Home Discovery

Splunk Security Datasets Project (?hrs) - https://live.splunk.com/splunk-security-dataset-project
This is a guided walkthrough of the dataset for Splunk’s Boss of the SOC v1, which does an excellent job showing off what Splunk can do with centralized logging. Make sure to run the searches yourself to get familiar with the query logic!

SANS Forensics Posters - https://digital-forensics.sans.org/community/posters
These are GREAT and I still reference regularly, particularly “Evidence of…” and “Hunt Evil” - this distills some of the primary indicators, events, and artifacts you can use to hunt for badness!

Professor Messer’s Security+ Course (?hrs) - https://www.youtube.com/playlist?list=PLG49S3nxzAnnVhoAaL4B6aMFDQ8_gdxAy
I’ve introduced you to various concepts through my classes but Mr. Messer is going to prepare you to get that CompTIA Security+ certification that you will need to get into this industry. He is a great teacher. Make sure to take notes, and practice our learning tools of recall, preview, memory palace, and spaced repetition!

Research Project

(POLICY) - NIST 800-61 - Incident Response - https://csrc.nist.gov/publications/detail/sp/800-61/rev-2/final

Still a gold standard for the Incident Response lifecycle. Try reading through the document and making an outline of what you learn, then focusing on a particular phase of the lifecycle and building a set of policies, standards, procedures, and guidelines based on what you read there. Don’t be afraid to google other articles!

(POLICY) - NIST 800-53 - Security Controls - https://nvd.nist.gov/800-53

Gold standard for setting up security controls in an enterprise environment. Again, try reading through the document and outlining what you learn, then focus on a particular area and write some policy, standards, and procedures with these as your guidelines.

Slides can be found here.

Kahoot quiz can be played here.

Episode available on Twitch or Youtube.

Home Discovery

Rachel Tobac Steals CNN Reporter’s Data (~5m) - https://www.youtube.com/watch?v=LYilP-1TwMg
Rachel does social engineering and penetration testing for a living, and this briefly explains how she got his data with very little effort before the yearly Las Vegas infosec conference Defcon.

Scamming Scammers with Kitboga - https://www.youtube.com/channel/UCm22FAXZMw1BaWeFszZxUKw
Kitboga runs a channel dedicated to baiting scammers and wasting their money. They usually operate on a script, so he performs some hilarious misdirection to annoy them while also pointing out the various tactics they use along the way.

Metasploit Unleashed - https://www.offensive-security.com/metasploit-unleashed/
This is an excellent walkthrough to what Metasploit is capable of. Follow along and test things out with your own VM of Metasploit and Metasploitable!

Research Project

(BOOK) - Ghost in the Wires by Kevin Mitnick

An excellent book by a famous hacker from the 90s who ended up working with the FBI to reduce his sentence. Reads like a story and documents a long history of his knack for social engineering combined with cybercrime. Interesting in that his motivation was mostly seeing what he was capable of, rather than abusing the information he discovered.

(BOOK) - Spam Nation by Brian Krebs

Excellent, gripping introduction to the world of organized cybercrime by a tech journalist. Really eye-opening read about the larger networks that run online spam operations to raise money for other illicit operations.

(PROJECT) - OverTheWire Bandit - https://overthewire.org/wargames/

OverTheWire hosts a number of challenges to see the various tiny holes that can be used to escalate privileges, bypass access controls, and evade security measures in so many different ways. They will give you the commands you’ll need to solve the challenge; try poking around and reading the manual pages for each tool to see if you can figure out which parts will help you solve the challenge.

Slides can be found here.

Kahoot quiz can be played here.

Episode available on Twitch or Youtube.

Home Discovery

Portal 2D - https://portal.wecreatestuff.com/
A wonderful flash remake of the Valve classic puzzler Portal. Portal does a great job of introducing concepts into your your mental model one at a time and forcing you to critically think with them.

Summary of Poor Charlie’s Almanack - https://www.allencheng.com/poor-charlies-almanack-charlie-munger-book-summary-pdf/ 
Charlie Munger is a successful American investor / businessman / philanthropist and close friend of Warren Buffet. His book describes how he overcomes bias and utilizes multiple mental models to make better decisions.

Cognitive Bias Cheat Sheet - https://medium.com/better-humans/cognitive-bias-cheat-sheet-55a472476b18
Great article covering a portion of the many cognitive biases that may cloud our judgment.

Slides can be found here.

Kahoot quiz can be played here.

Episode available on Twitch or Youtube.