Advise what to read. Part 1

Sharing useful information with the community is always a pleasure. We asked our employees to advise the resources that they themselves visit to keep abreast of developments in the information security world. The selection turned out to be large, had to be divided into two parts. Part one.

Twitter

• NCC Group Infosec – The technical blog of a large IB company that regularly releases its research, tools / plugins for Burp.
• Gynvael coldwind – Security researcher, founder of the top ctf team Dragon Sector.
• Null byte – Tweets about hacking and hardware.
• Hacksmith – SDR developer and researcher in the field of RF and IoT security, tweets / retweets including about hacking iron.
• DirectoryRanger – About the security of Active Directory and Windows.
• Binni shah – He writes mainly about hardware, retweets posts on a variety of IS topics.

Telegram

• [MIS]ter & [MIS]sis team – IB through the eyes of RedTeam. A lot of quality material on attacks on Active Directory.
• Quotation mark – A typical channel about web bugs for lovers of web bugs. Most often, the emphasis is on parsing ways to exploit common vulnerabilities and tips on the effective use of software, less well-known but useful features.
• Cyberp * ec – A channel about technology and information security.
• Information leaks – digest of data leaks.
• Admin with Letter – channel about system administration. Not really IB, but useful.
• linkmeup – The linkmeup podcast channel, on which enthusiasts have been discussing networks, technologies and information security since 2011. We also advise you to look at website.
• Life hack [Жизнь-Взлом]/ Hacking – posts about hacking and protection in an understandable language (for beginners, that’s it).
• r0 Crew (Channel) – a digest of useful materials mainly on RE, exploit dev and malware analysis.

Github repository

• kabachook / k8s-security – kubernetes security notes.
• Alexis Ahmed / hacker101 – A set of video tutorials on web security, analysis of vulnerabilities, practical tasks.
• Hack-with-github / awesome-hacking – A collection of repositories on topics for hackers, pentesters and security researchers. We need to go deeper.
• EdOverflow / bugbounty-cheatsheet
• infosecn1nja / AD-Attack-Defense

Blogs

• Project zero – Usually they don’t need an introduction, but if you haven’t heard of them: this is a team of cool specialists who are searching for vulnerabilities of the “remote jailbreak for top iOS without user interaction” level, and not for the sake of money, but for the sake of universal security.
• PortSwigger Blog – The blog of the developers of the Burp Suite combine, which has become the de facto standard for web security. Dedicated, of course, to web application security.
• Firmware Security
• Active Directory Security
• Black hills information security – wrote a lot of useful utilities / scripts when auditing, in addition to the blog, they actively share knowledge in their podcasts.
• Sjoerd Langkemper. Web application security
• Pentester land – Every week a digest with videos and articles on the pentest is published here.

Youtube

Bloggers

• GynvaelEN – Video-raises, including from the notorious Gynvael Coldwind of the Google security team and the founder of the top ctf-team Dragon Sector, where he talks a lot of interesting things about reverse engineering, programming, solving CTF tasks and code auditing.
• Liveoverflow – A channel with very high-quality content – in plain language about cool operating methods. There are also parsing interesting reports on BugBounty.
• STÖK – a channel with an emphasis on BugBounty, valuable tips and interviews with the top baghunters of the HackerOne site.
• Ipsec – passing cars on the Hack the box.
• CQURE Academy – A company specializing in auditing Windows infrastructure. Many useful videos on various aspects of Windows systems.

Conferences

• Zeroeroights
• Black hat
• DEFCON
• Security fest
• RUXCON
• Offensivecon
• RECON
• Syscan
• TROOPERScon
• Shakacon LLC
• Infiltrate
• DEFCONConference
• CCC
• Hack in the box security conference
• Microsoft bluehat
• H2HC
• EkoParty security conference
• Bugcrowd
• Owaspglobal

Academic Conferences

• NDSS Symposium
• IEEE Symposium on Security and Privacy
• FOSDEM
• USENIX
• USENIX Enigma Conference
• International Symposium on Research in Attacks, Intrusions and Defenses (RAID)

Industrial Conferences

• The Linux Foundation
• LLVM

Systematization of Knowledge (SoK)

This type of academic work can be very useful at the very start of an immersion in a new topic for you or when organizing information. Finding such jobs is easy, here are a few examples:

• SoK: (State of) The Art of War: Offensive Techniques in Binary Analysis
• SoK: Eternal War in Memory
• SoK: Make JIT-Spray Great Again
• SoK: Consensus in the Age of Blockchains
• SoK: Shining Light on Shadow Stacks
• SoK: Sanitizing for Security
• SoK: Automated Software Diversity
• SoK: A Systematic Review of Software-Based Web Phishing Detection
• SoK: Applying Machine Learning in Security – A Survey
• SoK: Single Sign-On Security

We hope you find something new for yourself. In the next part, we will tell you what to read if you are interested, for example, in the problem of the feasibility of formulas in theories and machine learning in the field of security, and also tell whose reports about iOS jailbreak will be useful.

We will be happy if you share your findings or the author’s blog in the comments.