urandom vs. CSPRNG for Crypto Keys
Use the kernel's CSPRNG like FreeBSD's for generating crypto keys as it has access to raw device entropy, promises not to share state between applications, and ensures not to provide random data before being seeded. Userspace CSPRNGs have led to numerous randomness failures in the past.
FEATURES
ALTERNATIVES
Personal website of Collin R. Mulliner with a focus on security research and mobile platforms.
Online cybersecurity conference with speakers' talks and interactive Q&A sessions.
A set of instructions for the Dalvik virtual machine to manipulate registers and values in Android applications.
A collection of writeups of CTF challenges I solved, including explanations of the challenges and how I solved them.
Community project for developing common guidelines and best practices for secure configurations.
Non-profit organization supporting the advancement of open source software.
A microservice for string padding to prevent global issues like the left-pad incident.
A visualization tool for uploading and visualizing data as graphs on-the-fly, based on AfterGlow and running on Django.
PINNED
InfoSecHired
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
Fabric Platform by BlackStork
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
Mandos Brief Newsletter
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.
System Two Security
An AI-powered platform that automates threat hunting and analysis by processing cyber threat intelligence and generating customized hunt packages for SOC teams.
Aikido Security
Aikido is an all-in-one security platform that combines multiple security scanning and management functions for cloud-native applications and infrastructure.
Permiso
Permiso is an Identity Threat Detection and Response platform that provides comprehensive visibility and protection for identities across multiple cloud environments.
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.