Cyber war is a hot topic but its not here yet, contrary to popular belief.Read More
It’s been a while since I have put together an original post the main reason for this is I have been feeding my desire to keep learning and growing. Good news for all of you I have spent on my time embedded in some InfoSec focussed learning. So now it’s time to share a few of the things I learnt with you all!
In a nutshell: I previously Interviewed the man behind this course Mike Hicks here. This would have to be one of the best courses on teaching secure coding available on the web instead of teaching concepts with some very small examples this course goes miles further by allowing you to reverse engineer and exploit code which isn’t written securely. Not only do you look at C code, you also delve into all of the common Software security issues like SQL injection and fuzz testing this course will definitely take your coding and security skills to the next level.
Find out more: https://www.coursera.org/course/softwaresec
In a nutshell: This course is comprised of many units although it’s not a security focused course it’s an interesting dynamic the lecturer has some professional developers come in and teach swift and the guys are fantastic and give some really good practical examples of using swift code.
I primarily took this because I was interested in learning Swift and running through some Fuzz testing with Swift code – eventually I will post something on this.
Also in light of recent events this week (a 1 million dollar iOS exploit bounty being claimed) the more you know about securing your iOS apps the better.
Find out more: https://www.coursera.org/specializations/app-development
Malicious software and its underground economy
In a nutshell: This course is a slightly different take on Computer Security instead of giving you a walkthrough on how to design and build systems it looks at Malicious software and tries to define its intents and how the people behind malware a) try to profit from it and b) how to determine how much they actually made from malware. The course also gives a great rundown of IDA Pro and how to use it effectively when analysing malware and other software.
Find out more: https://www.coursera.org/course/malsoftware
IT Masters Forensics short course
In a nutshell: This is a bit sized forensics course taken from one of the popular information security masters programs by Charles Sturt University in Australia. The course spans 5 weeks where the lecturer a renowned Forensics Expert goes through the basics of Computer Forensics Investigations and touched not only on the technical aspect but a lot the Legal and administrative aspects – highly recommend this to anybody who is thinking about a career in computer forensics.
The Complete Hacking Course: Go from Beginner to Advanced!
In a nutshell: If you’re looking to start a career in penetration testing this is the ultimate starting place. The course contains over 100 lectures covering multiple aspects of penetration testing not only will you delve into subjects like programming but it will walk you through pretty much every facet of penetration testing weather its cracking wifi or performing DOS attacks. This course will give you everything you need to start you on the path to being a security expert.
Find out more: https://www.udemy.com/penetration-testing/
As always please let me know if found this article useful or if you didn't, Don’t forget to like this post or leave a comment below to let me know another area you would be interested in reading about. Thanks for your continued support! Until next time!
While I wait for some new hardware to arrive which will go towards creating some more interesting tutorials for you all I took some time to think a little about the reactions people in security often provoke from others. This week Oracles CSO in a now deleted blog post was quite vocal about how she was not at all impressed by security researchers who kept reporting bugs to Oracle and tried to reverse engineer its products to find vulnerabilities. This wouldn’t be the first time somebody has complained about security researchers and it certainly won’t be the last time.
Now step back and think why do people react to us like this, were just helping right? It’s not that simple. One of the things people like most about the security industry is that it’s so different from everything else for example in just this last month people have:
- Hacked and remotely controlled cars.
- Caught dangerous cybercriminals.
- Have let dangerous criminals slip through their fingers.
- Collectively improved our security posturing.
- Collectively degraded our security posturing.
- Found ways to rootkit CPU’s.
- Found 0 day vulnerabilities.
- Patched 0 day vulnerabilities.
- Announced the release of “security focused” Operating Systems.
What I'm trying to say is that this industry is so dynamic and diverse there’s something for everyone. Now back to why we cause controversy.
Security professionals always punch above their weight
People often assemble huge enterprises more often than not there are some serious security issues with some of these enterprises. Two kinds of Security people show up here. Usually the first one is an architect or some kind of SME who railroads your piece of work single handedly it doesn't matter if it cost you 0 dollars or 500 million to get that piece of work to where it is they will stop you. The second kind who usually comes afterwards, finds those issues and exploits them, this doesn't just bring the piece of work to its knee’s it brings down an entire organisation to its knee’s suddenly and abruptly.
They prod, poke and sometimes bite
A big part of the recent Oracle blog post was that the anger and frustration in the post wasn't sudden it had been built up over years. Security professionals won’t quit they are persistent and focused they will keep poking and prodding even biting until the issue is fixed. This creates a kind of harsh frustration and anger towards us but ultimately without the prodding and poking things often won’t get fixed. I’m happy to do things another way but a viable alternative hasn’t presented itself yet.
They are show you reality
Often in the world there are people who are not always aware of the actual state of things. Often security professionals are the first people to point this out and show you how things are. It’s not usually pretty either when you have imaged something more glamorous you are often angry at the person who took this away from you.
Sometimes they break more than they fix
A big part of a security research is finding interesting and clever way to break things a large proportion of the time we also fix things but it’s harder so not everybody tries to fix things. Hats off to everyone who tries to fix things this small but important contribution is what keeps pushing better security forward.
They issue demands
I haven’t come across many people who likes to have tough demands imposed on them, especially ones they can’t meet. It’s a no brainer as to why this doesn't go down well.
You don’t know them
Many security professionals don’t really share much with other people unless they know them at a deeper level. Usually it’s hard to like somebody you don’t know anything about, furthermore sometimes the nature of a security professional’s work requires them to remain unknown. It’s hard to like ghosts.
Lastly the good security professionals have skill some more than others but in the world skills are valuable these skills are especially valuable. Nobody has problems with us having skills but when you have a powerful skill and use it there is always somebody who will be upset or effected. Make sure that before using your skill it’s for the right reasons.
Don’t let the above dissuade you. What you bring to the table is valuable and necessary but if you became a security professional to have everybody like you, there’s probably an easier way to achieve that goal out there somewhere. If you became a security professional to change things, to up the stakes to try and make people do the right thing, welcome.
Please let me know if found this article useful or if you didn't, Don’t forget to like this post or leave a comment below to let me know another area you would be interested in reading about. As always thanks for your continued support! Until next time!