Reading (general)

• The Web Authentication Arms Race

Threat Intelligence

• abuse.ch - ZeuS Tracker / SpyEye Tracker / Palevo Tracker / Feodo Tracker tracks Command&Control servers (hosts) around the world and provides you a domain- and an IP-blocklist.
• Cyware Threat Intelligence Feeds - Cyware’s Threat Intelligence feeds brings to you the valuable threat data from a wide range of open and trusted sources to deliver a consolidated stream of valuable and actionable threat intelligence. Our threat intel feeds are fully compatible with STIX 1.x and 2.0, giving you the latest information on malicious malware hashes, IPs and domains uncovered across the globe in real-time.
• Emerging Threats - Open Source - Emerging Threats began 10 years ago as an open source community for collecting Suricata and SNORT® rules, firewall rules, and other IDS rulesets. The open source community still plays an active role in Internet security, with more than 200,000 active users downloading the ruleset daily. The ETOpen Ruleset is open to any user or organization, as long as you follow some basic guidelines. Our ETOpen Ruleset is available for download any time.
• PhishTank - PhishTank is a collaborative clearing house for data and information about phishing on the Internet. Also, PhishTank provides an open API for developers and researchers to integrate anti-phishing data into their applications at no charge.
• SBL / XBL / PBL / DBL / DROP / ROKSO - The Spamhaus Project is an international nonprofit organization whose mission is to track the Internet's spam operations and sources, to provide dependable realtime anti-spam protection for Internet networks, to work with Law Enforcement Agencies to identify and pursue spam and malware gangs worldwide, and to lobby governments for effective anti-spam legislation.
• Internet Storm Center - The ISC was created in 2001 following the successful detection, analysis, and widespread warning of the Li0n worm. Today, the ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers.
• AutoShun - AutoShun is a Snort plugin that allows you to send your Snort IDS logs to a centralized server that will correlate attacks from your sensor logs with other snort sensors, honeypots, and mail filters from around the world.
• DNS-BH - The DNS-BH project creates and maintains a listing of domains that are known to be used to propagate malware and spyware. This project creates the Bind and Windows zone files required to serve fake replies to localhost for any requests to these, thus preventing many spyware installs and reporting.
• AlienVault Open Threat Exchange - AlienVault Open Threat Exchange (OTX), to help you secure your networks from data loss, service disruption and system compromise caused by malicious IP addresses.
• Tor Bulk Exit List - CollecTor, your friendly data-collecting service in the Tor network. CollecTor fetches data from various nodes and services in the public Tor network and makes it available to the world. If you're doing research on the Tor network, or if you're developing an application that uses Tor network data, this is your place to start. TOR Node List / DNS Blacklists / Tor Node List
• leakedin.com - The primary purpose of leakedin.com is to make visitors aware about the risks of loosing data. This blog just compiles samples of data lost or disclosed on sites like pastebin.com.
• FireEye OpenIOCs - FireEye Publicly Shared Indicators of Compromise (IOCs)
• OpenVAS NVT Feed - The public feed of Network Vulnerability Tests (NVTs). It contains more than 35,000 NVTs (as of April 2014), growing on a daily basis. This feed is configured as the default for OpenVAS.
• Project Honey Pot - Project Honey Pot is the first and only distributed system for identifying spammers and the spambots they use to scrape addresses from your website. Using the Project Honey Pot system you can install addresses that are custom-tagged to the time and IP address of a visitor to your site. If one of these addresses begins receiving email we not only can tell that the messages are spam, but also the exact moment when the address was harvested and the IP address that gathered it.
• virustotal - VirusTotal, a subsidiary of Google, is a free online service that analyzes files and URLs enabling the identification of viruses, worms, trojans and other kinds of malicious content detected by antivirus engines and website scanners. At the same time, it may be used as a means to detect false positives, i.e. innocuous resources detected as malicious by one or more scanners.
• IntelMQ - IntelMQ is a solution for CERTs for collecting and processing security feeds, pastebins, tweets using a message queue protocol. It's a community driven initiative called IHAP (Incident Handling Automation Project) which was conceptually designed by European CERTs during several InfoSec events. Its main goal is to give to incident responders an easy way to collect & process threat intelligence thus improving the incident handling processes of CERTs. ENSIA Homepage.
• CIFv2 - CIF is a cyber threat intelligence management system. CIF allows you to combine known malicious threat information from many sources and use that information for identification (incident response), detection (IDS) and mitigation (null route).
• MISP - Open Source Threat Intelligence Platform - MISP threat sharing platform is a free and open source software helping information sharing of threat intelligence including cyber security indicators. A threat intelligence platform for gathering, sharing, storing and correlating Indicators of Compromise of targeted attacks, threat intelligence, financial fraud information, vulnerability information or even counter-terrorism information. The MISP project includes software, common libraries (taxonomies, threat-actors and various malware), an extensive data model to share new information using objects and default feeds.
• PhishStats - Phishing Statistics with search for IP, domain and website title.
• Threat Jammer - REST API service that allows developers, security engineers, and other IT professionals to access curated threat intelligence data from a variety of sources.
• Cyberowl - A daily updated summary of the most frequent types of security incidents currently being reported from different sources.

Social Engineering

• Gophish - An Open-Source Phishing Framework.

Exploits & Payloads

• PayloadsAllTheThings - A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Red Team Infrastructure Deployment

• Redcloud - A automated Red Team Infrastructure deployement using Docker.
• Axiom - Axiom is a dynamic infrastructure framework to efficiently work with multi-cloud environments, build and deploy repeatable infrastructure focussed on offensive and defensive security.

Blue Team Infrastructure Deployment

• MutableSecurity - CLI program for automating the setup, configuration, and use of cybersecurity solutions.

Usability

• Usable Security Course - Usable Security course at coursera. Quite good for those looking for how security and usability intersects.

Big Data

• data_hacking - Examples of using IPython, Pandas, and Scikit Learn to get the most out of your security data.
• hadoop-pcap - Hadoop library to read packet capture (PCAP) files.
• Workbench - A scalable python framework for security research and development teams.
• OpenSOC - OpenSOC integrates a variety of open source big data technologies in order to offer a centralized tool for security monitoring and analysis.
• Apache Metron (incubating) - Metron integrates a variety of open source big data technologies in order to offer a centralized tool for security monitoring and analysis.
• Apache Spot (incubating) - Apache Spot is open source software for leveraging insights from flow and packet analysis.
• binarypig - Scalable Binary Data Extraction in Hadoop. Malware Processing and Analytics over Pig, Exploration through Django, Twitter Bootstrap, and Elasticsearch.
• Matano - Open source serverless security lake platform on AWS that lets you ingest, store, and analyze petabytes of security data into an Apache Iceberg data lake and run realtime Python detections as code.
• VAST - Open source security data pipeline engine for structured event data, supporting high-volume telemetry ingestion, compaction, and retrieval; purpose-built for security content execution, guided threat hunting, and large-scale investigation.

DevOps

• Securing DevOps - A book on Security techniques for DevOps that reviews state of the art practices used in securing web applications and their infrastructure.
• ansible-os-hardening - Ansible role for OS hardening
• Trivy - A simple and comprehensive vulnerability scanner for containers and other artifacts, suitable for CI.
• Preflight - helps you verify scripts and executables to mitigate supply chain attacks in your CI and other systems.
• Teller - a secrets management tool for devops and developers - manage secrets across multiple vaults and keystores from a single place.
• cve-ape - A non-intrusive CVE scanner for embedding in test and CI environments that can scan package lists and individual packages for existing CVEs via locally stored CVE database. Can also be used as an offline CVE scanner for e.g. OT/ICS.
• Selefra - An open-source policy-as-code software that provides analytics for multi-cloud and SaaS.

Terminal

• shellfirm - It is a handy utility to help avoid running dangerous commands with an extra approval step. You will immediately get a small prompt challenge that will double verify your action when risky patterns are detected.
• shellclear - It helps you to Secure your shell history commands by finding sensitive commands in your all history commands and allowing you to clean them.

Operating Systems

Privacy & Security

• Qubes OS - Qubes OS is a free and open-source security-oriented operating system meant for single-user desktop computing.
• Whonix - Operating System designed for anonymity.
• Tails OS - Tails is a portable operating system that protects against surveillance and censorship.

Online resources

• Security related Operating Systems @ Rawsec - Complete list of security related operating systems
• Best Linux Penetration Testing Distributions @ CyberPunk - Description of main penetration testing distributions
• Security @ Distrowatch - Website dedicated to talking about, reviewing and keeping up to date with open source operating systems
• Hardening Windows 10 - Guide for hardening Windows 10

Datastores

• databunker - Databunker is an address book on steroids for storing personal data. GDPR and encryption are out of the box.
• acra - Database security suite: proxy for data protection with transparent "on the fly" data encryption, data masking and tokenization, SQL firewall (SQL injections prevention), intrusion detection system.
• blackbox - Safely store secrets in a VCS repo using GPG
• confidant - Stores secrets in AWS DynamoDB, encrypted at rest and integrates with IAM
• dotgpg - A tool for backing up and versioning your production secrets or shared passwords securely and easily.
• redoctober - Server for two-man rule style file encryption and decryption.
• aws-vault - Store AWS credentials in the OSX Keychain or an encrypted file
• credstash - Store secrets using AWS KMS and DynamoDB
• chamber - Store secrets using AWS KMS and SSM Parameter Store
• Safe - A Vault CLI that makes reading from and writing to the Vault easier to do.
• Sops - An editor of encrypted files that supports YAML, JSON and BINARY formats and encrypts with AWS KMS and PGP.
• passbolt - The password manager your team was waiting for. Free, open source, extensible, based on OpenPGP.
• passpie - Multiplatform command-line password manager
• Vault - An encrypted datastore secure enough to hold environment and application secrets.
• LunaSec - Database for PII with automatic encryption/tokenization, sandboxed components for handling data, and centralized authorization controls.

Fraud prevention

• FingerprintJS - Identifies browser and hybrid mobile application users even when they purge data storage. Allows you to detect account takeovers, account sharing and repeated malicious activity.
• FingerprintJS Android - Identifies Android application users even when they purge data storage. Allows you to detect account takeovers, account sharing and repeated malicious activity.

EBooks

• Holistic Info-Sec for Web Developers - Free and downloadable book series with very broad and deep coverage of what Web Developers and DevOps Engineers need to know in order to create robust, reliable, maintainable and secure software, networks and other, that are delivered continuously, on time, with no nasty surprises
• Docker Security - Quick Reference: For DevOps Engineers - A book on understanding the Docker security defaults, how to improve them (theory and practical), along with many tools and techniques.
• How to Hack Like a Pornstar - A step by step process for breaking into a BANK, Sparc Flow, 2017
• How to Hack Like a Legend - A hacker’s tale breaking into a secretive offshore company, Sparc Flow, 2018
• How to Investigate Like a Rockstar - Live a real crisis to master the secrets of forensic analysis, Sparc Flow, 2017
• Real World Cryptography - This early-access book teaches you applied cryptographic techniques to understand and apply security at every level of your systems and applications.
• AWS Security - This early-access book covers commong AWS security issues and best practices for access policies, data protection, auditing, continuous monitoring, and incident response.
• The Art of Network Penetration Testing - Book that is a hands-on guide to running your own penetration test on an enterprise network. (early access, published continuously, final release December 2020)
• Spring Boot in Practice - Book that is a practical guide which presents dozens of relevant scenarios in a convenient problem-solution-discussion format.. (early access, published continuously, final release fall 2021)
• Self-Sovereign Identity - A book about how SSI empowers us to receive digitally-signed credentials, store them in private wallets, and securely prove our online identities. (early access, published continuously, final release fall 2021)
• Data Privacy - A book that teaches you to implement technical privacy solutions and tools at scale. (early access, published continuously, final release January 2022)
• Cyber Security Career Guide - Kickstart a career in cyber security by learning how to adapt your existing technical and non-technical skills. (early access, published continuously, final release Summer 2022)
• Secret Key Cryptography - A book about cryptographic techniques and Secret Key methods. (early access, published continuously, final release Summer 2022)
• The Security Engineer Handbook - A short read that discusses the dos and dont's of working in a security team, and the many tricks and tips that can help you in your day-to-day as a security engineer.
• Cyber Threat Hunting - Practical guide to cyber threat hunting.
• Edge Computing Technology and Applications - A book about the business and technical foundation you need to create your edge computing strategy.
• Spring Security in Action, Second Edition - A book about designing and developing Spring applications that are secure right from the start.
• Azure Security - A practical guide to the native security services of Microsoft Azure.
• Node.js Secure Coding: Defending Against Command Injection Vulnerabilities - Learn secure coding conventions in Node.js by executing command injection attacks on real-world npm packages and analyzing vulnerable code.
• Node.js Secure Coding: Prevention and Exploitation of Path Traversal Vulnerabilities - Master secure coding in Node.js with real-world vulnerable dependencies and experience firsthand secure coding techniques against Path Traversal vulnerabilities.
• Grokking Web Application Security - A book about building web apps that are ready for and resilient to any attack.

Other Awesome Lists

Other Security Awesome Lists

• Android Security Awesome - A collection of android security related resources.
• Awesome ARM Exploitation - A curated list of ARM exploitation resources.
• Awesome CTF - A curated list of CTF frameworks, libraries, resources and software.
• Awesome Cyber Skills - A curated list of hacking environments where you can train your cyber skills legally and safely.
• Awesome Personal Security - A curated list of digital security and privacy tips, with links to further resources.
• Awesome Hacking - A curated list of awesome Hacking tutorials, tools and resources.
• Awesome Honeypots - An awesome list of honeypot resources.
• Awesome Malware Analysis - A curated list of awesome malware analysis tools and resources.
• Awesome Security Newsletters - A curated list of awesome newsletters to keep up to date on security news via e-mail.
• Awesome PCAP Tools - A collection of tools developed by other researchers in the Computer Science area to process network traces.
• Awesome Pentest - A collection of awesome penetration testing resources, tools and other shiny things.
• Awesome Privacy - A curated list of privacy-respecting software and services.
• Awesome Linux Containers - A curated list of awesome Linux Containers frameworks, libraries and software.
• Awesome Incident Response - A curated list of resources for incident response.
• Awesome Web Hacking - This list is for anyone wishing to learn about web application security but do not have a starting point.
• Awesome Electron.js Hacking - A curated list of awesome resources about Electron.js (in)security
• Awesome Threat Intelligence - A curated list of threat intelligence resources.
• Awesome Threat Modeling - A curated list of Threat Modeling resources.
• Awesome Pentest Cheat Sheets - Collection of the cheat sheets useful for pentesting
• Awesome Industrial Control System Security - A curated list of resources related to Industrial Control System (ICS) security.
• Awesome YARA - A curated list of awesome YARA rules, tools, and people.
• Awesome Threat Detection and Hunting - A curated list of awesome threat detection and hunting resources.
• Awesome Container Security - A curated list of awesome resources related to container building and runtime security
• Awesome Crypto Papers - A curated list of cryptography papers, articles, tutorials and howtos.
• Awesome Shodan Search Queries - A collection of interesting, funny, and depressing search queries to plug into Shodan.io.
• Awesome Censys Queries - A collection of fascinating and bizarre Censys Search Queries.
• Awesome Anti Forensics - A collection of awesome tools used to counter forensics activities.
• Awesome Security Talks & Videos - A curated list of awesome security talks, organized by year and then conference.
• Awesome Bluetooth Security - A curated list of Bluetooth security resources.
• Awesome WebSocket Security - A curated list of WebSocket security resources.
• Security Acronyms - A curated list of security related acronyms and concepts
• Awesome SOAR - A curated Cyber "Security Orchestration, Automation and Response (SOAR)" resources list.
• Awesome Security Hardening - A collection of awesome security hardening guides, best practices, checklists, benchmarks, tools and other resources.

---

Detail Pages:

• Android Security Tools and practices for Android app security.
• BLint A Binary Linter designed to evaluate your executables’ security properties and capabilities, utilizing LIEF for its operations; from version 2, can also produce Software Bill-of-Materials (SBOM) for compatible binaries.
• BoxyHQ Security building blocks for developers.
• BoxyHQ Collection of security APIs/services for security and privacy.
• Cedar A language for defining permissions as policies, which describe who should have access to what, and a specification for evaluating those policies.
• Computer Architecture: Microarchitectural channels A collection of reading materials on computer microarchitectural channels.
• Endpoint Security Links and notes about securing nodes (machines).
• Fusionauth Auth-n-auth service.
• Haka An open source security oriented language (based on Lua) which allows to describe protocols and apply security policies on (live) captured traffic.
• JSON Web Token (JWT) An open, industry standard (RFC 7519) method for representing claims securely between two parties.
• JVM Security Collection of tools and practices around JVM security.
• Network Security Links and notes.
• Nmap A free and open source utility for network discovery and security auditing.
• OAuth Protocol for third-party authentication.
• OAuth Specification for third-party authentication.
• Object-capability model A capability describes a transferable right to perform one (or more) operations on a given object.
• Ockam A suite of open source tools, programming libraries, and managed cloud services to orchestrate end-to-end encryption, mutual authentication, key management, credential management, and authorization policy enforcement – at massive scale.
• Open Policy Agent (OPA) An open source, general-purpose policy engine.
• Security Patterns Collections of security pattern languages.
• Semmle QL A declarative, object-oriented query language designed for program analysis.
• Spring Rod Johnson's "everything but EJB" application server based on dependency injection.
• Supertokens Open source alternative to Auth0 / Firebase Auth / AWS Cognito.
• The Big List of Naughty Strings The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data.
• Web Security Collections of links about security on the WWW.

Last modified 24 December 2025

---

© 2020-2025 Ted Neward | Generated on 24.12.2025 02:27:34 | Mixed with Bootstrap v3.1.1 | Baked with JBake v2.6.5