Week in OSINT #2021-39

Another week of OSINT, filled with different topics. From tips and tricks, to a new dump of financial data by ICIJ!

This newsletter was pretty much done on Sunday morning around 9AM, but the last feature had to wait since I was waiting for the 'Pandoras Papers' to drop. So while enjoying my weekend off, I was checking the news, waiting for some possible hints to show up online. You'll find more on the leak of financial documents at the end of this week's newsletter, but first I have some other tips, tricks and links for you to have a look at. From investigative journalism, to lots of sources for data hoarders:

  • OSINT News Sheet
  • Verify Gmail Addresses
  • Links for Datahoarders
  • Views on Verification #2
  • URL Manipulation
  • Pandora Papers

Links: OSINT News Sheet

If you've missed Ben Heubl on Twitter, that's correct. His account was blocked by some Twitter algorithm after he moved out of the country, but he's back online with a different account: @Techjournalisto. Ben, together with Max Bernhard, Jordan Wildon, Tom Jarvis and Brecht Castel are collecting news articles that use open sources to verify or investigate a story, and save those links in a Google Sheet. Dive in, and have a look what techniques have been used to investigate, debunk, or verify news stories!

The latest OSINT within journalism
The latest OSINT within journalism

Link: Google Sheet


Tip: Verify Gmail Addresses

Twitter user Odint - OSINT shared a niftly little trick last week on Twitter. Let's say you have've enumerated a bunch of email addresses, and you want to check which one might be real or not. You can dump them in a Google Sheet, and with a simple hover of your mouse cursor, you can spot which ones are active or not. If the avatar is different from the one in the standard 'Google blue', and if the chat option is active, then it seems it's an active email address. A handy little function by Google Sheets. Nice find, thanks for the tip!

Checking validity of Gmail addresses
Checking validity of Gmail addresses

Links: Links for Datahoarders

The title is "awesome open directories", but it's actually a list of resources for data hoarders, or investigators that have a use for publicly available data. And there are some nice tools in there, like FileChef, that offers some Google CSE's to find public documents in Google Docs for instance. A really nice collection of links, subreddits and websites. Thanks for sharing this David Chorváth!

This could also end up in the FUNINT section
This could also end up in the FUNINT section

Link: GitHub repo


Article: Views on Verification #2

Last week I featured a little Twitter thread by Jordan Wildon on verification. He expanded that threat, and wrote an article over at Logically. Despite the fact it was shared last week already, I'm sharing his views again! Simply because it's of utmost importance to keep in mind that innocent lives can be destroyed by one Reddit post, a single tweet, or a YouTube video with content that hasn't properly been verified.

Link: Internet Sleuthing Is a Safeguarding Issue


Tutorial: URL Manipulation

Maciej Makowski, known as osintme on Twitter, has written a nice little introduction into what is called URL manipulation. This is a technique not uncommon for pentesters, to find pages of interest or even things that usually stay hidden for the normal public. It shows you techniques that might let you find larger images of an avatar, find interesting subdomains, or content that isn't indexed. And some real-world application can be found in this article I wrote back in 2018, or check this old article about the now defunct open API's of Jira, where pertty much the same techniques where used by me. It's a slippery slope though, and a thin line between finding "open information", and finding an actual bug in the configuration of a website, so stay ethical and act responsible.

Using enumeration to find people
Using enumeration to find people

Link: Osint Me on URL manipulation


Article: Pandora Papers

The International Consortium of Investigative Journalists, ICIJ for short, together with 600 reporters, have been working for months on a new project. Close to 12 million leaked documents about known tax havens have been studied, shedding a new light on financial wrong doings by earth's most powerful people and companies. From Danish banks harbouring foreign money, to Chinese politicians with a stack of offshore companies. And it's massive! We're talking about Panama Papers large, and only a bit smaller than the Paradise Papers when it comes to the amount of documents. Let's put that in perspective in a little infograph for you, and then you can head over to your nearest news outlet to read what's ging on in the world of offshore companies:

Link: Pandora Papers


FUNINT: Ocean Tracker

Baby shark, doo, doo, doo, doo, doo, doo
Still juvenile, and 8ft already!
Still juvenile, and 8ft already!

Learn a bit more about our precious ocean life, with this Ocean Tracker by SeaWorld. It currently tracks different species of sharks, alligators, dolphins, seals and turtles.

Link: Ocean Tracker


Have a good week and have a good search!

Previous Post Next Post