Operating systems protection mechanisms, implementing secure abstraction of hardware, and sharing of resources, including isolation in multiuser systems, secure virtualisation, and security in database systems.
Single user mode in Linux allows only the root user to perform tasks. It is usually used for maintenance and troubleshooting, for example, resetting a forgotten root password, or solving file system failures.
SecGen creates vulnerable virtual machines, lab environments, and hacking challenges, so students can learn security penetration testing techniques. Boxes like Metasploitable2 are always the same, this project uses Vagrant, Puppet, and Ruby to create randomly vulnerable virtual machines that can be used for learning or for hosting CTF events.
Follow through The little book about OS development to create your own x86 operating system. The book is designed to give enough help with the technical details while at the same time not reveal too much with samples and code excerpts.
Malware often tries to hide itself from other software, for example, anti-virus. How can a process hide from other processes whilst it is running?
Malware may hide itself or information it has gathered in files. How can this be done whilst still keeping the data accessible to the malware?
Many different executable packers exist. They may compress, encrypt or obfuscate the underlying binary. Malware authors may use either off-the-shelf packers or custom packers to avoid detection. One example packer is UPX, a free, portable, extendable, high-performance executable packer for several executable formats. If you've got more time, try analysing or debugging the binary.
Project Zero is a team of security analysts employed by Google tasked with finding zero-day vulnerabilities. They provide comprehensive write-ups of the vulnerabilities they discover, and their work to work with the wide community to remediate them.
Crafting Interpreters contains everything you need to implement a full-featured, efficient scripting language. You’ll learn both high-level concepts around parsing and semantics and gritty details like bytecode representation and garbage collection. Your brain will light up with new ideas, and your hands will get dirty and calloused. It’s a blast. Starting from main(), you build a language that features rich syntax, dynamic typing, garbage collection, lexical scope, first-class functions, closures, classes, and inheritance. All packed into a few thousand lines of clean, fast code that you thoroughly understand because you write each one yourself.
The CWE™ Most Important Hardware Weaknesses is the result of collaboration within the Hardware CWE Special Interest Group (SIG). Its intent is to drive awareness of common hardware weaknesses and prevent hardware security issues at the source by educating designers and programmers on how to eliminate important mistakes early in the product development lifecycle.
The Cyber Security Body Of Knowledge is a comprehensive Body of Knowledge to inform and underpin education and professional training for the cyber security sector. The CyBOK project aims to bring cyber security into line with the more established sciences by distilling knowledge from major internationally-recognised experts to form a Cyber Security Body of Knowledge that will provide much-needed foundations for this emerging topic. The project, funded by the National Cyber Security Programme, is led by the University of Bristol's Professor Awais Rashid, along with other leading cyber security experts - including Professor Andrew Martin, Professor Steve Schneider, Dr Yulia Cherdantseva, Dr Rod Chapman and Dr Marina Krotofil.
Capstone is a lightweight multi-platform, multi-architecture disassembly framework.
Keystone is a lightweight multi-platform, multi-architecture assembler framework.
Unicorn is a lightweight multi-platform, multi-architecture CPU emulator framework.
The Open Systems Interconnection model (OSI model) is a model of the communication functions of a telecommunication system or computing system.
A free/libre toolchain for easing several low level tasks like forensics, software reverse engineering, exploiting, debugging etc.
Maddie Stone is a security researcher on Google Project Zero.
A daemon is a service process that runs in the background and supervises the system or provides functionality to other processes.