Security in all its wild weird ways

A Bookmark page by Andy of Konecny Consulting.

basics for all of us
Most important step to protect your network	The 4 basics to best Improve Cybersecuitry	Pausing to inspect closer, Huh?
7 Cybersecurity Easy Tips few are talking about	ultimate personal security checklist	16 Steps to Securing Your Data (and Life)
Ouch! security newsletter for the typical computer user	The Six Dumbest Ideas in Computer Security	Why Need a Shredder
Internet Fraud Complaint Center	No Kaboom Today	Canadian AntiFraud Centre
Has your account been Pwned?	Protect against Identity Theft	Scam Busters, fighting on-line scams
Crypto-Gram newsletter	Personal VPN value	Home network security
protecting your stuff, simple but effective	on-line banking safely by using Linux LiveCDs	What does the web say about you?
What your email address says about you	Complete Guide to Avoiding Online Scams	About Browser Cookies
Malware lables	Security BattleGround: an Executive Field Manual	10 crazy IT security tricks that actually work
Social Engineering	Security Awareness Courses and Posters	Haft of The Spear: blog about the pointy end
a downside of BYOD	good overview of PKI with old implimentation	Verification Handbook
Homeland Security: Cyber	Why privacy matters, even if you are innocent	Upping your anit Phishing skills
The Hacker Crackdown	infocon, threat status.	Privacy: avoiding going overboard
problem with 1 off solutions	starting point of Critical Security Controls	10 tech security basics for all
Policy Expiry dates	When to not trust the Lock on a browser	Effective security framework
Pointers to Learn On Your Own	Reviewlab's safety guide	Facebook, how to get what they have on you.
Internet of things security view	Intro to PKI, TLS, and x509	BS triggers by Vendors (not just in security)
How we are all tracked	location tracking privacy tips	downside of personal VPNs
Consumer VPNs: May B Fine Without	General use terms	Habits of hackers & counters to
Who Hacked Us? generator	CISA Ransomware Guide	4 Traits of Social Engineering Attacks
Dangers of public WiFi	Combating Phishing Scams	5 Common Cybersecurity Challenges for SMBs
fun surveys can be bad for you	We are Surveilled Always	CISA Recouces & Tools
Making Cybersecurity easy like Ikea	Get Cyber Safe Canada

Passwords, protecting the keys
Why you should have good passwords	how to choose good passwords	Passwords can be recovered
Default Passwords List	How I'd Hack Your Weak Passwords	Establish-Maintain your identity
default router pws	top 500 worst passwords	SHA256 hash Calculator
analysis of breached Sony pw database	Change your Password day	reveal 'hidden' pw in browsers
Common hiding places 4pw	xkcd; easy strong passwords	next gen of passwords
Use Your Password to Improve Your Life	pw entropy tester w/ source code	Secret Life of Passwords:psychology of
Password Recovery/cracking Speeds	Passwords to Never use	Admin/Root password guides
What Certificate Authorities Are	default passwords	has your password been exposed
has your ID/address been exposed	Beyond Passwords	Signing GitHub Commits
Cryptography basics with OpenSSL	OpenSSH server best practices	The Encryption Fallacy
LetsEncrypt free SSL	Certbot, automate Let's Encrypt install	ZeroSSL free SSL
x509 certs explained	MFA, good but not the holy grail	example of bad habbit, but fun
List of Phishing-Resistant MFA	PassKeys replacing PassWords soon?	Password Managers: Imperfect but better than not
PasswordMonster, strength checker	The Password Game


Security Technical Implimentation Guides (STIGS)	Even root certs expire and = kaboom	find patches for a CVE
OpenCVE database	SIEMonster	Enigma simulator
Enigma procedure	Cipher History

other testing tools
phishing link checker	url scanner
SSL cert tools	Qualys SSL Labs tester	Comodo/Sectigo's SSL Analyzer
DigiCert test tool	Symantec's SSL/TLS tester	CSR Decoder
SSLTLS testing tools	How to check certs on other ports	cert n keystore management tools
Hardenize security report	Gibson Research tools	Virus Total, scans a file agaist many AV tools
Comodo, AV file scanner	Using Google as a hack tool	Google Dorks
About Google hacking	what Facebook can show of you	Kali: pen tester Linux distro
Has my account been part of a breach?	Where to Submit Malware	VirusTotal submission options
BitcoinAbuse database	crt.sh issued certs	cert recon script
csr Decoder	cipher test script	openssl toolkit
Verifying SSL/TLS settings	testssl.sh	ID that ransomware
Gordon cyber rep checks	about Gordon	Common openssl commands
log location analysis method	VirusTotal	Known Exploited Vulnerability (KEV) catalog
Test for AI generated text	Domain Doppelganger checker	Is Mercury the problem?
Breach Simulator

PC level issues&tools
SpyWare Guide	test if a file is infected	LH votes best AntiVirus 2009
encrypt v-partition Win7+	Make Windows10 less Creepy	Browser privacy test
stop weak crypto and protocols on Windows	PC Flank	Duo Security's VPN Hunter
Privacy Analyzer	CLI registry extract tool	Hardening MacOS

spam, spam, and spam with spam on the side
spam history & primer of SpamAssassin	some filtering techniques	origins of the term spam
SpyWare Warrior, a good reference	Pseudo Anonymous eMail	nslookup\|dig Spamhaus for IP reputation
StopForumSpam

Network level issues
Wireless security	Johnny, I Hack Stuff	Instant SSL
Live DDOS activity monitor	Upside-Down-ternet	Network Forensics with Dshell
Qs for IoT vendors	The Bro Security Monitor (IDS)	personal VPN primer
Basic CIS controls guide	NetFlow: lightweight traffic summerizer	SecurityOnion distro (IDS,logging,+)
OpenVAS Vulnerabitlity Assessement System	Securing Exchange Online	Shodan
CenSys	ZMap project	Sooty: SOC Analyst's All-in-One Tool
Why let systems talk to everywhere?	setup DShield for pfSense	SCADA-ICS security whitepages
The Attack Path, defending it	what is SIEM	tracking your attack surface
deauther WiFi test/hack tool	security.txt use patterns	what is poking at your public IPs
How fast new inetnet host is attacked	12 Rogue URL Tricks	dmarc, an overview
We are all targets of scams	DDoS glossary

Linux
Werner Puschitz' Securing Linux	20 Linux Server Hardening Security Tips	2FA for SSH
where is this\|that machine tools	Wireguard VPN

General
The threat is real. Think before you link.	broad cybersecurity advice	Building on a Foundation for Trust
test your phishing IQ	a Phishing Test	Beginner CaptureTheFlag
Banks Never Ask THAT	Physical Security Village	scammer baiters
collection of Security Tools	Jan's resource-tool list	CISA free tools & services
	-
Toronto Area Security Klatch, monthly	SecTor annual conference	The Ethical Hacker Network
BlackHat session videos	SecTor session videos	InfraGard a private-public FBI interface
Canadian Centre for Cyber Security		No More Ransom project
Are Your Cookies for sale?	StopRansomWare CISA	How to bypass phsical controls
Learning by community	Verified Backups	Security Now! podcast
Prebunking: an inoculation	Minimum Viable Secure Product checklist	Security Awareness, the H-Layer
IR, we go to milliseconds	How Root Cause Analysis is a term of art	Baseline Cyber controls
Top 10 IT Security Actions	ZeroTier private network	Connect ZeroTier explained
CISA know exploited vuln catalog	Traits of Most Scams	3 x 3 Security Control Pillars
The First Open Source Intelligence War	Story Telling to Improve Security	TLP: how sharable is that IR Data
How much badness can we stop?	a great view forward to better security	Not your keys, not your coins
Global Risk Community	Propaganda - understanding	LockPickingLawyer
Covert Instuments (picks)	Secure Alternative to M 365	Cyber Threat Name Generator
Data is a Toxic Asset	Mind games of conflict	Avoiding Security Theater
Root Causes podcast	12 days of cybersecurity Xmas sung	Physical Pentest via FireCode
security training, carrots work better	CTF games, from simple on up	what is the real threat?
Hashes:to ID known good or bad	Incident Response vs DR scalling	Compliance Dance

Oopses (breaches and bad practices)
Drop MS Passport advises Gartner	Security Ignorance Program	Microsoft support Scammers
Eye of Sauron Is Modern Surveillance State	MS Outlook for iOS violates security	thread of hybrid phishing - stopped
Peak Intermediation hit		Slaugherbots, any time now
Risk Accumulates	Limits of Security, the bootstrap problem	Your WiFi can expose you
Win11+ records Everything	Infiltrate attempt almost partA	Infiltrate attempt almost partB
Catching the big ones.	Win11 built in keylogger	sleazy subscription practices to watch for

Tip Jar

Updates last posted 2025-01-30