A collection of articles I’ve read and enjoyed
If you’re looking to get a start in Cyber Security this is the page I would throw you at. Here you can find a large collection of random articles / websites / resources I’ve collected over the years, I’ve done by best to categorise them into subsections but the chaos is part of the fun. Find something you like and get lost down a rabbit hole and learn something new!
Newsletters
- Electronic Frontier Foundation
- Crypto Gram Newsletter
- Cryptography Dispatches
- Hak5 - Threat Wire
- Seytonic - Hacking News
Cloud
Web
- So you want to expose Go on the Internet
- Web Security Academy
- Private Access Tokens - Apple + RFC + Cloudflare
- Portswigger - Web Security Training
- Common Crawl - Open Repository of Web Crawl Data
- Shadown Server
- CookieMonster helps you detect and abuse vulnerable implementations of stateless sessions.
App Sec
- OWASP Devsecops Maturity Model
- OpenSSF Scorecard
- GitHub - ossf/malicious-packages: A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerability (OSV) format.
- GitHub - ossf/scorecard: OpenSSF Scorecard
- Open Source Security Foundation
- BadgeApp
- GitHub - ossf/package-analysis: Open Source Package Analysis
- scorecard/docs/checks.md at main · ossf/scorecard · GitHub
- OSV
- Common Security Advisory Framework
Red Team
- HackTricks - HackTricks
- GitHub - golem445/Corporate_Masks: 8-14 character Hashcat masks based on analysis of 1.5 million NTLM hashes cracked while pentesting
- maldevacademy
- NetExec
- Putting the C2 in C2loudflare
- Blister Loader
- Blister Loader 2
- Blister Loader 3
- Golang DDL and Process Injection
Linux
- Playing with LD_PRELOAD - BreakInSecurity
- The Race to Limit Ptrace - Rezilion
- Hooking Linux Libraries for Post-Exploitation Fun :: Mike Gualtieri
- A Technique for Hooking Internal Functions of Dynamically-Linked ELF Binaries
- nproc: netlink access to /proc information
- mtree(8): map directory hierarchy - Linux man page
- GitHub - DominicBreuker/pspy: Monitor linux processes without root permissions
- GitHub - cdk-team/CDK: 📦 Make security testing of K8s, Docker, and Containerd easier.
- GitHub - arget13/DDexec: A technique to run binaries filelessly and stealthily on Linux
- Fun and Profit With Linux EDR
- GitHub - Notselwyn/CVE-2024-1086: Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086
- Elastic EDR - Internal All The Things Linux - Evasion - Internal All The Things
Windows
- KrbRelayUp
- HijackLibs
- GitHub - nettitude/Aladdin
- Persistence Image File Execution Options Injection
- AMSI.fail
- GitHub - SafeBreach-Labs/PoolParty: A set of fully-undetectable process injection techniques abusing Windows Thread Pools
- Process Injection: Remote Thread Injection or CreateRemoteThread
- persistence-info.github.io
- Windows - AMSI Bypass - Internal All The Things
- Home · mandiant/SharPersist Wiki · GitHub
- Bypassing EDRs With EDR-Preloading
- Game Of Active Directory v2
- ADExplorer
- ADExplorer
- Bloodhound
- ADidnsdump
- Windows ESC15 CA Exploit ADCS
- PetitPotam - 1 + 2 + 3 + 4 + 5
- Launch CMD using Paint
- Windows coerced authentication methods
- Kerberos Relay 1
- Kerberos Relay 2
- Windows DNS Poisoning 1
- Windows DNS Poisoning 2
- Bronze Bit
- ADCS Exploits
- More Delegation
C2 Frameworks
- COBALT STRIKE BASICS
- Brute Ratel C4
- GitHub - BishopFox/sliver: Adversary Emulation Framework
- Cobalt Strike
- The C2 Matrix
- Rat Collection
- Mythic Documentation
- Cobalt Strike - Internal All The Things
- Metasploit - Internal All The Things
- Raphael Mudge - YouTube
- Sliver Tutorial
EDR Bypass
Write ups
- Log4J
- Impacket’s WMIexec
- Unplugging PlugX: Sinkholing the PlugX USB worm botnet - Sekoia.io Blog
- Sam Curry
- Gnome RCE
- Remcos
- Dipping into Danger: The WARMCOOKIE backdoor — Elastic Security Labs
- Dissecting REMCOS RAT: An in-depth analysis of a widespread 2024 malware, Part One — Elastic Security Labs
- out-of-bounds write in Fortinet FortiOS CVE-2024-21762 vulnerability
- Government Backdoors in your backdoors
- IBM Qradar exploit
- Windows AD Takedown Tutorial
Blue Team
- canarytokens docker
- abuse.ch Fighting malware and botnets
- GitHub - atc-project/atomic-threat-coverage: Actionable analytics designed to combat threats
- GitHub - atc-project/atc-react: A knowledge base of actionable Incident Response techniques
- GitHub - redcanaryco/atomic-red-team: Small and highly portable detection tests based on MITRE’s ATT&CK.
- GitHub - lc/gau: Fetch known URLs from AlienVault’s Open Threat Exchange, the Wayback Machine, and Common Crawl.
- Fighting Back Against Cobalt Strike, presented by Callum Roxan and James Dorgan - YouTube
- GitHub - fabacab/awesome-cybersecurity-blueteam: :computer:🛡️ A curated collection of awesome resources, tools, and other shiny things for cybersecurity blue teams.
- GitHub - linux-application-whitelisting/fapolicyd: File Access Policy Daemon
- GitHub - mandiant/GoReSym: Go symbol recovery tool
- INetSim: Internet Services Simulation Suite - Features
- J4 Tagging and Fingerprinting
- Powershell just enough access
- A defender’s guide to crypters and loaders
- Bloodhound Internals
- A scalable file triage and malware analysis system
- CART Malware format
- Assemblyline auto file and malware analysis
- Windows RPC Filters
- Understanding and Mapping Microsoft / Windows RPC to ATTACK
- Shadow Server Internet Scanning and Notifications
- Chrome Extension Scanning
IAM
- Bringing OAuth 2.0 Flow to Wrangler
- biscuitsec.org
- Good Kerberos Intro
- Macaroons: Cookies with Contextual Caveats for Decentralized Authorization in the Cloud – Google Research
- API Tokens: A Tedious Survey · Fly
- AuthZed: Scalable Authorization as a Service
- spiffe machine identity
- OAuth2
- which OAuth flow should I use?
- Google OAuth
- OWASP OAuth Testing Cheat Sheet
- OWASP OAuth Testing 1
- OWASP OAuth Testing 2
- OSO
- Windows Service Accounts
- Kanidm is a modern and simple identity management platform written in rust
- Open-sourcing OpenPubkey SSH: integrating single sign-on with SSH
Kerberos
- AS_REP Roasting vs Kerberoasting – LuemmelSec – Just an admin on someone else´s computer
- Kerberos - Tickets - Internal All The Things
- Kerberos Protocol – Network Security Protocols
- Kerberos (III): How does delegation work?
- Kerberos Bronze Bit Attack CVE-2020-17049 Scenarios to Potentially Compromise Active Directory
- The mind-blowing Kerberos
- Configuring Kerberos delegation for group Managed Service Accounts
- Detecting Kerberoasting Activity – Active Directory Security
- msktutil
- Unconstrained Delegation – Penetration Testing Lab
- Very good Kerberos Walkthrough
Crypto
- A Security Site - Everything you would ever need to know about crypto <— such an amazing resource
- CryptoHack
- sigstore/cosign: Container Signing + Application Signing
- Computerphile on Youtube - Good Zero Knowledge Proof Video from them
- Minisign by Frank Denis
- GitHub - aperezdc/signify: OpenBSD tool to sign and verify signatures on files. Portable version.
- 1Password Whitepaper
- Sigstore
- CA-Browser-Forum-TLS-BR
- Safe Curves
- Shufflecake
- OpenMLS - 1 + 2 + 3 + 4
- Drand
- Drand Timelock - 1 + 2 + 3
- Code Signing Time stamping - 1 + 2 + 3 + 4 + 5
Academic
Certifications
Just interesting
- #saveTF2 & why the Bot Problem isn’t simple - YouTube
- Moxie Marlinspike >> Blog >> My first impressions of web3
- Firecracker
- Credentials
- Systemd for admins
- Zero Trust
- eBPF
GoLang (Go Programming Language)
Go is current my favourite programming language and I would highly recommend everyone to give it a go! Below are a few very light and great resources to get you started in the language:
and finally
The terrible code to generate the Links on this page
for links in $(cat /tmp/links);
do
title=$(curl -s $links | grep -oP '<title>\K[^<]*');
echo "[${title}](${links})";
done | tee -a reading-list.md