Author Topic: Guide to Anonymity, Security and Anti-Forensics  (Read 26381 times)

0 Members and 2 Guests are viewing this topic.

Offline rapture

  • /dev/null
  • *
  • Posts: 13
  • Cookies: 12
    • View Profile
    • Affliction X - Hacking and Security Underground
Guide to Anonymity, Security and Anti-Forensics
« on: February 03, 2013, 01:14:36 pm »
I haven't seen some anonymity tutorials out there except the sticky, so I decided to create an updated guide for newbies out there. I'm not an expert on this field, but I want to share my knowledge to the other members.


Guide to Anonymity, Security and Anti-Forensics


So, you want to be secure and anonymous online, prevent threats and leave no traces? well, this is a comprehensive guide to anonymity and security on your computer and when surfing the internet. Alongside with the other tutorials, this one is effective, and I will try to keep it understandable. Please continue reading and I hope you might find this useful.


Online Anonymity
Hiding online identity and anonymity is essential; because it prevents you from getting traced or tracked down.


Proxies
Proxies are used mainly for security purposes and IP Address, it may be also used to speed up the loading of resources by caching, bypass parental controls and open blocked sites.


Proxy address switcher:
http://www.eliteproxyswitcher.com/EPS_setup.exe


Free working proxy server list (Updated realtime):
http://hidemyass.com/proxy-list/


Web Proxies
Web Proxies are services that provides proxy access using a website, the function is, when you request a webpage, the server will contact the website indirectly and will server the resource to your web browser.


Free Web Proxies:
http://zfreez.com/
http://vtunnel.com/
http://zendproxy.com/
http://4freeproxy.com/
http://boomproxy.com/
http://www.webproxy.ca/
http://webproxy.stealthy.co/
http://kproxy.com/
http://anonymouse.org/


VPNs
VPNs are similar to proxies, it hides your IP address but the advantage is, it encrypts your traffic so that it would not be intercepted by data sniffing tools, it is useful for public wifi hotspots and for home/office use.


Free VPNs:
Spotflux - http://spotflux.com/
HotSpotShield - http://hotspotshield.com/


Paid VPNs:
ExpressVPN - http://expressvpn.com/
HotSpotShield Elite - http://hsselite.com/




User-Agent Switcher
Spoofs and mimics a user-agent to hide the browsers' identification.
Chrome - https://chrome.google.com/webstore/detail/user-agent-switcher-for-c/djflhoibgkdhkhhcedjiklpkjnoahfmg
Firefox - https://addons.mozilla.org/en-US/firefox/addon/user-agent-switcher/


IPFuck/IPFlood
Used for hiding IP address by using multiple proxies simultaneously, which obfuscates the user's IP address.
Chrome - https://chrome.google.com/webstore/detail/ipfuck/bjgmbpodpcgmnpfjmigcckcjfldcicnd
Firefox - https://addons.mozilla.org/en-us/firefox/addon/ipflood/


Security
Getting secured and safe while on the computer is very important, and also the pattern of getting infected is not that pathetic, atleast you can prevent it by following different measures.


Disk Encryption
Disk encryption is a way of encrypting HDD so that the private files won't be breached,
the data won't be readable due to protection; and cannot be decrypted easily without authorization.


TrueCrypt Disk Encryption Software:
http://www.truecrypt.org


Antivirus, AntiMalware, AntiKeyloggers and Firewalls
Antiviruses and Antimalware are a great boon these days, it protects your computer against viruses and other malicious software.


Free Antivirus:
http://avast.com/


Free AntiMalwares:
http://malwarebytes.org/
http://superantispyware.com/


Free Virus Removal Tools:
http://www.softpedia.com/get/Antivirus/Kaspersky-Virus-Removal-Tool.shtml
http://www.bitdefender.com/free-virus-removal/
http://www.microsoft.com/security/pc-security/malware-removal.aspx


Free Antikeylogger:
http://www.aplin.com.au/neos-safekeys-v3...s-v3-works
http://networkintercept.com/vrkeyboard.html


Free Firewall:
http://personalfirewall.comodo.com/
http://www.zonealarm.com/security/en-us/zonealarm-pc-security-free-firewall.htm
Windows Firewall (Windows XP/7 built-in)


Paid AVs and AMs:
http://kaspersky.com/
http://bitdefender.com/

Online Malware-scanning tools:
http://camas.comodo.com/
http://virustotal.com/
https://mwanalysis.org/
http://anubis.iseclab.org/
http://bleepingcomputer.com/startups/
http://malwr.com/
http://minotauranalysis.com/
http://onlinescan.avast.com/
http://www.isthisfilesafe.com/
http://online.us.drweb.com/
http://vxvault.siri-urz.net/ViriList.php


Anti-Forensics
Anti-forensics, is basically a method to make it hard to recover data, secure deletion and system wiping to stay out of privacy and security breaches.


Anti-forensic tools
CCleaner - http://piriform.com/
CCleaner can clear browsing history/cache/cookies, temporary system files, windows log files, DNS cache, IIS log and other files.

BCWipe - http://www.jetico.com/wiping-bcwipe/
BCWipe uses military-grade procedures to remove any traces of file, BCWipe complies with U.S. Department of Defense (DoD 5220.22-M), U.S. Department of Energy (DoE M 205.1-2) and other deletion standards.

BleachBit - http://bleachbit.sourceforge.net/
BleachBit quickly frees disk space and tirelessly guards your privacy. Free cache, delete cookies, clear Internet history, shred temporary files, delete logs, and discard junk you didn't know was there.

Eraser - http://eraser.heidi.ie/
Eraser is an advanced security tool for Windows which allows you to completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.


Windows Anti-Forensics Guide
[1.2 GB, 3hrs and 7 mins] - DL VID | PDF DL
Youtube: http://www.youtube.com/watch?v=YxlSqvIpq5w
More: http://www.irongeek.com/i.php?page=security/windows-forensics-registry-and-file-system-spots

Check your anonymity online
https://panopticlick.eff.org/index.php
http://browserspy.dk/headers.php
http://stayinvisible.com/


Anonymity Tips
1. Do not post private information in the web, including your address, birthdate and contact info, including on your registration details, if the authorities found one, they will use it to track you.
2. Do not engange private activities while on public places, other people might see you.
3. Always use anonymity tools so your IP address is masked, if in case they found it out, the IP is fake.
4. Do not brag or talk about hacking, obviously, if you brag/talk about it with your friends, they might report you to the police.
5. Hide your files in an encrypted container, encrypting data on the USB is better.
6. Always use SSL when its available; it encrypts your details so that it would be safe.
7. Use SSH (Secure Shell) when connecting to a remote system, one good example is PuTTy.
8. A quote of the game "Hitman": "Never trust anyone; and rely on your instincts."
9. Try "proxy chaining", or using of multiple proxies.
10. Use a VPN together with a high-anonymity proxy so that there would be an increased privacy advantage.


If you're caught
1. Do not panic, always be calm. never say anything suspicious when the cops are inspecting your computer.
2. If you store your files in a removable drive, hide and take it away off the scene (make sure they wouldn't see).


Written by: Rapture
Website: http://www.afflictionx.com
Other references: http://www.evilzone.org, https://websiteanalystsresource.wordpress.com/2012/08/19/list-of-tools-and-their-use/, IronGeek, Fur, 0poitr


end-notes:
-If you want to copy this guide, leave the author information below.
-It took me several hours to finish this tutorial, a simple thank you and a feedback would be very appreciated.
« Last Edit: February 16, 2013, 04:52:00 am by rapture »

Offline parad0x

  • VIP
  • Royal Highness
  • *
  • Posts: 638
  • Cookies: 118
    • View Profile
Re: Guide to Anonymity, Security and Anti-Forensics
« Reply #1 on: February 03, 2013, 01:20:40 pm »
A very nice tut, must be stickied. I was searching for something like this. Thanks.
And of course, +1.

Offline Silentz

  • Peasant
  • *
  • Posts: 64
  • Cookies: 12
    • View Profile
Re: Guide to Anonymity, Security and Anti-Forensics
« Reply #2 on: February 03, 2013, 01:27:54 pm »
Well done mate. Good post.

Offline proxx

  • Avatarception
  • Global Moderator
  • Titan
  • *
  • Posts: 2803
  • Cookies: 256
  • ФФФ
    • View Profile
Re: Guide to Anonymity, Security and Anti-Forensics
« Reply #3 on: February 03, 2013, 01:37:40 pm »
Nice thread.

Please remove Hidemyass!!
These guys hand over logs without a hazzle!
Wtf where you thinking with that signature? - Phage.
This was another little experiment *evillaughter - Proxx.
Evilception... - Phage

Offline rapture

  • /dev/null
  • *
  • Posts: 13
  • Cookies: 12
    • View Profile
    • Affliction X - Hacking and Security Underground
Re: Guide to Anonymity, Security and Anti-Forensics
« Reply #4 on: February 03, 2013, 01:39:39 pm »
Thanks for the kind words guys  ;D, I would post more self-written tutorials when I'm not busy.

@proxx Okay, I guess I would remove the web proxy only, because the proxies are from third-party.

Offline rasenove

  • Baron
  • ****
  • Posts: 950
  • Cookies: 53
  • ಠ_ಠ
    • View Profile
Re: Guide to Anonymity, Security and Anti-Forensics
« Reply #5 on: February 03, 2013, 01:50:34 pm »
Nice thread.

Please remove Hidemyass!!
These guys hand over logs without a hazzle!

Yeah , they give away our asses to ass fuckers, insted of hiding it.

Quote
-It took me several hours to finish this tutorial, a
simple thank you and a feedback would be very
appreciated.

i like the way you
organise your texts, its very nice to see members working hard to serve this forum. And +1
My secrets have secrets...

Offline Uriah

  • Sir
  • ***
  • Posts: 454
  • Cookies: 42
  • άξονας
    • View Profile
Re: Guide to Anonymity, Security and Anti-Forensics
« Reply #6 on: February 03, 2013, 11:54:42 pm »
+1 for a nice, thorough guide. Thank you for the included resources as well. :)

Mike245

  • Guest
Re: Guide to Anonymity, Security and Anti-Forensics
« Reply #7 on: February 04, 2013, 02:03:32 am »
Definitely a good guide for anonymity!

Offline kenjoe41

  • Symphorophiliac Programmer
  • Administrator
  • Baron
  • *
  • Posts: 990
  • Cookies: 224
    • View Profile
Re: Guide to Anonymity, Security and Anti-Forensics
« Reply #8 on: February 04, 2013, 01:46:57 pm »
great post mate. am sure though other guys could contribute more to this post so that everything is in one place.

[Q] can someone talk more on securing and obfuscating app data. i mean what the other applications send out to the internet rather than the browser.
If you can't explain it to a 6 year old, you don't understand it yourself.
http://upload.alpha.evilzone.org/index.php?page=img&img=GwkGGneGR7Pl222zVGmNTjerkhkYNGtBuiYXkpyNv4ScOAWQu0-Y8[<NgGw/hsq]>EvbQrOrousk[/img]

Offline jonneburger

  • Peasant
  • *
  • Posts: 89
  • Cookies: -14
  • M'hacker
    • View Profile
Re: Guide to Anonymity, Security and Anti-Forensics
« Reply #9 on: February 04, 2013, 05:21:45 pm »
good tut. but i must ask, why so windows. linux users would enjoy this too

Offline rapture

  • /dev/null
  • *
  • Posts: 13
  • Cookies: 12
    • View Profile
    • Affliction X - Hacking and Security Underground
Re: Guide to Anonymity, Security and Anti-Forensics
« Reply #10 on: February 10, 2013, 07:14:30 am »
Thanks again for the nice feedback guys, enjoy my guide :)

good tut. but i must ask, why so windows. linux users would enjoy this too

Sorry, I'm not familiar with Linux much that's why I didn't included it.

Offline yize

  • NULL
  • Posts: 2
  • Cookies: 0
    • View Profile
Re: Guide to Anonymity, Security and Anti-Forensics
« Reply #11 on: February 11, 2013, 06:11:08 am »
Thanks for the kind words guys  ;D , I would post more self-written tutorials when I'm not busy.

@proxx Okay, I guess I would remove the web proxy only, because the proxies are from third-party.

You wrote this yourself? This very useful for me. Thanks.

Offline fonzi

  • /dev/null
  • *
  • Posts: 9
  • Cookies: -2
    • View Profile
Re: Guide to Anonymity, Security and Anti-Forensics
« Reply #12 on: February 11, 2013, 06:20:42 am »
Awesome Tutorial, i just started experimenting with freenet, which is a network of personal nodes that can connect to friends only or the whole network who is usings freenet.
--I do not learn to hack, i hack to learn--

Offline yize

  • NULL
  • Posts: 2
  • Cookies: 0
    • View Profile
Re: Guide to Anonymity, Security and Anti-Forensics
« Reply #13 on: February 11, 2013, 06:55:14 am »
I use elite proxy switcher and ipfuck. I check to http://www.stayinvisible.com/ . It show proxy i use as my Ip. but there is two additional IP wich one of them is my real IP and server. Is it save? or i am still not ivisible? I need strong proxy?
Note:If  I don't use ipfuck, it shows my real IP as only one additional IP.

Offline Fur

  • Knight
  • **
  • Posts: 216
  • Cookies: 34
    • View Profile
Re: Guide to Anonymity, Security and Anti-Forensics
« Reply #14 on: February 11, 2013, 12:04:05 pm »
http://www.irongeek.com/i.php?page=security/windows-forensics-registry-and-file-system-spots

Eraser is a brilliant data disposal tool.
http://eraser.heidi.ie/

BleachBit is so much better than CCleaner.
http://bleachbit.sourceforge.net/

Some of proxies don't really anonymise (is that a word?) you, some include headers that could contain your real IP or at least inform the site you're using a proxy.
http://stackoverflow.com/questions/5421144/php-get-real-ip-proxy-detection


Encryption won't be much help in some countries.
http://en.wikipedia.org/wiki/Key_disclosure_law

Some online AM tools:
Comodo Analysis
VirusTotal
CWSandbox
Anubis
Bleeping Computer Statups
Malwr
Minotaur Analysis
Avast! Online Scan
Is This File Safe?
Dr.Web Online Check
VX Vault
From https://websiteanalystsresource.wordpress.com/2012/08/19/list-of-tools-and-their-use/


I don't trust TrueCrypt.

From Wikipedia:
Quote
If relying on TrueCrypt encryption for life and death matters, it is worth noting that TrueCrypt (or any other software) is only as trustworthy as the people writing and reviewing the code. Also, when using distributed binaries instead of compiling from the source code, a user may be running code that was inserted during packaging and that is not available in the open source repository (possible backdoors, etc.). It is challenging to create binaries from source code that match the official binaries for purposes of verifying their integrity due to compiler options, etc.
The developers of TrueCrypt have been only anonymously referred to on the site as “The TrueCrypt Foundation” since 2010,  though there are potentially good reasons related to privacy why they might have chosen to remain thus.
There has been no known comprehensive review of the source code by a qualified cryptographer. Thorough security code review and testing is hard, tedious, and painstaking work, and very few people have the skills to do it. There was, however, a functional evaluation of the deniability of hidden volumes in an earlier version of TrueCrypt by Schneier et al. that found security leaks.
The "TrueCrypt License" is unique and contains distribution and copyright-liability restrictions.
Various other open source projects including Fedora and the Tails live CD have removed or forbidden TrueCrypt from their distributions due to the closed fashion in which development is performed.

Just remember forensics teams aren't stupid, but nor are they Einstein.
« Last Edit: February 11, 2013, 12:10:03 pm by Fur »