AtomShards Posted February 20, 2018 Share Posted February 20, 2018 (edited) i am setting up a computer dedicated as a learning resource and tool. People get caught out by stating without security from the beginning. There are also setting in tor that secure you even further but im not sure on what that is, i remember hearing about it in a defcon video. But basically this post is just asking how i can keep myself safe on the dark web and learning and using these resources to work my way into becoming an intelligence worker for my county. All help is greatly appreciated. Thank you Edited February 20, 2018 by AtomShards Quote Link to comment Share on other sites More sharing options...
digininja Posted February 20, 2018 Share Posted February 20, 2018 Probably your best option is to use Tails, it will do all the setup for you. Their site also has documentation on getting you started. Just remember that no solution is perfect so never assume what you are doing is completely private, it all depends on the resources of your adversary. 1 Quote Link to comment Share on other sites More sharing options...
The Power Company Posted February 20, 2018 Share Posted February 20, 2018 Keep in mind that your ISP and potentially others monitoring your network can detect VPN traffic and/or traffic going into the Tor network. They simply cannot trace what you are doing when you are in there. Using a live OS such as tails can prevent them from, say, remotely installing a keylogger or screencap software, since changes between sessions are not saved. If you do use a permanent installation, be sure to keep everything updated to the latest versions to prevent getting Equifaxed (old vulnerabilities biting your ass). Quote Link to comment Share on other sites More sharing options...
digininja Posted February 20, 2018 Share Posted February 20, 2018 Just to be pedantic, a live OS wouldn't stop stuff being installed but would stop persistence over reboots. Quote Link to comment Share on other sites More sharing options...
AtomShards Posted February 22, 2018 Author Share Posted February 22, 2018 On 20/02/2018 at 6:20 PM, digininja said: Probably your best option is to use Tails, it will do all the setup for you. Their site also has documentation on getting you started. Just remember that no solution is perfect so never assume what you are doing is completely private, it all depends on the resources of your adversary. I've heard or Tails before but i like how kali has all the tools i need preinstalled Quote Link to comment Share on other sites More sharing options...
digininja Posted February 22, 2018 Share Posted February 22, 2018 You asked about staying secure which is what Tails will help you with, what is it in Kali that you want? Quote Link to comment Share on other sites More sharing options...
AtomShards Posted February 22, 2018 Author Share Posted February 22, 2018 12 minutes ago, digininja said: You asked about staying secure which is what Tails will help you with, what is it in Kali that you want? The pen testing tools and the terminal Quote Link to comment Share on other sites More sharing options...
digininja Posted February 22, 2018 Share Posted February 22, 2018 So you aren't really asking about staying safe online you are asking about how to use tools without getting caught. Two very different things. Quote Link to comment Share on other sites More sharing options...
AtomShards Posted February 22, 2018 Author Share Posted February 22, 2018 14 minutes ago, digininja said: So you aren't really asking about staying safe online you are asking about how to use tools without getting caught. Two very different things. No its for my safety not being caught. Im wanting to get into the pentesting feild and work my way into my countries military intelligence. Quote Link to comment Share on other sites More sharing options...
digininja Posted February 22, 2018 Share Posted February 22, 2018 What type of safety? Who are you planning to run your tools against? Quote Link to comment Share on other sites More sharing options...
AtomShards Posted February 22, 2018 Author Share Posted February 22, 2018 16 minutes ago, digininja said: What type of safety? Who are you planning to run your tools against? Websights like bandit.com and hack me and all those but its surfing the deep web in hacking sections that im concerned about Quote Link to comment Share on other sites More sharing options...
digininja Posted February 22, 2018 Share Posted February 22, 2018 What are you concerned about? What are you trying to guard against? Quote Link to comment Share on other sites More sharing options...
The Power Company Posted February 22, 2018 Share Posted February 22, 2018 At the base level, there is no danger in browsing the deep web or dark web (even to websites that claim to be run by hackers) as long as you don't download any files. If you plan on downloading files and running software then running a Linux virtual machine or a live OS is safer, since most malware is written for Windows. If you want to learn how to "hack", there are better places to start then random forums on the deep web. I'd start with, say, random forums on the clear web (such as this one, the Kali forums, etc). Maybe read a book or two. Quote Link to comment Share on other sites More sharing options...
AtomShards Posted February 23, 2018 Author Share Posted February 23, 2018 15 hours ago, digininja said: What are you concerned about? What are you trying to guard against? Im just wanting to learn then get into the workforce with it Quote Link to comment Share on other sites More sharing options...
AtomShards Posted February 23, 2018 Author Share Posted February 23, 2018 6 hours ago, The Power Company said: At the base level, there is no danger in browsing the deep web or dark web (even to websites that claim to be run by hackers) as long as you don't download any files. If you plan on downloading files and running software then running a Linux virtual machine or a live OS is safer, since most malware is written for Windows. If you want to learn how to "hack", there are better places to start then random forums on the deep web. I'd start with, say, random forums on the clear web (such as this one, the Kali forums, etc). Maybe read a book or two. Yeah ive ordered rtfm i think is whats it is. Red team feild manual. And im going to be reading the book kali linux published Quote Link to comment Share on other sites More sharing options...
digininja Posted February 23, 2018 Share Posted February 23, 2018 5 hours ago, AtomShards said: Im just wanting to learn then get into the workforce with it That isn't an answer to the question. Are you worried about getting malware on your machine, being watched by your ISP, being attacked back if you attack someone else, getting caught doing something illegal? An important skill in the security industry is being able to define threats and risks. Who or what is a threat to you, what is the risk from the threat? During the period when the guys from Anonymous were getting arrested, we got a lot of people asking how they could hide from the NSA as they saw them as a threat. The reality for the vast majority of them was that the NSA is absolutely no risk to them as all they were doing was the odd bit of piracy and surfing porn that they didn't want their parents to know about. Those two activities warrant completely different defenses to defending against the NSA. If you want to learn and stay "safe", stay local. Build yourself a lab with vulnerable apps like DVWA, Metasploitable and other similar machines. You can also build your own machines, get old Linux distros and install known vulnerable apps. You'll learn a lot more doing all this than just randomly throwing tools against stuff online. You don't need to do trawling dodgy sites, all the info you need is available through legitimate sources. Use the same commonsense that you would use doing anything online and you'll be fine, browse shady websites and download random stuff from untrusted sources then you'll get screwed. 2 Quote Link to comment Share on other sites More sharing options...
Anthony Furt Posted March 3, 2018 Share Posted March 3, 2018 Hi, I want to use the Pineapple in an defensive mode, and as well it works like a regular router, for example: - To detect another Pineapple working in Rogue AP mode. - Can open ports. - MAC filter. - VPN. - ... Do you pls know whats firmware like OpenWRT or another like this I could use? Thank you, Quote Link to comment Share on other sites More sharing options...
digininja Posted March 3, 2018 Share Posted March 3, 2018 Please don't hijack other people's threads, create your own. Quote Link to comment Share on other sites More sharing options...
Anthony Furt Posted March 5, 2018 Share Posted March 5, 2018 I'm sorry I create a new Post, I didn't know Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.