OPSEC: Because Jail is for wuftpd - The Grugq - Ekoparty 2012
Вставка
- Опубліковано 28 вер 2024
- OPSEC: Because Jail is for wuftpd - The Grugq
Drawing on lessons gleaned from recent hacker indictments, research on surveillance, espionage and counter-intelligence, this talk focuses on practical operational security (OPSEC) measures to avoid detection and prevent arrest by Law Enforcement Officials. The target audience for this talk are hacktivists whose primary mission requires strong online anonymity in the face of intense scrutiny by well funded antagonists. Starting with a review of OPSEC goals and moving onto methodologies, techniques and technologies, this presentation will enable the target audience to devise and implement robust OPSEC measures. Effective OPSEC requires combining strong technology solutions with disciplined cautious actions to minimize the exposure of “protected information”. The talk will enumerate OPSEC principles and techniques to deny protected information to LEO, and equip hacktivists with the tools necessary to successfully conduct online operations while avoiding capture.
Slides:
www.ekoparty.o...
About The Grugq
A licensed manicurist by trade, the grugq rose from the ranks of the PLA's gold farming division to become one of the lead clicky-clicky technologists within the offensive cyber sphere. Currently under the patronage of the Asian Godfather of Hacking, living an austere existence as a practicing Buddhist monk in the mountains of Bangkok, The Grugq continues to advance the art of hiding things from the authorities.
#eko8 2012
Best part? Maybe the rule about not talking in code. Perfect
this is some quality stuff..dont let the low view count fool you.
skyd171 the low view count simply shows how disinterested people are when it comes to information such as this; it does not reflect quality in any way.
That was my exact comment :)
skyd171 I was just expanding it.
p.s. that is the incorrect use of the word 'exact'.
we can be exact if you want. your expansion is wrong. this video title is sufficiently cryptic and terse that even people who are interested in the subject matter might not know what it's about. it also doesn't reflect the full range of topics covered or the style of delivery, things which influence likelihood to click. so concluding the view count reflects a low interest level in the subject is a malformed idea at best.
skyd171 i disagree. the word opsec and the context of "because jail is for" make this perfectly clear what this is. that is completely ignoring the grugq's known field of expertise.
he knows how things work for sure .
The slides 404
very useful stuff very informative
Idea for a drinking game if you want to get hosed: Take a drink every time he says stfu. :)
LOL
hahahaaahahahhahhhaaagahgfahfgahghahah
I would advise not to do any freedom fighting subsequently after engaging in the suggested activity.
(Anonymizing your typing style is hard enough, anonymizingvypur drunk text ...... Idk about that)
Lulzsec's fuckup in such a major way was that they just assumed when Hidemyass said they were a "no logs provider" they meant they didn't log the details Law enforcement would need in order to prosecute and hold the hackers accountable.
In essence Hidemyass VPN provider is a would not rec in any way VPN Provider as far as I'm concerned. They love the marketing appeal of being "No logs" but at the end of the day will turn on you.
I would rec you acutally research if your VPN provider has prevailed in court in the event of a subpeona. if they have you might consider that option. make sure by "No logs" they define it as No IP addresses or macs and that they Encrypt your DNS tunnel too.
Damn that's really good advice.
My teacher, 👍🏻
The slides are here: www.ekoparty.org/archive/2012/GRUGQ_opsec%20after%20lulzsec.pdf
Deleted lol
not anymore
@@mikemcdonald5147 deadlink
THIS IS CONTENT!
Funny because in the leaked podesta email, they talk in code about pizza and hot-dog.
My OPSEC, I work in game development, primarily in DRM.
Because it’s true
No, because I am not paranoid
"Don't tell people you use a MacBook"
I wouldn't tell anyone even if it was secure; it's a MacBook ffs.
jkkk. couldn't help it. sorey
I dont get the joke
@@jammer5475 no, it’s a computer. Wtf is a white good?
@@jammer5475 I knew getting into this thread was likely a waste of my time, but I thought maybe you'd say something that'd impress me. You didn't - you really are just a simple sam.
@@jammer5475 fyi, my calculator is a computer. The very definition of a computer is "A computer is a machine that can be programmed to carry out sequences of arithmetic or logical operations automatically".
@@jammer5475 yes they are. Your point makes no sense.
"If you first connect to vpn and then to tor, you will go to jail"
Anyone to explain in detail?
Tor encrypts your connection and does not log it, a VPN may not encrypt it and logs it so the feds will see it. Lets say you have a target. you send evil_malware.exe to VPN, VPN logs evil_malware.exe then send evil_malware.exe to tor, tor sends evil_malware.exe to target. There is a direct connection between your ip and evil_malware.exe in the VPN logs. But if you connect to tor first then the logs in the vpn will not connect you to the evil_malware.
@@Adrian09s thanks
@@Adrian09s this assumes your ISP is not logging and cooperating with the government while your VPN is. I would trust an average VPN company more than your average ISP. If you agree VPN'ing into TOR makes some sense (but please don't TOR into a VPN).
@@otto3619 or u could use a tor bridge
@@愛 the problem is that after a while the IP addresses of TOR bridges will become known (for example by them using TOR with bridge themselves), so if they log your connections they can retroactively determine that you connected to TOR. With VPN into TOR they'd only be able to see that you used a VPN, which nowadays is pretty mainstream.
A remarkably no shit presentation.
Ayo shout out to virus. Stay free homie.