ageis
/ Keybase proof
Created
April 4, 2014 02:26
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ### Keybase proof | |
| I hereby claim: | |
| * I am ageis on github. | |
| * I am ageis (https://keybase.io/ageis) on keybase. | |
| * I have a public key whose fingerprint is 2258 6762 C39A 5DFF F7D7 FDC5 5F4F 4788 5921 D69C | |
| To claim this, I am signing this object: |
ageis
/ gist:3b96c48698d94c9c8419
Last active
October 2, 2022 11:32
Making Tor Hidden Services Slightly More Secure
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Andy Greenberg of WIRED reports that the FBI has finally revealed how they allegedly located the server on which Silk Road was hosted, and it didn't require parallel construction. http://www.wired.com/2014/09/the-fbi-finally-says-how-it-legally-pinpointed-silk-roads-server | |
| It was a security fail. | |
| According to FBI agent Christopher Tarbell, as related by Greenberg: "They found a misconfiguration in an element of the Silk Road login page, which revealed its internet protocol (IP) address and thus its physical location... And when they entered that IP address directly into a browser, the Silk Road's CAPTCHA prompt appeared." | |
| While I can only speculate about what gave away the IP address, here's a few suggestions for avoiding the latter problem, which should make your .onions slightly more secure. | |
| First off, the webserver never should have responded to HTTP requests on the server's IP address. Only traffic which comes through the Tor hidden service, which connects to the webserver's port 80 on the loopback in |
ageis
/ keybase.md
Created
April 2, 2015 11:36
I hereby claim:
- I am ageis on github.
- I am ageis (https://keybase.io/ageis) on keybase.
- I have a public key whose fingerprint is 2C84 664F 26AA E27B AD57 90FD B604 C32A D5D7 C6D8
To claim this, I am signing this object:
ageis
/ grsec-debian-digitalocean.md
Last active
October 17, 2021 00:54
It's possible to run a custom (instead of hypervisor-managed) kernel for use with Debian 8.x on a DigitalOcean droplet.
We'll build one with grsecurity, "an extensive security enhancement to the Linux kernel that defends against a wide range of security threats through intelligent access control, memory corruption-based exploit prevention, and a host of other system hardening".
Note: The stable patches for Linux 3.14.x and 3.2.x are not publicly available anymore, so we'll be applying the free 4.3.x (test) patch. The URLs and filenames in this document may become outdated, so fetch the latest from grsecurity.net and kernel.org.
Install dependencies:
ageis
/ grsec.conf
Created
January 21, 2016 20:25
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Address Space Protection | |
| # Disable privileged io: iopl(2) and ioperm(2) | |
| # Warning: Xorg without modesetting needs it to be 0 | |
| kernel.grsecurity.disable_priv_io = 1 | |
| kernel.grsecurity.deter_bruteforce = 1 | |
| kernel.grsecurity.deny_new_usb = 0 | |
| kernel.grsecurity.harden_ipc = 1 | |
| ## Filesystem Protections |
ageis
/ Generating stronger DH parameters for nginx
Last active
December 10, 2023 13:55
— forked from plentz/nginx.conf
Generating stronger DH parameters for nginx's SSL
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # run in the terminal, then set as ssl_dhparam in nginx.conf | |
| openssl dhparam -out /etc/nginx/ssl/dhparam.pem 4096 |
ageis
/ pgpgrep.py
Created
December 20, 2016 22:37
Mass-decrypt PGP messages in Thunderbird folders for CLI-based email searchability
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python3 | |
| # -*- coding: utf-8 -*- | |
| import sys | |
| import subprocess | |
| import argparse | |
| import re | |
| import mailbox | |
| import email.utils | |
| import os |
ageis
/ systemd_service_hardening.md
Last active
April 19, 2024 23:47
Options for hardening systemd service units
ageis
/ smartcard-reset.txt
Created
August 25, 2017 20:48
Raw hex gpg-agent commands to reset OpenPGP smartcard(s) to factory defaults
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /hex | |
| scd serialno | |
| scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40 | |
| scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40 | |
| scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40 | |
| scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40 | |
| scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40 | |
| scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40 | |
| scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40 | |
| scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40 |
OlderNewer