20 Best Binary Options Brokers (April 2020) - Evoke Finance

A comparison of four visual story apps: Choices, Arcana, Lovestruck and Chapters

I decided to write up a chart comparing four of the visual story games I've played and how they compare in some respects. Not going to try and judge the writing quality of the games, while Chapters is obviously the least-quality on this metric I'll leave it to everyone to decide quality among the other three. I'm not trying to rank any one as better than the other! I think it should be pretty evident from my comparison that all of them have strengths and weaknesses.
There are a couple more games coming out (Storyscape is probably the most anticipated one) but they're still changing things so I didn't include them. I also didn't include Episode because I honestly have no clue which stories are featured / written by their team and I know most people don't play the "official" stories anyway, so it's kinda pointless to compare.
These four games are:
Since all of these apps have different names for the same things, I tried to standardize the terminology...
Choices: Stories You Play The Arcana: A Mystic Romance Lovestruck: Choose Your Romance Chapters: Interactive Stories
Release Date (App Store) 8/17/2016 10/22/2016 3/1/2017 10/27/2017
App Store Age Rating 12+ 12+ 17+ 17+
Passes are Called Keys Keys Tickets Tickets
Maximum Number of Passes 2 3 2 2
Pass Regeneration Rate 3 hours 4 hours 2.5 hours 2 hours
Gems are Called Diamonds Coins Hearts Diamonds
MC Visual Customization? Yes No No Yes
MC Gender Majority female (several stories have male options) Male/Female/Non-binary Female-only Almost all female (1 male-only story)
LI Gender Majority male (all but 1 story have at least 1 female LI) 3 Male, 2 female, 1 non-binary Male/Female (new releases are 50/50, 2 non-binary) Almost all male (2 female LI stories)
Watch Ads to Earn Gems? Yes Yes (beta) No Yes
Play Games to Earn Gems? No Yes No No
Check-in Daily to Earn Gems? Yes Yes Yes* (daily puzzle piece) Yes
Play Chapters to Earn Gems? Yes No Yes* (Romantic Quests) No
Number of Unique Series 35+ 1 (6 books) 14 100+
Series Types Both continuing series and stand-alones 1 continuing series Almost all continuing series (several stand-alones) Almost all stand-alones (two continuing series)
Average Chapters in Book ~15-18 22 (full) 12 (19 for earlier books) ~18-20
Average Choices per Book ~10-15 ~7-15 ~3-6 ~7-15
Can You Collect CGs? No* (they exist, but you can't collect them in one place) Yes Yes No
Do Choices Affect the Story? Yes Yes (upright/reversed endings) No* (some older books have thrilling/passionate endings) No
Are Series in Same Universe? Yes Yes Yes No

MC/LI Choices

Earning Passes/Gems

Gameplay

Stories & Genres

Genre Choices Lovestruck Chapters
Action The Heist: Romance, Most Wanted Gangsters in Love, Villainous Nights Bad Boy Blues
Fantasy The Crown & The Flame, The Elementalists Love & Legends, Reigning Passions Robin Hood
Historical A Courtesan of Rome, Desire & Decorum Speakeasy Tonight 50 Ways to Ruin a Rake
Horror It Lives Series N/A N/A
Mystery Veil of Secrets Castaway Dirty Little Secrets, Uninvited
Paranormal Bloodbound, Nightbound Havenfall is for Lovers Lux, Love at Stake
Science Fiction Across the Void Starship Promise Court of Nightfall, The Wandering Earth

History

Demographics

Here's a chart by gendesexual orientation for which game gives you the most options / fits a particular demographic best in my opinion:
Gender x Male LIs x Female LIs x Non-binary LIs
Female All apps but esp. Chapters Lovestruck, Choices Lovestruck
Male Choices, Arcana Choices Arcana
Non-binary Arcana Arcana Arcana
Let me know what you guys think, and if you can add another app to compare let me know too...
submitted by kori_no_ryu to Choices [link] [comments]

Vault 7 - CIA Hacking Tools Revealed

Vault 7 - CIA Hacking Tools Revealed
March 07, 2017
from Wikileaks Website


https://preview.redd.it/9ufj63xnfdb41.jpg?width=500&format=pjpg&auto=webp&s=46bbc937f4f060bad1eaac3e0dce732e3d8346ee

Press Release
Today, Tuesday 7 March 2017, WikiLeaks begins its new series of leaks on the U.S. Central Intelligence Agency.
Code-named "Vault 7" by WikiLeaks, it is the largest ever publication of confidential documents on the agency.
The first full part of the series, "Year Zero", comprises 8,761 documents and files from an isolated, high-security network situated inside the CIA's Center for Cyber Intelligence (below image) in Langley, Virgina.
It follows an introductory disclosure last month of CIA targeting French political parties and candidates in the lead up to the 2012 presidential election.
Recently, the CIA lost control of the majority of its hacking arsenal including,
  1. malware
  2. viruses
  3. trojans
  4. weaponized "zero day" exploits
  5. malware remote control systems

...and associated documentation.
This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA.
The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive.
"Year Zero" introduces the scope and direction of the CIA's global covert hacking program, its malware arsenal and dozens of "zero day" weaponized exploits against a wide range of U.S. and European company products, include,

  1. Apple's iPhone
  2. Google's Android
  3. Microsoft's Windows
  4. Samsung TVs,

...which are turned into covert microphones.
Since 2001 the CIA has gained political and budgetary preeminence over the U.S. National Security Agency (NSA).
The CIA found itself building not just its now infamous drone fleet, but a very different type of covert, globe-spanning force - its own substantial fleet of hackers.
The agency's hacking division freed it from having to disclose its often controversial operations to the NSA (its primary bureaucratic rival) in order to draw on the NSA's hacking capacities.
By the end of 2016, the CIA's hacking division, which formally falls under the agency's Center for Cyber Intelligence (CCI - below image), had over 5000 registered users and had produced more than a thousand,
hacking systems trojans viruses,
...and other "weaponized" malware.


https://preview.redd.it/3jsojkqxfdb41.jpg?width=366&format=pjpg&auto=webp&s=e92eafbb113ab3e972045cc242dde0f0dd511e96

Such is the scale of the CIA's undertaking that by 2016, its hackers had utilized more codes than those used to run Facebook.
The CIA had created, in effect, its "own NSA" with even less accountability and without publicly answering the question as to whether such a massive budgetary spend on duplicating the capacities of a rival agency could be justified.
In a statement to WikiLeaks the source details policy questions that they say urgently need to be debated in public, including whether the CIA's hacking capabilities exceed its mandated powers and the problem of public oversight of the agency.
The source wishes to initiate a public debate about the security, creation, use, proliferation and democratic control of cyberweapons.
Once a single cyber 'weapon' is 'loose' it can spread around the world in seconds, to be used by rival states, cyber mafia and teenage hackers alike.

Julian Assange, WikiLeaks editor stated that,
"There is an extreme proliferation risk in the development of cyber 'weapons'.
Comparisons can be drawn between the uncontrolled proliferation of such 'weapons', which results from the inability to contain them combined with their high market value, and the global arms trade.
But the significance of 'Year Zero' goes well beyond the choice between cyberwar and cyberpeace. The disclosure is also exceptional from a political, legal and forensic perspective."

Wikileaks has carefully reviewed the "Year Zero" disclosure and published substantive CIA documentation while avoiding the distribution of 'armed' cyberweapons until a consensus emerges on the technical and political nature of the CIA's program and how such 'weapons' should analyzed, disarmed and published.

Wikileaks has also decided to Redact (see far below) and Anonymize some identifying information in "Year Zero" for in depth analysis. These redactions include ten of thousands of CIA targets and attack machines throughout,
Latin America Europe the United States

While we are aware of the imperfect results of any approach chosen, we remain committed to our publishing model and note that the quantity of published pages in "Vault 7" part one ("Year Zero") already eclipses the total number of pages published over the first three years of the Edward Snowden NSA leaks.

Analysis

CIA malware targets iPhone, Android, smart TVs
CIA malware and hacking tools are built by EDG (Engineering Development Group), a software development group within CCI (Center for Cyber Intelligence), a department belonging to the CIA's DDI (Directorate for Digital Innovation).
The DDI is one of the five major directorates of the CIA (see above image of the CIA for more details).
The EDG is responsible for the development, testing and operational support of all backdoors, exploits, malicious payloads, trojans, viruses and any other kind of malware used by the CIA in its covert operations world-wide.
The increasing sophistication of surveillance techniques has drawn comparisons with George Orwell's 1984, but "Weeping Angel", developed by the CIA's Embedded Devices Branch (EDB), which infests smart TVs, transforming them into covert microphones, is surely its most emblematic realization.
The attack against Samsung smart TVs was developed in cooperation with the United Kingdom's MI5/BTSS.
After infestation, Weeping Angel places the target TV in a 'Fake-Off' mode, so that the owner falsely believes the TV is off when it is on. In 'Fake-Off' mode the TV operates as a bug, recording conversations in the room and sending them over the Internet to a covert CIA server.
As of October 2014 the CIA was also looking at infecting the vehicle control systems used by modern cars and trucks. The purpose of such control is not specified, but it would permit the CIA to engage in nearly undetectable assassinations.
The CIA's Mobile Devices Branch (MDB) developed numerous attacks to remotely hack and control popular smart phones. Infected phones can be instructed to send the CIA the user's geolocation, audio and text communications as well as covertly activate the phone's camera and microphone.
Despite iPhone's minority share (14.5%) of the global smart phone market in 2016, a specialized unit in the CIA's Mobile Development Branch produces malware to infest, control and exfiltrate data from iPhones and other Apple products running iOS, such as iPads.
CIA's arsenal includes numerous local and remote "zero days" developed by CIA or obtained from GCHQ, NSA, FBI or purchased from cyber arms contractors such as Baitshop.
The disproportionate focus on iOS may be explained by the popularity of the iPhone among social, political, diplomatic and business elites.
A similar unit targets Google's Android which is used to run the majority of the world's smart phones (~85%) including Samsung, HTC and Sony. 1.15 billion Android powered phones were sold last year.
"Year Zero" shows that as of 2016 the CIA had 24 "weaponized" Android "zero days" which it has developed itself and obtained from GCHQ, NSA and cyber arms contractors.
These techniques permit the CIA to bypass the encryption of, WhatsApp
  1. Signal
  2. Telegram
  3. Wiebo
  4. Confide
  5. Cloackman
...by hacking the "smart" phones that they run on and collecting audio and message traffic before encryption is applied.
CIA malware targets Windows, OSx, Linux, routers
The CIA also runs a very substantial effort to infect and control Microsoft Windows users with its malware.
This includes multiple local and remote weaponized "zero days", air gap jumping viruses such as "Hammer Drill" which infects software distributed on CD/DVDs, infectors for removable media such as USBs, systems to hide data in images or in covert disk areas ("Brutal Kangaroo") and to keep its malware infestations going.
Many of these infection efforts are pulled together by the CIA's Automated Implant Branch (AIB), which has developed several attack systems for automated infestation and control of CIA malware, such as "Assassin" and "Medusa".
Attacks against Internet infrastructure and webservers are developed by the CIA's Network Devices Branch (NDB).
The CIA has developed automated multi-platform malware attack and control systems covering Windows, Mac OS X, Solaris, Linux and more, such as EDB's "HIVE" and the related "Cutthroat" and "Swindle" tools, which are described in the examples section far below.
CIA 'hoarded' vulnerabilities ("zero days")
In the wake of Edward Snowden's leaks about the NSA, the U.S. technology industry secured a commitment from the Obama administration that the executive would disclose on an ongoing basis - rather than hoard - serious vulnerabilities, exploits, bugs or "zero days" to Apple, Google, Microsoft, and other US-based manufacturers.
Serious vulnerabilities not disclosed to the manufacturers places huge swathes of the population and critical infrastructure at risk to foreign intelligence or cyber criminals who independently discover or hear rumors of the vulnerability.
If the CIA can discover such vulnerabilities so can others.
The U.S. government's commitment to the Vulnerabilities Equities Process came after significant lobbying by US technology companies, who risk losing their share of the global market over real and perceived hidden vulnerabilities.
The government stated that it would disclose all pervasive vulnerabilities discovered after 2010 on an ongoing basis.
"Year Zero" documents show that the CIA breached the Obama administration's commitments. Many of the vulnerabilities used in the CIA's cyber arsenal are pervasive and some may already have been found by rival intelligence agencies or cyber criminals.
As an example, specific CIA malware revealed in "Year Zero" is able to penetrate, infest and control both the Android phone and iPhone software that runs or has run presidential Twitter accounts.
The CIA attacks this software by using undisclosed security vulnerabilities ("zero days") possessed by the CIA but if the CIA can hack these phones then so can everyone else who has obtained or discovered the vulnerability.
As long as the CIA keeps these vulnerabilities concealed from Apple and Google (who make the phones) they will not be fixed, and the phones will remain hackable.
The same vulnerabilities exist for the population at large, including the U.S. Cabinet, Congress, top CEOs, system administrators, security officers and engineers.
By hiding these security flaws from manufacturers like Apple and Google the CIA ensures that it can hack everyone at the expense of leaving everyone hackable.
'Cyberwar' programs are a serious proliferation risk
Cyber 'weapons' are not possible to keep under effective control.
While nuclear proliferation has been restrained by the enormous costs and visible infrastructure involved in assembling enough fissile material to produce a critical nuclear mass, cyber 'weapons', once developed, are very hard to retain.
Cyber 'weapons' are in fact just computer programs which can be pirated like any other. Since they are entirely comprised of information they can be copied quickly with no marginal cost.
Securing such 'weapons' is particularly difficult since the same people who develop and use them have the skills to exfiltrate copies without leaving traces - sometimes by using the very same 'weapons' against the organizations that contain them.
There are substantial price incentives for government hackers and consultants to obtain copies since there is a global "vulnerability market" that will pay hundreds of thousands to millions of dollars for copies of such 'weapons'.
Similarly, contractors and companies who obtain such 'weapons' sometimes use them for their own purposes, obtaining advantage over their competitors in selling 'hacking' services.
Over the last three years the United States intelligence sector, which consists of government agencies such as the CIA and NSA and their contractors, such as Booz Allan Hamilton, has been subject to unprecedented series of data exfiltrations by its own workers.
A number of intelligence community members not yet publicly named have been arrested or subject to federal criminal investigations in separate incidents.
Most visibly, on February 8, 2017 a U.S. federal grand jury indicted Harold T. Martin III with 20 counts of mishandling classified information.
The Department of Justice alleged that it seized some 50,000 gigabytes of information from Harold T. Martin III that he had obtained from classified programs at NSA and CIA, including the source code for numerous hacking tools.
Once a single cyber 'weapon' is 'loose' it can spread around the world in seconds, to be used by peer states, cyber mafia and teenage hackers alike.
U.S. Consulate in Frankfurt is a covert CIA hacker base
In addition to its operations in Langley, Virginia the CIA also uses the U.S. consulate in Frankfurt as a covert base for its hackers covering Europe, the Middle East and Africa.
CIA hackers operating out of the Frankfurt consulate ("Center for Cyber Intelligence Europe" or CCIE) are given diplomatic ("black") passports and State Department cover.
The instructions for incoming CIA hackers make Germany's counter-intelligence efforts appear inconsequential: "Breeze through German Customs because you have your cover-for-action story down pat, and all they did was stamp your passport" Your Cover Story (for this trip) Q: Why are you here? A: Supporting technical consultations at the Consulate. Two earlier WikiLeaks publications give further detail on CIA approaches to customs and secondary screening procedures.
Once in Frankfurt CIA hackers can travel without further border checks to the 25 European countries that are part of the Shengen open border area - including France, Italy and Switzerland.
A number of the CIA's electronic attack methods are designed for physical proximity.
These attack methods are able to penetrate high security networks that are disconnected from the internet, such as police record database. In these cases, a CIA officer, agent or allied intelligence officer acting under instructions, physically infiltrates the targeted workplace.
The attacker is provided with a USB containing malware developed for the CIA for this purpose, which is inserted into the targeted computer. The attacker then infects and exfiltrates data to removable media.
For example, the CIA attack system Fine Dining, provides 24 decoy applications for CIA spies to use.
To witnesses, the spy appears to be running a program showing videos (e.g VLC), presenting slides (Prezi), playing a computer game (Breakout2, 2048) or even running a fake virus scanner (Kaspersky, McAfee, Sophos).
But while the decoy application is on the screen, the underlying system is automatically infected and ransacked.
How the CIA dramatically increased proliferation risks
In what is surely one of the most astounding intelligence own goals in living memory, the CIA structured its classification regime such that for the most market valuable part of "Vault 7", the CIA's, weaponized malware (implants + zero days) Listening Posts (LP) Command and Control (C2) systems, ...the agency has little legal recourse.
The CIA made these systems unclassified.
Why the CIA chose to make its cyber-arsenal unclassified reveals how concepts developed for military use do not easily crossover to the 'battlefield' of cyber 'war'.
To attack its targets, the CIA usually requires that its implants communicate with their control programs over the internet.
If CIA implants, Command & Control and Listening Post software were classified, then CIA officers could be prosecuted or dismissed for violating rules that prohibit placing classified information onto the Internet.
Consequently the CIA has secretly made most of its cyber spying/war code unclassified. The U.S. government is not able to assert copyright either, due to restrictions in the U.S. Constitution.
This means that cyber 'arms' manufactures and computer hackers can freely "pirate" these 'weapons' if they are obtained. The CIA has primarily had to rely on obfuscation to protect its malware secrets.
Conventional weapons such as missiles may be fired at the enemy (i.e. into an unsecured area). Proximity to or impact with the target detonates the ordnance including its classified parts. Hence military personnel do not violate classification rules by firing ordnance with classified parts.
Ordnance will likely explode. If it does not, that is not the operator's intent.
Over the last decade U.S. hacking operations have been increasingly dressed up in military jargon to tap into Department of Defense funding streams.
For instance, attempted "malware injections" (commercial jargon) or "implant drops" (NSA jargon) are being called "fires" as if a weapon was being fired.
However the analogy is questionable.
Unlike bullets, bombs or missiles, most CIA malware is designed to live for days or even years after it has reached its 'target'. CIA malware does not "explode on impact" but rather permanently infests its target. In order to infect target's device, copies of the malware must be placed on the target's devices, giving physical possession of the malware to the target.
To exfiltrate data back to the CIA or to await further instructions the malware must communicate with CIA Command & Control (C2) systems placed on internet connected servers.
But such servers are typically not approved to hold classified information, so CIA command and control systems are also made unclassified.
A successful 'attack' on a target's computer system is more like a series of complex stock maneuvers in a hostile take-over bid or the careful planting of rumors in order to gain control over an organization's leadership rather than the firing of a weapons system.
If there is a military analogy to be made, the infestation of a target is perhaps akin to the execution of a whole series of military maneuvers against the target's territory including observation, infiltration, occupation and exploitation.
Evading forensics and anti-virus
A series of standards lay out CIA malware infestation patterns which are likely to assist forensic crime scene investigators as well as, Apple
  1. Microsoft
  2. Google
  3. Samsung
  4. Nokia
  5. Blackberry
  6. Siemens
  7. anti-virus companies,
...attribute and defend against attacks.
"Tradecraft DO's and DON'Ts" contains CIA rules on how its malware should be written to avoid fingerprints implicating the "CIA, US government, or its witting partner companies" in "forensic review".
Similar secret standards cover the, use of encryption to hide CIA hacker and malware communication (pdf) describing targets & exfiltrated data (pdf) executing payloads (pdf) persisting (pdf), ...in the target's machines over time.
CIA hackers developed successful attacks against most well known anti-virus programs.
These are documented in, AV defeats Personal Security Products Detecting and defeating PSPs PSP/DebuggeRE Avoidance For example, Comodo was defeated by CIA malware placing itself in the Window's "Recycle Bin". While Comodo 6.x has a "Gaping Hole of DOOM".
CIA hackers discussed what the NSA's "Equation Group" hackers did wrong and how the CIA's malware makers could avoid similar exposure.

Examples

The CIA's Engineering Development Group (EDG) management system contains around 500 different projects (only some of which are documented by "Year Zero") each with their own sub-projects, malware and hacker tools.
The majority of these projects relate to tools that are used for,
penetration infestation ("implanting") control exfiltration
Another branch of development focuses on the development and operation of Listening Posts (LP) and Command and Control (C2) systems used to communicate with and control CIA implants.
Special projects are used to target specific hardware from routers to smart TVs.
Some example projects are described below, but see the table of contents for the full list of projects described by WikiLeaks' "Year Zero".
UMBRAGE
The CIA's hand crafted hacking techniques pose a problem for the agency.
Each technique it has created forms a "fingerprint" that can be used by forensic investigators to attribute multiple different attacks to the same entity.
This is analogous to finding the same distinctive knife wound on multiple separate murder victims. The unique wounding style creates suspicion that a single murderer is responsible.
As soon one murder in the set is solved then the other murders also find likely attribution.
The CIA's Remote Devices Branch's UMBRAGE group collects and maintains a substantial library of attack techniques 'stolen' from malware produced in other states including the Russian Federation.
With UMBRAGE and related projects the CIA cannot only increase its total number of attack types but also misdirect attribution by leaving behind the "fingerprints" of the groups that the attack techniques were stolen from.
UMBRAGE components cover,
keyloggers
  1. password collection
  2. webcam capture
  3. data destruction
  4. persistence
  5. privilege escalation
  6. stealth
  7. anti-virus (PSP) avoidance
  8. survey techniques

Fine Dining
Fine Dining comes with a standardized questionnaire i.e menu that CIA case officers fill out.
The questionnaire is used by the agency's OSB (Operational Support Branch) to transform the requests of case officers into technical requirements for hacking attacks (typically "exfiltrating" information from computer systems) for specific operations.
The questionnaire allows the OSB to identify how to adapt existing tools for the operation, and communicate this to CIA malware configuration staff.
The OSB functions as the interface between CIA operational staff and the relevant technical support staff.
Among the list of possible targets of the collection are,
  • 'Asset'
  • 'Liason Asset'
  • 'System Administrator'
  • 'Foreign Information Operations'
  • 'Foreign Intelligence Agencies'
  • 'Foreign Government Entities'
Notably absent is any reference to extremists or transnational criminals. The 'Case Officer' is also asked to specify the environment of the target like the type of computer, operating system used, Internet connectivity and installed anti-virus utilities (PSPs) as well as a list of file types to be exfiltrated like Office documents, audio, video, images or custom file types.
The 'menu' also asks for information if recurring access to the target is possible and how long unobserved access to the computer can be maintained.
This information is used by the CIA's 'JQJIMPROVISE' software (see below) to configure a set of CIA malware suited to the specific needs of an operation.
Improvise (JQJIMPROVISE)
  1. 'Improvise' is a toolset for configuration, post-processing, payload setup and execution vector
  2. selection for survey/exfiltration tools supporting all major operating systems like,
  3. Windows (Bartender)
  4. MacOS (JukeBox)
  5. Linux (DanceFloor)
  6. Its configuration utilities like Margarita allows the NOC (Network Operation Center) to customize tools
based on requirements from 'Fine Dining' questionnaires.
HIVE
HIVE is a multi-platform CIA malware suite and its associated control software.
The project provides customizable implants for Windows, Solaris, MikroTik (used in internet routers) and Linux platforms and a Listening Post (LP)/Command and Control (C2) infrastructure to communicate with these implants.
The implants are configured to communicate via HTTPS with the webserver of a cover domain; each operation utilizing these implants has a separate cover domain and the infrastructure can handle any number of cover domains.
Each cover domain resolves to an IP address that is located at a commercial VPS (Virtual Private Server) provider.
The public-facing server forwards all incoming traffic via a VPN to a 'Blot' server that handles actual connection requests from clients.
It is setup for optional SSL client authentication: if a client sends a valid client certificate (only implants can do that), the connection is forwarded to the 'Honeycomb' toolserver that communicates with the implant.
If a valid certificate is missing (which is the case if someone tries to open the cover domain website by accident), the traffic is forwarded to a cover server that delivers an unsuspicious looking website.
The Honeycomb toolserver receives exfiltrated information from the implant; an operator can also task the implant to execute jobs on the target computer, so the toolserver acts as a C2 (command and control) server for the implant.
Similar functionality (though limited to Windows) is provided by the RickBobby project.
See the classified user and developer guides for HIVE.

Frequently Asked Questions

Why now?
WikiLeaks published as soon as its verification and analysis were ready. In February the Trump administration has issued an Executive Order calling for a "Cyberwar" review to be prepared within 30 days.
While the review increases the timeliness and relevance of the publication it did not play a role in setting the publication date.
Redactions
Names, email addresses and external IP addresses have been redacted in the released pages (70,875 redactions in total) until further analysis is complete. Over-redaction: Some items may have been redacted that are not employees, contractors, targets or otherwise related to the agency, but are, for example, authors of documentation for otherwise public projects that are used by the agency.
Identity vs. person: the redacted names are replaced by user IDs (numbers) to allow readers to assign multiple pages to a single author. Given the redaction process used a single person may be represented by more than one assigned identifier but no identifier refers to more than one real person.
Archive attachments (zip, tar.gz, ...), are replaced with a PDF listing all the file names in the archive. As the archive content is assessed it may be made available; until then the archive is redacted.
Attachments with other binary content, are replaced by a hex dump of the content to prevent accidental invocation of binaries that may have been infected with weaponized CIA malware. As the content is assessed it may be made available; until then the content is redacted.
Tens of thousands of routable IP addresses references, (including more than 22 thousand within the United States) that correspond to possible targets, CIA covert listening post servers, intermediary and test systems, are redacted for further exclusive investigation.
Binary files of non-public origin, are only available as dumps to prevent accidental invocation of CIA malware infected binaries.
Organizational Chart
The organizational chart (far above image) corresponds to the material published by WikiLeaks so far.
Since the organizational structure of the CIA below the level of Directorates is not public, the placement of the EDG and its branches within the org chart of the agency is reconstructed from information contained in the documents released so far.
It is intended to be used as a rough outline of the internal organization; please be aware that the reconstructed org chart is incomplete and that internal reorganizations occur frequently.
Wiki pages
"Year Zero" contains 7818 web pages with 943 attachments from the internal development groupware. The software used for this purpose is called Confluence, a proprietary software from Atlassian.
Webpages in this system (like in Wikipedia) have a version history that can provide interesting insights on how a document evolved over time; the 7818 documents include these page histories for 1136 latest versions.
The order of named pages within each level is determined by date (oldest first). Page content is not present if it was originally dynamically created by the Confluence software (as indicated on the re-constructed page).
What time period is covered?
The years 2013 to 2016. The sort order of the pages within each level is determined by date (oldest first).
WikiLeaks has obtained the CIA's creation/last modification date for each page but these do not yet appear for technical reasons. Usually the date can be discerned or approximated from the content and the page order.
If it is critical to know the exact time/date contact WikiLeaks.
What is "Vault 7"
"Vault 7" is a substantial collection of material about CIA activities obtained by WikiLeaks.
When was each part of "Vault 7" obtained?
Part one was obtained recently and covers through 2016. Details on the other parts will be available at the time of publication.
Is each part of "Vault 7" from a different source?
Details on the other parts will be available at the time of publication.
What is the total size of "Vault 7"?
The series is the largest intelligence publication in history.
How did WikiLeaks obtain each part of "Vault 7"?
Sources trust WikiLeaks to not reveal information that might help identify them.
Isn't WikiLeaks worried that the CIA will act against its staff to stop the series?
No. That would be certainly counter-productive.
Has WikiLeaks already 'mined' all the best stories?
No. WikiLeaks has intentionally not written up hundreds of impactful stories to encourage others to find them and so create expertise in the area for subsequent parts in the series. They're there.
Look. Those who demonstrate journalistic excellence may be considered for early access to future parts.
Won't other journalists find all the best stories before me?
Unlikely. There are very considerably more stories than there are journalists or academics who are in a position to write them.
submitted by CuteBananaMuffin to conspiracy [link] [comments]

A comparison of four visual story apps: Choices, Arcana, Lovestruck and Chapters

I decided to write up a chart comparing four of the visual story games I've played and how they compare in some respects. Not going to try and judge the writing quality of the games, while Chapters is obviously the least-quality on this metric I'll leave it to everyone to decide quality among the other three. I'm not trying to rank any one as better than the other! I think it should be pretty evident from my comparison that all of them have strengths and weaknesses.
There are a couple more games coming out (Storyscape is probably the most anticipated one) but they're still changing things so I didn't include them. I also didn't include Episode because I honestly have no clue which stories are featured / written by their team and I know most people don't play the "official" stories anyway, so it's kinda pointless to compare.
These four games are:
Since all of these apps have different names for the same things, I tried to standardize the terminology...
Choices: Stories You Play The Arcana: A Mystic Romance Lovestruck: Choose Your Romance Chapters: Interactive Stories
Release Date (App Store) 8/17/2016 10/22/2016 3/1/2017 10/27/2017
App Store Age Rating 12+ 12+ 17+ 17+
Passes are Called Keys Keys Tickets Tickets
Maximum Number of Passes 2 3 2 2
Pass Regeneration Rate 3 hours 4 hours 2.5 hours 2 hours
Gems are Called Diamonds Coins Hearts Diamonds
MC Visual Customization? Yes No No Yes
MC Gender Majority female (several stories have male options) Male/Female/Non-binary Female-only Almost all female (1 male-only story)
LI Gender Majority male (all but 1 story have at least 1 female LI) 3 Male, 2 female, 1 non-binary Male/Female (new releases are 50/50, 2 non-binary) Almost all male (2 female LI stories)
Watch Ads to Earn Gems? Yes Yes (beta) No Yes
Play Games to Earn Gems? No Yes No No
Check-in Daily to Earn Gems? Yes Yes Yes* (daily puzzle piece) Yes
Play Chapters to Earn Gems? Yes No Yes* (Romantic Quests) No
Number of Unique Series 35+ 1 (6 books) 14 100+
Series Types Both continuing series and stand-alones 1 continuing series Almost all continuing series (several stand-alones) Almost all stand-alones (two continuing series)
Average Chapters in Book ~15-18 22 (full) 12 (19 for earlier books) ~18-20
Average Choices per Book ~10-15 ~7-15 ~3-6 ~7-15
Can You Collect CGs? No* (they exist, but you can't collect them in one place) Yes Yes No
Do Choices Affect the Story? Yes Yes (upright/reversed endings) No* (some older books have thrilling/passionate endings) No
Are Series in Same Universe? Yes Yes Yes No

MC/LI Choices

Earning Passes/Gems

Gameplay

Stories & Genres

Genre Choices Lovestruck Chapters
Action The Heist: Romance, Most Wanted Gangsters in Love, Villainous Nights Bad Boy Blues
Fantasy The Crown & The Flame, The Elementalists Love & Legends, Reigning Passions Robin Hood
Historical A Courtesan of Rome, Desire & Decorum Speakeasy Tonight 50 Ways to Ruin a Rake
Horror It Lives Series N/A N/A
Mystery Veil of Secrets Castaway Dirty Little Secrets, Uninvited
Paranormal Bloodbound, Nightbound Havenfall is for Lovers Lux, Love at Stake
Science Fiction Across the Void Starship Promise Court of Nightfall, The Wandering Earth

History

Demographics

Here's a chart by gendesexual orientation for which game gives you the most options / fits a particular demographic best in my opinion:
Gender x Male LIs x Female LIs x Non-binary LIs
Female All apps but esp. Chapters Lovestruck, Choices Lovestruck
Male Choices, Arcana Choices Arcana
Non-binary Arcana Arcana Arcana
Let me know what you guys think, and if you can add another app to compare let me know too...
submitted by kori_no_ryu to Lovestruck [link] [comments]

Vampyr - Review Thread

Game Information

Game Title: Vampyr
Genre: Action role-playing game, third-person
Platforms: PlayStation 4, Xbox One, PC
Media: Concept Teaser
E3 2016 Trailer
Pre-Alpha Gameplay Trailer
'The Darkness Within'
E3 2017 Trailer
Dontnod Presents Vampyr - Webseries Playlist
Story Trailer
'Becoming the Monster' Trailer
Launch Trailer
Developer: DONTNOD Entertainment Info
Publisher: Focus Home Interactive
Price: PC - $49.99 USD
PS4, XB1 - $59.99 USD
Release Date: June 4th, 2018
More Info: Vampyr | Wikipedia Page)
Review Aggregator:
OpenCritic - 73 [Cross-Platform] Current Score Distribution
MetaCritic - 72 [PS4]
MetaCritic - 71 [XB1]
MetaCritic - 74 [PC]
Bloody arbitrary list of past DONTNOD games -
Entry Score Platform, Year, # of Critics
Remember Me 70 X360, 2013, 42 critics
Life Is Strange 85 PS4, 2015, 23 critics

Reviews

Website/Author Aggregates' Score ~ Critic's Score Quote Platform
AngryCentaurGaming - Jeremy Penter Buy ~ Buy This is absolutely a 'Buy', it is well worth it at full price on the consoles and for the 45 it is available on Steam for. The game does betray its "double-A" budget at times, but to me, Vampyr is a great example of a title doing something different that I'm not sure a AAA company company would do. A lot of the safeguards that we see, even in some other AA games, when it comes to society's impacts and the social decisions you can make are gone here. Those consequences hard-felt and they are instant, and the inevitable character death of somebody that you actually like is gonna hit you even more. Combat's fun and not perfect, but it works to keep you engaged as well. At 25 hours without doing everything with so many different ways and situations this can play out, I would assume two playthroughs at minimum is what I'll do with this title, and it really does show that a game can be far more than the sum of its parts, and certainly not reflect just the budget. PS4, XB1, PC
Player2.net.au - Matt Hewson Unscored ~ Unscored A beautifully told gothic tale with interesting skill systems and some fun combat is only let down by window dressing and a location that feels like a stage and not an actual city. Vampyr might not be the game of the year, but it is certainly going to be one of the most interesting titles we see in 2018 and, sales permitting, a title that will only get better in future sequels. PS4, XB1, PC
Eurogamer - Aoife Wilson Unscored ~ Not Recommended Dontnod takes a thrillingly Gothic perspective on early 19th century London, but squanders it in a dreary and indecisive adventure. PS4
VG247 - Marshall Lemon Unscored ~ Unscored Vampyr is an ambitious masterpiece with forgivable flaws
Rock, Paper, Shotgun - Alec Meer Unscored ~ Unscored I'm left frustrated that Vampyr falls short of truly combining a smart choose-your-own-adventure game with a meaty action one. PC
Polygon - Charlie Hall Review-in-Progress ~ Review-In-Progress The easy way out for Dontnod would have been to take the most time-worn tropes from dime store horror novels, season to taste with period melodrama and serve it all up for players to enjoy. Vampyr reaches for more, and I'm very interested to see if the finale does it all justice
Nerd Much? - Rhys Pugatschew 90 ~ 9 / 10 Victorian vampires have never been so intriguing and exciting as they are in Vampyr. PS4
GameSkinny - Autumn Fish 90 ~ 9 / 10 stars Vampyr is a brilliant single-player RPG with deep social mechanics that make playing as a vampire a truly unique and satisfying experience. PC
COGconnected - Garrett Drake 88 ~ 88 / 100 Witnessing a studio succeed beyond what their audience expects of them is always a pleasure, and DONTNOD Entertainment has done just that with Vampyr. Whether you're intrigued by the idea of stalking London as a bloodthirsty vampire or expressly fancy a rock-solid ARPG, consider sinking your teeth into this gem. PS4
Hobby Consolas - Álvaro Alonso - Spanish 88 ~ 88 / 100 Even with it's noticeable flaws, Vampyr has the potential to be the new cult gem among vampire lovers. If you can see beyond technical limitations, the story and characters will trap you within their arms and suck until the very last drop of... your time. PS4
Cerealkillerz - Gabriel Bogdan - German 87 ~ 8.7 / 10 Vampyr exceeds all expectations and delivers a thrilling vampire adventure with great storytelling and a gameplay that borrows the right elements from games like Bloodborne. If you can live with some longer loading screens and a missing fast travel option you'll get a well made Action-RPG with lots of enjoyable content. PS4
DualShockers - Tanner Pierce 85 ~ 8.5 / 10 While a couple of technical issues stop it from being a masterpiece, Vampyr is still a fantastic title that will keep you entertained for hours. PS4
GameSpace - Brandedwolf 85 ~ 8.5 / 10 If you enjoy your story a bit on the darker side and making choices that matter, then give Vampyr a try. PC
GamingTrend - Ron Burke 85 ~ 85 / 100 Vampyr manages to deliver on its promise to make choices matter. Every decision has implications that spider out in unseen directions, often far into the future. While there are some wobbles in terms of combat and load times, the engaging storyline and premise carry this title far. PC
PlayStation Universe - Neil Bolt 80 ~ 8 / 10 There's no denying that Vampyr has some mighty rough edges to it and combat that is decent, but unspectacular. Yet there's a delicious sense of place to it that makes it undeniably interesting to get stuck into. Many of the game's flaws melt away as you get lost in the moody grime of this alternate version of wartime London. The most important job Vampyr had to do was to present a compelling game about the tragic romanticism of being a vampire, and the fight for retaining humanity or embracing the unnatural power it brings. Vampyr does drop the ball on many small things, but it does that important job superbly. PS4
Twinfinite - Alex Gibson 80 ~ 4 / 5 Ultimately, the sum of Vampyr's emphasis on story, combat, and progression combine to produce a video gaming experience that will appeal to those outside the RPG and adventure genres that it seeks to combine. My hope is that it finds its audience so that we might yet again see Dr. Reid on an even grander scale in the future. PS4
Total Gaming Network - Shawn Zipay 80 ~ 4 / 5 stars Aside from a few technical issues, Vampyr delivers one of the most engaging action-RPGs in recent memory. It is a game where everything and everyone is connected through some fantastic gameplay design and yes, your choices do actually matter here. PC
IGN Spain - Jose A. Rodríguez - Spanish 80 ~ 8 / 10 An amazing game full of darkness, vampires and blood in the London of the first quarter of the 20th Century. A great mix of exploration, conversations and hard ecounters with dangerous creatures of the night. PS4
SelectButton - Kevin Mitchell 80 ~ 8 / 10 Although Vampyr's combat system is thoroughly satisfying, it's the dark atmosphere and narrative that genuinely makes the game a must-have. Your choices define the experience, altering a world full of discovery and intrigue all around you. Do you give in to your blight and feast upon the weak and unworthy inhabitants of London or do you become their salvation? It should take you anywhere from 20-30 hours to complete the narrative, but if you want to see all of the possible endings, you'll have to play through multiple times, altering your choices and decisions regarding the lives of the citizens. PC
Hardcore Gamer - Jordan Helm 80 ~ 4 / 5 It takes some doing to find a middle-ground between two such conflicting genres, but Dontnod have done a terrific job marrying Adventure and Action RPG elements into a pleasant and modestly cohesive whole. PC
Tech Advisor - Lewis Painter 80 ~ 4 / 5 stars If you're looking for a story-focused RPG, Vampyr is a solid option. It offers in-depth conversation options, game-changing choices to make and an intriguing storyline full of plot twists and betrayal.
EGM - Emma Schaefer 80 ~ 8 / 10 Vampyr walks a fine line between narrative storytelling and action-oriented combat, trying to appeal to fans of both genres and mostly succeeding. Though the game lacks polish in many areas, it stars a clever morality system that entices players towards both good and evil deeds, a well-rounded web of background NPCs, and an intriguing overall narrative of an undead doctor investigating the spread of the Spanish Influenza, making Vampyr a treat for any vampire fan. PC
Wccftech - Rosh Kelly 80 ~ 8 / 10 Dontnod worked hard to create an immersive, dark world to explore and it succeeds in doing so. Despite some boring conversations, most of the world of Vampyr is an exciting, dangerous place and if nothing else, being a vampire in here is also very fun. PS4
TrustedReviews - Andi Hamilton 80 ~ 4 / 5 stars Vampyr might not be what many wanted after Life Is Strange, but it’s still an enjoyable – well, as enjoyable as its grim nature allows – game nonetheless. It follows the modern action RPG template almost to a fault, but the agency the player has in shaping the districts by disease control and straight up murder is a lot more interesting than some of the moments in other games within the genre, where they present you a binary choice that pushes the plot forward. It’s a decent idea holding up an otherwise solid game, but overall Vampyr is worth a look if you’re looking for something to plug the gap in your life in this post- Witcher 3 world. PS4
GamesBeat - Anthony John Agnello 75 ~ 75 / 100 At no point in Vampyr did I have fun following trails of blood, mixing antiquated remedies out of opium, or bludgeoning some Crucifix wielding goon in a mask for the 50th time. But I was constantly compelled forward to find out what next grim choice it would give me, anxious to spend yet another night in one of its safehouses to see if my efforts to keep London's souls alive another day had worked. PS4
WellPlayed - Kieran Stockton 75 ~ 7.5 / 10 If you can fight your way through some technical issues, a good story and interesting action RPG mechanics can make for a bloody good time PS4
Just Push Start - Grant E. Gaines 73 ~ 7.3 / 10 Vampyr is a hard game to review, because there is enough to warrant a low score, yet the experience is satisfying enough to make up for this. For better or worse, giving answers and explaining things make it easier to invest in the story, with the conclusion certainly being worth the time. The ability to interact with NPCs, heal them, figure out more about the world and extract new information also adds a lot. It’s just, when it comes to gameplay, Vampyr falls short. With loading screens being common when players move too fast, combat often being more about managing stamina, difficulty stemming from how willing are you to kill innocent people and a needlessly frustrating waypoint system, it’s easy to get frustrated. With this in mind, anyone looking for a vampire romance story or just want to experience a world filled with answers should consider picking Vampyr up, where as action-RPG or open world fans can probably skip it. PS4
Heavy - Collin MacGregor 75 ~ 7.5 / 10 Vampyr is a bloody good time that is marred by some tedious mechanics and some technical issues. Hitting a game-breaking bug certainly soured my experience, but the wonderfully written characters kept me going until the credits rolled. This may not be a perfect RPG, but Vampyr is still a fun time for those wanting something a bit darker in their games. PC
VideoGamer - Alice Bell 70 ~ 7 / 10 Vampyr serves delicious ladles of angst and drama with a hearty slice of excellent, morally grey choice system that will genuinely surprise you, all wrapped up in a wonderfully gloomy London. It's just a shame the combat turns a bit sour. PS4
Rocket Chainsaw - Adam Ghiggino 70 ~ 3.5 / 5 stars Tying hard moral decisions to real gameplay in a compelling open-world RPG is an ambitious goal, and it’s one that Vampyr achieves to an extent. PS4
GamesRadar+ - Leon Hurley 70 ~ 3.5 / 5 stars As much a detective story as a horror one, Vampyr rewards you for taking an interest in the people around you and tests your moral compass with a lack of black and white options.
GameSpot - Justin Clark 70 ~ 7 / 10 Dontnod follows up Life Is Strange with a surprisingly enthralling supernatural thriller. PS4, PC
IGN - Brandin Tyrrel 70 ~ 7 / 10 Vampyr is a slow burn of an RPG, taking its time to ramp up its intriguing blend of science and the supernatural in an elaborately gloomy version of London. When it gets going you can see the potential of the way it offers you more power if you consume its interesting citizens. But Vampyr never commits to this idea to the point where I felt I needed to make that sacrifice to succeed in its relatively simple combat, which leaves it feeling toothless and vulnerable to having a lot of its fun sucked away by technical issues, despite its genuinely engaging story. PS4
Metro GameCentral - GameCentral 70 ~ 7 / 10 An inspired use of the usual vampire clichés with some fascinating moral decisions to make, that always impact the game world and its combat in unexpected ways. PS4
PC Gamer - Andy Kelly 68 ~ 68 / 100 There are some brilliant, original ideas in here, but Vampyr tries to do too much at once and suffers for it. PC
GameMAG - ACE - Russian 60 ~ 6 / 10 Vampyr did not live up to our expectations and did not reach the level of Life is Strange. So, if If you were expecting another Dontnod masterpiece, you'll be disappointed. If you're interested in setting, then it's probably worth a try, but only at a discount price. PC
Destructoid - Kevin Mersereau 60 ~ 6 / 10 The story may be a tad lackluster, and the combat may be clunky as hell, but Vampyr does offer a compelling adventure for those looking for some blood-sucking fun. It also manages to effectively make you feel like a creature of the night at times. Unfortunately, the frequent technical issues sapped just about every ounce of joy from the experience, leaving this digital world a dry, lifeless husk. PS4
TheSixthAxis - Aran Suddi 60 ~ 6 / 10 Much like its early 20th century setting, Vampyr feels like a bit of a throwback to a past age of action RPGs. In a time where the genre is evolving Vampyr holds on to past ideas for much of its tenure, and it doesn't have a story strong enough to overcome that fact. The world itself is ripe for lots of stories to be told within, with Dontnod having done a good job with world building, but while Vampyr isn't a bad game, nor is it as great as it could be. PS4
RPG Site - Kyle Campbell 60 ~ 6 / 10 Vampyr is ambitious for sure, but with ambition comes risk, and unfortunately, here it provides very little in the way of rewards. PC
Cubed3 - Renan Fontes 60 ~ 6 / 10 Although flawed and at times painfully inconsistent, Vampyr manages to offer relatively engaging gameplay in spite of a lack of overall polish. Combat is stiff and quite mindless, but Jonathan's progression deeper into Vampiredom is handled well and the abilities at his disposal go a long way towards masking some of the more mundane aspects of the battle system. It's more whether or not Jonathan decides to prey on the people of London, and its consequences, that keep the experience fresh. There's a trade off between making Jonathan and keeping districts stable, each one offering their own benefits. There are technical issues, and the performance is lacking on every front, but Vampyr has enough going for it conceptually that it's worth sinking some time into, if only to be a vampire in 20th century London. PS4
Push Square - Glen Fox 60 ~ 6 / 10 Vampyr has a ton of interesting ideas, an intriguing world, and a great cast of characters, but is ultimately let down by its narrow-minded focus on unnecessary combat. PS4
USgamer - Hirun Cryer 60 ~ 3 / 5 stars Vampyr unfortunately flounders after building some solid foundations in the opening hours. London feels like a city on a knife edge, and the citizens prove to be an inviting cast of creative characters. But Vampyr then lures you into sacrificing these characters, cutting out a key part of the game, all to have a hope of standing up to the horrors that await you in the shadows of London. PS4
TechRaptor - Robert Grosso 60 ~ 6 / 10 Vampyr has a lot of good ideas, but its execution is sorely lacking in most areas. It is a game that is competent in terms of its systems, but ultimately fairly boring to play. PS4
Game Revolution - Matt Utley 50 ~ 2.5 / 5 stars Vampyr feels like a dug-up PlayStation 2 game. It wears its ambition on its sleeve, even if it looks at times to be wearing a tank top. The underlying game mechanics require a certain amount of suspension of disbelief, but those that can will find an entertaining penny dreadful. PS4
Slant Magazine - Steven Scaife 50 ~ 2.5 / 5 stars Rather than going for size in the character roster, Dontnod might have done better to shoot for complexity. PC
We Got This Covered - David Morgan 50 ~ 2.5 / 5 stars Vampyr competently displays an understanding of combat, dialogue, and narrative choice, but it never rises above mediocrity, and is an utter failure on a technical level. The aesthetic of the world is the best thing on display, but beyond it lies a derivative title that fails to leave a lasting impression. PS4
EDIT - Well ain't this confusing. This was the first review thread posted, which was removed by automod I'm assuming. There was another thread posted after this that is now removed and this one is back up (Just in case anyone needs context). I'll be back to updating!
EDIT 2 - Apparently automod was NOT the reason the thread was removed, it was reddit itself that removed this thread because of one of the websites being flagged for spam.
EDIT 3 - Would people rather have reviews be ordered by website names in alphabetical order or ascending/descending list of scores or completely random?
submitted by ninjyte to Games [link] [comments]

A Comprehensive Guide on Securing Your System, Archives and Documents

A Comprehensive Guide on Securing Your System, Archives and Documents
How can you make your system and documents secure? Today, 256-bit AES encryption is offered by everyone and their dog. However, AES encryption does not mean much (or anything at all) when it comes to the real security of your data. Implementing encryption at the right time and in the right spot is no less important than choosing strong encryption credentials and managing the encryption keys.
While the previous part may sound a bit complicated, it all comes down to much simpler things than choosing the strongest encryption algorithm or selecting the length of the encryption key. If you are a Windows user, it all comes down to choosing the optimal data protection strategy for your particular usage scenario; protecting your storage media and the data you keep on them.

Defining your goals

Before you start considering encrypting your hard drives and files, make sure to define your objectives. What information would you like to protect? What threats do you consider important, less important and quite improbable?

Full-disk encryption part I: protecting your boot device

A reliable system protection is impossible without protecting your boot device. An unencrypted boot device (disk C: on most systems) allows for way too many vectors of attack ranging from hibernation and page file analysis to instant extraction of stored passwords from your Web browser vault. In other words, securing your boot device with BitLocker is an absolutely mandatory preliminary step and the most important security layer.
  • Availability: Windows 10 Professional and higher with TPM2.0, Intel PTT or Group Policy edit; all Windows editions for device encryption in thin and light devices meeting minimum requirements.
    • Note: although Windows 10 Home cannot natively create new BitLocker volumes, it can unlock BitLocker encrypted drives with full read-write access
  • Physical access, hard drive only: strong protection
  • Physical access, entire computer: it’s complicated
  • Other users on the same computer: not applicable
  • Malware/ransomware: not applicable
  • Online attacks: not applicable
  • Usage cases: protect data against theft of computer or hard drive; protect data if hard drives are sold or RMA’d; protect data against physical extraction.
If your computer meets the requirements (namely, the presence of a hardware TPM2.0 module or software-based Intel Platform Trust Technology), enabling BitLocker on your computer can be as easy as opening the Control Panel and launching the BitLocker Drive Encryption applet. Note that not all editions of Windows 10 can use BitLocker protection.
We have a comprehensive article on BitLocker protection in our blog, which is highly recommended. Introduction to BitLocker: Protecting Your System Disk
What caveats are there when it comes to securing data against physical extraction? The thing is, while BitLocker is nearly a 100% effective solution for protecting the bare drive, it might not be as secure if the intruder has access to the entire computer with the hard drive installed. Even if your computer is equipped with a TPM2.0/Intel PTT module, Windows will still unlock the encrypted hard drive if Secure Boot conditions are met. This in turn opens numerous vectors of attack that may allow the intruder to intercept the on-the-fly BitLocker encryption key and decrypt the hard drive. These vectors of attack include:
  1. Making a RAM image of a running computer with BitLocker volume(s) mounted. This can be done via a Thunderbolt attack (Windows, by default, does not disable Thunderbolt DMA access when locked) or a cold boot attack.
  2. Breaking or extracting your Windows logon password (e.g. extracting from your Google account, your smartphone, or from another computer you have logged in and synced your data to).
  3. Obtaining your BitLocker Recovery Key from your Microsoft Account or Active Directory.
Advanced users and system administrators can read the following guide to secure their BitLocker volumes: BitLocker recovery guide

Full-disk encryption part II: protecting external storage devices

BitLocker is good not only for protecting your boot device, but for encrypting data on other volumes, built-in and removable. BitLocker protects external storage devices with BitLocker To Go, an encryption algorithm based on a password. In addition to passwords, external drives encrypted with BitLocker To Go have an option to unlock with a smart card on another computer by using BitLocker Drive Encryption in Control Panel. Finally, users can opt to make their encrypted external devices automatically unlock when connected to their (trusted) computer.
  • Availability:
    • Encrypt external devices: Windows 10 Professional and Enterprise
    • Access BitLocker encrypted devices: although Windows 10 Home cannot natively encrypt drives with BitLocker, it can access BitLocker encrypted drives with full read-write access
  • Physical access, device only: protection as strong as your password
  • Physical access, entire computer: it’s complicated (see previous chapter)
    • Note: if you enabled the option “Unlock automatically on this PC”, then effectively no protection
  • Other users on the same computer: strong protection if offline/not mounted
  • Malware/ransomware: strong protection if offline/not mounted
  • Online attacks: strong protection if offline/not mounted
  • Usage cases: protect data stored on external storage devices such as external drive enclosures, USB flash drives etc.
Unlike system drive encryption, BitLocker To Go does not support multifactor authentication. This means you cannot use TPM protection as an additional form of authentication. You can, however, make BitLocker To Go devices unlock automatically when they are inserted in your (trusted) computer, which carries obvious security implications.

Full-disk encryption part III: using third-party crypto containers

I put it here just for the sake of completeness. If you are considering using a crypto-container such as VeraCrypt or PGP, you probably know what it is good for and how to use it. I’ll just add several things that aren’t immediately obvious when you set up encryption. In fact, the two things are so non-obvious that many coach experts have it backwards. (The right way: Choosing the right hashing algorithm – it’s all about slowness).
  • Availability: VeraCrypt is available on most relevant platforms
  • Physical access, hard drive only: very strong protection unless misconfigured
    • Misconfiguration examples: volume stays mounted when computer sleeps or hibernates; volume stays mounted when computer is locked (matter of security vs. convenience); volume unlocked with security key (e.g. USB flash drive) and no password (if USB flash drive is discovered)
  • Physical access, entire computer:
    • volume not mounted at time of analysis: very strong protection
    • volume mounted: very little protection
  • Other users on the same computer
    • volume not mounted at time of analysis: very strong protection
    • volume mounted: very little protection
  • Malware/ransomware: same as above
  • Online attacks: same as above
  • Usage cases: protect data against theft of computer or hard drive; protect data if hard drives are sold or RMA’d; protect data against physical extraction.
The choice of encryption algorithm (spoiler: use AES)
Crypto containers such as VeraCrypt offer the choice of several (actually, multiple) encryption algorithms that range from the industry-standard AES to some quite exotic algorithms such as Serpent or Kuznyechik. For the paranoiacs among us, VeraCrypt offers stacked encryption (e.g. the Serpent(AES) option). The thing is, the choice of an encryption algorithm does not affect the security of your data (unless you pick an algorithm with known or suspected vulnerabilities; finger pointed to Kuznyechik).
The choice of encryption algorithm does not affect the security of your data. A single round AES-256 encryption will be exactly as secure as Serpent(AES) or Serpent(Twofish(AES)). Moreover, the choice of encryption does not even affect the recovery speed (the speed of brute-force attacks on your password)!
Considering that AES is the only hardware-accelerated encryption algorithm in all reasonably modern processors, choosing any encryption algorithm other than AES-256 will unnecessarily slow down your reads and writes (expect a difference of 2 to 3 orders of magnitude in theoretical RAM-to-RAM encryption speeds) without providing any additional security benefit.
If choosing an encryption algorithm other than AES does not affect security, then what does?
The choice of hashing algorithm
When VeraCrypt encrypts (or decrypts) your data, it is using a binary encryption key to perform symmetric cryptographic operations. This media encryption key (MEK) is stored along with the encrypted data. The Media Encryption Key (MEK) is encrypted with a Key Encryption Key (KEK), which, in turn, is the result of multiple (hundreds of thousands) iterative hash operations performed on the user’s password.
In other words, when you type a password, the crypto container will perform a calculation of a certain hash function, and repeat that a 100,000 times or more (in order to deliberately slow down brute-force attacks).
If you want to make your encrypted volume more secure, you can change one of the two things:
  1. Increase the number of hash iterations
  2. Don’t use defaults
  3. Choose a slower hash function
VeraCrypt allows modifying the number of hash iterations by adjusting the PIM (Personal Iterations Multiplier); here is the how-to. The PIM value controls the number of iterations that is used to derive the encryption key from the password that you type. This value can be specified through the password dialog or in the command line. If you don’t manually specify the PIM value, VeraCrypt will use the default number of iterations, which is bad because (2). For SHA-512 or Whirlpool (the two recommended choices), VeraCrypt defaults to Iterations = 15000 + (PIM x 1000).
Why would you want to change the number of hash iterations? Because an attacker will first try to break your password using the defaults. Most tools used by the attackers to brute-force your password will first run the attack using all-defaults: the default encryption algorithm (AES), hash function (SHA-512) and PIM. Changing the PIM value is an easy way to substantially increase security without making your password more complex. Changing the hashing algorithm from default (SHA-512) to Whirlpool also makes sense in this context.
Which brings us to the choice of a hashing algorithm. VeraCrypt offers the choice of SHA-512 (slow, good choice), Whirlpool (slower, even better choice), SHA-256 (slow, but not as slow as SHA-512, use other hash instead), and Streebog (untested). Choosing the right hashing algorithm – it’s all about slowness has some benchmarks and some good explanations; highly recommended. Selecting Whirlpool makes a lot of sense because a) it is slower than SHA-512 (thus will be significantly slower to attack), and b) it is a non-default selection, which significantly increases the complexity of the attack.

File system encryption: when and how to use EFS

If you read the Wikipedia article about Microsoft Encrypting File System (EFS), you’ll get that EFS has been introduced in NTFS 3.0 in order to provides file system level encryption. The article reads: “The technology enables files to be transparently encrypted to protect confidential data from attackers with physical access to the computer.”
While all of that is interesting, neither statement explains who and, most importantly, why should be using EFS, and what exactly the encrypting file system protects against.
  • Availability: all versions and all editions of Windows 10 (and most older versions of Windows)
  • Physical access, hard drive only: as strong as your Windows account password
  • Physical access, entire computer: same as above
  • Other users on the same computer: effective protection
  • Malware/ransomware: not applicable
  • Online attacks: not applicable
  • Usage cases: protect your documents from other users of your computer; an extra layer of security on BitLocker-protected drives; reasonably strong, very easy and fully transparent document encryption on computers where BitLocker is not supported.
What does EFS protect against, and who should be using it?
The purpose of Encrypting File System is protecting your data from users who share your computer. If you have a PC with several users, and each user has their own Windows login (as opposed to sharing a single Windows account), activating EFS encryption is the easiest way to protect your files from being accessed by those other users.
What is the relation between EFS and BitLocker, and which one should you use?
BitLocker protects your entire system volume. Any user who can log in to your computer will unlock the system volume. If a user has administrative privileges (or can escalate a non-admin account by using an exploit), he or she will also gain access to files and documents stored in other users’ accounts on that computer.
Encrypting File System, on the other hand, only protects selected folders. It won’t, for example, protect your instant messenger databases or encrypt your browsing history. It’s mostly just for documents, pictures and videos you keep in your account. However, EFS will effectively protect those files against other users who can log on to your computer, even if they have administrative privileges.
If an attacker got physical access to the computer, BitLocker is the first line of defence. Relying solely on EFS to secure the PC against attacks with physical access is not the best idea.
How does it all work? It’s actually quite simple. Right-click on a file or folder you’d like to encrypt, select Properties and click the Advanced button in the General tab. In the Advanced Attributes dialog select Encrypt contents to secure data and click OK.

https://preview.redd.it/742u0dpqdjc41.png?width=1019&format=png&auto=webp&s=26dcec93aba51d314531f65c6e68ac12302bc88f
This is it. Windows will now encrypt the selected file or folder with your Windows logon credentials. There are no passwords to type and no encryption keys to save.
There is a certain drawback to using EFS encryption. If you ever forget your Windows password and have to reset it from a separate Administrator account (or your domain administrator resets the password for you), the EFS encryption keys will be lost, and you will be unable to decrypt your data without going through the data recovery process with Elcomsoft Advanced EFS Data Recovery. Note that you must recover your Windows password in order to decrypt the files. However, if you simply change your Windows password by following the normal procedure (typing your old password followed by entering the new one), you will be fine.

Document encryption

Encrypting individual documents is an important part of multi-layer security. Microsoft Office apps can use passwords to encrypt the documents’ content. No one without a password should be able to decrypt the document.
  • Availability: all versions of Microsoft Office
  • Security: depends on the version of Microsoft Office, the file format you’re using to save the files and the strength of your password.
  • Physical access, hard drive only: strong protection (with caveats)
  • Physical access, entire computer: strong protection (with caveats)
  • Other users on the same computer: strong protection (with caveats)
  • Other users on your Local Area Network: strong protection (with caveats)
  • Malware/ransomware: content protection. Malware won’t be able to decrypt your files and read your data. However, malware/ransomware can still encrypt your files, effectively locking you out.
  • Online attacks: content protection. Strong protection against unauthorized data access; no protection against unauthorized deletion
  • Usage cases: protect the content of your documents against anyone who does not know the encryption password.
  • How to: Protect a document with a password
A million dollar question: if you are on a local area network, should you use EFS or document encryption to protect documents against other users on the same LAN? In this case, it’s better to use both. EFS will make it impossible to gain access to encrypted files and folders without knowing your Windows account/domain credentials. Password protection of individual documents will make documents difficult to break even if the attacker knows your logon credentials.
The caveats of document encryption
So what exactly does “strong protection (with caveats)” mean? The thing is, your documents are just as secure as the password you use to protect them. If you re-use a password you already stored in your browser cache or in the keychain, extracting that password and decrypting the documents will be a matter of minutes in many types of attacks.
What if you use a cryptographically strong and truly unique password to encrypt documents? Are these documents secure? The thing is, they will be just as secure as the office app permits them to be. In Microsoft Office encryption evolution: from Office 97 to Office 2019 I discussed the encryption algorithms and protection strength of Microsoft Office apps from the early days to the most current release.
Generally speaking, everything before Office 2000 was insecure (no protection). Office 2000, XP and Office 2003 had very weak encryption that can be usually broken in under a day.
Since Office 2007, Microsoft started taking encryption seriously. Office 2010, 2013, 2016, 2019 brought security to the new level, making encrypted documents very secure.
Okay, so you are using the latest Office and selected a strong password; are we secure now? The thing is, you’ll be just as secure as the document format allows. If you are using the newer DOCX/XLSX format (files with .docx / .xlsx extensions), you’re good. If, however, you are saving your documents in “compatibility” mode, you are sacrificing encryption and make your documents as vulnerable as if they were saved by an Office 2003 app.
Best practices:
  1. Use the latest version of Microsoft Office to save documents. If the latest version is not available, use at least Office 2013 (the newer the better).
  2. Never save documents in “compatibility” mode. Make sure that the files are DOCX/XLSX as opposed to DOC/XLS.
  3. Use a unique, cryptographically strong password to encrypt documents. Remember: if the password is broken once (e.g. pulled from your Google account or recovered from a document you accidentally saved in the “compatible” format), it will be used to break everything else, including documents with strong encryption.
  4. If you email an encrypted document, do use a unique, one-time password for that document, and never send both the document and the password in the same email. In fact, you should never send the password by email since that would allow an attacker who gained access to your email account to decrypt the document. Send the document and the password via separate communication channels (e.g. email / text message, chat or phone call).

Protecting backups and archives

Making regular backups is a common wisdom. Protecting those backups is a wisdom much less common. Once you make a backup, make sure to give it as strong a protection as your boot drive.
  1. Store backups on BitLocker-protected media. Even if your backup tool (e.g. the one built into Windows) does not support encryption, at very least your storage media is protected with full-disk encryption. Note: Windows 10 does support the recovery from BitLocker-protected disks. Just create a bootable install image from Microsoft Web site (use “Create Windows 10 installation media”).
  2. If your backup tool supports encryption, it may be a good idea to encrypt your backups (AND store them on a BitLocker-protected media). Note, however, that a backup tool will probably cache (store) your backup password on your computer to automatically encrypt new and incremental backups. For this reason, make sure to have a truly unique, never reused password for encrypting backups.
Individual folders are frequently backed up using common archive tools such as WinZip, 7Zip or WinRar. All of these tools offer the ability to encrypt archives with a password. While the encryption strength is different among the three formats (ZIP, 7Z and RAR), an up to date version of each tool provides adequate protection if you choose a reasonably complex password (e.g. 8 characters or more, combining small and capital letters with numbers and special characters). To achieve the best level of protection, do keep those archives on BitLocker-protected media.
Note that password recovery tools work significantly faster on ZIP/7Z/RAR compared to attacking BitLocker encryption or Office 2013 (and newer) documents. For this reason, never reuse your password, and make sure that your BitLocker media, your documents and your backups/archives use very different passwords (ideally, not based on the same pattern).
More information:

Cloud security: OneDrive Personal Vault

Microsoft started offering an extra layer of security to all users of its cloud storage service in the form of a Personal Vault. OneDrive Personal Vault helps secure your files both on your computer and in the cloud in the event that someone gains access to your account or your device.
Unlike ransomware protection, Personal Vault is available to all users of Microsoft OneDrive and not just to Office 365 subscribers. Technically speaking, Personal Vault is an area in the OneDrive folder on your computer and in the OneDrive cloud storage that features additional protection. You can only access this protected area after passing a strong authentication. If your Microsoft Account is protected with two-factor authentication, you will have to pass the second step of identity verification in addition to typing your Microsoft Account password.
Once configured, Personal Vault must be manually unlocked every time you need access to secured data. To unlock, you must type in your Microsoft Account password and pass the second authentication step if your account has two-factor authentication. Once you’ve finished accessing the data, Personal Vault will automatically relock after a short period of inactivity. Once locked, any files you were using will also lock and require re-authentication to access.
Setting up Personal Vault only takes a few clicks as outlined in Protect your OneDrive files in Personal Vault.
OneDrive Personal Vault is still new; no independent security analysis has been performed until today. In our view, Personal Vault is worth consideration as an extra security layer for some of the most private but rarely accessed types of data. Examples of such data may include BitLocker escrow keys and binary encryption keys, or the list of passwords some users store in encrypted Excel spreadsheets. I personally keep my two-factor authentication secrets (scanned QR codes to initialize the Authenticator app) in the Vault as well.
  • Physical access: unknown (not yet analyzed)
  • Other users on the same computer: strong protection
  • Malware/ransomware: strong protection (unless Personal Vault is unlocked at the time malware is running)
  • Online attacks: as strong as your Microsoft Account security
  • Usage cases: activate to add an extra layer of security for a handful of personal documents, encryption keys, 2fa secrets etc.

Ransomware protection

One of the most important threats not covered by any encryption is the type of malware called ransomware. Ransomware is a type of malware that threatens to either publish the data stolen from the victim or perpetually block access to the victim’s files by encrypting them with a key that is only known to the attacker. The term ‘ransomware’ has emerged from the fact that, on many cases, attackers demand a ransom payment to decrypt data.
Protecting your data against ransomware is a complex topic in itself. However, computer users can choose one or both of the following two defences when it comes to ransomware protection.
Ransomware protection is effective against the following threats.
  • Physical access: no protection
  • Other users on the same computer: no protection
  • Malware/ransomware: effective protection
  • Online attacks: as strong as your cloud account security
  • Usage cases: available automatically to Office 365 subscribers. Available to paid Dropbox users. Automatically protects files stored in OneDrive/Dropbox. Automatic alerts (OneDrive only). Automatic restore (OneDrive only); manual restore (Dropbox).
Use cloud storage with automatic ransomware protection
If you are using Windows 10, most likely you already have a Microsoft Account. The Microsoft Account gives you access to OneDrive, Microsoft’s cloud storage solution. The free tier includes 5 to 15 GB of online storage, while Office 365 subscribers receive the whole terabyte of cloud storage.
Microsoft actively promotes OneDrive Ransomware Protection. OneDrive automatically detects when the files are mass-deleted or mass-edited (such as when ransomware encrypts the entire Documents folder), alerts the user and prompts to restore the known-good snapshot. The File Restore feature is only available to Office 365 subscribers (Home and Personal levels are enough to receive protection).
More information at Ransomware detection and recovering your files.
If you prefer Dropbox to Microsoft OneDrive, Dropbox gets you covered against ransomware attacks, but mostly for higher-level paid tiers. Users of the free Basic tier as well as Plus subscribers can roll back individual encrypted files during the first 30 days after the attack (there will be no warning of mass-deletion of mass-encryption of files coming from the Dropbox app). If you want to roll back the entire Documents folder with Dropbox Rewind, you’ll need to be a paid Plus or Professional tier subscriber.
More information:
Make backup snapshots. Keep backup media offline
Once ransomware is installed on your computer, it will try to encrypt every document that is accessible. The obvious solution is making documents inaccessible by physically disconnecting backup media (such as using 2.5” portable USB drives to back up). In this scenario, you would only connect backup media to your computer when you actually want to make the backup, disconnecting the disk after the backup tool finishes its job. With this approach, even if your computer is attacked by ransomware, your offline backups will not be affected (unless you connected the external drive to the computer at the time the ransomware was installed).
In addition, configure your backup tool to keep snapshots of your data going back as long as permitted by available storage. In our office, an affordable 4TB USB hard drive can keep approximately 30 to 40 full snapshots of the Documents folder; this number becomes significantly larger if you enable incremental backups, with each snapshot saving only
More information:
submitted by Elcomsoft to computerforensics [link] [comments]

Tools & Info for SysAdmins - Mega Summary Q4 (Over 80 Items)

Hi sysadmin,
Each week I thought I'd post these SysAdmin tools, tips, tutorials etc with just one link to get it in your inbox each week (with extras). Let me know any ideas for future version in the comments!
This week is mega list of all the items we've featured to in the last 3 months, broken down into categories, for you to explore at your leisure. I hope you enjoy it.

Free Tools

Free MailFlow Monitor. Rejection / Delay Text Alerts, Group Policies, Alerts By SMTP Code, Trouble Shooting Tools including header analysis. MailFlow Monitor is EveryCloud’s (Our) free, cloud-based, round-trip tool that sends you an alert as soon as there is an issue with your email flow. Settings are adjustable to allow you to choose how much of a delay is acceptable and which types of bounce alerts you want to see. Helps you get to the bottom of a problem before users (or your boss) have even noticed it.

Postman is a popular, free app to make API development faster and easier. It offers a powerful GUI, saved history of requests, flexible monitoring, automated testing with collection runner, mock servers, and unlimited collections, environments, tests, and sharing. It also provides detailed documentation.

Microsoft Sysinternals Suite is all their utilities in one convenient file. Contains the all the individual troubleshooting tools as well as help files, but not non-troubleshooting tools like the BSOD Screen Saver or NotMyFault. A shout out to azers for recommending this one.

RichCopy is a simple tool written by a Microsoft engineer named Derk Benisch. It provides a much-appreciated graphical interface for the very popular Robocopy command-line utility.

Windows Update MiniTool is an alternative to the standard (and sometimes overbearing) Windows Update. It allows you to control updates by giving you the power to search, install, and block Windows updates in any way you like.

Space Monger gives you a graphical image of your whole disk, where large files and folders are easily identified. This handy tool can be run from a USB drive, so you don't even need to install it. Thanks for this one and Windows Update MiniTool go to mikedopp.

UNetbootin is a terrific, cross-platform utility for creating bootable live USB drives for Ubuntu and other Linux distributions without burning a CD. Thanks go to Gianks for this one.

CopyQ is a clipboard manager that adds some advanced editing and scripting capabilities. It monitors the system clipboard and saves text, HTML, images and more into customized tabs. From there, the saved content can be copied and pasted directly into any application. Clipboard history is easily searchable and can be filtered. Suggested by majkinetor.

Desktop Info provides a quick view of every kind of metric about your Windows system right on your desktop. The display looks like wallpaper but stays resident in memory and updates in real time. Gives you a quick way to monitor what any system is up to, while using very little memory and requiring almost nothing from the CPU. This one was recommended by mikedopp.

Healthstone is a lightweight, self-hosted, agent-based system-monitoring solution that runs lots of customizable health checks. The dashboard runs on a Windows or Linux server, and it has agents for the Windows and Linux hosts you want to monitor. You can customize the dashboard to send notifications via email, Pushbullet, or NodePoint tickets whenever a client stops checking in or any of the configured checks fail. Configuration is retrieved from the dashboard by all agents in the form of templates, which are stored in the templates folder and can be customized for your needs. Thanks to mikedopp for this one!

Rufus is another utility for formatting and creating bootable USB flash drives. This one works with MRB/GPT and BIOS/UEFI. Rufus is about twice as fast as UNetbootin, Universal USB Installer, or Windows 7 USB download tool when creating a Windows 7 USB installation drive from an ISO. It is also marginally faster for creating a Linux bootable USB from ISOs. We first heard of this one from Gianks, but there were quite a few others who shared the recommendation as well.

Axence netTools is a set of ten free tools for network scanning and monitoring. Includes: Netwatch (multiple host availability and response-time monitoring); Network port and service scanner; Wintools (view of launched processes/services, remote register editor and Windows event log view, HDD/RAM/CPU details, custom queries based on WMI protocol); TCP/IP workshop and SNMP browser; Traceroute; NetStat (list of inbound and outbound connections and open ports); Local info (tables with local configuration details, TCP/UDP stats); Lookup (DNS and WHOIS records); Bandwidth test; and NetCheck (LAN hardware and wiring quality check). This was recommended by DollarMindy as an "easy ping monitor with email alerts."

MediCat USB is a a bootable troubleshooting environment with Linux and Windows boot environments and troubleshooting tools. A complete Hiren's Boot Disk replacement for modern hardware that follows the Ubuntu release cycle with a new update released every 6 months. The DVD version was originally recommended to us by Spikerman "for when you need to helpdesk warrior."

MobaXterm is an enhanced terminal for remote computing. It brings all the key remote network tools (SSH, X11, RDP, VNC, FTP, MOSH) and Unix commands (bash, ls, cat, sed, grep, awk, rsync) to Windows desktop in a single, portable .exe file that works out of the box. The free version includes full X server and SSH support, remote desktop (RDP, VNC, Xdmcp), remote terminal (SSH, telnet, rlogin, Mosh), X11-Forwarding, automatic SFTP browser, plugins support, portable and installer versions but only 12 sessions, 2 SSH tunnels, 4 macros, and 360 seconds for Tftp/Nfs/Cron. Thanks go out to lazylion_ca for suggesting this one.

WinDirStat provides free, open-source graphical disk-usage analysis for MS Windows. You'll get a sub-tree view with disk-use percent and a list of file extensions ordered by usage. This tool was recommended by ohyeahwell, who likes to use it "for freespace as it can be deployed via ninite pro."

IIS Crypto allows administrators to enable or disable protocols, ciphers, hashes and key exchange algorithms on Windows Server 2008, 2012 and 2016. You can also reorder SSL/TLS cipher suites from IIS, implement best practices with a single click, create custom templates and test your website. Available in both command line and GUI versions. EOTFOFFTW tells us, “This tool has been very helpful in configuring SSL settings for Windows IIS servers.”

Ditto saves all your clipboard items so you can access them later. It works with anything that can be put on the clipboard—images, text, html and custom formats. The simple interface includes search and sync functions for ease of finding what you need. Thanks go to Arkiteck for suggesting this one!

Malwarebytes Anti-Malware should be your first stop if you suspect a malware infection. It is the most-effective malware remover—featuring deep scans and daily updates—and blocks malware, hacker, viruses, ransomware and malicious websites that slip through your traditional antivirus. Also available as a full AV program that you can buy if you wish to do so.

Termius is a complete command-line solution providing portable server management for UNIX and Linux systems—whether a local machine, a remote service, Docker Container, VM, Raspberry Pi, or AWS instance (similar to Putty for Android). This cross-platform Telnet, Mosh-compatible and SSH client. Securely access Linux or IoT devices to quickly fix issues from your laptop or phone. Thanks for this one go to blendelabor.

WSUS Offline Update lets you safely patch any computer running Microsoft Windows and Office—even when there's no connection to the Internet or a network of any sort. More specifically, you first run WSUS Offline Update on a machine that has Internet connectivity to download the updates you need and copy the resulting update media to a USB drive. You then use the USB drive to run the update on the target computers. Recommended by mikedopp.

SystemRescueCd is a Linux system rescue disk that allows you to administer or repair your system and data after a crash. It can be booted via CD/DVD, USB or installed directly on the hard disk. Many system utilities like GParted, fsarchiver, filesystem tools and basic tools (editors, midnight commander, network tools) are included, and it works on Linux and Windows computers, desktops and servers. Supports ext3/ext4, xfs, btrfs, reiserfs, jfs, vfat, ntfs—as well as network filesystems such as Samba and NFS.

KiTTY is a fork of PuTTY, the popular Telnet and SSH client. It runs on Windows and can perform all the tasks of PuTTY plus many more. Features include portability, predefined command shortcuts, sessions filter, session launcher, automatic log-on script, URL hyperlinks, automatic command and password, running locally saved scripts in remote sessions, ZModem integration, icons for each session, transparency, unfortunate keyboard input protection, roll-up, quick start of duplicate sessions, configuration box, automatic saving, Internet Explorer integration for SSH Handler, binary compression, clipboard printing, PuTTYCyg patch, background images/transparency and organizing sessions you save in a folder hierarchy.

WinMTR is a free, open-source Windows application that integrates the functions of the traceroute and ping utilities into a single, convenient network diagnostic tool. Many thanks to generalmx for suggesting both this and SystemRescueCd!

Free Services

SSL Labs SSL Server Test is a free online service that will run a deep analysis on the configuration for any SSL web server. Simply enter the hostname, and you'll get a detailed report highlighting any problems found on each server.

Draw.io is a free, browser-based diagramming application that's terrific for creating flowcharts and org charts. It's available as an online application with optional integration to various cloud storage options.

ImmuniWeb® SSLScan allows you to test SSL/TLS security and implementation for compliance with PCI DSS requirements, HIPAA guidance and NIST guidelines. Checks SSL certificate expiration for subdomains, insecure third-party content, and email servers’ SPF, DKIM, and DMARC implementation. Credit for this one goes to pixl_graphix.

BadSSL.com offers a simple, free way to test a browser's security setup. This helpful service was suggested by Already__Taken who advises you to "test what your MITM proxy will happily re-sign and present to you as a valid site."

Testssl.sh is a free command line tool that checks a server's service on any port for the support of TLS/SSL ciphers, protocols, recent cryptographic flaws and more. Recommended by stuck_in_the_tubes who likes it "for when you need to assess protocol encryption without the use of external services."

Tips

For access to all of the sysinternals tools on any Windows box with internet, just Win+R and open \\live.sysinternals.com\tools. It's a public SMB share with all of the tools that Microsoft hosts. Thanks to jedieaston for the tip.

BASH keyboard shortcut: 'Control + r' initiates a name/command lookup from the bash history. As you type, this 'reverse incremental search' will autocomplete with the most-recent match from your history.

Podcasts

Darknet Diaries podcast relates the fascinating, true stories of hackers, defenders, threats, malware, botnets, breaches, and privacy. The show's producer, Jack Rhysider, is a security-world veteran who gained experience fighting such exploits at a Security Operations Center. Thanks to unarj for suggesting this one.

StormCast is a daily 5-10 minute podcast from the Internet Storm Center covering the latest information security threat updates. New podcasts are released late in the day, so they're waiting for you to listen on your morning commute. While the format is compact, the information is very high-level and provides a real overview of the current state of affairs in the info-sec world.

Microsoft Cloud IT Pro podcast is hosted by Scott and Ben, two IT Pros with expertise in SharePoint, Office 365 and Azure. The podcast focuses primarily on Office 365 with some discussion on Azure, especially as it relates to Office 365 in areas such as Azure AD and Mobile Device Management (MDM) or Mobile Application Management (MAM).

Datanauts podcast keeps you up to date on developments in data center and infrastructure related to cloud, storage, virtualization, containers, networking, and convergence. Discussions focus on data center compute, storage, networking and automation to explore the newest technologies, including hyperconvergence and cloud.

Cloud Architects is a podcast on best practices, the latest news, and cutting-edge Microsoft cloud technologies. Nicolas Blank, Warren du Toit and Chris Goosen host discussions with various experts in the cloud space to gather helpful guidance and ideas.

Risky Business is a weekly podcast that covers both the latest news and thoughtful, in-depth discussions with the top minds in the security industry. Hosted by award-winning journalist Patrick Gray, it is a terrific way to stay up to date on information security.

The rollBak is a podcast on systems engineering, DevOps, networking, and automation—along with the odd discussion on software development or information security. Conversation is casual with the intention of making complex topics approachable in a way that fosters learning.

Tutorials

Get Started in PowerShell3 is a great jump start video series on starting out in PowerShell. According to sysadmin FireLucid, "It's a great broad overview of how it works and I found it extremely useful to have watched before starting on the book."

Websites

Ask Woody is a no-nonsense news, tips, and help site for Windows, Office, and more. You can post questions about Windows 10, Win8.1, Win7, Surface, Office, or browse through their forums. Recommended to us by deeperdownunder.

Learn X in Y minutes is a community-driven site that provides quick syntax for many popular programming languages. Here are direct links for some common ones, kindly provided by ssebs:

WintelGuy offers a handy collection of useful links, calculators, resources, and tools for the sysadmin. Thanks LateralLimey for the recommendation!

How-To Geek is a website dedicated to explaining today's technology. Content is written to be useful for all audiences—from regular people to geeky technophiles—and the focus is to put the latest news and tech into context.

EventSentry is a comprehensive, well-organized resource for Windows security events and auditing on the web. It allows you to see how events correlate using insertion strings and review the associated audit instructions. This was recommended by _deftoner_ as an “online DB where you can search for Windows Event Log by id, os, error code, etc. I do a lot of auditing on a big network thru event log ids, and sometimes I found rare errors—and there is not a good db with all of them. Not even Microsoft has one.”

Books

The Phoenix Project: A Novel about IT, DevOps, and Helping Your Business Win tells the story of an IT manager's efforts to save his company's dysfunctional IT dept. The company's new IT initiative, code named Phoenix Project, is behind schedule and hugely over budget. Bill is given 90 days to resolve the entire mess—or have his entire department outsourced. An entertaining read, with elements that seem familiar to most system admins. Comes highly recommended by sp00n_b3nd3r.

UNIX® and Linux® System Administration Handbook, 5th Edition, is a comprehensive guide written by world-class, hands-on experts. It covers best practices for every area of system administration—including storage management, network design and administration, security, web hosting, automation, configuration management, performance analysis, virtualization, DNS, security, and management of IT service organizations. You'll learn all about installing, configuring, and maintaining any UNIX or Linux system, even those that supply core Internet and cloud infrastructure. A great resource for anyone responsible for running systems built on UNIX or Linux.

Taming Information Technology: Lessons from Studies of System Administrators (Human Technology Interaction Series)was suggested by AngryMountainBiker, who describes it as "essentially an ethnographic study of system administrators. The authors videotaped and otherwise documented SA's over a period of time and were able to break down a number of fascinating incidents and how to improve the art. I'm disappointed this hasn't been recommended reading for all SA's and maybe more importantly, their bosses, who too often don't really know what SA's do."

Learn Active Directory Management in a Month of Lunches is a practical, hands-on guide for those who are new to Active Directory. It covers the administration tasks that keep a network running smoothly and how to administer AD both from the GUI tools built into Windows and from PowerShell at the command line. Provides best practices for managing user access, setting group policies, automating backups, and more. All examples are based in Windows Server 2012.

CheatSheets

Sans Digital Forensics and Incident Response Cheat Sheets provide a collection of assorted, handy incident response cheat sheets. It's a helpful reference for commands, process, tactics, tips, tools and techniques that was compiled by Sans DFIR, the experts in incident-response training.

Blogs

Ned Pyle's blog from Microsoft's Directory Services Team contains a wealth of posts on best practices and solutions to common issues. While no longer actively maintained by Ned Pyle, the library of information already posted is incredibly valuable. Thanks to azers for bringing this to our attention.

Happy SysAdm has been providing resources, solutions and tips for system administrators since 2010. The blog is written by a Senior Systems Administrator with close to 15 years experience in designing, scripting, monitoring and performance-tuning Microsoft environments going all the way back to Windows 3.1/95/NT4.

Stephanos Constantinou's Blog shares the author's original scripts for PowerShell, Microsoft Active Directory, Microsoft Exchange On-Premise and Online (Office 365) and Microsoft Azure. His current focus is on retrieving data from systems, editing it and automating procedures. You'll also find a section with some PowerShell tutorials.

Have a fantastic week!!
u/crispyducks (Graham @ EveryCloud)

P.S. Some Extra Free Tools We Put In The Email Version

Clonezilla is free, open-source software for disk cloning, disk imaging, data recovery, and deployment—helping with system deployment, bare metal backup, and recovery. Cloning efficiency is optimized by the program's approach of saving/restoring only used blocks in the hard disk.

SPF Record Testing Tools is a query tool designed to help you deploy SPF records for your domain. It validates if an SPF record exists and whether it is formatted correctly and entered into your DNS as a proper TXT record.

PS Remote Registry module contains functions to create, modify, or delete registry subkeys and values on local or remote computers. This one was recommended to us by IhaveGin.

PowerCopy GUI was recommended by Elementix, who described it as "similar to RichCopy, but it uses .Net, PowerShell, and Robocopy. A good (non-install) alternative." The tool allows you to set up predefined options, one-click access to help and log file, and instant error analysis.

Gitbash is a package containing bash and a collection of other, separate *nix utilities like ssh, scp, cat, find and others—compiled for Windows—and a new command-line interface terminal window called mintty. Recommended by sysacc who tells us he's been "dealing with log files lately and I've been using...Gitbash a LOT... It's part of the Git tools, I love having access to Linux commands on Windows."

Easy2Boot is a collection of grub4dos scripts to be copied onto a grub4dos-bootable USB drive. Each time you boot, the E2B scripts automatically find all the payload files (.ISO, .IMA, .BIN, .IMG, etc.) on the USB drive and dynamically generate the menus. Thanks to Phx86 who says it "creates a very versatile USB drive. It checks a lot of marks other various tools did not. Formats NTFS, your ISO boot disks doubles as standard NTFS storage. Drag and drop .ISO files to the correct folder, then boot directly to them. Boot menu reads the .ISO files and builds a menu based on what is loaded on the drive. No fiddling around with custom boot menus when you add a new .ISO."

CCleaner is the fastest way to eliminate temporary files and Windows Registry problems. Our own Matt Frye says, "When a machine is having problems, this is almost always the tool I use first. It also helps to ensure privacy by getting rid of traces left behind (such as cookies) by web browsers."

Netwrix Auditor Free Community Edition is a great auditing/monitoring tool for the Windows sysadmin. It lets you see changes and access events in your hybrid cloud IT environment, so you can stop worrying you'll miss critical changes to AD objects, file server permissions, Windows Server configuration or other security incidents.

WinSCP is an SFTP client and FTP client for Windows with a GUI, integrated text editor, scripting and task automation. It allows you to copy files between a local computer and remote servers via FTP, FTPS, SCP, SFTP, WebDAV or S3 file transfer protocols.

Why am I doing this each week?
I want to be mindful of the rules of the subreddit, so if you’d like to know more about my reasons for doing this, please visit the bottom of the sister post on SysAdminBlogs:
https://www.reddit.com/SysAdminBlogs/comments/a560s6/tools_info_for_sysadmins_mega_summary_q4_over_80/
You can view last weeks post here: https://www.reddit.com/sysadmin/comments/a2zuhy/tools_info_for_sysadmins_linux_rescue_disk_telnet/

Edit 1: As some of you may know this post got caught in site wide filters today. It's since been released as you can see, but whilst that was all happening I set up a new subreddit /ITProTuesday. We'll post them in here each week to, so please subscribe if you want to make sure you don't miss out on them!

Edit 2: I'm greatly honoured by the gold!! Thank you anonymous user.
submitted by crispyducks to sysadmin [link] [comments]

Binary Options - The Best Binary Options Platform Expert Option The Best Binary Options Trading Platform ... Best Binomo - Binary option - MT4 Indicator // Best Signal Software // (FREE DOWNLOAD) OptionXO.com -BINARY OPTIONs- Best Platform $ 25 Deposit Best Binary Options Platform and Trading System - YouTube Best Binary Options Brokers: Binary Options Platform Of ... WHAT is BEST Binary Options Trading Platform in 2019?

Best Binary Option Broker. TopOption – At TopOption you can trade Binary Options from as little as 5.00 whilst the maximum single Binary Option trade limit at TopOption varies in value. You could make a maximum profit of 85% at TopOption. The minimum deposit amount you can make into your account is 100.00 Binary option trading on margin involves high risk, and is not suitable for all investors. As a leveraged product losses are able to exceed initial deposits and capital is at risk. Before deciding to trade binary options or any other financial instrument you should carefully consider your investment objectives, level of experience, and risk appetite. Top 10 Binary Options Brokers – With so many new Binary Option Brokers opening up sites online, then you should be 100% confident that the one you choose to use is licensed and can be trusted, and as such all of the top 10 Binary Option Brokers we have listed will always live up to your expectations and are of course fully licensed and regulated. Platform functionality – Binary Options Robot offers a trading platform that is attractive, uncluttered, and easy to use. In fact, even novices will find it easy to get started. All the information and tools that you need to make money in binary options trading are available. In addition, you will get signals that are among the best in the industry. The signals are created by complex ... Wednesday, 1 March 2017. Best Options Trading Plattform 2013 From 2013, we compare and provide professional reviews on all binary trading platforms in order to help you choose the broker that suits you best. Check out our top Binary options brokers comparison table to find a trusted platform, and also our platform blacklist with scam brokers to avoid. If you anticipate that the option will expire when the price is higher than this, all you need to do is enter a higher position. The trade expiry is always predetermined. On the IQ Option platform, this ranges from 1 minute to 1 month. IQ Option binary trades always have a fixed return which is calculated as a percentage of the trade investment ... IQ Option is a Seychelles-based online trading platform launched in 2013. It has found a lot of favor in South Africa. It is one of the best binary option brokers in South Africa. They claim to be one of the fastest growing online trading platforms, with over 25 million members to date. Their services include forex trading, stock trading, and ETF trading. There are binary options brokers too ... Since 2013, IQ Option has been one of the most successful online trading platforms with over 43 million registered users, over 1 million trades per day, and clients from over 213 countries. IQ Option has the best trading platform of all the brokers I've reviewed. They have over 250+ assets to trade including binary options, digital options, as well as CFDs on stocks, crypto, commodities, and ... To match you with the best binary options broker for your needs, we’ll take you on a tour of the top binary options brokers today. Our analysis of each broker lays out the most important features, including deposits, returns, bonuses, and supported platforms. This way, you can make an informed decision and get the best protection for your funds. Top 15 Binary Options Brokers 1. IQ Option. IQ ...

[index] [22170] [12891] [16344] [13752] [9742] [21671] [10590] [27863] [10112] [19679]

Binary Options - The Best Binary Options Platform

Best BINARY OPTIONS Trading Platform 2019 (FREE DEMO AVAILABLE) - Duration: 12:18. Andrew 2,860 views. 12:18. THE TRUTH ABOUT BINARY OPTIONS - Duration: 8:19. ... Click one of the links to get started with top best binary options broker and platform: http://sh.st/iAhcV http://34.gs/ch0j Making Money with Binary Options... Best Binomo - Binary option - MT4 Indicator // Best Signal Software // (FREE DOWNLOAD) Binary Options -- The Best Binary Options Platform An article which may well help you is How to Trade Binary Options -- Tips & Secrets. From here you will learn the s of binary options trading and ... https://vk.cc/aC6O7e -- Earn $50 every 30 seconds! ExpertOption: https://vk.cc/aC6O7e Earn $50 every 30 seconds: https://vk.cc/aC6O7e Get $10.000 on demo acc... Open An Account And Receive A 150% Deposit Bonus Now: http://optionsmethods.com/OpenAccount See Awards Received Now: http://optionsmethods.com/BrokerAwards B... Published on May 24, 2013 https:--www.optionsxo.com-?p1=5e52bbf8&oftc=108 BINARY OPTIONs-Traders at OptionsXO enjoy a wide range of financial instruments including stocks, indices, commodities and ...

https://binary-optiontrade.leycomreli.ga