Spear - Operational Security

Potential opsec pitfalls from SOCKS proxies to watch out for

Sat, 02 May 2026 16:43:13 +0200

SOCKS5 proxies do not perform hostname resolution by proxy. What this means, in layman's terms, is that whenever you do something as simple as try to visit google.com through a socks5 proxy, the resolution happens through your computer's or router's assigned dns resolver. Why this can be problematic might be subtle at first, but you don't truly understand the logging policies or practices of your assigned DNS resolver, furthermore you also don't want that kind of traffic correlation to be possible for opsec reasons.

However, opsec might not be the only reason why this might be problematic, if you are used to routing your traffic through Tor by pointing your tools, such as curl, through Tor's SOCKS5 proxies running locally on port 9050, you might notice that even with curl configured to route through tor, you cannot access hidden services. This is because as aforementioned, DNS resolutions happen through a configured dns resolver.

To demonstrate why what I mean, I've setup a simple example scenario.

I setup a tor service on my Windows VM, running on port 9050 locally.

Code:
PS C:\Users\user\Downloads\Tor-Expert\tor> .\tor.exe

Apr 19 20:17:20.325 [notice] Tor 0.4.9.6 (git-894a92ac2279747e) running on Windows 8 [or later] with Libevent -stable, OpenSSL , Zlib , Liblzma N/A, Libzstd N/A and Unknown N/A as libc.

Apr 19 20:17:20.325 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://support.torproject.org/faq/staying-anonymous/

Apr 19 20:17:20.337 [notice] Configuration file "C:\Users\user\AppData\Roaming\tor\torrc" not present, using reasonable defaults.

Apr 19 20:17:20.337 [warn] Path for GeoIPFile () is relative and will resolve to C:\Users\user\Downloads\Tor-Expert\tor\. Is this what you wanted?

Apr 19 20:17:20.337 [warn] Path for GeoIPv6File () is relative and will resolve to C:\Users\user\Downloads\Tor-Expert\tor\. Is this what you wanted?

Apr 19 20:17:20.338 [notice] Opening Socks listener on 127.0.0.1:9050

Apr 19 20:17:20.338 [notice] Opened Socks listener connection (ready) on 127.0.0.1:9050 <- Important part

...................................

Now, let's try to visit dark.fail through our socks5 tor proxy on curl.

Code:
C:\Users\user>curl --proxy socks5://127.0.0.1:9050 https://dark.fail

d﻿ark.fai﻿l: Which Tor sites are online?

Great, seems to work flawlessly, however, let's now try to visit dark dot fail's onion mirror, in theory it should work as its being routed through the same protocol.

Code:
C:\Users\user>curl --proxy socks5://127.0.0.1:9050  http://darkfailenbsdla5mal2mxn2uz66od5vtzd5qozslagrfzachha3f3id.onion/

curl: (97) Not resolving .onion address (RFC 7686)

Odd. This doesn't work. This is, in hindsight, because onion services are not normaly domain TLDs, they are not accepted or recognized by conventional DNS resolvers.

Thankfully, the fix for this is easy, here it is:

Code:
C:\Users\user>curl --proxy socks5h://127.0.0.1:9050  http://darkfailenbsdla5mal2mxn2uz66od5vtzd5qozslagrfzachha3f3id.onion/

d﻿ark.fai﻿l: Which Tor sites are online?

Yes, it's really that easy. The solution was simple as replacing `socks5` with `socks5h`, which is from my perspective is just a more 'extended' version of the SOCKS5 protocol, as corroborated by google sources:

Quote:SOCKS5 and SOCKS5h are both versions of the SOCKS protocol used for proxy servers. The main difference between the two is that SOCKS5h includes support for hostname resolution, allowing for more flexibility in routing traffic through the proxy server. This means that SOCKS5h can handle requests for domain names, while SOCKS5 requires the client to resolve the hostname before sending the request to the proxy server. Overall, SOCKS5h offers a more seamless and efficient proxy experience compared to SOCKS5.

This is in stark contrast to VPNs, which provide a much more 'wholesale' tunneling of your traffic through elegant protocols like WireGuard, in fact, Mullvad (which I recommend everyone to use and ditch in favour of their current VPN provider, unless stated otherwise), encrypts your DNS traffic and redirects it through their own DNS servers.

NYM VPN - Review & Audit

Fri, 20 Mar 2026 13:11:30 +0100

>.<

NYM VPN

An open source DVPN (Decentralized VPN) that has Anonymous signup and payment methods.
This VPN stands out for it's true privacy features. This VPN has some of the most indepth and well-thoughtout security solutions ever created.

If you are looking for a virtual private network that's only goal is to protect your data and ensure censorship isn't present in your work.

Overseer's are rendered obsolete as NYM's functional security solutions evade moden surveillance technology.

Mixnet Protocol

Noise Generating Mixnets (NGMs), is the most promising software that i've encountered.
this protocol has it all.

Independent Node Operators

Unlike Most VPN's (Express, Nord, Proton) which uses Data Servers to host connects, Nym has a very similar approch like Tor that utilizes Node Operators.
This allows a decentralized connection to their network making it so not a single entity has full connection over your already obfuscated traffic.

Multi-Layer Encryption

This encrypts your packets with a Sphinx encryption making it so the packets metadata is obfuscated within
the transfer or handshake making the packets indistinguishable from other related trafiic.

Data mixing

Data mixing utilizes a mix node to obfuscate your traffic further.
On top of shuffling your packets with other uses it also splits packets sends them through different nodes than recombines them at the exit node.

Additional Security

There is still more protection on top of everything stated. This would include there Cover Traffic function. This sends Empty or Decoy packets t
hrought thenetwork with your real traffic to further obfuscate the legit source of the traffic.

Conclusion

This software provides near flawless security allowing it's users to roam the internet freely without anyone being able to track them.

Working as a proxychain utilizing a 5 Hop mixnet connection (1 Entry gateway, 3 mix nodes & 1 Exit Gateway).

This software provides an innovative solution to a problem that we thought was out of our control. No more need to worry about having your provider logging your movements because the architecture of this technology simply doesn't allow them to log anything. Do your own research, Come to your own conclusion & stay educated.

Pce out - Anon

Data & Password Security

Tue, 10 Mar 2026 10:39:13 +0100

>.<

Data & Password Security

The methodology behind Data & Password Secuirty is to provide you with ideas on how to improve your exisiting security protocols.
Expand on ideas, develop technology and overall improve your operational security.
I'm so confident in my own practice that i'd like to share it with everyone else.
(Please don't hack me)

My Security Stack

The way I have my Data & Passwords security setup.
The programs & products I utlize for this security measure consist of the following.

KeepassXC (.kdbx format)

16GB USB (Any size works)

Virtualization (Isolated environment)

Nitrokey (Any model works)

My Security Breakdown

To start off with we will be migrating all our Password files (.kdbx files) over to the usb or nitrokey.
This Isolates our files from our host machine - This prevent Data exfiltration as these files are suseptible to bruteforce attacks.

Utilize KVM/VM to host your KeepassXC Package or Execuatable
This is an added level of isolation from your host machine - Using a Virtual Machine allows you to disable all network access to that environment.
Just ensure that you allow file sharing specificly to that USB drive.

Incorperate the Nitrokey for extremely sensitive data
Nitrokey allows for KeepassXC intergration which allows for a hardware security key to be utilized.

Conclusion

This security stack provides a double layor of Isolation via External Storage & Virtualization.
As this device is an external storage device it creates and provides Plausible Deniability. Due Internatinoal Human Right Laws.
The Right To Privacy along with The Right Against Self-Incrimination provides legal precedent that supports that the contents of this device are unable to be used.

Pce out - Anon

Digital Fingerprinting

Fri, 06 Mar 2026 07:10:28 +0100

>.<

What is Digital Fingerprinting

The best way to discribe digital fingerprinting it is the form using digital configurations.
This technology allows yourself to be tracked throughout the internet due to user characteristics of that device. In short form it is esentially used to Identify people through patterns and data specific identifiers.

Examples of Digital Fingerprints!

When using a browser to access the interenet you invoke the HTTP/HTTPS protocol.
These HTTP/HTTPS requests carry data such as User-Agent, IP Address and Query Parameters. The use of Java Script websites are able to see Screen Resolution, Geolocation, Mouse & Keyboard Events Along with Cookies and Local Storage.

How to utlize Digital Fingerprinting

This whole time i've told you how Digital Fingerprinting is bad, but what you may have missed is how this can be used to your advantage. For instence, knowing that this information is viewable and frequiently monitored this allows you to manipulate the information as you see fit. This allows you to not only hide in place sight but allow you to be misidentified during digital forensics. For example, Altering your timezone to the country that you are connected to via vpn makes the connection seem much more legitimate.

Conclusion

Unfortunately there isn't a way for any single person to be "Anonymous" but reducing your Digital Fingerprint and manipulating the information you can allows for a reduce chance is getting caught for whatever it is you want to keep hidden so bad. Stick to defaults, Don't be unique, Don't stand out and you "accidently" find urself just to be another number within a binary.

Pce out - Anon

Security vs. Schizoposting: Where's the line?

Mon, 23 Feb 2026 08:05:43 +0100

In the world of OpSec and digital privacy, there is a very fine, often blurry line between "necessary precaution" and "clinical paranoia." We all start with the basics ?VPNs, encrypted messengers, and maybe a hardened browser ?but for many in this scene, the rabbit hole goes much deeper. It starts with threat modeling against script kiddies and ends with you air-gapping your main rig, refusing to carry a smartphone because of baseband vulnerabilities, and treating every "Terms of Service" update like a personal deposition. At a certain point, the friction of maintaining your privacy starts to outweigh the actual utility of the technology you ?re trying to protect. I'm curious where that breaking point is for everyone here. When does a "robust security posture" stop being a professional asset and start becoming a lifestyle-disturbing pathology? Is there a specific behavior ?like rotating MAC addresses every hour or refusing to use a credit card for a sandwich ?that signals someone has finally crossed the threshold from "well-informed" to "unhinged"?

All About Monero (Mega Thread)

Thu, 19 Feb 2026 05:50:21 +0100

Hidden Content

You must register or login to view this content.