Suricata is a free and open source, mature, fast and robust network threat detection engine. The Suricata engine is capable of real time intrusion detection (IDS), inline intrusion prevention (IPS), network security monitoring (NSM) and offline pcap processing.
Suricata inspects the network traffic using a powerful and extensive rules and signature language, and has powerful Lua scripting support for detection of complex threats. With standard input and output formats like YAML and JSON integrations with tools like existing SIEMs, Splunk, Logstash/Elasticsearch, Kibana, and other database become effortless. Suricata’s fast paced community driven development focuses on security, usability and efficiency.
The Suricata project and code is owned and supported by the Open Information Security Foundation (OISF), a non-profit foundation committed to ensuring Suricata’s development and sustained success as an open source project.

In most cryptographic functions, the key length is an important security parameter. Both academic and private organizations provide recommendations and mathematical formulas to approximate the minimum key size requirement for security. Despite the availability of these publications, choosing an appropriate key size to protect your system from attacks remains a headache as you need to read and understand all these papers.
This web site implements mathematical formulas and summarizes reports from well-known organizations allowing you to quickly evaluate the minimum security requirements for your system. You can also easily compare all these techniques and find the appropriate key length for your desired level of protection. The lengths provided here are designed to resist mathematic attacks; they do not take algorithmic attacks, hardware flaws, etc. into account.

The OpenC2 Forum defines a language at a level of abstraction that will enable unambiguous command and control of cyber defense technologies. OpenC2 is broad enough to provide flexibility in the implementations of devices and accommodate future products and will have the precision necessary to achieve the desired effect.

This webpage is a free malware analysis service powered by Payload Security that detects and analyzes unknown threats using a unique Hybrid Analysis technology.
This free malware analysis service is running VxStream Sandbox v6.70 in the backend. Supporting PE, Office, PDF, APK files and more (e.g. EML). Maximum upload size is 100 MB.

This paper focuses on using the built-in tools already available in the Microsoft Windows operating system (OS). Central event log collection requires a Windows Server operating system version 2003 R2 or above. Many commercially available tools exist for central event log collection. Using a Windows Server 2008 R2 or above server version is recommended. There are no additional licensing costs for using the event log collection feature. The cost of using this feature is based on the amount of additional storage hardware needed to support the amount of log data collected. This factor is dependent on the number of workstations within the local log collection network.

You can record and store security audit events for Windows 10 and Windows Server 2016 to track key system and network activities, monitor potentially harmful behaviors, and mitigate risks. You control the amount of data you collect by controlling the categories of security events you audit, for example, changes to user account and resource permissions, failed attempts to access resources, and attempts to modify system files. The reference in this download can help you decide what to monitor and how to interpret the data you collect.

The Zero Day Initiative (ZDI), founded by TippingPoint, is a program for rewarding security researchers for responsibly disclosing vulnerabilities. Depending on who you are, here are a few links to get you started:
Researchers: Learn how we pay for your vulnerability discoveries, register for the ZDI or login.
Vendors: Read our disclosure policy or join our security partner program
Press, Curiosity Seeker: Learn more about ZDI or read answers to some frequently asked questions
Please contact us at zdi [at] trendmicro [dot] com with any questions or queries. For sensitive e-mail communications, please use our PGP key.

While focusing on network security monitoring, Bro provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Bro has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyberinfrastructure. Bro's user community includes major universities, research labs, supercomputing centers, and open-science communities.

Principal research engineer at Kudelski Security, PhD from EPFL and FHNW (2010). Presented at Black Hat, DEFCON, CCC, Troopers, SyScan, among other international conferences, I also blog and tweet.

Selected projects:

Serious Cryptography (2017): book about crypto, published by No Starch Press
SGX review (2016): research presented at Black Hat about Intel SGX
The Hash Function BLAKE (2015): book about the hash function BLAKE, published by Springer
NORX (2014): authenticated cipher candidate in the CAESAR competition
Password Hashing Competition (2013-2015): open competition that selected Argon2 as a winner
BLAKE2 (2013): hash function faster than SHA-2 and SHA-3, available in OpenSSL, Sodium, Crypto++, etc.
Cryptography Coding Standard (2013-): coding rules to prevent common weaknesses in cryptography software
SipHash (2012): keyed hash function, used in Linux, FreeBSD, OpenBSD, Python, among others

ECRYPT-CSA is a Coordination & Support Action funded by the European Union's H2020 programme. The project consists of four academic and one industrial partner.
ECRYPT-NET is a research network of six universities and two companies, as well as 7 associated companies, funded by a Marie Skłodowska-Curie ITN (Integrated Training Network) grant.

HashKiller's purpose is to serve as a meeting place for computer hobbyists, security researchers and penetration testers. It serves as a central location to promote greater security on the Internet by demonstrating the weakness of using hash based storage / authentication.

About InfoSec

InfoSec Institute is the best source for high quality information security training. We have been training Information Security and IT Professionals since 1998 with a diverse lineup of relevant training courses. In the past 16 years, over 50,000 individuals have trusted InfoSec Institute for their professional development needs!

PwnWiki.io is a collection TTPs (tools, tactics, and procedures) for what to do after access has been gained.
We want/need your help! Please contribute to this project is via GitHub (https://github.com/pwnwiki/pwnwiki.github.io). That allows us to get your project-ready content incorporated into the wiki fast.

Inj3ct0r is the ultimate database of exploits and vulnerabilities and a great resource for vulnerability researchers and security professionals.
Our aim is to collect exploits from submittals and various mailing lists and concentrate them in one, easy-to-navigate database.
This was written solely for educational purposes. Use it at your own risk. The author will be not responsible for any damage. // r0073r

Learn about the latest online threats.
Share and collaborate in developing threat intelligence.
Protect yourself and the community against today’s latest threats.

At the heart of Open Threat Exchange is the pulse, an investigation of an online threat. Pulses describe any type of online threat including malware, fraud campaigns, and even state sponsored hacking.

Pulses are comprised of indicators of compromise (or IoCs), which describe the infrastructure of that threat – including IPs, file hashes, e-mail addresses affiliated with the threat, etc.

Law enforcement and IT Security companies have joined forces to disrupt cybercriminal businesses with ransomware connections.

The “No More Ransom” website is an initiative by the National High Tech Crime Unit of the Netherlands’ police, Europol’s European Cybercrime Centre and two cyber security companies – Kaspersky Lab and Intel Security – with the goal to help victims of ransomware retrieve their encrypted data without having to pay the criminals.

The Foofus.Net team is an assortment of security professionals and wannabes located somewhere in the Midwestern United States. This site exists to support the various tools and ideas that we’ve made public, along with aiding to fill our DefCon beer fund.

This webpage is a free malware analysis service powered by Payload Security that detects and analyzes unknown threats using a unique Hybrid Analysis technology.

Having this as hobby project I usually have time to focus on following only single malware threat at a time - now I have main focus on Locky download sites. If I read some interesting whitepaper, I will probably import some links/hashes to tracker database here and there, but in general I do not verirify or follow on those. This site is considered to be mainly research platform and directly using the data for blacklisting is not recommended. At least you should make sure to filter out with some reasonable whitelist. For example if some malware will be connecting to for example 'http://google.com/70.exe?1' (as Teslacrypt did to query connection) or to '//plus.google.com/u/0/115747778649102578052/about' or 'https://twitter.com/linketelin' (as PlugX samples d9af894d51ba61075c7cd329b0be52df, 02a175b81144b8fa22414e9cf281f71c did) then such links can be found in the listings of tracker although I am not saying the sites as such should be blocked.

Welcome to PunkSPIDER: a global web application vulnerability search engine.
Deeper, faster, harder scans