Resources

Information security is a vast world full of different topics. Here are some resources we recommend to students who want to learn more about infosec on their own.

General InfoSec Knowledge

• 30 Things to Get You Started: Looking to get into infosec? Here’s a list of 30 topics to get you started doing thing like hardware hacking, password cracking and more.
• Cybersecurity Supply/Demand Heat Map: A first-hand look at the huge demand for people with skills in inforsec.
• Cybersecurity Career Pathway: An overview of what types of jobs you might expect to have during your career in infosec and how you might advance.

Website Security

• OSWAP Top Ten: The Open Web Application Security Project maintains a list of the top ten most common and dangerous security risks hackers can take advantage of to break into websites. The site goes over each vulnerability and offers tips on how to prevent them from being exploited.
• Web Security 101: An Interactive Cross-Site Request Forgery (CSRF) Demo: Interactive demo on CSRF you can perform live in your own browser.
• Stanford - CS 253 Web Security: Slides and video of Stanford’s class on web security.

Cryptography

• Introduction to Cryptography: A series of video lectures by Christof Paar introducing cryptpgraphy concepts from basic ciphers to advanced attacks.
• Cryptographic Attacks: A Guide for the Perplexed: A basic primer on common techniques used to break encryption.
• Cryptopals challenges: Cryptopals is a set of coding challenges created to teach the basics of how cryptography works and how it can be broken. Challenges can be completed in any programming language.
• Cryptohack: More cryptography challenges. Similar to Cryptopals above but more advanced. Features a leaderboard to show off your skills.
• A Few Thoughts on Cryptographic Engineering: Matthew Green is a well-known cryptographer and professor at Johns Hopkins. His blog shares his views on modern day cryptography and helps people understand the issues around it.

Penetration Testing & Offensive Security

• “I want to learn about exploitation! Where do I start?”: A great primer on how to face off against CTF challenges and where to look for exploits to take advantage of.
• Shodan Pentesting Guide: An overview of how to use the popular search tool Shodan to learn about devices in the Internet of Things.
• Introduction to Physical Penetration Tests: Introduction into the tools and mindset of a physical penetration tester.
• A Step-By-Step Linux Kernel exploitation: An in-depth look at how a security researcher can develop an exploit to take advantage of known kernel vulnerability CVE-2017-11176.
• LiveOverflow: YouTube channel showcasing step-by-step CTF solutions, hardware security reasearch, hacking intros and more.

Capture the Flag Challenges

• OverTheWire Wargames: OverTheWire provides a set of pentesting labs that start you off from the very beginning. A great way to start learning linux using challanges of increasing difficulty that eventually get deep into how you can bend and break linux-based systems.
• PicoCTF: Beginner level CTF created by Carnegie Mellon University. A great introduction to the skills needed to complete higher level CTFs.
• Hack the Box: Advanced pentesting challenges. Used by professionals to continue to improve their skills. Getting an account requires “hacking” your way in.
• SquareCTF: Squarespace provides yearly CTF challenges and writeups on how to solve challenges from prior years.