Short version: I strongly do not recommend using any of these providers. You are, of course, free to use whatever you like. My TL;DR advice: Roll your own and use Algo or Streisand. For messaging & voice, use Signal. For increased anonymity, use Tor for desktop (though recognize that doing so may actually put you at greater risk), and Onion Browser for mobile.
This mini-rant came on the heels of an interesting twitter discussion: https://twitter.com/kennwhite/status/591074055018582016
The purpose of this document is to make recommendations on how to browse in a privacy and security conscious manner. This information is compiled from a number of sources, which are referenced throughout the document, as well as my own experiences with the described technologies.
I welcome contributions and comments on the information contained. Please see the How to Contribute section for information on contributing your own knowledge.
| ### | |
| ### | |
| ### UPDATE: For Win 11, I recommend using this tool in place of this script: | |
| ### https://christitus.com/windows-tool/ | |
| ### https://github.com/ChrisTitusTech/winutil | |
| ### https://www.youtube.com/watch?v=6UQZ5oQg8XA | |
| ### iwr -useb https://christitus.com/win | iex | |
| ### | |
| ### OR take a look at | |
| ### https://github.com/HotCakeX/Harden-Windows-Security |
| import re | |
| from collections import namedtuple | |
| ASCII_BYTE = " !\"#\$%&\'\(\)\*\+,-\./0123456789:;<=>\?@ABCDEFGHIJKLMNOPQRSTUVWXYZ\[\]\^_`abcdefghijklmnopqrstuvwxyz\{\|\}\\\~\t" | |
| String = namedtuple("String", ["s", "offset"]) | |
| import boto3 | |
| from itertools import chain | |
| import csv | |
| ''' | |
| Goal) | |
| Create a matrix (csv) that consists of (and is used in an excel file capacity): | |
| *** List out each policy (Managed and Inline) that are attached to a user. |
| import boto3 | |
| import pprint | |
| # MAKE SURE YOU CHANGE THESE VALUES OR THE TOOL WON'T WORK. | |
| access_key_id = 'replace me' | |
| secret_access_key = 'replace me' | |
| ''' | |
| This file is used to list EBS volumes and whether or not they are encrypted. This is only for "in-use" (running) volumes. |
| import boto3 | |
| import pprint | |
| # MAKE SURE YOU CHANGE THESE VALUES OR THE TOOL WON'T WORK. | |
| access_key_id = 'replace me' | |
| secret_access_key = 'replace me' | |
| ''' | |
| WORK IN PROGRESS, NOT COMPLETED | |
| This file is used to review s3 bucket permissions and whether or not they are encrypted |
| import boto3 | |
| import pprint | |
| pp = pprint.PrettyPrinter(indent=5, width=80, compact=False) | |
| #http://docs.aws.amazon.com/general/latest/gr/rande.html | |
| regions = ['us-east-1', 'us-west-2', 'ap-northeast-2', 'ap-southeast-1', 'ap-southeast-2', 'ap-northeast-1', 'eu-central-1', 'eu-west-1'] | |
| ''' |
| From: http://redteams.net/bookshelf/ | |
| Techie | |
| Unauthorised Access: Physical Penetration Testing For IT Security Teams by Wil Allsopp. | |
| Social Engineering: The Art of Human Hacking by Christopher Hadnagy | |
| Practical Lock Picking: A Physical Penetration Tester's Training Guide by Deviant Ollam | |
| The Art of Deception: Controlling the Human Element of Security by Kevin Mitnick | |
| Hacking: The Art of Exploitation by Jon Erickson and Hacking Exposed by Stuart McClure and others. | |
| Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning by Fyodor | |
| The Shellcoder's Handbook: Discovering and Exploiting Security Holes by several authors |
