Hello friends, this is the first of two, possibly three (if and when I have time to finish the Windows research) writeups. We will start with targeting GNU/Linux systems with an RCE.

This is a maintained technical guide that aims to provide introduction to various online tracking techniques, online id verification techniques and guidance to creating and maintaining (truly) anonymous online identities including social media accounts safely and legally. No pre-requisites besides English reading are required.

You've possibly just found out you're in a data breach. The organisation involved may have contacted you and advised your password was exposed but fortunately, they encrypted it. But you should change it anyway. Huh? Isn't the whole point of encryption that it protects data when exposed to unintended parties?

No, there hasn’t been any new vulnerability found in SSH, nor am I denying the usefulness of SSH as a building block in the dev toolchain. This article is about why you shouldn’t be (and how you can avoid) using raw SSH sessions for development work.

In summary, how the author discovered screen, tmux, etc.

How to poison phishing sites with fake data.

So you want to learn how to secure WordPress. Congratulations! You are in good company and this post will show you all the right steps!

GNU's framework for secure p2p networking

We’re excited to announce the release of Teleport 4.3 - new UI, API driven, expanded audit capabilities, and still open source.

Maersk is the world’s largest integrated shipping and container logistics company. I was massively privileged (no pun intended) to be their Identity & Access Management (IAM) Subject Matter Expert (SME), and later IAM Service Owner. Along with tens (if not hundreds) of others, I played a role in the recovery and cybersecurity response to the […]

With zero trust, you assume everything on the network is unsafe. You have to check trust explicitly. This stance improves security throughout the SDLC.

Many of us use password managers to securely store our many unique passwords. A critical part of a password manager is the master password. This password protects all others, and in that way, it is a risk. Anyone who has it can pretend to be you… anywhere! Naturally, you keep your master password hard to guess, commit it to memory, and do all the other things you are supposed to do.

Worried about the security of your Linux server? Learn some easy to implement tips on securing SSH and make your Linux server more secure.

Create a pdf with barcodes to backup text files on paper. Designed to backup ASCII-armored GnuPG and SSH key files and ciphertext.

Hashicorp Vault hogs the limelight as cost-effective powerful KMS solutions are hidden in plain sight. Chris McGrath explores the underrated Mozilla SOPS.

This HN thread contains several tips and hints regarding methods, approaches and tools to share secrets across people and systems.

How to SSH properly and easily improve the security of your SSH model without needing to deploy a new application or make any huge changes to UX.