Browse Source

stuff added, things removed, more stuff to be done.

pull/24/head
rmusser01 3 years ago
parent
commit
ca84511dbd
17 changed files with 1612 additions and 1616 deletions
  1. +399
    -0
      Draft/AnonOpSecPrivacy.md
  2. +139
    -0
      Draft/Career.md
  3. +422
    -0
      Draft/Crypto_Encrypt.md
  4. +22
    -52
      Draft/Defense.md
  5. +0
    -12
      Draft/Games.md
  6. +374
    -0
      Draft/Osint.md
  7. +14
    -9
      Draft/Passwords.md
  8. +106
    -0
      Draft/Policy_Compliance.md
  9. +4
    -10
      Draft/Programming_Language_Security.md
  10. +0
    -2
      Draft/RE.md
  11. +0
    -6
      Draft/SCADA.md
  12. +1
    -2
      Draft/Things-added.md
  13. +2
    -12
      Draft/UX.md
  14. +115
    -0
      Draft/honeypot.md
  15. +0
    -1500
      Draft/privesc.md
  16. +0
    -3
      Draft/readme.md
  17. +14
    -8
      Draft/threatmodel.md

+ 399
- 0
Draft/AnonOpSecPrivacy.md View File

@ -0,0 +1,399 @@
## Anonymity, Opsec & Privacy
### Table of Contents
- [General](#general)
- [Android/iOS/Mobile](#mobile)
- [Browser Related](#browser)
- [Communications Security](#comsec)
- [Data Collection](#dcollect)
- [De-anonymization](#de-anon)
- [Documents/Writing](#writing)
- [Facial Identification](#face)
- [Informative/Educational](#informative)
- [Journalism & Media Publishing](#media)
- [Network Obfuscation](#obfuscation)
- [Operational Security - OPSEC](#opsec)
- [References/Resources](#ref)
- [Wireless Radios](#)
- [Tor](#tor)
- [Traveling](#travel)
- [Miscellaneous Stuff](#misc)
- [Miscellaneous Tools](#misc-tools)
- [Counter-Surveillance](#counter)
- [Writeups](#cwriteup)
- [Videos/Talks](#cvideos)
- [Papers](#cpapers)
- [Emissions Security](#emissions)
- [Papers](#papers)
- [Modern Surveillance](#modern)
- [China](#china)
- [United States](#usa)
- [Disinformation](#disinfo)
* [Cookies – what does ‘good’ look like? - UK Information Comissioner's Office - Ali Shah](https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2019/07/blog-cookies-what-does-good-look-like/)
https://www.freehaven.net/anonbib/
* [Ghostbuster: Detecting the Presence of Hidden Eavesdroppers](https://synrg.csl.illinois.edu/papers/ghostbuster-mobicom18.pdf)
* Propaganda
* [Project Feels: How USA Today, ESPN and The New York Times are targeting ads to mood - digiday](https://digiday.com/media/project-feels-usa-today-espn-new-york-times-targeting-ads-mood/)
* [The New York Times Advertising & Marketing Solutions Group Introduces ‘nytDEMO’: A Cross-Functional Team Focused on Bringing Insights and Data Solutions to Brands(2018)](https://investors.nytco.com/press/press-releases/press-release-details/2018/The-New-York-Times-Advertising--Marketing-Solutions-Group-Introduces-nytDEMO-A-Cross-Functional-Team-Focused-on-Bringing-Insights-and-Data-Solutions-to-Brands/default.aspx)
* [Toward an Information Operations Kill Chain - Bruce Schneier](https://www.lawfareblog.com/toward-information-operations-kill-chain)
* [Project Raven: Inside the UAE’s secret hacking team of American mercenaries(Christopher Bing, Joel Schectman)]
* [How to Purge Google and Start Over – Part 2 - Mike Felch](https://www.blackhillsinfosec.com/how-to-purge-google-and-start-over-part-2/)
* [Of Moles and Molehunters: A Review of Counterintelligence Literature, 1977-92](https://www.cia.gov/library/center-for-the-study-of-intelligence/csi-publications/books-and-monographs/U-Oct%20%201993-%20Of%20Moles%20-%20Molehunters%20-%20A%20Review%20of%20Counterintelligence%20Literature-%201977-92%20-v2.pdf)
* [Salamandra](https://github.com/eldraco/Salamandra)
* Salamandra is a tool to detect and locate spy microphones in closed environments. It find microphones based on the strength of the signal sent by the microphone and the amount of noise and overlapped frequencies. Based on the generated noise it can estimate how close or far away you are from the microphone.
* [zwsp-steg](https://github.com/offdev/zwsp-steg-js)
* Zero-Width Space Steganography. Encodes and decodes hidden messages as non printable/readable characters. [A demo can be found here](https://offdev.net/demos/zwsp-steg-js).
* [DEDA](https://github.com/dfd-tud/deda)
* DEDA - tracking Dots Extraction, Decoding and Anonymisation toolkit; Document Colour Tracking Dots, or yellow dots, are small systematic dots which encode information about the printer and/or the printout itself. This process is integrated in almost every commercial colour laser printer. This means that almost every printout contains coded information about the source device, such as the serial number.
* https://dfd.inf.tu-dresden.de/
* [The Spy and the Traitor: The Greatest Espionage Story of the Cold War - cia.gov](https://www.cia.gov/library/center-for-the-study-of-intelligence/csi-publications/csi-studies/studies/vol-63-no-1/spy_and_traitor.html)
* [How a Bitcoin Evangelist Made Himself Vanish, in 15 (Not So Easy) Steps - Nathaniel Popper](https://www.nytimes.com/2019/03/12/technology/how-to-disappear-surveillance-state.html)
* [A Glance through the VPN Looking Glass: IPv6 Leakage and DNS Hijacking in Commercial VPN clients - Vasile C. Perta, Marco V. Barbera, Gareth Tyson, Hamed Haddadi, and Alessandro Mei(2/2015)](https://www.petsymposium.org/2015/papers/02_Perta.pdf)
* [Forensic Analysis and Anonymisation of Printed Documents](https://dl.acm.org/citation.cfm?doid=3206004.3206019)
* Contrary to popular belief, the paperless office has not yet established itself. Printer forensics is therefore still an important field today to protect the reliability of printed documents or to track criminals. An important task of this is to identify the source device of a printed document. There are many forensic approaches that try to determine the source device automatically and with commercially available recording devices. However, it is difficult to find intrinsic signatures that are robust against a variety of influences of the printing process and at the same time can identify the specific source device. In most cases, the identification rate only reaches up to the printer model. For this reason we reviewed document colour tracking dots, an extrinsic signature embedded in nearly all modern colour laser printers. We developed a refined and generic extraction algorithm, found a new tracking dot pattern and decoded pattern information. Through out we propose to reuse document colour tracking dots, in combination with passive printer forensic methods. From privacy perspective we additional investigated anonymization approaches to defeat arbitrary tracking. Finally we propose our toolkitdeda which implements the entire workflow of extracting, analysing and anonymisation of a tracking dot pattern.
* [NCCA Polygraph Countermeasure Course Files Leaked](https://antipolygraph.org/blog/2018/06/09/ncca-polygraph-countermeasure-course-files-leaked/)
* [Fooling automated surveillance cameras: adversarial patches to attack person detection - Simen Thys, Wiebe Van Ranst, Toon Goedemé](https://arxiv.org/abs/1904.08653)
* Adversarial attacks on machine learning models have seen increasing interest in the past years. By making only subtle changes to the input of a convolutional neural network, the output of the network can be swayed to output a completely different result. The first attacks did this by changing pixel values of an input image slightly to fool a classifier to output the wrong class. Other approaches have tried to learn "patches" that can be applied to an object to fool detectors and classifiers. Some of these approaches have also shown that these attacks are feasible in the real-world, i.e. by modifying an object and filming it with a video camera. However, all of these approaches target classes that contain almost no intra-class variety (e.g. stop signs). The known structure of the object is then used to generate an adversarial patch on top of it. In this paper, we present an approach to generate adversarial patches to targets with lots of intra-class variety, namely persons. The goal is to generate a patch that is able successfully hide a person from a person detector. An attack that could for instance be used maliciously to circumvent surveillance systems, intruders can sneak around undetected by holding a small cardboard plate in front of their body aimed towards the surveillance camera. From our results we can see that our system is able significantly lower the accuracy of a person detector. Our approach also functions well in real-life scenarios where the patch is filmed by a camera. To the best of our knowledge we are the first to attempt this kind of attack on targets with a high level of intra-class variety like persons.
--------------
### <a name="general"></a>General
* **101**
* [A Guide to Law Enforcement Spying Technology - EFF](https://www.eff.org/sls)
* [Anonymity](https://en.wikipedia.org/wiki/Anonymity)
* [Operations Security - Wikipedia](https://en.wikipedia.org/wiki/Operations_security)
* **General**
* [OS X Security and Privacy Guide](https://github.com/drduh/OS-X-Security-and-Privacy-Guide)
* [Bugger - Adam Curtis](http://www.bbc.co.uk/blogs/adamcurtis/entries/3662a707-0af9-3149-963f-47bea720b460)
* Maybe the real state secret is that spies aren't very good at their jobs and don't know much about the world
* [Mobile Phone Data lookup](https://medium.com/@philipn/want-to-see-something-crazy-open-this-link-on-your-phone-with-wifi-turned-off-9e0adb00d024)
* [Privacy Online Test And Resource Compendium](https://github.com/CHEF-KOCH/Online-Privacy-Test-Resource-List/blob/master/README.md)
* [Winning and Quitting the Privacy Game What it REALLY takes to have True Privacy in the 21st Century - Derbycon 7](https://www.youtube.com/watch?v=bxQSu06yuZc)
* [We Should All Have Something To Hide - Moxie Marlinspike](https://moxie.org/blog/we-should-all-have-something-to-hide/)
* ['I've Got Nothing to Hide' and Other Misunderstandings of Privacy](http://papers.ssrn.com/sol3/papers.cfm?abstract_id=998565&)
* We live in a surveillance state. Law enforcement and intelligence agencies have access to a huge amount of data about us, enabling them to learn intimate, private details about our lives. In part, the ease with which they can obtain such information reflects the fact that our laws have failed to keep up with advances in technology. However, privacy enhancing technologies can offer real protections even when the law does not. That intelligence agencies like the NSA are able to collect records about every telephone call made in the United States, or engage in the bulk surveillance of Internet communications is only possible because so much of our data is transmitted in the clear. The privacy enhancing technologies required to make bulk surveillance impossible and targeted surveillance more difficult already exist. We just need to start using them.
* [The Gruqgs blog](http://grugq.tumblr.com/)
* [How to Cover Your Tracks - ouah.org](http://www.ouah.org/cover_your_tracks1.html)
* [Becoming Virtually Untraceable (Eps1.0_B4s!c_T3chn1qu3s.onion) - Ian Barwise](https://medium.com/@IanBarwise/becoming-virtually-untraceable-part-1-e8470ae60745)
* [The Dating Brokers: An autopsy of online love - Joana Moll, Tactical Tech](https://datadating.tacticaltech.org/viz)
* **Android/iOS/Mobile**<a name="mobile"></a>
* [Click and Dragger: Denial and Deception on Android mobile](https://www.slideshare.net/grugq/mobile-opsec/34-WHAT_ARETHEY_GOOD_FOR_Threat)
* [DEFCON 20: Can You Track Me Now? Government And Corporate Surveillance Of Mobile Geo-Location Data](https://www.youtube.com/watch?v=NjuhdKUH6U4)
* [Can you track me now? - Defcon20](https://wEww.youtube.com/watch?v=DxIF66Tcino)
* [Phones and Privacy for Consumers - Matt Hoy (mattrix) and David Khudaverdyan (deltaflyer)](http://www.irongeek.com/i.php?page=videos/grrcon2015/submerssion-therapy05-phones-and-privacy-for-consumers-matt-hoy-mattrix-and-david-khudaverdyan-deltaflyerhttps://ritter.vg/blog-deanonymizing_amm.html)
* [Hacking FinSpy - a Case Study - Atilla Marosi - Troopers15](https://www.youtube.com/watch?v=Mb4mfBi06K4)
* **Browser Related**<a name="browser"></a>
* [Panopticlick](https://panopticlick.eff.org/)
* Panopticlick will analyze how well your browser and add-ons protect you against online tracking techniques. We’ll also see if your system is uniquely configured—and thus identifiable—even if you are using privacy-protective software.
* [Discovering Browser Extensions via Web Accessible Resources - Chalmers security lab](http://www.cse.chalmers.se/research/group/security/publications/2017/extensions/codaspy-17-full.pdf)
* [Cookieless Monster: Exploring the Ecosystem of Web-based Device Fingerprinting](http://securitee.org/files/cookieless_sp2013.pdf)
* [Client Identification Mechanisms](http://www.chromium.org/Home/chromium-security/client-identification-mechanisms)
* [Technical analysis of client identification mechanisms](http://www.chromium.org/Home/chromium-security/client-identification-mechanisms)
* [What Happens Next Will Amaze You](http://idlewords.com/talks/what_happens_next_will_amaze_you.htm#six_fixes)
* In this paper, we examine how web-based device fingerprinting currently works on the Internet. By analyzing the code of three popular browser-fingerprinting code providers, we reveal the techniques that allow websites to track users without the need of client-side identifiers. Among these techniques, we show how current commercial fingerprinting approaches use questionable practices, such as the circumvention of HTTP proxies to discover a user’s real IP address and the installation of intrusive browser plugins. At the same tim e, we show how fragile the browser ecosystem is against fingerprinting through the use of novel browser- identifying techniques. With so many different vendors involved in browser development, we demonstrate how one can use diversions in the browsers’ implementation to distinguish successfully not only the browser-family, but also specific major and minor versions. Browser extensions that help users spoof the user-agent of their browsers are also evaluated. We show that current commercial approaches can bypass the extensions, and, in addition, take advantage of their shortcomings by using them as additional fingerprinting features.
* [Invasion of Privacy - HackerFactor](http://www.hackerfactor.com/blog/index.php?/archives/703-Invasion-of-Privacy.html)
* **Communication Security**<a name="comsec"></a>
* [A Study of COMINT Personnel Security Standards and Practices](https://www.cia.gov/library/readingroom/document/cia-rdp82s00527r000100060014-6)
* [COMSEC Beyond Encryption](https://grugq.github.io/presentations/COMSEC%20beyond%20encryption.pdf)
* [NSA operation ORCHESTRA: Annual Status Report(2014) - Poul-Henning Kamp - FOSDEM14](https://www.youtube.com/watch?v=fwcl17Q0bpk&feature=youtu.be)
* **Data Collection**<a name="dcollect"></a>
* [This Time, Facebook Is Sharing Its Employees’ Data: Some of the biggest companies turn over their workers’ most personal information to the troubled credit reporting agency Equifax](https://www.fastcompany.com/40485634/equifax-salary-data-and-the-work-number-database)
* [No boundaries: Exfiltration of personal data by session-replay scripts](https://freedom-to-tinker.com/2017/11/15/no-boundaries-exfiltration-of-personal-data-by-session-replay-scripts/)
* [Data release: list of websites that have third-party “session replay” scripts ](https://webtransparency.cs.princeton.edu/no_boundaries/session_replay_sites.html)
* [.NET Github: .NET core should not SPY on users by default #3093](https://github.com/dotnet/cli/issues/3093)
* [.NET Github: Revisit Telemetry configuration #6086 ](https://github.com/dotnet/cli/issues/6086)
* [iTerm2 Leaks Everything You Hover in Your Terminal via DNS Requests](https://www.bleepingcomputer.com/news/security/iterm2-leaks-everything-you-hover-in-your-terminal-via-dns-requests/)
* [Google Has Quietly Dropped Ban on Personally Identifiable Web Tracking - ProPublica(2016)](https://www.propublica.org/article/google-has-quietly-dropped-ban-on-personally-identifiable-web-tracking)
* [No boundaries: Exfiltration of personal data by session-replay scripts - Freedom to Tinker](https://freedom-to-tinker.com/2017/11/15/no-boundaries-exfiltration-of-personal-data-by-session-replay-scripts/)
* **De-Anonymization**<a name="de-anon"></a>
* **Articles/Blogposts/Writeups**
* [De-Anonymizing Alt.Anonymous. Messages - Tom Ritter - Defcon21](https://www.youtube.com/watch?v=_Tj6c2Ikq_E)
* [De-Anonymizing Alt.Anonymous.Messages](https://ritter.vg/blog-deanonymizing_amm.html)
* [Defeating and Detecting Browser Spoofing - Browserprint](https://browserprint.info/blog/defeatingSpoofing)
* [Deanonymizing Windows users and capturing Microsoft and VPN accounts](https://medium.com/@ValdikSS/deanonymizing-windows-users-and-capturing-microsoft-and-vpn-accounts-f7e53fe73834)
* [De-anonymizing facebook users through CSP](http://www.myseosolution.de/deanonymizing-facebook-users-by-csp-bruteforcing/#inhaltsverzeichnis)
* **Papers**
* [Speaker Recognition in Encrypted Voice Streams - Michael Backes,Goran Doychev,Markus Durmuth,Boris Kopf](http://software.imdea.org/~gdoychev/publications/esorics10.pdf)
* We develop a novel approach for unveiling the identity of speakers who participate in encrypted voice communication, solely by eavesdropping on the encrypted traffic. Our approach exploits the concept of voice activity detection (VAD), a widely used technique for reducing the bandwidth consumption of voice traffic. We show that the reduction of traffic caused by VAD techniques creates patterns in the encrypted traffic, which in turn reveal the patterns of pauses in the underlying voice stream. We show that these patterns are speaker-characteristic, and that they are sufficient to undermine the anonymity of the speaker in encrypted voice communication. In an empirical setup with 20 speakers our analysis is able to correctly identify an unknown speaker in about 48% of all cases. Our work extends and generalizes existing work that exploits variable bit-rate encoding for identifying the conversation language and content of encrypted voice streams)
* **Documents**<a name="writing"></a>
* **Authorship Analysis/Identification**
* [anonymouth](https://github.com/psal/anonymouth)
* Document Anonymization Tool, Version 0.5
* [F⁠ingerprinting documents​ with steganography​](http://blog.fastforwardlabs.com/2017/06/23/fingerprinting-documents-with-steganography.html)
* [Text Authorship Verification through Watermarking - Stefano Giovanni Rizzo, Flavio Bertini, Danilo Montesi](https://pdfs.semanticscholar.org/4028/f904da8e2c50672e6037168bf2bd72bc4cb9.pdf)
* **Obfuscation/Making it harder to OCR/Redaction Tactics and Methods**
* [Redaction of PDF Files Using Adobe Acrobat Professional X - NSA](https://www.cs.columbia.edu/~smb/doc/Redaction-of-PDF-Files-Using-Adobe-Acrobat-Professional-X.pdf)
* [Why Government Agencies Use Ugly, Difficult to Use Scanned PDFs - There's More Than Meets the Eye - circleid.com](http://www.circleid.com/posts/20180720_why_government_agencies_use_ugly_difficul_to_use_scanned_pdfs/)
* **Stegonagraphy**
* [steganos](https://github.com/fastforwardlabs/steganos)
* This is a library to encode bits into text.... steganography in text!
* [Content-preserving Text Watermarking through Unicode Homoglyph Substitution](https://www.researchgate.net/publication/308044170_Content-preserving_Text_Watermarking_through_Unicode_Homoglyph_Substitution)
* Digital watermarking has become crucially important in authentication and copyright protection of the digital contents, since more and more data are daily generated and shared online through digital archives, blogs and social networks. Out of all, text watermarking is a more difficult task in comparison to other media watermarking. Text cannot be always converted into image, it accounts for a far smaller amount of data (eg. social network posts) and the changes in short texts would strongly affect the meaning or the overall visual form. In this paper we propose a text watermarking technique based on homoglyph characters substitution for latin symbols1. The proposed method is able to efficiently embed a password based watermark in short texts by strictly preserving the content. In particular, it uses alternative Unicode symbols to ensure visual indistinguishability and length preservation, namely content-preservation. To evaluate our method, we use a real dataset of 1.8 million New York articles. The results show the effectiveness of our approach providing an average length of 101 characters needed to embed a 64bit password based watermark.
* **Facial Identification**<a name="facial"></a>
* [Achie­ving an­ony­mi­ty against major face re­co­gni­ti­on al­go­rith­ms - Be­ne­dikt Dries­sen, Mar­kus Dür­muth](http://www.mobsec.rub.de/forschung/veroeffentlichungen/driessen-13-face-rec/)
* [IBM Used NYPD Surveillance Footage to Develop Technology That Lets Police Search by Skin Color](https://theintercept.com/2018/09/06/nypd-surveillance-camera-skin-tone-search/)
* **Informative/Educational**<a name="informative"></a>
* [Bugger - Adam Curtis](http://www.bbc.co.uk/blogs/adamcurtis/entries/3662a707-0af9-3149-963f-47bea720b460)
* Maybe the real state secret is that spies aren't very good at their jobs and don't know much about the world
* [Detect Tor Exit doing sniffing by passively detecting unique DNS query (via HTML & PCAP parsing/viewing)](https://github.com/NullHypothesis/exitmap/issues/37)
* [Dutch-Russian cyber crime case reveals how police tap the internet - ElectroSpaces](http://electrospaces.blogspot.de/2017/06/dutch-russian-cyber-crime-case-reveals.html?m=1)
* [An Underground education](https://www.slideshare.net/grugq/underground-education-21151795)
* [How to Spot a Spook](https://cryptome.org/dirty-work/spot-spook.htm)
* **Journalism/Media Publishing**<a name="media"></a>
* [Information Security For Journalist book - Centre for Investigative Journalism](http://files.gendo.nl/Books/InfoSec_for_Journalists_V1.1.pdf)
* [Protecting Your Sources When Releasing Sensitive Documents](https://source.opennews.org/articles/how-protect-your-sources-when-releasing-sensitive-/)
* **Network Obfuscation**<a name="obfuscation"></a>
* [HORNET: High-speed Onion Routing at the Network Layer](http://arxiv.org/pdf/1507.05724v1.pdf)
* [Decoy Routing: Toward Unblockable Internet Communication](https://www.usenix.org/legacy/events/foci11/tech/final_files/Karlin.pdf)
* We present decoy routing, a mechanism capable of circumventing common network filtering strategies. Unlike other circumvention techniques, decoy routing does not require a client to connect to a specific IP address (which is easily blocked) in order to provide circumvention. We show that if it is possible for a client to connect to any unblocked host/service, then decoy routing could be used to connect them to a blocked destination without coop- eration from the host. This is accomplished by placing the circumvention service in the network itself – where a single device could proxy traffic between a significant fraction of hosts – instead of at the edge.
* [obfs4 (The obfourscator)](https://gitweb.torproject.org/pluggable-transports/obfs4.git/tree/doc/obfs4-spec.txt)
* This is a protocol obfuscation layer for TCP protocols. Its purpose is to keep a third party from telling what protocol is in use based on message contents. Unlike obfs3, obfs4 attempts to provide authentication and data integrity, though it is still designed primarily around providing a layer of obfuscation for an existing authenticated protocol like SSH or TLS.
* [obfs3 (The Threebfuscator)](https://gitweb.torproject.org/pluggable-transports/obfsproxy.git/tree/doc/obfs3/obfs3-protocol-spec.txt)
* This is a protocol obfuscation layer for TCP protocols. Its purpose is to keep a third party from telling what protocol is in use based on message contents. Like obfs2, it does not provide authentication or data integrity. It does not hide data lengths. It is more suitable for providing a layer of obfuscation for an existing authenticated protocol, like SSH or TLS.
* **Online Influence Methods**
* [The Art of Deception: Training for a New Generation of Online Covert Operations](https://theintercept.com/document/2014/02/24/art-deception-training-new-generation-online-covert-operations/)
* [How Covert Agents Infiltrate the Internet to Manipulate, Deceive, and Destroy Reputations - TheIntercept](https://theintercept.com/2014/02/24/jtrig-manipulation/)
* **OPSEC(Specifically)**<a name="opsec"></a>
* [Operational Security and the Real World - The Grugq](https://medium.com/@thegrugq/operational-security-and-the-real-world-3c07e7eeb2e8)
* [CIA Vault7 Development Tradecraft DOs and DON'Ts](https://wikileaks.org/ciav7p1/cms/page_14587109.html)
* [Campaign Information Security In Theory and Practice](https://medium.com/@thegrugq/campaign-information-security-ff6ac49966e1)
* [Reminder: Oh, Won't You Please Shut Up? - USA](https://www.popehat.com/2011/12/01/reminder-oh-wont-you-please-shut-up/)
* [Underground Tradecraft Rules of Clandestine Operation](https://grugq.tumblr.com/post/60463307186/rules-of-clandestine-operation)
* [I know places we can hide Opsec tips from Taylor Swift](https://medium.com/@flamsmark/i-know-places-we-can-hide-3a84b1f79963)
* [Operational Security and the Real World - The Grugq](https://medium.com/@thegrugq/operational-security-and-the-real-world-3c07e7eeb2e8)
* [Managing Pseudonyms with Compartmentalization: Identity Management of Personas](https://www.alienvault.com/blogs/security-essentials/managing-pseudonyms-with-compartmentalization-identity-management-of-personas)
* [Because Jail is for WUFTPD - Legendary talk, a must watch.](https://www.youtube.com/watch?v=9XaYdCdwiWU)
* [OPSEC In the Age of The Egotistical Giraffe](https://conference.hitb.org/hitbsecconf2014kul/materials/D1T1%20-%20The%20Grugq%20-%20OPSEC%20in%20the%20Age%20of%20Egotistical%20Giraffe.pdf)
* [OPSEC Concerns in Using Crypto](https://www.slideshare.net/JohnCABambenek/defcon-crypto-village-opsec-concerns-in-using-crypto)
* [You're Leaking Trade Secrets - Defcon22 Michael Schrenk](https://www.youtube.com/watch?v=JTd5TL6_zgY)
* Networks don't need to be hacked for information to be compromised. This is particularly true for organizations that are trying to keep trade secrets. While we hear a lot about personal privacy, little is said in regard to organizational privacy. Organizations, in fact, leak information at a much greater rate than individuals, and usually do so with little fanfare. There are greater consequences for organizations when information is leaked because the secrets often fall into the hands of competitors. This talk uses a variety of real world examples to show how trade secrets are leaked online, and how organizational privacy is compromised by seemingly innocent use of The Internet.
* [The Need for Identity Management - alienvault](https://www.alienvault.com/blogs/security-essentials/managing-pseudonyms-with-compartmentalization-identity-management-of-personas)
* **Reference/Resources**<a name="ref"></a>
* [The Paranoid's Bible: An anti-dox effort.](https://paranoidsbible.tumblr.com/)
* [Debian-Privacy-Server-Guide](https://github.com/drduh/Debian-Privacy-Server-Guide)
* This is a step-by-step guide to configuring and managing a domain, remote server and hosted services, such as VPN, a private and obfuscated Tor bridge, and encrypted chat, using the Debian GNU/Linux operating system and other free software.
* [Anonymous’s Guide to OpSec](http://www.covert.io/research-papers/security/Anonymous%20Hacking%20Group%20--%20OpNewblood-Super-Secret-Security-Handbook.pdf)
* **WiFi**<a name="wifi"></a>
* [Wifi Tracking: Collecting the (probe) Breadcrumbs - David Switzer](https://www.youtube.com/watch?v=HzQHWUM8cNo)
* Wifi probes have provided giggles via Karma and Wifi Pineapples for years, but is there more fun to be had? Like going from sitting next to someone on a bus, to knowing where they live and hang out? Why try to MITM someone’s wireless device in an enterprise environment where they may notice — when getting them at their favorite burger joint is much easier. In this talk we will review ways of collecting and analyzing probes. We’ll use the resulting data to figure out where people live, their daily habits, and discuss uses (some nice, some not so nice) for this information. We’ll also dicuss how to make yourself a little less easy to track using these methods. Stingrays are price prohibitive, but for just tracking people’s movements.. this is cheap and easy.
* **Tool Configuration**
* [How to stop Firefox from making automatic connections](https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections)
* **Tor**<a name="tor"></a>
* **101**
* [Tor - Wikipedia](https://en.wikipedia.org/wiki/Tor_(anonymity_network))
* [Onion Routing](https://www.onion-router.net/History.html)
* [Tor Project Overview](https://www.torproject.org/about/overview.html.en)
* [Tor Official FAQ](https://www.torproject.org/docs/faq.html.en)
* [Tor Official Documentation](https://www.torproject.org/docs/documentation.html.en)
* [Tor Wiki](https://trac.torproject.org/projects/tor/wiki)
* **Articles/Blogposts/Writeups**
* [Trawling Tor Hidden Service – Mapping the DHT](https://donncha.is/2013/05/trawling-tor-hidden-services/)
* [How Tor Users Got Caught by Government Agencies](http://se.azinstall.net/2015/11/how-tor-users-got-caught.html)
* **Talks/Presentations/Videos**
* [How Tor Users Got Caught - Defcon 22](https://www.youtube.com/watch?v=7G1LjQSYM5Q)
* [Part 2](https://www.youtube.com/watch?v=TQ2bk9kMneI)
* [Deep Dive Into Tor Onion Services - David Goulet](https://www.youtube.com/watch?v=AkoyCLAXVsc)
* **Tools**
* [Nipe](https://github.com/GouveaHeitor/nipe)
* Nipe is a script to make Tor Network your default gateway.
* [P.O.R.T.A.L.](https://github.com/grugq/portal)
* PORTAL is a project that aims to keep people out of jail. It is a dedicated hardware device (a router) which forces all internet traffic to be sent over the Tor network. This significantly increases the odds of using Tor effectively, and reduces the potential to make fatal mistakes.
* [PORTAL of Pi](https://github.com/grugq/PORTALofPi)
* This will guide you through configuring an Arch based RaspberryPi installation which transparently forwards all TCP traffic over the Tor network. There is also a Tor SOCKS proxy for explicitly interacting with the Tor network, either for more security, or to access a Hidden Service.
* [Nipe](https://github.com/GouveaHeitor/nipe)
* Nipe is a script to make Tor Network your default gateway.
* **Papers**
* [SkypeMorph: Protocol Obfuscation for Tor Bridges](https://www.cypherpunks.ca/~iang/pubs/skypemorph-ccs.pdf)
* The Tor network is designed to provide users with low- latency anonymous communications. Tor clients build circuits with publicly listed relays to anonymously reach their destinations. However, since the relays are publicly listed, they can be easily blocked by censoring adversaries. Consequently, the Tor project envisioned the possibility of unlisted entry points to the Tor network, commonly known as bridges. We address the issue of preventing censors from detecting the bridges by observing the communications between them and nodes in their network. We propose a model in which the client obfuscates its messages to the bridge in a widely used protocol over the Inter- net. We investigate using Skype video calls as our target protocol and our goal is to make it difficult for the censor- ing adversary to distinguish between the obfuscated bridge connections and actual Skype calls using statistical compar- isons. We have implemented our model as a proof-of-concept pluggable transport for Tor, which is available under an open-source licence. Using this implementation we observed the obfuscated bridge communications and compared it with those of Skype calls and presented the results.
* [StegoTorus: A Camouflage Proxy for the Tor Anonymity System](https://research.owlfolio.org/pubs/2012-stegotorus.pdf)
* Internet censorship by governments is an increasingly common practice worldwide. Internet users and censors are locked in an arms race: as users find ways to evade censorship schemes, the censors develop countermeasures for the evasion tactics. One of the most popular and effective circumvention tools, Tor, must regularly adjust its network traffic signature to remain usable. We present StegoTorus, a tool that comprehensively disguises Tor from protocol analysis. To foil analysis of packet contents, Tor’s traffic is steganographed to resemble an innocuous cover protocol, such as HTTP. To foil analysis at the transport level, the Tor circuit is distributed over many shorter-lived connections with per-packet characteristics that mimic cover-protocol traffic. Our evaluation demonstrates that StegoTorus improves the resilience of Tor to fingerprinting attacks and delivers usable performance.
* [Spoiled Onions](https://www.cs.kau.se/philwint/spoiled_onions/)
* In this research project, we were monitoring all exit relays for several months in order to expose, document, and thwart malicious or misconfigured relays. In particular, we monitor exit relays with two scanners we developed specifically for that purpose: exitmap and HoneyConnector. Since September 2013, we discovered 65 malicious or misconfigured exit relays which are listed in Table 1 and Table 2 in our research paper. These exit relays engaged in various attacks such as SSH and HTTPS MitM, HTML injection, SSL stripping, and traffic sniffing. We also found exit relays which were unintentionally interfering with network traffic because they were subject to DNS censorship.
* **Travel**<a name="travel"></a>
* [China travel laptop setup](https://mricon.com/i/travel-laptop-setup.html?t=1&cn=ZmxleGlibGVfcmVjcw%3D%3D&iid=88d246896d384d5292f51df954a2c8ba&uid=150127534&nid=244+272699400)
* **Misc/Unsorted**
* [Cat Videos and the Death of Clear Text](https://citizenlab.org/2014/08/cat-video-and-the-death-of-clear-text/)
* [You Are Being Tracked: How License Plate Readers Are Being Used to Record Americans' Movements - ACLU](https://www.aclu.org/other/you-are-being-tracked-how-license-plate-readers-are-being-used-record-americans-movements?redirect=technology-and-liberty/you-are-being-tracked-how-license-plate-readers-are-being-used-record)
* [A Technical Description of Psiphon](https://psiphon.ca/en/blog/psiphon-a-technical-description)
* **Papers**
* [Deep-Spying: Spying using Smartwatch and Deep Learning - Tony Beltramelli](https://arxiv.org/pdf/1512.05616v1.pdf)
* **Miscellaneous Tools**<a name="tools-misc"></a>
* [FakeNameGenerator](http://www.fakenamegenerator.com/)
* [MAT: Metadata Anonymisation Toolkit](https://mat.boum.org/)
* MAT is a toolbox composed of a GUI application, a CLI application and a library.
* [fteproxy](https://fteproxy.org/about)
* fteproxy is fast, free, open source, and cross platform. It has been shown to circumvent network monitoring software such as bro, YAF, nProbe, l7-filter, and appid, as well as closed-source commercial DPI systems
* [Streisand](https://github.com/jlund/streisand)
* Streisand sets up a new server running L2TP/IPsec, OpenSSH, OpenVPN, Shadowsocks, sslh, Stunnel, and a Tor bridge. It also generates custom configuration instructions for all of these services. At the end of the run you are given an HTML file with instructions that can be shared with friends, family members, and fellow activists.
* [exitmap](https://github.com/NullHypothesis/exitmap)
* Exitmap is a fast and modular Python-based scanner for Tor exit relays. Exitmap modules implement tasks that are run over (a subset of) all exit relays. If you have a background in functional programming, think of exitmap as a map() interface for Tor exit relays. Modules can perform any TCP-based networking task; fetching a web page, uploading a file, connecting to an SSH server, or joining an IRC channel.
* [OnionCat - an Anonymous VPN adapter](https://www.onioncat.org/about-onioncat/)
* [howmanypeoplearearound](https://github.com/schollz/howmanypeoplearearound)
* Count the number of people around you 👨‍👨‍👦 by monitoring wifi signals 📡
* [Decentraleyes](https://addons.mozilla.org/en-US/firefox/addon/decentraleyes/)
* Protects you against tracking through "free", centralized, content delivery. It prevents a lot of requests from reaching networks like Google Hosted Libraries, and serves local files to keep sites from breaking. Complements regular content blockers.
* [Decentraleyes - Github](https://github.com/Synzvato/decentraleyes)
* A web browser extension that emulates Content Delivery Networks to improve your online privacy. It intercepts traffic, finds supported resources locally, and injects them into the environment. All of this happens automatically, so no prior configuration is required.
* [Destroy-Windows-10-Spying](https://github.com/Nummer/Destroy-Windows-10-Spying)
* Destroy Windows Spying tool
* [meek](https://github.com/Yawning/meek)
* meek is a blocking-resistant pluggable transport for Tor. It encodes a data stream as a sequence of HTTPS requests and responses. Requests are reflected through a hard-to-block third-party web server in order to avoid talking directly to a Tor bridge. HTTPS encryption hides fingerprintable byte patterns in Tor traffic.sek
* [HTTPLeaks](https://github.com/cure53/HTTPLeaks)
* HTTPLeaks - All possible ways, a website can leak HTTP requests
* [haven](https://guardianproject.github.io/haven/)
* Android application that leverages on-device sensors to provide monitoring and protection of physical spaces.
--------------------------
## <a name="counter"></a>Counter Surveillance
* **Articles**
* **Writeups**<a name="cwriteup"></a>
* Detecting Surveillance - Spiderlabs blog
* [1 Hardware Implants](http://blog.spiderlabs.com/2014/03/detecting-surveillance-state-surveillance-part-1-hardware-impants.html)
* [2 Radio Frequency Exfiltration](http://blog.spiderlabs.com/2014/03/detecting-a-surveillance-state-part-2-radio-frequency-exfiltration.html)
* [3 Infected Firmware](http://blog.spiderlabs.com/2014/04/detecting-a-surveillance-state-part-3-infected-firmware.html)
* [A Simple Guide to TSCM Sweeps](http://www.international-intelligence.co.uk/tscm-sweep-guide.html)
* [Dutch-Russian cyber crime case reveals how police tap the internet - ElectroSpaces](http://electrospaces.blogspot.de/2017/06/dutch-russian-cyber-crime-case-reveals.html?m=1)
* **Presentations/Talks/Videos**<a name="cvideos"></a>
* [PISSED: Privacy In a Surveillance State Evading Detection - Joe Cicero - CYPHERCON11 ](https://www.youtube.com/watch?v=keA3WcKwZwA)
* [Fuck These Guys: Practical Countersurveillance Lisa Lorenzin - BsidesSF15](http://www.irongeek.com/i.php?page=videos/bsidessf2015/201-fck-these-guys-practical-countersurveillance-lisa-lorenzin)
* We've all seen the steady stream of revelations about the NSA's unconstitutional, illegal mass surveillance. Seems like there's a new transgression revealed every week! I'm getting outrage fatigue. So I decided to fight back... by looking for practical, realistic, everyday actions I can take to protect my privacy and civil liberties on the Internet, and sharing them with my friends. Join me in using encryption and privacy technology to resist eavesdropping and tracking, and to start to opt out of the bulk data collection that the NSA has unilaterally decided to secretly impose upon the world. Let's take back the Internet, one encrypted bit at a time.
* [Dr. Philip Polstra - Am I Being Spied On?](https://www.youtube.com/watch?v=Bc7WoDXhcjM)
* Talk on cheap/free counter measures
* [DNS May Be Hazardous to Your Health - Robert Stucke](https://www.youtube.com/watch?v=ZPbyDSvGasw)
* Great talk on attacking DNS
* [Blinding The Surveillance State - Christopher Soghoian - DEF CON 22](https://www.youtube.com/watch?v=pM8e0Dbzopk)
* [CounterStrike Lawful Interception](https://www.youtube.com/watch?v=7HXLaRWk1SM)
* This short talk will cover the standards, devices and implementation of a mandatory part of our western Internet infrastructure. The central question is whether an overarching interception functionality might actually put national Internet infrastructure at a higher risk of being attacked successfully. The question is approached in this talk from a purely technical point of view, looking at how LI functionality is implemented by a major vendor and what issues arise from that implementation. Routers and other devices may get hurt in the process.
* [Slides](http://phenoelit.org/stuff/CSLI.pdf)
* [Detecting and Defending Against a Surveillance State - Robert Rowley - DEF CON 22](https://www.youtube.com/watch?v=d5jqV06Yijw)
* [Retail Surveillance / Retail Countersurveillance 50 most unwanted retail surveillance technologies / 50 most wanted countersurveillance technologies](https://media.ccc.de/v/33c3-8238-retail_surveillance_retail_countersurveillance#video&t=1993)
* [Masquerade: How a Helpful Man-in-the-Middle Can Help You Evade Monitoring** - Defcon22](https://www.youtube.com/watch?v=_KyfJW2lHtk&spfreload=1)
* Sometimes, hiding the existence of a communication is as important as hiding the contents of that communication. While simple network tunneling such as Tor or a VPN can keep the contents of communications confidential, under active network monitoring or a restrictive IDS such tunnels are red flags which can subject the user to extreme scrutiny. Format-Transforming Encryption FTE can be used to tunnel traffic within otherwise innocuous protocols, keeping both the contents and existence of the sensitive traffic hidden. However, more advanced automated intrusion detection, or moderately sophisticated manual inspection, raise other red flags when a host reporting to be a laser printer starts browsing the web or opening IM sessions, or when a machine which appears to be a Mac laptop sends network traffic using Windows-specific network settings. We present Masquerade: a system which combines FTE and host OS profile selection to allow the user to emulate a user-selected operating system and application-set in network traffic and settings, evading both automated detection and frustrating after-the-fact analysis.
* [Slides](https://www.portalmasq.com/portal-defcon.pdf)
* [The NSA: Capabilities and Countermeasures** - Bruce Schneier - ShmooCon 2014](https://www.youtube.com/watch?v=D5JA8Ytk9EI)
* Edward Snowden has given us an unprecedented window into the NSA's surveillance activities. Drawing from both the Snowden documents and revelations from previous whistleblowers, I will describe the sorts of surveillance the NSA does and how it does it. The emphasis is on the technical capabilities of the NSA, not the politics of their actions. This includes how it conducts Internet surveillance on the backbone, but is primarily focused on their offensive capabilities: packet injection attacks from the Internet backbone, exploits against endpoint computers and implants to exfiltrate information, fingerprinting computers through cookies and other means, and so on. I will then talk about what sorts of countermeasures are likely to frustrate the NSA. Basically, these are techniques to raise the cost of wholesale surveillance in favor of targeted surveillance: encryption, target hardening, dispersal, and so on.
* [Wagging the Tail:Covert Passive Surveillance - Si, Agent X - DEF CON 26](https://www.youtube.com/watch?v=tYFOXeItRFM)
* This talk will focus on mobile and foot surveillance techniques used by surveillance teams. It will also include tips on identifying if you are under surveillance and how to make their life difficult.
* **Papers**<a name="cpapers"></a>
* [Ghostbuster: Detecting the Presence of Hidden Eavesdroppers](https://synrg.csl.illinois.edu/papers/ghostbuster-mobicom18.pdf)
* [Exploiting Lawful Intercept to Wiretap the Internet](https://www.blackhat.com/presentations/bh-dc-10/Cross_Tom/BlackHat-DC-2010-Cross-Attacking-LawfulI-Intercept-wp.pdf)
* This paper will review Cisco's architecture for lawful intercept from asecurity perspective. We explain how a number of different weaknesses in its design coupled with publicly disclosed security vulnerabilities could enable a malicious person to access the interface and spy on communications without leaving a trace. We then provide a set of recommendations for the redesign of the interface as well as SNMP authentication in general to better mitigate the security risks.
* [Protocol Misidentification Made Easy with Format-Transforming Encryption](https://kpdyer.com/publications/ccs2013-fte.pdf)
* Deep packet inspection (DPI) technologies provide much needed visibility and control of network traffic using port- independent protocol identification, where a network flow is labeled with its application-layer protocol based on packet contents. In this paper, we provide the first comprehensive evaluation of a large set of DPI systems from the point of view of protocol misidentification attacks, in which adver- saries on the network attempt to force the DPI to mislabel connections. Our approach uses a new cryptographic prim- itive called format-transforming encryption (FTE), which extends conventional symmetric encryption with the ability to transform the ciphertext into a format of our choosing. We design an FTE-based record layer that can encrypt arbitrary application-layer traffic, and we experimentally show that this forces misidentification for all of the evaluated DPI systems. This set includes a proprietary, enterprise-class DPI system used by large corporations and nation-states. We also show that using FTE as a proxy system incurs no latency overhead and as little as 16% bandwidth overhead compared to standard SSH tunnels. Finally, we integrate our FTE proxy into the Tor anonymity network and demon- strate that it evades real-world censorship by the Great Fire- wall of China
* [Protocol Misidentification Made Easy with Format-Transforming Encryption](https://eprint.iacr.org/2012/494.pdf)
* Deep packet inspection DPI technologies provide much- needed visibility and control of network traffic using port- independent protocol identification, where a network ow is labeled with its application-layer protocol based on packet contents. In this paper, we provide the most comprehensive evaluation of a large set of DPI systems from the point of view of protocol misidentification attacks, in which adver- saries on the network attempt to force the DPI to mislabel connections. Our approach uses a new cryptographic primitive called format-transforming encryption FTE, which extends conventional symmetric encryption with the ability to transform the ciphertext into a format of our choosing. We design an FTE-based record layer that can encrypt arbi- trary application-layer traffic, and we experimentally show that this forces misidentification for all of the evaluated DPI systems. This set includes a proprietary, enterprise-class DPI system used by large corporations and nation-states. We also show that using FTE as a proxy system incurs no latency overhead and as little as 16% bandwidth overhead compared to standard SSH tunnels. Finally, we integrate our FTE proxy into the Tor anonymity network and demonstrate that it evades real-world censorship by the Great Firewall of China.
* [Unblocking the Internet: Social networks foil censors](http://kscope.news.cs.nyu.edu/pub/TR-2008-918.pdf)
* Many countries and administrative domains exploit control over their communication infrastructure to censor online content. This paper presents the design, im plementation and evaluation of Kaleidoscope , a peer-to-peer system of relays that enables users within a censored domain to access blocked content. The main challenge facing Kaleidoscope is to resist the cens or’s efforts to block the circumvention system itself. Kaleidoscope achieves blocking-resilienc e using restricted service discovery that allows each user to discover a small set of unblocked relays while only exposing a small fraction of relays to the censor. To restrict service discovery, Kaleidoscope leverages a trust network where links reflects real-world social relationships among users and uses a limited advertisement protocol based on random routes to disseminate relay addresses along the trust netwo rk; the number of nodes reached by a relay advertisement should ideally be inversely proportional to the maximum fraction of infiltration and is independent of the network size. To increase service availa bility in large networks with few exit relay nodes, Kaleidoscope forwards the actual data traffic across multiple relay hops without risking exposure of exit relays. Using detailed analysis and simulations, we show that Kaleidoscope provides > 90% service availability even under substantial infiltration (close to 0.5% of edges) and when only 30% of the relay nodes are online. We have implemented and deployed our system on a small scale serving over 100,000 requests to 40 censored users (relatively small user base to realize Kaleidoscope’s anti-blocking guarantees) spread across different countries and administrative domains over a 6-month period
* [Chipping Away at Censorship Firewalls with User-Generated Content](https://www.usenix.org/legacy/event/sec10/tech/full_papers/Burnett.pdf)
* Oppressive regimes and even democratic governments restrict Internet access. Existing anti-censorship systems often require users to connect through proxies, but these systems are relatively easy for a censor to discover and block. This paper offers a possible next step in the cen- sorship arms race: rather than relying on a single system or set of proxies to circumvent censorship firewalls, we explore whether the vast deployment of sites that host user-generated content can breach these firewalls. To explore this possibility, we have developed Collage, which allows users to exchange messages through hidden chan- nels in sites that host user-generated content. Collage has two components: a message vector layer for embedding content in cover traffic; and a rendezvous mechanism to allow parties to publish and retrieve messages in the cover traffic. Collage uses user-generated content (e.g. , photo-sharing sites) as “drop sites” for hidden messages. To send a message, a user embeds it into cover traffic and posts the content on some site, where receivers retrieve this content using a sequence of tasks. Collage makes it difficult for a censor to monitor or block these messages by exploiting the sheer number of sites where users can exchange messages and the variety of ways that a mes- sage can be hidden. Our evaluation of Collage shows that the performance overhead is acceptable for sending small messages (e.g., Web articles, email). We show how Collage can be used to build two applications: a direct messaging application, and a Web content delivery system
* [Cirripede: Circumvention Infrastructure using Router Redirection with Plausible Deniability](http://hatswitch.org/~nikita/papers/cirripede-ccs11.pdf)
* Many users face surveillance of their Internet communications and a significant fraction suffer from outright blocking of certain destinations. Anonymous communication systems allow users to conceal the destinations they communicate with, but do not hide the fact that the users are using them. The mere use of such systems may invite suspicion, or access to them may be blocked. We therefore propose Cirripede, a system that can be used for unobservable communication with Internet destinations. Cirripede is designed to be deployed by ISPs; it intercepts connections from clients to innocent-looking desti- nations and redirects them to the true destination requested by the client. The communication is encoded in a way that is indistinguishable from normal communications to anyone without the master secret key, while public-key cryptogra- phy is used to eliminate the need for any secret information that must be shared with Cirripede users. Cirripede is designed to work scalably with routers that handle large volumes of traffic while imposing minimal over- head on ISPs and not disrupting existing traffic. This allows Cirripede proxies to be strategically deployed at central lo- cations, making access to Cirripede very difficult to block. We built a proof-of-concept implementation of Cirripede and performed a testbed evaluation of its performance proper- ties
* [TapDance: End-to-Middle Anticensorship without Flow Blocking](https://jhalderm.com/pub/papers/tapdance-sec14.pdf)
* In response to increasingly sophisticated state-sponsored Internet censorship, recent work has proposed a new ap- proach to censorship resistance: end-to-middle proxying. This concept, developed in systems such as Telex, Decoy Routing, and Cirripede, moves anticensorship technology into the core of the network, at large ISPs outside the censoring country. In this paper, we focus on two technical obstacles to the deployment of certain end-to-middle schemes: the need to selectively block flows and the need to observe both directions of a connection. We propose a new construction, TapDance, that removes these require- ments. TapDance employs a novel TCP-level technique that allows the anticensorship station at an ISP to function as a passive network tap, without an inline blocking com- ponent. We also apply a novel steganographic encoding to embed control messages in TLS ciphertext, allowing us to operate on HTTPS connections even under asymmetric routing. We implement and evaluate a TapDance proto- type that demonstrates how the system could function with minimal impact on an ISP’s network operations.
* [Of Moles and Molehunters: A Review of Counterintelligence Literature, 1977-92](https://www.cia.gov/library/center-for-the-study-of-intelligence/csi-publications/books-and-monographs/U-Oct%20%201993-%20Of%20Moles%20-%20Molehunters%20-%20A%20Review%20of%20Counterintelligence%20Literature-%201977-92%20-v2.pdf)
* [Ghostbuster: Detecting the Presence of Hidden Eavesdroppers]()https://synrg.csl.illinois.edu/papers/ghostbuster-mobicom18.pdf)]
* **Misc**
* [Laser Surveillance Defeater - Shomer-Tec](https://www.shomer-tec.com/laser-surveillance-defeater.html)
--------------------------
### <a name="emissions"></a> Emissions Security
* **101**
* **Articles/Blogposts/Writeups**
* **Presentations/Talks/Videos**
* **Papers**
* [Com­pro­mi­sing Re­flec­tions - or - How to Read LCD Mo­ni­tors Around the Cor­ner- Micha­el Ba­ckes, Mar­kus Dür­muth, Do­mi­ni­que Unruh](https://kodu.ut.ee/~unruh/publications/reflections.pdf)
* We present a novel eavesdropping technique for spying at a distance on data that is displayed on an arbitrary computer screen, including the currently prevalent LCD monitors. Our technique exploits reflections of the screen’s optical emanations in various objects that one commonly finds in close proximity to the screen and uses those reflections to recover the original screen content. Such objects include eyeglasses, tea pots, spoons, plastic bottles, and even the eye of the user. We have demonstrated that this attack can be successfully mounted to spy on even small fonts using inexpensive, off-the-shelf equipment (less than 1500 dollars) from a distance of up to 10 meters. Relying on more expensive equipment allowed us to conduct this attack from over 30 meters away, demonstrating that similar at- tacks are feasible from the other side of the street or from a close-by building. We additionally establish theoretical limitations of the attack; these limitations may help to estimate the risk that this attack can be successfully mounted in a given environment.
* [Acoustic Side-Channel Attacks on Printers -Michael Backes,Markus Drmuth,Sebastian Gerling,Manfred Pinkal,Caroline Sporleder](http://www.usenix.net/legacy/events/sec10/tech/full_papers/Backes.pdf)
* We examine the problem of acoustic emanations of printers. We present a novel attack that recovers what a dot- matrix printer processing English text is printing based on a record of the sound it makes, if the microphone is close enough to the printer. In our experiments, the attack recovers up to 72% of printed words, and up to 95% if we assume contextual knowledge about the text, with a microphone at a distance of 10 cm from the printer. After an upfront training phase, the attack is fully automated and uses a combination of machine learning, audio processing, and speech recognition techniques, including spectrum features, Hidden Markov Models and linear classification; moreover, it allows for feedback-based incremental learning. We evaluate the effectiveness of countermeasures, and we describe how we successfully mounted the attack in-field (with appropriate privacy protections) in a doctor’s practice to recover the content of medical prescriptions.
* [Tempest in a Teapot: Compromising Reflections Revisited](http://www.mia.uni-saarland.de/Publications/backes-sp09.pdf)
* Reflecting objects such as tea pots and glasses, but also diffusely reflecting objects such as a user’s shirt, can be used to spy on confidential data displayed on a monitor. First, we show how reflections in the user’s eye can be exploited for spying on confidential data. Second, we investigate to what extent monitor images can be reconstructed from the diffuse reflections on a wall or the user’s clothes, and provide information- theoretic bounds limiting this type of attack. Third, we evaluate the effectiveness of several countermeasures
* [GSMem: Data Exfiltration from Air-Gapped Computers over GSM Frequencies - usenix conference](https://www.usenix.org/system/files/conference/usenixsecurity15/sec15-paper-guri-update.pdf)
* **Tools**
* **Miscellaneous**
-------------------------
### <a name="modern"></a> Modern Surveillance
* **Vendors**
* [buggedplanet.info](https://buggedplanet.info/index.php?title=Main_Page)
* **Articles**
* [Understanding & Improving Privacy "Audits" under FTC Orders](https://cyberlaw.stanford.edu/blog/2018/04/understanding-improving-privacy-audits-under-ftc-orders)
* This new white paper, entitled “Understanding and Improving Privacy ‘Audits’ under FTC Orders,” carefully parses the third-party audits that Google and Facebook are required to conduct under their 2012 Federal Trade Commission consent orders. Using only publicly available documents, the article contrasts the FTC’s high expectations for the audits with what the FTC actually received (as released to the public in redacted form). These audits, as a practical matter, are often the only “tooth” in FTC orders to protect consumer privacy. They are critically important to accomplishing the agency’s privacy mission. As such, a failure to attend to their robust enforcement can have unintended consequences, and arguably, provide consumers with a false sense of security. The paper shows how the audits are not actually audits as commonly understood. Instead, because the FTC order language only requires third-party “assessments,” the companies submit reports that are termed “attestations.” Attestations fundamentally rely on a few vague privacy program aspects that are self-selected by the companies themselves. While the FTC could reject attestation-type assessments, the agency could also insist the companies bolster certain characteristics of the attestation assessments to make them more effective and replicate audit attributes. For example, the FTC could require a broader and deeper scope for the assessments. The agency could also require that assessors evaluate Fair Information Practices, data flows, notice/consent effectiveness, all company privacy assurances, and known order violations.
* **China**<a name="china"></a>
* [ China's Xinjiang Region A Surveillance State Unlike Any the World Has Ever Seen - Spiegel.de](http://www.spiegel.de/international/world/china-s-xinjiang-province-a-surveillance-state-unlike-any-the-world-has-ever-seen-a-1220174.html)
* [China's 5 Steps for Recruiting Spies - Wired](https://www.wired.com/story/china-spy-recruitment-us/)
* **France**
* **Germany**
* **United States**<a name="usa"></a>
* **Japan**
* [The Untold Story of Japan’s Secret Spy Agency - TheIntercept](https://theintercept.com/2018/05/19/japan-dfs-surveillance-agency/)
* **License Plate Tracking**
* [Private companies know where you've been, thanks to license plate cameras - syracuse.com](https://www.syracuse.com/news/index.ssf/2015/01/private_companies_know_where_youve_been_thanks_to_license_plate_cameras.html)
* **Things**
* [RF-Capture](http://rfcapture.csail.mit.edu/)
* RF-Capture is a device that captures a human figure through walls and occlusions. It transmits wireless signals and reconstructs a human figure by analyzing the signals' reflections. RF-Capture does not require the person to wear any sensor, and its transmitted power is 10,000 times lower than that of a standard cell-phone.
* [Paper](http://rfcapture.csail.mit.edu/rfcapture-paper.pdf)
-----
### <a name="talks">General
* **General**
* [Russia Convention on International Information Security](http://cryptome.org/2014/05/ru-international-infosec.htm)
* [The Gentleperson’s Guide to Forum Spies](cryptome.org/2012/07/gent-forum-spies.htm)
* [A Digital World Full of Ghost Armies](http://www.cigtr.info/2015/02/a-digital-world-full-of-ghost-armies.html)
* **Articles/BlogPosts/Writeups**
* [25 Rules of Disinformation](http://vigilantcitizen.com/latestnews/the-25-rules-of-disinformation/)
* [8 Traits of the Disinformationalist](https://calloutjoe.wordpress.com/psyop/eight-traits-of-the-disinformationalist/)
* [Attribution As A Weapon & Marketing Tool: Hubris In INFOSEC & NATSEC](https://krypt3ia.wordpress.com/2014/12/30/attribution-as-a-weapon-marketing-tool-hubris-in-infosec-natsec/)
* [Disinformation of Charlie Hebdo and The Fake BBC Website](http://thetrendythings.com/read/18256)
* [Counterintelligence, False Flags, Disinformation, and Network Defense - krypt3ia](https://krypt3ia.wordpress.com/2012/10/17/counterintelligence-false-flags-disinformation-and-network-defense/)
* [PsyOps and Socialbots](http://resources.infosecinstitute.com/psyops-and-socialbots/)
* [IRA Code Words Spell Real Threat](https://articles.latimes.com/1997-04-19/news/mn-50393_1_code-words)
* [‘A man who’s seen society's black underbelly’ Meduza meets ‘Anonymous International’](https://meduza.io/en/feature/2015/02/02/a-man-who-s-seen-society-s-black-underbelly)
* [Down the Memory Hole: NYT Erases CIA’s Efforts to Overthrow Syria’s Government](https://web.archive.org/web/20150921054800id_/http://fair.org/home/down-the-memory-hole-nyt-erases-cias-efforts-to-overthrow-syrias-government/)
* **Talks**
* [Governments and UFOs: A Historical Analysis of Disinformation and Deception - Richard Thieme](http://www.irongeek.com/i.php?page=videos/bsideslasvegas2013/1-2-7-governments-and-ufos-a-historical-analysis-of-disinformation-and-deception-richard-thieme)
* [[TROOPERS15] Azhar Desai, Marco Slaviero - Weapons of Mass Distraction](https://www.youtube.com/watch?v=jdaPJLJCK1M)

+ 139
- 0
Draft/Career.md View File

@ -0,0 +1,139 @@
# Career/Job Related Stuff
## Table of Contents
- [Career Information](#career-info)
- [Careers in Information Security](#infosec-careers)
- [Choosing a Job/Looking for Work](#looking)
- [Compensation & Equity](#comp)
- [Independent Work](#Independent)
- [Interview Preparation](#interview)
- [General Information](#general)
- [Management](#mgmt)
- [Mental Health](#mentalh)
- [Non-Technical Skills](#non-tech)
- [Performance Review](#perf-review)
- [Resume](#resume)
- [Taking Tests](#testing)
------------------------------------------------------
### Career Information<a name="career-info"></a>
* [‘Thought Leader’ gives talk that will inspire your thoughts | CBC Radio (Comedy/Satire Skit)](https://www.youtube.com/watch?v=_ZBKX-6Gz6A)
* Self proclaimed “thought leader,” Pat Kelly gives his talk on “thought leadership” at the annual This Is That Talks in Whistler, B.C. In the seminar, Kelly covers: How to talk with your hands, how to get a standing ovation, and how to inspire people by saying nothing at all.
* [Why are large companies so difficult to rescue (regarding bad internal technology) - Lawrence Krubner](http://www.smashcompany.com/business/why-are-large-companies-so-difficult-to-rescue-regarding-bad-internal-technology)
* **Business**
* [Servant leadership - Wikipedia](https://en.wikipedia.org/wiki/Servant_leadership)
* [When Everything That Counts Can’t Be Counted - Joshua M. Brown](https://thereformedbroker.com/2019/06/13/when-everything-that-counts-cant-be-counted/)
* [The Trillion-Dollar Vision of Dee Hock - Mitchell Waldrop(FastCompany)](https://www.fastcompany.com/27333/trillion-dollar-vision-dee-hock)
* **Careers in Information Security**<a name="infosec-careers"></a>
* [NICE Cybersecurity Workforce Framework - NICCS.us-cert.gov](https://niccs.us-cert.gov/workforce-development/cyber-security-workforce-framework)
* **Educational/Informational**
* [Navigating Career Choices in InfoSec - Fernando Montenegro - BSides Detroit2017](https://www.youtube.com/watch?v=yM2xCjrQSY4)
* Making career choices can be intimidating and stressful. Perhaps this presentation can help. The tidal forces affecting technology impact our careers as well. If we're not actively managing them, we're leaving decisions to chance (or to others), and may not like the outcomes. This presentation describes a framework I've used over the past few years to evaluate both ongoing job satisfaction as well as new opportunities as they appear. I'm happy with the outcomes I've obtained with it, and have used this same framework when providing advice to others, and it has been well received. Hopefully it can help others as well.
* [Infosec Tools of the Trade: Getting Your Hands Dirty](http://www.irongeek.com/i.php?page=videos/bsidesnashville2017/bsides-nashville-2017-green00-infosec-tools-of-the-trade-getting-your-hands-dirty-jason-smith-and-tara-wink)
* In this presentation we'll will be going over introductions to the various focuses in information security and demoing the most common tools that are used in operational security, both offense and defense. You'll leave with an idea on how to freely obtain and use these tools so that you can have what you need for that first interview: experience and a passion for security. This is a green talk for people who don't have a clue on what offensive and defensive people do operationally, from a tool perspective.
* [So You Want To Be A H6x0r Getting Started in Cybersecurity Doug White and Russ Beauchemin ](https://www.youtube.com/watch?v=rRJKghTTics)
* [How to Get Any Job You Want (even if you’re unqualified) - Raghav Haran](https://medium.com/the-mission/how-to-get-any-job-you-want-even-if-you-re-unqualified-6f49a65f5491)
* **Interview Preparation**
* [How to prepare for an infosec interview - Timothy DeBlock](http://www.timothydeblock.com/eis/135)
* **Relevant Standards**
* [NICE Cybersecurity Workforce Framework](https://www.nist.gov/itl/applied-cybersecurity/national-initiative-cybersecurity-education-nice/nice-cybersecurity)
* The NICE Framework, NIST Special Publication 800-181, establishes taxonomy and common lexicon that is to be used to describe all cybersecurity work and workers irrespective of where or for whom the work is performed. The NICE Framework is intended to be applied in the public, private, and academic sectors. (USA Focused)
* **Data Scientist**
* [What Data Scientists Really Do, According to 35 Data Scientists - HBR](https://hbr.org/2018/08/what-data-scientists-really-do-according-to-35-data-scientists?mc_cid=f8f788d39e&mc_eid=f956a0c5ca)
* [How to Become a Data Scientist - On your own - Zeeshan Usmani](https://www.datasciencecentral.com/profiles/blogs/how-to-become-a-data-scientist-for-free)
* **Penetration Tester**
* **Articles & Writeups**
* [How to become a pentester - Corelan](https://www.corelan.be/index.php/2015/10/13/how-to-become-a-pentester/)
* [Attacking Big Business](https://www.cyberis.co.uk/blog/attacking-big-business)
* [10 common mistakes aspiring/new pentesters make - PentesterLab](https://blog.pentesterlab.com/10-common-mistakes-aspiring-new-pentesters-make-b74a81e58934)
* [So You Want To Be a Pentester? - Jack Halon](https://jhalon.github.io/becoming-a-pentester/)
* [And THIS is Why Penetration Testing Sucks - Ronin Chang](https://www.linkedin.com/pulse/why-penetration-testing-sucks-ronin-chang/)
* [So You Want To Be a Pentester? - Jack Halon](https://jhalon.github.io/becoming-a-pentester/)
* [World's Worst Penetration Test Report - rant](https://it.toolbox.com/blogs/chiefmonkey/the-worlds-worst-penetration-test-report-by-scumbagpentester-012814)
* [Make It Count: Progressing through Pentesting - Bálint Varga-Perke -Silent Signal](https://silentsignal.hu/docs/Make_It_Count_-_Progressing_through_Pentesting_Balint_Varga-Perke_Silent_Signal.pdf)
* **Talks & Presentations**
* [So you think you want to be a penetration tester - Defcon24](https://www.youtube.com/watch?v=be7bvZkgFmY)
* So, you think you want to be a penetration tester, or you already are and don't understand what the difference between you and all the other "so called" penetration testers out there. Think you know the difference between a Red Team, Penetration Test and a Vulnerability assessment? Know how to write a report your clients will actually read and understand? Can you leverage the strengths of your team mates to get through tough roadblocks, migrate, pivot, pwn and pillage? No? well this talk is probably for you then! We will go through the fascinating, intense and often crazily boring on-site assessment process. Talk about planning and performing Red Teams, how they are different, and why they can be super effective and have some fun along the way. I'll tell you stories that will melt your face, brain and everything in between. Give you the answers to all of your questions you never knew you had, and probably make you question your life choices. By the end of this session you will be ready to take your next steps into the job you've always wanted, or know deep inside that you should probably look for something else. There will be no judgment or shame, only information, laughter and fun.
* [So you want to be a pentester? - Hans-Michael Varbaek](https://speakerdeck.com/varbaek/so-you-want-to-be-a-pentester?slide=104)
* This presentation gives the viewer an idea of what it is to be a pentester full-time, what a pentester typically works with, how to learn ethical hacking, and improving your chances of getting a full-time job.
* [Certification? College?: How do you get into Cybersec really? - Doug White(WWHF2018)](https://www.youtube.com/watch?v=eljymhtIsDs)
* Doug White talks about College options, Certifications, and what you need to do to break into the Cybersec field. How to start and move your career if you want to make a living, legally.
* [Hold my Red Bull Undergraduate Red Teaming Jonathan Gaines](https://www.youtube.com/watch?v=9vgpqRzuvLk)
* **Reverse Engineering**
* [Reversing w/o reversing – how to become Alex in practice - hexacorn](http://www.hexacorn.com/blog/2019/04/11/reversing-w-o-reversing-how-to-become-alex-in-practice/)
* **Security Analyst**
* [Security Analyst Workshop - Florian Roth(2019/3)](https://www.slideshare.net/FlorianRoth2/security-analyst-workshop-20190314)
* **Choosing a Job/Looking for Work**<a name="looking"></a>
* [How to Get Any Job You Want (even if you’re unqualified) - Raghav Haran](https://www.huffpost.com/entry/how-to-get-any-job-you-want-even-if-youre-unqualified_b_5850fb7ee4b0b662c2fddeea)
* [80+ Back Doors Into Cyber Careers - keirstenbrager](https://keirstenbrager.tech/80-back-doors-into-cyber-careers/)
* [Common Sense Career Transitions - Celeste Thayer[DC206]](https://www.youtube.com/watch?v=tIb1776SoC8&feature=share)
* Have you considered a tech career that was "above your pay grade"? What about a dream gig that you have few or - gasp - none of the basic qualifications for? Celeste will give you a few tips on how to identify skill gaps, then learn, network, and otherwise wrangle yourself into a job you wanted but never thought you could apply for, and have a better chance to pass the resume review stage.
* [There Is No Shortage of Talent - There's a Shortage of Suckers - ResumeSkills.us](https://resumeskills.us/talent/shortage)
* [Pushing Left, Like a Boss: Part 1 - SheHacksPurple](https://code.likeagirl.io/pushing-left-like-a-boss-part-1-80f1f007da95)
* [The Secret Rules For Getting Hired - Terence Eden](https://shkspr.mobi/blog/2019/04/the-secret-rules-for-getting-hired/)
* [How To Land A Job In Infosec](https://www.secjuice.com/getting-a-job-in-infosec/)
* **Startups**
* [20 Questions To Ask Before Joining A Startup - Harrison Harnisch](https://hharnisc.github.io/2018/11/25/twenty-questions-to-ask-before-joining-a-startup.html)
* [How to Choose a Startup to Work For by Thinking Like An Investor - Harj Taggar(TripleByte)](https://triplebyte.com/blog/how-to-choose-a-startup-to-work-for)
* **Compensation/Equity**<a name="comp"></a>
* [The Holloway Guide to Equity Compensation](https://www.holloway.com/g/equity-compensation)
* Stock options, RSUs, job offers, and taxes—a detailed reference, including hundreds of resources, explained from the ground up and made to be improved over time.
* [Salary strategies everyone in tech already knows — but you don't - Candor](https://teamcandor.com/salary/guide/)
* [H1B Salary Database - h1bdata.info](https://h1bdata.info/index.php)
* **General**<a name="general"></a>
* [Mozilla Enterprise Information Security](https://infosec.mozilla.org/)
* [Rating Infosec Relevant Masters Programs - netsecfocus](https://netsecfocus.com/training/development/certifications/2017/03/08/rating_infosec_masters.html)
* [Career advice I wish I’d been given when I was young - 8000 Hours](https://80000hours.org/2019/04/career-advice-i-wish-id-been-given-when-i-was-young/)
* [In Nobel Prize lecture, lessons for managing employee incentives - Kara Baskin(MIT Sloan)](https://mitsloan.mit.edu/ideas-made-to-matter/nobel-prize-lecture-lessons-managing-employee-incentives)
* **Hiring**
* [F*** You, I Quit — Hiring Is Broken - Sahat Yalkabov](https://medium.com/@evnowandforever/f-you-i-quit-hiring-is-broken-bb8f3a48d324)
* [Hiring is Broken And Yours Is Too - RajivPrab.com](https://software.rajivprab.com/2019/07/27/hiring-is-broken-and-yours-is-too/amp/)
* **Independent Business**<a name="Independent"></a>
* [Why You Should Charge Clients More Than You Think You’re Worth - Dorie Clark(HBR)](https://hbr.org/2017/10/why-you-should-charge-clients-more-than-you-think-youre-worth)
* [How to Write a Statement of Work - Mary K Pratt](https://www.computerworld.com/article/2555324/how-to-write-a-statement-of-work.html)
* **Interview Prep**<a name="interview"></a>
* [offensiveinterview - WebBreacher](https://github.com/WebBreacher/offensiveinterview)
* Interview questions to screen offensive (red team/pentest) candidates
* [The Hidden Flaw In Behavioral Interview Questions - Mark Murphy](https://www.forbes.com/sites/markmurphy/2014/12/03/the-hidden-flaw-in-behavioral-interview-questions)
* [test-your-admin-skills](https://github.com/trimstray/test-your-sysadmin-skills)
* A collection of \*nix Sysadmin Test Questions with Answers for Interview/Exam (2018 Edition).
* [Linux System Administrator/DevOps Interview Questions - chassing](https://github.com/chassing/linux-sysadmin-interview-questions/blob/master/README.md)
* **Management Skills**<a name="mgmt"></a>
* [Managers - rework.withgoogle.com](https://rework.withgoogle.com/subjects/managers/)
* **Mental Health**<a name="mentalh"></a>
* **Burnout**
* [13 Surprising Signs of Burnout You May Be Missing - thriveglobal](https://thriveglobal.com/stories/13-surprising-signs-of-burnout-you-may-be-missing/)
* [Burnout and the Brain - Alexandra Michel(psychologicalscience.org)](https://www.psychologicalscience.org/observer/burnout-and-the-brain)
* [Maslach Burnout Inventory 3ed - Christina Maslach, Susan E. Jackson, Michael P. Leiter](https://www.researchgate.net/profile/Christina_Maslach/publication/277816643_The_Maslach_Burnout_Inventory_Manual/links/5574dbd708aeb6d8c01946d7.pdf)
* **Depression**
* [Living with Depression in Tech - Jonathan Zdziarski](https://www.zdziarski.com/blog/?p=7437)
* **General**
* [USA Mental Health First Aid](https://www.mentalhealthfirstaid.org/)
* [National Alliance on Mental Illness](https://www.nami.org/#)
* [Mental Health Hackers](https://www.mentalhealthhackers.org/)
* [Laziness Does Not Exist - But unseen barriers do - Devon Price](https://medium.com/@devonprice/laziness-does-not-exist-3af27e312d01)
* **Stress**
* [Stress management - Mayo Clinic](https://www.mayoclinic.org/healthy-lifestyle/stress-management/in-depth/stress/art-20046037)
* [Understanding chronic stress - American Psychological Association](https://www.apa.org/helpcenter/understanding-chronic-stress)
* [Chronic Stress and a Life: How Stress Almost Killed Me - Sergio Caltagirone](http://www.activeresponse.org/chronic-stress-and-a-life-how-stress-almost-killed-me/)
* **Abusive Behaviour**
* [Sick systems: How to keep someone with you forever - Issendai](https://issendai.livejournal.com/572510.html)
* **Non-Technical Skills**<a name="non-tech"></a>
* [Relearning the Art of Asking Questions - HBR](https://hbr.org/2015/03/relearning-the-art-of-asking-questions)
* [How To Ask Questions The Smart Way - Eric Raymond](http://www.catb.org/esr/faqs/smart-questions.html)
* **Performance Reviews**<a name="perf-review"></a>
* [A Beginner’s Guide to Giving Performance Reviews - Advice for new managers on the most effective way to deliver feedback(Rebecca Fishbein)](https://medium.com/s/story/a-beginners-guide-to-giving-performance-reviews-963aba23bd)
* **Resume**<a name="resume"></a>
* [17 things that make this the perfect résumé - Áine Cain and Shayanne Gal(BusinessInsider)](https://www.businessinsider.com/why-this-is-an-excellent-resume-2013-11)
* **Testing(Certifications/Exams)**<a name="testing"></a>
* [Better GIAC Testing with Pancakes - H4cks4panckakes](https://tisiphone.net/2015/08/18/giac-testing/)
* **Other**
* [What senior engineers do: fix knowledge holes - Dan Moore](http://www.mooreds.com/wordpress/archives/3232)
* Worthwhile for the first comment in response to the article: "I don’t see anything “senior” about it, or even “engineer”. Seeing problems and solving them is what everyone does. Documenting the solution is one part of solving a problem. An apprentice carpenter does these things, too, and so does a farmer, and a waiter. Unfortunately, it’s not what most software companies reward, or how they operate. Whenever I did this, my manager, at every software company I’ve worked for, would say: “That’s cool, but you’re supposed to add the FooBar feature, and it needs to be done this Friday. Don’t waste time with reverse-engineering, or documentation. Just add one new field to the protocol somewhere. We can clean it up Later(TM).” This is Conway’s Law at work. What sort of company encourages the creation of two critical components which are completely undocumented? The sort of company which doesn’t reward documentation of critical components. That’s not likely to change because the engineer that created them happened to leave. (It took more time to reverse-engineer the protocol than it would have to document it when the knowledge was fresh.) The PM and QA who allowed this to happen are still there, right? What “Senior Engineer” really means is someone who’s spent enough time in the trenches to have earned a job title that allows them the latitude to make these sorts of improvements, and not have a PM question why they aren’t, instead, doing exactly what they were assigned. Look back at the story. Did the “senior engineer” go through proper channels to schedule a “reverse-engineer and document network protocol” task? No, he clearly didn’t trust that it would happen. Or maybe it was already there, but lowest priority (way below “fix CSS on IE”, of course). What was his actual responsibility that week? The story doesn’t say, but I don’t see any remarks about a PM breathing down his neck asking about the CSS fix he asked for (because that PM is the only user of the system, anywhere, of course, who uses IE and sees that particular bug). Documentation is not on this week’s “Sprint”! The process is fundamentally broken. We hear fables like this about how life would be better if we all did something one way (you’ll get promoted to Senior Engineer!), while in practice we’re punished for doing so."
* [The Shirky Principle - Technium](https://kk.org/thetechnium/the-shirky-prin/)
* “Institutions will try to preserve the problem to which they are the solution.” — Clay Shirky
* [Law #8: The Law of Duality - ericsink.com](https://ericsink.com/laws/Law_08.html)
* [Apple’s Software “Problem” and “Fixing” It (via twitter)](https://medium.learningbyshipping.com/apples-software-problem-and-fixing-it-via-twitter-c941a905ba20)
* [Revisiting L0pht testimony – 20yrs later -Space Rogue](https://www.spacerogue.net/wordpress/?p=709)
* **Industry History**
* [15 Months of Fresh Hell Inside Facebook - Nicholas Thompson and Fred Vogelstein](https://www.wired.com/story/facebook-mark-zuckerberg-15-months-of-fresh-hell/)

+ 422
- 0
Draft/Crypto_Encrypt.md View File

@ -0,0 +1,422 @@
# Cryptography
------------------
## Table of Contents
- [General Information](#general)
- [101](#101)
- [Attacks](#attacks)
- [Auditing](#audit)
- [Books](#books)
- [CheatSheets](#cheat)
- [Courses](#courses)
- [Cryptograhic Frameworks/Libraries/Protocols](#framework)
- [Don't Do](#dont)
- [Educational/Informative](#educational)
- [General](#general)
- [History](#history)
- [Miscellaneous](#misc)
- [Secrets Management](#secrets)
- [Side Channel Attacks](#side-channel)
- [Implementation Specific Stuff](#implementation)
- [Android](#android)
- [iOS](#ios)
- [Bitlocker](#bitlocker)
- [Key-Exchange](#key-exchange)
- [MD5](#md5)
- [RSA](#rsa)
- [Signal](#signal)
- [SSH](#ssh)
- [Secure Sockets Layer/Transport Layer Security](#ssl)
- [101](#s101)
- [Articles/Writeups](#sart)
- [Papers](#papers)
- [Attacks](#sattacks)
- [Tools](#stools)
- [Various Tools](#tools)
- [Cryptocurrency Related](#coins)
- [Bitcoin](#bitcoin)
- [Ethereum](#ether)
https://tls.ulfheim.net/
https://bearssl.org/
https://thecryptobible.co/protocols/tls.html
-----
### <a name="general">General Information</a>
* **101** <a name="101"></a>
* [Crypto 101](https://www.crypto101.io/)
* Crypto 101 is an introductory course on cryptography, freely available for programmers of all ages and skill levels.
* [Primer on Zero-Knowledge Proofs](http://blog.cryptographyengineering.com/2014/11/zero-knowledge-proofs-illustrated-primer.html?m=1)
* [Hyper-encryption - Wikipedia](https://en.wikipedia.org/wiki/Hyper-encryption)
* [XOR Bitwise Operations Explained - Khan Academy](https://www.khanacademy.org/computing/computer-science/cryptography/ciphers/a/xor-bitwise-operation)
* [Homomorphic encryption](https://en.wikipedia.org/wiki/Homomorphic_encryption)
* [Differential Cryptanalysis for Dummies - Jon King](https://www.youtube.com/watch?v=xav-GUO_o4s&feature=youtu.be)
* [Lifetimes of cryptographic hash functions](http://valerieaurora.org/hash.html)
* [Hash-based Signatures: An illustrated Primer](https://blog.cryptographyengineering.com/2018/04/07/hash-based-signatures-an-illustrated-primer/)
* [Should we MAC-then-encrypt or encrypt-then-MAC? - stackoverflow](https://crypto.stackexchange.com/questions/202/should-we-mac-then-encrypt-or-encrypt-then-mac)
* **Attacks**<a name="attacks"></a>
* **CBC Bit Flipping**
* [CBC Byte Flipping Attack—101 Approach](http://resources.infosecinstitute.com/cbc-byte-flipping-attack-101-approach/)
* **Padding Oracle**
* [Automated Padding Oracle Attacks with PadBuster](https://blog.gdssecurity.com/labs/2010/9/14/automated-padding-oracle-attacks-with-padbuster.html)
* [PadBuster v0.3 and the .NET Padding Oracle Attack](https://blog.gdssecurity.com/labs/2010/10/4/padbuster-v03-and-the-net-padding-oracle-attack.html)
* **Auditing**<a name="audit"></a>
* [A Formal Security Analysis of the Signal Messaging Protocol - Oct2016](https://eprint.iacr.org/2016/1013.pdf)
* [Top 10 Developer Crypto Mistakes](https://littlemaninmyhead.wordpress.com/2017/04/22/top-10-developer-crypto-mistakes/amp/)
* [Why does cryptographic software fail? A case study and open problems](http://pdos.csail.mit.edu/papers/cryptobugs:apsys14.pdf)
* Abstract: Mistakes in cryptographic software implementations often undermine the strong security guarantees offered by cryptography. This paper presents a systematic study of cryptographic vulnerabilities in practice, an examination of state-of-the-art techniques to prevent such vulnerabilities, and a discussion of open problems and possible future research directions. Our study covers 269 cryptographic vulnerabilities reported in the CVE database from January 2011 to May 2014. The results show that just 17% of the bugs are in cryptographic libraries (which often have devastating consequences), and the remaining 83% are misuses of cryptographic libraries by individual applications. We observe that preventing bugs in different parts of a system requires different techniques, and that no effective techniques exist to deal with certain classes of mistakes, such as weak key generation.
* [Deadpool](https://github.com/SideChannelMarvels/Deadpool)
* Repository of various public white-box cryptographic implementations and their practical attacks.
* [RSA-and-LLL-attacks](https://github.com/mimoo/RSA-and-LLL-attacks)
* This repo host implementations and explanations of different RSA attacks using lattice reduction techniques (in particular LLL).
* [Hunting For Vulnerabilities In Signal - Markus Vervier - HITB 2017 AMS](https://www.youtube.com/watch?v=2n9HmllVftA)
* Signal is the most trusted secure messaging and secure voice application, recommended by Edward Snowden and the Grugq. And indeed Signal uses strong cryptography, relies on a solid system architecture, and you’ve never heard of any vulnerability in its code base. That’s what this talk is about: hunting for vulnerabilities in Signal. We will present vulnerabilities found in the Signal Android client, in the underlying Java libsignal library, and in example usage of the C libsignal library. Our demos will show how these can be used to crash Signal remotely, to bypass the MAC authentication for certain attached files, and to trigger memory corruption bugs. Combined with vulnerabilities in the Android system it is even possible to remotely brick certain Android devices. We will demonstrate how to initiate a permanent boot loop via a single Signal message. We will also describe the general architecture of Signal, its attack surface, the tools you can use to analyze it, and the general threat model for secure mobile communication apps.
* **Books**<a name="books"></a>
* [Cryptography Engineering](https://www.schneier.com/books/cryptography_engineering/)
* [Serious Cryptography](https://nostarch.com/seriouscrypto)
* **CheatSheets**<a name="cheat"></a>
* [Quick'n easy gpg cheatsheet](http://irtfweb.ifa.hawaii.edu/%7Elockhart/gpg/)
* **Courses**<a name="courses"></a>
* [Coursera Cryptography](https://www.coursera.org/learn/crypto)
* [Matsano Crypto Challenges](https://www.cryptopals.com)
* Go through a series of increasingly difficult challenges while learning all about cryptography. Expected knowledge level: You passed 9th grade math and you have 0 knowledge of crypto.
* [A Graduate Course in Applied Cryptography - Dan Boneh and Victor Shoup](http://toc.cryptobook.us/)
* Version 0.3 - posted Dec. 9, 2016
* [Discovering Smart Contract Vulnerabilities with GOATCasino - NCCGroup](https://www.nccgroup.trust/us/our-research/discovering-smart-contract-vulnerabilities-with-goatcasino/?style=Cyber+Security)
* **Cryptograhic Frameworks/Libraries/Protocols**<a name="framework"></a>
* [OMEMO Multi-End Message and Object Encryption](https://conversations.im/omemo/)
* OMEMO is an XMPP Extension Protocol (XEP) for secure multi-client end-to-end encryption. It is an open standard based on a Double Ratchet and PEP which can be freely used and implemented by anyone. The protocol has been audited by a third party.
* [The Legion of the Bouncy Castle](https://www.bouncycastle.org/)
* [The Noise Protocol Framework](http://noiseprotocol.org/noise.html)
* Noise is a framework for crypto protocols based on Diffie-Hellman key agreement. Noise can describe protocols that consist of a single message as well as interactive protocols.
* A Noise protocol begins with two parties exchanging handshake messages. During this handshake phase the parties exchange DH public keys and perform a sequence of DH operations, hashing the DH results into a shared secret key. After the handshake phase each party can use this shared key to send encrypted transport messages.
* [XEP-xxxx: OMEMO Encryption](https://conversations.im/xeps/multi-end.html)
* **Don't Do**<a name="dont"></a>
* [How to Implement Crypto Poorly - Sean Cassidy](https://github.com/cxxr/talks/blob/master/2016/grrcon/How%20to%20Implement%20Crypto%20Poorly.pdf)
* **Educational/Informative**<a name="educational"></a>
* [Cryptographic Right Answers (2018)](http://latacora.singles/2018/04/03/cryptographic-right-answers.html)
* The third installment of the series with the occasional comments about the previous two
* [Crypto.is Blog](https://crypto.is/blog/)
* This blog series is intended to be a course on how remailers work, the theory behind them, and many of the choices that must be considered. Some of the topics we intended to dive deeply into in the future is how to have a directory of remailer nodes, how to handle messages that overflow the packet size, more details on Mixminion, as-yet-unimplemented Academic Papers (like Pynchon Gate and Sphinx), and more! Check out posts One, Two, Three, Four, and Five. The comments section should work, so please do leave comments if you have questions, insights, or corrections!
* [Adam Langley's blog (ImperialViolet)](https://www.imperialviolet.org/posts-index.html)
* [Website detailing various crypto laws around world](http://www.cryptolaw.org/)
* [SSL/TLS and PKI History ](https://www.feistyduck.com/ssl-tls-and-pki-history/)
* A comprehensive history of the most important events that shaped the SSL/TLS and PKI ecosystem. Based on Bulletproof SSL and TLS, by Ivan Ristić.
* [Crypto: 48 Dirty Little Secrets Cryptographers Don’t Want You To Know - BlackHat2014](https://www.youtube.com/watch?v=mXdFHNJ6srY)
* [How I implemented my own crypto](http://loup-vaillant.fr/articles/implemented-my-own-crypto) ([HN discussion](https://news.ycombinator.com/item?id=14917378))
* **General**<a name="general"></a>
* [Snake Oil Crypto Competition](https://snakeoil.cr.yp.to/)
* [Applied-Crypto-Hardening](https://github.com/BetterCrypto/Applied-Crypto-Hardening)
* Best Current Practices regarding secure online communication and configuration of services using cryptography. https://bettercrypto.org
* [cr.yp.to blog](http://blog.cr.yp.to/index.html)
* **History**<a name="history"></a>
* **Laws**
* [What encryption laws exist around the world? - Nyman Gibson Miralis](https://ngm.com.au/global-encryption-laws/)
* [Government Access to Encrypted Communications: Canada - loc.gov](https://www.loc.gov/law/help/encrypted-communications/canada.php)
* [Key disclosure law - Wikipedia](https://en.wikipedia.org/wiki/Key_disclosure_law)
* [World map of encryption laws and policies - GlobalPartners Digital](https://www.gp-digital.org/world-map-of-encryption/)
* [Shining a Light on the Encryption Debate - A Canadian Field Guide - Lex Gill, Tamir Israel, and Christopher Parsons(CitizenLab)](https://citizenlab.ca/2018/05/shining-light-on-encryption-debate-canadian-field-guide/)
* **Miscellaneous**<a name="misc"></a>
* [SHA2017 Conference Videos](https://www.youtube.com/channel/UCHmPMdU0O9P_W6I1hNyvBIQ/videos)
* **Perfect Forward Secrecy**
* [What Is Perfect Forward Secrecy? - Jaq Evans](https://www.extrahop.com/company/blog/2017/what-is-perfect-forward-secrecy/)
* **PGP**
* [Want to understand Pretty Good Privacy? Simulate it. - Tejaas Solanki](https://medium.freecodecamp.org/understanding-pgp-by-simulating-it-79248891325f)
* **Secrets Management**<a name="secrets"></a>
* [Secrets and LIE-abilities: The State of Modern Secret Management (2017)](https://medium.com/on-docker/secrets-and-lie-abilities-the-state-of-modern-secret-management-2017-c82ec9136a3d)
* [Toward Robust Hidden Volumes Using Write-Only Oblivious RAM](https://eprint.iacr.org/2014/344.pdf)
* With sensitive data being increasingly stored on mobile devices and laptops, hard disk encryption is more important than ever. In particular, being able to plausibly deny that a hard disk contains certain information is a very useful and interesting research goal. However, it has been known for some time that existing “hidden volume” solutions, like TrueCrypt, fail in the face of an adversary who is able to observe the contents of a disk on multiple, separate occasions. In this work, we explore more robust constructions for hidden volumes and present HIVE, which is resistant to more powerful adversaries with multiple-snapshot capabilities. In pursuit of this, we propose the first security definitions for hidden volumes, and prove HIVE secure under these definitions. At the core of HIVE, we de- sign a new write-only Oblivious RAM. We show that, when only hiding writes, it is possible to achieve ORAM with optimal O(1) communication complexity and only polylogarithmic user mem- ory. This is a significant improvement over existing work and an independently interesting result. We go on to show that our write-only ORAM is specially equipped to provide hidden volume functionality with low overhead and significantly increased security. Finally, we implement HIVE as a Linux kernel block device to show both its practicality and usefulness on existing platforms.
* **Side Channel Attacks**<a name="side-channel"></a>
* [MASCAB: a Micro-Architectural Side-Channel Attack Bibliography](https://github.com/danpage/mascab/)
* Cryptography is a fast-moving field, which is enormously exciting but also quite challenging: resources such as the IACR eprint archive and CryptoBib help, but even keeping track of new results in certain sub-fields can be difficult, let alone then making useful contributions. The sub-field of micro-architectural side-channel attacks is an example of this, in part as the result of it bridging multiple disciplines (e.g., cryptography and computer architecture). I've found this particularly challenging (and so frustrating) over say the last 5 years; the volume of papers has expanded rapidly, but the time I'd normally allocate to reading them has been eroded by other commitments (as evidenced by a pile of printed papers gathering dust on my desk). In the end, I decided to tackle this problem by progressively a) collating papers I could read, then b) reading them one-by-one, but in no particular order, and attempting to summarise their contribution (and so organise the sub-field as a whole in my head). MASCAB is the result: after starting to advise MSc and PhD students on how to navigate the sub-field, it seems likely to be of use to others as well.
From: https://www.reddit.com/r/securityengineering/comments/7o2uzy/a_collection_of_links_to_pdfs_of_papers_on/
```
1973-10-01 "A note on the confinement problem" by Lampson https://www.cs.utexas.edu/~shmat/courses/cs380s_fall09/lampson73.pdf
1994-??-?? - "Countermeasures and tradeoffs for a class of covert timing channels" by Ray https://pdfs.semanticscholar.org/5505/384390d0b0bf86de8804baeaf82254572363.pdf
2003-09-08 - "Cryptanalysis of DES implemented on computers with cache" by Tsunoo et al. http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.135.1221&rep=rep1&type=pdf
2005-04-14 - "Cache-timing attacks on AES" by Bernstein https://cr.yp.to/antiforgery/cachetiming-20050414.pdf
2005-05-13 - "CACHE MISSING FOR FUN AND PROFIT" by Percival http://css.csail.mit.edu/6.858/2014/readings/ht-cache.pdf
2006-02-13 - "Cache attacks and countermeasures: the case of AES" by Osvik et al. https://www.cs.tau.ac.il/~tromer/papers/cache.pdf
2006-08-23 - "Predicting Secret Keys via Branch Prediction" by Aciicmez et al. https://eprint.iacr.org/2006/288.pdf
2007-03-20 - "On the Power of Simple Branch Prediction Analysis" by Acıi¸cmez1 et al. https://eprint.iacr.org/2006/351.pdf
2007-12-18 - "New Branch Prediction Vulnerabilities in OpenSSL and Necessary Software Countermeasures" by Aciicmez et al. https://eprint.iacr.org/2007/039.pdf
2010-11-22 - "Cache Games -- Bringing Access-Based Cache Attacks on AES to Practice" by Gullasch et al https://eprint.iacr.org/2010/594.pdf
2012-03-08 - "Plugging Side-Channel Leaks with Timing Information Flow Control" by Ford https://arxiv.org/pdf/1203.3428.pdf
2013-05-19 - "Practical Timing Side Channel Attacks against Kernel Space ASLR" by Hund et al. http://www.ieee-security.org/TC/SP2013/papers/4977a191.pdf
2013-08-13 - "The Page-Fault Weird Machine: Lessons in Instruction-less Computation" by Bangert et al. https://www.usenix.org/system/files/conference/woot13/woot13-bangert.pdf
2013-08-15 - "CacheAudit: A Tool for the Static Analysis of Cache Side Channels" by Doychev et al. https://eprint.iacr.org/2013/253.pdf
2013-09-26 - "On the Prevention of Cache-Based Side-Channel Attacks in a Cloud Environment" Godfrey et al. https://pdfs.semanticscholar.org/6367/9824606b1b0deb4a44639a4e4b3e5eb49303.pdf
2014-01-01 - "CACHE-BASED SIDE-CHANNEL ATTACKS IN MULTI-TENANT PUBLIC CLOUDS AND THEIR COUNTERMEASURES" by Zhang https://pdfs.semanticscholar.org/95a2/40ac8a7bbee77b32120081f00477e38776fe.pdf
2014-11-03 - "The Last Mile An Empirical Study of Timing Channels on seL4" by Cock et al http://research.davidcock.fastmail.fm/papers/Cock_GMH_14.pdf
2015-04-02 - "An Empirical Bandwidth Analysis of Interrupt-Related Covert Channels" by Gay e tal. http://www.mais.informatik.tu-darmstadt.de/WebBibPHP/papers/2013/2013-GayMantelSudbrock-EmpiricalIRCC.pdf
2015-05-17 - "Last-Level Cache Side-Channel Attacks are Practical" by Liu et al http://palms.ee.princeton.edu/system/files/SP_vfinal.pdf
2015-05-17 - "S$A: A Shared Cache Attack That Works across Cores and Defies VM Sandboxing -- and Its Application to AES" - by Irazoqui et al http://users.wpi.edu/~teisenbarth/pdf/SharedCacheAttackSnP2015.pdf
2016-03-07 - "Rigorous Analysis of Software Countermeasures against Cache Attacks" by Doychev et al. https://arxiv.org/pdf/1603.02187.pdf
2016-06-12 - "Flush+Flush: a fast and stealthy cache attack" by Gruss et al. https://gruss.cc/files/flushflush.pdf
2016-08-10 - "Verifying Constant-Time Implementations" by Almeida & Barbosa https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_almeida.pdf
2016-10-?? - "Jump over ASLR: Attacking branch predictors to bypass ASLR" by Evtyushkin et al. http://www.cs.wm.edu/~dmitry/assets/files/evtyushkin-micro16-camera.pdf
2016-10-?? - "Breaking Kernel Address Space Layout Randomization with Intel TSX" by Jang et al. https://sslab.gtisc.gatech.edu/assets/papers/2016/jang:drk-ccs.pdf
2016-10-?? - "A Survey of Microarchitectural Timing Attacks and Countermeasures on Contemporary Hardware" by Qian Ge et al http://eprint.iacr.org/2016/613
2016-10-24 - "Prefetch Side-Channel Attacks: Bypassing SMAP and Kernel ASLR" by Gruss et al https://gruss.cc/files/prefetch.pdf
2016-01-?? - "Attacking Cloud through cache based side channel in virtualized environment" by Teja et al. http://ijarcsee.org/index.php/IJARCSEE/article/download/301/267
2017-02-27 - "ASLR on the Line: Practical Cache Attacks on the MMU" by Gras & Kaveh et al http://www.cs.vu.nl/~herbertb/download/papers/anc_ndss17.pdf
2017-03-20 - "CacheZoom: How SGX Amplifies The Power of Cache Attacks" by Moghimi - https://arxiv.org/pdf/1703.06986.pdf
2017-05-20 - "Leaky Cauldron on the Dark Land: Understanding Memory Side-Channel Hazards in SGX" by Wang et al https://arxiv.org/pdf/1705.07289.pdf
2017-06-24 - "Kaslr is dead: long live kaslr", "the KAISER paper" by Gruss et al https://gruss.cc/files/kaiser.pdf
2017-08-16 - "Prime+Abort: A Timer-Free High-Precision L3 Cache Attack using Intel TSX" by Disselkoen et al https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-disselkoen.pdf
2017-10-?? - "LAZARUS: Practical Side-Channel Resilient Kernel-Space Randomization" by Gens et al http://jin.ece.ufl.edu/papers/RAID17.pdf
2018-01-04 - "Spectre Attacks: Exploiting Speculative Execution" by Kocher et al https://spectreattack.com/spectre.pdf
2018-01-04 - "Meltdown" by Lipp et al. https://meltdownattack.com/meltdown.pdf
```
--------------------------------
### <a name="implementation"></a> Implementation Specific Stuff
* **Android**<a name="android"></a>
* **101**
* **Articles/Papers/Talks/Writeups**
* [Encrypting Strings in Android: Let's make better mistakes](http://tozny.com/blog/encrypting-strings-in-android-lets-make-better-mistakes/)
* [An Empirical Study of Cryptographic Misuse in Android Applications](https://www.cs.ucsb.edu/~chris/research/doc/ccs13_cryptolint.pdf)
* **Tools**
* **iOS**<a name="ios"></a>
* **101**
* **Articles/Papers/Talks/Writeups**
* **Tools**
* **Bitlocker**<a name="bitlocker"></a>
* **101**
* **Articles/Papers/Talks/Writeups**
* [Recovering BitLocker Keys on Windows 8.1 and 10](https://tribalchicken.io/recovering-bitlocker-keys-on-windows-8-1-and-10/)
* **Tools**
* **Key Exchange**<a name="key-echange"></a>
* [The SIGMA Family of Key-Exchange Protocols](http://webee.technion.ac.il/~hugo/sigma-pdf.pdf)
* Summary: SIGMA is a family of cryptographic key-exchange protocols that provide perfect forward secrecy via a Diffie-Hellman exchange authenticated with digital signatures. SIGMA is designed to support a variety of features and trade-offs required in common practical scenarios (such as identity protection and reduced number of protocol rounds) as well as to enjoy sound cryptographic security. This design puts forth the "SIGn-and-MAc" (SIGMA, for short) approach that carefully combines the use of digital signatures and MAC functions to guarantee an authenticated binding between the Diffie-Hellman key and the identities of the parties to the exchange. This simple approach resolves security shortcomings found in previous protocols. The SIGMA protocols serve as the cryptographic basis for the signature-based modes of the standardized Internet Key Exchange (IKE) protocol, and its current revision IKE version 2.
* **MD5**<a name="md5"></a>
* [Project HashClash](https://marc-stevens.nl/p/hashclash/)
* Framework for MD5 & SHA-1 Differential Path Construction and Chosen-Prefix Collisions for MD5. It's goal is to further understanding and study of the weaknesses of MD5 and SHA-1.
* **RSA**<a name="rsa"></a>
* [Encryption 101, RSA 001 (The maths behind it) - IoTh1nkN0t](https://0x00sec.org/t/encryption-101-rsa-001-the-maths-behind-it/1921)
* Summary: SIGMA is a family of cryptographic key-exchange protocols that provide perfect forward secrecy via a Diffie-Hellman exchange authenticated with digital signatures. SIGMA is designed to support a variety of features and trade-offs required in common practical scenarios (such as identity protection and reduced number of protocol rounds) as well as to enjoy sound cryptographic security. This design puts forth the "SIGn-and-MAc" (SIGMA, for short) approach that carefully combines the use of digital signatures and MAC functions to guarantee an authenticated binding between the Diffie-Hellman key and the identities of the parties to the exchange. This simple approach resolves security shortcomings found in previous protocols. The SIGMA protocols serve as the cryptographic basis for the signature-based modes of the standardized Internet Key Exchange (IKE) protocol, and its current revision IKE version 2.
* **Signal**<a name="signal"></a>
* [Demystifying the Signal Protocol for End-to-End Encryption (E2EE)](https://medium.com/@justinomora/demystifying-the-signal-protocol-for-end-to-end-encryption-e2ee-ad6a567e6cb4)
* **SSH**<a name="ssh"></a><a name="ssh"></a>
* [SSH Bad Keys](https://github.com/rapid7/ssh-badkeys)
* This is a collection of static SSH keys (host and authentication) that have made their way into software and hardware products. This was inspired by the Little Black Box project, but focused primarily on SSH (as opposed to TLS) keys.
* [House of Keys](https://github.com/sec-consult/houseofkeys)
* [Widespread Weak Keys in Network Devices](https://factorable.net/)
----------------------
### <a name="ssl"></a> Secure Sockets Layer/Transport Layer Security
* **101**<a name="s101"></a>
* **Articles/Talks/Writeups**<a name="sart"></a>
* [Poor Man's Guide to Troubleshooting TLS Failures](http://blogs.technet.com/b/tspring/archive/2015/02/23/poor-man-s-guide-to-troubleshooting-tls-failures.aspx)
* [TLS 1.3 Implementations](https://github.com/tlswg/tls13-spec/wiki/Implementations)
* [TLS/SSL Vulnerabilities - GracefulSecurity](https://www.gracefulsecurity.com/tls-ssl-vulnerabilities/)
* [s2n](https://github.com/awslabs/s2n)
* s2n is a C99 implementation of the TLS/SSL protocols that is designed to be simple, small, fast, and with security as a priority. It is released and licensed under the Apache License 2.0.
* **Papers**<a name="spapers"></a>
* [A Messy State of the Union: Taming the Composite State Machines of TLS](https://www.smacktls.com/smack.pdf)
* Abstract —Implementations of the Transport Layer Security (TLS) protocol must handle a variety of protocol versions and extensions, authentication modes and key exchange methods, where each combination may prescribe a different message sequence between the client and the server. We address the problem of designing a robust composite state machine that can correctly multiplex between these different protocol modes. We systematically test popular open-source TLS implementations for state machine bugs and discover several critical security vulnerabilities that have lain hidden in these libraries for years (they are now in the process of being patched). We argue that these vulnerabilities stem from incorrect compositions of individually correct state machines. We present the first verified implementation of a composite TLS state machine in C that can be embedded into OpenSSL and accounts for all its supported ciphersuites. Our attacks expose the need for the formal verifica- tion of core components in cryptographic protocol libraries; our implementation demonstrates that such mechanized proofs are within reach, even for mainstream TLS implementations.
* **Attacks**<a name="sattacks"></a>
* **BEAST**
* [BEAST: Surprising crypto attack against HTTPS - Thai Duong & Juliano Rizzo - eko7](https://www.youtube.com/watch?v=-BjpkHCeqU0)
* [PoC](https://github.com/mpgn/BEAST-PoC)
* **BREACH**
* [BREACH - Wikipedia](https://en.wikipedia.org/wiki/BREACH)
* [A BREACH beyond CRIME - Introducing our newest toy from Black Hat USA 2013: Browser Reconnaissance & Exfiltration via Adaptive Compression of Hypertext](http://breachattack.com/)
* **CRIME**
* [CRIME - Wikipedia](https://en.wikipedia.org/wiki/CRIME)
* **DROWN**
* [DROWN - Wikipedia](https://en.wikipedia.org/wiki/DROWN_attack)
* [The DROWN Attack - drownattack.com](https://drownattack.com/)
* [DROWN: Breaking TLS using SSLv2](https://drownattack.com/drown-attack-paper.pdf)
* **FREAK**
* [Attack of the week: FREAK (or 'factoring the NSA for fun and profit')](http://blog.cryptographyengineering.com/2015/03/attack-of-week-freak-or-factoring-nsa.html)
* [FREAK - Wikipedia](https://en.wikipedia.org/wiki/FREAK)
* **Logjam**
* [Logjam - Wikipedia](https://en.wikipedia.org/wiki/Logjam_(computer_security))
* [Weak Diffie-Hellman and the Logjam Attack - weakdh.org](https://weakdh.org/)
* **Oracle Padding/Lucky 13**
* [Lucky Thirteen - Wikipedia](https://en.wikipedia.org/wiki/Lucky_Thirteen_attack)
* [ImperialViolet - Lucky Thirteen attack on TLS CBC (04 Feb 2013)](https://www.imperialviolet.org/2013/02/04/luckythirteen.html)
* [Lucky Thirteen: Breaking the TLS and DTLS Record Protocols - isg.rhul.ac.uk](http://www.isg.rhul.ac.uk/tls/Lucky13.html)
* **POODLE**
* [POODLE - Wikipedia](https://en.wikipedia.org/wiki/POODLE)
* **RC4-based Attacks**
* **Renegotiation**
* [Understanding the TLS Renegotiation Attack - educatedguesswork.org](http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html)
* [TLS Renegotiation Vulnerability - IETF Presentation](https://www.ietf.org/proceedings/76/slides/tls-7.pdf)
* **ROBOT Attack**
* [ROBOT Attack](https://robotattack.org/)
* ROBOT is the return of a 19-year-old vulnerability that allows performing RSA decryption and signing operations with the private key of a TLS server. In 1998, Daniel Bleichenbacher discovered that the error messages given by SSL servers for errors in the PKCS #1 v1.5 padding allowed an adaptive-chosen ciphertext attack; this attack fully breaks the confidentiality of TLS when used with RSA encryption. We discovered that by using some slight variations this vulnerability can still be used against many HTTPS hosts in today's Internet.
* [robot-detect](https://github.com/robotattackorg/robot-detect)
* Proof of concept attack and detection for ROBOT (Return Of Bleichenbacher's Oracle Threat).
* **SWEET32**
* [Sweet32: Birthday attacks on 64-bit block ciphers in TLS and OpenVPN - sweet32.info](https://sweet32.info/)
* **Tools**<a name="stools"></a>
* [TLS-Attacker](https://github.com/RUB-NDS/TLS-Attacker)
* TLS-Attacker is a Java-based framework for analyzing TLS libraries. It is able to send arbitrary protocol messages in an arbitrary order to the TLS peer, and define their modifications using a provided interface. This gives the developer an opportunity to easily define a custom TLS protocol flow and test it against his TLS library.
---------------
### <a name="tools">Tools</a>
* **Helpful stuff**
* [keyCzar](http://www.keyczar.org/)
* Keyczar is an open source cryptographic toolkit designed to make it easier and safer for developers to use cryptography in their applications. Keyczar supports authentication and encryption with both symmetric and asymmetric keys.
* [Simple crypto tools](http://rumkin.com/tools/)
* **Encryption Software**
* [VeraCrypt](https://www.veracrypt.fr/en/Home.html)
* VeraCrypt is a free open source disk encryption software for Windows, Mac OSX and Linux. Brought to you by IDRIX (https://www.idrix.fr) and based on TrueCrypt 7.1a.
* **Key Managment**
* [CONIKS](https://coniks.cs.princeton.edu/)
* CONIKS is a key management system for end users capable of integration in end-to-end secure communication services. The main idea is that users should not have to worry about managing encryption keys when they want to communicate securely, but they also should not have to trust their secure communication service providers to act in their interest.
* **Hash Identification**
* [HashID](https://github.com/psypanda/hashID)
* hashID is a tool written in Python 3 which supports the identification of over 220 unique hash types using regular expressions. It is able to identify a single hash, parse a file or read multiple files in a directory and identify the hashes within them. hashID is also capable of including the corresponding hashcat mode and/or JohnTheRipper format in its output. hashID works out of the box with Python 2 = 2.7.x or Python 3 = 3.3 on any platform.
* [Hash-Algorithm-Identifier](https://github.com/AnimeshShaw/Hash-Algorithm-Identifier)
* A python tool to identify different Hash Function Algorithms. Supports 160+ Hash Algorithms.
* **Attack Implementation/Testing**
* **General**
* [Cryptographic Implementations Analysis Toolkit (CIAT)](http://ciat.sourceforge.net/)
* The Cryptographic Implementations Analysis Toolkit (CIAT) is compendium of command line and graphical tools whose aim is to help in the detection and analysis of encrypted byte sequences within files (executable and non-executable).
* [Project Wycheproof](https://github.com/google/wycheproof)
* Project Wycheproof tests crypto libraries against known attacks. It is developed and maintained by members of Google Security Team, but it is not an official Google product.
* [FeatherDuster](https://github.com/nccgroup/featherduster)
* FeatherDuster is a tool written by Daniel "unicornfurnace" Crowley of NCC Group for breaking crypto which tries to make the process of identifying and exploiting weak cryptosystems as easy as possible. Cryptanalib is the moving parts behind FeatherDuster, and can be used independently of FeatherDuster.
* **Hash Collisions**
* [Project HashClash](https://marc-stevens.nl/p/hashclash/)
* Project HashClash is a Framework for MD5 & SHA-1 Differential Path Construction and Chosen-Prefix Collisions for MD5. It's goal is to further understanding and study of the weaknesses of MD5 and SHA-1.
* [CPC-MD5](https://github.com/dingelish/cpc-md5)
* This project is forked from Marc Steven's Hashclash project hashclash and follows GPL.
* [SHA1Collider](https://github.com/nneonneo/sha1collider)
* Build two PDFs that have different content but identical SHA1 sums.
* **Hash Pump**
* [HashPump](https://github.com/bwall/HashPump)
* A tool to exploit the hash length extension attack in various hashing algorithms. Currently supported algorithms: MD5, SHA1, SHA256, SHA512.
* **Padding Oracle**
* [pypadbuster](https://github.com/escbar/pypadbuster)
* A Python version of PadBuster.pl by Gotham Digital Security (GDSSecurity on Github)
* [padex](https://github.com/szdavid92/padex)
* The goal of this challenge is to find a flag contained in an encrypted message. A decryption oracle and the encrypted message is provided. The student should write an application that cracks the cyphertext by abusing the oracle which is vulnerable to the padding attack.
* [Padding Oracle Exploit API](https://mwielgoszewski.github.io/python-paddingoracle/)
* python-paddingoracle is an API that provides pentesters a customizable alternative to PadBuster and other padding oracle exploit tools that can't easily (without a heavy rewrite) be used in unique, per-app scenarios. Think non-HTTP applications, raw sockets, client applications, unique encodings, etc.
* [tool](https://github.com/mwielgoszewski/python-paddingoracle)
* [PadBuster](https://github.com/GDSSecurity/PadBuster)
* PadBuster is a Perl script for automating Padding Oracle Attacks. PadBuster provides the capability to decrypt arbitrary ciphertext, encrypt arbitrary plaintext, and perform automated response analysis to determine whether a request is vulnerable to padding oracle attacks.
* **MD5 Related**
* [sheep-wolf](https://github.com/silentsignal/sheep-wolf/)
* Some security tools still stick to MD5 when identifying malware samples years after practical collisions were shown against the algorithm. This can be exploited by first showing these tools a harmless sample (Sheep) and then a malicious one (Wolf) that have the same MD5 hash. Please use this code to test if the security products in your reach use MD5 internally to fingerprint binaries and share your results by issuing a pull request updating the contents of results/!
* **Solver**
* [quipqiup](http://quipqiup.com/)
* quipqiup is a fast and automated cryptogram solver by Edwin Olson. It can solve simple substitution ciphers often found in newspapers, including puzzles like cryptoquips (in which word boundaries are preserved) and patristocrats (in which word boundaries aren't).
* **Toolkits**
* [RELIC](https://github.com/relic-toolkit/relic)
* RELIC is a modern cryptographic meta-toolkit with emphasis on efficiency and flexibility. RELIC can be used to build efficient and usable cryptographic toolkits tailored for specific security levels and algorithmic choices.
* **Misc**
* [dislocker](https://github.com/Aorimn/dislocker)
* FUSE driver to read/write Windows' BitLocker-ed volumes under Linux / Mac OSX
* [HiVE — Hidden Volume Encryption](http://hive.ccs.neu.edu/#four)
* [Decrypto](http://sourceforge.net/projects/decrypto/)
* In DeCrypto you will find a collection of scripts for helping decrypt messages.\
* [xortool](https://github.com/hellman/xortool)
* A tool to analyze multi-byte xor cipher
### Interesting Papers
* [Toward Robust Hidden Volumes Using Write-Only Oblivious RAM](https://eprint.iacr.org/2014/344.pdf)
* With sensitive data being increasingly stored on mobile devices and laptops, hard disk encryption is more important than ever. In particular, being able to plausibly deny that a hard disk contains certain information is a very useful and interesting research goal. However, it has been known for some time that existing “hidden volume” solutions, like TrueCrypt, fail in the face of an adversary who is able to observe the contents of a disk on multiple, separate occasions. In this work, we explore more robust constructions for hidden volumes and present HIVE, which is resistant to more powerful adversaries with multiple-snapshot capabilities. In pursuit of this, we propose the first security definitions for hidden volumes, and prove HIVE secure under these definitions. At the core of HIVE, we design a new write-only Oblivious RAM. We show that, when only hiding writes, it is possible to achieve ORAM with optimal O(1) communication complexity and only polylogarithmic user mem- ory. This is a significant improvement over existing work and an independently interesting result. We go on to show that our write-only ORAM is specially equipped to provide hidden volume func- tionality with low overhead and significantly increased security. Finally, we implement HIVE as a Linux kernel block device to show both its practicality and usefulness on existing platforms.
* [Indistinguishability Obfuscation from the Multilinear Subgroup Elimination Assumption](https://eprint.iacr.org/2014/309)
* Abstract: We revisit the question of constructing secure general-purpose indistinguishability obfuscation (iO), with a security reduction based on explicit computational assumptions over multilinear maps. Previous to our work, such reductions were only known to exist based on meta-assumptions and/or ad-hoc assumptions: In the original constructive work of Garg et al. (FOCS 2013), the underlying explicit computational assumption encapsulated an exponential family of assumptions for each pair of circuits to be obfuscated. In the more recent work of Pass et al. (Crypto 2014), the underlying assumption is a meta-assumption that also encapsulates an exponential family of assumptions, and this meta-assumption is invoked in a manner that captures the specific pair of circuits to be obfuscated. The assumptions underlying both these works substantially capture (either explicitly or implicitly) the actual structure of the obfuscation mechanism itself. In our work, we provide the first construction of general-purpose indistinguishability obfuscation proven secure via a reduction to a natural computational assumption over multilinear maps, namely, the Multilinear Subgroup Elimination Assumption. This assumption does not depend on the circuits to be obfuscated (except for its size), and does not correspond to the underlying structure of our obfuscator. The technical heart of our paper is our reduction, which gives a new way to argue about the security of indistinguishability obfuscation.
------------------
### <a name="coins"></a> Cryptocurrencies
* **General**
* [cryptocurrency](https://github.com/kilimchoi/cryptocurrency)
* Overview of top cryptocurrencies
* [Blockchain Security research](https://gist.github.com/insp3ctre/403b8cb99eae2f52565874d8547fbc94)
* Open-source blockchain security research (contributions welcome!)
* [Blockchain Graveyard](https://magoo.github..io/Blockchain-Graveyard/)
* [Crypto Canon](https://a16z.com/2018/02/10/crypto-readings-resources/)
* Curatd resources explaining various parts of crypto currencies. Hosted/maintained by a16z.com
* [Crypto Canon - a16z.com](https://a16z.com/2018/02/10/crypto-readings-resources/)
* Here’s a list of crypto readings and resources. It’s organized from building blocks and basics; foundations (& history); and key concepts — followed by specific topics such as governance; privacy and security; scaling; consensus and governance; cryptoeconomics, cryptoassets, and investing; fundraising and token distribution; decentralized exchanges; stablecoins; and cryptoeconomic primitives (token curated registries, curation markets, crytocollectibles, games). We also included a section with developer tutorials, practical guides, and maker stories — as well as other resources, such as newsletters/updates and courses, at the end.
* **Bitcoin**<a name="bitcoin"></a>
* [Bitcoin Paper](https://bitcoin.org/bitcoin.pdf)
* [Bitcoin Paper Annotated - Genius](https://genius.com/2683753)
* [Bitcoin Paper Annotated - Fermats Library](https://fermatslibrary.com/s/bitcoin)
* [Bitcointalk](https://bitcointalk.org/)
* [/r/bitcoin](https://reddit.com/r/bitcoin)
* **Ethereum**<a name="ether"></a>
* [Ethereum 'White Paper'](https://github.com/ethereum/wiki/wiki/White-Paper)
* [Cracking the Ethereum White Paper](https://medium.com/@FolusoOgunlana/cracking-the-ethereum-white-paper-e0e60c44126)
* [The Ether Thief](https://www.bloomberg.com/features/2017-the-ether-thief/)
* [Outsmarting-Smart-Contracts](https://github.com/sneakerhax/Outsmarting-Smart-Contracts)
* A repo with information about the security of Ethereum Smart Contracts
* **Monero**<a name="monero"></a>
* **Zcash**<a name="zcash"></a>
* **Shady Shit**<a name="shady"></a>
* [The Problem with Calling Bitcoin a “Ponzi Scheme”](https://prestonbyrne.com/2017/12/08/bitcoin_ponzi/)
* [Price Manipulation in the Bitcoin Ecosystem](https://www.sciencedirect.com/science/article/pii/S0304393217301666?via%3Dihub)
* [Meet ‘Spoofy’. How a Single entity dominates the price of Bitcoin.](https://hackernoon.com/meet-spoofy-how-a-single-entity-dominates-the-price-of-bitcoin-39c711d28eb4)
* [The Willy Report: proof of massive fraudulent trading activity at Mt. Gox, and how it has affected the price of Bitcoin](https://willyreport.wordpress.com/2014/05/25/the-willy-report-proof-of-massive-fraudulent-trading-activity-at-mt-gox-and-how-it-has-affected-the-price-of-bitcoin/)
* [Coinbase Insider Trading: Litecoin Edition](https://medium.com/@bitfinexed/coinbase-insider-trading-litecoin-edition-be64ead3facc)
* [Best of Bitcoin Maximalist - Scammers, Morons, Clowns, Shills & BagHODLers - Inside The New New Crypto Ponzi Economics (Book Edition) - Trolly McTrollface, et al](https://bitsblocks.github.io/bitcoin-maximalist)
* **Smart Contract Security**
* * [Practical Smart Contract Security Analysis and Exploitation— Part 1 - Bernhard Mueller](https://hackernoon.com/practical-smart-contract-security-analysis-and-exploitation-part-1-6c2f2320b0c)
* **Talks/Presentations**
* [Deanonymisation of Clients in Bitcoin P2P Network](http://orbilu.uni.lu/bitstream/10993/18679/1/Ccsfp614s-biryukovATS.pdf)
* We present an effcient method to deanonymize Bitcoin users, which allows to link user pseudonyms to the IP addresses where the transactions are generated. Our techniques work for the most common and the most challenging scenario when users are behind NATs or firewalls of their ISPs. They allow to link transactions of a user behind a NAT and to distinguish connections and transactions of different users behind the same NAT. We also show that a natural countermeasure of using Tor or other anonymity services can be cut-out by abusing anti-DoS countermeasures of the Bitcoin network. Our attacks require only a few machines and have been experimentally verifed. The estimated success rate is between 11% and 60% depending on how stealthy an attacker wants to be. We propose several countermeasures to mitigate these new attacks.
--------------
To Do:
* Add:
* List of Books
* Educational Materials for those interested in learning about crypto
* Info about Monero/Zcash
* List of attacks
* List of various Algorithms
* History of
* [Crypto.is](https://crypto.is/)
* Crypto.is is an organization designed to assist and encourage anonymity and encryption research, development, and use. As part of this goal, we seek to revitalize the Cypherpunk movement and provide better software, security, and anonymity to individuals worldwide.
* [Unboxing the White-Box Practical attacks against Obfuscated Ciphers](https://www.riscure.com/uploads/2017/09/eu-15-sanfelix-mune-dehaas-unboxing-the-white-box-wp_v1.1.pdf)
* https://stribika.github.io/2015/01/04/secure-secure-shell.html
* [Differential Computation Analysis: Hiding Your White-Box Designs is Not Enough (video)](https://www.youtube.com/watch?v=4FLqTRgCeVE)
* [Cryptographic Right Answers - Latacora](https://latacora.singles/2018/04/03/cryptographic-right-answers.html)
* [HTTPS in the real world - Robert Heaton](https://robertheaton.com/2018/11/28/https-in-the-real-world/)
* [SIGMA: the ‘SIGn-and-MAc’ Approach to Authenticated Diffie-Hellman and its Use in the IKE Protocols - Hugo Krawczyk](http://webee.technion.ac.il/~hugo/sigma-pdf.pdf)
* [Generic Attacks against MAC algorithms - Gaëtan Leurent](https://who.rocq.inria.fr/Gaetan.Leurent/files/Generic_SAC15.pdf)
* [Roughtime: Securing Time with Digital Signatures - CloudFlare](https://blog.cloudflare.com/roughtime/)
* [Auditing KRACKs in Wi-Fi - Preventing all attacks is hard in practice By Mathy Vanhoef of imec-DistriNet, KU Leuven, 2018](https://www.krackattacks.com/followup.html)
* [Hash-based Signatures: An illustrated Primer - Matthew Green](https://blog.cryptographyengineering.com/2018/04/07/hash-based-signatures-an-illustrated-primer/)

+ 22
- 52
Draft/Defense.md View File

@ -18,42 +18,17 @@
* [New feature in Office 2016 can block macros and help prevent infection](https://web.archive.org/web/20180527161910/https://cloudblogs.microsoft.com/microsoftsecure/2016/03/22/new-feature-in-office-2016-can-block-macros-and-help-prevent-infection/?source=mmpc)
* [Defensive Coding Strategies for a High-Security Environment - Matt Graeber - PowerShell Conference EU 2017](https://www.youtube.com/watch?reload=9&v=O1lglnNTM18)
* [What is conditional access in Azure Active Directory? - docs.ms](https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview)
* [Windows 10 Security Checklist Starter Kit - itprotoday](https://www.itprotoday.com/industry-perspectives/windows-10-security-checklist-starter-kit)
* [What is Active Directory Red Forest Design? - social.technet.ms](https://social.technet.microsoft.com/wiki/contents/articles/37509.what-is-active-directory-red-forest-design.aspx)
* [Securing Privileged Access Reference Material - docs.ms](https://docs.microsoft.com/en-us/windows-server/identity/securing-privileged-access/securing-privileged-access-reference-material)
* [Understanding “Red Forest”: The 3-Tier Enhanced Security Admin Environment (ESAE) and Alternative Ways to Protect Privileged Credentials - ultimatewindowsecurity](https://www.ultimatewindowssecurity.com/webinars/register.aspx?id=1409)
* [Planting the Red Forest: Improving AD on the Road to ESAE - Jacques Louw and Katie Knowles](https://www.mwrinfosecurity.com/our-thinking/planting-the-red-forest-improving-ad-on-the-road-to-esae/)
* [MongoDB Security Checklist](https://docs.mongodb.com/manual/administration/security-checklist/)
* [kethash](https://github.com/cyberark/ketshash)
* A little tool for detecting suspicious privileged NTLM connections, in particular Pass-The-Hash attack, based on event viewer logs.
* [How to track down USB flash drive usage with Windows 10's Event Viewer - techrepublic](https://www.techrepublic.com/article/how-to-track-down-usb-flash-drive-usage-in-windows-10s-event-viewer/)
* [How to Analyze USB Device History in Windows - magnetforensics.com](https://www.magnetforensics.com/computer-forensics/how-to-analyze-usb-device-history-in-windows/)
* [ERNW Repository of Hardening Guides](https://github.com/ernw/hardening)
* This repository contains various hardening guides compiled by ERNW for various purposes. Most of those guides strive to provide a baseline level of hardening and may lack certain hardening options which could increase the security posture even more (but may have impact on operations or required operational effort).
* [Planning for Compromise - docs.ms](https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/planning-for-compromise)
* [Application Whitelist Auditor - airlockdigital](https://www.airlockdigital.com/application-whitelisting-auditor/)
* [iconSimple Software-Restriction Policy - iwrconsultancy](https://iwrconsultancy.co.uk/softwarepolicy)
* [Recon by Fire](https://github.com/HewlettPackard/reconbf)
* Recon is a tool for reviewing the security configuration of a local system. It can detect existing issues, known-insecure settings, existing strange behaviour, and options for further hardening. Recon can be used in existing systems to find out which elements can be improved and can provide some information about why the change is recommended. It can also be used to scan prepared system images to verify that they contain the expected protection.
* [How to Allow Non-Admin Users to Start/Stop Windows Service - woshub.com](http://woshub.com/set-permissions-on-windows-service/)
* [Protect your enterprise data using Windows Information Protection (WIP) - docs.ms](https://docs.microsoft.com/en-us/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip)
* [Security WatchLock Up Your Domain Controllers - Steve Riley - docs.ms](https://docs.microsoft.com/en-us/previous-versions/technet-magazine/cc160936(v=msdn.10))
* [Creating a Secure Environment using PowerShell Desired State Configuration - blogs.ms](https://blogs.msdn.microsoft.com/powershell/2014/07/21/creating-a-secure-environment-using-powershell-desired-state-configuration/)
* [BeyondCorp - Google](https://cloud.google.com/beyondcorp/)
* [Securing Privileged Access Reference Material - docs.ms](https://docs.microsoft.com/en-us/windows-server/identity/securing-privileged-access/securing-privileged-access-reference-material)
----------------------------
### Defense & Hardening
* **101**
* [Center for Internet Security](https://www.cisecurity.org/)
* [CIS Top 20 Controls](https://www.cisecurity.org/controls/cis-controls-list/)
* [CIS Benchmark Guides](https://www.cisecurity.org/cis-benchmarks/)
* **General Concepts**
* **Zero-Trust Networks**
* [BeyondCorp - Google](https://cloud.google.com/beyondcorp/)
* [Securing Privileged Access Reference Material - docs.ms](https://docs.microsoft.com/en-us/windows-server/identity/securing-privileged-access/securing-privileged-access-reference-material)
* **Access Control** <a name="acl"></a>
* [Capirca](https://github.com/google/capirca)
* Capirca is a tool designed to utilize common definitions of networks, services and high-level policy files to facilitate the development and manipulation of network access control lists (ACLs) for various platforms. It was developed by Google for internal use, and is now open source.
@ -73,10 +48,8 @@
* [Slides](https://www.blackhat.com/docs/us-16/materials/us-16-Malone-Using-An-Expanded-Cyber-Kill-Chain-Model-To-Increase-Attack-Resiliency.pdf)
* [PE-sieve](https://github.com/hasherezade/pe-sieve)
* PE-sieve scans a given process, searching for the modules containing in-memory code modifications. When found, it dumps the modified PE.
* [ClrGuard](https://github.com/endgameinc/ClrGuard)
* ClrGuard is a proof of concept project to explore instrumenting the Common Language Runtime (CLR) for security purposes. ClrGuard leverages a simple appInit DLL (ClrHook32/64.dll) in order to load into all CLR/.NET processes. From there, it performs an in-line hook of security critical functions. Currently, the only implemented hook is on the native LoadImage() function. When events are observed, they are sent over a named pipe to a monitoring process for further introspection and mitigation decision.
* **Application Whitelisting** <a name="whitelist"></a>
* [Guide to Application Whitelisting - NIST Special Publication 800 - 167](http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-167.pdf)
* [Guide to Application Whitelisting - NIST Special Publication 800 - 167](http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-167.pdf)
* **Attack Surface Analysis/Reduction** <a name="asa"></a>
* **General**
* [Intrigue-core](https://github.com/intrigueio/intrigue-core)
@ -256,6 +229,9 @@
* [Securing Microsoft Active Directory Federation Server (ADFS)](https://adsecurity.org/?p=3782)
* [Awesome Windows Domain Hardening](https://github.com/PaulSec/awesome-windows-domain-hardening/blob/master/README.md)
* [The Most Common Active Directory Security Issues and What You Can Do to Fix Them - adsecurity](https://adsecurity.org/?p=1684)
* **Adversary Resilience Methodology**
* [Introducing the Adversary Resilience Methodology — Part One - specterops](https://posts.specterops.io/introducing-the-adversary-resilience-methodology-part-one-e38e06ffd604)
* [Introducing the Adversary Resilience Methodology — Part Two](https://posts.specterops.io/introducing-the-adversary-resilience-methodology-part-two-279a1ed7863d)
* **Awareness**
* [NtdsAudit](https://github.com/Dionach/NtdsAudit)
* NtdsAudit is an application to assist in auditing Active Directory databases. It provides some useful statistics relating to accounts and passwords. It can also be used to dump password hashes for later cracking.
@ -311,6 +287,8 @@
* [Second section good resource for hardening windows](http://labs.bitdefender.com/2014/11/do-your-bit-to-limit-cryptowall/)
* [Secure-Host-Baseline](https://github.com/iadgov/Secure-Host-Baseline)
* Configuration guidance for implementing the Windows 10 and Windows Server 2016 DoD Secure Host Baseline settings. iadgov
* [Network access: Restrict clients allowed to make remote calls to SAM - docs.ms](https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls)
* The Network access: Restrict clients allowed to make remote calls to SAM security policy setting controls which users can enumerate users and groups in the local Security Accounts Manager (SAM) database and Active Directory. The setting was first supported by Windows 10 version 1607 and Windows Server 2016 (RTM) and can be configured on earlier Windows client and server operating systems by installing updates from the KB articles listed in Applies to section of this topic.
* [SAMRi10 - Hardening SAM Remote Access in Windows 10/Server 2016](https://gallery.technet.microsoft.com/SAMRi10-Hardening-Remote-48d94b5b#content)
* "SAMRi10" tool is a short PowerShell (PS) script which alters remote SAM access default permissions on Windows 10 & Windows Server 2016. This hardening process prevents attackers from easily getting some valuable recon information to move laterally within their victim's network.
* [Enable Attack surface reduction - docs.ms](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction)
@ -392,6 +370,8 @@
* **USB Detection**
* [BEAMGUN](https://github.com/JLospinoso/beamgun)
* A rogue-USB-device defeat program for Windows.
* [How to Analyze USB Device History in Windows - magnetforensics.com](https://www.magnetforensics.com/computer-forensics/how-to-analyze-usb-device-history-in-windows/)
* [How to track down USB flash drive usage with Windows 10's Event Viewer - techrepublic](https://www.techrepublic.com/article/how-to-track-down-usb-flash-drive-usage-in-windows-10s-event-viewer/)
* **Tools**
* [Artillery](https://github.com/BinaryDefense/artillery)
* Artillery is a combination of a honeypot, monitoring tool, and alerting system. Eventually this will evolve into a hardening monitoring platform as well to detect insecure configurations from nix systems.
@ -473,6 +453,9 @@
* [The Evolution of Protected Processes Part 2: Exploit/Jailbreak Mitigations, Unkillable Processes and Protected Services](https://www.crowdstrike.com/blog/evolution-protected-processes-part-2-exploitjailbreak-mitigations-unkillable-processes-and/)
* [Protected Processes Part 3: Windows PKI Internals (Signing Levels, Scenarios, Signers, Root Keys, EKUs & Runtime Signers)](https://www.crowdstrike.com/blog/protected-processes-part-3-windows-pki-internals-signing-levels-scenarios-signers-root-keys/)
* [Mitigate threats by using Windows 10 security features](https://docs.microsoft.com/en-us/windows/threat-protection/overview-of-threat-mitigations-in-windows-10)
* **.NET Instrumentation**
* [ClrGuard](https://github.com/endgameinc/ClrGuard)
* ClrGuard is a proof of concept project to explore instrumenting the Common Language Runtime (CLR) for security purposes. ClrGuard leverages a simple appInit DLL (ClrHook32/64.dll) in order to load into all CLR/.NET processes. From there, it performs an in-line hook of security critical functions. Currently, the only implemented hook is on the native LoadImage() function. When events are observed, they are sent over a named pipe to a monitoring process for further introspection and mitigation decision.
* **Powershell**
* **Analysis**
* [Powershell Download Cradles - Matthew Green](https://mgreen27.github.io/posts/2018/04/02/DownloadCradle.html)
@ -492,23 +475,10 @@
### Sort
* [A Linux Auditd rule set mapped to MITRE's Attack Framework](https://github.com/bfuzzy/auditd-attack)
* [Introducing the Adversary Resilience Methodology — Part One - specterops](https://posts.specterops.io/introducing-the-adversary-resilience-methodology-part-one-e38e06ffd604)
* [Introducing the Adversary Resilience Methodology — Part Two](https://posts.specterops.io/introducing-the-adversary-resilience-methodology-part-two-279a1ed7863d)
* [Using an Expanded Cyber Kill Chain Model to Increase Attack Resiliency - Sean Malone - BHUSA16](https://www.youtube.com/watch?v=1Dz12M7u-S8)
* We'll review what actions are taken in each phase, and what's necessary for the adversary to move from one phase to the next. We'll discuss multiple types of controls that you can implement today in your enterprise to frustrate the adversary's plan at each stage, to avoid needing to declare "game over" just because an adversary has gained access to the internal network. The primary limiting factor of the traditional Cyber Kill Chain is that it ends with Stage 7: Actions on Objectives, conveying that once the adversary reaches this stage and has access to a system on the internal network, the defending victim has already lost. In reality, there should be multiple layers of security zones on the internal network, to protect the most critical assets. The adversary often has to move through numerous additional phases in order to access and manipulate specific systems to achieve his objective. By increasing the time and effort required to move through these stages, we decrease the likelihood of the adversary causing material damage to the enterprise.
* [Slides](https://www.blackhat.com/docs/us-16/materials/us-16-Malone-Using-An-Expanded-Cyber-Kill-Chain-Model-To-Increase-Attack-Resiliency.pdf)
* [Network access: Restrict clients allowed to make remote calls to SAM - docs.ms](https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/network-access-restrict-clients-allowed-to-make-remote-sam-calls)
* The Network access: Restrict clients allowed to make remote calls to SAM security policy setting controls which users can enumerate users and groups in the local Security Accounts Manager (SAM) database and Active Directory. The setting was first supported by Windows 10 version 1607 and Windows Server 2016 (RTM) and can be configured on earlier Windows client and server operating systems by installing updates from the KB articles listed in Applies to section of this topic.
* [AuditScripts - CIS Critical Security Controls](https://www.auditscripts.com/free-resources/critical-security-controls/)
* [Windows ISV Software Security Defenses - msdn](https://msdn.microsoft.com/en-us/library/bb430720.aspx)
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/ee791851(v=ws.11)
* [DevSec Hardening Framework](https://github.com/dev-sec)
AuditD
* [A Linux Auditd rule set mapped to MITRE's Attack Framework](https://github.com/bfuzzy/auditd-attack)

+ 0
- 12
Draft/Games.md View File

@ -10,18 +10,6 @@
* [Tools](#tools)
#### Sort
Fix ToC
#### End Sort
------------
### <a name="general"></a>General


+ 374
- 0
Draft/Osint.md View File

@ -0,0 +1,374 @@
# Open Source Intelligence
## Table of Contents
- [General](#general)
- [Articles/Writeups](#writeups)
- [Presentations & Talks](#talks)
- [Tools](#tools))
- [CVS/Git/Similar](#cvs)
- [DNS Stuff/related](#dns)
- [Email Gathering](#email)
- [Fancy Search Engines](#search)
- [Search Engine Dorks](#gh)
- [Site Specific Tools](#site)
- [Social Media Search/Enumeration](#social)
- [Company/People Searching](#ppl)
- [Reference Sites](#reference)
- [Miscellaneous](#misc)
#### Sort
* Add list of Sources:
* UCC - Uniform Commercial Code;
* DOC - Current Industrial Patents;
* DMV - Vehicle Ownership applications;
* Patents - Patent DBs;
* Operating Licenses/Permits;
* Trade Journals;
* [asint collection - start.me](https://start.me/p/b5Aow7/asint_collection)
* [cloud_enum](https://github.com/initstring/cloud_enum)
* Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.
* [SingleFile](https://github.com/gildas-lormeau/SingleFile)
* SingleFile is a Web Extension compatible with Chrome, Firefox (Desktop and Mobile), Chromium-based Edge, Vivaldi, Brave, Waterfox, Yandex browser, and Opera. It helps you to save a complete web page into a single HTML file.
--------------------
### <a name="general"></a>General
* **General**
* SWOT - Strengths, Weaknesses, Opportunities, Threats
* **101**
* [Open Source Intelligence - Wikipedia](http://en.wikipedia.org/wiki/Open-source_intelligence)
* **Articles/Writeups**
* [Hunting Pastebin with PasteHunter](https://techanarchy.net/2017/09/hunting-pastebin-with-pastehunter/)
* [Open Source Intelligence Gathering 101 - appseco.com](https://blog.appsecco.com/open-source-intelligence-gathering-101-d2861d4429e3)
* [Open Source Intelligence Gathering 201 - appseco.com](https://blog.appsecco.com/open-source-intelligence-gathering-201-covering-12-additional-techniques-b76417b5a544)
* [Open Source Intelligence Gathering: Techniques, Automation, and Visualization - Christopher Maddalena](https://posts.specterops.io/gathering-open-source-intelligence-bee58de48e05)
* [The OSINT Connection: Intelligence In Executive Protection - protectioncircle.com](https://protectioncircle.org/2017/03/06/the-osint-connection-intelligence-in-executive-protection/)
* **Alerting**
* [Google Trends](https://trends.google.com/trends/)
* See what are the popular related topics people are searching for. This will help widen your search scope.
* [Google Alerts](https://www.google.com/alerts)
* Google Alerts are email updates of the latest relevant Google results (web, news, etc.) based on your queries.
* [PasteLert](https://www.andrewmohawk.com/pasteLert/)
* PasteLert is a simple system to search pastebin.com and set up alerts (like google alerts) for pastebin.com entries. This means you will automatically recieve email whenever your term(s) is/are found in new pastebin entries!
* **Educational**
* [Intelligence Gathering - PTES](http://www.pentest-standard.org/index.php/Intelligence_Gathering)
* [Corporate Espionage without the Hassle of Committing Felonies](https://www.slideshare.net/JohnCABambenek/corporate-espionage-without-the-hassle-of-committing-felonies)
* [NATO Open Source Intelligence Handbook](http://www.oss.net/dynamaster/file_archive/030201/ca5fb66734f540fbb4f8f6ef759b258c/NATO%20OSINT%20Handbook%20v1.2%20%2d%20Jan%202002.pdf)
* [OSINT toolbag guide - pdf](http://www.phibetaiota.net/wp-content/uploads/2013/07/2013-07-11-OSINT-2ool-Kit-On-The-Go-Bag-O-Tradecraft.pdf)
* [Intel Briefing: The Future of OSINT - Robert Munks](https://www.janes.com/article/88791/intel-briefing-the-future-of-osint)
* This is an extract of a 60 minute live webcast available to subscribers of Jane's Intelligence Centres. In this briefing focusing on the future of open source intelligence collection, Jane's analysts will explore the following themes: A 'golden age' of open-source and social media intelligence; prospects for valuable open sources to 'go dark'; commercial satellite imagery and industry expands and future challenges for organisations conducting OSINT.
* **OSINT Based News**
* [JustSecurity](https://www.justsecurity.org/)
* Just Security is an online forum for the rigorous analysis of U.S. national security law and policy. We aim to promote principled and pragmatic solutions to national security problems that decision-makers face. Our Board of Editors includes individuals with significant government experience, civil society attorneys, academics, and other leading voices. Just Security is based at the Center for Human Rights and Global Justice at New York University School of Law.
* [OSINTInsight](http://www.osintinsight.com/shared.php?user=Mediaquest&folderid=0)
* [Janes](http://www.janes.com/)
* [bell?ngcat](https://www.bellingcat.com/)
* By and for citizen investigative journalists
* [NightWatch](http://www.kforcegov.com/Solutions/IAO/NightWatch/About.aspx)
* NightWatch is an executive commentary and analysis of events that pose or advance threats to US national security interests. It is deliberately edgy in the interest of clarity and brevity. As a product for executives, the distribution and all feedback comments are anonymous.
* [RSOE EDIS - Emergency and Disaster Information Service](http://hisz.rsoe.hu/alertmap/index2.php)
* **Resources**
* [Awesome-OSINT](https://github.com/jivoi/awesome-osint)
* [OSINT Framework](http://osintframework.com/)
* [OSINT Resources - greynetwork2](https://sites.google.com/site/greynetwork2/home/osint-resources)
* [Intel Techniques - Links](http://www.inteltechniques.com/links.html)
* [toddington - resources](https://www.toddington.com/resources/)
* [onstrat - osint](http://www.onstrat.com/osint/)
* http://osintinsight.com/shared.php?expand=169,175&folderid=0&user=Mediaquest
* [Open Source Intelligence (OSINT) Tools & Resources - osint.link](http://osint.link/)
* Seems pretty good.
* [Midasearch.org](https://midasearch.org/)
* [Open Source Intelligence Resources - toddington.com](https://www.toddington.com/resources/)
* [OSINT - onstrat](http://www.onstrat.com/osint/)
* **IntelTechniques OSINT Flowcharts**
* [Email Address](https://inteltechniques.com/data/Email.png)
* [Domain Name](https://inteltechniques.com/data/Domain.png)
* [Real Name](https://inteltechniques.com/data/Real%20Name.png)
* [Telephone #](https://inteltechniques.com/data/Telephone.png)
* [Location](https://inteltechniques.com/data/location.png)
* [User Name](https://inteltechniques.com/data/Username.png)
* **Writeups**
* [Fantastic OSINT and where to find it - blindseeker/malware focused](http://archive.is/sYzcP#selection-62.0-62.1)
* [Some blog posts describing/bringing you up to speed on OSINT by krypt3ia](http://krypt3ia.wordpress.com/2012/01/11/the-subtle-art-of-osint/)
* [Glass Reflections in Pictures + OSINT = More Accurate Location](http://blog.ioactive.com/2014/05/glass-reflections-in-pictures-osint.html)
* [Exploring the Github Firehose](http://blog.scalyr.com/2013/10/exploring-the-github-firehose/)
* [OSINT Through Sender Policy Framework (SPF) Records](https://community.rapid7.com/community/infosec/blog/2015/02/23/osint-through-sender-policy-framework-spf-records)
* [Hunting with ꓘamerka 2.0 aka FIST (Flickr, Instagram, Shodan, Twitter)](https://hackernoon.com/hunting-with-%EA%93%98amerka-2-0-aka-fist-flickr-instagram-shodan-twitter-ca363f12562a)
* [ꓘamerka 2.0 aka FIST (Flickr, Instagram, Shodan, Twitter)](https://github.com/woj-ciech/kamerka)
* Build interactive map of cameras, printers, tweets and photos. The script creates a map of cameras, printers, tweets and photos based on your coordinates. Everything is clearly presented in form of interactive map with icons and popups.
* **Talks & Presentations**
* [Cognitive Bias and Critical Thinking in Open Source Intelligence - Defcamp 2014](https://www.youtube.com/watch?v=pVAM21UERLU&index=24&list=PLnwq8gv9MEKgSryzYIFhpmCcqnVzdUWfH)
* [Dark Arts of OSINT Skydogcon](https://www.youtube.com/watch?v=062pLOoZhk8)
* [Developing a Open Source Threat Intelligence Program—Edward McCabe](http://www.irongeek.com/i.php?page=videos/circlecitycon2014/105-developing-a-open-source-threat-intelligence-program-edward-mccabe)
* What if you could get out in front of common threats such as botnets, scanners and malware? Good news, you can. Learn about one geeks struggle with life on the Internet of (bad) things when it comes to being online, identifying “odd” things, and developing an Open Source Threat Intelligence Program from Open Source Tools and Public Sources.
* [Corporate Espionage: Gathering Actionable Intelligence Via Covert Operations - Brent White - Defcon22](https://www.youtube.com/watch?v=D2N6FclMMTg)
* [How to Use Python to Spy on Your Friends: Web APIs, Recon ng, & OSINT](https://www.youtube.com/watch?v=BOjz7NfsLpA)
* [Practical OSINT - Shane MacDougall](https://www.youtube.com/watch?v=cLmEJLy7dv8)
* There’s more to life to OSINT than google scraping and social media harvesting. Learn some practical methods to automate information gathering, explore some of the most useful tools, and learn how to recognize valuable data when you see it. Not only will we explore various tools, attendees will get access to unpublished transforms they can use/modify for their own use.
* [Pwning People Personally - Josh Schwartz](https://www.youtube.com/watch?v=T2Ha-ZLZTz0)
* [You're Leaking Trade Secrets - Defcon22 Michael Schrenk](https://www.youtube.com/watch?v=JTd5TL6_zgY)
* Networks don't need to be hacked for information to be compromised. This is particularly true for organizations that are trying to keep trade secrets. While we hear a lot about personal privacy, little is said in regard to organizational privacy. Organizations, in fact, leak information at a much greater rate than individuals, and usually do so with little fanfare. There are greater consequences for organizations when information is leaked because the secrets often fall into the hands of competitors. This talk uses a variety of real world examples to show how trade secrets are leaked online, and how organizational privacy is compromised by seemingly innocent use of The Internet.
* [ZOMG Its OSINT Heaven Tazz Tazz](https://www.youtube.com/watch?v=cLmEJLy7dv8)
* **OSINT Tools/Resources** <a name="tools"></a>
* **Tools**
* **DNS**
* [blacksheepwall](https://github.com/tomsteele/blacksheepwall)
* blacksheepwall is a hostname reconnaissance tool
* **All-in-One**
* [Maltego](https://www.paterva.com/web6/products/maltego.php)
* Description: What you use to tie everything together.
* [Oryon C Portable](http://osintinsight.com/oryon.php)
* Oryon C Portable is a web browser designed to assist researchers in conducting Open Source Intelligence investigations. Oryon comes with dozens of pre-installed tools and a select set of links cataloged by category – including those that can be found in the OI Shared Resources.
* [OSINT Mantra](http://www.getmantra.com/hackery/osint.html)
* [Recon-ng](https://bitbucket.org/LaNMaSteR53/recon-ng)
* Description: Recon-ng is a full-featured Web Reconnaissance framework written in Python. Complete with independent modules, database interaction, built in convenience functions, interactive help, and command completion, Recon-ng provides a powerful environment in which open source web-based reconnaissance can be conducted quickly and thoroughly.
* [TouchGraph SEO Browser](http://www.touchgraph.com/seo)
* Use this free Java application to explore the connections between related websites.
* [Th3inspector](https://github.com/Moham3dRiahi/Th3inspector)
* Tool that automates OSINT collection. Seems to gather from a variety of sources. Perl script.
* [gasmask](https://github.com/twelvesec/gasmask)
* All in one Information gathering tool - OSINT
* **Certificate Transparency**
* [ct-exposer](https://github.com/chris408/ct-exposer)
* An OSINT tool that discovers sub-domains by searching Certificate Transparency logs. Certificate Transparency (CT) is an experimental IETF standard. The goal of it was to allow the public to audit which certificates were created by Certificate Authorities (CA). TLS has a weakness that comes from the large list of CAs that your browser implicitly trusts. If any of those CAs were to maliciously create a new certificate for a domain, your browser would trust it. CT adds benefits to TLS certificate trust: Companies can monitor who is creating certificates for the domains they own. It also allows browsers to verify that the certificate for a given domain is in the public log record. These logs end up being a gold mine of information for penetration testers and red teams.
* **Data Manipulation**
* [Danger-zone](https://github.com/woj-ciech/Danger-zone/blob/master/README.md)
* Correlate data between domains, ips and email addresses, present it as a graph and store everything into Elasticsearch and JSON files.
* [Article](https://medium.com/@woj_ciech/osint-tool-for-visualizing-relationships-between-domains-ips-and-email-addresses-94377aa1f20a)
* [OpenRefine](https://github.com/OpenRefine/OpenRefine)
* Description: OpenRefine is a power tool that allows you to load data, understand it, clean it up, reconcile it to master database, and augment it with data coming from Freebase or other web sources. All with the comfort and privacy of your own computer.
* [OSRFramework](https://github.com/i3visio/osrframework)
* OSRFramework is a GNU AGPLv3+ set of libraries developed by i3visio to perform Open Source Intelligence tasks. They include references to a bunch of different applications related to username checking, DNS lookups, information leaks research, deep web search, regular expressions extraction and many others. At the same time, by means of ad-hoc Maltego transforms, OSRFramework provides a way of making these queries graphically as well as several interfaces to interact with like OSRFConsole or a Web interface.
* **Geolocation**
* [Creepy.py](http://ilektrojohn.github.io/creepy/)
* Description: Creepy is a geolocation OSINT tool. Gathers geolocation related information from online sources, and allows for presentation on map, search filtering based on exact location and/or date, export in csv format or kml for further analysis in Google Maps.
* **Research Collection/Organization**
* [hunch.ly](https://hunch.ly/)
* Paid web archiving tool
* [zotero.org](https://www.zotero.org/)
* Research Collection/Organization Tool
* **Company/People Searching** <a name="ppl"></a>
* [data.com](https://www.data.com/)
* [LittleSis](https://littlesis.org/)
* LittleSis is a free database of who-knows-who at the heights of business and government.
* [Jigsaw](http://jigsawbusinessgroup.com/what-we-do/people/)
* Jigsaw is a prospecting tool used by sales professionals, marketers and recruiters to get fresh and accurate sales leads and business contact information.
* [Spokeo](https://www.spokeo.com/)
* Spokeo is a people search engine that organizes white pages listings, public records and social network information into simple profiles to help you safely find and learn about people.\
* [Hoovers](http://www.hoovers.com/)
* Search over 85 million companies within 900 industry segments; Hoover's Reports Easy-to-read reports on key competitors, financials, and executives
* [Market Visual](http://www.marketvisual.com/)
* Search Professionals by Name, Company or Title
* [Glass Door](https://www.glassdoor.com/)
* Search jobs then look inside. Company salaries, reviews, interview questions, and more all posted anonymously by employees and job seekers.
* [192](http://www.192.com/)
* Find people, businesses and places in the UK with 192.com. Directory enquiries, a people finder, business listings and detailed maps with aerial photos.
* [corporationwiki](https://www.corporationwiki.com/)
* [orbis](https://orbisdirectory.bvdinfo.com/version-2017821/OrbisDirectory/Companies)
* Company information across the globe
* **Country Specific Resources**
* **USA**
* [SEC EDGAR Search](https://www.sec.gov/edgar/searchedgar/webusers.htm)
* [US Congressional Research Service - crsreports.congress.gov](https://crsreports.congress.gov/search/#/?termsToSearch=&orderBy=Date)
* **CVS/Git/Similar Focused** <a name="cvs"></a>
* [repo-supervisor](https://github.com/auth0/repo-supervisor)
* [GitPrey](https://github.com/repoog/GitPrey)
* GitPrey is a tool for searching sensitive information or data according to company name or key word something.The design mind is from searching sensitive data leakling in Github:
* [git-all-secrets](https://github.com/anshumanbh/git-all-secrets)
* A tool to capture all the git secrets by leveraging multiple open source git searching tools
* [github-firehose](https://www.npmjs.com/package/github-firehose)
* A library that will connect to github and emit events from the Github Event API in near-real-time
* [Exploring the Github Firehose](http://blog.scalyr.com/2013/10/exploring-the-github-firehose/)
* [Gitem](https://github.com/mschwager/gitem)
* Gitem is a tool for performing Github organizational reconnaissance.
* [Truffle Hog](https://github.com/dxa4481/truffleHog)
* Searches through git repositories for high entropy strings, digging deep into commit history and branches. This is effective at finding secrets accidentally committed that contain high entropy.
* [dvcs-ripper](https://github.com/kost/dvcs-ripper)
* Rip web accessible (distributed) version control systems: SVN, GIT, Mercurial/hg, bzr, ... It can rip repositories even when directory browsing is turned off.
* [Truffle Hog](https://github.com/dxa4481/truffleHog)
* Searches through git repositories for high entropy strings, digging deep into commit history
* [DVCS-Pillage](https://github.com/evilpacket/DVCS-Pillage)
* Pillage web accessible GIT, HG and BZR repositories. I thought it would be useful to automate some other techniques I found to extract code, configs and other information from a git,hg, and bzr repo's identified in a web root that was not 100% cloneable. Each script extracts as much knowledge about the repo as possible through predictable file names and known object hashes, etc.
* [gitdigger](https://github.com/wick2o/gitDigger)
* gitDigger: Creating realworld wordlists from github hosted data.
* [gitrob](https://github.com/michenriksen/gitrob)
* Gitrob is a command line tool which can help organizations and security professionals find sensitive information lingering in publicly available files on GitHub. The tool will iterate over all public organization and member repositories and match filenames against a range of patterns for files that typically contain sensitive or dangerous information. Looking for sensitive information in GitHub repositories is not a new thing, it has been [known for a while](http://blog.conviso.com.br/2013/06/github-hacking-for-fun-and-sensitive.html) that things such as private keys and credentials can be found with GitHub's search functionality, however Gitrob makes it easier to focus the effort on a specific organization.
* [reposcanner](https://github.com/Dionach/reposcanner)
* Python script to scan Git repos for interesting strings
* [gitleaks](https://github.com/zricethezav/gitleaks)
* Searches full repo history for secrets and keys
* [Reposcanner](https://github.com/Dionach/reposcanner)
* Reposcanner is a python script to search through the commit history of Git repositories looking for interesting strings such as API keys, inspired by truffleHog.
* **DNS Stuff** <a name="dns"></a>
* [dauntless](https://github.com/cmeister2/dauntless)
* Tools for analysing the forward DNS data set published at https://scans.io/study/sonar.fdns_v2
* [dnstwist](https://github.com/elceef/dnstwist)
* Domain name permutation engine for detecting typo squatting, phishing and corporate espionage
* [typofinder](https://github.com/nccgroup/typofinder)
* Typofinder for domain typo discovery
* **Domain Recon**
* **Tools**
* [Waybackpack](https://github.com/jsvine/waybackpack)
* Waybackpack is a command-line tool that lets you download the entire Wayback Machine archive for a given URL.
* [domain - jhaddix](https://github.com/jhaddix/domain)
* Recon-ng and Alt-DNS are awesome. This script combines the power of these tools with the ability to run multiple domains within the same session. TLDR; I just want to do my subdomain discovery via ONE command and be done with it. Only 1 module needs an api key (/api/google_site) find instructions for that on the recon-ng wiki. Script to enumerate subdomains, leveraging recon-ng. Uses google scraping, bing scraping, baidu scraping, yahoo scraping, netcraft, and bruteforces to find subdomains. Plus resolves to IP
* [check0365](https://github.com/vysecurity/checkO365)
* checkO365 is a tool to check if a target domain is using O365
* **Email Gathering/Reconnaissance** <a name="email"></a>
* **Articles/Writeups**
* [OSINT Through Sender Policy Framework Records](https://community.rapid7.com/community/infosec/blog/2015/02/23/osint-through-sender-policy-framework-spf-records)
* [The most complete guide to finding anyone’s email - Timur Daudpota](https://www.blurbiz.io/blog/the-most-complete-guide-to-finding-anyones-email)
* **Tools**
* [SimplyEmail](https://github.com/killswitch-GUI/SimplyEmail)
* What is the simple email recon tool? This tool was based off the work of theHarvester and kind of a port of the functionality. This was just an expansion of what was used to build theHarvester and will incorporate his work but allow users to easily build Modules for the Framework. Which I felt was desperately needed after building my first module for theHarvester.
* [Email Reconnaissance and Phishing Template Generation Made Simple](https://cybersyndicates.com/2016/05/email-reconnaissance-phishing-template-generation-made-simple/)
* [theHarvester](https://github.com/laramies/theHarvester)
* theHarvester is a tool for gathering e-mail accounts, subdomain names, virtual hosts, open ports/ banners, and employee names from different public sources (search engines, pgp key servers).
* [discover.sh](https://github.com/leebaird/discover)
* For use with Kali Linux. Custom bash scripts used to automate various pentesting tasks.
* [Cr3dOv3r](https://github.com/D4Vinci/Cr3dOv3r)
* Cr3dOv3r simply you give it an email then it does two simple jobs (but useful): Search for public leaks for the email and if it any, it returns with all available details about the leak (Using hacked-emails site API). Now you give it this email's old or leaked password then it checks this credentials against 16 websites (ex: facebook, twitter, google...) then it tells you if login successful in any website!
* [Infoga](https://github.com/m4ll0k/Infoga)
* Infoga is a tool gathering email accounts informations (ip,hostname,country,...) from different public source (search engines, pgp key servers and shodan) and check if emails was leaked using haveibeenpwned.com API. Is a really simple tool, but very effective for the early stages of a penetration test or just to know the visibility of your company in the Internet.
* **Facial Mapping Data**
* [Social Mapper](https://github.com/SpiderLabs/social_mapper)
* Social Mapper is a Open Source Intelligence Tool that uses facial recognition to correlate social media profiles across different sites on a large scale. It takes an automated approach to searching popular social media sites for targets names and pictures to accurately detect and group a person’s presence, outputting the results into report that a human operator can quickly review.
* **Fancy Search Engines** <a name="search"></a>
* [Entity Cube](http://entitycube.research.microsoft.com/)
* EntityCube is a research prototype for exploring object-level search technologies, which automatically summarizes the Web for entities (such as people, locations and organizations) with a modest web presence.
* [Silobreaker](http://www.silobreaker.com/)
* Enterprise Semantic Search Engine, allows virtualisation of data, analytics and exploration of key data.
* [iSeek](http://www.iseek.com/#/web)
* Another handy search engine that break results down into easy to manage categories.
* [Carrot2](http://search.carrot2.org/stable/search)
* Carrot2 organizes your search results into topics. With an instant overview of what's available, you will quickly find what you're looking for.
* [Sqoop](http://sqoop.com/)
* OSINT search engine of public documents(handy)
* [GlobalFileSearch](https://ftplike.com)
* An FTP Search Engine that may come in handy.
* [NAPALM FTP Indexer](https://www.searchftps.net/)
* **General Meta Data** <a name="meta"></a>
* [Just-Metadata](https://github.com/ChrisTruncer/Just-Metadata)
* Just-Metadata is a tool that can be used to gather intelligence information passively about a large number of IP addresses, and attempt to extrapolate relationships that might not otherwise be seen. Just-Metadata has "gather" modules which are used to gather metadata about IPs loaded into the framework across multiple resources on the internet. Just-Metadata also has "analysis" modules. These are used to analyze the data loaded Just-Metadata and perform various operations that can identify potential relationships between the loaded systems.
* [MetaGooFil](https://code.google.com/p/metagoofil/)
* Description: Metagoofil is an information gathering tool designed for extracting metadata of public documents (pdf,doc,xls,ppt,docx,pptx,xlsx) belonging to a target company. The tool will perform a search in Google to identify and download the documents to local disk and then will extract the metadata with different libraries like Hachoir, PdfMiner and others. With the results it will generate a report with usernames, software versions and servers or machine names that will help Penetration testers in the information gathering phase.
* [Metashield Analyzer](https://metashieldanalyzer.elevenpaths.com/)
* Description: Metadata documents can help a malicious user to obtain information that is beyond our control in an enterprise environment. Metashield Analyzer is an online service that allows easily check if your office documents contain metadata.
* [PowerMeta](https://github.com/dafthack/PowerMeta)
* PowerMeta searches for publicly available files hosted on various websites for a particular domain by using specially crafted Google, and Bing searches. It then allows for the download of those files from the target domain. After retrieving the files, the metadata associated with them can be analyzed by PowerMeta. Some interesting things commonly found in metadata are usernames, domains, software titles, and computer names.
* **General Data Scrapers** <a name="scrape"></a>
* [XRAY](https://github.com/evilsocket/xray)
* XRay is a tool for recon, mapping and OSINT gathering from public networks.
* [NameCheck](https://www.namecheck.com)
* Search usernames across multiple services/domain registries
* [TheHarvester](From: https://code.google.com/p/theharvester/)
* Description: The objective of this program is to gather emails, subdomains, hosts, employee names, open ports and banners from different public sources like search engines, PGP key servers and SHODAN computer database. This tool is intended to help Penetration testers in the early stages of the penetration test in order to understand the customer footprint on the Internet. It is also useful for anyone that wants to know what an attacker can see about their organization.
* [OSINT OPSEC Tool](https://github.com/hyprwired/osint-opsec-tool)
* Description: The OSINT OPSEC Tool monitors multiple 21st Century OSINT sources real-time for keywords, then analyses the results, generates alerts, and maps trends of the data, finding all sorts of info people probably don't want others to see...
* [Pattern](https://github.com/clips/pattern/blob/master/README.md)
* Pattern is a web mining module for Python. It has tools for: Data Mining: web services (Google,; Twitter, Wikipedia), web crawler, HTML DOM parser; Natural Language Processing: part-of-speech taggers, n-gram search, sentiment analysis, WordNet; Machine Learning: vector space model, clustering, classification (KNN, SVM, Perceptron); Network Analysis: graph centrality and visualization.
* **Paste-Site Scrapers**
* [sniff-paste](https://github.com/needmorecowbell/sniff-paste)
* Multithreaded pastebin scraper, scrapes to mysql database, then reads pastes for noteworthy information.
* **Search Engine Dorks** <a name="gh"></a>
* **101**
* [Google Hacking for Penetration Testers](https://www.blackhat.com/presentations/bh-europe-05/BH_EU_05-Long.pdf)
* [How to Find (Almost) Anything on Google - Barbara Davidson](https://www.netcredit.com/blog/how-to-find-anything-on-google/)
* **Databases/Lists**
* [ExpoitDB archive of the google hacking database](http://www.exploit-db.com/google-dorks/)
* [Google Hacking Database](http://www.hackersforcharity.org/ghdb/)
* We call them 'googledorks': Inept or foolish people as revealed by Google. Whatever you call these fools, you've found the center of the Google Hacking Universe!
* [4500+ Google Dork List 2018 - conzu.de](http://www.conzu.de/en/google-dork-liste-2018-conzu/)
* [List of Google ASE Queries/Dorks - @payloadartist](https://pastebin.com/zYPZNbMK)
* **Tools**
* [GooHak](https://github.com/1N3/Goohak)
* Automatically launch google hacking queries against a target domain to find vulnerabilities and enumerate a target.
* [Google Hacking - Search Diggity tool](http://www.bishopfox.com/resources/tools/google-hacking-diggity/attack-tools/)
* SearchDiggity 3.1 is the primary attack tool of the Google Hacking Diggity Project. It is Bishop Fox’s MS Windows GUI application that serves as a front-end to the most recent versions of our Diggity tools: GoogleDiggity, BingDiggity, Bing LinkFromDomainDiggity, CodeSearchDiggity, DLPDiggity, FlashDiggity, MalwareDiggity, PortScanDiggity, SHODANDiggity, BingBinaryMalwareSearch, and NotInMyBackYard Diggity.
* [GoogD0rker](https://github.com/ZephrFish/GoogD0rker)
* GoogD0rker is a tool for firing off google dorks against a target domain, it is purely for OSINT against a specific target domain. Designed for OSX originally however googD0rker txt now works on all nix platforms.
* **Network Information Search Engines** <a name="nin"></a>
* [Whoisology](https://whoisology.com/)
* Whoisology is a domain name ownership archive with literally billions of searchable and cross referenced domain name whois records.
* **Site Specific** <a name="site"></a>
* **AWS**
* [AWSBucketDump](https://github.com/jordanpotti/AWSBucketDump)
* AWSBucketDump is a tool to quickly enumerate AWS S3 buckets to look for loot. It's similar to a subdomain bruteforcer but is made specifically for S3 buckets and also has some extra features that allow you to grep for delicious files as well as download interesting files if you're not afraid to quickly fill up your hard drive.
* **Facebook**
* [pymk-inspector](https://github.com/GMG-Special-Projects-Desk/pymk-inspector/blob/master/README.md)
* The pymk-inspector is a tool built by Gizmodo's Special Projects Desk that we used for our investigation into Facebook's people you may know (pymk) algorithm.
* [Find FB profiles by Email](https://booleanstrings.com/2018/05/06/how-to-identify-facebook-profiles-from-email-addresses/)
* **Github**
* [profile-summary-for-github](https://github.com/tipsy/profile-summary-for-github)
* Tool for visualizing GitHub profiles
* [Github dorks - finding vulns](http://blog.conviso.com.br/2013/06/github-hacking-for-fun-and-sensitive.html)
* **LinkedIn**
* [InSpy](https://github.com/gojhonny/InSpy)
* A LinkedIn enumeration tool
* [linkedin](https://github.com/eracle/linkedin)
* Linkedin Scraper using Selenium Web Driver, Firefox 45, Ubuntu and Scrapy
* [LinkedInt: A LinkedIn scraper for reconnaissance during adversary simulation](https://github.com/mdsecactivebreach/LinkedInt)
* [LinkedIn Gatherer](https://github.com/DisK0nn3cT/linkedin-gatherer)
* [socilab](http://socilab.com/#home)
* This site allows users to visualize and analyze their LinkedIn network using methods derived from social-scientific research. Full sample output is shown here. The site is free and open-source. Have fun!
* [Linkedin_profiles](https://github.com/wpentester/Linkedin_profiles)
* This script uses selenium to scrape linkedin employee details from a specified company. If the script isn't working, you can always browse to the desired company's employee page and paste in the link on line 69 like this: "employees_page = url"
* [The Secrets of LinkedIn](https://webbreacher.com/2017/01/14/the-secrets-of-linkedin/)
* Grabbing usernames/connections(link analysis)
* [The Endorser](https://github.com/eth0izzle/the-endorser)
* An OSINT tool that allows you to draw out relationships between people on LinkedIn via endorsements/skills.
* [ScrapedIn](https://github.com/dchrastil/ScrapedIn)
* this tool assists in performing reconnaissance using the LinkedIn.com website/API. Provide a search string just as you would on the original website and let ScrapedIn do all the dirty work. Output is stored as an XLSX file, however it is intended to be used with Google Spreadsheets. After importing the XLSX into Google Spreadsheets there will be a "dataset" worksheet and a "report" worksheet.
* [Gathering Usernames from Google LinkedIn Results Using Burp Suite Pro - BHIS](https://www.blackhillsinfosec.com/gathering-usernames-from-google-linkedin-results-using-burp-suite-pro/)
* [GatherContacts](https://github.com/clr2of8/GatherContacts)
* A Burp Suite Extension to pull Employee Names from Google and Bing LinkedIn Search Results.
* [linkedin2username](https://github.com/initstring/linkedin2username)
* [Raven](https://github.com/0x09AL/raven)
* raven is a Linkedin information gathering tool that can be used by pentesters to gather information about an organization employees using Linkedin.
* **Tinder**
* [OSINT: Advanced tinder capture](https://www.learnallthethings.net/osmosis)
* **Twitter**
* [OneMillionTweetMap](http://onemilliontweetmap.com/)
* This page maps the last geolocalized tweets delivered by the twitter stream API. ... YES - IN REAL-TIME - and we keep "only" the last one million tweets.
* [tweets_analyzer](https://github.com/x0rz/tweets_analyzer)
* Tweets metadata scraper & activity analyzer
* [Tweet Archivist](https://www.tweetarchivist.com/)
* [tweets_analyzer](https://github.com/x0rz/tweets_analyzer)
* Tweets metadata scraper & activity analyzer
* [Tinfoleak](http://vicenteaguileradiaz.com/tools/)
* tinfoleak is a simple Python script that allow to obtain: basic information about a Twitter user (name, picture, location, followers, etc.); devices and operating systems used by the Twitter user; applications and social networks used by the Twitter user; place and geolocation coordinates to generate a tracking map of locations visited; show user tweets in Google Earth!; download all pics from a Twitter user; hashtags used by the Twitter user and when are used (date and time); user mentions by the the Twitter user and when are occurred (date and time); topics used by the Twitter user
* [How to Find the Twitter ID from an Email Address - booleanstrings.com](https://booleanstrings.com/2018/05/02/how-to-find-the-twitter-id-from-an-email-address/)
* [Twint](https://github.com/twintproject/twint)
* Formerly known as Tweep, Twint is an advanced Twitter scraping tool written in Python that allows for scraping Tweets from Twitter profiles without using Twitter's API. Twint utilizes Twitter's search operators to let you scrape Tweets from specific users, scrape Tweets relating to certain topics, hashtags & trends, or sort out sensitive information from Tweets like e-mail and phone numbers. I find this very useful, and you can get really creative with it too. Twint also makes special queries to Twitter allowing you to also scrape a Twitter user's followers, Tweets a user has liked, and who they follow without any authentication, API, Selenium, or browser emulation.
* [twitterBFTD](https://github.com/misterch0c/twitterBFTD)
* Twitter back from the death looks in a user tweets history for domain names that are available for registration.
* [Blogpost](https://hackernoon.com/how-i-hijacked-top-celebrities-tweets-including-katy-perry-shakira-fca3a0e751c6)
* **Social Media Search/Enumeration** <a name="social"></a>
* [CheckUsernames](http://checkusernames.com/)
* Check the use of your brand or username on 160 Social Networks
* [NameCHK](https://namechk.com/)
* Check to see if your desired username or vanity url is still available at dozens of popular Social Networking and Social Bookmarking websites.
* [Scythe](https://github.com/ChrisJohnRiley/Scythe)
* The ability to test a range of email addresses across a range of sites (e.g. social media, blogging platforms, etc...) to find where those targets have active accounts. This can be useful in a social engineering test where you have email accounts for a company and want to list where these users have used their work email for 3rd party web based services.
* [Social Mention](http://www.socialmention.com/)
* Social Mention is a social media search engine that searches user-generated content such as blogs, comments, bookmarks, events, news, videos, and more
* [Whos Talkin](http://www.whostalkin.com/)
* social media search tool that allows users to search for conversations surrounding the topics that they care about most.
* [sherlock-js](https://github.com/GitSquared/sherlock-js)
* Find usernames across over 75 social networks - NodeJS remake of sdushantha/sherlock
* [sherlock](https://github.com/sherlock-project/sherlock)
* Python tool to find usernames across social networks
* **Tor**
* [ExoneraTor](https://metrics.torproject.org/exonerator.html)
* Enter an IP address and date to find out whether that address was used as a Tor relay:

Draft/passwords.md → Draft/Passwords.md View File


+ 106
- 0
Draft/Policy_Compliance.md View File

@ -0,0 +1,106 @@
# Policy & Compliance
## Table of Contents
- []()
- []()
- []()
- []()
To Sort:
* [Documentation for OpenSCAP Base](https://www.open-scap.org/tools/openscap-base/#documentation)
* [Penetration Testing Shouldn't be a Waste of Time - Jim Bird](https://dzone.com/articles/penetration-testing-shouldnt)
* [COBIT 2019 Publications & Resources](http://www.isaca.org/COBIT/Pages/COBIT-2019-Publications-Resources.aspx)
* [Moldovan bank fraud scandal - Wikipedia](https://en.wikipedia.org/wiki/Moldovan_bank_fraud_scandal)
* [The Red Book: A Roadmap for Systems Security Research](http://www.red-book.eu/m/documents/syssec_red_book.pdf)
* [Sheltered Harbor FAQ](https://shelteredharbor.org/sh-faqs)
* [FFIEC Cybersecurity Resource Guide for Financial Institutions(2018)](https://www.ffiec.gov/press/pdf/FFIEC%20Cybersecurity%20Resource%20Guide%20for%20Financial%20Institutions.pdf)
---------------------
### General<a name="general"></a>
* **General**
* [IT Law Wiki](http://itlaw.wikia.com/wiki/The_IT_Law_Wiki))
* [The security laws, regulations and guidelines directory - csoonline](https://www.csoonline.com/article/2126072/compliance/compliance-the-security-laws-regulations-and-guidelines-directory.html)
* [Goodhart's Law - Wikipedia](https://en.m.wikipedia.org/wiki/Goodhart%27s_law)
* Goodhart's law is an adage named after economist Charles Goodhart, which has been phrased by Marilyn Strathern as: "When a measure becomes a target, it ceases to be a good measure."[1] One way in which this can occur is individuals trying to anticipate the effect of a policy and then taking actions which alter its outcome.
* **Compliance**<a name="compliance"></a>
* **Vendor Security**
* [Web Application Security Requirements for Google Providers](https://partner-security.withgoogle.com/docs/webapp_requirements)
* **Controls**
* [Cloud Controls Matrix Working Group](https://cloudsecurityalliance.org/group/cloud-controls-matrix/#_overview)
* [CSIS Critical Security Controls v7.0](https://www.auditscripts.com/free-resources/critical-security-controls/)
* **Insider Threat**
* [A Survey of Insider Attack Detection Research - 2008](http://web.stanford.edu/class/cs259d/readings/Insider_survey.pdf)
* [The “Big Picture” of Insider IT Sabotage Across U.S. Critical Infrastructures](http://web.stanford.edu/class/cs259d/readings/Infrastructure.pdf)
* [An Overview of Threat and Risk Assessment](https://www.sans.org/reading-room/whitepapers/auditing/overview-threat-risk-assessment-76)
* [The foundation is rotting and the basement is flooding: A deeper look at the implicit trust relationships in your organization](https://www.youtube.com/watch?v=nL64uj9Xm24)
* **ISO**
* [ISO/IEC 27000-series](https://en.wikipedia.org/wiki/ISO/IEC_27000-series)
* [ISO/IEC 27001 - Wikipedia](https://en.wikipedia.org/wiki/ISO/IEC_27001)
* [ISO/IEC 27000 family - Information security management systems](https://www.iso.org/isoiec-27001-information-security.html)
* The ISO/IEC 27000 family of standards helps organizations keep information assets secure.
* **Legal Policies**<a name="legal_policy"></a>
* **United States**
* **Gramm-Leach-Bliley Act**
* [Gramm–Leach–Bliley Act - Wikipedia](https://en.wikipedia.org/wiki/Gramm%E2%80%93Leach%E2%80%93Bliley_Act)
* [The Gramm-Leach-Bliley Act (G-L-B) versus Best Practices in Network Security - Thomas Hinkel](https://www.sans.org/reading-room/whitepapers/privacy/gramm-leach-bliley-act-g-l-b-practices-network-security-682)
* [How To Comply with the Privacy of Consumer Financial Information Rule of the Gramm-Leach-Bliley Act - FTC](https://www.ftc.gov/tips-advice/business-center/guidance/how-comply-privacy-consumer-financial-information-rule-gramm)
* [The Gramm-Leach-Bliley Act - epic.org](https://www.epic.org/privacy/glba/)
* **Health Insurance Portability and Accountability Act(HIPAA)**
* [Health Insurance Portability and Accountability Act - Wikipedia](https://en.wikipedia.org/wiki/Health_Insurance_Portability_and_Accountability_Act)
* [What is HIPAA Compliance?- compliancy-group.com](https://compliancy-group.com/hipaa/)
* [Health Information Privacy - HHS.gov](https://www.hhs.gov/hipaa/index.html)
* [HIPAA vs Security: Building security into medical purchasing decisions - infosystir](https://infosystir.blogspot.com/2018/01/hipaa-vs-security-building-security.html?m=1)
* [Summary of the HIPAA Security Rule - HHS.gov](https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html)
* **Sarbanes-Oxley Act**
* [Sarbanes–Oxley Act - Wikipedia](https://en.wikipedia.org/wiki/Sarbanes%E2%80%93Oxley_Act)
* [Public or Private Company: What Sarbanes-Oxley Means for You - smartsheet](https://www.smartsheet.com/sarbanes-oxley-compliance)
* [SOX compliance – an introduction - Impero](https://impero.com/sox-compliance-introduction/)
* **State-Specific**
* [California S.B. 1386 - Wikipedia](https://en.wikipedia.org/wiki/California_S.B._1386)
* **Risk Assessment**
* [Performing a Security Risk Assessment - Ron Schmittling](https://www.isaca.org/Journal/archives/2010/Volume-1/Pages/Performing-a-Security-Risk-Assessment1.aspx)
* **NIST**
* [NIST Special Publication 800-series - General Information](https://www.nist.gov/itl/nist-special-publication-800-series-general-information)
* Publications in NIST’s Special Publication (SP) 800 series present information of interest to the computer security community. The series comprises guidelines, recommendations, technical specifications, and annual reports of NIST’s cybersecurity activities. SP 800 publications are developed to address and support the security and privacy needs of U.S. Federal Government information and information systems. NIST develops SP 800-series publications in accordance with its statutory responsibilities under the Federal Information Security Modernization Act (FISMA) of 2014, 44 U.S.C. § 3551 et seq., Public Law (P.L.) 113-283. Created in 1990, the series reports on the Information Technology Laboratory’s research, guidelines, and outreach efforts in computer security, and its collaborative activities with industry, government, and academic organizations.
* **Not Nation-Specific**
* **Financial**
* [FATF blacklist - Wikipedia](https://en.wikipedia.org/wiki/FATF_blacklist)
* The FATF blacklist was the common shorthand description for the Financial Action Task Force list of "Non-Cooperative Countries or Territories" (NCCTs) issued since 2000, which it perceived to be non-cooperative in the global fight against money laundering and terrorist financing.
* [Security Assessment Guidelines for Financial Institutions](https://www.sans.org/reading-room/whitepapers/auditing/security-assessment-guidelines-financial-institutions-993)
* **PCI**
* [PCI DSS V3.2.1](https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf)
* [PCI SSC Cloud Computing Guidelines - 4/2018](https://www.pcisecuritystandards.org/pdfs/PCI_SSC_Cloud_Guidelines_v3.pdf)
* [PCI DSS Quick Reference Guide - v3.2](https://www.pcisecuritystandards.org/documents/PCIDSS_QRGv3_2.pdf)
* [Guidance for PCI DSS Scoping and Network Segmentation - 2016](https://www.pcisecuritystandards.org/documents/Guidance-PCI-DSS-Scoping-and-Segmentation_v1.pdf)
* [For vulnerability scans, what is meant by quarterly? - PCISSC](https://pcissc.secure.force.com/faq/articles/Frequently_Asked_Question/For-vulnerability-scans-what-is-meant-by-quarterly)
* [PCI Compliance in AWS - Jordan Wiseman, Andrew Plato](https://d1.awsstatic.com/whitepapers/compliance/AWS_Anitian_Workbook_PCI_Cloud_Compliance.pdf)
* **PII**
* [EU General Data Protection Regulation(GDPR)](https://gdpr-info.eu/)
* [GDPR - Wikipedia](https://en.wikipedia.org/wiki/General_Data_Protection_Regulation)
* **SWIFT**
* [SWIFT Customer Security Programme](https://www2.swift.com/uhbonline/books/a2z/customer_security_programme.htm)
* [SWIFT Customer Security Controls Framework](https://www.swift.com/myswift/customer-security-programme-csp/security-controls?tl=en#topic-tabs-menu)
* **Guides**<a name="guides"></a>
* **Bring-Your-Own-Device**
* [NIST Special Publication 800 -46 Revision 2 - Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security](http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-46r2.pdf)
* **Job Skills/Employment**
* [NICE Cybersecurity Workforce Framework - NICCS.us-cert.gov](https://niccs.us-cert.gov/workforce-development/cyber-security-workforce-framework)
* **PCI Compliance**
* **Privacy Controls**
* [Security and Privacy Controls forFederal Information Systemsand Organizations - NIST-800-53](http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf)
* **Medical Devices**
* [NIST Cybersecurity Practice Guide, Securing Wireless Infusion Pumps in Healthcare Delivery Organizations](https://nccoe.nist.gov/projects/use-cases/medical-devices)
* [SP 1800-8a: Executive Summary](https://nccoe.nist.gov/publication/draft/1800-8/VolA/)
* [SP 1800-8b: Approach, Architecture, and Security Characteristics ](https://nccoe.nist.gov/publication/draft/1800-8/VolB/)
* [SP 1800-8c: How-To Guides](https://nccoe.nist.gov/publication/draft/1800-8/VolC/)
* **Risk Assessment**
* [Information Security Risk Assessment Guidelines - mass.gov](http://www.mass.gov/anf/research-and-tech/cyber-security/security-for-state-employees/risk-assessment/risk-assessment-guideline.html)
* **Security Testing**
* [SP 800-115: Technical Guide to Information Security Testing and Assessment](https://csrc.nist.gov/publications/detail/sp/800-115/final)
* [Technical Guide to Information Security Testing and Assessment - NIST-800-115 - PDF](http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-115.pdf)
* The purpose of this document is to assist organizations in planning and conducting technical information security tests and examinations, analyzing findings, and developing mitigation strategies. The guide provides practical recommendations for designing, implementing, and maintaining technical information security test and examination processes and procedures. These can be used for several purposes, such as finding vulnerabilities in a system or network and verifying compliance with a policy or other requirements. The guide is not intended to present a comprehensive information security testing and examination program but rather an overview of key elements of technical security testing and examination, with an emphasis on specific technical techniques, the benefits and limitations of each, and recommendations for their use.

+ 4
- 10
Draft/Programming_Language_Security.md View File

@ -18,16 +18,6 @@
* [Ruby](#ruby)
* [Papers](#papers)
### Sort
* [Providence](https://github.com/salesforce/Providence)
* Providence is a system for code commit & bug system monitoring. It is deployed within an organization to monitor code commits for security (or other) concerns, via customizable plugins. A plugin performs logic whenever a commit occurs.
#### End Sort