FIELD MANUAL // OPERATIONAL PROTOCOLS
Identity & Privacy
EMAIL · USERNAMES · DIGITAL FOOTPRINT
Email Shielding
Do not publish your primary email address. Utilize aliases or disposable forwards for forums, giveaways, and secondary registrations.
Namespace Separation
Establish distinct usernames across separate platforms to deny cross-referencing capabilities to passive investigators.
Phone isolation
Avoid binding your physical phone number to services. Silent contact syncing algorithms will link your profiles together. Use burner or virtual numbers for validation tasks.
Domain Privacy
Enable WHOIS masking on registered domains. Public access returns owner name, contact emails, and physical location indexes.
Metadata Verification
Examine photos for context leaks. Reflected surfaces, location indicators, and matching image hashes allow correlation across platforms.
Data Brokers: Commercial aggregators collect and catalog personal metrics. Manual opt-out requests or automated tools like Incogni can significantly reduce your exposure index.
Passwords & Authentication
MANAGERS · GENERATION · BEST PRACTICES
Cryptographic Managers
Zero Password Reuse
A single breach enables credential stuffing attacks across other portals. Generate randomized, unique strings for every application.
Diceware Entropy
Establish master passphrases via physical dice and EFF word lists. Chains of 6+ words optimize human memory while maximizing defense against brute-forcing.
Avoid standard password hints or patterns. Ensure your offline master password paper recovery is stored in a physically secure container.
Two-Factor Authentication
TOTP · HARDWARE KEYS · RECOVERY
Multi-Factor Mandate
Activate secondary authentication factors. SMS is prone to interception; utilize TOTP apps or physical security keys.
TOTP Applications
FIDO2 Hardening
Deploy hardware keys like YubiKey where possible. The cryptographic validation binding prevents authentication on spoofed domains.
SIM Swapping: Hackers spoof cellular authorization to clone your identity. Bind carrier lines with custom account PINs to prevent number migration.
Email Security
PHISHING · ALIASES · TRACKING PIXELS
Encrypted Hosting
Migrate critical vectors to privacy-focused servers such as ProtonMail.
Tracking Pixel Suppression
Configure client rules to block auto-rendering of images. Hidden tracking elements log IP addresses, opening timestamps, and browser configurations.
Masking Services
Generate unique email aliases for third-party configurations, preventing your primary address from leaking during corporate database breaches.
Messaging Apps
ENCRYPTION · TRUST · HARDENING
Trust Architectures
Self-Destruct Timers
Activate vanishing message parameters. Local data caches on foreign endpoints are a constant security exposure.
Media Hardening
Turn off automatic file downloads. Malicious payloads within media containers can initiate remote execution scripts.
Links, Files & Downloads
EXECUTABLES · SCANNING · VERIFICATION
Masked Extensions
Force operating system parameters to reveal all extensions. Malicious archives frequently double-format targets (e.g.
report.pdf.exe). Multi-Engine Verification
Scan downloaded scripts or binaries across various platforms like VirusTotal and Hybrid Analysis prior to execution.
Active Scripts
Avoid executing raw command lines or scripts copied from forums without verifying what each parameter does.
Browser Privacy
EXTENSIONS · COOKIES · SEARCH ENGINES
Compartmentalization
Segregate profiles for personal identity vs anonymous navigation. Never merge credentials across these boundaries.
Tracking Protection
Block third-party tracking scripts. Configure settings to isolate cookies to their host domains.
VPN & Network Privacy
MULLVAD · DNS · WEBRTC LEAKS
Zero-Logs Encapsulation
Route connections through Mullvad. Use WireGuard protocols to minimize footprint.
WebRTC Leaks
Turn off WebRTC protocols in your browser settings. WebRTC leaks real local interfaces past active VPN boundaries.
Encrypted Domain Queries
Deploy encrypted DNS queries (DNS over HTTPS). Standard DNS lookups leak site addresses to your service provider in plaintext.
Browser Fingerprinting
CANVAS · WEBGL · BLENDING IN
Anonymity Pools
Do not randomize fingerprint fields manually. Your browser must blend in with thousands of other targets to avoid detection.
Isolation Tools
Deploy Mullvad Browser or Tor Browser. These standard configurations use strict canvas and window letterboxing protections by default.
Profile Testing
Validate your browser configuration parameters using tools like Cover Your Tracks. Aim for randomized or shared characteristics.
Device & System Security
ENCRYPTION · ANTIMALWARE · UPDATES
Cryptographic Volumes
Activate full-disk encryption. Deploy VeraCrypt or system-level encryption protocols to protect data from physical tampering.
Endpoint Safeguards
Configure baseline security updates. Run processes from restricted accounts instead of administrator profiles.
Physical Interface Locks
Do not connect unknown USB drives. Disable auto-run properties, cover physical cameras, and avoid using untrusted charging interfaces.
Data, Backups & Transfers
3-2-1-1 RULE · METADATA · CLOUD
EXIF Removal
Strip EXIF parameters from photos and files before sharing. EXIF tags contain GPS lookups, camera models, and timestamps.
3-2-1-1 Backup Plan
Store 3 copies of your data on 2 separate media formats, keep 1 off-site, and maintain 1 air-gapped copy fully disconnected from all network interfaces.
Client Encryption
Encrypt sensitive assets before uploading them to cloud interfaces. Storage providers should only ever store your ciphertext.
OPSEC & Mindset
PERSONAS · PATTERNS · AI EXPOSURE
Separation of Personas
Never link anonymous identities to your real name. Once linked, browser cookies or network histories can compromise all personas.
Writing Style & Timezones
Be mindful of typing patterns and consistent timezone activity. Stylometry engines can fingerprint writing styles and link accounts.
AI Input Shielding
Do not input sensitive code, documents, or keys into public AI portals. Your data is stored on remote servers for model updates.
Incident Response
COMPROMISED? DO THIS NOW
Immediate Network Disconnection
Disconnect the network interface immediately. Remove ethernet cabling, and disable WiFi/Bluetooth hardware.
Session Isolation
Do not log into sensitive portals from a compromised device. Use a clean, isolated node to rotate credentials and revoke active sessions.
Zero-Trust Wipe
A compromised device cannot be trusted. If infected, wipe all partition tables completely and reinstall the operating system.
Ratted? What to Do?
RAT · STEALERS · FULL RECOVERY
Kill the Connection
Pull ethernet, disable Wi‑Fi and Bluetooth, and unplug the machine if you can. A live RAT can exfiltrate keystrokes, screenshots, and clipboard data in real time.
Do Not “Fix It” on the Same PC
Do not log into email, Discord, banks, or crypto wallets from the infected device. Assume every password you type is captured. Use a clean phone or another computer for recovery.
Revoke Sessions First
From a clean device, sign out of all sessions on Discord, Google, Microsoft, and any exchange or wallet. Rotate passwords starting with email. It is the recovery key for everything else.
Check What Was Stolen
Review saved browser passwords, autofill, crypto extensions, and 2FA backup codes stored locally. Token grabbers often harvest Discord tokens, cookies, and wallet seed phrases in one pass.
Assume Persistence
RATs hide in startup entries, scheduled tasks, services, and AppData folders. Deleting one file rarely removes the infection. Treat the whole install as compromised.
Wipe and Reinstall
Back up only personal files you can verify (photos, documents, not executables). Format the drive, reinstall Windows from official media, and patch before restoring data.
After recovery: Enable hardware or app-based 2FA everywhere, use a password manager on the clean system, and never run cracked games, “free Nitro” tools, or unknown
.exe files again. That is how most RATs land.Warning signs: Mouse moving alone, webcam LED flicker, unknown processes in Task Manager, new startup programs, friends getting scam DMs from your account, or wallets draining without your action.
Common Cyber Attacks
KNOW WHAT YOU'RE UP AGAINST
Ransomware
Encrypts your local files and demands payment to restore access keys.
Phishing
Socially engineered targets designed to capture credentials via spoofed portals.
DDoS
Flooding network targets with traffic to degrade infrastructure performance.
MITM
Intercepting communication streams between target interfaces to extract data.
SQL Injection
Injecting backend queries into active variables to extract server records.
Zero-Day
Targeting unpatched security bugs before updates become available.