Creating a safe box

Tanita1 · January 4, 2019, 11:09am

Hi gentleman

I have been playing with linux for a little time (still a newbi) I have a rough understanding how to use it a little kind of.

I would like to get into pentesting and learn some programming and to keep me and my box safe as I can.

I would like some one to advise what’s the best way to setting up my disposable laptop.

I dont want no one to see what I’m doing ISP or any one else. Not doing nothing bad but I think I should still have privacy.

Laptop: linux os (encrypted as installed)
Usb: Tails (have prisistnce for coin and keychain)
wifi adapter: alfa-NH I think need to check black one anyway.

Now I need to configure so I’m a little anonymous
What do you guys suggest

Senicar · January 4, 2019, 3:54pm

Tails is a good tool to aid anonymity but another thing you need to consider is modifying your behavior to maintain anonymity. This really depends on who you’re trying to be anonymous from, you can’t be anonymous to everybody. Your ISP will still be able to see non-tor traffic, they will know you’re using Tor, they will know when you’re using tor, and tor exit nodes will know where you’re going and when.

For example, I use tor a lot at work to grab fresh IPs for various reasons (with authorization of course). I don’t care if tor exit nodes know I’m going to $target site, and I don’t care if using tor puts me on a list where the NSA will detect which episode of The Office I’m watching tonight through the clearweb. I only care to not get IP banned by $target.

Tails is a great tool but you need to think about who you’re hiding from and why and modify your behavior appropriately.
Check this talk out: https://www.youtube.com/watch?v=7G1LjQSYM5Q

Tanita1 · January 4, 2019, 9:56pm

First thing is thanks for the reply top man even that you could be a women no discrimination.

I’ve been playing with kali and tails and done a little research on ospec think that’s what’s It called.
The browsing side of things when I’m just researching things plus communication tools as IRC and logging into forums. I am thinking of using tails on USB at the moment will have to run internet of tethering this will just be for learning but I still dont want ISP or any one know what I’m looking at main thing would be ISP any one else suppose dont matter.

Now if I use tor and tor bridge in tails does that hide I’m using tor?
I have installed proxychains before that ran through tor (I think) but I could not accesse onion. Sites proxy chains are not encripted neither?
Should I use VPN with tails vpn+tor ISP will only see VPN but the only thing would be the exit node wont be encripted?
What would you or others suggest.

pry0cc · January 4, 2019, 11:26pm

@senicar is 100% correct. Data correlation is HUGE.

Really, the only way to be truly hidden is to use a box very far away from your house, and use a high beam antenna to connect to free wifi somewhere. Then use Tor. And randomise the mac address of the wireless adapter.

Even then, you need to ensure your phone is turned off, and that your vehicle isn’t picked up by ANPR or cameras on the way to and from your hideout location, and you need a good alibi.

Really, there is no full proof way to do this. Ride a bike, in all black, at 3am, and hope nobody spots you, so you can travel to your secret hideout location, do your sketchy hacking stuff, and then ride home, removing all trace of yourself at the hideout location.

Sounds kind of unrealistic right? This is the kind of lengths the likes of the Shadow Brokers will have had to go to get away with what they have for so long. The other facet to this, is that you’ll need to rotate locations, and then make sure they’re truly random, because then they have a better chance of narrowing it down to you.

The way I look at it, you’re at a massive disadvantage doing anything sketchy. So is it really worth the effort? When you can be whitehat, legit, and still get paid good money; and sleep soundly at night not worrying that law enforcement is going to raid your house at 4am.

Many criminals have huge ego issues, and they think they’ll never get caught, and that usually is what leads them to getting caught, taking risks and bragging.

Tanita1 · January 5, 2019, 12:56am

Thank you for your knowledge

Lol do I sound sketchy.

The world is a place with not much privacy, it’s not that I’m looking to do anything sketchy as you put it just I think I should be able to do things in private not having some one spy on me and have access to all my traits then try to exploit them that’s just not nice.
I look at some things on the net then every where I visit they trying to sale it to me that’s just something little.
Just want to have a Tommy tank when I want with out some one knowing.
Can you explain the the process of doing this I have many houses in many places due to inheritance lol
I have a flat down the road (mile away) from my house so if I had a box in there and I’m at my gf place how would this work.
Laptop
Tails
Wifi adapter (let’s say I have high beam)
I would first need to know the IP address of my box .
I could just see what my box is but that would be boring, how can I find it from my gf place how will I know it’s my box dont wanna get into trouble I give my selfe permission.

And if i get good at this why would i do sketchy things if i could get paid good coin and not end up some where I dont want to be.
I think certain things should be free and private water should be free and private when I decide where and when and with whom to drink with unless I want to share with every one just saying

Tanita1 · January 5, 2019, 1:44am

Thanks to all the replys so far

Box
Laptop not sure if specs are needed but sure I could be identified? Lol but if would help I can list

Tails or kali can I configure kali to be as tight as tails?
Should I use a vm on my linux OS would this have any benefits apart from the little I have read about no virus due to sand box?
How do you guys have your set up.
I have also encrypted the hard drive on install.
Now if an attacker is trying to gain access to my box they will enter through a port? Is it the fire wall that controls the permissions and access of them ports?
With out the fire wall are all ports just open?

Sorry guys for all the questions just a little excited as we get (number 5) still crawling but wanna run I know it takes time.

pry0cc · January 5, 2019, 11:26am

If you’re just trying to avoid ads, use ublock origin

Tanita1 · January 5, 2019, 12:39pm

Hey dude

Lol I’m not just trying to block ads I just want to be able to use my box with out being tracked and any one seeing what I’m doing.

Does not mean sketchy lol

Means i like my privacy specially when I’m not doing anything wrong.

And I like to play I’m a little fascinated how I can achieve this and other things.

A few years ago I set up a little network in my house one box that connected to internet and the other 2 boxes would go through that to gain internet access I was so proud but fun

Gf though how boring she would prefer if all my devices would just break.

I have a old skool mentor but not a lot of time to spend teaching me.
I find it easier to be showed or told in a good format for me to understand.
When I’m learning from books and the net have to read the dam things over and over again my brain has a Pentium not a i7 so a little slow and frustrating. I’m not dumb by the way lol

pry0cc · January 5, 2019, 12:51pm

What is your threat model?

Advertisers? Or nation states?

Tanita1 · January 5, 2019, 1:02pm

Ok guys think I understand.

So if my box connected to a far away one, that connects to the internet. They could trace back to the box connected to internet.
Then they would see what devices are connected to that?
Would they then be able to get my IP of my laptop? If so and laptop would be binned the only thing they would know would be where I’m coming from?

Tanita1 · January 5, 2019, 1:12pm

Me personally has no threat level.

I’m trying to get into the security side of things so it’s good to put your selfe in the boots of the guys you are fighting against how they work then maybe try to combat that.

So let’s say I’m a cyber crim (should cover most things) not an activist or any think that would be a menis to govs.

I think if your threat level is n state dont use a computer to much and think that would be a whole different ball game

pry0cc · January 5, 2019, 2:10pm

Who are you trying to hide from?

Tanita1 · January 6, 2019, 1:34am

I’m wanting to hide from my big brother he has a wonderful job as a law guy.

I think I’m understanding a little more it all depends on what I’m doing so imagine I was some out law wanting to gain access to boxes to gather information maybe own the box and maybe research a darker place.

Want to understand how these guys mind set is and how they go about things, because then all can learn then maybe prepare a little better for an attack

Tanita1 · January 6, 2019, 2:43am

Hey guys

I’m going to do a fresh install and would like you guys assistance.

Lenovo think pad x201
Intel i5
Kali linux

Encryption on install and created a user with root privilege.

Done update and sorted the repos out

I also install lazzy dont slate me just a little easy to enable some thing instead on typing (views are welcome) I can type the command lol

Tor
Waterfox

Have not configured nothing yet suppose in browser https every where and no scripts will I have to disable java or is it automatically disable sorry guys I’ll have a read.

So far what you guys think

system · January 9, 2019, 2:43am

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.