Index ¦ Archives ¦ Atom

My Custom InfoSec Curriculum

I am planning on taking the OSCP course and certification exam, so in order to prepare for that, I thought I'd continue my studies by creating my own "InfoSec Curriculum". I printed out the OSCP's PWK syllabus and have assembled my own list of resources to cover the areas in the syllabus, with an additional area on Python and the book "Blue Team Handbook: Incident Response Edition". Some of these areas I'm already familiar with (such as Python and Wireshark), but I thought I'd be thorough and include them anyway.

It's an ambitious plan, and will likely take a while, but I'm excited. I've already begun on the Linux Assembly Megaprimer and am a couple chapters in on "Practical Malware Analysis". :)

Without further ado, here it is:


Security Tube's Assembly Megaprimers


Incidentally, it appears that all of Security Tube's "MegaPrimers" depend on doing the following pre-req's in this order:

1) Linux Assembly Megaprimer (~3.5hrs)

2) Windows Assembly Language (prolly same)

3) Buffer Overflow Megaprimer (~3 hrs)

Once you've done these three, then you can do pretty much any other megaprimer, as they all build on these three.

[1 megaprimer per day / 3 days]


Offensive Security Spring 2014


Before doing this class, you can do the following pre-req's:

1) SecurityTube.net's Assembly Megaprimers

2) First 5 or so chapters of "Inside the Machine" (optional)

https://docs.google.com/document/d/1lpHFBwwTb4hbbfk4Tp_n4Pn2KAAsGVFIF3xQs--x8Yc/edit?pli=1

30 class days / 15 weeks (@ 2 per week)

[1 class a day / 5 weeks]


Metasploit Unleashed


From Offensive Security

http://www.offensive-security.com/metasploit-unleashed/Main_Page

NOTE: This should also plug up a lot of the holes in my OSCP "curriculum" as it covers some of the misc. things on the PWK Syllabus

[1 lesson/section heading a week / 13 weeks (@ 1 per week)]


WebGoat


-Install WebGoat on a box

-Work through all of the lessons (v 5 and 6 should be the same): https://www.owasp.org/index.php/Lesson_Plans

44 lessons

[2 per day / 22 days]


Malware Analysis


"Practical Malware Analysis" by Michael Sikorski and Andrew Honig

-Read 1 chapter of this book at a time (21 chapters)

-Work through the labs at the end of each chapter

THEN:

"Malware Analyst's Cookbook" by Michael Hale Ligh

-Read .5-1 chapter at a time (18 chapters)

-Work through the exercises in each chapter


Incident Response Basics:


-Read "Blue Team Handbook: Incident Response Edition"

[1 chapter a day, 40 chapters / 7-8 weeks]


Wireshark


-Do your "wireshark labs" (already know WS, so just sniff some traffic on my home network and look for anomalies)

[Spend an afternoon on this / 1 days]


Python Scripting


Not directly related to the OSCP, but still important to me:

-Read "Violent Python"

-Follow along, building each program/script presented in order to learn the best modules to use and become more proficient in Python.

[1 chapter, 5 scripts a week / 7 weeks]


Conference Videos to Watch


Turning You from a Script Kiddie into A Hacker/von Neumann Architecture

https://www.youtube.com/watch?v=Jwot7S6NmLE

More as I go, although these are more watched on the fly, rather than planned.


Books to Read


-Inside the Machine

-Blue Team Handbook: Incident Response Edition

-Hacking: The Art of Exploitation, 2nd ed. (textbook for the OffSec Spring 2014 course)

-The Web Application Hacker's Handbook, 2nd ed. (textbook for the OffSec Spring 2014 course)

-Steal this Computer, 4.0 (not a technical book per se, but covers the hacker culture and mindset)

-Violent Python

-Black Hat Python

-Practical Malware Analysis

-Malware Analyst's Cookbook


So there you have it. :)

© 2015 Gloria Silveira. Member of the Internet Defense League.