Category: Uncategorized

  • Encrypted Pastebin PoC

    === Tuhimunatanga === Tangata Haututu: @te_taipo Herenga PHP: 7.2 Tenei Putanga: 1.0.0 Raihana: GPLv2 Paewhakaata o te Raihana: He whakaaturanga o tetehi whakapiri hei haumaru papatono-taupangatanga Mihi atu nei ki a Karaitiana Taiuru mo tona papakupu o nga kupu aa-kaupapa Maori, o te rorohiko me te paapaaho paapori: == Whakaaturanga == Ahuatanga […]

  • Twitter Abuse Blocklist

    Archived here: This began as an experiment to see how blocking the follow list of a known racist troll would affect their ability to amplify their attacks out to their wider network. The user in question (account now suspended) was @MaorisN. After scraping the Twitter IDs of the followers list, these accounts were first […]

  • Defeating fingerprinting scanning of onion websites running WordPress:

    This is not a discussion about detecting if a TorHS website has WordPress installed, but rather about tricking attackers that scan your website into moving along, nothing interesting here. For starters, if you are running multiple onion websites on a single webserver (and my recommendation is that you do not do this, use one website […]

  • Hokioi Security OPSEC practices

    —–BEGIN PGP SIGNED MESSAGE—– Hash: SHA256 Hardware Security: Hard drives are encrypted with unique pass phrases Servers protected by pfSense hardware firewalls Operating Systems: Client OS: TAILS TAILS USBs are destroyed regularly with a grinder and ‘soaked’ Communications Security: All client contacts via encrypted and anomymous platforms ( see ) Information Security: Pass phrases […]

  • Mitigating Jackhammer 1.2 website traumatising tool styled attacks

    —–BEGIN PGP SIGNED MESSAGE—– Hash: SHA256 What is Jackhammer 1.2? Jackhammer 1.2 ( sometimes called Jackhammer 2.0 ) was developed in 2003 by Mike Parniak ( Archon ) from TheBlackHand / Cafe Counterintelligence in response to CCISecurity script he released that blocked attacks from Jackhammer 1.0 Jackhammer is a MS Windows only, layer 7 attack […]

  • Further security considerations when hosting a SecureDrop or Globaleaks server

    —–BEGIN PGP SIGNED MESSAGE—– Hash: SHA256 If you are a journalist organisation with a central office situated in a country that respects the role of journalists, then you may quite comfortably run a SecureDrop or Globaleaks server within the offices of your organisation and depend on journalistic privilege preventing governments from entering your offices and […]

  • Choosing the right secure submission system for your organisation

    —–BEGIN PGP SIGNED MESSAGE—– Hash: SHA256 To begin, first read @yawnbox’s excellent piece on this. Choosing which secure source submission platform is right for you. I want to add some additional thoughts on the differences ( while hopefully not regurgitating too much of what has already been covered by @yawnbox ) SecureDrop SecureDrop in my […]

  • Tor network friendly hammer for rotten onions

    —–BEGIN PGP SIGNED MESSAGE—– Hash: SHA256 Quick Rationale: Tor Hidden Services ( TorHS ) allows for users of Tor to host their services/websites in such a way that it is very hard to track the hosting location and even to attack them where necessary. This website for example is run on a TorHS hosted webserver […]

  • My Analysis of the Rawshark Hack of Cameron Slater’s Communications

    —–BEGIN PGP SIGNED MESSAGE—– Hash: SHA256 What I want to discuss here is the attack on the WhaleOil communications network which resulted in a large cache of emails and attachments becoming the centrepiece of Nicky Hager’s book Dirty Politics. I hope that you the readers, bloggers and users of online services will learn from the mistakes […]

  • How to securely leak information to a SecureDrop or GlobaLeaks whistleblower platform

    —–BEGIN PGP SIGNED MESSAGE—– Hash: SHA256 Your number one priority in sharing truth is to preserve your anonymity. Highly secure platforms for secure disclosure of information like SecureDrop and GlobaLeaks go as far as technically possible to protect your identity and to protect the transfer and dissemination of your information to the world. However you […]

  • Maori Diceware [POC]


  • Configuring A Hidden Service on Ubuntu Server

    —–BEGIN PGP SIGNED MESSAGE—– Hash: SHA256 A) Ubuntu Server: 1 Go to 1.1 Download Ubuntu Server and install. 1.2 Configure Networking 1.3 Update sudo apt-get update sudo apt-get upgrade -y 2 Extra Security 2.1 Install the following: sudo apt-get install ufw chkrootkit rkhunter 2.2 Configure ufw ( Uncomplicated Firewall ) sudo ufw default deny […]