---
author: Mulligan Security
date: 2025-05-16
gitea_url: "http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions/issues/312"
xmr: 86NCojqYmjwim4NGZzaoLS2ozbLkMaQTnd3VVa9MdW1jVpQbseigSfiCqYGrM1c5rmZ173mrp8RmvPsvspG8jGr99yK3PSs
---

to be explained:

    why do you need a clear threat model (to not lose your mind over stuff that won't likely happen while overlooking simple mistakes)
    why it's very unlikely that hardware 0-day will get you but it's very likely you'll do some dumb thing and deanonymize yourself (wondering about 0-days is overconfidence in most cases)
    how bad people got caught in the past (what opsec mistakes they made, the stupider the better), give like 3-5 examples
        the guy who uploaded tar of his entire home directory is my personal fav (Julius Kivimaki)
        OSDoD mixing personal and business stuff online
        Pharoah googling why his servers are down (because FBI was imaging them lol)
        ...
    threat scenarios (explain each), some examples:
        physical breach (leaving your laptop unattended at a restaurant or sth)
        social engineering or phishing
        reusing the same passwords and using one already breached somewhere
        ...