These are some sites that I have bookmarked and refer to fairly regularly. I also have RSS feed links for a number of sites, so I see the new articles as they get posted.
If you are interested in the RSS feed list, a opml is available on my Github site.
Blog Sites
- SANS ISC: https://isc.sans.edu
- Dark Reading: http://www.darkreading.com/
- Brian Krebs Blog: http://krebsonsecurity.com/
- Tony Perez: https://perezbox.com/category/security/ (He is one of the founders of the Sucuri and his post are website security specific – Drupal, WordPress – but there are some good general topics included as well)
- Sucuri Blog: https://blog.sucuri.net/ (Same as above website security specific, but sometimes when they discover vulnerabilities or bugs they explain how a site got infected and what they did to find it)
- Holistic InfoSec: https://holisticinfosec.blogspot.com/
- Security Ledger: https://securityledger.com/
- Google Project Zero: https://googleprojectzero.blogspot.com/
- I Am The Cavalry: https://www.iamthecavalry.org/ (Focuses on issues relating to devices -Medical, Home, Automotive and public infrastructure- and how it affects us)
- Security | DMA | Hacking: https://blog.frizk.net/?m=0
- Adam Shostack & friends: https://adam.shostack.org/blog/ (Was Emergent Chaos: http://emergentchaos.com/ (They have an interesting post about C3PO in Star Wars and how it relates to INFOSEC)
Training and Certification
- FairclothSec Training: http://training.fairclothsec.com/www/index.php
- Open Security Training: http://opensecuritytraining.info/Training.html (It’s free information security training on different topics)
- Security Compass: https://www.securitycompass.com/training/
- Become (and stay) a CISSP on a Budget (blog post): http://avitria.com/thriftycissp.html
- Computer Security Student: http://www.computersecuritystudent.com/HOME/index.html
- SANS: https://www.sans.org/
- ISACA: https://www.isaca.org
- (ISC)2: https://www.isc2.org
- Cybery: https://www.cybrary.it/
Valuable Tools and Resources for INFOSEC investigations
- Africa Internet Number Registry (AFRNIC): http://www.afrinic.net/services/whois-query
- American Registry for Internet Numbers (ARIN): https://www.arin.net/
- Asia Pacific (APNIC): https://www.apnic.net/apnic-info/whois_search
- Latin America and Caribbean (LACNIC): http://lacnic.net/cgi-bin/lacnic/whois?lg=EN
- Europe (RIPE): https://apps.db.ripe.net/search/query.html
- North America (ARIN) IP Search: https://whois.arin.net/ui/
- ICANN WHOIS Search: https://whois.icann.org/en
- ip2geolocation: http://ip2geolocation.com/?lang=en
- IP Location Finder (geolocation): https://www.iplocation.net/
- MX Toolbox (DNS, MX Record Tools): https://mxtoolbox.com/
- WatchGuard Technologies – Reputation Authority: http://www.borderware.com/index.php
- Shodan: https://www.shodan.io/
- Packet Total (Think VirusTotal for network packets): https://www.packettotal.com/
- Down For Everyone of Just Me (Check if a website is up): http://downforeveryoneorjustme.com/
- URL Scan (Why go to a suspect site using you browser): https://urlscan.io/
- GetLinkInfo (Expand shorten URL’s to find the redirection): http://www.getlinkinfo.com/
- RegEx Validator
- List of User Agent Strings (great for wget and curl): http://www.useragentstring.com/pages/useragentstring.php
- Have I been pwned? (Check if your email has been compromised in a data breach): https://haveibeenpwned.com/
- VirusTotal: https://virustotal.com/
- CyberChef: https://gchq.github.io/CyberChef/#
- Clean URL/email links (Make a link inert before emailing or posting): Under Utilities
- DomainTools: https://whois.domaintools.com/
- Malware Domain List (MDL): https://www.malwaredomainlist.com/
- DNSDB (You need a login account): https://www.dnsdb.info/
- AlienVault OTX (Open Threat Exchange): https://otx.alienvault.com/
- IBM X-Force Exchange: https://exchange.xforce.ibmcloud.com/
- ViewDNS: http://viewdns.info/
Sites if you are interested in Penetration Testing
- Building a Home Lab to Become a Malware Hunter: https://www.alienvault.com/blogs/security-essentials/building-a-home-lab-to-become-a-malware-hunter-a-beginners-guide
- Free Virtual Machines from IE8 to Microsoft Edge: https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/
- Penetration Testing Tools Cheat Sheet: https://highon.coffee/blog/penetration-testing-tools-cheat-sheet/?imm_mid=0ecebf&cmp=em-webops-na-na-newsltr_security_20170131
- Listing of default passwords: http://www.defaultpassword.com/
- Vulnerable By Design ~ VulnHub: https://www.vulnhub.com/
Sites if you are interested in Security Awareness
- Internet Storm Center: http://isc.sans.edu
- SANS Securing the Human: https://securingthehuman.sans.org/
- SANS OUCH! Newsletter: https://securingthehuman.sans.org/resources/newsletters/ouch/2016
- University of Massachusetts Data Security Awareness and Education website: https://www.umassp.edu/uits/secure-computing
- National Cyber Security Alliance: http://www.staysafeonline.org
- Microsoft Security Awareness Materials: https://www.microsoft.com/about/philanthropies/youthspark/youthsparkhub/programs/onlinesafety/#Free-materials
- Security Awareness Toolbox: http://www.iwar.org.uk/comsec/resources/sa-tools/
Questionable INFOSEC Sites
When I first started in information security, an IT director told me that the last INFOSEC administrator looked at good sites and also reviewed questionable hacker sites to stay current. So I started to do the same but not as frequent as other sites.
- Packet Storm Security: https://packetstormsecurity.com/ (The better of the questionable sites)
- Exploit DB by Offensive Security: https://www.exploit-db.com/ (Name says it all, from the makers of Kali Linux)
- VulDB: Vulnerability Database: https://vuldb.com/
- Hacking Articles: http://www.hackingarticles.in/ (Name says it all)
- Deep Dot Web: https://www.deepdotweb.com/ (Site that search accesses the dark web content. Use caution!)
Collapse All