The OPSEC Reading List

[Trevor]

I think it'd be a valuable resource if we create and maintain a detailed reading list - compiled for the benefit of all. I realized that we, as a community, lack this kind of resource.

Please provide constructive criticism, and try not to be a dick.

You are more than welcome to post an item, and provide a critique (probably the best method IMHO) - this way, you've read it and thought about the contents. Alternatively (for those already well-read in the area) you can just compile lists of your own.

I'll start:
INFOSEC PRO GUIDE: CRYPTOGRAPHY, by Sean-Philip Oriyano

'Information Security: The Complete Reference', by Mark Rhodes-Ousley

[OperationsSecurity(OPSEC)]

All the resources in my sig http://grugq.github.io/resources/
The Ruckus Society keeps some good guides: http://www.ruckus.org/
The Grugq's video on OPSEC http://youtu.be/9XaYdCdwiWU
Ohrodr's quick talk on OPSEC from Toorcon http://youtu.be/Pw5MiZcsiQM 
The IRA green book if you can find it online (part 1 and 2)
The original OVDB productions guide "Art of Smuggling" had some good Tradecraft

Follow all those and you will learn how to avoid indicators (patterns), learn not to talk too much if you're running a major illegal operation like anti gov resistance or narco dealing, learn counter-surveillance to avoid police tails or rival G's looking to jack you like how to employ SDR (surveillance detection routes) on the way to a stash house, and to sweep your vehicle for GPS tags. Too many people have gone down dropping off drugs in mailboxes while their car is GPS tagged and feds are following them watching.

[Trevor]

What is OVDB productions guide "Art of Smuggling" and where could I find it?

[Serendipity]

Thanks for your great contributions OPSEC. This is my new favorite subject. Hopefully one I can study for a long time.

[orange]

What is OVDB productions guide "Art of Smuggling" and where could I find it?

It's on pastebin:
(CLEARNET) http://pastebin.com/DDJShs9f

[OperationsSecurity(OPSEC)]

OPSEC - Unmasking Miscreants (DerbyCon Oct 2013)
http://youtu.be/2NjBvFda4NI

If you run a hidden service, would want to look at this. They tell you how they break through cloudflare and other ddos protection to identify servers, same tactics would work on a hidden service if you set it up incorrectly. Also great lolz on the many fools selling booters that have zero opsec skills.

[Jeks]

sub,  good topic

[oracle]

dieAntwoord has posted some useful OPSEC information as well as links. He was kind enough to PM a few useful links a few days back.

Here (clearnet):

http://grugq.github.io/blog/2013/10/09/it-was-dpr/ is the orig post
http://grugq.github.io/resources/ has good info too


Well written and thought out.

[kittenfluff]

subbing for a proper perusal later. Great topic, would +1 if I could...

[cyanspore]

I did start a thread very similar to this already and posted a bunch of articles, but if you want this thread it's fine with me

http://silkroad5v7dywlc/index.php?topic=394.0

[Joe]

sub

[anontoker]

Good reading. Thanks for posting. Subbed.

[Kaiho]

http://shadowlife.cc/
or
http://shadow7jnzxjkvpz.onion/


Tradecraft, privacy, anonymity, amazing awesome site overall.

[weather420]

Sticky this thread.

[99herps]

http://shadowlife.cc/
or
http://shadow7jnzxjkvpz.onion/

Tradecraft, privacy, anonymity, amazing awesome site overall.

Not impressed. No meat.

[jacob1234]

OPSEC nice stuff. Subbed to this bad boy. Gonna take time tomorrow to watch those videos and get those books.

[ManInTheMirror]

This, the real shit, subbed.

[jacob1234]

Not sure if this is exactly OPSEC, but it's good info:
Don't Talk to Police: http://youtu.be/6wXkI4t7nuc
How to Cop Proof Your Phone: http://youtu.be/vVCROjpgCB0

[wholepyo]

Alright yall dont laugh too hard but whats OPSEC?

[jacob1234]

Alright yall dont laugh too hard but whats OPSEC?

Operational Security ***CLEARNET***http://en.wikipedia.org/wiki/Operations_security***CLEARNET***

[notpersonallyidentifiable]

Parts 1 and 2 of this are excellent

****CLEARNET****
https://lilithlela.cyberguerrilla.org/?p=3060  (Encryption For Beginners In an Era of Total Surveillance )
https://odinn.cyberguerrilla.org/index.php/2013/08/12/darknet-for-beginners/ (Darknet for Beginners: Nightweb, I2P, Tor over Meshnet)
****CLEARNET****

I'd probably start with the grugq's video though.

[Steve Jobs]

Agree: Sticky this topic... could save your life.

[astonmarteen]

subbed

[hopelessanarchist]

also agree this topic shoud be sticky

[stabpen]

Good stuff. Thanks!

[Trevor]

Finished reading 'INFOSEC PRO GUIDE: CRYPTOGRAPHY, by Sean-Philip Oriyano' a couple days ago, was not impressed. It's entry level to say the least, and contained very little substantial information. This is a huge drawback in fields as diverse and fast moving as 'infosec' and cryptography. Basically it'll be useful for someone who has no notion of what cryptography even is. If you know the basics of that,then don't even bother with this book. It also included all these childish exercises.

It may be an ok background read, but it is not specific enough for our perposes.

Also, can anyone post some in depth analysis of secure OS setups for anonymity. I recall a really good thread from the old forums started by Astor that basically had a top 10 of configurations (tails was listed at number 7). OPSEC what are your thoughts on using Tails? Astor said they aren't as anonymous as everyone claims.   

[TheOGroader]

Finished reading 'INFOSEC PRO GUIDE: CRYPTOGRAPHY, by Sean-Philip Oriyano' a couple days ago, was not impressed. It's entry level to say the least, and contained very little substantial information. This is a huge drawback in fields as diverse and fast moving as 'infosec' and cryptography. Basically it'll be useful for someone who has no notion of what cryptography even is. If you know the basics of that,then don't even bother with this book. It also included all these childish exercises.

It may be an ok background read, but it is not specific enough for our perposes.

Also, can anyone post some in depth analysis of secure OS setups for anonymity. I recall a really good thread from the old forums started by Astor that basically had a top 10 of configurations (tails was listed at number 7). OPSEC what are your thoughts on using Tails? Astor said they aren't as anonymous as everyone claims.

All I can say on Astor's behalf is whonix whonix whonix.
Did I mention whonix? Tails leaks like a motherfucker.
Of coarse this is just paraphrase from Astor's many pages on this

[Trevor]

Yes Astor discussed many whonix configurations. Starting from a base level, how does one construct a secure config? I daresay tails' proliferation lies in its ease of use.

[TheOGroader]

Yes Astor discussed many whonix configurations. Starting from a base level, how does one construct a secure config? I daresay tails' proliferation lies in its ease of use.

Tails is miles more complicated then whonix, even if your setting physical isolation boots its more simple.

[Jeks]

Astor had Qubes up at 1 but see here:

http://silkroad5v7dywlc/index.php?topic=173.msg1635#msg1635

[Trevor]

Yes Astor discussed many whonix configurations. Starting from a base level, how does one construct a secure config? I daresay tails' proliferation lies in its ease of use.

Tails is miles more complicated then whonix, even if your setting physical isolation boots its more simple.

It's complexity is one of it's major flaws, no?
Yeah, I meant ease of use to encapsulate this- everything bundled together and easily booted.

>So, whonix in a VM? What should the VM be placed in? A linux based OS? And what kind of PGP is strong, I was using GPG4Win for a long time and was only just advised against it.

Another question, how does one use "an internet link that cannot be traced to you", as advised by the gruqg in one of his articles?

[Trevor]

Also, I'm putting
'Information Security: The Complete Reference', by Mark Rhodes-Ousley on the list.

It's got strong and varied reading on a range of relevent (for SR users) topics.

I havn't got all the way through, but definitely worth your time to familiarise yourself with good CI habits.

[MrTerrific]

Subbed, It'd probably be a good Idea to Sticky this as well

[jacob1234]

Never Get Busted Again: http://www.youtube.com/watch?v=ZyAjLkBCWKI
Never Get Raided: http://www.youtube.com/watch?v=InJHDLNCRzc

[holog1n]

brutal thread, cant sub yet, crap... thanks for sharing

[Agent]

Yes Astor discussed many whonix configurations. Starting from a base level, how does one construct a secure config? I daresay tails' proliferation lies in its ease of use.

Tails is miles more complicated then whonix, even if your setting physical isolation boots its more simple.

It's complexity is one of it's major flaws, no?
Yeah, I meant ease of use to encapsulate this- everything bundled together and easily booted.

>So, whonix in a VM? What should the VM be placed in? A linux based OS? And what kind of PGP is strong, I was using GPG4Win for a long time and was only just advised against it.

Another question, how does one use "an internet link that cannot be traced to you", as advised by the gruqg in one of his articles?

Yes Whonix running in a VM is one of the better options out there, running it on a *nix based operating system is again the better option than running it on Windows unless you know how to really harden down a system like that.

VM's are a tricky option because you just don't know what information is being left behind on the OS that it's being run on and what security holes it may have that will leak any information of yours.

As for which PGP you should head over to the thread that talks about the difference PGP versions out there.

Also that last question I am not to sure about, did you mean a link that CAN track you throughout the internet ?

[Hijinx]

sub

[tra!nsTra!nsTRA!NS]

me likey, thanks and subbed

[DanDanTheIceCreamMan]

subbed