Dark Web Search Engines

7 white doors against a colorful wall.

The Dark Web isn’t indexed in the same locations as clear websites. Due to this, many dark web search engines have popped up over the last several years that allow you to search Dark Web content.

Here is a list of active dark web search engines.

Last Updated: 2022-08-21

OnionLand Search3bbad7fauom4d6sgppalyqddsqbf5u5p56b5k5uk2zxsy3d6ey2jobad.onion

Hacking Forums List

Computer screen with words, 'My only crime is that of curiousity'.

Web hacking forums with ties to confirmed criminal activity don’t often last very long, as was the case for RaidForums, earlier this year. These forums are often a treasure trove for security researchers and are a valuable tool for information security professionals.

Here is a list of both clear web and dark web (Tor) hacking forums available, validated as of 2022-08-13.

Clear Web

Website URLDomain Name
Leak Forumsleakforums.co
Hacking Father Forumhackingfather.com
Hack Forumzhackforumz.com
BugCrowd Forumforum.bugcrowd.com
Clear Web Hacking Forum List

Dark Web

Website URLDomain Name
Hell Hacking Forumhell2ker5i3xsy6szrl2pulaqo3jhcz6pt7ffdxtuqjqiycvmlkcddqd.onion
Dread Hacking Forumdreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion
DarkWeb Forumsdwforumuugiyderhybcpfxmlmoawgq6z3w6hk45nrnem3p7kwszhybad.onion
Hack Townhacktowns3sba2xavxecm23aoocvzciaxirh3vekg2ovzdjgjxedfvqd.onion
Dark Web Hacking Forum List

Traffic Light Protocol v2.0 Released

Paper reading, "Sharing" coming out of a typewriter.

The Traffic Light Protocol (TLP) is a simple schema to facilitate effective communication and information sharing when it comes to sensitive information. The Traffic Light Protocol provides simple labeling to indicate the sharing boundaries for information recipients. The TLP lends its name from the same traffic light system used all over the word, and also adopts the familiar RED, AMBER, GREEN coloring schema to be even more readable.

Information labeling is the responsibility of the information source, and may be shared with one or multiple parties.

Changes between TLP 1.0 and 2.0

  • The four TLP labels MUST not contain spaces, and SHOULD be all capitals. (i.e. TLP:RED, TLP:AMBER, TLP:GREEN, TLP:CLEAR). The TLP portion of the label must remain in the original form, regardless of language being used.
  • The information source may add additional sharing restrictions above those defined by the TLP. These additional restrictions MUST be adhered to by recipients.
  • TLP now mentions its use in automated information exchange systems, i.e. MISP or IEP. It also provides TLP usage details for automated information exchanges.
  • TLP now provides definitions for Community, Organization, and Clients
  • The definitions for TLP:RED, TLP:AMBER, TLP:GREEN, and TLP:CLEAR have been redefined. See below.
  • The TLP now suggests the designation of the end of text where the TLP applies.
  • TLP:AMBER now limits information sharing to the participants organization and its clients. Using the label TLP:AMBER+STRICT restricts sharing to the organization only.

TLP Color-Coding (RGB, CMYK, and Hex)

TLPRGB: FontRGB: BackgroundCMYK: FontCMYK: BackgroundHex: FontHex: Background
TLP:RED255 43 430 0 00 83 83 00 0 0 100#FF2B2B#000000
TLP:AMBER255 192 00 0 00 25 100 00 0 0 100#FFC000#000000
TLP:GREEN51 255 00 0 079 0 1 00 00 0 0 100#33FF00#000000
TLP:CLEAR255 255 2550 0 00 0 0 00 0 0 100#FFFFFF#000000
Traffic Light Protocol (TLP) Color-coding

TLP Definitions

TLP Protocolv1.0 Definitionv2.0 Definition
TLP:REDNot for disclosure, restricted to participants only.
Sources may use TLP:RED when information cannot be effectively acted upon by additional parties, and could lead to impacts on a party’s privacy, reputation, or operations if misused. Recipients may not share TLP:RED information with any parties outside of the specific exchange, meeting, or conversation in which it was originally disclosed. In the context of a meeting, for example, TLP:RED information is limited to those present at the meeting. In most circumstances, TLP:RED should be exchanged verbally or in person.
For the eyes and ears of individual recipients only, no further disclosure. Sources may use TLP:RED when information cannot be effectively acted upon without significant risk for the privacy, reputation, or operations of the organizations involved. Recipients may therefore not share TLP:RED information with anyone else. In the context of a meeting, for example, TLP:RED information is limited to those present at the meeting.
TLP:AMBERLimited disclosure, restricted to participants’ organizations.
Sources may use TLP:AMBER when information requires support to be effectively acted upon, yet carries risks to privacy, reputation, or operations if shared outside of the organizations involved. Recipients may only share TLP:AMBER information with members of their own organization, and with clients or customers who need to know the information to protect themselves or prevent further harm. Sources are at liberty to specify additional intended limits of the sharing: these must be adhered to.
Limited disclosure, recipients can only spread this on a need-to-know basis within their organization and its clients. Note that TLP:AMBER+STRICT restricts sharing to the organization only. Sources may use TLP:AMBER when information requires support to be effectively acted upon, yet carries risk to privacy, reputation, or operations if shared outside of the organizations involved. Recipients may share TLP:AMBER information with members of their own organization and its clients, but only on a need-to-know basis to protect their organization and its clients and prevent further harm. Note: if the source wants to restrict sharing to the organization only, they must specify TLP:AMBER+STRICT.
TLP:GREENLimited disclosure, restricted to the community.
Sources may use TLP:GREEN when information is useful for the awareness of all participating organizations as well as with peers within the broader community or sector. Recipients may share TLP:GREEN information with peers and partner organizations within their sector or community, but not via publicly accessible channels. Information in this category can be circulated widely within a particular community. TLP:GREEN information may not released outside of the community.
Limited disclosure, recipients can spread this within their community. Sources may use TLP:GREEN when information is useful to increase awareness within their wider community. Recipients may share TLP:GREEN information with peers and partner organizations within their community, but not via publicly accessible channels. TLP:GREEN information may not be shared outside of the community. Note: when “community” is not defined, assume the cybersecurity/defense community.
TLP:CLEARDisclosure is not limited.
Sources may use TLP:WHITE when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction.
Recipients can spread this to the world, there is no limit on disclosure. Sources may use TLP:CLEAR when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:CLEAR information may be shared without restriction.
Traffic Light Protocol (TLP) v1.0 and v2.0 definitions


1. https://www.first.org/tlp/
2. https://www.rfc-editor.org/rfc/rfc2119.html

Setting Proper Permissions on ~/.ssh

Chain lock over green wooden door.

SSH, or Secure Shell, is a network protocol that allows one device to securely connect to another remote device. The SSH protocol includes both a server and a client in order to provide the capability to connect from and connect to a remote device.

SSH client files are stored in a folder titled .ssh which is found in the home directory (~) of each user that utilizes SSH. This folder is not created by default, but is created if a remote host attempts to connect to the local device, or when the ssh-keygen is run.

Here is an example file structure of the ~/.ssh folder.

|- ~
|--- .ssh/
|----- config
|----- known_hosts
|----- authorized_keys
|----- id_rsa
|----- id_rsa.pub

In order for the SSH service to use the files contained in ~/.ssh, you must ensure that the file permissions and file ownership is set properly. If these files are given too many permissions, SSH won’t allow you to use them. Let’s review the proper permissions of the above example file structure.

File/FolderPermission (rwx)Permission (###)

** Permissions on the config file, and identify files containing private keys, are mandatory.


1. http://linuxcommand.org/lc3_man_pages/ssh1.html
2. https://superuser.com/questions/215504/permissions-on-private-key-in-ssh-folder#answer-1559867

Windows Explorer Not Starting On Windows 11 Startup

Windows Explorer

Windows 11 is now out of the Dev channel and into the Beta channel meaning that more of you now have access to be able to install or upgrade to a stable build of Windows 11.

Windows 11 is not production ready, yet, so it’s reasonable to expect some bugs or weird errors. One such bug I received was causing me a real headache and preventing me from even starting Windows fully. So what happened? Windows Explorer (explorer.exe) refused to completely start-up when booting into Windows. The Windows 11 desktop would load with my icons, however, I wasn’t able to launch any application and the Windows toolbar did not load at all.

Using Ctrl+Alt+Del, I was able to access the Task Manager, which confirmed my suspicion that the explorer.exe process was Not Responding. Ending the task didn’t correct the issue as Explorer.exe refused to restart upon termination. I also tried starting explorer.exe via the Task Manager after terminating it, to no avail. The process would continue to Not Respond.

In my instance, Windows 11 had downloaded some updates that I wasn’t aware of and hadn’t installed them yet. On the Ctrl+Alt+Del screen I was able to do a soft reboot of the device by clicking on the power icon, and then clicking on “Update and Restart”.

Fixing Windows Explorer Not Starting on Windows 11


  1. First, attempt to reboot the PC from Windows and look for artifacts of an upgrade such as the, “Update and Restart”, option.
  2. Still not working? Boot the PC into safe mode to see if Windows loads properly. If it does then the issue could be related to a driver. Update your hardware drivers.
  3. Still not working? From the Ctrl+Alt+Del screen, launch the Task Manager. Under the ‘Details’ tab locate explorer.exe, it will likely be Not Responding. End the task. If Explorer is functioning properly, it will automatically restart.

How to Get An Activated Windows 10 VM Directly From Microsoft

If Microsoft does one thing pretty well, it’s that they provide their developers with a number of tools and resources to explore and produce in the Windows eco-system. How many times have you needed to spin up a Windows 10 virtual machine, but didn’t have any available licenses and didn’t want to purchase one? Too many. That’s right.

Microsoft makes its Windows 10 operating system available as a virtual machine (with limited activation time that can be extended!) for developers to do what they do best, develop! Windows 10 Enterprise is available in one of 4 VM formats; VMWare, Hyper-V, VirtualBox, and Parallels. Not only does the VM give you a perfect Windows 10 environment, but it also comes with Virtual Studio 2019, Visual Studio Code, and Windows Subsystem for Linux already enabled with Ubuntu installed! Use the link below to head over to Microsoft for specific downloads.


The VM download is approximately 20GB compressed.

Windows 10 evaluation desktop with icons.
Windows 10 evaluation desktop with icons.

Initial Setup of Debian 10 on Digital Ocean (Part 1)

Two people in front of laptops setting up a server.

This is part 1 of the Initial Setup of a Debian 10 server on Digital Ocean.

This is a complement to Initial Server Setup with Debian 10 over on the DigitalOcean tutorials page. The tutorial linked provides an excellent base setup for your to springboard off of on to your own customer setup. That being said, there are always settings, configurations, and utilities that will be helpful for almost any setup. Some of the information below comes from How To Secure A Linux Server and The Book of Secret Knowledge (this is one of favourite repos).

Note: I will do my best to introduce anything that we change so that you can understand what that change might affect. All setups are different so don’t install or configure anything that you don’t need or want. This will just lead to you forgetting about it, it becoming outdated and a security issue.

Text that is highlighted with purple text should be updated with your specific values.

Logging In

If you’re a Windows user then I recommend Solar-PuTTY as a Command Line Client. (Shout to Greg for the find). Otherwise you can use the built-in terminal on your MacOS or Linux OS. Here is how we connect to our server via command line interface (CLI).

 justin@home:/$ ssh root@

Replace the IP Address with the IP of your new server.

At this point you’ll either a) be asked for the password that you set for the root account or b) the server will be expecting an SSH key if you chose to use SSH keys for logging in. If correct, you’ll be logged in.

Creating a User and Granting Administrator Privileges

You should only use the root account in special circumstances. It’s recommended that you create a standard account that has the ability to elevate to have administrative privileges, when necessary. We’re going to create a secondary account called bastion and then we’ll add it to the sudo group.

 justin@home:/$ adduser bastion
     Adding user `bastion' ...
     Adding new group `bastion' (1000) ...
     Adding new user `bastion' (1000) with group `bastion' ...
     Creating home directory `/home/bastion' ...
     Copying files from `/etc/skel' ...
       New password: <Enter Password>
       Retype new password: <Re-enter Password>
     passwd: password updated successfully
     Changing the user information for bastion
     Enter the new value, or press ENTER for the default
        Full Name []: Bastion
        Room Number []:
        Work Phone []:
        Home Phone []:
        Other []:
     Is the information correct? [Y/n] Y

You’ll be prompted to set and confirm a password on the new account. You can optionally add information such as a Room Number and Home Phone to the account.

 justin@home:/$ usermod -aG sudo bastion     

The usermod command allows us to modify existing accounts. We use the -a switch to append to the account, and the -G switch allows us to to select the Group(s) in which to append to the account. Members of the sudo group (superuser do) are able to run commands with the security privileges of another user. By default, it’s the superuser account.

Now we can append sudo to the beginning of our commands when logged in as bastion. Commands that make system changes, including software installs and uninstalls require elevated privilege that a standard account normally wouldn’t have.

Setting Up The Uncomplicated Firewall

A basic firewall goes a long way. Uncomplicated Firewall or UFW is a simple software firewall for Linux. Let’s install it, and then add a firewall rule for SSH so that we can still access it remotely.

justin@home:/$ apt install ufw

 justin@home:/$ sudo apt install ufw

 justin@home:/$ sudo ufw app list
 justin@home:/$ sudo ufw allow OpenSSH

 justin@home:/$ sudo ufw enable
 Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
 Firewall is active and enabled on system startup 

Once you’ve enabled UFW with that last command it will present you with a warning about losing your current SSH connection. As long as you allowed the OpenSSH app on line 3 above, you’re good. You can use the command sudo ufw status numbered to see the currently listed rules.

 justin@home:~# sudo ufw status numbered
 Status: active

      To                         Action      From
      --                         ------      ----
 [ 1] OpenSSH                    ALLOW IN    Anywhere
 [ 2] OpenSSH (v6)               ALLOW IN    Anywhere (v6)

Copying Existing SSH Keys

SSH is attacked all the time. It’s very, very common. If you’ve setup your accounts with SSH keys already, then you may wish to skip the next couple of sections. If you’re going to use the same SSH Keys that you created for your root account, read on.

SSH keys on the root account are stored at ~/.ssh/authorized_keys on your server. If you plan on using the same SSH keys on your bastion account you can simply copy this file over to your bastion account home directory and update the permissions of the .ssh folder recursively. (When copying from your root user, login as your root user)

 justin@home:/$ cp -r ~/.ssh /home/bastion

 justin@home:/$ chown -R bastion:bastion /home/bastion/.ssh

Creating SSH Keys (Using PuttyGen)

If you don’t have any SSH keys currently, or wish to create a new set a SSH keys for this new bastion user, we’ll use PuTTY Key Generator to do that. The image below shows the sequence of buttons you’ll press.

First, click the generate button. The Key window asks you to move your mouse around the blank Key area, randomly. This provides a pseudo-random input, kind of like an initial password to create the SSH key with. Once that’s done it will generate a key!

The Key fingerprint and Key comment are already filled in. A Key passphrase adds an additional layer of security to your SSH Key by requiring a passphrase every time that it’s used. The passphrase is optional, but may secure your SSH keys from being used, if they are ever stolen.

Copy the text in the ‘Public key for pasting into OpenSSH authorized_keys file’ field to a Notepad. Click Save public key and Save private key to save the respective key(s) to your computer. The file extensions don’t matter in this instance, however, you may wish to use the following extensions on your key files:

id_rsa.pub (Public Key)
id_rsa.key or id_rsa.ppk (Private Key)

Keep these safe and secure. Make sure that you keep backups.

Create a third-file called authorized_keys and paste the text that you saved in Notepad, previously.

Uploading SSH Keys

The easiest way to copy SSH keys to your server is by using the ssh-copy-id command, however, ssh-copy-id isn’t available on Windows. I’ll show you the ssh-copy-id way of uploading your SSH public key to your new server, as well as the scp command (Secure Copy).


The ssh-copy-id command is by far the easiest method of moving your SSH public key from your local machine, to your new server. It handles all of the dirty work for us. Dirty work that you’ll see in the scp command below it.

 justin@home:/$ ssh-copy-id -i ~/.ssh/authorized_keys root@

 justin@home:/$ ssh-copy-id -i ~/.ssh/authorized_keys bastion@

 # We can also not utilize the -i switch and ssh-copy-id will attempt to find your keys for you, automatically.

 justin@home:/$ ssh-copy-id bastion@    

The ssh-copy-id command requires very little input. I’ve given it a path to my SSH public key, and then I finish the command with my root login @ my new server. You’ll be prompted for your password after pressing enter. Once it completes your public key will be dropped in the ~/.ssh/authorized_keys file for the user that you logged in with. This example is uploading a public key for the root user.

SCP (Secure CoPy)

Unlike ssh-copy-id, the secure copy (scp) command is available on both the Windows Command Prompt, and PowerShell. Also, unlike ssh-copy-id, the scp command will completely overwrite your authorized_keys file with the contents of your public key.

 justin@home:/$ scp C:\Users\Justin\.ssh\authorized_keys root@

SSH Copy

Here is a third example of copying SSH keys to your server using the SSH command. This is the most explicit way of copying your SSH keys as you are going to be piping several simpler commands together.

 justin@home:/$ cat C:\Users\Justin\.ssh\id_rsa.pub | ssh root@ "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >>  ~/.ssh/authorized_keys"

Secure Remote SSH

By default, the SSH service allows everyone to attempt to connect to it, and to attempt to login with a username and password. Since we’re now using SSH Keys for all of the potential remote users on our server there are several configurations that we now must do in order to secure SSH.

  • Disable Root Logins Using Passwords
  • Disable Password Authentication
  • Change the default SSH port

All of our the configuration for the SSH service is contained within /etc/ssh/sshd_config. Open that file with nano or your favourite editor and change the following settings. I’ve placed a comment character (#) next to the old setting.

# Port 22
Port 2222

# PermitRootLogin yes
PermitRootLogin without-password

# PasswordAuthentication may not be listed in your sshd_config file. If it’s missing, simply add the configuration line to the end of the file.
# PasswordAuthentication yes
PasswordAuthentication no

After you save ssd_config, you’ll want to allow traffic to the new port before restarting the SSH service.

 justin@home:/$ ufw allow 2222/tcp
 justin@home:/$ service ssh restart

You might be wondering why we’re changing the default SSH port? SSH is a commonly attacked service with the default port being 22. Servers and computers connected to the Internet are constantly being scanned to find out if this port is open. Changing the port doesn’t prevent attacks, but it adds an extra layer of difficulty as an attacker would need to identify the correct port and adjust their attacks appropriately. It’s not worth the effort to focus on one such server.

We’ll be digging into some more in depth system settings in part 2.

I highly recommend DigitalOcean if you’re looking for discount VPS.

Python Regex For IP Address Matching

computer scripting on a computer screen

I was working on a Python script to find IP Addresses from a large number of JSON files. Didn’t need anything complex so my script works as follows:

  • Read in all of the JSON files in a given directory.
  • Using Regular Expressions, search the data previously read and attempt to match for IP Addresses.
  • Save a list of suspected IP Addresses to a list.
  • Check each IP Address in the list using the IPStack API. Remove any IP Addresses from the list that are not actually IP Addresses. (This gives us additional info, as well as validates what we found was an actual IP Address.)
  • Output a list of information regarding the IP Address.

This post is to provide a confirmed RegEx for IP Addresses using Python. Without further ado.

  ip_regex = r"^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$"

Signal – Getting Started with Secure SMS


You’ve probably heard of Signal lately; on the news, on Facebook, or somewhere else on the Internet. My sister “tried” to use it, but only ended up missing a bunch of text messages from me. So this post is for my sister and anyone else interested in securing their text messages.

Why Would I Want Secure Text Messages? Are People Really Reading My Texts?

These are two of the most common questions that I get about this. A lot of you Apple users just love your iMessage. Guess what?!? Signal is, for all intents and purposes, the same thing as iMessage except for the following very big differences:

  1. It’s available on both iOS and Android, as well as your Desktop (Windows, Linux and MacOS).
  2. The messages, photos, videos, and even the calls sent between users are only viewable by those users.
  3. It’s Open Source. This means that the software code that was used to create it is freely viewable on the Internet, and anyone can contribute to the development of the program.

Getting Started with Signal

  1. Getting started with Signal is easy. The application is available on both the Play! Store on Android and the App Store on iOS. Once you’ve set it up on your mobile device you can install it on your desktop computer to send messages to other Signal users.
  2. When you first open Signal you’ll need to go through a basic registration where it will validate your phone number.

That’s it! You’re done.

You’ll want to send future texts using the Signal app so don’t forget to update the shortcuts on your phone screen. You may also need to make Signal your default SMS app, which it will prompt you to do when you launch the app.

What If My Friends Don’t Have Signal?

The Signal app allows you to send messages to everyone, even if they don’t have the Signal app. The only issue is that the messages between you and those people will not be secure, and functionality like video calling won’t work.

Easily Generate Security Keys With WordPress Salt Generator

Locked Vault

I was migrating some WordPress websites this weekend on to our new Website Hosting platform at Rogue Security. Normally I wouldn’t do a lot of it manually, but was having an issue with one of the websites and realized it would be easier to install a fresh copy of WordPress. Well, while configuring the wp-config.php I was at the Authentication Keys block, and hidden in the comments of that block is a link to the WordPress Salt Generator.

 * Authentication Unique Keys and Salts.
 * Change these to different unique phrases!
 * You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org sec$
 * You can change these at any point in time to invalidate all existing cookies. This will force all users $
 * @since 2.6.0
define( 'AUTH_KEY',         '<random-characters>' );
define( 'SECURE_AUTH_KEY',  '<random-characters>' );
define( 'LOGGED_IN_KEY',    '<random-characters>' );
define( 'NONCE_KEY',        '<random-characters>' );
define( 'AUTH_SALT',        '<random-characters>' );
define( 'SECURE_AUTH_SALT', '<random-characters>' );
define( 'LOGGED_IN_SALT',   '<random-characters>' );
define( 'NONCE_SALT',       '<random-characters>' );

What is a Salt?

Great question! a salt is random data/characters that is used as additional input for one-way hashing algorithms. Yeah, that was a lot so here is an example. When you create a new account on Facebook you must enter a username and password. After submitting that information, Facebook store the username in the database as it’s written in plain-text that is human-readable. However, Facebook takes the password that you entered and adds a salt to it, encrypts it using a hashing algorithm such as MD5 of SHA256 and then they store it in the database. It doesn’t matter how or where the salt is placed in the password.

A hashing algorithm will produce the same output given the same input. In other words, every time I use the SHA256 algorithm with my name as the input, it’s going to produce the exact same output. My Python script below shows that.


No matter how many times I run this script with my name as the test_string it will never generate a different string, unless I change the hashing algorithm, of course.

The salt doesn’t change your password, it changes how your password is stored. Remember how my name will generate the same hash every time I check it? Well so will your password. If a malicious actor knows the hash of your password, it can still be just as useful as the actual password, more so if it hasn’t been salted prior to encryption.

WordPress Salt Generator

The WordPress Salt Generator is a simple page for generating a complete set of secret keys for your WordPress installation. If you’re using it for WordPress security purposes then you simply load up the page linked to above, and copy the generated keys into your wp-config.php file. These keys are also automatically generated during a standard installation so you only really need to do this if you are doing a manual install. If you don’t fill them out, they will be automatically generated for you during the first run.

Other Uses

So, how else might they be useful?

The page generates 8, 64-bit strings that are pseudo-random. You could easily connect to this page with a little Python, parse the data and have a quick subset of secret keys that can be used for just about anything. Need some quick licenses created? Pull up the page, copy a key. You have yourself randomly generated license keys (just make sure you check for duplicates).

Do you like complex passwords? I do. Some of my passwords are actually 64 random characters so this is perfect for that.