Awesome
Security Resources
π¨This Readme isn't being updated anymore. Check out the Wiki tab for the most up to date lists π¨
A list of stuff I've found useful over the course of me teaching myself All Of The Security Things. Constantly a work in progress. Things with πare my ride-or-die faves.
i. Android
ii. ARM
iii. Blog Posts
iv. C Code Review
v. Conferences
vi. Course Notes
vii. Cryptography
viii. CTFs
x. Networking
xi. Podcasts
xii. Reverse Engineering
xiii. Security Culture
xiv. Things I've Heard Good Things About But Haven't Read/Listened To/etc
xv. Tools
xvi. Web Security
Where To Start
Not gonna lie, I get this question a lot and I never have a good answer for it. So here's some general tips:
- Start with what you're interested in. If you heard about an exploit, tool, concept, etc what peaked your interest, dive into that first.
- Here are some places to start in case you're stuck:
- If you are reading a blog post, wiki page, book, paper, etc. and you come across something you've never heard of or don't understand, don't continue reading until you understand that thing. (Obviously, this won't work for everyone because everyone learns differently. One of my first year uni prof's gave me this advice and I've found it to be pretty effective.)
-
Be prepared to not understand pretty much everything.
<br> -
Have a decent understanding of programming. If you've never done any sort of programming before, check out Code Academy β the Python track is a good place to start.
- Don't just read about it! Reading about security is all well and good, but coding exploits will solidify your understanding. Check out the CTFs section to get started.
- Get yourself a bookmarking tool such as Pocket. There will be lots of things you'll want to save for later and you'll need a way to organize them. (Don't be like me and use Twitter likes as your bookmarking tool)
- This is actually a good opportunity to check out Security Planner to learn more about how to manage your online privacy!
Android
- A little bit dated but the fundamentals are good
Tutorialspoint Android Penetration Testing
- Covers basic architecture, security architecture, and walks through DIVA
Vulnerable Android Apps
ARM
Very vulnerable ARM application
Blog Posts
Getting Into Security
So, you want to work in Security? By Parisa Tabriz π
So you want to work in security (but are too lazy to read Parisa's excellent essay) by lcamtuf
So you want to be a security engineer? by Niru Ragupathy π
C Code Review
CERN Computer Security: Common vulnerabilities guide for C programmers
Smashing The Stack For Fun and Profit
Format String Vulnerabilities (Syracuse University)
C Programming Language 2nd Edition
OWASP Buffer Overruns and Overflows Guide
Conferences
OurSA 2018 π
Course Notes
Cryptography
A Stick Figure Guide To The Advanced Encryption Standard (AES)
Coursera Crypto I (taught by Dan Boneh) π
CTFs
Law and Social Justice
The Black Community Needs Encryption by Adrianne Jeffries for Motherboard π
Encryption is a Human Rights Issue from the EFF
CrySP Speaker Series on Privacy
Lex Gill: Rearranging Power Through Law and Code: Deciphering the Canadian Encryption Debate π
Networking
CS456 (UWaterloo) Lecture Slides (2006)
Podcasts
- Good technical content but lacks an intersectional approach to societal implications imo
Notable Episodes
Security Now #65: Why is Security So Difficult?
Security Now #311: Anatomy of a Security Mistake
Reverse Engineering
Introduction to Firmware Reversing
Reverse Engineering Challenges
2017 SIT RE Presentation by TobalJackson
- Good intro to radare2 (with exercises and a video!)
Security Culture
Things I've Heard Good Things About But Haven't Read/Listened To/etc
The Tangled Web: A Guide To Securing Modern Web Applications
Queer Privacy by Sarah Jamie Lewis
Tools
Burp Suite π
- The free community edition is fine
radare2 π
Command Line
A Quick and Practical Reference for tcpdump