[[[ WiFi YT vids ]]] https://www.youtube.com/user/NeedSec https://www.youtube.com/user/Raventattoo/videos https://www.youtube.com/user/Cyb3rw0rM1/videos # GUI frontend to reaver http://sourceforge.net/projects/wpscrackgui/ --- # HSM from a Raspberry Pi http://cryptosense.com/building-a-raspberry-pi-hsm-for-rsa-2014/ # Shredding files recursively into directories http://www.linuxforums.org/forum/miscellaneous/46693-how-shred-entire-directory-tree.html#post257616 # Backdoor anything http://www.reddit.com/r/netsec/comments/2az8z2/the_backdoor_factory_backdoor_just_about_any/ # OpenBSD lol http://bbs.progrider.org/prog/read/1383465168 http://www.iusmentis.com/maatschappij/privacy/filmen-cameratoezicht/ # iptables http://blog.commandlinekungfu.com/2014/01/episode-174-lightning-lockdown.html # /g/ has root to NSA http://archive.rebeccablacktech.com/g/thread/S39950951#p39950951 # Scan the whole Internet in under 45 minutes! https://zmap.io/ # Subterfuge - Automated MITM Framework https://code.google.com/p/subterfuge/ # Telegram http://www.thoughtcrime.org/blog/telegram-crypto-challenge/ # Entropy as fuck http://gamesbyemail.com/news/diceomatic http://www.random.org/ # List of resources https://github.com/enaqx/awesome-pentest [[[ (Anti) Forensics ]]] # The truth about – How to securely erase a Solid State Drive (SSD) (skrilnetz.net) http://www.reddit.com/r/linux/comments/2etx24/the_truth_about_how_to_securely_erase_a_solid/ # Inception - search RAM contents for interesting stuff http://www.breaknenter.org/projects/inception/ [[[ Hardened Gentoo ]]] http://www.proteansec.com/forensics/gentoo-hardening-part-1-introduction-hardened-profile-2/ [[[ SELinux ]]] # From #centos Useful resources for SELinux: http://wiki.centos.org/HowTos/SELinux http://wiki.centos.org/TipsAndTricks/SelinuxBooleans http://docs.fedoraproject.org/en-US/Fedora/13/html/Security-Enhanced_Linux/ http://fedorasolved.org/security-solutions/selinux-module-building http://www.youtube.com/watch?v=bQqX3RWn0Yw http://opensource.com/business/13/11/selinux-policy-guide http://wiki.centos.org/HowTos/SELinux http://beginlinux.com/server_training/web-server/976-apache-and-selinux http://docs.fedoraproject.org/en-US/Fedora/13/html/Managing_Confined_Services/ http://www.reddit.com/r/linux/comments/23a2tg/the_selinux_coloring_book/ [ CentOS ] http://wiki.centos.org/HowTos/OS_Protection [[[ Theory ]]] # ECC Primer http://blog.cloudflare.com/a-relatively-easy-to-understand-primer-on-elliptic-curve-cryptography http://arstechnica.com/security/2013/10/a-relatively-easy-to-understand-primer-on-elliptic-curve-cryptography/2/ http://blog.serverfault.com/2011/12/12/a-studied-approach-at-wifi-part-1/ http://safecurves.cr.yp.to/ [ GPG / PGP ] http://www.gnupg.org/documentation/index.html http://www.thedrinkingrecord.com/pgpgpg-guide/ http://www.dewinter.com/gnupg_howto/english/GPGMiniHowto.html https://futureboy.us/pgp.html http://moser-isi.ethz.ch/gpg.html # Intro tutorial blogpost https://www.reddit.com/r/linux/comments/2jhem8/how_to_verify_the_authenticity_and_integrity_of_a/ # Key security https://wiki.debian.org/Subkeys?action=show&redirect=subkeys # Best practice https://alexcabal.com/creating-the-perfect-gpg-keypair/ [[[ Wikipedia ]]] https://en.wikipedia.org/wiki/Data_remanence http://en.wikipedia.org/wiki/PA-DSS [[[ WebSec ]]] # SSL easy copy pasta http://www.reddit.com/r/sysadmin/comments/271g4m/cipherlist_strong_copypaste_ssl_configuration_for/ # Want to use my wifi? (cookie spoofing, MITM etc.) http://thejh.net/written-stuff/want-to-use-my-wifi? http://www.amanhardikar.com/mindmaps/Practice.html # The Web Application Vulnerability Scanners Benchmark http://sectooladdict.blogspot.se/2014/02/wavsep-web-application-scanner.html?m=1 # Bypassing WAF's http://www.reddit.com/r/netsec/comments/20uhgh/bypassing_web_application_firewalls_using_http/ # Hardening WordPress http://codex.wordpress.org/Hardening_WordPress http://halfelf.org/2013/false-security/ http://www.esecurityplanet.com/open-source-security/top-5-wordpress-vulnerabilities-and-how-to-fix-them.html https://wordpress.org/plugins/better-wp-security/ http://wordpress.org/plugins/bulletproof-security/ https://www.reddit.com/r/AskNetsec/comments/2mbpj5/best_practices_for_web_server_hardening/ # A seemingly innocent PHP vuln http://danuxx.blogspot.de/2013/03/unauthorized-access-bypassing-php-strcmp.html # JS crypto / sec http://www.reddit.com/r/netsec/comments/21ebv7/mylar_encryptdecrypt_your_webapp_data_in_users/ http://nosql.mypopescu.com/post/14453905385/attacking-nosql-and-node-js-server-side-javascript # Mega.co.nz weakness (MegaPWN) https://www.reddit.com/r/netsec/comments/1lo48d/megapwn_bookmarklet_to_recover_your_secret_mega/ --- https://wiki.ubuntu.com/BasicSecurity https://wiki.archlinux.org/index.php/Dm-crypt/Specialties#Securing_the_unencrypted_boot_partition http://www.danielmiessler.com/study/infosec_interview_questions/ [[[ CryptoLocker ]]] http://www.bleepingcomputer.com/forums/t/547708/torrentlocker-ransomware-cracked-and-decrypter-has-been-made/ [[[ Talks & Other videos ]]] http://makehacklearn.org/2014/03/06/trustycon-videos/ --- [[[ Reddit ]]] # How to sign kernel for UEFI Secure Boot. http://www.reddit.com/r/linux/comments/1mw1xb/state_of_securely_booting_linux/ # SSL/TLS Deployment Best Practices http://www.reddit.com/r/netsec/comments/1mn2nk/ssltls_deployment_best_practices/ # SSH hardening http://www.reddit.com/r/linux/comments/1yfvm9/hardening_ssh_servers/ http://www.reddit.com/r/linux/comments/2cwakx/the_ultimate_guide_to_hardening_ssh_with_ssh/ # Ever wonder what makes the new ssh-certificate authentication different from ssh-pubkey? This guide explains that and how to use it effectively. (neocri.me) http://redd.it/1zmsi2 # Physical machine security http://www.reddit.com/r/netsec/comments/l91d5/physical_laptop_security/ # Linux sec http://www.reddit.com/r/linux/comments/1oobkf/what_kind_of_antimalware_exists_for_linux/ # How does the Shellshock exploit work? http://fedoramagazine.org/shellshock-how-does-it-actually-work/ # OS under a OS http://www.reddit.com/r/linux/comments/1qib6u/the_second_proprietary_operating_system_hiding_in/ # grsec patches explained http://www.reddit.com/r/netsec/comments/renu4/grsecurity_pax_configuration_options_explained/ # 4 HTTP security headers you should always be using (ibuildings.nl) http://www.reddit.com/r/netsec/comments/1vztlh/4_http_security_headers_you_should_always_be_using/ # Show r/netsec: reveal your true IP address behind proxy/NATs using WebRTC (Firefox/Chrome) (jsfiddle.net) http://www.reddit.com/r/netsec/comments/1vzsnn/show_rnetsec_reveal_your_true_ip_address_behind/ # Laptop security best practices. What do you do? (self.linux) http://www.reddit.com/r/linux/comments/1zi10c/laptop_security_best_practices_what_do_you_do/ # How I got root with Sudo (securusglobal.com) http://www.reddit.com/r/netsec/comments/20mftq/how_i_got_root_with_sudo/ # Hardening a Linux server (self.linux) http://www.reddit.com/r/linux/comments/1xxpap/hardening_a_linux_server/ # Security of Debian? http://www.reddit.com/r/linux/comments/1xfuqb/debian_74_relased/cfbwunr # Sidestep Wireless Logins by Routing All Traffic Through Measly Little Ping Packets (getpostdelete.com) http://www.reddit.com/r/linux/comments/22tsil/sidestep_wireless_logins_by_routing_all_traffic/ # Why Linux is better for infosec? http://www.reddit.com/r/linux/comments/22xece/why_is_linux_better_for_infosecsysadmins/ # Wayland is NOT immune to keyloggers (self.linux) http://www.reddit.com/r/linux/comments/23mj49/wayland_is_not_immune_to_keyloggers/ # What routines have you in place to keep your linux server secure and up to date? (self.linux) http://www.reddit.com/r/linux/comments/24j290/what_routines_have_you_in_place_to_keep_your/ # The world's first operating-system kernel with an end-to-end proof of implementation correctness and security enforcement is now open source. (sel4.systems) http://www.reddit.com/r/netsec/comments/2c0yxh/the_worlds_first_operatingsystem_kernel_with_an/ # BadUSB https://pay.reddit.com/r/netsec/comments/2c9otm/badusb/ https://www.reddit.com/r/netsec/comments/2i6vvh/badusb_the_unpatchable_malware_that_infects_usbs/ https://www.reddit.com/r/netsec/comments/2s1gb2/opensource_usb_exploitation_library_teensyduino/ # Deanonymizing Facebook Users By CSP Bruteforcing (myseosolution.de) http://www.reddit.com/r/netsec/comments/2djtkt/deanonymizing_facebook_users_by_csp_bruteforcing/ # Monitoring & log overview. # How To Install OSSEC on Ubuntu 14.04 (linuxlove.eu) http://www.reddit.com/r/linux/comments/2f72j4/how_to_install_ossec_on_ubuntu_1404/ # Password MGMT http://www.reddit.com/r/linux/comments/2fnget/what_is_your_password_management_strategy/ # Metasploit Resource Portal Data [collection of the most helpful videos, blog posts, podcasts, and other helpful resources, produced mainly by community contributors] (metasploit.github.io) https://www.reddit.com/r/netsec/comments/2pstkf/metasploit_resource_portal_data_collection_of_the/ # Silently owning modems and routers https://www.reddit.com/r/netsec/comments/2syoge/silently_owning_modems_and_routers/