Hi All!
This is going to be my first post. To the mods: If this isn't in the right section, please move it for me or delete it
This guide isn't designed to be an full guide, Most people will have these basics already down.
Final note: This comes from experience. People say you can learn from mistakes. In OPSEC, any mistakes could prove fatal. As always, suit this advice to your situation (you know you best)
Most people will focus on cyber OPSEC but sometimes forget, patterns that publicly visible can be used by your adversity against you. Stay safe out there.
*-* -
Eris
Hidden Content
THREE PRINCIPLES
SEE NO EVIL
HEAR NO EVIL
SPEAK NO EVIL
SEE NO EVIL
See no evil requires the most in terms of analyzing your situation. Think about it like this:
You've found this wonderful Cafe that you'd like to "legally" crack accounts from.
Its small, nice tables to work from allowing you to obscure your screen from other people.
Free open Wi-Fi
Wonderful Coffee (critical
)
Wonderful! One small problem however, there's a few threats we haven't taken into account:
Cameras - Sure, its unlikely that you'll sit directly under one with your massive L33t HaxBook Pro screen, with a clear picture of what you're doing. The risk is real, you're handing free information over to your adversity. Someone concerned with what you're doing (Staff) could alert them, and this wouldn't be good time mmmkkkay?
Customers or Staff - Most people will ensure that device screens will not be in the view of other people, but its always worth double checking by putting yourself in the shoes of someone else. Staff of the Cafe (or whatever location you're doing your gods work from) could get worried overtime if large amounts of data or weird cease and desist love letters start showing up.
Physical Security - ALWAYS and i mean ALWAYS ensure you keep your devices encrypted and locked when in public, or, briefly moving away from your device. I shouldn't need to explain this.
Also worth keeping in mind is having a kill-switch/an easy way to power down the encrypted device in-case of a shitty situation.
This list doesn't cover everything, but it should drive the point home. Don't let people see no evil. As I believe everyone's OPSEC is tailored to them, i won't tell you what to do in order to reduce these risks, however, here are some basic things you could look into doing:
Over the span of time visiting the location, see if you can find cameras around the place. Even better, if you're connected to their network, do a network scan and attempt to find the local login page for the cameras. 7/10 they'll have default passwords you can Google. Once you're in, figure out the blind spots, and work from that area.
Apply some basic SE on the Staff to build trust overtime. This will go along way, strong cover stories work well if you're going to this location often.
HEAR NO EVIL & SAY NO EVIL
I was going to put these as separate sections however, the meaning of these principles is so easy to understand, I'm not going to bother. To "Hear no evil" & "Say no evil" is to basically not allow others to hear and for you not to say anything. The saying "loose lips sink ships" is fucking real. I know people personally who are currently doing time because they couldn't keep their mouth shut. Most of you will understand. Some basic things you could do to follow this principle are:
Shutting the fuck up - Pretty straight forward, don't tell anyone about anything hell, not even your dog. People are always listening more so often in public places. People are your biggest weakness in OPSEC. Someone you trust today, could be your adversity tomorrow (words to live by Exclamation )
Save any voice conversations until in private - Once again, very straight forward. Assuming you've covered your digital OPSEC to allow you to have these, its very risky to have these ANYWHERE in public. You never know if CCTV is picking up audio.
That's a wrap! Most of you will already follow this on a daily basis however, some new users will focus so heavily on digital OPSEC that they'll get fucked over by not following these three basic principles.
I strongly urge even the most advanced users with great OPSEC planning to always take stock and assess the situation.
Hope you enjoyed
*-* -
Eris
This is going to be my first post. To the mods: If this isn't in the right section, please move it for me or delete it
This guide isn't designed to be an full guide, Most people will have these basics already down.
Final note: This comes from experience. People say you can learn from mistakes. In OPSEC, any mistakes could prove fatal. As always, suit this advice to your situation (you know you best)
Most people will focus on cyber OPSEC but sometimes forget, patterns that publicly visible can be used by your adversity against you. Stay safe out there.
*-* -
Eris
Hidden Content
THREE PRINCIPLES
SEE NO EVIL
HEAR NO EVIL
SPEAK NO EVIL
SEE NO EVIL
See no evil requires the most in terms of analyzing your situation. Think about it like this:
You've found this wonderful Cafe that you'd like to "legally" crack accounts from.
Its small, nice tables to work from allowing you to obscure your screen from other people.
Free open Wi-Fi
Wonderful Coffee (critical
)Wonderful! One small problem however, there's a few threats we haven't taken into account:
Cameras - Sure, its unlikely that you'll sit directly under one with your massive L33t HaxBook Pro screen, with a clear picture of what you're doing. The risk is real, you're handing free information over to your adversity. Someone concerned with what you're doing (Staff) could alert them, and this wouldn't be good time mmmkkkay?
Customers or Staff - Most people will ensure that device screens will not be in the view of other people, but its always worth double checking by putting yourself in the shoes of someone else. Staff of the Cafe (or whatever location you're doing your gods work from) could get worried overtime if large amounts of data or weird cease and desist love letters start showing up.
Physical Security - ALWAYS and i mean ALWAYS ensure you keep your devices encrypted and locked when in public, or, briefly moving away from your device. I shouldn't need to explain this.
Also worth keeping in mind is having a kill-switch/an easy way to power down the encrypted device in-case of a shitty situation.
This list doesn't cover everything, but it should drive the point home. Don't let people see no evil. As I believe everyone's OPSEC is tailored to them, i won't tell you what to do in order to reduce these risks, however, here are some basic things you could look into doing:
Over the span of time visiting the location, see if you can find cameras around the place. Even better, if you're connected to their network, do a network scan and attempt to find the local login page for the cameras. 7/10 they'll have default passwords you can Google. Once you're in, figure out the blind spots, and work from that area.
Apply some basic SE on the Staff to build trust overtime. This will go along way, strong cover stories work well if you're going to this location often.
HEAR NO EVIL & SAY NO EVIL
I was going to put these as separate sections however, the meaning of these principles is so easy to understand, I'm not going to bother. To "Hear no evil" & "Say no evil" is to basically not allow others to hear and for you not to say anything. The saying "loose lips sink ships" is fucking real. I know people personally who are currently doing time because they couldn't keep their mouth shut. Most of you will understand. Some basic things you could do to follow this principle are:
Shutting the fuck up - Pretty straight forward, don't tell anyone about anything hell, not even your dog. People are always listening more so often in public places. People are your biggest weakness in OPSEC. Someone you trust today, could be your adversity tomorrow (words to live by Exclamation )
Save any voice conversations until in private - Once again, very straight forward. Assuming you've covered your digital OPSEC to allow you to have these, its very risky to have these ANYWHERE in public. You never know if CCTV is picking up audio.
That's a wrap! Most of you will already follow this on a daily basis however, some new users will focus so heavily on digital OPSEC that they'll get fucked over by not following these three basic principles.
I strongly urge even the most advanced users with great OPSEC planning to always take stock and assess the situation.
Hope you enjoyed
*-* -
Eris
Verified & Trusted WesternUnion | MoneyGram | Bank - Transferring [299$ BTC for 2000$ WU]
Verified & Trusted Electronics Carding, Carding iPhone, Samsung Carding, MacBook Carding, Laptops Carding