Additional Resources
Table of contents
Please support this book: buy it (PDF, EPUB, MOBI)

Additional Resources


Details on the Metasploit PSExec module

15 Ways to bypass PowerShell Execution Policy

Out-CHM blog post from nishang author “Nikhil SamratAshok Mittal”

Useful details around the Windows scheduled tasks used in Persistence.ps1

Local Linux Enumeration & Privilege Escalation Cheatsheet

Linux_Exploit_Suggester uses the Operating System release version, or fine tune by manually providing the Kernel version

Windows-Exploit-Suggester compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public exploits and Metasploit modules available for the missing bulletins.

Network Information Service wiki

Linux NIS(YP)/NIS+ HowTo


Distributed Computing Environment / Remote Procedure Call

In most cases you will want to shadow your passwords

SHA scheme for crypt


Some details around /etc/passwd and /etc/shadow

For a plethora of information on hardening and using SSH in creative ways

SSH Connection and Encryption Process

SSH, The Secure Shell: The Definitive Guide, 2nd Edition

SSH Specification

Notes on Cryptography Ciphers

An Overview of Cryptography

Mounting partitions the right way

mount man page

Securing the mail service

Disabling daemon services

Run levels

apt-get --purge remove exim4 exim4-base exim4-config exim4-daemon-light

Running the minimum number of services required

System audit

Securing the services that are left

Which services do we really need

Centralized logging makes everything better

Logging and Alerting, where and what are the log files?

Nagios Log Monitoring with Swatch .228044821.985883814.1472695863

Simple Log Watcher examples

Simple Log Watcher man page

Logwatch install, set-up, and using

The Debian Manuals have details on how to use and customise logcheck

Fail2ban source code

Multitail example

Gentoo rsyslog wiki

Make sure you have reviewed who can write and read your logs and make any modifications necessary to the permissions.

killing processes

Unix signals

Terse guide of systemd commands and some other quick start sort of info

Tripwire tutorial

TLDP Security HowTo

TLDP Security Quickstart

Securing Debian Howto

Debian Security

has an excellent resource for hardening docker images which the Docker Security team helped with. This should be consulted in parallel to reading the Docker Countermeasures section

I also conducted an interview called “Docker Security
for Software Engineering Radio in which Docker Security Team Lead Diogo Monica appeared as guest and provided some excellent advice, opinions, and food for thought, be sure to listen to it

Network Namespace source code

IP-NETNS man page

Introducing Linux Network Namespaces

Network namespaces

docker network

Namespaces in operation

dockerscan may be worth keeping an eye on for offensive testing

Docker SELinux Man Page

Understanding and Hardening Linux Containers

Increasing Attacker Cost using Immutable Infrastructure

Diogo Monica on Mutual TLS

Diogo Monica on Orchestrating Least Privilege

Comparison of secrets across orchestrators

Description of how PKI automatically gets setup in swarm

Image signing, and why it is important

Docker security scanning (content integrity)


Top 10 Network Security Mistakes - #5: Lack of Segmentation

Database security

Dropbox Interview of James Cowling


NS1 Using dig +trace

Difference between Authoritative and Recursive DNS Nameservers by Chris Frost

Comparison of DNS Server Types by Justin Ellingwood

DNS Steps in Detail

How long can my SPF record be

Tunneling Data and Commands Over DNS to Bypass Firewalls by Lenny Zeltser

Insufficient Logging - Internal Network System Logging
These resources in order were helpful for establishing a strategy for the unreliable and unconfidental transport UDP

The ELK stack is also well worth considering

BSidesLV IDS talk

Top Free Network-Based Intrusion Detection Systems (IDS) for the Enterprise


Defense and mitigate ARP Spoofing


Open Sender Policy Framework

Wikipedia Sender Policy Framework (SPF)

Wikipedia DomainKeys Identified Mail (DKIM)



Dnscat documentation



Secrets out of Docker images

Darkreading: 10 Password Managers For Business Use

Using Vault with MySQL

Infrastructure Secret Management Overview
Forked from maxvt.

Web Applications

OWASP canonical XSS resource

Hashcat rules based attack

Details that helped setup NodeJS logging:

Application logging to syslog server on another machine:

Or the new style configuration

Syslog compatible protocol severities

cr0hn nosqlinjection_wordlists

Avoiding Command Injection in Node.js

Server-Side JavaScript Injection

statsd source code

One of the ways we can generate statistics for our statsd daemon is by using one of the many language specific statsd clients

First statsd spec for metric types
Current, or at least more recent statsd spec for metric types

Configuring Graphite for StatsD

StatsD, what it is and how it can help you

Podcast on WebComponents

I would recommend NSubstitute instead if you were looking for a mocking framework for .NET.

Information on how jQuery plugins plugin

jQuery Validation documentation


XSRF/CSRF Prevention in ASP.NET MVC and Web Pages is good for understanding CSRF


Hacking XPath 2.0

Recording and testing user time expenditure

Blowfish cipher


Key Derivation Function (KDF)


Cryptographic hash function MD5, SHA1, SHA2, etc

Key stretching


Good Password Hashing Functions

bcrypt brute-forcing feasible on certain hardware

Cooling the Xeon Phi

Xeon Phi misconceptions

Password Cracking Strategy

Securing Sessions via cookie attributes

Justin Searls talk on consuming all the open source

Effecting Change

Application Intrusion Detection and Response

Appsensor home

Sample Appsensor applications

Slide deck from John Melton (AppSensor project lead)

Good podcast on OWASP 24/7 soundcloud

Gaslighting with Honeypits and Mirages
at OWASP NZ Day 2017 by Kate Pearce demonstrated a collection of very useful techniques for programmatically wasting your attackers time

W3C Web Crypto API Update Slides from Ryan Sleevi

What’s wrong with in-browser cryptography There is some great advice here, but I also don’t agree with some of it.

Advice from Cryptographer Matt Green to the W3C on the Web Cryptography APIs failure

Next: Attributions