/d/OpSec icon

/d/OpSec

15,203 subscribers

Discussion about OpSec, Threat Models, Protection, Assessment and Countermeasures.

★ OpSec guide list ★ (Pinned post)

by /u/CocaineBrain 智 愛 ☮ Mod ☮ 愛 智 · 54 votes · 3 months ago

Compiling a list of OpSec guides so they will all be in one place. Please comment with a link to any guides that I am missing. Posting this now, will edit this in the coming days. Please comment any guides you have written or saved, the search feature only goes back 10 pages. Make sure to upvote/comment on guides you find helpful to encourage more to be written!

Setting up telegram to run on tails with persistent storage: /post/5c21fde4e4343c0c9415/ (written by /u/Morph4Me)

XMPP/JABBER Detailed Tutorial: /post/f5522292f29aec5f2282 (by /u/Salvin0rin)

[GUIDE] Qubes OS Detached LUKS Header Installation: /post/af76301c21e1b4a33851/#c-0ed8d259f89b41f343 (by /u/0x1337f331 stickied comment @ top for new qubes update by /u/bebasw4rzon3)

Veracrypt OS disk encryption for Linux - Fresh install, Fedora 33+: /post/8950c087a4e7d6193dc8 (by /u/vcfan )

Veracrypt OS disk encryption for Linux - Convert existing, Debian based: /post/8820cf005b696484748b/ (by /u/vcfan)

Veracrypt OS disk encryption for Linux - Fresh install, Debian and Ubuntu derivatives: /post/4b5b13bda71d079cd02e/ (by /u/vcfan)

Veracrypt OS disk encryption for Linux - Overview: /post/5779e55aae7fc06e4758/ (by /u/vcfan)

Batmanrobin's Guide to Mitigating Author Profiling and Linguistic Forensics When Posting Online /post/b03e3f596689ff5c9338/ (by /u/batmanrobin)

My personal guid to Tails, TOR, and everything in between. MODS: Please feel free to delete if you find redundant, or if there are better guides out /post/5be2f900342a128ee11b (by /u/StonkApeMan)

An in depth guide to Firefox hardening: /post/245daa5d5c95ce1d1e10 (by /u/just_no)

How To Harden FireFox.: /post/e2c81c140688639ebdff (by /u/Penguin_With_A_Gun)

How to hide secrets in the video file with full plausible deniability: /post/46cbf422288b2a886fbd/ (by /u/asfaleia)

Social media anonymity and phone OpSec (part 1): /post/2a4f140e1659c07ee264 (by /u/smalltowndreams)

Social media anonymity and phone OpSec (part 2): /post/731d95d51988a42c8ea9 (by /u/smalltowndreams)

IRL OpSec: Local Security, InfoSec, and You!! : /post/36900f6bb5c3be85234d (by /u/CollaredGreens)

How to deal with OpSec mistakes: /post/7421d8daf3cdd332de6c (by /u/elcamino)

Real Life Opsec / Streetsmarts & Tradecraft and RL deniable Communication: /post/37db7e8a660965162e79 (by /u/oldsmuggler)

Offline Opsec Guidelines for Vendors: /post/5957f7ce9403e1f9dd67 (by /u/Pygmalion)

Secure connection quiz /post/1d9637e082cf725b1443/#c-a51f4efebad94ffc9c (by /u/just_no)[/b]

User/Vendor Instant Messaging(IM) Opsec Mistakes You Are Making and You Probably Didn't Even Know (2020 updated) + Suggestions (by /u/titan-xmpp)

/d/vendor_handbook

Comments (40)
/u/just_no mercy for bad OpSec · 5 votes · 3 months ago (Pinned post) · Link

Social media anonymity and phone OpSec (part 1): /post/2a4f140e1659c07ee264 (by /u/smalltowndreams)

Social media anonymity and phone OpSec (part 2): /post/731d95d51988a42c8ea9 (by /u/smalltowndreams)

IRL OpSec: Local Security, InfoSec, and You!! : /post/36900f6bb5c3be85234d (by /u/CollaredGreens)

How to deal with OpSec mistakes: /post/7421d8daf3cdd332de6c (by /u/elcamino)

Real Life Opsec / Streetsmarts & Tradecraft and RL deniable Communication: /post/37db7e8a660965162e79 (by /u/oldsmuggler)

Offline Opsec Guidelines for Vendors: /post/5957f7ce9403e1f9dd67 (by /u/Pygmalion)

Step By Step Guide: How To Remove Exif/Metadata From Your Picture: /post/998f8e87e903409c1244 (by /u//u/EmpBomb)

I would also add /d/vendor_handbook to this post as well. Lots of resources for vendor OpSec.

Although this is technically not an OpSec guide, I would reference the quiz I made for Kilos about secure communication channels. Its a common question and that short quiz covers the differences between the most popular platforms. By the end of it the user should know which platform is right for them and what the risks are. The are also sources at the bottom for reference.

/u/CocaineBrain 智 愛 ☮ Mod ☮ 愛 智 OP · 1 votes · 3 months ago · Link

geez talk about helpin out!!! Thanks for this list, take some upvotes

/u/just_no mercy for bad OpSec · 2 votes · 3 months ago · Link

Already had them saved. This was a great idea to put everything in one place and I am happy to contribute. Although I would not mind having a flair here =)

/u/CocaineBrain 智 愛 ☮ Mod ☮ 愛 智 OP · 1 votes · 3 months ago · Link

what flair did you want amigo

/u/just_no mercy for bad OpSec · 2 votes · 3 months ago · Link

You can pick it. All my flairs are different but I try to help people out as much as I can on here. If Witchman is a gold star boy then maybe I can be the helpful OpSec fairy or something along those lines. Comedy is a plus, but not essential

/u/CocaineBrain 智 愛 ☮ Mod ☮ 愛 智 OP · 2 votes · 3 months ago · Link

ok got one, it's a play on your username I thought it fitting for this sub

/u/[deleted] · 3 votes · 3 months ago · Link

Very useful! Thanks. /u/CocaineBrain /u/just_no

/u/CocaineBrain 智 愛 ☮ Mod ☮ 愛 智 OP · 2 votes · 3 months ago · Link

Glad to help :) if you'd like to help contribute tag me on any good OpSec guides you come across

/u/just_no mercy for bad OpSec · 2 votes · 3 months ago · Link

[removed]

/u/silentsound · 2 votes · 3 months ago · Link

I'll see what I can do. =)

/u/just_no mercy for bad OpSec · 1 votes · 3 months ago · Link

Its been beaten to death in the past but like he says the search function is broken. If you could unearth one then that would be good. If not then a new post might be in order just to add to this list.

/u/silentsound · 2 votes · 3 months ago · Link

I'm adding it to my subdread /d/ChangeMyMind as a shameless plug for myself. =P I'll crosspost here if I can, if not I'll just reply with a link to it or something. You're right about the efficacy of the search function though, I actually just typed it out rather than trying to find the stuff I've already typed out several times, lol.

Edit: Literally just typed it out and posted it. Everybody double check to make sure nothing is amiss. I'll try to find what sources I can for the information I used to create it, but that's what I have from memory. =)

sHoULD i UsE a vPn wiTh tOr ??

/u/just_no mercy for bad OpSec · 1 votes · 3 months ago · Link

That looks really good. I will be linking to this whenever somebody asks the question again. Thank you for putting in all of that effort.

/u/silentsound · 1 votes · 3 months ago · Link

No problem, I'm personally tired of the misinformation on the topic and will end up saving myself a ton of time as well. =)

Edit: @ /u/CocaineBrain, feel free to add that link to your main post as well to make it easier to be found.

/u/just_no mercy for bad OpSec · 1 votes · 3 months ago · Link

Saving posts and going through my own comments has saved a lot of time. I can not tell you how often I have answered somebody's question only to have a different person ask the same thing 5 minutes later. Sending a link is way easier than repeating yourself and it helps me keep my sanity.

This was a great idea from /u/CocaineBrain

/u/silentsound · 1 votes · 3 months ago · Link

Agreed. Absolutely deserves a sticky. Maybe even a link to the DNM bible in there as well @/u/CocaineBrain?

/u/just_no mercy for bad OpSec · 1 votes · 3 months ago · Link

There is also 3 other stickied posts that this one could easily replace. I hate when subdreads have more than 3 posts stickied at the top. It pushes new content too far down the page and things don't get seen.

/u/Kirby2005 · 2 votes · 3 months ago · Link

Absolutely cracking post I must say. Thank you very much for this. Excellent.

/u/th1rst · 1 votes · 3 months ago · Link

nice material Brain. Preciate

/u/HeadJanitor Moderator · 1 votes · 3 months ago · Link

This is my cup of tea. Awesome post.

/u/Pygmalion · 1 votes · 3 months ago · Link

Feel free to use /d/vendor_handbook as place to put things like this for vending opsec stuff.

So far it's mostly been me writing stuff, but I cannot do it alone. :)

I'll crosspost this post there.

Sincerely,

Pygmalion

/u/CocaineBrain 智 愛 ☮ Mod ☮ 愛 智 OP · 1 votes · 3 months ago · Link

I have the link for that sub listed at the bottom, thanks though!

/u/asfaleia · 1 votes · 3 months ago · Link

Excellent collection of Good Practice. Would you mind mentioning that this is the collection of Good Practice guides rather than OpSec itself? People tend to believe that if they follow a guide that they have an OpSec and they are safe, which is of course not truth.

Good practices come into play usually in the 4th step of the OpSec cycle, once it is clear what is needed to be protected, from whom, what are the vulnerabilities....is well defined. Most people don't have the first 3 steps in place at all and jumping directly to the step 4, like a blind man, which is a perfect recipe for disaster we read about almost every day.

/u/CocaineBrain 智 愛 ☮ Mod ☮ 愛 智 OP · 1 votes · 3 months ago · Link

link me to it

/u/onlinenight · 1 votes · 3 months ago · Link

amazing resources

/u/titan-xmpp · 1 votes · 3 months ago · Link

I'd like to offer my guide when it comes to communication/instant messaging imo its one of the soundest advices relating to opsec. /post/ee892979ec085226e862

TITAN-XMPP

/u/locabuena · 1 votes · 3 months ago · Link

holy crap thanks. and I thought I had this shit down LOL...not

/u/de4ef7dff98 · 1 votes · 3 months ago · Link

thank you

/u/CollaredGreens · 1 votes · 2 months ago · Link

I know it's kind of dumb but I'm reasonably proud to be on this list.

/u/Olympus · 1 votes · 2 months ago · Link

That's what I call a quality post right here! +1!!!!!

/u/Xorpio · 1 votes · 2 months ago · Link

This is sick af reading thank you guys for your time!

/u/mastubertyuio · 1 votes · 1 month ago · Link

Super very useful things!!!

respect

/u/shark99 · 1 votes · 1 month ago · Link

Thanks for helping out the community mate!!

/u/TheThirdTower · 1 votes · 1 month ago · Link

This is the direct link for The Hitchhiker’s Guide to Online Anonymity.

It's a great and updated to 2021 guide that covers the most important concepts regarding Anonymity and Privacy Online. I think it's a great start point for everyone who wants a very strong OpSec.

It has been very useful for me.

https://anonymousplanet.org/

/u/BigKidEgo · 1 votes · 1 month ago · Link

Thanks, appreciate it!

/u/jpdash2520 · 1 votes · 1 month ago · Link

Crazy N perfect ..

In 4 Months , I see the community has GONE TO 4.5K PPL FROM 2.2K ...

need SAFETY N balance !!!

/u/jpdash2520 · 1 votes · 1 month ago · Link

also for DD- I guess Wkr is taken by Amazon AWS, Got to switch to Session ID.

/u/yupmangoes · 1 votes · 1 month ago · Link

Legit registered just to say thanks for this guide bro. Good stuff here for a total noob like me.

/u/alibabaexpress · 1 votes · 3 weeks ago · Link

thanks mate for sharing.

/u/KylaBells · 1 votes · 2 weeks ago · Link

Very useful