Bookmarks
Tag cloud
Picture wall
Daily
RSS Feed
  • RSS Feed
  • Daily Feed
  • Weekly Feed
  • Monthly Feed
Filters

Links per page

  • 20 links
  • 50 links
  • 100 links

Filters

Untagged links
page 1 / 8
146 results tagged infosec  ✕   ✕
kalilinux/documentation/kali-purple https://gitlab.com/kalilinux/documentation/kali-purple
Sun 12 Feb 2023 08:21:37 PM PST archive.org

Practice Ops: Virtualization, firewalls, VLAN, WAF, SIEM, IDS/IPS...

Practice Red: Penetration testing of vulnerable machines while seeing what the blue team sees. Can you become stealthier?

Practice Blue: Firewall and IPS rules, SIEM analysis and dashboard development...

Purple teaming: Red and Blue working together to develop the ultimate set of rules

Protect: Deploy Kali-Purple to protect your network

linux distribution hacking defense offense infosec soc
justcallmekoko/ESP32Marauder https://github.com/justcallmekoko/ESP32Marauder
Mon 06 Feb 2023 08:38:52 AM PST archive.org

A suite of WiFi/Bluetooth offensive and defensive tools for the ESP32.

infosec wifi bluetooth hacking esp32 firmware
OpenEDR - Open Source Endpoint Detection and Response https://www.openedr.com/
Fri 27 Jan 2023 09:35:41 PM PST archive.org

OpenEDR is a sophisticated, free, open source endpoint detection and response solution. It provides analytic detection with Mitre ATT&CK visibility for event correlation and root cause analysis of adversarial threat activity and behaviors in real time. This world-class endpoint telemetry platform is available to all cyber-security professionals, and every sized organization, to defend against threat actors and cyber criminals.

Github: https://github.com/ComodoSecurity/openedr

software opensource detection response cpp agents alerts sysadmin infosec
FedVTE Public Courses Page https://fedvte.usalearning.gov/public_fedvte.php
Sun 22 Jan 2023 02:41:29 PM PST archive.org

The Federal Virtual Training Environment (FedVTE) provides the following courses free of charge and without login requirements. You must use a modern browser (Edge, Chrome, Firefox) and have cookies enabled to track your progress in these courses.

online classes education free programming infosec
Password Storage - OWASP Cheat Sheet Series https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html
Tue 03 Jan 2023 02:36:39 PM PST archive.org
passwords bestpractices storage infosec
KeepassXC Password Manager https://keepassxc.org/
Thu 29 Dec 2022 09:45:50 PM PST archive.org

Securely store passwords using industry standard encryption, quickly auto-type them into desktop applications, and use our browser extension to log into websites.

Complete database encryption using industry standard 256-bit AES. Fully compatible with KeePass Password Safe formats. Your password database works offline and requires no internet connection.

Every feature looks, feels, works, and is tested on Windows, macOS, and Linux. You can expect a seamless experience no matter which operating system you are using.

Github: https://github.com/keepassxreboot/keepassxc

crossplatform infosec opsec passwords credentials databases
KeepassXC-Browser https://addons.mozilla.org/en-US/firefox/addon/keepassxc-browser/
Thu 29 Dec 2022 09:43:35 PM PST archive.org

A plugin for Firefox that lets you interface with a KeepassXC password manager.

Note that this is an official KeepassXC project, not somebody's third party code.

firefox addons credentials passwords databases infosec opsec
satta/awesome-suricata https://github.com/satta/awesome-suricata
Thu 15 Dec 2022 12:40:28 PM PST archive.org

Suricata IDS is a free intrusion detection/prevention system and network security monitoring engine. This is a list of awesome things that go with it.

awesome ids resources plugins tools monitoring libraries dashboards templates rulesets infosec sysadmin
0dayfans https://0dayfans.com/
Fri 25 Nov 2022 03:15:21 PM PST archive.org

A somewhat silly website that talks about recently discovered 0-day vulnerabilities.

RSS feed: https://0dayfans.com/feed.rss

blog infosec vulnerabilities glitch
Hacker Strategies https://hackerstrategies.org/
Sun 20 Nov 2022 04:22:05 PM PST archive.org

Inspiration for when you're stuck. Inspired by Brian Eno's Oblique Strategies.

Red team or blue team?

Kind of like the whacks of Heraclitus.

inspiration hacking infosec pentesting
angelina-tsuboi/ESP8266-WiCon-Kit https://github.com/angelina-tsuboi/ESP8266-WiCon-Kit
Mon 14 Nov 2022 03:22:25 PM PST archive.org

A compact and portable WiFi reconnaissance suite based on the ESP8266. Packet Monitor with 11 filter types. Deauthentication and Disassociation Detector (HAXX). FTP Honeypot with Canary Tokens. Web Server (WIP). CSV Data logging (WIP).

The custom PCB is basically glue for two pressbuttons, an OLED display, an LED, and a power cell. You could pretty easily bodge one together out of spare parts.

https://github.com/SpacehuhnTech/Hackheld/issues/8

esp8266 wifi infosec attacks tiny
TalEliyahu/Threat_Model_Examples https://github.com/TalEliyahu/Threat_Model_Examples
Thu 03 Nov 2022 05:35:18 PM PDT archive.org

A collection of links to threat models for various pieces of software and protocols.

infosec links threatmodeling documents
kimci86/bkcrack https://github.com/kimci86/bkcrack
Mon 31 Oct 2022 04:15:20 PM PDT archive.org

Crack legacy zip encryption with Biham and Kocher's known plaintext attack.

A ZIP archive may contain many entries whose content can be compressed and/or encrypted. In particular, entries can be encrypted with a password-based symmetric encryption algorithm referred to as traditional PKWARE encryption, legacy encryption or ZipCrypto. This algorithm generates a pseudo-random stream of bytes (keystream) which is XORed to the entry's content (plaintext) to produce encrypted data (ciphertext). The generator's state, made of three 32-bits integers, is initialized using the password and then continuously updated with plaintext as encryption goes on. This encryption algorithm is vulnerable to known plaintext attacks as shown by Eli Biham and Paul C. Kocher in the research paper A known plaintext attack on the PKZIP stream cipher. Given ciphertext and 12 or more bytes of the corresponding plaintext, the internal state of the keystream generator can be recovered. This internal state is enough to decipher ciphertext entirely as well as other entries which were encrypted with the same password. It can also be used to bruteforce the password with a complexity of nl-6 where n is the size of the character set and l is the length of the password.

cpp cli infosec zip encryption cracker crossplatform
stark0de/nginxpwner https://github.com/stark0de/nginxpwner
Thu 29 Sep 2022 02:56:25 PM PDT archive.org

Nginxpwner is a simple tool to look for common Nginx misconfigurations and vulnerabilities. Give it a list of URLs (Burp Suite is namechecked here) and turn it loose, and it'll look for misconfigurations.

nginx cli infosec auditing python configuration
punk-security/dnsReaper https://github.com/punk-security/dnsReaper
Tue 27 Sep 2022 09:13:21 PM PDT archive.org

DNS Reaper is yet another sub-domain takeover tool, but with an emphasis on accuracy, speed and the number of signatures in our arsenal!

We can scan around 50 subdomains per second, testing each one with over 50 takeover signatures. This means most organisations can scan their entire DNS estate in less than 10 seconds.

Currently only supports Route53, Cloudflare, and Azure.

infosec cli python dns scanner reconaissance
The Open Cloud Vulnerability & Security Issue Database https://www.cloudvulndb.org/
Fri 23 Sep 2022 08:01:43 PM PDT archive.org

An open project to list all known cloud vulnerabilitiesand Cloud Service Provider security issues.

RSS: https://www.cloudvulndb.org/rss/feed.xml

infosec vulnerabilities cloudcomputing providers glitch
Data Breach Today https://www.databreachtoday.com/
Fri 23 Sep 2022 07:49:21 PM PDT archive.org

A news aggregator of new and ongoing data breach cases.

RSS: https://www.databreachtoday.com/

infosec hacks news glitch
Electronic Cats https://electroniccats.com/
Thu 11 Aug 2022 02:09:24 PM PDT archive.org

A Mexican company that designs and sells hacker toys, security auditing tools, and educational devices. They even sell products suitable for teaching kids.

store hackers electronics tools infosec wireless sensors microcontrollers kits openhardware
The Enchiridion of Impetus Exemplar: A Threat Modeling Field Guide https://shellsharks.com/threat-modeling
Wed 03 Aug 2022 02:00:29 PM PDT archive.org

Threat Modeling is the process of building and analyzing representations of a system to highlight concerns about security characteristics.

Threat Modeling is a pro-active and iterative approach for identifying security issues and reducing risk. The output of a threat modeling exercise is a list of threats - or even better - risks, that further inform decisions in the continued operation of the system. This process can be performed prior to any code written or infrastructure deployed. This makes it very efficient in identifying potential threats, vulnerabilities and risks.

infosec security threatmodeling
chip-red-pill/MicrocodeDecryptor https://github.com/chip-red-pill/MicrocodeDecryptor
Tue 19 Jul 2022 02:59:29 PM PDT archive.org

At the beginning of 2020, we discovered the Red Unlock technique that allows extracting Intel Atom Microcode. We were able to research the internal structure of the microcode and then x86 instruction implementation. Also, we recovered a format of microcode updates, algorithm and the encryption key used to protect the microcode.

This is the tools they used to take it apart.

python cli infosec intel microcode cryptography
page 1 / 8
4682 links, including 339 private
Shaarli - The personal, minimalist, super-fast, database free, bookmarking service by the Shaarli community - Theme by kalvn