Les guides de l'ANSSI.

Malware regularly uses USB sticks to infect victims, and the abuse of USB sticks is a common vector of infection (as an example Lost USB keys have 66% chance of malware).

CIRCLean is an independent hardware solution to clean documents from untrusted (obtained) USB keys / USB sticks. The device automatically converts untrusted documents into a readable but disarmed format and stores these clean files on a trusted (user owned) USB key/stick.

The focus of CIRCLean is to establish document exchange even if the used transport layer (the USB stick) cannot be trusted or if there is a suspicion about whether the contained documents are free of malware or not. In the worst case, only the CIRCLean would be compromised, but not the computer reading the target (trusted) USB key/stick.

The code runs on a Raspberry Pi (a small hardware device), which also means it is not required to plug the original USB key into a computer. CIRCLean can be seen as a kind of air gap between the untrusted USB key and your operational computer.

CIRCLean does not require any technical prerequisites of any kind and can be used by anyone. CIRCLean is free software which can be audited and analyzed by third-parties. We also invite all organizations to actively reuse CIRCLean in their own products or contribute to the project.

TL;DR:

• Séparez strictement vos usages à caractère personnel de ceux à caractère professionnel
• Mettez régulièrement à jour vos outils numériques
• Protégez vos accès par une authentification double-facteur lorsque c’est possible, ou a minima par des mots de passe robustes
• Ne laissez pas vos équipements sans surveillance
• Prenez soin de vos informations personnelles en ligne
• Protégez votre messagerie électronique
• Évitez les réseaux Wi-Fi publics ou inconnus
• Sauvegardez régulièrement vos données
• Protégez-vous des virus et autres logiciels malveillants
• Accordez le juste niveau de privilèges

• Lien vers le document

Trapster Community Edition is a powerful open-source honeypot solution designed to enhance your network security. By acting as a decoy system within your infrastructure, Trapster helps detect and track potential threats, providing valuable insights into attacker behavior and network security posture.

Modern honeypot supporting multiple services, realistic website cloning, and AI-powered features

• 0xBallpoint/trapster-community Modern honeypot supporting multiple services, realistic website cloning, and AI-powered features
• Trapster solution Honeypot complète (Deceptive Security)

We give you X-Ray
Vision for your Website

In just 20 seconds, you can see what attackers already know

• Lissy93/web-check 🕵️‍♂️ All-in-one OSINT tool for analysing any website

CORS (Cross-Origin Resource Sharing) is hard. It's hard because it's part of how browsers fetch stuff, and that's a set of behaviours that started with the very first web browser over thirty years ago. Since then, it's been a constant source of development; adding features, improving defaults, and papering over past mistakes without breaking too much of the web.

Anyway, I figured I'd write down pretty much everything I know about CORS, and to make things interactive, I built an exciting new app:

You can dive right into the playground now if you want, but I'll link to it throughout the article to demonstrate particular examples.

Anyway, I'm getting ahead of myself. Before I get to any of the 'how', I'm going to try to explain why CORS is the way it is, by looking at how it came into existence, and how it fits into other kinds of fetches. Wish me luck…

CVEdetails.com offers a complete CVE database enhanced with additional information including advisories, exploits, tools, source code changes and much more.

CVEs in CISA KEV catalog give users quick access to a list of vulnerabilities exploited in the wild.

EPSS scores provides users with a list of vulnerabilities with increased risk.

Set up email alerts for new CVEs or when new exploits are discovered for CVEs. Or create CVE feeds which can be integrated with tools like Slack or Outlook. Or use our APIs to query CVEs, exploits and other data.

Get an overview of your external attack surface, and products/services running on your IPs.

Create your own tech stacks to manage vulnerabilities affecting products you use. Analyze SBOM files and report vulnerabilities affecting dependencies in the SBOM file.

Dans un monde où les piratages se multiplient, il est de plus en plus important de protéger nos données personnelles, et cela passe notamment par l'authentification à deux facteurs (2FA) qui devient essentielle.

J'utilise déjà Vaultwarden pour gérer mes mots de passe et j'en suis très satisfait. En revanche, je préfère éviter de stocker mes codes 2FA au même endroit que mes mots de passe. Si mon instance Vaultwarden était compromise, un attaquant aurait accès à la fois aux mots de passe ET aux codes 2FA, rendant la double authentification complètement inutile. Séparer les deux rend l’usage un peu moins pratique, mais offre un gain de sécurité non négligeable : il faudrait alors compromettre deux systèmes distincts. Je suis donc parti à la recherche d'une solution 2FA que je peux héberger moi-même.

C'est là qu'intervient Ente Auth, une application open source dédiée à la gestion des codes 2FA, que l'on peut héberger indépendamment de son gestionnaire de mots de passe, avec une synchronisation fluide et une confidentialité totale.

Ente est une suite d'applications pensée pour protéger votre vie privée : la gestion des codes 2FA avec Auth comme on l'a évoqué, mais aussi Photos pour gérer vos photos sans dépendre d'un service tiers, et d'autres applications sont prévues pour le futur. Après avoir ouvert le code de leurs applications clientes, l'équipe a franchi une étape supplémentaire en février 2024 en rendant également leur serveur open source. Cela signifie que vous pouvez maintenant héberger l'intégralité de la solution sur votre propre infrastructure.

• ente/serverquickstart.sh at main · ente-ioente

3,5 milliards, oui : vous avez bien lu. Des chercheurs autrichiens ont réussi à extraire les numéros de téléphone de la quasi-totalité des abonnés WhatsApp, accompagnés de photos de profil et d'informations personnelles. Une brèche colossale qui aurait pu servir n'importe quel acteur malveillant.

How have the NIST password requirements changed?

Secure Boot is a security feature that ensures your computer only boots with software trusted by the Original Equipment Manufacturer (OEM). It verifies the digital signatures of bootloaders and firmware, preventing unauthorized or malicious software from loading before the operating system. This helps protect against rootkits and other malware that could compromise the system early in the boot sequence.

MOK, or Machine Owner Key, is a security feature in Linux. Basically, it enables users to add their own trusted signing keys to the system’s Secure Boot configuration. Normally, trusted keys are provided by hardware vendors or operating system developers. Thus, MOK ensures that only trusted software and kernel modules run on the system.

However, sometimes it’s necessary to load custom software or third-party drivers that aren’t signed by the default trusted keys. This is where MOK comes to help. It enables users to add their specific keys. In turn, this makes the system trust and run custom-signed software, even with Secure Boot enabled.

GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems.

The project collects legitimate functions of Unix binaries that can be abused to ~get the f**k~ break out restricted shells, escalate or maintain elevated privileges, transfer files, spawn bind and reverse shells, and facilitate the other post-exploitation tasks.

It is important to note that this is not a list of exploits, and the programs listed here are not vulnerable per se, rather, GTFOBins is a compendium about how to live off the land when you only have certain binaries available.

GTFOBins is a collaborative project created by Emilio Pinna and Andrea Cardaci where everyone can contribute with additional binaries and techniques.

If you are looking for Windows binaries you should visit LOLBAS.

Warpgate is a smart & fully transparent SSH, HTTPS, MySQL and PostgreSQL bastion host that doesn't require a client app or an SSH wrapper.

• Set it up in your DMZ, add user accounts and easily assign them to specific hosts and URLs within the network.
• Warpgate will record every session for you to view (live) and replay later through a built-in admin web UI.
• Not a jump host - forwards connection straight to the target in a way that's fully transparent to the client.
• Native 2FA and SSO support (TOTP & OpenID Connect)
• Single binary with no dependencies.
• Written in 100% safe Rust.

Je m'étonne souvent de constater la négligence générale liée aux mots de passe - même parmi mes proches. Je propose donc cet article court et accessible pour vous apprendre à bien gérer vos mots de passe.

Cet article prend 10 minutes de votre temps, mais peut sauver votre vie. Littéralement. Donc s'il vous plaît, considérez sa lecture.

Cet article concerne à peu près tout le monde, pour à peu près tous les usages. Nous verrons quelques cas particuliers.

Attention : user_pref("browser.ml.enable", false); empêche l'extension Shaarli de fonctionner.

// src: https://gist.github.com/apfelchips/f129c8316055e524774d757365267e26

// goal: disable all annoying stuff from firefox and tighten security, but still retain all modern web features
// configure as little as possible to benefit from changeing/hardened defaults by Mozilla

// inspired by:
// https://github.com/pyllyukko/user.js/blob/master/user.js
// https://github.com/ghacksuserjs/ghacks-user.js/blob/master/user.js
// http://kb.mozillazine.org/About:config_entries
// https://gist.github.com/ruilapa/3207798
// https://jm42.github.io/compare-user.js/
// https://gitlab.com/librewolf-community/settings/-/blob/master/librewolf.cfg#L1

// pref() <= change default, can be edited by user
// user_pref() <= override everything, defined setting will be set on startup
// more info:
// https://developer.mozilla.org/en-US/docs/Mozilla/Preferences/A_brief_guide_to_Mozilla_preferences

// recommended addons
// https://addons.mozilla.org/en-US/firefox/addon/multi-account-containers/
// https://addons.mozilla.org/en-US/firefox/addon/container-color-toolbar/
// https://addons.mozilla.org/en-US/firefox/addon/switch-container-plus/
// https://addons.mozilla.org/en-US/firefox/addon/open-url-in-container/

// https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/
// https://addons.mozilla.org/en-US/firefox/addon/istilldontcareaboutcookies/
// https://addons.mozilla.org/en-US/firefox/addon/cookie-autodelete/
// https://addons.mozilla.org/en-US/firefox/addon/open-link-in-browser-as/

// https://addons.mozilla.org/en-US/firefox/addon/redirector/
// https://addons.mozilla.org/en-US/firefox/addon/keepass-helper-url-in-title/
// https://addons.mozilla.org/de/firefox/addon/bid-o-matic-be/
// https://addons.mozilla.org/en-US/firefox/addon/hls-stream-detector/

// https://addons.mozilla.org/en-US/firefox/addon/remove-cookies-button-ver1x/
// https://addons.mozilla.org/en-US/firefox/addon/cookie-quick-manager/
// https://addons.mozilla.org/en-US/firefox/addon/uaswitcher/
// https://addons.mozilla.org/en-US/firefox/addon/referercontrol/
// https://addons.mozilla.org/en-US/firefox/addon/clearcache/

// https://addons.mozilla.org/en-US/firefox/addon/firefox-translations/
// https://addons.mozilla.org/en-US/firefox/addon/german-dictionary-de_de-for-sp/

user_pref("_user.js.parrot", "START");
user_pref("general.warnOnAboutConfig", false);

//// telemetry / reporting
user_pref("toolkit.telemetry.enabled", false);
user_pref("toolkit.telemetry.unified", false);
user_pref("toolkit.telemetry.server", "data:,");
user_pref("toolkit.telemetry.archive.enabled", false);
user_pref("toolkit.telemetry.reportingpolicy.firstRun", false);

user_pref("datareporting.healthreport.uploadEnabled", false);
user_pref("datareporting.healthreport.service.enabled", false);
user_pref("datareporting.policy.dataSubmissionEnabled", false);
user_pref("browser.newtabpage.activity-stream.telemetry", false);
user_pref("browser.newtabpage.activity-stream.feeds.telemetry",false);
user_pref("browser.ping-centre.telemetry", false);

user_pref("browser.chrome.errorReporter.enabled", false);
user_pref("browser.chrome.errorReporter.submitUrl", "");

/// ssl error reporting
user_pref("security.ssl.errorReporting.automatic", false);
user_pref("security.ssl.errorReporting.enabled", false);
user_pref("security.ssl.errorReporting.url", "");

/// addon pings
user_pref("browser.selfsupport.enabled", false);
user_pref("browser.selfsupport.url", "");

/// crashreporting
user_pref("browser.tabs.crashReporting.sendReport", false);
user_pref("breakpad.reportURL", "");
user_pref("browser.tabs.crashReporting.sendReport", false);
user_pref("browser.crashReports.unsubmittedCheck.enabled", false);
user_pref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false);
user_pref("dom.ipc.plugins.reportCrashURL", false);

// sends daily pings to Mozilla about extensions and recent startups
user_pref("extensions.getAddons.cache.enabled", false);
// disallow Firefox to make personalized extension recommendations
user_pref("browser.discovery.enabled", false);

/// safebrowsing
user_pref("_user.js.parrot", "safebrowsing");

user_pref("browser.safebrowsing.provider.google.reportURL", "");
user_pref("browser.safebrowsing.reportMalwareMistakeURL", "");
user_pref("browser.safebrowsing.reportPhishMistakeURL", "");
user_pref("browser.safebrowsing.reportPhishURL", "");

//// #fingerprinting
user_pref("_user.js.parrot", "fingerprinting");
// user_pref("privacy.resistFingerprinting", true);

/// #webRTC
//pref("media.peerconnection.enabled", false);
// prevent local ip leaks
user_pref("media.peerconnection.ice.no_host", true);

/// #webGL
//pref("webgl.disabled", true);
//pref("webgl.enable-webgl2", false);

//// #Tracking
user_pref("_user.js.parrot", "Tracking");

//pref("privacy.donottrackheader.enabled", true);

pref("privacy.trackingprotection.enabled", true);
pref("privacy.trackingprotection.pbmode.enabled", true);
user_pref("browser.contentblocking.rejecttrackers.reportBreakage.enabled",false); // disable Lightbulb in AddressBar
user_pref("browser.contentblocking.reportBreakage.enabled",false); // disable Lightbulb in AddressBar

// Disable Onboarding
user_pref("_user.js.parrot", "Onboarding");
user_pref("privacy.trackingprotection.ui.enabled", true);
user_pref("privacy.trackingprotection.introCount", 99); // disable intro
user_pref("browser.contentblocking.introCount", 99); // disable intro

//// experiments
user_pref("network.allow-experiments", false);
user_pref("experiments.supported",false);
user_pref("experiments.enabled",false);
user_pref("experiments.manifest.uri", "");
user_pref("app.normandy.enabled", false);
user_pref("app.normandy.api_url", "");
user_pref("extensions.ui.experiment.hidden", true);
user_pref("network.allow-experiments", false);
user_pref("extensions.shield-recipe-client.enabled", false);
user_pref("extensions.shield-recipe-client.api_url", "");
user_pref("app.shield.optoutstudies.enabled", false);

//// AI Assistant
user_pref("_user.js.parrot", "AI Assistant");
user_pref("browser.ml.chat.enabled", false);
user_pref("browser.ml.chat.shortcuts", false);
user_pref("browser.ml.chat.shortcuts.custom", false);
user_pref("browser.ml.chat.sidebar", false);
user_pref("browser.ml.enable", false);

//// Search
user_pref("_user.js.parrot", "Search");

// search settings get ignored but I set them anyway
user_pref("browser.search.selectedEngine", "DuckDuckGo");
user_pref("browser.search.defaultenginename", "DuckDuckGo");
user_pref("browser.search.defaultenginename.US", "DuckDuckGo");
user_pref("browser.search.defaultenginename.DE", "DuckDuckGo");

user_pref("browser.search.defaulturl", "https://start.duckduckgo.com/?q=");
user_pref("browser.search.order.1", "DuckDuckGo");

user_pref("browser.search.hiddenOneOffs","Bing,Amazon.com,eBay,Google,Twitter");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.geoSpecificDefaults", false);
user_pref("browser.search.geoSpecificDefaults.url", "");
user_pref("browser.search.geoip.url", "");
user_pref("browser.search.update", false);

//// urlbar
user_pref("_user.js.parrot", "urlbar");

user_pref("browser.urlbar.scotchBonnet.enableOverride", false); // "Scotch Bonnet" doesn't show https://
user_pref("browser.urlbar.oneOffSearches", false); // select search engines as icons
user_pref("browser.urlbar.autocomplete.enabled", true);
user_pref("browser.urlbar.suggest.history", true);
user_pref("browser.urlbar.suggest.bookmark", true);
user_pref("browser.urlbar.suggest.openpage", true);
user_pref("browser.urlbar.suggest.searches", false); //autosuggestions from search provider
user_pref("browser.urlbar.searchSuggestionsChoice", true); // nagging if you want to enable suggest.searches
user_pref("browser.urlbar.filter.javascript", false); // allow bookmarklets to be opened from urlbar
user_pref("browser.urlbar.trimURLs", false); // Don't trim HTTP off of URLs in the address bar.

user_pref("browser.urlbar.autoFill", true);// As you type, entries you have previously typed that closely match appear highlighted after your typed text
user_pref("browser.urlbar.autoFill.typed", true);

//pref("browser.startup.page","https://start.duckduckgo.com");
//pref("browser.startup.homepage","https://start.duckduckgo.com");
//pref("startup.homepage_override_url","https://start.duckduckgo.com");
//pref("startup.homepage_welcome_url","https://start.duckduckgo.com");
user_pref("browser.startup.homepage_override.mstone", "ignore"); // Suppress the "What's new" page
user_pref("browser.aboutHomeSnippets.updateUrl", "data:,");

//// bookmarks can be managed in a single file
//// bookmarks.html template: https://gist.github.com/apfelchips/749b121f27d62d3cef78a45722c5c967
// pref("browser.bookmarks.file", "~/.config/firefox/bookmarks.html"); // has to be symlinked, ff can't write to bookmarks.html when a custom path outside of the profile is used
// user_pref("browser.places.importBookmarksHTML", true); // has to to user_pref to force bookmarks.html import

// user_pref("browser.bookmarks.max_backups", 0); // Bookmark Backups
// user_pref("browser.bookmarks.restore_default_bookmarks", false); // stop adding Default Bookmarks
// user_pref("browser.bookmarks.autoExportHTML", false); // there can only be one exporter or bookmarks.html is managed manually

//// about:newtab
user_pref("_user.js.parrot", "newtab");

user_pref("browser.newtabpage.activity-stream.feeds.section.highlights",false);
user_pref("browser.newtabpage.activity-stream.feeds.section.topstories", false);
user_pref("browser.newtabpage.activity-stream.feeds.snippets", false);
user_pref("browser.newtabpage.activity-stream.showTopSites", true);
user_pref("browser.newtabpage.activity-stream.topSitesCount", 12);
user_pref("browser.newtabpage.activity-stream.migrationExpired", true); // import from other browsers

user_pref("browser.newtabpage.activity-stream.disableSnippets", true);
user_pref("browser.newtabpage.activity-stream.feeds.snippets", false);

user_pref("browser.newtabpage.introShown", true);

user_pref("browser.newtabpage.activity-stream.showSponsored", false);
user_pref("browser.newtabpage.activity-stream.showSponsoredTopSites", false);
user_pref("browser.urlbar.sponsoredTopSites", false);

user_pref("browser.newtabpage.enhanced", false); // "Suggested Articles"
user_pref("browser.newtabpage.directory.source", "data:text/plain,");
user_pref("browser.newtabpage.directory.ping", "data:text/plain,");

user_pref("browser.library.activity-stream.enabled", false);
user_pref("browser.newtabpage.activity-stream.enabled", false);

//// annoyances, tweaks
user_pref("network.IDN_show_punycode", true);
user_pref("devtools.selfxss.count", 42); // allow pasting in dev-console

user_pref("media.autoplay.enabled", false);
user_pref("media.autoplay.enabled.user-gestures-needed", false);

pref("media.autoplay.default", 5); // block audio and video by default
pref("media.play-stand-alone", true);

// always ask for download directory
user_pref("browser.download.useDownloadDir", false);

// permissions 0:Ask / 1:Allow / 2:Don't ask
user_pref("permissions.default.desktop-notification", 2);
user_pref("permissions.default.microphone", 0);
user_pref("permissions.default.camera", 0);
user_pref("permissions.default.geo", 2);
user_pref("permissions.default.xr", 2); //virtual reality

// SYNC
//user_pref("services.sync.enabled", false);
//user_pref("identity.fxaccounts.enabled", false);

//// #UI / #UX
user_pref("browser.compactmode.show", true); // re-enable Compact Toolbar mode
user_pref("browser.backspace_action", 0); // 0: Go back in history, 1: Page Up, 2: Nothing
user_pref("browser.ctrlTab.previews", false);
user_pref("browser.ctrlTab.recentlyUsedOrder", false);
user_pref("general.autoScroll", true); // Navigation Dot on Middle Click
user_pref("layout.spellcheckDefault", 2); // 0=none, 1-multi-line, 2=multi-line & single-line

// Don't try to guess domain names when entering an invalid domain name in URL bar
user_pref("browser.fixup.alternate.enabled", false);

user_pref("browser.tabs.warnOnClose", false);
user_pref("browser.tabs.warnOnCloseOtherTabs", false);
user_pref("full-screen-api.warning.delay", 0);
user_pref("full-screen-api.warning.timeout", 2500);

// Show Bookmarks Toolbar visibility setting
// user_pref("browser.toolbars.bookmarks.visibility", "newtab");

/// #Startup
user_pref("_user.js.parrot", "Startup");

user_pref("browser.slowStartup.notificationDisabled", true);
user_pref("browser.slowStartup.samples", 0);
user_pref("browser.slowStartup.maxSamples", 0);
user_pref("browser.disableResetPrompt", true);

user_pref("browser.rights.3.shown", true); //don't show EULA

user_pref("browser.shell.checkDefaultBrowser", false);
user_pref("browser.shell.didSkipDefaultBrowserCheckOnFirstRun", true);

//// #Value Added Services
user_pref("_user.js.parrot", "Value Added Services");

user_pref("browser.tabs.firefox-view", false);
user_pref("browser.firefox-view.feature-tour", '{"screen":"","complete":true}');

user_pref("pocket.enabled", false);
user_pref("browser.pocket.enabled", false);
user_pref("extensions.pocket.enabled", false);

user_pref("dom.flyweb.enabled", false); // IoT whatever
user_pref("browser.casting.enabled", false);

user_pref("signon.rememberSignons", false); // Disable Password Manager

user_pref("browser.pagethumbnails.capturing_disabled", true);
user_pref("browser.shell.shortcutFavicons", false);

user_pref("dom.gamepad.enabled", false);
user_pref("dom.vr.enabled", false);
user_pref("dom.vibrator.enabled", false);

// Trusted Recursive Resolver (DNS-over-HTTPS) (disabled)
user_pref("network.trr.mode", 0);

/// #Onboarding | #First Run | #Guides
user_pref("browser.onboarding.enabled", false);
user_pref("browser.onboarding.notification.finished", true);
user_pref("browser.messaging-system.whatsNewPanel.enabled", false); // no more present icon
user_pref("browser.feeds.showFirstRunUI", false);
user_pref("browser.usedOnWindows10", true);
user_pref("browser.usedOnWindows10.introURL", "");
user_pref("datareporting.healthreport.service.firstRun", false);
user_pref("toolkit.telemetry.reportingpolicy.firstRun", false);
user_pref("browser.reader.detectedFirstArticle", false);
user_pref("browser.uitour.enabled", false);

/// #Reccomendation Popups (╯°□°)╯︵ ┻━┻
user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons", false);
user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", false);
user_pref("browser.newtabpage.activity-stream.asrouter.providers.whats-new-panel", false); // Hide Giftbox

///// #Features we want
user_pref("_user.js.parrot", "Features we want");

//// # Screenshot tool
user_pref("extensions.screenshots.disabled", false);
user_pref("extensions.screenshots.system-disabled", false);
user_pref("extensions.screenshots.upload-disabled", true);

///// #Shutdown Cleanup
user_pref("_user.js.parrot", "Shutdown Cleanup");

pref("privacy.clearOnShutdown.history", false);
pref("privacy.clearOnShutdown.sessions", false);
pref("privacy.clearOnShutdown.formdata", false);
pref("privacy.clearOnShutdown.cookies", false); // manage with Cookie AutoDelete extension
pref("privacy.clearOnShutdown.cache", true);
pref("privacy.clearOnShutdown.siteSettings", false);

pref("privacy.clearOnShutdown.downloads", true);
pref("privacy.clearOnShutdown.offlineApps", true);
pref("privacy.clearOnShutdown.openWindows", true);
pref("privacy.sanitize.sanitizeOnShutdown", true);
pref("browser.helperApps.deleteTempFileOnExit", true);

//// #Clear recent history menu defaults
user_pref("_user.js.parrot", "Clear recent history");

pref("privacy.sanitize.timeSpan", 0);
pref("privacy.cpd.history", true);
pref("privacy.cpd.sessions", false);
pref("privacy.cpd.formdata", true);
pref("privacy.cpd.cookies", false); // manage with Cookie Autodelete extension
pref("privacy.cpd.cache", true);

pref("privacy.cpd.siteSettings", false);
pref("privacy.cpd.offlineApps", true);
pref("privacy.cpd.downloads", true);

// #Cookies
pref("network.cookie.cookieBehavior", 5); // 1: allow cookies from originating server only | 5: "smart"

//// #Extensions
user_pref("_user.js.parrot", "Extensions");

//// https://developer.mozilla.org/en-US/Add-ons/WebExtensions/Alternative_distribution_options/Sideloading_add-ons#Installation_using_the_standard_extension_folders
//// https://developer.mozilla.org/en-US/Add-ons/WebExtensions/Alternative_distribution_options/Add-ons_in_the_enterprise#Controlling_automatic_installation
// user_pref("plugin.defaultXpi.state", 2);

// scopes: https://mike.kaply.com/2012/02/21/understanding-add-on-scopes/
// user_pref("extensions.enabledScopes", 1);
// user_pref("extensions.autoDisableScopes", 14);

// user_pref("extensions.update.enabled", true);
// user_pref("extensions.update.autoUpdate", true);

// user_pref("extensions.webextensions.keepStorageOnUninstall", false);
// user_pref("extensions.webextensions.keepUuidOnUninstall", false);

//// #Protocol Handers
user_pref("_user.js.parrot", "Protocol Handlers");
// user_pref("network.protocol-handler.expose-all", false);
// user_pref("network.protocol-handler.warn-external-default", true);

// user_pref("network.protocol-handler.expose.ext+container", true);
// user_pref("network.protocol-handler.external.ext+container", true);
// user_pref("network.protocol-handler.warn-external.ext+container", false);

// user_pref("network.protocol-handler.expose.rdp", true);
// user_pref("network.protocol-handler.external.rdp", true);
// user_pref("network.protocol-handler.warn-external.rdp", true);

// user_pref("network.protocol-handler.expose.vlc", true);
// user_pref("network.protocol-handler.external.vlc", true);
// user_pref("network.protocol-handler.warn-external.vlc", false);

// user_pref("network.protocol-handler.expose.mpv", true);
// user_pref("network.protocol-handler.external.iina", true);
// user_pref("network.protocol-handler.warn-external.mpv", false);

// user_pref("network.protocol-handler.expose.iina", true);
// user_pref("network.protocol-handler.external.iina", true);
// user_pref("network.protocol-handler.warn-external.iina", false);

// #Security | #TLS
user_pref("_user.js.parrot", "Security | TLS");
// kind of fixed by first party isolation -- to prevent HSTS fingerprinting (https://www.privacy-handbuch.de/handbuch_21m.htm)
// rm SiteSecurityServiceState.txt & touch SiteSecurityServiceState.txt && chmod 555 SiteSecurityServiceState.txt

//user_pref("security.mixed_content.block_display_content", true);
//user_pref("security.mixed_content.block_active_content", true);

// pref("security.OCSP.require", true);
// user_pref("security.ssl.enable_ocsp_stapling", true);
/// user_pref("security.ssl.enable_ocsp_must_staple", true);

// user_pref("security.cert_pinning.enforcement_level", 2);
// user_pref("network.stricttransportsecurity.preloadlist", true);
// user_pref("security.pki.sha1_enforcement_level", 1);
// user_pref("security.ssl.treat_unsafe_negotiation_as_broken", true);

user_pref("_user.js.parrot", "FINISHED");

Ce tutoriel vous guidera pour déployer une instance n8n robuste, sécurisée et prête pour la production sur un serveur Ubuntu 22.04 LTS. Nous utiliserons la pile technologique suivante :

• n8n : La plateforme d’automatisation des workflows.
• PostgreSQL : Une base de données puissante pour vos données.
• Traefik : Un reverse proxy moderne pour la gestion HTTPS.
• Docker & Docker Compose : Pour conteneuriser nos services.

Table des Matières

• 1. Prérequis
• 2. Configuration Initiale du Serveur (Ubuntu 22.04)
  • a. Création d’un utilisateur non-root (Sécurité)
  • b. Changement du nom d’hôte
  • c. Mises à jour du système et sécurité
  • d. Configuration du pare-feu (UFW)
  • e. Protection contre les attaques Brute Force (Fail2Ban)
  • DNS Configuration
  • Installation de Docker et Docker Compose
• 3. Création du Réseau Partagé
• 4. Déploiement de Traefik 🚦
  • a. Préparation de l’environnement Traefik
  • b. Création du fichier docker-compose.yml pour Traefik
  • c. Lancement de Traefik
• 5. Déploiement de n8n avec PostgreSQL 🚀
  • a. Préparation de l’environnement n8n
  • b. Création du fichier docker-compose.yml pour n8n
  • c. Lancement de n8n et PostgreSQL
• 6. Configuration d’un accès SFTP sécurisé (Optionnel)
  • b. Préparation de la prison « Chroot »
  • d. Création du « pont » vers le répertoire partagé
  • e. Connexion avec un client SFTP (ex: FileZilla)
• 7. Sauvegarde et Maintenance
  • a. Stratégie de Sauvegarde
• b. Restauration
• c. test de restauration
• Étape 2 : Lancer le test
• Étape 3 : Vérifier l’accès
• Étape 4 : Nettoyer
• d. Gestion des Logs Docker
• 8. Accès et Finalisation

An evolving how-to guide for securing a Linux server that, hopefully, also teaches you a little about security and why it matters.

Bienvenue dans la collection « Chroniques du Cyberspace », où je vous raconte l'histoire des plus grands experts en sécurité informatique, des hackers éthiques et des incidents qui ont marqué le monde numérique. Si vous êtes passionné de cybersécurité, vous allez kiffer ! Bonne lecture à tous !

• Charlie Miller - L'ancien mathématicien …
• Ashley Madison - Le hack qui a détruit …
• L'histoire de deux ados britanniques qui …
• APT29 / Cozy Bear - L'histoire du groupe …
• Conti - Le gang de ransomware russe qui …
• L'histoire épique de la CVE-2025-53770 …
• Masters of Deception - Les premiers rois …
• Julian Assange et WikiLeaks - L'histoire …
• Albert Gonzalez - Le plus grand …
• Bill Gates et sa lettre ouverte aux …
• Phil Zimmermann - Père de PGP et gardien …
• Ross Ulbricht (Silk Road) - L'histoire …
• John McAfee - Le génie de l'antivirus …
• Dan Kaminsky - Le hacker aux rollers qui …
• Sony Pictures Hack - L'histoire du jour …
• Opération Sundevil - Le jour où …
• APT28 Fancy Bear - Les hackers russes du …
• DarkSide - Le groupe criminel qui a …
• LulzSec - 50 jours de chaos par 6 …
• Gary McKinnon - Le hacker qui a presque …
• Legion of Doom - Les hackers qui ont …
• Chelsea Manning - La lanceuse d'alerte …
• Kevin Poulsen - De hacker arrêté par le …
• La Blue Box qui a créé Apple - Quand …
• Kim Dotcom - La saga du hacker devenu …
• Eugene Kaspersky - D'un virus …
• Stuxnet - La cyber-arme qui a détruit …
• Bruce Schneier - Le cryptographe qui a …
• Comment le fils d'un expert NSA a planté …
• Lazarus Group - Les hackers secrets de …
• REvil-Sodinokibi - L'Empire …
• Anonymous - De 4chan aux cyberattaques …
• Chaos Computer Club - Le groupe de …
• Edward Snowden - Le geek qui a hacké …
• Adrian Lamo - Le hacker sans-abri qui a …
• Kevin Mitnick - le hacker le plus …
• Captain Crunch - Le pirate qui hackait …

Self-hosted abuse detection and rule enforcement against low-effort mass AI scraping and bots. Uses conventional non-nuclear options.

go-away sits in between your site and the Internet / upstream proxy.

Incoming requests can be selected by rules to be actioned or challenged to filter suspicious requests.

The tool is designed highly flexible so the operator can minimize impact to legit users, while surgically targeting heavy endpoints or scrapers.

Challenges can be transparent (not shown to user, depends on backend or other logic), non-JavaScript (challenges common browser properties), or custom JavaScript (from Proof of Work to fingerprinting or Captcha is supported)

See Why do this? section for the challenges and reasoning behind this tool.

This documentation and go-away are in active development. See What's left? section for a breakdown.