https://riga.sh/tutorials/Recent content in Tutorials on RigaHugo 0.125.0en-usSat, 25 Apr 2026 08:47:11 +0100https://riga.sh/tutorials/top-foss-apps-android/Sat, 25 Apr 2026 08:47:11 +0100https://riga.sh/tutorials/top-foss-apps-android/My top FOSS Android apps Imagine a world where apps are not evil and do their job. GUIDE You might know this: most of your apps are tracking you, and even worse, they are selling your location data to a handful of companies (and sometimes to government agencies). Some links: Stop using third-party weather apps ICE surveillance, data brokers, Congress, Anthropic (NPR) ⚠️ I vouch for all of these apps, they are well known and reviewed.https://riga.sh/tutorials/macos-secure-and-private-setup/Sat, 23 Nov 2024 09:38:55 -0400https://riga.sh/tutorials/macos-secure-and-private-setup/Image generated on Leonardo.ai Having used Macos on a daily basis for a few years and experimenting with various techniques and tools, I am now able to suggest a configuration that blends several levels of control with practical usage. ⚠️ A few notes before we start: This arrangement is simply mine, and I enjoy it, but it’s not the greatest or definitive. Feel free to modify your threat model and look for related subjects.https://riga.sh/tutorials/cyberresilienceguide/Sun, 20 Feb 2022 08:47:11 +0100https://riga.sh/tutorials/cyberresilienceguide/Cyber resilience guide Version 0.1 (2022) This guide was posted on Reddit for people in Ukraine (also useful for people outside the country), considering their threat model. Also, this guide is intended for a general public using a smartphone (mostly Android), your threat model can be much more sensitive, so make additional researches. GUIDE Most apps are hosted on Fdroid, an open source alternative of PlayStore. You can find alternatives, just make sure they’re reviewed by trustworthy sources.https://riga.sh/tutorials/passwordstrategy/Sat, 22 Jan 2022 08:47:11 +0100https://riga.sh/tutorials/passwordstrategy/This guide aims to put the basics of an online password strategy. In fact, compromised passwords comes from hundred of potential sources you use, or tend to forget. This guide is the first part of multiple learning resources coming soon. Have a good strategy, step by step 🔐 From Zero to Hero, here’s a breakdown on how to manage passwords, online activity, and be proactive with your digital identity. Passwords are inherently linked to the corresponding email addresses or personal data, so you need to be able to secure both, in order to benefit from a sustainable method.https://riga.sh/tutorials/buckets/Mon, 01 Nov 2021 00:00:00 +0000https://riga.sh/tutorials/buckets/I endorse nothing you’ll do with these tools, use them at your own risks. Buckets A bucket contains various types of data such as public files (static assets), but sometimes it’s used to store sensitive infos (logs, passwords…). Permissions are critical with buckets, it can leverage an attacker to abuse unauthenticated access or improper ACL permissions. An open upload policy could let an attacker upload a malicious file, such as a custom payload.https://riga.sh/tutorials/opsec101/Tue, 19 Oct 2021 18:38:55 -0400https://riga.sh/tutorials/opsec101/Pour la conférence QuebecSec (Hackfest), j’ai pu co-présenter un sujet fascinant, celui de l’évaluation des risques et des contremesures : OPSEC. En tant qu’introduction, on cherche à mettre les bases de ce concept souvent mal compris. La conférence a eu pour but de démontrer les concepts autour d’une méthodologie dite OPSEC, appliquée au monde numérique et à différents modèles de menace. Les slides : OpSec_Privacy.pdfhttps://riga.sh/tutorials/phonerecontelnyx/Mon, 18 Oct 2021 18:51:52 -0400https://riga.sh/tutorials/phonerecontelnyx/I endorse nothing you’ll do with this tool, use it at your own risks. Phone number OSINT with Telnyx Let’s say some scammer or aggressive dude is calling you a bunch of time, or you just need infos about a phone number, well it’s not the most funny part of OSINT. Currently, I see 3 majors sources of recon: Yellow pages Spam lists Breaches They’re not always up-to-date, and sometimes limited by the amount of infos listed.