Open Security Training - External Resources

[begood]

Penetration Testing and Vulnerability Analysis - Multiple instructors - “This is the course website for Penetration Testing and Vulnerability Analysis currently taught at the Polytechnic Institute of New York University. This course introduces the fundamental technical skills required to identify, analyze, and exploit software vulnerabilities. Taught by a team of security industry experts, we cover the following topics:

1. •Introduction to Penetration Testing, taught by Dan Guido
   Where the industry is now, where it's going, and how these skills fit in
   
2. •Operational Reviews and Code Audits, taught by Brandon Edwards
   Identify vulnerabilities and programmer errors by auditing source code
   
3. •Reverse Engineering, taught by Alex Sotirov and Aaron Portnoy
   Understand, modify, and analyze compiled applications and systems to identify vulnerabilities
   
4. •Exploitation, taught by Dino Dai Zovi
   Take advantage of vulnerabilities to gain access to restricted data and break security policies
   
5. •Web Hacking, taught by Joe Hemler and Marcin Wielgoszewski
   Vulnerability discovery and exploitation on the web
   
6. •Network Pentests: Post exploitation, persistence and exfiltration, taught by Colin Ames
   Expanding access, maintaining persistence, and evading detection”
   

Open Source

Network and Computer Security (OCW) - MIT, Dr. Ron RIvest - “6.857 is an upper-level undergraduate, first-year graduate course on network and computer security. It fits within the department's Computer Systems and Architecture Engineering concentration. Topics covered include (but are not limited to) the following:

1. •Techniques for achieving security in multi-user computer systems and distributed computer systems;
   
2. •Cryptography: secret-key, public-key, digital signatures;
   
3. •Authentication and identification schemes;
   
4. •Intrusion detection: viruses;
   
5. •Formal models of computer security;
   
6. •Secure operating systems;
   
7. •Software protection;
   
8. •Security of electronic mail and the World Wide Web;
   
9. •Electronic commerce: payment protocols, electronic cash;
   
10. •Firewalls; and
    
11. •Risk assessment.”
    

Cryptography and Cryptanalysis (OCW) - MIT - “This course features a rigorous introduction to modern cryptography, with an emphasis on the fundamental cryptographic primitives of public-key encryption, digital signatures, pseudo-random number generation, and basic protocols and their computational complexity requirements.”

Advanced Topics in Cryptography (OCW) - MIT - “The topics covered in this course include interactive proofs, zero-knowledge proofs, zero-knowledge proofs of knowledge, non-interactive zero-knowledge proofs, secure protocols, two-party secure computation, multiparty secure computation, and chosen-ciphertext security.”

Selected Topics in Cryptography (OCW) - MIT, Dr. Ran Canetti - “This course covers a number of advanced "selected topics" in the field of cryptography. The first part of the course tackles the foundational question of how to define security of cryptographic protocols in a way that is appropriate for modern computer networks, and how to construct protocols that satisfy these security definitions. For this purpose, the framework of "universally composable security" is studied and used. The second part of the course concentrates on the many challenges involved in building secure electronic voting systems, from both theoretical and practical points of view. In the third part, an introduction to cryptographic constructions based on bilinear pairings is given.”

Special Topics: Data Security and Privacy: Legal, Policy and Enterprise Issues - U. Mich, Dr. Don Blumenthal - “As data collection and information networks expand (and stories of security breaches and the misuse of personal information abound), data security and privacy issues are increasingly central parts of the information policy landscape. Legislators, regulators, businesses, and other institutions of all kinds are under increasing pressure to draft and implement effective laws, regulations, and security and privacy programs under rapidly changing technological, business, and legal conditions. A strong need is arising for individuals with the training and skills to work in this unsettled and evolving environment. This course examines security issues related to the safeguarding of sensitive personal and corporate information against inadvertent disclosure; policy and societal questions concerning the value of security and privacy regulations, the real-world effects of data breaches on individuals and businesses, and the balancing of interests among individuals, government, and enterprises; current and proposed laws and regulations that govern data security and privacy; private-sector regulatory efforts and self-help measures; emerging technologies that may affect security and privacy concerns; and issues related to the development of enterprise data security programs, policies, and procedures that take into account the requirements of all relevant constituencies, e.g., technical, business, and legal.”

Free IDA Pro Reverse Code Engineering and Binary Auditing Training Material for University Lectures - Dr. Thorsten Schneider - “The training package includes all necessary files to run a complete lecture for Binary Auditing and Reverse Code Engineering at university. All files are well sorted by topics and with increasing difficulty. You need Windows XP, Windows Vista or Windows 7 to use this training package. The training package does NOT include runnable viruses! ”

Hacking Techniques and Intrusion Detection - English - Arabic - Dr. Ali Al-Shemery - “This course covers the most common methods used in computer and network hacking with the intention of learning how to better protect systems from such intrusions. These methods include reconnaissance techniques, system scanning, accessing systems by network and application level attacks, and denial of service attacks. Traffic analysis methods and tools will be studied in this course. Also, it covers techniques for traffic filtering and monitoring, and intrusion detection.”

Open Access

Securing Digital Democracy - Dr. J. Alex Halderman - Computer technology has transformed how we participate in democracy. The way we cast our votes, the way our votes are counted, and the way we choose who will lead are increasingly controlled by invisible computer software. Most U.S. states have adopted electronic voting, and countries around the world are starting to collect votes over the Internet. However, computerized voting raises startling security risks that are only beginning to be understood outside the research lab, from voting machine viruses that can silently change votes to the possibility that hackers in foreign countries could steal an election. This course will provide the technical background and public policy foundation that 21st century citizens need to understand the electronic voting debate. You'll learn how electronic voting and Internet voting technologies work, why they're being introduced, and what problems they aim to solve. You'll also learn about the computer- and Internet-security risks these systems face and the serious vulnerabilities that recent research has demonstrated. We'll cover widely used safeguards, checks, and balances — and why they are often inadequate. Finally, we'll see how computer technology has the potential to improve election security, if it's applied intelligently. Along the way, you'll hear stories from the lab and from the trenches on a journey that leads from Mumbai jail cells to the halls of Washington, D.C. You'll come away from this course understanding why you can be confident your own vote will count — or why you should reasonably be skeptical.

Cryptography I - Dr. Dan Boneh - Cryptography is an indispensable tool for protecting information in computer systems. This course explains the inner workings of cryptographic primitives and how to correctly use them. Students will learn how to reason about the security of cryptographic constructions and how to apply this knowledge to real-world applications. The course begins with a detailed discussion of how two parties who have a shared secret key can communicate securely when a powerful adversary eavesdrops and tampers with traffic. We will examine many deployed protocols and analyze mistakes in existing systems. The second half of the course discusses public-key techniques that let two or more parties generate a shared secret key. We will cover the relevant number theory and discuss public-key encryption and basic key-exchange. Throughout the course students will be exposed to many exciting open problems in the field.

The course will include written homeworks and programming labs. The course is self-contained, however it will be helpful to have a basic understanding of discrete probability theory.

Cryptography II - Dr. Dan Boneh - Cryptography is an indispensable tool for protecting information in computer systems. This course is a continuation of Crypto I and explains the inner workings of public-key systems and cryptographic protocols. Students will learn how to reason about the security of cryptographic constructions and how to apply this knowledge to real-world applications. The course begins with constructions for digital signatures and their applications. We will then discuss protocols for user authentication and zero-knowledge protocols. Next we will turn to privacy applications of cryptography supporting anonymous credentials and private database lookup. We will conclude with more advanced topics including multi-party computation and elliptic curve cryptography. Throughout the course students will be exposed to many exciting open problems in the field. The course will include written homeworks and optional programming labs. The material is self-contained, but the course assumes knowledge of the topics covered in Crypto I as well as a basic understanding of discrete probability theory.

Applied Cryptography, Science of Secrets - Dr. David Evans & Shayan Doroudi - Cryptography is present in everyday life, from paying with a credit card to using the telephone. Learn all about making and breaking puzzles in computing. Explore how secrets are written and shared, as well as what can go wrong when cryptography is misused or implemented badly.

Internet History, Technology, and Security - Dr. Charles Severance - The impact of technology and networks on our lives, culture, and society continues to increase. The very fact that you can take this course from anywhere in the world requires a technological infrastructure that was designed, engineered, and built over the past sixty years. To function in an information-centric world, we need to understand the workings of network technology. This course will open up the Internet and show you how it was created, who created it and how it works. Along the way we will meet many of the innovators who developed the Internet and Web technologies that we use today.

Malicious Software and its Underground Economy: Two Sides to Every Story - Dr. Lorenzo Cavallaro - Cybercrime has become both more widespread and harder to battle. Researchers and anecdotal experience show that the cybercrime scene is becoming increasingly organized and consolidated, with strong links also to traditional criminal networks. Modern attacks are indeed stealthy and often profit oriented.

Malicious software (malware) is the traditional way in which cybercriminals infect user and enterprise hosts to gain access to their private, financial, and intellectual property data. Once stolen, such information can enable more sophisticated attacks, generate illegal revenue, and allow for cyber-espionage.

By mixing a practical, hands-on approach with the theory and techniques behind the scene, the course discusses the current academic and underground research in the field, trying to answer the foremost question about malware and underground economy, namely, "Should we care?".

Students will learn how traditional and mobile malware work, how they are analyzed and detected, peering through the underground ecosystem that drives this profitable but illegal business. Understanding how malware operates is of paramount importance to form knowledgeable experts, teachers, researchers, and practitioners able to fight back. Besides, it allows us to gather intimate knowledge of the systems and the threats, which is a necessary step to successfully devise novel, effective, and practical mitigation techniques.

Building an Information Risk Management Toolkit - Dr. Barbara Endicott-Popovsky - In this course, you will explore several structured, risk management approaches that guide information security decision-making. Course topics include: developing and maintaining risk assessments (RA); developing and maintaining risk management plans (RM); regulatory and legal compliance issues affecting risk plans; developing a control framework for mitigating risks; risk transfer; business continuity and disaster recovery planning from the information security perspective.

Information Security and Risk Management in Context - Barbara Endicott-Popovsky - Explore the latest techniques for securing information and its systems, from policies and procedures to technologies and audit. Learn from leading experts who share proven practices in areas such as mobile workforce safety, security metrics, electronic evidence oversight and coping with e-crime and e-discovery. Study the protection of Cloud computing information. Discover how to foster the development of future information security leaders.

Topics covered include:

Information security strategies and individual privacy

Legal security implications

Medical health record confidentiality and integrity

Cutting-edge technologies

Foundations of Computer and Information Security - Dr. Matt Bishop - This graduate course taught by UC Davis computer science professor Matt Bishop covers the mathematical foundations of computer security. He asks, "What can we prove is secure, and what can we demonstrate cannot be proved? How can we analyze specific types of systems in order to determine whether they provide the desired security? How do we build systems that do what they are supposed to?" This course presents the basic mathematical models that underlie much of modern computer security and information assurance.

Internet Security, Weaknesses and Targets - Dr. Christoph Meinel - "Internet Security - Weaknesses and Targets" is based on "Internet & WWW Technologies" and gives a detailed introduction on problems concerning Internet and Intranet security. After starting with some remarks on risk analysis and computer crimes, security weaknesses and targets are discussed in detail. Beside others the following topics are discussed in detail: human factor and technical failures, attacks on accounts and passwords, attacks on Internet protocol, misuse of design and programming errors, weaknesses in common operating systems, targets in the WWW, and viruses. The lecture course concludes with a discussion about the possibilities to detect attacks and intrusions and also describes ethical issues.

External Resources