It's been another interesting week in OSINT land, with lots of tips, tools and articles being shared. I have been busy myself with some side projects, so I didn't actually had the time to go over everything so I consider this a 'short' episode, even though it's fairly standard in length haha! Anyway, let's have a look at this week's overview:
Twitter user n0lab pointed out to me that Sylvain Hajri has launched a new Twitter account, called 'myosintjob'. It tweets out job positions in the field of OSINT from all over the world. So in case you are still looking for a new employee, this might be a nice resource to keep a look at!
Peter Sunde Kolmisoppi, the founder of Njalla, explains what he's been able to find out in regards to the domain takeover of dark.fail. It clearly shows that 'typosquatting' is still hot. This time it wasn't used to lure people into filling in their personal information, but it was used to give credibility to a fake court order! Read this thread, and pay attention to how refined this scam was.
Maybe you heard that the domain https://t.co/3Ip8qhGgxd (@DarkDotFail ) got hijacked. Here's the story on how it happened. A thread! (I've pieced together the data I have so I might have some small errors in this thread, FYI.)— Peter Sunde Kolmisoppi (@brokep) May 3, 2021
Ginger T shared a site I've seen long time ago, but never really paid attention to back in the days. But the site has grown significantly and has lots of search options now that can be useful for investigations. By a simple click of a button you can search for locations, people, documents, you name it. Some work with custom Google searches, others by simply creating the correct query in a website for you.
IPinfo.io has released their official command line utility, written in Go. The tool enables you to retrieve information on an IP address, or in bulk, and has loads of options for exporting the results to different formats including maps. Besides that, it also offers a 'grep' like tool to find IP addresses in any human readable file you throw at it. And with a free account, you can already retrieve info on 50.000 IP addresses per month!
Matthias has been busy again in March this year, because he gave a talk at BSides Dublin about SOCMINT in threat intelligence. He dives into APT33 and by only using the most basic skills and tools, he shows what is possible to find out more about the background of threat actors.
Nico "Dutch OSINT Guy" Dekens shared a golden oldie. The Lumen Database has a collection of legal complaints and takedown requests of online materials. By searching the database, and looking for archived pages, you might be able to find information that can help your investigation.
Have a good day and have a good search!