'I break into buildings and pretend to be the bad guy' • The Register (https://www.theregister.com/2024/09/29/interview_with_a_social_engineering/)

Demystifying cookies and tokens – Tommi Hovi | The Security blog (https://tommihovi.com/2024/05/demystifying-cookies-and-tokens/)

I Will Fucking Piledrive You If You Mention AI Again — Ludicity (https://ludic.mataroa.blog/blog/i-will-fucking-piledrive-you-if-you-mention-ai-again/)

1401_08-12_mickens.pdf (https://www.usenix.org/system/files/1401_08-12_mickens.pdf)

Building a serverless secured dead drop - Ayende @ Rahien (https://ayende.com/blog/201153-B/building-a-serverless-secured-dead-drop)

Hacking Millions of Modems (and Investigating Who Hacked My Modem) (https://samcurry.net/hacking-millions-of-modems)

Brane Dump, How I Tripped Over the Debian Weak Keys Vulnerability (https://www.hezmatt.org/~mpalmer/blog/2024/04/09/how-i-tripped-over-the-debian-weak-keys-vuln.html)

research!rsc, Timeline of the xz open source attack (https://research.swtch.com/xz-timeline)

oss-security - backdoor in upstream xz/liblzma leading to ssh server compromise (https://www.openwall.com/lists/oss-security/2024/03/29/4)

OWASP Data Breach Notification | OWASP Foundation (https://owasp.org/blog/2024/03/29/OWASP-data-breach-notification)

Wesley Aptekar-Cassels | Reasons to avoid Javascript CDNs (https://blog.wesleyac.com/posts/why-not-javascript-cdn)

MatrixTM/MHDDoS, Best DDoS Attack Script Python3, (Cyber / DDos) Attack With 56 Methods (https://github.com/MatrixTM/MHDDoS)

900 Sites, 125 million accounts, 1 vulnerability - env.fail (https://env.fail/posts/firewreck-1/)

Upside-Down-Ternet (https://pete.ex-parrot.com/upside-down-ternet.html)

You can not simply publicly access private secure links, can you? | Vin01’s Blog (https://vin01.github.io/piptagole/security-tools/soar/urlscan/hybrid-analysis/data-leaks/urlscan.io/cloudflare-radar%22/2024/03/07/url-database-leaks-private-urls.html)

Fonts are still a Helvetica of a Problem - Canva Engineering Blog (https://www.canva.dev/blog/engineering/fonts-are-still-a-helvetica-of-a-problem/)

OWASP Top 10 for Large Language Model Applications | OWASP Foundation (https://owasp.org/www-project-top-10-for-large-language-model-applications/)

praetorian-inc/noseyparker, Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history. (https://github.com/praetorian-inc/noseyparker/)

Evil maid attack - Wikipedia (https://en.wikipedia.org/wiki/Evil_maid_attack)

Remote User Impersonation and Takeover via Cache Poisoning (https://arcanican.is/excerpts/cve-2024-23832/discovery.htm)

Why Bloat Is Still Software’s Biggest Vulnerability - IEEE Spectrum (https://spectrum.ieee.org/lean-software-development)

#FuckStalkerware pt. 4 - the truth come out: does TheTruthSpy is secure (https://maia.crimew.gay/posts/fuckstalkerware-4/)

Rust wont save us, but its ideas will • Glitchbyte (https://glitchbyte.io/posts/rust-wont-save-us/)

How to tell if your toothbrush is being used in a DDoS attack | Malwarebytes (https://www.malwarebytes.com/blog/awareness/2024/02/how-to-tell-if-your-toothbrush-is-being-used-in-a-ddos-attack)

Leaky Vessels, Docker and runc Container Breakout Vulnerabilities - January 2024 | Snyk (https://snyk.io/blog/leaky-vessels-docker-runc-container-breakout-vulnerabilities/)

HackTricks - HackTricks (https://book.hacktricks.xyz/welcome/readme)

jtesta/ssh-audit, SSH server & client security auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc) (https://github.com/jtesta/ssh-audit)

Wapiti, a Free and Open-Source web-application vulnerability scanner in Python (https://wapiti-scanner.github.io/)

Un scanner pour les vulnérabilités des applications web.

Lupinia Studios - I'm a Scam Prevention Expert, and I Got Scammed (http://www.lupinia.net/writing/tech/scammed.htm)

Root me (https://www.root-me.org/)

Site d’apprentissage via des challenges plus ou moins ardus.