Skip to content

0xbitx/OPSEC

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
README.md
README.md
 
 

Repository files navigation

Rookie OPSEC mistakes

Yo, listen up! If you wanna keep your personal info safe and avoid any drama, you gotta steer clear of these rookie OPSEC mistakes

  • Using Personal Email for Work: Don’t be mixing your personal and work emails, man. It’s like leaving your front door wide open. Keep ‘em separate to avoid sensitive info spilling out.

  • Sharing Too Much on Social Media: Chill with the oversharing on social media, bro. No need to post every detail about your job, where you’re headed, or what you’re up to. Creeps and scammers are always lurking, looking for that kinda info.

  • Work-Related Searches: Avoid using your personal email for work-related Google searches. The feds can subpoena your account and pull out those searches.

  • Weak Passwords: Quit it with the weak passwords. Go for something strong and unique for each account. None of that “password123” junk. Use a password manager if you have to, but keep your passwords tight.

  • Phishing Scams: Stay sharp with those sketchy emails. If it looks fishy, it probably is. Don’t be clicking random links or downloading weird attachments. Double-check the sender’s email address and think twice before you act.

  • Insecure Browsing Habits: Don’t Ignore Browser Security Alerts When your browser warns you about a potentially unsafe website or an invalid SSL certificate, don’t bypass the alert. These warnings are there for a reason—they indicate that the site may be compromised, fake, or insecure. Ignoring them could expose you to phishing, malware, or data theft. Always prioritize safety over convenience and avoid proceeding to such sites.

  • Browsing on Public Wi-Fi: You Don’t Need a VPN to Secure Your Data—Just Use an Updated Browser and Force HTTPS Connections, Most websites today support HSTS (HTTP Strict Transport Security) and use HTTPS by default, which encrypts your data and protects it from eavesdropping or tampering. As long as you’re using an updated browser and ensure you’re connecting to websites over HTTPS, your data is secure even on public Wi-Fi. However, a VPN can still be useful for additional privacy or accessing restricted content. Always verify the padlock icon in your browser’s address bar to confirm a secure connection.

  • Poor Disposal of Documents: When you’re done with papers that got personal info, shred ‘em. Don’t just toss ‘em in the trash where anyone can snatch ‘em. Protect your info from dumpster divers.

  • Location Sharing: Turn off your location services unless you absolutely need ‘em. You don’t need everyone knowing where you are 24/7. Keep that info to yourself and stay off the grid.

  • Unauthorized Software: Only download apps and software from legit sources. None of that pirated stuff – it’s usually packed with malware that can jack your data. Stick to official app stores and trusted websites.

  • Insecure Storage of Devices: Keep your gear locked down. Don’t leave your laptop, phone, or USB drives lying around where they can get snatched. Use passwords and encryption to keep your data safe if your device goes missing.

  • Unencrypted Communications: When you’re sending sensitive info, use encrypted emails or messaging apps. Don’t let anyone eavesdrop on your convos. Apps like Signal or ProtonMail are your friends here.

  • Public Charging Stations: Watch out for public charging stations. They can be rigged to steal your data. Always carry your own charger and use a power bank if you need to juice up on the go.

  • Personal Devices for Work: Avoid using your personal phone or laptop for work stuff. If your company doesn’t provide devices, make sure you have separate user profiles and strong security settings to keep things separate.

  • Auto-Connecting to Wi-Fi: Disable auto-connect for Wi-Fi on your devices. You don’t want your phone hooking up to sketchy networks without you knowing. Always check and connect manually.

  • Turning Off Wi-Fi When Not in Use: Turn off Wi-Fi when you’re not using it. Attackers can see your previously connected Wi-Fi networks and potentially discover your physical location through wardriving.

  • Software Updates: Don’t slack on software updates. Keeping your OS and apps up to date patches security holes that hackers can exploit. Set your devices to update automatically if you can.

  • Bluetooth Security: Turn off Bluetooth when you’re not using it. Hackers can use it to send keystrokes or access your device without you even knowing. Keep it off and stay safe.

  • Multi-Factor Authentication (MFA): Use multi-factor authentication wherever you can. It adds an extra layer of security by requiring more than just a password to access your accounts. It’s like having a double lock on your door.

  • Physical Security: Don’t forget about the physical side of security. Lock your laptop and phone when you’re not using them, and don’t leave them out in public or unsecured places.

  • Browser Extensions: Be cautious with browser extensions. Only install ones from trusted sources and check the permissions they ask for. Some can spy on your browsing habits or worse.

  • Using Long-Range Antennas: If you need to connect to public Wi-Fi, use a long-range antenna to tap into a signal from a distance. It helps hide your actual location and keeps you more anonymous online.

  • Clearing Metadata: Before sharing files or photos, strip out any metadata. This info can reveal where a photo was taken or what device was used. Tools like ExifTool can help with this.

  • Secure Backup: Regularly back up your data, but make sure those backups are secure. Use encrypted drives or cloud services that offer strong security measures to keep your data safe from loss or theft.

  • Device Encryption: Encrypt your devices so that if they get stolen or lost, your data remains protected. Most modern smartphones and laptops have built-in encryption options – just make sure they’re turned on.

  • Screen Sharing: Avoid screen sharing as it can lead to personal information leaks or accidentally share your identity. If you must share your screen, be mindful of what is visible and close any unnecessary tabs or documents.

  • Linking Personal Accounts: Don’t link your personal accounts or any IRL-related account info (like Spotify, Steam, etc.) on platforms like Discord. Keeping these accounts separate helps protect your privacy and prevent personal information leaks.

Protecting Your Data from OSINT (Open Source Intelligence)

Limit Publicly Available Information:

  • Regularly audit your online presence. Search for your name, email, and phone number on search engines to see what information is publicly available.
  • Remove or request the removal of personal details from data broker websites, people-search sites, and public directories.

Tighten Social Media Privacy Settings:

  • Set your social media profiles to private or restrict access to friends and family only.
  • Avoid sharing sensitive information like your address, workplace, or daily routines.
  • Disable location tagging and geotagging in photos.

Use Pseudonyms or Alternate Identities:

  • Consider using a pseudonym or alternate identity for non-critical online accounts (e.g., gaming, forums, or subscriptions).
  • Avoid using your real name, email, or phone number when signing up for services that don’t require it.

Be Cautious with Public Records:

  • Be mindful of public records like property ownership, court documents, or voter registration. In some cases, you can request to have your information redacted or restricted.
  • Use a P.O. Box or virtual address for public records instead of your home address.

Avoid Oversharing in Online Communities:

  • Be cautious about sharing personal details in forums, comment sections, or online communities. Even seemingly harmless information can be pieced together to build a profile of you.
  • Use throwaway accounts for sensitive discussions.

Avoid Screen Sharing/Recording:

  • Avoid screen sharing as it can lead to personal information leaks or accidentally expose your identity.
  • when screen sharing on a smartphone or computer, you might accidentally reveal your connected Wi-Fi network name (SSID), a list of available Wi-Fi networks in your area, or even your device’s MAC address. Attackers can use this information to track your location through wardriving databases like WiGLE. If you must share your screen, be mindful of what is visible, close any unnecessary tabs, apps, or documents, and avoid navigating to network settings or sensitive information.
  • The date and time displayed on your desktop or phone during screen sharing can also reveal your location. Many devices automatically set the time zone based on your geographical location. Example: If your screen shows a time zone like "GMT+2" or a city name like "New York," attackers can infer your country or region. This information, combined with other data, can be used to narrow down your exact location.

Monitor Your Digital Footprint:

  • Use tools like Google Alerts to monitor mentions of your name, email, or other personal details online.
  • Regularly review and delete old accounts or posts that may expose sensitive information.

Use Unique Usernames Across Platforms:

  • Avoid using the same username across multiple platforms. This makes it harder for someone to connect your accounts and build a comprehensive profile of you.
  • Use a username generator or randomizer for added anonymity.

Be Careful with Photos and Metadata:

  • Strip metadata (e.g., EXIF data) from photos before sharing them online. This prevents revealing details like location, device used, or timestamps.
  • Avoid posting photos that reveal identifiable landmarks, license plates, or other sensitive details.

Secure Your Domain and Online Assets:

  • If you own a domain, use WHOIS privacy protection to hide your personal information from public databases.
  • Regularly review and secure any online assets (e.g., websites, blogs) to prevent them from being exploited.

Use Disposable Email Addresses and Phone Numbers:

  • For online sign-ups or non-critical services, use disposable email addresses (e.g., from services like TempMail) and virtual phone numbers (e.g., Google Voice).
  • This reduces the risk of your primary contact information being exposed.

Be Mindful of Professional Profiles:

  • Review and limit the information you share on professional networking sites like LinkedIn. Avoid listing sensitive details like your exact job title, projects, or contact information.
  • Use a generic email address for professional profiles instead of your personal one.

Regularly Review App Permissions:

  • Check the permissions granted to apps on your devices. Revoke access to apps that don’t need access to your location, contacts, or other sensitive data.
  • Uninstall apps that collect excessive data or have poor privacy practices.

Use Encrypted Messaging and Email Services:

  • For sensitive communications, use encrypted messaging apps (e.g., Signal) and email services (e.g., ProtonMail) to prevent interception or data leaks.
  • Avoid using SMS or unencrypted email for sharing sensitive information.

Educate Yourself on OSINT Techniques:

  • Learn about common OSINT tools and techniques (e.g., Google Dorking, social media scraping) to understand how your data can be collected.
  • Use this knowledge to identify and close potential vulnerabilities in your online presence.

Regularly Update and Secure Your Accounts:

  • Use strong, unique passwords and enable multi-factor authentication (MFA) on all accounts to prevent unauthorized access.
  • Regularly review account activity and log out of unused sessions.

Avoid Posting Personal Achievements or Milestones:

  • Be cautious about sharing personal achievements, such as graduations, promotions, or awards, as these can be used to build a profile of you.
  • If you must share, do so selectively and with trusted individuals.

Use a VPN for Anonymity:

  • A VPN can help mask your IP address and location, making it harder for OSINT collectors to track your online activities.
  • Choose a reputable VPN provider with a no-logs policy.

Be Wary of Online Quizzes and Surveys:

  • Avoid participating in online quizzes, surveys, or personality tests that ask for personal information. These are often used to collect data for OSINT purposes.
  • Even seemingly harmless questions can reveal sensitive details about you.

Regularly Clean Up Old Accounts:

  • Delete or deactivate old accounts on social media, forums, and other platforms that you no longer use.
  • Old accounts can be a goldmine for OSINT collectors, especially if they contain outdated but sensitive information.

Stick to these tips and keep your personal info on lockdown. Protect yourself and stay ahead of the game. Stay safe out there!

About

rookie OPSEC mistakes

Topics

opsec operational secutiry

Resources

Readme
Activity

Stars

5 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published