Onion Information

Page Clicks: 1

First Seen: 04/28/2024

Last Indexed: 10/24/2024

Domain Index Total: 161

Galaxy4 Log in Full OPSEC guide for the new guys (Full Opsec Guide) By k20 29 Mar 2024 opsec , guide , guides !!! Links !!! ( Do not need but recommended to check out if you are bored .onion needs tor | Do all of this in Tor, even your everyday browsing, to making your pet rock do tricks. It's not for everyone ) : Fingerprinting: http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Keystroke_Deanonymization http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Surfing_Posting_Blogging#Mouse_Fingerpri nting http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Fingerprint http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/VM_Fingerprinting http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Protocol-Leak-Protection_and_Fingerprintin g-Protection http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion https://forum.qubes-os.org/t/advanced-browser-fingerprinting/12379 https://www.youtube.com/live/ttQiA_GfI6s?si=Of8lAIpSRKZk_S3H&t=131 https://www.youtube.com/watch?v=JWII85UlzKw https://www.howtogeek.com/windows-defender-accidentally-flags-tor-browser-as-a-trojan/ http://2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion/about/history/index.html Exposing Government: https://www.msn.com/en-us/news/politics/fbi-abused-spy-law-but-only-like-280-000-times-in-a-year/ar-AA1bxGm7 https://arstechnica.com/tech-policy/2024/01/nsa-finally-admits-to-spying-on-americans-by-purchasing-sensitive-data/ https://www.bbc.com/news/technology-54013527 https://www.wired.com/story/eternalblue-leaked-nsa-spy-tool-hacked-world/ https://www.wired.com/story/nsa-leak-reveals-agency-list-enemy-hackers/ https://www.wired.com/story/nsa-hacking-tools-stolen-hackers/ https://www.theguardian.com/us-news/2022/feb/11/declassified-documents-reveal-cia-collecting-information-americans https://www.bbc.com/news/world-us-canada-60351768 https://www.nbcnews.com/politics/national-security/human-spies-have-become-obsolete-says-one-expert-culprit-technology-n12809 65 !! http://g66ol3eb5ujdckzqqfmjsbpdjufmjd5nsgdipvxmsh7rckzlhywlzlqd.onion/post/486ac94a84cdac803ed4 !! Operating Systems( Needed ): Qubes: http://qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/doc/getting-started/ http://qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/doc/installation-guide/ http://qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/doc/ http://qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/news/2022/10/28/how-to-organize-your-qubes/ Tails: https://tails.net/doc/index.en.html Whonix: http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Introduction http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Advanced_Documentation Other: https://www.kicksecure.com/wiki/System_Configuration_and_Access#Use_a_Dedicated_Host_Operating_System_and_Computer Restore Privacy Forum: http://g66ol3eb5ujdckzqqfmjsbpdjufmjd5nsgdipvxmsh7rckzlhywlzlqd.onion/post/37ad1ab20b18bb2bbd6e Never have a username: Username can by tied up to identity - With no hacking username, there is no way for the non existent hacking username to be linked with real life identity - If we have to use a username, always use random and never used username - If forced to have a username to be known by changing it every week. -------------------------- !!! Email !!!: With unique email addresses only used for 1 purpose, it will be hard to link these emails together. Make sure the emails don't look like any of the other emails. With every email use a different unique super long extended ascii password. After its use, throw it away and close it to remove any data. For the email address username make sure to use a password manager password generator to generate the username for it.. Note: Only use Monero(XMR) ( cracked by finnish authorities, so use any crypto as long as you bought it over tor) Note: https://www.pgp.guide/ --------------------------- !REMOVE ALL METADATA FROM EVERY FILE! ( Metadata can easily set you up for attacks ) --------------------------- NEVER TALK TO ANYONE: Always conceal your intentions. You only share intentions with some people if you fully close up to some people they will become suspicious so fill it in with fake intentions to remove it. Online have a fake, # First name # Last name # Family # History # Intentions # Personality # Habits/intentions/passion ( multiple can simply be put as in a different side of computer science just in case they ask for it. Like for example: cryptography when you like malware ) - Note: Never make enemies that you do not need to be tracking you and if you have the chance take them down completely and make sure that they cannot touch you. Always have a side project to work on once a week to tell people what you are doing. If you do illegal things online, make your real life ID be strictly against that thing. Never share your phone number, just tell them you do not have one. Have a junk email under your government name to make sure that you aren't too suspicious, give that to most things if needed. ( Never use it ) - Assume everyone is an enemy. Do not look and act like a criminal - do not spend money to buy luxury items that would normally be beyond your means. -------------------------- Note: Opsec is fun, not irrational or irrelevant. It is needed. !!! Computer !!! Make sure that the device you are using does not have your IP address anywhere or any trace of you on it. Make sure you are using a private secured Linux distribution ( Whonix, Tails, Qubes, Debian if hardened, fedora if hardened or an atomic desktop distribution (NEVER USE FEDORA) ) - Make sure that everything is done within an encrypted virtual machine under one of those Linux distributions. I suggest Qubes OS or Tails. Have disposable virtual machines. Do your attack then delete every trace afterwards. Use a virtual keyboard to trick keyloggers. Every once in a while wipe your entire operating system and start cleaning again. ( If you are not using Qubes OS ) - Always use full disk encryption and always use very long passwords. Use pass-sentences that you can remember. Make sure to have it super long, at least 550 bit entropy( 16 characters should be enough ). Then layer it and have most directories encrypted as well with veracrypt. Tor is not optional, it is necessary. Highest settings at all costs. Use bulletproof hosting. ( If you host malware ) - Guard your hardware - never leave it in your room; never take more devices on a trip than you actually need; mask your webcam and microphones; use screen privacy filters - Properly manage images and social networks - remove image metadata, or, even better, do not post any images; do not use victim’s infrastructure to post to your personal social network accounts. Use Torctl and route all of your traffic through the tor network and keep your mac address randomized with it. When doing attacks in public you need to use linux tails or Qubes. Debian, Kali, Arch, Parrot, etc... are not enough. When you are communicating during an attack first have a custom super long password for each other beforehand to encrypt your emails when you send messages then when you trade credentials for an onion chat hosting with onionshare. Make sure it is 100% randomized with extended ascii on the max length. Once you use it once, it is just for that one chat. Signal is also another good option without the complication though way more vulnerable to attacks. Note: No connection is 100% secure, anything connected to wifi can be hacked remotely, even connected to a VPN( virtual private network ), even routed through tor. Expect to be exploited or get exploited. A computer is logic not magic. You don’t know more than the NSA and other intelligences with quantum engineering. Common Opsec Fails: Contamination - mixing real and fake identities; for example using the real name as a username, using real email addresses, domains registered in the real name, use of home IP address for criminal operations - Reuse of credentials - the higher the reuse the higher the risk of being discovered - Weak passwords - Forgetting basic OPSEC - connecting to the victim or C2 system with the real IP address by mistake - Testing malware on their own computer, infecting it and becoming a part of a tracked botnet - Leaving trails in malware to get public attention - Bragging on social networks - Following their own real personal accounts on social networks - Leaving payment trails - Leaving trails of activity in browser cache - Collaborators exposing activities either through bad OPSEC or deliberately after cooperating with law enforcement agencies or otherwise - Not using a virtual private network, recommendation is Mullvad. Make sure you are using Tor on the safest settings. Randomize your MAC address. Remember to change your host-name. Port spoofing if you are a public network. ( optional ) - If it includes an ID and is a more tracked location go under a fake name ( make it believable ). If you believe you are being tracked on social media that you cannot delete, change your name to a fake ID and have fake addresses linked to the account. It's your best bet. Don't be dumb always expect the worst from the government that includes quantum computers and supercomputers. Remember AES 256 GCM, CCM, XTS, CBC( CBC must be implemented correctly! ) or other cryptographically secure algorithms, never use asymmetric encryption like RSA. If something can be encrypted, encrypt it, it’ll become a habit. If you decide to use a custom proxy make sure you pair it with another secure proxy. Best to just use a VPN( highly anonymous proxy ). The server we use will be used by law enforcement to learn new stuff about you. Remember that. The feds will identify the CNC with the IP, and they will track you by linking connections to the CNC so use a good VPN. Feds and researchers will try to hack the CNC so don't be dumb whilst developing it. Nothing personal can be on the CNC, at all. Use regular everyday people to help partner with you. An unsuspecting partner.. USA Government ( Not written by me ): Right to remain silent: Most Western countries have the concept of the right to remain silent.Essentially this is a right against self-incrimination. USE IT. 98% of people questioned in the United States do not invoke their right to remain silent because they think it will make them look more suspicious or law enforcement might “give a better deal”.The simple fact is LAW ENFORCEMENT IS NOT YOUR FRIEND.They are building a case and anything you say can and will be used against you. Law enforcement in the United States can legally lie to you. If they promise a good deal or they will “go to bat” for you withthe prosecutor it’s a fucking lie, unless you have a lawyer present to help you and a pap