C
yber Hygiene! Below are some steps to safegard your digital footprint.
Basic Safety Precautions
- MFA on all accounts most importantly email and bank accounts. The most secure option is yubikey or titan key. The next best option is authentication app like Authy (e.g. allows to use on multiple devices including web browser), Google authenticator, or Microsoft authenticator.
- Passwords: Use a password keeper and randomize all passwords with special characters to max limits (e.g. lastpass or 1password)
- Encrypt Devices and password protect
- Browse web securely using DuckDuckgo browser, brave,or TOR browser.
- VPN (e.g. Proton VPN, wireguard , Zero Tier, or NordVPN) when connecting to public wifi
- Use Signal for private messaging. Signal is a popular messaging service that got a perfect score from the Electronic Frontier Foundation. You can do all the things you would normally do through text messages, like have group messages and send photos and videos. Except that everything’s encrypted
- Disable SSID broadcasting so your wifi is not viewable
- Subscribe to Hacknotice and Ihavebeenpwned.com and change password when your accounts are breached.
More Safety Precautions
- Camera blocker (i.e. covers up your camera when not in use)
- Go into locations services for each app. Turn off or select "only while in use"
- Use Firefox ESR web browser (i.e. formally was Pure Browser)
- DuckDuckgo for search engine (i.e. no trackers)
- HttpsEveryWhere extension
- Privacy Badger Extension
- Screen privacy protector for your phone
- Keep Wifi, NFC, and bluetooth off when not in use
- Uninstall Facebook app and just use web browser
- Disable Google Web Activity
- Bitdefender to scan devices and use built in app lock on sensitive apps
- Netguard app allows blocking single services (e.g. when Facebook is built in to phones like samsung)
- Update your apps routinely so security patches can take affect
- Install pi-hole on network to block for ads and malicious actors. One of many blocklists (Covid19 CTI league).
- Unplug router when not at home
- Put on Airplane mode when not in use or turn devices off
- Set up shodan monitor on public ips
- Install Sweet security on your network
- Screen privacy protector for your phone
- Don't Use TikTok
- Master list of all ways to secure yourself/companies threat surface | veeral-patel/how-to-secure-anything
- Turn off all social media notifications (i.e. great documentary 'Social Dilemma' and organization 'Center for Humane Tech' for more info).
Other Resources
- Top CVEs and how mitigate in 2021 by CISA
- OSCE Complete Guide
- OWASP Cheat Sheets
- HacktheBox: Cool guides in how to hack
- Basic to hacking overthewire| Bandit
- Basic Capture the flag PICO
- Windows Exploits for Ethical hacking
- Free Ransomeware Decryption service/tools
- Resources for Beginner Bug Bounty
- Art of the Cyber Attack
- The mist security coding github
- Nine CyberAttacks
- Where Am I wifi locator
- MITRE D3FEND Matrix
- MS Defender Priv Escalation
- Traitor repo on linux rootsheel priv escalation
- XS-Leaks Wiki
- Google Hacking DB
- Fully Undetectable Ransomware
- Ransomware Guide by CISA
- How Make MS Teams not use that much CPU?
- Sensity AI : Deepfake detector
- Universal Radio hacker
- Cyber Battle Sim by Microsoft
- AWS Pentesting Nebula
- Cyber Exectuve Order 2021 breakdown
- Android Pentesting labs
- Pi to mine Chia coin
- App Sec Knoweldgebase
- Security Mentorship group
- Keybase (great cli to manage keys)
- Sadd.io | Anonymous disposable remote desktops
- MS 365 CISA Tool for Malicous Behavior Detection
- Privacy Apps by Pur.ism called Librem1
- Using encrypted open source Google alternative --CryptPad
- Stay Safe Online > National Cyber Security Alliance
- InfraGuard | FBI and Civilian partnership
- GHunt Repo | GHunt is an OSINT tool to extract information from any Google Account using an email.
- Whatsapp Phone Verify
- Army OSINT
- Future of Crimes Marc Goodman Tips
- Determine if you Linux machine was hacked
- How to encrypt your entire life in less than an hour
- Not Using a VPN
- Ciphey | Automatically decrypt encryptions without knowing the key or cipher, decode encodings, and crack hashes
- Lockphish | Phishing
- Botrnot | is this twitter bot
- Twitter Intelligence
- Botometer | detect bots
- Linkedin Scraper
- Ethical resources
- Article: We hacked Apple for 3 months
- Solarwind Hack Timeline
- Covid Misinformation Squashed
- Center for Humane Technology
- Web hacker Tools
- Cyber risks Article
- MarcGoodman Cyber Tips
- Future of crime | Marc Goodman
- GitHub Launches Code Scanner for Security
- Knowledge project #93 Matt Holland Zero day
- Matt Holland Company, Field effect, and wide variety of mid size company tools
- Cyber Talks
- NSA press releases
- Hack Android Device
- Hacking AWS Fine Grain IAM roles
- AWS IAM roles for Red and blue teams
- Careful What you OSINT with ...Lamprye
- Common uses of ports
- Twitter Hack 2020 | At bottom is testimony from IRS crime investigator
- Twitter Scraper
- App locker Bypass
- Art of Cyber Attack
- OWASP Timegap theory playbook
- Encrypted Web Chat Service (Dark Wire)
- How the hacker saved the internet by Wire
- OSINT Methods/Tools
- ThreaAgile Monitoring for Kali
- Skylark | Tool show azure and aws shadow admin accounts
- Some ethical hacking tools: gobuster, sqlmap, unpacket, and juicy potato, mimikatz
- Digital Attack Map
- Tsuanami Security scanner
- Axonius | Aggregator for all adapters
- Dark Web Price Indiex 2020
- Pentesting Tools Github Repo
- WiFI Pineapple for Rogue Access Points
- Packet Squirrel Payload
- Shark Jack Payload
- Hak5 USB rubberducky
- Reverse Shell on rubberducky in 3sec
- Hershell - simple tcp reverse shell written in GO
- Nishang-powershell scrips and payloads
- 13 physical pentration testing methods
- MFOC card Cloner
- Cloning Mifare Classic 1k with Promex
- Cloning nfc with ACR122u NFC programmer
- Youtube ACR122U and quick bash script for Mifare cloning
- Blackhat guide for hacking mifare classic cards
- IoT Security Tools Github: Amazing resource for everything pentesting
- DNS performance website (i.e. hint cloudflare best speeds)
- Intel Techniques Resources
- Using TOR and Pi-hole
- Kids safety Github Repo
- https://shop.hak5.org/
- https://cidr.xyz/
- System76 or purism laptop librem15
- https://kalilinuxtutorials-com.cdn.ampproject.org/c/s/kalilinuxtutorials.com/manati-intuitive-threat-analysts/amp/
- 🔦🔦🔦.ws (James search engine)
- https://www.wireguard.com/
- Clusterfuzz for apps: https://github.com/google/clusterfuzz
- Easter eggs: https://www.pocket-lint.com/apps/news/137124-best-tech-easter-eggs-hidden-features
- Google 2018 AI advances: https://ai.googleblog.com/2019/01/looking-back-at-googles-research.html?m=1
- https://www.forbes.com/sites/janakirammsv/2019/01/01/an-executives-guide-to-understanding-cloud-based-machine-learning-services/
- https://guides.codepath.com/websecurity
- AWS Latency https://datapath.io/resources/blog/aws-network-latency-map/
- Webgoat on GitHub for intro to hack and see bugcrowd..
- Android for hackers: https://null-byte.wonderhowto.com/how-to/android-for-hackers-turn-android-phone-into-hacking-device-without-root-0189649/
- Reset Google advertising I'd in Google>ad
- https://www.defcon.org/images/defcon-18/dc-18-presentations/Schearer/DEFCON-18-Schearer-SHODAN.pdf
- https://www.shodan.io
- https://danielmiessler.com/study/shodan/
- shodan plug in for chrome
- https://gbhackers.com/penetration-testing-wordpress-website/
- https://www.virustotal.com/#/home/search
- malwarebytes chrme extension
-
- hacknotice
- Intro to network fuzzing: https://blog.own.sh/introduction-to-network-protocol-fuzzing-buffer-overflow-exploitation/
- mcafee web advisor
- https://inteltechniques.com/menu.html
- AWS educate: https://aws.amazon.com/training/learning-paths/machine-learning/
Tensorflow - https://haveibeenpwned.com
- https://hackaday.io/
- https://www.csoonline.com/article/2457873/data-protection/signs-youve-been-hacked-and-how-to-fight-back.html
- Bitlocker AV for mobile
- Darkreading
- Nextgov
- Hackernews
- Twitter: AI, Hackernews,infosec,sirajraval, cyberscoop, trustedsec, aws, fireeye, hackster.io, eff, w3c, webfoundiation, controlrisks,siemens,tensorflow, cheddar, techcruch,dragos, openai , rampanttech
- Dice.com
- https://www.forbes.com/sites/bernardmarr/2018/12/31/the-most-amazing-artificial-intelligence-milestones-so-far/
- Cylance (AV)
- Splunk4vets
- Udemy ethical hacker course and machine learning
- Hacker playbook
- Risky business podcast
- Sign up for daily coding problems
https://checkforcloudflare.selesti.com/?q=https://cityxguide.com - Security Guide: https://drive.google.com/file/d/18Y9uVNPcAtGlZgMVuVkgTAUwqJ3t5MAj/view?usp=drivesdk
- Absolutely great article about Google, Google AI, and the crawler https://www.newyorker.com/magazine/2018/12/10/the-friendship-that-made-google-huge/amp
- tips for in home assistance security: https://www.darkreading.com/vulnerabilities---threats/6-security-tips-before-you-put-a-digital-assistant-to-work/d/d-id/1333783?image_number=4
- Vpn hub
- Ghidra: reverse malware engineering from NSA free. Ghidra
- Chronicle google cyber startup: https://www.marketwatch.com/story/alphabet-aims-for-splunk-in-security-startups-coming-out-party-2019-03-04
- Best apps 2018: https://www.androidpolice.com/2019/01/01/best-android-apps-of-2018-for-your-new-phone-tablet-or-chromebook/
- Google Podcast: risky business, tim ferris show
- Hack Android phone: https://www.opentechinfo.com/hack-android/
- History WiFi : https://arstechnica.com/gadgets/2019/03/802-eleventy-who-goes-there-wpa3-wi-fi-security-and-what-came-before-it/
- Antihacking tools: https://www.techworm.net/2016/08/10-best-anti-hacking-software-protect-windows-10-run-pc-hackerss.html/amp
- www.exploit-db.com
- Kali tools: setoolkit, wireshark, zap, dnschef, reaver, crunch, air-crack, medusa, sslstrip, webgoat, squid , openstego, metasploit, dnsspoof, gihrda,
Shodan monitor
-
- https://www.internetsociety.org/internet/#facts
- https://www.darkreading.com/vulnerabilities---threats/fireeye-creates-free-attack-toolset-for-windows-/d/d-id/1334318?_mc=NL_DR_EDT_DR_daily_20190403&cid=NL_DR_EDT_DR_daily_20190403&elq_mid=90306&elq_cid=27999970
- Knobattack.com (Bluetooth hack)
- https://ethical.net/resources/
- https://www.balena.io/etcher/
- https://1password.com/sign-up/
- Netguard
- https://firebog.net/
- Fast.ai
- https://medium.com/free-code-camp/the-cia-just-lost-control-of-its-hacking-arsenal-heres-what-you-need-to-know-ea69fc1ce38c
- https://www.lifehack.org/articles/lifestyle/100-life-hacks-that-make-life-easier.html
- https://www.boredpanda.com/life-hacks/?utm_source=google&utm_medium=organic&utm_campaign=organic
- Incident Response Playbooks
- https://www.hackthebox.eu
- STIG Cyber Tracking and SCAP Site
- Shhgit open source secrets management
- Gitwildhunt find secrets
- SDR shark RF hacking
- CFT times all the CFT upcoming