This has been my infosec program of study, both in and out of school, for the past few years. With the COVID situation cancelling my co-op and so much cheap and free training on offer, this summer I've been lining up webinar after course after workshop to make the most of my downtime. I'll be keeping track, here, of various training resources I'm using, along with a bit of annotation and any certificates and certifications that come of it.
This independent project involves
a program of exploitation training and demonstration of 10 intentionally vulnerable Linux and Windows virtual machines – with written and video documentation of vulnerabilities, tools, and techniques – and a workflow/reference document for network penetration testing. This project is intended to act as a training program in preparation for the Offensive Security Certified Professional (OSCP) certification exam, as well as a template for others for training in offensive security skills.
Fall 2020
Course Description: Learn how to use Python and Network Programmability to manage a network more efficiently. Acquire Python programming skills relevant to networking engineers.
Fall 2020
Course Description: Establish a solid foundation in TCP/IP network performance and troubleshooting using a protocol analyzer. Implement a VOIP telephone system using Asterisk.
Fall 2020
Course Description: Examine exploits and their solutions. Emphasize security tools primarily for Windows Servers and Clients. Present different styles of exploits, solutions and enhanced security techniques.
Fall 2020
Course Description: Design, build, test and document virtual infrastructure solutions to meet requirements described in case studies using mainly open-source software and tools.
Fall 2020
This independent project involved developing (1) a demonstration of credential exposure and steps to reduce exposure of credentials; (2) a demonstration of password hash cracking and steps to implement secure password policies; and (3) a demonstration of non-trivial phishing/spear-phishing attacks on two networks (one standard/vulnerable email server configuration and one best-practices email server configuration) and steps to implement the best-practices employed in the demonstration server.
Winter 2020
Course Description: Develop skills and knowledge to successfully install, operate, secure and troubleshoot a small-to-medium-size enterprise branch network. Establish a foundational knowledge about the security threats facing modern network infrastructures, securing Cisco routers, implementing AAA on Cisco routers, mitigating threats to Cisco routers, switches and networks, implement site-to-site VPNs, and configure and administer various models of the Cisco ASA security appliance. Apply skills to create a functional company infrastructure using private, public, and DMZ networks controlled by VPNs and firewall application. Prepare for the challenges faced in the business networking environment by practicing and evaluating both individual and team work skills.
Winter 2020
Course Description: Develop hands-on skills required to create custom PowerShell scripts that are capable of performing complex, repetitive, and time consuming Windows administration tasks for both local and domain environments.
Winter 2020
Course Description: Establish a solid foundation in UNIX security. Topics include installation, patching, network security, security scanning, intrusion detection, and limited access environments.
Winter 2020
Course Description: Develop hands-on skills in the areas of computer and forensic investigation. Perform ongoing monitoring and auditing of such systems. Carry out a forensic investigation into suspicious events, incidents, or system compromises. Use third-party utilities as well as the relevant Windows and UNIX system utilities and commands to perform security auditing and forensic tasks.
Winter 2020
Course Description: Develop skills and knowledge to install, operate, and troubleshoot a small-to-medium size enterprise branch network. Establish a solid operating knowledge of IP data networks, LAN switching technologies, IPv4 addressing, IPv6 addressing, IP routing technologies, IP services network device security, IP services, WAN technologies, and troubleshooting. Prepare for the challenges faced in the business networking environment by practicing and evaluating both individual and team work skills.
Fall 2019
Course Description: Develop customer service skills and techniques in preparation for a career as a technical support specialist. Topics will include defining, managing, and maintaining service levels. Develop and demonstrate process management and implementation skills through both case study and on-line customer support tools.
Fall 2019
Course Description: Ensure a solid foundation in e-mail administration. Configure both server and workstation software. Provide secure communication services for a variety of user applications. Encrypt e-mail messages between senders and receivers. Perform data backups and recovery from loss of data. Troubleshoot connectivity and security issues.
Fall 2019
Course Description: Administer business-class web service environments including server software and user applications. Perform administrative tasks including the installation and verification of software components, configuration of server and user environments, back and recovery routines, and the securing of sensitive content.
Fall 2019
Course Description: Develop the administration skill set that began in Microsoft Server Admin Part 1. Examine and utilize the tools that can simplify and speed up the completion of various administration tasks.
Fall 2018
Course Description: Describe the behavioural fundamentals and properties of radio frequency (RF) waves. Explain the major spread spectrum technologies commonly used in wireless networking environments. Design, administer, customize, and troubleshoot popular IEEE 802.11 wireless network topologies.
Fall 2018
Course Description: Build a foundation for learning to make informed design decisions regarding the infrastructure of an enterprise level network. Identify and select appropriate vendor products for a given network scenario. Identify and examine network design concepts focussing on physical and data link OSI layers for cable-based LANS. Classify design principles in the context of Ethernet networks that adhere to the TIA/EIA-568 structured cabling standard.
Fall 2018
Course Description: Build the basic skills required to deploy and administer UNIX and UNIX-like systems in a networked environment.
Fall 2018
Course Description: Develop a working knowledge of managing a Microsoft Server and Domain. Construct a shared file system. Manage and design user and computer accounts in the Active Directory environment. Examine and construct group policies using Group Policy Management tools.
Summer 2018
Course Description: Establish a solid foundation with a Unix operating system. Construct ans execute well formed UNIX commands. Install end-user applications. Customize the user environment. Work with UNIX directories and files. Create and troubleshoot shell scripts.
Summer 2018
Course Description: Establish a solid foundation of theory and hands on skills required to administer a TCP/IP network.
Summer 2018
Course Description: Develop a working knowledge of the major concepts related to desktop virtualization. Install and configure multiple virtualization packages. Install and execute various operating systems from within virtual machines. Establish an understanding of the terminology and features of multiple virtualization packages and install and configure virtual hardware and networking components.
Summer 2018
Course Description: This course introduces students to selected topics from number theory, discrete mathematics and statistics. Number theory topics include: Prime factorization, modular arithmetic and tournament scheduling. Discrete mathematics topics include: progression and sequences; mathematical induction, binomial theorem, permutations and combinations. Statistics topics include understanding data; gathering data; probability and probability models; inference about data; and analysis.
Summer 2018
Course Description: Build a foundation for learning and practicing the discipline of Software Engineering and the application of tools and methods to produce and maintain quality software systems. Develop essential skills to create software structures and logic. Develop knowledge and disciplines which are transferrable to any computer-based software problem.
Winter 2018
Course Description: Administer Microsoft Windows and UNIX hosts within a virtualized environment. Design and implement common network-level services. Create and utilize software development environments.
Winter 2018
Course Description: Create Web Pages using the HyperText Markup Language (HTML). Format Web pages using Cascading Style Sheets (CSS). Create Web pages that include lists, links, images, Web Tables, and Web Forms, styled with CSS. Use Web Accessibility Initiative (WAI) rules for accessibility compliance in design.
Winter 2018
Course Description: Use mathematical procedures to solve problems involving conversions between different number systems. Perform symbolic manipulation and simplification of expressions in Boolean algebra including truth tables and Karnaugh maps. Apply mathematical principles used in technical computing and investigate different graphing techniques. Solve application problems modeled by algebraic, exponential and logarithmic equations.
Winter 2018
This talk explored the recently released OWASP API Security Top 10 list, as well as tools and resources to test and secure APIs.
August 31 2020
The makers of Burp Suite and the Web Application Hacker's Handbook have created an amazing free series of online web application security training resources in lieu of a 3rd edition of the WAHH. The lessons are clear and packed with valuable information. The labs are user-friendly and an excellent opportunity for hands-on experience with the vulnerabilities discussed. The difficulty of the material ranges from quite basic introductory concepts to quite advanced exploitation. Some labs do, however, require a Burp Suite Pro license to access tools like Collaborator.
August 19 - present 2020
This course introduces the major tools of the Community Edition of Burp Suite (Proxy, Repeater, Target, Spider, Sequencer, Intruder, Comparer) and the paid Scanner tool, using the OWASP WebGoat for demonstrations and practice.
July 14 2020
This talk covered the basics of JSON Web Tokens (JWTs) and their vulnerabilities to information disclosure, forgery using the none signature algorithm, and offline cracking, with some demonstration of Burp Suite tools to attack JWTs.
June 18 2020 2020
This course covered the basics of configuring web applications in the Qualys subscription, completing discovery and vulnerability scans, generating reports, and managing users and roles related to the Qualys Web Application Scanning application.
June 12 2020
On a recommendation from the ACM Dev Tools webinar, I checked out this Stir Trek 2018 talk by Greg Malcolm. The talk focussed on the Chrome Dev Tools (rather than Firefox), and on site troubleshooting and development. This took a deeper and more applied dive into debugging, break points, and timing management.
April 23 2020
This short session looked at basic features of the built-in browser Developer Tools, particularly the Inspector, Console, and Storage areas in Firefox's Dev Tools. This dovetailed nicely with my time working on learning Javascript, so I picked up a couple of handy pentesting tips using the Dev Tools Console.
April 23 2020
Sam Bowne posts all of his CCSF courses for public access, so I worked through the Web Application Hacker's Handbook readings and facilitated the lab projects with the Mohawk Cybersecurity Club. This course covers techniques used by attackers to breach web applications and how to protect them.
April - June 2019
This 2-day bootcamp at BSidesTO 2020 covered the fundamentals of process injection, classic injection techniques, dynamic and remote payloads, defense evasion, and advanced techniques like process hollowing. It was fantastic!
October 17 - October 18 2020
This webinar demonstrated new techniques for creating malicious documents including XLM (Excel 4.0) macros, Remote Template Injection, and a new method of abusing MsoShapes in office documents
September 8 2020
SANS brought the Pentest HackFest and the Cyber Ranges Summit together into one free online conference. I mostly stuck to the HackFest track, but I'll be going back over some of the Cyber Ranges track, too, if/when they post the videos. I also got to compete in the Global Cyber Ranges Competition, after qualifying in the miniNetWars in April!
June 4 - June 5 2020
MalwareJake Williams provided a range of ideas and free resources for taking red-teaming and threat-hunting efforts to the next level - emulating the threat actors in your threat model. He followed the Cyber Kill Chain framework to organise the presentation, so the coverage was deep, and ran a couple of simple demos to spoof foreign government email servers and to create registry key artifacts.
May 28 2020
The full course by The Cyber Mentor, Heath Adams, focussed on the tools and tactics that are commonly used in pentesting and red teaming. The course also includes basics of networking and scripting. The section on Active Directory attacks and the web recon resources were outstanding.
May 20 - August 18 2020
A 3-part tutorial on installing and using Empire PowerShell for harvesting credentials and escalating privileges. The tutorials could use some fine-tuning, but otherwise an OK intro to Empire.
May 5 2020
All of the 2019 Wild West Hackin' Fest talks are up on YouTube. This talk by Jake Williams (@MalwareJake) covers the basics of Windows privilege escalation using COM objects, DLL side loading, and various privileges assigned to user accounts.
May 5 2020
This was a fantastically clear explanation of the main Kerberos attacks, by the discoverer of the Kerberoasting vulnerability, Tim Medin. He covered the principles, uses, and defenses for Golden Tickets, Silver Tickets, Skeleton Keys, Pass-the-Ticket and Over-Pass-the-Ticket. Now I need to know more about Mimikatz and other ticket collectors!
April 30 2020
Tim Medin of Red Siege reminds us to first try for the low-hanging fruit and dumb misconfigurations with off-the-shelf software. Incomplete patching, ncat, test accounts, and bad passwords - the simple stuff is out there everywhere!
April 17 2020
The Cyber Work podcast from the Infosec Institute was celebrating a milestone and gave away codes for a free month of access to their cyber range. I had a couple of days free over the Spring Break, so I worked my way through their Pentesting scenarios. They have a nice range of scenarios from absolute basics to specialist skills.
February 20 - February 21 2020
I've been picking at this course from Total Seminars since late January, so it's time to finish it off. I've found the content to be quite high-level and theoretical, but the review is good, and there are always new ideas and viewpoints to take in. This course also came with a practice test each for CEH and PenTest+, so we'll see how I'm faring there, too.
January 22 - May 20 2020
This was an introductory course promoting the longer format Practical Ethical Hacking course on Udemy by The Cyber Mentor, Heath Adams. The course started out with quite basic material and worked its way right into some heavy-duty network penetration testing tools and techniques. I'm looking forward to his 25-hour PEH course!
June 22 - June 23 2019
This series of modules covers identity and access management, threat protection, and information protection and governance in Microsoft Azure Active Directory and 365 environments.
October 3 2020
This course covers fundamental AWS cloud security concepts, including AWS access control, data encryption methods, and how network access to your AWS infrastructure can be secured.
May 29 2020
The fundamental-level course is intended for individuals who seek an overall understanding of the AWS Cloud, independent of specific technical roles. It provides a detailed overview of cloud concepts, AWS services, security, architecture, pricing, and support. This course also helps you prepare for the AWS Certified Cloud Practitioner exam.
June 29 2020
This is the self-paced online Azure Fundamentals training. The MS Azure Virtual Training Day was a bit shallow and included no hands-on components, so I ran through this course. The hands-on exercises were helpful and the review was worthwhile. And apparently they helped with the exam.
May 17 2020
I got up at 2AM to catch this in the Central Europe timezone, so I was little put off that it was simply a recording and involved no hands-on components. The session provided an overview of the Azure core services and included introductory material on cloud computing and shared responsibility for security. It is intended as preparation for the AZ-900 exam and included a voucher for the Azure Fundamentals exam (hence the 2AM wakeup). I think I'll still be taking the 9 hour self-paced course for AZ-900 prep before attempting the exam.
May 7 2020
This excellent 4-hour workshop was packed with a deep walk-through of cloud pentesting tools and techniques, interspersed with practical labs attacking AWS and Azure cloud assets. This is the first of four 4-hour sessions in the paid offensive tradecraft training. Take any or all of them if you can!
April 25 2020
"This talk will provide examples of these new attack vectors in AWS environments, ways to identify these vectors, and finally steps to mitigate them (individually and across an organisation). It is intended to be an introductory talk, and does not require advanced knowledge of AWS services."
April 22 2020
James Arlen is an advisor to the Mohawk Cybersecurity Club, and offered to run his 2-day hands-on CCSK course for us. The CCSK+ version includes a good mix of basics, theory, and hands-on labs in AWS, and was a solid preparation for the CCSK exam.
June 22 - June 23 2019
This module picks up at Layer 3 - Network Security, and continue to build on the defense-in-depth strategy introduced in Part I with Hardware and Software Security.
June 25 2020
This training introduces the defense-in-depth model and cover layers 1 (Security Management) and 2 (Physical Security).
June 25 2020
Understanding how hackers attack systems helps you better understand how to defend against cyber attacks.
June 25 2020
This course will covers the impacts of cyber based attack can have on an ICS, and different ways of looking at the potential consequences of three types of events.
June 25 2020
This course examines some of the current trends in cybersecurity vulnerabilities that contribute directly to cyber risk in Industrial Control Systems (ICSs). The goal is to identify the root causes and their associated countermeasures that can be used to protect control systems.
June 25 2020
Risk is a function of threat, vulnerability, and consequence. The most complex attribute is threat because it can be intentional or unintentional, natural or man-made. When trying to develop defensive strategies to protect controls systems, it is important to understand the threat landscape in order for appropriate countermeasures or compensating controls to be deployed.
June 25 2020
This course is designed to help gain a better understanding of cyber risk, how it is defined in the context of ICS security, and the factors that contribute to risk. It also covers how IT-based countermeasures can be customized to accommodate ICS architectures.
June 25 2020
Understanding the basic concepts of cybersecurity will provide the necessary foundation to determine the appropriate controls to protect ICS. ICSs are dependent on IT, as contemporary IT is often troubled with cyber vulnerabilities.
June 25 2020
This course covers the common components and protocols found in Industrial Control Systems (ICS)
June 24 2020
This course covers the elements of a traditional IT network, specific issues that relate to emerging cybersecurity problems, and some of the complexity associated with trying to mitigate those problems.
June 24 2020
This course discusses what, where, and how industrial control systems (ICSs) are used and describes some of specific examples of how ICSs work in real-life situations.
June 24 2020
This training covers operational security practices and their application to industrial control systems (ICS) security.
June 24 2020
The webcast outlined how to build a Collection Management Framework and how to use it for incident response, threat hunting, and security operations in ICS environments.
June 23 2020
This webinar began with a SANS instructors panel on applying NIST to ICS environments, for assessing risk and developing a tiered approach to ICS security. They also specifically touched on Fortinet's products for critical infrastructure security.
June 23 2020
This webinar introduced the cloud-based Managed Threat Hunting program from Dragos (Neighborhood Watch) and discussed evluation of Managed Detection and Response and Managed Threat Hunting products for ICS/OT.
June 23 2020
This webinar discussed at a high level, the primary need to identify ICS threats in order to manage incidents effectively, and provided general recommendations for setting up an effective IR program to reduce risk exposure.
June 23 2020
The IoT Virtual Village was full of the presentations that you would find at a physical IoT Village event. Highlights were a wireless swiss army knife, the deplorable state of IoT segmentation, and some of the latest SCADA/ICS red team hacks.
May 28 - May 29 2020
The talk was heavily focussed on career options and tracks in IoT security, but the demo was a good little hands-on introduction to accessing, viewing, and decrypting IoT device firmware. I'm looking forward to the IoT Virtual Village and CTF at the end of the month!
May 3 2020
This workshop introduced the C2 Matrix, the various tools, capabilities, and features as well as the detective tools one can use to monitor and understand what the generated payloads do. In a CTF format, we took a identified and examined payloads that were generated with various C2 frameworks.
August 25 2020
Ben Ten and Larry Spohn of TrustedSec ran through several demonstrations of common hacking tools and techniques to improve understanding of early Indicators of Compromise (IoCs) and how to identify threats within a network environment. The demonstrations also provided good insight into how to reduce one's noise levels in a pentest.
August 19 2020
In this webinar, John Strand discusses open-source (Caldera, Atomic Red Team) and commercial (Scythe) tools and the value of them in attack emulation to improve threat intelligence and detection of ransomware using overlapping fields of visibility.
June 25 2020
Following up on the Threat Hunting workshop, this session covered how to confirm that your threat hunting platform is working as intended. They overviewed DNS C2 detection testing and Metasploit session detection testing methods.
May 6 2020
This 6-hour workshop, with hands-on labs focussed on free threat-hunting tools, covered how to leverage network data to perform a cyber threat hunt. Key takeaways were developing a threat scoring system, identifying long connections, locating beacons, and finding C2 over DNS. They've run this for free a couple of times, with more planned in coming months.
April 4 2020
John Strand discussed the core skills that a SOC analyst needs in order to be successful and to prevent burnout.
October 15 2020
Christopher Crowley of Montance LLC discussed a full range of architecture, maturity, and failure considerations for an effective SOC. This talk was an overview of his SOC-Class.com training, covering advice around the development of SOCs intergrated with monitoring, threat intelligence, penetration testing, forensics, maturity assessments and more.
August 3 2020
This was another Total Seminars course I picked up on a deal last year, and have been meaning to fit into my schedule. Now's as good a time as any!
July 8 - Present 2020
This course featured no interactive labs, but covered the basics of configuring basic and credentialed scans of networks and web applications, asset discovery and vulnerability scans, generating reports, and managing users in Nessus Manager.
June 15 - June 16 2020
This course covered the basics of host asset discovery, host categorisation, vulnerability scanning, result filtering, reporting, and user management in the Qualys Security and Compliance Suite's Vulnerability Manager and AssetView applications.
June 11 2020
Wade Wells gave a brief introduction to integrating logging and detection resources with MITRE's ATT&CK framework using tools like DeTT&CT to demonstrate and gap-fill coverage of high-threat TTPs and across the board.
May 27 2020
This session covered the basics of the Elastic SIEM UI, data analysis, and agent installation. It touched only briefly on the prebuilt machine learning jobs for anomaly detection.
May 1 2020
An OK introduction to security anomalies and automated detection of attack behaviour. The labs are not well written, but attempt to cover configuring Elastic anomaly detection using machine learning, and specifically detecting DNS data exfiltration.
April 17 2020
A simple introduction to the basics of Kibana queries, analysis, and visualiation (focus on Lens). The lab document is a bit out of date or missing information, but otherwise straight-forward.
April 16 2020
With all of the interest in their other threat hunting and active defense workshops, the Active Countermeasures/Black Hills Information Security crew put together a session on building a safe, simple home lab for testing new tools and techniques. A very simple hardware setup and loads of free/cheap tool recommendations.
April 16 2020
Over 14 modules, many with practical labs using a 60-day free trial of enterprise Splunk, you get a very straightforward introduction to the basic capabilities of Splunk and the Splunk search language. At the end, there is a free 39-question certification test for the Splunk Fundamentals I certification.
March 23 - April 13 2020
John Strand and Black Hills Security opened up their full getting-started class to anyone who was interested in this pay-what-you-can offering. The class covers security fundamentals with lots of hands-on labs demonstrating the top vulnerabilities, attacks, and defenses Black Hills pentesters see in their 500+ security assessments each year.
July 27 - July 30 2020
This course outlines the DNS Security Extensions (DNSSEC) protocol that protects against data spoofing, and the process for implementing it.
June 30 2020
This 1-hour session from Joff Thyer was a firehose of information about securing IPv6 with practical adivce on specific types of traffic to filter and address assignment best practices.
June 6 2020
This was a nice review of symmetric, asymmetric, and hashing cryptography principles and major algorithms, along with their relative value for different platforms and applications.
May 15 2020
This was the first of three sessions working through material from the Active Directory Administration Cookbook by the author, Sander Berkouwer. Sander covers some lesser-known security options like fine-grained password and lockout policies, LAPS, the AD recycle bin, and group Managed Service Accounts that severely limit Kerberos attacks.
May 7 2020
This webinar, promoting the BeyondTrust product, looked at what we do after we remove local admin privileges to maintain user productivity. The BeyondTrust product uses limited privilege policies (change network settings, install approved software, blacklist non-approved software use); credential vaults allowing specific users access to specific machines (similar control for off-site and 3rd-party remote access and can be validated against service tickets); and remote session monitoring and recording.
April 15 2020
John Strand literally wrote the book on Active Defense (Offensive Countermeasures, with Paul Asadoorian - free to read on Kindle at the moment!), and in this 4-hour workshop he introduces the tools for legal Annoyance, Attribution, and even Attack, in the ADHD (Active Defense Harbinger Distribution) VMs they provided. The workshop focussed mainly on the Annoyance tools, like honey accounts, honey ports, and honey tokens, and a bit on the Attribution aspects of those tools. Their webite, however, has a full set of labs and exercises for the full range of tools in ADHD.
April 9 2020
My co-op offered me the chance to go to this 2-day training, as I was the one responsible for configuring their new CheckPoint firewall. The training consisted of hands-on labs to demonstrate product features.
February 12 - February 13 2019
This course covers a systematic approach to intrusion investigations, including a framework for categorizing artifacts that may contain DFIR evidence, how to analyze those artifact categories, and the benefits of an automated approach.
October 9 - October 12 2020
Hal Pomeranz covers a variety of vital information that can be collected from Linux logs, including deleted logs, audit logs, and even logs in binary that require crazy command line tricks to parse.
September 2 2020
Hal Pomeranz dives into the value and recovery of Linux forensic evidence like relative atime updates, block groups and allocation strategies, and deleted file recovery on the command line.
May 7 2020
This course covers all of the basic functionality of the forensic tool Autopsy. I can't believe how much nicer the current version is compared to the dodgy old version that comes pre-installed in Kali.
April 29 - April 30 2020
In this webinar, Kent Ickler and Jordan Drysdale of Defensive Origins lay out a business-driven workflow for balancing risk with attack, hunt, and defend methodologies to grow an effective purple team.
July 16 2020
This talk had an excellent discussion of the nature and practice of purple teaming. In addition to reviewing the value of common red team tools, to identify flaws in Active Directory and general network design and implementation, they debuted the PlumHound tool, adapting BloodHound for purple teaming (moving from graphs for attackers to lists for defenders).
June 16 2020
This workshop focussed on the implementation of Sysmon, WEF/WEC, and HELK to build a heavily audited and well-monitored detection environment for effective purple teaming.
June 6 2020
A Udemy course covering the much of the content of the book of the same name, delivered by the author Al Sweigart. The first half of the course was review (for me) of the basics (variables, for loops, if conditions, etc), but the second half gets into the really handy regex, file manipulation, and web scraping material. I really do need to check out the Image Manipulation sections in the book!
May 11 - May 12 2020
I've been meaning to level up (from 0) my JavaScript knowledge, and the free upgrade to CodeAcademy Pro for students is the perfect opportunity. This was a really good course, and I'm feeling much more confident in my ability to parse and write JavaScript
April 20 - April 28 2020
This was an excellent and sensible approach to intelligent/strategic job hunting (in and out of the pandemic) with a live practical example search. Jason Blanchard also runs frequent live job hunts on Twitch, and I'll have to check those out, too!
May 21 2020
This webinar provided a brief live walkthrough (followed by extended Q&A) of the location, purchase, and implementation of off-the-shelf phishing kits available on the dark web.
May 21 2020
Chris Benton provides advice on how to act as a security leader in the organisation, pitch the security controls that match the business needs of the C-suite, and collaborate with other departments (sales, legal, IT, etc) to create and align processes that remove inhibitors to business.
May 20 2020
This was a great introduction to the ATT&CK framework and how to apply it. The course includes exercises that are taken up in the videos and covers mapping reporting and raw data to ATT&CK as well as CTI analysis and recommendation using ATT&CK-mapped data.
May 6 2020
I started this course after finishing the Total Seminars Network+ course, and continue to be impressed with Mike Meyers' courses. I am using this, along with Marcus Carey's QuarantineSec training and the Anki flashcard app to prepare for the Security+ exam in July.
May 5 - July 1 2020
Three tracks of infosec talks (Red Team, Blue Team, and Purple Team), a CTF, and a Pub Quiz, with donations to Doctors Without Borders. What's not to love? I split my time between the Red and Purple tracks:
- The Complete History of Hacking & Phreaking
- The Red or Blue Pill
- Why Staying Silent Will Always Keep You Secure
- Hacking Universities in 20 Seconds
- Increasing CTI Collection Efficiency
- From Mantra to Mindset: Preparing for the OSCP
April 19 2020
I'm also a PMI-PMP keeping up on my professional development units, but so much of what we do in IT and cybersecurity is project-based. This webinar focussed on Information Mapping for improved written communication, Results Chains to clarify and visually communicate project activities, and Benefit Registers to show progress and demonstrate achievements.
April 16 2020
Hacker, author, and all-around good guy, Marcus J Carey, has been runnning a prep course for Network+, along with aspects of Security+ and Cisco networking. The course focussed on practical application of the Network+ and Security+ concepts. Marcus also arranged a number of free exam vouchers for those dedicated to the study process, and I made the most of mine! Thank you, Marcus!
March 24 - June 4 2020
I worked my way through this course from Total Seminars early last year, during my first co-op, and was impressed with the clarity and approachability of Mike Meyers' courses.
January - May 2019
