Cybersecurity Essentials

#######################################################################################


	..::Harden your OS::..
https://wiki.archlinux.org/index.php/Security
https://wiki.centos.org/HowTos/OS_Protection
https://wiki.debian.org/Hardening
https://wiki.gentoo.org/wiki/Hardened_Gentoo
https://docs.fedoraproject.org/en-US/Fedora/17/html/Security_Guide/chap-Security_Guide-Basic_Hardening.html
https://help.ubuntu.com/community/Security

	..::Encryption::..
Use audited cryptography. do not roll your own. do not trust others that do (e.g., telegram).
Encrypt your hard drive (full disk encryption, or FDE for short).
Standard LVM encryption is the best option and should be available when installing your linux distro.
For a disk that is not part of your operating system, a portable drive for example, dmcrypt/LUKS is the best 
option but veracrypt is available on all platforms. keep in mind your installer may or may not encrypt your GRUB 
and there are several ways of dealing with that issue which are discussed in the Paranoid #! security guide linked 
in the introductory resources below. keep in mind disk encryption means nothing to an experienced attacker with 
physical access if you have not completely shut down your computer and wiped the RAM.

	..::Email::..
Encrypt your emails.
PGP is pretty much all we have, but it is all we need.
https://www.enigmail.net/
Your metadata may still be collected. if you care about metadata, use a disposable email account or a trusted 
provider. suggestions include protonmail or cock.li.

	..::Messaging::..
Encrypt your instant messages.
For better or worse XMPP+OTR is still our best bet.
https://otr.cypherpunks.ca/
I would not depend on anything else. even if the crypto in other apps is theoretically sound, the implementation 
fails or the distribution method is inherently flawed. cryptocat is an unpopular, but good option. telegram, tox, 
and wickr are fucked. do not even bother. you might as well use skype.

	..::Passwords::..
Use a local password manager (no cloud bullshit).
Any. it is better than what you are doing now.
Use strong passwords. make sure they are long and unique.
https://www.xkcd.com/936/
Do not reuse passwords. seriously.
If you do, consider your password public knowledge.
Bypassing a login wall? sure. fuck it. who cares if someone else uses it.
Anything you care about? no. absolutely not.
Better yet, use randomly generated passwords. the best password is one you cannot remember.
https://www.grc.com/passwords.htm

	..::Web Browsing::..
Your new search engine is duckduckgo or searx.
https://duckduckgo.com/
https://searx.me/
Your new browser is firefox.
https://www.mozilla.org/en-US/firefox/new/
Modify some settings
Enter about:config into your url bar and apply the following modifications. do not bitch about there being too 
many options. that is the fucking point. you cannot even configure many of these settings in other browsers without 
modifying its source or building addons.
https://pastebin.com/raw/T8TeepZP the changes listed above are unambiguous and unopinionated. you can go a much 
further than this at the expense of comfort and convenience. consider modifying some of the settings listed on https://github.com/pyllyukko/user.js/blob/master/user.js depending on the sacrifices you are willing to make for 
privacy and security.
Now install your addons.
required: ublock origin, https everywhere, noscript, blender.
https://addons.mozilla.org/en-US/firefox/
Apply your filters.
required: easylist, easyprivacy.
https://easylist.to/
and test your results.
https://panopticlick.eff.org/

	..::Browsers Continued::..
Do not use chrome. chrome is a closed source browser by a for profit corporation. firefox is an open source 
browser by a non-profit organization. use your head.
Do not use chromium either. it may be open source, but it still phones home.
Block malicious sites in your hosts file.
https://github.com/StevenBlack/hosts

	..::TOR and VPN::..
Use an anonymous VPN. a paid one. without traffic logs.
Do torrent over VPN.
Use TOR.
Do not torrent over TOR.
https://www.torproject.org/
Understand the difference between anonymity, privacy, and security.
Read the resources below to get started.


#######################################################################################

Cybersecurity News

    https://www.schneier.com/
    https://grsecurity.net/blog.php
    https://isc.sans.edu/
    https://blog.torproject.org/category/tags/security-fixes
    http://resources.infosecinstitute.com/
    http://www.windowsecurity.com/articles-tutorials/
    https://www.sans.org/reading-room/
    https://threatpost.com/
    https://packetstormsecurity.com/

Introduction to Cybersecurity

    https://ssd.eff.org/
    your first steps.
    https://trailofbits.github.io/ctf/index.html
    introduction to CTFs. even if you never do one, this is a good read.
    https://wiki.installgentoo.com/index.php/Anonymizing_yourself
    quick and dirty guide to anonymizing yourself.
    https://pastebin.com/aPr5R1pj
    this is the old, fabled, Paranoid #! security guide. not all of it is up to date, but it is very thorough.
    https://samsymons.com/blog/reverse-engineering-with-radare2-part-1/

Learning Resources

    https://www.offensive-security.com/metasploit-unleashed/
    http://www.allitebooks.com/
    https://github.com/vhf/free-programming-books/blob/master/free-programming-books.md
    http://opensecuritytraining.info/Training.html
    http://www.und.edu/org/crypto/crypto/lanaki.crypt.class/

ctf/wargames

    https://www.hackthebox.eu/
    https://www.pentesterlab.com/
    https://www.mavensecurity.com/resources/web-security-dojo/
    https://exploit-exercises.com/
    http://www.itsecgames.com/
    http://forensicscontest.com/puzzles
    https://pwnable.tw/
    https://io.netgarage.org/
    https://ctftime.org/
    https://www.vulnhub.com/
    https://w3challs.com/challenges/hacking
    https://xss-game.appspot.com/
    http://smashthestack.org/
    http://www.hackertest.net/
    https://www.hackthissite.org/
    https://overthewire.org/wargames/
    https://0x0539.net/
    http://3564020356.org/
    http://pwnable.kr/

Vulnerability Management

    https://www.cvedetails.com/
    https://www.exploit-db.com/
    https://www.rapid7.com/db/
    http://mvfjfugdwgc5uwho.onion/
    https://cve.mitre.org/cve/cve.html
    this site lets you download their CVE list in formats easier to work with.

Cryptography

    https://pqcrypto.org/
    http://www.tandfonline.com/toc/ucry20/current

Penetration Testing

    http://ytxmrc3pcbv5464e.onion/files/
    collection of various ebooks mostly focused on pentesting.

Reverse Engineering

    https://beginners.re/
    https://github.com/rpisec/mbe
    http://blog.ijun.org/2009/12/understanding-elf-using-readelf-and.html
    http://ref.x86asm.net/index.html
    easily-searchable opcode and instruction reference.

___________________________________________________________________________
***************************************************************************


###############################################
END END END END END END END END END END END END 
###############################################
