Sec is important, but hard. How do you keep your stuff in the clear?


Pass is the unix password manager. Even though files are not stored as a binary blob (ergo service names are retrievable), it's pretty much the best thing out there. It's built on gpg and other unix tools, providing a neat interface for local passwords. Use it.

Hardware pgp management

The yubikey NEO is a hardware device to store your pgp keys. Unless it's physically retrieved it cannot be read. Combine it with pass for maximum security.

Linux Security Modules

Linux security modules are part patches that live on the kernel, and part userspace packages that interact with the kernel hooks to manage settings.

Linux Security Modules hooks were added in 2001.


Define what system resources individual applications can access and with what privileges. Static analysis and learning tools are included which make it easier to manage.



Security Enhanced Linux. Provide more extensive permissions for files than provided by the default linux distro (e.g. copy-only). Special patches must be applied to GNU coreutils / busybox to detect the extended permissions.

Mandatory Access Control (MAC)

Basic security infrastructure

Password testing

To test password strength, use john(1) aka John the Ripper.

Social engineering

A commonly used tool is the social engineering toolkit (SET) - allows setting up fake wifi endpoints and more. Running this on yourself allows you to figure out weak points in your own sec setup.


btscanner and bluesniff are tools used to find bluetooth devices. Caution should be advised using bluetooth devices as they could potentially get MITM or similar.


Ho-ly-shit this thing is only made for hacking other people. Real interesting to play with to figure out how others would exploit your system / where the limitations of the tool lie but... yeah. fuck.

results matching ""

    No results matching ""