Create several new files and update corresponding README markdowns

SpycioKon · Apr 18, 2018 · 845c68c · 845c68c
1 parent fdfc06e
commit 845c68c
Show file tree

Hide file tree

Showing 11 changed files with 216 additions and 8 deletions.
diff --git a/README.md b/README.md
@@ -66,8 +66,6 @@ size of each file to a healthy maximum for manageability purposes.
 The index file in the root folder (`INDEX.md`), as well as the indices in each 
 data directory (`README.md`) are formatted with [GitHub Flavored Markdown](https://github.github.com/gfm/ "GitHub Flavored Markdown Spec").  
 
-* * *
-
 ## Index Describing Each Folder in the Project :clipboard:
 
 arpa-headers: :email: Header fields transmitted over [RFC2822](https://tools.ietf.org/html/rfc2822) style protocols like [SMTP](https://wikipedia.org/wiki/Simple_Mail_Transfer_Protocol)  
@@ -104,7 +102,7 @@ http-methods: :arrow_forward: Names of HTTP [Request methods](https://wikipedia.
 http-params: :abcd: Parameters browsers sometimes send when requesting server [URI](https://wikipedia.org/wiki/Uniform_Resource_Identifier "Uniform Resource Identifier") paths  
 http-paths: :feet: Path names that browsers include in queries to servers  
 http-queries: :grey_question: The object syntax that appears after the question mark in URI's  
-http-security: :cop: Hyper Text Transfer Protocol security info, i.e. CSP  
+http-security: :cop: [HTTP security](https://www.w3.org/Protocols/rfc2616/rfc2616-sec15.html) info such as Content Security Policy
 http-servers: :office: Information related to the usage of web server software  
 http-status: :slot_machine: Numeric [HTTP status](https://httpstatuses.com) codes that denote the status of a web server during reply as specified in [RFC7231](https://tools.ietf.org/html/rfc7231#section-6 "Response Status Codes")  
 inet-addrs: :electric_plug: Numeric Internet addresses a.k.a. IP addresses--mostly version 4  
@@ -129,13 +127,13 @@ perl-data: :camel: Data often seen in [PERL](http://www.perl.org) (Practical Ext
 php-data: :page-facing-up: Files containing information about the [PHP](http://www.php.net) programming language  
 postal-data: :mailbox_with_mail: [United States Postal Service](https://www.usps.com/) information  
 python-data: :snake: Data used by the [Python](https://www.python.org/) scripting language interpreter at runtime  
-radio-data: :radio: Things commonly used in radio frequency transmissions  
+radio-data: :radio: Things commonly used in [radio frequency](https://wikipedia.org/wiki/Radio_frequency) transmissions  
 regex-data: :speech_balloon: Regular expression patterns to mount attacks and match strings  
 ruby-data: :gem: Data typically seen within the syntax of the [Ruby](https://www.ruby-lang.org) scripting language  
 search-dorks: :mag_right: General purpose search-engine queries likely to find insecure sites  
 smtp-messages: :envelope: Messages (i.e. signatures, auto-replies, etc.) sent by [SMTP](https://wikipedia.org/wiki/Simple_Mail_Transfer_Protocol "Simple Mail Transfer Protocol") servers  
 soap-messages: :incoming_envelope: [SOAP](https://wikipedia.org/wiki/SOAP "Simple Object Access Protocol") (Simple Object Access Protocol) messages  
-social-data: :eyes: Sociological or social media related data sets  
+social-data: :eyes: Sociological or [social media](https://wikipedia.org/wiki/Social_media) related data sets  
 software-strs: :minidisc: Strings that describe [software engineering](https://wikipedia.org/wiki/Software_engineering), [programming languages](https://wikipedia.org/wiki/Programming_language), etc.  
 string-enums: :ferris_wheel: Enumerations of values that aren't too terribly unusual  
 system-admin: :necktie: System administration and [BOFH](https://wikipedia.org/wiki/Bastard_Operator_From_Hell) related materials  
@@ -155,11 +153,14 @@ vuln-data: :bar_chart: Information about security vulnerabilities found in serve
 webapp-attacks: :syringe: [Security Proof-of-concept](https://wikipedia.org/wiki/Proof_of_concept#Security) samples demonstrating various styles of web application attacks  
 webapp-data: :briefcase: Data associated with applications hosted on web servers  
 webapp-dirs: Directories related to applications running on a web server  
-webapp-files: :card_index: Files related to applications running on a web server  
+webapp-files: :card_index: Files related to applications running on a [web server](https://wikipedia.org/wiki/Web_server)  
 webapp-paths: :bookmark_tabs: Path names related to applications running on a web server  
 webapp-words: :thought_balloon: Words related to applications running on a web server  
 web-sites: :earth_americas: Addresses to and/or information on well known/organized WWW sites  
 wifi-networks: :satellite: [IEEE 802.11](http://www.ieee802.org/11/ "The Working Group for WLAN Standards") [Wi-Fi](https://wikipedia.org/wiki/Wi-Fi) network information  
 windows-data: :briefcase: Data only found within the [Microsoft Windows](https://wikipedia.org/wiki/Microsoft_Windows) series of OSes  
 
 * * *
+
+* * *
+
diff --git a/chat-data/README.md b/chat-data/README.md
@@ -1,3 +1,5 @@
 ctcp-command-names: Client-to-Client Protocol command name strings  
 freenode-channel-sizes: channels from [freenode](https://freenode.net) IRC sorted by joined client count  
+inspircd-anope-commands: commands accepted by anope IRC services daemon via InspIRCd <https://wiki.inspircd.org/Commands>  
 inspircd-helpop-cmds: commands returned by HELPOP in [InspIRCd](https://inspircd.org) servers  
+inspircd-numerics-replies: list of formats for InspIRCd servers' numeric code replies <http://decal.sdf.org/spotfedsonline/inspircd-numerics.txt>  
diff --git a/code-keywords/README.md b/code-keywords/README.md
@@ -1,4 +1,4 @@
-awk-builtin-variables: builtin variable names and values for AWK language  
+awk-builtin-variables: builtin variable names and values for [AWK](https://wikipedia.org/wiki/AWK) language  
 bing-search-operators: Advanced search operators in the Microsoft [Bing query language](https://msdn.microsoft.com/library/ff795667.aspx "Bing Query Language") <https://msdn.microsoft.com/library/ff795620.aspx>  
 ch-language-keywords: keywords for Ch--the cross-platform C and C++ interpeter  
 esoteric-programming-languages: list of esoteric programming language names from <https://esolangs.org/wiki/Language_list>  

diff --git a/dns-servers/README.md b/dns-servers/README.md
@@ -1,4 +1,5 @@
 alexa-site-nameservers: the nameservers of [Alexa](https://www.alexa.com/) sites advertised by NS records  
+bsdports-dns-tools: <https://github.com/freenas/iocage-ports/tree/master/dns>  
 dnsrd-syslog-codes: [DNS Resources Directory (DNSRD)](http://web.archive.org/web/*/www.dns.net/dnsrd/)  
 dns-root-servers: root zone's nameserver record data for various resource types  
 dnsbrute-resolvers-list: list of public-facing nameservers via `dnsbrute` tool  

diff --git a/software-strs/README.md b/software-strs/README.md
@@ -29,6 +29,7 @@ rfceditor-abbrevs-list: January 2018 RFC Editor Abbreviations List from <https:/
 ruby-gem-list: list of RubyGems generated by the command: `gem search`  
 security-tools-archive: list of security archives tools and software from <http://seclist.us/security-archives>  
 spdx-license-list: commonly found licenses in free and open source software or documentation <https://spdx.org/licenses/>  
+stackoverflow-help-privileges: <https://stackoverflow.com/help/privileges>  
 strings-docker-bin: output of strings on docker container utility binary  
 symantec-removal-tools: list of malware removal/fix tools by Symantec  
 vidgame-malware-removed: list of malware from <https://vidga.me/transparency/malware/removed.txt>  

diff --git a/software-strs/stackoverflow-help-privileges.txt b/software-strs/stackoverflow-help-privileges.txt
@@ -0,0 +1,27 @@
+# reputation name Description
+25,000 access to site analytics  Access to internal and Google site analytics
+20,000 trusted user  Expanded editing, deletion and undeletion privileges
+15,000 protect questions  Mark questions as protected
+10,000 access to moderator tools  Access reports, delete questions, review reviews
+5,000 approve tag wiki edits  Approve edits to tag wikis made by regular users
+3,000 cast close and reopen votes  Help decide whether posts are off-topic or duplicates
+2,500 create tag synonyms  Decide which tags have the same meaning as others
+2,000 edit questions and answers  Edits to any question or answer are applied immediately
+1,500 create tags  Add new tags to the site
+1,000 established user  You've been around for a while; see vote counts
+1,000 create gallery chat rooms  Create chat rooms where only specific users may talk
+500 access review queues  Access first posts and late answers review queues
+250 view close votes  View and cast close/reopen votes on your own questions
+200 reduce ads  Some ads are now automatically disabled
+125 vote down  Indicate when questions and answers are not useful
+100 edit community wiki  Collaborate on the editing and improvement of wiki posts
+100 create chat rooms  Create new chat rooms
+75 set bounties  Offer some of your reputation as bounty on a question
+50 comment everywhere  Leave comments on other people's posts
+20 talk in chat  Participate in this site's chat rooms
+15 flag posts  Bring content to the attention of the community via flags
+15 vote up  Indicate when questions and answers are useful
+10 remove new user restrictions  Post more links, answer protected questions
+10 create wiki posts  Create answers that can be easily edited by most users
+5 participate in meta  Discuss the site itself: bugs, feedback, and governance
+1 create posts  Ask a question or contribute an answer
diff --git a/telco-data/security-roadmap-taxonomy.md b/telco-data/security-roadmap-taxonomy.md
@@ -0,0 +1,76 @@
+General ICT security guidance documents
+Security Architectures, Models and Frameworks
+Security management standards and guidance documents
+Security policy and policy mechanisms
+Security assessment and evaluation criteria
+Security Assurance
+Baseline security requirements
+Intrusion Detection
+Security services
+Generic Security Services
+Access Control services
+Authentication Services
+Trusted Third Party services
+Audit and Alarms services
+Authorization
+Security mechanisms
+Access Control mechanisms
+Authentication mechanisms
+Confidentiality mechanisms
+Integrity mechanisms
+Non-repudiation mechanisms
+Generic security mechanisms
+Biometrics
+Check systems
+Crypto utilities
+Digital Signature mechanisms
+Electronic signatures
+Encryption Algorithms & techniques
+Hash Functions
+Miscellaneous cryptographic mechanisms
+Smart cards
+Trusted Third party mechanisms
+Time Stamping
+Application layer security
+Business continuity
+Content protection
+Critical Infrastructure Protection
+Cybersecurity
+Digital identity
+Directories
+Disaster Recovery
+Emergency Services
+Identity management
+Incident management
+IPTV security
+Key management
+Lawful interception
+Malicious Code
+Mobile security
+Network Management
+Network security
+Network Layer security
+Next Generation Networks
+Patch Management
+PKI
+Privacy
+Risk assessment
+Security audit
+Security certificates
+Secure messaging
+Security terminology and glossaries
+Security protocol standards
+Spam and Spyware
+Transport Layer security
+Threats and threat assessment
+Trust
+Vulnerabilities and security analysis
+Web services
+Wireless
+Sector-specific security standards
+Facsimile
+Mobile
+Miscellaneous
+Multimedia
+Security of television signals and services
+Satellite
diff --git a/top-secret/README.md b/top-secret/README.md
@@ -1,2 +1,3 @@
+fbi-cyber-backgrounds: FBI Cyber Backgrounds Chart, Preferred Degrees & Work Experience Extended Certificates <https://cdn-igoqhotnhi6o.netdna-ssl.com/FBI_CyberPage_AdditionalCertificates.pdf>  
 secure-drop-list: list of web locations to leak documents to journalists  
 security-class-levels: names of clearance levels required by the U.S. military  
diff --git a/top-secret/fbi-cyber-backgrounds.md b/top-secret/fbi-cyber-backgrounds.md
@@ -0,0 +1,97 @@
+
+* * *
+
+# TIER 1 CERTIFICATIONS
+
+C)IHE  Mile 2 Certified Incident Handling Engineer
+C)NFE  Mile 2 Certified Network Forensics Examiner
+C)NPTE  Mile2 Certified Penetration Testing Engineer
+C)PTC  Mile2 Certified Penetration Testing Consultant
+C)SWAE  Mile2 Certified Secure Web Applications Engineer
+C)VA  Mile2 Certified Vulnerability Assessor
+C)WSE  Mile2 Certified Wireless Security Engineer
+CCDE  Cisco Certified Design Expert
+CCE  ISFCE Certified Computer Examiner
+CEH  ECCouncil Certified Ethical Hacker
+CEPT  Certified Expert Penetration Tester
+CFCE  IACIS Certified Forensic Computer Examiner
+CHFI  EC Council Computer Hacking Forensic Investigator
+CISSP  (ISC)2 Certified Information Systems Security Professional
+CNDA  EC Council Certified network Defense Architect
+CPT  IACRB Certified Penetration Tester
+CREA  IACRB Certified Reverse Engineering Analyst
+CSSA  IACRB Certified SCADA Security Architect
+CWAPT  IACRB Certified Web Application Penetration Tester
+GAWN  GIAC Assessing and Auditing Wireless Networks
+GCFA  GIAC Certified Forensic Analyst
+GCFE  GIAC Certified Forensic Examiner
+GCIA  GIAC Certified Intrusion Analyst
+GCIH  GIAC Certified Incident Handler
+GCUX  GIAC Certified UNIX Security Administrator
+GICSP  GIAC Global Industrial Cyber Security Professional
+GMOB  GIAC Mobile Device Security Analyst
+GPEN  GIAC Certified Penetration Tester
+GPPA  GIAC Certified Perimeter Protection Analyst
+GREM  GIAC Reverse Engineering Malware
+GSE  GIAC Security Engineer
+GWAPT  GIAC Web Application Penetration Tester
+GXPN  GIAC Exploit Research and Advanced
+Penetration Tester
+MCSD  Microsoft Certified Solutions Developer
+MCSE  Microsoft Certified Solutions Expert
+SNFA  GIAC Network Forensic Analyst
+SSCP  (ISC)2 Systems Security Certified Practitioner
+
+
+* * *
+
+# TIER 2 CERTIFICATIONS
+
+ACE  AccessData Certified Examiner
+C)DFE  Mile2 Certified Digital Forensics Examiner
+CASS  Certified Application Security Specialist
+CCCI  HTCN Certified Computer Crime Investigator
+CCDA  CISCO Certified Design Associate
+CCDP  Cisco Certified Design Professional
+CCFE  IACRB Certified Computer Forensics Examiner
+CCFP  (ISC)2 Certified Cyber Forensics Professional
+CCIE  Cisco Certified Internetwork Expert
+CCNA  Cisco Certified Network Associate
+CCNP  Cisco Certified Network Professional
+CCWS  IACRB Certified Windows Security Specialist
+CISA  ISACA Certified Information Systems Auditor
+CWNE  Certified Wireless Network Engineer
+CWNP  Certified Wireless Network Professional
+EnCE  Encase Certified Examiner
+GCED  GIAC Certified Enterprise Defender
+GCWN  GIAC Certified Windows Security Administrator
+GSEC  GIAC Security Essentials
+LPIC  2  Linux Professional Institute Advanced Level
+LPT  EC Council Licensed Penetration Tester
+MCSA  Microsoft Certified Solutions Associate
+Net+  CompTIA Network+
+Sec+ = CompTIA Security+
+Server+  CompTIA Server+
+SSCP  (ISC)2 Systems Security Certified Professional
+
+
+* * *
+
+# TIER 3 CERTIFICATIONS
+
+A+  CompTIA A+
+ACSP  Apple Certified Support Professional
+ACTC  Apple Certified Technical Coordinator
+C)ISSO  Mile2 Certified Information Systems Security Officer
+C)SLE  Mile2 Certified Secure Linux Engineer
+C)SS  Mile2 Certified Security Sentinel
+CCENT  Cisco Certified Entry Networking Technician
+CCT  Cisco Certified Technician
+GISF  GIAC Information Security Fundamentals
+IAM  INFOSEC Assessment Methodology
+IEM  INFOSEC Evaluation Methodology
+Linux+  CompTIA Linux+
+LPIC1  Linux Professional Institute Certification Junior Level
+TICSA  TrueSecure ICAS Certified Security
+VMware  Vmware Certified Professional (vSphere)
+
diff --git a/webapp-attacks/README.md b/webapp-attacks/README.md
@@ -5,10 +5,11 @@ joomla-components-targeted: list of [Joomla](https://www.joomla.com) components
 mongodb-nosql-injection: [nosqlinjection_wordlists](https://github.com/cr0hn/nosqlinjection_wordlists)  
 png-html-polyglot: a PNG image file also containing HTML, CSS and JavaScript  
 sql-errors-data: typical error messages returned by various types of [RDBMS](https://en.wikipedia.org/wiki/Relational_database_management_system "Relational database management system")  
-wapples-vseries-rules: WAPPLES V-Series virtual WAF rules <https://www.pentasecurity.co.kr/wp-content/uploads/2018/01/WAPPLES-V-Series-whitepaper.pdf.pdf>  
+wapples-vseries-rules: WAPPLES V-Series virtual WAF rules <https://www.pentasecurity.co.kr/wp-content/uploads/2018/01/WAPPLES-V-Series-whitepaper.pdf>  
 webapp-attack-strings: Various HTTP GET query strings that represent attacks  
 webapp-charset-attacks: Character set strings to test a web server's [content negotiation](https://developer.mozilla.org/en-US/docs/Web/HTTP/Content_negotiation) behavior..  
 webapp-code-execution: HTTP GET queries that may result in remote code execution  
+webapp-pentest-checklist: Checklist for Web Application Penetration Testing <https://hackercombat.com/web-application-penetration-testing-checklist>  
 webapp-sql-injection: [RDBMS](https://wikipedia.org/wiki/Relational_database_management_system) query fragments for [SQL injection](https://www.owasp.org/index.php/SQL_Injection) testing  
 webapp-xss-scripts: [JavaScript](https://wikipedia.org/wiki/JavaScript) code fragments for testing [Cross-Site Scripting](https://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29)  
 wordpress-plugin-vulns: list of [WordPress](https://www.wordpress.com) plugins with versions that have publicly known vulnerabilities  

diff --git a/webapp-paths/README.md b/webapp-paths/README.md
@@ -16,6 +16,7 @@ falcon-path-scan: The `paths.txt` file distributed with the _FalconPathScan_
 font-file-names: List of names for various OpenType and TrueType font files  
 forcepoint-ink-files: file names for scanning custom extensions  
 generic-path-names: general path names that could be used on any web server  
+github-gitignore-paths: path names parsed from `.gitignore` files in various GitHub repositories via `scripts/make-gitignore-paths`
 httpoxyscan-cgilist-paths: [cgi_list.txt](https://github.com/1N3/HTTPoxyScan "HTTPoxyScan")  
 ibm-bea-paths: paths for both J2EE app servers IBM WebSphere and Oracle WebLogic  
 iis-path-names: path names commonly found under the web root of an _IIS_ install