diff --git a/opsecmistakes/index.md b/opsecmistakes/index.md
new file mode 100644
index 0000000..314bb66
--- /dev/null
+++ b/opsecmistakes/index.md
@@ -0,0 +1,23 @@
+---
+author: Mulligan Security
+date: 2025-05-16
+gitea_url: "http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions/issues/312"
+xmr: 86NCojqYmjwim4NGZzaoLS2ozbLkMaQTnd3VVa9MdW1jVpQbseigSfiCqYGrM1c5rmZ173mrp8RmvPsvspG8jGr99yK3PSs
+---
+
+to be explained:
+
+    why do you need a clear threat model (to not lose your mind over stuff that won't likely happen while overlooking simple mistakes)
+    why it's very unlikely that hardware 0-day will get you but it's very likely you'll do some dumb thing and deanonymize yourself (wondering about 0-days is overconfidence in most cases)
+    how bad people got caught in the past (what opsec mistakes they made, the stupider the better), give like 3-5 examples
+        the guy who uploaded tar of his entire home directory is my personal fav (Julius Kivimaki)
+        OSDoD mixing personal and business stuff online
+        Pharoah googling why his servers are down (because FBI was imaging them lol)
+        ...
+    threat scenarios (explain each), some examples:
+        physical breach (leaving your laptop unattended at a restaurant or sth)
+        social engineering or phishing
+        reusing the same passwords and using one already breached somewhere
+        ...
+
+