oxeo0/blog-contributions
1
0
Fork 0
mirror of http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions.git synced 2025-07-02 11:56:40 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

lots of changes

Browse source
This commit is contained in:
nihilist 2024-11-30 16:50:12 +01:00
parent 7a1f91e098
commit ad30d67903
36 changed files with 275 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

BIN
opsec/livemode/10.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 524 KiB

BIN
opsec/livemode/4.png
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 86 KiB

After

Width:  |  Height:  |  Size: 224 KiB

Before After
Before After

BIN
opsec/livemode/7.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 236 KiB

BIN
opsec/livemode/8.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 266 KiB

BIN
opsec/livemode/9.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 445 KiB

122
opsec/livemode/index.html
View file

@ -56,7 +56,7 @@
<!-- +++++ Posts Lists +++++ -->
<!-- +++++ First Post +++++ -->
<div id="anon2">
<div id="anon1">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
@ -79,7 +79,7 @@
</div><!-- /grey -->
<!-- +++++ Second Post +++++ -->
<div id="anon3">
<div id="anon2">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
@ -92,7 +92,6 @@
<img src="3.png" class="imgRz">
<p>Now when you are using your computer for regular public, private and anonymous activities, normally you don't need to care about those things. But the Host OS is a potential goldmine of forensic evidence to be used against you, <b>so for sensitive use specifically we need to take care of it.</b></p>
<p>Now you could start to manually erase all logs, all kernel logs, all non-standard system logs, manually overwrite the RAM contents, but this is going to be way too tedious and you're likely to miss something. So we have one simple solution: <b>use the Host OS in live mode</b>.</p>
<img src="4.png" class="imgRz">
<p>Thanks to live mode, <b>we are able to load the entire Host OS in RAM directly</b>, allowing us to avoid writing anything on the system disk (no system logs, no kernel logs, no non-standard logs, <b>only ram contents to worry about</b>)</p>
<p>And since everything is loaded inside the RAM, <b>all we need is to reboot the computer to wipe all of the RAM contents</b>, effectively <b>erase all forensic evidence (and all potential forensic evidence) of the existence of the hidden volume in one simple action.</b></p>
</div>
@ -100,12 +99,14 @@
</div> <!-- /container -->
</div><!-- /white -->
<div id="anon2">
<div id="anon1">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<h2><b>Setting up Live Mode</b></h2> </br> </br>
<p>To do so, we need to install Kickstart's apt repository to have the grub-live package:</p>
<h2><b>Using Live Mode from the System Drive</b></h2> </br> </br>
<p>⚠️ <u>Deniability Disclaimer:</u> <b>This setup is only suitable if the adversary can be told that you are using Kicksecure, with the ram-wipe and grub-live packages, without it being a reason to throw you in jail. Do not proceed if that's the case.</b> ⚠️</p>
<img src="4.png" class="imgRz">
<p>If the adversary won't put you in jail for having Kicksecure on the system drive, you can proceed to install Kickstart's apt repository to have the grub-live and ram-wipe packages:</p>
<pre><code class="nim">
nothing@debian-tests:~$ su -
Password:
@ -171,6 +172,49 @@ root@debian-tests:~# reboot now
</div> <!-- /container -->
</div><!-- /white -->
<div id="anon2">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<h2><b>Using Live Mode from a USB Stick</b></h2> </br> </br>
<p>⚠️ <u>Deniability Disclaimer:</u> <b>This setup is suitable if the adversary cannot be told that you are using Kicksecure, with the ram-wipe and grub-live packages, without it being a reason to throw you in jail.</b> ⚠️</p>
<p>If you are in the usecase where the adversary cannot be told that you are using kicksecure, <b>there is an innocent way of using live mode, by using a usb stick with the debian iso flashed on it</b>:</p>
<img src="7.png" class="imgRz">
<p>In order to have a USB stick with a debian iso flashed on it, we're going to copy the "how to install linux" tutorial i wrote <a href="../linux/index.html">here</a>, except that we're not going to use the netinstall debian iso file, but rather we'll use one of the <a href="https://cdimage.debian.org/debian-cd/current-live/amd64/iso-hybrid/">"debian-live"</a> ISOs :</p>
<img src="8.png" class="imgRz">
<p>Then you can use dd to flash the iso on your usb stick:</p>
<pre><code class="nim">
nihilist@mainpc:~$ lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
[...]
sdc 8:32 1 14.6G 0 disk
└─sdc1 8:33 1 14.6G 0 part /media/nihilist/024F-D7E6
[...]
nihilist@mainpc:~$ umount /media/nihilist/024F-D7E6
nihilist@mainpc:~$ sudo dd bs=4M if=debian-live-12.8.0-amd64-cinnamon.iso of=/dev/sdc status=progress oflag=sync
3384803328 bytes (3.4 GB, 3.2 GiB) copied, 165 s, 20.5 MB/s
810+1 records in
810+1 records out
3399122944 bytes (3.4 GB, 3.2 GiB) copied, 165.953 s, 20.5 MB/s
</pre></code>
<p>once you have the USB stick with debian on it, simply plug it in your computer, reboot your computer, and then boot on the usb stick after entering the BIOS/UEFI:</p>
<img src="../linux/18.png" class="imgRz">
<img src="../linux/19.png" class="imgRz">
<img src="../linux/20.png" class="imgRz">
<img src="../linux/21.png" class="imgRz">
<p>Next, select the usb key and then you can boot on it by choosing the <b>"Live system" option:</b> </p>
<img src="9.png" class="imgRz">
<img src="10.png" class="imgRz">
<p>And here as you can see we successfully entered livemode by booting into debian from the usb key directly, and we are able to see the other drives that are on the computer, without writing any data on them.</p>
</div>
</div><!-- /row -->
</div> <!-- /container -->
</div><!-- /white -->
<!-- +++++ Second Post +++++ -->
<div id="anon1">
@ -201,7 +245,7 @@ nothing@debian-tests:~$ cat test.txt
THis has been written in the system disk vda1 from live mode !
</code></pre>
<p>and then we will create a file in the <b>non-system drive /dev/vdb</b> (which contains a veracrypt hidden volume):</p>
<p>and then we will create a file in the <b>non-system drive /dev/vdb</b> (which contains a <a href="../veracrypt/index.html">veracrypt</a> hidden volume):</p>
<img src="1.png" class="imgRz">
<pre><code class="nim">
nothing@debian-tests:~$ lsblk
@ -226,7 +270,7 @@ this is a test file written from live mode, into a non-system drive!
</code></pre>
<p>Then we simply reboot the host OS into regular non-live mode to check if our first test file on the system drive is gone, and if the second test file on the non-system drive has been effectively saved:</p>
<p>Then we simply reboot into the system-drive host OS in regular non-live mode to check if our first test file on the system drive is gone, and if the second test file on the non-system drive has been effectively saved:</p>
<img src="2.png" class="imgRz">
<p>And then we check that the first test file we created in the system drive is effectively not there anymore:</p>
<pre><code class="nim">
@ -261,7 +305,8 @@ this is a test file written from live mode, into a non-system drive!
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<h2><b>Emergency Shutdown Script</b></h2> </br> </br>
<p>Now in order to make sure we can shutdown the Host OS quickly, we need to have an emergency shutdown script, that can be ran by a non-root user in order to immediately shutdown the Host OS whenever we need it.</p>
<p>Now in order to make sure we can shutdown the Host OS quickly and fine-tune the shutdown sequence later depending on our needs, we can setup an emergency shutdown script, that can be ran by a non-root user in order to immediately shutdown the Host OS whenever we need it.</p>
<p>⚠️ <u>Deniability Disclaimer:</u> Proceed with the following part <b>in the system-drive outside of live mode, only if you can afford the adversary to see that you have an emergency shutdown script.</b> <u>If that is not an option, you're going to have to do this part manually every time you boot into live mode.</u> (meaning that upon rebooting, there won't be any emergency shutdown script to be found) ⚠️</p>
<p>First we need to make sure the user is able to run the shutdown command:</p>
<pre><code class="nim">
@ -293,7 +338,66 @@ nothing@debian:~$ chmod +x shutdown.sh
<img src="5.png" class="imgRz">
<img src="6.png" class="imgRz">
<p>And thats it! you now you have a shortcut that you can use to immediately shutdown the Host OS.</p>
</div>
</div><!-- /row -->
</div> <!-- /container -->
</div><!-- /white -->
<div id="anon1">
<div class="container">
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<h2><b>Emergency Shutdown Script for live USB users</b></h2> </br> </br>
<p>⚠️ <u>Deniability Disclaimer:</u> Proceed with the following part <b>if you can't afford the adversary to find out that you have an emergency shutdown script.</b> ⚠️</p>
<p>If you are in this usecase, since you're going to have to do this setup at every bootup, you want to speed up the initial setup as much as you can, to help with that i recommend storing your sensitive use scripts on <a href="../anonymousremoteserver/index.html">a non-KYC VPS</a>, because that way, you only have to remember the IP of the VPS, and how to login there:</p>
<pre><code class="nim">
nothing@debian:~$ ssh root@65.109.30.253
root@65.109.30.253's password:
Linux Datura 6.1.0-18-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.76-1 (2024-02-01) x86_64
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Web console: https://localhost.localdomain:9090/ or https://65.109.30.253:9090/
You have mail.
Last login: Sat Nov 30 14:42:04 2024 from 91.90.40.175
[ Datura ] [ /dev/pts/0 ] [~]
→ mkdir sensitive_scripts
[ Datura ] [ /dev/pts/0 ] [~]
→ cd sensitive_scripts
[ Datura ] [ /dev/pts/0 ] [~/sensitive_scripts]
→ vim shutdown.sh
[ Datura ] [ /dev/pts/0 ] [~/sensitive_scripts]
→ cat shutdown.sh
#!/bin/bash
/sbin/shutdown -h now
</pre></code>
<p>The idea being that you manually get your scripts from the VPS upon each boot into live mode, that way you don't need to rewrite them from scratch every time, <b>and especially you are not storing them anywhere locally, where the adversary could find them</b> </p>
<p>To download the script you can simply run a scp command to download your scripts via SSH directly:</p>
<pre><code class="nim">
nothing@debian:~$ scp root@65.109.30.253:/root/sensitive_scripts/shutdown.sh .
root@65.109.30.253's password:
shutdown.sh 100% 35 0.3KB/s 00:00
nothing@debian:~$ cat shutdown.sh
#!/bin/bash
/sbin/shutdown -h now
nothing@debian:~$ chmod +x shutdown.sh
</pre></code>
<p>Now from here onwards, the setup is the as described above, you need to manually configure the shortcut to be able to use the shutdown script.</p>
</div>
</div><!-- /row -->
</div> <!-- /container -->