anarchotechnyc / meta Goto Github PK
View Code? Open in Web Editor NEW:scroll::information_source: Organizing space for the Anarcho-Tech NYC collective.
Home Page: https://github.com/AnarchoTechNYC/meta/wiki
License: The Unlicense
:scroll::information_source: Organizing space for the Anarcho-Tech NYC collective.
Home Page: https://github.com/AnarchoTechNYC/meta/wiki
License: The Unlicense
There are already a lot of tool-specific guides for digital (and other) security. Yay! Let's not re-create those. However, people are still asking us questions like:
and so on. Not all tools are relevant in all circumstances. Can we create some brief guides that leverage the existing detailed guides for more specific threat models? Can we help people more intuitively perform a threat assessment for themselves without reinventing the wheels others have already built?
I think the answer is yes, and propose a "persona-focused" guide on our wiki as a place to start.
Hey all, we'll be watching episode 7 of Mr Robot for a Mr. Robot's Netflix 'n' Hack event at Koz House (DM for address) at 8pm Saturday 5/6. Hope to see you!
I've tentatively concluded that the weekly recurring structure of Mr. Robot's Netflix 'n' Hack is currently an optimal way to chunk introductions to computer security topics for the "train the trainers" project. There are now numerous Mr. Robot's Netflix 'n' Hack iterations happening simultaneously throughout New York City. What none have, yet, is actionable educational steps for further self-study/practice.
So, after documenting some of the exercises that came from ad-hoc conversations/demos in prior iterations on the associated "How to facilitate…" wiki page, I wanna create demo materials that can be followed by individuals on their own or by a facilitator at an event.
An open question right now is: what week should a given exercise be put into?
There's a pad from the meeting with some good info, but it will be auto-deleted after 30days. We should capture amd retain whatever makes sense to on a wiki page.
See: Arp cache poisoning
The ones we have now are fine, but could be spiffier!
This should be on the homepage for the meta.
Wouldn't it be nice to have a full list of tools/services one could use? A list of "trusted" email providers, social networking alternatives and so on?
This commit contains updated instructions for the wiki page on connecting to authenticated onion services. The changes all pertain to Orbot 16.5 which is unreleased but has v3 support.
Changes Include:
https://github.com/bitmold/onionservicewikifork/commit/b278b37c3bb769b52639b01dd85e52541bea41d3
please feel free to do with this as y'all wish
Hey love your guides! Just wanted to point out that thanks to iCepa I have a working V2 password authentication in my app Fully Noded and V3 authorized_client auth too. Its open sourced so please point people to it if they want to see how:
TorClient.swift
How can we separate translations? I started writing the same, with some changes here, I wonder how can we link it with this guide.
Would be nice to have a page that describes TLS, SSL, the differences between them, their uses, and so on.
The "Secretly sharing files with OnionShare and TorBrowser" exercise was written before OnionShare packaged its own Tor, so several of the sender steps are no longer strictly necessary. Further, the exercise is missing several good educational opportunities to expound upon the relationship between Tor and other applications. These should be added as beginner asides (:beginner:) or as Discussion sections.
For example:
Have a meeting for the more technically savvy people to hash out the straight tech stuff around the new buoy project.
I'd like to see an exercise in meta/train-the-trainers for using Social Engineering Toolkit to spoof an SMS text message, as is shown in S01E05 of Mr. Robot, and as is outlined in the section of the Wiki that details that episode.
Signing git commits using GPG keys almost definitely has some terminology mistakes that need to be fixed, such as:
After the primer from #1, we can start coding by converting the Buoy interface elements into React Native components.
The Buoy mobile client app for iOS and Android is called Lifeboat and its repository is available here: https://github.com/betterangels/lifeboat
Our new wiki has been created with a simple structure imported from several other orgs for whom I've created some organizational memory. One of the open questions for the AnarchoTechNYC wiki itself is what should go under our "Training guides" section.
For now, we are focusing on the tech side of things; those redlinks on the wiki homepage need to be either filled in or, if they're left as redlinks for a while, that part of the wiki just needs to be pared down.
I'm not certain we have an answer for this immediately so I'm opening this issue as a place for me to keep track of any discussion I have about it in the near future.
Hey all, we'll be watching episode 6 of Mr Robot as part of Mr. Robot's Netflix 'n' Hack on 4/22 8pm at Koz Collective (DM for address). Hope to see you there!
It would be sweet to have a simple guide on how to create a make a GPG key and then apply it to GitHub commits.
Collaborators from AnarchoTechNYC and the Better Angels collective have put together a pretty great "Persona-based commsec training matrix" (see #6), now it's time to actually use it!
Last weekend, the Better Angels Collective used this matrix as part of a "Practical digital security" workshop that got some good feedback, and they even helpfully included a "How to facilitate…" section.
Let's try this approach either at AnarchoTechNYC itself and/or some other venues, such as:
All we need are:
Quick note, the link to "Basics of Making a Rootkit" on the main page of the wiki is broken. Archived page available here.
Seems the link to download the DVIA framework is down. OWASP and the author seem to be pointing seekers to the authors official site and githib project page (see below)
Author page (includes the currently "down" DVIA download link, but also has DVIA tutorials and other supplemental documents and guides): https://n0where.net/damn-vulnerable-ios-app-dvia/
Authors DVIA github project page: https://github.com/prateek147/DVIA
OWASP's link and writeup of the DVIA project: https://www.owasp.org/index.php/OWASP_DVIA#tab=Framework
:)
On Windows 10, after placing sanitycheck.password.txt
and sanitycheck.wordlist.txt
into run
in john
, and attempting to execute .\john --wordlist=sanitycheck.wordlist.txt sanitycheck.wordlist.txt
, I received the following error:
2 [main] john 352 find_fast_cwd: WARNING: Couldn't compute FAST_CWD pointer. Please report this problem to the public mailing list [email protected] No password hashes loaded (see FAQ)
One of our "train the trainers in cybersecurity" events is going to be a "Mr. Robot's Netflix 'n' Hack" night; a relatively gentle introduction to the tools, techniques, and procedures (TTPs) used in the real world of digital security.
We need a physical space that meets the following criteria:
I'm getting some feedback on format for "Defense Against the Dark Arts" sessions; I want to do some trial runs of these to figure out which is the best way to actually engage with folks on the subject.
hello hello!
don't know how to really introduce myself but in short i came across this tech collective and am really interested in joining! if there's any way to become a member, please let me know. :)
The Mr. Robot's Netflix 'n' Hack wiki is hard to navigate with how long it is and how many images are now involved in it; it may be more easily navigated if the sections were their own pages.
The screenshots in our OnionShare materials ("Secretly sharing files with OnionShare and Tor Browser") show OnionShare version 1.2, but OnionShare version 1.3 has dramatically changed the GUI.
It would be nice if the workshop materials were updated to reflect the new interface. :)
Hey all, there will be a Mr Robot's Netflix n' Hack meeting to watch episode 4 at our place (DM for address) at 7pm this Tuesday, 3/21. Hope to see you!
Self-assigning this to make sure I don't lose track of things and also to document what I actually did this week and what I have left to do for setup. In rough chronological order from memory:
/cc @AnarchoTechNYC/ctf
The page on GPG/PGP is now existent, but is missing a ton of info; this could be better, without being overwhelming or redundant.
https://github.com/AnarchoTechNYC/meta/wiki/Connecting-to-an-authenticated-Onion-service "ad. OnionShare's "Advanced" options will automate the server-side portion of creating an authenticated stealth Version 2 Onion service."
This February a new OnionShare was released with v3 URLs, authenticated onions are only available with v2 through OnionShare, otherwise possible, but manual procedure.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.