hacking

Invisible Arch Linux

13 minute read Enclosure Published

Encrypted system using detached LUKS header with air gapped install.
Caveat lector: This information is intended for entertainment purposes only. When individuals speak of doing “big fist pumps” after their Arch installs successfully boot it can be hard to contain one’s curiosity about the path that led them there. But it’s hard to understand until you try it yourself. This was my journey to first install. It was an encrypted one. In this tutorial I will show you how I repurposed an old MacBook Pro to double-down on privacy using deniable encryption and how you can too.

Secure Your Digital Life

8 minute read Updated

Safeguard your privacy online. Arm yourself with knowledge and use these tips, tools and techniques to secure your digital life.

I’m no Steve Wozniak but I carry a healthy distrust of computers. After hearing of the Equifax data breach affecting the privacy of more than 145 million Americans, learning Uber paid and tried to cover up the loss of 57 million driver and passenger records and seeing the lasting impact of the Meltdown attack I’m starting to understand the gravity this quote from Woz:

Spoofing IoT Device MAC Addresses

2 minute read Updated

Connecting devices like the RPi or Apple TV to public networks requiring browser-based auth can be a drag. But that shouldn't stop you from hacking your way in. Find out how.

Imagine your sitting at a cafe on some exotic island after your last visa run to Sim Lim Square in Singapore where you picked up a CCTV Wi-Fi camera to protect your valuables and nerd out on gadgets.

You unbox your new toy only to realize you can’t connect it because the cafe you’re sitting at is using a captive portal.

Gah! What to do… Shell into the device and use wget or curl? Fuggetaboutit.

You reach into your Tortuga carry-on bag, pull out your laptop and do the only sensible thing you can think of—spoof the device’s MAC address.

Here’s how to spoof the MAC address of an IoT device using macOS.

Anatomy of a Google 302 Redirect Hijack

5 minute read Enclosure Published

Recently while Googling Olla de Carne (Costa Rican beef stew) my browser was  hijacked after taking a search results link. Rather than receiving a list of ingredients, the link redirected the browser to a bogus antivirus site that mimicked Windows and faked an integrated Explorer virus scan. Let’s examine how it happened.