What are /r/hackersec's favorite Products & Services?

From 3.5 billion Reddit comments

Don't use any of the above. If you're going to use IRC, use TOR to connect, or at worst VPN somewhere first.

https://freenode.net/news/tor-online

Then go question the legitimacy of a 'hacking' sub that's suggesting IRC to Freenode is a good idea.

Check to see if any of the accounts you use have been compromised in a previous hack. https://haveibeenpwned.com/ If you use the same password for an account that got compromised elsewhere they could've gotten in that way.

Step 1:

Get a VM hypervisor like Virtual Box.

Step 2:

Fire up the VM, spoof MAC, and use TOR

Step 3:

From inside the VM, and through TOR (by the way, if you can install TOR on your router, do that instead / or in addition. More layers means more protection, and protection through a network device is great since some of them kill the connection if the VPN drops) go ahead and sign up for an email address you intend to use only for this purpose of anonymous communications. Lie about everything, don't give it any legit info in the course of creating your account. You can now use this fake email account to sign up for other services, like reddit. ONLY EVER USE THIS EMAIL ACCOUNT, AND ANY ACCOUNTS LINKED TO IT THROUGH YOUR TOR VPN (or some other VPN that won't keep records like NordVPN).

Step 4:

Lie everywhere. Do not disclose anything about yourself, your city, your country, anything. Proceed to do whatever you were planning to do.

A few caveats: If you are planning to do this from a highly repressive regime in a country that does not allow much freedom on the internet, be VERY careful. Governments may still have a way to track you regardless of whatever methods you are attempting to use. If you're on a list somewhere, they may have already compromised your computer and are viewing everything you're doing anyway. This is why the VM is a good idea, but nothing is full proof.

Also, illegal and unethical are not the same thing. Please don't do anything unethical with your anonymity (I say that, because I have no idea what kind of bullshit laws your country might have).

The ip address the email comes from is the email servers. If you send from your phone the IP would still appear as the email servers sent from. So gmail, icloud etc....

If you wanted a more anonymous email you can try Protonmail.

You cannot control the IP of 3rd party email providers. If you want a custom IP you would need a self owned and run email server.

I don't have much experience with malware or adware, but I remember a while ago being on a hacking forum and there was talk of the program Hijack This. It should (again, don't have much experience) remove browser malware/adware. See if this helps. Just a long shot, but figured I'd see if I can get you any help.

https://sourceforge.net/projects/hjt/

I love PIA (Private Internet Access) because it doesn't not store logs of any kind, even event logs. I'm currently using the Humble Bundle offer for CyberGhost VPN just for torrenting because I have received multiple notices about my torrenting use from my ISP. The only reason I'm using cyber over others is because of the deal that made the 1 year subscription like 90% off.

That whole "ripping cables and hooking up the phone" scenario makes me raise my eyebrow.

Something that might work that keeps the wires idea though, the security camera might be hardwired with a CAT5/6 cable, see: https://reolink.com/images/blog/home-security/ip-camera-cable-connection.jpg

If its conceivable your protagonist had a usb ethernet adapter on him: https://www.amazon.com/Smays-Ethernet-Adapter-Network-compatible/dp/B008N3BTWY

They could access the security camera, remove the ethernet cable from the camera, and plug it in to their phone. This would put their phone on the same network as the other cameras.

From there, you can let your hacker imagination go wild:

• They discover the cameras are all connected to a hub, so they can parse their data and view the feeds from the other security cameras.

• Improperly configured network that directly provides them with internet access

• The "classic hack": Use nmap to scan the network, discover <vulnerable machine>, remotely exploit it, connect to internet from this new box.

• "router hack": You scan the network but only find cameras and the router. nmap shows you the routers services are all either up-to-date or firewalled. However, you access the routers login page and successfully guess the password (or use a tool to bruteforce the password). With access to the web interface for the router, you..... turn on the wifi! Then connect to the wifi normally with your phone now that you have internet access.