Ch 5a: Checkpoint's Stateful Inspection Techniques
Ch 5b: FAQ - Microsoft's PPTP Implementation
Ch 5c: Microsoft says don't use PPTP and MS-CHAP
Ch 5l: SKEY - Wikipedia
Ch 5m: EAP-MD5-Challenge Authentication Protocol
Ch 6a: Bruce Lee's Goal and Milestone
Ch 6b: A tough lesson on medical privacy Pakistani transcriber threatens UCSF over back pay (from 2003)
Ch 6c: The Undoing of Scott Thompson at Yahoo
Ch 6d: Noncompete Agreements Are Also Nonlegal in California
Ch 6e: Admin hacks drug company virtual machines from McDonald's
Ch 7a: Object-Oriented Example
Ch 7b: Example of retail database view
Ch 7c: CREDIT Enrollment By Department--part of the CCSF DSS (runs in Java)
Ch 7d: LayerOne -- DC 949 cracked Google Captcha with artificial intelligence
Ch 7e: OWASP Top Ten Project
Ch 7f: Backdoors Found in Barracuda Networks Gear
Ch 8a: Printer steganography - Wikipedia
Ch 8b: NIST: Block Cipher Modes of Operation
Ch 8c: DES broken by brute force
Ch 8d: Triple DES - Wikipedia
Ch 8e: Animation of AES Encryption Process
Ch 8f: Forthcoming SHA-3 Hash Function May Be Unnecessary
Ch 8g: HMAC (Hash-based message authentication code) - Wikipedia
Ch 8h: The "MPLS Is A Private Network" Debate
Ch 9a: Ring (computer security) - Wikipedia
Ch 9b: Clark-Wilson model - Wikipedia
Ch 10a: Yahoo CEO Scott Thompson Quitting Over Fake Resume
Ch 10b: Bradley Manning - Wikipedia
Ch 10c: Logon Warning Message
Ch 10d: Amazon Web Services Outage Caused By Memory Leak And Failure In Monitoring Alarm
Ch 10e: Today's Outage Post Mortem - CloudFlare blog (From March 2013)
Ch 10f: Millions of LinkedIn passwords reportedly leaked online (From June, 2012)
Ch 10g: LinkedIn boosts encryption after last week's password leak (June 13, 2012)
Ch 11a: HIPAA Violations and Enforcement
Ch 12b: Software Patents and the Rise of Patent Trolls Electronic Frontier Foundation
Ch 12c: Brand Guidelines Android Developers
Ch 12d: Computer Fraud And Abuse Act Reform
Ch 12e: Chain of Custody
Ch 12e: Subscriber identity module - Wikipedia
Ch 13a: #OpUSA hacking spree kicks off early
Ch 13b: Sweden's cold climate ideal for data centers
Ch 13c: The Data Center Inside a Cold War Nuclear Bunker
Ch 13d: Photos: Inside the Polaris Data Centre
Ch 13e: Biometric authentication
Ch 4a: Active Directory\'s LDAP Compliance
Ch 4b: Crack Password Hashes in Lion -- OS X 10.7 - Hack Mac
Ch 4c: Lockheed Says Hacker Used Stolen SecurID Data - NYTimes.com
Ch 5a: Multiprotocol Label Switching - Good explanation of why MPLS will replace ATM
Ch 5b: Verizon Wireless -and CDMA
Ch 5c: CLEAR 4G Wireless Broadband Internet Service--WIMAX
Ch 5d: How to reach maximum 802.11n speed and throughput
Ch 5e: Near Field Communication - Wikipedia
Ch 5f: Address Resolution Protocol - Could be regarded as an OSI model layer 2 or 3 protocol
Ch 5g: TCP/IP model - Wikipedia
Ch 5h: Anycast - Wikipedia
Ch 5i: Is RIP layer 3 protocol or layer 7 protocol? : layer, rip, protocol
Ch 5j: 3GPP Long Term Evolution - Wikipedia
Ch 5k: Frame Injection at Layer 1: 802.11 Packets in Packets
Ch 6a: CCSF Catalog Mission Statement
Ch 6b: Mission statement - Wikipedia, the free encyclopedia
Ch 6c: Objective(Goal) - Wikipedia
Ch 6d: Objective Definition | Definition of Objective at Dictionary.com
Ch 6e: NIST 800-30:Risk Management Guide for Information Technology Systems
Ch 6f: ISO27k infosec management standards
Ch 6g: ISO/IEC 27001 - Wikipedia
Ch 6h: Assessing risk of IE 0day vulnerability
Ch 6i: Information Security Governance (pdf)
Ch 6j: SANS: Information Security Policy Templates
Ch 6k: Sarbanes-Oxley Act - Wikipedia
Ch 6l: The Sarbanes-Oxley Act 2002
Ch 6m: Operation Aurora - Wikipedia
Ch 7a: OWASP
Ch 7b: Vulnerability scanners miss 49% of the vulns they are looking for (see figure near bottom of article)
Ch 7c: Memory Parsing Vulnerability being used to steal credit card numbers (pdf)
Ch 7d: OWASP Top Ten Web Application Vulnerabilities
Ch 7e: Object Oriented Database Management Systems
Ch 8a: Substitution cipher - Wikipedia
Ch 8b: Transposition cipher - Wikipedia
Ch 8c: Running key cipher - Wikipedia
Ch 8d: NIST Recommendation for Block Cipher Modes of Operation (pdf)
Ch 8e: NIST Cryptographic Algorithms and Key Sizes (1024-bit RSA no longer recommended)
Ch 8f: US-CERT Vulnerability Note VU#836068--MD5 vulnerable to collision attacks
Ch 8g: NIST.gov - Federal agencies should stop using SHA-1
Ch 9a: Bell-La Padula model - Wikipedia
Ch 9b: Biba Model - Wikipedia
Ch 9c: Clark-Wilson model - Wikipedia
Ch 9d: Non-interference (security) - Wikipedia
Ch 9e: Common Criteria - Wikipedia
Ch 9f: Bus (computing) - Wikipedia
Ch 9g: Ring (computer security) - Wikipedia
Ch 9h: Windows Architecture--only rings 0 and 3 are used
Ch 9i: Lock My PC backdoor password
Ch 10a: Security Control Types and Operational Security
Ch 12a: Differences between Civil and Criminal Law in the USA
Ch 12b: NET Act - Wikipedia
Ch 12c: The technique of computer matching
Ch 12d: Privacy Act Overview, 2010 Edition: Computer Matching
Ch 13a: Man Trap
Ch 13b: Crash gates
Ch 13c: How to Calculate HVAC Tonnage
SSL-1: Security Certificate Warnings Don\\\'t Work
SSL-2: Boffins bust web authentication with game consoles
SSL-3: VeriSign remedies massive SSL blunder (kinda, sorta)
SSL-4: MD5 Hack Interesting, But Not Threatening
SSL-5: National Software Reference Library--Md5 not recognized
SSL-6: FIPS 140-2 (2001) can be downloaded here
SSL-7: 14% of SSL certificates on the Internet potentially unsafe
SSL-8: China Internet Network Information Center accepted as a Mozilla root CA
SSL-9: Bug 549701 %u2013 Remove inactive RSA Security 1024 V3 root
SSL-10: Vulnerabilities Allow Attacker to Impersonate Any Website
SSL-11: SSLstrip & Slowloris & Scary SSL Attacks (ppt)
SSL-12: Safe--countermeasure for sslstrip attack
2d: Amazon.com: Ghost in the Wires: My Adventures as the World*quot*s Most Wanted Hacker (9780316037709): Kevin Mitnick, Steve Wozniak, William L. Simon: Books
2e: Mitnick fakes way into LA Telco Central Office - YouTube
2011-09-14: EMET - Whitelisting for Windows -- Good CNIT 125 Project
Lilith -- Web Application Security Audit Tool | Darknet - PROJECT IDEA
WAVSEP -- Web Application Vulnerability Scanner Evaluation Project -- PROJECT IDEA
0-Day SCADA Exploits Released, Publicly Exposed Servers At Risk -- COLD CALLS PROJECT DATA
Windows 7 kernel ASLR research. Statistics on number of unique images addresses per 100 OS runs -- POSSIBLE PROJECT
Bypassing Chrome*quot*s Anti-XSS filter --GOOD PROJECT IDEA
Fake Twitter typosquatting page -- DO NOT LOG IN -- PROJECT IDEA -- Find more of these & take them down
Cold Calls Project Instructions
New Attack Breaks Confidentiality Model of SSL, Allows Theft of Encrypted Cookies -- GOOD PROJECT
NetworkMiner 1.1 - Network Forensic Analysis Tool (NFAT) Released -- PROJECT IDEA
Free Proxy - Surf Anonymously & Hide Your IP Address - Hide My Ass! <--PROJECT IDEA
Certificate Patrol <--PROJECT IDEA
From the man who discovered Stuxnet, dire warnings one year later - CSMonitor.com
2011-09-28: Flawfinder -- source code security scanner <--PROJECT IDEA
2011-09-29: sqli1 - Pastebin.com -- More data for CNIT 125 Projects
Google tracks you. We don*quot*t. An illustrated guide.
Except for nuclear power plants, no regulations govern how to secure systems against cyber-attacks
More SCADA vulns for Cold Calls -- atvise
Interesting SCADA Security Presentation (from 2004)
2011-10-08: Securing Flash Drives within the Enterprise
2011-10-11: Bestcasuals.com Vuln Audit. _St0rm - Pastebin.com -- PROJECT DATA
Ethics Project: (ISC)˛ Ethics Complaint Procedure
Ethics Project: (ISC)2 Code of Ethics
2011-10-14: jjghui - Google Search -- MORE COLD CALLS DATA -- INFECTED WEBSITES
Mass infections from jjghui.com/urchin.js (SQL injection) <--MORE INFO FOR COLD CALLS
2011-10-15: Jadedsecurity emails re: CISSP
My Canons on (ISC)˛ Ethics - Such as They Are -- Jericho from Attrition
(ISC)^2 Code of Ethics PDF
2011-10-19: Over a million web sites affected in mass SQL injection attack -- MORE INFO FOR COLD CALLS
2011-10-28: Government websites with SQLi <--MORE FRESH COLD CALLS DATA
Sample Contact Letter for Government Cold Calls
Preventing SQL Injection in Java - OWASP --COLD CALLS INFORMATION
Huge list of vulnerable Web apps for training -- PROJECT IDEAS
Computer Security -- Free online class at Stanford
CISSP Reloaded -- study notes
2012-02-06: Hospital appeals $250,000 fine for late breach disclosure - 19 days
2012-02-06: California law requires breach notification within 5 days (for medical data)
2012-02-06: CA Codes (civ:1798.80-1798.84) -- breach notification, see .82 (a) and (c)
2012-02-06: California Amends its Security Breach Notification Law : Workplace Privacy Counsel
CISSP Certification, Information Security and Risk Management
Finding PII with Google--COLD CALLS DATA
Websites that welcome vulnerability tests
Ethics Complaint Against Sam Bowne
Sql Vulnerable Sites (Added New Sites) -xHax0r - Pastebin.com -- GOOD LIST VERIFIED 1-1-13
Thousands of SCADA Devices Discovered On the Open Internet -- COLD CALL DATA?
SmokePing - smokeping_examples - FOR SERVER MONITORING PROJECT
bobby-tables.com: A guide to preventing SQL injection
Solid State Drives: The Beginning of the End for Current Practice in Digital Forensic Recovery? (2010) --PROJECTS AND VIDEOS NEEDED
Lest We Remember: --WE NEED TO MAKE SSD VIDEOS LIKE THIS
Why SSD Drives Destroy Evidence (2012) --Happens in Win 7 but not Win XP!
Recovering data from erased or formated SD and USB media
A defective iPhone App for your hacking pleasure -- PROJECT IDEA
owasp-igoat - OWASP iGoat vulnerable iPhone App -- PROJECT IDEA
Windows Server 2012 Minshell: Install & Uninstall the GUI
VulnHub - Vulnerable By Design -- PROJECT IDEAS
PunkSPIDER -- SEARCH FOR GAME
2013-04-15: SQL Injection Vulnerable Websites - Pastebin.com
2013-04-15: MySQL SQL Injection list. - Pastebin.com
2013-04-15: Sql Injection VULNERABLE SITES - Pastebin.com
Slides for Shon Harris v5 from Paladin
2014-08-20: =====Vulnerable sites!===== http:www.kidswithfoodallergies.orgresourcespre - Pastebin.com
2014-08-20: 27 SQLI Vulnerable Shops - Pastebin.com
2014-08-20: wsiconsultants.com SQLI Vulns Admin User&Pass - Pastebin.com
2014-08-20: Radiozed.com DB Leak SQLI VULN - Pastebin.com
2014-08-20: Sqli vulnerable sites - Pastebin.com
2014-08-27: @HackingDave called out IRS re their IRS bogus email claim on June 18 --SHOW TO CLASS
Hacking Challenges -- USEFUL FOR PROJECTS
6 free network vulnerability scanners --USEFUL FOR SECURITY AUDITS
OSSEC Open surce IDS
The Bro Network Security Monitor
11 open source security tools catching fire on GitHub --PROJECT IDEAS
Ch 7g: how Microsoft's SDL saved Windows
Example disclosure policy -- USEFUL FOR SECURITY AUDITS
Test Email flow using SMTP commands
Lynis - Security auditing tool for UnixLinux systems
CCSF data exposure in 2007 -- official notice
2015-03-29: Free CISSP Certification Training Class from Cybrary
CISSP Study Program -- FREE SLIDE DECKS
Eleventh Hour CISSP -- Recommended CISSP review book
Dropbox wins international cloud security cert: ISO 27018 (May, 2015)
Example security audit by a Tufts student -- USEFUL FOR PROJECTS
Censys -- USEFUL TO FIND CCSF SERVERS
Skillset - Free CEH and CISSP Certification Practice Tests and Skill Assessments
HoneyTags: An OpenSource HoneyDocs Project -- USEFUL FOR HONEYPOTS