#ost2 — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #ost2, aggregated by home.social.
-
Sponsors help cover the costs of keeping #OST2 free for everyone and helping us grow. Thanks to AMI for joining the cause!
From: @OpenSecurityTraining2
https://infosec.exchange/@OpenSecurityTraining2/115882007929854239 -
We are happy to announce that AMI has become a 🥇Gold-level sponsor of #OST2!
Learn about their work creating firmware across the industry here: https://ost2.fyi/Sponsor_AMI_SM
-
RE: https://infosec.exchange/@OpenSecurityTraining2/115802818424446652
We're always looking for more sponsors for #OST2! If your company wants to support creating better security engineers everywhere in the world, get in touch!
-
We also want to thank everyone who volunteered for #OST2. From completing classes as a beta student, to submitting subtitle fixes, to running our Discord, helping with the next version of the website, contributing graphics, etc, OST2 wouldn't be successful without our volunteers!
-
A sincere thank you to everyone who donated to #OST2 as an individual in 2025 (and especially those who took advantage of corporate non-profit donation matching)! Your donations always go directly to instructors as an honorarium, and show them that you value what they do for OST2 and you want them to keep helping the world!
-
#OST2 has a deep, and growing, amount of material that's relevant to learning reverse engineering. And our https://ost2.fyi/Dbg1101 introduction to IDA as a debugger class instructor, Christina Johns @bitmaize is working on the "Reverse Engineering 2001: Introductory Static Analysis of C-based programs" class, which will unlock opportunities for many new classes!
Also thanks to folks like Justine Benjamin for recognizing the value in supporting OST2!
From: @OpenSecurityTraining2
https://infosec.exchange/@OpenSecurityTraining2/115723298586141719 -
We are happy to announce that Hex-Rays @HexRaysSA makers of IDA, have become a 🥇Gold-level sponsor of #OST2!
Learn all the latest about their software reverse engineering tools here: https://ost2.fyi/Sponsor_HexRays_SM
-
I was invited to give a talk at @vusec while I was in AMS for HWIO. So of course I talked to the students about the value of grabbing some vocational skills from @OpenSecurityTraining2 , to boost their resumes. And I got to meet #OST2 instructor Sina Karvandi @intel80x86 (of HyperDbg fame -> https://ost2.fyi/Dbg3301) in person, as he's doing a PhD there.
As VUSec is one of the places that found some of the early "named/logo bugs" for microarchitectural attacks, I liked that they had an emulation cabinet with a "LOGO INVADERS" design on it :)
-
We are happy to announce that Binarly has renewed their 🥇Gold-level sponsorship of #OST2!
Learn more about what they do in firmware & supply chain security here: https://ost2.fyi/Sponsor_Binarly_SM
-
This is a periodic reminder about #OST2's open Requests for Proposals (RFPs). We have a few of areas where we can potentially fund the creation of open classes. You can find the calls here: https://ost2.fyi/Training-RFPs.html
-
For those who are curious about the completion time distribution during the beta of my #OST2 BT2222 class, here it is. The average completion time was 8h25m, the median was 8h10m, the min was 3h50m, and the max was 15h22m
Also according to my calendar it took me about 98.5h to create the class and run the beta. 98.5/8.5 is about a 11.5x overhead (11.5h to create 1 education-hour). This is probably the lowest overhead I’ve ever had for class creation. Probably because it explicitly excludes the 500+ hours I’ve spent working on the Blue2thprinting project itself. I.e. if I ran into something that needed fixing during class development, I marked it up on my calendar as Blue2thprinting time rather than BT2222 time.
Anyway, if you want to get started in Bluetooth with something more tool-using than spec-reading, I recommend taking this class! As the graph shows, it could take between 4-15h but it’ll probably be around 8h https://ost2.fyi/BT2222
-
Alright! I pulled off the hat trick 🎩 at hardwear.io this November! I've got a talk on 100% new firmware reverse engineering research (https://hardwear.io/netherlands-2025/speakers/xeno-kovah.php tagline:SUFFERING BUILDS STRENGTH!), a free workshop (https://hardwear.io/netherlands-2025/speakers/xeno-kovah-workshop.php) (where you get to borrow some of my hardware to get a taste of my free 1-day #OST2 class https://ost2.fyi/BT2222), and a new paid 3-day training with @VeronicaKovah where we take you from the bottom of the stack to the top, to build the next generation of Bluetooth Low Energy hackers! (https://hardwear.io/netherlands-2025/training/bluetooth-low-energy.php) Anticipate many more BT hackers in a couple years, and prepare accordingly ;)
-
🧵I made a structural update to the Blue2thprinting #OST2 class today: The previous class was structured like "A:B:[C:D:E]:F:G" where F & G were collecting your own data, and [C-E] were understanding what Tell_Me_Everything.py was trying to tell you about the analyzed data…
-
I made a structural update to the Blue2thprinting #OST2 class today: The previous class was structured like "A:B:[C:D:E]:F:G" where F & G were collecting your own data, and [C-E] were understanding what Tell_Me_Everything.py was trying to tell you about the analyzed data. I changed it to be "A:B:[C]:F:[D:E]:G", so that students can collect their own local data from their own houses/work sooner, rather than exclusively looking at stuff pulled from the crowdsourcing server. The https://ost2.fyi/BT2222 link has been updated to point at the new v2 URL and enrollment in the v1 class is no longer possible.
-
The release of the "Trusted Computing 1102: Intermediate Trusted Platform Module (TPM) usage" class (https://ost2.fyi/TC2202) has updated 3 #OST2 learning paths.
"Secure Software Design & Implementation" - https://ost2.fyi/OST2_LP_SecDev.pdf
"System Security" - https://ost2.fyi/OST2_LP_SysSec.pdf
"Windows Security" - https://ost2.fyi/OST2_LP_Windows.pdf
PDFs are vector-based for full quality when zooming, and have click-to-go-to-class links
-
FWIW it's vaguely possible I'll eventually turn my lessons learned here into a #OST2 5000-level RE class (after I get some more important and prerequisite classes like BT Classic done)
-
Fall and Winter Binary Ninja trainings are here! Automated Reverse Engineering goes online this October for the first time in years, so be sure to register before the month ends. Firmware debuts at RE//verse 2026 and a free Intro to Binja with #OST2 is now live. For more details and registration: https://binary.ninja/training
-
If anyone from the EU would be interested in helping get #OST2 classes added to https://digital-skills-jobs.europa.eu/en/cyber-skills-academy-knowledge-and-training, please reach out
-
I'm happy to say that my talk on Blue2thprinting v2 (now with ∞% more crowdsourcing!) has been accepted to SEC-T https://sec-t.org/ in Stockholm next month. I've been wanting to go for a long time, and even got accepted in 2023 but then a scheduling SNAFU prevented me from going. The nice thing is that by the time the talk happens, the Blue2thprinting #OST2 class will be released. So it'll be the first time I've given a talk where I can say "And if you'd like to know more about this topic, I've got a whole day's class that you can take for free online!" :) In my mind that's kind of the best case scenario for delivering a research talk.
-
All the videos for this are already recorded and with the editor. My ask is that folks buy the Bluetooth RX/TX hardware needed for the class now, so that they’re ready to roll when the beta opens. The hardware will be reused in future #OST2 BT classes too.
From: @OpenSecurityTraining2
https://infosec.exchange/@OpenSecurityTraining2/114891137837815818 -
It's time to celebrate #OST2's 4th anniversary!
So what happened this last year at #OST2? Let's take a walk down memory hierarchy lane!Our most recent class was released just last week by Xusheng Li of @binaryninja https://ost2.fyi/Dbg1103 - Debuggers 1103: Introductory Binary Ninja - (1h53m average, 1h19m median, 0h20m to 11h45m range) is a mini-class that is integrated into the Arch1001: x86-64 assembly class https://ost2.fyi/Arch1001 but can also be taken as a standalone class for those who already know other tools like gdb, windbg, IDA, or Ghidra, and want to learn Binja's interface.
On June 29th Francesco Pollicino released "Fuzzing 1001: Introductory white-box fuzzing with AFL++" https://ost2.fyi/Fuzz1001 (7h57m average, 6h57m median, 2h22m to 40h0m range)
This class is great for both vulnerability hunters who've already taken https://ost2.fyi/Vulns1001 & https://ost2.fyi/Vulns1002, or developers who've taken the equivalent secure development classes https://ost2.fyi/SecDev1001 & https://ost2.fyi/SecDev1002.On Oct 14th Christina Johns @bitmaize released "Debuggers 1101: Introductory IDA" https://ost2.fyi/Dbg1101 (1h37m average, 1h26m median, 0h34m to 3h45m range).
This mini-class is integrated into the Arch1001: x86-64 assembly class https://ost2.fyi/Arch1001 so students can learn a tool like IDA at the same time they're learning assembly and reverse engineering in the final binary bomb lab. It also provides necessary background about IDA UI usage for the https://ost2.fyi/RE3011 Reversing C++ Binaries class.On Oct 4th Dimi Tomov of https://tpm.dev provided https://ost2.fyi/TC1102 "Intermediate Trusted Platform Module (TPM) usage" (10h5m median, 12h0m average, 4h13m to 50h4m range)
This class built on the earlier Introductory TPM class https://ost2.fyi/TC1101, and deepens students' capability to program and interact with the TPM in C, covering things like the Endorsement Hierarchy and the Endorsement Key, and machine identity and TPM based identification.And on Oct 1st. we also posted an updated version of Dimi's https://ost2.fyi/TC1101 "Introductory Trusted Platform Module (TPM) usage" class (8h34m median, 9h55.5m average, 2h54m to 44h36m range), with an additional 27m video requested by students, comparing and contrasting TPMs to other trusted computing technologies like smart cards: https://www.youtube.com/watch?v=51I9VpkOrNU
We want to of course thank all of our instructors who delivered class this past year, or in previous years. Because without them OST2 wouldn't be possible!
We're happy to say that we were able to pay our first honorariums to instructors last year, funded by your donations (https://ost2.fyi/Donate-Money.html), and Partners & Sponsors contributions.
We also want to thank our partners like the Trusted Computing Group, who help us directly fund the creation of new classes like TC2202 (currently in beta) and TC1103 (targeting early 2026.)
Sponsors like Winsider https://ost2.fyi/Sponsor_Winsider_web, Binarly https://ost2.fyi/Sponsor_Binarly, and Cyber5W https://ost2.fyi/Sponsor_Cyber5W provide us with funds to help with overhead costs such as running the site, paying video editors, etc.
Other sponsors like NCC Group, 3mdeb, and @DarkMentor are "donors in kind" who fund their employees making classes for OST2
But we need more sponsors to keep growing! https://ost2.fyi/Sponsorship.html If you want your company to sponsor #OST2, reach out via email at "sponsor at ost2.fyi". It's much more cost effective than sponsoring conferences, and reaches far more people!
Thanks to everyone who's donated individually to OST2 this past year! Whether with corporate matching through work (we are an actual charity registered in the US after all) or individually through the YouTube page, donations shows us that you truly value what we do!
We're committed to using individual donors' funds to always directly pass through to instructors (never for overhead costs), and we'll once again be passing through your thanks to the current instructors as an honorarium this coming year.
https://ost2.fyi/Donate-Money.htmlAnd finally, thanks to all 29k+ folks who are taking classes at OST2! Being able to teach thousands of people at a time how to become better hackers, better engineers, better toolsmiths, and better explorers is why we do what we do! Spread the word and let's make more awesome people!
-
📣"Debuggers 1103: Introductory Binary Ninja" is released!📣
https://ost2.fyi/Dbg1103This class by Xusheng Li of Vector 35 @binaryninja provides students with a hands-on introduction to the free version of Binja as a debugger, thus providing decompilation support!
Like all current #OST2 classes, the core content is made fully public, and you only need to register if you want to post to the discussion board or track your class progress. This mini-class takes approximately 2 hours to complete, and can be used as standalone cross-training for people who know other reverse engineering tools, or by students learning assembly for the first time in the https://ost2.fyi/Arch1001 x86-64 Assembly class.
-
Some people assume that because OST releases material for free, that it's not high quality. We need to show them that's not the case, by highlighting how it has helped real engineers. If #OST2 has helped your career, please tell us how, here:
https://forms.gle/LMKE7Evhu6vL2snQ6 -
We're happy to announce that @cyber5w is renewing their sponsorship of #OST2 at the Bronze🥉 level in 2025!
Learn more about Cyber5W and their forensics training here: https://ost2.fyi/Sponsor_Cyber5W -
Oh, and at some point I will update all the #OST2 Learning Paths to try and start using this new coloring/annotation convention to show average class completion times and programming language knowledge requirements, if any
From: @xenokovah
https://infosec.exchange/@xenokovah/114500671118679441 -
Sneak peek at the draft #OST2 Bluetooth Security Learning Path! If you want to beta test the BT3001 class, you’re highly encouraged to finish https://ost2.fyi/Vulns1001 & https://ost2.fyi/Vulns1002 ASAP!
-
This is a bit of a fraught question (in that I’m expecting to attract spam…), but I’m interested in making an account to allow #OST2 to accept donations in cryptocurrency. Any recommendations on what I should use?
-
The #OST2 Discord channel will be running an event starting Dec 30th, organized by Hussein Muhaisen, where students can join a cohort which will be going through OST2 classes from Intro level to Advanced, together, over ~8 weeks. The cohort agenda is here: https://docs.google.com/document/d/1pi99S58ZZI8kHg_X_iFADiDWD_U9kyYdMROH36Wo_iM/edit?tab=t.0#heading=h.xsjrviqqmt9
If you'd like a little extra motivation to keep going in classes, and a few more students to ask questions of on the same material, you can sign up for our Discord server here: https://docs.google.com/forms/d/e/1FAIpQLSerVBVvqL4iJ7O3doLDwEACzUsbVlODtUbu3_gSPp1Oz043Cg/viewform?pli=1
-
Just added 7 CVEs found by @sploitem to the 🏆 Student CVE Trophy Case 🏆 in #OST2 Vulnerabilities 1001/2 classes
SBO - https://apps.p.ost2.fyi/learning/course/course-v1:OpenSecurityTraining2+Vulns1001_C-family+2023_v1/block-v1:OpenSecurityTraining2+Vulns1001_C-family+2023_v1+type@sequential+block@a3c5de12340f4b50ab45443de90770e3/block-v1:OpenSecurityTraining2+Vulns1001_C-family+2023_v1+type@vertical+block@7fae044f5cb14105871494e9d20b3660
HBO - https://apps.p.ost2.fyi/learning/course/course-v1:OpenSecurityTraining2+Vulns1001_C-family+2023_v1/block-v1:OpenSecurityTraining2+Vulns1001_C-family+2023_v1+type@sequential+block@7164360c1e5546f985c174e20dad6e3a/block-v1:OpenSecurityTraining2+Vulns1001_C-family+2023_v1+type@vertical+block@c6f41a24de1e42b5a638a43bc100b62a
OII - https://apps.p.ost2.fyi/learning/course/course-v1:OpenSecurityTraining2+Vulns1001_C-family+2023_v1/block-v1:OpenSecurityTraining2+Vulns1001_C-family+2023_v1+type@sequential+block@ea5a5d6f13a4494abfd5d4051c35d0e6/block-v1:OpenSecurityTraining2+Vulns1001_C-family+2023_v1+type@vertical+block@cdd8c961040046149d9884ed8dcaa954
InfoLeak - https://apps.p.ost2.fyi/learning/course/course-v1:OpenSecurityTraining2+Vulns1002_C-family+2023_v1/block-v1:OpenSecurityTraining2+Vulns1002_C-family+2023_v1+type@sequential+block@61bfe9ec62504c90899186b32360f5a4/block-v1:OpenSecurityTraining2+Vulns1002_C-family+2023_v1+type@vertical+block@9a6a8e8ff2d546a9a69150c0ecb9147fAs a reminder, if you took the class and then used what you learned to find new CVEs, LMK so I can add you too!
-
Thanks to #Binarly for Sponsoring #OST2 at the Gold🥇 level!
Learn more about them here: https://binarly.io/