OPSEC — Network & transport security
OPSEC — Network & transport security
Sub-nota atomica del manual maestro manual-paranoid-opsec. Cada capitulo es una nota propia para consulta directa por dominio operativo.
7. Network & Transport Security
7.1 Threat Landscape
Networks are often the weakest link in OPSEC. Even if devices are hardened, traffic analysis, metadata collection, and interception can compromise identities.
- Passive surveillance: ISPs, IXPs, governments recording traffic.
- Active interception: MITM, rogue access points, DNS poisoning.
- Metadata correlation: timing analysis, packet size signatures, cross-jurisdiction data sharing.
- Commercial tracking: advertising networks, third-party analytics.
7.2 VPN Usage
- Use only trusted, audited VPNs with strong no-log policies.
- Prefer VPN providers outside your own jurisdiction.
- Avoid free or unverified VPNs (high risk of data monetization).
- Chain VPNs with Tor when stronger unlinkability is needed.
- Always test for DNS and WebRTC leaks after connecting.
7.3 Tor & Onion Routing
- Tor Browser ensures traffic looks like every other Tor user.
- Bridges and pluggable transports (obfs4, meek) help evade censorship.
- Never log into personal accounts via Tor.
- Use separate circuits for different personas.
- Be mindful of exit node monitoring – never transmit plaintext sensitive data.
7.4 Proxies & Chaining
- HTTP/SOCKS proxies can add layers but do not provide encryption.
- Use multi-hop configurations: VPN → Tor → Proxy or vice versa.
- For OSINT scraping, rotating proxies can reduce account lockouts.
- Avoid commercial “residential proxy” services tied to user devices (ethical and OPSEC concerns).
7.5 DNS & Resolution
- Use encrypted DNS (DoH or DoT).
- Consider self-hosted recursive resolvers (e.g., Unbound, Knot Resolver).
- Be aware that DNS queries often reveal as much as web traffic itself.
- Monitor with tools like dnscrypt-proxy.
7.6 Wi-Fi & Access Points
- Never connect to public Wi-Fi without VPN or Tor.
- Assume hotel, airport, and café Wi-Fi are hostile by default.
- Randomize MAC addresses (modern OS can do this automatically).
- Prefer tethered connections from burner mobile devices when possible.
7.7 Transport Layer Security
- Always enforce HTTPS (use HTTPS Everywhere or built-in equivalents).
- Validate certificates when in doubt; avoid click-through.
- Consider using TLS fingerprint randomization (e.g., uTLS libraries for custom clients).
7.8 Monitoring & Testing
- Check connections with Wireshark or mitmproxy.
- Test VPN leaks at ipleak.net.
- Run periodic audits: does your IP/geolocation ever leak?
🔥 Extreme Practices (Optional)
- Chain multiple independent network layers: e.g., local VPN → Tor → foreign VPN → custom proxy. Each in a different jurisdiction.
- Rotate entire network stacks frequently — new SIM, new VPN provider, new Tor bridges — to avoid long-term correlation.
- Treat all ISPs as compromised: never rely on provider secrecy.
- Use satellite internet or shortwave/radio links in extreme denial-of-service or censorship scenarios.
- For sensitive transfers, use sneakernet: physically move data on encrypted drives via trusted couriers instead of any online channel.
- Employ traffic shaping and padding (e.g., obfs4, meek, Snowflake, VPN obfuscation modes) to make packet sizes and timing indistinguishable.
- Consider multi-jurisdictional relays you control (self-hosted VPN endpoints in foreign countries).
- For ultimate deniability: one-time network identities – a SIM or access point is used only once, then permanently discarded.
Desde Inbox: Cibervigilancia de Redes
Importado desde
Inbox/Cibervigilancia de Redes.mddurante consolidacion bulk.
Cibervigilancia de Redes - Indice de Fuentes Underground
Resumen
Indice maestro que organiza todas las fuentes para cibervigilancia del underground digital. Agrupa categorias de fuentes: pastes, Telegram, foros underground, mercados negros, motores de busqueda Tor, mercados de exploits, grupos de ransomware y Twitter.
Categoria
Cibervigilancia / Fuentes underground / Indice maestro.
Herramientas y Recursos
Fuentes Principales
| Categoria | Nota | Descripcion |
|---|---|---|
| Pastes | pastebins | Sitios de paste donde se publican datos filtrados |
| Telegram | social-media-tools | Canales y grupos underground en Telegram |
| Foros Underground | threat-actor-search | Directorio de ~200 foros underground y darknet |
| Mercados Negros | threat-actor-search | Directorio de ~120 mercados underground |
| Tor Search | dark-web-search-engines | Motores de busqueda en la red Tor |
| Exploits | data-breach-search-engines | Bases de datos y mercados de exploits |
| Ransomware | threat-actor-search | Grupos y sitios de leak de ransomware |
| Twitter/X | social-media-tools | Cuentas clave de threat intel en Twitter |
Casos de Uso
- Punto de partida para operaciones de cibervigilancia del underground
- Seguimiento de threat actors en multiples plataformas
- Deteccion temprana de filtraciones de datos
- Monitoreo de mercados de exploits y ransomware
Notas
- Este es el indice principal para cibervigilancia - cada enlace lleva a un catalogo detallado
- threat-actor-search y threat-actor-search son los catalogos mas extensos
- Mantener actualizado el estado online/offline de las fuentes