From 9cac6c5599d7fce418feabe9699924139ac44120 Mon Sep 17 00:00:00 2001 From: Joe Shenouda Date: Wed, 1 Feb 2017 00:31:31 +0100 Subject: [PATCH] Grammar fixes --- README.md | 40 ++++++++++++++++++++-------------------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/README.md b/README.md index 922604b..ee2275a 100644 --- a/README.md +++ b/README.md @@ -29,15 +29,15 @@ If you are missing a site not mentioned in the list, feel free to [contribute](h Joe Shenouda [Joe Shenouda](https://nl.linkedin.com/in/josephshenouda) has extensive experience in IT, ICS & Information Security as a hands-on technical engineer, trainer, consultant and research fellow with a successful record in developing and leading technical corporate Cyber security programs for global organizations. -Previously well known in The Netherlands as "The Netdetective", Joe presented a MTV show on hacking for young adults. +Previously well known in The Netherlands as "The Netdetective", Joe presented an MTV show on hacking for young adults. -He started his Information Security career at Tilburg University in 1999 where he did research on Cyber security, cyber-crime, cyber forensics, privacy & data protection. +He started his Information Security career at Tilburg University in 1999 where he did research on Cyber security, cybercrime, cyber forensics, privacy & data protection. -He has a strong expertise in concept and cyber security architecture development with a lot of hands on technical experience in cyber security systems. Joe was responsible for significant research work through OSINT and Darknet intel and was the lead responsible in numerous Information Assurance projects that involved cyber security approaches and systems for detection, prevention and mitigation of malicious activity. +He has a strong expertise in concept and cyber security architecture development with a lot of hands-on technical experience in cyber security systems. Joe was responsible for significant research work through OSINT and Darknet intel and was the lead responsible in numerous Information Assurance projects that involved cyber security approaches and systems for detection, prevention, and mitigation of malicious activity. -As a hands-on technical specialist he knows very well how to use risk management in the planning phase while implementing the correct defense measures at the right place and able to lead a team doing that. Other than that Joe has done 100-s of security assessments and audits for numerous customers. +As a hands-on technical specialist, he knows very well how to use risk management in the planning phase while implementing the correct defense measures at the right place and able to lead a team doing that. Other than that Joe has done 100-s of security assessments and audits for numerous customers. -As a subject matter expert on cyber security, Joe served both internally and externally as a trusted adviser and technical architect to senior management of government and industry on the topics of cyber security risk management, architecture, technical implementation, operations and compliance, as well as on infrastructure resilience, disaster recovery and business continuity. Joe also spoke frequently on cyber security and risk management at professional conferences, and published articles and blogs on issues relating to cyber security. +As a subject matter expert on cyber security, Joe served both internally and externally as a trusted adviser and technical architect to senior management of government and industry on the topics of cyber security risk management, architecture, technical implementation, operations and compliance, as well as on infrastructure resilience, disaster recovery, and business continuity. Joe also spoke frequently on cyber security and risk management at professional conferences and published articles and blogs on issues relating to cyber security. Continuously managing risk and improving cyber security posture in complex enterprises is what he does best. @@ -59,13 +59,13 @@ Continuously managing risk and improving cyber security posture in complex enter |[Damn Vulnerable Hybrid Mobile App](https://github.com/logicalhacking/DVHMA)|Damn Vulnerable Hybrid Mobile App (DVHMA) is an hybrid mobile app (for Android) that intentionally contains vulnerabilities.| |[Damn Vulnerable iOS App](http://damnvulnerableiosapp.com/)|Damn Vulnerable iOS App (DVIA) is an iOS application that is damn vulnerable.| |[Damn Vulnerable Linux](http://www.computersecuritystudent.com/SECURITY_TOOLS/DVL/lesson1/)|Damn Vulnerable Linux (DVL) is everything a good Linux distribution isn't. Its developers have spent hours stuffing it with broken, ill-configured, outdated, and exploitable software that makes it vulnerable to attacks.| -|[Damn Vulnerable Router Firmware](https://github.com/praetorian-inc/DVRF)|The goal of this project is to simulate a real world environment to help people learn about other CPU architectures outside of the x86_64 space. This project will also help people get into discovering new things about hardware.| +|[Damn Vulnerable Router Firmware](https://github.com/praetorian-inc/DVRF)|The goal of this project is to simulate a real-world environment to help people learn about other CPU architectures outside of the x86_64 space. This project will also help people get into discovering new things about hardware.| |[Damn Vulnerable Stateful Web App](https://github.com/silentsignal/damn-vulnerable-stateful-web-app)|Short and simple vulnerable PHP web application that naïve scanners found to be perfectly safe.| |[Damn Vulnerable Thick Client App](https://github.com/secvulture/dvta)|DVTA is a Vulnerable Thick Client Application developed in C# .NET with many vulnerabilities.| |[Damn Vulnerable Web App](http://www.dvwa.co.uk/)|Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.| |[Damn Vulnerable Web Services](https://github.com/snoopysecurity/dvws)|Damn Vulnerable Web Services is an insecure web application with multiple vulnerable web service components that can be used to learn real world web service vulnerabilities.| |[Damn Vulnerable Web Sockets](https://github.com/interference-security/DVWS)|Damn Vulnerable Web Sockets (DVWS) is a vulnerable web application which works on web sockets for client-server communication.| -|[Damnvulnerable.me](https://github.com/skepticfx/damnvulnerable.me)|A deliberately vulnerable modern day app with lots of DOM related bugs.| +|[Damnvulnerable.me](https://github.com/skepticfx/damnvulnerable.me)|A deliberately vulnerable modern day app with lots of DOM-related bugs.| |[Dareyourmind](http://www.dareyourmind.net/)|Online game, hacker challenge.| |[DIVA Android](https://github.com/payatu/diva-android)|Damn Insecure and vulnerable App for Android.| |[EnigmaGroup](https://www.enigmagroup.org/)|Safe security resource, trains in exploits listed in the OWASP Top 10 Project and teach members the many other types of exploits that are found in today's applications.| @@ -75,7 +75,7 @@ Continuously managing risk and improving cyber security posture in complex enter |[ExploitMe Mobile](http://securitycompass.github.io/AndroidLabs/index.html)|Set of labs and a exploitable framework for you to hack mobile a application on Android.| |[Game of Hacks](http://www.gameofhacks.com/)|This game was designed to test your application hacking skills. You will be presented with vulnerable pieces of code and your mission if you choose to accept it is to find which vulnerability exists in that code as quickly as possible.| |[GameOver](https://sourceforge.net/projects/null-gameover/)|Project GameOver was started with the objective of training and educating newbies about the basics of web security and educate them about the common web attacks and help them understand how they work.| -|[Gh0stlab](http://www.gh0st.net/?p=19)|A security research network where like minded individuals could work together towards the common goal of knowledge.| +|[Gh0stlab](http://www.gh0st.net/?p=19)|A security research network where like-minded individuals could work together towards the common goal of knowledge.| |[GoatseLinux](http://neutronstar.org/goatselinux.html)|GSL is a Vmware image you can run for penetration testing purposes.| |[Google Gruyere](http://google-gruyere.appspot.com/)|Labs that cover how an application can be attacked using common web security vulnerabilities, like cross-site scripting vulnerabilities (XSS) and cross-site request forgery (XSRF). Also you can find labs how to find, fix, and avoid these common vulnerabilities and other bugs that have a security impact, such as denial-of-service, information disclosure, or remote code execution.| |[Hack This Site](https://www.hackthissite.org/)|More than just another hacker wargames site, Hack This Site is a living, breathing community with many active projects in development, with a vast selection of hacking articles and a huge forum where users can discuss hacking, network security, and just about everything.| @@ -87,20 +87,20 @@ Continuously managing risk and improving cyber security posture in complex enter |[Hacking-Lab](https://www.hacking-lab.com/Remote_Sec_Lab/)|Hacking-Lab is an online ethical hacking, computer network and security challenge platform, dedicated to finding and educating cyber security talents. Furthermore, Hacking-Lab is providing the CTF and mission style challenges for the European Cyber Security Challenge with Austria, Germany, Switzerland, UK, Spain, Romania and provides free OWASP TOP 10 online security labs.| |[HackSys Extreme Vulnerable Driver](http://payatu.com/hacksys-extreme-vulnerable-driver/)|HackSys Extreme Vulnerable Driver is intentionally vulnerable Windows driver developed for security enthusiasts to learn and polish their exploitation skills at Kernel level.| |[HackThis!!](https://www.hackthis.co.uk/)|Test your skills with 50+ hacking levels, covering all aspects of security.| -|[Hackxor](http://hackxor.sourceforge.net/cgi-bin/index.pl)|Hackxor is a webapp hacking game where players must locate and exploit vulnerabilities to progress through the story. Think WebGoat but with a plot and a focus on realism&difficulty. Contains XSS, CSRF, SQLi, ReDoS, DOR, command injection, etc.| +|[Hackxor](http://hackxor.sourceforge.net/cgi-bin/index.pl)|Hackxor is a web app hacking game where players must locate and exploit vulnerabilities to progress through the story. Think WebGoat but with a plot and a focus on realism&difficulty. Contains XSS, CSRF, SQLi, ReDoS, DOR, command injection, etc.| |[Halls of Valhalla](http://halls-of-valhalla.org/beta/challenges)|Challenges you can solve. Valhalla is a place for sharing knowledge and ideas. Users can submit code, as well as science, technology, and engineering-oriented news and articles.| |[Hax.Tor](http://hax.tor.hu/welcome/)|Provides numerous interesting “hacking” challenges to the user.| |[Hellbound Hackers](https://www.hellboundhackers.org/)|Learn a hands-on approach to computer security. Learn how hackers break in, and how to keep them out.| -|[Holynix](https://sourceforge.net/projects/holynix/files/)|Holynix is an Linux vmware image that was deliberately built to have security holes for the purposes of penetration testing.| +|[Holynix](https://sourceforge.net/projects/holynix/files/)|Holynix is an Linux VMware image that was deliberately built to have security holes for the purposes of penetration testing.| |[HSCTF3](http://hsctf.com/)|HSCTF is an international online hacking competition designed to educate high schoolers in computer science.| |[Information Assurance Support Environment (IASE)](http://iase.disa.mil/eta/Pages/index.aspx)|Great site with Cybersecurity Awareness Training, Cybersecurity Training for IT Managers, Cybersecurity Training for Cybersecurity Professionals, Cybersecurity Technical Training, NetOps Training, Cyber Law Awareness, and FSO Tools Training available online.| |[InfoSec Institute](http://resources.infosecinstitute.com/free-cissp-training-study-guide/)|Free CISSP Training course.| |[ISC2 Center for Cyber Safety and Education](https://safeandsecureonline.org/)|Site to empower students, teachers, and whole communities to secure their online life through cyber security education and awareness with the Safe and Secure Online educational program; information security scholarships; and industry and consumer research.| |[Java Vulnerable Lab](https://github.com/CSPF-Founder/JavaVulnerableLab)|Vulnerable Java based Web Application.| -|[Juice Shop](https://github.com/bkimminich/juice-shop)|OWASP Juice Shop is an intentionally insecure webapp for security trainings written entirely in Javascript which encompasses the entire OWASP Top Ten and other severe security flaws.| -|[Ka0labs](https://challenges.ka0labs.org/home)|Here you will find jeopardy-style challenges without stressfull time-limits of regular CTFs.| +|[Juice Shop](https://github.com/bkimminich/juice-shop)|OWASP Juice Shop is an intentionally insecure web app for security trainings written entirely in Javascript which encompasses the entire OWASP Top Ten and other severe security flaws.| +|[Ka0labs](https://challenges.ka0labs.org/home)|Here you will find jeopardy-style challenges without stressful time-limits of regular CTFs.| |[Kioptrix VM](http://www.kioptrix.com/blog/a-new-vm-after-almost-2-years/)|This vulnerable machine is a good starting point for beginners.| -|[LAMPSecurity Training](https://sourceforge.net/projects/lampsecurity/)|LAMPSecurity training is designed to be a series of vulnerable virtual machine images along with complementary documentation designed to teach linux,apache,php,mysql security.| +|[LAMPSecurity Training](https://sourceforge.net/projects/lampsecurity/)|LAMPSecurity training is designed to be a series of vulnerable virtual machine images along with complementary documentation designed to teach Linux,apache,PHP,MySQL security.| |[Magical Code Injection Rainbow](https://github.com/SpiderLabs/MCIR)|The Magical Code Injection Rainbow! MCIR is a framework for building configurable vulnerability testbeds. MCIR is also a collection of configurable vulnerability testbeds.| |[McAfee HacMe Sites](http://www.mcafee.com/us/downloads/free-tools/index.aspx)|Search the page for HacMe and you'll find a suite of learning tools.| |[Metasploit Unleashed](https://www.offensive-security.com/metasploit-unleashed/)|Free Ethical Hacking Course.| @@ -108,14 +108,14 @@ Continuously managing risk and improving cyber security posture in complex enter |[Microcorruption CTF](https://microcorruption.com/login)|Challenge: given a debugger and a device, find an input that unlocks it. Solve the level with that input.| |[Morning Catch](http://blog.cobaltstrike.com/2014/08/06/introducing-morning-catch-a-phishing-paradise/)|Morning Catch is a VMware virtual machine, similar to Metasploitable, to demonstrate and teach about targeted client-side attacks and post-exploitation.| |[Moth](http://www.bonsai-sec.com/en/research/moth.php)|Moth is a VMware image with a set of vulnerable Web Applications and scripts.| -|[Mutillidae](https://sourceforge.net/projects/mutillidae/)|OWASP Mutillidae II is a free, open source, deliberately vulnerable web-application providing a target for web-security enthusiest.| +|[Mutillidae](https://sourceforge.net/projects/mutillidae/)|OWASP Mutillidae II is a free, open source, deliberately vulnerable web application providing a target for web-security enthusiast.| |[MysteryTwister C3](https://www.mysterytwisterc3.org/en/)|MysteryTwister C3 lets you solve crypto challenges, starting from the simple Caesar cipher all the way to modern AES, they have challenges for everyone.| |[National Institutes of Health (NIH)](https://irtsectraining.nih.gov/publicUser.aspx)|Short courses on Information Security and Privacy Awareness. They have a section for executives, managers and IT Administrators as well.| |[Overthewire](http://overthewire.org/wargames/)|The wargames offered by the OverTheWire community can help you to learn and practice security concepts in the form of fun-filled games.| |[OWASP Broken Web Applications Project](https://www.owasp.org/index.php/OWASP_Broken_Web_Applications_Project)|OWASP Broken Web Applications Project is a collection of vulnerable web applications that is distributed on a Virtual Machine.| |[OWASP GoatDroid](https://github.com/jackMannino/OWASP-GoatDroid-Project)|OWASP GoatDroid is a fully functional and self-contained training environment for educating developers and testers on Android security. GoatDroid requires minimal dependencies and is ideal for both Android beginners as well as more advanced users.| |[OWASP iGoat](https://www.owasp.org/index.php/OWASP_iGoat_Project)|iGoat is a learning tool for iOS developers (iPhone, iPad, etc.).| -|[OWASP Mutillidae II](https://sourceforge.net/projects/mutillidae/)|OWASP Mutillidae II is a free, open source, deliberately vulnerable web-application providing a target for web-security enthusiest.| +|[OWASP Mutillidae II](https://sourceforge.net/projects/mutillidae/)|OWASP Mutillidae II is a free, open source, deliberately vulnerable web-application providing a target for web-security enthusiast.| |[OWASP Security Shepherd](https://www.owasp.org/index.php/OWASP_Security_Shepherd)|The OWASP Security Shepherd project is a web and mobile application security training platform.| |[OWASP SiteGenerator](https://www.owasp.org/index.php/Owasp_SiteGenerator)|OWASP SiteGenerator allows the creating of dynamic websites based on XML files and predefined vulnerabilities (some simple, some complex) covering .Net languages and web development architectures (for example, navigation: Html, Javascript, Flash, Java, etc...).| |[Pentesterlab](https://pentesterlab.com/exercises/from_sqli_to_shell)|This exercise explains how you can, from a SQL injection, gain access to the administration console, then in the administration console, how you can run commands on the system.| @@ -125,7 +125,7 @@ Continuously managing risk and improving cyber security posture in complex enter |[Professor Messer](http://www.professormesser.com/)|Good free training video's, not only on Security, but on CompTIA A+, Network and Microsoft related as well.| |[Puzzlemall](https://code.google.com/archive/p/puzzlemall/)|PuzzleMall - A vulnerable web application for practicing session puzzling.| |[Pwnable.kr](http://pwnable.kr/)|'pwnable.kr' is a non-commercial wargame site which provides various pwn challenges regarding system exploitation. while playing pwnable.kr, you could learn/improve system hacking skills but that shouldn't be your only purpose.| -|[Pwnerrank](https://www.pwnerrank.com/)|A Capture The Flag platform dedicated for information security learning, training and practicing by solving a set challenges.| +|[Pwnerrank](https://www.pwnerrank.com/)|A Capture The Flag platform dedicated to information security learning, training and practicing by solving a set challenges.| |[Pwnos](http://www.pwnos.com/)|PwnOS is a vulnerable by design OS .. and there are many ways you can hack it.| |[Reversing.kr](http://reversing.kr/index.php)|This site tests your ability to Cracking & Reverse Code Engineering. | @@ -135,9 +135,9 @@ Continuously managing risk and improving cyber security posture in complex enter |[RPISEC/MBE](https://github.com/RPISEC/MBE)|Modern Binary Exploitation Course materials.| |[RPISEC/Malware](https://github.com/RPISEC/Malware)|Malware Analysis Course materials.| |[SANS Cyber Aces](http://www.cyberaces.org/courses/)|SANS Cyber Aces Online makes available, free and online, selected courses from the professional development curriculum offered by The SANS Institute, the global leader in cyber security training.| -|[Scene One](http://21ltr.com/2012/06/19/21LTR-Scene-One-LiveCD/)|Scene One is a pentesting scenario liveCD made for a bit of fun and learning.| +|[Scene One](http://21ltr.com/2012/06/19/21LTR-Scene-One-LiveCD/)|Scene One is a pen testing scenario liveCD made for a bit of fun and learning.| |[SEED Labs](http://www.cis.syr.edu/~wedu/seed/all_labs.html)|The SEED project has labs on Software, Network, Web, Mobile and System security and Cryptography labs.| -|[SentinelTestbed](https://github.com/dobin/SentinelTestbed)|Vulnerable web site. Used to test sentinel features.| +|[SentinelTestbed](https://github.com/dobin/SentinelTestbed)|Vulnerable website. Used to test sentinel features.| |[SG6 SecGame](http://sg6-labs.blogspot.nl/2007/12/secgame-1-sauron.html)|Spanish language, vulnerable GNU/Linux systems.| |[SlaveHack](http://www.slavehack.com/)|My personal favorite : Slavehack is a virtual hack simulation game. Great for starters, I've seen kids in elementary school playing this!| |[SlaveHack 2 *BETA*](https://www.slavehack2.com/)|Slavehack 2 is a sequel on the original Slavehack. It's also a virtual hack simulation game but you will find features much more closer to today's Cyber reality.| @@ -151,13 +151,13 @@ Continuously managing risk and improving cyber security posture in complex enter |[ThisIsLegal](http://www.thisislegal.com/)|A hacker wargames site but also with much more.| |[Try2Hack](http://www.try2hack.nl/)|Try2hack provides several security-oriented challenges for your entertainment. The challenges are diverse and get progressively harder.| |[UltimateLAMP](http://www.amanhardikar.com/mindmaps/practice-links.html)|UltimateLAMP is a fully functional environment allowing you to easily try and evaluate a number of LAMP stack software products without requiring any specific setup or configuration of these products.| -|[Vicnum](http://vicnum.ciphertechs.com/)|Vicnum is an OWASP project consisting of vulnerable web applications based on games commonly used to kill time. These applications demonstrate common web security problems such as cross site scripting, sql injections, and session management issues.| +|[Vicnum](http://vicnum.ciphertechs.com/)|Vicnum is an OWASP project consisting of vulnerable web applications based on games commonly used to kill time. These applications demonstrate common web security problems such as cross-site scripting, SQL injections, and session management issues.| |[Vulnhub](https://www.vulnhub.com/)|An extensive collection of vulnerable VMs with user-created solutions.| |[Vulnix](https://www.rebootuser.com/?page_id=1041)|A vulnerable Linux host with configuration weaknesses rather than purposely vulnerable software versions.| |[Vulnserver](http://www.thegreycorner.com/2010/12/introducing-vulnserver.html)|Windows based threaded TCP server application that is designed to be exploited.| |[W3Challs](https://w3challs.com)|W3Challs is a penetration testing training platform, which offers various computer challenges, in categories related to security| |[WackoPicko](https://github.com/adamdoupe/WackoPicko)|WackoPicko is a vulnerable web application used to test web application vulnerability scanners.| -|[Web Attack and Exploitation Distro](http://www.waed.info/)|WAED is pre-configured with various real-world vulnerable web applications in a sandboxed environment. It includes pentesting tools as well.| +|[Web Attack and Exploitation Distro](http://www.waed.info/)|WAED is pre-configured with various real-world vulnerable web applications in a sandboxed environment. It includes pen testing tools as well.| |[Web Security Dojo](https://sourceforge.net/projects/websecuritydojo/)|Web Security Dojo is a preconfigured, stand-alone training environment for Web Application Security.| |[WebGoat](https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project)|WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons. You can install and practice with WebGoat.| |[Wechall](http://www.wechall.net/)|Focussed on offering computer-related problems. You will find Cryptographic, Crackit, Steganography, Programming, Logic and Math/Science. The difficulty of these challenges vary as well.|