The motivations, behaviours, & methods used by attackers, including malware supply chains, attack vectors, and money transfers.
Build a home hacker lab using SecGen
Tool
SecGen creates vulnerable virtual machines, lab environments, and hacking challenges, so students can learn security penetration testing techniques. Boxes like Metasploitable2 are always the same, this project uses Vagrant, Puppet, and Ruby to create randomly vulnerable virtual machines that can be used for learning or for hosting CTF events.
Training
Experiment with unicode homoglyphs
Article
Homoglyphs or homographs are characters (letter and number) that look alike. A homoglyph attack is where a threat actor uses characters that look alike to deceive users into trusting an email or website when they should not.
Explore OSINT tools on OSINT Framework
External link
OSINT framework focused on gathering information from free tools or resources. The intention is to help people find free OSINT resources.
Explore Python's Faker library
Faker
Faker is a Python package that generates fake data for you. Adversaries may use such tools to generate test data, for example when conducting phishing.
Explore Shodan
Shodan is the world's first search engine for Internet-connected devices. Discover how Internet intelligence can help you make better decisions.
Learn about the MITRE ATT&CK framework
MITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.
Learn hacking skills using HackTheBox
Hack The Box is a massive, online cybersecurity training platform, allowing individuals, companies, universities and all kinds of organizations around the world to level up their hacking skills.
Listen to the Risky Business podcast
Risky Business
Published weekly, the Risky Business podcast features news and in-depth commentary from security industry luminaries. Hosted by award-winning journalist Patrick Gray, Risky Business has become a must-listen digest for information security professionals.
Play around with Objective-See's macOS security tools
Objective-See is a non-profit that creates simple, effective macOS security tools. Their tools are free and open-source.
Play the Citadel Programming Lab from CyBOK
The Citadel Programming Lab is an online virtual secure coding game-based computer lab. The Lab combines a tower defence game with 6 security programming tasks. The lab is based on a serious game approach to join learning and playfulness. The lab’s platform combines a Unity game linked with a coding environment based on an instance of GitLab. The game elements and coding exercises are linked to CyBOK, the Cybersecurity Body of Knowledge, to map its cybersecurity content.
Read an NCSC guidance document
The UK's National Cyber Security Centre (NCSC) publish guidance and reports across a wide range of topics. Reading one of these guides will give you insight into the challenges faced in the real world.
Read a Project Zero write up
Blog
Project Zero is a team of security analysts employed by Google tasked with finding zero-day vulnerabilities. They provide comprehensive write-ups of the vulnerabilities they discover, and their work to work with the wide community to remediate them.
Read PagerDuty's 'Security Training for Everyone'
This is an open-source version of "Security Training for Everyone", PagerDuty's internal employee security training, given to all PagerDuty employees as part of our annual security training program. The main topics covered in this training are: Social Engineering - Primarily phishing and how to detect and report such attacks. Passwords - A crash course in how passwords are cracked, and why it’s important to have strong passwords. Physical Security - Guidelines for maintaining the security of our offices and equipment. Data Handling - The different types of data we have and how to properly handle that data. Compliance - How compliance affects our day-to-day operations.
Read the CyBOK Adversarial Behaviours Knowledge Area introduction
CyBOK Introduction
The Cyber Security Body Of Knowledge is a comprehensive Body of Knowledge to inform and underpin education and professional training for the cyber security sector. The CyBOK project aims to bring cyber security into line with the more established sciences by distilling knowledge from major internationally-recognised experts to form a Cyber Security Body of Knowledge that will provide much-needed foundations for this emerging topic. The project, funded by the National Cyber Security Programme, is led by the University of Bristol's Professor Awais Rashid, along with other leading cyber security experts - including Professor Andrew Martin, Professor Steve Schneider, Dr Yulia Cherdantseva, Dr Rod Chapman and Dr Marina Krotofil.
Try an online OSINT tutorial
Tutorial
Open-Source Intelligence (OSINT) is the collection and analysis of data gathered from open sources to produce intelligence.
Try out bWAPP
bWAPP, or a buggy web application, is a free and open source deliberately insecure web application. It helps security enthusiasts, developers and students to discover and to prevent web vulnerabilities. bWAPP prepares one to conduct successful penetration testing and ethical hacking projects. What makes bWAPP so unique? Well, it has over 100 web vulnerabilities! It covers all major known web bugs, including all risks from the OWASP Top 10 project. bWAPP is a PHP application that uses a MySQL database. It can be hosted on Linux/Windows with Apache/IIS and MySQL. It can also be installed with WAMP or XAMPP. Another possibility is to download the bee-box, a custom Linux VM pre-installed with bWAPP.
Try The Backdoor Factory (BDF)
The goal of BDF is to patch executable binaries with user desired shellcode and continue normal execution of the prepatched state.
Use Frida
Frida is a dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers. Inject your own scripts into black box processes. Hook any function, spy on crypto APIs or trace private application code, no source code needed. Edit, hit save, and instantly see the results. All without compilation steps or program restarts.
Use Metapsloit to compromise a virtual machine
Metasploit is the world’s most used penetration testing framework.
Use sqlmap
sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.
BlackHat