Study Tools
Flash Card Machine (study tool)
Online quiz generator (CISSP, Sec+, and Net+ as well as a couple others)
https://www.skillset.com/certifications
CISSP practice exams
http://booksite.elsevier.com/companion/conrad/practice_exams.php
CISSP online study aid
http://securitycerts.org/review/cissp-acronyms.htm
OMG CISSP
http://omgcissp.com/
A good CompTIA exam site
https://crucialexams.com/
Another CompTIA exam site
http://www.hub4tech.com/comptia
http://booksite.elsevier.com/companion/conrad/
Security Certs CISSP Study Guide/Acronyms
http://securitycerts.org/review/cissp-study.htm
Computer Desktop Encyclopedia
http://www.computerlanguage.com/
App Store stuff:
These are out on the Apple and Android stores. Do a search on them for Apple'sCompTIA Certmaster
Network Toolbox
Network Subnetting
CISSP CBK-5 prep
CPE fulfillment
Steve Gibson's (as in GRC.com) Podcast
(*Todd D/L's the podcasts from grc.com and listens on the commute, takes notes on a printout of the first page of the transscript, and submit's a pdf of the notes as CPE evidence...so easy, a caveman could do it)
https://www.grc.com/securitynow.htm
-or-
https://twit.tv/shows/security-now
SC Magazine (5 CPE with Subscription):
http://www.scmagazineus.com/
Information Security Magazine (5 CPE with Subscription)
http://www.infosecurity-magazine.com/
Security Magazine (5 CPE with Subscription)
http://www.securitymagazine.com/
World Wide Security Conference Lists/Scheduling
https://secore.info/conferences
DEMONSTRATED/DISCUSSED PRODUCTS/WEBSITES:
Live attack map
http://map.ipviking.com -or- http://www.norse-corp.com/
AMTSO - Anti Malware Testing Standards Organization
http://www.amtso.org/
Is my information being sent unencrypted?
http://httpshaming.tumblr.com/http://map.ipviking.com -or- http://www.norse-corp.com/
AMTSO - Anti Malware Testing Standards Organization
http://www.amtso.org/
Is my information being sent unencrypted?
Have I been pwn3d? - Has my email address been "breached"? h/t: Troy Hunt
Check how much "of you" is searchable on FB, MS, 4S, etc
Your Beautiful Eyes (Biometrics):
Sandboxing software:
http://www.sandboxie.com/
ZIP+4 lookup
http://www.melissadata.com/lookups/zip4.asp
http://www.sandboxie.com/
ZIP+4 lookup
http://www.melissadata.com/lookups/zip4.asp
WIGLE (WiFi Wardriving):
http://wigle.net/
http://wigle.net/
Blue Jacking Tools Page:
http://www.bluejackingtools.com/
http://www.bluejackingtools.com/
Data Breaches:
http://www.privacyrights.org/data-breach
http://www.privacyrights.org/data-breach
Have you changed your appliance default passwords yet?
http://www.defaultpassword.com/
Malwarebytes Anti-Malware:
Spybot Search and Destroy:
http://www.safer-networking.org/en/download/
http://www.safer-networking.org/en/download/
AVG:
http://free.avg.com/us-en/homepage
F-Secure Blacklight
http://www.f-secure.com/en/web/labs_global/removal/blacklight
http://free.avg.com/us-en/homepage
F-Secure Blacklight
http://www.f-secure.com/en/web/labs_global/removal/blacklight
Chris Hadnagy's Social Engineering Page:
http://www.social-engineer.org/
http://www.social-engineer.org/
Gibson Research Corportation (Shields UP!! and Haystack):
http://www.grc.com/intro.htm
http://www.grc.com/intro.htm
FileFormat page: (Hashing: bottom right corner of the page)
http://www.fileformat.info/
ESET's online system scanner (GOOD TOOL!!)
http://www.eset.com/us/online-scanner/
Process Hacker 2 - a BETTER Task Manager than Windows Task Manager
http://processhacker.sourceforge.net/
Hotspot Shield - If you are NOT SURE of the hotspot you are connecting to...good tool!!
http://www.hotspotshield.com
Target knew before Dad did
http://iatcdetrick.blogspot.com/p/target-knew-before-dad-did.html
A quick tutorial on subnetting:
http://www.pantz.org/software/tcpip/subnetchart.html
Technet (A+ Course)
http://technet.microsoft.com/en-us/
Toms Hardware Page (A+)
http://www.tomshardware.com/
HowToGeek (A+)
http://www.howtogeek.com/
Shodan : Peruse IP cameras
https://www.shodan.io/
Recovery tool to use in case your "not marked as classified" 60,000+ yoga exercises and wedding cake recipe emails get "accidentally" lost.
https://www.piriform.com/recuva
Cipher Tools
http://rumkin.com/tools/cipher/
NowSecure blog (mobile platform
https://www.nowsecure.com/blog/
Security Reading Pages:
KnowBe4
https://blog.knowbe4.com/
Hack Read
https://www.hackread.com/
Scoop.it!
http://www.scoop.it/t/advanced-threats-intelligence-technology
Security Magazine Blog
http://www.securitymagazine.com/blogs/14
eForensics Magazine (Free online Subscription)
http://eforensicsmag.com/wp-login.php?action=register
Hacker Journals - Tech News for Hackers
http://www.hackerjournals.com/
The Hacker News
http://thehackernews.com/
Ethical Hacking News
http://www.ehackingnews.com/
Trusted Security
www.trustedsec.com or http://secmaniac.com/
Brian Krebs Security Blog
http://krebsonsecurity.com/
ARS Technica - Geek Info Galore !!! (Security stuff is on the Security/Hacktivism page)
http://arstechnica.com/
Robert Siciliano's Personal Security and Identity Theft Blog
http://robertsiciliano.com/blog/
Kaspersky Labs Security Blog
http://www.securelist.com/en/blog
Symantec Security Response and Security Focus Blogs
http://www.symantec.com/connect/symantec-blogs/sr
http://www.securityfocus.com/
ZDNet's Security Blog:
http://www.zdnet.com/blog/security
ESET Security page:
http://www.welivesecurity.com/
http://www.zdnet.com/blog/security
ESET Security page:
http://www.welivesecurity.com/
Security News Daily's Blog:
http://www.securitynewsdaily.com/
http://www.securitynewsdaily.com/
McAfee Labs Security Blog
http://blogs.mcafee.com/mcafee-labs
Bruce Schneier's Page
http://www.schneier.com/
CyberWarZone
http://www.cyberwarzone.com/
Security Affairs
http://securityaffairs.co/wordpress/
Information Security Buzz
http://www.informationsecuritybuzz.com/
Security Kaizen Magazine:
http://bluekaizen.org/
http://bluekaizen.org/
Hakin9 IT Security Magazine:
http://hakin9.org/
Hack-In-The-Box Network (Security Forums AND HITB Magazine)
http://hakin9.org/
Hack-In-The-Box Network (Security Forums AND HITB Magazine)
TradePub Security
http://www.tradepub.com/category/information-technology-security/1091/
Insecure Magazine
http://www.net-security.org/insecuremag.php
Uninformed
http://uninformed.org
The Binary Revolution
http://www.binrev.com
The Ethical Hacker
ethicalhacker.net
HackLu
http://archive.hack.lu/
InfoSec Island
http://www.infosecisland.com
Irongeek
www.irongeek.com
PHRACK
http://phrack.org/
Electronic Frontier Foundation
https://www.eff.org/
Hak5 Online Tech Show
hak5.org
Spectrum
http://spectrum.ieee.org/
Dragonfly BSD lists
http://lists.dragonflybsd.org/
The Guide to Mostly Harmless Hacking
http://happyhacker.org/gtmhh/index.shtml
VIDEOS:
Watchguard Videos (Bud/Corey/Scott videos):
http://www.watchguard.com/tips-resources/video-tutorials.asp
Jotti's Multi-platform virus scanner:
http://virusscan.jotti.org/en
Johnny Long's Home Page (Social Engineering):
http://www.hackersforcharity.org/
The 2600's home page (BLOCKED ON GOVT NETWORKS):
http://www.2600.com/
Trojan Horse Trucking:
http://www.wehaulmail.com/
Lares Consulting (Tiger Team Videos):
http://www.lares.com/
Core Impact Home Page (Tiger Team Videos):
http://www.coresecurity.com/
Gorilla
https://www.youtube.com/watch?v=IGQmdoK_ZfY
http://www.instructables.com/
http://makezine.com/
https://sugru.com/
"Learn More":
edX - Harvard/MIT collaboration for FREE Online Education
https://www.edx.org/
MIT Open Courseware
http://ocw.mit.edu/index.htm
Coursera
https://www.coursera.org/
Safari Books Online (ALL DoD personnel=FREE)
http://techbus.safaribooksonline.com/?uicode=dodairforce
Defense Cyber Investigations Training Academy
www.dcita.edu
The Cyber Library (Free IT Training)
http://www.cybrary.it/
Secret Squirrel Stuff:
Truecrypt repository on GRC
https://www.grc.com/misc/truecrypt/truecrypt.htm
Veracrypt
https://veracrypt.codeplex.com/
PrettyGoodPrivacy
http://cryptography.org/getpgp.htm
Off the Record (Encrypted IM)
http://wiki.xmpp.org/web/OTR
https://otr.cypherpunks.ca/
Pond: Secure Messaging (still in development...but also cool)
https://pond.imperialviolet.org/
Pwnie Express (PenTest Tools)
http://pwnieexpress.com/
Let's Encrypt - Free SSL/TLS Certificate Authority
https://letsencrypt.org/
Other Browsers: (If you don't like IE, Chrome, or Firefox)
1. For the "Truly Paranoid like me", Todd Like-ee Epic: https://www.epicbrowser.com/
2. OR, for the regular paranoid, you can also use good old TOR: https://www.torproject.org/
(NOTE: The NSA watches TOR....it was, after all, created by the Navy/DARPA)
3. If you are really against any type of spying on the web, you can opt out and do a Prism Break!
https://prism-break.org/en/
4. A slick chromium variant, Iron: http://www.srware.net/en/software_srware_iron.php
5. Our Chinese friends have a pretty cool one: http://www.maxthon.com/
6. For those who like to tweak their browsers: http://www.avantbrowser.com/
7. For those who want a bare-bone-simple one: http://midori-browser.org/
8. From the dudes who the original creators of Opera, I present https://vivaldi.com/
9. A trimmed version of FF, without the PC police overhead: http://www.palemoon.org/
10. A "remake" of the original Opera.....Otter : http://sourceforge.net/projects/otter-browser/
11. And another similar setup to #9....again without the thought police involvment: http://www.seamonkey-project.org/
12. A secure out of the box browser: https://www.whitehatsec.com/aviator/
.jpg "When you care enough to 'sploit the best")
Dr. Eeee-vil
"Don't make me angry....you would like me when I'm angry"
http://shipyourenemiesglitter.com/
All hail Samy, the magnificent!!
http://samy.pl/
Tricks of the tradecraft
http://www.inkthat.us/hacks/
and even more tradecraft
http://toolslabs.blogspot.com/
File Cabinet:
For our CISSP, Security+, and A+ students:
https://sites.google.com/site/iatcdetrick/home
Hybrid Cryptosystem walk thru (AKO site - CAC login)
https://www.us.army.mil/suite/doc/40593210
VA Reimbursement:
Here's what you need to send to the VA to get reimbursed for your exam fee:
PLEASE PLEASE PLEASE: BEFORE you mail this packet to the VA, MAKE TWO COPIES OF EVERY DOCUMENT!!!...I speak from personal "experience" with the VA Reimbursement program. MAKE...TWO...COPIES...OF...EVERYTHING!!
1. A copy of the hardcopy receipt that is provided to you at the Training Center (that's why we print two of them for you.) I recommend that you high-light the dollar amount.
2. VA Form 22-0803
http://www.vba.va.gov/pubs/forms/VBA-22-0803-ARE.pdf
Note: For our candidates in the DC Metro area, you will send these documents to the BUFFALO VA.
3. Weams pages: Make sure you select CERTIFICATION. Print this out and send it with your VA 22-0803 to "help" the VA know that it is supposed to reimburse you. I recommend that you high-light the line to "make sure" they understand that it IS reimbursable.
http://inquiry.vba.va.gov/weamspub/buildSearchLCCriteria.do
Search: "CISSP" for CISSP (don't use the quotes)
Search: "COMP TIA" for A+, Net+, and Sec+ (don't use the quotes)
for other certifications, you may have to try variants of the institution, the exam name, or the exam number. VA does NOT have a standardized database.
Click on the "Institution Profile" to get the address block info for the VA 22-0803
RMF (working)
http://www.ucisa.ac.uk/bestpractice/
Other things that don't fit any of the categories above:
http://getintopc.com/
http://www.tradepub.com/category/information-technology-security/1091/
Insecure Magazine
http://www.net-security.org/insecuremag.php
Uninformed
http://uninformed.org
The Binary Revolution
http://www.binrev.com
The Ethical Hacker
ethicalhacker.net
HackLu
http://archive.hack.lu/
InfoSec Island
http://www.infosecisland.com
Irongeek
www.irongeek.com
PHRACK
http://phrack.org/
Electronic Frontier Foundation
https://www.eff.org/
Hak5 Online Tech Show
hak5.org
Spectrum
http://spectrum.ieee.org/
Dragonfly BSD lists
http://lists.dragonflybsd.org/
The Guide to Mostly Harmless Hacking
http://happyhacker.org/gtmhh/index.shtml
VIDEOS:
Watchguard Videos (Bud/Corey/Scott videos):
http://www.watchguard.com/tips-resources/video-tutorials.asp
Jotti's Multi-platform virus scanner:
http://virusscan.jotti.org/en
Johnny Long's Home Page (Social Engineering):
http://www.hackersforcharity.org/
The 2600's home page (BLOCKED ON GOVT NETWORKS):
http://www.2600.com/
Trojan Horse Trucking:
http://www.wehaulmail.com/
Lares Consulting (Tiger Team Videos):
http://www.lares.com/
Core Impact Home Page (Tiger Team Videos):
http://www.coresecurity.com/
Gorilla
https://www.youtube.com/watch?v=IGQmdoK_ZfY
Make stuff:
http://www.instructables.com/
http://makezine.com/
https://sugru.com/
"Learn More":
https://www.edx.org/
MIT Open Courseware
http://ocw.mit.edu/index.htm
Coursera
https://www.coursera.org/
Safari Books Online (ALL DoD personnel=FREE)
http://techbus.safaribooksonline.com/?uicode=dodairforce
Defense Cyber Investigations Training Academy
www.dcita.edu
The Cyber Library (Free IT Training)
http://www.cybrary.it/
Secret Squirrel Stuff:
Truecrypt repository on GRC
https://www.grc.com/misc/truecrypt/truecrypt.htm
Veracrypt
https://veracrypt.codeplex.com/
PrettyGoodPrivacy
http://cryptography.org/getpgp.htm
Off the Record (Encrypted IM)
http://wiki.xmpp.org/web/OTR
https://otr.cypherpunks.ca/
Pond: Secure Messaging (still in development...but also cool)
https://pond.imperialviolet.org/
Pwnie Express (PenTest Tools)
http://pwnieexpress.com/
Let's Encrypt - Free SSL/TLS Certificate Authority
https://letsencrypt.org/
Other Browsers: (If you don't like IE, Chrome, or Firefox)
1. For the "Truly Paranoid like me", Todd Like-ee Epic: https://www.epicbrowser.com/
2. OR, for the regular paranoid, you can also use good old TOR: https://www.torproject.org/
(NOTE: The NSA watches TOR....it was, after all, created by the Navy/DARPA)
3. If you are really against any type of spying on the web, you can opt out and do a Prism Break!
https://prism-break.org/en/
4. A slick chromium variant, Iron: http://www.srware.net/en/software_srware_iron.php
5. Our Chinese friends have a pretty cool one: http://www.maxthon.com/
6. For those who like to tweak their browsers: http://www.avantbrowser.com/
7. For those who want a bare-bone-simple one: http://midori-browser.org/
8. From the dudes who the original creators of Opera, I present https://vivaldi.com/
9. A trimmed version of FF, without the PC police overhead: http://www.palemoon.org/
10. A "remake" of the original Opera.....Otter : http://sourceforge.net/projects/otter-browser/
11. And another similar setup to #9....again without the thought police involvment: http://www.seamonkey-project.org/
12. A secure out of the box browser: https://www.whitehatsec.com/aviator/
Dr. Eeee-vil
http://shipyourenemiesglitter.com/
All hail Samy, the magnificent!!
http://samy.pl/
Tricks of the tradecraft
http://www.inkthat.us/hacks/
and even more tradecraft
http://toolslabs.blogspot.com/
File Cabinet:
For our CISSP, Security+, and A+ students:
https://sites.google.com/site/iatcdetrick/home
Hybrid Cryptosystem walk thru (AKO site - CAC login)
https://www.us.army.mil/suite/doc/40593210
Here's what you need to send to the VA to get reimbursed for your exam fee:
PLEASE PLEASE PLEASE: BEFORE you mail this packet to the VA, MAKE TWO COPIES OF EVERY DOCUMENT!!!...I speak from personal "experience" with the VA Reimbursement program. MAKE...TWO...COPIES...OF...EVERYTHING!!
1. A copy of the hardcopy receipt that is provided to you at the Training Center (that's why we print two of them for you.) I recommend that you high-light the dollar amount.
2. VA Form 22-0803
http://www.vba.va.gov/pubs/forms/VBA-22-0803-ARE.pdf
Note: For our candidates in the DC Metro area, you will send these documents to the BUFFALO VA.
3. Weams pages: Make sure you select CERTIFICATION. Print this out and send it with your VA 22-0803 to "help" the VA know that it is supposed to reimburse you. I recommend that you high-light the line to "make sure" they understand that it IS reimbursable.
http://inquiry.vba.va.gov/weamspub/buildSearchLCCriteria.do
Search: "CISSP" for CISSP (don't use the quotes)
Search: "COMP TIA" for A+, Net+, and Sec+ (don't use the quotes)
for other certifications, you may have to try variants of the institution, the exam name, or the exam number. VA does NOT have a standardized database.
Click on the "Institution Profile" to get the address block info for the VA 22-0803
RMF (working)
http://www.ucisa.ac.uk/bestpractice/
Other things that don't fit any of the categories above:
http://getintopc.com/
