Treinamentos em Segurança da Informação

Olá pessoal tudo bem?

Sei que treinamentos de segurança em um formato diferenciado e que realmente tragam conteúdo de alto nível tanto para iniciantes quanto profissionais da área são algo difícil de encontrar.

Pensando nisto estou com planos para um projeto em 2014 voltado exclusivamente para treinamentos técnicos de alto nível que possam abranger tanto os que pretendem ingressar na área de segurança quanto profissionais de nível Sênior que desejam consolidar seus conhecimentos em áreas que talvez não sejam sua principal.

Disto isto gostaria de ouvir a opinião dos senhores, irei iniciar as rodadas de cursos com 3 principais categorias e que gostaria de saber entre estas quais vocês gostariam de participar caso houvesse esta turma:

– Malware Analysis: Analisando a fundo funcionalidades de malwares

– Penetration Testing:  Curso voltando a demonstrar técnicas e conceitos envolvidos em testes de penetração em ambientes corporativos tendo cenários realísticos e utilizando ferramental que irá ajudar você a criar seu próprio framework de trabalho.

– Web Application Hacking: Curso voltado a mostrar as principais falhas de segurança existentes em aplicações web, como por exemplo SQL Injection, XSS, entre outros. Curso totalmente hands-on onde o aluno irá aprender como funcionam as vulnerabilidades explorando-as e entendendo como auditar e corrigir.

Caso tenham alguma outra ideia de curso, também gostaria de saber. Enviem uma mensagem para  y2h4ck[at] gmail [dot] com com o subject [CURSO] e diga oque acha interessante.  Sua colaboração será muito bem vinda e será recompensada :D

Grande abraço! Enviem sua mensagem!


Book of Month: November

Book Description

“This is a must-have work for anybody in information security, digital forensics, or involved with incident handling. As we move away from traditional disk-based analysis into the interconnectivity of the cloud, Sherri and Jonathan have created a framework and roadmap that will act as a seminal work in this developing field.”
– Dr. Craig S. Wright (GSE), Asia Pacific Director at Global Institute for Cyber Security + Research.

“It’s like a symphony meeting an encyclopedia meeting a spy novel.”
–Michael Ford, Corero Network Security

On the Internet, every action leaves a mark–in routers, firewalls, web proxies, and within network traffic itself. When a hacker breaks into a bank, or an insider smuggles secrets to a competitor, evidence of the crime is always left behind.

Learn to recognize hackers’ tracks and uncover network-based evidence in Network Forensics: Tracking Hackers through Cyberspace.Carve suspicious email attachments from packet captures. Use flow records to track an intruder as he pivots through the network. Analyze a real-world wireless encryption-cracking attack (and then crack the key yourself). Reconstruct a suspect’s web surfing history–and cached web pages, too–from a web proxy. Uncover DNS-tunneled traffic. Dissect the Operation Aurora exploit, caught on the wire.

Throughout the text, step-by-step case studies guide you through the analysis of network-based evidence. You can download the evidence files from the authors’ web site (

Book of Month: May

Web Hacking from the Inside Out
Author: Michael Flenov
Publisher: A-List Publishing
Year: 2007
Pages: 300
Amazon’s book description: Covering new technologies used to search for vulnerabilities on websites from a hacker’s point of view, this book on Web security and optimization provides illustrated, practical examples such as attacks on click counters, flooding, forged parameters passed to the server, password attacks, and DoS and DDoS attacks. Including an investigation of the most secure and reliable solutions to Web security and optimization, this book considers the many utilities used by hackers, explains how to write secure applications, and offers numerous interesting algorithms for developers. The CD included contains programs intended for testing sites for vulnerabilities as well as useful utilities for Web security.

Book of Month: April

Disassembling Code: IDA Pro and SoftICE
Author: Vlad Pirogov
Publisher: A-List Publishing
Year: 2005
Pages: 600
Amazon’s book description: This book describes how software code analysis tools such as IDA Pro are used to disassemble programs written in high-level languages and recognize different elements of disassembled code in order to debug applications in less time. Also described are the basics of Assembly language programming (MASM) and the system and format of commands for the Intel microprocessor. Aspects of disassembling, analyzing, and debugging software code are considered in detail, and an overview of contemporary disassemblers and debuggers used when analyzing executable code is provided. The basics of working with these tools and their operating principles are also included, and emphasis is placed on analyzing software code and identifying the main structure of those languages in which they were written.

Book of Month: March

Professional Rootkits
Author: Ric Vieler
Publisher: Wrox
Year: 2007
Pages: 360
Amazon’s book description: This book provides the detailed, step-by-step instructions and examples required to produce full-featured, robust rootkits. Presented in modular sections, source code from each chapter can be used separately or together to produce highlyspecific functionality. In addition, Vieler details the loading, configuration, and control techniques used to deploy rootkits. All ancillary software is fully detailed with supporting source code and links to the compilers, utilities, and scripts necessary to build and run every example provided.

Book of Month: February

Hacking Exposed Wireless
Author: Johnny Cache, Vincent Liu
Publisher: McGraw-Hill Osborne Media
Year: 2007
Pages: 386
Amazon’s book description: Defend against the latest pervasive and devastating wireless attacks using the tactical security information contained in this comprehensive volume. Hacking Exposed Wireless reveals how hackers zero in on susceptible networks and peripherals, gain access, and execute debilitating attacks. Find out how to plug security holes in Wi-Fi/802.11 and Bluetooth systems and devices. You’ll also learn how to launch wireless exploits from Metasploit, employ bulletproof authentication and encryption, and sidestep insecure wireless hotspots. The book includes vital details on new, previously unpublished attacks alongside real-world countermeasures.

Book of Month: December

Open Source Fuzzing Tools
Author: Noam Rathaus, Gadi Evron
Publisher: Syngress
Year: 2007
Pages: 448
Amazon’s book description: Open Source Fuzzing Tools is the first book to market that covers the subject of black box testing using fuzzing techniques. Fuzzing has been around fow a while, but is making a transition from hacker home-grown tool to commercial-grade quality assurance product. Using fuzzing, developers can find and eliminate buffer overflows and other software vulnerabilities during the development process and before release.