I’ve mentioned Justin Seitz’s Automating OSINT before, talking about the Python course. I recently signed up for the Master Course. I only had the money for it due to work reimbursing for me for UMUC CSEC620, and I decided to use a little of that money for self study, not just the next CSEC course.
Tag Archives: osint
SANS Forensics 578
Work recently sent me to SANS Forensics 578, Cyber Threat Intelligence. This was my first SANS class ever, and it was pretty good. The instance of the class I was sent to was presented by Jake Williams and Rebekah Brown. I think having both of them teach the class was great, because it gave more from the trenches view than having just one of them as an instructor.
Automating OSINT Python Course
A few months ago, a friend and co-worker asked if I had seen Automating OSINT. I hadn’t, so I went and checked it out and end up signed up for the free webinar. Turns out I had just missed the previous one by a few hours. And had some time to wait before the next one.
I’ve been wanting to expand beyond just bash scripting for most of my career. I tried learning Perl, and then I tried Python. The Google Python class, the MIT Python Class, Learn Python the Hardware, Think Python, Automate the Boring stuff with Python, and buying Python courses from Boing Boing. Problem is I never finished any of them. I think because I lose interest, and have other things to do.
Book Review: The Complete Guide to Shodan
I’ve stumbled around with Shodan.io for a while now. It’s a great tool, but using it effectively has always eluded me. John Matherly has given me some great advice on twitter, and I like Daniel Miessler’s Shodan Primer. But I never really find the information I need at the time.
While I know it is great to find webcams and spying Super Gnomes, that is just something I don’t use Shodan for. A lot of the reason I use Shodan lately is for work. Usually someone in management asks will if anyone knows what Shodan knows about the company. Which of our systems are listed on there.
Today while stumbling around trying to look up the company name and the netblocks, and using Dan’s cheatsheet (linked above), I noticed a new link on the page. Book.
This link goes to Lean Pub’s “The Complete Guide to Shodan” by John Matherly. It is a pay what you want book. They suggest just under $5.00 USD, for the 60 page booklet. I’m saying it’s worth more than that. I paid $10.00, which I still think is too low for this book.
The book can be delivered to your Kindle or downloaded as a pdf, an Epub, or Mobi file. I grabbed the PDF and Kindle copies of the file (too small to read on my phone and never figured out how to get it to show up in the Kindle Cloud reader).
This book is divided up in to Web Interface, External Tools (like the linux command line), Developer API, Industrial Control Systems, Appendices, and Exercise Solution.
There are exercises at the end of the Web Interface, External Tools, and API sections. Not all of them worked the way they were described in the book. For example I couldn’t find the Rastalvskarn Powerplant, even though it shows up with the link in the solution section.
I’ve read some documents on the API and struggled to get them to work. After reading the book, while I still have some questions, I know I can write the Network Alert that management wants.
Get this book, it’s worth more than anything you’ll pay for it. While it is only just over 60 pages, the content is great! Especially especially the Filter list in Appendix B.
p.s. It is worth getting an account, and paying for access.
I’ve been busy again:
I know I haven’t written here lately, and I’m not getting in the number of blog posts I want per week. However I’ve been busy with school and projects. I only have time right now, because I can only run 1 Raspberry Pi (of 6) at a time (right now), and the first one is going through Kali’s apt-get upgrade. Man talk about not the fastest. Going to clone that drive and copy to other flash drives.
Currently, I’m working on a project for my independent study at Eastern Michigan University. The project and documents have to be turned in by Monday night, so I’ll talk about that after I get the stuff done.
The Eastern Michigan Campus Crime Project turned out really well. My team and I presented on it at Circle City Con in Indianapolis. What I thought was going to be a simple 4 week project will probably take the rest of the year to complete. That’s with 4 of us working on it. There is some more interest on campus and suggestions on how to move this forward. I’ve got a really good team, and I’m really proud to have worked with them on the project.
I also dug out, and updated (slightly) my Human Trafficking talk. I’m a little wary of posting that one. Goes against my OPSEC views, but the presentation is important enough. I will say this, things have changed in a year+ since I stopped working on it. Got some good books to go with it too, I’ll get reviews of them up eventually.
There will be another book review up over the weekend (probably Sunday) as well.
It’s All Source Intelligence, not just osint
I keep forgetting, that my university teaches All Source Intelligence Analysis, not just Open Source, but it is easy to forget when OSINT so prevalent. The school’s classes, and the IASA club does do others.
Yes we do lots of OSINT, and Social Media / Cyber Intelligence looking at the social media sites, ip address related tools, and the logs of the servers. However, we also use other for Cyber Intelligence to see what’s going on, on the servers. We use the logs, the open connections, what’s odd.
We do use tools to track wireless signals, mostly for wifi, but there are a few people at the school, in the IA program looking at more than just wifi. They even ran a Fox Hunt (hid a radio and had people go find it). We use packet captures on networks and on servers to see what is going on, on the wire.
We do Human Intelligence probably the most without realizing it. Any time we have to interact with someone, usually as a customer on the phone. We have to elicit the information needed from them. There is lots of cruft to discard to get the data we need, but we can’t fix their issues until we do. We don’t have to be help desk to get that level. Sure we’re not turning people, to help us spy on things, but it’s still getting the info, finding what is realization via analysis, and then having and end “product”.
I know I’ve used Google Earth to find information, by looking at the images, and building out from there. Where I want to live, aerial views of crime locations, working with a team to plot those locations.
Ok, so I can’t think of anything where MASINT comes in to play, at least not off the top of my head, but I’m sure there is something. I’m sure that mapping out nuclear bomb blast radius for Disaster Recovery at work does not count. Don’t ask, but like I said, I’m pretty sure it didn’t count. I didn’t do measurements and used someone else’s tools on the web which just overlaid on Google Maps. I don’t have a way to test and validate, well I guess I could doing OSINT at a library, and then mapping by hand once I understood the bomb blasts radius.
I must remember, the degree program taught me things that I don’t think about daily too.
Another Tony Mendez book
So at some point, copy write / library of congress page says 2007, Tony and Jonna Mendez wrote a book for the “Scholastic Ultimate Spy Club”. It’s a basic little book written for kids, on the basics of tradecraft. The book title is “Gather Info, Getting the Scoop by Using Your Wits”. When I first saw it on Amazon, I was expecting an adult book on tradecraft, not a kids book.
Since the book arrived last week, without the spy glasses (mirrors on the inside), I kept asking why I paid that much for an out of print kids book. I however went through it in one sitting tonight, since it was 32 pages, and actually was happy with the purchase. The majority of the stuff in it I knew how to do already. Not surprising since this is written for kids. I did have some flash backs to my own mis-spent youth in the 80s and 90s.
The Visual sweep technique, while only one page was really useful. I’m going to put that in to more practice. Short version, stand in the door, look over the room left to right, and observe. Granted I do something like this already, maybe not always left to right, usually as a whole, but still nice to read.
Is it worth the price you’re going to pay for it if you order from a re-seller on Amazon? No, but I bought it because I want to have all of Mendez’s books, for a proper and complete collection. Although, if it had the glasses it would have been even better. There was even a page on OSINT.
Operational Security: It’s harder than it looks
So the other week, I noticed the large collapsible antenna in a back the van in the drive had an amateur radio plate near a friend’s house. Lots of radio amateurs get the plates. No big deal. I pulled out my phone and loaded up my QRZDroid app. It lets people look up who a license is assigned to. For example, if you look up mine it gives you my address and other pertinent info.
Research Project I’m trying to get off the ground
There is a project idea I’ve had for a few months now, tracking what happens to credit and debit cards that get posted to twitter. People are posting pictures of their cards to twitter. If I had to guess, because they are excited, want to show off, and think only their friends can read it.
My name is Chris J, and this is how I do OSINT.
I’ve always been a fan of Lifehacker’s How I Work series, while this isn’t for Lifehacker, this is my “How I do Open Source Intelligence”. Recently a friend called and asked how I tracked data when doing OSINT. These are the tools and processes I use. It’s the what works for me, and your mileage may vary.
The tools I use are a legal pad, a computer, a web browser, a personal wiki, a data analysis tool and depending on the work Tails and a SD card.