lots of changes

2025-07-02 11:56:40 +00:00 · 2024-11-30 16:50:12 +01:00 · 2024-11-30 16:50:12 +01:00 · ad30d67903
commit ad30d67903
parent 7a1f91e098
36 changed files with 275 additions and 24 deletions
--- a/opsec/veracrypt/index.html
+++ b/opsec/veracrypt/index.html
@ -97,12 +97,61 @@ regarding wear leveling:
 			<div class="row">
 				<div class="col-lg-8 col-lg-offset-2">
          <h2><b>Deniability Context </b></h2>
+
+<p>⚠️ <u>Deniability Disclaimer:</u> <b>If the adversary cannot be told that you are using veracrypt, do not install Veracrypt on the host OS outside of live mode, but rather install it manually each time you boot into live mode</b> That way everytime you reboot, there is no veracrypt program to be found at all. ⚠️</p>
 <p>Let's install the .deb package for veracrypt (you can install it safely from non-live mode), so that the software is available whenever you want to use it while the host OS is in live mode: </p>
 <img src="1.png" class="imgRz">
 <pre><code class="nim">
 [ mainpc ] [ /dev/pts/1 ] [~/Downloads]
 → wget https://launchpad.net/veracrypt/trunk/1.26.7/+download/veracrypt-1.26.7-Debian-12-amd64.deb

+</code></pre>
+<p>If you are using a VPS to help speed up the initial setup everytime you boot into live mode like we have <a href="../livemode/index.html">showcased previously</a>, you can also use it to store the veracrypt .deb file for you, to make it easier to retrieve each time:</p>
+<pre><code class="nim">
+[ mainpc ] [ /dev/pts/4 ] [/tmp]
+→ ssh root@65.109.30.253
+root@65.109.30.253's password:
+Linux Datura 6.1.0-18-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.76-1 (2024-02-01) x86_64
+
+The programs included with the Debian GNU/Linux system are free software;
+the exact distribution terms for each program are described in the
+individual files in /usr/share/doc/*/copyright.
+
+Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
+permitted by applicable law.
+Web console: https://localhost.localdomain:9090/ or https://65.109.30.253:9090/
+
+You have mail.
+Last login: Sat Nov 30 14:42:15 2024 from 91.90.40.175
+
+[ Datura ] [ /dev/pts/0 ] [~]
+→ cd sensitive_scripts
+
+[ Datura ] [ /dev/pts/0 ] [~/sensitive_scripts]
+→ wget https://launchpad.net/veracrypt/trunk/1.26.7/+download/veracrypt-1.26.7-Debian-12-amd64.deb -O vc.deb
+
+2024-11-30 16:43:58 (20.1 MB/s) - ‘vc.deb’ saved [9211094/9211094]
+
+[ Datura ] [ /dev/pts/0 ] [~/sensitive_scripts]
+→ exit
+Connection to 65.109.30.253 closed.
+
+</pre></code>
+<p>That way, everytime you boot into live mode, all you need is to download the vc.deb file from the VPS:</p>
+
+<pre><code class="nim">
+[ mainpc ] [ /dev/pts/4 ] [/tmp]
+→ scp root@65.109.30.253:/root/sensitive_scripts/vc.deb .
+root@65.109.30.253's password:
+vc.deb                                                                                                                                                                                                        100% 8995KB   1.9MB/s   00:04
+
+[ mainpc ] [ /dev/pts/4 ] [/tmp]
+→ file vc.deb
+vc.deb: Debian binary package (format 2.0), with control.tar.gz, data compression gz
+
+</pre></code>
+<p>And then to install it you can do it like so:</p>
+<pre><code class="nim">
 [ mainpc ] [ /dev/pts/1 ] [~/Downloads]
 → sudo dpkg -i veracrypt-1.26.7-Debian-12-amd64.deb

@ -119,10 +168,12 @@ regarding wear leveling:
 [ mainpc ] [ /dev/pts/1 ] [~/Downloads]
 → veracrypt

-</code></pre>
+</pre></code>
+
+
 <p>So now that you have veracrypt installed, before you start to use it, you need to be aware of the lack of deniability you have when using the Host OS in regular mode:</p>
 <img src="../livemode/3.png" class="imgRz">
-<p>By default, your host OS directly writes into the system drive all sorts of potential forensic evidence that an adversary may use against you, such as system logs, kernel logs, non-standard logs, etc, and unless if you remove each of those manually, you're never sure of wether or not the Host OS saved proof of the existence of the hidden volume onto the system drive. <b>That's why you need to use the Host OS in <a href="../livemode/index.html">live mode</a>, to be able to use veracrypt.</b></p>
+<p>By default, your host OS directly writes into the system drive all sorts of potential forensic evidence that an adversary may use against you, such as system logs, kernel logs, non-standard logs, etc, and unless if you remove each of those manually, you're never sure of wether or not the Host OS saved proof of the existence of the hidden volume onto the system drive. <b>That's why you need to use the Host OS in <a href="../livemode/index.html">live mode</a>, to be able to use veracrypt</b>, and <b>to install it aswell if you cannot tell the adversary that you are using veracrypt.</b></p>
 <img src="../livemode/4.png" class="imgRz">
 <p>That way, as you're loading the entire host OS in the RAM due to being in live mode, you are not writing anything on the system drive anymore, <b>but rather only writing all that potential forensic evidence of the veracrypt hidden volume <u>in RAM alone</u>, which can be easily erased with a simple shutdown</b>.</p>
 <p>So now that we have installed veracrypt, let's reboot the Host OS into live mode:</p>