Learning new tips and tricks as a security specialist not only allows us to provide more through penetration tests, vulnerability assessments and security audits, but it also allows us to find new and unique methods to help secure the control systems used to control critical infrastructure.
This article is devoted to a collection of various video clips, websites and white papers covering a variety of technologies used in information security.
Demonstration Videos
Understanding Control System Vulnerabilities:
Exploitation 101: Turning a SCADA Vulnerability into a Successful Attack (Looking at IGSS)
Exploitation 101: Turning a SCADA Vulnerability into a Successful Attack (Looking at IGSS)
Securing and Protecting Industrial Control Systems:
Protecting Your ICS from Zero-Day Attacks
Protecting Your ICS from Zero-Day Attacks
Penetration Testing, Exploiting and Vulnerability Assessments:
Fast and Easy Hacking with Armitage for Metasploit
Hacking using Nmap, Nessus and Metasploit
Hacking a Remote Web Server with Metasploit and Backtrack
Understanding and Using SQL Injection Attack
Man-in-the-Middle Attack (MitM) using Secure Socket Layer (SSL) Stripping
Real World Pen Testing - Client Side and Pivot Attacks on Fully-Patched Systems
From Fuzzer to Metasploit (A Look at Exploit Development)
Password Sniffing
Fast and Easy Hacking with Armitage for Metasploit
Hacking using Nmap, Nessus and Metasploit
Hacking a Remote Web Server with Metasploit and Backtrack
Understanding and Using SQL Injection Attack
Man-in-the-Middle Attack (MitM) using Secure Socket Layer (SSL) Stripping
Real World Pen Testing - Client Side and Pivot Attacks on Fully-Patched Systems
From Fuzzer to Metasploit (A Look at Exploit Development)
Password Sniffing
Webcasts
Risk Identification, Classification and Threat Modeling:
Assessing the Security of ICS Systems Using Threat Modeling
Assessing the Security of ICS Systems Using Threat Modeling
Cheat Sheets
These cheat sheets have been compiled from a variety of sources. Specific credit for each sheet is shown on the applicable document. I would like to thank those that have put together these valuable documents! If you have any additions, please pass them along via email.
Hacking - CEH Cheat Sheet Exercises.pdf
Hacking - Meterpreter Cheat Sheet.pdf
Hacking - netcat.pdf
Hacking - Nessus NMAP Commands.pdf
Hacking - NMap Mindmap Reference.pdf
Hacking - NMap Quick Reference Guide.pdf
Hacking - Reconnaissance Reference Sheet.pdf
Hacking - Tripwire Common Security Exploit-Vuln Matrix.pdf
HTML - Markdown.pdf
Linux - Bourne Shell Quick Reference.pdf
Linux - Quick Reference Card.pdf
Linux - Shell Cheat Sheet.pdf
Linux - Shell Scrip Cheat Sheet.pdf
Linux - tcpdump.pdf
Linux - Ubuntu Quick Reference.pdf
Linux - VI Reference.pdf
MAC - OSX Key Combo Reference Guide.pdf
Networking - Border Gateway Protocol.pdf
Networking - Cisco IOS IPv4 Access Lists.pdf
Networking - Cisco IOS Versions.pdf
Networking - Common TCP-UDP Ports.pdf
Networking - EIGRP (Enhanced Interior Gateway Routing Protocol).pdf
Networking - First Hop (Router) Redundancy.pdf
Networking - Frame Mode MPLS.pdf
Networking - IEEE 802.11 WirelessLAN.pdf
Networking - IEEE 802.1X Authentication.pdf
Networking - IPsec.pdf
Networking - IPv4 Multicast.pdf
Networking - IPv4_Subnetting.pdf
Networking - IPv6.pdf
Networking - IS-IS.pdf
Networking - NAT.pdf
Networking - OSPF.pdf
Networking - Physical Terminations.pdf
Networking - PPP.pdf
Networking - QoS.pdf
Networking - Spanning Tree.pdf
Networking - TCPIP.pdf
Networking - VLANs.pdf
Networking - Wireshark Display Filters.pdf
Penetration Testing - Penetration Testing Framework (vulnerabilityassessment.co.uk)
SQL - MySQL Commands.pdf
VMware - Reference Card.pdf
Hacking - Meterpreter Cheat Sheet.pdf
Hacking - netcat.pdf
Hacking - Nessus NMAP Commands.pdf
Hacking - NMap Mindmap Reference.pdf
Hacking - NMap Quick Reference Guide.pdf
Hacking - Reconnaissance Reference Sheet.pdf
Hacking - Tripwire Common Security Exploit-Vuln Matrix.pdf
HTML - Markdown.pdf
Linux - Bourne Shell Quick Reference.pdf
Linux - Quick Reference Card.pdf
Linux - Shell Cheat Sheet.pdf
Linux - Shell Scrip Cheat Sheet.pdf
Linux - tcpdump.pdf
Linux - Ubuntu Quick Reference.pdf
Linux - VI Reference.pdf
MAC - OSX Key Combo Reference Guide.pdf
Networking - Border Gateway Protocol.pdf
Networking - Cisco IOS IPv4 Access Lists.pdf
Networking - Cisco IOS Versions.pdf
Networking - Common TCP-UDP Ports.pdf
Networking - EIGRP (Enhanced Interior Gateway Routing Protocol).pdf
Networking - First Hop (Router) Redundancy.pdf
Networking - Frame Mode MPLS.pdf
Networking - IEEE 802.11 WirelessLAN.pdf
Networking - IEEE 802.1X Authentication.pdf
Networking - IPsec.pdf
Networking - IPv4 Multicast.pdf
Networking - IPv4_Subnetting.pdf
Networking - IPv6.pdf
Networking - IS-IS.pdf
Networking - NAT.pdf
Networking - OSPF.pdf
Networking - Physical Terminations.pdf
Networking - PPP.pdf
Networking - QoS.pdf
Networking - Spanning Tree.pdf
Networking - TCPIP.pdf
Networking - VLANs.pdf
Networking - Wireshark Display Filters.pdf
Penetration Testing - Penetration Testing Framework (vulnerabilityassessment.co.uk)
SQL - MySQL Commands.pdf
VMware - Reference Card.pdf
Training Material via External Websites
Metasploit Unleashed
Stack-based Buffer Overflow Tutorial - Part 1: Introduction
Stack-based Buffer Overflow Tutorial - Part 2: Exploiting the Stack Overflow
Stack-based Buffer Overflow Tutorial - Part 3: Adding Shellcode
Writing Buffer Overflow Exploits - A Tutorial for Beginners
Scanning Networks with Metasploit Community
Basic Exploitation with Metasploit Community
Importing Nexpose Scan Data into Metasploit
Using Metasploit Community with Nexpose
Stack-based Buffer Overflow Tutorial - Part 1: Introduction
Stack-based Buffer Overflow Tutorial - Part 2: Exploiting the Stack Overflow
Stack-based Buffer Overflow Tutorial - Part 3: Adding Shellcode
Writing Buffer Overflow Exploits - A Tutorial for Beginners
Scanning Networks with Metasploit Community
Basic Exploitation with Metasploit Community
Importing Nexpose Scan Data into Metasploit
Using Metasploit Community with Nexpose
Useful Video Feeds
The Internet contains a vast amount of useful information, including demonstration and how-to videos that can be used by those learning how to assess, implement, test, and monitor cyber security controls design to protect control systems. The purpose of this section is to include useful Twitter feeds and YouTube channels. If this section grows (as expected), this will most likely move to a dedicated page in the future.
Nice Thanks for all this
ReplyDelete