This is a mess of stuff we like. Use them at your own risk, we have no affiliation with them.

Software/Apps/Extensions

• CyberChef - “The Cyber Swiss Army Knife”. Super handy for CTFs.
• Signal - The most securest of all the “privacy” focused messaging apps.
• VSCode - Microsoft IDE that has incredible functionality through the use of community extensions.
• BitWarden - A password manager. Open Source and you can choose to host your own vault.
• ProtonVPN - It’s a VPN. All their client apps are now Open Source, you can alternatively use an OpenVPN client.
• ProtonMail - Secure hosted email, Calendar and File storage functionality coming soon
• uBlock Origin - Mostly used for blocking ads, this browser extension should be the only “ad blocker” you need. Seriously. Don’t use “uBlock” (non-origin) or “AdBlock Plus/Pro/whatever”. Those are bad.
• Pi-hole - A self-hosted Ad Blocker that works at the DNS level to blocks ads and tracking across all devices. Raspberry Pi not required.
• FireFox - It’s FireFox.
• HTTPS Everywhere - Makes sure the pages you browse are using HTTPS if able to minimize exposure of your browsing activity.
• Calamity - “A script to assist in processing forensic RAM captures for malware triage”. Uses Volatility.
• Apollo - Really the only way to browse Reddit on iOS.
• Reddit Enhancement Suite - Really the only way to browse Reddit on a desktop.
• NewsBoat - Commandline RSS reader.
• CyberDuck - Network/Cloud storage browser

Educational/References

• Hack The Box - CTF-like challenges against real systems.
• TryHackme - Education-focused challenges, easier than HTB for newcomers.
• Malware Archaeology Cheat Sheets - Excellent reference sheets for various aspects of Windows logging.

Research/Intelligence

• urlscan.io - Best way to quickly sandbox a website. Offers the ability to hunt through their scan data which is useful when looking for evil.
• ANY.RUN - Best way to quickly sandbox a file.