Tag Archives: linux

Building an OSINT box based on Open Source Intelligence Techniques 7th edition.

Leave a reply

This is a six-part series covering my experience modifying the instructions to build an Investigation VM from Open Source Intelligence Techniques by Michael Bazzell.

I made the VM to follow along with his online course that I bought last year but haven’t had time to work through. The course was originally built for the Buscador OS, but that distribution is no more.

Part 1: The Install
Installing Xubuntu as a VM

Part 2: Personalization
Configuring the VM to remove applications that leak data, and remove annoyances

Part 3: Configuring Firefox
Setting up Firefox for doing OSINT Investigations

Part 4: Configuring Chrome
Configuring Chrome for OSINT Investigations

Part 5: Setting up Linux Applications
Installing other applications to aid in capturing the information needed for OSINT investigations

Part 6: Finishing Setup
Final setups, and closing thoughts.

Building an OSINT box based on Open Source Intelligence Techniques 7th edition. Part 5, Setting up Linux Applications.

Leave a reply

Welcome back. Sorry about the delay, but I wanted to get the post about fixing the NAS posted before I continued. This post has also been sitting waiting for editing for a bit. Picking up where we left off, I’m going to discuss the changes between Michael Bazzell’s book, and my experiences of setting up the system using Xubuntu.

Continue reading

Raspi-NAS rebuild and data recovery

Leave a reply

Shortly after rebuilding my Raspberry NAS last year, it stopped working again. The system wouldn’t boot right, even after changing the micro-SD card with a new build of Raspbian. A few weeks ago, I bought a new Pi 3 b and rebuilt the NAS again. When the system powered on, one of the USB drives wasn’t working. It looked like the file system was corrupt. During attempts to recover the USB drive, it stopped being readable. Both my Windows and Linux computers could see the USB drive, but not the file system, or the data. I re-formatted the disc drive, and it started working fine, it just had no data on it.

Continue reading

Building an OSINT box based on Open Source Intelligence Techniques 7th edition. Part 4, Configuring Chrome.

Leave a reply

Sorry, this was a little late, I spent the last few weeks rebuilding my Raspberry Pi NAS, again. I’ll be doing a write up on that in the near future.

This post is the fourth part of the series building my OSINT VM to do Open Source Intelligence. These are my experiences using a different Xubuntu for my base, compared to Michael Bazzell’s walkthrough in his book, which used Ubuntu.

There are two sections to this posting. Chrome, and TOR. Though I didn’t do much with TOR.

Continue reading

Building an OSINT box based on Open Source Intelligence Techniques 7th edition. Part 3, Configuring Firefox.

Leave a reply

Welcome back to my series of setting up Virtual Machined to do OSINT. I’m setting up an OSINT investigation system based on Michael Bazzell’s 7th Edition OSINT book, but I’m using Xubuntu instead of Ubuntu. Remember, this series is about the differences I found between the walkthrough in the book and setting up my environment on a different Distribution.

Continue reading

Building an OSINT box based on Open Source Intelligence Techniques 7th edition. Part 2: Personalization.

Leave a reply

In this post, I’ll be talking about the personalization steps covering the differences between Michaels’s text and the steps to do the same in Xubuntu. As I stated in the last post, I’m building a new OSINT Investigations VM based on Michael Bazzel’s book. In the previous post, I covered the differences between his book and my choice of using Xubuntu instead of Ubuntu.

Continue reading

Building an OSINT box based on Open Source Intelligence Techniques 7th edition. Part 1, the Install

Leave a reply

In the latest edition of his book, Michael Bazzell has decided to teach OSINT investigators to be self-sufficient when it comes to their tools. Gone is his OSINT powerhouse VM Buscador. Gone are the free tools he used to host. Instead, because things change and disappear, he has decided to teach people to build their own tools.

He uses Ubuntu as the base for the Virtual Machine in the walkthroughs. I didn’t care for Ubuntu, mainly because I’m not too fond of the default desktops. Honestly, I prefer running Debian with XFCE. But for quick installations, I go with Xubuntu. I say quick installs because it usually works out of the box, whereas Debian usually takes me days of tweaking to get it right.

In the past, before his old investigation image, and it’s replacement Buscador, I would build my own VMs based on either Debian or Xubuntu, and replicate the things he had done in his builds. This time around, I decided to build my own Xubuntu image, following his guide for the tools.

Here are the things I had to change to get Xubuntu based system set up.

Continue reading

productivity vs tweaking

Leave a reply

I’ve been wanting to switch back to a Linux based system for a while. Main hold up has been school. Recently I  got to rebuild my travel laptop to run Linux.

I started with Debian, but after 2 days and a bunch of tweaking of the system and still not to the point of of actually start working.

So out goes Debian, in moves Xubuntu. A couple of hours later up and running. Disappointed, I’d rather be running Debian. But I really don’t have the time to spend doing endless tweaking. I have several other things to do.

more mailserver fun

Leave a reply

I’m still working through my quarantine folders. There are about 300 emails in each folder, and there are 62 folders. The folders are named 0-9, a-z, and A-Z. I don’t know why SpamAssassin / Amavisd on Debian does it that way, but it does.

Anyway going through them one at time with zless, and then rm was a bit of a pain. So I wrote a quick little one-liner to help:

The problem is, not all of the files are in gzip format, so it didn’t display those. And going in and out of the page system for Less was an annoying flash between the pager system and the normal terminal output.

So I improved it, using zcat, because I had some issues with zgrep not supporting some grep switches, like recursive.

Now it didn’t launch the pager, so no flashing. The second thing it did was give me just the To, From, Subject, and Date fields, and I could decide to delete or not based on block of info provided. Downside was it still didn’t handle the non-gzip files.

So when I got up today, I thought why not create a shell script to do this. And I can add in the feature to release false positives that SpamAssassin put in the folders.

So I now have a Mail Administration script in my DFIR repository on GitHub, that will check if it is gzip or not. Use the right form of grep, show info, and ask what to do with the file, release or delete (or nothing if you don’t use r or d as the answer).

Still some minor issues with the script:

  1. Must be ran as root, or someone else that has access to the virusmail sub-directories. in my case that means root since the mail accounts have /bin/false set up for shells.
  2. To be more portable it has to be called from spam sub-directory. In my case spam is in /var/lib/amavis/virusmails/. Which means I have to go there, and then in to one of the 0-9, a-z, or A-Z directories first. Like so:

     
  3. I still have 300 or so emails in each folder so I’d rather work 1 folder at a time right now to clear them.

Future plans for the script:
Ask the user where their spam folder is, so the script can be called outside of those folders, and enumerate all the sub-folders.

I also have to find out if the 0-9a-zA-Z is the same for all versions of software or if that is just a Debian thing.