updated deniability tutorial

2024-11-25 19:00:31 +01:00 · 2024-11-25 19:00:31 +01:00 · 3e4ac30f1f
commit 3e4ac30f1f
parent 42f5a5dd8c
7 changed files with 195 additions and 3 deletions
--- a/opsec/deniability/index.html
+++ b/opsec/deniability/index.html
@ -121,6 +121,33 @@ The door is closed, the conversation remains between Alice and Bob, their conver
 	    <div class="container">
 			<div class="row">
 				<div class="col-lg-8 col-lg-offset-2">
+          <h2><b>What if i destroy the evidence ?</b></h2> </br> </br>
+<p>One common arguement that is being brought up is <b>"what if i destroy the data before the adversary can see it?"</b> lets see the following scenario:</p>
+<pre><code class="nim">
+-You started doing sensitive actions on your <a href="../graphene/index.html">graphene OS phone</a>
+-Somewhere you slipped up, and now the adversary is busting down your door and holding you at gunpoint, handcuffing you and taking you to the nearest station.
+-Now the adversary is telling you "by order of the judge, you are now going to unlock that phone."
+
+-But, you've got your ace up your sleeve, you configured <b><a href="https://grapheneos.org/features#duress">a duress password</a> on your graphene OS phone</b>, meaning that once you type that special password, the contents of your phone are irreversibly deleted, with no possible recovery.
+
+-You type the password, and the phone contents are getting deleted, right in front of the adversary. What now ? 
+
+</pre></code>
+<p>Now you are in a situation where the adversary knows that you intentionally destroyed the contents of your phone, <b>he knows that you do not intend to cooperate, and that on top of it you destroyed potential evidence</b>. Where do you think that get you in court ?</p>
+<p>If you were just pretending to have forgotten your password, you'd be found to be in Contempt of Court (approx 6 months jailtime), But here from the point of view of the adversary, he's perceiving it as you knowingly and intentionally <b><a href="https://www.criminaldefenselawyer.com/crime-penalties/federal/Tampering-with-evidence.htm">tampering with evidence</a> which is way worse, as the sentences for that can go up to 20 years in prison.</b></p>
+<p>So in short, <b>you need it to look like you are cooperating with the adversary</b>, you must be able to give him a password, and when he unlocks the encrypted volume, he must find nothing incriminating about you, which is why we need deniable encryption.</p>
+
+				</div>
+			</div><!-- /row -->
+	    </div> <!-- /container -->
+	</div><!-- /white -->
+
+
+  <!-- +++++ Second Post +++++ -->
+	<div id="anon2">
+	    <div class="container">
+			<div class="row">
+				<div class="col-lg-8 col-lg-offset-2">
          <h2><b>Why is Deniable Encryption Vital?</b></h2> </br> </br>
 <p>From a legal standpoint, the only way to be protected against that scenario where you're forced to decrypt your harddrive <b>is to be able to deny the existence of said encrypted volume (Plausible Deniability)</b> . If the encrypted volume does not exist, there is no password to be given for it.</p>
 <p>So here we need a technology that can provide us Plausible Deniability. <b>That is what Veracrypt can do for us</b>.</p>
@ -135,7 +162,7 @@ The door is closed, the conversation remains between Alice and Bob, their conver
 	    </div> <!-- /container -->
 	</div><!-- /white -->
  <!-- +++++ Second Post +++++ -->
-	<div id="anon2">
+	<div id="anon1">
 	    <div class="container">
 			<div class="row">
 				<div class="col-lg-8 col-lg-offset-2">
--- a/opsec/index.html
+++ b/opsec/index.html
@ -317,9 +317,9 @@

 <p>🧅 Serverside - Plausible Deniability at Home (⚠️ <a href="sensitiveremotevshome/index.html">Self Hosting = Risky!</a>)</p>
 <ol>
-				<li><a href="pf_virt/index.html">✅ Open source router VM setup (pfsense on QEMU/KVM)</a></li>
+				<li><a href="pf_virt/index.html">❌ Open source router VM setup (OpnSense on QEMU/KVM)</a></li>
                <li><a href="failovers/index.html">✅ Electrical Failover (basic UPS setup)</a></li>
-                <li><a href="failover-wan/index.html">✅ Internet Failover (Dual WAN pfsense setup)</a></li>
+                <li><a href="failover-wan/index.html">❌ Internet Failover (Dual WAN OpnSense setup)</a></li>
                <li><a href="https://git.nowhere.moe/nihilist/blog-contributions/issues/66">❌ Isolating on-premise hidden services (VM-based restrictive networking)</a></li>
                <li><a href="https://git.nowhere.moe/nihilist/blog-contributions/issues/33">❌ Deniable Encryption Protection (emergency shutdown script, shortcut, + systemd service)</a></li>
                <li><a href="physicalsecurity/index.html">🟠 Automating Deniable Encryption Protection (USB Changes, detecting movements, and SSH bruteforce attempts)</a></li>
--- a/opsec/opnsense_router_vm/0.png
+++ b/opsec/opnsense_router_vm/0.png
--- a/opsec/opnsense_router_vm/1.png
+++ b/opsec/opnsense_router_vm/1.png
--- a/opsec/opnsense_router_vm/2.png
+++ b/opsec/opnsense_router_vm/2.png
--- a/opsec/opnsense_router_vm/3.png
+++ b/opsec/opnsense_router_vm/3.png
--- a/opsec/opnsense_router_vm/index.html
+++ b/opsec/opnsense_router_vm/index.html
@ -0,0 +1,165 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <meta name="description" content="">
+    <meta name="author" content="">
+    <link rel="shortcut icon" href="../../../../../../assets/img/favicon.png">
+
+    <title>Open source router VM setup (OpnSense on QEMU/KVM)</title>
+
+    <!-- Bootstrap core CSS -->
+    <link href="../../assets/css/bootstrap.css" rel="stylesheet">
+	<link href="../../assets/css/xt256.css" rel="stylesheet">
+    
+    
+
+    <!-- Custom styles for this template -->
+    <link href="../../assets/css/main.css" rel="stylesheet">
+
+    
+
+    <!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->
+    <!--[if lt IE 9]>
+      <script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script>
+      <script src="https://oss.maxcdn.com/libs/respond.js/1.3.0/respond.min.js"></script>
+    <![endif]-->
+  </head>
+
+  <body>
+
+    <!-- Static navbar -->
+    <div class="navbar navbar-inverse-anon navbar-static-top">
+      <div class="container">
+        <div class="navbar-header">
+          <button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse">
+            <span class="icon-bar"></span>
+            <span class="icon-bar"></span>
+            <span class="icon-bar"></span>
+          </button>
+          <a class="navbar-brand-anon" href="\index.html">The Nihilism Blog</a>
+        </div>
+        <div class="navbar-collapse collapse">
+          <ul class="nav navbar-nav navbar-right">
+
+            <li><a  href="/about.html">About</a></li>
+            <li><a  href="/blog.html">Categories</a></li>
+<li><a href="https://blog.nowhere.moe/donate.html">Donate</a></li>
+            <li><a  href="/contact.html">Contact</a></li>
+          </ul>
+        </div><!--/.nav-collapse -->
+        
+      </div>
+    </div>
+
+	<!-- +++++ Posts Lists +++++ -->
+	<!-- +++++ First Post +++++ -->
+	<div id="anon2">
+	    <div class="container">
+			<div class="row">
+				<div class="col-lg-8 col-lg-offset-2">
+  					<a href="../index.html">Previous Page</a></br></br><p><img src="../../assets/img/user.png" width="50px" height="50px"> <ba>nihilist@mainpc - 2024-11-24</ba></p>
+<h1>Open source router VM setup (OpnSense on QEMU/KVM) </h1>
+<img src="0.png" class="imgRz">
+<p>In this tutorial we're going to take a look at how to setup OpnSense in a VM, in order to have the ability to do a dual-wan setup, while maintaining the FOSS requirement (which <a href="https://github.com/rapi3/pfsense-is-closed-source">pfsense cannot provide</a>).</p>
+          
+	       </div>
+			</div><!-- /row -->
+	    </div> <!-- /container -->
+	</div><!-- /grey -->
+
+	<!-- +++++ Second Post +++++ -->
+	<div id="anon3">
+	    <div class="container">
+			<div class="row">
+				<div class="col-lg-8 col-lg-offset-2">
+          <h2><b>Setting up the VM </b></h2>
+<p>First let's create an isolated LAN network virt-manager:</p>
+<p>Then, let's download the latest Opnsense iso:</p>
+<img src="1.png" class="imgRz">
+<img src="2.png" class="imgRz">
+<pre><code class="nim">
+nihilist@mainpc:/run/media/nihilist/VAULT/Isos$ bzip2 -d OPNsense-24.7-dvd-amd64.iso.bz2 	
+nihilist@mainpc:/run/media/nihilist/VAULT/Isos$ file OPNsense-24.7-dvd-amd64.iso 
+OPNsense-24.7-dvd-amd64.iso: ISO 9660 CD-ROM filesystem data 'OPNSENSE_INSTALL' (bootable)
+
+</code></pre>
+
+<p>Next, we create the VM itself by using the iso we just downloaded:</p>
+<p>Now before starting the VM, we make sure that it has 2 network adapters, one being the WAN, and the other being the LAN. (take note of the mac addresses of either network interface, as we'll need to identify which one is which.)</p>
+<p>Then we begin installing the VM as follows:</p>
+<p>And then, we make sure the opnsense router VM acts as a DHCP server for the LAN:</p>
+<p>After that, we put a debian VM in the LAN to test if the network configuration works as intended:</p>
+<p>Here we see that we can access the router VM from the LAN just fine, so we're good!</p>
+				</div>
+			</div><!-- /row -->
+	    </div> <!-- /container -->
+	</div><!-- /white -->
+
+  <div id="anon2">
+	    <div class="container">
+			<div class="row">
+				<div class="col-lg-8 col-lg-offset-2">
+          <h2><b>Dual WAN Setup</b></h2> </br> </br>
+<p>Here we currently have the router VM using the </p>
+<img src="" class="imgRz">
+
+<p></p>
+<img src="" class="imgRz">
+<pre><code class="nim">
+	
+</code></pre>
+
+<p></p>
+<img src="" class="imgRz">
+<pre><code class="nim">
+	
+</code></pre>
+
+				</div>
+			</div><!-- /row -->
+	    </div> <!-- /container -->
+	</div><!-- /white -->
+
+
+	<!-- +++++ Footer Section +++++ -->
+
+	<div id="anonb">
+		<div class="container">
+			<div class="row">
+				<div class="col-lg-4">
+					<h4>Nihilism</h4>
+          <p>
+						Until there is Nothing left.</p></br></br><p>Creative Commons Zero: <a href="../../../../opsec/runtheblog/index.html">No Rights Reserved</a></br><img src="\CC0.png">
+						
+					</p>
+				</div><!-- /col-lg-4 -->
+
+				<div class="col-lg-4">
+					<h4>My Links</h4>
+					<p>
+
+						<a target="_blank" rel="noopener noreferrer" href="http://blog.nowhere.moe/rss/feed.xml">RSS Feed</a><br/><a target="_blank" rel="noopener noreferrer" href="https://simplex.chat/contact#/?v=2-7&smp=smp%3A%2F%2FL5jrGV2L_Bb20Oj0aE4Gn-m5AHet9XdpYDotiqpcpGc%3D%40nowhere.moe%2FH4g7zPbitSLV5tDQ51Yz-R6RgOkMEeCc%23%2F%3Fv%3D1-3%26dh%3DMCowBQYDK2VuAyEAkts5T5AMxHGrZCCg12aeKxWcpXaxbB_XqjrXmcFYlDQ%253D&data=%7B%22type%22%3A%22group%22%2C%22groupLinkId%22%3A%22c3Y-iDaoDCFm6RhptSDOaw%3D%3D%22%7D">SimpleX Chat</a><br/>
+
+					</p>
+				</div><!-- /col-lg-4 -->
+
+				<div class="col-lg-4">
+					<h4>About nihilist</h4>
+					<p style="word-wrap: break-word;"><u>Donate XMR:</u> 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8</p></br><p><u>Contact:</u> nihilist@contact.nowhere.moe (<a href="https://nowhere.moe/nihilist.pubkey">PGP</a>)</p>
+				</div><!-- /col-lg-4 -->
+
+			</div>
+
+		</div>
+	</div>
+
+
+    <!-- Bootstrap core JavaScript
+    ================================================== -->
+    <!-- Placed at the end of the document so the pages load faster -->
+    
+  </body>
+</html>