An Information Security Reference That Doesn't Suck
- Be an awesome Information Security Reference
- List of techinques, tools and tactics to learn from/reference.
- Something like a "Yellow Pages" in the sense of you know something exists, but what was it called....
- End goal: Rich resource of infosec knowledge for anyone to browse through as a jumping off point for various niches OR as a reference/recall method for stuff.
- 'if you give a man a fish he is hungry again in an hour. If you teach him to catch a fish you do him a good turn.'
- Something oppposite to the MITRE ATT&CK Framework (eventually; As in, "I want to do priv esc on OS X/windows/linux, what methods are there?" or, "I need to do X under Y situation". Focus is on attacks and how they're done vs how attacks are done with a focus on defense.
- Always accepting more links/stuff. Feel free to contribue or suggest something.
- No idea. I do this as a resource for myself(to teach others from) and offer it publicly as a way of giving back to the general community.
- To be clear, these aren't personal notes. I keep this repo maintained as a way of having pointers to information that I feel help build someone's skillset or increase understanding of attacks/methods/defenses.
- Don't have to constantly google for tools/reminder.
- Easily browsable list of tools, techniques, papers, and research in all sorts of areas.
- Want to read some good info.
- This page is terrible on mobile. Use https://rmusser.net/docs for better mobile formatting.
- At some point I will sort the sections into a grid alphabetically.
- For latest content updates, check here: Things added since last update
- This will have all links added to the other pages sorted according to topic, making it easier to see new stuff.
- All links on this page should work. Last tested 11/26
- Contributions are welcome, format is pretty simple/easy to pick up, add anything not already in it that fits.
Windows
- Windows Collection
- Windows Command and Control
- Windows Credential Access
- Windows Defense Evasion
- Windows Discovery
- Windows Execution
- Windows Exfiltration
- Windows Lateral Movement
- Windows Persistence
- Windows Privilege Escalation
Linux
- Linux Collection
- Linux Command and Control
- Linux Credential Access
- Linux Defense Evasion
- Linux Discovery
- Linux Execution
- Linux Exfiltration
- Linux Lateral Movement
- Linux Persistence
- Linux Privilege Escalation
Mac/OS X
- [OS X Collection]
- [OS X Command and Control]
- [OS X Credential Access]
- [OS X Defense Evasion]
- [OS X Discovery]
- [OS X Execution]
- [OS X Exfiltration]
- [OS X Lateral Movement]
- [OS X Persistence]
- [OS X Privilege Escalation]
- Anonymity/OpSec/Privacy
- Basic Security Information
- BIOS/UEFI/Firmware Attacks/Defense
- Building a PenTest Lab
- Car hacking
- Cheat Sheets
- CTFs & Wargames
- Conferences/Recordings
- Counter Surveillance
- Courses & Training
- Cryptography & Encryption
- CryptoCurrencies
- Darknets
- Data Anaylsis & Visualization
- Disclosure
- Disinformation
- Documentation & Reporting
- Embedded Device Security
- Exfiltration
- Exploit Development
- Forensics & Incident Response
- Fuzzing & Bug Hunting
- Gamma Group Hack Writeup
- Hacking Team Writeup
- Home Security
- Honeypots
- Interesting Things & Useful Information
- Malware
- Network Attacks & Defense
- Network Security Monitoring & Logging
- Open Source Intelligence Gathering - OSINT
- Opsec Rant #1 - alpraking
- Opsec rant #2 - nachash
- Passwords
- Phishing
- Physical Security
- Privilege Escalation and Post-Exploitation
- Programming Stuff
- Red Teaming
- Reverse Engineering
- REMATH Reverse Engineering
- Rootkits
- Social Engineering
- System Internals (Linux/Windows) - NOT THE TOOLSET
- Threat Modeling
- Threat Hunting
- UI/UX Design
- Web
- Wireless Networks and RF Devices
- Insurance Data Security Model Law |
- NIST Cyber Security Framework 02/12/2014 |
- PCI-DSS V3.2|