Hey everybody, I was recently looking into improving the security of my laptop, and by security I mean more than just a Kensington laptop lock. So I thought, why not ask one of our elite cyber spec ops warriors! I reached out to a friend who knows th3j35t3r and asked if he could make any recommendations. He came back with a nice overview of his rig:

  • Laptop, business class
  • TPM chip – allows him to lock hardware to the device. For example, if you pull the hd and put it in another machine, it will not work.
  • Biometric login
  • BIOS/boot password
  • Full disk encryption across the board
  • Won’t boot without a secure token (usb)
  • 2 wireless cards – one normal, one transmitting decoy access point ssids
  • Two factor authentication on all accounts using Google authenticator w/ mobile device
  • Laptop pings cellphone over Bluetooth every few seconds. If cellphone goes out of range, laptop locks and requires fingerprint and phone to re-login.

After looking this over I sent a note back asking if I could use it here in Team Room. I was surprised and very happy to get a note back that The Jester was writing a full post on this topic, and I’d be able to publish it here for you guys.

This is way above and beyond where most people need to be with their laptops, but it’s still fun to know how the-best-of-the-best hackers treat their tools of the trade.

So, without further ado…

Jester’s Loadout: The Laptop

‘Have more than thou showest, Speak less than thou knowest, Lend less than thou owest’ – William Shakespeare

So I wanted to continue my ‘Loadout‘ series, as I know I’ve neglected it to the point that the ‘series’ currently consists of only one other article. It’s busy times, so I apologize in advance. I get lots of questions regarding how I secure my connection and manage to stay ‘underground’ for so long. I thought about talking about that, but decided against it, at least for now for reasons I am sure must be obvious to anyone who possesses an IQ that exceeds that of Mr John Tiessen AKA @johntiessen and that of Ms Jennifer Emick AKA @asherahresearch combined. (Sorry couldn’t resist).

Now there’s something to be said for spreading your operation out, so if ‘they’ (whoever your ‘they’ is) get one thing they don’t get it all. But there’s also something to be said for keeping your attack surface as small as possible. Its two schools of thought, I prefer the latter. It makes things manageable and easier to monitor. This is why EVERYTHING I do, whether offensive, defensive or passive, as ‘Jester’ is done on a single laptop. There is zero cross polanation between that and my actual identity. This ensures that even if the laptop somehow leaves my possession, all they got was ‘Jesters’ laptop. This blog post will concentrate on how to secure that laptop and the information on it from physical or coerced infiltration, so even if they get a hold of it in your absence, it’s a case of fuggit, no harm done.