“[Operational] security (OPSEC) is a process that identifies critical information to determine if friendly actions can be observed by enemy intelligence, determines if information obtained by adversaries could be interpreted to be useful to them, and then executes selected measures that eliminate or reduce adversary exploitation of friendly critical information.” – Wikipedia

This is a page for me to track cool OPSEC-oriented resources that I like. This page will be updated and reorganized.

OPSEC: Because Jail is for wuftpd

Type: Video, conference talk

URL: https://www.youtube.com/watch?v=9XaYdCdwiWU

Description: This video covering hacker OPSEC is a necessary watch for anyone who is interested in the subject, especially hackers. The Grugq covers some very interesting case studies that allow you to learn from other hackers OPSEC failures.

B3RN3D.com

Type: OPSEC blog

URL: http://www.b3rn3d.com/

Description: B3RN3D is a blogger that is well-versed with topics such as operational security, maintaining anonymity, and mass surveillance. I often reference this blog.

GreySec Hacking Forums

Type: Forum board

URL: https://greysec.net/forumdisplay.php?fid=10

Description: GreySec is a community of hacker-oriented types, many of which have an interest in Anonymity/Privacy research, like me. There are a lot of great threads on this forum worth checking out, and users with unique perspectives on hacker OPSEC.

The Paranoid’s Bible: An anti-dox effort

Type: Resource repository

URL: https://paranoidsbible.tumblr.com/library

Description: Self-described as a “repository of knowledge meant to help people remove their information (Dox) from the web and people search engines.” Excellent, credible resource for removing information about your current identity.

Alpraking’s OPSEC guide to being a successful kingpin

Type: Text guide

URL: https://pastebin.com/0CxYx1BD

Description: Alpraking is an experienced drug kingpin in the online black market. In this post, he describes how he manages people and his drug operation with respect to operational security. Without great operational security, he would not be in business. This piece offers fantastic perspective from the black market community.

How to Disappear: Erase Your Digital Footprint, Leave False Trails, And Vanish

Type: Book

URL: https://www.amazon.com/How-Disappear-Digital-Footprint-Without/dp/1599219778

Description: This reading focuses on the offline side of disappearance; Frank Ahearn, an experienced skip tracer, guides us in preventing skip tracers and other parties from tracking our trail. This is an interesting read for anyone who wishes to conceal his or her real identity. Pro-tip: start by buying this book with cash and a hoodie in a brick-and-mortar bookstore.

How to Lie to People: Achieving Anonymity through Disinformation and Data Poisoning

Type: Text guide

URL: https://pastebin.com/tXhiMk36

Description: DIzzIE provides helpful insight on how to lie effectively, and explains why and how lying can benefit your persona. This excellent resource can be read on your lunch break.

OPSEC failures of spies

Type: Video, conference talk

URL: https://www.youtube.com/watch?v=BwGsr3SzCZc

Description: A case study on targeted surveillance. Explains how “telling” metadata is, specifically metadata pertaining to cellphone networks. This case study provides the opportunity to learn from the OPSEC failures of spies.

How to Master Secret Work

Type: Text publication

URL: http://www.historyisaweapon.com/defcon1/secretwork.html

Description: Discusses the necessity of being able to carry out work and operations with assured secrecy. Governments subject to corruption have used dirty tactics to silence opposition parties in the past, and they will do it again. This resource will aid you in your thinking for illustrating underground operations in secrecy.

Centralised Place for Privacy Resources

Type: Blog, resource repository

URL: https://themanyhats.club/centralised-place-for-privacy-resources/

Description: A list of privacy resources and security technologies. Great resources, it is definitely worth checking this list out to get more familiar with modern day security technologies and pro-privacy solutions.

Surveillance Self-Defense

Type: Resource repository

URL: https://ssd.eff.org/en

Description: Collection of resources, tutorials, and briefings pertaining to counter-surveillance efforts. Includes tutorials for secure deletion, using PGP, OTR, 2FA, Signal, Tor services, etc.

The Motherboard Guide to Not Getting Hacked

Type: Guide (PDF)

URL: https://assets.documentcloud.org/documents/4222455/The-Motherboard-Guide-To-Not-Getting-Hacked.pdf

Description: Generally good advice for security practices. Covers security basics, mobile security, privacy, messaging, and avoiding state and police surveillance.

DEF CON 22: Blinding The Surveillance State

Type: Surveillance conference talk

URL: https://www.youtube.com/watch?v=xCH_q-xn760

Description: Christopher Soghoian discusses the importance of HTTPS for thwarting bulk data collection efforts, the importance of “translating” cybersecurity talk to politicians, lawmakers and court systems, among other things. I would recommend this talk to privacy activists and advocates.

Things NOT to Do

Type: OPSEC Guide

URL: https://www.whonix.org/wiki/DoNot

Description: A list of things that you should not do, with a general focus on the Tor network. Great OPSEC resource.

Computer Security Education

Type: Computer OPSEC Guide

URL: https://www.whonix.org/wiki/Computer_Security_Education

Description: A general computer security guide, with a noticeable respect to operational security. Even if you practice pretty good defensive security, there are special operational security considerations in this guide.

The CryptoPaper

Type: Personal Security Guide

URL: https://github.com/cryptoseb/CryptoPaper

Description: “Privacy, Security, and Anonymity For Every Internet User”

OnionLand Forum

Type: Discussion forum

URL: http://onionlandbakyt3j.onion.link/ (.onion requires Tor Browser)

Description: A darknet discussion forum for darknet related things and operational security. Requires Tor Browser to browse.