Browse Source

Stuff

_
pull/24/head
rmusser01 3 years ago
parent
commit
f57a543543
46 changed files with 3367 additions and 379 deletions
  1. +1
    -1
      Draft/ADA.md
  2. +29
    -0
      Draft/AnonOpSecPrivacy.md
  3. +100
    -22
      Draft/Basic.md
  4. +20
    -4
      Draft/Building_A_Lab.md
  5. +3
    -1
      Draft/CTFs_Wargames.md
  6. +168
    -23
      Draft/Career.md
  7. +3
    -1
      Draft/Cars.md
  8. +5
    -1
      Draft/Cheats.md
  9. +253
    -0
      Draft/Containers.md
  10. +2
    -0
      Draft/Courses_Training.md
  11. +34
    -0
      Draft/Crypto_Encrypt.md
  12. +30
    -2
      Draft/DFIR.md
  13. +6
    -0
      Draft/DataVis.md
  14. +145
    -8
      Draft/Defense.md
  15. +31
    -15
      Draft/Docs_and_Reports.md
  16. +24
    -0
      Draft/Embedded.md
  17. +6
    -2
      Draft/Exfiltration.md
  18. +51
    -0
      Draft/Exploit_Dev.md
  19. +23
    -0
      Draft/Fuzzing.md
  20. +7
    -0
      Draft/Games.md
  21. +43
    -70
      Draft/Interesting_Things.md
  22. +71
    -0
      Draft/L-SM-TH.md
  23. +36
    -1
      Draft/Malware.md
  24. +237
    -1
      Draft/Network_Attacks.md
  25. +41
    -1
      Draft/Osint.md
  26. +0
    -82
      Draft/P_C.md
  27. +25
    -0
      Draft/Passwords.md
  28. +158
    -0
      Draft/Phishing.md
  29. +2
    -0
      Draft/Physical_Security.md
  30. +89
    -0
      Draft/Policy_Compliance.md
  31. +930
    -112
      Draft/PrivescPostEx.md
  32. +72
    -0
      Draft/Programming_Language_Security.md
  33. +29
    -2
      Draft/RE.md
  34. +98
    -2
      Draft/RT.md
  35. +19
    -0
      Draft/Rootkits.md
  36. +3
    -0
      Draft/SCA.md
  37. +2
    -2
      Draft/SCADA.md
  38. +2
    -1
      Draft/SE.md
  39. +16
    -0
      Draft/UX.md
  40. +276
    -13
      Draft/Web.md
  41. +45
    -2
      Draft/Wireless.md
  42. +20
    -0
      Draft/bios_uefi.md
  43. +0
    -9
      Draft/containers.md
  44. +6
    -1
      Draft/honeypot.md
  45. +182
    -0
      Draft/sysinternals.md
  46. +24
    -0
      Draft/threatmodel.md

+ 1
- 1
Draft/ADA.md View File

@ -29,7 +29,7 @@
#### Sort
* Redo formatting
https://github.com/sensepost/kwetza


+ 29
- 0
Draft/AnonOpSecPrivacy.md View File

@ -32,9 +32,37 @@
https://citizenlab.ca/2019/07/cant-picture-this-2-an-analysis-of-wechats-realtime-image-filtering-in-chats/
https://citizenlab.ca/2018/08/cant-picture-this-an-analysis-of-image-filtering-on-wechat-moments/
Remove hidden data and personal information by inspecting documents, presentations, or workbooks
https://support.office.com/en-us/article/remove-hidden-data-and-personal-information-by-inspecting-documents-presentations-or-workbooks-356b7b5d-77af-44fe-a07f-9aa4d085966f
https://www.fcc.gov/public-safety-and-homeland-security/policy-and-licensing-division/911-services/general/location-accuracy-indoor-benchmarks
https://www.wsj.com/articles/SB105546175751598400
https://opaque.link/post/dropgang/
https://github.com/ctrlaltdev/LMGTFY-queries
* [A DC Think Tank Used Fake Social Media Accounts, A Bogus Expert, And Fancy Events To Reach The NSA, FBI, And White House - Craig Silverman(BuzzFeed News)](https://www.buzzfeednews.com/article/craigsilverman/icit-james-scott-think-tank-fake-twitter-youtube#.dnqv2lQJr)
* [Opting Out Like A Boss - The OSINT Way (Part 1) - learnallthethings.net](https://www.learnallthethings.net/blog/2018/1/23/opting-out-like-a-boss-the-osint-way)
https://electricalstrategies.com/about/in-the-news/spies-in-the-xerox-machine/
https://discover.cobbtechnologies.com/blog/the-soviet-union-and-the-photocopier
https://github.com/MicrosoftDocs/windows-itpro-docs/blob/master/windows/privacy/manage-windows-1809-endpoints.md
* [Creating Your Own Citizen Database - Aiganysh Aidarbekova](https://www.bellingcat.com/resources/how-tos/2019/02/14/creating-your-own-citizen-database/)
* [Manage connections from Windows operating system components to Microsoft services - docs.ms](https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services)
* [Cookies – what does ‘good’ look like? - UK Information Comissioner's Office - Ali Shah](https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2019/07/blog-cookies-what-does-good-look-like/)
https://www.freehaven.net/anonbib/
http://computer-outlines.over-blog.com/article-windows-ipv6-privacy-addresses-118018020.html
https://blog.superuser.com/2011/02/11/did-you-know-that-ipv6-may-include-your-mac-address-heres-how-to-stop-it/
https://www.bloomberg.com/news/articles/2018-08-30/google-and-mastercard-cut-a-secret-ad-deal-to-track-retail-sales
* [Ghostbuster: Detecting the Presence of Hidden Eavesdroppers](https://synrg.csl.illinois.edu/papers/ghostbuster-mobicom18.pdf)
@ -42,6 +70,7 @@ https://www.freehaven.net/anonbib/
* [Project Feels: How USA Today, ESPN and The New York Times are targeting ads to mood - digiday](https://digiday.com/media/project-feels-usa-today-espn-new-york-times-targeting-ads-mood/)
* [The New York Times Advertising & Marketing Solutions Group Introduces ‘nytDEMO’: A Cross-Functional Team Focused on Bringing Insights and Data Solutions to Brands(2018)](https://investors.nytco.com/press/press-releases/press-release-details/2018/The-New-York-Times-Advertising--Marketing-Solutions-Group-Introduces-nytDEMO-A-Cross-Functional-Team-Focused-on-Bringing-Insights-and-Data-Solutions-to-Brands/default.aspx)
* [A DC Think Tank Used Fake Social Media Accounts, A Bogus Expert, And Fancy Events To Reach The NSA, FBI, And White House - Craig Silverman](https://www.buzzfeednews.com/article/craigsilverman/icit-james-scott-think-tank-fake-twitter-youtube#.dnqv2lQJr)
* [Toward an Information Operations Kill Chain - Bruce Schneier](https://www.lawfareblog.com/toward-information-operations-kill-chain)


+ 100
- 22
Draft/Basic.md View File

@ -5,11 +5,72 @@
* [How to Suck at Information Security – A Cheat Sheet](https://zeltser.com/suck-at-security-cheat-sheet/)
* [How not to Infosec - Dan Tentler](https://www.youtube.com/watch?v=S5O47gemMNQ)
*
https://blog.usejournal.com/regular-expressions-a-complete-beginners-tutorial-c7327b9fd8eb?gi=8702ae6f23be
Cognitive Fallacies
Intro to statistics
intro to networking
Intro to X
* [Towards Improving CVSS - J.M. Spring, E. Hatleback, A. Householder, A. Manion, D. Shick - CMU](https://resources.sei.cmu.edu/asset_files/WhitePaper/2018_019_001_538372.pdf)
* [Designing Security for Billions - Facebook](https://newsroom.fb.com/news/2019/01/designing-security-for-billions/)
* [Passwords in a file - erratasec](https://blog.erratasec.com/2019/01/passwords-in-file.html)
* [Keyboard shortcuts in Windows - support.ms](https://support.microsoft.com/en-us/help/12445/windows-keyboard-shortcuts)
claude shannon
* [MarkOfTheWeb: How a Forgetful Russian Agent Left a Trail of Breadcrumbs - Yonathan Klijnsma](https://www.riskiq.com/blog/labs/markoftheweb/)
* [Normalization of deviance - Dan Luu](https://danluu.com/wat/)
* [One week of bugs - Dan Luu](http://danluu.com/everything-is-broken/)
* [Apache and Let's Encrypt Best Practices for Security - aaronhorler.com](https://aaronhorler.com/articles/apache.html)
* [Operation Luigi: How I hacked my friend without her noticing](https://www.youtube.com/watch?v=ZlNkIFipKZ4&feature=youtu.be)
* My friend gave me permission to "hack all her stuff" and this is my story. It's about what I tried, what worked, my many flubs, and how easy it is to compromise Non Paranoid People TM.
* [Blogpost](https://mango.pdf.zone/operation-luigi-how-i-hacked-my-friend-without-her-noticing)
* [Welcome to Infosec (Choose your own Adventure) - primarytyler](https://docs.google.com/presentation/d/1_PjLGP28AH3HXbkwRkzGFeVPBmbBhp05mg7T6YofzRA/mobilepresent#slide=id.p)
* [Choose Your Own Red Team Adventure - Tim Malcomvetter](https://medium.com/@malcomvetter/choose-your-own-red-team-adventure-f87d6a3b0b76)
http://super-memory.com/articles/20rules.htm
* [When to Test and How to Test It - Bruce Potter - Derbycon7](https://www.youtube.com/watch?v=Ej97WyEMRkI)
* “I think we need a penetration test” This is one of the most misunderstood phrases in the security community. It can mean anything from “Someone should run a vulnerability scan against a box” to “I’d like nation-state capable actors to tell me everything that wrong with my enterprise” and everything in between. Security testing is a complex subject and it can be hard to understand what the best type of testing is for a given situation. This talk will examine the breadth of software security testing. From early phase unit and abuse testing to late phase penetration testing, this talk will provide details on the different tests that can be performed, what to expect from the testing, and how to select the right tests for your situation. Test coverage, work effort, attack simulation, and reporting results will be discussed. Also, this talk will provide a process for detailed product assessments, i.e.: if you’ve got a specific product you’re trying to break, how do you approach assessing the product in a way that maximizes your chance of breaking in as well as maximizing the coverage you will get from your testing activity.
https://www.fastcompany.com/3060820/every-ted-talk-ever-in-one-brutal-parody
https://en.wikipedia.org/wiki/The_Power_of_the_Powerless
https://en.wikipedia.org/wiki/Eight-circuit_model_of_consciousness
* [No Silver Bullet - fmiljang.co.uk](http://www.fmjlang.co.uk/blog/NoSilverBullet.html)
* [The Asshole Filter - Siderea](https://siderea.livejournal.com/1230660.html)
https://www.businessballs.com/self-awareness/personality-theories-and-types-156/
https://danluu.com/wat/
https://danluu.com/everything-is-broken
https://danluu.com/sounds-easy/
http://www.catb.org/jargon/html/Z/Zero-One-Infinity-Rule.html
* [Structured Text Tools](https://github.com/dbohdan/structured-text-tools)
* The following is a list of text-based file formats and command line tools for manipulating each.
https://github.com/nsacyber/WALKOFF
https://github.com/alcor/itty-bitty/
### General Information
* [Bedford and the Normalization of Deviance - Ron Rapp](https://www.rapp.org/archives/2015/12/normalization-of-deviance/)
https://github.com/swisskyrepo/PayloadsAllTheThings
### General Information
* **101**
* [Ten Simple Rules for Doing Your Best Research, According to Hamming](https://www.ncbi.nlm.nih.gov/pmc/articles/PMC2041981/)
* [Learning the Ropes 101: Introduction - zsec.uk](https://blog.zsec.uk/101-intro/)
* [InfoSec Newbie List by Mubix](https://gist.github.com/mubix/5737a066c8845d25721ec4bf3139fd31)
* [infosec_getting_started](https://github.com/gradiuscypher/infosec_getting_started)
@ -17,16 +78,6 @@
* [Salted Hash Ep 34: Red Team vs. Vulnerability Assessments - CSO Online](https://www.csoonline.com/article/3286604/security/salted-hash-ep-34-red-team-vs-vulnerability-assessments.html#tk.twt_cso)
* Words matter. This week on Salted Hash, we talk to Phil Grimes about the differences between full Red Team engagements and vulnerability assessments
* [Encoding vs. Encryption vs. Hashing vs. Obfuscation - Daniel Messler](https://danielmiessler.com/study/encoding-encryption-hashing-obfuscation/)
* [Ask Good Questions: Deep Dive - Yousef Kazerooni](https://medium.com/@YousefKazerooni/ask-good-questions-deep-dive-dacd8dddc247)
* **Security 101**
* [Types of Authentication](http://www.gfi.com/blog/security-101-authentication-part-2/)
* [Access control best practices](https://srlabs.de/acs/)
* **General Good Stuff**
* [Words Have Meanings - Dan Tentler - CircleCityCon 2017]
* [(Deliberate) practice makes perfect: how to become an expert in anything - Aytekin Tank](https://medium.com/swlh/deliberate-practice-makes-perfect-how-to-become-an-expert-in-anything-ec30e0c1314e)
* **Learning the Command Line**
* [explainshell.com](https://github.com/idank/explainshell)
* explainshell is a tool (with a web interface) capable of parsing man pages, extracting options and explain a given command-line by matching each argument to the relevant help text in the man page.
* **Careers in Information Security**
* **Educational/Informational**
* [Navigating Career Choices in InfoSec - Fernando Montenegro - BSides Detroit2017](https://www.youtube.com/watch?v=yM2xCjrQSY4)
@ -55,24 +106,51 @@
* [So you think you want to be a penetration tester - Defcon24](https://www.youtube.com/watch?v=be7bvZkgFmY)
* So, you think you want to be a penetration tester, or you already are and don't understand what the difference between you and all the other "so called" penetration testers out there. Think you know the difference between a Red Team, Penetration Test and a Vulnerability assessment? Know how to write a report your clients will actually read and understand? Can you leverage the strengths of your team mates to get through tough roadblocks, migrate, pivot, pwn and pillage? No? well this talk is probably for you then! We will go through the fascinating, intense and often crazily boring on-site assessment process. Talk about planning and performing Red Teams, how they are different, and why they can be super effective and have some fun along the way. I'll tell you stories that will melt your face, brain and everything in between. Give you the answers to all of your questions you never knew you had, and probably make you question your life choices. By the end of this session you will be ready to take your next steps into the job you've always wanted, or know deep inside that you should probably look for something else. There will be no judgment or shame, only information, laughter and fun.
* [Hold my Red Bull Undergraduate Red Teaming Jonathan Gaines](https://www.youtube.com/watch?v=9vgpqRzuvLk)
* **Interview Prep**
* [offensiveinterview - WebBreacher](https://github.com/WebBreacher/offensiveinterview)
* Interview questions to screen offensive (red team/pentest) candidates
* **Cognitive Bias**
* [List of cognitive biases - Wikipedia](https://en.wikipedia.org/wiki/List_of_cognitive_biases)
* [58 cognitive biases that screw up everything we do - Business Insider](https://www.businessinsider.com/cognitive-biases-2015-10)
* **Critical Thinking**
* [How to Apply Critical Thinking Using Paul-Elder Framework - designorate](https://www.designorate.com/critical-thinking-paul-elder-framework/)
* [Paul-Elder Critical Thinking Framework - University of Louisville](https://louisville.edu/ideastoaction/about/criticalthinking/framework)
* **General**
* [Mozilla Enterprise Information Security](https://infosec.mozilla.org/)
* [Rating Infosec Relevant Masters Programs - netsecfocus](https://netsecfocus.com/training/development/certifications/2017/03/08/rating_infosec_masters.html)
* **Non-Technical Skills**
* [Relearning the Art of Asking Questions - HBR](https://hbr.org/2015/03/relearning-the-art-of-asking-questions)
* **General Good Stuff**
* [Words Have Meanings - Dan Tentler - CircleCityCon 2017]
* [(Deliberate) practice makes perfect: how to become an expert in anything - Aytekin Tank](https://medium.com/swlh/deliberate-practice-makes-perfect-how-to-become-an-expert-in-anything-ec30e0c1314e)
* **How to Ask Better Questions**
* [How To Ask Questions The Smart Way - Eric Raymond](http://www.catb.org/esr/faqs/smart-questions.html)
* [Socratic questioning - Wikipedia](https://en.wikipedia.org/wiki/Socratic_questioning)
* [The Six Types Of Socratic Questions - umich.edu](http://www.umich.edu/~elements/probsolv/strategy/cthinking.htm)
* [Ask Good Questions: Deep Dive - Yousef Kazerooni](https://medium.com/@YousefKazerooni/ask-good-questions-deep-dive-dacd8dddc247)
* [Relearning the Art of Asking Questions - HBR](https://hbr.org/2015/03/relearning-the-art-of-asking-questions)
* [How To Ask Questions The Smart Way - wiki.c2.com](http://wiki.c2.com/?HowToAskQuestionsTheSmartWay)
* **Learning:**
* **Excel**
* [You Suck at Excel with Joel Spolsky(2015)](https://www.youtube.com/watch?v=0nbkaYsR94c&feature=youtu.be)
* The way you are using Excel causes errors, creates incomprehensible spaghetti spreadsheets, and makes me want to stab out my own eyes. Enough of the =VLOOKUPs with the C3:$F$38. You don't even know what that means.
* [Notes](https://trello.com/b/HGITnpih/you-suck-at-excel)
* **The Command Line**
* [explainshell.com](https://github.com/idank/explainshell)
* explainshell is a tool (with a web interface) capable of parsing man pages, extracting options and explain a given command-line by matching each argument to the relevant help text in the man page.
* [A little collection of cool unix terminal/console/curses tools](https://kkovacs.eu/cool-but-obscure-unix-tools)
* **New Skills**
* [The Paradox of Choice: Learning new skills in InfoSec without getting overwhelmed - AzeriaLabs](https://azeria-labs.com/paradox-of-choice/)
* **Problem Solving**
* [Software Problem Solving Cheat Sheet - Florian Roth](https://www.nextron-systems.com/wp-content/uploads/2018/06/Software-Problem-Solving-Cheat-Sheet.pdf)
* [The XY Problem](http://xyproblem.info/)
* The XY problem is asking about your attempted solution rather than your actual problem. This leads to enormous amounts of wasted time and energy, both on the part of people asking for help, and on the part of those providing help.
* [The AZ Problem](http://azproblem.info/)
* This website introduces the AZ Problem: a generalization of the XY Problem. To wit, if we agree that the XY Problem is a problem, than the AZ Problem is a metaproblem. And while the XY Problem is often technical, the AZ Problem is procedural. The AZ Problem is when business requirements are misunderstood or decontextualized. These requirements end up being the root cause of brittle, ill-suited, or frivolous features. An AZ Problem will often give rise to several XY Problems.
* **Security 101**
* [Types of Authentication](http://www.gfi.com/blog/security-101-authentication-part-2/)
* [Access control best practices](https://srlabs.de/acs/)
* **Skill-Testing/Question Prep**
* [test-your-admin-skills](https://github.com/trimstray/test-your-sysadmin-skills)
* A collection of \*nix Sysadmin Test Questions with Answers for Interview/Exam (2018 Edition).
### Tools
* **The Web**
* [Web Architecture 101 - Jonathan Fulton](https://engineering.videoblocks.com/web-architecture-101-a3224e126947?gi=d79a0aa34949)
* **Tools you should probably know exist**
* [Introduction To Metasploit – The Basics](http://www.elithecomputerguy.com/2013/02/08/introduction-to-metasploit-the-basics/)
* [Shodan](http://www.shodanhq.com/help)
* **Learning New Tools**
* [A little collection of cool unix terminal/console/curses tools](https://kkovacs.eu/cool-but-obscure-unix-tools)

+ 20
- 4
Draft/Building_A_Lab.md View File

@ -11,19 +11,36 @@
https://github.com/foxlet/macOS-Simple-KVM
Building a defensive Lab
https://blog.secureideas.com/2019/05/automating-red-team-homelabs-part-2-build-pentest-destroy-and-repeat.html
https://systemoverlord.com/2017/10/24/building-a-home-lab-for-offensive-security-basics.html
https://github.com/digininja/leakyrepo
https://github.com/chryzsh/DarthSidious
* https://github.com/brimstone/windows-ova/blob/master/README.md
https://github.com/DrDonk/unlocker
* https://github.com/DefectDojo/django-DefectDojo
* [Hashicorp at Home part 2](https://www.mockingbirdconsulting.co.uk/blog/2019-01-08-hashicorp-at-home-part-2/)
* [Hashicorp at Home - Code](https://github.com/mockingbirdconsulting/HashicorpAtHome)
-------------------------
### <a name="general"></a> General
* This page is supposed to be a collection of resources for building a lab for performing various security related tasks. Generally, the idea is that you setup a local VM hypervisor software(VMware, Virtualbox) and then install a virtual machine to perform testing and analysis without any impact to your "physical" machine.
https://blogs.technet.microsoft.com/canitpro/2017/02/22/step-by-step-setting-up-active-directory-in-windows-server-2016/
https://github.com/RhinoSecurityLabs/cloudgoat
-------------------------
### <a name="general"></a> General
* This page is supposed to be a collection of resources for building a lab for performing various security related tasks. Generally, the idea is that you setup a local VM hypervisor software(VMware, Virtualbox) and then install a virtual machine to perform testing and analysis without any impact to your "physical" machine.
-------------------------
### <a name="vm"></a> Virtual Machines
* **101**
@ -49,7 +66,6 @@
* [Set up your own malware analysis lab with VirtualBox, INetSim and Burp - Christophe Tafani-Dereeper](https://blog.christophetd.fr/malware-analysis-lab-with-virtualbox-inetsim-and-burp/)
* [CyRIS: Cyber Range Instantiation System](https://github.com/crond-jaist/cyris)
* CyRIS is a tool for facilitating cybersecurity training by automating the creation and management of the corresponding training environments (a.k.a, cyber ranges) based on a description in YAML format. CyRIS is being developed by the Cyber Range Organization and Design (CROND) NEC-endowed chair at the Japan Advanced Institute of Science and Technology (JAIST).
* **VMs Designed to be Attacked**
* [List of VMs that are preconfigured virtual machines](http://www.amanhardikar.com/mindmaps/PracticeUrls.html)
* [The Hacker Games - Hack the VM before it hacks you](http://www.scriptjunkie.us/2012/04/the-hacker-games/)


+ 3
- 1
Draft/CTFs_Wargames.md View File

@ -19,7 +19,9 @@
https://www.counterhackchallenges.com/
https://labs.nettitude.com/blog/derbycon-2018-ctf-write-up/
http://ctfhacker.com/reverse/2018/09/16/flareon-2018-wasabi.html
-----
### <a name="general">General</a>
* **General**


+ 168
- 23
Draft/Career.md View File

@ -1,31 +1,69 @@
# Career/Job Related Stuff
-----------------------------------
## Table of Contents
- [Career Information](#career-info)
- [Careers in Information Security](#infosec-careers)
- [Choosing a Job/Looking for Work](#looking)
- [Compensation & Equity](#comp)
- [Independent Work](#Independent)
- [Interview Preparation](#interview)
- [General Information](#general)
- [101](#101)
- [Business](#business)
- [Career Growth/Progression](#growth)
- [Careers in InfoSec](#infosec-careers)
- [Choosing a Job/Looking for Work](#looking)
- [Company Culture](#culture)
- [Compensation](#comp)
- [Contracting & Consulting](#contract)
- [Difficult Conversations](#difficult)
- [Employee Attrition](#attrition)
- [General(Miscellaneous)](#general)
- [Hiring](#hiring)
- [Imposter Syndrome](#imposter)
- [Independent Business](#independent)
- [Informal Laws & Principles](#laws)
- [Interview Prep](#interview)
- [Interviewing](#interviewing)
- [Management](#mgmt)
- [Meetings](#meetings)
- [Mental Health](#mentalh)
- [Mentoring](#mentor)
- [Metrics](#metrics)
- [Networking(social)](#networking)
- [Non-Competes](#noncomp)
- [Non-Technical Skills](#non-tech)
- [Performance Review](#perf-review)
- [Organizational Theory](#orgtheory)
- [Performance Reviews](#perf)
- [Post-Mortems](#postmort)
- [Project Management](#projm)
- [Resume](#resume)
- [Taking Tests](#testing)
- [Testing](#testing)
- [Other](#other)
- [Industry](#industry)
------------------------------------------------------
### Career Information<a name="career-info"></a>
* [‘Thought Leader’ gives talk that will inspire your thoughts | CBC Radio (Comedy/Satire Skit)](https://www.youtube.com/watch?v=_ZBKX-6Gz6A)
* Self proclaimed “thought leader,” Pat Kelly gives his talk on “thought leadership” at the annual This Is That Talks in Whistler, B.C. In the seminar, Kelly covers: How to talk with your hands, how to get a standing ovation, and how to inspire people by saying nothing at all.
* [Why are large companies so difficult to rescue (regarding bad internal technology) - Lawrence Krubner](http://www.smashcompany.com/business/why-are-large-companies-so-difficult-to-rescue-regarding-bad-internal-technology)
* **Business**
* [Servant leadership - Wikipedia](https://en.wikipedia.org/wiki/Servant_leadership)
* **101**<a name="101"></a>
* [Ten Simple Rules for Doing Your Best Research, According to Hamming](https://www.ncbi.nlm.nih.gov/pmc/articles/PMC2041981/)
* [‘Thought Leader’ gives talk that will inspire your thoughts | CBC Radio (Comedy/Satire Skit)](https://www.youtube.com/watch?v=_ZBKX-6Gz6A)
* Self proclaimed “thought leader,” Pat Kelly gives his talk on “thought leadership” at the annual This Is That Talks in Whistler, B.C. In the seminar, Kelly covers: How to talk with your hands, how to get a standing ovation, and how to inspire people by saying nothing at all.
* [Lack of progress exposed by the Canary MacGuffin - rachelbythebay](https://rachelbythebay.com/w/2018/10/23/idle/)
* [Strategy Letter I: Ben and Jerry’s vs. Amazon - Joel on Software](https://www.joelonsoftware.com/2000/05/12/strategy-letter-i-ben-and-jerrys-vs-amazon/)
* [Defining The Corporate Hierarchy - Erik Dietrich](https://daedtech.com/defining-the-corporate-hierarchy/)
* [The Beggar CEO and Sucker Culture - Erik Dietrich](https://daedtech.com/the-beggar-ceo-and-sucker-culture/)
* **Business**<a name="business"></a>
* [When Everything That Counts Can’t Be Counted - Joshua M. Brown](https://thereformedbroker.com/2019/06/13/when-everything-that-counts-cant-be-counted/)
* [The Trillion-Dollar Vision of Dee Hock - Mitchell Waldrop(FastCompany)](https://www.fastcompany.com/27333/trillion-dollar-vision-dee-hock)
* [The Longest Yard: Reorganizing IT for Success - Bruce F. Webster](http://brucefwebster.com/2008/04/14/the-longest-yard-reorganizing-it-for-success/)
* [How Complex Systems Fail - Richard I. Cook](http://web.mit.edu/2.75/resources/random/How%20Complex%20Systems%20Fail.pdf)
* [Big companies v. startups - Dan Luu](https://danluu.com/startup-tradeoffs/)
* [The Innovation Equation - Safi Bahcall](https://hbr.org/2019/03/the-innovation-equation)
* **Career Growth/Progression**<a name="growth"></a>
* [How Developers Stop Learning: Rise of the Expert Beginner - Erik Dietrich](https://daedtech.com/how-developers-stop-learning-rise-of-the-expert-beginner/)
* [Your Job Title of Tomorrow: Efficiencer - Erik Dietrich](https://daedtech.com/your-job-title-of-tomorrow-efficiencer/)
* [Things I Learnt The Hard Way (in 30 Years of Software Development) - juliobiason.net](https://blog.juliobiason.net/thoughts/things-i-learnt-the-hard-way/)
* [Recommended Reading for Developers(2015) - blog.codinghorror.com]
* **Careers in Information Security**<a name="infosec-careers"></a>
* [NICE Cybersecurity Workforce Framework - NICCS.us-cert.gov](https://niccs.us-cert.gov/workforce-development/cyber-security-workforce-framework)
* [Q: Why Do Keynote Speakers Keep Suggesting That Improving Security Is Possible? A: Because Keynote Speakers Make Bad Life Decisions and Are Poor Role Models](https://www.usenix.org/conference/usenixsecurity18/presentation/mickens)
* Some people enter the technology industry to build newer, more exciting kinds of technology as quickly as possible. My keynote will savage these people and will burn important professional bridges, likely forcing me to join a monastery or another penance-focused organization. In my keynote, I will explain why the proliferation of ubiquitous technology is good in the same sense that ubiquitous Venus weather would be good, i.e., not good at all. Using case studies involving machine learning and other hastily-executed figments of Silicon Valley’s imagination, I will explain why computer security (and larger notions of ethical computing) are difficult to achieve if developers insist on literally not questioning anything that they do since even brief introspection would reduce the frequency of git commits. At some point, my microphone will be cut off, possibly by hotel management, but possibly by myself, because microphones are technology and we need to reclaim the stark purity that emerges from amplifying our voices using rams’ horns and sheets of papyrus rolled into cone shapes. I will explain why papyrus cones are not vulnerable to buffer overflow attacks, and then I will conclude by observing that my new start-up papyr.us is looking for talented full-stack developers who are comfortable executing computational tasks on an abacus or several nearby sticks.
* **Educational/Informational**
* [Navigating Career Choices in InfoSec - Fernando Montenegro - BSides Detroit2017](https://www.youtube.com/watch?v=yM2xCjrQSY4)
* Making career choices can be intimidating and stressful. Perhaps this presentation can help. The tidal forces affecting technology impact our careers as well. If we're not actively managing them, we're leaving decisions to chance (or to others), and may not like the outcomes. This presentation describes a framework I've used over the past few years to evaluate both ongoing job satisfaction as well as new opportunities as they appear. I'm happy with the outcomes I've obtained with it, and have used this same framework when providing advice to others, and it has been well received. Hopefully it can help others as well.
@ -33,11 +71,14 @@
* In this presentation we'll will be going over introductions to the various focuses in information security and demoing the most common tools that are used in operational security, both offense and defense. You'll leave with an idea on how to freely obtain and use these tools so that you can have what you need for that first interview: experience and a passion for security. This is a green talk for people who don't have a clue on what offensive and defensive people do operationally, from a tool perspective.
* [So You Want To Be A H6x0r Getting Started in Cybersecurity Doug White and Russ Beauchemin ](https://www.youtube.com/watch?v=rRJKghTTics)
* [How to Get Any Job You Want (even if you’re unqualified) - Raghav Haran](https://medium.com/the-mission/how-to-get-any-job-you-want-even-if-you-re-unqualified-6f49a65f5491)
* [Getting Hired: A Few Tips - Mubix](https://malicious.link/post/2018/getting-hired-a-few-tips/)
* **Interview Preparation**
* [How to prepare for an infosec interview - Timothy DeBlock](http://www.timothydeblock.com/eis/135)
* **Relevant Standards**
* [NICE Cybersecurity Workforce Framework](https://www.nist.gov/itl/applied-cybersecurity/national-initiative-cybersecurity-education-nice/nice-cybersecurity)
* The NICE Framework, NIST Special Publication 800-181, establishes taxonomy and common lexicon that is to be used to describe all cybersecurity work and workers irrespective of where or for whom the work is performed. The NICE Framework is intended to be applied in the public, private, and academic sectors. (USA Focused)
* **Autonomous Vehicles**
* [Want to become an autonomous vehicle engineer? - Kyle Martin](https://becomeautonomous.com/)
* **Data Scientist**
* [What Data Scientists Really Do, According to 35 Data Scientists - HBR](https://hbr.org/2018/08/what-data-scientists-really-do-according-to-35-data-scientists?mc_cid=f8f788d39e&mc_eid=f956a0c5ca)
* [How to Become a Data Scientist - On your own - Zeeshan Usmani](https://www.datasciencecentral.com/profiles/blogs/how-to-become-a-data-scientist-for-free)
@ -72,25 +113,71 @@
* [Pushing Left, Like a Boss: Part 1 - SheHacksPurple](https://code.likeagirl.io/pushing-left-like-a-boss-part-1-80f1f007da95)
* [The Secret Rules For Getting Hired - Terence Eden](https://shkspr.mobi/blog/2019/04/the-secret-rules-for-getting-hired/)
* [How To Land A Job In Infosec](https://www.secjuice.com/getting-a-job-in-infosec/)
* [How to Get a Programming Job without a Degree - Erik Dietrich](https://daedtech.com/programming-job-without-degree/)
* **Startups**
* [20 Questions To Ask Before Joining A Startup - Harrison Harnisch](https://hharnisc.github.io/2018/11/25/twenty-questions-to-ask-before-joining-a-startup.html)
* [How to Choose a Startup to Work For by Thinking Like An Investor - Harj Taggar(TripleByte)](https://triplebyte.com/blog/how-to-choose-a-startup-to-work-for)
* **Company Culture**<a name="culture"></a>
* [American Cultural Assumption - wiki.c2.com](http://wiki.c2.com/?AmericanCulturalAssumption)
* [Containers Will Not Fix Your Broken Culture (and Other Hard Truths) - Complex socio-technical systems are hard; film at 11. - Bridget Kromhout](https://queue.acm.org/detail.cfm?id=3185224)
* **Compensation/Equity**<a name="comp"></a>
* [The Holloway Guide to Equity Compensation](https://www.holloway.com/g/equity-compensation)
* Stock options, RSUs, job offers, and taxes—a detailed reference, including hundreds of resources, explained from the ground up and made to be improved over time.
* [Salary strategies everyone in tech already knows — but you don't - Candor](https://teamcandor.com/salary/guide/)
* [H1B Salary Database - h1bdata.info](https://h1bdata.info/index.php)
* **Contracting & Consulting**<a name="contract"></a>
* [Why A Billable Hours Model Does not Work in Consulting - firmsconsulting.com](https://www.firmsconsulting.com/quarterly/billable-hours-strategy-consulting/)
* [How To Build Your Own Infosec Company - Mario Heiderich (BSides Lisbon 2018: Keynote)](https://www.youtube.com/watch?reload=9&v=UE5xS7-kFjE)
* [Not A Full Timer: Slight difference from Pro to cattle - Mohamed Hayibor](https://mohamedhayibor.github.io/blog/post/Not-A-Full-Timer/)
* **Difficult Conversations**<a name="difficult"></a>
* [Our 6 Must Reads for Cutting Through Conflict and Tough Conversations - firstround.com](https://firstround.com/review/our-6-must-reads-for-cutting-through-conflict-and-tough-conversations/)
* [7 Tips for Difficult Conversations - Daisy Wademan Dowling(HBR)](https://hbr.org/2009/03/7-tips-for-difficult-conversat)
* [How to Have Difficult Conversations When You Don’t Like Conflict - Joel Garfinkle(HBR)](https://hbr.org/2017/05/how-to-have-difficult-conversations-when-you-dont-like-conflict)
* **Books**
* [Difficult Conversations How to Discuss What Matters Most By Douglas Stone, Bruce Patton and Sheila Heen](https://www.penguinrandomhouse.com/books/331191/difficult-conversations-by-douglas-stone-bruce-patton-and-sheila-heen/9780143118442/)
* **Employee Attrition**<a name="attrition">
* [How To Keep Your Best Programmers - Erik Dietrich](https://daedtech.com/how-to-keep-your-best-programmers/)
* [The Wetware Crisis: the Dead Sea effect - Bruce Webster](http://brucefwebster.com/2008/04/11/the-wetware-crisis-the-dead-sea-effect/)
* [The Elves Leave Middle Earth – Sodas Are No Longer Free - Steve Blank](https://steveblank.com/2009/12/21/the-elves-leave-middle-earth-%E2%80%93-soda%E2%80%99s-are-no-longer-free/)
* **General**<a name="general"></a>
* [Mozilla Enterprise Information Security](https://infosec.mozilla.org/)
* [Rating Infosec Relevant Masters Programs - netsecfocus](https://netsecfocus.com/training/development/certifications/2017/03/08/rating_infosec_masters.html)
* [Career advice I wish I’d been given when I was young - 8000 Hours](https://80000hours.org/2019/04/career-advice-i-wish-id-been-given-when-i-was-young/)
* [In Nobel Prize lecture, lessons for managing employee incentives - Kara Baskin(MIT Sloan)](https://mitsloan.mit.edu/ideas-made-to-matter/nobel-prize-lecture-lessons-managing-employee-incentives)
* **Hiring**
* **Hiring**<a name="hiring"></a>
* [What I Learned Doing 250 Interviews at Google - Moishe Lettvin](https://www.youtube.com/watch?v=r8RxkpUvxK0)
* [F*** You, I Quit — Hiring Is Broken - Sahat Yalkabov](https://medium.com/@evnowandforever/f-you-i-quit-hiring-is-broken-bb8f3a48d324)
* [Hiring is Broken And Yours Is Too - RajivPrab.com](https://software.rajivprab.com/2019/07/27/hiring-is-broken-and-yours-is-too/amp/)
* [In Head-Hunting, Big Data May Not Be Such a Big Deal - Adam Bryant](https://www.nytimes.com/2013/06/20/business/in-head-hunting-big-data-may-not-be-such-a-big-deal.html)
* "This interview with Laszlo Bock, senior vice president of people operations at Google, was conducted and condensed by Adam Bryant."
* [Here's Google's Secret To Hiring The Best People - Lazlo Bock(Wired - 2015)](https://www.wired.com/2015/04/hire-like-google/)
* [Hiring is Broken… And It Isn’t Worth Fixing - Erik Dietrich](https://daedtech.com/hiring-is-broken/)
* [A Players Don’t Hire A Players — They Partner with A Players - Erik Dietrich](https://daedtech.com/a-players-dont-hire-a-players-they-partner-with-a-players/)
* [The Hiring Post - sockpuppet.org](https://sockpuppet.org/blog/2015/03/06/the-hiring-post/)
* [On Secretly Terrible Engineers - Danny Crichton](https://techcrunch.com/2015/03/08/on-secretly-terrible-engineers/)
* **Impostor Syndrome**<a name="imposter"></a>
* [Would the real imposter please stand up? - Dr. Jessica Barker(SteelCon2016)](https://www.youtube.com/watch?v=tGyBFOWsFbk&feature=share)
* [Dark Matter Developers: The Unseen 99%(2012) - Scott Hanselman](https://www.hanselman.com/blog/DarkMatterDevelopersTheUnseen99.aspx)
* **Independent Business**<a name="Independent"></a>
* [Why You Should Charge Clients More Than You Think You’re Worth - Dorie Clark(HBR)](https://hbr.org/2017/10/why-you-should-charge-clients-more-than-you-think-youre-worth)
* [How to Write a Statement of Work - Mary K Pratt](https://www.computerworld.com/article/2555324/how-to-write-a-statement-of-work.html)
* **Informal Laws & Principles**<a name="laws"></a>
* [The Gervais Principle - RibbonFarm](https://www.ribbonfarm.com/the-gervais-principle/)
* [Peter Principle - Wikipedia](https://en.wikipedia.org/wiki/Peter_principle)
* The Peter principle is a concept in management developed by Laurence J. Peter, which observes that people in a hierarchy tend to rise to their "level of incompetence". In other words, employees are promoted based on their success in previous jobs until they reach a level at which they are no longer competent, as skills in one job do not necessarily translate to another. The concept was enunciated in the 1969 book The Peter Principle by Peter and Raymond Hull.
* It was originally written as a satire.
* [Dilbert Principle - Wikipedia](https://en.wikipedia.org/wiki/Dilbert_principle)
* The Dilbert principle refers to a 1990s theory by Dilbert cartoonist Scott Adams stating that companies tend to systematically promote their least competent employees to management (generally middle management), to limit the amount of damage they are capable of doing.
* [The Iron Law of Bureaucracy](https://www.jerrypournelle.com/reports/jerryp/iron.html)
* Pournelle's Iron Law of Bureaucracy states that in any bureaucratic organization there will be two kinds of people":
* `First, there will be those who are devoted to the goals of the organization. Examples are dedicated classroom teachers in an educational bureaucracy, many of the engineers and launch technicians and scientists at NASA, even some agricultural scientists and advisors in the former Soviet Union collective farming administration.`
* `Secondly, there will be those dedicated to the organization itself. Examples are many of the administrators in the education system, many professors of education, many teachers union officials, much of the NASA headquarters staff, etc.`
* The Iron Law states that in every case the second group will gain and keep control of the organization. It will write the rules, and control promotions within the organization.
* [Robustness Principle - Wikipedia](https://en.m.wikipedia.org/wiki/Robustness_principle)
* [Golden Hammer - wiki.c2.com](http://wiki.c2.com/?GoldenHammer)
* [The Shirky Principle - Technium](https://kk.org/thetechnium/the-shirky-prin/)
* “Institutions will try to preserve the problem to which they are the solution.” — Clay Shirky
* [Law #8: The Law of Duality - ericsink.com](https://ericsink.com/laws/Law_08.html)
* **Interview Prep**<a name="interview"></a>
* [offensiveinterview - WebBreacher](https://github.com/WebBreacher/offensiveinterview)
* Interview questions to screen offensive (red team/pentest) candidates
@ -98,8 +185,27 @@
* [test-your-admin-skills](https://github.com/trimstray/test-your-sysadmin-skills)
* A collection of \*nix Sysadmin Test Questions with Answers for Interview/Exam (2018 Edition).
* [Linux System Administrator/DevOps Interview Questions - chassing](https://github.com/chassing/linux-sysadmin-interview-questions/blob/master/README.md)
* [Tech Interview Handbook - yangshun.github.io](https://yangshun.github.io/tech-interview-handbook/)
* [Ten Rules for Negotiating a Job Offer - Haseeb Qureshi](https://haseebq.com/my-ten-rules-for-negotiating-a-job-offer/)
* [How Not to Bomb Your Offer Negotiation - Haseeb Qureshi](https://haseebq.com/farewell-app-academy-hello-airbnb-part-i/)
* [Deploying Guerrilla Tactics to Combat Stupid Tech Interviews - Erik Dietrch](https://daedtech.com/deploying-guerrilla-tactics-combat-stupid-tech-interviews/)
* **Interviewing**<a name="interviewing"></a>
* [What I Learned Doing 250 Interviews at Google - Moishe Lettvin](https://www.youtube.com/watch?v=r8RxkpUvxK0)
* [Raising the Bar - The Unconventional Interview Method That Really Works - socialtalent](https://www.socialtalent.com/blog/recruitment/raising-the-bar-unconventional-interview-method-really-works)
* [The Trouble With "Culture Fit" - Rich Moy](https://www.stackoverflowbusiness.com/blog/the-trouble-with-culture-fit)
* [Salary Negotiations: Win by Losing - Erik Dietrich](https://daedtech.com/salary-negotiations-win-by-losing/)
* **Management**<a name="mgmt"></a>
* [Up Or Out: Solving The IT Turnover Crisis - Alex Papadimoulis](http://thedailywtf.com/articles/Up-or-Out-Solving-the-IT-Turnover-Crisis)
* [The Wetware Crisis: the Dead Sea effect - Bruce F. Webster](http://brucefwebster.com/2008/04/11/the-wetware-crisis-the-dead-sea-effect/)
* [The Tyranny of Structurelessness - Jo freeman](https://www.jofreeman.com/joreen/tyranny.htm)
* [Vitality Curve](https://en.m.wikipedia.org/wiki/Vitality_curve)
* [Servant leadership - Wikipedia](https://en.wikipedia.org/wiki/Servant_leadership)
* **Management Skills**<a name="mgmt"></a>
* [Managers - rework.withgoogle.com](https://rework.withgoogle.com/subjects/managers/)
* [Manager Tools](https://www.manager-tools.com/)
* **Meetings**<a name="meetings"></a>
* [Reaching Peak Meeting Efficiency: Meetings are a critical tool for building a diverse, high-performance team with shared values - Steven Sinofsky](https://medium.learningbyshipping.com/reaching-peak-meeting-efficiency-f8e47c93317a)
* [Maker's Schedule, Manager's Schedule - Paul Graham(2009)](http://www.paulgraham.com/makersschedule.html)
* **Mental Health**<a name="mentalh"></a>
* **Burnout**
* [13 Surprising Signs of Burnout You May Be Missing - thriveglobal](https://thriveglobal.com/stories/13-surprising-signs-of-burnout-you-may-be-missing/)
@ -115,25 +221,64 @@
* **Stress**
* [Stress management - Mayo Clinic](https://www.mayoclinic.org/healthy-lifestyle/stress-management/in-depth/stress/art-20046037)
* [Understanding chronic stress - American Psychological Association](https://www.apa.org/helpcenter/understanding-chronic-stress)
* [Chronic Stress and a Life: How Stress Almost Killed Me - Sergio Caltagirone](http://www.activeresponse.org/chronic-stress-and-a-life-how-stress-almost-killed-me/)
* [Chronic Stress and a Life: How Stress Almost Killed Me - Sergio Caltagirone](http://www.activeresponse.org/chronic-stress-and-a-life-how-stress-almost-killed-me/)
* **Abusive Behaviour**
* [Sick systems: How to keep someone with you forever - Issendai](https://issendai.livejournal.com/572510.html)
* **Mentoring**<a name="mentor"></a>
* [How to get coaching, mentoring, and attention - Jake Seliger](https://jakeseliger.com/2010/10/02/how-to-get-your-professors%E2%80%99-attention-or-how-to-get-the-coaching-and-mentorship-you-need/)
* **Metrics**<a name="metrics"></a>
* [Be Careful What You Measure - Mark Graham Brown](https://corporater.com/en/the-chicken-kpi-be-careful-of-what-you-measure/)
* **Networking**<a name="network"></a>
* [That’s still not my RJ 45 Jack - IRL Networking for Humans Pt 2 - Johnny Xmas](https://www.irongeek.com/i.php?page=videos/converge2015/%22track112-how-to-dress-like-a-human-being-irl-networking-for-humans-pt-2-johnny-xmas%22)
* We're smart. We're incredibly tech savvy. We can rock some mad OSINT with our Google-Fu. We're 85% +-10% sure which part of the body a hat goes on. We think you can never have enough beard. WE THINK THAT'S ACCEPTABLE. The second in his multi-part series on building social prowess, this talk will focus on the inconvenient truth of your book always, always, always being judged by its cover, and how to deal with that with minimal effort so you can get back to sewing more pockets on your utilikilt. This talk covers both male and female situations, though it is primarily unisex. We'll get you set up with a core wardrobe and hygenic skillset so you'll be able to roll out of bed, spend minimal time "getting ready," rock the dreaded client-facing meeting or industry meetup, and get you back home where you can safely take your pants off.
* **Non-Competes**<a name="noncomp"></a>
* [Why I Turned Down an AWS Job Offer - Corey Quinn](https://www.lastweekinaws.com/blog/why-i-turned-down-an-aws-job-offer/)
* **Non-Technical Skills**<a name="non-tech"></a>
* [Relearning the Art of Asking Questions - HBR](https://hbr.org/2015/03/relearning-the-art-of-asking-questions)
* [How To Ask Questions The Smart Way - Eric Raymond](http://www.catb.org/esr/faqs/smart-questions.html)
* **Organizational Theory**<a name="orgtheory"></a>
* [Organizational Theory - Wikipedia](https://en.wikipedia.org/wiki/Organizational_theory)
* [The normalization of deviance in healthcare delivery - John Banja](https://www.ncbi.nlm.nih.gov/pmc/articles/PMC2821100/)
* [Resilience Engineering: Part I - Kitchen Soap](https://www.kitchensoap.com/2011/04/07/resilience-engineering-part-i/)
* [Bureaucratic drift - Wikipedia](https://en.wikipedia.org/wiki/Bureaucratic_drift)
* [Why are large companies so difficult to rescue (regarding bad internal technology) - Lawrence Krubner](http://www.smashcompany.com/business/why-are-large-companies-so-difficult-to-rescue-regarding-bad-internal-technology)
* [The normalization of deviance in healthcare delivery - John Banja](https://www.ncbi.nlm.nih.gov/pmc/articles/PMC2821100/)
* [Bedford and the Normalization of Deviance - Ron Rapp](https://www.rapp.org/archives/2015/12/normalization-of-deviance/)
* [Resilience In Complex Adaptive Systems - Richard Cook(Velocity NY 2013)](https://www.youtube.com/watch?v=PGLYEDpNu60)
* **Performance Reviews**<a name="perf-review"></a>
* [A Beginner’s Guide to Giving Performance Reviews - Advice for new managers on the most effective way to deliver feedback(Rebecca Fishbein)](https://medium.com/s/story/a-beginners-guide-to-giving-performance-reviews-963aba23bd)
* **Post-Mortems**<a name="postmort"></a>
* [A List of Post-mortems! - Dan Luu](https://github.com/danluu/post-mortems)
* **Project Management**<a name="projm"></a>
* [Anatomy of a runaway IT project - Bruce F. Webster](http://brucefwebster.com/2008/06/16/anatomy-of-a-runaway-it-project/)
* [Why “Agile” and especially Scrum are terrible - Michael O. Church](https://michaelochurch.wordpress.com/2015/06/)
* [Article Comments](https://michaelochurch.wordpress.com/2015/06/06/why-agile-and-especially-scrum-are-terrible/#comments)
* [Minimal Project Management - Hilton Lipschitz](https://hiltmon.com/blog/2016/03/05/minimal-project-management/)
* **Resume**<a name="resume"></a>
* [17 things that make this the perfect résumé - Áine Cain and Shayanne Gal(BusinessInsider)](https://www.businessinsider.com/why-this-is-an-excellent-resume-2013-11)
* [résumés - PracticalTypography](https://practicaltypography.com/resumes.html)
* [Become a Software Specialist with the Help of Your Resume - Erik Dietrich](https://daedtech.com/become-software-specialist-help-resume/)
* [How to Prepare Your Resume (Your Resume Stinks!) (Hall Of Fame Guidance) - ManagerTools](https://www.manager-tools.com/2005/10/your-resume-stinks)
* [Resume Update 2019 - Part 1 - ManagerTools](https://www.manager-tools.com/2019/06/resume-update-2019-part-1)
* [Impossible is Nothing - Resume](https://en.m.wikipedia.org/wiki/Impossible_Is_Nothing_(video_r%C3%A9sum%C3%A9))
* **Testing(Certifications/Exams)**<a name="testing"></a>
* [Better GIAC Testing with Pancakes - H4cks4panckakes](https://tisiphone.net/2015/08/18/giac-testing/)
* **Other**
* **Other**<a name="other"></a>
* [What senior engineers do: fix knowledge holes - Dan Moore](http://www.mooreds.com/wordpress/archives/3232)
* Worthwhile for the first comment in response to the article: "I don’t see anything “senior” about it, or even “engineer”. Seeing problems and solving them is what everyone does. Documenting the solution is one part of solving a problem. An apprentice carpenter does these things, too, and so does a farmer, and a waiter. Unfortunately, it’s not what most software companies reward, or how they operate. Whenever I did this, my manager, at every software company I’ve worked for, would say: “That’s cool, but you’re supposed to add the FooBar feature, and it needs to be done this Friday. Don’t waste time with reverse-engineering, or documentation. Just add one new field to the protocol somewhere. We can clean it up Later(TM).” This is Conway’s Law at work. What sort of company encourages the creation of two critical components which are completely undocumented? The sort of company which doesn’t reward documentation of critical components. That’s not likely to change because the engineer that created them happened to leave. (It took more time to reverse-engineer the protocol than it would have to document it when the knowledge was fresh.) The PM and QA who allowed this to happen are still there, right? What “Senior Engineer” really means is someone who’s spent enough time in the trenches to have earned a job title that allows them the latitude to make these sorts of improvements, and not have a PM question why they aren’t, instead, doing exactly what they were assigned. Look back at the story. Did the “senior engineer” go through proper channels to schedule a “reverse-engineer and document network protocol” task? No, he clearly didn’t trust that it would happen. Or maybe it was already there, but lowest priority (way below “fix CSS on IE”, of course). What was his actual responsibility that week? The story doesn’t say, but I don’t see any remarks about a PM breathing down his neck asking about the CSS fix he asked for (because that PM is the only user of the system, anywhere, of course, who uses IE and sees that particular bug). Documentation is not on this week’s “Sprint”! The process is fundamentally broken. We hear fables like this about how life would be better if we all did something one way (you’ll get promoted to Senior Engineer!), while in practice we’re punished for doing so."
* [The Shirky Principle - Technium](https://kk.org/thetechnium/the-shirky-prin/)
* “Institutions will try to preserve the problem to which they are the solution.” — Clay Shirky
* [Law #8: The Law of Duality - ericsink.com](https://ericsink.com/laws/Law_08.html)
* [Apple’s Software “Problem” and “Fixing” It (via twitter)](https://medium.learningbyshipping.com/apples-software-problem-and-fixing-it-via-twitter-c941a905ba20)
* [Revisiting L0pht testimony – 20yrs later -Space Rogue](https://www.spacerogue.net/wordpress/?p=709)
* **Industry History**
* [15 Months of Fresh Hell Inside Facebook - Nicholas Thompson and Fred Vogelstein](https://www.wired.com/story/facebook-mark-zuckerberg-15-months-of-fresh-hell/)
* [My Canons on (ISC)² Ethics - Such as They Are(2011)](http://infosecisland.com/blogview/15450-My-Canons-on-ISC-Ethics-Such-as-They-Are.html)
* [Apple’s Software “Problem” and “Fixing” It (via twitter)](https://medium.learningbyshipping.com/apples-software-problem-and-fixing-it-via-twitter-c941a905ba20)
* **Job Hunting Experiences**
* [Farewell, App Academy. Hello, Airbnb. (Part I) - Haseeb Qureshi](https://haseebq.com/farewell-app-academy-hello-airbnb-part-i/)
* **Industry**<a name="Industry"></a>
* **Shady things**
* [How Google Protected Andy Rubin, the ‘Father of Android’ - Daisuke Wakabayashi and Katie Benner(NYT)](https://www.nytimes.com/2018/10/25/technology/google-sexual-harassment-andy-rubin.html)
* **Wages**
* [Techtopus - Pando](https://pando.com/tag/techtopus/)
* [Newly unsealed documents show Steve Jobs' brutal response after getting a Google employee fired - Mark Ames](https://pando.com/2014/03/25/newly-unsealed-documents-show-steve-jobs-brutally-callous-response-after-getting-a-google-employee-fired/)

+ 3
- 1
Draft/Cars.md View File

@ -9,7 +9,9 @@
#### Sort
#### End Sort
https://www.pentestpartners.com/security-blog/vehicle-telematics-security-getting-it-right/
https://console-cowboys.blogspot.com/2019/04/hacking-all-cars-part-2.html
https://becomeautonomous.com/
------------------
### <a name="general"></a> General
* **Seriously check this first --->** [Awesome Vehicle Security List(github awesome lists)](https://github.com/jaredthecoder/awesome-vehicle-security)


+ 5
- 1
Draft/Cheats.md View File

@ -1,7 +1,9 @@
# Cheat Sheets & Reference Pages
https://github.com/SadProcessor/Cheats
https://github.com/chrisallenlane/cheat
* [PowerShell Remoting Cheatsheet - Scott Sutherland](https://blog.netspi.com/powershell-remoting-cheatsheet/)
### Cheat Sheets
* **General Cheat Sheets**
@ -94,6 +96,8 @@
* [Windows Startup Application Database](http://www.pacs-portal.co.uk/startup_content.php)
* [Windows CMD Reference - ms](https://www.microsoft.com/en-us/download/details.aspx?id=56846)
* [Windows Command Line cheatsheet (part 2): WMIC - andreafortuna](https://www.andreafortuna.org/dfir/windows-command-line-cheatsheet-part-2-wmic/)
* [Windows CLI gems. Tweets of @wincmdfu](https://github.com/madhuakula/wincmdfu#list-missing-updates)
* Windows one line commands that make life easier, shortcuts and command line fu.
* **Wireless Cheat Sheets**<a name="wifi"></a>
* [Management Frames Reference Sheet](http://download.aircrack-ng.org/wiki-files/other/managementframes.pdf)
* **DB Cheat Sheets**<a name="db"></a>


+ 253
- 0
Draft/Containers.md View File

@ -0,0 +1,253 @@
# Containers
---------------------
## Table of contents
- []()
- []()
- []()
- []()
--------------------
* [Static Analysis of Docker image vulnerabilities with Clair - Petr Kohut](https://www.nearform.com/blog/static-analysis-of-docker-image-vulnerabilities-with-clair/)
* [Docker Security Best Practices: Part 3 – Securing Container Images - Jeremy Valance](https://anchore.com/docker-security-best-practices-part-3-securing-container-images/)
* [How to implement Docker image scanning with open source tools - Mateo Burillo](https://sysdig.com/blog/docker-image-scanning/)
https://www.digitalocean.com/community/tutorials/an-introduction-to-kubernetes
https://github.com/kubernetes/community/blob/master/wg-security-audit/findings/AtredisPartners_Attacking_Kubernetes-v1.0.pdf
http://blog.sevagas.com/IMG/pdf/exploiting_capabilities_the_dark_side.pdf
https://blog.hansenpartnership.com/containers-and-cloud-security/
https://github.com/gravitational/gravity
https://github.com/rexray/rexray
https://wiki.unraid.net/UnRAID_6/Overview#Containers
* [How to Lose a Container in 10 Minutes - Sarah Young(BSidesSF 2019)](https://www.youtube.com/watch?v=fSj6_WgDATE&list=PLbZzXF2qC3RvGRbNQwKcf2KVaTCjzOB8o&index=4)
* Moving to the cloud and deploying containers? In this talk I will discuss both the mindset shift and tech challenges, with some common mistakes made in real-life deployments with some real life (albeit redacted) examples. We'll also look at what happens to a container that's been left open to the Internet for the duration of the talk.
Understanding and HardeningLinux Containers - NCCGroup
https://storageos.com/why-containers-miss-a-major-mark-solving-persistent-data-in-docker/
https://blog.appsecco.com/analysing-and-exploiting-kubernetes-apiserver-vulnerability-cve-2018-1002105-3150d97b24bb?gi=da5afbcc2d73
https://www.blackhat.com/docs/us-17/thursday/us-17-Cherny-Well-That-Escalated-Quickly-How-Abusing-The-Docker-API-Led-To-Remote-Code-Execution-Same-Origin-Bypass-And-Persistence_wp.pdf
https://blog.docker.com/2014/06/docker-container-breakout-proof-of-concept-exploit/
https://www.reddit.com/r/docker/comments/439a8h/exploiting_your_system_using_docker/
https://github.com/ProfessionallyEvil/harpoon
https://github.com/P3GLEG/Whaler
https://samaritan.ai/blog/reversing-docker-images-into-dockerfiles/
http://ifeanyi.co/posts/linux-namespaces-part-1/
http://ifeanyi.co/posts/linux-namespaces-part-2/
* [Docker Your Command & Control (C2) - obscuritylabs](https://blog.obscuritylabs.com/docker-command-controll-c2/)
* [Vulnerable Docker VM - notsosecure](https://www.notsosecure.com/vulnerable-docker-vm/)
http://www.friedhoff.org/posixfilecaps.html
https://www.redhat.com/en/blog/architecting-containers-part-1-why-understanding-user-space-vs-kernel-space-matters
Mesos
https://stackoverflow.com/questions/47769570/what-does-apache-mesos-do-that-kubernetes-cant-do-and-vice-versa?rq=1
https://stackoverflow.com/questions/26705201/whats-the-difference-between-apaches-mesos-and-googles-kubernetes?noredirect=1
https://stackoverflow.com/questions/28094147/what-does-apache-mesos-actually-do
http://mesos.apache.org/documentation/latest/architecture/
http://mesos.apache.org/documentation/latest/
https://en.wikipedia.org/wiki/Apache_Mesos
https://www.notsosecure.com/vulnerable-docker-vm/
https://null-byte.wonderhowto.com/how-to/create-reusable-burner-os-with-docker-part-1-making-ubuntu-hacking-container-0175328/
https://null-byte.wonderhowto.com/how-to/create-reusable-burner-os-with-docker-part-2-customizing-our-hacking-container-0175353/
https://blog.docker.com/2017/09/day-life-docker-admin/
Peter Benjamins blogposts
https://www.youtube.com/playlist?list=PLKDRii1YwXnLmd8ngltnf9Kzvbja3DJWx
http://carnal0wnage.attackresearch.com/2019/01/kubernetes-master-post.html?m=1
https://www.youtube.com/watch?v=fVqCAUJiIn0&feature=youtu.be
https://www.youtube.com/watch?v=UwBshgfnAGA
https://www.youtube.com/watch?v=ru7GicI5iyI
https://docs.google.com/presentation/d/1u6S1ycs8DURORf6S9XYKjP56oszJpouOca6xlkH9ILs/edit#slide=id.p
https://sysdig.com/blog/docker-image-scanning/
https://cloud.google.com/solutions/best-practices-for-operating-containers
https://sysdig.com/blog/oss-container-security-runtime/
https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/august/tools-and-methods-for-auditing-kubernetes-rbac-policies/
http://sven.stormbind.net/blog/posts/docker_from_30_to_230/
https://www.redhat.com/en/blog/architecting-containers-part-1-why-understanding-user-space-vs-kernel-space-matters
[Docker]
https://zeltser.com/security-risks-and-benefits-of-docker-application/
https://blog.docker.com/2014/06/docker-container-breakout-proof-of-concept-exploit/
http://www.slideshare.net/jpetazzo/linux-containers-lxc-docker-and-security
https://www.blackhat.com/docs/eu-15/materials/eu-15-Bettini-Vulnerability-Exploitation-In-Docker-Container-Environments-wp.pdf
https://www.sumologic.com/blog-security/securing-docker-containers/
https://www.nccgroup.trust/globalassets/our-research/us/whitepapers/2016/april/ncc_group_understanding_hardening_linux_containers-10pdf/
https://github.com/genuinetools/img
* [Scanning Docker images with CoreOS Clair - wdijkerman](https://werner-dijkerman.nl/2019/01/28/scanning-docker-images-with-coreos-clair/amp/)
https://medium.com/cruise/building-a-container-platform-at-cruise-part-1-507f3d561e6f
* [One of the original developers of cgroups on why it was created](https://news.ycombinator.com/item?id=20599672)
### Containers
* **cgroups**
* **101**
* **Articles/Blogposts/Writeups**
* **Securing**
* **Tools**
* **Docker**
* **101**
* **Articles/Blogposts/Writeups**
* **Securing**
* **Tools**
* **Jails**
* **Kubernetes**
* **101**
* **Articles/Blogposts/Writeups**
* **Securing**
* **Tools**
* **RunC**
* **101**
* **Articles/Blogposts/Writeups**
* **Securing**
* **Tools**
* **Mesos**
* **101**
* **Articles/Blogposts/Writeups**
* **Securing**
* **Tools**
https://github.com/coreos/clair
https://github.com/freach/kubernetes-security-best-practice
https://cloudplatform.googleblog.com/2018/03/exploring-container-security-an-overview.html?m=1
https://itnext.io/kubernetes-hardening-d24bdf7adc25
https://blog.ropnop.com/attacking-default-installs-of-helm-on-kubernetes/
* https://github.com/argoproj/argo
* [hardening-kubernetes from-scratch](https://github.com/hardening-kubernetes/from-scratch)
* A hands-on walkthrough for creating an extremely insecure Kubernetes cluster and then hardening it, step by step.
https://www.pentestpartners.com/security-blog/docker-for-hackers-a-pen-testers-guide/
https://www.stackrox.com/post/2017/08/hardening-docker-containers-and-hosts-against-vulnerabilities-a-security-toolkit/
* [xkcd on containers](https://xkcd.com/1988/)
* https://github.com/hawkeyesec/scanner-cli
* [Install and run a SPIRE Server and Agent locally on a Kubernetes cluster](https://spiffe.io/spire/getting-started-k8s/)
* This tutorial walks you through getting a SPIRE Server and SPIRE Agent running in a Kubernetes cluster, and configuring a workload container to access SPIRE.
* [Optimising Docker Layers for Better Caching with Nix - Graham Christensen](https://grahamc.com/blog/nix-and-layered-docker-images)
* [Hacking and Hardening Kubernetes Clusters by Example - Brad Geesaman(KubeCon 2017)](https://www.youtube.com/watch?v=vTgQLzeBfRU)
* "an eye-opening journey examining real compromises and sensitive data leaks that can occur inside a Kubernetes cluster, highlighting the configurations that allowed them to succeed, applying practical applications of the latest built-in security features and policies to prevent those attacks, and providing actionable steps for future detection."
* [An Attacker Looks at Docker: Approaching Multi-Container Applications - Wesley McGrew](https://i.blackhat.com/us-18/Thu-August-9/us-18-McGrew-An-Attacker-Looks-At-Docker-Approaching-Multi-Container-Applications-wp.pdf)
* [PaaSTA](https://github.com/Yelp/paasta)
* PaaSTA is a highly-available, distributed system for building, deploying, and running services using containers and Apache Mesos!
* [Getting Towards Real Sandbox Containers - Jesse Frazelle(May2016)](https://blog.jessfraz.com/post/getting-towards-real-sandbox-containers/)
* [An Attacker Looks at Docker: Approaching Multi-Container Applications - Wesley McGrew](https://i.blackhat.com/us-18/Thu-August-9/us-18-McGrew-An-Attacker-Looks-At-Docker-Approaching-Multi-Container-Applications-wp.pdf)
* [Kamus](https://github.com/Soluto/kamus)
* An open source, GitOps, zero-trust secrets encryption and decryption solution for Kubernetes applications. Kamus enable users to easily encrypt secrets than can be decrypted only by the application running on Kubernetes. The encryption is done using strong encryption providers (currently supported: Azure KeyVault, Google Cloud KMS and AES). To learn more about Kamus, check out the blog post and slides.
Docker
* https://github.com/wsargent/docker-cheat-sheet
* https://www.nccgroup.trust/globalassets/our-research/us/whitepapers/2016/april/ncc_group_understanding_hardening_linux_containers-1-1.pdf
* https://www.slideshare.net/jpetazzo/linux-containers-lxc-docker-and-security
* http://www.projectatomic.io/blog/2014/08/is-it-safe-a-look-at-docker-and-security-from-linuxcon/
* https://linux-audit.com/docker-security-best-practices-for-your-vessel-and-containers/
* https://blog.docker.com/2016/02/docker-engine-1-10-security/
* https://medium.com/@quayio/your-docker-image-ids-are-secrets-and-its-time-you-treated-them-that-way-f55e9f14c1a4
* https://github.com/konstruktoid/Docker/blob/master/Security/CheatSheet.adoc
* https://github.com/docker/docker-bench-security
* https://blog.docker.com/2015/05/understanding-docker-security-and-best-practices/
* http://www.projectatomic.io/blog/2016/03/no-new-privs-docker/
* https://container-solutions.com/content/uploads/2015/06/15.06.15_DockerCheatSheet_A2.pdf
* https://github.com/genuinetools/bane
* https://raesene.github.io/blog/2016/02/04/Docker-User-Namespaces/
* [On Docker security: 'docker' group considered harmful - Andreas Jung](https://www.zopyx.com/andreas-jung/contents/on-docker-security-docker-group-considered-harmful)
* [Securing The Docker Containers At CI/CD Pipeline Level - Alina Radu(BSidesBCN 2019)](https://www.youtube.com/watch?v=4whoQoNpu9Y&list=PLDuy2rk8e-D-foVf0ylfnHhSo2elmxRqy&index=10&t=0s)
### <a name="docker"></a> Docker
* [How to write excellent Dockerfiles - Jakub Skalecki](https://rock-it.pl/how-to-write-excellent-dockerfiles/)
* [Networking overview - docs.docker](https://docs.docker.com/network/)
* [Get Started, Part 1: Orientation and setup - docs.docker](https://docs.docker.com/get-started/)
* [Dockerfile reference - docs.docker.com](https://docs.docker.com/engine/reference/builder/)
* [Docker Image Specification v1.0.0](https://github.com/moby/moby/blob/master/image/spec/v1.md)
* [Docker security - docs.docker](https://docs.docker.com/engine/security/security/)
* [Reducing Deploy Risk With Docker’s Health Check Instruction - newrelic.com](https://blog.newrelic.com/engineering/docker-health-check-instruction/)
* [What is the purpose of VOLUME in Dockerfile - StackOverflow](https://stackoverflow.com/questions/34809646/what-is-the-purpose-of-volume-in-dockerfile)
[Dockerfiles - Jessie Frazelle](https://github.com/jessfraz/dockerfiles)
----------------------
### <a name="containers"></a>Containers
* **101**
* [LXC - Wikipedia](https://en.wikipedia.org/wiki/LXC)
* [Process Containers - lwn.net](https://lwn.net/Articles/236038/)
* [cgroups - wikipedia](https://en.wikipedia.org/wiki/Cgroups)
* [Everything you need to know about Jails - bsdnow.tv](http://www.bsdnow.tv/tutorials/jails)
* [Jails - FreeBSD handbook](https://www.freebsd.org/doc/handbook/jails.html)
* **Articles/Blogposts/Writeups**
* **Containers**
* [Controlling access to user namespaces - lwn.net](https://lwn.net/Articles/673597/)
* [Namespaces in operation, part 1: namespaces overview - lwn.net](https://lwn.net/Articles/531114/#series_index)
* [Linux LXC vs FreeBSD jail - Are there any notable differences between LXC (Linux containers) and FreeBSD's jails in terms of security, stability & performance? - unix.StackExchange](https://unix.stackexchange.com/questions/127001/linux-lxc-vs-freebsd-jail)
* **Docker**
* [Docker Security Best-Practices - Peter Benjamin](https://dev.to/petermbenjamin/docker-security-best-practices-45ih)
* [Is it possible to escalate privileges and escaping from a Docker container? - StackOverflow](https://security.stackexchange.com/questions/152978/is-it-possible-to-escalate-privileges-and-escaping-from-a-docker-container)
* [The Dangers of Docker.sock](https://raesene.github.io/blog/2016/03/06/The-Dangers-Of-Docker.sock/)
* [Abusing Privileged and Unprivileged Linux Containers - nccgroup](https://www.nccgroup.trust/uk/our-research/abusing-privileged-and-unprivileged-linux-containers/)
* [Understanding and Hardening Linux Containers - nccgroup](https://www.nccgroup.trust/uk/our-research/understanding-and-hardening-linux-containers/)
* Linux containers offer native OS virtualisation, segmented by kernel namespaces, limited through process cgroups and restricted through reduced root capabilities, Mandatory Access Control and user namespaces. This paper discusses these container features, as well as exploring various security mechanisms. Also included is an examination of attack surfaces, threats, and related hardening features in order to properly evaluate container security. Finally, this paper contrasts different container defaults and enumerates strong security recommendations to counter deployment weaknesses-- helping support and explain methods for building high-security Linux containers. Are Linux containers the future or merely a fad or fantasy? This paper attempts to answer that question.
* **Jails**
* [ezjail – Jail administration framework](https://erdgeist.org/arts/software/ezjail/)
* **Kubernetes**
* **Privilege Escalation**
* [Privilege Escalation via lxd - Josiah Beverton](https://reboare.github.io/lxd/lxd-escape.html)
* **Talks & Presentations**
* [Docker: Security Myths, Security Legends - Rory McCune](https://www.youtube.com/watch?v=uQigvjSXMLw)
* **Tools**
* **Containers**
* [nsjail](https://github.com/google/nsjail)
* A light-weight process isolation tool, making use of Linux namespaces and seccomp-bpf syscall filters (with help of the kafel bpf language)
* [ezjail – Jail administration framework](https://erdgeist.org/arts/software/ezjail/)
* **Docker**
* [docker-layer2-icc](https://github.com/brthor/docker-layer2-icc)
* Demonstrating that disabling ICC in docker does not block raw packets between containers.
* [docker-bench-security](https://github.com/docker/docker-bench-security)
* The Docker Bench for Security is a script that checks for dozens of common best-practices around deploying Docker containers in production.
* [Vulnerable Docker VM](https://www.notsosecure.com/vulnerable-docker-vm/)
* For practicing pen testing docker instances
* **Kubernetes**
* [Kubernetes Security Best-Practices - Peter Benjamin](https://dev.to/petermbenjamin/kubernetes-security-best-practices-hlk)

+ 2
- 0
Draft/Courses_Training.md View File

@ -18,6 +18,8 @@
https://maxkersten.nl/binary-analysis-course/
-----
### Classes & Training


+ 34
- 0
Draft/Crypto_Encrypt.md View File

@ -42,6 +42,40 @@
https://tls.ulfheim.net/
https://bearssl.org/
https://thecryptobible.co/protocols/tls.html
https://research.checkpoint.com/cryptographic-attacks-a-guide-for-the-perplexed/
https://www.blackhat.com/presentations/bh-usa-06/BH-US-06-Eng.pdf
* [A Diagram for Sabotaging Cryptosystems - @Jackson_T](https://web.archive.org/web/20180129010248/http://jackson.thuraisamy.me/crypto-backdoors.html)
* [A Detailed Look at RFC 8446 (a.k.a. TLS 1.3) - Cloudflare](https://blog.cloudflare.com/rfc-8446-aka-tls-1-3/)
* [Hash collisions and exploitations - Ange Albertini and Marc Stevens](https://github.com/corkami/collisions)
* The goal is to explore extensively existing attacks - and show on the way how weak MD5 is (instant collisions of any JPG, PNG, PDF, MP4, PE...) - and also explore in detail common file formats to determine how they can be exploited with present or with future attacks. Indeed, the same file format trick can be used on several hashes (the same JPG tricks were used for MD5, malicious SHA-1 and SHA1), as long as the collisions follow the same byte patterns. This document is not about new attacks (the most recent one was documented in 2012), but about new forms of exploitations of existing attacks.
https://blog.doyensec.com/2019/08/01/common-crypto-bugs.html
https://github.com/corkami/collisions
* [SSL/TLS and PKI History](https://www.feistyduck.com/ssl-tls-and-pki-history/)
* A comprehensive history of the most important events that shaped the SSL/TLS and PKI ecosystem.
https://tls.ulfheim.net/
https://asecuritysite.com/subjects/chapter58
https://github.com/ashutosh1206/Crypton
https://thecryptobible.co/primitives/symmetric_encryption.html
* [An Illustrated Guide to the BEAST Attack - Joshua Davies](http://commandlinefanatic.com/cgi-bin/showarticle.cgi?article=art027)
* [SHATTERED](https://shattered.io/)
http://securityintelligence.com/cve-2014-0195-adventures-in-openssls-dtls-fragmented-land/
https://www.wst.space/ssl-part1-ciphersuite-hashing-encryption/
https://wiki.mozilla.org/images/0/0b/Thunderbird-enigmail-report.pdf
https://malicioussha1.github.io/
-----
### <a name="general">General Information</a>


+ 30
- 2
Draft/DFIR.md View File

@ -19,6 +19,13 @@
#### Sort
* [Firefed](https://github.com/numirias/firefed)
* Firefed is a command-line tool to inspect Firefox profiles. It can extract saved passwords, preferences, addons, history and more. You may use it for forensic analysis, to audit your config for insecure settings or just to quickly extract some data without starting up the browser.
* [Forensics: Monitor Active Directory Privileged Groups with PowerShell - Ashley McGlone](https://blogs.technet.microsoft.com/ashleymcglone/2014/12/17/forensics-monitor-active-directory-privileged-groups-with-powershell/)
https://zeltser.com/security-incident-questionnaire-cheat-sheet/
https://zeltser.com/security-incident-survey-cheat-sheet/
https://zeltser.com/security-incident-log-review-checklist/
* [Touch Screen Lexicon Forensics (TextHarvester/WaitList.dat) - Barnaby Skeggs](https://b2dfir.blogspot.com/2016/10/touch-screen-lexicon-forensics.html?m=1)
* Sort sections alphabetically
* Update ToC
* [National Incident Management System -USA](https://www.fema.gov/national-incident-management-system)
@ -31,6 +38,14 @@
* [Investigating CloudTrail Logs - ](https://medium.com/starting-up-security/investigating-cloudtrail-logs-c2ecdf578911)
* [Who Fixes That Bug? - Part One: Them! - Ryan McGeehan](https://medium.com/starting-up-security/who-fixes-that-bug-d44f9a7939f2)
https://medium.com/starting-up-security/who-fixes-that-bug-f17d48443e21
https://www.sans.org/score/law-enforcement-faq/
https://www.sans.org/score/incident-forms/
https://aboutdfir.com/
https://forensixchange.com/posts/19_08_03_usb_storage_forensics_1/
https://github.com/giMini/PowerMemory
* [Sysmon - DFIR](https://github.com/MHaggis/sysmon-dfir)
* A curated list of resources for learning about deploying, managing and hunting with Microsoft Sysmon. Contains presentations, deployment methods, configuration file examples, blogs and additional github repositories.
@ -41,15 +56,28 @@ https://medium.com/starting-up-security/who-fixes-that-bug-f17d48443e21
* [Hacking Exposed Daily Blog #440: Windows 10 Notifications Database](http://www.hecfblog.com/2018/08/daily-blog-440-windows-10-notifications.html)
* [Data recovery on dead micro SD card - HDD Recovery Services](https://www.youtube.com/watch?v=jjB6wliyE_Y&feature=youtu.be)
* [SQLite-Parser](https://github.com/mdegrazia/SQLite-Deleted-Records-Parser)
* Script to recover deleted entries in an SQLite database
* [Python Parser to Recover Deleted SQLite Database Data - az4n6](
https://az4n6.blogspot.com/2013/11/python-parser-to-recover-deleted-sqlite.html)
https://medium.com/@sroberts/introduction-to-dfir-d35d5de4c180
https://github.com/demisto/COPS
https://blog.1234n6.com/2018/10/available-artifacts-evidence-of.html
https://www.incidentresponse.com/playbooks/
https://windowsir.blogspot.com/2019/05/evtxecmd.html
https://cert.societegenerale.com/en/publications.html


+ 6
- 0
Draft/DataVis.md View File

@ -9,8 +9,14 @@
* [Open Graph Viz Platform](https://gephi.org/)
* Gephi is the leading visualization and exploration software for all kinds of graphs and networks. Gephi is open-source and free.
* https://arxiv.org/abs/1901.01769
https://www.blackhillsinfosec.com/pyfunnels-data-normalization-for-infosec-workflows/
https://github.com/packetvitality/PyFunnels
https://www.sans.org/reading-room/whitepapers/OpenSource/pyfunnels-data-normalization-infosec-workflows-38785
### To Do
* Split into Data visualization/Working with data


+ 145
- 8
Draft/Defense.md View File

@ -6,6 +6,12 @@
* [Vulnerability Management Program Best Practices – Irfahn Khimji](https://www.tripwire.com/state-of-security/vulnerability-management/vulnerability-management-program-best-practices-part-1/)
* [Using security policies to restrict NTLM traffic - docs.ms](https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/jj865668(v=ws.10))
https://blog.stealthbits.com/how-to-detect-overpass-the-hash-attacks/
* **To-Do**
* User Awareness training
@ -16,6 +22,117 @@
* AWS Stuff
* GCP Stuff
https://infosec.mozilla.org/guidelines/openssh
https://wiki.mozilla.org/Security/Server_Side_TLS
https://www.dhs.gov/stopthinkconnect-toolkit
https://forensixchange.com/posts/19_08_03_usb_storage_forensics_1/
https://www.slideshare.net/HuyKha2/adsvs-v10-improving-the-security-of-active-directory
https://avleonov.com/2016/08/02/nessus-v2-xml-report-format/
https://avleonov.com/2017/01/25/parsing-nessus-v2-xml-reports-with-python/
https://www.verifyit.nl/wp/?p=175591
http://static.tenable.com/documentation/nessus_v2_file_format.pdf
https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide
* https://medium.com/palantir/windows-privilege-abuse-auditing-detection-and-defense-3078a403d74e
* [New feature in Office 2016 can block macros and help prevent infection](https://web.archive.org/web/20180527161910/https://cloudblogs.microsoft.com/microsoftsecure/2016/03/22/new-feature-in-office-2016-can-block-macros-and-help-prevent-infection/?source=mmpc)
* [Defensive Coding Strategies for a High-Security Environment - Matt Graeber - PowerShell Conference EU 2017](https://www.youtube.com/watch?reload=9&v=O1lglnNTM18)
* [What is conditional access in Azure Active Directory? - docs.ms](https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview)
* [Windows 10 Security Checklist Starter Kit - itprotoday](https://www.itprotoday.com/industry-perspectives/windows-10-security-checklist-starter-kit)
* [What is Active Directory Red Forest Design? - social.technet.ms](https://social.technet.microsoft.com/wiki/contents/articles/37509.what-is-active-directory-red-forest-design.aspx)
* [Securing Privileged Access Reference Material - docs.ms](https://docs.microsoft.com/en-us/windows-server/identity/securing-privileged-access/securing-privileged-access-reference-material)
* [Understanding “Red Forest”: The 3-Tier Enhanced Security Admin Environment (ESAE) and Alternative Ways to Protect Privileged Credentials - ultimatewindowsecurity](https://www.ultimatewindowssecurity.com/webinars/register.aspx?id=1409)
* [Planting the Red Forest: Improving AD on the Road to ESAE - Jacques Louw and Katie Knowles](https://www.mwrinfosecurity.com/our-thinking/planting-the-red-forest-improving-ad-on-the-road-to-esae/)
* [MongoDB Security Checklist](https://docs.mongodb.com/manual/administration/security-checklist/)
* [kethash](https://github.com/cyberark/ketshash)
* A little tool for detecting suspicious privileged NTLM connections, in particular Pass-The-Hash attack, based on event viewer logs.
* [ERNW Repository of Hardening Guides](https://github.com/ernw/hardening)
* This repository contains various hardening guides compiled by ERNW for various purposes. Most of those guides strive to provide a baseline level of hardening and may lack certain hardening options which could increase the security posture even more (but may have impact on operations or required operational effort).
* [Planning for Compromise - docs.ms](https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/planning-for-compromise)
* [Application Whitelist Auditor - airlockdigital](https://www.airlockdigital.com/application-whitelisting-auditor/)
* [iconSimple Software-Restriction Policy - iwrconsultancy](https://iwrconsultancy.co.uk/softwarepolicy)
* [Recon by Fire](https://github.com/HewlettPackard/reconbf)
* Recon is a tool for reviewing the security configuration of a local system. It can detect existing issues, known-insecure settings, existing strange behaviour, and options for further hardening. Recon can be used in existing systems to find out which elements can be improved and can provide some information about why the change is recommended. It can also be used to scan prepared system images to verify that they contain the expected protection.
* [How to Allow Non-Admin Users to Start/Stop Windows Service - woshub.com](http://woshub.com/set-permissions-on-windows-service/)
* [Protect your enterprise data using Windows Information Protection (WIP) - docs.ms](https://docs.microsoft.com/en-us/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip)
* [Security WatchLock Up Your Domain Controllers - Steve Riley - docs.ms](https://docs.microsoft.com/en-us/previous-versions/technet-magazine/cc160936(v=msdn.10))
* [Creating a Secure Environment using PowerShell Desired State Configuration - blogs.ms](https://blogs.msdn.microsoft.com/powershell/2014/07/21/creating-a-secure-environment-using-powershell-desired-state-configuration/)
* [AuditScripts - CIS Critical Security Controls](https://www.auditscripts.com/free-resources/critical-security-controls/)
https://github.com/MicrosoftDocs/windowsserverdocs/blob/master/WindowsServerDocs/identity/securing-privileged-access/securing-privileged-access-reference-material.md
* https://securitycheckli.st/?mc_cid=b3a4b630b7&mc_eid=f956a0c5ca
* https://cyber.gov.au/government/publications/securing-powershell-in-the-enterprise-pdf/
* [Inventory-BrowserExts - keyboardcrunch](https://github.com/keyboardcrunch/Inventory-BrowserExts)
* This script can inventory Firefox and/or Chrome extensions for each user from a list of machines. It returns all the information back in a csv file and prints to console a breakdown of that information.
https://github.com/Schillings/SwordPhish
* [Detect Password Spraying With Windows Event Log Correlation](https://www.ziemba.ninja/?p=66)
* [Hunting for SILENTTRINITY - Wee-Jing Chung](https://countercept.com/blog/hunting-for-silenttrinity/)
* [BloodHound and the Adversary Resilience Model](https://docs.google.com/presentation/d/14tHNBCavg-HfM7aoeEbGnyhVQusfwOjOyQE1_wXVs9o/mobilepresent#slide=id.g35f391192_00)
http://blog.win-fu.com/2017/08/stored-passwords-found-all-over-place.html?m=1
https://cqureacademy.com/blog/securing-infrastructure/role-separation-pki
* [Configuring Additional LSA Protection - docs.ms](https://docs.microsoft.com/en-us/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection)
https://posts.specterops.io/introducing-the-adversary-resilience-methodology-part-two-279a1ed7863d?gi=8bb99beb092b
https://github.com/google/santa
* [CIS Amazon Web Services Foundations](https://d0.awsstatic.com/whitepapers/compliance/AWS_CIS_Foundations_Benchmark.pdf)
* [Blocking Remote Use of Local Accounts - blogs.technet](https://blogs.technet.microsoft.com/secguide/2014/09/02/blocking-remote-use-of-local-accounts/)
* [Weaponizing Active Directory - David Fletcher](https://www.youtube.com/watch?reload=9&v=vLWGJ3f3-gI&feature=youtu.be)
* This webcast covers basic techniques to catch attackers attempting lateral movement and privilege escalation within your environment with the goal of reducing that Mean Time to Detect (MTTD) metric. Using tactical deception, we will lay out strategies to increase the odds that an attacker will give away their presence early after initial compromise.
https://www.microsoft.com/security/blog/2015/02/11/krbtgt-account-password-reset-scripts-now-available-for-customers/
https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/ad-forest-recovery-resetting-the-krbtgt-password
* [Practical PowerShell Security: Enable Auditing and Logging with DSC - Ashley McGlone](https://blogs.technet.microsoft.com/ashleymcglone/2017/03/29/practical-powershell-security-enable-auditing-and-logging-with-dsc/)
* [Where have all the Domain Admins gone? Rooting out Unwanted Domain Administrators - Rob VandenBrink](https://isc.sans.edu/diary/Where+have+all+the+Domain+Admins+gone%3F++Rooting+out+Unwanted+Domain+Administrators/24874)
* [Account lockout duration - docs.ms](https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/account-lockout-duration)
* [Detecting Offensive PowerShell Attack Tools - adsecurity.org](https://adsecurity.org/?p=2604)
https://dirteam.com/sander/2012/09/05/new-features-in-active-directory-domain-services-in-windows-server-2012-part-11-kerberos-armoring-fast/
https://social.technet.microsoft.com/wiki/contents/articles/38015.credential-guard-say-good-bye-to-ptht-pass-the-hashticket-attacks.aspx
https://oddvar.moe/2017/12/13/harden-windows-with-applocker-based-on-case-study-part-1/
https://www.youtube.com/watch?v=YXjIVuX6zQk
* [BloodHound From Red to Blue - Mathieu Saulnier(BSides Charm2019)](https://www.youtube.com/watch?v=UWY772iIq_Y)
* [Beyond Domain Admins – Domain Controller & AD Administration - ADSecurity.org](https://adsecurity.org/?p=3700)
* This post provides information on how Active Directory is typically administered and the associated roles & rights.
https://oddvar.moe/2017/12/21/applocker-case-study-how-insecure-is-it-really-part-2/
* [Why Does the Penetration Testing Team Hate Me? - Ryan Oberfelder](https://medium.com/@ryoberfelder/why-does-the-penetration-testing-team-hate-me-67a981c5e10c)
* [Weaponizing Active Directory - David Fletcher](https://www.youtube.com/watch?v=vLWGJ3f3-gI&feature=youtu.be)
* This webcast covers basic techniques to catch attackers attempting lateral movement and privilege escalation within your environment with the goal of reducing that Mean Time to Detect (MTTD) metric. Using tactical deception, we will lay out strategies to increase the odds that an attacker will give away their presence early after initial compromise.
* [Introducing the Adversary Resilience Methodology — Part One - Andy Robbins](https://posts.specterops.io/introducing-the-adversary-resilience-methodology-part-one-e38e06ffd604)
* [Introducing the Adversary Resilience Methodology — Part Two - Andy Robbins](https://posts.specterops.io/introducing-the-adversary-resilience-methodology-part-two-279a1ed7863d)
@ -34,6 +151,11 @@
* Capirca is a tool designed to utilize common definitions of networks, services and high-level policy files to facilitate the development and manipulation of network access control lists (ACLs) for various platforms. It was developed by Google for internal use, and is now open source.
* **Amazon AWS** <a name="aws"></a>
* **AWS**
* [The Open Guide to Amazon Web Services](https://github.com/open-guides/og-aws)
* A lot of information on AWS is already written. Most people learn AWS by reading a blog or a “getting started guide” and referring to the standard AWS references. Nonetheless, trustworthy and practical information and recommendations aren’t easy to come by. AWS’s own documentation is a great but sprawling resource few have time to read fully, and it doesn’t include anything but official facts, so omits experiences of engineers. The information in blogs or Stack Overflow is also not consistently up to date. This guide is by and for engineers who use AWS. It aims to be a useful, living reference that consolidates links, tips, gotchas, and best practices. It arose from discussion and editing over beers by several engineers who have used AWS extensively.
* **Lambda**
* [AWS Lambda - IAM Access Key Disabler](https://github.com/te-papa/aws-key-disabler)
* The AWS Key disabler is a Lambda Function that disables AWS IAM User Access Keys after a set amount of time in order to reduce the risk associated with old access keys.
* **S3**
* [Amazon S3 Bucket Public Access Considerations](https://aws.amazon.com/articles/5050)
* **Blue team Tactics** <a name="antired"></a>
@ -70,7 +192,6 @@
* Simple tool to configure Windows Filtering Platform (WFP) which can configure network activity on your computer. The lightweight application is less than a megabyte, and it is compatible with Windows Vista and higher operating systems. You can download either the installer or portable version. For correct working, need administrator rights.
* **(General) Hardening** <a name="hardening"></a>
* **101**
* **Browsers**
* **Guides**
* [ERNW Repository of Hardening Guides](https://github.com/ernw/hardening)
* [OWASP Secure Configuration Guide](https://www.owasp.org/index.php/Secure_Configuration_Guide)
@ -157,14 +278,13 @@
* [Decryptonite](https://github.com/DecryptoniteTeam/Decryptonite)
* Decryptonite is a tool that uses heuristics and behavioural analysis to monitor for and stop ransomware.
* **User Awareness Training** <a name="uat"></a>
* **Web**
* [Practical Approach to Detecting and Preventing Web Application Attacks over HTTP2](https://www.sans.org/reading-room/whitepapers/protocols/practical-approach-detecting-preventing-web-application-attacks-http-2-36877)
* [AWS Lambda - IAM Access Key Disabler](https://github.com/te-papa/aws-key-disabler)
* The AWS Key disabler is a Lambda Function that disables AWS IAM User Access Keys after a set amount of time in order to reduce the risk associated with old access keys.
* [OWASP Secure Headers Project](https://www.owasp.org/index.php/OWASP_Secure_Headers_Project)
* [The Open Guide to Amazon Web Services](https://github.com/open-guides/og-aws)
* A lot of information on AWS is already written. Most people learn AWS by reading a blog or a “getting started guide” and referring to the standard AWS references. Nonetheless, trustworthy and practical information and recommendations aren’t easy to come by. AWS’s own documentation is a great but sprawling resource few have time to read fully, and it doesn’t include anything but official facts, so omits experiences of engineers. The information in blogs or Stack Overflow is also not consistently up to date. This guide is by and for engineers who use AWS. It aims to be a useful, living reference that consolidates links, tips, gotchas, and best practices. It arose from discussion and editing over beers by several engineers who have used AWS extensively.
* **Web Browsers**
* **User-Profiling**
* [Browser fingerprints for a more secure web - Julien Sobrier & Ping Yan(OWASP AppSecCali2019)](https://www.youtube.com/watch?v=P_nYYsaVi1w&list=PLpr-xdpM8wG-bXotGh7OcWk9Xrc1b4pIJ&index=30&t=0s)
* **WAF** <a name="waf"></a>
* **General**
* [Practical Approach to Detecting and Preventing Web Application Attacks over HTTP2](https://www.sans.org/reading-room/whitepapers/protocols/practical-approach-detecting-preventing-web-application-attacks-http-2-36877)
* [OWASP Secure Headers Project](https://www.owasp.org/index.php/OWASP_Secure_Headers_Project)
* **NAXSI**
* [naxsi](https://github.com/nbs-system/naxsi)
* NAXSI is an open-source, high performance, low rules maintenance WAF for NGINX
@ -442,6 +562,8 @@
* [Awesome Windows Domain Hardening](https://github.com/PaulSec/awesome-windows-domain-hardening)
* A curated list of awesome Security Hardening techniques for Windows.
* **Documentation**
* [Introducing the security configuration framework: A prioritized guide to hardening Windows 10 - Chris Jackson(MS)](https://www.microsoft.com/security/blog/2019/04/11/introducing-the-security-configuration-framework-a-prioritized-guide-to-hardening-windows-10/)
* [Windows security baselines - docs.ms](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-security-baselines)
* **Guides**
* [Enable Attack surface reduction(Win10)- docs.ms](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction)
* [Harden windows IP Stack](https://www.reddit.com/r/netsec/comments/2sg80a/how_to_harden_windowsiis_ssltls_configuration/)
@ -471,6 +593,21 @@
* In this article you will learn some best-practice suggestions for using service applications according to the IT security rule of least privilege.
* [Best Practice: Securing Windows Service Accounts and Privileged Access – Part 1 - SecurIT360](https://www.securit360.com/blog/best-practice-service-accounts/)
* [Best Practice: Securing Windows Service Accounts and Privileged Access – Part 2 - SecurIT360](https://www.securit360.com/blog/best-practice-service-accounts-p2/)
* **Vulnerability Management**
* **101**
* US-CERT VulnMGMT FAQ: https://www.us-cert.gov/cdm/capabilities/vuln
* The Five Stages of Vulnerability Management(tripwire) - https://www.tripwire.com/state-of-security/vulnerability-management/the-five-stages-of-vulnerability-management/
* SANS - Implementing a Vulnerability Management Process: https://www.sans.org/reading-room/whitepapers/threats/implementing-vulnerability-management-process-34180
* Building a Model for Endpoint Security Maturity: https://www.tripwire.com/state-of-security/vulnerability-management/building-a-model-for-endpoint-security-maturity/
* **Measuring Maturity**
* Vulnerability Management Maturity Models – Trip Wire: https://traviswhitney.com/2016/05/02/vulnerability-management-maturity-models-trip-wire/
* Capability Maturity Model(Wikipedia): https://en.wikipedia.org/wiki/Capability_Maturity_Model
* **CVSS-related**
* Towards Improving CVSS - CMU SEI: https://resources.sei.cmu.edu/asset_files/WhitePaper/2018_019_001_538372.pdf
* When CVSS Fits and When it Doesn’t(NCC Group): https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2016/may/when-cvss-fits-and-when-it-doesnt/
* Don’t Substitute CVSS for Risk: Scoring System Inflates Importance of CVE-2017-3735: https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/dont-substitute-cvss-for-risk-scoring-system-inflates-importance-of-cve-2017-3735/
* Microsoft Exploitability Index: https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1


+ 31
- 15
Draft/Docs_and_Reports.md View File

@ -11,7 +11,12 @@
- [Video Documentation](#video)
- [Disclosure](#disclosure)
https://github.com/pavanw3b/sh00t
https://blogs.technet.microsoft.com/ecostrat/2010/07/22/coordinated-vulnerability-disclosure-bringing-balance-to-the-force/
https://github.com/GhostManager/Ghostwriter
https://posts.specterops.io/introducing-ghostwriter-part-1-61e7bd014aff
* [The Ultimate Workflow for Writers Obsessed with Quality - Rob Hardy](https://betterhumans.coach.me/the-ultimate-workflow-for-writers-obsessed-with-quality-5b2810e1214b)
* [The Elements Of Style: UNIX As Literature - Thomas Scoville](http://theody.net/elements.html)
-----------------
### Start Here
@ -49,15 +54,22 @@
* Curated list of public penetration test reports released by several consulting firms and academic security groups
* [Penetration tests done by cure53, good examples of how a report should be done.](https://cure53.de/#publications )
* [Offensive Security 2013 Demo report](http://www.offensive-security.com/offsec/penetration-test-report-2013/)
* **Writing a Report**
* [Writing a Penetration Testing Report by SANS](https://www.sans.org/reading-room/whitepapers/bestprac/writing-penetration-testing-report-33343)
* [I \<3 Reporting - ](https://github.com/leesoh/iheartreporting)
* Reporting Tips for Penetration Testers
* [Penetration Testing Execution Standard section on Reporting](http://www.pentest-standard.org/index.php/Reporting)
* [Tips for Creating an Information Security Assessment Report Cheat Sheet](https://zeltser.com/security-assessment-report-cheat-sheet/)
* [HowTo: Write pentest reports the easy way](http://blog.dornea.nu/2014/05/20/howto-write-pentest-reports-the-easy-way/)
* [ The Penetration Testing Report - websecuritywatch](https://web.archive.org/web/20180201103151/http://www.websecuritywatch.com/the-penetration-testing-report/)
* [Excellent blog post breaking down the various parts, a must read](http://wwwwebsecuritywatch.com/the-penetration-testing-report/)
* **Writing a Penetration Test Report**
* **Articles**
* [Writing a Penetration Testing Report by SANS](https://www.sans.org/reading-room/whitepapers/bestprac/writing-penetration-testing-report-33343)
* [Penetration Testing Execution Standard section on Reporting](http://www.pentest-standard.org/index.php/Reporting)
* [Tips for Creating an Information Security Assessment Report Cheat Sheet](https://zeltser.com/security-assessment-report-cheat-sheet/)
* [HowTo: Write pentest reports the easy way](http://blog.dornea.nu/2014/05/20/howto-write-pentest-reports-the-easy-way/)
* [ The Penetration Testing Report - websecuritywatch](https://web.archive.org/web/20180201103151/http://www.websecuritywatch.com/the-penetration-testing-report/)
* [Excellent blog post breaking down the various parts, a must read](http://wwwwebsecuritywatch.com/the-penetration-testing-report/)
* [Your Reporting Matters: How to Improve Pen Test Reporting - Brian B. King](https://www.blackhillsinfosec.com/your-reporting-matters-how-to-improve-pen-test-reporting/)
* [Video Presentation](https://www.youtube.com/watch?v=NUueNT1svb8)
* **Talks**
* [Hack for Show, Report for Dough - Brian B. King(WWHF 2018)](https://www.youtube.com/watch?v=c_LBWqNDY0M)
* The fun part of pentesting is the hacking. But the part that makes it a viable career is the report. You can develop the most amazing exploit for the most surprising vulnerability, but if you can't document it clearly for the people who need to fix it, then you're just having fun. Which is fine! But if you want to make a career out of it, your reports need to be as clear and useful as your hacks are awesome. This talk shows simple techniques you can use to make your reports clear, useful, and brief. You'll see some before-and-after examples of a bad report made good, with clear explanations of what makes the difference. Those things will be useful no matter what tools you use to create reports. Then, if we have time, we'll look at some Microsoft Word hacks that will save you time and improve consistency.
* **Tools that can help**
* [I \<3 Reporting - ](https://github.com/leesoh/iheartreporting)
* Reporting Tips for Penetration Testers
* **Writing an Request for Proposal**
* [security-assessment-rfp-cheat-sheet](http://zeltser.com/security-assessments/security-assessment-rfp-cheat-sheet.html)
* **Templates**
@ -66,11 +78,15 @@
* **Meta**<a name="meta"></a>
* **LaTex**
* **Markdown**
* [What is Markdown?](http://daringfireball.net/projects/markdown/syntax)
* [Using markdown](https://guides.github.com/features/mastering-markdown/)
* [Markdown Syntax](http://daringfireball.net/projects/markdown/syntax)
* [Markdown basics](https://help.github.com/articles/markdown-basics/)
* [Mastering Markdown](https://guides.github.com/features/mastering-markdown/)
* **101**
* [What is Markdown?](http://daringfireball.net/projects/markdown/syntax)
* [Markdown Syntax](http://daringfireball.net/projects/markdown/syntax)
* [Markdown basics](https://help.github.com/articles/markdown-basics/)
* **Using**
* [Markdown For Penetration testers & Bug-bounty hunters - enciphers](https://enciphers.com/markdown-for-penetration-testers-bug-bounty-hunters/)
* [Using markdown](https://guides.github.com/features/mastering-markdown/)
* [Mastering Markdown](https://guides.github.com/features/mastering-markdown/)
* **Tools**
* **Tools**
* [vim-wordy](https://github.com/reedes/vim-wordy/blob/master/README.markdown)
* wordy is not a grammar checker. Nor is it a guide to proper word usage. Rather, wordy is a lightweight tool to assist you in identifying those words and phrases known for their history of misuse, abuse, and overuse, at least according to usage experts.


+ 24
- 0
Draft/Embedded.md View File

@ -31,8 +31,25 @@
http://www.sp3ctr3.me/hardware-security-resources/
https://www.irongeek.com/i.php?page=videos/derbycon7/t316-anatomy-of-a-medical-device-hack-doctors-vs-hackers-in-a-clinical-simulation-cage-match-joshua-corman-christian-dameff-md-ms-jeff-tully-md-beau-woods
* https://media.blackhat.com/us-13/US-13-Zaddach-Workshop-on-Embedded-Devices-Security-and-Firmware-Reverse-Engineering-WP.pdf
* https://github.com/nsacyber/Hardware-and-Firmware-Security-Guidance
https://inception-framework.github.io/inception/
IoT Methodology
https://resources.infosecinstitute.com/beginners-guide-to-pentesting-iot-architecture-network-and-setting-up-iot-pentesting-lab-part-1/
https://github.com/phodal/awesome-iot
http://iotpentest.com/iot-protocols-introduction/
https://www.networkworld.com/article/3198495/internet-of-things/how-to-conduct-an-iot-pen-test.html
https://github.com/V33RU/IoTSecurity101
https://blog.attify.com/how-to-iot-pentesting/
* **To-Do**
* Fingeprint readers
* [Breaking apple touchID cheaply](http://www.ccc.de/en/updates/2013/ccc-breaks-apple-touchid)
@ -44,7 +61,14 @@
* SD Cards
* TPM
* [Attackin the TPM part 2](https://www.youtube.com/watch?v=h-hohCfo4LA)
https://firmwaresecurity.com/2019/05/01/deral-heiland-extracting-firmware-from-microcontrollers-onboard-flash-memory-parts-1-3/
https://firmwaresecurity.com/2019/04/28/mimoja-amd-firmware-presentation-uploaded/
http://www.farleyforensics.com/2019/04/25/have-you-ever-wanted-to-get-started-with-jtag-isp-chip-off-extractions-but-never-knew-what-you-needed-to-get-started/
https://blog.quarkslab.com/reverse-engineering-broadcom-wireless-chipsets.html
https://github.com/ChrisTheCoolHut/Firmware_Slap
* [From 0 to Infinity - Guy](https://docs.google.com/presentation/d/19A1JWyOTueZvD8AksqCxtxriNJJgj0vPdq3cNTwndf4/mobilepresent#slide=id.g35506ef05e_0_0)


+ 6
- 2
Draft/Exfiltration.md View File

@ -17,10 +17,14 @@ Sort tools into categories of type, i.e. physical network, wireless(types thereo
* [SneakyCreeper](https://strikersecurity.com/blog/sneaky-creeper-data-exfiltration-overview/)
* A Framework for Data Exfiltration
* [Github](https://github.com/DakotaNelson/sneaky-creeper)
* [PacketWhisper](https://github.com/TryCatchHCF/PacketWhisper?mc_cid=065d80dbfd&mc_eid=f956a0c5ca)
* Stealthily Transfer Data & Defeat Attribution Using DNS Queries & Text-Based Steganography, without the need for attacker-controlled Name Servers or domains; Evade DLP/MLS Devices; Defeat Data- & DNS Name Server Whitelisting Controls. Convert any file type (e.g. executables, Office, Zip, images) into a list of Fully Qualified Domain Names (FQDNs), use DNS queries to transfer data. Simple yet extremely effective.
* [GSMem: Data Exfiltration from Air-Gapped Computers over GSM Frequencies - usenix conference](https://www.usenix.org/system/files/conference/usenixsecurity15/sec15-paper-guri-update.pdf)
https://github.com/moloch--/wire-transfer
##### End Sort
https://github.com/TarlogicSecurity/Arecibo
* [Secure WebDav Egress: AMZ EC2, Apache, and Let's Encrypt - Chris Patten](http://rift.stacktitan.com/alternate-unc-webdav-ssl-and-lets-encrypt/)
-----


+ 51
- 0
Draft/Exploit_Dev.md View File

@ -67,6 +67,57 @@
https://rastating.github.io/creating-a-custom-shellcode-encoder/
https://www.corelan.be/index.php/2019/04/23/windows-10-egghunter/
https://blog.flanker017.me/galaxy-leapfrogging-pwning-the-galaxy-s8/
https://blog.flanker017.me/galaxy-leapfrogging-pwning-the-galaxy-s8/
https://github.com/swisskyrepo/PayloadsAllTheThings
https://github.com/Cn33liz/MS17-012
https://github.com/qazbnm456/awesome-cve-poc#cve-2018-5318
https://github.com/Cn33liz/Tater
* [High-Level Approaches for Finding Vulnerabilities - @Jackson_T](https://web.archive.org/web/20171119102445/https://jackson.thuraisamy.me/finding-vulnerabilities.html)
http://blog.sevagas.com/?Code-segment-encryption
* https://j00ru.vexillium.org/papers/2018/bochspwn_reloaded.pdf
https://www.youtube.com/watch?v=gu_i6LYuePg
https://j00ru.vexillium.org/syscalls/nt/64/
http://www.exploit-monday.com/2013/08/writing-optimized-windows-shellcode-in-c.html
https://hovav.net/ucsd/dist/noret-ccs.pdf
* [Return-Oriented Programming without Returns - Stephen Checkoway, Lucas Davi, Alexandra Dmitrienko, Ahmad-Reza Sadeghi, Hovav Shacham, and Marcel Winandy](https://hovav.net/ucsd/papers/cddssw10.html)
* We show that on both the x86 and ARM architectures it is possible to mount return-oriented programming attacks without using return instructions. Our attacks instead make use of certain instruction sequences that behave like a return, which occur with sufficient frequency in large libraries on (x86) Linux and (ARM) Android to allow creation of Turing-complete gadget sets. Because they do not make use of return instructions, our new attacks have negative implications for several recently proposed classes of defense against return-oriented programming: those that detect the too-frequent use of returns in the instruction stream; those that detect violations of the last-in, first-out invariant normally maintained for the return-address stack; and those that modify compilers to produce code that avoids the return instruction.
https://googleprojectzero.blogspot.com/2018/04/windows-exploitation-tricks-exploiting.html


+ 23
- 0
Draft/Fuzzing.md View File

@ -41,6 +41,29 @@
https://danluu.com/testing/
https://www.usenix.org/conference/woot12/workshop-program/presentation/vanegue
https://labs.mwrinfosecurity.com/publications/corrupting-memory-in-microsoft-office-protected-view-sandbox/?t=1&cn=ZmxleGlibGVfcmVjcw%3D%3D&refsrc=email&iid=565088e5a455476c97c557e8bbcec069&fl=4&uid=150127534&nid=244+285282312
https://github.com/nccgroup/fuzzowski
https://mattwarren.org/2018/08/28/Fuzzing-the-.NET-JIT-Compiler/
https://github.com/jakobbotsch/Fuzzlyn
------------
### <a name="general"></a>General<a name="general"></a>
* **101**


+ 7
- 0
Draft/Games.md View File

@ -9,6 +9,13 @@
* [Talks & Presentations](#talks)
* [Tools](#tools)
https://www.youtube.com/user/L4DL4D2EUROPE/videos
* [Diablo1 Notes](https://github.com/sanctuary/notes)
* The aim of this project is to organize and cross-reference a collection of notes related to the inner workings of the Diablo 1 game engine.
------------


+ 43
- 70
Draft/Interesting_Things.md View File

@ -4,6 +4,45 @@
#### Sort
https://getindico.io/
https://www.niceideas.ch/roller2/badtrash/entry/deciphering-the-bengladesh-bank-heist
https://citizenlab.ca/2018/10/the-kingdom-came-to-canada-how-saudi-linked-digital-espionage-reached-canadian-soil/
* [Cambridge Analytica explains how the Trump campaign worked](https://www.youtube.com/watch?v=bB2BJjMNXpA)
* Molly Schweickert, Vice President Global Media from Cambridge Analytica on "How digital advertising worked for the US 2016 presidential campaign". How they used Facebook user data and other sources to target specific users with individual messages for the 2016 Trump election campaign. She is Alexander Nix' digital marketing expert.
http://www.tidepools.co/history.html
http://habitatchronicles.com/2007/03/the-untold-history-of-toontowns-speedchat-or-blockchattm-from-disney-finally-arrives/
https://v1.escapistmagazine.com/articles/view/video-games/issues/issue_101/559-Will-Bobba-for-Furni.3
https://pagedout.institute/?page=issues.php
https://www.cnet.com/forums/discussions/beyond-the-grave-virus-infecting-hedge-funds/
https://elpais.com/elpais/2019/03/13/inenglish/1552464196_279320.html
http://www.catb.org/~esr/jargon/html/koans.html
* [Cyber-Mercenary Groups Shouldn't be Trusted in Your Browser or Anywhere Else - Cooper Quintin(EFF)](https://www.eff.org/deeplinks/2019/02/cyber-mercenary-groups-shouldnt-be-trusted-your-browser-or-anywhere-else)
https://baesystemsai.blogspot.com/2016/04/two-bytes-to-951m.html
https://www.ribbonfarm.com/2012/03/08/halls-law-the-nineteenth-century-prequel-to-moores-law/
https://epic.org/2019/01/border-agency-finalizes-social.html
https://epic.org/foia/epic-v-dhs-media-monitoring/
https://www.govinfo.gov/content/pkg/FR-2018-12-27/pdf/2018-27944.pdf
https://www.rand.org/research/gun-policy/analysis/essays/mass-shootings.html
* [A Verified Information-Flow Architecture](http://www.crash-safe.org/assets/verified-ifc-long-draft-2013-11-10.pdf)
* SAFE is a clean-slate design for a highly secure computer system, with pervasive mechanisms for tracking and limiting information flows. At the lowest level, the SAFE hardware supports fine-grained programmable tags, with efficient and flexible propagation and combination of tags as instructions are executed. The operating system virtualizes these generic facilities to present an information-flow abstract machine that allows user programs to label sensitive data with rich confidentiality policies. We present a formal, machine-checked model of the key hardware and software mechanisms used to control information flow in SAFE and an end- to-end proof of noninterference for this model.
* [SimpleVisor](https://github.com/ionescu007/SimpleVisor)
@ -13,7 +52,7 @@
http://spth.virii.lu/articles.htm
https://bugs.php.net/bug.php?id=50696
https://dynamicland.org/
* [Pulling Back the Curtain on Airport Security: Can a Weapon Get Past TSA? - Billy Rios - BHUSA 2014](https://www.youtube.com/watch?reload=9&v=hbqVNlwfjxo)
* Every day, millions of people go through airport security. While it is an inconvenience that could take a while, most are willing to follow the necessary procedures if it can guarantee their safety. Modern airport security checkpoints use sophisticated technology to help the security screeners identify potential threats and suspicious baggage. Have you ever wondered how these devices work? Have you ever wondered why an airport security checkpoint was set up in a particular configuration? Join us as we present the details on how a variety of airport security systems actually work, and reveal their weaknesses. We’ll present what we have learned about modern airport security procedures, dive deep into the devices used to detect threats, and we’ll present some the bugs we discovered along the way.
@ -67,15 +106,15 @@ https://bugs.php.net/bug.php?id=50696
* [Windows Commands Abused by Attackers](http://blog.jpcert.or.jp/2016/01/windows-commands-abused-by-attackers.html)
* [The Distribution of Users’ Computer Skills: Worse Than You Think](https://www.nngroup.com/articles/computer-skill-levels/)
* [Infosec Podcasts](http://www.getmon.com/)
* [THE BASIC LAWS OF HUMAN STUPIDITY - Carlo M. Cipolia](http://harmful.cat-v.org/people/basic-laws-of-human-stupidity/)
* [The Basic Laws Of Human Stupidity - Carlo M. Cipolia](http://harmful.cat-v.org/people/basic-laws-of-human-stupidity/)
* **Airplanes**
* [NTSB Aviation Accident Database & Synopses](https://www.ntsb.gov/_layouts/ntsb.aviation/index.aspx)
* [The Aviation Herald](https://avherald.com/)
* [radar - securitywizardy](http://www.securitywizardry.com/radar.htm)
* [Real-life experiences in avionics security assessment (A. Barisani)](https://www.youtube.com/watch?v=xtSmPgXw34I&feature=youtu.be&app=desktop)
* **Attacking**
* [It’s all about the timing. . . Blackhat talk](https://www.blackhat.com/presentations/bh-usa-07/Meer_and_Slaviero/Whitepaper/bh-usa-07-meer_and_slaviero-WP.pdf)
* Description: This paper is broken up into several distinct parts, all related loosely to timing and its role in information se- curity today. While timing has long been recognized as an important component in the crypt-analysts arse- nal, it has not featured very prominently in the domain of Application Security Testing. This paper aims at highlighting some of the areas in which timing can be used with great effect, where traditional avenues fail. In this paper, a brief overview of previous timing attacks is provided, the use of timing as a covert channel is examined and the effectiveness of careful timing during traditional web application and SQL injection attacks is demonstrated. The use of Cross Site Timing in bypass- ing the Same Origin policy is explored as we believe the technique has interesting possibilities for turning innocent browsers into bot-nets aimed at, for instance, brute-force attacks against third party web-sites
* [It’s all about the timing... - lackhat talk](https://www.blackhat.com/presentations/bh-usa-07/Meer_and_Slaviero/Whitepaper/bh-usa-07-meer_and_slaviero-WP.pdf)
* Description: This paper is broken up into several distinct parts, all related loosely to timing and its role in information se- curity today. While timing has long been recognized as an important component in the crypt-analysts arse- nal, it has not featured very prominently in the domain of Application Security Testing. This paper aims at highlighting some of the areas in which timing can be used with great effect, where traditional avenues fail. In this paper, a brief overview of previous timing attacks is provided, the use of timing as a covert channel is examined and the effectiveness of careful timing during traditional web application and SQL injection attacks is demonstrated. The use of Cross Site Timing in bypass- ing the Same Origin policy is explored as we believe the technique has interesting possibilities for turning innocent browsers into bot-nets aimed at, for instance, brute-force attacks against third party web-sites
* [A Look In the Mirror: Attacks on Package Managers](https://isis.poly.edu/~jcappos/papers/cappos_mirror_ccs_08.pdf)
* [VM as injection payload ](http://infiltratecon.com/downloads/python_deflowered.pdf)
* [Thousands of MongoDB installations on the net unprotected](http://cispa.saarland/wp-content/uploads/2015/02/MongoDB_documentation.pdf)
@ -400,7 +439,6 @@ https://bugs.php.net/bug.php?id=50696
* Local
* [Foreign LINUX](https://github.com/wishstudio/flinux)
* Foreign LINUX is a dynamic binary translator and a Linux system call interface emulator for the Windows platform. It is capable of running unmodified Linux binaries on Windows without any drivers or modifications to the system. This provides another way of running Linux applications under Windows in constrast to Cygwin and other tools.
* **Network**
* [Netdude](http://netdude.sourceforge.net/)
* The Network Dump data Displayer and Editor is a framework for inspection, analysis and manipulation of tcpdump trace files. It addresses the need for a toolset that allows easy inspection, modification, and creation of pcap/tcpdump trace files. Netdude builds on any popular UNIX-like OS, such as Linux, the BSDs, or OSX.
@ -459,68 +497,3 @@ https://bugs.php.net/bug.php?id=50696
* **GPU Keylogger**
* [Demon](https://github.com/x0r1/Demon)
* GPU keylogger PoC by Team Jellyfish
### Professional Development
* [You Suck at Excel with Joel Spolsky(2015)](https://www.youtube.com/watch?v=0nbkaYsR94c&feature=youtu.be)
* The way you are using Excel causes errors, creates incomprehensible spaghetti spreadsheets, and makes me want to stab out my own eyes. Enough of the =VLOOKUPs with the C3:$F$38. You don't even know what that means.
* [Notes](https://trello.com/b/HGITnpih/you-suck-at-excel)
* [Robustness Principle - Wikipedia](https://en.m.wikipedia.org/wiki/Robustness_principle)
https://blog.codinghorror.com/recommended-reading-for-developers/
* Add:
* Manager's Tools podcast
* RibbonFarm Gervais theory
* These are rantings of someone who dropped out of college and holds no business degree. Be forewarned.
https://hbr.org/2017/05/how-to-have-difficult-conversations-when-you-dont-like-conflict
https://malicious.link/post/2018/getting-hired-a-few-tips/
* [Maker's Schedule, Manager's Schedule - Paul Graham(2009)](http://www.paulgraham.com/makersschedule.html)
* [Reaching Peak Meeting Efficiency: Meetings are a critical tool for building a diverse, high-performance team with shared values - Steven Sinofsky](https://medium.learningbyshipping.com/reaching-peak-meeting-efficiency-f8e47c93317a)
* [Salary Comparison Across Various companies](https://www.levels.fyi/)
* [How to Apply Critical Thinking Using Paul-Elder Framework - designorate](https://www.designorate.com/critical-thinking-paul-elder-framework/)
* [When to Test and How to Test It - Bruce Potter - Derbycon7](https://www.youtube.com/watch?v=Ej97WyEMRkI)
* “I think we need a penetration test” This is one of the most misunderstood phrases in the security community. It can mean anything from “Someone should run a vulnerability scan against a box” to “I’d like nation-state capable actors to tell me everything that wrong with my enterprise” and everything in between. Security testing is a complex subject and it can be hard to understand what the best type of testing is for a given situation. This talk will examine the breadth of software security testing. From early phase unit and abuse testing to late phase penetration testing, this talk will provide details on the different tests that can be performed, what to expect from the testing, and how to select the right tests for your situation. Test coverage, work effort, attack simulation, and reporting results will be discussed. Also, this talk will provide a process for detailed product assessments, i.e.: if you’ve got a specific product you’re trying to break, how do you approach assessing the product in a way that maximizes your chance of breaking in as well as maximizing the coverage you will get from your testing activity.
* [Q: Why Do Keynote Speakers Keep Suggesting That Improving Security Is Possible? A: Because Keynote Speakers Make Bad Life Decisions and Are Poor Role Models](https://www.usenix.org/conference/usenixsecurity18/presentation/mickens)
* Some people enter the technology industry to build newer, more exciting kinds of technology as quickly as possible. My keynote will savage these people and will burn important professional bridges, likely forcing me to join a monastery or another penance-focused organization. In my keynote, I will explain why the proliferation of ubiquitous technology is good in the same sense that ubiquitous Venus weather would be good, i.e., not good at all. Using case studies involving machine learning and other hastily-executed figments of Silicon Valley’s imagination, I will explain why computer security (and larger notions of ethical computing) are difficult to achieve if developers insist on literally not questioning anything that they do since even brief introspection would reduce the frequency of git commits. At some point, my microphone will be cut off, possibly by hotel management, but possibly by myself, because microphones are technology and we need to reclaim the stark purity that emerges from amplifying our voices using rams’ horns and sheets of papyrus rolled into cone shapes. I will explain why papyrus cones are not vulnerable to buffer overflow attacks, and then I will conclude by observing that my new start-up papyr.us is looking for talented full-stack developers who are comfortable executing computational tasks on an abacus or several nearby sticks.
* **101**
* [Bureaucratic drift - Wikipedia](https://en.wikipedia.org/wiki/Bureaucratic_drift)
* [Organizational Theory - Wikipedia](https://en.wikipedia.org/wiki/Organizational_theory)
* **Compensation/Salary Negotiation**
* **Culture**
* [Containers Will Not Fix Your Broken Culture (and Other Hard Truths) - Complex socio-technical systems are hard; film at 11. - Bridget Kromhout](https://queue.acm.org/detail.cfm?id=3185224)
* **Informal Laws & Principles**
* [The Gervais Principle - RibbonFarm](https://www.ribbonfarm.com/the-gervais-principle/)
* [Peter Principle - Wikipedia](https://en.wikipedia.org/wiki/Peter_principle)
* The Peter principle is a concept in management developed by Laurence J. Peter, which observes that people in a hierarchy tend to rise to their "level of incompetence". In other words, employees are promoted based on their success in previous jobs until they reach a level at which they are no longer competent, as skills in one job do not necessarily translate to another. The concept was enunciated in the 1969 book The Peter Principle by Peter and Raymond Hull.
* It was originally written as a satire.
* [Dilbert Principle - Wikipedia](https://en.wikipedia.org/wiki/Dilbert_principle)
* The Dilbert principle refers to a 1990s theory by Dilbert cartoonist Scott Adams stating that companies tend to systematically promote their least competent employees to management (generally middle management), to limit the amount of damage they are capable of doing.
* [The Iron Law of Bureaucracy](https://www.jerrypournelle.com/reports/jerryp/iron.html)
* Pournelle's Iron Law of Bureaucracy states that in any bureaucratic organization there will be two kinds of people":
* `First, there will be those who are devoted to the goals of the organization. Examples are dedicated classroom teachers in an educational bureaucracy, many of the engineers and launch technicians and scientists at NASA, even some agricultural scientists and advisors in the former Soviet Union collective farming administration.`
* `Secondly, there will be those dedicated to the organization itself. Examples are many of the administrators in the education system, many professors of education, many teachers union officials, much of the NASA headquarters staff, etc.`
* The Iron Law states that in every case the second group will gain and keep control of the organization. It will write the rules, and control promotions within the organization.
* **Management**
* [The Tyranny of Structurelessness - Jo freeman](https://www.jofreeman.com/joreen/tyranny.htm)
* [Vitality Curve](https://en.m.wikipedia.org/wiki/Vitality_curve)
* **Networking**
* [That’s still not my RJ 45 Jack - IRL Networking for Humans Pt 2 - Johnny Xmas](https://www.irongeek.com/i.php?page=videos/converge2015/%22track112-how-to-dress-like-a-human-being-irl-networking-for-humans-pt-2-johnny-xmas%22)
* We're smart. We're incredibly tech savvy. We can rock some mad OSINT with our Google-Fu. We're 85% +-10% sure which part of the body a hat goes on. We think you can never have enough beard. WE THINK THAT'S ACCEPTABLE. The second in his multi-part series on building social prowess, this talk will focus on the inconvenient truth of your book always, always, always being judged by its cover, and how to deal with that with minimal effort so you can get back to sewing more pockets on your utilikilt. This talk covers both male and female situations, though it is primarily unisex. We'll get you set up with a core wardrobe and hygenic skillset so you'll be able to roll out of bed, spend minimal time "getting ready," rock the dreaded client-facing meeting or industry meetup, and get you back home where you can safely take your pants off.
* **Problem Solving**
* [The XY Problem](http://xyproblem.info/)
* The XY problem is asking about your attempted solution rather than your actual problem. This leads to enormous amounts of wasted time and energy, both on the part of people asking for help, and on the part of those providing help.
* [The AZ Problem](http://azproblem.info/)
* This website introduces the AZ Problem: a generalization of the XY Problem. To wit, if we agree that the XY Problem is a problem, than the AZ Problem is a metaproblem. And while the XY Problem is often technical, the AZ Problem is procedural. The AZ Problem is when business requirements are misunderstood or decontextualized. These requirements end up being the root cause of brittle, ill-suited, or frivolous features. An AZ Problem will often give rise to several XY Problems.
* **Surrounding Environment**
* [My Canons on (ISC)² Ethics - Such as They Are(2011)](http://infosecisland.com/blogview/15450-My-Canons-on-ISC-Ethics-Such-as-They-Are.html)

+ 71
- 0
Draft/L-SM-TH.md View File

@ -9,17 +9,88 @@
* [Mental Models for Effective Searching - Chris Sanders](https://www.sans.org/cyber-security-summit/archives/file/summit-archive-1555082140.pdf)
https://www.endgame.com/blog/technical-blog/hunting-memory-net-attacks
https://blog.redteam.pl/2019/08/threat-hunting-dns-firewall.html?m=1
* [Windows 10, version 1809 basic level Windows diagnostic events and fields](https://docs.microsoft.com/en-gb/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809#windows-error-reporting-events)
* [The Role of Evidence Intention - Chris Sanders](https://rhinosecuritylabs.com/application-security/simplifying-api-pentesting-swagger-files/)
* [$SignaturesAreDead = “Long Live RESILIENT Signatures” wide ascii nocase - Matthew Dunwoody, Daniel Bohannon(BruCON 0x0A)](https://www.youtube.com/watch?v=YGJaj6_3dGA)
* Signatures are dead, or so we're told. It's true that many items that are shared as Indicators of Compromise (file names/paths/sizes/hashes and network IPs/domains) are no longer effective. These rigid indicators break at the first attempt at evasion. Creating resilient detections that stand up to evasion attempts by dedicated attackers and researchers is challenging, but is possible with the right tools, visibility and methodical (read iterative) approach. As part of FireEye's Advanced Practices Team, we are tasked with creating resilient, high-fidelity detections that run across hundreds of environments and millions of endpoints. In this talk we will share insights on our processes and approaches to detection development, including practical examples derived from real-world attacks.
https://github.com/miriamxyra/EventList
* [Different Approaches to Linux Monitoring - Kelly Shortridge](https://capsule8.com/blog/different-approaches-to-linux-monitoring/)
* [Detecting the Elusive Active Directory Threat Hunting - Sean Metcalf(BSidesCharm2017)](https://www.youtube.com/watch?v=9Uo7V9OUaUw)
* Attacks are rarely detected even after months of activity. What are defenders missing and how could an attack by detected? This talk covers effective methods to detect attacker activity using the features built into Windows and how to optimize a detection strategy. The primary focus is on what knobs can be turned and what buttons can be pushed to better detect attacks. One of the latest tools in the offensive toolkit is ""Kerberoast"" which involves cracking service account passwords offline without admin rights. This attack technique is covered at length including the latest methods to extract and crack the passwords. Furthermore, this talk describes a new detection method the presenter developed. The attacker's playbook evolves quickly, defenders need to stay up to speed on the latest attack methods and ways to detect them. This presentation will help you better understand what events really matter and how to better leverage Windows features to track, limit, and detect attacks.
* [Slides](https://adsecurity.org/wp-content/uploads/2017/04/2017-BSidesCharm-DetectingtheElusive-ActiveDirectoryThreatHunting-Final.pdf)
* [What’s in a name? TTPs in Info Sec - Robby Winchester](https://posts.specterops.io/whats-in-a-name-ttps-in-info-sec-14f24480ddcc)
https://blog.kolide.com/monitoring-macos-hosts-with-osquery-ba5dcc83122d?gi=e42e60717e0
https://blog.trailofbits.com/2017/11/09/how-are-teams-currently-using-osquery/
https://blog.trailofbits.com/2017/12/21/osquery-pain-points/
https://blog.trailofbits.com/2018/04/10/what-do-you-wish-osquery-could-do/
https://github.com/davehull/Kansa
* [WebDAV Traffic To Malicious Sites - Didier Stevens](https://blog.didierstevens.com/2017/11/13/webdav-traffic-to-malicious-sites/)
https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/appendix-l--events-to-monitor
https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/
https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/advanced-security-audit-policy-settings
https://www.microsoft.com/en-us/download/confirmation.aspx?id=52630
https://www.microsoft.com/en-us/download/details.aspx?id=50034
* [Mental Models for Effective Searching - Chris Sanders](https://www.sans.org/cyber-security-summit/archives/file/summit-archive-1555082140.pdf)
https://posts.specterops.io/threat-hunting-with-jupyter-notebooks-part-4-sql-join-via-apache-sparksql-6630928c931e
* **Osquery**
* [Using Osquery to Detect Reverse Shells on MacOS - Chris Long](https://www.clo.ng/blog/osquery_reverse_shell/)