Merge from develop (#85)

* add SEAL logo as favicon

* docs: Update README ##pull-requests

* fix: Fix typo

* fix: typos in pr_template

* feat: improved tag generation

* feat: Update tag display system

* Sort tags alphabetically

* Remove "Selected Articles"

* When a tag is displayed, only show articles matching the tag

* Fixed CSS on tags-dropdown

* feat: remove duplicate code & document methods

* Functionality remains, as far as I can tell, the same.  I mostly just removed a few duplicate methods related to tagsList and added documentation to make the code easier for new readers.

* refactor: move JS and CSS to seperate files

* style: Added margin around page-tags

* refactor: Extract tag initialization logic into seperate methods

* fix: announcement-stripe overflowing at lower horizontal resolutions

Also fixed layering issue due to background transparency

* feat: implemented AND selection for tags.

The code for OR selection was just commented out since I'm not sure if others actually wanted this, or if it was just me.  Can be reverted if so desired.

* feat: remove HTML styling on tag-search

Better to have all styles in the .css file

* Updating wordlist.txt and some markdown linting fixes

* Jump of line fix in README

* Updating wordlist

* Adding a few more words to wordlist.txt

* feat: Bookmarks (#83)

* feat: add bookmarked to tags filtering

* revert: remove bookmarked section from ToC

I don't like how it looks & think being able to filter by bookmarked is probably sufficient.  Slightly harder to learn, but once you do learn it's just as easy and has more features.

* fix: Fix bug where deselcting tags removes all filters

* fix: refresh sidebar when bookmarking

Updates the sidebar links when filtering by Bookmarked

---------

Co-authored-by: Mehdi Zerouali <[email protected]>
Co-authored-by: Robert MacWha <[email protected]>
Co-authored-by: Fredrik Svantes <[email protected]>

.github/PULL_REQUEST_TEMPLATE.md

@@ -1,13 +1,13 @@
 ## Frameworks PR Checklist
 
-Thank you for contributing to the Security Frameworks! Before you open a PR, make sure to read [information for contributors](https://framework.securityalliance.org/book/contribute/contribute.html) and take a look at following checklist:
+Thank you for contributing to the Security Frameworks! Before you open a PR, make sure to read [information for contributors](https://framework.securityalliance.org/book/contribute/contribute.html) and take a look at the following checklist:
 
 - [ ] Describe your changes, substitute this text with the information
-- [ ] If you are touching an existing piece of content, ask the original creator for review 
+- [ ] If you are touching an existing piece of content, ask the original creator for review
 - [ ] If you need feedback for your content from wider community, share the PR in our Discord
-- [ ] Review changes to ensure there are no typos, see instructions bellow
+- [ ] Review changes to ensure there are no typos, see instructions below
 
-<!-- 
+<!--
 ℹ️ Checking for typos locally
 1. Install [aspell](https://www.gnu.org/software/aspell/) for your platform.
 2. Navigate to the project root and run:

README.md

@@ -1,4 +1,5 @@
 # Security Frameworks content repository
+
 Official repository to the Security Frameworks by SEAL. This repository contains the entire
 structure and contents of the frameworks. Feel free to suggest from new categories to grammar
 corrections. Collaboration is open to everyone. **This is a work in progress.**
@@ -11,50 +12,55 @@ Production will be at [frameworks.securityalliance.org](https://frameworks.secur
 but not yet available.
 
 ## Quick installation and local setup
+
 1. `gh repo clone security-alliance/frameworks`
 2. `git checkout develop`
 3. `cargo install mdbook mdbook-admonish mdbook-catppuccin`
 4. `./serve.sh`
 
 ## Collaboration
-There are currently two ways to collaborate. The first one is by logging from your vercel account
+
+There are currently two ways to collaborate. The first one is by logging from your Vercel account
 and commenting directly on the deployed version of the book, and the second one is by forking the
 repository and creating a pull request.
 
 ### Comments
+
 To comment on the live version of the book under development, you will need to log in to your Vercel account. Please visit [this link](https://frameworks-git-develop-seal-frameworks.vercel.app/?_vercel_share=zOI0Q3riUfDv1Lq1IylFz2hXQzYPcmLp), which includes a read access token. A floating window will appear at the bottom, and you'll be ready to go.
 
 ### Pull requests
+
 1. Fork the repository. Click on the "Fork" button at the top right corner of the page.
 2. Clone the forked repository to your local machine. Open your terminal or command prompt.
 `git clone https://github.com/your-username/frameworks.git`
-1. Make sure you're in the develop branch first.
+3. Make sure you're in the develop branch first.
 `git checkout develop`
-2. Inside the folder create a new branch based on `develop`.
+4. Inside the folder create a new branch based on `develop`.
 `git checkout -b develop`
-1. Make your changes.
-2. Make sure your changes don't break anything by testing it in the local setup (see above).
+5. Make your changes.
+6. Make sure your changes don't break anything by testing it in the local setup (see above).
 `./serve.sh`.
-1. Commit your changes.
+7. Commit your changes.
 `git add .`
-1. Commit the changes with a descriptive message:
+8. Commit the changes with a descriptive message:
 `git commit -m "Fixing typos and improving readability on XXX section"`
-1. Push the changes to your forked repository.
+9. Push the changes to your forked repository.
 `git push origin develop`
-1. Create a pull request. Go to your forked repository on GitHub. You should see a "Compare & pull
+10. Create a pull request. Go to your forked repository on GitHub. You should see a "Compare & pull
    request" button. Click on it. Provide a descriptive title and description for your pull request.
-2. Click on the "Create pull request" button.
-3.  Wait for review. Once your pull request is approved, and no more changes are needed, we will
+11. Click on the "Create pull request" button.
+12. Wait for review. Once your pull request is approved, and no more changes are needed, we will
     merge it into the main repository.
-4.  Congratulations! Your changes are now part of the security frameworks!
+13. Congratulations! Your changes are now part of the security frameworks!
+
+## Editor area
 
-# Editor area
 Editors merge PRs and push suggestions to the main branch which will be reflected on the live book.
+
 1. `git checkout main`
 2. `git fetch origin develop`
 3. `git merge origin/develop`
 4. Manually merge files, solve conflicts and add a description.
 
-## caveats
 - Using the `serve.sh` script instead of mdBook `serve` command is needed to be able to see properly
-  the local deployment.
+  the local deployment.

book.toml

@@ -18,7 +18,7 @@ assets_version = "2.1.0" # DO NOT EDIT: Managed by `mdbook-catppuccin install`
 
 [output.html]
 additional-css = ["./theme/catppuccin.css", "./theme/catppuccin-admonish.css", "./mdbook-admonish.css", "./theme/custom.css"]
-additional-js = ["./theme/tagsindex.json", "./theme/tagscolors.json"]
+additional-js = ["./theme/tagsindex.json", "./theme/tagscolors.json", "./theme/main.js"]
 template-path = "theme"
 copy-images = true
 default-theme = "navy"

src/awareness/security-training.md

@@ -4,7 +4,6 @@ tag: [Security Specialist, Operations & Strategy, HR]
 
 All team members should receive some type of security training, however how in-depth this training is depends on their specific needs and what type of access they have. It is important to not do this only once, but to keep it as a recurring activity, however a training session does not need to mean sitting down for 60 minutes to look at a power point presentation but rather could be tiny nuggets of relevant information that doesn't take more than a minute to consume each time.
 
-
 ## Security Training Session
 
 As an introductory and overarching training session, this could be done:
@@ -22,7 +21,7 @@ As an introductory and overarching training session, this could be done:
 ### 3. Two-Factor Authentication (2FA)
 
 - **Enabling 2FA**: Explain why it's important to enable 2FA.
-- **Types of 2FA**: Explain the different types of 2FA, including SMS, authenticator apps, and hardware tokens. Each of these have their strenghts and weaknesses which should be explained (and especially why nobody should be using SMS for 2FA).
+- **Types of 2FA**: Explain the different types of 2FA, including SMS, authenticator apps, and hardware tokens. Each of these have their strengths and weaknesses which should be explained (and especially why nobody should be using SMS for 2FA).
 
 ### 4. Secure Communication
 

src/awareness/staying-up-to-date.md

@@ -15,4 +15,4 @@ It is often very valuable to have information on the latest security threats and
 
 ## 3. Follow Security Blogs and Podcasts
 
-- **Social Feeds**: Follow blogs and listen to podcasts such as the Daily Stormcast from FIRST.org or darknet diaries to gain deeper insights into emerging threats and solutions.
+- **Social Feeds**: Follow blogs and listen to podcasts such as the Daily Stormcast from FIRST.org or Darknet Diaries to gain deeper insights into emerging threats and solutions.

src/community-management/discord.md

@@ -6,190 +6,227 @@ Discord has a large set of security settings to take into consideration, as well
 Below, you can find some hardening suggestions when setting up a Discord server.
 
 ## Discord Server Hardening
-### Server Settings:
+
+### Server Settings
 
 a) **Enable 2FA Requirement for Moderation**
+
 - Go to Server Settings > Safety Setup > Moderation
 - Toggle on "Require 2FA for moderation"
 - This ensures all moderators have an extra layer of security
 - Protects your server if a moderator's account is compromised
 
 b) **Set Appropriate Verification Level**
+
 - Go to Server Settings > Safety Setup > Verification Level
 - Choose from: None, Low, Medium, High, Highest
 - Recommended: "High" for public servers (requires verified email and server membership for 10 minutes before messaging)
 - Higher levels protect against spammers and raids
 
 c) **Enable Explicit Content Filter**
+
 - Go to Server Settings > Safety Setup > Content Filter
 - Set to "Scan messages from all members"
 - This automatically blocks messages containing explicit images in non-age-restricted channels
 - Age-restricted channels are exempt from this filter
 
-### Roles and Permissions:
+### Roles and Permissions
 
 a) **Implement Role Hierarchy**
+
 - Go to Server Settings > Roles
 - Create roles like: Admin, Moderator, Trusted Member, Member, New Member
 - Drag to reorder; higher roles override lower roles
 - Restructure the role hierarchy by dragging roles higher or lower in the roles list
 
 b) **Restrict Administrative Permissions**
+
 - For each role, carefully review the 32 available permissions
 - Key permissions to restrict: Administrator, Manage Server, Manage Roles, Manage Channels
 - Never give Admin or Kick permissions to anyone you don't fully trust
 - Good permissions for moderators: Manage Channels, Manage Roles, Manage Messages, Ban Members, Delete Messages
 - Good permissions for members: View Channels, Create Invite, Send Messages, Read Message History, Connect, Speak & Use Voice Activity
 
 c) **Use Channel-Specific Permissions**
+
 - Right-click on a channel > Edit Channel > Permissions
 - Set custom permissions for roles or members in specific channels
 
 d) **Use the "View Server as Role" Feature**
+
 - Go to Server Settings > Roles > Select a role > View Server as Role
 - This allows you to see what members with a certain role can see and access
 
-### Moderation:
+### Moderation
 
 a) **Set Up Auto-Moderation Rules**
+
 - Go to Server Settings > AutoMod
 - Set up rules for: Spam, Harmful Links, Mention Spam, Inappropriate Words
 - Configure custom keyword filters and exempted roles
 - Customize the response to spam, like blocking the message, sending an alert, or timing out the member
 - Allow certain roles to bypass the spam filter if needed
 
-b) **Configure Timeout Durations**
+b) **Configure Timeout Duration**
+
 - Go to Server Settings > Safety Setup > Timeout
 - Set default duration (e.g., 60 minutes)
 - Educate moderators on using timeouts effectively
 
 c) **Establish Clear Server Rules**
+
 - Create a #rules channel
 - Use Discord's built-in rules screening feature
 - Include sections on: Behavior, Content, Moderation Actions, Appeals Process
 
-### Bots:
+### Bots
 
 a) **Audit Bot Permissions**
+
 - Go to Server Settings > Integrations
 - Review each bot's permissions
 - Remove unnecessary permissions
 
 b) **Remove Unnecessary Bots**
+
 - Uninstall any bots that aren't actively used or needed
 
 c) **Implement Security/Moderation Bots**
+
 - Consider bots like:
   - MEE6 for auto-moderation and leveling
   - Dyno for advanced moderation and logging
   - Carl-bot for reaction roles and custom commands
 
-### Channels:
+### Channels
 
 a) **Organize Channels Logically**
+
 - Use categories to group related channels
 - Suggested categories: Information, General, Voice Channels, Topic-Specific
 
 b) **Set Slow Mode Where Needed**
+
 - Channel Settings > Overview > Slow Mode
 - Set appropriate cooldown (e.g., 5-30 seconds) for busy channels
 
 c) **Use Age-Restricted Channels Appropriately**
+
 - Channel Settings > Overview > Age-Restricted Channel
 - Enable for channels with mature content
 
-### Invites:
+### Invites
 
 a) **Disable Permanent Invites**
+
 - Server Settings > Invites
-- Uncheck "Allow anyone with administrative permissions to create invites"
+- Un-check "Allow anyone with administrative permissions to create invites"
 
 b) **Set Invite Expiration and Usage Limits**
+
 - When creating an invite: Set "Expire After" and "Max Number of Uses"
 - Recommended: 24 hours expiration, 50-100 uses
 
 c) **Regularly Audit Active Invites**
+
 - Server Settings > Invites
 - Review and delete unnecessary or old invites
 
-### Member Screening:
+### Member Screening
 
 a) **Enable Membership Screening**
+
 - Server Settings > Safety Setup > Membership Screening
 - Toggle on "Enable Membership Screening"
 
 b) **Set Up Screening Questionnaire**
+
 - Add questions about server rules, age verification, etc.
 - Require members to agree to rules before joining
 
 c) **Set Up Membership Requirements**
+
 - Require users to react to a message or post an introduction
 - This helps filter out bots and spam accounts from joining
 
-### Logging:
+### Logging
 
 a) **Enable Audit Logs**
+
 - Ensure admin/mod roles have "View Audit Log" permission
 
 b) **Set Up a Private Logging Channel**
+
 - Create a private channel visible only to admins/mods
 - Use a logging bot like Logger or Dyno to send detailed logs
 
-### Regular Reviews:
+### Regular Reviews
 
 a) **Conduct Periodic Permission Audits**
+
 - Monthly: Review all role permissions
 - Use a spreadsheet to track changes and justifications
 
 b) **Review and Update Server Rules**
+
 - Quarterly: Assess if rules need updating
 - Announce any changes in a dedicated announcements channel
 
 c) **Check for Unused Channels/Roles**
+
 - Bi-annually: Delete or archive inactive channels
 - Remove roles that are no longer needed
 
-### Cold Admin Accounts:
+### Cold Admin Accounts
 
 a) **Set Up a "Cold" Admin Account**
+
 - Create a new account on a separate device never used for chatting or clicking links
 - This account is highly resistant to phishing and provides an extra layer of security for the server owner
 
 b) **Secure the Cold Account**
+
 - Create a new email account for the cold account
 - Factory reset the device used for this account
 
 c) **Use the Cold Account for Critical Actions**
+
 - Manage bots, modify server settings, and respond to compromises
 - Never use this account for regular server activities
 
-### Additional Security Measures:
+### Additional Security Measures
 
 a) **Verification Systems**
+
 - Implement a verification bot like Wick or Captcha.bot
 - Require users to complete a captcha or react to a message before accessing the server
 
 b) **Raid Protection**
+
 - Use anti-raid bots like Wick or Dyno
-- Configure automatic lockdown settings for suspicious activity
+- Configure automatic lock-down settings for suspicious activity
 
 c) **Privacy Settings**
+
 - Server Settings > Privacy Settings
 - Disable "Allow direct messages from server members"
 
 d) **Integration Whitelisting**
+
 - Server Settings > Integrations > Allow new integrations to be added by:
 - Set to "Only Administrators" to prevent unauthorized bot additions
 
 e) **Server Insights**
+
 - Enable Server Insights for detailed analytics
 - Use this data to inform moderation strategies and server improvements
 
 f) **Backup Systems**
+
 - Use a bot like ServerBackup to regularly backup your server configuration
 - Store backups securely off-platform
 
-
 ## Additional Resources
+
 - [Securing Your Server - Discord](https://discord.com/community/securing-your-server)
 - [Four Steps for a Super Safe Server - Discord](https://discord.com/safety/360043653152-four-steps-to-a-super-safe-server)

src/community-management/telegram.md

@@ -1,7 +1,7 @@
 # Telegram Security
 tag: [Community & Marketing]
 
-Telegram, in its default mode, is actually not providing end-to-end encryption between users. If it's important to have end-to-end encryption, using a messenger suc has [Signal](https://signal.org/) should be used instead. With that said, Telegram is popular in the crypto ecosystem, and as such you can find some best practices below when it comes to securing Telegram.
+Telegram, in its default mode, is actually not providing end-to-end encryption between users. If it's important to have end-to-end encryption, using a messenger such has [Signal](https://signal.org/) should be used instead. With that said, Telegram is popular in the crypto ecosystem, and as such you can find some best practices below when it comes to securing Telegram.
 
 ## Standard Security
 
@@ -11,7 +11,7 @@ Telegram might require you to sign up using a phone number, but you can also set
 
 ![*Logging in with 2FA enabled*](https://prod-files-secure.s3.us-west-2.amazonaws.com/b1d29658-a003-4e92-93b6-241efdd083f6/c9d574e8-1ad9-4aad-a93f-e33bce31581b/Screen_Shot_2023-11-29_at_23.17.33.png)
 
-*Logging in with 2FA enabled*
+**Logging in with 2FA enabled**
 
 1. Go to Settings > Privacy and Security > Two-Step Verification
 2. Select a password and recovery email (and save it in your password manager)