05 Dec 2016
Corporate data gathering of consumers private information has exploded over the last few years. The new normal seems to require registration to use any website, device or app. The company almost always wants your name and email, and some require address, phone number and credit card as well. After you provide that information your usage is tracked and data mined for corporate profits. Online privacy is becoming scarce (if not non-existent).
This article offers a practical guide to opt out of this pervasive data gathering by setting up an alternate online identity. Companies get something to track. You get to use their awesome service and you get to preserve at least some of your privacy.
15 Jun 2016
As a security and privacy advocate wanting a new laptop, much time and research was needed to settle on what I wanted. I bought a Purism Librem 13 running Qubes OS. While this is definitely not the setup for everyone, it is worth considering if you’re worried about privacy and have any kind of Linux experience.
So this is a review of the Librem 13 running Qubes with a bundle of setup notes and impressions.
22 Oct 2015
How to set up a malicious ldap server to capture credentials on a pentest.
I recently tested an application using LDAP to connect to Active
Directory to perform queries. The app had valid AD credentials and I
wanted to steal them. I couldn’t grab the credentials directly, but I
could change some of the app configuration, including the IP address of the LDAP server to
connect to. That led to “Let’s set up a malicious LDAP server to capture
There is no metasploit capture ldap module :-( and I
didn’t have the time to write one. OpenLDAP does support unencrypted,
plaintext authentication, but the instructions for setting that up are
non-existent. So I documented as I went to make this post.
All testing was done using Kali Linux, so it’s easy to add to a pentest setup.
19 Oct 2014
In my previous post, I described how to install a Pocket Internet Privacy
It uses a cheap TP-Link pocket router, OpenWRT and a privacy VPN to
protect your privacy on untrusted networks like hotels and coffee shops.
I had no idea the post would be as long as it was. I didn’t want people
to have to scroll to the bottom just to read how to use the thing. So
here’s the post on how to use the thing.
tplink running openwrt
10 Oct 2014
When I travel, the thought of using the Internet in hotels and such
leaves me feeling gross and paranoid that someone can see what I’m
doing. As a penetration tester who hacks people this way, and seeing how
awful some hotel Internet setups are, I feel pretty justified in my
So I wanted to make a hardware-based device that was cheap,
easy to use and effective at protecting my privacy in
not-quite-trustworthy networks. Here’s what I made with step-by-step
instructions on making your own.