Computer security resources for self-study and career planning

In: Security
Published on 2020-09-27
Written from the perspective of a third-year PhD candidate in the Netherlands.

This is a list of self-study resources for people that want to get into the computer security field. I started this list in december 2015, just before I started my job as a security specialist at the National Cyber Security Centre of the Netherlands. It contains resources for learning new techniques and tools, self-study, career planning and personal development. All of these were useful to me personally, and every link is hand-picked. ;)

As you can see, computer security is a huge field. Please don't feel overwhelmed. If you don't know where to start, check out the resources listed under 'career'.

Most resources are in English and some of them are in Dutch.

I hope this list is helpful. If you know any good additions, feel free to let me know via Twitter, email or in real life.

Assembly

• Microcorruption, Matasano [online challenges]
• TIS-100, Zachtronics [game]
• Assembly 101, FriedSpace [website]

Capture The Flag

• PicoCTF, Carnegie Mellon University [online challenges]
• Microcorruption, Matasano [online challenges]
• OverTheWire, [online challenges]
• Certified Secure, Certified Secure [online challenges] (Dutch)

Capture The Flag (Beginners)

• PicoCTF, Carnegie Mellon University [online challenges]
• OverTheWire, [online challenges]
• Certified Secure, Certified Secure [online challenges] (Dutch)

Career

• How To Become an Infosec Expert, Part I, Alex Kirk, Talos Intel [book list]
• Don't Call Yourself A Programmer, And Other Career Advice, Patrick McKenzie, Kalzumeus [article]
• CTF Field Guide: Career Cheatsheet, Trail of Bits [article]
• How to Milk a Computer Science Education for Offensive Security Skills, Raphael Mudge [article]
• Google careers: Guide to technical development, Google [article]
• Starting an InfoSec Career - chapters 1-7, Lesley Carhart [article]

Cryptography

• Cryptopals, Matasano [programming exercises]

• The Code Book, Simon Singh [book, non-fiction]
  Nice introduction to secret language and cryptography for a general audience.

• Cryptography I, Stanford University [online course]

Cybercrime

• Fraudehelpdesk, [organisation] (Dutch)

Cybersecurity In The Nederlands

• Cybersecuritybeeld NL 2020, Nationaal Cyber Security Centrum [publication] (Dutch)

Dark Web

• The Dark Net, Jamie Bartlett [book, non-fiction]

Ethical Hacking

• Helpende hackers, Chris van 't Hof [book, non-fiction] (Dutch)
• Coordinated vulnerability disclosure (CVD): the guide, Nationaal Cyber Security Centrum [publication]
  A guide for organizations and ethical hackers for the responsible reporting and handling of vulnerabilities in information systems and (software) products.

Fraud

• Fraudehelpdesk, [organisation] (Dutch)
• Catch me if you can, Steven Spielberg [movie]

Incident Response

• A Soft-ish Introduction to Malware Analysis for Incident Responders, Greg Carson [article]

Information Security

• Information security for journalists, The Centre for Investigative Journalism [publication]
• Security Engineering, Ross Anderson [book, non-fiction]

Internet Freedom

• Bits of freedom, [organisation] (Dutch)
• Little brother, Cory Doctorow [book, novel]

Linux

• OverTheWire, [online challenges]
• How Linux Works: What every superuser should know, Brian Ward [book, non-fiction, technical]

Lockpicking

• Toool: The Open Organisation Of Lockpickers, [organisation]

Malware Analysis

• How to Get Started With Malware Analysis, Lenny Zeltser, SANS [article]
• Practical malware analysis: The Hands-On Guide to Dissecting Malicious Software, Michael Sikorski, Andrew Honig [book, non-fiction, technical]
• A Soft-ish Introduction to Malware Analysis for Incident Responders, Greg Carson [article]
• REMnux, Lenny Zeltser & David Westcott [operating system/toolkit]

Penetration Testing

• How to Milk a Computer Science Education for Offensive Security Skills, Raphael Mudge [article]
• SEC560: Network Penetration Testing and Ethical Hacking, SANS [training course]
• Helpende hackers, Chris van 't Hof [book, non-fiction] (Dutch)

Physical Security

• Toool: The Open Organisation Of Lockpickers, [organisation]

Privacy

• Information security for journalists, The Centre for Investigative Journalism [publication]
• Bits of freedom, [organisation] (Dutch)
• Little brother, Cory Doctorow [book, novel]
• Je hebt wél iets te verbergen, Maurits Martijn & Dimitri Tokmetzis [book, non-fiction] (Dutch)

Programming

• TIS-100, Zachtronics [game]
• Cryptopals, Matasano [programming exercises]

Ransomware

• Fraudehelpdesk, [organisation] (Dutch)
• No More Ransom, Europol, Kaspersky, Politie NL, e.a. [website]
  Initiative of Europol, Kaspersky Lab and the Dutch police to collect decryption keys for ransomware and put them online. Victims of ransomware can check this website to see if it is possible to undo the encryption.

Responsible Disclosure

• Helpende hackers, Chris van 't Hof [book, non-fiction] (Dutch)
• Coordinated vulnerability disclosure (CVD): the guide, Nationaal Cyber Security Centrum [publication]
  A guide for organizations and ethical hackers for the responsible reporting and handling of vulnerabilities in information systems and (software) products.

Reverse Engineering

• REMnux, Lenny Zeltser & David Westcott [operating system/toolkit]

Social Engineering

• Catch me if you can, Steven Spielberg [movie]

Wargames

• PicoCTF, Carnegie Mellon University [online challenges]
• Microcorruption, Matasano [online challenges]
• OverTheWire, [online challenges]
• Certified Secure, Certified Secure [online challenges] (Dutch)

This list was last updated on 2020-09-27