Never Ending Security

It starts all here

Interesting Security Project and Resources for Training, Education, Research and Learning.

“A good traveler has no fixed plans and is not intent on arriving.” –Lao Tzu

“Hence that general is skillful in attack whose opponent does not know what to defend; and he is skillful in defense whose opponent does not know what to attack.” –Sun Tzu

“The true science of martial arts means practicing them in such a way that they will be useful at any time, and to teach them in such a way that they will be useful in all things.” –Miyamoto Musashi


Resources

  • Academic Programs
  • Application Security
  • Capture The Flag Competitions
  • Cryptography
  • Embedded Device Security
  • Exploitation
  • Exploitation Mitigation Techniques
  • Fuzzing
  • Mobile Security
  • Network Security
  • Program Analysis
  • Programming
  • Reverse Engineering
  • Source Code Analysis
  • Web Security



Application Security

Application Security describes the fundamental technical skills required to identify and prevent application vulnerabilities.

Introduction

Sandboxes

Research

Projects



Capture The Flag Competitions

Capture The Flag competitions describe challenge-based or adventure-based competitions that involve solving a series of technical challenges. After a team has solved a challenge, the team is presented with a flag, hence the name.

Types of Capture The Flag Competitions

Challenge-Based Competitions

Challenge-Based Capture The Flag competitions are comprised of discrete and individual challenges. Each challenge is typically given a point value that will be awarded to the team that solves it. Challenges can be solved in any order; this allows teams to work on challenges individually and of any difficulty. Newbie teams that are trying to gain experience favor this type of competition because it makes it easy to give up on frustrating challenges to work on other challenges.

Attack-Defend Competitions

Attack-Defend CTF Competitions are multifaceted; teams must ensure security over their own infrastructure while finding flaws and attacking the infrastructure of other teams. Challenges are typically services that run on server, and do not follow any order; again allowing teams to work on challenges individually and of any difficulty. These types of competitions are more focused towards advanced teams who won’t leave any part of the competition untouched.

Wargames

Wargames are always online CTF competitions.

Getting Started

Experience

Teams can only gain experience three ways: practice, practice, practice. But also, watching presentations about competitions and reading write-ups.

Why

Competitions

There are many different competitions held all year around, all around the world. Thecapture.thefl.ag Google Calendar and Forgotten Security’s CTF Wiki are good resources to use. Rankings and more information can be found at CTFtime.

Wargames

There are many different wargames available. WeChall aggregates stats from many of them. Others are listed below.

Teams

Many teams keep an online presence and keep updated blogs with write-ups from many different competitions.

Running A CTF Competition

Related Resources


Cryptography

Cryptography is the practice and study of techniques for secure communication in the presence of third parties.http://en.wikipedia.org/wiki/Cryptography

Projects


Embedded Device Security

An embedded device is a computer that is designed to accomplish a single task.

Introduction

Research

Resources



Exploitation

Exploitation is the process of taking advantage of vulnerabilities in binary applications, usually resulting in arbitrary code execution.

Introduction

Research

Shellcode

Resources



Exploitation Mitigation Techniques

Exploitation mitigation techniques are mechanisms that are used to make exploitation of a vulnerability difficult or impossible.

Introduction

NX

SEHOP

Resources


Fuzzing

Fuzzing is sending data (random or deterministic) to an application in order to cause it to crash.

Introduction

Research

Projects


Mobile Security

Information

Tools

Challenges



Network Security

Network Security consists of the policies and activities which govern usability, reliability, integrity, and safety of a network its data.

Resources

Tools


Program Analysis

Program analysis is the process of automatically analyzing the behavior of computer programs.

Introduction

Full Courses

Research

Projects

Presenatations

Resources


Programming

If you don’t know what programming is, you need to leave.

C

C++

JavaScript

PHP

Python

Ruby


Reverse Engineering

Reverse engineering is the process of understanding binary programs, usually in an environment where source code is not available and there is little knowledge about the original functionality of the binary.

Introduction

Full Courses

x86 Manuals

Disassemblers

Debuggers

Dynamic Instrumentation Tools

Projects

Challenges

x86 Resources


Source Code Analysis

Source Code Analysis is the process of studying code for bugs and vulnerabilities, typically when original source code is available.

Introduction

http://pentest.cryptocity.net/code-audits/

Tools

Resources


Web Security

Web Security encompasses attacks, bugs, vulnerabilities, and exploits on server-side and client-side web application logic and inherent vulnerabilities in web architecture.

Introduction

Challenges

Resources


Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s