Details on the Metasploit PSExec module
https://community.rapid7.com/community/metasploit/blog/2013/03/09/psexec-demystified
15 Ways to bypass PowerShell Execution Policy
https://blog.netspi.com/15-ways-to-bypass-the-powershell-execution-policy/
Out-CHM
blog post from nishang
author “Nikhil SamratAshok Mittal”
http://www.labofapenetrationtester.com/2014_11_01_archive.html
Useful details around the Windows scheduled tasks used in Persistence.ps1
https://msdn.microsoft.com/en-us/library/windows/desktop/bb736357(v=vs.85).aspx
Local Linux Enumeration & Privilege Escalation Cheatsheet
https://www.rebootuser.com/?p=1623
Linux_Exploit_Suggester uses the Operating System release version, or fine tune by manually providing the Kernel version
https://github.com/PenturaLabs/Linux_Exploit_Suggester
Windows-Exploit-Suggester compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public exploits and Metasploit modules available for the missing bulletins.
https://github.com/GDSSecurity/Windows-Exploit-Suggester
Network Information Service wiki
https://en.wikipedia.org/wiki/Network_Information_Service
Linux NIS(YP)/NIS+ HowTo
http://www.linux-nis.org/nis-howto/HOWTO/NIS-HOWTO.html
FreeBSD NIS
https://www.freebsd.org/doc/handbook/network-nis.html
Distributed Computing Environment / Remote Procedure Call
https://en.wikipedia.org/wiki/DCE/RPC.
In most cases you will want to shadow your passwords
http://www.tldp.org/HOWTO/Shadow-Password-HOWTO-2.html#ss2.2
SHA scheme for crypt
https://www.akkadia.org/drepper/SHA-crypt.txt
SHA-2
https://en.wikipedia.org/wiki/SHA-2
Some details around /etc/passwd
and /etc/shadow
For a plethora of information on hardening and using SSH in creative ways
https://blog.binarymist.net/?s=ssh
SSH Connection and Encryption Process
https://www.digitalocean.com/community/tutorials/understanding-the-ssh-encryption-and-connection-process
SSH, The Secure Shell: The Definitive Guide, 2nd Edition
SSH Specification
https://tools.ietf.org/html/rfc4253
Notes on Cryptography Ciphers
http://rakhesh.com/infrastructure/notes-on-cryptography-ciphers-rsa-dsa-aes-rc4-ecc-ecdsa-sha-and-so-on/
An Overview of Cryptography
http://www.garykessler.net/library/crypto.html
Mounting partitions the right way
http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html#s4.10
mount man page
http://man.he.net/man8/mount
Securing the mail service
http://www.debian.org/doc/manuals/securing-debian-howto/ch-sec-services.en.html#s5.6
Disabling daemon services
http://www.debian.org/doc/manuals/securing-debian-howto/ch3.en.html#s-disableserv
Run levels
https://www.debian.org/doc/debian-policy/ch-opersys.html#s-sysvinit
apt-get --purge remove exim4 exim4-base exim4-config exim4-daemon-light
http://stackoverflow.com/questions/12061358/how-to-cleanly-remove-exim4-mail-server-on-ubuntu
Running the minimum number of services required
http://www.debian.org/doc/manuals/securing-debian-howto/ch3.en.html#s3.6
System audit
http://www.tldp.org/HOWTO/Security-Quickstart-HOWTO/services.html#AUDIT
Securing the services that are left
https://www.debian.org/doc/manuals/securing-debian-howto/ch-sec-services.en.html
Which services do we really need
http://www.tldp.org/HOWTO/Security-Quickstart-HOWTO/services.html
Centralized logging makes everything better
https://medium.com/starting-up-security/learning-from-a-year-of-security-breaches-ed036ea
05d9b#41e1
Logging and Alerting, where and what are the log files?
http://www.thegeekstuff.com/2011/08/linux-var-log-files/
Nagios Log Monitoring with Swatch
https://assets.nagios.com/downloads/nagiosxi/docs/Log_Monitoring_With_Swatch.pdf#_ga=1
.228044821.985883814.1472695863
Simple Log Watcher examples
http://www.linux-mag.com/id/7807/
Simple Log Watcher man page
http://linux.die.net/man/1/swatch
Logwatch install, set-up, and using
https://www.digitalocean.com/community/tutorials/how-to-install-and-use-logwatch-log-analyzer-and-reporter-on-a-vps
The Debian Manuals have details on how to use and customise logcheck
https://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html#s-custom-logcheck
Fail2ban source code
https://github.com/fail2ban/fail2ban/
Multitail example
https://www.howtoforge.com/monitoring-multiple-log-files-at-a-time-with-multitail-on-debian-lenny
Gentoo rsyslog wiki
https://wiki.gentoo.org/wiki/Rsyslog
Make sure you have reviewed who can write and read your logs and make any modifications necessary to the permissions.
http://www.tldp.org/HOWTO/Security-HOWTO/secure-prep.html#logs
kill
ing processes
http://www.cyberciti.biz/faq/
kill-process-in-linux-or-terminate-a-process-in-unix-or-linux-systems/
Unix signals
https://en.wikipedia.org/wiki/Unix_signal
Terse guide of systemd commands and some other quick start sort of info
https://wiki.archlinux.org/index.php/systemd
Tripwire tutorial
https://www.digitalocean.com/community/tutorials/how-to-use-tripwire-to-detect-server-intrusions-on-an-ubuntu-vps
TLDP Security HowTo
http://www.tldp.org/HOWTO/Security-HOWTO/
TLDP Security Quickstart
http://www.tldp.org/HOWTO/Security-Quickstart-HOWTO/
Securing Debian Howto
http://www.debian.org/doc/manuals/securing-debian-howto/index.en.html
Debian Security
http://www.debianhelp.co.uk/security.htm
Cisecurity
has an excellent resource for hardening docker images which the Docker Security team helped with. This should be consulted in parallel to reading the Docker Countermeasures section
I also conducted an interview called “Docker Security“
for Software Engineering Radio in which Docker Security Team Lead Diogo Monica appeared as guest and provided some excellent advice, opinions, and food for thought, be sure to listen to it
Network Namespace source code
https://github.com/torvalds/linux/blob/master/net/core/net_namespace.c
IP-NETNS man page
http://man7.org/linux/man-pages/man8/ip-netns.8.html
Introducing Linux Network Namespaces
http://blog.scottlowe.org/2013/09/04/introducing-linux-network-namespaces/
Network namespaces
https://blogs.igalia.com/dpino/2016/04/10/network-namespaces/
docker network
https://docs.docker.com/engine/reference/commandline/network/
Namespaces in operation
https://lwn.net/Articles/580893/
dockerscan may be worth keeping an eye on for offensive testing
https://github.com/cr0hn/dockerscan
Docker SELinux Man Page
https://www.mankier.com/8/docker_selinux
Understanding and Hardening Linux Containers
https://www.nccgroup.trust/globalassets/our-research/us/whitepapers/2016/april/ncc_group
_understanding_hardening_linux_containers-10pdf/
Increasing Attacker Cost using Immutable Infrastructure
https://diogomonica.com/2016/11/19/increasing-attacker-cost-using-immutable-infrastructure/
Diogo Monica on Mutual TLS
https://www.youtube.com/watch?v=apma_C24W58
Diogo Monica on Orchestrating Least Privilege
Comparison of secrets across orchestrators
https://medium.com/on-docker/secrets-and-lie-abilities-the-state-of-modern-secret-managem
ent-2017-c82ec9136a3d#.f6yba66ti
Description of how PKI automatically gets setup in swarm
https://docs.docker.com/engine/swarm/how-swarm-mode-works/pki/
Image signing, and why it is important
https://blog.docker.com/2015/08/content-trust-docker-1-8/
Docker security scanning (content integrity)
https://blog.docker.com/2016/05/docker-security-scanning/
Top 10 Network Security Mistakes - #5: Lack of Segmentation
https://www.optiv.com/blog/top-10-network-security-mistakes-5-lack-of-segmentation
Database security
https://www.owasp.org/index.php/Configuration#Database_security
Dropbox Interview of James Cowling
http://www.se-radio.net/2017/03/se-radio-episode-285-james-cowling-on-dropboxs-distributed-storage-system/
DropSmack
https://media.blackhat.com/eu-13/briefings/Williams/bh-eu-13-dropsmack-jwilliams-slides.pdf
NS1 Using dig +trace
https://ns1.com/articles/using-dig-trace
Difference between Authoritative and Recursive DNS Nameservers by Chris Frost
https://umbrella.cisco.com/blog/blog/2014/07/16/difference-authoritative-recursive-dns-nameservers/
Comparison of DNS Server Types by Justin Ellingwood
https://www.digitalocean.com/community/tutorials/a-comparison-of-dns-server-types-how-to-choose-the-right-dns-configuration
DNS Steps in Detail
http://blog.catchpoint.com/2014/07/01/dns-lookup-domain-name-ip-address/
How long can my SPF record be
https://agari.zendesk.com/hc/en-us/articles/202952749-How-long-can-my-SPF-record-be-
Tunneling Data and Commands Over DNS to Bypass Firewalls by Lenny Zeltser
https://zeltser.com/c2-dns-tunneling/
Insufficient Logging - Internal Network System Logging
These resources in order were helpful for establishing a strategy for the unreliable and unconfidental transport UDP
https://forums.freenas.org/index.php?threads/freenas-as-syslog-server.13145/
https://forums.freenas.org/index.php?threads/syslog-through-tcp-protocol.7112/
https://doc.pfsense.org/index.php/Copying_Logs_to_a_Remote_Host_with_Syslog
The ELK stack is also well worth considering
https://logz.io/blog/install-elk-stack-amazon-aws/
BSidesLV IDS talk
https://www.youtube.com/watch?v=iHRwAg8LQtI&feature=youtu.be
Top Free Network-Based Intrusion Detection Systems (IDS) for the Enterprise
https://www.upguard.com/articles/top-free-network-based-intrusion-detection-systems-ids-for-the-enterprise
Suricata-vs-snort
https://www.aldeid.com/wiki/Suricata-vs-snort
Defense and mitigate ARP Spoofing
http://www.jaringankita.com/blog/defense-arp-spoofing
FakeDNS
https://github.com/Crypt0s/FakeDns
Open Sender Policy Framework
http://www.openspf.org/
Wikipedia Sender Policy Framework (SPF)
https://en.wikipedia.org/wiki/Sender_Policy_Framework
Wikipedia DomainKeys Identified Mail (DKIM)
https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail
tcp-over-websockets
https://github.com/derhuerst/tcp-over-websockets
chisel
https://github.com/jpillora/chisel
Dnscat documentation
https://wiki.skullsecurity.org/Dnscat
FakeDns
https://github.com/Crypt0s/FakeDns
Secrets out of Docker images
https://www.ctl.io/developers/blog/post/tutorial-protecting-sensitive-info-docker
Darkreading: 10 Password Managers For Business Use
https://www.darkreading.com/endpoint/10-password-managers-for-business-use/d/d-id/
1322326
Using Vault with MySQL
https://dzone.com/articles/using-vault-with-mysql
Infrastructure Secret Management Overview
https://gist.github.com/binarymist/66206419df712bd738c3d664542157d8
Forked from maxvt.
OWASP canonical XSS resource
https://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29
Hashcat rules based attack
http://hashcat.net/wiki/doku.php?id=rule_based_attack
Details that helped setup NodeJS logging:
https://gist.github.com/rtgibbons/7354879
https://thejsf.wordpress.com/2015/01/18/node-js-logging-with-winston/
Application logging to syslog server on another machine:
http://unix.stackexchange.com/questions/67250/where-does-rsyslog-keep-facility-local0
Or the new style configuration
http://www.rsyslog.com/doc/v8-stable/configuration/modules/imudp.html
Syslog compatible protocol severities
https://wiki.gentoo.org/wiki/Rsyslog#Severity
cr0hn nosqlinjection_wordlists
https://github.com/cr0hn/nosqlinjection_wordlists
Avoiding Command Injection in Node.js
https://blog.liftsecurity.io/2014/08/19/Avoid-Command-Injection-Node.js/
Server-Side JavaScript Injection
https://media.blackhat.com/bh-us-11/Sullivan/BH_US_11_Sullivan_Server_Side_WP.pdf
statsd source code
https://github.com/etsy/statsd/
One of the ways we can generate statistics for our statsd daemon is by using one of the many language specific statsd clients
https://github.com/etsy/statsd/wiki#client-implementations
First statsd spec for metric types
https://github.com/b/statsd_spec/blob/master/README.md
Current, or at least more recent statsd spec for metric types
https://github.com/etsy/statsd/blob/master/docs/metric_types.md
Configuring Graphite for StatsD
https://github.com/etsy/statsd/blob/master/docs/graphite.md
StatsD, what it is and how it can help you
https://www.datadoghq.com/blog/statsd/
Podcast on WebComponents
http://webcomponents.org/
I would recommend NSubstitute instead if you were looking for a mocking framework for .NET.
http://blog.binarymist.net/2013/12/14/evaluation-of-net-mocking-libraries/
Information on how jQuery plugins plugin
https://learn.jquery.com/plugins/
jQuery Validation documentation
http://jqueryvalidation.org/documentation/
http://jqueryvalidation.org/validate
http://jqueryvalidation.org/jQuery.validator.addMethod
http://jqueryvalidation.org/rules
express-form
https://github.com/freewil/express-form
XSRF/CSRF Prevention in ASP.NET MVC and Web Pages is good for understanding CSRF
https://docs.microsoft.com/en-us/aspnet/mvc/overview/security/xsrfcsrf-prevention-in-aspnet-mvc-and-web-pages
OWASP CSRF
https://www.owasp.org/index.php/Top_10_2017-A8-Cross-Site_Request_Forgery_(CSRF)
Hacking XPath 2.0
https://media.blackhat.com/bh-eu-12/Siddharth/bh-eu-12-Siddharth-Xpath-WP.pdf
Recording and testing user time expenditure
http://stackoverflow.com/questions/8472/practical-non-image-based-captcha-approaches
Blowfish cipher
https://en.wikipedia.org/wiki/Blowfish_%28cipher%29
PBKDF2
https://en.wikipedia.org/wiki/PBKDF2
Key Derivation Function
https://en.wikipedia.org/wiki/Key_derivation_function (KDF)
bcrypt
https://en.wikipedia.org/wiki/Bcrypt
Cryptographic hash function
https://en.wikipedia.org/wiki/Cryptographic_hash_function: MD5, SHA1, SHA2, etc
Key stretching
https://en.wikipedia.org/wiki/Key_stretching
scrypt
https://en.wikipedia.org/wiki/Scrypt
Good Password Hashing Functions
http://defencely.com/blog/do-you-rely-on-hashing-know-websec-cryptography-indepth/
bcrypt brute-forcing feasible on certain hardware
http://www.openwall.com/presentations/Passwords14-Energy-Efficient-Cracking/
http://www.openwall.com/presentations/Password
s13-Energy-Efficient-Cracking/Passwords13-Energy-Efficient-Cracking.pdf
https://www.usenix.org/system/files/conference/woot14/woot14-malvoni.pdf
Cooling the Xeon Phi
https://ssrb.github.io/hpc/2015/04/17/cooling-down-the-xeon-phi-sku31S1P/
Xeon Phi misconceptions
https://www.pugetsystems.com/labs/hpc/Top-5-Xeon-Phi-Misconceptions-508/
Password Cracking Strategy
http://null-byte.wonderhowto.com/how-to/hack-like-pro-crack-passwords-part-2-cracking
-strategy-0156491/
Securing Sessions via cookie attributes
https://www.owasp.org/index.php/HttpOnly
Justin Searls talk on consuming all the open source
http://blog.testdouble.com/posts/2014-12-02-the-social-coding-contract.html
Effecting Change
http://blog.binarymist.net/2013/06/22/ideas-for-more-effective-meetings-and-presentations/
Application Intrusion Detection and Response
Appsensor home
http://appsensor.org/
Sample Appsensor applications
https://github.com/jtmelton/appsensor/tree/master/sample-apps
Slide deck from John Melton (AppSensor project lead)
http://www.slideshare.net/jtmelton/appsensor-near-real-time-event-detection-and-response
Good podcast on OWASP 24/7 soundcloud
https://soundcloud.com/owasp-podcast/john-melton-and-the-owasp-appsensor-project
Gaslighting with Honeypits and Mirages
at OWASP NZ Day 2017 by Kate Pearce demonstrated a collection of very useful techniques for programmatically wasting your attackers time
https://www.owasp.org/index.php/OWASP_New_Zealand_Day_2017#tab=Presentation_Schedule
W3C Web Crypto API Update Slides from Ryan Sleevi
https://www.ietf.org/proceedings/86/slides/slides-86-saag-5.pdf
What’s wrong with in-browser cryptography There is some great advice here, but I also don’t agree with some of it.
https://tonyarcieri.com/whats-wrong-with-webcrypto
Advice from Cryptographer Matt Green to the W3C on the Web Cryptography APIs failure
http://blog.cryptographyengineering.com/2012/12/the-anatomy-of-bad-idea.html