Week in OSINT #2021-17
Hello May, hello readers! Another newsletter with tools, tips, warnings and tutorials for you to start your week.
The first item this week shows once again the landscape of OSINT is constantly changing. It's not just the new apps and platforms that keep popping up, but also the mainstream social media we constantly use changes. And the second item this week is about a serious security issue regarding some well known sites, so make sure to read that too. But enough chatting, let's have a look at this week's topics:
- Instagram Search by Date
- Domain Takeover
- Protosint
- Extension Safety
- Search YouTube Video’s by Date
- Blockpath
- Deep Fake Satellite Imagery
Tip: Instagram Search by Date
Instagram has changed once again, as Youri found out. First they demanded you to be logged in to view posts, and no uBlock filter is going to help with that anymore. But now they've changed some things in the API making it impossible to search for posts by date. I've had a short look this weekend at the code, but haven't been able to figure out yet whether it's still possible via some undocumented feature.
It was possible to find Instagram pics tagged to a certain location and uploaded at a certain time. Here's the process explained by chris tophr. Unfortunately this doesn't seem to work anymore https://t.co/ZTAr6rPNNR
— Youri (@y_vdw) April 29, 2021
Twitter thread: https://twitter.com/y_vdw/status/1387712628793954304
Domain Takeover
Micah Hoffman pointed out to me that the websites dark.fail, onion.live and darknet.live all seem to have been hijacked. Someone or some group managed to take over the domains and is presumably using this to steal cryptocurrency by intercepting data of their visitors. I have removed the sites from my link section, to make sure you won't be visiting them in the meantime.
EMERGENCY: DO NOT TRUST THE DOMAIN 'https://t.co/vdpHwWWPBv' RIGHT NOW! Only trust https://t.co/w1DEmLt0vi.
— dark.fail (@DarkDotFail) April 29, 2021
My domain name was hijacked by a phisher. Darknetlive was also hijacked. Our registrar was https://t.co/cYTm1bULQh - help @Njal_la @namecheap
Warning about: Dark.fail
Warning about: Darknetlive.com
Warning about: Onion.live
Tool: Protosint
Joe Gray's tweet caught my eye the other day and even though I knew about finding out the creation date of a Protonmail address, I had to have a closer look. And I must say that I'm pleasantly surprised! The tool does not only check the validity and creation date of an address, it also has a brute force method of finding possible email addresses and it has the option to see whether an IP address is affiliated with ProtonVPN.
Link: https://github.com/pixelbubble/ProtOSINT
Site: Extension Safety
Last year I had the idea to dive into the safety of extensions or add-ons that you use in your browser. Me, Salaheldinaz and ex16x41 wanted to take the most used ones, unpack them, dive into the source code, inspect their working and network traffic and create a list of ones that deem to be safe. And then Salaheldinaz found this awesome site! CRXcavator generates reports on add-ons, generate a risk assessment, and even offer you to dive into the source code by a single click of your mouse. Of course you need to have some basic knowledge about what permissions do, and which ones might pose a risk, but with some technical people around you it'll be easy to check the safety any plug-in you are using.
Link: https://crxcavator.io/
Tutorial: Search YouTube Video’s by Date
Aware Online has written a little blog post about the basics of how to search for YouTube videos that are posted within a specific period. I love these little and easy to follow tutorials, even if they are basic. So keep an eye out for his blog section, because he posts new content on a regular basis https://www.aware-online.com/en/osint-tutorials/.
Link: https://www.aware-online.com/en/search-youtube-videos-by-upload-date/
Site: Blockpath
Salaheldinaz shared a new site that can be used for investigating cryptocurrencies and their transactions. The site Blockpath tracks a bunch of exchanges and payment processors and offers a clean and visually pleasing dashboard of all the information you are looking for.
Link: https://blockpath.com/
Article: Deep Fake Satellite Imagery
And another article shared by Salaheldinaz, this time about a study to generate satellite images with AI. The University of Washington created some realistic looking fake imagery to prove that this might be a realistic threat in the future. Thanks for sharing!
Have a good week and have a good search!
