Privacy & Security Guides

A curated library of privacy, cybersecurity, cryptography, and threat-hunting resources — ideal for learners, pentesters, defenders, and anyone who wants safer digital habits.

Responsible Use

Some resources below can be used for legitimate defense and research, but could also be misused. Use them only on systems you own or where you have explicit permission.

Security Blogs & Expert Commentary

Krebs on Security

In-depth cybersecurity investigations and up-to-date reporting by Brian Krebs.

Visit

Schneier on Security

Cryptography, privacy, and security essays by Bruce Schneier, plus the long-running Crypto-Gram newsletter.

Visit

Underground Tradecraft

Counterintelligence, OPSEC, and tradecraft concepts explained for broad audiences.

Errata Security

Clear explanations of security concepts and commentary by Robert Graham and David Maynor.

Visit

Graham Cluley

Security news, advice, and opinion from the co-host of Smashing Security.

Visit

The Last Watchdog

Privacy and security articles, media, and opinion by Byron Acohido.

Troy Hunt

Security research and breach awareness (well known for data breach tracking).

Visit

Privacy Guides & Safer Online Habits

Privacy Guides

Privacy-focused recommendations and guides for tools and safer configurations.

EFF SSD (Surveillance Self-Defense)

Tips and step-by-step guidance for safer communications and browsing habits.

Visit

Restore Privacy

Privacy tools and guides with practical explanations.

Visit

Pixel Privacy

Guides and comparisons focused on online privacy.

Visit

The Tin Hat

Tutorials and articles about online privacy.

Visit

PrivacyTools

Tools and guidance aimed at protecting against mass surveillance.

Visit

PRISM Break

Secure app alternatives and privacy-respecting software suggestions.

Visit

The Verge (Security Guides)

Accessible guides for securing mobile, web, and home technology.

Visit

The New Oil

A site designed to help readers take back control of their data and regain privacy online.

Oil and Fish Onion Service Privacy Guide

Privacy guidance on protocol configurations (onion-service oriented).

Cybersecurity News Sources

Dark Reading

Breaches, IoT, cloud security, threat intelligence, and more.

ThreatPost

Cloud security, malware, vulnerabilities, and podcasts.

WeLiveSecurity (ESET)

News, insights, and community content.

The Hacker News

Coverage of cyber attacks, vulnerabilities, malware, and breaches.

Sophos (Naked Security)

Easy-to-digest security updates.

IT Security Guru / FOSS Bytes

Aggregated security news and exploit/hack coverage (use with caution and context).

Privacy-Friendly Frontends (Proxy Sites)

Alternative front-ends that reduce tracking and remove heavy scripts.

Nitter (Twitter)

Privacy-friendly Twitter frontend with reduced tracking and minimal/no JavaScript.

Invidious (YouTube)

Open-source, privacy-focused YouTube frontend.

Bibliogram (Instagram)

View Instagram profiles via a proxy frontend with reduced tracking.

Libreddit (Reddit)

Lightweight private Reddit frontend, faster and less tracking-heavy.

Secure File Sharing

OnionShare

Open-source tool to share files securely (often via Tor).

Magic Wormhole / Wormhole

End-to-end encrypted file sharing with expiring links (varies by implementation).

ZeroNet

Decentralized websites and apps platform (BitTorrent + blockchain-like coordination).

garlicshare / onionpipe / onionbox

Onion-service oriented tools for securely sharing content over Tor networks.

Cryptography Learning (Books & Blogs)

A Few Thoughts on Cryptographic Engineering

Thoughts and practical lessons about cryptography and engineering tradeoffs.

Cryptography Book (TOC)

A book covering constructions for cryptographic tasks.

Open

Handbook of Applied Cryptography (PDF)

A reference-style book intended for professional cryptographers.

Open PDF

CryptoParty (PDF)

Accessible privacy and cryptography guidance for communities.

Open PDF

More Crypto Blogs

The Cloudflare Cryptography Blog • Real-World Cryptography Blog • the cr.yp.to blog • Vaultree

Threat Hunting & OSINT Tools (Defensive Use)

Great for blue teams, threat hunters, asset inventory, exposure management, and investigations.

Use for defense & authorized research

Only use these tools to assess your own assets or with explicit permission. Avoid targeting individuals or private systems.

Shodan

Search for internet-connected devices and exposed services.

Open

Censys Search

Internet-wide scanning data for hosts, certificates, and services.

Open

ZoomEye

Cyberspace search engine for networked devices.

Open

urlscan.io

Scan websites to inspect requests, assets, and linked resources.

Open

Netlas

Search and monitor devices connected to the internet.

Open

LeakIX

Helps identify exposed services and public data leaks.

Open

GreyNoise

Context on internet scanning noise vs. targeted activity.

Open

Hunter.io

Find publicly associated email patterns for organizations (use responsibly).

Open

IntelX

Search engine for data archives (access varies by plan).

Open

WiGLE

Map wireless access points around the world (research use).

Open

grep.app

Search across GitHub repositories for code patterns.

Open

Vulners

Vulnerability database and intelligence.

Open

Extra

grayhatwarfare.com — Search for public S3 buckets and exposed files (use for your own assets only).

File Encryption

Recommended tools for protecting files at rest and before sharing.

Provider	Description
VeraCrypt	Open-source, cross-platform disk encryption. Encrypt files/folders or entire disks/partitions. Feature-rich with GUI + CLI options. Successor of TrueCrypt.
Cryptomator	Open-source client-side encryption for cloud files. Preserves file structure for syncing. Fewer advanced knobs than VeraCrypt, but easy to use and great mobile apps.
age	Simple, modern CLI encryption tool and Go library. Small explicit keys, minimal config, Unix composability.

Threat Modeling

Start with Data Flow Diagrams (DFDs) — one of the most practical ways to model threats early.

Data Flow Diagrams (DFDs)

Use DFDs to map processes, data stores, external entities, and trust boundaries.

Tools for generating DFDs

graphviz • draw.io • TikZ

Suggested resources

Presentation (PDF) with intro to DFDs • DFD examples & explanations (add your preferred links here)

Responsible Use

Security Blogs & Expert Commentary

Krebs on Security

Schneier on Security

Underground Tradecraft

Errata Security

Graham Cluley

The Last Watchdog

Troy Hunt

Privacy Guides & Safer Online Habits

Privacy Guides

EFF SSD (Surveillance Self-Defense)

Restore Privacy

Pixel Privacy

The Tin Hat

PrivacyTools

PRISM Break

The Verge (Security Guides)

The New Oil

Oil and Fish Onion Service Privacy Guide

Cybersecurity News Sources

Dark Reading

ThreatPost

WeLiveSecurity (ESET)

The Hacker News

Sophos (Naked Security)

IT Security Guru / FOSS Bytes

Privacy-Friendly Frontends (Proxy Sites)

Nitter (Twitter)

Invidious (YouTube)

Bibliogram (Instagram)

Libreddit (Reddit)

Secure File Sharing

OnionShare

Magic Wormhole / Wormhole

ZeroNet

garlicshare / onionpipe / onionbox

Cryptography Learning (Books & Blogs)

A Few Thoughts on Cryptographic Engineering

Cryptography Book (TOC)

Handbook of Applied Cryptography (PDF)

CryptoParty (PDF)

More Crypto Blogs

Threat Hunting & OSINT Tools (Defensive Use)

Use for defense & authorized research

Shodan

Censys Search

ZoomEye

urlscan.io

Netlas

LeakIX

GreyNoise

Hunter.io

IntelX

WiGLE

grep.app

Vulners

Extra

File Encryption

Threat Modeling

Data Flow Diagrams (DFDs)

Tools for generating DFDs

Suggested resources

Tags:

Share: