Security

I use 1Password password manager for saving all my passwords, various other credentials and private notes and it has been a lifesaver thus far. Having a unique password for all my accounts and using 2FA wherever available means I should be quite safe in case any of my accounts gets breached or the password gets leaked.
Links
​Lynis - Security auditing and hardening tool, for UNIX-based systems.
​Theo De Raadt presented "Pledge: A new security technology in OpenBSD" - Great talk.
​SeKey - Use Touch ID / Secure Enclave for SSH Authentication.
​DEF CON 26 - Christopher Domas - GOD MODE UNLOCKED Hardware Backdoors in redacted x86 (2018)​
​SOPS - Editor of encrypted files that supports YAML, JSON, ENV, INI and BINARY formats and encrypts with AWS KMS, GCP KMS, Azure Key Vault and PGP.
​ClusterFuzz - Scalable fuzzing infrastructure which finds security and stability issues in software.
​Some security related notes​
​RAMBleed - Reading Bits in Memory Without Accessing Them.
​Sliver - General purpose cross-platform implant framework that supports C2 over Mutual-TLS, HTTP(S), and DNS.
​Infosec_Reference - Information Security Reference That Doesn't Suck.
​Messaging Layer Security (MLS) - Security layer for encrypting messages in groups of size two to many.
​Molasses - Rust implementation of the Message Layer Security group messaging protocol.
​mkcert - Simple zero-config tool to make locally trusted development certificates with any names you'd like.
​Boulder - ACME-based CA, written in Go.
​If you were tasked to conduct a security audit on a server/database-backed web app, where would you start? (2019)​
​Resilience engineering papers​
​How Monzo security team handle secrets (2019)​
​HoneyTrap - Extensible and opensource system for running, monitoring and managing honeypots.
​Flan Scan - Lightweight network vulnerability scanner.
​SSL/TLS Deployment Best Practices - Ivan Ristic (2017)​
​Hardenize - Meet the new standard for network and security configuration monitoring.
​american fuzzy lop - Security-oriented fuzzer.
​Pwnagotchi - Deep Reinforcement Learning instrumenting bettercap for WiFi pwning.
​is-website-vulnerable - Finds publicly known security vulnerabilities in a website's frontend JavaScript libraries.
​camo - HTTP proxy to route images through SSL. Making insecure assets look secure.
​Vault - Tool for secrets management, encryption as a service, and privileged access management.
​Awesome Hacking​
​OSS-Fuzz - Continuous Fuzzing for Open Source Software.
​Wifiphisher - Rogue Access Point framework for conducting red team engagements or Wi-Fi security testing. (Code)
​crunchy - Finds common flaws in passwords. Like cracklib, but written in Go.
​Redirect attack on Shadowsocks stream ciphers​
​Dispatch - All of the ad-hoc things you're doing to manage incidents today, done for you, and much more.
​Sublist3r - Fast subdomains enumeration tool for penetration testers.
​disclose.io - Cross-industry, vendor-agnostic standardization project for safe harbor† best practices to enable good-faith security research. (Code)
​Awesome Zero trust - Curated collection of awesome resources for the zero-trust security model.
​CS 253 Web Security (2019) (Videos)
​vaulted - Spawning and storage of secure environments.
​Destructive Farm - Exploit farm for attack-defense CTF competitions.
​Panther - Cloud-native platform for detecting threats with log data, improving cloud security posture, and conducting investigations.
​bettercap - Swiss Army knife for 802.11, BLE and Ethernet networks reconnaissance and MITM attacks.
​security.txt - Proposed standard which allows websites to define security policies.
​lego - Let's Encrypt client and ACME library written in Go.
​Security Engineering - A Guide to Building Dependable Distributed Systems (HN)
​Michal Zalewski's security tools/articles​
​Smashing The Stack For Fun And Profit​
​CS 161: Computer Security (2020)​
​hashcat - World's fastest and most advanced password recovery utility.
​Awesome Object Capabilities and Capability-based Security​
​Brim - Open source desktop application for security and network specialists.
​testssl.sh - Command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as some cryptographic flaws.
​AFL++ - Fuzzing framework.
​Awake Security - Advanced Network Traffic Analysis Solution.
​A Defender’s Guide For Rootkit Detection: Episode 1 – Kernel Drivers (2020)​
​OpenSC - Open source smart card tools and middleware.
​Hacker tools on Go​
​Ask HN: Any good FOSS alternative to Google's reCAPTCHA? (2020)​
​SnapPass - Share passwords securely.
​yubikey-agent - Seamless ssh-agent for YubiKeys. (HN)
​Resources for Beginner Bug Bounty Hunters​
​Web Security Basics​
​A Guide to Threat Modelling for Developers (2020)​
​The SSO Wall of Shame - List of vendors that treat single sign-on as a luxury feature, not a core security requirement.
​Black Hat Go book (Code)
​How to Become a Hacker (2020) (HN) (Lobsters)
​Web Security 101: Cross-Site Scripting (XSS) Attacks​
​Ask HN: How does your company manage its encryption keys? (2020)​
​Password Manager Resources - Place for creators of password managers to collaborate on resources to make password management better for everyone.
​A Well-Known URL for Changing Passwords (Code)
​Learn Security Engineering​
​Zebra Crossing: an easy-to-use digital safety checklist​
​Best practices for managing & storing secrets like API keys and other credentials (2020) (Reddit) (HN)
​gopass - Password manager for the command line written in Go.
​Rosetta - Simple, scriptable file encryption tool.
​Mozilla SSL Configuration Generator (Code)
​OWASP Amass - In-depth Attack Surface Mapping and Asset Discovery.
​tl;dr sec Newsletter​
​Flipper Zero - Tamagochi for Hackers. (HN)
​Security@ Conference​
​I'm Open Sourcing the Have I Been Pwned Code Base (2020) (HN)
Tailwind CSS
Cryptography
Last updated 5 days ago