A list of resources of interest to me. Expect mainly offensive security, AI, and cloud related topics :)
2024
- 11/10 I-Soon leak analysis
TI - 10/10 Payload Guardrails - Trustedsec
red - 08/10 Marc Smeets (Outflank NL): Innovate, Navigate, Elevate: A Journey into OffSec Entrepreneurship
red - 08/09 Strategies for achieving least privilege at scale – Part 2
Cloudaws - 08/08 Strategies for achieving least privilege at scale – Part 1
Cloudaws - 08/05 ART vs TIBER
Policy - 08/05 DORA - (Digital operational resilience act Overview)
Policy - 08/04 TLPT - Threat-Led Penetration Testing
Policy - 08/04 Threat-Led Penetration Testing according to DORA
Policy - 08/01 TIBER-EU - Threat intelligence-based ethical red-teaming framework - EU financial servicers
Policy - 08/01 Advanced Red Teaming(ART) Framework
Policy - 07/29 Unfashionably secure: why we use isolated VMs
#Architecture - 07/24 How to Built a Cybersecurity Digital Forensics and Incident Response Lab in Amazon Web Services
#Cloud - 07/24 Review: Amazon GuardDuty Malware Protection for S3
#Cloud - 06/24 Identity Providers for Red Teamers - Adam Chester
#red
2023
- 09/23 Living Off the Foreign Land - Part 1/3: Setup Linux VM for SOCKS routing
#red - 08/23 Attacking Bitlocker drive encryption
#Windows - 08/23 CVE-2022-41099 - Analysis of a BitLocker Drive Encryption Bypass
#Windows - 07/23 XPN - Laps 2.0 Internals
#Windows - 06/23 XPN - WAM BAM - Recovering Web Tokens From Office
#red - 06/23 Stealing Access Tokens From Office Desktop Applications
#red - 05/23 Analyzing Volatile Memory on a Google Kubernetes Engine Node
#Cloud - 03/23 Knotweed - Subzero - Austria
#TA - 01/23 Expel Incident report: Stolen AWS access keys
#Cloud
2022
- 11/22 Threat-Driven Development w. Stratus RT
#cloud - 10/22 DEF CON 30 - Tomer Bar - OopsSec -The bad, the worst and the ugly of APT’s operations security
#opsec#apt - 10/22 Cisco Nightmare. Pentesting Cisco networks like a devil.
#pentest - 09/22 @LiveOverflow Video: Discover Vulnerabilities in Intel CPUs
#Hardware - 09/22 Blackhat ‘22 Slides: Browser-Powered Desync Attacks by J. Kettle
#AppSec - 09/22 10 real-world stories of how we’ve compromised CI/CD pipelines
#S-SDLC - 09/22 A Lightweight Approach to Implement S-SDLC
#S-SDLC - 09/22 Building a Basic C2
#C2 - 08/22 Kubernetes Networking explained
#Cloud - 07/22 The art of Mac Malware - ebook
#MalDev - 07/22 Maelstrom an introduction - Command & Control (C2) Frameworks
#C2 - 07/22 Analyzing a Brute Ratel Badger
#MalDev - 07/22 Exploring SCCM by Unobfuscating Network Access Accounts
#exploit - 07/22 Introducing Stratus Red Team, an Adversary Emulation Tool for the Cloud
- 07/22 Ippsec on youtube about Reversing Malware Also How is APT 29 Successful with This Phishing Technique
#MalDev - 07/22 MitM at the Edge: Abusing Cloudflare Workers
#Cloud - 07/22 The Open Cloud Vulnerability & Security Issue Database - a Database of little happy accidents of public cloud providers
#Cloud - 06/22 Exploration of the Dirty Pipe Vulnerability (CVE-2022-0847)
#exploit - 06/22 a41con - Develop your own RAT, @dobinrutis
#MalDev - 06/22 Guide to Digital Forensics Incident Response in the Cloud
#Cloud