Jump to content
  • Recently Browsing   0 members

    No registered users viewing this page.

Zoë Rose

Keep investigations from being compromised

Recommended Posts

Hello OSINT fam 💜

What’s the most valuable advice you’ve received regarding separation of investigations? 

Mine was: 

1. Create a new virtual machine for every investigation (also shared within IntelTechniques’ How To videos)

2. Use VPNs

3. Don’t overuse the same alias, and in some situations use new ones per engagement 


  • Like 1
  • Thanks 1

Share this post

Link to post

This may go off way in the weeds but I'm currently researching the Tenebris Linken Sphere browser for OSINT purposes.  Cyber criminals are using this browser against anti-fraud measures by simulating compromised users digital fingerprint of their device.  In theory if they have  a users digital fingerprint and credentials they have more of a chance of bypassing antifraud measures for committing online fraud.  (https://securelist.com/digital-doppelgangers/90378/) <--info on how threat actors are using the browser at that link.

In theory the same detection measures that are likely to flag a sock puppet account you have created for research could essentially be bypassed by saving the device configuration you have created the account on (a setting in the Sphere browser) and using that fingerprint specific to your research account.  There should also be plenty of general opsec benefits to this browser as well.  

I have NOT VETTED the security of the browser itself and have it downloaded on a research machine only so explore at your own risk. (https://sphere.tenebris.cc) <-- link to browser

Given the nature of it's general usage I am cautious, but criminals sometimes opsec well so I think it's worth researching.


  • Like 1

Share this post

Link to post

  • Members online now

    No members to show

  • Similar Content

    • By Salaheldin A.
      OSINT Tools collections:
      Verification Toolset : https://start.me/p/ZGAzN7/verification-toolset
      Mapping & Monitoring : https://start.me/p/7k4BnY/mapping-monitoring
      Tools: https://start.me/p/Wrrzk0/tools
      Search Engines:  https://start.me/p/b56G5Q/search-engines
      Social Media Dashboard : https://start.me/p/m6MbeM/social-media-intelligence-dashboard
      Threat Intel, OSINT and malware investigation resources : https://start.me/p/rxRbpo/ti
      AML Toolbox : https://start.me/p/rxeRqr/aml-toolbox
      Technisette collection  : https://start.me/p/wMdQMQ/tools
      Ph055a collection  : https://github.com/Ph055a/OSINT-Collection
    • By Sherman Chu
      Hey folks, 
      I'm sure that everyone in this club can agree that OSINT can be a very powerful force-multiplier in infosec, but how do ya'll manage the collection of OSINT?
      Specifically, is the collection effort indexed and evaluated in a way that infosec teams (whether SMB or major-enterprise level) can go back and look at the efficacy, integrity, and veracity of said collection effort?
      Do ya'll use frameworks such as the Admiralty System to evaluated OSINT data?
    • By Kev Breen
      Its a tool I created almost 2 years ago, but its still finding sensitive data being posted to pastebin and other sites, Either deliberately by bad guys or accidentally by people who do not know any better. 

      It also comes with Slack, SMS and email alerting for detected rules
      Some links to some useful info:
      https://techanarchy.net/blog/hunting-pastebin-with-pastehunter https://techanarchy.net/blog/pastehunter-the-results https://github.com/kevthehermit/pastehunter https://pastehunter.readthedocs.io/en/latest/
    • By Kevin Beaumont
      Two researchers have a talk upcoming at DefCon about SSL VPN vulnerabilities, and they've started (although not in the talk) by detailing a unauthenticated remote code execution vulnerability in Palo-Alto GlobalProtect, their VPN system: http://blog.orange.tw/2019/07/attacking-ssl-vpn-part-1-preauth-rce-on-palo-alto.html
      The short version is:
      - Bad vulnerability
      - Actually exploitable
      - Because it's on both your VPN and firewall box (Palo-Alto do both), the attacker owns your network via the internet
      - They released a patch for the issue a year ago, but didn't issue a CVE or tell people about the issues for whatever reason - so you want to check if you actually run a vulnerable version still.
      Vendor advisory here after I tweeted about it: https://securityadvisories.paloaltonetworks.com/Home/Detail/158
  • Create New...

Important Information

We use cookies as we're cookie monsters. Privacy Policy