Git-Mirrors
/
into-the-crypt
mirror of https://0xacab.org/optout/into-the-crypt.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Logging addition + citation / miscellaneous edits

This commit is contained in:
arcanedev 2022-01-10 06:21:29 +00:00
parent cabb585b31
commit cc988b8c14
No known key found for this signature in database
GPG Key ID: 13BA4BD4C14170C0
1 changed files with 39 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
README.md
View File

@ -102,21 +102,19 @@ This section has been prioritized as hardware is at the core of your operations.
Unfortunately, there are no easy solutions in the realm of hardware. There are many rabbit holes one can take in regards to the avoidance of negative ring architecture (layers below the operating system), selecting processors that gut/avoid the use of MinixOS and Intel's management engine (ME), inherent vulnerabilities to the processor, chipsets that require proprietary blobs, and ultimately procuring hardware that isn't subject to side-loading attacks (can weaken device encryption).
Central processing units (CPU) have a narrowed list of options. For the vast majority of desktops and laptops, the competitors are Intel and AMD. Both of these CPUs have the potential for root level backdoors that are undetectable by your OS. Some privacy-oriented organizations, such as Purism and System76, claim to neutralize Intel's ME (See Purism's technical write-up[^2]). If you are going to select a system with an Intel CPU and detest this critical design, you are limited to a few options. You can shill out the money to System76 (disables ME) and Purism (neutralizes ME by gutting critical components), or you can flash the computer's motherboard with a Raspberry Pi by running the me_cleaner program[^3] (if supported processor/architecture) and installing coreboot[^4] in replace of the BIOS. The novice runs the risk of ruining their device, coupled with the fact that the setup was likely completed for legacy hardware that has unpatched vulnerabilities. This process is not a trivial task and will cause headaches for those who simply want the system to work. If you are not willing to shill out the money to one of these organizations that disables the ME and are not technologically savvy, consider using a CPU by AMD while noting that this is far from a silver bullet.
Note: This is not to say AMD's PSP is impervious to exploitation. See [^5].
Central processing units (CPU) have a narrowed list of options. For the vast majority of desktops and laptops, the competitors are Intel and AMD. Both of these CPUs have the potential for root level backdoors that are undetectable by your OS. Some privacy-oriented organizations, such as Purism and System76, claim to neutralize Intel's ME (See Purism's technical write-up[^2]). If you are going to select a system with an Intel CPU and detest this critical design, you are limited to a few options. You can shill out the money to System76 (disables ME) and Purism (neutralizes ME by gutting critical components), or you can flash the computer's motherboard with a Raspberry Pi by running the me_cleaner program[^3] (if supported processor/architecture) and installing coreboot[^4] in replace of the BIOS. The novice runs the risk of ruining their device, coupled with the fact that the setup was likely completed for legacy hardware that has unpatched vulnerabilities. This process is not a trivial task and will cause headaches for those who simply want the system to work. If you are not willing to shill out the money to one of these organizations that disables the ME and are not technologically savvy, consider using a CPU by AMD while noting that this is far from a silver bullet.This is not to say AMD's PSP is impervious to exploitation. See [^5].
## Operating System
Researching the right operating system (OS) for your specific operation can be a monstrous task. If Operations Security (OPSEC) is of utmost importance, then operating systems that generate excess logs and call home with telemetry and error reporting should be ruled out.
For desktop, this process eliminates Windows, Mac, and ChromiumOS/CloudReady from the race. While there are significant attempts at undermining Windows telemetry, this requires a substantial amount of effort that is bound to corrupt processes and retain the bloat from disabled software.
Note: Solutions with Windows 10 aren't necessarily the anti-thesis to anti-forensics. These systems are extremly bloated and can pursue the same aims. Windows provides many areas to hide files amongst the system. Windows systems can also be an overload to inexperienced investigators with the caches, shellbags, shortcut files, monolithic registry hives, and a myriad of ways to set persistence mechanisms. This could force investigators to expend more time in the investigation. The reason it is avoided in this book is due to the proprietary blobs, bloatware, legacy protocols (which will continue to render it vulnerable to exploitation), and excess telemetry. In good faith, one could not claim to provide secure cryptography on a system that was designed for the aims of counterinsurgency.
>Note: Solutions with Windows 10 aren't necessarily the anti-thesis to anti-forensics. These systems are extremly bloated and can pursue the same aims. Windows provides many areas to hide files amongst the system. Windows systems can also be an overload to inexperienced investigators with the caches, shellbags, shortcut files, monolithic registry hives, and a myriad of ways to set persistence mechanisms. This could force investigators to expend more time in the investigation. The reason it is avoided in this book is due to the proprietary blobs, bloatware, legacy protocols (which will continue to render it vulnerable to exploitation), and excess telemetry. In good faith, one could not claim to provide secure cryptography on a system that was designed for the aims of counterinsurgency.
GNU/Linux is one of the few operating system baselines that will not phone home and create excess logs locally. Even after making such a decision, whether that be Linux, BSD, or Xen, there are hundreds of derivatives to sift through. At the time of writing, the only anti-forensic friendly distributions designed to reduce the creation and storage of artifacts are TAILS and Whonix. However, any OS lacking telemetry with properly implemented full-disk encryption (FDE) and physical security is sufficient for the job of anti-forensics. If more persistence is desired while keeping distribution size minimal, hardened variants of Arch, Void, Gentoo, or Alpine are advised.
One more factor to consider for the OS selection is the service manager being used. There are plenty of security enthusiasts who justifiably denounce the use of the SystemD service manager (used to spawn processes like networking, scheduled tasks, logging, etc)[^6]. There are a variety of service managers that have less bloat and a more simple codebase - OpenRC, runit, etc. The fact that most of these OSs are open-source results in the problem of funding. A side-project that has peaked a developer's interest often go long durations (if not permanantly) without any efforts to maintain/patch. Some recommended OS alternatives without systemD at the time of writing include Artix (Arch variant)[^7], Void Linux[^8], and Alpine Linux[^9].
Note: Ideally, an operating system running a microkernel (minimal core) such as seL4 could be in the running. These alternatives are still too adolescent to advise with little community support.
>Note: Ideally, an operating system running a microkernel (minimal core) such as seL4 could be in the running. These alternatives are still too adolescent to advise with little community support.
For mobile devices, options are extraordinarily limited. Phones are designed to constantly ping telecommunications infrastructure and receive incoming packets by design. The core purpose is to be reached. Google, Apple, and other players in the telecommunications industry have taken this to an intrusive extent. Android stock phones home an average of 90 times per hour. Apple accounts for at least 18 times per hour.[^10] Both operating systems do not operate in a manner that is conducive to privacy. It seems that the only remaining options are to disable all sync capabilities on iPhone, or flash an open-source operating system to an Android.
@ -126,16 +124,19 @@ GNU/Linux based phones, such as Pine64's Pine Phone[^12] or Purism's Librem 5,[^
## Disable Logging
Disabling logs at the source is the best solution to ensure excess logs are not being stored. Daemons or processes can automate the process of log collection. This has its useful functions for both debugging and security (auditing), however it is detrimental to the idea of information retention. It is strongly advised to periodically shred the log files if not disabling the logging daemons entirely.
On GNU/Linux with SystemD, logging can be disabled through the use of the following commands:
Some pro
Some developers have created simple bash and python scripts that remove and disable the logging daemons such as CoverMyAss.[^https://github.com/sundowndev/covermyass] Scripts aren't necessarily needed, however they could automate a manual process and identify logging components of your system that you did not know were present.
Here is a quick example of disabling logging daemons on GNU/Linux with the SystemD service manager:
```
systemctl disable syslog.service
systemctl disable rsyslog.service
systemctl disable systemd-journald.service
```
Note: These commands will not work on systems running lightweight service managers such as OpenRC, runit, or S6.
>Note: These commands will not work on systems running lightweight service managers such as OpenRC, runit, or S6, nor is this comprehensive.
While it is wise to reduce your logging footprint locally on your device, full disk encryption (FDE) is a sufficient anti-forensic mitigation for logging. If the attacker obtains access to your device as it is running (either physical or remote via a security compromise), logging is most likely the least of your concerns.
While it is wise to reduce your logging footprint locally on your device, full disk encryption (FDE) is a sufficient anti-forensic mitigation for logging. If the attacker obtains access to your device as it is running (either physical or remote via a security compromise), logging is likely the least of your concerns.
## Clear Caches
There are various caches containing sensitive information on both mobile devices and GNU/Linux systems. Linux systems have the tendency to push most logs to the /var/log/ directory. This is a simple deletion process.
@ -146,7 +147,7 @@ Deletion of files in most operating systems today is a loose version of the term
A simple shred command in a Linux bash shell: `shred -n 32 -z -u <FILE>`
This command would use GNU coreutils shred function to wipe over the designated file with 32 iterations. The -z adds a final overwrite to hide the shredding process, and the -u unlinks the file completely.
Note: This is an example command; I am not recommending 32 overwrites.
>Note: This is an example command; I am not recommending 32 overwrites.
The NSA has in the past developed malicious firmware for HDDs that can create secret copies of user-written data. SSDs which make use of wear-leveling cannot have information securely erased by the user. However, SSDs with wear leveling also pose a significant annoyance, and even create difficulty for, forensic investigators. Such annoyance cannot be considered a security guarantee. In short, wear-leveling, garbage collection, and trim operations are largely outside of the user's control, therefore "secure" deletion should not be assumed to be possible. Regarding SSDs, trim operations should always be enabled as it stands to make files unreadable using "Deterministic Read After Trim" or "Deterministic Zeroes After Trim." Consider trim as an unreliable backup mitigation to FDE.
@ -181,11 +182,11 @@ Wireguard is currently the most secure. Unfortunately, it has faced little scrut
The Onion Router (TOR) has faced the most scrutiny of all protocols and provides the most anonymity. While facing the most scrutiny from various individuals and governments, TOR has many overarching issues yet to be addressed. Someone with a God's eye view of the telecommunications traffic could deanonymize users by sending out certain sized packets to different destinations. This is something to keep in mind while hosting infrastructure, however the standard user sending out typical sized packets from web requests has little concern of this deanonymization tactic. TOR does not add timing obfuscations or decoy traffic to hinder traffic pattern analysis which can be used to deanonymize users.
Both of these channels have some pitfalls, so why not combine them for layered security? There have been numerous articles published by Whonix [^14] and TAILS [^15] developers along with other Information Security professionals highlighting the ineffectiveness of the VPN / TOR combination. The synopsis of their articles is that at best it doesn't help you, at worst, it hurts you. I find it useful if I am trying to mask the fact that I am using TOR from the ISP. Bridges can also be used for this purpose, but they are likely easier to identify by the Intelligence Community (IC). While on public WiFi, I recommend solely using TOR.
Both of these channels have some pitfalls, so why not combine them for layered security? There have been numerous articles published by Whonix[^14] and TAILS[^15] developers along with other Information Security professionals highlighting the ineffectiveness of the VPN / TOR combination. The synopsis of their articles is that at best it doesn't help you, at worst, it hurts you. I find it useful if I am trying to mask the fact that I am using TOR from the ISP. Bridges can also be used for this purpose, but they are likely easier to identify by the Intelligence Community (IC). While on public WiFi, I recommend solely using TOR.
I2P[^16] or the Invisible Internet Project spawned in 2003. This is an encrypted private network layer designed to mask user identity. I2P is not the same concept as TOR, although some concepts cross over. I2P users cannot officially communicate with clearnet sites like TOR users can; all I2P traffic stays internal to the I2P network. Without having the exit of traffic via exit nodes or outproxies to the internet, this reduces usability and enhances privacy. I2P can prove useful at limiting the information captured by global passive adversaries. I should note that some mixnets have called I2P legacy technology claiming that it opens up users to a number of attacks that can isolate, misdirect, and deanonymize users. Therefore I2P should not be solely relied on. If one is adament about using I2P, there are configurations that facilitate the use of I2P via TOR.
Mixnets have the goal of anonymizing packets through uniformity. The design is to obscure and craft packets of the same size despite the amount of data being transmitted. Often times mixnets have technology that address timing based attacks, provide decoy or cover traffic, and implement uniformity of packets, however the pitfalls tend to be lack of scrutiny and adoption. Anonymity loves company, and most mixnets lack that component, especially in their early conceptions. Due to the lack of scrutiny with early conception and lack of adoption, I cannot provide any recommendations.
Mixnets have the goal of anonymizing packets through uniformity. The design is to obscure and craft packets of the same size despite the amount of data being transmitted. Often times mixnets have technology that address time-based attacks, provide decoy or cover traffic, and implement uniformity of packets, however the pitfalls tend to be lack of scrutiny and adoption. Anonymity loves company, and most mixnets lack that component, especially in their early conceptions. Due to the lack of scrutiny with early conception and lack of adoption, I cannot provide any recommendations. Even if one is to involve themselves with the use of a mixnet, they should be on guard. Intelligence agencies are not ones to shy away from a good honeypot. While not a perfect example as this wasn't a mixnet, the FBI ran an operation with an operating system called ArcaneOS and a built-in messaging platform called anom[.]io[^https://urlscan.io/result/f7b4c5ae-3864-4b3f-be0e-ad10e39276bc/#summary] designed for organized crime. Anom was an application that opened as a calculator which had the user enter a pin to reach the hidden messenger. All communications were intercepted. The morale of the story is that the slightest amount of skepticism into the website communications, hosting platform, or the closed-source application could've prevented the downfall of multiple criminal enterprises globally. The same skepticism should be applied to any organization unwilling to address their shortcomings and model their potential attack vectors. Many are willing to route your traffic, and node-based cryptocurrency projects with a model that resembles that of a ponzi-scheme could always be a source of both black budget funds and traffic analysis for the letter agencies. I have no fingers to point or organizations to accuse. However, it is far from a half-cocked conspiracy that intelligence agencies would engage in this type of activity.
In regards to implementation, there are a variety of options. Host-based virtualization with pre-configured systems like Whonix can be used. This routes all of the Whonix workstation's traffic through the Whonix gateway to prevent leakage. A bootable TAILS USB is also preconfigured to allow only TOR traffic, excluding the exempt or whitelisted insecure browser designed for getting your device through WiFi portals. Open-source operating systems, such as OpenWRT, on a travel router can force certain subnets to use a VPN configuration or route via TOR.
@ -210,20 +211,19 @@ DuckDuckGo (DDG)[^23] has long been used as an alternative to Google. It is wort
#### Searx
Searx instances[^24] are decentralized search engines that can be stood up by anyone. Decentralization with Searx doesn't remove the issue of inherent trust that must be placed in the instances, but it ensures that you have control in where you place your trust. This also enables people to stand up their own instances and configure them with better protections. Decentralization is preferred, however some of the instances are likely ran by intelligence agencies.
Note: There are certainly more variants of search engines that I have not covered that are further from the beaten path. The landscape is often changing, and it is advised to practice due dilligence when researching alternate search engines.
>Note: There are certainly more variants of search engines that I have not covered that are further from the beaten path. The landscape is often changing, and it is advised to practice due dilligence when researching alternate search engines.
## Live Boot
Live media (USB or CD) can be booted from in a process called Live Boot. Data is prevented from being stored on the hard drive of your computer (so long as you do not attempt to decrypt your hard drive that is detected). Nothing lives in permenance from the live boot. This is a useful tool for the privacy conscious as there is little to no cleanup process of your actions. Some operating systems such as The Amnesiac Incognito Live System (TAILS)[^25] are forensicly conscious and wipe the data from the device's physical memory once the USB is removed or the system is shutdown. This is not always the case for live media. Be conscious of network activity living on in permenance. This is where the use of strong cryptography can come into play from Virtual Private Network (VPN) configurations to the use of TOR. Live booting reduces the effectiveness of the Cold Boot attacks. Cold boot is heavily reliant upon data that is temporarily stored in Random Access Memory (RAM).
Note:
Cold boot attacks require a system to be under attacker control. DDR3 memory modules lose data within 3 seconds of losing power under normal circumstances. DDR4 loses data within 1 second (more like a fraction of a second) after losing power under normal conditions.
Sufficient mitigation against cold boot attacks is generally to simply remove memory before control of the system is released.
Linux allows this via the "magic" SysRq combo SysRq+o. This is available by default on some OSs, but needs to be enabled manually on others.
Parrot enables many SysRq commands by default. Among those allowed by Parrot include SysRq+o (immediate poweroff, with no shutdown cycle).
>Note: Cold boot attacks require a system to be under attacker control. DDR3 memory modules lose data within 3 seconds of losing power under normal circumstances. DDR4 loses data within 1 second (more like a fraction of a second) after losing power under normal conditions.
Sufficient mitigation against cold boot attacks is generally to simply remove memory before control of the system is released.
Linux allows this via the "magic" SysRq combo SysRq+o. This is available by default on some OSs, but needs to be enabled manually on others.
Parrot enables many SysRq commands by default. Among those allowed by Parrot include SysRq+o (immediate poweroff, with no shutdown cycle).
Systems can be started in non-persistent sessions with the use of `grub-live` and `grub-live-default` packages. `grub-live` boots to persistence by default, while `grub-live-default` starts directly to a non-persistent session.
Note: These packages are primarily available for Debian-based systems
>Note: These packages are primarily available for Debian-based systems
## Physical Destruction
Physical destruction of critical operation data is advised. Institutional authorities such as the National Security Agency (NSA) and Department of Defense (DoD) see no value in the wiping of critical data. If they believe data is at risk or a device under classification is to be removed from a closed area, all media drives must be completely degaussed. The lesson to be learned here is that if institutional authorities do not trust wiping and overwriting methods, be cautious in your operational threat model. If your life depends on the media being sanitized, save yourself the stress and physically destroy it. If your operation would have adverse consequences if you are caught, there is no room for sentiment.
@ -240,9 +240,9 @@ Destroying SSDs:
- Open the drive
- Break/Crush the board and memory cells
- Burn the remains
- Separate and scatter the debris [^22]
- Separate and scatter the debris[^22]
Note:
>Note:
The DoD generally cites a drive wiping policy of 7 passes using random data. Each pass is performed on the entire drive.
Other acceptable means of data removal include a single random pass (modern drives make it nearly impossible to recover data, even with a single overwrite), microwaving the platter (the platter should be removed from the enclosure before doing this), applying sand paper aggressively to the platter, heating the drive in an oven (500 degrees Fahrenheit for 15 minutes? 30 if you want to be extra paranoid, or just leave it in the oven until investigators arrive), or taking a powerful magnet (perhaps from a home/car stereo) to degauss the drive. The platter should be removed first in this method to maximize effectiveness.
@ -255,7 +255,7 @@ All this being said, there is only one form of unbreakable encryption that will
"The security of the onetime pad cipher is wholly due to the randomness of the key. The key injects randomness into the ciphertext, and if the ciphertext is random then it has no patterns, no structure, nothing the cryptanalyst can latch onto. In fact, it can be mathematically proved that it is impossible for a cryptanalyst to crack a message encrypted with a onetime pad cipher. In other words, the onetime pad cipher is not merely believed to be unbreakable, just as the Vigenère cipher was in the nineteenth century, it really is absolutely secure. The onetime pad offers a guarantee of secrecy: the Holy Grail of cryptography." - Simon Sughes, The Code Book[^26]
Note:
>Note:
An OTP using a CSPRNG (cryptographically secure pseudo-random number generator) still maintains the security of the CSPRNG used, although isn't really an OTP anymore. Instead, it acts as a stream cipher.
OTPs are information-theoretically secure, but are not tamper-resistant.
Full-disk encryption should only ever be performed using the XTS mode of operation.
@ -266,7 +266,7 @@ All this being said, there is only one form of unbreakable encryption that will
### Randomness
Randomness or entropy is the complement to cryptography, or rather a fundamental component. There are two forms of randomness that one would use to generate a One-Time Pad (OTP) message. This randomness can be derived from computational randomness (pseudo random) or pure (theoretical) randomness. Pure randomness is always the goal with the use of OTPs. Unfortunately, there are few ways of achieving this pure randomness. Computational randomness but not theoretical randomness has potential to be broken.
Note:
>Note:
Many (most) modern computers contain hardware true-random number generators (TRNG). To identify if your hardware has such hardware, run `cat /dev/random` on a Linux-based OS.
For systems with no TRNG, `cat /dev/random` will produce some amount of output, then produce nothing or produce output slowly.
For systems with a TRNG, `cat /dev/random` will produce output continuously, appearing to behave the same as `cat /dev/urandom`.
@ -319,16 +319,18 @@ To date, Linux Unified Key Setup (LUKS) and Veracrypt[^30] are the two most nota
- Veracrypt: Primarily container-based encrypt for file storage and plausible deniability with hidden volumes
- PGP: Used for file-based encryption
Note: Veracrypt can be set to leverage cascading ciphers. Its cascading encryption uses mutually-independent keys.
>Note: Veracrypt can be set to leverage cascading ciphers. Its cascading encryption uses mutually-independent keys.
#### Offline Password Managers
Security often comes down to the basics; Make your devices/accounts/services hard to crack. Feds & private forensics companies may be able to allocate ridiculous amounts of computing power against your services to see logs and compromise your accounts, but their brute forcing efforts can be rendered useless.
Consider offline variants of KeePass[^31] for secure password storage, then consider placing the KeePass database inside of a hidden veracrypt. Having a password with an absurd amount of characters such as `dHK&*/4pk_!i??5R=^K}~FU!kxF{fG}*&>oMdRt([);7?=v(e^,ch_n)r()]:&k$D@f4#G"Y\v_5-*i$E[+)"bT*@BF+{hkvn7[B]{qq'[~]3@+-Ju6C(@<]=TEM6a\h$c+:W[k$=;Jy[Un7&~NtvK*{Bn` is enough to stunt any brute force attempt. Cryptographic security can only be as strong as the key being used.
Note:
A 20-character random password (letters, numbers, and symbols) provides 132.877 bits of security (compare to 128 bit symmetric encryption keys).
A 29-character random password (letters, numbers, and symbols) provides 192.671 bits of security (compare to 192 bit symmetric encryption keys).
A 39-character random password (letters, numbers, and symbols) provides 259.110 bits of security (compare to 256 bit symmetric encryption keys).
>Note:
A 20-character random password (letters, numbers, and symbols) provides 132.877 bits of security (compare to 128 bit symmetric encryption keys).
>A 29-character random password (letters, numbers, and symbols) provides 192.671 bits of security (compare to 192 bit symmetric encryption keys).
>A 39-character random password (letters, numbers, and symbols) provides 259.110 bits of security (compare to 256 bit symmetric encryption keys).
Security margins greater than 256 bits are unnecessary, even against quantum attacks (256 bits of security against classical attack = 128 bits of security against quantum attack)
Breaking 128 bits of security requires time approximately equal to 1000 times the life of the universe (measured from the big bang to the projected death of the universe)
@ -337,7 +339,7 @@ Consider offline variants of KeePass[^31] for secure password storage, then cons
### PIM (Personal Iterations Multiplier)
PIM is treated as a secret value that controls the number of iterations used by the header key derivation function. So long as PIM is treated as a secret parameter, this increases the complexity that an attacker would have to guess.
Note:
>Note:
Larger-value PIMs also increase the time complexity of attacks, at the expense of time taken to perform password hashing. Most cryptologists would argue that a PIMs should not be treated as a secret parameter (or at least, such secrecy should not be relied on). The user's own password should be the source of security. Password hashing, in general, is a mitigation for users with less-than-secure passwords.
As a person who values security against the world's most powerful attackers, one should make a point to not rely on password hashing for security.
@ -366,7 +368,7 @@ Limit the use of these Cellular protocols with the following setting alteration:
Every introduced system creates a larger fingerprint and attack vector, ultimately leading to more trust in more systems and services. The most anonymizing and secure operations require minimal architecture and physical security.
Note: Cellular radio modules lack randomization, rendering mobile devices inadequate for anti-forensics. This has been a pain point to many operations and has often been the sole cause of deanonymization.
>Note: Cellular radio modules lack randomization, rendering mobile devices inadequate for anti-forensics. This has been a pain point to many operations and has often been the sole cause of deanonymization.
## Automated Shutdown Procedures
Depending on your threat model, not all operations can be conducted from a coffee shop. There are an increasing amount of cameras, and facial recognition technology is already being deployed, along with license plate scanners at every street light. If operations are sensitive and must be conducted from the same location consistently, preparation should always lean towards the worst-case scenario.
@ -382,7 +384,7 @@ Earlier, it was said that these groups have unlimited resources; this is not ent
Hypothetically, if the algorithm/hash combination is known by the attacker, here is where the cascading algorithms display their value:
"Whether they choose to encrypt with AES, Serpent, Twofish or any other single algorithm, the speed of the attack will remain the same. Attacks on cascaded encryption with two algorithms (e.g. AES(Twofish)) work at half the speed, while cascading three algorithms slows them down to around 1/3 the speed."
Note:
>Note:
VeraCrypt does not keep encryption/hashing algorithms secret. Keeping such information secret would break the functionality of VeraCrypt (unless the user were to enter such information on every boot, comparably to how PIMs work). An attacker will never need to attempt multiple combinations. They will simply need to attempt cracking a single, different, algorithm.
Leveraging Veracrypt
@ -406,7 +408,7 @@ The traditional methods of interfacing with the internet stand to be the most se
For those who still require the use of wireless technology in their daily lives, consider the option of airgapping and utilizing a wireless dongle when necessary. Radio transmissions are only allowed when your device powers the USB wireless dongle. If hardware emitting signals cannot be physically removed from the device, consider implementing faraday cages. ([See EMF Shielding section](#emf-shielding))
Note:
>Note:
Wireless drivers have been used as a means of system compromise in the past.
Once the device is ready to be shutdown, simply pull the dongle from the device, and there you have a physical killswitch for wireless technology. Not only is time reduced for remote exploitation, but inherent device identifiers with the built-in chipset are removed.
@ -433,7 +435,7 @@ Your operations and system must remain accessible despite such intense OPSEC pre
Instead of compromising on security, consider implementing automation. Simple scripts can reduce the effort needed while keeping nested layers of cryptographic solutions.
For instance, create a function for mounting your encrypted drive, closing out an encrypted volume, and the "when things get out of hand" function where files should undergo the process of secure deletion.
Note:
>Note:
As previously noted, secure deletion is generally impossible on SSDs. Also, any bad sectors on a drive (SSD or HDD) cannot be securely erased by software. Such bad sectors must be erased physically.
Kali and Parrot include a LUKS "nuke" feature which erases the LUKS headers. This can be used to ensure an encrypted drive cannot be decrypted, even if your password can be broken. This feature can also be installed on any Linux-based OS. Installation of the LUKS nuke feature may conflict with Secure Boot on OSs which don't support it by default.
@ -470,17 +472,17 @@ The vast majority of cases related to online operations become unsolved mysterie
On GNU/Linux, there are many ways to embed malware on the system. Some of which leverage crontabs or other variants of scheduling tools. Aliases can be altered to perform malicious functions rather than the desired results. System process in `bin/` directories can perform unintended tasks, or simply be swapped out and/or linked to alternate processes. Some files such as `/etc/rc.local` or `/home/$USER/.bashrc` can contain commands to execute upon booting to the disk or logging into a user account respectively. Analyzing the newest trends of threat actors can useful to determine indicators of compromise (IOC). Kinsing[^41] and other threat actors that leverage new vulnerabilities to compromise internet-facing systems and embed cryptominers provide insight into the world of persistence, along with a competitive nature that stunts competition. The sub-sections listed below identify remnance that could indicate past compromise.
### Cron example
echo "*/30 * * * * sh /etc/.newinit.sh >/dev/null 2>&1" > /etc/$crondir
`echo "*/30 * * * * sh /etc/.newinit.sh >/dev/null 2>&1" > /etc/$crondir`
### Service Creation
Make a file under /etc/systemd/system/$service_name.service
If using a runit service manager, create a file under /etc/sv/$service_name
Make a file under `/etc/systemd/system/$service_name.service`
If using a runit service manager, create a file under `/etc/sv/$service_name`.
### /tmp/ executions
Many hardened systems append the flag `noexec` to the `/tmp/` partitions to prevent malicious code from being executed in that partition. For the sake of compromise, consider creating files that appear to be reference points from a past compromise. Some files in crypto-mining cases have names such as `.zsh`, `.zshs`, `kdevtmpfsi`, `libsystem.so` under the `/tmp/` directory.
### Placing SSH keys under the root user
Unexpected SSH keys can be a sign of compromise, and they typically do not belong under /root/.ssh/ directory as they are primarily controlled by a less-privileged user account.
Unexpected SSH keys can be a sign of compromise, and they typically do not belong under `/root/.ssh/` directory as they are primarily controlled by a less-privileged user account.
## Traceless Procurement
There are a few concepts to touch on this topic.
@ -551,7 +553,7 @@ Fortunately, amnesiac solutions are growing. One can run TAILS with the HiddenVM
If a live USB with minimal processing power is not your niche, consider running a hardened base Linux, preferably using a Windows Manager (WM) over a full Desktop Environment (DE), to act as a hyper-visor that runs amnesiac virtual machines such as Whonix. If the option is taken to avoid live boot, the hardware selection becomes more important. First off, it would be in your best interest to use at least 16 GB of RAM. Secondly, consider using one SSD and one HDD. The HDD will be used to hold files, while the SSD is used for facilitating performance for the host OS. As previously stated, HDDs can be wiped by degaussing or overwriting physical sectors while this should be assumed an impossibility for an SSD. Each VM on the host should have a primary function; separate cases and even processes should have separate VMs. For the more technical, sandboxing applications can be used to add nested layers of security. Consider using a sandboxed profile[^51] for your virtualization software, whether it be KVM[^56] or VirtualBox[^57]. Inside the VM, use sandboxing to isolate your processes.
Note: Amnesiac computing is highly advised for journalists with state targets on their back. Most malware will not be able to persist through different sessions, and often they will have to interact with hostile platforms and networks.
>Note: Amnesiac computing is highly advised for journalists with state targets on their back. Most malware will not be able to persist through different sessions, and often they will have to interact with hostile platforms and networks.
If a mobile device is deemed a necessity, leverage GrapheneOS on a Google Pixel. Encrypt all communications through trusted services or peer-to-peer (P2P) applications like Briar.[^58] Route all device traffic through TOR with the use of Orbot. Keep the cameras blacked out with electrical or gorilla tape. The concept of treating all signals as hostile should be emphasized here as the hardware wireless chipset cannot be desoldered. Sensors and microphones can successfully be disabled, but the trend with smaller devices is that they run as a System on a Chip (SoC). In short, multiple functions necessary for the system to work are tied together in a single chip. Even if you managed not to fry the device from the desoldering process, you would have gutted the core mechanisms of the system, resulting in the newfound possession of a paperweight.