:: Overview ::
Despite the intrusion of massive surveillance programs like PRISM
mass-use of Stingray
devices, as well as the potential threat of weak to mid-tier
encryption equating to no encryption because of things like Bullrun
, it's still the
case that you may find personal privacy on the internet a priority, or further that
since the state is allowed to see everyone's personal information, that everyone else
should be allowed to see the same information, meaning offensive measures as well as
defensive measures are necessary. Well this is a good starting point for your future
of being put on a government watch list because this page lists a bunch of tools for
educational implementations of fuckery.
Privacy was recognized as a fundamental human right by the Universal Declaration of
in 1948. For information on digital rights, visit the EFF
The defense for anonymity
on Shiichan offers good support for the notion of privacy.
Be wary of dark patterns
, cyber phrenology
, and AI
, show how it is easy and banal
; same with cryptography
Norse's live feed
is linked for realtime attack visualization.
Basic home network security - router
, and Windows security
I used to recommend PGP
and related downloads
), but it's ran into some problems
What OTR fingerprinting
is in general plus downloads
Great sites I use for researching what to show on Snerx - OSCP
, & DD
:: Defense ::
Secure systems and networks.
Due to the nature of centralized or federated systems, it does not matter what kind of
encryption or log policy a service has, they are trust-based systems with central points
of failure. The belief that protocols like XMPP don't leak any valuable metadata (or are
not easily broken by seizing the host server) is a harmful ideation that gets people
regularly killed. The only truly secure systems are decentralized, distributed,
trustless, permissionless, encrypted, free and open systems. I am in the process of
finding robust decen+dist
services for everything in this list and personally no longer
trust systems that are not decen+dist
• The mailchuck gateway through Bitmessage
) is the only truly secure
) for the clearnet that I know of.
, and Keybase
are some secure communication platforms
, and OnionShare
are secure ways to store and share files.
), and ProtectedText
are secure paste services.
) are operating systems that can be placed on and
booted from removable media that also create a secure and trusted end node.
, and Librem
are security-focused cellphone systems (+
, and I2P
are clients for private networks.
is highly questionable
), and does not stop a global passive adversary.
• Don't use a VPN
unless it's Mysterium
, or just cycle IPs
are privacy-ensuring dark currencies.
is a self-destructing
desktop (expensive but works for paranoid people).
for secure password generation and management.
are robust drive encryption tools.
is a robust drive and file nuking tool.
• Debloat Firefox
), use secure addons
), and check your fingerprint
buys and holds domains for you like a WhoIs gaurd.
lets you check if your past email accounts have been compromised.
is a tool for preventing DNS spoofing.
are robust IDS's.
are anti-forensic device whitelisters.
is a tool for determining if system files have been tampered with.
• GNU MAC Changer
are good MAC address spoofers.
are good steganography
• Generate new identitie
), credit cards
, and phone services
are hardware authentication devices, start using them.
is a physical OTP printer; this has myriad uses.
• Learn how physical pen actually happens
) and how to defend against it.
• Security Snobs
is a direct source for Abloy
locks and others
and Silent Pocket
are faraday product manufacturers.
; you should strongly consider getting a concealed carry
:: Misc ::
's and Deviant Ollam
's sites are giant resources for physical sec.
are both pen testing firms with lots of resources.
, shell scripting
, or the basics of hacking with wargames
Cloudflare may potentially be compromised
It's good to know about DNSSEC root key split
and about secret sharing
You can use Shamir's Secret Sharing Scheme
to ensure group efforts on key sharing.
Be lazy, use pentesting cheatsheet
Be faceless, share website logins with BugMeNot
Work on your reverse-engineering skills with Crackmes
You should consider what to do if hardware becomes scarce
If you read this far, here's a little
:: Hardware Insecurity ::
Most of this page is about software exploitation and its mitigation, but
it should be noted that compared to software, computing hardware is
disproportionately proprietary and insecure
. There are plenty of security
issues you can look up for both Intel
architecture and even if
they didn't backdoor their own hardware there are still serious deep-system
vulnerabilities that have no robust solutions no matter what architecture
your hardware uses. In particular, the Rowhammer
, and ZombieLoad
attacks are pretty devastating and do not have any effective patches. The
first two allow for arbitrary privilege escalation and key theft, and
ZombieLoad allows for full-blown remote access and total capture even of
virtual machines running privacy software as the site shows. These exploits
do not care what operating system you run or security software you use.
This should be considered a massive issue with secure computing and
hopefully curbs any enthusiasm you have in thinking you can stop an
intelligence agency from getting what they want out of your computer.
The above applies to mobile phones as well and if that wasn't bad enough,
exploits an old flaw with SIM cards that has allowed, and still
allows, anyone to remotely access and control the majority of cellphones.
:: Offense ::
Threatening classical encryption.
, the world's only commercial manufacturer of quantum computers, has
recently announced their production of a 2,048-qubit computer
for about 2 million United States Dollars. This means all classical
encryption up to 2,048 bits is theoretically arbitrary to break now. Since
most commercial encryption is only 256 bits, most military encryption is
only 512 bits, and most intelligence agency encryption is only 1,024 bits,
it appears that trillions of dollars and all kinds of government,
corporate, and academic secrets are at great threat. This threat will not
go away until encryption techniques catch up.
is an OSINT assistant with similar possible uses as Maltego
• Skiptrace services like BellesLink
provide powerful tracking services.
is an IP address geographical locator.
is the most robust geotag and location tool amalgamator.
scrapper for images.
lookup for domains.
Interdiction and attrition.
are powerful network analyzers.
are robust penetration testing tools.
are login brute-forcers for remote authentication.
• Online Hash Crack
is a cloud-based cracking service.
• GUID Generator
gen's serial numbers for some software.
is a common remote access tool (plus the removal tool
• Dangerous Kitten
's skiddie hackpack is surprisingly comprehensive.
Databases and dumps.
is a large zero-day exploit database.
are the de facto exploit databases.
are large hash databases.
is an IoT exploit search engine / database.
• Device default password database
database for software serial keys.
• The NVD
is a useful tool for investigating known exploits.
• Equation group
• Shadow Brokers
• CIA Vault 7
hacking tools leak.
is a live malware repository, for 'testing' stuff.
is the NSA's very own decompiler; myriad uses.
• Learn to War Drive
, and drop
all kinds of lock
) just like Bosnian Bill
• Key decoding tools
and 3D-printable TSA master keys
• USB Killer
kills laptops at will by simply pluging it in.
• Get a millitary-grade briefcase EMP bomb