Reading-List

A collection of articles I've read and enjoyed

Below is a list of articles / websites which I’ve read and enjoyed. I recommend you check them out!

• Electronic Frontier Foundation
• Crypto Gram Newsletter
• So you want to expose Go on the Internet
• OWASP Devsecops Maturity Model
• Playing with LD_PRELOAD - BreakInSecurity
• The Race to Limit Ptrace - Rezilion
• Hooking Linux Libraries for Post-Exploitation Fun :: Mike Gualtieri
• A Technique for Hooking Internal Functions of Dynamically-Linked ELF Binaries
• nproc: netlink access to /proc information
• mtree(8): map directory hierarchy - Linux man page
• Web Security Academy
• HackTricks - HackTricks
• Bringing OAuth 2.0 Flow to Wrangler
• sigstore/cosign: Container Signing + Application Signing
• Log4J
• Tamarin Prover
• thinkst/canarytokens-docker: Docker configuration to quickly setup your own Canarytokens
• biscuitsec.org
• Macaroons: Cookies with Contextual Caveats for Decentralized Authorization in the Cloud – Google Research
• API Tokens: A Tedious Survey · Fly
• A Security Site - Everything you would ever need to know about crypto
• Private Access Tokens - Apple + RFC + Cloudflare
• Portswigger - Web Security Training
• Computerphile on Youtube - Good Zero Knowledge Proof Video from them
• https://abuse.ch/
• https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=930420
• https://github.com/atc-project/atomic-threat-coverage
• https://github.com/atc-project/atc-react
• https://github.com/redcanaryco/atomic-red-team
• https://github.com/iangcarroll/cookiemonster
• https://samcurry.net/points-com/
• https://github.com/lc/gau
• https://samcurry.net/web-hackers-vs-the-auto-industry/
• https://commoncrawl.org/
• https://www.youtube.com/watch?v=OtM6iegGYAQ
• https://www.youtube.com/watch?v=pYRM3Zcfajs
• https://jedisct1.github.io/minisign/
• https://github.com/aperezdc/signify
• https://hijacklibs.net/
• https://learn.microsoft.com/en-us/sysinternals/downloads/adexplorer + https://github.com/c3c/ADExplorerSnapshot.py + https://book.hacktricks.xyz/windows-hardening/active-directory-methodology/bloodhound
• https://dirkjanm.io/getting-in-the-zone-dumping-active-directory-dns-with-adidnsdump/ + https://github.https://dirkjanm.io/ + com/SpecterOps + https://github.com/dirkjanm?tab=repositories + https://github.com/dirkjanm/adidnsdump
• https://1passwordstatic.com/files/security/1password-white-paper.pdf
• https://www.youtube.com/watch?v=SgkgsgaBBCA
• https://github.com/ShorSec/KrbRelayUp
• https://github.com/golem445/Corporate_Masks
• https://github.com/fabacab/awesome-cybersecurity-blueteam
• https://github.com/DominicBreuker/pspy
• https://github.com/cdk-team/CDK