www.8arc.com

AnintroductiontoOpenSourceIntelligence

www.8arc.com

Introduction

www.8arc.com

OpenSourceIntel:whatisit?

wheretofindit?andwhydoweneedit?

www.8arc.com

Data

Information

Intelligence

www.8arc.com

Closed

• InternalCorporateInformation• IntelligenceDatabase• RiskManagementDocuments• Partner(Agency)Data• Profiles:current+previous• WebsiteAnalytics(Internal)• BIData• FinancialData• IntellectualProperty• CRMs• HRrecords

ClosedvsOpenSourceOpen

• Accounts• Whois• Google(searchengines)• Publicfacingdocuments• NewsChannels• PeertoPeerForum• WebsiteAnalytics(External)• SocialMedia• CompanyInformation• Personneldetails

www.8arc.com

“WhenItookoffice,onlyhighenergyphysicistshadeverheardofwhatiscalledtheWorldWideWeb,nowevenmycathasit’sownpage.”

BillClinton,exAmericanPresident

www.8arc.com

We’realwayslookingforentitiesandlinks!

Themorewehavetheclearerthepicture

www.8arc.com

InvestigationEnvironment

www.8arc.com

Thingstoconsider?

• Standalonenetwork/machine• Dedicatedbroadband– dynamicIPaddress(mobilebroadband)• Backupbroadband&network/machine• Standardsoftware– antivirus,firewall,IDS/IPS/OperatingSystem,browseretc.• Specialistsoftware– OSINT/intelligence/evidentialsoftware &capturetools• Onlinelegends• VisualisationTools• Buildajumpkit

www.8arc.com

Alsoconsider…

• Defineasetfilestructure• Setafilenamingconvention• Keepaninvestigationlog/workbook• InvestigationPlan• Riskassessment• VPNs&Proxies(AWS)• Setyourstandpointonanonymity

www.8arc.com

Anonymity

www.8arc.com

• Digitalfootprintsarethetrailleftbyinteractionswithdigitalenvironments

• Theseinteractionsareusedtoprofileyou• Tofootprintornottofootprint?

Anonymity&DigitalFootprints

www.8arc.com

OperatingSystemsPros&Cons• Linux• Windows• MacOS• Chrome• IOS• Android• (VirtualMachines)

www.8arc.com

Browsers,DevOptions,Add-ons

www.8arc.com

Browsers

www.8arc.com

LynxTextBrowser

www.8arc.com

BrowsersDevOptions

www.8arc.com

BrowserAdd-Ons

www.8arc.com

Demo- Lightbeam

www.8arc.com

Add-ons– afewmore• ExifViewer– (AlanRaskin)• FireShot• Unshorten.it!• UserAgentOverrider• Livehttpheaders• CookiesManager+

www.8arc.com

Windows+R%APPDATA%thenMozilla– Firefox- Profiles

SelecttherightprofileSelectExtensions

Add-OnswillbeinanxpifileExtractasyouwouldazipfile

Ifyoudon’tlikesomething,Changeit!

www.8arc.com

CaptureTools

www.8arc.com

SnagIt/Camtasia

www.8arc.com

FireShot

www.8arc.com

Httrack

www.8arc.com

SearchEngines

• Google• Bing• Yahoo• Duckduckgo• Dogpile• Httrack?

www.8arc.com

www.8arc.com

GoogleHacking

•Cache:•Intitle:•Allintitle:•Inurl:•Allinurl:•Filetype:(orext:)•Allintext:

•Site:•Link:•Inanchor:•Daterange:•Numrange:•View-source

www.8arc.com

GoogleHacking• Cache:‘&strip=1’usedwiththe‘cache:’operator• Stringsearchbyuseofspeechmarks“”• Logical(Boolean)Operators:• ‘AND’‘+’• ‘NOT’‘-’• ‘OR’‘|’

www.8arc.com

OtherGoogleareasofinterest:• News• Finance• Groups• Images• Blogs• Scholar

www.8arc.com

GoogleHacking

Demonstration

www.8arc.com

ContentDeliveryNetworks

•Asystemofdistributedserversthataccelerates delivery ofwebsites,APIs,video content orotherwebassets.

www.8arc.com

Example– AWSCloudFront

www.8arc.com

BuildingaJumpKit

www.8arc.com

Robtex

www.8arc.com

DomainTools

www.8arc.com

A fewmorefavs• CompaniesHouse• Companycheck.co.uk• Namesense.com• SameID.net• Builtwith.com• Majestic.com(SEOBacklinkChecker)

www.8arc.com

PortableApps

www.8arc.com

Automation&Visualisation

www.8arc.com

Maltego

www.8arc.com

Man&Machine

Machinesaregoodatautomation=transformsHumansaregoodatpatternrecognition=visualgraph

www.8arc.com

Sowehave...

Maltegoconcept:• Entities:‘things’– informationtype• DNSName/Person/Phonenumber/more...

• Transforms:movesonetypeofthingtoanothertype• DNSresolving/Searching/Databaseaccess/Deepweb

www.8arc.com

Maltego

www.8arc.com

VisualProgramming

www.8arc.com

VisualProgrammingviaRapidminer

www.8arc.com

VisualProgramming

www.8arc.com

?connect@8arc.comTwitter- @andy8arcFacebook- 8ARCLTD