Helps in creating and sharing secrets easily.

Uses AWS and GCE stuff for encryption but can also function without all that and just use GPG or age for encrypting.

Can be used to encrypt specific files in a git repo, or even encrypt/decrypt parts of a file (for example a specific value in a yml or json file).

Very neat and seems really useful!

One possible solution to remove persistent keys from ssh-agent (or gpg-agent). Worked for me!

Very interesting, circumventing encrypted disks even from turned off systems by having USB/CD boot enabled.
This program automatically exploits a system and puts it on its (bad) way.

A wide array of e-mail obfuscation techniques checked for their efficacy, and explained nicely.
Sorted by plain-text/hidden and js/non-js techniques.
Combine one or two and you should be relatively golden.

Since it is really hard to just search for pass ('The simple password manager', thanks for the unique naming scheme 😉) extensions on github and similar places, this list comes in really handy.

Best alternative is to search for the 'pass-extension' topic on github.

Very nice dropbear setup explanation, including key transferral and hardening.

Two remarks:

You can add your key to ~/.ssh/authorized_keys for individual users as usual with openssh - perhaps this is a thing only for newer dropbear versions? The given path would then be for root/system-wide access.

In order to disable password auth for systems that do not have uci, you can add -s as startup parameter, e.g. through editing /etc/default/dropbear field (though probably a better file than in 'default'). see here

Don't forget to restart after operations /etc/init.d/dropbear restart (though it will just invoke systemctl on systemd devices)

Super promising LDAP service for self-hosting (and specifically targeted at smaller self-hosted setups, with many examples - for Nextcloud, Bookstack, Jellyfin, Emby, Gitea, etc).

Protecting your SSH port is a critical part of any good Linux security policy, this document explains how to make it accessible only over through wireguard.

See also: https://davidshomelab.com/access-your-home-network-from-anywhere-with-wireguard-vpn/

The complete guide to using and setting up a LUKS encrypted partition on Linux utilizing the YubiKey as authentication

A review of Tailscale, "a secure network that just works".

Uses wireguard to create an encrypted tunnel between all your devices. Automatically takes care of NAT, DNS, and similar.
Essentially makes it really easy to set up your true private network within the wider one.

Also comes with 'taildrop' which mimics airdrop to easily transfer any files between your devices,
but do so without any involvement of external cloud services and completely encrypted.

A collection of hacking/pentest/offensive security tools.
The script does not provide much value other than list them in one place but can be good to get an overview of the tool landscape.

Described to contain: AnonSurf Information Gathering Password Attack Wireless Attack SQL Injection Tools Phishing Attack Web Attack Tool Post exploitation Forensic Tools Payload Creator Router Exploit...

A unix-only de-duplicating backup system. It is managed for you, encrypted and so on but also strictly tied (afaik) to the tarsnap 'service' - that means you can't just use your own object storage or similar like with e.g. restic.

Contains some restic backup strategy ideas and advice

Extensive hardening guide from kernel, firewalls, swap, to userspace and more, covering pretty much all eventualities