Robert Coccaro - Remote Browser Isolation - Stop Browser Betrayal During OSINT Investigations

jeopardize that uh investigation right okay so what I'm going to cover is like you know um how online research can compromise those investigations the cautions of using these things that we get comfortable using like incognito mode private mode and all those things and hey and a VPN and then we're going to talk about the differences between non-attribution misattribution and managed attribution and any time during this thing of mine please if you have a question uh raise my raise your hand we'll address it also my boss is in the background to make sure I don't say anything stupid so um he he's there for the the QC part of this um so let's talk about uh open source right

so if you've been around you know in the last 10 years or so and and been paying attention to like open source intelligence and and investigations right it used to just be like um if you were like a maybe if you worked in law enforcement or you were just some guy that creeped on your neighbor or something like that right people would always get online and just do some research right they didn't know they were doing open source research they just called it creeping Right But as time has evolved and and more the complexities that have have uh you know grown along with us these are some of the industries that now open source has

become a day-to-day part of right uh brand reputation companies want to say hey who's uh who's trying to tarnish our brand who's trying to make us look not as good as we are um fraud investigations right trust and safety teams what about companies that um um you know knockoffs of iPhones and things like that knock off of electronics you know overseas Alibaba not to be calling anyone out but you know are known for selling fraud uh you know knockoffs of other Hardware um so specifically we're going to talk about you know the common online research resources which are here right not all of them obviously this is a very very short list but these are not just the

only areas for osent work right you can also newspapers news your nosy neighbor who's always gossiping right that's open source research right but specifically we want to talk about this and the aspect of doing it online I was making sure I did there were some transitions in here earlier that were really bugging me and my boss got those out for me so um so here's what we need to do and then these are the challenges right A lot of times maybe many of you are very familiar familiar with this exact um scenario where you're at work and you need to get some information you really need to go somewhere and get something but you're blocked by your corporate

firewall or I can't get anywhere because I'm not allowed to go so you want me to do something but you don't give me the access to go there and do it right as we do investigations right protecting our identity protecting our methods and protecting our reputations is very important but like I said the challenges there on the other side you know risk of retaliation if you're doing uh research on a particular apt a particular you know nefarious individual you don't want to tip them that you might be um you know looking into to what they're doing on their day-to-day so that was a big Challenge and a concern that we have okay browsers we have to use them right they

are useful and they serve a great purpose but they do betray us right websites collect all of this information about us every time you go online think about the amount of time that you spend online on a day-to-day basis over weeks years and months and you've always used the same browser and how much are you telling all of these organizations these companies the the personal things about yourself what TVs I like what I like to eat where what am I doing for entertainment right and if you take all of that information and then compare it with the little things we walk around with our pocket on with our location data on with our Bluetooth on connecting to see how much

my heart rate beats right 25 years ago if I walked up to you and said hey uh I need you to let me know how many times you go to the bathroom Okay uh what'd you eat for dinner and what are you gonna do tomorrow oh and every time you make a friend let me know I need to know that right no one would do that but we voluntarily do that these days and so while we do that and then we take that same information in the same place where we conduct an investigation what are we saying right we're really giving up a lot of information about what we say about ourselves online and now if we try

to do an investigation using those same methods then we are seriously convoluting the two I don't know if anybody some of you may not even been born in the 90s but back in those days if you ever went online with your AOL CD or you know dropped it in and had the nice little uh you know faxing type sound back then this is the way Amazon looked right I mean it's just like says texting some images some animated gifs because it was designed for Speed right we there was not too much just text in there so and and our bandwidth back then is not near what it is today right it's man you've got gig

speed sometimes even more so because of those enhancements right we have come a long way now look what we do on site right feature Rich you know um real time scrolling codex JavaScript um you know just videos within the page right it's just so Dynamic right there's so much you can do on a website these days because of the amount of bandwidth and the technology there's a lot more that we can do right but because of all those enhanced features and all of those things that we can now do with these websites we pay a price right the price is we give up a lot of this information about what we're doing now I know everybody in this room knows what a

cookie is Right putting little information on your browser at the request of a web server so that it can uh you know uh possibly track you from from location to location across the internet not all cookies are bad right we're really concerned about third-party cookies third party referral cookies because we didn't have them you might not be able to remember in two weeks of what I put in my Amazon cart today so it's not necessarily cookies are bad it's just the type of cookies that we're concerned about and because of this increased technology and bandwidth and all the things we can do there's other places where we can store information as you go about your

day-to-day right the web Dom right basically it's just a bigger place to store more information right that's all it is at the request of the website right so cookies webs Dom storage right all of these things are going to help in building a fingerprint about us right so through targeted advertising techniques browsing websites sensitive to investigations can lead fingerprints that it's expose the investigator right and then in addition to those things of cookies and and the cash and the web storage and all of those things these are some other areas of concern right canvas fingerprinting right there's one sole purpose for canvas fingerprinting and that is just to track your activity across the internet and if

you read what this is right basically this one sums it up right here instructs a web browser to draw specific text or shape on a screen examine it and then it looks for uniqueness as you go about your day to day so basically it just draws this little thing that you can't see a little speck somewhere and they're able to compare that with like a hash value and they see that hash value somewhere else that's obviously you I'm going to keep going where you go and just staying on your tail to see what you're doing okay also these are the other things that are you know uh tracked as we do our day-to-day investigations and even your just

day-to-day work and browsing right websites have to know what exact type audio you have so they can render that content to you so you can make use of it so they have to know that you're looking listening through airpods or beats or whatever it is and then they create the audio fingerprint for you so we're just building building building building uh to create a unique profile and fingerprint about users right plugins we'll talk about some plugins here but hey plugins are great right and there's a you know some for screenshotting some for you know changing my user agent and we'll get into that in a little bit as well but the more plugins that you add to a

browser the more unique you become right because now you're adding something different to your browser that somebody else may not so you create uniqueness so you know we always say in in cyber security you've got Security on this side and you got convenience on this side and you have this slider in the middle and you just find your comfort level of where you want to be between comfort and security right and so that's kind of what we're going to do we're going to try to get to a comfort level manage our risk but we think everything is going to work for us attribution concerns mitigated through uh different types of browser attribution that's what we're going to talk about non-miss and

managed right whoa that's two I'm trying to fly through this so I can get on the the keys and show a couple of things and hopefully the demo gods are going to work with me today right non-attribution right provides a degree of anonymity very difficult to accomplish right vpns kind of give us a little this and we'll show but you know if you have poor tradecraft while you're connected to a VPN you can totally blow your cover I thought this was a little funny thing remember on the internet when nobody knew who you were right um that's really not the case anymore now is it misattribution is providing false information manipulating certain things about the

browser or about our habits so that people really don't know who we are I'm providing false information some might even call it lying but it depends on the scope of work right on what I'm trying to do right so in the browser these are some of the attributes that I kind of want to be concerned about and look at providing misinformation about these things so that instead of my concern about people tracking what I'm doing across the internet I am leading them to a place I want them to go and giving them information I want them to see that doesn't tie back to me right so it's not so much about like I don't want them to track me here I don't

want to do that no no no you're giving them the information you want them to have right and it doesn't come back to you managed attribution is exactly that thing right where we control what we want right we are setting the the playing field we start from the beginning and like okay I'm starting with a fresh clean slate here and from this point forward this is how I want you to see me this is where I want you to see me live this is how I want you to see me work this is the language that I speak right and now none of that might be true but they don't know that hopefully right nothing's impossible

right so this is where I'll wait a little bit now good I'll just do a whole demo at the end but don't let me forget this right so browser fingerprinting maybe you guys who's heard you know a cover Your Tracks anyone right awesome no one nobody's saying oh awesome hey okay sweet um at least you learned one thing um am I unique browser leaks right these are some of these sites that you can go to to um see what you look like out on the internet right and I'll do a couple I'll do probably most of these here in a second right is that 10 minutes to go until I'm done I thought I had an hour

it said I had a full hour that's what they told me all right reset okay trying to kick me out of here already I know I know everybody wants to get home watch college football I got you I know Roll Tide I got it uh anyway actually he loves me back there anyway so these things are some places that you can go and uh see how you look out on the internet what you're saying to the world and so there's an example right there but we'll do a real world example here in just a second okay so no this is where I go into the real demo and then I'll come back here and want

you to remember these things okay so I'm going to stand here and I'm going to get out of this um I need like a I need a real guy there okay there we go Okay so this is an example of my I guess you guys can see that right is that okay I'll make that be good maybe no okay anyway this is an example of my uh virtual machine setup right so what I have done let's go and make that a little bigger well I'll just explain it so you can see up here I have my virtual machines right and then the number one folder is my base images right so with these base images whether it's Cali

Ubuntu whatever your Gen 2 whatever your distribution Windows of choice I create a base image this base image is where I add my new tools where I do my pseudo app updates and upgrades I keep it patch I do everything to that base image that I want to take with me on an investigation right from that base image I clone it I snapshot it I back it up I do all of these things and now I'm talking about doing this kind of locally right maybe on your local machine maybe your local network or something but then we're going to bring this up into maybe a cloud environment and the two things that we really want to be concerned with

while we do this is isolation and anonymity right that's what we want to achieve as we start these investigations right okay so I have a couple images here all right I've updated them I've made clones everything is good I haven't done anything but update those and keep them active with the tools that I use on a day-to-day basis right so now I say okay somebody says hey uh we need to go find that guy who uh let's grab that purse the other day so I'm like okay I will clone it and I will say hey clone this image and then I drag it into my active case now in my active case that's where I'm gonna go okay I'm

going to create a sock puppet I got my burner phone I got my uh profile that I'm like this surfer dude uh you know who just loves to be out on the waves I've done all these things that I am establishing the Persona that I want people to think who I am in the place where I want it done with the languages that I speak it'll all make much more sense here in just a second then once I am done with that one I will just drag it into my archive and then I created one just to test my theory and that's the one that I'm basically uh working off of so that investigation is over it's been archived

right the way things are done today that we have seen in the industry with especially with local law enforcement even Even in our own government agencies is they might do step one uh but they'll just stay right there they'll be like okay that case is over and they'll say okay that's okay we we're going to continue to do other investigations but they never reset the playing field so the uh environment of which they did the investigation will carry some um residual residuals into the next investigation because now you've established a profile and this profile likes to do this right and now you go into this other thing completely different that these agencies and the sites that

you get are still aggregating all of that stuff because you've never reset it right and you don't want it to give you skewed content as you go up there and uh you know conduct the investigation so if I'm going to start a new investigation I will grab it again from the base image right even if I use the same Persona at least I am not bringing the residue of the places I went and the things that I did ideally if you can afford the budget or have the means of the resources you would start with new personas each time if that's possible Right Okay so start clean investigate archive rinse and repeat right um then oh hey there it is

they got a lot smaller when you hooked me up into this thing here okay so here I am I have a virtual machine here remember my name okay so I've opened up a web page here right uh and I'm gonna do a couple of things right I'm not going to do the uh incognito mode or anything like that but the next time you guys go to incognito mode and private browsing read what it says it says hey we'll delete your history maybe get rid of some cookies but your ISP can still track what you're doing on the internet um particularly like it'll say that particular warning in Firefox Chrome has something different but they all say the

same thing like hey this is not like something that you should like you know uh invest in that this is going to keep you 100 Anonymous okay so I just use start Pages my home page not a big deal all right so an example of how sites track US anybody heard of thunderbeam Light Beam any of these this is a browser extension free I encourage you to download it use it and then in a week come back and look at your activity and see what happens we're going to do an example right here so here I am fresh new browser Clean Cash clean cookies nothing just brand new VM and I'm like installed some extensions read

the extensions the descriptions where they come from vet them a little bit see if you're comfortable with adding those in so this one here is called light beam right so what light beam will do you see there's nothing there right now right what light beam will do is show you all of the cookies that are associated as you go along the internet right and not only will they show you the cookies but they'll show you the cookie relations so let's take a look at that right here all right so here's Light Beam I'm going to open this up remember Light Beam has nothing there right I'm just going to go right here um let's do uh let's go to hey we'll go

to Amazon we already talked about that right so go to Amazon I'm hot spotting off my phone because I just really don't trust public Wi-Fi anywhere especially at a hacker conference right okay so here I am a couple of vpns on top of this so yeah I'm really like slowing my my speed but anyway I'm on Amazon cool hey I'm gonna shop there all I did was go to Amazon uh what if we go to I don't know let's go to eBay right um go to eBay let that thing load up here note to self next time I do this I have a faster connection okay so that is going there we're going to pull up eBay

um let's do uh how about Target how about Target let's uh Target right public typing is not a great skill of mine um Target expect more um what's someone what's give me another give throw a sight at me somebody give me Facebook all right all right foreign okay so I've went to what foresight I just went to four places right how bad could that be let's just take a look and see how bad that is I opened this up and now okay this is really not as bad as I had anticipated right so you see all of the this is just Target so all of these are third-party cookies associated with Target man if we keep going let's let's

just throw another side in there that's going to connect those dots uh eBay how about Etsy right Etsy um that'll work let's see then we go back into this guy refresh right still not connected who is this Facebook's out there oh that's what happens when you try to hurry okay come back here well Etsy popped in well that's cool we'll just come flying in from the side right okay so you've got these little triangles here these are third party cookies right there's third party cookies associated with Amazon eBay Target Etsy as I continue if we had time I would just open up a few bro eventually this thing is going to look like spaghetti and it says right there I've

only went to eight sites but I have 24 third party requests what the heck does that mean well that means every time that I go to these sites right that cookie is there and it's going to continue to track me across the internet right now the other thing is this one doesn't really show but some of these are third-party referral cookies and what that means is uh let's say Amazon and Google right did I even go to Google if I go to Google and Amazon let's say Amazon and Google are friends right come on gig you can do it

hmm I'm gonna get you there I am but let's say that Google and Amazon are um I don't know why it's hanging way out there it should come in there and play and be part of the game but this is part of the whole demo thing right so um what what Google and Amazon let's just say and we all go to Google every day right so you're gonna have the this Google tracking cookie the analytics and all those things with Google but Amazon you might go there maybe like once a month or maybe like every day like my wife or something but if you went to Amazon every uh if you go to Google every day but you don't go to Amazon and

I say hey uh I'm Amazon you're Google I'm going to pay you some money so that when people go to Google will you renew my tracking cookie so I can also continue to monitor this internet activity because they're not going to get there within 30 days so if they don't come back within 30 days my tracking cookie is going to expire so help me out here's some cash and so over time that's what's going to happen right okay so again I am in a uh local browser so let's get rid of this guy for a second let's go into no let's not do Chrome let's do Brave right there's a ton of browsers out there I'm sure right

everyone's familiar privacy browsers epic Brave Vivaldi um all of them there's a there's a bunch right make this guy a little bigger oh you were supposed to be off for this I'm going to restart you and I'm going to turn you off don't you come yeah so hey I'm glad somebody knows windscribe okay so the first thing I'm gonna do here I am I'm in my VM Brave browser use Brave only because if you go on everyone looks at the settings and you go down every single setting Brave has a few more options I like it but you know nothing's a hundred percent right so let's do this first let's do am I unique remember I am on a

um Linux VM here and I'm basically using a Chrome browser right Brave is based off chromium right and so I'm going to say hey I might not have time to do all three of these but I'll do at least this one to show you so we can get to some other things right so here I am uh I go to am I unique and it's going to give me my browser fingerprint it's going to say this is wow this is like that at least I'm bringing you back to the 1990 speed that was kind of the whole intent of this thing uh from the beginning right yeah modem sound effects um yeah who's on the phone okay so hopefully

this is going to come up here in a second if not I'll just go back to the slide and then I'll show you what it uh what it says so it's going to say hey I can see your operating system oh we're almost there I can see your operating system I can see what time zone you're in and I can see what language you speak and all those other attributes that I was talking about like here um your your audio fingerprint your time zone which is there canvas fingerprinting all of the fonts oh that's a lot of information that they're like looking at me right it makes me a little uh uncomfortable um but let's just oh hey work with me

here right I'm on a Linux machine and it says I'm on a chrome on a Windows machine because I have this user agent switcher that shouldn't be on it should be off right um but that's part one okay so there's the things that we want to manage when we go out we want to set this ahead of time even before we click on our first Google link right we want to say hey I'm using this operating system I'm using this browser I want to be in this time zone I don't want you to know that I speak English if you do UTC minus four that is the Eastern time zone right what's funny about this I'm connected to

a uh a VPN in Washington DC but I go to Mi unique but it knows that I'm in the Eastern uh well not Washington DC and San Francisco I connect through a VPN in San Francisco which could probably account for my speed as well that's not UTC -4 in San Francisco right so what the these services do they're like oh you're pulling the time from your host well this information is sent in my headers when I go and visit sites so if I'm investigating something in Ukraine isn't it going to look weird when I pass this stuff in the header it's like you say you're in Ukraine but why is your in your language English and

why are you in the Eastern time zone right so these are the things that we kind of want to manipulate before we start any kind of investigation and so again adding these extensions will contribute to our uniqueness right but you've got to figure out what you're comfortable with right so if I have this guy here it looks like it says I'm already uh in a Windows right I'm on a Linux machine obviously you saw that I'm uh on a Linux box right there I'm sure everyone's familiar with that but now let's say hey let's manipulate two other things right it's fine I want to be a Windows machine on Chrome that's cool I'll do that but I don't want to be in

the time zone where I'm actually sitting and doing this work I need to match my targets time zone so that I blend in with local traffic I'm inside the Geo fence right so there's another extension that allows us to do that one of the guys said it over here winscribe so what I'm going to do is I'm going to look through my settings of when please go ahead

well you can't really hide it you just have to pick the one that you want because then the sites aren't going to know how to render the content to you based off that user agent so you got to have one you're just not letting them know which one you want it to be

yes yes it can be exactly yes you had a question sir

that's yep exactly what I just did right so um and I'm in the process of also spoofing my user agent my time zone and my language as well so those are the things yes sir

how much the question is how much is the uniqueness of the VM and I don't know where do you have the same VM that you put that that did correct it will right I am cloning from a sourced VM my main image right but I haven't passed any information sure maybe the hardware characteristics are going to be passed like it's going to say that you're on a Mac with this user agent uh and have some Hardware details about that I configured in the VM sure but that's stuff that we're still managing right I have that ability to not uh say or say what I want it to to give I hope that helps okay

no it's not going to change but there is some ways that we can manipulate some JavaScript and have it turn on or off uh as we go from site to site to not have some of that come up I hope that helps I should have thrown out my my biggest disclaimer like I'm not like a um super nation state hacker or anything I'm just like this guy that just likes to Tinker right um done some of this work I didn't even give my intro but you guys read it you can say I'm kind of a big deal um no I'm just kidding I'm not um okay so windscribe let's go through uh some of the settings in windscribe

right so if I go here and I go to privacy right what I'm going to do is say Okay um I am blocking third party cookies okay good let's block those third-party cookies so that when I go to those sites and then you would have to make sure that this is actually happening if you went back into the other extension it's probably not and then you just have to again clear them out or bring the New Image down and start over right um location warp says hey um fakes the location to your actual Target area and then also my language warp so now I'm saying um I want to manipulate the time and the language so let's go back into winscribe

and let's set those things right now I said hey I'm in I want to say I'm in Frankfurt and I speak German so if I hit that and I turn that on and back into settings you have the ability to do that you can see hey you're now connected right and so what should happen is when I refresh this and after about you know hopefully not five ten minutes this will refresh I'll still have Windows and chrome but this should have a different time zone and this should say d e for you know German let's just see it'll probably bring me back to the main page and then there well that was way faster than I could

have imagined that that would have done so now you can see I'm UTC plus two and my default language is German and UTC plus two is central eastern European Time right so now I am pretty much set to go I have if I'm doing an investigation in Germany let me be in the German time zone let me say that I'm speaking German right and let me pick the operating system and the browser of choice so now I'm manipulating these things uh so that I can get the information I want I don't have to accept the default information based off my browsing history what's in my cash my cookies my dom my sound fingerprint because all of that's

already going to skew that so if I manipulate this type of thing then I have a better chance of having a successful investigation right okay so let's just say now um that I have been able to do all of this locally somehow on my network right I've kind of created my isolation with my VM right I've done some anonymity around um you know manipulating these attributes again if I want to take that a step further if I did have concerns like I'm not really this is good this is really good it's way better than um what a lot of small medium-sized organizations coming most of them we've talked to some people will say hey how

are you doing your investigation today well I'm blocked on the corporate Network and uh basically I just get on my iPad and you know I just go to town that way oh that's perfect right well how do you do you create any kind of virtual Persona no just use my real Facebook page and I just man I'm I'm killing it I am killing it today right and they are they are I mean but at what cost right what cost so now I've got kind of the isolation here right to manage my how I'm looking but if I wanted to take it a step further right what could I do well I would get the code that runs locally through my

network and executes on my endpoint now let's take it to the cloud right and then we're going to let the cloud service kind of manage our backups our cloning um snapshots and all of those things right so if I just go here now and and let's just bring this guy up that's really bad resolution but you know it'll work I called it demo hope hoping this demo would work and uh so far I'd give it about a 90. percent here okay so now oh it actually doesn't look that bad up there it looks like it's anyway yeah so now here I am I have a uh digital ocean droplet spun up right just to put a Ubuntu box up there 2204 Jimmy

Jammy right uh got all of that basically you know stack overflowed how to get it running and just copy and pasted some commands and boom and there I am I'm running away right so now I'm gonna do the exact same things that I was doing locally but I'm gonna do it in the cloud I'm going to create snapshots digital ocean I'm sure you guys know you can create the snapshot use that snapshot for this investigation snapshot off the original it puts a new little squares boom boom boom you just do the same thing but now you're doing it in the cloud and you're ensuring that you have that isolation because nothing is going to run locally on your machine

right so basically it's the same thing I've created my snapshots I'm about to do an investigation I'm going to just go straight out to my browser uh and I'm going to add those extensions I'm going to get everything set to do this investigation uh yeah this is also a very minimal VM not a lot of ram going on there but you can see when scribes already uh connected right or as it says you are so very much yeah okay cool here activate that and take me take me to Germany give me my user agent yeah okay let's just see am I unique let's take a quick look and see how I have set myself this is an un Ubuntu machine right

running just like the other one this should probably run a little quicker because I'm running you know from a cloud but you know I didn't put a lot of a horsepower into this so there we go right I am speaking German I'm in just UTC zero right GMT time I said I'm an apple machine I am on Apple machine but I'm in a Linux VM in the cloud so now this is where this is my starting point this is my sterile environment for me to start right I can build a Persona I have my burner phone I'm getting my two Factor I'm integrating I'm uh you know um you know integrating interacting with particular individuals right I can do

all of these things now because I've started a clean environment and I continue on with the investigation and uh until it's complete and then we archive it and we start completely over again um a lot of work to do this right could you imagine having to do this for an organization of a hundred people 300 a thousand people right this solution is good two or three people maybe at a small law enforcement place right but what if you had a thousand people like this just doesn't necessarily scale that well right it can be done but it's just probably not the best way to do it so this is my Shameless plug I was listening to uh to Quaid over there

with his Shameless plug I was like you know what Quaid had a good thing he had a Shameless plug at the end I'm gonna have to steal that well I work for authenticate and what we do is we do manage attribution uh with the network as a service right so if you're interested in that come up and talk to me got some cards we basically just automate this whole thing where you click a button you select languages you select your user agent you select uh your time zone some automated Tools in there as well um but yes that's kind of what we do um this is this is what I have I've got about 15 minutes left which is exactly

where I wanted to be I do have a couple of prizes to give up they said I only have two so um the first one I'd give out is like okay I'm going to ask the question it's pretty simple and then this is your lock pit kit who learned something today right there saw this guy right here in the red that was easy okay and uh okay the other one is somebody tell me um what was the most useful piece of information that you learned today extensions okay there you go all right swag swagzone you're welcome all right now um any other questions that we can answer I know it's a Saturday people want to watch some football

um what do you have yes sir

yeah no I mean that's that's just kind of yeah uh you know DuckDuckGo is just a you know they say they're a privacy browser there was some article not too long ago that said what they they kind of leaked that's why I kind of um that's kind of why I just went to start page there's a bunch of these private search engines um you know I can't remember them off top of my head but start page duckduckgoer are kind of just better I'll say they're better but Google's an advertising company right I know but and how does an advertising company make money they sell your information so from an investigation point of view you might

want to start with one of these others or not because you're not you're going to always start with a sterile environment I do like DuckDuckGo for when I need to Google something right because I will use a bang operator you guys know the bang operator right so in the DuckDuckGo page uh here let me just do it like this I'll go to a traditional browser don't judge right we're going to go here I'm going to go here uh let me do this real quick I'll do so there's DuckDuckGo right so if I do a exclamation or what they call a bang G right that's Google if I do a GM that's Google Maps and you can see

all of them when you hit the exclamation point and so what that kind of does is instead of Bob looking for cars and searching it on Google DuckDuckGo would say or yeah Google would see DuckDuckGo is looking for cars somewhere right not not me or even cares you know something like that so I that's one thing I like to use is kind of like a duck duck go on instead of a Google but because Google is so robust and this searches are great I will just do a bang G and say hey Google thinks that goes it at least that's what I think yes sir

I guess it's worse right and so that's I'm thank you for that so if you sign in to any of your socials and you just leave that open right especially like when you sign into your Gmail and then you go to YouTube it you know how it says you're automatically uh commenting as Bob right and then you're signed into Facebook and I was like you're your cookies are gonna uh they're gonna they're still gonna pursue I mean they're still gonna draw attention um with whether you're not signed in but when you're signed in now you're really you're giving the identity of who you are explicitly it's the way I see that right yes sir

no not all uh yeah so um so all right there's obviously a lot of information out on on the internet right and you know like Mike bazelle I always quote this guy if you guys remember him he's like the OG of oscent back in the day right he's got a lot of good content he's got a great podcast uh a lot of uh Discord channels and slack but from a personal way it's like when I see uh if I'm searching for a particular function and I wonder if there's an extension that could give that to me then the first thing I do is I go and I read the developers you know uh description where

are they based right you know if they're based in the U.S or even Canada I'm okay but maybe if it's based somewhere overseas in a location that I am not too comfortable with doing and then I will actually go into those Discord channels and go hey has anybody tested this winscribe thing does anybody really know about it and then people will come back and go oh yeah winscribe it's cool I've used it for about 10 years or whatever and so that's just kind of because the ocent open source Community that's we want to share tools and knowledge um you know like oscent Curious Trace labs I'm going to pick up my buddy back there I can't remember some of the other

um oscent channels that are there but uh yeah that's kind of my methodology it's just I was like hey what do you know about this what do you know about this uh I got five minutes yes sir I have not dark webathon okay

traffic wow oh yeah yeah I did the last one too Tracy that's just fun and like that's a good thing about like Trace Labs a good plug for them thank you for that um if you're not like really um comfortable in doing this or you you know don't have a lot of experience the trace Labs uh CTF that the whole I think it's once or twice a year they just put you in a team with people and you just say hey look I'm I'm new to all this I'm just here to learn uh most of the community is pretty receptive yeah hey I'm looking for a team to join um and before the actual CTF kicks off

um you you find your team and then you you know kind of figure out what each of your strengths are going into it but I've done it for a couple of years in a row I just actually started doing it I had so much fun now you're probably not gonna win I never win but um but you gain a lot of experience and then you learn about other resources that people bring into the into the game for you anything else yes

what are those so the question is how do you basically compare the anonymity of Tor versus the VPN a premier VPN service oh not just a Premiere um so Tor you know is uh the tour project a tour browser you know it was built with anonymity from the from day one you know the Navy guys had needed some way back in the day to communicate uh anonymously so they wouldn't know um tour is fine right but you don't want to use Tor to do anything obviously personal because of the activity that takes place on the dark web so um a good thing to do like is when you build a cloud VM um Brave has a way that you can just open

onion links you hit the little hamburger menu and you know copy and paste the onion Link in there you could use it that way but yeah it's it's it provides Fair anyone please got more information on the tour provides a great degree of anonymity and a VPN it depends on the VPN service right if you guys probably know like it depends on what what they log some of them say that on an even log but here's my issue with vpns is that vpns are associated with data centers right so what takes place on vpns is like a lot of Nefarious activity right that's why you get hit with catches all the time right because you're connected to

the VPN and it'll say something looks weird once you rotate this elephant until he stands on his feet can you find all the ladders or is this a bike right so there are good vpns out there like proton VPN I would just research the vpns but how do you compare them I just think they're kind of two different um places right I don't know how to state that but if I yeah please go ahead

ah yes

so when I did the uniqueness thank you when I did the uniqueness test on one of these Pages it'll identify it as a Tor exit node and you don't know that you're on that tour exit node and then you get flagged that's why sometimes with a with these particular Services you get you get all these harassments of just trying to you know remember your anniversary no the Shameless plug again yes

yeah so he said your VPN one thing you might notice is that it's a sketchy data center where it's hosted which is not even gonna you know it's not helping you at all so uh anyway uh thank you very much for allowing me to spend some time with you today and uh I have some cards if you want to come up and chat uh we'll be here thank you [Applause]