A curated list of resources contributed to and used by InfoSecNZ for learning about, working with, and improving everyone's security. Don't submit unless what you're submitting is awesome. If in doubt, just ask, we don't bite.
- Become a member of the InfoSecNZ Slack
- Discuss your intended change on InfoSecNZ Slack, or open a pull request and follow the guidelines here.
- Docker Security - Quick Reference - The security defaults of Docker are established to get you up and running (“just work”) quickly, rather than being the most secure. There are many default configurations that can be improved upon. This book will help you do just that
- Cloud Security - Quick Reference - In this book we walk through threat modelling your Cloud environment. We break down and provide solid understanding of the shared responsibility model, that is: What are the CSPs responsibilities and what are your responsibilities as a consumer of the services that your chosen CSP offers. We provide a set of questions and possible answers to help you evaluate the most suitable CSP for your needs
- Holistic Info-Sec for Web Developers (Fascicle 0) - The first part of a three part book series providing broad and in-depth coverage on what Software Developers, Engineers and architects need to know in order to create robust, reliable, maintainable and secure software, networks and other, that are delivered continuously, on time, with no nasty surprises
- Holistic Info-Sec for Web Developers (Fascicle 1) - The second part of a three part book series providing broad and in-depth coverage on what Software Developers, Engineers and architects need to know in order to create robust, reliable, maintainable and secure software, networks and other, that are delivered continuously, on time, with no nasty surprises
The infosec-media channel on InfoSecNZ slack.
A list of content we want alerts for new posts in InfosecNZ. Ideally provide the RSS link if you can.
- Adrian Crenshaw (Twitter: @irongeek_adc)
- Blackhat
- Bsides London
- Defcon
- Colin Hardy
- hasherezade
- MalwareAnalysisForHedgehogs (Twitter: @struppigel)
- MalwareTech
- Open Analysis Labs
- SANS DFIR (operated by @RobertMLee)
- BrakeSec
- BinaryMist
- Complete Privacy & Security Podcast
- Defensive Security Podcast
- Purple Squad
- Rally Security Podcast
- Red Team Podcast
- Risky Biz
- PurpleTeam - A security regression testing SaaS and CLI, perfect for inserting into your build pipelines. You don’t need to write any tests yourself. purpleteam is smart enough to know how to test, you just need to provide a Job file which tells purpleteam what you want tested. It has two main environments
localandcloudlocalis OWASP - set everything up yourself in your own environmentcloudis a proprietary offering with everything hosted for you in the cloud. You just need to configure and run the CLI
- Awesome CTF - A curated list of CTF frameworks, libraries, resources and software
- VulnHub - A collection of purposely vulnerable CTFs and Labs
- OWASP NZ Day - To educate and inform those working in the tech industry of information security topics
- The Christchurch Hacker Con (CHCon) - For Security Professionals and Hackers, run out of Christchurch NZ
- BinaryMist Workshops - Working with Developers / Engineers and their teams to shift the security focus and skills to within the Development Team, and help the rest of your organisation understand the benefits of shifting security from the most expensive place to the cheapest
- Crypto-Gram - Dan Henage reading out Bruce Schneier's monthly news letter
- HeavyBit - Focussed toward Software Developers. Hosted by Guy Podjarny - Founder and CEO of Snyk
- OWASP 24/7 - A recorded series of discussions with project leads within OWASP. Each week, we talk about the new projects that have come on board, updates to existing projects and interesting bits of trivia that come across our desk
- Purple Squad Security - Purple Squad Security is a weekly podcast for red teamers, blue teamers, audit weasels, firewall monkeys, and IDS mechanics. If you have an interest in information security, we’ll cover it
- Risky.Biz - Weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle
- Software Engineering Radio (SER) - Interviews are carried out by hosts that generally perform hours of research on the given topic and guest and create question sets that are pair reviewed by all of the other SER hosts. Every host must listen to each show and provide specific feedback. This has the effect of highly polished show hosts and top quality shows.
- Silver Bullet - Published once a month. Hosted by Gary McGraw. The series started in April 2006. The podcast features in-depth conversations with security gurus. Guests include technologists, academics, business people, authors, the press, and government officials
- The Complete Privacy & Security Podcast - This podcast by Michael Bazzell will explain how to become digitally invisible. You will make all of your communications private, data �encrypted, internet connections anonymous, computers hardened, identity guarded, purchases secret, accounts secured, devices locked, and home address hidden. You will remove all personal information from public view and will reclaim your right to privacy
- The Social-Engineer Podcast - As the name says, this is for those interested in social engineering
- wh1t3rabbit - Covering many security categories
This work is licensed under a Creative Commons Attribution 4.0 International License