CyberSecurity.md

Contents

1. Introduction
   • Contributing
2. Communities
3. Business/Career
4. Services
5. Software
6. Programming
7. Ethics, Law & Professionalism
   • Ethics
   • Guidance
   • Professionalism & Standards
   • Proposed legislation
   • Law
8. Learning Resources
9. Linux Distributions
10. Sysadmin
11. Electronics
12. Hypervisors and virtual machines
    • Andrew Hancock, VMware vExpert PRO
13. Cyber Security Resources
    • 13.1 Digital Warfare and Geopolitics
14. Other Interesting Stuff

Cyber Security List

Disclaimer:

Hacking without authorisation is illegal. In the United Kingdom, it is illegal under the Computer Misuse Act 1990

Links to these materials are provided for reference only. We are not responsible for your use of resources and you should seek permission before performing testing or exploitation on systems not owned by yourself.

News

1. Dark Reading - Cyber Security News.
2. Data Breach Today - Data Breach News.
3. Help Net Security - Cyber Security News.
4. Hackaday - New hacks every day & interesting projects.
5. Pentestlab
6. Securityaffairs - Blog of Pierluigi Paganini.
7. Schneier On Security - Blog of Bruce Schneier, "public interest technologist".
8. CryptoRom Bitcoin swindlers continue to target vulnerable iPhone and Android users
9. UK Goverment launches new cyber security measures
10. U.S. Spy Agency to Create AI Security Center, Official Announces
11. Hacking Humans Podcast
12. SANS Daily StormCast
13. Security Now Podcast
14. VMware Podcasts
15. CyberWire Daily
16. Darknet Diaries

Educational

1. Hackersploit (Youtube Channel)
2. Capture the Flag Playlist.
3. Metasploit Introduction Playlist.
4. Ethical Hacking Introduction Playlist.
5. Python3 for Penetration Testing Playlist
6. TryHackMe - is an online platform for learning cyber security, using hands-on exercises and labs!
7. Awesome OSINT - List of OSINT Tools and resources
8. University of Maryland - Hardware Security
9. University of Maryland - Software Security
10. University of Maryland - Usable Security
11. GFTOBins - a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems.
12. LOLBAS - Living off the land binaries, scripts and libraries.
13. Attack Navigator - Provides basic navigation and annotation of ATT&CK matrices.
14. iOS Hacking - A beginner's guide to Hacking iOS Apps [2022 Edition]
15. Live reverse engineering of a trojanised medical app - Android/Joker
16. The State of Stalkerware (2021)
17. Mobile MitM: Intercepting Your Android App Traffic On the Go
18. 2022 Mobile Threat Landscape
19. Bluetooth Signals can be used to identify and track smartphones
20. How I reversed a NodeJS malware and found the author
21. Data Breaches - Guidance for individuals and families
22. CodeQL zero to hero - Part 1: the fundamentals of static analysis for vulnerability research
23. Cyber Security & IT Cerifications from ISC2
24. CS50 CyberSecurity

• 24.1 CS50 CyberSecurity - Youtube Playlist

Tools

1. Hunchly - The Only Web Capture Tool Designed For Online Investigations.
2. Have I Been Pwned
3. Authy
4. GCHQ Cyberchef
5. DuckDuckGo Smarter Encryption
6. Privacy Tools
7. Syclla.sh - community-oriented database leak community that is a useful tool for security researchers.
8. h8mail - Email OSINT & Password breach hunting tool, locally or using premium services. Supports chasing down related email
9. Wireshark Packet Analysis
10. SSL Labs - Test the HTTPS configuration of your web server online
11. testssl.sh - TLS configuration tester like SSL Labs, but runs locally
12. Beetlebug - Beetlebug is a beginner-friendly Capture the Flag Android application that aims to inspire interest in Mobile Application Security.
13. PiRogue - an open-source tool suite that provides a comprehensive mobile forensic and network traffic analysis.
14. CrocodileHunter - Note: This tool has been archived, and is not recommended for use BUT could still be a good tool for finding IMSI catchers. Crocodile Hunter can be seen in use in "Phone Hackers: Britains' Secret Surveillance".
15. OSSF Scorecard - Scorecard helps open source maintainers improve their security best practices and to help open source consumers judge whether their dependencies are safe.
16. Gittuf - A security layer for Git repositories.

• 16.1 Introducing Gittuf

Certification / Standards

1. CIS Benchmarking - Benchmarking tools to protect your environment
2. Cyber Essentials Certificaton
3. Infosec Institute - Info sec best practices & updates.
4. ISO - ISO/IEC 27001 — Information security management

Code Reference

Disclaimer:

These resources have not been tested and are from unverified developers. We list them to showcase what is available in the wild and for code comparison only. We do not endorse using or recommend executing any of the code.

1. Smali2Frida - Genarate Frida Hooks from .smali files.
2. Native2Frida - Generate Frida Script for All Functions which have Char as argument or return type as char
3. desc_race - iOS 15.1 kernel exploit POC for CVE-2021-30955
4. Misc Code - Various scripts, reverse engineering tools, sensor tools, worms.
5. DirtyPipe-Android
6. RIUS - RTLO Injection URI Spoofing CVE-2020-20093; 20094; 20095; 20096, 2022-28345
7. Anti-Frida
8. FunctionStomping - a brand-new technique for shellcode injection to evade AVs and EDRs.
9. Yes, I can connect to a Db in CSS
   • 9.1 Github Repo
   • 9.2 sqlcss.xyz
10. Botnets - A collection of botnet source codes.
11. Pantagrule - gargantuan hashcat rulesets generated from compromised passwords