ULTIMATE OPSEC MACHINE BUILD - BECOME A GHOST IN THE MATRIX

[Man]

[THE CIA HATES THIS TRICK]​

OPSEC is a forgotten art. Really, some people in these communities act like what they're doing isn't illegal. The cockiness of getting away with a few things may make you think you're untouchable, but don't forget, there exists an entire security industry that exists just to stop what you're doing. If you're not practicing good OPSEC and staying untraceable, it wont be long until the wrong person finds out who you really are.

This is one of endless examples of cyber security and fraud prevention professionals spying on telegram groups, and in this case, directly getting members arrested.
The goal of the tutorial is to improve your computer's operational security, or OPSEC. When law enforcement is continuously weakening our online stalking, it is imperative that the right security measures are put in place. Many fraudsters expose themselves to serious hazards by willingly using laptops and notebooks, which are known to be insecure.

When your adversaries have limitless resources, in-depth expertise, and unrestricted time to investigate you, your machine's susceptibility is a pressing concern. From the destruction or manipulation of your study to gaining sensitive information from sources and endangering lives, invasions can have disastrous consequences. In addition, it only takes a moment to ruin your reputation and body of work.

Important Note:
We presume that you have already installed Debian on your computer (the machine you will use for your research or the machine/HD where you will test this guide) in order for you to follow along with this tutorial.

It is important to remember that you might not be ready to continue with this guide if you have never installed Debian on your own. I'm not saying you can't do it; in fact, it will be easier because, once the installation is complete, all you have to do is copy and paste the instructions from this guide into your terminal. Since you can't just copy and paste like you can with the other steps in this post, I believe the installation to be the most complicated portion.

THE GOOD NEWS IS, IF YOU CAN INSTALL DEBIAN, THE REST IS SIMPLE - JUST COPY AND PASTE INTO YOUR TERMINAL...

Open a terminal and execute the following command:

su

Install the sudo and adduser packages:

apt update

Note: It’s possible the terminal may generate an error and not update; if this happens, follow the next 2 steps below.

sudo nano /etc/apt/sources.list

Erase whatever is there and paste the code below:

deb http://deb.debian.org/debian bookworm main non-free-firmware
deb-src http://deb.debian.org/debian bookworm main non-free-firmware

deb http://deb.debian.org/debian-security/ bookworm-security main non-free-firmware
deb-src http://deb.debian.org/debian-security/ bookworm-security main non-free-firmware

deb http://deb.debian.org/debian bookworm-updates main non-free-firmware
deb-src http://deb.debian.org/debian bookworm-updates main non-free-firmwar

Press ctrl + O to save Press Enter Press ctrl + X to exit

Note: If the update error doesn’t occur, ignore the above procedure and continue to the command below:

apt full-upgrade

apt install --no-install-recommends sudo adduser

Create a group called ‘console’:

/usr/sbin/addgroup --system console

Add your Linux username to the ‘console’ group. Be sure to replace ‘user’ with your actual username (or your sock puppet’s):

/usr/sbin/adduser user console

Add the user ‘user’ to the ‘sudo’ group. Depending on your level of experience, follow the appropriate instructions:

/usr/sbin/adduser user sudo

Restart the system:

/sbin/reboot

Installing and Configuring the Tor Browser​

Open the terminal and type:

sudo apt update

Download the APT Signing Key:

wget https://www.kicksecure.com/keys/derivative.asc

Add the APT Signing Key:

sudo cp ~/derivative.asc /usr/share/keyrings/derivative.asc

Add the derivative repository:

echo "deb [signed-by=/usr/share/keyrings/derivative.asc] https://deb.kicksecure.com bookworm main contrib non-free" | sudo tee /etc/apt/sources.list.d/derivative.list

Update your package lists:

sudo apt-get update

Install tb-updater:

sudo apt-get install tb-updater

Choose YES

Configuring the Tor Browser​

Once the terminal completes, it may be necessary to go to “Applications -> Internet and click Tor Browser (AnonDist)”

CHOOSE YES

Choose YES

Now just wait……

It will do all the work for you (Stay alert, it will display some windows with warnings ‘READ ALL,’ you will understand, and when it re-verifies the signature, it will print something like: ‘Good Signature.’ If it doesn’t show this, abort the installation.

Ok, Good signature.. Choose YES

Once the installation is complete, open the Tor browser

• Open the Tor Browser: Launch the Tor Browser on your device.
• Access settings: In the upper right corner, click on the icon to open the menu and select “Settings” or “Preferences.”
• Select “Connection”: Within the settings, you will see the available configuration options.
• Bridge Configuration: Go to the “Select a Built-In Bridge…” button and click on it.
• Choose obfs4: Within the bridge options, choose “obfs4.”

It should look like this screen.

Click OK and Restart: After entering the bridge information, save the settings and restart the Tor Browser.

To restart Tor, go to the ‘broom’ icon in the upper right corner.

Test the Connection: After restarting, check if the configuration is working correctly.

Open the Tor Browser and confirm that you are using the obfs4 bridges to access the Onion network.

Virtual Machine Installation​

Open a terminal

Update the package lists:

sudo apt update

Install the Debian fasttrack signing key:

sudo apt install --no-install-recommends fasttrack-archive-keyring

Add the Debian fasttrack repository:

echo 'deb https://fasttrack.debian.net/debian/ bookworm-fasttrack main contrib non-free' | sudo tee /etc/apt/sources.list.d/fasttrack.list

Add Debian the backports repository:

echo 'deb https://deb.debian.org/debian bookworm-backports main contrib non-free' | sudo tee /etc/apt/sources.list.d/backports.list

Update the package lists again:

sudo apt update

Install VirtualBox and Linux kernel headers:

sudo apt install --no-install-recommends virtualbox-qt linux-headers-$(dpkg - print-architecture)

Add your current user to group vboxusers:

sudo adduser $(whoami) vboxusers

Done.

The procedure of installing the VirtualBox host software is complete.
To open VirtualBox, go to Applications -> System and click on VirtualBox.

Install Additional Applications​

Opening Synaptic:

You can find Synaptic in the applications menu or start it by typing ‘synaptic’ in the terminal.

Run Synaptic with administrator privileges using the command:

sudo synaptic

Exploring the Interface:

The Synaptic interface is attractive and intuitive. Just click on ‘Search’ and enter the name of the software.

Synaptic will open with an interface divided into three panels: Categories on the left, Package list in the middle, and Package details on the right. The Synaptic interface is attractive and intuitive. Just click on ‘Search’ and enter the name of the software.

Use the search bar to find specific packages.

Installing Packages:

Browse the list of packages until you find the desired software. Mark the package for installation by right-clicking or checking the box to the left of the name. Click ‘Apply’ to start the installation process. Install the following applications: Zulucrypt, Bleachbit, Kleopatra and OnionShare.

Installation/Procedure for Morphing (Linux Hardening)​

It is necessary to install the “curl” package.

To do so, follow steps below:

Update the package list:

sudo apt update

Update the system:

sudo apt full-upgrade

Install the “curl” package. The use of the — no-install-recommends parameter with the apt command is, in most cases, optional.

sudo apt install --no-install-recommends curl

Done.

The installation procedure for “curl” has been completed.

Download the Kicksecure signature key and add it to the system with the following commands:

sudo torsocks curl --output /usr/share/keyrings/derivative.asc --url http://www.w5j6stm77zs6652pgsij4awcjeel3eco7kvipheu6mtr623eyyehj4yd.onion/keys/derivative.asc

Done.

Add the Repository

Add the Kicksecure APT Repository.

Choose Option A; there are three options as listed below, and we will choose Option A as it is the most secure.

A: Onion Repository
B: Clearnet Repository via Tor
C: Clearnet Repository

Option A: Add the Kicksecure Onion Repository.

To add the Kicksecure Repository via Onion, install the “apt-transport-tor” package from the Debian repository.

sudo apt install apt-transport-tor

Next, add the Kicksecure APT Repository to the default Kicksecure, using the stable Debian (at the time of writing, it was “bookworm”):

echo "deb [signed-by=/usr/share/keyrings/derivative.asc] tor+http://deb.w5j6stm77zs6652pgsij4awcjeel3eco7kvipheu6mtr623eyyehj4yd.onion bookworm main contrib non-free" | sudo tee /etc/apt/sources.list.d/derivative.list

Done.

Install the Kicksecure Package​

Choose a Kicksecure package.

CLI Version: Exclusive command-line interface (CLI) version. This version does not modify the graphical environment of the system. It provides kernel enhancement, increased entropy, and other security features."

GUI Version: Similar to the CLI version, but installs the Xfce graphical environment and default applications. Useful if Debian was installed without a graphical environment, and you want the Kicksecure graphical environment (Xfce). This is the one we will choose!!"

For host operating systems: kicksecure-xfce-host

Install a Kicksecure package, such as “kicksecure-xfce-host.”

To do this, follow steps below:

Update the package list:

sudo apt update

Update the system:

sudo apt full-upgrade

Install the “kicksecure-xfce-host” package.

The use of the --no-install-recommends parameter with the apt command is, in most cases, optional.

sudo apt install --no-install-recommends kicksecure-xfce-host

Wait for it to complete.

Done.

AVOID BIG BROTHER​

Post-Installation​

Move the original file “/etc/apt/sources.list” to a temporary location (or delete it) as it will be replaced by “/etc/apt/sources.list.d/debian.list” from Kicksecure:

sudo mv /etc/apt/sources.list ~/

Configure the onionized Debian repositories. Open the file “/etc/apt/sources.list” with the text editor “nano” and replace the existing content with the following:

sudo nano /etc/apt/sources.list.d/debian.list

An file like this will appear; take note of the green lines. If yours doesn’t have green lines, simply go to the beginning of the line and remove the # (also known as uncommenting the line).

If you don’t find it in your file, just copy the lines below, paste them into the file, and save.

deb tor+https://fasttrack.debian.net/debian bookworm-fasttrack main contrib non-free
deb tor+http://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian bookworm main contrib non-free
deb tor+http://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian bookworm-updates main contrib non-free
deb tor+http://5ajw6aqf3ep7sijnscdzw77t7xq4xjpsy335yb2wiwgouo7yfxtjlmid.onion/debian-security bookworm-security main contrib non-free
deb tor+http://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian bookworm-backports main contrib non-free

Press ctrl+O to save.

Press Enter.

Press ctrl+X to exit.

Confirm that the onionized repositories are functional.

sudo apt update && sudo apt full-upgrade

Installing and Configuring the Firewall​

To install GUFW, open the terminal and type the following command.

sudo apt install gufw

This command will install the firewall. Once the installation is complete, go to the “Applications” menu, point to “Settings,” and in the submenu, click on “Firewall Configuration.”

Enable the Profile:​

Click on “Status” to activate the profile.

Incoming and Outgoing:​

Mark both as “Deny” to block all incoming and outgoing traffic.

Access Rules:​

Click on “Rules.”

Add a Rule:​

In the bottom-left corner, when pointing the mouse, click on the “+” sign that will appear as “Add a rule…”

Rule Type:​

Click on “Simple.”

Outgoing Configuration:​

Select “Outgoing” and choose the “Allow” option.

Set the Direction:​

In “Direction,” select “Out” (do not change the other options).

Add the allowed services and their associated ports:​

“Name”: DNS, “Port”: 53 —Click on “+ Add”.
“Name”: HTTP, “Port”: 80 — Click on “+ Add”.
“Name”: HTTPS, “Port”: 443 — Click on “+ Add”.
“Name”: PRIVOXY, “Port”: 8118 — Click on “+ Add”.
“Name”: TOR, “Port”: 9050 — Click on “+ Add”.

Done

Your firewall is configured with the defined rules, it should look like the image below:

Click on the X to close GUFW.

To enable the Uncomplicated Firewall (UFW) at system startup, you can use the following command:​

sudo systemctl enable ufw

Restart your computer.​

During the boot screen, you will notice a change; you should see something similar to the image below:

Note that now GRUB displays text related to Kicksecure and no longer to Debian. Also, observe that there is an option “LIVE mode USER (For daily activities.)” Soon we will see how to use this option. For now, keep the option “Kicksecure GNU/Linux” selected.

Wait for the system to start, log in with your user.

Tor Service and Privoxy Configuration (Step by Step)​

Installation of Tor and Privoxy:

Install Tor and Privoxy with the following commands:

Note: Since you installed the Kicksecure Package, the Tor Service was automatically installed by default. However, to confirm, simply enter the following command in the terminal:

sudo tor --version

An interface similar to this should appear, displaying the Tor Service version and additional information.

If it doesn’t appear, you will have to install it with the command below:

sudo apt install tor

Now install Privoxy with the command below:

sudo apt install privoxy

Tor and Privoxy Configuration:

Enable the Tor service to start automatically with the system:

sudo systemctl enable tor

Enable the Privoxy service to start automatically with the system:

sudo systemctl enable privoxy

Configure Privoxy to forward connections to Tor:

Open the Privoxy configuration file in a text editor, such as Nano:

sudo nano /etc/privoxy/config

Locate the line containing “forward-socks5” and remove the “#” at the beginning of the line to uncomment it.

Save the changes by pressing Ctrl + O to save, confirm with Enter, and press Ctrl + X to Exit.

Start the Tor and Privoxy services:

sudo systemctl start tor && sudo systemctl start privoxy

If necessary, restart the services:

sudo systemctl restart tor

sudo systemctl restart privoxy

DNS Configuration:

Open the DNS configuration file in a text editor, such as Nano:

sudo nano /etc/resolv.conf

Remove all existing lines and add the following lines to configure the DNS servers (use DNS servers of your preference if desired):

nameserver 9.9.9.9
nameserver 149.112.112.112

Save the changes to the file.

Protect the DNS configuration file against accidental modifications:

sudo chattr +i /etc/resolv.conf

Restart the services:

sudo systemctl restart tor

sudo systemctl restart privoxy

Now let’s configure the proxy on the system. Some people prefer to set it up in the browser, but I prefer to apply it system-wide. For this, I recommend installing the Gnome-Control-Panel, which is an intuitive tool.

Open the terminal and type the following command:

sudo apt update

sudo apt install gnome-control-center

Once it completes the installation, continue in the terminal and type:

gnome-control-center

Go to “Network Proxy” and click on the “gear” icon for settings.

HTTP Proxy: 127.0.0.1 — Port: 8118

HTTPS Proxy: 127.0.0.1 — Port: 8118

Socks Host: 127.0.0.1 — Port: 9050

gnore Hosts: localhost, 127.0.0.0/8, ::1

When you finish, close the windows by clicking on the X.

Open Firefox and type: dnsleaktest.com

You should see an IP different from yours, meaning it’s not from your ISP.

ANONYMOUS MONEY FOR YOUR ANONYMOUS MACHINE

Use Agoradesk to purchase bitcoin using a method that works for you. The most anonymous is cash in person, but that's only anonymous in the sense it's untraceable online. But whichever method you use, just make sure that any memos or payment notes doesn't mention bitcoin. For example, you can buy bitcoin with zelle with some merchants. Just leave it as an undescript zelle payment and any bitcoin you recieve isn't immediaitely tied to it or you. Take the bitcoin you bought and immediately exchange it for XMR on the same site. This p2p method of exchange makes it harder to trace.

Use feather wallet, which is available on TOR for the machine we just configured.

TOR RESOURCES:
dread http://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/
feather http://featherdvtpi7ckdbkb2yxjfwx3oyvr3xjz3oo4rszylfzjdg6pbm3id.onion/
proton mail http://protonmailrmez3lotccipshtkleegetolb73fuirgj7r4o4vfu7ozyd.onion/
the tor times index http://tortimeswqlzti2aqbjoieisne4ubyuoeiiugel2layyudcfrwln76qd.onion/
agoradesk http://2jopbxfi2mrw6pfpmufm7smacrgniglr7a4raaila3kwlhlumflxfxad.onion/