I have been gathering, watching and reading more and more info-sec data from everywhere including great books, from Amazon of course and it has been helping a lot. I just wanted to mention some of the things I have been using to learn, just in case you are starting out like me. Most of the information has been leaning towards social engineering and browser exploits. For example, if you start looking at enough YouTube clips of DefCons and presentations by the elite security researchers and pentesters, you learn that nowadays, most attacks are done on layer 7 and 8 of the OSI model. The recent Playstation PSN hack was reported to have started from a Spear Phishing attack. It seems that a little social engineering goes a long way. All it takes is one click. Depending on the vulnerability, it might even be easier. With SQLi and XSS, you can move the browser for your victim to introduce an exploit. A user is directed to the wrong page or opens the wrong email. It can happen and it obviously does. Ask Sony. Here is my list:
Books:
Dissecting the Hack: The Forb1dd3n Network (Half way done)
Python Network Programming (Just beginning)
Social Engineering: The Art of Human Hacking (Just bought)
KingPin (Just bought)
Fuzzing: Brute Force Vulnerability Discovery (Just bought)
The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws
(Just beginning)
Videos:
Elearning Security
Malware Analysis - http://youtu.be/fqf5LfPwmm4
Malware Analysis - http://youtu.be/jake9ibMIpc
Joe McCray
PenTesting - http://www.youtube.com/watch?v=tJsNu0VRKYY
Advanced SQL Injection - http://www.youtube.com/watch?v=rdyQoUNeXSg
Advanced SQL Injection (LayerOne 2009) http://www.youtube.com/watch?v=WkHkryIoLD0
Sam Kamkar
Hacking Facebook/PHP - http://www.youtube.com/watch?v=fEmO7wQKCMw&feature=related
IronGeek (Adrian Crenshaw)
Numberous Videos -*.*- http://www.irongeek.com/i.php?page=security/hackingillustrated
Dakykilla, Purehate and Irongeek
Password Exploitation Class - http://www.irongeek.com/i.php?page=videos/password-exploitation-class
SecurityTube
Numberous Videos -*.*- http://www.securitytube.net/
Python Programming
Computer Science Class - http://www.cse.msu.edu/~cse231/PracticeOfComputingUsingPython/index.php
Member of EthicalHacker.net
PenTesting Steps - http://www.infiltrated.net/pentesting101.html
EthicalHacker
Great Forum w/ videos,links,articles for Pentesting - http://ethicalhacker.net
Hopefully, this helps other people in the quest for knowledge. Good Night
Open Question to Yankee Candle
9 years ago
Have you tried the course? It looks like OSWP has been updated so it would be nice to know if there are some significant differences. Thanks in advance.
ReplyDelete