The SaaS CTO Security Checklist
This is a basic checklist that all SaaS CTOs (and anyone else) can use to harden their security. Security shouldn’t feel like a chore. Select your startup stage and use these rules to improve your security. This list is far from exhaustive, incomplete by nature since the security you need depends on your assets.
security  policy  howto 
october 2016
CS 6960-001 > Fall 2016 > Assignments > Homework 6
elow is the definition of an extremely simple programming language. Your assignment is to (for Thurs Oct 20) write a program in it, and submit it using a github pull request to the calc-compiler project linked below. Also (for Tues Oct 25) write a compiler for it to LLVM.
llvm  programming 
october 2016
Internet-Wide Scan Data Repository
Project Sonar includes a regular DNS lookup for all names gathered from the other scan types, such as HTTP data, SSL Certificate names, reverse DNS records, etc.

approx 15 GB gzipped txt file
dns  recon  passive 
october 2016
TUM CTF 2016: zwiebel (rev 50) | LosFuzzys
My brain hurts from the r2 commands, but useful post also for angr solver
ctf  writeup  radare  tool  angr  RE 
october 2016
DFIR.training - Home
Great collection of recent news articles and tools
DFIR  tool 
september 2016
Intel x86 JUMP quick reference
Getting the sense for jumps and flags has long been a troublesome area for me, especially since the Intel assembler book shows 32 of these, all with similar-sounding names. Looking more closely I found that many of the instructions were synonyms for each other, and in practice the whole gamut is not needed, and in the process found that my copy of Intel's 80386 Programmer's Reference Manual gave an incorrect description for one of the instructions.
asm  x86  manual 
september 2016
RECON 2016 - Recordings
Hardware-Assisted Rootkits and Instrumentation: ARM Edition - Matt Spisak

Black box reverse engineering for unknown/custom instruction sets - David Carne

Visiting The Bear Den - Joan Calvet, Jessy Campos, Thomas Dupuy

Shooting the OS X El Capitan Kernel Like a Sniper - Liang Chen, Qidan He

JavaJournal - Jason Geffner

BBS-Era Exploitation for Fun and Anachronism - Derek Soeder, Paul Mehta

Dangerous Optimizations and the Loss of Causality - Robert C. Seacord

Breaking Band - Nico Golde, Daniel Komaromy

Process Failure Modes - James Forshaw

How Do I Crack Satellite and Cable Pay TV? - Chris Gerlinsky

Monitoring & controlling kernel-mode events by HyperPlatform - Satoshi Tanda

More Flash, More Fun! - Natalie Silvanovich

A Monitor Darkly: Reversing and Exploiting Ubiquitous On-Screen-Display Controllers in Modern Monitors - Ang Cui, Francois Charbonneau, Jatin Kataria

Sol[IDA]rity - Markus Gaasedelen, Nick Burnett

Keystone: the last missing framework of Reverse Engineering - Nguyen Anh Quynh

When Governments Attack - Cooper Quintin, Eva Galperin

Reverse Engineering ISC controllers - Jessy Diamond Exum

Abusing the NT Kernel Shim Engine - Alex Ionescu

Movfuscator-Be-Gone - Julian Kirsch, Clemens Jonischkeit

Go Speed Tracer - Richard Johnson
RE  recon  conf  video 
september 2016
Six: Python 2 and 3 Compatibility Library — six 1.10.0 documentation
Six provides simple utilities for wrapping over differences between Python 2 and Python 3. It is intended to support codebases that work on both Python 2 and 3 without modification. six consists of only one Python file, so it is painless to copy into a project.
python  tool  compatibility 
september 2016
Exploit Exercises
exploit-exercises.com provides a variety of virtual machines, documentation and challenges that can be used to learn about a variety of computer security issues such as privilege escalation, vulnerability analysis, exploit development, debugging, reverse engineering, and general cyber security issues.
security  tool  howto  vm  vuln  oscp  exploit 
september 2016
One Year of Rust
Awesome blog post about the first year after Rust 1.0 and links to great tools related to learning the language
rust  howto 
august 2016
PwnWiki.io is a collection TTPs (tools, tactics, and procedures) for what to do after access has been gained.
pentest  oscp  post-exploitation  tool  howto 
march 2016
« earlier      
afl algorithm angr anime apache apt arabic arm asm audio bash binary binja blackhat blog bof book breach browser c career central-america cert challenge cms coldfusion compatibility compsci conf cruise crypto ctf cve dataviz ddos dfir diving dns docker dos drupal embedded ence exfil exploit fiji fileformat finland firewall fitness ftp fuzzing gear go guatemala gui hardware hax0ring health hiking howto http ida ide ie8 infosec intel ios japan joomla kali linkedin links linux llvm malware manual map memory metasploit minimalism misp monitoring mssql nes netbios netscan netsh network new-zealand nmap nomad offsec opsec oscp osx otrs owasp palau passive password payload pentest photo php pivot planning plc plugin policy post-exploitation powershell priv-esc processes programming puzzle python radare random re recon regexp roadtrip route66 rust sans saudi-arabia scada security shell shellcode singapore solaris sqli sqlmap standard strategy strings sysadmin syscall systems-thinking taxi text thailand tool training transportation travel unsorted usa utility video vietnam vm volatility vuln vulnhub webdav windows wordpress writeup wtf x64 x86 xampp yara z3 zalgo

Copy this bookmark: