useful-links.md

Summary

Curated list of security links that can be useful

Security Links

All in one

---

• whitebox pentesting tech techniques

AWS

---

• AWS Misconfigurations
• Security best practices in IAM
• Common Security Vulnerabilities in Core AWS Services: Exploitation and Mitigation

Bruteforce

---

• Brutus bruteforce lists

Cookies

---

• Stealing HttpOnly cookies with the cookie sandwich technique

Cheatsheets

---

• (2023 EDITION) Cross-site scripting (XSS) cheat sheet
• Awesome Redteam cheatsheet
• Thick client with GUI hacking
• PrivEsc in Windows
• Oauth cheatsheet
• BurpSuite

Cloud

---

• SLSA is a set of standards and technical controls you can adopt to improve artifact integrity

DevSecOps

---

• DevSecOps playbook
• SAST in Secure SDLC: 3 reasons to integrate it in a DevSecOps pipeline
• DevSecOps - develop with security team(s)

Docker

---

• Build, sign, and compute the SBOM of a container image
• Dockerfile Security Best Practices with Semgrep

DOM

---

• DOM invader - burpsuite

GraphQL

---

• GraphQL exploitation – All you need to know

Hashing / Encrypting

---

• What We Do in the /etc/shadow – Cryptography with Passwords

iOS/macOS

---

• Awesome iOS Security
• How to reverse and patch iOS application
• macos-ios-security-research

Kubernetes

---

• Kubernetes basics
• Kubernetes Hardening Guidance

Metasploit

---

• Vulnerability scanning with metasploit

Oauth

---

• Oauth mindmap
• Account hijacking using "dirty dancing" in sign-in OAuth-flows

Pentesting

---

• Owasp top 10 testing API security

STRIDE

---

• STRIDE vs ASVS

Supply chain

---

• Securing the Supply Chain of Nothing

Time Attacks

---

• Fun with Timing Attacks

Threat modelling

---

• Awesome threat modeling
• Applying Systemic Threat Modelling to a Complex System
• Threat modeling - Google Cloud Storage, good examples

WebSec

---

• Awesome browser security
• Here are a couple things I always check when looking at a web application

Windows

---

• Pass-the-Challenge: Defeating Windows Defender Credential Guard
• Windows-Privilege-Escalation