IntelTechniques

Today, we released our next digital PDF guide, which is our first for the OSINT Techniques series. Our eBook dedicated to Leaks, Breach, & Logs can now be found at https://inteltechniques.com/book1a.html. Below are the details.

9 chapters | 55,000 words | 162 pages | 8.5" x 11". This digital (PDF) supplement to OSINT Techniques, 10th Edition continues a new approach to our tutorials. It is not a replacement for the printed book, but a much more thorough guide about Leaks, Breaches, & Logs. It provides our entire playbook which we use to locate, acquire, clean, store, and query various online data collections valuable to our investigations. We also explain all daily, weekly, and monthly tasks required to maintain your data collection. All updates are free and delivered digitally.

If you have the 10th edition of OSINT Techniques, you may want to know what is provided in this new Leaks, Breaches, & Logs Digital Edition. Overall, it is a completely rewritten eBook which allowed us to expand on all content related to data collection. All expired and outdated methods were replaced with new techniques, and brand-new topics were introduced throughout. As we explain various Terminal commands, we present practical exercises with real data to make sure you have grasped the concepts. By the time you begin collecting your own data, you will be proficient in the commands required to make the content easily searchable. By the end of the guide, you will be able to fully replicate the databases behind many paid services without spending any money. Combined with the new automated scripts provided on our website, you will be ready to acquire, sort, and query all publicly-available breach data.

INTRODUCTION

CHAPTER 01: Investigative Benefits

CHAPTER 02: Hardware Configuration

CHAPTER 03: Software Configuration

CHAPTER 04: Terminal Commands

CHAPTER 05: Data Leaks

CHAPTER 06: Data Breaches

CHAPTER 07: Stealer Logs

CHAPTER 08: Ransomware

CHAPTER 09: Scripts, Databases, & Backups

CONCLUSION

Posted by Jason Edison

In our online training program we are fortunate to have an active community where members can help drive the curriculum. My favorite recommendations are those which reflect real world scenarios that are directly applicable to our intelligence work. Recently, one of our members presented the following scenario which provides an opportunity to explain the basic use of PGP encryption. Although many of you privacy enthusiasts may use PGP encryption on a regular basis, some of our audience is new to it, so this post will strive to provide a basic explanation.
From time to time while tracking targets online, you have no doubt seen mention of PGP or GPG public keys. References to these keys are often added to online profiles or forum posts as a means of soliciting secure, private communications. There are, of course, plenty of legitimate use cases for encrypting communications, but for our purposes here, we will use an example of communicating with a target as part of a cyber-crime investigation.
Let us say that you are investigating targets who are selling contraband on a popular criminal forum. You locate a post of interest and note that the user has listed a public PGP key as part of their signature line. They also indicate they will not respond to any direct messages which do not use their public key. You wish to initiate communication with the target but are unsure of what a public key is and how to make use of it. The following will give you a simple overview of PGP terminology and how you can use open source tools to send and receive encrypted messages.

Terminology – Public and Private Keys
PGP encryption relies on a key pair commonly referred to as “public” and “private” keys, which are used to encrypt and decrypt digital files (such as an email message). Using our example above, the public PGP key in the signature line can be used by anyone to encrypt a communication, but only our target will be able to decrypt it because they hold the corresponding private key. So if the message is intercepted in transit, it’s useless to anyone except the holder of the private key.
Public keys can be shared openly because they can only be used to lock messages; it is the private key that unlocks the message.

Terminology – PGP, OpenPGP, and GPG
PGP is one of the oldest and most prolific means of encrypting messages for digital communication. One of the most confusing things for people new to PGP is that you will see mention of PGP, OpenPGP, GPG, and GnuPG in similar contexts.
PGP – “Pretty Good Privacy” was created by Phil Zimmermann in the early ‘90s and was the first popular method for encrypting data using private and public key pairs. (https://en.wikipedia.org/wiki/Pretty_Good_Privacy)
OpenPGP – This is not a piece of software, but rather a standard that was developed out of PGP. This is not pertinent to most end users, but you may see it mentioned and it can lead to confusion. (https://openpgp.org)
GPG or GnuPG – “Gnu Privacy Guard” is an updated and popular open source version of PGP maintained by the Gnu Project. This is the version of PGP which I stumble onto most commonly during online operations. (https://gnupg.org/)

PGP Tools
There are many ways to utilize PGP or GPG encryption, but below are some of the most common and easy-to-use tools.
GPG Command line – You can install GPG as a command line tool for your operating system using some of our preferred package managers:
Linux – sudo apt install gpg
MacOS – brew install gnupg
Windows – choco install gpg4win-vanilla

GPG is preinstalled on most Linux distros and Windows users can download GPGWin4 (Kleopatra) directly from https://www.gpg4win.org/). Although the GPG project site has a fair amount of documentation and links, those new to the topic may find it easier to follow the guide at https://emailselfdefense.fsf.org/en/.

Protonmail – If you are using Protonmail you are already using PGP seamlessly to encrypt and decrypt messages between your and other Protonmail accounts. There is also an option to use PGP to communicate with non-Protonmail users and more information can be found at https://proton.me/support/how-to-use-pgp.

GPGTools – This application integrates GPG with Apple Mail. Available at https://gpgtools.org or using the Homebrew command: brew install --cask gpg-suite.

Once you have selected and installed your tool of choice:
1. Use it to create your public/private key pair.
2. Back-up your keys to a secure location such as your password manager or print them out and secure the hard copy in your fire safe.
3. It is important to keep your private key safe and only ever share your public key. Remember, the public key can only lock the file(s), and the private key is what unlocks/decrypts the data.
4. Provide your public key to your target, and going forward, they will be able to send you encrypted messages on any platform.
5. Once they send you their public key, you can add that to your PGP application of choice, and going forward, you will be able to encrypt messages that only your target can later decrypt.
6. Let’s say your target is using Gmail but gives you their public key. You encrypt a message using that key and then paste it into an email sent to their Gmail address. That encrypted message will not be “human readable” and will just look like a mess of random characters. Also, despite the fact that Google scans all Gmail messages, they will not be able to break the encryption, so they cannot analyze and mine the message content.
7. Your target will copy the encrypted text out of that email and paste it into their own PGP application, which will then use their private key to decrypt it.
8. In this fashion, users can use this decades-old form of simple encryption to send private messages on non-private platforms.

For a more detailed demonstration of PGP installation and use cases, we have a new video lesson covering the topic in our online training program. For more information, you can visit https://inteltechniques.net or email [email protected].