IT - Links
Information Security
Information Gathering
- Censys
- CVE Details
- Cylect.io - Ultimate OSINT Search Engine
- Exploit Database
- FullHunt
- Linux Distribution Packages Database
- Shodan
- Snyk Vulnerability DB
Pentesting
- Payloads All The Things (github collection)
- SecLists wordlists (github collection)
- Unicode confusables
- PoC Exploits in Github
- Exploiting Python pickles
- Shellcode Database
Mobile Pentesting
Android Pentesting
iOS Pentesting
- iOS Security 101 (slides)
- iOS Pentesting - Introduction
- ATS - NSAppTransportSecurity
- lldb for iOS
- gdb and lldb command examples
Linux Security
Windows Security
Web Pentesting
- MDN - Cross-Origin Resource Sharing
- Stanford CS 253 Web Security
- CSP Evaluator
- Better API Penetration Testing with Postman
- How to Find XXE Bugs
- HTTP/2 basics for Burp users
Tools
Post Exploitation
Hardware Security
BIOS/UEFI/Boot Security
Guides
- OWASP Firmware Security Testing Methodology
- OWASP Mobile Security Testing Guide
- HackTricks
- Awesome guide for pentesting web, linux, windows, mobile, etc.
- madaidan - Security & Privacy Evaluations
Cryptography
Attestation
Phishing
General IT
Web
Browser Extensions
Linux
Debian
- Removal of jessie-updates and jessie-backports from debian mirrors
- this article has a nice graph of how packages go through the different repositories (security, stable-updates, ...)
Server Configuration
Memorable Articles and Stuff
- ASCIIMATION Star Wars via telnet
- Super Mario World Credits Warp Explained
- Taking Back What Is Already Yours: Router Wars Episode I
- (A few) Ops Lessons We All Learn The Hard Way
- Securing the Supply Chain of Nothing
- Internet Census 2012
- Working From Orbit
- Load Balancing
- nice visualization of different algorithms
- Putting the "You" in CPU
- "what happens when you run a program on your computer?"
Hacks, Proof of Concepts
Useful Tools
- RegExr: Learn, Build & Test RegEx
- Producing Beamer slide shows from markdown using Pandoc
- Security automation tools for http, dns, ...
- IDN Check (for similar Domains)
- dnstwist phishing domain scanner