Opsec Measures: Difference between revisions
No edit summary |
No edit summary |
||
| (21 intermediate revisions by one other user not shown) | |||
| Line 2: | Line 2: | ||
Here you will find resources that will help you from a technological operational security perspective. OPSEC is much more than simply what networks and technology you use. | Here you will find resources that will help you from a technological operational security perspective. OPSEC is much more than simply what networks and technology you use. | ||
Make sure that you use a separate and fully encrypted computer to work from. This can be a virtual machine, USB, external drive or a throw away laptop. All of your network traffic should be routed entirely over Tor (whonix is the best for this). See [https://enlacehacktivista.org/images/6/69/Hack_back1.txt Phineas | Make sure that you use a separate and fully encrypted computer to work from. This can be a virtual machine, USB, external drive or a throw away laptop. All of your network traffic should be routed entirely over Tor (whonix is the best for this). See [https://enlacehacktivista.org/images/6/69/Hack_back1.txt Phineas Fishers operational security practices] for hackers OPSEC. | ||
== OPSEC Tools == | == OPSEC Tools == | ||
* https://www.qubes-os.org/ | There is no silver bullet when it comes to protecting yourself, staying safe and anonymous. It's important to know how to use the tools we rely on to keep us safe and free. Below you will find industry standard tools that will help keep your hacktivity private and secure. | ||
* https://www.whonix.org/ | |||
* https://tails. | When communicating with journalists or other hackers it's important to keep all communication end-to-end encrypted, network connection over Tor and to [https://www.wired.com/2015/05/silk-road-2/ not use aliases or emails that lead back to your real world identity]. | ||
* https://www.qubes-os.org ([http://qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion Tor]) | |||
* https://www.whonix.org ([http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion Tor]) | |||
* https://tails.net | |||
* The whonix wiki has lots of great info on anonymity even if you're not using whonix: https://www.whonix.org/wiki/Documentation | * The whonix wiki has lots of great info on anonymity even if you're not using whonix: https://www.whonix.org/wiki/Documentation | ||
* https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TransparentProxy | * [https://www.whonix.org/wiki/Comparison_with_Others Custom]: https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TransparentProxy | ||
* Use veracrypt to encrypt your virtual machines and hard drive. https://veracrypt.fr | * Use veracrypt to encrypt your virtual machines and hard drive. Make sure to save your hacktivity inside of a [https://veracrypt.eu/en/Hidden%20Volume.html hidden volume] for plausible deniability. https://veracrypt.fr | ||
* https://www.torproject.org/ | * Tor browser: https://www.torproject.org ([http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion/index.html Tor]) | ||
* Disable javascript (set Security Level to "Safest" in Tor Browser) | * Disable javascript (set Security Level to "Safest" in Tor Browser) | ||
* If you plan on transacting you should always start from monero and swap your XMR to another coin. This reduces traceability (over Tor). https://www.getmonero.org/ | * If you plan on transacting you should always start from monero and swap your XMR to another coin. This reduces traceability (over Tor) and will defeat standard blockchain investigations. https://www.getmonero.org ([http://monerotoruzizulg5ttgat2emf4d6fbmiea25detrmmy7erypseyteyd.onion/index.html Tor]) | ||
== Guides and Information == | |||
* [https://www.anarsec.guide/ AnarSec] | |||
Interesting techniques for detecting [[wikipedia:Evil Maid attack|evil maid attacks]], along with lots of great information on Qubes, Tails, GrapheneOS and more. | |||
* [https://www.notrace.how/ No Trace Project] | |||
Mostly focused on surveillance of physical actions, but plenty is relevant for hacking. Hackers will need to watch out for physical frame grabbers and keyloggers in addition to [https://www.notrace.how/earsandeyes/ microphone and cameras], along with being mindful of [https://www.notrace.how/resources/read/who-wrote-that.html what they write.] | |||
== Know your enemy == | |||
Cyber investigators will use many techniques to uncover your identity to facilitate in a successful arrest. Books as seen below help us see and understand some of the tactics they use, even trying to infiltrate groups to collect information. | |||
'''Always be aware, know your enemy!''' | |||
* (Book) Hunting Cyber Criminals: A Hacker's Guide to Online Intelligence Gathering Tools and Techniques 1st Edition | |||
* (Book) Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency | |||
Latest revision as of 16:43, 9 November 2023
Recommended Measures
Here you will find resources that will help you from a technological operational security perspective. OPSEC is much more than simply what networks and technology you use.
Make sure that you use a separate and fully encrypted computer to work from. This can be a virtual machine, USB, external drive or a throw away laptop. All of your network traffic should be routed entirely over Tor (whonix is the best for this). See Phineas Fishers operational security practices for hackers OPSEC.
OPSEC Tools
There is no silver bullet when it comes to protecting yourself, staying safe and anonymous. It's important to know how to use the tools we rely on to keep us safe and free. Below you will find industry standard tools that will help keep your hacktivity private and secure.
When communicating with journalists or other hackers it's important to keep all communication end-to-end encrypted, network connection over Tor and to not use aliases or emails that lead back to your real world identity.
- https://www.qubes-os.org (Tor)
- https://www.whonix.org (Tor)
- https://tails.net
- The whonix wiki has lots of great info on anonymity even if you're not using whonix: https://www.whonix.org/wiki/Documentation
- Custom: https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TransparentProxy
- Use veracrypt to encrypt your virtual machines and hard drive. Make sure to save your hacktivity inside of a hidden volume for plausible deniability. https://veracrypt.fr
- Tor browser: https://www.torproject.org (Tor)
- Disable javascript (set Security Level to "Safest" in Tor Browser)
- If you plan on transacting you should always start from monero and swap your XMR to another coin. This reduces traceability (over Tor) and will defeat standard blockchain investigations. https://www.getmonero.org (Tor)
Guides and Information
Interesting techniques for detecting evil maid attacks, along with lots of great information on Qubes, Tails, GrapheneOS and more.
Mostly focused on surveillance of physical actions, but plenty is relevant for hacking. Hackers will need to watch out for physical frame grabbers and keyloggers in addition to microphone and cameras, along with being mindful of what they write.
Know your enemy
Cyber investigators will use many techniques to uncover your identity to facilitate in a successful arrest. Books as seen below help us see and understand some of the tactics they use, even trying to infiltrate groups to collect information.
Always be aware, know your enemy!
- (Book) Hunting Cyber Criminals: A Hacker's Guide to Online Intelligence Gathering Tools and Techniques 1st Edition
- (Book) Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency