NOTE: If at any time you need help with any topic found in this guide, feel free to join us at https://webchat.anonops.com and you'll be able to find someone to help you figure it out. It should be noted that this guide contains information that may be difficult to understand without an extensive technical and functional knowledge of information systems. While this guide does attempt to put it simply and in laymans terms, you the user are ultimately responsible for the security of your own systems.
Setting up Tor
Due to abuse in the past TOR exit nodes are not able to connect to the AnonOps IRC servers. You can however connect to our hidden service. More information on this is found on the tutorials page for your client. https://anonops.com/tutorials.html
- Download Tor here: https://www.torproject.org/
- Run the .exe
- Extract to the default folder. You should have a folder on the desktop called Tor Browser. In this folder is Start Tor Browser.exe. If you want you can right-click to create a shortcut and drag it to your desktop, making sure the original stays in the same folder.
- Click https://check.torproject.org/ to verify TOR is working. If your ISP blocks connections to TOR or you need further help feel free to ask about it in the #OpNewblood channel, which again you can access through your web browser at this link: http://webchat.anonops.com
- Download Tor here: https://www.torproject.org/
- Extract to destination of your choice. Default location is fine.
- You should now be able to just click Start Tor Browser to start.
A NOTE FOR ALL Operating Systems
There have been some changes in the structure of the Tor bundle and if you need to set up relays or other special options there are specific instructions at https://www.torproject.org/download/download.html.en.
Once again for help with making a bridge if your ISP blocks Tor please ask for help in #OpNewblood via your web browser here: https://webchat.anonops.com
To check anytime if TOR is working, you can go here: https://check.torproject.org/ to verify your TOR is working.
Troubleshooting: refer to www.torproject.org
Adblock Plus: This plugin blocks around 90% of internet services that attempt to track your web activity and then send you targeted ads. It's recommended to use this addon while browsing any websites. Information loaded from these ad servers leaks information about you thru your browser. This is a bad thing. Note that newer versions of this addon also blocks most social media images such as facebook 'like' buttons. Configure the addon to suit your needs. https://addons.mozilla.org
RequestPolicy: Be in control of which cross-site requests are allowed. Improve the privacy of your browsing by not letting other sites know your browsing habits. Secure yourself from Cross-Site Request Forgery (CSRF) and other attacks. Works alongside NoScript. https://addons.mozilla.org/en-US/firefox/addon/requestpolicy/
BetterPrivacy: This plugin is a tool to identify and remove cookies. It will also act as an "optout" from advertisement and other forms of web tracking. https://addons.mozilla.org
FoxyProxy: An Addon to the default way to handle connecting to proxies, the FoxyProxy addon will allow you to have easier access to enabling your proxy tunnels, also has advanced features, such as setting up a list of domains that you will always want to use a proxy to connect to, and to do so automatically, while still using another connection for non-listed sites. https://addons.mozilla.org
Ghostery: Another tool to help manage and mitigate tracking cookies, Ghostery features tools that will alert you when there are tracking cookies on the websites you visit. You can also view information about each tracker that is trying to harvest your browsing data, and even view the source code of said tracker and see exactly how the cookie is tracking you. Make sure you get Fanboy list and Easy list to stay updated (these can be selected during setup or in the options of the addon itself ) https://addons.mozilla.org
HTTPS Everywhere: A Firefox extension produced as a collaboration between The Tor Project and the Electronic Frontier Foundation. Its purpose is to force a https connection to every website. https://www.eff.org/https-everywhere
Secret Agent: Continuously randomizes your Firefox/SeaMonkey HTTP User Agent, to suppress device fingerprinting and resist web tracking. Protip: use the Escape key to close the preferences window. https://www.dephormation.org.uk/?page=81
Advanced Defense Techniques
Using Virtual Machines
It is strongly recommended that you consider making a Virtual Machine (VM) to separate your personal OS instance with your anon activity OS instance. This ensures that personal data does not leak while viewing anon-related social media on such sites as Twitter or Facebook. It has several other advantages such as allowing you to quickly delete all anon activity off your computer by simply deleting the VM itself.
Virtual Machine Software
- VirtualBox - x86 and x64
- VMWare Workstation 7 - x86 and x64
- Windows Virtual PC - x86
- Parallels Desktop - x86 and x64
Disk encryption is another way to protect yourself. Disk encryption software will make it pretty much impossible for any one but yourself to access the data on any physical disk.
Disk Encryption Software
File and Email encryption and validation
Using the openPGP standard, the following software creates a "keyring" for you, bound to your name and email address (neither of which needs to be real. It can be useful to have a completely anonymous key pair). The private key is a password-protected key you keep on any system on which you will be DECRYPTING information; your home computer and, if you're brave, your Android phone. The public key is used to ENCRYPT information or files and is available to anyone. If you wanted to encrypt information to send to me, you'd have to ask for my public key (or search a keyserver such as https://pgp.mit.edu/), encrypt the data with it, and send it to me. The only way to recover that data is with my private key and password. PGP is the industry standard for high level encrypted email. GPG is the open source version of PGP, which is now a commercial product.
More on this subject is also found here: Email Encryption Basics.
Linux TOR VM
It's possible to use Tor as a VPN using some prepackaged linux VMs. Once these VMs are started it's possible to create a VPN connection to the Tor VM. These VMs include additional privacy goodies such as Squid and Privoxy.
Linux Tor Software
WHONIX - https://www.whonix.org/wiki/Main_Page - Whonix is an operating system focused on anonymity, privacy and security. It's based on the Tor anonymity network, Debian GNU/Linux and security by isolation. DNS leaks are impossible, and not even malware with root privileges can find out the user's real IP.
TAILS - https://tails.boum.org/
JanusVM - http://janusvm.com/ (not actively maintained, documentation minimal)
Portable refers to self-contained OS and software packages that can be run from CD, DVD or USB device. This allows you to carry your anon OS instance in your pocket, plug it into or insert into another computer and be ready to access anon resources in a secure way.
The Amnesic Incognito Live System (TAILS): https://tails.boum.org/download/index.en.html
A bootable, live, Linux distribution focusing on security and privacy. Basically this entire document in a single download.
Kali: http://www.kali.org/ The successor to Backtrack. A sort of Swiss army knife for pentesting.
Ubuntu Privacy Remix: https://www.privacy-cd.org/
Intended solely for Live booting. No installation on the local system is required and none of the data on it is touched.
Information in this section can be extremely confusing for new users and those without the necessary technical knowledge. Always be cautious when tinkering with systems you don't fully understand as this may lead to undesirable results, detection, or in extreme cases, system failure or legal trouble.
There are many ways to reach a website and to add protection for yourself in terms of anonymity and minimized vulnerability.
Using Secure Shells with PuTTY
Normal connections to the internet, unless using SSL, are cleartext unencrypted transmissions divided into data packets. Using a packetsniffer, it is possible to capture most packets, and look at their payload in plain text. This can include usernames, emails, IM's, and sometimes even passwords and sensitive information. When you set up a tunnel securely, you are connecting to a secure, encrypted connection to the machine you are connecting to, helping to prevent the use of packetsniffers to steal your information. Not only is this useful for keeping your local connection to the internet secure, it is also one of the basic ways you can hide which IP address you are connecting to the internet from at home. When using the tunnel for your transmissions, all of your packets will have that machine's IP address on the source address section instead of your own. Again, as covered above, you cannot trust a VPN (SSH) provided at no cost. It is in your best interests to use a paid hosting provider.
Information on how to set up a GNU/Linux system to use openVPN can be found here: http://openvpn.net/howto.html
OpenVPN only secures you between your server and you, not between your server and the internet. Your server will be the middle man and is identifieable unless augmented with additional obfuscation techniques.
To secure the connection between your local server and the internet you'll need a commercial VPN provider. (This section does not apply to people who connect directly to the internet. Most people will need the commercial VPN.)
Using SOCKS4/5 Proxys
If you're interested in using SOCKS 4/5 proxies with the Firefox browser, you can find instructions here: Need good link.
This section explains how to change the nameserver that resolves domain names into IP adresses that is sometimes used as an ideal way to trace you by your ISP, even if the data you used is encrypted via RSA or a strong triple des encryption the request to the domain name to an ip still is carried out by someone, make sure it's you, or someone friendly. DNS requests in an ideal situation should be encrypted, if you're super paranoid, and some proxies offer this.
Changing Windows Hostnames
This hacker's trick is a good way to associate a permanent IP mirror for your favourite social networking site like facebook, twitter, etc etc. If this is something you're interested in, more information can be found here: http://www.ehow.com/how_5225562_edit-windows-hosts-file.html
If you want cannabis.com to goto 126.96.36.199 then you can enter it just like the localhost 127.0.0.1 entry you'll find in your windows setup. This bypasses nameserver requests to most browsers (check to be sure with a packet sniffer)
All of these need PCap drivers installed and are included in the downloads of each. Understanding packets takes time and practice.
To get started install a copy of wireshark (http://www.wireshark.org/) or MS Network Monitor 3.4, both are free. If you don't see any capture interfaces listed then you may need to run it as administrator.
To identify which interface is seeing your traffic click the first (top-left) icon "list available interfaces" and look for the one with the numbers counting up; it's the active one. Start it and watch all the packets flow. You might see lots of traffic, start closing shit that's downloading or streaming stuff. You'll get down to a slower scroll of ARP and NetBios traffic, the occasional UPNP burst and other stuff.
If you're on a secure VPN or something you'll see just about ALL SSL/TLS grey colored packets or all UDP blue packets in some cases. Try another active interface (like a TAP interface) to see the goods.
Get on your home network and play around; see what DHCP handshakes look like, DNS requests/responses, navigate a shared folder and see what it shows you, stuff like that.
If you know how, do an NMAP scan and see how obvious and loud it is and learn techniques to use it in a more covert manner. http://www.wireshark.org/docs/ <- read and watch the videos. There's a lot to it but once you catch on it's quite simple to grasp.
TCPDump(linux)/WinDump(windows) - Command line packet capture for gathering to analyze later. http://www.tcpdump.org/ and http://www.winpcap.org/windump/
NetworkMiner (http://networkminer.sourceforge.net/) is an alternative that allows you to sort collected packets however you want (by host for example) for easy digging around.
NEED MOAR/BETTER INFO HERE:
TCP/IP AND THE WIDER INTERNET: (DNS/HTTP Port 80/Logging/Secure ways to connect to your 'crack' machine).. PROXY CHAINING, SSH CLI Chaining maybe?
Change DNS Settings in Windows XP
Network Layers & OSI ModelIn order for a security expert to truly understand a software or hardwares running on a network or security system, they must be able to relate to and fully conceive the implications of changes that are made to an existing setup.No matter what you do at any level of the network layer, you will be interacting at other levels also. E.g. The data link layer (Layer 2 OSI) must make use of the physical layer (Layer 1 OSI), and so on.Layer 1 : Physical layerThis is the electrical and physical specification of the devices. In particular it will refer to pins, voltages, repeaters, hubs, network adapters, host bus adapters and SANs (Storage Area NEtworks). Standards such as the RS-232C Com port standard popularised in the 90's uses such physical wires to access medium.One such popular medium would be the internet. To which the early modems connected.Layer 2 : Data Link LayerThe Data Link Layer provides functional and procedural means to transfer data between network entities using physical layers (or cabling/adapters/routers/repeaters) so on and so forth. Originally Layer 2 was intended for point 2 point transfer only. LAN and multi-broadcast media (multicast et al) were developed independant of the ISO standard (IEEE 802).WAN and LAN are services on the data link layer that arrange bits, from physical layer into logical fram sequences. These frames contain important information that is relative to your Transmission Control Protocol, and includes information such as your IP (Internet Protocol) address.This address is binded through service levels by the TCP (Transmission Control Protocol) transport layer.8. Hack in a sack:The Metasploit Framework
Metasploit is a software suite created for penetration testing, and is included in both Backtrack and Gnacktrack LiveCDs listed in the mobile solutions section. It has a command line interface, a GUI interface, and a Web interface, creating what is, in a real way, the world's first point-and-click hacking software. It has a massive, constantly updated Database of usable exploits, which you can use to gain access to vulnerable remote systems. http://www.metasploit.com/
Thanks for reading this whole doc, you did right? Please ask questions in #OpNewblood (Again, you can reach us via your web browser at https://webchat.anonops.com) and refer back to this document and remember to stay safe.
Protecting your anonmity is the most important part of being Anonymous.
In our world a good defense is the best offense.