oxeo0/blog-contributions
1
0
Fork 0
mirror of http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions.git synced 2025-07-02 11:56:40 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

updated deniability tutorials

Browse source
This commit is contained in:
nihilist 2024-11-17 21:26:32 +01:00
parent b6e810047d
commit 48096306fc
8 changed files with 91 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

BIN
opsec/sensitivevm/0.png
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 177 KiB

After

Width:  |  Height:  |  Size: 363 KiB

Before After
Before After

BIN
opsec/sensitivevm/41.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 52 KiB

BIN
opsec/sensitivevm/42.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 374 KiB

52
opsec/sensitivevm/index.html
View file

@ -539,8 +539,50 @@ stress -m 1 --vm-bytes $(free -ght | grep Mem | cut -d ' ' -f 12 | cut -d 'G' -f
<p>So basically from here, if you are not in a QEMU VM, you simply need to hit the shortcut <b>"SUPER+R"</b>.</p>
<p>If you are focused in a QEMU VM, you need to do <b>"Ctrl+Alt"</b> (to focus out of the QEMU VM), and then <b>"SUPER+R"</b> to run the wipe.sh script from the Host OS.</p>-->
<img src="37.png" class="imgRz">
<p>Now we're setting up the shortcut <b>"Super+V"</b> to run the <b>/mnt/veracrypt1/script.sh</b> script just so it is quicker to setup the whonix VMs when inside the veracrypt hidden volume. Now to shut down the Host OS, there is already a default cinnamon shortcut which is <b>"Ctrl+Alt+End"</b>.</p>
<p>Now we're setting up the shortcut <b>"Super+V"</b> to run the <b>/mnt/veracrypt1/script.sh</b> script just so it is quicker to setup the whonix VMs when inside the veracrypt hidden volume.</p>
<img src="36.png" class="imgRz">
<p> Now in order to shut down the Host OS, as we have explained <a href="../livemode/index.html">previously</a>, we need to have the emergency shutdown bashscript script:</p>
<pre><code class="nim">
nihilist@mainpc:~$ su -
Password:
root@mainpc:~# visudo
[...]
nihilist ALL=NOPASSWD:/sbin/shutdown
[...]
nihilist@mainpc:~$ vim shutdown.sh
nihilist@mainpc:~$ cat shutdown.sh
#!/bin/bash
/sbin/shutdown -h now
nihilist@mainpc:~$ chmod +x shutdown.sh
</pre></code>
<p>However we're going to edit it a bit to run the script.sh, along with closing down the veracrypt volumes before shutting down the Host OS, so we need to edit the shutdown.sh script as follows:</p>
<pre><code class="nim">
nihilist@mainpc:~$ cat shutdown.sh
#!/bin/bash
# run script.sh
/mnt/veracrypt1/script.sh
# unmount veracrypt volumes
/usr/bin/veracrypt -d -f
# kill veracrypt after unmounting
kill $(pidof veracrypt)
# shutdown the host OS
/sbin/shutdown -h now
</pre></code>
<p>Then, we need to make sure that the shutdown.sh script can be ran with the <b>"Super+R"</b> shortcut:</p>
<img src="41.png" class="imgRz">
<p>And we're now all setup! So let's try it out in both scenarios (from the decoy volume, and from the hidden volume):</p>
</div>
</div><!-- /row -->
@ -560,7 +602,7 @@ stress -m 1 --vm-bytes $(free -ght | grep Mem | cut -d ' ' -f 12 | cut -d 'G' -f
<p>Then we open VLC, and we hit "Open file" and browse to our non-sensitive files:</p>
<img src="33.png" class="imgRz">
<img src="34.png" class="imgRz">
<p>Then suddenly someone busts your front door, and you quickly press <b>"Super+V"</b> the VLC window immediately closes, and then <b>"Ctrl+Alt+End"</b> and in a few seconds you have the Host OS shutting down. And as the Host OS shuts down, all the RAM contents are erased (even though there was nothing sensitive in it this time).</p>
<p>Then suddenly someone busts your front door, and you quickly press <b>"Super+R"</b> the VLC window immediately closes, followed by the closure of the veracrypt volume, and in a few seconds you have the Host OS shutting down. And as the Host OS shuts down, all the RAM contents are erased (even though there was nothing sensitive in it this time).</p>
<img src="" class="imgRz">
<p>And that's it ! if the adversary didnt get to your desk by the time you pressed the shortcut, he didnt get to see the content you were playing on your monitor. </p>
@ -570,9 +612,9 @@ stress -m 1 --vm-bytes $(free -ght | grep Mem | cut -d ' ' -f 12 | cut -d 'G' -f
<img src="24.png" class="imgRz">
<p>Once the hidden volume is mounted, we hit <b>"Super+V"</b> to quickly setup the whonix VMs:</p>
<img src="38.png" class="imgRz">
<p>And after a while of doing some actual sensitive stuff on the whonix VM you hear your front door being busted down, so you quickly hit <b>"Ctrl+Alt"</b> to focus out of the VM, and then you hit <b>"Ctrl+Alt+End"</b> to trigger the emergency shutdown:</p>
<img src="39.png" class="imgRz">
<p>Here it also only takes approximately 4 seconds after pressing <b>"Ctrl+Alt+End"</b> to have your Host OS shutdown, erasing all the forensic evidence regarding the existence of the veracrypt hidden volume and the Sensitive Whonix VM it contains.</p>
<p>And after a while of doing some actual sensitive stuff on the whonix VM you hear your front door being busted down, so you quickly hit <b>"Ctrl+Alt"</b> to focus out of the VM, and then you hit <b>"Super+R"</b> to trigger the emergency shutdown:</p>
<img src="42.png" class="imgRz">
<p>Here it also only takes approximately 4 seconds after pressing <b>"Super+R"</b> to have the VMs removed, the veracrypt volume closed, and your Host OS shutdown, erasing all the forensic evidence regarding the existence of the veracrypt hidden volume and the Sensitive Whonix VM that it contains.</p>
<p>And that's it ! You now have a Sensitive VM ready to be used, and you have implemented the necessary measures to protect the deniability of it's existance, from an adversary.</p>
</div>
</div><!-- /row -->