Skip to content

⭐ Resources

Information, compiled for easy reference.

CI/CD Your Notes

This set of links and notes has been my longest running note file, originally started back in cherrytree before making its way to this page.

The idea has been to create a searchable location pointing to each of these things, sorted by category, and with notes around them. This is currently a work in progess as entries need to be reformatted and updated as they move from my notes onto this page.

Utilities

rustdesk

An open source, robust remote desktop alternative, has desktop and mobile clients and is designed for self-hosting.

This was covered by Network Chuck as an alternative to every other remote desktop option out there.

ghostty

Fast, feature rich, native terminal emulator.

This tool was mentioned on Daniel Miessler's UL NO. 463.

Note Taking

The best advice I've heard about note taking is 1) it should work for you, and 2) it should export to a common format like Markdown so you can move to another notes platform easily. This can be multiple apps, or just one. It's whatever works best for you and the goals you have.

Standard-Notes

Standard Notes is an end-to-end encrypted note-taking app for digitalists and professionals. Capture your notes, files, and life's work all in one secure place.

It works across all major platforms, desktop and web, using end-to-end encrypted syncing through their servers to all of your devices. Robust markdown formatting, a secrets vault, and even limited spreadsheet capability for paid subscriptions. Standard Notes is one of the most security and privacy focused of the various note taking applications, making efforts to function similar to a password manager with how it handles memory and data on-device.

You could also self-host the client and server components, using tailscale to safely access it from your endpoints.

Obsidian

Perhaps the most popular notes application for infosec professionals and developers (as of the time of writing this). Obsidian features robust note taking and visualization capabilities through linking notes and creating a graph of how they relate. It works using markdown files saved to your device. Paid plans include end-to-end encrypted note sync.

Joplin

Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. The notes are searchable, can be copied, tagged and modified either from the applications directly or from your own text editor. The notes are in Markdown format. The notes can be securely synchronised using end-to-end encryption with various cloud services including Nextcloud, Dropbox, OneDrive and Joplin Cloud.

This application is often referenced in relation to note taking for pentesting courses and certifications. It's fairly easy to install and functions entirely offline by default.

Notion

Notion is a note taking platform. Desktop apps are available but you can use it entirely through the web application. It is possibly the most feature-rich note taking platform available. If your subscription includes the AI component, it's practical and immediately usable out of the box.

These notes are not end-to-end encrypted, and may not be the best option without an enterprise subscription if your notes include customer data.

Cherrytree

A hierarchical note taking application, featuring rich text and syntax highlighting, storing data in either a single file (xml or sqlite) or multiple files and directories.

This is often available by default in Kali Linux and frequently referenced in relation to note taking for pentesting courses and certifications.

Primarily supports Windows and Linux (snap and flatpaks are available too).

Operating Systems

Windows

Each of the ISOs and disk images are openly available to download, both for evaluation and to enter a product key during install for produciton use.

Kali Linux

The most robust pentesting Linux distribution. Includes tools for offense, purple teaming, defense, and forensics.

Obtaining the Kali Linux GPG public key and verifying signatures:

wget -q -O - https://archive.kali.org/archive-key.asc | gpg --import
gpg --keyserver hkps://keyserver.ubuntu.com --recv-key 44C6513A8E4FB3D30875F758ED444FF07D8D0BF6
wget -q https://cdimage.kali.org/current/SHA256SUMS{.gpg,}
gpg --verify SHA256SUMS.gpg SHA256SUMS

GPG Key File: 0xED444FF07D8D0BF6

pub   rsa4096/0xED444FF07D8D0BF6 2012-03-05 [SC] [expires: 2027-02-04]
      Key fingerprint = 44C6 513A 8E4F B3D3 0875  F758 ED44 4FF0 7D8D 0BF6
uid                             Kali Linux Repository <devel@kali.org>
sub   rsa4096/0xA8373E18FC0D0DCB 2012-03-05 [E] [expires: 2027-02-04]
REMnux

A Linux toolkit for malware analysts. Lenny Zeltser is one of the maintainers.

Debian

Debian is one of the "main" operating system families of Linux.

The Debian Project is an association of individuals, sharing a common goal: We want to create a free operating system, freely available for everyone. Now, when we use the word "free", we're not talking about money, instead, we are referring to software freedom.

GPG Key:

gpg --keyserver hkps://keyserver.ubuntu.com:443 --recv-keys 'DF9B 9C49 EAA9 2984 3258  9D76 DA87 E80D 6294 BE9B'
Ubuntu

Ubuntu is a Debian-base Linux distribution developed by Canonical.

GPG Key File: 0xD94AA3F0EFE21092

pub   rsa4096/0xD94AA3F0EFE21092 2012-05-11 [SC]
      Key fingerprint = 8439 38DF 228D 22F7 B374  2BC0 D94A A3F0 EFE2 1092
uid   Ubuntu CD Image Automatic Signing Key (2012) <cdimage@ubuntu.com>
Raspberry Pi OS

Raspberry Pi needs an operating system to work. This is it. Raspberry Pi OS (previously called Raspbian) is our official supported operating system.

Many Linux distributions have a version available to run on Raspberry Pi, however there's also Raspberry Pi OS which is built and maintained by the Raspberry Pi Foundation.

RHEL (Red Hat Enterprise Linux)

Red Hat Enterprise Linux is an enterprise Linux operating system. It is oriented toward enterprise and commercial users, is certified for many hardware and cloud platforms, and is supported by Red Hat via various subscription options. Compared to Fedora, Red Hat Enterprise Linux emphasizes stability and enterprise-readiness over the latest technologies or rapid releases. More information about Red Hat offerings can be found at Red Hat's web site.

Individual software developers can access a free-of-charge subscription as part of the Red Hat Developer Program. Developers can use Red Hat Enterprise Linux on up to 16 physical or virtual systems for development, quality assurance, demos, or small production uses. See the Frequently Asked Questions for the No-cost Red Hat Enterprise Linux Individual Developer Subscription.

Fedora

Fedora is developed by the Fedora Project and sponsored by Red Hat. It follows its own release schedule, with a new version approximately every six months. Fedora provides a modern Linux operating system utilizing many of the latest technologies. It is free for all users and supported via the Fedora community.

To create Red Hat Enterprise Linux, some version of Fedora is forked and enters an extensive development, testing and certification process to become a new version of Red Hat Enterprise Linux.

Pentoo
Parrot

Parrot Security (ParrotOS, Parrot) is a Free and Open source GNU/Linux distribution based on Debian Stable designed for security experts, developers and privacy aware people.

It includes a full portable arsenal for IT security and digital forensics operations. It also includes everything you need to develop your own programs or protect your privacy while surfing the net.

Parrot is available in three main editions, Security, Home and Architect Edition, even as Virtual Machine (Virtual Box, Parallels and VMware), on Raspberry Pi and also on Docker.

The operating system ships by default with MATE Desktop Environment, but it is possible to install others DEs.

Arch Linux
OpenBSD
FreeBSD
pfSense

pfSense is an excellent choice for both, a home and lab router-firewall to begin learning with and protect your real network.

The pfSense project is a free network firewall distribution, based on the FreeBSD operating system with a custom kernel and including third party free software packages for additional functionality. pfSense software, with the help of the package system, is able to provide the same functionality or more of common commercial firewalls, without any of the artificial limitations. It has successfully replaced every big name commercial firewall you can imagine in numerous installations around the world, including Check Point, Cisco PIX, Cisco ASA, Juniper, Sonicwall, Netgear, Watchguard, Astaro, and more.

OpenWRT

Tracking latest stable release notes

Downloading latest stable releases

For UniFi AP AC Lite:

Ubiquiti
VyOS

VyOS is a fully open-source Linux-based OS for network devices. It focuses on enterprise, service provider, and network geek audiences.

It's free to build and use, and nightly prerelease ISO's are available, however they operate on a "pay for prebuilt binaries", plus technical support and custom development services if you'd like to support the project.

TrueNAS SCALE

Hypervisors

Proxmox

Proxmox is a complete open-source platform for virtualization. Built on Debian, it uses a web frontend to manage VM's and containers. You can install and use GUI and headless VM's, as well as manage and work with the underlying OS from a shell. For example it's entirely possible to install an EDR agent onto Proxmox, since it's Debian under the hood.

The ISO URL points to an /iso/ folder on the Proxmox webiste. Browsing this manually reveals the following files:

https://enterprise.proxmox.com/iso/SHA256SUMS.txt https://enterprise.proxmox.com/iso/SHA256SUMS.asc

You can use these along with the following public key to verify the ISO's integrity.

gpg --keyserver hkps://keyserver.ubuntu.com:443 --recv-keys 'F4E136C67CDCE41AE6DE6FC81140AF8F639E0C39'

# list keys
pub   rsa4096/0x1140AF8F639E0C39 2022-11-27 [SC] [expires: 2032-11-24]
    Key fingerprint = F4E1 36C6 7CDC E41A E6DE  6FC8 1140 AF8F 639E 0C39
uid                   [ unknown] Proxmox Bookworm Release Key <proxmox-release@proxmox.com>
VMware

⚠️ TO DO ⚠️

VirtualBox

VirtualBox is often available in the default Linux repositories, but the latest supported and patched version is available directly from VirtualBox's offical repo.

VirtualBox is a general-purpose full virtualization software for x86_64 hardware (with version 7.1 additionally for macOS/Arm), targeted at laptop, desktop, server and embedded use.

It works on Windows, macOS, Linux, and more. You'll also want the VirtualBox Extension Pack if you require USB pass-through or any other advanced features. It's free for personal use and is under a separate license agreement.

B9F8 D658 297A F3EF C18D  5CDF A2F6 83C5 2980 AECF
Oracle Corporation (VirtualBox archive signing key) <info@virtualbox.org>
QEMU

QEMU is available through your Linux distro's default package repos, and macOS's Homebrew / MacPorts. This is the recommended way to install it.

QEMU could be thought of as the Hyper-V of Linux. It benefits from the KVM acceleration on Linux making the performance incredible, and in some sense is the most ubiquitously supported hypervisor across the distros, likely because of the KVM integration. You'll see this on Ubuntu where apt now checks to see if QEMU VM's are running.

This is just my opinion and experience after moving to Hyper-V and QEMU from VMWare and VirtualBox. QEMU is also being used by Proxmox, which is another benefit to building and understanding QEMU images if you're using QEMU for desktop use cases and Proxmox as a virtualization server.

Home Labs & Simulations

GOAD (Game of Active Directory)

The purpose of this tool is to give pentesters a vulnerable Active directory environment ready to use to practice usual attack techniques. The idea behind this project is to give you an environment where you can try and train your pentest skills without having the pain to build all by yourself. This repository was build for pentest practice.

Effectively, this can spin up really fast (as quick as a couple hours) on a Kali Linux host running VirtualBox as the Hypervisor. There's also a Proxmox option, but for this you may want to look at Ludus below.

It goes without saying you need a fair amount of resources to run this, and it will be extremely expensive in the cloud.

Ludus

This was initially discovered on Paul's Security Weekly #861. It appears to be built on top of Proxmox and Game of AD, with a number of other options and features for a completely automated home lab experience.

Ludus is a system to build easy-to-use cyber environments, or "ranges" for testing and development.

Built on Proxmox, Ludus enables advanced automation while still allowing easy manual modifications or setup of virtual machines and networks.

SamuraiWTF (Web Training Framework)

This version of the project is expirimental only for now.

VulnServer

An intentionally vulnerable listening process, meant to demonstrate buffer overflows.

This project is referenced in many buffer overflow practice courses. The source code is short enough to read over in a few minutes and can be compiled fairly easily, meaning you can make changes and attempt to patch the code to remove the vulnerability too.

OWASP Juice Shop

OWASP Juice Shop is probably the most modern and sophisticated insecure web application! It can be used in security trainings, awareness demos, CTFs and as a guinea pig for security tools! Juice Shop encompasses vulnerabilities from the entire OWASP Top Ten along with many other security flaws found in real-world applications!

VulHub

Dockerized Vulnerable Software. These should be run in an isolated environment, such as a VM you would use for malware analysis.

Snyk Goof

A vulnerable Node.js demo application.

Information Technology

RFC

Request for Comments.

Get the full story on the about page, but effectively RFC's are published and reviewed documentation that can include information about various internet standards.

IETF

Internet Engineering Task Force.

The Internet Engineering Task Force (IETF), founded in 1986, is the premier standards development organization (SDO) for the Internet. The IETF makes voluntary standards that are often adopted by Internet users, network operators, and equipment vendors, and it thus helps shape the trajectory of the development of the Internet. But in no way does the IETF control, or even patrol, the Internet.

InterNIC

Public Information Regarding Internet Domain Name Registration Services.

InterNIC is a registered service mark of the U.S. Department of Commerce. It is licensed to the Internet Corporation for Assigned Names and Numbers, which operates this web site.

ICANN

The Internet Corporation for Assigned Names and Numbers.

ICANN's mission is to help ensure a stable, secure, and unified global Internet. To reach another person on the Internet, you need to type an address - a name or a number - into your computer or other device. That address must be unique so computers know where to find each other.

ICANN helps coordinate and support these unique identifiers across the world. ICANN was formed in 1998 as a nonprofit public benefit corporation with a community of participants from all over the world.

IANA

Internet Assigned Numbers Authority

The global coordination of the DNS Root, IP addressing, and other Internet protocol resources is performed as the Internet Assigned Numbers Authority (IANA) functions.

ARIN

American Registry for Internet Numbers.

Established in December 1997, the American Registry for Internet Numbers (ARIN) is a nonprofit, member-based organization that supports the operation and growth of the Internet.

ARIN accomplishes this by carrying out its core service, which is the management and distribution of Internet number resources such as Internet Protocol (IP) addresses and Autonomous System Numbers (ASNs). ARIN manages these resources within its service region, which is comprised of Canada, the United States, and many Caribbean and North Atlantic islands. ARIN also coordinates policy development by the community and advances the Internet through informational outreach.

You can perform WHOIS lookups and obtain ownership information on network ranges and addresses through ARIN.

MDN (Mozilla Developer Network) Documentation

This is an essential resource for anything web standards (or web code) related.

MDN Web Docs is an open-source, collaborative project that documents web platform technologies, including CSS, HTML, JavaScript, and Web APIs. We also provide extensive 🧑‍🎓 learning resources for beginning developers and students.

W3C (World Wide Web Consortium)

An international community that develops open standards to ensure the long-term growth of the Web.

Usb Specifications & Documentation

usb.org details everything about the USB specification. This is useful for example if you're observing USB communications with Wireshark or building rules for USBGuard.

Information Security

⚠️ TO DO ⚠️

Pentesting

PTES (Penetration Testing Execution Standard)

The PTES is a standard first drafted in 2009. It's designed to provide both businesses and security service providers with a common language and scope for performing penetration testing. It's been referenced in a number of training courses and by those who helped create it over the years. The FAQ provides additonal overview.

Kevin Johnson (SecureIdeas, OpenSBK) was on Paul's Security Weekly #785 to talk about this updated version of the PTES, now on GitHub for others to contribute to. It was mentioned again in SWN-453, where one of OpenSBK's goals in addition to updating the PTES will be defining the language used in InfoSec.

Network

This includes general network information as well as network-focused tools.

nmap

Perhaps the most well known network scanner available.

naabu

A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests

naabu's release binaries are statically compiled. This is incredibly useful if you're struggling to get a statically compiled nmap to run on a machine.

masscan

TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.

Web Application

Burpsuite

Web application security testing tool, has free and paid licenses.

ZAProxy

Open source and free alternative to Burpsuite maintained by OWASP.

# Install in Kali
sudo apt install -y zaproxy
Caido

A new web application pentesting tool, similar to Burpsuite, has free and paid plans.

Active Directory

adsecurity.org

One of the most robust resources to Active Directory security, hardening, pentesting, and information in general.

Wireless

⚠️ TO DO ⚠️

Cloud

⚠️ TO DO ⚠️

ICS & OT

⚠️ TO DO ⚠️

GRC

All things standards, configuration, compliance, and policy related.

STIG

⚠️ TO DO ⚠️

CIS Benchmarks

⚠️ TO DO ⚠️

Microsoft Baselines

⚠️ TO DO ⚠️

Exploit Development

⚠️ TO DO ⚠️

Reverse Engineering

⚠️ TO DO ⚠️

Malware Analysis

Qu1cksc0pe

An all-in-one malware analysis tool, excellent for triage. Originally discovered on this SANS diary. The diary post has an alternate docker file available to use.

MalAPI

Common Windows API calls used by malware.

Firmware

Coreboot
EDK2 / Tianocore
System76 Open Firmware

An open source distribution of firmware utilizing coreboot, EDK2, and System76 firmware applications

ChipSec

CHIPSEC is a framework for analyzing the security of PC platforms including hardware, system firmware (BIOS/UEFI), and platform components. It includes a security test suite, tools for accessing various low level interfaces, and forensic capabilities. It can be run on Windows, Linux, and UEFI shell.

EMBA

EMBA was discovered through Paul's Security Weekly. It's been covered in too many episodes to pinpoint which one I initially heard it from.

EMBA is designed as the central firmware analysis and SBOM tool for penetration testers, product security teams, developers and responsible product managers. It supports the complete security analysis process starting with firmware extraction, doing static analysis and dynamic analysis via emulation, building the SBOM and finally generating a web based vulnerability report. EMBA automatically discovers possible weak spots and vulnerabilities in firmware. Examples are insecure binaries, old and outdated software components, potentially vulnerable scripts, or hard-coded passwords. EMBA is a command line tool with the possibility to generate an easy-to-use web report for further analysis.

EMBA requires a lot of compute resources. See the prerequisites for details. For reference, your EMBA VM should have 8vCPU's and 16GB RAM as the minimum.

OFRAK

OFRAK allows you to unpack, modify, and repack binaries.

It supports a range of embedded firmware file formats beyond userspace executables, including: compressed filesystems, compressed & checksummed firmware, bootloaders and RTOS/OS kernels.

UEFITool

UEFI firmware image editor and viewer.

DBX Update Process
UEFI Firmware Parser
BootHole

This includes the vulnerability check for both bash and PowerShell.

Flashrom

Read, write, edit firmware.

LVFS

Linux Vendor Firmware Service.

Forensics

Memory Acquisition

avml (Acquire Volatile Memory for Linux)

Do this remotely with ssh + avml (acquire volatile memory for linux).

lmg (Linux Memory Grabber)

Do this remotely with ssh + lmg (linux memory grabber).

Threat Intel

⚠️ TO DO ⚠️

Threat Hunting

YARA

Malware rule, pattern, and classification Language.

yarGen

Programmatic YARA rule generation.

YARA-Rules Repository
RITA
ZEEK
Suricata
Velociraptor

Agent based incident response tool.

OSQuery
BeaKer
Raccine
SIGMA

General signature format for SIEM systems.

Canary Tokens

Active defense alerts using secrets, commands, documents, files and more.

Blogs & Authors

Daniel Miessler

Building AI that upgrades humans.

tcm-sec (TheCyberMentor)

Training, tutorials, and all things infosec.

Husky Hacks
OA Labs

Malware analysis and reverse engineering.

Malware Unicorn
maldev-for-dummies

A malware development course.

Josh Stroschein (CyberYeti)

Malware analysis and reverse engineering.

S1REN
13Cubed (Richard Davis DFIR)
Hal Pomeranz
IppSec
Security Weekly

AKA Paul's Security Weekly.