I was finishing up my newsletter early this morning, but of course I ran into a phishing campaign and had to tweet something about that. It's almost time to take a little break again, so next week will be my last newsletter of 2021. I know there'll be a little surprise already, that most of you will appreciate, so stay tuned for next week's episode! But for now, here is this week's overview:
Maciej Makowski wrote an excellent article on all the aspects that come with investigating a malicious site. In this case it's a large scale phishing campaign on different brands. Maciej shares a wealth of resources, tips about resources and pivot points and is an absolute must for anyone who is new to this field of investigations, and needs some pointers on where to start.
Link: https://www.osintme.com/...
I got a tip from Roger Lu Phillips that the Syria Justice and Accountability Centre (SJAC), released a new open source documenting tool called Bayanat. It's a data management solution processing human rights violation incidents, locations, times, persons and entities, and correlate all the data recorded.
Link: https://bayanat.org/
GitHub: https://github.com/sjacorg/bayanat
Benjamin Strick has been fighting injustice in Myanmar for several years already and together with a team of volunteers, he has been gathering information on large scale destruction of buildings in Myanmar's Rakhine State. They've now also partnered with C4ADS to visualize all this information. This information is valuable, also considering the fact that Myanmar has denied any allegations so far. If you want to be brought up to speed on the legal case, have a look at the official page at CIJ, or read up on it over here.
Link: https://ocelli.c4ads.org/
And again there is a huge thread on Twitter by our very own 'cyb detective'. This time it is jam packed with hints and tips on sock puppets. Be aware that the thread itself also hosts tips on interacting with people, which may not always be legal, depending on your location. Again an awesome thread you should read if you haven't already
Create "Sock Puppet" (fake account) for making contact with the target and collecting information through dialogue
— Cyber Detective (@cyb_detective) December 9, 2021
Links, tips and tricks.
Thread🧵🧵🧵
(0/14) pic.twitter.com/bb6TIeEYp7
Link: Twitter thread
I've had some TikTok tips and tools over the last couple of years, with some tools and tips. I've also shared how to manually save a video earlier this year. But do you know it's even easier when using a little GreaseMonkey or TamperMonkey script? Simply install one of the scripts in the store, visit the TikTok video you want to save, right click and save it straight away!
Link: https://greasyfork.org/en/scripts/431826-tiktok-video-downloader-by-yad
Have a good week and have a good search!