https://github.com/zeyad-azima/offensive-resources
A Huge Learning Resources with Labs For Offensive Security Players
https://github.com/zeyad-azima/offensive-resources
api api-security cloud-security cybersecurity hack hacking infrastructure learning mobile mobile-security offensive offensive-security owasp owasp-top-10 red-team red-teaming redteam security web web-security
Last synced: 4 months ago
JSON representation
A Huge Learning Resources with Labs For Offensive Security Players
- Host: GitHub
- URL: https://github.com/zeyad-azima/offensive-resources
- Owner: Zeyad-Azima
- Created: 2021-02-14T17:00:27.000Z (over 5 years ago)
- Default Branch: main
- Last Pushed: 2022-07-13T19:58:03.000Z (almost 4 years ago)
- Last Synced: 2025-07-11T22:32:07.363Z (11 months ago)
- Topics: api, api-security, cloud-security, cybersecurity, hack, hacking, infrastructure, learning, mobile, mobile-security, offensive, offensive-security, owasp, owasp-top-10, red-team, red-teaming, redteam, security, web, web-security
- Homepage:
- Size: 20.6 MB
- Stars: 973
- Watchers: 35
- Forks: 218
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Offensive-Resources V4
((اللَّهُمَّ انْفَعْنِي بِمَا عَلَّمْتَنِي، وَعَلِّمْنِي مَا يَنْفَعُنِي، وَزِدْنِي عِلْمًا))
# A Huge Learning Resources with Labs For Offensive Security Players.
> EveryBody is welcome to pull requests and add new resources, fix false-positives and more. "Every update will be added to the website:.
Now You can visit the website and explore all the resources: https://offensive-resources.github.io/
# What is new in V4 ?
# Content
- Infrastructure
- Wireless
- IoT & Hardware
- ICS and SCADA
- Exploit Development
- Web Applications
- Mobile Applications
- API
- Cloud
- Reverse Engineering
- Social Engineering
- Offensive Programming
- Blockchain
- Car Hacking
- Game Hacking
- Source Code Review
- Telecom
- Malware Development
- VOIP
- RFID & SDR
- ATM Hacking
- Aircraft Hacking
- AI Hacking
- DevSecOps
- Linux Exploit Development
- Windows Exploit Development
- Android Exploit Development
- iOS Exploit Development
- Browser Exploitation
- Hypervisor Exploitation
- Drones Hacking
- MedTech Hacking
- CPU Exploitation
- GPU Exploitation
- macOS Exploitation
- Satellite Hacking
- Robots Hacking
- Vending Machine Hacking
- OSINT
# Infrastructure
- Books
- The Hacker's Handbook
- Advanced Infrastructure Penetration testing
- Hacker playbook series
- The Art of Network Penetration Testing
- Mastering Kali Linux for Advanced Penetration Testing
- Advanced Penetration Testing for Highly-Secured Environments
- Advanced Penetration Testing
- Hands-On Penetration Testing on Windows
- Mastering Wireless Penetration Testing for Highly Secured Environments
- Cybersecurity - Attack and Defense Strategies
- RTFM: Red Team Field Manual
- Penetration Testing: A Hands-on Introduction to Hacking
- Hacking: Hacking Firewalls & Bypassing Honeypot
- Red Team Development and Operations: A practical guide
- Hands-On Red Team Tactics
- Courses
- OSCP
- OSEP
- eCPPT
- eCPTX
- SEC560
- SEC660
- SEC564
- Practical Ethical Hacking
- Windows Privilege Escalation for Beginners
- Linux Privilege Escalation for Beginners
- Movement, Pivoting, and Persistence
- The External Pentest Playbook
- CRTP
- CRTE
- PACES
- CPEH
- CPTE
- Labs
- Building Virtual Pentesting Labs for Advanced Penetration Testing>
- Hack The Box: Pro Labs
- Red Team Attack Lab
- Capsulecorp Pentest
- Building a Lab
- Pentest Lab
- Local PentestLab Management Script
- Pentest-lab
- Offensive Security Lab
- Pentesteracademy Labs
- Hack The Box
- Vulnhub
- Offensive Security Proving Grounds
- TryHackMe
# Wireless
- Books
- BackTrack 5 Wireless Penetration Testing Beginner's Guide
- Kali Linux Wireless Penetration Testing Cookbook
- Mastering Wireless Penetration Testing for Highly Secured Environments
- Courses
- OSWP
- Wi-Fi Security and Pentesting
- Wi-Fi Hacking and Wireless Penetration Testing Course
- SEC617: Wireless Penetration Testing and Ethical Hacking
- Labs
- Building a Pentesting Lab for Wireless Networks
- The Courses and Books have explained how to build a lab
# IoT & Hardware
- Books
- Practical IoT Hacking: The Definitive Guide to Attacking the Internet of Things
- The IoT Hacker's Handbook: A Practical Guide to Hacking the Internet of Things
- IoT Penetration Testing Cookbook: Identify Vulnerabilities and Secure Your Smart Devices
- The Hardware Hacking Handbook: Breaking Embedded Security with Hardware Attacks
- Practical Hardware Pentesting: A Guide to Attacking Embedded Systems and Protecting Them Against the Most Common Hardware Attacks
- Courses
- SEC556: IoT Penetration Testing
- Offensive IoT Exploitation
- Securing IoT: From Security to Practical Pentesting on IoT
- Applied Physical Attacks Series
- Labs
- The Courses and Books have explained how to build a lab
# ICS and SCADA
- Books
- Hacking Exposed Industrial Control Systems: ICS and SCADA Security Secrets & Solutions
- Hacking SCADA/Industrial Control Systems: The Pentest Guide
- Handbook of SCADA/Control Systems Security
-
- Courses
- ICS/SCADA Cybersecurity (Ec council)
- ICS410: ICS/SCADA Security Essentials
- Labs
- The Courses and Books have explained how to build a lab
# Exploit Development
- Books
- Penetration Testing with Shellcode
- The Shellcoder's Handbook
- Hacking: The Art of Exploitation
- Attacking Network Protocols: A Hacker's Guide to Capture, Analysis, and Exploitation
- A Bug Hunter's Diary
- Buffer Overflow Attacks: Detect, Exploit, Prevent
- Linux Exploit Development for Beginners
- Fuzzing: Brute Force Vulnerability Discovery
- Fuzzing for Software Security Testing and Quality Assurance
- The Fuzzing Book
- Open Source Fuzzing Tools
- A Guide to Kernel Exploitation
- Courses
- OSCE
- OSEE
- eCXD
- SEC760
- Exploit-Development Repo
- Nightmare
- x86 Assembly Language and Shellcoding on Linux
- CNIT 127: Exploit Development
- x86_64 Assembly Language and Shellcoding on Linux
- Reverse Engineering Win32 Applications
- Reverse Engineering Linux 32-bit Applications
- Exploiting Simple Buffer Overflows on Win32
- Reverse Engineering and Exploit Development
- Exploit Development for Linux (x86)
- Exploit Development for Linux x64
- Introduction to Exploit/Zero-Day Discovery and Development
- Exploit Development From Scratch
- Hands-on Fuzzing and Exploit Development(Part 1)
- Hands-on Fuzzing and Exploit Development(Part 2)
- ZDResearch Exploit Development
- Labs
- Analyize previous and new zero-days vulnerabilities will dive you deep into the real-world
- PWN collage
- Pwnable
- Vulnserver
- BlazeDVD 5 Professional
- DVDx Player
- Easy CD DVD
- Easy Chat Server 3.1
- Easy File Sharing FTP Server 3.5
- Easy File Management Web Server 5.3
- Easy File Sharing Web Server 7.2
- Easy RM to MP3 Converter 2.7.3.7
- Eureka
- FreeFTP 1.0.8
- FreeFloat
- KarjaSoft Sami FTP Server 2.0.1
- KnFTP Server 1.0.0
- Kolibri v2.0 HTTP Server
- Millenium MP3 Studio
- Minialic HTTP
- Minishare
- ProSysInfo TFTP Server TFTPDWIN 0.4.2
- QuickZip 4.60
- R v3.4.4
- Ricoh DC Software DL-10 FTP Server
- SolarFTP
- Soritong MP3 Player 1.0
- Xitami Webserver 2.5
- Vulnhub
- Hack the box
# Web Applications
- Books
- Web Application Hacker's Handbook
- Portswigger learning materials
- Owasp web Testing Guide
- Real World Bug Hunting
- Bug Bounty playbook part 1 & 2
- Mastering Modern Web Penetration Testing
- Mastering Kali Linux for Web Penetration Testing
- Kali Linux Web Penetration Testing Cookbook
- Bug Bounty Bootcamp
- Courses
- OSWE
- eWAPT
- eWAPTX
- SEC542
- SEC642
- Offensive bug bounty hunter part 1 &2 hackersera
- Web Application Attacks and API Hacking (W51)
- Labs
- bWAPP
- penlab
- Portswigger labs
- Hack me
- OWASP Juice shop
- Owasp Broken Web Apps
- Pentesterlab
- root-me
# Mobile Applications
- Books
- OWASP Mobile Security Testing Guide
- Mobile application penetration testing
- Mobile applicatons hacker's handbook
- Android hacker's handbook/
- iOS Hacker's Handbook
- Courses
- eMAPT
- SEC575
- Offensive AndroHunter
- ANDROID Hacking & Penetration Testing
- Hacking and Pentesting iOS Applications
- Labs
- Damn Vulnerable iOS Application (DVIA)
- List of intentionally vulnerable Android apps
- ExploitMe Mobile iPhone Labs
- ExploitMe Mobile Android Labs
# API
- Books
- OWASP API Security Project
- Hacking APIs
- Api Secuirty in Action
- Understanding Api Security
- Courses
- OAES Offensive API Exploitation and Security
- OWASP Top 10: API Security Playbook
- Offensive Api penetration testing
- Web Application Attacks and API Hacking (W51)
- API Security: Offence and Defence (W35)
- Labs
- Tiredful API
- vulnerable-api
- websheep
# Cloud
- Books
- AWS Penetration Testing
- Hands-On AWS Penetration Testing with Kali Linux
- Pentesting Azure Applications
- Mastering Cloud Penetration Testing
- Courses
- SEC588
- Labs
- AWS Pen-Testing Laboratory
- Create Your own lab from the books
# Reverse Engineering
- Books
- Reversing: Secrets of Reverse Engineering
- Mastering Reverse Engineering
- Reverse Engineering for Beginners
- The Ghidra Book: The Definitive Guide
- The IDA Pro Book, 2nd Edition
- Practical Reverse Engineering
- Courses
- eCRE
- FOR610: Reverse-Engineering Malware
- Reverse Engineering Deep Dive
- Reverse Engineering: IDA For Beginners
- Expert Malware Analysis and Reverse Engineering
- Reverse Engineering 1: x64dbg Debugger for Beginners
- Reverse Engineering: Ghidra For Beginners
- Reverse Engineering 6: Reversing .NET with dnSpy
- Reverse Engineering For Beginners (Youtube)
- Labs
- CTF101: Reverse Engineering
- CyberTalents: Reverse Engineering CTF
- Reverse Engineering CTF List
# Social Engineering
- Books
- Social Engineering: The Science of Human Hacking
- Social Engineering: The Art of Human Hacking
- The Social Engineer's Playbook
- Social Engineering: Hacking Systems, Nations, and Societies
- Learn Social Engineering
- Courses
- Learn Social Engineering From Scratch
- The Complete Social Engineering: Phishing & Malware
- Advanced Social Engineering Training
- Social Engineering (Cybrary)
- Labs
- Bro, it's about human hacking. Just hack yourself xD
# Offensive Programming
- Books
- Hands-On Penetration Testing with Python
- Python Penetration Testing Cookbook
- Python for Offensive PenTest
- Black Hat Python
- Gray Hat C#: A Hacker's Guide to Creating and Automating Security Tools
- Black Hat Go: Go Programming For Hackers and Pentesters
- Security with Go
- Penetration Testing with PerL
- Black Hat Ruby
- Courses
- I encourage you to read the books, cause there are a lot of courses for offensive programming but the most are using python.
- Learn Python & Ethical Hacking From Scratch
- The Complete Python Hacking Course: Beginner to Advanced!
- Offensive Bash Scripting
- Powershell for Pentesters
- Labs
- First of all try to create automation tools for your tasks. also you can search for offensive tools and try to write one on your own way.
- Tools:
- Subdomain Enumeration
- Directory Bruteforcing
- Live Subdomain checker
- Google Dorking
- Extract javascript urls using page source
- Reverse & Bind Shells
- Protocol Enumeration
- Port Scanner (TCP & UDP)
- Hash & Password Cracking
- Fuzzer
- Malware ( Keylogger, Spyware, CryptoMalware, etc)
- Packet Sniffer
- Wifi Scanner or Bruteforcer
- Vulnerability Scanner ( Web, Network & System Vulnerabilities, etc )
- Exploition Tool ( Try to write an exploition tool for known vulnerability [e.x: Vsftpd backdoor exploition tool] )
- Network Sniffer
- MAC address Changer
- Network Scanner
# Blockchain
- Books
- Bitcoin and Blockchain Security
- Blockchain Technology And Hacking
- Hands-On Cybersecurity with Blockchain
- Courses
- Certified Blockchain Security Professional (CBSP)
- SEC554: Blockchain and Smart Contract Security
- Blockchain Security Expert (CBSE)
- Attack and Defence in Blockchain Technologies (W39)
- Decentralized Application Security Project
- Labs
- smart contract security best practices
- GOATCasino
- Ethernaut
# Car Hacking
- Books
- The Car Hacker's Handbook
- Hacking Connected Cars
- Courses
- CAR HACKING 101
- Automotive hacking for Beginners
- Car Hacking Training: Automotive Cybersecurity and In-Vehicle Networks for Beginners
- Practical car hacking
- Labs
- Setup your lab from the courses & books
# Game Hacking
- Books
- Exploiting Online Games
- Game Hacking: Developing Autonomous Bots for Online Games
- Hacking Video Game Consoles
- Game Console Hacking: Xbox, PlayStation, Nintendo, Game Boy, Atari and Sega
- Hacking the Xbox: An Introduction to Reverse Engineering
- Courses
- CS420 Game Hacking Course
- Learn How To Code a Hack For ANY Game! - Game Hacking
- Game Hacking: Cheat Engine Game Hacking Basics
- Game Hacking Shenanigans - Game Hacking Tutorial Series
- Game Hacking Tutorial
- Labs
- Setup your lab from the courses & books
# Source Code Review
- Books
- SECURE COMPUTER SOFTWARE DEVELOPMENT: INTRODUCTION TO VULNERABILITY DETECTION TOOLS
- Software Vulnerability Guide
- ecure Programming with Static Analysis: Getting Software Security Right with Static Analysis
- OWASP Code Review Guide v2
- The ultimate guide to code reviews - Edition I
- Courses (Tutorials)
- SAST
- How to do Code Review - The Offensive Security Way
- How to find vulnerabilities by source code review
- Finding Security Vulnerabilities through Code Review - The OWASP way
- OWASP DevSlop Show: Security Code Review 101 with Paul Ionescu!
- How to Analyze Code for Vulnerabilities
- Labs
- Pentesterlab Code Review
- Damn Vulnerable Source Code
- SVCP4CDataset
# Telecom
- Books
- Security for Telecommunications Networks
- Courses
- Mobile Network Hacking, IP Edition
- New Era in Telecom Hacking by Ali Abdollahi at BSides Toronto 2020
- Labs
- Setup your lab from the courses & books
# Malware Development
- Books
- You can read malware analysis books to get a deep understanding of malwares
- Courses
- RED TEAM Operator: Malware Development Essentials Course
- RED TEAM Operator: Malware Development Intermediate Course
- Build Undetectable Malware Using C Language: Ethical Hacking
- Practical Malware Development For Beginners
- Coding Botnet & Backdoor In Python For Ethical Hacking
- Ethical Hacking Foundations: Malware Development in Windows
- Labs
- No need for online labs you need to write a malicious code
# VOIP
- Books
- Hacking VoIP: Protocols, Attacks, and Countermeasures
- Hacking Exposed VoIP: Voice Over IP Security Secrets & Solutions
- Hacking Exposed Unified Communications & VoIP Security Secrets & Solutions, Second Edition
- Courses
- VoIP Pentesting (W47)
- VoIP Hacking & Penetration Testing Training
- VoIP pentest and SIP hacking
- Labs
- Setup your lab from the courses & books
# RFID & SDR
- Books
- RFID Security
- Inside Radio: An Attack and Defense Guide
- Courses
- Ethical RFID Hacking
- SDR Exploitation
- SDR for Ethical Hackers and Security Researchers
- Advance SDR for Ethical Hackers Security Researchers 2.0
- SDR for Ethical Hackers and Security Researchers 3.0
- Labs
- Setup your lab from the courses & books
# ATM Hacking
A curated collection of resources covering ATM security research, penetration testing, malware analysis, and defensive strategies.
---
- Books
- Digital Robbery: ATM Hacking and Implications
- The Security Analysis, Hacking of Banking EMV Cards, ATM, CHIP, PIN & Attacks
- Cashing in on ATM Malware (Trend Micro / Europol)
- The ATM Hacking Case (SpringerLink Chapter)
- Academic Paper on ATM Security (CEUR-WS)
- Hacking Next-Gen ATMs: From Capture to Cashout (Black Hat 2016)
- Applied Cash Eviction through ATM Exploitation (DEF CON 28)
- Cobalt - Logical Attacks on ATMs (Group-IB Threat Report)
- Academic Paper on ATM Security (University of South Florida)
- ATM Use Case Analysis Example (RIT)
- ATM Hacking (Scribd)
- ATM Hacking 101 (Scribd)
- ATM Hacking ISC Beijing 2018 (Scribd)
- ATM Jackpotting (Scribd)
- ATM Hack to Get Much More Money (Scribd)
- ATM Hack (Scribd)
- Hacking an ATM Machine (Scribd)
- Courses
- ATM Hacking and Penetration Testing Training (CyberFox)
- ATM Security Training (ATMIA Academy)
- ATM Training Courses (ATMIA)
- Hacking in Practice 2 (includes ATM module)
- Introduction to ATM Penetration Testing (Ekoparty)
- Labs
- Global ATM Malware Wall (Malware Samples)
- HSBC&L ATM CTF Challenge
- CEN/XFS SDK & Development Environment
- Skimer ATM Malware Sample
- Blogs/Series
- Tyupkin: Manipulating ATM Machines with Malware (Kaspersky)
- ATM Malware from Latin America to the World (Kaspersky)
- ATM Malware is Being Sold on Darknet Market (Kaspersky)
- ATM/PoS Malware Landscape 2020-2022 (Kaspersky)
- Criminals, ATMs and a Cup of Coffee - ATMJaDi (Kaspersky)
- ATM Infector - Skimer (Kaspersky)
- Malware and Non-Malware Ways for ATM Jackpotting (Kaspersky)
- ATM/PoS Malware Landscape 2017-2019 (Kaspersky)
- ATM Vulnerabilities 2018 Report (Positive Technologies)
- ATMs Can Be Hacked in Minutes (Positive Technologies)
- NCR Patches ATM Vulnerabilities (Positive Technologies)
- 10 Years of Virtual Dynamite: ATM Malware Retrospective (Cisco Talos)
- ATM Penetration Testing (Infosec Institute)
- Tyupkin ATM Malware Analysis (Infosec Institute)
- Hacking ATMs: New Wave of Malware (Infosec Institute)
- Jackpotting Malware (Infosec Institute)
- Adventures in ATM Hacking (Trustwave SpiderLabs)
- 9 Pen Testing Essentials for Making ATMs Less Hackable (Trustwave)
- Jackpotting ATM Attack: A Technical Breakdown (Komodo)
- Advanced ATM Penetration Testing Methods (GBHackers)
- ATM Hacking: Advanced Methods for Finding Security Vulnerabilities
- Analyzing ATM Malwares (XFS Analysis)
- ATM Hacking Wiki (French)
- KrebsOnSecurity - ATM Jackpotting
- Tyupkin ATM Malware: Banks Give Away Cash
- ATM Malware Tyupkin Spreads to U.S. (SC Magazine)
- Everything You Need to Know About ATM Attacks - Part 1 (Malwarebytes)
- ATM Attacks and Fraud - Part 2 (Malwarebytes)
- Cracking the Code: ATM Hacking Series - Part 1 (Medium)
- Cracking the Code: ATM Hacking Series - Part 2 (Medium)
- Cracking the Code: XFS Integrity Controls - Part 3 (Medium)
- Cracking the Code: Escaping Kiosk Mode - Part 4 (Medium)
- ATM Security (Hacking Lab CZ)
- ATM Replay Attack Audit (Hacking Lab CZ)
- UNC2891 Bank Heist Analysis (Group-IB)
- ATM Jackpotting Whitepaper (Sepio Cyber)
- Dark Web and ATM Hacking (CloudSEK)
- Presentations/Conferences/Papers
- Buy Hack ATM - OWASP London (2018)
- ATM Security Publication (CyberTrends)
- ATM Security Video Presentation (TIB AV-Portal)
- Jackpotting Automated Teller Machines Redux - Barnaby Jack (Black Hat 2010)
- DEF CON 18 Archive - Barnaby Jack Presentation
- Hacking Next-Gen ATMs: From Capture to Cash-Out - Weston Hecker (Black Hat 2016)
- ATM Hacking - Frank Boldewin (ISC Beijing 2018)
- ATM Security: A Case Study of Emerging Threats (ResearchGate)
- Capability Analysis of ATM Malware Using CAPA (ResearchGate 2023)
- ATM Hacking/Jackpotting – A Case Study (IRJET)
- Malware Analysis and Detection Using Reverse Engineering (ResearchGate)
- A Risk Assessment of Logical Attacks on CEN/XFS (JKU)
- Positive Research 2019 (ATM Section)
- ATM Hacking Video - Barnaby Jack Black Hat 2010 (SecurityWeek)
- Watch the ATM Hacker at Work (MIT Technology Review)
- Throwback: Barnaby Jack Jackpotting ATMs (Threatpost)
- Barnaby Jack Hits ATM Jackpot at Black Hat (Computerworld)
- Hackers Say Jackpotting Flaws Tricked ATMs Into Spitting Out Cash (TechCrunch)
- Barnaby Jack Hits The Jackpot With ATM Hack (Dark Reading)
- Jackpotting, The Wrong Type of Jackpot (UH West Oahu)
- Notes
- ATM Hacking Wiki / Notes (French)
- Analyzing ATM Malwares Guide
- CEN/XFS Official Specification & SDK
- CEN/XFS Overview (Wikipedia)
- XFS4IoT - Next-Gen Standard (KAL)
- NJCCIC ATM Malware Threat Profiles
- CutletMaker Malware Profile (NJCCIC)
- Advanced ATM Hacking Methods (Archived)
- Advanced ATM Penetration Testing Methods (Archived)
- ATM Hacking Article (Archive.is)
- Misc
- Awesome ATM Hacking - Curated List (GitHub)
- ATM-Hacking-ISC2018 (GitHub)
- KAL-ATM-Software / XFS4IoT Framework (GitHub)
- CTI Report Collection - ATM Malware Reports (GitHub)
- Hacking-Security-Ebooks (GitHub)
- PoC-Fake-Msxfs (GitHub)
- XFS.Net - .NET Wrapper for CEN/XFS (GitHub)
- XFS4NET (GitHub)
- CoreXfs (GitHub)
- ATM Topic on GitHub
- UNC2891 Threat Intelligence Overview (Google Cloud)
- ATMIA (ATM Industry Association)
- NetSPI ATM Penetration Testing
- Sepio ATM Jackpotting Whitepaper
- ATM Hacking Report: Scenarios from 2018 ATM Hacks
- Positive Technologies ATM Vulnerabilities Report
- A Decade of ATM Malware Evolution and Deployment
- Videos
- ATM Hacking Presentation
- ATM Security Analysis
- ATM Exploitation Techniques
- ATM Malware Analysis
- ATM Jackpotting Demo
- ATM Security Research
- ATM Hacking Talk
- ATM Penetration Testing
# AirCraft Hacking
## Books & Whitepapers
* [Aviation Cybersecurity: Foundations, Principles, and Applications](https://www.amazon.com/Aviation-Cybersecurity-Foundations-principles-applications/dp/1839533218)
* [Cyber-Security Challenges in Aviation Industry: A Review of Current and Future Trends (MDPI 2022)](https://www.mdpi.com/2078-2489/13/3/146)
* [Assessing Aircraft Security: A Comprehensive Survey and Methodology for Evaluation (ACM 2023)](https://dl.acm.org/doi/10.1145/3610772)
* [Building an Avionics Laboratory for Cybersecurity Testing (Martin Strohmeier PDF)](https://lenders.ch/publications/conferences/cset22.pdf)
* [A Review on Cybersecurity Vulnerabilities for Urban Air Mobility (NASA PDF)](https://ntrs.nasa.gov/api/citations/20205011115/downloads/A Review of Cybersecurity Vulnerabilities for UAM Final Draft.pdf)
* [Cyber-Security Challenges in Aviation Industry Survey (arXiv PDF)](https://arxiv.org/pdf/2107.04910)
* [A Framework for Aviation Cybersecurity (ResearchGate)](https://www.researchgate.net/publication/329477408_A_Framework_for_Aviation_Cybersecurity)
* [Cyber Security Challenges in Aviation Communication, Navigation, and Surveillance (ScienceDirect)](https://www.sciencedirect.com/science/article/abs/pii/S0167404821003400)
* [Aviation Cybersecurity: An Overview (Craiger & Kessler, Embry-Riddle 2018)](https://commons.erau.edu/cgi/viewcontent.cgi?article=1191&context=ntas)
* [ARINC 429 Cyber-vulnerabilities and Voltage Data in Hardware-in-the-Loop Simulator (2024)](https://ui.adsabs.harvard.edu/abs/2024arXiv240816714T/abstract)
* [Cyber Risk Landscape of the Global Aviation Industry 2024 (SecurityScorecard)](https://securityscorecard.com/company/press/cyber-risk-landscape-of-the-global-aviation-industry-2024/)
* [Commercial Aviation Cybersecurity Threats in 2025 (Airways Magazine)](https://www.airwaysmag.com/new-post/aviation-cybersecurity-threats-in-2025)
* [The Types of Hackers and Cyberattacks in the Aviation Industry (Journal of Transportation Security 2024)](https://link.springer.com/article/10.1007/s12198-024-00281-9)
* [FAA Penetration Testing Training & Outreach (PDF)](https://www.faa.gov/sites/faa.gov/files/air_traffic/technology/cas/ct/ct2.pdf)
* [Hugo Teso: Aircraft Hacking - Practical Aero Series (HITB 2013 PDF)](https://conference.hitb.org/hitbsecconf2013ams/materials/D1T1 - Hugo Teso - Aircraft Hacking - Practical Aero Series.pdf)
* [Simulating ADS-B and CPDLC Messages with SDR (DiVA Portal PDF)](https://www.diva-portal.org/smash/get/diva2:1442163/FULLTEXT01.pdf)
* [Connected Aircraft: Cyber-Safety Risks, Insider Threat (University of Hawaii PDF)](https://scholarspace.manoa.hawaii.edu/bitstream/10125/59759/1/0319.pdf)
* [Phil Polstra: Cyber-hijacking Airplanes - Truth or Fiction (DEF CON 22 PDF)](https://defcon.org/images/defcon-22/dc-22-presentations/Polstra/DEFCON-22-Phil-Polstra-Cyber-hijacking-Airplanes-Truth-or-Fiction-Updated.pdf)
* [Brad RenderMan Haines: Hackers + Airplanes (DEF CON 20 PDF)](https://defcon.org/images/defcon-20/dc-20-presentations/Renderman/DEFCON-20-RenderMan-Hackers-plus-Airplanes.pdf)
* [UAV Exploitation: A New Domain for Cyber Power (CCDCOE PDF)](https://ccdcoe.org/uploads/2018/10/Art-13-UAV-Exploitation-A-New-Domain-for-Cyber-Power.pdf)
* [Unmanned Aircraft Systems (UAS) in the Cyber Domain (New Prairie Press PDF)](https://newprairiepress.org/cgi/viewcontent.cgi?filename=3&article=1021&context=ebooks&type=additional)
* [Cyber Threats to US Aviation (Homeland Security Perspectives Journal PDF)](https://hnspjournal.org/wp-content/uploads/2023/01/jhnsp-7.1-final-draft-cyber-threats-us-aviation-schafer-january-2023-3.pdf)
* [GAO Report: Aviation Cybersecurity - FAA Should Fully Implement Key Practices (PDF)](https://www.gao.gov/assets/gao-21-86.pdf)
* [Cybersecurity in Aviation: Addressing Cybersecurity Challenges (Critical Software PDF)](https://criticalsoftware.com/multimedia/common/UXqMH8QWb-CSW_WhitePaper_Aviation_Cybersecurity_in_Aviation.pdf)
* [Aviation Cybersecurity: Scoping the Challenge (Atlantic Council PDF)](https://www.atlanticcouncil.org/wp-content/uploads/2019/12/AVIATION-CYBERSECURITY-12-19-.pdf)
* [Civil Aviation and CyberSecurity (National Academies PDF)](https://sites.nationalacademies.org/cs/groups/depssite/documents/webpage/deps_084768.pdf)
* [SAE Standards on Cybersecurity - Aviation Framework (PDF)](https://www.sae.org/binaries/content/assets/cm/content/attend/2017/aerospace-standards-summit/standards_on_cybersecurity.pdf)
* [Avionics Cybersecurity Research Test Bed (INL Factsheet PDF)](https://factsheets.inl.gov/FactSheets/Avionics%20Cybersecurity%20Research%20Test%20Bed.pdf)
* [Avionics Cyber Test and Evaluation (ITEA PDF)](https://itea.org/images/pdf/conferences/2016 Symposium/2016_Sym_Proceedings/Nichols Avionics Cyber TE.pdf)
* [Safety vs. Security: Attacking Avionic Systems with Humans in the Loop (arXiv PDF)](https://lenders.ch/publications/reports/arxiv19.pdf)
* [Vulnerability Assessment for Security in Aviation Cyber-Physical Systems (ResearchGate PDF)](https://www.researchgate.net/profile/Sathish-Kumar-26/publication/318669860_Vulnerability_Assessment_for_Security_in_Aviation_Cyber-Physical_Systems/links/59f139c2aca272cdc7ce0a44/Vulnerability-Assessment-for-Security-in-Aviation-Cyber-Physical-Systems.pdf)
* [FAA Aircraft Systems Information Security/Protection (ASISP) R&D (PDF)](https://www.faa.gov/sites/faa.gov/files/2022-08/nopsSC-Sep2020-AircraftSystemsInformationSecurityProtection(ASISP)R&D.pdf)
* [Airport Security Vulnerability Assessments Guidebook (PARAS PDF)](https://www.sskies.org/images/uploads/subpage/PARAS_0016.SVAGuidebook__.Final__.pdf)
* [ICAO Aviation Cybersecurity Strategy (PDF)](https://www.icao.int/sites/default/files/Meetings/a42/Documents/AVIATION-CYBERSECURITY-STRATEGY.EN_.pdf)
* [IATA Cyber Security Presentation (PDF)](https://www.aaco.org/Library/Assets/Cyber Security by Shawn Goudge - IATA-103603.pdf)
* [Deep Learning for Large-Scale Real-World ACARS and ADS-B Radio Signal Classification (arXiv PDF)](https://arxiv.org/pdf/1904.09425)
* [On the Security of Satellite-Based Air Traffic Control (ADS-C) (NDSS 2024 PDF)](https://www.ndss-symposium.org/wp-content/uploads/spacesec2024-22-paper.pdf)
* [ADS-B and ADS-C Communication in the Light of Digitalisation (SKYbrary PDF)](https://skybrary.aero/sites/default/files/bookshelf/4871.pdf)
* [Securing the Air-Ground Link in Aviation (Oxford PDF)](https://www.cs.ox.ac.uk/files/13226/chapter-revision.pdf)
* [Evaluating the Security of Aircraft Systems (arXiv PDF)](https://arxiv.org/pdf/2209.04028)
* [Economy Class Crypto: Exploring Weak Cipher in Aviation (Oxford PDF)](http://www.cs.ox.ac.uk/files/9693/fc-paper.pdf)
* [On the Implications of Spoofing and Jamming Aviation Datalink Applications (ACSAC PDF)](https://aanjhan.com/assets/sathaye22_acsac.pdf)
* [The ADS-B Protocol and Its Weaknesses (DiVA Portal PDF)](http://www.diva-portal.org/smash/get/diva2:1464430/FULLTEXT01.pdf)
## Courses
* [DEF CON Aerospace Village (Annual)](https://www.aerospacevillage.org/)
* [IATA Aviation Cyber Security (Classroom)](https://www.iata.org/en/training/courses/aviation-cyber-security/tscs59/en/)
* [IATA Aviation Cyber Security (Virtual Classroom)](https://www.iata.org/en/training/courses/aviation-cyber-security-virtual/tscs59/en/)
* [IATA Aviation Cyber Security Management Diploma](https://www.iata.org/en/training/courses/diploma_programs/aviation-cyber-security-management-diploma/142/)
* [Tonex Aviation Cybersecurity Training Bootcamp](https://www.tonex.com/training-courses/aviation-cybersecurity-training-bootcamp/)
* [ICAO Foundations of Aviation Cybersecurity Leadership and Technical Management](https://igat.icao.int/ated/trainingCatalogue/Course/5131)
* [AIAA Aviation Cybersecurity Management Course](https://aiaa.org/courses/aviation-cybersecurity/)
* [UK CAA Aviation Cybersecurity Oversight Training](https://caainternational.com/course/aviation-cybersecurity-oversight/)
* [Aviation Cybersecurity Training (Airline-Cybersecurity.ch)](https://www.airline-cybersecurity.ch/Airline_Cybersecurity_Training.html)
* [Aviation eLearning: Cyber Security in Aviation](https://ael.aero/courses/general/cyber-security-in-aviation/)
* [JAA TO Aviation Cyber Security](https://jaato.com/courses/1013/aviation-cyber-security/)
## Labs
* [DEF CON Aerospace Village: Drone Hacking Activity](https://www.aerospacevillage.org/defcon-32-activites)
* [DEF CON Aerospace Village: ADS-B Receiver Building Workshop (Raspberry Pi + RTL-SDR)](https://www.aerospacevillage.org/defcon-32-workshop-schedule)
* [DEF CON Aerospace Village: Aviation Infrastructure Cyber Defense Challenges](https://www.aerospacevillage.org/defcon-33/def-con-33-activites)
* [DEF CON Aerospace Village: Offensive Cybersecurity in Space Workshop](https://www.aerospacevillage.org/defcon-31-activities)
* [RTL-SDR Tutorial: Receiving Airplane Data with ACARS](https://www.rtl-sdr.com/rtl-sdr-radio-scanner-tutorial-receiving-airplane-data-with-acars/)
* [ACARS Decoding Guide (thebaldgeek)](https://thebaldgeek.github.io/vhf-acars.html)
* [Lightweight ACARS Decoders for RTL-SDR (One Transistor)](https://www.onetransistor.eu/2018/04/lightweight-acars-decoders-for-rtl-sdr.html)
* [Decoding ADSC, ADSB, ACARS, VDL2, Iridium, HF-DL Messages](https://thebaldgeek.github.io/)
## Blogs & Series
* [ACARS Under the Hacker's Magnifier: Aviation Security, SDR Fun (Medium 2025)](https://medium.com/@Cid_Kagenou/acars-under-the-hackers-magnifier-aviation-security-sdr-fun-and-why-encryption-matters-part-84c4cfbd35dc)
* [RTL-SDR ACARS Tag Articles](https://www.rtl-sdr.com/tag/acars/)
* [Frugal Radio: How To Decode L-band Satellite ACARS and CPDLC Messages](https://www.rtl-sdr.com/frugal-radio-how-to-decode-l-band-satellite-acars-and-cpdlc-messages-with-jaero-and-your-sdr/)
* [More on Chris Roberts and Avionics Security (Schneier on Security)](https://www.schneier.com/blog/archives/2015/05/more_on_chris_r.html)
* [Greatest Cyber Threats to Aircraft Come from the Ground (CSO Online)](https://www.csoonline.com/article/644636/greatest-cyber-threats-to-aircraft-come-from-the-ground.html)
* [Skyhacked (Flight Safety Australia 2017)](https://www.flightsafetyaustralia.com/2017/11/skyhacked/)
* [Hacker Uses Android to Remotely Attack and Hijack an Airplane (Computerworld)](https://www.computerworld.com/article/1499332/hacker-uses-an-android-to-remotely-attack-and-hijack-an-airplane.html)
* [Boeing, IFE Experts Hit Back at Hacker Claims (Runway Girl Network)](https://runwaygirlnetwork.com/2015/05/boeing-ife-experts-hit-back-at-hacker-claims-in-fbi-report/)
* [The Serious Threat of GPS Spoofing: An Analysis (Aviation Week)](https://aviationweek.com/business-aviation/safety-ops-regulation/serious-threat-gps-spoofing-analysis)
* [Intel Brief on GPS Spoofing and Jamming in Aviation (Dyami Services)](https://www.dyami.services/post/intel-brief-on-gps-spoofing-and-jamming-in-aviation)
* [What is GPS Spoofing in Aviation (APG)](https://flyapg.com/blog/what-is-gps-spoofing)
* [GNSS Jamming and Spoofing (SKYbrary)](https://skybrary.aero/articles/gnss-jamming-and-spoofing)
* [GPS Spoofing: Should Operators Be Concerned? (NBAA 2024)](https://nbaa.org/news/business-aviation-insider/2024-03/gps-spoofing-should-operators-be-concerned/)
* [GPS Spoofing - A Growing Risk for Flight Safety (EASA Community)](https://www.easa.europa.eu/community/topics/gps-spoofing-growing-risk-flight-safety-thomas-hytten-caa-norway)
* [GPS Spoofing and Jamming: Can We Keep Aviation On Track?](https://www.airtraffictechnologyinternational.com/content/in-depth/gps-spoofing-and-jamming-can-we-keep-aviation-on-track)
* [Mitigating the Effects on Aircraft of GNSS Jamming and Spoofing (AIN 2025)](https://www.ainonline.com/aviation-news/air-transport/2025-01-03/mitigating-effects-gnss-jamming-and-spoofing)
* [Manipulated GNSS Signals: Implications for Pilots (ECA)](https://www.eurocockpit.eu/news/manipulated-gnss-signals-implications-pilots)
* [Inertial Reference Systems - GPS Spoofing/Jamming Solutions (Honeywell)](https://aerospace.honeywell.com/us/en/about-us/blogs/spoofing-and-jamming)
* [The Cybersecurity Challenges of Modern Aviation Systems (NXLog Blog)](https://nxlog.co/news-and-blog/posts/the-cybersecurity-challenges-of-modern-aviation-systems)
* [Aviation and Aerospace Sectors Face Skyrocketing Cyber Threats (Resecurity)](https://www.resecurity.com/blog/article/the-aviation-and-aerospace-sectors-face-skyrocketing-cyber-threats)
* [Advancing Aviation Cybersecurity Through Collective Action (TAC)](https://thetac.tech/together-against-threats-advancing-aviation-cybersecurity-through-collective-action/)
## Presentations & Conferences
* [DEF CON 32 Aerospace Village Activities](https://www.aerospacevillage.org/defcon-32-activites)
* [DEF CON 33 Aerospace Village Activities (2025)](https://www.aerospacevillage.org/def-con-33/def-con-33-activites)
* [DEF CON 31 Aerospace Village Talk Schedule](https://www.aerospacevillage.org/defcon-31-talks)
* [DEF CON 29 Aerospace Village Videos (Space & Cybersecurity)](https://www.spacesecurity.info/en/def-con-29-aerospace-village-videos/)
* [Hugo Teso: Aircraft Hacking - Practical Aero Series (HITB 2013)](https://pdfslide.net/documents/d1t1-hugo-teso-aircraft-hacking-practical-aero-series.html)
* [Aviation Cybersecurity Conference September 2025 London (Cyber Senate)](https://cybersenate.com/aviation-cybersecurity-conference-cyber-senate/)
* [RSA Conference: Securing Aviation Systems with Cybersecurity](https://www.rsaconference.com/library/blog/securing-aviation-systems-with-cybersecurity)
* [Black Hat USA 2024 & DEF CON 32 August 2025 Las Vegas](https://blackhat.com/us-24/defcon.html)
* [Vulnerability Assessment for Security in Aviation Cyber-Physical Systems (IEEE)](https://ieeexplore.ieee.org/document/7987190)
* [Pen Test Partners Events & Speaking](https://www.pentestpartners.com/events-and-speaking/)
* [EASA Compilation of Aviation Cybersecurity Videos](https://www.easa.europa.eu/community/topics/compilation-aviation-cybersecurity-videos)
## Videos
* [EASA Aviation Cybersecurity Videos Compilation](https://www.easa.europa.eu/community/topics/compilation-aviation-cybersecurity-videos)
* [Mentour Pilot: Can Aircraft be Hacked?!](https://www.youtube.com/results?search_query=mentour+pilot+aircraft+hacked)
* [ICAO Secretary General: Cyber-Security in Aviation](https://www.youtube.com/results?search_query=ICAO+cybersecurity+aviation)
* [TomoNews US: Aircraft Hacking Vulnerabilities](https://www.youtube.com/results?search_query=TomoNews+aircraft+hacking)
* [Aviation Cybersecurity Tutorial Series](https://www.youtube.com/results?search_query=aviation+cybersecurity+tutorial)
## Tools & Frameworks
**ADS-B Reception & Decoding:**
* [dump1090: Mode S Decoder for RTLSDR Devices](https://github.com/antirez/dump1090)
* [dump1090-fa: FlightAware's Fork of dump1090](https://github.com/flightaware/dump1090)
* [PiAware: FlightAware's Raspberry Pi Flight Tracking Software](https://flightaware.com/adsb/piaware/)
* [FlightAware Ground Station Network](https://flightaware.com/)
* [tar1090: Web Interface for dump1090](https://github.com/wiedehopf/tar1090)
* [Virtual Radar Server: Aircraft Tracking Web Interface](https://www.virtualradarserver.co.uk/)
**ACARS Decoders:**
* [acarsdec: Multi-Channel ACARS Decoder with RTL-SDR Support](https://github.com/TLeconte/acarsdec)
* [AcarsDeco2: ACARS Decoder for Windows/Linux/Raspberry Pi/OS X](https://www.acarsd.org/)
* [JAERO: L-band Satellite ACARS Decoder](https://github.com/jontio/JAERO)
* [dumpvdl2: VDL Mode 2 Message Decoder](https://github.com/szpajder/dumpvdl2)
* [dumphfdl: HF Data Link Protocol Decoder](https://github.com/szpajder/dumphfdl)
**SDR Hardware:**
* [RTL-SDR Blog V3: USB DVB-T Software Defined Radio](https://www.rtl-sdr.com/buy-rtl-sdr-dvb-t-dongles/)
* [FlightAware Pro Stick Plus: Optimized ADS-B USB Receiver](https://flightaware.com/adsb/prostick/)
* [Airspy: High Performance SDR](https://airspy.com/)
* [HackRF One: Software Defined Radio Platform](https://greatscottgadgets.com/hackrf/)
* [BladeRF: Software Defined Radio Platform](https://www.nuand.com/)
**Aircraft Tracking Platforms:**
* [FlightRadar24: Real-Time Flight Tracking](https://www.flightradar24.com/)
* [ADS-B Exchange: Unfiltered Flight Tracking](https://www.adsbexchange.com/)
* [OpenSky Network: Open Air Traffic Data](https://opensky-network.org/)
* [RadarBox: Live Flight Tracker](https://www.radarbox.com/)
**Analysis & Research Tools:**
* [GNU Radio: Software Defined Radio Framework](https://www.gnuradio.org/)
* [SDR#: Popular SDR Software for Windows](https://airspy.com/download/)
* [GQRX: SDR Software for Linux/Mac](https://gqrx.dk/)
* [Wireshark: Network Protocol Analyzer (with aviation protocol dissectors)](https://www.wireshark.org/)
**Aviation Security Testing:**
* [Metasploit Pro: Penetration Testing Framework](https://www.metasploit.com/)
* [BackTrack Tools: Vulnerability Assessment Tools](https://www.backtrack-linux.org/)
## Notes
* **2024-2025 Statistics:** Cyberattacks on aviation increased by 74% since 2020; aviation industry experienced 24% increase in cyber attacks with 55 reported incidents in 2022
* **Global Threat Landscape:** Aviation industry averages a "B" cybersecurity rating; organizations with B rating are 2.9x more likely to suffer data breaches than those with A rating
* **Major Incidents (2024-2025):** Arab Civil Aviation Organization (ACAO) breach in February 2025; ICAO data breach with 42,000 documents exposed; Japan Airlines attack in December 2024 disrupting baggage services; Seattle-Tacoma Airport Rhysida ransomware attack in 2024
* **Breach Statistics:** In global aviation systems, breaches caused by hacking or information leakage increased from 4% in 2010 to 81% in 2024
* **Attack Vectors:** DDoS attacks represent 25% of cyber incidents targeting airlines and airports; GPS spoofing exploits weaknesses in aircraft navigation systems; malicious acts from hostile operators on ground or flight operations
* **ACARS Vulnerabilities:** ACARS transmits at 131.550 MHz unencrypted; has no encryption (messages sent in plain sight), no authentication (receiver can't verify sender), no integrity (no signature or hash)
* **ADS-B Security Issues:** ADS-B broadcasts detailed aircraft information (position, velocity, identity) over unencrypted data links; susceptible to eavesdropping, spoofing, and injection attacks
* **ARINC 429 Protocol:** Ubiquitous data bus for civil avionics lacks any form of encryption or authentication; inherently insecure communication protocol vulnerable to denial-of-service attacks
* **GPS Spoofing/Jamming:** GPS jamming prevents receivers from locking onto satellite signals; spoofing broadcasts counterfeit signals causing false positioning; particularly affects conflict zones (Black Sea, Middle East)
* **Effects on Aircraft Systems:** GPS spoofing can disable Inertial Reference System (IRS), cause failures in GPS Clock, Weather Radar, ADS-B, and Terrain Warning Systems; FMS can show aircraft more than 60nm off-track
* **Detection Indicators:** GPS position suddenly 100+ nm from FMS position; abnormally low groundspeed readings; significant difference between GPS altitude and actual altitude
* **Notable Researchers:** Hugo Teso (n.runs Professionals) demonstrated aircraft hacking via FMS computers and ACARS at HITB 2013; Chris Roberts (One World Labs) claimed IFE system hacks on 15-20 flights between 2011-2014
* **Industry Response:** Boeing and Airbus state IFE systems are isolated from flight and navigation systems; third-party penetration testing allowed during aircraft development; grey-box testing mimics malicious passenger actions
* **DEF CON Aerospace Village:** Annual gathering featuring drone hacking workshops, ADS-B receiver building using Raspberry Pi + RTL-SDR, aviation infrastructure cyber defense challenges, offensive space cybersecurity sessions
* **Lab Setup:** Use RTL-SDR ($20-$30) with dump1090/PiAware for ADS-B reception; acarsdec/JAERO for ACARS decoding; GNU Radio for signal analysis; Raspberry Pi for portable tracking stations
* **Countermeasures:** Signal strength monitoring, time-of-arrival analysis, cryptographic authentication, multiple satellite navigation systems for cross-verification, enhanced pilot training, backup navigation systems
* **Regulatory Bodies:** FAA provides penetration testing training; ICAO offers cybersecurity leadership courses; EASA publishes aviation cybersecurity guidance; IATA provides industry-standard training programs
* **Research Institutions:** Embry-Riddle's Center for Aerospace Resilient Systems (CARS) researches AI/ML for aviation cybersecurity defense; SecurityScorecard conducts industry-wide cybersecurity assessments
* **Legal Warning:** Unauthorized access to aircraft systems, jamming GPS signals, or interfering with aviation communications is illegal and dangerous. All research must be conducted in authorized lab environments with proper permissions
* **Testing Limitations:** Conducting penetration tests on live aviation systems could impact operations and present safety risks; testing must use controlled environments with simulated systems
* **Ethical Considerations:** Aviation security research should be conducted responsibly with coordinated disclosure to manufacturers and regulatory bodies; focus on defensive understanding and improving aviation safety
* **Hardware Requirements:** RTL-SDR V3 or FlightAware dongles for VHF ACARS (blue dongles filtered for 1090 MHz ADS-B will not work on VHF-ACARS); appropriate antennas for 1090 MHz (ADS-B) and 131.550 MHz (ACARS)
* **Best Practices:** Build receiving stations for passive monitoring only; never transmit on aviation frequencies; contribute data to open networks (FlightAware, ADS-B Exchange, OpenSky) for research purposes
* **Future Trends:** AI integration in aviation cybersecurity defense; quantum-resistant cryptography for aviation communications; enhanced authentication protocols for ACARS/ADS-B replacement systems
# AI Hacking
## Books & Whitepapers
* [Not with a Bug, But with a Sticker (Book)](https://www.google.com/search?q=https://www.wiley.com/en-us/Not%2Bwith%2Ba%2BBug,%2BBut%2Bwith%2Ba%2BSticker:%2BAttacks%2Bon%2BMachine%2BLearning%2BSystems%2Band%2BWhat%2BTo%2BDo%2BAbout%2BThem-p-9781119883982)
* [Hacking Artificial Intelligence (Book)](https://www.google.com/search?q=https://www.amazon.com/Hacking-Artificial-Intelligence-Deepfakes-Learning/dp/1538155083)
* [Redefining Hacking (Book)](https://www.amazon.com/-/he/Redefining-Hacking-Comprehensive-Teaming-AI-driven/dp/0138363617)
* [Large Language Models in Cybersecurity (Book)](https://www.practical-devsecops.com/best-ai-security-books/)
* [Hands-On Large Language Models (Book)](https://www.practical-devsecops.com/best-ai-security-books/)
* [Jailbreaking Large Language Models via Logic Chain Injection (Arxiv)](https://arxiv.org/html/2409.09493v2)
* [Arxiv Paper 2508.21669](https://arxiv.org/pdf/2508.21669)
* [LLM Agents can Autonomously Hack Websites (Whitepaper)](https://medium.com/@danieldkang/llm-agents-can-autonomously-hack-websites-ab33fadb3062)
* [NIST AI 100-2e2025: Adversarial Machine Learning Taxonomy (Updated 2025)](https://nvlpubs.nist.gov/nistpubs/ai/NIST.AI.100-2e2023.pdf)
* [CISO's GenAI Security Blueprint: 2025 OWASP Top 10 LLM Risks (Securiti Whitepaper)](https://securiti.ai/whitepapers/ciso-genai-security-owasp-top-10-llm-risks/)
* [Securing AI Systems: A Guide to Known Attacks and Impacts (Arxiv 2025)](https://arxiv.org/html/2506.23296v1)
* [A Comprehensive Review of Adversarial Attacks and Defense Strategies (MDPI 2025)](https://www.mdpi.com/2227-7080/13/5/202)
* [Dataset & Lessons: 2024 SaTML LLM CTF (Arxiv)](https://arxiv.org/html/2406.07954v1)
* [Prompt Injection Attacks in Defended Systems (Arxiv)](https://arxiv.org/html/2406.14048v1)
* [Multi-Chain Prompt Injection Attacks (WithSecure Labs)](https://labs.withsecure.com/publications/multi-chain-prompt-injection-attacks)
* [Adversarial Machine Learning and Cybersecurity (Georgetown CSET)](https://cset.georgetown.edu/publication/adversarial-machine-learning-and-cybersecurity/)
* [Prompt Hacking in LLMs 2024-2025 Literature Review](https://www.rohan-paul.com/p/prompt-hacking-in-llms-2024-2025)
## Courses
* [HTB Academy: AI Red Teamer Path](https://academy.hackthebox.com/path/preview/ai-red-teamer)
* [HTB Academy: Introduction to Red Teaming AI](https://academy.hackthebox.com/course/preview/introduction-to-red-teaming-ai)
* [Antisyphon: Hacking AI/LLM Applications Workshop](https://www.antisyphontraining.com/product/workshop-hacking-ai-llm-applications-with-brian-fehrman-joff-thyer-and-derek-banks/)
* [Udemy: Hands-on AI LLM Red Teaming](https://www.udemy.com/course/hands-on-ai-llm-red-teaming/)
* [Udemy: OWASP Top 10 for LLM Applications 2025](https://www.udemy.com/course/owasp-top-10-for-llm-applications-2025/?couponCode=CP251118G4)
* [SANS SEC545: GenAI and LLM Application Security](https://www.sans.org/cyber-security-courses/genai-llm-application-security/)
* [TCM Security: AI Hacking 101](https://academy.tcm-sec.com/p/ai-hacking-101)
* [Microsoft AI Red Team Training Series](https://learn.microsoft.com/en-us/security/ai-red-team/training)
* [NVIDIA: Exploring Adversarial Machine Learning (Self-Paced)](https://developer.nvidia.com/blog/ai-red-team-machine-learning-security-training/)
* [DeepLearning.AI: Red Teaming LLM Applications](https://www.deeplearning.ai/short-courses/red-teaming-llm-applications/)
* [Learn Prompting: AI Red Teaming and AI Security Masterclass](https://maven.com/learn-prompting-company/ai-red-teaming-and-ai-safety-masterclass)
* [OffSec: LLM & AI Training for Red Teams](https://www.offsec.com/learning/paths/llm-red-teaming/)
* [Practical DevSecOps: Certified AI Security Professional (CAISP)](https://www.practical-devsecops.com/best-ai-security-books/)
* [Tonex: Certified AI Penetration Tester – Red Team (CAIPT-RT)](https://www.tonex.com/training-courses/certified-ai-penetration-tester-red-team-caipt-rt/)
## Labs
* [TryHackMe: Output Handling and Privacy Risks](https://tryhackme.com/room/outputhandlingandprivacyrisks)
* [PortSwigger: Web LLM Attacks](https://portswigger.net/web-security/learning-paths/llm-attacks)
* [Gandalf by Lakera](https://gandalf.lakera.ai/)
* [Dreadnode Crucible](https://dreadnode.io/)
* [OWASP FinBot CTF](https://genai.owasp.org/)
* [Microsoft AI Red Teaming Playground](https://github.com/microsoft/AI-Red-Teaming-Playground-Labs)
* [SaTML 2024 LLM CTF Competition](https://ctf.spylab.ai/)
* [Bishop Fox's Local LLM CTF Lab](https://bishopfox.com/blog/ready-to-hack-an-llm-our-top-ctf-recommendations)
* [WithSecure Workout Planner CTF Challenge](https://myllmdoc.com)
* [CTF Prompt Injection (GitHub Lab)](https://github.com/CharlesTheGreat77/ctf-prompt-injection)
* [Steve's Chat Playground (Browser-Based Sandbox)](https://labs.withsecure.com/publications/multi-chain-prompt-injection-attacks)
* [Wild LLaMa (Prompt Engineering Mini-Game)](https://bishopfox.com/blog/ready-to-hack-an-llm-our-top-ctf-recommendations)
* [Damn Vulnerable LLM Agent](https://bishopfox.com/blog/ready-to-hack-an-llm-our-top-ctf-recommendations)
## Blogs & Series
* [LLM Security Best Practices (VIEH Group)](https://medium.com/@viehgroup/llm-security-best-practices-af5cf9d3a668?source=rss------hacking-5)
* [Getting Started with AI Hacking Part 2 (BHIS)](https://www.blackhillsinfosec.com/getting-started-with-ai-hacking-part-2/)
* [LLM Jailbreaking: Advanced Attack Techniques (JIN)](https://ai.plainenglish.io/llm-jailbreaking-advanced-attack-techniques-and-defense-strategies-unpacked-7c17b31ff1de?source=rss------hacking-5)
* [LLM Pentest Agent Hacking (Blaze Infosec)](https://www.blazeinfosec.com/post/llm-pentest-agent-hacking/)
* [From Prompt to Pwn: How I Pen-Tested a LLM](https://abhishekml.medium.com/from-prompt-to-pwn-how-i-pen-tested-and-broke-a-llm-25471e1b22f3?source=rss------ethical_hacking-5)
* [Stanford's 8-Word Hack (Medium)](https://medium.com/@akshayamary/stanfords-8-word-hack-that-unlocked-ai-s-lost-creativity-fcdd8ab1e0a0?source=rss------hacking-5)
* [Understanding LLM Attacks and Prompt Injections](https://medium.com/@anmol.sh/hacking-ai-understanding-llm-attacks-and-prompt-injections-9354f26a8353?source=rss------bug_bounty-5)
* [Six Key Adversarial Attacks and Their Consequences (Mindgard)](https://mindgard.ai/blog/ai-under-attack-six-key-adversarial-attacks-and-their-consequences)
* [LLM Security in 2025: Risks, Examples, and Best Practices (Oligo Security)](https://www.oligo.security/academy/llm-security-in-2025-risks-examples-and-best-practices)
* [Securing AI/LLMs in 2025: A Practical Guide (Software Analyst)](https://softwareanalyst.substack.com/p/securing-aillms-in-2025-a-practical)
* [AI Under the Microscope: OWASP Top 10 for LLMs 2025 (Qualys)](https://blog.qualys.com/vulnerabilities-threat-research/2024/11/25/ai-under-the-microscope-whats-changed-in-the-owasp-top-10-for-llms-2025)
* [Safeguarding Generative AI LLMs and Agentic AI (ISACA)](https://www.isaca.org/resources/news-and-trends/isaca-now-blog/2025/safeguarding-the-future-strategies-for-protecting-generative-ai-llms-and-agentic-ai)
* [Security Roundup: Top AI Stories in 2024 (IBM)](https://www.ibm.com/think/insights/security-roundup-top-ai-stories-in-2024)
* [SaTML 2024 LLM CTF Write-up](https://jacoporepossi.github.io/learningq/posts/2024-06-29-satml-llm-ctf/)
* [CTFs on AI - Part 1: LLM Prompt Injection Attacks](https://defjm.github.io/hemb/posts/20240127_ctf-llm-part1/)
* [Adversarial Machine Learning (UC Berkeley CLTC)](https://cltc.berkeley.edu/aml/)
**Darshan Naresh Naik Series:**
* [Part 2: Prompt Injection](https://medium.com/@darshannnaik1234/ai-llm-hacking-part-2-prompt-injection-13030a731e15?source=rss------hacking-5)
* [Part 3: Sensitive Data Disclosure](https://medium.com/@darshannnaik1234/ai-llm-hacking-part-3-sensitive-data-disclosure-5417f57b778b?source=rss------hacking-5)
* [Part 4: Supply Chain & Poisoning](https://medium.com/@darshannnaik1234/ai-llm-hacking-part-4-supply-chain-data-model-poisoning-vulnerabilities-4c9bcc358055?source=rss------hacking-5)
* [Part 6: Excessive Agency & Plugins](https://infosecwriteups.com/ai-llm-hacking-part-6-excessive-agency-insecure-plugin-6c83013c6806?source=rss------hacking-5)
* [Part 7: System Prompt Leakage](https://blog.gopenai.com/ai-llm-hacking-part-7-system-prompt-leakage-vector-embedding-weakness-68bca76d9dd4?source=rss------ethical_hacking-5)
* [Part 8: Misinformation & DoS](https://infosecwriteups.com/ai-llm-hacking-part-8-misinformation-overreliance-unbounded-consumption-mdos-model-d1cee7d625d2?source=rss------hacking-5)
## Presentations & Conferences
* [DEF CON 32: Hacker vs AI perspectives from an ex spy](https://www.youtube.com/watch?v=WC-tY-gEIPc)
* [DEF CON 32: On Your Ocean's 11 Team, I'm the AI Guy](https://www.youtube.com/watch?v=pTSEViCwAig)
* [TEDx: The Rise of AI Hackbots](https://www.youtube.com/watch?v=Y_x6KXV1y_0)
* [YouTube: AI Hacking Resource](https://www.youtube.com/watch?v=tiwx7WPW8Jc)
## Notes & Misc
* [Walkthrough: TryHackMe EvilGPT (Medium)](https://motasemhamdan.medium.com/llm-ai-hacking-how-ai-is-being-exploited-by-hackers-tryhackme-evilgpt-1-2-5fda60114a5a)
* [The Best AI for Ethical Hacking (Tools List)](https://systemweakness.com/the-best-ai-for-ethical-hacking-911c92de3b37?source=rss------bug_bounty-5)
* [Hacking with AI SASTs (Reddit Discussion)](https://ift.tt/LKo0WFS)
* [Awesome-AI-Security (GitHub)](https://github.com/ottosulin/awesome-ai-security)
* [Awesome AI for Security (GitHub)](https://github.com/AmanPriyanshu/Awesome-AI-For-Security)
* [Awesome AI Cybersecurity (GitHub)](https://github.com/ElNiak/awesome-ai-cybersecurity)
* [Awesome-AI-Security by TalEliyahu (GitHub)](https://github.com/TalEliyahu/Awesome-AI-Security)
* [MITRE ATLAS Framework](https://atlas.mitre.org/)
* [OWASP LLM Top 10](https://llmtop10.com/)
* [OWASP Gen AI Security Project](https://genai.owasp.org/)
* [Google's Secure AI Framework (SAIF)](https://cloud.google.com/security/ai)
* [What Are Adversarial AI Attacks? (Palo Alto Networks)](https://www.paloaltonetworks.com/cyberpedia/what-are-adversarial-attacks-on-AI-Machine-Learning)
* [NIST: Types of Cyberattacks That Manipulate AI Systems](https://www.nist.gov/news-events/news/2024/01/nist-identifies-types-cyberattacks-manipulate-behavior-ai-systems)
## Tools & Frameworks
* [Cybersecurity AI (CAI) Framework (GitHub)](https://github.com/aliasrobotics/cai)
* [LLM Guard by Protect AI (GitHub)](https://github.com/protectai/llm-guard)
* [LlamaFirewall (GitHub)](https://github.com/llamafirewall/llamafirewall)
* [Garak - LLM Security Probing Tool (GitHub)](https://github.com/leondz/garak)
* [Llamator - LLM Vulnerability Testing Framework (GitHub)](https://github.com/llamator/llamator)
* [Foolbox - Adversarial Examples Toolbox (GitHub)](https://github.com/bethgelab/foolbox)
* [Counterfit - ML Security Assessment Tool (GitHub)](https://github.com/Azure/counterfit)
* [TenSEAL - Homomorphic Encryption for Tensors (GitHub)](https://github.com/OpenMined/TenSEAL)
* [dstack - Confidential AI Framework (GitHub)](https://github.com/dstack-group/dstack)
* [AI Security Analyzer (GitHub)](https://github.com/xvnpw/ai-security-analyzer)
* [SaTML LLM CTF Codebase (GitHub)](https://github.com/ethz-spylab/satml-llm-ctf)
# DevSecOps
## **Books & Whitepapers**
**Books**
- [The DevOps Handbook: How to Create World-Class Agility, Reliability, and Security](https://www.amazon.com/DevOps-Handbook-World-Class-Reliability-Organizations/dp/1942788002)
- [DevSecOps: A leader’s guide to producing secure software](https://www.amazon.com/DevSecOps-producing-compromising-continuous-improvement/dp/1781335028)
- [Learning DevSecOps: A Practical Guide to Processes and Tools](https://www.amazon.com/Learning-DevSecOps-Practical-Guide-Processes/dp/1098144864)
- [Securing DevOps: Security in the Cloud](https://www.amazon.com/Securing-DevOps-Security-Julien-Vehent/dp/1617294136)
- [The DevSecOps Playbook: Deliver Continuous Security at Speed](https://www.amazon.com/DevSecOps-Playbook-Deliver-Continuous-Security/dp/1394169795)
- [Implementing DevSecOps Practices](https://www.amazon.com/Implementing-DevSecOps-Practices-Supercharge-excellence/dp/1803231491)
- [Hands-On Security in DevOps](https://www.amazon.com/Hands-Security-DevOps-continuous-deployment/dp/1788995503)
- [Container Security: Fundamental Technology Concepts](https://www.amazon.com/Container-Security-Fundamental-Technology-Containerized/dp/1492056707)
- [Software Supply Chain Security](https://www.amazon.com/Software-Supply-Chain-Security-End/dp/1098133706)
- [Security as Code: DevSecOps Patterns with AWS](https://www.amazon.com/Security-Code-DevSecOps-Patterns-AWS/dp/1492081124)
- [Epic Failures in DevSecOps](https://www.amazon.com/Epic-Failures-DevSecOps-Mark-Miller/dp/1728806992)
- [Alice and Bob Learn Application Security](https://www.wiley.com/en-gb/Alice+and+Bob+Learn+Application+Security-p-9781119687405)
- [Microservices Security in Action](https://www.google.com/search?q=https://www.amazon.com/Microservices-Security-Action-Prabath-Siriwardena/dp/1617295922)
- [DevSecOps in Oracle Cloud](https://www.oreilly.com/library/view/devsecops-in-oracle/9780138029777/)
- [DevSecOps for Azure](https://www.amazon.com/DevSecOps-Azure-End-end-security/dp/1837631115)
- [Mastering DevSecOps](https://www.amazon.com/Mastering-DevSecOps-Comprehensive-Become-Expert/dp/B0CGYQ1QCJ)
- [DevSecOps for .NET Core](https://www.amazon.com/DevSecOps-NET-Core-Securing-Applications/dp/1484258495)
- [Practical Security Automation and Testing](https://www.amazon.com/Practical-Security-Automation-Testing-techniques/dp/1789802024)
**Whitepapers**
- [DoD Enterprise DevSecOps Reference Design v2.0 (PDF)](https://dodcio.defense.gov/Portals/0/Documents/Library/DevSecOpsReferenceDesign.pdf)
- [MITRE: DevSecOps Security Test Automation Briefing (PDF)](https://www.mitre.org/sites/default/files/2021-11/prs-19-0769-devsecops-security-test-automation-briefing.pdf)
- [NIST SP 800-204: Security Strategies for Microservices (PDF)](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-204.pdf)
- [CSA: The Six Pillars of DevSecOps](https://cloudsecurityalliance.org/artifacts/six-pillars-of-devsecops)
- [CSA: DevSecOps Automated Security Testing](https://www.google.com/search?q=https://cloudsecurityalliance.org/artifacts/devsecops-automated-security-testing)
- [Integrating Security into CI/CD Pipelines: A DevSecOps Approach with SAST, DAST, and SCA Tools (ResearchGate)](https://www.researchgate.net/publication/390459514_Integrating_Security_into_CICD_Pipelines_A_DevSecOps_Approach_with_SAST_DAST_and_SCA_Tools)
## **Courses**
- [SANS SEC540: Cloud Native Security and DevSecOps Automation](https://www.sans.org/cyber-security-courses/cloud-native-security-devsecops-automation/)
- [Practical DevSecOps: Certified DevSecOps Professional (CDP)](https://www.practical-devsecops.com/certified-devsecops-professional/)
- [OffSec: DevSecOps Essentials (OS-210)](https://www.offsec.com/learning/paths/devsecops-essentials/)
- [Linux Foundation: Implementing DevSecOps (LFS262)](https://training.linuxfoundation.org/training/implementing-devsecops-lfs262/)
- [Linux Foundation: Developing Secure Software (LFD121)](https://training.linuxfoundation.org/training/developing-secure-software-lfd121/)
- [Coursera: IBM DevOps and Software Engineering Professional Certificate](https://www.coursera.org/professional-certificates/devops-and-software-engineering)
- [Coursera: Cybersecurity in the Cloud Specialization (Univ. of Minnesota)](https://www.google.com/search?q=https://www.coursera.org/specializations/cyber-security-cloud)
- [Udemy: DevSecOps & DevOps with Jenkins, Kubernetes, Terraform & AWS](https://www.udemy.com/course/devsecops-with-terraform-kubernetes-jenkins-aws/)
- [Udemy: Ultimate DevSecOps Bootcamp by School of Devops](https://www.udemy.com/course/ultimate_devsecops_bootcamp/)
- [Pluralsight: DevSecOps - The Big Picture](https://www.pluralsight.com/courses/devsecops-big-picture)
- [LinkedIn Learning: DevSecOps - Automated Security Testing](https://www.linkedin.com/learning/devsecops-automated-security-testing)
- [Codecademy: DevSecOps Principles](https://www.codecademy.com/learn/ext-courses/devsecops-principles-from-devops-to-devsecops)
- [EC-Council: Certified DevSecOps Engineer (E|CDE)](https://www.eccouncil.org/programs/certified-devsecops-engineer-ecde/)
- [DevOps Institute: DevSecOps Foundation (DOF)](https://www.devopsinstitute.com/certifications/devsecops-foundation/)
- [DevOps Institute: DevSecOps Practitioner (DOP)](https://www.devopsinstitute.com/certifications/devsecops-practitioner/)
- [EXIN: DevSecOps Professional](https://www.exin.com/certifications/exin-devsecops-professional-exam)
- [NotSoSecure: DevSecOps Training](https://notsosecure.com/security-training/devsecops-training)
- [Udemy: DevSecOps - Kubernetes DevOps & Security](https://www.udemy.com/course/kubernetes-devsecops/)
- [IGM Guru: DevSecOps Training with Certification](https://www.igmguru.com/cloud-computing/devsecops-training)
- [Security Compass: DevSecOps Training](https://www.securitycompass.com/blog/top-devsecops-training-courses/)
## **Labs**
- [TryHackMe: DevSecOps Path](https://tryhackme.com/path/outline/devsecops)
- [OWASP Juice Shop](https://owasp.org/www-project-juice-shop/)
- [Kontra: DevSecOps Interactive Training](https://application.security/free-application-security-training)
- [SecureFlag](https://www.secureflag.com/)
- [Punk Security DevSecOps CTF](https://punksecurity.co.uk/ctf/2024/)
- [DevSecOps Home Lab (DevSecBlueprint)](https://www.devsecblueprint.com/projects/devsecops-home-lab/)
- [Practical DevSecOps Platform Labs](https://portal.practical-devsecops.training/)
- [OWASP WebGoat](https://owasp.org/www-project-webgoat/)
- [DVWA (Damn Vulnerable Web Application)](https://github.com/digininja/DVWA)
- [Kubernetes Goat](https://github.com/madhuakula/kubernetes-goat)
- [CI/CD Goat](https://github.com/cider-security-research/cicd-goat)
## **Blogs & Series**
- [Red Hat Developer: DevSecOps Topics & Resources](https://developers.redhat.com/topics/devsecops#devsecops)
- [RSA Conference Blog: Combining DAST with SAST for Holistic Coverage](https://www.rsaconference.com/library/blog/combining-dast-with-sast-for-holistic-application-security-coverage)
- [AWS Security Blog](https://aws.amazon.com/blogs/security/)
- [Google Cloud Security Blog](https://cloud.google.com/blog/products/identity-security)
- [GitLab Blog: DevSecOps](https://about.gitlab.com/blog/categories/devsecops/)
- [Snyk Blog](https://snyk.io/blog/)
- [Practical DevSecOps: Top 15 DevSecOps Best Practices for 2025](https://www.practical-devsecops.com/devsecops-best-practices/)
- [GeeksforGeeks: 10 DevSecOps Best Practices for 2025](https://www.geeksforgeeks.org/devops/devsecops-best-practices/)
- [Pynt.io: DevSecOps Principles, Tools, and Best Practices [2025 Guide]](https://www.pynt.io/learning-hub/devsecops/devsecops-principles-tools-and-best-practices-2025-guide)
- [Codefresh: Top 10 DevSecOps Best Practices for 2025](https://codefresh.io/learn/devsecops/devsecops-best-practices/)
- [Check Point: Top 10 DevSecOps Best Practices](https://www.checkpoint.com/cyber-hub/cloud-security/devsecops/10-devsecops-best-practices/)
- [Tigera: 5 DevSecOps Best Practices You Must Implement](https://www.tigera.io/learn/guides/devsecops/devsecops-best-practices/)
- [DevSecOps Guides: Simple Guide for Development and Operation](https://www.devsecopsguides.com/)
- [ChaosSearch: 5 DevSecOps Checklists for Advanced Techniques in 2025](https://www.chaossearch.io/blog/checklists-for-advanced-devsecops-techniques)
- [AWS DevOps Blog: Building End-to-End AWS DevSecOps CI/CD Pipeline](https://aws.amazon.com/blogs/devops/building-end-to-end-aws-devsecops-ci-cd-pipeline-with-open-source-sca-sast-and-dast-tools/)
- [Medium: Mastering DevSecOps - Building a Secure End-to-End Pipeline](https://medium.com/@mayankarya837/mastering-devsecops-building-a-secure-end-to-end-modern-pipeline-security-with-sast-dast-sca-4469117cd5c2)
- [Wiz Academy: 11 DevSecOps Tools and Top Use Cases in 2025](https://www.wiz.io/academy/devsecops-tools)
- [StationX: 25 Top DevSecOps Tools - Ultimate Guide for 2025](https://www.stationx.net/top-devsecops-tools/)
- [Codefresh: 15 DevSecOps Tools to Know in 2025](https://codefresh.io/learn/devsecops/15-devsecops-tools-to-know-in-2025/)
- [Spacelift: 21 Best DevSecOps Tools and Platforms for 2025](https://spacelift.io/blog/devsecops-tools)
- [Atlassian: DevSecOps Tools Guide](https://www.atlassian.com/devops/devops-tools/devsecops-tools)
- [Escape: Top 10 DAST Tools for DevSecOps - Tested in CI/CD (2025)](https://escape.tech/blog/top-dast-tools/)
- [Jit: Top 10 DAST Tools for 2025](https://www.jit.io/resources/appsec-tools/top-dast-tools-for-2024)
- [Kiuwan: Application Security Tools Comparison](https://www.kiuwan.com/blog/application-security-tools-comparison/)
- [TechTarget: Compare SAST vs. DAST vs. SCA for DevSecOps](https://www.techtarget.com/searchsecurity/tip/Understanding-3-key-automated-DevSecOps-tools)
## **Presentations & Conferences**
- [Black Hat USA 2019: DevSecOps - What, Why, And How (PDF)](https://i.blackhat.com/USA-19/Thursday/us-19-Shrivastava-DevSecOps-What-Why-And-How.pdf)
- [RSAC 2025: DevSecOps Revolution - Unleashing Generative AI](https://www.