Network Security

• The Home Router
• Common Default Router IP Addresses - TechSpot
• Wiki - Well-Known TCP Ports
• Database of default router passwords
• whatismyipaddress.com
• OSI-Model-and-TCP-Model.gif
• External Vulnerability Scanning - Shodan, Qualys & Nmap
• www.shodan.io
• Putty - SSH for Windows
• https://www.grc.com/shieldsup
• https://mxtoolbox.com/PortScan.aspx
• TCP Port Scan with Nmap
• Hacked Router Check
• Qualys FreeScan - Online vulnerability scanner
• Internal Vulnerability Scanning - MBSA, Nmap, Nessus, Fing & Superscan & OpenVAS
• Nmap Download
• Superscan
• Fing Android
• Fing iOS
• Microsoft Baseline Security Analyzer (MBSA)
• OpenVAS
• Metasploitable 2
• Nessus professional
• Nessus Home (recommended)
• Qualys FreeScan - online vulnerability scanner
• Open VAS is not installed on latest Kali - Video to install here
• Open VAS is not installed on latest Kali - Instruction to install here
• Open Source Custom Router Firmware
• Wiki - List of router firmware projects
• Example of how to flash a netgear R7000 with DD-WRT
• OpenWrt
• DD-WRT
• DD-WRT Supported Hardware
• R7000 Nighthawk Router
• Smallnetbuilder.com - Compare Router Performance
• DD-WRT firmware for R7000
• flashrouters.com
• Example of Tor on R7000 (DD-WRT)
• Example of OpenVPN (DD-WRT)
• Tomato firmware
• LibreCMC
• LibreCMC Supported Hardware

• Firewalls - Host-based, network based and virtual
• DPI example traffic
• Reverse shell cheat sheet
• Wiki - Stateful Packet Inspection
• Windows - Host Based Firewalls
• Windows Firewall Control (WFC)
• Windows Firewall Control (recommended)
• How to Block An Application
• Third Party
• Comodo
• Comodo - remove GeekBuddy
• Windows - TinyWall
• Privacyware firewall
• AV firewall example Kaspersky
• Windows - Suggestion for firewall rules to apply
• Linux - Host Based Firewalls
• iptables
• IPTables: Personal Firewall to protect my laptop
• personalfirewall
• The definitive guide to iptables
• UFW, gufw & nftables
• The UncomplicatedFirewall (UFW)
• How To Setup a Firewall with UFW on an Ubuntu and Debian
• ShoreWall
• Gufw - graphical front-end to UFW
• Linux-Firewall - Application firewall
• nftables
• iptables-frontends.txt
• Network Based Firewalls
• Routers - DD-WRT
• OpenWrt
• DD-WRT firewall
• DD-WRT firewall config example
• DD-WRT iptables commands example
• DD-WRT Firewall Builder
• Firewall Builder
• Hardware
• pcengines.ch
• pcengines.ch apu
• Novena
• pfSense, Smoothwall and Vyos
• pfSense.org
• pfSense Hardware
• OPNsense.org
• smoothwall.org
• VyOS.net

• Network Attacks & Network Isolation
• Introduction & IOT
• theguardian.com - IOT and US surveillance
• Arp Spoofing & Switches
• Intro to Sniffers
• Effective Network Isolation
• NetCut
• XArp
• sniffdet
• tecmint.com - Using arpwatch
• Cisco port sec
• Wiki - IEEE 802.1AE
• Wiki - IEEE 802.1X
• Cisco - DHCP snooping
• YouTube - Quick VLAN setup in PFSense

• Wifi Weaknesses
• WPA, WPA2, TKIP & CCMP
• Report - Breaking WEP and WPA (pdf)
• Church of Wifi WPA-PSK Lookup Tables
• Wifi Protected Setup WPS, Evil Twin & Rouge AP
• Report - Brute forcing Wi-Fi Protected Setup (pdf)
• WiFi Pineapple
• NSA Nightstand wireless exploitation tool
• YouTube - DD-WRT Tutorial - How to create a separate public guest network that works!
• Wifi Security Testing
• List of USB wireless card for Kali
• Alfa AWUS036NHA Wireless B/G/N USB Adaptor - 802.11n
• Aircrack-ng
• coWPAtty
• Reaver
• Fern Wifi Cracker
• oswa live CD
• Another list of Kali USB wireless adaptors
• Wireless Security
• Secure Configuration & Network Isolation
• Examples of wireless isolation option
• RF Isolation & Reduction
• Example Shielding
• Example Faraday bag
• Bluetooth fact sheet
• NIST Guide to Bluetooth Security
• Who is on my Wifi Network?
• whoisonmywifi.com
• Wifi Inspector
• WiFi Network Monitor
• Wireless Network Watcher
• GlassWire.com
• Fing Andriod
• Fing IOS
• airodump-ng

• Syslog
• Syslog RFC5424
• Syslog for Windows
• Linux - Using a central log server to monitor your devices
• Linux - How to Setup a Debian Linux Syslog Server
• Linux - a GUI log analyzer
• Linux - Setting up a Centralized RYSYLOG Server Monitoring
• LinkName
• Windows - Become Really Paranoid by Monitoring your Network's Comings & Goings with WallWatcher & DD-WRT
• How to Configure Your Router for Network Wide URL Logging
• Windows - Link Logger
• Windows - Syslog Watcher
• How to remotely collect server events using syslog
• Windows - PRTG free Syslog Server
• Windows - kiwi syslog server
• Windows - winsyslog server
• Network Monitoring
• Wireshark, tcpdump, tshark, iptables
• Wireshark.org
• tcpdump cheat sheet (pdf)
• Wireshark - Finding malware & hackers
• Wireshark Display Filters
• Wireshark cheat sheet (pdf)
• Wincap, NST, Netminer & NetWorx
• WinPcap
• 5 Killer Tricks to Get the most out of Wireshark
• Network Security Toolkit (NST) Live Operating System
• NetworkMiner (for WIndows, Linux, OSX)
• NetWorx (bandwidth monitoring for all desktop platforms)

• IP Address
• whatismyipaddress.com
• HTTP Referer
• whatismyreferer.com
• Super Cookies
• Example of Super Cookie - Evercookie
• The Rise of Mobile Tracking Headers: How Telcos around the World are Threatening your Privacy (pdf)
• Anti-privacy unkillable super cookies spreading around the world - study
• Browser Fingerprinting & Browser Volunteered Information
• Panopticlick
• https://ipleak.net
• Browser & Browser Functionality
• BrowserLeaks.com
• More Tracking
• Wiki - Content Security Policy
• Browser & Internet Profiling
• GCHQ radio porn spies track web users online identities

• Search Engine Tracking, Censorship & Privacy
• Search engine market share
• Graphic on Market Share
• Google Products
• Web Privacy Census
• Types of cookies used by Google
• Wiki - AOL search data leak
• Terms of Service; Didn't Read (browser add-on)
• Blazing Saddles Tools
• NSA infiltrates links to Yahoo, Google data centers worldwide, Snowden documents say
• Target Detection Identifiers (TDI) Introduction
• GCHQ spy tools
• Ixquick & StartPage
• StartPage Search Engine
• StartPage by Ixquick Search Engine
• StartPage - Privacy Policy
• Tor and StartPage
• StartPage Plugin
• DuckDuckGo
• DuckDuckGo
• Privacy Policy
• Founder
• DuckDuckGo.com/html/
• iphone and android app
• To ONLY install DuckDuckGo as your default search engine
• Disconnect Search
• https://disconnect.me/search
• Privacy Policy
• Tor Search Engine Offers Weak SSL/TLS Ciphers
• https://search.disonnect.me
• Disconnect Plugin
• YaCy
• YaCy - The Peer to Peer Search Engine
• PRISM Collection Details
• YaCy online demo
• YaCy YouTube Channel
• MetaGer.de
• searx.me - Another option!
• Private & Anonymous Searching
• Google - my activity
• Instruction to delete my Google history

• Reducing the Browser Attack Surface
• Flash example
• Java application examples
• Silverlight example
• Firefox: Disable built-in PDF viewer and use another viewer
• Browser Isolation & Compartmentalization
• Authentic8
• Maxthon
• Spikes
• Browser Sandbox
• Firefox - Contextual Identity Project
• Firefox Security, Privacy & Tracking
• Mozilla on Do Not Track (DNT)
• EFF DNT Policy
• Tracking Protection (in private window)
• Test Firefox Tracking Protection
• Mozilla on Private browsing
• Do the safe browsing protocol works - developer guide
• How Tracking Protection works in Firefox
• Test Safe Browsing - Attack Site
• Test Safe Browsing - Web Forgeries
• HTTP Filters, ad and track blockers
• uBlock origin
• uBlock Origin Firefox Extension Download (recommended)
• uBlock home page
• Overview of uBlock's network filtering engine
• Dynamic filtering - quick guide
• Blocking Mode
• Dynamic filtering - to easily reduce privacy exposure
• Medium Mode
• Hard Mode
• uMatrix
• uMatrix Firefox extension download
• uMatrix homepage
• Disconnect, Ghostery, Request policy (n/a)
• Disconnect private browsing - Download
• Ghostery Browser Extension and Mobile Apps Download
• Adblock plus (ABP), Privacy badger, Web of Trust (WOT)
• Adblock plus (ABP) extension download
• ABP vs uBlock on speed
• EFF - Privacy Badger
• Web of Trust (WOT) download
• NoScript
• NoScript addon download
• Policeman (n/a) & Others
• VirusTotal
• TrackOFF
• Purify - iOS/iPhone Ad Blocker
• New York Times - How ads effect download speed for the top 50 new sites
• History, Cookies & Super cookies
• Mozilla on Never remember cookies
• Mozilla on Private browsing
• CCleaner
• Bleachit
• Forum post of Winapp2.ini
• http://www.winapp2.com
• Bleachit page on winapp2.ini
• Decentraleyes addon (recommended)
• JonDoFox Browser
• Tor Browser
• Portable apps Firefox
• Evercookie
• HTTP Referer
• Smart Referer - Add-ons for Firefox
• Browser Fingerprinting
• Mozilla on Fingerprinting
• EFF - Every browser unique results from panopticlick
• https://ipleak.net/
• BrowserLeaks.com - Flash player system capabilities
• firegloves - Firefox add-on
• Websocket leaks
• Canvas Blocker addon
• JS-Recon
• Report - PriVaricator: Deceiving Fingerprinters with Little White Lies
• Browser Privacy, Security and Tracking test sites
• Certificates & Encryption
• HTTPS Everywhere addon (recommended)
• browser.urlbar.trimURLs
• SSLlabs Browser Test
• RCC for Windows
• Firefox Hardening
• About:config
• Firefox FAQs About:config Entries
• The "about" protocol
• Firefox Profilemaker
• user.js by pyllyukko
• Wiki - Online Certificate Status Protocol (OCSP)
• Privacy Settings Addon homepage
• Privacy Settings Addon download
• JonDoFox Browser
• Tor Browser
• Mobile - NoScript Anywhere
• Android - HTTPS Everywhere
• Android - ublock origin

• Password Attacks
• haveibeenpwned.com
• How Passwords are Cracked
• Hashes
• Example of combinator attack
• Example of rule based attack
• Analysis password patterns - Pack
• Wiki - Leet
• Wiki - Markov chain
• Hydra
• Hash samples
• SHA1 and other hash functions online generator
• PBKDF2 Hash Generator online
• Wiki - PBKDF2 (Password-Based Key Derivation Function 2)
• Wiki - bcrypt
• Wiki - scrypt
• Hardware security module (HSM)
• Nitrokey HSM
• Wiki - Hash-based message authentication code
• Hashcat
• Example Hashdumps and Passwords
• Pwdump
• 25-GPU cluster cracks every standard Windows password in <6 hours
• hashcat - advanced password recovery
• CrackStation.net
• Wiki - Pass the hash
• Operating System Passwords
• How to reset the root password in Debian or Ubuntu
• Windows - Active Password Changer
• Windows - 7 Free Windows Password Recovery Tools
• Password Managers
• Introduction
• List of password managers
• Master Password
• Master Password
• KeePass, KeePassX and KeyPassXC
• Keepass
• KeePassX
• KeePass and YubiKey
• Keepassx and YubiKey
• KeePassXC Password Manager
• LastPass
• LastPass
• LastPass password Iterations with PBKDF2
• LastPass Hardening - Encryptr
• Creating a Strong Password that you can Remember
• Example Password Patterns
• Cygnius Password Strength Test
• Brute force password search space calculator by Steve Gibson
• Multi-Factor Authentication
• Soft Tokens - Google Authenticator & Authy
• Android - Top Developer Google Authenticator
• iOS - Google Authenticator
• Wiki - Initiative for Open Authentication
• RFC 6238
• LastPass & Google Authenticator
• Authy
• Hard Tokens - 2FA Dongles
• List of websites and whether or not they support One Time Password (OTP) or Universal 2nd Factor (U2F)
• Example of YubiKey with LastPass
• YubiKey features
• OTP vs U2F
• Choosing a Method of Multi-Factor Authentication
• List of websites and whether or not they support 2FA
• Wiki - Google Authenticator
• dongleauth.info
• YubiKey & LUKS
• YubiKey and disk encryption
• Multi-Factor Authentication - Strengths & Weaknesses
• RSA Tokens
• The Future of Password & Authentication
• SQRL demo