Forwarded from CyberSecBastion
Secure_Programming_Cookbook_for_C_and_C++_John_Viega_and_Matt_Messier.pdf
4.1 MB
Secure Programming Cookbook for C and C++ John Viega and Matt Messier, 2003
The file is provided for reference only. Trial period of use - 3 days. Please, buy a license copy!
The file is provided for reference only. Trial period of use - 3 days. Please, buy a license copy!
Software Supply Chain Security: Securing the End-to-end Supply Chain for Software, Firmware, and Hardware, Cassie Crossley, 2024
Trillions of lines of code help us in our lives, companies, and organizations. But just a single software cybersecurity vulnerability can stop entire companies from doing business and cause billions of dollars in revenue loss and business recovery. Securing the creation and deployment of software, also known as software supply chain security, goes well beyond the software development process. This practical book gives you a comprehensive look at security risks and identifies the practical controls you need to incorporate into your end-to-end software supply chain.
Author Cassie Crossley demonstrates how and why everyone involved in the supply chain needs to participate if your organization is to improve the security posture of its software, firmware, and hardware. With this book, you'll learn how to: Pinpoint the cybersecurity risks in each part of your organization's software supply chain. Find the cybersecurity frameworks and resources that can improve security Identify the roles that participate in the supply chain--including IT, development, operations, manufacturing, and procurement Design initiatives and controls for each part of the supply chain using existing frameworks and references Evaluate third-party risk in your supply chain
#book #DevSecOps
Trillions of lines of code help us in our lives, companies, and organizations. But just a single software cybersecurity vulnerability can stop entire companies from doing business and cause billions of dollars in revenue loss and business recovery. Securing the creation and deployment of software, also known as software supply chain security, goes well beyond the software development process. This practical book gives you a comprehensive look at security risks and identifies the practical controls you need to incorporate into your end-to-end software supply chain.
Author Cassie Crossley demonstrates how and why everyone involved in the supply chain needs to participate if your organization is to improve the security posture of its software, firmware, and hardware. With this book, you'll learn how to: Pinpoint the cybersecurity risks in each part of your organization's software supply chain. Find the cybersecurity frameworks and resources that can improve security Identify the roles that participate in the supply chain--including IT, development, operations, manufacturing, and procurement Design initiatives and controls for each part of the supply chain using existing frameworks and references Evaluate third-party risk in your supply chain
#book #DevSecOps
Software_Supply_Chain_Security_-_Cassie_Crossley.pdf
5.8 MB
Software Supply Chain Security: Securing the End-to-end Supply Chain for Software, Firmware, and Hardware, Cassie Crossley, 2024
По твоему мнению, лучшие мировые издательства выпускающие книги на ИБ тематику?
Anonymous Poll
18%
No Starch Press
31%
O'Reilly Media
13%
Packt publishing
7%
Willey
5%
BHV Piter
8%
Cisco Press
25%
Читаю только на русском\СНГ'шном
29%
Не умею читать :-/
2%
Свой вариант (пиши в чат)
Полное руководство по Даркнету, Dark Web Academy, 2025 (перевод на русский язык)
Dark Web Academy создана для того, чтобы сосредоточиться на демистификации Dark Web. Dark Web используется для безопасности и анонимности, и с помощью предлагаемых курсов вы узнаете, как использовать и ориентироваться в нем.
С помощью нашего контента вы узнаете о:
📌 Тор и мосты Тор
📌 Операционная система Tails
📌 Операционная система Qubes
📌 Биткоин и Монеро
📌 Шифрование и дешифрование OpenPGP.
📌 Использование распространенных инструментов Dark Web
📌 И многое другое...
❗️Официальный сайт
#education #privacy
Dark Web Academy создана для того, чтобы сосредоточиться на демистификации Dark Web. Dark Web используется для безопасности и анонимности, и с помощью предлагаемых курсов вы узнаете, как использовать и ориентироваться в нем.
С помощью нашего контента вы узнаете о:
📌 Тор и мосты Тор
📌 Операционная система Tails
📌 Операционная система Qubes
📌 Биткоин и Монеро
📌 Шифрование и дешифрование OpenPGP.
📌 Использование распространенных инструментов Dark Web
📌 И многое другое...
❗️Официальный сайт
#education #privacy
Полное_руководство_по_Даркнету_Dark_Web_Academy_.zip
1.1 GB
Полное руководство по Даркнету, Dark Web Academy, 2025 (перевод на русский язык)
❤1
Media is too big
VIEW IN TELEGRAM
История Linux и UNIX! Кто породил ВСЕ современные системы!, PRO Hi-Tech, 2023
Сегодня погрузимся в истории операционных систем, вернее матери многих современных систем - UNIX. Как обычно для моих сюжетов я буду делать акцент на людях и событиях.
00:15 Статистика операционных систем
02:10 Колыбель технологий Bell Labs и энтузиасты
14:20 Первые ответвления и перенос
18:11 Загадка века. Почему IBM выбрали не UNIX, а Windows?
20:20 Разделение AT&T и начало широких продаж UNIX
21:04 Свободу UNIX!
25:00 MINIX и LINUX
29:06 Linux сам по себе
31:24 GNU/Linux
35:40 Наследие и наследники
36:58 Корни MacOS
38:35 Android
41:03 Что стало с людьми?
#fun
Сегодня погрузимся в истории операционных систем, вернее матери многих современных систем - UNIX. Как обычно для моих сюжетов я буду делать акцент на людях и событиях.
00:15 Статистика операционных систем
02:10 Колыбель технологий Bell Labs и энтузиасты
14:20 Первые ответвления и перенос
18:11 Загадка века. Почему IBM выбрали не UNIX, а Windows?
20:20 Разделение AT&T и начало широких продаж UNIX
21:04 Свободу UNIX!
25:00 MINIX и LINUX
29:06 Linux сам по себе
31:24 GNU/Linux
35:40 Наследие и наследники
36:58 Корни MacOS
38:35 Android
41:03 Что стало с людьми?
#fun
Computer Science Fundamental Courses, Harvard University, 2025
Harvard University is devoted to excellence in teaching, learning, and research, and to developing leaders in many disciplines who make a difference globally. Harvard faculty are engaged with teaching and research to push the boundaries of human knowledge. The University has twelve degree-granting Schools in addition to the Radcliffe Institute for Advanced Study.
➡️ Get the CS courses
See also:
📌 Collection for newbie (Habr) + security section
📌 Start in Computer Science for 1.5 year (russian)
📌 The 100 Top FREE EdX Courses of All Time (upd. 2025)
#education #newbie
Harvard University is devoted to excellence in teaching, learning, and research, and to developing leaders in many disciplines who make a difference globally. Harvard faculty are engaged with teaching and research to push the boundaries of human knowledge. The University has twelve degree-granting Schools in addition to the Radcliffe Institute for Advanced Study.
See also:
📌 Collection for newbie (Habr) + security section
📌 Start in Computer Science for 1.5 year (russian)
📌 The 100 Top FREE EdX Courses of All Time (upd. 2025)
#education #newbie
Please open Telegram to view this post
VIEW IN TELEGRAM
Learn SIEM with He-Man, created MOS, 2025
From Castle Grayskull to Skeletor’s failed breaches, this 12-slide journey makes Security Information & Event Management simple, visual, and a bit nostalgic 👊
💬 What’s inside:
🔹 What is SIEM (and why should you care)?
🔹 What are logs?
🔹 How alerts work
🔹 Dashboards, false positives, compliance — all explained like a Saturday morning cartoon
🧙♂️ Brought to you by Orko. Powered by He-Man. Tuned by your friendly neighborhood SIEM admin.
See also:
📌 Free SIEM Trainings 2025
#fun
From Castle Grayskull to Skeletor’s failed breaches, this 12-slide journey makes Security Information & Event Management simple, visual, and a bit nostalgic 👊
💬 What’s inside:
🔹 What is SIEM (and why should you care)?
🔹 What are logs?
🔹 How alerts work
🔹 Dashboards, false positives, compliance — all explained like a Saturday morning cartoon
🧙♂️ Brought to you by Orko. Powered by He-Man. Tuned by your friendly neighborhood SIEM admin.
See also:
📌 Free SIEM Trainings 2025
#fun
Learn SIEM with He-Man.pdf
5.3 MB
Learn SIEM with He-Man, created MOS, 2025
Excellent comparison of GRC in US and Europe by Andrey Prozorov, ver.1.0 (25.05.2025)
A detailed comparison table of Governance, Risk, and Compliance (GRC) in the US and EU, which includes the following: main features, Cybersecurity/Risk/Privacy frameworks, authorities, GRC automated tools, job positions, working conditions, career paths, salary rates, standardized roles, and valuable certificates for professionals
#docs
A detailed comparison table of Governance, Risk, and Compliance (GRC) in the US and EU, which includes the following: main features, Cybersecurity/Risk/Privacy frameworks, authorities, GRC automated tools, job positions, working conditions, career paths, salary rates, standardized roles, and valuable certificates for professionals
#docs
Governance, Risk, and Compliance (GRC)_ US and EU.pdf
102.5 KB
Excellent comparison of GRC in US and Europe by Andrey Prozorov, ver.1.0 (25.05.2025)
Assembly for Hacker, Hadess, 2025
The book produced by Hadess is a small work of art for those who are interested in (truly) low-level programming languages and are also curious to understand how inserting malicious code works directly into legitimate processes or in memory.
In addition to this document, they produce several others aimed mainly at offensive security.
Read on web site:
➡ Syntax;
➡ Sections;
➡ Processor Registers;
➡ System Calls;
➡ Strings;
➡ Numbers;
➡ Conditions;
➡ Addressing Modes;
➡ File Handling;
➡ Stack and Memory;
➡ Code Injection Attack;
➡ DLL Injection;
➡ APC Injection;
➡ Valid Accounts;
➡ System Binary Proxy Execution: Rundll32;
➡ Reflective code loading;
➡ Modify Registry;
➡ Process Injection;
➡ Mark-Of-The-Web (MOTW) Bypass;
➡ Access Token Manipulation;
➡ Hijack Execution Flow;
➡ Resources.
#reverse #coding #malware
The book produced by Hadess is a small work of art for those who are interested in (truly) low-level programming languages and are also curious to understand how inserting malicious code works directly into legitimate processes or in memory.
In addition to this document, they produce several others aimed mainly at offensive security.
Read on web site:
#reverse #coding #malware
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
APT Wiki from ThreatRadar by Hadess, v1.1, 2025
An awesome 233-page resource cataloging a wide range of Advanced Persistent Threat (APT) groups, covering:
🌍 Geographic origin
🎯 Motivations
🧰 Toolkits
🏭 Targeted industries
📝 Group overviews
Think of it as a supplement to MITRE, but packaged for quick reference. It's about a year old but still really useful!
#pentest
An awesome 233-page resource cataloging a wide range of Advanced Persistent Threat (APT) groups, covering:
🌍 Geographic origin
🎯 Motivations
🧰 Toolkits
🏭 Targeted industries
📝 Group overviews
Think of it as a supplement to MITRE, but packaged for quick reference. It's about a year old but still really useful!
#pentest
APT Wiki from ThreatRadar by Hadess_v1.1.pdf
33.4 MB
APT Wiki from ThreatRadar by Hadess, v1.1, 2025
Certified Kubernetes Security Specialist (CKS) Study Guide by Benjamin Muschko, 2025
If you're preparing for the CKS exam📘 or looking to deepen your understanding of Kubernetes security, this book is a must-read. It provides:
In-depth coverage of the CKS curriculum:
📌 Real-world scenarios and use cases to understand attack vectors and mitigation
📌 Hands-on examples for tools like kube-bench, Trivy, Falco, and AppArmor
📌 Guidance on securing the supply chain, hardening the system, and monitoring runtime security
#book #SecDevOps #exam
If you're preparing for the CKS exam📘 or looking to deepen your understanding of Kubernetes security, this book is a must-read. It provides:
In-depth coverage of the CKS curriculum:
📌 Real-world scenarios and use cases to understand attack vectors and mitigation
📌 Hands-on examples for tools like kube-bench, Trivy, Falco, and AppArmor
📌 Guidance on securing the supply chain, hardening the system, and monitoring runtime security
#book #SecDevOps #exam