OpNewBlood #OPSEC

Posted on By Treadstone 71

OpNewBlood

#anonymous

#1 Remember and save this information #OpSec:

#2 Never leak personal data.

#3 Always be careful online. Never say things that might help others find you

#4 Never give information about whether it is raining/sunny, day/night where you live. Never talk about events that are close to where you live.

Optional: If you want to give information about the weather, give the opposite of the truth. If it’s raining, say it’s sunny, etc., or avoid answering at all. In some cases, leaving false clues can

Be a good option. If you must send a screenshot of your Android, avoid showing the current time/ language visible in the screenshot, as someone could understand your current time and the language you speak.

#5 AVOID CLICKING ON UNNECESSARY OR SUSPICIOUS LINKS, AVOID RUNNING FILES ON YOUR SYSTEM WITHOUT FIRST PROPERLY ANALYZING THEM OR HAVING

DONE ON A SEPARATE OPERATING SYSTEM (could be IP hijackers/phishing,

malware). DO NOT OPEN SUSPICIOUS FILES OR INSTALL SUSPICIOUS, USELESS OR INFLUENCED APPLICATIONS.

If you are not sure, first upload the sample (video/image/document/software) to

https://www.virustotal.com/gui/home/upload, https://www.bybrid: analysis.com/, https:// http://www.joesandbox.com/#windaves and many others. Still, some malicious applications may not be detected. NOTE: in case your device presents abnormal symptoms, such as constant slowness, or if your social networks notify alerts, are published without permission or have lost access, do an IMMEDIATE check of your PC or cell phone, and get into the habit of doing it every time. days. It is recommended to use: for po

https://malwarebytes.com/premium/ for mobile https:// es.malwarebytes.com/android/

#6 If possible, use a recorder number to log into social media apps or anything else, like Telegram or Signal.

Always make sure to use strong passwords (at least 16 characters. Capital letters, non-capital letters, special characters and numbers), and it would be good to set up 2FA whenever possible.

When you DO NOT NEED the burner number or burner telephone, turn it off.

Take out the battery and SIM | If possible, place it inside a Faraday cage or simply turn it off and leave it somewhere safe.

Next time you need it, turn it on again and take it out of the box.

Optional but could surely help: cover the cameras with duct tape.

Burner phones and burner numbers can also be used to perform OSINT and register online accounts.

Make sure you create very attractive fake profiles (Linkedin, Facebook, Instagram, Twitter, Reddit or any site you want to register on).

Use This PersonDoesNotExist or other websites and generate some fake names and identities.

Prevent your real contacts that you know in real life from appearing on such fake profiles. Avoid syncing your contacts on your fake social profiles.

From a burner phone or disposable number, avoid making calls to contacts you know in real life. Never store personal information/contacts/life details

On disposable phones.

#7 Laptop/PC:

Avoid using closed source operating systems (MAC/Windows)

Cover cameras and microphones if there are any, in case you are not

Encrypt hard drive and storage devices using LUKS or something else reliable.

Use strong passwords for device encryption

Storage and for user accounts. AVOID USING THE SAME PASSWORD OVER AND OVER!

Use Linux as your operating system when opening files, joining meetings, or other situations that could reveal your identity or infect your computer.

If you want to use Windows, use it in a virtual machine and wipe/restore the virtual machine every number of days/weeks. Do not use a license and avoid installing suspicious software on it. Remember that you can use BleachBit to shred files that you want to delete completely, making them difficult to recover! (But not impossible.)

Read about digital forensics and related topics to understand more about it). The same goes for Linux. Use BleachBit or shred. Remember that if you are using SSDs or new hardware, it may be more difficult to securely delete files.

Remember to use exifcleaner to remove exif metadata from photos, videos and files similar.

If you must completely wipe the device or a hard drive, etc., destroy it and make sure it is difficult to recover things from it. Normally a drill does the job.

#8 Android

Avoid using IPhones (if possible). Optional: make sure to cover cameras and microphones, if not using them, in other words, NO

LEAVE DOORS OPEN.

Use Android (Graphene OS if possible). Ungoogle your phone if you can’t use Graphene OS and unlock it (remove bundled apps and Google services from your phone).

Remember that phones are used to make calls and things like that. Never use them to do anything illegal.

Never take pictures. If you take a photo of a place, make sure it’s not easy to understand where that place is in the world (quite difficult) and delete the exif metadata from the photo. Make sure you never post these types of photos online. And do humanity a favor, DO NOT POST PHOTOS OF YOUR CHILDREN AND CHILDREN IN GENERAL, PEDERASTISTS ALSO KNOW HOW TO TRACK!

If you must completely erase Android, you can choose to destroy it (Drill). By removing the battery first, you could avoid hurting yourself.

 

#9 Instant Messaging

Session: Does not require an email address or phone number.

Sign: Requires a phone number. See if you can use proxy servers or route your traffic through TOR nodes. Use a number that is not assigned to you Telegram: uses secret chats. Avoid sending Images/making Calls. See if you can use proxy servers to route your traffic (TOR nodes).

#10 Email Services: ProtonMail – Use fake emails and strong passwords. It is suggested to create an account and log in only from

TOR, a VPN or a proxy. Tutanota: The same as said above for ProtonMail should be noted here for Tutanota

#11 Monero and others:

Use Monero to pay for Mullvad VPN and other online services. If you have to buy something in real life, use only cash. Avoid credit cards or buy prepaid cash cards.

#12 Browsers:

Librewolf (Use plugins like UBlock Origin, Clear Cookies, User-Agent Switcher and similar). Librewolf could give some

Problems displaying some content on some websites. If this happens, you may consider switching to Firefox.

Firefox (Use the same plugins mentioned above). Brave (Less privacy focused than browsers

Previous. It is based on Chromium. In the past it was detected using affiliate links).

TOR (Slow but Sure).

Mullvad Browser (Less secure than TOR).

#13 VPN: Mullvad (Pay with Monero)

ProtonVPN (Less secure than Mullvad. Avoid using it if you can.) If you really want to be as safe as possible, use Mullvad VPN. Don’t use cracked VPNs, free VPNs or things like that

#34 Proxies (Use anonymous proxies or private proxies): Use proxy chains (TOR and proxies). There are many sites that share free proxy servers, but be aware that they may log your traffic and what you do.

TOR Use a secure configuration and improve the configuration. If you want to be more secure, use Qubes OS/Tails/Whonix in a VM or use a USB to use TOR

#15 Whether you’re using Talls, VPN, TOR, or proxies, make sure you don’t leak DNS or anything else! If so, you must first fix these leaks to be able to browse

Privately. (Feel free to try Qubes OS, Tails and Whonix to find out which works best for you. Remember you can put them on a bootable USB to use on any laptop/PC).

You can even set up your own VPN yourself. Avoid any VPNs sponsored by people, as if they are the best things ever created. They are not and they give data to governments.

Before trusting someone or something with your traffic and information, do a lot of research on them (the company). Look around to see if they ever turned over records to

agencies, audits, whether they were ever breached, and whether the CEO and other senior people in the company have questions.

#16 TOR

Remember that governments have TOR nodes too. You can decide to change your current IP every few minutes. Never log into your real accounts and emails from an account created on TOR or on a burner phone. It will compromise your true identity.

#17 Password managers: KeePass Find open source, audited and trustworthy password managers.

Avoid writing all your passwords into a text file and saving it to your desktop (Obviously). You may consider storing all your emails and passwords on an encrypted USB or on a well-hidden piece of paper (if appropriate), but that might not be the best solution and could create new threats to your privacy and security. It usually depends on what your threat module is.

#18 Encryption:

  • VeraCrypt
  • true crypt
  • Best Crypt
  • 7Zip

#19 Social networks and accounts:

Avoid using 1 email for everything. Create 2/3 (or even more) and use each of them for different purposes, depending on what you want to do with them.

If possible, avoid logging into all your emails from the same device, as this could be used to prove that you are the owner of those email addresses. The IP you used to create and log into your accounts will likely be logged, providing proof that you are indeed the owner of those accounts.

Avoid verifying any of your accounts with your real phone number. Use another number.

  • Avoid using the same nickname/handle/profile picture everywhere. With a single Google search, anyone can find all of your online profiles and accounts
ALL, OPSEC Tags:,

Related Posts

Copyright 2024

Discover more from The Cyber Shafarat -

Subscribe now to keep reading and get access to the full archive.

Continue reading