Week in OSINT #2021-17

Hello May, hello readers! Another newsletter with tools, tips, warnings and tutorials for you to start your week.

The first item this week shows once again the landscape of OSINT is constantly changing. It's not just the new apps and platforms that keep popping up, but also the mainstream social media we constantly use changes. And the second item this week is about a serious security issue regarding some well known sites, so make sure to read that too. But enough chatting, let's have a look at this week's topics:

  • Instagram Search by Date
  • Domain Takeover
  • Protosint
  • Extension Safety
  • Search YouTube Video’s by Date
  • Blockpath
  • Deep Fake Satellite Imagery

Tip: Instagram Search by Date

Instagram has changed once again, as Youri found out. First they demanded you to be logged in to view posts, and no uBlock filter is going to help with that anymore. But now they've changed some things in the API making it impossible to search for posts by date. I've had a short look this weekend at the code, but haven't been able to figure out yet whether it's still possible via some undocumented feature.

Twitter thread: https://twitter.com/y_vdw/status/1387712628793954304


Domain Takeover

Micah Hoffman pointed out to me that the websites dark.fail, onion.live and darknet.live all seem to have been hijacked. Someone or some group managed to take over the domains and is presumably using this to steal cryptocurrency by intercepting data of their visitors. I have removed the sites from my link section, to make sure you won't be visiting them in the meantime.

Warning about: Dark.fail

Warning about: Darknetlive.com

Warning about: Onion.live


Tool: Protosint

Joe Gray's tweet caught my eye the other day and even though I knew about finding out the creation date of a Protonmail address, I had to have a closer look. And I must say that I'm pleasantly surprised! The tool does not only check the validity and creation date of an address, it also has a brute force method of finding possible email addresses and it has the option to see whether an IP address is affiliated with ProtonVPN.

Finding the creation date of a Protonmail address
Finding the creation date of a Protonmail address

Link: https://github.com/pixelbubble/ProtOSINT


Site: Extension Safety

Searching for extensions on CRXcavator
Searching for extensions on CRXcavator

Last year I had the idea to dive into the safety of extensions or add-ons that you use in your browser. Me, Salaheldinaz and ex16x41 wanted to take the most used ones, unpack them, dive into the source code, inspect their working and network traffic and create a list of ones that deem to be safe. And then Salaheldinaz found this awesome site! CRXcavator generates reports on add-ons, generate a risk assessment, and even offer you to dive into the source code by a single click of your mouse. Of course you need to have some basic knowledge about what permissions do, and which ones might pose a risk, but with some technical people around you it'll be easy to check the safety any plug-in you are using.

Link: https://crxcavator.io/


Tutorial: Search YouTube Video’s by Date

Aware Online has written a little blog post about the basics of how to search for YouTube videos that are posted within a specific period. I love these little and easy to follow tutorials, even if they are basic. So keep an eye out for his blog section, because he posts new content on a regular basis https://www.aware-online.com/en/osint-tutorials/.

Searching media by upload date
Searching media by upload date

Link: https://www.aware-online.com/en/search-youtube-videos-by-upload-date/


Site: Blockpath

Salaheldinaz shared a new site that can be used for investigating cryptocurrencies and their transactions. The site Blockpath tracks a bunch of exchanges and payment processors and offers a clean and visually pleasing dashboard of all the information you are looking for.

Diving into transaction details with Blockpath
Diving into transaction details with Blockpath

Link: https://blockpath.com/


Article: Deep Fake Satellite Imagery

And another article shared by Salaheldinaz, this time about a study to generate satellite images with AI. The University of Washington created some realistic looking fake imagery to prove that this might be a realistic threat in the future. Thanks for sharing!

This is a real image: Can you find the location and date of this specific capture?
This is a real image: Can you find the location and date of this specific capture?

Link: https://www.washington.edu/news/2021/04/21/a-growing-problem-of-deepfake-geography-how-ai-falsifies-satellite-images/


Have a good week and have a good search!

Previous Post