From 0adf3534c0a3ff710ebd4c4ffcab7f228ccf4714 Mon Sep 17 00:00:00 2001 From: trimstray Date: Mon, 6 May 2019 20:04:57 +0200 Subject: [PATCH 01/93] add 'ctf-tasks'; minor update - signed-off-by: trimstray --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 9ad00b4..c4fdcb5 100644 --- a/README.md +++ b/README.md @@ -727,7 +727,6 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: Webshells - great series about malicious payloads.
  :small_orange_diamond: Practical Web Cache Poisoning - show you how to compromise websites by using esoteric web features.
  :small_orange_diamond: Hidden directories and files - as a source of sensitive information about web application.
-  :small_orange_diamond: 50M_CTF_Writeup - $50 million CTF from Hackerone - writeup.
  :small_orange_diamond: Security Cookies - this paper will take a close look at cookie security.

@@ -735,6 +734,8 @@ performance of any of your sites from across the globe.

  :small_orange_diamond: CTF Series : Vulnerable Machines - the steps below could be followed to find vulnerabilities and exploits.
+  :small_orange_diamond: 50M_CTF_Writeup - $50 million CTF from Hackerone - writeup.
+  :small_orange_diamond: ctf-tasks - an archive of low-level CTF challenges developed over the years.
  :small_orange_diamond: How to start RE/malware analysis? - collection of some hints and useful links for the beginners.
  :small_orange_diamond: LZone Cheat Sheets - all cheat sheets.
  :small_orange_diamond: Dan’s Cheat Sheets’s - massive cheat sheets documentation.
From 3ee2d935e63a6ffe6f88794fe6cd37355bd2f642 Mon Sep 17 00:00:00 2001 From: trimstray Date: Mon, 6 May 2019 20:12:40 +0200 Subject: [PATCH 02/93] add 'awesome-static-analysis' - signed-off-by: trimstray --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index c4fdcb5..ab5214b 100644 --- a/README.md +++ b/README.md @@ -823,6 +823,7 @@ performance of any of your sites from across the globe.

  :small_orange_diamond: Cheatography - over 3,000 free cheat sheets, revision aids and quick references.
+  :small_orange_diamond: awesome-static-analysis - static analysis tools for all programming languages.

#### Blogs  [[TOC]](#anger-table-of-contents) From 4d75fabd339551879b4f01f4306ac84897453783 Mon Sep 17 00:00:00 2001 From: trimstray Date: Mon, 6 May 2019 20:29:53 +0200 Subject: [PATCH 03/93] update 'Your daily knowledge and news' - signed-off-by: trimstray --- README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/README.md b/README.md index ab5214b..576ae7a 100644 --- a/README.md +++ b/README.md @@ -1055,6 +1055,12 @@ Linux Security Expert - trainings, howtos, checklists, security tools an   :small_orange_diamond: nf.sec - basic aspects and mechanisms of Linux operating system security (PL).

+##### :black_small_square: Other/All-in-one + +

+  :small_orange_diamond: Changelog - is a community of hackers; news & podcasts for developers and hackers.
+

+ #### Other Cheat Sheets  [[TOC]](#anger-table-of-contents) ###### Build your own DNS Servers From 9bd6fe21535f7d1efb96c8f8f4e07a05f96652f2 Mon Sep 17 00:00:00 2001 From: trimstray Date: Tue, 7 May 2019 00:17:35 +0200 Subject: [PATCH 04/93] minor fixes; update 'Manuals/Howtos/Tutorials' - signed-off-by: trimstray --- README.md | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 576ae7a..312b30f 100644 --- a/README.md +++ b/README.md @@ -637,7 +637,7 @@ performance of any of your sites from across the globe.
#### Manuals/Howtos/Tutorials  [[TOC]](#anger-table-of-contents) -##### :black_small_square: Shells/Command line +##### :black_small_square: Shell/Command line

  :small_orange_diamond: pure-bash-bible - a collection of pure bash alternatives to external processes.
@@ -730,6 +730,15 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: Security Cookies - this paper will take a close look at cookie security.

+##### :black_small_square: All-in-one + +

+  :small_orange_diamond: LZone Cheat Sheets - all cheat sheets.
+  :small_orange_diamond: Dan’s Cheat Sheets’s - massive cheat sheets documentation.
+  :small_orange_diamond: Rico's cheatsheets - this is a modest collection of cheatsheets.
+  :small_orange_diamond: DevDocs API - combines multiple API documentations in a fast, organized, and searchable interface.
+

+ ##### :black_small_square: Other

@@ -737,9 +746,6 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: 50M_CTF_Writeup - $50 million CTF from Hackerone - writeup.
  :small_orange_diamond: ctf-tasks - an archive of low-level CTF challenges developed over the years.
  :small_orange_diamond: How to start RE/malware analysis? - collection of some hints and useful links for the beginners.
-  :small_orange_diamond: LZone Cheat Sheets - all cheat sheets.
-  :small_orange_diamond: Dan’s Cheat Sheets’s - massive cheat sheets documentation.
-  :small_orange_diamond: Rico's cheatsheets - this is a modest collection of cheatsheets.
  :small_orange_diamond: The C10K problem - it's time for web servers to handle ten thousand clients simultaneously, don't you think?
  :small_orange_diamond: Bank Grade Security - when companies say they have "Bank Grade Security" they imply that it is a good thing.*
  :small_orange_diamond: HTTPS on Stack Overflow - this is the story of a long journey regarding the implementation of SSL.
From f2fe22f2db6b2b711232ece86be0bfc8f37aac4d Mon Sep 17 00:00:00 2001 From: trimstray Date: Wed, 8 May 2019 22:37:05 +0200 Subject: [PATCH 05/93] add 'Files and directories' - signed-off-by: trimstray --- README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/README.md b/README.md index 312b30f..ed3f702 100644 --- a/README.md +++ b/README.md @@ -117,6 +117,12 @@ Only main chapters:   :small_orange_diamond: emacs - an extensible, customizable, free/libre text editor - and more.

+##### :black_small_square: Files and directories + +

+  :small_orange_diamond: fd - is a simple, fast and user-friendly alternative to find.
+

+ ##### :black_small_square: Network

From 6e03f50e0f3849b0483d42965798fabafadf711b Mon Sep 17 00:00:00 2001 From: trimstray Date: Mon, 13 May 2019 10:42:21 +0200 Subject: [PATCH 06/93] add 'darksearch.io' - signed-off-by: trimstray --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index ed3f702..740945e 100644 --- a/README.md +++ b/README.md @@ -541,6 +541,7 @@ performance of any of your sites from across the globe.

  :small_orange_diamond: Startpage - the world's most private search engine.
  :small_orange_diamond: searX - a privacy-respecting, hackable metasearch engine.
+  :small_orange_diamond: darksearch - the 1st real Dark Web search engine.

##### :black_small_square: Secure WebMail Providers From fb158ea7dbd2059c527bdc2d61ebcd2a46d20a46 Mon Sep 17 00:00:00 2001 From: trimstray Date: Mon, 13 May 2019 12:28:47 +0200 Subject: [PATCH 07/93] add 'aquatone' - signed-off-by: trimstray --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 740945e..1ea359a 100644 --- a/README.md +++ b/README.md @@ -891,6 +891,7 @@ Linux Security Expert - trainings, howtos, checklists, security tools an   :small_orange_diamond: Photon - incredibly fast crawler designed for OSINT.
  :small_orange_diamond: XSStrike - most advanced XSS detection suite.
  :small_orange_diamond: Sn1per - automated pentest framework for offensive security experts.
+  :small_orange_diamond: aquatone - a tool for domain flyovers.
  :small_orange_diamond: WhatWaf - detect and bypass web application firewalls and protection systems.
  :small_orange_diamond: John The Ripper - is a fast password cracker, currently available for many flavors of Unix, Windows, and other.
  :small_orange_diamond: hashcat - world's fastest and most advanced password recovery utility.
From 46e0cedff6878586beda7deba3fb1872fc653a4c Mon Sep 17 00:00:00 2001 From: trimstray Date: Mon, 13 May 2019 13:21:39 +0200 Subject: [PATCH 08/93] add new one-liner to 'awk' section - signed-off-by: trimstray --- README.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/README.md b/README.md index 1ea359a..344ee46 100644 --- a/README.md +++ b/README.md @@ -3259,6 +3259,15 @@ awk '!x[$0]++' filename awk '{print $NF}' filename ``` +###### Remove empty lines + +```bash +awk 'NF > 0' filename + +# alternative: +awk NF filename +``` + ###### Print multiple columns with separators ```bash From 3ceeac5c90f93d7833a22c5c0ad8254e57a63fd4 Mon Sep 17 00:00:00 2001 From: KingOfDireWolves Date: Wed, 15 May 2019 15:35:01 +0530 Subject: [PATCH 09/93] Update README.md --- README.md | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index 344ee46..d5ee2fc 100644 --- a/README.md +++ b/README.md @@ -93,8 +93,8 @@ Only main chapters:

  :small_orange_diamond: GNU Bash - is an sh-compatible shell that incorporates useful features from the Korn shell and C shell.
  :small_orange_diamond: Zsh - is a shell designed for interactive use, although it is also a powerful scripting language.
-  :small_orange_diamond: bash-it - framework for using, developing and maintaining shell scripts and custom commands for your daily work.
-  :small_orange_diamond: Oh My ZSH! - the best framework for managing your Zsh configuration.
+  :small_orange_diamond: bash-it - is a framework for using, developing and maintaining shell scripts and custom commands for your daily work.
+  :small_orange_diamond: Oh My ZSH! - is the best framework for managing your Zsh configuration.
  :small_orange_diamond: Oh My Fish - the Fishshell framework.

@@ -127,14 +127,14 @@ Only main chapters:

  :small_orange_diamond: PuTTY - is an SSH and telnet client, developed originally by Simon Tatham.
-  :small_orange_diamond: nmap - free and open source (license) utility for network discovery and security auditing.
-  :small_orange_diamond: masscan - the fastest Internet port scanner, spews SYN packets asynchronously.
-  :small_orange_diamond: pbscan - faster and more efficient stateless SYN scanner and banner grabber.
-  :small_orange_diamond: hping - command-line oriented TCP/IP packet assembler/analyzer.
-  :small_orange_diamond: mtr - functionality of the 'traceroute' and 'ping' programs in a single network diagnostic tool.
-  :small_orange_diamond: netcat - networking utility which reads and writes data across network connections, using the TCP/IP protocol.
-  :small_orange_diamond: tcpdump - powerful command-line packet analyzer.
-  :small_orange_diamond: tshark - dump and analyze network traffic (wireshark cli).
+  :small_orange_diamond: nmap - is a free and open source (license) utility for network discovery and security auditing.
+  :small_orange_diamond: masscan - is the fastest Internet port scanner, spews SYN packets asynchronously.
+  :small_orange_diamond: pbscan - is a faster and more efficient stateless SYN scanner and banner grabber.
+  :small_orange_diamond: hping - is a command-line oriented TCP/IP packet assembler/analyzer.
+  :small_orange_diamond: mtr - is a tool that combines the functionality of the 'traceroute' and 'ping' programs in a single network diagnostic tool.
+  :small_orange_diamond: netcat - is a networking utility which reads and writes data across network connections, using the TCP/IP protocol.
+  :small_orange_diamond: tcpdump - is a powerful command-line packet analyzer.
+  :small_orange_diamond: tshark - is a tool that allows us to dump and analyze network traffic (wireshark cli).
  :small_orange_diamond: Termshark - is a simple terminal user-interface for tshark.
  :small_orange_diamond: ngrep - is like GNU grep applied to the network layer.
  :small_orange_diamond: stenographer - is a packet capture solution which aims to quickly spool all packets to disk.
@@ -147,16 +147,16 @@ Only main chapters:   :small_orange_diamond: packetfu - a mid-level packet manipulation library for Ruby.
  :small_orange_diamond: Scapy - packet manipulation library; forge, send, decode, capture packets of a wide number of protocols.
  :small_orange_diamond: impacket - is a collection of Python classes for working with network protocols.
-  :small_orange_diamond: ssh-audit - SSH server auditing.
+  :small_orange_diamond: ssh-audit - is a tool for SSH server auditing.
  :small_orange_diamond: aria2 - is a lightweight multi-protocol & multi-source command-line download utility.

##### :black_small_square: Network (DNS)

-  :small_orange_diamond: fierce - a DNS reconnaissance tool for locating non-contiguous IP space.
+  :small_orange_diamond: fierce - is a DNS reconnaissance tool for locating non-contiguous IP space.
  :small_orange_diamond: subfinder - is a subdomain discovery tool that discovers valid subdomains for websites.
-  :small_orange_diamond: sublist3r - fast subdomains enumeration tool for penetration testers.
+  :small_orange_diamond: sublist3r - is a fast subdomains enumeration tool for penetration testers.
  :small_orange_diamond: amass - tool obtains subdomain names by scraping data sources, crawling web archives and more.
  :small_orange_diamond: namebench - provides personalized DNS server recommendations based on your browsing history.
  :small_orange_diamond: dnscrypt-proxy 2 - a flexible DNS proxy, with support for encrypted DNS protocols.
From 56c6e7b64f3f8517c4b53151f8258e20153c8afe Mon Sep 17 00:00:00 2001 From: trimstray Date: Thu, 16 May 2019 13:52:18 +0200 Subject: [PATCH 10/93] rename 'Blogs' to 'Blogs/Podcasts/Videos' and add new items - signed-off-by: trimstray --- README.md | 83 +++++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 80 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 344ee46..3d97dc7 100644 --- a/README.md +++ b/README.md @@ -77,7 +77,7 @@ Only main chapters: - **[Manuals/Howtos/Tutorials](#manualshowtostutorials-toc)** - **[Videos/Presentations](#videospresentations-toc)** - **[Inspiring Lists](#inspiring-lists-toc)** -- **[Blogs](#blogs-toc)** +- **[Blogs/Podcasts/Videos](#blogs-podcasts-videos-toc)** - **[Hacking/Penetration Testing](#hackingpenetration-testing-toc)** - **[Your daily knowledge and news](#your-daily-knowledge-and-news-toc)** - **[Other Cheat Sheets](#other-cheat-sheets-toc)** @@ -839,7 +839,7 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: awesome-static-analysis - static analysis tools for all programming languages.

-#### Blogs  [[TOC]](#anger-table-of-contents) +#### Blogs/Podcasts/Videos  [[TOC]](#anger-table-of-contents) ##### :black_small_square: Geeky Persons @@ -852,7 +852,12 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: Robert Penz - IT security Expert.
  :small_orange_diamond: Scott Helme - Security Researcher, international speaker and founder of securityheaders.com and report-uri.com.
  :small_orange_diamond: Brian Krebs - The Washington Post and now an Independent investigative journalist.
-  :small_orange_diamond: Binni Shah - Linux Evangelist. Malwares. Kernel Dev. Security Enthusiast.
+  :small_orange_diamond: Bruce Schneier - is an internationally renowned security technologist, called a "security guru".
+  :small_orange_diamond: Chrissy Morgan - advocate of practical learning, Chrissy also takes part in bug bounty programs.
+  :small_orange_diamond: Andy Gill - Andy is a hacker at heart who works as a senior penetration tester.
+  :small_orange_diamond: Daniel Miessler - cybersecurity expert and writer.
+  :small_orange_diamond: Javvad Malik - is a Security Advocate at AlienVault, a blogger event speaker and industry commentator.
+  :small_orange_diamond: Graham Cluley - public speaker and independent computer security analyst.
  :small_orange_diamond: Kacper Szurek - Detection Engineer at ESET.
  :small_orange_diamond: Troy Hunt - Microsoft Regional Director and Microsoft Most Valuable Professional for Developer Security.
  :small_orange_diamond: raymii.org - Linux/Unix Sysadmin specializing in building high availability cloud environments.
@@ -866,6 +871,78 @@ performance of any of your sites from across the globe.
Linux Security Expert - trainings, howtos, checklists, security tools and more.
  :small_orange_diamond: The Grymoire - collection of useful incantations for wizards, be you computer wizards, magicians, or whatever.
  :small_orange_diamond: PortSwigger Web Security Blog - about web app security vulns and top tips from our team of web security.
+  :small_orange_diamond: Secjuice - is the only non-profit, independent and volunteer led publication in the information security space.
+  :small_orange_diamond: Decipher - security news that informs and inspires.
+

+ +##### :black_small_square: Geeky Vendor Blogs + +

+  :small_orange_diamond: Tenable Podcast - conversations and interviews related to Cyber Exposure, and more.
+  :small_orange_diamond: Sophos - threat news room, giving you news, opinion, advice and research on computer security issues.
+  :small_orange_diamond: Tripwire State of Security - blog featuring the latest news, trends and insights on current information security issues.
+  :small_orange_diamond: Malwarebytes Labs Blog - security blog aims to provide insider news about cybersecurity.
+  :small_orange_diamond: TrustedSec - latest news, and trends about cybersecurity.
+  :small_orange_diamond: AT&T Cybersecurity blog - offer news on emerging threats and practical advice to simplify threat detection and incident response.
+  :small_orange_diamond: Thycotic - where CISOs and IT Admins come to learn about industry trends, IT security, data breaches, and more.
+

+ +##### :black_small_square: Geeky Cybersecurity Podcasts + +

+  :small_orange_diamond: Risky Business - is a weekly information security podcast featuring news and in-depth interviews with industry luminaries.
+  :small_orange_diamond: Cyber, by Motherboard - stories, and focus on the ideas about cybersecurity.
+  :small_orange_diamond: Tenable Podcast - conversations and interviews related to Cyber Exposure, and more.
+  :small_orange_diamond: +Cybercrime Investigations - podcast by Geoff White about cybercrimes.
+  :small_orange_diamond: The many hats club - featuring stories from a wide range of Infosec people (Whitehat, Greyhat and Blackhat).
+  :small_orange_diamond: Darknet Diaries - true stories from the dark side of the Internet.
+

+ +##### :black_small_square: Geeky Cybersecurity Podcasts + +

+  :small_orange_diamond: Risky Business - is a weekly information security podcast featuring news and in-depth interviews with industry luminaries.
+  :small_orange_diamond: Cyber, by Motherboard - stories, and focus on the ideas about cybersecurity.
+  :small_orange_diamond: Tenable Podcast - conversations and interviews related to Cyber Exposure, and more.
+  :small_orange_diamond: +Cybercrime Investigations - podcast by Geoff White about cybercrimes.
+  :small_orange_diamond: The many hats club - featuring stories from a wide range of Infosec people (Whitehat, Greyhat and Blackhat).
+  :small_orange_diamond: Darknet Diaries - true stories from the dark side of the Internet.
+

+ +##### :black_small_square: Geeky Cybersecurity Video Blogs + +

+  :small_orange_diamond: rev3rse security - offensive, binary exploitation, web application security, vulnerability, hardening, red team, blue team.
+  :small_orange_diamond: LiveOverflow - a lot more advanced topics than what is typically offered in paid online courses - but for free.
+  :small_orange_diamond: J4vv4D - the important information regarding our internet security.
+  :small_orange_diamond: +CyberTalks - talks, interviews, and article about cybersecurity.
+

+ +##### :black_small_square: Best Personal Twitter Accounts + +

+  :small_orange_diamond: @blackroomsec - a white-hat hacker/pentester. Intergalactic Minesweeper Champion 1990. Hacking is not a hobby but a way of life.
+  :small_orange_diamond: @MarcoCiappelli - Co-Founder @ITSPmagazine, at the intersection of IT security and society.
+  :small_orange_diamond: @binitamshah - Linux Evangelist. Malwares. Kernel Dev. Security Enthusiast.
+  :small_orange_diamond: @joe_carson - an InfoSec Professional and Tech Geek.
+  :small_orange_diamond: @mikko - CRO at F-Secure, Reverse Engineer, TED Speaker, Supervillain
+

+ +##### :black_small_square: Best Commercial Twitter Accounts + +

+  :small_orange_diamond: @haveibeenpwned - check if you have an account that has been compromised in a data breach.
+  :small_orange_diamond: @bugcrowd - trusted by more of the Fortune 500 than any other crowdsourced security platform.
+  :small_orange_diamond: @Malwarebytes - most trusted security company. Unmatched threat visibility.
+  :small_orange_diamond: @sansforensics - the world's leading Digital Forensics and Incident Response provider.
+  :small_orange_diamond: @attcyber - AT&T Cybersecurity’s Edge-to-Edge technologies provide phenomenal threat intelligence, collaborative defense and security.
+  :small_orange_diamond: @attcyber - AT&T Cybersecurity’s Edge-to-Edge technologies provide phenomenal threat intelligence, collaborative defense and security.
+  :small_orange_diamond: @TheManyHatsClub - an information security focused podcast and group of individuals from all walks of life.
+  :small_orange_diamond: @hedgehogsec - Hedgehog Cyber. Gibraltar and Manchester's top boutique information security firm.
+  :small_orange_diamond: @NCSC - the National Cyber Security Centre. Helping to make the UK the safest place to live and work online.

##### :black_small_square: A piece of history From b0671271a41a6446951d5eddbcfee4113302975d Mon Sep 17 00:00:00 2001 From: trimstray Date: Thu, 16 May 2019 14:07:58 +0200 Subject: [PATCH 11/93] minor fixes - signed-off-by: trimstray --- README.md | 39 +++++++++++++++++++-------------------- 1 file changed, 19 insertions(+), 20 deletions(-) diff --git a/README.md b/README.md index 40abbf4..bada046 100644 --- a/README.md +++ b/README.md @@ -77,7 +77,7 @@ Only main chapters: - **[Manuals/Howtos/Tutorials](#manualshowtostutorials-toc)** - **[Videos/Presentations](#videospresentations-toc)** - **[Inspiring Lists](#inspiring-lists-toc)** -- **[Blogs/Podcasts/Videos](#blogs-podcasts-videos-toc)** +- **[Blogs/Podcasts/Videos](#blogspodcastsvideos-toc)** - **[Hacking/Penetration Testing](#hackingpenetration-testing-toc)** - **[Your daily knowledge and news](#your-daily-knowledge-and-news-toc)** - **[Other Cheat Sheets](#other-cheat-sheets-toc)** @@ -844,29 +844,29 @@ performance of any of your sites from across the globe.
##### :black_small_square: Geeky Persons

-  :small_orange_diamond: Brendan Gregg's Blog - Brendan Gregg is an industry expert in computing performance and cloud computing.
-  :small_orange_diamond: Gynvael "GynDream" Coldwind - Gynvael is a IT security engineer at Google.
-  :small_orange_diamond: Michał "lcamtuf" Zalewski - "white hat" hacker, computer security expert.
-  :small_orange_diamond: Mattias Geniar - developer, Sysadmin, Blogger, Podcaster and Public Speaker.
-  :small_orange_diamond: Nick Craver - Software Developer and Systems Administrator for Stack Exchange.
-  :small_orange_diamond: Robert Penz - IT security Expert.
-  :small_orange_diamond: Scott Helme - Security Researcher, international speaker and founder of securityheaders.com and report-uri.com.
+  :small_orange_diamond: Brendan Gregg's Blog - is an industry expert in computing performance and cloud computing.
+  :small_orange_diamond: Gynvael "GynDream" Coldwind - is a IT security engineer at Google.
+  :small_orange_diamond: Michał "lcamtuf" Zalewski - white hat hacker, computer security expert.
+  :small_orange_diamond: Mattias Geniar - developer, sysadmin, blogger, podcaster and public speaker.
+  :small_orange_diamond: Nick Craver - software developer and systems administrator for Stack Exchange.
+  :small_orange_diamond: Scott Helme - security researcher, international speaker and founder of securityheaders.com and report-uri.com.
  :small_orange_diamond: Brian Krebs - The Washington Post and now an Independent investigative journalist.
  :small_orange_diamond: Bruce Schneier - is an internationally renowned security technologist, called a "security guru".
  :small_orange_diamond: Chrissy Morgan - advocate of practical learning, Chrissy also takes part in bug bounty programs.
-  :small_orange_diamond: Andy Gill - Andy is a hacker at heart who works as a senior penetration tester.
+  :small_orange_diamond: Andy Gill - is a hacker at heart who works as a senior penetration tester.
  :small_orange_diamond: Daniel Miessler - cybersecurity expert and writer.
-  :small_orange_diamond: Javvad Malik - is a Security Advocate at AlienVault, a blogger event speaker and industry commentator.
+  :small_orange_diamond: Javvad Malik - is a security advocate at AlienVault, a blogger event speaker and industry commentator.
  :small_orange_diamond: Graham Cluley - public speaker and independent computer security analyst.
-  :small_orange_diamond: Kacper Szurek - Detection Engineer at ESET.
-  :small_orange_diamond: Troy Hunt - Microsoft Regional Director and Microsoft Most Valuable Professional for Developer Security.
-  :small_orange_diamond: raymii.org - Linux/Unix Sysadmin specializing in building high availability cloud environments.
+  :small_orange_diamond: Kacper Szurek - detection engineer at ESET.
+  :small_orange_diamond: Troy Hunt - web security expert known for public education and outreach on security topics.
+  :small_orange_diamond: raymii.org - sysadmin specializing in building high availability cloud environments.
+  :small_orange_diamond: Robert Penz - IT security expert.

##### :black_small_square: Geeky Blogs

-  :small_orange_diamond: Linux Audit - the Linux security blog about Auditing, Hardening and Compliance by Michael Boelen.
+  :small_orange_diamond: Linux Audit - the Linux security blog about auditing, hardening and compliance by Michael Boelen.
  :small_orange_diamond: Linux Security Expert - trainings, howtos, checklists, security tools and more.
  :small_orange_diamond: The Grymoire - collection of useful incantations for wizards, be you computer wizards, magicians, or whatever.
@@ -883,14 +883,14 @@ Linux Security Expert - trainings, howtos, checklists, security tools an   :small_orange_diamond: Tripwire State of Security - blog featuring the latest news, trends and insights on current information security issues.
  :small_orange_diamond: Malwarebytes Labs Blog - security blog aims to provide insider news about cybersecurity.
  :small_orange_diamond: TrustedSec - latest news, and trends about cybersecurity.
-  :small_orange_diamond: AT&T Cybersecurity blog - offer news on emerging threats and practical advice to simplify threat detection and incident response.
+  :small_orange_diamond: AT&T Cybersecurity blog - news on emerging threats and practical advice to simplify threat detection.
  :small_orange_diamond: Thycotic - where CISOs and IT Admins come to learn about industry trends, IT security, data breaches, and more.

##### :black_small_square: Geeky Cybersecurity Podcasts

-  :small_orange_diamond: Risky Business - is a weekly information security podcast featuring news and in-depth interviews with industry luminaries.
+  :small_orange_diamond: Risky Business - is a weekly information security podcast featuring news and in-depth interviews.
  :small_orange_diamond: Cyber, by Motherboard - stories, and focus on the ideas about cybersecurity.
  :small_orange_diamond: Tenable Podcast - conversations and interviews related to Cyber Exposure, and more.
  :small_orange_diamond: @@ -924,7 +924,7 @@ CyberTalks - talks, interviews, and article about cybersecurity.
##### :black_small_square: Best Personal Twitter Accounts

-  :small_orange_diamond: @blackroomsec - a white-hat hacker/pentester. Intergalactic Minesweeper Champion 1990. Hacking is not a hobby but a way of life.
+  :small_orange_diamond: @blackroomsec - a white-hat hacker/pentester. Intergalactic Minesweeper Champion 1990.
  :small_orange_diamond: @MarcoCiappelli - Co-Founder @ITSPmagazine, at the intersection of IT security and society.
  :small_orange_diamond: @binitamshah - Linux Evangelist. Malwares. Kernel Dev. Security Enthusiast.
  :small_orange_diamond: @joe_carson - an InfoSec Professional and Tech Geek.
@@ -938,8 +938,7 @@ CyberTalks - talks, interviews, and article about cybersecurity.
  :small_orange_diamond: @bugcrowd - trusted by more of the Fortune 500 than any other crowdsourced security platform.
  :small_orange_diamond: @Malwarebytes - most trusted security company. Unmatched threat visibility.
  :small_orange_diamond: @sansforensics - the world's leading Digital Forensics and Incident Response provider.
-  :small_orange_diamond: @attcyber - AT&T Cybersecurity’s Edge-to-Edge technologies provide phenomenal threat intelligence, collaborative defense and security.
-  :small_orange_diamond: @attcyber - AT&T Cybersecurity’s Edge-to-Edge technologies provide phenomenal threat intelligence, collaborative defense and security.
+  :small_orange_diamond: @attcyber - AT&T Cybersecurity’s Edge-to-Edge technologies provide threat intelligence, collaborative defense and more.
  :small_orange_diamond: @TheManyHatsClub - an information security focused podcast and group of individuals from all walks of life.
  :small_orange_diamond: @hedgehogsec - Hedgehog Cyber. Gibraltar and Manchester's top boutique information security firm.
  :small_orange_diamond: @NCSC - the National Cyber Security Centre. Helping to make the UK the safest place to live and work online.
@@ -958,7 +957,7 @@ CyberTalks - talks, interviews, and article about cybersecurity.

  :small_orange_diamond: Sandcat Browser - a penetration-oriented browser with plenty of advanced functionality already built in.
  :small_orange_diamond: Metasploit - tool and framework for pentesting system, web and many more, contains a lot a ready to use exploit.
-  :small_orange_diamond: Burp Suite - tool for testing Web application security, intercepting proxy to replay, inject, scan and fuzz HTTP requests.
+  :small_orange_diamond: Burp Suite - tool for testing web application security, intercepting proxy to replay, inject, scan and fuzz HTTP requests.
  :small_orange_diamond: OWASP Zed Attack Proxy - intercepting proxy to replay, inject, scan and fuzz HTTP requests.
  :small_orange_diamond: w3af - is a Web Application Attack and Audit Framework.
  :small_orange_diamond: mitmproxy - an interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
From 4e9dfd7847810d126ce8f7bad0c26add46d1abdc Mon Sep 17 00:00:00 2001 From: trimstray Date: Thu, 16 May 2019 14:15:03 +0200 Subject: [PATCH 12/93] minor fixes for long lines - signed-off-by: trimstray --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index bada046..4b1c78d 100644 --- a/README.md +++ b/README.md @@ -890,7 +890,7 @@ Linux Security Expert - trainings, howtos, checklists, security tools an ##### :black_small_square: Geeky Cybersecurity Podcasts

-  :small_orange_diamond: Risky Business - is a weekly information security podcast featuring news and in-depth interviews.
+  :small_orange_diamond: Risky Business - is a weekly information security podcast.
  :small_orange_diamond: Cyber, by Motherboard - stories, and focus on the ideas about cybersecurity.
  :small_orange_diamond: Tenable Podcast - conversations and interviews related to Cyber Exposure, and more.
  :small_orange_diamond: @@ -938,7 +938,7 @@ CyberTalks - talks, interviews, and article about cybersecurity.
  :small_orange_diamond: @bugcrowd - trusted by more of the Fortune 500 than any other crowdsourced security platform.
  :small_orange_diamond: @Malwarebytes - most trusted security company. Unmatched threat visibility.
  :small_orange_diamond: @sansforensics - the world's leading Digital Forensics and Incident Response provider.
-  :small_orange_diamond: @attcyber - AT&T Cybersecurity’s Edge-to-Edge technologies provide threat intelligence, collaborative defense and more.
+  :small_orange_diamond: @attcyber - AT&T Cybersecurity’s Edge-to-Edge technologies provide threat intelligence, and more.
  :small_orange_diamond: @TheManyHatsClub - an information security focused podcast and group of individuals from all walks of life.
  :small_orange_diamond: @hedgehogsec - Hedgehog Cyber. Gibraltar and Manchester's top boutique information security firm.
  :small_orange_diamond: @NCSC - the National Cyber Security Centre. Helping to make the UK the safest place to live and work online.
From 3b1497fd3c675c4f40fa807c9d678da1d94a0db0 Mon Sep 17 00:00:00 2001 From: trimstray Date: Thu, 16 May 2019 14:53:07 +0200 Subject: [PATCH 13/93] update 'Geeky Cybersecurity Podcasts' - signed-off-by: trimstray --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 4b1c78d..e8cd303 100644 --- a/README.md +++ b/README.md @@ -902,7 +902,7 @@ Cybercrime Investigations - podcast by Geoff White about cybercrimes.
-  :small_orange_diamond: Risky Business - is a weekly information security podcast featuring news and in-depth interviews with industry luminaries.
+  :small_orange_diamond: Risky Business - is a weekly information security podcast featuring news and in-depth interviews.
  :small_orange_diamond: Cyber, by Motherboard - stories, and focus on the ideas about cybersecurity.
  :small_orange_diamond: Tenable Podcast - conversations and interviews related to Cyber Exposure, and more.
  :small_orange_diamond: From a016d0120ea346dd9d15e9f14f729697a1a08cf4 Mon Sep 17 00:00:00 2001 From: trimstray Date: Thu, 16 May 2019 15:09:21 +0200 Subject: [PATCH 14/93] remove the duplicated sub-section - signed-off-by: trimstray --- README.md | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/README.md b/README.md index e8cd303..fbd9437 100644 --- a/README.md +++ b/README.md @@ -889,18 +889,6 @@ Linux Security Expert - trainings, howtos, checklists, security tools an ##### :black_small_square: Geeky Cybersecurity Podcasts -

-  :small_orange_diamond: Risky Business - is a weekly information security podcast.
-  :small_orange_diamond: Cyber, by Motherboard - stories, and focus on the ideas about cybersecurity.
-  :small_orange_diamond: Tenable Podcast - conversations and interviews related to Cyber Exposure, and more.
-  :small_orange_diamond: -Cybercrime Investigations - podcast by Geoff White about cybercrimes.
-  :small_orange_diamond: The many hats club - featuring stories from a wide range of Infosec people (Whitehat, Greyhat and Blackhat).
-  :small_orange_diamond: Darknet Diaries - true stories from the dark side of the Internet.
-

- -##### :black_small_square: Geeky Cybersecurity Podcasts -

  :small_orange_diamond: Risky Business - is a weekly information security podcast featuring news and in-depth interviews.
  :small_orange_diamond: Cyber, by Motherboard - stories, and focus on the ideas about cybersecurity.
From aaec253e45982a4f6fdecb89e7bc6c09fb55829d Mon Sep 17 00:00:00 2001 From: trimstray Date: Fri, 17 May 2019 09:45:55 +0200 Subject: [PATCH 15/93] merge 'Videos/Presentations' and 'Blogs/Podcasts/Videos' - signed-off-by: trimstray --- README.md | 41 +++++++++++++++++++---------------------- 1 file changed, 19 insertions(+), 22 deletions(-) diff --git a/README.md b/README.md index fbd9437..f6c5ed4 100644 --- a/README.md +++ b/README.md @@ -75,7 +75,6 @@ Only main chapters: - **[Systems/Services](#systemsservices-toc)** - **[Networks](#networks-toc)** - **[Manuals/Howtos/Tutorials](#manualshowtostutorials-toc)** -- **[Videos/Presentations](#videospresentations-toc)** - **[Inspiring Lists](#inspiring-lists-toc)** - **[Blogs/Podcasts/Videos](#blogspodcastsvideos-toc)** - **[Hacking/Penetration Testing](#hackingpenetration-testing-toc)** @@ -766,27 +765,6 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: Let's Build a Simple Database - writing a sqlite clone from scratch in C.

-#### Videos/Presentations  [[TOC]](#anger-table-of-contents) - -##### :black_small_square: SysOps/DevOps - -

-  :small_orange_diamond: Varnish for PHP developers - very interesting presentation of varnish by Mattias Geniar.
-  :small_orange_diamond: A Netflix Guide to Microservices - Josh Evans talks about the chaotic and vibrant world of microservices at Netflix.
-

- -##### :black_small_square: Developers - -

-  :small_orange_diamond: Comparing C to machine language - compare a simple C program with the compiled machine code of that program.
-

- -##### :black_small_square: Other - -

-  :small_orange_diamond: Diffie-Hellman Key Exchange (short version) - how Diffie-Hellman Key Exchange worked.
-

- #### Inspiring Lists  [[TOC]](#anger-table-of-contents) ##### :black_small_square: SysOps/DevOps @@ -841,6 +819,19 @@ performance of any of your sites from across the globe.
#### Blogs/Podcasts/Videos  [[TOC]](#anger-table-of-contents) +##### :black_small_square: SysOps/DevOps + +

+  :small_orange_diamond: Varnish for PHP developers - very interesting presentation of varnish by Mattias Geniar.
+  :small_orange_diamond: A Netflix Guide to Microservices - Josh Evans talks about the chaotic and vibrant world of microservices at Netflix.
+

+ +##### :black_small_square: Developers + +

+  :small_orange_diamond: Comparing C to machine language - compare a simple C program with the compiled machine code of that program.
+

+ ##### :black_small_square: Geeky Persons

@@ -938,6 +929,12 @@ CyberTalks - talks, interviews, and article about cybersecurity.
  :small_orange_diamond: How to Do Things at ARL - how to configure modems, scan images, record CD-ROMs, and other useful techniques.

+##### :black_small_square: Other + +

+  :small_orange_diamond: Diffie-Hellman Key Exchange (short version) - how Diffie-Hellman Key Exchange worked.
+

+ #### Hacking/Penetration Testing  [[TOC]](#anger-table-of-contents) ##### :black_small_square: Pentesters arsenal tools From 86e595a1dee66457c3a5b075b35fdc521805ab2a Mon Sep 17 00:00:00 2001 From: trimstray Date: Fri, 17 May 2019 09:49:22 +0200 Subject: [PATCH 16/93] minor updates - signed-off-by: trimstray --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index f6c5ed4..f68167c 100644 --- a/README.md +++ b/README.md @@ -822,7 +822,7 @@ performance of any of your sites from across the globe.
##### :black_small_square: SysOps/DevOps

-  :small_orange_diamond: Varnish for PHP developers - very interesting presentation of varnish by Mattias Geniar.
+  :small_orange_diamond: Varnish for PHP developers - very interesting presentation of Varnish by Mattias Geniar.
  :small_orange_diamond: A Netflix Guide to Microservices - Josh Evans talks about the chaotic and vibrant world of microservices at Netflix.

From e53789eae009e539cf9e9348c69aa12ca065717d Mon Sep 17 00:00:00 2001 From: KingOfDireWolves Date: Fri, 17 May 2019 15:42:19 +0530 Subject: [PATCH 17/93] Fixed Grammar for various tools --- README.md | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/README.md b/README.md index fbd9437..5d2311e 100644 --- a/README.md +++ b/README.md @@ -101,12 +101,12 @@ Only main chapters: ##### :black_small_square: Managers

-  :small_orange_diamond: Midnight Commander - visual file manager, licensed under GNU General Public License.
-  :small_orange_diamond: ranger - a VIM-inspired filemanager for the console.
-  :small_orange_diamond: nnn - tiny, lightning fast, feature-packed file manager.
-  :small_orange_diamond: screen - full-screen window manager that multiplexes a physical terminal.
-  :small_orange_diamond: tmux - terminal multiplexer, lets you switch easily between several programs in one terminal.
-  :small_orange_diamond: tmux-cssh - sets a comfortable and easy to use functionality, clustering and synchronizing virtual tmux-sessions.
+  :small_orange_diamond: Midnight Commander - is a visual file manager, licensed under GNU General Public License.
+  :small_orange_diamond: ranger - is a VIM-inspired filemanager for the console.
+  :small_orange_diamond: nnn - is a tiny, lightning fast, feature-packed file manager.
+  :small_orange_diamond: screen - is a full-screen window manager that multiplexes a physical terminal.
+  :small_orange_diamond: tmux - is a terminal multiplexer, lets you switch easily between several programs in one terminal.
+  :small_orange_diamond: tmux-cssh - is a tool to set comfortable and easy to use functionality, clustering and synchronizing virtual tmux-sessions.

##### :black_small_square: Text editors @@ -114,7 +114,7 @@ Only main chapters:

  :small_orange_diamond: vi - is one of the most common text editors on Unix.
  :small_orange_diamond: vim - is a highly configurable text editor.
-  :small_orange_diamond: emacs - an extensible, customizable, free/libre text editor - and more.
+  :small_orange_diamond: emacs - is an extensible, customizable, free/libre text editor - and more.

##### :black_small_square: Files and directories @@ -138,7 +138,7 @@ Only main chapters:   :small_orange_diamond: Termshark - is a simple terminal user-interface for tshark.
  :small_orange_diamond: ngrep - is like GNU grep applied to the network layer.
  :small_orange_diamond: stenographer - is a packet capture solution which aims to quickly spool all packets to disk.
-  :small_orange_diamond: bmon - monitoring and debugging tool to capture networking related statistics and prepare them visually.
+  :small_orange_diamond: bmon - is a monitoring and debugging tool to capture networking related statistics and prepare them visually.
  :small_orange_diamond: iptraf-ng - is a console-based network monitoring program for Linux that displays information about IP traffic.
  :small_orange_diamond: iPerf3 - is a tool for active measurements of the maximum achievable bandwidth on IP networks.
  :small_orange_diamond: ethr - is a Network Performance Measurement Tool for TCP, UDP & HTTP.
@@ -157,7 +157,7 @@ Only main chapters:   :small_orange_diamond: fierce - is a DNS reconnaissance tool for locating non-contiguous IP space.
  :small_orange_diamond: subfinder - is a subdomain discovery tool that discovers valid subdomains for websites.
  :small_orange_diamond: sublist3r - is a fast subdomains enumeration tool for penetration testers.
-  :small_orange_diamond: amass - tool obtains subdomain names by scraping data sources, crawling web archives and more.
+  :small_orange_diamond: amass - is tool that obtains subdomain names by scraping data sources, crawling web archives and more.
  :small_orange_diamond: namebench - provides personalized DNS server recommendations based on your browsing history.
  :small_orange_diamond: dnscrypt-proxy 2 - a flexible DNS proxy, with support for encrypted DNS protocols.

@@ -165,23 +165,23 @@ Only main chapters: ##### :black_small_square: Network (HTTP)

-  :small_orange_diamond: Curl - command line tool and library for transferring data with URLs.
+  :small_orange_diamond: Curl - is a command line tool and library for transferring data with URLs.
  :small_orange_diamond: kurly - is an alternative to the widely popular curl program, written in Golang.
-  :small_orange_diamond: HTTPie - a user-friendly HTTP client.
-  :small_orange_diamond: wuzz - interactive cli tool for HTTP inspection.
-  :small_orange_diamond: htrace.sh - simple Swiss Army knife for http/https troubleshooting and profiling.
-  :small_orange_diamond: httpstat - visualizes curl statistics in a way of beauty and clarity.
-  :small_orange_diamond: httplab - the interactive web server.
+  :small_orange_diamond: HTTPie - is an user-friendly HTTP client.
+  :small_orange_diamond: wuzz - is an interactive cli tool for HTTP inspection.
+  :small_orange_diamond: htrace.sh - is a simple Swiss Army knife for http/https troubleshooting and profiling.
+  :small_orange_diamond: httpstat - is a tool that visualizes curl statistics in a way of beauty and clarity.
+  :small_orange_diamond: httplab - is an interactive web server.
  :small_orange_diamond: Lynx - is a text browser for the World Wide Web.
  :small_orange_diamond: HeadlessBrowsers - a list of (almost) all headless web browsers in existence.
  :small_orange_diamond: ab - is a single-threaded command line tool for measuring the performance of HTTP web servers.
  :small_orange_diamond: siege - is an http load testing and benchmarking utility.
  :small_orange_diamond: wrk - is a modern HTTP benchmarking tool capable of generating significant load.
-  :small_orange_diamond: bombardier - fast cross-platform HTTP benchmarking tool written in Go.
+  :small_orange_diamond: bombardier - is a fast cross-platform HTTP benchmarking tool written in Go.
  :small_orange_diamond: gobench - http/https load testing and benchmarking tool.
  :small_orange_diamond: hey - HTTP load generator, ApacheBench (ab) replacement, formerly known as rakyll/boom.
  :small_orange_diamond: boom - is a script you can use to quickly smoke-test your web app deployment.
-  :small_orange_diamond: gobuster - free and open source directory/file & DNS busting tool written in Go.
+  :small_orange_diamond: gobuster - is a free and open source directory/file & DNS busting tool written in Go.

##### :black_small_square: SSL From c374917174df4471b0125f5009188ce66d8e7f44 Mon Sep 17 00:00:00 2001 From: trimstray Date: Fri, 17 May 2019 23:40:43 +0200 Subject: [PATCH 18/93] add 'nginx-admins-handbook' - signed-off-by: trimstray --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index cb4eea8..53fff73 100644 --- a/README.md +++ b/README.md @@ -684,6 +684,7 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: strace-little-book - a little book which introduces strace.
  :small_orange_diamond: http2-explained - a detailed document explaining and documenting HTTP/2.
  :small_orange_diamond: http3-explained - a document describing the HTTP/3 and QUIC protocols.
+  :small_orange_diamond: Nginx Admin's Handbook - describes how to improve NGINX performance, security and other important things.
  :small_orange_diamond: openssh guideline - is to help operational teams with the configuration of OpenSSH server and client.

From ec4038fd9d4480bc4f0796a0a81f81d1273fdd06 Mon Sep 17 00:00:00 2001 From: trimstray Date: Fri, 17 May 2019 23:42:39 +0200 Subject: [PATCH 19/93] add 'the-practical-linux-hardening-guide' - signed-off-by: trimstray --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 53fff73..4ea5778 100644 --- a/README.md +++ b/README.md @@ -703,6 +703,7 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: STIGs - are the configuration standards for DOD IA and IA-enabled devices/systems.
  :small_orange_diamond: Security Harden CentOS 7 - this walks you through the steps required to security harden CentOS.
  :small_orange_diamond: CentOS 7 Server Hardening Guide - great guide for hardening CentOS; familiar with OpenSCAP.
+  :small_orange_diamond: The Practical Linux Hardening Guide - provides a high-level overview of hardening GNU/Linux systems.

##### :black_small_square: Security & Privacy From ee42bc5017ad913cd1a236823671b8c8a41beced Mon Sep 17 00:00:00 2001 From: trimstray Date: Sat, 18 May 2019 18:00:52 +0200 Subject: [PATCH 20/93] add '@Synacktiv' twitter account - signed-off-by: trimstray --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 4ea5778..dfa664c 100644 --- a/README.md +++ b/README.md @@ -923,6 +923,7 @@ CyberTalks - talks, interviews, and article about cybersecurity.
  :small_orange_diamond: @TheManyHatsClub - an information security focused podcast and group of individuals from all walks of life.
  :small_orange_diamond: @hedgehogsec - Hedgehog Cyber. Gibraltar and Manchester's top boutique information security firm.
  :small_orange_diamond: @NCSC - the National Cyber Security Centre. Helping to make the UK the safest place to live and work online.
+  :small_orange_diamond: @Synacktiv - IT security experts.

##### :black_small_square: A piece of history From 0a0c6c81535441fec5a98d76f1bc5e21b374362f Mon Sep 17 00:00:00 2001 From: trimstray Date: Mon, 20 May 2019 09:23:38 +0200 Subject: [PATCH 21/93] minor fixes - signed-off-by: trimstray --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index dfa664c..d9094ec 100644 --- a/README.md +++ b/README.md @@ -92,7 +92,7 @@ Only main chapters:

  :small_orange_diamond: GNU Bash - is an sh-compatible shell that incorporates useful features from the Korn shell and C shell.
  :small_orange_diamond: Zsh - is a shell designed for interactive use, although it is also a powerful scripting language.
-  :small_orange_diamond: bash-it - is a framework for using, developing and maintaining shell scripts and custom commands for your daily work.
+  :small_orange_diamond: bash-it - is a framework for using, developing and maintaining shell scripts and custom commands.
  :small_orange_diamond: Oh My ZSH! - is the best framework for managing your Zsh configuration.
  :small_orange_diamond: Oh My Fish - the Fishshell framework.

@@ -105,7 +105,7 @@ Only main chapters:   :small_orange_diamond: nnn - is a tiny, lightning fast, feature-packed file manager.
  :small_orange_diamond: screen - is a full-screen window manager that multiplexes a physical terminal.
  :small_orange_diamond: tmux - is a terminal multiplexer, lets you switch easily between several programs in one terminal.
-  :small_orange_diamond: tmux-cssh - is a tool to set comfortable and easy to use functionality, clustering and synchronizing virtual tmux-sessions.
+  :small_orange_diamond: tmux-cssh - is a tool to set comfortable and easy to use functionality, clustering and synchronizing tmux-sessions.

##### :black_small_square: Text editors From f5ea604aa7583efff8c80015c146c417d6f9bfbe Mon Sep 17 00:00:00 2001 From: trimstray Date: Tue, 21 May 2019 08:57:38 +0200 Subject: [PATCH 22/93] add new one-liner to 'screen' - signed-off-by: trimstray --- README.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index d9094ec..1c7a284 100644 --- a/README.md +++ b/README.md @@ -1970,7 +1970,13 @@ ___ ###### Start screen in detached mode ```bash -screen -d -m [] +screen -d -m +``` + +###### Attach to an existing screen session + +```bash +screen -r -d ``` ___ From 587e6879cf3eeb6cb4489920509c1ae8d85ffaa0 Mon Sep 17 00:00:00 2001 From: trimstray Date: Thu, 23 May 2019 08:51:53 +0200 Subject: [PATCH 23/93] #91 - add 'OSINTCurious Webcasts' - signed-off-by: trimstray --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 1c7a284..a545511 100644 --- a/README.md +++ b/README.md @@ -890,6 +890,7 @@ Linux Security Expert - trainings, howtos, checklists, security tools an Cybercrime Investigations - podcast by Geoff White about cybercrimes.
  :small_orange_diamond: The many hats club - featuring stories from a wide range of Infosec people (Whitehat, Greyhat and Blackhat).
  :small_orange_diamond: Darknet Diaries - true stories from the dark side of the Internet.
+  :small_orange_diamond: OSINTCurious Webcasts - is the investigative curiousity that helps people be successful in OSINT.

##### :black_small_square: Geeky Cybersecurity Video Blogs From ba45cae6d038603772e3b9ee1059fb2b6c172b56 Mon Sep 17 00:00:00 2001 From: trimstray Date: Fri, 24 May 2019 09:00:55 +0200 Subject: [PATCH 24/93] add new inspiring lists - signed-off-by: trimstray --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index a545511..fd54cbe 100644 --- a/README.md +++ b/README.md @@ -776,6 +776,7 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: Awesome Shell - awesome command-line frameworks, toolkits, guides and gizmos.
  :small_orange_diamond: Command-line-text-processing - from finding text to search and replace, from sorting to beautifying text and more.
  :small_orange_diamond: Awesome Pcaptools - collection of tools developed by other researchers to process network traces.
+  :small_orange_diamond: awesome-ebpf - a curated list of awesome projects related to eBPF.
  :small_orange_diamond: Linux Network Performance - learn where some of the network sysctl variables fit into the Linux/Kernel network flow.
  :small_orange_diamond: Awesome Postgres - list of awesome PostgreSQL software, libraries, tools and resources.
  :small_orange_diamond: quick-SQL-cheatsheet - a quick reminder of all SQL queries and examples on how to use them.
@@ -800,6 +801,7 @@ performance of any of your sites from across the globe.

  :small_orange_diamond: Awesome Web Security - a curated list of Web Security materials and resources.
  :small_orange_diamond: awesome-cyber-skills - a curated list of hacking environments where you can train your cyber skills.
+  :small_orange_diamond: awesome-threat-intelligence - a curated list of Awesome Threat Intelligence resources.
  :small_orange_diamond: Red-Teaming-Toolkit - a collection of open source and commercial tools that aid in red team operations.
  :small_orange_diamond: awesome-burp-extensions - a curated list of amazingly awesome Burp Extensions.
  :small_orange_diamond: Free Security eBooks - list of a Free Security and Hacking eBooks.
@@ -1164,6 +1166,7 @@ CyberTalks - talks, interviews, and article about cybersecurity.
  :small_orange_diamond: os-tutorial - how to create an OS from scratch.
  :small_orange_diamond: Write your Own Virtual Machine - how to write your own virtual machine (VM).
  :small_orange_diamond: x86 Bare Metal Examples - dozens of minimal operating systems to learn x86 system programming.
+  :small_orange_diamond: simple-computer - the scott CPU from "But How Do It Know?" by J. Clark Scott.

###### DNS Servers list (privacy) From bc064511d711ae045a851d4136b302beb9e56365 Mon Sep 17 00:00:00 2001 From: trimstray Date: Mon, 27 May 2019 12:26:57 +0200 Subject: [PATCH 25/93] add 'APISecurityBestPractices' - signed-off-by: trimstray --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index fd54cbe..0eaaad6 100644 --- a/README.md +++ b/README.md @@ -736,6 +736,7 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: Practical Web Cache Poisoning - show you how to compromise websites by using esoteric web features.
  :small_orange_diamond: Hidden directories and files - as a source of sensitive information about web application.
  :small_orange_diamond: Security Cookies - this paper will take a close look at cookie security.
+  :small_orange_diamond: APISecurityBestPractices - resources to help you keep secrets (API keys, database credentials, certificates) out of source code.

##### :black_small_square: All-in-one From f03f6a9eb4e9f5d2394958fc42d2c50fa7c4c72f Mon Sep 17 00:00:00 2001 From: trimstray Date: Mon, 27 May 2019 12:29:26 +0200 Subject: [PATCH 26/93] minor fixes - signed-off-by: trimstray --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 0eaaad6..dea3043 100644 --- a/README.md +++ b/README.md @@ -736,7 +736,7 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: Practical Web Cache Poisoning - show you how to compromise websites by using esoteric web features.
  :small_orange_diamond: Hidden directories and files - as a source of sensitive information about web application.
  :small_orange_diamond: Security Cookies - this paper will take a close look at cookie security.
-  :small_orange_diamond: APISecurityBestPractices - resources to help you keep secrets (API keys, database credentials, certificates) out of source code.
+  :small_orange_diamond: APISecurityBestPractices - help you keep secrets (API keys, db credentials, certificates) out of source code.

##### :black_small_square: All-in-one From c9b39b8ba0360c29cae2f34c9b943f8f1eaaa95d Mon Sep 17 00:00:00 2001 From: trimstray Date: Mon, 3 Jun 2019 21:36:30 +0200 Subject: [PATCH 27/93] add 'Vulncode-DB' - signed-off-by: trimstray --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index dea3043..e1c1349 100644 --- a/README.md +++ b/README.md @@ -524,6 +524,7 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: 0day.today - exploits market provides you the possibility to buy zero-day exploits and also to sell 0day exploits.
  :small_orange_diamond: sploitus - the exploit and tools database.
  :small_orange_diamond: cxsecurity - free vulnerability database.
+  :small_orange_diamond: Vulncode-DB - is a database for vulnerabilities and their corresponding source code if available.
  :small_orange_diamond: cveapi - free API for CVE data.

From 741d1253ff78ba87b2cd52ee5a7ccc5da266841a Mon Sep 17 00:00:00 2001 From: trimstray Date: Tue, 4 Jun 2019 13:15:39 +0200 Subject: [PATCH 28/93] fix for httpie one-liners - signed-off-by: trimstray --- README.md | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index e1c1349..ea96472 100644 --- a/README.md +++ b/README.md @@ -2463,16 +2463,15 @@ http -p Hh https://www.google.com * `b` - response body ```bash -http -p Hh --follow --max-redirects 5 --verify no https://www.google.com +http -p Hh https://www.google.com --follow --verify no ``` * `-F, --follow` - follow redirects - * `--max-redirects N` - maximum for `--follow` * `--verify no` - skip SSL verification ```bash -http -p Hh --follow --max-redirects 5 --verify no \ ---proxy http:http://127.0.0.1:16379 https://www.google.com +http -p Hh https://www.google.com --follow --verify no \ +--proxy http:http://127.0.0.1:16379 ``` * `--proxy [http:]` - set proxy server From 61cca29ebbc9d3521d97ca5751022a5a50791bb0 Mon Sep 17 00:00:00 2001 From: trimstray Date: Tue, 4 Jun 2019 13:23:51 +0200 Subject: [PATCH 29/93] fix typos - signed-off-by: trimstray --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index ea96472..00fa308 100644 --- a/README.md +++ b/README.md @@ -2030,25 +2030,25 @@ ___ ##### Tool: [openssl](https://www.openssl.org/) -###### Testing connection to remote host +###### Testing connection to the remote host ```bash echo | openssl s_client -connect google.com:443 -showcerts ``` -###### Testing connection to remote host (with SNI support) +###### Testing connection to the remote host (with SNI support) ```bash echo | openssl s_client -showcerts -servername google.com -connect google.com:443 ``` -###### Testing connection to remote host with specific ssl version +###### Testing connection to the remote host with specific ssl version ```bash openssl s_client -tls1_2 -connect google.com:443 ``` -###### Testing connection to remote host with specific ssl cipher +###### Testing connection to the remote host with specific ssl cipher ```bash openssl s_client -cipher 'AES128-SHA' -connect google.com:443 From ba8570602230325d621d246f30ac7be400c0f358 Mon Sep 17 00:00:00 2001 From: trimstray Date: Tue, 4 Jun 2019 14:01:28 +0200 Subject: [PATCH 30/93] add 'SlowHTTPTest'; minor updates - signed-off-by: trimstray --- README.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 00fa308..895e1dd 100644 --- a/README.md +++ b/README.md @@ -180,6 +180,7 @@ Only main chapters:   :small_orange_diamond: gobench - http/https load testing and benchmarking tool.
  :small_orange_diamond: hey - HTTP load generator, ApacheBench (ab) replacement, formerly known as rakyll/boom.
  :small_orange_diamond: boom - is a script you can use to quickly smoke-test your web app deployment.
+  :small_orange_diamond: SlowHTTPTest - is a tool that simulates some Application Layer Denial of Service attacks by prolonging HTTP connections in different ways.
  :small_orange_diamond: gobuster - is a free and open source directory/file & DNS busting tool written in Go.

@@ -2750,7 +2751,7 @@ ___ ##### Tool: [ngrep](http://ngrep.sourceforge.net/usage.html) ```bash -ngrep -d eth0 "www.google.com" port 443 +ngrep -d eth0 "www.domain.com" port 443 ``` * `-d [iface|any]` - set interface @@ -2758,14 +2759,14 @@ ngrep -d eth0 "www.google.com" port 443 * `port [1-65535]` - set port number ```bash -ngrep -d eth0 "www.google.com" (host 10.240.20.2) and (port 443) +ngrep -d eth0 "www.domain.com" src host 10.240.20.2 and port 443 ``` * `(host [ip|hostname])` - filter by ip or hostname * `(port [1-65535])` - filter by port number ```bash -ngrep -d eth0 -qt -O ngrep.pcap "www.google.com" port 443 +ngrep -d eth0 -qt -O ngrep.pcap "www.domain.com" port 443 ``` * `-q` - quiet mode (only payloads) From 4925ff93dc45a5bb811bbd9e0288ea84e909039a Mon Sep 17 00:00:00 2001 From: trimstray Date: Wed, 5 Jun 2019 11:25:47 +0200 Subject: [PATCH 31/93] minor fix in 'Static HTTP web server with SSL support' - signed-off-by: trimstray --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 895e1dd..fb70acf 100644 --- a/README.md +++ b/README.md @@ -3286,7 +3286,6 @@ python -m SimpleHTTPServer 8000 from http.server import HTTPServer, BaseHTTPRequestHandler import ssl - httpd = HTTPServer(('localhost', 4443), BaseHTTPRequestHandler) httpd.socket = ssl.wrap_socket (httpd.socket, From 70804caebe574a15f171a68dba5b20d76f97afe3 Mon Sep 17 00:00:00 2001 From: trimstray Date: Thu, 6 Jun 2019 09:16:13 +0200 Subject: [PATCH 32/93] add new one-liners to 'OpenSSL' - signed-off-by: trimstray --- README.md | 52 ++++++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 46 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index fb70acf..f83fdae 100644 --- a/README.md +++ b/README.md @@ -2101,28 +2101,28 @@ openssl rsa -check -in ${_fd} ) openssl rsa -pubout -in ${_fd} -out ${_fd_pub} ) ``` -###### Generate private key and csr +###### Generate private key and CSR ```bash ( _fd="private.key" ; _fd_csr="request.csr" ; _len="4096" ; \ openssl req -out ${_fd_csr} -new -newkey rsa:${_len} -nodes -keyout ${_fd} ) ``` -###### Generate csr +###### Generate CSR ```bash ( _fd="private.key" ; _fd_csr="request.csr" ; \ openssl req -out ${_fd_csr} -new -key ${_fd} ) ``` -###### Generate csr (metadata from exist certificate) +###### Generate CSR (metadata from existing certificate) ```bash ( _fd="private.key" ; _fd_csr="request.csr" ; _fd_crt="cert.crt" ; \ openssl x509 -x509toreq -in ${_fd_crt} -out ${_fd_csr} -signkey ${_fd} ) ``` -###### Generate csr with -config param +###### Generate CSR with -config param ```bash ( _fd="private.key" ; _fd_csr="request.csr" ; \ @@ -2184,7 +2184,7 @@ openssl ec -in ${_fd} -noout -text ) openssl pkey -in ${_fd} -pubout -out ${_fd_pub} ) ``` -###### Generate private key with csr (ECC) +###### Generate private key with CSR (ECC) ```bash # _curve: prime256v1, secp521r1, secp384r1 @@ -2220,6 +2220,12 @@ openssl x509 -signkey ${_fd} -nodes \ -in ${_fd_csr} -req -days ${_days} -out ${_fd_out} ) ``` +###### Generate DH Param key + +```bash +openssl dhparam -out /etc/nginx/ssl/dhparam_4096.pem 4096 +``` + ###### Convert DER to PEM ```bash @@ -2234,7 +2240,41 @@ openssl x509 -in ${_fd_der} -inform der -outform pem -out ${_fd_pem} ) openssl x509 -in ${_fd_pem} -outform der -out ${_fd_der} ) ``` -###### Checking whether the private key and the certificate match +###### Verification of the private key + +```bash +( _fd="private.key" ; \ +openssl rsa -noout -text -in ${_fd} ) +``` + +###### Verification of the public key + +```bash +# 1) +( _fd="public.key" ; \ +openssl pkey -noout -text -pubin -in ${_fd} ) + +# 2) +( _fd="private.key" ; \ +openssl rsa -inform PEM -noout -in ${_fd} &> /dev/null ; \ +if [ $? = 0 ] ; then echo -en "OK\n" ; fi ) +``` + +###### Verification of the certificate + +```bash +( _fd="certificate.crt" ; # format: pem, cer, crt \ +openssl x509 -noout -text -in ${_fd} ) +``` + +###### Verification of the CSR + +```bash +( _fd_csr="request.csr" ; \ +openssl req -text -noout -in ${_fd_csr} ) +``` + +###### Check whether the private key and the certificate match ```bash (openssl rsa -noout -modulus -in private.key | openssl md5 ; \ From 17a4a122711203f62516d09afaedd49f4ddc5013 Mon Sep 17 00:00:00 2001 From: trimstray Date: Thu, 6 Jun 2019 11:01:38 +0200 Subject: [PATCH 33/93] minor update - signed-off-by: trimstray --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index f83fdae..61a32f4 100644 --- a/README.md +++ b/README.md @@ -180,7 +180,7 @@ Only main chapters:   :small_orange_diamond: gobench - http/https load testing and benchmarking tool.
  :small_orange_diamond: hey - HTTP load generator, ApacheBench (ab) replacement, formerly known as rakyll/boom.
  :small_orange_diamond: boom - is a script you can use to quickly smoke-test your web app deployment.
-  :small_orange_diamond: SlowHTTPTest - is a tool that simulates some Application Layer Denial of Service attacks by prolonging HTTP connections in different ways.
+  :small_orange_diamond: SlowHTTPTest - is a tool that simulates some Application Layer Denial of Service attacks by prolonging HTTP.
  :small_orange_diamond: gobuster - is a free and open source directory/file & DNS busting tool written in Go.

From 3d58430abf01cc2c1f075b31d0b47c1046d4ff48 Mon Sep 17 00:00:00 2001 From: trimstray Date: Thu, 6 Jun 2019 12:28:51 +0200 Subject: [PATCH 34/93] #92 - fix broken urls; minor updates - signed-off-by: trimstray --- README.md | 63 +++++++++++++++++++++++++++---------------------------- 1 file changed, 31 insertions(+), 32 deletions(-) diff --git a/README.md b/README.md index 61a32f4..fd3f9da 100644 --- a/README.md +++ b/README.md @@ -166,7 +166,7 @@ Only main chapters:

  :small_orange_diamond: Curl - is a command line tool and library for transferring data with URLs.
  :small_orange_diamond: kurly - is an alternative to the widely popular curl program, written in Golang.
-  :small_orange_diamond: HTTPie - is an user-friendly HTTP client.
+  :small_orange_diamond: HTTPie - is an user-friendly HTTP client.
  :small_orange_diamond: wuzz - is an interactive cli tool for HTTP inspection.
  :small_orange_diamond: htrace.sh - is a simple Swiss Army knife for http/https troubleshooting and profiling.
  :small_orange_diamond: httpstat - is a tool that visualizes curl statistics in a way of beauty and clarity.
@@ -300,7 +300,7 @@ Only main chapters: ##### :black_small_square: Browsers

-  :small_orange_diamond: TOR Browser - protect your privacy and defend yourself against network surveillance and traffic analysis.
+  :small_orange_diamond: TOR Browser - protect your privacy and defend yourself against network surveillance and traffic analysis.

##### :black_small_square: Password Managers @@ -339,7 +339,7 @@ Only main chapters:

  :small_orange_diamond: SSL/TLS Capabilities of Your Browser - test your browser's SSL implementation.
-  :small_orange_diamond: Can I use - provides up-to-date browser support tables for support of front-end web technologies.
+  :small_orange_diamond: Can I use - provides up-to-date browser support tables for support of front-end web technologies.
  :small_orange_diamond: Panopticlick 3.0 - is your browser safe against tracking?
  :small_orange_diamond: Privacy Analyzer - see what data is exposed from your browser.
  :small_orange_diamond: Web Browser Security - it's all about Web Browser fingerprinting.
@@ -352,8 +352,8 @@ Only main chapters:

  :small_orange_diamond: SSLLabs Server Test - free online service performs a deep analysis of the configuration of any SSL web server.
  :small_orange_diamond: SSLLabs Server Test (DEV) - free online service performs a deep analysis of the configuration of any SSL web server.
-  :small_orange_diamond: ImmuniWeb® SSLScan - test SSL/TLS (PCI DSS, HIPAA and NIST).
-  :small_orange_diamond: COMODO SSL Analyzer - ssl analyzer and ssl certificate checker.
+  :small_orange_diamond: ImmuniWeb® SSLScan - test SSL/TLS (PCI DSS, HIPAA and NIST).
+  :small_orange_diamond: COMODO SSL Analyzer - ssl analyzer and ssl certificate checker.*
  :small_orange_diamond: SSL Check - scan your website for non-secure content.
  :small_orange_diamond: CryptCheck - test your TLS server configuration (e.g. ciphers).
  :small_orange_diamond: urlscan.io - service to scan and analyse websites.
@@ -412,7 +412,7 @@ Only main chapters:   :small_orange_diamond: MX Toolbox - all of your MX record, DNS, blacklist and SMTP diagnostics in one integrated tool.
  :small_orange_diamond: blacklistalert - checks to see if your domain is on a Real Time Spam Blacklist.
  :small_orange_diamond: MultiRBL - complete IP check for sending Mailservers.
-  :small_orange_diamond: DKIM SPF & Spam Assassin Validator - checks mail authentication and scores messages with Spam Assassin.
+  :small_orange_diamond: DKIM SPF & Spam Assassin Validator - checks mail authentication and scores messages with Spam Assassin.

##### :black_small_square: Encoders/Decoders and Regex testing @@ -430,15 +430,15 @@ Only main chapters: ##### :black_small_square: Net-tools

-  :small_orange_diamond: Netcraft - detailed report about the site, helping you to make informed choices about their integrity.
+  :small_orange_diamond: Netcraft - detailed report about the site, helping you to make informed choices about their integrity.*
  :small_orange_diamond: RIPE NCC - not-for-profit membership association, a Regional Internet Registry and the secretariat for the RIPE.
  :small_orange_diamond: Robtex - uses various sources to gather public information about IP numbers, domain names, host names, routes etc.
  :small_orange_diamond: Security Trails - APIs for Security Companies, Researchers and Teams.
  :small_orange_diamond: Online Curl - curl test, analyze HTTP Response Headers.
-  :small_orange_diamond: Ping.eu - online Ping, Traceroute, DNS lookup, WHOIS and others.
+  :small_orange_diamond: Ping.eu - online Ping, Traceroute, DNS lookup, WHOIS and others.
  :small_orange_diamond: Network-Tools - network tools for webmasters, IT technicians & geeks.
  :small_orange_diamond: Riseup - provides online communication tools for people and groups working on liberatory social change.
-  :small_orange_diamond: VirusTotal - analyze suspicious files and URLs to detect types of malware.
+  :small_orange_diamond: VirusTotal - analyze suspicious files and URLs to detect types of malware.

##### :black_small_square: Privacy @@ -454,7 +454,6 @@ Only main chapters:   :small_orange_diamond: ShellCheck - finds bugs in your shell scripts.
  :small_orange_diamond: explainshell - get interactive help texts for shell commands.
  :small_orange_diamond: jsbin - live pastebin for HTML, CSS & JavaScript and more.
-  :small_orange_diamond: CodePen - a social development environment for front-end designers and developers.
  :small_orange_diamond: CodeSandbox - online code editor for web application development. Supports React, Vue, Angular, CxJS, Dojo, etc.
  :small_orange_diamond: PHP Sandbox - test your PHP code with this code tester.
  :small_orange_diamond: Repl.it - an instant IDE to learn, build, collaborate, and host all in one place.
@@ -487,14 +486,14 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: wigle - is a submission-based catalog of wireless networks. All the networks. Found by Everyone.
  :small_orange_diamond: PublicWWW - find any alphanumeric snippet, signature or keyword in the web pages HTML, JS and CSS code.
  :small_orange_diamond: IntelTechniques - this repository contains hundreds of online search utilities.
-  :small_orange_diamond: Hackle - search engine for hackers and security professionals.
+  :small_orange_diamond: Hackle - search engine for hackers and security professionals.*
  :small_orange_diamond: hunter - lets you find email addresses in seconds and connect with the people that matter for your business.
  :small_orange_diamond: GhostProject? - search by full email address or username.
  :small_orange_diamond: databreaches - was my email affected by data breach?
  :small_orange_diamond: Buckets by Grayhatwarfar - database with public search for Open Amazon S3 Buckets and their contents.
  :small_orange_diamond: Vigilante.pw - the breached database directory.
  :small_orange_diamond: builtwith - find out what websites are built with.
-  :small_orange_diamond: Mamont's open FTP Index - if a target has an open FTP site with accessible content it will be listed here.
+  :small_orange_diamond: Mamont's open FTP Index - if a target has an open FTP site with accessible content it will be listed here.
  :small_orange_diamond: OSINT Framework - focused on gathering information from free tools or resources.
  :small_orange_diamond: maltiverse - is a service oriented to cybersecurity analysts for the advanced analysis of indicators of compromise.
  :small_orange_diamond: Leaked Source - is a collaboration of data found online in the form of a lookup.
@@ -512,7 +511,7 @@ performance of any of your sites from across the globe.
##### :black_small_square: Passwords

-  :small_orange_diamond: Gotcha? - list of 1.4 billion accounts circulates around the Internet.
+  :small_orange_diamond: Gotcha? - list of 1.4 billion accounts circulates around the Internet.*
  :small_orange_diamond: have i been pwned? - check if you have an account that has been compromised in a data breach.

@@ -532,7 +531,7 @@ performance of any of your sites from across the globe.
##### :black_small_square: Mobile apps scanners

-  :small_orange_diamond: ImmuniWeb® Mobile App Scanner - test security and privacy of mobile apps (iOS & Android).
+  :small_orange_diamond: ImmuniWeb® Mobile App Scanner - test security and privacy of mobile apps (iOS & Android).
  :small_orange_diamond: Quixxi - free Mobile App Vulnerability Scanner for Android & iOS.
  :small_orange_diamond: Ostorlab - analyzes mobile application to identify vulnerabilities and potential weaknesses.

@@ -582,7 +581,7 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: OpenBSD - multi-platform 4.4BSD-based UNIX-like operating system.
  :small_orange_diamond: HardenedBSD - HardenedBSD aims to implement innovative exploit mitigation and security solutions.
  :small_orange_diamond: Kali Linux - Linux distribution used for Penetration Testing, Ethical Hacking and network security assessments.
-  :small_orange_diamond: Backbox Linux - penetration test and security assessment oriented Ubuntu-based Linux distribution.
+  :small_orange_diamond: Backbox Linux - penetration test and security assessment oriented Ubuntu-based Linux distribution.
  :small_orange_diamond: BlackArch - is an Arch Linux-based penetration testing distribution for penetration testers and security researchers.
  :small_orange_diamond: Security Onion - Linux distro for intrusion detection, enterprise security monitoring, and log management.
  :small_orange_diamond: Tails - is a live system that aims to preserve your privacy and anonymity.
@@ -602,7 +601,7 @@ performance of any of your sites from across the globe.
##### :black_small_square: DNS Services

-  :small_orange_diamond: Unbound - validating, recursive, and caching DNS resolver (with TLS).
+  :small_orange_diamond: Unbound - validating, recursive, and caching DNS resolver (with TLS).
  :small_orange_diamond: Knot Resolver - caching full resolver implementation, including both a resolver library and a daemon.
  :small_orange_diamond: PowerDNS - is an open source authoritative DNS server, written in C++ and licensed under the GPL.

@@ -649,7 +648,7 @@ performance of any of your sites from across the globe.

  :small_orange_diamond: pure-bash-bible - a collection of pure bash alternatives to external processes.
-  :small_orange_diamond: The Bash Hackers Wiki - hold documentation of any kind about GNU Bash.
+  :small_orange_diamond: The Bash Hackers Wiki - hold documentation of any kind about GNU Bash.
  :small_orange_diamond: Shell & Utilities - describes the commands and utilities offered to application programs by POSIX-conformant systems.
  :small_orange_diamond: the-art-of-command-line - master the command line, in one page.
  :small_orange_diamond: Shell Style Guide - a shell style guide for Google-originated open-source projects.
@@ -679,7 +678,7 @@ performance of any of your sites from across the globe.

  :small_orange_diamond: nixCraft - linux and unix tutorials for new and seasoned sysadmin.
  :small_orange_diamond: TecMint - the ideal Linux blog for Sysadmins & Geeks.
-  :small_orange_diamond: Omnisecu - free Networking, System Administration and Security tutorials.
+  :small_orange_diamond: Omnisecu - free Networking, System Administration and Security tutorials.
  :small_orange_diamond: linux-cheat - Linux tutorials and cheatsheets. Minimal examples. Mostly user-land CLI utilities.
  :small_orange_diamond: Unix Toolbox - collection of Unix/Linux/BSD commands and tasks which are useful for IT work or for advanced users.
  :small_orange_diamond: Linux Guide and Hints - tutorials on system administration in Fedora and CentOS.
@@ -711,7 +710,7 @@ performance of any of your sites from across the globe.
##### :black_small_square: Security & Privacy

-  :small_orange_diamond: Hacking Articles - LRaj Chandel's Security & Hacking Blog.
+  :small_orange_diamond: Hacking Articles - LRaj Chandel's Security & Hacking Blog.
  :small_orange_diamond: AWS security tools - make your AWS cloud environment more secure.
  :small_orange_diamond: Rawsec's CyberSecurity Inventory - an inventory of tools and resources about CyberSecurity.
  :small_orange_diamond: The Illustrated TLS Connection - every byte of a TLS connection explained and reproduced.
@@ -736,7 +735,8 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: Weird Proxies - reverse proxy related attacks; it is a result of analysis of various reverse proxies, cache proxies, etc.
  :small_orange_diamond: Webshells - great series about malicious payloads.
  :small_orange_diamond: Practical Web Cache Poisoning - show you how to compromise websites by using esoteric web features.
-  :small_orange_diamond: Hidden directories and files - as a source of sensitive information about web application.
+  :small_orange_diamond: Hidden directories and files - as a source of sensitive information about web application.*
+  :small_orange_diamond: Explosive blog - great blog about cybersec and pentests.
  :small_orange_diamond: Security Cookies - this paper will take a close look at cookie security.
  :small_orange_diamond: APISecurityBestPractices - help you keep secrets (API keys, db credentials, certificates) out of source code.

@@ -843,7 +843,7 @@ performance of any of your sites from across the globe.

  :small_orange_diamond: Brendan Gregg's Blog - is an industry expert in computing performance and cloud computing.
-  :small_orange_diamond: Gynvael "GynDream" Coldwind - is a IT security engineer at Google.
+  :small_orange_diamond: Gynvael "GynDream" Coldwind - is a IT security engineer at Google.
  :small_orange_diamond: Michał "lcamtuf" Zalewski - white hat hacker, computer security expert.
  :small_orange_diamond: Mattias Geniar - developer, sysadmin, blogger, podcaster and public speaker.
  :small_orange_diamond: Nick Craver - software developer and systems administrator for Stack Exchange.
@@ -881,7 +881,7 @@ Linux Security Expert - trainings, howtos, checklists, security tools an   :small_orange_diamond: Tripwire State of Security - blog featuring the latest news, trends and insights on current information security issues.
  :small_orange_diamond: Malwarebytes Labs Blog - security blog aims to provide insider news about cybersecurity.
  :small_orange_diamond: TrustedSec - latest news, and trends about cybersecurity.
-  :small_orange_diamond: AT&T Cybersecurity blog - news on emerging threats and practical advice to simplify threat detection.
+  :small_orange_diamond: AT&T Cybersecurity blog - news on emerging threats and practical advice to simplify threat detection.
  :small_orange_diamond: Thycotic - where CISOs and IT Admins come to learn about industry trends, IT security, data breaches, and more.

@@ -901,10 +901,10 @@ Cybercrime Investigations - podcast by Geoff White about cybercrimes.
-  :small_orange_diamond: rev3rse security - offensive, binary exploitation, web application security, vulnerability, hardening, red team, blue team.
+  :small_orange_diamond: rev3rse security - offensive, binary exploitation, web application security, vulnerability, hardening, red team, blue team.
  :small_orange_diamond: LiveOverflow - a lot more advanced topics than what is typically offered in paid online courses - but for free.
  :small_orange_diamond: J4vv4D - the important information regarding our internet security.
-  :small_orange_diamond: +  :small_orange_diamond: CyberTalks - talks, interviews, and article about cybersecurity.

@@ -935,7 +935,7 @@ CyberTalks - talks, interviews, and article about cybersecurity.
##### :black_small_square: A piece of history

-  :small_orange_diamond: How to Do Things at ARL - how to configure modems, scan images, record CD-ROMs, and other useful techniques.
+  :small_orange_diamond: How to Do Things at ARL - how to configure modems, scan images, record CD-ROMs, and other useful techniques.*

##### :black_small_square: Other @@ -998,8 +998,8 @@ CyberTalks - talks, interviews, and article about cybersecurity.

  :small_orange_diamond: PTES - the penetration testing execution standard.
-  :small_orange_diamond: Pentests MindMap - amazing mind map with vulnerable apps and systems.
-  :small_orange_diamond: WebApps Security Tests MindMap - incredible mind map for WebApps security tests.
+  :small_orange_diamond: Pentests MindMap - amazing mind map with vulnerable apps and systems.
+  :small_orange_diamond: WebApps Security Tests MindMap - incredible mind map for WebApps security tests.
  :small_orange_diamond: Brute XSS - master the art of Cross Site Scripting.
  :small_orange_diamond: Offensive Security Bookmarks - security bookmarks collection, all that things I need to pass OSCP.
  :small_orange_diamond: Awesome Pentest Cheat Sheets - collection of the cheat sheets useful for pentesting.
@@ -1008,7 +1008,7 @@ CyberTalks - talks, interviews, and article about cybersecurity.
  :small_orange_diamond: Awesome Hacking Resources - collection of hacking/penetration testing resources to make you better.
  :small_orange_diamond: Awesome Pentest - collection of awesome penetration testing resources, tools and other shiny things.
  :small_orange_diamond: Hacking Cheat Sheet - author hacking and pentesting notes.
-  :small_orange_diamond: Web App Pentesting Cheat Sheet - the typical steps performed when conducting a web application penetration test.
+  :small_orange_diamond: Web App Pentesting Cheat Sheet - the typical steps performed when conducting a web application penetration test.*
  :small_orange_diamond: Cyber Security Resources - includes thousands of cybersecurity-related references and resources.
  :small_orange_diamond: Pentest Bookmarks - there are a LOT of pentesting blogs.
  :small_orange_diamond: PayloadsAllTheThings - a list of useful payloads and bypass for Web Application Security and Pentest/CTF.
@@ -1043,14 +1043,13 @@ CyberTalks - talks, interviews, and article about cybersecurity.
##### :black_small_square: Bounty platforms

-  :small_orange_diamond: Bounty Factory - European bug bounty platform based on the legislation and rules in force in European countries.
+  :small_orange_diamond: YesWeHack - bug bounty platform with infosec jobs.
  :small_orange_diamond: Openbugbounty - allows any security researcher reporting a vulnerability on any website.
  :small_orange_diamond: hackerone - global hacker community to surface the most relevant security issues.
  :small_orange_diamond: bugcrowd - crowdsourced cybersecurity for the enterprise.
  :small_orange_diamond: Crowdshield - crowdsourced security & bug bounty management.
  :small_orange_diamond: Synack - crowdsourced security & bug bounty programs, crowd security intelligence platform and more.
  :small_orange_diamond: Hacktrophy - bug bounty platform.
-  :small_orange_diamond: YesWeHack - bug bounty platform with infosec jobs.

##### :black_small_square: Web Training Apps (local installation) @@ -1094,7 +1093,7 @@ CyberTalks - talks, interviews, and article about cybersecurity.
  :small_orange_diamond: RingZer0 - tons of challenges designed to test and improve your hacking skills.
  :small_orange_diamond: Ubeeri - preconfigured lab environments.
  :small_orange_diamond: Pentestit - emulate IT infrastructures of real companies for legal pen testing and improving penetration testing skills.
-  :small_orange_diamond: Microcorruption - reversal challenges done in the web interface.
+  :small_orange_diamond: Microcorruption - reversal challenges done in the web interface.
  :small_orange_diamond: Crackmes - download crackmes to help improve your reverse engineering skills.
  :small_orange_diamond: DomGoat - DOM XSS security learning and practicing platform.

@@ -1151,7 +1150,7 @@ CyberTalks - talks, interviews, and article about cybersecurity.

  :small_orange_diamond: Unbound DNS Tutorial - a validating, recursive, and caching DNS server.
-  :small_orange_diamond: Knot Resolver on Fedora - how to get faster and more secure DNS resolution with Knot Resolver on Fedora.
+  :small_orange_diamond: Knot Resolver on Fedora - how to get faster and more secure DNS resolution with Knot Resolver on Fedora.
  :small_orange_diamond: DNS-over-HTTPS - tutorial to setup your own DNS-over-HTTPS (DoH) server.
  :small_orange_diamond: DNS-over-TLS - following to your DoH server, setup your DNS-over-TLS (DoT) server.
  :small_orange_diamond: DNS Servers - how (and why) i run my own DNS Servers.
From 359a95d4ccc3a9e4cdb8be42c61d4f2878d9e703 Mon Sep 17 00:00:00 2001 From: trimstray Date: Fri, 7 Jun 2019 00:21:48 +0200 Subject: [PATCH 35/93] add 'simple-computer' - signed-off-by: trimstray --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index fd3f9da..6d3e3cd 100644 --- a/README.md +++ b/README.md @@ -768,6 +768,7 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: How To Become A Hacker - if you want to be a hacker, keep reading.
  :small_orange_diamond: Operation Costs in CPU - an infographics which should help to estimate costs of certain operations in CPU clocks.
  :small_orange_diamond: Let's Build a Simple Database - writing a sqlite clone from scratch in C.
+  :small_orange_diamond: simple-computer - great resource to understand how computers work under the hood.

#### Inspiring Lists  [[TOC]](#anger-table-of-contents) From 3d1c7ed8b7919fff46a67c471c25c50c233c0a88 Mon Sep 17 00:00:00 2001 From: trimstray Date: Fri, 7 Jun 2019 00:37:45 +0200 Subject: [PATCH 36/93] add new netstat one-liner - signed-off-by: trimstray --- README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/README.md b/README.md index 6d3e3cd..6b0597b 100644 --- a/README.md +++ b/README.md @@ -3184,6 +3184,12 @@ sort | uniq -c | awk '{ printf("%s\t%s\t",$2,$1) ; for (i = 0; i < $1; i++) {pri watch "netstat -plan | grep :443 | awk {'print \$5'} | cut -d: -f 1 | sort | uniq -c | sort -nk 1" ``` +###### Grab banners from local IPv4 listening ports + +```bash +netstat -nlt | grep 'tcp ' | grep -Eo "[1-9][0-9]*" | xargs -I {} sh -c "echo "" | nc -v -n -w1 127.0.0.1 {}" +``` + ___ ##### Tool: [rsync](https://en.wikipedia.org/wiki/Rsync) From 5f0d8463387355dffcf2d1f73c0d75c6914df23c Mon Sep 17 00:00:00 2001 From: trimstray Date: Sat, 8 Jun 2019 21:59:01 +0200 Subject: [PATCH 37/93] add new one-liner to 'strace' - signed-off-by: trimstray --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index 6b0597b..d27216a 100644 --- a/README.md +++ b/README.md @@ -1763,7 +1763,11 @@ ___ ###### Track with child processes ```bash +# 1) strace -f -p $(pidof glusterfsd) + +# 2) +strace -f $(pidof php-fpm | sed 's/\([0-9]*\)/\-p \1/g') ``` ###### Track process with 30 seconds limit From ff5ca4338d96af50825f3f6e2b9a4ecc05da1e8b Mon Sep 17 00:00:00 2001 From: Martin Seeler Date: Sun, 9 Jun 2019 19:58:51 +0200 Subject: [PATCH 38/93] Fix duplicated YouTube Link in SysOps/DevOps The link for "A Netflix Guide to Microservices" was the same as "Varnish for PHP developers". I've found the video on YouTube and changed the link to the correct video. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index d27216a..23b08a3 100644 --- a/README.md +++ b/README.md @@ -831,7 +831,7 @@ performance of any of your sites from across the globe.

  :small_orange_diamond: Varnish for PHP developers - very interesting presentation of Varnish by Mattias Geniar.
-  :small_orange_diamond: A Netflix Guide to Microservices - Josh Evans talks about the chaotic and vibrant world of microservices at Netflix.
+  :small_orange_diamond: A Netflix Guide to Microservices - Josh Evans talks about the chaotic and vibrant world of microservices at Netflix.

##### :black_small_square: Developers From ecf087c7b8ea85330b651ba1114493217a22de9d Mon Sep 17 00:00:00 2001 From: trimstray Date: Mon, 10 Jun 2019 11:57:50 +0200 Subject: [PATCH 39/93] new one-liner for 'diff' - signed-off-by: trimstray --- README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/README.md b/README.md index 23b08a3..77f190d 100644 --- a/README.md +++ b/README.md @@ -1822,6 +1822,12 @@ ___ diff <(cd directory1 && find | sort) <(cd directory2 && find | sort) ``` +###### Compare output of two commands + +```bash +diff <(cat /etc/passwd) <(cut -f2 /etc/passwd) +``` + ___ ##### Tool: [tail](https://en.wikipedia.org/wiki/Tail_(Unix)) From 9147a49cf7bd06651f074ed87fd4fb89f57060c1 Mon Sep 17 00:00:00 2001 From: iddoeldor Date: Mon, 10 Jun 2019 14:39:05 +0300 Subject: [PATCH 40/93] vimdiff & diffchar --- README.md | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/README.md b/README.md index 77f190d..a5692c9 100644 --- a/README.md +++ b/README.md @@ -1827,6 +1827,32 @@ diff <(cd directory1 && find | sort) <(cd directory2 && find | sort) ```bash diff <(cat /etc/passwd) <(cut -f2 /etc/passwd) ``` +##### Tool: vimdiff + +##### Highlight the exact differences, based on characters and words + +```sh +vimdiff file1 file2 +``` +Compare two JSON files + +```sh +vimdiff <(jq -S . A.json) <(jq -S . B.json) +``` + +Compare Hex dump +```sh +d(){ vimdiff <(f $1) <(f $2);};f(){ hexdump -C $1|cut -d' ' -f3-|tr -s ' ';}; d ~/bin1 ~/bin2 +``` + +Save [diffchar](https://raw.githubusercontent.com/vim-scripts/diffchar.vim/master/plugin/diffchar.vim) @ `~/.vim/plugins` + +Click `F7` to switch between diff modes + +Usefull vimdiff commands: +* `qa` to exit all windows +* `:vertical resize 70` to resize window +* Set window width `Ctrl+W [N columns]+(Shift+)<\>` ___ From aa5906818cf8cf5ac58b6dc7b0e00c3384ac8c57 Mon Sep 17 00:00:00 2001 From: trimstray Date: Mon, 10 Jun 2019 15:52:51 +0200 Subject: [PATCH 41/93] update url for 'Hidden directories and files' - signed-off-by: trimstray --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 77f190d..d46e20e 100644 --- a/README.md +++ b/README.md @@ -735,7 +735,7 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: Weird Proxies - reverse proxy related attacks; it is a result of analysis of various reverse proxies, cache proxies, etc.
  :small_orange_diamond: Webshells - great series about malicious payloads.
  :small_orange_diamond: Practical Web Cache Poisoning - show you how to compromise websites by using esoteric web features.
-  :small_orange_diamond: Hidden directories and files - as a source of sensitive information about web application.*
+  :small_orange_diamond: Hidden directories and files - as a source of sensitive information about web application.
  :small_orange_diamond: Explosive blog - great blog about cybersec and pentests.
  :small_orange_diamond: Security Cookies - this paper will take a close look at cookie security.
  :small_orange_diamond: APISecurityBestPractices - help you keep secrets (API keys, db credentials, certificates) out of source code.
From 11a8f7464b0da149851f015bac519d1261f9e236 Mon Sep 17 00:00:00 2001 From: "@trimstray" Date: Mon, 10 Jun 2019 18:29:24 +0200 Subject: [PATCH 42/93] vimdiff: minor updates --- README.md | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index a5692c9..56e23b6 100644 --- a/README.md +++ b/README.md @@ -1232,6 +1232,7 @@ CyberTalks - talks, interviews, and article about cybersecurity.
* [kill](#tool-kill) * [find](#tool-find) * [diff](#tool-diff) + * [vimdiff](#tool-vimdiff) * [tail](#tool-tail) * [cpulimit](#tool-cpulimit) * [pwdx](#tool-pwdx) @@ -1827,29 +1828,35 @@ diff <(cd directory1 && find | sort) <(cd directory2 && find | sort) ```bash diff <(cat /etc/passwd) <(cut -f2 /etc/passwd) ``` -##### Tool: vimdiff + +___ + +##### Tool: [vimdiff](http://vimdoc.sourceforge.net/htmldoc/diff.html) ##### Highlight the exact differences, based on characters and words -```sh +```bash vimdiff file1 file2 ``` -Compare two JSON files +###### Compare two JSON files -```sh +```bash vimdiff <(jq -S . A.json) <(jq -S . B.json) ``` -Compare Hex dump -```sh +###### Compare Hex dump +```bash d(){ vimdiff <(f $1) <(f $2);};f(){ hexdump -C $1|cut -d' ' -f3-|tr -s ' ';}; d ~/bin1 ~/bin2 ``` +###### diffchar + Save [diffchar](https://raw.githubusercontent.com/vim-scripts/diffchar.vim/master/plugin/diffchar.vim) @ `~/.vim/plugins` Click `F7` to switch between diff modes -Usefull vimdiff commands: +Usefull `vimdiff` commands: + * `qa` to exit all windows * `:vertical resize 70` to resize window * Set window width `Ctrl+W [N columns]+(Shift+)<\>` From 0081d91e4884148868343caee785ab6f74bdeddf Mon Sep 17 00:00:00 2001 From: trimstray Date: Tue, 11 Jun 2019 11:29:25 +0200 Subject: [PATCH 43/93] minor fixes for vimdiff - signed-off-by: trimstray --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index b321768..2d5585d 100644 --- a/README.md +++ b/README.md @@ -1833,12 +1833,12 @@ ___ ##### Tool: [vimdiff](http://vimdoc.sourceforge.net/htmldoc/diff.html) -##### Highlight the exact differences, based on characters and words +###### Highlight the exact differences, based on characters and words ```bash vimdiff file1 file2 ``` -###### Compare two JSON files +###### Compare two JSON files ```bash vimdiff <(jq -S . A.json) <(jq -S . B.json) @@ -1859,7 +1859,7 @@ Usefull `vimdiff` commands: * `qa` to exit all windows * `:vertical resize 70` to resize window -* Set window width `Ctrl+W [N columns]+(Shift+)<\>` +* set window width `Ctrl+W [N columns]+(Shift+)<\>` ___ From 6dfe7ca0122e88ba7c85ddccec33fb51eb6ac0bf Mon Sep 17 00:00:00 2001 From: trevorbryant Date: Sun, 16 Jun 2019 23:31:07 -0400 Subject: [PATCH 44/93] add gentoo --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 2d5585d..6e8f883 100644 --- a/README.md +++ b/README.md @@ -581,6 +581,7 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: OpenBSD - multi-platform 4.4BSD-based UNIX-like operating system.
  :small_orange_diamond: HardenedBSD - HardenedBSD aims to implement innovative exploit mitigation and security solutions.
  :small_orange_diamond: Kali Linux - Linux distribution used for Penetration Testing, Ethical Hacking and network security assessments.
+  :small_orange_diamond: Pentoo - Based on Gentoo Linux featuring packet injection patched wifi drivers for penetration testing and security assessment.
  :small_orange_diamond: Backbox Linux - penetration test and security assessment oriented Ubuntu-based Linux distribution.
  :small_orange_diamond: BlackArch - is an Arch Linux-based penetration testing distribution for penetration testers and security researchers.
  :small_orange_diamond: Security Onion - Linux distro for intrusion detection, enterprise security monitoring, and log management.
From 9ca91d93f3e885a45a3ce9bb01e9ab42eff83d5b Mon Sep 17 00:00:00 2001 From: trevorbryant Date: Sun, 16 Jun 2019 23:32:35 -0400 Subject: [PATCH 45/93] add gentoo --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 6e8f883..e5a3dd1 100644 --- a/README.md +++ b/README.md @@ -581,7 +581,7 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: OpenBSD - multi-platform 4.4BSD-based UNIX-like operating system.
  :small_orange_diamond: HardenedBSD - HardenedBSD aims to implement innovative exploit mitigation and security solutions.
  :small_orange_diamond: Kali Linux - Linux distribution used for Penetration Testing, Ethical Hacking and network security assessments.
-  :small_orange_diamond: Pentoo - Based on Gentoo Linux featuring packet injection patched wifi drivers for penetration testing and security assessment.
+  :small_orange_diamond: Pentoo - Featuring packet injection patched wifi drivers for penetration testing and security assessment.
  :small_orange_diamond: Backbox Linux - penetration test and security assessment oriented Ubuntu-based Linux distribution.
  :small_orange_diamond: BlackArch - is an Arch Linux-based penetration testing distribution for penetration testers and security researchers.
  :small_orange_diamond: Security Onion - Linux distro for intrusion detection, enterprise security monitoring, and log management.
From c20bd74dd54d7521d09ea2608341e6e033bd6242 Mon Sep 17 00:00:00 2001 From: trevorbryant Date: Sun, 16 Jun 2019 23:33:02 -0400 Subject: [PATCH 46/93] add gentoo --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index e5a3dd1..2bf4536 100644 --- a/README.md +++ b/README.md @@ -581,7 +581,7 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: OpenBSD - multi-platform 4.4BSD-based UNIX-like operating system.
  :small_orange_diamond: HardenedBSD - HardenedBSD aims to implement innovative exploit mitigation and security solutions.
  :small_orange_diamond: Kali Linux - Linux distribution used for Penetration Testing, Ethical Hacking and network security assessments.
-  :small_orange_diamond: Pentoo - Featuring packet injection patched wifi drivers for penetration testing and security assessment.
+  :small_orange_diamond: Pentoo - Featuring packet injection patched wifi drivers for penetration testing and security assessments.
  :small_orange_diamond: Backbox Linux - penetration test and security assessment oriented Ubuntu-based Linux distribution.
  :small_orange_diamond: BlackArch - is an Arch Linux-based penetration testing distribution for penetration testers and security researchers.
  :small_orange_diamond: Security Onion - Linux distro for intrusion detection, enterprise security monitoring, and log management.
From 0ad46b7734e18bca55b9aeaf2543fdb07b8af39d Mon Sep 17 00:00:00 2001 From: trimstray Date: Wed, 19 Jun 2019 08:43:31 +0200 Subject: [PATCH 47/93] add 'The story of "Have I been pwned?"' - signed-off-by: trimstray --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 2d5585d..cd6717c 100644 --- a/README.md +++ b/README.md @@ -769,6 +769,7 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: Operation Costs in CPU - an infographics which should help to estimate costs of certain operations in CPU clocks.
  :small_orange_diamond: Let's Build a Simple Database - writing a sqlite clone from scratch in C.
  :small_orange_diamond: simple-computer - great resource to understand how computers work under the hood.
+  :small_orange_diamond: The story of "Have I been pwned?" - working with 154 million records on Azure Table Storage.

#### Inspiring Lists  [[TOC]](#anger-table-of-contents) From 965bf6631bc4dedb4589d82ed1c4034ca7101f28 Mon Sep 17 00:00:00 2001 From: trimstray Date: Wed, 19 Jun 2019 18:14:25 +0200 Subject: [PATCH 48/93] add 'TOP500 Supercomputers' - signed-off-by: trimstray --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index cd6717c..6004397 100644 --- a/README.md +++ b/README.md @@ -770,6 +770,7 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: Let's Build a Simple Database - writing a sqlite clone from scratch in C.
  :small_orange_diamond: simple-computer - great resource to understand how computers work under the hood.
  :small_orange_diamond: The story of "Have I been pwned?" - working with 154 million records on Azure Table Storage.
+  :small_orange_diamond: TOP500 Supercomputers - this list shows the 500 most powerful commercially available computer systems known to us.

#### Inspiring Lists  [[TOC]](#anger-table-of-contents) From ffa3db83b9f7b571229370a700a0927acfed66b3 Mon Sep 17 00:00:00 2001 From: trimstray Date: Wed, 19 Jun 2019 18:20:29 +0200 Subject: [PATCH 49/93] add 'Generators' chapter - signed-off-by: trimstray --- README.md | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 6004397..c5d405c 100644 --- a/README.md +++ b/README.md @@ -508,6 +508,13 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: index-of - contains great stuff like: security, hacking, reverse engineering, cryptography, programming etc.

+##### :black_small_square: Generators + +

+  :small_orange_diamond: thispersondoesnotexist - generate fake faces in one click - endless possibilities.
+  :small_orange_diamond: Intigriti Redirector - open redirect/SSRF payload generator.
+

+ ##### :black_small_square: Passwords

@@ -566,12 +573,6 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: SKS OpenPGP Key server - services for the SKS keyservers used by OpenPGP.

-##### :black_small_square: Other - -

-  :small_orange_diamond: thispersondoesnotexist - generate fake faces in one click - endless possibilities.
-

- #### Systems/Services  [[TOC]](#anger-table-of-contents) ##### :black_small_square: Operating Systems From b14cf608517ba8fca5501fd1ca5fedbe1cfbd654 Mon Sep 17 00:00:00 2001 From: trimstray Date: Mon, 24 Jun 2019 11:45:24 +0200 Subject: [PATCH 50/93] update 'Labs (ethical hacking platforms/trainings/CTFs)' - signed-off-by: trimstray --- README.md | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/README.md b/README.md index c5d405c..bc58da0 100644 --- a/README.md +++ b/README.md @@ -136,6 +136,7 @@ Only main chapters:   :small_orange_diamond: tshark - is a tool that allows us to dump and analyze network traffic (wireshark cli).
  :small_orange_diamond: Termshark - is a simple terminal user-interface for tshark.
  :small_orange_diamond: ngrep - is like GNU grep applied to the network layer.
+  :small_orange_diamond: sockdump - dump unix domain socket traffic.
  :small_orange_diamond: stenographer - is a packet capture solution which aims to quickly spool all packets to disk.
  :small_orange_diamond: bmon - is a monitoring and debugging tool to capture networking related statistics and prepare them visually.
  :small_orange_diamond: iptraf-ng - is a console-based network monitoring program for Linux that displays information about IP traffic.
@@ -817,6 +818,7 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: reverseengineering-reading-list - a list of Reverse Engineering articles, books, and papers.
  :small_orange_diamond: Awesome-WAF - a curated list of awesome web-app firewall (WAF) stuff.
  :small_orange_diamond: RobotsDisallowed - a curated list of the most common and most interesting robots.txt disallowed directories.
+  :small_orange_diamond: awesome-yara - a curated list of awesome YARA rules, tools, and people.
  :small_orange_diamond: Movies for Hackers - list of movies every hacker & cyberpunk must watch.
  :small_orange_diamond: technical-whitepapers - IT whitepapers; hacking, web app security, db, reverse engineering and more; EN/PL.

@@ -1084,6 +1086,7 @@ CyberTalks - talks, interviews, and article about cybersecurity.
  :small_orange_diamond: Pwnable.tw - is a wargame site for hackers to test and expand their binary exploiting skills.
  :small_orange_diamond: picoCTF - is a free computer security game targeted at middle and high school students.
  :small_orange_diamond: CTFlearn - is an online platform built to help ethical hackers learn and practice their cybersecurity knowledge and skills.
+  :small_orange_diamond: ctftime - CTF archive and a place, where you can get some another CTF-related info.
  :small_orange_diamond: Silesia Security Lab - high quality security testing services.
  :small_orange_diamond: Practical Pentest Labs - pentest lab, take your Hacking skills to the next level.
  :small_orange_diamond: Root Me - the fast, easy, and affordable way to train your hacking skills.
@@ -1100,6 +1103,22 @@ CyberTalks - talks, interviews, and article about cybersecurity.
  :small_orange_diamond: Microcorruption - reversal challenges done in the web interface.
  :small_orange_diamond: Crackmes - download crackmes to help improve your reverse engineering skills.
  :small_orange_diamond: DomGoat - DOM XSS security learning and practicing platform.
+  :small_orange_diamond: Stereotyped Challenges - is intended for offensive security experts who are willing to overcome situations of getting stuck in breaking into web services or web-based solutions.
+  :small_orange_diamond: OverTheWire - can help you to learn and practice security concepts in the form of fun-filled games.
+  :small_orange_diamond: Vulnhub - allows anyone to gain practical 'hands-on' experience in digital security, computer software & network administration.
+  :small_orange_diamond: W3Challs - is a penetration testing training platform, which offers various computer challenges.
+  :small_orange_diamond: RingZer0 CTF - offers you tons of challenges designed to test and improve your hacking skills through hacking challenges.
+  :small_orange_diamond: try2hack - several security-oriented challenges for your entertainment.
+  :small_orange_diamond: Hack.me - a platform where the community can build, host and share vulnerable web application code for educational and research purposes.
+  :small_orange_diamond: HackThis! - discover how hacks, dumps and defacements are performed and secure your website against hackers with HackThis!
+  :small_orange_diamond: Enigma Group WebApp Training - these challenges cover the exploits listed in the OWASP Top 10 Project.
+

+  :small_orange_diamond: Reverse Engineering Challenges - challenges, exercises, problems and tasks - by level, by type, by architecture, and more.
+  :small_orange_diamond: 0x00sec - the home of the Hacker - Malware, Reverse Engineering, and Computer Science.
+  :small_orange_diamond: We Chall - there are exist a lots of different challenge types, e.g. Cryptographic, Crackit, Steganography, Programming, Logic and Math/Science.
+  :small_orange_diamond: Hacker Gateway - is the go-to place for hackers who want to test their skills.
+  :small_orange_diamond: Hacker101 - is a free class for web security.
+  :small_orange_diamond: contained.af - a stupid game for learning about containers, capabilities, and syscalls.

##### :black_small_square: Other resources From 28c7601959d1019eadb6249e3585f04dfb4b4ecc Mon Sep 17 00:00:00 2001 From: trimstray Date: Mon, 24 Jun 2019 11:51:31 +0200 Subject: [PATCH 51/93] minor fixes - signed-off-by: trimstray --- README.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index bc58da0..53fa35d 100644 --- a/README.md +++ b/README.md @@ -1105,17 +1105,17 @@ CyberTalks - talks, interviews, and article about cybersecurity.
  :small_orange_diamond: DomGoat - DOM XSS security learning and practicing platform.
  :small_orange_diamond: Stereotyped Challenges - is intended for offensive security experts who are willing to overcome situations of getting stuck in breaking into web services or web-based solutions.
  :small_orange_diamond: OverTheWire - can help you to learn and practice security concepts in the form of fun-filled games.
-  :small_orange_diamond: Vulnhub - allows anyone to gain practical 'hands-on' experience in digital security, computer software & network administration.
+  :small_orange_diamond: Vulnhub - allows anyone to gain practical 'hands-on' experience in digital security.
  :small_orange_diamond: W3Challs - is a penetration testing training platform, which offers various computer challenges.
-  :small_orange_diamond: RingZer0 CTF - offers you tons of challenges designed to test and improve your hacking skills through hacking challenges.
+  :small_orange_diamond: RingZer0 CTF - offers you tons of challenges designed to test and improve your hacking skills.
  :small_orange_diamond: try2hack - several security-oriented challenges for your entertainment.
-  :small_orange_diamond: Hack.me - a platform where the community can build, host and share vulnerable web application code for educational and research purposes.
-  :small_orange_diamond: HackThis! - discover how hacks, dumps and defacements are performed and secure your website against hackers with HackThis!
+  :small_orange_diamond: Hack.me - a platform where you can build, host and share vulnerable web apps for educational and research purposes.
+  :small_orange_diamond: HackThis! - discover how hacks, dumps and defacements are performed and secure your website against hackers.
  :small_orange_diamond: Enigma Group WebApp Training - these challenges cover the exploits listed in the OWASP Top 10 Project.

-  :small_orange_diamond: Reverse Engineering Challenges - challenges, exercises, problems and tasks - by level, by type, by architecture, and more.
+  :small_orange_diamond: Reverse Engineering Challenges - challenges, exercises, problems and tasks - by level, by type, and more.
  :small_orange_diamond: 0x00sec - the home of the Hacker - Malware, Reverse Engineering, and Computer Science.
-  :small_orange_diamond: We Chall - there are exist a lots of different challenge types, e.g. Cryptographic, Crackit, Steganography, Programming, Logic and Math/Science.
+  :small_orange_diamond: We Chall - there are exist a lots of different challenge types.
  :small_orange_diamond: Hacker Gateway - is the go-to place for hackers who want to test their skills.
  :small_orange_diamond: Hacker101 - is a free class for web security.
  :small_orange_diamond: contained.af - a stupid game for learning about containers, capabilities, and syscalls.
From eaa81acd5f816e657c322b912723751fb9b6e0db Mon Sep 17 00:00:00 2001 From: trimstray Date: Tue, 25 Jun 2019 00:11:52 +0200 Subject: [PATCH 52/93] add 'poor man's profiler' - signed-off-by: trimstray --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 53fa35d..306cba9 100644 --- a/README.md +++ b/README.md @@ -760,6 +760,7 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: ctf-tasks - an archive of low-level CTF challenges developed over the years.
  :small_orange_diamond: How to start RE/malware analysis? - collection of some hints and useful links for the beginners.
  :small_orange_diamond: The C10K problem - it's time for web servers to handle ten thousand clients simultaneously, don't you think?
+  :small_orange_diamond: poor man's profiler - sampling tools like oprofile or dtrace's don't really provide methods to see what programs are blocking on.
  :small_orange_diamond: Bank Grade Security - when companies say they have "Bank Grade Security" they imply that it is a good thing.*
  :small_orange_diamond: HTTPS on Stack Overflow - this is the story of a long journey regarding the implementation of SSL.
  :small_orange_diamond: Julia's Drawings - some drawings about programming and unix world, zines about systems & debugging tools.
From 058f0cffe13c1f09dc0502d62efab3238374358e Mon Sep 17 00:00:00 2001 From: trimstray Date: Tue, 25 Jun 2019 12:52:37 +0200 Subject: [PATCH 53/93] add 'CloudGoat 2' and 'flAWS challenge!' - signed-off-by: trimstray --- README.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 306cba9..c75e0c5 100644 --- a/README.md +++ b/README.md @@ -1074,7 +1074,9 @@ CyberTalks - talks, interviews, and article about cybersecurity.
  :small_orange_diamond: Google Gruyere - web application exploits and defenses.
  :small_orange_diamond: Bodhi - is a playground focused on learning the exploitation of client-side web vulnerabilities.
  :small_orange_diamond: Websploit - single vm lab with the purpose of combining several vulnerable appliations in one environment.
-  :small_orange_diamond: vulhub - pre-built Vulnerable Environments based on docker-compose
+  :small_orange_diamond: vulhub - pre-built Vulnerable Environments based on docker-compose.
+  :small_orange_diamond: CloudGoat 2 - the new & improved "Vulnerable by Design" +AWS deployment tool.

##### :black_small_square: Labs (ethical hacking platforms/trainings/CTFs) @@ -1120,6 +1122,7 @@ CyberTalks - talks, interviews, and article about cybersecurity.
  :small_orange_diamond: Hacker Gateway - is the go-to place for hackers who want to test their skills.
  :small_orange_diamond: Hacker101 - is a free class for web security.
  :small_orange_diamond: contained.af - a stupid game for learning about containers, capabilities, and syscalls.
+  :small_orange_diamond: flAWS challenge! - a series of levels you'll learn about common mistakes and gotchas when using AWS.

##### :black_small_square: Other resources From 656427f9b1f9b63d12c1e3e2b13e53806bd7ecd5 Mon Sep 17 00:00:00 2001 From: trimstray Date: Tue, 25 Jun 2019 19:57:15 +0200 Subject: [PATCH 54/93] add 'What happens when...' - signed-off-by: trimstray --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index c75e0c5..b62f072 100644 --- a/README.md +++ b/README.md @@ -766,6 +766,8 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: Julia's Drawings - some drawings about programming and unix world, zines about systems & debugging tools.
  :small_orange_diamond: Hash collisions - this great repository is focused on hash collisions exploitation.
  :small_orange_diamond: BGP Meets Cat - after 3072 hours of manipulating BGP, Job Snijders has succeeded in drawing a Nyancat.
+  :small_orange_diamond: What happens when... - you type google.com into your browser and press enter?
+  :small_orange_diamond: how-web-works - based on the 'What happens when...' repository.
  :small_orange_diamond: HTTPS in the real world - great tutorial explain how HTTPS works in the real world.
  :small_orange_diamond: Gitlab and NFS bug - how we spent two weeks hunting an NFS bug in the Linux kernel.
  :small_orange_diamond: How To Become A Hacker - if you want to be a hacker, keep reading.
From b0f07cf43fad2fe93d0aee239a3aa993b2e3df08 Mon Sep 17 00:00:00 2001 From: trimstray Date: Tue, 25 Jun 2019 19:59:12 +0200 Subject: [PATCH 55/93] add 'firecracker' - signed-off-by: trimstray --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index b62f072..65cbd4c 100644 --- a/README.md +++ b/README.md @@ -621,6 +621,7 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: pi-hole - the Pi-hole® is a DNS sinkhole that protects your devices from unwanted content.
  :small_orange_diamond: maltrail - malicious traffic detection system.
  :small_orange_diamond: security_monkey - monitors AWS, GCP, OpenStack, and GitHub orgs for assets and their changes over time.
+  :small_orange_diamond: firecracker - secure and fast microVMs for serverless computing.

#### Networks  [[TOC]](#anger-table-of-contents) From 2ceab8f8a2f73709bc94ac68706b66a3fb0cf3e0 Mon Sep 17 00:00:00 2001 From: trimstray Date: Tue, 25 Jun 2019 20:03:08 +0200 Subject: [PATCH 56/93] add 'gron' - signed-off-by: trimstray --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 65cbd4c..fc0966d 100644 --- a/README.md +++ b/README.md @@ -275,7 +275,8 @@ Only main chapters:   :small_orange_diamond: Tig - text-mode interface for Git.
  :small_orange_diamond: tldr - simplified and community-driven man pages.
  :small_orange_diamond: archiver - easily create and extract .zip, .tar, .tar.gz, .tar.bz2, .tar.xz, .tar.lz4, .tar.sz, and .rar.
-  :small_orange_diamond: commander.js - minimal CLI creator in JavaScript.
+  :small_orange_diamond: commander.js - minimal CLI creator in JavaScript.
+  :small_orange_diamond: gron - make JSON greppable!

#### GUI Tools  [[TOC]](#anger-table-of-contents) From bdc1910d9b9fb9d340c49246b18b1d9ee98369db Mon Sep 17 00:00:00 2001 From: trimstray Date: Tue, 25 Jun 2019 21:07:15 +0200 Subject: [PATCH 57/93] fix typos - signed-off-by: trimstray --- README.md | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index fc0966d..9268720 100644 --- a/README.md +++ b/README.md @@ -762,7 +762,7 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: ctf-tasks - an archive of low-level CTF challenges developed over the years.
  :small_orange_diamond: How to start RE/malware analysis? - collection of some hints and useful links for the beginners.
  :small_orange_diamond: The C10K problem - it's time for web servers to handle ten thousand clients simultaneously, don't you think?
-  :small_orange_diamond: poor man's profiler - sampling tools like oprofile or dtrace's don't really provide methods to see what programs are blocking on.
+  :small_orange_diamond: poor man's profiler - sampling tools like dtrace's don't really provide methods to see what programs are blocking on.
  :small_orange_diamond: Bank Grade Security - when companies say they have "Bank Grade Security" they imply that it is a good thing.*
  :small_orange_diamond: HTTPS on Stack Overflow - this is the story of a long journey regarding the implementation of SSL.
  :small_orange_diamond: Julia's Drawings - some drawings about programming and unix world, zines about systems & debugging tools.
@@ -777,7 +777,7 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: Let's Build a Simple Database - writing a sqlite clone from scratch in C.
  :small_orange_diamond: simple-computer - great resource to understand how computers work under the hood.
  :small_orange_diamond: The story of "Have I been pwned?" - working with 154 million records on Azure Table Storage.
-  :small_orange_diamond: TOP500 Supercomputers - this list shows the 500 most powerful commercially available computer systems known to us.
+  :small_orange_diamond: TOP500 Supercomputers - shows the 500 most powerful commercially available computer systems known to us.

#### Inspiring Lists  [[TOC]](#anger-table-of-contents) @@ -1110,7 +1110,7 @@ AWS deployment tool.
  :small_orange_diamond: Microcorruption - reversal challenges done in the web interface.
  :small_orange_diamond: Crackmes - download crackmes to help improve your reverse engineering skills.
  :small_orange_diamond: DomGoat - DOM XSS security learning and practicing platform.
-  :small_orange_diamond: Stereotyped Challenges - is intended for offensive security experts who are willing to overcome situations of getting stuck in breaking into web services or web-based solutions.
+  :small_orange_diamond: Stereotyped Challenges - upgrade your web hacking techniques today!
  :small_orange_diamond: OverTheWire - can help you to learn and practice security concepts in the form of fun-filled games.
  :small_orange_diamond: Vulnhub - allows anyone to gain practical 'hands-on' experience in digital security.
  :small_orange_diamond: W3Challs - is a penetration testing training platform, which offers various computer challenges.
@@ -1119,7 +1119,6 @@ AWS deployment tool.
  :small_orange_diamond: Hack.me - a platform where you can build, host and share vulnerable web apps for educational and research purposes.
  :small_orange_diamond: HackThis! - discover how hacks, dumps and defacements are performed and secure your website against hackers.
  :small_orange_diamond: Enigma Group WebApp Training - these challenges cover the exploits listed in the OWASP Top 10 Project.
-

  :small_orange_diamond: Reverse Engineering Challenges - challenges, exercises, problems and tasks - by level, by type, and more.
  :small_orange_diamond: 0x00sec - the home of the Hacker - Malware, Reverse Engineering, and Computer Science.
  :small_orange_diamond: We Chall - there are exist a lots of different challenge types.
From 9e34f0be3d151d99de81ebef0c1429a694b44b5e Mon Sep 17 00:00:00 2001 From: trimstray Date: Wed, 26 Jun 2019 11:26:54 +0200 Subject: [PATCH 58/93] add 'PacketLife.net' - signed-off-by: trimstray --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 9268720..c85b512 100644 --- a/README.md +++ b/README.md @@ -691,6 +691,7 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: http3-explained - a document describing the HTTP/3 and QUIC protocols.
  :small_orange_diamond: Nginx Admin's Handbook - describes how to improve NGINX performance, security and other important things.
  :small_orange_diamond: openssh guideline - is to help operational teams with the configuration of OpenSSH server and client.
+  :small_orange_diamond: PacketLife.net - a place to record notes while studying for Cisco's CCNP certification.

##### :black_small_square: Large-scale systems From 9d86db5e408c879cef939930f6604459f46890d8 Mon Sep 17 00:00:00 2001 From: trimstray Date: Wed, 26 Jun 2019 13:38:19 +0200 Subject: [PATCH 59/93] update 'Best Personal Twitter Accounts' - signed-off-by: trimstray --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index c85b512..a40529e 100644 --- a/README.md +++ b/README.md @@ -928,6 +928,8 @@ CyberTalks - talks, interviews, and article about cybersecurity.
  :small_orange_diamond: @binitamshah - Linux Evangelist. Malwares. Kernel Dev. Security Enthusiast.
  :small_orange_diamond: @joe_carson - an InfoSec Professional and Tech Geek.
  :small_orange_diamond: @mikko - CRO at F-Secure, Reverse Engineer, TED Speaker, Supervillain
+  :small_orange_diamond: @esrtweet - often referred to as ESR, is an American software developer, and open-source software advocate.
+  :small_orange_diamond: @gynvael - security researcher/programmer, @DragonSectorCTF founder/player, technical streamer.

##### :black_small_square: Best Commercial Twitter Accounts From deac98103ad8498451a3867b77a92705f5dd09d9 Mon Sep 17 00:00:00 2001 From: trimstray Date: Sat, 29 Jun 2019 14:27:43 +0200 Subject: [PATCH 60/93] add 'knock' - signed-off-by: trimstray --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index a40529e..3c3399e 100644 --- a/README.md +++ b/README.md @@ -159,6 +159,7 @@ Only main chapters:   :small_orange_diamond: sublist3r - is a fast subdomains enumeration tool for penetration testers.
  :small_orange_diamond: amass - is tool that obtains subdomain names by scraping data sources, crawling web archives and more.
  :small_orange_diamond: namebench - provides personalized DNS server recommendations based on your browsing history.
+  :small_orange_diamond: knock - is a tool to enumerate subdomains on a target domain through a wordlist.
  :small_orange_diamond: dnscrypt-proxy 2 - a flexible DNS proxy, with support for encrypted DNS protocols.

From 4b416818bba1564bee0ea71faaa4533dfef4a418 Mon Sep 17 00:00:00 2001 From: trimstray Date: Tue, 2 Jul 2019 09:30:40 +0200 Subject: [PATCH 61/93] fix typo - signed-off-by: trimstray --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 3c3399e..635ab63 100644 --- a/README.md +++ b/README.md @@ -1243,7 +1243,7 @@ AWS deployment tool.
| **`JSON Beautifier`** | Beautifies JSON content in the HTTP message viewer. | | **`JSON Web Tokens`** | Enables Burp to decode and manipulate JSON web tokens. | | **`CSP Auditor`** | Displays CSP headers for responses, and passively reports CSP weaknesses. | -| **`CSP-Bypass`** | Passively scans for CSP headers that contain known bypasses.. | +| **`CSP-Bypass`** | Passively scans for CSP headers that contain known bypasses. | | **`Hackvertor`** | Converts data using a tag-based configuration to apply various encoding. | | **`Active Scan++`** | Extends Burp's active and passive scanning capabilities. | | **`HTML5 Auditor`** | Scans for usage of risky HTML5 features. | From a6bfef198a48f8b9c44729d5a6ccad98bbc50007 Mon Sep 17 00:00:00 2001 From: trimstray Date: Fri, 5 Jul 2019 15:26:06 +0200 Subject: [PATCH 62/93] add wrk2 - signed-off-by: trimstray --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 635ab63..20d95f2 100644 --- a/README.md +++ b/README.md @@ -178,6 +178,7 @@ Only main chapters:   :small_orange_diamond: ab - is a single-threaded command line tool for measuring the performance of HTTP web servers.
  :small_orange_diamond: siege - is an http load testing and benchmarking utility.
  :small_orange_diamond: wrk - is a modern HTTP benchmarking tool capable of generating significant load.
+  :small_orange_diamond: wrk2 - is a constant throughput, correct latency recording variant of wrk.
  :small_orange_diamond: bombardier - is a fast cross-platform HTTP benchmarking tool written in Go.
  :small_orange_diamond: gobench - http/https load testing and benchmarking tool.
  :small_orange_diamond: hey - HTTP load generator, ApacheBench (ab) replacement, formerly known as rakyll/boom.
From 1bd0e7d87d9efa0d160dc22ce0f49854b0a96520 Mon Sep 17 00:00:00 2001 From: trimstray Date: Sat, 6 Jul 2019 09:46:47 +0200 Subject: [PATCH 63/93] update personal twitter accounts - signed-off-by: trimstray --- README.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 20d95f2..918dfaa 100644 --- a/README.md +++ b/README.md @@ -929,9 +929,13 @@ CyberTalks - talks, interviews, and article about cybersecurity.
  :small_orange_diamond: @MarcoCiappelli - Co-Founder @ITSPmagazine, at the intersection of IT security and society.
  :small_orange_diamond: @binitamshah - Linux Evangelist. Malwares. Kernel Dev. Security Enthusiast.
  :small_orange_diamond: @joe_carson - an InfoSec Professional and Tech Geek.
-  :small_orange_diamond: @mikko - CRO at F-Secure, Reverse Engineer, TED Speaker, Supervillain
+  :small_orange_diamond: @mikko - CRO at F-Secure, Reverse Engineer, TED Speaker, Supervillain.
  :small_orange_diamond: @esrtweet - often referred to as ESR, is an American software developer, and open-source software advocate.
  :small_orange_diamond: @gynvael - security researcher/programmer, @DragonSectorCTF founder/player, technical streamer.
+  :small_orange_diamond: @x0rz - Security Researcher & Cyber Observer.
+  :small_orange_diamond: @hasherezade - programmer, malware analyst. Author of PEbear, PEsieve, libPeConv.
+  :small_orange_diamond: @TinkerSec - tinkerer, cypherpunk, hacker.
+  :small_orange_diamond: @alisaesage - independent hacker and researcher.

##### :black_small_square: Best Commercial Twitter Accounts From 338c10f616b8e628671cc4e9e2efe3bd11e6d442 Mon Sep 17 00:00:00 2001 From: trimstray Date: Wed, 10 Jul 2019 14:28:12 +0200 Subject: [PATCH 64/93] add new one-liners to 'gpg' - signed-off-by: trimstray --- README.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/README.md b/README.md index 918dfaa..f36554c 100644 --- a/README.md +++ b/README.md @@ -2453,6 +2453,13 @@ gpg --keyserver hkp://keyserver.ubuntu.com --search-keys "" * `--keyserver` - set specific key server * `--search-keys` - search for keys on a key server +###### List all of the packets in an encrypted file + +```bash +gpg --batch --list-packets archive.gpg +gpg2 --batch --list-packets archive.gpg +``` + ___ ##### Tool: [system-other](https://github.com/trimstray/the-book-of-secret-knowledge#tool-system-other) From dbd0756e30722471b4f0eab6f3e947220f63d2fd Mon Sep 17 00:00:00 2001 From: trimstray Date: Wed, 10 Jul 2019 18:00:34 +0200 Subject: [PATCH 65/93] add 'My-CTF-Web-Challenges' - signed-off-by: trimstray --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index f36554c..e56ff53 100644 --- a/README.md +++ b/README.md @@ -1046,6 +1046,7 @@ CyberTalks - talks, interviews, and article about cybersecurity.
  :small_orange_diamond: SSRF Tips - a collection of SSRF Tips.
  :small_orange_diamond: shell-storm repo CTF - great archive of CTFs.
  :small_orange_diamond: ctf - CTF (Capture The Flag) writeups, code snippets, notes, scripts.
+  :small_orange_diamond: My-CTF-Web-Challenges - collection of CTF Web challenges.
  :small_orange_diamond: MSTG - The Mobile Security Testing Guide (MSTG) is a comprehensive manual for mobile app security testing.

From 32f1f9e33f40ba89f5295a66b6af15bf9a17e1e2 Mon Sep 17 00:00:00 2001 From: trimstray Date: Fri, 12 Jul 2019 09:46:02 +0200 Subject: [PATCH 66/93] add new one-liners to 'openssl' - signed-off-by: trimstray --- README.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/README.md b/README.md index e56ff53..7594f5f 100644 --- a/README.md +++ b/README.md @@ -2308,6 +2308,20 @@ openssl x509 -signkey ${_fd} -nodes \ openssl dhparam -out /etc/nginx/ssl/dhparam_4096.pem 4096 ``` +###### Extract private key from pfx + +```bash +( _fd_pfx="cert.pfx" ; _fd_key="key.pem" ; \ +openssl pkcs12 -in ${_fd_pfx} -nocerts -nodes -out ${_fd_key} ) +``` + +###### Extract private key and certs from pfx + +```bash +( _fd_pfx="cert.pfx" ; _fd_pem="key_certs.pem" ; \ +openssl pkcs12 -in ${_fd_pfx} -nodes -out ${_fd_pem} ) +``` + ###### Convert DER to PEM ```bash From 54fd81859981ae28f8c67cbd13e5192086f06ba6 Mon Sep 17 00:00:00 2001 From: trimstray Date: Tue, 16 Jul 2019 06:55:02 +0200 Subject: [PATCH 67/93] add 'echoip' - signed-off-by: trimstray --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 7594f5f..082e9fa 100644 --- a/README.md +++ b/README.md @@ -143,6 +143,7 @@ Only main chapters:   :small_orange_diamond: iPerf3 - is a tool for active measurements of the maximum achievable bandwidth on IP networks.
  :small_orange_diamond: ethr - is a Network Performance Measurement Tool for TCP, UDP & HTTP.
  :small_orange_diamond: Etherate - is a Linux CLI based Ethernet and MPLS traffic testing tool.
+  :small_orange_diamond: echoip - is a IP address lookup service.
  :small_orange_diamond: Nemesis - packet manipulation CLI tool; craft and inject packets of several protocols.
  :small_orange_diamond: packetfu - a mid-level packet manipulation library for Ruby.
  :small_orange_diamond: Scapy - packet manipulation library; forge, send, decode, capture packets of a wide number of protocols.
From 80cf8a7ca3cf55de1c9b82b0389ef56a82386fa3 Mon Sep 17 00:00:00 2001 From: trimstray Date: Tue, 16 Jul 2019 14:07:52 +0200 Subject: [PATCH 68/93] add 'OWASP Cheat Sheet Series' - signed-off-by: trimstray --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 082e9fa..bfa6519 100644 --- a/README.md +++ b/README.md @@ -737,6 +737,7 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: OWASP ASVS 4.0 - is a list of application security requirements or tests.
  :small_orange_diamond: OWASP Testing Guide v4 - includes a "best practice" penetration testing framework.
  :small_orange_diamond: OWASP Dev Guide - this is the development version of the OWASP Developer Guide.
+  :small_orange_diamond: OWASP Cheat Sheet Series - is a collection of high value information on specific application security topics.
  :small_orange_diamond: Mozilla Web Security - help operational teams with creating secure web applications.
  :small_orange_diamond: Enable CORS - enable cross-origin resource sharing.
  :small_orange_diamond: Application Security Wiki - is an initiative to provide all application security related resources at one place.
From e14d6f6470fdd8c45ac5a574963aa3569eaf19a1 Mon Sep 17 00:00:00 2001 From: trimstray Date: Tue, 16 Jul 2019 14:10:16 +0200 Subject: [PATCH 69/93] update urls - signed-off-by: trimstray --- README.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/README.md b/README.md index bfa6519..4c1dff7 100644 --- a/README.md +++ b/README.md @@ -737,7 +737,6 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: OWASP ASVS 4.0 - is a list of application security requirements or tests.
  :small_orange_diamond: OWASP Testing Guide v4 - includes a "best practice" penetration testing framework.
  :small_orange_diamond: OWASP Dev Guide - this is the development version of the OWASP Developer Guide.
-  :small_orange_diamond: OWASP Cheat Sheet Series - is a collection of high value information on specific application security topics.
  :small_orange_diamond: Mozilla Web Security - help operational teams with creating secure web applications.
  :small_orange_diamond: Enable CORS - enable cross-origin resource sharing.
  :small_orange_diamond: Application Security Wiki - is an initiative to provide all application security related resources at one place.
@@ -1036,7 +1035,7 @@ CyberTalks - talks, interviews, and article about cybersecurity.
  :small_orange_diamond: PayloadsAllTheThings - a list of useful payloads and bypass for Web Application Security and Pentest/CTF.
  :small_orange_diamond: payloads - git all the Payloads! A collection of web attack payloads.
  :small_orange_diamond: Pentesting Tools Cheat Sheet - a quick reference high level overview for typical penetration testing engagements.
-  :small_orange_diamond: OWASP Cheat Sheet Series - collection of high value information on specific application security topics.
+  :small_orange_diamond: OWASP Cheat Sheet Series - is a collection of high value information on specific application security topics.
  :small_orange_diamond: DEF CON Media Server - great stuff from DEFCON.
  :small_orange_diamond: Awesome Malware Analysis - a curated list of awesome malware analysis tools and resources.
  :small_orange_diamond: SQL Injection Cheat Sheet - detailed technical information about the many different variants of the SQL Injection.
From 2da46678c4d1849966a3e984545e4cf110fb07ac Mon Sep 17 00:00:00 2001 From: trimstray Date: Wed, 17 Jul 2019 07:05:16 +0200 Subject: [PATCH 70/93] add 'OWASP dependency-check' - signed-off-by: trimstray --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 4c1dff7..2482bcf 100644 --- a/README.md +++ b/README.md @@ -1036,6 +1036,7 @@ CyberTalks - talks, interviews, and article about cybersecurity.
  :small_orange_diamond: payloads - git all the Payloads! A collection of web attack payloads.
  :small_orange_diamond: Pentesting Tools Cheat Sheet - a quick reference high level overview for typical penetration testing engagements.
  :small_orange_diamond: OWASP Cheat Sheet Series - is a collection of high value information on specific application security topics.
+  :small_orange_diamond: OWASP dependency-check - is an open source solution the OWASP Top 10 2013 entry: A9 - Using Components with Known Vulnerabilities.
  :small_orange_diamond: DEF CON Media Server - great stuff from DEFCON.
  :small_orange_diamond: Awesome Malware Analysis - a curated list of awesome malware analysis tools and resources.
  :small_orange_diamond: SQL Injection Cheat Sheet - detailed technical information about the many different variants of the SQL Injection.
From 55390348dbc21f42904c0a76737a9d6e008c2d86 Mon Sep 17 00:00:00 2001 From: trimstray Date: Wed, 17 Jul 2019 13:38:14 +0200 Subject: [PATCH 71/93] update 'Generate CSR with -config param' - signed-off-by: trimstray --- README.md | 38 +++++++++++++++++++++++++++----------- 1 file changed, 27 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index 2482bcf..1f5a215 100644 --- a/README.md +++ b/README.md @@ -2214,19 +2214,19 @@ openssl req -new -sha256 -key ${_fd} -out ${_fd_csr} \ -config <( cat <<-EOF [req] -default_bits = 2048 -prompt = no -default_md = sha256 -req_extensions = req_ext -distinguished_name = dn +default_bits = 2048 +default_md = sha256 +prompt = no +distinguished_name = dn +req_extensions = req_ext [ dn ] -C= -ST= -L= -O= -OU=
-CN= +C = "" +ST = "" +L = "" +O = "" +OU = "
" +CN = "" [ req_ext ] subjectAltName = @alt_names @@ -2239,6 +2239,22 @@ EOF )) ``` +Other values in `[ dn ]`: + + > Look at this great explanation: [How to create multidomain certificates using config files](https://apfelboymchen.net/gnu/notes/openssl%20multidomain%20with%20config%20files.html) + +``` +countryName = "DE" # C= +stateOrProvinceName = "Hessen" # ST= +localityName = "Keller" # L= +postalCode = "424242" # L/postalcode= +streetAddress = "Crater 1621" # L/street= +organizationName = "apfelboymschule" # O= +organizationalUnitName = "IT Department" # OU= +commonName = "example.com" # CN= +emailAddress = "webmaster@example.com" # CN/emailAddress= +``` + ###### List available EC curves ```bash From 201de6368105a46373508a16725f11df8ed7781e Mon Sep 17 00:00:00 2001 From: trimstray Date: Thu, 18 Jul 2019 09:37:09 +0200 Subject: [PATCH 72/93] add 'Verify 0-RTT' - signed-off-by: trimstray --- README.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/README.md b/README.md index 1f5a215..aa9cb72 100644 --- a/README.md +++ b/README.md @@ -2139,6 +2139,21 @@ openssl s_client -tls1_2 -connect google.com:443 openssl s_client -cipher 'AES128-SHA' -connect google.com:443 ``` +###### Verify 0-RTT + +```bash +_host="example.com" + +cat > req.in << __EOF__ +HEAD / HTTP/1.1 +Host: $_host +Connection: close +__EOF__ + +openssl s_client -connect ${_host}:443 -tls1_3 -sess_out session.pem -ign_eof < req.in +openssl s_client -connect ${_host}:443 -tls1_3 -sess_in session.pem -early_data req.in +``` + ###### Generate private key without passphrase ```bash From d93449756452aecae818ebcb4593d0d692545f77 Mon Sep 17 00:00:00 2001 From: trimstray Date: Fri, 19 Jul 2019 07:36:37 +0200 Subject: [PATCH 73/93] minor update - signed-off-by: trimstray --- CONTRIBUTING.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index ad9ec2e..9f4a5ac 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,5 +1,7 @@ # Contributing + > _A real community, however, exists only when its members interact in a meaningful way that deepens their understanding of each other and leads to learning._ + If you would like to support this project, have an interesting idea how to improve the operation of this tool, or if you found some errors - fork this, add your fixes, and add a pull request of your branch to the **master branch**. ## Signature of commit From ea08d58fc86b20e1d187c6e4bf20e7e937ada606 Mon Sep 17 00:00:00 2001 From: trimstray Date: Mon, 22 Jul 2019 14:40:58 +0200 Subject: [PATCH 74/93] add 'netograph' - signed-off-by: trimstray --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index aa9cb72..dc19970 100644 --- a/README.md +++ b/README.md @@ -484,6 +484,7 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: Shodan 2000 - do you use Shodan for everyday work? This tool looks for randomly generated data from Shodan.
  :small_orange_diamond: GreyNoise - mass scanner such as Shodan and Censys.
  :small_orange_diamond: ZoomEye - search engine for cyberspace that lets the user find specific network components.
+  :small_orange_diamond: netograph - tools to monitor and understand deep structure of the web.
  :small_orange_diamond: FOFA - is a cyberspace search engine.
  :small_orange_diamond: onyphe - is a search engine for open-source and cyber threat intelligence data collected.
  :small_orange_diamond: IntelligenceX - is a search engine and data archive.
From cc152d9aad78eb23f1f09ac2bd24db1f55fe60e2 Mon Sep 17 00:00:00 2001 From: Lord Deruyter Date: Wed, 24 Jul 2019 21:55:15 +0200 Subject: [PATCH 75/93] description update --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 2bf4536..f74a805 100644 --- a/README.md +++ b/README.md @@ -581,7 +581,7 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: OpenBSD - multi-platform 4.4BSD-based UNIX-like operating system.
  :small_orange_diamond: HardenedBSD - HardenedBSD aims to implement innovative exploit mitigation and security solutions.
  :small_orange_diamond: Kali Linux - Linux distribution used for Penetration Testing, Ethical Hacking and network security assessments.
-  :small_orange_diamond: Pentoo - Featuring packet injection patched wifi drivers for penetration testing and security assessments.
+  :small_orange_diamond: Pentoo - is a security-focused livecd based on Gentoo.
  :small_orange_diamond: Backbox Linux - penetration test and security assessment oriented Ubuntu-based Linux distribution.
  :small_orange_diamond: BlackArch - is an Arch Linux-based penetration testing distribution for penetration testers and security researchers.
  :small_orange_diamond: Security Onion - Linux distro for intrusion detection, enterprise security monitoring, and log management.
From 23fd4569ea8c9394ea109511410653f2d03f3283 Mon Sep 17 00:00:00 2001 From: trimstray Date: Wed, 24 Jul 2019 22:04:19 +0200 Subject: [PATCH 76/93] minor fix - signed-off-by: trimstray --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 779dbc9..3e86e7e 100644 --- a/README.md +++ b/README.md @@ -1038,7 +1038,7 @@ CyberTalks - talks, interviews, and article about cybersecurity.
  :small_orange_diamond: payloads - git all the Payloads! A collection of web attack payloads.
  :small_orange_diamond: Pentesting Tools Cheat Sheet - a quick reference high level overview for typical penetration testing engagements.
  :small_orange_diamond: OWASP Cheat Sheet Series - is a collection of high value information on specific application security topics.
-  :small_orange_diamond: OWASP dependency-check - is an open source solution the OWASP Top 10 2013 entry: A9 - Using Components with Known Vulnerabilities.
+  :small_orange_diamond: OWASP dependency-check - is an open source solution the OWASP Top 10 2013 entry.
  :small_orange_diamond: DEF CON Media Server - great stuff from DEFCON.
  :small_orange_diamond: Awesome Malware Analysis - a curated list of awesome malware analysis tools and resources.
  :small_orange_diamond: SQL Injection Cheat Sheet - detailed technical information about the many different variants of the SQL Injection.
From 9bb87f4e264979481c56842c9aa48b086f2f3460 Mon Sep 17 00:00:00 2001 From: trimstray Date: Mon, 12 Aug 2019 09:06:05 +0200 Subject: [PATCH 77/93] add 'LeakLooker' and 'iptables-tracer' - signed-off-by: trimstray --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 3e86e7e..4f45ca6 100644 --- a/README.md +++ b/README.md @@ -150,6 +150,7 @@ Only main chapters:   :small_orange_diamond: impacket - is a collection of Python classes for working with network protocols.
  :small_orange_diamond: ssh-audit - is a tool for SSH server auditing.
  :small_orange_diamond: aria2 - is a lightweight multi-protocol & multi-source command-line download utility.
+  :small_orange_diamond: iptables-tracer - observe the path of packets through the iptables chains.

##### :black_small_square: Network (DNS) @@ -991,6 +992,7 @@ CyberTalks - talks, interviews, and article about cybersecurity.
  :small_orange_diamond: p0f - is a tool to identify the players behind any incidental TCP/IP communications.
  :small_orange_diamond: Recon-ng - is a full-featured Web Reconnaissance framework written in Python.
  :small_orange_diamond: ssh_scan - a prototype SSH configuration and policy scanner.
+  :small_orange_diamond: LeakLooker - find open databases - powered by Binaryedge.io
  :small_orange_diamond: exploitdb - searchable archive from The Exploit Database.
  :small_orange_diamond: ctf-tools - some setup scripts for security research tools.
  :small_orange_diamond: pwntools - CTF framework and exploit development library.
From cb6857596003bd8cc85ac294b03afc7b0bd81f2c Mon Sep 17 00:00:00 2001 From: trimstray Date: Wed, 14 Aug 2019 13:02:21 +0200 Subject: [PATCH 78/93] add 'Internal-Pentest-Playbook' - signed-off-by: trimstray --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 4f45ca6..625b237 100644 --- a/README.md +++ b/README.md @@ -1054,6 +1054,7 @@ CyberTalks - talks, interviews, and article about cybersecurity.
  :small_orange_diamond: ctf - CTF (Capture The Flag) writeups, code snippets, notes, scripts.
  :small_orange_diamond: My-CTF-Web-Challenges - collection of CTF Web challenges.
  :small_orange_diamond: MSTG - The Mobile Security Testing Guide (MSTG) is a comprehensive manual for mobile app security testing.
+  :small_orange_diamond: Internal-Pentest-Playbook - notes on the most common things for an Internal Network Penetration Test.

##### :black_small_square: Wordlists and Weak passwords From 50d793c355f4b19e0b4ca4d3c01b5b56b5e2d508 Mon Sep 17 00:00:00 2001 From: trimstray Date: Thu, 15 Aug 2019 10:15:36 +0200 Subject: [PATCH 79/93] add 'BillCipher' - signed-off-by: trimstray --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 625b237..2e67733 100644 --- a/README.md +++ b/README.md @@ -986,6 +986,7 @@ CyberTalks - talks, interviews, and article about cybersecurity.
  :small_orange_diamond: XSStrike - most advanced XSS detection suite.
  :small_orange_diamond: Sn1per - automated pentest framework for offensive security experts.
  :small_orange_diamond: aquatone - a tool for domain flyovers.
+  :small_orange_diamond: BillCipher - information gathering tool for a website or IP address.
  :small_orange_diamond: WhatWaf - detect and bypass web application firewalls and protection systems.
  :small_orange_diamond: John The Ripper - is a fast password cracker, currently available for many flavors of Unix, Windows, and other.
  :small_orange_diamond: hashcat - world's fastest and most advanced password recovery utility.
From ff309a28df3d579796365330da534e12421383b5 Mon Sep 17 00:00:00 2001 From: trimstray Date: Fri, 16 Aug 2019 09:58:53 +0200 Subject: [PATCH 80/93] add 'juicy-ctf' - signed-off-by: trimstray --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 2e67733..c7dc486 100644 --- a/README.md +++ b/README.md @@ -1089,6 +1089,7 @@ CyberTalks - talks, interviews, and article about cybersecurity.
  :small_orange_diamond: DVWA - PHP/MySQL web application that is damn vulnerable.
  :small_orange_diamond: OWASP Mutillidae II - free, open source, deliberately vulnerable web-application.
  :small_orange_diamond: OWASP Juice Shop Project - the most bug-free vulnerable application in existence.
+  :small_orange_diamond: juicy-ctf - run Capture the Flags and Security Trainings with OWASP Juice Shop.
  :small_orange_diamond: OWASP WebGoat Project - insecure web application maintained by OWASP designed to teach web app security.
  :small_orange_diamond: Security Ninjas - open source application security training program.
  :small_orange_diamond: hackazon - a modern vulnerable web app.
From e3602cff60d8473b29d0a92759c44ce6b0f855f8 Mon Sep 17 00:00:00 2001 From: trimstray Date: Fri, 16 Aug 2019 12:43:45 +0200 Subject: [PATCH 81/93] add system hardening frameworks - signed-off-by: trimstray --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index c7dc486..39a82f8 100644 --- a/README.md +++ b/README.md @@ -211,6 +211,8 @@ Only main chapters:

  :small_orange_diamond: SELinux - provides a flexible Mandatory Access Control (MAC) system built into the Linux kernel.
  :small_orange_diamond: AppArmor - proactively protects the operating system and applications from external or internal threats.
+  :small_orange_diamond: grapheneX - Automated System Hardening Framework.
+  :small_orange_diamond: DevSec Hardening Framework - Security + DevOps: Automatic Server Hardening.

##### :black_small_square: Auditing Tools From 3a0aace0651d3d7c12bb866bf4e69e954c0d50e6 Mon Sep 17 00:00:00 2001 From: Swapneel Patnekar <47823077+swapneelp@users.noreply.github.com> Date: Sat, 17 Aug 2019 17:06:05 +0530 Subject: [PATCH 82/93] Added dnsdbq API client Added dnsdbq API client --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 39a82f8..0bc14b4 100644 --- a/README.md +++ b/README.md @@ -163,6 +163,7 @@ Only main chapters:   :small_orange_diamond: namebench - provides personalized DNS server recommendations based on your browsing history.
  :small_orange_diamond: knock - is a tool to enumerate subdomains on a target domain through a wordlist.
  :small_orange_diamond: dnscrypt-proxy 2 - a flexible DNS proxy, with support for encrypted DNS protocols.
+  :small_orange_diamond: dnsdbq - API Client providing access to passive DNS database systems (pDNS at Farsight Security, CIRCL pDNS)

##### :black_small_square: Network (HTTP) From 90b258d830b0b1b51179dd523306e9b443a0eda1 Mon Sep 17 00:00:00 2001 From: "@trimstray" Date: Sun, 18 Aug 2019 08:15:54 +0200 Subject: [PATCH 83/93] fix typo --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 0bc14b4..788d767 100644 --- a/README.md +++ b/README.md @@ -163,7 +163,7 @@ Only main chapters:   :small_orange_diamond: namebench - provides personalized DNS server recommendations based on your browsing history.
  :small_orange_diamond: knock - is a tool to enumerate subdomains on a target domain through a wordlist.
  :small_orange_diamond: dnscrypt-proxy 2 - a flexible DNS proxy, with support for encrypted DNS protocols.
-  :small_orange_diamond: dnsdbq - API Client providing access to passive DNS database systems (pDNS at Farsight Security, CIRCL pDNS) +  :small_orange_diamond: dnsdbq - API client providing access to passive DNS database systems (pDNS at Farsight Security, CIRCL pDNS).

##### :black_small_square: Network (HTTP) From a61d601aadc31a31ee8f02673455ed1bae04f09c Mon Sep 17 00:00:00 2001 From: trimstray Date: Mon, 19 Aug 2019 07:32:04 +0200 Subject: [PATCH 84/93] add 'security-bulletins' by Netflix - signed-off-by: trimstray --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 788d767..8ac11e5 100644 --- a/README.md +++ b/README.md @@ -744,6 +744,7 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: OWASP Testing Guide v4 - includes a "best practice" penetration testing framework.
  :small_orange_diamond: OWASP Dev Guide - this is the development version of the OWASP Developer Guide.
  :small_orange_diamond: Mozilla Web Security - help operational teams with creating secure web applications.
+  :small_orange_diamond: security-bulletins - security bulletins that relate to Netflix Open Source.
  :small_orange_diamond: Enable CORS - enable cross-origin resource sharing.
  :small_orange_diamond: Application Security Wiki - is an initiative to provide all application security related resources at one place.
  :small_orange_diamond: Weird Proxies - reverse proxy related attacks; it is a result of analysis of various reverse proxies, cache proxies, etc.
From f288eeb60526c630e8f974c3f9261edfdb6f89a7 Mon Sep 17 00:00:00 2001 From: trimstray Date: Tue, 20 Aug 2019 07:32:52 +0200 Subject: [PATCH 85/93] add 'Containers/Orchestration' chapter - signed-off-by: trimstray --- README.md | 39 ++++++++++++++++++++++++++++++++++++--- 1 file changed, 36 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 8ac11e5..8443979 100644 --- a/README.md +++ b/README.md @@ -74,6 +74,7 @@ Only main chapters: - **[Web Tools](#web-tools-toc)** - **[Systems/Services](#systemsservices-toc)** - **[Networks](#networks-toc)** +- **[Containers/Orchestration](#containersorchestration-toc) - **[Manuals/Howtos/Tutorials](#manualshowtostutorials-toc)** - **[Inspiring Lists](#inspiring-lists-toc)** - **[Blogs/Podcasts/Videos](#blogspodcastsvideos-toc)** @@ -607,7 +608,6 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: Tengine - a distribution of Nginx with some advanced features.
  :small_orange_diamond: Caddy Server - is an open source, HTTP/2-enabled web server with HTTPS by default.
  :small_orange_diamond: HAProxy - the reliable, high performance TCP/HTTP load balancer.
-  :small_orange_diamond: Traefik - open source reverse proxy/load balancer provides easier integration with Docker and Let's encrypt.

##### :black_small_square: DNS Services @@ -655,6 +655,41 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: LBNL's Network Research Group - home page of the Network Research Group (NRG); tools, talks, papers and more.

+#### Containers/Orchestration  [[TOC]](#anger-table-of-contents) + +##### :black_small_square: CLI Tools + +

+  :small_orange_diamond: gvisor - container runtime sandbox.
+  :small_orange_diamond: ctop - top-like interface for container metrics.
+  :small_orange_diamond: docker-bench-security - is a script that checks for dozens of common best-practices around deploying Docker.
+

+ +##### :black_small_square: Web Tools + +

+  :small_orange_diamond: Moby - a collaborative project for the container ecosystem to assemble container-based system.
+  :small_orange_diamond: Traefik - open source reverse proxy/load balancer provides easier integration with Docker and Let's encrypt.
+  :small_orange_diamond: kong - The Cloud-Native API Gateway.
+  :small_orange_diamond: rancher - complete container management platform.
+  :small_orange_diamond: portainer - making Docker management easy.
+  :small_orange_diamond: nginx-proxy - automated nginx proxy for Docker containers using docker-gen.
+

+ +##### :black_small_square: Manuals/Tutorials/Best Practices + +

+  :small_orange_diamond: docker-cheat-sheet - a quick reference cheat sheet on Docker.
+  :small_orange_diamond: awesome-docker - a curated list of Docker resources and projects.
+  :small_orange_diamond: docker_practice - learn and understand Docker technologies, with real DevOps practice!
+  :small_orange_diamond: labs + - is a collection of tutorials for learning how to use Docker with various tools.
+  :small_orange_diamond: dockerfiles - various Dockerfiles I use on the desktop and on servers.
+  :small_orange_diamond: kubernetes-the-hard-way - bootstrap Kubernetes the hard way on Google Cloud Platform. No scripts.
+  :small_orange_diamond: kubernetes-the-easy-way - bootstrap Kubernetes the easy way on Google Cloud Platform. No scripts.
+  :small_orange_diamond: k8s-security - kubernetes security notes and best practices.
+

+ #### Manuals/Howtos/Tutorials  [[TOC]](#anger-table-of-contents) ##### :black_small_square: Shell/Command line @@ -805,8 +840,6 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: Awesome Postgres - list of awesome PostgreSQL software, libraries, tools and resources.
  :small_orange_diamond: quick-SQL-cheatsheet - a quick reminder of all SQL queries and examples on how to use them.
  :small_orange_diamond: Awesome-Selfhosted - list of Free Software network services and web applications which can be hosted locally.
-  :small_orange_diamond: kubernetes-the-hard-way - bootstrap Kubernetes the hard way on Google Cloud Platform. No scripts.
-  :small_orange_diamond: kubernetes-the-easy-way - bootstrap Kubernetes the easy way on Google Cloud Platform. No scripts.
  :small_orange_diamond: List of applications - huge collection of applications sorted by category, as a reference for those looking for packages.

From 710c22199c4563d0c7f4be9bc5b055be53b1e9bf Mon Sep 17 00:00:00 2001 From: trimstray Date: Tue, 20 Aug 2019 07:36:43 +0200 Subject: [PATCH 86/93] #99 - add 'Parrot Security OS' - signed-off-by: trimstray --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 8443979..5910304 100644 --- a/README.md +++ b/README.md @@ -593,9 +593,10 @@ performance of any of your sites from across the globe.
  :small_orange_diamond: OpenBSD - multi-platform 4.4BSD-based UNIX-like operating system.
  :small_orange_diamond: HardenedBSD - HardenedBSD aims to implement innovative exploit mitigation and security solutions.
  :small_orange_diamond: Kali Linux - Linux distribution used for Penetration Testing, Ethical Hacking and network security assessments.
-  :small_orange_diamond: Pentoo - is a security-focused livecd based on Gentoo.
+  :small_orange_diamond: Parrot Security OS - cyber security GNU/Linux environment.
  :small_orange_diamond: Backbox Linux - penetration test and security assessment oriented Ubuntu-based Linux distribution.
  :small_orange_diamond: BlackArch - is an Arch Linux-based penetration testing distribution for penetration testers and security researchers.
+  :small_orange_diamond: Pentoo - is a security-focused livecd based on Gentoo.
  :small_orange_diamond: Security Onion - Linux distro for intrusion detection, enterprise security monitoring, and log management.
  :small_orange_diamond: Tails - is a live system that aims to preserve your privacy and anonymity.

From 8f77357b0c1569bac720882f7dbda3787e000d9b Mon Sep 17 00:00:00 2001 From: trimstray Date: Tue, 20 Aug 2019 07:39:08 +0200 Subject: [PATCH 87/93] fix in TOC - signed-off-by: trimstray --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 5910304..43a6df3 100644 --- a/README.md +++ b/README.md @@ -74,7 +74,7 @@ Only main chapters: - **[Web Tools](#web-tools-toc)** - **[Systems/Services](#systemsservices-toc)** - **[Networks](#networks-toc)** -- **[Containers/Orchestration](#containersorchestration-toc) +- **[Containers/Orchestration](#containersorchestration-toc)** - **[Manuals/Howtos/Tutorials](#manualshowtostutorials-toc)** - **[Inspiring Lists](#inspiring-lists-toc)** - **[Blogs/Podcasts/Videos](#blogspodcastsvideos-toc)** From a6f0e9e640b6b841dfffca5fd3f4b41ffc8fa4a7 Mon Sep 17 00:00:00 2001 From: trimstray Date: Wed, 21 Aug 2019 00:03:49 +0200 Subject: [PATCH 88/93] add 'secDevLabs' - signed-off-by: trimstray --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 43a6df3..41aaa93 100644 --- a/README.md +++ b/README.md @@ -1138,6 +1138,7 @@ CyberTalks - talks, interviews, and article about cybersecurity.
  :small_orange_diamond: vulhub - pre-built Vulnerable Environments based on docker-compose.
  :small_orange_diamond: CloudGoat 2 - the new & improved "Vulnerable by Design" AWS deployment tool.
+  :small_orange_diamond: secDevLabs - is a laboratory for learning secure web development in a practical manner.

##### :black_small_square: Labs (ethical hacking platforms/trainings/CTFs) From 749f5550bb89a351b4c59dce7411ddf7d0060350 Mon Sep 17 00:00:00 2001 From: trimstray Date: Thu, 22 Aug 2019 08:04:13 +0200 Subject: [PATCH 89/93] add 'CORS-vulnerable-Lab' - signed-off-by: trimstray --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 41aaa93..280ae17 100644 --- a/README.md +++ b/README.md @@ -1139,6 +1139,7 @@ CyberTalks - talks, interviews, and article about cybersecurity.
  :small_orange_diamond: CloudGoat 2 - the new & improved "Vulnerable by Design" AWS deployment tool.
  :small_orange_diamond: secDevLabs - is a laboratory for learning secure web development in a practical manner.
+  :small_orange_diamond: CORS-vulnerable-Lab - sample vulnerable code and its exploit code.

##### :black_small_square: Labs (ethical hacking platforms/trainings/CTFs) From 96569f2f77ea3c5a9ccdadec4c834086732d01ad Mon Sep 17 00:00:00 2001 From: trimstray Date: Sun, 25 Aug 2019 09:02:43 +0200 Subject: [PATCH 90/93] add 'statistically-likely-usernames' - signed-off-by: trimstray --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 280ae17..133d0ca 100644 --- a/README.md +++ b/README.md @@ -1105,6 +1105,7 @@ CyberTalks - talks, interviews, and article about cybersecurity.
  :small_orange_diamond: Probable-Wordlists - sorted by probability originally created for password generation and testing.
  :small_orange_diamond: skullsecurity passwords - password dictionaries and leaked passwords repository.
  :small_orange_diamond: Polish PREMIUM Dictionary - official dictionary created by the team on the forum bezpieka.org.* 1
+  :small_orange_diamond: statistically-likely-usernames - wordlists for creating statistically likely username lists for use in password attacks.

##### :black_small_square: Bounty platforms From 14906ba9ce019d25803059b1467529ee35321d87 Mon Sep 17 00:00:00 2001 From: trimstray Date: Mon, 26 Aug 2019 18:01:08 +0200 Subject: [PATCH 91/93] add 'ThreatHunter-Playbook' - signed-off-by: trimstray --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 133d0ca..7b8a35e 100644 --- a/README.md +++ b/README.md @@ -1075,6 +1075,7 @@ CyberTalks - talks, interviews, and article about cybersecurity.
  :small_orange_diamond: Web App Pentesting Cheat Sheet - the typical steps performed when conducting a web application penetration test.*
  :small_orange_diamond: Cyber Security Resources - includes thousands of cybersecurity-related references and resources.
  :small_orange_diamond: Pentest Bookmarks - there are a LOT of pentesting blogs.
+  :small_orange_diamond: ThreatHunter-Playbook - to aid the development of techniques and hypothesis for hunting campaigns.
  :small_orange_diamond: PayloadsAllTheThings - a list of useful payloads and bypass for Web Application Security and Pentest/CTF.
  :small_orange_diamond: payloads - git all the Payloads! A collection of web attack payloads.
  :small_orange_diamond: Pentesting Tools Cheat Sheet - a quick reference high level overview for typical penetration testing engagements.
From 864ae21c2bb85035717ac96e17c90e2c78cc009d Mon Sep 17 00:00:00 2001 From: trimstray Date: Wed, 28 Aug 2019 07:30:55 +0200 Subject: [PATCH 92/93] add 'KeyHacks' - signed-off-by: trimstray --- README.md | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 7b8a35e..3138af9 100644 --- a/README.md +++ b/README.md @@ -1052,12 +1052,6 @@ CyberTalks - talks, interviews, and article about cybersecurity.
  :small_orange_diamond: AutoSploit - automated mass exploiter.

-##### :black_small_square: Backdoors/exploits - -

-  :small_orange_diamond: PHP-backdoors - a collection of PHP backdoors. For educational or testing purposes only.
-

- ##### :black_small_square: Pentests bookmarks collection

@@ -1095,6 +1089,13 @@ CyberTalks - talks, interviews, and article about cybersecurity.
  :small_orange_diamond: My-CTF-Web-Challenges - collection of CTF Web challenges.
  :small_orange_diamond: MSTG - The Mobile Security Testing Guide (MSTG) is a comprehensive manual for mobile app security testing.
  :small_orange_diamond: Internal-Pentest-Playbook - notes on the most common things for an Internal Network Penetration Test.
+  :small_orange_diamond: KeyHacks - shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.
+

+ +##### :black_small_square: Backdoors/exploits + +

+  :small_orange_diamond: PHP-backdoors - a collection of PHP backdoors. For educational or testing purposes only.

##### :black_small_square: Wordlists and Weak passwords From 6454d20d315f1a5c96592ea5ee8f0bbb59d89ebe Mon Sep 17 00:00:00 2001 From: trimstray Date: Wed, 28 Aug 2019 08:45:12 +0200 Subject: [PATCH 93/93] fix typos - signed-off-by: trimstray --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 3138af9..ae7e5d7 100644 --- a/README.md +++ b/README.md @@ -1089,7 +1089,7 @@ CyberTalks - talks, interviews, and article about cybersecurity.
  :small_orange_diamond: My-CTF-Web-Challenges - collection of CTF Web challenges.
  :small_orange_diamond: MSTG - The Mobile Security Testing Guide (MSTG) is a comprehensive manual for mobile app security testing.
  :small_orange_diamond: Internal-Pentest-Playbook - notes on the most common things for an Internal Network Penetration Test.
-  :small_orange_diamond: KeyHacks - shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.
+  :small_orange_diamond: KeyHacks - shows quick ways in which API keys leaked by a bug bounty program can be checked.

##### :black_small_square: Backdoors/exploits