Security

TODO

Articles

• Trustworthy computing in 2021

• CONTI Team statement on REvil

• Analyzing the Mario Themed Malware

• Here's another free CA as an alternative to Let's Encrypt!

• Canonicalization Attacks Against MACs and Signatures

• The Insecurity Industry

• Probably Are Gonna Need It: Application Security Edition

• How We Protect Pinners’ Passwords

• Introduction to security good practices

• A simpler and safer future — without passwords

• What hardware and software should I use for a selfhosted home security system?

• Ask HN: Any tips for a programmer wanting to switch into security?

• The SOC2 Starting Seven

• Escaping VirtualBox 6.1: Part 1

• Clean up your digital hygiene

• Intercepting Zoom's encrypted data with BPF

• Bypassing Encrypted Secure Boot

• Ask HN: Any good FOSS alternative to Google's reCAPTCHA?

• A Guide to Threat Modelling for Developers

• How To Become A Hacker

• Ask HN: How does your company manage its encryption keys?

• Best practices for managing and storing secrets including API keys and other credentials [cheat sheet included]

• В России создана самоуничтожающаяся флешка с детонатором для истинных параноиков

Books

• Security Engineering — Third Edition

• A Researcher’s Guide to Some Legal Risks of Security Research

Courses / Videos

• Information Security

• Discover the best kept secret in cybersecurity

• HotMobile 2020 - Listen to Your Key: Towards Acoustics-based Physical Key Inference

• Hackfest 2015: Theo de Raadt presented "Pledge: A new security technology in openbsd"

• DEF CON 26 - Christopher Domas - GOD MODE UNLOCKED Hardware Backdoors in redacted x86

• SSL/TLS Deployment Best Practices

Links

• Хакер - крупнейший в России и Европе ресурс в области прикладной информационной безопасности

• ИТ-энциклопедия «Касперского»

• Hacksplaining - Security Training for Developers.

• MAT: Metadata Anonymisation Toolkit - Инструментарий для удаления метаданных у файлов различных форматов

• OSINT Tools

• Abertay Hacksoc Wiki!

• SSL Configuration Generator

• HackTricks

• maigret - Collect a dossier on a person by username from thousands of sites

• How to Secure Anything

• Web Security Basics

• Depix - Recovers passwords from pixelized screenshots

• Awesome Security

• Awesome Google VRP Writeups

• Awesome Hacking

• Awesome mobile security

• Hacker roadmap

• Payloads All The Things

• Awesome CTF

• pam-duress - which allows the establishment of alternate passwords that can be used to perform actions to clear sensitive data, notify IT/Security staff, close off sensitive network connections, etc if a user is coerced into giving a threat actor a password.