Signature Management & Ubiquitous Technical Surveillance Awareness

Course Duration

5 Days

Audience

Employees of federal, state and local governments; and businesses working with the government.

Prerequisites

No prior security background is required. Basic comfort with a command line is helpful but not essential.

Course Description

Ubiquitous Technical Surveillance (UTS) is the new global standard. Whether it’s commercial tracking or nation-state monitoring, your digital signature is being harvested. This course gives you the keys back. Through a 60% hands-on lab environment, you will construct a bespoke toolkit designed to mask your movements, encrypt your data, and alert you the moment your privacy is breached. Leave the theory behind and walk away with the hardware, software, and strategy to move through the world with confidence.

Learning Objectives

• Map Their Digital Footprint: Perform a comprehensive OSINT self-assessment to identify publicly available data points that compromise personal and operational security.
• Engineer Hardened Mobile Hardware: Independently flash, configure, and maintain GrapheneOS to eliminate commercial tracking and minimize the device's attack surface.
• Deploy Private Network Infrastructure: Provision and manage a self-hosted WireGuard VPN and a portable Travel Router to ensure encrypted, filtered, and tunneled internet access in hostile network environments.
• Analyze Device Telemetry: Utilize packet capture and passive WiFi monitoring tools to identify "leaky" apps and broadcast signatures that reveal identity or location.
• Implement Digital Tripwires: Deploy a suite of Honeyfiles and Canary Tokens to provide real-time alerts in the event of unauthorized physical or remote access to sensitive data.
• Execute Signature Management Protocols: Develop and document a personalized Standard Operating Procedure (SOP) for pre-departure, transit, and post-travel phases of an operation.
• Mitigate Ubiquitous Technical Surveillance (UTS): Apply practical obfuscation techniques to counter facial recognition, automated license plate readers (ALPR), and IMSI catchers.

Course Outline

Course Topics

• Day 1 – Threat Landscape & GrapheneOS Brief lecture on the surveillance ecosystem (nation-state, commercial, criminal), followed by a hands-on OSINT self-exposure exercise where students see what's already publicly known about them. Afternoon: install and fully configure GrapheneOS on a Pixel device.
• Day 2 – Travel Router & WireGuard Build Students build a Docker-based travel router from scratch on a Raspberry Pi (or similar) – configuring a software access point, DNS/DHCP server, and Pi-hole ad/tracker blocker via a compose.yaml they write and understand line by line. Then deploy a self-hosted WireGuard VPN with a web management UI on a cloud server and route all router traffic through it.
• Day 3 – Traffic Analysis: What Is Your Device Actually Saying? Students capture and analyze their own devices' network traffic, idle state, app-by-app, and over time. They build a passive WiFi probe that captures the network names their devices broadcast in public spaces. They examine what remains visible to a network observer even after encryption.
• Day 4 – Communications Security & Honeyfiles Hands-on configuration of a complete secure communications stack: Signal, encrypted email, browser hardening, and VPN integration. Then the honeyfile lab: students create and deploy a suite of canary documents and fake credentials with live alerting, test them, and document where each one lives.
• Day 5 – OPSEC & Signature Management Planning Students verify every system built during the week against a structured checklist, draft their personal Signature Management Plan, and run a tabletop scenario covering a multi-country trip, a border crossing device inspection, a suspicious contact, and a honeyfile alert firing mid-trip.

Frequently Asked Questions