Computer Security#
Table of Contents#
Sections#
Mathematics#
Texts#
Reilly, Daniel. (2023). Applied Math for Security: An Introduction for Programmers. No Starch Press.
Python#
Texts#
Poston III, Howard E. (2022). Python for Cybersecurity: Using Python for Cyber Offense and Defense. Wiley.
Seitz, Justin & Tim Arnold. (2021). Black Hat Python: Python Programming for Hackers and Pentesters, 2nd Ed. No Starch Press.
Rust
“Ownership Model of the Rust Programming Language”.
“Learn Rust with Entirely Too Many Linked Lists”.
Figures#
Resources#
Tools & Technologies
[ h ][ w ] Bitwarden
[ h ][ w ] Cockpit
[ h ][ w ] CrowdSec
[ h ][ w ] CyberChef
[ h ][ w ] Defense Advanced Research Projects Agency (DARPA)
[ h ][ w ] GNU Binary Utilities (binutils)
[ h ][ w ] GNU Octave
[ h ][ w ] Graylog
[ h ][ w ] Hashicorp Vault
[ h ][ w ] haveibenpwned
[ h ][ w ] LMbench - performance analysis
[ h ][ w ] MATLAB
[ h ][ w ] MITRE
[ h ][ w ] Peach Fuzzer
[ h ][ w ] pfsense+
[ h ][ w ] RAMspeed - cache and memory benchmark
[ h ][ w ] Valgrind - instrumentation framework for dynamic analysis
FlareVM GitHub
Ghidra Home
Klee Symbolic Execution Engine Home
Meltdown and Spectre Home
review
Black Eagle Analytics & Data LLC
[ y ]
09-05-2020. “Cyber Security Crash Course (Free Google IT Support Certificate Course)”.
David Bombal
[ y ]
03-08-2024. “Flipper Zero vs “Proper” Hacking Tools”.[ y ]
01-03-2024. “Hacking Tools (with demos) that you need to learn in 2024”.[ y ]
01-01-2024. “2024 Roadmap to Master Hacker”.[ y ]
07-30-2023. “Real World Hacking Tools Tutorial (Target: Tesla)”.[ y ]
07-01-2022. “OSINT tools to track you down. You cannot hide.”.[ y ]
08-30-2021. “MALWARE ANALYSIS // How to get started with John Hammond”.[ y ]
05-05-2021. “CTF Walkthrough with John Hammond”.
[ y ] Embrace The Red
Nerd’s Lesson
[ y ]
02-01-2024. “Cybersecurity Mastery: Complete Course in a Single Video | Cybersecurity For Beginners”.
[ y ]
03-28-2024. VICE News. “The World’s First Cyber Weapon Attack on a Nuclear Plant | Cyberwar”.
YouTube#
More
[ y ]
03-21-2024The PC Security Channel. “Cybersecurity for Beginners: Basic Skills”.
Texts#
Pfleeger, Charles; Shari Lawrence Pfleeger; & Lizzie Coles-Kemp. (2023). Security in Computing. 6th Ed. Addison-Wesley Professional.
Stamp, Mark. (2021). Information Security: Principles and Practice, 3rd Ed. Wiley.
Andress, Jason. (2019). Foundations of Information Security: A Straightforward Introduction. No Starch Press.
Dykstra, Josiah. (2015). Essential Cybersecurity Science: Build, Test, and Evaluate Secure Systems. O’Reilly.
Kohnfelder, Loren. (2021). Designing Secure Software: A Guide for Developers. No Starch Press.
Magnusson, Andrew. (2020). Practical Vulnerability Management: A Strategic Approach to Managing Cyber Risk. No Starch Press.
Ball, Corey. (2022). Hacking APIs: Breaking Web Application Programming Interfaces. No Starch Press.
Bejtlich, Richard. (2013). The Practice of Network Security Monitoring: Understanding Incident Detection and Response. No Starch Press.
Chio, Clarence & David Freeman. (2018). Machine Learning & Security: Protecting Systems with Data and Algorithms. O’Reilly.
Dykstra, Josiah. (2015). Essential Cybersecurity Science: Build, Test, and Evaluate Secure Systems. O’Reilly.
Du, Wenliang. (2022). Computer & Internet Security: A Hands-On Approach. 3rd Ed. Home. GitHub. Labs Home.
Edelman, Jason, Scott Lowe, & Matt Oswalt. (2018). Network Programmability and Automation: Skills for the Next-Generation Network Engineer. O’Reilly.
Enoka, Seth. (2022). Cybersecurity for Small Networks: A Guide for the Reasonably Paranoid. No Starch Press.
Erickson, Jon. (2008). Hacking: The Art of Exploitation. 2nd Ed. No Starch Press.
Graham, Daniel G. (2021). Ethical Hacking: A Hands-On Introduction to Breaking In. No Starch Press.
Grubb, Sam. (2021). How Cybersecurity Really Works: A Hands-On Guide for Total Beginners. No Starch Press.
Hall, Patrick; James Curtis; & Parul Pandey. (2023). Machine Learning for High-Risk Applications: Techniques for Resposnible AI. O’Reilly.
Julian, Mike. (2017). Practical Monitoring: Effective Strategies for the Real World. O’Reilly.
Kohnfelder, Loren. (2021). Designing Secure Software: A Guide for Developers. No Starch press.
Reilly, Daniel. (2023). Applied Math for Security: An Introduction for Programmers. No Starch Press.
Seitz, Justin & Tim Arnold. (2021). Black Hat Python: Python Programming for Hackers and Pentesters. 2nd Ed. No Starch Press.
Sikorski, Michael & Andrew Honig. (2012). Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software. No Starch Press.
Brown, Rebekah & Scott J. Roberts. (2023). Intelligence-Driven Incident Response: Outwitting the Adversary. 2nd Ed. O’Reilly.
Rice, Liz. (2020). Container Security: Fundamental Technology Concepts That Protect Containerized Applications. O’Reilly.
Shortridge, Kelly & Aaron Rinehard. (2023). Security Chaos Engineering: Sustaining Resilience in Software and Systems. O’Reilly.
Du, Wenliang. (2019). Computer & Internet Security: A Hands-On Approach, 2nd Ed.
Dykstra, Josiah. (2016). Essential Cybersecurity Science: Build, Test, and Evaluate Secure Systems. O’Reilly.
Grubb, Sam. (2021). How Cybersecurity Really Works: A Hands-On Guide for Total Beginners. No Starch Press.
McCarty, Ben. (2021). Cyberjutsu: Cybersecurity for the Modern Ninja. No Starch Press.
Stallings, William & Lawrie Brown. (2017). Computer Security: Principles and Practice, 4th Ed. Pearson.
Troncone, Paul & Carl Albing. (2019). Cybersecurity Ops with bash: Attack, Defend, and Analyze from the Command Line. O’Reilly.
Van Oorschot, Paul C. (2020). Computer Security and the Internet: Tools and Jewels. Springer Information Security and Cryptography.
Arbuckle, Luk & Khaled El Emam. (2020). Building an Anonymization Pipeline: Creating Safe Data. O’Reilly.
Bowman, Courtney et al. (2015). The Architecture of Privacy: On Engineering Technologies that can Deliver Trustworthy Safeguards. O’Reilly.
Preston, W. Curtis. (2021). Modern Data Protection: Ensuring Recoverability of All Modern Workloads. O’Reilly.
Barthe, Gilles, Pedro R. D’Argenio, & Tamara Rezk. “Secure Information Flow by Self-Composition”.
“Exploiting Format String Vulnerabilities”.
Schneider, Fred B. (2000). “Enforceable Security Policies”.
“Smashing the Stack for Fun and Profit”.
Tan, Gang. (2017). “Principles and Implementation Techniques of Software-Based Fault Isolation”.
Thompson, Ken. (1984). “Reflections on Trusting Trust”.
Browser Security Handbook.
Neuman, B. Clifford & Theodore Ts’o. (1994). Kerberos: An Authentication Service for Computer Networks.
An Illustrated Guide to the Kaminsky DNS Vulnerability.
Tenouk’s C programming and buffer overflow programming flaw on Linux and Windows OS tutorial.
Wheeler, David A. Secure Programming HOWTO.
Terms#
[ w ] Address Space Layout Randomization
[ w ] Application Security (AppSec)
[ w ] Attack Surface
[ w ] Attack Vector
[ w ] Blue Team
[ w ] Buffer Overflow
[ w ] Buffer Overflow Protection
[ w ] Code Injection
[ w ] Code Signing
[ w ] Confidentiality
[ w ] Control-Flow Graph (CFG)
[ w ] Cyber Threat Intelligence (CTI)
[ w ] DARPA Experimental Cybersecurity Research Evaluation Environment (DECREE)
[ w ] Data Erasure
[ w ] Data Flow Analysis
[ w ] Data Masking
[ w ] Data Recovery
[ w ] Data Security
[ w ] Data-Centric Security
[ w ] Defense Advanced Research Projects Agency (DARPA)
[ w ] Disk Encryption
[ w ] Dynamic Program Analysis
[ w ] Executable-Space Protection
[ w ] Fuzzing
[ w ] Hackathon
[ w ] Indicator of Compromise (IoC)
[ w ] Information Flow
[ w ] Information Security
[ w ] Obfuscation
[ w ] Open-Source Intelligence (OSINT)
[ w ] Open Worldwide Application Security Project (OWASP)
[ w ] Payload
[ w ] Principal
[ w ] Privilege
[ w ] Red Team
[ w ] Return-Oriented Programming (ROP)
[ w ] Static Program Analysis
[ w ] Taint Checking
[ w ] Trust Boundary
ASLR Address Space Layout Randomization [ w ]
Agobot [ w ]
Attack Surface [ w ]
Attack Vector [ w ]
Blaster Worm [ w ]
Bluepill [ w ]
Botnet [ w ]
Branch Predictor [ w ]
Buffer Overflow [ w ]
Code Red Worm [ w ]
CVE Common Vulnerabilities and Exposures [ w ]
Computer Security [ w ]
Cryptovirology [ w ]
Disassembly [ w ]
DoS Denial-of-Service [ w ]
DDoS Distributed Denial-of-Service [ w ]
Exploit [ w ]
FIPS Federal Information Processing Standards [ w ]
Hardware Bug [ w ]
Hardware Security Bug [ w ]
ILOVEYOU Virus [ w ]
Kournikova Virus [ w ]
Malware [ w ]
Meltdown [ w ]
Memory Corruption [ w ]
Memory Safety [ w ]
MDS Microarchitectural Data Sampling [ w ]
Mitre Corp. [ w ]
Morris Worm [ w ]
Padding Oracle Attack [ w ]
POODLE Bug [ w ]
PCC Proof-Carrying Code [ w ]
Ransomware [ w ]
Reverse Engineering [ w ]
Rootkit [ w ]
Sandbox [ w ]
Shellshock Bug [ w ]
Side-Channel Attack [ w ]
Slammer Worm [ w ]
Software Bug [ w ]
SGX Software Guard Extensions [ w ]
Spectre [ w ]
Storm Botnet [ w ]
Stuxnet [ w ]
Threat Actor [ w ]
TLS Transport Layer Security [ w ]
Virus [ w ]
Vulnerability [ w ]
Worm [ w ]
Zero-Day [ w ]
Zune Crash of 2008 [ w ]
Address and Routing Parameter Area [ w ]
Air Gap [ w ]
Akamai Technologies [ w ]
ARP Spoofing [ w ]
Automotive Hacking [ w ]
Challenge-Response Authentication [ w ]
CAPTCHA Completely Automated Public Turing Test to tell Computers and Humans Apart [ w ]
Cold Boot Attack [ w ]
Computer Security [ w ]
Consistent Hashing WIki
Cryptocurrency Scam [ w ]
Custom Hardware Attack [ w ]
Cybersecurity [ w ]
Data-Centric Security [ w ]
Defense Strategy [ w ]
DOS Denial-of-Service Attack [ w ]
DNS over HTTPS [ w ]
DP Differential Privacy [ w ]
Dynamic DNS [ w ]
FIDO Fast IDentity Online
FIDO UAF Universal Authentication Framework
FIDO U2F Universal 2nd Factor
FIDO 2
CTAP2
Webauthn
Firewall [ w ]
Forward Secrecy [ w ]
Fuzzy Extractor [ w ]
Hardware Backdoor [ w ]
Hardware Obfuscation [ w ]
Hardware Security [ w ]
Hardware Trojan [ w ]
Honeypot [ w ]
Human Presence Detection [ w ]
Information-Theoretic Security [ w ]
Kill Switch [ w ]
Malware
MFA Multi-Factor Authentication [ w ]
NFC Near-Field Communication [ w ]
Network Security [ w ]
Nonce (number once) [ w ]
OTP One-Time Pad [ w ]
OTP One-Time Password [ w ]
PIN Personal Identification Number [ w ]
Phishing [ w ]
PUF Physical Unclonable Function [ w ]
PGP Pretty Good Privacy [ w ]
PKI Public Key Infrastructure [ w ]
Quantum Readout [ w ]
Quantum-Secure Authentication
RFID Radio-Frequency Identification [ w ]
Ransomware [ w ]
reCAPTCHA [ w ]
Replay Attack [ w ]
Reverse DNS Lookup [ w ]
Secure Cryptoprocessor [ w ]
SE Secure Element
SEID Secure Element Identifier
Security Switch [ w ]
Security Token [ w ]
SMS Short Message Service [ w ]
SSO Single Sign-On [ w ]
Social Engineering [ w ]
Spoofing Attack [ w ]
Spyware
SMP Stable Matching Problem [ w ]
Strong Authentication
Strong Cryptography [ w ]
Teredo Tunneling [ w ]
TPA Third-Party Authenticator
TOTP Time-Based One-Time Password [ w ]
TEE Trusted Execution Environment [ w ]
TSM Trusted Service Manager [ w ]
2FA Two-Factor Authenticaion
U2F Universal 2nd Factor [ w ]
USB Universal Serial Bus [ w ]
Virtual Security Switch [ w ]
WebAuthn Web Authentication [ w ]
Web of Trust [ w ]
Datasets#
AWS public data sets
Enron Corpus (email)
Coomon Crawl corpus
Center for Applied Internet Data Analysis (CAIDA) data sets
anonymized Internet traces
Code Red worm propagation
passive traces on high-speed links
-
Rapid7
University of Michigan
MIT Lincoln Lab IDS data sets - examples of background and attack traffic
NSA Cyber Defense exercise data set
DNS
Snort
Splunk
web server
Protected Repository for the Defense of Infrastructure Against Cyber Threats (PREDICT)
blackhole data
BGP routing data
bulk email data
IDS and firewall data