Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
awesome-tls-security
A collection of (not-so, yet) awesome resources related to TLS, PKI and related stuff
https://github.com/edelahozuah/awesome-tls-security
- Looking Back, Moving Forward (2017)
- Pervasive Monitoring is an Attack. RFC 7258
- Confidentiality in the Face of Pervasive Surveillance: A Threat Model and Problem Statement. RFC 7624 (2015)
- Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. RFC 5280
- Representation and Verification of Domain-Based Application Service Identity within Internet Public Key Infrastructure Using X.509 (PKIX) Certificates in the Context of Transport Layer Security (TLS). RFC 6125
- tls - How does OCSP stapling work? - Information Security Stack Exchange. (2013)
- SSL/TLS Vulnerabilities
- ATTACKS ON SSL A COMPREHENSIVE STUDY OF BEAST, CRIME, TIME, BREACH, LUCK Y 13 & RC4 BIASES
- On the Practical (In-)Security of 64-bit Block Ciphers: Collision Attacks on HTTP over TLS and OpenVPN (SWEET32, 2016)
- Summarizing Known Attacks on Transport Layer Security (TLS) and Datagram TLS (DTLS). RFC 7457 (2015)
- DROWN: Breaking TLS Using SSLv2 (DROWN, 2016)
- Out of Character: Use of Punycode and Homoglyph Attacks to Obfuscate URLs for Phishing (2015)
- All Your Biases Belong to Us: Breaking RC4 in WPA-TKIP and TLS (RC4NOMORE, 2015)
- Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice (LOGJAM, 2015)
- A messy state of the union: Taming the composite state machines of TLS (2015)
- Bar Mitzvah Attack: Breaking SSL with a 13-year old RC4 Weakness (2015)
- This POODLE bites: exploiting the SSL 3.0 fallback (POODLE, 2014)
- Lucky Thirteen: Breaking the TLS and DTLS Record Protocols (Lucky13, 2013
- SSL, gone in 30 seconds. Breach attack (BREACH,2013)
- On the Security of RC4 in TLS (2013)
- The CRIME Attack (CRIME, 2012)
- Here come the ⊕ Ninjas (BEAST, 2011)
- Java’s SSLSocket: How Bad APIs compromise security (2015)
- A Survey on {HTTPS} Implementation by Android Apps: Issues and Countermeasures
- Analysis of the HTTPS Certificate Ecosystem (2013)
- A complete study of P.K.I. (PKI’s Known Incidents) (2019)
- Secure» in Chrome Browser Does Not Mean «Safe» (2017)
- Overview of Symantec CA Issues (2014 (aprox) -2017)
- Intent to Deprecate and Remove: Trust in existing Symantec-issued Certificates (Symantec, 2017)
- Incidents involving the CA WoSign (WoSign, 2016)
- Sustaining Digital Certificate Security (Symantec, 2015)
- Improved Digital Certificate Security (Symantec, 2015)
- TURKTRUST Unauthorized CA Certificates. (2013)
- Flame malware collision attack explained (FLAME, 2012)
- An update on attempted man-in-the-middle attacks (DIGINOTAR, 2011)
- Detecting Certificate Authority compromises and web browser collusion (COMODO, 2011)
- Certified lies: Detecting and defeating government interception attacks against ssl (2011)
- How the NSA, and your boss, can intercept and break SSL (2013)
- The Matter of Heartbleed (2014)
- TLS interception considered harmful How Man-in-the-Middle filtering solutions harm the security of HTTPS (2015)
- The Risks of SSL Inspection (2015)
- Killed by Proxy: Analyzing Client-end TLS Interception Software (2016)
- The Security Impact of HTTPS Interception (2017)
- US-CERT TA17-075A Https interception weakens internet security (2017)
- The Security Impact of HTTPS Interception (2017)
- Understanding the prevalence of web traffic interception (2017)
- Komodia superfish ssl validation is broken (2015)
- More TLS Man-in-the-Middle failures - Adguard, Privdog again and ProtocolFilters.dll (2015)
- Software Privdog worse than Superfish (2015)
- Superfish 2.0: Dangerous Certificate on Dell Laptops breaks encrypted HTTPS Connections (2015)
- How Kaspersky makes you vulnerable to the FREAK attack and other ways Antivirus software lowers your HTTPS security (2015)
- Qualys SSL Server Test
- Qualys SSL Client Test
- sslyze
- Qualys SSL Labs (local version)
- testssl.sh
- Qualys SSL/TLS Deployment Best Practices
- Mozilla's Recommendations for TLS Servers
- IISCrypto: Tune up your Windows Server TLS configuration
- bettercap - A complete, modular, portable and easily extensible MITM framework’
- dns2proxy
- MITMf
- RFC 8446 - The Transport Layer Security (TLS) Protocol Version 1.3 (2018)
- Drafts and RFCs (HTTP and SMTP)
- HTTP Strict Transport Security (HSTS). RFC 6797 (2012)
- STS Preload List - Google Chrome
- HSTS Preload List Submission.
- HTTP Strict Transport Security for Apache, NGINX and Lighttpd
- Public Key Pinning Extension for HTTP. RFC 7469 (2015)
- Is HTTP Public Key Pinning Dead? (2016)
- Certificate Transparency
- How Certificate Transparency Works - Certificate Transparency
- Google Certificate Transparency (CT) to Expand to All Certificates Types (2016)
- DNS Certification Authority Authorization (CAA) Resource Record. RFC 6844
- CAA Record Generator
- DANE Resources
- The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA. RFC 6698
- DANE: Taking TLS Authentication to the Next Level Using DNSSEC (2011)
- Generate TLSA Record
- DNS security introduction and requirements. RFC 4033
Keywords