Skip to content

Instantly share code, notes, and snippets.

View ageis's full-sized avatar
💭
available for hire in Bay Area https://cointel.pro/resume

Kevin M. Gallagher ageis

💭
available for hire in Bay Area https://cointel.pro/resume
426 followers · 2.7k following
View GitHub Profile
@ageis
ageis / pgpgrep.py
Created December 20, 2016 22:37
Mass-decrypt PGP messages in Thunderbird folders for CLI-based email searchability
#!/usr/bin/python3
# -*- coding: utf-8 -*-
import sys
import subprocess
import argparse
import re
import mailbox
import email.utils
import os
@ageis
ageis / Generating stronger DH parameters for nginx
Last active October 24, 2025 19:39 — forked from plentz/nginx.conf
Generating stronger DH parameters for nginx's SSL
# run in the terminal, then set as ssl_dhparam in nginx.conf
openssl dhparam -out /etc/nginx/ssl/dhparam.pem 4096
@ageis
ageis / grsec.conf
Created January 21, 2016 20:25
## Address Space Protection
# Disable privileged io: iopl(2) and ioperm(2)
# Warning: Xorg without modesetting needs it to be 0
kernel.grsecurity.disable_priv_io = 1
kernel.grsecurity.deter_bruteforce = 1
kernel.grsecurity.deny_new_usb = 0
kernel.grsecurity.harden_ipc = 1
## Filesystem Protections
@ageis
ageis / grsec-debian-digitalocean.md
Last active September 24, 2024 14:39

Building a grsec-patched Linux kernel for Debian 8 and DigitalOcean

It's possible to run a custom (instead of hypervisor-managed) kernel for use with Debian 8.x on a DigitalOcean droplet.

We'll build one with grsecurity, "an extensive security enhancement to the Linux kernel that defends against a wide range of security threats through intelligent access control, memory corruption-based exploit prevention, and a host of other system hardening".

Note: The stable patches for Linux 3.14.x and 3.2.x are not publicly available anymore, so we'll be applying the free 4.3.x (test) patch. The URLs and filenames in this document may become outdated, so fetch the latest from grsecurity.net and kernel.org.

Install dependencies:

@ageis
ageis / keybase.md
Created April 2, 2015 11:36

Keybase proof

I hereby claim:

  • I am ageis on github.
  • I am ageis (https://keybase.io/ageis) on keybase.
  • I have a public key whose fingerprint is 2C84 664F 26AA E27B AD57 90FD B604 C32A D5D7 C6D8

To claim this, I am signing this object:

@ageis
ageis / openpgp-card-guide.md
Last active February 14, 2026 07:20
Quick GPG Smartcard Guide
@ageis
ageis / gist:3b96c48698d94c9c8419
Last active October 2, 2022 11:32
Making Tor Hidden Services Slightly More Secure
Andy Greenberg of WIRED reports that the FBI has finally revealed how they allegedly located the server on which Silk Road was hosted, and it didn't require parallel construction. http://www.wired.com/2014/09/the-fbi-finally-says-how-it-legally-pinpointed-silk-roads-server
It was a security fail.
According to FBI agent Christopher Tarbell, as related by Greenberg: "They found a misconfiguration in an element of the Silk Road login page, which revealed its internet protocol (IP) address and thus its physical location... And when they entered that IP address directly into a browser, the Silk Road's CAPTCHA prompt appeared."
While I can only speculate about what gave away the IP address, here's a few suggestions for avoiding the latter problem, which should make your .onions slightly more secure.
First off, the webserver never should have responded to HTTP requests on the server's IP address. Only traffic which comes through the Tor hidden service, which connects to the webserver's port 80 on the loopback in
@ageis
ageis / Keybase proof
Created April 4, 2014 02:26
### Keybase proof
I hereby claim:
* I am ageis on github.
* I am ageis (https://keybase.io/ageis) on keybase.
* I have a public key whose fingerprint is 2258 6762 C39A 5DFF F7D7 FDC5 5F4F 4788 5921 D69C
To claim this, I am signing this object: