IT - Links

Information Security

Information Gathering

• Censys
• CVE Details
• Cylect.io - Ultimate OSINT Search Engine
• Exploit Database
• FullHunt
• Linux Distribution Packages Database
• Shodan
• Snyk Vulnerability DB

Pentesting

• Payloads All The Things (github collection)
• SecLists wordlists (github collection)
• Unicode confusables
• PoC Exploits in Github
• Exploiting Python pickles
• Shellcode Database

Mobile Pentesting

• awesome-mobile-security (github collection)
• objection
• objection tutorial

Android Pentesting

• Android Permissions

iOS Pentesting

• iOS Security 101 (slides)
• iOS Pentesting - Introduction
• ATS - NSAppTransportSecurity
• lldb for iOS
• gdb and lldb command examples

Linux Security

• Linux Hardening in the Wild
• Fixing the Desktop Linux Security Model

Windows Security

• Kerberosity Killed the Domain: An Offensive Kerberos Overview

Web Pentesting

• MDN - Cross-Origin Resource Sharing
• Stanford CS 253 Web Security
• CSP Evaluator
• Better API Penetration Testing with Postman
• How to Find XXE Bugs
• HTTP/2 basics for Burp users

Tools

• ffuf

Post Exploitation

• THC's favourite Tips, Tricks & Hacks

Hardware Security

• NSA ANT catalog
• TPM Genie
• INCEPTION (DMA attack)
• PCILeech (DMA attack)

BIOS/UEFI/Boot Security

• Defeating a Laptop's BIOS Password

Guides

• OWASP Firmware Security Testing Methodology
• OWASP Mobile Security Testing Guide
• HackTricks
• Awesome guide for pentesting web, linux, windows, mobile, etc.
• madaidan - Security & Privacy Evaluations

Cryptography

• Going Bark: A Furry’s Guide to End-to-End Encryption
• Latacora - The PGP Problem

Attestation

• Binary Transparency
• Key Transparency
• Certificate Transparency

Phishing

• evilginx2
• Gophish

General IT

Web

• A re-introduction to JavaScript (JS tutorial)

Browser Extensions

• Decentraleyes
• uBlock Origin
• Privacy Badger

Linux

• The Linux Command Line (Book)
• Monitoring and Tuning the Linux Networking Stack: Receiving Data

Debian

• Removal of jessie-updates and jessie-backports from debian mirrors
• this article has a nice graph of how packages go through the different repositories (security, stable-updates, ...)

Server Configuration

• SSH login alert with sendmail and PAM
• nftables primer

Memorable Articles and Stuff

• ASCIIMATION Star Wars via telnet
• Super Mario World Credits Warp Explained
• Taking Back What Is Already Yours: Router Wars Episode I
• (A few) Ops Lessons We All Learn The Hard Way
• Securing the Supply Chain of Nothing
• Internet Census 2012
• Working From Orbit
• Load Balancing
  • nice visualization of different algorithms
• Putting the "You" in CPU
  • "what happens when you run a program on your computer?"

Hacks, Proof of Concepts

• Shodan 2000
• WebVM

Useful Tools

• RegExr: Learn, Build & Test RegEx
• Producing Beamer slide shows from markdown using Pandoc
• Security automation tools for http, dns, ...
• IDN Check (for similar Domains)
• dnstwist phishing domain scanner

Homepages I like

• jes existential optimist
• lcamttuf's homepage
• netmeister.org

Programming

• Python's Missing Batteries: Essential Libraries You're Missing Out On

Cheat Sheets

• An Excruciatingly Detailed Guide To SSH