Author: michaelbazzell

UNREDACTED Magazine Status

It has been a year since the last issue of UNREDACTED Magazine, which has prompted many people to ask about future issues. First, the magazine is not 'dead'. Much like the podcast, it is simply on a hiatus. Many people falsely report online that the podcast and magazine are officially never coming back, which is contradictory to my previous post. The reason there have been no issues of the magazine is simply a lack of submissions. While things started strong, the last couple of issues were a struggle for content. Right now, there have been only three article submissions received since January of 2023. Therefore, I have put no effort into another issue.

The magazine is a community-driven product. Without the community driving it, it will go nowhere. If you would like to submit an article, please email it to [email protected]. If enough content is received, I will happily publish the next issue. Without content, there is nothing to publish. I know there is interest, as we still receive emails every day asking about the next issue.

Sponsors are lined up to pay the costs and keep the content free, but there lies other problems. We received constant complaints about having sponsors. Most readers demanded free content without ads, which is unrealistic. Many readers only want ads from companies they already like, which defeats the point of advertisements. The moment we have an ad for a provider different than the one preferred by much of the community, the emails roll in threatening to never read another (free) issue unless we eliminate the current sponsor. I was even bashed online by a CEO of a company which competes with one of our sponsors for allowing anyone but them to place an ad (which they declined to do). Overall, ads may not be worth the hassle.

We have considered a small fee per issue, but the credit card fraud which comes with that is an even bigger issue. What is the solution? I do not know yet. If the articles pour in, I will figure it out.

Digital Guide Updates

To help ring in the new year, we have updated all five digital guides. If you purchased any, please check your email for the download link(s). If you would like more information on these guides, please visit https://inteltechniques.com/books.html. The following provides details of each update:

OSINT Techniques-Leaks, Breaches, & Logs (2024.01.01):
Page 6: Provided a new email address for reporting broken techniques.
Page 82: Added a new section about telephone number leaks.
Page 83: Added a new section about Facebook telephone number leaks.
Page 84: Added a new section about Instagram telephone number leaks.
Page 85: Removed Verifications.io reference due to dead links (to be replaced soon).
Page 106: Added Rename installation command for Linux.
Page 108-109: Added new online breach search resources.
Page 126: Updated stealer log commands to extract additional password files.
Page 133: Reorganized Telegram channel information, added new rooms, and added search query.
Page 140: Added alternative ransomware monitoring option.
Page 161-164: Added a new section for creating SQLite databases.
Pages 171-172: Added new pages summarizing all digital books content.
Entire Guide: Corrected minor typos and grammar.

Extreme Privacy-Mobile Devices (2024.01.01):
Page 6: Provided a new email address for reporting broken techniques.
Pages 25-26: Added section about Vanadium's custom search options.
Page 49: Applied very minor update to the Mint Mobile data plan.
Pages 79 & 146: Slight clarification on Acrobits software requirements.
Pages 157-158: Added new pages summarizing all digital books content.
Entire Guide: Corrected minor typos and grammar.

Extreme Privacy-macOS Devices (2024.01.01):
Page 6: Provided a new email address for reporting broken techniques.
Page 106: Added commands to the Homebrew uninstall script to clean up data.
Pages 114-115: Added new pages summarizing all digital books content.
Entire Guide: Corrected minor typos and grammar.

Extreme Privacy-Linux Devices (2024.01.01):
Page 6: Provided a new email address for reporting broken techniques.
Pages 105-106: Added new pages summarizing all digital books content.
Entire Guide: Corrected minor typos and grammar.

Extreme Privacy-VPNs and Firewalls (2024.01.01)
Page 6: Provided a new email address for reporting broken techniques.
Pages 93-94: Added new pages summarizing all digital books content.
Entire Guide: Corrected minor typos and grammar.

All Digital Guides Now Available as Gifts

After releasing our latest digital guide, we have now made all seven of our eBooks available as gifts. Whether you purchase one or all PDF guides, you now have an option at checkout to gift the purchase to someone else. You can even choose the date when they will receive the files. Click the purchase links within any of our guides to send a gift this season.

OSINT Techniques: 10th Edition
OSINT Techniques: Leaks, Breach, & Logs
Extreme Privacy: 4th Edition
Extreme Privacy: Mobile Devices
Extreme Privacy: macOS Devices
Extreme Privacy: Linux Devices
Extreme Privacy: VPNs & Firewalls

OSINT Leaks, Breaches, & Logs Guide

Today, we released our next digital PDF guide, which is our first for the OSINT Techniques series. Our eBook dedicated to Leaks, Breach, & Logs can now be found at https://inteltechniques.com/book1a.html. Below are the details.

9 chapters | 55,000 words | 162 pages | 8.5" x 11". This digital (PDF) supplement to OSINT Techniques, 10th Edition continues a new approach to our tutorials. It is not a replacement for the printed book, but a much more thorough guide about Leaks, Breaches, & Logs. It provides our entire playbook which we use to locate, acquire, clean, store, and query various online data collections valuable to our investigations. We also explain all daily, weekly, and monthly tasks required to maintain your data collection. All updates are free and delivered digitally.

If you have the 10th edition of OSINT Techniques, you may want to know what is provided in this new Leaks, Breaches, & Logs Digital Edition. Overall, it is a completely rewritten eBook which allowed us to expand on all content related to data collection. All expired and outdated methods were replaced with new techniques, and brand-new topics were introduced throughout. As we explain various Terminal commands, we present practical exercises with real data to make sure you have grasped the concepts. By the time you begin collecting your own data, you will be proficient in the commands required to make the content easily searchable. By the end of the guide, you will be able to fully replicate the databases behind many paid services without spending any money. Combined with the new automated scripts provided on our website, you will be ready to acquire, sort, and query all publicly-available breach data.
INTRODUCTION
CHAPTER 01: Investigative Benefits
CHAPTER 02: Hardware Configuration
CHAPTER 03: Software Configuration
CHAPTER 04: Terminal Commands
CHAPTER 05: Data Leaks
CHAPTER 06: Data Breaches
CHAPTER 07: Stealer Logs
CHAPTER 08: Ransomware
CHAPTER 09: Scripts, Databases, & Backups
CONCLUSION

Login Notification Benefits

Hopefully, we are all using secure unique passwords and proper two-factor authentication (2FA) on every account which supports it. This alone will stop most online attacks. However, I believe login notifications are just as important. Unfortunately, many services do not provide this feature, which I hope changes soon. A login notification gives you a warning that someone (possibly you) has accessed one of your online accounts. A great example of this is Standard Notes. Any time I log into my account from a new device or browser, I receive the following alert.

This is vital to me since I use Standard Notes as my primary 2FA token solution. Some may view this notification upon every new login to be an annoyance. I find it reassuring. If someone is able to access my account via credentials and 2FA, I have a big problem. I have comfort knowing that Standard Notes will alert me if this happens, even if that means a false alert when I access my own account. You may already have this feature enabled, but this can be confirmed in the following setting.

Make sure the mute option is disabled to receive alerts. This behavior is on by default with secure messaging service Wire. Upon every login, I receive the following.

Again, if someone successfully accesses my account I receive a notice. Some financial institutions provide similar services, but there can be settings which block the notification. With one financial institution, notifications are blocked throughout the night by default. I assume this is to prevent waking you up, but it offers an open schedule to criminals. The following default settings should be changed to "Send messages any time".

Proton offers this service, but in a different way. You must have the mobile app installed on a device to receive the notification. Upon successful login, a system notification from Proton is presented on your mobile device, which opens a browser to display a website with generic details.

If you host a web site, you should enable notifications on the host account page and within cPanel. After configuring the following menu in the "Contacts" setting, you will begin receiving new notifications via email of every login, FTP access, etc.

Knowing the IP address of the access is great. I wish all services offered this feature. The following is my email notification during testing.

Proton offers the ability to capture the IP address of every login, but I do not enable the feature. I only enable "authentication logs" without "advanced logs", as seen below. I do not want Proton storing my access IP addresses, even if they are encrypted. Besides, anyone who successfully accessed my account would be using a VPN anyway.

Throughout a typical day, I receive many of these alerts since I wipe my stored logins every night. I am never annoyed. I wish more services offered a similar service. Receiving false alerts due to my own actions is justified. If a notification arrives without my action, I know I have a problem. The absence of alerts gives me comfort as I know those accounts are currently safe. Please consider researching your own accounts to see what options are available. Make sure your settings are optimal, and check them again every few months. When you find a high-risk account which does not offer any login notification option, let the service provider know you want it. If enough of us demand change, we just might get it.