Remerciez-le!

Remerciez @Admin pour avoir partagé cet document gratuitement, de la manière la plus simple, en partageant sur les réseaux sociaux.

2019 OSINT Guide January 5, 2019 · 17 minutes read osint I have been doing a lo

2019 OSINT Guide January 5, 2019 · 17 minutes read osint I have been doing a lot of Open-Source Intelligence (OSINT) lately, so to celebrate 2019, I decided to summarize a lot of tips and tricks I have learned in this guide. Of course, it is not the perfect guide (no guide is), but I hope it will help beginners to learn, and experienced OSINT hackers to discover new tricks Methodology The classic OSINT methodology you will find everywhere is strait-forward: Define requirements: What are you looking for? Retrieve data Analyze the information gathered Pivoting & Reporting: Either define new requirements by pivoting on data just gathered or end the investigation and write the report. This methodology is pretty intuitive and may not help much, but I think it is still important to go back to it regularly, and take the time to make an interation of the loop. Very oxen during  BLOG RESOURCES  EN Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD investigations, we get lost into the amount of data gathered, and it is hard to have a view of what direction should the investigation take. In that case, I think it is helpful to take a break and go back to step 3 and 4: analyze and summarize what you have found, list what could help you pivoting and define new (or more precise) questions that still need answers. The other advices I would give are: Never give up: there will be a time where you have the feeling you have explored all the possibilities to get information. Don’t give-up. Take a break (an hour, or a day doing something else), then analyze your data once again and try to see them with a diwerent perspective. Is there a new piece of information you could pivot on? What if you asked the wrong questions at first? Justin Seitz recently wrote a blog post about tenacity giving a couple of examples where tenacity paid ow. Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD Keep Evidences: Information disappear online very quickly. Imagine you do a single opsec mistake, like clicking on a like on a tweet or the person you are reseaching start to be suspicious, suddently all the social media accounts and websites can disappear from one day to the other. So keep evidences: screenshots, archives, web archives (more information later) or anything else that works for you. Timelines are good: in forensic, timeline and pivoting on events happening in the same time is key. It is definitely not as important in OSINT but still a very interesting tool to organize your data. When was the website created? When was the FB account created? When was the last blog post done? Having all this in a table oxen give me a good view of what I am looking for. Then there are two other methods I find useful. The first one are flowcharts to describe the workflow to search for more information based on a type of data (like an email). The best one I have seen are the one done by Michael Bazzell at IntelTechniques.com. For instance here is Michael Bazzell workflow when researching information on an email address: Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD Email OSINT WorkFlow by Michael Bazzell Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD Axer some time, I think it is a good idea to start developing your own investigation workflow and slowly improve it over time with new tricks you find. The last methodology I would recommend for long investigations is the Analysis of Competing Hypotheses. This methodology was developed by the CIA in the 70’s to help analyst remove bias from their analysis and carefully assess the diwerent hypotheses. Bear in mind that it is a heavy and time-consuming tool, but if you are lost into a year long investigation, sometimes it is good to have a process helping you carefully evaluate your hypotheses. Prepare Your System Before jumping into the investigation, there are a couple of operational security aspects you should consider in order to avoid alerting the people you are researching about. Visiting an obscure personal website could give your IP address and hence your location to your target, using your personal social media account could lead to a click on a like by mistake. etc. I follow the following rules when doing my investigations: Use a commercial VPN or Tor for all connections from your investigation browser. Most commercial VPNs provide servers in diwerent countries and Tor allows you to choose the exit node country so I try to choose a country that would not raise a flag in that context (US for an investigation on a US organisation etc.). Do all the scans and crawling tasks from a cheap VPS that has no link with you. Use social media accounts dedicated to investigation and created under a fake name. Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD With all this done, you can now investigate as late in the night as you want, it is pretty unlikely that people will be able to identify who is looking for them. Tooling The question of tool is always a curious one in infosec, nothing bother me more than people listing endless list of tools in their CV and not skills they have. So let me say it clearly: tools does not matter, it is what you do with tools that matter. If you don’t know what you are doing, tools won’t help you, they will just give you a long list of data that you won’t be able to understand or assess. Test tools, read their code, create your own tools etc, but be sure that you understand what they do. The corollary of that is that there is not perfect toolkit. The best toolkit is the one you know, like and master. But let me tell you what I use and what other tools may be of interest to you. Chrome and Plugins I use Chrome as my investigation browser, mostly because Hunchly is only available for Chrome (see axer). I add to it some helpful plugins: archive.is Button allows to quickly save a webpage in archive.is (more about this later) Wayback Machine to search for archived page in the archive.org Wayback machine OpenSource Intelligence gives a quick access to many OSINT tools EXIF Viewer allows to quickly view EXIF data in images FireShot to take screenshot quickly Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD Hunchly I recently started to use Hunchly and it is a great tool. Hunchly is a Chrome extensions that allows to save, tag and search all the web data you find during investigation. Basically, you just have to click on “Capture” in the extension when you start an investigation, and Hunchly will save all the webpages you visit in a database, allowing you to add notes and tags to them. It costs USD130 / year, which is not that much considering how helpful it is. Screenshot of the Hunchly Dashboard Maltego Maltego is more a threat intelligence tool than an OSINT tool and has many limitations, but a graph is oxen the best way to represent and analyze investigation data and Maltego is good for that. Basically Maltego ower an GUI to represent graphs, and transforms to find new data in the graph Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD (for instance, domains linked to an IP address from a Passive DNS database). It is a bit expensive (USD999 / year the first year, then USD499 / year for renewal) and may only be worth it if you are also doing threat intelligence or a lot of infrastructure analysis. You can also use the Maltego Community Edition which limit the utilization of transform and the size of graph, but it should be largely enough for small investigations. Screenshot of Maltego (source: Paterva) Harpoon I have developed a command-line tool called Harpoon (see the blog post here for more details). It started as a threat Intelligence tool but I have added many commands for OSINT. It is working with python3 on Linux (but MacOS and Windows should work too) and open source. Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD For instance, you can use Harpoon to search for a PGP key on key servers: $ harpoon pgp search tek@randhome.io [+] 0xDCB55433A1EA7CAB 2016-05-30 Tek__ tek@randhome.io There is a long list of plugins, feel free to suggest or develop more or to create issues for new interesting features. Python Very oxen, you will end up with specific data gathering and visualization tasks that cannot be done easily with any tool. In that case, you will have to write your own code. I use python for that, any modern uploads/Geographie/ 2019-osint-guide.pdf