Here is a list of some free trainings and courses about information security I found while browsing the Web. I hope it will help you to get a better understanding of the various field of information security.
Note: This section is constantly evolving. Last update: October 18, 2021.
Modern Binary Exploitation
Modern Binary Exploitation (MBE) is a free course developed and used by RPISEC to teach Modern Binary Exploitation at Rensselaer Polytechnic Institute. It covers basic x86 reverse engineering, vulnerability analysis, and classical forms of Linux-based userland binary exploitation. It also focus on protections found on modern systems and the techniques used to defeat them. This course come with a large number of labs that I’ll explain in this write-up.
Malware Analysis is a free course developed and used by RPISEC to teach Malware Analysis at Rensselaer Polytechnic Institute in Fall 2015. This was a university course developed and run soley by students, primarily using the Practical Malware Analysis book by Michael Sikorski and Andrew Honig, to teach skills in reverse engineering, malicious behaviour, malware, and anti-analysis techniques.
Developed from the materials of NYU Tandon’s old Penetration Testing and Vulnerability Analysis course, Hack Night is a sobering introduction to offensive security. A lot of complex technical content is covered including, source code auditing, web security, application security and reverse engineering.
Offensive Computer Security
Developed by the Florida State University Computer Science Department, the Offensive Computer Security class vision is to fill the common gaps left by most University level security courses, by giving students a deep technical perspective of how things are attacked and hacked.
RE101 is a free workshop provided by Amanda Rousseau (@malwareunicorn). This workshop provides the fundamentals of reversing engineering (RE) Windows malware using a hands-on experience with RE tools and techniques. It will teach you RE terms and processes, followed by creating a basic x86 assembly program, and reviewing RE tools and malware techniques. The course will conclude by participants performing hands-on malware analysis that consists of Triage, Static, and Dynamic analysis.
Bugcrowd University is a free and open source project to help level-up our security researchers. It includes content modules to help our researchers find the most critical and prevalent bugs that impact our customers. Each module will have slide content, videos, and labs for researchers to master the art of bug hunting.
Heap Exploitation is a short book wrote for people who want to understand the internals of heap memory, particularly the implementation of glibc’s malloc and free procedures, and also for security researchers who want to get started in the field of heap exploitation.
ROP Emporium helps you to learn return-oriented programming through a series of challenges designed to teach ROP techniques in isolation, with minimal reverse-engineering and bug-hunting.
SQLi Labs provides multiple workshops to experients various SQL Injections type.
Web Security Academy
The Web Security Academy contains free training on cybersecurity topics, including security vulnerabilities, techniques for finding and exploiting security flaws, and defensive measures for avoiding them.
Computer Network Security
The CNS - CTF Crunch course aims at providing a set of tools for vulnerability assessment and security calibration both at the network and at the operating system level. You will spend a large part of the labs and assignments working with binaries. You will have to find vulnerabilities in those binaries, then exploit them and fix the vulnerabilities in order to illustrate various secure coding practices.
The Malware-Analysis-Training course was designed for students who have an introductory / basic understanding of x86 assembly and reverse engineering as well as more advanced students wishing to refresh their skills and learn new approaches to familiar problems. The course will cover the basics of x86 assembly and pattern recognition, Windows process memory layout, tools of the trade (such as IDA Pro and OllyDbg), the PE file format and basic exploitation methodologies abused by worms to penetrate a target system (stack/heap overflows). As this course is focused on malicious code analysis, students will be given real-world virus samples to reverse engineer. The details of executable packing, obfuscation methods, anti-debugging and anti-disassembling will be revealed and re-enforced with hands-on exercises.
CS6038/CS5138 Malware Analysis
The CS6038/CS5138 Malware Analysis will introduce the students to malware concepts, malware analysis, and black-box reverse engineering techniques. It is intended to introduce the students to types of malware, common attack recipes, some tools, and a wide array of malware analysis techniques. You can find videos here.
CS253 Web Security
The CS253 Web Security is a comprehensive overview of web security. The goal is to build an understanding of the most common web attacks and their countermeasures. Given the pervasive insecurity of the modern web landscape, there is a pressing need for programmers and system designers to improve their understanding of web security issues.
Offensive Software Exploitation (OSE) Course
The Offensive Software Exploitation covers offensive exploitation concepts taught at Champlain College during Spring 20/21. It includes multiple topics like exploitation techniques, post exploitation, reverse engineering, code injection and much more.
Evading Detection: A Beginner’s Guide to Obfuscation
The Evading Detection: A Beginner’s Guide to Obfuscation is a hands-on class to learn the methodology behind malware delivery and avoiding detection. This workshop explores the inner workings of Microsoft’s Antimalware Scan Interface (AMSI), Windows Defender, and Event Tracing for Windows (ETW). We will learn how to employ obfuscated malware using Visual Basic (VB), PowerShell, and C# to avoid Microsoft’s defenses. Students will learn to build AMSI bypass techniques, obfuscate payloads from dynamic and static signature detection methods, and learn about alternative network evasion methods.