macOS Telemetry Update

Two weeks ago, I posted a blog (and podcast) about my customization within Little Snitch which eliminates much of macOS's telemetry. Since then, my computer has had time to alert me to new process connection attempts which has extended my settings considerably. The following image displays a partial view of my current settings, which do not appear to break any vital macOS functions. Note that I added a few key privacy apps in order to display some optimal settings.

As an example, notice that Signal is allowed to connect to its own servers, but all else is blocked. This prevents URLs from being fetched when typed within a message. Linphone is allowed to connect to my VOIP providers, but not allowed to send any data to their own servers. KnockKnock is allowed to query VirusTotal, but not send any telemetry back to the provider. All Microsoft, Adobe, and VLC  connections are blocked.

Sherloq: An Open Source Image Forensic Toolset

In my OSINT book, I spoke very favorably of Foto Forensics (http://fotoforensics.com) as an online tool which could examine details of a photo including metadata and image analysis. This could help identify areas of an image which have been manipulated plus many other features. Foto Forensics has been blocking VPN addresses lately, and I have always been a bit uncomfortable uploading images associated with my investigations. This is where Sherloq (https://github.com/GuidoBartoli/sherloq) enters our arsenal of tools.

Sherloq includes the same features, but runs 100% locally on your machine. It works within Windows, Mac, and Linux. Since I use Linux VM's within my book and my investigations, I will only focus on Linux installation. Furthermore, I have created a desktop launch script which matches the other apps within my OSINT VM. I have updated the linux.txt file within the book resources page (link included in your book) with the full directions, but I will also include them below. These are modified from the instructions at the source to match the needs of the VM from my book. Images of the tool with sample photos is at the end of this post.

Installation:

cd ~/Downloads/Programs
mkdir Sherloq
cd Sherloq
sudo apt install python3-distutils python3-dev python3-testresources subversion -y
sudo python3 -m pip install virtualenv virtualenvwrapper
echo -e "\n# Python Virtual Environments" >> ~/.bashrc
echo "export WORKON_HOME=$HOME/.virtualenvs" >> ~/.bashrc
echo "export VIRTUALENVWRAPPER_PYTHON=/usr/bin/python3" >> ~/.bashrc
echo "source /usr/local/bin/virtualenvwrapper.sh" >> ~/.bashrc
source ~/.bashrc
mkvirtualenv sq -p python3
git clone https://github.com/GuidoBartoli/sherloq.git
cd sherloq/gui
sudo python3 -m pip install -r requirements.txt

Add a launch icon:

curl -u UsernameFromBook:PasswordFromBook -O https://inteltechniques.com/osintbook8/vm-files/shortcuts/sherloq.desktop
sudo mv sherloq.desktop /usr/share/applications/
cd /usr/share/applications/
sudo chown --reference=usertool.desktop sherloq.desktop
sudo chmod +x sherloq.desktop

This will add a new shortcut in your Applications menu to launch Sherloq.

The Privacy, Security, & OSINT Show – Episode 230

EPISODE 230-Personal Data Removal Revisited

This week I revisit my methods for personal online data removal, offer a new free removal workbook, plus two new OSINT tips.

Direct support for this podcast comes from sales of my books, services, and online training. More details can be found at IntelTechniques.com. Your support eliminates any ads, sponsors, endorsements, Patreon, donations, or commercial influence on this show.


SHOW NOTES:

INTRO:

None

UPDATES:

None

PERSONAL DATA REMOVAL REVISITED:

PDF: https://inteltechniques.com/data/workbook.pdf
HTML: https://inteltechniques.com/workbook.html

How do I know what data the sites have?
What is the optimal removal method?
How long will it take?
What if I am blocked because of a VPN?
What if they don't respond?
Do I have to complete every site?
How often should I revisit?
Should I remove my family?
How do I remove 'difficult' content
Should I hire a company to do it?
Will this impact a security clearance?
Is there any point any more?

OSINT:

Reverse Opt-Out for OSINT
https://inteltechniques.com/blog/2021/08/10/an-analysis-of-the-intelx-scrape/


Free Workbooks: https://inteltechniques.com/links.html

Affiliate Links:
ProtonVPN: https://go.getproton.me/aff_c?offer_id=26&aff_id=1519&url_id=282
ProtonMail: https://go.getproton.me/aff_c?offer_id=26&aff_id=1519&url_id=267
SimpleLogin Masked Email: https://simplelogin.io?slref=osint
Silent Pocket: https://silent-pocket.com/discount/IntelTechniques
Amazon: https://amzn.to/3eCjp7J


An Analysis of the IntelX Scrape

I saw an interesting post on RaidForums today. If you are not aware, RaidForums is a website where people share/trade/sell data breaches. When you see a news article refer to a top secret, underground, hidden site, on the DARK network, they are probably just referring to RaidForums, which is easily accessible within any web browser. What caught my eye was the title of "scrape of pastes on intelx.io". IntelX is a website which I have used in the past to search for content within Pastebin archives. IntelX charges from $2,000 to $10,000 per year to access data publicly scraped from Pastebin, but I have always encouraged people to take advantage of free trials whenever the need surfaced. A complete collection of the entire IntelX archive seemed like a useful data set. I grabbed a copy and dug in.

The data set contained 87,813 text files which each appear to be complete scrapes of each paste represented. The decompressed size was just over 6GB. Using RipGrep, I conducted searches for pastes that might be relevant to me. I started with a query of "inteltechniques" and received dozens of hits. Almost all were referring to links from my website, and nothing exciting. I then conducted a search of "@gmail.com:" since many credential lists are presented as email:password.

As expected, millions of email/password combinations appeared, as seen above. The entire collection possesses 46,176,519 email addresses. I suspect the vast majority of these are already within various credential combo lists. This data could be extremely valuable in order to see an entire paste file as it appeared on Pastebin, especially since sensitive pastes get removed often.

It should be noted that IntelX has downplayed this scrape. They state that this collection is only a small percentage of the pastes they have collected. This is absolutely true, but this downloadable collection contains only the good stuff. I believe this scrape is much more useful than the entire paste collection, as all of the "junk" pastes have been eliminated which do not contain domains or email addresses. I have always been surprised that IntelX charged so much money to access publicly available information. This data set prevents the need to create a trial in order to research beneficial archives. The ability to conduct keyword searches with local data is much superior to any online search. I no longer need to worry about revealing details of my investigation to any third party. Since IntelX acquired 100% of this data from public sources, and it was then scraped through their official public API, I don't have issue downloading my own copy for research.

The Privacy, Security, & OSINT Show – Episode 229

EPISODE 229-Special: Apple neuralMatch

This is a special episode in which I attempt a rational explanation of both sides of the latest Apple child protection features.

Direct support for this podcast comes from sales of my books, services, and online training. More details can be found at IntelTechniques.com. Your support eliminates any ads, sponsors, endorsements, Patreon, donations, or commercial influence on this show.


SHOW NOTES:

INTRO:

Tim Conway Jr.

UPDATES:

None

APPLE NEURALMATCH:

Discussion

OSINT:

None

FRIDAY: Personal Data Removal Revisited


Free Workbooks: https://inteltechniques.com/links.html

Affiliate Links:
ProtonVPN: https://go.getproton.me/aff_c?offer_id=26&aff_id=1519&url_id=282
ProtonMail: https://go.getproton.me/aff_c?offer_id=26&aff_id=1519&url_id=267
SimpleLogin Masked Email: https://simplelogin.io?slref=osint
Silent Pocket: https://silent-pocket.com/discount/IntelTechniques
Amazon: https://amzn.to/3eCjp7J