The Complete Privacy & Security Podcast-Episode 029

Posted on April 25th, 2017

EPISODE 029: ANDROID SECURITY WITH CUSTOM ROMS

This week we learn about custom Android roms from Andy Higginbotham, reveal our results of the Faraday bag challenge, answer listener questions, and discuss a new mapping OSINT resource.

Listen now at https://privacy-training.com/podcast.html

Subscribe at:

RSS
iTunes
Google
Stitcher


SHOW NOTES:

INTRO:

Silent Pocket
https://silent-pocket.com/

Purchase Link
15% Discount Code: CPSPOD15

Objective-See
https://objective-see.com/

ANDROID CUSTOM ROMS WITH ANDY HIGGINBOTHAM:

Andy’s website
http://peopleforprivacy.com

Download APKs
http://www.apkmirror.com/

Guardian Project
https://guardianproject.info/

F-Droid Repository (open source Apps)
https://f-droid.org/

Copperhead
https://copperhead.co

Replicant
Open Source and Privacy focused, only supports older devices.
http://www.replicant.us/

Secure Spaces
Same Rom that the Blackphone uses, but without Silent Circle and hardware upgrades.
https://www.securespaces.com/

LineageOS
CyanogenMod’s successor. No actual stable builds yet
https://lineageos.org

Paranoid Android
Not actually private, but respected and been around for a long time
http://aospa.co

Carbon Rom
Another not particularly private, but long term Rom. Appears to have been recently rebooted
https://carbonrom.org/

ViperS
HTC sense based Rom
http://venomroms.com/

Fair Phone Social enterprise phone
https://www.fairphone.com/


LISTENER QUESTIONS:

You have mentioned before about using Rufus on Windows to create bootable USB drives. The method in the book for Mac users is complicated. Any Mac apps that could be used easier?

Mac Linux USB Loader

You guys have mentioned several times that Microsoft Office not only sends back data to Microsoft, but also that it monetizes that data. Where is the evidence for this?


OSINT SEGMENT:

Mapillary:
https://www.mapillary.com/


The Complete Privacy and Security Desk Reference
https://inteltechniques.com/book4.html

Michael’s Website
https://privacy-training.com/

Justin’s Website
https://www.yourultimatesecurity.guide/

Please submit your listener questions to us at https://privacy-training.com/podcast.html


Filed under OSINT, Podcast, Privacy, Security | Comments Off on The Complete Privacy & Security Podcast-Episode 029

Internet Search (OSINT) Resource: Mapillary

Posted on April 21st, 2017

Satellite and Street View maps from services such as Google and Bing are nothing new. Most of you can view the top and front of your home from multiple online websites. With street view options, these services are fairly responsible and block most faces and license plates. This makes it difficult for investigators trying to identify a suspect vehicle parked at a home or present at a crime scene months prior to the incident. We now have a new service that may remove these limitations. Mapillary appears similar to other mapping websites when first loading. You see a typical map view identifying streets, landmarks, and buildings. Enabling the satellite view layer displays images from the Open Street Map project. The real power is within the crowd-sourced street view images. While in any map view, green and blue highlighted lines indicate that an individual has provided street-level images to Mapillary, usually from a GPS-enabled smart phone. This is actually quite common, as many people record video of their driving trips that could be used in case of an accident. The Mapillary service makes it easy and automated to upload these images. Mapillary then embeds these images within their own mapping layers for the public to see.

Clicking these blue and green lines reveals the street view images in the lower left corner of the screen, as seen below. Expanding these images allows you to navigate through that individual’s images similar to the Google Street View experience. Below the provided street view is the user name of the Mapillary member and date of image capture.

In some of these images, Maillary appears to be redacting license plates with a typical “Blur Box” as seen below in the image to the left. A few feet later, the box disappears and a partially legible license plate is revealed i the image to the right. It seems like Mapillary is attempting to determine when a license plate is legible, and then blurring it. When the plate is further away and more difficult to read, ignoring it. This can work in our favor.

In the next example, we can use selective cropping and photo manipulation to obtain the registration. The below left image appears unaltered as it is difficult to read. The image on the below right was cropped, inverted with Photoshop, brightness turned down to 0%, and contrast heightened to 100%. the result is a legible license plate.

The site allows you to identify the up-loader’s username, mapping history, number of posted images, and profile image. You can also select to watch all of the captured images from a specific user as he or she travels daily. I can’t begin to imagine the amount information available about a user’s travel habits if he or she were to become a target of an investigation. While there is not coverage of every area like we see with Google Maps, the database is growing rapidly, and should be included when using other mapping tools. I have also added this resource to my Custom Mapping Tool, which will automate the collection of all available open source imagery associated with your investigation.

Filed under OSINT | Comments Off on Internet Search (OSINT) Resource: Mapillary

Internet Search (OSINT) Resource: SpoonBill

Posted on April 20th, 2017

We recently lost BioIsChanged as a service to view any changes within a person’s Twitter biography. This helped locate a profile that had previously displayed specific information, such as a SnapChat user name or location, after a person had deleted the data. I had many successes with that tool after people had decided to start sanitizing their online presence in order to cover-up an investigation. Today, we have SpoonBill, and it has also been highly effective. Technically, you must first connect your Twitter account to SpoonBill, and allow it to start monitoring those you follow. This will be required if your target is not already in the database. In my experience, locating profiles that are already being monitored by SpoonBill is easiest by navigating to the following URL (using AmberMac as a demo):

https://spoonbill.io/data/ambermac/

In this scenario, I am not logged into my Twitter account, and I have not connected those I am following to the service. Since someone else has already connected their Twitter account to SpoonBill, and happened to have AmberMac as a person followed, our work is already done. If you do not obtain a result when inserting a user name in this way, you will need to follow your subject from an anonymous account, and then connect to SpoonBill. The monitoring will start at that moment, and continue as changes are made. This is not optimal, but may catch something in the future. In the demo with Amber Mac, as partially seen below, we can see that she made changes to her bio on April 1, 2017, and also changed her website to point to her newsletter. This can be priceless information when a Twitter user removes additional contact information or changes their name from a real name to a moniker.

 

Filed under OSINT, Twitter | Comments Off on Internet Search (OSINT) Resource: SpoonBill

The Complete Privacy & Security Podcast-Episode 028

Posted on April 18th, 2017

EPISODE 028: FARADAY BAGS

This week, we talk with Aaron Zar, the founder and CEO of Silent Pocket, about everything related to Faraday bags. Plus, we whine more about Chrome, answer your listener questions, and offer a new technique in the OSINT segment.

Listen now at https://privacy-training.com/podcast.html

Subscribe at:

RSS
iTunes
Google
Stitcher


SHOW NOTES:

INTRO:

http://webkay.robinlinus.com/
chrome://chrome-urls/


FARADAY BAGS WITH AARON ZAR:

Silent Pocket
https://silent-pocket.com/

Purchase Link
15% Discount Code: CPSPOD15


AUDIBLE SPONSORSHIP

http://www.audibletrial.com/privacy


LISTENER QUESTIONS:

There appears to be big changes coming to FireFox over the next year. What are you hearing and how do you see FF changing as our primary browser for OSINT and Privacy/Security related use?

My students have noticed that Self Destructing Cookies does not delete everything. They also have Better Privacy installed and still get informed to delete LSO cookies and also CCleaner finds cookies afterward. Thoughts?


OSINT SEGMENT:

Buscador Video Utilities:
https://inteltechniques.com/buscador/


The Complete Privacy and Security Desk Reference
https://inteltechniques.com/book4.html

Michael’s Website
https://privacy-training.com/

Justin’s Website
https://www.yourultimatesecurity.guide/

Please submit your listener questions to us at https://privacy-training.com/podcast.html


Filed under Podcast, Privacy, Security | Comments Off on The Complete Privacy & Security Podcast-Episode 028

The Complete Privacy & Security Podcast-Episode 027

Posted on April 11th, 2017

Episode 027: Social Engineering with Chris Hadnagy

This week, we talk with “HumanHacker” Chris Hadnagy about the aspects of social engineering regarding privacy and security. Plus, we answer listener questions and a present a new investigation technique in the OSINT segment.

Listen now at https://privacy-training.com/podcast.html

Subscribe at:

RSS
iTunes
Google
Stitcher


SHOW NOTES:

INTRO:

http://www.zdnet.com/article/millions-of-records-leaked-from-huge-corporate-database/


SOCIAL ENGINEERING FOR PRIVACY:

Chris Hadnagy
http://www.social-engineer.org/


AUDIBLE SPONSORSHIP

http://www.audibletrial.com/privacy


LISTENER QUESTIONS:

Have you heard of OneRep.com? Are they worth the money? Any way to remove or opt-out on their site?

Do email forwarding services like blur and 33 mail keep a copy of emails that go through them?


OSINT SEGMENT:

URL Biggy:
https://inteltechniques.com/buscador/


The Complete Privacy and Security Desk Reference
https://inteltechniques.com/book4.html

Michael’s Website
https://privacy-training.com/

Justin’s Website
https://www.yourultimatesecurity.guide/

Please submit your listener questions to us at https://privacy-training.com/podcast.html


Filed under OSINT, Podcast, Privacy, Security | Comments Off on The Complete Privacy & Security Podcast-Episode 027

The Complete Privacy & Security Podcast-Episode 026

Posted on April 4th, 2017

Episode 026: How a Cop Hides from the Internet

This week, we talk with M. A. Drew about his path to complete privacy & security. Plus, we answer listener questions and a present a new investigation technique in the OSINT segment.

Listen now at https://privacy-training.com/podcast.html

Subscribe at:

RSS
iTunes
Google
Stitcher


SHOW NOTES:

INTRO:

ProtonMail Bridge


HOW A COP HIDES FROM THE INTERNET:

M.A. Drew
https://hidingfromtheinternet.com


AUDIBLE SPONSORSHIP

http://www.audibletrial.com/privacy


LISTENER QUESTIONS:

How do you guys sync backups with Linux? Just physically, putting a disc in and copying the files over on a set schedule? Or is there a port of CryptSync out there/something like that?

I am hearing about ransomware now hitting Mac computers. I am new to Mac, should I be concerned? How can I protect myself?


OSINT SEGMENT:

Buscador – Metagoofil:
https://inteltechniques.com/buscador/


The Complete Privacy and Security Desk Reference
https://inteltechniques.com/book4.html

Michael’s Website
https://privacy-training.com/

Justin’s Website
https://www.yourultimatesecurity.guide/

Please submit your listener questions to us at https://privacy-training.com/podcast.html


podcast

Filed under OSINT, Podcast, Privacy, Security | Comments Off on The Complete Privacy & Security Podcast-Episode 026

The FCC’s Online Privacy Rules Reversal

Posted on March 30th, 2017

This week, the FCC reversed a set of rules established in October of 2016 (that would have taken effect in December 2017) that provided online privacy protection to consumers. These rules would have allowed consumers to forbid internet providers (such as Cox, Comcast, AT&T, Verizon, and others) from sharing their search history, location data, and overall internet usage for the purposes of targeted advertising, without their consent. Obviously, this has gained a lot of media attention. However, most media presented only enough facts to get people excited or scared, and failed to deliver thorough information about what this means to all of us. The following is a summary of the questions that I have received about this, and my opinions on each. I hope that the simplification of each issue might help someone take appropriate action to protect themselves.

“Should I use a Virtual Private Network (VPN) now that this has happened?”

-Yes, but not just because of this. Many companies are already legally doing this type of data collection from your internet usage. The various scripts on web pages that load before the actual content are already grabbing your IP address, location, and web history. These rules would have only blocked your PROVIDER from doing it. Therefore, a good quality VPN is the first and biggest step. I use PIA (AFFILIATE LINK HERE). I also use a more private browser (Firefox) with privacy add-ons enabled (Disconnect & Privacy Badger). The combination of a VPN that blocks your traffic from your internet provider and privacy add-ons that block web pages from collecting your information will stop the majority of this invasion.

“Does this have any impact on my cell phone usage?”

-Yes. Actually, that is likely a bigger concern. Your cell phone knows its exact location at all times. Your service provider can sell both your location and your internet activity to any service interested. It can announce to marketing teams the moment you enter a store and perform a search about a product. Again, a VPN will stop a lot of this. I use the PIA app on my phone to encrypt my internet traffic to prevent my carrier from seeing my activity. This is not a guaranteed solution, as some phones allow some traffic outside of the VPN. However, this is the best you can do. Personally, I do not use my mobile device for searching or web browsing. For me, it is for communication only (encrypted calls, encrypted messaging, email). This limiting behavior combined with a VPN eliminates my concerns.

“Is there any valid reason that this was reversed?”

-Yes. It is easy for the media to announce how bad this decision is, and I do agree that it is bad for consumers. However, it does level the playing field. Before this week, any company could use shady tactics to monitor and monetize your internet usage. With the old rules in place, Internet providers would not be able to do this after December 2017. Now, both marketing companies AND internet providers can monitor your usage and sell it off to others, even after the December deadline. This is all pending the President signing off, which is a sure deal. The ideal play would have been to eliminate all of this activity, but it is too lucrative of an industry for our politicians to protect us. Therefore, everyone is now watching.

In summary, we should not be surprised, and this is really nothing new. It just makes it legal (long-term) for companies to do what they were already doing. It does not make it right. If you take appropriate action to protect yourself and your family, then you can eliminate this invasive behavior. This is why we advocate the strategies that we presented in The Complete Privacy & Security Desk Reference. We must provide our own protection when our government fails to act in our best interests.

Filed under Privacy | Comments Off on The FCC’s Online Privacy Rules Reversal

The Complete Privacy & Security Podcast-Episode 025

Posted on March 28th, 2017

Episode 025: Custom Linux Builds for Privacy & Security

This week, we catch you up on Justin’s 30 Day Security Challenge and David Westcott joins us to talk about the Buscador Linux build. Plus, we discuss web browsers, answer listener questions, and a present a new investigation technique in the OSINT segment.

Listen now at https://privacy-training.com/podcast.html

Subscribe at:

RSS
iTunes
Google
Stitcher


SHOW NOTES:

INTRO:

IntelTechniques Privacy Forum “Privacy Challenge”
https://inteltechniques.com/forum.html

Justin’s 30 Day Security Challenge
https://blog.yourultimatesecurity.guide/2017/03/thirty-day-security-challenge/

Browser Discussion
Chrome / Signal / Authy / FireRTC
Iridium
Epic
Min

CUSTOM LINUX BUILDS FOR PRIVACY & SECURITY:

David Westcott
https://twitter.com/beast_fighter

Buscador Linux Build
https://inteltechniques.com/buscador/

Linux Ubuntu
https://www.ubuntu.com/

VirtualBox
https://www.virtualbox.org/wiki/VirtualBox

VMWare Workstation (Windows)
https://www.vmware.com/products/workstation.html

VMWare Fusion (Mac)
https://www.vmware.com/products/fusion.html

Linux for Banking
https://theintercept.com/2015/09/16/getting-hacked-doesnt-bad/

IntelTechniques Forum
https://inteltechniques.com/forum.html


AUDIBLE SPONSORSHIP

http://www.audibletrial.com/privacy


LISTENER QUESTIONS:

Have you seen the Data Selfie Chrome extension? I was hoping to get your input on this tool before trying it–knowing it could have privacy implications.

The company or payroll provider at my job is providing income verification to TheWorkNumber/Talx/Equifax. This includes SSN, address, telephone number, date or employment, and detailed level of paystubs. What is the best way to go about opting out?

 

OSINT SEGMENT:

Video Download Tool:
https://inteltechniques.com/buscador/


The Complete Privacy and Security Desk Reference
https://inteltechniques.com/book4.html

Michael’s Website
https://privacy-training.com/

Justin’s Website
https://www.yourultimatesecurity.guide/

Please submit your listener questions to us at https://privacy-training.com/podcast.html


podcast

Filed under OSINT, Podcast, Privacy, Security | Comments Off on The Complete Privacy & Security Podcast-Episode 025

Installing Android Apps in Chrome Browser

Posted on March 24th, 2017

In my live and online training courses, I often demonstrate Genymotion as my preferred virtual android environment. I recently uploaded a post explaining the installation, configuration, and usage of this type of android emulation. Some readers reported that they were unable to use Genymotion due to limitations of their hardware or software usage policies at their organizations. Today, I want to discuss an alternative Android emulation option that does not require a complete virtual environment. The idea is to use a Chrome extension called Arc Welder in conjunction with downloaded APK files. The following actions should be completed in a Chrome web browser, without being in incognito mode.

Navigate to http://goo.gl/gAn0Xh and install the Arc Welder Chrome extension. This will create a new app within your Chrome browser. If the app menu does not open on its own, you can get to it by navigating directly to chrome://apps. Launch the Arc Welder app. You will be asked to choose a storage directory for any downloaded apps that you install. I recommend choosing a directory on your computer where you have easy access to its content. You will then be prompted to choose an APK file of an android app that you want to install to the chrome browser.

Navigate to http://apkpure.com and search for your desired app. Download the file and return to the Arc Welder app. Choose this file and configure any custom settings desired. The lower left image displays the app selection menu while the lower right image displays the configuration menu. In this example, I have loaded the Truecaller app, chosen portrait mode, and accepted the default tablet mode for a larger display. Clicking test will launch the Truecaller app. Note that each time that you create a new android app, you will be asked if you wish to delete the previously installed app. Choosing cancel on this request will ensure that you do not delete any desired data.

You should now be able to use the selected app in any way that you could on a traditional mobile environment. In this example, I used the Truecaller app to research telephone numbers that were connected to prepaid cellular phones without any subscriber information attached to them. Since this app relies on crowd sourced information, including contact details extracted from millions of users internationally, I am often able to obtain information about the owner of prepaid phones. When I close the app, the window disappears and the app is shutdown. In order to execute this app, I would simply need to navigate to chrome://apps and double-click the true color icon. If this is an app that you use on a daily basis, you could right-click on the app in this screen and choose to create a shortcut on your desktop, dock, or anywhere else where you want easy access. The image below displays the chrome apps page with various apps ready for launch.

It should be noted that I had mixed success with various apps using this technique. While many simple applications installed and executed without any issues, I encountered a few apps that would either not function or not allow me to log into their services. These failures included Instagram, Tinder, and Snapchat. These apps are known to block Android emulation services, So this was not much of a surprise. As always, I have uploaded a video explaining everything for members of the online training.

Filed under OSINT, Search | Comments Off on Installing Android Apps in Chrome Browser

The Complete Privacy & Security Podcast-Episode 024

Posted on March 21st, 2017

Episode 024: A Normal Guy Goes All-In

This week “Benjamin” stops by to explain how he went off-radar, listener questions, plus an OSINT segment on retrieving deleted Tweets.

Listen now at https://privacy-training.com/podcast.html

Subscribe at:

RSS
iTunes
Google
Stitcher


SHOW NOTES:

INTRO:

IntelTechniques Privacy Forum “Privacy Challenge”: https://inteltechniques.com/forum.html

Mately (Possibly NSFW): http://www.mymately.com/


A NORMAL GUY GOES ALL-IN:

Discussion only, no links


LISTENER QUESTIONS:

How safe do you consider apple keychain for safari websites passwords if I don’t back it up to Icloud?

What is the deal with Google’s “Forgetting” Option for account activity?

Any thoughts on Chrome vs Chromium vs Iridium?


OSINT SEGMENT:

Twitter Tool Changes:
https://inteltechniques.com/osint/twitter.html


The Complete Privacy and Security Desk Reference
https://inteltechniques.com/book4.html

Michael’s Website
https://privacy-training.com/

Justin’s Website
https://www.yourultimatesecurity.guide/

Please submit your listener questions to us at https://privacy-training.com/podcast.html


podcast

Filed under Podcast, Privacy, Security | Comments Off on The Complete Privacy & Security Podcast-Episode 024

The Complete Privacy & Security Podcast-Episode 023

Posted on March 14th, 2017

Episode 023: Michael Buys a New iPhone

This week, Michael purchases and secures a new iPhone while Justin gives out practical advice. Will Michael last a month without Android?

Listen now at https://privacy-training.com/podcast.html

Subscribe at:

RSS
iTunes
Google
Stitcher


SHOW NOTES:

INTRO:

Protonmail on Tor: https://protonirockerxow.onion
Privacy Challenge: https://inteltechniques.com/forum.html


MICHAEL BUYS AN IPHONE:

Discussion only, no links


LISTENER QUESTIONS:

When given the choice, is AES-256 always better than AES-128?

When buying used software (MS/Windows products requiring activation) does it matter for privacy purposes that the software and key were associated with someone else?

You spoke about TrueCrypt/VeraCrypt but didn’t mention hidden containers. That protects the owner from “gun-to-the-head” scenarios where one is forced to reveal the password. What do you guys think about that, and what are your thoughts on stenography?

Can you provide some security and privacy recommendations for those of us stuck on Windows? I cannot migrate to Mac, and because I need MS Office I can’t fully transition to Linux at this time. What are your basic recommendations?

How is it possible to go totally invisible? Now I am retired and would like to stay below the radar – in your opinion is that possible?

I found a list of Facebook URLs to block – have you guys tried this? If so, do you have lists of other data miners?


OSINT SEGMENT:

Facebook Tool Changes:
https://inteltechniques.com/osint/facebook.html


The Complete Privacy and Security Desk Reference
https://inteltechniques.com/book4.html

Michael’s Website
https://privacy-training.com/

Justin’s Website
https://www.yourultimatesecurity.guide/

Please submit your listener questions to us at https://privacy-training.com/podcast.html


podcast

Filed under OSINT, Podcast, Privacy, Security | Comments Off on The Complete Privacy & Security Podcast-Episode 023

Introducing Buscador: A Linux Virtual Machine for OSINT

Posted on March 11th, 2017

Buscador is a Linux Virtual Machine that is pre-configured for online investigators. It was developed by David Westcott and myself. It is appropriate for those completely new to Linux as well as advanced users. The current build is 3GB and includes the following point & click resources:

Custom Firefox Install and Add-Ons
Custom Chrome Install and Extensions
Tor Browser
Custom Video Manipulation Utilities
Custom Video Download Utility
Recon-NG
Maltego
Creepy
Metagoofil
MediaInfo
ExifTool TheHarvester
Wayback Exporter
HTTrack Cloner
Web Snapper
Knock Pages
SubBrute
Twitter Exporter
Tinfoleak
BleachBit
VeraCrypt
KeePass

Full instructions, usage notes, download links, and checksums are available at https://inteltechniques.com/buscador/

Filed under OSINT | Comments Off on Introducing Buscador: A Linux Virtual Machine for OSINT

The Complete Privacy & Security Podcast-CIA Leaks

Posted on March 10th, 2017

Special Edition: The CIA Leaks

This special edition confronts the latest CIA Leaks that have generated a lot of interest this week.

Listen now at https://privacy-training.com/podcast.html

Subscribe at:

RSS
iTunes
Google
Stitcher


SHOW NOTES:

 

WikiLeaks CIA Leaks:
https://wikileaks.org/ciav7p1/


The Complete Privacy and Security Desk Reference
https://inteltechniques.com/book4.html

Michael’s Website
https://privacy-training.com/

Justin’s Website
https://www.yourultimatesecurity.guide/

Please submit your listener questions to us at https://privacy-training.com/podcast.html


podcast

Filed under Podcast, Privacy, Security | Comments Off on The Complete Privacy & Security Podcast-CIA Leaks

The Complete Privacy & Security Podcast-Episode 021

Posted on March 8th, 2017

Episode 021: The Phone Debate: Android vs iOS

This week, we discuss our thoughts on Android vs iOS, and the privacy/security issues with each.

Listen now at https://privacy-training.com/podcast.html

Subscribe at:

RSS
iTunes
Google
Stitcher


SHOW NOTES:

INTRO:

Uber Issues, Lyft Issues, Signal Complaints


ANDROID vs iOS:

Discussion only, no links


LISTENER QUESTIONS:

Cliqz
https://www.ghostery.com/blog/ghostery-news/ghostery-acquired-cliqz/

FreeOTP
https://freeotp.github.io/


OSINT SEGMENT:

IKnowWhatYouDownload
https://iknowwhatyoudownload.com/en/peer/?ip=198.8.80.192


The Complete Privacy and Security Desk Reference
https://inteltechniques.com/book4.html

Michael’s Website
https://privacy-training.com/

Justin’s Website
https://www.yourultimatesecurity.guide/

Please submit your listener questions to us at https://privacy-training.com/podcast.html


podcast

Filed under OSINT, Podcast, Privacy, Security | Comments Off on The Complete Privacy & Security Podcast-Episode 021

Internet Search (OSINT) Resource: StreetView Players

Posted on March 5th, 2017

The availability of a street view image within online mapping services is nothing new. Google even offers the ability to view previous visits from a Street View car by clicking on the small clock icon in the upper left and selecting the date that you want to see. This is now available for most areas of the world that have a Street View option. On occasion, I have the need to create a playable video that displays a route involved in the investigation. This could be a visual depiction of the path a homicide subject walked after an attack or the route a kidnapping suspect drove after an abduction. Regardless of the situation, these “movies” add extra value to your evidence. It creates a real-world demonstration that can be easily digested by non-technical individuals when trying to convey the length of a traffic route or walking path. There are several websites that offer the ability to create an animated Google Street View, including the following.

http://www.brianfolts.com/driver/

http://routeview.org/VirtualRide/

http://www.streetviewmovie.com/

http://www.tripgeo.com/Directionsmap.aspx

Of these, my preference is the tool hosted at www.brianfolts.com. The default landing page only asks for an origin and destination location. However, I highly recommend modifying the default values by clicking the advanced options dialogue. This will allow for specification of the following.

FPS (Frames per Second) – I have found “2” to work well, but no value higher than “5”

Travel Mode – “Bicycling” is the default. I prefer “Driving” for investigations involving a vehicle path or “Walking” when an individual walked a specific route.

Export Width – I usually change this to a value that will make the exported file non-square. I have found “768” to work well if you keep the default height of “512”. Changing these values to 1024 width and 576 height has worked best in my demonstrations. Below is my template.

This will generate a video and map that displays the path. Below is the URL that was generated by the tool.

http://www.brianfolts.com/driver/#origin=las+vegas&destination=los+angeles&advanced=
on&fps=2&travelmode=WALKING&rn=Test&exportWidth=1024&exportHeight=576

You can replace the “origin” and “destination” values with GPS coordinates if appropriate. After the result loads, you can choose “Download” to save an animated GIF file. Below is a file I created, stored at https://inteltechniques.com/img/street.gif

Filed under Law Enforcement, OSINT, Search, Video | Comments Off on Internet Search (OSINT) Resource: StreetView Players

Internet Search (OSINT) Resource: Twitter Geo Mapping

Posted on March 4th, 2017

Many years ago, I would teach OSINT courses and focus a lot of attention on gathering location data of a target’s Tweets. This was back when most Twitter users were sharing their location, many unknowingly. Over time, Twitter began protecting users better and made sharing of location data “Opt-in” and disabled by default. However, many people still share their location data today. A manual approach with a Twitter search of geocode:38.952451,-90.195011,1km will easily display Tweets from within 1km of the latitude and longitude specified, but only from users that likely know they are sharing this data. I have found this type of searching to have minimal benefit to my investigations, but the method is still warranted. The numerous online “Twitter Mapping” websites have slowly disappeared, and many were shut down when Twitter severely limited API access. Recently, I have found the following two services to provide value to online investigations.

Tweet Mapper (https://keitharm.me/projects/tweet/)

This service allows you to enter a Twitter user name and it will display any Tweets from the previous 3200 posts that contain location data. Further, it will identify these posts on an interactive map. The image below displays an example from a user.

 

Tweet Mapper (https://danielezrajohnson.shinyapps.io/tweetmapper/)

This project also retrieves Tweets from the Twitter API, but does not focus on an individual user. Instead, it allows you to search Tweets by location, and filter for specific keywords. In the example below, I have filtered for Tweets from with the specified area for the word Kill. I have chosen an extreme zoom level, a maximum of 1000 Tweets on the map, and have hovered my cursor over the result on the map in order to read the post in the lower left.

This post should clearly state that I still do not find Tweets with location data to be as valuable as they were in the past. Occasionally, I find a target that gets sloppy and accidentally posts location data, but this is rare. However, we must always consider these options. After Twitter’s blocking of data to services such as SnapTrends and Media Sonar, investigators may soon be completely on their own for this type of data collection.

Filed under OSINT, Twitter | Comments Off on Internet Search (OSINT) Resource: Twitter Geo Mapping

The Complete Privacy & Security Podcast-Episode 020

Posted on February 28th, 2017

Episode 020: Using YubiKeys for Enhanced Security

This week, we discuss how we use YubiKeys as part of our daily digital security routine. We also welcome Yubico as our first sponsor.

Listen now at https://privacy-training.com/podcast.html

Subscribe at:

RSS
iTunes
Google
Stitcher


SHOW NOTES:

INTRO:

TOPG Email Comparison
https://thatoneprivacysite.net/email-comparison-chart/


YUBIKEYS:

Yubico
https://www.yubico.com/

YubiKey Comparison:
https://www.yubico.com/products/yubikey-hardware/

YubiKey White Papers:
https://www.yubico.com/support/whitepapers/

Windows Login:
https://www.yubico.com/support/knowledge-base/categories/articles/use-yubico-windows-login-tool/

Mac Login:
https://www.yubico.com/support/knowledge-base/categories/articles/how-to-use-your-yubikey-with-macos-sierra/

YubiKey Personalization Tool:
https://www.yubico.com/support/knowledge-base/categories/articles/yubikey-personalization-tools/

KeePass Plugin:
http://keepass.info/plugins.html#otpkeyprov

YubiKey Static Password Guide:
https://www.yubico.com/products/services-software/personalization-tools/static-password/


LISTENER QUESTIONS:

CyanogenMod
https://en.wikipedia.org/wiki/CyanogenMod

Blur
33Mail
Sudo
NotSharingMyInfo

VeraCrypt
Bitlocker


OSINT SEGMENT:

None


The Complete Privacy and Security Desk Reference
https://inteltechniques.com/book4.html

Michael’s Website
https://privacy-training.com/

Justin’s Website
https://www.yourultimatesecurity.guide/

Please submit your listener questions to us at https://privacy-training.com/podcast.html


podcast

Filed under Hacking, ID Theft, Podcast, Privacy, Security | Comments Off on The Complete Privacy & Security Podcast-Episode 020

Internet Search (OSINT) Resource: LinkedIn Search Tool

Posted on February 27th, 2017

LinkedIn is rolling out their new design in phases, and I have had the opportunity to compare the differences. Currently, 60% of my LinkedIn accounts have been transitioned to the new style, while the remaining still appear identical to the past several years. While the new look is smooth and savvy, many of the features that investigators have relied on are missing. The most notable is the previous Advanced Search page which allowed detailed filtering for specific people. While LinkedIn still offers some filtering on their search results page, it is not as beneficial as the previous feature. In response to the numerous limitations with the new LinkedIn, I have created a LinkedIn Custom Search Tool to assist with future searching, as seen below.

The first column attempts to return the advanced searching within the LinkedIn environment. It uses URL manipulation to filter profiles by any combination of Keyword, First Name, Last Name, Title, Company, or School. The second column replicates these options through a detailed Google search. The utilities below those options allow you to query a live profile by user name, perform a single keyword search throughout LinkedIn, display current employees of a business, display photos of current employees of a business, and conduct a reverse image search when you locate a restricted profile. After some initial testing, I believe these tools replicate what was lost during this transition to the new LinkedIn. I expect these tools to grow, please forward any tricks that should be added.

Filed under OSINT, Search | Comments Off on Internet Search (OSINT) Resource: LinkedIn Search Tool

Internet Search (OSINT) Resource: Docs Search Tool

Posted on February 27th, 2017

I recently made some major updates to the Documents Search Tool. Previously, this page consisted of two custom Google custom search engines (CSE). One focused on locating documents by online storage hosts with filtering by each. The second located documents by filetype, again filtering by each. While these two services are still present on the page, I have now included manual lookup options for each service and filetype. The first column allows you to enter any search term and populate all of the options. Each entry will search various online document hosts such as Google, Microsoft, Amazon, Slideshare, and others. The final Submit All option will execute each search in a new tab. The right column applies these same principles but allows filtering of online documents by filetype including PDF, DOC, XLS, PPT, TXT, ZIP, MP3, and others. I have found these manual searches to be much more thorough than a standard Google or Google CSE query. The image below displays the current state of the tool.

Filed under OSINT, Search | Comments Off on Internet Search (OSINT) Resource: Docs Search Tool

The Complete Privacy & Security Podcast-Episode 019

Posted on February 22nd, 2017

Episode 019: PIA is here to discuss VPNs

This week we sit down with Caleb Chen from Private Internet Access (PIA) to talk about VPNs.

Listen now at https://privacy-training.com/podcast.html

Subscribe at:

RSS
iTunes
Google
Stitcher


SHOW NOTES:

ProtonMail Bridge Beta Signup
https://protonmail.com/blog/bridge-beta-signup/

Private Internet Access (PIA-Affiliate Link)
https://www.privateinternetaccess.com/pages/buy-vpn/crimeinfo

PIA FBI Warrant Response
http://bit.ly/1UjK0UW

PIA Warrant Canary Commentary
http://bit.ly/2ek0jkP

LISTENER QUESTIONS:

Veracrypt
https://veracrypt.codeplex.com/

Pipl Optout
mail@pipl.com

OpenDNS
https://www.opendns.com/

OSINT SEGMENT:

Cloudfront Search
https://www.google.com/search?q=site%3Acloudfront.net+test

Document Tools
https://inteltechniques.com/osint/docs.html


The Complete Privacy and Security Desk Reference
https://inteltechniques.com/book4.html

Michael’s Website
https://privacy-training.com/

Justin’s Website
https://www.yourultimatesecurity.guide/

Please submit your listener questions to us at https://privacy-training.com/podcast.html


podcast

Filed under OSINT, Podcast, Privacy, Security | Comments Off on The Complete Privacy & Security Podcast-Episode 019

Previous Posts