I recently posted a blog post to Exotic Liability’s website with the same title, and I realized that it would make a great thing to post to here, and update regularly, or just put it on the wiki I keep saying that I get going here. Enough rambling, here is how you can get your fill of security:

Podcasting:

• GetMon – http://www.getmon.com/ – This is a great site because you can download or listen to any of the security podcasts right from their site if you want to.
• HackerMedia – http://www.hackermedia.org/ – They put together like podcasts into different categories, and they overlap. So if you want the “Linux” feed, you’ll get podcast A, B, and C. But maybe podcast C does Linux security, so if you subscribe to the “Security” feed, you might get C, E, and G. You can also get the everything feed

Bloggers (RSS Feeds):

• Security Bloggers Network – http://www.securitybloggers.net/ – A consolidated feed of a HUGE list of security blogs

Twitter:

• Security Twits – http://www.security-twits.com/ – A long list of security related twitter accounts. From people to events, to companies.

Places to learn:

• The Academy Pro – http://www.theacademypro.com/
• Learn Security Online – http://www.learnsecurityonline.com/
• Free IT Security Training – http://www.freeitsecuritytraining.com/
• Virtual Training Environment by Carnegie Mellon – https://www.vte.cert.org/vteweb/

Challenge Sites and Sites that are OK to attack:

(Make sure you know which is which before you haul off and start attacking though)
(Most of these stolen from Chris Nickerson’s reply to Show 17 Links blog post)

• http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project
  http://testasp.acunetix.com/Default.asp
• http://test.acunetix.com/
• http://hackme.ntobjectives.com/
• http://www.foundstone.com/us/resources/proddesc/hacmeshipping.htm
• http://www.foundstone.com/us/resources/proddesc/hacmecasino.htm
• http://www.foundstone.com/us/resources/proddesc/hacmebooks.htm
• http://www.foundstone.com/us/resources/proddesc/hacmetravel.htm
• http://lampsecurity.org/capture-the-flag-5
• http://zero.webappsecurity.com/
• http://www.hackertest.net/
• http://www.hackthissite.org/
• http://www.mavensecurity.com/WebMaven.php
• http://ha.ckers.org/challenge/
• http://ha.ckers.org/challenge2/
• http://demo.testfire.net/
• http://scanme.nmap.org/
• http://www.hellboundhackers.org/
• http://www.overthewire.org/wargames/
• http://roothack.org/
• http://heorot.net/
• http://www.irongeek.com/i.php?page=security/mutillidae-deliberately…
• http://wocares.com/xsstester.php
• https://how2hack.net
• http://hax.tor.hu/
• http://www.bright-shadows.net/
• http://www.dareyourmind.net/
• http://hackergames.net/
• http://www.hackquest.com/
• http://www.darkmindz.com/
• http://www.caesum.com/game/
• http://www.net-force.nl/
• http://www.osix.net/
• http://www.mibs-challenges.de/
• http://projecteuler.net/
• http://uva.onlinejudge.org/
• http://ace.delos.com/usacogate

So now you have absolutely ZERO reason to have one moment of time on your hands ;–)

Know of another good resource? Post a comment.

UPDATE: ethicalhack3r from http://www.ethicalhack3r.co.uk pointed me to his project called “Damn Vulnerable Web App”. You can find it on Sourceforge here: http://sourceforge.net/projects/dvwa/

Update on 2009-12-09 05:30 by Rob Fuller

A must larger post was made:

http://www.linux-ninja.com/infosec-self-education-resources/

there are a ton of resources out there… now you don’t even have to google for them…