1. Cryptography: Purchasing pro version 10/11, include BitLocker. Use this tool for encrypt all HD and USBs for your "dark" related files and VMs, and you gotta install a good VPN. Also, keep your machine updated, apply all new updates and save everything to an encrypted USBs, avoid writing to the HD.
2. Windows Accounts: By default, Windows require a Microsoft Account when installing these OS. But, fortunately we can bypass this by ensuring your machine is offline and when prompted select "Create Account Later". This allow to create a local account.
To protect your home PC, create a separate admin account, give it a stronger password and just use it for install/update software. Don't sign into the admin account for everyday.
3. System Cleaner: Install BleachBit. When you launch the program, select all available options besides the "Wipe Free Space". Execute each time before shutdown your PC.
4. Control Connections: Install GlassWire. This program control all incoming and outgoing connections from your PC, also you can block the apps in case you note a suspicious connections from there. I recommend purchase the Pro Version, very useful.
5. Disable Bluetooth.
6. Change your MAC Addres each boot up.
7. Setup a BIOS Password and disable booting from USB on Startup (Unless booting from USB).
8. Turn on Windows Firewall, and Install a reputable Anti-Virus/Anti-Malware.
9. Clear as many logs before shutdown the PC.
Clear the logs: Windows logs a lot of random things.
A lot of hackers will use PowerShell but don't realize they're leaving a lot of bread crumbs behind on their machines.
- PSReadLine:
Is a powershell module that can do a variety of things but also stores all the history of any PS commands previously run on your windows machine. If you're a PS user you can check this by follow this Command Prompt:
Code: Select all
powershell -ExecutionPolicy Bypass -c "get-content C:\Users\*\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadline\ConsoleHost_history.txt"- Prefetch:
If you're running some hacking programs, we can check what has been ran and running by issuing, follow this Command Prompt as Admin:
Code: Select all
powershell
dir 'C:\Windows\Prefetch' | sort LastWriteTime -descWe can wipe some of these by issuing the following commands as Admin:
Disables Prefetch
Code: Select all
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters" /v EnablePrefetcher /t REG_DWORD /d 0 /fDeletes PowerShell History
Code: Select all
powershell -c "remove-item -force -path $env:APPDATA\Microsoft\Windows\PowerShell\PSReadLine\ConsoleHost_history.txt"Disables PowerShell history
Code: Select all
powershell -c "Set-PSReadlineOption -HistorySaveStyle SaveNothing"10. Clear Windows Event Logs: There are certain logs that Windows save, it's a good OPSec clear these before each shutdown:
Clear all the even logs:
Run as Admin:
Code: Select all
for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"Flush the memory cache in Windows:
Run as Admin:
Code: Select all
%windir%\system32\rundll32.exe advapi32.dll,ProcessIdleTasksBlind trust is never a good idea.