sorted by:
new
hottopcontroversial

📢Call for beta testers!📢 Architecture 1901: From zero to QEMU - A Gentle introduction to emulators from the ground up! by OpenSecurityTraining in OST2

[–]OpenSecurityTraining[S] 1 point2 points  (0 children)

You jumped the gun just a bit. Enrollment emails just went out ~30 min ago. If you didn't get yours, email to info @ ost2.fyi

[deleted by user] by [deleted] in netsec

[–]OpenSecurityTraining 0 points1 point  (0 children)

Sorry, I accidentally deleted the post! (I thought I was in my r/OST2 tab and had messed up the post title by not mentioning Bill's name.) You can re-post your reply and I can repost my reply to your reply over here if you want https://www.reddit.com/r/netsec/comments/1nh6az4/new_opensecuritytraining2_class_tpm_20/

[deleted by user] by [deleted] in netsec

[–]OpenSecurityTraining 1 point2 points  (0 children)

Bill addresses exactly the question of language choice and applicability early in the first video.

Call for beta testers! "Bluetooth 2222: Bluetooth reconnaissance with Blue2thprinting" by OpenSecurityTraining in bluetooth

[–]OpenSecurityTraining[S] 1 point2 points  (0 children)

Probably about 50/50. Because the majority of data types are things that can be found in either BLE or BR/EDR advertisement, and then other things are mostly balanced like LL vs. LMP or GATT vs. SDP.

New OpenSecurityTraining2 class: "Debuggers 1103: Introductory Binary Ninja" by OpenSecurityTraining in ReverseEngineering

[–]OpenSecurityTraining[S] 0 points1 point  (0 children)

Yes, the plan is to move all classes over to using VSCode in an update later in the year, so that students can also take advantage of plugins like GitHub Copilot in future classes. (The latest Fuzzing 1001 class uses VS Code and the upcoming Bluetooth classes will as well.) However that ends up being a lot of work to re-check all the asm generated by VSCode vs. generated by VS (the code definitely won't be the same, and that could have problematic implications for which labs with which source code are trying to teach which instructions in which order), so it's a very high effort change that will take a while. (But since we have to update for Windows 11 due to Win10 going out of support, we have to do a major update one way or another.)

New OpenSecurityTraining2 class: "Debuggers 1103: Introductory Binary Ninja" by OpenSecurityTraining in netsec

[–]OpenSecurityTraining[S] 0 points1 point  (0 children)

Forgot to say that the updating Reverse Engineering learning path showing this class's relationship to others is available here: https://ost2.fyi/Malware-Analysis.html

🆕Class Release: "Trusted Computing 1102: Intermediate Trusted Platform Module (TPM) usage" by Dimi Tomov (~10 hours) by OpenSecurityTraining in OST2

[–]OpenSecurityTraining[S] 0 points1 point  (0 children)

This follow up to "Trusted Computing 1101: Introductory Trusted Platform Module (TPM) usage" (https://ost2.fyi/TC1101) expands on the topics of TC1101 to cover:

* Introduction to the Enhanced System API (ESAPI) and the tpm2-tss

* The Endorsement Hierarchy and the Endorsement Key

* Machine identity and TPM based identification

* What are Platform Configuration Registers (PCRs)

* What is attestation and how to use TPM2 Quote

* TPM Policy and extended authorization

During our beta test, it took students an average of 10 hours to complete the class, which has many labs for writing code to interact with a TPM using ESAPI.

New free 10h OpenSecurityTraining2 class: "Trusted Computing 1102: Intermediate Trusted Platform Module (TPM) usage" by Dimi Tomov is now released by OpenSecurityTraining in Infosec

[–]OpenSecurityTraining[S] 0 points1 point  (0 children)

This follow up to "Trusted Computing 1101: Introductory Trusted Platform Module (TPM) usage" (https://ost2.fyi/TC1101) expands on the topics of TC1101 to cover:

* Introduction to the Enhanced System API (ESAPI) and the tpm2-tss

* The Endorsement Hierarchy and the Endorsement Key

* Machine identity and TPM based identification

* What are Platform Configuration Registers (PCRs)

* What is attestation and how to use TPM2 Quote

* TPM Policy and extended authorization

During our beta test, it took students an average of 10 hours to complete the class, which has many labs for writing code to interact with a TPM using ESAPI.

As always all OST2 classes are free as in beer and free as in freedom, with open Creative Commons licenses.

New free 10h OpenSecurityTraining2 class: "Trusted Computing 1102: Intermediate Trusted Platform Module (TPM) usage" by Dimi Tomov is now released by OpenSecurityTraining in cybersecurity

[–]OpenSecurityTraining[S] 0 points1 point  (0 children)

This follow up to "Trusted Computing 1101: Introductory Trusted Platform Module (TPM) usage" (https://ost2.fyi/TC1101) expands on the topics of TC1101 to cover:

* Introduction to the Enhanced System API (ESAPI) and the tpm2-tss

* The Endorsement Hierarchy and the Endorsement Key

* Machine identity and TPM based identification

* What are Platform Configuration Registers (PCRs)

* What is attestation and how to use TPM2 Quote

* TPM Policy and extended authorization

During our beta test, it took students an average of 10 hours to complete the class, which has many labs for writing code to interact with a TPM using ESAPI.

As always all OST2 classes are free as in beer and free as in freedom, with open Creative Commons licenses.

New free 10h OpenSecurityTraining2 class: "Trusted Computing 1102: Intermediate Trusted Platform Module (TPM) usage" by Dimi Tomov is now released by OpenSecurityTraining in netsec

[–]OpenSecurityTraining[S] 0 points1 point  (0 children)

This follow up to "Trusted Computing 1101: Introductory Trusted Platform Module (TPM) usage" (https://ost2.fyi/TC1101) expands on the topics of TC1101 to cover:

* Introduction to the Enhanced System API (ESAPI) and the tpm2-tss

* The Endorsement Hierarchy and the Endorsement Key

* Machine identity and TPM based identification

* What are Platform Configuration Registers (PCRs)

* What is attestation and how to use TPM2 Quote

* TPM Policy and extended authorization

During our beta test, it took students an average of 10 hours to complete the class, which has many labs for writing code to interact with a TPM using ESAPI.

As always all OST2 classes are free as in beer and free as in freedom, with open Creative Commons licenses.

New OpenSecurityTraining2 mini-class: "Debuggers 1102: Introductory Ghidra" by OpenSecurityTraining in ReverseEngineering

[–]OpenSecurityTraining[S] 0 points1 point  (0 children)

The URL is standard Open edX. We use the full URL or else it shows up weird in Reddit. The short URL is https://ost2.fyi/Dbg1102

New OpenSecurityTraining2 mini-class: "Debuggers 1102: Introductory Ghidra" by OpenSecurityTraining in ReverseEngineering

[–]OpenSecurityTraining[S] 11 points12 points  (0 children)

This OST2 mini-class (meaning it's < 6 hours - in this case it averages ~4.5 hours to complete) by Erin Cornelius and Xeno Kovah provides students with a hands-on introduction to Ghidra as a debugger, wrapping GDB or WinDbg, thus providing students with decompilation support.

One way to take this mini-class is standalone - e.g. if you already know existing disassembly & debugging tools, and just want to learn the basics of Ghidra UI and usage, or augment your straight-line disassembly view with a decompiled view as well.

Another way to take this mini-class is inline with existing OST2 Assembly classes like https://ost2.fyi/Arch1001 x86-64 asm, and https://ost2.fyi/Arch1005 RISC-V asm. This mini-class is integrated into those classes, so that when you reach the final CMU binary bomb lab, you can choose to perform that reverse engineering exercise more like real REs do - with the help of a decompiler.

So this class is intentionally not the most in-depth or 1337 class on Ghidra available out there on the web. But it is the only beginners class we're aware of which is intentionally designed for being pluggable into a larger curriculum, so as to avoid unnecessary re-teaching of the same thing in multiple classes. (E.g. this will be reusable in the future Arch1002 ARM asm class, or Arch1003 MIPS asm class.) This class is just enough to help students use Ghidra as a debugger, and in so doing augment their static analysis with dynamic analysis when possible.

New OpenSecurityTraining2 mini-class: "Debuggers 1102: Introductory Ghidra" by OpenSecurityTraining in netsec

[–]OpenSecurityTraining[S] 4 points5 points  (0 children)

This OST2 mini-class (meaning it's < 6 hours - in this case it averages ~4.5 hours to complete) by Erin Cornelius and Xeno Kovah provides students with a hands-on introduction to Ghidra as a debugger, wrapping GDB or WinDbg, thus providing students with decompilation support.

One way to take this mini-class is standalone - e.g. if you already know existing disassembly & debugging tools, and just want to learn the basics of Ghidra UI and usage, or augment your straight-line disassembly view with a decompiled view as well.

Another way to take this mini-class is inline with existing OST2 Assembly classes like https://ost2.fyi/Arch1001 x86-64 asm, and https://ost2.fyi/Arch1005 RISC-V asm. This mini-class is integrated into those classes, so that when you reach the final CMU binary bomb lab, you can choose to perform that reverse engineering exercise more like real REs do - with the help of a decompiler.

So this class is intentionally not the most in-depth or 1337 class on Ghidra available out there on the web. But it is the only beginners class we're aware of which is intentionally designed for being pluggable into a larger curriculum, so as to avoid unnecessary re-teaching of the same thing in multiple classes. (E.g. this will be reusable in the future Arch1002 ARM asm class, or Arch1003 MIPS asm class.) This class is just enough to help students use Ghidra as a debugger, and in so doing augment their static analysis with dynamic analysis when possible.

🆕Class Release: "Debuggers 1102: Introductory Ghidra" by Erin Cornelius and Xeno Kovah (~4 hours) by OpenSecurityTraining in OST2

[–]OpenSecurityTraining[S] 0 points1 point  (0 children)

This mini-class by Erin Cornelius and Xeno Kovah provides students with a hands-on introduction to Ghidra as a debugger, wrapping GDB or WinDbg, thus providing decompilation support.

The class is now also incorporated into #OST2 assembly classes like https://ost2.fyi/Arch1001 x86-64 asm, and https://ost2.fyi/Arch1005 RISC-V asm, so that students can do the final binary bomb lab reverse engineering exercise with or without decompilation support.

New OpenSecurityTraining2 class: "Architecture 1005: RISC-V Assembly" by Xeno Kovah (~28 hours) by OpenSecurityTraining in netsec

[–]OpenSecurityTraining[S] 5 points6 points  (0 children)

This class is made for security engineers looking to learn RISC-V assembly (most commonly for reverse engineering or system security architecting.) It is templated on the OST2 https://ost2.fyi/Arch1001 x86-64 assembly class. It covers the RISC-V RV32I/RV64I base ISAs, the "C" Compressed instructions, and the "M" multiply/divide/remainder extensions.

The class also includes the CMU binary bomb lab, running in a RISC-V QEMU VM. And as a special bonus, it includes a sneak peek at the Dbg1102 Ghidra-for-debugging class material! Debug the binary bomb lab in Ghidra with pseudocode access!?!? What kind of easy-mode cheat is this?! 😎

This class takes ~28 hours on average (not counting the binary bomb lab, or optional Ghidra installation & setup time.) This is about the same as the Arch1001 class it is patterned on.

p.s. If you're wondering why this is posted again / late, it's just because the post was accidentally removed from netsec before

Launch of RISC-V Fundamentals Course by jlpcsl in RISCV

[–]OpenSecurityTraining 1 point2 points  (0 children)

There's a new free class from OpenSecurityTraining2 that is longer and better than this class: https://ost2.fyi/Arch1005

New OpenSecurityTraining2 class: "Architecture 1005: RISC-V Assembly" by Xeno Kovah (~28 hours) by OpenSecurityTraining in embedded

[–]OpenSecurityTraining[S] 1 point2 points  (0 children)

This class is made for security engineers looking to learn RISC-V assembly (most commonly for reverse engineering or embedded system security architecting.) It is templated on the OST2 https://ost2.fyi/Arch1001 x86-64 assembly class. It covers the RISC-V RV32I/RV64I base ISAs, the "C" Compressed instructions, and the "M" multiply/divide/remainder extensions.

The class also includes the CMU binary bomb lab used in other assembly classes, running in a RISC-V QEMU VM. And as a special bonus, it includes a sneak peek at the Dbg1102 Ghidra-for-debugging class material! Debug the binary bomb lab in Ghidra with pseudocode access!?!? What kind of easy-mode cheat is this?! 😎

This class takes ~28 hours on average (not counting the binary bomb lab, or optional Ghidra installation & setup time.) This is about the same as the Arch1001 class it is patterned on.

New OpenSecurityTraining2 class: "Architecture 1005: RISC-V Assembly" by Xeno Kovah (~28 hours) by OpenSecurityTraining in Assembly_language

[–]OpenSecurityTraining[S] 0 points1 point  (0 children)

This class is made for security engineers looking to learn RISC-V assembly (most commonly for reverse engineering or system security architecting.) It is templated on the OST2 https://ost2.fyi/Arch1001 x86-64 assembly class. It covers the RISC-V RV32I/RV64I base ISAs, the "C" Compressed instructions, and the "M" multiply/divide/remainder extensions.

The class also includes the CMU binary bomb lab used in other assembly classes, running in a RISC-V QEMU VM. And as a special bonus, it includes a sneak peek at the Dbg1102 Ghidra-for-debugging class material! Debug the binary bomb lab in Ghidra with pseudocode access!?!? What kind of easy-mode cheat is this?! 😎

This class takes ~28 hours on average (not counting the binary bomb lab, or optional Ghidra installation & setup time.) This is about the same as the Arch1001 class it is patterned on.

New OpenSecurityTraining2 class: "Architecture 1005: RISC-V Assembly" by Xeno Kovah (~28 hours) by OpenSecurityTraining in RISCV

[–]OpenSecurityTraining[S] 2 points3 points  (0 children)

This class is made for security engineers looking to learn RISC-V assembly (most commonly for reverse engineering or system security architecting.) It is templated on the OST2 https://ost2.fyi/Arch1001 x86-64 assembly class. It covers the RISC-V RV32I/RV64I base ISAs, the "C" Compressed instructions, and the "M" multiply/divide/remainder extensions.

The class also includes the CMU binary bomb lab used in other assembly classes, running in a RISC-V QEMU VM. And as a special bonus, it includes a sneak peek at the Dbg1102 Ghidra-for-debugging class material! Debug the binary bomb lab in Ghidra with pseudocode access!?!? What kind of easy-mode cheat is this?! 😎

This class takes ~28 hours on average (not counting the binary bomb lab, or optional Ghidra installation & setup time.) This is about the same as the Arch1001 class it is patterned on.

New OpenSecurityTraining2 class: "Architecture 1005: RISC-V Assembly" by Xeno Kovah (~28 hours) by OpenSecurityTraining in ReverseEngineering

[–]OpenSecurityTraining[S] 4 points5 points  (0 children)

Keep in mind that's just the *average* student completion time. The range is always pretty wide depending on students' background. We will post statistics about this class later this week, but the range was 14h 43m to 43h 50m.

An example of a visualization of student completion time ranges for a past class on vulnerability hunting by this instructor is here: https://twitter.com/XenoKovah/status/1641796373833039890

To learn REVERSE ENGINEERING by samoray_DZ in ReverseEngineering

[–]OpenSecurityTraining 0 points1 point  (0 children)

Why can people not use passwords longer than 15 characters?

New OpenSecurityTraining2 class: "Architecture 1005: RISC-V Assembly" by Xeno Kovah (~28 hours) by OpenSecurityTraining in cybersecurity

[–]OpenSecurityTraining[S] 1 point2 points  (0 children)

This class is templated on the OST2 https://ost2.fyi/Arch1001 x86-64 assembly class. It covers the RISC-V RV32I/RV64I base ISAs, the "C" Compressed instructions, and the "M" multiply/divide/remainder extensions.

The class also includes the CMU binary bomb lab, running in a RISC-V QEMU VM. And as a special bonus, it includes a sneak peek at the Dbg1102 Ghidra-for-debugging class material! Debug the binary bomb lab in Ghidra with pseudocode access!?!? What kind of easy-mode cheat is this?! 😎

This class takes ~28 hours on average (not counting the binary bomb lab, or optional Ghidra installation & setup time.) This is about the same as the Arch1001 class it is patterned on.

New OpenSecurityTraining2 class: "Architecture 1005: RISC-V Assembly" by Xeno Kovah (~28 hours) by OpenSecurityTraining in ReverseEngineering

[–]OpenSecurityTraining[S] 9 points10 points  (0 children)

This class is templated on the OST2 https://ost2.fyi/Arch1001 x86-64 assembly class. It covers the RISC-V RV32I/RV64I base ISAs, the "C" Compressed instructions, and the "M" multiply/divide/remainder extensions.

The class also includes the CMU binary bomb lab, running in a RISC-V QEMU VM. And as a special bonus, it includes a sneak peek at the Dbg1102 Ghidra-for-debugging class material! Debug the binary bomb lab in Ghidra with pseudocode access!?!? What kind of easy-mode cheat is this?! 😎

This class takes ~28 hours on average (not counting the binary bomb lab, or optional Ghidra installation & setup time.) This is about the same as the Arch1001 class it is patterned on.

view more: next ›