SlideShare a Scribd company logo

Dark Insight: the Basic of Security - Alexander Obozinskiy

Ruby Meditation, profile picture
Ruby Meditation

The document discusses various topics related to cyber security including hardware threats, software threats, network threats, data threats, social engineering, securing systems, and recommended security tools. It lists examples of vulnerabilities and security issues across operating systems, software, networks, and data. It also provides recommendations for securing hardware, operating systems, software, networks, data, cryptography, and web applications.

Technology
Related topics:
Information Security
1 of 30
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
Dark Insight the basics of security by Alexander Obozinsky
We are talking about Things like • BIND TSIG CVE-2017-3143 • Intel AMT CVE-2017-5689 • Doorkeeper CVE-2016-6582 • Google groups for business default settings • Source engine • Ovidiy Stealer • Kerberos CVE-2017-11368 • sudo CVE-2017-1000367 • Skype CVE-2017-6517 • RubyGems CVE-2017-0901
Informational Security Confidentiality Integrity Availability
Cyber Security Is about threats for • Hardware • Software • Network • Data
Hardware Threats • Physical • Not only about servers • Not only about computers • Hidden hardware in your computers • Closed-source firmware • Virtualization • Escaping from guest OS • Clouds
Software Threats • OS security • Vulnerabilities in libraries • Vulnerabilities in server software • 3rd party software can have unexpected side effects • Open source software can be compromised • Insecurity in security software
Network Threats • Passive • Monitoring • Eavesdropping • Active • Tampering • DoS • Buffer Overflow • DNS poisoning • XSS/CSRF/SSRF/SQLi • Networking devices • IoT devices
Data Threats • Can be violated by 3rd persons • Data integrity can be broken by hardware/software failures • Fake data can be used as primary source of truth • Small leak can compromise whole system
Social Engineering Hack by using human psychology vulnerabilities • Giving people what they want • Provoking by content • Road Apple Attack • Phishing • Using information from social networks • Reverse SE
Insiders • You can buy insider info • Insider can be hired by you • Someone can compromise your normal employee • Life circumstances can turn your employees against you • Firing process
Securing Your Systems
Hardware • Personal • Enterprise Workstations • Servers
Operating Systems • Linux distributions • OpenBSD • Windows • Virtual Environments • Containers • Cloud VPS
Software • Design safe systems • Agile vs Security • Security checks • Monitoring • Code inspection and review • Automated security scanning • OWASP Software Assurance Maturity Model
Network • Corporate network • Wifi routers • Guest networks • Mobile Phones • DNS Sec • DMZ • Firewalls • WAF • Intrusion Prevention • Honeypots • Intrusion Detection • Simple Models • Port Knocking • Remote access to your servers through VPN
Data • Integrity • Persistence • Access Restriction • Confidentiality
Cryptography • Ciphers • Asymmetric • RSA/DSA/DH • Symmetric • Block • DES/3DES • Blowfish/AES • Cipher Block Chaining (CBC) • Stream • RC4/ARCFOUR • Salsa20/ChaCha20 • Hash functions • MD5 • SHA
Web Applications Security • SSL/TLS • HTTPS / HTTP2 • letsencrypt.org • Web Application Firewalls • Local • Cloud • AWS/Cloudflare/Akamai • Black box testing • Fuzz testing • White box testing
Software
Tenable Nessus/Pentestit OpenVAS security scanners • 82k/50k plugins • CVE and OpenSCAP databases linked • Nessus (dockerhub pull 100k+) • OpenVAS (dockerhub pull 1m+) • http://www.openvas.org/ • https://www.tenable.com/products/nessus-vulnerability- scanner
w3af OSS web applications audit framework • Contains • Crawl plugins • Audit plugins • Attack plugins • http://w3af.org/
OWASP Zed Attack Proxy Project • Opensource • Dynamically developing • Easy to use • No paid version • https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
nikto • Checks for outdated components • Scan multiple ports on a server, or multiple servers via input file • Identifies installed software via headers, favicons and files • Subdomain guessing • Can log to Metasploit • https://cirt.net/Nikto2
• Scanner for RoR applications • https://brakemanscanner.org/
Radamsa • Open source fuzz testing framework • https://github.com/aoh/radamsa
OSS WAF • NAXSI https://github.com/nbs-system/naxsi • ModSecurity https://modsecurity.org/ • TestCookie https://github.com/kyprizel/testcookie-nginx- module
• Ruby framework • Golden Standard in Industry • https://www.offensive-security.com/metasploit-unleashed/
It’s time
Where to learn? • https://www.hacksplaining.com/ • http://www.cvedetails.com/ • https://www.owasp.org/ • http://www.opennet.ru/ • https://thehackernews.com/ • http://krebsonsecurity.com/ • https://github.com/onlurking/awesome-infosec
qu35710n5? https://gitlab.com/l33t/ahoregator rm@nmc.ninja

More Related Content

PPTX
Attacking VPN's
n|u - The Open Security Community
 
PPSX
Network Security
Eng Hasan Shamroukh CISCO Exams Author
 
PPTX
Web & Cloud Security in the real world
Madhu Akula
 
PDF
Common crypto attacks and secure implementations
Trupti Shiralkar, CISSP
 
PDF
Zerotrusting serverless applications protecting microservices using secure d...
Trupti Shiralkar, CISSP
 
PDF
Node JS reverse shell
Madhu Akula
 
PDF
Modern Security Operations aka Secure DevOps @ All Day DevOps 2017
Madhu Akula
 
PDF
Bsides angler-evolution talk
Earl Carter
 
Attacking VPN's
n|u - The Open Security Community
 
Network Security
Eng Hasan Shamroukh CISCO Exams Author
 
Web & Cloud Security in the real world
Madhu Akula
 
Common crypto attacks and secure implementations
Trupti Shiralkar, CISSP
 
Zerotrusting serverless applications protecting microservices using secure d...
Trupti Shiralkar, CISSP
 
Node JS reverse shell
Madhu Akula
 
Modern Security Operations aka Secure DevOps @ All Day DevOps 2017
Madhu Akula
 
Bsides angler-evolution talk
Earl Carter
 

What's hot (20)

PPTX
Hacking Exposé - Using SSL to Secure SQL Server Connections
Chris Bell
 
PPTX
Matriux blue
InMobi Technology
 
PPTX
State of the Web
CASCouncil
 
PPTX
Spa Secure Coding Guide
Geoffrey Vandiest
 
PDF
Introduction to Mod security session April 2016
Rahul
 
PDF
Optimizing ModSecurity on NGINX and NGINX Plus
Christian Folini
 
PDF
Implementing ossec
Jeronimo Zucco
 
PPTX
Mod security
Shruthi Kamath
 
PDF
Fidelis - Live Demonstration of Deception Solution
Fidelis Cybersecurity
 
PDF
Top 10 Threats to Cloud Security
SBWebinars
 
PDF
20 common security vulnerabilities and misconfiguration in Azure
Cheah Eng Soon
 
PDF
Mod Security
Abhishek Singh
 
PDF
Dangerous Design Patterns In One Line
Lewis Ardern
 
PPTX
Equifax cyber attack contained by containers
Aqua Security
 
PDF
All You Need is One - A ClickOnce Love Story - Secure360 2015
NetSPI
 
PPTX
Web Application Security - DevFest + GDay George Town 2016
Gareth Davies
 
PPTX
The Rise of Secrets Management
Akeyless
 
PDF
Attacker's Perspective of Active Directory
Sunny Neo
 
PPTX
Towards Securing Computer Network Environment By Using Kerberos-based Network...
FATIN FAZAIN MOHD AFFANDI
 
PDF
Ossec Lightning
wremes
 
Hacking Exposé - Using SSL to Secure SQL Server Connections
Chris Bell
 
Matriux blue
InMobi Technology
 
State of the Web
CASCouncil
 
Spa Secure Coding Guide
Geoffrey Vandiest
 
Introduction to Mod security session April 2016
Rahul
 
Optimizing ModSecurity on NGINX and NGINX Plus
Christian Folini
 
Implementing ossec
Jeronimo Zucco
 
Mod security
Shruthi Kamath
 
Fidelis - Live Demonstration of Deception Solution
Fidelis Cybersecurity
 
Top 10 Threats to Cloud Security
SBWebinars
 
20 common security vulnerabilities and misconfiguration in Azure
Cheah Eng Soon
 
Mod Security
Abhishek Singh
 
Dangerous Design Patterns In One Line
Lewis Ardern
 
Equifax cyber attack contained by containers
Aqua Security
 
All You Need is One - A ClickOnce Love Story - Secure360 2015
NetSPI
 
Web Application Security - DevFest + GDay George Town 2016
Gareth Davies
 
The Rise of Secrets Management
Akeyless
 
Attacker's Perspective of Active Directory
Sunny Neo
 
Towards Securing Computer Network Environment By Using Kerberos-based Network...
FATIN FAZAIN MOHD AFFANDI
 
Ossec Lightning
wremes
 
Ad

Similar to Dark Insight: the Basic of Security - Alexander Obozinskiy (20)

DOCX
FBI & Secret Service- Business Email Compromise Workshop
Ernest Staats
 
PDF
CompTIA-Security-Study-Guide-with-over-500-Practice-Test-Questions-Exam-SY0-7...
emestica1
 
PDF
RIoT (Raiding Internet of Things) by Jacob Holcomb
Priyanka Aash
 
DOCX
FBI & Secret Service- Business Email Compromise Workshop
Ernest Staats
 
PPT
CyberCrime in the Cloud and How to defend Yourself
Alert Logic
 
PPTX
Blue Teaming on a Budget of Zero
Kyle Bubp
 
PPTX
Open Source Defense for Edge 2017
Adrian Sanabria
 
PPTX
Security on AWS
CloudHesive
 
PPTX
Penetration testing dont just leave it to chance
Dr. Anish Cheriyan (PhD)
 
PDF
Web App Security Presentation by Ryan Holland - 05-31-2017
TriNimbus
 
PPTX
Cloud Security vs Security in the Cloud
Tjylen Veselyj
 
PDF
Vulnerability Assessment Report
Harshit Singh Bhatia
 
PDF
Invited Talk - Cyber Security and Open Source
hack33
 
PPTX
Cloud computing security
Aung Thu Rha Hein
 
PPT
Cloud Computing & Security
Awais Mansoor Chohan
 
PDF
NSA and PT
Rahmat Suhatman
 
PPTX
Ending the Tyranny of Expensive Security Tools
SolarWinds
 
PPTX
Ending the Tyranny of Expensive Security Tools
Michele Chubirka
 
PDF
Information Security Risk Management
ipspat
 
PDF
Construye tu stack de ciberseguridad con open source
Software Guru
 
FBI & Secret Service- Business Email Compromise Workshop
Ernest Staats
 
CompTIA-Security-Study-Guide-with-over-500-Practice-Test-Questions-Exam-SY0-7...
emestica1
 
RIoT (Raiding Internet of Things) by Jacob Holcomb
Priyanka Aash
 
FBI & Secret Service- Business Email Compromise Workshop
Ernest Staats
 
CyberCrime in the Cloud and How to defend Yourself
Alert Logic
 
Blue Teaming on a Budget of Zero
Kyle Bubp
 
Open Source Defense for Edge 2017
Adrian Sanabria
 
Security on AWS
CloudHesive
 
Penetration testing dont just leave it to chance
Dr. Anish Cheriyan (PhD)
 
Web App Security Presentation by Ryan Holland - 05-31-2017
TriNimbus
 
Cloud Security vs Security in the Cloud
Tjylen Veselyj
 
Vulnerability Assessment Report
Harshit Singh Bhatia
 
Invited Talk - Cyber Security and Open Source
hack33
 
Cloud computing security
Aung Thu Rha Hein
 
Cloud Computing & Security
Awais Mansoor Chohan
 
NSA and PT
Rahmat Suhatman
 
Ending the Tyranny of Expensive Security Tools
SolarWinds
 
Ending the Tyranny of Expensive Security Tools
Michele Chubirka
 
Information Security Risk Management
ipspat
 
Construye tu stack de ciberseguridad con open source
Software Guru
 
Ad

More from Ruby Meditation (20)

PDF
Is this Legacy or Revenant Code? - Sergey Sergyenko | Ruby Meditation 30
Ruby Meditation
 
PDF
Life with GraphQL API: good practices and unresolved issues - Roman Dubrovsky...
Ruby Meditation
 
PDF
Where is your license, dude? - Viacheslav Miroshnychenko | Ruby Meditation 29
Ruby Meditation
 
PDF
Dry-validation update. Dry-validation vs Dry-schema 1.0 - Aleksandra Stolyar ...
Ruby Meditation
 
PDF
How to cook Rabbit on Production - Bohdan Parshentsev | Ruby Meditation 28
Ruby Meditation
 
PDF
How to cook Rabbit on Production - Serhiy Nazarov | Ruby Meditation 28
Ruby Meditation
 
PDF
Reinventing the wheel - why do it and how to feel good about it - Julik Tarkh...
Ruby Meditation
 
PDF
Performance Optimization 101 for Ruby developers - Nihad Abbasov (ENG) | Ruby...
Ruby Meditation
 
PDF
Use cases for Serverless Technologies - Ruslan Tolstov (RUS) | Ruby Meditatio...
Ruby Meditation
 
PDF
The Trailblazer Ride from the If Jungle into a Civilised Railway Station - Or...
Ruby Meditation
 
PDF
What/How to do with GraphQL? - Valentyn Ostakh (ENG) | Ruby Meditation 27
Ruby Meditation
 
PDF
New features in Rails 6 - Nihad Abbasov (RUS) | Ruby Meditation 26
Ruby Meditation
 
PDF
Security Scanning Overview - Tetiana Chupryna (RUS) | Ruby Meditation 26
Ruby Meditation
 
PDF
Teach your application eloquence. Logs, metrics, traces - Dmytro Shapovalov (...
Ruby Meditation
 
PDF
Best practices. Exploring - Ike Kurghinyan (RUS) | Ruby Meditation 26
Ruby Meditation
 
PDF
Road to A/B testing - Alexey Vasiliev (ENG) | Ruby Meditation 25
Ruby Meditation
 
PDF
Concurrency in production. Real life example - Dmytro Herasymuk | Ruby Medita...
Ruby Meditation
 
PDF
Data encryption for Ruby web applications - Dmytro Shapovalov (RUS) | Ruby Me...
Ruby Meditation
 
PDF
Rails App performance at the limit - Bogdan Gusiev
Ruby Meditation
 
PDF
GDPR. Next Y2K in 2018? - Anton Tkachov | Ruby Meditation #23
Ruby Meditation
 
Is this Legacy or Revenant Code? - Sergey Sergyenko | Ruby Meditation 30
Ruby Meditation
 
Life with GraphQL API: good practices and unresolved issues - Roman Dubrovsky...
Ruby Meditation
 
Where is your license, dude? - Viacheslav Miroshnychenko | Ruby Meditation 29
Ruby Meditation
 
Dry-validation update. Dry-validation vs Dry-schema 1.0 - Aleksandra Stolyar ...
Ruby Meditation
 
How to cook Rabbit on Production - Bohdan Parshentsev | Ruby Meditation 28
Ruby Meditation
 
How to cook Rabbit on Production - Serhiy Nazarov | Ruby Meditation 28
Ruby Meditation
 
Reinventing the wheel - why do it and how to feel good about it - Julik Tarkh...
Ruby Meditation
 
Performance Optimization 101 for Ruby developers - Nihad Abbasov (ENG) | Ruby...
Ruby Meditation
 
Use cases for Serverless Technologies - Ruslan Tolstov (RUS) | Ruby Meditatio...
Ruby Meditation
 
The Trailblazer Ride from the If Jungle into a Civilised Railway Station - Or...
Ruby Meditation
 
What/How to do with GraphQL? - Valentyn Ostakh (ENG) | Ruby Meditation 27
Ruby Meditation
 
New features in Rails 6 - Nihad Abbasov (RUS) | Ruby Meditation 26
Ruby Meditation
 
Security Scanning Overview - Tetiana Chupryna (RUS) | Ruby Meditation 26
Ruby Meditation
 
Teach your application eloquence. Logs, metrics, traces - Dmytro Shapovalov (...
Ruby Meditation
 
Best practices. Exploring - Ike Kurghinyan (RUS) | Ruby Meditation 26
Ruby Meditation
 
Road to A/B testing - Alexey Vasiliev (ENG) | Ruby Meditation 25
Ruby Meditation
 
Concurrency in production. Real life example - Dmytro Herasymuk | Ruby Medita...
Ruby Meditation
 
Data encryption for Ruby web applications - Dmytro Shapovalov (RUS) | Ruby Me...
Ruby Meditation
 
Rails App performance at the limit - Bogdan Gusiev
Ruby Meditation
 
GDPR. Next Y2K in 2018? - Anton Tkachov | Ruby Meditation #23
Ruby Meditation
 

Recently uploaded (20)

PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PDF
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PDF
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PDF
Modernizing your data center with Dell and AMD
Principled Technologies
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
Modernizing your data center with Dell and AMD
Principled Technologies
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
Approach and Philosophy of On baking technology
30anthuong17
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 

Dark Insight: the Basic of Security - Alexander Obozinskiy

  • 1. Dark Insight the basics of security by Alexander Obozinsky
  • 2. We are talking about Things like • BIND TSIG CVE-2017-3143 • Intel AMT CVE-2017-5689 • Doorkeeper CVE-2016-6582 • Google groups for business default settings • Source engine • Ovidiy Stealer • Kerberos CVE-2017-11368 • sudo CVE-2017-1000367 • Skype CVE-2017-6517 • RubyGems CVE-2017-0901
  • 4. Cyber Security Is about threats for • Hardware • Software • Network • Data
  • 5. Hardware Threats • Physical • Not only about servers • Not only about computers • Hidden hardware in your computers • Closed-source firmware • Virtualization • Escaping from guest OS • Clouds
  • 6. Software Threats • OS security • Vulnerabilities in libraries • Vulnerabilities in server software • 3rd party software can have unexpected side effects • Open source software can be compromised • Insecurity in security software
  • 7. Network Threats • Passive • Monitoring • Eavesdropping • Active • Tampering • DoS • Buffer Overflow • DNS poisoning • XSS/CSRF/SSRF/SQLi • Networking devices • IoT devices
  • 8. Data Threats • Can be violated by 3rd persons • Data integrity can be broken by hardware/software failures • Fake data can be used as primary source of truth • Small leak can compromise whole system
  • 9. Social Engineering Hack by using human psychology vulnerabilities • Giving people what they want • Provoking by content • Road Apple Attack • Phishing • Using information from social networks • Reverse SE
  • 10. Insiders • You can buy insider info • Insider can be hired by you • Someone can compromise your normal employee • Life circumstances can turn your employees against you • Firing process
  • 12. Hardware • Personal • Enterprise Workstations • Servers
  • 13. Operating Systems • Linux distributions • OpenBSD • Windows • Virtual Environments • Containers • Cloud VPS
  • 14. Software • Design safe systems • Agile vs Security • Security checks • Monitoring • Code inspection and review • Automated security scanning • OWASP Software Assurance Maturity Model
  • 15. Network • Corporate network • Wifi routers • Guest networks • Mobile Phones • DNS Sec • DMZ • Firewalls • WAF • Intrusion Prevention • Honeypots • Intrusion Detection • Simple Models • Port Knocking • Remote access to your servers through VPN
  • 16. Data • Integrity • Persistence • Access Restriction • Confidentiality
  • 17. Cryptography • Ciphers • Asymmetric • RSA/DSA/DH • Symmetric • Block • DES/3DES • Blowfish/AES • Cipher Block Chaining (CBC) • Stream • RC4/ARCFOUR • Salsa20/ChaCha20 • Hash functions • MD5 • SHA
  • 18. Web Applications Security • SSL/TLS • HTTPS / HTTP2 • letsencrypt.org • Web Application Firewalls • Local • Cloud • AWS/Cloudflare/Akamai • Black box testing • Fuzz testing • White box testing
  • 20. Tenable Nessus/Pentestit OpenVAS security scanners • 82k/50k plugins • CVE and OpenSCAP databases linked • Nessus (dockerhub pull 100k+) • OpenVAS (dockerhub pull 1m+) • http://www.openvas.org/ • https://www.tenable.com/products/nessus-vulnerability- scanner
  • 21. w3af OSS web applications audit framework • Contains • Crawl plugins • Audit plugins • Attack plugins • http://w3af.org/
  • 22. OWASP Zed Attack Proxy Project • Opensource • Dynamically developing • Easy to use • No paid version • https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
  • 23. nikto • Checks for outdated components • Scan multiple ports on a server, or multiple servers via input file • Identifies installed software via headers, favicons and files • Subdomain guessing • Can log to Metasploit • https://cirt.net/Nikto2
  • 24. • Scanner for RoR applications • https://brakemanscanner.org/
  • 25. Radamsa • Open source fuzz testing framework • https://github.com/aoh/radamsa
  • 26. OSS WAF • NAXSI https://github.com/nbs-system/naxsi • ModSecurity https://modsecurity.org/ • TestCookie https://github.com/kyprizel/testcookie-nginx- module
  • 27. • Ruby framework • Golden Standard in Industry • https://www.offensive-security.com/metasploit-unleashed/
  • 29. Where to learn? • https://www.hacksplaining.com/ • http://www.cvedetails.com/ • https://www.owasp.org/ • http://www.opennet.ru/ • https://thehackernews.com/ • http://krebsonsecurity.com/ • https://github.com/onlurking/awesome-infosec