Foundation

Section 2: Know Yourself - The Threat & Vulnerability Landscape

• The Cyber Security Landscape Diagram.jpg

Section 3: Know Your Enemy - The Current Threat & Vulnerability Landscape

• Why You Need Security - The Value of a Hack
• Norse Attack Map
• The Scrap Value of a Hacked PC, Revisited
• The Value of a Hacked Email Account
• Security Bugs & Vulnerabilities - The Vulnerability Landscape
• CVE Details
• Malware, viruses, rootkits and RATs
• Malware Statistics
• 7 Most Common RATs
• Report - Spotlight perils of malvertisements (pdf)
• Spyware, Adware, Scareware, PUPs & Browser hijacking
• Lenovo Superfish scandal: Why it's one of the worst consumer computing screw-ups ever
• What is Phishing, Vishing & SMShing
• Live Phishing Links
• Homograph attack using internationalized domain name
• Spamming & Doxing
• Spam Statistics
• Social engineering - Scams, cons, tricks and fraud
• Top 10 Scams & fraud
• Governments, spies and secret stuff
• NSA Ant Product Catalog
• YouTube - Everything We Know About NSA Spying: "Through a PRISM, Darkly" - Kurt Opsahl at CCC
• Regulating encryption, mandating insecurity & legalizing spying
• NSA Admits It Collects Too MUCH Info to Stop Terror Attacks
• Worldwide Survey of Encryption Products (pdf)
• Worldwide Survey of Encryption Products (xls)
• Trust & Backdoors
• Wiki - Formal methods
• Examples of Backdoors
• Apple backdoor order
• How to build your software reproducibly (video)
• Censorship
• Google Censorship Ruling in Canada Has Worldwide Implications
• Search removals under European privacy law
• Government requests to remove content
• Security News and Alert - Stayed Informed
• StationX.net

Section 4: Encryption Crash Course

• Hash Functions
• Example Hashes
• Digital Signatures
• Symantec Code Signing Certificate
• Windows 10 Device Guard using Digital Signatures
• Secure Sockets Layer (SSL) & Transport Layer Security (TLS)
• Wiki - Transport Layer Security (TLS)
• Mozilla Cipher Suite Recommendations
• Weakdh Cipher Suite Recommendations
• Steve Gibson's Cipher Suite Recommendations
• SSL Stripping
• SSL Strip tool by Moxie Marlinspike
• Intro to Sniffers
• Cain & Abel (for Windows)
• Wifi Pineapple
• Arpwatch Tool to Monitor Ethernet Activity in Linux
• sniffnet - Remote Sniffer Detection Tool/Library
• HPPTS (HTTP Secure)
• Wiki - Server Name Indication (SNI)
• Certificate Authorities & HTTPS
• CA Ecosystem
• CA example mistake
• SSL Sniff
• Certificate Fingerprints
• Steganography
• OpenPuff
• OpenPuff Manual
• List of Steganography Tools
• How Security & Encryption is Really Attacked
• Security Pitfalls

Section 5: Setting up a Testing Environment Using Virtual Machines

• Introduction to Setting up a Testing Environment using Virtual Machines
• Wiki - Comparison of platform virtualization software
• Wiki - Hypervisor
• osboxes.org - VMware Images
• osboxes.org - VirtualBox Images
• marketplace.vmware.com/vsx/
• osboxes.org/guide/
• virtual-machine.org/download-list
• virtualboxes.org/images/
• VMware Network Adaptor Settings
• Virtualbox Network Adaptor Settings
• Windows VM here
• Vmware
• vmware.com/products/player/faqs.html#products
• vmware.com/products/workstation-pro.html#compare
• Virtual box
• virtualbox.org/
• Kali Linux 2016
• osboxes.org/kali-linux/
• VMware & Virtualbox Kali official images (Use as preference)
• Kali official ISO images

Section 6: Operating System Security & Privacy (Windows vs Mac OS X vs Linux

• Security Bugs & Vulnerabilities
• Top 50 products vs security bugs
• Report - Buying into the Bias: Why Vulnerability Statistics Suck
• Usage Share
• Wiki - Usage share of operating systems
• Windows 10
• Privacy & Tracking
• Cortana privacy faq
• Microsoft Privacy Statement
• Microsoft Service Agreement
• With Windows 10, Microsoft Blatantly Disregards User Choice and Privacy: A Deep Dive
• Disable tracking automatically
• github.com/10se1ucgo/DisableWinTracking/releases#
• Tool: Disable Windows 10 Tracking
• github.com/10se1ucgo/DisableWinTracking/releases
• Cortana
• Cortana privacy faq
• How to Disable Cortana in Windows 10’s Anniversary Update
• Privacy Settings
• SmartScreen Filter: FAQ
• Windows 7, 8 and 8.1 - Privacy & Tracking
• How to manage Windows 10 notification and upgrade options
• How to block Windows 10 upgrades on your business network (and at home, too)
• GWX Control Panel
• Never 10 by Steve Gibson (Use this!)
• Linux and Unix "like" Operating Systems
• distrowatch.com/
• Linux
• Debian
• debian.org/
• Debian VMware & Vituralbox images download
• Debian Live CD
• Debian ISO downloads
• Debian 8 Jessie - Virtual box guest additions issue
• Debian Live CD/DVD
• Free Debian Books & Guides
• OpenBSD & Archlinux
• openbsd.org/
• archlinux.org/
• Ubuntu
• fixubuntu.com/
• ubuntu.com/

Section 7: Security Bugs and Vulnerabilities

• Windows - Criticality & Patch Tuesday
• Common Vulnerabilities & Exposures (CVE)
• National vulnerability database
• Microsoft Security Bulletins
• Windows 10 Ditches Patch Tuesday for Security's Sake
• Patch Tuesday may be dead, but Microsoft's not confessing to the crime
• Windows 7, 8, 8.1 & 10 - Automate the pain away from patching
• LinkName
• Flexera Personal Software Inspector - Previously Secunia PSI
• Linux - Debian - Patching
• Software distributions based on Debian
• Debian Security Page
• Automatic Security Updates

Section 9: Social Engineering & Social Media Offense and Defense

• Information Disclosure & Identity Strategies for Social Media
• Facebook terms and conditions: why you don't own your online life
• Terms of Services;Didn't Read (with browser add-on)
• Who Has Your Back? Government Data Requests 2015
• The Complete Guide to Facebook Privacy Settings
• Twitter Privacy Settings
• diasporafoundation.org/
• friendi.ca/
• gnu.io/social/try/
• List of Personally Identifiable Information (PII)
• Identify Verification & Registration
• BugMeNot: share logins
• Mailinator
• Guerrilla Mail
• mytrashmail.com/
• tempinbox.com/
• trash-mail.com/
• Dispostable
• anonbox.net/
• 10MinuteMail
• en.getairmail.com/
• Example SMS receive online site
• Top 10 Sites to Receive SMS Online without a Phone
• Behavioural Security Controls Against Social Threats ( Phishing, Spam)
• google.com.stationx.net/
• urlvoid.com - Website Reputation Checker Tool (recommended)
• ParseMail.org (recommended)
• whois.domaintools.com/
• How to send files via email to VirusTotal
• How to Get Email Headers
• Technical Security Controls Against Social Threats (Phishing, Spam, Scams & Cons)
• Types of fraud
• scambusters.org/

Section 11: Security through Isolation & Compartmentalization

• Physial & Hardware Isolation
• How to change the Mac Address
• Diagram of Mac
• Windows - Tmac
• Linux - How to use macchanger
• Hardware Serials
• Windows - CPU Z
• Linux - i-nex
• Windows - dmidecode
• Linux & Mac OS X - demidecode
• NitroKey
• YubiKey
• Virtual Isolation
• Portable Apps
• Pen Drive Apps
• Aegis Secure Key - USB Flash Drive
• Authentic8 Silo
• Maxthon
• Spikes
• Browser Sandbox
• Dual Boot
• Dual Booting Explained
• Sandboxes & Application Isolation
• Built-in
• Chromium sandbox design
• Mozilla sandbox design
• Windows
• BUFFERZONE
• Shadow Defender
• Deep Freeze Standard
• Deep Freeze Cloud Browser & Desktop
• Comodo
• f-Sandbox by Avast
• Sandboxie
• Sandboxie - How It Works
• An Introduction and a Quick Guide to Sandboxie
• Sandboxie Guide
• Sandboxie Forum
• Linux
• Apparmor
• Script Sandfox
• Linux Sandbox
• Firejail
• Trusted BSD
• Virtual Machines
• Wiki - Hypervisor
• Wiki - Kernel-based Virtual Machine (KVM)
• virt-manager
• OpenVZ
• Turnkey Linux - OpenVPN
• Wiki - Comparison of platform virtualization software
• Virtual Machines Weaknesses
• VENOM Vulnerability
• Example: VMware Security Bug
• A Look at Malware with VM Detection
• Wiki - Covert & Timing channel
• Report - Cross-VM Side Channels and their Use to Extract Private Keys
• Wiki - x86 virtualization
• Exploiting dram rowhammer (Could be used on VMs in the future)
• Virtual Machines Hardening
• Convert VM to ISO
• Whonix OS - Anonymous Operating System
• Whonix
• WHonix & VirtualBox
• Whonix Check
• Stream Isolation (Whonix)
• How to Implement physical isolation; Whonix as a Gateway (virtual or physical) for any OS - Best option
• Whonix Features
• Whonix VM Snapshots
• MUST read if setting up your own workstation
• Whonix OS - Weaknesses
• Whonix Warning
• Whonix - lack of Amnestic feature
• Qubes OS
• Qubes OS - Download
• Disposable VMs (DispVMs)
• Qubes Documentation
• Debian Template
• Windows AppVms
• Whonix Template
• Split GPG
• Hardware Compatibility List (HCL)
• Librem 13 Laptop
• Video Tours of Qubes OS
• Security Domains, Isolation & Compartmentalization
• Partitioning my digital life into security domains