Skip to content

Instantly share code, notes, and snippets.

@adricnet

adricnet/sgbb_topics.md

Last active January 12, 2017 15:27
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save adricnet/2342c4c23282a6f32968b7d7b4d2452a to your computer and use it in GitHub Desktop.
Save adricnet/2342c4c23282a6f32968b7d7b4d2452a to your computer and use it in GitHub Desktop.
Download ZIP
Looking through some books, courses for SG ideas.
Raw
sgbb_topics.md

Looking through some books, courses for SG ideas. Guiding ideas:

  • target delivery : four weeks, twice a week ... or break into chunks
    • Building data models and heuristics , good process , demo tools and techniques (in that order)
    • supplement individual education plans, not job training
    • need a book or major reference, don't write a course

Books:

  • HC's WFA3 : response and investigation of windows systems
    • -10: F word , -10: very host based
    • -10: no labs built in: would have to find/make some from corpus/CTFs
      • Ch3 on memory analysis .. is dated and crunchy, would have to sub in
      • Ch2 on triage analysis hs soem good process, illustated with his tools
      • threat investigation perspective intros windows EP data and leads towards internals
      • defines and demonstrates hundreds of important concepts eg: Registry, ADS, PE, DLL, EVTX
  • CS,et al : ANSM
    • -20: leadership needs it, not analysts
    • -10: and then engineering ( C/D) , intel, need it, not analysis (A)
    • +10: lots of great definitions and terms, like: friendly intelligence, canary honeypots
  • PMA => LLMW
    • +25: excellent introductions to PE, Windows APIs
    • -10: only going to use 4? chapters of a huge expensive ($60/800 pp) book
    • -5: labs are dated, may need 32bit or XP
  • HC1
    • -10: 20 text labs w/ no files
    • +10: would force discussion and de-emphasize tools
  • PPA2/3 / Wireshark 101
  • AoMF
    • 100pp on intro to OS and volatility, 460pp of Windows memory (200 linux, 100 mac building off that)
    • everything Pavel covers in WI of any interest, from a DFIR perspective
    • full technical detail including memeory, disk, file structures
  • MZ: TTW => RtW
    • Part 1 only: -10: only going to use 1/3 of an expensive ($50/320 pp) book
    • best introduction to web technologies (and their troubled history)

OST.info courses:

  • HTID : is an attack techniques class, compares poorly to 504
  • Flow & Hunting : many tool details, only the last section looks interesting / doesn't overlap with 503
  • PCAP & Hunting: relies on ChopShop tool, no files available
  • MDA: a PMA-along class, videos have terrible audio quality

Pluralsight courses:

  • EH program
  • Pavel
  • Sec+, CASP, CCNA, CISSP? prep courses

Cybary courses

Odder ideas:

  • Sec+ prep
  • HC : Hacker's Challenge (1 2 3)
  • TMSA
  • Scripting (Python/sh/ps)

BBs:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment