Search Engines

Top 10 Search Engines for Pentesters and Bug Bounty Hunters shodan.io – SHODAN (Sentient Hyper Optimize Data Access Network) is a search engine that indexes all internet assets. It collects information about all systems and devices connected to the Internet, from a baby monitor to traffic signal lights, and scans for vulnerabilities. google.com – Google […]

Fraud prevention

FingerprintJS – Identifies browser and hybrid mobile application users even when they purge data storage. Allows you to detect account takeovers, account sharing and repeated malicious activity. FingerprintJS Android – Identifies Android application users even when they purge data storage. Allows you to detect account takeovers, account sharing and repeated malicious activity.

Datastores

databunker – Databunker is an address book on steroids for storing personal data. GDPR and encryption are out of the box. acra – Database security suite: proxy for data protection with transparent “on the fly” data encryption, data masking and tokenization, SQL firewall (SQL injections prevention), intrusion detection system. blackbox – Safely store secrets in […]

Books

Holistic Info-Sec for Web Developers – Broad and deep coverage of what Web Developers and DevOps Engineers need to know in order to create robust, reliable, maintainable and secure software, networks and other, that are delivered continuously, on time, with no nasty surprises Docker Security – Quick Reference: For DevOps Engineers – A book on […]

Online resources

Security related Operating Systems @ Rawsec – Complete list of security related operating systems Best Linux Penetration Testing Distributions @ CyberPunk – Description of main penetration testing distributions Security @ Distrowatch – Website dedicated to talking about, reviewing and keeping up to date with open source operating systems Hardening Windows 10 – Guide for hardening […]

Privacy & Security

Qubes OS – Qubes OS is a free and open-source security-oriented operating system meant for single-user desktop computing. Whonix – Operating System designed for anonymity. Tails OS – Tails is a portable operating system that protects against surveillance and censorship.

Big Data

hadoop-pcap – Hadoop library to read packet capture (PCAP) files. Workbench – A scalable python framework for security research and development teams. OpenSOC – OpenSOC integrates a variety of open source big data technologies in order to offer a centralized tool for security monitoring and analysis. Apache Spot (incubating) – Apache Spot is open source […]

Usability

Usable Security Course – Usable Security course at Coursera. Quite good for those looking for how security and usability intersects. Usable Cybersecurity – Both usability and cybersecurity are context-specific and influenced by a number of factors

Offensive & Infrastructure Deployment

Redcloud – A automated Red Team Infrastructure deployment using Docker. Axiom – Axiom is a dynamic infrastructure framework to efficiently work with multi-cloud environments, build and deploy repeatable infrastructure focussed on offensive and defensive security. Red Team Toolkit – Red Team Toolkit is an Open-Source Django Offensive Web-App which is keeping the useful offensive tools […]

Exploits & Payloads

PayloadsAllTheThings – A list of useful payloads and bypass for Web Application Security and Pentest/CTF Methodology and Resources Active Directory Attack.md Cloud – AWS Pentest.md Cloud – Azure Pentest.md Cobalt Strike – Cheatsheet.md Linux – Persistence.md Linux – Privilege Escalation.md Metasploit – Cheatsheet.md Methodology and enumeration.md Network Pivoting Techniques.md Network Discovery.md Reverse Shell Cheatsheet.md Subdomains […]