501(c)3 Nonprofit providing Open Source and Open Access computer security training material.
#OST2
re-launched July 2021! OpenSecurityTraining2
@infosec
.exchange
📣"Trusted Computing 1102: Intermediate Trusted Platform Module (TPM) usage" by Dimi Tomov of is now released!📣
Topics include:
* Introduction to the Enhanced System API (ESAPI) and the tpm2-tss
* The Endorsement Hierarchy and
The new
#OpenSecurityTraining2
site has been launched at ! 🎉🥳 Anyone can now sign up for the public betas of the first classes (with more to come soon!)
We're currently at 790 registered users. Help spread the word about
#OpenSecurityTraining2
and we can probably reach our first 1000 users this re-opening weekend!
📣Call for beta testers for new
#OST2
classes📣
Cedric Halbronn
@saidelike
has created multiple days of classes on Windows kernel debugging, internals, and exploitation
To sign up, fill out the survey here:
📣"Debuggers 1101: Introductory IDA" released!📣
This mini-class by Christina Johns
@bitmaize
provides students with a hands-on introduction to the IDA interface, and using the IDA debugger.
Dbg1101 is also incorporated into the
#OST2
📣New
#OST2
class!!!📣"Debuggers 3301: HyperDbg"📣
This ~16 hour class (based on average beta tester completion time) by Sina Karvandi
@intel80x86
covers his hypervisor-based debugger HyperDbg
📣New
#OST2
class!!📣"Exploitation 4011: Windows Kernel Exploitation: Race Condition + UAF in KTM"📣
This ~33 hour(!) class by Cedric Halbronn
@saidelike
from NCC Group
@NCCGroupInfosec
, is the longest and most advanced class offered at OST2 to date!
📣Debuggers 1102: Introductory Ghidra released!📣
This class by Erin Cornelius and
@XenoKovah
provides students with a hands-on introduction to Ghidra as a debugger, wrapping GDB or WinDbg, thus providing decompilation support.
We have updated the
#OST2
Learning Paths to better show the relationship of classes like Dbg1101 Intro IDA and Dbg1102 Intro Ghidra to other debugger and assembly classes.
As a reminder, everywhere you're seeing white boxes, that means we're looking for volunteers to help fill
The new
#OpenSecurityTraining2
site has been launched at ! 🎉🥳 Anyone can now sign up for the public betas of the first classes (with more to come soon!)
We're currently searching for professional C/C++/ObjC developers to beta test the new Vulnerabilities 1001 class. You will learn about stack/heap buffer overflows, non-linear out-of-bound writes, integer over/underflows, and signedness vulns
Sign up here:
#OpenSecurityTraining2
public betas open tomorrow, July 16th 2021. The new URL will be the primary address, and will be switched over to the
#OST2
main page too. OST1 content will remain accessible at old URLs until it's updated
We have updated our course completion certificates to add the average time that it takes to complete the class. This is for folks who'd like an easy way to count that time towards continuing education credits. We don't have good data for our mini, sub-day-classes like the
Massive thanks to the all-star instructors who released new
#OST2
classes in 2022! Thanks to
Gal Zaban
@0xgalz
for
Reverse Engineering 3011: Reversing C++ Binaries
Over 6000 students are currently registered at OST2!
👩🎓👨🎓👩🎓👨🎓👩🎓👨🎓👩🎓👨🎓👩🎓👨🎓👩🎓👨🎓
Thanks to those who help spread the word! But there are many more who haven't heard about the site yet. Reminder: now's a good time to tell high school / college students to go level up over the summer
One year ago Cedric Halbronn
@saidelike
released his
"Exploitation 4011: Windows Kernel Exploitation: Race Condition + UAF in KTM" class , and helper classes on Windows Internals and Advanced WinDbg !
The playlist for the
#OST2
"Architecture 2821: Windows Kernel Internals 2" class by
@saidelike
is now public for those who like to download videos.
But as always the best class experience is with the full lab instructions at
Thank you to everyone who's donated time and money to
#OST2
since our relaunch 6 months ago! Thank you to the instructors who are working on new classes! Thank you to the students who've taken and completed classes! 2022 will be even better!
📢Call for beta testers!📢
"Debuggers 1101: Introductory IDA" by Christina Johns
@bitmaize
will start July 26th, and run for 4 weeks. It is a mini-class and will take only ~3 hours to complete
If you're interested in participating, please sign up below:
So in reality, with these 3 most recent classes
@saidelike
created a ~44 hour course(!), that we requested he break up slightly so we could reuse some of the general-purpose debugger/windows internals information on other learning. An outstanding achievement by Cedric!👏
#OST2
's 3rd anniversary since the relaunch is coming up next week! Now's a great time to let people know about all the free classes they could be taking over the summer to level up their security expertise!
Here's a great article written by one of the
#OST2
"Reverse Engineering 3201: Symbolic Analysis" beta test students,
@conaned6
, where he turned around and used what he learned from
@barbieauglend
to solve a crackme challenge:
Periodic call for volunteers:
We're looking for instructors for an "Introduction to Fuzzing" class, and an "Introduction to Dynamic Malware Analysis" class.
If you'd be interested in teaching one of these classes, reach out at teach @
We've started hearing from a few instructors who work in a pentesting/red team role. So it's time to start putting together a learning path in this area. If you're an instructor and would like to contribute, reach out at teach
@ost2
.fyi
📣"Trusted Computing 1101: Introductory Trusted Platform Module (TPM) usage" is now released!📣
Topics include use of TPMs for digital signing, HMAC, secure storage, protecting external data, and how to enable TPM's protection against physical MITM attack
📣New
#OST2
class!!!📣"Architecture 2821: Windows Kernel Internals 2"📣
This is a ~5 hour class (based on average beta tester completion time) by Cedric Halbronn
@saidelike
from NCC Group
@NCCGroupInfosec
.
Last July, Gal Zaban
@0xgalz
released
Reverse Engineering 3011: Reversing C++ Binaries
An advanced reverse engineering class teaching existing reverse engineers who are already comfortable with IDA Pro, how to use it for reversing code written in C++
Exciting news!! My “RE 3201: Symbolic Analysis" is finally available to y'all at
#OST2
! Thanks
@XenoKovah
for putting this awe-inspiring platform of knowledge sharing together and giving me a chance to have a small part on it :) check it out here:
We are currently looking for steering committee members for the following OST2 learning paths:
Exploits, Malware Analysis, DFIR, Hardware Hacking, Wireless Security, Web AppSec, Applied Cryptography, and Trusted Systems Design
📣New
#OST2
class!!!📣"Debuggers 3011: Advanced WinDbg"📣
This is a ~6 hour class (based on average beta tester completion time) by Cedric Halbronn
@saidelike
from NCC Group
@NCCGroupInfosec
After our Open edX upgrade, we can now make classes fully open, so that students (and search engines!) can dive deep into a class to see what's inside. Though it's still recommended to enroll to track your completion progress and get a completion cert
e.g.
The YouTube playlist for
#OST2
“Exploitation 4011: Windows Kernel Exploitation: Race Condition + UAF in KTM” class by Cedric Halbronn
@saidelike
is now public for those who like to download videos:
📣"Architecture 1005: RISC-V Assembly" is now released!📣
This class is templated on the
#OST2
Arch1001 x86-64 assembly class. It covers the
@risc_v
RV32I/RV64I base ISAs, the "C" Compressed instructions, and the "M" multiply/divide/remainder extension.
We're currently at 790 registered users. Help spread the word about
#OpenSecurityTraining2
and we can probably reach our first 1000 users this re-opening weekend!
Massive thanks to the all-star instructors who released new
#OST2
classes in 2022! Thanks to
Xeno Kovah
@XenoKovah
for
Hardware 1101: Intel SPI Analysis
📢Call for beta testers!📢
The "Debuggers 1102: Introductory Ghidra" mini-class by
@e_er1n
will begin May 10th. This class can standalone but will be integrated with
#OST2
Assembly classes after beta testing too.
Sign up here:
Thank you to everyone who has contributed time and money to
#OST2
this year!
As you're thinking about your end-of-year giving please stop by to see how you can contribute time or money towards our mission to make more and better engineers faster
🎉
#OST2
has reached 20k registered users!🥳
Thanks to all our volunteer instructors, students, and sponsors for their support!
If you haven't taken a class yet, go check them out here:
OST2 is a new member of Nonprofit Cyber, an alliance of nonprofits working in...wait for it...CYBER! (security not netics) We're looking forward to working together with the other members like
@SAFECode
and
@ShareInCyber
to make our classes even better
Massive thanks to the all-star instructors who released new
#OST2
classes in 2022! Thanks to
Thaís Moreira Hamasaki
@barbieauglend
for
Reverse Engineering 3201: Symbolic Analysis
Literally last night we finally got the course completion certificates for classes on
#OST2
customized away from the default, so they look *slightly* less plain. This automatically applies to existing certs
But if anyone with graphics skills wants to help out we'd welcome it :)
We upgraded our Open edX instance to pick up a bug fix for an issue which was causing course completion certificates to break. Let us know if there's any further issues.
Massive thanks to the all-star instructors who released new
#OST2
classes in 2022! Thanks to
Xeno Kovah
@XenoKovah
and Kc Udonsi
@glitchnsec
for
Vulnerabilities 1001: C-Family Software Implementation Vulnerabilities
🥳Today is OST2's 3rd anniversary!🎉
Buuut...we'll save most of the celebratory noise until next week, since
@XenoKovah
just had an appendectomy and isn't in much of a "managing social media" mood ;)
(For example, "Intro x86" and "Intermediate x86" which
@XenoKovah
will take down in favor of his updated "Architecture 1001: x86-64 Assembly" and "Architecture 2001: x86-64 OS Internals" classes which are higher quality and more effective teaching instruments)
Enough looking backwards at year 3 of
#OST2
, let's look to year 4! Starting with the beta mini-class for Intro IDA which is starting later this week! Sign up below, especially if you want to learn IDA at the same time as you learn x86-64 asm!
📢Call for beta testers!📢
"Debuggers 1101: Introductory IDA" by Christina Johns
@bitmaize
will start July 26th, and run for 4 weeks. It is a mini-class and will take only ~3 hours to complete
If you're interested in participating, please sign up below:
Deep dive into interacting with TPMs by taking the beta of the new "Intermediate TPM usage" class. In this class you'll use the Enhanced System API (ESAPI) to do things like remote attestation. Also how to protect against physical bus MitM attacks
In Aug. Sina Karvandi
@Intel80x86
released "Debuggers 3301: HyperDbg", with an average completion time of 16h11m.
This class about his custom hypervisor-based debugger, gives REs an opportunity to go even deeper with their Windows Internals skills!
🧵Far be it from us to compete with
#CrowdStrike
on its big day but...Like "Debuggers 1102: Introductory Ghidra" this class was intentionally requested to be taught in an atypical way - teaching you how to use
@HexRaysSA
's IDA Free as a wrapper around debuggers like WinDbg or GDB
📢Call for beta testers!📢
"Debuggers 1101: Introductory IDA" by Christina Johns
@bitmaize
will start July 26th, and run for 4 weeks. It is a mini-class and will take only ~3 hours to complete
If you're interested in participating, please sign up below:
We've posted an updated version of "Introductory TPM usage" which contains an added 26m video discussing different types of TPMs and contrasting them with technologies like Secure Elements and TrustZone.
Because you're now able to see into all
#OST2
Coreboot training is coming to OST2 from the 3mdeb folks. If you're interested in learning about the leading alternative to UEFI for x86 firmware, please go answer these questions
What's the ideal platform for coreboot training? Please share your thoughts in this opensource survey of just 7 questions.
Thank you very much in advance!
Recently NIST posted a grant for cybersecurity education. It requires partnering with an academic institution or nonprofit. OpenSecurityTraining2 is a 501(c)(3) nonprofit, and is open to partnering with companies on grant applications like this.
Deep dive into interacting with TPMs by taking the beta of the new "Intermediate TPM usage" class. In this class you'll use the Enhanced System API (ESAPI) to do things like remote attestation. Also how to protect against physical bus MitM attacks
The class builds upon existing OST2 classes like (Intro WinDbg) and (Intermediate WinDbg) and assumes a level of OS knowledge that's given in (x86-64 OS Internals).
Nonprofit Cyber today announced that it had published an index of cybersecurity solutions offered by its members: the Nonprofit Cyber Solutions Index. This is the first comprehensive index of actual cybersecurity capabilities provided by the NGO community.
Recently NIST posted a grant for cybersecurity education. It requires partnering with an academic institution or nonprofit. OpenSecurityTraining2 is a 501(c)(3) nonprofit, and is seeking companies to partner with
If you use to have Amazon donate .5% of your purchase price towards charities (at no cost to you), you can now set OST as your preferred charity by going here:
Call for instructors: We're looking for more non-TCG trusted computing track material to help designers build more secure systems. If you'd be interested in making a class about Secure Elements / Smart Cards let us know in DM or at teach
@ost2
.fyi
Because of its use of virtualization, it can also go beyond the limits of the x86 architecture, for instance by providing unlimited "hardware" breakpoints, so you can set as many "break on write" or "break on read" breakpoints as you want.
And also we mentioned that we had hit 20k students a while back, and we're currently at well over 21k on our way to 22k! Let the mad skillz wash over you!
We are pleased to announce that the Trusted Computing Group (TCG)
@TrustedComputin
have become a Partner of
#OST2
, to support the development of free and open classes on Trusted Computing technologies like the Trusted Platform Module (TPM).
Donation thread! If you get corporate matching for your donations to 501c3 charities, e.g. through platforms like Benevity (), please consider giving to OST2 this year. So far we've been putting funds towards improved AV equipment for instructors.
The next
#OST2
class is ready for beta testers!
@3mdeb_com
is presenting Arch4031: x86-64 Reset Vector Implementation: coreboot. Go check out what they're looking for from beta testers here:
There is currently an error where Google Drive embedded images used on
#OST2
(for the past 2+ years) are returning HTTP error 403 and not showing up on OST2 class pages. We are in contact with Google support about this. If something seems like it's missing images, this is why
is now also incorporated into
#OST2
assembly classes like x86-64 asm, and RISC-V asm, so that students can do the final binary bomb lab reverse engineering exercise without, or with, decompilation support
We recently created invite-only "Alumni" Slack channels for students who complete
#OST2
classes. They're a place to more easily connect with instructors (after you've shown you're willing to put in the work ;)), as well as other students who are interested in the same topics
The production
#OST2
server was upgraded yesterday, and we will soon be able to make use of some features which were broken in the previous version of Open edX, such as making classes *public* so there is no need for registration to get to the content
In Aug. Cedric Halbronn
@saidelike
released 3 classes which combined are "Exploitation 4011: Windows Kernel Exploitation: Race Condition + UAF in KTM" and have an average completion time of 39h33m!
- "Debuggers 3011: Advanced WinDbg" - 5h57m avg
Different orgs have experimented with different video styles. Of the styles shown in the attached image, which would you prefer OST2 use? (Twitter only allows 4-response polls, so to vote just like the below threaded reply which corresponds to your answer.)
📢Call for beta testers!📢
The "Debuggers 1102: Introductory Ghidra" mini-class by
@e_er1n
will begin May 10th. This class can standalone but will be integrated with
#OST2
Assembly classes after beta testing too.
Sign up here:
Thanks to
@NCCGroupplc
for Sponsoring
#OST2
at the Gold🥇 level!
More about them here:
NCC Group instructor
@saidelike
also brings you the "Windows Kernel Exploitation: Race Condition + UAF in KTM" class
Massive thanks to the all-star instructors who released new
#OST2
classes in 2022! Thanks to
Piotr Król
@pietrushnic
for
Architecture 4021: Introductory UEFI