#HITB2012KUL
ฝัง
- เผยแพร่เมื่อ 1 มิ.ย. 2024
- PRESENTATION MATERIALS:
conference.hitb.org/hitbseccon...
PRESENTATION ABSTRACT:
Drawing on lessons gleaned from recent hacker indictments, research on surveillance, espionage and counter-intelligence, this talk focuses on practical operational security (OPSEC) measures to avoid detection and prevent arrest by Law Enforcement Officials. The target audience for this talk are hacktivists whose primary mission requires strong online anonymity in the face of intense scrutiny from well funded antagonists.
Starting with a review of OPSEC goals and moving onto methodologies, techniques and technologies, this presentation will enable the target audience to devise and implement robust OPSEC measures.
Effective OPSEC requires combining strong technology solutions with disciplined cautious actions to minimize the exposure of "protected information". The talk will enumerate OPSEC principles and techniques to deny protected information to LEO, and equip hacktivists with the tools necessary to successfully conduct online operations while avoiding capture.
ABOUT THE GRUGQ
A licensed manicurist by trade, the grugq rose from the ranks of the PLA's gold farming division to become one of the lead clicky-clicky technologists within the offensive cyber sphere. Currently under the patronage of the Asian Godfather of Hacking, living an austere existence as a practicing Buddhist monk in the mountains of Bangkok, The Grugq continues to advance the art of hiding things from the authorities. - วิทยาศาสตร์และเทคโนโลยี
42:08 LMFAO holy shit tough crowd
OMG, I seriously expected something lmao
that was hilarious it caught me so off guard
forwardobservation2.0 brought me here
Same king
🤦♂️And you both needed to make that known Why??? The page already has enough dickwads fucking with it trying to get it banned
@@SilverbackE12B yessskkizzzeeerrrrrr
volume 420
@@y2m13 Can't wait for tomorrow!
"Hackers are no longer the apex predator."
this was 8 yrs ago so...?
@@zoomerzoom9834 so
@@zoomerzoom9834 stil more accurale
@@zoomerzoom9834 9 now
58:44
That guy creeps the fuck out of me.
its a conference about opsec do you expect sane people to show up
@@acc55547going to an opsec conference doesn't seem like great opsec if I'm honest tbqh
The audio must be awesome or no one thought he was funny.
FRWD
Always
That bloke did a jimmy saville impression. :O :O
about no tor on 4MB - you can use cramfs as rootfs - compresses well and doesn't allow to write, which becomes an advantage here. No file dates, no logs, no info when the device was used. But I'd still trade the time (of preparing the smallest kernel and rootfs) for money, and just buy a better device.
Only if you're using an old system. DDR3 are immune to Cold Boot Attack. They only keep voltage for couple of seconds after forced power off. One thing this guy forgot to mention is obfsproxy with Tor to obfuscate your Tor bridge traffic.
42:00 Bro you were robbed!! That was fucking hilarious!!
HA HA FUNNY PENIS JOKE
@Syme Doubleplusgood found the v1rgin 1ncel
@@BennduR youre listening to a balding man talk about staying safe online bro we are all incels
Dude asking the question 58:50 sounds like Microsoft Sam...
And probably not be allowed near children.
Since you watched this; your youtube account is contaminated.
lmao
You're not wrong
On a list
6:26 "they will find a way to get you" 👀🙌🙌
truth mate, this is the way I live my life, my online life I need help with, cheers
Might be an issue stil if you have unencrypted swap to which memory dump is saved to when computer is "hibernating".
The dick joke had me rolling this dude is awesome 😂
When SWIM sold weed friends calling to check if they should come by expecting to smoke they would simply query regarding "Hanging out/around" and receive the appropriate answer...
I heard if anyone said GREEN, even once they were "perm-banned" !!
Why would _you_ perm-ban anyone? I thought it was someone who wasn't you? Or did you just watch a whole video on OPSEC only to out yourself in the comment section as someone who used to sell weed?
Best Video Conference Award 2020 goes to....
wait can someone explain the correct way to tandem tor with vpn?
Say I start a VPN up then connect tor through it 2nd, is this not the correct way?
Any tips???
Tyler Churchwell depends. tor first then VPN means the VPN provider will not be able to track you in their logs, however someone else could trace your entry or exit node.
vpn first and then tor means the VPN provider can track you if they keep logs, however your tor entry/exit node will look like it's coming from wherever the VPN location is set to.
basically, if you trust your VPN provider to not keep logs of your info, go vpn and then tor. if not, tor then vpn.
I also suggest buying a gift card from rite aid to purchase your VPN, so that you don't need to have your actual name/info linked to the card despite doing a financial transaction.
Cory Goodman
I'm very new to this technology so excuse my ignorance please I'm still learning.
I can only wrap my mind around one way of using a VPN and Tor and that's booting up tor after I put up the VPN client. I just don't understand how it could go the other way around VPN through tor. Thank God I'm not a computer guy and this is just a hobby LOL some people rely on this stuff to keep them alive in there extreme countries
Cory Goodman I started to say most VPNs don't keep logs, but yeah I was so confused by this video at first. thanks lol
James Beal that is false. many vpn's keep logs. what they do is not have logs when starting, then start keeping logs with no announcement
He is really genius.
@Syme Doubleplusgood impress me more ; )
Never had issues with ipredators speed though.
why VPN --> TOR is a bad idea.? is it because on the end node we still regster as TOR user and correlate with us.?
Cory Goodman7 months ago
Tyler Churchwell depends. tor first then VPN means the VPN provider will not be able to track you in their logs, however someone else could trace your entry or exit node.
vpn first and then tor means the VPN provider can track you if they keep logs, however your tor entry/exit node will look like it's coming from wherever the VPN location is set to.
basically, if you trust your VPN provider to not keep logs of your info, go vpn and then tor. if not, tor then vpn.
I also suggest buying a gift card from rite aid to purchase your VPN, so that you don't need to have your actual name/info linked to the card despite doing a financial transaction.
Show less
dcosb09 yes they say they do but even if they are being truthful nord maintains timestamp of your session for 15 minutes after u terminate the connection and compare that to something like mullvad and you'll see mullvad is much better just make sure you use bitcoin to pay with it and even still use tor to connect to vpn as like the grugq said don't trust anybody
@@japastani One thing I've always kinda wondered is why no one suggests "nesting" vpns. For example, you could use a vpn in America and then a vpn in China, and you have a reasonable chance that the vpn logs aren't likely co cooperate with each other such that it would be very difficult to get the full logs of what you're doing, you could even throw tor somewhere in the middle of that.
The idea is basically to create a "tor-like" session by using 3 vpns and nesting them all together, that way each vpn only knows what the previous and next destination is, and if these vpn providers exist under different sovereignty it would be a real huge pain in the ass to track. This way even if the vpn provider is keeping logs, it kinda doesn't matter because each individual vpn doesn't really know what the logs go to.
He contradicts more recent advice. Your VPN knows who you are because you paid. Tor->VPN means the VPN knows who you are because you have to log in to the VPN, unless you paid with XMR. VPN->Tor is the same as just Tor unless someone is snooping your wifi.
this arguement for pentesting looks ironclad and I don't think I'd have the patience anyway to thoroughly cloak
58:46 can somebody explain what is happening in this question here?
he works a lot with children, and, when he does, he likes to use a prepaid credit card
A Jimmy Saville impersonation. It’s a joke about someone who was in British news at the time.
@@tomhekkerI knew about Saville but never heard him so that explains why I didn't get the impression
What would be the best way to create a fake persona over social networks without using your IP or a paid VPN? Is uploading pictures to them risky? I wa slike "how are you gonna do that" lol.
Take photos of people with the phones drunk people leave on buses and leave them there, sure enough they will post it asking who did this, just make sure you aren't in the same place twice.
45:46 VPN vs TOR
10:27 1-5 steps of how to not get caught.
12:55 6-10
13:37 Why you must doing it.
58:45 "Now then, Now then" You are an absolute disgrace to the yorkshire community.
opsec fail at 50:52
My opsecs great I just transfer all my criminal funds straight into my bank how can I ever be caught
the grugq is a very unique handle.. proper opsec would be to call yourself something very generic that isn't easily googlable
He does when he's doing ops
Its awmproxy not amwproxy
Not saying anything about the anonymity of the service, but calling it slow is wrong.
8 year old comment but to be fair the service has increased speed wise as it has expanded and received more notoriety.
i am contaminated
Plot twist: presenter guy is Virus
He did read it like it was his own words..
Its like this guy is declaring that he does bad shit ..
lol, love the joke!
a way to get the feds on your account
41:48 XDDDD
FRwd
Post to odysee
i'm going to freedom fight the fuck out of facebook :P
I'm lost, I didn't understand a word he said.
What he’s saying is in pretty plain English to me
creep
Unnecessary foul language. I dislike those kind of people.