recentpopularlog in

whip_lash : osint   31

bellingcat - Using Phone Contact Book Apps For Digital Research - bellingcat
Using information saved through phone contact book apps is an oft-neglected resource in digital investigations, largely due to the sheer number of these apps and their invasive privacy policies.

Additionally, the vast majority of the apps in question require a phone to use them, while lacking an accessible web version of their database, making research more cumbersome. This guide will detail how to use these apps in a relatively safe context — either through an Android virtual machi...
privacy  security  osint  phone 
6 weeks ago by whip_lash
Finding Weaknesses Before the Attackers Do « Finding Weaknesses Before the Attackers Do | FireEye Inc
Mandiant consultants posed as helpdesk technicians and informed employees that their email inboxes had been migrated to a new company server. To complete the “migration,” the employee would have to log into the cloned OWA portal. To avoid suspicion, employees were immediately redirected to the legitimate OWA portal once they authenticated. Using this campaign, the red team captured credentials from eight employees which could be used to establish a foothold in the client’s internal n...
redteam  socialengineering  pentest  osint 
6 weeks ago by whip_lash
Buscador OSINT VM
Buscador is a Linux Virtual Machine that is pre-configured for online investigators. It was developed by David Westcott and Michael Bazzell, and distributions are maintained on this page. The current build is 5GB and includes the following resources
osint  vm 
6 weeks ago by whip_lash
GitHub - thewhiteh4t/pwnedOrNot: Find Passwords for Compromised Email Accounts
haveibeenpwned offers a lot of information about the compromised email, some useful information is displayed by this script
email  recon  osint  credentialstuffing 
january 2019 by whip_lash
Google Hacking Diggity Project – Bishop Fox
Sometimes, the best defense is a good offense. Bishop Fox’s attack tools for Google Hacking level the playing field by allowing our clients to find information disclosures and exposed vulnerabilities before others do. Arm yourself with our arsenal of attack tools that leverage Google, Bing, and other popular search engines.
osint  recon  search  tools 
january 2019 by whip_lash
GitHub - Ph055a/OSINT-Collection: Awesome maintained collection of OSINT related resources. (All Free & Actionable)
This is a maintained collection of free actionable resources for those conducting OSINT investigations. None of the links below should point to paid software or services, these are for actual OSINT investigations.
osint 
december 2018 by whip_lash
The OSINT Podcast
This is the Open Source Intelligence (OSINT) podcast. Here I will discuss news related to social media, data privacy, open source intelligence, investigative journalism as well as talk about tools and resources you can use to improve your research.
blogs  osint  podcast 
october 2018 by whip_lash
Gathering Open Source Intelligence – Posts By SpecterOps Team Members
One constant throughout my career has been my fascination with what can be learned about an organization from basic public records. The aggregation of a multitude of small pieces of information can paint a picture that is sometimes startling in its completeness. Then some holes can be filled-in with small logical leaps and inferences.
osint 
october 2018 by whip_lash
linuz/Sticky-Keys-Slayer: Scans for accessibility tools backdoors via RDP
Establishes a Remote Destop session (RDP) with the specified hosts and sends key presses to launch the accessibility tools within the Windows Login screen. stickyKeysSlayer.sh will analyze the console and alert if a command prompt window opens up. Screenshots will be put into a folder ('./rdp-screenshots' by default) and screenshots with a cmd.exe window are put in a subfolder ('./rdp-screenshots/discovered' by default). stickyKeysSlayer.sh accepts a single host or a list of hosts, delimited by line and works with multiple hosts in parallel.
pentest  rdp  scanner  osint  recon 
october 2018 by whip_lash
Gathering Open Source Intelligence – Posts By SpecterOps Team Members
The key to managing all of this data is automation. By automating the initial research phases, the manual research is much simpler and more easily organized. Automation and reporting will be discussed at the end, in “Phase 4.” Let’s begin with what to look for first.
osint  automation 
october 2018 by whip_lash
michenriksen/gitrob: Reconnaissance tool for GitHub organizations
Gitrob is a tool to help find potentially sensitive files pushed to public repositories on Github. Gitrob will clone repositories belonging to a user or organization down to a configurable depth and iterate through the commit history and flag files that match signatures for potentially sensitive files.
git  github  osint  security 
august 2018 by whip_lash
shodan-api NSE Script
Queries Shodan API for given targets and produces similar output to a -sV nmap scan. The ShodanAPI key can be set with the 'apikey' script argument, or hardcoded in the .nse file itself. You can get a free key from https://developer.shodan.io
osint  nse  nmap 
january 2018 by whip_lash
Reposcanner - Python Script To Scan Git Repos For Interesting Strings - KitPloit - PenTest Tools for your Security Arsenal ☣
Reposcanner is a python script to search through the commit history of Git repositories looking for interesting strings such as API keys, inspires by truffleHog.
git  scanner  osint 
january 2018 by whip_lash
Ichidan Is a Shodan-Like Search Engine for the Dark Web
'Ichidan Is a Shodan-Like Search Engine for the Dark Web'. Useful.
security  tor  ichidan  osint  darkweb 
october 2017 by whip_lash

Copy this bookmark:





to read