home.social

#ost2 — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #ost2, aggregated by home.social.

  1. Sponsors help cover the costs of keeping #OST2 free for everyone and helping us grow. Thanks to AMI for joining the cause!
    From: @OpenSecurityTraining2
    infosec.exchange/@OpenSecurity

  2. We are happy to announce that AMI has become a 🥇Gold-level sponsor of #OST2!

    Learn about their work creating firmware across the industry here: ost2.fyi/Sponsor_AMI_SM

  3. RE: infosec.exchange/@OpenSecurity

    We're always looking for more sponsors for #OST2! If your company wants to support creating better security engineers everywhere in the world, get in touch!

  4. We also want to thank everyone who volunteered for #OST2. From completing classes as a beta student, to submitting subtitle fixes, to running our Discord, helping with the next version of the website, contributing graphics, etc, OST2 wouldn't be successful without our volunteers!

  5. A sincere thank you to everyone who donated to #OST2 as an individual in 2025 (and especially those who took advantage of corporate non-profit donation matching)! Your donations always go directly to instructors as an honorarium, and show them that you value what they do for OST2 and you want them to keep helping the world!

  6. #OST2 has a deep, and growing, amount of material that's relevant to learning reverse engineering. And our ost2.fyi/Dbg1101 introduction to IDA as a debugger class instructor, Christina Johns @bitmaize is working on the "Reverse Engineering 2001: Introductory Static Analysis of C-based programs" class, which will unlock opportunities for many new classes!

    Also thanks to folks like Justine Benjamin for recognizing the value in supporting OST2!
    From: @OpenSecurityTraining2
    infosec.exchange/@OpenSecurity

  7. We are happy to announce that Hex-Rays @HexRaysSA makers of IDA, have become a 🥇Gold-level sponsor of #OST2!

    Learn all the latest about their software reverse engineering tools here: ost2.fyi/Sponsor_HexRays_SM

  8. I was invited to give a talk at @vusec while I was in AMS for HWIO. So of course I talked to the students about the value of grabbing some vocational skills from @OpenSecurityTraining2 , to boost their resumes. And I got to meet #OST2 instructor Sina Karvandi @intel80x86 (of HyperDbg fame -> ost2.fyi/Dbg3301) in person, as he's doing a PhD there.

    As VUSec is one of the places that found some of the early "named/logo bugs" for microarchitectural attacks, I liked that they had an emulation cabinet with a "LOGO INVADERS" design on it :)

  9. We are happy to announce that Binarly has renewed their 🥇Gold-level sponsorship of #OST2!

    Learn more about what they do in firmware & supply chain security here: ost2.fyi/Sponsor_Binarly_SM

  10. This is a periodic reminder about #OST2's open Requests for Proposals (RFPs). We have a few of areas where we can potentially fund the creation of open classes. You can find the calls here: ost2.fyi/Training-RFPs.html

  11. For those who are curious about the completion time distribution during the beta of my #OST2 BT2222 class, here it is. The average completion time was 8h25m, the median was 8h10m, the min was 3h50m, and the max was 15h22m

    Also according to my calendar it took me about 98.5h to create the class and run the beta. 98.5/8.5 is about a 11.5x overhead (11.5h to create 1 education-hour). This is probably the lowest overhead I’ve ever had for class creation. Probably because it explicitly excludes the 500+ hours I’ve spent working on the Blue2thprinting project itself. I.e. if I ran into something that needed fixing during class development, I marked it up on my calendar as Blue2thprinting time rather than BT2222 time.

    Anyway, if you want to get started in Bluetooth with something more tool-using than spec-reading, I recommend taking this class! As the graph shows, it could take between 4-15h but it’ll probably be around 8h ost2.fyi/BT2222

  12. Alright! I pulled off the hat trick 🎩 at hardwear.io this November! I've got a talk on 100% new firmware reverse engineering research (hardwear.io/netherlands-2025/s tagline:SUFFERING BUILDS STRENGTH!), a free workshop (hardwear.io/netherlands-2025/s) (where you get to borrow some of my hardware to get a taste of my free 1-day #OST2 class ost2.fyi/BT2222), and a new paid 3-day training with @VeronicaKovah where we take you from the bottom of the stack to the top, to build the next generation of Bluetooth Low Energy hackers! (hardwear.io/netherlands-2025/t) Anticipate many more BT hackers in a couple years, and prepare accordingly ;)

  13. 🧵I made a structural update to the Blue2thprinting #OST2 class today: The previous class was structured like "A:B:[C:D:E]:F:G" where F & G were collecting your own data, and [C-E] were understanding what Tell_Me_Everything.py was trying to tell you about the analyzed data…

  14. I made a structural update to the Blue2thprinting #OST2 class today: The previous class was structured like "A:B:[C:D:E]:F:G" where F & G were collecting your own data, and [C-E] were understanding what Tell_Me_Everything.py was trying to tell you about the analyzed data. I changed it to be "A:B:[C]:F:[D:E]:G", so that students can collect their own local data from their own houses/work sooner, rather than exclusively looking at stuff pulled from the crowdsourcing server. The ost2.fyi/BT2222 link has been updated to point at the new v2 URL and enrollment in the v1 class is no longer possible.

  15. The release of the "Trusted Computing 1102: Intermediate Trusted Platform Module (TPM) usage" class (ost2.fyi/TC2202) has updated 3 #OST2 learning paths.

    "Secure Software Design & Implementation" - ost2.fyi/OST2_LP_SecDev.pdf

    "System Security" - ost2.fyi/OST2_LP_SysSec.pdf

    "Windows Security" - ost2.fyi/OST2_LP_Windows.pdf

    PDFs are vector-based for full quality when zooming, and have click-to-go-to-class links

  16. FWIW it's vaguely possible I'll eventually turn my lessons learned here into a #OST2 5000-level RE class (after I get some more important and prerequisite classes like BT Classic done)

  17. Fall and Winter Binary Ninja trainings are here! Automated Reverse Engineering goes online this October for the first time in years, so be sure to register before the month ends. Firmware debuts at RE//verse 2026 and a free Intro to Binja with #OST2 is now live. For more details and registration: binary.ninja/training

  18. I'm happy to say that my talk on Blue2thprinting v2 (now with ∞% more crowdsourcing!) has been accepted to SEC-T sec-t.org/ in Stockholm next month. I've been wanting to go for a long time, and even got accepted in 2023 but then a scheduling SNAFU prevented me from going. The nice thing is that by the time the talk happens, the Blue2thprinting #OST2 class will be released. So it'll be the first time I've given a talk where I can say "And if you'd like to know more about this topic, I've got a whole day's class that you can take for free online!" :) In my mind that's kind of the best case scenario for delivering a research talk.

  19. All the videos for this are already recorded and with the editor. My ask is that folks buy the Bluetooth RX/TX hardware needed for the class now, so that they’re ready to roll when the beta opens. The hardware will be reused in future #OST2 BT classes too.
    From: @OpenSecurityTraining2
    infosec.exchange/@OpenSecurity

  20. It's time to celebrate #OST2's 4th anniversary!
    So what happened this last year at #OST2? Let's take a walk down memory hierarchy lane!

    Our most recent class was released just last week by Xusheng Li of @binaryninja ost2.fyi/Dbg1103 - Debuggers 1103: Introductory Binary Ninja - (1h53m average, 1h19m median, 0h20m to 11h45m range) is a mini-class that is integrated into the Arch1001: x86-64 assembly class ost2.fyi/Arch1001 but can also be taken as a standalone class for those who already know other tools like gdb, windbg, IDA, or Ghidra, and want to learn Binja's interface.

    On June 29th Francesco Pollicino released "Fuzzing 1001: Introductory white-box fuzzing with AFL++" ost2.fyi/Fuzz1001 (7h57m average, 6h57m median, 2h22m to 40h0m range)
    This class is great for both vulnerability hunters who've already taken ost2.fyi/Vulns1001 & ost2.fyi/Vulns1002, or developers who've taken the equivalent secure development classes ost2.fyi/SecDev1001 & ost2.fyi/SecDev1002.

    On Oct 14th Christina Johns @bitmaize released "Debuggers 1101: Introductory IDA" ost2.fyi/Dbg1101 (1h37m average, 1h26m median, 0h34m to 3h45m range).
    This mini-class is integrated into the Arch1001: x86-64 assembly class ost2.fyi/Arch1001 so students can learn a tool like IDA at the same time they're learning assembly and reverse engineering in the final binary bomb lab. It also provides necessary background about IDA UI usage for the ost2.fyi/RE3011 Reversing C++ Binaries class.

    On Oct 4th Dimi Tomov of tpm.dev provided ost2.fyi/TC1102 "Intermediate Trusted Platform Module (TPM) usage" (10h5m median, 12h0m average, 4h13m to 50h4m range)
    This class built on the earlier Introductory TPM class ost2.fyi/TC1101, and deepens students' capability to program and interact with the TPM in C, covering things like the Endorsement Hierarchy and the Endorsement Key, and machine identity and TPM based identification.

    And on Oct 1st. we also posted an updated version of Dimi's ost2.fyi/TC1101 "Introductory Trusted Platform Module (TPM) usage" class (8h34m median, 9h55.5m average, 2h54m to 44h36m range), with an additional 27m video requested by students, comparing and contrasting TPMs to other trusted computing technologies like smart cards: youtube.com/watch?v=51I9VpkOrNU

    We want to of course thank all of our instructors who delivered class this past year, or in previous years. Because without them OST2 wouldn't be possible!

    We're happy to say that we were able to pay our first honorariums to instructors last year, funded by your donations (ost2.fyi/Donate-Money.html), and Partners & Sponsors contributions.

    We also want to thank our partners like the Trusted Computing Group, who help us directly fund the creation of new classes like TC2202 (currently in beta) and TC1103 (targeting early 2026.)

    Sponsors like Winsider ost2.fyi/Sponsor_Winsider_web, Binarly ost2.fyi/Sponsor_Binarly, and Cyber5W ost2.fyi/Sponsor_Cyber5W provide us with funds to help with overhead costs such as running the site, paying video editors, etc.

    Other sponsors like NCC Group, 3mdeb, and @DarkMentor are "donors in kind" who fund their employees making classes for OST2

    But we need more sponsors to keep growing! ost2.fyi/Sponsorship.html If you want your company to sponsor #OST2, reach out via email at "sponsor at ost2.fyi". It's much more cost effective than sponsoring conferences, and reaches far more people!

    Thanks to everyone who's donated individually to OST2 this past year! Whether with corporate matching through work (we are an actual charity registered in the US after all) or individually through the YouTube page, donations shows us that you truly value what we do!

    We're committed to using individual donors' funds to always directly pass through to instructors (never for overhead costs), and we'll once again be passing through your thanks to the current instructors as an honorarium this coming year.
    ost2.fyi/Donate-Money.html

    And finally, thanks to all 29k+ folks who are taking classes at OST2! Being able to teach thousands of people at a time how to become better hackers, better engineers, better toolsmiths, and better explorers is why we do what we do! Spread the word and let's make more awesome people!

  21. 📣"Debuggers 1103: Introductory Binary Ninja" is released!📣
    ost2.fyi/Dbg1103

    This class by Xusheng Li of Vector 35 @binaryninja provides students with a hands-on introduction to the free version of Binja as a debugger, thus providing decompilation support!

    Like all current #OST2 classes, the core content is made fully public, and you only need to register if you want to post to the discussion board or track your class progress. This mini-class takes approximately 2 hours to complete, and can be used as standalone cross-training for people who know other reverse engineering tools, or by students learning assembly for the first time in the ost2.fyi/Arch1001 x86-64 Assembly class.

  22. Some people assume that because OST releases material for free, that it's not high quality. We need to show them that's not the case, by highlighting how it has helped real engineers. If #OST2 has helped your career, please tell us how, here:
    forms.gle/LMKE7Evhu6vL2snQ6

  23. We're happy to announce that @cyber5w is renewing their sponsorship of #OST2 at the Bronze🥉 level in 2025!
    Learn more about Cyber5W and their forensics training here: ost2.fyi/Sponsor_Cyber5W

  24. Oh, and at some point I will update all the #OST2 Learning Paths to try and start using this new coloring/annotation convention to show average class completion times and programming language knowledge requirements, if any
    From: @xenokovah
    infosec.exchange/@xenokovah/11

  25. Sneak peek at the draft #OST2 Bluetooth Security Learning Path! If you want to beta test the BT3001 class, you’re highly encouraged to finish ost2.fyi/Vulns1001 & ost2.fyi/Vulns1002 ASAP!

  26. This is a bit of a fraught question (in that I’m expecting to attract spam…), but I’m interested in making an account to allow #OST2 to accept donations in cryptocurrency. Any recommendations on what I should use?

  27. The #OST2 Discord channel will be running an event starting Dec 30th, organized by Hussein Muhaisen, where students can join a cohort which will be going through OST2 classes from Intro level to Advanced, together, over ~8 weeks. The cohort agenda is here: docs.google.com/document/d/1pi

    If you'd like a little extra motivation to keep going in classes, and a few more students to ask questions of on the same material, you can sign up for our Discord server here: docs.google.com/forms/d/e/1FAI

  28. Just added 7 CVEs found by @sploitem to the 🏆 Student CVE Trophy Case 🏆 in #OST2 Vulnerabilities 1001/2 classes
    SBO - apps.p.ost2.fyi/learning/cours
    HBO - apps.p.ost2.fyi/learning/cours
    OII - apps.p.ost2.fyi/learning/cours
    InfoLeak - apps.p.ost2.fyi/learning/cours

    As a reminder, if you took the class and then used what you learned to find new CVEs, LMK so I can add you too!

  29. Thanks to #Binarly for Sponsoring #OST2 at the Gold🥇 level!
    Learn more about them here: binarly.io/