Week in OSINT #2021-18

Here's another interesting Week in OSINT for your, with tips and tools on IoT and IP's, OSINT and SOCMINT, DMCA and more abbreviations!

It's been another interesting week in OSINT land, with lots of tips, tools and articles being shared. I have been busy myself with some side projects, so I didn't actually had the time to go over everything so I consider this a 'short' episode, even though it's fairly standard in length haha! Anyway, let's have a look at this week's overview:

  • OSINT Jobs
  • Dark.fail Investigations
  • GoFindWho
  • IPinfo.io
  • BSides SOCMINT
  • Lumen Database

Tip: OSINT Jobs

Twitter user n0lab pointed out to me that Sylvain Hajri has launched a new Twitter account, called 'myosintjob'. It tweets out job positions in the field of OSINT from all over the world. So in case you are still looking for a new employee, this might be a nice resource to keep a look at!

Link: https://twitter.com/myosintjob


Tip: Dark.fail Investigations

Peter Sunde Kolmisoppi, the founder of Njalla, explains what he's been able to find out in regards to the domain takeover of dark.fail. It clearly shows that 'typosquatting' is still hot. This time it wasn't used to lure people into filling in their personal information, but it was used to give credibility to a fake court order! Read this thread, and pay attention to how refined this scam was.

Thread: https://twitter.com/brokep/status/1389314362561777665


Site: GoFindWho

Ginger T shared a site I've seen long time ago, but never really paid attention to back in the days. But the site has grown significantly and has lots of search options now that can be useful for investigations. By a simple click of a button you can search for locations, people, documents, you name it. Some work with custom Google searches, others by simply creating the correct query in a website for you.

From a location, to social media posts
From a location, to social media posts

Link: https://gofindwho.com/


Tool: IPinfo.io

IPinfo.io has released their official command line utility, written in Go. The tool enables you to retrieve information on an IP address, or in bulk, and has loads of options for exporting the results to different formats including maps. Besides that, it also offers a 'grep' like tool to find IP addresses in any human readable file you throw at it. And with a free account, you can already retrieve info on 50.000 IP addresses per month!

Mapping out TOR exit nodes and summarising the first 1000 IP addresses
Mapping out TOR exit nodes and summarising the first 1000 IP addresses

Link: https://github.com/ipinfo/cli


Media: BSides SOCMINT

Matthias has been busy again in March this year, because he gave a talk at BSides Dublin about SOCMINT in threat intelligence. He dives into APT33 and by only using the most basic skills and tools, he shows what is possible to find out more about the background of threat actors.

BSides: https://www.bsidesdub.ie/past/2021.php

Video: https://www.youtube.com/watch?v=WqVcv23xn3I


Site: Lumen Database

Nico "Dutch OSINT Guy" Dekens shared a golden oldie. The Lumen Database has a collection of legal complaints and takedown requests of online materials. By searching the database, and looking for archived pages, you might be able to find information that can help your investigation.

Searching for takedown notices on Lumen
Searching for takedown notices on Lumen

Link: https://www.lumendatabase.org/


Have a good day and have a good search!

Previous Post Next Post