Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
views
Alex Plaskett Profile picture
@alexjplaskett
Mar 18 23 tweets 11 min read Read on X
The amount of free training courses available these days for #cybersecurity is wild. People ask me if its worth paying for a specific course? First, have you seen all the free material out there?

Lets dig into a selection! 👇 Image
1/ Modern Binary Exploitation by @RPISEC. This was a university course developed and run solely by students to teach skills in vulnerability research, reverse engineering, and binary exploitation.

github.com/RPISEC/MBE
Image
2/ OpenSecurityTraining by @XenoKovah Not strictly binary exploitation but all the fundementals needed for this. Architecture, debugging, reverse engineering, vulns and exploitation courses.

p.ost2.fyi/courses
3/ by @Zardus and @TheConnorNelson is an education platform for students (and other interested parties) to learn about, and practice, core cybersecurity concepts in a hands-on fashion.

pwn.college
pwn.college
4/ A repo is for learning various heap exploitation techniques by @shellphish

github.com/shellphish/how…
5/ A much older set of tutorials on exploit development (and many other areas) by @FuzzySec

fuzzysecurity.com/tutorials.html
6/ This workshop introduces fuzzing and how to make the most of using American Fuzzy Lop, a popular and powerful fuzzer, through a series of challenges where you rediscover real vulnerabilities in popular open source projects.

by @michael_macnair github.com/mykter/afl-tra…
Image
7) NYU Poly Courses on fuzzing uploaded by @dguido

Fuzzing 101 (Part 1) - by Mike Zusman.


Fuzzing 101 (Part 2) - by Mike Zusman.


Fuzzing 101 (2009) - by Mike Zusman.
vimeo.com/5236104
vimeo.com/5237484
vimeo.com/7574602
8) Introduction to Blackbox fuzzing by @FuzzingLabs


academy.fuzzinglabs.com/introduction-b…
academy.fuzzinglabs.com/introduction-b…
9) by @OphirHarpaz



3 preparation assignments and 5 sessions in the following areas:

#1 - x86 Overview
#2 - Short Intro to IDA
#3 - Playground Exercises
#4 - Julia
#5 - Hacking Minesweeper begin.re
begin.re
Image
10) ARM Assembly Basics by @Fox0x01

azeria-labs.com/writing-arm-as…
11) Offensive and Defensive Android Reversing

github.com/rednaga/traini…
12) This repository contains the materials as developed and used by RPISEC to teach Malware Analysis at Rensselaer Polytechnic Institute in Fall 2015

github.com/RPISEC/Malware
Image
13) Reverse Engineering 101 by @malwareunicorn

This workshop provides the fundamentals of reversing engineering (RE) Windows malware using a hands-on experience with RE tools and techniques.

malwareunicorn.org/workshops/re10…
malwareunicorn.org/workshops/re10…
14) Practical Malware Analysis

Learn how to analyze malware, including computer viruses, trojans, and rootkits, using disassemblers, debuggers, static and dynamic analysis, using IDA Pro, OllyDbg and other tools:

samsclass.info/126/126_S17.sh…
15) by @PortSwigger

Free, online web security training from the creators of Burp Suite portswigger.net/web-security
Image
16) by @hackthebox_eu

Hack The Box is an online platform allowing you to test your penetration testing skills.hackthebox.com
17) Web Application Ethical Hacking - Penetration Testing Course for Beginners by @thecybermentor

classcentral.com/course/freecod…
18) The Bug Hunter's Methodology by @Jhaddix




docs.google.com/presentation/d…
github.com/jhaddix/tbhm
19) For those of you with YouTube addiction

by @LiveOverflow - various IT security topics, hacking competitions.
by @NetworkChuck - IT General interest with some security
by @joegrand - Hacking + electronicsyoutube.com/@LiveOverflow
youtube.com/@NetworkChuck
youtube.com/@JoeGrand
20) by @StackSmashing - Reverse engineering and hardware security
by @FlashbackPwn - Hardware and IOT security from past pwn2own winners.
by @_JohnHammond - Wide range of security related topics.youtube.com/@stacksmashing
youtube.com/@FlashbackTeam
youtube.com/@_JohnHammond
21) by @davidbombal - Linux, Python, Ethical Hacking, Networking, CCNA + other IT related topics.
by @stokfredrik - A bug bounty scene OG with high production quality videos
by @0xTib3rius - web apps, ctfyoutube.com/davidbombal
youtube.com/@STOKfredrik/
youtube.com/@Tib3rius/
I tried to include material here for all skills levels and differences in how people learn.

What great free courses do you like or have I missed?

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Alex Plaskett

Alex Plaskett Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @alexjplaskett

Alex Plaskett Profile picture
Feb 4
Continuing on from my previous thread on remote exploits (macOS/Linux) here is the eagerly antipated Windows version!

A small selection from multiple areas!

#cybersecurity #windows Image
TCP/IP

1/ ICMPv6 Router Advertisement packets by @0vercl0k



A remote kernel DoS vulnerability when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets. Patch diffing, reverse engineering tcpip.sys and creating a POC.doar-e.github.io/blog/2021/04/1…
2/ Sending a IPv6 fragmented datagram via IPsec ESP packets leads to a OOB write by @chompie1337



Another critical issue in tcpip.sys, patch diffing + investigation of the bug. A DoS poc and possible exploit primitives which could be used for RCE.securityintelligence.com/x-force/dissec…
Read 12 tweets
Alex Plaskett Profile picture
Dec 4, 2023
Jailbreaking the Sonos Era 100



The Era 100 is Sonos’s flagship device, released on March 28th 2023 and is a notable step up from the Sonos One. @NCCGroupInfosec found multiple weaknesses within the bootloader which could lead to full compromise

#sonos research.nccgroup.com/2023/12/04/sho…
Image
2/ According to Sonos, the issues reported were patched in an update released on the 15th of November with no CVE issued or public details of the security weakness. Users of Sonos devices should ensure to apply any recent updates to remediate the risk.
3/ In this article we document the process of analysing the hardware, discovering several issues and developing a persistent secure boot bypass for
the Sonos Era 100.
Read 13 tweets
Alex Plaskett Profile picture
Apr 2, 2023
Everyone knows that a firewall is meant to provide network security. However, what happens if that appliance has vulnerabilities on your external perimeter?

Here’s 5 firewall and VPN exploit research from the past:
1/ Cisco - @saidelike found and exploited a pre-auth RCE vuln in Cisco ASA firewalls recon.cx/2018/brussels/…
2/ Fortigate and Pulse Secure SSL VPN by @orange_8361 and @mehqq_ i.blackhat.com/USA-19/Wednesd… and followed up with more fortigate exploits by @hacks_zach github.com/horizon3ai/CVE… and blog.scrt.ch/2023/03/14/pro…
Read 7 tweets
Alex Plaskett Profile picture
Mar 4, 2023
Want to know how to find bugs through fuzzing others miss? 10 insights from practical experience 👇 Image
1/ Identify fresh attack surface - if there’s a public tool out there it’s likely either been published when it stops finding bugs or the vendor themselves are running at a scale you can’t match and your issues will likely become dupes.
2/ Develop custom tooling or extend reliable public fuzzers - Most the interesting bugs I have found have been from private tooling or massively extended public tools. Certain types of bugs (e.g. race condition issues) can be difficult to trigger with non specialist fuzzers.
Read 12 tweets
Alex Plaskett Profile picture
Feb 8, 2023
At the end of last year I decide to take a look into consumer router security (Netgear, TP-Link, Synology) and dam was there a lot of great previous research! Here are some articles which practically demonstrate RCE from a LAN or WAN perspective: Image
Netgear Routers Image
1/ Puckungfu: A NETGEAR WAN Command Injection @_mccaulay

research.nccgroup.com/2022/12/22/puc…

The pucfu binary executes during boot and will attempt to connect to a domain and retrieve a JSON response. This is hijacked with a specially crafted JSON response to perform command injection.
Read 19 tweets
Alex Plaskett Profile picture
Aug 7, 2022
Struggling to keep up with recent security research or want some helpful tips? Here’s some threads I have created which may help you 👇
1/ Bug Hunting in Hard Targets - #BugBounty
2/ Windows Kernel Exploitation -
Read 6 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(