From 10fd98e15584cdf404deaae743ac1cfd447b2dee Mon Sep 17 00:00:00 2001 From: Tyler Perkins Date: Mon, 2 May 2022 19:30:01 -0400 Subject: [PATCH] Update for 02-05-22 19:30 --- tech/cia-do-dont.wiki | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/tech/cia-do-dont.wiki b/tech/cia-do-dont.wiki index fa62e38..d306438 100644 --- a/tech/cia-do-dont.wiki +++ b/tech/cia-do-dont.wiki @@ -1,15 +1,15 @@ = Cia Do and Donts = -This is the CIA list of dos and donts. +This is the CIA list of dos and donts. == General == -* DO obfuscate and encrypt strings; Deobfuscate in memory when needed -* DO wipe deobfuscated strings once done -* DONT decrypt string data upon execution -* DO remove encryption keys, shellcode, etc from memory -* DO utilize deployment time unique key for deobfuscation of data -* DONOT rely on OS to cleanup strings for you +* DO obfuscate and encrypt strings; Deobfuscate in memory when needed +* DO wipe deobfuscated strings once done +* DONT decrypt string data upon execution +* DO remove encryption keys, shellcode, etc from memory +* DO utilize deployment time unique key for deobfuscation of data +* DONOT rely on OS to cleanup strings for you * DO strip all debug symbols, build paths, dev usernames, etc from binary * DO strip all debug output from final build of tool * DONOT import/call functions that are not consistent with tools cover usage @@ -17,7 +17,7 @@ This is the CIA list of dos and donts. * DONOT generate crashdumps or signs of error when crashing * DO attempt to crash a program during a unit test * DONOT perform operations that will make a computer hang -* DO make all effort to minimize binary size without the use of compression +* DO make all effort to minimize binary size without the use of compression Less than 150kb is ideal for a full tool * DO provide a means to uninstall tools and all artifacts * DO document all artifacts of program and how to undo it @@ -75,7 +75,7 @@ This is the CIA list of dos and donts. - ECDH, the prime must be 256 bits - DH and RSA primes must be *at least* 2048 bits - DH and ECDH is prefered for perfect forward security -* Authentication *must* be done with TLS 1.2, Elliptic curve DSA, DSA, or RSA +* Authentication *must* be done with TLS 1.2, Elliptic curve DSA, DSA, or RSA - Asymmetric keys *must* be at least 2048 bits (Elliptic curve, 256 bits) * Authentication via TLS 1.2 *must* include the use of certs by both parties * Authentication via TLS 1.2 *must* validate the cert utlized by both parties.