Content Recommendations for 2018

December 30th 2018

During 2018, I read a lot of interesting articles, this is a collection of the ones I am recommending this year, some may not be Cyber Security related, but they all have something to give. Disclaimer: Not all of these were released in 2018, this list of recommended content I read in 2018.

• Articles

  ---

• ELF Binary Mangling by Yuu

  This is a very interesting article discussing the art of ELF Binary Mangling, which gives us the ability the develop extremely small ELF Binaries. It’s a great technical article which runs through the entire process in great detail.

• The Cyber Kill Chain is making us dumber by thoth

  Once I started hearing about the "Cyber Kill Chain", I knew I was in for something spectacular, especially with a name like that, after reading it, I knew it was very much wrong, this article gives a lot of reasons why and I think expresses the problems with the "Cyber Kill Chain" in an easy manner.

• Books

  ---

• Breaking into Information Security: Learning the Ropes 101 by Andrew Gill

  This book was gifted to me, and gives an extremely easy overview for anybody who wants to get into Infosec. I would recommend this book for anybody who wants to join the Infosec community, or is in a mentor position.

• Bishopfox Cyber Security Style Guide by Bishopfox

  I wanted a quick reference for a lot of Cyber Security terms, this covers them extremely well, and is a worthwhile look.

• Zen and the Art of Motorcycle Maintainence by Robert M. Pirsig

  I read this book in High school, and only rediscovered it this year, under the self-help section of a local book store. This book is what helped me develop the values I promote to this day, and comes in an easily digestible format. I would recommend this book to anybody, especially young people.

• Journals

  ---

• Kult of the Cyber Witch

  Kult of the Cyber Witch is a super interesting Journal which offers a great mix between technical zine and aesthetics, it is well worth the look.

• PoC|GTFO

  PoC|GTFO is one of the more interesting Journals I have read, and will continue to read, with a basic premise, Proof of Concept or Get the Fuck Out, an effective way of keeping practical techniques in the journal, it has some awesome articles and a full print version that looks like a bible.

• Presentations

  ---

• Bug Bounty Hunting on Steroids by Anshuman Bhartiya and Glenn Grant

  This is a good look at a couple of people’s developments into scalable bug-bounty work, and how they built their program and its integration in a high-level discussion. It covers how they built it, scaled it and how it integrated into their workflow.

• Dutch Ministry of Defence GRU Close Access Cyber Operation Against OPCW by Dutch Ministry of Defence

  A presentation delivered by the Dutch Ministry of Defence, where they showed off an operation by the GRU, which shows off the operational tools and some of the techniques used by the team. It is worth a look to see how they operate and what tools they used for wireless attacks.

• Influencing Meat Puppets through memes by Simon Howard

  A presentation from BSidesWLG, which discussed the influence of Russian troll farms against elections using social media and memes, and a final discussion of how you could develop your own. I recommend the read of this presentation for anybody, it’s a great read.

• Recalibrating Cyber Education by Brendan Hopper

  I found this talk while going through twitter one day, it covered how UNSW changed their Cyber Security Students, and explained why and how they did it. This is one of the few presentations I have found that explain how and why to change the way we teach "cyber". P.S. This is unlisted, so youtube-dl that ASAP.

• Betrayed by the Keyboard How What You Type Can Give You Away by Matt Wixey

  This is a great presentation on a piece of research into a type of linkage method called CLA or Case Linkage Analysis, and its usage in a cyber security environment, this includes a practical experiment and its results. I would recommend reading this if you are looking for new types of techniques for digital forensics/incident response teams.

• Technical Papers

  ---

• An Analysis of the Protonmail cryptographic architecture by Nadim Kobessi

  This is a piece of research into the cryptographic architecture of Protonmail, including all major stems of the application, and offers an in-depth analysis of the entire application, giving a full list of recommendations for improvements.

• Do Stack Overflow Good by @justinsteven

  I suck at explaining buffer overflows, this is an awesome repo covering the full rundown of what it is, how it works, and is now my go-to for people who want to learn how to do stack-overflows good.

• How your brass rat could care for you

  A cool, quick paper covering how to move a 125KHz tag into a ring, I found this interesting, and if you enjoy EE, I would recommend having a look.

• The Drumm Geminy Shield Report by Toool

  I was walking by a train station, and I spotted a new thing on the ticket machines, after a quick snap and some light googling, I found this cool lock, called the Geminy Shield, and I wanted to learn about it more. This is a technical paper I found on the Toool website covering their testing of the Geminy Shield, and it includes a full breakdown of the device and the attacks on it.