Resources
Operational-security guides
A growing library of 18 practical guides: device hardening, wallets and keys, infrastructure, authentication, incident response, communications, and physical security. Read online, or download the Oak-branded PDF where available.
Devices
Devices
Hardened baseline configurations for the machines your team uses every day.
macOS Security Setup Guide for Web3 Teams
A self-service baseline that works without MDM
Linux Security Setup Guide for Web3 Teams
A self-service baseline that works without device management
Windows Security Setup Guide for Web3 Teams
A self-service baseline that works without device management
Mobile Device Security Setup Guide for Web3 Teams
Securing the phone: authenticators, passkeys, wallets, and sessions
Wallets & Keys
Wallets & Keys
From browser signing hygiene to hardware wallet onboarding and Safe treasury operations.
Browser and Wallet Hardening Guide for Web3 Teams
Securing the highest-traffic Web3 attack surface: the browser and the signer
Hardware Wallet and Signing Device Setup Guide for Web3 Teams
Generating, protecting, and operating hardware signers
Multisig Treasury Operations Setup Guide for Web3 Teams
Designing and operating a Safe multisig without blind-signing
Infrastructure
Infrastructure
Secrets, pipelines, deploy keys, domain integrity, and cloud key management.
GitHub Organization and CI/CD Hardening Guide for Web3 Teams
Locking down source control, secrets, and the release pipeline
Cloud Account and Key Management Hardening Guide for Web3 Teams
Root accounts, IAM, secrets, and KMS for production and signing
Domain, DNS, and Frontend Integrity Setup Guide for Web3 Teams
Protecting the registrar, DNS, and the dApp frontend from hijack
People & Access
People & Access
Authentication, access lifecycle, and defending against social engineering.
Authentication Hardening Guide for Web3 Teams
Phishing-resistant MFA, passkeys, and the recovery paths that defeat them
Team Onboarding and Offboarding Security Guide
Granting least-privilege access on join and revoking it completely on exit
Social Engineering and Phishing Defence Guide
Breaking the targeted-attack kill chain before it reaches the ask
Operations
Operations
Running securely day to day: incident response, communications, and physical safety.
Incident Response Playbook for Web3 Teams
Compressing the time between something is wrong and the right person acting
Communication Security Guide for Web3 Teams
Choosing channels by sensitivity, hardening the ones you use, and confirming out-of-band
Travel and Physical Security Guide for Web3 Teams
Defending bodies, not just bytes: wrench attacks, doxxing, duress planning, and the first 30 minutes
Architecture
Architecture
Foundational models that shape every other decision: zero trust and secrets handling.
Zero Trust Architecture: An Introduction for Web3 Teams
Why the perimeter died, what zero trust actually is, and where to start
Secrets Management Guide for Web3 Teams
Storing, distributing, rotating, and detecting the secrets behind your stack
Have a question?
The OpSec Agent answers operational-security questions from Oak's knowledgebase.
Ask the OpSec Agent