Security & Privacy

Principle of Least Privilege

• What is the Principle of Least Privilege (PLP)?
• Why You Should Not Run as an Administrator or Root User

Password Managers

HTTPS SSL TLS

• Here’s Why Your Static Website Needs HTTPS by Troy Hunt
  • CloudFlare, SSL and unhealthy security absolutism
  • Have i been pwned? Check if you have an account that has been compromised in a data breach. by Troy Hunt
• HTTPS Is Easy!
• Let’s Encrypt is a free, automated, and open Certificate Authority brought to you by the non-profit Internet Security Research Group (ISRG).
• What Is HTTPS, and Why Should I Care? by Chris Hoffman
• HTTPS and Privacy by Jacob Baytelman
• SSL Server Test: This free online service performs a deep analysis of the configuration of any SSL web server on the public Internet.

Cybersecurity Training & Certifications

• OWASP (Open Worldwide Application Security Project) is a nonprofit foundation working to improve the security of software. Dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted.
• Cybrary – Free IT & Security Training
  • Cybrary Offers Free Online Ethical Hacking and Cyber Security Training
• International Council of E-Commerce Consultants, also known as EC-Council, is a cyber security technical certification body.
  • Certified Ethical Hacker | CEH Course – EC-Council – Learn the skills and techniques of ethical hacking.
• Cisco CCNA Cyber Ops Certification
• GIAC Cyber Security Certifications
• NIST develops cybersecurity standards, guidelines, best practices, and other resources to meet the needs of U.S. industry, federal agencies and the broader public.
• Hacks, Leaks, and Revelations: The Art of Analyzing Hacked and Leaked Data by Micah Lee
• CryptoHarlem – Nonprofit AntiSurveillance, Cybersecurity Education & Advocacy Organization. Check out the CryptoHarlem Stream on Twitch.tv
• InfoSec Industry – Established to serve as a one stop sites for access to the latest resources on information security as well as measures and best practices for the prevention of cyber crimes.

Scams / Fraud

• Fraud.org is a project of the National Consumers League (NCL), a nonprofit advocacy organization based in Washington, DC.
• 17 Common Job Scams and How To Protect Yourself
• Where to find more information on elder financial vulnerability by Eliza Mills and Sasa Woodruff (MarketPlace.org)
• Federal Trade Commission information on how to avoid tech support scam
• FTC information on gift card scams
• Consumer Financial Protection Bureau’s resource guide for older adults
• Download the CFPB’s Identity Protection Guide
• Stanford Center on Longevity toolkit
• Wayne State University Institute of Gerontology; the institute’s Older Adult Nest Egg helps professionals review financial decisions to identify and protect seniors vulnerable to fraud  
• Federal Communications Commission Consumer Complaint Center
• FTC Consumer Sentinel HelpLine: 877-701-9595
• Federal Bureau of Investigation Internet Crime Complaint Center FBI: 800-CALL-FBI
• You can also report fraudulent activity to your state attorney general
• FINRA’s Financial Literacy Quiz
• National Center on Elder Abuse
• U.S. Senate Special Committee on Aging fraud hotline
• ElderAbuse.org, research and education umbrella organization dedicated to fighting abuse
• Better Business Bureau Scam Tracker
• Find your local Adult Protective Services
• AARP’s Fraud Watch Network 877-908-3360
• AARP scam updates newsletter
• State Bar Associations may be able to connect you with pro bono legal services
• “It Happened to Dad”: A presentation by Missouri resident Chad Schrieber, whose father was targeted by multiple fraudsters

Open-Source Intelligence (OSINT)

Open-Source Intelligence (OSINT) is defined as intelligence produced by collecting, evaluating and analyzing publicly available information with the purpose of answering a specific intelligence question.

• What is OSINT (Open-Source Intelligence?) | SANS Institute

Tools

Have I Been Pwned is a website that lets you search across multiple data breaches to see if your email address or phone number has been compromised. You can also generate secure, unique passwords for every account and learn more about data breaches and exposure

OSINT tool is a browser extension and web application built for researchers, investigators, journalists and intelligence analysts. Our extension gives you access to a suite of OSINT utilities directly on any webpage you visit.

Maltego is software used for open-source intelligence and forensics, developed by Paterva from Pretoria, South Africa. Maltego focuses on providing a library of transforms for discovery of data from open sources, and visualizing that information in a graph format, suitable for link analysis and data mining. Wikipedia

• Maltego: The Ultimate OSINT & Cyber Investigation Tool by Gary Ruddell

Bellingcat OpenStreetMap search

• The Coolest OSINT Mapping Tool You’ve Never Seen

Root Cause Analysis

DFIR Report : Real Intrusions by Real Attackers, The Truth Behind the Intrusion.