blog.thc.orgPractical HTTPS InterceptionTL;DR: An attacker can trick Let's Encrypt (LE) to issue new TLS certificates for any domain that the attacker intercepts traffic for. The attacker can then decrypt the TLS traffic. This one thing that TLS is supposed to prevent from happening. The f...Feb 3, 2025·8 min read
blog.thc.orgKeep Pavel Durov LOCKED UPPavel was not arrested because he criticised Macron. He was arrested because he (allegedly) facilitates a wide range of crimes, including drug trafficking and ransomware groups. He should have also been arrested for LYING to the community and for his...Aug 26, 2024·6 min read
blog.thc.orgHTTPS Interception by a state actor in GermanySome comments regarding the recently discovered Interception of HTTPS/TLS/SSL traffic by a state actor in Germany. Ten years ago, in 2013, the IETF #88 (which is the standardization body of the Internet) declared that the Internet surveillance progra...Oct 21, 2023·4 min read
iq.thc.orgStarting a User Mode Linux/Debian-OS as an unprivileged Linux UserAfter reading this article you will be able to start a Debian-Linux (including Kernel) from any (unprivileged) Linux shell. User Mode Linux (UML) is a modified Linux Kernel that the user starts just like any other Linux program. The UML-Kernel then "...Sep 28, 2023·3 min read
iq.thc.orgStarting a VM as an unprivileged Linux UserAfter reading this article you will be able to start any OS of any architecture from your (unprivileged) Linux shell (and log in as root to start (for example) Docker inside the emulated OS). This is a great way to test or compile exploits and tools....Sep 24, 2023·3 min read
