ETHICAL HACKINGCOURSE PROPOSAL*

2016-06-03 (YYYY-MM-DD)version 0.2

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

JAKUB RUZICKAlinkedin.com/in/littlerosejameslittlerose@gmail.com

* I’m currently working on the course offeringin 2016/2017 and looking for collaborators(do not hesitate to drop me a line!)

OUTLINE

LITERATURE

SYLLABUS

TEACHING METHODS

EXAMINATION

ENTRY REQUIREMENTS

INTENDED LEARNING OUTCOMES

ANNOTATION

ANNOTATION

ANNOTATION

The course gives a professional and academic introduction to computer and information security using the ethical hacking approach, which enables improved defence thanks to adopting an attacker mindset when discovering vulnerabilities, hands-on experience with different attacks, facilitates linking theory and practice in significant areas of one’s digital literacy, and can therefore be utilized by (future) security professionals, (informed) decision-makers, (savvy) users and developers alike.

INTENDED LEARNING OUTCOMES

INTENDED LEARNING OUTCOMES

Upon completion of the course, the students will:

■ be introduced to (both theory and practice of) common computer and information security vulnerabilities in their interdisciplinary nature

■ be able to perform basic penetration testing tasks (as defined by pentest-standard.org) using software tools and their own program code

■ understand the broader context of cybersecurity (macro level), the wide range of related topics for further self-driven education and/or professional /academic specialization, and become savvier ICT users and developers (micro level)

■ perceive ethical hacking as a ‘problem-discovery’ and ‘problem-solving’ tool (as opposed to ‘problem-creating’ tool)

INTENDED LEARNING OUTCOMES

Upon completion of the course, the students will not:

■ become computer security experts (however, you will be able to have a technically competent talk with a computer security expert and/or know what to ask as a client)

■ become expert hackers and/or expert penetration testers (however, you will acquire enough skills to find, test and fix common basic computer security threats and know what to do next to grow)

■ take ‘it is secure’ for an answer (you will want to know how/when/where/why it is secure and how/when/where/why it is not)

■ perceive the ‘ethical’ in ‘ethical hacking’ as needless =) (at the first lecture of our course, following the example of similar courses, we will sign a mutual agreement regarding the conditions under which the course is taught, how to ethically and legally use your knowledge and skills, and what is /is not ok)

ENTRY REQUIREMENTS

ENTRY REQUIREMENTS

As this should be an introductory-level course, we’ll stick to the higher-level overview and a breadth of topics (as opposed to depth /specialization, which, in turn, will be part of your final projects). We believe that anyone with enough determination, motivation and willingness to work hard (it's worth it!) can learn anything and make great progress (khanacademy.org/youcanlearnanything). Therefore, we welcome anyone with and without prior computer security interest /experience or programming experience; visiting and domestic students; students inside and outside the Faculty of Information Technology (we’d love to see collaboration of students across various disciplines); students who intend to pass the final exam and those who just want to expand their knowledge (a diverse community is stronger and more vibrant). We’ll attempt to accommodate you by making the curriculum easy to understand (while leaving it factually correct), teaming up more experienced and less experienced students, individual consultations, and referring to open educational resources suitable for meeting necessary prerequisites or for one’s goal-directed knowledge expansion. That said, motivated ICT beginners who want to pass the course (as opposed to just auditing it) should (naturally) be ready to invest a significant part of their time in their personal development. Basic knowledge of computer science (any introductory course /professional experience /...), user knowledge of computer devices, common operating systems, possibly also network protocols (the very basics), and developer /practical experience with any programming language and/or any database management system (and a taste for learning new syntax, technologies, specifications, ...)* can reinforce course participants’ protection against being overwhelmed during the semester.

* All of these (and much more) can be reviewed using online open educational resources even before the course begins.We also plan to organize an information meeting for anyone interested in taking this course.

Note: Course vacancies might be, free of charge, offered to the general public including but not limited to employees, freelancers, high school students, individuals on parental leave, senior citizens, and so on.

EXAMINATION

EXAMINATION

Project defence of teams consisting of (roughly) 3 students in the form of performing a penetration test in a (small and prearranged) organization*, which will be developed continuously during the whole semester (you should be able to handle the next logical step of the project after each of our f2f sessions), and which will be assessed by course lecturers and your client alike. The penetration test is expected to cover the main course topics with a specialization of each team member on a particular area she/he finds most meaningful with regards to her/his goals (it’ll be discussed with her/him during the project defence and also ensures individual contributions of all members of a team).

* You will need to sign an agreement there (pentest-standard.org/index.php/Pre-engagement)for both your and the company’s protection. Even though neither (pun intended) contracting party will be financially remunerated, it’s a great way to get your first professional contact and/or recommendation.

EXAMINATION

Evaluation criteria:

20% research around the infrastructure of an organization and possibleattack vectors (background and theory)

40% vulnerability analysis and exploitation (analyses, assessment,documentation, methodology, tools used, program code, raw data)

20% suggested measures (technical as well as regulatory /policies)

20% executive summary, presentation, answers to questions

The course is graded A (≥90%), B (≥70%), C (≥60%), or D (<60%). A, B or C is needed to pass the course. In accordance with the examination regulations of Charles University in Prague (cuni.cz/UKEN-121-version1-cu__studyexam_7thcode.pdf), you have the right to two resit dates (i.e., max three project defences in total).

MOTIVATION

■ improve your skills and translate theory into practice

■ gain confidence but also appreciate the huge amount of areas where one could/should build up her/his expertise

■ put a successful project on your resume and earn a professional contact who can recommend you

Note: It’s important to get the job done and it doesn’t matter (too much) which tools you use. Even though it’s possible (and understandable) that you might tend to use the same procedures and methods you’ve seen at the lectures, students’ /teams’ own research and testing tailored to the needs and infrastructure of a particular organization is expected. It’s not assumed that your (likely ‘first ever’) report will be perfect (nor that you’ll discover a zero-day vulnerability =)). However, it should be apparent that you’ve tried hard (everything from the course and beyond it, based on your own research). Moreover, thanks to your client’s questions, the project defence will, in a natural manner, also cover the theory and the broader cybersecurity context (practical experience with explaining computer security to a non-expert audience).

TEACHING METHODS

F2F BLOCK TEACHING SESSIONS

■ interactive* /live /real-time rather than ‘scripted’ lectures (semi-formal discussion and on-time explanation of a concept) including hands-on tutorials /labs■ short intros /’sketches’ by the lecturers (an attacker vs. a user or a defender)■ going from the micro level (a specific vulnerability) to the macro level (corporate /national /international)■ beginning with a particular technology /device /another entity (essential background theory, known vulnerabilities

and exploits), followed by how-to using existing tools and/or one’s own program code (testing and understanding what’s happening under the hood), concluded by discussion of possible solutions, alternatives, more general questions, relations to other topics, …

■ vulnerable physical devices, virtual machines and/or informed ‘sparring partners’ allowing the students to try out different attacks

■ engagement questions and mock assignments (not only) from professional certifications’ exams■ short trips ‘into the field’ (visiting a public space with the objective of educating the general population via proofs of

concepts, visiting a computer security company, ...)

■ BYOD (Bring Your Own Device) as you’ll need to set up and use your own development environment

* Be engaged if you feel it improves your learning efficiency. Have a discussion, ask questions, write on the online whiteboard /contribute to the shared study material (see Distance Learning), share your personal experience and/or what you find online during the lecture (trust, but verify).

DISTANCE LEARNING

■ open educational resources suggested for each session

■ Q&A forum(How do I ask a good question? stackoverflow.com/help/how-to-ask)

■ sharing your work in progress and discussing it with others

■ (if you agree) shared notes /study material /wiki /... created by the students of the course and for the students of the course(also reviewed and co-created by the lecturers), where one can focus on creating background for her/his specialization

■ voluntary ‘challenges’, small pen test tasks to reinforce your skills

GUEST LECTURERS (POSSIBLY WEBINARS)

■ professionals, researchers, authors, prospective employers, …■ expertise in a particular core topic of our course and/or on request

(based on what is most meaningful to you with regard to your final project and/or your personal professional /academic goals and interests)

Note: Class attendance is voluntary (naturally). Interact with the course in a way that suits you best. It's totally fine if you're a self-driven learner who approaches the lecturers only when she/he needs their help. Similarly, you might just want to audit the course (you don't want to complete it) and/or hand-pick only the topics that interest you. On the other hand, if you are not engaged because you think we can do better, by all means, tell us so that we can work on it!Make the course our joint project. Let's adjust and approve the course structure and course requirements at the very beginning so that it supports your individual and our common goals (answering all ‘Why?’ questions and introducing you to the reasoning behind the course should boost your self-motivation). Take the initiative and come up with ideas for lectures /course topics /guests /..., get involved by teaching what you know /are good at /what you want to improve in /..., contribute to the development of the course in order to obtain your desired life /professional /academic /... skills.

MAIN TOOLS

■ Kali Linux

■ Linux command line

■ Python

■ VirtualBox

SYLLABUS

1. INTRODUCTION & PREREQUISITES

■ Introduction to Computer & Information Security■ Introduction to Ethical Hacking & Penetration Testing■ Law & Ethics of Offensive Security

■ Computer Science & Computer Fundamentals■ Communication Protocols, Networking Technologies, Web Technologies

■ Introduction to Kali Linux■ Introduction to Linux Command Line■ Introduction to Python Programming

2. FOOTPRINTING, INTELLIGENCE GATHERING, THREAT MODELING

■ Active & Passive Reconnaissance■ Physical Security■ Social Engineering■ Network Analysis

■ Intrusion Detection and Prevention■ Firewalls & Antiviruses

Note: The 2nd and 3rd blocks of the course (to which we’ll probably dedicate most of our time) cover working with vulnerability scanners, exploitation tools and other available tools, and/or developing Bash shell and Python scripts.

3. VULNERABILITY ANALYSIS, EXPLOITATION, POST EXPLOITATION

■ Active & Passive Attacks■ Software, Database, Wireless, Web Application, OS & Mobile Security■ Architecture & Security of Popular Operating Systems: Linux, Windows, OS X, Android, iOS, Chrome OS, BSD■ Viruses, Worms, Rootkits, Trojans, Backdoors, Bots, Ransomware, Spyware, Adware & Other Malware■ Host Attacks, Network Attacks, Spoofing, Denial of Service

■ Applied Cryptography, Password Cracking■ Black Box & White Box Testing■ Source Code Auditing, Fuzzing■ Digital & Computer Forensics■ Steganography

■ Hardware Security, Firmware, Booting■ Malware Analysis, C/C++, Assembly■ Debugging, Disassembly, Reverse Engineering

4. REPORTING, MEASURES, BUSINESS, MANAGEMENT

■ Writing a Penetration Testing Report■ Disaster Recovery, Incident Response

■ Standards (and Their Shortcomings), Regulatory Compliance, Security Policies■ Security Management, Risk Assessment and Security Metrics

■ Security Education and Awareness■ Security Measures and Software /Solutions

5. MACRO & MICRO-LEVEL CYBERSECURITY

■ History of Computer Security■ Milestones and Famous Hacks, Attacks & Malware■ Economics of Cybercrime■ Cyberwarfare, Critical Infrastructure Security■ Privacy & Surveillance

6. APPLICATIONS & GETTING OUT OF YOUR COMFORT ZONE

■ Cloud Computing Security■ Peer-to-Peer Network Security■ Programming Languages Security■ Embedded Device & Internet of Things Security■ Augmented Reality & Virtual Reality Security■ Point of Sale Security■ E-commerce Payment Systems Security■ Cryptocurrencies Security■ Deep Web & Dark Web■ Hacking Satellites■ Hacking Cars, Drones, Planes, Trains, ...■ Hacking Washing Machines, Fridges, ...■ Quantum Computing■ Artificial Intelligence■ Big Data■ Bioengineering & Biohacking■ 3D Printing■ Game Hacking■ GPU malware■ (...)

Disclaimer: In spite of the fact that we’ll try to fit our sessions’ continuity with a typical sequence of steps in a penetration test (pentest-standard.org), the content of the course and the order of its sections /teaching blocks might be subject to change based on pace, level of proficiency, and other requirements of the course group. At the end of the course, we’ll apply the obtained knowledge and skills to areas beyond our comfort zone, which should be a lot of fun and expanding one’s horizons, but possibly not directly related to the final projects, therefore giving you some extra time to work on it.

LITERATURE

LITERATURE

The students are not required to read any of the following publications but might find them handy when looking for inspiration, reference, sample code, or when some part of the course takes their interest so that they want to follow it up with more in-depth self-directed study. Further online /paperback study resources, tutorials, libraries, frameworks, and other tools will be introduced within specific topics of the course.

Visit the Charles University in Prague Central Catalog at ckis.cuni.cz to access some of the books and/or their alternatives.

A short metadiscussion: Bear in mind that the gals and guys who published the books below, speak at conferences, write blogs, etc. (most likely) are not the same gals and guys that might want to exploit your /your client’s vulnerability. Being a ‘good guy’ means that you are, for the most part, also taught by the ‘good guys’. It’s therefore worth to purposefully practice the bad guy’s mindset, for which we can’t provide you with any guaranteed manual. The well-documented attack vectors and (often) US-centric /written by US authors resources do not substitute your own research in your particular environment. Moreover, this list is by no means comprehensive and we’ll be able to give you a (much) more targeted recommendation if you tell us where you are (regarding your current knowledge and skills in a particular area) and where you want to be. On top of that: “Practice, practice, practice.”

HACKING & PENETRATION TESTING

[01] P. Engebretson, The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy, 2nd edition. Amsterdam; Boston: Syngress, 2013.

[02] G. Weidman, Penetration Testing: A Hands-On Introduction to Hacking, 1st edition. San Francisco: No Starch Press, 2014.

[03] D. Regalado et al., Gray Hat Hacking The Ethical Hacker’s Handbook, 4th edition. McGraw-Hill Education, 2015.

[04] P. Kim, The Hacker Playbook 2: Practical Guide To Penetration Testing. CreateSpace Independent Publishing Platform, 2015.

[05] E. Skoudis and T. Liston, Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, 2nd edition. Upper Saddle River, NJ: Prentice Hall, 2006.

SOCIAL ENGINEERING & PHYSICAL SECURITY

[06] C. Hadnagy, Social Engineering: The Art of Human Hacking, 1st edition. Indianapolis, IN: Wiley, 2010.

[07] K. D. Mitnick, W. L. Simon, and S. Wozniak, The Art of Deception: Controlling the Human Element of Security. Indianapolis, Ind: Wiley, 2003.

[08] J. Long et al., No Tech Hacking: A Guide to Social Engineering, Dumpster Diving, and Shoulder Surfing, 1st edition. Burlington, MA; Oxford: Syngress, 2008.

[09] M. Bazzell, Open Source Intelligence Techniques: Resources for Searching and Analyzing Online Information, 4th edition. CreateSpace Independent Publishing Platform, 2015.

[10] J. Long, B. Gardner, and J. Brown, Google Hacking for Penetration Testers, 3rd edition. Syngress, 2015.

[11] D. Ollam, Practical Lock Picking: A Physical Penetration Tester’s Training Guide, 2nd edition. Waltham, MA: Syngress, 2012.

NETWORKING

[12] S. McClure, Hacking Exposed 7: Network Security Secrets and Solutions, 7th edition. McGraw-Hill Education, 2012.

[13] E. Maiwald, Network Security: A Beginner’s Guide, 3rd edition. New York: McGraw-Hill Education, 2012.

[14] C. Sanders, J. Smith, Applied Network Security Monitoring: Collection, Detection, and Analysis, 1st edition. Amsterdam; Boston: Syngress, 2013.

[15] R. Bejtlich, The Practice of Network Security Monitoring: Understanding Incident Detection and Response. San Francisco: No Starch Press, 2013.

[16] A. Anderson and R. Benedetti, Head First Networking, 1st edition. Beijing: O’Reilly Media, 2009.

[17] K. R. Fall, W. R. Stevens, TCP/IP Illustrated, Volume 1: The Protocols, 2nd edition. Upper Saddle River, NJ: Addison-Wesley Professional, 2011.

[18] C. M. Kozierok, The TCP/IP Guide: A Comprehensive, Illustrated Internet Protocols Reference, 1st edition. San Francisco: No Starch Press, 2005.

[19] B. A. Forouzan, TCP/IP Protocol Suite, 4th edition. Boston: McGraw-Hill Education, 2009.

NETWORKING

[20] L. L. Peterson and B. S. Davie, Computer Networks: A Systems Approach, 5th edition. Morgan Kaufmann, 2011.

[21] M. Gregg, The Network Security Test Lab: A Step-by-Step Guide. Wiley, 2015.

[22] C. Liu and P. Albitz, DNS and BIND, 5th edition. Sebastopol, CA: O’Reilly Media, 2006.

[23] S. Hagen, IPv6 Essentials, 2nd edition. Sebastopol: O’Reilly Media, 2006.

[24] S. Hogg and E. Vyncke, IPv6 Security, 1st edition. Indianapolis, IN: Cisco Press, 2008.

[25] M. Farley, Storage Networking Fundamentals: An Introduction to Storage Devices, Subsystems, Applications, Management, and File Systems, 1st edition. Indianapolis, IN: Cisco Press, 2004.

[26] M. Collier and D. Endler, Hacking Exposed Unified Communications & VoIP Security Secrets & Solutions, 2nd edition. New York: McGraw-Hill Education, 2013.

[27] E. F. Crist and J. J. Keijser, Mastering OpenVPN. Packt Publishing, 2015.

[28] X. Shen et al., Handbook of Peer-to-Peer Networking, 2010 edition. New York ; London: Springer, 2009.

[29] C. E. Spurgeon and J. Zimmerman, Ethernet: The Definitive Guide, 2nd edition. Beijing: O’Reilly Media, 2014.

NETWORKING

[30] B. Desmond et al., Active Directory: Designing, Deploying, and Running Active Directory, 5th edition. O’Reilly Media, 2013.

[31] G. Carter, J. Ts, and R. Eckstein, Using Samba: A File and Print Server for Linux, Unix & Mac OS X, 3rd Edition. O’Reilly Media, 2007.

[32] J. Garman, Kerberos: The Definitive Guide. O’Reilly Media, 2003.

[33] G. Carter, LDAP System Administration. O’Reilly Media, 2003.

WIRELESS & MOBILE

[34] J. Wright and J. Cache, Hacking Exposed Wireless: Wireless Security Secrets & Solutions, 3rd edition. McGraw-Hill Education, 2015.

[35] M. S. Gast, 802.11ac: A Survival Guide, 1st edition. Beijing: O’Reilly Media, 2013.

[36] M. S. Gast, 802.11n: A Survival Guide, 1st edition. Sebastopol, CA: O’Reilly Media, 2012.

[37] M. S. Gast, 802.11 Wireless Networks: The Definitive Guide, 2nd edition. Beijing ; Farnham: O’Reilly Media, 2005.

[38] K. Townsend et al., Getting Started with Bluetooth Low Energy: Tools and Techniques for Low-Power Networking, 1st edition. O’Reilly Media, 2014.

[39] H. Chang, Everyday NFC: Near Field Communication Explained, 2nd edition. Coach Seattle Inc., 2014.

[40] E. Perret, Radio Frequency Identification and Sensors: From RFID to Chipless RFID, 1st edition. Wiley-ISTE, 2014.

[41] J.-M. Chaduc and G. Pogorel, The Radio Spectrum, 1st edition. London : Hoboken, NJ: Wiley-ISTE, 2008.

[42] H. Mazar, Radio Spectrum Management: Policies, Regulations and Techniques, 1st edition. Chichester, West Sussex, United Kingdom: Wiley, 2016.

WIRELESS & MOBILE

[43] M. Sauter, From GSM to LTE-Advanced: An Introduction to Mobile Networks and Mobile Broadband, 2nd edition. Wiley, 2014.

[44] D. Forsberg et al., LTE Security, 2nd edition. Wiley, 2012.

[45] P. Misra and P. Enge, Global Positioning System: Signals, Measurements, and Performance. Lincoln, Mass.: Ganga-Jamuna Press, 2010.

WEB APPLICATIONS

[46] J. Pauli, The Basics of Web Hacking: Tools and Techniques to Attack the Web, 1st edition. Amsterdam ; Boston: Syngress, 2013.

[47] W. Alcorn et al., The Browser Hacker’s Handbook, 1st edition. Indianapolis, IN: Wiley, 2014.

[48] M. Zalewski, The Tangled Web: A Guide to Securing Modern Web Applications, 1st edition. San Francisco: No Starch Press, 2011.

[49] D. Stuttard and M. Pinto, The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws, 2nd edition. Indianapolis, IN : Chichester: Wiley, 2011.

[50] M. Schrenk, Webbots, Spiders, and Screen Scrapers: A Guide to Developing Internet Agents with PHP/CURL, 2nd edition. San Francisco: No Starch Press, 2012.

[51] R. Bowen and K. Coar, Apache Cookbook: Solutions and Examples for Apache Administrators, 2nd edition. Sebastopol, CA: O’Reilly Media, 2008.

[52] C. Nedelcu, Nginx HTTP Server, 3rd edition. Packt Publishing, 2015.

WEB APPLICATIONS

[53] K. Schaefer et al., Professional Microsoft IIS 8. Indianapolis, Wrox, 2012.

[54] I. Ristic, ModSecurity Handbook: The Complete Guide to the Popular Open Source Web Application Firewall, London: Feisty Duck Limited, 2010.

[55] I. Ristic, Bulletproof SSL and TLS: Understanding and Deploying SSL/TLS and PKI to Secure Servers and Web Applications. London: Feisty Duck, 2014.

[56] J. Richer and A. Sanso, OAuth 2 in Action. Manning, 2016 [expected].

[57] A. McDonald et al., Linux Email, 2nd edition. Birmingham, UK: Packt Publishing, 2009.

OPERATING SYSTEMS & SOFTWARE

[58] M. E. Russinovich et al., Windows Internals, Part 1, 6th edition. Redmond, Washington: Microsoft Press, 2012.

[59] M. E. Russinovich et al., Windows Internals, Part 2, 6th edition. Redmond, Washington: Microsoft Press, 2012.

[60] D. Gibson, Microsoft Windows Security Essentials, 1st edition. Indianapolis, Ind: Sybex, 2011.

[61] J. Scambray, Hacking Exposed Windows: Microsoft Windows Security Secrets and Solutions, 3rd edition. New York, NY: McGraw-Hill Education, 2007.

[62] W. Halton and B. Weaver, Kali Linux: Windows Penetration Testing. Packt Publishing, 2016 [expected].

[63] B. Ward, How Linux Works: What Every Superuser Should Know, 2nd edition. San Francisco: No Starch Press, 2014.

[64] ISECOM, Hacking Exposed Linux, 3rd Edition. New York: McGraw-Hill Education, 2008.

[65] R. Love, Linux Kernel Development, 3rd edition. Upper Saddle River, NJ: Addison-Wesley Professional, 2010.

[66] C. Miller and D. D. Zovi, The Mac Hacker’s Handbook, 1st edition. Indianapolis, IN: Wiley, 2009.

OPERATING SYSTEMS & SOFTWARE

[67] J. J. Drake et al., Android Hacker’s Handbook, 1st edition. Indianapolis, IN: Wiley, 2014.

[68] A. Gupta, Learning Pentesting for Android Devices. Birmingham, UK: Packt Publishing, 2014.

[69] N. Elenkov, Android Security Internals: An In-Depth Guide to Android’s Security Architecture, 1st edition. San Francisco, CA: No Starch Press, 2014.

[70] C. Miller et al., iOS Hacker’s Handbook, 1st edition. Indianapolis, IN: Wiley, 2012.

[71] S. Yermalkar, Learning iOS Penetration Testing. Packt Publishing, 2016.

[72] D. Chell et al., The Mobile Application Hacker’s Handbook, 1st edition. Indianapolis, IN: Wiley, 2015.

[73] N. Bergman et al., Hacking Exposed Mobile: Security Secrets & Solutions, 1st edition. New York: McGraw-Hill Education, 2013.

[74] M. W. Lucas, Absolute FreeBSD: The Complete Guide to FreeBSD, 2nd edition. No Starch Press, 2007.

[75] M. K. McKusick, The Design and Implementation of the FreeBSD Operating System, 2nd edition. Upper Saddle River, NJ: Addison-Wesley Professional, 2014.

OPERATING SYSTEMS & SOFTWARE

[76] M. W. Lucas, Absolute OpenBSD: Unix for the Practical Paranoid, 2nd edition. San Francisco: No Starch Press, 2013.

[77] A. Silberschatz et al., Operating System Concepts, 9th edition. Hoboken, NJ: Wiley, 2012.

[78] A. S. Tanenbaum and A. S. Woodhull, Operating Systems Design and Implementation, 3rd edition. Upper Saddle River, N.J: Pearson, 2006.

[79] D. Kleidermacher and M. Kleidermacher, Embedded Systems Security: Practical Methods for Safe and Secure Software and Systems Development. Amsterdam: Newnes, 2012.

[80] J. Erickson, Hacking: The Art of Exploitation, 2nd edition. San Francisco, CA: No Starch Press, 2008.

[81] C. Anley et al., The Shellcoder’s Handbook: Discovering and Exploiting Security Holes, 2nd edition. Indianapolis, IN: Wiley, 2007.

[82] M. Howard et al., 24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them. New York: McGraw-Hill Education, 2009.

[83] T. Klein, A Bug Hunter’s Diary: A Guided Tour Through the Wilds of Software Security, No Starch Press, 2011.

FIRMWARE & HARDWARE

[84] V. Zimmer et al., Beyond BIOS: Developing with the Unified Extensible Firmware Interface, 2nd Edition. Hillsboro, Or.: Intel Press, 2011.

[85] P. Crouncher, The BIOS Companion: The book that doesn’t come with your motherboard!. Electrocution Technical Publishers, 2004.

[86] G. Stringham, Hardware/Firmware Interface Design: Best Practices for Improving Embedded Systems Development. Burlington, MA: Newnes, 2009.

[87] M. Tehranipoor and C. Wang, Introduction to Hardware Security and Trust, 2012 edition. New York: Springer, 2011.

[88] S. Mueller, Upgrading and Repairing PCs, 22nd edition. Indianapolis, IN: Que Publishing, 2015.

[89] J. Axelson, USB Complete: The Developer’s Guide, 4th edition. Madison, Wis.: Lakeview Research, 2009.

DIGITAL FORENSICS & INCIDENT RESPONSE

[90] A. Philipp et al., Hacking Exposed Computer Forensics: Computer Forensics Secrets & Solutions, 2nd edition. New York: McGraw-Hill Education, 2009.

[91] S. Davidoff and J. Ham, Network Forensics: Tracking Hackers through Cyberspace, 1st edition. Upper Saddle River, NJ: Prentice Hall, 2012.

[92] S. Datt, Learning Network Forensics. Packt Publishing, 2016 [expected].

[93] S. Bommisetty, R. Tamma, and H. Mahalik, Practical Mobile Forensics. Birmingham, UK: Packt Publishing, 2014.

[94] S. Tahiri, Mastering Mobile Forensics. Packt Publishing, 2016 [expected].

[95] A. Shaaban and K. Sapronov, Linux for Digital Forensics. Packt Publishing, 2016 [expected].

[96] M. H. Ligh et al., The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory. Indianapolis, IN: Wiley, 2014.

[97] H. Carvey, Windows Registry Forensics: Advanced Digital Forensic Analysis of the Windows Registry, 2nd edition. Syngress, 2016.

DIGITAL FORENSICS & INCIDENT RESPONSE

[98] M. T. Raggoand C. Hosmer, Data Hiding: Exposing Concealed Data in Multimedia, Operating Systems, Mobile Devices and Network Protocols, 1st edition. Waltham, MA: Syngress, 2012.

[99] P. Wayner, Disappearing Cryptography: Information Hiding, Steganography & Watermarking, 3rd edition. Amsterdam; Boston: Morgan Kaufmann, 2008.

[100] J. T. Luttgens et al., Incident Response & Computer Forensics, 3rd edition. New York: McGraw-Hill Education, 2014.

[101] D. Murdoch, Blue Team Handbook: Incident Response Edition: A Condensed Field Guide for the Cyber Security Incident Responder, 2nd edition. United States: CreateSpace Independent Publishing Platform, 2014.

CRYPTOGRAPHY

[102] N. Ferguson et al., Cryptography Engineering: Design Principles and Practical Applications, 1st edition. Indianapolis, IN: Wiley, 2010.

[103] C. Paar et al., Understanding Cryptography: A Textbook for Students and Practitioners, 2010 edition. Heidelberg ; New York: Springer, 2010.

[104] B. Schneier, Applied Cryptography: Protocols, Algorithms, and Source Code in C, 2nd edition. New York: Wiley, 1996.

[105] J. Davies, Implementing SSL / TLS Using Cryptography and PKI, 1st edition. Hoboken, N.J: Wiley, 2011.

REVERSE ENGINEERING & MALWARE ANALYSIS

[106] C. Eagle, The IDA Pro Book: The Unofficial Guide to the World’s Most Popular Disassembler, 2nd edition. San Francisco: No Starch Press, 2011.

[107] N. Matloff and P. J. Salzman, The Art of Debugging with GDB, DDD, and Eclipse, 1st edition. San Francisco: No Starch Press, 2008.

[108] J. Duntemann, Assembly Language Step-by-Step: Programming with Linux, 3rd edition. Indianapolis, Ind.: Wiley, 2009.

[109] B. Dang et al., Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation, 1st edition. Indianapolis, Indiana: Wiley, 2014.

[110] D. Yurichev, Reverse Engineering for Beginners [online]. 2016.

[111] C. Elisan, Malware, Rootkits & Botnets A Beginner’s Guide, 1st edition. New York: McGraw-Hill Education, 2012.

[112] M. Sikorski and A. Honig, Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software, 1st edition. San Francisco: No Starch Press, 2012.

REVERSE ENGINEERING & MALWARE ANALYSIS

[113] M. Ligh et al., Malware Analyst’s Cookbook and DVD: Tools and Techniques for Fighting Malicious Code, 1st edition. Indianapolis, IN: Wiley, 2010.

[114] B. Blunden, The Rootkit Arsenal: Escape and Evasion: Escape and Evasion in the Dark Corners of the System, 1st edition. Plano, Tex: Jones & Bartlett Learning, 2009.

[115] A. Matrosov et al., Rootkits and Bootkits: Reversing Modern Malware and Next Generation Threats. No Starch Press, 2016 [expected].

[116] J. Koret and E. Bachaalany, The Antivirus Hacker’s Handbook, 1st edition. Indianapolis, IN: Wiley, 2015.

[117] M. A. Ludwig, The Little Black Book of Computer Viruses: The Basic Technology. Tucson, Ariz: Amer Eagle Pubns Inc, 1991.

BUSINESS, MANAGEMENT, STANDARDS

[118] J. R. Vacca, Computer and Information Security Handbook, 2nd edition. Amsterdam: Morgan Kaufmann, 2013.

[119] M. Rhodes-Ousley, Information Security: The Complete Reference, 2nd edition. New York, USA: McGraw-Hill Education, 2013.

[120] M. Talabis and J. Martin, Information Security Risk Assessment Toolkit: Practical Assessments through Data Collection and Data Analysis. Syngress, 2012.

[121] S. E. Donaldson et al., Enterprise Cybersecurity: How to Build a Successful Cyberdefense Program Against Advanced Threats. Apress, 2015.

[122] E. Wheeler, Security Risk Management: Building an Information Security Risk Management Program from the Ground Up. Syngress, 2011.

[123] J. Muniz, G. McIntyre, and N. AlFardan, Security Operations Center: Building, Operating, and Maintaining your SOC. Indianapolis, IN: Cisco Press, 2015.

[124] D. R. Miller et al., Security Information and Event Management. McGraw-Hill Education, 2010.

BUSINESS, MANAGEMENT, STANDARDS

[125] Q. Li and G. Clark, Security Intelligence: A Practitioner’s Guide to Solving Enterprise Security Challenges. Indianapolis, IN: Wiley, 2015.

[126] C. Wong, Security Metrics, A Beginner’s Guide. New York: McGraw-Hill Education, 2011.

[127] A. Jaquith, Security Metrics: Replacing Fear, Uncertainty, and Doubt. Upper Saddle River, NJ: Addison-Wesley Professional, 2007.

[128] J. Hintzbergen, Foundations of Information Security Based on ISO27001 and ISO27002, 3rd edition. Zaltbommel: Van Haren Publishing, 2015.

[129] S. D. Haes and W. V. Grembergen, Enterprise Governance of Information Technology: Achieving Alignment and Value, Featuring COBIT 5, 2nd edition. New York, NY: Springer, 2015.

[130] B. R. Williams and A. Chuvakin, PCI Compliance: Understand and Implement Effective PCI Data Security Standard Compliance, 4th edition. Waltham, MA: Syngress, 2014.

[131] R. Herold and K. Beaver, The Practical Guide to HIPAA Privacy and Security Compliance, 2nd edition. Boca Raton: Auerbach Publications, 2014.

MACRO & MICRO-LEVEL CYBERSECURITY

[132] W. Gragido et al., Blackhatonomics: An Inside Look at the Economics of Cybercrime, 1st edition. Amsterdam ; Boston: Syngress, 2012.

[133] J. Andress and S. Winterfeld, Cyber Warfare: Techniques, Tactics and Tools for Security Practitioners, 2nd edition. Amsterdam ; Boston: Syngress, 2013.

[134] P. W. Singer and A. Friedman, Cybersecurity and Cyberwar: What Everyone Needs to Know. Oxford University Press, 2014.

[135] E. D. Knapp and J. T. Langill, Industrial Network Security: Securing Critical Infrastructure Networks for Smart Grid, SCADA, and Other Industrial Control Systems, 2nd edition. Waltham, MA: Syngress, 2014.

[136] WikiLeaks and J. Assange, The WikiLeaks Files: The World According to US Empire. London: Verso, 2015.

[137] G. Greenwald, No Place to Hide: Edward Snowden, the NSA, and the U.S. Surveillance State. New York, NY: Metropolitan Books, 2014.

[138] B. Schneier, Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World. W. W. Norton & Company, 2015.

MACRO & MICRO-LEVEL CYBERSECURITY

[139] E. R. McNicholas and V. K. Mohan, Eds., Cybersecurity: A Practical Guide to the Law of Cyber Risk. Practising Law Institute, 2015.

[140] M. N. Schmitt, Ed., Tallinn Manual on the International Law Applicable to Cyber Warfare, Reprint edition. Cambridge University Press, 2013.

[141] M. Bazzell, Personal Digital Security: Protecting Yourself from Online Crime. Charleston, S.C.: CreateSpace Independent Publishing Platform, 2013.

[142] M. Bazzell, Hiding from the Internet: Eliminating Personal Online Information, 3rd edition. CreateSpace Independent Publishing Platform, 2016.

[143] V. Blue, The Smart Girl’s Guide to Privacy: A Privacy Guide for the Rest of Us. Digital Publications Privacy, 2014.

[144] T. Speed et al., Mobile Security: How to Secure, Privatize, and Recover Your Devices. Birmingham: Packt Publishing, 2013.

[145] M. W. Lucas, PGP & GPG: Email for the Practical Paranoid, 1st edition. San Francisco: No Starch Press, 2006.

Note: ‘Technical’ publications on the deep web and its research (including the dark web networks, especially Tor, Freenet, and I2P) should be added here as they become available.

COMMAND LINE

[146] W. E. Shotts Jr., The Linux Command Line: A Complete Introduction, 1st edition. San Francisco: No Starch Press, 2012.

[147] S. Tushar and S. Lakshman, Linux Shell Scripting Cookbook, 2nd edition. Birmingham: Packt Publishing, 2013.

[148] D. J. Barrett, Linux Pocket Guide, 2nd edition. Beijing: O’Reilly Media, 2012.

[149] B. Payette, Windows PowerShell in Action, 2nd edition [3rd edition expected]. Shelter Island, NY: Manning Publications, 2011.

[150] D. Jones and J. Hicks, Learn Windows PowerShell in a Month of Lunches, 2nd edition. Shelter Island, NY: Manning Publications, 2012.

[151] B. Clark, Rtfm: Red Team Field Manual, 1.0 edition. CreateSpace Independent Publishing Platform, 2014.

POPULAR TOOLS

[152] D. Kennedy et al., Metasploit: The Penetration Tester’s Guide, 1st edition. San Francisco: No Starch Press, 2011.

[153] C. P. Paulino, Nmap 6: Network Exploration and Security Auditing Cookbook. Birmingham, UK: Packt Publishing, 2012.

[154] K. C. Yerrid, Instant Netcat Starter. Birmingham: Packt Publishing, 2013.

[155] C. Sanders, Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems, 2nd edition. San Francisco, CA: No Starch Press, 2011.

[156] Y. Orzach, Network Analysis Using Wireshark Cookbook. Birmingham: Packt Publishing, 2013.

[157] R. Shimonski, The Wireshark Field Guide: Analyzing and Troubleshooting Network Traffic, 1st edition. Amsterdam; Boston: Syngress, 2013.

[158] A. Singh, Instant Wireshark Starter, 1st edition. Birmingham: Packt Publishing, 2013.

[159] B. Caswell et al., Snort IDS and IPS Toolkit. Burlington, MA: Syngress, 2007.

POPULAR TOOLS

[160] A. Mahajan, Burp Suite Essentials. Packt Publishing, 2014.

[161] L. Carettoni, Instant Burp Suite Starter. Birmingham, England: Packt Publishing, 2013.

[162] D. W. Dieterle, Basic Security Testing with Kali Linux, 1st edition. CreateSpace Independent Publishing Platform, 2014.

[163] T. Heriyanto et al., Kali Linux: Assuring Security By Penetration Testing. Birmingham, UK: Packt Publishing, 2014.

[164] V. Ramachandran and C. Buchanan, Kali Linux: Wireless Penetration Testing Beginner’s Guide. Packt Publishing, 2015.

[165] J. Muniz and A. Lakhani, Web Penetration Testing with Kali Linux. Birmingham: Packt Publishing, 2013.

[166] R. W. Beggs, Mastering Kali Linux for Advanced Penetration Testing. Birmingham, UK: Packt Publishing, 2014.

[167] J. Muniz and A. Lakhani, Penetration Testing with Raspberry Pi. Packt Publishing, 2015.

[168] J. Diakun, P. R. Johnson, and D. Mock, Splunk Operational Intelligence Cookbook. Birmingham, UK: Packt Publishing, 2014.

PYTHON HACKING

[169] T. J. O'Connor, Violent Python: A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers, 1st edition. Amsterdam; Boston: Syngress, 2012.

[170] J. Seitz, Black Hat Python: Python Programming for Hackers and Pentesters, 1st edition. San Francisco: No Starch Press, 2014.

[171] C. Duffy, Learning Penetration Testing with Python. Packt Publishing, 2015.

[172] M. Singh, Python Penetration Testing Cookbook. Packt Publishing, 2016 [expected].

[173] M. O. F. Sarker and S. Washington, Learning Python Network Programming. Packt Publishing, 2015.

[174] C. Hosmer, Python Forensics: A Workbench for Inventing and Sharing Digital Forensic Technology, 1st edition. Syngress, 2014.

[175] M. Spreitzenbarth and J. Uhrmann, Mastering Python Forensics. Packt Publishing, 2015.

[176] R. Mitchell, Web Scraping with Python: Collecting Data from the Modern Web, 1st edition. O’Reilly Media, 2015.

[177] J. Seitz, Gray Hat Python: Python Programming for Hackers and Reverse Engineers, 1st edition. San Francisco: No Starch Press, 2009.

GENERAL INTROS

[178] J. Andress, The Basics of Information Security: Understanding the Fundamentals of InfoSec in Theory and Practice, 1st edition. Amsterdam ; Boston: Syngress, 2011.

[179] M. Sipser, Introduction to the Theory of Computation, 3rd edition. Boston, MA: Course Technology, 2012.

[180] J. Zelle, Python Programming: An Introduction to Computer Science, 2nd edition. Sherwood, Or: Franklin, Beedle & Associates Inc., 2010.

[181] T. H. Cormen, Algorithms Unlocked. Cambridge, Massachusetts: The MIT Press, 2013.

[182] J. C. Jackson, Web Technologies: A Computer Science Perspective, 1st edition. Upper Saddle River, N.J: Pearson, 2006.

[183] R. White and T. E. Downs, How Computers Work: The Evolution of Technology, 10th edition. Indianapolis, IN: Que Publishing, 2014.

GENERAL INTROS

[184] N. Nisan and S. Schocken, The Elements of Computing Systems: Building a Modern Computer from First Principles. Cambridge, Mass.; London: The MIT Press, 2005.

[185] C. Petzold, Code: The Hidden Language of Computer Hardware and Software, 1st edition. Redmond, Wash.: Microsoft Press, 2000.

[186] E. Lehman et al., Mathematics for Computer Science [online]. 2010.

[187] G. J. Janacek and M. L. Close, Mathematics for Computer Scientists, 2nd edition [online]. 2011.

PROGRAMMING LANGUAGES & DBMSs

[188] M. Lutz, Learning Python, 5th edition. Beijing: O’Reilly Media, 2013.

[189] M. Lutz, Python Pocket Reference, 5th edition. Beijing: O’Reilly Media, 2014.

[190] B. Stroustrup, A Tour of C++, 1st edition. Upper Saddle River, NJ: Addison-Wesley Professional, 2013.

[191] B. Stroustrup, Programming: Principles and Practice Using C++, 1st edition. Upper Saddle River, NJ: Addison-Wesley Professional, 2008.

[192] K. N. King, C Programming: A Modern Approach, 2nd edition. New York: W. W. Norton & Company, 2008.

[193] J. Bloch, Effective Java, 2nd edition. Upper Saddle River, NJ: Addison-Wesley, 2008.

[194] H. Schildt, Java: The Complete Reference, 9th edition. New York: McGraw-Hill Education, 2014.

[195] D. Flanagan, JavaScript: The Definitive Guide: Activate Your Web Pages, 6th edition. Beijing; Sebastopol, CA: O’Reilly Media, 2011.

[196] D. Crockford, JavaScript: The Good Parts, 1st edition. Farnham: O’Reilly Media, 2008.

PROGRAMMING LANGUAGES & DBMSs

[197] K. Tatroe et al., Programming PHP, 3rd edition. Sebastopol, CA: O’Reilly Media, 2013.

[198] D. Flanagan and Y. Matsumoto, The Ruby Programming Language, 1st edition. Beijing; Sebastopol, CA: O’Reilly Media, 2008.

[199] R. L. Schwartz et al., Learning Perl, 6th edition. Beijing; Sebastopol: O’Reilly Media, 2011.

[200] B. Tate, Seven Languages in Seven Weeks: A Pragmatic Guide to Learning Programming Languages. Pragmatic Bookshelf, 2010.

[201] A. Beaulieu, Learning SQL, 2nd edition. Beijing; Sebastopol: O’Reilly Media, 2009.

[202] P. DuBois, MySQL, 5th edition. Upper Saddle, NJ: Addison-Wesley Professional, 2013.

[203] K. Chodorow, MongoDB: The Definitive Guide, 2nd edition. Beijing: O’Reilly Media, 2013.

[204] P. J. Sadalage and M. Fowler, NoSQL Distilled: A Brief Guide to the Emerging World of Polyglot Persistence, 1st edition. Upper Saddle River, NJ: Addison-Wesley Professional, 2012.

[205] M. Walker, CEH Certified Ethical Hacker All-in-One Exam Guide, 2nd edition. McGraw-Hill Education, 2014.

[206] A. Conklin, CompTIA Security+ All-in-One Exam Guide, 4th edition. McGraw-Hill Education, 2014.

[207] R. Messier, GSEC GIAC Security Essentials Certification All-in-One Exam Guide, 1st edition. Emeryville, California: McGraw-Hill Education, 2013.

[208] M. Meyers, CompTIA Network+ All-In-One Exam Guide, 6th edition. New York: McGraw-Hill Education, 2015.

[209] J. M. Stewart et al., CISSP: Certified Information Systems Security Professional Study Guide, 6th edition. Hoboken, N.J.: Sybex, 2012.

[210] D. Gibson, SSCP: Systems Security Certified Practitioner All-in-One Exam Guide, 1st edition. New York: McGraw-Hill Education, 2011.

[211] ISACA, CISA Review Manual, 26th Edition. ISACA, 2015.

[212] ISACA, CISM Review Manual, 14th Edition. ISACA, 2015.

PROFESSIONAL CERTIFICATION /ENGAGEMENT QUESTIONS

[213] W. Manning, CISM: Certified Information Security Manager Certification Exam Preparation Course in a Book for Passing the CISM Exam, 2nd edition. EMEREO PTY LTD, 2011.

[214] C. Easttom, CCFP: Certified Cyber Forensics Professional All-in-One Exam Guide, 1st edition. New York: McGraw-Hill Education, 2014.

[215] C. L. Brooks, CHFI: Computer Hacking Forensic Investigator Certification All-in-One Exam Guide, 1st edition. McGraw-Hill Education, 2014.

[216] B. E. Rogers, CompTIA Mobility+ Certification All-in-One Exam Guide, 1st edition. New York: McGraw-Hill Education, 2014.

[217] M. Meyers, CompTIA A+ Certification All-in-One Exam Guide, 8th edition. New York: McGraw-Hill Education, 2012.

[218] G. L. McDowell, Cracking the Coding Interview: 150 Programming Questions and Solutions, 5th edition. CareerCup, 2011.

PROFESSIONAL CERTIFICATION /ENGAGEMENT QUESTIONS

...and last but not least: Offensive Security Certifications

[219] J. R. Winkler, Securing the Cloud: Cloud Computer Security Techniques and Tactics, 1st edition. Waltham, MA: Syngress, 2011.

[220] N. Dhanjani, Abusing the Internet of Things: Blackouts, Freakouts, and Stakeouts, 1st edition. O’Reilly Media, 2015.

[221] B. Russell and D. Van Duren, Practical Internet of Things Security. Packt Publishing, 2016 [expected].

[222] S. Gomzin, Hacking Point of Sale: Payment Application Secrets, Threats, and Solutions, 1st edition. Indianapolis, IN: Wiley, 2014.

[223] D. A. Montague, Essentials of Online payment Security and Fraud Prevention, 1st edition. New York: Wiley, 2010.

[224] C. Barski and C. Wilmer, Bitcoin for the Befuddled, 1st edition. San Francisco, CA: No Starch Press, 2014.

[225] A. M. Antonopoulos, Mastering Bitcoin: Unlocking Digital Cryptocurrencies, 1st edition. Sebastopol CA: O’Reilly Media, 2014.

[226] C. Rock, The Baby Harvest: How Virtual Babies Became the Future of Terrorist Financing and Money Laundering. 2015.

GETTING OUT OF YOUR COMFORT ZONE

[227] C. Smith, Car Hacker's Handbook. No Starch Press, 2016 [expected].

[228] N. S. Yanofsky and M. A. Mannucci, Quantum Computing for Computer Scientists, 1st edition. Cambridge: Cambridge University Press, 2008.

[229] M. A. Nielsen and I. L. Chuang, Quantum Computation and Quantum Information: 10th edition. Cambridge; New York: Cambridge University Press, 2011.

[230] J. Jacobs and B. Rudis, Data-Driven Security: Analysis, Visualization and Dashboards, 1st edition. Indianapolis, IN: Wiley, 2014.

[231] J. Sremack, Big Data Forensics: Learning Hadoop Investigations. Packt Publishing, 2015.

[232] N. Kuldell, BioBuilder, 1st edition. O’Reilly Media, 2015.

[233] P. Cerrato, Protecting Patient Information: A Decision-Maker’s Guide to Risk, Prevention, and Damage Control. Syngress, 2016.

(...)

GETTING OUT OF YOUR COMFORT ZONE

youtube.com/user/DEFCONConferenceDEF CON

youtube.com/user/BlackHatOfficialYTBlack Hat

youtube.com/user/irongeek/videosShmooConDerbyconBSides

youtube.com/user/hitbsecconfHack In the Box

CONFERENCES

youtube.com/results?search_query=owasp+appsecOWASP AppSec

youtube.com/user/RSAConferenceRSA Conference

youtube.com/user/InfosecurityeuropeInfosecurity Europe

youtube.com/results?q=pyconPyCon

(...)

github.com/enaqx/awesome-pentestexploit-db.comcsrc.nist.govvulnhub.comowasp.orgforensicswiki.orgstackexchange.comreddit.comgithub.comthehackernews.comdarkreading.comarstechnica.com/security

INSPIRATION & NEWS

theregister.co.ukinfosecurity-magazine.comcsoonline.comtheintercept.comsafeandsavvy.f-secure.comsymantec.com/connect/symantec-blogsblogs.mcafee.comsecurelist.comnakedsecurity.sophos.comkrebsonsecurity.comschneier.com(...)

youtube.comcoursera.orgocw.mit.eduedx.orgudacity.comonline.stanford.eduextension.harvard.eduwebcast.berkeley.edunptel.ac.inblog.agupieware.com/2014/05/online-learning-bachelors-level.htmlclass-central.comtutorialspoint.comiversity.orgcanvas.netfuturelearn.comsaylor.orgnovoed.com/coursesedventis.comudemy.comlynda.comcodecademy.comkhanacademy.orghowstuffworks.comwikipedia.org

(...)oreilly.compacktpub.commanning.comeu.wiley.comnostarch.compragprog.comspringer.comapress.commhprofessional.comelsevier.comstore.elsevier.com/Syngress/IMP_76/store.elsevier.com/Morgan-Kaufmann/IMP_16/pearsoned.co.uk/imprints/addison-wesley/(...)

Self-directed learners, those who prefer distance /blended learning, those who want to know more, or those who don‘t want to rely on one source of information only might want to expand /complement /substitute different parts of the course on:

…and many other [yourfavoritesearchengine] it& learn it resources

PS: Don't forget to share on the course forum the awesome resources you’ve found! (ideally resources that are freely available online to compensate for our conventional ‘backing-up-the-course-syllabus-using-lots- of-books’ approach =))

ETHICAL HACKINGCOURSE PROPOSAL*

2016-06-03 (YYYY-MM-DD)version 0.2

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

JAKUB RUZICKAlinkedin.com/in/littlerosejameslittlerose@gmail.com

* I’m currently working on the course offeringin 2016/2017 and looking for collaborators(do not hesitate to drop me a line!)