What a week it has been! First there was a huge dump of the Iron March forum, then Vortimo got accepted by Google (planning a review of that later on) and I also found way too many awesome links to share! It doesn’t look so much with only four topics, but there are enough links below!
On October 31 Facebook launched the latest version of their Graph API. A day earlier the new Messenger API was launched and last month the Instagram API got an upgrade too. I didn’t look at the new Facebook Graph API yet, so I can’t say yet whether things might break again, or whether we have to write new tools and queries yet again, but time will tell!
Facebook API: https://developers.facebook.com/docs/graph-api
Instagram Basic Display API: https://developers.facebook.com/docs/instagram-basic-display-api
When last week the database of the Iron March came online, a lot of (independent) investigators jumped right on it! People started building interactive maps with the IP addresses, recreated a searchable index of the forum, posted tips on how to handle this type of data, started analysing the OpSec of the community but there was one tweet that caught my attention!
A super quick blog post on using Bulk Extractor for quick and dirty OSINT wins. https://t.co/Ox4jt4B28O
— Matt Edmondson (@matt0177) November 8, 2019
I never heard of this tool before, and even though forensics isn’t my main area of expertise, I’m shocked I never used it before. The tool is absolutely awesome and by simply following the blog post of Matt everybody can scrape an SQL file like in no time!
Link: https://digitalforensicstips.com/2019/11/using-bulk-extractor-for-quick-osint-wins/
Download: http://downloads.digitalcorpora.org/downloads/bulk_extractor/
Last week on OSINT.team GONZO shared two onion lists that are reachable on the surface web. The first one is ‘deep onion web’ that shows a list of markets, vendors and the likes. And the second one is ‘onion.live’ that seems to have even more sites and an easy search function. What I like about both of these sites is that they also provide alternative links for whatever target you want to reach.
Link: https://deeponionweb.com
Link: https://onion.live/
Yes, that’s quite a title! Since the dump of the Iron March forum people have been looking at ways to grab the location of IP addresses. Of course these coordinates are only as accurate as technically possible, so don’t value the results too much. Because it van lead to horrific stories where innocent people can be victimised. But since I am into sharing sources, I did find a nice blog where multiple Geo2IP services are being discussed. Depending on the location database that is used, the different services can yield different results. Just test some out, most have a free tier, and see what suits you best.
I personally still love ipinfo.io and ipapi.co, even though they don’t have the most accurate ‘location’. But their services are fast, results are complete and have all the info I want and getting an exact location only happens in movies… So have a read and see what you like best!
Link: https://ahmadawais.com/best-api-geolocating-an-ip-address/
Have a good week and have a good search!