Joined April 2010
- Tweets 1,162
- Following 364
- Followers 1,048
- Likes 2,723
30 Photos and videos
Pinned Tweet
Mar 7
Implemented k-Anonymity query API to #wpasec. Use it online or offline to detect if network credentials were leaked. Can't wait to see what people will integrate it with.
Details: github.com/RealEnder/dwpa/bl…
2
1
9
375
RealEnder retweeted
Jun 12
RSA private keys biased toward 0 bits can be factored by swapping a hard math problem for an easy one: integer factorization becomes polynomial factorization.
We found hundreds of real-world keys vulnerable to this. Many traced to a type mismatch in CompleteFTP (now patched): each 32-bit limb got only 8 bits of randomness. We recovered 603 RSA and 74 DSA private keys. blog.trailofbits.com/2026/06…
7
164
810
49,386
RealEnder retweeted
May 16
$443,000 raised on Proxmark5!
Huge thank you to everyone supporting the next-gen RFID research platform.
Goal smashed in minutes, Iceman Keychain unlocked, and we’re closing in fast on the $600k Transparent PCB Namecard stretch goal.
Only ~27 days left at early-bird pricing.
indiegogo.com/projects/rfidr…
#Proxmark #flipperzero
1
15
63
4,070
RealEnder retweeted
Feb 27
Не съм вярвал, че някога ще кажа добра дума за нещо държавно!
еЗдраве било хубаво и функционално приложение. Даже и детето е вътре по дефолт.
Имаме нужда от още такива инструменти и институции!
Амин!
Честит петък!
4
5
60
2,145
RealEnder retweeted
Feb 26
We found that Wi-Fi client isolation can often be bypassed. This allows an attacker who can connect to a network, either as a malicious insider or by connecting to a co-located open network, to attack others.
NDSS'26 paper: ndss-symposium.org/wp-conten…
GitHub: github.com/vanhoefm/airsnitc…
20
250
1,447
202,938
ggml.ai joins Hugging Face
github.com/ggml-org/llama.cp…
4
17
201
12,875
I've just released
tyche, a Mythic JS XSS agent that communicates over MQTT Websockets
github.com/grampae/tyche
1
1
5
334
RealEnder retweeted
Jan 15
Personal Wi-Fi hotspot named “I have a bomb, everyone will die” triggered NATO Quick Reaction Alert airlive.net/incident/2026/01…
17
85
601
89,094
Jan 15
Power surge brought #wpasec down. Now dealing with hardware failures and assessing damages. Hope will return online soon, bit don't hold your breadth.
1
5
257
Jan 15
And we're back online. Thanks to our handheld vacuum cleaner adapter, which now powers the core router :)
6
212
Despite having one of the most transparent and well-managed funding structures among all open-source foundations, the ZSF hasn’t reached its goal and could use some help too: ziglang.org/news/2025-financ…
5
24
3,350
RealEnder retweeted
16 Sep 2025
Really hits me to read about Conrad Rockenhaus. Guy takes blow after blow just to keep a Tor exit node clean of surveillance. That’s grit, that’s backbone - the kind of thing hacker culture used to be about.
And yet .. somewhere along the way we started cheering for all the wrong people. Heads of agencies that spied on us suddenly get invited on stage at our cons. Some industry “idols” are basically psychopaths with zero ethics, but they still get put on a pedestal. Meanwhile, the people who actually take the hits for us stay in the shadows.
Glad VX-Underground shared his story - at least more people now know his name. That’s the kind of moral compass and resistance I thought this community was built on.
16 Sep 2025
Big drama today in the Tor community.
Conrad Rockenhaus, a Tor operator based out of Michigan, United States, was arrested in 2020 after refusing to cooperate with the United States Federal Bureau of Investigation
Rockenhaus, a disabled United States military veteran, ran the fastest Tor node in the United States. He was approached sometime in late 2019 when the FBI requested he allow them arbitrary access to his exit node and allow them to decrypt traffic. He denied their request.
Subsequently, in February, 2020 his home was raided. He was arrested for violating the CFAA (Computer Fraud and Abuse Act). It was alleged that he was a disgruntled ex-employee causing problems at his former place of employment.
Interestingly, to "help resolve the matter", law enforcement requested he decrypt his Tor exit node to prove his innocence (???). After he refused, he was held in a pre-trial detention cell for over 3 years. He was denied bail after law enforcement stated Mr. Rockenhaus used Linux to "access the dark web" and he was "not complying" and not allowing them access to this Tor exit node.
After Mr. Rockenhaus' wife filed an official complaint, and Mr. Rockenhaus was miraculously released, he was raided by the United States Marshal Fugitive Task Force TWO TIMES(???).
They took him out his home, threw him to the ground, beat him, smashed his windows, and threatened to murder his animals.
They are still requesting Mr. Rockenhaus allow them to access his Tor exit node. Mr. Rockenhaus still has not granted them that privilege.
All of this has been captured on home security camera footage. Additionally, his wife has released all court documents.
See subsequent post for more information.
13
160
1,202
63,280
RealEnder retweeted
16 Sep 2025
Big drama today in the Tor community.
Conrad Rockenhaus, a Tor operator based out of Michigan, United States, was arrested in 2020 after refusing to cooperate with the United States Federal Bureau of Investigation
Rockenhaus, a disabled United States military veteran, ran the fastest Tor node in the United States. He was approached sometime in late 2019 when the FBI requested he allow them arbitrary access to his exit node and allow them to decrypt traffic. He denied their request.
Subsequently, in February, 2020 his home was raided. He was arrested for violating the CFAA (Computer Fraud and Abuse Act). It was alleged that he was a disgruntled ex-employee causing problems at his former place of employment.
Interestingly, to "help resolve the matter", law enforcement requested he decrypt his Tor exit node to prove his innocence (???). After he refused, he was held in a pre-trial detention cell for over 3 years. He was denied bail after law enforcement stated Mr. Rockenhaus used Linux to "access the dark web" and he was "not complying" and not allowing them access to this Tor exit node.
After Mr. Rockenhaus' wife filed an official complaint, and Mr. Rockenhaus was miraculously released, he was raided by the United States Marshal Fugitive Task Force TWO TIMES(???).
They took him out his home, threw him to the ground, beat him, smashed his windows, and threatened to murder his animals.
They are still requesting Mr. Rockenhaus allow them to access his Tor exit node. Mr. Rockenhaus still has not granted them that privilege.
All of this has been captured on home security camera footage. Additionally, his wife has released all court documents.
See subsequent post for more information.
181
1,927
13,936
929,926
First look at the dynamic hash-mode support in upcoming hashcat, powered by the new Rust Bridge. No coding needed: write your pattern on the command line.
Don't want to wait for Release? Try it now via GitHub master or hashcat.net/beta. Feedback welcome on our Discord
1
46
150
15,433
hashcat v7.1.0 released!
This update includes important bug fixes, new features, and support for new hash-modes, including KeePass with Argon2.
Read the full write-up here: hashcat.net/forum/thread-133…
5
46
157
20,471
hashcat v7.0.0 released!
After nearly 3 years of development and over 900,000 lines of code changed, this is easily the largest release we have ever had.
Detailed writeup is available here: hashcat.net/forum/thread-133…
21
369
1,212
79,339
RealEnder retweeted
24 Jul 2025
everyone wants their own code to be written in easy python and everyone else's code to be written in fast robust rust
2
2
69
9,721
RealEnder retweeted
19 Jun 2025
I got a cease and desist from DocuSign for my free SaaS.
A couple of months ago, I saw a tweet from @awilkinson: “I just found out how much we pay for DocuSign and my jaw dropped. What's the best alternative?”
Me being naive, I thought “how hard could would it actually be to build a DocuSign alternative?”
Turns out not that hard.
In about a weekend, I built a UETA and ESIGN compliant tool. And it was free. And it cost me less than $50.
So I thought I’d share it out for free. Tweeted (Xeeted?) a link out. Went viral. At the time, I was charging $0 for it. Completely free. Had a over a thousand users sign up on the first day. All is great right?
Until DocuSign sent me an email. That I’m “in violation of Docusign’s intellectual property”. For “disseminating false and misleading statements regarding Docusign”.
What?
I never stole anything from DocuSign or made misleading statements about DocuSign.
They basically got scared that I created a free e-sign tool.
So what did I do with my free side project with a legal budget of $0?
Continued building of course. Shipped new features. Made the free product even better. It’s crazy how I now have thousands of users on Inkless who love the product.
DocuSign - maybe next time it’s better to listen to your customers rather than sending cease and desists?
602
1,373
18,236
1,804,060
15 Jun 2025
Sometimes in #wpasec we're hit by fake clients, running modified help_crack.py scripts. They just pull hashes, but don't crack them. This cripples the other users, since the system marks the hashes as checked, but they were not.
2
7
340
15 Jun 2025
Just deployed a cryptographic Proof-of-Work (PoW) challenge to fight this. Running help_crack.py will crack some hashes every time. As a side issue, from you have to run just one client from one IP address. This will improve once we implement per cracker identification.
2
5
274