Getting your fill of Security
I recently posted a blog post to Exotic Liability’s website with the same title, and I realized that it would make a great thing to post to here, and update regularly, or just put it on the wiki I keep saying that I get going here. Enough rambling, here is how you can get your fill of security:
Podcasting:
- GetMon - http://www.getmon.com/ - This is a great site because you can download or listen to any of the security podcasts right from their site if you want to.
- HackerMedia - http://www.hackermedia.org/ - They put together like podcasts into different categories, and they overlap. So if you want the “Linux” feed, you’ll get podcast A, B, and C. But maybe podcast C does Linux security, so if you subscribe to the “Security” feed, you might get C, E, and G. You can also get the everything feed
Bloggers (RSS Feeds):
- Security Bloggers Network - http://www.securitybloggers.net/ - A consolidated feed of a HUGE list of security blogs
Twitter:
- Security Twits - http://www.security-twits.com/ - A long list of security related twitter accounts. From people to events, to companies.
Places to learn:
- The Academy Pro - http://www.theacademypro.com/
- Learn Security Online - http://www.learnsecurityonline.com/
- Free IT Security Training - http://www.freeitsecuritytraining.com/
- Virtual Training Environment by Carnegie Mellon - https://www.vte.cert.org/vteweb/
Challenge Sites and Sites that are OK to attack:
(Make sure you know which is which before you haul off and start attacking though)
(Most of these stolen from Chris Nickerson’s reply to Show 17 Links blog post)
- http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project
http://testasp.acunetix.com/Default.asp - http://test.acunetix.com/
- http://hackme.ntobjectives.com/
- http://www.foundstone.com/us/resources/proddesc/hacmeshipping.htm
- http://www.foundstone.com/us/resources/proddesc/hacmecasino.htm
- http://www.foundstone.com/us/resources/proddesc/hacmebooks.htm
- http://www.foundstone.com/us/resources/proddesc/hacmetravel.htm
- http://lampsecurity.org/capture-the-flag-5
- http://zero.webappsecurity.com/
- http://www.hackertest.net/
- http://www.hackthissite.org/
- http://www.mavensecurity.com/WebMaven.php
- http://ha.ckers.org/challenge/
- http://ha.ckers.org/challenge2/
- http://demo.testfire.net/
- http://scanme.nmap.org/
- http://www.hellboundhackers.org/
- http://www.overthewire.org/wargames/
- http://roothack.org/
- http://heorot.net/
- http://www.irongeek.com/i.php?page=security/mutillidae-deliberately…
- http://wocares.com/xsstester.php
- https://how2hack.net
- http://hax.tor.hu/
- http://www.bright-shadows.net/
- http://www.dareyourmind.net/
- http://hackergames.net/
- http://www.hackquest.com/
- http://www.darkmindz.com/
- http://www.caesum.com/game/
- http://www.net-force.nl/
- http://www.osix.net/
- http://www.mibs-challenges.de/
- http://projecteuler.net/
- http://uva.onlinejudge.org/
- http://ace.delos.com/usacogate
So now you have absolutely ZERO reason to have one moment of time on your hands ;-)
Know of another good resource? Post a comment.
UPDATE: ethicalhack3r from http://www.ethicalhack3r.co.uk pointed me to his project called “Damn Vulnerable Web App”. You can find it on Sourceforge here: http://sourceforge.net/projects/dvwa/
Update on 2009-12-09 05:30 by Rob Fuller
A must larger post was made:
http://www.linux-ninja.com/infosec-self-education-resources/
there are a ton of resources out there… now you don’t even have to google for them…