Paul McCarty's repositories
DevSecOps-Playbook
This is a step-by-step guide to implementing a DevSecOps program for any size organization
commit-audit
Shell script that checks if git commits are signed
git-hunter
Find threats in your source code
awesome-cicd-attacks
Practical resources for offensive CI/CD security research. Curated the best resources I've seen since 2021.
buildkite-agent
The Buildkite Agent is an open-source toolkit written in Go for securely running build jobs on any device or network
cloud-headers
This is a authoratative listing of all the HTTP headers used by the major cloud providers
CodeReviewWorkshop
Materials for "The Art of Finding Security Vulnerabilities in Code" workshop
hacktricks
Welcome to the page where you will find each trick/technique/whatever I have learnt in CTFs, real life apps, and reading researches and news.
APAC-Conferences
A community contributed consolidated list of InfoSec meetups in the Asia Pacific region.
Bash-web-server
A purely bash web server, no socat, netcat, etc...
books
📚 I've captured the responses from various discussions of movies, tv shows, books and events that infosec peeps love.
code-puppets
Code Puppets are sock puppets that malicious actors use to attack the software supply chain
fake-git-history
Generate Git commits.
free-training
Free training resources
polyfill-service
Automatic polyfill service.
redteamsummit.github.io
RTS Website
sectalks.github.io
SecTalks socially authored website
wg-securing-software-repos
OpenSSF Working Group on Securing Software Repositories
www-revent-appsec-pacific-northwest-security-conference
OWASP Foundation Web Respository