I know someone … Truth is, I really do. Quite a few, actually, and I want to share that wealth of skill & knowledge here with you. I’ll keep adding to this list. If you’re on this list, this is me showing my gratitude and respect in the best way I know.
NOTE: This is a work in progress
Threat Intel Resources:
This is a goldmine. Seriously. https://github.com/hslatman/awesome-threat-intelligence/blob/master/README.md
Per the author: The objective is to create a blacklist that can be safe enough to be used on all systems, with a firewall, to block access entirely, from and to its listed IPs. http://iplists.firehol.org/
Fun, informative. You should only know how invaluable I have found these. They’ve led to great talks, blog pieces, opportunities to help other people. Here are my favourites
Brakeing Down Security: Having been a guest on the show, I can honestly say Bryan is a gifted host at getting his guests to tell their story. Brian and Bryan team up to deliver cutting edge technical insights with fascinating guests and community leaders.
Defensive Security: Jerry and Andrew are my weekly listen for a great dissection of what’s going on. Irreverent and funny, they give a good technical explanation without a deep dive, especially networking. But what I appreciate is their ability to teach the importance of governance and compliance alongside the issues – not easy or appealing but essential. I owe these guys a lot.
Risky Business: These guys know their stuff, and are bitingly on point when doing their weekly rundown of events. Patrick and Adam have no problem telling it like it is, and you’ll be laughing out at how funny brazen can be. I know I’ll get my dose of current events straight up, along with a great list of guests.
Advanced Persistent Security Podcast: Hosted by Joe Gray and featuring a great mix of experience and skills from our InfoSec community.
PVC: Ed, Paul, Chris and Tracey combine diverse backgrounds, skills and attitudes to look at security through the lenses of leadership, privacy, data science and humour. Which works for me! They feature great guests from the community, and share the fun of the cons they attend. Be advised: each show opens and closes with them singing.
Down the Security Rabbithole: What a lot of folks can’t grasp is the link to business, and where governance and legalities weigh in. Unless we get business to literally buy in, to put the funds behind the security effort, it ain’t gonna happen. I’ve found that Raf, Michael and James are really good at explaining current stories through this lens
Covert Contact: Because I am a Poli Sci major. And it’s all about connecting the dots, big picture thinking, and playing “what if”. John Little indulges my fascination with world affairs and hits on the keynotes for me. Especially his focus on Russia and Putin with William Tucker. We know the games nation states play directly impact security at any level.
http://www.irongeek.com/ If you want to learn, watch the talks people give at Cons. And Irongeek is usually the guy recording those. Here is the treasure trove. Dive in!
Check if you’ve been compromised:
Have I been Pwned this site by Troy Hunt shows whose email got caught up in the breach. You need to check yours. Now.
Has My EMail Been Hacked because from experience this has caught other stuff.
https://tisiphone.net/ The first blog I would point anyone to is by Lesley Carhart, or @hacks4pancakes on Twitter. She had done more for our community than I can say, and helps those new to the community, those seeking work, or those who really need someone to listen. She combines technical knowledge with a real understanding of business, digital forensics and GRC. Truly one of the best people I know.
https://decentsecurity.com/ And my next recommendation for a good overall understanding of InfoSec is by Swift on Security. If you aren’t following her on Twitter – why?
https://www.osint.fail/ Tazz or @grcninja has a way with words – direct, blunt and accurate. She gets defense, has seen the stupid, and knows tech. Her fighting instincts make her a formidable adversary and someone whose opinion I greatly respect. She is one of our go-to sources on OSINT in security, and her blog is a must-read.
https://brownhatsecurity.com/ If you follow @munin on Twitter, you’ll know why. There is much wisdom here.
https://www.kodaops.com/ This site has lots to offer, and so does @b3taW0lf. Great hacker insights and he’s just starting out.
http://dfir.org/?q=node/8 Recommended readings by Andrew Case.
Industry Security Blogs
http://www.privasee.eu/ I know Sarah Clarke very well, so consider this a good recommendation.
http://senr.io/ Stephen Ridley and this company have a lot to say and we need to listen. The IoT is taking us down a road we don’t want to be on. Ben Johnson of Carbon Black is now on their advisory board, and he, too, knows how to look ahead of the curve.
Code Curmudgeon has a list of all known hacks for IoT here. http://codecurmudgeon.com/wp/iot-hall-shame/
ARM and Assembly
https://azeria-labs.com/writing-arm-assembly-part-1/ This is a fantastic resource by Azeria Labs. This is your introduction to ARM and Assembly that leads up to exploit with a good comparison between ARM and INTEL.
https://www.gracefulsecurity.com/ Holly Graceful comes highly recommending with friendly, informatinve walk-thru’s and how-tos.
Mainframes: Just check the whole section on ’em! @bigendiansmalls and @mainframed767 are your goto guys
Tools & Hacking
Awesome Hacking toolkit by @jekil https://awesomehacking.org/
Mainstream Intel Sources