The reading queue

A list of Infosec resources of interest to me. Expect mainly offensive security and cloud related topics:

• 11/10 I-Soon leak analysis TI

• 10/10 Payload Guardrails - Trustedsec red

• 08/10 Marc Smeets (Outflank NL): Innovate, Navigate, Elevate: A Journey into OffSec Entrepreneurship red

• 08/09 Strategies for achieving least privilege at scale – Part 2 Cloud aws

• 08/08 Strategies for achieving least privilege at scale – Part 1 Cloud aws

• 08/05 ART vs TIBER Policy

• 08/05 DORA - (Digital operational resilience act Overview) Policy

• 08/04 TLPT - Threat-Led Penetration Testing Policy

• 08/04 Threat-Led Penetration Testing according to DORA Policy

• 08/01 TIBER-EU - Threat intelligence-based ethical red-teaming framework - EU financial servicers Policy

• 08/01 Advanced Red Teaming(ART) Framework Policy

• 07/29 Unfashionably secure: why we use isolated VMs #Architecture

• 07/24 How to Built a Cybersecurity Digital Forensics and Incident Response Lab in Amazon Web Services #Cloud

• 07/24 Review: Amazon GuardDuty Malware Protection for S3 #Cloud

• 06/24 Identity Providers for Red Teamers - Adam Chester #red

• 09/23 Living Off the Foreign Land - Part 1/3: Setup Linux VM for SOCKS routing #red

• 08/23 Attacking Bitlocker drive encryption #Windows

• 08/23 CVE-2022-41099 - Analysis of a BitLocker Drive Encryption Bypass #Windows

• 07/23 XPN - Laps 2.0 Internals #Windows

• 06/23 XPN - WAM BAM - Recovering Web Tokens From Office #red

• 06/23 Stealing Access Tokens From Office Desktop Applications #red

• 05/23 Analyzing Volatile Memory on a Google Kubernetes Engine Node #Cloud

• 03/23 Knotweed - Subzero - Austria #TA

• 01/23 Expel Incident report: Stolen AWS access keys #Cloud

• 11/22 Threat-Driven Development w. Stratus RT #cloud

• 10/22 DEF CON 30 - Tomer Bar - OopsSec -The bad, the worst and the ugly of APT’s operations security #opsec #apt

• 10/22 Cisco Nightmare. Pentesting Cisco networks like a devil. #pentest

• 09/22 @LiveOverflow Video: Discover Vulnerabilities in Intel CPUs #Hardware

• 09/22 Blackhat ‘22 Slides: Browser-Powered Desync Attacks by J. Kettle #AppSec

• 09/22 10 real-world stories of how we’ve compromised CI/CD pipelines #S-SDLC

• 09/22 A Lightweight Approach to Implement S-SDLC #S-SDLC

• 09/22 Building a Basic C2 #C2

• 08/22 Kubernetes Networking explained #Cloud

• 07/22 The art of Mac Malware - ebook #MalDev

• 07/22 Maelstrom an introduction - Command & Control (C2) Frameworks #C2

• 07/22 Analyzing a Brute Ratel Badger #MalDev

• 07/22 Exploring SCCM by Unobfuscating Network Access Accounts #exploit

• 07/22 Introducing Stratus Red Team, an Adversary Emulation Tool for the Cloud

• 07/22 Ippsec on youtube about Reversing Malware Also How is APT 29 Successful with This Phishing Technique #MalDev

• 07/22 MitM at the Edge: Abusing Cloudflare Workers #Cloud

• 07/22 The Open Cloud Vulnerability & Security Issue Database - a Database of little happy accidents of public cloud providers #Cloud

• 06/22 Exploration of the Dirty Pipe Vulnerability (CVE-2022-0847) #exploit

• 06/22 a41con - Develop your own RAT, @dobinrutis #MalDev

• 06/22 Guide to Digital Forensics Incident Response in the Cloud #Cloud

—- snip —-