opsec – PwnDefend

Some TOX Clients Leak Egress IP addresses

Some friends and I did some testing this evening with TOX clients. We wanted to take a look at PERSEC/OPSEC considerations for using TOX. I also had a sneaky suspicion that it might out of the box leak more than people would appreciate (just a hunch and you don’t know until you test right!).

So, we setup a test. In the test we had:

Education

How to get some OPSEC with Kali?

There are major questions that must be answered here!

How do we change the hostname in KALI Linux?
How do we change the default TTL to look like a Windows Machine?
How do we pretend to be a SAMSUNG device/How do we change our MAC address?

Threat Intel

OPSEC is Hard: Are you even trying?

OPSEC is hard! Doing things that are covert is expensive and time consuming. Being invisible in today’s digital age is very hard. Operating covertly in plain sight it also hard.

Everything about this “stuff” is hard, except sometimes maybe it’s just viewed as “it’s hard and expensive” so why even bother, or conversely… maybe the objective can be “we want people to know it was us.”

Either way there’s some interesting reading if we look at “cyber” and “opsec”. For the minute I’ve just started to collect a list of links to articles which show some of the ways opsec failures have occurred in the past in relation to the GRU.