InfoSec Reference
Goal:
- The goal of this project is to act as a free resource for anyone interested in learning more about Information Security.
- A list of techinques, tools and tactics to learn from or reference.
- Rich resource of infosec knowledge for anyone to browse through as a jumping off point for various niches OR as a reference/recall method for stuff.
- Something like a "Yellow Pages" in the sense of you know something exists, but what was it called....
- 'If you give a man a fish, he is hungry again in an hour. If you teach him to catch a fish, you do him a good turn.'
- To be clear, these aren't personal notes. I keep this repo maintained as a way of having pointers to information that I feel might help build someone's skillset or increase their understanding of attacks/methods/defenses.
- This project is not meant to condone illegal or malicious activities.
- For a HTML version of this reference, check out: https://rmusser.net/docs(I'm not a webdev. Can you tell?).
- For latest content updates, check the git history.
- Want to contribute a link?
- Anything relevant that isn't already in or covered would be/is appreciated.
- If this resource has helped you in any way(and didn't increase your frustration), please consider making a donation to Doctors Without Borders or Amnesty International.
Index - Table of Contents
- Pre-ATT&CK
- ATT&CK Stuff
- Attacking & Securing Active Directory
- Anonymity/OpSec/Privacy
๐ฐ Basic Security Information๐ฐ - BIOS/UEFI/Firmware Attacks/Defense
๐จ Building a Testing Lab๐จ ๐ Car hacking๐ ๐ธ Career๐ธ - Cheat Sheets
- Cloud
๐น Conferences/Recordings๐น ๐ฑ Containers๐ฑ โญ Courses & Trainingโญ ๐ฒ Cryptography & Encryption๐ฒ ๐ CTFs & Wargames๐ - Darknets
- Data Anaylsis & Visualization
๐ Defense๐ ๐ฐ Documentation & Reporting๐ฐ - Embedded Device Security
- Exfiltration
๐ Exploit Development๐ - Forensics & Incident Response
๐ Fuzzing & Bug Hunting๐ ๐ฎ Game Hacking๐ฎ ๐ฏ Honeypots๐ฏ - Interesting Things & Useful Information
- Logging, Monitoring, & Threat Hunting
๐ Malware๐ โ ๏ธ Network Attacks & Defenseโ ๏ธ ๐ฉ Network Security Monitoring & Logging๐ฉ ๐ญ Open Source Intelligence Gathering - OSINT๐ญ - Passwords
๐ฃ Phishing๐ฃ ๐ช Physical Security๐ช - Privilege Escalation and Post-Exploitation
- AppSec/Programming Stuff
๐ Rants & Writeups๐ ๐ฎ Red Teaming/Penetration Testing Stuff๐ฎ - REMATH Reverse Engineering
- Reverse Engineering
- Rootkits
๐ Social Engineering๐ ๐ฉ System Internals (Linux/Windows)๐ฉ - Threat Modeling
๐ฅ UI/UX Design๐ฅ ๐ป Web๐ป ๐ถ Wireless Networks and RF Devices๐ถ - Notable Policy Docs
-
A Quote:
- "
As the Americans learned so painfully in Earth's final century, free flow of information is the only safeguard against tyranny. The once-chained people whose leaders at last lose their grip on information flow will soon burst with freedom and vitality, but the free nation gradually constricting its grip on public discourse has begun its rapid slide into despotism. Beware of he who would deny you access to information, for in his heart he dreams himself your master."
- Commissioner Pravin Lal, Peacekeeping Forces (Alpha Centauri, 1999)
- "
-
Another Quote:
"Nowhere does Bokonon warn against a personโs trying to discover the limits of his karass and the nature of the work God Almighty has had it do. Bokonon simply observes that such investigations are bound to be incomplete. In the autobiographical section of The Books of Bokanon he writes a parable on the folly of pretending to discover, to understand: I once knew an Episcopalian lady in Newport, Rhode Island, who asked me to design and build a doghouse for her Great Dane. The lady claimed to understand God and His Ways of Working perfectly. She could not understand why anyone should be puzzled about what had been or about what was going to be. And yet, when I showed her a blueprint of the doghouse I proposed to build, she said to me, โIโm sorry, but I never could read one of those things.โ โGive it to your husband or your minister to pass on to God,โ I said, โand, when God finds a minute, Iโm sure heโll explain this doghouse of mine in a way that even you can understand.โ She fired me. I shall never forget her. She believed that God liked people in sailboats much better than He liked people in motorboats. She could not bear to look at a worm. When she saw a worm, she screamed. She was a fool, and so am I, and so is anyone who thinks he sees what God is Doing, [writes Bokonon].
- Cat's Cradle(The Books of Bokonon), Kurt Vonnegut
-
Thucydides, The Peloponnesian War - Athenian envoys:
For ourselves, we shall not trouble you with specious pretencesโeither of how we have a right to our empire because we overthrew the Mede, or are now attacking you because of wrong that you have done usโand make a long speech which would not be believed; and in return we hope that you, instead of thinking to influence us by saying that you did not join the Lacedaemonians, although their colonists, or that you have done us no wrong, will aim at what is feasible, holding in view the real sentiments of us both; since you know as well as we do that right, as the world goes, is only in question between equals in power, while the strong do what they can and the weak suffer what they must.