PreOS Security creates awesome-firmware-security

https://github.com/PreOS-Security/awesome-firmware-security/blob/master/README.md

This is the initial version of the awesome-firmware-security list! I’ve been putting this off for a while (since day 2 of this blog), luckily Paul did most of the work to release this. Thanks, Paul!

If this initial release smells like a Glossary for an ebook, there’s a reason for that: we have an upcoming ebook, and this initial release of this list was meant to act as More Info and Glossary for the ebook. 🙂

This is scoped to platform security, for security researchers, DFIR, Blue Team, SysAdmins, etc. Currently it is focused mostly on Platform Firmware (eg, UEFI). It needs help from others that’re focusing on IoT/embedded/mobile device ‘firmware’.

I’ll have a second list for firmware development-centric topics in near future.

There’s MANY things to add. Please submit a patch with more details, I’m hoping this is a community effort, not just Paul and I adding entries to this list. PLEASE HELP!

links of awesome links

I’m a sucker for lists of resources. PreOS Security is about to release our awesome-firmware shortly. In the mean time, here’s some existing ‘curated links’ of other fun topics:

https://github.com/0x4D31/awesome-threat-detection
https://github.com/aalhour/awesome-compilers
https://github.com/AcalephStorage/awesome-devops
https://github.com/aleksandar-todorovic/awesome-c
https://github.com/apsdehal/awesome-ctf
https://github.com/ashishb/android-security-awesome
https://github.com/aweconf/awesome-conferences-database
https://github.com/briatte/awesome-network-analysis
https://github.com/carpedm20/awesome-hacking
https://github.com/cugu/awesome-forensics
https://github.com/dastergon/awesome-chaos-engineering
https://github.com/dastergon/awesome-sre
https://github.com/dbohdan/compilers-targeting-c
https://github.com/dweinstein/awesome-frida
https://github.com/emijrp/awesome-awesome
https://github.com/enaqx/awesome-pentest
https://github.com/fdivrp/awesome-reversing
https://github.com/fffaraz/awesome-cpp
https://github.com/Hack-with-Github/Awesome-Hacking
https://github.com/HQarroum/awesome-iot
https://github.com/hslatman/awesome-threat-intelligence
https://github.com/InQuest/awesome-yara
https://github.com/jagracey/Awesome-Unicode
https://github.com/jaspergould/awesome-asm
https://github.com/jekil/awesome-hacking
https://github.com/jivoi/awesome-osint
https://github.com/kozross/awesome-c
https://github.com/ksluckow/awesome-symbolic-execution
https://github.com/larsbrinkhoff/awesome-cpus
https://github.com/m4ll0k/Awesome-Hacking-Tools
https://github.com/meirwah/awesome-incident-response
https://github.com/mre/awesome-static-analysis
https://github.com/n1trux/awesome-sysadmin
https://github.com/papers-we-love/papers-we-love
https://github.com/PaulSec/awesome-sec-talks
https://github.com/pFarb/awesome-crypto-papers
https://github.com/phodal/awesome-iot
https://github.com/RichardLitt/awesome-conferences
https://github.com/rossant/awesome-math
https://github.com/rshipp/awesome-malware-analysis
https://github.com/sbilly/awesome-security
https://github.com/secfigo/Awesome-Fuzzing
https://github.com/sectalks/sectalks
https://github.com/sergey-pronin/Awesome-Vulnerability-Research
https://github.com/sobolevn/awesome-cryptography
https://github.com/thibmaek/awesome-raspberry-pi
https://github.com/topics/awesome-list
https://github.com/vinta/awesome-python
https://github.com/vitalysim/Awesome-Hacking-Resources

Exploit development resource list

https://github.com/rmusser01/Infosec_Reference/blob/master/Draft/Exploit%20Development.md

I was going to suggest it should’ve been named awesome-exploit-development, but it appears that is already taken:
https://github.com/FabioBaroni/awesome-exploit-development
Going off-topic, but here’re some other recent ‘awesome’ and related resource lists recently noticed:
https://github.com/qazbnm456/awesome-cve-poc
https://github.com/secfigo/Awesome-Fuzzing
https://github.com/meirwah/awesome-incident-response
https://github.com/cugu/awesome-forensics
https://github.com/rshipp/awesome-malware-analysis
https://github.com/hslatman/awesome-threat-intelligence
http://resources.infosecinstitute.com/category/computerforensics/introduction/free-open-source-tools/

awesome-safety-critical

This is a list of resources about programming practices for writing safety-critical software. Disclaimer: I don’t work on safety-critical software so the resources presented here are not necessarily authoritative or latest documents on topic.

https://github.com/stanislaw/awesome-safety-critical

On a related note, SEI just made their Secure C and Secure C++ books freely-available (registration required), those are worth reading:

http://www.sei.cmu.edu/news/article.cfm?assetID=495412

 

Awesome Vehicle Security list created

In the beginning, Yahoo! Directory was the place to go for list of sites, then DMOZ was briefly useful. These days, it appears the “awesome <topic>” set of ‘curated links’ are the new place to go for lists of links. There is a new list for car hacking:

https://github.com/jaredmichaelsmith/awesome-vehicle-security

Here are some others:
https://github.com/HQarroum/awesome-iot
https://github.com/sbilly/awesome-security
https://github.com/rshipp/awesome-malware-analysis
https://github.com/paragonie/awesome-appsec
https://github.com/carpedm20/awesome-hacking
https://github.com/enddo/awesome-windows-exploitation
https://github.com/sindresorhus/awesome

I’m about half done with an ‘awesome firmware’ list…