Security Resources

A collection of security guides, tools, cheat sheets and best practices I’ve found to be useful.

Communications

• Get S/MIME on your iPhone and iPad

SSH

• A very good introduction to SSH (part 1, part 2, and part 3)
• Top 20 OpenSSH Server Best Security Practices

VPNs

• It is best to deploy your own by installing OpenVPN on a VPS of yours
• ProtonVPN
• privatetunnel.com, a consumer VPN by OpenVPN

CPU vulns

• Speculative execution

Harden your OS

Linux

• GrSecurity, a set of patches to harden the Linux kernel
• SELinux, built-in into the Linux kernel for years. I am not really a big fan of it.
• Tomoyo, a MAC good enough to be used as a system analysis tool, its rules are easy to write

I gave two talks about them, Hardening One and Hardening Two. Find more here.

macOS

• macOS security checklist (*)
• How the NSA snoop-proofs its Macs, a bit old but something you may want to check anyway

iOS

• A deep dive into the world of ‘dev-fused’ iDevices (archived page)

Android

• Hardening Android for Security and Privacy, it may sounds impossible but there’s still something you can do

Tools

• Brute-force calculator (*)
• nmap
• Wireshark
• Debookee (macOS only)

Distros

• Kali Linux
• Tails

Websites and blogs

• Offensive Security
• OWASP and its periodic table
• Krebs on Security
• Schneier On Security
• Google Project Zero
• Naked Security
• The Hacker News

---

(*) Mantained by me. Please, tell me about your suggestions or any broken link you spot.