Embed Size (px)
Citation preview
@ClerkOfCourse
@GyledC
@5nacks
@the_wondersmith
Version 1.0
Trace Labs is a not-for-profit organization whose mission is to accelerate the family
reunification of missing persons while training members and volunteers in the trade
craft of open source intelligence (OSINT). The missing persons issue is worsening
which requires modern and scalable solutions at various levels to help mitigate risk
to society.
We leverage our own custom CTF platform that enables the collection of OSINT to
power crowdsourced Capture the Flag (CTF) events known as the “OSINT Search
Party CTF”. OSINT refers to the collection, processing, and analysis of publicly
available data found in social media, online forums, government and commercial
records, and even the dark web.
Trace Labs has taken the traditional CTF competition that we see in the information
security community where participants are provided various challenges that may
involve the use of penetration testing, digital forensics, reverse engineering,
programming and other technical problem solving skills and knowledge to obtain
“flags” for points and evolved it into a real-life exercise where the participants’
contributions have real-world impact and the potential to enhance public safety.
Since its inception in 2018, Trace Labs has:
• Organized 30 CTFs globally
• Worked on 250+ missing persons cases
• Collected 30,000+ OSINT submissions from our crowdsourced community
• Brought together 2500+ contestants in our CTFs
• Brought together 500+ volunteer CTF Judges
• Worked with 10+ Law Enforcement Agencies
Contents
Trace Labs OSINT Virtual Machine (VM) ........................................................................... 5
Introduction ..................................................................................................................... 5
Licenses ........................................................................................................................... 5
System Requirements ..................................................................................................... 5
Distribution Tools and Features ..................................................................................... 6
Support ............................................................................................................................ 7
GitHub and Contributing ................................................................................................. 7
How to Install....................................................................................................................... 8
Download the OVA file .................................................................................................... 8
Import the OVA File into the Virtualization Software .................................................... 8
Start the Trace Labs OSINT VM .................................................................................... 12
How To / Troubleshooting ................................................................................................ 13
The virtual machine is running slowly. ........................................................................ 13
I can’t install VMWare or VirtualBox on Windows 10. ................................................. 13
Intel/AMD virtualization not enabled in BIOS .............................................................. 13
The screen is hard to read. ........................................................................................... 14
Trace Labs OSINT Virtual Machine (VM)
// Introduction
The Trace Labs team has set out to create a specialized OSINT VM specifically to
bring together the most effective OSINT tools and customized scripts we saw
being used during several Search Party CTFs. Inspired by the popular Buscador
VM by Michael Bazzell, the Trace Labs OSINT VM was built in a similar way. The
goal is to enable OSINT investigators participating in the Trace Labs Search Party
CTFs a quick way to get started and have access to the most popular OSINT tools
and scripts in one virtual machine.
We want to continuously improve the Trace Labs OSINT VM and we are
constantly improving several components as you read this guide. We welcome
any and all feedback. Our goal with this project is to provide the community an
OSINT focused VM that provides security, stealth, and the ability to easily save
digital forensic evidence during an investigation in an easy to use package.
// Licenses
This Linux Distribution is a modified version of Kali Linux which is developed by
Offensive Security and contains free and non-free packages. See
https://www.kali.org/docs/policy/kali-linux-open-source-policy/ for licensing details.
Linux® is the registered trademark of Linus Torvalds in the U.S. and other
countries.
// System Requirements
The virtual machine is pre-allocated with 4 GB of RAM, 4 CPU cores and 40 GB
disk space.
Your computer should ideally have the following specifications:
• 8 Gigabytes of RAM
• Dual core or better
• More than 40 GB of free disk space
If there are not enough resources allocated to the virtual machine it will run slowly
or worse it will hang, particularly when running multiple browser tabs.
// Distribution Tools and Features
The distribution includes the following tools and features:
Android container app
• Anbox
Domain enumeration
• Sublist3r
Downloaders
• Browse Mirrored Websites • Metagoofil • Spiderpig • WebHTTrack Website
Copier • Youtube-DL
We browsers
• Chromium Web Browser • Firefox ESR • Tor Browser
Email information gathering tools
• Buster • Infoga • OSINT-Search • theHarvester
Data analysis
• DumpsterDiver • Exifprobe • Exifscan • Stegosuite
Phone number search tools
• OSINT-Search • PhoneInfoga
OSINT scraping frameworks
• Little Brother • Skiptracer • sn0int • Spiderfoot
Social media search tools
• Facebook Information • Instaloader
Username enumeration
Configuration settings on Firefox
• Delete cookies/history on shutdown
• Privacy protection (block mic/camera/geo)
• OSINT Bookmarks
• Sherlock
// Support
This customised Kali Linux distribution is supported by the community and does not come with any official support. Please visit the following communities to get help. Trace Labs Community
Trace Labs has a Slack page (www.tracelabs.org) and a channel #questions where you can ask about OSINT methods and tools. Offensive Security
Offensive Security provides a forum for support with the Kali distribution. https://www.kali.org/community/
// GitHub and Contributing
You can contribute to this project by raising issues, suggestions and request changes to the code at https://github.com/tracelabs/tlosint-live. The GitHub repository builds an up to date version of the Trace Labs OSINT live disk. The live disk can be used to create an OVA or install the operating system on a physical computer.
How to Install
// Install Virtualization Software
To use the Trace Labs OSINT Operating System (OS), you will need to use a
Virtual Machine (VM). It is suggested that you install the OS in a VM instead of
installing it as your computer’s operating system. You can easily create a
snapshot before you start your investigations and rollback to it once the Search
Party event is over. Moreover, the current release is an OVA (Open Virtual
Appliance) package.
You can use either VirtualBox or VMWare to open the OVA file and set-up the VM.
If you don’t have a virtualization software, you can download the latest from
VirtualBox here:
https://www.virtualbox.org/wiki/Downloads
If you have VMWare installed, the instructions on how to import the OVA file is
found in the sections below.
// Download the OVA file
Obtain the OVA file from this location https://www.tracelabs.org/trace-labs-osint-
vm/
Once the download is completed, check the hash of the file to ensure file integrity.
If you have a program that can check file hashes, such as 7-zip, this can be done
within the Windows Explorer as shown in the screenshot below:
// Import the OVA File into the Virtualization Software
Virtual Box
You can find instructions on how to do this here: https://docs.oracle.com/cd/E26217_01/E26796/html/qs-import-vm.html
VMWare Fusion
Step 1: Go to File>Import. Choose the OVA file you’ve downloaded.
Step 2: Once you’ve selected the OVA file, click Continue.
Step 3: Save the virtual machine.
Note: If you encounter the message that the import failed because the OVA file did not pass OVF specification conformance or virtual hardware compliance checks, just click Retry.
Step 4: If you want to change the default virtual machine settings, click Customize Settings. Otherwise, just click Finish.
VMWare Workstation Pro
Step 1: Go to File> Open. Select the OVA you have downloaded.
Step 2: Choose the OVA file you’ve downloaded.
Note: If you encounter the message that the import failed because the OVA file did not pass OVF
specification conformance or virtual hardware compliance checks, just click Retry.
Step 3: Wait for a few minutes for the importing to complete. Once it is completed, you will see it saved in your VMWare Workstation and you can use the green play button to start it.
// Start the Trace Labs OSINT VM
Virtual Box
• Click on the Start button on VBox to begin.
VMWare Fusion
• Click on the play button to start your newly imported VM. The other option is to click on File>Open and Run and select the VM you have just imported.
VMWare Workstation Pro
• Click on the play button to start your newly imported VM. Login to the Virtual Machine
• Use the following credentials and then hit enter:
Username: kali Password: kali
How To / Troubleshooting
// The virtual machine is running slowly.
Check the following links to help you increase the amount of resources in the virtual machine so that you can run applications concurrently.
VMWare: https://kb.vmware.com/s/article/1004059
VirtualBox: https://docs.bitnami.com/virtual-machine/faq/administration/increase-
memory/
// I can’t install VMWare or VirtualBox on Windows 10.
Windows 10 has a new feature called Credential Guard which stops VMware being installed. You may want to refer to the following Microsoft article. https://support.microsoft.com/en-au/help/3204980/virtualization-applications-do-not-work-together-with-hyper-v-device-g
// Intel/AMD virtualization not enabled in BIOS
You may get an error such as this when trying to power on a virtual machine. If so,
it means you need to enable virtualization in your BIOS. Check the link for the
steps on how do this: https://www.howtogeek.com/213795/how-to-enable-intel-vt-
x-in-your-computers-bios-or-uefi-firmware/
// The screen is hard to read.
On high-definition monitors, the screen of the virtual machine may be difficult to
read. Check this guide on how to solve this: https://www.kali.org/docs/general-
use/hidpi/
// The OVA will not import correctly.
Check that the download has completed correctly and verify the hash from the
website – see the section “Download the OVA file”.
Also confirm that you have the latest version of VMware or VirtualBox installed.
