# Security

TODO

## Articles

* [Trustworthy computing in 2021](https://ariadne.space/2021/10/19/trustworthy-computing-in-2021/)
* [CONTI Team statement on REvil](https://sizeof.cat/post/conti-team-statement-on-revil/)
* [Analyzing the Mario Themed Malware](https://serhack.me/articles/analyzing-mario-malware-en/)
* [Here's another free CA as an alternative to Let's Encrypt!](https://scotthelme.co.uk/heres-another-free-ca-as-an-alternative-to-lets-encrypt/)
* [Canonicalization Attacks Against MACs and Signatures](https://soatok.blog/2021/07/30/canonicalization-attacks-against-macs-and-signatures/)
* [The Insecurity Industry](https://edwardsnowden.substack.com/p/ns-oh-god-how-is-this-legal)
* [Probably Are Gonna Need It: Application Security Edition](https://jacobian.org/2021/jul/8/appsec-pagnis/)
* [How We Protect Pinners’ Passwords](https://medium.com/pinterest-engineering/how-we-protect-pinners-passwords-e769135734d)
* [Introduction to security good practices](https://dataswamp.org/~solene/2021-05-09-introduction-to-security.html)
* [A simpler and safer future — without passwords](https://blog.google/technology/safety-security/a-simpler-and-safer-future-without-passwords/)
* [What hardware and software should I use for a selfhosted home security system?](https://www.reddit.com/r/selfhosted/comments/mjmojl/what_hardware_and_software_should_i_use_for_a/)
* [Ask HN: Any tips for a programmer wanting to switch into security?](https://news.ycombinator.com/item?id=26056136)
* [The SOC2 Starting Seven](https://latacora.micro.blog/2020/03/12/the-soc-starting.html)
* [Escaping VirtualBox 6.1: Part 1](https://secret.club/2021/01/14/vbox-escape.html)
* [Clean up your digital hygiene](https://luminousmen.com/post/clean-up-your-digital-hygiene)
* [Intercepting Zoom's encrypted data with BPF](https://confused.ai/posts/intercepting-zoom-tls-encryption-bpf-uprobes)
* [Bypassing Encrypted Secure Boot](https://raelize.com/blog/espressif-esp32-bypassing-encrypted-secure-boot-cve-2020-13629/)
* [Ask HN: Any good FOSS alternative to Google's reCAPTCHA?](https://news.ycombinator.com/item?id=23089599)
* [A Guide to Threat Modelling for Developers](https://martinfowler.com/articles/agile-threat-modelling.html)
* [How To Become A Hacker](https://zalberico.com/essay/2020/04/19/how-to-become-a-hacker.html)
* [Ask HN: How does your company manage its encryption keys?](https://news.ycombinator.com/item?id=23390966)
* [Best practices for managing and storing secrets including API keys and other credentials \[cheat sheet included\]](https://blog.gitguardian.com/secrets-api-management/)
* [В России создана самоуничтожающаяся флешка с детонатором для истинных параноиков](https://www.cnews.ru/news/top/2021-11-26_rossiyane_sozdali_samounichtozhayushchuyusya)

## Books

* [Security Engineering — Third Edition](https://www.cl.cam.ac.uk/~rja14/book.html)
* [A Researcher’s Guide to Some Legal Risks of Security Research](https://clinic.cyber.harvard.edu/files/2020/10/Security_Researchers_Guide-2.pdf)

## Courses / Videos

* [Information Security](https://www.freecodecamp.org/learn/information-security/)
* [Discover the best kept secret in cybersecurity](https://www.hackerone.com/security-at/2021)
* [HotMobile 2020 - Listen to Your Key: Towards Acoustics-based Physical Key Inference](https://youtu.be/bxyAa_txM34)
* [Hackfest 2015: Theo de Raadt presented "Pledge: A new security technology in openbsd"](https://youtu.be/F_7S1eqKsFk)
* [DEF CON 26 - Christopher Domas - GOD MODE UNLOCKED Hardware Backdoors in redacted x86](https://youtu.be/jmTwlEh8L7g)
* [SSL/TLS Deployment Best Practices](https://youtu.be/AYNtH7JMlAQ)

## Links

* [Хакер](https://xakep.ru/) - крупнейший в России и Европе ресурс в области прикладной информационной безопасности
* [ИТ-энциклопедия «Касперского»](https://encyclopedia.kaspersky.ru/)
* [Hacksplaining](https://www.hacksplaining.com/) - Security Training for Developers.
* [MAT: Metadata Anonymisation Toolkit](https://zenway.ru/page/mat) - Инструментарий для удаления метаданных у файлов различных форматов
* [OSINT Tools](https://infosecurity.by/osint-tools)
* [Abertay Hacksoc Wiki!](https://wiki.hacksoc.co.uk/)
* [SSL Configuration Generator](https://ssl-config.mozilla.org/)
* [HackTricks](https://book.hacktricks.xyz/)
* [maigret](https://github.com/soxoj/maigret) - Collect a dossier on a person by username from thousands of sites
* [How to Secure Anything](https://github.com/veeral-patel/how-to-secure-anything)
* [Web Security Basics](https://github.com/vasanthk/web-security-basics)
* [Depix](https://github.com/beurtschipper/Depix) - Recovers passwords from pixelized screenshots
* [Awesome Security](https://github.com/sbilly/awesome-security)
* [Awesome Google VRP Writeups](https://github.com/xdavidhu/awesome-google-vrp-writeups)
* [Awesome Hacking](https://github.com/jekil/awesome-hacking)
* [Awesome mobile security](https://github.com/vaib25vicky/awesome-mobile-security)
* [Hacker roadmap](https://github.com/sundowndev/hacker-roadmap)
* [Payloads All The Things](https://github.com/swisskyrepo/PayloadsAllTheThings)
* [Awesome CTF](https://github.com/apsdehal/awesome-ctf)
* [pam-duress](https://github.com/nuvious/pam-duress) - which allows the establishment of alternate passwords that can be used to perform actions to clear sensitive data, notify IT/Security staff, close off sensitive network connections, etc if a user is coerced into giving a threat actor a password.