[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-10586":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":10,"languages":10,"totalLinesOfCode":10,"stars":11,"forks":12,"watchers":13,"openIssues":14,"contributorsCount":14,"subscribersCount":14,"size":14,"stars1d":14,"stars7d":15,"stars30d":16,"stars90d":14,"forks30d":14,"starsTrendScore":17,"compositeScore":18,"rankGlobal":10,"rankLanguage":10,"license":19,"archived":20,"fork":20,"defaultBranch":21,"hasWiki":22,"hasPages":20,"topics":23,"createdAt":10,"pushedAt":10,"updatedAt":33,"readmeContent":34,"aiSummary":35,"trendingCount":14,"starSnapshotCount":14,"syncStatus":36,"lastSyncTime":37,"discoverSource":38},10586,"Crypto-OpSec-SelfGuard-RoadMap","OffcierCia\u002FCrypto-OpSec-SelfGuard-RoadMap","OffcierCia","Here we collect and discuss the best DeFi, Blockchain and crypto-related OpSec researches and data terminals - contributions are welcome.","https:\u002F\u002Ft.me\u002Fofficer_cia",null,1775,168,48,0,3,7,1,19.68,"The Unlicense",false,"main",true,[24,25,26,27,28,29,30,31,32],"awesome-list","blockchain","cryptocurrency","curated-list","defi","infosec","knowledge-base","opsec","security","2026-06-12 02:02:23","\n**Here we collect and discuss the best DeFi, Blockchain and crypto-related OpSec researches and data terminals - contributions are welcome.**\n\n**Feel free to submit a pull request, with anything from small fixes to translations, docs or tools you'd like to add.**\n\n- **Disclaimer: All information (tools, links, articles, text, images, etc.) is provided for educational purposes only! All information is also based on data from public sources. You are solely responsible for your actions, not the author** ❗️\n\n[![Support Project](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FSupport-Project-critical)](https:\u002F\u002Fgithub.com\u002FOffcierCia\u002Fsupport\u002Fblob\u002Fmain\u002FREADME.md)\n       [![Mail](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FMail-offcierciapr%40protonmail.com-brightgreen)](mailto:offcierciapr@protonmail.com)\n\n> Note: OpSec is a term coming from the military, meaning operational security. It has been widely used to describe security precautions in various sensible activities, and more recently also in cryptocurrency management. \n\n\n# **Translations:**\n\n- [Portuguese-Brazilian](https:\u002F\u002Fgithub.com\u002FOffcierCia\u002FCrypto-OpSec-SelfGuard-RoadMap\u002Fblob\u002Fmain\u002FTranslationsOpSec\u002FPortuguese.md)\n- [French](https:\u002F\u002Fgithub.com\u002FOffcierCia\u002FCrypto-OpSec-SelfGuard-RoadMap\u002Fblob\u002Fmain\u002FTranslationsOpSec\u002FFrench.md)\n\n# OpSec SelfGuard RoadMap\n\n**Special Thanks:**\n\n- [AnonPlanet](https:\u002F\u002Fanonymousplanet.org)\n\n**| Special Notes:**\n\n- [My Blog on Mirror](https:\u002F\u002Fofficercia.mirror.xyz\u002FUpFfG7-1E4SDJttnmuQ7v4BMc4KrCXzo80vtx7qV-YY)\n- [My Blog on Medium](https:\u002F\u002Fofficercia.medium.com)\n\n### **Why do I need OpSec?**\n\nTake a close look at [this picture](https:\u002F\u002Ft.me\u002Fofficer_cia\u002F684) ([imgur link](https:\u002F\u002Fimgur.com\u002Fa\u002Fvx5OeVk)). Then think up: the world is full of bad people, scammers, hackers, competitors, extortionists, and your personal enemies. Read [this research](https:\u002F\u002Fwww.usenix.org\u002Fsystem\u002Ffiles\u002F1401_08-12_mickens.pdf). \n\n- Study [my blog!](https:\u002F\u002Fofficercia.mirror.xyz)\n- [Follow AnonPlanet!](https:\u002F\u002Fanonymousplanet.org\u002Flinks.html)\n\nThis guide tries to account for all models, but focuses more on protecting against hackers, scammers, annoying fans and paparazzi, competitive espionage specialists (which can include police or other law enforcement officers who in theory can abuse their power), and so on. Your OpSec depends directly on those against whom you are up against. In other words, you must build your own OpSec wall on your own, as follows, you must navigate it flawlessly well. And it doesn't matter where it happens: on the Internet, in real life, and so on. Be one step ahead! May the power be with you!\n\n- [Security Tips & Devices for Digital Nomads](https:\u002F\u002Fofficercia.mirror.xyz\u002FGX0LvoKDcC12ACXzhT3F_3PVRSfEyhE8cJYMZnoia9U)\n\n### **Why does this guide focus primarily on advice for [EVM-based](https:\u002F\u002Fgithub.com\u002Fmektigboy\u002Fevm-chad) blockchains and cryptocurrencies based on them?**\n\nNo, this guide is appropriate for owners of **all of the possible coins, developers, shadowy super-coders and digital nomads**: you may own Bitcoin, DOGE, Sol, XMR, ETH, NFT - anything. I tried to cover all the bases, and if you follow the links, you'll see that there are already a ton of fantastic answers to all of your queries!\n\n### **What do I need for a perfect OpSec?**\n\nTry not to enable such a psychological phenomenon as the [tunnel effect](https:\u002F\u002Fcorescholar.libraries.wright.edu\u002Fcgi\u002Fviewcontent.cgi?article=1006&context=isap_2005), which [refers us to the aviation psychology](https:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FAviation_psychology) and [flight psychology](https:\u002F\u002Fwww.bps.org.uk\u002Fpsychologist\u002Fpsychology-flight), to emerge and expand. When [experienced pilots](https:\u002F\u002Fflightsafety.org\u002Fasw-article\u002Fattention%E2%80%89on-deck) get overly focused on one item while disregarding or ignoring all other warnings, they have an accident. I hope you understood my guide correctly and did not allow this to happen. Be cautious, don't rush, and stay calm. When you are hungry, unwell, or defenseless, do not act on emotion. Do not confuse with a [tunnel syndrome](https:\u002F\u002Fwww.mayoclinic.org\u002Fdiseases-conditions\u002Fcarpal-tunnel-syndrome\u002Fsymptoms-causes\u002Fsyc-20355603)! Nonetheless, it is critical that you have no distractions and that you are healthy and well-fed.\n\nThis is all correct, but nothing stops you from doing a fork or ordering an independent audit of the tools you are going to use, does it? With all said, it all depends on what you are going to get in result and against whom you are acting.\n\n\u003Cdetails>\n\u003Csummary>Expand\u003C\u002Fsummary>\n\u003Cbr \u002F>\n\n- [The Only Safe Way to Store Crypto](https:\u002F\u002Fofficercia.mirror.xyz\u002Fp1ieZdxQWH4yHCNOXNPHyT8So1cY0X_wMGKwdmavi7s)\n- [An ultimate list of rules any on-chain survivor should follow to stay safe!](https:\u002F\u002Fofficercia.mirror.xyz\u002F_nD1Rtxe1PplK-NQzIq9sl-KNtajQG0aKqYsV36RTjA)\n- [Trail of Bits Minimum Viable Plans (MVPs) for Security](https:\u002F\u002Fdocs.google.com\u002Fdocument\u002Fd\u002F1-_0Wlwch_vtkPM4F-SdEXLjQYaYT7KoPlU2rjt7tkLQ\u002Fedit)\n- [On Operational Security in Web3](https:\u002F\u002F0xrusowsky.substack.com\u002Fp\u002Fon-operational-security)\n- [AnonPlanet](https:\u002F\u002Fanonymousplanet.org\u002Flinks.html)\n- [opsecprofessionals.org](https:\u002F\u002Fopsecprofessionals.org)\n- [Crypto Security Best Practices Checklist](https:\u002F\u002Fcryptosecurity.hashnode.dev\u002Fcrypto-security-best-practices-checklist)\n\n\u003C\u002Fdetails>\n\n> [Study Kerckhoffs's principle](https:\u002F\u002Fen.m.wikipedia.org\u002Fwiki\u002FKerckhoffs%27s_principle) - The principle which holds that a cryptosystem should be secure, even if everything about the system, except the key, is public knowledge. This concept is widely embraced by cryptographers, in contrast to security through obscurity, which is not.\n\nLet’s say we deal with a [Duress](https:\u002F\u002Fplay.google.com\u002Fstore\u002Fapps\u002Fdetails?id=me.lucky.duress) or [Wasted](https:\u002F\u002Ff-droid.org\u002Fpackages\u002Fme.lucky.wasted\u002F) tools. As such, it can be used wrong (e.g. weak password), or used to do bad things (e.g., exfiltrate intellectual property). On the opposite, we can just use [Steganography](https:\u002F\u002Fofficercia.mirror.xyz\u002F8ecJG-s_5E6J1t-h8gUNGqV3hbX8If-E5NnrFrOJHUA) and a small paper, without even touching the computer. Both attitudes have the right to exist, in my honest opinion! All of the above refers to the criticism of tools as such and their role in OpSec.\n\n> I highly recommend to purchase a hardware wallet directly from the manufacturer's website rather than online retailers like Amazon\u002FeBay. It is also advised to use an alternative email address or a virtual office to protect your personal information in case of a data leak. I also don’t like trusting hardware. Therefore, we all should have physical ciphers! Once again, study Steganography!\n\n- [Check out this tool!](https:\u002F\u002Fmprimi.github.io\u002Fportable-secret)\n- [Wholeaked Tool](https:\u002F\u002Fgithub.com\u002Futkusen\u002Fwholeaked)\n- [Symbiote Tool](https:\u002F\u002Fgithub.com\u002Fhasanfirnas\u002Fsymbiote)\n\n### **Why is this guide so big?**\n\nWell, regarding big lists. Japan was the first country to invent the work that we do now in the form of [SoKs](https:\u002F\u002Fwww.jsys.org\u002Ftype_SoK\u002F) or [Awesome GitHub lists](https:\u002F\u002Fgithub.com\u002FOffcierCia\u002Fultimate-defi-research-base)! If anyone is still around, browsers used to be sort of a table or database of websites, many of which were quite… uninspiring. \n\n> This manual is the culmination of years of work by security professionals. Consider this guidebook to be a compilation of advice and routes.\n\n[«Antenna-websites»](https:\u002F\u002Fshare-docs.clickup.com\u002F25598832\u002Fd\u002Fh\u002Frd6vg-14247\u002F0b79ca1dc0f7429\u002Frd6vg-12465) were created at that time. There, their authors gathered a variety of resources that were related by a common subject to make someone’s life easier! In some ways, the creators of Awesome Lists and start.me continue this idea now. And it's fantastically amazing!\n\n### **Why does this guide have many authors?**\n\nLast but not least, everything you do is based on the outcomes you need to achieve! You should be able to select reliable and vetted sources instead of using all the tools and links. Through given routes, you ought to be able to construct your own journey! Following that, I will tell you about the ways that I deem safe and recommend to my clients! Safety professionals have spent decades developing this manual, sharing their expertise in every word. Once again, consider this guidebook to be a compilation of advice and routes.\n\n> Remember, you must manage your OpSec wall and literally take it through \"[be like water](https:\u002F\u002Fwww.goodreads.com\u002Fquotes\u002F29138-be-like-water-making-its-way-through-cracks-do-not)\", tending not to overdo it! You construct your own security wall, which you must guard, repair, and develop, exactly like a real wall. Visit: [this article](officercia.mirror.xyz\u002F4x2-M4R2cSnID1wpsTO4CQNrMQ5JUFouR-rZ_N4xO-Q)!\n\n> Because OpSec is fundamentally based on fear, it effectively treats all people equally, regardless of their political or religious preferences. The following 25 rules are comparable to the rally racers' safety regulations in that they are both \"written in blood\". \n\nThe most important thing to understand here is the path of the cyber attack – its vector. Let's take a closer look at various problems associated with OpSec and its implementation to modern life! \n\n#\n\n### Problem 1\n\nUse a secure email provider. Also use trusted VPN like Mullvad or ProtonVPN (better - selfhost it). E2E (end-to-end) encryption is only as secure as the service you are sending the email to.\n\nFor example, if a Protonmail user sends an email to a Gmail user, the email is encrypted with TLS, but Google can still read and hand over any data that passes through their server. E2E can be re-established by using features such as the password-protected email feature from Protonmail.\n\n- [Watch More](https:\u002F\u002Fwww.youtube.com\u002Fchannel\u002FUCYVU6rModlGxvJbszCclGGw)\n- [Read More on Email Encryption with Proton](https:\u002F\u002Fproton.me\u002Fsupport\u002Fproton-mail-encryption-explained)\n- [Meta Secret Tool](https:\u002F\u002Fgithub.com\u002Fmeta-secret)\n- [Croc Tool](https:\u002F\u002Fgithub.com\u002Fschollz\u002Fcroc)\n\n> Don't forget that the VDS\u002FRDP + VM combination can replace all of this, but it is not available to everyone. If you know how to do it correctly - choose this way. [Check out this article as well](https:\u002F\u002Fwww.techtarget.com\u002Fsearchitoperations\u002Ftip\u002FUnderstand-the-differences-between-VPS-vs-VPC).\n\n**On the opposite:**\n\nDon’t use 3rd party VPN, rent a VPS and bootstrap open source VPN server!\n\n\u003Cdetails>\n\u003Csummary>Expand\u003C\u002Fsummary>\n\u003Cbr \u002F>\n\n- [Richard Stallman: How I Do My Computing](https:\u002F\u002Fstallman.org\u002Fstallman-computing.html)\n- [Choosing a Reliable VPN Provider for Life & Work](https:\u002F\u002Fofficercia.mirror.xyz\u002Fx91hTIDFrAL0lgqICRgWU7fLouuCMgvopQ9ZRvRXCLg)\n- [The Only Safe Way to Store Crypto](https:\u002F\u002Fofficercia.mirror.xyz\u002Fp1ieZdxQWH4yHCNOXNPHyT8So1cY0X_wMGKwdmavi7s)\n- [An ultimate list of rules any on-chain survivor should follow to stay safe!](https:\u002F\u002Fofficercia.mirror.xyz\u002F_nD1Rtxe1PplK-NQzIq9sl-KNtajQG0aKqYsV36RTjA)\n- [Trail of Bits Minimum Viable Plans (MVPs) for Security](https:\u002F\u002Fdocs.google.com\u002Fdocument\u002Fd\u002F1-_0Wlwch_vtkPM4F-SdEXLjQYaYT7KoPlU2rjt7tkLQ\u002Fedit)\n- [Check out this awesome Privacy-focused toolkit!](https:\u002F\u002Ftechlore.tech\u002Fresources)\n- [Create your own vpn server](https:\u002F\u002Fproprivacy.com\u002Fvpn\u002Fguides\u002Fcreate-your-own-vpn-server)\n- [Create your own vpn server No.2](https:\u002F\u002Fmedium.com\u002Fpress-start-to-begin\u002Fanyone-can-ssh-into-a-server-scp-files-from-it-set-up-your-own-vpn-or-all-of-the-above-471a06e310bd)\n- [Setup OpenVPN server on Ubuntu](https:\u002F\u002Fwww.cyberciti.biz\u002Ffaq\u002Fhowto-setup-openvpn-server-on-ubuntu-linux-14-04-or-16-04-lts)\n- [Watch more](https:\u002F\u002Fyoutu.be\u002FrXwJwubqVmI)\n- [Wireguard VS OpenVPN](https:\u002F\u002Frestoreprivacy.com\u002Fvpn\u002Fwireguard-vs-openvpn)\n- [Brave Browser Privacy Issues](https:\u002F\u002Ftelegra.ph\u002FBrave-Browser-is-a-Spyware-01-29)\n- [How to Disappear from the Internet!](https:\u002F\u002Fmedium.com\u002F@garvittkohli\u002Fhow-to-disappear-from-the-internet-53a039dc6397)\n\n\u003C\u002Fdetails>\n\n**Check out:**\n\nUse dedicated email address for each account, or use an alias eg. chortly534524twitter@gmail , if it leaks it will be isolated to the account!\n\nYou can also use something like [private addresses feature](https:\u002F\u002Fspreadprivacy.com\u002Fprotect-your-inbox-with-duckduckgo-email-protection) from DuckDuckGo or [simplelogin.io](https:\u002F\u002Fsimplelogin.io).\n\n\u003Cdetails>\n\u003Csummary>Expand\u003C\u002Fsummary>\n\u003Cbr \u002F>\n\n- [How to hide your email](https:\u002F\u002Fgizmodo.com\u002Fthe-best-ways-to-hide-your-email-address-1848092989)\n- [Anti-detection system](https:\u002F\u002Fdetect.expert)\n\n\u003C\u002Fdetails>\n\n---\n\n### Problem 2\n\nUse different emails and different strong passwords. Never reuse passwords, especially for accounts with personally identifiable and sensitive information (e.g. Facebook, Gmail, AppleID, Twitter, banks\u002Fpayments, crypto accounts).\n\n- [Taming a Wildhorse CEX App](https:\u002F\u002Fofficercia.mirror.xyz\u002FscaEkpIpF7pd9Dhsj26F3HguaYnwhDg9TeAGIo76aRY)\n- [«Back office» and «front office»](https:\u002F\u002Ftwitter.com\u002Fofficer_cia\u002Fstatus\u002F1516581048792289280)\n- [Steganography tool](https:\u002F\u002Fstylesuxx.github.io\u002Fsteganography)\n- [The State of Crypto Security](https:\u002F\u002Fthecontrol.co\u002Fthe-state-of-crypto-security-d628ac5b609d)\n- [Blockchain dark forest selfguard handbook](https:\u002F\u002Fgithub.com\u002Fslowmist\u002FBlockchain-dark-forest-selfguard-handbook)\n\nUse passwords that are at least 8 characters in length, but a minimum of 12 is generally recommended for memorization. Along with that, if using memorization, ensure that a minimum complexity requirement is met: which means having an uppercase character, a lowercase character, a digit, and a non-alphabetic character. \n\n\u003Cdetails>\n\u003Csummary>Expand\u003C\u002Fsummary>\n\u003Cbr \u002F>\n\n- [Store SSH keys in the Secure Enclave!](https:\u002F\u002Fgithub.com\u002Fmaxgoedjen\u002Fsecretive)\n- [Blockchain dark forest selfguard handbook](https:\u002F\u002Fgithub.com\u002FSunWeb3Sec\u002FDeFiHackLabs\u002Ftree\u002Fmain\u002Facademy\u002Fuser_awareness\u002F01_handbook\u002Fen)\n- [A tool that allows user to create time bound backups for various cryptocurrencies](https:\u002F\u002Fgithub.com\u002FJames-Sangalli\u002Fcrypto-timelocked-backup)\n\n\u003C\u002Fdetails>\n\n> For a perfect-level privacy, always generate complex passwords and write them down on a notebook. It takes time but saves headache. Somewhere along the line, the 'stop writing passwords on sticky notes' narrative got misinterpreted as 'never write them down'. There's nuance to it!\n\nUsing a string of unrelated words while still meeting the dictionary requirement makes it easy to have an extremely secure password while still being able to remember it. If fully relying on a password manager, a password of 20+ characters in length that is randomly generated can be used. \n\n\u003Cdetails>\n\u003Csummary>Expand\u003C\u002Fsummary>\n\u003Cbr \u002F>\n\n- [Wi-Fi Security A-Z](twitter.com\u002Fofficer_cia\u002Fstatus\u002F1566473017068331010)\n- [Fing App](https:\u002F\u002Fwww.fing.com)\n- [How to detect if someone is attempting to crack your wi-fi](https:\u002F\u002Fandrecamillo.medium.com\u002Fhow-to-detect-if-someone-is-attempting-to-crack-your-wi-fi-1d142c5cec93)\n- [Use a Raspberry Pi To Catch Hackers with OpenCanary](https:\u002F\u002Fwww.tomshardware.com\u002Fnews\u002Fuse-a-raspberry-pi-to-catch-hackers-with-opencanary)\n- [canarytokens.org](https:\u002F\u002Fcanarytokens.org\u002Fgenerate)\n- [Someone overheard me! Why it's important to think about all attack vectors, even if they seem unlikely to happen?](https:\u002F\u002Fofficercia.mirror.xyz\u002FGc4msiSq4HkKrrsKcL5tDF613iUtX4vWUAb5DYdDPC0)\n- [MacOS + IOS + Crypto + OpSec = ?](https:\u002F\u002Fofficercia.mirror.xyz\u002F0uiAGM50rkQSvHbptcrVkCkyxsnewpAFIdu3oyga42Y)\n- [Awesome wifi security](https:\u002F\u002Fgithub.com\u002Fedelahozuah\u002Fawesome-wifi-security)\n- [bbox.rocks](https:\u002F\u002Fbbox.rocks)\n- [IT security lecture](https:\u002F\u002Fgithub.com\u002Fbkimminich\u002Fit-security-lecture\u002F)\n- [Unredacter Tool](https:\u002F\u002Fgithub.com\u002FBishopFox\u002Funredacter)\n- [forensicdots.de](https:\u002F\u002Fwww.forensicdots.de\u002F)\n- [meta-secret App](https:\u002F\u002Fgithub.com\u002Fmeta-secret)\n- [Portable-secret App](https:\u002F\u002Fmprimi.github.io\u002Fportable-secret\u002F)\n  \n\u003C\u002Fdetails>\n\nIf you see suspicious password activity or failed log-ins on any of your accounts, change all of your passwords, starting with sensitive and authorization accounts, such as your primary email and bank\u002Fcrypto accounts.\n\n[KeePass](https:\u002F\u002Fkeepass.info) or [Keepassx](https:\u002F\u002Fkeepassx.org) or [KeePassDX](https:\u002F\u002Fwww.keepassdx.com) or [KeePassXC](https:\u002F\u002Fkeepassxc.org) or [BitWarden](https:\u002F\u002Fbitwarden.com) are good options. I also found [this tutorial](https:\u002F\u002Fforums.linuxmint.com\u002Fviewtopic.php?f=42&t=291093) for [integrity check](https:\u002F\u002Fkeepass.info\u002Fintegrity.html) (and other checks) very helpful, be sure to check it out as well: [link](https:\u002F\u002Fforums.linuxmint.com\u002Fviewtopic.php?f=42&t=291093).\n\n\u003Cdetails>\n\u003Csummary>Expand\u003C\u002Fsummary>\n\u003Cbr \u002F>\n\n- [This article tells that when using BitWarden one have to audit server side cryptography primitives by himself and monitor for changes!](https:\u002F\u002Fpalant.info\u002F2023\u002F01\u002F23\u002Fbitwarden-design-flaw-server-side-iterations)\n- [Secant](https:\u002F\u002Fstart.me\u002Fp\u002FGEbM6z\u002Fsecant)\n- [Awesome csirt](https:\u002F\u002Fgithub.com\u002FSpacial\u002Fawesome-csirt)\n- [teachingprivacy.org](https:\u002F\u002Fteachingprivacy.org\u002F)\n- [securityinabox.org](https:\u002F\u002Fsecurityinabox.org\u002Fen\u002F)\n- [SecureYourselfNow](https:\u002F\u002Fwww.hoppersroppers.org\u002Fsecurity\u002FSecureYourselfNow\u002F0-SecureYourselfNow.html)\n- [ssd.eff.org](https:\u002F\u002Fssd.eff.org\u002Fen)\n- [Wasted](https:\u002F\u002Ff-droid.org\u002Fpackages\u002Fme.lucky.wasted\u002F)\n- [bbox.rocks](https:\u002F\u002Fbbox.rocks)\n  \n\u003C\u002Fdetails>\n\n**On the opposite:**\n\n> For 2FA one can use KeePass + Yubikey as well. KeePass allows setting up TOTP to any entry in your .kdbx file. Yubikey could be used in company with KeePass to add a bit of entropy on each re-encryption when adding an entry in your db file: [Ref No.1](https:\u002F\u002Fdevelopers.yubico.com\u002FDeveloper_Program\u002FGuides\u002FTouch_triggered_OTP.html); [Ref No.2](https:\u002F\u002Fwww.reddit.com\u002Fr\u002FKeePass\u002Fcomments\u002Fopx34q\u002Fkeepassxc_and_yubikeys_setting_up_the); [Ref No.3](https:\u002F\u002Fgithub.com\u002Fkeepassxreboot\u002Fkeepassxc\u002Fdiscussions\u002F6344).\n\n\u003Cdetails>\n\u003Csummary>Expand\u003C\u002Fsummary>\n\u003Cbr \u002F>\n\n- [Read More](https:\u002F\u002Fblog.keys.casa\u002F7-ways-to-level-up-your-bitcoin-opsec\u002F)\n- [NIST 800-63b Password Guidelines and Best Practices](https:\u002F\u002Fspecopssoft.com\u002Fblog\u002Fnist-800-63b\u002F)\n- [OpSec tips](https:\u002F\u002Ftwitter.com\u002Fwazzcrypto\u002Fstatus\u002F1511447427751952385)\n- [How to Defend Your Castle | Innovative Trio in Smart Contract Security: Monitoring, Prevention, Defense](https:\u002F\u002Fblog.pessimistic.io\u002Fhow-to-defend-your-castle-innovative-trio-in-smart-contract-security-monitoring-prevention-c8885304035a)\n- [Web3 Cybersecurity Academy](https:\u002F\u002Ftwitter.com\u002F1nf0s3cpt\u002Fstatus\u002F1615613430991564807)\n- [Enhancing user asset security](https:\u002F\u002Ftwitter.com\u002F1nf0s3cpt\u002Fstatus\u002F1614896605270007811)\n- [Rare Web2 phreaker style attacks: Note](https:\u002F\u002Ftelegra.ph\u002FDear-friends-does-anyone-here-know-of-any-rare-Web2-phreaker-style-attacks-01-30)\n\n\u003C\u002Fdetails>\n\n---\n\n### Problem 3\n\nNever link phone numbers to crypto platforms. Use trusted multiple e-sims if you have to link the phone. To lock down your SIM, contact your mobile phone carrier.\n\n> That is a standard that [has been tested](https:\u002F\u002Ftwitter.com\u002Fofficer_cia\u002Fstatus\u002F1607182946104119301) by telecommunications operators in the [US, the UK, Poland, and China](https:\u002F\u002Ftwitter.com\u002Fofficer_cia\u002Fstatus\u002F1581725537571344385) - also check out [this tweet](https:\u002F\u002Ftwitter.com\u002Fcryptonacks\u002Fstatus\u002F1538206075178074113) and [this article](https:\u002F\u002Fwww.androidpolice.com\u002Fhow-to-protect-yourself-from-a-sim-swap-attack). You just need to insist on it or visit the head office, and I’m sure that the support manager on the phone mayn’t know about it!\n\nAsk them to NEVER make changes to your phone number\u002FSIM unless you physically show up to a specific store with at minimum two forms of identification. This (should) prevent hackers from calling up AT&T or T-Mobile or Vodafone, claiming to be you, and asking them to port your phone number to a new phone.\n\n> SERM\u002FORM (search engine reputation marketing or reputation management) and [Counter-OSINT](https:\u002F\u002Fgithub.com\u002Fsoxoj\u002Fcounter-osint-guide-en) - **do** exist, and one of the most interesting areas of which is to work with adding fake or confusing information about yourself in \"leakages\" or, for example, attaching to your number 100+ names related to taxi services through various GetContact accounts, to confuse potential bad actors who will try to research data on you in the future, in preparation for an attack. Then, think up.\n\n **On the opposite:**\n\n> Instead, require staff to verify via phone call to a secondary number because show ID is compromised or just use something like [Efani](https:\u002F\u002Fwww.efani.com). Or [tend to use E-sim only](https:\u002F\u002Ftwitter.com\u002Fofficer_cia\u002Fstatus\u002F1582984626146250753)!\n\n- [OpSec Going Smart](https:\u002F\u002Fofficercia.mirror.xyz\u002FfsRT9NC29GzeQAl-zvAMJ9L-hYUYvX1CPUkt97Vuuwo)\n- [OpSec Going Smarter](https:\u002F\u002Fofficercia.mirror.xyz\u002FB9hBom4jGhkV0C-47E4YBz8tBJkb0a7zVwQR0jITIyM)\n- [OpSec Going Smarter: Secure Smartphones](https:\u002F\u002Fofficercia.mirror.xyz\u002F0tlSSF2LDTOnnMN41R5Uc1kTpo-G-kXljn8pT0a1YLY)\n- [Choosing a Reliable VPN Provider for Life & Work](https:\u002F\u002Fofficercia.mirror.xyz\u002Fx91hTIDFrAL0lgqICRgWU7fLouuCMgvopQ9ZRvRXCLg)\n- [How to use an ipad as a secure calling and messaging device](https:\u002F\u002Fyawnbox.com\u002Fblog\u002Fhow-to-use-an-ipad-as-a-secure-calling-and-messaging-device)\n- [Read More](https:\u002F\u002Fmedium.com\u002Fthe-business-of-crypto\u002Ffundamentals-of-opsec-in-crypto-7844ba701b1d)\n- [Intro to Web3 Security](https:\u002F\u002Fn00bzunit3d.xyz\u002Fblog\u002Fintro-to-web3-security)\n- [Privacy and Scaling Explorations](https:\u002F\u002Fmirror.xyz\u002Fprivacy-scaling-explorations.eth)\n- [A collection of practical security-focused guides and checklists for smart contract development](https:\u002F\u002Fgithub.com\u002Fnascentxyz\u002Fsimple-security-toolkit)\n\n---\n\n### Problem 4\n\nInstead of SMS-based 2FA, use Authy or Aegis OTP for iOS or Android. Google Authenticator is generally not recommended anymore in order to stay out of the Google ecosystem, and Authy offers more robust account recovery options (Aegis does not offer the same level of account recovery options). Keep in mind that the codes generated by 2FA apps are device specific.\n\n> Learn MFA and 3FA! [Check out this article](https:\u002F\u002Fwww.techtarget.com\u002Fsearchsecurity\u002Fdefinition\u002Fthree-factor-authentication-3FA).\n\nIf your account is not manually backed up to Google cloud or iCloud and you lose your phone, you’ll need to spend some time proving your identity to restore your 2FA. The added security is worth the hassle!\n\nHardware-based 2FA options are regarded as more secure than phone-based OTP options since the keys are stored on the YubiKey device itself, not on your phone, or in the cloud, or on your computer.\n\n**On the opposite:**\n\n> Aegis Authenticator is open source (licensed under GPL v3) and the source code [can be found here](http:\u002F\u002Fgithub.com\u002Fbeemdevelopment\u002FAegis). The issue with Authy is that it depends on a phone number which can be changed through an email request, allowing anyone access to HOTP\u002FTOTP after an approximate 4-day wait period. To avoid that, disable multi-device function in Authy's settings!\n\n\u003Cdetails>\n\u003Csummary>Expand\u003C\u002Fsummary>\n\u003Cbr \u002F>\n\n- [Tips from TrailOfBits](https:\u002F\u002Fdocs.google.com\u002Fdocument\u002Fd\u002F1-_0Wlwch_vtkPM4F-SdEXLjQYaYT7KoPlU2rjt7tkLQ\u002Fedit)\n- [Read More](https:\u002F\u002Fwww.threatstack.com\u002Fblog\u002Ffive-opsec-best-practices-to-live-by)\n- [CryptoCustody Blog](https:\u002F\u002Fcryptocustody.substack.com)\n- [A DIY Guide to High-Security Cryptography](https:\u002F\u002Fmedium.com\u002Fweb3-magazine\u002Fa-diy-guide-to-high-security-cryptography-5c85a5fd8934)\n- [Securing OT Systems: A Practical Guide](https:\u002F\u002Fismailtasdelen.medium.com\u002Fsecuring-ot-systems-a-practical-guide-827d1a5d9515)\n- [ECDSA: Handle with Care](https:\u002F\u002Fblog.trailofbits.com\u002F2020\u002F06\u002F11\u002Fecdsa-handle-with-care\u002F)\n- [solidity-security](https:\u002F\u002Fgithub.com\u002Fjcr-security\u002Fsolidity-security-teaching-resources)\n- [A Basic iPhone Feature Helps Criminals Steal Your Entire Digital Life](https:\u002F\u002Fwww.wsj.com\u002Farticles\u002Fapple-iphone-security-theft-passcode-data-privacya-basic-iphone-feature-helps-criminals-steal-your-digital-life-cbf14b1a)\n- [Checklist for Developers for securing APIs](https:\u002F\u002Finfosecwriteups.com\u002Fapi-security-for-developers-58f971bcc2c1)\n\n\u003C\u002Fdetails>\n\n---\n\n### Problem 5\n\nCold storage, and separate “hot” wallet. Use multisig ([safe.global](https:\u002F\u002Fsafe.global) as example) or at least a hardware wallet. Never store your seed phrase digitally. Seed phrases are intended to be stored on the paper card included with hardware wallets! That means never type it up, store it online, or take a photo of the card. Store your key on hard device.\n\n- [List of Hardware Wallet Hacks](https:\u002F\u002Fthecharlatan.ch\u002FList-Of-Hardware-Wallet-Hacks\u002F)\n- [Another List](https:\u002F\u002Fdocs.google.com\u002Fspreadsheets\u002Fd\u002F13d5xnVa2PlhzNLAxvvufRCT1fpDbnByI3UOf276zYZ0\u002Fedit?pli=1#gid=1518841983)\n- [walletcompare.xyz\u002F](https:\u002F\u002Fwalletcompare.xyz\u002F)\n- [walletscrutiny.com](https:\u002F\u002Fwalletscrutiny.com\u002F)\n- [Security Tips & Devices for Digital Nomads](https:\u002F\u002Fofficercia.mirror.xyz\u002FGX0LvoKDcC12ACXzhT3F_3PVRSfEyhE8cJYMZnoia9U)\n\n\u003Cdetails>\n\u003Csummary>Expand\u003C\u002Fsummary>\n\u003Cbr \u002F>\n\n- [The Only Safe Way to Store Crypto](https:\u002F\u002Fofficercia.mirror.xyz\u002Fp1ieZdxQWH4yHCNOXNPHyT8So1cY0X_wMGKwdmavi7s)\n- [An ultimate list of rules any on-chain survivor should follow to stay safe!](https:\u002F\u002Fofficercia.mirror.xyz\u002F_nD1Rtxe1PplK-NQzIq9sl-KNtajQG0aKqYsV36RTjA)\n- [Read More](https:\u002F\u002Fdigitalguardian.com\u002Fblog\u002Fwhat-operational-security-five-step-process-best-practices-and-more)\n- [Read More](https:\u002F\u002Fjoelgsamuel.medium.com\u002Fhow-to-keep-your-smartphone-safe-from-spying-d7d50fbed817)\n- [ShiftCrypto](https:\u002F\u002Fshiftcrypto.support\u002Fhelp\u002Fen-us\u002F5-backup\u002F72-what-types-of-wallet-backups-can-i-create)\n- [Rogue Key Attack in BLS Signature and Harmony Security](https:\u002F\u002Fmedium.com\u002F@coolcottontail\u002Frogue-key-attack-in-bls-signature-and-harmony-security-eac1ea2370ee)\n\n\u003C\u002Fdetails>\n\n**Great wallets (both hot and cold):**\n\n- **I Recommend Trezor or a [Lattice](https:\u002F\u002Fgridplus.io\u002Fproducts\u002Fgrid-lattice1)!** \n- [Opinion on Trezor](https:\u002F\u002Ftwitter.com\u002F0xjezza\u002Fstatus\u002F1614522479438958592)\n- [airgapcomputer.com](https:\u002F\u002Fairgapcomputer.com)\n\n**For Bitcoin:**\n\n- [Coldcardwallet](https:\u002F\u002Ftwitter.com\u002Fcoldcardwallet)\n- [Cypherockwallet](https:\u002F\u002Ftwitter.com\u002Fcypherockwallet)\n- [Sparrowwallet.com](https:\u002F\u002Fsparrowwallet.com)\n- [BitBox](https:\u002F\u002Fshiftcrypto.ch\u002Fbitbox02\u002Fthreat-model)\n- [Bitlox](https:\u002F\u002Ftwitter.com\u002Fbitlox)\n\n**For Other Cryptocurrencies:**\n\n- [Alphawallet](https:\u002F\u002Ftwitter.com\u002Falphawallet)\n- [Airgap_it](https:\u002F\u002Ftwitter.com\u002Fairgap_it)\n- [rainbow.me](https:\u002F\u002Frainbow.me)\n- [Frame.sh](https:\u002F\u002Fframe.sh)\n- [Walletscrutiny.com](http:\u002F\u002Fwalletscrutiny.com)\n- [Grid-lattice1](https:\u002F\u002Fgridplus.io\u002Fproducts\u002Fgrid-lattice1)\n- [Atomicwallet.io](https:\u002F\u002Fatomicwallet.io)\n- [Alternatives to Metamask](https:\u002F\u002Fethereum.stackexchange.com\u002Fquestions\u002F73982\u002Falternatives-to-metamask)\n- [myetherwallet.com](https:\u002F\u002Fwww.myetherwallet.com)\n- [Forked MetaMask](https:\u002F\u002Ftwitter.com\u002F0xngmi\u002Fstatus\u002F1601744180510085121)\n- [Multichain crypto wallet](www.npmjs.com\u002Fpackage\u002Fmultichain-crypto-wallet)\n\n---\n\n### Problem 6\n\nOffline (better - physical) backups. Store them in a safe. Can be written on paper, but recommended to be etched or laser-printed into metal. Always be sure to have a backup stored somewhere safe if your threat model allows for that. \n\n> In cryptography, [format-preserving encryption (FPE)](https:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FFormat-preserving_encryption), refers to encrypting in such a way that the output (the ciphertext) is in the same format as the input (the plaintext). The meaning of \"format\" varies. Typically only finite sets of characters are used; numeric, alphabetic or alphanumeric.\n\n- [Audio Steganography : The art of hiding secrets](https:\u002F\u002Fsumit-arora.medium.com\u002Faudio-steganography-the-art-of-hiding-secrets-within-earshot-part-1-of-2-6a3bbd706e15)\n- [Audio Steganography Technique for Communication Security](https:\u002F\u002Fukdiss.com\u002Fexamples\u002Fimplementation-design-for-audio-steganography.php)\n- [Learn OpSec basics in 15 mins](https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=rMSgnOYcEVE)\n\nAsk yourself, what happens if my house catches on fire? What temperature is my safe rated to? Some individuals find a safety deposit box handy.\n\n\u003Cdetails>\n\u003Csummary>Expand\u003C\u002Fsummary>\n\u003Cbr \u002F>\n\n- [OpSec Going Smart](https:\u002F\u002Fofficercia.mirror.xyz\u002FfsRT9NC29GzeQAl-zvAMJ9L-hYUYvX1CPUkt97Vuuwo)\n- [OpSec Going Smarter](https:\u002F\u002Fofficercia.mirror.xyz\u002FB9hBom4jGhkV0C-47E4YBz8tBJkb0a7zVwQR0jITIyM)\n- Check out: [Portable Secret](https:\u002F\u002Fmprimi.github.io\u002Fportable-secret) & [digi cloak](https:\u002F\u002Fgithub.com\u002Fkaushalmeena\u002Fdigi-cloak)\n- [Read More](https:\u002F\u002Fwww.gocivilairpatrol.com\u002Fprograms\u002Femergency-services\u002Foperations-support\u002Foperational-security-opsec)\n- [How to Store Seed Phrase Backups](https:\u002F\u002Funchained.com\u002Fblog\u002Fhow-to-store-bitcoin-seed-phrase-backups)\n- [Awesome Security Hardening Guides](https:\u002F\u002Fgithub.com\u002Fdecalage2\u002Fawesome-security-hardening)\n- [Authenticator app for storing your 2FA secrets](https:\u002F\u002Fgithub.com\u002Fente-io\u002Fauth\u002F#readme)\n- [iOS Forensics References](https:\u002F\u002Fgithub.com\u002FRealityNet\u002FiOS-Forensics-References)\n- [Android Forensics References](https:\u002F\u002Fgithub.com\u002FRealityNet\u002FAndroid-Forensics-References)\n\n\u003C\u002Fdetails>\n\n---\n\n### Problem 7\n\nNever do anything you do not understand. Always check which token you approve, transaction you sign, assets you send, etc - be extremely accurate while making any financial operation. Keep in mind that one of possible attack vectors is to put you in a situation that will encourage you to do smth (login or anything like that).\n\n> Tip: Don't use Tails OS if you want to achieve anonymity on the network, choose Whonix OS together with Qubes OS or Whonix OS together with free and secure Linux and virtualization through KVM\u002FQemu!\n\n> You can install Comodo or MalwareBytes antivirus but it won't help you if you do not understand them. Keep up your basic set of defending tools up to date. For ultra-secure comunications, run WhonixOS and [use Jabber (Adium, Psi+ or Xabber or ChatSecure) over Tor with OTR plug-in.](https:\u002F\u002Fwww.darknetstats.com\u002Ftutorial-xmpp-jabber-otr-over-tor) Or Matrix… Or, at least, configure telegram correctly… \n\n- [Digital Communications Protocols](https:\u002F\u002Fdocs.google.com\u002Fspreadsheets\u002Fd\u002F1-UlA4-tslROBDS9IqHalWVztqZo7uxlCeKPQ-8uoFOU\u002Fedit#gid=0)\n- [OTR versus OMEMO](https:\u002F\u002Fforums.whonix.org\u002Ft\u002Fotr-versus-omemo\u002F14063)\n- [ChatSecure](https:\u002F\u002Fchatsecure.org)\n- [Encrypted Instant Messaging on Mac OS X with Adium and Off The Record](https:\u002F\u002Fcalyxinstitute.org\u002Fdocs\u002Fhowto-encrypted-instant-messaging-with-osx-adium-and-otr)\n- [axolotl, OMEMO vs OpenPGP](https:\u002F\u002Flists.gnupg.org\u002Fpipermail\u002Fgnupg-devel\u002F2016-March\u002F030917.html)\n- [The most significant milestones in the development of communications](https:\u002F\u002Fofficercia.mirror.xyz\u002FG4782jMUpA_kkIpwakphbd6djX85cxRGS-pjBipc8Yk)\n- [Telegram & Discord Security Best Practices](https:\u002F\u002Fofficercia.mirror.xyz\u002Fdlf6ZEXq3FLE21ZY2jeJ0cBDyuZu8XIF9DEJAQ07nk8)\n- [Jolly Roger’s Security Thread for Beginners](https:\u002F\u002Fwww.lopp.net\u002Fpdf\u002FJolly_Rogers_Security_Guide_for_Beginners.pdf)\n- [A curated list of privacy & security-focused software and services](https:\u002F\u002Fgithub.com\u002FLissy93\u002Fawesome-privacy)\n- [Complete Expert Opsec Setup](https:\u002F\u002Fru.scribd.com\u002Fdocument\u002F514305801\u002FComplete-Expert-Opsec-Setup)\n- [Pidgin](https:\u002F\u002Fpidgin.im\u002Fhelp\u002Fprotocols\u002Fxmpp\u002F)\n- [The Hitchhiker’s Guide to Online Anonymity](https:\u002F\u002Fanonymousplanet.org)\n- [element.io - Matrix client](https:\u002F\u002Felement.io)\n- [jitsi.org - for video calls](https:\u002F\u002Fjitsi.org)\n- [Open source virtual \u002F remote desktop infrastructure for everyone!](https:\u002F\u002Frustdesk.com)\n- [The Invisible Internet Project](https:\u002F\u002Fgeti2p.net\u002Fen)\n- [Get Bridges for Tor](https:\u002F\u002Fbridges.torproject.org)\n- [YouTubeDrive](https:\u002F\u002Fgithub.com\u002Fdzhang314\u002FYouTubeDrive) & [example](https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=Fmm1AeYmbNU)\n- [youbit](https:\u002F\u002Fgithub.com\u002FMeViMo\u002Fyoubit)\n- [aperisolve.com](https:\u002F\u002Fwww.aperisolve.com)\n\nOpSec isn't always a matter of survival! It manifests itself in a variety of ways: at work, in everyday life, in communication, in DAO work, in conferences, and so on. You may be surprised to learn that there is no perfect solution. The strategies and tactics differ greatly and are dependent on you and what you need to achieve.\n\n\u003Cdetails>\n\u003Csummary>Expand\u003C\u002Fsummary>\n\u003Cbr \u002F>\n\n- [An ultimate list of rules any on-chain survivor should follow to stay safe!](https:\u002F\u002Fofficercia.mirror.xyz\u002F_nD1Rtxe1PplK-NQzIq9sl-KNtajQG0aKqYsV36RTjA)\n- [openvpn-install](https:\u002F\u002Fgithub.com\u002FNyr\u002Fopenvpn-install)\n- [Juice jacking: Why you should avoid public phone charging stations](https:\u002F\u002Fwww.nbcnews.com\u002Ftech\u002Fsecurity\u002Fjuice-jacking-why-you-should-avoid-public-phone-charging-stations-n1132046)\n- [Throwingstar...](https:\u002F\u002Fgreatscottgadgets.com\u002Fthrowingstar\u002F)\n\n\u003C\u002Fdetails>\n\nI'm only offering you a set of tools and guidelines to hunt for information; the rest is up to you! No one can create your security wall better than you, and learning OpSec does not require you to become a hostile, distrustful cryptopunk and abuse it to the extreme: you might find something that works for you.\n\n\u003Cdetails>\n\u003Csummary>More about VPN\u003C\u002Fsummary>\n\u003Cbr \u002F>\n\nA VPN (Virtual Private Network) is an application that increases your online security and privacy. It creates an encrypted tunnel by redirecting your traffic and hides personal data, information and browsing history. Many of us do not know where to start when choosing a VPN, but I will help you in this, remember main key principles:\n\n- The VPN app must reliably encrypt data\n- The VPN app must have a kill-switch, AND lockdown modes!\n- It must not store a single byte of your sensitive data, including email address.\n\nOne helpful sheet created by someone comparing VPNs in detail is [here](https:\u002F\u002Fdocs.google.com\u002Fspreadsheets\u002Fd\u002F1L72gHJ5bTq0Djljz0P-NCAaURrXwsR1MsLpVmAt3bwg\u002Fedit#gid=0)!\n\n[Mullvad](https:\u002F\u002Fmullvad.net) does a few things differently than most other VPNs, such as allowing cash payments and not requiring an email address to create an account. One may also wonder: Isn't WireGuard less safe than OpenVPN, since logs are kept for WireGuard (at least temporary? Well, If you have multiple users you have to make an additional gateway with additional IP address. Like in [Nordlynx](https:\u002F\u002Fnordvpn.com\u002Fblog\u002Fnordlynx-protocol-wireguard\u002F). But out of the box you cant say that OpenVPN is more safe. It's more difficult to configure it so misconfiguration may be an issue. With all said, I prefer mullvad.net + oVPN. \n  \n> There is a take that you should never use VPN services and run your own VPS\u002FVPN only! [Check out this resource!](https:\u002F\u002Fgist.github.com\u002Fjoepie91\u002F5a9909939e6ce7d09e29)\n\nAnother Option — Setting Up a Hardware VPN. If you area VPN enjoyer I’d strongly consider you look at affordable hardware options, for example, the [gl-mt1300](https:\u002F\u002Fwww.amazon.com\u002FGL-iNet-GL-MT1300-Wireless-Pocket-Sized-Repeater\u002Fdp\u002FB08MKZXGBY) is a cheap and very nice piece of kit, easy way to protect your home network from threats without relying on running software locally. It may seem overkill but the options of TOR or Mullvad and general WireGuard, and measures to stop [DNS leakage](http:\u002F\u002Fwww.dnsleaktest.com) make it quite a nice useful piece of kit!\n\n- [How I turned a mini-PC into an Ethereum node to run at home](https:\u002F\u002Fmedium.com\u002Fcoinmonks\u002Fhow-i-turned-a-mini-pc-into-an-ethereum-node-to-run-at-home-5aebf1b6f881)\n- [Spin up your own Ethereum node](https:\u002F\u002Fethereum.org\u002Fen\u002Fdevelopers\u002Fdocs\u002Fnodes-and-clients\u002Frun-a-node)\n- [Check out this resource!](https:\u002F\u002Fgist.github.com\u002Fjoepie91\u002F5a9909939e6ce7d09e29)\n- [Improve Fast Reaction: Techniques to Enhance Your Reflexes](https:\u002F\u002Fmedium.com\u002F@joaoaniceto.webdeveloper\u002Fimprove-fast-reaction-techniques-to-enhance-your-reflexes-fe052a8f2459)\n\nIt is important to note that you can achieve the same thing by installing oVPN Mullvad (or another service you trust \u002F your own VPN) configuration on your home router! You should also keep in mind the basic rule: the VPN is your buddy and will keep you safe from a wide range of threats, including even several WiFi and physical attacks. I hope this short [note](https:\u002F\u002Fofficercia.mirror.xyz\u002Fx91hTIDFrAL0lgqICRgWU7fLouuCMgvopQ9ZRvRXCLg) helps you decide!\n\n**On the opposite:**\n\nDon't use 3rd party VPN, rent a VPS and bootstrap open source VPN server, it's 5 min!\n\n\u003C\u002Fdetails>\n\nAt the same time, I believe that OpSec, in its broadest sense, does not function on half-measures, and it's critical to understand how to do things in a benchmark so you have something to fall back on. \n\n- [Guide to securing and improving privacy on macOS](https:\u002F\u002Fgithub.com\u002Fdrduh\u002FmacOS-Security-and-Privacy-Guide)\n- [Set of utilities to manage BIP44-compatible Ethereum HD wallet](https:\u002F\u002Fgithub.com\u002Fpavel-main\u002Fethereum-hd-tools)\n- [The Last Laptop You'll Ever Need For Crypto](https:\u002F\u002Fdefieducation.substack.com\u002Fp\u002Fthe-last-laptop-youll-ever-need-for)\n- [Nano-Painting: Encryption With Colours](https:\u002F\u002Fmedium.com\u002Fasecuritysite-when-bob-met-alice\u002Fnano-painting-encryption-with-colours-1d18a79ee942)\n- [Hacking a Windows Machine by Hiding a RAT Inside an Image](https:\u002F\u002Fsystemweakness.com\u002Fhacking-a-windows-machine-by-hiding-a-rat-inside-an-image-843832bafc7e)\n- [The Importance of Self-Custody Password Managers: A Deep Dive](https:\u002F\u002Fnomadscrolls.net\u002F2023\u002F10\u002F29\u002Fthe-importance-of-self-custody-password-managers-a-deep-dive\u002F)\n\nAfter all, one key rule that almost never gets emphasized is \"always be aware of what rule you're breaking, why, and how it may affect you in case of an assault or other problems. In any case, it is critical to understand where the boundaries of this \"standard of OpSec & security\" lie, which I will attempt to do via the lens of many approaches, which I will attempt to express in such a way that they are universal.\n\n- [Read this article!](https:\u002F\u002Fmjg59.dreamwidth.org\u002F66429.html)\n- [MacOS Secure Profiles](https:\u002F\u002Fgithub.com\u002Fsambacha\u002Fmacos-secure-profiles)\n- [MacOS Security](https:\u002F\u002Fgithub.com\u002Fusnistgov\u002Fmacos_security)\n- [Free, open-source tools to protect your Mac](https:\u002F\u002Fobjective-see.org\u002Ftools.html)\n- [Mac Monitor](https:\u002F\u002Fgithub.com\u002Fredcanaryco\u002Fmac-monitor)\n- [Security checklist app for your Mac](https:\u002F\u002Fparetosecurity.com\u002F)\n\n**On the opposite:**\n\nTend to use:\n\n> you can use Apple Configurator and create a blueprint to ensure conformance (trusting they apply it)\n\n- QubesOS; [Manual](https:\u002F\u002Fwww.qubes-os.org\u002Fnews\u002F2022\u002F10\u002F28\u002Fhow-to-organize-your-qubes)\n- TailsOS; [Manual](https:\u002F\u002Fblokt.com\u002Fguides\u002Ftails-os)\n- WhonixOS; [Manual](https:\u002F\u002Fwww.whonix.org\u002Fwiki\u002FLinux)\n\nFor mobile: \n\n- GrapheneOS; [Forum](https:\u002F\u002Fdiscuss.grapheneos.org\u002Fu\u002F6gsxdr3U)\n- LineageOS; [Manual](https:\u002F\u002Fwiki.lineageos.org\u002Finstall_guides)\n- DivestOS; [Manual](https:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FDivestOS)\n- [Read](https:\u002F\u002Fofficercia.mirror.xyz\u002F0uiAGM50rkQSvHbptcrVkCkyxsnewpAFIdu3oyga42Y)\n- [Comparing VeraCrypt and TrueCrypt with an unexpected result](https:\u002F\u002Fbook.cyberyozh.com\u002Fveracrypt-veracrypt-vs-truecrypt)\n- [Awesome Security Hardening Guides](https:\u002F\u002Fgithub.com\u002Fdecalage2\u002Fawesome-security-hardening)\n- [Endian](https:\u002F\u002Fwww.endian.com\u002Fcommunity\u002F)\n\nAlso check out:\n\n- [sandboxie-plus.com](https:\u002F\u002Fsandboxie-plus.com\u002Fdownloads)\n- [Digital Communications Protocols](https:\u002F\u002Fdocs.google.com\u002Fspreadsheets\u002Fd\u002F1-UlA4-tslROBDS9IqHalWVztqZo7uxlCeKPQ-8uoFOU\u002Fedit?usp=drivesdk)\n- [spideroak.com](https:\u002F\u002Fspideroak.com)\n- [rsync.net](https:\u002F\u002Frsync.net)\n- [nextdns.io](https:\u002F\u002Fnextdns.io)\n- [app.any.run](https:\u002F\u002Fapp.any.run)\n- [Malware - File Analysis](https:\u002F\u002Fstart.me\u002Fw\u002FaJxMm0)\n- [Island](https:\u002F\u002Fisland.oasisfeng.com)\n- [Vanilla OS](https:\u002F\u002Fvanillaos.org)\n- [safing.io](https:\u002F\u002Fsafing.io)\n- [shadowsocks](https:\u002F\u002Fgithub.com\u002Fshadowsocks)\n- [mac.getutm.app](https:\u002F\u002Fmac.getutm.app)\n- [souin](https:\u002F\u002Fgithub.com\u002Fdarkweak\u002Fsouin)\n- [geti2p.net](https:\u002F\u002Fgeti2p.net\u002Fen)\n- [anon-service](https:\u002F\u002Fgithub.com\u002Fbit4mind\u002Fanon-service)\n- [privacy.sexy](https:\u002F\u002Fprivacy.sexy)\n- [Learn Cryptography!](https:\u002F\u002F4pda.to\u002Fforum\u002Findex.php?showtopic=782986)\n- [Catch the Man-in-the-Middle](https:\u002F\u002Fplay.google.com\u002Fstore\u002Fapps\u002Fdetails?id=me.brax.certchecker)\n- [CamWings](https:\u002F\u002Fschiffer.tech\u002Fcamwings-mobile.html)\n- [ScreenWings](https:\u002F\u002Fschiffer.tech\u002Fscreenwings-mobile.html)\n- [rethink-app](https:\u002F\u002Fgithub.com\u002Fcelzero\u002Frethink-app)\n- [kleopatra](https:\u002F\u002Fapps.kde.org\u002Fkleopatra)\n- [DPI tunnel](https:\u002F\u002Fgithub.com\u002Fzhenyolka\u002FDPITunnel-androidhttps:\u002F\u002Fgithub.com\u002Fzhenyolka\u002FDPITunnel-android)\n- [Teletun](https:\u002F\u002Fgithub.com\u002FPiMaker\u002FTeletun)\n- [GoodbyeDPI](https:\u002F\u002Fgithub.com\u002FValdikSS\u002FGoodbyeDPI)\n- [algoVPN](https:\u002F\u002Fgithub.com\u002Ftrailofbits\u002Falgo)\n- [usbraptor](https:\u002F\u002Fsourceforge.net\u002Fprojects\u002Fusbraptor)\n- [Network Bandwidth Analyzer - Bandwidth Monitor](https:\u002F\u002Fwww.solarwinds.com\u002Fnetwork-bandwidth-analyzer-pack?CMP=ORG-BLG-DNS-X_WW_X_NP_X_X_EN_X_X-BAP-20190930_9BestNetworkBan_X_X_VidNo_X-X)\n- [Network and IT infrastructure monitoring for small & medium environments](https:\u002F\u002Fwww.paessler.com\u002Fprtg\u002Fprtg-network-monitor)\n\n**Important OpSec Tip:**\n\nAvoid installing any third-party software, including single-player and multiplayer games, on your primary (for work\u002Fcrypto) computer or phone:\n\n- [Dota 2 Under Attack: How a V8 Bug Was Exploited in the Game](https:\u002F\u002Fdecoded.avast.io\u002Fjanvojtesek\u002Fdota-2-under-attack-how-a-v8-bug-was-exploited-in-the-game)\n- [Dangerous RCE Vulnerability in GTA Online Fixed](https:\u002F\u002Fgridinsoft.com\u002Fblogs\u002Frce-vulnerability-in-gta-online)\n- [What We Know About the Vulnerabilities Keeping ‘Dark Souls’ Offline](https:\u002F\u002Fflashpoint.io\u002Fblog\u002Frce-vulnerability-dark-souls)\n- [Details about the ‘Dark Souls’ hacking exploit have been published](https:\u002F\u002Fwww.nme.com\u002Fnews\u002Fgaming-news\u002Fdetails-about-the-dark-souls-hacking-exploit-have-been-published-3186809)\n- [SiM Swap Attacks Rising in Web3](https:\u002F\u002Fnftnow.com\u002Fnews\u002Fsim-swap-attacks-rising-in-web3\u002F)\n- [Steganography and You: When What You See Isn’t All You Get](https:\u002F\u002Fcasualsteganographer.medium.com\u002Fsteganography-and-you-when-what-you-see-isnt-all-you-get-first-article-ae4c72f9cb91)\n- [Discord Security](https:\u002F\u002Fgithub.com\u002F0xngmi\u002Fdiscord-server-guidelines\u002Fblob\u002Fmaster\u002FREADME.md)\n- [Stop Auto-Download on Telegram: Working Methods for Desktop, iPhone, Android!](https:\u002F\u002Fwww.techbloat.com\u002Fstop-auto-download-on-telegram-methods-android-ios-desktop.html)\n- [Death Note Anonymity](https:\u002F\u002Fgwern.net\u002Fdeath-note-anonymity)\n- [Instant Workstation: Virtual Machines](https:\u002F\u002Finstantworkstation.com\u002Fvirtual-machines)\n\n---\n\n### Problem 8\n\nBe careful about using your real home address online for delivery purposes. Data breaches are now a daily occurrence, and many breaches include customer names and addresses. Your physical address is not as easily changeable as a phone number or email address, so be especially mindful about where you use it on the Internet. \n\n- [DefaultCreds CheatSheet](https:\u002F\u002Fgithub.com\u002Fihebski\u002FDefaultCreds-cheat-sheet\u002F)\n- [Physical crypto attacks](https:\u002F\u002Fgithub.com\u002Fjlopp\u002Fphysical-bitcoin-attacks\u002Fblob\u002Fmaster\u002FREADME.md)\n- [About If you want know, who use your computer when you are not nearby - PC Mouse Tracker](https:\u002F\u002Fgithub.com\u002Fiterweb\u002Fwatcher)\n\nIf you’re ordering pizza with crypto, order it for pickup instead of delivery. When online shopping, use a different (and publicly available) address for package delivery. Options here include your workplace or drop boxes at delivery service providers like FedEx and your local postal service.\n\n- [Read More](https:\u002F\u002Fwww.cnbc.com\u002F2017\u002F11\u002F02\u002Fheres-how-to-protect-your-bitcoin-and-ethereum-from-hacking.html)\n\n**Also:**\n\n- [Torn](https:\u002F\u002Fmirror.xyz\u002Fxanny.eth\u002FSGxwfVQ75831z5vFaS1LrlatUJEhxBvZ2cyTvAdCD0k)\n- [Anon Swaps](https:\u002F\u002Ftelegra.ph\u002FButHow-01-28)\n- [sideshift.ai](https:\u002F\u002Fsideshift.ai)\n- [agoradesk.com](https:\u002F\u002Fagoradesk.com)\n- [Aztecnetwork](https:\u002F\u002Ftwitter.com\u002Faztecnetwork)\n- [Aztec-2 Dune Privacy Dashboard](https:\u002F\u002Fdune.com\u002Fjaosef\u002FAztec-2)\n- [RailGun](https:\u002F\u002Frailgun.ch\u002F#\u002F)\n- [Monero](https:\u002F\u002Ftelegra.ph\u002FCIA-Officer--Monero-05-08)\n\n---\n\n### Problem 9\n\nRemember: You Could Be a Target! We are a natural target for all sorts of attacks — from garden-variety cybercriminals to competitive spying (sounds dramatic, but it’s real!). \n\n> You may create **honeypots** on the working device (assuming you keep to this notion), such as [CanaryToken](https:\u002F\u002Fwww.tomshardware.com\u002Fnews\u002Fuse-a-raspberry-pi-to-catch-hackers-with-opencanary) or [canarytokens.org](https:\u002F\u002Fcanarytokens.org\u002Fgenerate) or [IpLogger](https:\u002F\u002Fiplogger.org). You can also create many wallet.dat files or just create a PDF document called, for example, **Wallet Seed** and hide [traps](https:\u002F\u002Ftwitter.com\u002Flordnarfz0g\u002Fstatus\u002F1554649309580300288) inside. That way, you'll be notified if anything happens or bad actors trigger it! Check out as well: [link1](https:\u002F\u002Fgithub.com\u002Flamer112311\u002FDnnme2), [link2](https:\u002F\u002Fgithub.com\u002FBafomet666\u002FBigbro), [link3](https:\u002F\u002Ft.me\u002Fibederov_en\u002F252), [link4](https:\u002F\u002Fcanarytokens.org). It will work out like a basic SIEM or DLP system. Same goes to your blockchain wallet - [alerts are very important](https:\u002F\u002Fofficercia.mirror.xyz\u002FW-SUbkTf18b3RuPL9DykXQmpexWBZxbp4P1xfCfXo4Y)! Set them up properly!\n\nThat said, it doesn’t really matter what industry you’re in. If you have any sensitive, proprietary information at all (and let’s face it, most people in crypto do), then you could very well be a target. This is a good thing to always keep in mind.\n\n- [Physical Security: Escapology](https:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FEscapology)\n- [Threat modeling for smart contracts step-by-step guide](https:\u002F\u002Fcomposable-security.com\u002Fblog\u002Fthreat-modeling-for-smart-contracts-best-step-by-step-guide)\n- [How to Defend Your Castle | Innovative Trio in Smart Contract Security: Monitoring, Prevention, Defense](https:\u002F\u002Fofficercia.mirror.xyz\u002FW-SUbkTf18b3RuPL9DykXQmpexWBZxbp4P1xfCfXo4Y)\n\n> Anything on a mobile device uses the built in render, aka, brave uses web kit from Apple on iPhone, or blink on Android. They are just ui wrappers with some functionality built on top. I'd say Brave browser is sufficiently secure, but (original) Chromium is better because of the faster updates then on its forks (like Brave). Other tools should be treated with the same attitude. I mean, you can use Chrome both in anonymous and private ways.\n\n> Tor just makes your life easier a little bit. There is neither no out-of-the-box security nor out-of-the-box privacy solutions… There are no bad tools either. You can use obscore privacy enhanced forks like librewolf but its a trade off as you end up being more identifiable through browser fingerprinting, whereas when you use ff\u002Fchrome you are one of millions sharing a similar fingerprint.\n\n\u003Cdetails>\n\u003Csummary>Expand\u003C\u002Fsummary>\n\u003Cbr \u002F>\n\n- [Read More](https:\u002F\u002Fwww.cnbc.com\u002F2021\u002F06\u002F11\u002Ftips-to-help-keep-your-crypto-wallet-secure.html)\n- [Read More](https:\u002F\u002Fwww.usenix.org\u002Fsystem\u002Ffiles\u002F1401_08-12_mickens.pdf)\n- [Drive NFC Hack](https:\u002F\u002Fwww.makeuseof.com\u002Ftag\u002Fdrive-nfc-hack-work)\n- [Web3.0 API Security for TestNet and MainNet Environment for Authorization Attack Prevention Implementation Using Python](https:\u002F\u002Fmedium.com\u002F@spartan_21003\u002Fweb3-0-api-security-for-testnet-and-mainnet-environment-for-authorization-attack-prevention-b39bab63313)\n- [Ethereum nodes security](https:\u002F\u002Fmedium.com\u002F@0xOZ\u002Fethereum-nodes-security-5cce950fcc77)\n- [How To Secure Your Crypto Wallet On A Virtual Machine And Stop Front-Running](https:\u002F\u002Fmedium.com\u002Fimmunefi\u002Fimproving-opsec-in-the-crypto-space-virtual-machine-flashbots-edition-ee2c1fa280c5)\n- [The Evolving Landscape of Privacy in Web3](https:\u002F\u002Fmirror.xyz\u002Fthecryptonomad.eth\u002F7RBs7PRAFCbp4uwSwAm7Y6727A2LfTEA-duSSLhSiAY)\n\n\u003C\u002Fdetails>\n\n---\n\n### Problem 10\n\nRemain Vigilant -  Create a culture of skepticism where they feel comfortable checking twice before clicking a link or responding to a request for sensitive information, and you’ll have a much more secure organization overall. Watch out [physical attacks](https:\u002F\u002Fgithub.com\u002Fjlopp\u002Fphysical-bitcoin-attacks\u002Fblob\u002Fmaster\u002FREADME.md)!\n\n\u003Cdetails>\n\u003Csummary>Expand\u003C\u002Fsummary>\n\u003Cbr \u002F>\n\n- [Wi-Fi Security when holding Crypto assets!](https:\u002F\u002Ft.me\u002Fofficer_cia\u002F377)\n- [Read More](https:\u002F\u002Fwww.ledger.com\u002Facademy\u002Fsecurity\u002Fhack-wifi)\n- [Read More](https:\u002F\u002Fanonymousplanet.org\u002Fguide.html)\n- [SS7 Attacks](https:\u002F\u002Ft.me\u002Fofficer_cia\u002F79)\n- [More SS7 Attacks](https:\u002F\u002Fwww.zdnet.com\u002Farticle\u002F5g-networks-could-be-vulnerable-to-exploit-due-to-mishmash-of-old-technologies)\n- [How to detect IMSI catchers](https:\u002F\u002Farmadillophone.com\u002Fblog\u002Fhow-to-detect-imsi-catchers)\n- [Check out](https:\u002F\u002Ftwitter.com\u002FLaughing_Mantis\u002Fstatus\u002F1579550302172508161)\n- [Wardriving](https:\u002F\u002Fgithub.com\u002FAlexLynd\u002FESP8266-Wardriving)\n- [CreepDetector](https:\u002F\u002Fgithub.com\u002Fskickar\u002FCreepDetector)\n- [AntiCensorship Messaging](https:\u002F\u002Fcensorship.no\u002Fen\u002Findex.html)\n- [Discord e2e encryption](https:\u002F\u002Fgithub.com\u002Fmpgn\u002Fdiscord-e2e-encryption)\n  \n\u003C\u002Fdetails>\n\n---\n\n### Problem 11\n\nOpSec often comes into play in public settings. For example, if members of your team are discussing work-related matters at a nearby lunch spot, during a conference, or over a beer, odds are that someone could overhear. As they say, loose lips can sink ships, so make sure you don’t discuss any sensitive company information while out in public.  \n\n- [On Operational Security in Web3](https:\u002F\u002F0xrusowsky.substack.com\u002Fp\u002Fon-operational-security)\n- [Network Security Myths Busted](https:\u002F\u002Fdarkreading.com\u002Fics-ot\u002Fot-network-security-myths-busted-in-a-pair-of-hacks)\n- [5 Ways to Find Hidden Cameras Using Your Mobile Phone](https:\u002F\u002Fwww.makeuseof.com\u002Ftag\u002Fuse-smartphone-detect-hidden-surveillance-cameras\u002F)\n- [9 Places Where Secret Cameras Are Most Likely to Be Hidden](https:\u002F\u002Fwww.makeuseof.com\u002Fwhere-secret-cameras-are-likely-to-be-hidden\u002F)\n- [Discussion about how to find hidden cameras.](https:\u002F\u002Ft.me\u002Flobsters_chat\u002F411600)\n- [Perform a Self-doxxing!](https:\u002F\u002Fdocs.osintbuddy.com\u002F)\n\nA lot of OpSec missteps can be avoided by being more aware of your surroundings and the context in which you are speaking: what you’re saying, where you are, who you’re speaking to, and who might overhear. It’s a good idea to go over the “no-no’s” for your specific company during onboarding and to remind employees of them periodically. \n\n- [Watch More](https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=hxHqE2W8scQy)\n- [Awesome InfoSec](https:\u002F\u002Fgithub.com\u002Fonlurking\u002Fawesome-infosec)\n- [Dear Security, be a part of the solution](https:\u002F\u002Fmedium.com\u002Fchris-dialogue\u002Fdear-security-be-a-part-of-the-solution-703201425805)\n- [Staying Safe in Web3: OTC Scams](https:\u002F\u002Fpolkaverse.com\u002F@bruno\u002Fstaying-safe-in-web3-otc-scams-30094)\n- [HoneyPots against Hackers](https:\u002F\u002Fvk.com\u002F@greyteam-70-besplatnyh-primanok-dlya-lovli-hakerov)\n- [Randomness Concept](https:\u002F\u002Falpine-agate-fa5.notion.site\u002FRandomness-a0632b0800814de280e273b9cdb264bc)\n- [CIA Triad](https:\u002F\u002Fwww.fortinet.com\u002Fresources\u002Fcyberglossary\u002Fcia-triad#:~:text=The%20three%20letters%20in%20%22CIA,and%20methods%20for%20creating%20solutions)\n- [Detect Personal Information Leakage With OSINT Attack Surface Management](https:\u002F\u002Fosintteam.blog\u002Fdetect-personal-information-leakage-with-osint-attack-surface-management-4a46923dd2fd)\n- [Leveraging Open-Source Intelligence (OSINT) for Enhancing Efficiency in Business Administration: A Comprehensive Examination](https:\u002F\u002Fosintteam.blog\u002Fleveraging-open-source-intelligence-osint-for-enhancing-efficiency-in-business-administration-a-507a44f6517e)\n\n---\n\n### Problem 12\n\nIdentify your sensitive data, including your product research, passwords, intellectual property, financial statements, customer information, and employee information. This will be the data you will need to focus your resources on protecting. Randomization, mimicry and entropy must accompany your every step and manifest itself in literally everything: as you can imagine, the law enforcers of different countries have long ago learned to analyze packets via [DPI](https:\u002F\u002Fgithub.com\u002FValdikSS\u002FGoodbyeDPI) (to counter this you may use something like [this](https:\u002F\u002Fgithub.com\u002FPiMaker\u002FTeletun) or [this](https:\u002F\u002Fgithub.com\u002Fzhenyolka\u002FDPITunnel-androidhttps:\u002F\u002Fgithub.com\u002Fzhenyolka\u002FDPITunnel-android) or [VPN](https:\u002F\u002Fofficercia.mirror.xyz\u002Fx91hTIDFrAL0lgqICRgWU7fLouuCMgvopQ9ZRvRXCLg)), to match them with the post or message time and perform [timing attacks](https:\u002F\u002Fofficercia.mirror.xyz\u002FWeAilwJ9V4GIVUkYa7WwBwV2II9dYwpdPTp3fNsPFjo) and then go to the ISP provider or telecommunications company. \n\nBe smarter. Most likely in the future we will all have to face [AI](https:\u002F\u002Fshare-docs.clickup.com\u002F25598832\u002Fd\u002Fh\u002Frd6vg-14247\u002F0b79ca1dc0f7429\u002Frd6vg-12465) and Neural Network which were made specifically for finding people and information based on [OSINT](https:\u002F\u002Fofficercia.mirror.xyz\u002F5KSkJOTgMtvgC36v1GqZ987N-_Oj_zwvGatOk0A47Ws) and similar (up to [Big Data](https:\u002F\u002Fwww.ledgerinsights.com\u002Famex-visa-citi-back-80m-funding-for-trm-labs-blockchain-intelligence\u002F)) methodologies, so the only thing that will save us is what separates humans from machines - our imagination and our capacity for illogical unpredictable actions. \n\nWhatever you do, do it with some element of randomness. If you find it hard to comprehend, then put it in the hands of playing cards or [random.org](https:\u002F\u002Frandom.org). Do you transfer an amount? Send not an even (1000, 100, 50, etc.) or similar value, and so on. I think you get my point. Once again, be smarter, for example: there is a tool like [Ethereum alarm clock](https:\u002F\u002Fblog.chronologic.network\u002Ftutorial-using-the-ethereum-alarm-clock-cli-63cd1e6416be) ([2](https:\u002F\u002Fwww.ethereum-alarm-clock.com\u002F)), but you have to remember to use it [with caution](https:\u002F\u002Fwww.theblock.co\u002Famp\u002Fpost\u002F178418\u002Fethereum-alarm-clocks-smart-contract-is-being-targeted-by-exploiters). \n\n- [The Wiretap: How The FBI Digs Up Deleted WhatsApp Messages](https:\u002F\u002Fwww.forbes.com\u002Fsites\u002Fthomasbrewster\u002F2023\u002F05\u002F23\u002Fthe-wiretap-fbi-digs-up-deleted-whatsapp-messages\u002F)\n- [anonymousplanet.org](https:\u002F\u002Fanonymousplanet.org\u002F)\n- [Android keyboard for secure E2EE communication through the signal protocol in any messenger](https:\u002F\u002Fgithub.com\u002Famnesica\u002FKryptEY)\n\nMaybe you can come up with your own solution based on [logic bomb](https:\u002F\u002Fgithub.com\u002Fstarius\u002Flogic-bomb\u002Fblob\u002Fmaster\u002Flogic_bomb.c) and [canarytokens.org](https:\u002F\u002Fcanarytokens.org) with [tenderly.co](https:\u002F\u002Ftenderly.co)! The tool previously described [has been hacked](https:\u002F\u002Fwww.theblock.co\u002Famp\u002Fpost\u002F178418\u002Fethereum-alarm-clocks-smart-contract-is-being-targeted-by-exploiters), use with caution and only if you know what you are doing. You can use [Escrow](https:\u002F\u002Fgithub.com\u002FJackBekket\u002Fescrow-eth\u002Fblob\u002Fmaster\u002Fcontracts\u002FEscrowAdvansed.sol) and [Multisig](https:\u002F\u002Fgnosis-safe.io) as a substitute for this.\n\n> [Steganography](https:\u002F\u002Fofficercia.mirror.xyz\u002F8ecJG-s_5E6J1t-h8gUNGqV3hbX8If-E5NnrFrOJHUA) and Cryptography can also be combined for this purpose. After all, cryptography hides information, whereas steganography masks the fact that it was transmitted. For example, if you stenographically double-encrypt your passwords and store them in a cloud-based password manager, hackers (even if the vault is decoded or hacked) will be unable to use them as they will need your [stega-key](https:\u002F\u002Fwww.edureka.co\u002Fblog\u002Fsteganography-tutorial) for this. You would, however, have to decrypt each password each time you are using it, with a special note.\n\n\u003Cdetails>\n\u003Csummary>Expand\u003C\u002Fsummary>\n\u003Cbr \u002F>\n\n- [Steganography](https:\u002F\u002Fofficercia.mirror.xyz\u002F8ecJG-s_5E6J1t-h8gUNGqV3hbX8If-E5NnrFrOJHUA)\n- Check out [this tool](https:\u002F\u002Fgithub.com\u002Futkusen\u002Fwholeaked)!\n- [Check out this awesome Privacy-focused toolkit!](https:\u002F\u002Ftechlore.tech\u002Fresources)\n- [Watch More](https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=0aSQMeoz9ow)\n- [stylesuxx.github.io](https:\u002F\u002Fstylesuxx.github.io\u002Fsteganography)\n- [stegonline.georgeom.net](https:\u002F\u002Fstegonline.georgeom.net\u002Fupload)\n\n\u003C\u002Fdetails>\n\n---\n\n### Problem 13\n\nIdentify possible threats. For each category of information that you deem sensitive, you should identify what kinds of threats are present. While you should be wary of third parties trying to steal your information, you should also watch out for insider threats, such as negligent employees and disgruntled workers. **OpSec is generally more of a failure than the technology!**\n\n> [Keep your friends close, and your enemies closer.](https:\u002F\u002Fen.wiktionary.org\u002Fwiki\u002Fkeep_your_friends_close,_and_your_enemies_closer#:~:text=Proverb,wreak%20havoc%20in%20one's%20life.)\n\n- [Read More](https:\u002F\u002Fdatatracker.ietf.org\u002Fwg\u002Fopsec\u002Fdocuments\u002F)\n- [AnonPlanet](https:\u002F\u002Fanonymousplanet.org\u002Flinks.html)\n- [censorship.no](https:\u002F\u002Fcensorship.no\u002F)\n- [detect.expert](https:\u002F\u002Fdetect.expert\u002F)\n- [WhatBreach](https:\u002F\u002Fgithub.com\u002FEkultek\u002FWhatBreach)\n\n**Offline\u002FRadio + Crypto:**\n\n- [Building a Transaction By Hand](https:\u002F\u002Fklmoney.wordpress.com\u002Fbitcoin-dissecting-transactions-part-2-building-a-transaction-by-hand\u002F)\n- [Generating a Seed Phrase using a Calculator](https:\u002F\u002Fvault12.com\u002Fsecuremycrypto\u002Fcryptocurrency-security-how-to\u002Fcalculator-seed-phrase-generator)\n- [Instruments on the radio waves🛠](https:\u002F\u002Ftelegra.ph\u002FInstruments-on-the-radio-waves-02-01)\n- [No Internet, No Problem: How to Send Bitcoin by Amateur Radio](https:\u002F\u002Fnews.bitcoin.com\u002Fno-internet-no-problem-how-to-send-bitcoin-by-amateur-radio)\n- [The Cypherpunks Tapping Bitcoin via Ham Radio](https:\u002F\u002Fwww.wired.com\u002Fstory\u002Fcypherpunks-bitcoin-ham-radio\u002F)\n- [The Only Safe Way to Store Crypto: Ultimate OpSec](https:\u002F\u002Fofficercia.mirror.xyz\u002Fp1ieZdxQWH4yHCNOXNPHyT8So1cY0X_wMGKwdmavi7s)\n- [Better privacy without special software](https:\u002F\u002Fmprimi.github.io\u002Fportable-secret\u002F)\n\n---\n\n### Problem 14\n\nAnalyze security holes and other vulnerabilities. Assess your current safeguards and determine what, if any, loopholes or weaknesses exist that may be exploited to gain access to your sensitive data.\n\n\u003Cdetails>\n\u003Csummary>Expand\u003C\u002Fsummary>\n\u003Cbr \u002F>\n\n- [Can forensic science still recover data from a hard drive after a seven-pass wipe?](https:\u002F\u002Fwww.quora.com\u002FCan-forensic-science-still-recover-data-from-a-hard-drive-after-a-seven-pass-wipe?)\n- [Gentoo](https:\u002F\u002Fwww.gentoo.org)\n- [TailsOS](https:\u002F\u002Ftails.boum.org\u002Fabout\u002Findex.en.html)\n- [Awesome Memory Forensics](https:\u002F\u002Fgithub.com\u002Fdigitalisx\u002Fawesome-memory-forensics)\n- [WhonixOS](https:\u002F\u002Fwww.whonix.org)\n- [ParrotOS](https:\u002F\u002Fwww.parrotsec.org)\n- You may also try using [LUKS!](https:\u002F\u002Fen.m.wikipedia.org\u002Fwiki\u002FLinux_Unified_Key_Setup)\n- [File carving](https:\u002F\u002Fresources.infosecinstitute.com\u002Ftopic\u002Ffile-carving)\n- [Read More](https:\u002F\u002Fwww.lopp.net\u002Fbitcoin-information\u002Fsecurity.html)\n- [Choose Veracrypt (better) or FileVault!](https:\u002F\u002Fbook.cyberyozh.com\u002Fveracrypt-veracrypt-vs-truecrypt)\n\n\u003C\u002Fdetails>\n\n**Also:**\n\n- [Citation from this resource:](https:\u002F\u002Fwww.quora.com\u002FCan-forensic-science-still-recover-data-from-a-hard-drive-after-a-seven-pass-wipe?top_ans=29806971)\n\nIf you have confidential files you want to protect, store them in cipher text, using 256-bit AES encryption, not in plain text format.\n\nIf you want to sanitize the files, you can run a multi-pass wipe, shred or erase program. Glary Utilities includes a free file shredder tool where you can shred files or folders using Dept of Defense standard 5220.22-M. You can repeat the delete process up to 10 times.\n\n> One may even come up with using an [old-fashioned device](https:\u002F\u002Frichardwarrender.com\u002F2019\u002F03\u002Fpsion-fever-breaching-a-digital-data-island\u002F) without internet\u002Fbluetooth connection. [Check out this example](https:\u002F\u002Fzedstarr.com\u002F2021\u002F06\u002F11\u002Fonline-retro-connecting-psions-mc400-series-3a-machines-to-the-internet\u002F). Do not ever store any back-ups if you are using a similar device for OpSec purposes!\n\nEven if someone was able to recover remnants of old magnetic disk data after 10 shredding passes, they would still not see the plain text data, they would see scrambled cipher text data, and would have to decrypt the very strong 256-bit AES encryption.\n\nBetter yet, don’t store confidential or encrypted files on magnetic storage. Store the files on a removable flash drive that can be shredded with software and physically destroyed if desired. Unplug the flash drive when not in use.\n\n---\n\n### Problem 15\n\nAppraise the level of risk associated with each vulnerability. Rank your vulnerabilities using factors such as the likelihood of an attack happening, the extent of damage that you would suffer, and the amount of work and time you would need to recover. The more likely and damaging an attack is, the more you should prioritize mitigating the associated risk.\n\n\u003Cdetails>\n\u003Csummary>Expand\u003C\u002Fsummary>\n\u003Cbr \u002F>\n\n- [Read More](https:\u002F\u002Fwww.reddit.com\u002Fr\u002Fopsec\u002F)\n- [Tips from TrailOfBits](https:\u002F\u002Fdocs.google.com\u002Fdocument\u002Fd\u002F1-_0Wlwch_vtkPM4F-SdEXLjQYaYT7KoPlU2rjt7tkLQ\u002Fedit)\n- [CryptoCustody Blog](https:\u002F\u002Fcryptocustody.substack.com)\n- [6 Reasons to Avoid Cloud Services and Keep Your Feet on the Ground](https:\u002F\u002Fwww.makeuseof.com\u002Ftag\u002Freasons-avoid-cloud-services\u002F)\n- [How Crypto Stealth Addresses Keep Your Transactions Private](https:\u002F\u002Fwww.makeuseof.com\u002Fhow-crypto-stealth-addresses-keep-your-transactions-private\u002F)\n- [How to Hide Your MAC Address and Why You Should](https:\u002F\u002Fwww.makeuseof.com\u002Fhide-mac-address\u002F)\n- [5 Ways to Hide Apps on Your iPhone](https:\u002F\u002Fwww.makeuseof.com\u002Fways-to-hide-iphone-apps\u002F)\n\n\u003C\u002Fdetails>\n\n---\n\n### Problem 16\n\nGet countermeasures in place. The last step of operational security is to create and implement a plan to eliminate threats and mitigate risks. This could include updating your hardware, creating new policies regarding sensitive data, or training employees on sound security practices and company policies. Countermeasures should be straightforward and simple. \n\n\u003Cdetails>\n\u003Csummary>Expand\u003C\u002Fsummary>\n\u003Cbr \u002F>\n\n- [Create a ‘Panic’ Alarm With Aqara Hub & Siri Shortcuts](https:\u002F\u002Fhomekitnews.com\u002F2020\u002F03\u002F15\u002Fcreate-a-panic-alarm-with-aqara-hub-siri-shortcuts\u002F)\n- [How to use the 'In Case of Emergency' iPhone shortcut to get quick help from rescue services or a contact](https:\u002F\u002Fwww.businessinsider.com\u002Fguides\u002Ftech\u002Fin-case-of-emergency-iphone-shortcut?amp)\n- [Automated Panic Button: Details in Comments](https:\u002F\u002Fwww.reddit.com\u002Fr\u002Fshortcuts\u002Fcomments\u002Fs5mupe\u002Fautomated_panic_button_details_in_comments\u002F)\n- [Event Triggers - Siri](https:\u002F\u002Fsupport.apple.com\u002Fguide\u002Fshortcuts\u002Fevent-triggers-apd932ff833f\u002Fios)\n- [Using Siri Shortcuts as a Panic Button on Apple Watch - Discussion](https:\u002F\u002Ft.me\u002Flobsters_chat\u002F423127)\n- [Panic Button App example](https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=qPiAtEuKM4w)\n  \n\u003C\u002Fdetails>\n\n> If your job requires you to deal with various files (for example, CV), always ask to upload them to Google Drive in preview mode beforehand. Or open them via [dangerzone.rocks](https:\u002F\u002Fdangerzone.rocks). Even with all of the above, always do your work from a separate computer and VM!\n\nEmployees should be able to implement the measures required on their part with or without additional training.\n\n- [Read More](https:\u002F\u002Fhackernoon.com\u002F5-tips-to-prevent-hackers-from-stealing-your-crypto-assets-e2243zig)\n- [Ultimate Guide to Safely Self Custody your Crypto](https:\u002F\u002Fwww.cypherock.com\u002Fblogs\u002Fultimate_guide_to_set_up_crypto_stack_security)\n- [Setting up a VM for crypto operations](https:\u002F\u002Fmedium.com\u002Fimmunefi\u002Fimproving-opsec-in-the-crypto-space-virtual-machine-flashbots-edition-ee2c1fa280c5)\n\n---\n\n### Problem 17\n\nImplement separation of duties. Make sure that those who work on your network are not the same people in charge of security.\n\n> Study [Zero trust security model](https:\u002F\u002Fen.m.wikipedia.org\u002Fwiki\u002FZero_trust_security_model): The zero trust security model, also known as zero trust architecture (ZTA), zero trust network architecture or zero trust network access (ZTNA), and sometimes known as perimeterless security, describes an approach to the design and implementation of IT systems.\n\n- [Read More](https:\u002F\u002Farxiv.org\u002Fabs\u002F2106.10740)\n- [SIEM](https:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FSecurity_information_and_event_management)\n- [DLP](https:\u002F\u002Fdigitalguardian.com\u002Fblog\u002Fwhat-data-loss-prevention-dlp-definition-data-loss-prevention)\n- [IDS](https:\u002F\u002Fwww.geeksforgeeks.org\u002Fintrusion-detection-system-ids\u002F)\n- [How to Generate Your Own GnuPG Key](https:\u002F\u002Fwww.makeuseof.com\u002Fhow-to-generate-your-own-gnupg-key\u002F)\n- [5 Reasons Installing Fewer Apps Helps You Stay Safe](https:\u002F\u002Fwww.makeuseof.com\u002Fwhy-installing-less-software-better-security\u002F)\n\n---\n\n### Problem 18\n\nAutomate tasks to reduce the need for human intervention. Humans are the weakest link in any organization’s operational security initiatives because they make mistakes, overlook details, forget things, and bypass processes.\n\n- [Telegram & Discord Security Best Practices](https:\u002F\u002Ftelegra.ph\u002FTelegram--Discord-Security-Best-Practices-01-02)\n- [Read More](https:\u002F\u002Fweb.mit.edu\u002Fsmadnick\u002Fwww\u002Fwp\u002F2019-05.pdf)\n- [Read More](https:\u002F\u002Fmedium.com\u002Fimmunefi\u002Fhow-not-to-get-hacked-on-telegram-2db2b93a5fa2v)\n- [Check out: Littlesnitch tool](https:\u002F\u002Fwww.obdev.at\u002Fproducts\u002Flittlesnitch)\n\n---\n\n### Problem 19\n\nIncident response and disaster recovery planning are always crucial components of a sound security posture. Even when operational security measures are robust, you must have a plan to identify risks, respond to them, and mitigate potential damages.\n\n- [Read More on Incident Response Plans](https:\u002F\u002Fwww.crowdstrike.com\u002Fcybersecurity-101\u002Fincident-response\u002F)\n- [Read More](https:\u002F\u002Ftrustwallet.com\u002Fblog\u002Fhow-to-stay-safe-on-the-internet-crypto-guide)\n\n\n---\n\n### Problem 20\n\nRisk management: The process of identifying, assessing and controlling threats to an organization's capital and earnings. These risks stem from a variety of sources including financial uncertainties, legal liabilities, technology issues, strategic management errors, accidents and natural disasters.\n\n\u003Cdetails>\n\u003Csummary>Expand\u003C\u002Fsummary>\n\u003Cbr \u002F>\n\n- [Violent Attack Vectors in Web3: A Detailed Review](https:\u002F\u002Fofficercia.mirror.xyz\u002FqfhQ_ocTPKnO5EqMlZ2ixIX7oBIfz5Tznid82EucbYk)\n- [Here's a List of 29 Different Types of USB Attacks](https:\u002F\u002Fwww.bleepingcomputer.com\u002Fnews\u002Fsecurity\u002Fheres-a-list-of-29-different-types-of-usb-attacks)\n- [Bluetooth Attacks and Security Tips – Awareness Results in Bette","该项目是一个收集和讨论最佳DeFi、区块链及加密货币相关操作安全（OpSec）研究和数据终端的资源库。它汇集了大量关于如何保护个人或组织在使用区块链技术时的安全性资料，包括但不限于工具、链接、文章等，并鼓励社区贡献内容。其核心功能在于提供一个全面的知识库，涵盖从基础到高级的各种安全措施和技术指导。适合任何对提高自己在处理加密货币及相关技术时的安全意识有兴趣的人士，尤其是开发者、数字游民以及希望保护自身资产免受黑客攻击或诈骗行为影响的用户。",2,"2026-06-11 03:29:13","top_topic"]