Hardening Chrome based browsers
Go to
Then,
Disable - The Following Flags
==========================
#enable-offline-auto-reload
#disable-webrtc-hw-decoding
#disable-webrtc-hw-encoding
#enable-webrtc-hw-vp8-encoding
#clear-old-browsing-data
#enable-usermedia-screen-capturing
#disable-hyperlink-auditing
#contextual-search-ml-tap-suppression
#contextual-search-ranker-query
#enable-password-generation
#enable-manual-password-generation
#wallet-service-use-sandbox
#enable-chrome-home-survey
#vr-browsing-native-android-ui
#enable-gamepad-extensions
#webxr
#webxr-gamepad-support
#webxr-orientation-sensor-device
#webxr-hit-test
#vr-icon-in-daydream-home
#safe-search-url-reporting
#keep-prefetched-content-suggestions
#content-suggestions-debug-log
#enable-breaking-news-push
#interested-feed-content-suggestions
#enable-ntp-article-suggestions-expandable-header
#enable-ntp-remote-suggestions
#enable-ntp-suggestions-notifications
#PasswordExport
#PasswordImport
#password-search
#enable-nostate-prefetch
#enable-new-preconnect
#enable-async-dns
#enable-mark-https-as set to: Enable (mark as actively dangerous) this option will be removed
#BundledConnectionHelp
enable-omnibox-voice-search-always-visible
#enable-viz-test-draw-quad
#enable-framebusting-needs-sameorigin-or-usergesture
Enable - The Following Flags
==========================
#num-raster-threads (4)
#enable-offline-auto-reload-visible-only
#enable-tcp-fast-open
#enable-scroll-anchoring
#enable-new-photo-picker (enabled)
#enable-fast-unload
#enable-history-entry-requires-user-gesture
#smooth-scrolling
#enable-quic (see explanation)
#enable-android-spellchecker
#enable-chrome-modern-design
#enable-modal-permission-dialog-view
#reduced-referrer-granularity
#enable-site-per-process
#offline-bookmarks
#enable-brotli
#force-show-update-menu-badge
#tls13-variant set to: Enabled (Draft23)
#disable-audio-support-for-desktop-share
#enable-content-suggestions-new-favicon-server
#important-site-in-cbd
#enable-font-cache-scaling
#new-audio-rendering-mixing-strategy
#expensive-background-timer-throttling
#modal-permission-prompts
#lsd-permission-prompt
#language-settings
#enable-custom-context-menu
#enable-custom-feedback-ui
#omnibox-display-title-for-current-url
#autoplay-policy set to: Document user activation required
#enable-async-image-decoding
#dont-prefetch-libaries
#sound-content-setting
#enable-parallel-downloading
#enable-overflow-icons-for-media-controls
#enable-downloads-location-change
#enable-block-tab-unders
#stop-in-background
#clipboard-content-settings
#enable-modern-media-controls
#unified-consent
By Chef Koch
Taken from @EnergizedProtection β‘οΈ
#hardening #chrome #browser
Go to
chrome://flags
Then,
Disable - The Following Flags
==========================
#enable-offline-auto-reload
#disable-webrtc-hw-decoding
#disable-webrtc-hw-encoding
#enable-webrtc-hw-vp8-encoding
#clear-old-browsing-data
#enable-usermedia-screen-capturing
#disable-hyperlink-auditing
#contextual-search-ml-tap-suppression
#contextual-search-ranker-query
#enable-password-generation
#enable-manual-password-generation
#wallet-service-use-sandbox
#enable-chrome-home-survey
#vr-browsing-native-android-ui
#enable-gamepad-extensions
#webxr
#webxr-gamepad-support
#webxr-orientation-sensor-device
#webxr-hit-test
#vr-icon-in-daydream-home
#safe-search-url-reporting
#keep-prefetched-content-suggestions
#content-suggestions-debug-log
#enable-breaking-news-push
#interested-feed-content-suggestions
#enable-ntp-article-suggestions-expandable-header
#enable-ntp-remote-suggestions
#enable-ntp-suggestions-notifications
#PasswordExport
#PasswordImport
#password-search
#enable-nostate-prefetch
#enable-new-preconnect
#enable-async-dns
#enable-mark-https-as set to: Enable (mark as actively dangerous) this option will be removed
#BundledConnectionHelp
enable-omnibox-voice-search-always-visible
#enable-viz-test-draw-quad
#enable-framebusting-needs-sameorigin-or-usergesture
Enable - The Following Flags
==========================
#num-raster-threads (4)
#enable-offline-auto-reload-visible-only
#enable-tcp-fast-open
#enable-scroll-anchoring
#enable-new-photo-picker (enabled)
#enable-fast-unload
#enable-history-entry-requires-user-gesture
#smooth-scrolling
#enable-quic (see explanation)
#enable-android-spellchecker
#enable-chrome-modern-design
#enable-modal-permission-dialog-view
#reduced-referrer-granularity
#enable-site-per-process
#offline-bookmarks
#enable-brotli
#force-show-update-menu-badge
#tls13-variant set to: Enabled (Draft23)
#disable-audio-support-for-desktop-share
#enable-content-suggestions-new-favicon-server
#important-site-in-cbd
#enable-font-cache-scaling
#new-audio-rendering-mixing-strategy
#expensive-background-timer-throttling
#modal-permission-prompts
#lsd-permission-prompt
#language-settings
#enable-custom-context-menu
#enable-custom-feedback-ui
#omnibox-display-title-for-current-url
#autoplay-policy set to: Document user activation required
#enable-async-image-decoding
#dont-prefetch-libaries
#sound-content-setting
#enable-parallel-downloading
#enable-overflow-icons-for-media-controls
#enable-downloads-location-change
#enable-block-tab-unders
#stop-in-background
#clipboard-content-settings
#enable-modern-media-controls
#unified-consent
By Chef Koch
Taken from @EnergizedProtection β‘οΈ
#hardening #chrome #browser
CHEF-KOCH
Firefox Hardening
https://github.com/CHEF-KOCH/FFCK
user.js -- Firefox configuration hardening
https://github.com/CHEF-KOCH/user.js
Chromium Hardening
https://github.com/CHEF-KOCH/Chromium-hardening
Thunderbird user.js hardening
https://github.com/CHEF-KOCH/TBCK
Android Privacy Data Protection Tools
https://github.com/CHEF-KOCH/Android-Privacy-Data-Protection-Tools-Mega-Thread
POTARC - Privacy Online Test And Resource Compendium
https://github.com/CHEF-KOCH/Online-Privacy-Test-Resource-List
DNScrypt proxy blacklist filter
A basic filter list designed for the blacklist mechanism in DNSCryp-Proxy v2
https://github.com/CHEF-KOCH/dnscrypt-proxy-blacklist-filter
DarkWeb pages overview
Shows Deep Web specific pages, software and other related information.
https://github.com/CHEF-KOCH/ProjectX
CHEF-KOCH Warez list
https://github.com/CHEF-KOCH/Warez
Android Unbound DNS-over-TLS
https://github.com/CHEF-KOCH/Android-Unbound-DNSoverTLS
Windows Gaming Tweaks
https://github.com/CHEF-KOCH/GamingTweaks
https://chef-koch.github.io
https://github.com/CHEF-KOCH
https://gitlab.com/CHEF-KOCH
π‘ @NoGoolag
#ck #chef #koch #hardening #ff #chrome #chromium #alternatives
Firefox Hardening
https://github.com/CHEF-KOCH/FFCK
user.js -- Firefox configuration hardening
https://github.com/CHEF-KOCH/user.js
Chromium Hardening
https://github.com/CHEF-KOCH/Chromium-hardening
Thunderbird user.js hardening
https://github.com/CHEF-KOCH/TBCK
Android Privacy Data Protection Tools
https://github.com/CHEF-KOCH/Android-Privacy-Data-Protection-Tools-Mega-Thread
POTARC - Privacy Online Test And Resource Compendium
https://github.com/CHEF-KOCH/Online-Privacy-Test-Resource-List
DNScrypt proxy blacklist filter
A basic filter list designed for the blacklist mechanism in DNSCryp-Proxy v2
https://github.com/CHEF-KOCH/dnscrypt-proxy-blacklist-filter
DarkWeb pages overview
Shows Deep Web specific pages, software and other related information.
https://github.com/CHEF-KOCH/ProjectX
CHEF-KOCH Warez list
https://github.com/CHEF-KOCH/Warez
Android Unbound DNS-over-TLS
https://github.com/CHEF-KOCH/Android-Unbound-DNSoverTLS
Windows Gaming Tweaks
https://github.com/CHEF-KOCH/GamingTweaks
https://chef-koch.github.io
https://github.com/CHEF-KOCH
https://gitlab.com/CHEF-KOCH
π‘ @NoGoolag
#ck #chef #koch #hardening #ff #chrome #chromium #alternatives
GrapheneOS
GrapheneOS is an open source privacy and security focused mobile OS with Android app compatibility.
https://grapheneos.org
Installation instructions
https://grapheneos.org/install
Official Downloads
https://grapheneos.org/releases
https://github.com/GrapheneOS
https://github.com/AndroidHardeningArchive
https://attestation.app
IRC: #grapheneos on Freenode (irc.freenode.net)
Matrix: #grapheneos:matrix.org
https://reddit.com/r/GrapheneOS
FAQs
https://github.com/Peter-Easton/GrapheneOS-Knowledge/blob/master/GrapheneOS-Security-Q%26A.md
Info on Titan M
https://opensource.googleblog.com/2019/11/opentitan-open-sourcing-transparent.html
https://opentitan.org/
#graphene #grapheneos #rom #android #hardening
GrapheneOS is an open source privacy and security focused mobile OS with Android app compatibility.
https://grapheneos.org
Installation instructions
https://grapheneos.org/install
Official Downloads
https://grapheneos.org/releases
https://github.com/GrapheneOS
https://github.com/AndroidHardeningArchive
https://attestation.app
IRC: #grapheneos on Freenode (irc.freenode.net)
Matrix: #grapheneos:matrix.org
https://reddit.com/r/GrapheneOS
FAQs
https://github.com/Peter-Easton/GrapheneOS-Knowledge/blob/master/GrapheneOS-Security-Q%26A.md
Info on Titan M
https://opensource.googleblog.com/2019/11/opentitan-open-sourcing-transparent.html
https://opentitan.org/
#graphene #grapheneos #rom #android #hardening
GrapheneOS
GrapheneOS: the private and secure mobile OS
GrapheneOS is a security and privacy focused mobile OS with Android app compatibility.
user.js-updater by Fennec F-Droid | CHAT
Apply a security and privacy enhanced configuration to Firefox based browsers on android with this app:
https://github.com/v1nc/user.js-updater
1οΈβ£ Download and install Fennec F-Droid.
2οΈβ£ Download and install user.js-updater app from HERE
3οΈβ£ Start for the first time (offline mode/no data connections) and wait about 5 sec.
4οΈβ£ Close Fennec.
5οΈβ£ Open user.js-updater app.
6οΈβ£ Select the browser you want to apply user.js through the "SELECT BROWSER" bar at the top.
7οΈβ£ Select custom and paste in "custom user.js url" bar this link:
https://git.nixnet.xyz/quindecim/fennec_user.js/raw/branch/master/user.js
or MIRRORS:
https://git.lelux.fi/quindecim/fennec_user.js/raw/branch/master/user.js
https://git.lushka.al/quindecim/fennec_user.js/raw/branch/master/user.js
8οΈβ£ Tap "UPDATE" at the bottom and grant root permission to proceed.
9οΈβ£ Start Fennec and test:
_ Go to: about:config
_ Look if config.applied is true
βοΈ Remember to enable connection to "Media Storage, Download Manager, Downloads, MTP Host" to see the app work correctly.
After applying, add ublock origin and extra blocking lists: https://lushka.al/blocklist/
π‘: https://t.me/qd_invitation
#ff #firefox #fennec #browser #hardening #userjs
Apply a security and privacy enhanced configuration to Firefox based browsers on android with this app:
https://github.com/v1nc/user.js-updater
1οΈβ£ Download and install Fennec F-Droid.
2οΈβ£ Download and install user.js-updater app from HERE
3οΈβ£ Start for the first time (offline mode/no data connections) and wait about 5 sec.
4οΈβ£ Close Fennec.
5οΈβ£ Open user.js-updater app.
6οΈβ£ Select the browser you want to apply user.js through the "SELECT BROWSER" bar at the top.
7οΈβ£ Select custom and paste in "custom user.js url" bar this link:
https://git.nixnet.xyz/quindecim/fennec_user.js/raw/branch/master/user.js
or MIRRORS:
https://git.lelux.fi/quindecim/fennec_user.js/raw/branch/master/user.js
https://git.lushka.al/quindecim/fennec_user.js/raw/branch/master/user.js
8οΈβ£ Tap "UPDATE" at the bottom and grant root permission to proceed.
9οΈβ£ Start Fennec and test:
_ Go to: about:config
_ Look if config.applied is true
βοΈ Remember to enable connection to "Media Storage, Download Manager, Downloads, MTP Host" to see the app work correctly.
After applying, add ublock origin and extra blocking lists: https://lushka.al/blocklist/
π‘: https://t.me/qd_invitation
#ff #firefox #fennec #browser #hardening #userjs
HARDENED CONFIG FILES PROJECT for FIREFOX:
π‘: https://t.me/qd_invitation
ANDROID:
https://git.nixnet.xyz/quindecim/mobile_user.js
DESKTOP:
https://git.nixnet.xyz/quindecim/mozilla.cfg
#ff #firefox #fennec #config #hardening #privacy #quindecim
π‘: https://t.me/qd_invitation
ANDROID:
https://git.nixnet.xyz/quindecim/mobile_user.js
DESKTOP:
https://git.nixnet.xyz/quindecim/mozilla.cfg
#ff #firefox #fennec #config #hardening #privacy #quindecim
Forwarded from BlackBox (Security) Archiv
Huawei HKSP Introduces Trivially Exploitable Vulnerability
5/11/2020 Update: We were contacted this morning by Huawei PSIRT who referenced an email by the patch author to the KSPP list: https://www.openwall.com/lists/kernel-hardening/2020/05/10/3 and stated that "The patchset is not provided by Huawei official but an individual. And also not used in any Huawei devices." They asked if we would update the description of the article to correct this information.
Based on publicly-available information, we know the author of the patch is a Huawei employee, and despite attempts now to distance itself from the code after publication of this post, it still retains the Huawei naming. Further, on information from our sources, the employee is a Level 20 Principal Security staffer, the highest technical level within Huawei.
The Github repository mentioned in the article had a commit added to it this morning that inserted a notice to the top of the README file, distancing the code from Huawei. This commit was (intentionally or not) backdated to Friday when the repository was created, creating the impression that we somehow intentionally ignored pertinent information that was readily available. This is obviously untrue, and examining the contents of https://api.github.com/repos/cloudsec/hksp/events proves the commit was pushed to the repo this morning.
We replied to Huawei PSIRT's mail and mentioned that we'd be fine with mentioning the patches aren't shipping on any Huawei devices (I believed it already to be unlikely given the poor code quality), but regarding the other claim (particularly due to the surreptitious Github repo edit), we'd have to also include the additional information we discovered.
ππΌ Read more:
https://grsecurity.net/huawei_hksp_introduces_trivially_exploitable_vulnerability
https://www.openwall.com/lists/kernel-hardening/2020/05/10/3
https://api.github.com/repos/cloudsec/hksp/events
#huawei #PSIRT #hksp #exploitable #kernel #hardening #vulnerability
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
5/11/2020 Update: We were contacted this morning by Huawei PSIRT who referenced an email by the patch author to the KSPP list: https://www.openwall.com/lists/kernel-hardening/2020/05/10/3 and stated that "The patchset is not provided by Huawei official but an individual. And also not used in any Huawei devices." They asked if we would update the description of the article to correct this information.
Based on publicly-available information, we know the author of the patch is a Huawei employee, and despite attempts now to distance itself from the code after publication of this post, it still retains the Huawei naming. Further, on information from our sources, the employee is a Level 20 Principal Security staffer, the highest technical level within Huawei.
The Github repository mentioned in the article had a commit added to it this morning that inserted a notice to the top of the README file, distancing the code from Huawei. This commit was (intentionally or not) backdated to Friday when the repository was created, creating the impression that we somehow intentionally ignored pertinent information that was readily available. This is obviously untrue, and examining the contents of https://api.github.com/repos/cloudsec/hksp/events proves the commit was pushed to the repo this morning.
We replied to Huawei PSIRT's mail and mentioned that we'd be fine with mentioning the patches aren't shipping on any Huawei devices (I believed it already to be unlikely given the poor code quality), but regarding the other claim (particularly due to the surreptitious Github repo edit), we'd have to also include the additional information we discovered.
ππΌ Read more:
https://grsecurity.net/huawei_hksp_introduces_trivially_exploitable_vulnerability
https://www.openwall.com/lists/kernel-hardening/2020/05/10/3
https://api.github.com/repos/cloudsec/hksp/events
#huawei #PSIRT #hksp #exploitable #kernel #hardening #vulnerability
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
Forwarded from BlackBox (Security) Archiv
Lockdown your linux install. The simple zero config linux hardening script
π‘Read more π‘
https://github.com/x08d/lockdown.sh/blob/master/lockdown.sh
βΌοΈ use at your own risk, as it can lead to system crashes for noobies.. βΌοΈ
#lockdown #linux #hardening #recommendation #tip
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘Read more π‘
https://github.com/x08d/lockdown.sh/blob/master/lockdown.sh
βΌοΈ use at your own risk, as it can lead to system crashes for noobies.. βΌοΈ
#lockdown #linux #hardening #recommendation #tip
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
Forwarded from BlackBox (Security) Archiv
Media is too big
VIEW IN TELEGRAM
Quantum Hardening Cryptographic Protocols
This talk is an introduction to the field of quantum hardening. The introduction of practical quantum computers will render existing cryptographic protocols unsafe. At what point we need to start worrying and what can be done to remedy this problem is the focus of this talk. The talk begins with an introduction to the design of modern cryptographic protocols in general.
If you would like to skip the crypto introduction and cut to the quantum hardening part, jump to minute 29:00
πΊ ππΌ π¬π§ https://media.ccc.de/v/DiVOC-19-quantum-en
πΊ ππΌ π©πͺ https://media.ccc.de/v/DiVOC-19-quantum
#ccc #DiVOC #video #quantum #hardening
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
This talk is an introduction to the field of quantum hardening. The introduction of practical quantum computers will render existing cryptographic protocols unsafe. At what point we need to start worrying and what can be done to remedy this problem is the focus of this talk. The talk begins with an introduction to the design of modern cryptographic protocols in general.
If you would like to skip the crypto introduction and cut to the quantum hardening part, jump to minute 29:00
πΊ ππΌ π¬π§ https://media.ccc.de/v/DiVOC-19-quantum-en
πΊ ππΌ π©πͺ https://media.ccc.de/v/DiVOC-19-quantum
#ccc #DiVOC #video #quantum #hardening
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
Android browsers:
https://t.me/NoGoolag/2194
Chromium based browsers:
- https://t.me/libreware/218
Firefox hardening:
- https://github.com/theel0ja/firefox-recommendations/blob/master/README.md
- https://t.me/NoGoolag/1687
Chromium hardening:
-https://write.as/lynn-stephenson/hardening-chromium
#browsers #chromium #firefox #hardening #androidbrowsers
https://t.me/NoGoolag/2194
Chromium based browsers:
- https://t.me/libreware/218
Firefox hardening:
- https://github.com/theel0ja/firefox-recommendations/blob/master/README.md
- https://t.me/NoGoolag/1687
Chromium hardening:
-https://write.as/lynn-stephenson/hardening-chromium
#browsers #chromium #firefox #hardening #androidbrowsers
Madaidan's Linux Hardening Guide
https://madaidans-insecurities.github.io/guides/linux-hardening.html
#madaidan #Linux #Hardening #Guide
https://madaidans-insecurities.github.io/guides/linux-hardening.html
#madaidan #Linux #Hardening #Guide
CEO of Twitter loves GrapheneOS
https://nitter.net/jack/status/1355295732836626432
But everyone should boycott Twitter
#graphene #grapheneos #android #hardening #twitter
https://nitter.net/jack/status/1355295732836626432
But everyone should boycott Twitter
#graphene #grapheneos #android #hardening #twitter
Nitter
jackβ‘οΈ (@jack)
grapheneos.org/
#Android Smartphone #Hardening non-root #Guide 4.0
By @TheAnonymouseJoker
https://lemmy.ml/post/128667
By @TheAnonymouseJoker
https://lemmy.ml/post/128667
n0rthl1ght/ahwt: Another Hardening Windows Tool β GitHub
GPL-3.0 license
AHWT - another hardening tool for Windows operating systems.
Description (on RUS)
Program is a script generator with collection of parameters and recommendations from CIS Benchmarks and DoD STIGs with some adjusments.
All parameters placed in databases with the names of the operating systems that are used to.
Parameters were checked and tested according to official MS documentation and researchers opinion.
Scripts generates in 2 modes - auto and manual.
All databases have profiles for each operating system min/med/full which corresponds with Minimum (only level 3 parameters (CIS lvl 2/STIG lvl 3)), Medium (level 2 & 3 parameters (CIS lvl 1 & 2/STIG lvl 2)) and Full (lvl 1-3 parameters).
#Windows #Hardening #Security
GPL-3.0 license
AHWT - another hardening tool for Windows operating systems.
Description (on RUS)
Program is a script generator with collection of parameters and recommendations from CIS Benchmarks and DoD STIGs with some adjusments.
All parameters placed in databases with the names of the operating systems that are used to.
Parameters were checked and tested according to official MS documentation and researchers opinion.
Scripts generates in 2 modes - auto and manual.
All databases have profiles for each operating system min/med/full which corresponds with Minimum (only level 3 parameters (CIS lvl 2/STIG lvl 3)), Medium (level 2 & 3 parameters (CIS lvl 1 & 2/STIG lvl 2)) and Full (lvl 1-3 parameters).
#Windows #Hardening #Security