Bookmarks
Tag cloud
Picture wall
Daily
RSS Feed
  • RSS Feed
  • Daily Feed
  • Weekly Feed
  • Monthly Feed
Filters

Links per page

  • 20 links
  • 50 links
  • 100 links

Filters

Untagged links
page 1 / 7
129 results tagged security  ✕   ✕
The Enchiridion of Impetus Exemplar: A Threat Modeling Field Guide https://shellsharks.com/threat-modeling
Wed 03 Aug 2022 02:00:29 PM PDT archive.org

Threat Modeling is the process of building and analyzing representations of a system to highlight concerns about security characteristics.

Threat Modeling is a pro-active and iterative approach for identifying security issues and reducing risk. The output of a threat modeling exercise is a list of threats - or even better - risks, that further inform decisions in the continued operation of the system. This process can be performed prior to any code written or infrastructure deployed. This makes it very efficient in identifying potential threats, vulnerabilities and risks.

infosec security threatmodeling
Lissy93/awesome-privacy https://github.com/Lissy93/awesome-privacy
Mon 11 Jul 2022 06:24:59 PM PDT archive.org

Large data-hungry corporations dominate the digital world but with little, or no respect for your privacy. Migrating to open-source applications with a strong emphasis on security will help stop corporations, governments, and hackers from logging, storing or selling your personal data.

awesome comsec privacy anonymity security tools
jhaals/yopass https://github.com/jhaals/yopass
Thu 30 Jun 2022 03:40:08 PM PDT archive.org

Yopass is a project for sharing secrets in a quick and secure manner*. The sole purpose of Yopass is to minimize the amount of passwords floating around in ticket management systems, Slack messages and emails. The message is encrypted/decrypted locally in the browser and then sent to yopass without the decryption key which is only visible once during encryption, yopass then returns a one-time URL with specified expiry date.

There is no perfect way of sharing secrets online and there is a trade off in every implementation. Yopass is designed to be as simple and "dumb" as possible without compromising on security. There's no mapping between the generated UUID and the user that submitted the encrypted message. It's always best send all the context except password over another channel.

Messages can only be viewed once. Message can self-destruct automatically. No accounts or registration is required.

Has CLI functionality built in.

Uses memcached or redis as its back-end.

Public instance: https://yopass.se/

webapps service golang encryption messages javascript security cli
How to Win at CORS, by Jake Archibald https://jakearchibald.com/2021/cors/
Thu 21 Oct 2021 11:43:58 AM PDT archive.org

CORS (Cross-Origin Resource Sharing) is hard. It's hard because it's part of how browsers fetch stuff, and that's a set of behaviours that started with the very first web browser over thirty years ago. Since then, it's been a constant source of development; adding features, improving defaults, and papering over past mistakes without breaking too much of the web.

Anyway, I figured I'd write down pretty much everything I know about CORS, and to make things interactive, I built an exciting new app.

blogpost web cors security howto archived
LessPass https://lesspass.com/
Tue 21 Sep 2021 10:59:51 PM PDT archive.org

A password manager/generator that takes a master password, a URL, a username, and optionally a serial number (for when you have to change passwords) and (re)generates the password for you. Requires no database or third party storage - the right password is always generated for you. Desktop versions, browser plugins, and a cli tool.

No notepad feature, so no storing your 2fa recovery codes there.

Github: https://github.com/lesspass/lesspass

security opsec passwords storage generator browsers cli
Raspberry Pi Stingray Detector https://hackaday.io/project/15711-raspberry-pi-stingray-detector
Mon 06 Sep 2021 03:59:05 PM PDT archive.org

The number of IMSI-catchers (rogue cell towers) has been steadily increasing in use by hackers and governments around the world. Rogue cell towers, which can be as small as your home router, pose a large security risk to anyone with a phone. If in range, your phone will automatically connect to the rogue tower with no indication to you that anything has happened. At that point, your information passes through the rogue tower and can leak sensitive information about you and your device. Currently, there are no easy ways to protect your phone from connecting to a rogue tower (aside from some Android apps which are phone specific and require root access).

This project demonstrates how you can create a rogue cell tower detector using a Raspberry Pi and a SIM 900 module. The detector can identify rogue towers and triangulate their location. The demonstration uses a SIM 900 GSM module to fingerprint each cell tower and determine the signal strength of each tower relative to the detector.

raspi cellular scanner security police
maldevel/PenTestKit https://github.com/maldevel/PenTestKit
Tue 27 Jul 2021 03:30:13 PM PDT archive.org

Tools, scripts and tips useful during Penetration Testing engagements.

infosec pentesting tools scripts security
CVE https://cve.mitre.org/
Mon 26 Jul 2021 01:41:27 PM PDT archive.org

The mission of the CVE Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities. There is one CVE Record for each vulnerability in the catalog. The vulnerabilities are discovered then assigned and published by organizations from around the world that have partnered with the CVE Program. Partners publish CVE Records to communicate consistent descriptions of vulnerabilities. Information technology and cybersecurity professionals use CVE Records to ensure they are discussing the same issue, and to coordinate their efforts to prioritize and address the vulnerabilities.

infosec vulnerabilities cve feeds security
Counter-Surveillance Resource Center https://www.csrc.link/
Sun 25 Jul 2021 07:20:28 PM PDT archive.org

The CSRC provides a searchable database of resources on the topic of counter-surveillance, with a focus on targeted surveillance against people who have things to hide. We want to help anarchists and other rebels acquire a practical understanding of the surveillance threats they may face in their struggles and in their lives. We prefer resources written by friends and understandable without prior technical knowledge.

surveillance countermeasures activism privacy security anonymity
Lissy93/personal-security-checklist https://github.com/Lissy93/personal-security-checklist
Wed 05 May 2021 03:39:13 PM PDT archive.org

A curated checklist of tips to protect your digital security and privacy.

infosec opsec personal privacy security howto
Cloverleaf https://cloverleaf.app/
Mon 26 Apr 2021 02:09:02 PM PDT archive.org

A smart solution to the problem of passwords. Cloverleaf generates passwords on demand, using the name of the app you're making a password for and a master password to derive a passcode. Enter those two things and you don't need to store the passcode because you can re-generate it whenever you want.

Can be installed as a native app and used offline.

Github: https://github.com/cloverleaf/web

html5 passwords generator online selfhosted native security opsec
Security Headers https://securityheaders.com/
Fri 16 Apr 2021 04:58:15 PM PDT archive.org

The HTTP response headers that this site analyses provide huge levels of protection and it's important that sites deploy them. Hopefully, by providing an easy mechanism to assess them, and further information on how to deploy missing headers, we can drive up the usage of security based headers across the web.

websites headers sysadmin online scanner security
GitHub - tmo324/visum https://github.com/tmo324/visum
Thu 01 Oct 2020 07:31:21 PM PDT archive.org

Script that will detect if a stranger is trying to use your laptop or if a stranger/authorized driver is trying to drive your car. This script will detect the face, and send you an email if new user is not identified.

python ai ml images facialrecognition security
GitHub - l373/Awesome-PhySec https://github.com/l373/Awesome-PhySec
Tue 29 Sep 2020 08:50:18 PM PDT archive.org

Repository containing useful links for all things Physical Security.

awesome security directory videos tools tutorials lockpicking pentesting vendors
GitHub - fabacab/awesome-lockpicking https://github.com/fabacab/awesome-lockpicking
Tue 29 Sep 2020 08:15:45 PM PDT archive.org

A curated list of awesome guides, tools, and other resources related to the security and compromise of locks, safes, and keys.

security locks awesome books downloads resources projects groups vendors
chasquid - SMTP server https://blitiri.com.ar/p/chasquid/
Sun 11 Aug 2019 11:48:34 AM PDT archive.org

chasquid is an SMTP (email) server with a focus on simplicity, security, and ease of operation.

It sends and receives email as a typical MTA (for example, can be used instead of Postfix or Exim), and it is designed mainly for individuals and small groups.

It's written in Go, and is open source under the Apache license 2.0.

server smtp golang mta security sysadmin
v1s1t0r1sh3r3/airgeddon: This is a multi-use bash script for Linux systems to audit wireless networks. https://github.com/v1s1t0r1sh3r3/airgeddon
Sat 30 Mar 2019 07:08:58 PM PDT archive.org

A wireless auditing tool implemented as a shell script that uses other tools to do the job.

infosec wireless security utility pentesting
Letterlocking http://letterlocking.org/about/
Tue 13 Nov 2018 04:18:18 PM PST archive.org

A site that documents the practice of letterlocking - cleverly folding, cutting, and sealing letters in the 17th century for tamper evidence and security.

academia opsec letterlocking writing security privacy history
woj-ciech/Kamerka-GUI https://github.com/woj-ciech/Kamerka-GUI
Sun 04 Nov 2018 11:29:12 PM PST archive.org

Ultimate Internet of Things/Industrial Control Systems reconnaissance tool.

Requires an API key for SHODAN.

shodan python cameras mapping security surveillance iot devices
Servers for Hackers https://serversforhackers.com/
Fri 17 Aug 2018 04:09:54 PM PDT archive.org

Teaching the server tech you need for development and production. Eliminating the frustration of server configuration. Databases, configuration management, containers, proxies, security, PHP, and much more.

lessons sysadmin howto reference servers databases configuration containers webapps security
page 1 / 7
4684 links, including 339 private
Shaarli - The personal, minimalist, super-fast, database free, bookmarking service by the Shaarli community - Theme by kalvn