Category Archives: OSINT

Passed the GOSI

As usual, I have a lot on my plate. So I don’t get to blog as much as I’d like. Then again, I haven’t had a cool project to work on for a while. Just going through skilling up on things. Back in March, I mentioned I took the SANS Security 487 course, Open Source (OSINT) Gathering and Analysis. For the last month or so, I’ve been studying for the exam.

So that’s a thing. Second SANS class taken, second GIAC exam passed. I’d share the embedded link, but it gives too much personal information away. So all that is here is the certification badge they provide.

 

 

 

 

 

 

 

Next up is going to be the Open FAIR certification. I went through the training on my own dime last year, and I’ve been slowly studying for that one since last year. I’m planning to schedule the test for mid-August.

For SANS/GIAC, next on my radar will probably be Sec 504 / GCIH.

After that, I’m still interested in the Python classes. Both Sec 573 Automating Information Security with Python and Sec 537 Practical Open-Source Intelligence (OSINT) Analysis and Automation.

They added a new one for OSINT, and I’m wondering how much overlap with the Automating OSINT by Justin Seitz there is.

I’m also interested in LEG52: Law of Data Security and Investigations and MGT512: Security Leadership Essentials for Managers. Both of those are for personal reasons. But in all the years I’ve been around the industry, I’ve only gotten to go two SANS classes, so it will probably take a while.

Building an OSINT box based on Open Source Intelligence Techniques 7th edition.

This is a six-part series covering my experience modifying the instructions to build an Investigation VM from Open Source Intelligence Techniques by Michael Bazzell.

I made the VM to follow along with his online course that I bought last year but haven’t had time to work through. The course was originally built for the Buscador OS, but that distribution is no more.

Part 1: The Install
Installing Xubuntu as a VM

Part 2: Personalization
Configuring the VM to remove applications that leak data, and remove annoyances

Part 3: Configuring Firefox
Setting up Firefox for doing OSINT Investigations

Part 4: Configuring Chrome
Configuring Chrome for OSINT Investigations

Part 5: Setting up Linux Applications
Installing other applications to aid in capturing the information needed for OSINT investigations

Part 6: Finishing Setup
Final setups, and closing thoughts.

Building an OSINT box based on Open Source Intelligence Techniques 7th edition. Part 5, Setting up Linux Applications.

Welcome back. Sorry about the delay, but I wanted to get the post about fixing the NAS posted before I continued. This post has also been sitting waiting for editing for a bit. Picking up where we left off, I’m going to discuss the changes between Michael Bazzell’s book, and my experiences of setting up the system using Xubuntu.

Continue reading

Building an OSINT box based on Open Source Intelligence Techniques 7th edition. Part 4, Configuring Chrome.

Sorry, this was a little late, I spent the last few weeks rebuilding my Raspberry Pi NAS, again. I’ll be doing a write up on that in the near future.

This post is the fourth part of the series building my OSINT VM to do Open Source Intelligence. These are my experiences using a different Xubuntu for my base, compared to Michael Bazzell’s walkthrough in his book, which used Ubuntu.

There are two sections to this posting. Chrome, and TOR. Though I didn’t do much with TOR.

Continue reading

Building an OSINT box based on Open Source Intelligence Techniques 7th edition. Part 3, Configuring Firefox.

Welcome back to my series of setting up Virtual Machined to do OSINT. I’m setting up an OSINT investigation system based on Michael Bazzell’s 7th Edition OSINT book, but I’m using Xubuntu instead of Ubuntu. Remember, this series is about the differences I found between the walkthrough in the book and setting up my environment on a different Distribution.

Continue reading

Building an OSINT box based on Open Source Intelligence Techniques 7th edition. Part 2: Personalization.

In this post, I’ll be talking about the personalization steps covering the differences between Michaels’s text and the steps to do the same in Xubuntu. As I stated in the last post, I’m building a new OSINT Investigations VM based on Michael Bazzel’s book. In the previous post, I covered the differences between his book and my choice of using Xubuntu instead of Ubuntu.

Continue reading

Building an OSINT box based on Open Source Intelligence Techniques 7th edition. Part 1, the Install

In the latest edition of his book, Michael Bazzell has decided to teach OSINT investigators to be self-sufficient when it comes to their tools. Gone is his OSINT powerhouse VM Buscador. Gone are the free tools he used to host. Instead, because things change and disappear, he has decided to teach people to build their own tools.

He uses Ubuntu as the base for the Virtual Machine in the walkthroughs. I didn’t care for Ubuntu, mainly because I’m not too fond of the default desktops. Honestly, I prefer running Debian with XFCE. But for quick installations, I go with Xubuntu. I say quick installs because it usually works out of the box, whereas Debian usually takes me days of tweaking to get it right.

In the past, before his old investigation image, and it’s replacement Buscador, I would build my own VMs based on either Debian or Xubuntu, and replicate the things he had done in his builds. This time around, I decided to build my own Xubuntu image, following his guide for the tools.

Here are the things I had to change to get Xubuntu based system set up.

Continue reading

Different ways to use TOR

While catching up on SANS’ Internet Storm Center Storm Cast during my drive, I heard this episode. In it Johannes Ullrich was mentioned this article about using DRM Decloaking TOR users. Short version, users running the Tor Browser Bundle click a link, and Microsoft Windows launches the media player not using the TOR network, exposing the user’s real IP address.

This attack could be mitigated by using TAILS or something else that forces all traffic through TOR. Which made me think I should share all the ways I use TOR.

Continue reading

Doing OSINT

The other day I mentioned Sailing the Sea of OSINT. Then in a Facebook group I’m in, they posted the BBC article about Ambulances Jamming car radios. In the group we made some speculations. But having a bit of a radio background, HAM Radio, CB Radio, and Broadcast Radio in college. I know how some of systems work.

So I went and dug up several articles on their pilot program. None however said how they worked. Just that they worked with the RDS radios in some cars. So I went and looked up RDS. Radio Data Systems, and the similar Radio Broadcast Data Systems in North America, is a protocol for sending data over the airwaves along with an FM signal.

In this case of both, they use PTY tags to associate what the data is. This is the same system that displays  the radio system call sign and song title on some radios. It can do more like say what type of music station it is based off the tags they use. This would allow people to search by genre.

However when they made the protocol they included a tag for Alarms (in the EU) / Emergency (in North America).

Reading up on the receivers with the RDS protocol / system built in they are designed to switch to the frequency broadcasting the Alarm / Emergency tag. Even if the radio is playing a “cassette” (which tells you how old this protocol is), a CD, connected via Bluetooth. Basically, if an RDS equipped radio is turned on it will tune to the station for the frequency the ambulance is broadcasting to.

The neat parts of this, the goal is to make it 10 to 15 seconds of alert, based on the speed of the ambulance. Which tells me the broadcast switch is tied to the Light and Siren switch, as well as either the ambulances GPS or ODB-II port, and the broadcast power is associated off that.

The people that came up with the idea said because Ambulances are getting stuck in traffic and or people are having accidents trying to get out of the way.

This is probably one of the items that really should be considered in Autonomous cars.