Warning Violation of computers or networks of others is a criminal offense punishable by the law. Some of the procedures hereby outlined are only for educational/explanatory/informational purpose and only executed on devices under our possession or within controlled test environments, therefore you hold harmless the authors of this document for what you’ll learn during this course and against any verifiable consequence. Notes on this work The content of Hacklog: Volume 1 is issued free of charge for the whole net, and is available in different formats, according to the Ethical Hacking self- regulation and respecting the different cultures practicing it. You’re free to use parts of this document for any work, properly quoting the source (Hacklog by inforge.net) and, including a footnote link, when possible. Since this project required a high amount of time, if this document has been useful for third party projects, we think it should be shared, out of respect for its author, his coworkers and who believed in it. The original text was written in 2017, in Italy. Copyright The textual content and the images of Hacklog: Volume 1 ebook are released under Creative Commons 4.0 license – non-replicable, no derived works, commercialization. The owner of the rights for this document is Stefano Novelli, and its distribution is by inforge.net. For my friends, my loved ones, and all who made this possible. For all the hackers, or aspiring hackers, worldwide. Stefano Novelli GLOSSARY Translator's Foreword Foreword Anonymity 1. Operative System 1.1 Which distro? 1.1.1 Virtual Machines 1.1.2 Live Distros 1.1.3 The Terminal 2. Data Traces 2.1 MAC Address 2.1.1 Identifying the MAC Address 2.1.2 MAC Spoofing 2.2 Hostname 2.2.1 Changing the Hostname 2.3 Domain Name System 2.3.1 Choosing DNS 2.3.2 Changing DNS 2.3.3 Cache DNS 2.4 IP Address 2.4.1 Determining the IP in use 2.4.2 Proxy 2.4.2.1 Proxy types 2.4.2.2 Where you can find Proxies 2.4.2.3 How to use Proxies 2.4.2.4 How safe are Proxies? 3. Secure communications 3.1 VPN (Virtual Private Network) 3.1.1 VPN Types 3.1.1.1 PPTP, for the speed seekers 3.1.1.2 L2TP/IPsec, for the security and responsiveness enthusiasts 3.1.1.3 OpenVPN, for top security users 3.1.1.4 SSTP, for Windows users 3.1.2 Which VPN? 3.1.3 How to choose a VPN 3.1.3.1 Avoid Free VPNs 3.1.3.2 No Logs Policy 3.1.3.3 If they haven’t got your data, they can’t catch you 3.1.3.4 International Data Retention Laws 3.1.3.5 Payment Methods 3.1.3.6 DMCA Notices 3.1.4 VPN List 3.1.4.1. Multi Hop (cascading) VPNs 3.1.5 Using the VPN 3.1.6 Testing the quality of a VPN 3.1.6.1 Torrent Test 3.1.6.2 DNS Leak Test 3.1.6.3 Kill Switch (protection against disconnections) 4. Clearnet and Deep Web 4.1 TOR 4.1.1 What’s the TOR network 4.1.2 TOR Projects 4.1.3 TOR installation 4.1.4 TOR use cases 4.1.4.1 TOR as a Browser 4.1.4.2 TOR as a P2P 4.1.4.3 TOR as Chat 4.1.4.4 TOR as a Proxy Software 4.1.5 TOR Relay 4.1.6 TOR Bridges 4.1.6.1 Bridges advanced use 4.1.7 Pluggable Transports 4.1.7.1 MEEK & Scramblesuit Protocols 4.1.8 Testing the quality of TOR 4.1.8.1 TOR Test via Browser 4.1.9 TOR and Deep Web 4.1.9.1 Where to find .onion sites? 4.1.10 Is the TOR network really safe?? 4.1.10.1 TOR and HTTP protocol 4.1.10.2 TOR and compromised exit-nodes 4.1.10.3 TOR Browser and the issues with “pre-built” products 4.1.10.4 TOR, Google & CO. 4.1.10.5 TOR is not idiot-proof 4.2 I2P 4.2.1 Using I2P 4.2.1.1 Installing I2P 4.2.1.2 First launch of I2P 4.2.1.3 Configuring a Browser with I2P 4.2.1.4 I2P useful resources 4.2.1.5 Anonymous navigation in Clearnet 4.2.1.6 Where to find I2P sites? 4.2.1.7 Difficulties with I2P 4.3 Freenet 4.3.1 Freenet installation 4.3.2 Configuring Freenet 4.3.3 Using Freenet 4.3.4 Freenet useful resource 4.3.5 Security in Freenet 5. Combo Network 5.1 TOR via VPN 5.1.1 How to perform TOR via VPN 5.2 VPN via TOR 5.2.1 How to perform VPN via TOR 5.3 TOR over TOR 5.3.1 Tortilla 5.3.2 Is TOR over TOR helpful? 6. Local Resources 6.1 Private browsing 6.1.1 How to enable the Private or Incognito mode 6.1.2 What the Private/Incognito mode does (and doesn’t do) 6.2 HTTPS 6.2.1 Controlling HTTPS protocols 6.3 Cookies 6.3.1 Cookies impact over security 6.3.2 Controlling cookies 6.4 “Special” Cookies 6.4.1 “Special” Cookies impact over security 6.4.2 How to block Flash Cookies 6.4.3 How to block DOM Storage 6.5 Javascript 6.5.1 JavaScript impact over security 6.5.2 Controlling JavaScript 6.6 Flash 6.6.1 Flash impact over security 6.6.2 Controlling Flash 6.7 Java 6.7.1 Java impact over security 6.7.2 Controlling Java 6.8 ActiveX 6.8.1 ActiveX impact over security 6.8.2 Controlling ActiveX 6.9 WebRTC 6.9.1 WebRTC impact over security 6.9.2 Controlling WebRTC 6.10 Browser Fingerprinting