Professional interests
- Pro-bono cyber security advocacy for Alaska (follow Alaskan Cyber Watch / @techsolvency on Twitter)
- Passwords: auditing (hash cracking), consulting, and research (I have been on Team Hashcat (as TychoTithonus) since 2017)
- Information security consulting (subject to certain restrictions; my current focus is advocacy)
- Occasional specialized support, including pfSense and FreeBSD
- Multi-factor authentication, especially security keys / YubiKeys
- See my full list of services
Alaskan cyber security and technical resources
- AKMon - independent monitoring of Alaskan Internet infrastructure
- The Alaskan Domains List - a list of known domains of Alaskan interest
- Alaskan HTTPS Matrix - results from Qualys SSL Labs for Alaskan hosts - (accessible from "Alaskan" networks - see next)
- Alaskan Networks List - known Alaskan IP space, from BGP and other sources, in CIDR notation
- Alaskan Managed IT List - known Alaskan providers of IT services
- Alaskan Tech Groups - technical and IT professional / interest groups in Alaska
Passwords and password cracking
- Should you use the terms "dehashing", "reversing", or "decrypting" when talking about password cracking? (No - no, you should not.)
- Systems that I use in my password research include 'irongiant' (hashcat benchmark, personal blog post) and a ZTEX 1.15y cluster running John the Ripper
- ken's Salty Rainbow is an archive of descrypt hashes for common non-personal passwords
- My hashcat activity on GitHub (mostly docs PRs, feature requests, and bug reports)
- My convenience mirror of MDXfind - a highly efficient, multi-iteration/nested hashing tool
- I am a moderator of the hashcat forums
- I contribute to the Security StackExchange on password and hashing topics
- I'm proud of this hashcat feature request for sha1crypt support
- Many of my GitHub gists are password-related
- Some of my publications and talks are password-related
- Minimal true VeraCrypt FAT containers for hashcat testing
- 0x38b - an Alaskan password-hash puzzle ... on a bumper sticker
Technical security
- Checks - for a given hostname, generate links to recommended evaluation and testing tools
- The Story So Far - tracking of significant security events (less active now that I am less operational)
- Blue Team - tools for defenders
- Red Team - tools for pentesting and attack simulation
- User security advice - general tips
- How to really erase a storage device
COVID-19
Other resources
- My /pub directory, including my convenience mirror of MDXfind
- Recommended add-ons for browsers
- Email productivity tips
- Twitter tips
- Other tips and reading
- How to donate to free/FOSS software projects - support the giants on whose shoulders you're standing
- Selected mirrors of technical and/or historical interest
- Hash Crackers United - a Folding@home team for hashing enthusiasts, searching for COVID-19 clues
- Feeds - mine and otherwise
- NTP lab, including monitoring of known Alaskan NTP servers (currently inactive, for reference)
About me (Royce Williams)
- About me
- Talks that I have given (only a few so far)
- Publications that I have written or co-authored
- Consulting rates
- Contact me or go straight to Twitter or Mastodon