SlideShare a Scribd company logo

OPSEC for hackers

G
grugq

A gentle introduction to keeping your mouth shut. Video of the talk: https://www.youtube.com/watch?v=9XaYdCdwiWU

1 of 154
Download to read offline
OPSEC for hackers:
 because jail is for
     wuftpd
     the.grugq@gmail.com
OPSEC forFREEDOM FIGHTERS
           hackers:
 because jail is for
     wuftpd
     the.grugq@gmail.com
Overview
• Intro to OPSEC
 • Methodology
 • lulzsec: lessons learned
 • Techniques
 • Technology
• Conclusion
Avon:You only got to fuck up once… Be a little
     slow, be a little late, just once. How you
     ain’t gonna never be slow? Never be late?
     You can’t plan for that. Thats life.
Intro
to
OPSEC
WTF is it?

Recommended

An Underground education
An Underground educationAn Underground education
An Underground educationgrugq
 
Click and Dragger: Denial and Deception on Android mobile
Click and Dragger: Denial and Deception on Android mobileClick and Dragger: Denial and Deception on Android mobile
Click and Dragger: Denial and Deception on Android mobilegrugq
 
14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awareness14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awarenessMichel Bitter
 
Cyber security training course ppt
Cyber security training course pptCyber security training course ppt
Cyber security training course pptRajshekarShivanagutt
 
My darkweb-presentation
My darkweb-presentationMy darkweb-presentation
My darkweb-presentationPaul Wilson
 
Bezpieczny Internet W M
Bezpieczny Internet W MBezpieczny Internet W M
Bezpieczny Internet W MTeresa
 
OPSEC for OMBUDSMEN
OPSEC for OMBUDSMENOPSEC for OMBUDSMEN
OPSEC for OMBUDSMENNaval OPSEC
 

More Related Content

What's hot

Cyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeCyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeAaron White
 
Razem tworzymy bezpieczny Internet
Razem tworzymy bezpieczny InternetRazem tworzymy bezpieczny Internet
Razem tworzymy bezpieczny Internetbrygidka10
 
Cybercrime In The Deep Web
Cybercrime In The Deep WebCybercrime In The Deep Web
Cybercrime In The Deep WebTrend Micro
 
No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016Matthew Dunwoody
 
Computer crimes and criminals
Computer crimes and criminalsComputer crimes and criminals
Computer crimes and criminalsOnline
 
Cyber security for kids
Cyber security for kidsCyber security for kids
Cyber security for kidsChris Burrows
 
MITRE-Module 2 Slides.pdf
MITRE-Module 2 Slides.pdfMITRE-Module 2 Slides.pdf
MITRE-Module 2 Slides.pdfReZa AdineH
 
What is Hacking? AND Types of Hackers
What is Hacking? AND Types of HackersWhat is Hacking? AND Types of Hackers
What is Hacking? AND Types of Hackersinfosavvy
 
The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering OWASP Foundation
 
Cyber Security-Foundation.ppt
Cyber Security-Foundation.pptCyber Security-Foundation.ppt
Cyber Security-Foundation.pptErAdityaSingh1
 
Cyber Crime And Security
Cyber Crime And Security Cyber Crime And Security
Cyber Crime And Security ritik shukla
 

What's hot (20)

Cyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeCyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat Landscape
 
Cyberstalking
CyberstalkingCyberstalking
Cyberstalking
 
Cyber Security PPT - 2023.pptx
Cyber Security PPT - 2023.pptxCyber Security PPT - 2023.pptx
Cyber Security PPT - 2023.pptx
 
Razem tworzymy bezpieczny Internet
Razem tworzymy bezpieczny InternetRazem tworzymy bezpieczny Internet
Razem tworzymy bezpieczny Internet
 
Cybercrime In The Deep Web
Cybercrime In The Deep WebCybercrime In The Deep Web
Cybercrime In The Deep Web
 
No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016
 
Computer crimes and criminals
Computer crimes and criminalsComputer crimes and criminals
Computer crimes and criminals
 
Cyber security for kids
Cyber security for kidsCyber security for kids
Cyber security for kids
 
MITRE-Module 2 Slides.pdf
MITRE-Module 2 Slides.pdfMITRE-Module 2 Slides.pdf
MITRE-Module 2 Slides.pdf
 
What is Hacking? AND Types of Hackers
What is Hacking? AND Types of HackersWhat is Hacking? AND Types of Hackers
What is Hacking? AND Types of Hackers
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering The Art of Human Hacking : Social Engineering
The Art of Human Hacking : Social Engineering
 
Hacking presentation
Hacking presentationHacking presentation
Hacking presentation
 
Dark web
Dark webDark web
Dark web
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Cyber Security-Foundation.ppt
Cyber Security-Foundation.pptCyber Security-Foundation.ppt
Cyber Security-Foundation.ppt
 
Cyber Crime And Security
Cyber Crime And Security Cyber Crime And Security
Cyber Crime And Security
 
Osatv
OsatvOsatv
Osatv
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Hacking
HackingHacking
Hacking
 

Viewers also liked

On Cyber
On Cyber  On Cyber
On Cyber grugq
 
OPSEC for hackers (bahasa indonesia)
OPSEC for hackers (bahasa indonesia)OPSEC for hackers (bahasa indonesia)
OPSEC for hackers (bahasa indonesia)grugq
 
An Underground education
An Underground educationAn Underground education
An Underground educationgrugq
 
Opsec for security researchers
Opsec for security researchersOpsec for security researchers
Opsec for security researchersvicenteDiaz_KL
 
Opsec for families
Opsec for familiesOpsec for families
Opsec for familiesLindy Kyzer
 
Cyber opsec protecting_yourself_online
Cyber opsec protecting_yourself_onlineCyber opsec protecting_yourself_online
Cyber opsec protecting_yourself_onlineFtlwood Families
 
NSA-Proof communications (mostly)
NSA-Proof communications (mostly)NSA-Proof communications (mostly)
NSA-Proof communications (mostly)Jan Seidl
 
4 Operations Security
4 Operations Security4 Operations Security
4 Operations SecurityAlfred Ouyang
 
What we can learn from LulzSec
What we can learn from LulzSecWhat we can learn from LulzSec
What we can learn from LulzSecPositive Hack Days
 
Intro to INFOSEC
Intro to INFOSECIntro to INFOSEC
Intro to INFOSECSean Whalen
 
Roger malina nsf nea workshop 2011 ss
Roger malina nsf nea workshop 2011 ssRoger malina nsf nea workshop 2011 ss
Roger malina nsf nea workshop 2011 ssroger malina
 
Smr week 23 opsec and safe social networking
Smr week 23   opsec and safe social networkingSmr week 23   opsec and safe social networking
Smr week 23 opsec and safe social networkingFort Rucker FRSA
 
Basic Security for Digital Companies - #MarketersUnbound (2014)
Basic Security for Digital Companies - #MarketersUnbound (2014)Basic Security for Digital Companies - #MarketersUnbound (2014)
Basic Security for Digital Companies - #MarketersUnbound (2014)Justin Bull
 
L'ABC della crittografia
L'ABC della crittografiaL'ABC della crittografia
L'ABC della crittografiaGiovanni Bechis
 

Viewers also liked (20)

On Cyber
On Cyber  On Cyber
On Cyber
 
OPSEC for hackers (bahasa indonesia)
OPSEC for hackers (bahasa indonesia)OPSEC for hackers (bahasa indonesia)
OPSEC for hackers (bahasa indonesia)
 
An Underground education
An Underground educationAn Underground education
An Underground education
 
Opsec for security researchers
Opsec for security researchersOpsec for security researchers
Opsec for security researchers
 
Opsec for families
Opsec for familiesOpsec for families
Opsec for families
 
OPSEC for Kids
OPSEC for KidsOPSEC for Kids
OPSEC for Kids
 
OPSEC for Families
OPSEC for FamiliesOPSEC for Families
OPSEC for Families
 
Analogic Opsec 101
Analogic Opsec 101Analogic Opsec 101
Analogic Opsec 101
 
Cyber opsec protecting_yourself_online
Cyber opsec protecting_yourself_onlineCyber opsec protecting_yourself_online
Cyber opsec protecting_yourself_online
 
NSA-Proof communications (mostly)
NSA-Proof communications (mostly)NSA-Proof communications (mostly)
NSA-Proof communications (mostly)
 
4 Operations Security
4 Operations Security4 Operations Security
4 Operations Security
 
Growth Hacking
Growth HackingGrowth Hacking
Growth Hacking
 
What we can learn from LulzSec
What we can learn from LulzSecWhat we can learn from LulzSec
What we can learn from LulzSec
 
Intro to INFOSEC
Intro to INFOSECIntro to INFOSEC
Intro to INFOSEC
 
Roger malina nsf nea workshop 2011 ss
Roger malina nsf nea workshop 2011 ssRoger malina nsf nea workshop 2011 ss
Roger malina nsf nea workshop 2011 ss
 
How stuff works
How stuff worksHow stuff works
How stuff works
 
Smr week 23 opsec and safe social networking
Smr week 23   opsec and safe social networkingSmr week 23   opsec and safe social networking
Smr week 23 opsec and safe social networking
 
Basic Security for Digital Companies - #MarketersUnbound (2014)
Basic Security for Digital Companies - #MarketersUnbound (2014)Basic Security for Digital Companies - #MarketersUnbound (2014)
Basic Security for Digital Companies - #MarketersUnbound (2014)
 
L'ABC della crittografia
L'ABC della crittografiaL'ABC della crittografia
L'ABC della crittografia
 
La casa miranda
La casa mirandaLa casa miranda
La casa miranda
 

Similar to OPSEC for hackers

Netiquette stassie
Netiquette stassieNetiquette stassie
Netiquette stassieJill Stassie
 
Rules on the road to netique
Rules on the road to netiqueRules on the road to netique
Rules on the road to netiqueC_Warrick
 
Notacon 7 - SCADA and ICS for Security Experts
Notacon 7 - SCADA and ICS for Security ExpertsNotacon 7 - SCADA and ICS for Security Experts
Notacon 7 - SCADA and ICS for Security ExpertsJames Arlen
 
BlackHat Europe 2010: SCADA and ICS for Security Experts
BlackHat Europe 2010: SCADA and ICS for Security ExpertsBlackHat Europe 2010: SCADA and ICS for Security Experts
BlackHat Europe 2010: SCADA and ICS for Security ExpertsJames Arlen
 
Internet security lessons for IoT
Internet security lessons for IoTInternet security lessons for IoT
Internet security lessons for IoTDirk Zittersteyn
 
Special Topics Day for Engineering Innovation Lecture on Cybersecurity
Special Topics Day for Engineering Innovation Lecture on CybersecuritySpecial Topics Day for Engineering Innovation Lecture on Cybersecurity
Special Topics Day for Engineering Innovation Lecture on CybersecurityMichael Rushanan
 
Defcon Crypto Village - OPSEC Concerns in Using Crypto
Defcon Crypto Village - OPSEC Concerns in Using CryptoDefcon Crypto Village - OPSEC Concerns in Using Crypto
Defcon Crypto Village - OPSEC Concerns in Using CryptoJohn Bambenek
 
Defcon 22-metacortex-grifter-darkside-of-the-internet
Defcon 22-metacortex-grifter-darkside-of-the-internetDefcon 22-metacortex-grifter-darkside-of-the-internet
Defcon 22-metacortex-grifter-darkside-of-the-internetPriyanka Aash
 
Acpe 2014 Internet Anonymity Using Tor
Acpe 2014  Internet Anonymity Using TorAcpe 2014  Internet Anonymity Using Tor
Acpe 2014 Internet Anonymity Using TorJack Maynard
 
Best Website For Essay Writing. Online assignment writing service.
Best Website For Essay Writing. Online assignment writing service.Best Website For Essay Writing. Online assignment writing service.
Best Website For Essay Writing. Online assignment writing service.Angelica Ortiz
 
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...EC-Council
 
#flushyourmeds Two Edition
#flushyourmeds Two Edition#flushyourmeds Two Edition
#flushyourmeds Two Editionflushthemeds
 
#flushyourmeds Dos Edition
#flushyourmeds Dos Edition#flushyourmeds Dos Edition
#flushyourmeds Dos Editionflushmeds
 
Essay On If Pigs Could Fly. Online assignment writing service.
Essay On If Pigs Could Fly. Online assignment writing service.Essay On If Pigs Could Fly. Online assignment writing service.
Essay On If Pigs Could Fly. Online assignment writing service.Tonya Lomeli
 

Similar to OPSEC for hackers (20)

INTERNET ETIQUETTE AND NETIQUETTE
INTERNET ETIQUETTE AND NETIQUETTEINTERNET ETIQUETTE AND NETIQUETTE
INTERNET ETIQUETTE AND NETIQUETTE
 
Netiquette stassie
Netiquette stassieNetiquette stassie
Netiquette stassie
 
Rules on the road to netique
Rules on the road to netiqueRules on the road to netique
Rules on the road to netique
 
Notacon 7 - SCADA and ICS for Security Experts
Notacon 7 - SCADA and ICS for Security ExpertsNotacon 7 - SCADA and ICS for Security Experts
Notacon 7 - SCADA and ICS for Security Experts
 
BlackHat Europe 2010: SCADA and ICS for Security Experts
BlackHat Europe 2010: SCADA and ICS for Security ExpertsBlackHat Europe 2010: SCADA and ICS for Security Experts
BlackHat Europe 2010: SCADA and ICS for Security Experts
 
Internet security lessons for IoT
Internet security lessons for IoTInternet security lessons for IoT
Internet security lessons for IoT
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
 
Why Use A VPN
Why Use A VPNWhy Use A VPN
Why Use A VPN
 
Special Topics Day for Engineering Innovation Lecture on Cybersecurity
Special Topics Day for Engineering Innovation Lecture on CybersecuritySpecial Topics Day for Engineering Innovation Lecture on Cybersecurity
Special Topics Day for Engineering Innovation Lecture on Cybersecurity
 
From OSINT to Phishing presentation
From OSINT to Phishing presentationFrom OSINT to Phishing presentation
From OSINT to Phishing presentation
 
Defcon Crypto Village - OPSEC Concerns in Using Crypto
Defcon Crypto Village - OPSEC Concerns in Using CryptoDefcon Crypto Village - OPSEC Concerns in Using Crypto
Defcon Crypto Village - OPSEC Concerns in Using Crypto
 
Bh mirror image-public
Bh mirror image-publicBh mirror image-public
Bh mirror image-public
 
Defcon 22-metacortex-grifter-darkside-of-the-internet
Defcon 22-metacortex-grifter-darkside-of-the-internetDefcon 22-metacortex-grifter-darkside-of-the-internet
Defcon 22-metacortex-grifter-darkside-of-the-internet
 
Acpe 2014 Internet Anonymity Using Tor
Acpe 2014  Internet Anonymity Using TorAcpe 2014  Internet Anonymity Using Tor
Acpe 2014 Internet Anonymity Using Tor
 
So You Want to be a Hacker?
So You Want to be a Hacker?So You Want to be a Hacker?
So You Want to be a Hacker?
 
Best Website For Essay Writing. Online assignment writing service.
Best Website For Essay Writing. Online assignment writing service.Best Website For Essay Writing. Online assignment writing service.
Best Website For Essay Writing. Online assignment writing service.
 
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
 
#flushyourmeds Two Edition
#flushyourmeds Two Edition#flushyourmeds Two Edition
#flushyourmeds Two Edition
 
#flushyourmeds Dos Edition
#flushyourmeds Dos Edition#flushyourmeds Dos Edition
#flushyourmeds Dos Edition
 
Essay On If Pigs Could Fly. Online assignment writing service.
Essay On If Pigs Could Fly. Online assignment writing service.Essay On If Pigs Could Fly. Online assignment writing service.
Essay On If Pigs Could Fly. Online assignment writing service.
 

Recently uploaded

Launching New Products In Companies Where It Matters Most by Product Director...
Launching New Products In Companies Where It Matters Most by Product Director...Launching New Products In Companies Where It Matters Most by Product Director...
Launching New Products In Companies Where It Matters Most by Product Director...Product School
 
My Journey towards Artificial Intelligence
My Journey towards Artificial IntelligenceMy Journey towards Artificial Intelligence
My Journey towards Artificial IntelligenceVijayananda Mohire
 
KUBRICK Graphs: A journey from in vogue to success-ion
KUBRICK Graphs: A journey from in vogue to success-ionKUBRICK Graphs: A journey from in vogue to success-ion
KUBRICK Graphs: A journey from in vogue to success-ionNeo4j
 
Roundtable_-_API_Research__Testing_Tools.pdf
Roundtable_-_API_Research__Testing_Tools.pdfRoundtable_-_API_Research__Testing_Tools.pdf
Roundtable_-_API_Research__Testing_Tools.pdfMostafa Higazy
 
Harnessing the Power of GenAI for Exceptional Product Outcomes by Booking.com...
Harnessing the Power of GenAI for Exceptional Product Outcomes by Booking.com...Harnessing the Power of GenAI for Exceptional Product Outcomes by Booking.com...
Harnessing the Power of GenAI for Exceptional Product Outcomes by Booking.com...Product School
 
ChatGPT's Code Interpreter: Your secret weapon for SEO automation success - S...
ChatGPT's Code Interpreter: Your secret weapon for SEO automation success - S...ChatGPT's Code Interpreter: Your secret weapon for SEO automation success - S...
ChatGPT's Code Interpreter: Your secret weapon for SEO automation success - S...SearchNorwich
 
Mind your App Footprint 🐾⚡️🌱 (@FlutterHeroes 2024)
Mind your App Footprint 🐾⚡️🌱 (@FlutterHeroes 2024)Mind your App Footprint 🐾⚡️🌱 (@FlutterHeroes 2024)
Mind your App Footprint 🐾⚡️🌱 (@FlutterHeroes 2024)François
 
Establishing data sharing standards to promote global industry development
Establishing data sharing standards to promote global industry developmentEstablishing data sharing standards to promote global industry development
Establishing data sharing standards to promote global industry developmentThorsten Huelsmann
 
Introducing the New FME Community Webinar - Feb 21, 2024 (2).pdf
Introducing the New FME Community Webinar - Feb 21, 2024 (2).pdfIntroducing the New FME Community Webinar - Feb 21, 2024 (2).pdf
Introducing the New FME Community Webinar - Feb 21, 2024 (2).pdfSafe Software
 
Introduction to Multimodal LLMs with LLaVA
Introduction to Multimodal LLMs with LLaVAIntroduction to Multimodal LLMs with LLaVA
Introduction to Multimodal LLMs with LLaVARobert McDermott
 
AI improves software testing to be more fault tolerant, focused and efficient
AI improves software testing to be more fault tolerant, focused and efficientAI improves software testing to be more fault tolerant, focused and efficient
AI improves software testing to be more fault tolerant, focused and efficientKari Kakkonen
 
Enterprise Architecture As Strategy - Book Review
Enterprise Architecture As Strategy - Book ReviewEnterprise Architecture As Strategy - Book Review
Enterprise Architecture As Strategy - Book ReviewAshraf Fouad
 
Pragmatic UI testing with Compose Semantics.pdf
Pragmatic UI testing with Compose Semantics.pdfPragmatic UI testing with Compose Semantics.pdf
Pragmatic UI testing with Compose Semantics.pdfinfogdgmi
 
Leonis Insights: The State of AI (7 trends for 2023 and 7 predictions for 2024)
Leonis Insights: The State of AI (7 trends for 2023 and 7 predictions for 2024)Leonis Insights: The State of AI (7 trends for 2023 and 7 predictions for 2024)
Leonis Insights: The State of AI (7 trends for 2023 and 7 predictions for 2024)Jay Zhao
 
ASTRAZENECA. Knowledge Graphs Powering a Fast-moving Global Life Sciences Org...
ASTRAZENECA. Knowledge Graphs Powering a Fast-moving Global Life Sciences Org...ASTRAZENECA. Knowledge Graphs Powering a Fast-moving Global Life Sciences Org...
ASTRAZENECA. Knowledge Graphs Powering a Fast-moving Global Life Sciences Org...Neo4j
 
Python For Kids - Sách Lập trình cho trẻ em
Python For Kids - Sách Lập trình cho trẻ emPython For Kids - Sách Lập trình cho trẻ em
Python For Kids - Sách Lập trình cho trẻ emNho Vĩnh
 
HBR SERIES METAL HOUSED RESISTORS POWER ELECTRICAL ABSORBS HIGH CURRENT DURIN...
HBR SERIES METAL HOUSED RESISTORS POWER ELECTRICAL ABSORBS HIGH CURRENT DURIN...HBR SERIES METAL HOUSED RESISTORS POWER ELECTRICAL ABSORBS HIGH CURRENT DURIN...
HBR SERIES METAL HOUSED RESISTORS POWER ELECTRICAL ABSORBS HIGH CURRENT DURIN...htrindia
 
Artificial Intelligence, Design, and More-than-Human Justice
Artificial Intelligence, Design, and More-than-Human JusticeArtificial Intelligence, Design, and More-than-Human Justice
Artificial Intelligence, Design, and More-than-Human JusticeJosh Gellers
 
How to write an effective Cyber Incident Response Plan
How to write an effective Cyber Incident Response PlanHow to write an effective Cyber Incident Response Plan
How to write an effective Cyber Incident Response PlanDatabarracks
 
GraphSummit London Feb 2024 - ABK - Neo4j Product Vision and Roadmap.pptx
GraphSummit London Feb 2024 - ABK - Neo4j Product Vision and Roadmap.pptxGraphSummit London Feb 2024 - ABK - Neo4j Product Vision and Roadmap.pptx
GraphSummit London Feb 2024 - ABK - Neo4j Product Vision and Roadmap.pptxNeo4j
 

Recently uploaded (20)

Launching New Products In Companies Where It Matters Most by Product Director...
Launching New Products In Companies Where It Matters Most by Product Director...Launching New Products In Companies Where It Matters Most by Product Director...
Launching New Products In Companies Where It Matters Most by Product Director...
 
My Journey towards Artificial Intelligence
My Journey towards Artificial IntelligenceMy Journey towards Artificial Intelligence
My Journey towards Artificial Intelligence
 
KUBRICK Graphs: A journey from in vogue to success-ion
KUBRICK Graphs: A journey from in vogue to success-ionKUBRICK Graphs: A journey from in vogue to success-ion
KUBRICK Graphs: A journey from in vogue to success-ion
 
Roundtable_-_API_Research__Testing_Tools.pdf
Roundtable_-_API_Research__Testing_Tools.pdfRoundtable_-_API_Research__Testing_Tools.pdf
Roundtable_-_API_Research__Testing_Tools.pdf
 
Harnessing the Power of GenAI for Exceptional Product Outcomes by Booking.com...
Harnessing the Power of GenAI for Exceptional Product Outcomes by Booking.com...Harnessing the Power of GenAI for Exceptional Product Outcomes by Booking.com...
Harnessing the Power of GenAI for Exceptional Product Outcomes by Booking.com...
 
ChatGPT's Code Interpreter: Your secret weapon for SEO automation success - S...
ChatGPT's Code Interpreter: Your secret weapon for SEO automation success - S...ChatGPT's Code Interpreter: Your secret weapon for SEO automation success - S...
ChatGPT's Code Interpreter: Your secret weapon for SEO automation success - S...
 
Mind your App Footprint 🐾⚡️🌱 (@FlutterHeroes 2024)
Mind your App Footprint 🐾⚡️🌱 (@FlutterHeroes 2024)Mind your App Footprint 🐾⚡️🌱 (@FlutterHeroes 2024)
Mind your App Footprint 🐾⚡️🌱 (@FlutterHeroes 2024)
 
Establishing data sharing standards to promote global industry development
Establishing data sharing standards to promote global industry developmentEstablishing data sharing standards to promote global industry development
Establishing data sharing standards to promote global industry development
 
Introducing the New FME Community Webinar - Feb 21, 2024 (2).pdf
Introducing the New FME Community Webinar - Feb 21, 2024 (2).pdfIntroducing the New FME Community Webinar - Feb 21, 2024 (2).pdf
Introducing the New FME Community Webinar - Feb 21, 2024 (2).pdf
 
Introduction to Multimodal LLMs with LLaVA
Introduction to Multimodal LLMs with LLaVAIntroduction to Multimodal LLMs with LLaVA
Introduction to Multimodal LLMs with LLaVA
 
AI improves software testing to be more fault tolerant, focused and efficient
AI improves software testing to be more fault tolerant, focused and efficientAI improves software testing to be more fault tolerant, focused and efficient
AI improves software testing to be more fault tolerant, focused and efficient
 
Enterprise Architecture As Strategy - Book Review
Enterprise Architecture As Strategy - Book ReviewEnterprise Architecture As Strategy - Book Review
Enterprise Architecture As Strategy - Book Review
 
Pragmatic UI testing with Compose Semantics.pdf
Pragmatic UI testing with Compose Semantics.pdfPragmatic UI testing with Compose Semantics.pdf
Pragmatic UI testing with Compose Semantics.pdf
 
Leonis Insights: The State of AI (7 trends for 2023 and 7 predictions for 2024)
Leonis Insights: The State of AI (7 trends for 2023 and 7 predictions for 2024)Leonis Insights: The State of AI (7 trends for 2023 and 7 predictions for 2024)
Leonis Insights: The State of AI (7 trends for 2023 and 7 predictions for 2024)
 
ASTRAZENECA. Knowledge Graphs Powering a Fast-moving Global Life Sciences Org...
ASTRAZENECA. Knowledge Graphs Powering a Fast-moving Global Life Sciences Org...ASTRAZENECA. Knowledge Graphs Powering a Fast-moving Global Life Sciences Org...
ASTRAZENECA. Knowledge Graphs Powering a Fast-moving Global Life Sciences Org...
 
Python For Kids - Sách Lập trình cho trẻ em
Python For Kids - Sách Lập trình cho trẻ emPython For Kids - Sách Lập trình cho trẻ em
Python For Kids - Sách Lập trình cho trẻ em
 
HBR SERIES METAL HOUSED RESISTORS POWER ELECTRICAL ABSORBS HIGH CURRENT DURIN...
HBR SERIES METAL HOUSED RESISTORS POWER ELECTRICAL ABSORBS HIGH CURRENT DURIN...HBR SERIES METAL HOUSED RESISTORS POWER ELECTRICAL ABSORBS HIGH CURRENT DURIN...
HBR SERIES METAL HOUSED RESISTORS POWER ELECTRICAL ABSORBS HIGH CURRENT DURIN...
 
Artificial Intelligence, Design, and More-than-Human Justice
Artificial Intelligence, Design, and More-than-Human JusticeArtificial Intelligence, Design, and More-than-Human Justice
Artificial Intelligence, Design, and More-than-Human Justice
 
How to write an effective Cyber Incident Response Plan
How to write an effective Cyber Incident Response PlanHow to write an effective Cyber Incident Response Plan
How to write an effective Cyber Incident Response Plan
 
GraphSummit London Feb 2024 - ABK - Neo4j Product Vision and Roadmap.pptx
GraphSummit London Feb 2024 - ABK - Neo4j Product Vision and Roadmap.pptxGraphSummit London Feb 2024 - ABK - Neo4j Product Vision and Roadmap.pptx
GraphSummit London Feb 2024 - ABK - Neo4j Product Vision and Roadmap.pptx
 

OPSEC for hackers

  • 1. OPSEC for hackers: because jail is for wuftpd the.grugq@gmail.com
  • 2. OPSEC forFREEDOM FIGHTERS hackers: because jail is for wuftpd the.grugq@gmail.com
  • 3. Overview • Intro to OPSEC • Methodology • lulzsec: lessons learned • Techniques • Technology • Conclusion
  • 4. Avon:You only got to fuck up once… Be a little slow, be a little late, just once. How you ain’t gonna never be slow? Never be late? You can’t plan for that. Thats life.
  • 7. OPSEC in a nutshell • Keep your mouth shut • Guard secrets • Need to know • Never let anyone get into position to blackmail you
  • 20. • put the plumbing in first • create a cover (new persona) • work on the legend (history, background, supporting evidence for the persona) • Create sub-aliases • NEVER CONTAMINATE
  • 22. FREEDOM The 10 Hack FIGHTING Commandments
  • 24. • Rule 1: Never reveal your operational details
  • 25. • Rule 1: Never reveal your operational details • Rule 2: Never reveal your plans
  • 26. • Rule 1: Never reveal your operational details • Rule 2: Never reveal your plans • Rule 3: Never trust anyone
  • 27. • Rule 1: Never reveal your operational details • Rule 2: Never reveal your plans • Rule 3: Never trust anyone • Rule 4: Never confuse recreation and hacking FREEDOM FIGHTING
  • 28. • Rule 1: Never reveal your operational details • Rule 2: Never reveal your plans • Rule 3: Never trust anyone • Rule 4: Never confuse recreation and hacking FREEDOM FIGHTING • Rule 5: Never operate from your own house
  • 30. • Rule 6: Be proactively paranoid, it doesn’t work retroactively
  • 31. • Rule 6: Be proactively paranoid, it doesn’t work retroactively FREEDOM • Rule 7: Keep personal life and hacking FIGHTING separated
  • 32. • Rule 6: Be proactively paranoid, it doesn’t work retroactively FREEDOM • Rule 7: Keep personal life and hacking FIGHTING separated • Rule 8: Keep your personal environment contraband free
  • 33. • Rule 6: Be proactively paranoid, it doesn’t work retroactively FREEDOM • Rule 7: Keep personal life and hacking FIGHTING separated • Rule 8: Keep your personal environment contraband free • Rule 9: Don’t talk to the police
  • 34. • Rule 6: Be proactively paranoid, it doesn’t work retroactively FREEDOM • Rule 7: Keep personal life and hacking FIGHTING separated • Rule 8: Keep your personal environment contraband free • Rule 9: Don’t talk to the police • Rule 10: Don't give anyone power over you
  • 35. Why do you need OPSEC?
  • 36. It hurts to get fucked
  • 37. No one is going to go to jail for you.
  • 41. Your friends will betray you.
  • 46. never ever ever do this
  • 51. ProTip: Don’t use your personal Facebook account to send defacement code toFREEDOM FIGHTERS your friends
  • 63. Violation Keep personal life and hacking separate
  • 64. Violation Keep personal life and FREEDOM hacking separate FIGHTING
  • 73. Violation Don’t reveal operational details
  • 82. Violation Don’t reveal operational details
  • 89. Virus (10:30:18 PM): don't start accusing me of [being an informant] - especially after you disappeared and came back offering to pay me for shit - that's fed tactics
  • 90. Virus (10:30:18 PM): don't start accusing me of [being an informant] - especially after you disappeared and came back offering to pay me for shit - that's fed tactics Virus (10:30:31 PM): and then your buddy, topiary, who lives in the most random place
  • 91. Virus (10:30:18 PM): don't start accusing me of [being an informant] - especially after you disappeared and came back offering to pay me for shit - that's fed tactics Virus (10:30:31 PM): and then your buddy, topiary, who lives in the most random place Virus (10:30:36 PM): who's docs weren't even public
  • 92. Virus (10:30:18 PM): don't start accusing me of [being an informant] - especially after you disappeared and came back offering to pay me for shit - that's fed tactics Virus (10:30:31 PM): and then your buddy, topiary, who lives in the most random place Virus (10:30:36 PM): who's docs weren't even public Virus (10:30:38 PM): gets owned
  • 93. Virus (10:30:18 PM): don't start accusing me of [being an informant] - especially after you disappeared and came back offering to pay me for shit - that's fed tactics Virus (10:30:31 PM): and then your buddy, topiary, who lives in the most random place Virus (10:30:36 PM): who's docs weren't even public Virus (10:30:38 PM): gets owned Sabu (10:32:29 PM): offering to pay you for shit?
  • 94. Virus (10:30:18 PM): don't start accusing me of [being an informant] - especially after you disappeared and came back offering to pay me for shit - that's fed tactics Virus (10:30:31 PM): and then your buddy, topiary, who lives in the most random place Virus (10:30:36 PM): who's docs weren't even public Virus (10:30:38 PM): gets owned Sabu (10:32:29 PM): offering to pay you for shit? Virus (10:32:55 PM): yeah, you offered me money for "dox"
  • 95. Virus (10:30:18 PM): don't start accusing me of [being an informant] - especially after you disappeared and came back offering to pay me for shit - that's fed tactics Virus (10:30:31 PM): and then your buddy, topiary, who lives in the most random place Virus (10:30:36 PM): who's docs weren't even public Virus (10:30:38 PM): gets owned Sabu (10:32:29 PM): offering to pay you for shit? Virus (10:32:55 PM): yeah, you offered me money for "dox" Virus (10:33:39 PM): only informants offer up cash for shit -- you gave yourself up with that one
  • 96. HAPPY ENDING Virus is still free
  • 109. You’ll know it worked if nothing happens.
  • 110. Put it in place first.
  • 111. Paranoia doesn’t work retroactively
  • 113. Spiros: He knows my name, but my name is not my name. And you... to them you're only "The Greek." The Greek: And, of course, I'm not even Greek.
  • 118. Personas • Danger to personas is contamination • Contact between personas (covers) contaminates both • Keep cover identities isolated from each other
  • 120. • Fail safe technological solution • TOR all the things! • Back stop persona • Primary cover alias as first identity • Secondary cover aliases (eg. handles)
  • 122. Pitfalls • Location revealing information • Weather • Time • Political events • Profiling data
  • 123. Practice • Amateurs practice until they get it right, professionals practice until they can’t get it wrong • Practice makes perfect
  • 124. Stringer: What you doing? Shamrock: Robert's Rules says we got to have minutes of the meeting. These the minutes. Stringer: Nigga, is you taking notes on a criminal fucking conspiracy?
  • 125. No logs. No crime.
  • 127. Personal info is profiling info
  • 128. Guidelines against profiling • Do not include personal informations in your nick and screen name. • Do not discuss personal informations in the chat, where you are from... • Do not mention your gender, tattoos, piercings or physical capacities.
  • 129. Guidelines, cont. • Do not mention your profession, hobbies or involvement in activist groups • Do not use special characters on your keyboard unique to your language • Do not post informations to the regular internet while you are anonymous in IRC. • Do not use Twitter and Facebook
  • 130. Guidelines, cont. • Do not post links to Facebook images. The image name contains a personal ID. • Do not keep regular hours / habits (this can reveal your timezone, geographic locale) • Do not discuss your environment, e.g. weather, political activities,
  • 132. Hackers are no longer the apex predator
  • 133. Hackers are no longer FREEDOM FIGHTERS the apex predator
  • 134. That position has been ceded to LEO
  • 135. That position has been ceded to LEO * *Law Enforcement Officials
  • 137. VPNs vs. TOR • VPNs provide privacy • TOR provides anonymity • Confuse the two at your peril
  • 138. • TOR connection to a VPN => OK • VPN connection to TOR => GOTO JAIL
  • 139. On VPNs • Only safe currency is Bitcoins • because they come from nothing • Purchase only over TOR • http://torrentfreak.com/which-vpn- providers-really-take-anonymity- seriously-111007/
  • 143. PORTAL
  • 145. PORTAL • Router ensuring all traffic is transparently sent over TOR • Reduce the ability to make mistakes • Use mobile uplink • Mobility (go to a coffee shop) • Reduce risk of wifi monitoring
  • 146. PORTAL • Uses tricks to get additional storage space on /
  • 147. Hardware • TP-LINK AR71xx personal routers • MR-11U • MR-3040 • MR-3020 • WR-703N
  • 148. MR-3040 & MR-11U • Battery powered • Approx. 4-5 hrs per charge • USB for 3G modem
  • 151. STFU
  • 154. If you think, don’t speak If you speak, don’t write If you write, don’t sign If you sign, don’t be surprised

Editor's Notes

  1. \n
  2. \n
  3. STFU\nNeed to Know\nPlumbing\n
  4. The Wire, season 1, episode 5. This show is the most quotable show for OPSEC, evar!\n
  5. \n
  6. \n
  7. “Thwarting enemies at home and abroad” book. Blackmail is basically, don’t allow anyone to have power over you where they can dictate your actions. You ceed control of your actions to someone else, and it will end poorly for you.\n
  8. \n
  9. I love this guide. It provides general guidelines to committing criminal activities and staying out of jail. These are good OPSEC techniques for one activity (smoking weed), but many can be generalized to all criminal^W freedom fighting activities.\n
  10. \n
  11. \n
  12. \n
  13. NOTE: not using code doesn’t mean don’t use cryptonyms (code names). These are very good.\n
  14. NOTE: not using code doesn’t mean don’t use cryptonyms (code names). These are very good.\n
  15. NOTE: not using code doesn’t mean don’t use cryptonyms (code names). These are very good.\n
  16. NOTE: not using code doesn’t mean don’t use cryptonyms (code names). These are very good.\n
  17. \n
  18. \n
  19. \n
  20. \n
  21. #4 - don’t socialize with your criminal co-conspirators\n
  22. #4 - don’t socialize with your criminal co-conspirators\n
  23. #4 - don’t socialize with your criminal co-conspirators\n
  24. #4 - don’t socialize with your criminal co-conspirators\n
  25. #4 - don’t socialize with your criminal co-conspirators\n
  26. #4 - don’t socialize with your criminal co-conspirators\n
  27. #4 - don’t socialize with your criminal co-conspirators\n
  28. #10: control over your actions.\n
  29. #10: control over your actions.\n
  30. #10: control over your actions.\n
  31. #10: control over your actions.\n
  32. #10: control over your actions.\n
  33. #10: control over your actions.\n
  34. #10: control over your actions.\n
  35. \n
  36. \n
  37. \n
  38. \n
  39. \n
  40. \n
  41. \n
  42. \n
  43. \n
  44. \n
  45. \n
  46. \n
  47. \n
  48. \n
  49. \n
  50. This is a violation of the principle of “need to know”. Your lawyer needs to know that you are on probation (for a specific charge). Your criminal co-conspirators do not need to know this!\n
  51. note: example of good opsec, the feds dont’ name the other guy, ‘co-conspirator not named ... herein’. Only people who know who this is are: donncha, the hacker^Wfreedom fighter, and the feds pursuing the case\n
  52. note: example of good opsec, the feds dont’ name the other guy, ‘co-conspirator not named ... herein’. Only people who know who this is are: donncha, the hacker^Wfreedom fighter, and the feds pursuing the case\n
  53. note: example of good opsec, the feds dont’ name the other guy, ‘co-conspirator not named ... herein’. Only people who know who this is are: donncha, the hacker^Wfreedom fighter, and the feds pursuing the case\n
  54. note: example of good opsec, the feds dont’ name the other guy, ‘co-conspirator not named ... herein’. Only people who know who this is are: donncha, the hacker^Wfreedom fighter, and the feds pursuing the case\n
  55. note: example of good opsec, the feds dont’ name the other guy, ‘co-conspirator not named ... herein’. Only people who know who this is are: donncha, the hacker^Wfreedom fighter, and the feds pursuing the case\n
  56. note: example of good opsec, the feds dont’ name the other guy, ‘co-conspirator not named ... herein’. Only people who know who this is are: donncha, the hacker^Wfreedom fighter, and the feds pursuing the case\n
  57. note: example of good opsec, the feds dont’ name the other guy, ‘co-conspirator not named ... herein’. Only people who know who this is are: donncha, the hacker^Wfreedom fighter, and the feds pursuing the case\n
  58. note: example of good opsec, the feds dont’ name the other guy, ‘co-conspirator not named ... herein’. Only people who know who this is are: donncha, the hacker^Wfreedom fighter, and the feds pursuing the case\n
  59. note: example of good opsec, the feds dont’ name the other guy, ‘co-conspirator not named ... herein’. Only people who know who this is are: donncha, the hacker^Wfreedom fighter, and the feds pursuing the case\n
  60. \n
  61. \n
  62. \n
  63. \n
  64. \n
  65. \n
  66. \n
  67. \n
  68. \n
  69. \n
  70. \n
  71. \n
  72. \n
  73. \n
  74. \n
  75. \n
  76. \n
  77. \n
  78. \n
  79. Keep your hacking^W freedom fighting, and family, completely separated\n
  80. \n
  81. \n
  82. \n
  83. \n
  84. \n
  85. \n
  86. \n
  87. directly connecting to the target from your home IP? Are you out of your fucking mind!\n
  88. directly connecting to the target from your home IP? Are you out of your fucking mind!\n
  89. directly connecting to the target from your home IP? Are you out of your fucking mind!\n
  90. directly connecting to the target from your home IP? Are you out of your fucking mind!\n
  91. directly connecting to the target from your home IP? Are you out of your fucking mind!\n
  92. directly connecting to the target from your home IP? Are you out of your fucking mind!\n
  93. colloquially, don’t shit where you eat.\n
  94. \n
  95. \n
  96. \n
  97. \n
  98. \n
  99. \n
  100. \n
  101. \n
  102. \n
  103. \n
  104. \n
  105. \n
  106. \n
  107. \n
  108. \n
  109. \n
  110. \n
  111. \n
  112. \n
  113. \n
  114. \n
  115. \n
  116. \n
  117. \n
  118. \n
  119. \n
  120. \n
  121. \n
  122. \n
  123. \n
  124. \n
  125. \n
  126. \n
  127. \n
  128. \n
  129. \n
  130. \n
  131. \n
  132. \n
  133. \n
  134. \n
  135. \n
  136. \n
  137. \n
  138. \n
  139. \n
  140. \n
  141. They call them warning signs for a reason...\n
  142. \n
  143. \n
  144. \n
  145. \n
  146. \n
  147. \n
  148. \n
  149. \n
  150. \n
  151. \n
  152. \n
  153. \n
  154. \n
  155. \n
  156. \n
  157. \n
  158. \n
  159. \n
  160. \n
  161. \n
  162. They call them warning signs for a reason...\n
  163. \n
  164. \n
  165. \n
  166. \n
  167. \n
  168. \n
  169. \n
  170. \n
  171. \n
  172. self incriminating confession == bad\n
  173. \n
  174. Interrogation tactic: appeal to pride, ridicule the hacker’s abilities, encouraging him to “correct” your misperception of him... and in the process, confess. DO NOT TALK TO POLICE!\n
  175. \n
  176. \n
  177. \n
  178. \n
  179. \n
  180. \n
  181. \n
  182. \n
  183. \n
  184. credit: ben nagy found this pic, i stole it from him cause my conference talk is first, :D\n
  185. \n
  186. NOTE: he’s wearing a mask. \ncredit: ben nagy also found this photo. \n
  187. \n
  188. \n
  189. \n
  190. \n
  191. \n
  192. \n
  193. \n
  194. \n
  195. \n
  196. \n
  197. \n
  198. \n
  199. \n
  200. \n
  201. \n
  202. \n
  203. \n
  204. \n
  205. \n
  206. \n
  207. \n
  208. \n
  209. \n
  210. \n
  211. \n
  212. \n
  213. \n
  214. \n
  215. \n
  216. \n
  217. \n
  218. \n
  219. \n
  220. \n
  221. use tor\n
  222. \n
  223. \n
  224. \n
  225. \n
  226. \n