Simon Roses Femerling – Blog

We are facing an extraordinary and very serious situation, so it is necessary for the population to stay at home. Fortunately we live in the information age and many of us hackers are used to being locked up at home since we were teenagers.

In this post I want to propose some hacker-themed ideas to train you and have a good time during confinement and all for free (or almost).

Update: More links and new sections including computer programing, lockpicking and web security.

Makers

• MagPi Magazine: cult magazine for Raspberry PI fans (you must have several of these devices in your arsenal). Lots of ideas to develop https://magpi.raspberrypi.org/
• Raspberry Pi Projects & Tutorials: repository of projects based on Raspberry PI https://maker.pro/raspberry-pi

Exploit Development and Reverse Engineering

• Azeria Labs: great resource to enter the world of ARM, including programming, exploits, assembler and VM labs https://azeria-labs.com/writing-arm-assembly-part-1/
• Fuzzy Security: exploit development in Windows https://www.fuzzysecurity.com/index.html
• CorelanTeam: the top resource for Windows exploit development https://www.corelan.be/
• Linux Kernel Exploitation https://github.com/xairy/linux-kernel-exploitation
• Ricardo Narvaja Tutorials http://ricardonarvaja.info/

Radio frequency (things you can learn even if you don’t have radios or SDR)

• Learn Morse code (although it is no longer required in the amateur radio license): Android Morse Mania Morse Code | iPhone Learn Morse Morse-it
• Perhaps it is a good time to study the amateur radio license
• How to Get an Amateur Radio License in the US Exam questions pool

Hacking Challenges: Capture The Flag (CTF)

• Hack The Box: the platform of excellence where you can practice pentesting https://www.hackthebox.eu/
• vulnhub: web portal to download a multitude of vulnerable VMs to exploit https://www.vulnhub.com/
• OverTheWire: all kinds of hacking challenges https://overthewire.org/wargames/
• CTFtime: portal to stay informed and find CTF worldwide https://ctftime.org/

Web Security

• Bugcrowd University https://www.bugcrowd.com/hackers/bugcrowd-university/
• Portswigger (Burp proxy) Web Security Academy https://portswigger.net/web-security
• PentesterLabs: various exercises to practice web hacking https://pentesterlab.com/exercises

Lockpicking

• MIT Guide to Lock Picking https://www.lysator.liu.se/mit-guide/MITLockGuide.pdf
• LockPickingLawyer https://www.youtube.com/channel/UCm9K6rby98W8JigLoZOh6FQ
• Deviant Ollam https://www.youtube.com/channel/UC4dxXZQq-ofAadUWbqhoceQ

Computer Programming

• Code Academy https://www.codecademy.com/
• w3schools https://www.w3schools.com/
• Code.org https://code.org/

Online Training (so many options but I put some interesting ones)

• Offensive Security Certified Professional (OSCP) Although this is paid, it is considered the certification of excellence for pentesting https://www.offensive-security.com/pwk-oscp/
• ElasticSearch: training in this powerful tool https://training.elastic.co/learn-from-home
• Cybrary: continuous training platform https://www.cybrary.it/

Videos

• OPCDE – COVID-19 Edition – VIR(TU)AL SUMMIT – The Future of Cybersecurity
• Advanced Persistent Talks (APTs) https://advancedpersistenttalks.com/
• DEF CON talks https://www.youtube.com/user/DEFCONConference/videos
• Irongeek: repository of links to a large number of talks http://www.irongeek.com/i.php?page=security/hackingillustrated
• My yotube channel :) https://www.youtube.com/playlist?list=PLBuqvP4l-eNgflH37Wds0EuQxavCculU4

Books & Zines

• International Journal of Proof-of-Concept or Get The Fuck Out (PoC||GTFO or PoC or GTFO) https://www.alchemistowl.org/pocorgtfo/
• Free Security Ebooks https://github.com/Hack-with-Github/Free-Security-eBooks
• Red Team: How to Succeed By Thinking Like the Enemy https://www.amazon.com/Red-Team-Succeed-Thinking-Enemy/dp/1501274899
• Tribe of Hackers Red Team: Tribal Knowledge from the Best in Offensive Cybersecurity https://www.amazon.com/Tribe-Hackers-Red-Team-Cybersecurity/dp/1119643325
• The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities https://www.amazon.com/Art-Software-Security-Assessment-Vulnerabilities/dp/0321444426
• IoT Hackers Handbook: An Ultimate Guide to Hacking the Internet of Things and Learning IoT Security https://www.amazon.com/-/es/Aditya-Gupta/dp/1974590127
• Inside Radio: An Attack and Defense Guide https://www.amazon.com/-/es/Qing-Yang-ebook/dp/B07BKVKL87/
• The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws https://www.amazon.es/dp/1118026470/
• PoC || GTFO https://www.amazon.com/-/es/Manul-Laphroaig-ebook/dp/B074YMZF4P/
• PoC || GTFO, Volume 2 https://www.amazon.com/-/es/Manul-Laphroaig/dp/1593279345/
• Elon Musk: Tesla, SpaceX, and the Quest for a Fantastic Future https://www.amazon.com/Elon-Musk-SpaceX-Fantastic-Future/dp/006230125X
• Zero to One: Notes on Start Ups, or How to Build the Future https://www.amazon.com/-/es/Zero-One-Notes-Start-Future-ebook/dp/B00KHX0II4/

I hope you find it useful and your confinement will be more pleasant. With all this material you will be busy for weeks, even months!

#StayAtHome / #StayAtHomeSaveLives

Reader: any proposal to add to this list? Thanks!

@simonroses