I use 1Password password manager for saving all my passwords, various other credentials and private notes and it has been a lifesaver thus far. Having a unique password for all my accounts and using 2FA wherever available means I should be quite safe in case any of my accounts gets breached or the password gets leaked.

Links

• ​Lynis - Security auditing and hardening tool, for UNIX-based systems.

• ​Theo De Raadt presented "Pledge: A new security technology in OpenBSD" - Great talk.

• ​SeKey - Use Touch ID / Secure Enclave for SSH Authentication.

• ​DEF CON 26 - Christopher Domas - GOD MODE UNLOCKED Hardware Backdoors in redacted x86 (2018)​

• ​SOPS - Editor of encrypted files that supports YAML, JSON, ENV, INI and BINARY formats and encrypts with AWS KMS, GCP KMS, Azure Key Vault and PGP.

• ​ClusterFuzz - Scalable fuzzing infrastructure which finds security and stability issues in software.

• ​Some security related notes​

• ​RAMBleed - Reading Bits in Memory Without Accessing Them.

• ​Sliver - General purpose cross-platform implant framework that supports C2 over Mutual-TLS, HTTP(S), and DNS.

• ​Infosec_Reference - Information Security Reference That Doesn't Suck.

• ​Messaging Layer Security (MLS) - Security layer for encrypting messages in groups of size two to many.

• ​Molasses - Rust implementation of the Message Layer Security group messaging protocol.

• ​mkcert - Simple zero-config tool to make locally trusted development certificates with any names you'd like.

• ​Boulder - ACME-based CA, written in Go.

• ​If you were tasked to conduct a security audit on a server/database-backed web app, where would you start? (2019)​

• ​Resilience engineering papers​

• ​How Monzo security team handle secrets (2019)​

• ​HoneyTrap - Extensible and opensource system for running, monitoring and managing honeypots.

• ​Flan Scan - Lightweight network vulnerability scanner.

• ​SSL/TLS Deployment Best Practices - Ivan Ristic (2017)​

• ​Hardenize - Meet the new standard for network and security configuration monitoring.

• ​american fuzzy lop - Security-oriented fuzzer.

• ​Pwnagotchi - Deep Reinforcement Learning instrumenting bettercap for WiFi pwning.

• ​is-website-vulnerable - Finds publicly known security vulnerabilities in a website's frontend JavaScript libraries.

• ​camo - HTTP proxy to route images through SSL. Making insecure assets look secure.

• ​Vault - Tool for secrets management, encryption as a service, and privileged access management.

• ​Awesome Hacking​

• ​OSS-Fuzz - Continuous Fuzzing for Open Source Software.

• ​Wifiphisher - Rogue Access Point framework for conducting red team engagements or Wi-Fi security testing. (Code)

• ​crunchy - Finds common flaws in passwords. Like cracklib, but written in Go.

• ​Redirect attack on Shadowsocks stream ciphers​

• ​Dispatch - All of the ad-hoc things you're doing to manage incidents today, done for you, and much more.

• ​Sublist3r - Fast subdomains enumeration tool for penetration testers.

• ​disclose.io - Cross-industry, vendor-agnostic standardization project for safe harbor† best practices to enable good-faith security research. (Code)

• ​Awesome Zero trust - Curated collection of awesome resources for the zero-trust security model.

• ​CS 253 Web Security (2019) (Videos)

• ​vaulted - Spawning and storage of secure environments.

• ​Destructive Farm - Exploit farm for attack-defense CTF competitions.

• ​Panther - Cloud-native platform for detecting threats with log data, improving cloud security posture, and conducting investigations.