An Information Security Reference That Doesn't Suck

• Be an awesome Information Security Reference

• List of techinques, tools and tactics to learn from/reference.

  • Something like a "Yellow Pages" in the sense of you know something exists, but what was it called....

• End goal: Rich resource of infosec knowledge for anyone to browse through as a jumping off point for various niches OR as a reference/recall method for stuff.

• Something oppposite to the MITRE ATT&CK Framework (eventually; As in, "I want to do priv esc on OS X/windows/linux, what methods are there?" or, "I need to do X under Y situation". Focus is on attacks and how they're done vs how attacks are done with a focus on defense.

  • Always accepting more links/stuff. Feel free to contribue or suggest something.

• Little extra something: ALL LINKS LISTED ARE VALID. They will route to their target page or to Internet Archives most recent archive of that page. All links are validated when I pull from github and host on my site using Daux.

• No idea. I do this as a resource for myself and offer it publicly as a way of giving back to the general community.

• Don't have to constantly google for tools/reminder.
• Easily browsable list of tools, techniques, papers, and research in all sorts of areas.

• This page is terrible on mobile. Use https://rmusser.net/docs for better mobile formatting.
• For latest content updates, check here: Things added since last update
  • This will have all links added to the other pages sorted according to topic, making it easier to see new stuff.
• All links on this page should work. Last tested 11/3
• Contributions are welcomed, format is pretty simple/easy to pick up, add anything not already in it that fits.

Windows

• Windows Collection
• Windows Command and Control
• Windows Credential Access
• Windows Defense Evasion
• Windows Discovery
• Windows Execution
• Windows Exfiltration
• Windows Lateral Movement
• Windows Persistence
• Windows Privilege Escalation

Linux

• Linux Collection
• Linux Command and Control
• Linux Credential Access
• Linux Defense Evasion
• Linux Discovery
• Linux Execution
• Linux Exfiltration
• Linux Lateral Movement
• Linux Persistence
• Linux Privilege Escalation

Mac/OS X

• Anonymity/OpSec/Privacy

• Basic Security Information

• BIOS/UEFI/Firmware Attacks/Defense

• Building a PenTest Lab

• Car hacking

• Cheat Sheets

• CTFs & Wargames

• Conferences/Recordings

• Counter Surveillance

• Courses & Training

• Cryptography & Encryption

• CryptoCurrencies

• Darknets

• Data Anaylsis & Visualization

• Disclosure

• Disinformation

• Documentation & Reporting

• Embedded Device Security

• Exfiltration

• Exploit Development

• Forensics & Incident Response

• Fuzzing & Bug Hunting

• Gamma Group Hack Writeup

• Hacking Team Writeup

• Home Security

• Honeypots

• Interesting Things & Useful Information

• Malware

• Network Attacks & Defense

• Network Security Monitoring & Logging

• Open Source Intelligence Gathering - OSINT

• Opsec Rant #1 - alpraking

• Opsec rant #2 - nachash

• Passwords

• Phishing

• Physical Security

• Privilege Escalation and Post-Exploitation

• Programming Stuff

• Red Teaming

• Reverse Engineering

• REMATH Reverse Engineering

• Rootkits

• Social Engineering

• System Internals (Linux/Windows) - NOT THE TOOLSET

• Threat Modeling

• Threat Hunting

• UI/UX Design

• Web

• Wireless Networks and RF Devices

• Insurance Data Security Model Law |

• NIST Cyber Security Framework 02/12/2014 |

• PCI-DSS V3.2|