pastebin - collaborative debugging tool
secsav.kpaste.net RSS


Untitled
Posted by Anonymous on Thu 5th Mar 2015 11:30
raw | new post
modification of post by Anonymous (view diff)

  1. [[[ WiFi YT vids ]]]
  2.  
  3. https://www.youtube.com/user/NeedSec
  4. https://www.youtube.com/user/Raventattoo/videos
  5. https://www.youtube.com/user/Cyb3rw0rM1/videos
  6.  
  7. # GUI frontend to reaver
  8. http://sourceforge.net/projects/wpscrackgui/
  9.  
  10.  
  11. ---
  12. # HSM from a Raspberry Pi
  13. http://cryptosense.com/building-a-raspberry-pi-hsm-for-rsa-2014/
  14.  
  15. # Shredding files recursively into directories
  16. http://www.linuxforums.org/forum/miscellaneous/46693-how-shred-entire-directory-tree.html#post257616
  17.  
  18. # Backdoor anything
  19. http://www.reddit.com/r/netsec/comments/2az8z2/the_backdoor_factory_backdoor_just_about_any/
  20.  
  21. # OpenBSD lol
  22. http://bbs.progrider.org/prog/read/1383465168
  23.  
  24. # /g/ has root to NSA
  25. http://archive.rebeccablacktech.com/g/thread/S39950951#p39950951
  26.  
  27. # Scan the whole Internet in under 45 minutes!
  28. https://zmap.io/
  29.  
  30. # Subterfuge - Automated MITM Framework
  31. https://code.google.com/p/subterfuge/
  32.  
  33. # Telegram
  34. http://www.thoughtcrime.org/blog/telegram-crypto-challenge/
  35.  
  36. # Entropy as fuck
  37. http://gamesbyemail.com/news/diceomatic
  38. http://www.random.org/
  39.  
  40. # List of resources
  41. https://github.com/enaqx/awesome-pentest
  42.  
  43.  
  44.  
  45. [[[ (Anti) Forensics ]]]
  46. # The truth about – How to securely erase a Solid State Drive (SSD) (skrilnetz.net)
  47. http://www.reddit.com/r/linux/comments/2etx24/the_truth_about_how_to_securely_erase_a_solid/
  48.  
  49. # Inception - search RAM contents for interesting stuff
  50. http://www.breaknenter.org/projects/inception/
  51.  
  52.  
  53.  
  54. [[[ Basic Linux sec ]]]
  55. # Linux 2FA
  56. http://www.reddit.com/r/linux/comments/2b4u4n/2_factor_authentication_backup_2fa_software_for/
  57. # OTP (GAuth) @ CLI
  58. http://otp.readthedocs.org/en/latest/
  59.  
  60. # LUKS data encryption
  61. http://www.reddit.com/r/linux/comments/2bgnwp/encrypt_your_data_using_luks/
  62.  
  63. # iptables
  64. https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/sect-Security_Guide-IPTables.html
  65. http://www.linuxtopia.org/online_books/centos_linux_guides/centos_linux_security_guide/s1-fireall-ipt-act.html
  66. http://www.cyberciti.biz/faq/rhel-fedorta-linux-iptables-firewall-configuration-tutorial/
  67. http://diaryproducts.net/about/operating_systems/unix/nmap_port_scanner_iptables_firewall
  68. http://blog.commandlinekungfu.com/2014/01/episode-174-lightning-lockdown.html
  69.  
  70. https://wiki.ubuntu.com/BasicSecurity
  71. https://wiki.archlinux.org/index.php/Dm-crypt/Specialties#Securing_the_unencrypted_boot_partition
  72.  
  73. # Hardened Gentoo
  74. http://www.proteansec.com/forensics/gentoo-hardening-part-1-introduction-hardened-profile-2/
  75.  
  76.  
  77. [ SELinux ]
  78. # From #centos
  79. Useful resources for SELinux: http://wiki.centos.org/HowTos/SELinux
  80. http://wiki.centos.org/TipsAndTricks/SelinuxBooleans
  81. http://docs.fedoraproject.org/en-US/Fedora/13/html/Security-Enhanced_Linux/
  82. http://fedorasolved.org/security-solutions/selinux-module-building
  83. http://www.youtube.com/watch?v=bQqX3RWn0Yw
  84. http://opensource.com/business/13/11/selinux-policy-guide
  85.  
  86. http://wiki.centos.org/HowTos/SELinux
  87. http://beginlinux.com/server_training/web-server/976-apache-and-selinux
  88. http://docs.fedoraproject.org/en-US/Fedora/13/html/Managing_Confined_Services/
  89.  
  90. http://www.reddit.com/r/linux/comments/23a2tg/the_selinux_coloring_book/
  91.  
  92. # CentOS
  93. http://wiki.centos.org/HowTos/OS_Protection
  94.  
  95.  
  96.  
  97. [[[ Physical & Vicinity ]]]
  98. # Physical
  99. http://www.reddit.com/r/linux/comments/1zi10c/laptop_security_best_practices_what_do_you_do/
  100. http://www.reddit.com/r/netsec/comments/l91d5/physical_laptop_security/
  101.  
  102. # Radio attack
  103. http://secsav.kpaste.net/aff492d
  104.  
  105. # BadUSB
  106. https://www.reddit.com/r/netsec/comments/2c9otm/badusb/
  107. https://www.reddit.com/r/netsec/comments/2i6vvh/badusb_the_unpatchable_malware_that_infects_usbs/
  108. https://www.reddit.com/r/netsec/comments/2s1gb2/opensource_usb_exploitation_library_teensyduino/
  109.  
  110.  
  111.  
  112. [[[ Theory ]]]
  113. # ECC Primer
  114. http://blog.cloudflare.com/a-relatively-easy-to-understand-primer-on-elliptic-curve-cryptography
  115. http://arstechnica.com/security/2013/10/a-relatively-easy-to-understand-primer-on-elliptic-curve-cryptography/2/
  116. http://blog.serverfault.com/2011/12/12/a-studied-approach-at-wifi-part-1/
  117. http://safecurves.cr.yp.to/
  118.  
  119.  
  120. [ GPG / PGP ]
  121. http://www.gnupg.org/documentation/index.html
  122. http://www.thedrinkingrecord.com/pgpgpg-guide/
  123. http://www.dewinter.com/gnupg_howto/english/GPGMiniHowto.html
  124. https://futureboy.us/pgp.html
  125. http://moser-isi.ethz.ch/gpg.html
  126.  
  127. # Intro tutorial blogpost
  128. https://www.reddit.com/r/linux/comments/2jhem8/how_to_verify_the_authenticity_and_integrity_of_a/
  129.  
  130. # Key security
  131. https://wiki.debian.org/Subkeys?action=show&redirect=subkeys
  132.  
  133. # Best practice
  134. https://alexcabal.com/creating-the-perfect-gpg-keypair/
  135.  
  136.  
  137. [[[ Wikipedia ]]]
  138. https://en.wikipedia.org/wiki/Data_remanence
  139. http://en.wikipedia.org/wiki/PA-DSS
  140.  
  141.  
  142.  
  143. [[[ WebSec ]]]
  144.  
  145. # SSL easy copy pasta
  146. http://www.reddit.com/r/sysadmin/comments/271g4m/cipherlist_strong_copypaste_ssl_configuration_for/
  147.  
  148. # Strong SSL Security on Apache2 (raymii.org)
  149. https://www.reddit.com/r/linux/comments/2urhmt/strong_ssl_security_on_apache2/
  150.  
  151. # Want to use my wifi? (cookie spoofing, MITM etc.)
  152. http://thejh.net/written-stuff/want-to-use-my-wifi?
  153.  
  154. http://www.amanhardikar.com/mindmaps/Practice.html
  155.  
  156. # The Web Application Vulnerability Scanners Benchmark
  157. http://sectooladdict.blogspot.se/2014/02/wavsep-web-application-scanner.html?m=1
  158.  
  159. # Bypassing WAF's
  160. http://www.reddit.com/r/netsec/comments/20uhgh/bypassing_web_application_firewalls_using_http/
  161.  
  162. # Hardening WordPress
  163. http://codex.wordpress.org/Hardening_WordPress
  164. http://halfelf.org/2013/false-security/
  165. http://www.esecurityplanet.com/open-source-security/top-5-wordpress-vulnerabilities-and-how-to-fix-them.html
  166. https://wordpress.org/plugins/better-wp-security/
  167. http://wordpress.org/plugins/bulletproof-security/
  168. https://www.reddit.com/r/AskNetsec/comments/2mbpj5/best_practices_for_web_server_hardening/
  169.  
  170. # A seemingly innocent PHP vuln
  171. http://danuxx.blogspot.de/2013/03/unauthorized-access-bypassing-php-strcmp.html
  172.  
  173. # JS crypto / sec
  174. http://www.reddit.com/r/netsec/comments/21ebv7/mylar_encryptdecrypt_your_webapp_data_in_users/
  175. http://nosql.mypopescu.com/post/14453905385/attacking-nosql-and-node-js-server-side-javascript
  176.  
  177. # Mega.co.nz weakness (MegaPWN)
  178. https://www.reddit.com/r/netsec/comments/1lo48d/megapwn_bookmarklet_to_recover_your_secret_mega/
  179.  
  180.  
  181. ---
  182.  
  183. http://www.danielmiessler.com/study/infosec_interview_questions/
  184.  
  185.  
  186. [[[ CryptoLocker ]]]
  187. http://www.bleepingcomputer.com/forums/t/547708/torrentlocker-ransomware-cracked-and-decrypter-has-been-made/
  188.  
  189.  
  190.  
  191.  
  192. [[[ Talks & Other videos ]]]
  193. http://makehacklearn.org/2014/03/06/trustycon-videos/
  194.  
  195.  
  196.  
  197. ---
  198.  
  199. [[[ Reddit ]]]
  200.  
  201. # How to sign kernel for UEFI Secure Boot.
  202. http://www.reddit.com/r/linux/comments/1mw1xb/state_of_securely_booting_linux/
  203.  
  204. # SSL/TLS Deployment Best Practices
  205. http://www.reddit.com/r/netsec/comments/1mn2nk/ssltls_deployment_best_practices/
  206.  
  207.  
  208. [ SSH hardening ]
  209. http://www.reddit.com/r/linux/comments/1yfvm9/hardening_ssh_servers/
  210. http://www.reddit.com/r/linux/comments/2cwakx/the_ultimate_guide_to_hardening_ssh_with_ssh/
  211. # Ever wonder what makes the new ssh-certificate authentication different from ssh-pubkey? This guide explains that and how to use it effectively. (neocri.me)
  212. http://redd.it/1zmsi2
  213. # Security Practices for OpenSSH Server (theittutorial.blogspot.com)
  214. https://www.reddit.com/r/linux/comments/2t7cwm/security_practices_for_openssh_server/
  215.  
  216.  
  217.  
  218. # Linux sec
  219. http://www.reddit.com/r/linux/comments/1oobkf/what_kind_of_antimalware_exists_for_linux/
  220.  
  221. # How does the Shellshock exploit work?
  222. http://fedoramagazine.org/shellshock-how-does-it-actually-work/
  223.  
  224. # OS under a OS
  225. http://www.reddit.com/r/linux/comments/1qib6u/the_second_proprietary_operating_system_hiding_in/
  226.  
  227. # grsec patches explained
  228. http://www.reddit.com/r/netsec/comments/renu4/grsecurity_pax_configuration_options_explained/
  229.  
  230. # 4 HTTP security headers you should always be using (ibuildings.nl)
  231. http://www.reddit.com/r/netsec/comments/1vztlh/4_http_security_headers_you_should_always_be_using/
  232.  
  233. # Show r/netsec: reveal your true IP address behind proxy/NATs using WebRTC (Firefox/Chrome) (jsfiddle.net)
  234. http://www.reddit.com/r/netsec/comments/1vzsnn/show_rnetsec_reveal_your_true_ip_address_behind/
  235. https://www.reddit.com/r/netsec/comments/2ts3qm/get_local_and_public_ip_addresses_in_javascript/
  236. http://net.ipcalf.com/
  237.  
  238.  
  239. # How I got root with Sudo (securusglobal.com)
  240. http://www.reddit.com/r/netsec/comments/20mftq/how_i_got_root_with_sudo/
  241.  
  242. # Hardening a Linux server (self.linux)
  243. http://www.reddit.com/r/linux/comments/1xxpap/hardening_a_linux_server/
  244.  
  245. # Security of Debian?
  246. http://www.reddit.com/r/linux/comments/1xfuqb/debian_74_relased/cfbwunr
  247.  
  248. # Sidestep Wireless Logins by Routing All Traffic Through Measly Little Ping Packets (getpostdelete.com)
  249. http://www.reddit.com/r/linux/comments/22tsil/sidestep_wireless_logins_by_routing_all_traffic/
  250.  
  251. # Why Linux is better for infosec?
  252. http://www.reddit.com/r/linux/comments/22xece/why_is_linux_better_for_infosecsysadmins/
  253.  
  254. # Wayland is NOT immune to keyloggers (self.linux)
  255. http://www.reddit.com/r/linux/comments/23mj49/wayland_is_not_immune_to_keyloggers/
  256.  
  257. # What routines have you in place to keep your linux server secure and up to date? (self.linux)
  258. http://www.reddit.com/r/linux/comments/24j290/what_routines_have_you_in_place_to_keep_your/
  259.  
  260. # The world's first operating-system kernel with an end-to-end proof of implementation correctness and security enforcement is now open source. (sel4.systems)
  261. http://www.reddit.com/r/netsec/comments/2c0yxh/the_worlds_first_operatingsystem_kernel_with_an/
  262.  
  263. # Deanonymizing Facebook Users By CSP Bruteforcing (myseosolution.de)
  264. http://www.reddit.com/r/netsec/comments/2djtkt/deanonymizing_facebook_users_by_csp_bruteforcing/
  265.  
  266. # Monitoring & log overview.
  267. # How To Install OSSEC on Ubuntu 14.04 (linuxlove.eu)
  268. http://www.reddit.com/r/linux/comments/2f72j4/how_to_install_ossec_on_ubuntu_1404/
  269.  
  270. # Password MGMT
  271. http://www.reddit.com/r/linux/comments/2fnget/what_is_your_password_management_strategy/
  272.  
  273. # Metasploit Resource Portal Data [collection of the most helpful videos, blog posts, podcasts, and other helpful resources, produced mainly by community contributors] (metasploit.github.io)
  274. https://www.reddit.com/r/netsec/comments/2pstkf/metasploit_resource_portal_data_collection_of_the/
  275.  
  276. # Silently owning modems and routers
  277. https://www.reddit.com/r/netsec/comments/2syoge/silently_owning_modems_and_routers/
  278.  
  279. # Directory of machines
  280. http://www.shodanhq.com/help

Submit a correction or amendment below (click here to make a fresh posting)
After submitting an amendment, you'll be able to view the differences between the old and new posts easily.

Syntax highlighting:

To highlight particular lines, prefix each line with {%HIGHLIGHT}





All content is user-submitted.
The administrators of this site (kpaste.net) are not responsible for their content.
Abuse reports should be emailed to us at