InfoSecHowToGetStarted InfoSecDomains OperatingSystemSpecificHacks FundamentalWeaknesses DefenceTechniques SpecificHacks InfoSecPeople InfoSecCompanies InfoSecTools DeepWeb MobileDevices FindingVulnerabilities BreachedData HardwareHacking SecurityConferences VulnerabilitiesExploitsAndPayloads InfoSecEthics

  • 20190316T000000 Nova Scotia abandons its attempt to destroy a teenager who stumbled on a wide-open directory of sensitive information
  • 20210222T121300 Make notes in InfoSecHowToGetStarted
  • 20210222T135900 Tidy uncategorised InfoSec courses
  • 20210222T155000 Categorise CTFs entries into relevant InfoSecDomains
  • Define a set of basic projects to learn Malware analysis
  • Work through NonTechnicalInfoSec
  • Sign up for InfoSecNewsSources
  • Setup an InfoSecLab
  • Do InfoSecProjects
  • Get InfosecCertifications
  • Complete Hacker101Course
  • Begin BuildInfoSecBrand
  • Read HackingTheArtOfExploitation
  • Read A Bug Hunter’s Diary
  • Do course
  • Do course
  • Do course
  • Do course
  • Do course
  • Do course
  • OWASP Development Guide https://www.owasp.org/index.php/Category:OWASP_Guide_Project
  • OWASP Code Review Guide https://www.owasp.org/index.php/Category:OWASP_Code_Review_Project
  • N.B. This has been superseded by the WebSecurityAcademy Make notes on WebApplicationHackersHandbook ~/memex/computing/infosec/stuttard-web-application-hackers-handbook.pdf
  • https://www.hacksplaining.com/
  • Wide variety of infosec videos
  • Open Security Training https://opensecuritytraining.info/
  • Make notes on OWASP Testing Guide https://www.owasp.org/index.php/Category:OWASP_Testing_Project
  • Penetration Testing Practice Labs http://www.amanhardikar.com/mindmaps/Practice.html
  • https://www.nostarch.com/pentesting
  • Schneier on Security book by BruceSchneier
  • Read Burglar’s Guide to the City
  • Read JohnStrand’s book
  • Read Red Team Field Manual RTFM
  • Read Blue Team Field Manual BTFM
  • Read Operator Handbook book
  • https://github.com/sbilly/awesome-security
  • https://github.com/infoslack/awesome-web-hacking
  • https://github.com/enaqx/awesome-pentest
  • https://github.com/rshipp/awesome-malware-analysis
  • https://github.com/carpedm20/awesome-hacking
  • Conference talks
  • https://ghostbin.com/paste/6kho7
  • https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report.pdf
  • Make notes on Web Hacking 101 ~/memex/computing/infosec/web-hacking-101.pdf
  • Make notes on Mastering Modern Web Penetration Testing ~/memex/computing/infosec/mastering-modern-web-penetration-testing.pdf
  • Efficient bug hunting methodology kind of part 2 https://www.youtube.com/watch?v=C4ZHAdI8o1w&feature=youtu.be
  • Write ups in video form at https://www.youtube.com/user/yaworsk1
  • https://dl.packetstormsecurity.net/papers/attack/HTML5AttackVectors_RafayBaloch_UPDATED.pdf
  • Penetration Testing http://amzn.to/2dhHTSn
  • The Hacker Playbook 3 book
  • The Tangled Web: A Guide to Securing Web Applications http://amzn.to/2dNOeaq
  • The Mobile Application Hacker’s Handbook http://amzn.to/2cVOIrE
  • iOS Application Security http://amzn.to/2d9yo7m
  • Check posts on BugCrowd Forums https://forum.bugcrowd.com/categories
  • Penetration Testing Execution Standard http://www.pentest-standard.org/index.php/Main_Page
  • MIT info sec course https://www.youtube.com/watch?v=GqmQg-cszw4
  • Various IT Security courses https://www.cybrary.it/catalog/
  • http://www.hackersonlineclub.com/online-ethical-hacking-training/
  • https://info.varonis.com/web-security-fundamentals
  • Google Bughunter University https://sites.google.com/site/bughunteruniversity/
  • Basics tutorial series https://www.youtube.com/playlist?list=PLYEr6kVanyrPu1qZ5g6iOr0v4ImpOOCSH
  • Cyber Security course https://www.edx.org/course/cybersecurity-fundamentals-ritx-cyber501x
  • Read and practice MySQL section of Database Hackers Handbook
  • FSU Offensive Computer Security
  • Zero to Hero Pentesting
  • List of beginner resources https://twitter.com/thecybermentor/status/1207559600616161281?s=08
  • Tidy ~/memex/computing/infosec
  • edu.anarcho-copy.org
  • Principles of Information Security - Whitman, Mattord
  • Download hacking books from https://please.dont-hack.me/books/
  • Make notes on https://www.reddit.com/r/AskNetsec/comments/bwv7r5/where_should_i_start/
  • Make notes on https://www.reddit.com/r/hacking/comments/a3oicn/how_to_start_hacking_the_ultimate_two_path_guide/
  • Make notes on https://www.reddit.com/r/AskNetsec/comments/bx5oce/im_compiling_a_list_of_infoseccybersec_blogs/
  • https://www.youtube.com/channel/UCwTH3RkRCIE35RJ16Nh8V8Q
  • BlackHillsContent
  • CyberMentorVideos
  • ProfessorMesserVideos
  • JohnHammondVideos
  • Subscribe to and catch up with shows on Hak5 https://www.hak5.org/
  • Subscribe to and catch up with 2600 https://www.2600.com/
  • Read articles at http://www.hackinglinuxexposed.com/articles/
  • Check out https://www.exploit-db.com/google-hacking-database/
  • Security tips https://techsolidarity.org/resources/basic_security.htm
  • How To Ask Questions The Smart Way
  • Live overflow youtube
  • Grumpy hackers youtube
  • Categorise and prioritise ~/memex/computing/infosec/uncategorised-hacking-books
  • Archive of YouTube hacking videos
  • ~/memex/computing/infosec/learning-resources.ods
  • Extract info from https://github.com/Hack-with-Github/Awesome-Hacking
  • https://forum.bugcrowd.com/t/researcher-resources-tools/167
  • Bug Bounty write-ups and POCs https://forum.bugcrowd.com/t/researcher-resources-bounty-bug-write-ups/1137
  • BSides Weird XSS write up https://blog.yeswehack.com/2019/04/01/solution-for-a-weird-xss-case/
  • HackerOne 50M CTF Writeup http://0xc0ffee.io/blog/50M-CTF
  • Uber Bug Bounty Turning Self-XSS into Good-XSS https://whitton.io/articles/uber-turning-self-xss-into-good-xss/
  • An XSS on Facebook via PNG & Wonky Content Types https://whitton.io/articles/xss-on-facebook-via-png-content-types/
  • Bypassing Google Authentication on Periscope’s Administration Panel https://whitton.io/articles/bypassing-google-authentication-on-periscopes-admin-panel/
  • How I got access to millions of [redacted] accounts https://bitquark.co.uk/blog/2016/02/09/how_i_got_access_to_millions_of_redacted_accounts
  • Popping a shell on the Oculus developer portal https://bitquark.co.uk/blog/2014/08/31/popping_a_shell_on_the_oculus_developer_portal
  • Multiple vulnerabilities in D-Link and TRENDnet ‘ncc2’ service http://www.kernelpicnic.net/2015/02/26/D-Link-and-TRENDnet-ncc2-service.html
  • NetGear SOAPWNDR Authentication Bypass http://www.kernelpicnic.net/2015/02/11/NetGear-SOAPWNDR-Authentication-Bypass.html
  • Bypassing SOP and shouting hello before you cross the pond https://labs.detectify.com/2016/03/17/bypassing-sop-and-shouting-hello-before-you-cross-the-pond/
  • Slack bot token leakage exposing business critical information https://labs.detectify.com/2016/04/28/slack-bot-token-leakage-exposing-business-critical-information/
  • Using a Braun Shaver to Bypass XSS Audit & WAF https://blog.bugcrowd.com/guest-blog-using-a-braun-shaver-to-bypass-xss-audit-and-waf-by-frans-rosen-detectify
  • Paypal XML Upload XSS Vulnerability https://blog.it-securityguard.com/bugbounty-papyal-xml-upload-cross-site-scripting-vulnerability/
  • Poisoning the Well - Compromising GoDaddy Customer Support with Blind XSS https://thehackerblog.com/poisoning-the-well-compromising-godaddy-customer-support-with-blind-xss/index.html
  • Drag & Drop XSS in Google http://c0rni3sm.blogspot.com/2016/04/drag-drop-xss-in-google.html
  • Rare MSSQL SQL Injection bug http://c0rni3sm.blogspot.com/2016/02/a-quite-rare-mssql-injection.html
  • Paypal XXE on Ektron CMS https://seanmelia.files.wordpress.com/2015/12/paypal-xxe-doc.pdf
  • Facebook Messenger CSRF vulnerabilities http://blog.mazinahmed.net/2015/06/facebook-messenger-multiple-csrf.html
  • Show friends sharing precise locations as a third party application (Facebook) http://philippeharewood.com/show-friends-sharing-precise-locations-as-a-third-party-application/
  • How I could compromise 4% (locked) Instagram Accounts https://www.arneswinnen.net/2016/03/how-i-could-compromise-4-locked-instagram-accounts/
  • Two security flaws in Microsoft online web services (CSRF & XSS) http://yassineaboukir.com/blog/two-security-flaws-in-microsoft-online-web-services/
  • How I discovered a $1000 open redirect in Facebook http://yassineaboukir.com/blog/how-i-discovered-a-1000-open-redirect-in-facebook/
  • Advisory: TeamCity Account Creation https://beyondbinary.io/articles/teamcity-account-creation/
  • Advisory: Seagate NAS Remote Code Execution (RCE) Vulnerability https://beyondbinary.io/articles/seagate-nas-rce/
  • Sleeping stored Google XSS Awakens a $5000 Bounty https://blog.it-securityguard.com/bugbounty-sleeping-stored-google-xss-awakens-a-5000-bounty/
  • Finding XSS vulnerabilities in Flash Files https://olivierbeg.com/finding-xss-vulnerabilities-in-flash-files/
  • Taking over Heroku Accounts http://esevece.github.io/2016/06/01/taking-over-heroku-accounts.html
  • Bug Hunting Tutorials https://forum.bugcrowd.com/t/researcher-resources-tutorials/370
  • /r/Netsec on Reddit https://www.reddit.com/r/netsec
  • JackkTutorials on YouTube https://www.youtube.com/user/JackkTutorials/videos
  • DEFCON Conference videos on YouTube https://www.youtube.com/user/DEFCONConference/videos
  • Hak5 on YouTube https://www.youtube.com/user/Hak5Darren/playlists
  • Awesome-Infosec https://github.com/onlurking/awesome-infosec