I have been writing contents occasionally throughout my career at various places. I decided to collect, organize and share everything here. Hence created this repo. A few of the content might not be relevant now as they are of 2012 and 2013, but I decided to add them here. Knowing them might populate new ideas to anyone's brain, so good to add it here as FYI.
-
Defensive Security:
- Risk-based Vulnerability Management Approach
- Vulnerability Insight GPT Bot
- Gaps in Traditional VM and ASM
- Comprehensive Coverage of Data in CTI
- YouTube Talk - External attack surface management in Blue team
- SOC monitoring mindmap
- External attack surface management
- Shadow IT + Threat intelligence architecture
- VM program key factors
- Email security mindmap
- Threat intelligence feeds collection
- Vulnerability management tips
- Webinar - Building a vulnerability management program for your organization
- Building a threat intelligence division for your organization - 1
- Building a threat intelligence division for your organization - 2
- Building a threat intelligence division for your organization - 3
- Building a threat intelligence division for your organization - 4
- Fool the network hunters
- Application security maturity assessment in blue team
- Building a vulnerability management program for your organization
- Vulnerability Management end-to-end workflow diagram
- Vulnerability Management Program Key Factors
- Shadow IT + Threat Intel - Architecture Overview for Blue team
- iOS device security for SOC team
- Practical Browser Forensics Checklist
- DevSecOps risk assessment framework
- DevSecOps 201 checklist
- Incident management maturity assessment
- Vulnerability management tips
- Network architecture review checklist
- Threat hunting methodology
- AV EDR solution selection criteria
- Threat intel feed sources mindmap
- Data driven threat modeling case study - customer PII/PHI
-
Offensive Security:
- A complete web application pentest checklist
- Marcomino - Malicious Macros Checklist
- Frogy - My own subdomain enumeration tool
- Bucketbunny - Automation for open s3 bucket pocs for pentest/bugbounty/red-teamingsl
- Puttly - script to test PUT method with verification of uploaded file
- Network VAPT checklist
- Dirty C0w Vulnerability Demo (CVE-2016-5195) - A privilege escalation vulnerability in the Linux Kernel
- Windows Command Injection Vulnerability for a Command Shell
- Powered e-Commerce Application Pentesting
- SSH Pentest checklist
- Bug-bounty Tips & Motivation
-
Mobile Security (Android/iOS/hardware OS):
- iOS Application Security - xCON Switch - Enable/Disable Detection without removing xCON Application from Cydia
- Android OS phone security hardening guide
- Android Application Security - Using hmacSHA256 Encryption For Tamper Proof Request & Response
- Xiaomi’s Analytics Application Security & Privacy Concern
- Android Application Hardening Checklist For Developers
- Android Kiosk Browser Lock down Security Testing Checklist
- Android Application Backup Vulnerabiility Testing
- Android Anti Java Hooking - Adding Layer to your SSL pinning and Root detection
- Blocking Adwares on Android - Protect against malwares and privacy
- Messeging Apps Privacy Factors to Consider
-
Risk Management/GRC/Compliance:
-
General Cybersecurity:
- How to successfully break into Cybersecurity?
- Diversity in Cybersecurity - Video Interview
- Diversity in Cybersecurity Mindmap
- 21 myths in the cybersecurity world
- My talk on gender diversity for InfosecGirls community
- Malware/EDR solutuon evaluation criteria for purchase
- Cyber tranTransparency
- Security management challanges over the year
- Securing remote workspace during COVID-19
- Security awareness program maturity
- Security management challenges over the years
- Hindi Language - How to be safe from online scams
- 21+1 myths in Cybersecurity world
-
Cryptocurrency:
Warning/Disclaimer: Read the detailed disclaimer at my blog - https://github.com/iamthefrogy/Disclaimer-Warning/blob/main/README.md