Threat Inteliigence / OSINT / NETSEC / NATSEC


Download here!

Login: Ronan

Password: osint

To update the system and tools use the command "updateronan" in the terminal.

RonanVM is an Ubuntu image that comes with tools to help you collect and analyze your data. There were two main assumptions behind Ronan's creation:

  1. Collection of tools in an accessible form. The image has the tools installed, from my perspective, the most useful for any Internet investigation. I tried to make the tools function in the most accessible and conflict-free form possible. Therefore, for example, tools that are based on Python are assigned aliases that allow them to be run in the terminal by the same name, but also the repositories themselves are available in the Tool folder in the user's home directory. So in case of problems, we have easy access to the files themselves.
  2. Create a clean image that can be easily cloned for subsequent investigations. Although I have tried to have tools leave as few traces as possible - i.e. Firefox which does not save history, cleans data when turned off, and has functions that send information turned off - it is good practice to start each case from a clean machine to avoid confusion data collected in various cases.

Moving on to the point, the tools you'll find are:

Firefox browser with plugins installed for collecting digital data such as videos and facilitating work with OSINT activities:

Additionally, the browser is modified to leave as few traces as possible:

  • Tracker blocking is set to strict.
  • The browser does not ask for saving passwords.
  • No history is recorded, and the clear history at shutdown feature is active.
  • Access to location, camera, microphone, and notifications are blocked by default, as are pop-ups.
  • The telemetry collection program is turned off,
  • Blocking dangerous content is disabled - it may seem unintuitive, but this way Firefox will not send data about dangerous websites visited to third parties.

In the configuration editor (about: config):

  • geo.enabled: FALSE - Prevents location sharing.
  • dom.battery.enabled: FALSE - Prevents profiling based on battery level data.
  • media.navigator.enabled: FALSE - Prevents profiling based on microphone and camera status.

WebRTC disabled to protect against IP leakage:

  • media.peerconnection.tum.disable: TRUE
    • media.peerconnection.use_document_iceservers: FALSE
    • media. FALSE
    • media.peerconnection.enabled: FALSE

System Settings:

  • Uninstalled "popularity-contest" package collecting information about installed modules.
  • File history and recycle bin disabled.
  • Send diagnostic error data set to "Never".