Home -> Resources -> How-To

How-to Reference & Training Information

Learning new tips and tricks as a security specialist not only allows us to provide more through penetration tests, vulnerability assessments and security audits, but it also allows us to find new and unique methods to help secure the control systems used to control critical infrastructure.

This page is devoted to a collection of various video clips, websites and white papers covering a variety of technologies used in information security.

Demonstration Videos

Understanding Control System Vulnerabilities:
Exploitation 101: Turning a SCADA Vulnerability into a Successful Attack (Looking at IGSS)

Securing and Protecting Industrial Control Systems:
Protecting Your ICS from Zero-Day Attacks

Penetration Testing, Exploiting and Vulnerability Assessments:
Fast and Easy Hacking with Armitage for Metasploit
Hacking using Nmap, Nessus and Metasploit
Hacking a Remote Web Server with Metasploit and Backtrack
Understanding and Using SQL Injection Attack
Man-in-the-Middle Attack (MitM) using Secure Socket Layer (SSL) Stripping
Real World Pen Testing - Client Side and Pivot Attacks on Fully-Patched Systems
From Fuzzer to Metasploit (A Look at Exploit Development)
Password Sniffing

Webcasts

Risk Identification, Classification and Threat Modeling:
Assessing the Security of ICS Systems Using Threat Modeling

Cheat Sheets

These cheat sheets have been compiled from a variety of sources.  Specific credit for each sheet is shown on the applicable document.  I would like to thank those that have put together these valuable documents! If you have any additions, please pass them along via email.

Hacking - CEH Cheat Sheet Exercises.pdf
Hacking - Meterpreter Cheat Sheet.pdf
Hacking - netcat.pdf
Hacking - Nessus NMAP Commands.pdf
Hacking - NMap Mindmap Reference.pdf
Hacking - NMap Quick Reference Guide.pdf
Hacking - Reconnaissance Reference Sheet.pdf
Hacking - Tripwire Common Security Exploit-Vuln Matrix.pdf
HTML - Markdown.pdf
Linux - Bourne Shell Quick Reference.pdf
Linux - Quick Reference Card.pdf
Linux - Shell Cheat Sheet.pdf
Linux - Shell Scrip Cheat Sheet.pdf
Linux - tcpdump.pdf
Linux - Ubuntu Quick Reference.pdf
Linux - VI Reference.pdf
MAC - OSX Key Combo Reference Guide.pdf
Networking - Border Gateway Protocol.pdf
Networking - Cisco IOS IPv4 Access Lists.pdf
Networking - Cisco IOS Versions.pdf
Networking - Common TCP-UDP Ports.pdf
Networking - EIGRP (Enhanced Interior Gateway Routing Protocol).pdf
Networking - First Hop (Router) Redundancy.pdf
Networking - Frame Mode MPLS.pdf
Networking - IEEE 802.11 WirelessLAN.pdf
Networking - IEEE 802.1X Authentication.pdf
Networking - IPsec.pdf
Networking - IPv4 Multicast.pdf
Networking - IPv4_Subnetting.pdf
Networking - IPv6.pdf
Networking - IS-IS.pdf
Networking - NAT.pdf
Networking - OSPF.pdf
Networking - Physical Terminations.pdf
Networking - PPP.pdf
Networking - QoS.pdf
Networking - Spanning Tree.pdf
Networking - TCPIP.pdf
Networking - VLANs.pdf
Networking - Wireshark Display Filters.pdf
Penetration Testing - Penetration Testing Framework (vulnerabilityassessment.co.uk)
SQL - MySQL Commands.pdf
VMware - Reference Card.pdf

Training Material via External Websites

Metasploit Unleashed
Stack-based Buffer Overflow Tutorial - Part 1: Introduction
Stack-based Buffer Overflow Tutorial - Part 2: Exploiting the Stack Overflow
Stack-based Buffer Overflow Tutorial - Part 3: Adding Shellcode
Writing Buffer Overflow Exploits - A Tutorial for Beginners

Scanning Networks with Metasploit Community
Basic Exploitation with Metasploit Community
Basic Exploitation versus Smart Exploitation
Importing Nexpose Scan Data into Metasploit
Using Metasploit Community with Nexpose

Linux/UNIX Reference Material and Websites

Linux/UNIX Tutorial for Beginners
Linux/UNIX Toolbox
Linux Command and Learning Shell
Learn UNIX in 10 Minutes
How to Look Like a UNIUX Guru
Linux Comamnd Line Reference
Directory of Linux Commands (O'Reilly)
Linux/UNIX Cheat-Sheets - The Ultimate Reference

Useful Video Feeds

The Internet contains a vast amount of useful information, including demonstration and how-to videos that can be used by those learning how to assess, implement, test, and monitor cyber security controls design to protect control systems. The purpose of this section is to include useful Twitter feeds and YouTube channels. If this section grows (as expected), this will most likely move to a dedicated page in the future.

Gleg SCADA+ Vimeo Channel
DigitalBond S4 2012 Vimeo Channel
7Safe on YouTube
Tenable Network Security on YouTube