vimwiki/tech/cia-do-dont.wiki

= Cia Do and Donts =

This is the CIA list of dos and donts. 

== General ==

* DO obfuscate and encrypt strings; Deobfuscate in memory when needed    
* DO wipe deobfuscated strings once done                                 
* DONT decrypt string data upon execution                                
* DO remove encryption keys, shellcode, etc from memory                  
* DO utilize deployment time unique key for deobfuscation of data        
* DONOT rely on OS to cleanup strings for you                            
* DO strip all debug symbols, build paths, dev usernames, etc from binary
* DO strip all debug output from final build of tool
* DONOT import/call functions that are not consistent with tools cover usage
* DONOT export sensitive functions names, use benign cover names
* DONOT generate crashdumps or signs of error when crashing
* DO attempt to crash a program during a unit test
* DONOT perform operations that will make a computer hang
* DO make all effort to minimize binary size without the use of compression 
  Less than 150kb is ideal for a full tool
* DO provide a means to uninstall tools and all artifacts
* DO document all artifacts of program and how to undo it
* DONOT leave dates and times like compile timestamps, access times, etc that
  relate to your time zone
* DONOT leave data in the binary that indactes you
* DONOT leave data that has "dirty words" (hacker terms) in binary

== Network ==

* DO use E2EE for network comms
* NEVER use network protocols that break E2E principle with respect to
  encrypted payloads
* DONOT rely soley on SSL/TLS to secure data in transit
* DONOT allow network traffic to be replayable
* DO use ITEF RFC compliant network protocols as a blending layer. The actual
  data should be tunneled through a well known, standard protocol like HTTPS
* DONOT break compilance of an RFC protocol being used as a blending layer
* DO use variable size and timing jitter of packets, beacons, and
  communications
* DONOT send data with fixed size and timing
* DO properly clean up network connections
Update for 11-01-22 23:30 2022-01-12 04:30:01 +00:00			`= Cia Do and Donts =`

			`This is the CIA list of dos and donts.`

			`== General ==`

Update for 11-01-22 23:45 2022-01-12 04:45:01 +00:00			`* DO obfuscate and encrypt strings; Deobfuscate in memory when needed`
			`* DO wipe deobfuscated strings once done`
			`* DONT decrypt string data upon execution`
			`* DO remove encryption keys, shellcode, etc from memory`
			`* DO utilize deployment time unique key for deobfuscation of data`
			`* DONOT rely on OS to cleanup strings for you`
			`* DO strip all debug symbols, build paths, dev usernames, etc from binary`
			`* DO strip all debug output from final build of tool`
			`* DONOT import/call functions that are not consistent with tools cover usage`
			`* DONOT export sensitive functions names, use benign cover names`
			`* DONOT generate crashdumps or signs of error when crashing`
			`* DO attempt to crash a program during a unit test`
			`* DONOT perform operations that will make a computer hang`
			`* DO make all effort to minimize binary size without the use of compression`
			`Less than 150kb is ideal for a full tool`
			`* DO provide a means to uninstall tools and all artifacts`
			`* DO document all artifacts of program and how to undo it`
			`* DONOT leave dates and times like compile timestamps, access times, etc that`
			`relate to your time zone`
			`* DONOT leave data in the binary that indactes you`
Update for 12-01-22 00:00 2022-01-12 05:00:01 +00:00			`* DONOT leave data that has "dirty words" (hacker terms) in binary`

			`== Network ==`

			`* DO use E2EE for network comms`
			`* NEVER use network protocols that break E2E principle with respect to`
			`encrypted payloads`
			`* DONOT rely soley on SSL/TLS to secure data in transit`
			`* DONOT allow network traffic to be replayable`
			`* DO use ITEF RFC compliant network protocols as a blending layer. The actual`
			`data should be tunneled through a well known, standard protocol like HTTPS`
			`* DONOT break compilance of an RFC protocol being used as a blending layer`
			`* DO use variable size and timing jitter of packets, beacons, and`
			`communications`
			`* DONOT send data with fixed size and timing`
			`* DO properly clean up network connections`