click to collapse
this one starts expanded because of the "open"
Canvas Installing Zoom on Linux Installing Slack on Linux
-
Bounty Hunting Programs
-
Daily Resources, Keeping Up with Cyber
- Great Daily News Source All Infosec News
- Bleeping Computer
- ARS Technica
- This Week in Tech TWIT
- Security Now TWIT
- True stories from the dark side of the internetDarknet Diaries
- Qualys Security BLOG *
- 0xffsec Handbook - The Pentester's Guide
- The dark side of Microsoft Remote Procedure Call protocols MSRPC Attacks
- Hacker News
- The Hacker News
- CyberNews
- NBC Cyber Security
- The Independent Cyber News
- Qualys Channel on BrightTalk
- (CIS) Center for Internet Security - The latest information on known vulnerabilities in popular software and systems.
-
Security Control Frameworks
- Center for Internet Security (CIS) - Benchmarks provides OS, application, and hardware security configuration guides.
- ISACA - COBIT is used not only to plan the IT security of an organization but also as a guideline for auditors. COBIT is a widely recognized and respected security control framework.
- NIST 800-53 Rev. 5, “Security and Privacy Controls for Information Systems and Organizations” contains U.S. government–sourced general recommendations for organizational security.
- NIST Risk Management Framework (RMF) establishes mandatory requirements for federal agencies. The RMF has six phases: Categorize, Select, Implement, Assess, Authorize, and Monitor.
- NIST Cybersecurity Framework (CSF) is designed for critical infrastructure and commercial organizations and consists of five functions: Identify, Protect, Detect, Respond, and Recover. It is a prescription of operational activities that are to be performed on an ongoing basis for the support and improvement of security over time.
- International Organization for Standardization (ISO)/ International Electrotechnical Commission (IEC) 27000 family group is an international standard that can be the basis of implementing organizational security and related management practices.
- Information Technology Infrastructure Library (ITIL), initially crafted by the British government, is a set of recommended best practices for optimization of IT services to support business growth, transformation, and change. ITIL focuses on understanding how IT and security need to be integrated with and aligned to the objectives of an organization. ITIL and operational processes and is often used as a starting point for the crafting of a customized IT security solution within an established infrastructure.
-
Certifications & Technical
- Cybersecurity Training, Degrees & Resourcessans.org
- Offensive Security Certified Professional[Wikipedia]https://en.wikipedia.org/wiki/Offensive_Security_Certified_Professional)
- Bachelor's Degree in Cyber Intelligence and Security | Embry-Riddle Aeronautical University erau.edu
- CISSP Certification
- Luke Ahmed's Study Notes and Theory
- CISSP Study Notes and Theory (Videos)
- Larry Greenblatt - CISSP Training
- BrightTalk Channels
-
Hacking & Penetration Testing Tools
-
Honeypots & Tarpits
- What is a Honepot? imperva
- What is a honeypot and how does it work? norton
- What is a honeypot? TechTarget
- Honeypots Bing
- Tar Pits Bing
-
Other Resources
- hak5 usb-rubber-ducky
- Atom Computing is the first to announce a 1,000+ qubit quantum computer Ars Technica
- ChatGPT
- Udemy
- Solidity
- ethereum contracts Bing
- denial and deception Bing
- dread forum Bing
- Remove your Private Information from the Internet deleteme.com
-
News
- Breaking the Phishing Chain: A Whiteboard Session on Effective Security Tactics
- FBI Quarterly: Cryptocurrency Confidence Scams – Are you a victim ?
- Octo Tempest crosses boundaries to facilitate extortion, encryption, and destruction
- Pwn2Own Automotive: $1.3M for 49 zero-days, Tesla Hacked Twice
- Microsoft Ignite - New Era Threat Actor: A Year Battling Octo Tempest | BRK266
- What is generative AI and how does it work? – The Turing Lectures with Mirella Lapata
- What's the future for generative AI? - The Turing Lectures with Mike Wooldridge
- Michio Kaku | Quantum Supremacy | Talks at Google
-
People
- katie nicole red canary technologiesBing
- robert lee securityBing
- Podcast: Know Your Adversaries and Where They Trade, To Stop Cyber Attacks
- Books and Resources
- Building a Cyber Risk Management Program, Author Brian Allen, Brandon Bapst, Terry Allan Hicks
- CASP - Preparing for Governance, Risk, and Compliance Domain, Author Dean Bushmiller &Helaine Thornton
- Data Governance: The Definitive Guide, Author Evren Eryurek, Uri Gilad, Valliappa Lakshmanan, Anita Kibunguchy-Grant, Jessi Ashdown
- Enterprise Risk Management, 2nd Edition, Author John R. S. Fraser, Rob Quail, Betty Simkins
- Information Security Governance Simplified, Author Todd Fitzgerald, ISBN
- Cyber Underground Handbook: Outsmart Cybercriminals - Intel471
- Online Resources
- Cyber Kill Chain & Threat Intelligence
- Risk Management
- Threat Modeling
- OWASP Threat Dragon
- CSF Tools - STRIDE-LM Threat Model
-
S.T.R.I.D.E. Model (click to expand)
When attempting to inventory and categorize threats, using a guide or reference is often helpful. Microsoft developed a threat categorization scheme known as the STRIDE threat model. STRIDE is an acronym standing for the following:
-
Spoofing: An attack to gain access to a target system through a falsified identity. When attackers spoof their identity as a valid or authorized entity, they can bypass filters and blockades against unauthorized access.
-
Tampering: Any action resulting in unauthorized changes or data manipulation, whether in transit or storage. Repudiation: The ability of a user or attacker to deny having performed an action or activity by maintaining plausible deniability. Repudiation attacks can also result in innocent third parties being blamed for security violations.
-
Information disclosure: The revelation or distribution of private, confidential, or controlled information to external or unauthorized entities.
-
Denial of service (DoS): An attack that attempts to prevent authorized resource use. This can be done through flaw exploitation, connection overloading, or traffic flooding.
-
Elevation of privilege: An attack where a limited user account is transformed into an account with greater privileges, powers, and access.
-
-
- Linux Distributions
- Guacamole Setup
- 2FAS - the Internet's favorite open-source authenticator 2fas
- Guacamole Web VM: Portal
- Guacamole Web VM - Control Panel: Control Panel
- Bash, Kernel, & Terminals
- Linux Boot Process: Neosmart
- The Linux Booting Process - 6 Steps Described in Detail: Freecode Camp
- What Is the Bash Shell, and Why Is It So Important to Linux?: HowtoGeek
- What Is VDI and How Does It Work?
- CyberArk Library for Administrators
- CyberArk Security Fundamentals
- Microsoft Defender for Linux
- Security+ Boot Process
- Learning & Resources
- How Does Kerberos Work? The Authentication Protocol Explained - freecodecamp.com
- NTLM Overview - Microsoft Learning
- NTLM Explained: Definition, Protocols & More - by Crowdstrike
- Pass the Hash - Wikipedia
- Windows Hello
- Building Microservices - O'Reilly Online Learning
- How to Build Docker Images with Dockerfile
- Monolith to Microservices - O'Reilly Online Learning
- How To Set Up Ansible Inventories
- Edge Setup
- Manage Profiles Profiles
- Cloud Security
- Resources
- Microsoft Edge AddOn: Cookie-Editor
- edge://extensions/?id=neaplmfkghagebokkhpjpoebhdledlfi
- Crowdstrike Global Threat Report
- Known Exploited Vulnerabilities Catalog
- Free Student Services
- [Azure for Students](https://azure.microsoft.com/en-us/free/students/
- [AWS Educate](https://aws.amazon.com/education/awseducate/
- Videos
- Resources
- Mitre - Att&ck
- Common Attack Pattern Enumeration and Classification
- Mitre - Common Weakness Enumeration
- Know-b-4 Security Tools
- AttackIQ
- SafeBreach
- How to Create Sites in Burp Suite Enterprise Edition
- How to Create Scans in Burp Suite Enterprise Edition
- Install Burp Suite Enterprise Edition Using Default Settings
- How to Integrate Burp Suite Enterprise Edition with your CI/CD Workflow
- Vulnerability Management
- Qualys - Deploying Cloud Agents for VMDR
-
Security+ Resources
-
CISSP Resources
- Encore - Introduction to Global Espionage & Intelligence Services- Part 1: US Intelligence
- FBI Quarterly: Cryptocurrency Confidence Scams – Are you a victim ?
- Alternate Identities and Personas
- DarkNets.org
- Indexes
- TorProject.org
- Research
- Dark.fail
- DREAD Dark Search Use in TOR only
- Leakix
- Tor.link
- SecOps Institute
- Tools