From 165515d791ad60dbd1c2ca8a3f565d789506df1b Mon Sep 17 00:00:00 2001 From: Artemis Date: Sun, 1 Mar 2026 05:29:55 +0000 Subject: [PATCH 01/11] content: add tiered verification, liveness checks, and onboarding/offboarding MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Adds workforce security content from Andrew Chang-Gu (CISSP) presentation: - 3-level identity verification framework (pseudonymous → verified → privileged) - Anti-deepfake liveness techniques for video interviews - Hardened onboarding sequence (identity → environment → scoped access) - Instant offboarding procedure (IdP → sessions → secrets → hardware → audit) --- .../mitigating-dprk-it-workers.mdx | 58 +++++++++++++++++++ 1 file changed, 58 insertions(+) diff --git a/docs/pages/dprk-it-workers/mitigating-dprk-it-workers.mdx b/docs/pages/dprk-it-workers/mitigating-dprk-it-workers.mdx index 1a95dca5..9581ffb5 100644 --- a/docs/pages/dprk-it-workers/mitigating-dprk-it-workers.mdx +++ b/docs/pages/dprk-it-workers/mitigating-dprk-it-workers.mdx @@ -12,6 +12,8 @@ contributors: users: [blackbigswan] - role: reviewed users: [yaniv, dickson] +- role: contributed + users: [andrew-chang-gu] --- import { TagList, AttributionList, TagProvider, TagFilter, ContributeFooter } from '../../../components' @@ -60,6 +62,62 @@ limit the effects of a DPRK IT Worker infiltration and what you should do after 6. Regardless of our tips of not focusing on "Asian man in his 20-30s" that particular appearance is still the most common (If not cloaked under the generative AI). Similarly, Korean-English accents. +### Tiered Identity Verification + +Verification depth should scale with the sensitivity of the role being filled. + +**Level 1 — Pseudonymous Contributor** *(OSS contributors, community moderators, bounty hunters)* +- On-chain wallet history demonstrating consistent, legitimate activity over time +- Persistent pseudonymous identity with verifiable history (GitHub commits, forum participation) +- Liveness check (see below) +- **Scoped access only** — never admin rights, treasury access, or production systems + +**Level 2 — Verified Worker** *(Engineers, operations staff, administrative roles)* +- Government-issued photo ID verification +- Background check through a reputable provider, with verified jurisdiction +- Reference checks with direct contact verification (don't rely on references you can't independently validate) +- Video interview with active liveness verification (see below) + +**Level 3 — Privileged Operator** *(Treasury signers, cloud root access, security leadership)* +- **In-person verification mandatory** — final-round interviews conducted on-site or at a trusted venue +- Hardware wallet issuance and setup conducted in-person or via verified secure delivery +- Dual-authorization requirements for all privileged actions +- Periodic re-verification, especially after extended remote-only periods + +### Defeating Deepfakes: Liveness Verification + +Video interviews are now a primary vector for DPRK operative infiltration. Pre-recorded deepfake video can fool a casual interviewer, particularly when audio "technical difficulties" are used as cover. Standard video calls are not sufficient for identity verification at Levels 2 and 3. + +Incorporate unpredictable, interactive requests into video calls: + +- Ask the candidate to turn their head sideways and hold the position +- Have them read a randomly generated phrase displayed on screen for the first time during the call +- Request a hand movement across the face mid-stream +- Ask them to screen-share and perform a live technical task requiring real-time interaction with their environment + +The goal is to introduce enough unpredictable real-time interaction that a pre-rendered deepfake cannot keep up. + +> ⚠️ Any candidate who persistently, escalatingly avoids in-person interaction — even for high-value roles — warrants a security review. This is a documented indicator of DPRK IT worker activity. + +### Hardened Onboarding + +The sequence in which access is provisioned matters: + +1. **Identity first.** Provision the IdP account with phishing-resistant MFA before any other access. +2. **Environment setup.** Issue the managed device, provision VDI access, or configure enterprise browser policies before any production system access. +3. **Scoped access.** Apply least-privilege from day one. Don't grant broad "we'll scope it later" permissions. +4. **Secrets hygiene briefing.** Ensure the new team member understands secrets management practices. + +### Instant Offboarding + +1. **Disable the IdP account first** — this cascades across all connected SSO applications immediately. +2. **Kill active sessions** — force session revocation in all applications. +3. **Rotate all shared secrets** — any API keys, shared passwords, or access tokens the departing person had access to. +4. **Recover hardware** — retrieve issued devices and remotely wipe. +5. **Audit access** — review the access log for the 30-day period prior to offboarding for anomalous activity. + +> ⚠️ The period between a decision to terminate and actual offboarding is the highest-risk window for insider data exfiltration. For sensitive roles, access revocation should happen simultaneously with or before any notification. + ## Hardening your organization 1. Define and implement tight access control rules for all of your employees, especially remote ones. Avoid giving From af774d45fb1060575bf865b446b541ba94765f62 Mon Sep 17 00:00:00 2001 From: Artemis Date: Sun, 1 Mar 2026 21:18:31 +0000 Subject: [PATCH 02/11] refactor: trim duplicate DPRK content, add Device Security Tiers - Remove Hardened Onboarding section (duplicates existing 'Hardening your organization') - Remove Instant Offboarding section (duplicates existing 'I hired a DPRK IT Worker') - Trim Liveness Verification intro (cross-reference TTP page instead of restating) - Add cumulative tier checks (Level 2 includes Level 1, Level 3 includes Level 2) - Add Device Security Tiers section (Managed Devices, VDI, Enterprise Browser) moved from secure-operating-systems PR to keep all Andrew content together Co-authored-by: Dickson Wu --- .../mitigating-dprk-it-workers.mdx | 74 ++++++++++++------- 1 file changed, 48 insertions(+), 26 deletions(-) diff --git a/docs/pages/dprk-it-workers/mitigating-dprk-it-workers.mdx b/docs/pages/dprk-it-workers/mitigating-dprk-it-workers.mdx index 9581ffb5..b2b2a22f 100644 --- a/docs/pages/dprk-it-workers/mitigating-dprk-it-workers.mdx +++ b/docs/pages/dprk-it-workers/mitigating-dprk-it-workers.mdx @@ -64,7 +64,7 @@ limit the effects of a DPRK IT Worker infiltration and what you should do after ### Tiered Identity Verification -Verification depth should scale with the sensitivity of the role being filled. +Verification depth should scale with the sensitivity of the role being filled. Not every contributor needs a full background check, but every treasury signer needs in-person verification. **Level 1 — Pseudonymous Contributor** *(OSS contributors, community moderators, bounty hunters)* - On-chain wallet history demonstrating consistent, legitimate activity over time @@ -73,12 +73,14 @@ Verification depth should scale with the sensitivity of the role being filled. - **Scoped access only** — never admin rights, treasury access, or production systems **Level 2 — Verified Worker** *(Engineers, operations staff, administrative roles)* +- All Level 1 checks, plus: - Government-issued photo ID verification - Background check through a reputable provider, with verified jurisdiction - Reference checks with direct contact verification (don't rely on references you can't independently validate) - Video interview with active liveness verification (see below) **Level 3 — Privileged Operator** *(Treasury signers, cloud root access, security leadership)* +- All Level 2 checks, plus: - **In-person verification mandatory** — final-round interviews conducted on-site or at a trusted venue - Hardware wallet issuance and setup conducted in-person or via verified secure delivery - Dual-authorization requirements for all privileged actions @@ -86,37 +88,14 @@ Verification depth should scale with the sensitivity of the role being filled. ### Defeating Deepfakes: Liveness Verification -Video interviews are now a primary vector for DPRK operative infiltration. Pre-recorded deepfake video can fool a casual interviewer, particularly when audio "technical difficulties" are used as cover. Standard video calls are not sufficient for identity verification at Levels 2 and 3. - -Incorporate unpredictable, interactive requests into video calls: +Pre-recorded deepfake video can fool a casual interviewer, particularly when audio "technical difficulties" are used as cover. Beyond the detection techniques in [Am I Interviewing a DPRK IT Worker?](/dprk-it-workers/techniques-tactics-and-procedures#am-i-interviewing-a-dprk-it-worker), incorporate unpredictable, interactive requests that a pre-rendered deepfake cannot handle: - Ask the candidate to turn their head sideways and hold the position - Have them read a randomly generated phrase displayed on screen for the first time during the call - Request a hand movement across the face mid-stream - Ask them to screen-share and perform a live technical task requiring real-time interaction with their environment -The goal is to introduce enough unpredictable real-time interaction that a pre-rendered deepfake cannot keep up. - -> ⚠️ Any candidate who persistently, escalatingly avoids in-person interaction — even for high-value roles — warrants a security review. This is a documented indicator of DPRK IT worker activity. - -### Hardened Onboarding - -The sequence in which access is provisioned matters: - -1. **Identity first.** Provision the IdP account with phishing-resistant MFA before any other access. -2. **Environment setup.** Issue the managed device, provision VDI access, or configure enterprise browser policies before any production system access. -3. **Scoped access.** Apply least-privilege from day one. Don't grant broad "we'll scope it later" permissions. -4. **Secrets hygiene briefing.** Ensure the new team member understands secrets management practices. - -### Instant Offboarding - -1. **Disable the IdP account first** — this cascades across all connected SSO applications immediately. -2. **Kill active sessions** — force session revocation in all applications. -3. **Rotate all shared secrets** — any API keys, shared passwords, or access tokens the departing person had access to. -4. **Recover hardware** — retrieve issued devices and remotely wipe. -5. **Audit access** — review the access log for the 30-day period prior to offboarding for anomalous activity. - -> ⚠️ The period between a decision to terminate and actual offboarding is the highest-risk window for insider data exfiltration. For sensitive roles, access revocation should happen simultaneously with or before any notification. +> ⚠️ Any candidate who persistently avoids in-person interaction — even for high-value roles — warrants a security review. This is a documented indicator of DPRK IT worker activity. ## Hardening your organization @@ -150,6 +129,49 @@ The sequence in which access is provisioned matters: researchers like SEAL911 scan such public codebases and will notify you privately if they suspect DPRK IT Workers are contributing to your project. +## Device Security Tiers + +Beyond access controls, Web3 organizations need a device provisioning strategy that matches security investment to role risk. Unmanaged personal devices are a primary vector for credential theft and lateral movement. + +### Tier 1: Managed Devices (Gold Standard) + +Issue organization-managed hardware to your highest-risk roles. This provides full security stack visibility and control. + +- **EDR** (CrowdStrike Falcon, SentinelOne) for real-time behavioral monitoring and threat hunting +- **MDM** (Intune, JAMF) to enforce configuration policy and enable remote wipe +- **Full disk encryption** (BitLocker, FileVault) so stolen devices reveal nothing +- **Biometric authentication** (TouchID, Windows Hello) for phishing-resistant local auth +- **Centralized logging** for threat hunting and incident reconstruction + +**Target roles:** Developers with production access, leadership, treasury custodians, key signers, security leads. + +### Tier 2: Virtual Desktop Infrastructure (Privacy-First Scale) + +For global contractors where issuing hardware is impractical, VDI provides a secure cloud-hosted environment accessible from any device. The employee's personal machine becomes a thin client — all sensitive work happens inside the managed virtual desktop. + +- ✅ Complete visibility and control inside the virtual environment +- ✅ Corporate web proxying and traffic inspection +- ✅ Protects employee device privacy (organization sees inside VDI, not the host) +- ⚠️ Susceptible to host-level keyloggers and screen capture +- ⚠️ Performance and latency overhead +- ⚠️ Hardware authentication dongle (YubiKey) compatibility issues in virtualized environments + +**Target roles:** Global operations, customer support, regional teams, contractors with defined scopes. Providers: AWS WorkSpaces, Azure Virtual Desktop, Google Cloud Workstations. + +### Tier 3: Enterprise Browser (Minimum Viable Security) + +For general staff and short-term contractors, an enterprise browser provides a managed browsing environment on any machine. + +- ✅ **Extension allowlisting** — eliminates malicious extension vectors (e.g., Discord session cookie theft) +- ✅ **IdP integration** — enforces identity and access policies at the browser layer +- ✅ **Isolated history and cookies** — work browsing sandboxed from personal browsing +- ⚠️ Zero protection if the host OS is compromised +- ⚠️ Cannot block host-level screen capture or USB access + +**Target roles:** General staff, community managers, short-term contractors. + +> 💡 If you use Google Workspace, you already have **Chrome Enterprise Core** at no additional cost. Enabling extension allowlisting alone eliminates one of the most common attack vectors against Discord and web-based platforms. + ## I hired a DPRK IT Worker. What now? 1. Contact security professionals if you're unable to handle the situation alone. You can reach out to SEAL911 From a8e03eef842011aa59b1a973956d26c0fd19fc00 Mon Sep 17 00:00:00 2001 From: Artemis Date: Sun, 1 Mar 2026 23:06:12 +0000 Subject: [PATCH 03/11] move Device Security Tiers to opsec/endpoint Device provisioning tiers (Managed Devices, VDI, Enterprise Browser) are general organizational security guidance, not DPRK-specific. Move from the DPRK mitigation page to the Endpoint Security page where it belongs. Replaces the placeholder content with a full page including a comparison table and cross-references to related sections. Co-authored-by: Dickson Wu --- .../mitigating-dprk-it-workers.mdx | 43 ---------- docs/pages/opsec/endpoint/overview.mdx | 78 ++++++++++++++++++- 2 files changed, 77 insertions(+), 44 deletions(-) diff --git a/docs/pages/dprk-it-workers/mitigating-dprk-it-workers.mdx b/docs/pages/dprk-it-workers/mitigating-dprk-it-workers.mdx index b2b2a22f..51e4ca78 100644 --- a/docs/pages/dprk-it-workers/mitigating-dprk-it-workers.mdx +++ b/docs/pages/dprk-it-workers/mitigating-dprk-it-workers.mdx @@ -129,49 +129,6 @@ Pre-recorded deepfake video can fool a casual interviewer, particularly when aud researchers like SEAL911 scan such public codebases and will notify you privately if they suspect DPRK IT Workers are contributing to your project. -## Device Security Tiers - -Beyond access controls, Web3 organizations need a device provisioning strategy that matches security investment to role risk. Unmanaged personal devices are a primary vector for credential theft and lateral movement. - -### Tier 1: Managed Devices (Gold Standard) - -Issue organization-managed hardware to your highest-risk roles. This provides full security stack visibility and control. - -- **EDR** (CrowdStrike Falcon, SentinelOne) for real-time behavioral monitoring and threat hunting -- **MDM** (Intune, JAMF) to enforce configuration policy and enable remote wipe -- **Full disk encryption** (BitLocker, FileVault) so stolen devices reveal nothing -- **Biometric authentication** (TouchID, Windows Hello) for phishing-resistant local auth -- **Centralized logging** for threat hunting and incident reconstruction - -**Target roles:** Developers with production access, leadership, treasury custodians, key signers, security leads. - -### Tier 2: Virtual Desktop Infrastructure (Privacy-First Scale) - -For global contractors where issuing hardware is impractical, VDI provides a secure cloud-hosted environment accessible from any device. The employee's personal machine becomes a thin client — all sensitive work happens inside the managed virtual desktop. - -- ✅ Complete visibility and control inside the virtual environment -- ✅ Corporate web proxying and traffic inspection -- ✅ Protects employee device privacy (organization sees inside VDI, not the host) -- ⚠️ Susceptible to host-level keyloggers and screen capture -- ⚠️ Performance and latency overhead -- ⚠️ Hardware authentication dongle (YubiKey) compatibility issues in virtualized environments - -**Target roles:** Global operations, customer support, regional teams, contractors with defined scopes. Providers: AWS WorkSpaces, Azure Virtual Desktop, Google Cloud Workstations. - -### Tier 3: Enterprise Browser (Minimum Viable Security) - -For general staff and short-term contractors, an enterprise browser provides a managed browsing environment on any machine. - -- ✅ **Extension allowlisting** — eliminates malicious extension vectors (e.g., Discord session cookie theft) -- ✅ **IdP integration** — enforces identity and access policies at the browser layer -- ✅ **Isolated history and cookies** — work browsing sandboxed from personal browsing -- ⚠️ Zero protection if the host OS is compromised -- ⚠️ Cannot block host-level screen capture or USB access - -**Target roles:** General staff, community managers, short-term contractors. - -> 💡 If you use Google Workspace, you already have **Chrome Enterprise Core** at no additional cost. Enabling extension allowlisting alone eliminates one of the most common attack vectors against Discord and web-based platforms. - ## I hired a DPRK IT Worker. What now? 1. Contact security professionals if you're unable to handle the situation alone. You can reach out to SEAL911 diff --git a/docs/pages/opsec/endpoint/overview.mdx b/docs/pages/opsec/endpoint/overview.mdx index de408582..42c1c2d3 100644 --- a/docs/pages/opsec/endpoint/overview.mdx +++ b/docs/pages/opsec/endpoint/overview.mdx @@ -1,8 +1,17 @@ --- title: "Endpoint Security | Security Alliance" +description: "Device provisioning tiers for Web3 organizations: managed devices with EDR/MDM, virtual desktops for global contractors, and enterprise browsers for minimum viable security." tags: - Security Specialist - Operations & Strategy + - HR +contributors: + - role: contributed + users: [andrew-chang-gu] + - role: wrote + users: [artemisclaw82] + - role: reviewed + users: [dickson] --- import { TagList, AttributionList, TagProvider, TagFilter, ContributeFooter } from '../../../../components' @@ -15,7 +24,74 @@ import { TagList, AttributionList, TagProvider, TagFilter, ContributeFooter } fr -Placeholder for Endpoint Security content +> 🔑 **Key Takeaway:** Match device security investment to role risk. Managed hardware for privileged operators, VDI for global contractors, enterprise browsers as minimum viable security for everyone else. + +Unmanaged personal devices are a primary vector for credential theft and lateral movement in Web3 organizations. Infostealers, malicious browser extensions, and compromised development environments all start at the endpoint. Organizations need a device provisioning strategy that scales security with role sensitivity. + +--- + +## Device Security Tiers + +### Tier 1: Managed Devices (Gold Standard) + +Issue organization-managed hardware to your highest-risk roles. This provides full security stack visibility and control. + +- **EDR** (CrowdStrike Falcon, SentinelOne) for real-time behavioral monitoring and threat hunting +- **MDM** (Intune, JAMF) to enforce configuration policy and enable remote wipe +- **Full disk encryption** (BitLocker, FileVault) so stolen devices reveal nothing +- **Biometric authentication** (TouchID, Windows Hello) for phishing-resistant local auth +- **Centralized logging** for threat hunting and incident reconstruction + +**Target roles:** Developers with production access, leadership, treasury custodians, key signers, security leads. + +### Tier 2: Virtual Desktop Infrastructure (Privacy-First Scale) + +For global contractors where issuing hardware is impractical, VDI provides a secure cloud-hosted environment accessible from any device. The employee's personal machine becomes a thin client — all sensitive work happens inside the managed virtual desktop. + +- ✅ Complete visibility and control inside the virtual environment +- ✅ Corporate web proxying and traffic inspection +- ✅ Protects employee device privacy (organization sees inside VDI, not the host) +- ⚠️ Susceptible to host-level keyloggers and screen capture +- ⚠️ Performance and latency overhead +- ⚠️ Hardware authentication dongle (YubiKey) compatibility issues in virtualized environments + +**Target roles:** Global operations, customer support, regional teams, contractors with defined scopes. Providers: AWS WorkSpaces, Azure Virtual Desktop, Google Cloud Workstations. + +### Tier 3: Enterprise Browser (Minimum Viable Security) + +For general staff and short-term contractors, an enterprise browser provides a managed browsing environment on any machine. + +- ✅ **Extension allowlisting** — eliminates malicious extension vectors (e.g., Discord session cookie theft) +- ✅ **IdP integration** — enforces identity and access policies at the browser layer +- ✅ **Isolated history and cookies** — work browsing sandboxed from personal browsing +- ⚠️ Zero protection if the host OS is compromised +- ⚠️ Cannot block host-level screen capture or USB access + +**Target roles:** General staff, community managers, short-term contractors. + +> 💡 If you use Google Workspace, you already have **Chrome Enterprise Core** at no additional cost. Enabling extension allowlisting alone eliminates one of the most common attack vectors against Discord and web-based platforms. + +--- + +## Choosing the Right Tier + +| Factor | Managed Device | VDI | Enterprise Browser | +|--------|---------------|-----|-------------------| +| **Visibility** | Full (OS + apps) | Inside VDI only | Browser only | +| **Host compromise protection** | ✅ EDR on host | ⚠️ Host keyloggers | ❌ None | +| **Hardware cost** | High (org buys devices) | Low (any device) | None | +| **Privacy** | Low (org owns device) | Medium (host is private) | High (only browser managed) | +| **Best for** | Core team, signers | Global contractors | General staff | + +Most Web3 organizations will use all three tiers simultaneously — the goal is to match investment to actual risk, not to force a single approach across all roles. + +--- + +## Further Reading + +- [Secure Operating Systems](/opsec/secure-operating-systems) — OS-level isolation (Qubes, GrapheneOS, Tails) +- [Hardening your organization](/dprk-it-workers/mitigating-dprk-it-workers#hardening-your-organization) — Access control policies for remote workers +- [Browser Security](/opsec/browser/overview) — Browser-specific hardening From e00b56430643d59a4528b0fa2c914e12eb80ed4b Mon Sep 17 00:00:00 2001 From: Artemis Date: Sun, 1 Mar 2026 23:59:40 +0000 Subject: [PATCH 04/11] fix: update endpoint page attribution to Andrew and Dickson as authors --- docs/pages/opsec/endpoint/overview.mdx | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/docs/pages/opsec/endpoint/overview.mdx b/docs/pages/opsec/endpoint/overview.mdx index 42c1c2d3..f3827808 100644 --- a/docs/pages/opsec/endpoint/overview.mdx +++ b/docs/pages/opsec/endpoint/overview.mdx @@ -6,12 +6,10 @@ tags: - Operations & Strategy - HR contributors: - - role: contributed - users: [andrew-chang-gu] - role: wrote - users: [artemisclaw82] + users: [andrew-chang-gu, dickson] - role: reviewed - users: [dickson] + users: [] --- import { TagList, AttributionList, TagProvider, TagFilter, ContributeFooter } from '../../../../components' From 7f20a81b70d677533a94762d85403581c1028a4e Mon Sep 17 00:00:00 2001 From: Artemis Date: Mon, 2 Mar 2026 04:05:52 +0000 Subject: [PATCH 05/11] fix: move liveness verification to TTP page, remove from mitigating page Per review: removed 'Defeating Deepfakes' section and 'periodic re-verification' bullet from mitigating page. Moved liveness content to TTP page under 'Am I Interviewing' section where it contextually belongs. --- docs/pages/config/index.mdx | 15 +++++++++++++++ .../mitigating-dprk-it-workers.mdx | 12 ------------ .../techniques-tactics-and-procedures.mdx | 12 ++++++++++++ 3 files changed, 27 insertions(+), 12 deletions(-) create mode 100644 docs/pages/config/index.mdx diff --git a/docs/pages/config/index.mdx b/docs/pages/config/index.mdx new file mode 100644 index 00000000..12ece8be --- /dev/null +++ b/docs/pages/config/index.mdx @@ -0,0 +1,15 @@ +--- +title: "Config" +--- + +{/* AUTOGENERATED: This file is generated by utils/generate-folder-indexes.js */} + +# Config + +> _Note:_ This page is auto-generated. Please use the sidebar to explore the docs instead of +> navigating directory paths directly. + +## Pages + +- [Template](/config/template) +- [Using Contributors](/config/using-contributors) diff --git a/docs/pages/dprk-it-workers/mitigating-dprk-it-workers.mdx b/docs/pages/dprk-it-workers/mitigating-dprk-it-workers.mdx index 51e4ca78..b039a087 100644 --- a/docs/pages/dprk-it-workers/mitigating-dprk-it-workers.mdx +++ b/docs/pages/dprk-it-workers/mitigating-dprk-it-workers.mdx @@ -84,18 +84,6 @@ Verification depth should scale with the sensitivity of the role being filled. N - **In-person verification mandatory** — final-round interviews conducted on-site or at a trusted venue - Hardware wallet issuance and setup conducted in-person or via verified secure delivery - Dual-authorization requirements for all privileged actions -- Periodic re-verification, especially after extended remote-only periods - -### Defeating Deepfakes: Liveness Verification - -Pre-recorded deepfake video can fool a casual interviewer, particularly when audio "technical difficulties" are used as cover. Beyond the detection techniques in [Am I Interviewing a DPRK IT Worker?](/dprk-it-workers/techniques-tactics-and-procedures#am-i-interviewing-a-dprk-it-worker), incorporate unpredictable, interactive requests that a pre-rendered deepfake cannot handle: - -- Ask the candidate to turn their head sideways and hold the position -- Have them read a randomly generated phrase displayed on screen for the first time during the call -- Request a hand movement across the face mid-stream -- Ask them to screen-share and perform a live technical task requiring real-time interaction with their environment - -> ⚠️ Any candidate who persistently avoids in-person interaction — even for high-value roles — warrants a security review. This is a documented indicator of DPRK IT worker activity. ## Hardening your organization diff --git a/docs/pages/dprk-it-workers/techniques-tactics-and-procedures.mdx b/docs/pages/dprk-it-workers/techniques-tactics-and-procedures.mdx index 2e3250b5..e67d6a8f 100644 --- a/docs/pages/dprk-it-workers/techniques-tactics-and-procedures.mdx +++ b/docs/pages/dprk-it-workers/techniques-tactics-and-procedures.mdx @@ -210,6 +210,18 @@ hiring a DPRK IT Worker. profile, which can uncover further identity mismatches. 1. On LinkedIn, examine the strength of the actor's connection network. + +### Defeating Deepfakes: Liveness Verification + +Pre-recorded deepfake video can fool a casual interviewer, particularly when audio "technical difficulties" are used as cover. Incorporate unpredictable, interactive requests that a pre-rendered deepfake cannot handle: + +- Ask the candidate to turn their head sideways and hold the position +- Have them read a randomly generated phrase displayed on screen for the first time during the call +- Request a hand movement across the face mid-stream +- Ask them to screen-share and perform a live technical task requiring real-time interaction with their environment + +> ⚠️ Any candidate who persistently avoids in-person interaction — even for high-value roles — warrants a security review. This is a documented indicator of DPRK IT worker activity. + ## Did I hire a DPRK IT Worker? 1. The list below serves as a guide for confirming your suspicions if one of your employees is a potential From 68cf4b82250c767f02c41d252ff6782540c14f3c Mon Sep 17 00:00:00 2001 From: Artemis Date: Mon, 2 Mar 2026 04:15:09 +0000 Subject: [PATCH 06/11] chore: scope PR #400 to DPRK docs only Remove unrelated config index and endpoint overview changes so this PR only includes DPRK mitigation/TTP updates from review feedback. --- docs/pages/config/index.mdx | 15 ----- docs/pages/opsec/endpoint/overview.mdx | 76 +------------------------- 2 files changed, 1 insertion(+), 90 deletions(-) delete mode 100644 docs/pages/config/index.mdx diff --git a/docs/pages/config/index.mdx b/docs/pages/config/index.mdx deleted file mode 100644 index 12ece8be..00000000 --- a/docs/pages/config/index.mdx +++ /dev/null @@ -1,15 +0,0 @@ ---- -title: "Config" ---- - -{/* AUTOGENERATED: This file is generated by utils/generate-folder-indexes.js */} - -# Config - -> _Note:_ This page is auto-generated. Please use the sidebar to explore the docs instead of -> navigating directory paths directly. - -## Pages - -- [Template](/config/template) -- [Using Contributors](/config/using-contributors) diff --git a/docs/pages/opsec/endpoint/overview.mdx b/docs/pages/opsec/endpoint/overview.mdx index f3827808..de408582 100644 --- a/docs/pages/opsec/endpoint/overview.mdx +++ b/docs/pages/opsec/endpoint/overview.mdx @@ -1,15 +1,8 @@ --- title: "Endpoint Security | Security Alliance" -description: "Device provisioning tiers for Web3 organizations: managed devices with EDR/MDM, virtual desktops for global contractors, and enterprise browsers for minimum viable security." tags: - Security Specialist - Operations & Strategy - - HR -contributors: - - role: wrote - users: [andrew-chang-gu, dickson] - - role: reviewed - users: [] --- import { TagList, AttributionList, TagProvider, TagFilter, ContributeFooter } from '../../../../components' @@ -22,74 +15,7 @@ import { TagList, AttributionList, TagProvider, TagFilter, ContributeFooter } fr -> 🔑 **Key Takeaway:** Match device security investment to role risk. Managed hardware for privileged operators, VDI for global contractors, enterprise browsers as minimum viable security for everyone else. - -Unmanaged personal devices are a primary vector for credential theft and lateral movement in Web3 organizations. Infostealers, malicious browser extensions, and compromised development environments all start at the endpoint. Organizations need a device provisioning strategy that scales security with role sensitivity. - ---- - -## Device Security Tiers - -### Tier 1: Managed Devices (Gold Standard) - -Issue organization-managed hardware to your highest-risk roles. This provides full security stack visibility and control. - -- **EDR** (CrowdStrike Falcon, SentinelOne) for real-time behavioral monitoring and threat hunting -- **MDM** (Intune, JAMF) to enforce configuration policy and enable remote wipe -- **Full disk encryption** (BitLocker, FileVault) so stolen devices reveal nothing -- **Biometric authentication** (TouchID, Windows Hello) for phishing-resistant local auth -- **Centralized logging** for threat hunting and incident reconstruction - -**Target roles:** Developers with production access, leadership, treasury custodians, key signers, security leads. - -### Tier 2: Virtual Desktop Infrastructure (Privacy-First Scale) - -For global contractors where issuing hardware is impractical, VDI provides a secure cloud-hosted environment accessible from any device. The employee's personal machine becomes a thin client — all sensitive work happens inside the managed virtual desktop. - -- ✅ Complete visibility and control inside the virtual environment -- ✅ Corporate web proxying and traffic inspection -- ✅ Protects employee device privacy (organization sees inside VDI, not the host) -- ⚠️ Susceptible to host-level keyloggers and screen capture -- ⚠️ Performance and latency overhead -- ⚠️ Hardware authentication dongle (YubiKey) compatibility issues in virtualized environments - -**Target roles:** Global operations, customer support, regional teams, contractors with defined scopes. Providers: AWS WorkSpaces, Azure Virtual Desktop, Google Cloud Workstations. - -### Tier 3: Enterprise Browser (Minimum Viable Security) - -For general staff and short-term contractors, an enterprise browser provides a managed browsing environment on any machine. - -- ✅ **Extension allowlisting** — eliminates malicious extension vectors (e.g., Discord session cookie theft) -- ✅ **IdP integration** — enforces identity and access policies at the browser layer -- ✅ **Isolated history and cookies** — work browsing sandboxed from personal browsing -- ⚠️ Zero protection if the host OS is compromised -- ⚠️ Cannot block host-level screen capture or USB access - -**Target roles:** General staff, community managers, short-term contractors. - -> 💡 If you use Google Workspace, you already have **Chrome Enterprise Core** at no additional cost. Enabling extension allowlisting alone eliminates one of the most common attack vectors against Discord and web-based platforms. - ---- - -## Choosing the Right Tier - -| Factor | Managed Device | VDI | Enterprise Browser | -|--------|---------------|-----|-------------------| -| **Visibility** | Full (OS + apps) | Inside VDI only | Browser only | -| **Host compromise protection** | ✅ EDR on host | ⚠️ Host keyloggers | ❌ None | -| **Hardware cost** | High (org buys devices) | Low (any device) | None | -| **Privacy** | Low (org owns device) | Medium (host is private) | High (only browser managed) | -| **Best for** | Core team, signers | Global contractors | General staff | - -Most Web3 organizations will use all three tiers simultaneously — the goal is to match investment to actual risk, not to force a single approach across all roles. - ---- - -## Further Reading - -- [Secure Operating Systems](/opsec/secure-operating-systems) — OS-level isolation (Qubes, GrapheneOS, Tails) -- [Hardening your organization](/dprk-it-workers/mitigating-dprk-it-workers#hardening-your-organization) — Access control policies for remote workers -- [Browser Security](/opsec/browser/overview) — Browser-specific hardening +Placeholder for Endpoint Security content From ce178cea566fac5b8c0422520d5b71c09ed2cc38 Mon Sep 17 00:00:00 2001 From: Artemis Date: Mon, 2 Mar 2026 04:36:54 +0000 Subject: [PATCH 07/11] fix: remove Tiered Identity Verification, restore endpoint overview Per review: removed '### Tiered Identity Verification' section from mitigating page. Restored endpoint/overview.mdx with device security tiers and attribution. --- .../mitigating-dprk-it-workers.mdx | 23 ------ docs/pages/opsec/endpoint/overview.mdx | 76 ++++++++++++++++++- 2 files changed, 75 insertions(+), 24 deletions(-) diff --git a/docs/pages/dprk-it-workers/mitigating-dprk-it-workers.mdx b/docs/pages/dprk-it-workers/mitigating-dprk-it-workers.mdx index b039a087..64421608 100644 --- a/docs/pages/dprk-it-workers/mitigating-dprk-it-workers.mdx +++ b/docs/pages/dprk-it-workers/mitigating-dprk-it-workers.mdx @@ -62,29 +62,6 @@ limit the effects of a DPRK IT Worker infiltration and what you should do after 6. Regardless of our tips of not focusing on "Asian man in his 20-30s" that particular appearance is still the most common (If not cloaked under the generative AI). Similarly, Korean-English accents. -### Tiered Identity Verification - -Verification depth should scale with the sensitivity of the role being filled. Not every contributor needs a full background check, but every treasury signer needs in-person verification. - -**Level 1 — Pseudonymous Contributor** *(OSS contributors, community moderators, bounty hunters)* -- On-chain wallet history demonstrating consistent, legitimate activity over time -- Persistent pseudonymous identity with verifiable history (GitHub commits, forum participation) -- Liveness check (see below) -- **Scoped access only** — never admin rights, treasury access, or production systems - -**Level 2 — Verified Worker** *(Engineers, operations staff, administrative roles)* -- All Level 1 checks, plus: -- Government-issued photo ID verification -- Background check through a reputable provider, with verified jurisdiction -- Reference checks with direct contact verification (don't rely on references you can't independently validate) -- Video interview with active liveness verification (see below) - -**Level 3 — Privileged Operator** *(Treasury signers, cloud root access, security leadership)* -- All Level 2 checks, plus: -- **In-person verification mandatory** — final-round interviews conducted on-site or at a trusted venue -- Hardware wallet issuance and setup conducted in-person or via verified secure delivery -- Dual-authorization requirements for all privileged actions - ## Hardening your organization 1. Define and implement tight access control rules for all of your employees, especially remote ones. Avoid giving diff --git a/docs/pages/opsec/endpoint/overview.mdx b/docs/pages/opsec/endpoint/overview.mdx index de408582..f3827808 100644 --- a/docs/pages/opsec/endpoint/overview.mdx +++ b/docs/pages/opsec/endpoint/overview.mdx @@ -1,8 +1,15 @@ --- title: "Endpoint Security | Security Alliance" +description: "Device provisioning tiers for Web3 organizations: managed devices with EDR/MDM, virtual desktops for global contractors, and enterprise browsers for minimum viable security." tags: - Security Specialist - Operations & Strategy + - HR +contributors: + - role: wrote + users: [andrew-chang-gu, dickson] + - role: reviewed + users: [] --- import { TagList, AttributionList, TagProvider, TagFilter, ContributeFooter } from '../../../../components' @@ -15,7 +22,74 @@ import { TagList, AttributionList, TagProvider, TagFilter, ContributeFooter } fr -Placeholder for Endpoint Security content +> 🔑 **Key Takeaway:** Match device security investment to role risk. Managed hardware for privileged operators, VDI for global contractors, enterprise browsers as minimum viable security for everyone else. + +Unmanaged personal devices are a primary vector for credential theft and lateral movement in Web3 organizations. Infostealers, malicious browser extensions, and compromised development environments all start at the endpoint. Organizations need a device provisioning strategy that scales security with role sensitivity. + +--- + +## Device Security Tiers + +### Tier 1: Managed Devices (Gold Standard) + +Issue organization-managed hardware to your highest-risk roles. This provides full security stack visibility and control. + +- **EDR** (CrowdStrike Falcon, SentinelOne) for real-time behavioral monitoring and threat hunting +- **MDM** (Intune, JAMF) to enforce configuration policy and enable remote wipe +- **Full disk encryption** (BitLocker, FileVault) so stolen devices reveal nothing +- **Biometric authentication** (TouchID, Windows Hello) for phishing-resistant local auth +- **Centralized logging** for threat hunting and incident reconstruction + +**Target roles:** Developers with production access, leadership, treasury custodians, key signers, security leads. + +### Tier 2: Virtual Desktop Infrastructure (Privacy-First Scale) + +For global contractors where issuing hardware is impractical, VDI provides a secure cloud-hosted environment accessible from any device. The employee's personal machine becomes a thin client — all sensitive work happens inside the managed virtual desktop. + +- ✅ Complete visibility and control inside the virtual environment +- ✅ Corporate web proxying and traffic inspection +- ✅ Protects employee device privacy (organization sees inside VDI, not the host) +- ⚠️ Susceptible to host-level keyloggers and screen capture +- ⚠️ Performance and latency overhead +- ⚠️ Hardware authentication dongle (YubiKey) compatibility issues in virtualized environments + +**Target roles:** Global operations, customer support, regional teams, contractors with defined scopes. Providers: AWS WorkSpaces, Azure Virtual Desktop, Google Cloud Workstations. + +### Tier 3: Enterprise Browser (Minimum Viable Security) + +For general staff and short-term contractors, an enterprise browser provides a managed browsing environment on any machine. + +- ✅ **Extension allowlisting** — eliminates malicious extension vectors (e.g., Discord session cookie theft) +- ✅ **IdP integration** — enforces identity and access policies at the browser layer +- ✅ **Isolated history and cookies** — work browsing sandboxed from personal browsing +- ⚠️ Zero protection if the host OS is compromised +- ⚠️ Cannot block host-level screen capture or USB access + +**Target roles:** General staff, community managers, short-term contractors. + +> 💡 If you use Google Workspace, you already have **Chrome Enterprise Core** at no additional cost. Enabling extension allowlisting alone eliminates one of the most common attack vectors against Discord and web-based platforms. + +--- + +## Choosing the Right Tier + +| Factor | Managed Device | VDI | Enterprise Browser | +|--------|---------------|-----|-------------------| +| **Visibility** | Full (OS + apps) | Inside VDI only | Browser only | +| **Host compromise protection** | ✅ EDR on host | ⚠️ Host keyloggers | ❌ None | +| **Hardware cost** | High (org buys devices) | Low (any device) | None | +| **Privacy** | Low (org owns device) | Medium (host is private) | High (only browser managed) | +| **Best for** | Core team, signers | Global contractors | General staff | + +Most Web3 organizations will use all three tiers simultaneously — the goal is to match investment to actual risk, not to force a single approach across all roles. + +--- + +## Further Reading + +- [Secure Operating Systems](/opsec/secure-operating-systems) — OS-level isolation (Qubes, GrapheneOS, Tails) +- [Hardening your organization](/dprk-it-workers/mitigating-dprk-it-workers#hardening-your-organization) — Access control policies for remote workers +- [Browser Security](/opsec/browser/overview) — Browser-specific hardening From 4d2848c1708f38d7bfd816dc9aefc8660c5ddeda Mon Sep 17 00:00:00 2001 From: Artemis Date: Mon, 2 Mar 2026 05:55:38 +0000 Subject: [PATCH 08/11] fix: remove contributed role from mitigating page, strip emojis from endpoint overview MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Per review: removed andrew-chang-gu contributed attribution from DPRK mitigating page. Replaced all emoji markers (✅⚠️🔑💡❌) with plain text in endpoint overview. --- .../mitigating-dprk-it-workers.mdx | 2 -- docs/pages/opsec/endpoint/overview.mdx | 28 +++++++++---------- 2 files changed, 14 insertions(+), 16 deletions(-) diff --git a/docs/pages/dprk-it-workers/mitigating-dprk-it-workers.mdx b/docs/pages/dprk-it-workers/mitigating-dprk-it-workers.mdx index 64421608..1a95dca5 100644 --- a/docs/pages/dprk-it-workers/mitigating-dprk-it-workers.mdx +++ b/docs/pages/dprk-it-workers/mitigating-dprk-it-workers.mdx @@ -12,8 +12,6 @@ contributors: users: [blackbigswan] - role: reviewed users: [yaniv, dickson] -- role: contributed - users: [andrew-chang-gu] --- import { TagList, AttributionList, TagProvider, TagFilter, ContributeFooter } from '../../../components' diff --git a/docs/pages/opsec/endpoint/overview.mdx b/docs/pages/opsec/endpoint/overview.mdx index f3827808..34f7d525 100644 --- a/docs/pages/opsec/endpoint/overview.mdx +++ b/docs/pages/opsec/endpoint/overview.mdx @@ -22,7 +22,7 @@ import { TagList, AttributionList, TagProvider, TagFilter, ContributeFooter } fr -> 🔑 **Key Takeaway:** Match device security investment to role risk. Managed hardware for privileged operators, VDI for global contractors, enterprise browsers as minimum viable security for everyone else. +> **Key Takeaway:** Match device security investment to role risk. Managed hardware for privileged operators, VDI for global contractors, enterprise browsers as minimum viable security for everyone else. Unmanaged personal devices are a primary vector for credential theft and lateral movement in Web3 organizations. Infostealers, malicious browser extensions, and compromised development environments all start at the endpoint. Organizations need a device provisioning strategy that scales security with role sensitivity. @@ -46,12 +46,12 @@ Issue organization-managed hardware to your highest-risk roles. This provides fu For global contractors where issuing hardware is impractical, VDI provides a secure cloud-hosted environment accessible from any device. The employee's personal machine becomes a thin client — all sensitive work happens inside the managed virtual desktop. -- ✅ Complete visibility and control inside the virtual environment -- ✅ Corporate web proxying and traffic inspection -- ✅ Protects employee device privacy (organization sees inside VDI, not the host) -- ⚠️ Susceptible to host-level keyloggers and screen capture -- ⚠️ Performance and latency overhead -- ⚠️ Hardware authentication dongle (YubiKey) compatibility issues in virtualized environments +- Complete visibility and control inside the virtual environment +- Corporate web proxying and traffic inspection +- Protects employee device privacy (organization sees inside VDI, not the host) +- **Limitation:** Susceptible to host-level keyloggers and screen capture +- **Limitation:** Performance and latency overhead +- **Limitation:** Hardware authentication dongle (YubiKey) compatibility issues in virtualized environments **Target roles:** Global operations, customer support, regional teams, contractors with defined scopes. Providers: AWS WorkSpaces, Azure Virtual Desktop, Google Cloud Workstations. @@ -59,15 +59,15 @@ For global contractors where issuing hardware is impractical, VDI provides a sec For general staff and short-term contractors, an enterprise browser provides a managed browsing environment on any machine. -- ✅ **Extension allowlisting** — eliminates malicious extension vectors (e.g., Discord session cookie theft) -- ✅ **IdP integration** — enforces identity and access policies at the browser layer -- ✅ **Isolated history and cookies** — work browsing sandboxed from personal browsing -- ⚠️ Zero protection if the host OS is compromised -- ⚠️ Cannot block host-level screen capture or USB access +- **Extension allowlisting** — eliminates malicious extension vectors (e.g., Discord session cookie theft) +- **IdP integration** — enforces identity and access policies at the browser layer +- **Isolated history and cookies** — work browsing sandboxed from personal browsing +- **Limitation:** Zero protection if the host OS is compromised +- **Limitation:** Cannot block host-level screen capture or USB access **Target roles:** General staff, community managers, short-term contractors. -> 💡 If you use Google Workspace, you already have **Chrome Enterprise Core** at no additional cost. Enabling extension allowlisting alone eliminates one of the most common attack vectors against Discord and web-based platforms. +> If you use Google Workspace, you already have **Chrome Enterprise Core** at no additional cost. Enabling extension allowlisting alone eliminates one of the most common attack vectors against Discord and web-based platforms. --- @@ -76,7 +76,7 @@ For general staff and short-term contractors, an enterprise browser provides a m | Factor | Managed Device | VDI | Enterprise Browser | |--------|---------------|-----|-------------------| | **Visibility** | Full (OS + apps) | Inside VDI only | Browser only | -| **Host compromise protection** | ✅ EDR on host | ⚠️ Host keyloggers | ❌ None | +| **Host compromise protection** | Yes — EDR on host | Partial — Host keyloggers | No — None | | **Hardware cost** | High (org buys devices) | Low (any device) | None | | **Privacy** | Low (org owns device) | Medium (host is private) | High (only browser managed) | | **Best for** | Core team, signers | Global contractors | General staff | From 9f6e28f44d3bb147ecc7fdf97c10d401db9c5c5c Mon Sep 17 00:00:00 2001 From: Artemis Date: Tue, 3 Mar 2026 20:29:51 +0000 Subject: [PATCH 09/11] fix: add andrew-chang-gu to contributors, remove --- separators --- docs/pages/config/contributors.json | 542 ++++++++++++++++--------- docs/pages/opsec/endpoint/overview.mdx | 3 - 2 files changed, 351 insertions(+), 194 deletions(-) diff --git a/docs/pages/config/contributors.json b/docs/pages/config/contributors.json index 133c657d..0f4fe729 100644 --- a/docs/pages/config/contributors.json +++ b/docs/pages/config/contributors.json @@ -11,19 +11,58 @@ "job_title": "Security Knowmad", "description": "Initiative lead and maintainer", "badges": [ - { "name": "Lead", "assigned": "2024-06-06" }, - { "name": "Early-Contributor", "assigned": "2024-06-06" }, - { "name": "First-Contribution", "assigned": "2024-06-06" }, - { "name": "Contributor-5", "assigned": "2025-01-29" }, - { "name": "Contributor-10", "assigned": "2025-02-27" }, - { "name": "Contributor-25", "assigned": "2025-07-11" }, - { "name": "First-Review", "assigned": "2024-07-02" }, - { "name": "Reviewer-10", "assigned": "2024-07-02" }, - { "name": "Reviewer-25", "assigned": "2024-07-02" }, - { "name": "Issue-Opener-5", "assigned": "2024-08-22" }, - { "name": "Issue-Opener-10", "assigned": "2024-08-24" }, - { "name": "Issue-Opener-25", "assigned": "2024-09-25" }, - { "name": "Active-Last-7d", "lastActive": "2026-02-10" } + { + "name": "Lead", + "assigned": "2024-06-06" + }, + { + "name": "Early-Contributor", + "assigned": "2024-06-06" + }, + { + "name": "First-Contribution", + "assigned": "2024-06-06" + }, + { + "name": "Contributor-5", + "assigned": "2025-01-29" + }, + { + "name": "Contributor-10", + "assigned": "2025-02-27" + }, + { + "name": "Contributor-25", + "assigned": "2025-07-11" + }, + { + "name": "First-Review", + "assigned": "2024-07-02" + }, + { + "name": "Reviewer-10", + "assigned": "2024-07-02" + }, + { + "name": "Reviewer-25", + "assigned": "2024-07-02" + }, + { + "name": "Issue-Opener-5", + "assigned": "2024-08-22" + }, + { + "name": "Issue-Opener-10", + "assigned": "2024-08-24" + }, + { + "name": "Issue-Opener-25", + "assigned": "2024-09-25" + }, + { + "name": "Active-Last-7d", + "lastActive": "2026-01-22" + } ] }, "fredriksvantes": { @@ -38,14 +77,38 @@ "role": "core", "description": "Initial contributor to the Security Frameworks", "badges": [ - { "name": "Early-Contributor", "assigned": "2024-06-30" }, - { "name": "Core-Contributor", "assigned": "2024-06-30" }, - { "name": "First-Contribution", "assigned": "2024-06-30" }, - { "name": "Contributor-5", "assigned": "2024-07-02" }, - { "name": "Contributor-10", "assigned": "2024-07-02" }, - { "name": "Contributor-25", "assigned": "2024-07-02" }, - { "name": "First-Review", "assigned": "2024-10-15" }, - { "name": "Dormant-90d+", "lastActive": "2024-10-15" } + { + "name": "Early-Contributor", + "assigned": "2024-06-30" + }, + { + "name": "Core-Contributor", + "assigned": "2024-06-30" + }, + { + "name": "First-Contribution", + "assigned": "2024-06-30" + }, + { + "name": "Contributor-5", + "assigned": "2024-07-02" + }, + { + "name": "Contributor-10", + "assigned": "2024-07-02" + }, + { + "name": "Contributor-25", + "assigned": "2024-07-02" + }, + { + "name": "First-Review", + "assigned": "2024-10-15" + }, + { + "name": "Dormant-90d+", + "lastActive": "2024-10-15" + } ] }, "zedt3ster": { @@ -60,10 +123,22 @@ "role": "core", "description": "Director. Ethereum enthusiast", "badges": [ - { "name": "Core-Contributor", "assigned": "2024-10-02" }, - { "name": "Early-Contributor", "assigned": "2024-10-02" }, - { "name": "First-Contribution", "assigned": "2024-10-02" }, - { "name": "First-Review", "assigned": "2024-10-15" } + { + "name": "Core-Contributor", + "assigned": "2024-10-02" + }, + { + "name": "Early-Contributor", + "assigned": "2024-10-02" + }, + { + "name": "First-Contribution", + "assigned": "2024-10-02" + }, + { + "name": "First-Review", + "assigned": "2024-10-15" + } ] }, "nftdreww": { @@ -78,9 +153,22 @@ "description": "Steward of Community Management framework", "role": "steward", "badges": [ - { "name": "Framework-Steward", "framework": "Community Management" }, - { "name": "First-Contribution", "assigned": "2025-01-29" }, - { "name": "First-Review", "assigned": "2025-12-16" } + { + "name": "Framework-Steward", + "framework": "Community Management" + }, + { + "name": "First-Contribution", + "assigned": "2025-01-29" + }, + { + "name": "First-Review", + "assigned": "2025-12-16" + }, + { + "name": "Active-Last-30d", + "lastActive": "2026-01-13" + } ] }, "robert": { @@ -95,13 +183,34 @@ "description": "Web dev & fact checking", "role": "core", "badges": [ - { "name": "Core-Contributor", "assigned": "2025-03-20" }, - { "name": "Early-Contributor", "assigned": "2024-10-07" }, - { "name": "First-Contribution", "assigned": "2024-10-07" }, - { "name": "Contributor-5", "assigned": "2025-01-09" }, - { "name": "Contributor-10", "assigned": "2025-04-10" }, - { "name": "First-Review", "assigned": "2025-08-11" }, - { "name": "Issue-Opener-5", "assigned": "2025-08-12" } + { + "name": "Core-Contributor", + "assigned": "2025-03-20" + }, + { + "name": "Early-Contributor", + "assigned": "2024-10-07" + }, + { + "name": "First-Contribution", + "assigned": "2024-10-07" + }, + { + "name": "Contributor-5", + "assigned": "2025-01-09" + }, + { + "name": "Contributor-10", + "assigned": "2025-04-10" + }, + { + "name": "First-Review", + "assigned": "2025-08-11" + }, + { + "name": "Issue-Opener-5", + "assigned": "2025-08-12" + } ] }, "tebayoso": { @@ -116,10 +225,22 @@ "role": "contributor", "description": "Initial implementation of tag filtering", "badges": [ - { "name": "Early-Contributor", "assigned": "2024-09-23" }, - { "name": "First-Contribution", "assigned": "2024-09-23" }, - { "name": "First-Review", "assigned": "2024-09-30" }, - { "name": "Dormant-90d+", "lastActive": "2024-09-30" } + { + "name": "Early-Contributor", + "assigned": "2024-09-23" + }, + { + "name": "First-Contribution", + "assigned": "2024-09-23" + }, + { + "name": "First-Review", + "assigned": "2024-09-30" + }, + { + "name": "Dormant-90d+", + "lastActive": "2024-09-30" + } ] }, "engn33r": { @@ -134,8 +255,14 @@ "role": "contributor", "description": "Signing best practices", "badges": [ - { "name": "First-Contribution", "assigned": "2025-03-10" }, - { "name": "Dormant-90d+", "lastActive": "2025-06-18" } + { + "name": "First-Contribution", + "assigned": "2025-03-10" + }, + { + "name": "Dormant-90d+", + "lastActive": "2025-06-18" + } ] }, "ghadi8": { @@ -150,10 +277,23 @@ "role": "steward", "description": "Steward of ENS framework", "badges": [ - { "name": "Framework-Steward", "assigned": "2025-03-29", "framework": "ENS" }, - { "name": "First-Contribution", "assigned": "2025-05-29" }, - { "name": "First-Review", "assigned": "2025-08-09" }, - { "name": "Dormant-90d+", "lastActive": "2025-08-11" } + { + "name": "Framework-Steward", + "assigned": "2025-03-29", + "framework": "ENS" + }, + { + "name": "First-Contribution", + "assigned": "2025-05-29" + }, + { + "name": "First-Review", + "assigned": "2025-08-09" + }, + { + "name": "Dormant-90d+", + "lastActive": "2025-08-11" + } ] }, "patrickalphac": { @@ -168,10 +308,23 @@ "role": "steward", "description": "Steward of Security Testing framework", "badges": [ - { "name": "Framework-Steward", "assigned": "2025-07-15", "framework": "Security Testing" }, - { "name": "First-Contribution", "assigned": "2025-07-15" }, - { "name": "Contributor-5", "assigned": "2025-07-31" }, - { "name": "Dormant-90d+", "lastActive": "2026-07-31" } + { + "name": "Framework-Steward", + "assigned": "2025-07-15", + "framework": "Security Testing" + }, + { + "name": "First-Contribution", + "assigned": "2025-07-15" + }, + { + "name": "Contributor-5", + "assigned": "2025-07-31" + }, + { + "name": "Dormant-90d+", + "lastActive": "2026-07-31" + } ] }, "pinalikefruit": { @@ -186,10 +339,19 @@ "role": "steward", "description": "Steward of Wallet-Security framework", "badges": [ - { "name": "Framework-Steward", "assigned": "2025-07-10", "framework": "Wallet Security" }, - { "name": "First-Contribution", "assigned": "2025-07-10" }, - { "name": "First-Review", "assigned": "2025-09-25" }, - { "name": "Dormant-90d+", "lastActive": "2025-10-27" } + { + "name": "Framework-Steward", + "assigned": "2025-07-10", + "framework": "Wallet Security" + }, + { + "name": "First-Contribution", + "assigned": "2025-07-10" + }, + { + "name": "First-Review", + "assigned": "2025-09-25" + } ] }, "njelich": { @@ -204,7 +366,10 @@ "role": "contributor", "description": "Frameworks Contributor", "badges": [ - { "name": "First-Contribution", "assigned": "2025-10-29" } + { + "name": "First-Contribution", + "assigned": "2025-10-29" + } ] }, "dickson": { @@ -219,14 +384,36 @@ "role": "steward", "description": "Steward of Safe Harbor & Steward of SEAL Certs", "badges": [ - { "name": "Framework-Steward", "assigned": "2025-08-04", "framework": "Safe Harbor" }, - { "name": "Framework-Steward", "assigned": "2025-12-17", "framework": "SEAL Certs" }, - { "name": "First-Contribution", "assigned": "2025-08-04" }, - { "name": "Contributor-5", "assigned": "2025-08-18" }, - { "name": "Contributor-10", "assigned": "2025-12-01" }, - { "name": "Contributor-25", "assigned": "2026-02-09" }, - { "name": "First-Review", "assigned": "2025-08-11" }, - { "name": "Active-Last-7d", "lastActive": "2026-02-09" } + { + "name": "Framework-Steward", + "assigned": "2025-08-04", + "framework": "Safe Harbor" + }, + { + "name": "Framework-Steward", + "assigned": "2025-12-17", + "framework": "SEAL Certs" + }, + { + "name": "First-Contribution", + "assigned": "2025-08-04" + }, + { + "name": "Contributor-5", + "assigned": "2025-08-18" + }, + { + "name": "Contributor-10", + "assigned": "2025-12-01" + }, + { + "name": "First-Review", + "assigned": "2025-08-11" + }, + { + "name": "Active-Last-7d", + "lastActive": "2026-01-15" + } ] }, "blackbigswan": { @@ -241,8 +428,14 @@ "role": "contributor", "description": "Frameworks Contributor", "badges": [ - { "name": "First-Contribution", "assigned": "2025-08-20" }, - { "name": "Dormant-90d+", "lastActive": "2025-09-03" } + { + "name": "First-Contribution", + "assigned": "2025-08-20" + }, + { + "name": "Dormant-90d+", + "lastActive": "2025-09-03" + } ] }, "yaniv": { @@ -257,8 +450,14 @@ "role": "contributor", "description": "Frameworks Reviewer", "badges": [ - { "name": "First-Review", "assigned": "2025-08-08" }, - { "name": "Reviewer-10", "assigned": "2025-08-11" } + { + "name": "First-Review", + "assigned": "2025-08-08" + }, + { + "name": "Reviewer-10", + "assigned": "2025-08-11" + } ] }, "relotnek": { @@ -273,8 +472,14 @@ "role": "contributor", "description": "Frameworks Contributor", "badges": [ - { "name": "First-Contribution", "assigned": "2025-07-15" }, - { "name": "Dormant-90d+", "lastActive": "2025-07-15" } + { + "name": "First-Contribution", + "assigned": "2025-07-15" + }, + { + "name": "Dormant-90d+", + "lastActive": "2025-07-15" + } ] }, "the-caliber": { @@ -289,8 +494,14 @@ "role": "contributor", "description": "Frameworks Contributor", "badges": [ - { "name": "First-Contribution", "assigned": "2025-08-28" }, - { "name": "Dormant-90d+", "lastActive": "2025-10-09" } + { + "name": "First-Contribution", + "assigned": "2025-08-28" + }, + { + "name": "Dormant-90d+", + "lastActive": "2025-10-09" + } ] }, "SEAL": { @@ -330,10 +541,7 @@ "job_title": "Founder & Engineer", "role": "contributor", "description": "Founder & Engineer", - "badges": [ - { "name": "First-Contribution", "assigned": "2025-06-02" }, - { "name": "Dormant-90d+", "lastActive": "2025-06-02" } - ] + "badges": [] }, "isaac": { "slug": "isaac", @@ -347,9 +555,11 @@ "role": "steward", "description": "SEAL Certs & SEAL Wargames", "badges": [ - { "name": "Framework-Steward", "assigned": "2025-12-17", "framework": "SEAL Certs" }, - { "name": "First-Review", "assigned": "2026-01-26" }, - { "name": "Active-Last-7d", "lastActive": "2026-02-09" } + { + "name": "Framework-Steward", + "assigned": "2025-12-17", + "framework": "SEAL Certs" + } ] }, "geoffrey": { @@ -403,10 +613,23 @@ "role": "steward", "description": "Steward of DNS and Domain Registration Security", "badges": [ - { "name": "Framework-Steward", "assigned": "2025-11-06", "framework": "DNS & Domain Registration Security" }, - { "name": "First-Contribution", "assigned": "2025-11-06" }, - { "name": "First-Review", "assigned": "2025-12-19" }, - { "name": "Active-Last-7d", "lastActive": "2026-01-22" } + { + "name": "Framework-Steward", + "assigned": "2025-11-06", + "framework": "DNS & Domain Registration Security" + }, + { + "name": "First-Contribution", + "assigned": "2025-11-06" + }, + { + "name": "First-Review", + "assigned": "2025-12-19" + }, + { + "name": "Active-Last-7d", + "lastActive": "2026-01-22" + } ] }, "auditware": { @@ -433,118 +656,55 @@ "role": "core", "description": "Security Researcher & SEAL Frameworks Core Team", "badges": [ - { "name": "Core-Contributor", "assigned": "2025-08-11" }, - { "name": "First-Contribution", "assigned": "2025-09-18" }, - { "name": "Contributor-5", "assigned": "2025-09-29" }, - { "name": "Contributor-10", "assigned": "2025-10-06" }, - { "name": "Contributor-25", "assigned": "2025-11-15" }, - { "name": "First-Review", "assigned": "2025-08-12" }, - { "name": "Reviewer-10", "assigned": "2025-09-12" }, - { "name": "Active-Last-7d", "lastActive": "2026-02-10" } - ] - }, - "gunnim": { - "slug": "gunnim", - "name": "gunnim", - "avatar": "https://avatars.githubusercontent.com/gunnim", - "github": "https://github.com/gunnim", - "twitter": null, - "website": null, - "company": null, - "job_title": null, - "role": "contributor", - "description": "Frameworks Contributor", - "badges": [ - { "name": "First-Contribution", "assigned": "2026-01-21" }, - { "name": "Active-Last-30d", "lastActive": "2026-01-22" } - ] - }, - "madjin": { - "slug": "madjin", - "name": "madjin", - "avatar": "https://avatars.githubusercontent.com/madjin", - "github": "https://github.com/madjin", - "twitter": null, - "website": null, - "company": null, - "job_title": null, - "role": "contributor", - "description": "Frameworks Contributor", - "badges": [ - { "name": "First-Contribution", "assigned": "2025-12-16" }, - { "name": "Active-Last-7d", "lastActive": "2026-02-09" } + { + "name": "Core-Contributor", + "assigned": "2025-08-11" + }, + { + "name": "First-Contribution", + "assigned": "2025-09-18" + }, + { + "name": "Contributor-5", + "assigned": "2025-09-29" + }, + { + "name": "Contributor-10", + "assigned": "2025-10-06" + }, + { + "name": "Contributor-25", + "assigned": "2025-11-15" + }, + { + "name": "First-Review", + "assigned": "2025-08-12" + }, + { + "name": "Reviewer-10", + "assigned": "2025-09-12" + }, + { + "name": "Reviewer-25", + "assigned": "2025-11-10" + }, + { + "name": "Active-Last-7d", + "lastActive": "2026-01-23" + } ] }, - "monperrus": { - "slug": "monperrus", - "name": "monperrus", - "avatar": "https://avatars.githubusercontent.com/monperrus", - "github": "https://github.com/monperrus", - "twitter": null, - "website": null, - "company": null, - "job_title": null, + "andrew-chang-gu": { + "slug": "andrew-chang-gu", + "name": "Andrew Chang-Gu", + "avatar": "https://avatars.githubusercontent.com/andrew-chang-gu", + "github": "", + "twitter": "", + "website": "", + "company": "", + "job_title": "", "role": "contributor", - "description": "Frameworks Contributor", - "badges": [ - { "name": "First-Contribution", "assigned": "2026-01-21" }, - { "name": "Active-Last-30d", "lastActive": "2026-01-21" } - ] - }, - "munamwasi": { - "slug": "munamwasi", - "name": "munamwasi", - "avatar": "https://avatars.githubusercontent.com/MunamWasi", - "github": "https://github.com/MunamWasi", - "twitter": null, - "website": null, - "company": null, - "job_title": null, - "role": "contributor", - "description": "Frameworks Contributor", - "badges": [ - { "name": "First-Contribution", "assigned": "2026-02-20" } - ] - }, - "jubos": { - "slug": "jubos", - "name": "jubos", - "avatar": "https://avatars.githubusercontent.com/jubos", - "github": "https://github.com/jubos", - "twitter": null, - "website": null, - "company": null, - "job_title": null, - "role": "contributor", - "description": "Frameworks Contributor" - }, - "masterfung": { - "slug": "masterfung", - "name": "masterfung", - "avatar": "https://avatars.githubusercontent.com/masterfung", - "github": "https://github.com/masterfung", - "twitter": null, - "website": null, - "company": null, - "job_title": null, - "role": "contributor", - "description": "Frameworks Contributor" - }, - "smagdali": { - "slug": "smagdali", - "name": "smagdali", - "avatar": "https://avatars.githubusercontent.com/smagdali", - "github": "https://github.com/smagdali", - "twitter": null, - "website": null, - "company": null, - "job_title": null, - "role": "contributor", - "description": "Frameworks Contributor", - "badges": [ - { "name": "First-Contribution", "assigned": "2025-12-03" }, - { "name": "Issue-Opener-5", "assigned": "2026-02-05" }, - { "name": "Active-Last-7d", "lastActive": "2026-02-10" } - ] + "description": "", + "badges": [] } } diff --git a/docs/pages/opsec/endpoint/overview.mdx b/docs/pages/opsec/endpoint/overview.mdx index 34f7d525..cfa59698 100644 --- a/docs/pages/opsec/endpoint/overview.mdx +++ b/docs/pages/opsec/endpoint/overview.mdx @@ -26,7 +26,6 @@ import { TagList, AttributionList, TagProvider, TagFilter, ContributeFooter } fr Unmanaged personal devices are a primary vector for credential theft and lateral movement in Web3 organizations. Infostealers, malicious browser extensions, and compromised development environments all start at the endpoint. Organizations need a device provisioning strategy that scales security with role sensitivity. ---- ## Device Security Tiers @@ -69,7 +68,6 @@ For general staff and short-term contractors, an enterprise browser provides a m > If you use Google Workspace, you already have **Chrome Enterprise Core** at no additional cost. Enabling extension allowlisting alone eliminates one of the most common attack vectors against Discord and web-based platforms. ---- ## Choosing the Right Tier @@ -83,7 +81,6 @@ For general staff and short-term contractors, an enterprise browser provides a m Most Web3 organizations will use all three tiers simultaneously — the goal is to match investment to actual risk, not to force a single approach across all roles. ---- ## Further Reading From f7736a81a2c071d4c28068ae6b2e2d5c81b0bb20 Mon Sep 17 00:00:00 2001 From: Artemis Date: Mon, 9 Mar 2026 04:21:54 +0000 Subject: [PATCH 10/11] fix: restore contributors.json formatting, add andrew-chang-gu cleanly --- docs/pages/config/contributors.json | 533 ++++++++++------------------ 1 file changed, 193 insertions(+), 340 deletions(-) diff --git a/docs/pages/config/contributors.json b/docs/pages/config/contributors.json index 0f4fe729..7bc21e60 100644 --- a/docs/pages/config/contributors.json +++ b/docs/pages/config/contributors.json @@ -11,58 +11,19 @@ "job_title": "Security Knowmad", "description": "Initiative lead and maintainer", "badges": [ - { - "name": "Lead", - "assigned": "2024-06-06" - }, - { - "name": "Early-Contributor", - "assigned": "2024-06-06" - }, - { - "name": "First-Contribution", - "assigned": "2024-06-06" - }, - { - "name": "Contributor-5", - "assigned": "2025-01-29" - }, - { - "name": "Contributor-10", - "assigned": "2025-02-27" - }, - { - "name": "Contributor-25", - "assigned": "2025-07-11" - }, - { - "name": "First-Review", - "assigned": "2024-07-02" - }, - { - "name": "Reviewer-10", - "assigned": "2024-07-02" - }, - { - "name": "Reviewer-25", - "assigned": "2024-07-02" - }, - { - "name": "Issue-Opener-5", - "assigned": "2024-08-22" - }, - { - "name": "Issue-Opener-10", - "assigned": "2024-08-24" - }, - { - "name": "Issue-Opener-25", - "assigned": "2024-09-25" - }, - { - "name": "Active-Last-7d", - "lastActive": "2026-01-22" - } + { "name": "Lead", "assigned": "2024-06-06" }, + { "name": "Early-Contributor", "assigned": "2024-06-06" }, + { "name": "First-Contribution", "assigned": "2024-06-06" }, + { "name": "Contributor-5", "assigned": "2025-01-29" }, + { "name": "Contributor-10", "assigned": "2025-02-27" }, + { "name": "Contributor-25", "assigned": "2025-07-11" }, + { "name": "First-Review", "assigned": "2024-07-02" }, + { "name": "Reviewer-10", "assigned": "2024-07-02" }, + { "name": "Reviewer-25", "assigned": "2024-07-02" }, + { "name": "Issue-Opener-5", "assigned": "2024-08-22" }, + { "name": "Issue-Opener-10", "assigned": "2024-08-24" }, + { "name": "Issue-Opener-25", "assigned": "2024-09-25" }, + { "name": "Active-Last-7d", "lastActive": "2026-02-10" } ] }, "fredriksvantes": { @@ -77,38 +38,14 @@ "role": "core", "description": "Initial contributor to the Security Frameworks", "badges": [ - { - "name": "Early-Contributor", - "assigned": "2024-06-30" - }, - { - "name": "Core-Contributor", - "assigned": "2024-06-30" - }, - { - "name": "First-Contribution", - "assigned": "2024-06-30" - }, - { - "name": "Contributor-5", - "assigned": "2024-07-02" - }, - { - "name": "Contributor-10", - "assigned": "2024-07-02" - }, - { - "name": "Contributor-25", - "assigned": "2024-07-02" - }, - { - "name": "First-Review", - "assigned": "2024-10-15" - }, - { - "name": "Dormant-90d+", - "lastActive": "2024-10-15" - } + { "name": "Early-Contributor", "assigned": "2024-06-30" }, + { "name": "Core-Contributor", "assigned": "2024-06-30" }, + { "name": "First-Contribution", "assigned": "2024-06-30" }, + { "name": "Contributor-5", "assigned": "2024-07-02" }, + { "name": "Contributor-10", "assigned": "2024-07-02" }, + { "name": "Contributor-25", "assigned": "2024-07-02" }, + { "name": "First-Review", "assigned": "2024-10-15" }, + { "name": "Dormant-90d+", "lastActive": "2024-10-15" } ] }, "zedt3ster": { @@ -123,22 +60,10 @@ "role": "core", "description": "Director. Ethereum enthusiast", "badges": [ - { - "name": "Core-Contributor", - "assigned": "2024-10-02" - }, - { - "name": "Early-Contributor", - "assigned": "2024-10-02" - }, - { - "name": "First-Contribution", - "assigned": "2024-10-02" - }, - { - "name": "First-Review", - "assigned": "2024-10-15" - } + { "name": "Core-Contributor", "assigned": "2024-10-02" }, + { "name": "Early-Contributor", "assigned": "2024-10-02" }, + { "name": "First-Contribution", "assigned": "2024-10-02" }, + { "name": "First-Review", "assigned": "2024-10-15" } ] }, "nftdreww": { @@ -153,22 +78,9 @@ "description": "Steward of Community Management framework", "role": "steward", "badges": [ - { - "name": "Framework-Steward", - "framework": "Community Management" - }, - { - "name": "First-Contribution", - "assigned": "2025-01-29" - }, - { - "name": "First-Review", - "assigned": "2025-12-16" - }, - { - "name": "Active-Last-30d", - "lastActive": "2026-01-13" - } + { "name": "Framework-Steward", "framework": "Community Management" }, + { "name": "First-Contribution", "assigned": "2025-01-29" }, + { "name": "First-Review", "assigned": "2025-12-16" } ] }, "robert": { @@ -183,34 +95,13 @@ "description": "Web dev & fact checking", "role": "core", "badges": [ - { - "name": "Core-Contributor", - "assigned": "2025-03-20" - }, - { - "name": "Early-Contributor", - "assigned": "2024-10-07" - }, - { - "name": "First-Contribution", - "assigned": "2024-10-07" - }, - { - "name": "Contributor-5", - "assigned": "2025-01-09" - }, - { - "name": "Contributor-10", - "assigned": "2025-04-10" - }, - { - "name": "First-Review", - "assigned": "2025-08-11" - }, - { - "name": "Issue-Opener-5", - "assigned": "2025-08-12" - } + { "name": "Core-Contributor", "assigned": "2025-03-20" }, + { "name": "Early-Contributor", "assigned": "2024-10-07" }, + { "name": "First-Contribution", "assigned": "2024-10-07" }, + { "name": "Contributor-5", "assigned": "2025-01-09" }, + { "name": "Contributor-10", "assigned": "2025-04-10" }, + { "name": "First-Review", "assigned": "2025-08-11" }, + { "name": "Issue-Opener-5", "assigned": "2025-08-12" } ] }, "tebayoso": { @@ -225,22 +116,10 @@ "role": "contributor", "description": "Initial implementation of tag filtering", "badges": [ - { - "name": "Early-Contributor", - "assigned": "2024-09-23" - }, - { - "name": "First-Contribution", - "assigned": "2024-09-23" - }, - { - "name": "First-Review", - "assigned": "2024-09-30" - }, - { - "name": "Dormant-90d+", - "lastActive": "2024-09-30" - } + { "name": "Early-Contributor", "assigned": "2024-09-23" }, + { "name": "First-Contribution", "assigned": "2024-09-23" }, + { "name": "First-Review", "assigned": "2024-09-30" }, + { "name": "Dormant-90d+", "lastActive": "2024-09-30" } ] }, "engn33r": { @@ -255,14 +134,8 @@ "role": "contributor", "description": "Signing best practices", "badges": [ - { - "name": "First-Contribution", - "assigned": "2025-03-10" - }, - { - "name": "Dormant-90d+", - "lastActive": "2025-06-18" - } + { "name": "First-Contribution", "assigned": "2025-03-10" }, + { "name": "Dormant-90d+", "lastActive": "2025-06-18" } ] }, "ghadi8": { @@ -277,23 +150,10 @@ "role": "steward", "description": "Steward of ENS framework", "badges": [ - { - "name": "Framework-Steward", - "assigned": "2025-03-29", - "framework": "ENS" - }, - { - "name": "First-Contribution", - "assigned": "2025-05-29" - }, - { - "name": "First-Review", - "assigned": "2025-08-09" - }, - { - "name": "Dormant-90d+", - "lastActive": "2025-08-11" - } + { "name": "Framework-Steward", "assigned": "2025-03-29", "framework": "ENS" }, + { "name": "First-Contribution", "assigned": "2025-05-29" }, + { "name": "First-Review", "assigned": "2025-08-09" }, + { "name": "Dormant-90d+", "lastActive": "2025-08-11" } ] }, "patrickalphac": { @@ -308,23 +168,10 @@ "role": "steward", "description": "Steward of Security Testing framework", "badges": [ - { - "name": "Framework-Steward", - "assigned": "2025-07-15", - "framework": "Security Testing" - }, - { - "name": "First-Contribution", - "assigned": "2025-07-15" - }, - { - "name": "Contributor-5", - "assigned": "2025-07-31" - }, - { - "name": "Dormant-90d+", - "lastActive": "2026-07-31" - } + { "name": "Framework-Steward", "assigned": "2025-07-15", "framework": "Security Testing" }, + { "name": "First-Contribution", "assigned": "2025-07-15" }, + { "name": "Contributor-5", "assigned": "2025-07-31" }, + { "name": "Dormant-90d+", "lastActive": "2026-07-31" } ] }, "pinalikefruit": { @@ -339,19 +186,10 @@ "role": "steward", "description": "Steward of Wallet-Security framework", "badges": [ - { - "name": "Framework-Steward", - "assigned": "2025-07-10", - "framework": "Wallet Security" - }, - { - "name": "First-Contribution", - "assigned": "2025-07-10" - }, - { - "name": "First-Review", - "assigned": "2025-09-25" - } + { "name": "Framework-Steward", "assigned": "2025-07-10", "framework": "Wallet Security" }, + { "name": "First-Contribution", "assigned": "2025-07-10" }, + { "name": "First-Review", "assigned": "2025-09-25" }, + { "name": "Dormant-90d+", "lastActive": "2025-10-27" } ] }, "njelich": { @@ -366,10 +204,7 @@ "role": "contributor", "description": "Frameworks Contributor", "badges": [ - { - "name": "First-Contribution", - "assigned": "2025-10-29" - } + { "name": "First-Contribution", "assigned": "2025-10-29" } ] }, "dickson": { @@ -384,36 +219,14 @@ "role": "steward", "description": "Steward of Safe Harbor & Steward of SEAL Certs", "badges": [ - { - "name": "Framework-Steward", - "assigned": "2025-08-04", - "framework": "Safe Harbor" - }, - { - "name": "Framework-Steward", - "assigned": "2025-12-17", - "framework": "SEAL Certs" - }, - { - "name": "First-Contribution", - "assigned": "2025-08-04" - }, - { - "name": "Contributor-5", - "assigned": "2025-08-18" - }, - { - "name": "Contributor-10", - "assigned": "2025-12-01" - }, - { - "name": "First-Review", - "assigned": "2025-08-11" - }, - { - "name": "Active-Last-7d", - "lastActive": "2026-01-15" - } + { "name": "Framework-Steward", "assigned": "2025-08-04", "framework": "Safe Harbor" }, + { "name": "Framework-Steward", "assigned": "2025-12-17", "framework": "SEAL Certs" }, + { "name": "First-Contribution", "assigned": "2025-08-04" }, + { "name": "Contributor-5", "assigned": "2025-08-18" }, + { "name": "Contributor-10", "assigned": "2025-12-01" }, + { "name": "Contributor-25", "assigned": "2026-02-09" }, + { "name": "First-Review", "assigned": "2025-08-11" }, + { "name": "Active-Last-7d", "lastActive": "2026-02-09" } ] }, "blackbigswan": { @@ -428,14 +241,8 @@ "role": "contributor", "description": "Frameworks Contributor", "badges": [ - { - "name": "First-Contribution", - "assigned": "2025-08-20" - }, - { - "name": "Dormant-90d+", - "lastActive": "2025-09-03" - } + { "name": "First-Contribution", "assigned": "2025-08-20" }, + { "name": "Dormant-90d+", "lastActive": "2025-09-03" } ] }, "yaniv": { @@ -450,14 +257,8 @@ "role": "contributor", "description": "Frameworks Reviewer", "badges": [ - { - "name": "First-Review", - "assigned": "2025-08-08" - }, - { - "name": "Reviewer-10", - "assigned": "2025-08-11" - } + { "name": "First-Review", "assigned": "2025-08-08" }, + { "name": "Reviewer-10", "assigned": "2025-08-11" } ] }, "relotnek": { @@ -472,14 +273,8 @@ "role": "contributor", "description": "Frameworks Contributor", "badges": [ - { - "name": "First-Contribution", - "assigned": "2025-07-15" - }, - { - "name": "Dormant-90d+", - "lastActive": "2025-07-15" - } + { "name": "First-Contribution", "assigned": "2025-07-15" }, + { "name": "Dormant-90d+", "lastActive": "2025-07-15" } ] }, "the-caliber": { @@ -494,14 +289,8 @@ "role": "contributor", "description": "Frameworks Contributor", "badges": [ - { - "name": "First-Contribution", - "assigned": "2025-08-28" - }, - { - "name": "Dormant-90d+", - "lastActive": "2025-10-09" - } + { "name": "First-Contribution", "assigned": "2025-08-28" }, + { "name": "Dormant-90d+", "lastActive": "2025-10-09" } ] }, "SEAL": { @@ -541,7 +330,10 @@ "job_title": "Founder & Engineer", "role": "contributor", "description": "Founder & Engineer", - "badges": [] + "badges": [ + { "name": "First-Contribution", "assigned": "2025-06-02" }, + { "name": "Dormant-90d+", "lastActive": "2025-06-02" } + ] }, "isaac": { "slug": "isaac", @@ -555,11 +347,9 @@ "role": "steward", "description": "SEAL Certs & SEAL Wargames", "badges": [ - { - "name": "Framework-Steward", - "assigned": "2025-12-17", - "framework": "SEAL Certs" - } + { "name": "Framework-Steward", "assigned": "2025-12-17", "framework": "SEAL Certs" }, + { "name": "First-Review", "assigned": "2026-01-26" }, + { "name": "Active-Last-7d", "lastActive": "2026-02-09" } ] }, "geoffrey": { @@ -613,23 +403,10 @@ "role": "steward", "description": "Steward of DNS and Domain Registration Security", "badges": [ - { - "name": "Framework-Steward", - "assigned": "2025-11-06", - "framework": "DNS & Domain Registration Security" - }, - { - "name": "First-Contribution", - "assigned": "2025-11-06" - }, - { - "name": "First-Review", - "assigned": "2025-12-19" - }, - { - "name": "Active-Last-7d", - "lastActive": "2026-01-22" - } + { "name": "Framework-Steward", "assigned": "2025-11-06", "framework": "DNS & Domain Registration Security" }, + { "name": "First-Contribution", "assigned": "2025-11-06" }, + { "name": "First-Review", "assigned": "2025-12-19" }, + { "name": "Active-Last-7d", "lastActive": "2026-01-22" } ] }, "auditware": { @@ -656,42 +433,118 @@ "role": "core", "description": "Security Researcher & SEAL Frameworks Core Team", "badges": [ - { - "name": "Core-Contributor", - "assigned": "2025-08-11" - }, - { - "name": "First-Contribution", - "assigned": "2025-09-18" - }, - { - "name": "Contributor-5", - "assigned": "2025-09-29" - }, - { - "name": "Contributor-10", - "assigned": "2025-10-06" - }, - { - "name": "Contributor-25", - "assigned": "2025-11-15" - }, - { - "name": "First-Review", - "assigned": "2025-08-12" - }, - { - "name": "Reviewer-10", - "assigned": "2025-09-12" - }, - { - "name": "Reviewer-25", - "assigned": "2025-11-10" - }, - { - "name": "Active-Last-7d", - "lastActive": "2026-01-23" - } + { "name": "Core-Contributor", "assigned": "2025-08-11" }, + { "name": "First-Contribution", "assigned": "2025-09-18" }, + { "name": "Contributor-5", "assigned": "2025-09-29" }, + { "name": "Contributor-10", "assigned": "2025-10-06" }, + { "name": "Contributor-25", "assigned": "2025-11-15" }, + { "name": "First-Review", "assigned": "2025-08-12" }, + { "name": "Reviewer-10", "assigned": "2025-09-12" }, + { "name": "Active-Last-7d", "lastActive": "2026-02-10" } + ] + }, + "gunnim": { + "slug": "gunnim", + "name": "gunnim", + "avatar": "https://avatars.githubusercontent.com/gunnim", + "github": "https://github.com/gunnim", + "twitter": null, + "website": null, + "company": null, + "job_title": null, + "role": "contributor", + "description": "Frameworks Contributor", + "badges": [ + { "name": "First-Contribution", "assigned": "2026-01-21" }, + { "name": "Active-Last-30d", "lastActive": "2026-01-22" } + ] + }, + "madjin": { + "slug": "madjin", + "name": "madjin", + "avatar": "https://avatars.githubusercontent.com/madjin", + "github": "https://github.com/madjin", + "twitter": null, + "website": null, + "company": null, + "job_title": null, + "role": "contributor", + "description": "Frameworks Contributor", + "badges": [ + { "name": "First-Contribution", "assigned": "2025-12-16" }, + { "name": "Active-Last-7d", "lastActive": "2026-02-09" } + ] + }, + "monperrus": { + "slug": "monperrus", + "name": "monperrus", + "avatar": "https://avatars.githubusercontent.com/monperrus", + "github": "https://github.com/monperrus", + "twitter": null, + "website": null, + "company": null, + "job_title": null, + "role": "contributor", + "description": "Frameworks Contributor", + "badges": [ + { "name": "First-Contribution", "assigned": "2026-01-21" }, + { "name": "Active-Last-30d", "lastActive": "2026-01-21" } + ] + }, + "munamwasi": { + "slug": "munamwasi", + "name": "munamwasi", + "avatar": "https://avatars.githubusercontent.com/MunamWasi", + "github": "https://github.com/MunamWasi", + "twitter": null, + "website": null, + "company": null, + "job_title": null, + "role": "contributor", + "description": "Frameworks Contributor", + "badges": [ + { "name": "First-Contribution", "assigned": "2026-02-20" } + ] + }, + "jubos": { + "slug": "jubos", + "name": "jubos", + "avatar": "https://avatars.githubusercontent.com/jubos", + "github": "https://github.com/jubos", + "twitter": null, + "website": null, + "company": null, + "job_title": null, + "role": "contributor", + "description": "Frameworks Contributor" + }, + "masterfung": { + "slug": "masterfung", + "name": "masterfung", + "avatar": "https://avatars.githubusercontent.com/masterfung", + "github": "https://github.com/masterfung", + "twitter": null, + "website": null, + "company": null, + "job_title": null, + "role": "contributor", + "description": "Frameworks Contributor" + }, + "smagdali": { + "slug": "smagdali", + "name": "smagdali", + "avatar": "https://avatars.githubusercontent.com/smagdali", + "github": "https://github.com/smagdali", + "twitter": null, + "website": null, + "company": null, + "job_title": null, + "role": "contributor", + "description": "Frameworks Contributor", + "badges": [ + { "name": "First-Contribution", "assigned": "2025-12-03" }, + { "name": "Issue-Opener-5", "assigned": "2026-02-05" }, + { "name": "Active-Last-7d", "lastActive": "2026-02-10" } ] }, "andrew-chang-gu": { From 31ba5d780b019230087980d90cfc1995dfa61eab Mon Sep 17 00:00:00 2001 From: Artemis Date: Mon, 9 Mar 2026 04:39:28 +0000 Subject: [PATCH 11/11] fix: clear andrew-chang-gu avatar (unknown GitHub username) --- docs/pages/config/contributors.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/pages/config/contributors.json b/docs/pages/config/contributors.json index 7bc21e60..834b40a7 100644 --- a/docs/pages/config/contributors.json +++ b/docs/pages/config/contributors.json @@ -550,7 +550,7 @@ "andrew-chang-gu": { "slug": "andrew-chang-gu", "name": "Andrew Chang-Gu", - "avatar": "https://avatars.githubusercontent.com/andrew-chang-gu", + "avatar": "", "github": "", "twitter": "", "website": "",