:: Overview ::
Despite the intrusion of massive surveillance programs like PRISM
mass-use of Stingray
devices, as well as the potential threat of weak to mid-tier
encryption equating to no encryption because of things like Bullrun
, it's still the
case that you may find personal privacy on the internet a priority, or further that
since the state is allowed to see everyone's personal information, that everyone else
should be allowed to see the same information, meaning offensive measures as well as
defensive measures are necessary. Well this is a good starting point for your future
of being put on a government watch list because this page lists a bunch of tools for
educational implementations of fuckery.
Privacy was recognized as a fundamental human right by the Universal Declaration of
in 1948. For information on digital rights, visit the EFF
The defense for anonymity
on Shiichan offers good support for the notion of privacy.
Be wary of dark patterns
, cyber phrenology
, and AI
, show how it is easy and banal
; same with cryptography
Norse's live feed
is linked for realtime attack visualization.
Basic home network security - router
, and Windows security
I used to recommend PGP
and related downloads
), but it's ran into some problems
What OTR fingerprinting
is in general plus downloads
Great sites I use for researching what to show on Snerx - OSCP
, & DD
:: Hardware Insecurity ::
Most of this page is about software exploitation and its mitigation, but
it should be noted that compared to software, computing hardware is
disproportionately proprietary and insecure
. There are plenty of security
issues you can look up for both Intel
architecture and even if
they didn't backdoor their own hardware there are still serious deep-system
vulnerabilities that have no robust solutions no matter what architecture
your hardware uses. In particular, the Rowhammer
, and ZombieLoad
attacks are pretty devastating and do not have any effective patches. The
first two allow for arbitrary privilege escalation and key theft, and
ZombieLoad allows for full-blown remote access and total capture even of
virtual machines running privacy software as the site shows. These exploits
do not care what operating system you run or security software you use.
This should be considered a massive issue with secure computing and
hopefully curbs any enthusiasm you have in thinking you can stop an
intelligence agency from getting what they want out of your computer.
The above applies to mobile phones as well and if that wasn't bad enough,
exploits an old flaw with SIM cards that has allowed, and still
allows, anyone to remotely access and control the majority of cellphones.
:: Misc ::
's and Deviant Ollam
's sites are giant resources for physical sec.
are both pen testing firms with lots of resources.
, shell scripting
, or the basics of hacking with wargames
Cloudflare may potentially be compromised
It's good to know about DNSSEC root key split
and about secret sharing
You can use Shamir's Secret Sharing Scheme
to ensure group efforts on key sharing.
Be lazy, use pentesting cheatsheet
Be faceless, share website logins with BugMeNot
Work on your reverse-engineering skills with Crackmes
You should consider what to do if hardware becomes scarce
is self-contained app deployment through a single HTML file.
If you read this far, here's a little