Recently I've been noticing someone using the username SerpentSecurity32. I'm not sure if they're trying to impersonate me, but just in case, I've released the following notice:

SerpentSecurity32 is *not* my account. A full summary of my accounts can always be found at

My minisign public key is: RWSAnvfq8XXGcw5iUd2+q7OWwlITbIKkp5lUPKR3haFhdIWDdXFf1Rla

My account summary (linked above) has a detatched signature signed by the above public key

I've been away from blogging for a while, but I've decided to start again. is being moved to

Check out the new site for new articles

I'm developing a Linux hardening script. The goal is to develop the most secure system possible, while not sacrificing usability.

I developed a script to generate anonymous email addresses over Tor (or any proxy configuration you want):

It relies on proxychains for proxying traffic anonymously.

(This is a fork. The original can be found at

As a reminder to anyone currently using PGP/GPG, you shouldn't. PGP is an outdated, overly complex protocol that doesn't meet the standards of a modern secure system.

Someone in a Matrix room I'm a part of mentioned this:

C: Do you want more buffer overflow vulnerabilities? No? Well... take it anyway!

Of course `gcrypt` would have an exploitable heap overflow. This is why I recommend avoiding PGP

A while back I performed a mini-audit on the Threema messaging app. You can read about Threema on my blog:

With today being data privacy day, I decided to publish an article explaining why privacy is important, and discussing why we shouldn't simply believe companies who try to claim "we care about your privacy". I imagine many people here already understand this, but I figured I'd release the article anyway.

In light of a recent report from Google's TAG, I'm like to remind everyone of the importance of verifying trust. According to TAG, North Korean attackers have been posing as security researchers to steal research and obtain vulnerability information they can exploit.

TAG also discovered the same attackers have been exploiting a zero-day in Chrome on Windows.

I created this account a few days ago (maybe a week?), but haven't introduced myself yet. So, I'm doing that now.

I'm a security and privacy researcher, and a blogger. My primary focus is cryptography, but I work in all aspects of privacy and security. I do a lot of code review, pentesting, and red team assessments.

For anyone interested, my blog is available at

InfoSec Community within the Fediverse. Newbies, experts, gurus - Everyone is Welcome! Instance is supposed to be fast and secure.

We have a Getting Started Guide here: