Skip to content

HOW TO SECURE YOUR TOR ONION KEYS

This is a quick guide on how to secure your Tor Onionsite from someone intercepting the keys and hijacking your domain.

Open a terminal and Type

sudo su –

Only hs_ed25519_secret_key is required for TOR to work

Copy other keys to a backup location

Do do this type:
mkdir /backup
mkdir /backup/current-tor-keys
cd /var/lib/tor/hidden_service/
cp -R ./* /backup/current-tor-keys/
rm hs_ed25519_public_key
sudo chown -R debian-tor: /var/lib/tor/hidden_service
sudo chmod -R u+rwX,og-rwx /var/lib/tor/hidden_service

Now use WinSCP and copy the keys off the server to a safe location and delete them from your /backup directory

AUTOMATIC UPDATES FOR UBUNTU 22.04

Setting up automatic updates is critical if you want to maintain a secure environment. Make sure you have automatic backups that occur prior to the updates, so you have a rollback plan.

Here are the commands to set it up.

Open a terminal:
sudo su –
apt install unattended-upgrades
systemctl status unattended-upgrades
apt install update-notifier-common
nano /etc/apt/apt.conf.d/50unattended-upgrades

Now remove the // before each of these lines, and change the values to make them relevant for your system
Unattended-Upgrade::Mail “youremailaddress@yourdomain.com”;
Unattended-Upgrade::MailReport “on-change”;
Unattended-Upgrade::Remove-Unused-Kernel-Packages “true”;
Unattended-Upgrade::Remove-Unused-Kernel-Packages “true”;
Unattended-Upgrade::Remove-Unused-Dependencies “true”;
Unattended-Upgrade::Automatic-Reboot “true”;
Unattended-Upgrade::Automatic-Reboot-WithUsers “true”;
Unattended-Upgrade::Automatic-Reboot-Time “06:00”;
Unattended-Upgrade::OnlyOnACPower “true”;

Save and Exit the file

nano /etc/apt/apt.conf.d/20auto-upgrades

Now replace the contents of the file with the info below:
APT::Periodic::Update-Package-Lists “1”;
APT::Periodic::Unattended-Upgrade “1”;

Save the File and Exit

dpkg-reconfigure -plow unattended-upgrades

Reboot your system instead of running a service restart

That’s it!

CLEAR COMMAND HISTORY IN LINUX

It is common practice to simply type in commands into a terminal and leave the terminal with never clearing the history. The problem is, if someone accesses your system, they can see everything you have done, which can be an issue.

To check your terminal history, Open a Terminal and type:
history

To clear the History, simply type:
history -c

Now you can check your history again by typing:
history

And you can see it is clear. Do this before you log off your computer every time for good measure

INSTALL TOR ON KALI 2024.1

This is a quick guide on how to install tor on the newest version of Kali Linux. By default the version that I am running does not have it.

Open a terminal and Type:
sudo apt-get update
sudo apt install tor -y
sudo apt install torbrowser-launcher -y

Now to run Tor you will need to open a second terminal

In the first terminal type:
tor
Press Enter. This will start the service

In the second terminal, type:
torbrowser-launcher
Press Enter

This will open the Browser

Try navigating to my Onion site to test it out:
longleycr37tvhhrxmbs3buk3ze6vtpyouz3gy6uytdqqfvoiqrf3yyd.onion

HOW TO SETUP A TOR ONIONSITE ON APACHE

Here is a simple how-to guide on setting it up in 2024

First you will want a server that has nothing on it and is not publicly available. I suggest getting a spare PC, or setting it up on a VM.

Make sure the PC/VM is on a standalone VLAN and behind a firewall so no other traffic can get to it. Open NO Ports, setup No NATs, TOR does not need them open to function properly.

First, Install Ubuntu Server 22.04 or Ubuntu Server 24.04

Then ssh into the server

Type:
sudo su –

dpkg –print-architecture

If it is either amd64, arm64 or i386, it will work, if it is not any of those structures, find a different system to run it on.

Type:
apt install apt-transport-https

lsb_release -a

What is your version of linux? It wil be listed as something like
Codename: focal
or
Codename: jammy
or whatever the latest flavor is

Install Apache:
apt-get update

apt install apache2

mv /var/www/html/index.html /var/www/html/index.html.orig

nano /var/www/html/index.html

Type in
Hi, You Found Me!

Save and Exit

Now Type:
cd /etc/apt/sources.list.d/

nano tor.list

paste in this:
deb     [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org <DISTRIBUTION> main
deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org <DISTRIBUTION> main

Change <DISTRIBUTION> to focal or jammy or whatever, so it looks like this:
deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org jammy main
deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org jammy main

Save and Exit

Now type:
wget -qO- https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | gpg –dearmor | tee /usr/share/keyrings/tor-archive-keyring.gpg >/dev/null

apt update

apt install tor deb.torproject.org-keyring

nano /etc/tor/torrc

Uncomment these lines by deleting the #

HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServicePort 80 127.0.0.1:80

Save and Exit

systemctl restart tor

systemctl restart apache2

cat /var/lib/tor/hidden_service/hostname

and your onion site will show like this:
longleycr37tvhhrxmbs3buk3ze6vtpyouz3gy6uytdqqfvoiqrf3yyd.onion

Now you can go to a site like torgateway.com and browse to that onion site to ensure it is live. I would prefer if you actually used your own tor browser instead using a setup like the one I created here for Tor and Tails.

Enjoy the darkweb!

HOW TO ACCESS TOR SAFELY

This is a quick How-To on installing Tails OS to a USB Drive, so you can use TOR on any computer, Anywhere

To start, on your computer:

Download BalenaEtcher and install it

Visit https://tails.net/ to get your copy of Tails, which was created by the makers of TOR

Download Tails, the latest version

Insert a USB into your Computer

Open BalenaEtcher

Click Flash From File

Select Tails

Select Target

Select your USB Drive

Click Flash!

Once it is done being flashed, you can put it in a computer to use

Boot/Reboot the computer

Select your USB Drive on startup

Tails will begin!

Once you are in Tails, to use TOR, click Activities in the Top Left

Select Tor Browser

Connect the circuit to the tor network.

Once connected to Tor you can test it by visiting my website:

Go to https://jaylongley.com and navigate to the Contact Page

Note that UBlock Origin has found trackers on my website. It finds google analytics and whatnot. This is supposed to happen. You will see why in a minute.

There you will see a tor address. Copy that address

Open a new tab in Tor

Place the Onion address that you received from my contact page, and navigate there

You will see my darkweb page appear

Now note UBlock Origin, has NO trackers here. To use Tor and ensure your safety, only work with pages and sites that do not track you!

Happy Surfing

CONFIGURE BITLOCKER THROUGH INTUNE

  • 365

If you are receiving the following recommendation in your Microsoft Security Center, the directions after will help you resolve the issue:

BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers.

This security control is only assessed for machines with Windows 10, version 1803 or later.
Drives that aren’t encrypted are exposed to unauthorized access to user data and to data tampering while the system is offline
.

Here is the remediation:

  1. Sign in to the Microsoft Endpoint Manager admin center (https://endpoint.microsoft.com).
  2. Select “Devices” and then “Configuration profiles”.
  3. Click on “Create profile” and select the platform “Windows 10 and later”.
  4. Choose the profile type “Endpoint protection” and then “BitLocker”.
  5. Configure the BitLocker settings according to your preferences.
  6. Assign the profile to the desired groups.

INTUNE & ATTACK SURFACE REDUCTION RULES

  • 365

The following information below describes how to implement the following security recommendation from Microsoft:
Attack Surface Reduction (ASR) rules are the most effective method for blocking the most common attack techniques being used in cyber attacks and malicious software.
This ASR rule scans executable files entering the system to determine whether they’re trustworthy.

To address this security recommendation, perform the following:

  1. Sign in to the Microsoft Endpoint Manager admin center (https://endpoint.microsoft.com).
  2. Select “Endpoint security” and then “Attack surface reduction”.
  3. Click on “Create Policy” and select the platform “Windows 10 and later”.
  4. Choose the profile type “Attack surface reduction rules”.
  5. In the settings, find the rule “Use advanced protection against ransomware” and set it to “Block”.
  6. Assign the policy to the desired groups.

DJI MINI 2 SE REMOTE ID

The DJI Mini 2 SE Drone DOES have Remote ID / RID

To find it, look at the following:
The Box it came on, listed as SN (Serial Number)

Or in the DJI APP
Aircraft Serial Number

The Number starts with 1581F……

You will need this number to register it with the FAA