oxeo0/blog-contributions
1
0
Fork 0
mirror of http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions.git synced 2025-07-02 06:36:40 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

veracrypt -> zuluCrypt in veracrypt tutorial

Browse source
This commit is contained in:
oxeo0 2025-03-30 23:00:45 +02:00
parent bbfab6f47e
commit e781c359fb
29 changed files with 118 additions and 159 deletions
Download patch file Download diff file Expand all files Collapse all files

78
graphs/.$sensitivevms.drawio.bkp
View file

@ -1,6 +1,6 @@
<mxfile host="Electron" agent="Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) draw.io/24.7.17 Chrome/128.0.6613.36 Electron/32.0.1 Safari/537.36" version="24.7.17">
<mxfile host="Electron" agent="Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) draw.io/26.0.9 Chrome/128.0.6613.186 Electron/32.2.5 Safari/537.36" version="26.0.9">
<diagram name="Page-1" id="2ba70t6hbZqJ66wm7CcH">
<mxGraphModel dx="1789" dy="1768" grid="0" gridSize="10" guides="1" tooltips="1" connect="1" arrows="1" fold="1" page="0" pageScale="1" pageWidth="850" pageHeight="1100" math="0" shadow="0">
<mxGraphModel dx="2234" dy="2037" grid="0" gridSize="10" guides="1" tooltips="1" connect="1" arrows="1" fold="1" page="0" pageScale="1" pageWidth="850" pageHeight="1100" math="0" shadow="0">
<root>
<mxCell id="0" />
<mxCell id="1" parent="0" />
@ -460,7 +460,7 @@
<mxCell id="hzmDhe05OMtC0nZ9Vmrp-91" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0.502;entryY=1.022;entryDx=0;entryDy=0;entryPerimeter=0;" parent="1" source="hzmDhe05OMtC0nZ9Vmrp-67" target="hzmDhe05OMtC0nZ9Vmrp-90" edge="1">
<mxGeometry relative="1" as="geometry" />
</mxCell>
<mxCell id="hzmDhe05OMtC0nZ9Vmrp-92" value="Can contain Veracrypt &lt;br&gt;Hidden Volumes &lt;b&gt;&lt;u&gt;at rest only&lt;/u&gt;&lt;/b&gt;,&lt;br&gt;they cannot opened&lt;br&gt;due to potential log-based&lt;br&gt;forensic evidence&amp;nbsp;" style="verticalLabelPosition=middle;verticalAlign=middle;html=1;shape=mxgraph.basic.rect;fillColor2=none;strokeWidth=1;size=20;indent=5;labelPosition=center;align=center;fillColor=#a20025;fontColor=#ffffff;strokeColor=#6F0000;" parent="1" vertex="1">
<mxCell id="hzmDhe05OMtC0nZ9Vmrp-92" value="Can contain zuluCrypt&lt;br&gt;Hidden Volumes &lt;b&gt;&lt;u&gt;at rest only&lt;/u&gt;&lt;/b&gt;,&lt;br&gt;they cannot opened&lt;br&gt;due to potential log-based&lt;br&gt;forensic evidence&amp;nbsp;" style="verticalLabelPosition=middle;verticalAlign=middle;html=1;shape=mxgraph.basic.rect;fillColor2=none;strokeWidth=1;size=20;indent=5;labelPosition=center;align=center;fillColor=#a20025;fontColor=#ffffff;strokeColor=#6F0000;" parent="1" vertex="1">
<mxGeometry x="536" y="-339" width="164" height="78" as="geometry" />
</mxCell>
<mxCell id="hzmDhe05OMtC0nZ9Vmrp-93" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0.496;entryY=1.022;entryDx=0;entryDy=0;entryPerimeter=0;" parent="1" source="hzmDhe05OMtC0nZ9Vmrp-74" target="hzmDhe05OMtC0nZ9Vmrp-92" edge="1">
@ -1375,112 +1375,112 @@
<mxCell id="-QOANXPZQbtttvxU74BS-57" value="This is what the adversary can see &lt;br&gt;(after forcing you to type a password)&lt;br&gt;if you leave Veracrypt installed on the&lt;br&gt;Host OS, alongside the &lt;br&gt;emergency shutdown script" style="text;html=1;align=center;verticalAlign=middle;resizable=0;points=[];autosize=1;strokeColor=none;fillColor=none;" parent="1" vertex="1">
<mxGeometry x="3125" y="461" width="217" height="84" as="geometry" />
</mxCell>
<mxCell id="L1DjvFK5Fi8B8i2sXeHo-38" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" edge="1" parent="1" source="L1DjvFK5Fi8B8i2sXeHo-1" target="L1DjvFK5Fi8B8i2sXeHo-37">
<mxCell id="L1DjvFK5Fi8B8i2sXeHo-38" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" parent="1" source="L1DjvFK5Fi8B8i2sXeHo-1" target="L1DjvFK5Fi8B8i2sXeHo-37" edge="1">
<mxGeometry relative="1" as="geometry" />
</mxCell>
<mxCell id="L1DjvFK5Fi8B8i2sXeHo-1" value="Sensitive server 1&lt;br&gt;(remote or selfhosted)" style="image;html=1;image=img/lib/clip_art/computers/Server_Rack_128x128.png" vertex="1" parent="1">
<mxCell id="L1DjvFK5Fi8B8i2sXeHo-1" value="Sensitive server 1&lt;br&gt;(remote or selfhosted)" style="image;html=1;image=img/lib/clip_art/computers/Server_Rack_128x128.png" parent="1" vertex="1">
<mxGeometry x="437" y="3087" width="80" height="80" as="geometry" />
</mxCell>
<mxCell id="L1DjvFK5Fi8B8i2sXeHo-2" value="Sensitive server 2&lt;br&gt;(remote or selfhosted)" style="image;html=1;image=img/lib/clip_art/computers/Server_Rack_128x128.png" vertex="1" parent="1">
<mxCell id="L1DjvFK5Fi8B8i2sXeHo-2" value="Sensitive server 2&lt;br&gt;(remote or selfhosted)" style="image;html=1;image=img/lib/clip_art/computers/Server_Rack_128x128.png" parent="1" vertex="1">
<mxGeometry x="819" y="3087" width="80" height="80" as="geometry" />
</mxCell>
<mxCell id="L1DjvFK5Fi8B8i2sXeHo-3" value="MYSQL DB &lt;br&gt;MASTER 1" style="image;html=1;image=img/lib/clip_art/computers/Database_128x128.png;labelPosition=left;verticalLabelPosition=middle;align=right;verticalAlign=middle;" vertex="1" parent="1">
<mxCell id="L1DjvFK5Fi8B8i2sXeHo-3" value="MYSQL DB &lt;br&gt;MASTER 1" style="image;html=1;image=img/lib/clip_art/computers/Database_128x128.png;labelPosition=left;verticalLabelPosition=middle;align=right;verticalAlign=middle;" parent="1" vertex="1">
<mxGeometry x="435" y="2994" width="80" height="80" as="geometry" />
</mxCell>
<mxCell id="L1DjvFK5Fi8B8i2sXeHo-4" value="PHP application" style="verticalLabelPosition=middle;verticalAlign=middle;html=1;shape=mxgraph.basic.rect;fillColor2=none;strokeWidth=1;size=20;indent=5;labelPosition=center;align=center;fillColor=#0050ef;fontColor=#ffffff;strokeColor=#001DBC;" vertex="1" parent="1">
<mxCell id="L1DjvFK5Fi8B8i2sXeHo-4" value="PHP application" style="verticalLabelPosition=middle;verticalAlign=middle;html=1;shape=mxgraph.basic.rect;fillColor2=none;strokeWidth=1;size=20;indent=5;labelPosition=center;align=center;fillColor=#0050ef;fontColor=#ffffff;strokeColor=#001DBC;" parent="1" vertex="1">
<mxGeometry x="398" y="2950" width="154" height="28" as="geometry" />
</mxCell>
<mxCell id="L1DjvFK5Fi8B8i2sXeHo-5" value="NGINX" style="verticalLabelPosition=middle;verticalAlign=middle;html=1;shape=mxgraph.basic.rect;fillColor2=none;strokeWidth=1;size=20;indent=5;labelPosition=center;align=center;fillColor=#008a00;fontColor=#ffffff;strokeColor=#005700;" vertex="1" parent="1">
<mxCell id="L1DjvFK5Fi8B8i2sXeHo-5" value="NGINX" style="verticalLabelPosition=middle;verticalAlign=middle;html=1;shape=mxgraph.basic.rect;fillColor2=none;strokeWidth=1;size=20;indent=5;labelPosition=center;align=center;fillColor=#008a00;fontColor=#ffffff;strokeColor=#005700;" parent="1" vertex="1">
<mxGeometry x="398" y="2908" width="154" height="28" as="geometry" />
</mxCell>
<mxCell id="L1DjvFK5Fi8B8i2sXeHo-6" value="backend onion 1" style="verticalLabelPosition=middle;verticalAlign=middle;html=1;shape=mxgraph.basic.rect;fillColor2=none;strokeWidth=1;size=20;indent=5;labelPosition=center;align=center;fillColor=#6a00ff;fontColor=#ffffff;strokeColor=#3700CC;" vertex="1" parent="1">
<mxCell id="L1DjvFK5Fi8B8i2sXeHo-6" value="backend onion 1" style="verticalLabelPosition=middle;verticalAlign=middle;html=1;shape=mxgraph.basic.rect;fillColor2=none;strokeWidth=1;size=20;indent=5;labelPosition=center;align=center;fillColor=#6a00ff;fontColor=#ffffff;strokeColor=#3700CC;" parent="1" vertex="1">
<mxGeometry x="398" y="2864" width="154" height="28" as="geometry" />
</mxCell>
<mxCell id="L1DjvFK5Fi8B8i2sXeHo-7" value="MYSQL DB &lt;br&gt;MASTER 2" style="image;html=1;image=img/lib/clip_art/computers/Database_128x128.png;labelPosition=left;verticalLabelPosition=middle;align=right;verticalAlign=middle;" vertex="1" parent="1">
<mxCell id="L1DjvFK5Fi8B8i2sXeHo-7" value="MYSQL DB &lt;br&gt;MASTER 2" style="image;html=1;image=img/lib/clip_art/computers/Database_128x128.png;labelPosition=left;verticalLabelPosition=middle;align=right;verticalAlign=middle;" parent="1" vertex="1">
<mxGeometry x="820.5" y="2994" width="80" height="80" as="geometry" />
</mxCell>
<mxCell id="L1DjvFK5Fi8B8i2sXeHo-8" value="PHP application" style="verticalLabelPosition=middle;verticalAlign=middle;html=1;shape=mxgraph.basic.rect;fillColor2=none;strokeWidth=1;size=20;indent=5;labelPosition=center;align=center;fillColor=#0050ef;fontColor=#ffffff;strokeColor=#001DBC;" vertex="1" parent="1">
<mxCell id="L1DjvFK5Fi8B8i2sXeHo-8" value="PHP application" style="verticalLabelPosition=middle;verticalAlign=middle;html=1;shape=mxgraph.basic.rect;fillColor2=none;strokeWidth=1;size=20;indent=5;labelPosition=center;align=center;fillColor=#0050ef;fontColor=#ffffff;strokeColor=#001DBC;" parent="1" vertex="1">
<mxGeometry x="783.5" y="2950" width="154" height="28" as="geometry" />
</mxCell>
<mxCell id="L1DjvFK5Fi8B8i2sXeHo-9" value="NGINX" style="verticalLabelPosition=middle;verticalAlign=middle;html=1;shape=mxgraph.basic.rect;fillColor2=none;strokeWidth=1;size=20;indent=5;labelPosition=center;align=center;fillColor=#008a00;fontColor=#ffffff;strokeColor=#005700;" vertex="1" parent="1">
<mxCell id="L1DjvFK5Fi8B8i2sXeHo-9" value="NGINX" style="verticalLabelPosition=middle;verticalAlign=middle;html=1;shape=mxgraph.basic.rect;fillColor2=none;strokeWidth=1;size=20;indent=5;labelPosition=center;align=center;fillColor=#008a00;fontColor=#ffffff;strokeColor=#005700;" parent="1" vertex="1">
<mxGeometry x="783.5" y="2908" width="154" height="28" as="geometry" />
</mxCell>
<mxCell id="L1DjvFK5Fi8B8i2sXeHo-10" value="backend onion 2" style="verticalLabelPosition=middle;verticalAlign=middle;html=1;shape=mxgraph.basic.rect;fillColor2=none;strokeWidth=1;size=20;indent=5;labelPosition=center;align=center;fillColor=#6a00ff;fontColor=#ffffff;strokeColor=#3700CC;" vertex="1" parent="1">
<mxCell id="L1DjvFK5Fi8B8i2sXeHo-10" value="backend onion 2" style="verticalLabelPosition=middle;verticalAlign=middle;html=1;shape=mxgraph.basic.rect;fillColor2=none;strokeWidth=1;size=20;indent=5;labelPosition=center;align=center;fillColor=#6a00ff;fontColor=#ffffff;strokeColor=#3700CC;" parent="1" vertex="1">
<mxGeometry x="783.5" y="2864" width="154" height="28" as="geometry" />
</mxCell>
<mxCell id="L1DjvFK5Fi8B8i2sXeHo-15" value="mysql replication over .onion ?&lt;br&gt;(TRICKY PART)" style="verticalLabelPosition=middle;verticalAlign=middle;html=1;shape=mxgraph.basic.rect;fillColor2=none;strokeWidth=1;size=20;indent=5;labelPosition=center;align=center;fillColor=#6a00ff;fontColor=#ffffff;strokeColor=#3700CC;" vertex="1" parent="1">
<mxCell id="L1DjvFK5Fi8B8i2sXeHo-15" value="mysql replication over .onion ?&lt;br&gt;(TRICKY PART)" style="verticalLabelPosition=middle;verticalAlign=middle;html=1;shape=mxgraph.basic.rect;fillColor2=none;strokeWidth=1;size=20;indent=5;labelPosition=center;align=center;fillColor=#6a00ff;fontColor=#ffffff;strokeColor=#3700CC;" parent="1" vertex="1">
<mxGeometry x="551" y="3020" width="173" height="28" as="geometry" />
</mxCell>
<mxCell id="L1DjvFK5Fi8B8i2sXeHo-16" value="Master .onion" style="verticalLabelPosition=middle;verticalAlign=middle;html=1;shape=mxgraph.basic.rect;fillColor2=none;strokeWidth=1;size=20;indent=5;labelPosition=center;align=center;fillColor=#6a00ff;fontColor=#ffffff;strokeColor=#3700CC;" vertex="1" parent="1">
<mxCell id="L1DjvFK5Fi8B8i2sXeHo-16" value="Master .onion" style="verticalLabelPosition=middle;verticalAlign=middle;html=1;shape=mxgraph.basic.rect;fillColor2=none;strokeWidth=1;size=20;indent=5;labelPosition=center;align=center;fillColor=#6a00ff;fontColor=#ffffff;strokeColor=#3700CC;" parent="1" vertex="1">
<mxGeometry x="606" y="2751" width="103" height="28" as="geometry" />
</mxCell>
<mxCell id="L1DjvFK5Fi8B8i2sXeHo-18" value="Gobalance" style="verticalLabelPosition=middle;verticalAlign=middle;html=1;shape=mxgraph.basic.rect;fillColor2=none;strokeWidth=1;size=20;indent=5;labelPosition=center;align=center;fillColor=#6a00ff;fontColor=#ffffff;strokeColor=#3700CC;" vertex="1" parent="1">
<mxCell id="L1DjvFK5Fi8B8i2sXeHo-18" value="Gobalance" style="verticalLabelPosition=middle;verticalAlign=middle;html=1;shape=mxgraph.basic.rect;fillColor2=none;strokeWidth=1;size=20;indent=5;labelPosition=center;align=center;fillColor=#6a00ff;fontColor=#ffffff;strokeColor=#3700CC;" parent="1" vertex="1">
<mxGeometry x="606" y="2790" width="103" height="28" as="geometry" />
</mxCell>
<mxCell id="L1DjvFK5Fi8B8i2sXeHo-19" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0.494;entryY=0;entryDx=0;entryDy=0;entryPerimeter=0;" edge="1" parent="1" source="L1DjvFK5Fi8B8i2sXeHo-18" target="L1DjvFK5Fi8B8i2sXeHo-10">
<mxCell id="L1DjvFK5Fi8B8i2sXeHo-19" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0.494;entryY=0;entryDx=0;entryDy=0;entryPerimeter=0;" parent="1" source="L1DjvFK5Fi8B8i2sXeHo-18" target="L1DjvFK5Fi8B8i2sXeHo-10" edge="1">
<mxGeometry relative="1" as="geometry" />
</mxCell>
<mxCell id="L1DjvFK5Fi8B8i2sXeHo-20" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0.463;entryY=-0.025;entryDx=0;entryDy=0;entryPerimeter=0;" edge="1" parent="1" source="L1DjvFK5Fi8B8i2sXeHo-18" target="L1DjvFK5Fi8B8i2sXeHo-6">
<mxCell id="L1DjvFK5Fi8B8i2sXeHo-20" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0.463;entryY=-0.025;entryDx=0;entryDy=0;entryPerimeter=0;" parent="1" source="L1DjvFK5Fi8B8i2sXeHo-18" target="L1DjvFK5Fi8B8i2sXeHo-6" edge="1">
<mxGeometry relative="1" as="geometry" />
</mxCell>
<mxCell id="L1DjvFK5Fi8B8i2sXeHo-21" value="Master .onion" style="verticalLabelPosition=middle;verticalAlign=middle;html=1;shape=mxgraph.basic.rect;fillColor2=none;strokeWidth=1;size=20;indent=5;labelPosition=center;align=center;fillColor=#6a00ff;fontColor=#ffffff;strokeColor=#3700CC;" vertex="1" parent="1">
<mxCell id="L1DjvFK5Fi8B8i2sXeHo-21" value="Master .onion" style="verticalLabelPosition=middle;verticalAlign=middle;html=1;shape=mxgraph.basic.rect;fillColor2=none;strokeWidth=1;size=20;indent=5;labelPosition=center;align=center;fillColor=#6a00ff;fontColor=#ffffff;strokeColor=#3700CC;" parent="1" vertex="1">
<mxGeometry x="-53" y="2806" width="103" height="28" as="geometry" />
</mxCell>
<mxCell id="L1DjvFK5Fi8B8i2sXeHo-22" value="Gobalance" style="verticalLabelPosition=middle;verticalAlign=middle;html=1;shape=mxgraph.basic.rect;fillColor2=none;strokeWidth=1;size=20;indent=5;labelPosition=center;align=center;fillColor=#6a00ff;fontColor=#ffffff;strokeColor=#3700CC;" vertex="1" parent="1">
<mxCell id="L1DjvFK5Fi8B8i2sXeHo-22" value="Gobalance" style="verticalLabelPosition=middle;verticalAlign=middle;html=1;shape=mxgraph.basic.rect;fillColor2=none;strokeWidth=1;size=20;indent=5;labelPosition=center;align=center;fillColor=#6a00ff;fontColor=#ffffff;strokeColor=#3700CC;" parent="1" vertex="1">
<mxGeometry x="-171" y="2806" width="103" height="28" as="geometry" />
</mxCell>
<mxCell id="L1DjvFK5Fi8B8i2sXeHo-23" value="backend onion 1" style="verticalLabelPosition=middle;verticalAlign=middle;html=1;shape=mxgraph.basic.rect;fillColor2=none;strokeWidth=1;size=20;indent=5;labelPosition=center;align=center;fillColor=#6a00ff;fontColor=#ffffff;strokeColor=#3700CC;" vertex="1" parent="1">
<mxCell id="L1DjvFK5Fi8B8i2sXeHo-23" value="backend onion 1" style="verticalLabelPosition=middle;verticalAlign=middle;html=1;shape=mxgraph.basic.rect;fillColor2=none;strokeWidth=1;size=20;indent=5;labelPosition=center;align=center;fillColor=#6a00ff;fontColor=#ffffff;strokeColor=#3700CC;" parent="1" vertex="1">
<mxGeometry x="-436" y="2806" width="154" height="28" as="geometry" />
</mxCell>
<mxCell id="L1DjvFK5Fi8B8i2sXeHo-24" value="backend onion 2" style="verticalLabelPosition=middle;verticalAlign=middle;html=1;shape=mxgraph.basic.rect;fillColor2=none;strokeWidth=1;size=20;indent=5;labelPosition=center;align=center;fillColor=#6a00ff;fontColor=#ffffff;strokeColor=#3700CC;" vertex="1" parent="1">
<mxCell id="L1DjvFK5Fi8B8i2sXeHo-24" value="backend onion 2" style="verticalLabelPosition=middle;verticalAlign=middle;html=1;shape=mxgraph.basic.rect;fillColor2=none;strokeWidth=1;size=20;indent=5;labelPosition=center;align=center;fillColor=#6a00ff;fontColor=#ffffff;strokeColor=#3700CC;" parent="1" vertex="1">
<mxGeometry x="-436" y="2864" width="154" height="28" as="geometry" />
</mxCell>
<mxCell id="L1DjvFK5Fi8B8i2sXeHo-25" value="backend onion 3" style="verticalLabelPosition=middle;verticalAlign=middle;html=1;shape=mxgraph.basic.rect;fillColor2=none;strokeWidth=1;size=20;indent=5;labelPosition=center;align=center;fillColor=#6a00ff;fontColor=#ffffff;strokeColor=#3700CC;" vertex="1" parent="1">
<mxCell id="L1DjvFK5Fi8B8i2sXeHo-25" value="backend onion 3" style="verticalLabelPosition=middle;verticalAlign=middle;html=1;shape=mxgraph.basic.rect;fillColor2=none;strokeWidth=1;size=20;indent=5;labelPosition=center;align=center;fillColor=#6a00ff;fontColor=#ffffff;strokeColor=#3700CC;" parent="1" vertex="1">
<mxGeometry x="-436" y="2924" width="154" height="28" as="geometry" />
</mxCell>
<mxCell id="L1DjvFK5Fi8B8i2sXeHo-26" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=1.017;entryY=0.51;entryDx=0;entryDy=0;entryPerimeter=0;" edge="1" parent="1" source="L1DjvFK5Fi8B8i2sXeHo-22" target="L1DjvFK5Fi8B8i2sXeHo-23">
<mxCell id="L1DjvFK5Fi8B8i2sXeHo-26" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=1.017;entryY=0.51;entryDx=0;entryDy=0;entryPerimeter=0;" parent="1" source="L1DjvFK5Fi8B8i2sXeHo-22" target="L1DjvFK5Fi8B8i2sXeHo-23" edge="1">
<mxGeometry relative="1" as="geometry" />
</mxCell>
<mxCell id="L1DjvFK5Fi8B8i2sXeHo-27" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=1.004;entryY=0.483;entryDx=0;entryDy=0;entryPerimeter=0;" edge="1" parent="1" source="L1DjvFK5Fi8B8i2sXeHo-22" target="L1DjvFK5Fi8B8i2sXeHo-24">
<mxCell id="L1DjvFK5Fi8B8i2sXeHo-27" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=1.004;entryY=0.483;entryDx=0;entryDy=0;entryPerimeter=0;" parent="1" source="L1DjvFK5Fi8B8i2sXeHo-22" target="L1DjvFK5Fi8B8i2sXeHo-24" edge="1">
<mxGeometry relative="1" as="geometry" />
</mxCell>
<mxCell id="L1DjvFK5Fi8B8i2sXeHo-28" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=1.004;entryY=0.53;entryDx=0;entryDy=0;entryPerimeter=0;" edge="1" parent="1" source="L1DjvFK5Fi8B8i2sXeHo-22" target="L1DjvFK5Fi8B8i2sXeHo-25">
<mxCell id="L1DjvFK5Fi8B8i2sXeHo-28" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=1.004;entryY=0.53;entryDx=0;entryDy=0;entryPerimeter=0;" parent="1" source="L1DjvFK5Fi8B8i2sXeHo-22" target="L1DjvFK5Fi8B8i2sXeHo-25" edge="1">
<mxGeometry relative="1" as="geometry" />
</mxCell>
<mxCell id="L1DjvFK5Fi8B8i2sXeHo-29" value="location A&lt;br&gt;(in jurisdiction A)" style="verticalLabelPosition=middle;verticalAlign=middle;html=1;shape=mxgraph.basic.rect;fillColor2=none;strokeWidth=1;size=20;indent=5;labelPosition=center;align=center;fillColor=#fa6800;fontColor=#000000;strokeColor=#C73500;" vertex="1" parent="1">
<mxCell id="L1DjvFK5Fi8B8i2sXeHo-29" value="location A&lt;br&gt;(in jurisdiction A)" style="verticalLabelPosition=middle;verticalAlign=middle;html=1;shape=mxgraph.basic.rect;fillColor2=none;strokeWidth=1;size=20;indent=5;labelPosition=center;align=center;fillColor=#fa6800;fontColor=#000000;strokeColor=#C73500;" parent="1" vertex="1">
<mxGeometry x="-637" y="2806" width="154" height="28" as="geometry" />
</mxCell>
<mxCell id="L1DjvFK5Fi8B8i2sXeHo-30" value="location B&lt;br&gt;(does not cooperate with&lt;br&gt;jurisdiction A)" style="verticalLabelPosition=middle;verticalAlign=middle;html=1;shape=mxgraph.basic.rect;fillColor2=none;strokeWidth=1;size=20;indent=5;labelPosition=center;align=center;fillColor=#fa6800;fontColor=#000000;strokeColor=#C73500;" vertex="1" parent="1">
<mxCell id="L1DjvFK5Fi8B8i2sXeHo-30" value="location B&lt;br&gt;(does not cooperate with&lt;br&gt;jurisdiction A)" style="verticalLabelPosition=middle;verticalAlign=middle;html=1;shape=mxgraph.basic.rect;fillColor2=none;strokeWidth=1;size=20;indent=5;labelPosition=center;align=center;fillColor=#fa6800;fontColor=#000000;strokeColor=#C73500;" parent="1" vertex="1">
<mxGeometry x="-637" y="2850" width="154" height="52" as="geometry" />
</mxCell>
<mxCell id="L1DjvFK5Fi8B8i2sXeHo-31" value="location C&lt;br&gt;(does not cooperate with&lt;br&gt;jurisdiction B nor A)" style="verticalLabelPosition=middle;verticalAlign=middle;html=1;shape=mxgraph.basic.rect;fillColor2=none;strokeWidth=1;size=20;indent=5;labelPosition=center;align=center;fillColor=#fa6800;fontColor=#000000;strokeColor=#C73500;" vertex="1" parent="1">
<mxCell id="L1DjvFK5Fi8B8i2sXeHo-31" value="location C&lt;br&gt;(does not cooperate with&lt;br&gt;jurisdiction B nor A)" style="verticalLabelPosition=middle;verticalAlign=middle;html=1;shape=mxgraph.basic.rect;fillColor2=none;strokeWidth=1;size=20;indent=5;labelPosition=center;align=center;fillColor=#fa6800;fontColor=#000000;strokeColor=#C73500;" parent="1" vertex="1">
<mxGeometry x="-637" y="2911" width="154" height="50" as="geometry" />
</mxCell>
<mxCell id="L1DjvFK5Fi8B8i2sXeHo-33" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=1.016;entryY=0.5;entryDx=0;entryDy=0;entryPerimeter=0;" edge="1" parent="1" source="L1DjvFK5Fi8B8i2sXeHo-23" target="L1DjvFK5Fi8B8i2sXeHo-29">
<mxCell id="L1DjvFK5Fi8B8i2sXeHo-33" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=1.016;entryY=0.5;entryDx=0;entryDy=0;entryPerimeter=0;" parent="1" source="L1DjvFK5Fi8B8i2sXeHo-23" target="L1DjvFK5Fi8B8i2sXeHo-29" edge="1">
<mxGeometry relative="1" as="geometry" />
</mxCell>
<mxCell id="L1DjvFK5Fi8B8i2sXeHo-34" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=1.016;entryY=0.532;entryDx=0;entryDy=0;entryPerimeter=0;" edge="1" parent="1" source="L1DjvFK5Fi8B8i2sXeHo-24" target="L1DjvFK5Fi8B8i2sXeHo-30">
<mxCell id="L1DjvFK5Fi8B8i2sXeHo-34" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=1.016;entryY=0.532;entryDx=0;entryDy=0;entryPerimeter=0;" parent="1" source="L1DjvFK5Fi8B8i2sXeHo-24" target="L1DjvFK5Fi8B8i2sXeHo-30" edge="1">
<mxGeometry relative="1" as="geometry" />
</mxCell>
<mxCell id="L1DjvFK5Fi8B8i2sXeHo-35" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=1.016;entryY=0.53;entryDx=0;entryDy=0;entryPerimeter=0;" edge="1" parent="1" source="L1DjvFK5Fi8B8i2sXeHo-25" target="L1DjvFK5Fi8B8i2sXeHo-31">
<mxCell id="L1DjvFK5Fi8B8i2sXeHo-35" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=1.016;entryY=0.53;entryDx=0;entryDy=0;entryPerimeter=0;" parent="1" source="L1DjvFK5Fi8B8i2sXeHo-25" target="L1DjvFK5Fi8B8i2sXeHo-31" edge="1">
<mxGeometry relative="1" as="geometry" />
</mxCell>
<mxCell id="L1DjvFK5Fi8B8i2sXeHo-36" value="Sensitive server 3&lt;br&gt;(remote or selfhosted)" style="image;html=1;image=img/lib/clip_art/computers/Server_Rack_128x128.png" vertex="1" parent="1">
<mxCell id="L1DjvFK5Fi8B8i2sXeHo-36" value="Sensitive server 3&lt;br&gt;(remote or selfhosted)" style="image;html=1;image=img/lib/clip_art/computers/Server_Rack_128x128.png" parent="1" vertex="1">
<mxGeometry x="1207" y="3087" width="80" height="80" as="geometry" />
</mxCell>
<mxCell id="L1DjvFK5Fi8B8i2sXeHo-39" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" edge="1" parent="1" source="L1DjvFK5Fi8B8i2sXeHo-37" target="L1DjvFK5Fi8B8i2sXeHo-2">
<mxCell id="L1DjvFK5Fi8B8i2sXeHo-39" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" parent="1" source="L1DjvFK5Fi8B8i2sXeHo-37" target="L1DjvFK5Fi8B8i2sXeHo-2" edge="1">
<mxGeometry relative="1" as="geometry" />
</mxCell>
<mxCell id="L1DjvFK5Fi8B8i2sXeHo-37" value="rsync backups over tor" style="verticalLabelPosition=middle;verticalAlign=middle;html=1;shape=mxgraph.basic.rect;fillColor2=none;strokeWidth=1;size=20;indent=5;labelPosition=center;align=center;fillColor=#6a00ff;fontColor=#ffffff;strokeColor=#3700CC;" vertex="1" parent="1">
<mxCell id="L1DjvFK5Fi8B8i2sXeHo-37" value="rsync backups over tor" style="verticalLabelPosition=middle;verticalAlign=middle;html=1;shape=mxgraph.basic.rect;fillColor2=none;strokeWidth=1;size=20;indent=5;labelPosition=center;align=center;fillColor=#6a00ff;fontColor=#ffffff;strokeColor=#3700CC;" parent="1" vertex="1">
<mxGeometry x="590.5" y="3113" width="154" height="28" as="geometry" />
</mxCell>
<mxCell id="L1DjvFK5Fi8B8i2sXeHo-43" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" edge="1" parent="1" source="L1DjvFK5Fi8B8i2sXeHo-41" target="L1DjvFK5Fi8B8i2sXeHo-36">
<mxCell id="L1DjvFK5Fi8B8i2sXeHo-43" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" parent="1" source="L1DjvFK5Fi8B8i2sXeHo-41" target="L1DjvFK5Fi8B8i2sXeHo-36" edge="1">
<mxGeometry relative="1" as="geometry" />
</mxCell>
<mxCell id="L1DjvFK5Fi8B8i2sXeHo-41" value="rsync backups over tor" style="verticalLabelPosition=middle;verticalAlign=middle;html=1;shape=mxgraph.basic.rect;fillColor2=none;strokeWidth=1;size=20;indent=5;labelPosition=center;align=center;fillColor=#6a00ff;fontColor=#ffffff;strokeColor=#3700CC;" vertex="1" parent="1">
<mxCell id="L1DjvFK5Fi8B8i2sXeHo-41" value="rsync backups over tor" style="verticalLabelPosition=middle;verticalAlign=middle;html=1;shape=mxgraph.basic.rect;fillColor2=none;strokeWidth=1;size=20;indent=5;labelPosition=center;align=center;fillColor=#6a00ff;fontColor=#ffffff;strokeColor=#3700CC;" parent="1" vertex="1">
<mxGeometry x="977" y="3113" width="154" height="28" as="geometry" />
</mxCell>
<mxCell id="L1DjvFK5Fi8B8i2sXeHo-42" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0.001;entryY=0.531;entryDx=0;entryDy=0;entryPerimeter=0;" edge="1" parent="1" source="L1DjvFK5Fi8B8i2sXeHo-2" target="L1DjvFK5Fi8B8i2sXeHo-41">
<mxCell id="L1DjvFK5Fi8B8i2sXeHo-42" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0.001;entryY=0.531;entryDx=0;entryDy=0;entryPerimeter=0;" parent="1" source="L1DjvFK5Fi8B8i2sXeHo-2" target="L1DjvFK5Fi8B8i2sXeHo-41" edge="1">
<mxGeometry relative="1" as="geometry" />
</mxCell>
</root>

8
graphs/sensitivevms.drawio
View file

@ -1,6 +1,6 @@
<mxfile host="Electron" agent="Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) draw.io/25.0.2 Chrome/128.0.6613.186 Electron/32.2.5 Safari/537.36" version="25.0.2">
<mxfile host="Electron" agent="Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) draw.io/26.0.9 Chrome/128.0.6613.186 Electron/32.2.5 Safari/537.36" version="26.0.9">
<diagram name="Page-1" id="2ba70t6hbZqJ66wm7CcH">
<mxGraphModel dx="11669" dy="6969" grid="0" gridSize="10" guides="1" tooltips="1" connect="1" arrows="1" fold="1" page="0" pageScale="1" pageWidth="850" pageHeight="1100" math="0" shadow="0">
<mxGraphModel dx="2234" dy="2037" grid="0" gridSize="10" guides="1" tooltips="1" connect="1" arrows="1" fold="1" page="0" pageScale="1" pageWidth="850" pageHeight="1100" math="0" shadow="0">
<root>
<mxCell id="0" />
<mxCell id="1" parent="0" />
@ -460,7 +460,7 @@
<mxCell id="hzmDhe05OMtC0nZ9Vmrp-91" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0.502;entryY=1.022;entryDx=0;entryDy=0;entryPerimeter=0;" parent="1" source="hzmDhe05OMtC0nZ9Vmrp-67" target="hzmDhe05OMtC0nZ9Vmrp-90" edge="1">
<mxGeometry relative="1" as="geometry" />
</mxCell>
<mxCell id="hzmDhe05OMtC0nZ9Vmrp-92" value="Can contain Veracrypt &lt;br&gt;Hidden Volumes &lt;b&gt;&lt;u&gt;at rest only&lt;/u&gt;&lt;/b&gt;,&lt;br&gt;they cannot opened&lt;br&gt;due to potential log-based&lt;br&gt;forensic evidence&amp;nbsp;" style="verticalLabelPosition=middle;verticalAlign=middle;html=1;shape=mxgraph.basic.rect;fillColor2=none;strokeWidth=1;size=20;indent=5;labelPosition=center;align=center;fillColor=#a20025;fontColor=#ffffff;strokeColor=#6F0000;" parent="1" vertex="1">
<mxCell id="hzmDhe05OMtC0nZ9Vmrp-92" value="Can contain zuluCrypt&lt;br&gt;Hidden Volumes &lt;b&gt;&lt;u&gt;at rest only&lt;/u&gt;&lt;/b&gt;,&lt;br&gt;they cannot opened&lt;br&gt;due to potential log-based&lt;br&gt;forensic evidence&amp;nbsp;" style="verticalLabelPosition=middle;verticalAlign=middle;html=1;shape=mxgraph.basic.rect;fillColor2=none;strokeWidth=1;size=20;indent=5;labelPosition=center;align=center;fillColor=#a20025;fontColor=#ffffff;strokeColor=#6F0000;" parent="1" vertex="1">
<mxGeometry x="536" y="-339" width="164" height="78" as="geometry" />
</mxCell>
<mxCell id="hzmDhe05OMtC0nZ9Vmrp-93" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0.496;entryY=1.022;entryDx=0;entryDy=0;entryPerimeter=0;" parent="1" source="hzmDhe05OMtC0nZ9Vmrp-74" target="hzmDhe05OMtC0nZ9Vmrp-92" edge="1">
@ -472,7 +472,7 @@
<mxCell id="hzmDhe05OMtC0nZ9Vmrp-95" value="RAM Contents&lt;br&gt;(also potential &lt;br&gt;forensic evidence,&lt;br&gt;&lt;b&gt;but can be erased upon&lt;br&gt;shutting down the OS)&lt;/b&gt;" style="verticalLabelPosition=middle;verticalAlign=middle;html=1;shape=mxgraph.basic.rect;fillColor2=none;strokeWidth=1;size=20;indent=5;labelPosition=center;align=center;fillColor=#fa6800;fontColor=#000000;strokeColor=#C73500;" parent="1" vertex="1">
<mxGeometry x="1012" y="-342.5" width="139" height="78" as="geometry" />
</mxCell>
<mxCell id="hzmDhe05OMtC0nZ9Vmrp-96" value="Can contain Veracrypt &lt;br&gt;Hidden Volumes,&lt;br&gt;and can be opened&amp;nbsp;&lt;br&gt;(since all potential forensic&lt;br&gt;evidence ends up in RAM only)" style="verticalLabelPosition=middle;verticalAlign=middle;html=1;shape=mxgraph.basic.rect;fillColor2=none;strokeWidth=1;size=20;indent=5;labelPosition=center;align=center;fillColor=#008a00;fontColor=#ffffff;strokeColor=#005700;" parent="1" vertex="1">
<mxCell id="hzmDhe05OMtC0nZ9Vmrp-96" value="Can contain zuluCrypt&lt;br&gt;Hidden Volumes,&lt;br&gt;and can be opened&amp;nbsp;&lt;br&gt;(since all potential forensic&lt;br&gt;evidence ends up in RAM only)" style="verticalLabelPosition=middle;verticalAlign=middle;html=1;shape=mxgraph.basic.rect;fillColor2=none;strokeWidth=1;size=20;indent=5;labelPosition=center;align=center;fillColor=#008a00;fontColor=#ffffff;strokeColor=#005700;" parent="1" vertex="1">
<mxGeometry x="1161" y="-341.25" width="172" height="78" as="geometry" />
</mxCell>
<mxCell id="hzmDhe05OMtC0nZ9Vmrp-97" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0.522;entryY=1.021;entryDx=0;entryDy=0;entryPerimeter=0;" parent="1" source="hzmDhe05OMtC0nZ9Vmrp-86" target="hzmDhe05OMtC0nZ9Vmrp-96" edge="1">

BIN
opsec/deniability/5.png
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 36 KiB

After

Width:  |  Height:  |  Size: 36 KiB

Before After
Before After

BIN
opsec/livemode/3.png
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 78 KiB

After

Width:  |  Height:  |  Size: 59 KiB

Before After
Before After

BIN
opsec/livemode/4.png
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 102 KiB

After

Width:  |  Height:  |  Size: 61 KiB

Before After
Before After

BIN
opsec/veracrypt/0.png
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 35 KiB

After

Width:  |  Height:  |  Size: 4.4 KiB

Before After
Before After

BIN
opsec/veracrypt/1.png
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 104 KiB

After

Width:  |  Height:  |  Size: 136 KiB

Before After
Before After

BIN
opsec/veracrypt/10.png
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 184 KiB

After

Width:  |  Height:  |  Size: 11 KiB

Before After
Before After

BIN
opsec/veracrypt/11.png
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 138 KiB

After

Width:  |  Height:  |  Size: 49 KiB

Before After
Before After

BIN
opsec/veracrypt/12.png
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 158 KiB

After

Width:  |  Height:  |  Size: 14 KiB

Before After
Before After

BIN
opsec/veracrypt/13.png
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 172 KiB

After

Width:  |  Height:  |  Size: 40 KiB

Before After
Before After

BIN
opsec/veracrypt/14.png
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 170 KiB

After

Width:  |  Height:  |  Size: 43 KiB

Before After
Before After

BIN
opsec/veracrypt/15.png
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 151 KiB

After

Width:  |  Height:  |  Size: 28 KiB

Before After
Before After

BIN
opsec/veracrypt/16.png
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 158 KiB

After

Width:  |  Height:  |  Size: 32 KiB

Before After
Before After

BIN
opsec/veracrypt/17.png
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 13 KiB

After

Width:  |  Height:  |  Size: 13 KiB

Before After
Before After

BIN
opsec/veracrypt/18.png
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 134 KiB

After

Width:  |  Height:  |  Size: 42 KiB

Before After
Before After

BIN
opsec/veracrypt/19.png
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 40 KiB

After

Width:  |  Height:  |  Size: 23 KiB

Before After
Before After

BIN
opsec/veracrypt/2.png
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 186 KiB

After

Width:  |  Height:  |  Size: 26 KiB

Before After
Before After

BIN
opsec/veracrypt/20.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 24 KiB

BIN
opsec/veracrypt/21.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 40 KiB

BIN
opsec/veracrypt/22.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 9.4 KiB

BIN
opsec/veracrypt/3.png
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 160 KiB

After

Width:  |  Height:  |  Size: 13 KiB

Before After
Before After

BIN
opsec/veracrypt/4.png
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 181 KiB

After

Width:  |  Height:  |  Size: 11 KiB

Before After
Before After

BIN
opsec/veracrypt/5.png
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 158 KiB

After

Width:  |  Height:  |  Size: 27 KiB

Before After
Before After

BIN
opsec/veracrypt/6.png
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 149 KiB

After

Width:  |  Height:  |  Size: 23 KiB

Before After
Before After

BIN
opsec/veracrypt/7.png
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 157 KiB

After

Width:  |  Height:  |  Size: 13 KiB

Before After
Before After

BIN
opsec/veracrypt/8.png
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 151 KiB

After

Width:  |  Height:  |  Size: 6.6 KiB

Before After
Before After

BIN
opsec/veracrypt/9.png
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 157 KiB

After

Width:  |  Height:  |  Size: 44 KiB

Before After
Before After

191
opsec/veracrypt/index.html
View file

@ -63,8 +63,15 @@
<a href="../index.html">Previous Page</a></br></br><p><img src="../../assets/img/user.png" width="50px" height="50px"> <ba>nihilist@mainpc - 2024-01-31</ba></p>
<h1>The main source of Plausible Deniability: Deniable Encryption </h1>
<img src="0.png" style="width:250px">
<p>VeraCrypt is a free open source disk encryption software for Windows, Mac OSX and Linux. It is based on Truecrypt, This tool will be used for Plausible Deniability. </p>
<p>But why is Plausible Deniability important first of all ? From a legal perspective, depending on jurisdictions, you may be forced to type your password into an encrypted drive if requested. All it takes is for an adversary to be able to prove the existence of an encrypted drive to be able to force you to reveal the password to unlock it. Hence for example the regular LUKS encryption is not enough, <b>because you need to be able to deny the existence of the encrypted volume</b>. If that is the case, we have to use Veracrypt, which is an encryption tool used to provide protection (which is Plausible Deniability) against that scenario where you're forced to provide a password.</p>
<p><a href="https://mhogomchungu.github.io/zuluCrypt/">zuluCrypt</a> is a free and open-source tool for encrypting files and volumes in a secure way. We already used it for <a href="../anonzulucrypt/index.html">hiding data in video files</a> using steganography.<br>
Today, we'll use it as a replacement for VeraCrypt - a free open source disk encryption software for Windows, Mac OSX and Linux. Being based on TrueCrypt, VeraCrypt offers a unique feature called <b>Hidden Volumes</b> which can give us <b>Plausible Deniability</b>.
zuluCrypt supports both TrueCrypt and VeraCrypt volumes while being better integrated in Linux ecosystem. It also comes preinstalled with <a href="https://www.kicksecure.com/">kicksecure OS</a>.
</p>
<p>But why is Plausible Deniability important first of all?<br>
From a legal perspective, depending on jurisdictions, you may be forced to type your password into an encrypted drive if requested. All it takes is for an adversary to be able to prove the existence of an encrypted drive to be able to force you to reveal the password to unlock it. Hence for example the regular LUKS encryption is not enough, <b>because you need to be able to deny the existence of the encrypted volume</b>. If that is the case, we have to use zuluCrypt, which is an encryption tool used to provide protection (which is Plausible Deniability) against that scenario where you're forced to provide a password.</p>
<img src="../deniability/5.png" class="imgRz">
<b>DISCLAIMER: we're using only harddrives (HDDs) here, because using SSDs are not a secure way to have Plausible Deniability, that is due to hidden Volumes being detectable on devices that utilize wear-leveling</b>
@ -79,10 +86,10 @@ regarding wear leveling:
<ol>
<li><p>Hardware : (Personal Computer / Laptop)</p></li>
<li><p>System Harddrive: not LUKS encrypted <a href="https://www.kicksecure.com/wiki/Ram-wipe">[1]</a></p></li>
<li><p>Non-System Harddrive: 500Gb (used to contain our Veracrypt encrypted volumes)</p></li>
<li><p>Non-System Harddrive: 500Gb (used to contain our zuluCrypt encrypted volumes)</p></li>
<li><p>Host OS: <a href="../linux/index.html">Linux</a> </p></li>
<li><p>Hypervisor: <a href="../hypervisorsetup/index.html">QEMU/KVM</a></p></li>
<li><p>Packages: <a href="../linux/livemode.html">grub-live and ram-wipe</a></p></li>
<li><p>Packages: <a href="../livemode/index.html">grub-live and ram-wipe</a></p></li>
</ol>
@ -98,117 +105,46 @@ regarding wear leveling:
<div class="col-lg-8 col-lg-offset-2">
<h2><b>Deniability Context </b></h2>
<p>⚠️ <u>Deniability Disclaimer:</u> <b>If the adversary cannot be told that you are using veracrypt, do not install Veracrypt on the host OS outside of live mode, but rather install it manually each time you boot into live mode</b> That way everytime you reboot, there is no veracrypt program to be found at all. ⚠️</p>
<p>Let's install the .deb package for veracrypt (you can install it safely from non-live mode), so that the software is available whenever you want to use it while the host OS is in live mode: </p>
<img src="1.png" class="imgRz">
<pre><code class="nim">
[ mainpc ] [ /dev/pts/1 ] [~/Downloads]
→ wget https://launchpad.net/veracrypt/trunk/1.26.7/+download/veracrypt-1.26.7-Debian-12-amd64.deb -O vc.deb
<p>⚠️ <u>Deniability Disclaimer:</u> <b>If the adversary cannot be told that you are using zuluCrypt, do not install zuluCrypt on the host OS outside of live mode, but rather install it manually each time you boot into live mode</b> That way everytime you reboot, there is no zuluCrypt program to be found at all. ⚠️</p>
</code></pre>
<p>If you are using a VPS to help speed up the initial setup everytime you boot into live mode like we have <a href="../livemode/index.html">showcased previously</a>, you can also use it to store the veracrypt .deb file for you, to make it easier to retrieve each time:</p>
<pre><code class="nim">
[ mainpc ] [ /dev/pts/4 ] [/tmp]
→ ssh root@65.109.30.253
root@65.109.30.253's password:
Linux Datura 6.1.0-18-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.76-1 (2024-02-01) x86_64
<p>Let's install zuluCrypt (you can install it safely from non-live mode), so that the software is available whenever you want to use it while the host OS is in live mode:<br>
<pre><code class="nim">oxeo@milkyway:~$ sudo apt install zulucrypt-gui zulucrypt-cli
</code></pre></p>
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
<p>Open the GUI to see if it got installed correctly:<br>
<img src="1.png" class="imgRz"></p>
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Web console: https://localhost.localdomain:9090/ or https://65.109.30.253:9090/
You have mail.
Last login: Sat Nov 30 14:42:15 2024 from 91.90.40.175
[ Datura ] [ /dev/pts/0 ] [~]
→ cd sensitive_scripts
[ Datura ] [ /dev/pts/0 ] [~/sensitive_scripts]
→ wget https://launchpad.net/veracrypt/trunk/1.26.7/+download/veracrypt-1.26.7-Debian-12-amd64.deb -O vc.deb
2024-11-30 16:43:58 (20.1 MB/s) - vc.deb saved [9211094/9211094]
[ Datura ] [ /dev/pts/0 ] [~/sensitive_scripts]
→ exit
Connection to 65.109.30.253 closed.
</pre></code>
<p>That way, everytime you boot into live mode, all you need is to download the vc.deb file from the VPS:</p>
<pre><code class="nim">
[ mainpc ] [ /dev/pts/4 ] [/tmp]
→ scp root@65.109.30.253:/root/sensitive_scripts/vc.deb .
root@65.109.30.253's password:
vc.deb 100% 8995KB 1.9MB/s 00:04
[ mainpc ] [ /dev/pts/4 ] [/tmp]
→ file vc.deb
vc.deb: Debian binary package (format 2.0), with control.tar.gz, data compression gz
</pre></code>
<p>And then to install it you can do it like so:</p>
<pre><code class="nim">
[ mainpc ] [ /dev/pts/1 ] [~/Downloads]
→ sudo dpkg -i vc.deb
[ mainpc ] [ /dev/pts/1 ] [~/Downloads]
→ sudo apt install -f
[ mainpc ] [ /dev/pts/1 ] [~/Downloads]
→ sudo dpkg -i vc.deb
[ mainpc ] [ /dev/pts/1 ] [~/Downloads]
→ which veracrypt
/usr/bin/veracrypt
[ mainpc ] [ /dev/pts/1 ] [~/Downloads]
→ veracrypt
</pre></code>
<p>So now that you have veracrypt installed, before you start to use it, you need to be aware of the lack of deniability you have when using the Host OS in regular mode:</p>
<p>So now you have zuluCrypt on your system. Before you start to use it, you need to be aware of the lack of deniability you have when using the Host OS in regular mode:</p>
<img src="../livemode/3.png" class="imgRz">
<p>By default, your host OS directly writes into the system drive all sorts of potential forensic evidence that an adversary may use against you, such as system logs, kernel logs, non-standard logs, etc, and unless if you remove each of those manually, you're never sure of wether or not the Host OS saved proof of the existence of the hidden volume onto the system drive. <b>That's why you need to use the Host OS in <a href="../livemode/index.html">live mode</a>, to be able to use veracrypt</b>, and <b>to install it aswell if you cannot tell the adversary that you are using veracrypt.</b></p>
<p>By default, your host OS directly writes into the system drive all sorts of potential forensic evidence that an adversary may use against you, such as system logs, kernel logs, non-standard logs, etc, and unless if you remove each of those manually, you're never sure of wether or not the Host OS saved proof of the existence of the hidden volume onto the system drive. <b>That's why you need to use the Host OS in <a href="../livemode/index.html">live mode</a>, to be able to use zuluCrypt</b>, and <b>to install it aswell if you cannot tell the adversary that you are using zuluCrypt.</b></p>
<img src="../livemode/4.png" class="imgRz">
<p>That way, as you're loading the entire host OS in the RAM due to being in live mode, you are not writing anything on the system drive anymore, <b>but rather only writing all that potential forensic evidence of the veracrypt hidden volume <u>in RAM alone</u>, which can be easily erased with a simple shutdown</b>.</p>
<p>So now that we have installed veracrypt, let's reboot the Host OS into live mode:</p>
<p>That way, as you're loading the entire host OS in the RAM due to being in live mode, you are not writing anything on the system drive anymore, <b>but rather only writing all that potential forensic evidence of the zuluCrypt hidden volume <u>in RAM alone</u>, which can be easily erased with a simple shutdown</b>.</p>
<p>So now that we have installed zuluCrypt, let's reboot the Host OS into live mode:</p>
<img src="../deniability/7.png" class="imgRz">
<p><b>And only now once we are in live mode, we can use veracrypt to create hidden encrypted volumes and unlock them.</b> But be aware that everything you write into the system drive will be wiped upon shutting down, <b>if you want to store something persistent accross reboots from live mode, you need to save it in a non-system drive.</b></p>
<p> So now from there we can create the encrypted volumes (either as files or as entire drives). In this example we'll create an encrypted file: </p>
<img src="2.png" class="imgRz">
<p>Here we select that we want a Hidden veracrypt volume as well (which will be able to deny it's existence).</p>
<img src="3.png" class="imgRz">
<p>Then we want it to be a simple file in my home directory for testing purposes (so be aware that <u>upon rebooting it will be erased due to being in the system drive</u>). If you want it to not be erased upon rebooting, you'll need to put it in a non-system drive like in <a href="../sensitivevm/index.html">this tutorial.</a></p>
<img src="4.png" class="imgRz">
<p>Leave the default settings for the encryption</p>
<img src="5.png" class="imgRz">
<p>As a test we'll make a 1Gb volume, can be smaller or as big as all the available space.</p>
<img src="6.png" class="imgRz">
<p>Now here we want to remember our first password A, for the decoy volume, <b>This is the password you'll type when you're forced to give out your password</b>.</p>
<img src="7.png" class="imgRz">
<p>Here we can select the FAT filesystem</p>
<img src="8.png" class="imgRz">
<p>Then move your mouse to make sure the randomness of the encryption is best, then let it complete the formatting. If you are creating a large encrypted volume, it will take time to overwrite all the data. <b>DO NOT SELECT QUICK FORMAT, or you risk having the hidden volume being discoverable by an adversary.</b> </p>
<img src="9.png" class="imgRz">
<img src="10.png" class="imgRz">
<p>Now that's completed, we then create the Hidden Volume, which we'll open only when we are all alone, <b>the existence of this volume must never be revealed to anyone, only you should know about it</b>. then we repeat the previous steps:</p>
<img src="11.png" class="imgRz">
<img src="12.png" class="imgRz">
<p>Here we select the size we need for the hidden volume. </p>
<img src="13.png" class="imgRz">
<p>And here we use the second password, this is the one you must remember in order to access the data you want to hide from an adversary. Then we repeat the previous steps to create the volume:</p>
<img src="14.png" class="imgRz">
<img src="15.png" class="imgRz">
<img src="16.png" class="imgRz">
<img src="17.png" class="imgRz">
<img src="18.png" class="imgRz">
<p><b>And only now once we are in live mode, we can use zuluCrypt to create hidden encrypted volumes and unlock them.</b> But be aware that everything you write into the system drive will be wiped upon shutting down, <b>if you want to store something persistent accross reboots from live mode, you need to save it in a non-system drive.</b></p>
<p> So now from there we can create the encrypted volumes (either as files or as entire drives). In this example we'll create an encrypted file:<br>
<img src="2.png"></p>
<p>Select the volume name, size and location.<br>
We want the location to be a simple file in my home directory for testing purposes (so be aware that <u>upon rebooting it will be erased due to being in the system drive</u>). If you want it to not be erased upon rebooting, you'll need to put it in a non-system drive like in <a href="../sensitivevm/index.html">this tutorial</a>:<br>
<img src="3.png"></p>
<p>Once you click <b>Create</b>, it will write random data to the file. This can take a while:<br>
<img src="4.png"></p>
<p>Here select the volume type <b>(Normal+Hidden VeraCrypt)</b>, password for <b>decoy</b> and <b>secret</b> part and the size of hidden volume (has to be smaller than the size of outer volume).<br>
We set the filesystem as <b>exfat</b>. This is recommended since journaling filesystems can leave data which reveals the existence of hidden volume:<br>
<img src="5.png"></p>
<p>Now just click <b>Create</b> and wait a bit:<br>
<img src="6.png">
<img src="7.png"></p>
<p>After that's done, you'll get a popup:<br>
<img src="8.png"></p>
</div>
</div><!-- /row -->
</div> <!-- /container -->
@ -219,15 +155,38 @@ vc.deb: Debian binary package (format 2.0), with control.tar.gz, data compressio
<div class="row">
<div class="col-lg-8 col-lg-offset-2">
<h2><b>Mounting the Volumes</b></h2> </br> </br>
<p>Now let's mount both volumes to see the difference:</p>
<img src="19.png" class="imgRz">
<p>Here when we type the first password we see that the volume is mounted as normal type:</p>
<img src="20.png" class="imgRz">
<p>Then dismount the volume, and mount the hidden volume next with the second password:</p>
<img src="21.png" class="imgRz">
<p>And here you see that the volume mounted is now of the "hidden" type</p>
<img src="22.png" class="imgRz">
<p>And that's it! We now have setup a test veracrypt volume with a hidden volume, into which we can store some sensitive files.</p>
<p>Now let's mount volume using both <b>decoy</b> and <b>secret</b> password to see the difference. To do that, click on <b>Open > Volume Hosted In A File</b>:<br>
<img src="9.png"></p>
<p>Select the volume file:<br>
<img src="10.png">
<img src="11.png"></p>
<p>We'll then type the <b>decoy</b> password and click <b>Open</b>:<br>
<img src="12.png"></p>
<p>After a while a file manager should open in the directory where the volume got mounted:<br>
<img src="13.png"></p>
<p>In the zuluCrypt GUI, we can see the mount path:<br>
<img src="14.png"></p>
<p>We can put some decoy files there so that it makes sense why you hide it:<br>
<img src="15.png"></p>
<p>Now let's unmount the volume using zuluCrypt GUI:<br>
<img src="16.png"></p>
<p>Unlock the same volume but this time using the <b>secret</b> password:<br>
<img src="17.png"></p>
<p>As you can see, it's empty and the free space is just around <b>1024 MB</b> as we set before:<br>
<img src="18.png"></p>
<p>You can put stuff that you actually care about in there:<br>
<img src="19.png"></p>
<p>And that's it! Now you have a fully working volume with hidden data inside achieving <b>Plausible Deniability</b>.</p>
</div>
</div><!-- /row -->