Security/Privacy/Tech resources

At this point, I’ve read or watched or listened to a bunch of these, and generally these are all work by great people done in an engaging fashion. Unlike other practitioners, I tend to veer towards more hardware/systems/infra type problems instead of web/frontend problems, so if you’re looking for stuff on the latter, sadly you’re less likely to find it here. I do hope though that some of these do end up interesting to you even if it’s not in your direct field of interest, and hopefully you’ll learn something new! If you think there deserves to be a special mention here or there, or if you find a milkshake duck that I’ve not caught, please feel free to send me an email or DM me on twitter (@worldwise001) and I’ll do my best to respond as soon as I can.

Resources:

• CTFs:
  • cryptopals.org - Cryptography CTF, you don’t need a math background
  • microcorruption.com - Embedded Security CTF
  • squarectf.com - our yearly small CTF competition
• Conferences (don’t attend, just look for the talks on youtube, or read papers):
  • Industry:
    • BSidesSF
    • USENIX PEPR - Privacy Engineering, Practice and Respect
    • USENIX Enigma
    • USENIX SRECon
    • StrangeLoop
    • DefCon
    • Black Hat
  • Academic:
    • IEEE S&P
    • USENIX Security
    • SOUPS
• Podcasts or mailing lists
  • tl;dr sec
  • Security, Cryptography, Whatever
  • On The Metal
• Youtubers
  • Curious Marc
  • Lockpicking Lawyer
  • Ben Eater - build an 8-bit computer from scratch
  • 3blue1brown - animated math
  • jan misali video essays
• People:
  • Twitter has a lot of security/privacy professionals on it
    • (I have a list probably, it needs to be organized)
  • James Mickens deserves his own section:
    • This World of Ours - article
    • Not Even Close: The State of Computer Security (with slides) - video
    • Q: Why Do Keynote Speakers Keep Suggesting That Improving Security Is Possible? A: Because Keynote Speakers Make Bad Life Decisions and Are Poor Role Models - video
  • Speaking of USENIX, I really enjoyed Alex Stamos’ keynote in 2019:
    • Tackling the Trust and Safety Crisis
• Wobsites:
  • /r/netsec wiki
  • PoC GTFO has a small collection of newsletters that do explain pretty well how to make and break things
  • Smashing The Stack For Fun And Profit Classic buffer overflow howto.
• Selected papers I enjoyed or think are foundational:
  • (there are more, I haven’t collected or organized them yet)
  • CrySP CS858 old paper reading list
  • “I’ve got nothing to hide” and other misunderstandings of privacy