Block the Blue Coat Intermediate CA from Windows

Symantec has gotten in hot water for issuing rogue certificates (source). While Symantec has agreed to certificate transparency, Blue Coat systems is a known operator of MITM services they sell to enterprises, nation-states and governments, and this certificate would allow Blue Coat to issue arbitrary MITM certificates.

OSX instruction can be find over here (By Filippo Valsorda)

Click on Continue Reading for the full instructions

Continue Reading

Privacy and Anonymity


Privacy is an increasingly rare commodity these days. To find out what kind of information is there about you do a search for yourself on, you might be surprised at the number of companies that claim to have information about you and your relatives.

That’s because your personal information, including your email address, phone number and daily activities on Social Networks and apps, are worth a lot of money to legitimate businesses, your new employer, government and bad guys (read hackers).

The bad guys just want to steal from you and sell it on the DarkNet. Legitimate Companies want to know as much about you as possible, so they can sell you more products and services or serve you ads that are highly relevant to your preferences. And your possible new employer might get the wrong impression of you.

So i’m going to talk about a few steps that helps you, to protect your information.

There are a couple ways to secure your own privacy without having a lot of tools installed or the need of know how.

  • Information you Share
  • Email address
  • Fake Identity
  • Browsing anonymously
Continue Reading

Force HTTPS On Your WordPress Site

I’m running my wordpress site for quite some time now.. My site is HTTPS enabled and signed with a certificate. HTTP was also possible in the past for reaching my site. In this guide i’m going to point all of the pages (including the administrative) to force HTTPS.

To simplify this, the guide will build into the following 3 parts:

  1. Force SSL for administrator pages (including the login page)
  2. Secure all normal pages with HTTPS
  3. Change .htaccess to redirect all HTTP to HTTPS

When all of this is completed you should have a WordPress site completely running secure with HTTPS.

This guide assumes that you have already bought a valid Certificate

Continue Reading

OpenVPN in Kali Linux

This how to describes how to configure Kali to use a openVPN for securing your traffic.

Why should u use VPN?

Here’s my top 5 why you want to use a VPN service.

  1. VPN provides Privacy and hides your own External IP address.
  2. Use any network (public or private or free (hotspot WiFi) with encryption.
  3. Login to your home or Work network from anywhere with confidence of encrypted traffic.
  4. Bypass censorship and content monitoring  by goverments.
  5. Browse and bypass Firewall and censorship policy from Anywhere!

As you can see from the list above, VPN not necessarily hides everything. Search engines  like google, bing and yahoo can still recognizes you based on your cookies or account sign-in. So make sure you use tools like Bleachbit (clear browsing data etc) and enable plugins in your browser for tracking and ads (privacy badger, uBlock Origin).

In the example below i’m using IPVanish VPN service, there are lot’s more VPN services. If you really want to be sure of logging, security and availability you can use the comparison chart (click here).

Continue Reading

How to install BeEF on Ubuntu

BeefBeEF stands for The Browser Exploitation Framework. It is a great penetration testing tool that focuses on the web browser.

Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors. Unlike other security frameworks, It looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser. It will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context.


Continue Reading