The first item this week shows once again the landscape of OSINT is constantly changing. It's not just the new apps and platforms that keep popping up, but also the mainstream social media we constantly use changes. And the second item this week is about a serious security issue regarding some well known sites, so make sure to read that too. But enough chatting, let's have a look at this week's topics:
Instagram has changed once again, as Youri found out. First they demanded you to be logged in to view posts, and no uBlock filter is going to help with that anymore. But now they've changed some things in the API making it impossible to search for posts by date. I've had a short look this weekend at the code, but haven't been able to figure out yet whether it's still possible via some undocumented feature.
It was possible to find Instagram pics tagged to a certain location and uploaded at a certain time. Here's the process explained by chris tophr. Unfortunately this doesn't seem to work anymore https://t.co/ZTAr6rPNNR— Youri (@y_vdw) April 29, 2021
Twitter thread: https://twitter.com/y_vdw/status/1387712628793954304
Micah Hoffman pointed out to me that the websites dark.fail, onion.live and darknet.live all seem to have been hijacked. Someone or some group managed to take over the domains and is presumably using this to steal cryptocurrency by intercepting data of their visitors. I have removed the sites from my link section, to make sure you won't be visiting them in the meantime.
EMERGENCY: DO NOT TRUST THE DOMAIN 'https://t.co/vdpHwWWPBv' RIGHT NOW! Only trust https://t.co/w1DEmLt0vi.— dark.fail (@DarkDotFail) April 29, 2021
My domain name was hijacked by a phisher. Darknetlive was also hijacked. Our registrar was https://t.co/cYTm1bULQh - help @Njal_la @namecheap
Warning about: Dark.fail
Warning about: Darknetlive.com
Warning about: Onion.live
Joe Gray's tweet caught my eye the other day and even though I knew about finding out the creation date of a Protonmail address, I had to have a closer look. And I must say that I'm pleasantly surprised! The tool does not only check the validity and creation date of an address, it also has a brute force method of finding possible email addresses and it has the option to see whether an IP address is affiliated with ProtonVPN.
Last year I had the idea to dive into the safety of extensions or add-ons that you use in your browser. Me, Salaheldinaz and ex16x41 wanted to take the most used ones, unpack them, dive into the source code, inspect their working and network traffic and create a list of ones that deem to be safe. And then Salaheldinaz found this awesome site! CRXcavator generates reports on add-ons, generate a risk assessment, and even offer you to dive into the source code by a single click of your mouse. Of course you need to have some basic knowledge about what permissions do, and which ones might pose a risk, but with some technical people around you it'll be easy to check the safety any plug-in you are using.
Aware Online has written a little blog post about the basics of how to search for YouTube videos that are posted within a specific period. I love these little and easy to follow tutorials, even if they are basic. So keep an eye out for his blog section, because he posts new content on a regular basis https://www.aware-online.com/en/osint-tutorials/.
Salaheldinaz shared a new site that can be used for investigating cryptocurrencies and their transactions. The site Blockpath tracks a bunch of exchanges and payment processors and offers a clean and visually pleasing dashboard of all the information you are looking for.
And another article shared by Salaheldinaz, this time about a study to generate satellite images with AI. The University of Washington created some realistic looking fake imagery to prove that this might be a realistic threat in the future. Thanks for sharing!
Have a good week and have a good search!