Fraud prevention

FingerprintJS – Identifies browser and hybrid mobile application users even when they purge data storage. Allows you to detect account takeovers, account sharing and repeated malicious activity. FingerprintJS Android – Identifies Android application users even when they purge data storage. Allows you to detect account takeovers, account sharing and repeated malicious activity.


databunker – Databunker is an address book on steroids for storing personal data. GDPR and encryption are out of the box. acra – Database security suite: proxy for data protection with transparent “on the fly” data encryption, data masking and tokenization, SQL firewall (SQL injections prevention), intrusion detection system. blackbox – Safely store secrets in […]


Holistic Info-Sec for Web Developers – Broad and deep coverage of what Web Developers and DevOps Engineers need to know in order to create robust, reliable, maintainable and secure software, networks and other, that are delivered continuously, on time, with no nasty surprises Docker Security – Quick Reference: For DevOps Engineers – A book on […]

Online resources

Security related Operating Systems @ Rawsec – Complete list of security related operating systems Best Linux Penetration Testing Distributions @ CyberPunk – Description of main penetration testing distributions Security @ Distrowatch – Website dedicated to talking about, reviewing and keeping up to date with open source operating systems Hardening Windows 10 – Guide for hardening […]

Privacy & Security

Qubes OS – Qubes OS is a free and open-source security-oriented operating system meant for single-user desktop computing. Whonix – Operating System designed for anonymity. Tails OS – Tails is a portable operating system that protects against surveillance and censorship.

Big Data

hadoop-pcap – Hadoop library to read packet capture (PCAP) files. Workbench – A scalable python framework for security research and development teams. OpenSOC – OpenSOC integrates a variety of open source big data technologies in order to offer a centralized tool for security monitoring and analysis. Apache Spot (incubating) – Apache Spot is open source […]


Usable Security Course – Usable Security course at Coursera. Quite good for those looking for how security and usability intersects. Usable Cybersecurity – Both usability and cybersecurity are context-specific and influenced by a number of factors

Offensive & Infrastructure Deployment

Redcloud – A automated Red Team Infrastructure deployment using Docker. Axiom – Axiom is a dynamic infrastructure framework to efficiently work with multi-cloud environments, build and deploy repeatable infrastructure focussed on offensive and defensive security. Red Team Toolkit – Red Team Toolkit is an Open-Source Django Offensive Web-App which is keeping the useful offensive tools […]

Exploits & Payloads

PayloadsAllTheThings – A list of useful payloads and bypass for Web Application Security and Pentest/CTF Methodology and Resources Active Directory Cloud – AWS Cloud – Azure Cobalt Strike – Linux – Linux – Privilege Metasploit – Methodology and Network Pivoting Network Reverse Shell Subdomains […]


Securing DevOps – A book on Security techniques for DevOps that reviews state of the art practices used in securing web applications and their infrastructure. ansible-os-hardening – Ansible role for OS hardening bunkerized-nginx – nginx Docker image secure by default Trivy – A simple and comprehensive vulnerability scanner for containers and other artifacts, suitable for […]