oxeo0/opsec-blogposts
1
0
Fork 0
mirror of http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/opsec-blogposts.git synced 2025-06-07 20:39:35 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

polishing

Browse source
This commit is contained in:
MulliganSecurity 2025-05-21 11:15:01 +02:00
parent 6906ab0eba
commit 04ac31e06f
1 changed files with 13 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

20
opsecmistakes/index.md
View file

@ -19,7 +19,7 @@ it is through OPSEC mistakes.
![attack cycle diagram](attack_cycle.png)
From the adversary's point of view (let's call them Leo), repression requires the following broad steps:
From the adversary's point of view, repression requires the following broad steps:
- Initial detection: someone is doing something we don't like
- Identification: who those someones are
@ -29,13 +29,13 @@ From the adversary's point of view (let's call them Leo), repression requires th
![protest](protest.jpg)
Depending on your organization and activities, this initial detection phase can come as soon as you get started
Depending on your organization and activities (eg: [protests](../anonprotest/index.md)), this initial detection phase can come as soon as you get started
(if you are staging protests, then identification is inevitable).
### What good OPSEC looks like
If your activities themselves must remain clandestine, OPSEC rules and procedures can help reduce your profile
and make less likely that your activity will be identified properly.
and make it less likely that your activity will be identified properly.
A simple example:
@ -51,7 +51,7 @@ A simple example:
## Smugglers
The quicker you are identified, the quicker your other lines of defense must come into play.
The quicker you are identified, the faster your other lines of defense must come into play.
If you are a novice in clandestine ops, it is likely that you still have stuff to learn in
order to be safe. If your activities are quickly identified, that's even less time available to you
to actually get better at survival.
@ -120,7 +120,7 @@ respectively.
![radar dish](detection.jpg)
After initial detection, your adversary will start collecting data to identify you. This will be traces you left during operations.
After initial detection, your adversary will start collecting data to identify you. This will be from traces you left during operations.
### What good OPSEC looks like
@ -140,7 +140,11 @@ Standardized Operating procedures for your organization providing a framework fo
- initial assembly point
- time, date
- means of transportation (ingress and egress)
- ...
- materials required
- initial sourcing
- purchase
- storage and delivery
- disposal
### What bad OPSEC looks lile
@ -151,7 +155,7 @@ In 2012, Ochoa, a member of the hacktivist group CabinCr3w (an offshoot of Anony
Critical Mistake: Ochoa posted a photograph on one of the defaced websites showing a woman holding a sign with a message mocking law enforcement.
The photo's metadata contained GPS coordinates, which led authorities to identify and locate Ochoa.
The picture's [metadata](../anonymitymetadata/index.md#file-data) contained GPS coordinates, which led authorities to identify and locate Ochoa.
#### How it plays out
- The FBI arrested Ochoa on March 20, 2012, in Galveston, Texas.
@ -163,6 +167,8 @@ The photo's metadata contained GPS coordinates, which led authorities to identif
![swat](swat.jpg)
That's when it's time to start running. If your adversary has gathered enough data to actively start neutralizing your operation you need to be prepared for it.
Such preparation has two required components:
- Detection: the more advance warning you have that the adversary is moving against you, the better