Be Curious – Tinker, Learn and Grow
Author: Jon Studebaker, Senior Security Consultant
Editor’s Note: Part 1 of this three-part series discussed the pros and cons of some common learning approaches, information resources for infosec topics that may interest you, ways to get involved in the infosec community and setting realistic goals, budgets and expectations for yourself to maintain work/life balance.
Part 2 discussed some specific training resources and projects like building a home lab, tinkering with Raspberry Pi, and ways to explore mobile, cloud, wireless, and physical security.
In Part 3 we provide a simplified direct reference list with links and resources broken down by topic, with the intention to provide periodic updates as resource relevance and availability change over time.
Education
- InGuardians Custom Training
- SANS – Live and Online training and events
- OffSec – Live and Online training
- Antisyphon Training – Live and On-Demand Training
- INE – Online IT, cloud and security training
- Pentester Academy – Online security training
- BlackHat – Live and Online training and events
- LinkedIn Learning – Online training often available through library systems
Books
- Book Publishers with Substantial Security Collections
-
Book Sellers
- Barnes & Nobel
- Amazon
- Humble Bundle – Flexibly priced game, book and software bundles
- Audible – Audio books
Podcasts
Community
- Online Chat
-
Live and Virtual Groups and Events
- OWASP Chapters – Local/Regional OWASP groups
- DEFCON Groups – Local/Regional DEFCON social groups
- Free SANS events
- Eventbrite
- meetup.com
- National Colligate Cyber Defense Competition
Home Lab
- How to Build a Home Lab
- Evaluation versions of Microsoft Operating Systems
- Hypervisors
- Security and Pentesting Operating Systems
- Firewalls
- Vulnerable/Exploitable Learning Resources
Online Interactive Challenges and CTFs
- Hackthebox – Free and paid CTF platform
- Portswigger Web Security Academy – Free web application CTF/challenge/training
- SANS Holiday Hack challenges – Annual CTF/Security Challenges
Cloud
- Documentation
-
Vulnerable/Exploitable Learning Resources
- Bust-a-Kube – Intentionally Vulnerable Kubernetes Cluster
- CloudGoat – Intentionally Vulnerable AWS deployment
- Damn Vulnerable Cloud Application
- OWASP WrongSecrets
Mobile
-
Emulators
- Xcode – Free iOS emulator
- Android Studio – Free Android Emulator
- Corellium – Paid emulators for iOS and Android
- Genymotion – Paid emulators for Android
-
Vulnerable/Exploitable Learning Resources
- Damn Vulnerable iOS App – Intentionally vulnerable iOS Application
- Damn Vulnerable Bank – Intentionally vulnerable Android Application
- Apples Security Research Device – iOS security research devices
Wireless
- Information/Documentation Resources
-
Gadgets/Radios
- RTL-SDR – Software defined radio
- Panda Wireless – WiFi adapters
- Adafruit BLE sniffer – Bluetooth low energy sniffer
- Cheap bluetooth USB dongles that works with Linux
- Flipper Zero – Hacking multitool gadget
-
Software and Frameworks
- nRF Connect – Mobile BLE Interaction Application
- Killerbee framework – Zigbee Attack Framework
- Bumblebee firmware for the TI-CC2531 – Firmware to use CC2531 with Killerbee
Raspberry Pi
- Hardware
-
Software and Projects
- Kali Linux – Security OS
- Pwnagotchi – Cute Wireless attack tool
- P4wnP1 – BadUSB
- Pi Hole – DNS Blackhole
- Adguard Home – DNS Blackhole
- HoneyPi – Honeypot
- OpenCanary – Honeypot
- Raspberry Pi can be used as a multi-tool for hardware hacking
- General Raspberry Pi Projects
- Vulnerable/Exploitable Learning Resources
Physical
-
Lockpicking resources
- Toool – The Open Organization Of Lockpickers
- How to pick a lock guide
- Sparrows Beginners Lockpick Sets
- Making your own Lockpicks
- Practice locks
- Training
- Laws