Hacklog Volume 1 Anonymity: it security & Ethical Hacking Handbook



Download 2,32 Mb.
Pdf ko'rish
bet52/57
Sana01.01.2022
Hajmi2,32 Mb.
#289651
1   ...   49   50   51   52   53   54   55   56   57
Bog'liq
Hacklog Volume 1 Anonymity IT Security Ethical Hacking Handbook

10.3 Pentest Distros
Probably,  you  already  know  the  pentest-grade  Linux  distros:  if  not,
Pentesting  is  an  abbreviation  for  Penetration  Testing,  a  branch  of  IT  Security.
Penetration  Testing  implies  the  assessment  of  the  overall  security  of  an  IT
structure  and  the  surrounding  environment:  network,  Operating  System,
programs and so on.
In  years,  Linux  community  have  shown  some  interest  in  this  ecosystem,
developing  distros  with  pre-configured  applications  to  accelerate  the  testing
operations,  provide  standardized  environments  and  gather  users  with  the  same
interests  under  a  single  spotlight.  We  will  explore  and  use  them  in  the  next
Hacklog  volumes,  when  we  will  cover  the  cyber  attacks;  for  now  we  will  only
provide a list:
-
Kali Linux, based on Debian (
https://www.kali.org
)
-
Backbox, based on Ubuntu (
https://backbox.org
)
-
Parrot Security OS, based on Debian (
https://www.parrotsec.org
)
-
DEFT, based on Debian (
http://www.deftlinux.net/it/
)
-
Pentoo, based on Gentoo (
http://www.pentoo.ch
)
-
NST, based on Fedora (
http://networksecuritytoolkit.org/nst/index.html
)
-
BlackArch, based on Arch Linux (
https://blackarch.org
)
-
Fedora
Security
Lab,
based
on
Fedora


(
https://labs.fedoraproject.org/it/security/
)
-
Cyborg Hawk Linux, based on Ubuntu (
http://cyborg.ztrela.com
)
-
WeakerThan, based on Ubuntu (
http://www.weaknetlabs.com
)
-
Samurai
Web
Testing
Framework,
based
on
Ubuntu
(
http://samurai.inguardians.com
)
-
Bugtraq (
http://bugtraq-team.com
)
-
Knoppix (
http://www.knoppix.org
)


11. Online Identity
Now  we  have  all  the  tools  and  the  competencies  needed  to  navigate  in
anonymity  –  please  note  that  I  wrote  navigate,  and  not  interact!  The  mere
presence of TOR or any other technology in between doesn’t mean you’re totally
safe; conversely, this sense of protection may be a double-edged sword for your
real identity.
11.1 NEVER combine your identities
Regardless  of  the  tasks  you  want  to  perform  –  whether  in  clearnet  or
deepweb  –  you  must  be  able  to  separate  your  activities  to  avoid  making
connections  and  creating  a  fingerprint  (is  this  term  familiar?)  of  your  identity.
Leaving  traces  of  your  activities  –  email,  bitcoin  addresses,  names,  locations,
etc.  –  allows  to  create  a  more  detailed  profile  of  the  person  of  interest.  In  case
someone  manages  to  merge  your  two  identities,  they  could  double  their
information about you.
Let’s get back to Ross Ulbricht, the late Silk Road admin, a portal that once
allowed him – as well as many other people – to earn hundreds of thousands of
dollars in the illicit market. Do you know how he got caught? When Silk Road
was not famous yet, Ross was the first one asking across the clearnet if anybody
knew that market – as you know, people do that to spam their websites. Together
with  other  evidence,  that  episode  pointed  to  Ross  Ulbricht’s  identity  (and
consequently to other gang members).
11.2 NEVER use the same data
Even  children  know  that  a  password  should  never  contain  your  data  (birth
date,  full  name,  location,  etc.);  you  should  instead  use  random  alpha-numeric
characters, numbers, special  symbols and any  other random input.  You can use
different programs, like
KeePassX
(integrated in Tails), LastPass, 1Password and
others,  to  generate  new  passwords  as  well  as  store  them  with  a  master-key  to
unlock them all.
Due to security reasons, NEVER use a single keyring to store the passwords
for your “normal” activities and those for the “alternate” ones altogether. As we
mentioned  above,  you  should  never  combine  your  identities!  Besides  the  cases


where you would expose yourself consciously, you must also consider the traces
you leave behind unknowingly:
-
IP addresses
-
Passwords
-
Birth Date
-
Billing Information
-
Addresses and Locations
-
Pictures and Similar Avatars
-
Similar Contact Addresses
-
     
...  anything  that  could  point  to  you  or  even  to  your  second/third/fourth
identity and so on...
11.3 Watch Out for your Habits
If  you  often  use  some  sayings,  a  particular  dialect  or  Write  Like  This  or
make noticeable or repeated spelling errors, to the point that they could identify
you with no doubt... do something about that!
Probably,  you’ve  already  been  told  about  these  “peculiarities”;  if  you  are
Download 2,32 Mb.

Do'stlaringiz bilan baham:
1   ...   49   50   51   52   53   54   55   56   57




Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling

kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha


yuklab olish