Green-Monster

This repository is designed to be a collection of resources to aid the weary sec traveller

Security and Risk Management

Security control principles

IT policies and methods

Calculation of observance requirements

Creating a scope, proposal, and strategy for enterprise continuity requirements

Risk-centered concepts

Compliance requirements

Threat modeling and methods

Asset Security

Managing requirements

Data security restrictions

Safeguarding privacy

Retention

Categorization and possession of data

Security Architecture and Engineering

Kubernetes

• The kubernetes iceberg

Ideas for security skills of data systems

Cryptography

Ability to lessen weaknesses in security architects, plans, mobile apps, web-based apps, and entrenched systems

Concepts of security prototypes

Communications and Network Security

Protecting network parts

Protecting communication channels

Applying and safeguarding layout values in network design

Identity and Access Management

Logical and physical access to data

Detection and validation

Assimilating uniqueness as a provision and third-party identity services

Approval mechanisms

Security Assessment and Testing

Vulnerability assessment and penetration testing

Disaster recovery

Business continuity plans

Awareness training

Security Operations

Enabling security inspections

Accumulating secure information

Business endurance

Safeguarding the provision of assets

Logging and examining events

Software Development Security

Examining hazard evaluation

Detecting weaknesses in source code

Java and JavaScript

TypeScript

Ruby

Unsorted

Tools

• Dehashed - Leaked creds, DNS data
  • Summary: Searches databases for various leaked info and dns info. Good for personal monitoring but costs for anything else
  • Paid service with some free features
    • 15 a month or 180 a year
  • Free
    • Create up to 10 monitoring rules (Name, email, phone)
    • Deliver to up to 2 channels for when a rule is triggered (Email or SMS)
  • Paid
    • Api
    • Deep Whois data. 4 bucks for 100 searches
• SecurityTrails - DNS data
  • Summary: Great resource for DNS data. A records and host, MX, NS, SOA, TXT, CNAME, and subdomains
    • Free and paid. Paid unlocks pretty much unlimited searches per month and API. Free is 50 searches a month
• DorkSearch - Google dorking
• ExploitDB - Archive of various exploits
• ZoomEye - Gather info on targets
• Pulsedive - Threat intel searching
• GrayHatWarefare - Search public S3 buckets
• PolySwarm - Scan files and urls for threats
• VirusTotal - Scan files, urls, and hashes for threats
• Fofa - Threat intelligence searching
• LeakIX - Publicly indexed information
• DNSDumpster - Search DNS records
• FullHunt - Search and discover attack surfaces
• AlienVault - Threat intel feed
• Onyphe - Cyber-threat intel data
• Grep App - Search git repos
• URL Scan - Scan and analyze websites
• Vulners - Search vulns
• WayBackMachine - View website deleted content
• Shodan - Search devices connected to the internet
• Netlas - Search and monitor connected assets
• CRT sh - Search for certs that have been logged by CT
• Wigle - Database of wireless networks and stats
• Binary Edge - Threat intel
• GreyNoise - Devices connected to the internet
• Hunter - Search for email addresses belonging to a website
• Censys - Assessing an attack surface for internet connected devices
• IntelligenceX - Search Tor, I2p, data leaks, domains, and emails
• Packet Storm Security - Browse latest vulns and exploits
• SearchCode - 75 billion lines of code from 40 million projects
• ShouldICallBack - Skiptracing on phone numbers
• VirusTotal - Primary file and url scanning tool.
• CheckPhish - Malicious site validation. Provides live view for visual aid where virustotal does not
• Intelx - Find leaked info on websites