The Complete Privacy & Security Podcast-Episode 025

Posted on March 28th, 2017

Episode 025: Custom Linux Builds for Privacy & Security

This week, we catch you up on Justin’s 30 Day Security Challenge and David Westcott joins us to talk about the Buscador Linux build. Plus, we discuss web browsers, answer listener questions, and a present a new investigation technique in the OSINT segment.

Listen now at https://privacy-training.com/podcast.html

Subscribe at:

RSS
iTunes
Google
Stitcher


SHOW NOTES:

INTRO:

IntelTechniques Privacy Forum “Privacy Challenge”: https://inteltechniques.com/forum.html

Browser Discussion
Chrome / Signal / Authy / FireRTC
Iridium
Epic
Min

CUSTOM LINUX BUILDS FOR PRIVACY & SECURITY:

David Westcott
https://twitter.com/beast_fighter

Buscador Linux Build
https://inteltechniques.com/buscador/

Linux Ubuntu
https://www.ubuntu.com/

VirtualBox
https://www.virtualbox.org/wiki/VirtualBox

VMWare Workstation (Windows)
https://www.vmware.com/products/workstation.html

VMWare Fusion (Mac)
https://www.vmware.com/products/fusion.html

Linux for Banking
https://theintercept.com/2015/09/16/getting-hacked-doesnt-bad/

IntelTechniques Forum
https://inteltechniques.com/forum.html


AUDIBLE SPONSORSHIP

http://www.audibletrial.com/privacy


LISTENER QUESTIONS:

Have you seen the Data Selfie Chrome extension? I was hoping to get your input on this tool before trying it–knowing it could have privacy implications.

The company or payroll provider at my job is providing income verification to TheWorkNumber/Talx/Equifax. This includes SSN, address, telephone number, date or employment, and detailed level of paystubs. What is the best way to go about opting out?

OSINT SEGMENT:

Video Download Tool:
https://inteltechniques.com/buscador/


The Complete Privacy and Security Desk Reference
https://inteltechniques.com/book4.html

Michael’s Website
https://privacy-training.com/

Justin’s Website
https://www.yourultimatesecurity.guide/

Please submit your listener questions to us at https://privacy-training.com/podcast.html


podcast

Filed under Uncategorized | Comments Off on The Complete Privacy & Security Podcast-Episode 025

Installing Android Apps in Chrome Browser

Posted on March 24th, 2017

In my live and online training courses, I often demonstrate Genymotion as my preferred virtual android environment. I recently uploaded a post explaining the installation, configuration, and usage of this type of android emulation. Some readers reported that they were unable to use Genymotion due to limitations of their hardware or software usage policies at their organizations. Today, I want to discuss an alternative Android emulation option that does not require a complete virtual environment. The idea is to use a Chrome extension called Arc Welder in conjunction with downloaded APK files. The following actions should be completed in a Chrome web browser, without being in incognito mode.

Navigate to http://goo.gl/gAn0Xh and install the Arc Welder Chrome extension. This will create a new app within your Chrome browser. If the app menu does not open on its own, you can get to it by navigating directly to chrome://apps. Launch the Arc Welder app. You will be asked to choose a storage directory for any downloaded apps that you install. I recommend choosing a directory on your computer where you have easy access to its content. You will then be prompted to choose an APK file of an android app that you want to install to the chrome browser.

Navigate to http://apkpure.com and search for your desired app. Download the file and return to the Arc Welder app. Choose this file and configure any custom settings desired. The lower left image displays the app selection menu while the lower right image displays the configuration menu. In this example, I have loaded the Truecaller app, chosen portrait mode, and accepted the default tablet mode for a larger display. Clicking test will launch the Truecaller app. Note that each time that you create a new android app, you will be asked if you wish to delete the previously installed app. Choosing cancel on this request will ensure that you do not delete any desired data.

You should now be able to use the selected app in any way that you could on a traditional mobile environment. In this example, I used the Truecaller app to research telephone numbers that were connected to prepaid cellular phones without any subscriber information attached to them. Since this app relies on crowd sourced information, including contact details extracted from millions of users internationally, I am often able to obtain information about the owner of prepaid phones. When I close the app, the window disappears and the app is shutdown. In order to execute this app, I would simply need to navigate to chrome://apps and double-click the true color icon. If this is an app that you use on a daily basis, you could right-click on the app in this screen and choose to create a shortcut on your desktop, dock, or anywhere else where you want easy access. The image below displays the chrome apps page with various apps ready for launch.

It should be noted that I had mixed success with various apps using this technique. While many simple applications installed and executed without any issues, I encountered a few apps that would either not function or not allow me to log into their services. These failures included Instagram, Tinder, and Snapchat. These apps are known to block Android emulation services, So this was not much of a surprise. As always, I have uploaded a video explaining everything for members of the online training.

Filed under OSINT, Search | Comments Off on Installing Android Apps in Chrome Browser

The Complete Privacy & Security Podcast-Episode 024

Posted on March 21st, 2017

Episode 024: A Normal Guy Goes All-In

This week “Benjamin” stops by to explain how he went off-radar, listener questions, plus an OSINT segment on retrieving deleted Tweets.

Listen now at https://privacy-training.com/podcast.html

Subscribe at:

RSS
iTunes
Google
Stitcher


SHOW NOTES:

INTRO:

IntelTechniques Privacy Forum “Privacy Challenge”: https://inteltechniques.com/forum.html

Mately (Possibly NSFW): http://www.mymately.com/


A NORMAL GUY GOES ALL-IN:

Discussion only, no links


LISTENER QUESTIONS:

How safe do you consider apple keychain for safari websites passwords if I don’t back it up to Icloud?

What is the deal with Google’s “Forgetting” Option for account activity?

Any thoughts on Chrome vs Chromium vs Iridium?


OSINT SEGMENT:

Twitter Tool Changes:
https://inteltechniques.com/osint/twitter.html


The Complete Privacy and Security Desk Reference
https://inteltechniques.com/book4.html

Michael’s Website
https://privacy-training.com/

Justin’s Website
https://www.yourultimatesecurity.guide/

Please submit your listener questions to us at https://privacy-training.com/podcast.html


podcast

Filed under Podcast, Privacy, Security | Comments Off on The Complete Privacy & Security Podcast-Episode 024

The Complete Privacy & Security Podcast-Episode 023

Posted on March 14th, 2017

Episode 023: Michael Buys a New iPhone

This week, Michael purchases and secures a new iPhone while Justin gives out practical advice. Will Michael last a month without Android?

Listen now at https://privacy-training.com/podcast.html

Subscribe at:

RSS
iTunes
Google
Stitcher


SHOW NOTES:

INTRO:

Protonmail on Tor: https://protonirockerxow.onion
Privacy Challenge: https://inteltechniques.com/forum.html


MICHAEL BUYS AN IPHONE:

Discussion only, no links


LISTENER QUESTIONS:

When given the choice, is AES-256 always better than AES-128?

When buying used software (MS/Windows products requiring activation) does it matter for privacy purposes that the software and key were associated with someone else?

You spoke about TrueCrypt/VeraCrypt but didn’t mention hidden containers. That protects the owner from “gun-to-the-head” scenarios where one is forced to reveal the password. What do you guys think about that, and what are your thoughts on stenography?

Can you provide some security and privacy recommendations for those of us stuck on Windows? I cannot migrate to Mac, and because I need MS Office I can’t fully transition to Linux at this time. What are your basic recommendations?

How is it possible to go totally invisible? Now I am retired and would like to stay below the radar – in your opinion is that possible?

I found a list of Facebook URLs to block – have you guys tried this? If so, do you have lists of other data miners?


OSINT SEGMENT:

Facebook Tool Changes:
https://inteltechniques.com/osint/facebook.html


The Complete Privacy and Security Desk Reference
https://inteltechniques.com/book4.html

Michael’s Website
https://privacy-training.com/

Justin’s Website
https://www.yourultimatesecurity.guide/

Please submit your listener questions to us at https://privacy-training.com/podcast.html


podcast

Filed under OSINT, Podcast, Privacy, Security | Comments Off on The Complete Privacy & Security Podcast-Episode 023

Introducing Buscador: A Linux Virtual Machine for OSINT

Posted on March 11th, 2017

Buscador is a Linux Virtual Machine that is pre-configured for online investigators. It was developed by David Westcott and myself. It is appropriate for those completely new to Linux as well as advanced users. The current build is 3GB and includes the following point & click resources:

Custom Firefox Install and Add-Ons
Custom Chrome Install and Extensions
Tor Browser
Custom Video Manipulation Utilities
Custom Video Download Utility
Recon-NG
Maltego
Creepy
Metagoofil
MediaInfo
ExifTool TheHarvester
Wayback Exporter
HTTrack Cloner
Web Snapper
Knock Pages
SubBrute
Twitter Exporter
Tinfoleak
BleachBit
VeraCrypt
KeePass

Full instructions, usage notes, download links, and checksums are available at https://inteltechniques.com/buscador/

Filed under OSINT | Comments Off on Introducing Buscador: A Linux Virtual Machine for OSINT

The Complete Privacy & Security Podcast-CIA Leaks

Posted on March 10th, 2017

Special Edition: The CIA Leaks

This special edition confronts the latest CIA Leaks that have generated a lot of interest this week.

Listen now at https://privacy-training.com/podcast.html

Subscribe at:

RSS
iTunes
Google
Stitcher


SHOW NOTES:

WikiLeaks CIA Leaks:
https://wikileaks.org/ciav7p1/


The Complete Privacy and Security Desk Reference
https://inteltechniques.com/book4.html

Michael’s Website
https://privacy-training.com/

Justin’s Website
https://www.yourultimatesecurity.guide/

Please submit your listener questions to us at https://privacy-training.com/podcast.html


podcast

Filed under Podcast, Privacy, Security | Comments Off on The Complete Privacy & Security Podcast-CIA Leaks

The Complete Privacy & Security Podcast-Episode 021

Posted on March 8th, 2017

Episode 021: The Phone Debate: Android vs iOS

This week, we discuss our thoughts on Android vs iOS, and the privacy/security issues with each.

Listen now at https://privacy-training.com/podcast.html

Subscribe at:

RSS
iTunes
Google
Stitcher


SHOW NOTES:

INTRO:

Uber Issues, Lyft Issues, Signal Complaints


ANDROID vs iOS:

Discussion only, no links


LISTENER QUESTIONS:

Cliqz
https://www.ghostery.com/blog/ghostery-news/ghostery-acquired-cliqz/

FreeOTP
https://freeotp.github.io/


OSINT SEGMENT:

IKnowWhatYouDownload
https://iknowwhatyoudownload.com/en/peer/?ip=198.8.80.192


The Complete Privacy and Security Desk Reference
https://inteltechniques.com/book4.html

Michael’s Website
https://privacy-training.com/

Justin’s Website
https://www.yourultimatesecurity.guide/

Please submit your listener questions to us at https://privacy-training.com/podcast.html


podcast

Filed under OSINT, Podcast, Privacy, Security | Comments Off on The Complete Privacy & Security Podcast-Episode 021

Internet Search (OSINT) Resource: StreetView Players

Posted on March 5th, 2017

The availability of a street view image within online mapping services is nothing new. Google even offers the ability to view previous visits from a Street View car by clicking on the small clock icon in the upper left and selecting the date that you want to see. This is now available for most areas of the world that have a Street View option. On occasion, I have the need to create a playable video that displays a route involved in the investigation. This could be a visual depiction of the path a homicide subject walked after an attack or the route a kidnapping suspect drove after an abduction. Regardless of the situation, these “movies” add extra value to your evidence. It creates a real-world demonstration that can be easily digested by non-technical individuals when trying to convey the length of a traffic route or walking path. There are several websites that offer the ability to create an animated Google Street View, including the following.

http://www.brianfolts.com/driver/

http://routeview.org/VirtualRide/

http://www.streetviewmovie.com/

http://www.tripgeo.com/Directionsmap.aspx

Of these, my preference is the tool hosted at www.brianfolts.com. The default landing page only asks for an origin and destination location. However, I highly recommend modifying the default values by clicking the advanced options dialogue. This will allow for specification of the following.

FPS (Frames per Second) – I have found “2” to work well, but no value higher than “5”

Travel Mode – “Bicycling” is the default. I prefer “Driving” for investigations involving a vehicle path or “Walking” when an individual walked a specific route.

Export Width – I usually change this to a value that will make the exported file non-square. I have found “768” to work well if you keep the default height of “512”. Changing these values to 1024 width and 576 height has worked best in my demonstrations. Below is my template.

This will generate a video and map that displays the path. Below is the URL that was generated by the tool.

http://www.brianfolts.com/driver/#origin=las+vegas&destination=los+angeles&advanced=
on&fps=2&travelmode=WALKING&rn=Test&exportWidth=1024&exportHeight=576

You can replace the “origin” and “destination” values with GPS coordinates if appropriate. After the result loads, you can choose “Download” to save an animated GIF file. Below is a file I created, stored at https://inteltechniques.com/img/street.gif

Filed under Law Enforcement, OSINT, Search, Video | Comments Off on Internet Search (OSINT) Resource: StreetView Players

Internet Search (OSINT) Resource: Twitter Mapping

Posted on March 4th, 2017

Many years ago, I would teach OSINT courses and focus a lot of attention on gathering location data of a target’s Tweets. This was back when most Twitter users were sharing their location, many unknowingly. Over time, Twitter began protecting users better and made sharing of location data “Opt-in” and disabled by default. However, many people still share their location data today. A manual approach with a Twitter search of geocode:38.952451,-90.195011,1km will easily display Tweets from within 1km of the latitude and longitude specified, but only from users that likely know they are sharing this data. I have found this type of searching to have minimal benefit to my investigations, but the method is still warranted. The numerous online “Twitter Mapping” websites have slowly disappeared, and many were shut down when Twitter severely limited API access. Recently, I have found the following two services to provide value to online investigations.

Tweet Mapper (https://keitharm.me/projects/tweet/)

This service allows you to enter a Twitter user name and it will display any Tweets from the previous 3200 posts that contain location data. Further, it will identify these posts on an interactive map. The image below displays an example from a user.

 

Tweet Mapper (https://danielezrajohnson.shinyapps.io/tweetmapper/)

This project also retrieves Tweets from the Twitter API, but does not focus on an individual user. Instead, it allows you to search Tweets by location, and filter for specific keywords. In the example below, I have filtered for Tweets from with the specified area for the word Kill. I have chosen an extreme zoom level, a maximum of 1000 Tweets on the map, and have hovered my cursor over the result on the map in order to read the post in the lower left.

This post should clearly state that I still do not find Tweets with location data to be as valuable as they were in the past. Occasionally, I find a target that gets sloppy and accidentally posts location data, but this is rare. However, we must always consider these options. After Twitter’s blocking of data to services such as SnapTrends and Media Sonar, investigators may soon be completely on their own for this type of data collection.

Filed under OSINT, Search, Twitter | Comments Off on Internet Search (OSINT) Resource: Twitter Mapping

The Complete Privacy & Security Podcast-Episode 020

Posted on February 28th, 2017

Episode 020: Using YubiKeys for Enhanced Security

This week, we discuss how we use YubiKeys as part of our daily digital security routine. We also welcome Yubico as our first sponsor.

Listen now at https://privacy-training.com/podcast.html

Subscribe at:

RSS
iTunes
Google
Stitcher


SHOW NOTES:

INTRO:

TOPG Email Comparison
https://thatoneprivacysite.net/email-comparison-chart/


YUBIKEYS:

Yubico
https://www.yubico.com/

YubiKey Comparison:
https://www.yubico.com/products/yubikey-hardware/

YubiKey White Papers:
https://www.yubico.com/support/whitepapers/

Windows Login:
https://www.yubico.com/support/knowledge-base/categories/articles/use-yubico-windows-login-tool/

Mac Login:
https://www.yubico.com/support/knowledge-base/categories/articles/how-to-use-your-yubikey-with-macos-sierra/

YubiKey Personalization Tool:
https://www.yubico.com/support/knowledge-base/categories/articles/yubikey-personalization-tools/

KeePass Plugin:
http://keepass.info/plugins.html#otpkeyprov

YubiKey Static Password Guide:
https://www.yubico.com/products/services-software/personalization-tools/static-password/


LISTENER QUESTIONS:

CyanogenMod
https://en.wikipedia.org/wiki/CyanogenMod

Blur
33Mail
Sudo
NotSharingMyInfo

VeraCrypt
Bitlocker


OSINT SEGMENT:

None


The Complete Privacy and Security Desk Reference
https://inteltechniques.com/book4.html

Michael’s Website
https://privacy-training.com/

Justin’s Website
https://www.yourultimatesecurity.guide/

Please submit your listener questions to us at https://privacy-training.com/podcast.html


podcast

Filed under Hacking, ID Theft, Podcast, Privacy, Security | Comments Off on The Complete Privacy & Security Podcast-Episode 020

Internet Search (OSINT) Resource: LinkedIn Search Tool

Posted on February 27th, 2017

LinkedIn is rolling out their new design in phases, and I have had the opportunity to compare the differences. Currently, 60% of my LinkedIn accounts have been transitioned to the new style, while the remaining still appear identical to the past several years. While the new look is smooth and savvy, many of the features that investigators have relied on are missing. The most notable is the previous Advanced Search page which allowed detailed filtering for specific people. While LinkedIn still offers some filtering on their search results page, it is not as beneficial as the previous feature. In response to the numerous limitations with the new LinkedIn, I have created a LinkedIn Custom Search Tool to assist with future searching, as seen below.

The first column attempts to return the advanced searching within the LinkedIn environment. It uses URL manipulation to filter profiles by any combination of Keyword, First Name, Last Name, Title, Company, or School. The second column replicates these options through a detailed Google search. The utilities below those options allow you to query a live profile by user name, perform a single keyword search throughout LinkedIn, display current employees of a business, display photos of current employees of a business, and conduct a reverse image search when you locate a restricted profile. After some initial testing, I believe these tools replicate what was lost during this transition to the new LinkedIn. I expect these tools to grow, please forward any tricks that should be added.

Filed under OSINT, Search | Comments Off on Internet Search (OSINT) Resource: LinkedIn Search Tool

Internet Search (OSINT) Resource: Documents Search Tool

Posted on February 27th, 2017

I recently made some major updates to the Documents Search Tool. Previously, this page consisted of two custom Google custom search engines (CSE). One focused on locating documents by online storage hosts with filtering by each. The second located documents by filetype, again filtering by each. While these two services are still present on the page, I have now included manual lookup options for each service and filetype. The first column allows you to enter any search term and populate all of the options. Each entry will search various online document hosts such as Google, Microsoft, Amazon, Slideshare, and others. The final Submit All option will execute each search in a new tab. The right column applies these same principles but allows filtering of online documents by filetype including PDF, DOC, XLS, PPT, TXT, ZIP, MP3, and others. I have found these manual searches to be much more thorough than a standard Google or Google CSE query. The image below displays the current state of the tool.

Filed under Search | Comments Off on Internet Search (OSINT) Resource: Documents Search Tool

The Complete Privacy & Security Podcast-Episode 019

Posted on February 22nd, 2017

Episode 019: PIA is here to discuss VPNs

This week we sit down with Caleb Chen from Private Internet Access (PIA) to talk about VPNs.

Listen now at https://privacy-training.com/podcast.html

Subscribe at:

RSS
iTunes
Google
Stitcher


SHOW NOTES:

ProtonMail Bridge Beta Signup
https://protonmail.com/blog/bridge-beta-signup/

Private Internet Access (PIA-Affiliate Link)
https://www.privateinternetaccess.com/pages/buy-vpn/crimeinfo

PIA FBI Warrant Response
http://bit.ly/1UjK0UW

PIA Warrant Canary Commentary
http://bit.ly/2ek0jkP

 

 

LISTENER QUESTIONS:

Veracrypt
https://veracrypt.codeplex.com/

Pipl Optout
mail@pipl.com

OpenDNS
https://www.opendns.com/

 

OSINT SEGMENT:

Cloudfront Search
https://www.google.com/search?q=site%3Acloudfront.net+test

Document Tools
https://inteltechniques.com/osint/docs.html

 


The Complete Privacy and Security Desk Reference
https://inteltechniques.com/book4.html

Michael’s Website
https://privacy-training.com/

Justin’s Website
https://www.yourultimatesecurity.guide/

Please submit your listener questions to us at https://privacy-training.com/podcast.html


podcast

Filed under OSINT, Podcast, Privacy, Security | Comments Off on The Complete Privacy & Security Podcast-Episode 019

Android Emulation for OSINT (2017 Update)

Posted on February 19th, 2017

A key piece of my Live and Online OSINT training is the use of virtual Android machines in order to create a mobile environment for online investigations. I have always used Genymotion for this, as I believe it is the best and most stable option. The three videos that I have for this instruction were getting a bit outdated, so I created three brand new videos to replace them. I thought it may benefit others to evaluate my current setup.

Genymotion has had several updates recently, and the latest (2.8.1) appears very stable. I encourage others to update their installs, even if that means creating new devices. After installing the latest versions of Genymotion and VirtualBox, launching Genymotion should appear as the image below (without my virtual machines).

Clicking the “Add” button will present a list of potential devices. Officially, I train others to use “Custom Phone 6.0.0 – API 23” because is it the most basic and stable option. However, I personally use “Google Nexus 5x 6.0.0 – API 23” because of the ability to better store apps on the home screen. They both use the same 6.0.0 backbone. The image below displays both acceptable devices that will work with the following instructions.

This will create a new device ready for execution. It will be missing the Google Play store, which is vital for investigative use. The following instructions will restore the Play store, emulate a more appropriate ARM driver (which will make some apps work better), and execute a patch that will eliminate those annoying Google crashes that have plagued this method for years.

  1. Download the 6.0.0 ARM Driver HERE. Drag and Drop the Zip file directly into your running virtual Android device. Agree to the warning, and acknowledge the completion. Close the device and re-start.
  2. Download the GApps 6.0.0 file HERE. Drag and Drop the Zip file directly into your running virtual Android device. Agree to the warning, and acknowledge the completion. Close the device and re-start.
  3. Login to a Google account that you will use to download apps to the device. Close any errors that appear. Close the device and re-start.
  4. Download the Benzo Patch file HERE. Drag and Drop the Zip file directly into your running virtual Android device. Agree to the warning, and acknowledge the completion. Close the device and re-start.

You should now have a fully-functioning Android 6 device with Google Play and no errors. You can now install any apps within the play store. If any apps refuse to install because of an incompatible device, download the desired app from APK Pure and Drag and Drop it into the machine.

Once you machine is ready for an investigation, close it (and the Genymotion app) and launch the VirtualBox application. Select your device in the menu, right-click, and choose “Clone”. This will create an exact replica of the virtual mobile device, including your apps and settings, which can be used for the next investigation without contaminating your “Master” machine. Selecting any machine within VirtualBox and choosing File > Export will allow you to create a single-file archive of the current machine. This will include any data preserved in its current state. Below is an image that displays the VirtualBox Clone option.

Below is an example of an investigative device ready to go.

Filed under OSINT | Comments Off on Android Emulation for OSINT (2017 Update)

The Complete Privacy & Security Podcast-Episode 018

Posted on February 14th, 2017

Episode 018: Listener Questions Part III

This week we tackle another round of listener questions about digital privacy and security.

Listen now at https://privacy-training.com/podcast.html

Subscribe at:

RSS
iTunes
Google
Stitcher


SHOW NOTES:

Turtl
http://turtlapp.tumblr.com/

Little Flocker
https://www.littleflocker.com/

Micro Snitch
https://www.obdev.at/products/microsnitch/index.html

Objective-See
https://objective-see.com/products/oversight.html

VeraCrypt
https://veracrypt.codeplex.com/

Blackberry Android Apps
https://play.google.com/store/apps/details?id=com.bbm&hl=en

StartPage
https://www.startpage.com/

Duck Duck Go
https://duckduckgo.com/

OSINT SEGMENT:

Gravatar
https://en.gravatar.com/site/check/


The Complete Privacy and Security Desk Reference
https://inteltechniques.com/book4.html

Michael’s Website
https://privacy-training.com/

Justin’s Website
https://www.yourultimatesecurity.guide/

Please submit your listener questions to us at https://privacy-training.com/podcast.html


podcast

Filed under Podcast, Privacy, Security | Comments Off on The Complete Privacy & Security Podcast-Episode 018

The Complete Privacy & Security Podcast-Episode 017

Posted on February 7th, 2017

Episode 017: Andy Yen of ProtonMail

This week we sit down with ProtonMail CEO Andy Yen to discuss secure email communications.

Listen now at https://privacy-training.com/podcast.html

Subscribe at:

RSS
iTunes
Google
Stitcher


SHOW NOTES:

ProtonMail
https://protonmail.com/

Listener Questions:

Sudo App
https://sudoapp.com/

Privacy.com
https://privacy.com/

OSINT SEGMENT:

Searx
https://searx.me/


The Complete Privacy and Security Desk Reference
https://inteltechniques.com/book4.html

Michael’s Website
https://privacy-training.com/

Justin’s Website
https://www.yourultimatesecurity.guide/

Please submit your listener questions to us at https://privacy-training.com/podcast.html


podcast

Filed under Podcast, Privacy, Security | Comments Off on The Complete Privacy & Security Podcast-Episode 017

The Complete Privacy & Security Podcast-Episode 016

Posted on January 31st, 2017

Episode 016: Catching up from SLC

This week’s episode of The Complete Privacy & Security Podcast is now available. This week, we meet up at Sudo headquarters in Salt Lake City. We apologize for the audio quality, as we had to use a single portable microphone.

Listen now at https://privacy-training.com/podcast.html

Subscribe at:

RSS
iTunes
Google
Stitcher


SHOW NOTES:

Sudo App
https://sudoapp.com/

Keeping up
https://www.reddit.com
https://arstechnica.com/security/
https://nakedsecurity.sophos.com/
https://www.schneier.com/
http://www.krebsonsecurity.com/

Autofill Vulnerabilities
https://www.bleepingcomputer.com/news/security/browser-autofill-profiles-can-be-abused-for-phishing-attacks/

Family Tree Now Opt-Out
http://www.familytreenow.com/optout

Turtl
http://turtlapp.tumblr.com/

Signal Forwarding
https://whispersystems.org/blog/doodles-stickers-censorship/

OSINT SEGMENT:

Burner Challenge
http://challenge.burnerapp.com/


The Complete Privacy and Security Desk Reference
https://inteltechniques.com/book4.html

Michael’s Website
https://privacy-training.com/

Justin’s Website
https://www.yourultimatesecurity.guide/

Please submit your listener questions to us at https://privacy-training.com/podcast.html


podcast

Filed under Podcast, Privacy, Security | Comments Off on The Complete Privacy & Security Podcast-Episode 016

Internet Search (OSINT) Resource: FindFace

Posted on January 29th, 2017

FindFace is a free online service that claims to analyze images in hopes of identifying additional photos based on facial recognition. This is different than a reverse image search, which only looks for duplicate images on additional pages. While Google Images is great for locating COPIES of photos, it does not search for additional images based on FACIAL FEATURES. I have found FindFace to work sporadically, and fail often. However, I have found a couple of scenarios where FindFace located online evidence when Google Images, Bing, and TinEye failed. The following demo should help explain their free service. Below is the Facebook profile of a volunteer willing to help with an example.

I right-clicked on this photo and saved it to my computer. FindFace requires that you upload a target image, and does not allow submission via URL. I uploaded this photo and received the following response. the first result is the Twitter profile of my target.

I must admit that the first three searches that I conducted failed. This fourth option resulted in a success. Also, these photos are identical, so the facial recognition aspect is still questionable. However, I do know that this tool has helped me take Facebook profile photos and locate Twitter profiles of the same person. Hopefully, this limited scope will expand as the service grows.

Filed under Facebook, OSINT, Twitter | Comments Off on Internet Search (OSINT) Resource: FindFace

Internet Search (OSINT) Resource: Visual Site Mapper

Posted on January 29th, 2017

When researching a domain, I am always looking for a visual representation to give me an idea of how massive the website is. Conducting a “Site” search on Google helps, but you are at the mercy of Google’s indexing, which is not always accurate or recent. An alternative to this is to use Visual Site Mapper. This service analyzes the domain in real time, looking for linked pages within that domain. It provides an interactive graph that shows whether a domain has a lot of internal links that you may have missed. The image below shows a portion of my own domain after analysis.

Highlighting any page will display the internal pages that connect to the selected page. This helps identify pages that are most “linked” within a domain, and may lead a researcher toward those important pages. The image below highlights a blog post, and displays other internal pages that possess links to that post.

Filed under OSINT | Comments Off on Internet Search (OSINT) Resource: Visual Site Mapper

The Complete Privacy & Security Podcast-Episode 015

Posted on January 24th, 2017

Episode 015: Privacy.com CEO Bo Jiang

This week’s episode of The Complete Privacy & Security Podcast is now available. This week, we sit down with Bo Jiang, the CEO of Privacy.com.

Listen now at https://privacy-training.com/podcast.html

Subscribe at:

RSS
iTunes
Google
Stitcher


SHOW NOTES:

privacy.com
https://privacy.com/

OSINT SEGMENT:

Search Tools
https://inteltechniques.com/menu.html

LISTENER QUESTIONS:

Signal
https://itunes.apple.com/us/app/signal-private-messenger/id874139669?mt=8
https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms&hl=en


The Complete Privacy and Security Desk Reference
https://inteltechniques.com/book4.html

Michael’s Website
https://privacy-training.com/

Justin’s Website
https://www.yourultimatesecurity.guide/

Please submit your listener questions to us at https://privacy-training.com/podcast.html


podcast

Filed under Podcast, Privacy, Search, Security | Comments Off on The Complete Privacy & Security Podcast-Episode 015

Previous Posts