09 - September 2023
Last updated
Last updated
Welcome to the September issue of the OSINT eZine (#31), this number includes topics such as a repository of free data for AI training; OSINT resources from SANS; an Ethical Hacker training from CISCO; a great report about financial and economic crimes by Europol; an study about extremist content on YouTube; tools for GitHub and Google Maps... and much more!
Hey Ho, Lets Go!:
The Electronic Frontier Foundation (EFF) released a new version of Privacy Badger that updates how they fight “link tracking” across a number of Google products. With this update Privacy Badger removes tracking from links in Google Docs, Gmail, Google Maps, and Google Images results. Privacy Badger now also removes tracking from links added after scrolling through Google Search results.
Common Crawl hosts an immense repository (petabytes) of open data from different public sources. The content can be used freely for any kind of AI project and provides the best way to use information without the need to scrap or deploy by ourselves.
In this paper different prominent figures in blockchain technology such as Vitalik Buterin from Ethereum and other experts from organizations like the University of Basel or Chainalysis study Privacy Pools, a novel smart contract-based privacy-enhancing protocol. The core idea of the proposal is to allow users to publish a zero-knowledge proof, demonstrating that their funds (do not) originate from known (un-)lawful sources, without publicly revealing their entire transaction graph.
https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4563364
Skills For All is providing for free an e-learning on cybersecurity. The Ethical Hacker training provides foundational knowledge on different areas such as information gathering, social engineering, wired and wireless networks or reporting and communication.
During summertime, SANS hosted an OSINT Summit were experts from across the world shared techniques, expertise and a variety of resources regarding open source intelligence investigations. This repository compiles some of the resources shared such as social media analysis tools, conflict data projects, reporting tools, books or trainings.
A research that finds out that YouTube’s algorithms rarely send users down “rabbit holes” of alternative or extremist content, but does recommend that content to a relatively small audience that actively seeks it out. The study also highlights that despite the lack of evidence for a rabbit hole effect, YouTube helps extremist channels build audiences of people who are seeking out potentially harmful views about gender, race, and other topics.
A new report from Europol that analyses the threats posed by money laundering, criminal finances and corruption, and how they have evolved as a result of technological and geopolitical changes. The report also examines the role of these crimes in the broader picture of international serious and organized crime, where criminal networks use financial and economic crime as a tool to obscure, and ultimately benefit from, profits made by illegal activities.
https://www.europol.europa.eu/publications-events/publications/the-other-side-of-the-coin-analysis-of-financial-and-economic-crime
"The cloud is just someone else's computer". Google has started to remove private links from users using their bookmark manager service "Google Saved". Even if the saved links belong to "private collections" if they relates to content sharing sites like torrents, and some DMCA request has been issued, Google is removing the links from users collections. My alternative? xBrowserSync ;)
A filmmaker downloaded a huge cache of passwords that had been leaked onto the dark web and used them to create a unique music video. Daniel McKee used the passwords as text prompts for AI image generator DALL-E. It took four months to complete the novel video titled Password123 for the single Alone by the London-based musician HOWE. The video visualizes passwords that belong to real people but were leaked onto the dark web in the past decade. Some of the passwords were from notorious data breaches such as when 533 million Facebook users had their personal data leaked online in 2021.
Signal, a protocol used widely by far more applications than the communication platform, has upgraded its current cryptographic protocol to a new enhanced version that would add a layer of protection against the threat of a quantum computer being built in the future that is powerful enough to break current encryption standards. The post explains some basics Public Key cryptography and Quantum Computing.
The OSINT expert Ron Kaminsky disclosed how he solved a geolocation challenge involving the co-founder of the Social Links company. In the walk-through he shares the steps taken, the tools used and other resources or pieces of information that were relevant for him in order to solve the challenge.
A typo is one of those common mistakes with unpredictable results when it comes to the Internet’s domain names (DNS). In this blog post, Cloudflare analyze traffic for exmaple.com, and see how a very simple human error ends up creating unintentional traffic on the Internet.
GitFive is an OSINT tool to investigate GitHub profiles. It is able to extract in a detailed way information from users such as username history or variations, email addresses, SSH keys, potential secondary accounts, programming languages used, identities used by the target and much more.
https://github.com/gosom/google-maps-scraper
This month I needed to check for news in an specific country that were published in one official newspaper, the problem? I was not aware what the official newspapers of that given country were so I wonder, is there any site with "online newspapers"? ...sometimes the most obvious searches are the most fruitful ones.
I am often asked about Start.me pages and similar resources that compiles useful links. Every time anyone asks, I always point to the same direction, @Technisette's Start.me page. She compiles one of the best collection of updated useful links that can enhance your investigations in many ways and in fact, at the beginning of September, her page was the top resource regarding #OSINT on Start.me.
https://start.me/p/wMdQMQ/tools
I have not failed. I’ve just found 10,000 ways that won’t work.
~Thomas Edison, Inventor.
. The password obviously is Password123.
If you need to scrape information from Google Maps, this tool extracts data such as the name, address, phone number, website URL, rating, reviews number, latitude and longitude, reviews and more for each place. It is based on a powerful scraper written in Go that achieves amazing fast results.
