Scott Mortimer @ScottMortimer@infosec.exchange

Some jackass from an Alt-Right site at gitmo.life just tried to follow me. I really don't get the motivation...must be for the "lulz".

Interestingly, the domain was registered via Epik which is a registrar managed by white nationalist scumbag, Rob Monster.

https://en.wikipedia.org/wiki/Epik_%28company%29?wprov=sfla1

https://gwhois.org/gitmo.life+dns

I suggest Bitwarden for those ready to migrate

LastPass’ free tier will become a lot less useful next month

https://www.theverge.com/2021/2/16/22285531/lastpass-free-tier-mobile-computer-device-premium-family

Geolocation for nftables

This article will examine the concept of geo filtering and how it could add a valuable layer of security to your firewall, and will then explore how the Geolocation for nftables project is leveraging Open Source to provide intuitive, customizable geo filtering on Linux.

https://linuxsecurity.com/features/features/geolocation-for-nftables

~Open Source Security Tool of the Day~

#osstotd

Cloudlist is a multi-cloud tool for getting Assets (Hostnames, IP Addresses) from Cloud Providers. This is intended to be used by the blue team to augment Attack Surface Management efforts by maintaining a centralized list of assets across multiple clouds with very little configuration efforts.

https://github.com/projectdiscovery/cloudlist

Mitigating Web Shells

This repository houses a number of tools and signatures to help defend networks against web shell malware. More information about web shells and the analytics used by the tools here is available in NSA and ASD web shell mitigation guidance Detect and Prevent Web Shell Malware.

https://github.com/nsacyber/Mitigating-Web-Shells

Visual guide to SSH tunnels

https://robotmoon.com/ssh-tunnels/

Lofi Tunes for Slacking and Hacking

https://fanlink.to/chilledcow-music

I have been looking into NixOS for a future project of mine. Some of its features that I find intriguing are:

- Atomic upgrades
- Rollback for any changes
- DevOps-friendly

https://linuxhint.com/nixos-review/

Check your Chrome security

Every Google Chrome user should click this button now | ZDNet

Whether you're using Google Chrome on a Windows system or on a Mac, you should go find and click this button now.

https://www.zdnet.com/article/every-google-chrome-user-should-click-this-button/

The Best Chrome Extensions for OSINT Professionals, Researchers and Journalists in 2021–i-intelligence

An index of Chrome extensions to support research, intelligence and investigations.

https://i-intelligence.eu/insights/best-chrome-extensions-for-osint-professionals-analysts-journalists-academic-researchers-and-students-february-2021

A Practical Guide to Writing Secure Dockerfiles

https://speakerdeck.com/madhuakula/a-practical-guide-to-writing-secure-dockerfiles-wearedevelopers-container-day-2021

Hope nobody is still using this

Google has forcibly uninstalled the immensely popular 'The Great Suspender' extension from Google Chrome and classified it as malware.

https://www.bleepingcomputer.com/news/software/the-great-suspender-chrome-extensions-fall-from-grace/