Week in OSINT #2021-10

Another week, another batch of links to tools, articles, loads of links and some threat intel topics for this week.

Hello everyone, welcome to another episode. This week I did some searching on my own, and that led me to GitHub to find some new and surprising things, like information on the Slovakian internet landscape and a bash script that can help you out when you investigate domain names. Some things might not be useful to you, but it does show that there are some very creative people out there:

  • OSINT Resources
  • Tracing Transactions
  • Skype Investigations
  • URL Shorteners
  • OSINT.sk
  • DrWho

Links: OSINT Resources

Corma investigations tweeted a link to some interesting resources that were gathered by i-Sight. A lot of links are probably familiar, but it's always good to see other link lists, because there always is a chance that there's a new and useful source in there.

Link: https://i-sight.com/resources/101-osint-resources-for-investigators/

Tutorial: Tracing Transactions

Here's another link that was shared by Corma investigations, this time a tutorial on how to trace crypto transactions with Maltego. For this they've added some new features in the Maltego client, like sorting by transaction age, and they've updated their Blockchain transform. If you do use Maltego, and may encounter cryptocurrency in your investigations, I'd suggest you have a look at this article!

Image by Maltego
Image by Maltego

Link: https://www.maltego.com/blog/tracing-transactions-through-the-bitcoin-blockchain-with-maltego/

Tutorial: Skype Investigations

Our friend 'WhiteHat Inspector' has written a nice article on how to perform investigations on Skype. Even though it might not seem to contain a lot of information, he shows how to pivot from partial names to eventually finding out an email address of a Skype user, depending on the age of the Skype account. If you've never done a lot with Skype before, I really suggest you read this article.

Searching by email address in Skype
Searching by email address in Skype

Link: https://whitehatinspector.blogspot.com/2021/03/skype-hidden-osint-goldmine.html

Site: URL Shorteners

GrayhatWarfare has another new product besides their database with public buckets. They have been indexing loads of shortened URL's that can be searched by keywords. Another really useful product when it comes to hunting down IOC's (indicators of compromise) used in malware of phishing campaigns, or even when doing corporate reconnaissance.

Searching URL shorteners by keyword
Searching URL shorteners by keyword

Link: https://shorteners.grayhatwarfare.com

Site: OSINT.sk

I found this website the other day by browsing through GitHub to look for new things to explore. This website has collected data from several sources and displays information on the Slovakian internet, its websites, IP-space, domains and their holders, CVE's, ICS's and loads more! I don't have any need myself for information on the Slovakian infrastructure, but I love the way they set it up and really gives an insight into all those dozens of data sets that are floating around.

ICS's in Slovakia
ICS's in Slovakia

Link: https://osint.sk/

Tool: DrWho

No, this isn't the long running BBC series of the most famous time traveler around. This is a bash script that should be able to run on Linux and on MacOS. After installing the 'dependencies' that are listed in the READ.me, this bash script will make a lot of things easier for you when it comes to diving into domain names, IP addresses, trace routes and the like. Via an interactive menu you are being led through all kinds of options, and the script will generate and run the appropriate commands to get the information. I still prefer the manual way, but for people that do know what an AS number is, know how to interpret a trace route, or know what dig can do, this is just a nifty bash frontend to make you look a bit more cool!

Warning! If you aren't familiar with tools like map, set the option 'send packets to target systems' to NO, to make sure you don't compromise yourself.

Retrieving DNS records of medium.com
Retrieving DNS records of medium.com

Link: https://github.com/ThomasPWy/drwho.sh

Have a good week and have a good search!

Previous Post Next Post