Some interesting stuffs (blogs/articles/papers and useful resources) that I’ve read in 2017, will update every month.


Iran Leaks Censorship via BGP Hijacks
How to secure MongoDB on Linux or Unix production server
Cracking Android Pattern Lock in Five Attempts
Network Forensics Playbook – Banner Inspection and Client Origin
Have Fun with Machine Learning: A Guide for Beginners
Open-Sourcing Our Incident Response Documentation
Android Vulnerabilities: Attacking Nexus 6 and 6P Custom Boot Modes
Windows Privilege Escalation Methods for Pentesters
How to Tell Which Application Is Using Your Windows PC’s Webcam
With Release of Windows 10, Questions About BitLocker Arise Again
You will be surprised by what your Tweets may reveal about you and your habits
Everything you need to know about HTTP security headers
I am Mikko Hypponen. I hunt hackers. I’m here to answer your questions for Data Privacy Day. AMA!


Analyzing a malicious document with a mac-specific payload
Accessing & Copying Volume Shadow Copy Contents From Live Remote Systems
Hardening Win7 x64 on VirtualBox for Malware Analysis
OSX (Mac) Memory Acquisition and Analysis Using OSXpmem and Volatility
The Effect of Encryption on Lawful Access to Communications and Data
Running Executables on macOS From Memory
Sources, configuration and how to detect evil things utilizing Microsoft Sysmon.
Password managers: attacks and defenses
Mirai – Inside of an IoT Botnet
Here are 250 Ivy League courses you can take online right now for free
Hacking WordPress 4.7.0 – a step-by-step guide
Threat Hunting with Sysmon
How to Encrypt Your Windows System Drive With VeraCrypt
I’m Kevin Mitnick, The World’s Most Famous Hacker. AMA AMA!
Adventures in /usr/bin and the likes
Hacking Android phone. How deep the rabbit hole goes.
Spam and phishing in 2016
Beginner’s Guide to Open Source Incident Response Tools and Resources
How to Run a Rogue Government Twitter Account With an Anonymous Email Address and a Burner Phone
How DNS Works in Tor & ITs Anonymity Implications
How SHA-1 Collisions Can Affect Us in Real-World Attacks
OSCP-like Vulnhub VMs
The Collapse of the UNIX Philosophy
Setting up a Pentesting… I mean, a Threat Hunting Lab


Vault 7 Megathread – Technical Analysis & Commentary of the CIA Hacking Tools Leak
Remote Code Execution (RCE) Attacks on Apache Struts
Yahoo Hack
HTTPS Interception Weakens TLS Security
Blue Team Basics – PCAP File Extraction
Extracting data from damaged NTFS drives
Getting Physical With USB Type-C : Windows 10 RAM Forensics and UEFI Attacks
iOS Security – iOS 10
Android Security 2016 Year in Review
Secure computing for journalists
Learning from the field : Vulnhub
Powershell Exploit Analyzed Line-by-Line
Spora Ransomware: Understanding the HTA Infection Vector
Some notes on malware
Essential PowerShell Resources
Chronicles of a Threat Hunter: Hunting for In-Memory Mimikatz with Sysmon and ELK – Part I (Event ID 7)
Pincodes, Passcodes, & TouchID on iOS – An Introduction to the Aggregate Dictionary Database (ADDataStore.sqlite)
Recovering BitLocker Keys on Windows 8.1 and 10
A look at inner workings of Joycon and Nintendo Switch
Attacking RDP – How to Eavesdrop on Poorly Secured RDP Connections
The State of Internet Censorship in Thailand
How Cyber Criminal Marketplaces Operate: Carding and Reshipping
Roadmap to becoming a web developer in 2017
Mobile Security Research – Recap 2016
A Red Teamer’s guide to pivoting
The Non-Technical Guide to Machine Learning & Artificial Intelligence
Linux Malware Analysis using Limon Sandbox
Red Team Penetration Testing
gargoyle : a memory scanning evasion technique for Windows
What happens when you swipe a credit card?
Understanding HTTP Authentication Basic and Digest
Better living through online security & encryption

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s