#Sections
- TLS
- Githubz (assorted)
- Offensive
- Crypto
- Tor
- Passwords
- iOS & OS X
- General
- Snowden Docs
- Vulnerable VMs
- Raspberry Pi
- Browser Plugins
- Hosting, DNS & Certs
- x0Twitter
- Defensive
- usbArmory
- RFC 7568 - Deprecating SSLv3.0 🎉
- HTTPS Watch "tracks the HTTPS support of prominent websites"
- HTTPS in .Gov
- Summarizing Known Attacks on TLS & DTLS [RFC] Feb 2015
- CVE-2014-0160 Heartbleed Online Scanner [go]
- CVE-2014-0160 HeartLeak Offensive [python] scanner script
- Logjam Attack DH downgrade to export & attack against 512-bit DH
- State Machine AttaCKs FREAK & SKIP-TLS
- Password recovery in RC4
- Mozilla ssl/tls config generator [apache, nginx, haproxy]
- HSTS - HTTP Strict Transport Security forces use of HTTPS [apache, nginx, lighttpd] RFC
- HPKP - HTTP Public Key Pinning [apache, nginx, lighttpd] major caveats atm RFC DRAFT exp april '15
- DaneTLS - intro
- OpenSSL cipher cyntax explains cipher syntax
- SSLTools.net Various TLS/SSL scanners/ docs
- Fingerprint SSL/TLS servers [GLSL]
- Optimizing TLS for High–Bandwidth App on BSD for BSD by Netflix
- Check cert CRL & OSCP status
Githubz (assorted)
Student Developer Pack lots of free shit $100 digital ocean credit
- Kippo SSH Honeypot
- Pipal - password analyser [ruby]
- Portalsmash "connect to open WiFi and click through "captive portal"-type agreements" [ruby]
- Python-twitter "A Python wrapper around the Twitter API" [python]
- Pyscrypt "Pure-Python implementation of Scrypt PBKDF and scrypt file format library"
- Mail-in-a-box "a one-click, easy-to-deploy SMTP+everything else server: a mail server in a box"
- snoopy-ng "modular digital terrestrial tracking framework" [python]
- MotionCAPTCHA "stop spam, draw shapes" demo [javascript]
- swatd "run a script when police raid your house (or your computer is stolen)" [c]
- packer "tool for creating identical machine images for multiple platforms from a single source configuration" [go]
- The Update Framework "plug-and-play library for securing a software updater"
- MalwareClassifier identify malware based on network captures
- RFID/NFC lib & tools [python]
- One Time Secret "one-time secret is a link that can be viewed only one time. A single-use URL."
- Transparency Toolkit [OSINT] scrapers, linkedin, etc
- Fake data generator [python]
- Streisand [python] "Single command sets up a new server running a variety of anti-censorship software"
- GitHarvester [OSINT] harvest website config info
- Docker yubikey validation server 'Dockerized stack of Yubico yubikey-ksm and yubikey-val'
- mimikatz "known to extract plaintexts passwords, hash, PIN code and kerberos tickets from memory{windows}"
- MITMf MITM framework [python]
- Logkext OS X key logger
- Offensive Python
- The Browser Exploitation Framework (BeEF) "penetration testing tool that focuses on the web browser"
- KeySweeper "functioning USB wall charger, wirelessly and passively sniffs & decrypts all keystrokes from any Microsoft wireless keyboard"
- Kali linux net hunter "open Source Android penetration testing platform for Nexus devices"
- BadUSB firmware attack blackhat vid
- Automated Cisco SNMP attacks NCC
- peCloak.py AV Evasion [python]
- Linux Post Exploitation Commands
- OS Command Injection and Exploitation Tool [python]
- Reverse Engineering for Beginners free book [pdf
- Default Creds search for device defaults
- DNS rebinding: stealing WiFi passwords blog post
- Bettercap MITM Framework "A complete, modular, portable and easily extensible MITM framework."
- WPA2-HalfHandshake-Crack [python] "POC to show it is possible to capture enough of a handshake from a fake AP to crack a WPA2 network without knowing the passphrase of the actual AP"
- Better Crypto.org
- 'applied crypto hardening' !!DRAFT!! "This guide arose out of the need for system administrators to have an updated, solid, well researched and thought-through guide for configuring SSL, PGP, SSH and other cryptographic tools in the post-Snowden age"
- 52 things people should know to do cryptography bristol uni cs dept
- Cryptool "e-learning platform for cryptography and cryptanalysis"
- Nitrokey hardware token + more [beta] [open source]
- Matthew Green (twitter) crypto prof
- Adam Langley aka ImperialViolet google chrome security engineer
- Schneier on security cryptographer blowfish twofish
- NaCl: Networking and Cryptography library "easy-to-use high-speed software library for network communication, encryption, decryption, signatures, etc. NaCl's goal is to provide all of the core operations needed to build higher-level cryptographic tools"
- OpenSSL
- PGP
- Subkeys
- GPGTools OS X Beta 4
- GPG4Win 'Kleopatra'
- Post PGP-signed content without account
- Operational PGP the grugq guide
- Surveillance Self-Defense how to use pgp, otr something for everyone "Tips, Tools and How-tos for Safer Online Communications"
- Secure Messaging Scorecard "many companies offer “secure messaging” products—but are these systems actually secure"
- 'Furtive Encryption: Power, Trust, and the Constitutional Cost of Collective Surveillance' JEFFREY VAGLE Stanford
- nsa cryptanalysis classification guide [sept 2005] [pdf] [!]
- backdoored rsa key generation fork in c# + writeup [python]
- safeCurves "choosing safe curves for elliptic-curve cryptography" shmoocon '14
- nadia heninger public key lecture | part 2
- 'Detection of Widespread Weak Keys in Network Devices' [july 2012][pdf]
- list of libs, progs & langs that support AES-NI advanced encryption standard new instructions
- cryptsetup patch adds option to nuke all keys given certain passphrase
- /dev/urandom Myths
- The Linux RNG how /dev/(u)random works
- Secure Secure Shell hardening OpenSSH
- Crypto 101 video pdf (pre-release)
- Entropy and random number generators in Linux
- linux kernel random.c
- A Comprehensive SSH Key Primer
- The SHAppening: freestart collisions for SHA-1 pdf What is a “freestart collision”?
- Dual EC: A Standardized Back Door pdf from projectbullrun.org
- Cryptology pointers collection of over 7k crypto links
- Differential Cryptanalysis for Dummies IOActive Blog
- Kompromat Collection of private keys or their parameters for auditing purposes.
- Crypto Fails 'Showcasing bad cryptography.'
- Debian repos
- Atlas info about running relays
- Globe relay and bridge explorer
-
Cracking
- unhash passphrase & default password cracking tools 31c3 vid
- crackstation.net online cracker & good code/ advice wordlists
-
zxcvbn "a realistic password strength estimator" blog [coffee/javascript]
-
(davegrohl) OS X Password cracker davegrohl.org [C++]
-
cracking on AWS guide
-
Cracking Ubuntu Home directory aug 2015
- ios security white paper oct '14 official [october 2014]
- 'A Survey of iOS Authentication Methods'
- OSXAuditor - OS X forensics tool
- patch userland binaries for persistance os x mach-o shmoocon talk blog data exfiltration from ios via siri
- santa os x "a binary whitelisting/blacklisting system for mac OS X " [obj-c]
- signal-ios "free, world-wide, private messaging and phone calls for iPhone" [c/obj-c]
- apple watch font os x "replace helvetica neue on 10.10 with San Francisco – the Watch font"
- macOps "utilities, tools & scripts for managing & tracking a fleet of macs in corporate environment" from google [python]
- Thunderstrike "Apple EFI firmware security vulnerability that allows a malicious Thunderbolt device to flash untrusted code to the boot ROM"
- Taking apart iOS OTA Updates
- Writing malware for OSX [pdf] slides from Infiltrate 2015
- Getting started iOS hacking by winocm
- iOS Apps Caught Using Private APIs updated Oct 2015
- iOS App Reverse Engineering free book pdf
- Little Snitch to prevent internet access without VPN
- Pay Stuff "things for analysing applepay, tweaks used for logging the various daemons used"
- Ars explains USB 3.1 and Type-Crevsible connectors from ces 2015 type c spec
- Clam AV open source av engine [linux, win, os x, bsd] download
- Transmission bittorrent client ultra low footprint, only dls [os x, linux, embedded, nas]
- 'Committee Study of the Central Intelligence Agency's Detention and Interrogation Program' 'CIA torture report' [dec 2014] [pdf]
- 'epository of academic computer science papers'
- debian 'linux kernal headers' vmware tools' fix
- Free programming books github list
- Understanding glibc malloc
- Sniffing GSM w/ HackRF [guide]
- Spiegel
- article index list of all spiegel nsa/ gchq articles
- Attacks on VPN, SSL, TLS, SSH, Tor index of pdfs
- Abbreviations Explained
- 'Inside the NSA's War on Internet Security' article
- ALCU nsa archive searchable
- Citizenfour torrent iso hunt magnet
- PRISM (TEMPORA)
- original guardian article [prism] [june 2013]
- 'the' prism slides [prism] [pdf]
- 'gchq mastering the internet' guardian article [tempora]
- 'GCHQ taps fibre-optic cables' guardian article [tempora]
- capabilities of [tempora] [pdf]
- skype stored data collection [prism] [pdf]
- MS skydrive collection [prism] [pdf]
- outlook.com chat collection [prism] [pdf]
- skype collection guide [prism] [pdf]
- BULLRUN (EDGEHILL)
- 'Revealed: how US and UK spy agencies defeat internet privacy and security' guardian article
- gchq guide to [pdf]
- gchq intro slides [pdf]
- gchq tls trends tls research [approx mid 2012] [pdf]
- gchq mass ssl/tls intercept/decrypt experiment [late 2011 & earlier] [pdf]
- nsa cryptanalysis classification guide #1 [sept 2005] [pdf]
- nsa cryptanalysis classification guide #2 [june 2010] [pdf]
- 'failed' otr intercept nsa multi user chatroom doc shows a participant using otr which nsa doesnt have decrpt for [pdf]
- 'faild' pgp intercept nsa exchange between two @yahoo addresses using pgp which nsa doesnt have decrpt for [pdf]
- OPERATION SOCIALIST
- Malware in EU Attack linked to GCHQ & NSA the intercept brief analysis of sample
- 'Operation Socialist' intercept feature article
- gchq automating noc detection [pdf]
- gchq making sense of the encryption problem [pdf]
- gchq nac review april-june 2011 [pdf] evidence of gchq inside belgacom
- gchq nac review jan-march 2012 [pdf]
- Vulerable by Design blog list assorted
- n00bs CTF Labs by Infosec Institute need to 'sign up'
- HTTPS Everywhere if site suppoerts https forces its use [firefox, chrome, opera, android]
- Privacy Badger "stops advertisers and other third-party trackers from secretly tracking where you go and what pages you look at" [chrome, firefox]
- TrackerSSL tells you which ads are served over ssl/tls & which arent
- uBlock lightweight adblocker [chrome, safari, firefox]
- Digital Ocean ssd backed vps pricing [host]
- Gandi.net "no bullshit" [host, dns, certs]
- StartSSL startcom CA free class 1 certs & s/mime [certs, dns]
- Let's Encrypt Free, automated, open source CA [certs]
- Brilliant ads
- BBC Monitoring unofficial 'weird' category
- NatlSecurityArchive "uses FOIA to publish declassified documents" US
- The OSINT by Frederick Jacobs"open-Source Intelligence geopolitics, human rights ,counter-terrorism"
- YOLO Crypto
- bellingcat next level osint [proved russia shot down mh17 with a buk..]
- Today In Infosec
- Spy Blog "Privacy, Security & Anonymity under the UK Surveillance Database State"
- SCRIPT Centre "law and technology research centre" @ edinburgh uni
- HOW-TO: grsec-patched Linux kernel for Debian 8 on DigitalOcean
- Chrome privacy and security settings [Chrome]
- Privacy & Security Conscious Browsing
- Hardening Firefox for Privacy [Firefox]
- Firefox-debloat [Firefox] 'Stop Firefox leaking data about you'
- Better security, privacy and anonymity in Firefox [Firefox]
- Android wireless karma attack detector [java]
- Linux workstation security checklist
- COMSEC [pdf] the grugq
- Windows 10 DNS Leaks like a bucket
- Windows 10 Privacy fixes easy to follow short guide
- GPG / Mutt / Gmail Ben Nagy short guide
- Hardening CentOS 7
- Portspoof [c++] 'Effective defense against port scanners'
- TLSDate "sets the local clock by securely connecting with TLS to remote servers and extracting the remote time out of the secure handshake"
- Twitter DM + OTR A quick and dirty tutorial
- armory-pass [python, js] chrome 'Password manager for USB Armory'