Information Security (InfoSec)

Tools, Software, Products


burp suite – Google Search


InsightAppSec | Rapid7



Education, Reading, Learning


owasp crs – Google Search

nist cyber security framework – Google Search

cyber security framework – Google Search

Category:Vulnerability Scanning Tools – OWASP

EFF: Surveillance Self-Defense | Tips, Tools and How-tos for Safer Online Communications








People in InfoSec

Jayson E. Street


Good Reads

Top Picks

What I Learned Trying To Secure Congressional Campaigns (Idle Words)


Stuff that needs sorting

DLA Piper GDPR data breach survey: February 2019 | Insights | DLA Piper Global Law Firm

CLARK | Cybersecurity Library


cyber security before, during and after attack – Google Search

ModSecurity: Open Source Web Application Firewall

ctf security for beginners – Google Search

CTF365 – Capture The Flag | Security Training Platform

Cyber Challenge Australia

Capture The Flag (CTF ) – Code Like A Girl

Encryption software to secure cloud files | Boxcryptor

11 Best PHP Code Security Scanner to Find Vulnerabilities

Security Vulnerabilities Detected by RIPS

Community Edition | SonarSource

Sven Morgenroth, Netsparker – Paul’s Security Weekly #584 – YouTube

Never Pass Untrusted Data to Unserialize in PHP | Netsparker — the Internet’s Fastest, Privacy-First DNS Resolver

prtg message software monitoring – Google Search

The 21 biggest data breaches of 2018 | Business Insider

Mozilla – *privacy not included

Govt pushes Flash, Java, web ad blocks in revised infosec manual – Security – iTnews

HTTPS Is Easy!

2-factor authentication may be hackable, expert says

One of the West’s biggest cybersecurity vulnerabilities is our idiotic habit of sending servers full of sensitive information to foreign countries | Business Insider

14 Best Open Source Web Application Vulnerability Scanners [Updated for 2018]

People older than 65 share the most fake news, a new study finds – The Verge

damn vulnerable web app – Google Search

DVWA – Damn Vulnerable Web Application

Authy | Two-factor Authentication (2FA) App & Guides

Bit Discovery

type juggling owasp – Google Search

Government shutdown: TLS certificates not renewed, many websites are down | ZDNet

For Owners of Amazon’s Ring Security Cameras, Strangers May Have Been Watching

T-Mobile, Sprint, and AT&T Are Selling Customers’ Real-Time Location Data, And It’s Falling Into the Wrong Hands

10 GitHub Security Best Practices | Snyk

StopSIMCrime | Let’s make mobile carriers stop!

NIST on Privileged Access Management: Secure the Keys to your Kingdom – The LastPass Blog

How Much of the Internet Is Fake?

Weekly Update 122 (and Lenovo P50)

security asset management – Google Search

phywical office awareness – Google Search

google maps location sharing – Google Search

web application hacker’s handbook – Google Search

browser hackers handbook – Google Search

Access via public WiFi – Man in the middle – Reset main account passwords – Google Search

CRLF Injection Into PHP’s cURL Options – TomNomNom – Medium

The curious case of the Raspberry Pi in the network closet

WiGLE: Wireless Network Mapping

dns logs – Google Search

It’s Time To Audit All The Extensions You’ve Installed On Your Browser | Gizmodo Australia

Analyzing a Week of Blocked Attacks

Home network/wifi segmentation – Google Search

home network security – Google Search

why unique passwor.d password stuffing from people operating community websites – Google Search

Don’t Toss That Bulb, It Knows Your Password | Hackaday

Pwn the LIFX Mini white – Limited Results

googling help numbers that are a scam – Google Search

Google releases Chrome extension that alerts users of breached passwords | Ars Technica

metasploit – Google Search

Photo Location & Online EXIF Data Viewer – Pic 2 Map

darkcomet rat – Google Search

lan turtle – Google Search

nmap – Google Search

Facebook Is Tracking You! Here’s How to Stop It

uBlock Origin – Chrome Web Store

Privacy Badger | Electronic Frontier Foundation

Use Windows Event Forwarding to help with intrusion detection (Windows 10) | Microsoft Docs

windows event log forwarding – Google Search

Using Gmail “Dot Addresses” to Commit Fraud – Schneier on Security

keyless entry car relay attack – Google Search

charles proxy android – Google Search

evilginx – Google Search

clear web data breaches – Google Search

why do hotels require passports – Google Search

MEGA data breach – Google Search

tarahmarie/nerdlist: list of passwords more likely to be used by sysadmins, general nerds, and folk with access

Open sourcing ClusterFuzz | Google Open Source Blog

Dream Market at DuckDuckGo



Open sourcing ClusterFuzz | Google Open Source Blog

usb device driver infect at DuckDuckGo

nist phone sms 2fa at DuckDuckGo

NIST declares the age of SMS-based 2-factor authentication over | TechCrunch

Sms 2fa not secure at DuckDuckGo

Top Cyber Security Journalist Award Winnners | SANS Institute

xkcd: Voting Software

The passwordless web explained – Naked Security

Improvements for Sharing Securely on Box | Box Blog

Online safety cartoons for young kids

The passwordless web explained – Naked Security

CheatSheetSeries/ at master · OWASP/CheatSheetSeries

W3C approves WebAuthn as the web standard for password-free logins | VentureBeat

us munitions list – Google Search

Electronic Frontier Foundation | Defending your rights in the digital world

The Threat Intelligence Handbook | Recorded Future | Fighting malware and botnets

SSL Server Test (Powered by Qualys SSL Labs)


Making Passwords Simple | SANS Security Awareness

A Few Simple Steps to Vastly Increase Your Privacy Online

Threatpost | The first stop for security news

Jeremy from Marketing – Darknet Diaries Podcast

security.txt – Google Search

dns hijacking – Google Search

Special Publication 800-63 | NIST

Hack-with-Github/Awesome-Hacking: A collection of various awesome lists for hackers, pentesters and security researchers

So You Want To Be a Pentester? – Jack Hacks

Why Every Privacy Activist Should Embrace* DNS-over-HTTPS

Top 5 Configuration Mistakes That Create Field Days for Hackers | Threatpost

14 Best Open Source Web Application Vulnerability Scanners [Updated for 2019]

Category:Vulnerability Scanning Tools – OWASP

Canary tokens to detect site cloning – Google Search



OWASP AppSec Day 2018

ThreatPlaybook – Home – ThreatPlaybook

Open Source Security Platform | Snyk

rollbar raygun sentry – Google Search

vulnerability database – Google Search

Data breach detection, prevention and notification – DataBreachToday

retire.js – Google Search

OWASP Dependency Check – OWASP

OWASP Dependency Track Project – OWASP

secure code warrior – Google Search

paper towns on maps – Google Search

pagerduty – Google Search

ThreatPlaybook – Home – ThreatPlaybook

sonatype – Google Search

splunk logging – Google Search

datadog logging – Google Search


Password security

Weekly Update 111 – YouTube

Passwords in online services | ICO

Troy Hunt: Passwords Evolved: Authentication Guidance for the Modern Era


Intel open-sources HE-Transformer, a tool that allows AI models to operate on encrypted data | VentureBeat

Bug Hunting Is Cybersecurity’s Skill of the Future – Infosecurity Magazine

New machine learning algorithm breaks text CAPTCHAs easier than ever | ZDNet

How Facebook Tracks Non-Users via Android Apps | Threatpost | The first stop for security news

ecthros/uncaptcha2: defeating the latest version of ReCaptcha with 91% accuracy

Host Websites On Github –

webhint, the hinting engine for web best practices


Network Scanning

php script to scan ip addresses – Google Search

Script to collect the Hostname, MAC & IP Address – Windows Forum – Spiceworks

IP scanner, give it range of IPs and it’ll return the website title

Smaash/hostscan: php tool for network scanning


LastPass & Have I Been Pwned

lastpass have i been pwned – Google Search

LastPass Forums • View topic – Pwned Passwords check

Use the Security Challenge

LastPass Forums • View topic – Have I Been Pwned Integration?


php – RegEx to find and remove event attributes ex. onclick, onload, onhover etc – Stack Overflow
How do you parse and process HTML/XML in PHP? – Stack Overflow

NIST Asks for Input on Building Secure Software – Nextgov


Rolling out LastPass? Don’t Miss These 5 Tools  – The LastPass Blog
LockPickingLawyer – YouTube
Notifiable Data Breaches Scheme 12‑month Insights Report| Office of the Australian Information Commissioner – OAIC


Security Without Borders