An introduction to Open Source IntelligenceAn introduction to Open Source Intelligence Introduction...
47
www.8arc.com An introduction to Open Source Intelligence
Transcript of An introduction to Open Source IntelligenceAn introduction to Open Source Intelligence Introduction...
www.8arc.com
AnintroductiontoOpenSourceIntelligence
www.8arc.com
Introduction
www.8arc.com
OpenSourceIntel:whatisit?
wheretofindit?andwhydoweneedit?
www.8arc.com
Data
Information
Intelligence
www.8arc.com
Closed
• InternalCorporateInformation• IntelligenceDatabase• RiskManagementDocuments• Partner(Agency)Data• Profiles:current+previous• WebsiteAnalytics(Internal)• BIData• FinancialData• IntellectualProperty• CRMs• HRrecords
ClosedvsOpenSourceOpen
• Accounts• Whois• Google(searchengines)• Publicfacingdocuments• NewsChannels• PeertoPeerForum• WebsiteAnalytics(External)• SocialMedia• CompanyInformation• Personneldetails
www.8arc.com
“WhenItookoffice,onlyhighenergyphysicistshadeverheardofwhatiscalledtheWorldWideWeb,nowevenmycathasit’sownpage.”
BillClinton,exAmericanPresident
www.8arc.com
We’realwayslookingforentitiesandlinks!
Themorewehavetheclearerthepicture
www.8arc.com
InvestigationEnvironment
www.8arc.com
Thingstoconsider?
• Standalonenetwork/machine• Dedicatedbroadband– dynamicIPaddress(mobilebroadband)• Backupbroadband&network/machine• Standardsoftware– antivirus,firewall,IDS/IPS/OperatingSystem,browseretc.• Specialistsoftware– OSINT/intelligence/evidentialsoftware &capturetools• Onlinelegends• VisualisationTools• Buildajumpkit
www.8arc.com
Alsoconsider…
• Defineasetfilestructure• Setafilenamingconvention• Keepaninvestigationlog/workbook• InvestigationPlan• Riskassessment• VPNs&Proxies(AWS)• Setyourstandpointonanonymity
www.8arc.com
Anonymity
www.8arc.com
• Digitalfootprintsarethetrailleftbyinteractionswithdigitalenvironments
• Theseinteractionsareusedtoprofileyou• Tofootprintornottofootprint?
Anonymity&DigitalFootprints
www.8arc.com
OperatingSystemsPros&Cons• Linux• Windows• MacOS• Chrome• IOS• Android• (VirtualMachines)
www.8arc.com
Browsers,DevOptions,Add-ons
www.8arc.com
Browsers
www.8arc.com
LynxTextBrowser
www.8arc.com
BrowsersDevOptions
www.8arc.com
BrowserAdd-Ons
www.8arc.com
Demo- Lightbeam
www.8arc.com
Add-ons– afewmore• ExifViewer– (AlanRaskin)• FireShot• Unshorten.it!• UserAgentOverrider• Livehttpheaders• CookiesManager+
www.8arc.com
Windows+R%APPDATA%thenMozilla– Firefox- Profiles
SelecttherightprofileSelectExtensions
Add-OnswillbeinanxpifileExtractasyouwouldazipfile
Ifyoudon’tlikesomething,Changeit!
www.8arc.com
CaptureTools
www.8arc.com
SnagIt/Camtasia
www.8arc.com
FireShot
www.8arc.com
Httrack
www.8arc.com
SearchEngines
• Google• Bing• Yahoo• Duckduckgo• Dogpile• Httrack?
www.8arc.com
www.8arc.com
GoogleHacking
•Cache:•Intitle:•Allintitle:•Inurl:•Allinurl:•Filetype:(orext:)•Allintext:
•Site:•Link:•Inanchor:•Daterange:•Numrange:•View-source
www.8arc.com
GoogleHacking• Cache:‘&strip=1’usedwiththe‘cache:’operator• Stringsearchbyuseofspeechmarks“”• Logical(Boolean)Operators:• ‘AND’‘+’• ‘NOT’‘-’• ‘OR’‘|’
www.8arc.com
OtherGoogleareasofinterest:• News• Finance• Groups• Images• Blogs• Scholar
www.8arc.com
GoogleHacking
Demonstration
www.8arc.com
ContentDeliveryNetworks
•Asystemofdistributedserversthataccelerates delivery ofwebsites,APIs,video content orotherwebassets.
www.8arc.com
Example– AWSCloudFront
www.8arc.com
BuildingaJumpKit
www.8arc.com
Robtex
www.8arc.com
DomainTools
www.8arc.com
A fewmorefavs• CompaniesHouse• Companycheck.co.uk• Namesense.com• SameID.net• Builtwith.com• Majestic.com(SEOBacklinkChecker)
www.8arc.com
PortableApps
www.8arc.com
Automation&Visualisation
www.8arc.com
Maltego
www.8arc.com
Man&Machine
Machinesaregoodatautomation=transformsHumansaregoodatpatternrecognition=visualgraph
www.8arc.com
Sowehave...
Maltegoconcept:• Entities:‘things’– informationtype• DNSName/Person/Phonenumber/more...
• Transforms:movesonetypeofthingtoanothertype• DNSresolving/Searching/Databaseaccess/Deepweb
www.8arc.com
Maltego
www.8arc.com
VisualProgramming
www.8arc.com
VisualProgrammingviaRapidminer
www.8arc.com
VisualProgramming
