20618
Every day I write about #osint (Open Source Intelligence) tools and techniques. Also little bit about forensics and cybersecurity in general. Work in https://t.me/netlas
ADVANCED SEARCH OPERATORS mini cheat sheet
A few of the most commonly used (in my observations) advanced search operators for different services.
Memorising them is enough to greatly increase your productivity.
Text version and other cheat sheets:
https://github.com/cipher387/cheatsheets
OSINT: Persistent Threat Monitoring with Google Programmable Search Engines (by twitter.com/ervin_zubic )
- Using PSE for Persistent Threat Monitoring
- Monitoring APT Actor Communication Channels
- Simple #Python Script for Programmable Search Engines API
https://publication.osintambition.org/osint-persistent-threat-monitoring-with-google-programmable-search-engines-959a141831c8
Python for Dark Web OSINT: Automate Threat Monitoring
(article by twitter.com/ervin_zubic)
- understanding the Dark Web and Tor
- install Tor
- setting up environment
- configure tor
- #python power-up
- Python script and requests-Tor
ervin.zubic/python-for-dark-web-osint-automate-threat-monitoring-5994b63c4d4a" rel="nofollow">https://medium.com/@ervin.zubic/python-for-dark-web-osint-automate-threat-monitoring-5994b63c4d4a
YouTube OSINT cheat sheet
- search tools
- browser extensions
- view metadata
- channel stats
- comments search
and more.
Text version and other cheats sheets:
https://github.com/cipher387/cheatsheets
One of the best Twitter accounts about Google Dorks is twitter.com/TakSec. You can use it to learn how to search Google for:
- server errors
- sensitive documents
- login pages
- API endpoints
- unlisted bug bounty programs
and more.
Image OSINT tools cheat sheet
- search engines
- detect geolocation by photo
- search website by favicon
- metadata/steganography/forensic
- AI image editing
Text version: https://github.com/cipher387/cheatsheets
Leaked passwords database search tool
Search by 3,2 billions leaked credentials by:
- email
- nickname
- password
(you can also try searching by mobile number, as some people use it as a password)
https://www.proxynova.com/tools/comb/
Tip by twitter.com/SaltinDeadsec
AI for OSINT
A list of AI tools that will help you in creating reports, writing code, transcribing video and audio, and other tasks.
https://github.com/CScorza/OSINT-IA
Contributor @CScorzaOSINT
Github repos with lists of links to .onion zone domains:
https://github.com/The-Hidden-Wiki-URLs/2024
https://github.com/darknet-onion-links/darknet-onion-links-catalog
https://github.com/5ky1ar/Awesome-Onion-Links
https://github.com/RheaPomarico4467/onion-trust
https://github.com/01Kevin01/OnionLinksV3
https://github.com/praveenjalasutram/Darkweb-Onion-Links
https://github.com/UvinduBro/darkweb-links
#darknet
How to detect a fake account
A detailed multi-step guide on how to determine (and justify it in the report) whether a social media account is fake or not.
https://sowel.soxoj.com/Instructions/How+to+detect+a+fake+account
(part of SOWEL - Socmint Weaknesses Enumeration List)
Contributor /channel/soxoj_insides
42 possible steps (with links to instructions) you can take to try to deanonymise a social media account.
https://sowel.soxoj.com/Instructions/How+to+deanonymize+an+account
(part of SOWEL - Socmint Weaknesses Enumeration List)
Contributor /channel/soxoj_insides
And don't forget that email OSINT is very closely related to username OSINT and first/last name OSINT.
All cheat sheets can be found in this repository:
https://github.com/cipher387/cheatsheets/
YouTubeTranscript
Extremely fast free online service for converting YouTube videos to text. Not perfect quality, but quite acceptable and very fast.
youtubetranscript.com
Awesome Unofficial APIs Reversing
- pre-requisite knowledge
- discovery
- evading detection
- examples of Unofficial APIs https://github.com/Rolstenhouse/unofficial-apis)
https://github.com/m31r2701/reversing-unofficial-APIs
Contributor m32r2701
#socmint
🔥 Netlas.io Discord server 🔥
Engage in live chat with our community on Discord!
Here you can quickly get answers to important questions, talk with other users, and read the latest news in a new convenient format.
👉 Follow the link: https://nt.ls/discord
MISSING PERSONS MAPS
A map marking the places where people have gone missing. For each marker there is a detailed description of the incident.
Can be used for voluntary practice of your OSINT skills.
🇺🇸🇪🇺 🇦🇺
https://www.google.com/maps/d/viewer?mid=1rCur3KaoWv-jKAJBkZBwgtDRtfL6MVPz&femb=1&ll=35.94210621673715%2C-91.79899001147237&z=5
Phishing Attacks Exposed: Essential OSINT Investigation Tactics (by twitter.com/ervin_zubic)
- Website/IP Investigation
- Analyzing Suspicious DNS Records
- Deciphering Shortened URLs
- Technology Stack
- Offline Analysis
- Hash-Based Investigations
https://publication.osintambition.org/phishing-attacks-exposed-essential-osint-investigation-tactics-658ab3763da7
SANS #OSINT Summit 2024
YouTube playlist
- The Impact of AI with OSINT
- How to Dump Raw Data from TikTok
- Using Astronavigation Techniques to Do Image Geo-Positioning
- Thinking Like a Historian for OSINT Practitioners
and other talks.
https://www.youtube.com/playlist?list=PLs4eo9Tja8bi1RZyKT_HlN48QLIRW6HhG
twitter.com/SANSInstitute
BLACK HAT ASIA 2024 PDF slides
- A Hacker's magic show of disappearing dots and spaces
- The Key to Remote Vehicle Control Autonomous Driving Domain Controller
- Protecting Against Cryptography's Perfect Crime
and other talks.
https://github.com/onhexgroup/Conferences
Contributor twitter.com/onhexgroup
Reverse Face Search cheat sheet
search4face.com
usersearch.ai
pimeyes.com
app.remimi.ai
hey-photo.com
and many other tools.
Text version: https://github.com/cipher387/cheatsheets
VIDEO #OSINT cheat sheet
- download video from different sites
- watch frame by frame/extract frames via #CLI
- transcribe
- extract metadata/subtitles
and more.
Text version/other cheat sheets: https://github.com/cipher387/cheatsheets
Don't forget to subscribe to my Substack newsletter. I send an email every 3-4 weeks (or less often): https://open.substack.com/pub/cybdetective/p/5-2024-darknet-research-resources
Читать полностью…
RETURN YOUTUBE COMMENT USERNAME
A simple browser extension that shows the full names of channels that leave comments on YouTube (just like it did a couple of years ago).
https://github.com/yakisova41/return-youtube-comment-username
Tip by twitter.com/Sector035
What can the free versions of different IP search engines do that the free version of Shodan can't?
For example, Netlas and Fofa store html codes of http server response bodies and allows you to browse even if the site/server is no longer available.
OSINT resources by country
Start me page with #osint resources for different countries:
🇳🇿New Zealand
🇳🇱Netherlands
🇵🇰Pakistan
🇳🇴Norway
🇭🇷Croatia
🇪🇨Ecuador
🇪🇪Estonia
🇦🇲Armenia
🇫🇷France
🇩🇪Germany
🇬🇪Georgia
🇸🇳Senegal
and many others.
https://start.me/p/kvAQBk/osint-resources-by-country
How to confirm a connection between people
A detailed step-by-step guide of dozens of ways to explore how two social media users interact with each other.
(part of SOWEL - Socmint Weaknesses Enumeration List)
https://sowel.soxoj.com/Instructions/How+to+confirm+a+connection+between+people
Contributor /channel/soxoj_insides
EMAIL OSINT mini cheat sheet
- checking registration/search accounts on various sites
- checking for data breaches/scam databases
- gmail account info
- analyzing email headers/mbox files
- avatar info
Text version and other cheat sheets:
https://github.com/cipher387/cheatsheets
Cyber Security Career Path
Detailed information on dozens of different professions related to cyber security:
- hard skills
- soft skills
- education
- certifications
- average salary
https://github.com/rezaduty/cybersecurity-career-path
Contributor twitter.com/rezaduty
I now have a special channel "self-promotion" on my Discord server where you, my dear readers, can talk about #osint tools you've made:
https://discord.gg/gkspYvye
Access onion sites online without Tor browser:
https://tor2web.activetk.jp/
https://www.4everproxy.com/tor-proxy
https://www.browserling.com/tor-testing (slowly)
#darknet #tor