Threat Inteliigence / OSINT / NETSEC / NATSEC

RonanVM update

Shortly after setting up counterintelligence.pl, I also started a project RonanVM, i.e. a virtual machine image adapted to conduct OSINT investigations. Unfortunately, I don't have that much time to develop the project at the pace of Kali Linux, but I had the opportunity to make some changes and improvements recently. Moving on to the specifics:

  1. RonanVM's assumption was to base it on open source software as much as possible, but unfortunately when it comes to virtualization, I see too much of a difference in performance between VirtualBox and VMware Workstation. Therefore, a new image was prepared and exported from the VMware environment. It's still OVA format so there should be no problems importing into VirtualBox, but I can't vouch for how well the system will perform. I remind you that VMware Player is available for free, and although it does not allow you to take snapshots, in the adopted model of "one VM clone - one investigation" this should not be such a big problem. I was even able to import the image into UTM on a MacBook Pro with an M1 chip using these instructionsUnfortunately, the stability leaves much to be desired.
  2. Upgrade to Ubuntu 22.04.
  3. I added some tools:
    • Chromium Browser. The practice of OSINT collection has shown that some pages and sources work better on the Chrome engine, so I decided that it would be good to have this browser as well. In addition, add-ons related to content translation integrate very well with Chromium, so it is an additional asset when you need to analyze foreign sources.
    • ImHex. A very good hex editor with a number of functions that facilitate analysis, such as the ability to combine files, add bookmarks or replace strings with regex. I really like this project because it was difficult for me to find an editor that met all my requirements, and I think I succeeded here. Due to this change, I removed the Bless editor.
    • Wireshark. A well-known and popular packet analysis program. Useful if you want to take a closer look at network activity when connecting to a specific source or just analyze captured packets.
    • OpenBB. An open source platform for the analysis of financial instruments enabling access and analysis of a range of data closely related to both financial results and events that may affect the price of instruments (sales by board members, lobbying, legal regulations, etc.).
    • GParted. It may seem like an addition not very related to OSINT, but depending on what data we will collect and analyze, we may need to resize the disk after importing the machine. Since from the system's point of view it will be a hardware change, it is necessary to adjust the size of the partition manually. And here the most convenient tool from my perspective is GParted.
  4. I removed the tool anonsurf, which is not really supported supported and caused dependency problems.
  5. Finally, the new image also includes minor fixes related to updates and dependencies, especially the Sherloq image analysis tool should now work better.

I also encourage you to use it, in my opinion the project is now much more mature and more suitable for everyday OSINT activities. I would like to polish the image a bit more - first of all, reduce the size to make it more "portable", and maybe even change the format to an installation script, but as a starting platform it already works well. You will find the link as always on the project page.

Leave a Reply

Your email address will not be published. Required fields are marked *

en_USEnglish