It's always nice to share useful information with the community. We asked our employees to advise the resources that they themselves visit in order to keep abreast of events in the world of information security. The collection turned out to be large, I had to break it into two parts. Part one.
- — a technical blog of a large information security company that regularly releases its research, tools / plugins for Burp.
- — security researcher, founder of the Dragon Sector top ctf team.
- — tweets about hacking and hardware.
- - SDR developer and researcher in the field of RF and IoT security, tweets / retweets, including about hardware hacking.
- - about the security of Active Directory and Windows.
- - writes mainly about hardware, retweets posts on a variety of information security topics.
Telegram
- - Information security through the eyes of RedTeam. A lot of quality material on attacks on Active Directory.
- — a typical channel about web bugs for web bug lovers. Most often, the emphasis is on analyzes of how to exploit typical vulnerabilities and tips on the effective use of software, less known but useful features.
- - a channel about technology and information security.
- - Digest of data leaks.
- - a channel about system administration. Not exactly IB, but useful.
- is a linkmeup podcast channel where enthusiasts have been discussing networks, technologies and information security since 2011. We also recommend taking a look at .
- - posts about hacking and protection in an understandable language (for beginners, that's it).
- - a digest of useful materials mainly on RE, exploit dev and malware analysis.
Github repository
- - Notes on kubernetes security.
- - a set of video tutorials on web security, analysis of vulnerabilities, practical tasks.
- - a collection of repositories on topics for hackers, pentesters and security researchers. We need to go deeper.
Blogs
- - usually don't need an introduction, but if you haven't heard about them: this is a team of cool specialists who are looking for vulnerabilities of the "remote jailbreak for top iOS without user interaction" level, and not for money, but for the sake of everyone's safety.
- - a blog of developers of the Burp Suite combine, which has become the de facto standard for web security. Dedicated, of course, to web application security.
- — wrote a lot of utilities/scripts that are quite useful for auditing, in addition to the blog, they actively share knowledge in their podcasts.
- - every week a digest with videos and articles on pentest is published here.
Youtube
Bloggers
- — video write-ups, including from the notorious Gynvael Coldwind from the Google security team and the founder of the Dragon Sector top ctf team, where he talks a lot of interesting things about reverse engineering, programming, solving CTF tasks and code audit.
- - a channel with very high-quality content - in simple terms about cool exploitation methods. There are also reviews of interesting reports on BugBounty.
- — a channel with an emphasis on BugBounty, valuable tips and interviews with top bug hunters on the HackerOne site.
- - passing cars on Hack the box.
- is a company specializing in auditing Windows infrastructure. Lots of helpful videos about various aspects of Windows systems.
Conference
Academic conferences
Industrial conferences
Systematization of Knowledge (SoK)
This type of academic work can be very useful at the very beginning of diving into a new topic for you or when organizing information. Finding such works is not difficult, here are a few examples:
We hope you have found something new for yourself. In the next part, we will tell you what to read if you are interested, for example, in the task of satisfiability of formulas in theories and machine learning in the field of security, and we will also tell you whose reports on iOS jailbreak will be useful.
We will be glad if you share your findings or author's blog in the comments.
Source: habr.com