Welcome to the Peerlyst wiki!

Here I have gathered numerous Information Security Resource Articles from the website: www.Peerlyst.com. They are frequently updated. As the site adds more Resources I will add them below.

NEW

• CISO MISSION ORDER 1.0 By Gary Hayslip‍
• Building a WScript Emulator By Mischa Rodermond‍
• InfoGraphic: Cybersecurity Defined By [email protected]‍
• BSidesLV 2017: SMB Security presentation 'Robust Defense for the Rest of Us' - by @sm0kem By Russell Mosley‍
• The purpose of ransomware By Bart P‍
• Resource: Free Computer Security Incident Response Plan Templates By Alan Watkins‍
• Tips for an Information Security Analyst/Pentester career -Episode 1:General and technical hints By Mattia Campagnano‍
• List of autorun keys / malware persistence Windows registry entries By Benjamin Infosec‍
• My Lecture Presentation - First Lecture from a series on Public Key Infrastructure By Alexander Raif‍
• Historical correlation in ArcSight SIEM By SOC Prime‍
• NSM 101 By Tony Robinson‍
• Broken Authentication and Session Management – part Ⅰ By Hari Charan‍
• Broken Authentication and Session Management – Session Fixation By Hari Charan‍
• Stackhackr: A tool to show non-techies what malware can do By Kimberly Crawley‍
• Sharing secrets with containers using Custodia By Alan Robertson‍
• A list of open source, free and paid phishing campaign toolkits By Guurhart‍
• Resource: Tri-fold Brochures for CIS Critical Security Controls (CSC-1 through CSC-5) By Alan Baban‍
• How to Run a GDPR Project By David Froud‍
• Tips for an Information Security Analyst/Pentester career - Episode 5: Wireshark basics (part 1) By Mattia Campagnano‍
• Change Management: What information and fields should a change request contain? By Peerlyst‍
• The Dangers of Ghost & Zombie Assets By ERI‍
• Tips for an Information Security Analyst/Pentester career - Episode 8: WebGoat By Mattia Campagnano‍
• Procedure: Creating and Maintaining a Threat Scorecard to be used for Threat Modeling and Risk Management By [email protected]
• Tips for an Information Security Analyst/Pentester career - Episode 9: DVWA (SQL injection) By Mattia Campagnano‍
• Want to Learn Python? - Functions, Explained By Ben B‍
• How to secure remote desktop protocol sessions By S. Delano‍
• Hostile subdomain takeover By Ron Hardy‍
• Manual Javascript Deobfuscation example By Mischa Rodermond‍
• Want to Learn Python? Logic Part 1 - Boolean Logic and Operators By Ben B‍
• A list of tools used to manage third party library dependencies and vulnerability identification By Peerlyst‍
• Tips for an Information Security Analyst/Pentester career - Episode 10: Metasploitable 2 By Mattia Campagnano‍
• Want to Learn Python? Logic Part 2 - Conditional Formatting, If/Then/Else and Summary While Example By Ben B‍
• A curated list of relevant Security RSS feeds By Peerlyst‍
• Big advance against credential spear-phishing. One of the big threats we do not fight well By Guurhart‍
• WMI wiki for offense and defense By S. Delano‍
• Tips for an Information Security Analyst/Pentester career - Episode 13: File Upload (DVWA) By Mattia Campagnano‍

Ad Fraud

• Objective Comparison Of Ad Fraud Detection Technologies By Dr. Augustine Fou, Cybersecurity Fraud Researcher
• The Ad Fraud Ecosystem Is A Well Oiled Rube Goldberg Machine By Dr. Augustine Fou, Cybersecurity Fraud Researcher
• Which Type Of Evil Bot is Wrecking Your By Dr. Augustine Fou, Cybersecurity Fraud Researcher
• What Can Bots Do? It's More Like What Can't Bots Do. By Dr. Augustine Fou, Cybersecurity Ad Fraud Researcher
• Bust Misconceptions About Ad Fraud Via Technical Understanding By Dr. Augustine Fou, Cybersecurity Ad Fraud Researcher

Attack Methods

• Distributed Denial Of Services(DDOS) Attacks - A Primer By Max Pritchard
• HTML Injection Introduction By Hari Charan‍
• HTML Injection Reflected POST HTTP Verb By Hari Charan‍

Application Security

• Testing The Security of a JAVA Application By Karl M.
• Improper Session Termination Leading to Potential Account By Ankit Giri
• How Important is Application Security And Customer Data Protection To A Startup? By Ankit Giri
• How To Implement Secure Password Storage With Hashing And Salting In Your Application By Karl M.
• Introduction: OWASP Security Knowledge Framework Project By Glenn Ten Cate
• SAP HANA Security: The Patching Process By Alexander Polyakov
• Application Security Wiki By Nicole Lamoureux
• A list of Application whitelisting solutions By S. Delano‍

Awareness

• Cybersecurity Training Gamification: Fun Ways To Raise Awareness By Oscar Waterworth
• Living In The Security Echo Chamber By Tal Arad‍
• Improving Security Culture: Don't Make Awareness Training A Punishment By Dan Lohrmann‍

Backups

• Resource: You’re Better Off... With a Backup. By Nicole Lamoureux‍

Best Practices

• How to Develop an Enterprise Secure Coding Program By Michael Ball
• Security Automation Best Practices - A Free eBook By Gwen Betts
• Network Segmentation Guides and Best Practises By Benjamin Infosec
• Resource: Network Device Configuration Storage Best Practices By Guurhart

Your InfoSec Career

• Do You Want To Work In Infosec or Win a Nobel Prize for Literature? By Kris Rides
• A collection of links about transitioning into Infosec or starting an infosec career and making it By Peerlyst
• Cybersecurity Recruiters - The Gauntlet is Thrown! By David Froud
• Announcing a New Peerlyst Initiative Resume Rewrites! By Peerlyst
• Hiring Your First Security Professional By Dawid Balut
• Employment Expectations Mismatch and Recruitment Pitfalls in Infosec By Dawid Balut
• Cracking The Infosec Interview For Fun And Profit By Fabio Baroni
• One Interview A Month - Lessons Learned By Kyle Chambers
• Reflections from a Coaching Session on Effective Presentations By Chris Zoladz‍
• The How To Become {Infosec Job Title} Collection By Nicole Lamoureux‍
• On the Shoulders of InfoSec Giants By Andrew Douma‍
• Certification Path, Study Plan For The CISM Exam By Jon Snurka‍
• ISACA CISM: Why you should do it and how to pass the certification exam! By Cláudio Dodt
• Closing the Talent Gap By Alan Wong
• While we wait for the next big hack to draw everyone's attention to security, do this By Benjamin Infosec
• The InfoSec Mentors Project By Jimmy Vo
• Communication Across The Ranges... By Chris Roberts‍
• Resource: The how to pass an exam/certification and study guide Wiki By Peerlyst‍

CISO

• CISO Playbook For Handling a Suspected Data Breach By 1337Mark
• What Every CISO Should Know About DDSO Attacks By Yoav Cohen
• CISO Budget Tool: Crowdsourcing Our Way To Improved Security Management By Terry Gold
• Resource: Tools, Tips, and Links to Make the CISO Job Easier By Guurhart
• Information Security Outsourcing: A CISO's Perspective By George Moraetes
• Resource: How To Avoid Data Breaches And Lawsuits, A Manual For CISO's By Guurhart
• Cyber Evangelism 101 By Gary Hayslip‍
• Life-Cycle of a Security Gap By Gary Hayslip
• The Life-Cycle Process of a Security Gap (Part 1) By Gary Hayslip‍
• 20 Cybersecurity Questions for Executives and the Board of Directors By [email protected]‍
• CISO brief: The watertight case for application whitelisting By 1337Mark‍
• The Life-Cycle Process of a Security Gap (Part 2) By Gary Hayslip‍
• CISOs: Be careful of how much trust you put in your Mac Address whitelisting/Port Security By S. Delano‍

Compliance

• Everything You Need to Know About NERC CIP Compliance By Dave Millier, CRISC
• GDPR: 5 Tips for meeting individuals’ rights By Chris Zoladz‍
• GDPR: Forget the Damned Fines, Worry About Staying in Business! By David Froud‍
• GDPR: Does the ‘Right to Erasure’ Include Backups? By David Froud‍
• How to communicate the concept of cyber-security maturity. By Ed Snodgrass‍
• Cybersecurity Professionals: Don’t Change by Not Changing at All By David Froud‍
• General Data Protection Regulation GAP Assessment By [email protected]‍

Cryptography

• Peerlyst Pathfinder Cryptography By Shay Gueron

Capture The Flag Competitions

• Resource: Capture The Flag(CTF) Competitions, Write-ups, and How To CTF Like A Pro By Claus Cramon Houmann

Cloud

• Appliance As a Service Products Suck By Julian Cohen
• Conceptual Mapping of On-premises Infrastructure Security Components to Cloud Security Services By Adrian Grigorof‍

Cybercrime

• Trends in cybersecurity/cybercrime 1999 - 2020 By [email protected]‍

Database Security

• Oracle database security scan - process explained By DATAPLUS‍

DNS

• DNSSEC Signing Revisited By Jim Fenton

Digital Forensics and Incident Response

• Learning network traffic analysis - resources to help you learn how to analyze a stream By 1337Mark
• Some Useful Forensics Tools For Your Forensics Investigation By AdminAdmin
• How to clean out golden tickets after a successful attack on your active directory By Guurhart
• Cybercrime Report Template By Bart Blaze
• Obtaining WPA-PSK Keys on Windows 7, 8, and 10 for Digital Forensics (Or Evil and Fun By Martin Boller Incident Response
• Resource: A Free to Use Scenario To Test Your Incident Response Process Against a DOS Attack By Claus Cramon
• CSIRT: Classifty The Severity Of A Breach By Michael Ball
• Resource: Proactive Ransomware Defenses and Reactive Incident Response Against Ransomware Infection By Claus Cramon Houmann
• Guidance For Incident Response Play Books By Michael Hamblin
• Resource: Free Basic Template Information Security Incident Management Policy and Procedure By Sunil Kuamr
• How To Build And Run A SOC For Incident Response Play Books By Claus Cramon Houmann

Encryption

• Fingerprinting HTTPS Traffic By Looking At Patterns And Unencrypted Parts Of The Traffic By Karl M.

Fiction/Novels

• Information Security Fiction Wiki By Nicole Lamoureux‍

Firewalls

• Research on Bypassing Web Application Firewalls By Guurhart
• List Of WAF Security Bypass Research By Karl M.
• Resource: Spam Firewalls, What is Behind The Name And A List Of Spam Firewall Products By 1337mark
• Resource: A List Of Open Source Web Application Firewalls(WAFs) By S. Delano
• Blue team guide: Can and should you block outbound ICMPv4 from your environments? By Guurhart‍

Frameworks

• 15 minute video - NIST Cybersecurity Framework Overview By [email protected]‍

Free Reading/Training Resources

• Security Automation Best Practices - A Free eBook By Gwen Betts
• A collection of links about transitioning into Infosec or starting an infosec career and making it By Peerlyst
• Resource: Best Offensive and Exploitation Books in Security By Peerlyst
• Resource: Free InfoSec Books List By Claus Cramon Houmann
• Peerlyst Announcing its First Community eBook: The Beginner's Guide To Information Security! By Limor Elbaz
• Resource: A List of Free Online Training Resources By Karl M
• Resource: A List of Security-Related Mailing-Lists By Peerlyst
• Learning Linux: Cheat Sheets, Overview And Resources By Pyotr A Pavlensky
• Train Your Cyber Skills Online Updated By Joe Shenouda
• The Complete List of InfoSec Related Cheat Sheets By Claus Cramon
• Free Training: Threat Landscape - IOT, Cloud, and Mobile By Peerlyst
• Second Community eBook: Essentials Of Cybersecurity By Limor Elbaz
• Peerlyst Reviews Wiki: InfoSec Products, Services, Books & Trainings By Peerlyst‍

Guides

• How to clean out golden tickets after a successful attack on your active directory By Guurhart
• Security Automation Best Practices - A Free eBook By Gwen Betts
• Peerlyst Pathfinder Research Guide Data Privacy Law and Legislation: US Edition By S Delano
• Wordpress Hardening - A Comprehensive Guide By Mark Cutting
• Resource: A List of API Security Guides and Resources By Karl M.
• The Recruiters Guide: Certifications You Should Know About That Make Infosec People More Hireable By Claus Cramon
• Resource: Learning How To Reverse Malware - A Guide By Claus Cramon Houmann
• Resource: The Infosec Honey Anything Guide By Claus Cramon Houmann
• Peerlyst Pathfinder Research Guide Cybersecurity Law: US Edition By Tracy Z. Maleeff
• Configuring and Using DANE TLSA Records By Per Thorsheim
• A CISM Study And Exam Guide By Guurhart
• A CEH Certified Ethical Hacker Study And Exam Guide By Guurhart
• Enumerating JSONS Form Command Line By Zeev Glozman
• Full Disk Encryption with VeraCrypt By Andrew Douma‍
• How to safely use Enterprise File Sync and Share solutions By Dawid Balut
• US Information Security Resources By Dennis Leber

Hacking

• The History of Hacking Wiki By Nicole Lamoureux‍
• Wiki: UAC Bypasses and UAC bypass research By Nic Cancellari
• Information Gathering – First Step of Hacking By Sachin Wagh‍

Hiring

• Two top Cybersecurity challenges to hiring talented people, #1. salary and #2. proven experience. By [email protected]‍

Identity Management

• Treat Your Key Pairs Like Passwords By Michael Ball
• UX Comparison of IOS Authenticator Apps By Per Thorsheim

Install Guides

• Resource: PGP Installation Guides for OSX, Windows, and Linux for Newcomers By Karl M.

Intelligence

• List of sites and services that scan the entire Internet and publish results By Claus Cramon Houmann‍

The Internet of Things

• [Securing The Internet Of Things - Developer's Guidance] (https://www.peerlyst.com/posts/securing-the-internet-of-things-developer-s-guidance-michael-ball?utm_source=github&utm_medium=social&utm_content=peerlyst_post&utm_campaign=peerlyst_shared_post) By Michael Ball
• The IOT Files: Culture By Antonio Ieran
• The IOT Files: IOT and Security By Antonio Ieran
• The Internet of Things is Evolving and Security Engineers Will Need To Keep Up By Brian Russell
• If you buy PKI, you won't be booted out of IOT game By Madjid Nakhjiri
• Links and Resources for getting started with ARM Assembly and Exploitation By Nitesh Malviya‍

Langsec

• Langsec Implications For Security By Rob Lewis

Legal

• NIS Directive 1148/2016 summary in a single slide By Cristian Driga‍

Management

• 12 Essential Cybersecurity Program Management Processes By [email protected]‍

Medical Devices

• A Historic Timeline of Medical Device Security Research By Karl M.

Mobile

• Securing an Android Phone or Tablet By Andrew Douma

Municipal(City)

• Securing Your Municipal Infrastructure By Victor Wong

Monitoring -Decoding TLS Docker API with Wireshark By Philippe Bogaerts

Offense and Exploitation

• Know Everything About the Malicious Domain Generating Algorithm By Anshuman Kak
• Will Back Ups Be Enough? By Bradley Dougherty

Outsourcing

• A Night at the Outsourcer By Dean Webb

Open Source Intelligence

• Resource: OSINT Tools and How You Learn How To Use Them By Guurhart
• OSINT And Threat Intelligence Chrome Plugin To Look Up IPS, FQDNS, MD5, SHA2, and CVES By Matt Brewer
• Threat Intelligence Hunter: An Open Source Project For Threat Hunting and Information Gathering By Abhinav Singh

Oracle

• EAS-SEC. Oracle PeopleSoft Security Configuration. Part 3: Default Accounts By Nadine Krivdyuk
• Oracle ADRCI: Controls For Auto Purging Those Old Alerts By Arthur Kettelhut
• ADCRI Let's create an incident package By Arthur Kettelhut
• EAS-SEC. Oracle PeopleSoft Security Configuration. Part 4: Unnecessary Functionality By Nadine Krivdyuk‍

Passwords

• Probable-Wordlists - (up to) 20 GB of real leaked passwords sorted by popularity, not alphabetically By Ben B‍
• DPAT: New Domain Password Audit Tool By S. Delano‍

Peerlyst Website Resources

• A Template For Creating A Training Course On Peerlyst! By Peerlyst
• A Template For Peerlyst Product Reviews By Peerlyst
• Call For Volunteers: Build Resources For The InfoSec Community By Peerlyst
• Example Template For Creating Peerlyst Resources By Peerlyst
• The Complete Security Calendar By Peerlyst

Pentesting

• The science of port scanning - everything you need to learn collected into 1 post By Karl M.
• Metasploit Quick Tips For Security Professionals By Abhinav Singh
• Resource: Best Offensive and Exploitation Books in Security By Peerlyst
• Resource: A Compendium of Sites That You Can Practice On. You Can Legally Hack These Sites! By Karl M.
• Finding The Right Exploit Code By Andrew Douma
• Code Elements To Look For When Automating Exploit Generation By Fabio Baroni
• The Best Resources For Learning Exploit Development By Fabio Baroni
• Create Your Botnet Of Malicious Browser Extensions With BEEF, Armitage, BEEF Strike By Beny Bertin
• Penetration Testers Guide To Windows 10 Privacy and Security By Andrea Douma
• Pentesting Binary and non-HTTP Protocols with the NOPE Proxy By Josh Summitt, CISSP, CEH, GPEN
• Transfer Backdoor Payloads By ARP Traffic and Bypassing AVs By Damon Mohammadbagher
• How To TCPDump Effectively in Docker By Philippe Bogaerts
• How to set up a Home Pentesting Lab on a Shoestring By Dave Howe‍
• Pentesting Wiki: Testing SQLite databases By Karl M.‍
• A collection of Red team infrastructure and operations resources By Claus Cramon Houmann‍
• Transferring Backdoor Payloads with BSSID by Wireless Traffic By Damon Mohammadbagher‍
• VoIP Penetration Testing By Abhinav Singh‍
• The set-up a malware/pentesting lab Wiki By Peerlyst‍
• Pentest tools: LFI scanners and exploiters By Karl M.‍
• Transferring Backdoor Payloads with BMP Image Pixels By Damon Mohammadbagher
• New essential pentest tool - WHID Injector: How to Bring HID Attacks to the Next Level By Karl M.
• How To Put Any Android Smartphone Into Monitor Mode Using Custom Script Without bcmon By kali linux
• List of public port scanner websites By Karl M.‍
• Pentesting on crack: Automating the Empire with the Death Star By Karl M.‍
• Resource: Pentesting Wiki By Nicole Lamoureux‍

Privacy

• Some Small Things You Can Do To Preserve a Little Privacy By Peter Stone
• Where Are You Along This Privacy Spectrum? By Dr. Augustine Fou
• Are You Prepared For The GDPR? By Carey Lening
• GDPR: Tips for Engaging Technology Resources By Chris Zoladz‍
• The GDPR Wiki By Nicole Lamoureux‍
• GDPR: 4 Tips for addressing accountability By Chris Zoladz‍
• Study Shows Personal Identifiable Information Found on Resold Electronics By ERI‍

Programming

• Guide For Programmers - How To Generate Secure Random Numbers By Pyotr A Pavlensky

Ransomware

• WannaCry no more: ransomware worm IOC's, Tor C2 and technical analysis + SIEM rules By Andrii Bezverkhyi‍
• #WannaCry and the Rise and Fall of the Firewall By [email protected]‍

Regex

• Learning how to write regular expressions - a collection of resources By Susan Parker‍

Risk

• CISO Budget Tool: Crowdsourcing Our Way To Improved Security Management By Terry Gold
• Cybersecurity And Risk Management: An Evolving Ecosystem Full Article By Gary Hayslip
• Managing Insider Risk By Darrell Drystek
• Resource: Third Party Risk Assessment Reading Material And Help By 1337mark
• Making A Risk Based IT Change Management Process By Josh Moulin
• Vendor Cybersecurity Governance: 10 Must Haves Part 2 By Sarah Clarke
• Thoughts on Creating A Culture of Cybersecurity in the Workplace By Oscar Waterworth
• Treat Your Key Pairs Like Passwords By Michael Ball
• Are You Prepared For The GDPR? By Carey Lening
• Enhance Cybersecurity With Threat Modeling By Brian Beyst
• Step 1: Define the Threat Modeling Objectives By Brian Beyst‍
• Step 2: Identify Key Stakeholders and Leaders By Brian Beyst‍
• A Threat Modeling Wiki By Nicole Lamoureux‍
• Assessing Risk - Helping the SMB market understand By Rob Chaykoski‍
• Security Metrics-Risk Assessments By Rob Chaykoski
• Procedure: Creating, Maintaining a Threat Scorecard used for Threat Modeling and Risk Management By [email protected]‍

SCADA

• ICS-SCADA Cybersecurity Resources By Andrew Carts‍
• SCADA Wiki By Nicole Lamoureux

Security Certificates

• Security Niblets: PKI Digital Certificates - The Chains That Bind By Bryan Sowell, CISSP
• How To Move Your App From HTTP to HTTPS By Puja Kamath
• Example of Client Certificate Usage - Securing WP Admin By Dave Howe
• CertUtil –the little engine that could (Part 1) By Bryan Sowell, CISSP‍
• Certificate Authorities are now required to check your CAA record before issuing TLS certificates By Boris Karamazin

Security Operation Centers

• CISO and SOC Guide: Detecting and Stopping Data Exfiltration Via DNS By S. Delano
• How To Build And Run A SOC For Incident Response Play Books By Claus Cramon Houmann
• Build A SOC or Choose An MSSP? By Eric Carroll

Security Management

• Active Cyber Defence 101 By Stephen W
• Active Cyber Defence - Cyber Deception - Part Two By Stephen W.
• Cyber Hygiene - It's About The Basics By Gary Hayslip, CISSP, CISA, CRISC, CCSK
• Cybersecurity Considerations With Bring Your Own Device BYOD Implementations By Josh Moulin
• ISO Standards Relevant To Information Security Professionals By Guurhart
• Cybersecurity As A Life Cycle By Gary Hayslip, CISSP, CISA, CRISC, CCSK
• Security Monitoring And Attack Detection With Elasticsearch, Logstash, And Kibana By Martin Boller
• Vendor Cybersecurity Governance: 10 Must Haves Part 1 By Sarah Clarke
• Database Security: Don't Forget About it! By Phillip Maddux
• Security Through Obscurity: Why Your Next-Gen Cyber Solution Is Worthless By Daniel Shapira
• Treat Your Key Pairs Like Passwords By Michael Ball
• My Way Of Recovering From a Docker Swarm Meltdown Effectively By Philippe Bogaerts
• Will Back Ups Be Enough? By Bradley Dougherty
• EAS-SEC. Oracle PeopleSoft Security Configuration. Part 2: Patch Management By Nadia Krivdyuk

SIEM

• The Theory and Reality of SIEM ROI in 2017 By Andrii Bezverkhyi
• RESOURCE: Free or Freemium SIEM and Log Management Tools By Martin Boller

Social Engineering

• Why Is social Engineering Such A Significant Security Concern By Mark Cutting

Software Development

• Rugged DevOps, DevSecOps, and Implementation By ThreatModeler‍

Small Businesses

• Security Management Resources for Small Businesses By Dawid Balut
• Resource: Free Comprehensive Information Security Policy Template For Small Business(SMB/SME) By Claus Cramon
• Free Basic Template Information Security Policy For Small Business(SMB/SMBE/SME) By Glenda Snodgrass

Startups

• Security Start Up Incubators List By Newswatcher
• Security in a start-up. Making every dollar matter. By Benjamin Infosec‍

Templates

• Resource: Free Change Management Policy Template for Small Business (SMB/SME) By Claus Cramon Houmann‍

Threat Modeling

• Threat Modeling: Data Flow Diagram Vs Process Flow Diagram By Anurag Agarwal
• Three Pillars of a Scalable Threat Modeling Practice By Anurag Agarwal
• Threat Modeling For Mobile Applications By Michael Ball
• Which Threat Modeling Methodology is Right for Your Organization? By Brian Beyst, MBA
• Meaningful Threat Modeling for CISOs By Anurag Agarwal‍

InfoSec Tools

• A List of Static Analysis Tools For C/C++ By Peerlyst
• Resource: Open Source Fuzzers Lists By Claus Cramon Houmann
• Resource: Infosec Powershell Tools, Resources, And Authors By Claus Cramon Houmann
• Resource: Tools and Methods That Help You Automate Security For Your Company By Guurhart
• Resource: Infosec Active Defense Tools and Tricks By Guurhart
• A List of Fuzzing Tutorials On Different Fuzzing Tools By Karl M.
• Resource: A List Of Dynamic Analysis Tools For Software By Susan Parker
• Resource: Cyber Attack Simulation Tools and Services List By Claus Cramon Houmann
• Deobfuscation Resources For Various Types of Files and Obfuscation Methods By Susan Parker
• The Uses Of HIDS(Host Intrusion Detection Systems) And NIDS(Network Intrusion Detection Systems) By Guurhart
• BsidesSF 2016 Recap Of Fuzz Smarter, Not Harder - An AFL Primer By Claus Cramon
• Cooperative Infrastructure For Security And CTF Teams By Dan Borges
• [Tool] Psychohasher: All Purpose Hashing Utility By Animesh Shaw
• Permanently adding attack vectors in Burp Suite By Niranjan Butola‍ Popular attacker tools & techniques: survey results By Bart P
• A list of static analysis tools for Portable Executable (PE) files By Susan Parker

User Awareness

• Approaching User Awareness By Javvad Malik
• Solving The Enigma Of Security Awareness Part 1 By Darrell Drystek
• How To Tips For A Successful Security Newsletter By Darrell Drystek
• Are You Interested In Improving Security Awareness At Your Organization? By Darrell Drystek

Vehicle Security

• Resource: List of Car Hacking Tools, Car Security Tools, and Car Security Resources By Ben Ferris
• What is an embedded system? By Martin Thompson

Virtual Lab

• The Avatar Project : Architecting a Multi-Purpose virtual lab environment By Tony Robinson

Vulnerability Management/Disclosure

• Tracking or Disclosing Vulnerabilities in 2017: How to Track Them and Where to Disclose Them By 1337mark
• Hardware/Software Vendor Playbook: Handling Vulnerabilites Found in Your Products After Launch By Ron Hardy
• Resource: An Up To Date List Of Bug Bounty Programs, Reward Systems, And Security Acknowledgments By Claus Cramon Houmann
• Implementing ERP Vulnerability Management Process: Part 1 By Mikhail Rakutko
• Implementing SAP Vulnerability Management Process. Part 3. Vulnerability Analysis By Michael Rakutko
• 334 zero-days were used in APT attacks since 2006 By Valery Marchuk‍

Vulnerability Scanners

• Searching Intelligently with VirusTotal Intelligence Search By Abhinav Singh
• Resource: Open Source Fuzzers Lists By Claus Cramon Houmann
• NMAP For Vulnerability Discovery By Sachin Wagh‍

Web Site Security

• Simply Put: The Differences Between HPKP, HSTS, And CSP. By Claus Cramon Houmann
• OWASP Juice Shop Vulnerable Webapp By Stuart Winter-Tear‍
• Climbing Mount WebAppSec – ZAP Directory Traversal By Stuart Winter-Tear‍
• Climbing Mount WebAppSec – Discovering Directories & Files with ZAP By Stuart Winter-Tear‍

Windows

• Windows 10 security wiki By Guurhart
• A huge list of Windows log file Event IDs for detecting lateral movement By S. Delano‍