List of references for Volume II - Network Security! sections 8-12

Lesson 50. IP Address
Websites:
What is my IP address

Lesson 52. HTTP Referer
Websites:
Shows your HTTP referer
http://www.whatismyreferer.com/

Lesson 54. Super Cookies
Websites:
Anti-privacy unkillable super-cookies spreading around the world – study

Software:
Example Super Cookie - Evercookie
http://samy.pl/evercookie/
Reports:
The Rise of Mobile Tracking Headers: How Telcos Around the World Are Threatening Your Privacy

Lesson 55. Browser Fingerprinting and Browser Volunteered Information
Websites:
Panopticlick

IP Details

Lesson 56. Browser and Browser Functionality
Websites:
Web Browser Security

Lesson 57. More Tracking
Websites:
Content Security Policy

Lesson 58. Browser and Internet Profiling
Websites:
GCHQ radio porn spies track web users online identities

Lesson 60. Search Engine Tracking, Censorship and Privacy
Websites:
Search engine market share
https://www.netmarketshare.com/search-engine-market-share.aspx?qprid=4&qpcustomd=0
Graphic on Market share


Google Products

Web Privacy Census

Types of cookies used by Google
https://www.google.com/policies/technologies/types/
AOL personal data leak

Terms of service; Didn’t read

Blazing Saddles Tools

NSA infiltrates links to Yahoo, Google data centers worldwide, Snowden documents say

Target Detection Identifiers - An Introduction

GCHQ spy tools

Lesson 61. Ixquick and Startpage
Websites:
The worlds most private search engine

The worlds most private search engine

Privacy Policy

Tor and Startpage
https://support.startpage.com/index.php?/Knowledgebase/Article/View/288/0/how-does-startpage-interact-with-tor
Startpage Plugin
https://www.startpage.com/uk/download-startpage-plugin.html?hmb=1

Lesson 62. DuckDuckGo
Websites:
The search engine that doesn’t track you

Privacy Policy

Founder and CEO @ DuckDuckGo
https://www.crunchbase.com/person/gabriel-weinberg#/entity
DuckDuckGo

Software:
iphone and android app

Firefox plugin for DuckDuckGo

To ONLY install DuckDuckGo as your default search engine
https://addons.mozilla.org/en-US/firefox/addon/duckduckgo-ssl/

Lesson 63. Disconnect search
Websites:
Disconnect Search
https://disconnect.me/search
Privacy policy
https://disconnect.me/freeprotection
Tor Search Engine Offers Weak SSL/TLS Ciphers
https://www.stationx.net/tor-search-engine-offers-weak-ssltls-ciphers/
Disconnect Search
https://search.disconnect.me
Software:
Disconnect Plugin
https://addons.mozilla.org/en-GB/firefox/addon/disconnect-search/

Lesson 64. Yacy
Websites:
PRISM collection details

Yacy online demo
http://search.yacy.net/
Secure search & find
https://metager.de/en/
Software:
Decentralized web search
http://yacy.net/en/index.html
Videos:
Yacy Youtube channel

Lesson 65. Private and Anonymous Searching
Websites:
My Activity
https://history.google.com/history/
Instructions to delete google history
https://support.google.com/accounts/answer/465?hl=en

Lesson 68. Reducing the Browser Attack Surface
Websites:
Flash example
http://phillips.bravehost.com/animation1.html
Java application example
http://www.cs.stir.ac.uk/~sbj/examples/Java-applications/
Silverlight example
https://www.microsoft.com/silverlight/new-controls/demo/
Disable built in pdf viewer and use another viewer
https://support.mozilla.org/en-US/kb/disable-built-pdf-viewer-and-use-another-viewer

Lesson 70. Browser Isolation and Compartmentalization
Websites:
Firefox - Contextual Identity Project
https://wiki.mozilla.org/Security/Contextual_Identity_Project/Containers
Software:
Authentic8
https://www.authentic8.com/overview/
Maxthon

Spikes

Spoon.net

Browser in a box

Profile Switcher
https://addons.mozilla.org/en-us/firefox/addon/profileswitcher/
Switchy
https://addons.mozilla.org/en-US/firefox/addon/switchy/
Priv8
https://addons.mozilla.org/en-US/firefox/addon/priv8/?src=dp-dl-othersby
Multifox
https://addons.mozilla.org/en-US/firefox/addon/multifox/

Lesson 71. Firefox Security, Privacy and Tracking
Websites:
Mozilla on DNT
https://www.mozilla.org/en-US/firefox/dnt/
EFF DNT Policy

Tracking protection (In private windows)
https://support.mozilla.org/en-US/kb/tracking-protection-firefox
Test tracking protection
https://itisatrap.org/firefox/its-a-tracker.html
Firefox Private Browsing
https://support.mozilla.org/en-US/kb/private-browsing-use-firefox-without-history
Dow the safe browsing protocol works - Developers guide
https://developers.google.com/safe-browsing/v3/update-guide
How tracking protection works in Firefox
https://feeding.cloud.geek.nz/posts/how-tracking-protection-works-in-firefox/
Test safebrowsing - Attacks sites
http://itisatrap.org/firefox/its-an-attack.html
Test safebrowsing - Web forgeries
http://itisatrap.org/firefox/unwanted.html

Lesson 72. uBlock origin - HTTP Filters, ad and track blockers
Websites:
Overview of uBlock’s network filtering engine

Dynamic-filtering quick-guide

Blocking Mode

Dynamic filtering - Benefits of blocking 3rd party iframe tags

Dynamic filtering - to easily reduce privacy exposure

Medium Mode

Hard Mode

Software:
uBlock Origin Firefox Extention Download

uBlock homepage

Lesson 73. uMatrix - HTTP Filters, ad and track blockers
Software:
uMatric firefox extention download

uMatrix homepage

Lesson 74. Disconnect, Ghostery, Request policy - HTTP Filters, ad and track blockers
Software:
Disconnect private browsing - Download
https://disconnect.me/freeprotection
Ghostery browser extention download

Request Policy - Browser extention download
https://addons.mozilla.org/en-gb/firefox/addon/requestpolicy/
Request policy homepage
https://requestpolicycontinued.github.io/

Lesson 75. ABP, Privacy badger, WOT - HTTP Filters, ad and track blockers
Websites:
ABP vs uBlock on speed

Software:
Adblock plus extention download

Privacy badger

Web of Trust, WOT download

Lesson 76. No-script - HTTP Filters, ad and track blockers
Software:
NoScript addon download

Lesson 77. Policeman and others - HTTP Filters, ad and track blockers
Websites:
Virus Total
https://www.virustotal.com/
New York Times - How ads effect download speed for the top 50 news sites
http://www.nytimes.com/interactive/2015/10/01/business/cost-of-mobile-ads.html?_r=2
Software:
Policeman addon
https://addons.mozilla.org/en-GB/firefox/addon/policeman/
Track Off
https://www.trackoff.com/
Purify - iPhone ad blocker
https://itunes.apple.com/gb/app/purify-blocker-no-ads.-no/id1030156203?mt=8

Lesson 78. History, Cookies and Super cookies Part 1
Websites:
Mozilla on - Never remember cookies
https://support.mozilla.org/en-US/products/firefox/protect-your-privacy/cookies
Mozilla on - Private browsing
https://support.mozilla.org/en-US/kb/private-browsing-use-firefox-without-history
Forum post of winapp2.ini
https://forum.piriform.com/?showtopic=32310
Bleachit page on winapp2.ini
http://www.bleachbit.org/documentation/winapp2_ini
Software:
Ccleaner
https://www.piriform.com/ccleaner
Bleachit
http://www.bleachbit.org/features
Addon that adds over 2500 additional cleaning routines
http://www.winapp2.com/

Lesson 79. History, Cookies and Super cookies Part 2
Software:
Better Privacy addon
https://addons.mozilla.org/en-US/firefox/addon/decentraleyes/
Click Clean addon
https://addons.mozilla.org/en-us/firefox/addon/clickclean/
Quick Java addon
https://addons.mozilla.org/en-US/firefox/addon/quickjava/
Advanced Cookie Manager addon
https://addons.mozilla.org/en-US/firefox/addon/cookie-manager/
Self Destructing Cookies addon
https://addons.mozilla.org/en-GB/firefox/addon/self-destructing-cookies/
Decentraleyes addon
https://addons.mozilla.org/en-US/firefox/addon/decentraleyes/
JonDoFox Browser
https://anonymous-proxy-servers.net/en/software_linux.html
Tor Browser

Portable apps Firefox
http://portableapps.com/apps/internet/firefox_portable
Evercookie
http://samy.pl/evercookie/

Lesson 80. HTTP Referer
Software:
Ref Control addon
https://addons.mozilla.org/en-GB/firefox/addon/refcontrol/
Smart Referer addon
https://addons.mozilla.org/en-GB/firefox/addon/smart-referer/

Lesson 81. Browser Fingerprinting
Websites:
Mozilla on Fingerprinting
https://wiki.mozilla.org/Fingerprinting
EFF - Every browser unique results fom panopticlick
https://www.eff.org/deeplinks/2010/05/every-browser-unique-results-fom-panopticlick
ipleak.net

Browserleaks.com
https://www.browserleaks.com/flash
Websocket leaks
https://bugs.chromium.org/p/chromium/issues/detail?id=129353
jsrecon
http://www.andlabs.org/tools/jsrecon.html
Browser privacy security and tracking test sites
https://www.stationx.net/browser-privacy-security-and-tracking-test-sites/
Software:
Firegloves addon
https://github.com/kboda/firegloves
Random Agent Spoofer addon
https://addons.mozilla.org/en-gb/firefox/addon/random-agent-spoofer/
Canvas Blocker addon
https://addons.mozilla.org/en-US/firefox/addon/canvasblocker/
Report:
PriVaricator: Deceiving Fingerprinters with Little White Lies
http://research.microsoft.com/en-us/um/people/livshits/papers/tr/privaricator.pdf

Lesson 82. Certificates and Encryption
Websites:
browser.urlbar.trimURLs
https://developer.mozilla.org/en-US/docs/Mozilla/Preferences/Preference_reference/browser.urlbar.trimURLs
SSLlabs Browser test
https://www.ssllabs.com/ssltest/viewMyClient.html
Software:
HTTPS Everywhere addon
https://www.eff.org/https-Everywhere
Certificate Patrol Addon
https://addons.mozilla.org/en-GB/firefox/addon/certificate-patrol/
Connect securely to https websites
http://www.perspectives-project.org
Perspectives Addon
https://addons.mozilla.org/en-US/firefox/addon/perspectives/
RCC for Windows
https://www.trustprobe.com/fs1/apps.html
Calomel ssl validation Addon
https://addons.mozilla.org/en-US/firefox/addon/calomel-ssl-validation/
Cipherfox Addon
https://addons.mozilla.org/en-US/firefox/addon/cipherfox/
Toggle Cipher Suite Order
https://addons.mozilla.org/en-us/firefox/addon/toggle-cipher-suites/

Lesson 83. Firefox Hardening
Websites:
About:config
http://kb.mozillazine.org/About:config
Firefox FAQs About:config Entries
http://kb.mozillazine.org/About:config_entries
Firefox Security and privacy related preferences
http://kb.mozillazine.org/Category:Security_and_privacy-related_preferences
The about protocol
https://developer.mozilla.org/en-US/Firefox/The_about_protocol
Create a Firefox profile with the defaults you like
https://ffprofile.com/
Wikipedia - Online Certificate Status Protocol (OCSP)
https://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol
Software:
user.js by pyllyukko
https://github.com/pyllyukko/user.js
Certificate Patrol Addon
https://addons.mozilla.org/en-GB/firefox/addon/certificate-patrol/
Privacy Settings Addon homepage
http://firefox.add0n.com/privacy-settings.html
Privacy Settings Addon download
https://addons.mozilla.org/en-US/firefox/addon/privacy-settings/
JonDoFox Browser
https://anonymous-proxy-servers.net/en/software_linux.html
Tor Browser

Mobile - NoScript Anywhere
https://noscript.net/nsa/
Android - https everywhere
https://www.eff.org/https-everywhere
Android - ublock origin
https://addons.mozilla.org/en-US/android/addon/ublock-origin/

Lesson 85. Password Attacks
Websites:
Check if you have an account that has been compromised
https://haveibeenpwned.com/

Lesson 86. How Passwords are Cracked - Hashes - Part 1
Websites:
Example combinator attack
https://hashcat.net/wiki/doku.php?id=combinator_attack
Example rule based attack
https://hashcat.net/wiki/doku.php?id=rule_based_attack
Analysis password patterns - Pack
https://thesprawl.org/projects/pack/
Leet Speak
https://en.wikipedia.org/wiki/Leet
Markov chain
https://en.wikipedia.org/wiki/Markov_chain
Hydra
http://tools.kali.org/password-attacks/hydra
Hash samples
http://openwall.info/wiki/john/sample-hashes
SHA1 and other hash functions online generator
http://www.sha1-online.com/
PBKDF2 Hash Generator online
http://www.freecodeformat.com/pbkdf2.php
PBKDF2 (Password-Based Key Derivation Function 2)
https://en.wikipedia.org/wiki/PBKDF2
Bcrypt
https://en.wikipedia.org/wiki/Bcrypt
Scrypt
https://en.wikipedia.org/wiki/Scrypt
Hardware security module (HSM)
https://en.wikipedia.org/wiki/Hardware_security_module
Hash-based message authentication code (HMAC)
https://en.wikipedia.org/wiki/Hash-based_message_authentication_code
Hardware:
Nitrokey HSM
https://shop.nitrokey.com/shop/product/nitrokey-hsm-7

Lesson 87. How Passwords are Cracked - Hashcat - Part 2
Websites:
25-GPU cluster cracks every standard Windows password in <6 hours
http://arstechnica.com/security/2012/12/25-gpu-cluster-cracks-every-standard-windows-password-in-6-hours/
Pass the hash
https://en.wikipedia.org/wiki/Pass_the_hash
Software:
Example Hashdumps and Passwords
http://www.adeptus-mechanicus.com/codex/hashpass/hashpass.php
Pwdump
http://www.tarasco.org/security/pwdump_7/
hashcat - advanced password recovery
https://hashcat.net/hashcat/
Free Password Hash Cracker
https://crackstation.net/

Lesson 88. Operating System Passwords
Websites:
How to reset the root password in Debian and Ubuntu
http://xmodulo.com/how-to-reset-root-password-in-debian-ubuntu.html
Software:
Windows - Active@ Password Changer
http://www.livecd.com/pwch.html
Windows - 7 Free Windows Password Recovery Tools
http://pcsupport.about.com/od/toolsofthetrade/tp/passrecovery.htm

Lesson 89. Password Managers - An Introduction
Websites:
List of password managers
https://en.wikipedia.org/wiki/List_of_password_managers

Lesson 90. Password Managers - Master Password
Software:
Master Password
http://masterpasswordapp.com/

Lesson 91. Password Managers - KeePass, KeePassX and KeyPassXC
Software:
Keepass
http://keepass.info/
Keepassx
https://www.keepassx.org/
KeyPassXC
https://keepassxc.org/
Yubico and Keepass
https://www.yubico.com/why-yubico/for-individuals/password-managers/keepass/
Yubico and Keepassx
https://github.com/kylemanna/keepassx

Lesson 92. Password Managers - Lastpass
Websites:
Lastpass password iterations with pbkdf2
https://helpdesk.lastpass.com/account-settings/general/password-iterations-pbkdf2/
Software:
Lastpass
https://lastpass.com/

Lesson 93. Password Managers - Hardening Lastpass
Software:
Encryptr
https://spideroak.com/solutions/encryptr

Lesson 94. Creating a Strong Password That You Can Remember - Part 1
Websites:
Example Password Patterns
https://wpengine.com/unmasked/
zxcvbn on github - Password Checker
https://dl.dropboxusercontent.com/u/209/zxcvbn/test/index.html
Cygnius - Password Checker
https://apps.cygnius.net/passtest/

Lesson 95. Creating a Strong Password That You Can Remember - Part 2
Websites:
Brute force password search space calculator by Steve Gibson
https://www.grc.com/haystack.htm
zxcvbn on github - Password Checker
https://dl.dropboxusercontent.com/u/209/zxcvbn/test/index.html

Lesson 96. Multi-Factor Authentication - Soft Tokens - Google Authenticator and Authy
Websites:
Initiative For Open Authentication
https://en.wikipedia.org/wiki/Initiative_For_Open_Authentication
rfc6238
https://tools.ietf.org/html/rfc6238
Lasspass and Google Authenticator
https://helpdesk.lastpass.com/multifactor-authentication-options/google-authenticator/
Software:
Android - Top Developer Google Authenticator
https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en_GB
IOS - Google Authenticator
https://itunes.apple.com/gb/app/google-authenticator/id388497605?mt=8
Authy
https://www.authy.com/

Lesson 97. Multi-Factor Authentication - Hard Tokens - 2FA Dongles
Websites:
List of websites and whether or not they support One Time Passwords (OTP) or Universal 2nd Factor (U2F).
http://www.dongleauth.info/
Example of Yubikey with lasspass
https://helpdesk.lastpass.com/multifactor-authentication-options/yubikey-authentication/
OTP vs U2F
https://www.yubico.com/2016/02/otp-vs-u2f-strong-to-stronger/
Hadware:
Yubikey features

Lesson 98. Choosing a Method of Multi-Factor Authentication
Websites:
List of websites and whether or not they support 2FA.
https://twofactorauth.org/
Google Authenticator Wiki
https://en.wikipedia.org/wiki/Google_Authenticator
dongleauth.info
http://www.dongleauth.info/
Yubico and disk encryption
https://www.yubico.com/why-yubico/for-businesses/systems/disk-encryption/
Software:
Yubikey & luks
https://github.com/cornelinux/yubikey-luks

Lesson 99. Multi-Factor Authentication - Strengths and Weaknesses
Hardware:
RSA Tokens
https://www.rsa.com/en-us/products-services/identity-access-management/securid/hardware-tokens

Lesson 100. The Future of Password and Authentication
Websites:
SQRL demo
https://www.grc.com/sqrl/demo.htm
Clef
https://getclef.com/

Lesson 104. BONUS Lecture from Volume 3 - Which VPN protocol is best to use? and why?
Websites:
John Gilmore on ispec
https://www.mail-archive.com/cryptography@metzdowd.com/msg12325.html
Wikipedia - OpenVPN#Encryption

Reports:
Cryptanalysis of Microsoft’s PPTP Authentication Extensions (MS-CHAPv2)
https://www.schneier.com/academic/archives/1999/09/cryptanalysis_of_mic_1.html
spiegel.de - NSA leaks on ipsec
http://www.spiegel.de/media/media-35529.pdf
Software:
openvpn.net
https://openvpn.net/

Are you certain about the turbo.net and cyberinc.com links? Watching the hackers exposed series I noticed they differ from the links shown in the video, and they seem to be out of date.

In vid 6:54 spikes.com/technology.html != text link Turbo.net
In vid 6:56 spoon.net != text link cyberinc.com

Thanks for this series and all the info you packed into it!

Changed owners.

You can also use https://yamlonline.com/ for the yaml validator as well as yaml converter to json,csv,xml,base64 also for beautify and minify YAML.

1 Like