Index ¦ Archives ¦ Atom

My Custom InfoSec Curriculum

I am planning on taking the OSCP course and certification exam, so in order to prepare for that, I thought I'd continue my studies by creating my own "InfoSec Curriculum". I printed out the OSCP's PWK syllabus and have assembled my own list of resources to cover the areas in the syllabus, with an additional area on Python and the book "Blue Team Handbook: Incident Response Edition". Some of these areas I'm already familiar with (such as Python and Wireshark), but I thought I'd be thorough and include them anyway.

It's an ambitious plan, and will likely take a while, but I'm excited. I've already begun on the Linux Assembly Megaprimer and am a couple chapters in on "Practical Malware Analysis". :)

Without further ado, here it is:

Security Tube's Assembly Megaprimers

Incidentally, it appears that all of Security Tube's "MegaPrimers" depend on doing the following pre-req's in this order:

1) Linux Assembly Megaprimer (~3.5hrs)

2) Windows Assembly Language (prolly same)

3) Buffer Overflow Megaprimer (~3 hrs)

Once you've done these three, then you can do pretty much any other megaprimer, as they all build on these three.

[1 megaprimer per day / 3 days]

Offensive Security Spring 2014

Before doing this class, you can do the following pre-req's:

1)'s Assembly Megaprimers

2) First 5 or so chapters of "Inside the Machine" (optional)

30 class days / 15 weeks (@ 2 per week)

[1 class a day / 5 weeks]

Metasploit Unleashed

From Offensive Security

NOTE: This should also plug up a lot of the holes in my OSCP "curriculum" as it covers some of the misc. things on the PWK Syllabus

[1 lesson/section heading a week / 13 weeks (@ 1 per week)]


-Install WebGoat on a box

-Work through all of the lessons (v 5 and 6 should be the same):

44 lessons

[2 per day / 22 days]

Malware Analysis

"Practical Malware Analysis" by Michael Sikorski and Andrew Honig

-Read 1 chapter of this book at a time (21 chapters)

-Work through the labs at the end of each chapter


"Malware Analyst's Cookbook" by Michael Hale Ligh

-Read .5-1 chapter at a time (18 chapters)

-Work through the exercises in each chapter

Incident Response Basics:

-Read "Blue Team Handbook: Incident Response Edition"

[1 chapter a day, 40 chapters / 7-8 weeks]


-Do your "wireshark labs" (already know WS, so just sniff some traffic on my home network and look for anomalies)

[Spend an afternoon on this / 1 days]

Python Scripting

Not directly related to the OSCP, but still important to me:

-Read "Violent Python"

-Follow along, building each program/script presented in order to learn the best modules to use and become more proficient in Python.

[1 chapter, 5 scripts a week / 7 weeks]

Conference Videos to Watch

Turning You from a Script Kiddie into A Hacker/von Neumann Architecture

More as I go, although these are more watched on the fly, rather than planned.

Books to Read

-Inside the Machine

-Blue Team Handbook: Incident Response Edition

-Hacking: The Art of Exploitation, 2nd ed. (textbook for the OffSec Spring 2014 course)

-The Web Application Hacker's Handbook, 2nd ed. (textbook for the OffSec Spring 2014 course)

-Steal this Computer, 4.0 (not a technical book per se, but covers the hacker culture and mindset)

-Violent Python

-Black Hat Python

-Practical Malware Analysis

-Malware Analyst's Cookbook

So there you have it. :)

© 2015 Gloria Silveira. Member of the Internet Defense League.