Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Reversing Education

289 views

Published on

Reversing (Reverse Engineering) Education is a method used to create educational content for self-study. In this talk it is discussed how to research topics from SANS courses and create content to learn the skills as outlined in the SANS course. This method not only helps create self-study content it teaches one how to research topics of interest and terms relevant to the subject. The presentation covers how to collect and organized information collected during education reversing, as well as tools to help memorize and prepare for exams.

Published in: Education
  • Be the first to comment

  • Be the first to like this

Reversing Education

  1. 1. Reversing Education Reverse Engineering Educational Content
  2. 2. whoami? Phillip Wylie, CISSP, OSCP, GWAPT • Principal InfoSec Engineer/Penetration Tester @ U.S. Bank • Adjunct Instructor of Ethical Hacking @ Richland College • Bugcrowd Ambassador • Founder of The Pwn School Project 21+ years IT and InfoSec experience 6.5 years system administration 8 years network security & AppSec 7 years pentesting (5 years consulting)
  3. 3. My Non Linear Path to InfoSec Pro wrestler > CAD draftsman > Sysadmin > Infosec > Pentester
  4. 4. Reversing Education • What? • Why? • How?
  5. 5. Reversing Education: What? Reversing is short for reverse engineering Definition of REVERSE ENGINEER transitive verb : to disassemble and examine or analyze in detail (a product or device) to discover the concepts involved in manufacture usually in order to produce something similar — reverse engineering noun
  6. 6. Reversing Education: What? Applying reverse engineering techniques to create personal learning materials for self-study. (i.e. web app pentesting, network pentesting, reverse engineering apps)
  7. 7. Reversing Education: Why? • Save money • Studying prior to taking a course to be more prepared (common with OSCP and OSCE) • More current content • Customized content • Level of detail • Content focus • Improve your research skills
  8. 8. Reversing Education: How? • Pick a subject to learn • Research subject • Collect initial content from research • Create topic outline • Collect content based on topic outline • Organize
  9. 9. Reversing Education: How? Education sources to reverse engineer • Courses including certification courses • Books
  10. 10. Reversing Education: How? Tools for reversing education • Internet browser • Search engine • Evernote or some other note app (Evernote has a web clipping feature that makes collecting info easier) *Disclaimer: I am not recommending plagiarism.
  11. 11. Example: Reversing an Education Source Target = SANS GWAPT – Web Application Penetration Testing
  12. 12. Example: Reversing an Education Source
  13. 13. Example: Reversing an Education Source
  14. 14. Example: Reversing an Education Source
  15. 15. Example: Reversing an Education Source
  16. 16. Example: Reversing an Education Source
  17. 17. Example: Reversing an Education Source • Create topic outline based on the GWAPT topics • Research and collect content on topics outlined
  18. 18. Example: Reversing an Education Source Web server types:
  19. 19. Example: Reversing an Education Source Web server developer (vendor): Market share of all sites
  20. 20. Example: Reversing an Education Source Web server developers (vendors): Market share of active sites
  21. 21. Example: Reversing an Education Source • Based on the stats of the previous two slides we should focus on Microsoft IIS and Apache Web Server • Research and collect content on IIS and Apache
  22. 22. Example: Reversing an Education Source Application Server Software
  23. 23. Example: Reversing an Education Source HTTP Protocol:
  24. 24. Example: Reversing an Education Source
  25. 25. Example: Reversing an Education Source • We can use the Mozilla site to learn how the HTTP protocol works and we add this to our content • If more content is needed or the quality source is satisfactory, continue researching the topic
  26. 26. Example: Reversing an Education Source • We repeat the process of researching and collection until we have completely gone through the topics in the outline • Since this is customizable to your specific needs you can collect as much or as little content as needed
  27. 27. Example: Reversing an Education Source As you research the topics to build your content, you can identify other learning resources. • OWASP Testing Guide (free) • The Web Application Hacker's Handbook 2nd edition • SANS Cheat Sheets • Samurai WTF course PDF
  28. 28. Organizing Resources • Create structure based on topics in outline • Use Evernote web clipping plugin to collect research • Sort research content as collected • Review content collected, if more is required continue collection
  29. 29. Test Prep Quizlet can be used to create flash cards and practice exams.
  30. 30. Questions?
  31. 31. Thank you! @phillipwylie /ln/phillipwylie TheHackerMaker.com

×