Ephemeral Firefox with Extensions

icon of ephemeral firefox with icons of popular extensions below it

I recently posted about how to create a sandboxed firefox profile to compartmentalize (and shred) your firefox browsing history in an Ephemeral Firefox session. But so far I’ve only covered how to create a simple vanilla firefox profile. What if you want your Ephemeral Firefox to include a few basic extensions?

This post will cover . . . → Read More: Ephemeral Firefox with Extensions

Ephemeral Firefox in Ubuntu

ephemeral firefox

This post will describe how to create an Ephemeral Firefox session. The ultimate goal of an Ephemeral Firefox session is to unlink your browsing sessions day-to-day and reduce tracking via fingerprinting.

This technique can also be used to compartmentalize your internet activity by using the Ephemeral Firefox session as a Site Specific Browser. This . . . → Read More: Ephemeral Firefox in Ubuntu

New Thumb Drive Encryption Procedure

In this article, I’ll describe a procedure for preparing a brand-new USB flash drive for use. First we’ll securely erase all the data on the drive, then we’ll encrypt the entire drive, and–finally–we’ll check the drive for bad blocks.

Ah, remember the good-ole days of spinning disks? When your OS could tell your hard *disk* . . . → Read More: New Thumb Drive Encryption Procedure

How to check the Public Key Algorithm used for a given gpg key (ie: RSA vs DSA)

Today I discovered how to validate the Public Key Algorithm that’s used for a given gpg key. Unfortunately, it’s extremely unintuitive & took quite a bit of digging to figure out how. So I’m leaving this here in hopes it helps someone in their future searches.

. . . → Read More: How to check the Public Key Algorithm used for a given gpg key (ie: RSA vs DSA)

HPKP Best Practices for Let’s Encrypt

This post describes how to generate a few backup public key hashes to add to your HTTP Public Key Pinning (HPKP) config that might save you from bricking your domain if Let’s Encrypt ever gets untrusted like StartCom did.

If you have a healthy distrust of the X.509 PKI trust model, then you’ve probably heard . . . → Read More: HPKP Best Practices for Let’s Encrypt

pycurl through Tor without leaking DNS lookups

This article describes the correct way to use pycurl over Tor, such that both DNS lookup data and HTTP(S) traffic is sent through Tor’s SOCKS5 proxy.

If you google “pycurl tor”, one of the first results is a stackoverflow post that describes how to configure pycurl using the pycurl.PROXYTYPE_SOCKS5 setting. Indeed, even the tutorial To . . . → Read More: pycurl through Tor without leaking DNS lookups

Iterative MITM Packet Sniffer

So, I got into a discussion with a friend of mine in my Computer Security class at UCF about this script. I’m posting this for historical and educational purposes only. As always, I never condone the implementation of any of my content for malicious intent. Moreover, this script has flaws that * would make it . . . → Read More: Iterative MITM Packet Sniffer