├── CNAME ├── _config.yml ├── docs ├── logo.png └── README.md ├── favicon.ico ├── explore ├── ai for cyber.md ├── career.md ├── starter-pack.md ├── video.md ├── README.md ├── conf_pod.md └── books.md ├── infosec ├── README.md ├── BlueTeam │ ├── Random Scripts │ │ ├── hunt_log4j.py │ │ └── checkbase64.py │ └── README.md ├── RedTeam │ ├── bug_bounty.md │ ├── graphql.md │ └── README.md └── PurpleTeam │ └── README.md ├── .github └── workflows │ ├── ISSUE_TEMPLATE │ ├── bug.md │ ├── documentation.md │ └── feature_request.md │ └── greetings.yml ├── LICENSE ├── CONTRIBUTING.md ├── README.md ├── privacy ├── README.md ├── toolkits.md └── guide-art.md └── CODE_OF_CONDUCT.md /CNAME: -------------------------------------------------------------------------------- 1 | rajappan.kaiiyer.co 2 | -------------------------------------------------------------------------------- /_config.yml: -------------------------------------------------------------------------------- 1 | theme: jekyll-theme-cayman 2 | markdown: kramdown 3 | -------------------------------------------------------------------------------- /docs/logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kaiiyer/rajappan/HEAD/docs/logo.png -------------------------------------------------------------------------------- /favicon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/kaiiyer/rajappan/HEAD/favicon.ico -------------------------------------------------------------------------------- /explore/ai for cyber.md: -------------------------------------------------------------------------------- 1 | AI for Cyber 2 | 3 | - [MLOps guide](https://huyenchip.com/mlops): A collection of materials from introductory to advanced. 4 | -------------------------------------------------------------------------------- /infosec/README.md: -------------------------------------------------------------------------------- 1 | # Infosec Resources for Red/Blue/Purple Teams 2 | 3 | --> [**Red Team**](RedTeam) 4 | 5 | --> [**Blue Team**](BlueTeam) 6 | 7 | --> [**Purple Team**](PurpleTeam) 8 | 9 | 10 | -------------------------------------------------------------------------------- /.github/workflows/ISSUE_TEMPLATE/bug.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: 🐛 Bug Report 3 | about: Submit a bug report to help us improve 4 | labels: "bug" 5 | --- 6 | 7 | ## 🐛 Bug Report 8 | 9 | (A clear and concise description of what the bug is.) 10 | 11 | Write your answer here... 12 | 13 | (How you can solve it?) 14 | 15 | Write your answer here... -------------------------------------------------------------------------------- /.github/workflows/ISSUE_TEMPLATE/documentation.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: 📚 Documentation 3 | 4 | about: Submit a documentation issue to help us improve 5 | labels: "bug" 6 | --- 7 | 8 | ## 📚 Documentation 9 | 10 | (A clear and concise description of what the documentation issue is.) 11 | 12 | Write your answer here... 13 | 14 | (How you can solve it?) 15 | 16 | Write your answer here... -------------------------------------------------------------------------------- /.github/workflows/greetings.yml: -------------------------------------------------------------------------------- 1 | name: Greetings 2 | on: [pull_request, issues] 3 | 4 | jobs: 5 | greeting: 6 | runs-on: ubuntu-latest 7 | steps: 8 | - uses: actions/first-interaction@v1 9 | with: 10 | repo-token: ${{ secrets.GITHUB_TOKEN }} 11 | issue-message: 'Congratulations on your First Issue' 12 | pr-message: 'Congratulations on your First PR' 13 | -------------------------------------------------------------------------------- /.github/workflows/ISSUE_TEMPLATE/feature_request.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: 🚀 Feature 3 | about: Submit a proposal for a new feature 4 | labels: "feature" 5 | --- 6 | 7 | ## 🚀 Feature 8 | 9 | (A clear and concise description of what the feature is.) 10 | 11 | (Write your answer here.) 12 | 13 | ## Motivation 14 | 15 | (Please outline the motivation for the proposal.) 16 | 17 | ## Pitch 18 | 19 | (Please explain why this feature should be implemented and how it would be used.) 20 | -------------------------------------------------------------------------------- /infosec/BlueTeam/Random Scripts/hunt_log4j.py: -------------------------------------------------------------------------------- 1 | import sys, re 2 | import requests 3 | 4 | f = open('log.txt','r') 5 | text = f.read() 6 | ips = [] 7 | x = [] 8 | re_ip = re.findall(r"\b(?:\d{1,3}\.){3}\d{1,3}\b",text) 9 | re_port = re.findall(r"\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\:(\d+)",text) 10 | 11 | if re_ip is not None: 12 | for match in re_ip: 13 | if match not in ips: 14 | x = ips.append(match) 15 | print(match) 16 | 17 | 18 | if re_ip is not None: 19 | for match in re_port: 20 | if match not in ips: 21 | x = ips.append(match) 22 | print(match) 23 | -------------------------------------------------------------------------------- /explore/career.md: -------------------------------------------------------------------------------- 1 | ## Career in Cyber 2 | 3 | --- To be Updated --- 4 | 5 | - [SANS Cybersecurity Career](https://www.sans.org/cybertalent/cybersecurity-career/seekers) - SANS CyberTalent Immersion Academies are 100% scholarship-based and no cost to participants. Academies are offered throughout the year in a variety of learning formats 6 | 7 | - [CyberCareers.gov](https://www.cybercareers.gov/) - We worked closely with agencies and the cybersecurity communities to identify existing and forward-leaning strategies that will help the Federal Government build a cybersecurity workforce pipeline; and recruit, hire, develop, and retain top talent 8 | 9 | - [National Security Agency](https://www.intelligencecareers.gov/NSA/nsacyber.html) - The National Security Agency employs a wide variety of cyber professionals to help protect and defend U.S. government IT systems, and to help exploit the intelligence of adversaries 10 | 11 | --------- 12 | Thanks for Reading 13 | -------------------------------------------------------------------------------- /explore/starter-pack.md: -------------------------------------------------------------------------------- 1 | ## Starter Packs for Beginners 2 | 3 | - [How To Become A Hacker](http://www.catb.org/~esr/faqs/hacker-howto.html) How To Become A Hacker FAQ & Pointers by Eric Steven Raymond 4 | 5 | - [Should I Use Kali Linux?](https://www.kali.org/docs/introduction/should-i-use-kali-linux/) What’s Different About Kali Linux? Is Kali Linux Right For You? 6 | 7 | - [Learn how to hack](https://www.hackerone.com/blog/resources-for-new-hackers) Useful Online Resources for New Hackers from HackerOne 8 | 9 | - [Overthewire](https://overthewire.org/) The wargames offered by them can help you to learn and practice security concepts in the form of fun-filled games 10 | 11 | - [Cybrary](https://www.cybrary.it/) - The Cybersecurity and IT Career Development Platform 12 | 13 | - [Cyberdefenders.org](https://cyberdefenders.org/) - A free, gamified, and realistic way to learn cybersecurity, through a cloud-based cyber range 14 | 15 | --------- 16 | Thanks for Reading 17 | -------------------------------------------------------------------------------- /infosec/BlueTeam/Random Scripts/checkbase64.py: -------------------------------------------------------------------------------- 1 | # coding=utf8 2 | # https://regex101.com/r/lXFWqM/1 3 | 4 | import re 5 | 6 | regex = r"^(?:[A-Za-z0-9+\/]{4})*(?:[A-Za-z0-9+\/]{4}|[A-Za-z0-9+\/]{3}=|[A-Za-z0-9+\/]{2}={2})$" 7 | 8 | ''' 9 | test_str = ("ThisIsNotBase64Because/ItIsNotMod4\n" 10 | "ThisIsBase64Because/ItIsMod4\n" 11 | "aGVsbG8gd29ybGQ=\n" 12 | "ThisIsAlso/Base64+EvenWithPadding+==\n" 13 | "ThisIsNotBase64+Because-ThereIsADash\n" 14 | "YouGetTheIdea/==") 15 | ''' 16 | 17 | test_str1 = input("Enter something \n") 18 | 19 | matches = re.finditer(regex, test_str1, re.MULTILINE) 20 | 21 | for matchNum, match in enumerate(matches): 22 | 23 | print ("Match {matchNum} was found: {match}".format(matchNum = matchNum, match = match.group())) 24 | 25 | for groupNum in range(0, len(match.groups())): 26 | groupNum = groupNum + 1 27 | 28 | print ("Group {groupNum} found : {group}".format(groupNum = groupNum, group = match.group(groupNum))) 29 | -------------------------------------------------------------------------------- /explore/video.md: -------------------------------------------------------------------------------- 1 | ## YouTube Channels 2 | 3 | - [BlackHat](https://www.youtube.com/user/BlackHatOfficialYT/about) 4 | 5 | - [John Hammond](https://www.youtube.com/channel/UCVeW9qkBjo3zosnqUbG7CFw) 6 | 7 | - [Ippsec](https://www.youtube.com/channel/UCa6eh7gCkpPo5XXUDfygQQA) 8 | 9 | - [NullByte](https://www.youtube.com/channel/UCgTNupxATBfWmfehv21ym-g) 10 | 11 | - [HackerSploit](https://www.youtube.com/channel/UC0ZTPkdxlAKf-V33tqXwi3Q) 12 | 13 | - [LiveOverflow](https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w) 14 | 15 | - [HackerOne](https://www.youtube.com/channel/UCsgzmECky2Q9lQMWzDwMhYw) 16 | 17 | - [Bugcrowd ](https://www.youtube.com/channel/UCo1NHk_bgbAbDBc4JinrXww) 18 | 19 | - [Web Hacking 101](https://www.youtube.com/channel/UCS0y5e-AMsZO8GEFtKBAzkA) 20 | 21 | - [Bug Bounty Public Disclosure](https://www.youtube.com/channel/UCNRM4GH-SD85WCSqeSb4xUA) 22 | 23 | - [SANS Cloud Security](https://www.youtube.com/c/SANSCloudSecurity) 24 | 25 | 26 | --------- 27 | Thanks for Reading 28 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2020 Kai Iyer 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /explore/README.md: -------------------------------------------------------------------------------- 1 | # Explore 2 | 3 |
4 | Dive In 5 |
6 | 7 | --> [**Cyber Starter Pack**](starter-pack.md) 8 | 9 | --> [**Security Books**](books.md) 10 | 11 | --> [**Cyber Careers**](career.md) 12 | 13 | --> [**Security Conferences and Podcasts**](conf-pod.md) 14 | 15 | --> [**Youtube Channels**](video.md) 16 |
17 | 18 | 19 | Personal Favourites to stay updated (_I use feedly in Mobile to track em all_) 20 | 21 | - [Hackernoon](https://hackernoon.com/tagged/security) - HackerNoon reflects the technology industry with insightful, educational, and timely stories written by real tech professionals 22 | 23 | - [Packet Storm](https://packetstormsecurity.com/) - Information security website offering current and historical computer security tools, exploits, and security advisories 24 | 25 | - [Dark Reading](https://www.darkreading.com/) - Long one of the most widely read cybersecurity news sites, It is also the most trusted online community for security professionals 26 | 27 | - [Bleeping Computer](https://www.bleepingcomputer.com/) - A website covering technology news and offering free computer help via its forums 28 | 29 | --------- 30 | Thanks for Reading 31 | 32 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing to Rajappan 2 | 3 | We will be happy if you contribute to the project by: 4 | 5 | - Reporting a bug 6 | - Improving the UX/UI of the website 7 | - Submitting a fix 8 | - Proposing new features 9 | 10 | ## We Use [GitHub Flow](https://guides.github.com/introduction/flow/index.html) All Code Changes Through Pull Requests 11 | 12 | Pull requests are the best way to propose changes to the codebase (we use [Github Flow](https://guides.github.com/introduction/flow/index.html)). We actively welcome your pull requests: 13 | 14 | 1. Fork the repo and create your branch from `master`. 15 | 2. Write clear meaningful git commit messages. 16 | 3. Always create PR to `master` branch. 17 | 4. Make sure to review your code. 18 | 5. Issue that pull request! 19 | 20 | ## Any contributions you make will be under the MIT Software License 21 | 22 | In short, when you submit code changes, your submissions are understood to be under the same [MIT License](https://github.com/kaiiyer/rajappan/blob/master/LICENSE) that covers the project. Feel free to contact the maintainers if that's a concern. 23 | 24 | ## Report bugs using Github's [issues](https://github.com/kaiiyer/rajappan/issues) 25 | 26 | We use GitHub issues to track public bugs. Report a bug by [opening a new issue](https://github.com/kaiiyer/rajappan/issues/new). 27 | 28 | ## License 29 | 30 | By contributing, you agree that your contributions will be licensed under its [MIT License](https://github.com/kaiiyer/rajappan/blob/master/LICENSE). 31 | -------------------------------------------------------------------------------- /infosec/RedTeam/bug_bounty.md: -------------------------------------------------------------------------------- 1 | # Bug Bounty 2 | 3 | - [Bug Bounty Tips](https://www.infosecmatter.com/bug-bounty-tips-8-oct-14/) Bug Bounty Tips #8 4 | 5 | - [Bug Bounty Guide](https://blog.dunicot.com/getting-started-in-bug-bounty-hunting-complete-guide/) Complete guide for getting started in Bug-bounty hunting 6 | 7 | - [Bug Bounty Cheatsheet](https://docs.google.com/spreadsheets/u/0/d/1TxNrvaIMRS_dmupcwjwJmXtaFk_lPGE1LzgxPu_7KqA/htmlview#): All you need resource bundle for Bug Bounty Programs 8 | 9 | ## Blogs 10 | 11 | - [Bugcrowd](https://forum.bugcrowd.com/) Bugcrowd's community forum of researchers and white-hat hackers discussing information security and bug bounty programs 12 | - [Hackerone](https://www.hackerone.com/blog) Security blog from Hackerone. Hack for Good 13 | - [Bug Bounty POC](https://bugbountypoc.com/) - All Bug Bounty POC write ups by Security Researchers 14 | - [Bug Bounty Findings by Meals](https://seanmelia.wordpress.com/) The blog- 'Bug Bounty Findings by Meals' by Seanmelia 15 | - [NahamSec](https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters) A list of resources for those interested in getting started in bug bounties 16 | - [Bugbaba Blog](https://bugbaba.blogspot.com/) Discoveries and Writings of security vulnerabilities that Noman Shaikh have discovered 17 | - [BitQuark](https://bitquark.co.uk/blog/) Security and code discussion, with dissections of recent vulnerabilities discovered as part of vendor bug bounty programmes 18 | - [InfoSec WriteUps](https://medium.com/bugbountywriteup) A collection of awesome write-ups from best hackers in topics ranging from bug bounties, CTFs, vulnhub machines, hardware challenges, real-life encounters and everything else which can help other enthusiasts to learn 19 | -------------------------------------------------------------------------------- /infosec/PurpleTeam/README.md: -------------------------------------------------------------------------------- 1 | # Purple Team 2 | 3 | ## Adversarial Simulation 4 | 5 | - [Uber Metta](https://github.com/uber-common/metta) - Metta is an information security preparedness tool 6 | 7 | - [MITRE CALDERA](https://caldera.mitre.org/) - Scalable Automated Adversary Emulation Platform 8 | 9 | - [Atomic Red Team](https://github.com/redcanaryco/atomic-red-team) - Small and highly portable detection tests based on MITRE's ATT&CK 10 | 11 | ## Threat Modeling 12 | 13 | - [OWASP Threat Dragon](https://owasp.org/threat-dragon/) - OWASP Threat Dragon is a free, open-source, online threat modelling tool 14 | 15 | - [IriusRisk](https://iriusrisk.com/) - Collaborative threat modeling platform for security and DevOps teams 16 | 17 | - [Microsoft's STRIDE](https://docs.microsoft.com/en-us/azure/architecture/secure-by-design/what-is-stride) - Microsoft's STRIDE is a threat modeling process used to identify potential security threats and vulnerabilities in applications 18 | 19 | ## Metrics 20 | 21 | - [MITRE ATT&CK](https://attack.mitre.org/) - MITRE ATT&CK is a globally-accessible knowledge base of adversary tactics and techniques 22 | 23 | - [DeTT&CT](https://detectionlab.network/) - DeTT&CT is a defensive threat and countermeasure matrix based on the MITRE ATT&CK framework 24 | 25 | - [Google's GRR Rapid Response](https://github.com/google/grr) - GRR Rapid Response is an incident response framework focused on remote live forensics 26 | 27 | ## Collaboration 28 | 29 | - [The Purple Team Handbook](https://www.purple-team-labs.com/the-purple-team-handbook) - A guide to integrating red and blue team activities for improved security 30 | 31 | - [ThreatPlaybook](https://github.com/strategiccyber/threatplaybook) - ThreatPlaybook is an open-source tool for collaborative threat intelligence collection, analysis and dissemination 32 | 33 | - [ThreatModeler](https://www.threatmodeler.com/) - ThreatModeler is a collaborative platform for threat modeling, risk management and compliance 34 | 35 | ## Training & Certification 36 | 37 | - [SANS SEC530: Defensible Security Architecture](https://www.sans.org/cyber-security-courses/defensible-security-architecture/) - A SANS course on how to build and maintain a secure enterprise architecture 38 | 39 | - [CREST Registered Threat Intelligence Analyst](https://www.crest-approved.org/examination/registered-threat-intelligence-analyst/index.html) - A certification offered by CREST for individuals who are able to carry out threat intelligence projects using open and closed sources of intelligence 40 | -------------------------------------------------------------------------------- /docs/README.md: -------------------------------------------------------------------------------- 1 | # The Rajappan Project 2 | 3 | An All-In-One Digital Privacy Project. A STEP IN THE RIGHT DIRECTION TO A PRIVATE FUTURE 4 | 5 |
Rajappan: Breaking the limits
6 | 7 | We practice Ethical Design 8 | ![](https://visitor-badge.laobi.icu/badge?page_id=kaiiyer.rajappan) 9 | [![GitHub stars](https://img.shields.io/github/stars/kaiiyer/rajappan)](https://github.com/kaiiyer/rajappan/stargazers) 10 | [![GitHub issues](https://img.shields.io/github/issues/kaiiyer/rajappan.svg)](https://GitHub.com/kaiiyer/rajappan/issues/) 11 | [![GitHub pull-requests](https://img.shields.io/github/issues-pr/kaiiyer/rajappan.svg)](https://GitHub.com/kaiiyer/rajappan/pull/) 12 | [![GitHub contributors](https://img.shields.io/github/contributors/kaiiyer/rajappan.svg)](https://GitHub.com/kaiiyer/rajappan/graphs/contributors/) 13 | [![GitHub license](https://img.shields.io/github/license/kaiiyer/rajappan)](https://github.com/kaiiyer/rajappan/blob/master/LICENSE) 14 | ![Last Commit on GitHub](https://img.shields.io/github/last-commit/kaiiyer/rajappan.svg) 15 | 16 | --------- 17 | 18 | > Expand the topics below to dive in!!! 19 | 20 |
21 | Infosec Resources for Red/Blue/Purple Teams 22 |
23 | 24 | --> [**Red Team**](../infosec/RedTeam/README.md) 25 | 26 | --> [**Blue Team**](../infosec/BlueTeam/README.md) 27 | 28 | --> [**Purple Team**](../infosec/PurpleTeam/README.md) 29 | 30 |
31 | 32 |
33 | Explore the Project 34 |
35 | 36 | [Dive In](../explore/README.md) 37 | 38 | --> [**Cyber Starter Pack**](../explore/starter-pack.md) 39 | 40 | --> [**Security Books**](../explore/books.md) 41 | 42 | --> [**Cyber Careers**](../explore/career.md) 43 | 44 | --> [**Security Conferences and Podcasts**](../explore/conf-pod.md) 45 | 46 | --> [**Security YT Channels**](../explore/video.md) 47 | 48 |
49 | 50 | 51 | 52 |
53 | Privacy 54 |
55 | 56 | --> [**Privacy Resources**](../privacy/README.md) 57 | 58 |
59 | 60 | 61 | 62 | --------- 63 | 64 |
Ethical Design

We practice Ethical Design.

65 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # The Rajappan Project 2 | 3 | An All-In-One Digital Privacy Project. A STEP IN THE RIGHT DIRECTION TO A PRIVATE FUTURE 4 | 5 |
Rajappan: Breaking the limits
6 | 7 | We practice Ethical Design 8 | ![](https://visitor-badge.laobi.icu/badge?page_id=kaiiyer.rajappan) 9 | [![GitHub stars](https://img.shields.io/github/stars/kaiiyer/rajappan)](https://github.com/kaiiyer/rajappan/stargazers) 10 | [![GitHub issues](https://img.shields.io/github/issues/kaiiyer/rajappan.svg)](https://GitHub.com/kaiiyer/rajappan/issues/) 11 | [![GitHub pull-requests](https://img.shields.io/github/issues-pr/kaiiyer/rajappan.svg)](https://GitHub.com/kaiiyer/rajappan/pull/) 12 | [![GitHub contributors](https://img.shields.io/github/contributors/kaiiyer/rajappan.svg)](https://GitHub.com/kaiiyer/rajappan/graphs/contributors/) 13 | [![GitHub license](https://img.shields.io/github/license/kaiiyer/rajappan)](https://github.com/kaiiyer/rajappan/blob/master/LICENSE) 14 | ![Last Commit on GitHub](https://img.shields.io/github/last-commit/kaiiyer/rajappan.svg) 15 | [](https://api.gitsponsors.com/api/badge/link?p=DngerUKhHsctqzUgGKmX7vU8AcX2RgSOMv8iOHBl67ENjn9wkPy6p7wIOze8OKrBt2EZwae+3duWsihD+UWn87he6ZN8wr6yN4BtakBLOqBII7KEI/p5bNfN07FjBX+KSXHJrA3N3J6Ld6Mnp1pYaQ==) 16 | 17 | --------- 18 | 19 | > Expand the topics below to dive in!!! 20 | 21 |
22 | Infosec Resources for Red/Blue/Purple Teams 23 |
24 | 25 | --> [**Red Team**](infosec/RedTeam/README.md) 26 | 27 | --> [**Blue Team**](infosec/BlueTeam/README.md) 28 | 29 | --> [**Purple Team**](infosec/PurpleTeam/README.md) 30 | 31 |
32 | 33 |
34 | Explore the Project 35 |
36 | 37 | [Dive In](explore/README.md) 38 | 39 | --> [**Cyber Starter Pack**](explore/starter-pack.md) 40 | 41 | --> [**Security Books**](explore/books.md) 42 | 43 | --> [**Cyber Careers**](explore/career.md) 44 | 45 | --> [**Security Conferences and Podcasts**](explore/conf-pod.md) 46 | 47 | --> [**Security YT Channels**](explore/video.md) 48 | 49 |
50 | 51 | 52 | 53 |
54 | Privacy 55 |
56 | 57 | --> [**Privacy Resources**](privacy/README.md) 58 | 59 |
60 | 61 | 62 | 63 | --------- 64 | 65 |
Ethical Design

We practice Ethical Design.

66 | -------------------------------------------------------------------------------- /privacy/README.md: -------------------------------------------------------------------------------- 1 | # Privacy Starters 2 | 3 | --> [**Privacy Guides**](guide-art.md) 4 | 5 | --> [**Tool-kits**](toolkits.md) 6 | 7 | 8 | Here are some great links for websites and settings that you can enforce to enforce stringer Internet data privacy. Please spend some time becoming familiar with them. 9 | 10 | - [Restrict your Facebook ad settings](https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen) 11 | 12 | - [Review the information Facebook has about you](https://www.facebook.com/settings?tab=your_facebook_information) 13 | 14 | - [Manage your invites, uploaded contacts, call and text history](https://www.facebook.com/mobile/facebook/contacts/) 15 | 16 | - [Review which apps/games/quizzes have access to your Facebook profile](https://www.facebook.com/settings?tab=applications) 17 | 18 | - [Set up good security and 2FA for your Facebook logins](https://www.facebook.com/settings?tab=security) 19 | 20 | - [See and manage the data in your Google Account](https://myaccount.google.com/u/1/dashboard) 21 | 22 | - [Review and adjust what data Google knows about you](https://myaccount.google.com/u/1/privacycheckup) 23 | 24 | - [Turn Off Google's Ad Personalization](https://adssettings.google.com/authenticated) 25 | 26 | - [Review/delete all your activity information Google has collected about you](https://myactivity.google.com/myactivity) 27 | 28 | - [To delete all your information from Google's major services](https://myactivity.google.com/delete-activity) 29 | 30 | - [To actually turn off location tracking, go to “Web & App Activity”](https://myaccount.google.com/activitycontrols/search) 31 | 32 | - Visit [Location History Delete](https://www.google.com/locationhistory/delete) to delete your main location history from google 33 | 34 | - [Apple has a privacy website, where you can review/download all the data Apple has about you](https://privacy.apple.com/) 35 | 36 | - [A Dutch search engine that will display Google search results for you, but will not tell Google who asked for the results](https://www.startpage.com/) 37 | 38 | - [Ghostery](https://www.ghostery.com/) helps you browse smarter by giving you control over ads and tracking technologies to speed up page loads, eliminate clutter, and protect your data. 39 | 40 | - [WhatsApp’s Privacy Policy, The privacy and security of your personal messaging](https://faq.whatsapp.com/general/security-and-privacy/answering-your-questions-about-whatsapps-privacy-policy/?lang=en) 41 | 42 | - [Telegram Privacy Policy for keeping Your Personal Data Safe] (https://telegram.org/privacy#10-deleting-data) 43 | 44 | - [The No More Ransom Project] (https://www.nomoreransom.org/en/index.html) 45 | 46 | - [The Best Password Managers for 2021] (https://in.pcmag.com/password-managers/36444/the-best-password-managers-for-2020) 47 | 48 | - [Are free VPNs safe? 7 things to know before using free VPNs] (https://us.norton.com/internetsecurity-privacy-are-free-vpns-safe.html) 49 | 50 | - [The Ultimate List](https://www.ghacks.net/2015/12/28/the-ultimate-online-privacy-test-resource-list/) Several interesting tools to perform various checks against your browser, connection, emails and so forth. 51 | -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | # Contributor Code of Conduct 2 | 3 | ## Our Pledge 4 | 5 | In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size disability, ethnicity, sex characteristics, gender identity and expression, level of experience, education, socio-economic status, nationality, personal appearance, race, religion, or sexual identity and orientation. 6 | 7 | ## Our Standards 8 | 9 | Examples of behavior that contributes to creating a positive environment includes: 10 | 11 | 12 | * Using welcoming and inclusive language 13 | * Being respectful of differing viewpoints and experiences 14 | * Gracefully accepting constructive criticism 15 | * Focusing on what is best for the community 16 | * Showing empathy towards other community members 17 | 18 | Examples of unacceptable behavior by participants includes: 19 | 20 | * The use of sexualized language or imagery and unwelcome sexual attention or advances 21 | * Trolling, insulting/derogatory comments, and personal or political attacks 22 | * Public or private harassment 23 | * Publishing others' private information, such as a physical or electronic address, without explicit permission 24 | * Other conduct which could reasonably be considered inappropriate in a professional setting 25 | 26 | 27 | ## Our Responsibilities 28 | 29 | Project maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior. 30 | 31 | Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful. 32 | 33 | ## Scope 34 | 35 | This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed a representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers. 36 | 37 | ## Enforcement 38 | 39 | Instances of abusive, harassing, or otherwise unacceptable behavior may be 40 | reported by contacting the project team at their [twitter](https://twitter.com/login/error?username_or_email=7735554053&redirect_after_login=%2Fkaiiyer). All 41 | complaints will be reviewed and investigated and will result in a response that 42 | is deemed necessary and appropriate to the circumstances. The project team is 43 | obligated to maintain confidentiality with regard to the reporter of an incident. 44 | Further details of specific enforcement policies may be posted separately. 45 | 46 | Project maintainers who do not follow or enforce the Code of Conduct in good 47 | faith may face temporary or permanent repercussions as determined by other 48 | members of the project's leadership. 49 | -------------------------------------------------------------------------------- /infosec/RedTeam/graphql.md: -------------------------------------------------------------------------------- 1 | # GraphQL Pentesting Labs and Resources 2 | 3 | - [Playground](https://api.graphql.jobs) - Playground graphql 4 | - [Blog](https://blog.usejournal.com/graphql-bug-to-steal-anyones-address-fc34f0374417) - Blog on how to steal anyone's address 5 | - [Detectify](https://labs.detectify.com/2018/03/14/graphql-abuse/) - Graphql abuse lab 6 | - [Medium blog](https://medium.com/@the.bilal.rizwan/graphql-common-vulnerabilities-how-to-exploit-them-464f9fdce696) - Common vulnerabilities how to exploit them 7 | - [Bugcrowd](https://www.bugcrowd.com/resources/webinars/rest-in-peace-abusing-graphql-to-attack-underlying-infrastructure/) - REST in peace abusing graphql to attack underlying infrastructure 8 | - [Medium blog](https://medium.com/@localh0t/discovering-graphql-endpoints-and-sqli-vulnerabilities-5d39f26cea2e) - Discovering graphql endpoints and sqli vulnerabilities 9 | - [Medium blog](https://medium.com/@ghostlulzhacks/api-hacking-graphql-7b2866ba1cf2) - Api hacking graphql 10 | - [Medium blog](https://medium.com/bugbountywriteup/time-based-blind-sql-injection-in-graphql-39a25a1dfb3c) - Time based blind sql injection graphql 11 | - [Medium blog](https://medium.com/bugbountywriteup/graphql-introspection-leads-to-sensitive-data-disclosure-714f1d9d9d4a) - Graphql introspection leads to sensitive data disclosure 12 | - [Medium blog](https://medium.com/bugbountywriteup/graphql-idor-leads-to-information-disclosure-175eb560170d) - Graphql idor leads to information disclosure 13 | - [Wallarm](https://lab.wallarm.com/graphql-batching-attack/?fbclid=IwAR0Wt4EbuE_wtTPEKqWSSdkgpjI-4p6xMHQczPOtJrSlP5Q1BShKLnx4yx4) - GraphQl batching attack 14 | - [Graphql-js](https://www.howtographql.com/graphql-js/1-getting-started/) - Getting started to GraphQl 15 | - [Hasura](https://hasura.io/learn/graphql/intro-graphql/introduction/) - Intro to graphql 16 | - [GraphQL learn](https://graphql.org/learn/) - Graphql Learn 17 | 18 | ## Labs: 19 | * [Graphql Security labs](https://github.com/david3107/graphql-security-labs) 20 | * [Awesome list of GraphQL & Relay](https://github.com/chentsulin/awesome-graphql) 21 | * [GraphQL injection](https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/GraphQL%20Injection) 22 | 23 | **Graphql practicing:** 24 | * [GraphiQL](https://metaphysics-production.artsy.net/) 25 | * [GraphQL Playground](https://api.graphql.jobs/) 26 | 27 | ## HackerOne GraphQL CTF (BugDB CTF) 28 | - [Capture the Flag challenges](https://www.hackerone.com/blog/graphql-week-hacker101-capture-flag-challenges) 29 | - BugDB v1 - https://ctf.hacker101.com/ctf/launch/18 30 | - BugDB v2 - https://ctf.hacker101.com/ctf/launch/19 31 | - BugDB v3 - https://ctf.hacker101.com/ctf/launch/20 32 | 33 | ## A collective list of public GraphQL APIs 34 | [Apis guru](https://github.com/APIs-guru/graphql-apis) : Public graphql Apis 35 | 36 | ## Youtube Videos 37 | - [Finding Bugs](https://www.youtube.com/watch?v=yCUQBc2rY9Y&t=1401s) : Finding first bug using Api 38 | 39 | - [Graphql Hacking](https://www.youtube.com/watch?v=OQCgmftU-Og&list=WL&index=6&t=64s) : HACKING GraphQL FOR BEGINNERS 40 | 41 | - [Graphql Injection](https://youtu.be/JKdrzgeihqE) : Graphql injection 42 | 43 | - [REST in Peace](https://youtu.be/NPDp7GHmMa0) : Abusing GraphQL to Attack Underlying Infrastructure 44 | 45 | - [Access control](https://youtu.be/Wao-ChTRMaM) : Access control vulnerabilities in GraphQL APIs 46 | 47 | - [Hacking Graphql](https://youtu.be/OQCgmftU-Og) : HACKING GraphQL FOR BEGINNERS 48 | 49 | - [Solving challenges](https://youtu.be/xzX0jtc5uM4) : Solving challenges from Hacker101 (GraphQL) and Bug Bounty Notes (SSRF) 50 | -------------------------------------------------------------------------------- /privacy/toolkits.md: -------------------------------------------------------------------------------- 1 | 2 | ## Powerful Tool-kits 3 | 4 | - [Securityplanner](https://securityplanner.org) an extremely easy to use and very informative website to help you improve your online safety. 5 | 6 | - [Twofactorauth](https://twofactorauth.org) shows you how to enable [2FA](https://en.wikipedia.org/wiki/Multi-factor_authentication) for many services. 7 | 8 | - [Haveibeenpwned](https://haveibeenpwned.com) helps you find out if your details were ever leaked. You'll be fine. NOT. 9 | 10 | - [Webcensus](https://webtransparency.cs.princeton.edu/webcensus/) Informative census about tracking and many other issues I've discussed in this post. 11 | 12 | - [Webtap](https://webtap.princeton.edu) Princeton's Web Transparency and Accountability site. 13 | 14 | - [The state of Privacy](http://www.pewresearch.org/fact-tank/2016/09/21/the-state-of-privacy-in-america/) FWIW, The state of privacy in post-Snowden America by the [Pew Research Center](https://en.wikipedia.org/wiki/Pew_Research_Center) 15 | 16 | - [Plato Stanford](https://plato.stanford.edu/entries/it-privacy/) Stanford informative page on IT and Privacy. 17 | 18 | - Mozilla's [Internet Health Report](https://internethealthreport.org/) [Online Privacy and Security brief](https://assets.mozilla.net/pdf/IHPbriefs_Online_Privacy_March_2017.pdf) A Healthy Internet is Secure and Private. The Internet only stays healthy if we trust it as a safe place - to explore, transact, connect, and create. 19 | 20 | - [MyShadow](https://myshadow.org/train) helps you take control of your data. What is a Digital Shadow? Watch [this](https://myshadow.org/media/video/what-is-a-digital-shadow.mp4) to understand. MyShadow.org offers practical ways to take back your privacy online. 21 | 22 | - [Electronic Frontier Foundation (EFF)](https://www.eff.org) The leading nonprofit defending digital privacy, free speech, and innovation. Defending your rights in the digital world. The Electronic Frontier Foundation is an independent non-profit working to protect online privacy for nearly thirty years. 23 | 24 | - [Thatoneprivacysite](https://thatoneprivacysite.net) helps you choose your VPN and encrypted email services from an educated point of view. 25 | 26 | - [Securemessagingapps](https://www.securemessagingapps.com) compares secure messaging apps (even if Skype and WhatsApp are out of place here) and choose your own from an educated point of view. 27 | 28 | - [Security Education Companion](https://sec.eff.org) A free resource for digital security educators. SEC is a resource for people teaching digital security to their friends and neighbors. 29 | 30 | - [Privacy Badger](https://www.eff.org/privacybadger) Privacy Badger automatically learns to block invisible trackers. 31 | 32 | - [Tor Project](https://www.torproject.org) We believe everyone should be able to explore the internet with privacy. We advance human rights and defend your privacy online through free and open source anonymity and privacy technologies, supporting their unrestricted availability and use, and furthering their scientific and popular understanding. 33 | 34 | - [Data Security Exchange](https://www.digitalsecurityexchange.org/) Civil society organizations face several different threats. We link them with digital security providers to help. Keeping US civil society safe from digital attacks. 35 | 36 | - [Webtransparency](https://webtransparency.cs.princeton.edu/no_boundaries/session_replay_sites.html) a list of websites that steal your sensitive data (such as usernames and passwords) for commercial purposes. 37 | 38 | - [Nomoreransom](https://www.nomoreransom.org/en/index.html) ransomware is malware that locks your computer and mobile devices or encrypts your electronic files. When this happens, you can't get to the data unless you pay a ransom. However this is not guaranteed and you should never pay! 39 | 40 | - [Open Web Application Security Project (OWASP)](https://www.owasp.org/index.php/Main_Page) A worldwide not-for-profit charitable organization focused on improving the security of software. Our mission is to make software security visible to provide impartial, practical information about AppSec to individuals, corporations, universities, government agencies, and other organizations worldwide. 41 | 42 | - [Motherboard](https://motherboard.vice.com/en_us/article/4xby8g/how-to-give-a-digital-security-training) A Practical Checklist For Leading Your First Training. Do you want to teach people about infosec, opsec, and how to stay safe online? Here's where to start. 43 | 44 | 45 | --------- 46 | Thanks for Reading 47 | -------------------------------------------------------------------------------- /explore/conf_pod.md: -------------------------------------------------------------------------------- 1 | ## Conferences 2 | 3 | - [OWASP Seasides](https://www.owaspseasides.com/) Aim to provide free of cost premium workshops and talks to all the participants 4 | 5 | - [OWASP Global Appsec](https://www.globalappsec.org/) The premier application security conference for European developers and security experts. Designed for private and public sector infosec professionals 6 | 7 | - [DEF CON](https://defcon.org/) DEF CON is the world's longest running and largest underground hacking conference. Hackers, corporate IT professionals, and three letter government agencies all converge to absorb cutting edge hacking research from the most brilliant minds in the world and test their skills in contests of hacking might 8 | 9 | - [H.O.P.E.](https://hope.net/) Hackers On Planet Earth, one of the most creative and diverse hacker events in the world 10 | 11 | - [Toor Camp](http://toorcamp.toorcon.net/) An American hacker camp where you can show off your crazy projects and brilliant ideas 12 | 13 | - [CyberSec Summit](https://cybersummitusa.com/2017-boston/) Connects C-Suite & Senior Executives responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts 14 | 15 | - [ENIGMA](https://www.usenix.org/conference/enigma2017#main%5C) Focusses on current and emerging threats and defenses in the growing intersection of society and technology. To foster an intelligent and informed conversation with the community and with the world, including a wide variety of perspectives, backgrounds, and experiences 16 | 17 | - [CyberSec Manchester](https://infosec-conferences.com/events-in-2019/cyber-security-manchester/) Aid people working in data analytics, AI and software development as well as anyone working on IOT or Blockchain projects 18 | 19 | - [SANS](https://www.sans.org/event/miami-2019) Cyber security training on cutting edge. Chance to learn from the best and get certified 20 | 21 | - [RSA Conf](https://www.rsaconference.com/events/us19) Enables the security community to come together and present the latest approaches, technologies and strategies that drive progress in the industry 22 | 23 | - [HITB SecConf](https://conference.hitb.org/) A place where ideas are exchanged, talent discovered and genius celebrated 24 | 25 | - [IEEE Security](https://www.ieee-security.org/TC/SP2019/) It's a symposium on Security and Privacy with a forum for presenting developments in computer security and electronic privacy, and for bringing together researchers and practitioners in the field 26 | 27 | - [**BlackHat**](https://blackhat.com/) Inspire professionals at all career levels, encouraging growth and collaboration among academia, world-class researchers, and leaders in the public and private sectors 28 | 29 | - [USENIX CONFS](https://www.usenix.org/conferences) Each year, USENIX hosts more than a dozen conferences and workshops on topics in advanced computing systems 30 | 31 | 32 | ## Webinars 33 | 34 | - [The Ethical Hacker Network](https://ethicalhacker.net/) - Online magazine and community for security professionals 35 | 36 | - [Bright Talk](https://www.brighttalk.com/topic/cyber-security/) - Discover the latest collection of talks and videos on Cyber Security from industry experts 37 | 38 | - [Do We Need a New Internet?](http://www.bbc.co.uk/programmes/p05y10x8) BBC Tomorrow's World episode entitled "Do We Need a New Internet?" 39 | 40 | - [EC Council Webinar](https://ciso.eccouncil.org/webinars/) - EC Council brings together the best and brightest of the information security leaders via educational resources, and highly successful CISO events in order to advance the cause of information security 41 | 42 | 43 | ## Podcasts 44 | 45 | - [**Darknet Diaries**](https://darknetdiaries.com/) True stories from the dark side of the Internet. This is a podcast about hackers, breaches, APTs, hacktivism, cybercrime, and all the things that dwell on the hidden parts of the network 46 | 47 | - [Daily Stormcasts by SANS Internet Stormcasts](https://isc.sans.edu/podcast.html#stormcast) provide regular information security threat updates 48 | 49 | - [Crypto Gram Security Podcasts](https://crypto-gram.libsyn.com/) discussions on issues such as security risks of work from home and more 50 | 51 | - [The Hated One](https://www.youtube.com/channel/UCjr2bPAyPV7t35MvcgT3W8Q) importance of why privacy matters to you even if you have nothing to hide 52 | 53 | - [The Cyberwire](https://www.thecyberwire.com/podcasts/) cybersecurity-focused news service and a trusted delivery of concise, accessible, and relevant content, separating the signal from the noise in a burgeoning industry, overloaded with information and competing messages 54 | 55 | - [Risky Business](http://risky.biz/netcasts/risky-business) Weekly information security podcast featuring news and in-depth interviews with industry luminaries 56 | 57 | - [Security Now with Steve Gibson](https://twit.tv/shows/security-now) Discusses the hot topics in security 58 | 59 | - [Down the Security Rabbit Hole](http://podcast.wh1t3rabbit.net/) Podcast alternates between interesting interviews and news analysis 60 | 61 | 62 | --------- 63 | Thanks for Reading 64 | -------------------------------------------------------------------------------- /infosec/RedTeam/README.md: -------------------------------------------------------------------------------- 1 | # RED TEAM(Attack & Penetration Testing) 2 | 3 | ------------- 4 | 5 | --- To be Updated --- 6 | 7 | ------------- 8 | 9 | - [OWASP web security testing guide](https://owasp.org/www-project-web-security-testing-guide/stable/) 10 | 11 | - [GrapQL Labs and Resources](graphql.md) 12 | 13 | - [SQL injection](sqli.md) 14 | 15 | - [Leaks](leakix.net/) 16 | 17 | - [HTML5 Security Cheatsheet](https://html5sec.org/): What your browser does when you look away 18 | 19 | - [Moonshine](https://github.com/sidaf/moonshine) - Moonshine is a C2 framework with a custom Lua interpreter 20 | 21 | - [C2Matrix](https://docs.google.com/spreadsheets/d/1b4mUxa6cDQuTV2BPC6aA-GR4zGZi0ooPYtBe4IgPsSc/edit?gid=0#gid=0) - C2 framework document 22 | 23 | ### Red Teaming Resources 24 | 25 | - [The Art of Red Teaming](https://www.humblepwn.com/blog/red-team) - Blog about red teaming methodologies and techniques by a former NSA Red Teamer 26 | 27 | - [Red Team Alliance](https://www.redteamalliance.com/) - An online community of red teamers and security professionals that provides resources, training, and networking opportunities 28 | 29 | - [Adversary Emulation Resources](https://github.com/infosecn1nja/Red-Teaming-Toolkit#emulation) - A curated list of tools, techniques, and resources for adversary emulation 30 | 31 | - [Offensive Infrastructure Resources](https://github.com/infosecn1nja/Red-Teaming-Toolkit#infrastructure) - A curated list of tools, techniques, and resources for setting up and maintaining offensive infrastructure 32 | 33 | ### Exploits & Tools 34 | 35 | - [EXPLOIT.EDUCATION](https://exploit.education/): exploit.education provides a variety of resources that can be used to learn about vulnerability analysis, exploit development, software debugging, binary analysis, and general cyber security issues 36 | 37 | - [Sectools](https://sectools.org/) Top 125 Network Security Tools 38 | 39 | - [Fiddler: Web Debugging Proxy Tool](https://www.telerik.com/fiddler): Capture all HTTP(S) traffic between your computer and the Internet with Fiddler HTTP(S) proxy. Inspect traffic, set breakpoints, and fiddle with requests & responses 40 | 41 | ### Active Directory 42 | 43 | - [harmj0y.net](https://blog.harmj0y.net/category/activedirectory/) 44 | - [adsecurity](https://adsecurity.org/) 45 | - [dirkjanm.io](https://dirkjanm.io/) 46 | - [0xdf.gitlab.io](https://0xdf.gitlab.io/tags.html#active-directory) 47 | 48 | ### Malware Development 49 | 50 | - [Maldev Academy](https://maldevacademy.com/) - Maldev Academy is a comprehensive malware development course that focuses on x64 malware development, providing knowledge from basic to advanced level 51 | 52 | 53 | ## Mail Lists for Pentesters 54 | - [Full Disclosure Mailing List](https://seclists.org/fulldisclosure/): A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community 55 | - [Bugtraq Mailing List](https://seclists.org/bugtraq/) - The premier general security mailing list. Vulnerabilities are often announced here first, so check frequently! 56 | 57 | ## Blog for Pentesters 58 | 59 | - [BruteLogic](https://brutelogic.com.br/blog/) Brute XSS: Master the art of Cross Site Scripting 60 | - [Philippeharewood Blog](https://philippeharewood.com/) These aren't the access_tokens you're looking for 61 | - [Tisiphone](https://tisiphone.net/) Blog by Lesley Carhart, Full Spectrum Cyber-Warrior Princess, 20+ year IT industry veteran,speaks and writes about digital forensics and incident response, Industrial Control System Security, OSINT, and information security careers 62 | - [Hackaday](https://hackaday.com/) Hackaday serves up Fresh Hacks Every Day from around the Internet 63 | - [Pentester Land](https://pentester.land/): A blog about penetration testing and bug bounty hunting with a focus on automation and tooling. 64 | - [PortSwigger Research](https://portswigger.net/research): Blog by the creators of Burp Suite, covering a wide range of web security topics, from introductory tutorials to advanced exploitation techniques. 65 | - [The Hacker Blog](https://thehackerblog.com/): Blog by a team of ethical hackers, covering topics such as web application security, mobile application security, IoT security, and more. 66 | - [PwnFunction](https://pwnfunction.com/): A blog focused on cybersecurity research, with articles covering various topics including exploit development, reverse engineering, malware analysis, and more. 67 | - [Hacking Articles](https://www.hackingarticles.in/): A blog with a wide range of tutorials and articles covering various aspects of cybersecurity, from basic concepts to advanced techniques. 68 | - [SecureLayer7 Blog](https://blog.securelayer7.net/): A blog covering various topics related to application security, including vulnerability assessments, penetration testing, and secure development practices. 69 | - [FireEye Blog](https://www.fireeye.com/blog.html): A blog from cybersecurity firm FireEye, covering topics such as threat intelligence, incident response, and malware analysis. 70 | - [Tenable Blog](https://www.tenable.com/blog): A blog covering topics related to vulnerability management, network security, and compliance. 71 | - [Schneier on Security](https://www.schneier.com/): A blog by renowned security expert Bruce Schneier, covering a wide range of security topics from cryptography to privacy to surveillance. 72 | -------------------------------------------------------------------------------- /explore/books.md: -------------------------------------------------------------------------------- 1 | ## Recommended Reading 2 | ------------------- 3 | 4 | ### Books 5 | 6 | - [Chaos Monkeys:](https://www.amazon.com/Chaos-Monkeys-Obscene-Fortune-Failure-ebook/dp/B019MMUAAQ) Inside the Silicon Valley Money Machine, by Antonio Garcia Martinez 7 | 8 | - [Irresistible:](https://www.wired.com/2017/03/irresistible-the-rise-of-addictive-technology-and-the-business-of-keeping-us-hooked/),The Rise of Addictive Technology and the Business of Keeping Us Hooked by Adam Alter 9 | 10 | - [The Attention Merchants: How Our Time and Attention Are Gathered and Sold](http://magazine.columbia.edu/reviews/winter-2016/excerpt-%E2%80%9C-attention-merchants-epic-scramble-get-inside-our-heads%E2%80%9D) by Tim Wu 11 | 12 | - [Move Fast and Break Things: How Facebook, Google, and Amazon Cornered Culture and Undermined Democracy](https://www.rollingstone.com/culture/move-fast-and-break-things-book-excerpt-w480401) By Jonathan Taplin 13 | 14 | - [Bug Hunter's Diary](https://www.nostarch.com/bughunter) by Tobias Klein 15 | 16 | - [Data and Goliath: The Hidden Battles to Collect Your Data and Control Your Worldr](https://www.schneier.com/books/data_and_goliath/) by Bruce Schneier 17 | - [Intrustion](https://www.theguardian.com/books/2012/mar/09/intrusion-ken-macleod-review) by Ken MacLeod 18 | 19 | - [The Circle](https://www.nytimes.com/2013/11/03/books/review/the-circle-by-dave-eggers.html) by Dave Eggers 20 | 21 | - [The Internet is Not the Answer](https://www.washingtonpost.com/opinions/book-review-the-internet-is-not-the-answer-by-andrew-keen/2015/01/02/8627999a-7973-11e4-9a27-6fdbc612bff8_story.html) by Andrew Keen 22 | 23 | - [The Glass Cage: Automation and Us](https://www.nytimes.com/2014/11/09/books/review/the-glass-cage-by-nicholas-carr.html) by Nicholas Carr 24 | 25 | - [The Digital Person](https://www.danielsolove.com/the-digital-person-2/) by Daniel Solove (published in 2004) 26 | 27 | - [Nothing to Hide](https://www.danielsolove.com/nothing-to-hide/) by Daniel Solove 28 | 29 | - [The Dark Net](https://www.theguardian.com/books/2015/apr/03/the-dark-net-by-jamie-bartlett-review) by Jamie Bartlett 30 | 31 | - [The Black Box Society](https://www.slate.com/articles/technology/bitwise/2015/01/black_box_society_by_frank_pasquale_a_chilling_vision_of_how_big_data_has.html) by Frank Pasquale 32 | - [So You've Been Publicly Shamed](https://www.nytimes.com/2015/04/19/books/review/jon-ronsons-so-youve-been-publicly-shamed.html) by Jon Ronson 33 | 34 | - [Corporate Surveillance in Everyday Life](https://crackedlabs.org/en/corporate-surveillance) by Wolfie Christl 35 | 36 | - [How Companies Use Personal Data Against People](https://crackedlabs.org/en/data-against-people) by Wolfie Christl 37 | 38 | - [No Place to Hide](https://www.nytimes.com/2014/05/13/books/no-place-to-hide-by-glenn-greenwald.html) by Glenn Greenwald 39 | 40 | - [Click Here to Kill Everybody](https://www.schneier.com/books/click_here/) by Bruce Schneier 41 | 42 | - [Future Crimes](https://www.nytimes.com/2015/05/17/books/review/future-crimes-by-marc-goodman.html) by Marc Goodman 43 | 44 | - [The Filter Bubble](https://www.nytimes.com/2011/06/12/books/review/book-review-the-filter-bubble-by-eli-pariser.html) by Eli Pariser 45 | 46 | - [The Net Delusion](https://www.nytimes.com/2011/02/06/books/review/Siegel-t.html) by Evgeny Morozov 47 | 48 | - [The Shallows](https://www.nytimes.com/2010/06/06/books/review/Lehrer-t.html) by Nicholas Carr 49 | 50 | - [Tangled Web](https://www.nostarch.com/tangledweb) by By Michal Zalewski 51 | 52 | - [The Art of Invisibility](https://www.wired.com/2017/02/famed-hacker-kevin-mitnick-shows-go-invisible-online/) by Kevin Mitnick 53 | 54 | - [Little Brother](https://craphound.com/littlebrother/about/) by Cory Doctorow 55 | 56 | - [Advanced Penetration Testing for Highly-Secured Environments](http://www.packtpub.com/networking-and-servers/advanced-penetration-testing-highly-secured-environments-ultimate-security-gu) by By Lee Allen, 2012 57 | 58 | - [Silence on the Wire: A Field Guide to Passive Reconnaissance and Indirect Attacks](https://www.nostarch.com/silence.htm) by Michal Zalewski 59 | 60 | - [Master or Slave? The Fight for the Soul of Our Information Civilization](http://www.shoshanazuboff.com/new/about/) by Shoshana Zuboff 61 | 62 | - [Crypto 101](https://www.crypto101.io/) by By Laurens Van Houtven 63 | 64 | - [Web Hacking 101](https://leanpub.com/web-hacking-101) by By Peter Yaworski 65 | 66 | - [iOS Application Security: The Definitive Guide for Hackers and Developers](https://www.nostarch.com/iossecurity) by By David Thiel 67 | 68 | - [Digital Disconnect: How Capitalism Is Turning the Internet Against Democracy](https://thenewpress.com/books/digital-disconnect) by Robert W. McChesney 69 | 70 | - [How America Lost Its Secrets](https://www.amazon.com/How-America-Lost-Its-Secrets/dp/0451494563) Edward Snowden, the man and the theft by Edward Jay Epstein 71 | 72 | - [Networks of Control:A Report on Corporate Surveillance, Digital Tracking, Big Data & Privacy](http://crackedlabs.org/en/networksofcontrol) by Wolfie Christl and Sarah Spiekermann 73 | 74 | - [The complete privacy and security desk reference volume](https://www.amazon.com/Complete-Privacy-Security-Desk-Reference/dp/152277890X) This 500-page textbook by Michael Bazzell & Justin Carroll will explain how to become digitally invisible 75 | 76 | --------- 77 | Thanks for Reading 78 | -------------------------------------------------------------------------------- /privacy/guide-art.md: -------------------------------------------------------------------------------- 1 | ## Privacy Guides 2 | 3 | **It's time to adopt healthy cyber habits and act wisely** 4 | 5 | Let's look at some of the resources available today: 6 | 7 | - [Digital Security Guide](https://www.vice.com/en_us/article/d3devm/motherboard-guide-to-not-getting-hacked-online-safety-guide) The Motherboard Guide to Not Getting Hacked. 8 | 9 | - [Digital Security Low Hanging Fruit](https://www.johnscottrailton.com/jsrs-digital-security-low-hanging-fruit/) A handful of digital security things that that most of us should do almost all of the time. 10 | 11 | - [Surveillance Self-Defense](https://ssd.eff.org) Tips, Tools, and How-tos for Safer Online Communications. 12 | 13 | - [Privacytools](https://www.privacytools.io) A good site to learn more about privacy and best practices. 14 | 15 | - [DEFEND and DETOX](https://thimbleprojects.org/amira/283780/#overview) An amazing step by step guide to running a digital safety class. This curriculum was created for a Defend and Detox event for women in New York City to teach digital women how to protect themselves online. 16 | 17 | - [Security in a Box](https://tacticssecurityinabox.org) Digital security tools and tactics. The Tactics Guides in this toolkit cover basic principles, including advice on how to use social media and mobile phones more safely. It offers step-by-step instructions to help you install, configure, and use some essential digital security software and services. 18 | 19 | - [Data Detox kits](https://tacticaltech.org/news/data-detox-kit/) Small steps to change your habits and reduce data traces. The Data Detox Kit is an 8-day step-by-step guide on how to reduce data traces online. 20 | 21 | - [Speak Up & Stay Safe(r)](https://onlinesafety.feministfrequency.com/en/) A Guide to Protect yourself from Online Harassment. 22 | 23 | - [A DIY Guide to Feminist Cybersecurity](https://hackblossom.org/cybersecurity/) Your casual internet browsing yields a treasure trove of personal data for anyone who can see what you're doing. 24 | 25 | - [Don't like being tracked online? Set up a VPN for free How to set up a VPN in 10 minutes for free](https://medium.freecodecamp.org/how-to-set-up-a-vpn-in-5-minutes-for-free-and-why-you-urgently-need-one-d5cdba361907) How to set-up a VPN in 5 minutes for free and why you urgently need one. 26 | 27 | - [Equality Labs Privacy + Security Curriculum](https://www.equalitylabs.org/curriculum/) This curriculum was co-developed by qualified digital security trainers of color who have experience working in vulnerable communities all around the world. 28 | 29 | - [Kidglove](https://kidglove.in) This is an initiative by Kerala Police and [ISRA](is-ra.org) for providing cyber lessons for students, tool kit for teachers, advice for parents to help children to have a safe online browsing. 30 | 31 | --------- 32 | 33 | ### Articles Worth Reading 34 | 35 | - [How To Make Sure Your Home Address Isn't Easily Available Online](https://www.autostraddle.com/how-to-make-sure-your-honest-to-god-actual-home-address-isnt-easily-available-online-365455/) How To Make Sure Your Honest to God Actual Home Address Isn't Easily Available Online. 36 | - [SCU](https://www.scu.edu/ethics/focus-areas/internet-ethics/resources/why-we-care-about-privacy/) Santa Clara University informative page on why you should care about privacy. 37 | - [What is Doxing and how to Prevent it from Happening](https://www.propublica.org/article/so-what-the-hell-is-doxxing) - So What the Hell Is Doxxing? Remember Gamergate? Or when the identity of that dentist who killed Cecil the Lion was posted? 38 | - [How to Use Signal Without Giving Out Your Phone Number](https://theintercept.com/2017/09/28/signal-tutorial-second-phone-number/) Just a few years ago, sending encrypted messages was a challenge. Just to get started, you had to spend hours. 39 | - [Accessnow](https://www.accessnow.org/first-look-at-digital-security/) Access Now defends and extends the digital rights of users at risk around the world. By combining direct technical support, comprehensive policy engagement, global advocacy, grassroots grantmaking, and convenings such as RightsCon, we fight for human rights in the digital age. 40 | - [Phishing's No Phun; Here's How To Resist](https://www.autostraddle.com/phishings-no-phun-heres-how-to-resist-the-bait-378342/) The Bait Likely you've heard about the massive phishing scam of the week. 41 | - [How to Run a Rogue Government Twitter Account With an Anonymous Email Address and a Burner Phone](https://www.theguardian.com/global-development/poverty-matters/2011/aug/04/digital-technology-development-tool) Why digital privacy and security are important for development . 42 | - [Journalists in Distress: Securing Your Digital](https://freedom.press/news/civil-liberties-groups-condemn-trump-admins-indictment-julian-assange/) Journalists in Distress: Securing Your Digital Life Civil liberties groups condemn the Trump admin's indictment of Julian Assange. 43 | - [Getting Started with Digital Security](https://theintercept.com/2016/07/02/security-tips-every-signal-user-should-know/) Security Tips Every Signal User Should Know. There are dozens of messaging apps for iPhone and Android, but one, in particular, continues to stand out in the crowd. 44 | - [Spreadprivacy](https://spreadprivacy.com) DuckDuckGo privacy oriented blog/info page. 45 | - [Encrypting Your Laptop Like You Mean It](https://theintercept.com/2015/04/27/encrypting-laptop-like-mean/) TIME AND AGAIN, people are told there is one obvious way to mitigate privacy threats of all sorts, from mass government surveillance to pervasive online tracking to cybercriminals: encryption. 46 | - [Schneier on Security Micah](https://theintercept.com/staff/micah-lee/) Lee's work at The Intercept 47 | 48 | --------- 49 | 50 | ### Quick Resources : 51 | 52 | - [FOIA Feeds](https://twitter.com/foiafeed) - Highlighting reporting that makes use of the Freedom of Information Act and other public records laws. A special project of FreedomofPress 53 | 54 | - [Freedom Tracker](https://pressfreedomtracker.us/) - U.S. Press Freedom Tracker is led by the Freedom of the Press Foundation and the Committee to Protect Journalists, in collaboration with leading press freedom groups 55 | 56 | - [Haven](https://guardianproject.github.io/haven/) - Haven is for people who need a way to protect their personal spaces and possessions without compromising their privacy, through an Android app and on-device sensors 57 | 58 | - [Secure Drop](https://securedrop.org/) - SecureDrop is an open-source whistleblower submission system that media organizations and NGOs can install to securely accept documents from anonymous sources 59 | 60 | - [Common Sense](https://www.commonsense.org/education/digital-citizenship/privacy-and-security) - Common Sense is the nation's leading nonprofit organization dedicated to improving the lives of kids and families by providing the trustworthy information, education, and independent voice they need to thrive in the 21st century 61 | 62 | - [Cyberwise](https://www.cyberwise.org/) - CyberWise is a resource site for BUSY grownups who want to help youth use digital media safely and wisely. It is the companion site to Cyber Civics, our comprehensive digital literacy program for middle school 63 | 64 | --------- 65 | Thanks for Reading 66 | -------------------------------------------------------------------------------- /infosec/BlueTeam/README.md: -------------------------------------------------------------------------------- 1 | # BlueTeam 2 | ------------- 3 | 4 | --- To be Updated --- 5 | 6 | - [The Red Canary Blog](https://redcanary.com/blog/) - Security teams need an ally to help defend against adversaries. Check out our blog for tips on increasing visibility, expanding detection coverage, and improving information security 7 | 8 | - [SANS Internet Storm Center](https://isc.sans.edu/) - ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers 9 | 10 | - [DevSecOps](https://www.devsecops.org/) An informational site for security and business practitioners looking for innovative ways to incorporate security at scale 11 | 12 | - [Adversary Tactics: PowerShell](https://github.com/specterops/at-ps) - Intro, Basics, Remoting, PowerShell Without PowerShell 13 | 14 | - [Detectify](https://blog.detectify.com/) - Security blog from Detectify, Automated security and asset monitoring for all teams 15 | 16 | - [Boss of the SOC](https://www.splunk.com/en_us/blog/tag/boss-of-the-soc.html) - BOTS is a blue-team, jeopardy-style, capture-the-flag-esque (CTF) activity where participants leverage Splunk's Security Suite and other resources to answer a variety of questions about the type of real-world security incidents 17 | 18 | - [Cybrary](https://www.cybrary.it/) - Cybrary offers a variety of free and paid online cybersecurity courses, including training for blue team professionals 19 | 20 | - [Blue Team Village](https://www.blueteamvillage.org/) - Blue Team Village is a community-led organization that provides education and resources for blue teamers, including presentations, workshops, and capture-the-flag (CTF) events 21 | 22 | - [MITRE ATT&CK](https://attack.mitre.org/) - MITRE ATT&CK is a framework that helps organizations understand how attackers operate and provide a common language for describing and sharing information about cyber threats 23 | 24 | - [CIS Controls](https://www.cisecurity.org/controls/) - The Center for Internet Security (CIS) Controls are a set of guidelines for implementing and improving an organization's cybersecurity posture 25 | 26 | - [TheHive Project](https://thehive-project.org/) - TheHive is a free, open-source incident response platform that includes case management, collaboration, and analysis capabilities 27 | 28 | 29 | ------------- 30 | 31 | ## Incident Investigation 32 | 33 | - [Detecting Lateral Movement through Tracking Event Logs](https://www.jpcert.or.jp/english/pub/sr/20170612ac-ir_research_en.pdf) by JPCERT 34 | 35 | - [Tool Analysis Result Sheet](https://jpcertcc.github.io/ToolAnalysisResultSheet/) - This site summarizes the results of examining logs recorded in Windows upon execution of the 49 tools that are likely to be used by the attacker that has infiltrated a network 36 | 37 | - [Randy Franklin Smith's Ultimate Windows Security](https://www.ultimatewindowssecurity.com/) - Windows Security Stuff 38 | 39 | - [Malware Archaeology CheatSheet](https://www.malwarearchaeology.com/cheat-sheets) - Cheat Sheets to help you configure your systems 40 | 41 | 42 | ## Threat Intelligence 43 | 44 | - [Spyse](https://spyse.com) - Spyse is a search engine built for a quick cyber intelligence of IT infrastructures, networks, and even the smallest parts of the internet 45 | 46 | - [Intel Owl](https://github.com/intelowlproject/IntelOwl) - Analyze files, domains, and IPs in multiple ways from a single API at scale 47 | 48 | - [VirusTotal](https://www.virustotal.com/gui/) - VirusTotal is a free online service that analyzes files and URLs for potential malware and provides information about their behavior 49 | 50 | - [Shodan](https://www.shodan.io/) - Shodan is a search engine for Internet-connected devices, providing information about open ports, operating systems, and other details that may be useful for threat intelligence 51 | 52 | - [OpenCTI](https://www.opencti.io/) - OpenCTI is an open-source platform for managing and sharing threat intelligence 53 | 54 | - [MISP](https://www.misp-project.org/) - MISP (Malware Information Sharing Platform) is a free, open-source platform for sharing threat intelligence between organizations 55 | 56 | 57 | ## SIEM 58 | 59 | - [Grafana](https://grafana.com) - Grafana is the open source analytics & monitoring solution for every database 60 | 61 | - [SIEMonster](siemonster.com) -SIEMonster is an Enterprise-grade Security Information and Event Management (SIEM), built on scalable, open source components 62 | 63 | - [Boss of the SOC](https://www.splunk.com/en_us/blog/tag/boss-of-the-soc.html) - BOTS is a blue-team, jeopardy-style, capture-the-flag-esque (CTF) activity where participants leverage Splunk's Security Suite and other resources to answer a variety of questions about the type of real-world security incidents 64 | 65 | 66 | ## Detection Engineering & Threat Hunting 67 | 68 | - [Sigma](https://github.com/SigmaHQ/sigma) - Generic Signature Format for SIEM Systems 69 | 70 | - [Vectr.io](https://vectr.io) - Purple Teams through VECTR™ generates success defense metrics and help align Red and Blue Teams towards the same mission: protecting the organization by discovering and plugging detection gaps 71 | 72 | - [Emerging Threats](https://doc.emergingthreats.net/bin/view/Main/WebHome) - Emerging Threats Rule Documentation Wiki containing all current rules 73 | 74 | - [Atomic Red Team](https://atomicredteam.io/) - Atomic Red Team is a collection of tests that organizations can use to validate their detection and response capabilities 75 | 76 | - [CyberChef](https://gchq.github.io/CyberChef/) - CyberChef is a free, open-source tool for analyzing and decoding data, which can be useful for threat hunting and incident response 77 | 78 | - [Elastic Security Detection Rules](https://github.com/elastic/detection-rules) - Elastic Security provides a collection of detection rules for various threats and attack techniques, which can be used with the Elastic Stack 79 | 80 | - [YARA](https://virustotal.github.io/yara/) - YARA is a pattern-matching tool for identifying and classifying malware and other threats 81 | 82 | - [LOLRMM](https://lolrmm.io/) - LOLRMM is a curated list of Remote Monitoring and Management (RMM) tools that could potentially be abused by threat actors 83 | 84 | 85 | ## Log Management & Object Storage 86 | 87 | - [Fluentd](https://www.fluentd.org) - Fluentd is an open source data collector, which lets you unify the data collection and consumption for a better use and understanding of data 88 | 89 | - [Graylog](https://www.graylog.org) - Graylog is a leading centralized log management solution for capturing, storing, and enabling real-time analysis of terabytes of machine data 90 | 91 | - [MinIO](https://min.io) - MinIO is the world's fastest object storage server. With READ/WRITE speeds of 183 GB/s and 171 GB/s on standard hardware, MinIO can help you quickly and easily store and manage your security logs and other machine data 92 | 93 | - [Elasticsearch](https://www.elastic.co) - Elasticsearch is a distributed, RESTful search and analytics engine that can be used for real-time search, log analysis, and more. It's commonly used in conjunction with the Kibana dashboard and the Logstash data processing pipeline to form what's known as the ELK stack 94 | 95 | - [AWS CloudWatch Logs](https://aws.amazon.com/cloudwatch/logs/) - Amazon CloudWatch Logs lets you monitor, store, and access your log files from Amazon EC2 instances, AWS CloudTrail, and other cloud resources. With CloudWatch Logs, you can centralize logs from multiple sources and analyze them in real-time using CloudWatch Logs Insights 96 | 97 | - [Google Cloud Logging](https://cloud.google.com/logging) - Google Cloud Logging lets you store, search, analyze, and monitor your logs from Google Cloud Platform and Amazon Web Services (AWS). It's a fully-managed service that can scale to meet the needs of even the largest organizations, and it integrates with a wide range of other Google Cloud services, such as BigQuery and Cloud Pub/Sub 98 | 99 | - [Azure Log Analytics](https://azure.microsoft.com/en-us/services/log-analytics/) - Azure Log Analytics is a service in the Azure ecosystem that helps you collect and analyze data generated by resources in your cloud and on-premises environments. It can be used for log and performance data analysis, as well as security and compliance monitoring 100 | 101 | ## OSINT 102 | 103 | - [OSINT Framework](https://osintframework.com/) 104 | 105 | - [Awesome OSINT](https://github.com/jivoi/awesome-osint) 106 | 107 | - [OSINT, Breach Dumps & Password Spraying](https://delta.navisec.io/osint-for-pentesters-part-3-password-spraying-methodology/) 108 | 109 | - [All in one OSINT resource you'll ever need](https://start.me/p/L1rEYQ/osint4all) 110 | 111 | 112 | ## DFIR 113 | 114 | - [Digital Forensics and Incident Response](https://www.dfir.training/tools) 115 | 116 | - [Volatility](https://www.volatilityfoundation.org/) - Volatility is a free, open-source framework for analyzing memory dumps, which can be useful for incident response and forensic investigations 117 | 118 | - [Autopsy](https://www.sleuthkit.org/autopsy/) - Autopsy is a digital forensic platform that can be used to analyze disk images and other artifacts 119 | 120 | - [SIFT Workstation](https://digital-forensics.sans.org/community/downloads) - SIFT (SANS Investigative Forensic Toolkit) is a free digital forensics platform that includes a variety of tools and resources for incident response and forensic investigations 121 | 122 | 123 | ## Malware Analysis & Reverse Engineering 124 | - [MalGamy](https://malgamy.github.io) - A blog for case study and in-depth analysis of malware 125 | 126 | - [Learn Ghidra](https://github.com/NationalSecurityAgency/ghidra/tree/master/GhidraDocs/GhidraClass) - Exercises to get started with Ghidra and advanced development 127 | --------------------------------------------------------------------------------