references

Collection of reusable references
Hosted at: https://mccright.github.io/references/

• Flex your perceptions and imagination with Astronomy Photo of the Day https://apod.nasa.gov/apod/astropix.html or read at length from NASA's ebook collection https://www.nasa.gov/connect/ebooks/index.html
• Explore these falsehoods programmers believe in -- Awesome Falsehood https://github.com/kdeldycke/awesome-falsehood
• Or, if you are needing a break from your normal grind, join others doing people-powered research https://www.zooniverse.org/projects?page=1&status=live

Cheat Sheets
First and foremost: a couple git cheat sheets

• https://training.github.com/kit/downloads/github-git-cheat-sheet.pdf
• and TimGreen's list of git & github features -- with a table of resources and books at the bottom: https://github.com/tiimgreen/github-cheat-sheet maybe also
• Michael Gieson's git cheat cheet https://www.gieson.com/Library/cheatsheets/md.html?git
• "The simple guide" http://rogerdudler.github.io/git-guide/ and
• https://github.com/vineetpandey/github-cheat-sheet and page 2 of
• http://www.git-tower.com/blog/git-cheat-sheet/ and documenation at http://git-scm.com/docs
• Git Pocket Guide. By Richard E. Silverman https://www.oreilly.com/library/view/git-pocket-guide/9781449327507/

Just get started...
git remote -v (view the full addresses of your configured remotes)
cd into your new project directory
git init (builds a .git directory that contains all the metadata and repository history)
git add . (instructs Git to begin tracking all files within and beneath the current directory)
git commit –m'This is the first commit' (creates the permanent history of all files, with the -m option supplying a message alongside the history marker)

Awesome-Awesome

• A curated list of awesome lists: https://github.com/sindresorhus/awesome
• A collection of awesome lists for hackers, pentesters & security researchers https://github.com/Hack-with-Github/Awesome-Hacking

Browse Sears catalog of Linux software -- Awesome Linux Software https://github.com/luongvo209/Awesome-Linux-Software

• and if you need a little Linux help using it https://gto76.github.io/linux-cheatsheet/ and https://github.com/gto76/linux-cheatsheet

Manage Your Privacy

• Daniel Roesler's excellent Privacy Checklist: https://github.com/diafygi/privacy-checklist
• 11 tips for protecting your privacy... by Olivia Martin https://freedom.press/training/blog/11-tips-protecting-your-privacy-and-digital-security-age-trump/
• Your IP address is sometimes your identity https://myexternalip.com/

Software Vulnerability Detection Resources

• U.S. National Checklist Program http://checklists.nist.gov and https://web.nvd.nist.gov/view/ncp/repository
• Security Content Automation Protocol (SCAP)
  • Nist Overview: http://csrc.nist.gov/groups/SMA/forum/documents/august2015/forum-august2015-booth.pdf
  • SCAP Home: http://scap.nist.gov/
• State-of-the-Art Resources (SOAR) for Software Vulnerability Detection, Test, and Evaluation https://www.acq.osd.mil/se/docs/P-8005-SOAR-2016.pdf
• State-of-the-Art Resources (SOAR) for Software Assurance http://people.cs.ksu.edu/~hatcliff/890-High-Assurance/Reading/IATAC-SOAR-Software-Security-Assurance.pdf
• Common Vulnerability Scoring System (CVSS) http://cve.mitre.org/ and https://nvd.nist.gov/cvss.cfm?calculator&adv&version=2
• Vulnerability and exploit lists:
  o http://cve.mitre.org/
  o http://www.cvedetails.com/
  o http://0day.today/
  o http://www.securityfocus.com/bid/
  o https://www.exploit-db.com/
  o https://nvd.nist.gov/
• CyberSecurityMalaysia, 3rd Party Information Security Assessment Guideline http://www.cybersecurity.my/data/content_files/11/650.pdf
• Fortify Taxonomy of Secure Software Errors. https://vulncat.fortify.com/en
• Or host your own list to keep your research more private:
  o A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. https://github.com/nexB/vulnerablecode
  o Vulnerabilities and Attacks https://github.com/hannob/vulns
  o The CVE-Search Project https://www.cve-search.org/software/, and cve-search - a tool to perform local searches for known vulnerabilities https://github.com/cve-search/cve-search
• Scripts to help run Fortify -- and other code assessment tools -- in your Amazon cloud https://github.com/awslabs/one-line-scan/

Architecture Risk Analysis

• BSIMM Definitions of Architecture Risk Analysis - Builds an ARA definition by describing a set of increasingly mature risk analysis practices: https://www.bsimm.com/framework/software-security-development-lifecycle/architecture-analysis/
• U.S. CERT Definition & Best Practices Document on Architecture Risk Analysis: https://www.us-cert.gov/bsi/articles/best-practices/architectural-risk-analysis/architectural-risk-analysis
• Lecture 28: Threat Modeling, or Architectural Risk Analysis - Coursera-hosted lecture on this topic by Michael Hicks, University of Maryland, College Park: https://www.coursera.org/learn/software-security/lecture/bQAoU/threat-modeling-or-architectural-risk-analysis
• "A Non-Trivial Task of Introducing Architecture Risk Analysis into Software Development Process." OWASP EU presentation by Denis Pilipchuk, Global Product Security, Oracle: http://2014.appsec.eu/wp-content/uploads/2014/07/Denis.Pilipchuk-A-non-trivial-task-of-Introducing-Architecture-Risk-Analysis-into-the-Software-Development-Process.pdf
• Mitre Att&ck threat list https://mitre.github.io/attack-navigator/enterprise/
  ATT&CK is a catalog of techniques and tactics that describe post-compromise adversary behavior on typical enterprise IT environments. The core use cases involve using the catalog to analyze, triage, compare, describe, relate, and share post-compromise adversary behavior.
• The Common Attack Pattern Enumeration and Classification dictionary and classification taxonomy (CAPEC):
  Understanding how the adversary operates is essential to effective cyber security. CAPEC™ helps by providing a comprehensive dictionary of known patterns of attacks employed by adversaries to exploit known weaknesses in cyber-enabled capabilities. It can be used by analysts, developers, testers, and educators to advance community understanding and enhance defenses.
  • Focuses on application security
  • Enumerates exploits against vulnerable systems
  • Includes social engineering / supply chain
  • Associated with Common Weakness Enumeration (CWE)
    http://capec.mitre.org/data/
• Example Attack Taxonomy from CAPEC http://capec.mitre.org/data/definitions/2000.html
• “The STRIDE Threat Model.” http://msdn.microsoft.com/en-US/library/ee823878(v=cs.20).aspx
• "Improving Web Application Security: Chapter 3, Threat Modeling -- Threats and Countermeasures." http://msdn.microsoft.com/en-us/library/ff648644.aspx (In depth review of STRIDE and DREAD.)
• "How To: Create a Threat Model for a Web Application at Design Time." http://msdn.microsoft.com/en-us/library/ms978527.aspx
• "Walkthrough: Creating a Threat Model for a Web Application." http://msdn.microsoft.com/en-us/library/ms978538.aspx
• "Application Threat Modeling (OWASP)" https://www.owasp.org/index.php/Application_Threat_Modeling
• "Threat Modeling Cheat Sheet (OWASP)" https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Threat_Modeling_Cheat_Sheet.md
• "OWASP Risk Rating Methodology" https://www.owasp.org/index.php/OWASP_Risk_Rating_Methodology
• "A Complete Guide to the Common Vulnerability Scoring System Version 2.0" http://www.first.org/cvss/cvss-guide.html

Web Application Vulnerability Analysis and Pen Testing

• List of awesome penetration testing resources, tools and other shiny things https://github.com/enaqx/awesome-pentest
• Awesome collection of hacking tools https://github.com/jekil/awesome-hacking
• Automated NoSQL database enumeration and web application exploitation tool https://github.com/codingo/NoSQLMap
• An eccentric collection of links to pen testing resources https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE
• The Open Penetration Testing Bookmarks Collection https://github.com/Oweoqi/pentest-bookmarks/blob/master/BookmarksList.md
• Collection of pentest resources https://github.com/1N3/
• OWASP Web Application Security Testing Cheatsheet https://www.owasp.org/index.php/Web_Application_Security_Testing_Cheat_Sheet
• Weird Proxies: a cheat sheet about behaviour of various reverse proxies, cache proxies, load balancers, etc. https://github.com/GrrrDog/weird_proxies
• Collection of security tool cheat sheets https://github.com/gnebbia/cheatsheets/tree/master/sectool
• OWASP based Web Application Security Testing Checklist as an Excel Workbook https://github.com/tanprathan/OWASP-Testing-Checklist
• Web Application Security Guide/Checklist. https://en.wikibooks.org/wiki/Web_Application_Security_Guide/Checklist
• Awesome WAF https://github.com/0xInfection/Awesome-WAF
• Open Source Security Testing Methodology Manual (OSSTMM) http://www.isecom.org/research/osstmm.html
• Session Hijacking Cheat Sheet http://resources.infosecinstitute.com/session-hijacking-cheat-sheet/
• SecLists is the security tester's companion. It is a collection of multiple types of lists used during security assessments. List types include usernames, passwords, URLs, sensitive data grep strings, fuzzing payloads, and many more. https://github.com/danielmiessler/SecLists
• Penetration Testers Framework (PTF) https://github.com/trustedsec/ptf
• Social-Engineer Toolkit (SET) https://github.com/trustedsec/social-engineer-toolkit
• A Python based web application scanner - BlackWidow - with Docker help https://github.com/1N3/BlackWidow
• Sn1per - Automated pentest framework for offensive security experts https://github.com/1N3/Sn1per
• Arachni Web Application Security Scanner Framework {Ruby centric} http://www.arachni-scanner.com/
• Sn1per is an automated scanner {php} to enumerate and scan for vulnerabilities https://github.com/1N3/Sn1per
• WhatWeb - Next generation web scanner https://github.com/urbanadventurer/WhatWeb
• OWASP-Nettacker - Automated Penetration Testing Framework https://github.com/zdresearch/OWASP-Nettacker
• windows-privesc-check - Security Auditing Tool For Windows https://code.google.com/archive/p/windows-privesc-check/source/default/source and https://github.com/1N3/PrivEsc/blob/master/windows/windows-privesc-check/windows-privesc-check.py
• http://securitywing.com/63-web-application-security-checklist-auditors-developers/ (very high level)
• Website fingerprint script https://github.com/bgiarrizzo/website-fingerprint
• Awesome Mainframe Hacking/Pentesting Resources.https://github.com/samanL33T/Awesome-Mainframe-Hacking/
• Excellent list of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc. https://github.com/toniblyx/my-arsenal-of-aws-security-tools
• CloudGoat, Rhino Security Labs' "Vulnerable by Design" AWS deployment tool. https://github.com/RhinoSecurityLabs/cloudgoat
• Offensive security testing of your AWS environmtne https://github.com/RhinoSecurityLabs/pacu
• Offensive security testing of your CMS - CMS Detection and Exploitation suite - Scan WordPress, Joomla, Drupal and over 170 other CMSs https://github.com/Tuhinshubhra/CMSeeK
• Tool-X - a kali linux tool installer for Android Termux https://github.com/rajkumardusad/Tool-X
• An interesting study script intended to automate your reconnaissance work https://github.com/0blio/lazyrecon
• Abbreviated vulnerability assessment/recon https://github.com/jivoi/pentest
• 'domain-scan' A lightweight scan pipeline for orchestrating third party tools, at scale and (optionally) using serverless infrastructure https://github.com/18F/domain-scan
• Offensive Web Testing Framework (OWTF), is a framework https://github.com/owtf/owtf
• Offensive Web Application Penetration Testing Framework https://github.com/0xInfection/TIDoS-Framework
• Cross Site Request Forgery (CSRF) Audit and Exploitation Toolkit https://github.com/0xInfection/XSRFProbe
• Web Application Firewall Fingerprinting Tool https://github.com/EnableSecurity/wafw00f
• Know your network -- The Ultimate PCAP https://weberblog.net/the-ultimate-pcap/
• Deploy a private Burp Collaborator Server in Azure. By Javier Olmedo, Jun 17, 2019 https://medium.com/bugbountywriteup/deploy-a-private-burp-collaborator-server-in-azure-f0d932ae1d70
• and Chrome's internal URLs for problem solving chrome://chrome-urls/
• nmap tutorial https://github.com/gnebbia/nmap_tutorial

Pen testing Linux distros

• BackBox https://backbox.org/
• Blackarch https://blackarch.org/ and https://github.com/BlackArch/blackarch
• Bugtraq-2 http://bugtraq-team.com/
• DemonLinux https://demonlinux.com/about.php
• Fedora Security Lab https://labs.fedoraproject.org/en/security/
• Kali https://www.kali.org/
• Network Security Toolkit, NST http://www.networksecuritytoolkit.org/nst/index.html
• Parrot Security OS https://www.parrotsec.org/
• Shell Script to Convert Your Debian Into Parrot OS Pentesting Mach1ne https://github.com/blackhatethicalhacking/parrotfromdebian
• Pentoo http://www.pentoo.ch/
• and some Security-oriented Docker containers https://github.com/khast3x/Offensive-Dockerfiles
• and if you need a little Linux help https://gto76.github.io/linux-cheatsheet/ and https://github.com/gto76/linux-cheatsheet

BPF Tools Explore your Live Linux Kernel Image - Berkeley Packet Filters & eBPF

• BPF Compiler Collection (BCC) - Tools for BPF-based Linux IO analysis, networking, monitoring, and more https://github.com/iovisor/bcc

Online Scanners

• yougetsignal http://www.yougetsignal.com/tools/open-ports/
  • Reverse IP Domain Check https://www.yougetsignal.com/tools/web-sites-on-web-server/
  • Network Location Check https://www.yougetsignal.com/tools/network-location/
• viewdns [a range of dns tools] http://viewdns.info/
• hackertarget https://hackertarget.com/nmap-online-port-scanner/
  • Dump links from a page https://hackertarget.com/extract-links/
  • And a range of related tools https://hackertarget.com/ip-tools/
• ipfingerprints http://www.ipfingerprints.com/portscan.php
• pingeu http://ping.eu/port-chk/
• spiderip https://spiderip.com/online-port-scan.php
• t1shopper http://www.t1shopper.com/tools/port-scan/
  • Whois Ping Port Scanner NSlookup & Traceroute @ t1shopper http://www.t1shopper.com/tools/
• standingtech https://portscanner.standingtech.com/
  • Convert IP Address to Binary, Hexadecimal, Octal, and Long Integer https://ipaddress.standingtech.com/online-ip-address-converter
• Or use a Python-based command-line utility for using websites that can perform port scans on your behalf https://github.com/vesche/scanless

Markdown

• https://github.com/adam-p/markdown-here/wiki/Markdown-Cheatsheet
• https://bitbucket.org/tutorials/markdowndemo
• Markdown Cheatsheet http://commonmark.org/help/
• https://guides.github.com/pdfs/markdown-cheatsheet-online.pdf
• GitHub Flavored Markdown Spec https://github.github.com/gfm/

JavaScript

• Very basic http://marijnhaverbeke.nl/js-cheatsheet.html
• http://www.cheatography.com/acwinter/cheat-sheets/javascript-basic-advanced-and-more/ and
• http://www.cheatography.com/tag/javascript/ and
• http://www.sitepoint.com/10-javascript-cheat-sheets/
• Learning JavaScript Design Patterns. Volume 1.6.2, By Addy Osmani https://addyosmani.com/resources/essentialjsdesignpatterns/book/
• Programming JavaScript Applications. By Eric Elliott http://chimera.labs.oreilly.com/books/1234000000262/index.html
• Cheatsheets for experienced React developers getting started with TypeScript https://github.com/typescript-cheatsheets/react-typescript-cheatsheet
• Node: Up and Running. By Tom Hughes-Croucher and Mike Wilson http://chimera.labs.oreilly.com/books/1234000001808/index.html
• Narrative workbook -- This is a companion workbook that will assist you in working through the codeX Narrative that is to be provided. Resources and references provided that will assist you in your journey will be published in the repository. https://github.com/codex-academy/codeX_ReleaseOneNarrativeWorkbook
• "Don't make fun of JavaScript" https://github.com/pixari/dmfojs and - GitBook Format - https://book.dmfoj.dev

General Secure Programming

• Fortify Taxonomy of Secure Software Errors. https://vulncat.fortify.com/en
• Awesome App-Sec. A curated list of resources for learning about application security. https://github.com/paragonie/awesome-appsec
• Awesome Static Analysis - a collection of static analysis tools and code quality checkers. https://github.com/mre/awesome-static-analysis
• Python Taint -- pyt -- A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications https://github.com/python-security/pyt
• Awesome CI {Continuation Integration}, Incl. tools for git, file and static source code security analysis - https://github.com/cytopia/awesome-ci
• "Avoiding the Top 10 Security Flaws." Design guidance by the IEEE Center for Secure Design (CSD), http://cybersecurity.ieee.org/center-for-secure-design/avoiding-the-top-10-security-flaws.html
• The IEEE Computer Society Center for Secure Design. http://cybersecurity.ieee.org/center-for-secure-design.html
• The OWASP Application Security Verification Standard (ASVS) Project attempts to provide a basis for testing web application technical security controls. https://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project
• OWASP Cheat Sheet Series -- a collection of high value information on specific web application security topics https://www.owasp.org/index.php/Cheat_Sheets and https://cheatsheetseries.owasp.org/
• Collection of OWASP Web Application Security Testing Cheat Sheets https://www.owasp.org/index.php/Web_Application_Security_Testing_Cheat_Sheet
• Web Application Security Guide/Checklist https://en.wikibooks.org/wiki/Web_Application_Security_Guide/Checklist
• CSRN Security Checklist for Software Developers https://security.web.cern.ch/security/recommendations/en/checklist_for_coders.shtml
• Web Application Security Guide https://en.wikibooks.org/wiki/Web_Application_Security_Guide
• DISA Information Assurance Support Environment http://iase.disa.mil/Pages/index.aspx
• Security Technical Implementation Guides (STIGs) http://iase.disa.mil/stigs/Pages/index.aspx
• Application Security STIGs http://iase.disa.mil/stigs/app-security/app-security/Pages/index.aspx
• Application Aecurity and Development Security Technical Implementation Guide, Version 3, Release 10 - 23 January 2015 http://iase.disa.mil/stigs/Documents/U_Application_Security_and_Development_V3R10_STIG.zip
• DoD Cloud Computing Security http://iase.disa.mil/cloud_security/Pages/index.aspx
• IASE Application Security http://iase.disa.mil/stigs/app-security/Pages/index.aspx
• Excellent STIG viewer https://www.stigviewer.com/stigs
• Equally excellent Common Controls viewer https://www.unifiedcompliance.com/products/search-controls/
• DOD Instruction 8500.2 Full Control List https://www.stigviewer.com/controls/8500
• NIST 800-53 Controls Veiwer https://www.stigviewer.com/controls/800-53
• Unified Compliance Hub for navigating the ever-evolving rats nest of public and private mandates https://www.unifiedcompliance.com/products/
• http://www.cheatography.com/tag/programming/
• XSS Prevention Cheat Sheet from OWASP: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet
• Fortify Taxonomy of Secure Software Errors. https://vulncat.fortify.com/en
• Java Deserialization Cheat Sheet https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet
• HTTP Status Codes on-line https://httpstatuses.com/
• HTTP Status Codes local https://github.com/mychris/scripts/blob/master/httpstatus
• Sometimes it is just important to get started: "Hello world in every computer language." https://github.com/leachim6/hello-world
• And a 'free' temporary platform may also be important: "A list of SaaS, PaaS and IaaS offerings that have free tiers of interest to devops and infradev." https://github.com/haneefmubarak/free-for-dev
• Collection of the most common vulnerabilities found in iOS applications https://github.com/felixgr/secure-ios-app-dev
• Application logging guidance https://github.com/mccright/references/blob/master/AppSec-Logging.md
• The TIOBE Index of programming language popularity https://www.tiobe.com/tiobe-index/

PHP

• Awesome PHP. A curated list of PHP libraries, resources and shiny things. https://github.com/ziadoz/awesome-php
• http://www.cheatography.com/tag/php/
• PHP Security Guide, 2005. http://phpsec.org/projects/guide/
• Survive The Deep End: PHP Security, 2015. https://phpsecurity.readthedocs.org/en/latest/
• Hacking with PHP -> Securty Concerns. http://www.hackingwithphp.com/17/0/0/security-concerns
• PHP The Right Way -> Security. http://www.phptherightway.com/#security
• PHP Best Practices -- A short, practical guide for common and confusing PHP tasks: https://phpbestpractices.org/

Python

• Python Cheatsheet, comprehensive https://gto76.github.io/python-cheatsheet/ and https://github.com/gto76/python-cheatsheet
• Python Cheatsheet https://cheatsheets.quantecon.org/python-cheatsheet.html
• Python Cheatsheet from kickstartcoding https://github.com/kickstartcoding/cheatsheets/blob/master/build/topical/python.pdf
• Docker Official Python Images https://hub.docker.com/_/python
• A deep dive into the official Docker image for Python https://pythonspeed.com/articles/official-python-docker-image/
• The best Docker base image for your Python application (April 2020) tl;dr; Ubuntu LTS or Docker Official Python Debian https://pythonspeed.com/articles/base-image-python-docker-images/
• PyFormat Using % and .format() https://pyformat.info/
• Python's strftime directives https://strftime.org/
• Python's Pathlib explained https://rednafi.github.io/digressions/python/2020/04/13/python-pathlib.html
• Type hints cheat sheet (Python 3) https://mypy.readthedocs.io/en/stable/cheat_sheet_py3.html
• Write Pythonic Code Like a Seasoned Developer Course https://training.talkpython.fm/courses/explore_pythonic_code/write-pythonic-code-like-a-seasoned-developer and https://github.com/mikeckennedy/write-pythonic-code-demos
• 71 Python Code Snippets for Everyday Problems https://therenegadecoder.com/code/python-code-snippets-for-everyday-problems/#checking-if-a-file-exists
• 30-seconds-of-python - Curated collection of useful Python snippets that you can understand in 30 seconds or less https://github.com/30-seconds/30-seconds-of-python
• Packaging Projects with Python https://github.com/russomi/packaging_tutorial and https://packaging.python.org/tutorials/packaging-projects/
• MATLAB–Python–Julia cheatsheet https://cheatsheets.quantecon.org/
• Awesome Python -- A curated list of awesome Python frameworks, libraries and software. Inspired by awesome-php. https://github.com/vinta/awesome-python
• Awesome Python Security https://github.com/guardrailsio/awesome-python-security
• Awesome Flask https://github.com/mjhea0/awesome-flask
• Python Docker image with poetry as dependency manager. https://github.com/etienne-napoleone/docker-python-poetry
• Essential python tools - Quality http://aboumrad.info/essential-python-tools-quality.html
• Pythonic Data Structures and Algorithms https://github.com/keon/algorithms
• Error-handling examples: https://github.com/ianozsvald/python_exception_examples/blob/master/examples.py
• Datetime examples: https://github.com/ianozsvald/datetime-examples/blob/master/examples.py
• Scientific Python Cheatsheet https://ipgp.github.io/scientific_python_cheat_sheet/
• "10 Useful Python Data Visualization Libraries for Any Discipline" by Melissa Bierly https://blog.modeanalytics.com/python-data-visualization-libraries/
• Counting things in Python http://treyhunner.com/2015/11/counting-things-in-python/
• Crypto101: an introductory course on cryptography. https://www.crypto101.io/
• The Data Scientist's Toolbox https://www.coursera.org/learn/data-scientists-tools
• Compiler-free Python crypto library https://github.com/wbond/oscrypto
• Python library to convert Microsoft Outlook .msg files to .eml/MIME message files https://github.com/JoshData/convert-outlook-msg-file
• Understanding iteration in Python https://github.com/wyounas/python_training_hq/tree/master/blog_iterator_code_samples
• Virtualenv https://virtualenv.pypa.io/en/latest/installation.html and a how-to https://www.youtube.com/watch?v=N5vscPTWKOk
  Along with related/supporting projects:
  • virtualenvwrapper - a useful set of scripts for creating and deleting virtual environments https://pypi.org/project/virtualenvwrapper
  • pew: provides a set of commands to manage multiple virtual environments https://pypi.org/project/pew
  • tox: a generic virtualenv management and test automation command line tool, driven by a tox.ini configuration file https://pypi.org/project/tox
  • nox: a tool that automates testing in multiple Python environments, similar to tox, driven by a noxfile.py configuration file https://pypi.org/project/nox
  • And a how-to https://www.youtube.com/watch?v=N5vscPTWKOk
• How to write good quality Python code with GitHub Actions. By Wojciech Krzywiec https://medium.com/@wkrzywiec/how-to-write-good-quality-python-code-with-github-actions-2f635a2ab09a
• Automating Every Aspect of Your Python Project https://martinheinz.dev/blog/17
• An open-source chart and map framework for realtime data https://github.com/pubnub/eon
• Datagen - create sample delimited data using a simple schema format so you can get to work https://github.com/toddwilson/datagen
• An asynchronous tasks library using asyncio https://github.com/joegasewicz/pytask-io
• Render local readme files before sending off to GitHub https://github.com/joeyespo/grip and a sample Python script to generate bulk documentation https://gist.github.com/mrexmelle/659abc02ae1295d60647
• A general purpose Python automatization library with real-time web UI https://github.com/tuomas2/automate
• tmux session manager https://github.com/tmux-python/tmuxp
• web.py is a web framework for Python that is as simple as it is powerful. https://github.com/webpy/webpy
• A basic spreadsheet to api engine https://github.com/18F/autoapi
• Blog with git https://github.com/joeyespo/gitpress
• deadlinks - link checker https://github.com/butuzov/deadlinks
• A rough RSS/Atom feed parser https://github.com/dcramer/feedreader
  pyautogit https://github.com/jwlodek/pyautogit
• Library of 60+ commonly-used validator functions https://github.com/insightindustry/validator-collection
• A python library for parsing multiple types of config files, envvars & command line arguments https://github.com/naorlivne/parse_it
• Some examples of how to use the Python module ‘configparser‘ https://github.com/revfran/pythonConfigParsing, https://github.com/VakinduPhilliam/Python_Configuration_Parser
• present: A terminal-based presentation tool with colors and effects. https://github.com/vinayak-mehta/present

Crypto

• Matthew Green's List of Crypto Resources: http://blog.cryptographyengineering.com/
• Crypto101: an introductory course on cryptography. https://www.crypto101.io/
• Compiler-free Python crypto library https://github.com/wbond/oscrypto
• The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis https://gchq.github.io/CyberChef and https://github.com/gchq/CyberChef

Regex

• Test your regex on line: https://regex101.com/
• Test your JavaScript style regex: https://regexper.com/
• OWASP Validation Regex Repository https://www.owasp.org/index.php/OWASP_Validation_Regex_Repository
• A really big collection of regex resources http://regexlib.com/
• http://www.cheatography.com/davechild/cheat-sheets/regular-expressions/ and
• http://www.cheatography.com/tag/regex/
• Another collection of examples: http://www.regular-expressions.info/examples.html
• Includes a collection of regexes for apikeys/tokens https://github.com/m4ll0k/BurpSuite-Secret_Finder/blob/master/SecretFinder.py

DOS/Windows Shell

• Guide to Batch Scripting http://steve-jansen.github.io/guides/windows-batch-scripting/

Information Sources for your Security Investigations
A starter list of information sources for your security investigations & integrations:
(Thank you https://github.com/cloudtracer/ThreatPinchLookup)

• Awesome OSINT https://github.com/jivoi/awesome-osint
• Ammar Amer's OSINT resources https://github.com/blaCCkHatHacEEkr/OSINT_TIPS
• Discover Your Attack Surface https://github.com/intrigueio/intrigue-core
• Alienvault OTX for IPv4, CVE, MD5, SHA1 and SHA2 lookups https://otx.alienvault.com/
• Bitcoin Whos Who for Bitcoin lookups http://bitcoinwhoswho.com/
• BlockChain.info for Bitcoin lookups https://blockchain.info/
• BTC for Bitcoin lookups https://btc.com/
• Censys.io for IPv4 lookups https://censys.io/
• CIRCL (Computer Incident Response Center Luxembourg) for CVE lookups https://www.circl.lu/
• Cymon.io for IPv4 lookups https://cymon.io/
• Google Safe Browsing for URL lookups https://safebrowsing.google.com/
• Have I Been Pwned for Email lookups https://haveibeenpwned.com/
• IBM XForce Exchange for IPv4, EFQDN lookups [https://exchange.xforce.ibmcloud.com
• IP Geo Tool {free} for your script integration: [https://tools.keycdn.com/geo.json?host={IP or hostname}](https://tools.keycdn.com/geo.json?host={IP or hostname})
• MISP for MD5 and SHA2 http://www.misp-project.org/
  • Also consider MISP Taxonomies for your integration work https://github.com/MISP/misp-taxonomies/
• PassiveTotal for FQDN Whois lookups https://www.passivetotal.org/
• PulseDive for IPv4, FQDN and URL lookups https://pulsedive.com/
• Recorded Future for IPv4, FQDN, MD5, SHA1 and SHA2 lookups http://recordedfuture.com/
• Shodan for IPv4 lookups https://www.shodan.io/
  • Search Query Fundamentals: https://help.shodan.io/the-basics/search-query-fundamentals
  • REST and Streaming API Queries: https://developer.shodan.io/api/banner-specification
• ThreatCrowd for IPv4, FQDN and MD5 lookups https://www.threatcrowd.org/
• ThreatMiner: IPv4, Email, FQDN, MD5, SHA1 and SHA2 lookups https://www.threatminer.org/
• VirusTotal for MD5, SHA1, SHA2, URL and FQDN lookups https://www.virustotal.com/
• ZoomEye for IPv4 lookups https://www.zoomeye.org/
• Buster, An advanced tool for email reconnaissance https://github.com/sham00n/buster
• WayBulk, Search a list of domains on the wayback machine https://github.com/sham00n/waybulk

Math and Statistics

• Statistics in Pandas Cheatsheet https://cheatsheets.quantecon.org/stats-cheatsheet.html
• Manish Saraswat's list of Free books on statistics mathematics data science http://www.analyticsvidhya.com/blog/2016/02/free-read-books-statistics-mathematics-data-science/
• Chen’s Free Data Science Books http://www.wzchen.com/data-science-books/
• Complete guide to create a Time Series Forecast (Python) http://www.analyticsvidhya.com/blog/2016/02/time-series-forecasting-codes-python/ and in R http://www.analyticsvidhya.com/blog/2015/12/complete-tutorial-time-series-modeling/

Text to Speech

• eSpeak NG https://github.com/espeak-ng/espeak-ng
• Using eSpeak and eSpeakNG https://vitux.com/convert-text-to-voice-with-espeak-on-ubuntu/
• eSpeak NG TTS Bindings for Python3 https://github.com/sayak-brm/espeakng-python

Random Cheat Sheets

• OWASP Cheat Sheet Series index: https://github.com/OWASP/CheatSheetSeries/blob/master/Index.md and https://cheatsheetseries.owasp.org/
• Massive list of links to lists associated with programming and languages https://neverendingsecurity.wordpress.com/category/documents-manuals/mind-maps/
• SQL Injection Cheat Sheet https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet/
• Collection of SQL Injection Cheat Sheets http://pentestmonkey.net/cheat-sheet/sql-injection/mssql-sql-injection-cheat-sheet
• Random reminder of how SQL Joins work. http://blog.codinghorror.com/a-visual-explanation-of-sql-joins/ Browse the comments as well. And if that doesn't do it, try http://gplivna.blogspot.com/2008/01/sql-join-types-im-studying-bit-sql.html
• Random agile development vocabulary http://cheatsheetworld.com/programming/agile-development-cheat-sheet/
• "awesome-incident-response" a curated list of tools and resources for security incident response https://github.com/meirwah/awesome-incident-response
• Incident "Debriefing Facilitation Guide -- Leading Groups at Etsy to Learn From Accidents." by: John Allspaw, Morgan Evans, Daniel Schauenberg; 2016 http://extfiles.etsy.com/DebriefingFacilitationGuide.pdf and in MarkDown format: https://github.com/etsy/DebriefingFacilitationGuide
• "Digital Services Playbook." https://playbook.cio.gov/ and the source in MarkDown at: https://github.com/usds/playbook
• 101 Machine Learning Algorithms for Data Science with Cheat Sheets https://blog.datasciencedojo.com/machine-learning-algorithms/
• An extensive list of filetypes and the application(s) associated with them https://github.com/vscode-icons/vscode-icons/wiki/ListOfFiles

Several Tech Company Research & Security Blogs

• AppScan Standard and AppScan Enterprise Forum http://www.ibm.com/developerworks/forums/forum.jspa?forumID=1320&start=0
• Fortify AppSecurity Blog http://h30499.www3.hp.com/t5/Fortify-Application-Security/bg-p/application-security-fortify-on-demand
• HP Security Research Blog http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/bg-p/off-by-on-software-security-blog
• HP AppSecurity Feed https://twitter.com/HPappsecurity
• IBM Security-Intelligence Feed http://securityintelligence.com/
• IBM Research News http://ibmresearchnews.blogspot.com/
• IBM Research Home http://www.research.ibm.com/
• IBM Community Blogs https://www-304.ibm.com/connections/communities/service/html/allcommunities
• IBM DeveloperWorks Blogs -- Recent Updates https://www.ibm.com/developerworks/
• Microsoft Research Blogs http://blogs.technet.com/b/inside_microsoft_research/
• Microsoft Cybersecurity Blog http://blogs.microsoft.com/cybertrust/category/cybersecurity/ and more generally http://blogs.microsoft.com/cybertrust/
• Microsoft Office365 Developer Blog https://dev.office.com/blogs/
• Google Online Security Blog http://googleonlinesecurity.blogspot.com/
• Google AppSecurity Research https://www.google.com/about/appsecurity/research/ and supporting details at https://code.google.com/p/google-security-research/issues/list?can=1
• PortSwigger (Burp) Blog http://blog.portswigger.net/
• Apple Research News/Blog/Home [oops, I guess there aren't any security blogs here](oops, I guess there aren't any)

Respect software author's license decisions

• Comparison of free and open-source software licenses http://en.wikipedia.org/wiki/Comparison_of_free_and_open-source_software_licenses
• Open Source Initiative list of links to license information http://opensource.org/licenses
• "Various Licenses and Comments about Them" from GNU http://www.gnu.org/philosophy/license-list.html

Various public documents, whitepapers and articles about APT campaigns

• APTnotes is a repository of publicly-available papers and blogs (sorted by year) related to malicious campaigns/activity/software that have been associated with vendor-defined APT (Advanced Persistent Threat) groups and/or tool-sets. https://github.com/aptnotes/data or go directly to the resource links at https://github.com/aptnotes/data/blob/master/APTnotes.csv

Verify those shortened URLs

• https://tinyurl.com/preview.php
• http://checkshorturl.com/
• URL-Expander / URL-Unshortener http://urlex.org/

Find the code you need

• http://c2.com/cgi/wiki?FindPage
• A large collection of sorting algorithms in many languages https://github.com/search?q=sorting+algorithms&ref=reposearch&utf8=%E2%9C%93
• Competitive Programming, algorithms and data structures https://algocoding.wordpress.com/

Then copy & morph

• virtualenv is a tool to create isolated Python environments https://virtualenv.pypa.io/en/latest/
• A relatively quick Python Numpy Tutorial by Justin Johnson. http://cs231n.github.io/python-numpy-tutorial/

Risk Management Frameworks

• Financial Services Sector "Cybersecurity Profile" - 280 'diagnostic statements' https://www.fsscc.org/Financial-Sector-Cybersecurity-Profile
• NIST SP-800-53 v4

Stay Informed (in no particular order - and thank you Joe Fleischman for the starter set)

• Krebs On Security http://krebsonsecurity.com/
• Schneier on Security https://www.schneier.com/
• IBM X-Force Home http://securityintelligence.com/topics/x-force/
• Security Bloggers Network http://www.securitybloggersnetwork.com/security-bloggers-network-the-feed/
• News from NetCraft https://news.netcraft.com/ and their security category at https://news.netcraft.com/archives/category/security/
• Help Net Security http://www.net-security.org/secworld_main.php
• Malwarebytes Blog https://blog.malwarebytes.org/
• Sophos NakedSecurity Blog https://nakedsecurity.sophos.com/
• FreedomHacker http://freedomhacker.net/
• Wired Threat Level http://www.wired.com/category/threatlevel
• Homeland Security News Wire http://www.homelandsecuritynewswire.com/topics/cybersecurity
• CNET http://www.cnet.com/topics/security/
• Threat Post https://threatpost.com/
• SC Magazine http://www.scmagazine.com/news/section/100/
• Reddit (cybersecurity) http://www.reddit.com/r/cybersecurity/
• Mashable (cybersecurity) http://mashable.com/category/cybersecurity/
• Fierce IT Security http://www.fierceitsecurity.com/
  (and for more details)
• 1 Raindrop http://1raindrop.typepad.com/1_raindrop/
• Information Week Dark Reading http://www.darkreading.com/
• White Hat Security Blog https://blog.whitehatsec.com/
• Sucuri Blog https://blog.sucuri.net/
• FireEye Blog https://www.fireeye.com/blog/threat-research.html
• SANS Security Awareness Blog http://www.securingthehuman.org/blog
• SANS Digital Forensics Blog http://digital-forensics.sans.org/blog
• SEI Blog http://blog.sei.cmu.edu/
• System Forensics http://www.sysforensics.org/
• System Admin, Powershell http://sysadminconcombre.blogspot.ca/
• BOT24 http://www.bot24.com/
• DDoS Illustrations at http://www.digitalattackmap.com/ Thank you Diego Navarro.
• Kite Blog: https://kite.com/blog

Software Defined Radio (SDR)

• Overview: http://microhams.blob.core.windows.net/content/2017/03/RTL-SDR-dongle.pdf
• Big List of SDR Applications: https://wiki.radioreference.com/index.php/SDR_Software_Applications
• PDW (Paging decoder for monitoring POCSAG, FLEX, ACARS, MOBITEX & ERMES pager traffic): http://www.discriminator.nl/pdw/index-en.html and https://github.com/Discriminator/PDW
• Unitrunker: http://www.unitrunker.com/ (pager RF-to-text?). Manuals at: http://utahradio.org/mediawiki/index.php/UniTrunker_Guide and http://www.unitrunker.com/windows.html and http://www.unitrunker.com/realtek.html
  Supported protocols (definitions at: http://wiki.radioreference.com/):
  o APCO P25
  o EDACS 4800
  o EDACS 9600
  o Motorola
  o MPT1327
• SDRTrunk
• DMRDecode
• ?? Digital Speech Decoder (software package)
• R820T (integrated multi‐band RF tuner IC implemented in CMOS) data sheet: https://www.rtl-sdr.com/wp-content/uploads/2013/04/R820T_datasheet-Non_R-20111130_unlocked1.pdf
• Rafael Micro R820T2 Data Sheet (24-1766 MHz, newer lower noise version of the R820T): Some info in https://www.rtl-sdr.com/wp-content/uploads/2017/06/RTL-SDR-Blog-V3-Datasheet.pdf and register descriptions here: https://www.rtl-sdr.com/r820t2-register-description-data-sheet-now-available/ and https://www.rtl-sdr.com/wp-content/uploads/2016/12/R820T2_Register_Description.pdf
• Source Code examples for interacting with the R820TU: https://github.com/emeb/r820t2/tree/master/f030_r820t2
• "Hello, world!" for GNSS-SDR: http://gnss-sdr.org/my-first-fix/

Temporary list for new work tools

• Awesome-Security: https://github.com/sbilly/awesome-security
• Awesome console services https://github.com/gnebbia/awesome-console-services
• 'The Book of Secret Knowledge' - A collection of inspiring lists, manuals, cheatsheets, blogs, hacks, one-liners, cli/web tools and more: https://github.com/trimstray/the-book-of-secret-knowledge
• A collection of minimal Docker images: https://github.com/vektorcloud
• Another collection of specialized Docker images: https://github.com/jessfraz/dockerfiles
• A collection of Docker files from CenturyLink Labs: https://github.com/CenturyLinkLabs?q=&type=&language=dockerfile
• A pair of tools for running phishing campaigns to raise security awareness: Swordphish Phishing Awareness Tool https://github.com/certsocietegenerale/swordphish-awareness/ and the Outlook add-in companion to report suspicious mail easily https://github.com/certsocietegenerale/NotifySecurity
• W3C HTML Tidy - Usage: 'curl | Tidy -iq' http://www.html-tidy.org/ and https://github.com/htacg/tidy-html5
• CanaryTokens https://canarytokens.org/generate
• Canary (a 'honeypot' appliance) https://canary.tools/
• WebSphere Password Decoders: http://strelitzia.net/wasXORdecoder/wasXORdecoder.html and http://www.poweredbywebsphere.com/decoder.html
• Conference Session Search Service - Con Collector http://cc.thinkst.com/searchMore/
• Some Open Source Network Monitoring Tools:
  ** Snort: https://www.snort.org/downloads
  ** Suricata: https://suricata-ids.org/
  ** Bro: https://www.bro.org/
  ** OSSEC - Open Source HIDS SECurity https://ossec.github.io/
• Lists of IP addresses by Country - use to block or to assess your log data, etc. http://www.ipdeny.com/ipblocks/
• Words are important, choose them well https://wordnik.com/
• Check a site or service https://www.hurl.it/
• G Suite Toolbox Browserinfo -- very handy https://toolbox.googleapps.com/apps/browserinfo/
• A useful set of app-friendly utilities https://httpbin.org/, for example, what is your current IP address https://httpbin.org/ip
• A fake DNS server that allows you to stealthily extract files from a victim machine through DNS requests https://github.com/m57/dnsteal
• A collection of default Oracle usernames and passwords https://github.com/Oweoqi/oracle_creds
• Sometimes you need a little local web server https://github.com/kzahel/web-server-chrome
• Sometimes only ASCII is needed/allowed -- Convert a HTML table into ASCII table using Python: Colspan and Rowspan allowed https://github.com/gustavklopp/DashTable
• Reference (probably dated, but better than nothing) List of all generic top level domains https://github.com/kyleconroy/gtlds
• FuzzDB Project https://github.com/fuzzdb-project/fuzzdb
• Free IP geolocation API: 'curl http://api.db-ip.com/v2/free/' or curl http://api.db-ip.com/v2/free//countryName [up to 1000/day]
• GetGeoIPContext web service to easily look up countries by Context http://www.webservicex.net/geoipservice.asmx/GetGeoIPContext?
• GetGeoIP web service to easily look up countries by IP address http://www.webservicex.net/geoipservice.asmx/GetGeoIP?IPAddress=string
• Get domain name registration record by Host Name / Domain Name (WhoIS) http://www.webservicex.net/whois.asmx/GetWhoIS?HostName=string
• Get weather report for any major cities around the world http://www.webservicex.net/globalweather.asmx/GetWeather?CityName=string&CountryName=string
• A much better way to get weather! ...in your terminal https://github.com/chubin/wttr.in and then try some one-liners, for example:
  • ~$ curl https://wttr.in/yourCity?format="%l:+%t+%w+%h+%f"
  • in your .bashrc: alias weather='curl https://wttr.in/yourCity'
• Get Currency, Curreny code, International Dialing code, ISO country code for all countries http://www.webservicex.net/New/Home/ServiceDetail/19
• Get State Code,City,Area Code,Time Zone,Zip Code http://www.webservicex.net/New/Home/ServiceDetail/42
• GetAirportInformationByCountry http://www.webservicex.net/New/Home/ServiceDetail/20
• Website style analizer for designers http://stylifyme.com/ and source at: https://github.com/micmro/Stylify-Me

Bash Shell

• Bash scripting CheatSheet https://devhints.io/bash
• Pure Bash Bible https://github.com/dylanaraps/pure-bash-bible
• Slack CLI via pure bash https://github.com/rockymadden/slack-cli
• A beginner's guide to setting up a development environment on macOS https://github.com/nicolashery/mac-dev-setup

Development Environment on a Mac

• A beginner's guide to setting up a development environment on macOS https://github.com/nicolashery/mac-dev-setup
• "A shell script which turns your Mac into an awesome web development machine." https://github.com/18F/laptop

There is probably some free training for that...

• Find a class at https://www.classcentral.com/search or https://www.classcentral.com/subjects
• Find out about assistance at: https://www.classcentral.com/help/moocs
  • By universities (938 on 12 Sept 2020): https://www.classcentral.com/universities
  • By sub-groups of universities: https://www.classcentral.com/collection/ivy-league-moocs
  • By commercial Institutions (551 on 12 Sept 2020): https://www.classcentral.com/institutions
• Free Online Learning Due to Coronavirus - ClassCentral maintains a list of temporarily free courses at: https://www.classcentral.com/report/free-online-learning-coronavirus/
• M.I.T. offers free content on OpenCourseWare: https://ocw.mit.edu/index.htm
• Open Culture lists more than 1,500 courses: http://www.openculture.com/freeonlinecourses
• Coursera https://www.coursera.org/ and https://www.classcentral.com/report/coursera-free-certificate-covid-19/
• edX https://www.edx.org/
• FutureLearn https://www.futurelearn.com/ and https://www.classcentral.com/report/futurelearn-free-certificates/
• Udacity https://www.udacity.com/
• Udemy https://www.udemy.com/courses/free/
• Upgrad https://www.upgrad.com/free-courses/

Temporary list for work tools or other resources requiring more follow-up

• Begone Ads [Python] https://github.com/anned20/begoneads/tree/master/begoneads
• READ: "A Building Code for Building Code -- Putting What We Know Works to Work." By Carl E. Landwehr. http://www.landwehr.org/2013-12-cl-acsac-essay-bc.pdf
• Tufin http://www.tufin.com/
• Viewfinity http://www.viewfinity.com/
• Check Various tools for testing RFC 5077 https://github.com/vincentbernat/rfc5077
• Check interactive SNMP tool with Python https://github.com/vincentbernat/snimpy
• layer 2 network discovery application https://github.com/vincentbernat/wiremaps
• What Port Is? https://github.com/ncrocfer/whatportis
• Java 8 Cheat Sheet: http://zeroturnaround.com/wp-content/uploads/2015/12/RebelLabs-Java-8-cheat-sheet.png
• Crypto101: an introductory course on cryptography. https://www.crypto101.io/
• Handy list of browser user-agent strings (long) in PHP code: https://github.com/smxi/php-browser-detection/blob/master/browser_detection.inc
• 7500 user-agent strings from Jerry Gamblin https://github.com/jgamblin/curluseragent/blob/master/ua.txt
• Another list (short) of UA strings, categorized by device types https://github.com/miketaylr/useragent-switcher-xml/blob/master/useragentswitcher.xml
• Google Fiber Wifi Data Presentation http://apenwarr.ca/diary/wifi-data-apenwarr-201602.pdf and related utilities: https://gfiber.googlesource.com/vendor/google/platform/+/master/spectralanalyzer/ & https://github.com/apenwarr/wavedroplet/ & blip https://github.com/apenwarr/blip/
• blip latency trending utility https://github.com/apenwarr/blip hosted at http://gfblip.appspot.com/ and the DNS-aware version [don't have this](don't have this) hosted at http://6-dot-gfblip.appspot.com))
• Performance-Bookmarklet helps to analyze the current page through the Resource Timing API, Navigation Timing API and User-Timing - requests by type, domain, load times, marks and more. https://github.com/micmro/performance-bookmarklet
• Transparent proxy server https://github.com/apenwarr/sshuttle
• Packet decoding for the Go language https://github.com/apenwarr/gopacket and https://github.com/google/gopacket
• Very fast C++ importer from csv files to sqlite3 databases https://github.com/apenwarr/csv2sqlite
• A feature-packed Python package and for utilizing SQLite in Python by Plasticity https://github.com/plasticityai/supersqlite
• An idea for csv-to-json {csv2json.py} https://github.com/apenwarr/afterquery/blob/master/csv2json.py
• Simple static page development grunt setup https://github.com/micmro/grunt-simple-boilerplate
• WiGPSFi – ESP8266 + GPS http://euerdesign.de/2016/04/16/wigpsfi-esp8266-gps/
• Creepy Wireless Stalking Made Easy https://hackaday.com/2016/12/04/creepy-wireless-stalking-made-easy/
• WarWalking With The ESP8266 https://hackaday.com/2016/10/23/warwalking-with-the-esp8266/
• Windows 10 Wi-Fi Analyzer https://www.microsoft.com/en-us/store/p/wifi-analyzer/9nblggh33n0n

Other

• DoD Cyber Workforce Framework - interesting way to describe roles https://public.cyber.mil/cw/dcwf/
• Satellite view of my weather http://re.ssec.wisc.edu/
• High-resolution imagery via Earth Engine https://explorer.earthengine.google.com/#workspace
• Remittances sent from United States to other countries in USD https://remittancesbycountry.site/country/united_states
• International Building Code, 2012, Second Printing. http://publicecodes.cyberregs.com/icod/ibc/2012/index.htm
• ISO Country List https://www.iso.org/obp/ui/#search
• Script that extracts character names from a text file and performs analysis of text sentences containing the names. https://github.com/emdaniels/character-extraction
• The definitive list of lists (of lists) curated on GitHub https://github.com/jnv/lists
• Mobile App Pentesting Cheetsheet https://github.com/tanprathan/MobileApp-Pentest-Cheatsheet/blob/master/README.md
• Free Programming Books https://github.com/vhf/free-programming-books/blob/master/free-programming-books.md
• More Free Programming Books https://github.com/EbookFoundation/free-programming-books/blob/master/free-programming-books.md
• Tool by Tool, Skill by Skill. By Simon St.Laurent http://chimera.labs.oreilly.com/books/1234000000882/index.html Especially Appendix B. Sharpening and Maintenance Basics. http://chimera.labs.oreilly.com/books/1234000000882/apb.html
• Awesome Selfhosted. This is a list of Free Software network services and web applications which can be hosted locally. https://github.com/Kickball/awesome-selfhosted
• Awesome SysAdmin. A list of open source sysadmin resources. https://github.com/kahun/awesome-sysadmin
• Awesome Data Science. A repository of resources to learn and apply for real world problems. https://github.com/okulbilisim/awesome-datascience
• Awesome R https://github.com/qinwf/awesome-R and https://awesome-r.com/
• Managing risk in the context of a long time-horizon.
  • See the "Global Risks 2014 - Ninth Edition" Insight Report from the World Economic Forum. http://www3.weforum.org/docs/WEF_GlobalRisks_Report_2014.pdf Especially part 2, pages 38-49. It is a short read on risks associated with -- among other topics -- the way the Internet is evolving, risks associated with "trust," and "managing risk" in the context of a long time-horizon.
  • Also: "Global Risks 2015 - Tenth Edition" http://www3.weforum.org/docs/WEF_Global_Risks_2015_Report15.pdf
  • And more recently: "Global Risks 2016 - Eleventh Edition" http://www3.weforum.org/docs/GRR/WEF_GRR16.pdf
  • And 2017: "Global Risks 2017 -- 12th Edition" http://www3.weforum.org/docs/GRR17_Report_web.pdf
  • And 2018: "The Global Risks Report 2018 - 13th Edition" http://www3.weforum.org/docs/WEF_GRR18_Report.pdf
  • And 2019: "The Global Risks Report 2019 - 14th Edition" http://www3.weforum.org/docs/WEF_Global_Risks_Report_2019.pdf
  • And most recently: "The Global Risks Report 2020 - 15th Edition"http://www3.weforum.org/docs/WEF_Global_Risk_Report_2020.pdf
• A definitive list of tools for generating static websites https://github.com/pinceladasdaweb/Static-Site-Generators
• The definitive list of newsletters to keep up to date on various web development technologies https://github.com/pinceladasdaweb/Upgrade-your-brain
• hack-font for your development environment https://www.npmjs.com/package/hack-font
• Big list of HTTP media types https://www.iana.org/assignments/media-types/media-types.xhtml
• Open source, free textbooks: https://ocw.mit.edu/courses/online-textbooks/ and https://openstax.org/
• WhitePages: https://www.therealyellowpages.com/Des-Moines-Regional-IA-2019/1/
• and something completely different https://ir.uiowa.edu/annals-of-iowa/
• Architecture Patterns with Python, Enabling Test-Driven Development, Domain-Driven Design, and Event-Driven Microservices. (A Book about Pythonic Application Architecture Patterns for Managing Complexity.)
  By Harry Percival, Bob Gregory https://github.com/cosmicpython/book and http://shop.oreilly.com/product/0636920254638.do

Projects associated with Novel Corona Virus - COVID-19
See: https://github.com/mccright/rand-notes/blob/master/Novel-Corona-Virus-COVID-19.md