Advanced Security: Pass and KeePassXC

This article is about other actions that you could take to protect yourself:

• Minimize your digital footprint: Delete web accounts, apps, email addresses, online profiles, etc. that you don’t really need. Every web account or app could be a potential threat. Use justdelete.me, a directory of direct links to delete your account from web services and Own Your Data, a free service to send organizations a data deletion request. Do not give away any personal information on the Internet, especially on social networking sites and messaging services.

PhoneInfoga is one of the most advanced tools to scan phone numbers using only free resources.

1. Installation. # Download latest release in the current directory: curl -sSL https://raw.githubusercontent.com/sundowndev/phoneinfoga/master/support/scripts/install | bash
2. Use. phoneinfoga scan -n “telephone_number”

• Use Pass. It is a command-line password manager built with the Unix philosophy in mind.

• An alternative is KeePassXC, a cross-platform password manager.

1. Installation: sudo apt install keepassxc
2. Export LastPass Vault’s data. A. Using Firefox, go to LastPass: Advanced, Export, LastPass CSV File and save it as a CSV file. B Import it in KeePassXC: Database, Import, CSV File. Database Name: Passwords. Save it (Passwords.kdbx) in Google Drive/Dropbox/etc. Import CSV Fields. Check column association (Username: Column3, Password: Column 4, URL: Column 5, etc. it may vary).
3. Use it in your favorite browser. Launch KeePassXC, select the Settings option or the cog wheel icon from the Tools menu, and then, Browser Integration, Enable browser integration. In the General tab: Enable integration for these browsers: Chrome, Firefox, Brave, etc. Open your browser, install the extension KeePassXC-Browser, and connect it to KeePassXC. Give the connection a unique name, then click on Save and allow access.
4. Use KeePassXC in your phone, too. Install app Keepass2Android Password Safe. Open file…, Google Drive/Dropbox/etc., Select Passwords.kdbx, Type Master Key.

• Delete a file permanently from your hard disk. If you are a GNU/Linux user, type in your terminal: shred -uv myfile where u remove file after overwriting, v (verbose) show progress. If you are a Windows user, you should install Sysinternal Suite, and the syntax of the command is as follows: sdelete64 /p 5 myfile. The option /p 5 tells the utility to make five passes over the data, writing random characters over myfile five times.
• Tails is a portable operating system that protects against surveillance and censorship. Use Ventoy to create a bootable USB, then drop the Tails ISO inside the USB drive.
• Email services are not safe. Do not send sensitive data or information in an email, whether written in the body or as an attachment. You should also replace WhatsApp for Telegram or Signal.
• Install and configure SSH to use two-factor authentication

1. sudo apt install openssh-server libpam-google-authenticator.
2. sudo vi /etc/pam.d/sshd: auth required pam_google_authenticator.so (it makes SSH use the Google Authenticator PAM module).
3. Restart the sshd daemon using: sudo systemctl restart sshd.service.
4. sudo vi /etc/ssh/sshd_config:

   ChallengeResponseAuthentication yes 
   PasswordAuthentication no (Disable Password Authentication because a lot of people with SSH servers use weak passwords) 
   Banner /etc/issue.net (Display warning message) 
   PermitRootLogin no (Disable root SSH login) 
   

5. vi /etc/ssh/sshd-banner:

   WARNING: Unauthorized access to this system is forbidden and will be prosecuted by law. By accessing this system, you agree that your actions may be monitored if unauthorized usage is suspected.

6. google_authenticator: Do you want authentication tokens to be time-based, select y(es).
   Use Google Authenticator, scan the QR code, and enter the code from the app.
   Do you want me to update your $HOME/.google_authenticator file? y(es).
   Do you want to disallow multiple uses of the same authenticaation token? y(es)
   Do you want to do so?(Increase the original generation time limit) n(o).
   Do you want to enable rate-limiting? y(es, it limits attackers to no more than 2 login attempts every 30s).

• You should use a firewall. Let’s install and configure ufw, the uncomplicated firewall: sudo apt install ufw.
  Basic usage: Enable/Disable/Reload ufw (sudo ufw enable/disable/reload), check (sudo ufw status).
  Allow ssh (sudo ufw allow ssh/tcp), Barrier (sudo ufw allow 24800), NFS (sudo ufw allow from [client IP address or local network] to any port nfs).

• You should use an antivirus, too. Avast, Bitdefender, and ClamAV are good choices. ClamAV is an open source antivirus engine for detecting trojans, viruses, malware & other malicious threats.

1. Installation: sudo apt install clamav clamtk (graphical front-end for ClamAV).
2. Updating the ClamAV Signature Database: sudo systemctl stop clamav-freshclam.service (stop the clamav-freshclam.service service), sudo freshclam (update the signature database manually), sudo systemctl start clamav-freshclam.service (start the clamav-freshclam.service service).
3. Scan: clamtk, scan a file/directory using its graphical interface or open a terminal and type: clamscan ‐‐infected (print infected files) ‐‐remove (remove infected files) ‐‐recursive (all the subdirectories in the directory will be scanned) /home/user/.

Tron is a glorified collection of batch files that automate the process of cleaning up and disinfecting Windows machines.

• Use the Raspberry Pi 4 for Hacking.

1. Install Kali Linux Raspberry Pi 2, 3, 4 and 400 (img.xz).
2. Use Raspberry PI Imager, Choose OS: Use custom.
3. Start the Raspberry Pi (Username and Password: kali) and update the system: sudo apt update && sudo apt upgrade.
4. Put the internal card into wireless monitor mode: iw phy `iw dev wlan0 info | gawk ‘/wiphy/ {printf “phy” $2}’` interface add mon0 type monitor, ifconfig mon0 up, test it (airodump-ng mon0).
5. Wifite Requirements: sudo apt install hcxdumptool hcxtools libpcap-dev python2.7-dev libssl-dev zlib1g-dev libpcap-dev. git clone https://github.com/JPaulMora/Pyrit.git​, cd Pyrit, sudo python setup.py clean, sudo python setup.py build, sudo python setup.py install.
6. sudo wifite –kill