Tuesday, February 9, 2010


There are many specialties in computer security. In my experience there are few formal training programs that support the scientific/R&D/non-IA focused areas such as Reverse Engineering, intrusion detection, exploit development, algorithm development, etc. What programs exist are short, seminar-style focused classes (Most of the conferences such as Blackhat, Cansecwest, etc. offer these), buried inside of larger, less relevant academic programs or an IA-focused program such as those at SANS.

I've been asked not infrequently how to get the proper skills or where to send individuals to gain the requisite skills. While no program can replace intrinsic attributes such as curiosity, critical thinking, motivation, and others indispensable to a successful career, they certainly can help develop them and provide some domain knowledge. I've created this post to include some of the more interesting programs/courses/challenges/etc. related to advanced specialties and skills training that I've come across. The list with be US-centric but not exclusively. I will update this post as I come across new information, would appreciate suggestions from any readers out there.

First written February 9th, 2010:

Topics of Interest (not exhaustive):
Host Attack/Defense:
    - Linux/Windows/etc. kernel hacking
    - Rootkit implementation and detection
    - Architecture, containment & resource management
    - Forensics and Assessment of damage

Network systems
    - Network Tracing for attribution
    - Attack detection
Code analysis:
    - 0-day Vulnerability Discovery
    - Reverse Engineering of Binaries
    - Vulnerabilities and Exploits

  • Cyber Security Awareness Week CTF challenge at NYU-Poly (Defcon-like Capture the Flag). Focused this year on Web Application security, Reversing and Exploitation
  • Penetration Testing and Vulnerability Analysis CS6573 course currently taught at the Polytechnic Institute of New York University
  • Blackhat Conference training and briefings.
  • REcon Reverse Engineering Conference. Very technical conference focused on advanced RE techniques. 
  • Other technical/hacker conferences: (Cansecwest, Shmoocon, Toorcon, etc.) Quality varies by individual conference but a lot of similarities
  • Big IT security-focused Training companies like SANS and INFOSEC Institute. Much of the material is not of interest (to me or other similar types) but there are some smart people teaching good classes, you just have to know where to look.
  • Consultant-led training from places like Immunity, Zynamics, Recurity, etc. Excellent courses from experts, but pretty expensive. Deep dive into a niche (Cisco RE, heap overflow exploitation) similar to the conference training but longer and more expensive. Can also be tailored to their audience or provided at a remote site.
  • Academic Centers across the country usually have courses (or even programs) that are pretty solid. A quick list to start with would be the NSA "Centers of Excellence" in IA program.  Focus on the ones with a CAE-R next to them. At 40 sites there is still a TON of chaff on there, but there are some good programs/people out there. CMU, FIT, and Purdue are some of the stronger programs out there, but honestly any rigorous program that emphasizes assembly, algorithms, advanced architectures, etc. would help providing fundamental skills. I tried going through experts I know to see if there were any schools that were represented with increased frequency, the only thread seemed to be technical programs (California/Indiana/Massachusetts/Worcester/etc. Institute of Technology) mixed in disproportionately among the other schools.
On the job training is always the best place to learn and in this arena that is particularly true. Reading about exploits doesn't a lot until you've written C/assembly code and messed around with registers. I'm confident that there are numerous other programs out there I haven't listed, would love feedback below or offline on email/twitter/etc. regarding excellent programs that other people have discovered. The next step would be to create a table breaking out and grading the content from each program... don't have that much time however.