GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → irgoncalves → awesome-security-articles

irgoncalves / awesome-security-articles

Licence: other
This repository contains links to awesome security articles.

Labels

windowscybersecurityappseccloudsecurity

Projects that are alternatives of or similar to awesome-security-articles

SSI Extra Materials
In my computer security courses I make extensive usage of cheatsheets for various tools and extra materials to complement the student learning if they are willing to do so. I have decided to share them to enable others to take advantage of them
Stars: ✭ 42 (+27.27%)
Mutual labels:  cybersecurity, appsec
Payloads
Git All the Payloads! A collection of web attack payloads.
Stars: ✭ 2,862 (+8572.73%)
Mutual labels:  cybersecurity, appsec
tutorials
Additional Resources For Securing The Stack Tutorials
Stars: ✭ 36 (+9.09%)
Mutual labels:  cybersecurity, appsec
CloudFrontier
Monitor the internet attack surface of various public cloud environments. Currently supports AWS, GCP, Azure, DigitalOcean and Oracle Cloud.
Stars: ✭ 102 (+209.09%)
Mutual labels:  cybersecurity, cloudsecurity
GDPatrol
A Lambda-powered Security Orchestration framework for AWS GuardDuty
Stars: ✭ 50 (+51.52%)
Mutual labels:  cybersecurity, cloudsecurity
Awesome-CyberSec-Resources
An awesome collection of curated Cyber Security resources(Books, Tutorials, Blogs, Podcasts, ...)
Stars: ✭ 273 (+727.27%)
Mutual labels:  cybersecurity
phishEye
phishEye is an ultimate phishing tool in python. Includes popular websites like Facebook, Twitter, Instagram, LinkedIn, GitHub, Dropbox, and many others. Created with Flask, custom templates, and tunneled with ngrok and localhost.run.
Stars: ✭ 47 (+42.42%)
Mutual labels:  cybersecurity
Gnuradio
GNU Radio – the Free and Open Software Radio Ecosystem
Stars: ✭ 3,297 (+9890.91%)
Mutual labels:  cybersecurity
conti-pentester-guide-leak
Leaked pentesting manuals given to Conti ransomware crooks
Stars: ✭ 772 (+2239.39%)
Mutual labels:  cybersecurity
conclave
Query compiler for secure multi-party computation.
Stars: ✭ 86 (+160.61%)
Mutual labels:  cybersecurity
Oblivion
Data leak checker & OSINT Tool
Stars: ✭ 237 (+618.18%)
Mutual labels:  cybersecurity
py-scripts-other
A collection of some of my scripts
Stars: ✭ 79 (+139.39%)
Mutual labels:  cybersecurity
tryhackme-ctf
TryHackMe CTFs writeups, notes, drafts, scrabbles, files and solutions.
Stars: ✭ 140 (+324.24%)
Mutual labels:  cybersecurity
Ntlmrecon
Enumerate information from NTLM authentication enabled web endpoints 🔎
Stars: ✭ 252 (+663.64%)
Mutual labels:  cybersecurity
ehtk
Ethical Hacking Toolkit is a collection of tools, cheat sheets, and resources for Ethical hackers, Penetration Tester, and Security Researchers etc. It contains almost all tools mentioned in CEH, OSCP, eCPPT and PNPT
Stars: ✭ 59 (+78.79%)
Mutual labels:  cybersecurity
Labtainers
Labtainers: A Docker-based cyber lab framework
Stars: ✭ 226 (+584.85%)
Mutual labels:  cybersecurity
Intel-One
Command line tool for passive reconnaissance, able to gather and link public information to a target domain, company or individual. It can make intelligence gathering faster and more effective by drastically reducing manual user interaction. This is achieved through the engineering of a highly customisable single input to multiple output solutio…
Stars: ✭ 23 (-30.3%)
Mutual labels:  cybersecurity
reosploit
A Tool that Finds, Enumerates, and Exploits Reolink Cameras.
Stars: ✭ 89 (+169.7%)
Mutual labels:  cybersecurity
vulndb-data-mirror
A simple Java command-line utility to mirror the entire contents of VulnDB.
Stars: ✭ 36 (+9.09%)
Mutual labels:  appsec
jerseyctf-2021-challenges
JerseyCTF 2021
Stars: ✭ 22 (-33.33%)
Mutual labels:  cybersecurity
View All Similar Projects ➔

Awesome Security Articles

A curated list of awesome articles, papers, presentations, practices and blog posts from security independent researchers, students, vendors etc. There are plenty of resources available on the internet from conferences, universities, vendors etc. and those listed below are the ones I have read (probably recently), enjoyed and of course, remembered!

Disclaimer

All the contents of this list are public and mostly free, use them for educational purpose only.

Application Security

2019 - Acunetix - A Fresh Look On Reverse Proxy Related Attacks
2021 - Alex Birsan - Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies
2021 - Assetnote - A glossary of blind SSRF chains
2019 - Asif Durani - Remode Command Execution with EL Injection Vulnerabilities
2017 - Auth0 - JWT Handbook
2020 - Brisk Infosec - Host header attack
2020 - Bishop Fox - An exploration of JSON interoperability vulnerabilities
2018 - Carnige Mellon - Threat Modeling: 12 available methods
2022 - Claroty - {JS-ON: Security-OFF}: Abusing JSON-Based SQL to Bypass WAF
2020 - Cobalt Strike - A pentester's guide to Server Side Template Injection - SSTI
2019 - CPDoS - CPDoS: cache poisoned denial of service
2023 - Cuybervelia - GraphQL exploitation - all you need to know
2017 - F5 - NGINX Cookbook (part 2): Advanced recipes for security
2018 - F5 - Abusing Googlebot services to delivery crypt-mining malware
2020 - F5 - Turing in his grave: what human CAPTCHA solvers reveal about control design
2021 - Flyio - API Tokens: a tedius survey
2019 - Google - How effective is basic account hygiene at preventing hijacking
2022 - Hacktricks - Hop-by-hop headers
2018 - Hackernoon - 10 common security gotchas in Python and how to avoid them
2021 - Hiroki Suezawa - Attacking and Securing CI/CD Pipeline
2021 - Intruder.io - Practical HTTP Header Smuggling: Sneaking Past Reverse Proxies to Attack AWS and Beyond
2019 - JSSEC - Android application secure design/secure coding guidebook
2017 - Joao Matos - An overview of deserialization vulnerabilities in Java Virtual Machine (JVM)
2017 - Joao Matos - Um overview sobre as bases das falhas de desserialização nativa na JVM
2008 - LearnJSF - Securing JSF against the OWASP Top Ten
2018 - Microsoft - Learn how to add continuous security validation to your CI/CD pipeline
2017 - NCCGroup - Request encoding to bypass web application firewall
2019 - NCCGroup - Common Security Issues in FinanciallyOriented Web Applications
2021 - NCCGroup - SAML XML Injection
2019 - Nordic APIS - Everything you need to know about API rate limiting
2017 - Orange Tsai - A new era of SSRF - exploiting URL parser in trending programming languages!
2018 - Orange Tsai - Breaking parser logic!
2022 - Payatu - Prototype pollution 101
2016 - Peking University - Targeted online password guessing: an underestimate threat
2021 - Polaridius - Python Vulnerabilities: code execution in Jinja Templates
2017 - PortSwigger - Cracking the lens: targeting HTTP's hidden attack-surface
2018 - PortSwigger - Practical web cache poisoning
2021 - PortSwigger - Hidden OAuth attack vectors
2022 - PortSwigger - Making HTTP header injection critical via response queue poisoning
2016 - Prabath Siriwardena - JWT, JWS and JWE for Not So Dummies! (Part I)
2012 - SafeCODE - Practical security stories for Agile development environments
2016 - Sec-1 - Hunting postMessage vulnerabilities
2022 - Somdev Sangwa - Bypassing Modsecurity for RCEs 2013 - SkeletonScribe - Practical HTTP Host header attacks
2022 - Synack - Exploits Explained: 5 Unusual Authentication Bypass Techniques
2013 - Synacktiv - JSF ViewState upside-down
2020 - Telekom Security - Smuggling HTTP headers throught reverse proxies
2020 - Tempest Security - HTML to PDF converters, can I hack them?
2017 - Wallarm - SSRF bible
2019 - Zeddyu - Help you understand HTTP Smuggling in one article

Network Security / General Security

2020 - Plextrac - Writing a killer penetration test report
2020 - SANS - The ultimate list of SANS cheatsheet
2022 - SEC Consult - Melting the DNS Iceberg: Taking over your infrastructure Kaminsky style

Windows Security

2016 - Adsecurity.org - Attack methods for gaining Domain Admin rights in Active Directory
2018 - Adsecurity.org - Unofficial guide to Mimikatz & command reference
2020 - CERT-FR - Active Directory security assessment checklist
2021 - Eloy Gonzales - Attacking Active Directory: 0 to 0.9
2017 - Harmj0y - Pass-the-Hash is dead: long live LocalAccountTokenFilterPolicy
2020 - Infosecmatter - Top 16 Active Directory vulnerabilities
2020 - Microsoft - Security Documentation
2020 - Positive Technologies - Attacking MS Exchange web interfaces
2019 - Shellz.club - Pass-the-Hash with RDP in 2019

Linux Security

2019 - ANSSI - Configuration recommendation of a GNU/Linux System

Cloud Security

2016 - Amazon - AWS Security best practices
2021 - Astra - Complete Guide on AWS Security Audit
2020 - Gitlab - Tutorial on privilege escalation and post exploitation tactics in Google Cloud Platform environments
2022 - NCCGroup - A Guide to improving security through Infrastructure-as-Code
2020 - Microsoft - Security Documentation
2021 - SANS - Pratical Guide to Security in the AWS Cloud
2021 - SideChannel- Enumerating Services in AWS Accounts in an Anonymous and Unauthenticated Manner

Container Security

2019 - Trend Micro - Why running a privileged container in docker is a bad idea

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].