0rc4

So You Wanna Write Malware . . .

Posted on 2025/03/27 by 0rc4

. . . But you don’t wanna spend a shit ton of money learning to write malware.

You’re welcome.

I guess run it through VirusTotal if you’re paranoid. There are things in these files that will show up as malware, though, of course. If you really are worried, just sandbox it.

Removing Metadata from Files

Posted on 2025/01/28 - 2025/01/28 by 0rc4

I cannot stress the importance of remaining as anonymous as possible online as an anarchist enough. Regardless of your level of action, or if you have not taken action at all, the State will take your opposition seriously. So every precaution must be taken to make your identification take as many resources as possible, therefore likely making you not worth the cost.

This post, of course, is not a comprehensive guide on the entirety of digital opsec practices or security culture as a whole. (For more information on all of that, I’d recommend reading these linked posts, as well as AnarSec, NoTrace Project, and these zines from Riot Medicine.) Here, we will focus primarily on the removal of metadata from files and photos.

Most people that submit anonymous communiques for actions are keenly aware of this and take appropriate steps, but the newly radicalized may be completely ignorant to the dangers of metadata. For example, when you snap a photo with your smartphone, it automatically adds GPS information to that photo. Anyone can download a photo from your social media page and view the exif data with easily accessible tools, therefore entirely compromising you in one swift motion.

I’ve written previously that I do not recommend using Windows, as their telemetry practices can be detrimental to privacy if not disabled, even if they did sort of walk back their plans to take screenshots every few minutes. For now.

However, since this is the most commonly used operating system, and switching to Linux may be, as of now, too difficult for some newcomers to all of this, we will start there and then move forward:

1. Windows

I recommend the free and opensource tool ExifCleaner for Windows users.
- ExifCleaner is a simple GUI application that supports removing metadata from photos, videos, and PDF documents.
- ExifCleaner is cross-platform and can therefore be used with Mac as well.
- Cleaning metadata is as simple as dragging and dropping a file into the GUI and deleting metadata from there.

2. Debian-based Linux Distributions

I feel as though Linux distros beyond Debian-based are beyond scope of this article as they are less common. For example, the typical Arch Linux user is well-versed enough to know how to install and use a tool like this, considering what it takes to install and maintain it. However, I will add installation instructions if asked to do so.

For Linux users, I recommend using ExifTool.
- - Installing ExifTool on Linux distributions:
```
sudo apt update
sudo apt install exiftool
```
  - Using exiftool to remove metadata:
```
exiftool -all= /path/to/file
```
- - Viewing metadata to verify it was erased:
```
exiftool /path/to/file
```

3. Android & iOS

Using a smartphone for pretty much anything is not necessarily recommended. (see: Kill the Cop in Your Pocket.) The recommendation for having a smart phone will always come down to using GrapheneOS, on which exif-eraser also works.

Android:
- exif-eraser is a great opensource metadata removal tool for Android devices.
- There is an easy-to-use app called Photo Metadata Remover that I would recommend.
iOS:
- The recommended app for iOS users for metadata removal is called Meta Remove.

Anarcho-OpSec

Posted on 2024/12/08 - 2025/03/29 by 0rc4

Some time ago, a friend of mine sent me this Digital Safety Tips for Organizers: Online Privacy Checklist to look over.

I think it’s great and brings up a lot of important points regarding maintaining online anonymity for organizers. However, I think it can be touched up a bit with some broader knowledge and application when it comes to infosec practices for activists, especially considering the incoming presidential administration following the 2024 general election; who’s to say what tactics will be employed to defeat “the opposition?” In my opinion, it’s important to be over-prepared for these situations.

Some of these suggestions may seem highly technical for the inexperienced individual, and therefore may present a bit of a learning curve. They may also seem like overkill or inconvenient. But I promise you, when it comes to the many ways an individual can be tracked and subsequently doxxed and/or investigated and arrested, it is worth it to take the time to learn and employ these tactics.

Depending on the actions taken by an organization, even if by a decentralized collective of otherwise anonymous individuals, one misstep can mean the end for you, and potentially your comrades, at the hands of law enforcement or an ultra-right-wing lunatic (if you can even tell the difference between the two). Please note that this is not an attempt at fear-mongering, but rather to prepare you.

Because of various skill levels among individuals, if any of these steps prove to be too difficult for you, consider consulting a trusted and technologically-inclined comrade to assist you. Approach the learning process with an open mind, and you’ll solidify a lot of useful knowledge that can be applied in various ways to maintain your online privacy in several avenues of your online life.

As always, assess your threat model and make decisions based on that.

This document will cover the tech aspects of operational security and won’t go into detail about correlation attacks and stylometry attacks, which is when your usage of anonymous online activities is cross-referenced with your mobile devices and other online activities (like doing something illegal over Tor and immediately shutting down your computer and going to the mall), as well as the analysis of your unique pattern of expression (the way you communicate online). I may make a separate post about those at a later time.

A Concise Online OpSec Guide for Anarchists, Activists and Organizers:

1. Take Stock of Your Online Presence

Check https://HaveIBeenPwned.com to see if your account credentials have been included in data leaks.
- If you’re running Linux, you can also use a tool called Breach-Parse, which may be a bit more thorough when hunting for your own breached credentials. Instructions for installation and usage can be found at the following link:
  - https://github.com/hmaverickadams/breach-parse

Don’t be a victim of open-source intelligence
- Google yourself and take note of what you find about yourself through these searches. Is your address, phone number, email, etc appearing in publicly available databases?
  - Data Removal Workbook: https://inteltechniques.com/data/workbook.pdf

- Are you using social media and is it necessary that you use social media?
  - Think of social media as a database of your personal information and behavior patterns. When it comes to a determined adversary, you can be identified even by the way you casually communicate through written channels, and you could be publishing personally-identifying information without even realizing it.
  - Don’t use the same username on more than one account to prevent being tracked across several profiles.
  - Be mindful of what can be seen in photos you are publishing on social media.
    - Consider the doxx of Eric Clanton, the Berkeley Bike Lock professor, which led to his subsequent arrest.

- - If it is necessary that you use social media, keep your personal profiles and activist profiles entirely separate.
    - Any profiles you use to report on or talk about activist activities should be used with a pseudonym derived from something that is not personally connected to you. These profiles should only accessed from behind a truly anonymous VPN like Riseup VPN or, even better, through the Tor network.

2. Secure Your Accounts and Communication

Use a Password Manager
- I recommend KeePassXC because it is a local database. Use the password generator in the tool to create long (20+ characters of random upper/lowercase letters, numbers, and symbols), unique passwords for your accounts.
- Store the password you use to access your KeePassXC database on a separate storage media in the event that your PC is compromised.
- Do not save passwords in your browser in the event that you are accidentally compromised through it.

Use a two-factor authentication app like Authy on any and all accounts you can.
- Do not use text message 2FA if it can be helped. Keep in mind that your personal info is publicly available if you haven’t had it removed yet, and that information can be used to target you in an attack called a SIM Swap, which can be used to bypass your 2FA if it is SMS-based.

Keep all email communications on encrypted email services such as Protonmail
- Consider using PGP to encrypt your emails, which will ensure your emails are only viewable by intended recipients, even if your email has been compromised, and will eliminate the chances of spear-phishing campaigns potentially leveraged against your affinity group/collective/etc.
- Use a throwaway email for quick communications that don’t need to be directly tied to your private persona.
  - Guerrilla Mail is a great option for this.
    - https://www.guerrillamail.com/

- There are also some great anonymous email services on the Tor network:
  - RiseUp (Anarchist created and maintained): vww6ybal4bd7szmgncyruucpgfkqahzddi37ktceo3ah7ngmcopnpyyd.onion
  - Mail2Tor – mail2torjgmxgexntbrmhvgluavhj7ouul5yar6ylbvjkxwqf6ixkwyd.onion
  - TorBox – torbox36ijlcevujx7mjb4oiusvwgvmue7jfn2cvutwa6kl6to3uyqad.onion

OnionShare is a great hidden service for anonymously sharing files between individuals or devices.

Use encrypted messaging apps on your phone and PC
- Signal is a great option, especially now with their username option. But I like Session better because it routes everything through a decentralized network like Tor, and you are identified by a hash instead of a username.
- Cwtch is another great option, as it works the same as Session and gives you an option to lock your profile behind a password.

3. Secure Your Devices

Encrypt everything
- Use VeraCrypt, which can be used for Full Disk Encryption as well as creating encrypted containers for files, and even hidden containers.
  - https://www.veracrypt.fr/en/Home.html

- Ubuntu has a Full Disk Encryption option on initial installation.
- Do not leave your device unattended and unencrypted.
Make your device tamper-evident.
- https://www.anarsec.guide/posts/tamper/ / http://uwb25d43nnzerbozmtviwn7unn7ku226tpsjyhy5n4st5cf3d4mtflqd.onion/posts/tamper/

Spoof your MAC address:
- - ***You can also spoof your hostname with this process***
- You can create a service on Linux that does this automatically on bootup:
  - - Create a script and make it executable (***run ifconfig to find your wireless interface***):
  sudo nano /usr/local/bin/randomize_mac.sh
  
  File:
  #!/bin/bash
  
  # Interface name (change this to your network interface)
  INTERFACE=”<YOUR WIRELESS INTERFACE>”
  
  # Bring the interface down
  sudo ip link set dev $INTERFACE down
  
  # Randomize the MAC address
  sudo macchanger -r $INTERFACE
  
  # Bring the interface back up
  sudo ip link set dev $INTERFACE up
  
  Make script executable:
  sudo chmod +x /usr/locla/bin/randomize_mac.sh
  - - Create a service file and enable it:
  sudo nano /etc/systemd/system/randomize_mac.service
  
  File:
  [Unit] Description=Randomize MAC Address on Boot After=network.target
  
  [Service]
  Type=oneshot
  ExecStart=/usr/local/bin/randomize_mac.sh
  RemainAfterExit=yes
  
  [Install]
  WantedBy=multi-user.target
  
  Enable the service:
  sudo systemctl enable randomize_mac.service

Stop using Windows
- Using Windows while caring about your digital privacy is like locking the front door because you’re scared someone is coming in through the back door.
- Overwrite Windows with a Linux distro using a bootable USB drive and harden it with this guide: https://theprivacyguide1.github.io/linux_hardening_guide
Use a VPN
- Use Mullvad and pay for it with Monero.
  - set autoconnect, lockdown-mode and multihop to ON
- You can also use Riseup VPN, which is a free logless and login-less VPN created and maintained by anarchists, but there are less useful features than Mullvad.
Disable anything that sends info back to a service or company:
- Data sharing
- Location services
- Error reporting
- Usage statistics
Use a timezone on your PC that is very far away from where you live because of timestamps.
Turn off Bluetooth.
Set your trash to only keep files for one hour
- Set your trash to delete temporary files every hour.
Keep your username and hostname as generic as possible
- for example: user@linux

For especially sensitive things, use TailsOS, which is an amnesiac operating system used through a bootable flash drive that leaves no trace on your device.
Consider having a “burner” device that you only use on public WiFi for your activist activities.
Use BleachBit to clean up your device if you need to
- https://www.bleachbit.org/
Use wipe on Linux devices to render sensitive files unrecoverable when you no longer need them.
- wipe does 34 overwrites on files.
Use exiftool to remove exif data from your files before you upload them anywhere.
Use search engines that do not track you:
Use LibreWolf for clearnet activities, NOT Chrome or Edge or Firefox
- Use browser extensions that block ads and trackers:
  - uBlock Origin
  - Facebook Container (if you’re using Meta platforms to spread news under your separate activist profile; do NOT use Facebook or Instagram apps on your phone)
  - Privacy Badger
If you are hacking, run any command that connects with another host through torsocks.
- you must have tor installed and tor.service enabled.
  - Additional hacking tips:
    - Use a long-range wifi card to connect to public WiFi far away or compromised routers.
    - You can proxy through VPS or compromised servers.

If you’re using an Android device, consider using GrapheneOS
- https://grapheneos.org/

Turn off biometrics on your devices. Newer androids and iPhones encrypt your device when the screen is locked behind a passcode.
- This is especially important for if you need to bring your phone with you to a protest. You don’t want your phone being decrypted by a cop just pointing it at your face.

4. Additional Resources

Data Removal Workbook: https://inteltechniques.com/data/workbook.pdf
DIY Data Removal Guide: https://joindeleteme.com/help/diy-free-opt-out-guide/
AnarSec: https://www.anarsec.guide/ / http://uwb25d43nnzerbozmtviwn7unn7ku226tpsjyhy5n4st5cf3d4mtflqd.onion/
NoTrace: https://www.notrace.how/ / http://i4pd4zpyhrojnyx5l3d2siauy4almteocqow4bp2lqxyocrfy6prycad.onion/

0rc4’s 1337 List of Resources

Posted on 2024/11/20 - 2025/01/06 by 0rc4

PRIVACY

OPSEC

LEARN TO HACK

HACKING OPERATING SYSTEMS

MALWARE DEVELOPMENT

So You Wanna Write Malware?

ZINES

FTP Distro

ENCRYPTED CHAT APPS

TOR HIDDEN SERVICES FOR ANARCHISTS & HACKERS

This list will change as more resources are discovered and as the digital landscape continues to evolve.

By coming to this site, you agree that you will not use any of the disclosed information for illegal purposes. This site is for educational and entertainment purposes only.