aaronsdevera/infosec-resources

List of resources to share with infosec friends/fiends

infosec-resources

List of resources to share with infosec friends/fiends

Contents

1. E-Learning
2. Books
3. Frameworks and Concepts
4. Research
5. Podcasts
6. Conferences
7. Meetups
8. Spaces and Orgs
9. News/Newsletters
10. Twitter Lists
11. Hiring

E-Learning

• Reverse Engineering 101 by Malware Unicorn - Free online workshops from a top reverse engineer.
• Grow with Google - Google's online learning platform for learning tech skills.
• AWS Certification - Classes and certifications for using AWS services and products.
• Codecademy - Free online programming education platform.
• Hack In The Box - Free online offensive security platform.
• TryHackMe | Cyber Security Training - Free online offensive security platform.
• CTFtime.org / Events calendar - List of upcoming Capture the Flag competitions.
• Google Bug Hunters University - Free online learning for offensive security and vulnerability research, mostly aligned with Google products and services.

Books

• Violent Python

  • Excellent hands-on walkthrough into offesnive security research in Python.
  • Amazon
  • Free PDF to download

• BlackHat Python

  • Excellent hands-on walkthrough into offesnive security research in Python.
  • Amazon
  • Free PDF to download

• Practical Malware Analysis

  • Great beginner's guide into malware analysis, with many important philosophical and procedural details as well.
  • Practical Malware Analysis
  • Free PDF to download

• Silence on the Wire

  • An all-time favorite. All about internet signals analysis and detection.
  • Amazon
  • Free PDF to download

• The Cuckoo’s Egg

  • Very enjoyable read documenting an early example of threat hunting.
  • Amazon
  • Free PDF to download

• Open Source Intelligence Techniques

  • Ultimate guide by one of the all-time greats in Open Source Intelligence (OSINT).
  • Amazon

• 2600 Magazine

  • Long-time hacker magazine staple.
  • 2600 News | 2600

Frameworks and Concepts

• OWASP Foundation - Web Apps remain one of the most common attack surfaces out there. Be sure to know the top 10 affecting risks.
• Kill chain - A concept appropriated from military research intended to stratify the stages of an attack.
• MITRE ATT&CK® - Expanding greatly upon the killchain, ATT&CK is a taxonomy for threat behavior and malicious behavior.
• Cyber threat hunting - proactive cyber defense operations intended to identify and remediate risks before they're a problem.
• Dwell Time - Metric to capture how long between discovery and remediation did a defensive cyber team "dwell" on the incident. "Mean Dwell Time" is often a metric used by Security Operations Center (SOC) managers to measure the capability of their team to triage incidents.
• Social Engineering - social and psychological manipulation with the intent of getting a victim to divulge secrets. Often used in cyberattacks.
• Cyber Threat Intelligence - Intelligence capabilities applied towards the mission of countering cyber threats. May include collections, analysis, engineering, human intelligence, signals intelligence, OSINT, and more.
• The self-taught UI/UX designer roadmap in 2021 [archive] - Excellent blog post covering major modern design concepts for SaaS apps.
• Lance James - Advanced Persistent Marketing: Demystifying APT's and Cyber Attacks - One of my favorite talks about threat intelligence.
• TR17 - Surprise Bitches! - The Grugq - Good talk on the convergence of cyber threat intelligence and the conventional intelligence lifecycle
• Intelligence Communities in Collision - JD Work - Another great talk on where cyber threat intelligence collides with conventional intelligence.

Research

Cool research to understand.

• TLS Fingerprinting with JA3 and JA3S | by John Althouse
• OWASP/Honeypot-Project
• MISP/MISP: MISP (core software) - Open Source Threat Intelligence and Sharing Platform (formely known as Malware Information Sharing Platform)
• MalwareBazaar | Malware sample exchange
• Google Project Zero
• Cisco Talos Intelligence Group - Comprehensive Threat Intelligence
• The Citizen Lab - University of Toronto
• Bellingcat
• DDoSecrets
• VX Underground

Podcasts

• Risky Business - Risky Business
• CyberWire: Your Cybersecurity News Connection - Cyber News
• Cybercrimeology
• Security Weekly
• Darknet Diaries
• VICE Cyber podcast
• Lawfare podcasts

Conferences

• DEFCON (Las Vegas) - it's the biggest hacker conference in the world and many people make a point of being there IRL every year. Definitely go.
• The Diana Initiative (Las Vegas, virtual) - a conference that puts a priority on historically underserved communities within infosec.
• Botconf (France) - highly technical conference with excellent rewview of threat research, particularly around cybercrime.
• Kaspersky Security Analyst Summit (SAS) (Global) - popular conference with the global researcher community
• ShmooCon (Washington D.C.) - all around good hacker con perfectly sized for good talks, workshops, and conversations.
• CyberWarCon (Washington D.C.) - one-day conference with focus on cyber warfare, policy, state-sponsored cyber capabilities, and elections integrity.
• REcon (Montreal) - Highly technical conference with a focus on reverse engineering.
• SummerCon (NYC) - The longest running hacker conference in the USA.
• HushCon (NYC, Seattle) - a well-run, intentionally intimate conference that spans both US coasts.

Meetups

• Security BSides (Global) - A federation of security conferences and meetups that pop up in cities across the globe.
• NYSEC (NYC) - long-running NYC monthly hacker meetup.
• Empire Hacking (NYC) - bi-monthly meetup with a focus on security research.
• NCC Group Security Open Forum (NYC) - semi-frequent meetup with a focus on security research.

Spaces and Orgs

• Hackerspaces.org (Global) - comprehensive community collection of hackerspaces all over the world.
• NYC Resistor (NYC) - longtime hackerspace in NYC.
• Wonderville (NYC) - a space filled with DIY and india arcade games that supports hacker and community tech causes.
• Babycastles (NYC) - art and tech collective in NYC.
• HackerDojo (SF Bay Area) - hackerspace and co-working space for hackers and makers.
• DNA Lounge (SF Bay Area) - hacker-run nightclub.
• c-base (Berlin) - legendary hackerspace.
• Paralelni Polis (Prague) - a cryptoanarchy space that plays host to hackers, tech skeptics, and decentralization proponents.
• Rancho Electronico (CDMX) - hackerspace in Mexico City with many community programs.

News/Newsletters

• Newsfeed - News aggregrator
• Brutalist - News aggregrator
• Krebs on Security
• Ars Technica
• VICE Motherboard
• Dark Reading
• BleepingComputer
• Gizmodo
• The CyberWire Daily Briefing
• Risky Business
• hatemail
• Recorded Future Cyber Daily

Twitter Lists

• @cyb3rops/Cyber on Twitter
• @alexstamos: "Quotable Security Women"
• @craignewell "Security People"
• @medus4_cdc "Sexurity"
• @nscrut_ "intelligent intel"
• @amac "internetlaw"
• @kashhill "privacy tweeps"

Hiring

• whoishiring.io - Tech and startup job board.
• Jobs at Y Combinator startups - Openings at startups that are part of Y Combinator incubator.
• Ask HN: Who is hiring? - Threads on Hacker News. Also, a "Who's Hiring" thread is posted monthly.
• Angel List - startup centric job board.
• Google - Google search has actually improved quite a bit at searching for job listings.