List of references for Volume IV - End Point Protection Sections 1-6

Introduction to the Instructor!
Nathan’s Twitter #GotoNathan
Nathan’s Cyber Security Blog

Disk Encryption Attacks - Cryptoalgorithms, Brute Force Attacks & Implementation
N.S.A. Able to Foil Basic Safeguards of Privacy on Web

Further reading on quantum computing and its effect of cryptography - NIST Reports

Disk Encryption Attacks - Physical 11:17

Choose the Right BitLocker Countermeasure
Intel® Virtualization Technology for Directed I/O (VT-d): Enhancing Intel platforms for efficient virtualization of I/O devices

Wikipedia - Disk encryption

Evil Maid goes after TrueCrypt!

Security Pitfalls in Cryptography
Inception over firewire attack - video

Cold Boot Attack Demo - Video

nullcon Goa 2015: Cold Boot Attack on DDR2 and DDR3 RAM by Marko Schuba - Video

Passware Kit Enterprise - Hard Disk Decryption

Report - Cold Boot Attack on DDR2 and DDR3 RAM

Disk Encryption Attacks - Containers, Volumes and Partitions
Security Pitfalls in Cryptography

Windows - Disk Encryption - An Introduction
Comparison of disk encryption software From Wikipedia

Windows BitLocker
Truecrpyt v7.2 (latest full version) - Download

Symantec Drive Encryption
BestCrypt Container Encryption

Windows - Disk Encryption - Bitlocker
Windows BitLocker Drive Encryption Step-by-Step Guide
What’s new in Windows 10, versions 1507 and 1511

Every Windows 10 in-place Upgrade is a SEVERE Security risk


Windows - Setting Up BitLocker

Windows - Disk Encryption - VeraCrypt

IsTrueCryptAuditedYet? Yes!
German Government Audits Truecrypt

Truecrypt 7 Derived Code/Windows: Drive Letter Symbolic Link Creation EoP
Truecrypt 7 Derived Code/Windows: Incorrect Impersonation Token Handling EoP
TrueCrypt and VeraCrypt vulnerability
VeraCrypt - Operating Systems Supported for System Encryption

VeraCrypt Secure Boot
Veracrypt FAQ

Windows - Disk Encryption - CipherShed, Diskcryptor, Symantec and Bestcrypt
Comparison of disk encryption software From Wikipedia

BestCrypt Volume Encryption

Symantec Drive Encryption

Windows, Mac & Linux - Setting up VeraCrypt
VeraCrypt - Beginner’s Tutorial

Mac - Filevault2
OS X Security and Privacy Guide - full disk encryption

Use FileVault to encrypt the startup disk on your Mac - Apple

Infiltrate the Vault: Security Analysis and Decryption of Lion Full Disk Encryption

Mac - Setting up Filevault2
Startup key combinations for Mac

pmset – manipulate power management settings - Man Page
DeepSleep - Hibernate your Mac
Infiltrate the Vault: Security Analysis and Decryption of Lion Full Disk Encryption

Security Analysis and Decryption of FileVault 2 IFIP WG 11.9

Apple Technical White Paper - Best Practices for Deploying FileVault 2

Linux Whole Disk Encryption - Dm-crypt and LUKS
Plain dm-crypt
LUKS support for storing keys in TPM NVRAM

Two factor authentication with Yubikey for harddisk encryption with LUKS

Yubikey Two-factor Authentication Full-disk Encryption via LUKS

Linux - Setting up DMCrypt/LUKS
The Debian Administrator’s Handbook
Cryptsetup & LUKS

Arch - dm-crypt/Encrypting an entire system
Arch - Disk encryption

Linux - Encrypting the boot partition with Grub2
Arch - Encrypted boot partition (GRUB)
Two factor authentication with Yubikey for harddisk encryption with LUKS

Yubikey Two-factor Authentication Full-disk Encryption via LUKS

Self Encrypting Drives (SEDs)
Ten Reasons to Buy Self-Encrypting Drives

Defense Against Disk Decryption Attacks
Security Requirements and Precautions

TRESOR Runs Encryption Securely Outside RAM

File Encryption
PeaZip archiver
Keka archiver for macOS
AES Crypt
GNU Privacy Guard

Mandatory Key Disclosure & Plausible Deniability
Key disclosure law From Wikipedia
veracrypt - Hidden Volume
Arch - Plain dm-crypt
veracrypt - Plausible Deniability
Appeals Court Upholds Constitutional Right Against Forced Decryption
xkcd comic – security

Case Studies in Disk Decryption
KINGPIN: How One Hacker Took Over the Billion-Dollar Cybercrime Underground
Hacking Godfather ‘Maksik’ Sentenced to 30 Years by Turkish Court

Is Anti-Virus dead? - The Threat Landscape - The best antivirus software for Windows Home User
kaspersky compare
FUD Crypting Service (0/35 100% FUD)

Is Anti-Virus dead? - Protection Methods
Cyberthreat Real-Time Map
Malicious Code Detection Technologies

The cost of ransomware attacks: $1 billion this year

Anti-Virus and End-Point-Protection Testing
List of AV Testing Labs
AV Comparatives

The Best of Business End-Point-Protection (EPP)
The best antivirus software for Windows Client Business User
BitDefender Business
Kaspersky SMB

Windows - The Best of Anti-Virus and End-Point-Protection
Windows 10 – Protect Your PC
Microsoft’s Free Security Tools – Windows Defender Offline
Norton Security
Windows Security Essentials Download

Business End Point Protection (EPP)
The best antivirus software for Windows Client Business User

Mac - XProtect
Are you sure you want to open it?" alert (File Quarantine / Known Malware Detection) in OS X
The Mac Security Blog
YARA for malware researchers

Mac - The Best of Anti-Virus and End-Point-Protection
History of Mac Malware
The Safe Mac Blog
Mac Security Test & Review
Malwarebytes for Mac
Patrick Wardle, Synack: “How to practically create elegant, bad@ss OS X malware.”

Linux - The Best of Anti-Virus and End-Point-Protection
Linux malware From Wikipedia
Linux Security Review
rootkit_hunter lynis

Linux Malware Detect

Online and Second Opinion - Anti-Virus and End-Point-Protection email-submissions
Virus Software Recomendations
Applications and Threat Intelligence Platform!/scan-file
Jotti’s malware scan
on-line scan service
ESET Online Scanner
herdProtect Anti-Malware Scanner
HitmanPro malware detection tool

Is Anti-Virus and End-Point-Protection Dangerous?
AVG can sell your browsing and search history to advertisers
Zero-day vulnerabilities reportedly found in Kaspersky and FireEye security products
‘Ridiculous’ Bug in Popular Antivirus Allows Hackers to Steal all Your Passwords
Comodo: Comodo “Chromodo” Browser disables same origin policy, Effectively turning off web security.
MalwareBytes: multiple security issues
High-severity bugs in 25 Symantec/Norton products imperil millions
Tavis Ormandy @taviso

Next Generation - Anti-Virus (NG-AV) & End-Point-Protection (NG-EPP)
Magic Quadrant for Endpoint Protection Platform
Magic Quadrant review of changes in 2017

What is application and execution control?

Windows - Application control - ACLs, Windows Permission Identifier & Accessenum
How to Change File Permissions on Windows 7
Windows Permission Identifier

Windows - Application control - User Account Control (UAC)
User Account Control (UAC)
User Account Control From Wikipedia
Windows 7 – How to Configure UAC (User Account Control)
How User Account Control works

Windows - Application control - Software Restriction Policies
Use Software Restriction Policies to block viruses and malware
Application Whitelisting using Software Restriction Policies (version 1.1)
Server not found
Use a Software Restriction Policy (or Parental Controls) to stop exploit payloads and Trojan Horse programs from running

Windows - Application control - AppLocker
What Is AppLocker?
Restrict Access to Programs with AppLocker in Windows 7
Lock down Windows 10 to specific apps
AppLocker Step-by-Step Guide
Use AppLocker and Software Restriction Policies in the same domain
Bypass the Windows AppLocker bouncer with a tweet-size command
Bypass Application Whitelisting Script Protections - Regsvr32.exe & COM Scriptlets (.sct files)
Finding Evil in the Whitelist
Guide to Application Whitelisting
NoVA Hackers Curt Shaffer & Judah Plummer - Application Whitelisting

Windows - Application Control - Parental controls
Ensure a Windows PC Never Gets Malware By Whitelisting Applications
Test: Parental control software for Windows and Mac OS X

Windows - Third Party App Control – AV, Appguard, VoodooShield, NoVirusThanks
Protecting your PC against any malware using Kaspersky Lab’s Trusted Applications technology
Kaspersky Internet Security 20xx
AppGuard® Breach Prevention
NoVirusThanks EXE Radar Pro
Lumension Application Control
Cb Endpoint Security Platform
McAfee Application Control

Windows - Exploitation Prevention - EMET
Microsoft - Moving Beyond EMET
CVE-2015-2545 ITW EMET Evasion
EMET: Guide To New Features - Video
Enhanced Mitigation Experience Toolkit (EMET)
Microsoft - The Enhanced Mitigation Experience Toolkit
Process Explorer
Whitepaper on Bypassing ASLR/DEP

Windows - Exploitation Prevention - Traps, MBEA and HMPA
Malwarebytes Anti-Exploit
Malwarebytes and sandboxie
Palo Alto Traps
HitmanPro.Alert - Exploit Test Tool Manual

Windows 10 - Device Guard
What’s new in Windows 10, versions 1507 and 1511

Device Guard deployment guide
Microsoft future security strategy - black hat talk
Device Guard and Credential Guard hardware readiness tool
IOMMU: A Detailed view

Windows - Defender Application Guard for Microsoft Edge
Introducing Windows Defender Application Guard for Microsoft Edge
Windows Defender Application Guard for Microsoft Edge

Linux - Security frameworks - AppArmor
AppArmor From Wikipedia
AppArmor How To Use

Linux - Security frameworks - SElinux
Security-Enhanced Linux From Wikipedia
SELinux Project Wiki
SELinux on Debian

Linux - Security frameworks - Grsecurity
Grsecurity/Configuring and Installing grsecurity
Hardening Debian for the Desktop Using Grsecurity
Which is better, grsecurity, AppArmor or SELinux?
Linux Kernel Security (SELinux vs AppArmor vs Grsecurity)
Which distributions maintain a kernel package with grsecurity support
Alpine Linux
Arch Linux kernel and modules with grsecurity
Debian grsecurity kernel APT repository (unofficial)

Linux - Security frameworks - PaX and more
Homepage of The PaX Team
Rule Set Based Access Control
Yama is a Linux Security Module

Mac - Application control - Parental controls
How can I ensure only “whitelisted” applications run on OS X

Mac - Application control - Gatekeeper
OS X: About Gatekeeper
Researchers slip malware onto Apple’s App Store, again
Gatekeeper Exposed
Gatekeeper Exposed

Mac - Application control - System Integrity Protection
El Capitan’s System Integrity Protection will shift utilities’ functions
What’s New in OS X El Capitan v10.11
About System Integrity Protection on your Mac
Security and Your Apps

Mac - Application control - Santa
How to bypass Google’s Santa LOCKDOWN mode
A binary whitelisting/blacklisting system for Mac OS X

Mac - Application control - Little Flocker
Little Flocker

Mac - Other Stuff!
Dylib Hijack Scanner

The New Normal For End-Point-Protection Technology
X by Invincea
Deep Freeze
Attivo Networks

Deep Instinct

Magic Quadrant for Endpoint Protection Platform
Magic Quadrant review of changes in 2017​