There are tons of distros out there that are centered around different domains of cyber security. Majority of them are for Pentesters, then Anonymity-focused one, then for OSINT investigators and then comes DFIR. Being a Pentester i am already familiar with popular ones like Kali. Recently I have changed my profile and it involves doing research on Dark web and OSINT research around cybercrime activity.
While going through couple of months i felt there was need for distro-like setup where I would have all my tools in one setup that help me in regular Dark web/ OSINT tasks. I tried to search about distros that are focused on Dark web/ OSINT and found few promising ones the likes of CSI Linux and Tsurugi Linux which are new. But then I keep getting new ones, particularly for OSINT Investigators.
Now I am confused and unsure which one to try and test, thought the community might help.
Have you guys found distro that has most Dark web tools and OSINT tools?
Would DFIR type distro be a good fit for me?
Please suggest me from your experience
PS: If this not the right forums, pls point me towards the right one. Thanks
PS: I am not concerned about privacy, I am gonna be behind two vpn at all time. My focus is to have dedicated box that already has bunch of tools for ddw/OSINT research. The two mentioned above are very promising and have custom tools for it just wanted to know your views cuz I was keep getting osint distros I didn’t even heard of. I don’t need distro just focused on privacy to surf shady sites.
Tails is not for you. Tails is if you want to hide what you are doing very well. From what I get this is not your goal. You want to safely access the dark web for your research.
I’d recommend qubes. It comes with whonix preinstalled, which is a way safer way to connect to the dark web. And additionally if you deal with unknown input that might contain malware you can easily fire up disposable VMs to not risk your systems health.
Edit: Qubes feels a lot like any linux, but due to the awesome compartmentalization of course some workflows are different and and possibly a bit more complicated. Screenshots, copy/pasting for example. Generally interaction between different workloads is - on purpose - not as smooth as in a classic OS. If you have, as you should, your keepass in a separate offline VM, autotype won’t work for example. But it’s only a few things you have to get comfortable with, and the resulting experience for security focused users is just awesome.
Perhaps you could look into CSI Linux?
PS: I am not concerned about privacy, I am gonna be behind two vpn at all time. My focus is to have dedicated box that already has bunch of tools for ddw/OSINT research. The two mentioned above are very promising and have custom tools for it just wanted to know your views cuz I was keep getting osint distros I didn’t even heard of. I don’t need distro just focused on privacy to surf shady sites.
tor isn’t meant to be used with a VPN
Give the Trace Labs OSINT VM a look if you haven’t yet. It’s a customized Kali that a lot of OSINT people I know use.
Tails is a Linux distro with a built-in Tor proxy. You can make a bootable thumb drive using Belena Etcher, or a bootable DVD, or like me just run it in a VM.
In what is pretty much considered The OSINT bible, Michael Bazzel lays out instructions and even a script for setting up what he considers a capable OSINT OS. And it’s Ubuntu.
+1 for Tracelabs VM as well. OSINT is their entire thing.
I’ve used Kali for some time because of the networking OSINT tools available, and its inclusion of the seclists and dirbuster directory and other security features. It’s not specifically catered to OSINT like the others mentioned in my comment and this thread, but it’s got a lot of handy tools even on a fresh install.
I absolutely love Kali, there is just so much you can do with Kali.
Build your own Buscador - google “DYI Buscador”.
Check out ParrotSec. Debian based. Lots of tools for privacy and security included, but not that mich like Kali for pentesting
Did you look at Kodachi Linux? Js
No one evermentions Whonix…
Ubuntu and ESXi, all my tools are installed through Docker and on virtual machines. VMs are either Kali, Parrot or Ubuntu - Ubuntu when I’d rather build it myself from scratch or just install what I need.
I take the same approach with red team. Windows OS with a Kali WSL and a Parrot OS VM, docker desktop for anything that can use it. Stay flexible, tools come and go.
Perfect example of proper use of and ar 15 and and proof gun control is bs. I know it’s different being a cash truck, but stuff like this happens to civilians all the time. the platform of the ar is specifically designed for offensive AND defensive situations. Quite simple and incredibly effective; the rifle platform in general is substantially easier to use accurately, and more accurate and efficient from a ballistic perspective. As the ar-15 is designed to be operated in high stress situations, it’s ideal for any defense situation. Made for war means it’s made for defensive. Idk if y’all noticed but there’s war in the street. Gun control isn’t about guns it’s about control.
^ This. Verify your hardware is compatible with qubes and you can install a distro template of your choice. Debian, Fedora, gentoo, Ubuntu… whatever distro you’re comfortable in.
if i use qubes, will i have to configure whonix separately??
Just when i start to think i know a little bit… theres always something new… and its awesome… but by the time i get the bastard goin well be running virtual os conglomerate octakernel sandcastles on arm.76 mobile supercomputers…
I just need an arrow that POINTS ME TO THE LATEST…
Anybody interested in creating, or pointing me to a detailed timeline of where were all at on the internet… that would fantastic
Can you please link a resource for this. I had an argument with my manager on this but being “uneducated” on TOR at that time I simply couldn’t convince him.
Also if Tor + VPN is a bad idea then standalone Tor or VPN is safe? Any surprises there?
Just to confirm we first connect to a good VPN provider then shoot to an absolute shady VPN provider, just so that it doesn’t raise flags, not to agencies but to crooks. Do you think this is a bad setup.
Pretty sure that was an earlier issue mainly? Because I remember this argument back in 2012, but later emerged as long as you can configure it right or have the right VPN service, you could do VPN over Tor with greater obfuscation/privacy.
+1 for tracelabs. I’ve played their missing persons CTF many times over starting with a clean install of their VM and still managed to turn out results successfully within the time-frame of the CTF.