Skip to content

Latest commit

 

History

History
378 lines (283 loc) · 26.1 KB

README.md

File metadata and controls

378 lines (283 loc) · 26.1 KB

Grey - Privacy/TOR/OPSEC

Privacy

Guides and Reference

Altnets

Tools

Privacy Comms

Secure Webmail Providers

  • CounterMail - online email service, designed to provide maximum security and privacy.
  • Mail2Tor - is a Tor Hidden Service that allows anyone to send and receive emails anonymously.
  • Tutanota - is the world's most secure email service and amazingly easy to use.
  • Protonmail - is the world's largest secure email service, developed by CERN and MIT scientists.
  • Startmail - private & encrypted email made easy.

Browser Privacy/Check yourself

Personal Network Security

TOR

TOR Tools

Tor Bridges - alternative entry points for Tor that are not listed

Interesting Tor pages

Check yourself

Misc Reference

OPSEC

Good habits

• Your "work" computer should never ever have anything personally related to your real identity. Ever!
• Your host machine should have Anti-Virus or Windows Defender enabled.
• Your host machine should always be kept up to date with current updates.
• Your host machine should have full HD encryption.
• Your host machine should have opensnitch, Glasswire, or Littlesnitch installed.
• Your host machine should have booting from USB disabled in the BIOS settings (see how to get into your BIOS and disable it).
• Your host machine should have a VPN running on it.
• Everything should be saved to the USB and never the HD.
• A password manager should be used for storing your passwords.
• VM should be saved onto on a USB/Micro SD and encrypted.
• Whonix should be used to conduct all your Darkweb activities.
• Spoof your MAC and Computer Name every time on start-up and shutdown.
• Use CCleaner, bleachbit, or similar programs on your host machine before each shutdown.
• Be conscious of other devices you may have on your person that are giving away your location (cell phones are not your friends).
• PGP encryption for secure emailing
• Only wired keyboards and mice
• Read http://grugq.github.io/

Command line history

  • Disable PS logging

  • .i. Leave Bash without history:

    Tell Bash to use /dev/null instead of ~/.bash_history. This is the first command we execute on every shell. It will stop the Bash from logging your commands.

    export HISTFILE=/dev/null

    It is good housekeeping to 'commit suicide' when exiting a shell:

    alias exit='kill -9 $$'

    Any command starting with a " " (space) will not get logged to history either.

    $  id

    1.ii. Hide your command

    /bin/bash -c "exec -a syslogd nmap -T0 10.0.2.1/24"
# or starting as a background process:
exec -a syslogd nmap -T0 10.0.2.1/24 &>nmap.log &

    Alternatively if there is no Bash:

    cp `which nmap` syslogd
PATH=.:$PATH syslogd -T0 10.0.2.1/24

    In this example we execute nmap but let it appear with the name syslogd in ps alxwww process list.

    1.iii. Hide your arguments

    Download zap-args.c. This example will execute nmap but will make it appear as 'syslogd' without any arguments in the ps alxww output.

    gcc -Wall -O2 -fpic -shared -o zap-args.so zap-args.c -ldl
LD_PRELOAD=./zap-args.so exec -a syslogd nmap -T0 10.0.0.1/24

{% embed url="https://youtu.be/TgquV_OA-lU" %}

Web Opsec

  • Disable Javascript
  • Set security to safest setting
  • Use Cached version of website when on network instead of net requests.
    • cache.example.co.uk
  • Use a search engine that does not track its users
  • Tracking cookies
  • Website settings
    • Disable “Show others my online status”
  • Doublecheck
    • Display all the information your browser is currently showing about you
      • Use the above Browser

File management

  • File verification

  • File shredding
    http://www.dban.org
    http://www.fileshredder.org
    http://www.piriform.com/ccleaner

  • Shred & Erase a file

    shred -z foobar.txt

  • **Shred & Erase without **shred

    FN=foobar.txt; dd bs=1k count="`du -sk \"${FN}\" | cut -f1`" if=/dev/urandom >"${FN}"; rm -f "${FN}"

    Note: Or deploy your files in /dev/shm directory so that no data is written to the harddrive. Data will be deleted on reboot.

    Note: Or delete the file and then fill the entire harddrive with /dev/urandom and then rm -rf the dump file.

  • Restore the date of a file

    Let's say you have modified /etc/passwd but the file date now shows that /etc/passwd has been modifed. Use touch to change the file data to the date of another file (in this example, /etc/shadow)

    touch -r /etc/shadow /etc/passwd

  • Clear logfile

    This will reset the logfile to 0 without having to restart syslogd etc:

    cat /dev/null >/var/log/auth.log

    This will remove any sign of us from the log file:

    cd /dev/shm
grep -v 'thc\.org' /var/log/auth.log >a.log; cat a.log >/var/log/auth.log; rm -f a.log

  • Hide files from that User without root privileges

    Our favorite working directory is /dev/shm/. This location is volatile memory and will be lost on reboot. NO LOGZ == NO CRIME.

    Hiding permanent files:

    Method 1:

    alias ls='ls -I system-dev'

    This will hide the directory system-dev from the ls command. Place in User's ~/.profile or system wide /etc/profile.

    Method 2: Tricks from the 80s. Consider any directory that the admin rarely looks into (like /boot/.X11/.. or so):

    mkdir '...'
cd '...'

    Method 3: Unix allows filenames with about any ASCII character but 0x00. Try tab (). Happens that most Admins do not know how to cd into any such directory.

    mkdir $'\t'
cd $'\t'

  • Encrypting a file

    Encrypt your 0-Days and log files before transfering them - please. (and pick your own password):

    Encrypt:

    openssl enc -aes-256-cbc -pbkdf2 -k fOUGsg1BJdXPt0CY4I <input.txt >input.txt.enc

    Decrypt:

    openssl enc -d -aes-256-cbc -pbkdf2 -k fOUGsg1BJdXPt0CY4I <input.txt.enc >input.txt

Email Opsec

• Always use tor to create emails and to check that email.
• Never use your home wifi
• If email registration requires a phone number, use a burner phone that can recieve texts.
• Wait at least 1 month before using the phone, and purchase far away from your home.
• Use email providers that operate on Tor and use PGP when dealing with clients
http://secmailw453j7piv.onion
http://eludemaillhqfkh5.onion
http://mail2tor2zyjdctd.onion
http://cockmailwwfvrtqj.onion

PGP Encryption

  • Nulltrace - An onion site that offers an easy to use PGP toolkit. Allows a user to create PGP keypairs, sign, verify, encrypt and decrypt.

{% content-ref url="pgp-guide.md" %} pgp-guide.md {% endcontent-ref %}

Dread OPSEC Guide

Security Settings: Click on the shield icon at the top of the Tor browser and click "Advanced Security Settings" and set the value to "Safest". Note For Tails Users: Tails will reset this value on system restarts, so make sure you do this everytime you launch Tor on Tails!

Privacy Checking: To check that your I.P. address is a Tor exit node, and that your security settings are correct, go to https://whatsmybrowser.org/ and ensure the following:

-Javascript is disabled! -No browser details can be detected!

Plugins: Additional addons/plugins should not be installed. Plugins not supported by the TorProject run the risk of bypassing the Tor network and accessing the net directly, which runs the risk of leaking your real I.P. address. It should be a clear indication to anyone why this is an issue, but people sometimes disregard this risk and lose a large part of their OpSec over this mistake.

Tails: Tails is a live operating system that you can start on almost any computer from a DVD, USB stick, or SD card. It aims at preserving your privacy and anonymity and helps you to: use the internet anonymously and circumvent censorship; route all connections to the internet through the Tor network; leave no trace on the computer you are using unless you explicitly ask it to; encrypts your files, emails, and instant messaging using state-of-the-art cryptography.

Official Site: https://tails.boum.org/ Tails For The Darknet Markets: http://archivecaslytosk.onion/fyYz5

Whonix: An alternative to Tails and also an open source project. Whonix is an operating system focused on anonymity, privacy, and security. It's based on the Tor anonymity network, Debian GNU/Linux, and security by isolation. DNS leaks are impossible and not even malware with root privileges can find out the user's real I.P. address.

Official Site: https://www.whonix.org/ Whonix For The Darknet Markets: http://archivecaslytosk.onion/COfTH

Shredding History / Footprints: This section only applies to users who use the Tor browser while not using Tails or Whonix.

The recommended tool for cleaning footprints, history, cache, etc. from your drive(s) is using a program known as CCleaner. When using the program it is recommended to go to 'Options' > 'Settings' and then selecting "Complex Overwrite" (7 passes) and "Secure File Deletion". Make sure all the boxes are ticked when cleaning including the 'Windows' and 'Application' tabs.

This is normally recommended before the connection to Tor, and after you've left Tor, to wipe all cookies etc. Remember that although this may clear a good deal of the tracks left behind on your PC, wiping your drive(s) with random data and zeros from a live operating system is the only way to permanently clean your tracks. It is also good to note that there is no reliable way to wipe solid state drives so using hard drives is the preferred hardware.

Cookies - How The NSA Is Using Them To Track Tor Users: Let's suppose that there is an online shopping website, owned, or controlled by the NSA. When a normal user will open that website from his/her real I.P. address, the website creates a cookie on the user's browser and stores the real I.P. address and other personal information about the user. When the same user will again visit the same NSA owned website, enabling Tor this time on the same browser - the website will read the last stored cookies from the browser, which includes the user's real I.P. address, and other personal Information. Furthermore, the website just needs to maintain a database of real I.P. addresses against the Tor Proxy enabled fake I.P. addresses to track anonymous users. The more popular the site is, the more users can be tracked easily. Documents show that the NSA is using online advertisements, i.e. Google Ads to make their tracking sites popular on the internet.

How You Can Avoid Cookie Tracking? By using the Tor browser exclusively for darknet activities. Browsers can't read cookies created by other browsers so using your standard browser for clearnet use can save you from this issue. However, you should always clear the cookies (with CCleaner or alike) after you’re done so any stored information, such as login information will not be stored on the computer's drive. If you're doing something very interesting, you should use Tor on an amnesic operating system, such as Tails, so that any data is dumped when the machine is closed.

Closing: Hopefully you found this Tor Browser Security Guide a helpful source of information on the various steps needed to maintain your security and privacy. Don't take your freedom, nor your livelihood, for granted. You never know what could happen so never let the odds be stacked against you!