Week in #OSINT 2021-11

This week I managed to cramp a lot of things into a tiny newsletter. From metadata and threat intelligence, to articles on OSINT in general. This episode has it all!

Somehow I managed to get some extra time this weekend to work on my newsletter. Usually I spend about 3 to 4 hours or so on the Friday to Sunday, in between daily live, to write all the articles. That's usually after I tested some tools, debugged my VM to get scripts running, created a bunch of screenshots, and have a general idea on what to add. But this weekend, I had an abundance of time and the links kept coming in! And luckily I was able to include most of the interesting things in here. Thank you all for sharing these awesome resources with the community, and keep them coming!

This week's overview:

  • Hidden Data in PDF's
  • Googling Any Number
  • DeepL
  • Interview With REvil’s Unknown
  • 5 Ways to Download a Twitter Video
  • Garlic
  • Grep.app
  • Xeuledoc
  • Links on China

Article: Hidden Data in PDF's

Salaheldinaz shared an interesting research paper. Supriya Adhatarao and Cédric Lauradoux have looked at publicly available PDF files to see what information is in there. They gathered close to 40.000 files from 75 security agencies from 47 countries, and looked at sanitisation of files, meta data and also the software versions that were used to generate these files. The results are quite shocking, to say the least. In total 41% of the PDF's were not sanitised at all, and from the level-2 sanitisation that is used by Exiftools, they were able to recover the metadata since this way of working doesn't sanitise a document correctly.

Link: https://arxiv.org/abs/2103.02707

Tip: Googling Any Number

This tip comes from Henk van Ess, and is using Google search operators to search for any number higher than 0. The reason for this to work, is that the usual way to search for numbers is by defining a range with two periods, like: 100..400 (source). By only giving the lower end of the range as 0, followed by the two perdiods (the third period can actually be dropped here), it enables you to search for any number from 0 to infinity. A very useful tip!

Link: https://twitter.com/henkvaness/status/1371877509525073926


A bunch of big names in the world of OSINT have come together, and started a new website called the 'State of OSINT'. On here you'll find interviews with them, talking about the year 2020. They answer questions about what they've noticed, tools, the trends and highlights. And they all make some sort of prediction about the year 2021 and where the field of OSINT is moving towards. Extremely insightful information from some of the best people in the field!

Looking back and forward in the land of OSINT
Looking back and forward in the land of OSINT

Link: https://stateofosint.com/

Site: DeepL

Marcus Lindemann notified me that DeepL has added a massive 13(!) more European languages to their repertoire, and they are: Bulgarian, Czech, Danish, Estonian, Finnish, Greek, Hungarian, Latvian, Lithuanian, Romanian, Slovak, Slovenian, and Swedish. This is already one of the best translators out there, and if the quality of these languages are as good as the rest, this will be extremely useful for lots of people. Thanks for the share!

A little personal message...
A little personal message...

Link: https://www.deepl.com/translator

Article: Interview With REvil’s Unknown

Dmitry Smilyanets has conducted interviews with interesting people in the past, and this month another one was published on someone from the group called REvil. They're known for their ransomware-as-a-service and their willingness to auction off the data stolen from affected companies. If you are into cybersecurity, or want to get a better understanding of the mindset of such people, I highly recommend reading more articles on the website of The Record!

Image courtesy of 'TheDigitalArtist' at Pixabay
Image courtesy of 'TheDigitalArtist' at Pixabay

Links: https://therecord.media/i-scrounged-through-the-trash-heaps-now-im-a-millionaire-an-interview-with-revils-unknown/

Tutorial: 5 Ways to Download a Twitter Video

If you ever have the need to download a video from Twitter, and are constantly looking for a good way of doing so, then Aware Online has got you covered. Whether it's manual via the m3u8, via youtube-dl, with VLC Mediaplayer, FFMPE, a third party website or a browser extension, he goes over all the options. Another extremely useful blog from one of my favourite teachers in the field of OSINT.

Looking at the m3u8 file of Twitter videos
Looking at the m3u8 file of Twitter videos

Link: https://www.aware-online.com/en/5-ways-to-download-videos-on-twitter/

Site: Garlic

Someone called Doctor Chaos has created a new dark web scanner called Garlic. It's crawling Tor sites and indexes information on them on a daily basis. You can query free API to get some information on the domain, or use the freely available Maltego transform to get information like BTC addresses, email providers, SSH keys and more. It offers a free way of finding connected domains or identifying information. It's brand new, so still under active development, but I'm very curious how this service is going to change the investigative landscape!

Getting basic information on an onion domain
Getting basic information on an onion domain

Link: https://osint.party

Site: Grep.app

Have you ever used sites like SearchCode or PublicWWW? Well, there's a new player in town! The site //grep.app offers a search engine that searches within GitHub repositories. Why wouldn't you search within GitHub itself? Well, that's because they offer RegEx in the search results! Find a repo, search with a regular expression and extract the exact info you need! Thanks for sharing 7oaster!

Searching for BTC addresses
Searching for BTC addresses

Link: https://grep.app

Tool: Xeuledoc

One of the latest tools I'm really happy about? That this one! Brand new, and it automates the difficult process of finding the owner of a Google document. I've had some error messages on retrieving the 'createdDate' on some Google Docs, but when I ran it agains a spreadsheet that was out there, it performed as expected! Really nice, and easy tool to use and I can't wait to use this in a real-life scenario. Thank you for this tool MalfratsInd!

Retrieving Google Doc meta data!
Retrieving Google Doc meta data!

Link: https://github.com/Malfrats/xeuledoc

Links: Links on China

Have you ever had the need to gather information on something in China? Anything related to license plates, businesses, public transport, maps or logistics? Or maybe you need to know a bit more about the social media used in China? No worries... There are enough links on that on this Start.me page! Thank you for sharing this with the rest of the world, Pangar-Ban, and Ben Heubl for finding it and tweeting about it last week!

Loads of links to Chinese resource
Loads of links to Chinese resources

Link: https://start.me/p/7kLY9R/osint-chine

Have a good day and have a good search!

Previous Post Next Post