Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/CompassSecurity/security_resources
Collection of online security resources
https://github.com/CompassSecurity/security_resources
Last synced: about 1 month ago
JSON representation
Collection of online security resources
- Host: GitHub
- URL: https://github.com/CompassSecurity/security_resources
- Owner: CompassSecurity
- Created: 2020-10-20T07:17:38.000Z (about 4 years ago)
- Default Branch: main
- Last Pushed: 2023-09-20T17:24:33.000Z (about 1 year ago)
- Last Synced: 2024-08-02T13:26:55.316Z (4 months ago)
- Size: 55.7 KB
- Stars: 261
- Watchers: 36
- Forks: 55
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-starz - CompassSecurity/security_resources - Collection of online security resources (Others)
README
# Security Resources 📖
Links to online resources & tools we use during our web application / network
security [courses](https://compass-security.com/en/trainings).You can create a PR or open an issue if you think we missed a useful resource.
Short URL: https://git.io/secres
## Compass Security 🧭
- Compass Security: https://compass-security.com/de/
- Compass Security Blog: https://blog.compass-security.com/
- Hacking Lab 1.0: https://www.hacking-lab.com/
- Hacking Lab 2.0: https://compass.hacking-lab.com/
- Hacking Lab Live CD: https://livecd.hacking-lab.com/## General 🌳
### Link Lists
- Awesome Security: https://github.com/sbilly/awesome-security
- InfoSec Reference That Doesn't Suck!(Much): https://rmusser.net/docs/index.html
- Awesome Penetration Testing: https://github.com/enaqx/awesome-pentest
- Security Checklists from pentestlab.blog: https://github.com/netbiosX/Checklists
- Security Tools Collection: https://tools.tldr.run/
- Public Pentest Reports: https://github.com/juliocesarfort/public-pentesting-reports
- Security Zines: https://securityzines.com/### Hacking-Notebooks
- Payload All The Things: https://github.com/swisskyrepo/PayloadsAllTheThings
- HackTricks: https://book.hacktricks.xyz/
- Red Teaming Experiments: https://www.ired.team/
- Pentester's promiscuous Notebook: https://ppn.snovvcrash.rocks/ (by snovvcrash https://snovvcrash.rocks/)### Tutorials
- Various Security Tutorials by Prof. Andreas Steffen, strongSec GmbH: https://github.com/strongX509/cyber/
### Online Tools
- CyberChef: https://gchq.github.io/CyberChef/
- Useful Web Tools by @h43z: https://h.43z.one/
- Explain Shell Commands: https://explainshell.com/
- Online Regex Tester & Debugger: https://regex101.com/### Reading
- Phrack: http://phrack.org/
- PoC||GTFO: https://www.alchemistowl.org/pocorgtfo/### Talks & Videos
- media.ccc.de: https://media.ccc.de/
- LiveOverflow: https://www.youtube.com/c/LiveOverflowCTF/
- Stacksmashing: https://www.youtube.com/channel/UC3S8vxwRfqLBdIhgRlDRVzw
- IppSec (Hack The Box Walkthroughs): https://www.youtube.com/channel/UCa6eh7gCkpPo5XXUDfygQQA
- /dev/null: https://www.youtube.com/channel/UCGISJ8ZHkmIv1CaoHovK-Xw
- DEFCON Switzerland / Area41: https://www.youtube.com/user/defconswitzerland/
- Swiss Cyber Storm: https://www.youtube.com/channel/UCY-Wb3JuBv_xpa8s6ZrpUxg/
- Cooper Recordings: https://administraitor.video/
- DEFCON: https://www.youtube.com/user/DEFCONConference/
- Black Hat: https://www.youtube.com/user/BlackHatOfficialYT## Web Application Security 🐝
### References
- HTML Standard: https://html.spec.whatwg.org/
- W3Schools: https://www.w3schools.com/
- Mozilla Developer Network (MDN): https://developer.mozilla.org/### General
- Compass Demo: https://www.compass-demo.com/
- PortSwigger Online Seminar: https://portswigger.net/web-security
- OWASP: https://owasp.org/
- OWASP Top 10
- Project Page: https://owasp.org/www-project-top-ten/
- New Project Page: https://www.owasptopten.org/
- GitHub: https://github.com/OWASP/Top10
- OWASP Application Security Verification Standard (ASVS)
- Project Page: https://owasp.org/www-project-application-security-verification-standard/
- GitHub: https://github.com/OWASP/ASVS
- API Security: https://www2.owasp.org/www-project-api-security/
- Cheat Sheet Series: https://cheatsheetseries.owasp.org/
- Juice Shop
- Project Page: https://owasp-juice.shop/, https://owasp.org/www-project-juice-shop/
- GitHub: https://github.com/bkimminich/juice-shop
- Companion Guide: https://pwning.owasp-juice.shop/
- Demo: https://juice-shop.herokuapp.com/
- OWASP Switzerland
- Chapter Page: https://owasp.org/www-chapter-switzerland/
- Mailing List: https://groups.google.com/a/owasp.org/forum/#!forum/switzerland-chapter
- Twitter: https://twitter.com/owasp_ch
- YouTube: https://www.youtube.com/channel/UCut4rjo2pUSdtnX3hUbi9_Q
- Presentation Slides Repo:https://github.com/OWASP/www-chapter-switzerland/tree/master/assets/slides
- Stanford Web Security Class: https://web.stanford.edu/class/cs253/### HTTP & Web Basics
- HTTP Status Codes: https://httpstatuses.com/
- Can I Use (Browser Support Matrix): https://caniuse.com/
- Mozilla Developer Network: https://developer.mozilla.org/### Web Standards
- W3C Overview: https://www.w3.org/TR/
- CORS: https://www.w3.org/TR/2020/SPSD-cors-20200602/
- HTTP/2 Explained: https://http2-explained.haxx.se/
- HTTP/3 Explained: https://http3-explained.haxx.se/
- HTTP/2 Speed Demo: https://http2.akamai.com/demo### Reverse Proxies
- Weird Proxies: https://github.com/GrrrDog/weird_proxies
### Authentication & Login
- Have I Been Pwned (Password Leaks): https://haveibeenpwned.com/
- Pwned Passwords: https://haveibeenpwned.com/Passwords
- Dehashed Leaked Passwords Database: https://www.dehashed.com/
- Hashes.org (Password Hash Database): https://hashes.org/### OAuth 2.0 / OpenID Connect (OIDC)
- OAuth.net: https://oauth.net/2/
- OAuth 2.0 Simplified: https://www.oauth.com/
- The OAuth 2.0 Authorization Framework, RFC 6749: https://tools.ietf.org/html/rfc6749
- OAuth 2.0 Security Best Current Practice: https://tools.ietf.org/html/draft-ietf-oauth-security-topics-16
- OpenID Connect & OAuth 2.0 - Security Best Practices, Dominick Baier, 2020: https://www.youtube.com/watch?v=AUgZffkurK0
- OAuth 2.0 for Browser-Based Apps: https://tools.ietf.org/html/draft-ietf-oauth-browser-based-apps-07
- OIDC Discovery: https://auth0.com/docs/protocols/configure-applications-with-oidc-discovery)
- Real-life OIDC Security: https://security.lauritz-holtmann.de/post/sso-security-overview/### Cross-Site Scripting (XSS)
- PortSwigger XSS Cheat Sheet: https://portswigger.net/web-security/cross-site-scripting/cheat-sheet
- XSS Payloads: https://html5sec.org/
- XSS Hunter: https://xsshunter.com/
- XSS Polyglot: https://github.com/0xsobky/HackVault/wiki/Unleashing-an-Ultimate-XSS-Polyglot
- Script Gadgets: https://github.com/google/security-research-pocs (bypass overview: https://github.com/google/security-research-pocs/blob/master/script-gadgets/bypasses.md)
- Browser Exploitation Framework (BeEF): https://beefproject.com/
- Attack Examples
- XSS in Electron App leads to RCE: https://blog.doyensec.com/2017/08/03/electron-framework-security.html
- XSS in Google Search Field: https://www.youtube.com/watch?v=lG7U3fuNw3A
- XSS in Tweetdeck Twitter Client: https://twitter.com/dergeruhn/status/476764918763749376?lang=en### Cross-Site Request Forgery (CSRF)
- Same-Site Cookie Flag: https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-06
- Public Suffix List (https://publicsuffix.org): https://publicsuffix.org/list/public_suffix_list.dat### Security Headers
- Security Headers: https://securityheaders.com/
- Content Security Policy (CSP) Evaluator: https://csp-evaluator.withgoogle.com/ (Code: https://github.com/google/csp-evaluator)
- HSTS Preloading: https://hstspreload.org### JSON Web Tokens (JWT)
- JWT Decoder/Encoder: https://jwt.io/
- PentesterLab JWT Cheat Sheet: https://assets.pentesterlab.com/jwt_security_cheatsheet/jwt_security_cheatsheet.pdf
- JWT Tool for testing: https://github.com/ticarpi/jwt_tool
- Convert JWK to PEM:
- Crypto Playground: https://8gwifi.org/jwkconvertfunctions.jsp
- Keytool: https://keytool.online/
- Attack Examples
- Algorithm Confusion
- Auth0 Info: https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/
- pyjwt CVE-2017-11424: https://www.cvedetails.com/cve/CVE-2017-11424/
- pyjwt fix: https://github.com/jpadilla/pyjwt/commit/88a9fc56bdc6c870aa6af93bda401414a217db2a, https://github.com/jpadilla/pyjwt/commit/37926ea0dd207db070b45473438853447e4c1392### SQL Injection (SQLi)
- PortSwigger SQL Injection Cheat Sheet: https://portswigger.net/web-security/sql-injection/cheat-sheet
### XML External Entities (XXE)
- Attack Examples
- Sending mails via SMTP using XXE: https://shiftordie.de/blog/2017/02/18/smtp-over-xxe/### Tools
- Burp Suite: https://portswigger.net/burp/communitydownload
- SQLMap: https://sqlmap.org/
- SQLMap cheat sheet: https://www.comparitech.com/net-admin/sqlmap-cheat-sheet/
- Burp Suite Extensions
- Burp Suite Extensions Overview: https://apps.burpsuite.guide/
- SAML Raider: https://portswigger.net/bappstore/c61cfa893bb14db4b01775554f7b802e, https://github.com/CompassSecurity/SAMLRaider
- JSON Web Tokens: https://portswigger.net/bappstore/f923cbf91698420890354c1d8958fee6, https://github.com/portswigger/json-web-tokens
- Talk "Automated security testing for Software Developers who dont know security!" (shows how to use OWASP ZAP in a CI/CD pipeline): https://media.ccc.de/v/Camp2019-10181-automated_security_testing_for_software_developers_who_dont_know_security### Hacking Environments
- OWASP Web Goat: https://owasp.org/www-project-webgoat/
- Damn Vulnerable Web Application: https://www.dvwa.co.uk/
- OWASP JuiceShop: https://owasp.org/www-project-juice-shop/## Transport Layer Security (TLS) 🔐
### TLS Information
- SSL/TLS and PKI History: https://www.feistyduck.com/ssl-tls-and-pki-history/
- Every Byte of a TLS Connection: https://tls12.xargs.org/
- Every Byte of a TLS Connection for TLS 1.3: https://tls13.xargs.org/
- Cipher Suite Ratings: https://ciphersuite.info/### Online Services
- SSL Labs (TLS Server Test): https://ssllabs.com
- Hardenize: https://hardenize.com/
- BadSSL: Weak TLS Configuration Test Page: https://badssl.com
- Certificate Transparency Search: https://crt.sh/### Tools
- SSLyze TLS Server Test Tool: https://github.com/nabla-c0d3/sslyze
## Cryptography 🔏
- Key Lengths: https://keylength.com
- Cryptopals Crypto Challenges: https://cryptopals.com/
- CryptoHack: https://cryptohack.org/
- Key generation / conversion: https://keytool.online/## Container Security 🐳
- contained.af (separation examples): https://contained.af/
## Network Pentesting 💻
### General
- Hacking Tools Cheat Sheet: https://github.com/CompassSecurity/Hacking_Tools_Cheat_Sheet
- Porchetta Industries OpenSource Tools Support: https://porchetta.industries/
- Security Best Practices for On-Premise Environments: https://github.com/CompassSecurity/OnPremSecurityBestPractices### Information Gathering & Wordlists
- Amass: https://github.com/OWASP/Amass
- Sublist3r: https://github.com/aboul3la/Sublist3r
- Shodan: https://www.shodan.io/
- Censys: https://censys.io/
- Payload All The Things: https://github.com/swisskyrepo/PayloadsAllTheThings
- VirusTotal: https://www.virustotal.com/
- FuzzDB: https://github.com/fuzzdb-project/fuzzdb
- SecLists: https://github.com/danielmiessler/SecLists
- Rapid7 Open Data: https://opendata.rapid7.com/
- CeWL: https://github.com/digininja/CeWL### Online Services
- PortQuiz: http://portquiz.net/
- nip.io (wildcard DNS): https://nip.io/
- RequestBin.NET: https://requestbin.net/
- ngrok: https://ngrok.com/
- Various useful tools: https://h.43z.one/
- Request Logger: https://log.43z.one/
- IP Address Convertor (useful for SSRF): https://h.43z.one/ipconverter/### Scanning
- Nmap: https://nmap.org/
- Nmap-parse-output: https://github.com/ernw/nmap-parse-output
- Aquatone: https://github.com/michenriksen/aquatone
- SMBMap: https://github.com/ShawnDEvans/smbmap
- Snaffler: https://github.com/SnaffCon/Snaffler
- Subjack: https://github.com/haccer/subjack### Sniffing
- Sniffing Tools
- tcpdump: https://www.tcpdump.org/
- Wireshark / Tshark: https://www.wireshark.org/
- PCAP Collection
- Wireshark Samle Captures: https://wiki.wireshark.org/SampleCaptures
- Sniffing Analysis
- PacketTotal: https://packettotal.com/
- A-Packets: https://apackets.com/
- Extract credentials from network interfaces / PCAP files
- net-creds: https://github.com/DanMcInerney/net-creds
- PCredz: https://github.com/lgandx/PCredz## Protocol Hacking
- Network Programming in Python: https://0xbharath.github.io/python-network-programming/
- Python Foundations: https://0xbharath.github.io/python-foundations/
- Scapy: https://scapy.net/
- Workshop: The Art of Packet Crafting with Scapy by @0xbharath
- GitHub: https://github.com/0xbharath/art-of-packet-crafting-with-scapy
- Online Notes: https://scapy.disruptivelabs.in/### Protocols
- DNS
- DNSViz (show DNSSEC chain): https://dnsviz.net/
- Public .ch DNS Zone: https://www.switch.ch/open-data/#tab-c5442a19-67cf-11e8-9cf6-5254009dc73c-3
- Search Tool: https://search-ch-domains.idocker.hacking-lab.com/
- Mailing
- Email Infrastructure: https://www.hardenize.com/labs/policy?s=09
- Email Spoofing Mitigations
- Google: Help prevent spoofing and spam with DMARC: https://support.google.com/a/answer/2466580
- Actually, DMARC works fine with mailing lists: https://begriffs.com/posts/2018-09-18-dmarc-mailing-list.html
- Learn and Test DMARC: https://www.learndmarc.com/### Exploiting
- Vulnerability Database: https://cvedetails.com/
- Exploit Database: https://www.exploit-db.com/
- Metasploit: https://www.metasploit.com/
- Reverse Shell Generator: https://www.revshells.com/
- Hak5 Gadget Shop: https://shop.hak5.org/
- Covenant: https://github.com/cobbr/Covenant### Cracking
- General Information
- Talk "G1234! - Password Cracking 201: Beyond the Basics - Royce Williams": https://www.youtube.com/watch?v=cSOjQI0qbuU
- Online Brute Force Tools
- Ncrack: https://nmap.org/ncrack/
- Hydra: https://github.com/vanhauser-thc/thc-hydra
- Offline Brute Force Tools
- Name-That-Hash: https://github.com/HashPals/Name-That-Hash
- Hashcat: https://hashcat.net/hashcat/
- John The Ripper: https://www.openwall.com/john/
- Offline Burte Force Services
- CrackStation: https://crackstation.net/
- Crack.sh (DES Cracker): https://crack.sh/
- Wordlists
- Password Lists from SecLists: https://github.com/danielmiessler/SecLists/tree/master/Passwords
- CrackStation Dictionary: https://crackstation.net/crackstation-wordlist-password-cracking-dictionary.htm
- PWDB - New generation of Password Mass-Analysis: https://github.com/ignis-sec/Pwdb-Public
- Rules
- NSA Rules: https://github.com/NSAKEY/nsa-rules
- Hob0Rules: https://github.com/praetorian-inc/Hob0Rules
- Corporate Rule: https://github.com/sparcflow/StratJumbo/blob/master/chap3/corporate.rule
- OneRuleToRuleThemAll: https://github.com/NotSoSecure/password_cracking_rules
- Hashcat Rules: https://github.com/hashcat/hashcat/tree/master/rules (e.g. best64 rule)### Linux Privilege Escalation
- Enumeration
- LinEnum: https://github.com/rebootuser/LinEnum
- linPEAS: https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/linPEAS
- pspy (unprivileged Linux process snooping): https://github.com/DominicBreuker/pspy
- Glyptodon (search for suspicious files): https://blog.sevagas.com/?-Glyptodon
- Lynis: https://cisofy.com/lynis/
- Privilege Escalation Methods
- Sudo privesc on Compass Blog: https://blog.compass-security.com/tag/sudo/
- HackTricks Linux Privilege Escalation: https://book.hacktricks.xyz/linux-unix/linux-privilege-escalation-checklist and https://book.hacktricks.xyz/linux-unix/privilege-escalation
- PayloadsAllTheThings Linux Privilege Escalation: https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Linux%20-%20Privilege%20Escalation.md
- Back To The Future: Unix Wildcards Gone Wild (Wildcard Injection): https://www.exploit-db.com/papers/33930
- Exploitation Tools
- LES (Linux Exploit Suggester): https://github.com/mzet-/linux-exploit-suggester
- GTFOBins: https://gtfobins.github.io/
- GTFOBLookup: https://github.com/nccgroup/GTFOBLookup
- Hardening
- Distribution Independent Linux CIS Benchmark: https://www.cisecurity.org/benchmark/distribution_independent_linux/### Windows & Active Directory (AD)
- Attacks / Methodologies
- Active Directory Security: https://adsecurity.org/
- AD Exploitation Cheat Sheet: https://github.com/S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet
- Orange Cyberdefense Active Directory Pentest Mindmap: https://orange-cyberdefense.github.io/ocd-mindmaps/
- The Dog Whisperer's Handbook: https://www.ernw.de/download/BloodHoundWorkshop/ERNW_DogWhispererHandbook.pdf
- Not A Security Boundary: Breaking Forest Trusts: https://posts.specterops.io/not-a-security-boundary-breaking-forest-trusts-cd125829518d
- Attacking Active Directory: 0 to 0.9: https://zer1t0.gitlab.io/posts/attacking_ad/?s=09
- Windows & Active Directory Exploitation Cheat Sheet and Command Reference: https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference/
- Kerberos
- Introduction Videos by ATTL4S (https://twitter.com/DaniLJ94)
- You Do (Not) Understand Kerberos: Introduction: https://www.youtube.com/watch?v=4LDpb1R3Ghg
- You Do (Not) Understand Kerberos Delegation - Introduction: https://www.youtube.com/watch?v=p9QFdITuvgU
- You Do (Not) Understand Kerberos Delegation - Unconstrained Delegation: https://www.youtube.com/watch?v=xDFRUYv1-eU&t=580s
- You Do (Not) Understand Kerberos Delegation - Constrained Delegation: https://www.youtube.com/watch?v=gzqq2r6cZjc&t=2288s
- You Do (Not) Understand Kerberos Delegation - RBCD: https://www.youtube.com/watch?v=vlKwCTvp5_w&t=1185s
- CVE-2020-17049: Kerberos Bronze Bit Attack Theory: https://www.netspi.com/blog/technical/network-penetration-testing/cve-2020-17049-kerberos-bronze-bit-theory/
- Wagging the Dog: Abusing Resource-Based Constrained Delegation to Attack Active Directory: https://shenaniganslabs.io/2019/01/28/Wagging-the-Dog.html
- Active Directory Security Risk #101: Kerberos Unconstrained Delegation (or How Compromise of a Single Server Can Compromise the Domain): https://adsecurity.org/?p=1667
- Kerberos Attack Cheat Sheet: https://gist.github.com/TarlogicSecurity/2f221924fef8c14a1d8e29f3cb5c5c4a
- Active Directory Certificate Services
- Abusing Active Directory Certificate Services Whitepaper: https://specterops.io/assets/resources/Certified_Pre-Owned.pdf
- Abusing Active Directory Certificate Services Blogpost: https://posts.specterops.io/certified-pre-owned-d95910965cd2
- Best Practices
- Domain-Join Computers the Proper Way: https://blog.compass-security.com/2020/03/domain-join-computers-the-proper-way/
- Administrative Tier Model (Archived Article): https://web.archive.org/web/20201210154206/https://docs.microsoft.com/en-us/windows-[…]ivileged-access/securing-privileged-access-reference-material
- Tools
- Sysinternals: https://docs.microsoft.com/en-us/sysinternals/#sysinternals-live
- Sysinternals Direct Download: https://live.sysinternals.com/
- PowerSploit: https://github.com/PowerShellMafia/PowerSploit
- PowerUpSQL: https://github.com/NetSPI/PowerUpSQL
- Mimikatz: https://github.com/gentilkiwi/mimikatz
- Impacket: https://github.com/SecureAuthCorp/impacket
- Responder: https://github.com/lgandx/Responder
- CrackMapExec: https://github.com/byt3bl33d3r/CrackMapExec
- CredNinja: https://github.com/Raikia/CredNinja
- BloodHound
- Project Page: https://github.com/BloodHoundAD/BloodHound
- Compass Custom BloodHound Queries: https://github.com/CompassSecurity/BloodHoundQueries
- PingCastle
- Project Page: https://www.pingcastle.com/
- Healthcheck Rules: https://www.pingcastle.com/PingCastleFiles/ad_hc_rules_list.html
- Kerbrute: https://github.com/ropnop/kerbrute### Cloud
- A Cloud Guru Online Trainings: https://acloudguru.com/
### Container
- Docker Security
- How Containers Work!, Julia Evans, https://jvns.ca/blog/2020/04/27/new-zine-how-containers-work/
- Practical Docker Security: https://docs.google.com/presentation/d/1jZkq-osQYOCcpR6gU2V1M7JvM4MsazcgVpvGqOUIh-s/edit#slide=id.g4405d38279_0_218
- Docker.com: Docker Security Concepts: https://docs.docker.com/engine/security/security/
- Docker Security Blogpost: https://blog.sqreen.com/docker-security/
- 7 Docker Security Vulnerabilities: https://sysdig.com/blog/7-docker-security-vulnerabilities/
- Docker.com: Docker Breakout in 2014: https://blog.docker.com/2014/06/docker-container-breakout-proof-of-concept-exploit/
- Understanding Docker Container Escapes: https://blog.trailofbits.com/2019/07/19/understanding-docker-container-escapes/
- Docker & Capabilities by RedHat: https://www.redhat.com/en/blog/secure-your-containers-one-weird-trick
- Docker.com: Seccomp: https://docs.docker.com/engine/security/seccomp/
- Docker Capabilities and no-new-privileges: https://raesene.github.io/blog/2019/06/01/docker-capabilities-and-no-new-privs/
- Dockerfile Best Practices: https://docs.docker.com/develop/develop-images/dockerfile_best-practices/
- Dockerfile Security Best Practices: https://cloudberry.engineering/article/dockerfile-security-best-practices/
- Docker Images 10 Tips: https://snyk.io/blog/10-docker-image-security-best-practices/
- How to Keep Docker Secrets Secure: Complete Guide: https://spacelift.io/blog/docker-secrets
- Kubernetes
- Bad Pods: Kubernetes Pod Privilege Escalation: https://labs.bishopfox.com/tech-blog/bad-pods-kubernetes-pod-privilege-escalation#pod8
- Talk "Kubernetes from an Attacker's Perspective" by Abhisek Datta: https://www.youtube.com/watch?v=aloi74MH4zk
- Talk "Advanced Persistence Threats: The Future of Kubernetes Attacks" by Ian Coldwater and Ian Coldwater: https://www.youtube.com/watch?v=CH7S5rE3j8w
- Kubernetes Security Jupyter Notebooks: https://github.com/thomasfricke/training-kubernetes-security### Hacking Environments
- Hack the Box: https://www.hackthebox.eu/
- Hack the Box Academy: https://academy.hackthebox.eu/
- PentesterLab: https://pentesterlab.com/
- Metasploitable: https://sourceforge.net/projects/metasploitable/
- Root Me: https://www.root-me.org
- VulnHub: https://www.vulnhub.com/## Social Engineering 🎅
- Homograph Attacks: https://dev.to/logan/homographs-attack--5a1p
- Tool: https://github.com/evilsocket/ditto
- Example: https://раураӏ.com/## Mobile Application Security 📱
### General
- Frida Hooking Framework: https://frida.re/
- Frida Hooks Collection: https://codeshare.frida.re/
- objection - Runtime Mobile Exploration: https://github.com/sensepost/objection### Android
- Frida
- Frida Hook Examples: https://github.com/antojoseph/frida-android-hooks
- Frida Code Share: https://codeshare.frida.re/browse
- Frida Code Snippets for Android: https://erev0s.com/blog/frida-code-snippets-for-android/
- F-Secure Android Keystore Audit
- Blogpost: https://labs.f-secure.com/blog/how-secure-is-your-android-keystore-authentication/
- GitHub Project: https://github.com/FSecureLABS/android-keystore-audit## Security for Small and medium-sized enterprises (SMEs) 🖖
- Merkblatt Informationssicherheit für KMUs vom Nationales Zentrum für Cybersicherheit NCSC: https://www.ncsc.admin.ch/dam/ncsc/de/dokumente/infos-unternehmen/ncsc-merkblatt-kmu-sicherheit.pdf.download.pdf/ncsc-merkblatt-kmu-sicherheit_de.pdf
- Generelle Informationen zu Cyber Security für Unternehmen: https://www.ibarry.ch/de/
- Resourcen von der Polizei Bern: https://www.cyber.police.be.ch/de/start/informationen-fuer-kmu.html insbesondere interessant für euch:
- Cyberdelikte verhindern - Wegleitung für KMU: https://www.cyber.police.be.ch/content/dam/police/dokumente/cyber/d/broschuere-cyberdelikte-verhindern-de.pdf
- Zehn Tipps, um Cyberangriffe zu verhindern: https://www.cyber.police.be.ch/content/dam/police/dokumente/cyber/d/cybercrime-zehn-tipps-de.pdf
- Selbstassessment für die Unternehmensleitung: https://www.cyber.police.be.ch/content/dam/police/dokumente/cyber/d/selbstassessment-de.pdf
- Cyberattacke - wie sich schützen. Checkliste für Unternehmensleitung: https://www.cyber.police.be.ch/content/dam/police/dokumente/cyber/d/checkliste-cyberattacke-unternehmensleitung-de.pdf
- Cyber Security für Kleine und Mittlere Unternehmen: https://www.enisa.europa.eu/publications/enisa-report-cybersecurity-for-smes/@@download/fullReport