Are you interested in the forensic side of information security? Want to hone your pen testing skills but not sure where to start? Heard of reverse engineering, but it seems like a black art?
This article is a link dump (so it might go out of date, sorry) of free tools and resources to help you along the way. It started from an email I sent to a security analyst who was interested in learning more about this field.
My interests lie more in cybersecurity risk and management, rather than this low-level, detail-orientated stuff. Yes, that is my way of saying, “No way would I be good enough to reverse engineer malware.” But if I were going to get into this field, this is where I would start.
Feel free to suggest further links in the comments!
Capture The Flag
CTFs are intended to be a fun way to improve your forensic and testing skills.
Learn about CTF: https://ctftime.org/ctf-wtf/
How to get started: https://www.endgame.com/blog/technical-blog/how-get-started-ctf
Intro (biased towards competitions): https://www.alienvault.com/blogs/security-essentials/capture-the-flag-ctf-what-is-it-for-a-newbie
Online CTFs (and other similar challenges):
- OverTheWire Wargames
- RingZer0 Team Online CTF
- SANS Holiday Hack (annual event, with past challenges archived and playable)
- PicoCTF by Carnegie Mellon
- pwnDefend (Twitter feed with periodic live challenges)
There are a few free digital forensics courses out there. Including:
- http:// https://www.itmasters.edu.au/free-short-course-digital-forensics/
And a bunch of articles and tutorials at Null Bytes: https://null-byte.wonderhowto.com/how-to/forensics/
Deliberately Vulnerable Services
For flexing all kinds of penetration testing muscles: