Another week with a slightly shorter episode, because I've tried to have some more 'me' time during the evenings. But there are still some nice things to cover, like an awesome resource of links, reverse DNS and some confidential information that was followed up by reporting the parties involved:
Every year there is a new edition of the link collection I-Intelligence in PDF form, and the 2020 edition has just been released. The huge PDF file, free to download, has over 500 pages filled with links about working with images and video, social media, the Tor network, browser extensions and a lot more!
We are pleased to announce that the 2020 edition of our OSINT Tools and Resources Handbook is now online and can be downloaded here: https://t.co/z37M0Yx84V #OSINT #SOCMINT #Research pic.twitter.com/QUr4HDk43l
— i-intelligence (@i_intelligence) September 29, 2020
Link: https://i-intelligence.eu/resources/osint-toolkit
When people dive into a domain name and start digging for more information, then it is very important to make sure you know what you're talking about. By making the assumption that a specific IP address is connected to other websites, things can go wrong easily! So if you want to know some of the pitfalls, read up on some of the basics about (Reverse) DNS in this blog by Nixintel.
Link: https://twitter.com/nixintel/status/1311945011781607424
MW-OSINT has written a new blogpost about social media and why it's important to know what region of the world you are investigating. He gives you some examples of the platforms that are being used outside the 'big three': Facebook, Twitter and Instagram. So brush of your foreign languages and start exploring!
Link: https://keyfindings.blog/2020/10/04/social-media-around-the-world/
Shodan can be reached via the old URL 'shodan.io' but for quite some time already there is also a 'beta' one out there. On that particular site, Shodan refers to it as their new site, there are loads of cool things to discover. It for instance has historical information on IP addresses and you can easily run queries on the data they have (like the facet search).
Link: https://beta.shodan.io
Benjamin Strick contacted me last week with an interesting find: Via some simple Google searching it became obvious to him that millions of Mailman messages are indexed by search engines. He found confidential messages with things like login information, and he decided to contact them to make sure they would tighten their security. Read more about that in his blog post.
Govt departments & orgs have emails marked as 'confidential' publicly archived on Google containing passwords, NDAs, docs & private comms 🙈
— Benjamin Strick (@BenDoBrown) October 2, 2020
I've spent the past month notifying most affected group - university password support desks. https://t.co/5ds972H3Wi pic.twitter.com/YgFwMPkchP
Link: https://benjaminstrick.com/dear-x-your-staff-passwords-numbers-and-confidential-data-is-on-google/
Have a good week and have a good search