
Ask HN: What are the least covered infosec topics by online courseware? - dustfinger
I left the question open ended. To narrow the scope a little I am interested in hearing about under&#x2F;poorly covered topics that would be of value to:<p><pre><code>  1. software developers
  2. vulnerability researchers
  3. malware researchers</code></pre>
======
phaus
There are lots of places to learn about 2 and 3, not sure about 1 because I'm
not a dev, but something I find almost nothing about anywhere is the process
of reverse engineering custom binary network protocols used by backdoors or
how to identify such a protocol is present while analyzing network traffic.
Some people can search through a bunch of PCAP and once in a while they find a
backdoor no one has ever seen. I know a few people like this and none of them
can explain it well.

Note: I'm aware that a lot of these protocols are reversed and discovered by
using a malware sample found on a compromised host. Those aren't the
situations I'm talking about.

Also, there are dozens if not hundreds of resources for network flow analysis,
but almost all of them are too shallow to be useful. They explain what netflow
is, tell you how to collect them, mention the names of the tools used to
analyze them, and then provide no actual information on the analysis process.

~~~
alltakendamned
Would this book be helpful to you?

[https://nostarch.com/networkprotocols](https://nostarch.com/networkprotocols)

~~~
phaus
I preordered it so its sitting on my desk. Just trying to find time to read
it. After skimming through it, I suspect it will address a few aspects, but
the overall goal of the book is so different it likely won't address most of
them.

------
alltakendamned
Overall, there’s a bigger lack of intermediate and advanced sources than
beginner sources.

Eg you can find literally thousands of articles etc on exploiting a buffer
overflow on x32. But exploiting a type confusion bug and bypassing all
mitigations on the latest Windows 10....yeah, not so many.

