Looks good but if I may add a suggestion is to remove the slides from google docs. Maybe let us download them locally?
1. Corp VPN's will block google docs very regularly
2. Some people refuse to use google services
3. It shouldn't take you to a different domain to read the learning material
Great job getting this in front of people as soon as possible, this is a very polished product for a beta. Nothing worse than sitting on something waiting for it to be perfect or "complete". Excited to see where you go with this!
Another software exploit thing that appears to be entirely Linux centered. Nothing against it but this doesn't even touch "core cybersecurity concepts". As crappy as it is, a security+ will teach you more infosec than knowing how to write kernel rootkits and create rop gadgets in your sleep. Case in point: most "advanced" attackers (except the "equation group" lol) very very rarely use a zero day, A majority of attacks by these guys does not even see new exploits out of known public vulns. As easy and comfy as Linux is to hacker, try doing this in Windows land. You will gain a broader perspective. Just my $0.02c ,I am still glad to see more content like this.
We must have a different definition of advanced attackers because I can think of numerous countries that use zero days. A handful more that use COTS malware (i.e. NSO) that employs zero days.
Yes a few, very few compared to the rest. You will note I said most of them don't use 0 days and even 1 days. A lot attempt exploitation in some form of another, typically for vulns older than a few months.
It's simply too easy to use other means of delivery.
Mitre is not a complete list but they do a good job of keeping up with APT techniques. The most famous ones indeed use 0days and that is one of the reasons they're famous. But the end of the day they should be noteworthy based on damage done not "coolness" of the hack.
Software exploitation is a thing but not only is it seen less and less, modern mitigations are making a lot of the techniques obsolete. Look at the fall of exploit kits as an example.
There are far more advanced hacking groups than there are nation states. There are likely more criminal hacking groups in each individual country than there are nation states.
> could be also sold as a cloud-based research platform for vuln developers
You'd have a tough time getting any public Cloud provider to allow you to run known vulnerable software, on purpose, on their network and then exposing it to the Internet.
If you kept it under a decent amount of network security and heavily restricted access it might work.
I would suspect you'd need permission to set this up, though.
True. I think the biggest buyer of this would be gov institutions that are constantly looking for building their offensive capabilities (mainly around exploit dev) but find it hard to get new recruits trained up. The alternatives are mostly instructor-led training which is good but combined with this type of platform + remote assistance via chat etc could scale things up.
Great work, Yan and Connor! It's interesting that the solutions are not made publicly available. Is this intended towards educators to use in their cybersecurity classes?
Looking forward to the collection of modules. Right now I'd say it's a bit too linux centric. Especially when it comes to bringing cypersecurity concepts to new people I think it's usually better to start with basic stuff like SQL injection ('bobby tables') or ARP spoofing. They even state it's aimed at white belts, yet have slides about the different rings in a linux kernel. But maybe that's just my perception. Great anyway!
Readit News
1. Corp VPN's will block google docs very regularly 2. Some people refuse to use google services 3. It shouldn't take you to a different domain to read the learning material
It's simply too easy to use other means of delivery.
Look at drive by: https://attack.mitre.org/techniques/T1189/
In most cases the only thing exploited is the sites hosting their malware (typical joomla/wp sites).
Spear phishing attachment: https://attack.mitre.org/techniques/T1193
I see about 3 examples out of 40 that use exploits.
Spearphishing link: https://attack.mitre.org/techniques/T1192/
2/20
https://attack.mitre.org/techniques/T1190/ only 5 examples for public facing asset exploit,mostly sql injection.
Mitre is not a complete list but they do a good job of keeping up with APT techniques. The most famous ones indeed use 0days and that is one of the reasons they're famous. But the end of the day they should be noteworthy based on damage done not "coolness" of the hack.
Software exploitation is a thing but not only is it seen less and less, modern mitigations are making a lot of the techniques obsolete. Look at the fall of exploit kits as an example.
https://blog.ret2.io/2018/09/11/scalable-security-education/ These guys have built an epic b0f research education platform - could be also sold as a cloud-based research platform for vuln developers
Another one is https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/vid... for mostly C/C++ overflow type education
You'd have a tough time getting any public Cloud provider to allow you to run known vulnerable software, on purpose, on their network and then exposing it to the Internet.
If you kept it under a decent amount of network security and heavily restricted access it might work.
I would suspect you'd need permission to set this up, though.
- Wechall
- OverTheWire
- SmashTheStack.org
- CryptoPals.com
- Google Gruyere appspot
- https://pwnable.tw
- https://pwnable.xyz
https://www.hacking-lab.com/
In my opinion that is.