An End-User’s Guide to Laptop Security

NOTICE! Everything herein is presented purely as purely hypothetical–a work of fiction.

There are a number of concerns to address, depending on the precise nature of what you are doing. This is by no means a comprehensive list:

• Your MAC address if you are connecting to a network. One thing to try is macchanger. This happens by default on some systems.
• Any other hardware serial numbers which may be sent to a third party (e.g., Windoze). The thing to do is to switch to an operating system that is designed for your particular purposes.
  • For anonymity, Tails is the flagship operating system.
  • For most red team purposes, use Kali.
  • For some blue team purposes, try ADHD.
• Data left on your hard drive (or in memory if your assets are seized by a competent red team).
• JavaScript and other client-side languages which may leak through your defenses. Switch to a specialized browser with script-blocking features. This comes installed by default on some systems.
• Any other applications which may leak through your defenses. You will need a router that funnels all the traffic over VPN and, if you’re not using Tails, you’ll need to daisy chain it together with a TOR-router that connects to the aforementioned router.
• Your ISP noticing sketchy traffic caused by your defenses. Your VPN-TOR daisy chain mitigates this issue.
• The TOR exit nodes are probably particularly shady. You’ll need to use an anonymous crypto-currency, such as Monero (i.e., not BitCoin, etc.) to anonymously pay for a VPN subscription from a trustworthy providor. Configure your client systems to connect to the internet via this VPN or, better yet, create another VPN-router, completing the VPN-TOR-VPN router sandwhich. The complete design is:
  • client systems ->
  • anon-VPN-router ->
  • TOR-router ->
  • free-VPN-router ->
  • internet This network stack is best built using separate hardware devices, but can be emulated using containers or virtualization technology. If you’re running this in VMs, then you’ll need a more powerful laptop with a lot more memory.
• Now you can focus your attention on the laptop itself–it needs to be sourced anonymously, either by proxy or by paying cash in an anonymous way. It needs to be able to boot either your live CD or live USB. If you are using persistence features, you’ll need to use a reasonable encryption system with a reasonable password.
• If you somehow manage to leak data onto your hard drive or your laptop’s hardware information over the internet, then you’ll have to destroy it. This is an extreme measure and rarely necessary. It would be better to anonymously liquidate it once you’re done. Using the aforementioned design, the laptop’s hard drive will remain untouched (i.e., it may still have the previous user(s) data, and it should have an idiot-accessible operating system, such as Winslows or Linux Mint).

A lighter-weight, more mobile setup:

• One of the aforementioned live CDs/USBs.
• A lighter-weight laptop (i.e., less memory => less money).
• Possibly a privacy modification for the laptop’s monitor. This has the trade-off of being pretty noticeable and obviously strange. https://www.instructables.com/id/Privacy-monitor-made-from-an-old-LCD-Monitor/
• If there are cameras, an infrared-enabled freedom-face, such as:
  • https://www.digitaltrends.com/cool-tech/facial-recognition-hat-infrared/
  • https://odditymall.com/justice-caps-hide-your-face-from-surveillance-cameras
• Someone else’s internet connection, preferrably outside a certain radius of any place your frequent, etc.

DISCLAIMER: The information contained within this article is purely hypothetical, and intended for educational purposes (i.e., to demonstrate how a red team organization may be structured and operate).