http://blog.snort.org/
VRT (Vulnerability Research Team of Sourcefire) - http://vrt-blog.snort.org/
Naked Security (Sophos) - http://nakedsecurity.sophos.com/
MalwareBytes - http://blog.malwarebytes.org/

No comments:

Blog Archive