mirror of
http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/opsec-blogposts.git
synced 2025-06-08 09:39:36 +00:00
23 lines
1.2 KiB
Markdown
23 lines
1.2 KiB
Markdown
---
|
|
author: Mulligan Security
|
|
date: 2025-05-16
|
|
gitea_url: "http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions/issues/312"
|
|
xmr: 86NCojqYmjwim4NGZzaoLS2ozbLkMaQTnd3VVa9MdW1jVpQbseigSfiCqYGrM1c5rmZ173mrp8RmvPsvspG8jGr99yK3PSs
|
|
---
|
|
|
|
to be explained:
|
|
|
|
why do you need a clear threat model (to not lose your mind over stuff that won't likely happen while overlooking simple mistakes)
|
|
why it's very unlikely that hardware 0-day will get you but it's very likely you'll do some dumb thing and deanonymize yourself (wondering about 0-days is overconfidence in most cases)
|
|
how bad people got caught in the past (what opsec mistakes they made, the stupider the better), give like 3-5 examples
|
|
the guy who uploaded tar of his entire home directory is my personal fav (Julius Kivimaki)
|
|
OSDoD mixing personal and business stuff online
|
|
Pharoah googling why his servers are down (because FBI was imaging them lol)
|
|
...
|
|
threat scenarios (explain each), some examples:
|
|
physical breach (leaving your laptop unattended at a restaurant or sth)
|
|
social engineering or phishing
|
|
reusing the same passwords and using one already breached somewhere
|
|
...
|
|
|
|
|