OSINT Links

Belouve did a presentation on OSINT and TraceLabs. Here are some links relevant to that talk, or from the slide deck:

Join TraceLabs (You will likely need to register and join their Slack)

Free PDF on OSINT

Hunchly Tool and Hunchly Training

IntelTechniques Menu (select items over on the left side). Also this site is where you can download Buscador OS

OSINT Dashboard

CherryTree (To take notes, is cross-platform) and Freeplane (mapping out connections)

I (Belouve) will probably keep this list updated as I get more resources dug up.

February Meeting Recap

Media is done, our Year of the Hack is posted above

We had about 25 Hackers from the Greater Milwaukee Area attend February’s meeting.  I mention this because it was pointed out that our event RSVPs are not an indicator of how many show up at the meetings.

Cree.py Demo

To start us off, DW5304 did a demo of cree.py

Creepy is a geoloaction OSINT Tool, that offers geolocation information gathering through social networking (twitter, instagram, etc) platforms.

SNMPwalk and SNMP shenanigans

DW5304 also conducted more shenanigans with SNMPwalk and reviewed some SNMP results he had uncovered.  There is not a whole lot I have to document within this recap, but you can start learning about SNMPwalk here

DEFCON Groups DC414 video

DEF CON Groups is holding a contest:  Year of the Hack

For this, DC414 needs to submit a link to a 3- minute (at least!) YouTube video from DC414 as a whole describing what we’re planning on accomplishing over the year

This was our most difficult demo yet.

Planning?  Accomplishing?

And furthermore…video?

We’ve been on video before.  We brought up and showed our past appearance on CBS58 (watch it for either nostalgia or the lulz).

Yet we hashed out a plan for the year.  We will put together another Know Your Rights event, as that has continued to be our most popular event, and our most popular page on dc414.org.  This time the event will be bigger and better, and we will use that as a means to laison with the community.

We had 20+ hackers participate to some level in our video submission.  We are not actors, we are very ADD/ADHD.  Getting more than 5 hackers on the same page is a feat.  Like herding cats.

We got it all done.  Some group shots, and some individual interviews.  It is all recorded now, and we have a lot of footage that will be slimmed down to both a usable submission and a blooper reel (probably more footage for the blooper reel than anything).

Links to the videos are SUBMISSION and BLOOPER REEL

Tips for dc414 members (and everyone else) at DEFCON21

Here are a few tips and guidelines to follow while in Vegas:

  • Keep an eye on dc414’s twitter, Facebook, and G+ feeds to keep up to date on what we are doing so you can join in on the fun.
  • If you have access to dc414’s VPN be sure to use it at all times on your tablet, phone, and laptop. If you do not have access to the VPN but have a server you can access “like one on your home connection”, set up a ssh tunnel and use it at all times.
  • Do not use USB “or CDs/DVDs” sticks from anyone, other then ones you brought your self, including ones you find on the floor or parking lot.
  • Do not leave USB sticks laying out that you intend to use later.
  • Do not let anyone connect their phone to your system for charging or any other reason.
  • Do not connect your phone/tablet to anyones computer other then yours.
  • When using the local WIFI “hotel, convention center, etc” Do not visit any site you intend to login to with the HTTP protocol “ie http://mail.dc414.org” only connect using HTTPS “ie https://mail.dc414.org”
  • Do not scan any QR codes with apps that do not verify the content before displaying it or opening other programs.
  • Do not ever leave your computer, phone, or tablet unattended

June Meeting Recap

Thanks to all that attended the June meeting.  Lot’s of interesting discussion and demos as usual.

Some highlights were Klaiviel giving an in-depth look at the state of 3D printing with a focus on weapons and some of the issues surrounding it.

We later headed for the roof of Bucketworks to learn about DirectTV hardware installations and some of the tools the pros use.  We got to learn about different satellites  and had some really good discussions while the ISS zipped past brightly in the night sky.  Thanks Darkwind.

dw5304 took over next and showed off some 40Gb Ethernet gear along with a demo.  We also had fun exploiting some really awful security of a customer management portal that dw5304 stumbled upon.

edgewalker was one of the lucky contestants to win the Free Junk Giveaway.  Enjoy the LetterPerfect software on your IBM/DOS compatible PC! 

Some pictures courtesy of our beloved overlord, AnarchyAngel.

Getting IP addresses from contacts on Skype as told by Noize.

Skype is an extremely popular, proprietary, cross-platform, peer-to-peer Voice-over-IP software client written by Skype Communications SARL, which is now owned by Microsoft Corporation. Due to its peer-to-peer always-on nature it is possible for a researcher to determine characteristics about a target computer, without the user’s knowledge. This can be leveraged to obtain information like the IP address of a target computer.

This is an Educational Guide only; use knowledge at your own risk! and always “the quieter you become, the more you are able to hear”.

Prerequisites

  • Your IP address

Skype Setup

  1. Head into Tools -> Options -> Advanced -> Connection
  2. Uncheck the checkbox labeled: “Use port 80 and 443 as alternative for incoming connections.”
  3. Use port 1210 for incoming connections.  Located right about the checkbox from step 2
    The reason for using this port is because it’s a unassigned tcp/udp port so we will not be DoSing a port, or cause other issues.

Wireshark Setup

  1. Open wireshark and start watching your incoming and outgoing traffic.
    Sniff the interface you will be using Skype on
  2. Create a filter like this
    ip.src == $your_ip_address and udp.srcport == 1210

Capture IP

  1. Start a call to a person, online or offline
  2. Watch wireshark and it will start to give you outgoing and incoming connections
  3. Once you have an outgoing IP that is consistent to the incoming IP, you have found it.

Happy Hacking!

Many thanks to Noize for writing this up and allowing us to share it.

March meeting madness!

The March meeting was no let down, we had lots of people and as always great demos. Ngharo got it started with a make your own pringles can cantenna. 9 luck attendees got to make and take home their own cantenna!  Then he kept it going with a quick demo of radio Mobile and how to use it to make a long range wireless mesh network. Then the professor gave a demo on metasploit using a java exploit to root a windows box. dw5304 took over and gave a little demo of a hacked xbox360 and using a laptop to control everything the console does. Here are some pictures from the meeting. Congrats to uberushaximus for winning 100 free hours to AOL high speed!!

dc414.org now hosting a tor exit node!!

dc414 is now hosting a tor exit node on our main server!! That’s two nodes running full time under the dc414 banner!

Here is the info on the tor server on dc414 – http://torstatus.blutmagie.de/router_detail.php?FP=0df6b76f92abbad09dfef4f2e3748c9ad75fe12c

Here is the info on the tor server I run from my house – http://torstatus.blutmagie.de/router_detail.php?FP=D6859BFF04AD1267DFC7B5646ED2A304B824FC21

I hope others follow our lead and set up exit nodes where ever they can! Got one running now? Comment to this post or send it in to us and we will drink a beer in your honor, for a job well done!

For the cause!

As some of you might know I run a Tor exit relay from my home connection. I got this in the mail the other day:

Hello and welcome to Tor!

We’ve noticed that your Tor node dc414 has been running long enough to be flagged as “stable”. First, we would like to thank you for your contribution to the Tor network! As Tor grows, we require ever more nodes to improve browsing speed and reliability for our users. Your node is helping to serve the millions of Tor clients out there.

As a node operator, you may be interested in the Tor Weather service, which sends important email notifications when a node is down or your version is out of date. We here at Tor consider this service to be vitally important and greatly useful to all node operators. If you’re interested in Tor Weather, please visit the following link to register:

https://weather.torproject.org/

You might also be interested in the tor-announce mailing list, which is a low volume list for announcements of new releases and critical security updates. To join, visit the following address:

https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-announce

Additionally, since you are running as an exit node, you might be interested in Tor’s Legal FAQ for Relay Operators (https://www.torproject.org/eff/tor-legal-faq.html.en) and Mike Perry’s blog post on running an exit node (https://blog.torproject.org/blog/tips-running-exit-node-minimal-harassment).

Thank you again for your contribution to the Tor network! We won’t send you any further emails unless you subscribe.

Disclaimer: If you have no idea why you’re receiving this email, we sincerely apologize! You shouldn’t hear from us again.

Yay my node is now stable!! Now we just need to get one running on the dc414 server 🙂