After the primer from #1, we can start coding by converting the Buoy interface elements into React Native components.

The Buoy mobile client app for iOS and Android is called Lifeboat and its repository is available here: https://github.com/betterangels/lifeboat

Self-assigning this to make sure I don't lose track of things and also to document what I actually did this week and what I have left to do for setup. In rough chronological order from memory:

1. Identify folks interested in learning this stuff.
2. Estimate and create a skeleton educational framework using this org/wiki/repo

• Document CTF team joining process

1. Construct minimal infrastructure (Gitter room, CTFTime team, etc)
2. Register for upcoming CTF (next one is BostonKeyParty, but official registration is not yet open).
3. Finalize team membership/help participants troubleshoot their access to Gitter, etc.

/cc @AnarchoTechNYC/ctf

The screenshots in our OnionShare materials ("Secretly sharing files with OnionShare and Tor Browser") show OnionShare version 1.2, but OnionShare version 1.3 has dramatically changed the GUI.

It would be nice if the workshop materials were updated to reflect the new interface. :)

hello hello!
don't know how to really introduce myself but in short i came across this tech collective and am really interested in joining! if there's any way to become a member, please let me know. :)

The page on GPG/PGP is now existent, but is missing a ton of info; this could be better, without being overwhelming or redundant.

I'd like to see an exercise in meta/train-the-trainers for using Social Engineering Toolkit to spoof an SMS text message, as is shown in S01E05 of Mr. Robot, and as is outlined in the section of the Wiki that details that episode.

Collaborators from AnarchoTechNYC and the Better Angels collective have put together a pretty great "Persona-based commsec training matrix" (see #6), now it's time to actually use it!

Last weekend, the Better Angels Collective used this matrix as part of a "Practical digital security" workshop that got some good feedback, and they even helpfully included a "How to facilitate…" section.

Let's try this approach either at AnarchoTechNYC itself and/or some other venues, such as:

• Verso books?
• A tech collective-organized event at The Base?
• Somewhere else?

All we need are:

• A projector
• Wi-Fi
• whiteboard + eraser + markers
• Physical space (a host?)
• A confirmed time
• Maybe some "outreach" or "publicizing" but probably not much, word of mouth should be cool enough

Have a meeting for the more technically savvy people to hash out the straight tech stuff around the new buoy project.

How can we separate translations? I started writing the same, with some changes here, I wonder how can we link it with this guide.

https://github.com/AnarchoTechNYC/meta/wiki/Connecting-to-an-authenticated-Onion-service "ad. OnionShare's "Advanced" options will automate the server-side portion of creating an authenticated stealth Version 2 Onion service."

This February a new OnionShare was released with v3 URLs, authenticated onions are only available with v2 through OnionShare, otherwise possible, but manual procedure.

Wouldn't it be nice to have a full list of tools/services one could use? A list of "trusted" email providers, social networking alternatives and so on?

The Mr. Robot's Netflix 'n' Hack wiki is hard to navigate with how long it is and how many images are now involved in it; it may be more easily navigated if the sections were their own pages.

On Windows 10, after placing sanitycheck.password.txt and sanitycheck.wordlist.txt into run in john, and attempting to execute .\john --wordlist=sanitycheck.wordlist.txt sanitycheck.wordlist.txt, I received the following error:

2 [main] john 352 find_fast_cwd: WARNING: Couldn't compute FAST_CWD pointer. Please report this problem to the public mailing list [email protected] No password hashes loaded (see FAQ)

Hey all, we'll be watching episode 7 of Mr Robot for a Mr. Robot's Netflix 'n' Hack event at Koz House (DM for address) at 8pm Saturday 5/6. Hope to see you!

This should be on the homepage for the meta.

Signing git commits using GPG keys almost definitely has some terminology mistakes that need to be fixed, such as:

• I'm pretty sure "identification number" is not the right term for the thing it references there.

Seems the link to download the DVIA framework is down. OWASP and the author seem to be pointing seekers to the authors official site and githib project page (see below)

Author page (includes the currently "down" DVIA download link, but also has DVIA tutorials and other supplemental documents and guides): https://n0where.net/damn-vulnerable-ios-app-dvia/

Authors DVIA github project page: https://github.com/prateek147/DVIA

OWASP's link and writeup of the DVIA project: https://www.owasp.org/index.php/OWASP_DVIA#tab=Framework

:)

There are already a lot of tool-specific guides for digital (and other) security. Yay! Let's not re-create those. However, people are still asking us questions like:

• "As the administrator of my group's website, what do I need to know to store my group's data more securely?"
• "As an individual advocating for LGBT rights, what do I need to do to protect myself from SWAT'ing?"

and so on. Not all tools are relevant in all circumstances. Can we create some brief guides that leverage the existing detailed guides for more specific threat models? Can we help people more intuitively perform a threat assessment for themselves without reinventing the wheels others have already built?

I think the answer is yes, and propose a "persona-focused" guide on our wiki as a place to start.

I've tentatively concluded that the weekly recurring structure of Mr. Robot's Netflix 'n' Hack is currently an optimal way to chunk introductions to computer security topics for the "train the trainers" project. There are now numerous Mr. Robot's Netflix 'n' Hack iterations happening simultaneously throughout New York City. What none have, yet, is actionable educational steps for further self-study/practice.

So, after documenting some of the exercises that came from ad-hoc conversations/demos in prior iterations on the associated "How to facilitate…" wiki page, I wanna create demo materials that can be followed by individuals on their own or by a facilitator at an event.

An open question right now is: what week should a given exercise be put into?

Our new wiki has been created with a simple structure imported from several other orgs for whom I've created some organizational memory. One of the open questions for the AnarchoTechNYC wiki itself is what should go under our "Training guides" section.

For now, we are focusing on the tech side of things; those redlinks on the wiki homepage need to be either filled in or, if they're left as redlinks for a while, that part of the wiki just needs to be pared down.

I'm not certain we have an answer for this immediately so I'm opening this issue as a place for me to keep track of any discussion I have about it in the near future.

Quick note, the link to "Basics of Making a Rootkit" on the main page of the wiki is broken. Archived page available here.

This commit contains updated instructions for the wiki page on connecting to authenticated onion services. The changes all pertain to Orbot 16.5 which is unreleased but has v3 support.

Changes Include:

• newly added v3 client auth instructions
• updated v2 instructions
  • removed orfox stuff
  • updated menu instructions to reflect how the v2 stuff is now buried behind another menu within Orbot

https://github.com/bitmold/onionservicewikifork/commit/b278b37c3bb769b52639b01dd85e52541bea41d3

please feel free to do with this as y'all wish

It would be sweet to have a simple guide on how to create a make a GPG key and then apply it to GitHub commits.

Hey all, we'll be watching episode 6 of Mr Robot as part of Mr. Robot's Netflix 'n' Hack on 4/22 8pm at Koz Collective (DM for address). Hope to see you there!

I'm getting some feedback on format for "Defense Against the Dark Arts" sessions; I want to do some trial runs of these to figure out which is the best way to actually engage with folks on the subject.

Would be nice to have a page that describes TLS, SSL, the differences between them, their uses, and so on.

See: Arp cache poisoning

The ones we have now are fine, but could be spiffier!

There's a pad from the meeting with some good info, but it will be auto-deleted after 30days. We should capture amd retain whatever makes sense to on a wiki page.

Hey love your guides! Just wanted to point out that thanks to iCepa I have a working V2 password authentication in my app Fully Noded and V3 authorized_client auth too. Its open sourced so please point people to it if they want to see how:
TorClient.swift

Hey all, there will be a Mr Robot's Netflix n' Hack meeting to watch episode 4 at our place (DM for address) at 7pm this Tuesday, 3/21. Hope to see you!

One of our "train the trainers in cybersecurity" events is going to be a "Mr. Robot's Netflix 'n' Hack" night; a relatively gentle introduction to the tools, techniques, and procedures (TTPs) used in the real world of digital security.

We need a physical space that meets the following criteria:

• big enough for at least 10 people and their laptops to comfortably fit
• has a projector or large screen TV on which to view episodes of the show and demo TTPs
• has adjustable lighting so we can actually visibly see the projected screen
• has reliable Wi-Fi internet connectivity for all participants
• is available at the same time each week (or multiple venues that all match the above criteria that we can hop around to/from)

See also: How to facilitate Mr. Robot's Netflix 'n' Hack

The "Secretly sharing files with OnionShare and TorBrowser" exercise was written before OnionShare packaged its own Tor, so several of the sender steps are no longer strictly necessary. Further, the exercise is missing several good educational opportunities to expound upon the relationship between Tor and other applications. These should be added as beginner asides (:beginner:) or as Discussion sections.

For example:

• OnionShare and TorBrowser are both just apps that use Tor "under the hood" because Tor is a SOCKS proxy.
• Modern OnionShare packages its own Tor. Senders don't strictly need to open TorBrowser independently anymore, but it still may be useful to explain why they can. This will require examining the OnionShare preferences window.
• System Tor versus TorBrowser.
• Discussion about hardening your dead drop Onion site using Tor authentication.