Reading-List

A collection of articles I've read and enjoyed

If you’re looking to get a start in Cyber Security this is the page I would throw you at. Here you can find a large collection of random articles / websites / resources I’ve collected over the years, I’ve done by best to categorise them into subsections but the chaos is part of the fun. Find something you like and get lost down a rabbit hole and learn something new!

Newsletters

• Electronic Frontier Foundation
• Crypto Gram Newsletter
• Cryptography Dispatches

Cloud

• Automation to assess the state of your M365 tenant against CISA’s baselines

Web

• So you want to expose Go on the Internet
• Web Security Academy
• Private Access Tokens - Apple + RFC + Cloudflare
• Portswigger - Web Security Training
• Common Crawl - Open Repository of Web Crawl Data
• Shadown Server
• CookieMonster helps you detect and abuse vulnerable implementations of stateless sessions.

App Sec

• OWASP Devsecops Maturity Model
• OpenSSF Scorecard
• GitHub - ossf/malicious-packages: A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerability (OSV) format.
• GitHub - ossf/scorecard: OpenSSF Scorecard
• Open Source Security Foundation
• BadgeApp
• GitHub - ossf/package-analysis: Open Source Package Analysis
• scorecard/docs/checks.md at main · ossf/scorecard · GitHub
• OSV
• Common Security Advisory Framework

Red Team

• HackTricks - HackTricks
• GitHub - golem445/Corporate_Masks: 8-14 character Hashcat masks based on analysis of 1.5 million NTLM hashes cracked while pentesting
• maldevacademy
• NetExec
• Putting the C2 in C2loudflare
• Blister Loader
• Blister Loader 2
• Blister Loader 3

Linux

• Playing with LD_PRELOAD - BreakInSecurity
• The Race to Limit Ptrace - Rezilion
• Hooking Linux Libraries for Post-Exploitation Fun :: Mike Gualtieri
• A Technique for Hooking Internal Functions of Dynamically-Linked ELF Binaries
• nproc: netlink access to /proc information
• mtree(8): map directory hierarchy - Linux man page
• GitHub - DominicBreuker/pspy: Monitor linux processes without root permissions
• GitHub - cdk-team/CDK: 📦 Make security testing of K8s, Docker, and Containerd easier.
• GitHub - arget13/DDexec: A technique to run binaries filelessly and stealthily on Linux
• Fun and Profit With Linux EDR
• GitHub - Notselwyn/CVE-2024-1086: Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086
• Elastic EDR - Internal All The Things Linux - Evasion - Internal All The Things

Windows

• KrbRelayUp
• HijackLibs
• GitHub - nettitude/Aladdin
• Persistence Image File Execution Options Injection
• AMSI.fail
• GitHub - SafeBreach-Labs/PoolParty: A set of fully-undetectable process injection techniques abusing Windows Thread Pools
• Process Injection: Remote Thread Injection or CreateRemoteThread
• persistence-info.github.io
• Windows - AMSI Bypass - Internal All The Things
• Home · mandiant/SharPersist Wiki · GitHub
• Bypassing EDRs With EDR-Preloading
• Game Of Active Directory v2
• ADExplorer
• ADExplorer
• Bloodhound
• ADidnsdump
• Windows ESC15 CA Exploit ADCS
• PetitPotam - 1 + 2 + 3 + 4 + 5

C2 Frameworks

• COBALT STRIKE BASICS
• Brute Ratel C4
• GitHub - BishopFox/sliver: Adversary Emulation Framework
• Cobalt Strike
• The C2 Matrix
• Rat Collection
• Mythic Documentation
• Cobalt Strike - Internal All The Things
• Metasploit - Internal All The Things
• Raphael Mudge - YouTube

EDR Bypass

• Cobalt Strike Beacongate
• spoofing-call-stacks-to-confuse-edrs

Write ups

• Log4J
• Impacket’s WMIexec
• Unplugging PlugX: Sinkholing the PlugX USB worm botnet - Sekoia.io Blog
• Sam Curry
• Gnome RCE
• Remcos
• Dipping into Danger: The WARMCOOKIE backdoor — Elastic Security Labs
• Dissecting REMCOS RAT: An in-depth analysis of a widespread 2024 malware, Part One — Elastic Security Labs
• out-of-bounds write in Fortinet FortiOS CVE-2024-21762 vulnerability

Blue Team

• canarytokens docker
• abuse.ch Fighting malware and botnets
• GitHub - atc-project/atomic-threat-coverage: Actionable analytics designed to combat threats
• GitHub - atc-project/atc-react: A knowledge base of actionable Incident Response techniques
• GitHub - redcanaryco/atomic-red-team: Small and highly portable detection tests based on MITRE's ATT&CK.
• GitHub - lc/gau: Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.
• Fighting Back Against Cobalt Strike, presented by Callum Roxan and James Dorgan - YouTube
• GitHub - fabacab/awesome-cybersecurity-blueteam: :computer:🛡️ A curated collection of awesome resources, tools, and other shiny things for cybersecurity blue teams.
• GitHub - linux-application-whitelisting/fapolicyd: File Access Policy Daemon
• GitHub - mandiant/GoReSym: Go symbol recovery tool
• INetSim: Internet Services Simulation Suite - Features
• J4 Tagging and Fingerprinting
• Powershell just enough access
• A defender’s guide to crypters and loaders
• Bloodhound Internals
• A scalable file triage and malware analysis system

IAM

• Bringing OAuth 2.0 Flow to Wrangler
• biscuitsec.org
• Macaroons: Cookies with Contextual Caveats for Decentralized Authorization in the Cloud – Google Research
• API Tokens: A Tedious Survey · Fly
• AuthZed: Scalable Authorization as a Service
• -spiffe machine identity

Kerberos

• AS_REP Roasting vs Kerberoasting – LuemmelSec – Just an admin on someone else´s computer
• Kerberos - Tickets - Internal All The Things
• Kerberos Protocol – Network Security Protocols
• Kerberos (III): How does delegation work?
• Kerberos Bronze Bit Attack CVE-2020-17049 Scenarios to Potentially Compromise Active Directory
• The mind-blowing Kerberos
• Configuring Kerberos delegation for group Managed Service Accounts
• Detecting Kerberoasting Activity – Active Directory Security
• msktutil
• Unconstrained Delegation – Penetration Testing Lab
• Very good Kerberos Walkthrough

Crypto

• A Security Site - Everything you would ever need to know about crypto <– such an amazing resource
• CryptoHack
• sigstore/cosign: Container Signing + Application Signing
• Computerphile on Youtube - Good Zero Knowledge Proof Video from them
• Minisign by Frank Denis
• GitHub - aperezdc/signify: OpenBSD tool to sign and verify signatures on files. Portable version.
• 1Password Whitepaper
• Sigstore
• CA-Browser-Forum-TLS-BR
• Safe Curves
• Shufflecake
• OpenMLS - 1 + 2 + 3 + 4

Academic

• Tamarin Prover

Certifications

• Cyber Security Certifications GIAC Certifications

Just interesting

• #saveTF2 & why the Bot Problem isn't simple - YouTube
• Moxie Marlinspike » Blog » My first impressions of web3
• Firecracker
• Credentials
• Systemd for admins
• Zero Trust
• eBPF

GoLang (Go Programming Language)

Go is current my favourite programming language and I would highly recommend everyone to give it a go! Below are a few very light and great resources to get you started in the language:

• https://go.dev/tour/welcome/1
• https://go.dev/doc/effective_go
• https://gobyexample.com/

and finally

The terrible code to generate the Links on this page

for links in $(cat /tmp/links); 
do 
  title=$(curl -s $links | grep -oP '<title>\K[^<]*'); 
  echo "[${title}](${links})"; 
done | tee -a reading-list.md