Burner Phone Best Practices
by B3RN3D, published January 22 2014

"There's a good mix of useful and mis-information in regards to burner phones out there. I thought I would compile some facts and review the proper use-case for a burner phone.

Tracking: Fingerprinting

Burner phones, for both CDMA and GSM, are easy to trace. Carriers specifically segregate burner/prepaid traffic from normal subscriber traffic. Yes, this is primarily used to control which type of traffic should receive priority, but it's used by LEOs to easily identify network traffic used by targets.

Bruce Schneier recently commented on what the NSA is actively doing in regards to burner phones. In a recent lawsuit between the NSA and the EFF, [...]one of the ways the US keeps track of burner traffic, is by fingerprinting the number of unique contacts, and the times of the calls. With this information, it's much easier to keep track of whose phone is whose[...]"

Source: Radical Defense (link)

#security #communications #document #zine #link

Linux Kernel Security Done Right

https://security.googleblog.com/2021/08/linux-kernel-security-done-right.html

#Linux #Kernel #Security

#security
page 1 - 2 - 3 - 4
Click here to return to the ⚒ Resource Index ⚒


Security Culture - Basics for Protests
https://t.me/RevToolboxRedux/2165
https://t.me/RevToolboxRedux/2166 - PDF version

Security and Counter-Surveillance - Information Against the Police State
https://t.me/RevToolboxRedux/2559

What To Do When You're Arrested
https://t.me/RevToolboxRedux/2585

Surveillance Self Defense in Public Spaces
https://t.me/RevToolboxRedux/2755

Movement Defense Means All of Us - A guide to building resilient movements and countering repression.
https://t.me/RevToolboxRedux/2070

No Badjacketing - The State Wants To Kill Us, Let's Not Cooperate (important article)
https://t.me/RevToolboxRedux/2915

Why Misogynists Make Great Informants
https://t.me/RevToolboxRedux/2916

Digital Communication Protocols Beyond Telegram
https://t.me/RevToolboxRedux/3338

Police Infiltrators - the ultimate betrayal
https://t.me/RevToolboxRedux/2502

Privacy/Security Resource list
https://t.me/RevToolboxRedux/12

Some tips on staying secure online
https://t.me/RevToolboxRedux/157

Elicitation - subtly soliciting information
https://t.me/RevToolboxRedux/167

Telegram tips for group/channel admins (old)
https://t.me/RevToolboxRedux/198

Breaking News Consumer's Handbook
https://t.me/RevToolboxRedux/209

Antifascism is Self Defense
https://t.me/RevToolboxRedux/264

Digital security resources for activists
https://t.me/RevToolboxRedux/267

Know Your Rights - A Crashcourse 4 Protesters (Don't Shoot PDX)
https://t.me/RevToolboxRedux/273

Best Practices for Signal Threads
https://t.me/RevToolboxRedux/280

The Riot is One Night But Metadata is Forever
https://t.me/RevToolboxRedux/293

Never Talk to the Cops
https://t.me/RevToolboxRedux/294

Before Posting Ask Yourself - does this pose a risk?
https://t.me/RevToolboxRedux/295

Surveillance Self Defense (EFF)
https://t.me/RevToolboxRedux/309

How To Make It Harder for Cops to Do Their Jobs
https://t.me/RevToolboxRedux/310

Beating FBI Surveillance
https://t.me/RevToolboxRedux/319

How To Find Hidden Cameras
https://t.me/RevToolboxRedux/334

DIY Faraday Bag (untested)
https://t.me/RevToolboxRedux/327

Guide to IMSI Catchers (Fake Cell Towers)
https://t.me/RevToolboxRedux/337

Covering Cameras w/ Umbrellas
https://t.me/RevToolboxRedux/369

Getting Started - Telegram Anonymity
https://t.me/RevToolboxRedux/370

Tails OS Leaflet
https://t.me/RevToolboxRedux/378

Car Brigade Techniques
https://t.me/RevToolboxRedux/407

Beware Swoopers
https://t.me/RevToolboxRedux/431

Spread Good Info! S.A.L.U.T.E.
https://t.me/RevToolboxRedux/436

Anarchist Direct Actions - A Challenge for Law Enforcement
https://t.me/RevToolboxRedux/462

What To Do If You Are Stopped by the Police
https://t.me/RevToolboxRedux/465

Criptica. Resistencia Digital (espanol)
https://t.me/RevToolboxRedux/467

Which Apps Are Secure and End-to-End Encrypted?
https://t.me/RevToolboxRedux/495

When the Police Knock on Your Door
https://t.me/RevToolboxRedux/517

Dress for Success - Disguise without Bloc
https://t.me/RevToolboxRedux/518

Look Out for Fascist Entryism
https://t.me/RevToolboxRedux/520

What to Do If You Receive an Unsolicited Message
https://t.me/RevToolboxRedux/528

PDX Decentralized Comms Ruleset
https://t.me/RevToolboxRedux/536

Only Networks Can Defeat Networks - decentralized digital struggle
https://t.me/RevToolboxRedux/607

The Basics of Firearm Safety
https://t.me/RevToolboxRedux/643

Assertive Intervention and Deescalation Tools and Tips
https://t.me/RevToolboxRedux/646

Faraday Bag from CLDC
https://t.me/RevToolboxRedux/652

How to Lock Your SIM Card
https://t.me/RevToolboxRedux/683

How to Spot NYPD Unmarked Cars
https://t.me/RevToolboxRedux/685

Digital Safety at Protests
https://t.me/RevToolboxRedux/687

Crossing the U.S. Border - crimethinc
https://t.me/RevToolboxRedux/742

Gentleman's Guide to Forum Spies and Spooks
https://t.me/RevToolboxRedux/750

Atlas of Surveillance - Documenting Police Tech
https://t.me/RevToolboxRedux/784

2 Twitter Alternatives
https://t.me/RevToolboxRedux/786

#security
page 1 - 2 - 3 - 4
Click here to return to the ⚒ Resource Index ⚒

If You Don't Need to Say It, Don't Say It (discussion
https://t.me/RevToolboxRedux/797

A Practical Security Handbook for Activists and Campaigns
https://t.me/RevToolboxRedux/814
https://t.me/RevToolboxRedux/931 - PDF

Survival Guide for Popular Resistance
https://t.me/RevToolboxRedux/824

Know Your Rights - ACLU MN
https://t.me/RevToolboxRedux/862

Towards A Citizen's Militia: Anarchists Alternatives to NATO and the Warsaw Pact (1980)
https://t.me/RevToolboxRedux/890

Three Criticisms of Livestreaming [at protests]
https://t.me/RevToolboxRedux/934

Remote Uprising Support Team (RUST) Zine
https://t.me/RevToolboxRedux/937

Consent Culture - basic security culture tips
https://t.me/RevToolboxRedux/960

Protest Safety Guide - Across Frontlines
https://t.me/RevToolboxRedux/1012

NYC ICE Watch - ICE Patrols
https://t.me/RevToolboxRedux/1039

Know Your Rights when ICE or Feds are at the door
https://t.me/RevToolboxRedux/1055

SAFETY & SECURITY GUIDELINES
https://t.me/RevToolboxRedux/1058

Build a Wall of Resistance - Don't Talk to the FBI (picture)
https://t.me/RevToolboxRedux/1094

List of Informative Guides for Street Conflicts
https://t.me/RevToolboxRedux/1114

A thread how to protect your privacy via phone safety at demonstrations--before, during, and after the protest
https://t.me/RevToolboxRedux/1115

S.A.L.U.T.E. Guide
https://t.me/RevToolboxRedux/1117

How to Easily Harden Signal
https://t.me/RevToolboxRedux/1118

the Data Detox Kit - Fistful of Privacy Tips
https://t.me/RevToolboxRedux/15

IT COULD HAPPEN HERE - preparing for political crises and far right violence
https://t.me/RevToolboxRedux/1172

Protest Safety Basics - Black Bloc
https://t.me/RevToolboxRedux/1175

EarthFirst! Opsec Story
https://t.me/RevToolboxRedux/1204

Taking Ourselves Seriously - Digital Harm Reduction discussion by RadioFragmata
https://t.me/RevToolboxRedux/1288

Don't Speak without a Lawyer Present
https://t.me/RevToolboxRedux/1292

If You Get Arrested: DON'T SPEAK (infographic)
https://t.me/RevToolboxRedux/1297

Party Protips
https://t.me/RevToolboxRedux/1298

What to Do If You're Marked by Police with color UV mace/dye
https://t.me/RevToolboxRedux/1338

Comrades Don't Livestream Comrades
https://t.me/RevToolboxRedux/1339

How To Set Up an Anonymous Burner Phone
https://t.me/RevToolboxRedux/1340

How to Build a Paper Trail - for tenant struggles
https://t.me/RevToolboxRedux/1357

Cops are Petty - They WIll Remember You
https://t.me/RevToolboxRedux/1376

Spotting a hidden handgun
https://t.me/RevToolboxRedux/1385

The Fascist Infiltration of Subculture
https://t.me/RevToolboxRedux/1387

Security Culture - A Handbook for Activists
https://t.me/RevToolboxRedux/1401

Trainstopping - Intervening with Rail Transport through blockade and sabotage
https://t.me/RevToolboxRedux/1436

How to Find Hidden Cameras
https://t.me/RevToolboxRedux/1465

Security Alert - Hardening your Telegram
https://t.me/RevToolboxRedux/1503

PSA to all comrades with radios
https://t.me/RevToolboxRedux/1546

An Activists Guide to Informational Security (2016)
https://t.me/RevToolboxRedux/1570

Curated List of Digital Tools for Activism
https://t.me/RevToolboxRedux/1577

Security Reminder w/ Links
https://t.me/RevToolboxRedux/1578

If An Agent Knocks - What To Do
https://t.me/RevToolboxRedux/1625

Was My Friend a Spy-Cop? A Guide to Investigating Suspicions and Providing Emotional Support
https://t.me/RevToolboxRedux/1631

List of Printers with Tracking Dots
https://t.me/RevToolboxRedux/1693

Metadata Kills - Anti-Google
https://t.me/RevToolboxRedux/1700

Privacy Alternatives to Social Networks
https://t.me/RevToolboxRedux/1711

HackBack! A DIY guide to rob banks
https://t.me/RevToolboxRedux/1770

Talking To Cops is Never Safe (good infographic)
https://t.me/RevToolboxRedux/1789

Web Security and Web Hacking for Beginners (video series)
https://t.me/RevToolboxRedux/1797

Grand Juries & Grand Jury Resistance
https://t.me/RevToolboxRedux/1810

#directory

#security
page 1 - 2 - 3 - 4
Click here to return to the ⚒ Resource Index ⚒

Some Guides to Interacting With the FBI
https://t.me/RevToolboxRedux/1828

Fuck Off Google! - Invisible Committee
https://t.me/RevToolboxRedux/1843

Police At the Door - What to do
https://t.me/RevToolboxRedux/1865

Digital Safety Story
https://t.me/RevToolboxRedux/1867

STOP TALKING Before It's Too Late!
https://t.me/RevToolboxRedux/1868

Doxcare - by Crimethinc
https://t.me/RevToolboxRedux/1879

EXIF Cleaners for Clean Image Files
https://t.me/RevToolboxRedux/1935

How To Protect Your Privacy at a Protest (video)
https://t.me/RevToolboxRedux/1939

Attending a Protest - Surveillance Self Defense
https://t.me/RevToolboxRedux/1945

Ten Rules of the Protester - translated from Russian
https://t.me/RevToolboxRedux/1951

Overview/Comparison of different messaging apps
https://t.me/RevToolboxRedux/1985

Wessel's Opsec Guide
https://t.me/RevToolboxRedux/1997

Become Anonymous - a video guide
https://t.me/RevToolboxRedux/2017

Ten Ways to Secure Your Telegram
https://t.me/RevToolboxRedux/2029

Warrior Crowd Control and Riot Manual
https://t.me/RevToolboxRedux/2037

A Practical Security Handbook for Activists and Campaigns
https://t.me/RevToolboxRedux/2057

S.A.L.U.T.E. Spread Info Not Panic (original)
https://t.me/RevToolboxRedux/2114

How Long It Will Take to Crack Your Password
https://t.me/RevToolboxRedux/2118

Black Bloc Tactics - Crimethinc
https://t.me/RevToolboxRedux/2119

Ozimandias Direct Action and Sabotage Handbook
https://t.me/RevToolboxRedux/2122

Guide to Communications and OSINT for 2020 protest movements
https://t.me/RevToolboxRedux/2123

WTO Seattle Logistics Zine (1999)
https://t.me/RevToolboxRedux/2127

PDX Hivebloc Guides
https://t.me/RevToolboxRedux/2128

Confidence Courage Connection Trust - A Proposal for Security Culture
https://t.me/RevToolboxRedux/2131

The Riot Is One Night, But Metadata Lasts Forever
https://t.me/RevToolboxRedux/2132

Digital Safety Kit (committee to protect journalists)
https://t.me/RevToolboxRedux/2133

Stingray Trackers - what you need to know and how to protect yourself
https://t.me/RevToolboxRedux/2134

T-Shirt/Ninja Bloc
https://t.me/RevToolboxRedux/2135

Anti-Surveillance Toolkit - Photography and Video
https://t.me/RevToolboxRedux/2142

The Riot Is One Night, But Metadata Lasts Forever (alt)
https://t.me/RevToolboxRedux/2143

How to Protect Yourself and Others from Police Agitation
https://t.me/RevToolboxRedux/2196

How to Identify Police Surveillance (video, EFF)
https://t.me/RevToolboxRedux/2203

DIY Occupation Guide and Squatters Resources
https://t.me/RevToolboxRedux/2218

Didn't See Nothin' Don't Know Nothin', A Social Media Field Guide
https://t.me/RevToolboxRedux/2238

Resources, Tips, Communiques for Direct Action and CCTV Sabotage
https://t.me/RevToolboxRedux/2241

Resist State Oppression (art)
https://t.me/RevToolboxRedux/2255

The Red Flags of Rogue URL's
https://t.me/RevToolboxRedux/2256

Anonymize Your Online Footprint
https://t.me/RevToolboxRedux/2257

Earthfirst! Direct Action Manual for Monkeywrenchers
https://t.me/RevToolboxRedux/2306

Flyer for Livestreamers and Journalists
https://t.me/RevToolboxRedux/2310

What to Do In the Upcoming Days - for protesters in Burma
https://t.me/RevToolboxRedux/2321

If ICE Agents Show Up At Your Door
https://t.me/RevToolboxRedux/2328

A Recipe for Nocturnal Direct Actions! (zine)
https://t.me/RevToolboxRedux/2330

US Army FM 3-24 - Insurgencies and Countering Insurgencies
https://t.me/RevToolboxRedux/2350

Ecodefense: A Field Guide to Monkeywrenching
https://t.me/RevToolboxRedux/2355

Front-ends for evil sites/platforms
https://t.me/RevToolboxRedux/2408

How To Watch YouTube Without App/Website
https://t.me/RevToolboxRedux/2411

Use Your Right to Report Responsibly
https://t.me/RevToolboxRedux/2446

Protest Reporting Toolkit
https://t.me/RevToolboxRedux/2451

The Cops Don't Play Fair, Be Prepared
https://t.me/RevToolboxRedux/2457

No Face, No Case
https://t.me/RevToolboxRedux/2487
https://t.me/RevToolboxRedux/2519

#directory

#security
page 1 - 2 - 3 - 4
Click here to return to the ⚒ Resource Index ⚒

Video on How to Handle a Detective Visit
https://t.me/RevToolboxRedux/1823

What Is Autonomous Action?
https://t.me/RevToolboxRedux/2512

Some Protest Basics
https://t.me/RevToolboxRedux/2513

Guides for Police Provocateurs and FBI Agents
https://t.me/RevToolboxRedux/2537

Don't Become the State's Eyes (image)
https://t.me/RevToolboxRedux/2538

Digital Security Guidelines - CLDC Digital Security Program
https://t.me/RevToolboxRedux/2557

Protest Safety Planning
https://t.me/RevToolboxRedux/2596

Pittsburgh: Reflections on Leadership and Collective Autonomy
https://t.me/RevToolboxRedux/2618

Basic Guide to Protesting Safely
https://t.me/RevToolboxRedux/2689

When the Police Knock on Your Door
https://t.me/RevToolboxRedux/2711

Anti- and Counter-Surveillance Techniques for Intelligence Officers
https://t.me/RevToolboxRedux/2768

Telegram 101: How to communicate securely in Telegram?
https://t.me/RevToolboxRedux/2808

Black Bloc, Grey Bloc, and Debloc
https://t.me/RevToolboxRedux/2928

No Face No Case, 1312
https://t.me/RevToolboxRedux/2953

Reinforce Rights Not Racism (image)
https://t.me/RevToolboxRedux/2971

FM 34-2-1 Reconnaissance and Surveillance and Intelligence Support to Counterreconnaissance (1991)
https://t.me/RevToolboxRedux/2974

Hitchhikers Guide to Online Anonymity
https://t.me/RevToolboxRedux/2975

Burner Phone Best Practices
https://t.me/RevToolboxRedux/2976

Counterinsurgency in Modern Warfare (2008)
https://t.me/RevToolboxRedux/2992

Army Support to Military Deception, FM 3-13.4
https://t.me/RevToolboxRedux/2993

All Cameras Are Breakable
https://t.me/RevToolboxRedux/3000

Watch Out For Snitches (poster)
https://t.me/RevToolboxRedux/3017

Holistic Security: A Strategy Manual for Human Rights Defenders
https://t.me/RevToolboxRedux/3054

Never Turn Off The Phone: A new approach to security culture
https://t.me/RevToolboxRedux/3055

Rebel Alliance Tech Manual
https://t.me/RevToolboxRedux/3056

Secrets and Lies (story about informal organization)
https://t.me/RevToolboxRedux/3057

Digital Harm Reduction - Taking Ourselves Seriously article 1
https://t.me/RevToolboxRedux/3058

The Invisible Ground: honoring each others security needs
https://t.me/RevToolboxRedux/3059

Recording or taking photo's at a protest can be unwise (image)
https://t.me/RevToolboxRedux/3076

List of found physical surveillance devices
https://t.me/RevToolboxRedux/3086

Things I Wish I Did Before Being Raided by the Police
https://t.me/RevToolboxRedux/3087

Defend Dissent - Digital Suppression and Cryptographic Defense of Social Movements
https://t.me/RevToolboxRedux/3090

LOCKING DOWN SIGNAl (article)
https://t.me/RevToolboxRedux/3091

How To Prevent Facial Recognition Technology from Identifying You
https://t.me/RevToolboxRedux/3159

Doxxing Prevention Harm Reduction Training
https://t.me/RevToolboxRedux/3161

Damage Control - the story of how one activist group kept ourselves safe and strong in the face of movement infiltration
https://t.me/RevToolboxRedux/3162

Security and Counter-Surveillance: Information Against the Police State
https://t.me/RevToolboxRedux/3225

ANARCHIST SURVIVAL GUIDE FOR UNDERSTANDING GESTAPO SWINE INTERROGATION MIND GAMES
https://t.me/RevToolboxRedux/3230

Untitled, or What to Do When Everyone Gets Arrested
https://t.me/RevToolboxRedux/3232

The Art and Science of Billboard Improvement
https://t.me/RevToolboxRedux/3238

Basic Recon Skills (zine)
https://t.me/RevToolboxRedux/3239

COMMUNICATION EQUIPMENT FOR REBELS - Skills for Revolutionary Survival #5
https://t.me/RevToolboxRedux/3308

Your Greatest Weapon Against the State is Anonymity (image)
https://t.me/RevToolboxRedux/3328

Some useful rules for social media
https://t.me/RevToolboxRedux/10

#directory

simplex@mastodon.social - SimpleX Chat v5.1-beta.1 is released!

New in v5.1-beta.1:
- message reactions - finally!🚀
- self-destruct passcode.
- voice messages up to 5 minutes.
- custom time to disappear - can be set just for one message.
- message editing history.
- a setting to disable audio/video calls per contact.
- group welcome message visible in group profile.

Install the apps via the links here: https://github.com/simplex-chat/simplex-chat#install-the-app

More details: https://simplex.chat/blog/20230523-simplex-chat-v5-1-message-reactions-self-destruct-passcode.html

#privacy #security #messenger

KryptEY - Secure E2EE communication


An Android keyboard for secure end-to-end-encrypted messages through the Signal protocol in any messenger. Communicate securely and independent, regardless of the legal situation or whether messengers use E2EE. No server needed.
https://github.com/amnesica/KryptEY

F-Droid
https://f-droid.org/packages/com.amnesica.kryptey/
IzzyOnDroid
https://android.izzysoft.de/repo/apk/com.amnesica.kryptey

Reminder : new apps available in F-Droid app may not emmediatly show on the F-Droid web site ( ie when you share the link app it returns a 404 error ) some extra time is needed for both to be available
https://gitlab.com/fdroid/wiki/-/wikis/FAQ#how-long-does-it-take-for-my-app-to-show-up-on-website-and-client

#encryption #keyboard #E2EE
#messenger #security #Signal

France’s browser-based website blocking proposal will set a disastrous precedent for the open internet –Mozzila Blog

"In a well-intentioned yet dangerous move to fight online fraud, France is on the verge of forcing browsers to create a dystopian technical capability. It would force browser providers to create the means to mandatorily block websites present on a government provided list. Such a move will overturn decades of established content moderation norms and provide a playbook for authoritarian governments"

#censorship
#france #browser #cybersecurity #mozilla #security #surveillance

itsecbot@schleuss.online -

Android 14 to let you block connections to unencrypted cellular networks - Google has announced new cellular security features for its upcoming Android 14, expected...

#security #google #mobile #Cellular #Android #IMSI

itnewsbot@schleuss.online - WinRAR 0-day that uses poisoned JPG and TXT files under exploit since April - Enlarge (credit: Getty Images)

A newly discovered zeroday in t... - https://arstechnica.com/?p=1962625 #vulnerability #security #zipfiles #exploit #zeroday #biz⁢ #winrar

Horror Stories from the Automotive Industry | Chaos Computer Club Berlin - Video

In this talk, we will revisit some of the scariest stories we faced during more than 50 penetration testing and security research projects, with a twist. In the ever-emerging industry of automotive, with old and new OEMs trying to get a share of the pie, many things are at stake, with many things getting overlooked, forgotten, or even deliberately covered.

We will go through a journey of critical findings in different targets and the constant battle between penetration testers, developers, and mid to upper management. This will help the audience get an understanding of how the industry behaves right now, what they (and what we) are doing wrong, and how the future of automotive security should be shaped, not only for the sake of security, but also for the sake of safety and reliability.

https://www.youtube.com/watch?v=rAA-agcNeeg

#cars #OEM #Automobile #PenTesting #Automotive #security #safety #CCCde

Privacy Companies Push Back Against EU Plot To End Online Privacy

An urgent appeal has been relayed to ministers across the #EU by a consortium of tech companies, exacting a grave warning against backing a proposed regulation focusing on child sexual abuse as a pretense to jeopardize the security integrity of internet services relying on end-to-end encryption and end privacy for all citizens.

In a open letter a total of 18 organizations – predominantly comprising providers of encrypted email and messaging services – have voiced concerns about the potential experimental regulation by the European Commission (EC), singling out the “detrimental” effects on children’s #privacy and #security and the possible dire repercussions for #cybersecurity.

#BigBrother #EUChatControl
#ChatControl #Encryption

https://news.northeastern.edu/2024/02/08/security-camera-privacy-hacking/

https://www.ndss-symposium.org/ndss-paper/em-eye-characterizing-electromagnetic-side-channel-eavesdropping-on-embedded-cameras/

#security #camera #webcam

Know Thy Enemy: The Taxonomies That Meta Uses to Map the Offensive Privacy Space

This talk introduces and examines privacy-inclusive taxonomies Meta has developed and uses to track privacy weaknesses, enumerate privacy adversarial TTPs, deconflict privacy and security efforts, and scale detection and remediation efforts. Taxonomies, such as #MITRE's #CVE, #CAPEC, and #ATT&CK® #frameworks, have long been used to track and understand cybersecurity weaknesses and the tactics of cyber adversaries. These taxonomies help #organizations stay abreast of trends, guide software development best practices, and pinpoint the most effective remediation and detection strategies to common #cybersecurity issues. As the field of offensive privacy matures, organizations require similar taxonomies to understand #privacy threats and align efforts across #security and privacy teams....

By: Zach Miller , David Renardy

Full Abstract and Presentation Materials

The Most Dangerous Codec in the World: Finding and Exploiting Vulnerabilities in H.264 Decoders

Modern video encoding standards such as H.264 are a marvel of hidden complexity. But with hidden complexity comes hidden #security risk. #Decoding video today involves interacting with dedicated #hardware accelerators and the #proprietary, privileged software components used to drive (#driver) them. The video #decoder ecosystem is obscure, opaque, diverse, highly privileged, largely untested, and highly exposed -- a dangerous combination.

We introduce H26Forge, a framework that carefully crafts #video files to expose edge cases in H.264 decoders....

By: Stephen Checkoway , Hovav Shacham , Willy Vasquez

Full Abstract and Presentation Materials

#VideoEncoding #Vulnerabilities #Security #Codec #H264 #Exploit

n0rthl1ght/ahwt: Another Hardening Windows Tool – GitHub

GPL-3.0 license
AHWT - another hardening tool for Windows operating systems.

Description (on RUS)
Program is a script generator with collection of parameters and recommendations from CIS Benchmarks and DoD STIGs with some adjusments.

All parameters placed in databases with the names of the operating systems that are used to.

Parameters were checked and tested according to official MS documentation and researchers opinion.
Scripts generates in 2 modes - auto and manual.

All databases have profiles for each operating system min/med/full which corresponds with Minimum (only level 3 parameters (CIS lvl 2/STIG lvl 3)), Medium (level 2 & 3 parameters (CIS lvl 1 & 2/STIG lvl 2)) and Full (lvl 1-3 parameters).

#Windows #Hardening #Security