logo Internet Trench Warfare -- Updated 2021/7/14
Back to Snerx -- Contact us on our official Discord. ______________________________________________________________________________________
:: Overview :: Despite the intrusion of massive surveillance programs like PRISM and DCSNet, the mass-use of Stingray devices, as well as the potential threat of weak to mid-tier encryption equating to no encryption because of things like Bullrun, it's still the case that you may find personal privacy on the internet a priority, or further that since the state is allowed to see everyone's personal information, that everyone else should be allowed to see the same information, meaning offensive measures as well as defensive measures are necessary. Well this is a good starting point for your future of being put on a government watch list because this page lists a bunch of tools for educational implementations of fuckery. Privacy was recognized as a fundamental human right by the Universal Declaration of Human Rights in 1948. For information on digital rights, visit the EFF or FSF. The defense for anonymity on Shiichan offers good support for the notion of privacy. Be wary of dark patterns, cyber phrenology, and AI & DNA surveillance methods. Demystify hacking, show how it is easy and banal; same with cryptography. Norse's live feed is linked for realtime attack visualization. Basic home network security - router, ports, and Windows security. I used to recommend PGP and related downloads (+, +), but it's ran into some problems. What OTR fingerprinting is in general plus downloads. Great sites I use for researching what to show on Snerx - OSCP, TOPS, & DD. :: Hardware Insecurity :: Most of this page is about software exploitation and its mitigation, but it should be noted that compared to software, computing hardware is disproportionately proprietary and insecure. There are plenty of security issues you can look up for both Intel and AMD architecture and even if they didn't backdoor their own hardware there are still serious deep-system vulnerabilities that have no robust solutions no matter what architecture your hardware uses. In particular, the Rowhammer, RAMBleed, and ZombieLoad attacks are pretty devastating and do not have any effective patches. The first two allow for arbitrary privilege escalation and key theft, and ZombieLoad allows for full-blown remote access and total capture even of virtual machines running privacy software as the site shows. These exploits do not care what operating system you run or security software you use. This should be considered a massive issue with secure computing and hopefully curbs any enthusiasm you have in thinking you can stop an intelligence agency from getting what they want out of your computer. The above applies to mobile phones as well and if that wasn't bad enough, Simjacker exploits an old flaw with SIM cards that has allowed, and still allows, anyone to remotely access and control the majority of cellphones. :: Misc :: Schuyler Towne's and Deviant Ollam's sites are giant resources for physical sec. Black Hills and Grimm are both pen testing firms with lots of resources. Learn programming, shell scripting, or the basics of hacking with wargames. Cloudflare may potentially be compromised. It's good to know about DNSSEC root key split and about secret sharing in general. You can use Shamir's Secret Sharing Scheme to ensure group efforts on key sharing. Be lazy, use pentesting cheatsheet(s). Be faceless, share website logins with BugMeNot/Login2. Work on your reverse-engineering skills with Crackmes. You should consider what to do if hardware becomes scarce. Slingcode is self-contained app deployment through a single HTML file. If you read this far, here's a little something special for you.