Over the past month, InfoSec Institute has developed a number of free training resources for your benefit. As a reminder, if you hold a professional certification such as the CPT, CISSP, CISA, CEH, etc, reading these resources can count for your required CPEs.
Here are some of the highlights from March 2011:
- HD Moore’s Process for Security Research- The creator of Metasploit and one of the most prolific exploit developers, reveals his process for security research. HD talks about his tools, techniques and provides some insight into what attacks will look like in the future.
- OWASP Top 10 Tools and Tactics- The OWASP Top 10 aggregates the 10 most prevalant application security vulnerabilities. We feel awareness is not enough. Russ McRee shows in this article how to actually test for these vulnerabilities, and shows tool usage on how to do so. Remediation strategies are discussed as well.
- OllyDbg Exploit Development Walkthrough - Following up on Stephen Bradshaw’s Learn to Fuzz with SPIKE walkthrough is an article series on how to write an exploit using OllyDbg as the primary runtime tool of choice.
- Top 5 CCFE Computer Forensics Practicals- We release the Top 5 IACRB CCFE practicals submitted by InfoSec Institute students. Learn how our top students solved the case and wrote an in-depth forensics practical.
- Boy-In-The-Browser- Imperva’s Amichai Shulman discusses the latest malware research into the Boy-In-The-Browser variation of the Man-In-The-Browser attack. Learn how to detect compromised systems and repair hijacked hostifles in this article.
- iPhone Forensics / 10 iPhone Must Have Security Settings – Keatron Evans brings you a video tutorial on iPhone Forensics, what evidence can be retrieved and how to do it. He also talks over his Top 10 Tips for securing your iPhone, a must have for enterprises looking at adopting the popular smartphone.
- Strategies for Studying Each of the 10 CISSP Domains- Kenneth Magee takes you through his teaching process for the 10 CISSP domains. Learn what to focus on, what will be on the exam, and how to prepare for the exam.
- Charlie Miller and Joanna Rutkowska discuss their processes for security research. Charlie, famous for discovering/exploiting many Apple product vulnerabilities, as well as seeming to always win the pwn2own contest at CanSe cWest, discusses how he finds bugs and exploits. Joanna, the world’s foremost virtualization security expert, discusses her latest research techniques and the new Qubes OS.
- Standards for Penetration Testing? – I review the newly released Penetration Testing Execution Standard in detail, talking to the creators and getting a critical eye from others working on similar standards in the industry.
These popular articles and videos, are just a few of our recently posted articles. There is much more to read, watch, and learn on http://resources.infosecinstitute.com. If you’d like to write for Resources.InfoSecInstitute.com and be featured in industry publications (and here) please contact me, our Managing Editor, Terrence Miltner at terrence.miltner@infosecinstitute.com with an article or video topic idea.
