Awesome

how-to-self-learn-infosec

FAQ: How do you self-learn information security?

Ans: I think teaching and doing (e.g. competing, building stuff) is the best way to learn. Here's a list of materials to go along:

"Our Own" Training Materials:

• https://github.com/nnamon/nightsoferised (misc infosec stuff)
• https://github.com/thngkaiyuan/ctf101-web (web ctf)
• https://github.com/nnamon/ctf101-systems-2016 (systems ctf)
• https://github.com/nnamon/ctf101-systems-2015 (systems ctf)

Our Mini Workshop on Reverse Engineering:

• https://github.com/quanyang/reversing-workshop
• Solutions: https://www.fireeye.com/blog/threat-research/2016/11/2016_flare-on_challe.html

Courses & Tutorials:

• http://liveoverflow.com/ (videos on CTF challenges, infosec topics)
• https://fuzzing-project.org/ (basic fuzzing tutorials + resources)
• https://www.fuzzysecurity.com/index.html (wide-ranging tutorials - from exploitation to malware analysis & RFID)
• https://www.udemy.com (you can find some introductory security courses here)
• http://pwnable.kr/ (introductory to advanced pwnable CTF challenges)
• https://cryptopals.com/ (a wonderful collection of crypto challenges with progressive difficulty)
• https://trailofbits.github.io/ctf/ (CTF guidebook)
• https://www.offensive-security.com/metasploit-unleashed/ (free Metasploit course)
• http://www.edgis-security.org/lab-tutorials/ (miscellaneous tutorials)
• https://github.com/shellphish/how2heap (on heap exploitation)

Useful Reading Materials:

• https://www.utc.edu/center-information-security-assurance/pdfs/course-paper-5600-rsa.pdf (attacks on RSA)
• https://www.fireeye.com/blog/threat-research.html
• https://googleprojectzero.blogspot.sg/
• http://brutelogic.com.br/blog/ (XSS stuff)
• https://fuzzing.info/ (on fuzzing)
• https://github.com/tjunxiang92/Android-Vulnerabilities
• https://github.com/ctfs (CTF writeups)