Hello friends, this is the first of two, possibly three (if and when I have time to finish the Windows research) writeups. We will start with targeting GNU/Linux systems with an RCE.

This is a maintained technical guide that aims to provide introduction to various online tracking techniques, online id verification techniques and guidance to creating and maintaining (truly) anonymous online identities including social media accounts safely and legally. No pre-requisites besides English reading are required.

You've possibly just found out you're in a data breach. The organisation involved may have contacted you and advised your password was exposed but fortunately, they encrypted it. But you should change it anyway. Huh? Isn't the whole point of encryption that it protects data when exposed to unintended parties?

No, there hasn’t been any new vulnerability found in SSH, nor am I denying the usefulness of SSH as a building block in the dev toolchain. This article is about why you shouldn’t be (and how you can avoid) using raw SSH sessions for development work.

In summary, how the author discovered screen, tmux, etc.

How to poison phishing sites with fake data.

So you want to learn how to secure WordPress. Congratulations! You are in good company and this post will show you all the right steps!

We’re excited to announce the release of Teleport 4.3 - new UI, API driven, expanded audit capabilities, and still open source.

Maersk is the world’s largest integrated shipping and container logistics company. I was massively privileged (no pun intended) to be their Identity & Access Management (IAM) Subject Matter Expert (SME), and later IAM Service Owner. Along with tens (if not hundreds) of others, I played a role in the recovery and cybersecurity response to the […]

With zero trust, you assume everything on the network is unsafe. You have to check trust explicitly. This stance improves security throughout the SDLC.

Many of us use password managers to securely store our many unique passwords. A critical part of a password manager is the master password. This password protects all others, and in that way, it is a risk. Anyone who has it can pretend to be you… anywhere! Naturally, you keep your master password hard to guess, commit it to memory, and do all the other things you are supposed to do.

Worried about the security of your Linux server? Learn some easy to implement tips on securing SSH and make your Linux server more secure.

Hashicorp Vault hogs the limelight as cost-effective powerful KMS solutions are hidden in plain sight. Chris McGrath explores the underrated Mozilla SOPS.

The firmware of microcontrollers usually contains valuable data such as intellectual property and, in some cases, even cryptographic material.

This guide explains how to edit remote files with Vim on Linux. Starting from Vim 7.x version, the netrw plugin allows you to edit remote system files.

The C language is still prominent in the industrial embedded world, where “IoT” often refers to platforms much more limited than a Raspberry Pi. Often having to deal with such environments, we wrote the following informal explainer about C for internal company needs, and thought it could be of interest for more readers. This is basic material, mixing C and operating systems knowledge, aimed at readers with no or limited understanding of how you go from C source code to an executable. We could expand on many points, but for now we just share this meandering overview.

Email is unsafe and cannot be made safe. The tools we have today to encrypt email are badly flawed. Even if those flaws were fixed, email would remain unsafe. Its problems cannot plausibly be mitigated. Avoid encrypted email.
Technologists hate this argument. Few of them specialize in cryptography or privacy, but all of them are interested in it, and many of them tinker with encrypted email tools.
Most email encryption on the Internet is performative, done as a status signal or show of solidarity.