oxeo0/blog-contributions
1
0
Fork 0
mirror of http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions.git synced 2025-07-02 06:46:42 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

minor fixes

Browse source
This commit is contained in:
nihilist 2025-03-27 19:35:00 +01:00
parent 2733dda9d0
commit 269d350f23
4 changed files with 3 additions and 67 deletions
Download patch file Download diff file Expand all files Collapse all files

2
opsec/contribute/index.html
View file

@ -120,7 +120,7 @@ To be showcased:
<div class="col-lg-8 col-lg-offset-2">
<h2><b>What's Offtopic?</b></h2>
<p>Here are the list of things that are offtopic, and that we will NOT cover in the blog (for the foreseeable future at least):</p>
<p>1) <u>General security and hacking:</u> (making sure a software is secure, how to test if it is secure or not) this is a BOTTOMLESS rabbithole that we won't go into again. I went down that rabbithole myself, in the <a href="../../HTB/index.html">Hacking section</a>. Point being, you anyway cannot defend against the threat that you don't know anything about (0days). You're never going to eliminate all 0day risks by going for ultra minimalism, since every damn line of code your minimal software contains can potentially containa vulnerability. <b>Trying to protect against the threat you don't know about (0days) IS a pointless and futile endeavor.</b> You can reduce the risks of 0days by going for ultra-minimalism, but we'll leave that at the discretion of the viewers. <b>TLDR: Tell the viewer to run the software on it's latest update. If a malicious commit is pushed into the software, don't trust that repository and maintainer anymore, fork it on your own .onion forgejo instance, remove the bad commits, and compile the software yourself.</b> We will consider some FOSS software as suitable for opsec use <u>until proven otherwise (so don't bring up the 0day excuse)</u> , not the other way around.</p>
<p>1) <u>General security and hacking:</u> (making sure a software is secure, how to test if it is secure or not) this is a BOTTOMLESS rabbithole that we won't go into again. I went down that rabbithole myself, in the <a href="../../HTB/index.html">Hacking section</a>. Point being, you anyway cannot defend against the threat that you don't know anything about (0days). You're never going to eliminate all 0day risks by going for ultra minimalism, since every damn line of code your minimal software contains can potentially contain a vulnerability. <b>Trying to protect against the threat you don't know about (0days) IS a pointless and futile endeavor.</b> You can reduce the risks of 0days by going for ultra-minimalism, but we'll leave that at the discretion of the viewers. <b>TLDR: Tell the viewer to run the software on it's latest update. If a malicious commit is pushed into the software, don't trust that repository and maintainer anymore, fork it on your own .onion forgejo instance, remove the bad commits, and compile the software yourself.</b> We will consider some FOSS software as suitable for opsec use <u>until proven otherwise (so don't bring up the 0day excuse)</u> , not the other way around.</p>
<img src="65.png" class="imgRz">
<p>2) <u>Closed-source hardware privacy workarounds:</u> no, we won't recommend to the 90% average joes out there to wire up cables to their CPU in order to disable intel ME, install coreboot, or whatever else, and risk bricking their motherboards/CPUs permanently. <b>We will recommend that average joe to purchase fully open hardware devices, that are free of potential backdoors in the first place, when they are available on the market.</b> We do with the tools at our disposal, so until those tools are made available, we use what we can use. <b>We will consider FOSS Host OS as suitable for privacy, even on closed-source hardware for the time being.</b> (so don't bring up the google pixel graphene OS or the Intel/AMD CPU hardware backdoor argument until you find an actual open hardware alternative that does the job aswell)</p>

64
opsec/hypervisorsetup/index.html
View file

@ -239,70 +239,6 @@ reboot now
</div><!-- /row -->
</div> <!-- /container -->
</div><!-- /white -->
<div id="anon2">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<h2><b>How to harden your private VM by distro-morphing it into Kicksecure</b></h2> </br> </br>
<p><b>What is Kicksecure?</b> Kicksecure is a free and open-source Linux distribution designed to provide a highly secure computing environment. It is built on a hardened version of Debian, implementing a defense-in-depth security model that protects against various types of malware and attacks.</p>
<p><b>Reasons to use Kicksecure</b></p>
<ul>
<li>Enhanced Security Features:</li>
<p>Kicksecure is designed with a strong focus on security, incorporating various hardening techniques such as kernel hardening, user account isolation, and application-specific restrictions.</p>
<li>Privacy Protection:</li>
<p>All updates and software installations are routed through the Tor network, ensuring that user identities and IP addresses remain anonymous.</p>
<li>Lower Attack Surface:</li>
<p>Kicksecure minimizes potential vulnerabilities by not having open server ports or unnecessary services running by default. </p>
<li>User -Friendly Experience:</li>
<p>The operating system is designed to be accessible, with many applications available in their apt repositories and configured for immediate use, such as the <a href="../torbrowsing/index.html">tor browser.</a></p>
<li>Compatibility with Virtualization:</li>
<p>Kicksecure supports various virtualization options, allowing users to run it in a virtual machine.</p>
<li>Free and Open Source:</li>
<p>As an open-source project, Kicksecure allows users to review, modify, and redistribute the source code.</p>
</ul>
<p>
<b>Kicksecure is important in many scenarios.</b> It is ideal for individuals handling sensitive data, such as personal or financial information, as its robust security features protect against data breaches and unauthorized access. Journalists, activists, and whistleblowers can maintain anonymity while communicating, safeguarding their identities from surveillance. Users accessing public Wi-Fi can rely on Kicksecure for secure browsing, reducing the risk of data interception. Running Kicksecure in a virtual machine helps contain potential malware threats, protecting the primary operating system. Additionally, developers and researchers can create a secure environment for security tools and cybersecurity research. Kicksecure also serves as an educational resource, offering documentation and community support for users looking to enhance their security knowledge. Its hardened configuration defends against brute force attacks, making it suitable for securing sensitive accounts. Overall, Kicksecure is essential for anyone prioritizing security, privacy, and anonymity in their digital activities. For more details on why you should use kicksecure, check out their official <a href="https://www.kicksecure.com/wiki/About">website.</a></p>
<p>Now let's setup Kicksecure in the private VM, by distro-morphing the Debian guest OS into a Kicksecure guest OS. First,we need to create a new group called console. Then add the your user to the console group</p>
<!-- <img src="" class="imgRz"> -->
<pre><code class="nim">sudo addgroup --system console</code></pre>
<!-- <p></p> -->
<pre><code class="nim">sudo adduser "your_username" console</code></pre>
<p>After that,we need to install console related packages.</p>
<pre><code class="nim"> sudo apt install console-data console-common kbd keyboard-configuration</code></pre>
<!-- <img src="assets/05_installing_requirements.png" class="imgRz"> -->
<p>Now, we will install extrepo to get the kicksecure APT repository. We will also enable the repository</p>
<pre><code class="nim"> sudo apt install extrepo </code></pre>
<pre><code class="nim"> sudo extrepo enable kicksecure </code></pre>
<!-- <pre><code class="nim"> sudo apt install apt-transort-tor</code></pre> -->
<p>Next step is to download the kicksecure packages. Note that this will install a desktop environment(Xfce) and other applications</p>
<pre><code class="nim">sudo apt install kicksecure-xfce-host</code></pre>
<!-- <img src="assets/09_installs_kicksecure_packges.png" class="imgRz"> -->
<p>Finally, we need to enable the Kicksecure APT derivative.list in /etc/apt/sources.list.d/derivative.list</p>
<pre><code class="nim">sudo repository-dist --enable --repository onion</code></pre>
<p>This command will generate derivative.list file.</p>
<img src="10_dev_list_over_onion.png" class="imgRz">
<p>Disable the extrepo kicksecure APT repository. This is to avoid a duplicate Kicksecure repository.</p>
<pre><code class="nim"> sudo extrepo disable kicksecure</code></pre>
<p>That's it! A quick reboot will apply all the new settings and configurations.</p>
<pre><code class="nim">sudo reboot</code></pre>
<p><b>Changes after reboot</b></p>
<p>New GNU GRUB menu</p>
<img class="imgRz" src="new_grub.png">
<p>sdwdate to synchronize the system clock with time servers over the Tor network for better anonymity.</p>
<img class="imgRz" src="sdwdate.png">
<p>System Integrity Checks</p>
<img class="imgRz" src="sys_inter.png">
<p>System updates over Tor</p>
<img class="imgRz" src="tor.png">
<p><b>In conclusion</b>,Kicksecure offers a robust solution for security and privacy, built on a hardened Debian foundation. Users can confidently operate within a Kicksecure VM, ready for private use in todays complex digital landscape.</p>
</div>
</div><!--/row -->
</div> <!-- /container -->
</div><!-- /white -->
<!-- +++++ Footer Section +++++ -->
<div id="anonb">

2
opsec/maintainers/index.html
View file

@ -129,7 +129,7 @@ to be showcased: (How)
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<h2><b>What's Offtopic?</b></h2> <p>Here are the list of things that are offtopic, and that we will NOT cover in the blog (for the foreseeable future at least):</p> <p>1) <u>General security and hacking:</u> (making sure a software is secure, how to test if it is secure or not) this is a BOTTOMLESS rabbithole that we won't go into again. I went down that rabbithole myself, in the <a href="../../HTB/index.html">Hacking section</a>. Point being, you anyway cannot defend against the threat that you don't know anything about (0days). You're never going to eliminate all 0day risks by going for ultra minimalism, since every damn line of code your minimal software contains can potentially containa vulnerability. <b>Trying to protect against the threat you don't know about (0days) IS a pointless and futile endeavor.</b> You can reduce the risks of 0days by going for ultra-minimalism, but we'll leave that at the discretion of the viewers. <b>TLDR: Tell the viewer to run the software on it's latest update. If a malicious commit is pushed into the software, don't trust that repository and maintainer anymore, fork it on your own .onion forgejo instance, remove the bad commits, and compile the software yourself.</b> We will consider some FOSS software as suitable for opsec use <u>until proven otherwise (so don't bring up the 0day excuse)</u> , not the other way around.</p>
<h2><b>What's Offtopic?</b></h2> <p>Here are the list of things that are offtopic, and that we will NOT cover in the blog (for the foreseeable future at least):</p> <p>1) <u>General security and hacking:</u> (making sure a software is secure, how to test if it is secure or not) this is a BOTTOMLESS rabbithole that we won't go into again. I went down that rabbithole myself, in the <a href="../../HTB/index.html">Hacking section</a>. Point being, you anyway cannot defend against the threat that you don't know anything about (0days). You're never going to eliminate all 0day risks by going for ultra minimalism, since every damn line of code your minimal software contains can potentially contain a vulnerability. <b>Trying to protect against the threat you don't know about (0days) IS a pointless and futile endeavor.</b> You can reduce the risks of 0days by going for ultra-minimalism, but we'll leave that at the discretion of the viewers. <b>TLDR: Tell the viewer to run the software on it's latest update. If a malicious commit is pushed into the software, don't trust that repository and maintainer anymore, fork it on your own .onion forgejo instance, remove the bad commits, and compile the software yourself.</b> We will consider some FOSS software as suitable for opsec use <u>until proven otherwise (so don't bring up the 0day excuse)</u> , not the other way around.</p>
<img src="../contribute/65.png" class="imgRz">
<p>2) <u>Closed-source hardware privacy workarounds:</u> no, we won't recommend to the 90% average joes out there to wire up cables to their CPU in order to disable intel ME, install coreboot, or whatever else, and risk bricking their motherboards/CPUs permanently. <b>We will recommend that average joe to purchase fully open hardware devices, that are free of potential backdoors in the first place, when they are available on the market.</b> We do with the tools at our disposal, so until those tools are made available, we use what we can use. <b>We will consider FOSS Host OS as suitable for privacy, even on closed-source hardware for the time being.</b> (so don't bring up the google pixel graphene OS or the Intel/AMD CPU hardware backdoor argument until you find an actual open hardware alternative that does the job aswell)</p>

2
opsec/monero2024/index.html
View file

@ -99,7 +99,7 @@
[ Whonix ] [ /dev/pts/5 ] [~/Desktop]
→ tar -xvf monero-gui-linux-x64-v0.18.3.3.tar.bz2 (2)
→ tar -xvf monero-gui-linux-x64*.tar.bz2 (2)
monero-gui-v0.18.3.3/
monero-gui-v0.18.3.3/LICENSE
monero-gui-v0.18.3.3/extras/