[ kaitensushi ] [ news ] [ archive ] [ wildcard ] [ lounge / arcade / kawaii / kitchen / tunes / culture / silicon ] [ yakuza ] [ hell / lewd ] [ ? / tweet / irc / tip jar ] [ lain / lewd / uboa ] [ x ]

/silicon/ - technology

from the trenches
Password (For file deletion.)

• Files Supported: webm, swf, flv, mkv, torrent, 7z, zip, pdf, epub, & mobi.
• Embeds Supported: youtube, vimeo, dailymotion, metacafe, & vocaroo.
• Max. post size is 10MB / 4 files.

Remember to keep it cozy!

File: 1442453480436.jpg (244.3 KB, 1920x1080, 16:9, 1427363127334-1.jpg) ImgOps Exif Google iqdb


Can we get an opsec thread going? It's been an interest of mine lately but I can't find any good material
was my introduction to opsec.



for those who want to come and say, "Herp derp! Wut's upsex?" It's how to secure your fekkin operation.

This isn't opsec 101 here. We're looking for specific, in depth analysis of opsec practices. Not the inept ramblings of some WSJ Pleb who doesn't even know how to use pgp.


File: 1444051329310.jpg (102.59 KB, 1440x900, 8:5, 97004c033f791a1c55b97f9ee7….jpg) ImgOps Exif Google iqdb

What do you want to talk about? Digital opsec, specifically? Or opsec all around? When dealing with opsec, like with all security, it's a cost-benefit analysis, although it's a bit different for active opsec than for passive opsec. Basically, passive OPSEC is things like: not talking about sensitive information, whereas active OPSEC actually requires you to DO something, rather than NOT DO something (lock up data, whatever).


File: 1455556408410.jpg (48.47 KB, 1008x720, 7:5, tmp_9670-lain-is-a-bear-13….jpg) ImgOps Exif Google iqdb



File: 1455650328545.jpg (18.73 KB, 236x236, 1:1, 7ea067ab2e88c1b38105433794….jpg) ImgOps Exif Google iqdb

>retards beginner guide 1.0
>ask specific questions about where you are wanting to go next
>and I will answer them if I can in my next post. (If I can't, I find the answers!)

I should know way more about this considering the amount of time I've spent on it! Anyway, OPSEC is like many things - only as strong as the weakest link! Breaking OPSEC and revealing your most valuable possession - your identity - makes all of the hard work you've done to stay Sushi Roll to that point fruitless. That would be a terrible thing, wouldn't it? Don't ever link to your Google, Facebook, or Twitter accounts from a source where you wouldn't want everyone to know who you are.



File: 1455650370081.jpg (265.17 KB, 736x1067, 736:1067, opsex.jpg) ImgOps Exif Google iqdb


First, you need to evaluate what level of OPSEC you are wanting to shoot for. Are you a California Roll (I actually think this censoring is fun >.<) just wanting to to stand for liberty and privacy? The steps you take to protect your identity will be different than those you would if you were Edward Snowden! You may just want a VPN paid for with Bitcoin so you can download a car with peace of mind, or maybe you are going to want to be booting TAILS live from a USB using a T60 with Libreboot and no HDD. Start thinking of how deep you will go in the tin-foil hole now. I'm going to begin with some steps everyone can take.


>not using full disk encryption

There is literally no excuse. Whether it's your laptop or smartphone, full-disk encryption (preferably with near uncrackable AES-256) prevents anyone with physical access to your devices from being able to go through your files. While it's a start, simply encrypting your /home partition doesn't cut it to the same degree. Your logs in /var and installed programs in /opt and /usr can tell so much about you, in and of themselves. Your safest bet is to only leave your /boot partition readable w/o decryption.



File: 1455650432589.jpg (18.87 KB, 210x267, 70:89, OPSEC_Security.jpg) ImgOps Exif Google iqdb


>encrypting directory/container

So you are wanting to to have an encrypted directory on your external HDD, or perhaps you just want an encrypted container on your Ubuntu install to store GPG keys, passwordz, Bitcoin wallets, etc. What are your options? Well one, you can encrypt tarballs with GPG. This isn't a very quick solution, and requires you to decrypt and untar the directory each time, as well as shred it when you are done. Or (especially if you are on Windows or OS X) you could use Veracrypt (Truecrypt's worthy successor) and easily create an encrypted container. Make sure it is AES-256, though!

>not hiding behind 7 proxies

So great, physical access to your hard drive has been limited by the dank Veracrypt/dm-crypto crap you bricked it with. The NSA is going to only be able to use your drives as a doorstop, should they seize them after you post a photo on Twitter of David Cameron wearing a tiara. But what about your internet activity?

A VPN is one of the simplest ways to go. You can either setup an OpenVPN server yourself on a VPS (Google it.) or you could opt to subscribe to a secure VPN service. You can buy a month of service from a trusted source like Mullvad or AirVPN for ~€5/mo. with Bitcoin, which is a relatively secure and easy way to go. Follow their instructions for your platform, fire it up, and start torrenting/browsing Pixiv. Especially with the larger VPN providers, you have the benefit of using the same IP address as many others, and therefore decreasing the size of your identifiable fingerprint. A key part of this, though, is ensuring that you ARE NOT logged into Google, Facebook, Twitter, Amazon, etc. Otherwise you have blown your cover and can be identified as a member of the VPN service.


File: 1455650521128.jpg (89.2 KB, 660x424, 165:106, OPSEC-StepPoster.jpg) ImgOps Exif Google iqdb


Alternatively, you could buy a VPS with Bitcoin, setup OpenVPN/PPTP, disable logs, and also be able to post to your favorite imageboards or forums that have blocked IPs from major VPNs. The downside is that only you will be posting from this IP, and therefore a larger fingerprint will be created. This is a good choice, though, if you are in public and using your VPN to safely browse Rakuten, Crunchyroll, Twitter, etc.etc. that already know your identity - you are just wanting to hide it from those around you!

I personally use both. A VPS with DigitalOcean on an American server that I run a PTPP server on to access Netflix, my personal banking, imageboards, etc. in places where I am not concerned about my Sushi Rollymity, except from those L337 [email protected]$ around me at the public library or Starbucks who are snooping on my connection. I also have a VPN with a well-rated provider that I paid for with Bitcoin through Tor that I use for torrenting, browsing some imageboards, accessing Tor (I don't do it directly anymore to avoid attracting suspicion from my ISP/Government, although US citizens may be less concerned.) et.al.

>well, that was a crappy summary of things that I already knew

Sorry, senpai ;_; I will post more later, I am just on the subway to work.

EDIT: I derped out and forgot to post it. I'm just getting OFF work and I am on my way home. I have a paper for grad school to work on, though, so I may not be back for some hours.

4/4 (for now)


File: 1455650909726.png (326.16 KB, 452x541, 452:541, thegrugq31.png) ImgOps Google iqdb

grugq is a legend. I met him at Hack in the Box 2012; great guy.

Also check his tumblr out,



thanks Sushi Roll! I am making a lil moc-up of the guide for future Sushi Rolls.


File: 1457025718652.png (8.02 MB, 1182x1775, 1182:1775, OPSEC-SUSHICHAN.png) ImgOps Google iqdb

Here is a jpg version for future reference!


File: 1457036371363.gif (328.73 KB, 650x784, 325:392, 134660994327802.gif) ImgOps Google iqdb

Wow! Thank you, Sushi Roll! I feel honored.

Delete Post [ ]
[Return] [Go to top]
[ kaitensushi ] [ news ] [ archive ] [ wildcard ] [ lounge / arcade / kawaii / kitchen / tunes / culture / silicon ] [ yakuza ] [ hell / lewd ] [ ? / tweet / irc / tip jar ] [ lain / lewd / uboa ] [ x ]