Blogs, cybersecurity news sites, and resources I come across #

Pentesting #

• https://github.com/TCM-Course-Resources/Practical-Ethical-Hacking-Resources
• pentestmonkey
  • pentestmonkey: reverse shell cheat sheet
• https://tryhackme.com/
• https://www.hackthebox.com/
• https://www.offensive-security.com/

Writing a report #

• https://github.com/hmaverickadams/TCM-Security-Sample-Pentest-Report
• Tool, pckg to install https://github.com/blacklanternsecurity/writehat

Containers #

• https://github.com/krol3/container-security-checklist

News sites #

• https://thehackernews.com
• https://thehackernews.com/
• https://www.theregister.com/
• https://www.schneier.com/
• https://www.bleepingcomputer.com
• https://nakedsecurity.sophos.com/
• https://gru.gq/
• https://risky.biz/

OSINT Search Engines #

• Shodan search engine

Github projects #

• Password audit, brute force crack of authentication systems: https://github.com/vanhauser-thc/thc-hydra
  • https://kalilinuxtutorials.com/thc-hydra/

Certifications #

• EC Council

Cybersecurity Search Engines #

Daniel Kelly, 22 Aug 2023, LinkedIn

1. DeHashed—View leaked credentials.
2. SecurityTrails—Extensive DNS data.
3. DorkSearch—Really fast Google dorking.
4. ExploitDB—Archive of various exploits.
5. ZoomEye—Gather information about targets.
6. Pulsedive—Search for threat intelligence.
7. GrayHatWarfare—Search public S3 buckets.
8. PolySwarm—Scan files and URLs for threats.
9. Fofa—Search for various threat intelligence.
10. LeakIX—Search publicly indexed information.
11. DNSDumpster—Search for DNS records quickly.
12. FullHunt—Search and discovery attack surfaces.
13. AlienVault—Extensive threat intelligence feed.
14. ONYPHE—Collects cyber-threat intelligence data.
15. Grep App—Search across a half million git repos.
16. URL Scan—Free service to scan and analyse websites.
17. Vulners—Search vulnerabilities in a large database.
18. WayBackMachine—View content from deleted websites.
19. Shodan—Search for devices connected to the internet.
20. Netlas—Search and monitor internet connected assets.
21. CRT sh—Search for certs that have been logged by CT.
22. Wigle—Database of wireless networks, with statistics.
23. PublicWWW—Marketing and affiliate marketing research.
24. Binary Edge—Scans the internet for threat intelligence.
25. GreyNoise—Search for devices connected to the internet.
26. Hunter—Search for email addresses belonging to a website.
27. Censys—Assessing attack surface for internet connected devices.
28. IntelligenceX—Search Tor, I2P, data leaks, domains, and emails.
29. Packet Storm Security—Browse latest vulnerabilities and exploits.
30. SearchCode—Search 75 billion lines of code from 40 million projects

Bug Bounty #

How I’d Get Into Bug Bounty Hunting: A Practical Guide #

Daniel Kelly, Apr 22, 2023 Daniel Kelly

Podcasts I come across #

Security, Cybersecurity #

• Darknet Diaries https://darknetdiaries.com/
• Defensive Security https://defensivesecurity.org/
• Open Source Security https://opensourcesecurity.io/category/podcast/, RSS, Spotify, iTunes
• Smashing Security RSS, Graham Cluley, Spotify, Apple Podcast, Google Podcast

DevOps, DevSecOps #

• Change Log https://changelog.com/podcasts

Cybersecurity Tabletop Exercise #

Here’s a useful resource on #cybersecurity #tabletop exercises. Something that should be done regularly in companies. Thank you @LisaForteUK et al. https://red-goat.com/cybersecurity-tabletop-exercise/

USENIX Security ‘23 Call for Papers Upcoming deadlines: Winter Deadline — Refereed paper submissions due: Tuesday, February 7, 2023, 11:59 pm AoE Summer Deadline — Refereed paper submissions due: Tuesday, June 7, 2022, 11:59 pm AoE . #academia #cfp #security #cybersecurity #usablesecurity https://www.usenix.org/conference/usenixsecurity23/call-for-papers

PCI DSS v4.0 & Passwords #

Several years of research have shown that frequent password rest cycles hurt the user, and the security of the password 1,2. Users tend to slightly modify the password rather than coming up with a new password. For example, changing MyPassword^ to MyPassword1^.

In addition, best practices suggest users have a minimum of 12 characters, mix alphanumeric and special symbols. Imagine applying this rule to each of our accounts, since passwords shouldn’t be reused. Most users do not store their password in a password manager, making these recommendations a burden and a challenge for people.

A great initiative by the EU: reparability scores. This will help consumers choose more sustainable products. Europeans will be able to identify which products are the most durable and repairable on the market. “Consumers should have trustworthy and comparable information to identify the most durable and repairable products on the market.” #eugreendeal #jrcimpact #technology #repairability #réparabilité #reparability https://joint-research-centre.ec.europa.eu/jrc-news/helping-consumers-choose-more-sustainable-products-2022-07-26_en

Usable Security and Privacy #

This post provides an overview of the relevance of usable security. I address two questions: what is usable security? And how is usable security relevant for practitioners?

I am very passionate about human computer interaction (HCI) and cybersecurity. Thus, I decided to write this blog on a topic which is often overlooked by the cybersecurity community.

Introduction #

This tutorial will show you how to create a simple theme in Hugo. I assume that you are familiar with HTML, the bash command line, and that you are comfortable using Markdown to format content. I’ll explain how Hugo uses templates and how you can organize your templates to create a theme. I won’t cover using CSS to style your theme.

We’ll start with creating a new site with a very basic template. Then we’ll add in a few pages and posts. With small variations on that, you will be able to create many different types of web sites.