Get Started With Hunchly, almost a year ago, was the introduction to a fine piece of web investigation recording software. You add its extension to Chrome, run the standalone dashboard to do some basic configuration, and you’ll be doing useful stuff with it in less than any hour. The desktop version has actually come down to just $109.99 yearly, and they have a Cloud offering that is $199.99 yearly. You can start a thirty day free trial right here.
I’ve been asking Hunchly support weird, edge of the envelope questions since I started using it almost ten years ago. They needed some customers to talk to a new customer support person they were onboarding, I agreed to do this, and as a result I walked away with a login to a fascinating pre-production system called Cloak.
Let’s have a look at this beastie …
Attention Conservation Notice:
Product reviews like this generally end up in Tool Time and they don’t get email announcements, they’re collateral I will use in actual articles on the main IIB feed. Cloak is interesting enough that it’s getting showcased.
Leaping Into Kasm:
Hunchly are building Cloak using Kasm Workspaces as the foundation. This is a general virtualization platform that has Docker underneath and there’s a free Community Edition, so you guys can poke around in that if you want. This is NOT Cloak, it’s the foundation upon which it was built. I have been wanting to try the self hosted version, but there are only so many hours in the day, and I’m trying to be sensitive to what you guys need. Most of you do NOT have an engineer with my skills handy, so Kasm CE works for a look around, and fairly soon you’ll be able to get a remote investigative desktop for just $199.99/year.
Investigating:
This is what I see when I log into Cloak. The top left pane is an Atlas machine, the bottom left is a persistent profile setup, which is very, very angry with me at the moment. Those are machines that are actually running. The items on the right are the various remote desktops you can use.
The machines with country flags have the same interface as Hunchly Cloud.
There’s the Hunchly extension drop down at the top, and a bit of the Hunchly app itself.
And you should look at Get Started With Hunchly video to understand what you’re seeing. Basically you can visit web pages, they get recorded as you go, you can add Selectors, which are search terms in the pages, and you can create as many different investigations as you need. No more screen shots, no more printing pages to PDF, Hunchly keeps everything for you, including working copies of pages in case the original is deleted(!)
Cloaking:
Based on conversations with the Hunchly staff, Cloak is a broadly available version of bespoke installs of Kasm they’ve built for large customers. You get a variety of exit points and this is similar to Ntrepid’s non-attrib/mis-attrib desktop service, but if pricing remains similar to Hunchly Cloud it’s 5% of the cost.
During our conversation we spent a lot of time talking about IP addresses and transport modes. One thing I recommended, which I hope they will do, is providing Tailscale in the machines. If you buy a burner phone, make a persona using it, and you configure it such that it’s an internet gateway for your Cloak system, that’s some grade A internet spook tradecraft.
That’s a good start, but there is another really promising thing in Atlas. A bare remote desktop with Google Chrome is a start, but here’s our dear friend Telegram, along with the Obsidian writing/note taking app.
I asked about additional software - specifically these.
Dropbox – easy cloud file sharing, already runs manually under tmux.
Tmux – terminal multiplexer, use for long term processes like Dropbox
Tailscale – for access to network resources user owns.
Signal – secure chat we use for coordination
Discord – whole world uses this noisy ass thing.
Java17 runtime + Maltego CE?
Anaconda Python works but 6GB+, can we just get newer Python and pip?
There are other chat apps such as IRC, Jabber, etc. Install Pidgin?
Chrome only has Hunchly, is there a guide to other important extensions?
They agreed that this stuff was possible, but time is money and this is beta testing, so no ETA on when it’ll arrive. I would think Discord for investigation would be key, and Pidgin with the various protocols it supports would also be important. I am less interested in Maltego in this environment - their choice of Obsidian is probably better for everyone who isn’t already a Maltego fan.
Conclusion:
A couple days ago I transplanted a persona from a VM to a Cloak desktop and much of it worked, but I still need the chat clients. I don’t think I will entirely abandon the practice of creating virtual machines with fail closed networking to host personas, I would need to see a solid Tailscale offering that would work with burner phones as an exit before I would even start. And there will always be things that are so touchy that I would not trust any vendor with the particulars.
Hunchly isn’t a daily thing for me, there are months where it’s open every day, and there are months where I don’t touch it. I’ve just arrived at one of those “open every day” periods and I’m going to have to shell out the $110 for an annual license. When I do I’m going to politely ask, and see if they’ll give me enough latitude in Cloak that I can start doing some serious customization.
Like Dify.ai, like Tailscale, there’s a learning curve to be climbed here. But the top of this particular hill is a very worthwhile objective for those of you who want to roam the dirty end of the playing field without stuff following you home.