Defensive strategies require understanding how an adversary will employ tactics to determine weaknesses. Offensive strategies are often most successful when the executor of the strategy is familiar with defensive tactics, such as the ones covered in the previous article. Often, the weakest link in any security chain is people. People keep passwords simple, ports open, and information being disclosed.

Image for post
Image for post
Recon is a physical, digital, and mental chess battle between target and the adversary. Offensive and defensive tactics are reliant on proper recon data. The wrong data can result in loss.

This information is for educational purposes only. I am not responsible for YOUR actions.

Recon

Reconnaissance is the preliminary survey to gain information, often used in the military as a survey of an enemy or target. In hacking it is the same concept, the goal of your recon is to gain information about the target such as versions of software running, architecture, what other company’s they may interact with, and of course analyzing where weaknesses may exist within the company structure. This type of analysis takes significant time and can mean the difference between a successful operation or a failure. The implication here is the more research and verified data you have the better plan of attack can be derived from the information.This same process can be applied to analyzing your application or service for defensive security analysis. …


Covert ops exist globally and domestically, many share a common goal but require an sizeable quantity of work to accomplish their goals through standard methods. Governments and organizations will sometimes utilize resources that are thrown into their laps in order to accomplish a task. I’m going to talk about some of these that have played out in the real world. I will be using some real world examples that actually happened involving the United States government, hackers, journalists, and activists.

You definitely should always do your own research about subjects.

Image for post
Image for post
You definitely shouldn’t and you should always do your own research about subjects.

Disclaimer

Some of the individuals covered in this article may be offensive and you may dislike them, that is your choice. This information is provided from facts and documented events. Like it or not, these events happened. Reality is always much more grittier than the stories you are told. That being said, let’s take a look into some of the operations and clever honeypots the United States government has been involved with in the last decade. …


Now that we are off to a fresh start to 2021, it is a good idea to install Linux for the new device we have obtained. In this article, I will walk you through several considerations and how to install Linux on your device. Do note your device may require a couple of configuration changes specifically on its needs, but I will get into that here. We will also do some hardening of the operating system as well as good defensive strategies with Linux. A solid defense will lead to a great understanding of offensive tactics when needed.

This information is provided for educational purposes. I am not responsible for your actions.


2020 was a hell of a year for most people. Privacy is being eroded quicker under the pandemic, but there is a silver lining. In the new year, we should all strive for better privacy and access to anonymity. Privacy is not anonymity and vice versa. Along with protecting ourselves with proper operational security with a solid defense, we also will need a solid offense. Every Monday I will be covering topics on privacy, hacking digital defense as well as offense, and other security-related topics. …


This article is an introduction to metadata, some of the overlooked methods in how it is collected, and the precursors of profiling. The information provided here will hopefully provide you a better understanding of threat modeling around metadata collection. Privacy takes work to keep and anonymity takes even more work. There is no silver bullet, let’s do a light introduction into the world of operational security, threat modeling, and metadata collection.

Image for post
Image for post
Assume cameras are everywhere, assume they are actually monitoring, and take precautions.

Operational Security(OpSec)

Operational Security or OpSec is the security of your operation(s). This applies to your day to day disclosures of information to companies, social media usage, and other activities you may engage in. Metadata collection can greatly impact your operational security in several ways. …


This article was requested on how to set up hidden services that would protect the operator. Like most things, there is an easy way and a difficult way when it comes to hidden services. If you do things the easy way, you could compromise the location of your host. Good OpSec, best practices, and an understanding of how the Tor network works will pay off dividends for privacy when running hidden services.

Image for post
Image for post
Like a lovely escape tucked away on a mountain, mitigating vulnerability starts with proper planning. Let’s work on limiting system vulnerabilities as a hidden service operator.

*Disclaimer: This information is presented for educational purposes and I am not responsible for your actions. What YOU do with this information is YOUR responsibility.*

Hidden Service Risks

Please pause here and go read the following article. The aforementioned article covers what is a hidden service and even how to set one up. In this article, I want to highlight how to set one up with privacy and security in mind for our service. For this article, I will use an nginx service but I will cover some points on email and ssh services as well. There are a lot of considerations when setting up a service and many will involve you to understand the compromises for each. …


We take a lot for granted. What happens when we can no longer rely on the way we normally use internet or power? What happens if you are in a situation where you may need to get communications? Let’s take a look.

Image for post
Image for post
A home with solar panels, but there are plenty of other options.

Needs

Most people rely heavily on the power grid to get their electricity that powers their homes, computers, and their lives. Some conditions may have adverse effects on this such as natural disasters, cyber attacks, or where they choose to have a structure they wish to power. Internet and power are so ubiquitous for most American’s that it is often overlooked that in some places it is not possible to get without getting creative and using alternative sources. …


This article is a collection of interesting methods to use the Tor network for more than just what it is perceived to be used for. This is a way to utilize the overlay network to prevent need to punch holes in your firewall at home, prevent need for dynamic dns, and you might find your own interesting uses.

Image for post
Image for post
Just as there are many types of onions, there are many ways to use Tor.

Tor, the layers.

Tor, The Onion Router, is an overlay network originally designed by the United States Navy. It is still mostly funded by them. Many may inquire as to why this software should be trusted, that answer is quite simple. The same level of privacy that a covert operative needs, should be the same level of privacy that a user should have if it is used properly. Governments while they do hate people using Tor, they actually need users on the network for their own protection. It is also important to note while they may also be ever increasing attempts to de-anonymize users, the government really wants this to be stopped for their own sake. …


This is article is to highlight the use of simple tooling around WiFi as a defense mechanism. This is a method I used after Hurricane Zeta to help monitor whether would be looters were casing the area and to have a little fun with them. This article should have been published on November 10th, but is being published now. Sorry for delay.

Image for post
Image for post
Sometimes we only consider the physical perimeter, we can and should leverage tools to keep a digital perimeter.

The Need

Beginning on October 28th, hurricane Zeta was on it’s way to create an impact on the Gulf Coast of Mississippi as several storms already had this year. As the storm was not that powerful many expected not that much would be damaged and very few services lost, this was a mistake. As previous storms had already did significant weakening of trees and infrastructure, this storm came through and did some real wreckage. …

About

nixops

General purpose hacker and deadhead. Sometimes I do things…

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store