This week a small update, but nonetheless very interesting in my opinion. Small because I've been busy with updating the 'links' database on this site. So check out the links section to see what's already in there. I'm far from done, and it won't be a perfect repository either. I just try to add the most useful, free-to-use and effective websites and tools that I know of.
Anyway, it's time to go over this weeks overview, with some tips and tricks, a brand new site that ex16x41 pointed out to me, and a podcast episode you should really listen to if you haven't already:
While wandering through the infosec meadows of the internet, Eva Prokofiev found an interesting new website. LeakIX is a Shodan like internet scanner that indexes online devices and its contents. After discovering the website she explored it and wrote an article for PenTest Magazine. Are you looking for a new source on your company data that is exposed, or you work in the field of threat intelligence? Then I recommend you check out this site.
#OSINT new tool "LeakIX" identifying indexed servers and leaked database schemas on the web, similar to shodan, but more interesting.. check https://t.co/IWBUatVY3A pic.twitter.com/kRilA8jx2Y
— Eva Prokofiev (@ex16x41) August 5, 2020
Link: https://leakix.net/ Article: https://pentestmag.com/looking-at-active-cyber-threats-with-leakix/
User BradM on OSINT.team shared the link to the website JudyRecords the other day. The website provides a search engine that indexed over 360 million arrest records and court documents from the US. I haven't been able to find any advanced query possibilities to tweak your searches, but it seems that it shows the best matching documents on the top of the search results. It is blazing fast and it's absolutely a resource that you should add to your bookmarks if you are working a lot with such information.
Link: https://www.judyrecords.com/
Last week hattless1der posted his very first blog post, after he wanted to share something he recently discovered. When you are using the new layout of Facebook and you hit a seemingly empty profile, don't dispair. Because it might be that there is more to see than you think. You just got curious? Then go and read his blog post.
Took a terrifying personal leap and started a blog. If you use SOCMINT for work (or a @TraceLabs CTF) and you're not superstars like @C_3PJoe @TJ_Null @AletheDenis @Ginsberg5150 I hope you find value in my 1st ever article, about a slick "new FB" trick. https://t.co/h4VYPGOBb0 pic.twitter.com/01ADa4fg0D
— Griffin (@hatless1der) August 13, 2020
Link: https://hatless1der.com/think-private-facebook-profiles-pages-are-a-dead-end-think-again/
The other day I was gathering some links for this newsletter, when I heard a little sigh next to me: "Now that's just dumb, Etsy shows my name without me being logged in!" It turned out that when you use the mobile version of the site (force it in developer tools if you have to) and you enter an email address, it greets you on the password screen with your name. With my security hat on, I feel shame that this still happens. But as an OSINT practitioner I have to say that I love it! Because it's simply another possibility to get a name from the email address you're looking into.
Probably every reader of this newsletter has heard of the "Privacy, Security & OSINT Show" by Michael Bazzell. In his latest podcast he talks about VPN's, especially about the pitfalls of maintaining your privacy while getting a subscription, using them and how to deal with captchas. I highly recommend this podcast and wanted to highlight this particular episode since it has some good tips on the use of VPN's.
CastBox https://castbox.fm/episode/183-The-Trouble-With-VPNs-id399265-id297410299
iTunes: https://podcasts.apple.com/nl/podcast/183-the-trouble-with-vpns/id1165843330?i=1000488132493
Soundcloud: https://soundcloud.com/user-98066669/183-the-trouble-with-vpns
Have a good week and have a good search!