Week in OSINT #2023-11

This week I have to share some things that I found, while sharing some awesome work done by others at the same time!

When looking for new avenues within open source investigations, a lot of trial and error is done. And every time something new is discovered, I love to deep-dive into it. So last night, when I could have been finishing this episode, I was going over some nice new research that Jake Creps is doing, when it comes to detecting whether accounts exist or not. But, there is a little catch. Because else open source investigations would be way too easy, and everybody would be running Jake's script in the future and present it all as a fact. Time to learn, that everything needs to be verified in this instalment of Week in OSINT:

  • WhatsMyName
  • Twitter API Tip
  • Snapchat Tip
  • SANS OSINT Summit 2023
  • AI and Fake News?

Tool: WhatsMyName Tip

One of the tools I absolutely love is WhatsMyName, created by Micah Hoffman back in November 2015, when he published it on GitHub with 25 sites. Nowadays, WhatsMyName is used by many other tools, and contains well over 600 different platforms.

But during some testing, I found out that when running it through my VPN or a mobile hotspot, it gave me inconsistent results, sometimes returning only one match on my own nickname. When I connected directly to my Wi-Fi all seemed to be a bit better, but the amount of results changed between 6 and more than 10. Tested different variations, like directly on a MacBook, using VirtualBox and VMWare, with and without VPN or mobile hotspot. When it returns a match, it is a 100% match of a profile that actually exists, as we are used to from this awesome tool!

Inconsistent results
Inconsistent results

Link: https://github.com/WebBreacher/WhatsMyName

Tip: Twitter API Tip

Jake Creps is diving into some publicly available API's to check whether accounts might exist on certain platforms or not. He shared one tip about an API on Twitter, and another one to test an account at Adobe. And that got me thinking when I saw something strange:

Active accounts on non-existing email addresses?
Active accounts on non-existing email addresses?

According to the Google documentation, and beta testers back in 2004, Gmail addresses with a length less than 6 characters, are not possible. And indeed, when I check for the existence of the email address [email protected], I get no results, it simply does not exist! How surprising

One possibility might be a scenario, where someone created an account without an email address, and later on added a non-existing email address to their profile. The only question is: If Facebook/Google logins are shown in the API output, what am I seeing above? Some more research might be needed, but it is absolutely nice to know that possibly an email address is in use on some platform.

Link: Original tweet

Tip: Snapchat Tip

Technisette shared a tip about Snapchat, since they made some changes within the Snapchat Map. It used to be possible to see on what date a specific Snap was published, but that has been removed. Now you can dive into the Developer Toolbar, and filter on the media. When you check the response headers, you can see the moment the timestamp when the specific clip, as a file, was uploaded to the cloud. There is another timestamp within the metadata, but it is unclear to me what that is exactly, since that is a moment in the future.

Finding the timestamp of a Snap
Finding the timestamp of a Snap

If you've checked out a clip before, and you don't see a timestamp under the response headers, then scroll down a bit in the same request. You will see the request headers, which contains the value If-Modified-Since:

The browser checking for a cached version
The browser checking for a cached version

The reason is, that a browser caches a lot of information. When it sees a specific resource, in this case a Snap, in its cache, it will ask the webserver: "Can you only send me this file if it has changed since this specific date". This saves a lot of bandwidth, but might leave you wondering why you can't find this timestamp.

Thank you Technisette for sharing, and thanks Nico for finding it!

Link: Original Tweet

Tip: SANS OSINT Summit 2023

Zewensec pointed out that the date for the OSINT Summit is already shared by SANS. On Friday, September 8, 2023 Nico Dekens and Matt Edmondson will host this yearly event, or is it just STEM Sadie's birthday? . Anyway, register for free, and make sure to join this awesome event. And if you want to know what this 'Summit' is all about, then do check out their YouTube playlist that has all the content from last year.

Chris Poulter's talk of 2022

Link: https://www.sans.org/...

YouTube: https://youtube.com/playlist?list=PLs4eo9Tja8biLhHrp8W-N9LheHjUkaSDr

Tip: AI and Fake News?

AI generated images are getting better and better, and with awesome things being developed, like Chat GPT4 and Midjourney, verifying things is needed more than ever. Look at this little Twitter thread by Jordan Wildon, where he investigates a tweet about the supposed arrest of Donald Trump. While AI can be very beneficial when looking for information, one need to verify everything. Always.

Midjourney used for fake news?

Link: Original tweet

Have a good week and have a good search!

Previous Post Next Post